From: Miod Vallat Date: Wed, 16 Apr 2025 08:15:18 +0000 (+0200) Subject: Stricter ZoneName usage. X-Git-Tag: dnsdist-2.0.0-alpha2~63^2~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ab319bd3eac77cb321d71964ba237ae1e238db49;p=thirdparty%2Fpdns.git Stricter ZoneName usage. While ZoneName is still equivalent to DNSName, this commit turns it into a separate class (with the same interface as DNSName), and requires conversion between these classes to be explicit, so that we can recognize the DNSName/ZoneName boundaries and change them as needs arise. It is intended for these explicit conversion requirements to be only temporary, which would allow all these ".operator const DNSName&()" calls to get removed eventually, once the dust settles and our trust it proper use of ZoneName versus DNSName is strong enough. --- diff --git a/modules/bindbackend/bindbackend2.cc b/modules/bindbackend/bindbackend2.cc index ae53d2e388..359aa50224 100644 --- a/modules/bindbackend/bindbackend2.cc +++ b/modules/bindbackend/bindbackend2.cc @@ -286,7 +286,7 @@ bool Bind2Backend::feedRecord(const DNSResourceRecord& rr, const DNSName& /* ord qname = rr.qname.toString(); } else if (rr.qname.isPartOf(d_transaction_qname)) { - if (rr.qname == d_transaction_qname) { + if (rr.qname == d_transaction_qname.operator const DNSName&()) { qname = "@"; } else { @@ -823,7 +823,7 @@ void Bind2Backend::fixupOrderAndAuth(std::shared_ptr& records, if (!skip && nsec3zone && iter->qtype != QType::RRSIG && (iter->auth || (iter->qtype == QType::NS && (ns3pr.d_flags == 0u)) || (dssets.count(iter->qname) != 0u))) { Bind2DNSRecord bdr = *iter; - bdr.nsec3hash = toBase32Hex(hashQNameWithSalt(ns3pr, bdr.qname + zoneName)); + bdr.nsec3hash = toBase32Hex(hashQNameWithSalt(ns3pr, bdr.qname + zoneName.operator const DNSName&())); records->replace(iter, bdr); } @@ -874,7 +874,7 @@ void Bind2Backend::doEmptyNonTerminals(std::shared_ptr& records rr.ttl = 0; for (auto& nt : nonterm) { string hashed; - rr.qname = nt.first + zoneName; + rr.qname = nt.first + zoneName.operator const DNSName&(); if (nsec3zone && nt.second) hashed = toBase32Hex(hashQNameWithSalt(ns3pr, rr.qname)); insertRecord(records, zoneName, rr.qname, rr.qtype, rr.content, rr.ttl, hashed, &nt.second); @@ -1143,7 +1143,7 @@ bool Bind2Backend::getBeforeAndAfterNamesAbsolute(uint32_t id, const DNSName& qn iter = --hashindex.end(); before = DNSName(iter->nsec3hash); } - unhashed = iter->qname + bbd.d_name; + unhashed = iter->qname + bbd.d_name.operator const DNSName&(); return true; } @@ -1168,7 +1168,7 @@ void Bind2Backend::lookup(const QType& qtype, const DNSName& qname, int zoneId, } } else { - domain = qname; + domain = ZoneName(qname); do { found = safeGetBBDomainInfo(domain, &bbd); } while (!found && qtype != QType::SOA && domain.chopOff()); @@ -1275,7 +1275,8 @@ bool Bind2Backend::handle::get_normal(DNSResourceRecord& r) } DLOG(g_log << "Bind2Backend get() returning a rr with a " << QType(d_iter->qtype).getCode() << endl); - r.qname = qname.empty() ? domain : (qname + domain); + const DNSName& domainName(domain); + r.qname = qname.empty() ? domainName : (qname + domainName); r.domain_id = id; r.content = (d_iter)->content; // r.domain_id=(d_iter)->domain_id; @@ -1319,7 +1320,8 @@ bool Bind2Backend::list(const ZoneName& /* target */, int domainId, bool /* incl bool Bind2Backend::handle::get_list(DNSResourceRecord& r) { if (d_qname_iter != d_qname_end) { - r.qname = d_qname_iter->qname.empty() ? domain : (d_qname_iter->qname + domain); + const DNSName& domainName(domain); + r.qname = d_qname_iter->qname.empty() ? domainName : (d_qname_iter->qname + domainName); r.domain_id = id; r.content = (d_qname_iter)->content; r.qtype = (d_qname_iter)->qtype; @@ -1475,7 +1477,8 @@ bool Bind2Backend::searchRecords(const string& pattern, size_t maxResults, vecto shared_ptr rhandle = h.d_records.get(); for (recordstorage_t::const_iterator ri = rhandle->begin(); result.size() < maxResults && ri != rhandle->end(); ri++) { - DNSName name = ri->qname.empty() ? i.d_name : (ri->qname + i.d_name); + const DNSName& domainName(i.d_name); + DNSName name = ri->qname.empty() ? domainName : (ri->qname + domainName); if (sm.match(name) || sm.match(ri->content)) { DNSResourceRecord r; r.qname = std::move(name); diff --git a/modules/geoipbackend/geoipbackend.cc b/modules/geoipbackend/geoipbackend.cc index 42968225f4..adcf60f1e6 100644 --- a/modules/geoipbackend/geoipbackend.cc +++ b/modules/geoipbackend/geoipbackend.cc @@ -219,11 +219,11 @@ bool GeoIPBackend::loadDomain(const YAML::Node& domain, std::uint32_t domainID, { try { dom.id = domainID; - dom.domain = DNSName(domain["domain"].as()); + dom.domain = ZoneName(domain["domain"].as()); dom.ttl = domain["ttl"].as(); for (auto recs = domain["records"].begin(); recs != domain["records"].end(); recs++) { - DNSName qname = DNSName(recs->first.as()); + ZoneName qname = ZoneName(recs->first.as()); vector rrs; for (auto item = recs->second.begin(); item != recs->second.end(); item++) { @@ -231,7 +231,7 @@ bool GeoIPBackend::loadDomain(const YAML::Node& domain, std::uint32_t domainID, GeoIPDNSResourceRecord rr; rr.domain_id = static_cast(dom.id); rr.ttl = dom.ttl; - rr.qname = qname; + rr.qname = qname.operator const DNSName&(); if (rec->first.IsNull()) { rr.qtype = QType(0); } @@ -276,7 +276,7 @@ bool GeoIPBackend::loadDomain(const YAML::Node& domain, std::uint32_t domainID, rr.auth = true; rrs.push_back(rr); } - std::swap(dom.records[qname], rrs); + std::swap(dom.records[qname.operator const DNSName&()], rrs); } setupNetmasks(domain, dom); diff --git a/modules/ldapbackend/native.cc b/modules/ldapbackend/native.cc index 0875fa39ba..de0e91d7d5 100644 --- a/modules/ldapbackend/native.cc +++ b/modules/ldapbackend/native.cc @@ -28,7 +28,7 @@ bool LdapBackend::list(const ZoneName& target, int domain_id, bool /* include_di { try { d_in_list = true; - d_qname = target; + d_qname = target.operator const DNSName&(); d_qtype = QType::ANY; d_results_cache.clear(); diff --git a/modules/lmdbbackend/lmdbbackend.cc b/modules/lmdbbackend/lmdbbackend.cc index 737e2c6bc5..8f6086e581 100644 --- a/modules/lmdbbackend/lmdbbackend.cc +++ b/modules/lmdbbackend/lmdbbackend.cc @@ -855,6 +855,44 @@ namespace serialization } } + template + void save(Archive& arc, const ZoneName& zone, const unsigned int /* version */) + { + // Because ZoneName is an object containing a single DNSName field, + // we can't naively write + // arc & zone.operator const DNSName&(); + // because the serialization actually writes the class version number in + // front of our provided serialization, thus causing it to be larger than + // the DNSName serialization. In order to remain interoperable with + // existing serializations, we skip the DNSName's own version number and + // directly serialize its contents. + const DNSName& name = zone.operator const DNSName&(); + if (name.empty()) { + arc& std::string(); // it's arc.operator& but clang-format is confused here + } + else { + arc & name.toDNSStringLC(); + } + } + + template + void load(Archive& arc, ZoneName& zone, const unsigned int /* version */) + { + // Similarly to save() above, we can't write + // DNSName tmp; + // arc & tmp; + // zone = ZoneName(tmp); + // but have to reconstruct a DNSName from a string. + string tmp; + arc & tmp; + if (tmp.empty()) { + zone = ZoneName(); + } + else { + zone = ZoneName(DNSName(tmp.c_str(), tmp.size(), 0, false)); + } + } + template void save(Archive& ar, const QType& g, const unsigned int /* version */) { @@ -939,6 +977,7 @@ namespace serialization } // namespace boost BOOST_SERIALIZATION_SPLIT_FREE(DNSName); +BOOST_SERIALIZATION_SPLIT_FREE(ZoneName); BOOST_SERIALIZATION_SPLIT_FREE(QType); BOOST_SERIALIZATION_SPLIT_FREE(LMDBBackend::KeyDataDB); BOOST_SERIALIZATION_SPLIT_FREE(DomainInfo); @@ -1490,7 +1529,7 @@ void LMDBBackend::lookupInternal(const QType& type, const DNSName& qdomain, int d_includedisabled = include_disabled; - DNSName hunt(qdomain); + ZoneName hunt(qdomain); DomainInfo di; if (zoneId < 0) { auto rotxn = d_tdomains->getROTransaction(); @@ -1587,7 +1626,7 @@ bool LMDBBackend::get(DNSZoneRecord& zr) zr.disabled = lrr.disabled; if (!zr.disabled || d_includedisabled) { - zr.dr.d_name = compoundOrdername::getQName(key) + d_lookupdomain; + zr.dr.d_name = compoundOrdername::getQName(key) + d_lookupdomain.operator const DNSName&(); zr.domain_id = compoundOrdername::getDomainID(key); zr.dr.d_type = compoundOrdername::getQType(key).getCode(); zr.dr.d_ttl = lrr.ttl; @@ -1877,7 +1916,7 @@ void LMDBBackend::getUpdatedPrimaries(vector& updatedDomains, std::u } if (di.kind == DomainInfo::Producer) { - catalogs.insert(di.zone); + catalogs.insert(di.zone.operator const DNSName&()); catalogHashes[di.zone].process("\0"); return false; // Producer fresness check is performed elsewhere } @@ -2155,7 +2194,7 @@ bool LMDBBackend::getBeforeAndAfterNamesAbsolute(uint32_t id, const DNSName& qna } } before = co.getQName(key.getNoStripHeader()); - unhashed = DNSName(lrr.content.c_str(), lrr.content.size(), 0, false) + di.zone; + unhashed = DNSName(lrr.content.c_str(), lrr.content.size(), 0, false) + di.zone.operator const DNSName&(); // now to find after .. at the beginning of the zone if (cursor.lower_bound(co(id), key, val)) { @@ -2253,7 +2292,7 @@ bool LMDBBackend::getBeforeAndAfterNamesAbsolute(uint32_t id, const DNSName& qna } } before = co.getQName(key.getNoStripHeader()); - unhashed = DNSName(lrr.content.c_str(), lrr.content.size(), 0, false) + di.zone; + unhashed = DNSName(lrr.content.c_str(), lrr.content.size(), 0, false) + di.zone.operator const DNSName&(); // cout <<"Should still find 'after'!"<()); - unhashed = DNSName(lrr.content.c_str(), lrr.content.size(), 0, false) + di.zone; + unhashed = DNSName(lrr.content.c_str(), lrr.content.size(), 0, false) + di.zone.operator const DNSName&(); // cout<<"Went backwards, found "<()) == domainId) { - before = co.getQName(key.getNoStripHeader()) + zonename; - after = zonename; + before = co.getQName(key.getNoStripHeader()) + zonename.operator const DNSName&(); + after = zonename.operator const DNSName&(); } // else // cout << "We were at end of database, but this zone is not there?!"<()).getCode() != 0 && compoundOrdername::getDomainID(key.getNoStripHeader()) == domainId && compoundOrdername::getQName(key.getNoStripHeader()) == qname2) { // don't match ENTs // cout << "Had an exact match!"<()) != domainId) { // cout << "We hit the end of the zone or database. 