From 9d83d87173e29bc42bf7ef6df03d4e1549e4dfc3 Mon Sep 17 00:00:00 2001 From: Miod Vallat Date: Fri, 25 Jul 2025 08:03:36 +0200 Subject: [PATCH] Declare global const DNSName variables for frequently-used names (such as the TSIG key algorithms) Signed-off-by: Miod Vallat --- modules/ldapbackend/native.cc | 4 +++- pdns/auth-catalogzone.cc | 8 ++++---- pdns/auth-primarycommunicator.cc | 4 ++-- pdns/auth-secondarycommunicator.cc | 10 +++++----- pdns/axfr-retriever.cc | 4 ++-- pdns/dnsname.cc | 17 ++++++++++++++++- pdns/dnsname.hh | 17 ++++++++++++++++- pdns/misc.cc | 28 ++++++++++++++-------------- pdns/packethandler.cc | 6 +++--- pdns/resolver.cc | 4 ++-- pdns/saxfr.cc | 2 +- pdns/tcpreceiver.cc | 10 +++++----- pdns/test-tsig.cc | 2 +- pdns/tkey.cc | 4 ++-- pdns/tsig-tests.cc | 4 ++-- 15 files changed, 78 insertions(+), 46 deletions(-) diff --git a/modules/ldapbackend/native.cc b/modules/ldapbackend/native.cc index 4ac7ea33c4..2038f8e3a8 100644 --- a/modules/ldapbackend/native.cc +++ b/modules/ldapbackend/native.cc @@ -154,7 +154,9 @@ bool LdapBackend::list_simple(const ZoneName& target, domainid_t /* domain_id */ bool LdapBackend::list_strict(const ZoneName& target, domainid_t domain_id) { - if (target.isPartOf(DNSName("in-addr.arpa")) || target.isPartOf(DNSName("ip6.arpa"))) { + static const DNSName inaddrarpa("in-addr.arpa"); + static const DNSName ip6arpa("ip6.arpa"); + if (target.isPartOf(inaddrarpa) || target.isPartOf(ip6arpa)) { g_log << Logger::Warning << d_myname << " Request for reverse zone AXFR, but this is not supported in strict mode" << endl; return false; // AXFR isn't supported in strict mode. Use simple mode and additional PTR records } diff --git a/pdns/auth-catalogzone.cc b/pdns/auth-catalogzone.cc index bfc3f8fdb3..ab6e5e6274 100644 --- a/pdns/auth-catalogzone.cc +++ b/pdns/auth-catalogzone.cc @@ -116,7 +116,7 @@ void CatalogInfo::updateHash(CatalogHashMap& hashes, const DomainInfo& di) const DNSZoneRecord CatalogInfo::getCatalogVersionRecord(const ZoneName& zone) { DNSZoneRecord dzr; - dzr.dr.d_name = DNSName("version") + zone.operator const DNSName&(); + dzr.dr.d_name = g_versiondnsname + zone.operator const DNSName&(); dzr.dr.d_ttl = 0; dzr.dr.d_type = QType::TXT; dzr.dr.setContent(std::make_shared("2")); @@ -132,7 +132,7 @@ void CatalogInfo::toDNSZoneRecords(const ZoneName& zone, vector& else { prefix = d_unique; } - prefix += DNSName("zones") + zone.operator const DNSName&(); + prefix += g_zonesdnsname + zone.operator const DNSName&(); DNSZoneRecord dzr; dzr.dr.d_name = prefix; @@ -142,7 +142,7 @@ void CatalogInfo::toDNSZoneRecords(const ZoneName& zone, vector& dzrs.emplace_back(dzr); if (!d_coo.empty()) { - dzr.dr.d_name = DNSName("coo") + prefix; + dzr.dr.d_name = g_coodnsname + prefix; dzr.dr.d_ttl = 0; dzr.dr.d_type = QType::PTR; dzr.dr.setContent(std::make_shared(d_coo)); @@ -150,7 +150,7 @@ void