From: Aki Tuomi <cmouse@cmouse.fi>
Date: Tue, 27 Jun 2017 04:42:46 +0000 (+0300)
Subject: Remove Lua Policy Engine calls from code
X-Git-Tag: rec-4.1.0-alpha1~23^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=da286f66bb71343f464f37556652173e95884b70;p=thirdparty%2Fpdns.git

Remove Lua Policy Engine calls from code
---

diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
index f3e690da10..64f04de147 100644
--- a/pdns/common_startup.cc
+++ b/pdns/common_startup.cc
@@ -49,7 +49,6 @@ int avg_latency;
 TCPNameserver *TN;
 static vector<DNSDistributor*> g_distributors;
 vector<std::shared_ptr<UDPNameserver> > g_udpReceivers;
-AuthLua *LPE;
 
 ArgvMap &arg()
 {
@@ -181,7 +180,6 @@ void declareArguments()
 
   ::arg().set("lua-prequery-script", "Lua script with prequery handler (DO NOT USE)")="";
   ::arg().set("lua-dnsupdate-policy-script", "Lua script with DNS update policy handler")="";
-  ::arg().set("experimental-lua-policy-script", "Lua script for the policy engine")="";
 
   ::arg().setSwitch("traceback-handler","Enable the traceback handler (Linux only)")="yes";
   ::arg().setSwitch("direct-dnskey","Fetch DNSKEY RRs from backend during DNSKEY synthesis")="no";
@@ -420,22 +418,9 @@ try
         cached.d.rd=P->d.rd; // copy in recursion desired bit
         cached.d.id=P->d.id;
         cached.commitD(); // commit d to the packet                        inlined
-
-        int policyres = PolicyDecision::PASS;
-        if(LPE)
-        {
-          // FIXME: cached does not have qdomainwild/qdomainzone because packetcache entries
-          // go through tostring/noparse
-          policyres = LPE->police(&question, &cached);
-        }
-
-        if (policyres == PolicyDecision::PASS) {
-          NS->send(&cached);   // answer it then                              inlined
-          diff=P->d_dt.udiff();
-          avg_latency=(int)(0.999*avg_latency+0.001*diff); // 'EWMA'
-        }
-        // FIXME implement truncate
-
+        NS->send(&cached); // answer it then                              inlined
+        diff=P->d_dt.udiff();
+        avg_latency=(int)(0.999*avg_latency+0.001*diff); // 'EWMA'
         continue;
       }
     }
@@ -550,11 +535,6 @@ void mainthread()
   if(::arg().mustDo("slave") || ::arg().mustDo("master") || !::arg()["forward-notify"].empty())
     Communicator.go(); 
 
-  if(!::arg()["experimental-lua-policy-script"].empty()){
-    LPE=new AuthLua(::arg()["experimental-lua-policy-script"]);
-    L<<Logger::Warning<<"Loaded Lua policy script "<<::arg()["experimental-lua-policy-script"]<<endl;
-  }
-
   if(TN)
     TN->go(); // tcp nameserver launch
 
diff --git a/pdns/common_startup.hh b/pdns/common_startup.hh
index 2bcff68a5a..25e98a4937 100644
--- a/pdns/common_startup.hh
+++ b/pdns/common_startup.hh
@@ -46,7 +46,6 @@ extern std::shared_ptr<UDPNameserver> N;
 extern vector<std::shared_ptr<UDPNameserver> > g_udpReceivers;
 extern int avg_latency;
 extern TCPNameserver *TN;
-extern AuthLua *LPE;
 extern ArgvMap & arg( void );
 extern void declareArguments();
 extern void declareStats();
diff --git a/pdns/dnspacket.cc b/pdns/dnspacket.cc
index 6af20a75e6..e40f88114f 100644
--- a/pdns/dnspacket.cc
+++ b/pdns/dnspacket.cc
@@ -361,7 +361,7 @@ void DNSPacket::wrapup()
   
   d_rawpacket.assign((char*)&packet[0], packet.size()); // XXX we could do this natively on a vector..
 
