Improve error messages for CLI commands

fixes #7395

diff --git a/lib/base/tlsutility.cpp b/lib/base/tlsutility.cpp
index 582383704fe0ed29cec90d9569f114c661c4f3ad..ff8737f8ece1685834817bd9e466709d3b84029e 100644 (file)
--- a/lib/base/tlsutility.cpp
+++ b/lib/base/tlsutility.cpp
@@ -247,6 +247,8 @@ shared_ptr<X509> GetX509Certificate(const String& pemfile)
 
 int MakeX509CSR(const String& cn, const String& keyfile, const String& csrfile, const String& certfile, bool ca)
 {
+       char errbuf[120];
+
        InitializeOpenSSL();
 
        RSA *rsa = RSA_generate_key(4096, RSA_F4, NULL, NULL);
@@ -255,7 +257,25 @@ int MakeX509CSR(const String& cn, const String& keyfile, const String& csrfile,
            << "Writing private key to '" << keyfile << "'.";
 
        BIO *bio = BIO_new_file(const_cast<char *>(keyfile.CStr()), "w");
-       PEM_write_bio_RSAPrivateKey(bio, rsa, NULL, NULL, 0, NULL, NULL);
+
+       if (!bio) {
+               Log(LogCritical, "SSL")
+                   << "Error while opening private RSA key file '" << keyfile << "': " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
+               BOOST_THROW_EXCEPTION(openssl_error()
+                   << boost::errinfo_api_function("BIO_new_file")
+                   << errinfo_openssl_error(ERR_peek_error())
+                   << boost::errinfo_file_name(keyfile));
+       }
+
+       if (!PEM_write_bio_RSAPrivateKey(bio, rsa, NULL, NULL, 0, NULL, NULL)) {
+               Log(LogCritical, "SSL")
+                   << "Error while writing private RSA key to file '" << keyfile << "': " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
+               BOOST_THROW_EXCEPTION(openssl_error()
+                   << boost::errinfo_api_function("PEM_write_bio_RSAPrivateKey")
+                   << errinfo_openssl_error(ERR_peek_error())
+                   << boost::errinfo_file_name(keyfile));
+       }
+
        BIO_free(bio);
 
 #ifndef _WIN32
@@ -276,9 +296,26 @@ int MakeX509CSR(const String& cn, const String& keyfile, const String& csrfile,
                Log(LogInformation, "base")
                    << "Writing X509 certificate to '" << certfile << "'.";
 
-               bio = BIO_new(BIO_s_file());
-               BIO_write_filename(bio, const_cast<char *>(certfile.CStr()));
-               PEM_write_bio_X509(bio, cert.get());
+               bio = BIO_new_file(const_cast<char *>(certfile.CStr()), "w");
+
+               if (!bio) {
+                       Log(LogCritical, "SSL")
+                           << "Error while opening certificate file '" << certfile << "': " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
+                       BOOST_THROW_EXCEPTION(openssl_error()
+                           << boost::errinfo_api_function("BIO_new_file")
+                           << errinfo_openssl_error(ERR_peek_error())
+                           << boost::errinfo_file_name(certfile));
+               }
+
+               if (!PEM_write_bio_X509(bio, cert.get())) {
+                       Log(LogCritical, "SSL")
+                           << "Error while writing certificate to file '" << certfile << "': " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
+                       BOOST_THROW_EXCEPTION(openssl_error()
+                           << boost::errinfo_api_function("PEM_write_bio_X509")
+                           << errinfo_openssl_error(ERR_peek_error())
+                           << boost::errinfo_file_name(certfile));
+               }
+
                BIO_free(bio);
        }
 
@@ -299,9 +336,26 @@ int MakeX509CSR(const String& cn, const String& keyfile, const String& csrfile,
                Log(LogInformation, "base")
                    << "Writing certificate signing request to '" << csrfile << "'.";
        
-               bio = BIO_new(BIO_s_file());
-               BIO_write_filename(bio, const_cast<char *>(csrfile.CStr()));
-               PEM_write_bio_X509_REQ(bio, req);
+               bio = BIO_new_file(const_cast<char *>(csrfile.CStr()), "w");
+
+               if (!bio) {
+                       Log(LogCritical, "SSL")
+                           << "Error while opening CSR file '" << csrfile << "': " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
+                       BOOST_THROW_EXCEPTION(openssl_error()
+                           << boost::errinfo_api_function("BIO_new_file")
+                           << errinfo_openssl_error(ERR_peek_error())
+                           << boost::errinfo_file_name(csrfile));
+               }
+
+               if (!PEM_write_bio_X509_REQ(bio, req)) {
+                       Log(LogCritical, "SSL")
+                           << "Error while writing CSR to file '" << csrfile << "': " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
+                       BOOST_THROW_EXCEPTION(openssl_error()
+                           << boost::errinfo_api_function("PEM_write_bio_X509")
+                           << errinfo_openssl_error(ERR_peek_error())
+                           << boost::errinfo_file_name(csrfile));
+               }
+
                BIO_free(bio);
        