CatalogInfo::toDNSZoneRecords(const ZoneName& zone, vector& } for (const auto& group : d_group) { - dzr.dr.d_name = DNSName("group") + prefix; + dzr.dr.d_name = g_groupdnsname + prefix; dzr.dr.d_ttl = 0; dzr.dr.d_type = QType::TXT; dzr.dr.setContent(std::make_shared("\"" + group + "\"")); diff --git a/pdns/auth-primarycommunicator.cc b/pdns/auth-primarycommunicator.cc index 2768b6f2f0..ab6c341d2f 100644 --- a/pdns/auth-primarycommunicator.cc +++ b/pdns/auth-primarycommunicator.cc @@ -305,8 +305,8 @@ void CommunicatorClass::sendNotification(int sock, const ZoneName& domain, const return; } TSIGRecordContent trc; - if (tsigalgorithm.toStringNoDot() == "hmac-md5") { - trc.d_algoName = DNSName(tsigalgorithm.toStringNoDot() + ".sig-alg.reg.int."); + if (tsigalgorithm == g_hmacmd5dnsname) { + trc.d_algoName = g_hmacmd5dnsname_long; } else { trc.d_algoName = std::move(tsigalgorithm); diff --git a/pdns/auth-secondarycommunicator.cc b/pdns/auth-secondarycommunicator.cc index 52890f5181..1e1815f495 100644 --- a/pdns/auth-secondarycommunicator.cc +++ b/pdns/auth-secondarycommunicator.cc @@ -337,7 +337,7 @@ static bool catalogProcess(const DomainInfo& di, vector& rrs, } } - else if (rr.qname == DNSName("version") + di.zone.operator const DNSName&() && rr.qtype == QType::TXT) { + else if (rr.qname == g_versiondnsname + di.zone.operator const DNSName&() && rr.qtype == QType::TXT) { if (hasVersion) { g_log << Logger::Warning << logPrefix << "zone '" << di.zone << "', multiple version records found, aborting" << endl; return false; @@ -355,13 +355,13 @@ static bool catalogProcess(const DomainInfo& di, vector& rrs, } } - else if (rr.qname.isPartOf(DNSName("zones") + di.zone.operator const DNSName&())) { + else if (rr.qname.isPartOf(g_zonesdnsname + di.zone.operator const DNSName&())) { if (rel.empty() && !hasVersion) { g_log << Logger::Warning << logPrefix << "zone '" << di.zone << "', catalog zone schema version missing, aborting" << endl; return false; } - rel = rr.qname.makeRelative(DNSName("zones") + di.zone.operator const DNSName&()); + rel = rr.qname.makeRelative(g_zonesdnsname + di.zone.operator const DNSName&()); if (rel.countLabels() == 1 && rr.qtype == QType::PTR) { if (!unique.empty()) { @@ -388,7 +388,7 @@ static bool catalogProcess(const DomainInfo& di, vector& rrs, } else if (hasVersion == 2) { - if (rel == (DNSName("coo") + unique) && rr.qtype == QType::PTR) { + if (rel == (g_coodnsname + unique) && rr.qtype == QType::PTR) { if (!ci.d_coo.empty()) { g_log << Logger::Warning << logPrefix << "zone '" << di.zone << "', duplicate COO for unique '" << unique << "'" << endl; zoneInvalid = true; @@ -397,7 +397,7 @@ static bool catalogProcess(const DomainInfo& di, vector& rrs, ci.d_coo = DNSName(rr.content); } } - else if (rel == (DNSName("group") + unique) && rr.qtype == QType::TXT) { + else if (rel == (g_groupdnsname + unique) && rr.qtype == QType::TXT) { std::string content = rr.content; if (content.length() >= 2 && content.at(0) == '\"' && content.at(content.length() - 1) == '\"') { // TXT pain content = content.substr(1, content.length() - 2); diff --git a/pdns/axfr-retriever.cc b/pdns/axfr-retriever.cc index adac75b482..cf06af5331 100644 --- a/pdns/axfr-retriever.cc +++ b/pdns/axfr-retriever.cc @@ -61,8 +61,8 @@ AXFRRetriever::AXFRRetriever(const ComboAddress& remote, pwriter.getHeader()->id = dns_random_uint16(); if (!tsigConf.name.empty()) { - if (tsigConf.algo == DNSName("hmac-md5")) { - d_trc.d_algoName = tsigConf.algo + DNSName("sig-alg.reg.int"); + if (tsigConf.algo == g_hmacmd5dnsname) { + d_trc.d_algoName = g_hmacmd5dnsname_long; } else { d_trc.d_algoName = tsigConf.algo; diff --git a/pdns/dnsname.cc b/pdns/dnsname.cc index fa4d20807b..4316b39399 100644 --- a/pdns/dnsname.cc +++ b/pdns/dnsname.cc @@ -29,7 +29,22 @@ #include -const DNSName g_rootdnsname("."), g_wildcarddnsname("*"); +const DNSName g_rootdnsname("."); +const DNSName g_wildcarddnsname("*"); +const DNSName g_coodnsname("coo"); +const DNSName g_groupdnsname("group"); +const DNSName g_versiondnsname("version"); +const DNSName g_zonesdnsname("zones"); + +const DNSName g_gsstsigdnsname("gss-tsig"); +const DNSName g_hmacmd5dnsname("hmac-md5"); +const DNSName g_hmacmd5dnsname_long("hmac-md5.sig-alg.reg.int"); +const DNSName g_hmacsha1dnsname("hmac-sha1"); +const DNSName g_hmacsha224dnsname("hmac-sha224"); +const DNSName g_hmacsha256dnsname("hmac-sha256"); +const DNSName g_hmacsha384dnsname("hmac-sha384"); +const DNSName g_hmacsha512dnsname("hmac-sha512"); + const ZoneName g_rootzonename("."); /* raw storage diff --git a/pdns/dnsname.hh b/pdns/dnsname.hh index b498b5e8a3..4949d04650 100644 --- a/pdns/dnsname.hh +++ b/pdns/dnsname.hh @@ -268,7 +268,22 @@ inline DNSName operator+(const DNSName& lhs, const DNSName& rhs) return ret; } -extern const DNSName g_rootdnsname, g_wildcarddnsname; +extern const DNSName g_rootdnsname; // . +extern const DNSName g_wildcarddnsname; // * + +extern const DNSName g_coodnsname; // coo +extern const DNSName g_groupdnsname; // group +extern const DNSName g_versiondnsname; // version +extern const DNSName g_zonesdnsname; // zones + +extern const DNSName g_gsstsigdnsname; // gss-tsig +extern const DNSName g_hmacmd5dnsname; // hmac-md5 +extern const DNSName g_hmacmd5dnsname_long; // hmac-md5.sig-alg.reg.int +extern const DNSName g_hmacsha1dnsname; // hmac-sha1 +extern const DNSName g_hmacsha224dnsname; // hmac-sha224 +extern const DNSName g_hmacsha256dnsname; // hmac-sha256 +extern const DNSName g_hmacsha384dnsname; // hmac-sha384 +extern const DNSName g_hmacsha512dnsname; // hmac-sha512 #if defined(PDNS_AUTH) // [ // ZoneName: this is equivalent to DNSName, but intended to only store zone diff --git a/pdns/misc.cc b/pdns/misc.cc index 913848fabf..5fa254c1c3 