From: Bert Hubert Date: Mon, 3 Jan 2011 20:59:25 +0000 (+0000) Subject: also include DNSKEY on a case-insensitive match. X-Git-Tag: auth-3.0~448 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7f5bf0baa3c8c81fa93d6932e364ad89cae19212;p=pdns also include DNSKEY on a case-insensitive match. Lowercase RRDATA properly for signing -> hopefully gets us 0x20 compliant git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1799 d19b8d6e-7fed-0310-83ef-9ca221ded41b --- diff --git a/pdns/backends/gsql/gsqlbackend.cc b/pdns/backends/gsql/gsqlbackend.cc index 5e5a7ef55..8bbd40710 100644 --- a/pdns/backends/gsql/gsqlbackend.cc +++ b/pdns/backends/gsql/gsqlbackend.cc @@ -320,7 +320,7 @@ int GSQLBackend::addDomainKey(const string& name, const KeyData& key) { char output[16384]; snprintf(output,sizeof(output)-1,d_AddDomainKeyQuery.c_str(), - key.flags, (int)key.active, sqlEscape(key.content).c_str(), sqlEscape(name).c_str()); + key.flags, (int)key.active, sqlEscape(key.content).c_str(), sqlEscape(toLower(name)).c_str()); try { d_db->doCommand(output); @@ -334,7 +334,7 @@ int GSQLBackend::addDomainKey(const string& name, const KeyData& key) bool GSQLBackend::activateDomainKey(const string& name, unsigned int id) { char output[1024]; - snprintf(output,sizeof(output)-1,d_ActivateDomainKeyQuery.c_str(), sqlEscape(name).c_str(), id); + snprintf(output,sizeof(output)-1,d_ActivateDomainKeyQuery.c_str(), sqlEscape(toLower(name)).c_str(), id); try { d_db->doCommand(output); @@ -348,7 +348,7 @@ bool GSQLBackend::activateDomainKey(const string& name, unsigned int id) bool GSQLBackend::deactivateDomainKey(const string& name, unsigned int id) { char output[1024]; - snprintf(output,sizeof(output)-1,d_DeactivateDomainKeyQuery.c_str(), sqlEscape(name).c_str(), id); + snprintf(output,sizeof(output)-1,d_DeactivateDomainKeyQuery.c_str(), sqlEscape(toLower(name)).c_str(), id); try { d_db->doCommand(output); @@ -362,7 +362,7 @@ bool GSQLBackend::deactivateDomainKey(const string& name, unsigned int id) bool GSQLBackend::removeDomainKey(const string& name, unsigned int id) { char output[1024]; - snprintf(output,sizeof(output)-1,d_RemoveDomainKeyQuery.c_str(), sqlEscape(name).c_str(), id); + snprintf(output,sizeof(output)-1,d_RemoveDomainKeyQuery.c_str(), sqlEscape(toLower(name)).c_str(), id); try { d_db->doCommand(output); @@ -378,7 +378,7 @@ bool GSQLBackend::removeDomainKey(const string& name, unsigned int id) bool GSQLBackend::getDomainKeys(const string& name, unsigned int kind, std::vector& keys) { char output[1024]; - snprintf(output,sizeof(output)-1,d_ListDomainKeysQuery.c_str(), sqlEscape(name).c_str()); + snprintf(output,sizeof(output)-1,d_ListDomainKeysQuery.c_str(), sqlEscape(toLower(name)).c_str()); try { d_db->doQuery(output); diff --git a/pdns/dnsparser.hh b/pdns/dnsparser.hh index c541a4aab..35f16977d 100644 --- a/pdns/dnsparser.hh +++ b/pdns/dnsparser.hh @@ -1,6 +1,6 @@ /* PowerDNS Versatile Database Driven Nameserver - Copyright (C) 2005 - 2010 PowerDNS.COM BV + Copyright (C) 2005 - 2011 PowerDNS.COM BV This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as @@ -150,7 +150,7 @@ public: virtual std::string getZoneRepresentation() const = 0; virtual ~DNSRecordContent() {} virtual void toPacket(DNSPacketWriter& pw)=0; - virtual string serialize(const string& qname, bool canonic=false) // it would rock if this were const, but it is too hard + virtual string serialize(const string& qname, bool canonic=false, bool lowerCase=false) // it would rock if this were const, but it is too hard { vector packet; string