                X509_REQ_free(req);

diff --git a/lib/cli/featureenablecommand.cpp b/lib/cli/featureenablecommand.cpp
index ab790d9607e67a23d285987d34fb5d1c0f65c896..a8399ebc4d75a02e1aaf6b550cab6922057b09f2 100644 (file)
--- a/lib/cli/featureenablecommand.cpp
+++ b/lib/cli/featureenablecommand.cpp
@@ -96,6 +96,9 @@ int FeatureEnableCommand::Run(const boost::program_options::variables_map& vm, c
                        continue;
                }
 
+               std::cout << "Enabling feature " << ConsoleColorTag(Console_ForegroundMagenta | Console_Bold) << feature
+                   << ConsoleColorTag(Console_Normal) << ". Make sure to restart Icinga 2 for these changes to take effect.\n";
+
 #ifndef _WIN32
                if (symlink(source.CStr(), target.CStr()) < 0) {
                        Log(LogCritical, "cli")
@@ -107,18 +110,16 @@ int FeatureEnableCommand::Run(const boost::program_options::variables_map& vm, c
 #else /* _WIN32 */
                std::ofstream fp;
                fp.open(target.CStr());
-               if (!fp) {
+               fp << "include \"../features-available/" << feature << ".conf\"" << std::endl;
+               fp.close();
+
+               if (fp.fail()) {
                        Log(LogCritical, "cli")
                            << "Cannot enable feature '" << feature << "'. Failed to open file '" << target << "'.";
                        errors.push_back(feature);
                        continue;
                }
-               fp << "include \"../features-available/" << feature << ".conf\"" << std::endl;
-               fp.close();
 #endif /* _WIN32 */
-
-               std::cout << "Enabling feature " << ConsoleColorTag(Console_ForegroundMagenta | Console_Bold) << feature
-                   << ConsoleColorTag(Console_Normal) << ". Make sure to restart Icinga 2 for these changes to take effect.\n";
        }
 
        if (!errors.empty()) {

diff --git a/lib/cli/pkinewcacommand.cpp b/lib/cli/pkinewcacommand.cpp
index 4277d6c92e5adb401b19aa89f4e23a6bdff97e6c..86bb27f56faeb141180d2c727564b1d7a4be4a07 100644 (file)
--- a/lib/cli/pkinewcacommand.cpp
+++ b/lib/cli/pkinewcacommand.cpp
@@ -71,5 +71,11 @@ int PKINewCACommand::Run(const boost::program_options::variables_map& vm, const
        fp << "01";
        fp.close();
 
+       if (fp.fail()) {
+               Log(LogCritical, "cli")
+                   << "Could not create serial file '" << serialpath << "'";
+               return 1;
+       }
+
        return 0;
 }

diff --git a/lib/cli/pkirequestcommand.cpp b/lib/cli/pkirequestcommand.cpp
index c8aa02e9eeee8a5ab6caf395abbf09670384bd22..bfa4aa79dd33479cde7770023e85d7ad63cd0431 100644 (file)
--- a/lib/cli/pkirequestcommand.cpp
+++ b/lib/cli/pkirequestcommand.cpp
@@ -153,27 +153,25 @@ int PKIRequestCommand::Run(const boost::program_options::variables_map& vm, cons
 
        std::ofstream fpcert;
        fpcert.open(certfile.CStr());
+       fpcert << result->Get("cert");
+       fpcert.close();
 
-       if (!fpcert) {
+       if (fpcert.fail()) {
                Log(LogCritical, "cli")
-                   << "Could not open certificate file '" << certfile << "' for writing.";
+                   << "Could not write certificate to file '" << certfile << "'.";
                return 1;
        }
 
-       fpcert << result->Get("cert");
-       fpcert.close();
-
        std::ofstream fpca;
        fpca.open(cafile.CStr());
+       fpca << result->Get("ca");
+       fpca.close();
 
-       if (!fpcert) {
+       if (fpca.fail()) {
                Log(LogCritical, "cli")
                    << "Could not open CA certificate file '" << cafile << "' for writing.";
                return 1;
        }
 
-       fpca << result->Get("ca");
-       fpca.close();
-
        return 0;
 }