100644 --- a/pdns/misc.cc +++ b/pdns/misc.cc @@ -1375,19 +1375,19 @@ uint64_t getCPUSteal(const std::string& /* str */) bool getTSIGHashEnum(const DNSName& algoName, TSIGHashEnum& algoEnum) { - if (algoName == DNSName("hmac-md5.sig-alg.reg.int") || algoName == DNSName("hmac-md5")) + if (algoName == g_hmacmd5dnsname_long || algoName == g_hmacmd5dnsname) algoEnum = TSIG_MD5; - else if (algoName == DNSName("hmac-sha1")) + else if (algoName == g_hmacsha1dnsname) algoEnum = TSIG_SHA1; - else if (algoName == DNSName("hmac-sha224")) + else if (algoName == g_hmacsha224dnsname) algoEnum = TSIG_SHA224; - else if (algoName == DNSName("hmac-sha256")) + else if (algoName == g_hmacsha256dnsname) algoEnum = TSIG_SHA256; - else if (algoName == DNSName("hmac-sha384")) + else if (algoName == g_hmacsha384dnsname) algoEnum = TSIG_SHA384; - else if (algoName == DNSName("hmac-sha512")) + else if (algoName == g_hmacsha512dnsname) algoEnum = TSIG_SHA512; - else if (algoName == DNSName("gss-tsig")) + else if (algoName == g_gsstsigdnsname) algoEnum = TSIG_GSS; else { return false; @@ -1398,13 +1398,13 @@ bool getTSIGHashEnum(const DNSName& algoName, TSIGHashEnum& algoEnum) DNSName getTSIGAlgoName(TSIGHashEnum& algoEnum) { switch(algoEnum) { - case TSIG_MD5: return DNSName("hmac-md5.sig-alg.reg.int."); - case TSIG_SHA1: return DNSName("hmac-sha1."); - case TSIG_SHA224: return DNSName("hmac-sha224."); - case TSIG_SHA256: return DNSName("hmac-sha256."); - case TSIG_SHA384: return DNSName("hmac-sha384."); - case TSIG_SHA512: return DNSName("hmac-sha512."); - case TSIG_GSS: return DNSName("gss-tsig."); + case TSIG_MD5: return g_hmacmd5dnsname_long; + case TSIG_SHA1: return g_hmacsha1dnsname; + case TSIG_SHA224: return g_hmacsha224dnsname; + case TSIG_SHA256: return g_hmacsha256dnsname; + case TSIG_SHA384: return g_hmacsha384dnsname; + case TSIG_SHA512: return g_hmacsha512dnsname; + case TSIG_GSS: return g_gsstsigdnsname; } throw PDNSException("getTSIGAlgoName does not understand given algorithm, please fix!"); } diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc index d4523b550b..c79b2be1ad 100644 --- a/pdns/packethandler.cc +++ b/pdns/packethandler.cc @@ -2096,11 +2096,11 @@ bool PacketHandler::checkForCorrectTSIG(const DNSPacket& packet, DNSName* tsigke TSIGTriplet tsigTriplet; tsigTriplet.name = *tsigkeyname; tsigTriplet.algo = tsigContent->d_algoName; - if (tsigTriplet.algo == DNSName("hmac-md5.sig-alg.reg.int")) { - tsigTriplet.algo = DNSName("hmac-md5"); + if (tsigTriplet.algo == g_hmacmd5dnsname_long) { + tsigTriplet.algo = g_hmacmd5dnsname; } - if (tsigTriplet.algo != DNSName("gss-tsig")) { + if (tsigTriplet.algo != g_gsstsigdnsname) { string secret64; if (!B.getTSIGKey(*tsigkeyname, tsigTriplet.algo, secret64)) { g_log << Logger::Error << "Packet for domain '" << packet.qdomain << "' denied: can't find TSIG key with name '" << *tsigkeyname << "' and algorithm '" << tsigTriplet.algo << "'" << endl; diff --git a/pdns/resolver.cc b/pdns/resolver.cc index 9d8a27c47e..3b51ff09e8 100644 --- a/pdns/resolver.cc +++ b/pdns/resolver.cc @@ -144,8 +144,8 @@ uint16_t Resolver::sendResolve(const ComboAddress& remote, const ComboAddress& l if(!tsigkeyname.empty()) { // cerr<<"Adding TSIG to notification, key name: '"< if(haveTSIGDetails && !tsigkeyname.empty()) { string tsig64; DNSName algorithm=trc.d_algoName; - if (algorithm == DNSName("hmac-md5.sig-alg.reg.int")) - algorithm = DNSName("hmac-md5"); - if (algorithm != DNSName("gss-tsig")) { + if (algorithm == g_hmacmd5dnsname_long) + algorithm = g_hmacmd5dnsname; + if (algorithm != g_gsstsigdnsname) { if(!db.getTSIGKey(tsigkeyname, algorithm, tsig64)) { g_log<& q, int outsock) if(haveTSIGDetails && !tsigkeyname.empty()) { string tsig64; DNSName algorithm=trc.d_algoName; // FIXME400: was toLowerCanonic, compare output - if (algorithm == DNSName("hmac-md5.sig-alg.reg.int")) - algorithm = DNSName("hmac-md5"); + if (algorithm == g_hmacmd5dnsname_long) + algorithm = g_hmacmd5dnsname; if (!db.getTSIGKey(tsigkeyname, algorithm, tsig64)) { g_log << Logger::Error << "TSIG key '" << tsigkeyname << "' for domain '" << target << "' not found" << endl; return 0; diff --git a/pdns/test-tsig.cc b/pdns/test-tsig.cc index 38aa7cc7d1..f53060857f 100644 --- a/pdns/test-tsig.cc +++ b/pdns/test-tsig.cc @@ -160,7 +160,7 @@ BOOST_AUTO_TEST_CASE(test_TSIG_different_name_same_algo) { vector packet = generateTSIGQuery(qname, tsigName, tsigAlgo, tsigSecret); - checkTSIG(tsigName, DNSName("hmac-md5."), tsigSecret, packet); + checkTSIG(tsigName, g_hmacmd5dnsname, tsigSecret, packet); } BOOST_AUTO_TEST_CASE(test_TSIG_bad_key_name) { diff --git a/pdns/tkey.cc b/pdns/tkey.cc index 13a0436f22..dc2590772b 100644 --- a/pdns/tkey.cc +++ b/pdns/tkey.cc @@ -38,7 +38,7 @@ void PacketHandler::tkeyHandler(const DNSPacket& p, std::unique_ptr& if (tkey_in.d_mode == 3) { // establish context #ifdef ENABLE_GSS_TSIG if (g_doGssTSIG) { - if (tkey_in.d_algo == DNSName("gss-tsig.")) { + if (tkey_in.d_algo == g_gsstsigdnsname) { std::vector meta; ZoneName tmpName(name); do { @@ -117,7 +117,7 @@ void PacketHandler::tkeyHandler(const DNSPacket& p, std::unique_ptr& if (sign) { TSIGRecordContent trc; - trc.d_algoName = DNSName("gss-tsig"); + trc.d_algoName = g_gsstsigdnsname; trc.d_time = inception; trc.d_fudge = 300; trc.d_mac = ""; diff --git a/pdns/tsig-tests.cc b/pdns/tsig-tests.cc index 5b1c86965c..7b13f325b3 100644 --- a/pdns/tsig-tests.cc +++ b/pdns/tsig-tests.cc @@ -49,7 +49,7 @@ try DNSName keyname("pdns-b-aa"); TSIGRecordContent trc; - trc.d_algoName=DNSName("hmac-md5.sig-alg.reg.int"); + trc.d_algoName=g_hmacmd5dnsname_long; trc.d_time=time(0); trc.d_fudge=300; trc.d_origID=ntohs(pw.getHeader()->id); @@ -62,7 +62,7 @@ try cerr<<"Keyname: '"< res; -- 2.47.2