From 21a3792f1f75892d51b6c2aba9b145a38e48e6e2 Mon Sep 17 00:00:00 2001
From: Kees Monshouwer <mind04@monshouwer.org>
Date: Tue, 30 Jun 2015 08:08:03 +0200
Subject: [PATCH] fixes after merge with master

---
 modules/remotebackend/remotebackend.cc |  2 +-
 pdns/dnsname.cc                        |  2 +-
 pdns/dnsname.hh                        |  9 -------
 pdns/dnssecinfra.cc                    |  4 +--
 pdns/gss_context.cc                    | 16 ++++++------
 pdns/gss_context.hh                    |  4 +--
 pdns/misc.cc                           | 34 ++++++++++++--------------
 pdns/misc.hh                           |  4 +--
 pdns/packethandler.cc                  |  4 +--
 pdns/pdnssec.cc                        | 12 ++++-----
 pdns/resolver.cc                       |  4 +--
 pdns/signingpipe.cc                    |  2 +-
 pdns/signingpipe.hh                    |  2 +-
 pdns/tcpreceiver.cc                    |  2 +-
 pdns/tkey.cc                           | 14 +++++------
 15 files changed, 51 insertions(+), 64 deletions(-)

diff --git a/modules/remotebackend/remotebackend.cc b/modules/remotebackend/remotebackend.cc
index 1405d71e8..d16aa1fb3 100644
--- a/modules/remotebackend/remotebackend.cc
+++ b/modules/remotebackend/remotebackend.cc
@@ -732,7 +732,7 @@ bool RemoteBackend::createSlaveDomain(const string &ip, const DNSName& domain, c
    JSON_ADD_MEMBER(query, "method", "createSlaveDomain", query.GetAllocator());
    parameters.SetObject();
    JSON_ADD_MEMBER(parameters, "ip", ip.c_str(), query.GetAllocator());
-   JSON_ADD_MEMBER_DNSNAME(parameters, "domain", domain. query.GetAllocator());
+   JSON_ADD_MEMBER_DNSNAME(parameters, "domain", domain, query.GetAllocator());
    JSON_ADD_MEMBER(parameters, "nameserver", nameserver.c_str(), query.GetAllocator());
    JSON_ADD_MEMBER(parameters, "account", account.c_str(), query.GetAllocator());
    query.AddMember("parameters", parameters, query.GetAllocator());
diff --git a/pdns/dnsname.cc b/pdns/dnsname.cc
index 530a209a1..f6191149f 100644
--- a/pdns/dnsname.cc
+++ b/pdns/dnsname.cc
@@ -194,7 +194,7 @@ bool DNSName::canonCompare(const DNSName& rhs) const
   return std::lexicographical_compare(ours.rbegin(), ours.rend(), rhsLabels.rbegin(), rhsLabels.rend(), CIStringCompare());
 }
 
-bool DNSName::chopOff() 
+bool DNSName::chopOff()
 {
   if(d_storage.empty())
     return false;
diff --git a/pdns/dnsname.hh b/pdns/dnsname.hh
index a3f3d3296..b44e4780f 100644
--- a/pdns/dnsname.hh
+++ b/pdns/dnsname.hh
@@ -70,8 +70,6 @@ public:
 					}); // note that this is case insensitive, including on the label lengths
   }
 
-  bool canonCompare(const DNSName& rhs) const;
-  
   template<class Archive>
   void serialize(Archive &ar, const unsigned int version)
   {
@@ -93,13 +91,6 @@ private:
   static std::string unescapeLabel(const std::string& orig);
 };
 
-struct CanonDNSNameCompare: public std::binary_function<DNSName, DNSName, bool>
-{
-  bool operator()(const DNSName&a, const DNSName& b) const
-  {
-    return a.canonCompare(b);
-  }
-};
 size_t hash_value(DNSName const& d);
 
 struct CanonDNSNameCompare: public std::binary_function<DNSName, DNSName, bool>
diff --git a/pdns/dnssecinfra.cc b/pdns/dnssecinfra.cc
index 7b9d1e6db..728c41779 100644
--- a/pdns/dnssecinfra.cc
+++ b/pdns/dnssecinfra.cc
@@ -591,7 +591,7 @@ void addTSIG(DNSPacketWriter& pw, TSIGRecordContent* trc, const DNSName& tsigkey
 {
   TSIGHashEnum algo;
   if (!getTSIGHashEnum(trc->d_algoName, algo)) {
-    throw PDNSException(string("Unsupported TSIG HMAC algorithm ") + trc->d_algoName);
+    throw PDNSException(string("Unsupported TSIG HMAC algorithm ") + trc->d_algoName.toString());
   }
 