'after' is apex" << endl; - after = zonename; + after = zonename.operator const DNSName&(); return false; } - after = co.getQName(key.getNoStripHeader()) + zonename; + after = co.getQName(key.getNoStripHeader()) + zonename.operator const DNSName&(); return true; } if (compoundOrdername::getDomainID(key.getNoStripHeader()) != domainId) { // cout << "Ended up in next zone, 'after' is zonename" <()) + zonename; + before = co.getQName(key.getNoStripHeader()) + zonename.operator const DNSName&(); // cout<<"Found: "<< before<(), lrr); if (co.getQType(key.getNoStripHeader()).getCode() && (lrr.auth || co.getQType(key.getNoStripHeader()).getCode() == QType::NS)) { - after = co.getQName(key.getNoStripHeader()) + zonename; + after = co.getQName(key.getNoStripHeader()) + zonename.operator const DNSName&(); // cout <<"Found auth ("<()).toString()<<", ttl = "<()) << endl; break; @@ -2428,7 +2467,7 @@ bool LMDBBackend::getBeforeAndAfterNames(uint32_t domainId, const ZoneName& zone ++skips; if (rc != 0 || compoundOrdername::getDomainID(key.getNoStripHeader()) != domainId) { // cout << " oops, hit end of database or zone. This means after is apex" <()) + zonename; + before = co.getQName(key.getNoStripHeader()) + zonename.operator const DNSName&(); LMDBResourceRecord lrr; deserializeFromBuffer(val.get(), lrr); // cout<<"And before to "<push_back(di); @@ -326,7 +326,7 @@ public: return false; logCall("get_all_domain_metadata", "name=" << name); - get_all_domain_metadata_result_t result = f_get_all_domain_metadata(name); + get_all_domain_metadata_result_t result = f_get_all_domain_metadata(name.operator const DNSName&()); if (result.which() == 0) return false; @@ -346,7 +346,7 @@ public: return false; logCall("get_domain_metadata", "name=" << name << ",kind=" << kind); - get_domain_metadata_result_t result = f_get_domain_metadata(name, kind); + get_domain_metadata_result_t result = f_get_domain_metadata(name.operator const DNSName&(), kind); if (result.which() == 0) return false; @@ -364,7 +364,7 @@ public: return false; logCall("get_domain_keys", "name=" << name); - get_domain_keys_result_t result = f_get_domain_keys(name); + get_domain_keys_result_t result = f_get_domain_keys(name.operator const DNSName&()); if (result.which() == 0) return false; diff --git a/modules/remotebackend/remotebackend.hh b/modules/remotebackend/remotebackend.hh index c9aeaa8f22..e429a78b8f 100644 --- a/modules/remotebackend/remotebackend.hh +++ b/modules/remotebackend/remotebackend.hh @@ -178,7 +178,7 @@ public: bool getDomainKeys(const ZoneName& name, std::vector& keys) override; bool getTSIGKey(const DNSName& name, DNSName& algorithm, std::string& content) override; bool getBeforeAndAfterNamesAbsolute(uint32_t id, const DNSName& qname, DNSName& unhashed, DNSName& before, DNSName& after) override; - bool setDomainMetadata(const DNSName& name, const string& kind, const std::vector>& meta) override; + bool setDomainMetadata(const ZoneName& name, const string& kind, const std::vector>& meta) override; bool removeDomainKey(const ZoneName& name, unsigned int keyId) override; bool addDomainKey(const ZoneName& name, const KeyData& key, int64_t& keyId) override; bool activateDomainKey(const ZoneName& name, unsigned int keyId) override; diff --git a/pdns/auth-catalogzone.cc b/pdns/auth-catalogzone.cc index f07e39360f..e9f93a485d 100644 --- a/pdns/auth-catalogzone.cc +++ b/pdns/auth-catalogzone.cc @@ -116,7 +116,7 @@ void CatalogInfo::updateHash(CatalogHashMap& hashes, const DomainInfo& di) const DNSZoneRecord CatalogInfo::getCatalogVersionRecord(const ZoneName& zone) { DNSZoneRecord dzr; - dzr.dr.d_name = DNSName("version") + zone; + dzr.dr.d_name = DNSName("version") + zone.operator const DNSName&(); dzr.dr.d_ttl = 0; dzr.dr.d_type = QType::TXT; dzr.dr.setContent(std::make_shared("2")); @@ -132,7 +132,7 @@ void CatalogInfo::toDNSZoneRecords(const ZoneName& zone, vector& else { prefix = d_unique; } - prefix += DNSName("zones") + zone; + prefix += DNSName("zones") + zone.operator const DNSName&(); DNSZoneRecord dzr; dzr.dr.d_name = prefix; diff --git a/pdns/auth-catalogzone.hh b/pdns/auth-catalogzone.hh index fc040c6bd2..b6cb4cd4a2 100644 --- a/pdns/auth-catalogzone.hh +++ b/pdns/auth-catalogzone.hh @@ -60,7 +60,7 @@ public: void setType(CatalogType type) { d_type = type; } void updateHash(CatalogHashMap& hashes, const DomainInfo& di) const; - DNSName getUnique() const { return DNSName(toBase32Hex(hashQNameWithSalt(std::to_string(d_id), 0, d_zone))); } // salt with domain id to detect recreated zones + DNSName getUnique() const { return DNSName(toBase32Hex(hashQNameWithSalt(std::to_string(d_id), 0, DNSName(d_zone)))); } // salt with domain id to detect recreated zones static DNSZoneRecord getCatalogVersionRecord(const ZoneName& zone); void toDNSZoneRecords(const ZoneName& zone, vector& dzrs) const; diff --git a/pdns/auth-primarycommunicator.cc b/pdns/auth-primarycommunicator.cc index e16506df37..4555886f6b 100644 --- a/pdns/auth-primarycommunicator.cc +++ b/pdns/auth-primarycommunicator.cc @@ -53,7 +53,7 @@ void CommunicatorClass::queueNotifyDomain(const DomainInfo& di, UeberBackend* B) try { if (d_onlyNotify.size()) { - B->lookup(QType(QType::NS), di.zone, di.id); + B->lookup(QType(QType::NS), di.zone.operator const DNSName&(), di.id); while (B->get(rr)) nsset.insert(getRR(rr.dr)->getNS()); @@ -139,7 +139,7 @@ void CommunicatorClass::getUpdatedProducers(UeberBackend* B, vector& std::string metaHash; std::string mapHash; for (auto& ch : catalogHashes) { - if (!catalogs.count(ch.first)) { + if (!catalogs.count(ch.first.operator const DNSName&())) { g_log << Logger::Warning << "orphaned member zones found with catalog '" << ch.first << "'" << endl; continue; } @@ -169,7 +169,7 @@ void CommunicatorClass::getUpdatedProducers(UeberBackend* B, vector& DNSResourceRecord rr; makeIncreasedSOARecord(sd, "EPOCH", "", rr); - di.backend->startTransaction(sd.qname, -1); + di.backend->startTransaction(ZoneName(sd.qname), -1); if (!di.backend->replaceRRSet(di.id, rr.qname, rr.qtype, vector(1, rr))) { di.backend->abortTransaction(); throw PDNSException("backend hosting producer zone '" + sd.qname.toLogString() + "' does not support editing records"); @@ -202,7 +202,7 @@ void CommunicatorClass::primaryUpdateCheck(PacketHandler* P) } for (auto& di : cmdomains) { - purgeAuthCachesExact(di.zone); + purgeAuthCachesExact(di.zone.operator const DNSName&()); g_zoneCache.add(di.zone, di.id); queueNotifyDomain(di, B); di.backend->setNotified(di.id, di.serial); @@ -237,7 +237,7 @@ time_t CommunicatorClass::doNotifications(PacketHandler* P) g_log << Logger::Warning << "Received unsuccessful notification report for '" << p.qdomain << "' from " << from.toStringWithPort() << ", error: " << RCode::to_s(p.d.rcode) << endl; } - if (d_nq.removeIf(from, p.d.id, p.qdomain)) { + if (d_nq.removeIf(from, p.d.id, ZoneName(p.qdomain))) { g_log << Logger::Notice << "Removed from notification list: '" << p.qdomain << "' to " << from.toStringWithPort() << " " << (p.d.rcode ? RCode::to_s(p.d.rcode) : "(was acknowledged)") << endl; } else { @@ -293,7 +293,7 @@ void CommunicatorClass::sendNotification(int sock, const ZoneName& domain, const } vector packet; - DNSPacketWriter pw(packet, domain, QType::SOA, 1, Opcode::Notify); + DNSPacketWriter pw(packet, domain.operator const DNSName&(), QType::SOA, 1, Opcode::Notify); pw.getHeader()->id = notificationId; pw.getHeader()->aa = true; diff --git a/pdns/auth-secondarycommunicator.cc b/pdns/auth-secondarycommunicator.cc index ec2f1d16c2..31d999709f 100644 --- a/pdns/auth-secondarycommunicator.cc +++ b/pdns/auth-secondarycommunicator.cc @@ -186,7 +186,7 @@ static bool catalogDiff(const DomainInfo& di, vector& fromXFR, vect CatalogInfo ci; ci.fromJson(d.options, CatalogInfo::CatalogType::Consumer); - if (di.zone != d.catalog && di.zone == ci.d_coo) { + if (di.zone != d.catalog && di.zone.operator const DNSName&() == ci.d_coo) { if (ciCreate.d_unique == ci.d_unique) { g_log << Logger::Warning << logPrefix << "zone '" << d.zone << "' owner change without state reset, old catalog '" << d.catalog << "', new catalog '" << di.zone << "'" << endl; @@ -326,7 +326,7 @@ static bool catalogProcess(const DomainInfo& di, vector& rrs, DNSName rel; DNSName unique; for (auto& rr : rrs) { - if (di.zone == rr.qname) { + if (di.zone.operator const DNSName&() == rr.qname) { if (rr.qtype == QType::SOA) { hasSOA = true; continue; @@ -336,7 +336,7 @@ static bool catalogProcess(const DomainInfo& di, vector& rrs, } } - else if (rr.qname == DNSName("version") + di.zone && rr.qtype == QType::TXT) { + else if (rr.qname == DNSName("version") + di.zone.operator const DNSName&() && rr.qtype == QType::TXT) { if (hasVersion) { g_log << Logger::Warning << logPrefix << "zone '" << di.zone << "', multiple version records found, aborting" << endl; return false; @@ -354,13 +354,13 @@ static bool catalogProcess(const DomainInfo& di, vector& rrs, } } - else if (rr.qname.isPartOf(DNSName("zones") + di.zone)) { + else if (rr.qname.isPartOf(DNSName("zones") + di.zone.operator const DNSName&())) { if (rel.empty() && !hasVersion) { g_log << Logger::Warning << logPrefix << "zone '" << di.zone << "', catalog zone schema version missing, aborting" << endl; return false; } - rel = rr.qname.makeRelative(DNSName("zones") + di.zone); + rel = rr.qname.makeRelative(DNSName("zones") + di.zone.operator const DNSName&()); if (rel.countLabels() == 1 && rr.qtype == QType::PTR) { if (!unique.empty()) { @@ -377,7 +377,7 @@ static bool catalogProcess(const DomainInfo& di, vector& rrs, ci = {}; ci.setType(CatalogInfo::CatalogType::Consumer); - ci.d_zone = DNSName(rr.content); + ci.d_zone = ZoneName(rr.content); ci.d_unique = unique; if (!dupcheck.insert(ci.d_zone).second) { @@ -451,7 +451,7 @@ void CommunicatorClass::ixfrSuck(const ZoneName& domain, const TSIGTriplet& tsig soatimes drsoa_soatimes = {di.serial, 0, 0, 0, 0}; DNSRecord drsoa; drsoa.setContent(std::make_shared(g_rootdnsname, g_rootdnsname, drsoa_soatimes)); - auto deltas = getIXFRDeltas(remote, domain, drsoa, xfrTimeout, false, tsig, laddr.sin4.sin_family != 0 ? &laddr : nullptr, ((size_t)::arg().asNum("xfr-max-received-mbytes")) * 1024 * 1024); + auto deltas = getIXFRDeltas(remote, domain.operator const DNSName&(), drsoa, xfrTimeout, false, tsig, laddr.sin4.sin_family != 0 ? &laddr : nullptr, ((size_t)::arg().asNum("xfr-max-received-mbytes")) * 1024 * 1024); status.numDeltas = deltas.size(); // cout<<"Got "<, pair, vector>> grouped; for (const auto& x : remove) - grouped[{x.d_name, x.d_type}].first.push_back(x); + grouped[{ZoneName(x.d_name), x.d_type}].first.push_back(x); for (const auto& x : add) - grouped[{x.d_name, x.d_type}].second.push_back(x); + grouped[{ZoneName(x.d_name), x.d_type}].second.push_back(x); di.backend->startTransaction(domain, -1); for (const auto& g : grouped) { vector rrset; { DNSZoneRecord zrr; - di.backend->lookup(QType(g.first.second), g.first.first + domain, di.id); + di.backend->lookup(QType(g.first.second), g.first.first.operator const DNSName&() + domain.operator const DNSName&(), di.id); while (di.backend->get(zrr)) { zrr.dr.d_name.makeUsRelative(domain); rrset.push_back(zrr.dr); @@ -505,7 +505,7 @@ void CommunicatorClass::ixfrSuck(const ZoneName& domain, const TSIGTriplet& tsig vector replacement; for (const auto& dr : rrset) { auto rr = DNSResourceRecord::fromWire(dr); - rr.qname += domain; + rr.qname += domain.operator const DNSName&(); rr.domain_id = di.id; if (dr.d_type == QType::SOA) { // cout<<"New SOA: "<getZoneRepresentation()<replaceRRSet(di.id, g.first.first + domain, QType(g.first.second), replacement); + di.backend->replaceRRSet(di.id, g.first.first.operator const DNSName&() + domain.operator const DNSName&(), QType(g.first.second), replacement); } di.backend->commitTransaction(); } @@ -586,7 +586,7 @@ static vector doAxfr(const ComboAddress& raddr, const DNSName { uint16_t axfr_timeout = ::arg().asNum("axfr-fetch-timeout"); vector rrs; - AXFRRetriever retriever(raddr, domain, tt, (laddr.sin4.sin_family == 0) ? nullptr : &laddr, ((size_t)::arg().asNum("xfr-max-received-mbytes")) * 1024 * 1024, axfr_timeout); + AXFRRetriever retriever(raddr, ZoneName(domain), tt, (laddr.sin4.sin_family == 0) ? nullptr : &laddr, ((size_t)::arg().asNum("xfr-max-received-mbytes")) * 1024 * 1024, axfr_timeout); Resolver::res_t recs; bool first = true; bool firstNSEC3{true}; @@ -760,9 +760,10 @@ void CommunicatorClass::suck(const ZoneName& domain, const ComboAddress& remote, rrs.reserve(axfr.size()); for (const auto& dr : axfr) { auto rr = DNSResourceRecord::fromWire(dr); - (rr.qname += domain).makeUsLowerCase(); + rr.qname += domain.operator const DNSName&(); + rr.qname.makeUsLowerCase(); rr.domain_id = zs.domain_id; - if (!processRecordForZS(domain, firstNSEC3, rr, zs)) + if (!processRecordForZS(domain.operator const DNSName&(), firstNSEC3, rr, zs)) continue; if (dr.d_type == QType::SOA) { auto sd = getRR(dr); @@ -781,7 +782,7 @@ void CommunicatorClass::suck(const ZoneName& domain, const ComboAddress& remote, if (rrs.empty()) { g_log << Logger::Notice << logPrefix << "starting AXFR" << endl; - rrs = doAxfr(remote, domain, tt, laddr, pdl, zs); + rrs = doAxfr(remote, domain.operator const DNSName&(), tt, laddr, pdl, zs); logPrefix = "A" + logPrefix; // XFR -> AXFR g_log << Logger::Notice << logPrefix << "retrieval finished" << endl; } @@ -880,7 +881,7 @@ void CommunicatorClass::suck(const ZoneName& domain, const ComboAddress& remote, if (zs.nsset.count(shorter) && rr.qtype.getCode() != QType::DS) rr.auth = false; - if (shorter == domain) // stop at apex + if (shorter == domain.operator const DNSName&()) // stop at apex break; } while (shorter.chopOff()); @@ -941,7 +942,7 @@ void CommunicatorClass::suck(const ZoneName& domain, const ComboAddress& remote, // Insert empty non-terminals if (doent && !nonterm.empty()) { if (zs.isNSEC3) { - di.backend->feedEnts3(zs.domain_id, domain, nonterm, zs.ns3pr, zs.isNarrow); + di.backend->feedEnts3(zs.domain_id, domain.operator