It is better to add new result codes than to overload existing codes.
char whenbuf[80];
isc_time_set(&timewhen, when, 0);
isc_time_formattimestamp(&timewhen, whenbuf, sizeof(whenbuf));
+ isc_result_t ret;
LOCK(&kasp->lock);
if (use_keyid) {
CHECK(putstr(text, "since "));
CHECK(putstr(text, whenbuf));
break;
- case ISC_R_NOTFOUND:
- CHECK(putstr(text, "No matching KSK found"));
- break;
- case ISC_R_FAILURE:
+ case DNS_R_TOOMANYKEYS:
CHECK(putstr(text,
- "Error: multiple possible KSKs found, "
+ "Error: multiple possible keys found, "
"retry command with -key id"));
break;
default:
- CHECK(putstr(text, "Error executing checkds command"));
+ ret = result;
+ CHECK(putstr(text,
+ "Error executing checkds command: "));
+ CHECK(putstr(text, isc_result_totext(ret)));
break;
}
} else if (rollover) {
char whenbuf[80];
isc_time_set(&timewhen, when, 0);
isc_time_formattimestamp(&timewhen, whenbuf, sizeof(whenbuf));
+ isc_result_t ret;
LOCK(&kasp->lock);
result = dns_keymgr_rollover(kasp, &keys, dir, now, when, keyid,
CHECK(putstr(text, "Rollover scheduled on "));
CHECK(putstr(text, whenbuf));
break;
- case ISC_R_NOTFOUND:
- CHECK(putstr(text, "No matching keyfound"));
- break;
- case ISC_R_FAILURE:
+ case DNS_R_TOOMANYKEYS:
CHECK(putstr(text,
"Error: multiple possible keys found, "
"retry command with -alg algorithm"));
break;
- case ISC_R_UNEXPECTED:
- CHECK(putstr(text,
- "Error: key is not active and cannot "
- "be rolled at this time"));
- break;
default:
- CHECK(putstr(text, "Error executing rollover command"));
+ ret = result;
+ CHECK(putstr(text,
+ "Error executing rollover command: "));
+ CHECK(putstr(text, isc_result_totext(ret)));
break;
}
}
echo_i "check that rndc dnssec -rollover fails if key is inactive ($n)"
ret=0
rndccmd "$SERVER" dnssec -rollover -key $(key_get KEY4 ID) "$ZONE" > rndc.dnssec.rollover.out.$ZONE.$n
-grep "key is not active and cannot be rolled" rndc.dnssec.rollover.out.$ZONE.$n > /dev/null || log_error "bad error message"
+grep "key is not actively signing" rndc.dnssec.rollover.out.$ZONE.$n > /dev/null || log_error "bad error message"
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
*
* Returns:
*\li #ISC_R_SUCCESS (No error).
- *\li #ISC_R_FAILURE (More than one matching KSK found).
- *\li #ISC_R_NOTFOUND (No matching KSK found).
+ *\li #DNS_R_NOKEYMATCH (No matching keys found).
+ *\li #DNS_R_TOOMANYKEYS (More than one matching keys found).
*
*/
*
* Returns:
*\li #ISC_R_SUCCESS (No error).
- *\li #ISC_R_FAILURE (More than one matching keys found).
- *\li #ISC_R_NOTFOUND (No matching keys found).
- *\li #ISC_R_UNEXPECTED (Key is not active).
+ *\li #DNS_R_NOKEYMATCH (No matching keys found).
+ *\li #DNS_R_TOOMANYKEYS (More than one matching keys found).
+ *\li #DNS_R_KEYNOTACTIVE (Key is not active).
*
*/
#define DNS_R_TOOMANYRECORDS (ISC_RESULTCLASS_DNS + 117)
#define DNS_R_VERIFYFAILURE (ISC_RESULTCLASS_DNS + 118)
#define DNS_R_ATZONETOP (ISC_RESULTCLASS_DNS + 119)
+#define DNS_R_NOKEYMATCH (ISC_RESULTCLASS_DNS + 120)
+#define DNS_R_TOOMANYKEYS (ISC_RESULTCLASS_DNS + 121)
+#define DNS_R_KEYNOTACTIVE (ISC_RESULTCLASS_DNS + 122)
-#define DNS_R_NRESULTS 120 /*%< Number of results */
+#define DNS_R_NRESULTS 123 /*%< Number of results */
/*
* DNS wire format rcodes.
/*
* Only checkds for one key at a time.
*/
- return (ISC_R_FAILURE);
+ return (DNS_R_TOOMANYKEYS);
}
ksk_key = dkey;
}
if (ksk_key == NULL) {
- return (ISC_R_NOTFOUND);
+ return (DNS_R_NOKEYMATCH);
}
if (dspublish) {
}
result = isc_dir_open(&dir, directory);
if (result != ISC_R_SUCCESS) {
- return result;
+ return (result);
}
dns_dnssec_get_hints(ksk_key, now);
/*
* Only rollover for one key at a time.
*/
- return (ISC_R_FAILURE);
+ return (DNS_R_TOOMANYKEYS);
}
key = dkey;
}
if (key == NULL) {
- return (ISC_R_NOTFOUND);
+ return (DNS_R_NOKEYMATCH);
}
result = dst_key_gettime(key->key, DST_TIME_ACTIVATE, &active);
if (result != ISC_R_SUCCESS || active > now) {
- return (ISC_R_UNEXPECTED);
+ return (DNS_R_KEYNOTACTIVE);
}
result = dst_key_gettime(key->key, DST_TIME_INACTIVE, &retire);
}
result = isc_dir_open(&dir, directory);
if (result != ISC_R_SUCCESS) {
- return result;
+ return (result);
}
dns_dnssec_get_hints(key, now);
"too many records", /*%< 117 DNS_R_TOOMANYRECORDS */
"verify failure", /*%< 118 DNS_R_VERIFYFAILURE */
"at top of zone", /*%< 119 DNS_R_ATZONETOP */
+
+ "no matching key found", /*%< 120 DNS_R_NOKEYMATCH */
+ "too many keys matching", /*%< 121 DNS_R_TOOMANYKEYS */
+ "key is not actively signing", /*%< 122 DNS_R_KEYNOTACTIVE */
};
static const char *ids[DNS_R_NRESULTS] = {
"DNS_R_TOOMANYRECORDS",
"DNS_R_VERIFYFAILURE",
"DNS_R_ATZONETOP",
+ "DNS_R_NOKEYMATCH",
+ "DNS_R_TOOMANYKEYS",
+ "DNS_R_KEYNOTACTIVE",
};
static const char *rcode_text[DNS_R_NRCODERESULTS] = {
projects / thirdparty / bind9.git / commitdiff
