From: Remi Gacogne Date: Fri, 12 Nov 2021 10:56:50 +0000 (+0100) Subject: dnsdist: Move more DNSCrypt bindings into the right Lua file X-Git-Tag: auth-4.7.0-alpha1~103^2~20 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c0bc108fe3892a1dbc6dd3e2259a16f6b7ea24d4;p=thirdparty%2Fpdns.git dnsdist: Move more DNSCrypt bindings into the right Lua file --- diff --git a/pdns/dnsdist-lua.cc b/pdns/dnsdist-lua.cc index 768a8983b2..e37b998c6b 100644 --- a/pdns/dnsdist-lua.cc +++ b/pdns/dnsdist-lua.cc @@ -1638,87 +1638,6 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) return g_dnsCryptLocals.size(); }); - luaCtx.writeFunction("generateDNSCryptProviderKeys", [client](const std::string& publicKeyFile, const std::string privateKeyFile) { - setLuaNoSideEffect(); -#ifdef HAVE_DNSCRYPT - if (client) { - return; - } - unsigned char publicKey[DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE]; - unsigned char privateKey[DNSCRYPT_PROVIDER_PRIVATE_KEY_SIZE]; - sodium_mlock(privateKey, sizeof(privateKey)); - - try { - DNSCryptContext::generateProviderKeys(publicKey, privateKey); - - ofstream pubKStream(publicKeyFile); - pubKStream.write((char*)publicKey, sizeof(publicKey)); - pubKStream.close(); - - ofstream privKStream(privateKeyFile); - privKStream.write((char*)privateKey, sizeof(privateKey)); - privKStream.close(); - - g_outputBuffer = "Provider fingerprint is: " + DNSCryptContext::getProviderFingerprint(publicKey) + "\n"; - } - catch (std::exception& e) { - errlog(e.what()); - g_outputBuffer = "Error: " + string(e.what()) + "\n"; - } - - sodium_memzero(privateKey, sizeof(privateKey)); - sodium_munlock(privateKey, sizeof(privateKey)); -#else - g_outputBuffer = "Error: DNSCrypt support is not enabled.\n"; -#endif - }); - - luaCtx.writeFunction("printDNSCryptProviderFingerprint", [](const std::string& publicKeyFile) { - setLuaNoSideEffect(); -#ifdef HAVE_DNSCRYPT - unsigned char publicKey[DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE]; - - try { - ifstream file(publicKeyFile); - file.read((char*)&publicKey, sizeof(publicKey)); - - if (file.fail()) - throw std::runtime_error("Invalid dnscrypt provider public key file " + publicKeyFile); - - file.close(); - g_outputBuffer = "Provider fingerprint is: " + DNSCryptContext::getProviderFingerprint(publicKey) + "\n"; - } - catch (std::exception& e) { - errlog(e.what()); - g_outputBuffer = "Error: " + string(e.what()) + "\n"; - } -#else - g_outputBuffer = "Error: DNSCrypt support is not enabled.\n"; -#endif - }); - -#ifdef HAVE_DNSCRYPT - luaCtx.writeFunction("generateDNSCryptCertificate", [client](const std::string& providerPrivateKeyFile, const std::string& certificateFile, const std::string privateKeyFile, uint32_t serial, time_t begin, time_t end, boost::optional version) { - setLuaNoSideEffect(); - if (client) { - return; - } - DNSCryptPrivateKey privateKey; - DNSCryptCert cert; - - try { - if (generateDNSCryptCertificate(providerPrivateKeyFile, serial, begin, end, version ? *version : DNSCryptExchangeVersion::VERSION1, cert, privateKey)) { - privateKey.saveToFile(privateKeyFile); - DNSCryptContext::saveCertFromFile(cert, certificateFile); - } - } - catch (const std::exception& e) { - errlog(e.what()); - g_outputBuffer = "Error: " + string(e.what()) + "\n"; - } - }); -#endif - luaCtx.writeFunction("showPools", []() { setLuaNoSideEffect(); try { @@ -2875,7 +2794,7 @@ vector> setupLua(LuaContext& luaCtx, bool client, bool setupLuaActions(luaCtx); setupLuaConfig(luaCtx, client, configCheck); setupLuaBindings(luaCtx, client); - setupLuaBindingsDNSCrypt(luaCtx); + setupLuaBindingsDNSCrypt(luaCtx, client); setupLuaBindingsDNSQuestion(luaCtx); setupLuaBindingsKVS(luaCtx, client); setupLuaBindingsPacketCache(luaCtx, client); diff --git a/pdns/dnsdist-lua.hh b/pdns/dnsdist-lua.hh index 8f6157b532..9611963c06 100644 --- a/pdns/dnsdist-lua.hh +++ b/pdns/dnsdist-lua.hh @@ -139,7 +139,7 @@ typedef NetmaskTree nmts_t; vector> setupLua(LuaContext& luaCtx, bool client, bool