minor cleanup

2001-09-18 21:43:19 +00:00
parent d11cc41b2b
commit 56ae0ccb87
1 changed files with 53 additions and 48 deletions
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@@ -17,7 +17,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: dnssec-signzone.c,v 1.140 2001/09/05 23:15:40 bwelling Exp $ */
+/* $Id: dnssec-signzone.c,v 1.141 2001/09/18 21:43:19 bwelling Exp $ */

 #include <config.h>

@@ -449,26 +449,28 @@ signset(dns_diff_t *diff, dns_dbnode_t *node, dns_name_t *name,
 	if (dns_rdataset_isassociated(&sigset))
 		dns_rdataset_disassociate(&sigset);

-	key = ISC_LIST_HEAD(keylist);
-	while (key != NULL) {
-		if (key->isdefault && !nowsignedby[key->position]) {
-			isc_buffer_t b;
-			dns_rdata_t trdata = DNS_RDATA_INIT;
-			unsigned char array[BUFSIZE];
-			char keystr[KEY_FORMATSIZE];
+	for (key = ISC_LIST_HEAD(keylist);
+	     key != NULL;
+	     key = ISC_LIST_NEXT(key, link))
+	{
+		isc_buffer_t b;
+		dns_rdata_t trdata;
+		unsigned char array[BUFSIZE];
+		char keystr[KEY_FORMATSIZE];

-			key_format(key->key, keystr, sizeof keystr);
-			vbprintf(1, "\tsigning with key %s\n", keystr);
-			isc_buffer_init(&b, array, sizeof(array));
-			signwithkey(name, set, &trdata, key->key, &b);
-			tuple = NULL;
-			result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD,
-						      name, ttl, &trdata,
-						      &tuple);
-			check_result(result, "dns_difftuple_create");
-			dns_diff_append(diff, &tuple);
-		}
-		key = ISC_LIST_NEXT(key, link);
+		if (!key->isdefault || nowsignedby[key->position])
+			continue;
+
+		key_format(key->key, keystr, sizeof keystr);
+		vbprintf(1, "\tsigning with key %s\n", keystr);
+		dns_rdata_init(&trdata);
+		isc_buffer_init(&b, array, sizeof(array));
+		signwithkey(name, set, &trdata, key->key, &b);
+		tuple = NULL;
+		result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD, name,
+					      ttl, &trdata, &tuple);
+		check_result(result, "dns_difftuple_create");
+		dns_diff_append(diff, &tuple);
 	}

 	isc_mem_put(mctx, wassignedby, arraysize * sizeof(isc_boolean_t));
@@ -480,10 +482,11 @@ static isc_boolean_t
 hasnullkey(dns_rdataset_t *rdataset) {
 	isc_result_t result;
 	dns_rdata_t rdata = DNS_RDATA_INIT;
-	isc_boolean_t found = ISC_FALSE;

-	result = dns_rdataset_first(rdataset);
-	while (result == ISC_R_SUCCESS) {
+	for (result = dns_rdataset_first(rdataset);
+	     result == ISC_R_SUCCESS;
+	     result = dns_rdataset_next(rdataset))
+	{
 		dst_key_t *key = NULL;

 		dns_rdata_reset(&rdata);
@@ -492,12 +495,11 @@ hasnullkey(dns_rdataset_t *rdataset) {
 						 &rdata, mctx, &key);
 		if (result != ISC_R_SUCCESS)
 			fatal("could not convert KEY into internal format");
-		if (dst_key_isnullkey(key))
-			found = ISC_TRUE;
-		dst_key_free(&key);
-		if (found == ISC_TRUE)
+		if (dst_key_isnullkey(key)) {
+			dst_key_free(&key);
 			return (ISC_TRUE);
-		result = dns_rdataset_next(rdataset);
+		}
+		dst_key_free(&key);
 	}
 	if (result != ISC_R_NOMORE)
 		fatal("failure looking for null keys");
@@ -672,10 +674,8 @@ haschildkey(dns_name_t *name) {
 		if (key == NULL) {
 			char namestr[DNS_NAME_FORMATSIZE];
 			dns_name_format(name, namestr, sizeof namestr);
-			fprintf(stderr,
-				"creating KEY from signedkey file for %s: "
-				"%s\n",
-				namestr, isc_result_totext(result));
+			vbprintf(1, "unknown KEY in %s signedkey file\n",
+				 namestr);
 			goto failure;
 		}
 		result = dns_dnssec_verify(name, &set, key->key,
@@ -686,9 +686,9 @@ haschildkey(dns_name_t *name) {
 		} else {
 			char namestr[DNS_NAME_FORMATSIZE];
 			dns_name_format(name, namestr, sizeof namestr);
-			fprintf(stderr,
-				"verifying SIG in signedkey file for %s: %s\n",
-				namestr, isc_result_totext(result));
+			vbprintf(1,
+				 "verifying SIG in %s signedkey file: %s\n",
+				 namestr, isc_result_totext(result));
 		}
 		dns_rdata_reset(&sigrdata);
 	}
@@ -771,6 +771,23 @@ createnullkey(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name,
 	dns_diff_clear(&diff);
 }

+static void
+warnwild(const char *name) {
+	static int warned = 0;
+
+	fprintf(stderr, "%s: warning: wildcard name seen: %s\n",
+		program, name);
+	if (warned++ != 0)
+		return;
+	fprintf(stderr, "%s: warning: BIND 9 doesn't properly "
+		"handle wildcards in secure zones:\n",
+		program);
+	fprintf(stderr, "\t- wildcard nonexistence proof is "
+		"not generated by the server\n");
+	fprintf(stderr, "\t- wildcard nonexistence proof is "
+		"not required by the resolver\n");
+}
+
 /*
 * Signs all records at a name.  This mostly just signs each set individually,
 * but also adds the SIG bit to any NXTs generated earlier, deals with
@@ -783,7 +800,6 @@ signname(dns_dbnode_t *node, dns_name_t *name) {
 	dns_rdatasetiter_t *rdsiter;
 	isc_boolean_t isdelegation = ISC_FALSE;
 	isc_boolean_t childkey = ISC_FALSE;
-	static int warnwild = 0;
 	isc_boolean_t atorigin;
 	isc_boolean_t neednullkey = ISC_FALSE;
 	dns_diff_t diff;
@@ -791,17 +807,7 @@ signname(dns_dbnode_t *node, dns_name_t *name) {
 	if (dns_name_iswildcard(name)) {
 		char namestr[DNS_NAME_FORMATSIZE];
 		dns_name_format(name, namestr, sizeof namestr);
-		if (warnwild++ == 0) {
-			fprintf(stderr, "%s: warning: BIND 9 doesn't properly "
-				"handle wildcards in secure zones:\n",
-				program);
-			fprintf(stderr, "\t- wildcard nonexistence proof is "
-				"not generated by the server\n");
-			fprintf(stderr, "\t- wildcard nonexistence proof is "
-				"not required by the resolver\n");
-		}
-		fprintf(stderr, "%s: warning: wildcard name seen: %s\n",
-			program, namestr);
+		warnwild(namestr);
 	}

 	atorigin = dns_name_equal(name, gorigin);
@@ -1099,7 +1105,6 @@ presign(void) {
 	lastzonecut = NULL;

 	zonettl = soattl();
-
 }

 /*