   string toSign;
@@ -627,7 +627,7 @@ void addTSIG(DNSPacketWriter& pw, TSIGRecordContent* trc, const DNSName& tsigkey
 
   if (algo == TSIG_GSS) {
     if (!gss_add_signature(tsigkeyname, toSign, trc->d_mac)) {
-      throw PDNSException(string("Could not add TSIG signature with algorithm 'gss-tsig' and key name '")+tsigkeyname+string("'"));
+      throw PDNSException(string("Could not add TSIG signature with algorithm 'gss-tsig' and key name '")+tsigkeyname.toString()+string("'"));
     }
   } else {
     trc->d_mac = calculateHMAC(tsigsecret, toSign, algo);
diff --git a/pdns/gss_context.cc b/pdns/gss_context.cc
index 5b8f3066f..a92820a00 100644
--- a/pdns/gss_context.cc
+++ b/pdns/gss_context.cc
@@ -432,11 +432,11 @@ void GssContext::processError(const std::string& method, OM_uint32 maj, OM_uint3
 
 #endif
 
-bool gss_add_signature(const std::string& context, const std::string& message, std::string& mac) {
+bool gss_add_signature(const DNSName& context, const std::string& message, std::string& mac) {
   string tmp_mac;
-  GssContext gssctx(context);
+  GssContext gssctx(context.toStringNoDot());
   if (!gssctx.valid()) {
-    L<<Logger::Error<<"GSS context '"<<context<<"' is not valid"<<endl;
+    L<<Logger::Error<<"GSS context '"<<context.toString()<<"' is not valid"<<endl;
     BOOST_FOREACH(const string& error, gssctx.getErrorStrings()) {
        L<<Logger::Error<<"GSS error: "<<error<<endl;;
     }
@@ -444,7 +444,7 @@ bool gss_add_signature(const std::string& context, const std::string& message, s
   }
 
   if (!gssctx.sign(message, tmp_mac)) {
-    L<<Logger::Error<<"Could not sign message using GSS context '"<<context<<"'"<<endl;
+    L<<Logger::Error<<"Could not sign message using GSS context '"<<context.toString()<<"'"<<endl;
     BOOST_FOREACH(const string& error, gssctx.getErrorStrings()) {
        L<<Logger::Error<<"GSS error: "<<error<<endl;;
     }
@@ -454,10 +454,10 @@ bool gss_add_signature(const std::string& context, const std::string& message, s
   return true;
 }
 
-bool gss_verify_signature(const std::string& context, const std::string& message, const std::string& mac) {
-  GssContext gssctx(context);
+bool gss_verify_signature(const DNSName& context, const std::string& message, const std::string& mac) {
+  GssContext gssctx(context.toStringNoDot());
   if (!gssctx.valid()) {
-    L<<Logger::Error<<"GSS context '"<<context<<"' is not valid"<<endl;
+    L<<Logger::Error<<"GSS context '"<<context.toString()<<"' is not valid"<<endl;
     BOOST_FOREACH(const string& error, gssctx.getErrorStrings()) {
        L<<Logger::Error<<"GSS error: "<<error<<endl;;
     }
@@ -465,7 +465,7 @@ bool gss_verify_signature(const std::string& context, const std::string& message
   }
 
   if (!gssctx.verify(message, mac)) {
-    L<<Logger::Error<<"Could not verify message using GSS context '"<<context<<"'"<<endl;
+    L<<Logger::Error<<"Could not verify message using GSS context '"<<context.toString()<<"'"<<endl;
     BOOST_FOREACH(const string& error, gssctx.getErrorStrings()) {
        L<<Logger::Error<<"GSS error: "<<error<<endl;;
     }
diff --git a/pdns/gss_context.hh b/pdns/gss_context.hh
index 1e48d258d..d9f519b6a 100644
--- a/pdns/gss_context.hh
+++ b/pdns/gss_context.hh
@@ -157,7 +157,7 @@ public:
   boost::shared_ptr<GssSecContext> d_ctx; //<! Attached security context
 };
 
-bool gss_add_signature(const std::string& context, const std::string& message, std::string& mac); //<! Create signature
-bool gss_verify_signature(const std::string& context, const std::string& message, const std::string& mac); //<! Validate signature
+bool gss_add_signature(const DNSName& context, const std::string& message, std::string& mac); //<! Create signature
+bool gss_verify_signature(const DNSName& context, const std::string& message, const std::string& mac); //<! Validate signature
 
