[thirdparty/pdns.git] / pdns / filterpo.cc

/*
 * This file is part of PowerDNS or dnsdist.
 * Copyright -- PowerDNS.COM B.V. and its contributors
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of version 2 of the GNU General Public License as
 * published by the Free Software Foundation.
 *
 * In addition, for the avoidance of any doubt, permission is granted to
 * link this program with OpenSSL and to (re)distribute the binaries
 * produced as the result of such linking.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
#include "filterpo.hh"
#include <iostream>
#include "namespaces.hh"
#include "dnsrecords.hh"

DNSFilterEngine::DNSFilterEngine()
{
}

bool findNamedPolicy(const map<DNSName, DNSFilterEngine::Policy>& polmap, const DNSName& qname, DNSFilterEngine::Policy& pol)
{
  DNSName s(qname);

    /* for www.powerdns.com, we need to check:
         www.powerdns.com.
           *.powerdns.com.
             powerdns.com.
	            *.com.
                      com.
	 	        *.
  			 .       */
 
  bool first=true;
  do {
    auto iter = polmap.find(s);
    if(iter != polmap.end()) {
      pol=iter->second;
      return true;
    }
    if(!first) {
      iter = polmap.find(DNSName("*")+s);
      if(iter != polmap.end()) {
	pol=iter->second;
	return true;
      }
    }
    first=false;
  } while(s.chopOff());
  return false;
}

DNSFilterEngine::Policy DNSFilterEngine::getProcessingPolicy(const DNSName& qname) const
{
  //  cout<<"Got question for nameserver name "<<qname<<endl;
  Policy pol{PolicyKind::NoAction, nullptr, "", 0};
  for(const auto& z : d_zones) {
    if(findNamedPolicy(z.propolName, qname, pol)) {
      //      cerr<<"Had a hit on the nameserver ("<<qname<<") used to process the query"<<endl;
      return pol;
    }
  }
  return pol;
}  


DNSFilterEngine::Policy DNSFilterEngine::getQueryPolicy(const DNSName& qname, const ComboAddress& ca) const
{
  //  cout<<"Got question for "<<qname<<" from "<<ca.toString()<<endl;

  Policy pol{PolicyKind::NoAction, nullptr, "", 0};
  for(const auto& z : d_zones) {
    if(findNamedPolicy(z.qpolName, qname, pol)) {
      //      cerr<<"Had a hit on the name of the query"<<endl;
      return pol;
    }
    
    if(auto fnd=z.qpolAddr.lookup(ca)) {
      //	cerr<<"Had a hit on the IP address ("<<ca.toString()<<") of the client"<<endl;
      return fnd->second;
    }
  }

  return pol;
}

DNSFilterEngine::Policy DNSFilterEngine::getPostPolicy(const vector<DNSRecord>& records) const
{
  ComboAddress ca;

  for(const auto& r : records) {
    if(r.d_place != DNSResourceRecord::ANSWER) 
      continue;
    if(r.d_type == QType::A) {
      if (auto rec = getRR<ARecordContent>(r)) {
        ca = rec->getCA();
      }
    }
    else if(r.d_type == QType::AAAA) {
      if (auto rec = getRR<AAAARecordContent>(r)) {
        ca = rec->getCA();
      }
    }
    else
      continue;

    for(const auto& z : d_zones) {
      if(auto fnd=z.postpolAddr.lookup(ca))
	return fnd->second;
    }
  }
  return Policy{PolicyKind::NoAction, nullptr, "", 0};
}

void DNSFilterEngine::assureZones(int zone)
{
  if((int)d_zones.size() <= zone)
    d_zones.resize(zone+1);
}

void DNSFilterEngine::clear(int zone)
{
  assureZones(zone);
  auto& z = d_zones[zone];
  z.qpolAddr.clear();
  z.postpolAddr.clear();
  z.propolName.clear();
  z.qpolName.clear();
}

void DNSFilterEngine::addClientTrigger(const Netmask& nm, Policy pol, int zone)
{
  assureZones(zone);
  d_zones[zone].qpolAddr.insert(nm).second=pol;
}

void DNSFilterEngine::addResponseTrigger(const Netmask& nm, Policy pol, int zone)
{
  assureZones(zone);
  d_zones[zone].postpolAddr.insert(nm).second=pol;
}

