Fix for ticket 460, as attached to that ticket. Code & debugging by

s.hoogeveen@nederhost.nl.  Additional help in debugging by Totaalnet, Miek
Gieben en Roland van Rijswijk.
This fixes presigned wildcard record signatures. (r2674)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2676 d19b8d6e-7fed-0310-83ef-9ca221ded41b

diff --git a/pdns/dbdnsseckeeper.cc b/pdns/dbdnsseckeeper.cc
index 89a769c46687a827df6b43349d540cb70c72ce73..5f43ff300fef50b3acb7d56141be88bb8bce423c 100644 (file)
--- a/pdns/dbdnsseckeeper.cc
+++ b/pdns/dbdnsseckeeper.cc
@@ -342,16 +342,19 @@ bool DNSSECKeeper::secureZone(const std::string& name, int algorithm)
   return addKey(name, true, algorithm);
 }
 
-bool DNSSECKeeper::getPreRRSIGs(DNSBackend& db, const std::string& signer, const std::string& qname, const QType& qtype, 
+bool DNSSECKeeper::getPreRRSIGs(DNSBackend& db, const std::string& signer, const std::string& qname, 
+       const std::string& wildcardname, const QType& qtype, 
        DNSPacketWriter::Place signPlace, vector<DNSResourceRecord>& rrsigs)
 {
-  // cerr<<"Doing DB lookup for precomputed RRSIGs for '"<<qname<<"'"<<endl;
-       db.lookup(QType(QType::RRSIG), qname);
+  // cerr<<"Doing DB lookup for precomputed RRSIGs for '"<<(wildcardname.empty() ? qname : wildcardname)<<"'"<<endl;
+       db.lookup(QType(QType::RRSIG), wildcardname.empty() ? qname : wildcardname);
        DNSResourceRecord rr;
        while(db.get(rr)) { 
                // cerr<<"Considering for '"<<qtype.getName()<<"' RRSIG '"<<rr.content<<"'\n";
                if(boost::starts_with(rr.content, qtype.getName()+" ")) {
                        // cerr<<"Got it"<<endl;
+                       if (!wildcardname.empty())
+                               rr.qname = qname;
                        rr.d_place = (DNSResourceRecord::Place)signPlace;
                        rrsigs.push_back(rr);
                }

diff --git a/pdns/dnsseckeeper.hh b/pdns/dnsseckeeper.hh
index 22b4b61be2ed36c60088724f225031bab3624735..3afcd8c993012bc33d5829c5a664d607d950907c 100644 (file)
--- a/pdns/dnsseckeeper.hh
+++ b/pdns/dnsseckeeper.hh
@@ -81,7 +81,7 @@ public:
   void setNSEC3PARAM(const std::string& zname, const NSEC3PARAMRecordContent& n3p, const bool& narrow=false);
   void unsetNSEC3PARAM(const std::string& zname);
   void clearCaches(const std::string& name);
-  bool getPreRRSIGs(DNSBackend& db, const std::string& signer, const std::string& qname, const QType& qtype, DNSPacketWriter::Place, vector<DNSResourceRecord>& rrsigs);
+  bool getPreRRSIGs(DNSBackend& db, const std::string& signer, const std::string& qname, const std::string& wildcardname, const QType& qtype, DNSPacketWriter::Place, vector<DNSResourceRecord>& rrsigs);
   bool isPresigned(const std::string& zname);
   void setPresigned(const std::string& zname);
   void unsetPresigned(const std::string& zname);

diff --git a/pdns/dnssecsigner.cc b/pdns/dnssecsigner.cc
index 3002de487a199c67a8130adabe898386f1844241..f41bbb7c0628f33de63570b3f1f9075e75487b76 100644 (file)
--- a/pdns/dnssecsigner.cc
+++ b/pdns/dnssecsigner.cc
@@ -84,7 +84,7 @@ void addSignature(DNSSECKeeper& dk, DNSBackend& db, const std::string& signer, c
   vector<RRSIGRecordContent> rrcs;
   if(dk.isPresigned(signer)) {
     //cerr<<"Doing presignatures"<<endl;
-    dk.getPreRRSIGs(db, signer, signQName, QType(signQType), signPlace, outsigned); // does it all
+    dk.getPreRRSIGs(db, signer, signQName, wildcardname, QType(signQType), signPlace, outsigned); // does it all
   }
   else {
     if(getRRSIGsForRRSET(dk, signer, wildcardname.empty() ? signQName : wildcardname, signQType, signTTL, toSign, rrcs, signQType == QType::DNSKEY) < 0)  {