From: Miod Vallat Date: Mon, 20 Oct 2025 13:29:21 +0000 (+0200) Subject: Apply a round of Clang-Tidyze™ X-Git-Tag: rec-5.4.0-alpha1~162^2~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=056c69785d61089ffae2a7138378571701e35fbb;p=thirdparty%2Fpdns.git Apply a round of Clang-Tidyze™ Signed-off-by: Miod Vallat --- diff --git a/pdns/rfc2136handler.cc b/pdns/rfc2136handler.cc index 20c65e95df..a1aeef3c01 100644 --- a/pdns/rfc2136handler.cc +++ b/pdns/rfc2136handler.cc @@ -21,27 +21,30 @@ #include "gss_context.hh" #include "auth-main.hh" -extern StatBag S; - std::mutex PacketHandler::s_rfc2136lock; // Implement section 3.2.1 and 3.2.2 of RFC2136 -int PacketHandler::checkUpdatePrerequisites(const DNSRecord *rr, DomainInfo *di) { - if (rr->d_ttl != 0) +// NOLINTNEXTLINE(readability-identifier-length) +int PacketHandler::checkUpdatePrerequisites(const DNSRecord* rr, DomainInfo* di) +{ + if (rr->d_ttl != 0) { return RCode::FormErr; + } // 3.2.1 and 3.2.2 check content length. - if ( (rr->d_class == QClass::NONE || rr->d_class == QClass::ANY) && rr->d_clen != 0) + if ((rr->d_class == QClass::NONE || rr->d_class == QClass::ANY) && rr->d_clen != 0) { return RCode::FormErr; + } - bool foundRecord=false; + bool foundRecord = false; DNSResourceRecord rec; di->backend->lookup(QType(QType::ANY), rr->d_name, di->id); - while(di->backend->get(rec)) { - if (!rec.qtype.getCode()) + while (di->backend->get(rec)) { + if (rec.qtype.getCode() == QType::ENT) { continue; + } if ((rr->d_type != QType::ANY && rec.qtype == rr->d_type) || rr->d_type == QType::ANY) { - foundRecord=true; + foundRecord = true; di->backend->lookupEnd(); break; } @@ -49,32 +52,37 @@ int PacketHandler::checkUpdatePrerequisites(const DNSRecord *rr, DomainInfo *di) // Section 3.2.1 if (rr->d_class == QClass::ANY && !foundRecord) { - if (rr->d_type == QType::ANY) + if (rr->d_type == QType::ANY) { return RCode::NXDomain; - if (rr->d_type != QType::ANY) + } + if (rr->d_type != QType::ANY) { return RCode::NXRRSet; + } } // Section 3.2.2 if (rr->d_class == QClass::NONE && foundRecord) { - if (rr->d_type == QType::ANY) + if (rr->d_type == QType::ANY) { return RCode::YXDomain; - if (rr->d_type != QType::ANY) + } + if (rr->d_type != QType::ANY) { return RCode::YXRRSet; + } } return RCode::NoError; } - // Method implements section 3.4.1 of RFC2136 -int PacketHandler::checkUpdatePrescan(const DNSRecord *rr) { +// NOLINTNEXTLINE(readability-identifier-length) +int PacketHandler::checkUpdatePrescan(const DNSRecord* rr) +{ // The RFC stats that d_class != ZCLASS, but we only support the IN class. if (rr->d_class != QClass::IN && rr->d_class != QClass::NONE && rr->d_class != QClass::ANY) { return RCode::FormErr; } - QType qtype = QType(rr->d_type); + auto qtype = QType(rr->d_type); if (!qtype.isSupportedType()) { return RCode::FormErr; @@ -99,40 +107,40 @@ int PacketHandler::checkUpdatePrescan(const DNSRecord *rr) { return RCode::NoError; } - // Implements section 3.4.2 of RFC2136 // NOLINTNEXTLINE(readability-function-cognitive-complexity) -static uint performUpdate(DNSSECKeeper& dsk, const string &msgPrefix, const DNSRecord *rr, DomainInfo *di, bool isPresigned, bool& narrow, bool& haveNSEC3, NSEC3PARAMRecordContent& ns3pr, bool& updatedSerial) // NOLINT(readability-identifier-length) +static uint performUpdate(DNSSECKeeper& dsk, const string& msgPrefix, const DNSRecord* rr, DomainInfo* di, bool isPresigned, bool& narrow, bool& haveNSEC3, NSEC3PARAMRecordContent& ns3pr, bool& updatedSerial) // NOLINT(readability-identifier-length) { - QType rrType = QType(rr->d_type); + auto rrType = QType(rr->d_type); if (rrType == QType::NSEC || rrType == QType::NSEC3) { - g_log<d_name<<"|"<d_name << "|" << rrType.toString() << ". These are generated records, ignoring!" << endl; return 0; } if (!isPresigned && rrType == QType::RRSIG) { - g_log<d_name<<"|"<d_name << "|" << rrType.toString() << " in non-presigned zone, ignoring!" << endl; return 0; } if ((rrType == QType::NSEC3PARAM || rrType == QType::DNSKEY) && rr->d_name != di->zone.operator const DNSName&()) { - g_log<d_name<<"|"<d_name << "|" << rrType.toString() << ", " << rrType.toString() << " must be at zone apex, ignoring!" << endl; return 0; } - uint changedRecords = 0; DNSResourceRecord rec; - vector rrset, recordsToDelete; - set delnonterm, insnonterm; // used to (at the end) fix ENT records. - + vector rrset; + vector recordsToDelete; + // used to (at the end) fix ENT records. + set delnonterm; + set insnonterm; if (rr->d_class == QClass::IN) { // 