empty; @@ -158,6 +158,9 @@ public: if(canonic) pw.setCanonic(true); + if(lowerCase) + pw.setLowercase(true); + pw.startRecord(qname, d_qtype); this->toPacket(pw); pw.commit(); diff --git a/pdns/dnssecinfra.cc b/pdns/dnssecinfra.cc index 6b20626c5..33e0acf55 100644 --- a/pdns/dnssecinfra.cc +++ b/pdns/dnssecinfra.cc @@ -206,7 +206,7 @@ void makeRSAPublicKeyFromDNS(rsa_context* rc, const DNSKEYRecordContent& dkrc) bool sharedDNSSECCompare(const shared_ptr& a, const shared_ptr& b) { - return a->serialize("", true) < b->serialize("", true); + return a->serialize("", true, true) < b->serialize("", true, true); } string getSHA1HashForRRSET(const std::string& qname, const RRSIGRecordContent& rrc, vector >& signRecords) @@ -214,7 +214,7 @@ string getSHA1HashForRRSET(const std::string& qname, const RRSIGRecordContent& r sort(signRecords.begin(), signRecords.end(), sharedDNSSECCompare); string toHash; - toHash.append(const_cast(rrc).serialize("", true)); + toHash.append(const_cast(rrc).serialize("", true, true)); toHash.resize(toHash.size() - rrc.d_signature.length()); // chop off the end; // cerr<<"toHash start size: "<serialize("", true); // case issues hiding here.. + string rdata=add->serialize("", true, true); tmp=htons(rdata.length()); toHash.append((char*)&tmp, 2); toHash.append(rdata); @@ -243,7 +243,7 @@ DSRecordContent makeDSFromDNSKey(const std::string& qname, const DNSKEYRecordCon { string toHash; toHash.assign(toLower(simpleCompress(qname))); - toHash.append(const_cast(drc).serialize("", true)); + toHash.append(const_cast(drc).serialize("", true, true)); unsigned char hash[32]; if(digest==1) diff --git a/pdns/dnswriter.cc b/pdns/dnswriter.cc index f4e664ff7..644406b9c 100644 --- a/pdns/dnswriter.cc +++ b/pdns/dnswriter.cc @@ -6,7 +6,7 @@ #include DNSPacketWriter::DNSPacketWriter(vector& content, const string& qname, uint16_t qtype, uint16_t qclass, uint8_t opcode) - : d_pos(0), d_content(content), d_qname(qname), d_qtype(qtype), d_qclass(qclass), d_canonic(false) + : d_pos(0), d_content(content), d_qname(qname), d_qtype(qtype), d_qclass(qclass), d_canonic(false), d_lowerCase(false) { d_content.clear(); dnsheader dnsheader; @@ -197,8 +197,9 @@ bool labeltokUnescape(labelparts_t& parts, const string& label) } // this is the absolute hottest function in the pdns recursor -void DNSPacketWriter::xfrLabel(const string& label, bool compress) +void DNSPacketWriter::xfrLabel(const string& Label, bool compress) { + string label = d_lowerCase ? toLower(Label) : Label; labelparts_t parts; if(d_canonic) diff --git a/pdns/dnswriter.hh b/pdns/dnswriter.hh index f62cbcb84..8c8cbe0f2 100644 --- a/pdns/dnswriter.hh +++ b/pdns/dnswriter.hh @@ -100,6 +100,12 @@ public: d_canonic=val; } + void setLowercase(bool val) + { + d_lowerCase=val; + } + + private: vector & d_content; vector d_record; @@ -113,7 +119,7 @@ private: uint16_t d_sor; uint16_t d_rollbackmarker; // start of last complete packet, for rollback Place d_recordplace; - bool d_canonic; + bool d_canonic, d_lowerCase; }; typedef vector > labelparts_t; diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc index c250ca69c..92a4c0109 100644 --- a/pdns/packethandler.cc +++ b/pdns/packethandler.cc @@ -1027,7 +1027,7 @@ void PacketHandler::completeANYRecords(DNSPacket *p, DNSPacket*r, SOAData& sd, c cerr<<"Need to add all the RRSIGs too for '"<qdomain) { + if(pdns_iequals(sd.qname, p->qdomain)) { DNSSECKeeper::keyset_t zskset = d_dk.getKeys(p->qdomain); DNSResourceRecord rr; BOOST_FOREACH(DNSSECKeeper::keyset_t::value_type value, zskset) {