From f66d93faff20713e80bb6b58f5b2e83ff989cf49 Mon Sep 17 00:00:00 2001 From: Kees Monshouwer Date: Wed, 19 May 2021 17:02:25 +0200 Subject: [PATCH] auth: pdnsutil, use cmds.at() --- pdns/pdnsutil.cc | 732 +++++++++++++++++++++++++---------------------- 1 file changed, 383 insertions(+), 349 deletions(-) diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc index f179882d5f..29428acd94 100644 --- a/pdns/pdnsutil.cc +++ b/pdns/pdnsutil.cc @@ -1430,14 +1430,14 @@ static int createZone(const DNSName &zone, const DNSName& nsname) { static int createSlaveZone(const vector& cmds) { UeberBackend B; DomainInfo di; - DNSName zone(cmds[1]); + DNSName zone(cmds.at(1)); if (B.getDomainInfo(zone, di)) { cerr << "Zone '" << zone << "' exists already" << endl; return EXIT_FAILURE; } vector masters; for (unsigned i=2; i < cmds.size(); i++) { - masters.emplace_back(cmds[i], 53); + masters.emplace_back(cmds.at(i), 53); } cerr<<"Creating slave zone '"<& cmds) { static int changeSlaveZoneMaster(const vector& cmds) { UeberBackend B; DomainInfo di; - DNSName zone(cmds[1]); + DNSName zone(cmds.at(1)); if (!B.getDomainInfo(zone, di)) { cerr << "Zone '" << zone << "' doesn't exist" << endl; return EXIT_FAILURE; } vector masters; for (unsigned i=2; i < cmds.size(); i++) { - masters.emplace_back(cmds[i], 53); + masters.emplace_back(cmds.at(i), 53); } cerr<<"Updating slave zone '"<& cmds) { static int addOrReplaceRecord(bool addOrReplace, const vector& cmds) { DNSResourceRecord rr; vector newrrs; - DNSName zone(cmds[1]); + DNSName zone(cmds.at(1)); DNSName name; - if(cmds[2]=="@") + if (cmds.at(2) == "@") name=zone; else - name=DNSName(cmds[2])+zone; + name = DNSName(cmds.at(2)) + zone; - rr.qtype = DNSRecordContent::TypeToNumber(cmds[3]); + rr.qtype = DNSRecordContent::TypeToNumber(cmds.at(3)); rr.ttl = ::arg().asNum("default-ttl"); UeberBackend B; @@ -1507,8 +1507,8 @@ static int addOrReplaceRecord(bool addOrReplace, const vector& cmds) { unsigned int contentStart = 4; if(cmds.size() > 5) { - rr.ttl=atoi(cmds[4].c_str()); - if(std::to_string(rr.ttl)==cmds[4]) { + rr.ttl = atoi(cmds.at(4).c_str()); + if (std::to_string(rr.ttl) == cmds.at(4)) { contentStart++; } else { @@ -1544,7 +1544,7 @@ static int addOrReplaceRecord(bool addOrReplace, const vector& cmds) { cout<<"Current records for "<getZoneRepresentation(true); + rr.content = DNSRecordContent::mastermake(rr.qtype.getCode(), QClass::IN, cmds.at(i))->getZoneRepresentation(true); newrrs.push_back(rr); } @@ -2266,7 +2266,7 @@ try return 0; } - if(cmds.empty() || g_vm.count("help") || cmds[0] == "help") { + if (cmds.empty() || g_vm.count("help") || cmds.at(0) == "help") { cout<<"Usage: \npdnsutil [options] [params ..]\n"<()); - if (cmds[0] == "test-algorithm") { + if (cmds.at(0) == "test-algorithm") { if(cmds.size() != 2) { cerr << "Syntax: pdnsutil test-algorithm algonum"< 2) { + if (cmds.at(0) == "list-algorithms") { + if ((cmds.size() == 2 && cmds.at(1) != "with-backend") || cmds.size() > 2) { cerr<<"Syntax: pdnsutil list-algorithms [with-backend]"< statements; stringtok(statements, sqlCreate, ";"); for(const string& statement : statements) { @@ -2449,16 +2448,16 @@ try #endif } - if (cmds[0] == "raw-lua-from-content") { + if (cmds.at(0) == "raw-lua-from-content") { if (cmds.size() < 3) { cerr<<"Usage: raw-lua-from-content TYPE CONTENT"<serialize(DNSName(), true))<= 2 && cmds[1] == "quiet"); + else if (cmds.at(0) == "rectify-all-zones") { + bool quiet = (cmds.size() >= 2 && cmds.at(1) == "quiet"); if (!rectifyAllZones(dk, quiet)) { return 1; } } - else if(cmds[0] == "check-zone") { + else if (cmds.at(0) == "check-zone") { if(cmds.size() != 2) { cerr << "Syntax: pdnsutil check-zone ZONE"< 1 ? cmds[1] : ""); + else if (cmds.at(0) == "bench-db") { + dbBench(cmds.size() > 1 ? cmds.at(1) : ""); } - else if (cmds[0] == "check-all-zones") { - bool exitOnError = ((cmds.size() >= 2 ? cmds[1] : "") == "exit-on-error"); + else if (cmds.at(0) == "check-all-zones") { + bool exitOnError = ((cmds.size() >= 2 ? cmds.at(1) : "") == "exit-on-error"); return checkAllZones(dk, exitOnError); } - else if (cmds[0] == "list-all-zones") { + else if (cmds.at(0) == "list-all-zones") { if (cmds.size() > 2) { cerr << "Syntax: pdnsutil list-all-zones [master|slave|native]"< 3) ? cmds[3] : "", pdns_stou(cmds[2])); + testSpeed(dk, DNSName(cmds.at(1)), (cmds.size() > 3) ? cmds.at(3) : "", pdns_stou(cmds.at(2))); } - else if(cmds[0] == "verify-crypto") { + else if (cmds.at(0) == "verify-crypto") { if(cmds.size() != 2) { cerr << "Syntax: pdnsutil verify-crypto FILE"<0) { + else if ((tmp_algo = DNSSECKeeper::shorthand2algorithm(cmds.at(n))) > 0) { algorithm = tmp_algo; - } else if(pdns_iequals(cmds[n], "active")) { + } + else if (pdns_iequals(cmds.at(n), "active")) { active=true; - } else if(pdns_iequals(cmds[n], "inactive") || pdns_iequals(cmds[n], "passive")) { // 'passive' eventually needs to be removed + } + else if (pdns_iequals(cmds.at(n), "inactive") || pdns_iequals(cmds.at(n), "passive")) { // 'passive' eventually needs to be removed active=false; - } else if(pdns_iequals(cmds[n], "published")) { + } + else if (pdns_iequals(cmds.at(n), "published")) { published = true; - } else if(pdns_iequals(cmds[n], "unpublished")) { + } + else if (pdns_iequals(cmds.at(n), "unpublished")) { published = false; - } else if(pdns_stou(cmds[n])) { - bits = pdns_stou(cmds[n]); - } else { - cerr<<"Unknown algorithm, key flag or size '"< 2 ? DNSName(cmds[2]): DNSName()); + return createZone(DNSName(cmds.at(1)), cmds.size() > 2 ? DNSName(cmds.at(2)) : DNSName()); } - else if(cmds[0] == "create-slave-zone") { + else if (cmds.at(0) == "create-slave-zone") { if(cmds.size() < 3 ) { cerr<<"Syntax: pdnsutil create-slave-zone ZONE master-ip [master-ip..]"< 3 ? cmds[3] : "" )); + exit(addSuperMaster(cmds.at(1), cmds.at(2), cmds.size() > 3 ? cmds.at(3) : "")); } - else if(cmds[0] == "replace-rrset") { + else if (cmds.at(0) == "replace-rrset") { if(cmds.size() < 5) { cerr< 2) { cerr<<"Syntax: pdnsutil list-keys [ZONE]"< mustRectify; unsigned int zoneErrors=0; for(unsigned int n = 1; n < cmds.size(); ++n) { - DNSName zone(cmds[n]); + DNSName zone(cmds.at(n)); dk.startTransaction(zone, -1); if(secureZone(dk, zone)) { mustRectify.push_back(zone); @@ -2886,8 +2893,8 @@ try } return 0; } - else if (cmds[0] == "secure-all-zones") { - if (cmds.size() >= 2 && !pdns_iequals(cmds[1], "increase-serial")) { + else if (cmds.at(0) == "secure-all-zones") { + if (cmds.size() >= 2 && !pdns_iequals(cmds.at(1), "increase-serial")) { cerr << "Syntax: pdnsutil secure-all-zones [increase-serial]"< 2 ? cmds[2] : "1 0 1 ab"; - bool narrow = cmds.size() > 3 && cmds[3]=="narrow"; + string nsec3params = cmds.size() > 2 ? cmds.at(2) : "1 0 1 ab"; + bool narrow = cmds.size() > 3 && cmds.at(3) == "narrow"; NSEC3PARAMRecordContent ns3pr(nsec3params); - DNSName zone(cmds[1]); + DNSName zone(cmds.at(1)); if (zone.wirelength() > 