3.4.2.2 QClass::IN means insert or update - DLOG(g_log<d_name<<"|"<d_name << "|" << rrType.toString() << endl); if (rrType == QType::NSEC3PARAM) { - g_log<getContent()->getZoneRepresentation(), di->zone); narrow = false; // adding a NSEC3 will cause narrow mode to be dropped, as you cannot specify that in a NSEC3PARAM record @@ -147,8 +155,6 @@ static uint performUpdate(DNSSECKeeper& dsk, const string &msgPrefix, const DNSR return 1; } - - bool foundRecord = false; di->backend->lookup(rrType, rr->d_name, di->id); while (di->backend->get(rec)) { @@ -157,10 +163,12 @@ static uint performUpdate(DNSSECKeeper& dsk, const string &msgPrefix, const DNSR } if (foundRecord) { - - if (rrType == QType::SOA) { // SOA updates require the serial to be higher than the current - SOAData sdOld, sdUpdate; - DNSResourceRecord *oldRec = &rrset.front(); + switch (rrType) { + case QType::SOA: { + // SOA updates require the serial to be higher than the current + SOAData sdOld; + SOAData sdUpdate; + DNSResourceRecord* oldRec = &rrset.front(); fillSOAData(oldRec->content, sdOld); oldRec->setContent(rr->getContent()->getZoneRepresentation()); fillSOAData(oldRec->content, sdUpdate); @@ -168,15 +176,16 @@ static uint performUpdate(DNSSECKeeper& dsk, const string &msgPrefix, const DNSR di->backend->replaceRRSet(di->id, oldRec->qname, oldRec->qtype, rrset); updatedSerial = true; changedRecords++; - g_log<d_name<<"|"<d_name << "|" << rrType.toString() << endl; } - - // It's not possible to have multiple CNAME's with the same NAME. So we always update. - } else if (rrType == QType::CNAME) { + else { + g_log << Logger::Notice << msgPrefix << "Provided serial (" << sdUpdate.serial << ") is older than the current serial (" << sdOld.serial << "), ignoring SOA update." << endl; + } + } break; + case QType::CNAME: { + // It's not possible to have multiple CNAME's with the same NAME. So we always update. int changedCNames = 0; - for (auto& i : rrset) { + for (auto& i : rrset) { // NOLINT(readability-identifier-length) if (i.ttl != rr->d_ttl || i.content != rr->getContent()->getZoneRepresentation()) { i.ttl = rr->d_ttl; i.setContent(rr->getContent()->getZoneRepresentation()); @@ -185,15 +194,16 @@ static uint performUpdate(DNSSECKeeper& dsk, const string &msgPrefix, const DNSR } if (changedCNames > 0) { di->backend->replaceRRSet(di->id, rr->d_name, rrType, rrset); - g_log<d_name<<"|"<d_name << "|" << rrType.toString() << endl; changedRecords += changedCNames; - } else { - g_log<d_name<<"|"<d_name << "|" << rrType.toString() << " requested, but no changes made." << endl; + } + } break; + default: { + // In any other case, we must check if the TYPE and RDATA match to provide an update (which effectively means a update of TTL) + int updateTTL = 0; foundRecord = false; bool lowerCase = false; switch (rrType.getCode()) { @@ -207,7 +217,7 @@ static uint performUpdate(DNSSECKeeper& dsk, const string &msgPrefix, const DNSR if (lowerCase) { content = toLower(content); } - for (auto& i : rrset) { + for (auto& i : rrset) { // NOLINT(readability-identifier-length) if (rrType != i.qtype.getCode()) { continue; } @@ -217,21 +227,23 @@ static uint performUpdate(DNSSECKeeper& dsk, const string &msgPrefix, const DNSR icontent = toLower(icontent); } if (icontent == content) { - foundRecord=true; + foundRecord = true; } } - if (i.ttl != rr->d_ttl) { + if (i.ttl != rr->d_ttl) { i.ttl = rr->d_ttl; updateTTL++; } } if (updateTTL > 0) { di->backend->replaceRRSet(di->id, rr->d_name, rrType, rrset); - g_log<d_name<<"|"<d_name << "|" << rrType.toString() << endl; changedRecords += updateTTL; - } else if (foundRecord) { - g_log<d_name<<"|"<d_name << "|" << rrType.toString() << " requested, but no changes made." << endl; + } + } break; } // ReplaceRRSet dumps our ordername and auth flag, so we need to correct it if we have changed records. @@ -239,10 +251,10 @@ static uint performUpdate(DNSSECKeeper& dsk, const string &msgPrefix, const DNSR if (changedRecords > 0) { bool auth = rrset.front().auth; - if(haveNSEC3) { + if (haveNSEC3) { DNSName ordername; - if(! narrow) { - ordername=DNSName(toBase32Hex(hashQNameWithSalt(ns3pr, rr->d_name))); + if (!narrow) { + ordername = DNSName(toBase32Hex(hashQNameWithSalt(ns3pr, rr->d_name))); } if (narrow) { @@ -251,26 +263,25 @@ static uint performUpdate(DNSSECKeeper& dsk, const string &msgPrefix, const DNSR else { di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, ordername, auth, QType::ANY, true); } - if(!auth || rrType == QType::DS) { + if (!auth || rrType == QType::DS) { di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, DNSName(), false, QType::NS, !narrow); di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, DNSName(), false, QType::A, !narrow); di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, DNSName(), false, QType::AAAA, !narrow); } - - } else { // NSEC + } + else { // NSEC di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, rr->d_name.makeRelative(di->zone), auth, QType::ANY, false); - if(!auth || rrType == QType::DS) { + if (!auth || rrType == QType::DS) { di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, DNSName(), false, QType::A, false); di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, DNSName(), false, QType::AAAA, false); } } } - } // if (foundRecord) // If we haven't found a record that matches, we must add it. - if (! foundRecord) { - g_log<d_name<<"|"<d_name << "|" << rrType.toString() << endl; delnonterm.insert(rr->d_name); // always remove any ENT's in the place where we're going to add a record. auto newRec = DNSResourceRecord::fromWire(*rr); newRec.domain_id = di->id; @@ -278,15 +289,13 @@ static uint performUpdate(DNSSECKeeper& dsk, const string &msgPrefix, const DNSR di->backend->feedRecord(newRec, DNSName()); changedRecords++; - // because we added a record, we need to fix DNSSEC data. DNSName shorter(rr->d_name); - bool auth=newRec.auth; + bool auth = newRec.auth; bool fixDS = (rrType == QType::DS); if (di->zone.operator const DNSName&() != shorter) { // Everything at APEX is auth=1 && no ENT's do { - if (di->zone.operator const DNSName&() == shorter) { break; } @@ -294,28 +303,30 @@ static uint performUpdate(DNSSECKeeper& dsk, const string &msgPrefix, const DNSR bool foundShorter = false; di->backend->lookup(QType(QType::ANY), shorter, di->id); while (di->backend->get(rec)) { - if (rec.qname == rr->d_name && rec.qtype == QType::DS) + if (rec.qname == rr->d_name && rec.qtype == QType::DS) { fixDS = true; + } if (shorter != rr->d_name) { foundShorter = true; } - if (rec.qtype == QType::NS) // are we inserting below a delegate? - auth=false; + if (rec.qtype == QType::NS) { // are we inserting below a delegate? + auth = false; + } } if (!foundShorter && auth && shorter != rr->d_name) { // haven't found any record at current level, insert ENT. insnonterm.insert(shorter); } - if (foundShorter) + if (foundShorter) { break; // if we find a shorter record, we can stop searching - } while(shorter.chopOff()); + } + } while (shorter.chopOff()); } - if(haveNSEC3) - { + if (haveNSEC3) { DNSName ordername; - if(! narrow) { - ordername=DNSName(toBase32Hex(hashQNameWithSalt(ns3pr, rr->d_name))); + if (!narrow) { + ordername = DNSName(toBase32Hex(hashQNameWithSalt(ns3pr, rr->d_name))); } if (narrow) { @@ -329,7 +340,7 @@ static uint performUpdate(DNSSECKeeper& dsk, const string &msgPrefix, const DNSR di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, ordername, true, QType::DS, !narrow); } - if(!auth) { + if (!auth) { if (ns3pr.d_flags != 0) { di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, DNSName(), false, QType::NS, !narrow); } @@ -338,34 +349,34 @@ static uint performUpdate(DNSSECKeeper& dsk, const string &msgPrefix, const DNSR } } else { // NSEC - DNSName ordername=rr->d_name.makeRelative(di->zone); + DNSName ordername = rr->d_name.makeRelative(di->zone); di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, ordername, auth, QType::ANY, false); if (fixDS) { di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, ordername, true, QType::DS, false); } - if(!auth) { + if (!auth) { di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, DNSName(), false, QType::A, false); di->backend->updateDNSSECOrderNameAndAuth(di->id, rr->d_name, DNSName(), false, QType::AAAA, false); } } - // If we insert an NS, all the records below it become non auth - so, we're inserting a delegate. // Auth can only be false when the rr->d_name is not the zone - if (auth == false && rrType == QType::NS) { - DLOG(g_log<d_name<d_name << endl); insnonterm.clear(); // No ENT's are needed below delegates (auth=0) vector qnames; di->backend->listSubZone(ZoneName(rr->d_name), di->id); - while(di->backend->get(rec)) { - if (rec.qtype.getCode() && rec.qtype.getCode() != QType::DS && rr->d_name != rec.qname) // Skip ENT, DS and our already corrected record. + while (di->backend->get(rec)) { + if (rec.qtype.getCode() != QType::ENT && rec.qtype.getCode() != QType::DS && rr->d_name != rec.qname) { // Skip ENT, DS and our already corrected record. qnames.push_back(rec.qname); + } } - for(const