From: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Date: Fri, 4 Feb 2022 09:03:04 +0000 (+0100)
Subject: Log an error if pdns.DROP is used as rcode in Lua callbacks
X-Git-Tag: auth-4.7.0-alpha1~20^2~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f3f042efd2a1aff444f18e7d9e23ffc631b1b36f;p=thirdparty%2Fpdns.git

Log an error if pdns.DROP is used as rcode in Lua callbacks
---

diff --git a/pdns/lua-base4.cc b/pdns/lua-base4.cc
index 8c8d46fc94..aea4146d85 100644
--- a/pdns/lua-base4.cc
+++ b/pdns/lua-base4.cc
@@ -244,7 +244,8 @@ void BaseLua4::prepareContext() {
                                        {"YXRRSET",  RCode::YXRRSet  },
                                        {"NXRRSET",  RCode::NXRRSet  },
                                        {"NOTAUTH",  RCode::NotAuth  },
-                                       {"NOTZONE",  RCode::NotZone  }};
+                                       {"NOTZONE",  RCode::NotZone  },
+                                       {"DROP",    -2               }}; // To give backport-incompatibilityy warning
   for(const auto& rcode : rcodes)
     d_pd.push_back({rcode.first, rcode.second});
 
diff --git a/pdns/lua-recursor4.cc b/pdns/lua-recursor4.cc
index b346c3f413..6124c7328b 100644
--- a/pdns/lua-recursor4.cc
+++ b/pdns/lua-recursor4.cc
@@ -497,6 +497,15 @@ void RecursorLua4::getFeatures(Features& features)
   features.emplace_back("PR8001_devicename", true);
 }
 
+static void warnDrop(const RecursorLua4::DNSQuestion& dq)
+{
+  if (dq.rcode == -2) {
+    g_log << Logger::Error << "Returing -2 (pdns.DROP) is not supported anymore, see https://docs.powerdns.com/recursor/lua-scripting/hooks.html#hooksemantics" << endl;
+    // We *could* set policy here, but that would also mean interfering with rcode and the return code of the hook.
+    // So leave it at the error message.
+  }
+}
+
 void RecursorLua4::maintenance() const
 {
   if (d_maintenance) {
@@ -512,6 +521,7 @@ bool RecursorLua4::prerpz(DNSQuestion& dq, int& ret, RecEventTrace& et) const
   et.add(RecEventTrace::LuaPreRPZ);
   bool ok = genhook(d_prerpz, dq, ret);
   et.add(RecEventTrace::LuaPreRPZ, ok, false);
+  warnDrop(dq);
   return ok;
 }
 
@@ -523,6 +533,7 @@ bool RecursorLua4::preresolve(DNSQuestion& dq, int& ret, RecEventTrace& et) cons
   et.add(RecEventTrace::LuaPreResolve);
   bool ok = genhook(d_preresolve, dq, ret);
   et.add(RecEventTrace::LuaPreResolve, ok, false);
+  warnDrop(dq);
   return ok;
 }
 
@@ -534,6 +545,7 @@ bool RecursorLua4::nxdomain(DNSQuestion& dq, int& ret, RecEventTrace& et) const
   et.add(RecEventTrace::LuaNXDomain);
   bool ok = genhook(d_nxdomain, dq, ret);
   et.add(RecEventTrace::LuaNXDomain, ok, false);
+  warnDrop(dq);
   return ok;
 }
 
@@ -545,6 +557,7 @@ bool RecursorLua4::nodata(DNSQuestion& dq, int& ret, RecEventTrace& et) const
   et.add(RecEventTrace::LuaNoData);
   bool ok = genhook(d_nodata, dq, ret);
   et.add(RecEventTrace::LuaNoData, ok, false);
+  warnDrop(dq);
   return ok;
 }
 
@@ -556,6 +569,7 @@ bool RecursorLua4::postresolve(DNSQuestion& dq, int& ret, RecEventTrace& et) con
   et.add(RecEventTrace::LuaPostResolve);
   bool ok = genhook(d_postresolve, dq, ret);
   et.add(RecEventTrace::LuaPostResolve, ok, false);
+  warnDrop(dq);
   return ok;
 }
 
@@ -573,6 +587,7 @@ bool RecursorLua4::preoutquery(const ComboAddress& ns, const ComboAddress& reque
   et.add(RecEventTrace::LuaPreOutQuery);
   bool ok = genhook(d_preoutquery, dq, ret);
   et.add(RecEventTrace::LuaPreOutQuery, ok, false);
+  warnDrop(dq);
   return ok;
 }