return addS(c.size());
}
+template<typename C>
+const typename C::value_type::second_type* rplookup(const C& c, const typename C::value_type::first_type& key)
+{
+ auto fnd = c.find(key);
+ if(fnd == c.end())
+ return 0;
+ return &fnd->second;
+}
+
double DiffTime(const struct timespec& first, const struct timespec& second);
double DiffTime(const struct timeval& first, const struct timeval& second);
uid_t strToUID(const string &str);
LuaConfigItems::LuaConfigItems()
{
+ auto ds=std::unique_ptr<DSRecordContent>(dynamic_cast<DSRecordContent*>(DSRecordContent::make("19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5")));
+ // this hurts physically
+ dsAnchors[DNSName(".")] = *ds;
}
/* DID YOU READ THE STORY ABOVE? */
theL()<<Logger::Error<<"Error in addSortList: "<<e.what()<<endl;
}
});
+
+ Lua.writeFunction("addDS", [&lci](const std::string& who, const std::string& what) {
+ lci.dsAnchors[DNSName(who)]= *std::unique_ptr<DSRecordContent>(dynamic_cast<DSRecordContent*>(DSRecordContent::make(what)));
+ });
+
+ Lua.writeFunction("clearDS", [&lci](boost::optional<string> who) {
+ if(who)
+ lci.dsAnchors.erase(DNSName(*who));
+ else
+ lci.dsAnchors.clear();
+ });
+
try {
Lua.executeCode(ifs);
g_luaconfs.setState(lci);
}
+ catch(const LuaContext::ExecutionErrorException& e) {
+ theL()<<Logger::Error<<"Unable to load Lua script from '"+fname+"': ";
+ try {
+ std::rethrow_if_nested(e);
+ } catch(const std::exception& e) {
+ // e is the exception that was thrown from inside the lambda
+ theL() << e.what() << std::endl;
+ }
+ catch(const PDNSException& e) {
+ // e is the exception that was thrown from inside the lambda
+ theL() << e.reason << std::endl;
+ }
+ throw;
+
+ }
catch(std::exception& err) {
theL()<<Logger::Error<<"Unable to load Lua script from '"+fname+"': "<<err.what()<<endl;
+ throw;
}
}
LuaConfigItems();
SortList sortlist;
DNSFilterEngine dfe;
+ map<DNSName,DSRecordContent> dsAnchors;
};
extern GlobalStateHolder<LuaConfigItems> g_luaconfs;
vState validateRecords(const vector<DNSRecord>& recs)
{
- g_rootDS = "19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5";
cspmap_t cspmap=harvestCSPFromRecs(recs);
// cerr<<"Got "<<cspmap.size()<<" RRSETs: ";
int numsigs=0;
if(numsigs) {
for(const auto& csp : cspmap) {
for(const auto& sig : csp.second.signatures) {
- vState state = getKeysFor(sro, sig->d_signer, keys);
+ getKeysFor(sro, sig->d_signer, keys); // XXX check validity here
// cerr<<"! state = "<<vStates[state]<<", now have "<<keys.size()<<" keys"<<endl;
}
}
#include "validate.hh"
#include "misc.hh"
#include "dnssecinfra.hh"
+#include "rec-lua-conf.hh"
#include "base32.hh"
void dotEdge(DNSName zone, string type1, DNSName name1, string tag1, string type2, DNSName name2, string tag2, string color="");
state = Indeterminate;
- DNSName qname(".");
typedef std::multimap<uint16_t, DSRecordContent> dsmap_t;
dsmap_t dsmap;
keyset_t validkeys;
- state = Secure; // nice
+ DNSName qname(".");
+ state = Secure; // the root is secure
+ auto luaLocal = g_luaconfs.getLocal();
while(zone.isPartOf(qname))
{
- if(qname.isRoot())
+ if(auto ds = rplookup(luaLocal->dsAnchors, qname))
{
- DSRecordContent rootanchor=dynamic_cast<DSRecordContent&> (*(DNSRecordContent::mastermake(QType::DS, 1, g_rootDS)));
- dsmap.clear();
- dsmap.insert(make_pair(rootanchor.d_tag, rootanchor));
+ dsmap.insert(make_pair(ds->d_tag, *ds));
}
vector<RRSIGRecordContent> sigs;
cspmap_t harvestCSPFromRecs(const vector<DNSRecord>& recs);
vState getKeysFor(DNSRecordOracle& dro, const DNSName& zone, std::set<DNSKEYRecordContent> &keyset);
-extern const char *g_rootDS;
projects / pdns / commitdiff