AtomicCounter DNSSECKeeper::s_ops;
time_t DNSSECKeeper::s_last_prune;
-bool DNSSECKeeper::isSecuredZone(const std::string& zone)
+bool DNSSECKeeper::isSecuredZone(const DNSName& zone)
{
if(isPresigned(zone))
return true;
return false;
}
-bool DNSSECKeeper::isPresigned(const std::string& name)
+bool DNSSECKeeper::isPresigned(const DNSName& name)
{
string meta;
getFromMeta(name, "PRESIGNED", meta);
return meta=="1";
}
-bool DNSSECKeeper::addKey(const std::string& name, bool keyOrZone, int algorithm, int bits, bool active)
+bool DNSSECKeeper::addKey(const DNSName& name, bool keyOrZone, int algorithm, int bits, bool active)
{
if(!bits) {
if(algorithm <= 10)
s_metacache.clear();
}
-void DNSSECKeeper::clearCaches(const std::string& name)
+void DNSSECKeeper::clearCaches(const DNSName& name)
{
{
WriteLock l(&s_keycachelock);
}
-bool DNSSECKeeper::addKey(const std::string& name, const DNSSECPrivateKey& dpk, bool active)
+bool DNSSECKeeper::addKey(const DNSName& name, const DNSSECPrivateKey& dpk, bool active)
{
clearCaches(name);
DNSBackend::KeyData kd;
make_pair(!b.second.keyOrZone, b.second.id);
}
-DNSSECPrivateKey DNSSECKeeper::getKeyById(const std::string& zname, unsigned int id)
+DNSSECPrivateKey DNSSECKeeper::getKeyById(const DNSName& zname, unsigned int id)
{
vector<DNSBackend::KeyData> keys;
d_keymetadb->getDomainKeys(zname, 0, keys);
return dpk;
}
- throw runtime_error("Can't find a key with id "+lexical_cast<string>(id)+" for zone '"+zname+"'");
+ throw runtime_error("Can't find a key with id "+lexical_cast<string>(id)+" for zone '"+zname.toString()+"'");
}
-bool DNSSECKeeper::removeKey(const std::string& zname, unsigned int id)
+bool DNSSECKeeper::removeKey(const DNSName& zname, unsigned int id)
{
clearCaches(zname);
return d_keymetadb->removeDomainKey(zname, id);
}
-bool DNSSECKeeper::deactivateKey(const std::string& zname, unsigned int id)
+bool DNSSECKeeper::deactivateKey(const DNSName& zname, unsigned int id)
{
clearCaches(zname);
return d_keymetadb->deactivateDomainKey(zname, id);
}
-bool DNSSECKeeper::activateKey(const std::string& zname, unsigned int id)
+bool DNSSECKeeper::activateKey(const DNSName& zname, unsigned int id)
{
clearCaches(zname);
return d_keymetadb->activateDomainKey(zname, id);
}
-void DNSSECKeeper::getFromMeta(const std::string& zname, const std::string& key, std::string& value)
+void DNSSECKeeper::getFromMeta(const DNSName& zname, const std::string& key, std::string& value)
{
value.clear();
unsigned int now = time(0);
return (uint64_t)-1;
}
-bool DNSSECKeeper::getNSEC3PARAM(const std::string& zname, NSEC3PARAMRecordContent* ns3p, bool* narrow)
+bool DNSSECKeeper::getNSEC3PARAM(const DNSName& zname, NSEC3PARAMRecordContent* ns3p, bool* narrow)
{
string value;
getFromMeta(zname, "NSEC3PARAM", value);
delete tmp;
if (ns3p->d_iterations > maxNSEC3Iterations) {
ns3p->d_iterations = maxNSEC3Iterations;
- L<<Logger::Error<<"Number of NSEC3 iterations for zone '"<<zname<<"' is above 'max-nsec3-iterations'. Value adjusted to: "<<maxNSEC3Iterations<<endl;
+ L<<Logger::Error<<"Number of NSEC3 iterations for zone '"<<zname.toString()<<"' is above 'max-nsec3-iterations'. Value adjusted to: "<<maxNSEC3Iterations<<endl;
}
}
if(narrow) {
return true;
}
-bool DNSSECKeeper::setNSEC3PARAM(const std::string& zname, const NSEC3PARAMRecordContent& ns3p, const bool& narrow)
+bool DNSSECKeeper::setNSEC3PARAM(const DNSName& zname, const NSEC3PARAMRecordContent& ns3p, const bool& narrow)
{
static int maxNSEC3Iterations=::arg().asNum("max-nsec3-iterations");
if (ns3p.d_iterations > maxNSEC3Iterations)
- throw runtime_error("Can't set NSEC3PARAM for zone '"+zname+"': number of NSEC3 iterations is above 'max-nsec3-iterations'");
+ throw runtime_error("Can't set NSEC3PARAM for zone '"+zname.toString()+"': number of NSEC3 iterations is above 'max-nsec3-iterations'");
