From 5ee5e1e654452fe0d106dbccd66a74564038f608 Mon Sep 17 00:00:00 2001 From: Otto Moerbeek Date: Fri, 14 Jan 2022 14:56:50 +0100 Subject: [PATCH] Also add ZONEMD processing for url and file method --- pdns/recursordist/Makefile.am | 1 + pdns/recursordist/rec-zonetocache.cc | 42 +++++++++++++++++++++------- pdns/recursordist/sha.hh | 1 + pdns/recursordist/zonemd.cc | 1 + pdns/recursordist/zonemd.hh | 1 + pdns/zonemd.hh | 15 ++++++++-- 6 files changed, 49 insertions(+), 12 deletions(-) create mode 120000 pdns/recursordist/sha.hh create mode 120000 pdns/recursordist/zonemd.cc create mode 120000 pdns/recursordist/zonemd.hh diff --git a/pdns/recursordist/Makefile.am b/pdns/recursordist/Makefile.am index f35c9374fd..012af7a363 100644 --- a/pdns/recursordist/Makefile.am +++ b/pdns/recursordist/Makefile.am @@ -182,6 +182,7 @@ pdns_recursor_SOURCES = \ rpzloader.cc rpzloader.hh \ secpoll-recursor.cc secpoll-recursor.hh \ secpoll.cc secpoll.hh \ + sha.hh \ sholder.hh \ shuffle.cc shuffle.hh \ sillyrecords.cc \ diff --git a/pdns/recursordist/rec-zonetocache.cc b/pdns/recursordist/rec-zonetocache.cc index b85a1d0e47..cf5907ebff 100644 --- a/pdns/recursordist/rec-zonetocache.cc +++ b/pdns/recursordist/rec-zonetocache.cc @@ -60,6 +60,7 @@ struct ZoneData bool isRRSetAuth(const DNSName& qname, QType qtype) const; void parseDRForCache(DNSRecord& dr); pdns::ZoneMD::Result getByAXFR(const RecZoneToCache::Config&); + pdns::ZoneMD::Result processLines(const std::vector& lines, const RecZoneToCache::Config& config); void ZoneToCache(const RecZoneToCache::Config& config, uint64_t gen); }; @@ -208,6 +209,36 @@ static std::vector getURL(const RecZoneToCache::Config& config) return lines; } +pdns::ZoneMD::Result ZoneData::processLines(const vector& lines, const RecZoneToCache::Config& config) +{ + DNSResourceRecord drr; + ZoneParserTNG zpt(lines, d_zone); + zpt.setMaxGenerateSteps(1); + zpt.setMaxIncludes(0); + + std::vector v; + while (zpt.get(drr)) { + DNSRecord dr(drr); + if (config.d_zonemd != pdns::ZoneMD::Config::Ignore) { + v.push_back(dr); + } + parseDRForCache(dr); + } + if (config.d_zonemd != pdns::ZoneMD::Config::Ignore) { + auto zonemd = pdns::ZoneMD(d_zone); + zonemd.readRecords(v); + bool validationDone, validationSuccess; + zonemd.verify(validationDone, validationSuccess); + if (!validationDone) { + return pdns::ZoneMD::Result::NoValidationDone; + } + if (!validationSuccess) { + return pdns::ZoneMD::Result::ValidationFailure; + } + } + return pdns::ZoneMD::Result::OK; +} + void ZoneData::ZoneToCache(const RecZoneToCache::Config& config, uint64_t configGeneration) { if (config.d_sources.size() > 1) { @@ -234,16 +265,7 @@ void ZoneData::ZoneToCache(const RecZoneToCache::Config& config, uint64_t config d_log->info("Getting zone from file"); lines = getLinesFromFile(config.d_sources.at(0)); } - DNSResourceRecord drr; - ZoneParserTNG zpt(lines, d_zone); - zpt.setMaxGenerateSteps(1); - zpt.setMaxIncludes(0); - - while (zpt.get(drr)) { - DNSRecord dr(drr); - parseDRForCache(dr); - } - // XXX ZONEMD processing + result = processLines(lines, config); } if (config.d_zonemd == pdns::ZoneMD::Config::Required && result != pdns::ZoneMD::Result::OK) { diff --git a/pdns/recursordist/sha.hh b/pdns/recursordist/sha.hh new file mode 120000 index 0000000000..53ffc66736 --- /dev/null +++ b/pdns/recursordist/sha.hh @@ -0,0 +1 @@ +../sha.hh \ No newline at end of file diff --git a/pdns/recursordist/zonemd.cc b/pdns/recursordist/zonemd.cc new file mode 120000 index 0000000000..6c9c7266e0 --- /dev/null +++ b/pdns/recursordist/zonemd.cc @@ -0,0 +1 @@ +../zonemd.cc \ No newline at end of file diff --git a/pdns/recursordist/zonemd.hh b/pdns/recursordist/zonemd.hh new file mode 120000 index 0000000000..71c4b07a83 --- /dev/null +++ b/pdns/recursordist/zonemd.hh @@ -0,0 +1 @@ +../zonemd.hh \ No newline at end of file diff --git a/pdns/zonemd.hh b/pdns/zonemd.hh index 2f4a932d88..bafcef3ee2 100644 --- a/pdns/zonemd.hh +++ b/pdns/zonemd.hh @@ -36,8 +36,19 @@ namespace pdns class ZoneMD { public: - enum class Config: uint8_t { Ignore, Process, LogOnly, Required }; - enum class Result: uint8_t { OK, NoValidationDone, ValidationFailure }; + enum class Config : uint8_t + { + Ignore, + Process, + LogOnly, + Required + }; + enum class Result : uint8_t + { + OK, + NoValidationDone, + ValidationFailure + }; ZoneMD(const DNSName& zone) : d_zone(zone) -- 2.47.2