Change DS config items to dsmap_t

Ensure that addTA() appends the DS.

diff --git a/docs/manpages/rec_control.1.md b/docs/manpages/rec_control.1.md
index 2fe834bef9a75ddfee5dee60271d265a4b297c8a..788c9a6236dc5696ddb722cce0016c5227bc4429 100644 (file)
--- a/docs/manpages/rec_control.1.md
+++ b/docs/manpages/rec_control.1.md
@@ -47,7 +47,8 @@ add-nta *DOMAIN* [*REASON*]
 :    Add a Negative Trust Anchor for *DOMAIN*, suffixed optionally with *REASON*.
 
 add-ta *DOMAIN* *DSRECORD*
-:    Add a Trust Anchor for *DOMAIN* with DS record data *DSRECORD*.
+:    Add a Trust Anchor for *DOMAIN* with DS record data *DSRECORD*. This adds the
+     new Trust Anchor to the existing set of Trust Anchors for *DOMAIN*.
 
 current-queries
 :    Shows the currently active queries.

diff --git a/pdns/rec-lua-conf.cc b/pdns/rec-lua-conf.cc
index e6c07b0e311919451b629c65cc408eae9d3eaf41..1fdef761f39bc82622327db342a1ee71afc635cc 100644 (file)
--- a/pdns/rec-lua-conf.cc
+++ b/pdns/rec-lua-conf.cc
@@ -14,6 +14,7 @@
 #include "rpzloader.hh"
 #include "base64.hh"
 #include "remote_logger.hh"
+#include "validate.hh"
 
 GlobalStateHolder<LuaConfigItems> g_luaconfs; 
 
@@ -32,9 +33,11 @@ GlobalStateHolder<LuaConfigItems> g_luaconfs;
 
 LuaConfigItems::LuaConfigItems()
 {
-  auto ds=std::unique_ptr<DSRecordContent>(dynamic_cast<DSRecordContent*>(DSRecordContent::make("19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5")));
+  auto ds=unique_ptr<DSRecordContent>(dynamic_cast<DSRecordContent*>(DSRecordContent::make("19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5")));
+  dsmap_t dsmap;
+  dsmap.insert({ds->d_tag, *ds});
   // this hurts physically
-  dsAnchors[DNSName(".")] = *ds;
+  dsAnchors[DNSName(".")] = dsmap;
 }
 
 /* DID YOU READ THE STORY ABOVE? */
@@ -219,8 +222,13 @@ void loadRecursorLuaConfig(const std::string& fname)
                    });
 
   Lua.writeFunction("addDS", [&lci](const std::string& who, const std::string& what) {
-      lci.dsAnchors[DNSName(who)]= *std::unique_ptr<DSRecordContent>(dynamic_cast<DSRecordContent*>(DSRecordContent::make(what)));
-    });
+      DNSName zone(who);
+      dsmap_t dsmap = lci.dsAnchors[zone];
+
+      auto ds = unique_ptr<DSRecordContent>(dynamic_cast<DSRecordContent*>(DSRecordContent::make(what)));
+      dsmap.insert({ds->d_tag, *ds});
+      lci.dsAnchors[zone] = dsmap;
+  });
 
   Lua.writeFunction("clearDS", [&lci](boost::optional<string> who) {
       if(who)

diff --git a/pdns/rec-lua-conf.hh b/pdns/rec-lua-conf.hh
index a4207cbaeb9ce81b2530c143f0efe2813f876ec6..3b3a083903958ed5b9aea00630cca47d1b95fd9f 100644 (file)
--- a/pdns/rec-lua-conf.hh
+++ b/pdns/rec-lua-conf.hh
@@ -3,6 +3,7 @@
 #include "sortlist.hh"
 #include "filterpo.hh"
 #include "remote_logger.hh"
+#include "validate.hh"
 
 class LuaConfigItems 
 {
@@ -10,7 +11,7 @@ public:
   LuaConfigItems();
   SortList sortlist;
   DNSFilterEngine dfe;
-  map<DNSName,DSRecordContent> dsAnchors;
+  map<DNSName,dsmap_t> dsAnchors;
   map<DNSName,std::string> negAnchors;
   std::shared_ptr<RemoteLogger> protobufServer{nullptr};
   uint8_t protobufMaskV4{32};

