Add rec_control command to list supported algo names

diff --git a/pdns/dnssecinfra.cc b/pdns/dnssecinfra.cc
index ae2bcfebc69d1818da2478170ab68f6376921b12..095aaab63bd39185b2c15fc8c5a2eb7397c31279 100644 (file)
--- a/pdns/dnssecinfra.cc
+++ b/pdns/dnssecinfra.cc
@@ -231,6 +231,31 @@ vector<pair<uint8_t, string>> DNSCryptoKeyEngine::listAllAlgosWithBackend()
   return ret;
 }
 
+string DNSCryptoKeyEngine::listSupportedAlgoNames()
+{
+  set<unsigned int> algos;
+  auto pairs = DNSCryptoKeyEngine::listAllAlgosWithBackend();
+  for (const auto& pair : pairs) {
+    algos.insert(pair.first);
+  }
+  string ret;
+  bool first = true;
+  for (auto algo : algos) {
+    if (!first) {
+      ret.append(" ");
+    }
+    else {
+      first = false;
+    }
+    ret.append(DNSSECKeeper::algorithm2name(algo));
+    if (isAlgorithmSwitchedOff(algo)) {
+      ret.append("(disabled)");
+    }
+  }
+  ret.append("\n");
+  return ret;
+}
+
 void DNSCryptoKeyEngine::report(unsigned int algo, maker_t* maker, bool fallback)
 {
   getAllMakers()[algo].push_back(maker);

diff --git a/pdns/dnssecinfra.hh b/pdns/dnssecinfra.hh
index 7d7da8e7ddfec1cd80fcfd782b70f9565e7537b8..f8de78e9c522f32b9e9193e5862b3c0000b70653 100644 (file)
--- a/pdns/dnssecinfra.hh
+++ b/pdns/dnssecinfra.hh
@@ -179,6 +179,7 @@ class DNSCryptoKeyEngine
     static bool testOne(int algo);
     static bool verifyOne(unsigned int algo);
     static void testVerify(unsigned int algo, maker_t* verifier);
+    static string listSupportedAlgoNames();
 
   private:
     using makers_t = std::map<unsigned int, maker_t *>;

diff --git a/pdns/recursordist/docs/manpages/rec_control.1.rst b/pdns/recursordist/docs/manpages/rec_control.1.rst
index c78fccbbc7c6dd8626bf985ffa1d894cfb8b459d..69817ea5e802c6fcc428a7cefcd0ea000ef63f6a 100644 (file)
--- a/pdns/recursordist/docs/manpages/rec_control.1.rst
+++ b/pdns/recursordist/docs/manpages/rec_control.1.rst
@@ -181,6 +181,9 @@ help
     Shows a list of supported commands understood by the running
     :program:`pdns_recursor`
 
+list-dnssec-algos
+    List supported (and potentially disabled) DNSSEC algorithms.
+
 ping
     Check if server is alive.
 

diff --git a/pdns/recursordist/rec-main.cc b/pdns/recursordist/rec-main.cc
index 1e3838baafb4a02f57223d7e774315e58c351ae3..086f7053f843db654e78e8e112f5ebbb742022b6 100644 (file)
--- a/pdns/recursordist/rec-main.cc
+++ b/pdns/recursordist/rec-main.cc
@@ -1459,7 +1459,7 @@ static int initDNSSEC(Logr::log_t log)
   if (!::arg()["dnssec-disabled-algorithms"].empty()) {
     automatic = false;
     stringtok(nums, ::arg()["dnssec-disabled-algorithms"], ", ");
-    for (auto num: nums) {
+    for (const auto& num: nums) {
       DNSCryptoKeyEngine::switchOffAlgorithm(pdns::checked_stoi<unsigned int>(num));
     }
   } else {

diff --git a/pdns/recursordist/rec_channel_rec.cc b/pdns/recursordist/rec_channel_rec.cc
index f2a7d628e78dc453ee7f19c6a96bbccd382ea683..dbcf7b84356f321a210f516b66ed03dd3e55b8d7 100644 (file)
--- a/pdns/recursordist/rec_channel_rec.cc
+++ b/pdns/recursordist/rec_channel_rec.cc
@@ -2056,6 +2056,7 @@ RecursorControlChannel::Answer RecursorControlParser::getAnswer(int s, const str
             "get-remotelogger-stats           get remote logger statistics\n"
             "hash-password [work-factor]      ask for a password then return the hashed version\n"
             "help                             get this list\n"
+            "list-dnssec-algos                list supported DNSSEC algorithms\n"
             "ping                             check that all threads are alive\n"
             "quit                             stop the recursor daemon\n"
             "quit-nicely                      stop the recursor daemon nicely\n"
@@ -2310,6 +2311,9 @@ RecursorControlChannel::Answer RecursorControlParser::getAnswer(int s, const str
   if (cmd == "get-remotelogger-stats") {
     return {0, getRemoteLoggerStats()};
   }
+  if (cmd == "list-dnssec-algos") {
+    return {0, DNSCryptoKeyEngine::listSupportedAlgoNames() };
+  }
 
   return {1, "Unknown command '" + cmd + "', try 'help'\n"};
 }