222) { cerr<<"Cannot enable NSEC3 for " << zone << " as it is too long (" << zone.wirelength() << " bytes, maximum is 222 bytes)"<convertToISC() < key(DNSCryptoKeyEngine::makeFromPEMString(drc, raw)); dpk.setKey(key); - dpk.d_algorithm = pdns_stou(cmds[3]); + dpk.d_algorithm = pdns_stou(cmds.at(3)); if(dpk.d_algorithm == DNSSECKeeper::RSASHA1NSEC3SHA1) dpk.d_algorithm = DNSSECKeeper::RSASHA1; @@ -3121,12 +3128,12 @@ try cerr<<(int)dpk.d_algorithm< 4) { - if(pdns_iequals(cmds[4], "ZSK")) + if (pdns_iequals(cmds.at(4), "ZSK")) dpk.d_flags = 256; - else if(pdns_iequals(cmds[4], "KSK")) + else if (pdns_iequals(cmds.at(4), "KSK")) dpk.d_flags = 257; else { - cerr<<"Unknown key flag '"< key(DNSCryptoKeyEngine::makeFromISCFile(drc, fname.c_str())); @@ -3168,20 +3174,20 @@ try bool published=true; for(unsigned int n = 3; n < cmds.size(); ++n) { - if(pdns_iequals(cmds[n], "ZSK")) + if (pdns_iequals(cmds.at(n), "ZSK")) dpk.d_flags = 256; - else if(pdns_iequals(cmds[n], "KSK")) + else if (pdns_iequals(cmds.at(n), "KSK")) dpk.d_flags = 257; - else if(pdns_iequals(cmds[n], "active")) + else if (pdns_iequals(cmds.at(n), "active")) active = true; - else if(pdns_iequals(cmds[n], "passive") || pdns_iequals(cmds[n], "inactive")) // passive eventually needs to be removed + else if (pdns_iequals(cmds.at(n), "passive") || pdns_iequals(cmds.at(n), "inactive")) // passive eventually needs to be removed active = false; - else if(pdns_iequals(cmds[n], "published")) + else if (pdns_iequals(cmds.at(n), "published")) published = true; - else if(pdns_iequals(cmds[n], "unpublished")) + else if (pdns_iequals(cmds.at(n), "unpublished")) published = false; else { - cerr<<"Unknown key flag '"<0) { + else if ((tmp_algo = DNSSECKeeper::shorthand2algorithm(cmds.at(n))) > 0) { algorithm = tmp_algo; - } else if(pdns_stou(cmds[n])) - bits = pdns_stou(cmds[n]); + } + else if (pdns_stou(cmds.at(n))) + bits = pdns_stou(cmds.at(n)); else { - cerr<<"Unknown algorithm, key flag or size '"<convertToISC() << endl; - } else if (cmds[0]=="generate-tsig-key") { - string usage = "Syntax: " + cmds[0] + " name (hmac-md5|hmac-sha1|hmac-sha224|hmac-sha256|hmac-sha384|hmac-sha512)"; + } + else if (cmds.at(0) == "generate-tsig-key") { + string usage = "Syntax: " + cmds.at(0) + " name (hmac-md5|hmac-sha1|hmac-sha224|hmac-sha256|hmac-sha384|hmac-sha512)"; if (cmds.size() < 3) { cerr << usage << endl; return 0; } - DNSName name(cmds[1]); - DNSName algo(cmds[2]); + DNSName name(cmds.at(1)); + DNSName algo(cmds.at(2)); string key; try { key = makeTSIGKey(algo); @@ -3293,131 +3301,148 @@ try return 1; } return 0; - } else if (cmds[0]=="import-tsig-key") { - if (cmds.size() < 4) { - cerr << "Syntax: " << cmds[0] << " name algorithm key" << endl; - return 0; - } - DNSName name(cmds[1]); - string algo = cmds[2]; - string key = cmds[3]; - - UeberBackend B("default"); - if (B.setTSIGKey(name, DNSName(algo), key)) { - cout << "Imported TSIG key " << name << " " << algo << endl; - } else { - cerr << "Failure importing TSIG key " << name << " " << algo << endl; - return 1; - } - return 0; - } else if (cmds[0]=="delete-tsig-key") { - if (cmds.size() < 2) { - cerr << "Syntax: " << cmds[0] << " name" << endl; - return 0; - } - DNSName name(cmds[1]); - - UeberBackend B("default"); - if (B.deleteTSIGKey(name)) { - cout << "Deleted TSIG key " << name << endl; - } else { - cerr << "Failure deleting TSIG key " << name << endl; - return 1; - } - return 0; - } else if (cmds[0]=="list-tsig-keys") { - std::vector keys; - UeberBackend B("default"); - if (B.getTSIGKeys(keys)) { - for(const TSIGKey &key : keys) { - cout << key.name.toString() << " " << key.algorithm.toString() << " " << key.key << endl; - } - } - return 0; - } else if (cmds[0]=="activate-tsig-key") { - string metaKey; - if (cmds.size() < 4) { - cerr << "Syntax: " << cmds[0] << " ZONE NAME {primary|secondary|master|slave}" << endl; - return 0; - } - DNSName zname(cmds[1]); - string name = cmds[2]; - if (cmds[3] == "master" || cmds[3] == "primary") - metaKey = "TSIG-ALLOW-AXFR"; - else if (cmds[3] == "slave" || cmds[3] == "secondary") - metaKey = "AXFR-MASTER-TSIG"; - else { - cerr << "Invalid parameter '" << cmds[3] << "', expected master or slave" << endl; - return 1; - } - UeberBackend B("default"); - DomainInfo di; - if (!B.getDomainInfo(zname, di)) { - cerr << "Zone '" << zname << "' does not exist" << endl; - return 1; - } - std::vector meta; - if (!B.getDomainMetadata(zname, metaKey, meta)) { - cerr << "Failure enabling TSIG key " << name << " for " << zname << endl; - return 1; - } - bool found = false; - for(const std::string& tmpname : meta) { - if (tmpname == name) { found = true; break; } - } - if (!found) meta.push_back(name); - if (B.setDomainMetadata(zname, metaKey, meta)) { - cout << "Enabled TSIG key " << name << " for " << zname << endl; - } else { - cerr << "Failure enabling TSIG key " << name << " for " << zname << endl; - return 1; - } - return 0; - } else if (cmds[0]=="deactivate-tsig-key") { - string metaKey; - if (cmds.size() < 4) { - cerr << "Syntax: " << cmds[0] << " ZONE NAME {master|slave}" << endl; - return 0; - } - DNSName zname(cmds[1]); - string name = cmds[2]; - if (cmds[3] == "master" || cmds[3] == "primary") - metaKey = "TSIG-ALLOW-AXFR"; - else if (cmds[3] == "slave" || cmds[3] == "secondary") - metaKey = "AXFR-MASTER-TSIG"; - else { - cerr << "Invalid parameter '" << cmds[3] << "', expected master or slave" << endl; - return 1; - } + } + else if (cmds.at(0) == "import-tsig-key") { + if (cmds.size() < 4) { + cerr << "Syntax: " << cmds.at(0) << " name algorithm key" << endl; + return 0; + } + DNSName name(cmds.at(1)); + string algo = cmds.at(2); + string key = cmds.at(3); - UeberBackend B("default"); - DomainInfo di; - if (!B.getDomainInfo(zname, di)) { - cerr << "Zone '" << zname << "' does not exist" << endl; - return 1; - } - std::vector meta; - if (!B.getDomainMetadata(zname, metaKey, meta)) { - cerr << "Failure disabling TSIG key " << name << " for " << zname << endl; - return 1; - } - std::vector::iterator iter = meta.begin(); - for(;iter != meta.end(); ++iter) if (*iter == name) break; - if (iter != meta.end()) meta.erase(iter); - if (B.setDomainMetadata(zname, metaKey, meta)) { - cout << "Disabled TSIG key " << name << " for " << zname << endl; - } else { - cerr << "Failure disabling TSIG key " << name << " for " << zname << endl; - return 1; - } - return 0; - } else if (cmds[0]=="get-meta") { UeberBackend B("default"); + if (B.setTSIGKey(name, DNSName(algo), key)) { + cout << "Imported TSIG key " << name << " " << algo << endl; + } + else { + cerr << "Failure importing TSIG key " << name << " " << algo << endl; + return 1; + } + return 0; + } + else if (cmds.at(0) == "delete-tsig-key") { if (cmds.size() < 2) { - cerr << "Syntax: " << cmds[0] << " zone [kind kind ..]" << endl; - return 1; + cerr << "Syntax: " << cmds.at(0) << " name" << endl; + return 