void DNSFilterEngine::addQNameTrigger(const DNSName& n, Policy pol, int zone)
{
  assureZones(zone);
  d_zones[zone].qpolName[n]=pol;
}

void DNSFilterEngine::addNSTrigger(const DNSName& n, Policy pol, int zone)
{
  assureZones(zone);
  d_zones[zone].propolName[n]=pol;
}

bool DNSFilterEngine::rmClientTrigger(const Netmask& nm, Policy pol, int zone)
{
  assureZones(zone);

  auto& qpols = d_zones[zone].qpolAddr;
  qpols.erase(nm);
  return true;
}

bool DNSFilterEngine::rmResponseTrigger(const Netmask& nm, Policy pol, int zone)
{
  assureZones(zone);
  auto& postpols = d_zones[zone].postpolAddr;
  postpols.erase(nm);  
  return true;
}

bool DNSFilterEngine::rmQNameTrigger(const DNSName& n, Policy pol, int zone)
{
  assureZones(zone);
  d_zones[zone].qpolName.erase(n); // XXX verify we had identical policy?
  return true;
}

bool DNSFilterEngine::rmNSTrigger(const DNSName& n, Policy pol, int zone)
{
  assureZones(zone);
  d_zones[zone].propolName.erase(n); // XXX verify policy matched? =pol;
  return true;
}
Commit	Line	Data
12471842 PL	1	/*
	2	* This file is part of PowerDNS or dnsdist.
	3	* Copyright -- PowerDNS.COM B.V. and its contributors
	4	*
	5	* This program is free software; you can redistribute it and/or modify
	6	* it under the terms of version 2 of the GNU General Public License as
	7	* published by the Free Software Foundation.
	8	*
	9	* In addition, for the avoidance of any doubt, permission is granted to
	10	* link this program with OpenSSL and to (re)distribute the binaries
	11	* produced as the result of such linking.
	12	*
	13	* This program is distributed in the hope that it will be useful,
	14	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	16	* GNU General Public License for more details.
	17	*
	18	* You should have received a copy of the GNU General Public License
	19	* along with this program; if not, write to the Free Software
	20	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
	21	*/
644dd1da	22	#include "filterpo.hh"
	23	#include <iostream>
	24	#include "namespaces.hh"
	25	#include "dnsrecords.hh"
	26
	27	DNSFilterEngine::DNSFilterEngine()
	28	{
	29	}
	30
	31	bool findNamedPolicy(const map<DNSName, DNSFilterEngine::Policy>& polmap, const DNSName& qname, DNSFilterEngine::Policy& pol)
	32	{
	33	DNSName s(qname);
	34
	35	/* for www.powerdns.com, we need to check:
	36	www.powerdns.com.
	37	*.powerdns.com.
	38	powerdns.com.
	39	*.com.
	40	com.
	41	*.
	42	. */
	43
	44	bool first=true;
	45	do {
	46	auto iter = polmap.find(s);
	47	if(iter != polmap.end()) {
	48	pol=iter->second;
	49	return true;
	50	}
	51	if(!first) {
	52	iter = polmap.find(DNSName("*")+s);
	53	if(iter != polmap.end()) {
	54	pol=iter->second;
	55	return true;
	56	}
	57	}
	58	first=false;
	59	} while(s.chopOff());
	60	return false;
	61	}
	62
	63	DNSFilterEngine::Policy DNSFilterEngine::getProcessingPolicy(const DNSName& qname) const
	64	{
39ec5d29	65	// cout<<"Got question for nameserver name "<<qname<<endl;
83971888	66	Policy pol{PolicyKind::NoAction, nullptr, "", 0};
644dd1da	67	for(const auto& z : d_zones) {
644dd1da	68	if(findNamedPolicy(z.propolName, qname, pol)) {
de0f72ba	69	// cerr<<"Had a hit on the nameserver ("<<qname<<") used to process the query"<<endl;
644dd1da	70	return pol;
	71	}
	72	}
	73	return pol;
	74	}
	75
	76
	77	DNSFilterEngine::Policy DNSFilterEngine::getQueryPolicy(const DNSName& qname, const ComboAddress& ca) const
