From 39dafc3b827cb13b06e96c40e831858f10c4e61d Mon Sep 17 00:00:00 2001 From: Kees Monshouwer Date: Thu, 30 Sep 2021 22:46:28 +0200 Subject: [PATCH] auth: ignore broken SOA content in getAllDomains(), avoid unnecessary parsing of SOA content --- modules/bindbackend/bindbackend2.cc | 24 +++++++++++---------- modules/bindbackend/bindbackend2.hh | 2 +- modules/geoipbackend/geoipbackend.cc | 2 +- modules/geoipbackend/geoipbackend.hh | 2 +- modules/lmdbbackend/lmdbbackend.cc | 2 +- modules/lmdbbackend/lmdbbackend.hh | 2 +- modules/lua2backend/lua2api2.hh | 2 +- modules/remotebackend/remotebackend.cc | 2 +- modules/remotebackend/remotebackend.hh | 2 +- modules/remotebackend/test-remotebackend.cc | 2 +- modules/tinydnsbackend/tinydnsbackend.cc | 22 +++++++++++++------ modules/tinydnsbackend/tinydnsbackend.hh | 2 +- pdns/backends/gsql/gsqlbackend.cc | 17 ++++++++++----- pdns/backends/gsql/gsqlbackend.hh | 2 +- pdns/dnsbackend.cc | 2 +- pdns/dnsbackend.hh | 2 +- pdns/dynhandler.cc | 4 ++-- pdns/pdnsutil.cc | 14 ++++++------ pdns/ueberbackend.cc | 7 +++--- pdns/ueberbackend.hh | 2 +- pdns/ws-auth.cc | 4 ++-- 21 files changed, 69 insertions(+), 51 deletions(-) diff --git a/modules/bindbackend/bindbackend2.cc b/modules/bindbackend/bindbackend2.cc index 933302b726..1443681a39 100644 --- a/modules/bindbackend/bindbackend2.cc +++ b/modules/bindbackend/bindbackend2.cc @@ -363,7 +363,7 @@ void Bind2Backend::getUpdatedMasters(vector* changedDomains) } } -void Bind2Backend::getAllDomains(vector* domains, bool include_disabled) +void Bind2Backend::getAllDomains(vector* domains, bool getSerial, bool include_disabled) { SOAData soadata; @@ -384,17 +384,19 @@ void Bind2Backend::getAllDomains(vector* domains, bool include_disab }; } - for (DomainInfo& di : *domains) { - // do not corrupt di if domain supplied by another backend. - if (di.backend != this) - continue; - try { - this->getSOA(di.zone, soadata); - } - catch (...) { - continue; + if (getSerial) { + for (DomainInfo& di : *domains) { + // do not corrupt di if domain supplied by another backend. + if (di.backend != this) + continue; + try { + this->getSOA(di.zone, soadata); + } + catch (...) { + continue; + } + di.serial = soadata.serial; } - di.serial = soadata.serial; } } diff --git a/modules/bindbackend/bindbackend2.hh b/modules/bindbackend/bindbackend2.hh index 62cd063a89..db65ff266f 100644 --- a/modules/bindbackend/bindbackend2.hh +++ b/modules/bindbackend/bindbackend2.hh @@ -194,7 +194,7 @@ public: void lookup(const QType&, const DNSName& qdomain, int zoneId, DNSPacket* p = nullptr) override; bool list(const DNSName& target, int id, bool include_disabled = false) override; bool get(DNSResourceRecord&) override; - void getAllDomains(vector* domains, bool include_disabled = false) override; + void getAllDomains(vector* domains, bool getSerial, bool include_disabled = false) override; static DNSBackend* maker(); static std::mutex s_startup_lock; diff --git a/modules/geoipbackend/geoipbackend.cc b/modules/geoipbackend/geoipbackend.cc index 3d563eab21..e1a2312a6c 100644 --- a/modules/geoipbackend/geoipbackend.cc +++ b/modules/geoipbackend/geoipbackend.cc @@ -850,7 +850,7 @@ bool GeoIPBackend::getDomainInfo(const DNSName& domain, DomainInfo& di, bool get return false; } -void GeoIPBackend::getAllDomains(vector* domains, bool include_disabled) +void GeoIPBackend::getAllDomains(vector* domains, bool getSerial, bool include_disabled) { ReadLock rl(&s_state_lock); diff --git a/modules/geoipbackend/geoipbackend.hh b/modules/geoipbackend/geoipbackend.hh