From: Matthijs Mekking <matthijs@isc.org>
Date: Tue, 27 Oct 2020 09:23:16 +0000 (+0100)
Subject: Move logging of salt in separate function
X-Git-Tag: v9.17.8~27^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7878f300ffc246af2c3ef48d7fd583abe74544ad;p=thirdparty%2Fbind9.git

Move logging of salt in separate function

There may be a desire to log the salt without losing the context
of log module, level, and category.
---

diff --git a/bin/named/server.c b/bin/named/server.c
index bba09ab48f5..db7a3062f23 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -14452,6 +14452,10 @@ named_server_signing(named_server_t *server, isc_lex_t *lex,
 				 */
 				saltlen = 8;
 				CHECK(dns_nsec3_generate_salt(salt, saltlen));
+				dns_nsec3_log_salt(
+					named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
+					NAMED_LOGMODULE_SERVER, ISC_LOG_INFO,
+					salt, saltlen, "generated salt:");
 			} else if (strcmp(ptr, "-") != 0) {
 				isc_buffer_t buf;
 
diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c
index 2fea020200f..221c9545227 100644
--- a/bin/named/zoneconf.c
+++ b/bin/named/zoneconf.c
@@ -1578,6 +1578,15 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
 							dns_kasp_nsec3saltlen(
 								kasp)));
 						salt = saltbuf;
+
+						dns_nsec3_log_salt(
+							named_g_lctx,
+							NAMED_LOGCATEGORY_GENERAL,
+							NAMED_LOGMODULE_SERVER,
+							ISC_LOG_INFO, salt,
+							dns_kasp_nsec3saltlen(
+								kasp),
+							"generated salt:");
 					}
 					result = dns_zone_setnsec3param(
 						zone, 1,
diff --git a/lib/dns/include/dns/nsec3.h b/lib/dns/include/dns/nsec3.h
index a2f22e0fc88..f001fc0acb0 100644
--- a/lib/dns/include/dns/nsec3.h
+++ b/lib/dns/include/dns/nsec3.h
@@ -16,6 +16,7 @@
 
 #include <isc/iterated_hash.h>
 #include <isc/lang.h>
+#include <isc/log.h>
 
 #include <dns/db.h>
 #include <dns/diff.h>
@@ -74,10 +75,18 @@ dns_nsec3_typepresent(dns_rdata_t *nsec, dns_rdatatype_t type);
 
 isc_result_t
 dns_nsec3_generate_salt(unsigned char *salt, size_t saltlen);
-/*%
+/*%<
  * Generate a salt with the given salt length.
  */
 
+void
+dns_nsec3_log_salt(isc_log_t *lctx, isc_logcategory_t *category,
+		   isc_logmodule_t *module, int level, unsigned char *salt,
+		   size_t saltlen, const char *fmt, ...);
+/*%<
+ * Utility to log the salt.
+ */
+
 isc_result_t
 dns_nsec3_hashname(dns_fixedname_t *result,
 		   unsigned char    rethash[NSEC3_MAX_HASH_LENGTH],
diff --git a/lib/dns/nsec3.c b/lib/dns/nsec3.c
index 3feda0ec4e4..3dbe33e8d6c 100644
--- a/lib/dns/nsec3.c
+++ b/lib/dns/nsec3.c
@@ -27,7 +27,6 @@
 #include <dns/dbiterator.h>
 #include <dns/diff.h>
 #include <dns/fixedname.h>
-#include <dns/log.h>
 #include <dns/nsec.h>
 #include <dns/nsec3.h>
 #include <dns/rdata.h>
@@ -229,29 +228,46 @@ dns_nsec3_typepresent(dns_rdata_t *rdata, dns_rdatatype_t type) {
 
 isc_result_t
 dns_nsec3_generate_salt(unsigned char *salt, size_t saltlen) {
+	if (saltlen > 255U) {
+		return (ISC_R_RANGE);
+	}
+	isc_nonce_buf(salt, saltlen);
+	return (ISC_R_SUCCESS);
+}
+
+void
+dns_nsec3_log_salt(isc_log_t *lctx, isc_logcategory_t *category,
+		   isc_logmodule_t *module, int level, unsigned char *salt,
+		   size_t saltlen, const char *fmt, ...) {
+	va_list ap;
+
+	char message[4096];
 	unsigned char text[255 * 2 + 1];
 	isc_region_t r;
 	isc_buffer_t buf;
 	isc_result_t result;
 
-	if (saltlen > 255U) {
-		return (ISC_R_RANGE);
+	if (!isc_log_wouldlog(dns_lctx, level)) {
+		return;
 	}
 
-	isc_nonce_buf(salt, saltlen);
+	va_start(ap, fmt);
+
+	vsnprintf(message, sizeof(message), fmt, ap);
 
 	r.base = salt;
 	r.length = (unsigned int)saltlen;
 
 	isc_buffer_init(&buf, text, sizeof(text));
 	result = isc_hex_totext(&r, 2, "", &buf);
-	RUNTIME_CHECK(result == ISC_R_SUCCESS);
-	text[saltlen * 2] = 0;
-
-	isc_log_write(dns_lctx, DNS_LOGCATEGORY_DNSSEC, DNS_LOGMODULE_DNSSEC,
-		      ISC_LOG_INFO, "generated salt: %s", text);
+	if (result == ISC_R_SUCCESS) {
+		text[saltlen * 2] = 0;
+	} else {
+		text[0] = 0;
+	}
+	isc_log_write(lctx, category, module, level, "%s %s", message, text);
 
-	return (ISC_R_SUCCESS);
+	va_end(ap);
 }
 
 isc_result_t
diff --git a/lib/dns/win32/libdns.def.in b/lib/dns/win32/libdns.def.in
index 2b0383af73e..f9e124f3aad 100644
--- a/lib/dns/win32/libdns.def.in
+++ b/lib/dns/win32/libdns.def.in
@@ -654,6 +654,7 @@ dns_nsec3_delnsec3sx
 dns_nsec3_generate_salt
 dns_nsec3_hashlength
 dns_nsec3_hashname
+dns_nsec3_log_salt
 dns_nsec3_maxiterations
 dns_nsec3_noexistnodata
 dns_nsec3_supportedhash