Propagate first_time to named_os_openfile in generate_session_key.

named_os_openfile was being called with switch_user set to true
unconditionally leading to log messages about being unable to
switch user identity from named when regenerating the key.

(cherry picked from commit 071bc29962ec5d7117b5a54b9e5e0c2d4081474b)

diff --git a/bin/named/server.c b/bin/named/server.c
index 81f341a491856302a679789979addec8ff9216ca..d9f5d291299c607b3d7e0e1af68a57a0984db560 100644 (file)
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -7314,7 +7314,8 @@ static isc_result_t
 generate_session_key(const char *filename, const char *keynamestr,
                     const dns_name_t *keyname, const char *algstr,
                     const dns_name_t *algname, unsigned int algtype,
-                    uint16_t bits, isc_mem_t *mctx, dns_tsigkey_t **tsigkeyp) {
+                    uint16_t bits, isc_mem_t *mctx, bool first_time,
+                    dns_tsigkey_t **tsigkeyp) {
        isc_result_t result = ISC_R_SUCCESS;
        dst_key_t *key = NULL;
        isc_buffer_t key_txtbuffer;
@@ -7355,7 +7356,7 @@ generate_session_key(const char *filename, const char *keynamestr,
                                        NULL, now, now, mctx, NULL, &tsigkey));
 
        /* Dump the key to the key file. */
-       fp = named_os_openfile(filename, S_IRUSR | S_IWUSR, true);
+       fp = named_os_openfile(filename, S_IRUSR | S_IWUSR, first_time);
        if (fp == NULL) {
                isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
                              NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR,
@@ -7406,7 +7407,7 @@ cleanup:
 
 static isc_result_t
 configure_session_key(const cfg_obj_t **maps, named_server_t *server,
-                     isc_mem_t *mctx) {
+                     isc_mem_t *mctx, bool first_time) {
        const char *keyfile, *keynamestr, *algstr;
        unsigned int algtype;
        dns_fixedname_t fname;
@@ -7502,7 +7503,7 @@ configure_session_key(const cfg_obj_t **maps, named_server_t *server,
 
                CHECK(generate_session_key(keyfile, keynamestr, keyname, algstr,
                                           algname, algtype, bits, mctx,
-                                          &server->sessionkey));
+                                          first_time, &server->sessionkey));
        }
 
        return (result);
@@ -8883,7 +8884,7 @@ load_configuration(const char *filename, named_server_t *server,
         * turns out that a session key is really needed but doesn't exist,
         * we'll treat it as a fatal error then.
         */
-       (void)configure_session_key(maps, server, named_g_mctx);
+       (void)configure_session_key(maps, server, named_g_mctx, first_time);
 
        /*
         * Create the DNSSEC key and signing policies (KASP).