configCheck, const std::string& config); void setupLuaActions(LuaContext& luaCtx); void setupLuaBindings(LuaContext& luaCtx, bool client); -void setupLuaBindingsDNSCrypt(LuaContext& luaCtx); +void setupLuaBindingsDNSCrypt(LuaContext& luaCtx, bool client); void setupLuaBindingsDNSQuestion(LuaContext& luaCtx); void setupLuaBindingsKVS(LuaContext& luaCtx, bool client); void setupLuaBindingsPacketCache(LuaContext& luaCtx, bool client); diff --git a/pdns/dnsdistdist/dnsdist-lua-bindings-dnscrypt.cc b/pdns/dnsdistdist/dnsdist-lua-bindings-dnscrypt.cc index 9ea3fc87c3..8de02805e9 100644 --- a/pdns/dnsdistdist/dnsdist-lua-bindings-dnscrypt.cc +++ b/pdns/dnsdistdist/dnsdist-lua-bindings-dnscrypt.cc @@ -26,7 +26,7 @@ #include "dolog.hh" -void setupLuaBindingsDNSCrypt(LuaContext& luaCtx) +void setupLuaBindingsDNSCrypt(LuaContext& luaCtx, bool client) { #ifdef HAVE_DNSCRYPT /* DNSCryptContext bindings */ @@ -151,5 +151,85 @@ void setupLuaBindingsDNSCrypt(LuaContext& luaCtx) luaCtx.registerFunction("getSerial", [](const DNSCryptCert& cert) { return cert.getSerial(); }); luaCtx.registerFunction("getTSStart", [](const DNSCryptCert& cert) { return ntohl(cert.getTSStart()); }); luaCtx.registerFunction("getTSEnd", [](const DNSCryptCert& cert) { return ntohl(cert.getTSEnd()); }); + + luaCtx.writeFunction("generateDNSCryptCertificate", [client](const std::string& providerPrivateKeyFile, const std::string& certificateFile, const std::string privateKeyFile, uint32_t serial, time_t begin, time_t end, boost::optional version) { + setLuaNoSideEffect(); + if (client) { + return; + } + DNSCryptPrivateKey privateKey; + DNSCryptCert cert; + + try { + if (generateDNSCryptCertificate(providerPrivateKeyFile, serial, begin, end, version ? *version : DNSCryptExchangeVersion::VERSION1, cert, privateKey)) { + privateKey.saveToFile(privateKeyFile); + DNSCryptContext::saveCertFromFile(cert, certificateFile); + } + } + catch (const std::exception& e) { + errlog(e.what()); + g_outputBuffer = "Error: " + string(e.what()) + "\n"; + } + }); #endif + + luaCtx.writeFunction("generateDNSCryptProviderKeys", [client](const std::string& publicKeyFile, const std::string privateKeyFile) { + setLuaNoSideEffect(); +#ifdef HAVE_DNSCRYPT + if (client) { + return; + } + unsigned char publicKey[DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE]; + unsigned char privateKey[DNSCRYPT_PROVIDER_PRIVATE_KEY_SIZE]; + sodium_mlock(privateKey, sizeof(privateKey)); + + try { + DNSCryptContext::generateProviderKeys(publicKey, privateKey); + + ofstream pubKStream(publicKeyFile); + pubKStream.write(reinterpret_cast(publicKey), sizeof(publicKey)); + pubKStream.close(); + + ofstream privKStream(privateKeyFile); + privKStream.write(reinterpret_cast(privateKey), sizeof(privateKey)); + privKStream.close(); + + g_outputBuffer = "Provider fingerprint is: " + DNSCryptContext::getProviderFingerprint(publicKey) + "\n"; + } + catch (const std::exception& e) { + errlog(e.what()); + g_outputBuffer = "Error: " + string(e.what()) + "\n"; + } + + sodium_memzero(privateKey, sizeof(privateKey)); + sodium_munlock(privateKey, sizeof(privateKey)); +#else + g_outputBuffer = "Error: DNSCrypt support is not enabled.\n"; +#endif + }); + + luaCtx.writeFunction("printDNSCryptProviderFingerprint", [](const std::string& publicKeyFile) { + setLuaNoSideEffect(); +#ifdef HAVE_DNSCRYPT + unsigned char publicKey[DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE]; + + try { + ifstream file(publicKeyFile); + file.read(reinterpret_cast(&publicKey), sizeof(publicKey)); + + if (file.fail()) { + throw std::runtime_error("Invalid dnscrypt provider public key file " + publicKeyFile); + } + + file.close(); + g_outputBuffer = "Provider fingerprint is: " + DNSCryptContext::getProviderFingerprint(publicKey) + "\n"; + } + catch (const std::exception& e) { + errlog(e.what()); + g_outputBuffer = "Error: " + string(e.what()) + "\n"; + } +#else + g_outputBuffer = "Error: DNSCrypt support is not enabled.\n"; +#endif + }); }