index cb463cc080..470da9bdb0 100644 --- a/modules/geoipbackend/geoipbackend.hh +++ b/modules/geoipbackend/geoipbackend.hh @@ -55,7 +55,7 @@ public: void reload() override; void rediscover(string* status = 0) override; bool getDomainInfo(const DNSName& domain, DomainInfo& di, bool getSerial = true) override; - void getAllDomains(vector* domains, bool include_disabled = false) override; + void getAllDomains(vector* domains, bool getSerial, bool include_disabled) override; // dnssec support bool doesDNSSEC() override { return d_dnssec; }; diff --git a/modules/lmdbbackend/lmdbbackend.cc b/modules/lmdbbackend/lmdbbackend.cc index 37458daf19..7c33213610 100644 --- a/modules/lmdbbackend/lmdbbackend.cc +++ b/modules/lmdbbackend/lmdbbackend.cc @@ -982,7 +982,7 @@ bool LMDBBackend::createDomain(const DNSName& domain, const DomainInfo::DomainKi return true; } -void LMDBBackend::getAllDomains(vector* domains, bool include_disabled) +void LMDBBackend::getAllDomains(vector* domains, bool doSerial, bool include_disabled) { domains->clear(); auto txn = d_tdomains->getROTransaction(); diff --git a/modules/lmdbbackend/lmdbbackend.hh b/modules/lmdbbackend/lmdbbackend.hh index a489770b6c..33399f31d7 100644 --- a/modules/lmdbbackend/lmdbbackend.hh +++ b/modules/lmdbbackend/lmdbbackend.hh @@ -69,7 +69,7 @@ public: bool feedEnts3(int domain_id, const DNSName& domain, map& nonterm, const NSEC3PARAMRecordContent& ns3prc, bool narrow) override; bool replaceRRSet(uint32_t domain_id, const DNSName& qname, const QType& qt, const vector& rrset) override; - void getAllDomains(vector* domains, bool include_disabled = false) override; + void getAllDomains(vector* domains, bool doSerial, bool include_disabled) override; void lookup(const QType& type, const DNSName& qdomain, int zoneId, DNSPacket* p = nullptr) override; bool get(DNSResourceRecord& rr) override; bool get(DNSZoneRecord& dzr) override; diff --git a/modules/lua2backend/lua2api2.hh b/modules/lua2backend/lua2api2.hh index 301086cb62..aaedf1a9d6 100644 --- a/modules/lua2backend/lua2api2.hh +++ b/modules/lua2backend/lua2api2.hh @@ -298,7 +298,7 @@ public: return true; } - void getAllDomains(vector* domains, bool include_disabled = false) override + void getAllDomains(vector* domains, bool getSerial, bool include_disabled) override { if (f_get_all_domains == nullptr) return; diff --git a/modules/remotebackend/remotebackend.cc b/modules/remotebackend/remotebackend.cc index 8e1c802446..764deee33d 100644 --- a/modules/remotebackend/remotebackend.cc +++ b/modules/remotebackend/remotebackend.cc @@ -858,7 +858,7 @@ bool RemoteBackend::searchComments(const string& pattern, int maxResults, vector return false; } -void RemoteBackend::getAllDomains(vector* domains, bool include_disabled) +void RemoteBackend::getAllDomains(vector* domains, bool getSerial, bool include_disabled) { Json query = Json::object{ {"method", "getAllDomains"}, diff --git a/modules/remotebackend/remotebackend.hh b/modules/remotebackend/remotebackend.hh index 7832682a1c..08811fe078 100644 --- a/modules/remotebackend/remotebackend.hh +++ b/modules/remotebackend/remotebackend.hh @@ -198,7 +198,7 @@ public: string directBackendCmd(const string& querystr) override; bool searchRecords(const string& pattern, int maxResults, vector& result) override; bool searchComments(const string& pattern, int maxResults, vector& result) override; - void getAllDomains(vector* domains, bool include_disabled = false) override; + void getAllDomains(vector* domains, bool getSerial, bool