0; + } + DNSName name(cmds.at(1)); + + UeberBackend B("default"); + if (B.deleteTSIGKey(name)) { + cout << "Deleted TSIG key " << name << endl; + } + else { + cerr << "Failure deleting TSIG key " << name << endl; + return 1; + } + return 0; + } + else if (cmds.at(0) == "list-tsig-keys") { + std::vector keys; + UeberBackend B("default"); + if (B.getTSIGKeys(keys)) { + for (const TSIGKey& key : keys) { + cout << key.name.toString() << " " << key.algorithm.toString() << " " << key.key << endl; + } + } + return 0; + } + else if (cmds.at(0) == "activate-tsig-key") { + string metaKey; + if (cmds.size() < 4) { + cerr << "Syntax: " << cmds.at(0) << " ZONE NAME {primary|secondary|master|slave}" << endl; + return 0; } - DNSName zone(cmds[1]); + DNSName zname(cmds.at(1)); + string name = cmds.at(2); + if (cmds.at(3) == "master" || cmds.at(3) == "primary") + metaKey = "TSIG-ALLOW-AXFR"; + else if (cmds.at(3) == "slave" || cmds.at(3) == "secondary") + metaKey = "AXFR-MASTER-TSIG"; + else { + cerr << "Invalid parameter '" << cmds.at(3) << "', expected master or slave" << endl; + return 1; + } + UeberBackend B("default"); + DomainInfo di; + if (!B.getDomainInfo(zname, di)) { + cerr << "Zone '" << zname << "' does not exist" << endl; + return 1; + } + std::vector meta; + if (!B.getDomainMetadata(zname, metaKey, meta)) { + cerr << "Failure enabling TSIG key " << name << " for " << zname << endl; + return 1; + } + bool found = false; + for (const std::string& tmpname : meta) { + if (tmpname == name) { + found = true; + break; + } + } + if (!found) + meta.push_back(name); + if (B.setDomainMetadata(zname, metaKey, meta)) { + cout << "Enabled TSIG key " << name << " for " << zname << endl; + } + else { + cerr << "Failure enabling TSIG key " << name << " for " << zname << endl; + return 1; + } + return 0; + } + else if (cmds.at(0) == "deactivate-tsig-key") { + string metaKey; + if (cmds.size() < 4) { + cerr << "Syntax: " << cmds.at(0) << " ZONE NAME {master|slave}" << endl; + return 0; + } + DNSName zname(cmds.at(1)); + string name = cmds.at(2); + if (cmds.at(3) == "master" || cmds.at(3) == "primary") + metaKey = "TSIG-ALLOW-AXFR"; + else if (cmds.at(3) == "slave" || cmds.at(3) == "secondary") + metaKey = "AXFR-MASTER-TSIG"; + else { + cerr << "Invalid parameter '" << cmds.at(3) << "', expected master or slave" << endl; + return 1; + } + + UeberBackend B("default"); + DomainInfo di; + if (!B.getDomainInfo(zname, di)) { + cerr << "Zone '" << zname << "' does not exist" << endl; + return 1; + } + std::vector meta; + if (!B.getDomainMetadata(zname, metaKey, meta)) { + cerr << "Failure disabling TSIG key " << name << " for " << zname << endl; + return 1; + } + std::vector::iterator iter = meta.begin(); + for (; iter != meta.end(); ++iter) + if (*iter == name) + break; + if (iter != meta.end()) + meta.erase(iter); + if (B.setDomainMetadata(zname, metaKey, meta)) { + cout << "Disabled TSIG key " << name << " for " << zname << endl; + } + else { + cerr << "Failure disabling TSIG key " << name << " for " << zname << endl; + return 1; + } + return 0; + } + else if (cmds.at(0) == "get-meta") { + UeberBackend B("default"); + if (cmds.size() < 2) { + cerr << "Syntax: " << cmds.at(0) << " zone [kind kind ..]" << endl; + return 1; + } + DNSName zone(cmds.at(1)); vector keys; DomainInfo di; @@ -3445,19 +3470,19 @@ try } } return 0; - - } else if (cmds[0]=="set-meta" || cmds[0]=="add-meta") { + } + else if (cmds.at(0) == "set-meta" || cmds.at(0) == "add-meta") { if (cmds.size() < 3) { - cerr << "Syntax: " << cmds[0] << " ZONE KIND [VALUE VALUE ..]" << endl; - return 1; + cerr << "Syntax: " << cmds.at(0) << " ZONE KIND [VALUE VALUE ..]" << endl; + return 1; } - DNSName zone(cmds[1]); - string kind = cmds[2]; + DNSName zone(cmds.at(1)); + string kind = cmds.at(2); static vector multiMetaWhitelist = {"ALLOW-AXFR-FROM", "ALLOW-DNSUPDATE-FROM", "ALSO-NOTIFY", "TSIG-ALLOW-AXFR", "TSIG-ALLOW-DNSUPDATE", "PUBLISH-CDS"}; bool clobber = true; - if (cmds[0] == "add-meta") { + if (cmds.at(0) == "add-meta") { clobber = false; if (find(multiMetaWhitelist.begin(), multiMetaWhitelist.end(), kind) == multiMetaWhitelist.end() && kind.find("X-") != 0) { cerr<<"Refusing to add metadata to single-value metadata "< meta(cmds.begin() + 3, cmds.end()); return addOrSetMeta(zone, kind, meta, clobber); - } else if (cmds[0]=="hsm") { + } + else if (cmds.at(0) == "hsm") { #ifdef HAVE_P11KIT1 UeberBackend B("default"); if (cmds.size() < 2) { cerr << "Missing sub-command for pdnsutil hsm"<< std::endl; return 0; - } else if (cmds[1] == "assign") { + } + else if (cmds.at(1) == "assign") { DNSCryptoKeyEngine::storvector_t storvect; DomainInfo di; std::vector keys; @@ -3482,7 +3509,7 @@ try return 1; } - DNSName zone(cmds[2]); + DNSName zone(cmds.at(2)); // verify zone if (!B.getDomainInfo(zone, di)) { @@ -3490,21 +3517,21 @@ try return 1; } - int algorithm = DNSSECKeeper::shorthand2algorithm(cmds[3]); + int algorithm = DNSSECKeeper::shorthand2algorithm(cmds.at(3)); if (algorithm<0) { - cerr << "Unable to use unknown algorithm '" << cmds[3] << "'" << std::endl; + cerr << "Unable to use unknown algorithm '" << cmds.at(3) << "'" << std::endl; return 1; } int64_t id; - bool keyOrZone = (cmds[4] == "ksk" ? true : false); - string module = cmds[5]; - string slot = cmds[6]; - string pin = cmds[7]; - string label = cmds[8]; + bool keyOrZone = (cmds.at(4) == "ksk" ? true : false); + string module = cmds.at(5); + string slot = cmds.at(6); + string pin = cmds.at(7); + string label = cmds.at(8); string pub_label; if (cmds.size() > 9) - pub_label = cmds[9]; + pub_label = cmds.at(9); else pub_label = label; @@ -3553,14 +3580,15 @@ try cerr << "Module " << module << " slot " << slot << " assigned to " << zone << " with key id " << id << endl; return 0; - } else if (cmds[1] == "create-key") { + } + else if (cmds.at(1) == "create-key") { if (cmds.size() < 4) { cerr << "Usage: pdnsutil hsm create-key ZONE KEY-ID [BITS]" << endl; return 1; } DomainInfo di; - DNSName zone(cmds[2]); + DNSName zone(cmds.at(2)); unsigned int id; int bits = 2048; // verify zone @@ -3569,7 +3597,7 @@ try return 1; } - id = pdns_stou(cmds[3]); + id = pdns_stou(cmds.at(3)); std::vector keys; if (!B.getDomainKeys(zone, keys)) { cerr << "No keys found for zone " << zone << std::endl; @@ -3591,7 +3619,7 @@ try return 1; } if (cmds.size() > 4) { - bits = pdns_stou(cmds[4]); + bits = pdns_stou(cmds.at(4)); } if (bits < 1) { cerr << "Invalid bit size " << bits << "given, must be positive integer"; @@ -3611,7 +3639,8 @@ try cerr<<"PKCS#11 support not enabled"<getPrefix() == cmds[1]) src = b; - if (b->getPrefix() == cmds[2]) tgt = b; + if (b->getPrefix() == cmds.at(1)) + src = b; + if (b->getPrefix() == cmds.at(2)) + tgt = b; } if (!src) { - cerr<<"Unknown source backend '"<getPrefix() == cmds[1]) db = b; + if (b->getPrefix() == cmds.at(1)) + db = b; } if (!db) { - cerr<<"Unknown backend '"<