From a01b2204cecad278d2ebccc8b73f5ef3097378ce Mon Sep 17 00:00:00 2001 From: Kees Monshouwer Date: Wed, 12 Jul 2023 00:22:41 +0200 Subject: [PATCH] auth: rename files --- .not-formatted | 3 +- modules/ldapbackend/Makefile.am | 2 +- modules/ldapbackend/OBJECTFILES | 2 +- modules/ldapbackend/{master.cc => primary.cc} | 0 pdns/Makefile.am | 4 +- ...nicator.cc => auth-primarycommunicator.cc} | 123 ++--- ...cator.cc => auth-secondarycommunicator.cc} | 520 +++++++++--------- 7 files changed, 330 insertions(+), 324 deletions(-) rename modules/ldapbackend/{master.cc => primary.cc} (100%) rename pdns/{mastercommunicator.cc => auth-primarycommunicator.cc} (74%) rename pdns/{slavecommunicator.cc => auth-secondarycommunicator.cc} (72%) diff --git a/.not-formatted b/.not-formatted index b10d8394bb..b9e7246b8a 100644 --- a/.not-formatted +++ b/.not-formatted @@ -178,7 +178,7 @@ ./pdns/lua-record.cc ./pdns/malloctrace.cc ./pdns/malloctrace.hh -./pdns/mastercommunicator.cc +./pdns/auth-primarycommunicator.cc ./pdns/minicurl.cc ./pdns/minicurl.hh ./pdns/misc.cc @@ -228,7 +228,6 @@ ./pdns/signingpipe.cc ./pdns/signingpipe.hh ./pdns/sillyrecords.cc -./pdns/slavecommunicator.cc ./pdns/snmp-agent.cc ./pdns/snmp-agent.hh ./pdns/sodcrypto.cc diff --git a/modules/ldapbackend/Makefile.am b/modules/ldapbackend/Makefile.am index 5feed38d93..ae2fb7a6b6 100644 --- a/modules/ldapbackend/Makefile.am +++ b/modules/ldapbackend/Makefile.am @@ -17,9 +17,9 @@ libldapbackend_la_SOURCES = \ ldapauthenticator.hh ldapauthenticator_p.hh ldapauthenticator.cc \ ldapbackend.cc ldapbackend.hh \ ldaputils.hh ldaputils.cc \ - master.cc \ native.cc \ powerldap.cc powerldap.hh \ + primary.cc \ utils.hh libldapbackend_la_LDFLAGS = -module -avoid-version diff --git a/modules/ldapbackend/OBJECTFILES b/modules/ldapbackend/OBJECTFILES index d9864867e7..739ed4d5a2 100644 --- a/modules/ldapbackend/OBJECTFILES +++ b/modules/ldapbackend/OBJECTFILES @@ -1 +1 @@ -ldapbackend.lo master.lo native.lo powerldap.lo ldaputils.lo ldapauthenticator.lo +ldapbackend.lo native.lo powerldap.lo primary.lo ldaputils.lo ldapauthenticator.lo diff --git a/modules/ldapbackend/master.cc b/modules/ldapbackend/primary.cc similarity index 100% rename from modules/ldapbackend/master.cc rename to modules/ldapbackend/primary.cc diff --git a/pdns/Makefile.am b/pdns/Makefile.am index 75e0fa213f..870588bce0 100644 --- a/pdns/Makefile.am +++ b/pdns/Makefile.am @@ -196,7 +196,9 @@ pdns_server_SOURCES = \ auth-catalogzone.cc auth-catalogzone.hh \ auth-main.cc auth-main.hh \ auth-packetcache.cc auth-packetcache.hh \ + auth-primarycommunicator.cc \ auth-querycache.cc auth-querycache.hh \ + auth-secondarycommunicator.cc \ auth-zonecache.cc auth-zonecache.hh \ axfr-retriever.cc axfr-retriever.hh \ backends/gsql/gsqlbackend.cc backends/gsql/gsqlbackend.hh \ @@ -246,7 +248,6 @@ pdns_server_SOURCES = \ logging.hh \ lua-auth4.cc lua-auth4.hh \ lua-base4.cc lua-base4.hh \ - mastercommunicator.cc \ misc.cc misc.hh \ nameserver.cc nameserver.hh \ namespaces.hh \ @@ -270,7 +271,6 @@ pdns_server_SOURCES = \ shuffle.cc shuffle.hh \ signingpipe.cc signingpipe.hh \ sillyrecords.cc \ - slavecommunicator.cc \ stat_t.hh \ statbag.cc statbag.hh \ stubresolver.cc stubresolver.hh \ diff --git a/pdns/mastercommunicator.cc b/pdns/auth-primarycommunicator.cc similarity index 74% rename from pdns/mastercommunicator.cc rename to pdns/auth-primarycommunicator.cc index 1ec652a2de..1ee65e0849 100644 --- a/pdns/mastercommunicator.cc +++ b/pdns/auth-primarycommunicator.cc @@ -43,82 +43,79 @@ #include "namespaces.hh" #include "query-local-address.hh" - void CommunicatorClass::queueNotifyDomain(const DomainInfo& di, UeberBackend* B) { - bool hasQueuedItem=false; + bool hasQueuedItem = false; set ips; set nsset; DNSZoneRecord rr; FindNS fns; try { - if (d_onlyNotify.size()) { - B->lookup(QType(QType::NS), di.zone, di.id); - while(B->get(rr)) - nsset.insert(getRR(rr.dr)->getNS()); - - for(const auto & ns : nsset) { - vector