JSON_ADD_MEMBER(query, "method", "createSlaveDomain", query.GetAllocator());
parameters.SetObject();
JSON_ADD_MEMBER(parameters, "ip", ip.c_str(), query.GetAllocator());
- JSON_ADD_MEMBER_DNSNAME(parameters, "domain", domain. query.GetAllocator());
+ JSON_ADD_MEMBER_DNSNAME(parameters, "domain", domain, query.GetAllocator());
JSON_ADD_MEMBER(parameters, "nameserver", nameserver.c_str(), query.GetAllocator());
JSON_ADD_MEMBER(parameters, "account", account.c_str(), query.GetAllocator());
query.AddMember("parameters", parameters, query.GetAllocator());
return std::lexicographical_compare(ours.rbegin(), ours.rend(), rhsLabels.rbegin(), rhsLabels.rend(), CIStringCompare());
}
-bool DNSName::chopOff()
+bool DNSName::chopOff()
{
if(d_storage.empty())
return false;
}); // note that this is case insensitive, including on the label lengths
}
- bool canonCompare(const DNSName& rhs) const;
-
template<class Archive>
void serialize(Archive &ar, const unsigned int version)
{
static std::string unescapeLabel(const std::string& orig);
};
-struct CanonDNSNameCompare: public std::binary_function<DNSName, DNSName, bool>
-{
- bool operator()(const DNSName&a, const DNSName& b) const
- {
- return a.canonCompare(b);
- }
-};
size_t hash_value(DNSName const& d);
struct CanonDNSNameCompare: public std::binary_function<DNSName, DNSName, bool>
{
TSIGHashEnum algo;
if (!getTSIGHashEnum(trc->d_algoName, algo)) {
- throw PDNSException(string("Unsupported TSIG HMAC algorithm ") + trc->d_algoName);
+ throw PDNSException(string("Unsupported TSIG HMAC algorithm ") + trc->d_algoName.toString());
}
string toSign;
if (algo == TSIG_GSS) {
if (!gss_add_signature(tsigkeyname, toSign, trc->d_mac)) {
- throw PDNSException(string("Could not add TSIG signature with algorithm 'gss-tsig' and key name '")+tsigkeyname+string("'"));
+ throw PDNSException(string("Could not add TSIG signature with algorithm 'gss-tsig' and key name '")+tsigkeyname.toString()+string("'"));
}
} else {
trc->d_mac = calculateHMAC(tsigsecret, toSign, algo);
#endif
-bool gss_add_signature(const std::string& context, const std::string& message, std::string& mac) {
+bool gss_add_signature(const DNSName& context, const std::string& message, std::string& mac) {
string tmp_mac;
- GssContext gssctx(context);
+ GssContext gssctx(context.toStringNoDot());
if (!gssctx.valid()) {
- L<<Logger::Error<<"GSS context '"<<context<<"' is not valid"<<endl;
+ L<<Logger::Error<<"GSS context '"<<context.toString()<<"' is not valid"<<endl;
BOOST_FOREACH(const string& error, gssctx.getErrorStrings()) {
L<<Logger::Error<<"GSS error: "<<error<<endl;;
}
}
if (!gssctx.sign(message, tmp_mac)) {
- L<<Logger::Error<<"Could not sign message using GSS context '"<<context<<"'"<<endl;
+ L<<Logger::Error<<"Could not sign message using GSS context '"<<context.toString()<<"'"<<endl;
BOOST_FOREACH(const string& error, gssctx.getErrorStrings()) {
L<<Logger::Error<<"GSS error: "<<error<<endl;;
}
return true;
}
-bool gss_verify_signature(const std::string& context, const std::string& message, const std::string& mac) {
- GssContext gssctx(context);
+bool gss_verify_signature(const DNSName& context, const std::string& message, const std::string& mac) {
+ GssContext gssctx(context.toStringNoDot());
if (!gssctx.valid()) {
- L<<Logger::Error<<"GSS context '"<<context<<"' is not valid"<<endl;
+ L<<Logger::Error<<"GSS context '"<<context.toString()<<"' is not valid"<<endl;
BOOST_FOREACH(const string& error, gssctx.getErrorStrings()) {
L<<Logger::Error<<"GSS error: "<<error<<endl;;
}
}
if (!gssctx.verify(message, mac)) {
- L<<Logger::Error<<"Could not verify message using GSS context '"<<context<<"'"<<endl;
+ L<<Logger::Error<<"Could not verify message using GSS context '"<<context.toString()<<"'"<<endl;
BOOST_FOREACH(const string& error, gssctx.getErrorStrings()) {
L<<Logger::Error<<"GSS error: "<<error<<endl;;
}
boost::shared_ptr<GssSecContext> d_ctx; //<! Attached security context
};
-bool gss_add_signature(const std::string& context, const std::string& message, std::string& mac); //<! Create signature
-bool gss_verify_signature(const std::string& context, const std::string& message, const std::string& mac); //<! Validate signature
+bool gss_add_signature(const DNSName& context, const std::string& message, std::string& mac); //<! Create signature
+bool gss_verify_signature(const DNSName& context, const std::string& message, const std::string& mac); //<! Validate signature
#endif
return 0;
}
-bool getTSIGHashEnum(const string &algoName, TSIGHashEnum& algoEnum)
+bool getTSIGHashEnum(const DNSName& algoName, TSIGHashEnum& algoEnum)
{
- string normalizedName = toLowerCanonic(algoName);
-
- if (normalizedName == "hmac-md5.sig-alg.reg.int" || normalizedName == "hmac-md5")
+ if (algoName == "hmac-md5.sig-alg.reg.int." || algoName == "hmac-md5.") // FIXME
algoEnum = TSIG_MD5;
- else if (normalizedName == "hmac-sha1")
+ else if (algoName == "hmac-sha1.")