-  // copy RR counts so LPE can read them
+  // copy RR counts so they can be read later
   d.qdcount = pw.getHeader()->qdcount;
   d.ancount = pw.getHeader()->ancount;
   d.nscount = pw.getHeader()->nscount;
diff --git a/pdns/dynhandler.cc b/pdns/dynhandler.cc
index 1f465054e2..3d681cd2a0 100644
--- a/pdns/dynhandler.cc
+++ b/pdns/dynhandler.cc
@@ -380,16 +380,6 @@ string DLListZones(const vector<string>&parts, Utility::pid_t ppid)
   return ret.str();
 }
 
-string DLPolicy(const vector<string>&parts, Utility::pid_t ppid)
-{
-  if(LPE) {
-    return LPE->policycmd(parts);
-  }
-  else {
-    return "no policy script loaded";
-  }
-}
-
 #ifdef HAVE_P11KIT1
 extern bool PKCS11ModuleSlotLogin(const std::string& module, const string& tokenId, const std::string& pin);
 #endif
diff --git a/pdns/dynhandler.hh b/pdns/dynhandler.hh
index 432d729078..6a7ab6e694 100644
--- a/pdns/dynhandler.hh
+++ b/pdns/dynhandler.hh
@@ -55,7 +55,6 @@ string DLPurgeHandler(const vector<string>&parts, Utility::pid_t ppid);
 string DLNotifyRetrieveHandler(const vector<string>&parts, Utility::pid_t ppid);
 string DLCurrentConfigHandler(const vector<string>&parts, Utility::pid_t ppid);
 string DLListZones(const vector<string>&parts, Utility::pid_t ppid);
-string DLPolicy(const vector<string>&parts, Utility::pid_t ppid);
 string DLTokenLogin(const vector<string>&parts, Utility::pid_t ppid);
 uint64_t udpErrorStats(const std::string& str);
 #endif /* PDNS_DYNHANDLER_HH */
diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index 01036d29d1..894c29f1e8 100644
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -922,7 +922,6 @@ bool validDNSName(const DNSName &name)
 DNSPacket *PacketHandler::question(DNSPacket *p)
 {
   DNSPacket *ret;
-  int policyres = PolicyDecision::PASS;
 
   if(d_pdl)
   {
@@ -936,38 +935,7 @@ DNSPacket *PacketHandler::question(DNSPacket *p)
     rdqueries++;
   }
 
-  if(LPE)
-  {
-    policyres = LPE->police(p, NULL);
-  }
-
-  if (policyres == PolicyDecision::DROP)
-    return NULL;
-
-  if (policyres == PolicyDecision::TRUNCATE) {
-    ret=p->replyPacket();  // generate an empty reply packet
-    ret->d.tc = 1;
-    ret->commitD();
-    return ret;
-  }
-
-  ret=doQuestion(p);
-
-  if(LPE) {
-    policyres = LPE->police(p, ret);
-    if(policyres == PolicyDecision::DROP) {
-      delete ret;
-      return NULL;
-    }
-    if (policyres == PolicyDecision::TRUNCATE) {
-      delete ret;
-      ret=p->replyPacket();  // generate an empty reply packet
-      ret->d.tc = 1;
-      ret->commitD();
-    }
-
-  }
-  return ret;
+  return doQuestion(p);
 }
 
 
diff --git a/pdns/receiver.cc b/pdns/receiver.cc
index a4d223fbde..aa2d439509 100644
--- a/pdns/receiver.cc
+++ b/pdns/receiver.cc
@@ -585,7 +585,6 @@ int main(int argc, char **argv)
     DynListener::registerFunc("RETRIEVE",&DLNotifyRetrieveHandler, "retrieve slave domain", "<domain>");
     DynListener::registerFunc("CURRENT-CONFIG",&DLCurrentConfigHandler, "retrieve the current configuration");
     DynListener::registerFunc("LIST-ZONES",&DLListZones, "show list of zones", "[master|slave|native]");
-    DynListener::registerFunc("POLICY",&DLPolicy, "interact with policy engine", "[policy command]");
     DynListener::registerFunc("TOKEN-LOGIN", &DLTokenLogin, "Login to a PKCS#11 token", "<module> <slot> <pin>");
 
     if(!::arg()["tcp-control-address"].empty()) {
diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc
index 10c0bfdd47..184b499305 100644
--- a/pdns/tcpreceiver.cc
+++ b/pdns/tcpreceiver.cc
@@ -365,8 +365,6 @@ void *TCPNameserver::doConnection(void *data)
         cached->d.rd=packet->d.rd; // copy in recursion desired bit 
         cached->commitD(); // commit d to the packet                        inlined
 
-        if(LPE) LPE->police(&(*packet), &(*cached), true);
-
         sendPacket(cached, fd); // presigned, don't do it again
         continue;
       }
@@ -380,8 +378,6 @@ void *TCPNameserver::doConnection(void *data)
         }
 
         reply=shared_ptr<DNSPacket>(s_P->doQuestion(packet.get())); // we really need to ask the backend :-)
-
-        if(LPE) LPE->police(&(*packet), &(*reply), true);
       }
 
       if(!reply)  // unable to write an answer?