nsips=fns.lookup(ns, B); - if(nsips.empty()) - g_log<lookup(QType(QType::NS), di.zone, di.id); + while (B->get(rr)) + nsset.insert(getRR(rr.dr)->getNS()); + + for (const auto& ns : nsset) { + vector nsips = fns.lookup(ns, B); + if (nsips.empty()) + g_log << Logger::Warning << "Unable to queue notification of domain '" << di.zone << "' to nameserver '" << ns << "': nameserver does not resolve!" << endl; + else + for (const auto& nsip : nsips) { + const ComboAddress caIp(nsip, 53); + if (!d_preventSelfNotification || !AddressIsUs(caIp)) { + if (!d_onlyNotify.match(&caIp)) + g_log << Logger::Notice << "Skipped notification of domain '" << di.zone << "' to " << ns << " because " << caIp << " does not match only-notify." << endl; + else + ips.insert(caIp.toStringWithPort()); + } } - } - } + } - for(const auto & ip : ips) { - g_log< alsoNotify(d_alsoNotify); B->alsoNotifies(di.zone, &alsoNotify); - for(const auto & j : alsoNotify) { + for (const auto& j : alsoNotify) { try { const ComboAddress caIp(j, 53); - g_log<getDomainInfo(domain, di)) { - g_log<getDomainInfo(domain, di)) { + g_log << Logger::Warning << "No such domain '" << domain << "' in our database" << endl; return false; } queueNotifyDomain(di, B); @@ -131,9 +128,9 @@ bool CommunicatorClass::notifyDomain(const DNSName &domain, UeberBackend* B) void NotificationQueue::dump() { - cerr<<"Waiting for notification responses: "<& void CommunicatorClass::primaryUpdateCheck(PacketHandler* P) { - if(!::arg().mustDo("primary")) + if (!::arg().mustDo("primary")) return; - UeberBackend *B=P->getBackend(); + UeberBackend* B = P->getBackend(); vector cmdomains; std::unordered_set catalogs; CatalogHashMap catalogHashes; B->getUpdatedPrimaries(cmdomains, catalogs, catalogHashes); getUpdatedProducers(B, cmdomains, catalogs, catalogHashes); - if(cmdomains.empty()) { + if (cmdomains.empty()) { g_log << Logger::Info << "no primary or producer domains need notifications" << endl; } else { g_log << Logger::Info << cmdomains.size() << " domain" << addS(cmdomains.size()) << " for which we are primary or consumer need" << addS(cmdomains.size()) << " notifications" << endl; } - for(auto& di : cmdomains) { + for (auto& di : cmdomains) { purgeAuthCachesExact(di.zone); g_zoneCache.add(di.zone, di.id); queueNotifyDomain(di, B); @@ -283,7 +280,7 @@ time_t CommunicatorClass::doNotifications(PacketHandler* P) return d_nq.earliest(); } -void CommunicatorClass::sendNotification(int sock, const DNSName& domain, const ComboAddress& remote, uint16_t id, UeberBackend *B) +void CommunicatorClass::sendNotification(int sock, const DNSName& domain, const ComboAddress& remote, uint16_t id, UeberBackend* B) { vector meta; DNSName tsigkeyname; @@ -312,35 +309,35 @@ void CommunicatorClass::sendNotification(int sock, const DNSName& domain, const trc.d_algoName = tsigalgorithm; trc.d_time = time(nullptr); trc.d_fudge = 300; - trc.d_origID=ntohs(id); - trc.d_eRcode=0; + trc.d_origID = ntohs(id); + trc.d_eRcode = 0; if (B64Decode(tsigsecret64, tsigsecret) == -1) { - g_log<find(pair(domain,ip)); + auto it = holes->find(pair(domain, ip)); if (it == holes->end()) { // no hole return false; } - if (it->second > time(nullptr)-900) { + if (it->second > time(nullptr) - 900) { // recent hole return true; } @@ -351,19 +348,21 @@ bool CommunicatorClass::justNotified(const DNSName &domain, const string &ip) void CommunicatorClass::makeNotifySockets() { - if(pdns::isQueryLocalAddressFamilyEnabled(AF_INET)) { + if (pdns::isQueryLocalAddressFamilyEnabled(AF_INET)) { d_nsock4 = makeQuerySocket(pdns::getQueryLocalAddress(AF_INET, 0), true, ::arg().mustDo("non-local-bind")); - } else { + } + else { d_nsock4 = -1; } - if(pdns::isQueryLocalAddressFamilyEnabled(AF_INET6)) { + if (pdns::isQueryLocalAddressFamilyEnabled(AF_INET6)) { d_nsock6 = makeQuerySocket(pdns::getQueryLocalAddress(AF_INET6, 0), true, ::arg().mustDo("non-local-bind")); - } else { + } + else { d_nsock6 = -1; } } -void