Move logging of salt in separate function

There may be a desire to log the salt without losing the context
of log module, level, and category.

diff --git a/bin/named/server.c b/bin/named/server.c
index bba09ab48f568ca94ffc90aeb029089328a2cb69..db7a3062f23e51dbe61f1a9b229d45213e53d752 100644 (file)
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -14452,6 +14452,10 @@ named_server_signing(named_server_t *server, isc_lex_t *lex,
                                 */
                                saltlen = 8;
                                CHECK(dns_nsec3_generate_salt(salt, saltlen));
+                               dns_nsec3_log_salt(
+                                       named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
+                                       NAMED_LOGMODULE_SERVER, ISC_LOG_INFO,
+                                       salt, saltlen, "generated salt:");
                        } else if (strcmp(ptr, "-") != 0) {
                                isc_buffer_t buf;
 

diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c
index 2fea020200fc31c60933873001f4ad19ee1a9a44..221c9545227b6c90294cffff0ad5b98d76ea885f 100644 (file)
--- a/bin/named/zoneconf.c
+++ b/bin/named/zoneconf.c
@@ -1578,6 +1578,15 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
                                                        dns_kasp_nsec3saltlen(
                                                                kasp)));
                                                salt = saltbuf;
+
+                                               dns_nsec3_log_salt(
+                                                       named_g_lctx,
+                                                       NAMED_LOGCATEGORY_GENERAL,
+                                                       NAMED_LOGMODULE_SERVER,
+                                                       ISC_LOG_INFO, salt,
+                                                       dns_kasp_nsec3saltlen(
+                                                               kasp),
+                                                       "generated salt:");
                                        }
                                        result = dns_zone_setnsec3param(
                                                zone, 1,

diff --git a/lib/dns/include/dns/nsec3.h b/lib/dns/include/dns/nsec3.h
index a2f22e0fc8836e9e0c1e9649f223baf84cf6cfcb..f001fc0acb0d062df995ea68407201067874f024 100644 (file)
--- a/lib/dns/include/dns/nsec3.h
+++ b/lib/dns/include/dns/nsec3.h
@@ -16,6 +16,7 @@
 
 #include <isc/iterated_hash.h>
 #include <isc/lang.h>
+#include <isc/log.h>
 
 #include <dns/db.h>
 #include <dns/diff.h>
@@ -74,10 +75,18 @@ dns_nsec3_typepresent(dns_rdata_t *nsec, dns_rdatatype_t type);
 
 isc_result_t
 dns_nsec3_generate_salt(unsigned char *salt, size_t saltlen);
-/*%
+/*%<
  * Generate a salt with the given salt length.
  */
 
+void
+dns_nsec3_log_salt(isc_log_t *lctx, isc_logcategory_t *category,
+                  isc_logmodule_t *module, int level, unsigned char *salt,
+                  size_t saltlen, const char *fmt, ...);
+/*%<
+ * Utility to log the salt.
+ */
+
 isc_result_t
 dns_nsec3_hashname(dns_fixedname_t *result,
                   unsigned char    rethash[NSEC3_MAX_HASH_LENGTH],

diff --git a/lib/dns/nsec3.c b/lib/dns/nsec3.c
index 3feda0ec4e4a5845a39eae45fed0f38ec36e0495..3dbe33e8d6c69ed9d126d59513a0700c6f213f80 100644 (file)
--- a/lib/dns/nsec3.c
+++ b/lib/dns/nsec3.c
@@ -27,7 +27,6 @@
 #include <dns/dbiterator.h>
 #include <dns/diff.h>
 #include <dns/fixedname.h>
-#include <dns/log.h>
 #include <dns/nsec.h>
 #include <dns/nsec3.h>
 #include <dns/rdata.h>
@@ -229,29 +228,46 @@ dns_nsec3_typepresent(dns_rdata_t *rdata, dns_rdatatype_t type) {
 
 isc_result_t
 dns_nsec3_generate_salt(unsigned char *salt, size_t saltlen) {
+       if (saltlen > 255U) {
+               return (ISC_R_RANGE);
+       }
+       isc_nonce_buf(salt, saltlen);
+       return (ISC_R_SUCCESS);
+}
+
+void
+dns_nsec3_log_salt(isc_log_t *lctx, isc_logcategory_t *category,
+                  isc_logmodule_t *module, int level, unsigned char *salt,
+                  size_t saltlen, const char *fmt, ...) {
+       va_list ap;
+
+       char message[4096];
        unsigned char text[255 * 2 + 1];
        isc_region_t r;
        isc_buffer_t buf;
        isc_result_t result;
 
-       if (saltlen > 255U) {
-               return (ISC_R_RANGE);
+       if (!isc_log_wouldlog(dns_lctx, level)) {
+               return;
        }
 
-       isc_nonce_buf(salt, saltlen);
+       va_start(ap, fmt);
+
+       vsnprintf(message, sizeof(message), fmt, ap);
 
        r.base = salt;
        r.length = (unsigned int)saltlen;
 
        isc_buffer_init(&buf, text, sizeof(text));
        result = isc_hex_totext(&r, 2, "", &buf);
-       RUNTIME_CHECK(result == ISC_R_SUCCESS);
-       text[saltlen * 2] = 0;
-
-       isc_log_write(dns_lctx, DNS_LOGCATEGORY_DNSSEC, DNS_LOGMODULE_DNSSEC,
-                     ISC_LOG_INFO, "generated salt: %s", text);
+       if (result == ISC_R_SUCCESS) {
+               text[saltlen * 2] = 0;
+       } else {
+               text[0] = 0;
+       }
+       isc_log_write(lctx, category, module, level, "%s %s", message, text);
 
-       return (ISC_R_SUCCESS);
+       va_end(ap);
 }
 
 isc_result_t

diff --git a/lib/dns/win32/libdns.def.in b/lib/dns/win32/libdns.def.in
index 2b0383af73eff50ff4361046f38c0e2d1a2c1d3e..f9e124f3aad7f491e8447b9ab9397403ac10221d 100644 (file)
--- a/lib/dns/win32/libdns.def.in
+++ b/lib/dns/win32/libdns.def.in
@@ -654,6 +654,7 @@ dns_nsec3_delnsec3sx
 dns_nsec3_generate_salt
 dns_nsec3_hashlength
 dns_nsec3_hashname
+dns_nsec3_log_salt
 dns_nsec3_maxiterations
 dns_nsec3_noexistnodata
 dns_nsec3_supportedhash