algoEnum = TSIG_SHA1;
- else if (normalizedName == "hmac-sha224")
+ else if (algoName == "hmac-sha224.")
algoEnum = TSIG_SHA224;
- else if (normalizedName == "hmac-sha256")
+ else if (algoName == "hmac-sha256.")
algoEnum = TSIG_SHA256;
- else if (normalizedName == "hmac-sha384")
+ else if (algoName == "hmac-sha384.")
algoEnum = TSIG_SHA384;
- else if (normalizedName == "hmac-sha512")
+ else if (algoName == "hmac-sha512.")
algoEnum = TSIG_SHA512;
- else if (normalizedName == "gss-tsig")
+ else if (algoName == "gss-tsig.")
algoEnum = TSIG_GSS;
else {
return false;
return true;
}
-string getTSIGAlgoName(TSIGHashEnum& algoEnum)
+DNSName getTSIGAlgoName(TSIGHashEnum& algoEnum)
{
switch(algoEnum) {
- case TSIG_MD5: return "hmac-md5.sig-alg.reg.int";
- case TSIG_SHA1: return "hmac-sha1";
- case TSIG_SHA224: return "hmac-sha224";
- case TSIG_SHA256: return "hmac-sha256";
- case TSIG_SHA384: return "hmac-sha384";
- case TSIG_SHA512: return "hmac-sha512";
- case TSIG_GSS: return "gss-tsig";
+ case TSIG_MD5: return "hmac-md5.sig-alg.reg.int.";
+ case TSIG_SHA1: return "hmac-sha1.";
+ case TSIG_SHA224: return "hmac-sha224.";
+ case TSIG_SHA256: return "hmac-sha256.";
+ case TSIG_SHA384: return "hmac-sha384.";
+ case TSIG_SHA512: return "hmac-sha512.";
+ case TSIG_GSS: return "gss-tsig.";
}
throw PDNSException("getTSIGAlgoName does not understand given algorithm, please fix!");
}
uint32_t getLong(const unsigned char *p);
uint32_t getLong(const char *p);
uint32_t pdns_strtoui(const char *nptr, char **endptr, int base);
-bool getTSIGHashEnum(const string &algoName, TSIGHashEnum& algoEnum);
-string getTSIGAlgoName(TSIGHashEnum& algoEnum);
+bool getTSIGHashEnum(const DNSName& algoName, TSIGHashEnum& algoEnum);
+DNSName getTSIGAlgoName(TSIGHashEnum& algoEnum);
int logFacilityToLOG(unsigned int facility);
} else {
getTSIGHashEnum(trc.d_algoName, p->d_tsig_algo);
if (p->d_tsig_algo == TSIG_GSS) {
- GssContext gssctx(keyname);
+ GssContext gssctx(keyname.toStringNoDot());
if (!gssctx.getPeerPrincipal(p->d_peer_principal)) {
- L<<Logger::Warning<<"Failed to extract peer principal from GSS context with keyname '"<<keyname<<"'"<<endl;
+ L<<Logger::Warning<<"Failed to extract peer principal from GSS context with keyname '"<<keyname.toString()<<"'"<<endl;
}
}
}
// Check for delegation in parent zone
- string parent(zone);
- while(chopOff(parent)) {
+ DNSName parent(zone);
+ while(parent.chopOff()) {
SOAData sd_p;
if(B.getSOAUncached(parent, sd_p)) {
bool ns=false;
while(B.get(rr))
ns |= (rr.qtype == QType::NS);
if (!ns) {
- cerr<<"[Error] No delegation for zone '"<<zone<<"' in parent '"<<parent<<"'"<<endl;
+ cerr<<"[Error] No delegation for zone '"<<zone.toString()<<"' in parent '"<<parent.toString()<<"'"<<endl;
numerrors++;
}
break;
} else if (rr.qtype.getCode() == QType::DNSKEY) {
cout<<"[Warning] DNSKEY record not at apex '"<<rr.qname.toString()<<" IN "<<rr.qtype.getName()<<" "<<rr.content<<"' in zone '"<<zone.toString()<<"', should not be here."<<endl;
numwarnings++;
- } else if (rr.qtype.getCode() == QType::NS && endsOn(rr.content, rr.qname)) {
+ } else if (rr.qtype.getCode() == QType::NS && DNSName(rr.content).isPartOf(rr.qname)) {
checkglue.insert(toLower(rr.content));
} else if (rr.qtype.getCode() == QType::A || rr.qtype.getCode() == QType::AAAA) {
- glue.insert(toLower(rr.qname));