CommunicatorClass::notify(const DNSName &domain, const string &ip) +void CommunicatorClass::notify(const DNSName& domain, const string& ip) { d_nq.add(domain, ip); } diff --git a/pdns/slavecommunicator.cc b/pdns/auth-secondarycommunicator.cc similarity index 72% rename from pdns/slavecommunicator.cc rename to pdns/auth-secondarycommunicator.cc index c2d9a58fc7..5c5305c2d9 100644 --- a/pdns/slavecommunicator.cc +++ b/pdns/auth-secondarycommunicator.cc @@ -57,13 +57,14 @@ void CommunicatorClass::addSuckRequest(const DNSName& domain, const ComboAddress sr.force = force; sr.priorityAndOrder.first = priority; sr.priorityAndOrder.second = data->d_sorthelper++; - pair res; + pair res; res = data->d_suckdomains.insert(sr); - if(res.second) { + if (res.second) { d_suck_sem.post(); - } else { - data->d_suckdomains.modify(res.first, [priorityAndOrder = sr.priorityAndOrder] (SuckRequest& so) { + } + else { + data->d_suckdomains.modify(res.first, [priorityAndOrder = sr.priorityAndOrder](SuckRequest& so) { if (priorityAndOrder.first < so.priorityAndOrder.first) { so.priorityAndOrder = priorityAndOrder; } @@ -75,8 +76,8 @@ struct ZoneStatus { bool isDnssecZone{false}; bool isPresigned{false}; - bool isNSEC3 {false}; - bool optOutFlag {false}; + bool isNSEC3{false}; + bool optOutFlag{false}; NSEC3PARAMRecordContent ns3pr; bool isNarrow{false}; @@ -423,69 +424,67 @@ static bool catalogProcess(const DomainInfo& di, vector& rrs, void CommunicatorClass::ixfrSuck(const DNSName& domain, const TSIGTriplet& tt, const ComboAddress& laddr, const ComboAddress& remote, ZoneStatus& zs, vector* axfr) { - string logPrefix="IXFR-in zone '"+domain.toLogString()+"', primary '"+remote.toString()+"', "; + string logPrefix = "IXFR-in zone '" + domain.toLogString() + "', primary '" + remote.toString() + "', "; UeberBackend B; // fresh UeberBackend DomainInfo di; - di.backend=nullptr; + di.backend = nullptr; // bool transaction=false; try { - DNSSECKeeper dk (&B); // reuse our UeberBackend copy for DNSSECKeeper + DNSSECKeeper dk(&B); // reuse our UeberBackend copy for DNSSECKeeper bool wrongDomainKind = false; // this checks three error conditions, and sets wrongDomainKind if we hit the third & had an error if (!B.getDomainInfo(domain, di) || !di.backend || (wrongDomainKind = true, di.kind != DomainInfo::Secondary)) { // di.backend and B are mostly identical - if(wrongDomainKind) + if (wrongDomainKind) g_log << Logger::Warning << logPrefix << "can't determine backend, not configured as secondary" << endl; else - g_log<(g_rootdnsname, g_rootdnsname, st)); - auto deltas = getIXFRDeltas(remote, domain, drsoa, xfrTimeout, false, tt, laddr.sin4.sin_family ? &laddr : nullptr, ((size_t) ::arg().asNum("xfr-max-received-mbytes")) * 1024 * 1024); - zs.numDeltas=deltas.size(); + auto deltas = getIXFRDeltas(remote, domain, drsoa, xfrTimeout, false, tt, laddr.sin4.sin_family ? &laddr : nullptr, ((size_t)::arg().asNum("xfr-max-received-mbytes")) * 1024 * 1024); + zs.numDeltas = deltas.size(); // cout<<"Got "<& rrset) // which thinks in terms of RRSETs // however, IXFR does not, and removes and adds *records* (bummer) // this means that we must group updates by {qname,qtype}, retrieve the RRSET, apply // the add/remove updates, and replaceRRSet the whole thing. + map, pair, vector>> grouped; - map, pair, vector > > grouped; - - for(const auto& x: remove) + for (const auto& x : remove) grouped[{x.d_name, x.d_type}].first.push_back(x); - for(const auto& x: add) + for (const auto& x : add) grouped[{x.d_name, x.d_type}].second.push_back(x); di.backend->startTransaction(domain, -1); - for(const auto& g : grouped) { + for (const auto& g : grouped) { vector rrset; { DNSZoneRecord zrr; - di.backend->lookup(QType(g.first.second), g.first.first+domain, di.id); - while(di.backend->get(zrr)) { + di.backend->lookup(QType(g.first.second), g.first.first + domain, di.id); + while (di.backend->get(zrr)) { zrr.dr.d_name.makeUsRelative(domain); rrset.push_back(zrr.dr); } @@ -495,45 +494,46 @@ void CommunicatorClass::ixfrSuck(const DNSName& domain, const TSIGTriplet& tt, c [&g](const DNSRecord& dr) { return count(g.second.first.cbegin(), g.second.first.cend(), dr); - }), rrset.end()); + }), + rrset.end()); // the DNSRecord== operator compares on name, type, class and lowercase content representation - for(const auto& x : g.second.second) { + for (const auto& x : g.second.second) { rrset.push_back(x); } vector replacement; - for(const auto& dr : rrset) { + for (const auto& dr : rrset) { auto rr = DNSResourceRecord::fromWire(dr); rr.qname += domain; rr.domain_id = di.id; - if(dr.d_type == QType::SOA) { + if (dr.d_type == QType::SOA) { // cout<<"New SOA: "<getZoneRepresentation()<(dr); - zs.soa_serial=sr->d_st.serial; + zs.soa_serial = sr->d_st.serial; } replacement.push_back(rr); } - di.backend->replaceRRSet(di.id, g.first.first+domain, QType(g.first.second), replacement); + di.backend->replaceRRSet(di.id, g.first.first + domain, QType(g.first.second), replacement); } di.backend->commitTransaction(); } } - catch(std::exception& p) { - g_log< doAxfr(const ComboAddress& raddr, const DNSName& domain, const TSIGTriplet& tt, const ComboAddress& laddr, unique_ptr& pdl, ZoneStatus& zs) +static vector doAxfr(const ComboAddress& raddr, const DNSName& domain, const TSIGTriplet& tt, const ComboAddress& laddr, unique_ptr& pdl, ZoneStatus& zs) { - uint16_t axfr_timeout=::arg().asNum("axfr-fetch-timeout"); + uint16_t axfr_timeout = ::arg().asNum("axfr-fetch-timeout"); vector rrs; - AXFRRetriever retriever(raddr, domain, tt, (laddr.sin4.sin_family == 0) ? nullptr : &laddr, ((size_t) ::arg().asNum("xfr-max-received-mbytes")) * 1024 * 1024, axfr_timeout); + AXFRRetriever retriever(raddr, domain, tt, (laddr.sin4.sin_family == 0) ? nullptr : &laddr, ((size_t)::arg().asNum("xfr-max-received-mbytes")) * 1024 * 1024, axfr_timeout); Resolver::res_t recs; - bool first=true; + bool first = true; bool firstNSEC3{true}; - bool soa_received {false}; - string logPrefix="AXFR-in zone '"+domain.toLogString()+"', primary '"+raddr.toString()+"', "; - while(retriever.getChunk(recs, nullptr, axfr_timeout)) { - if(first) { - g_log< out; - if(!pdl || !pdl->axfrfilter(raddr, domain, rec, out)) { + if (!pdl || !pdl->axfrfilter(raddr, domain, rec, out)) { out.push_back(rec); // if axfrfilter didn't do anything, we put our record in 'out' ourselves } - for(auto& rr : out) { - if(!rr.qname.isPartOf(domain)) { - g_log< pdl{nullptr}; vector scripts; - string script=::arg()["lua-axfr-script"]; - if(B.getDomainMetadata(domain, "LUA-AXFR-SCRIPT", scripts) && !scripts.empty()) { + string script = ::arg()["lua-axfr-script"]; + if (B.getDomainMetadata(domain, "LUA-AXFR-SCRIPT", scripts) && !scripts.empty()) { if (pdns_iequals(scripts[0], "NONE")) { script.clear(); - } else { - script=scripts[0]; + } + else { + script = scripts[0]; } } - if(!script.empty()){ + if (!script.empty()) { try { pdl = make_unique(); pdl->loadFile(script); - g_log< localaddr; ComboAddress laddr; - if(B.getDomainMetadata(domain, "AXFR-SOURCE", localaddr) && !localaddr.empty()) { + if (B.getDomainMetadata(domain, "AXFR-SOURCE", localaddr) && !localaddr.empty()) { try { laddr = ComboAddress(localaddr[0]); - g_log< rrs; if (dk.isSecuredZone(domain, false)) { - hadDnssecZone=true; + hadDnssecZone = true; hadPresigned = dk.isPresigned(domain, false); if (dk.getNSEC3PARAM(domain, &zs.ns3pr, &zs.isNarrow, false)) { hadNSEC3 = true; @@ -747,26 +745,26 @@ void CommunicatorClass::suck(const DNSName &domain, const ComboAddress& remote, hadNarrow = zs.isNarrow; } } - else if(di.serial) { + else if (di.serial) { vector meta; B.getDomainMetadata(domain, "IXFR", meta); - if(!meta.empty() && meta[0]=="1") { + if (!meta.empty() && meta[0] == "1") { logPrefix = "I" + logPrefix; // XFR -> IXFR vector axfr; - g_log< AXFR - bool firstNSEC3=true; + if (!axfr.empty()) { + g_log << Logger::Notice << logPrefix << "IXFR turned into an AXFR" << endl; + logPrefix[0] = 