include_disabled) override; void getUpdatedMasters(vector* domains) override; void alsoNotifies(const DNSName& domain, set* ips) override; void getUnfreshSlaveInfos(vector* domains) override; diff --git a/modules/remotebackend/test-remotebackend.cc b/modules/remotebackend/test-remotebackend.cc index 084ce1ada3..06ebeb596e 100644 --- a/modules/remotebackend/test-remotebackend.cc +++ b/modules/remotebackend/test-remotebackend.cc @@ -253,7 +253,7 @@ BOOST_AUTO_TEST_CASE(test_method_getAllDomains) BOOST_TEST_MESSAGE("Testing getAllDomains method"); vector result; - be->getAllDomains(&result, true); + be->getAllDomains(&result, true, true); di = result[0]; BOOST_CHECK_EQUAL(di.zone.toString(), "unit.test."); diff --git a/modules/tinydnsbackend/tinydnsbackend.cc b/modules/tinydnsbackend/tinydnsbackend.cc index 54f433b466..510f2b7273 100644 --- a/modules/tinydnsbackend/tinydnsbackend.cc +++ b/modules/tinydnsbackend/tinydnsbackend.cc @@ -99,7 +99,7 @@ void TinyDNSBackend::getUpdatedMasters(vector* retDomains) TDI_t* domains = &(*domainInfo)[d_suffix]; vector allDomains; - getAllDomains(&allDomains); + getAllDomains(&allDomains, true, false); if (domains->size() == 0 && !mustDo("notify-on-startup")) { for (vector::iterator di = allDomains.begin(); di != allDomains.end(); ++di) { di->notified_serial = 0; @@ -151,7 +151,7 @@ void TinyDNSBackend::setNotified(uint32_t id, uint32_t serial) (*domainInfo)[d_suffix] = *domains; } -void TinyDNSBackend::getAllDomains(vector* domains, bool include_disabled) +void TinyDNSBackend::getAllDomains(vector* domains, bool getSerial, bool include_disabled) { d_isAxfr = true; d_isGetDomains = true; @@ -171,17 +171,25 @@ void TinyDNSBackend::getAllDomains(vector* domains, bool include_dis while (get(rr)) { if (rr.qtype.getCode() == QType::SOA && dupcheck.insert(rr.qname).second) { - SOAData sd; - fillSOAData(rr.content, sd); - DomainInfo di; di.id = -1; //TODO: Check if this is ok. di.backend = this; di.zone = rr.qname; - di.serial = sd.serial; - di.notified_serial = sd.serial; di.kind = DomainInfo::Master; di.last_check = time(0); + + if (getSerial) { + SOAData sd; + try { + fillSOAData(rr.content, sd); + di.serial = sd.serial; + } + catch (const PDNSException& e) { + di.serial = 0; + } + } + + di.notified_serial = di.serial; domains->push_back(di); } } diff --git a/modules/tinydnsbackend/tinydnsbackend.hh b/modules/tinydnsbackend/tinydnsbackend.hh index 04792dffa6..10ee552782 100644 --- a/modules/tinydnsbackend/tinydnsbackend.hh +++ b/modules/tinydnsbackend/tinydnsbackend.hh @@ -70,7 +70,7 @@ public: void lookup(const QType& qtype, const DNSName& qdomain, int zoneId, DNSPacket* pkt_p = nullptr) override; bool list(const DNSName& target, int domain_id, bool include_disabled = false) override; bool get(DNSResourceRecord& rr) override; - void getAllDomains(vector* domains, bool include_disabled = false) override; + void getAllDomains(vector* domains, bool getSerial, bool include_disabled) override; //Master mode operation void getUpdatedMasters(vector* domains) override; diff --git a/pdns/backends/gsql/gsqlbackend.cc b/pdns/backends/gsql/gsqlbackend.cc index 51cece2f47..83ac518f89 100644 --- a/pdns/backends/gsql/gsqlbackend.cc +++ b/pdns/backends/gsql/gsqlbackend.cc @@ -1397,7 +1397,7 @@ bool GSQLBackend::deleteDomain(const DNSName &domain) return true; } -void GSQLBackend::getAllDomains(vector *domains, bool include_disabled) +void GSQLBackend::getAllDomains(vector* domains, bool getSerial, bool include_disabled) { DLOG(g_log<<"GSQLBackend retrieving all domains."