 #endif
diff --git a/pdns/misc.cc b/pdns/misc.cc
index 5c7862d42..cd9cdecb9 100644
--- a/pdns/misc.cc
+++ b/pdns/misc.cc
@@ -1009,23 +1009,21 @@ uint64_t udpErrorStats(const std::string& str)
   return 0;
 }
 
-bool getTSIGHashEnum(const string &algoName, TSIGHashEnum& algoEnum)
+bool getTSIGHashEnum(const DNSName& algoName, TSIGHashEnum& algoEnum)
 {
-  string normalizedName = toLowerCanonic(algoName);
-
-  if (normalizedName == "hmac-md5.sig-alg.reg.int" || normalizedName == "hmac-md5")
+  if (algoName == "hmac-md5.sig-alg.reg.int." || algoName == "hmac-md5.") // FIXME
     algoEnum = TSIG_MD5;
-  else if (normalizedName == "hmac-sha1")
+  else if (algoName == "hmac-sha1.")
     algoEnum = TSIG_SHA1;
-  else if (normalizedName == "hmac-sha224")
+  else if (algoName == "hmac-sha224.")
     algoEnum = TSIG_SHA224;
-  else if (normalizedName == "hmac-sha256")
+  else if (algoName == "hmac-sha256.")
     algoEnum = TSIG_SHA256;
-  else if (normalizedName == "hmac-sha384")
+  else if (algoName == "hmac-sha384.")
     algoEnum = TSIG_SHA384;
-  else if (normalizedName == "hmac-sha512")
+  else if (algoName == "hmac-sha512.")
     algoEnum = TSIG_SHA512;
-  else if (normalizedName == "gss-tsig")
+  else if (algoName == "gss-tsig.")
     algoEnum = TSIG_GSS;
   else {
      return false;
@@ -1033,16 +1031,16 @@ bool getTSIGHashEnum(const string &algoName, TSIGHashEnum& algoEnum)
   return true;
 }
 
-string getTSIGAlgoName(TSIGHashEnum& algoEnum)
+DNSName getTSIGAlgoName(TSIGHashEnum& algoEnum)
 {
   switch(algoEnum) {
-  case TSIG_MD5: return "hmac-md5.sig-alg.reg.int";
-  case TSIG_SHA1: return "hmac-sha1";
-  case TSIG_SHA224: return "hmac-sha224";
-  case TSIG_SHA256: return "hmac-sha256";
-  case TSIG_SHA384: return "hmac-sha384";
-  case TSIG_SHA512: return "hmac-sha512";
-  case TSIG_GSS: return "gss-tsig";
+  case TSIG_MD5: return "hmac-md5.sig-alg.reg.int.";
+  case TSIG_SHA1: return "hmac-sha1.";
+  case TSIG_SHA224: return "hmac-sha224.";
+  case TSIG_SHA256: return "hmac-sha256.";
+  case TSIG_SHA384: return "hmac-sha384.";
+  case TSIG_SHA512: return "hmac-sha512.";
+  case TSIG_GSS: return "gss-tsig.";
   }
   throw PDNSException("getTSIGAlgoName does not understand given algorithm, please fix!");
 }
diff --git a/pdns/misc.hh b/pdns/misc.hh
index dace40257..03950241e 100644
--- a/pdns/misc.hh
+++ b/pdns/misc.hh
@@ -72,8 +72,8 @@ uint16_t getShort(const char *p);
 uint32_t getLong(const unsigned char *p);
 uint32_t getLong(const char *p);
 uint32_t pdns_strtoui(const char *nptr, char **endptr, int base);
-bool getTSIGHashEnum(const string &algoName, TSIGHashEnum& algoEnum);
-string getTSIGAlgoName(TSIGHashEnum& algoEnum);
+bool getTSIGHashEnum(const DNSName& algoName, TSIGHashEnum& algoEnum);
+DNSName getTSIGAlgoName(TSIGHashEnum& algoEnum);
 
 int logFacilityToLOG(unsigned int facility);
 
diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index 325cf68bf..61c120f46 100644
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -1061,9 +1061,9 @@ DNSPacket *PacketHandler::questionOrRecurse(DNSPacket *p, bool *shouldRecurse)
     } else {
       getTSIGHashEnum(trc.d_algoName, p->d_tsig_algo);
       if (p->d_tsig_algo == TSIG_GSS) {
-        GssContext gssctx(keyname);
+        GssContext gssctx(keyname.toStringNoDot());
         if (!gssctx.getPeerPrincipal(p->d_peer_principal)) {
-          L<<Logger::Warning<<"Failed to extract peer principal from GSS context with keyname '"<<keyname<<"'"<<endl;
+          L<<Logger::Warning<<"Failed to extract peer principal from GSS context with keyname '"<<keyname.toString()<<"'"<<endl;
         }
       }
     }
diff --git a/pdns/pdnssec.cc b/pdns/pdnssec.cc
index a19ce01a9..a7f774209 100644
--- a/pdns/pdnssec.cc
+++ b/pdns/pdnssec.cc
@@ -415,8 +415,8 @@ int checkZone(DNSSECKeeper &dk, UeberBackend &B, const DNSName& zone)
 
