From: Remi Gacogne Date: Fri, 5 Sep 2025 14:38:49 +0000 (+0200) Subject: dnsdist: Fix access to frontends while in client mode X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F16090%2Fhead;p=thirdparty%2Fpdns.git dnsdist: Fix access to frontends while in client mode Since 2.0 we return `nil` instead of an object containing a `NULL` pointer when the requested object does not exist, to make it possible to check the validity of the returned object from `Lua`. It makes sense in all contexts except when we are in client mode, because then accessing the object in the remaining parts of the configuration will trigger an error. Our DNS over HTTPS documentation itself contains such a Lua configuration snippet, which is now broken. This commit reverts back to sending an object containg a `NULL` pointer when accessing the frontends in the client mode case. Signed-off-by: Remi Gacogne --- diff --git a/pdns/dnsdistdist/dnsdist-lua.cc b/pdns/dnsdistdist/dnsdist-lua.cc index 5b09ba8ab..151f93564 100644 --- a/pdns/dnsdistdist/dnsdist-lua.cc +++ b/pdns/dnsdistdist/dnsdist-lua.cc @@ -2490,10 +2490,10 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) }); #ifdef HAVE_DNS_OVER_QUIC - luaCtx.writeFunction("getDOQFrontend", [client](uint64_t index) { + luaCtx.writeFunction("getDOQFrontend", [client](uint64_t index) -> boost::optional> { boost::optional> result{boost::none}; if (client) { - return result; + return std::shared_ptr(); } setLuaNoSideEffect(); try { @@ -2572,10 +2572,10 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) }); #ifdef HAVE_DNS_OVER_HTTP3 - luaCtx.writeFunction("getDOH3Frontend", [client](uint64_t index) { + luaCtx.writeFunction("getDOH3Frontend", [client](uint64_t index) -> boost::optional> { boost::optional> result{boost::none}; if (client) { - return result; + return std::shared_ptr(); } setLuaNoSideEffect(); try { @@ -2641,10 +2641,10 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) #endif }); - luaCtx.writeFunction("getDOHFrontend", [client]([[maybe_unused]] uint64_t index) { + luaCtx.writeFunction("getDOHFrontend", [client]([[maybe_unused]] uint64_t index) -> boost::optional> { boost::optional> result{boost::none}; if (client) { - return result; + return std::shared_ptr(); } #ifdef HAVE_DNS_OVER_HTTPS setLuaNoSideEffect(); @@ -2871,8 +2871,11 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) #endif }); - luaCtx.writeFunction("getTLSFrontend", []([[maybe_unused]] uint64_t index) { + luaCtx.writeFunction("getTLSFrontend", [client]([[maybe_unused]] uint64_t index) -> boost::optional> { boost::optional> result{boost::none}; + if (client) { + return std::shared_ptr(); + } #ifdef HAVE_DNS_OVER_TLS setLuaNoSideEffect(); try { diff --git a/regression-tests.dnsdist/test_DOH.py b/regression-tests.dnsdist/test_DOH.py index b07a5875c..fe8f1d032 100644 --- a/regression-tests.dnsdist/test_DOH.py +++ b/regression-tests.dnsdist/test_DOH.py @@ -4,6 +4,7 @@ import base64 import dns import os import time +import subprocess import unittest import clientsubnetoption @@ -755,6 +756,27 @@ class DOHTests(object): self.assertIn('foo: bar', headers) self.assertNotIn(self._customResponseHeader2, headers) + def testFrontendAccessViaBuiltInClient(self): + """ + DOH: Built-in client + """ + if self._yaml_config_template: + return + + output = None + try: + confFile = os.path.join('configs', 'dnsdist_%s.conf' % (self.__class__.__name__)) + testcmd = [os.environ['DNSDISTBIN'], '--client', '-C', confFile ] + process = subprocess.Popen(testcmd, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT, close_fds=True) + output = process.communicate(input=b'showVersion()\n') + except subprocess.CalledProcessError as exc: + raise AssertionError('%s failed (%d): %s' % (testcmd, process.returncode, process.output)) + + if process.returncode != 0: + raise AssertionError('%s failed (%d): %s' % (testcmd, process.returncode, output)) + + self.assertTrue(output[0].startswith(b'dnsdist ')) + class TestDoHNGHTTP2(DOHTests, DNSDistDOHTest): _dohLibrary = 'nghttp2'