auto & qname : qnames) { - if(haveNSEC3) { + for (const auto& qname : qnames) { + if (haveNSEC3) { DNSName ordername; - if(! narrow) { - ordername=DNSName(toBase32Hex(hashQNameWithSalt(ns3pr, qname))); + if (!narrow) { + ordername = DNSName(toBase32Hex(hashQNameWithSalt(ns3pr, qname))); } if (narrow) { @@ -380,7 +391,7 @@ static uint performUpdate(DNSSECKeeper& dsk, const string &msgPrefix, const DNSR } } else { // NSEC - DNSName ordername=DNSName(qname).makeRelative(di->zone); + DNSName ordername = DNSName(qname).makeRelative(di->zone); di->backend->updateDNSSECOrderNameAndAuth(di->id, qname, ordername, false, QType::NS, false); } @@ -391,14 +402,13 @@ static uint performUpdate(DNSSECKeeper& dsk, const string &msgPrefix, const DNSR } } // rr->d_class == QClass::IN - // Delete records - section 3.4.2.3 and 3.4.2.4 with the exception of the 'always leave 1 NS rule' as that's handled by // the code that calls this performUpdate(). if ((rr->d_class == QClass::ANY || rr->d_class == QClass::NONE) && rrType != QType::SOA) { // never delete a SOA. - DLOG(g_log<d_name<<"; QClass:"<d_class<<"; rrType: "<d_name << "; QClass:" << rr->d_class << "; rrType: " << rrType.toString() << endl); if (rrType == QType::NSEC3PARAM) { - g_log<d_name, di->zone.getVariant()); @@ -409,11 +419,12 @@ static uint performUpdate(DNSSECKeeper& dsk, const string &msgPrefix, const DNSR NSEC3PARAMRecordContent nsec3rr(rr->getContent()->getZoneRepresentation(), di->zone); if (haveNSEC3 && ns3pr.getZoneRepresentation() == nsec3rr.getZoneRepresentation()) { dsk.unsetNSEC3PARAM(zonename); - } + } else { return 0; - } - } else { + } + } + else { return 0; } @@ -429,73 +440,78 @@ static uint performUpdate(DNSSECKeeper& dsk, const string &msgPrefix, const DNSR return 1; } // end of NSEC3PARAM delete block - di->backend->lookup(rrType, rr->d_name, di->id); - while(di->backend->get(rec)) { + while (di->backend->get(rec)) { if (rr->d_class == QClass::ANY) { // 3.4.2.3 if (rec.qname == di->zone.operator const DNSName&() && (rec.qtype == QType::NS || rec.qtype == QType::SOA)) { // Never delete all SOA and NS's rrset.push_back(rec); } - else + else { recordsToDelete.push_back(rec); + } } if (rr->d_class == QClass::NONE) { // 3.4.2.4 auto repr = rec.getZoneRepresentation(); if (rec.qtype == QType::TXT) { - DLOG(g_log<serialize(rec.qname, true, true); - auto rc = DNSRecordContent::deserialize(rec.qname, rec.qtype.getCode(), ser); + auto rc = DNSRecordContent::deserialize(rec.qname, rec.qtype.getCode(), ser); // NOLINT(readability-identifier-length) repr = rc->getZoneRepresentation(true); - DLOG(g_log<getContent()->getZoneRepresentation()=["<getContent()->getZoneRepresentation()<<"]"<getContent()->getZoneRepresentation()) + DLOG(g_log << msgPrefix << "Matching RR in RRset - (adjusted) representation from request=[" << repr << "], rr->getContent()->getZoneRepresentation()=[" << rr->getContent()->getZoneRepresentation() << "]" << endl); + if (rrType == rec.qtype && repr == rr->getContent()->getZoneRepresentation()) { recordsToDelete.push_back(rec); - else + } + else { rrset.push_back(rec); + } } } - - if (recordsToDelete.size()) { + + if (!recordsToDelete.empty()) { di->backend->replaceRRSet(di->id, rr->d_name, rrType, rrset); - g_log<d_name<<"|"<d_name << "|" << rrType.toString() << endl; changedRecords += recordsToDelete.size(); - // If we've removed a delegate, we need to reset ordername/auth for some records. - if (rrType == QType::NS && rr->d_name != di->zone.operator const DNSName&()) { - vector belowOldDelegate, nsRecs, updateAuthFlag; + if (rrType == QType::NS && rr->d_name != di->zone.operator const DNSName&()) { + vector belowOldDelegate; + vector nsRecs; + vector updateAuthFlag; di->backend->listSubZone(ZoneName(rr->d_name), di->id); while (di->backend->get(rec)) { - if (rec.qtype.getCode()) // skip ENT records, they are always auth=false + if (rec.qtype.getCode() != QType::ENT) { // skip ENT records, they are always auth=false belowOldDelegate.push_back(rec.qname); - if (rec.qtype.getCode() == QType::NS && rec.qname != rr->d_name) + } + if (rec.qtype.getCode() == QType::NS && rec.qname != rr->d_name) { nsRecs.push_back(rec.qname); + } } - for(auto &belowOldDel: belowOldDelegate) - { + for (auto& belowOldDel : belowOldDelegate) { bool isBelowDelegate = false; - for(const auto & ns: nsRecs) { + for (const auto& ns : nsRecs) { // NOLINT(readability-identifier-length) if (ns.isPartOf(belowOldDel)) { - isBelowDelegate=true; + isBelowDelegate = true; break; } } - if (!isBelowDelegate) + if (!isBelowDelegate) { updateAuthFlag.push_back(belowOldDel); + } } - for (const auto &changeRec:updateAuthFlag) { + for (const auto& changeRec : updateAuthFlag) { DNSName ordername; - if(haveNSEC3) { - if(! narrow) { - ordername=DNSName(toBase32Hex(hashQNameWithSalt(ns3pr, changeRec))); + if (haveNSEC3) { + if (!narrow) { + ordername = DNSName(toBase32Hex(hashQNameWithSalt(ns3pr, changeRec))); } } else { // NSEC - ordername=changeRec.makeRelative(di->zone); + ordername = changeRec.makeRelative(di->zone); } di->backend->updateDNSSECOrderNameAndAuth(di->id, changeRec, ordername, true, QType::ANY, haveNSEC3 && !narrow); } @@ -505,18 +521,22 @@ static uint performUpdate(DNSSECKeeper& dsk, const string &msgPrefix, const DNSR // We must check if we have a record below the current level and if we removed the 'last' record // on that level. If so, we must insert an ENT record. // We take extra care here to not 'include' the record that we just deleted. Some backends will still return it as they only reload on a commit. - bool foundDeeper = false, foundOtherWithSameName = false; + bool foundDeeper = false; + bool foundOtherWithSameName = false; di->backend->listSubZone(ZoneName(rr->d_name), di->id); while (di->backend->get(rec)) { - if (rec.qname == rr->d_name && !count(recordsToDelete.begin(), recordsToDelete.end(), rec)) + if (rec.qname == rr->d_name && count(recordsToDelete.begin(), recordsToDelete.end(), rec) == 0) { foundOtherWithSameName = true; - if (rec.qname != rr->d_name && rec.qtype.getCode() != QType::NS) //Skip NS records, as this would be a delegate that we can ignore as this does not require us to create a ENT + } + if (rec.qname != rr->d_name && rec.qtype.getCode() != QType::NS) { //Skip NS records, as this would be a delegate that we can ignore as this does not require us to create a ENT foundDeeper = true; + } } if (foundDeeper && !foundOtherWithSameName) { insnonterm.insert(rr->d_name); - } else if (!foundOtherWithSameName) { + } + else if (!foundOtherWithSameName) { // If we didn't have to insert an ENT, we might have deleted a record at very deep level // and we must then clean up the ENT's above the deleted record. DNSName shorter(rr->d_name); @@ -534,36 +554,39 @@ static uint performUpdate(DNSSECKeeper& dsk, const string &msgPrefix, const DNSR di->backend->listSubZone(ZoneName(shorter), di->id); while (di->backend->get(rec)) { - if (rec.qtype.getCode()) + if (rec.qtype.getCode() != QType::ENT) { foundRealRR = true; - else + } + else { foundEnt = true; + } } if (!foundRealRR) { - if (foundEnt) // only delete the ENT if we actually found one. + if (foundEnt) { // only delete the ENT if we actually found one. delnonterm.insert(shorter); - } else + } + } + else { break; + } } } - } else { // if (recordsToDelete.size()) - g_log<d_name<<"|"<d_name << "|" << rrType.toString() << " requested, but not found." << endl; } } // (End of delete block d_class == ANY || d_class == NONE - - //Insert and delete ENT's - if (insnonterm.size() > 0 || delnonterm.size() > 0) { - DLOG(g_log<backend->updateEmptyNonTerminals(di->id, insnonterm, delnonterm, false); - for (const auto &i: insnonterm) { + for (const auto& i : insnonterm) { // NOLINT(readability-identifier-length) string hashed; - if(haveNSEC3) - { + if (haveNSEC3) { DNSName ordername; - if(! narrow) { - ordername=DNSName(toBase32Hex(hashQNameWithSalt(ns3pr, i))); + if (!narrow) { + ordername = DNSName(toBase32Hex(hashQNameWithSalt(ns3pr, i))); } di->backend->updateDNSSECOrderNameAndAuth(di->id, i, ordername, true, QType::ANY, !narrow); } @@ -573,11 +596,12 @@ static uint performUpdate(DNSSECKeeper& dsk, const string &msgPrefix, const DNSR return changedRecords; } -int PacketHandler::forwardPacket(const string &msgPrefix, const DNSPacket& p, const DomainInfo& di) { +int PacketHandler::forwardPacket(const string& msgPrefix, const DNSPacket& p, const DomainInfo& di) // NOLINT(readability-identifier-length) +{ vector forward; B.getDomainMetadata(p.qdomainzone, "FORWARD-DNSUPDATE", forward); - if (forward.size() == 0 && ! ::arg().mustDo("forward-dnsupdate")) { + if (forward.empty() && !::arg().mustDo("forward-dnsupdate")) { g_log << Logger::Notice << msgPrefix << "Not configured to forward to primary, returning Refused." << endl; return RCode::Refused; } @@ -590,17 +614,17 @@ int PacketHandler::forwardPacket(const string &msgPrefix, const DNSPacket& p, co } auto local = pdns::getQueryLocalAddress(remote.sin4.sin_family, 0); int sock = makeQuerySocket(local, false); // create