return d_keymetadb->doesDNSSEC();
}
-bool DNSSECKeeper::isSecuredZone(const DNSName& zone, bool useCache)
+bool DNSSECKeeper::isSecuredZone(const DNSName& zone, bool useCache)
{
if(isPresigned(zone, useCache))
return true;
}
DNSSECPrivateKey DNSSECKeeper::getKeyById(const DNSName& zname, unsigned int id)
-{
+{
vector<DNSBackend::KeyData> keys;
d_keymetadb->getDomainKeys(zname, keys);
for(const DNSBackend::KeyData& kd : keys) {
- if(kd.id != id)
+ if(kd.id != id)
continue;
-
+
DNSKEYRecordContent dkrc;
auto key = shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::makeFromISCString(dkrc, kd.content));
DNSSECPrivateKey dpk;
dpk.setKey(key, kd.flags, dkrc.d_algorithm);
-
- return dpk;
+
+ return dpk;
}
throw runtime_error("Can't find a key with id "+std::to_string(id)+" for zone '"+zname.toLogString()+"'");
}
meta.push_back(descr);
if (d_keymetadb->setDomainMetadata(zname, "NSEC3PARAM", meta)) {
meta.clear();
-
+
if(narrow)
meta.push_back("1");
-
+
return d_keymetadb->setDomainMetadata(zname, "NSEC3NARROW", meta) && clearMetaCache(zname);
}
return false;
bool DNSSECKeeper::TSIGGrantsAccess(const DNSName& zone, const DNSName& keyname)
{
vector<string> allowed;
-
+
d_keymetadb->getDomainMetadata(zone, "TSIG-ALLOW-AXFR", allowed);
-
+
for(const string& dbkey : allowed) {
if(DNSName(dbkey)==keyname)
return true;
vector<string> keynames;
d_keymetadb->getDomainMetadata(zone, "AXFR-MASTER-TSIG", keynames);
keyname->trimToLabels(0);
-
+
// XXX FIXME this should check for a specific master!
for(const string& dbkey : keynames) {
*keyname=DNSName(dbkey);
public:
DNSSECKeeper() : d_keymetadb( new UeberBackend("key-only")), d_ourDB(true)
{
-
+
}
-
+
DNSSECKeeper(UeberBackend* db) : d_keymetadb(db), d_ourDB(false)
{
}
-
+
~DNSSECKeeper()
{
if(d_ourDB)
bool TSIGGrantsAccess(const DNSName& zone, const DNSName& keyname);
bool getTSIGForAccess(const DNSName& zone, const ComboAddress& master, DNSName* keyname);
-
+
void startTransaction(const DNSName& zone, int zone_id)
{
(*d_keymetadb->backends.begin())->startTransaction(zone, zone_id);
}
-
+
void commitTransaction()
{
(*d_keymetadb->backends.begin())->commitTransaction();
}
-
+
void getFromMetaOrDefault(const DNSName& zname, const std::string& key, std::string& value, const std::string& defaultvalue);
bool getFromMeta(const DNSName& zname, const std::string& key, std::string& value);
void getSoaEdit(const DNSName& zname, std::string& value, bool useCache=true);
struct KeyCacheEntry
{
typedef vector<DNSSECKeeper::keymeta_t> keys_t;
-
+
uint32_t isStale(time_t now) const
{
return d_ttd < now;
}
-
+
DNSName d_domain;
mutable keys_t d_keys;
unsigned int d_ttd;
};
-
+
struct METACacheEntry
{
time_t isStale(time_t now) const
mutable METAValues d_value;
time_t d_ttd;
};
-
+
struct KeyCacheTag{};
struct CompositeTag{};
struct SequencedTag{};
-
+
typedef multi_index_container<
KeyCacheEntry,
indexed_by<
projects / thirdparty / pdns.git / commitdiff
