From: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Date: Tue, 18 Jan 2022 10:12:16 +0000 (+0100)
Subject: Add ZONEMD config processing in Lua config
X-Git-Tag: auth-4.7.0-alpha1~42^2~16
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5e7dd5e9729f25108e4d19c197576445cc868f54;p=thirdparty%2Fpdns.git

Add ZONEMD config processing in Lua config
---

diff --git a/pdns/rec-lua-conf.cc b/pdns/rec-lua-conf.cc
index f754a9e122..713740e725 100644
--- a/pdns/rec-lua-conf.cc
+++ b/pdns/rec-lua-conf.cc
@@ -444,6 +444,23 @@ void loadRecursorLuaConfig(const std::string& fname, luaConfigDelayedThreads& de
         if (have.count("retryOnErrorPeriod")) {
           conf.d_retryOnError = boost::get<uint32_t>(have.at("retryOnErrorPeriod"));
         }
+        if (have.count("zonemdValidation")) {
+          string zonemdValidation = boost::get<string>(have.at("zonemdValidation"));
+          const map<string, pdns::ZoneMD::Config> nameToVal = {
+            { "ignore",  pdns::ZoneMD::Config::Ignore},
+            { "process",  pdns::ZoneMD::Config::Process},
+            { "logonly",  pdns::ZoneMD::Config::LogOnly},
+            { "required",  pdns::ZoneMD::Config::Required},
+            { "requiredWithDNSSEC",  pdns::ZoneMD::Config::RequiredWithDNSSEC},
+            { "requiredIgnoreDNSSEC",  pdns::ZoneMD::Config::RequiredIgnoreDNSSEC},
+            };
+          auto it = nameToVal.find(zonemdValidation);
+          if (it == nameToVal.end()) {
+            throw std::runtime_error(zonemdValidation + " is not a valid value for `zonemdValidation`");
+          } else {
+            conf.d_zonemd = it->second;
+          }
+        }
       }
 
       delayedThreads.ztcConfigs.push_back(conf);
diff --git a/pdns/recursordist/rec-zonetocache.cc b/pdns/recursordist/rec-zonetocache.cc
index 57fc96e3fd..15d6395458 100644
--- a/pdns/recursordist/rec-zonetocache.cc
+++ b/pdns/recursordist/rec-zonetocache.cc
@@ -264,7 +264,7 @@ void ZoneData::ZoneToCache(const RecZoneToCache::Config& config, uint64_t config
     result = processLines(lines, config);
   }
 
-  if (config.d_zonemd == pdns::ZoneMD::Config::Required && result != pdns::ZoneMD::Result::OK) {
+  if (pdns::ZoneMD::validationRequired(config.d_zonemd) && result != pdns::ZoneMD::Result::OK) {
     // We do not accept NoValidationDone in this case
     throw PDNSException("ZoneMD validation failure");
     return;
diff --git a/pdns/zonemd.hh b/pdns/zonemd.hh
index 2daeea94bd..6f8de71d14 100644
--- a/pdns/zonemd.hh
+++ b/pdns/zonemd.hh
@@ -60,6 +60,11 @@ public:
   void readRecord(const DNSRecord& record);
   void verify(bool& validationDone, bool& validationOK);
 
+  static bool validationRequired(Config config)
+  {
+    return config == Config::Required || config == Config::RequiredWithDNSSEC || config == Config::RequiredIgnoreDNSSEC;
+  }
+
 private:
   typedef std::pair<DNSName, QType> RRSetKey_t;
   typedef std::vector<std::shared_ptr<DNSRecordContent>> RRVector_t;