+ glue.insert(toLower(rr.qname.toString()));
}
}
for(const DomainInfo& di: domains) {
size_t nr,nc,nm,nk;
DNSResourceRecord rr;
- cout<<"Processing '"<<di.zone<<"'"<<endl;
+ cout<<"Processing '"<<di.zone.toString()<<"'"<<endl;
// create zone
if (!tgt->createDomain(di.zone)) throw PDNSException("Failed to create zone");
tgt->setKind(di.zone, di.kind);
}
if (algo == TSIG_GSS) {
- GssContext gssctx(d_tsigkeyname);
+ GssContext gssctx(d_tsigkeyname.toStringNoDot());
if (!gss_verify_signature(d_tsigkeyname, message, theirMac)) {
- throw ResolverException("Signature failed to validate on AXFR response from "+d_remote.toStringWithPort()+" signed with TSIG key '"+d_tsigkeyname+"'");
+ throw ResolverException("Signature failed to validate on AXFR response from "+d_remote.toStringWithPort()+" signed with TSIG key '"+d_tsigkeyname.toString()+"'");
}
} else {
string ourMac=calculateHMAC(d_tsigsecret, message, algo);
return 0;
}
-ChunkedSigningPipe::ChunkedSigningPipe(const DNSName& signerName, bool mustSign, const pdns::string& servers, unsigned int workers)
+ChunkedSigningPipe::ChunkedSigningPipe(const DNSName& signerName, bool mustSign, const string& servers, unsigned int workers)
: d_queued(0), d_outstanding(0), d_signer(signerName), d_maxchunkrecords(100), d_numworkers(workers), d_tids(d_numworkers),
d_mustSign(mustSign), d_final(false), d_submitted(0)
{
typedef vector<DNSResourceRecord> rrset_t;
typedef rrset_t chunk_t; // for now
- ChunkedSigningPipe(const DNSName& signerName, bool mustSign, /* FIXME servers is unused? */ const pdns::string& servers=pdns::string(), unsigned int numWorkers=3);
+ ChunkedSigningPipe(const DNSName& signerName, bool mustSign, /* FIXME servers is unused? */ const string& servers=string(), unsigned int numWorkers=3);
~ChunkedSigningPipe();
bool submit(const DNSResourceRecord& rr);
chunk_t getChunk(bool final=false);
} else {
getTSIGHashEnum(trc.d_algoName, q->d_tsig_algo);
if (q->d_tsig_algo == TSIG_GSS) {
- GssContext gssctx(keyname);
+ GssContext gssctx(keyname.toStringNoDot());
if (!gssctx.getPeerPrincipal(q->d_peer_principal)) {
L<<Logger::Warning<<"Failed to extract peer principal from GSS context with keyname '"<<keyname<<"'"<<endl;
}
void PacketHandler::tkeyHandler(DNSPacket *p, DNSPacket *r) {
TKEYRecordContent tkey_in;
std::shared_ptr<TKEYRecordContent> tkey_out(new TKEYRecordContent());
- string label;
+ DNSName label;
bool sign = false;
if (!p->getTKEYRecord(&tkey_in, &label)) {
tkey_out->d_inception = time((time_t*)NULL);
tkey_out->d_expiration = tkey_out->d_inception+15;
- GssContext ctx(label);
+ GssContext ctx(label.toStringNoDot());
if (tkey_in.d_mode == 3) { // establish context
if (tkey_in.d_algo == "gss-tsig.") {
std::vector<std::string> meta;
- string tmpLabel = toLowerCanonic(label);
- bool ok = true;
- while(ok) {
+ DNSName tmpLabel(label);
+ do {
if (B.getDomainMetadata(tmpLabel, "GSS-ACCEPTOR-PRINCIPAL", meta) && meta.size()>0) {
break;
}
- ok = chopOff(tmpLabel);
- }
+ } while(tmpLabel.chopOff());
if (meta.size()>0) {
ctx.setLocalPrincipal(meta[0]);
trc.d_eRcode = 0;
trc.d_otherData = "";
// this should cause it to lookup label context
- r->setTSIGDetails(trc, label, label, "", false);
+ r->setTSIGDetails(trc, label, label.toStringNoDot(), "", false);
}
r->commitD();
projects / pdns / commitdiff