const DNSName&(), nonterm, zs.ns3pr, zs.isNarrow); } else di.backend->feedEnts(zs.domain_id, nonterm); @@ -1050,11 +1051,11 @@ struct SecondarySenderReceiver { shuffle(dni.di.primaries.begin(), dni.di.primaries.end(), pdns::dns_random_engine()); try { - return {dni.di.zone, + return {dni.di.zone.operator const DNSName&(), *dni.di.primaries.begin(), d_resolver.sendResolve(*dni.di.primaries.begin(), dni.localaddr, - dni.di.zone, + dni.di.zone.operator const DNSName&(), QType::SOA, nullptr, dni.dnssecOk, dni.tsigkeyname, dni.tsigalgname, dni.tsigsecret)}; @@ -1310,7 +1311,7 @@ void CommunicatorClass::secondaryRefresh(PacketHandler* P) SOAData sd; try { // Use UeberBackend cache for SOA. Cache gets cleared after AXFR/IXFR. - B->lookup(QType(QType::SOA), di.zone, di.id, nullptr); + B->lookup(QType(QType::SOA), di.zone.operator const DNSName&(), di.id, nullptr); DNSZoneRecord zr; hasSOA = B->get(zr); if (hasSOA) { @@ -1333,7 +1334,7 @@ void CommunicatorClass::secondaryRefresh(PacketHandler* P) else if (hasSOA && theirserial == ourserial) { uint32_t maxExpire = 0, maxInception = 0; if (checkSignatures && dk.isPresigned(di.zone)) { - B->lookup(QType(QType::RRSIG), di.zone, di.id); // can't use DK before we are done with this lookup! + B->lookup(QType(QType::RRSIG), di.zone.operator const DNSName&(), di.id); // can't use DK before we are done with this lookup! DNSZoneRecord zr; while (B->get(zr)) { auto rrsig = getRR(zr.dr); diff --git a/pdns/axfr-retriever.cc b/pdns/axfr-retriever.cc index 216f80f9fb..d3e0c2b914 100644 --- a/pdns/axfr-retriever.cc +++ b/pdns/axfr-retriever.cc @@ -57,7 +57,7 @@ AXFRRetriever::AXFRRetriever(const ComboAddress& remote, d_soacount = 0; vector packet; - DNSPacketWriter pw(packet, domain, QType::AXFR); + DNSPacketWriter pw(packet, DNSName(domain), QType::AXFR); pw.getHeader()->id = dns_random_uint16(); if (!tsigConf.name.empty()) { diff --git a/pdns/backends/gsql/gsqlbackend.cc b/pdns/backends/gsql/gsqlbackend.cc index e912a56d5d..10aea8ed5f 100644 --- a/pdns/backends/gsql/gsqlbackend.cc +++ b/pdns/backends/gsql/gsqlbackend.cc @@ -588,7 +588,7 @@ void GSQLBackend::getUpdatedPrimaries(vector& updatedDomains, std::u } if (pdns_iequals(row[2], "PRODUCER")) { - catalogs.insert(di.zone); + catalogs.insert(di.zone.operator const DNSName&()); catalogHashes[di.zone].process("\0"); continue; // Producer fresness check is performed elsewhere } diff --git a/pdns/backends/gsql/ssql.hh b/pdns/backends/gsql/ssql.hh index 79c1be0ed1..ffd1a4f8a7 100644 --- a/pdns/backends/gsql/ssql.hh +++ b/pdns/backends/gsql/ssql.hh @@ -67,6 +67,10 @@ public: } return bind(name, string("")); } + SSqlStatement* bind(const string& name, const ZoneName& value) + { + return bind(name, value.operator const DNSName&()); + } virtual SSqlStatement* bindNull(const string& name) = 0; virtual SSqlStatement* execute() = 0; ; diff --git a/pdns/dbdnsseckeeper.cc b/pdns/dbdnsseckeeper.cc index 0a1018a131..7d1ae97f6c 100644 --- a/pdns/dbdnsseckeeper.cc +++ b/pdns/dbdnsseckeeper.cc @@ -772,14 +772,14 @@ bool DNSSECKeeper::rectifyZone(const ZoneName& zone, string& error, string& info if (!res.second && !res.first->second.update) { res.first->second.update = res.first->second.auth != rr.auth || res.first->second.ordername != rr.ordername; } - else if ((!securedZone || narrow) && rr.qname == zone) { + else if ((!securedZone || narrow) && rr.qname == zone.operator const DNSName&()) { res.first->second.update = true; } if (rr.qtype.getCode()) { qnames.insert(rr.qname); - if(rr.qtype.getCode() == QType::NS && rr.qname != zone) + if(rr.qtype.getCode() == QType::NS && rr.qname != zone.operator const DNSName&()) nsset.insert(rr.qname); if(rr.qtype.getCode() == QType::DS) dsnames.insert(rr.qname); @@ -813,13 +813,13 @@ bool DNSSECKeeper::rectifyZone(const ZoneName& zone, string& error, string& info for (auto &loopRR: rrs) { bool skip=false; DNSName shorter = loopRR.qname; - if (shorter != zone && shorter.chopOff() && shorter != zone) { + if (shorter != zone.operator const DNSName&() && shorter.chopOff() && shorter != zone.operator const DNSName&()) { do { if(nsset.count(shorter)) { skip=true; break; } - } while(shorter.chopOff() && shorter != zone); + } while(shorter.chopOff() && shorter != zone.operator const DNSName&()); } shorter = loopRR.qname; if(!skip && (loopRR.qtype.getCode() != QType::NS || !isOptOut)) { @@ -828,7 +828,7 @@ bool DNSSECKeeper::rectifyZone(const ZoneName& zone, string& error, string& info if(!nsec3set.count(shorter)) { nsec3set.insert(shorter); } - } while(shorter != zone && shorter.chopOff()); + } while(shorter != zone.operator const DNSName&() && shorter.chopOff()); } } } @@ -901,7 +901,7 @@ bool DNSSECKeeper::rectifyZone(const ZoneName& zone, string& error, string& info if(doent) { shorter=qname; - while(shorter!=zone && shorter.chopOff()) + while(shorter!=zone.operator const DNSName&() && shorter.chopOff()) { if(!qnames.count(shorter)) { diff --git a/pdns/dnsbackend.cc b/pdns/dnsbackend.cc index 031ce1b656..50b83a5f33 100644 --- a/pdns/dnsbackend.cc +++ b/pdns/dnsbackend.cc @@ -250,7 +250,7 @@ vector> BackendMakerClass::all(bool metadataOnly) */ bool DNSBackend::getSOA(const ZoneName& domain, SOAData& soaData) { - this->lookup(QType(QType::SOA), domain, -1); + this->lookup(QType(QType::SOA), domain.operator const DNSName&(), -1); S.inc("backend-queries"); DNSResourceRecord resourceRecord; @@ -264,7 +264,7 @@ bool DNSBackend::getSOA(const ZoneName& domain, SOAData& soaData) throw PDNSException("Got non-SOA record when asking for SOA, zone: '" + domain.toLogString() + "'"); } hits++; - soaData.qname = domain; + soaData.qname = domain.operator const DNSName&(); soaData.ttl = resourceRecord.ttl; soaData.db = this; soaData.domain_id = resourceRecord.domain_id; @@ -310,7 +310,7 @@ bool DNSBackend::getBeforeAndAfterNames(uint32_t domainId, const ZoneName& zonen { DNSName unhashed; bool ret = this->getBeforeAndAfterNamesAbsolute(domainId, qname.makeRelative(zonename).makeLowerCase(), unhashed, before, after); - DNSName lczonename = zonename.makeLowerCase(); + DNSName lczonename = zonename.makeLowerCase().operator const DNSName&(); before += lczonename; after += lczonename; return ret; diff --git a/pdns/dnsname.cc b/pdns/dnsname.cc index 1af07d4dc5..0b5c8421de 100644 --- a/pdns/dnsname.cc +++ b/pdns/dnsname.cc @@ -730,3 +730,31 @@ bool DNSName::RawLabelsVisitor::empty() const { return d_position == 0; } + +#if defined(PDNS_AUTH) // [ +std::ostream & operator<<(std::ostream &os, const ZoneName& d) +{ + return os < + struct hash { + size_t operator () (const ZoneName& dn) const { return dn.hash(0); } + }; +} + +struct CanonZoneNameCompare +{ + bool operator()(const ZoneName& a, const ZoneName& b) const + { + return a.canonCompare(b); + } +}; +#else // ] [ using ZoneName = DNSName; using CanonZoneNameCompare = CanonDNSNameCompare; +#endif // ] template struct SuffixMatchTree diff --git a/pdns/dnssecsigner.cc b/pdns/dnssecsigner.cc index db77a42b8f..4b5032561b 100644 --- a/pdns/dnssecsigner.cc +++ b/pdns/dnssecsigner.cc @@ -119,7 +119,7 @@ static int getRRSIGsForRRSET(DNSSECKeeper& dsk, const ZoneName& signer, const DN rrc.d_originalttl=signTTL; rrc.d_siginception=startOfWeek - 7*86400; // XXX should come from zone metadata rrc.d_sigexpire=startOfWeek + 14*86400; - rrc.d_signer = signer; + rrc.d_signer = signer.operator const DNSName&(); rrc.d_tag = 0; DNSSECKeeper::keyset_t keys = dsk.getKeys(signer); diff --git a/pdns/fuzz_zoneparsertng.cc b/pdns/fuzz_zoneparsertng.cc index 03c4ca55d0..0fec3e4127 100644 --- a/pdns/fuzz_zoneparsertng.cc +++ b/pdns/fuzz_zoneparsertng.cc @@ -49,7 +49,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) std::string tmp(reinterpret_cast(data), size); boost::split(lines, tmp, boost::is_any_of("\n")); - ZoneParserTNG zpt(lines, g_rootdnsname); + ZoneParserTNG zpt(lines, ZoneName(g_rootdnsname)); /* limit the number of steps for '$GENERATE' entries */ zpt.setMaxGenerateSteps(10000); zpt.setMaxIncludes(20); diff --git a/pdns/ixfrdist-stats.hh b/pdns/ixfrdist-stats.hh index c6cb0f564f..2ef688fee4 100644 --- a/pdns/ixfrdist-stats.hh +++ b/pdns/ixfrdist-stats.hh @@ -102,7 +102,7 @@ class ixfrdistStats { std::array, 16> notimpStats{}; programStats progStats; - std::map::iterator getRegisteredDomain(const DNSName& d) { + std::map::iterator getRegisteredDomain(const ZoneName& d) { auto ret = domainStats.find(d); if (ret == domainStats.end()) { throw PDNSException("Domain '" + d.toLogString() + "' not defined in the statistics map"); diff --git a/pdns/ixfrdist.cc b/pdns/ixfrdist.cc index ac755d5b22..c2d83c6d1b 100644 --- a/pdns/ixfrdist.cc +++ b/pdns/ixfrdist.cc @@ -305,7 +305,7 @@ static void sendNotification(int sock, const ZoneName& domain, const ComboAddres { std::vector meta; std::vector packet; - DNSPacketWriter packetWriter(packet, domain, QType::SOA, 1, Opcode::Notify); + DNSPacketWriter packetWriter(packet, domain.operator const DNSName&(), QType::SOA, 1, Opcode::Notify); packetWriter.getHeader()->id = notificationId; packetWriter.getHeader()->aa = true; @@ -345,7 +345,7 @@ static void communicatorReceiveNotificationAnswers(const int sock4, const int so g_log << Logger::Warning << "Received unsuccessful notification report for '" << packet.qdomain << "' from " << from.toStringWithPort() << ", error: " << RCode::to_s(packet.d.rcode) << endl; } - if (g_notificationQueue.lock()->removeIf(from, packet.d.id, packet.qdomain)) { + if (g_notificationQueue.lock()->removeIf(from, packet.d.id, ZoneName(packet.qdomain))) { g_log << Logger::Notice << "Removed from notification list: '" << packet.qdomain << "' to " << from.toStringWithPort() << " " << (packet.d.rcode != 0 ? RCode::to_s(packet.d.rcode) : "(was acknowledged)") << endl; } else { @@ -625,7 +625,7 @@ static ResponseType maybeHandleNotify(const MOADNSParser& mdp, const ComboAddres g_log<insert(mdp.d_qname); + g_notifiesReceived.lock()->insert(ZoneName(mdp.d_qname)); if (!found->second.notify.empty()) { for (const auto& address : found->second.notify) { g_log << Logger::Debug << logPrefix << "Queuing notification for " << mdp.d_qname << " to " << address.toStringWithPort() << std::endl; - g_notificationQueue.lock()->add(mdp.d_qname, address); + g_notificationQueue.lock()->add(ZoneName(mdp.d_qname), address); } } return ResponseType::EmptyNoError; @@ -680,12 +680,12 @@ static ResponseType checkQuery(const MOADNSParser& mdp, const ComboAddress& sadd } { - if (g_domainConfigs.find(mdp.d_qname) == g_domainConfigs.end()) { + if (g_domainConfigs.find(ZoneName(mdp.d_qname)) == g_domainConfigs.end()) { info_msg.push_back("Domain name '" + mdp.d_qname.toLogString() + "' is not configured for distribution"); ret = ResponseType::RefusedQuery; } else { - const auto zoneInfo = getCurrentZoneInfo(mdp.d_qname); + const auto zoneInfo = getCurrentZoneInfo(ZoneName(mdp.d_qname)); if (zoneInfo == nullptr) { info_msg.emplace_back("Domain has not been transferred yet"); ret = ResponseType::RefusedQuery; @@ -735,7 +735,7 @@ static bool makeEmptyNoErrorPacket(const MOADNSParser& mdp, vector& pac */ static bool makeSOAPacket(const MOADNSParser& mdp, vector& packet) { - auto zoneInfo = getCurrentZoneInfo(mdp.d_qname); + auto zoneInfo = getCurrentZoneInfo(ZoneName(mdp.d_qname)); if (zoneInfo == nullptr) { return false; } @@ -872,9 +872,9 @@ static bool handleAXFR(int fd, const MOADNSParser& mdp) { until we release it. */ - g_stats.incrementAXFRinQueries(mdp.d_qname); + g_stats.incrementAXFRinQueries(ZoneName(mdp.d_qname)); - auto zoneInfo = getCurrentZoneInfo(mdp.d_qname); + auto zoneInfo = getCurrentZoneInfo(ZoneName(mdp.d_qname)); if (zoneInfo == nullptr) { return false; } @@ -912,9 +912,9 @@ static bool handleIXFR(int fd, const MOADNSParser& mdp, const shared_ptr& soarecord, const TSIGTriplet& tsig, const uint16_t timeout) { vector packet; - DNSPacketWriter pw(packet, zone, QType::SOA); + DNSPacketWriter pw(packet, zone.operator const DNSName&(), QType::SOA); if(!tsig.algo.empty()) { TSIGRecordContent trc; trc.d_algoName = tsig.algo; diff --git a/pdns/ixplore.cc b/pdns/ixplore.cc index 1421b315b3..1b2fac69d7 100644 --- a/pdns/ixplore.cc +++ b/pdns/ixplore.cc @@ -88,12 +88,12 @@ int main(int argc, char** argv) { set_difference(before.cbegin(), before.cend(), after.cbegin(), after.cend(), back_inserter(diff), before.value_comp()); for(const auto& d : diff) { - cout<<'-'<< (d.d_name+zone) <<" IN "<getZoneRepresentation()<getZoneRepresentation()<getZoneRepresentation()<getZoneRepresentation()<getZoneRepresentation()<getZoneRepresentation()<getZoneRepresentation()<getZoneRepresentation()<registerFunction()>("getRRS", [](DNSPacket &p){ std::unordered_map ret; unsigned int i = 0; for(const auto &rec: p.getRRS()) { ret.insert({i++, rec.dr}); } return ret;}); d_lw->registerMember("qdomain", [](const DNSPacket &p) -> DNSName { return p.qdomain; }, [](DNSPacket &p, const DNSName& name) { p.qdomain = name; }); d_lw->registerMember("qdomainwild", [](const DNSPacket &p) -> DNSName { return p.qdomainwild; }, [](DNSPacket &p, const DNSName& name) { p.qdomainwild = name; }); - d_lw->registerMember("qdomainzone", [](const DNSPacket &p) -> DNSName { return p.qdomainzone; }, [](DNSPacket &p, const DNSName& name) { p.qdomainzone = name; }); + d_lw->registerMember("qdomainzone", [](const DNSPacket &p) -> DNSName { return p.qdomainzone.operator const DNSName&(); }, [](DNSPacket &p, const DNSName& name) { p.qdomainzone = ZoneName(name); }); d_lw->registerMember("d_peer_principal", [](const DNSPacket &p) -> std::string { return p.d_peer_principal; }, [](DNSPacket &p, const std::string &princ) { p.d_peer_principal = princ; }); d_lw->registerMember("qtype", [](const DNSPacket &p) -> const std::string { return p.qtype.toString(); }, [](DNSPacket &p, const std::string &type) { p.qtype = type; }); diff --git a/pdns/lua-base4.cc b/pdns/lua-base4.cc index 21f10aa5fb..30c4b9a92d 100644 --- a/pdns/lua-base4.cc +++ b/pdns/lua-base4.cc @@ -103,8 +103,8 @@ void BaseLua4::prepareContext() { d_lw->writeFunction("newDN", [](const std::string& dom){ return DNSName(dom); }); d_lw->registerFunction("__lt", &DNSName::operator<); d_lw->registerFunction("canonCompare", &DNSName::canonCompare); - d_lw->registerFunction("makeRelative", &DNSName::makeRelative); - d_lw->registerFunction("isPartOf", &DNSName::isPartOf); + d_lw->registerFunction("makeRelative", [](const DNSName& name, const DNSName& zone) { return name.makeRelative(zone); }); + d_lw->registerFunction("isPartOf", [](const DNSName& name, const DNSName& rhs) { return name.isPartOf(rhs); }); d_lw->registerFunction("getRawLabels", &DNSName::getRawLabels); d_lw->registerFunction("countLabels", [](const DNSName& name) { return name.countLabels(); }); d_lw->registerFunction("wireLength", [](const DNSName& name) { return name.wirelength(); }); diff --git a/pdns/lua-record.cc b/pdns/lua-record.cc index 959c1cf4c2..8f3d48c322 100644 --- a/pdns/lua-record.cc +++ b/pdns/lua-record.cc @@ -1583,7 +1583,7 @@ static vector lua_dblookup(const string& record, uint16_t qtype) return ret; } - vector drs = lookup(rec, qtype, soaData.domain_id); + vector drs = lookup(rec.operator const DNSName&(), qtype, soaData.domain_id); for (const auto& drec : drs) { ret.push_back(drec.dr.getContent()->getZoneRepresentation()); } diff --git a/pdns/misc.hh b/pdns/misc.hh index 6129d37664..38c569c0ad 100644 --- a/pdns/misc.hh +++ b/pdns/misc.hh @@ -45,7 +45,11 @@ #include "namespaces.hh" class DNSName; +#if defined(PDNS_AUTH) +class ZoneName; +#else using ZoneName = DNSName; +#endif // Do not change to "using TSIGHashEnum ..." until you know CodeQL does not choke on it typedef enum @@ -480,10 +484,10 @@ inline bool isCanonical(const string& qname) inline DNSName toCanonic(const ZoneName& zone, const string& qname) { if(qname.size()==1 && qname[0]=='@') - return zone; + return DNSName(zone); if(isCanonical(qname)) return DNSName(qname); - return DNSName(qname) += zone; + return DNSName(qname) += DNSName(zone); } string stripDot(const string& dom); @@ -572,6 +576,12 @@ public: return match(name.toStringNoDot()); } +#if defined(PDNS_AUTH) // [ + bool match(const ZoneName& name) const { + return match(name.toStringNoDot()); + } +#endif // ] + private: const string d_mask; const bool d_fold; diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc index c3c6215842..8ea1b013a0 100644 --- a/pdns/packethandler.cc +++ b/pdns/packethandler.cc @@ -121,8 +121,9 @@ PacketHandler::~PacketHandler() **/ bool PacketHandler::addCDNSKEY(DNSPacket& p, std::unique_ptr& r) { + ZoneName zonename(p.qdomain); string publishCDNSKEY; - d_dk.getPublishCDNSKEY(p.qdomain,publishCDNSKEY); + d_dk.getPublishCDNSKEY(zonename,publishCDNSKEY); if (publishCDNSKEY.empty()) return false; @@ -139,7 +140,7 @@ bool PacketHandler::addCDNSKEY(DNSPacket& p, std::unique_ptr& r) } bool haveOne=false; - for (const auto& value : d_dk.getEntryPoints(p.qdomain)) { + for (const auto& value : d_dk.getEntryPoints(zonename)) { if (!value.second.published) { continue; } @@ -172,7 +173,7 @@ bool PacketHandler::addDNSKEY(DNSPacket& p, std::unique_ptr& r) DNSZoneRecord rr; bool haveOne=false; - for (const auto& value : d_dk.getKeys(p.qdomain)) { + for (const auto& value : d_dk.getKeys(ZoneName(p.qdomain))) { if (!value.second.published) { continue; } @@ -209,7 +210,7 @@ bool PacketHandler::addDNSKEY(DNSPacket& p, std::unique_ptr& r) bool PacketHandler::addCDS(DNSPacket& p, std::unique_ptr& r) { string publishCDS; - d_dk.getPublishCDS(p.qdomain, publishCDS); + d_dk.getPublishCDS(ZoneName(p.qdomain), publishCDS); if (publishCDS.empty()) return false; @@ -230,7 +231,7 @@ bool PacketHandler::addCDS(DNSPacket& p, std::unique_ptr& r) bool haveOne=false; - for (const auto& value : d_dk.getEntryPoints(p.qdomain)) { + for (const auto& value : d_dk.getEntryPoints(ZoneName(p.qdomain))) { if (!value.second.published) { continue; } @@ -260,7 +261,7 @@ bool PacketHandler::addNSEC3PARAM(const DNSPacket& p, std::unique_ptr DNSZoneRecord rr; NSEC3PARAMRecordContent ns3prc; - if(d_dk.getNSEC3PARAM(p.qdomain, &ns3prc)) { + if(d_dk.getNSEC3PARAM(ZoneName(p.qdomain), &ns3prc)) { rr.dr.d_type=QType::NSEC3PARAM; rr.dr.d_ttl=d_sd.minimum; rr.dr.d_name=p.qdomain; @@ -388,9 +389,10 @@ bool PacketHandler::getBestWildcard(DNSPacket& p, const DNSName &target, DNSName #ifdef HAVE_LUA_RECORDS bool doLua=g_doLuaRecord; + ZoneName zonename(d_sd.qname); if(!doLua) { string val; - d_dk.getFromMeta(d_sd.qname, "ENABLE-LUA-RECORDS", val); + d_dk.getFromMeta(zonename, "ENABLE-LUA-RECORDS", val); doLua = (val=="1"); } #endif @@ -407,7 +409,7 @@ bool PacketHandler::getBestWildcard(DNSPacket& p, const DNSName &target, DNSName continue; } #ifdef HAVE_LUA_RECORDS - if (rr.dr.d_type == QType::LUA && !d_dk.isPresigned(d_sd.qname)) { + if (rr.dr.d_type == QType::LUA && !d_dk.isPresigned(zonename)) { if(!doLua) { DLOG(g_log<<"Have a wildcard Lua match, but not doing Lua record for this zone"< PacketHandler::getIPAddressFor(const DNSName &target, const void PacketHandler::emitNSEC(std::unique_ptr& r, const DNSName& name, const DNSName& next, int mode) { + ZoneName zonename(d_sd.qname); NSECRecordContent nrc; nrc.d_next = next; @@ -665,17 +668,17 @@ void PacketHandler::emitNSEC(std::unique_ptr& r, const DNSName& name, nrc.set(QType::RRSIG); if(d_sd.qname == name) { nrc.set(QType::SOA); // 1dfd8ad SOA can live outside the records table - if(!d_dk.isPresigned(d_sd.qname)) { - auto keyset = d_dk.getKeys(name); + if(!d_dk.isPresigned(zonename)) { + auto keyset = d_dk.getKeys(zonename); for(const auto& value: keyset) { if (value.second.published) { nrc.set(QType::DNSKEY); string publishCDNSKEY; - d_dk.getPublishCDNSKEY(name, publishCDNSKEY); + d_dk.getPublishCDNSKEY(zonename, publishCDNSKEY); if (! publishCDNSKEY.empty()) nrc.set(QType::CDNSKEY); string publishCDS; - d_dk.getPublishCDS(name, publishCDS); + d_dk.getPublishCDS(zonename, publishCDS); if (! publishCDS.empty()) nrc.set(QType::CDS); break; @@ -693,12 +696,12 @@ void PacketHandler::emitNSEC(std::unique_ptr& r, const DNSName& name, B.lookup(QType(QType::ANY), name, d_sd.domain_id); while(B.get(rr)) { #ifdef HAVE_LUA_RECORDS - if (rr.dr.d_type == QType::LUA && first && !d_dk.isPresigned(d_sd.qname)) { + if (rr.dr.d_type == QType::LUA && first && !d_dk.isPresigned(zonename)) { first = false; doLua = g_doLuaRecord; if (!doLua) { string val; - d_dk.getFromMeta(d_sd.qname, "ENABLE-LUA-RECORDS", val); + d_dk.getFromMeta(zonename, "ENABLE-LUA-RECORDS", val); doLua = (val == "1"); } } @@ -713,12 +716,12 @@ void PacketHandler::emitNSEC(std::unique_ptr& r, const DNSName& name, // does not falsely deny the type for this name. // This does NOT add the ALIAS to the bitmap, as that record cannot // be requested. - if (!d_dk.isPresigned(d_sd.qname)) { + if (!d_dk.isPresigned(zonename)) { nrc.set(QType::A); nrc.set(QType::AAAA); } } - else if((rr.dr.d_type == QType::DNSKEY || rr.dr.d_type == QType::CDS || rr.dr.d_type == QType::CDNSKEY) && !d_dk.isPresigned(d_sd.qname) && !::arg().mustDo("direct-dnskey")) { + else if((rr.dr.d_type == QType::DNSKEY || rr.dr.d_type == QType::CDS || rr.dr.d_type == QType::CDNSKEY) && !d_dk.isPresigned(zonename) && !::arg().mustDo("direct-dnskey")) { continue; } else if(rr.dr.d_type == QType::NS || rr.auth) { @@ -738,6 +741,7 @@ void PacketHandler::emitNSEC(std::unique_ptr& r, const DNSName& name, void PacketHandler::emitNSEC3(std::unique_ptr& r, const NSEC3PARAMRecordContent& ns3prc, const DNSName& name, const string& namehash, const string& nexthash, int mode) { + ZoneName zonename(d_sd.qname); NSEC3RecordContent n3rc; n3rc.d_algorithm = ns3prc.d_algorithm; n3rc.d_flags = ns3prc.d_flags; @@ -751,17 +755,17 @@ void PacketHandler::emitNSEC3(std::unique_ptr& r, const NSEC3PARAMRec if (d_sd.qname == name) { n3rc.set(QType::SOA); // 1dfd8ad SOA can live outside the records table n3rc.set(QType::NSEC3PARAM); - if(!d_dk.isPresigned(d_sd.qname)) { - auto keyset = d_dk.getKeys(name); + if(!d_dk.isPresigned(zonename)) { + auto keyset = d_dk.getKeys(zonename); for(const auto& value: keyset) { if (value.second.published) { n3rc.set(QType::DNSKEY); string publishCDNSKEY; - d_dk.getPublishCDNSKEY(name, publishCDNSKEY); + d_dk.getPublishCDNSKEY(zonename, publishCDNSKEY); if (! publishCDNSKEY.empty()) n3rc.set(QType::CDNSKEY); string publishCDS; - d_dk.getPublishCDS(name, publishCDS); + d_dk.getPublishCDS(zonename, publishCDS); if (! publishCDS.empty()) n3rc.set(QType::CDS); break; @@ -778,12 +782,12 @@ void PacketHandler::emitNSEC3(std::unique_ptr& r, const NSEC3PARAMRec B.lookup(QType(QType::ANY), name, d_sd.domain_id); while(B.get(rr)) { #ifdef HAVE_LUA_RECORDS - if (rr.dr.d_type == QType::LUA && first && !d_dk.isPresigned(d_sd.qname)) { + if (rr.dr.d_type == QType::LUA && first && !d_dk.isPresigned(zonename)) { first = false; doLua = g_doLuaRecord; if (!doLua) { string val; - d_dk.getFromMeta(d_sd.qname, "ENABLE-LUA-RECORDS", val); + d_dk.getFromMeta(zonename, "ENABLE-LUA-RECORDS", val); doLua = (val == "1"); } } @@ -798,12 +802,12 @@ void PacketHandler::emitNSEC3(std::unique_ptr& r, const NSEC3PARAMRec // does not falsely deny the type for this name. // This does NOT add the ALIAS to the bitmap, as that record cannot // be requested. - if (!d_dk.isPresigned(d_sd.qname)) { + if (!d_dk.isPresigned(zonename)) { n3rc.set(QType::A); n3rc.set(QType::AAAA); } } - else if((rr.dr.d_type == QType::DNSKEY || rr.dr.d_type == QType::CDS || rr.dr.d_type == QType::CDNSKEY) && !d_dk.isPresigned(d_sd.qname) && !::arg().mustDo("direct-dnskey")) { + else if((rr.dr.d_type == QType::DNSKEY || rr.dr.d_type == QType::CDS || rr.dr.d_type == QType::CDNSKEY) && !d_dk.isPresigned(zonename) && !::arg().mustDo("direct-dnskey")) { continue; } else if(rr.dr.d_type && (rr.dr.d_type == QType::NS || rr.auth)) { @@ -840,7 +844,7 @@ void PacketHandler::addNSECX(DNSPacket& p, std::unique_ptr& r, const { NSEC3PARAMRecordContent ns3rc; bool narrow = false; - if(d_dk.getNSEC3PARAM(d_sd.qname, &ns3rc, &narrow)) { + if(d_dk.getNSEC3PARAM(ZoneName(d_sd.qname), &ns3rc, &narrow)) { if (mode != 5) // no direct NSEC3 queries, rfc5155 7.2.8 addNSEC3(p, r, target, wildcard, ns3rc, narrow, mode); } @@ -879,7 +883,7 @@ void PacketHandler::addNSEC3(DNSPacket& p, std::unique_ptr& r, const DLOG(g_log<<"addNSEC3() mode="<& r, c { DLOG(g_log<<"addNSEC() mode="<& r, c } DNSName