'A'; // IXFR -> AXFR + bool firstNSEC3 = true; rrs.reserve(axfr.size()); - for(const auto& dr : axfr) { + for (const auto& dr : axfr) { auto rr = DNSResourceRecord::fromWire(dr); (rr.qname += domain).makeUsLowerCase(); rr.domain_id = zs.domain_id; - if(!processRecordForZS(domain, firstNSEC3, rr, zs)) + if (!processRecordForZS(domain, firstNSEC3, rr, zs)) continue; - if(dr.d_type == QType::SOA) { + if (dr.d_type == QType::SOA) { auto sd = getRR(dr); zs.soa_serial = sd->d_st.serial; } @@ -774,18 +772,18 @@ void CommunicatorClass::suck(const DNSName &domain, const ComboAddress& remote, } } else { - g_log< AXFR - g_log<startTransaction(domain, zs.domain_id); - g_log<startTransaction(domain, zs.domain_id); + g_log << Logger::Info << logPrefix << "storage transaction started" << endl; // update the presigned flag and NSEC3PARAM if (zs.isDnssecZone) { @@ -828,25 +825,24 @@ void CommunicatorClass::suck(const DNSName &domain, const ComboAddress& remote, if (zs.isPresigned && !hadPresigned) { // zone is now presigned dk.setPresigned(domain); - } else if (hadPresigned && !zs.isPresigned) { + } + else if (hadPresigned && !zs.isPresigned) { // zone is no longer presigned dk.unsetPresigned(domain); } // update NSEC3PARAM if (zs.isNSEC3) { // zone is NSEC3, only update if there was a change - if (!hadNSEC3 || (hadNarrow != zs.isNarrow) || - (zs.ns3pr.d_algorithm != hadNs3pr.d_algorithm) || - (zs.ns3pr.d_flags != hadNs3pr.d_flags) || - (zs.ns3pr.d_iterations != hadNs3pr.d_iterations) || - (zs.ns3pr.d_salt != hadNs3pr.d_salt)) { + if (!hadNSEC3 || (hadNarrow != zs.isNarrow) || (zs.ns3pr.d_algorithm != hadNs3pr.d_algorithm) || (zs.ns3pr.d_flags != hadNs3pr.d_flags) || (zs.ns3pr.d_iterations != hadNs3pr.d_iterations) || (zs.ns3pr.d_salt != hadNs3pr.d_salt)) { dk.setNSEC3PARAM(domain, zs.ns3pr, zs.isNarrow); } - } else if (hadNSEC3 ) { - // zone is no longer NSEC3 - dk.unsetNSEC3PARAM(domain); } - } else if (hadDnssecZone) { + else if (hadNSEC3) { + // zone is no longer NSEC3 + dk.unsetNSEC3PARAM(domain); + } + } + else if (hadDnssecZone) { // zone is no longer signed if (hadPresigned) { // remove presigned @@ -858,136 +854,141 @@ void CommunicatorClass::suck(const DNSName &domain, const ComboAddress& remote, } } - bool doent=true; + bool doent = true; uint32_t maxent = ::arg().asNum("max-ent-entries"); DNSName shorter, ordername; set rrterm; - map nonterm; - + map nonterm; - for(DNSResourceRecord& rr : rrs) { - if(!zs.isPresigned) { + for (DNSResourceRecord& rr : rrs) { + if (!zs.isPresigned) { if (rr.qtype.getCode() == QType::RRSIG) continue; - if(zs.isDnssecZone && rr.qtype.getCode() == QType::DNSKEY && !::arg().mustDo("direct-dnskey")) + if (zs.isDnssecZone && rr.qtype.getCode() == QType::DNSKEY && !::arg().mustDo("direct-dnskey")) continue; } // Figure out auth and ents - rr.auth=true; - shorter=rr.qname; + rr.auth = true; + shorter = rr.qname; rrterm.clear(); do { - if(doent) { + if (doent) { if (!zs.qnames.count(shorter)) rrterm.insert(shorter); } - if(zs.nsset.count(shorter) && rr.qtype.getCode() != QType::DS) - rr.auth=false; + if (zs.nsset.count(shorter) && rr.qtype.getCode() != QType::DS) + rr.auth = false; - if (shorter==domain) // stop at apex + if (shorter == domain) // stop at apex break; - }while(shorter.chopOff()); + } while (shorter.chopOff()); // Insert ents - if(doent && !rrterm.empty()) { + if (doent && !rrterm.empty()) { bool auth; if (!rr.auth && rr.qtype.getCode() == QType::NS) { if (zs.isNSEC3) - ordername=DNSName(toBase32Hex(hashQNameWithSalt(zs.ns3pr, rr.qname))); - auth=(!zs.isNSEC3 || !zs.optOutFlag || zs.secured.count(ordername)); - } else - auth=rr.auth; + ordername = DNSName(toBase32Hex(hashQNameWithSalt(zs.ns3pr, rr.qname))); + auth = (!zs.isNSEC3 || !zs.optOutFlag || zs.secured.count(ordername)); + } + else + auth = rr.auth; - for(const auto &nt: rrterm){ + for (const auto& nt : rrterm) { if (!nonterm.count(nt)) - nonterm.insert(pair(nt, auth)); - else if (auth) - nonterm[nt]=true; + nonterm.insert(pair(nt, auth)); + else if (auth) + nonterm[nt] = true; } - if(nonterm.size() > maxent) { - g_log< maxent) { + g_log << Logger::Warning << logPrefix << "zone has too many empty non terminals" << endl; nonterm.clear(); - doent=false; + doent = false; } } // RRSIG is always auth, even inside a delegation if (rr.qtype.getCode() == QType::RRSIG) - rr.auth=true; + rr.auth = true; // Add ordername and insert record if (zs.isDnssecZone && rr.qtype.getCode() != QType::RRSIG) { if (zs.isNSEC3) { // NSEC3 - ordername=DNSName(toBase32Hex(hashQNameWithSalt(zs.ns3pr, rr.qname))); - if(!zs.isNarrow && (rr.auth || (rr.qtype.getCode() == QType::NS && (!zs.optOutFlag || zs.secured.count(ordername))))) { + ordername = DNSName(toBase32Hex(hashQNameWithSalt(zs.ns3pr, rr.qname))); + if (!zs.isNarrow && (rr.auth || (rr.qtype.getCode() == QType::NS && (!zs.optOutFlag || zs.secured.count(ordername))))) { di.backend->feedRecord(rr, ordername, true); - } else + } + else di.backend->feedRecord(rr, DNSName()); - } else { + } + else { // NSEC if (rr.auth || rr.qtype.getCode() == QType::NS) { - ordername=rr.qname.makeRelative(domain); + ordername = rr.qname.makeRelative(domain); di.backend->feedRecord(rr, ordername); - } else + } + else di.backend->feedRecord(rr, DNSName()); } - } else + } + else di.backend->feedRecord(rr, DNSName()); } // Insert empty non-terminals - if(doent && !nonterm.empty()) { + if (doent && !nonterm.empty()) { if (zs.isNSEC3) { di.backend->feedEnts3(zs.domain_id, domain, nonterm, zs.ns3pr, zs.isNarrow); - } else + } + else di.backend->feedEnts(zs.domain_id, nonterm); } di.backend->commitTransaction(); transaction = false; di.backend->setFresh(zs.domain_id); - purgeAuthCaches(domain.toString()+"$"); + purgeAuthCaches(domain.toString() + "$"); - g_log< meta; - if(B.getDomainMetadata(domain, "SLAVE-RENOTIFY", meta ) && !meta.empty()) { - doNotify=(meta.front() == "1"); - } else { - doNotify=(::arg().mustDo("slave-renotify")); + if (B.getDomainMetadata(domain, "SLAVE-RENOTIFY", meta) && !meta.empty()) { + doNotify = (meta.front() == "1"); } - if(doNotify) { + else { + doNotify = (::arg().mustDo("slave-renotify")); + } + if (doNotify) { notifyDomain(domain, &B); } - } - catch(DBException &re) { - g_log<abortTransaction(); } } - catch(const MOADNSException &mde) { - g_log<abortTransaction(); } } - catch(std::exception &re) { - g_log<abortTransaction(); } } - catch(ResolverException &re) { + catch (ResolverException& re) { { auto data = d_data.lock(); // The AXFR probably failed due to a problem on the primary server. If SOA-checks against this primary @@ -1003,20 +1004,21 @@ void CommunicatorClass::suck(const DNSName &domain, const ComboAddress& remote, data->d_failedSecondaryRefresh[domain] = {newCount, nextCheck}; g_log << Logger::Warning << logPrefix << "unable to xfr zone (ResolverException): " << re.reason << " (This was attempt number " << newCount << ". Excluding zone from secondary-checks until " << nextCheck << ")" << endl; } - if(di.backend && transaction) { - g_log<abortTransaction(); } } - catch(PDNSException &ae) { - g_log<abortTransaction(); } } } -namespace { +namespace +{ struct DomainNotificationInfo { DomainInfo di; @@ -1031,7 +1033,8 @@ struct SecondarySenderReceiver { typedef std::tuple Identifier; - struct Answer { + struct Answer + { uint32_t theirSerial; uint32_t theirInception; uint32_t theirExpire; @@ -1060,8 +1063,8 @@ struct SecondarySenderReceiver nullptr, dni.dnssecOk, dni.tsigkeyname, dni.tsigalgname, dni.tsigsecret)}; } - catch(PDNSException& e) { - throw runtime_error("While attempting to query freshness of '"+dni.di.zone.toLogString()+"': "+e.reason); + catch (PDNSException& e) { + throw runtime_error("While attempting to query freshness of '" + dni.di.zone.toLogString() + "': " + e.reason); } } @@ -1072,7 +1075,7 @@ struct SecondarySenderReceiver void deliverAnswer(const DomainNotificationInfo& dni, const Answer& a, unsigned int /* usec */) { - d_freshness[dni.di.id]=a; + d_freshness[dni.di.id] = a; } Resolver d_resolver; @@ -1111,9 +1114,10 @@ void CommunicatorClass::addTryAutoPrimaryRequest(const DNSPacket& p) void CommunicatorClass::secondaryRefresh(PacketHandler* P) { // not unless we are secondary - if (!::arg().mustDo("secondary")) return; + if (!::arg().mustDo("secondary")) + return; - UeberBackend *B=P->getBackend(); + UeberBackend* B = P->getBackend(); vector rdomains; vector sdomains; set trysuperdomains; @@ -1121,9 +1125,9 @@ void CommunicatorClass::secondaryRefresh(PacketHandler* P) auto data = d_data.lock(); set requeue; rdomains.reserve(data->d_tocheck.size()); - for (const auto& di: data->d_tocheck) { + for (const auto& di : data->d_tocheck) { if (data->d_inprogress.count(di.zone)) { - g_log<d_failedSecondaryRefresh.erase(di.zone); } else { - g_log<d_potentialautoprimaries.clear(); } - for(const DNSPacket& dp : trysuperdomains) { + for (const DNSPacket& dp : trysuperdomains) { // get the TSIG key name TSIGRecordContent trc; DNSName tsigkeyname; dp.getTSIGDetails(&trc, &tsigkeyname); P->tryAutoPrimarySynchronous(dp, tsigkeyname); // FIXME could use some error logging } - if(rdomains.empty()) { // if we have priority domains, check them first + if (rdomains.empty()) { // if we have priority domains, check them first B->getUnfreshSecondaryInfos(&rdomains); } sdomains.reserve(rdomains.size()); @@ -1161,27 +1165,27 @@ void CommunicatorClass::secondaryRefresh(PacketHandler* P) bool checkSignatures = ::arg().mustDo("secondary-check-signature-freshness") && dk.doesDNSSEC(); { auto data = d_data.lock(); - domains_by_name_t& nameindex=boost::multi_index::get(data->d_suckdomains); + domains_by_name_t& nameindex = boost::multi_index::get(data->d_suckdomains); time_t now = time(nullptr); - for(DomainInfo& di : rdomains) { + for (DomainInfo& di : rdomains) { const auto failed = data->d_failedSecondaryRefresh.find(di.zone); if (failed != data->d_failedSecondaryRefresh.end() && now < failed->second.second) { // If the domain has failed before and the time before the next check has not expired, skip this domain - g_log<second.second<second.second << endl; continue; } std::vector localaddr; SuckRequest sr; - sr.domain=di.zone; + sr.domain = di.zone; if (di.primaries.empty()) // secondary domains w/o primaries are ignored continue; // remove unfresh domains already queued for AXFR, no sense polling them again sr.primary = *di.primaries.begin(); - if(nameindex.count(sr)) { // this does NOT however protect us against AXFRs already in progress! + if (nameindex.count(sr)) { // this does NOT however protect us against AXFRs already in progress! continue; } - if(data->d_inprogress.count(sr.domain)) { // this does + if (data->d_inprogress.count(sr.domain)) { // this does continue; } @@ -1192,35 +1196,35 @@ void CommunicatorClass::secondaryRefresh(PacketHandler* P) if (dk.getTSIGForAccess(di.zone, sr.primary, &dni.tsigkeyname)) { string secret64; if (!B->getTSIGKey(dni.tsigkeyname, dni.tsigalgname, secret64)) { - g_log<getDomainMetadata(di.zone, "AXFR-SOURCE", localaddr) && !localaddr.empty()) { + if (B->getDomainMetadata(di.zone, "AXFR-SOURCE", localaddr) && !localaddr.empty()) { try { dni.localaddr = ComboAddress(localaddr[0]); - g_log<d_suckdomains.size() << " queued for AXFR already, " << data->d_inprogress.size() << " in progress" << endl; @@ -1239,37 +1243,38 @@ void CommunicatorClass::secondaryRefresh(PacketHandler* P) ifl.d_maxInFlight = 200; - for(;;) { + for (;;) { try { ifl.run(); break; } - catch(std::exception& e) { - g_log<getDomainInfo(di.zone, tempdi, false)) { - g_log<d_failedSecondaryRefresh.find(di.zone); @@ -1286,11 +1291,10 @@ void CommunicatorClass::secondaryRefresh(PacketHandler* P) time_t nextCheck = now + std::min(newCount * d_tickinterval, (uint64_t)::arg().asNum("default-ttl")); data->d_failedSecondaryRefresh[di.zone] = {newCount, nextCheck}; if (newCount == 1) { - g_log<get(zr); if (hasSOA) { fillSOAData(zr, sd); - while(B->get(zr)); + while (B->get(zr)) + ; } } - catch(...) {} + catch (...) { + } uint32_t theirserial = ssr.d_freshness[di.id].theirSerial; uint32_t ourserial = sd.serial; const ComboAddress remote = *di.primaries.begin(); - if(hasSOA && rfc1982LessThan(theirserial, ourserial) && !::arg().mustDo("axfr-lower-serial")) { + if (hasSOA && rfc1982LessThan(theirserial, ourserial) && !::arg().mustDo("axfr-lower-serial")) { g_log << Logger::Warning << "Domain '" << di.zone << "' more recent than primary " << remote.toStringWithPortExcept(53) << ", our serial " << ourserial << " > their serial " << theirserial << endl; di.backend->setFresh(di.id); } - else if(hasSOA && theirserial == ourserial) { - uint32_t maxExpire=0, maxInception=0; - if(checkSignatures && dk.isPresigned(di.zone)) { + else if (hasSOA && theirserial == ourserial) { + uint32_t maxExpire = 0, maxInception = 0; + if (checkSignatures && dk.isPresigned(di.zone)) { B->lookup(QType(QType::RRSIG), di.zone, di.id); // can't use DK before we are done with this lookup! DNSZoneRecord zr; - while(B->get(zr)) { + while (B->get(zr)) { auto rrsig = getRR(zr.dr); - if(rrsig->d_type == QType::SOA) { + if (rrsig->d_type == QType::SOA) { maxInception = std::max(maxInception, rrsig->d_siginception); maxExpire = std::max(maxExpire, rrsig->d_sigexpire); } @@ -1347,23 +1353,23 @@ void CommunicatorClass::secondaryRefresh(PacketHandler* P) prio = SuckRequest::Notify; } - if(! maxInception && ! ssr.d_freshness[di.id].theirInception) { + if (!maxInception && !ssr.d_freshness[di.id].theirInception) { g_log << Logger::Info << "Domain '" << di.zone << "' is fresh (no DNSSEC), serial is " << ourserial << " (checked primary " << remote.toStringWithPortExcept(53) << ")" << endl; di.backend->setFresh(di.id); } - else if(maxInception == ssr.d_freshness[di.id].theirInception && maxExpire == ssr.d_freshness[di.id].theirExpire) { + else if (maxInception == ssr.d_freshness[di.id].theirInception && maxExpire == ssr.d_freshness[di.id].theirExpire) { g_log << Logger::Info << "Domain '" << di.zone << "' is fresh and SOA RRSIGs match, serial is " << ourserial << " (checked primary " << remote.toStringWithPortExcept(53) << ")" << endl; di.backend->setFresh(di.id); } - else if(maxExpire >= now && ! ssr.d_freshness[di.id].theirInception ) { + else if (maxExpire >= now && !ssr.d_freshness[di.id].theirInception) { g_log << Logger::Info << "Domain '" << di.zone << "' is fresh, primary " << remote.toStringWithPortExcept(53) << " is no longer signed but (some) signatures are still valid, serial is " << ourserial << endl; di.backend->setFresh(di.id); } - else if(maxInception && ! ssr.d_freshness[di.id].theirInception ) { + else if (maxInception && !ssr.d_freshness[di.id].theirInception) { g_log << Logger::Notice << "Domain '" << di.zone << "' is stale, primary " << remote.toStringWithPortExcept(53) << " is no longer signed and all signatures have expired, serial is " << ourserial << endl; addSuckRequest(di.zone, remote, prio); } - else if(dk.doesDNSSEC() && ! maxInception && ssr.d_freshness[di.id].theirInception) { + else if (dk.doesDNSSEC() && !maxInception && ssr.d_freshness[di.id].theirInception) { g_log << Logger::Notice << "Domain '" << di.zone << "' is stale, primary " << remote.toStringWithPortExcept(53) << " has signed, serial is " << ourserial << endl; addSuckRequest(di.zone, remote, prio); } @@ -1389,16 +1395,18 @@ void CommunicatorClass::secondaryRefresh(PacketHandler* P) } } -vector > CommunicatorClass::getSuckRequests() { - vector > ret; +vector> CommunicatorClass::getSuckRequests() +{ + vector> ret; auto data = d_data.lock(); ret.reserve(data->d_suckdomains.size()); - for (auto const &d : data->d_suckdomains) { + for (auto const& d : data->d_suckdomains) { ret.emplace_back(d.domain, d.primary); } return ret; } -size_t CommunicatorClass::getSuckRequestsWaiting() { +size_t CommunicatorClass::getSuckRequestsWaiting() +{ return d_data.lock()->d_suckdomains.size(); } -- 2.47.2