From: Charles-Henri Bruyand Date: Tue, 12 Jun 2018 14:33:44 +0000 (+0200) Subject: report execution failure in wildcard LUA records X-Git-Tag: auth-4.2.0-alpha1~19^2~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cc5c4f6bfdc21b6d41c75fd284805d4f82b55021;p=thirdparty%2Fpdns.git report execution failure in wildcard LUA records --- diff --git a/pdns/lua-record.cc b/pdns/lua-record.cc index 60374202aa..ad070e8a9f 100644 --- a/pdns/lua-record.cc +++ b/pdns/lua-record.cc @@ -450,11 +450,7 @@ static vector > convWIplist(std::unordered_map> luaSynth(const std::string& code, const DNSName& query, const DNSName& zone, int zoneid, const DNSPacket& dnsp, uint16_t qtype) { - // cerr<<"Called for "<> ret; @@ -491,13 +487,14 @@ std::vector> luaSynth(const std::string& code, cons lua.writeFunction("closestMagic", [&bestwho,&query]() { vector candidates; + // Getting something like 192-0-2-1.192-0-2-2.198-51-100-1.example.org for(auto l : query.getRawLabels()) { boost::replace_all(l, "-", "."); try { candidates.emplace_back(l); } catch (const PDNSException& e) { - // we want the reason to be reported by the lua wrapper - throw std::invalid_argument(e.reason); + // no need to continue as we most likely reached the end of the ip list + break ; } } return pickclosest(bestwho, candidates).toString(); diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc index 6fa2a7be29..5d13d70d02 100644 --- a/pdns/packethandler.cc +++ b/pdns/packethandler.cc @@ -386,17 +386,12 @@ bool PacketHandler::getBestWildcard(DNSPacket *p, SOAData& sd, const DNSName &ta if(rec->d_type == QType::CNAME || rec->d_type == p->qtype.getCode()) { // noCache=true; DLOG(g_log<<"Executing Lua: '"<getCode()<<"'"<getCode(), target, sd.qname, sd.domain_id, *p, rec->d_type); - for(const auto& r : recvec) { - rr.dr.d_type = rec->d_type; // might be CNAME - rr.dr.d_content = r; - rr.scopeMask = p->getRealRemote().getBits(); // this makes sure answer is a specific as your question - ret->push_back(rr); - } - } - catch(std::exception &e) { - ; + auto recvec=luaSynth(rec->getCode(), target, sd.qname, sd.domain_id, *p, rec->d_type); + for(const auto& r : recvec) { + rr.dr.d_type = rec->d_type; // might be CNAME + rr.dr.d_content = r; + rr.scopeMask = p->getRealRemote().getBits(); // this makes sure answer is a specific as your question + ret->push_back(rr); } } } diff --git a/regression-tests.auth-py/test_LuaRecords.py b/regression-tests.auth-py/test_LuaRecords.py index f812b479e8..15533ad133 100644 --- a/regression-tests.auth-py/test_LuaRecords.py +++ b/regression-tests.auth-py/test_LuaRecords.py @@ -337,6 +337,16 @@ www-balanced IN CNAME 1-1-1-3.17-1-2-4.1-2-3-5.magic.example.org. self.assertRcodeEqual(res, dns.rcode.NOERROR) self.assertRRsetInAnswer(res, expected) + def testWildcardError(self): + """ + Ensure errors coming from LUA wildcards are reported + """ + query = dns.message.make_query('failure.magic.example.org', 'A') + + res = self.sendUDPQuery(query) + self.assertRcodeEqual(res, dns.rcode.SERVFAIL) + self.assertAnswerEmpty(res) + def testClosestMagic(self): """ Basic closestMagic() test @@ -488,8 +498,6 @@ www-balanced IN CNAME 1-1-1-3.17-1-2-4.1-2-3-5.magic.example.org. """ view() test where no netmask match """ - expected = dns.rrset.from_text('none.view.example.org.', 0, - dns.rdataclass.IN, 'A') query = dns.message.make_query('none.view.example.org', 'A') res = self.sendUDPQuery(query)