TCP socket. RFC2136 section 6.2 seems to be ok with this. - if(sock < 0) { - g_log<(recvRes) < sizeof(lenBuf)) { + std::array lenBuf{}; + ssize_t recvRes = recv(sock, lenBuf.data(), lenBuf.size(), 0); + if (recvRes < 0 || static_cast(recvRes) < lenBuf.size()) { g_log << Logger::Error << msgPrefix << "Could not receive data (length) from primary at " << remote.toStringWithPort() << ", error:" << stringerror() << endl; try { closesocket(sock); } - catch(const PDNSException& e) { + catch (const PDNSException& e) { g_log << Logger::Error << "Error closing primary forwarding socket after recv() failed: " << e.reason << endl; } continue; } - size_t packetLen = lenBuf[0]*256+lenBuf[1]; + size_t packetLen = lenBuf[0] * 256 + lenBuf[1]; buffer.resize(packetLen); recvRes = recv(sock, &buffer.at(0), packetLen, 0); @@ -667,7 +690,7 @@ int PacketHandler::forwardPacket(const string &msgPrefix, const DNSPacket& p, co try { closesocket(sock); } - catch(const PDNSException& e) { + catch (const PDNSException& e) { g_log << Logger::Error << "Error closing primary forwarding socket after recv() failed: " << e.reason << endl; } continue; @@ -675,13 +698,13 @@ int PacketHandler::forwardPacket(const string &msgPrefix, const DNSPacket& p, co try { closesocket(sock); } - catch(const PDNSException& e) { + catch (const PDNSException& e) { g_log << Logger::Error << "Error closing primary forwarding socket: " << e.reason << endl; } try { MOADNSParser mdp(false, buffer.data(), static_cast(recvRes)); - g_log< allowedRanges; UBackend.getDomainMetadata(packet.qdomainzone, "ALLOW-DNSUPDATE-FROM", allowedRanges); - if (! ::arg()["allow-dnsupdate-from"].empty()) { - stringtok(allowedRanges, ::arg()["allow-dnsupdate-from"], ", \t" ); + if (!::arg()["allow-dnsupdate-from"].empty()) { + stringtok(allowedRanges, ::arg()["allow-dnsupdate-from"], ", \t"); } NetmaskGroup nmg; - for(const auto& range: allowedRanges) { + for (const auto& range : allowedRanges) { nmg.addMask(range); } - if ( ! nmg.match(packet.getInnerRemote())) { - g_log<; RRsetMap_t preReqRRsets; - for(const auto& rec: mdp.d_answers) { + for (const auto& rec : mdp.d_answers) { const DNSRecord* dnsRecord = &rec; if (dnsRecord->d_place == DNSResourceRecord::ANSWER) { // Last line of 3.2.3 @@ -781,7 +804,7 @@ static uint8_t updatePrereqCheck323(MOADNSParser& mdp, DomainInfo& info, const s if (dnsRecord->d_class == QClass::IN) { rrSetKey_t key = {dnsRecord->d_name, QType(dnsRecord->d_type)}; - rrVector_t *vec = &preReqRRsets[key]; + rrVector_t* vec = &preReqRRsets[key]; vec->push_back(DNSResourceRecord::fromWire(*dnsRecord)); } } @@ -789,9 +812,9 @@ static uint8_t updatePrereqCheck323(MOADNSParser& mdp, DomainInfo& info, const s if (!preReqRRsets.empty()) { RRsetMap_t zoneRRsets; - for (auto & preReqRRset : preReqRRsets) { - rrSetKey_t rrSet=preReqRRset.first; - rrVector_t *vec = &preReqRRset.second; + for (auto& preReqRRset : preReqRRsets) { + rrSetKey_t rrSet = preReqRRset.first; + rrVector_t* vec = &preReqRRset.second; DNSResourceRecord rec; info.backend->lookup(QType(QType::ANY), rrSet.first, info.id); @@ -800,7 +823,7 @@ static uint8_t updatePrereqCheck323(MOADNSParser& mdp, DomainInfo& info, const s while (info.backend->get(rec)) { if (rec.qtype == rrSet.second) { foundRR++; - for(auto & rrItem : *vec) { + for (auto& rrItem : *vec) { rrItem.ttl = rec.ttl; // The compare one line below also compares TTL, so we make them equal because TTL is not user within prerequisite checks. if (rrItem == rec) { matchRR++; @@ -809,7 +832,7 @@ static uint8_t updatePrereqCheck323(MOADNSParser& mdp, DomainInfo& info, const s } } if (matchRR != foundRR || foundRR != vec->size()) { - g_log<& update_policy_lua, DNSPacket& packet, bool isPresigned, bool& narrow, bool& haveNSEC3, NSEC3PARAMRecordContent& ns3pr, bool& updatedSerial, const std::string& msgPrefix) { - vector cnamesToAdd; - vector nonCnamesToAdd; - vector nsRRtoDelete; + vector cnamesToAdd; + vector nonCnamesToAdd; + vector nsRRtoDelete; bool anyRecordProcessed{false}; bool anyRecordAcceptedByLua{false}; - for(const auto & answer : mdp.d_answers) { - const DNSRecord *dnsRecord = &answer; + for (const auto& answer : mdp.d_answers) { + const DNSRecord* dnsRecord = &answer; if (dnsRecord->d_place == DNSResourceRecord::AUTHORITY) { anyRecordProcessed = true; /* see if it's permitted by policy */ if (update_policy_lua != nullptr) { if (!update_policy_lua->updatePolicy(dnsRecord->d_name, QType(dnsRecord->d_type), info.zone.operator const DNSName&(), packet)) { - g_log<d_name << "/" << QType(dnsRecord->d_type).toString() << ": Not permitted by policy"<d_name << "/" << QType(dnsRecord->d_type).toString() << ": Not permitted by policy" << endl; continue; } - g_log<d_name << "/" << QType(dnsRecord->d_type).toString() << ": Permitted by policy"<d_name << "/" << QType(dnsRecord->d_type).toString() << ": Permitted by policy" << endl; anyRecordAcceptedByLua = true; } - if (dnsRecord->d_class == QClass::NONE && dnsRecord->d_type == QType::NS && dnsRecord->d_name == info.zone.operator const DNSName&()) { + if (dnsRecord->d_class == QClass::NONE && dnsRecord->d_type == QType::NS && dnsRecord->d_name == info.zone.operator const DNSName&()) { nsRRtoDelete.push_back(dnsRecord); } else if (dnsRecord->d_class == QClass::IN && dnsRecord->d_ttl > 0) { if (dnsRecord->d_type == QType::CNAME) { cnamesToAdd.push_back(dnsRecord); - } else { + } + else { nonCnamesToAdd.push_back(dnsRecord); } } @@ -863,27 +887,27 @@ static uint8_t updateRecords(MOADNSParser& mdp, DNSSECKeeper& dsk, DomainInfo& i } } - for (const auto &resrec : cnamesToAdd) { + for (const auto& resrec : cnamesToAdd) { DNSResourceRecord rec; info.backend->lookup(QType(QType::ANY), resrec->d_name, info.id); while (info.backend->get(rec)) { if (rec.qtype != QType::CNAME && rec.qtype != QType::ENT && rec.qtype != QType::RRSIG) { // leave database handle in a consistent state info.backend->lookupEnd(); - g_log<d_name << "/" << QType(resrec->d_type).toString() << ": Data other than CNAME exists for the same name"<d_name << "/" << QType(resrec->d_type).toString() << ": Data other than CNAME exists for the same name" << endl; return RCode::Refused; } } changedRecords += performUpdate(dsk, msgPrefix, resrec, &info, isPresigned, narrow, haveNSEC3, ns3pr, updatedSerial); } - for (const auto &resrec : nonCnamesToAdd) { + for (const auto& resrec : nonCnamesToAdd) { DNSResourceRecord rec; info.backend->lookup(QType(QType::CNAME), resrec->d_name, info.id); while (info.backend->get(rec)) { if (rec.qtype == QType::CNAME && resrec->d_type != QType::RRSIG) { // leave database handle in a consistent state info.backend->lookupEnd(); - g_log<d_name << "/" << QType(resrec->d_type).toString() << ": CNAME exists for the same name"<d_name << "/" << QType(resrec->d_type).toString() << ": CNAME exists for the same name" << endl; return RCode::Refused; } } @@ -898,8 +922,8 @@ static uint8_t updateRecords(MOADNSParser& mdp, DNSSECKeeper& dsk, DomainInfo& i nsRRInZone.push_back(rec); } if (nsRRInZone.size() > nsRRtoDelete.size()) { // only delete if the NS's we delete are less then what we have in the zone (3.4.2.4) - for (auto& inZone: nsRRInZone) { - for (auto& resrec: nsRRtoDelete) { + for (auto& inZone : nsRRInZone) { + for (auto& resrec : nsRRtoDelete) { if (inZone.getZoneRepresentation() == resrec->getContent()->getZoneRepresentation()) { changedRecords += performUpdate(dsk, msgPrefix, resrec, &info, isPresigned, narrow, haveNSEC3, ns3pr, updatedSerial); } @@ -913,12 +937,12 @@ static uint8_t updateRecords(MOADNSParser& mdp, DNSSECKeeper& dsk, DomainInfo& i int PacketHandler::processUpdate(DNSPacket& packet) { - if (! ::arg().mustDo("dnsupdate")) { + if (!::arg().mustDo("dnsupdate")) { return RCode::Refused; } - string msgPrefix="UPDATE (" + std::to_string(packet.d.id) + ") from " + packet.getRemoteString() + " for " + packet.qdomainzone.toLogString() + ": "; - g_log<d_update_policy_lua == nullptr) { @@ -932,24 +956,24 @@ int PacketHandler::processUpdate(DNSPacket& packet) // variable names during the use of our MOADNSParser. MOADNSParser mdp(false, packet.getString()); if (mdp.d_header.qdcount != 1) { - g_log<d_place != DNSResourceRecord::ANSWER && dnsRecord->d_place != DNSResourceRecord::AUTHORITY) { @@ -967,25 +991,25 @@ int PacketHandler::processUpdate(DNSPacket& packet) } if (!dnsRecord->d_name.isPartOf(di.zone)) { - g_log<startTransaction(packet.qdomainzone, UnknownDomainID)) { // Not giving the domain_id means that we do not delete the existing records. - g_log<d_place == DNSResourceRecord::ANSWER) { int res = checkUpdatePrerequisites(dnsRecord, &di); - if (res>0) { - g_log<d_name<<", returning "< 0) { + g_log << Logger::Error << msgPrefix << "Failed PreRequisites check for " << dnsRecord->d_name << ", returning " << RCode::to_s(res) << endl; di.backend->abortTransaction(); return res; } @@ -1001,12 +1025,12 @@ int PacketHandler::processUpdate(DNSPacket& packet) // 3.4 - Prescan & Add/Update/Delete records - is all done within a try block. try { // 3.4.1 - Prescan section - for(const auto & answer : mdp.d_answers) { - const DNSRecord *dnsRecord = &answer; + for (const auto& answer : mdp.d_answers) { + const DNSRecord* dnsRecord = &answer; if (dnsRecord->d_place == DNSResourceRecord::AUTHORITY) { int res = checkUpdatePrescan(dnsRecord); - if (res>0) { - g_log< 0) { + g_log << Logger::Error << msgPrefix << "Failed prescan check, returning " << res << endl; di.backend->abortTransaction(); return res; } @@ -1015,7 +1039,7 @@ int PacketHandler::processUpdate(DNSPacket& packet) bool updatedSerial{false}; NSEC3PARAMRecordContent ns3pr; - bool narrow=false; + bool narrow = false; bool haveNSEC3 = d_dk.getNSEC3PARAM(di.zone, &ns3pr, &narrow); bool isPresigned = d_dk.isPresigned(di.zone); string soaEditSetting; @@ -1026,20 +1050,22 @@ int PacketHandler::processUpdate(DNSPacket& packet) // This means we must do it outside the normal performUpdate() because that focusses only on a separate RR. // Another special case is the addition of both a CNAME and a non-CNAME for the same name (#6270) - set cn, nocn; - for (const auto &rr : mdp.d_answers) { + set cn; // NOLINT(readability-identifier-length) + set nocn; + for (const auto& rr : mdp.d_answers) { // NOLINT(readability-identifier-length) if (rr.d_place == DNSResourceRecord::AUTHORITY && rr.d_class == QClass::IN && rr.d_ttl > 0) { // Addition if (rr.d_type == QType::CNAME) { cn.insert(rr.d_name); - } else if (rr.d_type != QType::RRSIG) { + } + else if (rr.d_type != QType::RRSIG) { nocn.insert(rr.d_name); } } } - for (auto const &n : cn) { + for (auto const& n : cn) { // NOLINT(readability-identifier-length) if (nocn.count(n) > 0) { - g_log<abortTransaction(); return RCode::FormErr; } @@ -1059,13 +1085,13 @@ int PacketHandler::processUpdate(DNSPacket& packet) if (changedRecords != 0) { if (!di.backend->commitTransaction()) { - g_log<(changedRecords)); - d_dk.clearMetaCache(di.zone); + DNSSECKeeper::clearMetaCache(di.zone); // Purge the records! purgeAuthCaches(di.zone.operator const DNSName&().toString() + "$"); @@ -1078,43 +1104,45 @@ int PacketHandler::processUpdate(DNSPacket& packet) } } - g_log<abortTransaction(); } return RCode::NoError; //rfc 2136 3.4.2.5 } - catch (SSqlException &e) { - g_log<abortTransaction(); return RCode::ServFail; } - catch (DBException &e) { - g_log<abortTransaction(); return RCode::ServFail; } - catch (PDNSException &e) { - g_log<abortTransaction(); return RCode::ServFail; } - catch(std::exception &e) { - g_log<abortTransaction(); return RCode::ServFail; } catch (...) { - g_log<abortTransaction(); return RCode::ServFail; } } -void PacketHandler::increaseSerial(const string &msgPrefix, const DomainInfo *di, const string& soaEditSetting, bool haveNSEC3, bool narrow, const NSEC3PARAMRecordContent *ns3pr) { - SOAData sd; +void PacketHandler::increaseSerial(const string& msgPrefix, const DomainInfo* di, const string& soaEditSetting, bool haveNSEC3, bool narrow, const NSEC3PARAMRecordContent* ns3pr) // NOLINT(readability-identifier-length) +{ + SOAData sd; // NOLINT(readability-identifier-length) if (!di->backend->getSOA(di->zone, di->id, sd)) { throw PDNSException("SOA-Serial update failed because there was no SOA. Wowie."); } @@ -1127,16 +1155,18 @@ void PacketHandler::increaseSerial(const string &msgPrefix, const DomainInfo *di string soaEdit; if (!soaEdit2136Setting.empty()) { soaEdit2136 = soaEdit2136Setting[0]; - if (pdns_iequals(soaEdit2136, "SOA-EDIT") || pdns_iequals(soaEdit2136,"SOA-EDIT-INCREASE") ){ + if (pdns_iequals(soaEdit2136, "SOA-EDIT") || pdns_iequals(soaEdit2136, "SOA-EDIT-INCREASE")) { if (soaEditSetting.empty()) { - g_log<zone <<"\". Using DEFAULT for SOA-EDIT-DNSUPDATE"<zone << "\". Using DEFAULT for SOA-EDIT-DNSUPDATE" << endl; soaEdit2136 = "DEFAULT"; - } else + } + else { soaEdit = soaEditSetting; + } } } - DNSResourceRecord rr; + DNSResourceRecord rr; // NOLINT(readability-identifier-length) if (makeIncreasedSOARecord(sd, soaEdit2136, soaEdit, rr)) { di->backend->replaceRRSet(di->id, rr.qname, rr.qtype, vector(1, rr)); g_log << Logger::Notice << msgPrefix << "Increasing SOA serial (" << oldSerial << " -> " << sd.serial << ")" << endl; @@ -1147,7 +1177,8 @@ void PacketHandler::increaseSerial(const string &msgPrefix, const DomainInfo *di if (!narrow) { ordername = DNSName(toBase32Hex(hashQNameWithSalt(*ns3pr, rr.qname))); } - } else { // NSEC + } + else { // NSEC ordername = rr.qname.makeRelative(di->zone); } di->backend->updateDNSSECOrderNameAndAuth(di->id, rr.qname, ordername, true, QType::ANY, haveNSEC3 && !narrow);