before,after; - d_sd.db->getBeforeAndAfterNames(d_sd.domain_id, d_sd.qname, target, before, after); + d_sd.db->getBeforeAndAfterNames(d_sd.domain_id, zonename, target, before, after); if (mode != 5 || before == target) emitNSEC(r, before, after, mode); @@ -1003,7 +1008,7 @@ void PacketHandler::addNSEC(DNSPacket& /* p */, std::unique_ptr& r, c closest.chopOff(); closest.prependRawLabel("*"); } - d_sd.db->getBeforeAndAfterNames(d_sd.domain_id, d_sd.qname, closest, before, after); + d_sd.db->getBeforeAndAfterNames(d_sd.domain_id, zonename, closest, before, after); emitNSEC(r, before, after, mode); } return; @@ -1093,7 +1098,8 @@ int PacketHandler::tryAutoPrimarySynchronous(const DNSPacket& p, const DNSName& return RCode::Refused; } - if (!B.autoPrimaryBackend(remote.toString(), p.qdomain, nsset, &nameserver, &account, &db)) { + ZoneName zonename(p.qdomain); + if (!B.autoPrimaryBackend(remote.toString(), zonename, nsset, &nameserver, &account, &db)) { g_log << Logger::Error << "Unable to find backend willing to host " << p.qdomain << " for potential autoprimary " << remote << ". Remote nameservers: " << endl; for(const auto& rr: nsset) { if(rr.qtype==QType::NS) @@ -1102,29 +1108,30 @@ int PacketHandler::tryAutoPrimarySynchronous(const DNSPacket& p, const DNSName& return RCode::Refused; } try { - db->createSecondaryDomain(remote.toString(), p.qdomain, nameserver, account); + db->createSecondaryDomain(remote.toString(), zonename, nameserver, account); DomainInfo di; - if (!db->getDomainInfo(p.qdomain, di, false)) { - g_log << Logger::Error << "Failed to create " << p.qdomain << " for potential autoprimary " << remote << endl; + if (!db->getDomainInfo(zonename, di, false)) { + g_log << Logger::Error << "Failed to create " << zonename << " for potential autoprimary " << remote << endl; return RCode::ServFail; } - g_zoneCache.add(p.qdomain, di.id); + g_zoneCache.add(zonename, di.id); if (tsigkeyname.empty() == false) { vector meta; meta.push_back(tsigkeyname.toStringNoDot()); - db->setDomainMetadata(p.qdomain, "AXFR-MASTER-TSIG", meta); + db->setDomainMetadata(zonename, "AXFR-MASTER-TSIG", meta); } } catch(PDNSException& ae) { - g_log << Logger::Error << "Database error trying to create " << p.qdomain << " for potential autoprimary " << remote << ": " << ae.reason << endl; + g_log << Logger::Error << "Database error trying to create " << zonename << " for potential autoprimary " << remote << ": " << ae.reason << endl; return RCode::ServFail; } - g_log << Logger::Warning << "Created new secondary zone '" << p.qdomain << "' from autoprimary " << remote << endl; + g_log << Logger::Warning << "Created new secondary zone '" << zonename << "' from autoprimary " << remote << endl; return RCode::NoError; } int PacketHandler::processNotify(const DNSPacket& p) { + ZoneName zonename(p.qdomain); /* now what? was this notification from an approved address? was this notification approved by TSIG? @@ -1133,10 +1140,10 @@ int PacketHandler::processNotify(const DNSPacket& p) if primary is higher -> do stuff */ - g_log< meta; - if (B.getDomainMetadata(p.qdomain,"AXFR-MASTER-TSIG",meta) && meta.size() > 0) { + if (B.getDomainMetadata(zonename,"AXFR-MASTER-TSIG",meta) && meta.size() > 0) { DNSName expected{meta[0]}; if (p.getTSIGKeyname() != expected) { - g_log< forwardNotify(s_forwardNotify); for(const auto & j : forwardNotify) { - g_log<& r, con if(!retargeted) r->setA(false); - if(d_dk.isSecuredZone(d_sd.qname) && !addDSforNS(p, r, name) && d_dnssec) { + if(d_dk.isSecuredZone(ZoneName(d_sd.qname)) && !addDSforNS(p, r, name) && d_dnssec) { addNSECX(p, r, name, DNSName(), 1); } @@ -1307,7 +1314,7 @@ void PacketHandler::completeANYRecords(DNSPacket& p, std::unique_ptr& { addNSECX(p, r, target, DNSName(), 5); if(d_sd.qname == p.qdomain) { - if(!d_dk.isPresigned(d_sd.qname)) { + if(!d_dk.isPresigned(ZoneName(d_sd.qname))) { addDNSKEY(p, r); addCDNSKEY(p, r); addCDS(p, r); @@ -1588,7 +1595,7 @@ bool PacketHandler::opcodeQueryInner2(DNSPacket& pkt, queryState &state, bool re return true; } - if(!B.getAuth(state.target, pkt.qtype, &d_sd)) { + if(!B.getAuth(ZoneName(state.target), pkt.qtype, &d_sd)) { DLOG(g_log<setA(false); // drop AA if we never had a SOA in the first place @@ -1598,19 +1605,20 @@ bool PacketHandler::opcodeQueryInner2(DNSPacket& pkt, queryState &state, bool re } DLOG(g_log< r{nullptr}; - set authSet; + set authSet; DNSName target; bool doSigs{false}; bool noCache{false}; diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc index 1f2c504661..86b4325f06 100644 --- a/pdns/pdnsutil.cc +++ b/pdns/pdnsutil.cc @@ -379,7 +379,7 @@ static int checkZone(DNSSECKeeper &dk, UeberBackend &B, const ZoneName& zone, co if(B.getSOAUncached(parent, sd_p)) { bool ns=false; DNSZoneRecord zr; - B.lookup(QType(QType::ANY), zone, sd_p.domain_id); + B.lookup(QType(QType::ANY), zone.operator const DNSName&(), sd_p.domain_id); while(B.get(zr)) ns |= (zr.dr.d_type == QType::NS); if (!ns) { @@ -587,7 +587,7 @@ static int checkZone(DNSSECKeeper &dk, UeberBackend &B, const ZoneName& zone, co numwarnings++; } - if(rr.qname==zone) { + if(rr.qname==zone.operator const DNSName&()) { // apex checks if (rr.qtype.getCode() == QType::NS) { hasNsAtApex=true; @@ -866,7 +866,7 @@ static int checkZone(DNSSECKeeper &dk, UeberBackend &B, const ZoneName& zone, co } } } - if( ! ds_ns && rr.qtype.getCode() == QType::DS && rr.qname != zone ) { + if( ! ds_ns && rr.qtype.getCode() == QType::DS && rr.qname != zone.operator const DNSName&() ) { cout << "[Warning] DS record without a delegation '" << rr.qname<<"'." << endl; numwarnings++; } @@ -981,7 +981,7 @@ static int increaseSerial(const ZoneName& zone, DNSSECKeeper &dsk) sd.db->startTransaction(zone, -1); auto rrs = vector{rr}; - if (!sd.db->replaceRRSet(sd.domain_id, zone, rr.qtype, rrs)) { + if (!sd.db->replaceRRSet(sd.domain_id, zone.operator const DNSName&(), rr.qtype, rrs)) { cerr << "Backend did not replace SOA record. Backend might not support this operation." << endl; sd.db->abortTransaction(); return -1; @@ -995,7 +995,7 @@ static int increaseSerial(const ZoneName& zone, DNSSECKeeper &dsk) DNSName ordername; if(haveNSEC3) { if(!narrow) - ordername=DNSName(toBase32Hex(hashQNameWithSalt(ns3pr, zone))); + ordername=DNSName(toBase32Hex(hashQNameWithSalt(ns3pr, zone.operator const DNSName&()))); } else ordername=DNSName(""); if(g_verbose) @@ -1342,7 +1342,7 @@ static int editZone(const ZoneName &zone, const PDNSColors& col) { unixDie("Editing file with: '"+cmdline+"', perhaps set EDITOR variable"); } cmdline.clear(); - ZoneParserTNG zpt(tmpnam, g_rootdnsname); + ZoneParserTNG zpt(tmpnam, ZoneName(g_rootdnsname)); zpt.setMaxGenerateSteps(::arg().asNum("max-generate-steps")); zpt.setMaxIncludes(::arg().asNum("max-include-depth")); DNSResourceRecord zrr; @@ -1417,7 +1417,7 @@ static int editZone(const ZoneName &zone, const PDNSColors& col) { cout<getZoneRepresentation(true) << col.rst() <& cmds) { ZoneName zone(cmds.at(1)); DNSName name; if (cmds.at(2) == "@") - name=zone; + name=zone.operator const DNSName&(); else - name = DNSName(cmds.at(2)) + zone; + name = DNSName(cmds.at(2)) + zone.operator const DNSName&(); UtilBackend B; //NOLINT(readability-identifier-length) DomainInfo di; @@ -1850,9 +1850,9 @@ static int deleteRRSet(const std::string& zone_, const std::string& name_, const DNSName name; if(name_=="@") - name=zone; + name=zone.operator const DNSName&(); else - name=DNSName(name_)+zone; + name=DNSName(name_)+zone.operator const DNSName&(); QType qt(QType::chartocode(type_.c_str())); di.backend->startTransaction(zone, -1); @@ -1957,7 +1957,7 @@ static bool testAlgorithms() static void testSpeed(const ZoneName& zone, int cores) { DNSResourceRecord rr; - rr.qname=DNSName("blah")+zone; + rr.qname=DNSName("blah")+zone.operator const DNSName&(); rr.qtype=QType::A; rr.ttl=3600; rr.auth=true; @@ -1985,7 +1985,7 @@ static void testSpeed(const ZoneName& zone, int cores) rr.content=tmp; snprintf(tmp, sizeof(tmp), "r-%u", rnd); - rr.qname=DNSName(tmp)+zone; + rr.qname=DNSName(tmp)+zone.operator const DNSName&(); DNSZoneRecord dzr; dzr.dr=DNSRecord(rr); if(csp.submit(dzr)) @@ -2264,7 +2264,7 @@ static bool showZone(DNSSECKeeper& dnsseckeeper, const ZoneName& zone, bool expo vector keys; DNSZoneRecord zr; - di.backend->lookup(QType(QType::DNSKEY), zone, di.id ); + di.backend->lookup(QType(QType::DNSKEY), zone.operator const DNSName&(), di.id ); while(di.backend->get(zr)) { keys.push_back(*getRR(zr.dr)); } @@ -2302,19 +2302,19 @@ static bool showZone(DNSSECKeeper& dnsseckeeper, const ZoneName& zone, bool expo const std::string prefix(exportDS ? "" : "DS = "); if (g_verbose) { - cout<startTransaction(zone, di.id); rr.qtype=QType::SOA; - rr.qname=zone; + rr.qname=zone.operator const DNSName&(); rr.ttl=86400; rr.domain_id=di.id; rr.auth=true; @@ -2518,7 +2518,7 @@ static int testSchema(DNSSECKeeper& dsk, const ZoneName& zone) cout<<"Committing"<commitTransaction(); cout<<"Querying TXT"<lookup(QType(QType::TXT), zone, di.id); + db->lookup(QType(QType::TXT), zone.operator const DNSName&(), di.id); if(db->get(rrget)) { DNSResourceRecord rrthrowaway; @@ -2540,7 +2540,7 @@ static int testSchema(DNSSECKeeper& dsk, const ZoneName& zone) db->startTransaction(zone, di.id); rr.qtype=QType::SOA; - rr.qname=zone; + rr.qname=zone.operator const DNSName&(); rr.ttl=86400; rr.domain_id=di.id; rr.auth=true; @@ -2549,11 +2549,11 @@ static int testSchema(DNSSECKeeper& dsk, const ZoneName& zone) db->feedRecord(rr, DNSName()); rr.qtype=QType::A; - rr.qname=DNSName("_underscore")+zone; + rr.qname=DNSName("_underscore")+zone.operator const DNSName&(); rr.content="127.0.0.1"; db->feedRecord(rr, DNSName()); - rr.qname=DNSName("bla")+zone; + rr.qname=DNSName("bla")+zone.operator const DNSName&(); cout<<"Committing"<commitTransaction(); @@ -2563,14 +2563,14 @@ static int testSchema(DNSSECKeeper& dsk, const ZoneName& zone) rectifyZone(dsk, zone); cout<<"Checking underscore ordering"<getBeforeAndAfterNames(di.id, zone, DNSName("z")+zone, before, after); + db->getBeforeAndAfterNames(di.id, zone, DNSName("z")+zone.operator const DNSName&(), before, after); cout<<"got '"<d_name != di->zone) { + if ((rrType == QType::NSEC3PARAM || rrType == QType::DNSKEY) && rr->d_name != di->zone.operator const DNSName&()) { g_log<d_name<<"|"<d_name); // always remove any ENT's in the place where we're going to add a record. auto newRec = DNSResourceRecord::fromWire(*rr); newRec.domain_id = di->id; - newRec.auth = (rr->d_name == di->zone || rrType.getCode() != QType::NS); + newRec.auth = (rr->d_name == di->zone.operator const DNSName&() || rrType.getCode() != QType::NS); di->backend->feedRecord(newRec, DNSName()); changedRecords++; // because we added a record, we need to fix DNSSEC data. - DNSName shorter(rr->d_name); + ZoneName shorter(rr->d_name); bool auth=newRec.auth; bool fixDS = (rrType == QType::DS); @@ -276,18 +276,18 @@ uint PacketHandler::performUpdate(const string &msgPrefix, const DNSRecord *rr, break; bool foundShorter = false; - di->backend->lookup(QType(QType::ANY), shorter, di->id); + di->backend->lookup(QType(QType::ANY), shorter.operator const DNSName&(), di->id); while (di->backend->get(rec)) { if (rec.qname == rr->d_name && rec.qtype == QType::DS) fixDS = true; - if (shorter != rr->d_name) + if (shorter.operator const DNSName&() != rr->d_name) foundShorter = true; if (rec.qtype == QType::NS) // are we inserting below a delegate? auth=false; } - if (!foundShorter && auth && shorter != rr->d_name) // haven't found any record at current level, insert ENT. - insnonterm.insert(shorter); + if (!foundShorter && auth && shorter.operator const DNSName&() != rr->d_name) // haven't found any record at current level, insert ENT. + insnonterm.insert(shorter.operator const DNSName&()); if (foundShorter) break; // if we find a shorter record, we can stop searching } while(shorter.chopOff()); @@ -335,7 +335,7 @@ uint PacketHandler::performUpdate(const string &msgPrefix, const DNSRecord *rr, DLOG(g_log<d_name< qnames; - di->backend->listSubZone(rr->d_name, di->id); + di->backend->listSubZone(ZoneName(rr->d_name), di->id); while(di->backend->get(rec)) { if (rec.qtype.getCode() && rec.qtype.getCode() != QType::DS && rr->d_name != rec.qname) // Skip ENT, DS and our already corrected record. qnames.push_back(rec.qname); @@ -375,11 +375,11 @@ uint PacketHandler::performUpdate(const string &msgPrefix, const DNSRecord *rr, if (rrType == QType::NSEC3PARAM) { g_log<d_class == QClass::ANY) - d_dk.unsetNSEC3PARAM(rr->d_name); + d_dk.unsetNSEC3PARAM(ZoneName(rr->d_name)); else if (rr->d_class == QClass::NONE) { NSEC3PARAMRecordContent nsec3rr(rr->getContent()->getZoneRepresentation(), di->zone); if (*haveNSEC3 && ns3pr->getZoneRepresentation() == nsec3rr.getZoneRepresentation()) - d_dk.unsetNSEC3PARAM(rr->d_name); + d_dk.unsetNSEC3PARAM(ZoneName(rr->d_name)); else return 0; } else @@ -401,7 +401,7 @@ uint PacketHandler::performUpdate(const string &msgPrefix, const DNSRecord *rr, di->backend->lookup(rrType, rr->d_name, di->id); while(di->backend->get(rec)) { if (rr->d_class == QClass::ANY) { // 3.4.2.3 - if (rec.qname == di->zone && (rec.qtype == QType::NS || rec.qtype == QType::SOA)) // Never delete all SOA and NS's + if (rec.qname == di->zone.operator const DNSName&() && (rec.qtype == QType::NS || rec.qtype == QType::SOA)) // Never delete all SOA and NS's rrset.push_back(rec); else recordsToDelete.push_back(rec); @@ -431,9 +431,9 @@ uint PacketHandler::performUpdate(const string &msgPrefix, const DNSRecord *rr, // If we've removed a delegate, we need to reset ordername/auth for some records. - if (rrType == QType::NS && rr->d_name != di->zone) { + if (rrType == QType::NS && rr->d_name != di->zone.operator const DNSName&()) { vector belowOldDelegate, nsRecs, updateAuthFlag; - di->backend->listSubZone(rr->d_name, di->id); + di->backend->listSubZone(ZoneName(rr->d_name), di->id); while (di->backend->get(rec)) { if (rec.qtype.getCode()) // skip ENT records, they are always auth=false belowOldDelegate.push_back(rec.qname); @@ -474,7 +474,7 @@ uint PacketHandler::performUpdate(const string &msgPrefix, const DNSRecord *rr, // on that level. If so, we must insert an ENT record. // We take extra care here to not 'include' the record that we just deleted. Some backends will still return it as they only reload on a commit. bool foundDeeper = false, foundOtherWithSameName = false; - di->backend->listSubZone(rr->d_name, di->id); + di->backend->listSubZone(ZoneName(rr->d_name), di->id); while (di->backend->get(rec)) { if (rec.qname == rr->d_name && !count(recordsToDelete.begin(), recordsToDelete.end(), rec)) foundOtherWithSameName = true; @@ -487,7 +487,7 @@ uint PacketHandler::performUpdate(const string &msgPrefix, const DNSRecord *rr, } else if (!foundOtherWithSameName) { // If we didn't have to insert an ENT, we might have deleted a record at very deep level // and we must then clean up the ENT's above the deleted record. - DNSName shorter(rr->d_name); + ZoneName shorter(rr->d_name); while (shorter != di->zone) { shorter.chopOff(); bool foundRealRR = false; @@ -509,7 +509,7 @@ uint PacketHandler::performUpdate(const string &msgPrefix, const DNSRecord *rr, } if (!foundRealRR) { if (foundEnt) // only delete the ENT if we actually found one. - delnonterm.insert(shorter); + delnonterm.insert(shorter.operator const DNSName&()); } else break; } @@ -542,7 +542,7 @@ uint PacketHandler::performUpdate(const string &msgPrefix, const DNSRecord *rr, int PacketHandler::forwardPacket(const string &msgPrefix, const DNSPacket& p, const DomainInfo& di) { vector forward; - B.getDomainMetadata(p.qdomain, "FORWARD-DNSUPDATE", forward); + B.getDomainMetadata(ZoneName(p.qdomain), "FORWARD-DNSUPDATE", forward); if (forward.size() == 0 && ! ::arg().mustDo("forward-dnsupdate")) { g_log << Logger::Notice << msgPrefix << "Not configured to forward to primary, returning Refused." << endl; @@ -665,7 +665,8 @@ int PacketHandler::processUpdate(DNSPacket& packet) { // NOLINT(readability-func if (! ::arg().mustDo("dnsupdate")) return RCode::Refused; - string msgPrefix="UPDATE (" + std::to_string(packet.d.id) + ") from " + packet.getRemoteString() + " for " + packet.qdomain.toLogString() + ": "; + ZoneName zonename(packet.qdomain); + string msgPrefix="UPDATE (" + std::to_string(packet.d.id) + ") from " + packet.getRemoteString() + " for " + zonename.toLogString() + ": "; g_log< allowedRanges; - B.getDomainMetadata(packet.qdomain, "ALLOW-DNSUPDATE-FROM", allowedRanges); + B.getDomainMetadata(zonename, "ALLOW-DNSUPDATE-FROM", allowedRanges); if (! ::arg()["allow-dnsupdate-from"].empty()) stringtok(allowedRanges, ::arg()["allow-dnsupdate-from"], ", \t" ); @@ -690,7 +691,7 @@ int PacketHandler::processUpdate(DNSPacket& packet) { // NOLINT(readability-func // Check permissions - TSIG based. vector tsigKeys; - B.getDomainMetadata(packet.qdomain, "TSIG-ALLOW-DNSUPDATE", tsigKeys); + B.getDomainMetadata(zonename, "TSIG-ALLOW-DNSUPDATE", tsigKeys); if (tsigKeys.size() > 0) { bool validKey = false; @@ -758,8 +759,8 @@ int PacketHandler::processUpdate(DNSPacket& packet) { // NOLINT(readability-func DomainInfo di; di.backend=nullptr; - if(!B.getDomainInfo(packet.qdomain, di) || (di.backend == nullptr)) { - g_log< l(s_rfc2136lock); //TODO: i think this lock can be per zone, not for everything g_log<startTransaction(packet.qdomain, -1)) { // Not giving the domain_id means that we do not delete the existing records. - g_log<startTransaction(zonename, -1)) { // Not giving the domain_id means that we do not delete the existing records. + g_log<d_place == DNSResourceRecord::AUTHORITY) { /* see if it's permitted by policy */ if (this->d_update_policy_lua != nullptr) { - if (!this->d_update_policy_lua->updatePolicy(dnsRecord->d_name, QType(dnsRecord->d_type), di.zone, packet)) { + if (!this->d_update_policy_lua->updatePolicy(dnsRecord->d_name, QType(dnsRecord->d_type), di.zone.operator const DNSName&(), packet)) { g_log<d_name << "/" << QType(dnsRecord->d_type).toString() << ": Not permitted by policy"<d_class == QClass::NONE && dnsRecord->d_type == QType::NS && dnsRecord->d_name == di.zone) { + if (dnsRecord->d_class == QClass::NONE && dnsRecord->d_type == QType::NS && dnsRecord->d_name == di.zone.operator const DNSName&()) { nsRRtoDelete.push_back(dnsRecord); } else if (dnsRecord->d_class == QClass::IN && dnsRecord->d_ttl > 0) { @@ -962,7 +963,7 @@ int PacketHandler::processUpdate(DNSPacket& packet) { // NOLINT(readability-func if (nsRRtoDelete.size()) { vector nsRRInZone; DNSResourceRecord rec; - di.backend->lookup(QType(QType::NS), di.zone, di.id); + di.backend->lookup(QType(QType::NS), di.zone.operator const DNSName&(), di.id); while (di.backend->get(rec)) { nsRRInZone.push_back(rec); } @@ -999,7 +1000,7 @@ int PacketHandler::processUpdate(DNSPacket& packet) { // NOLINT(readability-func // Notify secondaries if (di.kind == DomainInfo::Primary) { vector notify; - B.getDomainMetadata(packet.qdomain, "NOTIFY-DNSUPDATE", notify); + B.getDomainMetadata(zonename, "NOTIFY-DNSUPDATE", notify); if (!notify.empty() && notify.front() == "1") { Communicator.notifyDomain(di.zone, &B); } diff --git a/pdns/serialtweaker.cc b/pdns/serialtweaker.cc index 834fe1adfc..c8ad2d40a4 100644 --- a/pdns/serialtweaker.cc +++ b/pdns/serialtweaker.cc @@ -137,7 +137,7 @@ bool increaseSOARecord(DNSResourceRecord& rr, const string& increaseKind, const SOAData sd; fillSOAData(rr.content, sd); - sd.serial = calculateIncreaseSOA(sd.serial, increaseKind, editKind, rr.qname); + sd.serial = calculateIncreaseSOA(sd.serial, increaseKind, editKind, ZoneName(rr.qname)); rr.content = makeSOAContent(sd)->getZoneRepresentation(true); return true; } @@ -152,7 +152,7 @@ bool makeIncreasedSOARecord(SOAData& sd, const string& increaseKind, const strin if (increaseKind.empty()) return false; - sd.serial = calculateIncreaseSOA(sd.serial, increaseKind, editKind, sd.qname); + sd.serial = calculateIncreaseSOA(sd.serial, increaseKind, editKind, ZoneName(sd.qname)); rrout.qname = sd.qname; rrout.content = makeSOAContent(sd)->getZoneRepresentation(true); rrout.qtype = QType::SOA; @@ -165,7 +165,7 @@ bool makeIncreasedSOARecord(SOAData& sd, const string& increaseKind, const strin DNSZoneRecord makeEditedDNSZRFromSOAData(DNSSECKeeper& dk, const SOAData& sd, DNSResourceRecord::Place place) { SOAData edited = sd; - edited.serial = calculateEditSOA(sd.serial, dk, sd.qname); + edited.serial = calculateEditSOA(sd.serial, dk, ZoneName(sd.qname)); DNSRecord soa; soa.d_name = sd.qname; diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc index f507f7c337..1b27dff0a7 100644 --- a/pdns/tcpreceiver.cc +++ b/pdns/tcpreceiver.cc @@ -460,7 +460,8 @@ bool TCPNameserver::canDoAXFR(std::unique_ptr& q, bool isAXFR, std::u if(::arg().mustDo("disable-axfr")) return false; - string logPrefix=string(isAXFR ? "A" : "I")+"XFR-out zone '"+q->qdomain.toLogString()+"', client '"+q->getInnerRemote().toStringWithPort()+"', "; + ZoneName zonename(q->qdomain); + string logPrefix=string(isAXFR ? "A" : "I")+"XFR-out zone '"+zonename.toLogString()+"', client '"+q->getInnerRemote().toStringWithPort()+"', "; if(q->d_havetsig) { // if you have one, it must be good TSIGRecordContent tsigContent; @@ -484,18 +485,18 @@ bool TCPNameserver::canDoAXFR(std::unique_ptr& q, bool isAXFR, std::u #ifdef ENABLE_GSS_TSIG if (g_doGssTSIG && q->d_tsig_algo == TSIG_GSS) { vector princs; - packetHandler->getBackend()->getDomainMetadata(q->qdomain, "GSS-ALLOW-AXFR-PRINCIPAL", princs); + packetHandler->getBackend()->getDomainMetadata(zonename, "GSS-ALLOW-AXFR-PRINCIPAL", princs); for(const std::string& princ : princs) { if (q->d_peer_principal == princ) { - g_log<qdomain<<"' allowed: TSIG signed request with authorized principal '"<d_peer_principal<<"' and algorithm 'gss-tsig'"<d_peer_principal<<"' and algorithm 'gss-tsig'"<qdomain<<"' denied: TSIG signed request with principal '"<d_peer_principal<<"' and algorithm 'gss-tsig' is not permitted"<d_peer_principal<<"' and algorithm 'gss-tsig' is not permitted"<qdomain, tsigkeyname)) { + if(!dk.TSIGGrantsAccess(zonename, tsigkeyname)) { g_log<d_tsig_algo)<<"' does not grant access"<& q, bool isAXFR, std::u // cerr<<"doing per-zone-axfr-acls"<getBackend()->getSOAUncached(q->qdomain,sd)) { + if(packetHandler->getBackend()->getSOAUncached(zonename,sd)) { // cerr<<"got backend and SOA"< acl; - packetHandler->getBackend()->getDomainMetadata(q->qdomain, "ALLOW-AXFR-FROM", acl); + packetHandler->getBackend()->getDomainMetadata(zonename, "ALLOW-AXFR-FROM", acl); for (const auto & i : acl) { // cerr<<"matching against "<<*i<& q, bool isAXFR, std::u extern CommunicatorClass Communicator; - if(Communicator.justNotified(q->qdomain, q->getInnerRemote().toString())) { // we just notified this ip + if(Communicator.justNotified(zonename, q->getInnerRemote().toString())) { // we just notified this ip g_log<& q, int outsock) // NOLINT(readability-function-cognitive-complexity) { - string logPrefix="AXFR-out zone '"+target.toLogString()+"', client '"+q->getRemoteStringWithPort()+"', "; + ZoneName targetZone(target); + string logPrefix="AXFR-out zone '"+targetZone.toLogString()+"', client '"+q->getRemoteStringWithPort()+"', "; std::unique_ptr outpacket= getFreshAXFRPacket(q); if(q->d_dnssecOk) @@ -616,7 +618,7 @@ int TCPNameserver::doAXFR(const DNSName &target, std::unique_ptr& q, return 0; } - if (!(*packetHandler)->getBackend()->getSOAUncached(target, sd)) { + if (!