From: Miod Vallat <miod.vallat@powerdns.com>
Date: Fri, 25 Apr 2025 05:46:22 +0000 (+0200)
Subject: Require explicit zone id values in lookup calls.
X-Git-Tag: auth-5.0.0-alpha1~1^2~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d0b219d77108049c892675a92f16bc1af42f37fa;p=thirdparty%2Fpdns.git

Require explicit zone id values in lookup calls.

Annotate use of UnknownDomainID when it's safe to use.
---

diff --git a/docs/appendices/backend-writers-guide.rst b/docs/appendices/backend-writers-guide.rst
index 143d5f3122..aa7179470d 100644
--- a/docs/appendices/backend-writers-guide.rst
+++ b/docs/appendices/backend-writers-guide.rst
@@ -67,7 +67,7 @@ following methods are relevant:
         {
         public:
         virtual unsigned int getCapabilities()=0;
-        virtual void lookup(const QType &qtype, const string &qdomain, domainid_t zoneId=UnknownDomainID, DNSPacket *pkt_p=nullptr)=0;
+        virtual void lookup(const QType &qtype, const string &qdomain, domainid_t zoneId, DNSPacket *pkt_p=nullptr)=0;
         virtual bool list(const string &target, domainid_t domain_id)=0;
         virtual bool get(DNSResourceRecord &r)=0;
         virtual bool getSOA(const string &name, domainid_t zoneId, SOAData &soadata);
@@ -355,7 +355,7 @@ Methods
 * `CAP_DNSSEC`     Backend implements :ref:`backend-dnssec`.
 * `CAP_LIST`       Backend implements `list`, for AXFR or `pdnsutil list-zone`
 
-.. cpp:function:: void DNSBackend::lookup(const QType &qtype, const string &qdomain, domainid_t zoneId=UnknownDomainID, DNSPacket *pkt=nullptr)
+.. cpp:function:: void DNSBackend::lookup(const QType &qtype, const string &qdomain, domainid_t zoneId, DNSPacket *pkt=nullptr)
 
   This function is used to initiate a straight lookup for a record of name
   'qdomain' and type 'qtype'. A QType can be converted into an integer by
diff --git a/modules/remotebackend/remotebackend.hh b/modules/remotebackend/remotebackend.hh
index 4e67740939..94bb292b42 100644
--- a/modules/remotebackend/remotebackend.hh
+++ b/modules/remotebackend/remotebackend.hh
@@ -168,8 +168,8 @@ public:
   ~RemoteBackend() override;
 
   unsigned int getCapabilities() override;
-  void lookup(const QType& qtype, const DNSName& qdomain, domainid_t zoneId = UnknownDomainID, DNSPacket* pkt_p = nullptr) override;
-  void APILookup(const QType& qtype, const DNSName& qdomain, domainid_t zoneId = UnknownDomainID, bool include_disabled = false) override;
+  void lookup(const QType& qtype, const DNSName& qdomain, domainid_t zoneId, DNSPacket* pkt_p = nullptr) override;
+  void APILookup(const QType& qtype, const DNSName& qdomain, domainid_t zoneId, bool include_disabled = false) override;
   bool get(DNSResourceRecord& rr) override;
   bool list(const ZoneName& target, domainid_t domain_id, bool include_disabled = false) override;
 