clearCaches(zname);
string descr = ns3p.getZoneRepresentation();
return false;
}
-bool DNSSECKeeper::unsetNSEC3PARAM(const std::string& zname)
+bool DNSSECKeeper::unsetNSEC3PARAM(const DNSName& zname)
{
clearCaches(zname);
return (d_keymetadb->setDomainMetadata(zname, "NSEC3PARAM", vector<string>()) && d_keymetadb->setDomainMetadata(zname, "NSEC3NARROW", vector<string>()));
}
-bool DNSSECKeeper::setPresigned(const std::string& zname)
+bool DNSSECKeeper::setPresigned(const DNSName& zname)
{
clearCaches(zname);
vector<string> meta;
return d_keymetadb->setDomainMetadata(zname, "PRESIGNED", meta);
}
-bool DNSSECKeeper::unsetPresigned(const std::string& zname)
+bool DNSSECKeeper::unsetPresigned(const DNSName& zname)
{
clearCaches(zname);
return d_keymetadb->setDomainMetadata(zname, "PRESIGNED", vector<string>());
}
-DNSSECKeeper::keyset_t DNSSECKeeper::getKeys(const std::string& zone, boost::tribool allOrKeyOrZone, bool useCache)
+DNSSECKeeper::keyset_t DNSSECKeeper::getKeys(const DNSName& zone, boost::tribool allOrKeyOrZone, bool useCache)
{
unsigned int now = time(0);
return retkeyset;
}
-bool DNSSECKeeper::secureZone(const std::string& name, int algorithm, int size)
+bool DNSSECKeeper::secureZone(const DNSName& name, int algorithm, int size)
{
clearCaches(name); // just to be sure ;)
return addKey(name, true, algorithm, size);
}
-bool DNSSECKeeper::getPreRRSIGs(UeberBackend& db, const std::string& signer, const std::string& qname,
- const std::string& wildcardname, const QType& qtype,
+bool DNSSECKeeper::getPreRRSIGs(UeberBackend& db, const DNSName& signer, const DNSName& qname,
+ const DNSName& wildcardname, const QType& qtype,
DNSPacketWriter::Place signPlace, vector<DNSResourceRecord>& rrsigs, uint32_t signTTL)
{
vector<DNSResourceRecord> sigs;
- if(db.getDirectRRSIGs(toLower(signer), toLower(wildcardname.empty() ? qname : wildcardname), qtype, sigs)) {
+ if(db.getDirectRRSIGs(signer, wildcardname.countLabels() ? wildcardname : qname, qtype, sigs)) {
BOOST_FOREACH(DNSResourceRecord &rr, sigs) {
- if (!wildcardname.empty())
- rr.qname = toLower(qname);
rr.d_place = (DNSResourceRecord::Place)signPlace;
rr.ttl = signTTL;
rrsigs.push_back(rr);
DLOG(L<<"Could not get SOA for domain"<<endl);
return false;
}
- db.lookup(QType(QType::RRSIG), wildcardname.empty() ? qname : wildcardname, NULL, sd.domain_id);
+ db.lookup(QType(QType::RRSIG), wildcardname.countLabels() ? wildcardname : qname, NULL, sd.domain_id);
DNSResourceRecord rr;
while(db.get(rr)) {
// cerr<<"Considering for '"<<qtype.getName()<<"' RRSIG '"<<rr.content<<"'\n";
vector<string> parts;
stringtok(parts, rr.content);
- if(parts[0] == qtype.getName() && pdns_iequals(parts[7], signer+".")) {
+ if(parts[0] == qtype.getName() && DNSName(parts[7])==signer) {
// cerr<<"Got it"<<endl;
- if (!wildcardname.empty())
+ if (wildcardname.countLabels())
rr.qname = qname;
rr.d_place = (DNSResourceRecord::Place)signPlace;
rr.ttl = signTTL;
return true;
}
-bool DNSSECKeeper::TSIGGrantsAccess(const string& zone, const string& keyname)
+bool DNSSECKeeper::TSIGGrantsAccess(const DNSName& zone, const DNSName& keyname)
{
vector<string> allowed;
d_keymetadb->getDomainMetadata(zone, "TSIG-ALLOW-AXFR", allowed);
BOOST_FOREACH(const string& dbkey, allowed) {
- if(pdns_iequals(dbkey, keyname))
+ if(DNSName(dbkey)==keyname)
return true;
}
return false;
}
-bool DNSSECKeeper::getTSIGForAccess(const string& zone, const string& master, string* keyname)
+bool DNSSECKeeper::getTSIGForAccess(const DNSName& zone, const string& master, DNSName* keyname)
{
vector<string> keynames;
d_keymetadb->getDomainMetadata(zone, "AXFR-MASTER-TSIG", keynames);
- keyname->clear();
+ keyname->trimToLabels(0);
// XXX FIXME this should check for a specific master!
BOOST_FOREACH(const string& dbkey, keynames) {
- *keyname=dbkey;
+ *keyname=DNSName(dbkey);
return true;
}
return false;