(*packetHandler)->getBackend()->getSOAUncached(targetZone, sd)) { g_log<setRcode(RCode::NotAuth); sendPacket(outpacket,outsock); @@ -625,7 +627,7 @@ int TCPNameserver::doAXFR(const DNSName &target, std::unique_ptr& q, } UeberBackend db; - if(!db.getSOAUncached(target, sd)) { + if(!db.getSOAUncached(targetZone, sd)) { g_log<setRcode(RCode::NotAuth); sendPacket(outpacket,outsock); @@ -638,18 +640,18 @@ int TCPNameserver::doAXFR(const DNSName &target, std::unique_ptr& q, bool narrow = false; DomainInfo di; - bool isCatalogZone = sd.db->getDomainInfo(target, di, false) && di.isCatalogType(); + bool isCatalogZone = sd.db->getDomainInfo(targetZone, di, false) && di.isCatalogType(); NSEC3PARAMRecordContent ns3pr; DNSSECKeeper dk(&db); - DNSSECKeeper::clearCaches(target); + DNSSECKeeper::clearCaches(targetZone); if (!isCatalogZone) { - securedZone = dk.isSecuredZone(target); - presignedZone = dk.isPresigned(target); + securedZone = dk.isSecuredZone(targetZone); + presignedZone = dk.isPresigned(targetZone); } - if(securedZone && dk.getNSEC3PARAM(target, &ns3pr, &narrow)) { + if(securedZone && dk.getNSEC3PARAM(targetZone, &ns3pr, &narrow)) { NSEC3Zone=true; if(narrow) { g_log<& q, outpacket->addRecord(DNSZoneRecord(soa)); if(securedZone && !presignedZone) { set authSet; - authSet.insert(target); + authSet.insert(targetZone); addRRSigs(dk, db, authSet, outpacket->getRRS()); } @@ -711,16 +713,17 @@ int TCPNameserver::doAXFR(const DNSName &target, std::unique_ptr& q, if(securedZone && !presignedZone) { // this is where the DNSKEYs, CDNSKEYs and CDSs go in bool doCDNSKEY = true, doCDS = true; string publishCDNSKEY, publishCDS; - dk.getPublishCDNSKEY(q->qdomain, publishCDNSKEY); - dk.getPublishCDS(q->qdomain, publishCDS); + ZoneName zonename(q->qdomain); + dk.getPublishCDNSKEY(zonename, publishCDNSKEY); + dk.getPublishCDS(zonename, publishCDS); set entryPointIds; - DNSSECKeeper::keyset_t entryPoints = dk.getEntryPoints(target); + DNSSECKeeper::keyset_t entryPoints = dk.getEntryPoints(targetZone); for (auto const& value : entryPoints) { entryPointIds.insert(value.second.id); } - DNSSECKeeper::keyset_t keys = dk.getKeys(target); + DNSSECKeeper::keyset_t keys = dk.getKeys(targetZone); for(const DNSSECKeeper::keyset_t::value_type& value : keys) { if (!value.second.published) { continue; @@ -792,27 +795,27 @@ int TCPNameserver::doAXFR(const DNSName &target, std::unique_ptr& q, zrrs.emplace_back(zrr); } - zrrs.emplace_back(CatalogInfo::getCatalogVersionRecord(target)); + zrrs.emplace_back(CatalogInfo::getCatalogVersionRecord(targetZone)); vector members; - if (!sd.db->getCatalogMembers(target, members, CatalogInfo::CatalogType::Producer)) { + if (!sd.db->getCatalogMembers(targetZone, members, CatalogInfo::CatalogType::Producer)) { g_log << Logger::Error << logPrefix << "getting catalog members failed, aborting AXFR" << endl; outpacket->setRcode(RCode::ServFail); sendPacket(outpacket, outsock); return 0; } for (const auto& ci : members) { - ci.toDNSZoneRecords(target, zrrs); + ci.toDNSZoneRecords(targetZone, zrrs); } if (members.empty()) { - g_log << Logger::Warning << logPrefix << "catalog zone '" << target << "' has no members" << endl; + g_log << Logger::Warning << logPrefix << "catalog zone '" << targetZone << "' has no members" << endl; } goto send; } // Catalog zone end // now start list zone - if (!sd.db->list(target, sd.domain_id, isCatalogZone)) { + if (!sd.db->list(targetZone, sd.domain_id, isCatalogZone)) { g_log<setRcode(RCode::ServFail); sendPacket(outpacket,outsock); @@ -1008,7 +1011,7 @@ send: typedef map nsecxrepo_t; nsecxrepo_t nsecxrepo; - ChunkedSigningPipe csp(target, (securedZone && !presignedZone), ::arg().asNum("signing-threads", 1), ::arg().mustDo("workaround-11804") ? 1 : 100); + ChunkedSigningPipe csp(targetZone, (securedZone && !presignedZone), ::arg().asNum("signing-threads", 1), ::arg().mustDo("workaround-11804") ? 1 : 100); DNSName keyname; unsigned int udiff; @@ -1185,7 +1188,8 @@ send: int TCPNameserver::doIXFR(std::unique_ptr& q, int outsock) { - string logPrefix="IXFR-out zone '"+q->qdomain.toLogString()+"', client '"+q->getRemoteStringWithPort()+"', "; + ZoneName zonename(q->qdomain); + string logPrefix="IXFR-out zone '"+zonename.toLogString()+"', client '"+q->getRemoteStringWithPort()+"', "; std::unique_ptr outpacket=getFreshAXFRPacket(q); if(q->d_dnssecOk) @@ -1237,7 +1241,7 @@ int TCPNameserver::doIXFR(std::unique_ptr& q, int outsock) } // canDoAXFR does all the ACL checks, and has the if(disable-axfr) shortcut, call it first. - if(!canDoAXFR(q, false, *packetHandler) || !(*packetHandler)->getBackend()->getSOAUncached(q->qdomain, sd)) { + if(!canDoAXFR(q, false, *packetHandler) || !(*packetHandler)->getBackend()->getSOAUncached(zonename, sd)) { g_log<setRcode(RCode::NotAuth); sendPacket(outpacket,outsock); @@ -1245,10 +1249,10 @@ int TCPNameserver::doIXFR(std::unique_ptr& q, int outsock) } DNSSECKeeper dk((*packetHandler)->getBackend()); - DNSSECKeeper::clearCaches(q->qdomain); + DNSSECKeeper::clearCaches(zonename); bool narrow = false; - securedZone = dk.isSecuredZone(q->qdomain); - if(dk.getNSEC3PARAM(q->qdomain, nullptr, &narrow)) { + securedZone = dk.isSecuredZone(zonename); + if(dk.getNSEC3PARAM(zonename, nullptr, &narrow)) { if(narrow) { g_log<setRcode(RCode::Refused); @@ -1257,11 +1261,11 @@ int TCPNameserver::doIXFR(std::unique_ptr& q, int outsock) } } - serialPermitsIXFR = !rfc1982LessThan(serial, calculateEditSOA(sd.serial, dk, sd.qname)); + serialPermitsIXFR = !rfc1982LessThan(serial, calculateEditSOA(sd.serial, dk, ZoneName(sd.qname))); } if (serialPermitsIXFR) { - ZoneName target = q->qdomain; + ZoneName target = zonename; TSIGRecordContent trc; DNSName tsigkeyname; string tsigsecret; diff --git a/pdns/test-ueberbackend_cc.cc b/pdns/test-ueberbackend_cc.cc index 2607c4e69e..50d22b9318 100644 --- a/pdns/test-ueberbackend_cc.cc +++ b/pdns/test-ueberbackend_cc.cc @@ -139,7 +139,7 @@ public: void lookup(const QType& qtype, const DNSName& qdomain, int zoneId = -1, DNSPacket *pkt_p = nullptr) override { d_currentScopeMask = 0; - findZone(qdomain, zoneId, d_records, d_currentZone); + findZone(ZoneName(qdomain), zoneId, d_records, d_currentZone); if (d_records) { if (qdomain == DNSName("geo.powerdns.com.") && pkt_p != nullptr) { @@ -263,14 +263,14 @@ public: } auto& idx = records->get(); - auto range = idx.equal_range(std::tuple(best, QType::SOA)); + auto range = idx.equal_range(std::tuple(best.operator const DNSName&(), QType::SOA)); if (range.first == range.second) { return false; } fillSOAData(range.first->d_content, *soadata); soadata->ttl = range.first->d_ttl; - soadata->qname = best; + soadata->qname = best.operator const DNSName&(); soadata->domain_id = static_cast(zoneId); return true; } diff --git a/pdns/ueberbackend.cc b/pdns/ueberbackend.cc index c0f957a53d..c180fd6092 100644 --- a/pdns/ueberbackend.cc +++ b/pdns/ueberbackend.cc @@ -335,7 +335,7 @@ bool UeberBackend::inTransaction() bool UeberBackend::fillSOAFromZoneRecord(ZoneName& shorter, const int zoneId, SOAData* const soaData) { // Zone exists in zone cache, directly look up SOA. - lookup(QType(QType::SOA), shorter, zoneId, nullptr); + lookup(QType(QType::SOA), shorter.operator const DNSName&(), zoneId, nullptr); DNSZoneRecord zoneRecord; if (!get(zoneRecord)) { @@ -343,7 +343,7 @@ bool UeberBackend::fillSOAFromZoneRecord(ZoneName& shorter, const int zoneId, SO return false; } - if (zoneRecord.dr.d_name != shorter) { + if (zoneRecord.dr.d_name != shorter.operator const DNSName&()) { throw PDNSException("getAuth() returned an SOA for the wrong zone. Zone '" + zoneRecord.dr.d_name.toLogString() + "' is not equal to looked up zone '" + shorter.toLogString() + "'"); } @@ -382,7 +382,7 @@ UeberBackend::CacheResult UeberBackend::fillSOAFromCache(SOAData* soaData, ZoneN fillSOAData(d_answers[0], *soaData); soaData->db = backends.size() == 1 ? backends.begin()->get() : nullptr; - soaData->qname = shorter; + soaData->qname = shorter.operator const DNSName&(); } else if (cacheResult == CacheResult::NegativeMatch && d_negcache_ttl != 0U) { DLOG(g_log << Logger::Error << "has neg cache entry: " << shorter << endl); @@ -421,7 +421,7 @@ static std::vector>::iterator findBestMatchingBacken bestMatch->first = soaData->qname.wirelength(); bestMatch->second = *soaData; - if (soaData->qname == shorter) { + if (soaData->qname == shorter.operator const DNSName&()) { break; } } @@ -466,7 +466,7 @@ bool UeberBackend::getAuth(const ZoneName& target, const QType& qtype, SOAData* if (cachedOk && g_zoneCache.isEnabled()) { if (g_zoneCache.getEntry(shorter, zoneId)) { if (fillSOAFromZoneRecord(shorter, zoneId, soaData)) { - if (foundTarget(target, shorter, qtype, soaData, found)) { + if (foundTarget(target.operator const DNSName&(), shorter.operator const DNSName&(), qtype, soaData, found)) { return true; } @@ -481,14 +481,14 @@ bool UeberBackend::getAuth(const ZoneName& target, const QType& qtype, SOAData* } d_question.qtype = QType::SOA; - d_question.qname = shorter; + d_question.qname = shorter.operator const DNSName&(); d_question.zoneId = zoneId; // Check cache. if (cachedOk && (d_cache_ttl != 0 || d_negcache_ttl != 0)) { auto cacheResult = fillSOAFromCache(soaData, shorter); if (cacheResult == CacheResult::Hit) { - if (foundTarget(target, shorter, qtype, soaData, found)) { + if (foundTarget(target.operator const DNSName&(), shorter.operator const DNSName&(), qtype, soaData, found)) { return true; } @@ -509,7 +509,7 @@ bool UeberBackend::getAuth(const ZoneName& target, const QType& qtype, SOAData* if (backend == backends.end()) { if (d_negcache_ttl != 0U) { DLOG(g_log << Logger::Error << "add neg cache entry:" << shorter << endl); - d_question.qname = shorter; + d_question.qname = shorter.operator const DNSName&(); addNegCache(d_question); } @@ -534,7 +534,7 @@ bool UeberBackend::getAuth(const ZoneName& target, const QType& qtype, SOAData* } } - if (foundTarget(target, shorter, qtype, soaData, found)) { + if (foundTarget(target.operator const DNSName&(), shorter.operator const DNSName&(), qtype, soaData, found)) { return true; } @@ -547,12 +547,12 @@ bool UeberBackend::getAuth(const ZoneName& target, const QType& qtype, SOAData* bool UeberBackend::getSOAUncached(const ZoneName& domain, SOAData& soaData) { d_question.qtype = QType::SOA; - d_question.qname = domain; + d_question.qname = domain.operator const DNSName&(); d_question.zoneId = -1; for (auto& backend : backends) { if (backend->getSOA(domain, soaData)) { - if (domain != soaData.qname) { + if (domain.operator const DNSName&() != soaData.qname) { throw PDNSException("getSOA() returned an SOA for the wrong zone. Question: '" + domain.toLogString() + "', answer: '" + soaData.qname.toLogString() + "'"); } if (d_cache_ttl != 0U) { diff --git a/pdns/ws-api.cc b/pdns/ws-api.cc index b3549fc164..16a9f21e0a 100644 --- a/pdns/ws-api.cc +++ b/pdns/ws-api.cc @@ -266,6 +266,13 @@ DNSName apiNameToDNSName(const string& name) } } +#if defined(PDNS_AUTH) +ZoneName apiNameToZoneName(const string& name) +{ + return ZoneName(apiNameToDNSName(name)); +} +#endif + ZoneName apiZoneIdToName(const string& identifier) { string zonename; diff --git a/pdns/ws-api.hh b/pdns/ws-api.hh index 4f97e302f1..f07bead1ab 100644 --- a/pdns/ws-api.hh +++ b/pdns/ws-api.hh @@ -37,6 +37,9 @@ string apiZoneNameToId(const ZoneName& name); void apiCheckNameAllowedCharacters(const string& name); void apiCheckQNameAllowedCharacters(const string& name); DNSName apiNameToDNSName(const string& name); +#if defined(PDNS_AUTH) +ZoneName apiNameToZoneName(const string& name); +#endif // To be provided by product code. void productServerStatisticsFetch(std::map& out); diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc index e36e621667..6f7f21b5a1 100644 --- a/pdns/ws-auth.cc +++ b/pdns/ws-auth.cc @@ -430,13 +430,13 @@ static void fillZone(UeberBackend& backend, const ZoneName& zonename, HttpRespon Json::array tsig_primary_keys; for (const auto& keyname : tsig_primary) { - tsig_primary_keys.emplace_back(apiZoneNameToId(DNSName(keyname))); + tsig_primary_keys.emplace_back(apiZoneNameToId(ZoneName(keyname))); } doc["master_tsig_key_ids"] = tsig_primary_keys; Json::array tsig_secondary_keys; for (const auto& keyname : tsig_secondary) { - tsig_secondary_keys.emplace_back(apiZoneNameToId(DNSName(keyname))); + tsig_secondary_keys.emplace_back(apiZoneNameToId(ZoneName(keyname))); } doc["slave_tsig_key_ids"] = tsig_secondary_keys; @@ -763,7 +763,7 @@ static void extractDomainInfoFromDocument(const Json& document, std::optional& metadata) { for (const auto& value : jsonArray.array_items()) { - auto keyname(apiZoneIdToName(value.string_value())); + DNSName keyname(apiZoneIdToName(value.string_value())); DNSName keyAlgo; string keyContent; if (!backend.getTSIGKey(keyname, keyAlgo, keyContent)) { @@ -1270,7 +1270,7 @@ static void apiZoneCryptokeysExport(const ZoneName& zonename, int64_t inquireKey Json::array dses; for (const uint8_t keyid : {DNSSECKeeper::DIGEST_SHA256, DNSSECKeeper::DIGEST_SHA384}) { try { - string dsRecordContent = makeDSFromDNSKey(zonename, value.first.getDNSKEY(), keyid).getZoneRepresentation(); + string dsRecordContent = makeDSFromDNSKey(zonename.operator const DNSName&(), value.first.getDNSKEY(), keyid).getZoneRepresentation(); dses.emplace_back(dsRecordContent); @@ -1603,7 +1603,7 @@ static void checkNewRecords(vector& records, const ZoneName& } } - if (rec.qname == zone) { + if (rec.qname == zone.operator const DNSName&()) { if (nonApexTypes.count(rec.qtype.getCode()) != 0) { throw ApiException("Record " + rec.qname.toString() + " IN " + rec.qtype.toString() + " is not allowed at apex"); } @@ -1647,7 +1647,7 @@ static Json::object makeJSONTSIGKey(const DNSName& keyname, const DNSName& algo, { Json::object tsigkey = { {"name", keyname.toStringNoDot()}, - {"id", apiZoneNameToId(keyname)}, + {"id", apiZoneNameToId(ZoneName(keyname))}, {"algorithm", algo.toStringNoDot()}, {"key", content}, {"type", "TSIGKey"}}; @@ -1708,7 +1708,7 @@ class TSIGKeyData { public: TSIGKeyData(HttpRequest* req) : - keyName(apiZoneIdToName(req->parameters["id"])) + keyName(apiZoneIdToName(req->parameters["id"]).operator const DNSName&()) { try { if (!backend.getTSIGKey(keyName, algo, content)) { @@ -1844,7 +1844,7 @@ static void apiServerZonesPOST(HttpRequest* req, HttpResponse* resp) DNSSECKeeper dnssecKeeper(&backend); DomainInfo domainInfo; const auto& document = req->json(); - ZoneName zonename = apiNameToDNSName(stringFromJson(document, "name")); + ZoneName zonename = apiNameToZoneName(stringFromJson(document, "name")); apiCheckNameAllowedCharacters(zonename.toString()); zonename.makeUsLowerCase(); @@ -1915,23 +1915,23 @@ static void apiServerZonesPOST(HttpRequest* req, HttpResponse* resp) for (auto& resourceRecord : new_records) { resourceRecord.qname.makeUsLowerCase(); - if (!resourceRecord.qname.isPartOf(zonename) && resourceRecord.qname != zonename) { + if (!resourceRecord.qname.isPartOf(zonename) && resourceRecord.qname != zonename.operator const DNSName&()) { throw ApiException("RRset " + resourceRecord.qname.toString() + " IN " + resourceRecord.qtype.toString() + ": Name is out of zone"); } apiCheckQNameAllowedCharacters(resourceRecord.qname.toString()); - if (resourceRecord.qtype.getCode() == QType::SOA && resourceRecord.qname == zonename) { + if (resourceRecord.qtype.getCode() == QType::SOA && resourceRecord.qname == zonename.operator const DNSName&()) { have_soa = true; } - if (resourceRecord.qtype.getCode() == QType::NS && resourceRecord.qname == zonename) { + if (resourceRecord.qtype.getCode() == QType::NS && resourceRecord.qname == zonename.operator const DNSName&()) { have_zone_ns = true; } } // synthesize RRs as needed DNSResourceRecord autorr; - autorr.qname = zonename; + autorr.qname = zonename.operator const DNSName&(); autorr.auth = true; autorr.ttl = ::arg().asNum("default-ttl"); @@ -2018,7 +2018,7 @@ static void apiServerZonesPOST(HttpRequest* req, HttpResponse* resp) if (!catalog && kind == DomainInfo::Primary) { const auto& defaultCatalog = ::arg()["default-catalog-zone"]; if (!defaultCatalog.empty()) { - domainInfo.backend->setCatalog(zonename, DNSName(defaultCatalog)); + domainInfo.backend->setCatalog(zonename, ZoneName(defaultCatalog)); } } @@ -2040,7 +2040,7 @@ static void apiServerZonesGET(HttpRequest* req, HttpResponse* resp) if (req->getvars.count("zone") != 0) { string zone = req->getvars["zone"]; apiCheckNameAllowedCharacters(zone); - ZoneName zonename = apiNameToDNSName(zone); + ZoneName zonename = apiNameToZoneName(zone); zonename.makeUsLowerCase(); DomainInfo domainInfo; if (backend.getDomainInfo(zonename, domainInfo)) { @@ -2123,12 +2123,12 @@ static void apiServerZoneDetailPUT(HttpRequest* req, HttpResponse* resp) for (auto& resourceRecord : new_records) { resourceRecord.qname.makeUsLowerCase(); - if (!resourceRecord.qname.isPartOf(zoneData.zoneName) && resourceRecord.qname != zoneData.zoneName) { + if (!resourceRecord.qname.isPartOf(zoneData.zoneName) && resourceRecord.qname != zoneData.zoneName.operator const DNSName&()) { throw ApiException("RRset " + resourceRecord.qname.toString() + " IN " + resourceRecord.qtype.toString() + ": Name is out of zone"); } apiCheckQNameAllowedCharacters(resourceRecord.qname.toString()); - if (resourceRecord.qtype.getCode() == QType::SOA && resourceRecord.qname == zoneData.zoneName) { + if (resourceRecord.qtype.getCode() == QType::SOA && resourceRecord.qname == zoneData.zoneName.operator const DNSName&()) { haveSoa = true; } } @@ -2314,7 +2314,7 @@ static void patchZone(UeberBackend& backend, const ZoneName& zonename, DomainInf for (const auto& rrset : rrsets.array_items()) { string changetype = toUpper(stringFromJson(rrset, "changetype")); - ZoneName qname = apiNameToDNSName(stringFromJson(rrset, "name")); + ZoneName qname = apiNameToZoneName(stringFromJson(rrset, "name")); apiCheckQNameAllowedCharacters(qname.toString()); QType qtype; qtype = stringFromJson(rrset, "type"); @@ -2329,7 +2329,7 @@ static void patchZone(UeberBackend& backend, const ZoneName& zonename, DomainInf if (changetype == "DELETE") { // delete all matching qname/qtype RRs (and, implicitly comments). - if (!domainInfo.backend->replaceRRSet(domainInfo.id, qname, qtype, vector())) { + if (!domainInfo.backend->replaceRRSet(domainInfo.id, qname.operator const DNSName&(), qtype, vector())) { throw ApiException("Hosting backend does not support editing records."); } } @@ -2353,11 +2353,11 @@ static void patchZone(UeberBackend& backend, const ZoneName& zonename, DomainInf if (replace_records) { // ttl shouldn't be part of DELETE, and it shouldn't be required if we don't get new records. uint32_t ttl = uintFromJson(rrset, "ttl"); - gatherRecords(rrset, qname, qtype, ttl, new_records); + gatherRecords(rrset, qname.operator const DNSName&(), qtype, ttl, new_records); for (DNSResourceRecord& resourceRecord : new_records) { resourceRecord.domain_id = static_cast(domainInfo.id); - if (resourceRecord.qtype.getCode() == QType::SOA && resourceRecord.qname == zonename) { + if (resourceRecord.qtype.getCode() == QType::SOA && resourceRecord.qname == zonename.operator const DNSName&()) { soa_edit_done = increaseSOARecord(resourceRecord, soa_edit_api_kind, soa_edit_kind); } } @@ -2365,7 +2365,7 @@ static void patchZone(UeberBackend& backend, const ZoneName& zonename, DomainInf } if (replace_comments) { - gatherComments(rrset, qname, qtype, new_comments); + gatherComments(rrset, qname.operator const DNSName&(), qtype, new_comments); for (Comment& comment : new_comments) { comment.domain_id = static_cast(domainInfo.id); @@ -2381,7 +2381,7 @@ static void patchZone(UeberBackend& backend, const ZoneName& zonename, DomainInf bool dname_seen = false; bool ns_seen = false; - domainInfo.backend->APILookup(QType(QType::ANY), qname, static_cast(domainInfo.id), false); + domainInfo.backend->APILookup(QType(QType::ANY), qname.operator const DNSName&(), static_cast(domainInfo.id), false); DNSResourceRecord resourceRecord; while (domainInfo.backend->get(resourceRecord)) { if (resourceRecord.qtype.getCode() == QType::ENT) { @@ -2417,16 +2417,16 @@ static void patchZone(UeberBackend& backend, const ZoneName& zonename, DomainInf } if (!new_records.empty() && ent_present) { QType qt_ent{0}; - if (!domainInfo.backend->replaceRRSet(domainInfo.id, qname, qt_ent, new_records)) { + if (!domainInfo.backend->replaceRRSet(domainInfo.id, qname.operator const DNSName&(), qt_ent, new_records)) { throw ApiException("Hosting backend does not support editing records."); } } - if (!domainInfo.backend->replaceRRSet(domainInfo.id, qname, qtype, new_records)) { + if (!domainInfo.backend->replaceRRSet(domainInfo.id, qname.operator const DNSName&(), qtype, new_records)) { throw ApiException("Hosting backend does not support editing records."); } } if (replace_comments) { - if (!domainInfo.backend->replaceComments(domainInfo.id, qname, qtype, new_comments)) { + if (!domainInfo.backend->replaceComments(domainInfo.id, qname.operator const DNSName&(), qtype, new_comments)) { throw ApiException("Hosting backend does not support editing comments."); } } @@ -2588,7 +2588,7 @@ static void apiServerSearchData(HttpRequest* req, HttpResponse* resp) static void apiServerCacheFlush(HttpRequest* req, HttpResponse* resp) { - ZoneName canon = apiNameToDNSName(req->getvars["domain"]); + ZoneName canon = apiNameToZoneName(req->getvars["domain"]); if (g_zoneCache.isEnabled()) { DomainInfo domainInfo; diff --git a/pdns/zone2ldap.cc b/pdns/zone2ldap.cc index 661658650b..eaf4bbb077 100644 --- a/pdns/zone2ldap.cc +++ b/pdns/zone2ldap.cc @@ -95,7 +95,7 @@ static void callback_simple( unsigned int domain_id, const DNSName &domain, cons dn += g_zonename.toStringNoDot() + "," + g_basedn; cout << "dn: " << dn << endl; - if( host.countLabels() == 0 ) { host = g_zonename; } + if( host.countLabels() == 0 ) { host = g_zonename.operator const DNSName&(); } if( !g_entries[dn] ) { @@ -312,7 +312,7 @@ int main( int argc, char* argv[] ) } try { - if( i.name != g_rootdnsname && i.name != DNSName("localhost") && i.name != DNSName("0.0.127.in-addr.arpa") ) + if( i.name != ZoneName(g_rootdnsname) && i.name != ZoneName("localhost") && i.name != ZoneName("0.0.127.in-addr.arpa") ) { cerr << "Parsing file: " << i.filename << ", domain: " << i.name << endl; g_zonename = i.name; diff --git a/pdns/zonemd.cc b/pdns/zonemd.cc index b320d15726..bed599382b 100644 --- a/pdns/zonemd.cc +++ b/pdns/zonemd.cc @@ -43,7 +43,7 @@ void pdns::ZoneMD::readRecords(const vector& records) void pdns::ZoneMD::processRecord(const DNSRecord& record) { - if (record.d_class == QClass::IN && record.d_name == d_zone) { + if (record.d_class == QClass::IN && record.d_name == DNSName(d_zone)) { switch (record.d_type) { case QType::SOA: { d_soaRecordContent = getRR(record); @@ -104,8 +104,8 @@ void pdns::ZoneMD::processRecord(const DNSRecord& record) return; } d_nsec3params.emplace_back(param); - d_nsec3label = d_zone; - d_nsec3label.prependRawLabel(toBase32Hex(hashQNameWithSalt(param->d_salt, param->d_iterations, d_zone))); + d_nsec3label = DNSName(d_zone); + d_nsec3label.prependRawLabel(toBase32Hex(hashQNameWithSalt(param->d_salt, param->d_iterations, DNSName(d_zone)))); // Zap the NSEC3 at labels that we now know are not relevant for (auto item = d_nsec3s.begin(); item != d_nsec3s.end();) { if (item->first != d_nsec3label) { @@ -123,7 +123,7 @@ void pdns::ZoneMD::processRecord(const DNSRecord& record) void pdns::ZoneMD::readRecord(const DNSRecord& record) { - if (!record.d_name.isPartOf(d_zone) && record.d_name != d_zone) { + if (!record.d_name.isPartOf(d_zone) && record.d_name != DNSName(d_zone)) { return; } if (record.d_class == QClass::IN && record.d_type == QType::SOA && d_soaRecordContent) { @@ -218,7 +218,7 @@ void pdns::ZoneMD::verify(bool& validationDone, bool& validationOK) for (auto& rrset : d_resourceRecordSets) { const auto& qname = rrset.first.first; const auto& qtype = rrset.first.second; - if (qtype == QType::ZONEMD && qname == d_zone) { + if (qtype == QType::ZONEMD && qname == DNSName(d_zone)) { continue; // the apex ZONEMD is not digested } @@ -226,7 +226,7 @@ void pdns::ZoneMD::verify(bool& validationDone, bool& validationOK) for (auto& resourceRecord : rrset.second) { if (qtype == QType::RRSIG) { const auto rrsig = std::dynamic_pointer_cast(resourceRecord); - if (rrsig->d_type == QType::ZONEMD && qname == d_zone) { + if (rrsig->d_type == QType::ZONEMD && qname == DNSName(d_zone)) { continue; } } diff --git a/pdns/zoneparser-tng.cc b/pdns/zoneparser-tng.cc index 93587d9020..8e2b56d52f 100644 --- a/pdns/zoneparser-tng.cc +++ b/pdns/zoneparser-tng.cc @@ -481,9 +481,9 @@ bool ZoneParserTNG::get(DNSResourceRecord& rr, std::string* comment) goto retry; } if(qname=="@") - rr.qname=d_zonename; + rr.qname=DNSName(d_zonename); else if(!prevqname && !isCanonical(qname)) - rr.qname += d_zonename; + rr.qname += DNSName(d_zonename); d_prevqname=rr.qname; if(d_parts.empty()) diff --git a/pdns/zoneparser-tng.hh b/pdns/zoneparser-tng.hh index 7a2961957e..79e56c7bbe 100644 --- a/pdns/zoneparser-tng.hh +++ b/pdns/zoneparser-tng.hh @@ -31,7 +31,7 @@ class ZoneParserTNG { public: - ZoneParserTNG(const string& fname, ZoneName zname=g_rootdnsname, string reldir="", bool upgradeContent=false); + ZoneParserTNG(const string& fname, ZoneName zname=ZoneName(g_rootdnsname), string reldir="", bool upgradeContent=false); ZoneParserTNG(const vector& zonedata, ZoneName zname, bool upgradeContent=false); ~ZoneParserTNG();