diff --git a/modules/remotebackend/test-remotebackend.cc b/modules/remotebackend/test-remotebackend.cc
index 9589c68e5d..05cd75a90d 100644
--- a/modules/remotebackend/test-remotebackend.cc
+++ b/modules/remotebackend/test-remotebackend.cc
@@ -52,7 +52,7 @@ BOOST_AUTO_TEST_CASE(test_method_lookup)
 {
   BOOST_TEST_MESSAGE("Testing lookup method");
   DNSResourceRecord resourceRecord;
-  backendUnderTest->lookup(QType(QType::SOA), DNSName("unit.test."));
+  backendUnderTest->lookup(QType(QType::SOA), DNSName("unit.test."), UnknownDomainID);
   // then try to get()
   BOOST_CHECK(backendUnderTest->get(resourceRecord)); // and this should be TRUE.
   // then we check rr contains what we expect
@@ -66,7 +66,7 @@ BOOST_AUTO_TEST_CASE(test_method_lookup_empty)
 {
   BOOST_TEST_MESSAGE("Testing lookup method with empty result");
   DNSResourceRecord resourceRecord;
-  backendUnderTest->lookup(QType(QType::SOA), DNSName("empty.unit.test."));
+  backendUnderTest->lookup(QType(QType::SOA), DNSName("empty.unit.test."), UnknownDomainID);
   // then try to get()
   BOOST_CHECK(!backendUnderTest->get(resourceRecord)); // and this should be FALSE
 }
diff --git a/pdns/communicator.hh b/pdns/communicator.hh
index e95181c118..f85fb597bc 100644
--- a/pdns/communicator.hh
+++ b/pdns/communicator.hh
@@ -263,7 +263,8 @@ public:
     this->resolve_name(&addresses, name);
 
     if (b) {
-      b->lookup(QType(QType::ANY), name, -1);
+      // Safe to pass UnknownDomainID here - name is obtained from NSRecordContent
+      b->lookup(QType(QType::ANY), name, UnknownDomainID);
       DNSZoneRecord rr;
       while (b->get(rr))
         if (rr.dr.d_type == QType::A || rr.dr.d_type == QType::AAAA)
diff --git a/pdns/dnsbackend.cc b/pdns/dnsbackend.cc
index 5d71833660..1c0791361b 100644
--- a/pdns/dnsbackend.cc
+++ b/pdns/dnsbackend.cc
@@ -260,6 +260,7 @@ bool DNSBackend::getSOA(const ZoneName& domain, domainid_t zoneId, SOAData& soaD
     }
     zoneId = domaininfo.id;
   }
+  // Safe for zoneId to be -1 here - it won't be the case for variants, see above
   this->lookup(QType(QType::SOA), domain.operator const DNSName&(), zoneId);
   S.inc("backend-queries");
 
diff --git a/pdns/dnsbackend.hh b/pdns/dnsbackend.hh
index e445c96ef9..b6ca22d37f 100644
--- a/pdns/dnsbackend.hh
+++ b/pdns/dnsbackend.hh
@@ -169,8 +169,8 @@ public:
   virtual unsigned int getCapabilities() = 0;
 
   //! lookup() initiates a lookup. A lookup without results should not throw!
-  virtual void lookup(const QType& qtype, const DNSName& qdomain, domainid_t zoneId = UnknownDomainID, DNSPacket* pkt_p = nullptr) = 0;
-  virtual void APILookup(const QType& qtype, const DNSName& qdomain, domainid_t zoneId = UnknownDomainID, bool include_disabled = false);
+  virtual void lookup(const QType& qtype, const DNSName& qdomain, domainid_t zoneId, DNSPacket* pkt_p = nullptr) = 0;
+  virtual void APILookup(const QType& qtype, const DNSName& qdomain, domainid_t zoneId, bool include_disabled = false);
   virtual bool get(DNSResourceRecord&) = 0; //!< retrieves one DNSResource record, returns false if no more were available
   virtual bool get(DNSZoneRecord& zoneRecord);
 
diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc
index c16862105b..2659a2e8a4 100644
--- a/pdns/pdnsutil.cc
+++ b/pdns/pdnsutil.cc
@@ -253,11 +253,13 @@ static void dbBench(const std::string& fname)
   unsigned int hits=0, misses=0;
   for(; n < 10000; ++n) {
     DNSName domain(domains[dns_random(domains.size())]);
-    B.lookup(QType(QType::NS), domain, -1);
+    // Safe to pass UnknownDomainID here
+    B.lookup(QType(QType::NS), domain, UnknownDomainID);
     while(B.get(rr)) {
       hits++;
     }
-    B.lookup(QType(QType::A), DNSName(std::to_string(dns_random_uint32()))+domain, -1);
+    // Safe to pass UnknownDomainID here
+    B.lookup(QType(QType::A), DNSName(std::to_string(dns_random_uint32()))+domain, UnknownDomainID);
     while(B.get(rr)) {
     }
     misses++;