< *domains, bool include_disabl } } - if(!row[2].empty()) { + if (getSerial && !row[2].empty()) { SOAData sd; - fillSOAData(row[2], sd); - di.serial = sd.serial; + try { + fillSOAData(row[2], sd); + di.serial = sd.serial; + } + catch (const PDNSException& e) { + di.serial = 0; + } } + try { di.notified_serial = pdns_stou(row[5]); di.last_check = pdns_stou(row[6]); } catch(...) { continue; } + di.account = row[7]; di.backend = this; - + domains->push_back(di); } d_getAllDomainsQuery_stmt->reset(); diff --git a/pdns/backends/gsql/gsqlbackend.hh b/pdns/backends/gsql/gsqlbackend.hh index 49dde60508..66fc767579 100644 --- a/pdns/backends/gsql/gsqlbackend.hh +++ b/pdns/backends/gsql/gsqlbackend.hh @@ -185,7 +185,7 @@ public: void lookup(const QType &, const DNSName &qdomain, int zoneId, DNSPacket *p=nullptr) override; bool list(const DNSName &target, int domain_id, bool include_disabled=false) override; bool get(DNSResourceRecord &r) override; - void getAllDomains(vector *domains, bool include_disabled=false) override; + void getAllDomains(vector* domains, bool getSerial, bool include_disabled) override; void alsoNotifies(const DNSName &domain, set *ips) override; bool startTransaction(const DNSName &domain, int domain_id=-1) override; bool commitTransaction() override; diff --git a/pdns/dnsbackend.cc b/pdns/dnsbackend.cc index f2c86729c8..312c4c8378 100644 --- a/pdns/dnsbackend.cc +++ b/pdns/dnsbackend.cc @@ -298,7 +298,7 @@ bool DNSBackend::getBeforeAndAfterNames(uint32_t id, const DNSName& zonename, co return ret; } -void DNSBackend::getAllDomains(vector* domains, bool include_disabled) +void DNSBackend::getAllDomains(vector* domains, bool getSerial, bool include_disabled) { if (g_zoneCache.isEnabled()) { g_log << Logger::Error << "One of the backends does not support zone caching. Put zone-cache-refresh-interval=0 in the config file to disable this cache." << endl; diff --git a/pdns/dnsbackend.hh b/pdns/dnsbackend.hh index f768515fea..c63033d748 100644 --- a/pdns/dnsbackend.hh +++ b/pdns/dnsbackend.hh @@ -173,7 +173,7 @@ public: return setDomainMetadata(name, kind, meta); } - virtual void getAllDomains(vector* domains, bool include_disabled = false); + virtual void getAllDomains(vector* domains, bool getSerial, bool include_disabled); /** Determines if we are authoritative for a zone, and at what level */ virtual bool getAuth(const DNSName &target, SOAData *sd); diff --git a/pdns/dynhandler.cc b/pdns/dynhandler.cc index a456464bcc..31869cb1f8 100644 --- a/pdns/dynhandler.cc +++ b/pdns/dynhandler.cc @@ -323,7 +323,7 @@ string DLNotifyHandler(const vector&parts, Utility::pid_t ppid) if (parts[1] == "*") { vector domains; - B.getAllDomains(&domains); + B.getAllDomains(&domains, true, false); int total = 0; int notified = 0; @@ -380,7 +380,7 @@ string DLListZones(const vector&parts, Utility::pid_t ppid) UeberBackend B; g_log< domains; - B.getAllDomains(&domains); + B.getAllDomains(&domains, false, false); ostringstream ret; int kindFilter = -1; if (parts.size() > 1) { diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc index a4ed9a8195..93c7859cee 100644 --- a/pdns/pdnsutil.cc +++ b/pdns/pdnsutil.cc @@ -230,7 +230,7 @@ static bool rectifyAllZones(DNSSECKeeper &dk, bool quiet = false) vector domainInfo; bool result = true; - B.getAllDomains(&domainInfo); + B.getAllDomains(&domainInfo, false, false); for(const DomainInfo& di : domainInfo) { if (!quiet) { cerr<<"Rectifying "<(); auto& seenIds = seenInfos.get<1>(); - B.getAllDomains(&domainInfo, true); + B.getAllDomains(&domainInfo, true, true); int