From: Miod Vallat <miod.vallat@powerdns.com>
Date: Wed, 7 May 2025 06:47:25 +0000 (+0200)
Subject: Keep remote in Lua context, to make dblookup search within the current view.
X-Git-Tag: auth-5.0.0-alpha1~1^2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=88a420014d4a630a6cbeae2f0af0abf96d79ecb2;p=thirdparty%2Fpdns.git

Keep remote in Lua context, to make dblookup search within the current view.
---

diff --git a/pdns/lua-record.cc b/pdns/lua-record.cc
index edfca3068f..d3b16dfb73 100644
--- a/pdns/lua-record.cc
+++ b/pdns/lua-record.cc
@@ -629,13 +629,13 @@ static std::vector<DNSZoneRecord> lookup(const DNSName& name, uint16_t qtype, do
   return ret;
 }
 
-static bool getAuth(const ZoneName& name, uint16_t qtype, SOAData* soaData)
+static bool getAuth(const ZoneName& name, uint16_t qtype, SOAData* soaData, Netmask remote)
 {
   static LockGuarded<UeberBackend> s_ub;
 
   {
     auto ueback = s_ub.lock();
-    return ueback->getAuth(name, qtype, soaData);
+    return ueback->getAuth(name, qtype, soaData, remote);
   }
 }
 
@@ -748,6 +748,7 @@ typedef struct AuthLuaRecordContext
   DNSName               qname;
   DNSZoneRecord         zone_record;
   DNSName               zone;
+  Netmask               remote;
 } lua_record_ctx_t;
 
 static thread_local unique_ptr<lua_record_ctx_t> s_lua_record_ctx;
@@ -1579,7 +1580,7 @@ static vector<string> lua_dblookup(const string& record, uint16_t qtype)
   try {
     SOAData soaData;
 
-    if (!getAuth(rec, qtype, &soaData)) {
+    if (!getAuth(rec, qtype, &soaData, s_lua_record_ctx->remote)) {
       return ret;
     }
 
@@ -1778,6 +1779,7 @@ std::vector<shared_ptr<DNSRecordContent>> luaSynth(const std::string& code, cons
   s_lua_record_ctx->qname = query;
   s_lua_record_ctx->zone_record = zone_record;
   s_lua_record_ctx->zone = zone;
+  s_lua_record_ctx->remote = dnsp.getRealRemote();
 
   lua.writeVariable("qname", query);
   lua.writeVariable("zone", zone);
diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index d32fc6efaa..b586c6aae1 100644
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -1597,7 +1597,7 @@ bool PacketHandler::opcodeQueryInner2(DNSPacket& pkt, queryState &state, bool re
     return true;
   }
 
-  if(!B.getAuth(ZoneName(state.target), pkt.qtype, &d_sd, true, &pkt)) {
+  if(!B.getAuth(ZoneName(state.target), pkt.qtype, &d_sd, pkt.getRealRemote(), true, &pkt)) {
     DLOG(g_log<<Logger::Error<<"We have no authority over zone '"<<state.target<<"'"<<endl);
     if (!retargeted) {
       state.r->setA(false); // drop AA if we never had a SOA in the first place
diff --git a/pdns/test-ueberbackend_cc.cc b/pdns/test-ueberbackend_cc.cc
index bafec12cb2..8226da4dcf 100644
--- a/pdns/test-ueberbackend_cc.cc
+++ b/pdns/test-ueberbackend_cc.cc
@@ -1007,7 +1007,7 @@ BOOST_AUTO_TEST_CASE(test_child_zone) {
     {
       // test getAuth() for DS
       SOAData sd;
-      BOOST_REQUIRE(ub.getAuth(ZoneName("powerdns.com."), QType::DS, &sd));
+      BOOST_REQUIRE(ub.getAuth(ZoneName("powerdns.com."), QType::DS, &sd, Netmask{}));
       BOOST_CHECK_EQUAL(sd.zonename.toString(), "com.");
       BOOST_CHECK_EQUAL(sd.domain_id, 1);
     }
@@ -1015,7 +1015,7 @@ BOOST_AUTO_TEST_CASE(test_child_zone) {
     {
       // test getAuth() for A
       SOAData sd;
-      BOOST_REQUIRE(ub.getAuth(ZoneName("powerdns.com."), QType::A, &sd));
+      BOOST_REQUIRE(ub.getAuth(ZoneName("powerdns.com."), QType::A, &sd, Netmask{}));
       BOOST_CHECK_EQUAL(sd.zonename.toString(), "powerdns.com.");
       BOOST_CHECK_EQUAL(sd.domain_id, 2);
     }
@@ -1067,7 +1067,7 @@ BOOST_AUTO_TEST_CASE(test_multi_backends_best_soa) {
 
       // test getAuth()
       SOAData sd;
-      BOOST_REQUIRE(ub.getAuth(ZoneName("2.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa."), QType::PTR, &sd));
+      BOOST_REQUIRE(ub.getAuth(ZoneName("2.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa."), QType::PTR, &sd, Netmask{}));
       BOOST_CHECK_EQUAL(sd.zonename.toString(), "d.0.1.0.0.2.ip6.arpa.");
       BOOST_CHECK_EQUAL(sd.domain_id, 1);
 
diff --git a/pdns/ueberbackend.cc b/pdns/ueberbackend.cc
index d151232fbe..67e3c85f18 100644
--- a/pdns/ueberbackend.cc
+++ b/pdns/ueberbackend.cc
@@ -519,7 +519,7 @@ static bool foundTarget(const ZoneName& target, const ZoneName& shorter, const Q
   return false;
 }
 
-bool UeberBackend::getAuth(const ZoneName& target, const QType& qtype, SOAData* soaData, bool cachedOk, DNSPacket* pkt_p)
+bool UeberBackend::getAuth(const ZoneName& target, const QType& qtype, SOAData* soaData, Netmask remote, bool cachedOk, DNSPacket* pkt_p)
 {
   // A backend can respond to our authority request with the 'best' match it
   // has. For example, when asked for a.b.c.example.com. it might respond with
@@ -532,10 +532,6 @@ bool UeberBackend::getAuth(const ZoneName& target, const QType& qtype, SOAData*
   ZoneName shorter(target);
   vector<pair<size_t, SOAData>> bestMatches(backends.size(), pair(target.operator const DNSName&().wirelength() + 1, SOAData()));
 
-  Netmask remote;
-  if (pkt_p != nullptr) {
-    remote = pkt_p->getRealRemote();
-  }
   std::string view{};
   if (g_zoneCache.isEnabled()) {
     Netmask _remote(remote);
diff --git a/pdns/ueberbackend.hh b/pdns/ueberbackend.hh
index ea172f2a71..af85b1a541 100644
--- a/pdns/ueberbackend.hh
+++ b/pdns/ueberbackend.hh
@@ -100,7 +100,7 @@ public:
   void lookupEnd();
 
   /** Determines if we are authoritative for a zone, and at what level */
-  bool getAuth(const ZoneName& target, const QType& qtype, SOAData* soaData, bool cachedOk = true, DNSPacket* pkt_p = nullptr);
+  bool getAuth(const ZoneName& target, const QType& qtype, SOAData* soaData, Netmask remote, bool cachedOk = true, DNSPacket* pkt_p = nullptr);
   /** Load SOA info from backends, ignoring the cache.*/
   bool getSOAUncached(const ZoneName& domain, SOAData& soaData);
   void getAllDomains(vector<DomainInfo>* domains, bool getSerial, bool include_disabled);