From: Bert Hubert Date: Fri, 14 Jan 2011 12:12:14 +0000 (+0000) Subject: fix up nsec3 hunt in BIND backend, problems spotted by Christoph Meerwald X-Git-Tag: auth-3.0~364 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a711454e62c1b300f57896dd0b0f755811719fed;p=pdns fix up nsec3 hunt in BIND backend, problems spotted by Christoph Meerwald git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1883 d19b8d6e-7fed-0310-83ef-9ca221ded41b --- diff --git a/pdns/backends/bind/bindbackend2.cc b/pdns/backends/bind/bindbackend2.cc index f673586d6..cff471cd9 100644 --- a/pdns/backends/bind/bindbackend2.cc +++ b/pdns/backends/bind/bindbackend2.cc @@ -842,8 +842,8 @@ bool Bind2Backend::getBeforeAndAfterNamesAbsolute(uint32_t id, const std::string NSEC3PARAMRecordContent ns3pr; string auth=state->id_zone_map[id].d_name; - dk.getNSEC3PARAM(auth, &ns3pr); - if(ns3pr.d_salt.empty()) { + + if(!dk.getNSEC3PARAM(auth, &ns3pr)) { cerr<<"in bind2backend::getBeforeAndAfterAbsolute: no nsec3 for "<::type records_by_hashindex_t; - records_by_hashindex_t& ttdindex=boost::multi_index::get(*bbd.d_records); + records_by_hashindex_t& hashindex=boost::multi_index::get(*bbd.d_records); -// BOOST_FOREACH(const Bind2DNSRecord& bdr, ttdindex) { +// BOOST_FOREACH(const Bind2DNSRecord& bdr, hashindex) { // cerr<<"Hash: "<nsec3hash; - unhashed = auth; + records_by_hashindex_t::const_iterator lowIter = hashindex.lower_bound(lqname); + records_by_hashindex_t::const_iterator highIter = hashindex.upper_bound(lqname); +// cerr<<"iter == hashindex.begin(): "<< (iter == hashindex.begin()) << ", "; + // cerr<<"iter == hashindex.end(): "<< (iter == hashindex.end()) << endl; + if(lowIter == hashindex.end()) { + cerr<<"This hash is beyond the highest hash, wrapping around"<nsec3hash; // highest hash + after = hashindex.begin()->nsec3hash; // lowest hash + unhashed = dotConcat(labelReverse(hashindex.rbegin()->qname), auth); } - else if(iter != ttdindex.end() && iter->nsec3hash == lqname) { - before = iter->nsec3hash; - unhashed = dotConcat(labelReverse(iter->qname), auth); - cerr<<"Had direct hit, setting unhashed: "<nsec3hash == lqname) { // exact match + before = lowIter->nsec3hash; + unhashed = dotConcat(labelReverse(lowIter->qname), auth); + cerr<<"Had direct hit, setting unhashed: "<nsec3hash; + else + after = hashindex.begin()->nsec3hash; } - else { - while(iter != ttdindex.begin() && !boost::prior(iter)->auth && boost::prior(iter)->qtype!=QType::NS) { - cerr<<"Going backwards.."<nsec3hash<<"', auth = "<auth<<"\n"; - before = boost::prior(iter)->nsec3hash; - unhashed = dotConcat(labelReverse(boost::prior(iter)->qname), auth); + else { + // iter will always be HIGER than lqname, but that's not what we need + // rest .. before pos_iter/after pos + // lqname + if(highIter != hashindex.end()) + after = highIter->nsec3hash; // that one is easy + else + after = hashindex.begin()->nsec3hash; + + if(lowIter != hashindex.begin()) { + --lowIter; + before = lowIter->nsec3hash; + unhashed = dotConcat(labelReverse(lowIter->qname), auth); } else { - before = ttdindex.rbegin()->nsec3hash; // try the last one then.. - unhashed = dotConcat(labelReverse(ttdindex.rbegin()->qname), auth); - cerr<<"PANIC! Wanted something before the first record, inserted last: "<nsec3hash; + unhashed = dotConcat(labelReverse(hashindex.rbegin()->qname), auth); } } - - cerr<<"Now upper bound"<auth && iter->qtype != QType::NS)) - iter++; - - if(iter == ttdindex.end()) { - cerr<<"\tFound the end, inserting beginning"<nsec3hash; - // unhashed = ttdindex.begin()->qname; - } else { - cerr<<"\tFound: '"<nsec3hash<<"'"<nsec3hash; - // unhashed = iter->qname; - } - + cerr<<"Before: '"<