From: Bozhan Liang <lbz@rivensbane.com>
Date: Mon, 16 Dec 2024 07:41:37 +0000 (+0800)
Subject: auth: createForward and createForward6 will use the zone_record as base
X-Git-Tag: dnsdist-2.0.0-alpha1~191^2~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3a9f0927716d78958ffbb6630cebe95e94fda859;p=thirdparty%2Fpdns.git

auth: createForward and createForward6 will use the zone_record as base
Closes #7522
---

diff --git a/pdns/lua-auth4.hh b/pdns/lua-auth4.hh
index d154df7088..6d75072d2f 100644
--- a/pdns/lua-auth4.hh
+++ b/pdns/lua-auth4.hh
@@ -45,5 +45,5 @@ private:
   luacall_axfr_filter_t d_axfr_filter;
   luacall_prequery_t d_prequery;
 };
-std::vector<shared_ptr<DNSRecordContent>> luaSynth(const std::string& code, const DNSName& qname,
+std::vector<shared_ptr<DNSRecordContent>> luaSynth(const std::string& code, const DNSName& qname, const DNSRecord& zone_record,
                                                    const DNSName& zone, int zoneid, const DNSPacket& dnsp, uint16_t qtype, unique_ptr<AuthLua4>& LUA);
diff --git a/pdns/lua-record.cc b/pdns/lua-record.cc
index 1f2344a881..a6286f4aa7 100644
--- a/pdns/lua-record.cc
+++ b/pdns/lua-record.cc
@@ -654,6 +654,7 @@ typedef struct AuthLuaRecordContext
 {
   ComboAddress          bestwho;
   DNSName               qname;
+  DNSRecord             zone_record;
   DNSName               zone;
   int                   zoneid;
 } lua_record_ctx_t;
@@ -915,8 +916,14 @@ static void setupLuaRecords(LuaContext& lua) // NOLINT(readability-function-cogn
       return std::string("error");
     });
   lua.writeFunction("createForward", []() {
-      static string allZerosIP("0.0.0.0");
-      DNSName rel=s_lua_record_ctx->qname.makeRelative(s_lua_record_ctx->zone);
+      static string allZerosIP{"0.0.0.0"};
+      DNSName record_name{s_lua_record_ctx->zone_record.d_name};
+      if (record_name.isWildcard() == false) {
+        return allZerosIP;
+      }
+      record_name.chopOff();
+      DNSName rel{s_lua_record_ctx->qname.makeRelative(record_name)};
+
       // parts is something like ["1", "2", "3", "4", "static"] or
       // ["1", "2", "3", "4"] or ["ip40414243", "ip-addresses", ...]
       auto parts = rel.getRawLabels();
@@ -972,7 +979,14 @@ static void setupLuaRecords(LuaContext& lua) // NOLINT(readability-function-cogn
     });
 
   lua.writeFunction("createForward6", []() {
-      DNSName rel=s_lua_record_ctx->qname.makeRelative(s_lua_record_ctx->zone);
+      static string allZerosIP{"::"};
+      DNSName record_name{s_lua_record_ctx->zone_record.d_name};
+      if (record_name.isWildcard() == false) {
+        return allZerosIP;
+      }
+      record_name.chopOff();
+      DNSName rel{s_lua_record_ctx->qname.makeRelative(record_name)};
+
       auto parts = rel.getRawLabels();
       if(parts.size()==8) {
         string tot;
@@ -1008,7 +1022,7 @@ static void setupLuaRecords(LuaContext& lua) // NOLINT(readability-function-cogn
         }
       }
 
-      return std::string("::");
+      return allZerosIP;
     });
   lua.writeFunction("createReverse6", [](string format, boost::optional<std::unordered_map<string,string>> e){
       vector<ComboAddress> candidates;
@@ -1395,7 +1409,7 @@ static void setupLuaRecords(LuaContext& lua) // NOLINT(readability-function-cogn
     });
 }
 
-std::vector<shared_ptr<DNSRecordContent>> luaSynth(const std::string& code, const DNSName& query, const DNSName& zone, int zoneid, const DNSPacket& dnsp, uint16_t qtype, unique_ptr<AuthLua4>& LUA)
+std::vector<shared_ptr<DNSRecordContent>> luaSynth(const std::string& code, const DNSName& query, const DNSRecord& zone_record, const DNSName& zone, int zoneid, const DNSPacket& dnsp, uint16_t qtype, unique_ptr<AuthLua4>& LUA)
 {
   if(!LUA ||                  // we don't have a Lua state yet
      !g_LuaRecordSharedState) { // or we want a new one even if we had one
@@ -1409,6 +1423,7 @@ std::vector<shared_ptr<DNSRecordContent>> luaSynth(const std::string& code, cons
 
