From: Otto Moerbeek Date: Wed, 7 Jun 2023 10:10:26 +0000 (+0200) Subject: Add rec_control command to list supported algo names X-Git-Tag: rec-4.10.0-alpha0~2^2~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a47ea8ec60bb36df5c4d1c4f0c22c5d447da376f;p=thirdparty%2Fpdns.git Add rec_control command to list supported algo names --- diff --git a/pdns/dnssecinfra.cc b/pdns/dnssecinfra.cc index ae2bcfebc6..095aaab63b 100644 --- a/pdns/dnssecinfra.cc +++ b/pdns/dnssecinfra.cc @@ -231,6 +231,31 @@ vector> DNSCryptoKeyEngine::listAllAlgosWithBackend() return ret; } +string DNSCryptoKeyEngine::listSupportedAlgoNames() +{ + set algos; + auto pairs = DNSCryptoKeyEngine::listAllAlgosWithBackend(); + for (const auto& pair : pairs) { + algos.insert(pair.first); + } + string ret; + bool first = true; + for (auto algo : algos) { + if (!first) { + ret.append(" "); + } + else { + first = false; + } + ret.append(DNSSECKeeper::algorithm2name(algo)); + if (isAlgorithmSwitchedOff(algo)) { + ret.append("(disabled)"); + } + } + ret.append("\n"); + return ret; +} + void DNSCryptoKeyEngine::report(unsigned int algo, maker_t* maker, bool fallback) { getAllMakers()[algo].push_back(maker); diff --git a/pdns/dnssecinfra.hh b/pdns/dnssecinfra.hh index 7d7da8e7dd..f8de78e9c5 100644 --- a/pdns/dnssecinfra.hh +++ b/pdns/dnssecinfra.hh @@ -179,6 +179,7 @@ class DNSCryptoKeyEngine static bool testOne(int algo); static bool verifyOne(unsigned int algo); static void testVerify(unsigned int algo, maker_t* verifier); + static string listSupportedAlgoNames(); private: using makers_t = std::map; diff --git a/pdns/recursordist/docs/manpages/rec_control.1.rst b/pdns/recursordist/docs/manpages/rec_control.1.rst index c78fccbbc7..69817ea5e8 100644 --- a/pdns/recursordist/docs/manpages/rec_control.1.rst +++ b/pdns/recursordist/docs/manpages/rec_control.1.rst @@ -181,6 +181,9 @@ help Shows a list of supported commands understood by the running :program:`pdns_recursor` +list-dnssec-algos + List supported (and potentially disabled) DNSSEC algorithms. + ping Check if server is alive. diff --git a/pdns/recursordist/rec-main.cc b/pdns/recursordist/rec-main.cc index 1e3838baaf..086f7053f8 100644 --- a/pdns/recursordist/rec-main.cc +++ b/pdns/recursordist/rec-main.cc @@ -1459,7 +1459,7 @@ static int initDNSSEC(Logr::log_t log) if (!::arg()["dnssec-disabled-algorithms"].empty()) { automatic = false; stringtok(nums, ::arg()["dnssec-disabled-algorithms"], ", "); - for (auto num: nums) { + for (const auto& num: nums) { DNSCryptoKeyEngine::switchOffAlgorithm(pdns::checked_stoi(num)); } } else { diff --git a/pdns/recursordist/rec_channel_rec.cc b/pdns/recursordist/rec_channel_rec.cc index f2a7d628e7..dbcf7b8435 100644 --- a/pdns/recursordist/rec_channel_rec.cc +++ b/pdns/recursordist/rec_channel_rec.cc @@ -2056,6 +2056,7 @@ RecursorControlChannel::Answer RecursorControlParser::getAnswer(int s, const str "get-remotelogger-stats get remote logger statistics\n" "hash-password [work-factor] ask for a password then return the hashed version\n" "help get this list\n" + "list-dnssec-algos list supported DNSSEC algorithms\n" "ping check that all threads are alive\n" "quit stop the recursor daemon\n" "quit-nicely stop the recursor daemon nicely\n" @@ -2310,6 +2311,9 @@ RecursorControlChannel::Answer RecursorControlParser::getAnswer(int s, const str if (cmd == "get-remotelogger-stats") { return {0, getRemoteLoggerStats()}; } + if (cmd == "list-dnssec-algos") { + return {0, DNSCryptoKeyEngine::listSupportedAlgoNames() }; + } return {1, "Unknown command '" + cmd + "', try 'help'\n"}; }