diff --git a/pdns/rec_channel_rec.cc b/pdns/rec_channel_rec.cc
index 336f431251972a71bd9b2ada78ff19ead1adbc0b..e5b2dee050f1e733f730bced8464c98bf2a1d30a 100644 (file)
--- a/pdns/rec_channel_rec.cc
+++ b/pdns/rec_channel_rec.cc
@@ -489,7 +489,10 @@ string doAddTA(T begin, T end)
   try {
     L<<Logger::Warning<<"Adding Trust Anchor for "<<who<<" with data '"<<what<<"', requested via control channel";
     g_luaconfs.modify([who, what](LuaConfigItems& lci) {
-      lci.dsAnchors[who] = *std::unique_ptr<DSRecordContent>(dynamic_cast<DSRecordContent*>(DSRecordContent::make(what)));
+      dsmap_t dsmap = lci.dsAnchors[who];
+      auto ds = unique_ptr<DSRecordContent>(dynamic_cast<DSRecordContent*>(DSRecordContent::make(what)));
+      dsmap.insert({ds->d_tag, *ds});
+      lci.dsAnchors[who] = dsmap;
       });
     broadcastAccFunction<uint64_t>(boost::bind(pleaseWipePacketCache, who, true));
     L<<Logger::Warning<<endl;
@@ -546,8 +549,13 @@ static string getTAs()
 {
   string ret("Configured Trust Anchors:\n");
   auto luaconf = g_luaconfs.getLocal();
-  for (auto anchor : luaconf->dsAnchors)
-    ret += anchor.first.toLogString() + "\t" + anchor.second.getZoneRepresentation() + "\n";
+  for (auto anchor : luaconf->dsAnchors) {
+    ret += anchor.first.toLogString() + "\n";
+    for (auto e : anchor.second) {
+      ret+="\t\t"+e.second.getZoneRepresentation() + "\n";
+    }
+  }
+
   return ret;
 }
 

diff --git a/pdns/toysdig.cc b/pdns/toysdig.cc
index 42f9002f29614d64d27f67ccc496f8e637cb279a..7f1bbbd4c7550115d108767822a49afc80c26ead 100644 (file)
--- a/pdns/toysdig.cc
+++ b/pdns/toysdig.cc
@@ -102,7 +102,9 @@ LuaConfigItems::LuaConfigItems()
 {
   auto ds=std::unique_ptr<DSRecordContent>(dynamic_cast<DSRecordContent*>(DSRecordContent::make("19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5")));
   // this hurts physically
-  dsAnchors[DNSName(".")] = *ds;
+  dsmap_t dsmap;
+  dsmap.insert({ds->d_tag, *ds});
+  dsAnchors[DNSName(".")] = dsmap;
 }
 
 DNSFilterEngine::DNSFilterEngine() {}

diff --git a/pdns/validate.cc b/pdns/validate.cc
index f3a94dc78781919d83815a51808fbb16e8f50e6f..e70070f85e18ecda8364dc09c615d5df24b716d5 100644 (file)
--- a/pdns/validate.cc
+++ b/pdns/validate.cc
@@ -204,7 +204,6 @@ vState getKeysFor(DNSRecordOracle& dro, const DNSName& zone, keyset_t &keyset)
 
   vector<string> labels = zone.getRawLabels();
 
-  typedef std::multimap<uint16_t, DSRecordContent> dsmap_t;
   dsmap_t dsmap;
   keyset_t validkeys;
 
@@ -213,18 +212,17 @@ vState getKeysFor(DNSRecordOracle& dro, const DNSName& zone, keyset_t &keyset)
 
   while(zone.isPartOf(qname))
   {
-    if(auto ds = rplookup(luaLocal->dsAnchors, qname))
-    {
-      dsmap.insert(make_pair(ds->d_tag, *ds));
-    }
-  
+    dsmap_t* tmp = (dsmap_t*) rplookup(luaLocal->dsAnchors, qname);
+    if (tmp)
+      dsmap = *tmp;
+
     vector<RRSIGRecordContent> sigs;
     vector<shared_ptr<DNSRecordContent> > toSign;
     vector<uint16_t> toSignTags;
 
     keyset_t tkeys; // tentative keys
     validkeys.clear();
-    
+
     // start of this iteration
     // we can trust that dsmap has valid DS records for qname
 

diff --git a/pdns/validate.hh b/pdns/validate.hh
index a0a7f3578247611d394109000eb40f04e596fa10..b5d220e21aa7cffa8d30c810c76992316a75b336 100644 (file)
--- a/pdns/validate.hh
+++ b/pdns/validate.hh
@@ -31,6 +31,7 @@ struct ContentSigPair
   // ponder adding a validate method that accepts a key
 };
 typedef map<pair<DNSName,uint16_t>, ContentSigPair> cspmap_t;
+typedef std::multimap<uint16_t, DSRecordContent> dsmap_t;
 void validateWithKeySet(const cspmap_t& rrsets, cspmap_t& validated, const std::set<DNSKEYRecordContent>& keys);
 cspmap_t harvestCSPFromRecs(const vector<DNSRecord>& recs);
 vState getKeysFor(DNSRecordOracle& dro, const DNSName& zone, std::set<DNSKEYRecordContent> &keyset);