	78	{
de0f72ba	79	// cout<<"Got question for "<<qname<<" from "<<ca.toString()<<endl;
644dd1da	80
83971888	81	Policy pol{PolicyKind::NoAction, nullptr, "", 0};
644dd1da	82	for(const auto& z : d_zones) {
644dd1da	83	if(findNamedPolicy(z.qpolName, qname, pol)) {
de0f72ba	84	// cerr<<"Had a hit on the name of the query"<<endl;
644dd1da	85	return pol;
	86	}
	87
0e760497	88	if(auto fnd=z.qpolAddr.lookup(ca)) {
	89	// cerr<<"Had a hit on the IP address ("<<ca.toString()<<") of the client"<<endl;
	90	return fnd->second;
644dd1da	91	}
	92	}
	93
39ec5d29	94	return pol;
644dd1da	95	}
	96
	97	DNSFilterEngine::Policy DNSFilterEngine::getPostPolicy(const vector<DNSRecord>& records) const
	98	{
	99	ComboAddress ca;
	100
	101	for(const auto& r : records) {
589ad24b	102	if(r.d_place != DNSResourceRecord::ANSWER)
644dd1da	103	continue;
ba3c54cb RG	104	if(r.d_type == QType::A) {
	105	if (auto rec = getRR<ARecordContent>(r)) {
	106	ca = rec->getCA();
	107	}
	108	}
	109	else if(r.d_type == QType::AAAA) {
	110	if (auto rec = getRR<AAAARecordContent>(r)) {
	111	ca = rec->getCA();
	112	}
	113	}
644dd1da	114	else
	115	continue;
	116
	117	for(const auto& z : d_zones) {
0e760497	118	if(auto fnd=z.postpolAddr.lookup(ca))
0e760497	119	return fnd->second;
644dd1da	120	}
644dd1da	121	}
83971888	122	return Policy{PolicyKind::NoAction, nullptr, "", 0};
644dd1da	123	}
	124
	125	void DNSFilterEngine::assureZones(int zone)
	126	{
	127	if((int)d_zones.size() <= zone)
	128	d_zones.resize(zone+1);
644dd1da	129	}
644dd1da	130
7eafc52f	131	void DNSFilterEngine::clear(int zone)
	132	{
	133	assureZones(zone);
	134	auto& z = d_zones[zone];
	135	z.qpolAddr.clear();
	136	z.postpolAddr.clear();
	137	z.propolName.clear();
	138	z.qpolName.clear();
	139	}
	140
644dd1da	141	void DNSFilterEngine::addClientTrigger(const Netmask& nm, Policy pol, int zone)
	142	{
	143	assureZones(zone);
0e760497	144	d_zones[zone].qpolAddr.insert(nm).second=pol;
644dd1da	145	}
	146
	147	void DNSFilterEngine::addResponseTrigger(const Netmask& nm, Policy pol, int zone)
	148	{
	149	assureZones(zone);
0e760497	150	d_zones[zone].postpolAddr.insert(nm).second=pol;
644dd1da	151	}
	152
	153	void DNSFilterEngine::addQNameTrigger(const DNSName& n, Policy pol, int zone)
	154	{
	155	assureZones(zone);
	156	d_zones[zone].qpolName[n]=pol;
	157	}
	158
	159	void DNSFilterEngine::addNSTrigger(const DNSName& n, Policy pol, int zone)
	160	{
	161	assureZones(zone);
	162	d_zones[zone].propolName[n]=pol;
	163	}
39ec5d29	164
	165	bool DNSFilterEngine::rmClientTrigger(const Netmask& nm, Policy pol, int zone)
	166	{
	167	assureZones(zone);
	168
	169	auto& qpols = d_zones[zone].qpolAddr;
0e760497	170	qpols.erase(nm);
39ec5d29	171	return true;
	172	}
	173
	174	bool DNSFilterEngine::rmResponseTrigger(const Netmask& nm, Policy pol, int zone)
	175	{
	176	assureZones(zone);
	177	auto& postpols = d_zones[zone].postpolAddr;
0e760497	178	postpols.erase(nm);
39ec5d29	179	return true;
	180	}
	181
	182	bool DNSFilterEngine::rmQNameTrigger(const DNSName& n, Policy pol, int zone)
	183	{
	184	assureZones(zone);
	185	d_zones[zone].qpolName.erase(n); // XXX verify we had identical policy?
	186	return true;
	187	}
	188
	189	bool DNSFilterEngine::rmNSTrigger(const DNSName& n, Policy pol, int zone)
	190	{
	191	assureZones(zone);
	192	d_zones[zone].propolName.erase(n); // XXX verify policy matched? =pol;
	193	return true;
	194	}