   s_lua_record_ctx = std::make_unique<lua_record_ctx_t>();
   s_lua_record_ctx->qname = query;
+  s_lua_record_ctx->zone_record = zone_record;
   s_lua_record_ctx->zone = zone;
   s_lua_record_ctx->zoneid = zoneid;
 
diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index ca6d263438..1843597759 100644
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -427,7 +427,7 @@ bool PacketHandler::getBestWildcard(DNSPacket& p, const DNSName &target, DNSName
           //    noCache=true;
           DLOG(g_log<<"Executing Lua: '"<<rec->getCode()<<"'"<<endl);
           try {
-            auto recvec=luaSynth(rec->getCode(), target, d_sd.qname, d_sd.domain_id, p, rec->d_type, s_LUA);
+            auto recvec=luaSynth(rec->getCode(), target, rr.dr, d_sd.qname, d_sd.domain_id, p, rec->d_type, s_LUA);
             for (const auto& r : recvec) {
               rr.dr.d_type = rec->d_type; // might be CNAME
               rr.dr.setContent(r);
@@ -1622,7 +1622,7 @@ std::unique_ptr<DNSPacket> PacketHandler::doQuestion(DNSPacket& p)
         if(rec->d_type == QType::CNAME || rec->d_type == p.qtype.getCode() || (p.qtype.getCode() == QType::ANY && rec->d_type != QType::RRSIG)) {
           noCache=true;
           try {
-            auto recvec=luaSynth(rec->getCode(), target, d_sd.qname, d_sd.domain_id, p, rec->d_type, s_LUA);
+            auto recvec=luaSynth(rec->getCode(), target, rr.dr, d_sd.qname, d_sd.domain_id, p, rec->d_type, s_LUA);
             if(!recvec.empty()) {
               for (const auto& r_it : recvec) {
                 rr.dr.d_type = rec->d_type; // might be CNAME
diff --git a/regression-tests.auth-py/test_LuaRecords.py b/regression-tests.auth-py/test_LuaRecords.py
index 973d98568c..dc46645845 100644
--- a/regression-tests.auth-py/test_LuaRecords.py
+++ b/regression-tests.auth-py/test_LuaRecords.py
@@ -148,6 +148,7 @@ resolve          IN    LUA    A   ";local r=resolve('localhost', 1) local t={{}}
 filterforwardempty IN LUA A "filterForward('192.0.2.1', newNMG{{'192.1.2.0/24'}}, '')"
 
 *.createforward  IN    LUA    A     "filterForward(createForward(), newNMG{{'1.0.0.0/8', '64.0.0.0/8'}})"
+*.createforward6 IN    LUA    AAAA  "filterForward(createForward6(), newNMG{{'2000::/3'}}, 'fe80::1')"
 *.createreverse  IN    LUA    PTR   "createReverse('%5%.example.com', {{['10.10.10.10'] = 'quad10.example.com.'}})"
 *.createreverse6 IN    LUA    PTR   "createReverse6('%33%.example.com', {{['2001:db8::1'] = 'example.example.com.'}})"
 
@@ -160,14 +161,7 @@ lookmeup         IN           A  192.0.2.5
 dblookup         IN    LUA    A  "dblookup('lookmeup.example.org', pdns.A)[1]"
 
 whitespace       IN    LUA    TXT "'foo" "bar'"
-        """,
-        'createforward6.example.org': """
-createforward6.example.org.                 3600 IN SOA  {soa}
-createforward6.example.org.                 3600 IN NS   ns1.example.org.
-createforward6.example.org.                 3600 IN NS   ns2.example.org.
-*                                                IN    LUA    AAAA  "filterForward(createForward6(), newNMG{{'2000::/3'}}, 'fe80::1')"
-        """
-# the separate createforward6 zone is because some of the code in lua-record.cc insists on working relatively to the zone apex
+        """
     }
     _web_rrsets = []
 
@@ -1004,7 +998,7 @@ createforward6.example.org.                 3600 IN NS   ns2.example.org.
                 "invalid": "0.0.0.0",
                 "1-2-3-4": "1.2.3.4",
                 "1-2-3-4.foo": "1.2.3.4",
-                "1-2-3-4.foo.bar": "0.0.0.0",
+                "1-2-3-4.foo.bar": "1.2.3.4",
                 "1-2-3-4.foo.bar.baz": "0.0.0.0",
                 "1-2-3-4.foo.bar.baz.quux": "0.0.0.0",
                 "ip-1-2-3-4": "1.2.3.4",