errors=0; for(auto di : domainInfo) { if (checkZone(dk, B, di.zone) > 0) { @@ -1031,7 +1031,7 @@ static int listKeys(const string &zname, DNSSECKeeper& dk){ listKey(di, dk); } else { vector domainInfo; - B.getAllDomains(&domainInfo, g_verbose); + B.getAllDomains(&domainInfo, false, g_verbose); bool printHeader = true; for (const auto& di : domainInfo) { listKey(di, dk, printHeader); @@ -1636,7 +1636,7 @@ static int listAllZones(const string &type="") { UeberBackend B("default"); vector domains; - B.getAllDomains(&domains, g_verbose); + B.getAllDomains(&domains, false, g_verbose); int count = 0; for (const auto& di: domains) { @@ -2948,7 +2948,7 @@ try UeberBackend B("default"); vector domainInfo; - B.getAllDomains(&domainInfo); + B.getAllDomains(&domainInfo, false, false); unsigned int zonesSecured=0, zoneErrors=0; for(const DomainInfo& di : domainInfo) { @@ -3724,11 +3724,11 @@ try vector domains; - tgt->getAllDomains(&domains, true); + tgt->getAllDomains(&domains, false, true); if (domains.size()>0) throw PDNSException("Target backend has zone(s), please clean it first"); - src->getAllDomains(&domains, true); + src->getAllDomains(&domains, false, true); // iterate zones for(const DomainInfo& di: domains) { size_t nr,nc,nm,nk; diff --git a/pdns/ueberbackend.cc b/pdns/ueberbackend.cc index 499f2547bc..3f5f684c81 100644 --- a/pdns/ueberbackend.cc +++ b/pdns/ueberbackend.cc @@ -284,7 +284,7 @@ void UeberBackend::updateZoneCache() { for (vector::iterator i = backends.begin(); i != backends.end(); ++i ) { vector zones; - (*i)->getAllDomains(&zones, true); + (*i)->getAllDomains(&zones, false, true); for(auto& di: zones) { zone_indices.push_back({std::move(di.zone), (int)di.id}); // this cast should not be necessary } @@ -665,10 +665,11 @@ void UeberBackend::lookup(const QType &qtype,const DNSName &qname, int zoneId, D d_handle.parent=this; } -void UeberBackend::getAllDomains(vector *domains, bool include_disabled) { +void UeberBackend::getAllDomains(vector* domains, bool getSerial, bool include_disabled) +{ for (auto & backend : backends) { - backend->getAllDomains(domains, include_disabled); + backend->getAllDomains(domains, getSerial, include_disabled); } } diff --git a/pdns/ueberbackend.hh b/pdns/ueberbackend.hh index 59b5c2d2d0..53e1e8de63 100644 --- a/pdns/ueberbackend.hh +++ b/pdns/ueberbackend.hh @@ -101,7 +101,7 @@ public: /** Load SOA info from backends, ignoring the cache.*/ bool getSOAUncached(const DNSName &domain, SOAData &sd); bool get(DNSZoneRecord &r); - void getAllDomains(vector *domains, bool include_disabled=false); + void getAllDomains(vector* domains, bool getSerial, bool include_disabled); void getUnfreshSlaveInfos(vector* domains); void getUpdatedMasters(vector* domains); diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc index 2aae0c300c..603e6ae085 100644 --- a/pdns/ws-auth.cc +++ b/pdns/ws-auth.cc @@ -1773,7 +1773,7 @@ static void apiServerZones(HttpRequest* req, HttpResponse* resp) { } } else { try { - B.getAllDomains(&domains, true); // incl. disabled + B.getAllDomains(&domains, true, true); // incl. serial and disabled } catch(const PDNSException &e) { throw HttpInternalServerErrorException("Could not retrieve all domain information: " + e.reason); } @@ -2190,7 +2190,7 @@ static void apiServerSearchData(HttpRequest* req, HttpResponse* resp) { map::iterator val; Json::array doc; - B.getAllDomains(&domains, true); + B.getAllDomains(&domains, false, true); for(const DomainInfo& di: domains) { -- 2.47.2