From: Charles-Henri Bruyand <charles-henri.bruyand@open-xchange.com>
Date: Wed, 9 Oct 2024 14:21:27 +0000 (+0200)
Subject: dnsdist: add a global loadTicketsKey function
X-Git-Tag: rec-5.2.0-alpha1~32^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eb8748356f51bec98dd0626e18627d2552858d07;p=thirdparty%2Fpdns.git

dnsdist: add a global loadTicketsKey function
---

diff --git a/pdns/dnsdistdist/dnsdist-lua.cc b/pdns/dnsdistdist/dnsdist-lua.cc
index a21066715c..0bb509aa04 100644
--- a/pdns/dnsdistdist/dnsdist-lua.cc
+++ b/pdns/dnsdistdist/dnsdist-lua.cc
@@ -2995,6 +2995,29 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck)
       frontend->loadTicketsKey(key);
     }
   });
+  luaCtx.writeFunction("loadTicketsKey", [](const std::string& key) {
+    for (const auto& frontend : dnsdist::getFrontends()) {
+      if (!frontend) {
+        continue;
+      }
+      try {
+#ifdef HAVE_DNS_OVER_TLS
+       if (frontend->tlsFrontend) {
+         frontend->tlsFrontend->loadTicketsKey(key);
+       }
+#endif /* HAVE_DNS_OVER_TLS */
+#ifdef HAVE_DNS_OVER_HTTPS
+       if (frontend->dohFrontend) {
+         frontend->dohFrontend->loadTicketsKey(key);
+       }
+#endif /* HAVE_DNS_OVER_HTTPS */
+      }
+      catch (const std::exception& e) {
+        errlog("Error loading given tickets key for local %s", frontend->local.toStringWithPort());
+      }
+    }
+  });
+
 
   luaCtx.registerFunction<void (std::shared_ptr<DOHFrontend>::*)(const LuaArray<std::shared_ptr<DOHResponseMapEntry>>&)>("setResponsesMap", [](const std::shared_ptr<DOHFrontend>& frontend, const LuaArray<std::shared_ptr<DOHResponseMapEntry>>& map) {
     if (frontend != nullptr) {
diff --git a/pdns/dnsdistdist/docs/reference/config.rst b/pdns/dnsdistdist/docs/reference/config.rst
index b33cf556c3..4bdd9e32c8 100644
--- a/pdns/dnsdistdist/docs/reference/config.rst
+++ b/pdns/dnsdistdist/docs/reference/config.rst
@@ -52,6 +52,12 @@ Global configuration
 
   :param str path: The directory to load configuration files from. Each file must end in ``.conf``.
 
+.. function:: loadTicketsKey(key)
+
+  Load the given TLS tickets key on all compatible frontends (DOH and TLS).
+
+  :param str key: The new raw TLS tickets key to use.
+
 .. function:: reloadAllCertificates()
 
   .. versionadded:: 1.4.0
@@ -2355,6 +2361,12 @@ DOHFrontend
 
     :param str ticketsKeysFile: The path to a file from where TLS tickets keys should be loaded.
 
+  .. method:: DOHFrontend:loadTicketsKey(key)
+
+     Replace the current TLS tickets key with a given one.
+
+     :param str key: the new raw TLS tickets key to load.
+
   .. method:: DOHFrontend:reloadCertificates()
 
      Reload the current TLS certificate and key pairs.
@@ -2534,6 +2546,12 @@ TLSFrontend
 
     :param str ticketsKeysFile: The path to a file from where TLS tickets keys should be loaded.
 
+  .. method:: TLSFrontend:loadTicketsKey(key)
+
+     Replace the current TLS tickets key with a given one.
+
+    :param str key: the new raw TLS tickets key to load.
+
   .. method:: TLSFrontend:reloadCertificates()
 
   .. versionadded:: 1.6.0