From: Peter Thomassen Date: Mon, 15 Apr 2024 00:30:28 +0000 (+0200) Subject: auth: allow CDS/CDNSKEY synthesis from other zone X-Git-Tag: rec-5.4.0-alpha0~21^2~12 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4b8da7c8f41630667c20ecdfbbdb8969a28e8000;p=thirdparty%2Fpdns.git auth: allow CDS/CDNSKEY synthesis from other zone --- diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc index 78b4fb1b4b..466c16de18 100644 --- a/pdns/packethandler.cc +++ b/pdns/packethandler.cc @@ -117,18 +117,23 @@ PacketHandler::~PacketHandler() * * @param p Pointer to the DNSPacket containing the original question * @param r Pointer to the DNSPacket where the records should be inserted into + * @param sd SOAData of the zone from which CDNSKEY contents are taken (default: d_sd) * @return bool that shows if any records were added **/ bool PacketHandler::addCDNSKEY(DNSPacket& p, std::unique_ptr& r) +{ + return addCDNSKEY(p, r, d_sd); +} +bool PacketHandler::addCDNSKEY(DNSPacket& p, std::unique_ptr& r, SOAData &sd) { string publishCDNSKEY; - d_dk.getPublishCDNSKEY(r->qdomainzone,publishCDNSKEY); + d_dk.getPublishCDNSKEY(sd.zonename,publishCDNSKEY); if (publishCDNSKEY.empty()) return false; DNSZoneRecord rr; rr.dr.d_type=QType::CDNSKEY; - rr.dr.d_ttl=d_sd.minimum; + rr.dr.d_ttl=sd.minimum; rr.dr.d_name=p.qdomain; rr.auth=true; @@ -139,7 +144,7 @@ bool PacketHandler::addCDNSKEY(DNSPacket& p, std::unique_ptr& r) } bool haveOne=false; - for (const auto& value : d_dk.getEntryPoints(r->qdomainzone)) { + for (const auto& value : d_dk.getEntryPoints(sd.zonename)) { if (!value.second.published) { continue; } @@ -149,10 +154,11 @@ bool PacketHandler::addCDNSKEY(DNSPacket& p, std::unique_ptr& r) } if(::arg().mustDo("direct-dnskey")) { - B.lookup(QType(QType::CDNSKEY), p.qdomain, d_sd.domain_id, &p); + B.lookup(QType(QType::CDNSKEY), sd.qname(), sd.domain_id, &p); while(B.get(rr)) { - rr.dr.d_ttl=d_sd.minimum; + rr.dr.d_ttl=sd.minimum; + rr.dr.d_name=p.qdomain; r->addRecord(std::move(rr)); haveOne=true; } @@ -204,12 +210,17 @@ bool PacketHandler::addDNSKEY(DNSPacket& p, std::unique_ptr& r) * @param p Pointer to the DNSPacket containing the original question. * @param r Pointer to the DNSPacket where the records should be inserted into. * used to determine record TTL. + * @param sd SOAData of the zone from which CDS contents are taken (default: d_sd) * @return bool that shows if any records were added. **/ -bool PacketHandler::addCDS(DNSPacket& p, std::unique_ptr& r) +bool PacketHandler::addCDS(DNSPacket& p, std::unique_ptr& r) // NOLINT(readability-identifier-length) +{ + return addCDS(p, r, d_sd); +} +bool PacketHandler::addCDS(DNSPacket& p, std::unique_ptr& r, SOAData &sd) // NOLINT(readability-identifier-length) { string publishCDS; - d_dk.getPublishCDS(r->qdomainzone, publishCDS); + d_dk.getPublishCDS(sd.zonename, publishCDS); if (publishCDS.empty()) return false; @@ -218,7 +229,7 @@ bool PacketHandler::addCDS(DNSPacket& p, std::unique_ptr& r) DNSZoneRecord rr; rr.dr.d_type=QType::CDS; - rr.dr.d_ttl=d_sd.minimum; + rr.dr.d_ttl=sd.minimum; rr.dr.d_name=p.qdomain; rr.auth=true; @@ -230,22 +241,23 @@ bool PacketHandler::addCDS(DNSPacket& p, std::unique_ptr& r) bool haveOne=false; - for (const auto& value : d_dk.getEntryPoints(r->qdomainzone)) { + for (const auto& value : d_dk.getEntryPoints(sd.zonename)) { if (!value.second.published) { continue; } for(auto const &digestAlgo : digestAlgos){ - rr.dr.setContent(std::make_shared(makeDSFromDNSKey(p.qdomain, value.first.getDNSKEY(), pdns::checked_stoi(digestAlgo)))); + rr.dr.setContent(std::make_shared(makeDSFromDNSKey(sd.qname(), value.first.getDNSKEY(), pdns::checked_stoi(digestAlgo)))); r->addRecord(DNSZoneRecord(rr)); haveOne=true; } } if(::arg().mustDo("direct-dnskey")) { - B.lookup(QType(QType::CDS), p.qdomain, d_sd.domain_id, &p); + B.lookup(QType(QType::CDS), sd.qname(), sd.domain_id, &p); while(B.get(rr)) { - rr.dr.d_ttl=d_sd.minimum; + rr.dr.d_ttl=sd.minimum; + rr.dr.d_name=p.qdomain; r->addRecord(std::move(rr)); haveOne=true; } diff --git a/pdns/packethandler.hh b/pdns/packethandler.hh index 1dcea12b28..d60e0a09b7 100644 --- a/pdns/packethandler.hh +++ b/pdns/packethandler.hh @@ -74,7 +74,9 @@ private: void addRootReferral(DNSPacket& r); int doChaosRequest(const DNSPacket& p, std::unique_ptr& r, DNSName &target) const; bool addDNSKEY(DNSPacket& p, std::unique_ptr& r); + bool addCDNSKEY(DNSPacket& p, std::unique_ptr& r, SOAData &sd); bool addCDNSKEY(DNSPacket& p, std::unique_ptr& r); + bool addCDS(DNSPacket& p, std::unique_ptr& r, SOAData &sd); bool addCDS(DNSPacket& p, std::unique_ptr& r); bool addNSEC3PARAM(const DNSPacket& p, std::unique_ptr& r); void doAdditionalProcessing(DNSPacket& p, std::unique_ptr& r);