add support for unsalted nsec3 hashes ('1 0 1 -')

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1852 d19b8d6e-7fed-0310-83ef-9ca221ded41b

diff --git a/pdns/pdnssec.cc b/pdns/pdnssec.cc
index 8adb374acbe1a175241f7d44aa2e8f46daacc981..334135d2903b4a8b4577483c8733762f0c38522e 100644 (file)
--- a/pdns/pdnssec.cc
+++ b/pdns/pdnssec.cc
@@ -107,9 +107,9 @@ void rectifyZone(DNSSECKeeper& dk, const std::string& zone)
 
   NSEC3PARAMRecordContent ns3pr;
   bool narrow;
-  dk.getNSEC3PARAM(zone, &ns3pr, &narrow);
+  bool haveNSEC3=dk.getNSEC3PARAM(zone, &ns3pr, &narrow);
   string hashed;
-  if(ns3pr.d_salt.empty()) 
+  if(!haveNSEC3) 
     cerr<<"Adding NSEC ordering information"<<endl;
   else if(!narrow)
     cerr<<"Adding NSEC3 hashed ordering information for '"<<zone<<"'"<<endl;
@@ -127,7 +127,7 @@ void rectifyZone(DNSSECKeeper& dk, const std::string& zone)
       }
     }while(chopOff(shorter));
 
-    if(ns3pr.d_salt.empty()) // NSEC
+    if(!haveNSEC3) // NSEC
       sd.db->updateDNSSECOrderAndAuth(sd.domain_id, zone, qname, auth);
     else {
       if(!narrow) {
@@ -179,9 +179,9 @@ void showZone(DNSSECKeeper& dk, const std::string& zone)
 {
   NSEC3PARAMRecordContent ns3pr;
   bool narrow;
-  dk.getNSEC3PARAM(zone, &ns3pr, &narrow);
+  bool haveNSEC3=dk.getNSEC3PARAM(zone, &ns3pr, &narrow);
   
-  if(ns3pr.d_salt.empty()) 
+  if(!haveNSEC3) 
     cout<<"Zone has NSEC semantics"<<endl;
   else
     cout<<"Zone has " << (narrow ? "NARROW " : "") <<"hashed NSEC3 semantics, configuration: "<<ns3pr.getZoneRepresentation()<<endl;

diff --git a/pdns/rcpgenerator.cc b/pdns/rcpgenerator.cc
index 184fdf13565e4fdde131295958a9de0f39b61e06..294e861d1c461d0294ef08ccc8e5fa46b624bb3d 100644 (file)
--- a/pdns/rcpgenerator.cc
+++ b/pdns/rcpgenerator.cc
@@ -225,6 +225,11 @@ static inline uint8_t hextodec(uint8_t val)
 
 void HEXDecode(const char* begin, const char* end, string& val)
 {
+  if(end - begin == 1 && *begin=='-') {
+    val.clear();
+    return;
+  }
+    
   if((end - begin)%2)
     throw RecordTextException("Hexadecimal blob with odd number of characters");
 
@@ -458,6 +463,11 @@ void RecordTextWriter::xfrHexBlob(const string& val)
   if(!d_string.empty())
     d_string.append(1,' ');
 
+  if(val.empty()) {
+    d_string.append(1,'-');
+    return;
+  }
+
   string::size_type limit=val.size();
   char tmp[5];
   for(string::size_type n = 0; n < limit; ++n) {

diff --git a/pdns/slavecommunicator.cc b/pdns/slavecommunicator.cc
index b977dc3047b75a05055af61bc686ba1e260b6057..7d9d0e7658674d7f37cd22a7c9596397b2be7118 100644 (file)
--- a/pdns/slavecommunicator.cc
+++ b/pdns/slavecommunicator.cc
@@ -76,11 +76,12 @@ void CommunicatorClass::suck(const string &domain,const string &remote)
     bool narrow;
     DNSSECKeeper dk;
     bool dnssecZone = false;
+    bool haveNSEC3=false;
     if(dk.haveActiveKSKFor(domain)) {
       dnssecZone=true;
-      dk.getNSEC3PARAM(domain, &ns3pr, &narrow);
+      haveNSEC3=dk.getNSEC3PARAM(domain, &ns3pr, &narrow);
       string hashed;
-      if(ns3pr.d_salt.empty()) 
+      if(!haveNSEC3) 
         cerr<<"Adding NSEC ordering information"<<endl;
       else if(!narrow)
         cerr<<"Adding NSEC3 hashed ordering information for '"<<domain<<"'"<<endl;
@@ -133,7 +134,7 @@ void CommunicatorClass::suck(const string &domain,const string &remote)
           }
         }while(chopOff(shorter));
       
-        if(ns3pr.d_salt.empty()) // NSEC
+        if(!haveNSEC3) // NSEC
           di.backend->updateDNSSECOrderAndAuth(domain_id, domain, qname, auth);
         else {
           if(!narrow) {