 
   // Check for delegation in parent zone
-  string parent(zone);
-  while(chopOff(parent)) {
+  DNSName parent(zone);
+  while(parent.chopOff()) {
     SOAData sd_p;
     if(B.getSOAUncached(parent, sd_p)) {
       bool ns=false;
@@ -425,7 +425,7 @@ int checkZone(DNSSECKeeper &dk, UeberBackend &B, const DNSName& zone)
       while(B.get(rr))
         ns |= (rr.qtype == QType::NS);
       if (!ns) {
-        cerr<<"[Error] No delegation for zone '"<<zone<<"' in parent '"<<parent<<"'"<<endl;
+        cerr<<"[Error] No delegation for zone '"<<zone.toString()<<"' in parent '"<<parent.toString()<<"'"<<endl;
         numerrors++;
       }
       break;
@@ -538,10 +538,10 @@ int checkZone(DNSSECKeeper &dk, UeberBackend &B, const DNSName& zone)
       } else if (rr.qtype.getCode() == QType::DNSKEY) {
         cout<<"[Warning] DNSKEY record not at apex '"<<rr.qname.toString()<<" IN "<<rr.qtype.getName()<<" "<<rr.content<<"' in zone '"<<zone.toString()<<"', should not be here."<<endl;
         numwarnings++;
-      } else if (rr.qtype.getCode() == QType::NS && endsOn(rr.content, rr.qname)) {
+      } else if (rr.qtype.getCode() == QType::NS && DNSName(rr.content).isPartOf(rr.qname)) {
         checkglue.insert(toLower(rr.content));
       } else if (rr.qtype.getCode() == QType::A || rr.qtype.getCode() == QType::AAAA) {
-        glue.insert(toLower(rr.qname));
+        glue.insert(toLower(rr.qname.toString()));
       }
     }
 
@@ -2287,7 +2287,7 @@ try
     for(const DomainInfo& di: domains) {
       size_t nr,nc,nm,nk;
       DNSResourceRecord rr;
-      cout<<"Processing '"<<di.zone<<"'"<<endl;
+      cout<<"Processing '"<<di.zone.toString()<<"'"<<endl;
       // create zone
       if (!tgt->createDomain(di.zone)) throw PDNSException("Failed to create zone");
       tgt->setKind(di.zone, di.kind);
diff --git a/pdns/resolver.cc b/pdns/resolver.cc
index 1e236df10..09275e3dd 100644
--- a/pdns/resolver.cc
+++ b/pdns/resolver.cc
@@ -504,9 +504,9 @@ int AXFRRetriever::getChunk(Resolver::res_t &res) // Implementation is making su
       }
 
       if (algo == TSIG_GSS) {
-        GssContext gssctx(d_tsigkeyname);
+        GssContext gssctx(d_tsigkeyname.toStringNoDot());
         if (!gss_verify_signature(d_tsigkeyname, message, theirMac)) {
-          throw ResolverException("Signature failed to validate on AXFR response from "+d_remote.toStringWithPort()+" signed with TSIG key '"+d_tsigkeyname+"'");
+          throw ResolverException("Signature failed to validate on AXFR response from "+d_remote.toStringWithPort()+" signed with TSIG key '"+d_tsigkeyname.toString()+"'");
         }
       } else {
         string ourMac=calculateHMAC(d_tsigsecret, message, algo);
diff --git a/pdns/signingpipe.cc b/pdns/signingpipe.cc
index c20e3a628..9030a4093 100644
--- a/pdns/signingpipe.cc
+++ b/pdns/signingpipe.cc
@@ -70,7 +70,7 @@ catch(...) {
   return 0;
 }
 
-ChunkedSigningPipe::ChunkedSigningPipe(const DNSName& signerName, bool mustSign, const pdns::string& servers, unsigned int workers) 
+ChunkedSigningPipe::ChunkedSigningPipe(const DNSName& signerName, bool mustSign, const string& servers, unsigned int workers) 
   : d_queued(0), d_outstanding(0), d_signer(signerName), d_maxchunkrecords(100), d_numworkers(workers), d_tids(d_numworkers),
     d_mustSign(mustSign), d_final(false), d_submitted(0)
 {
diff --git a/pdns/signingpipe.hh b/pdns/signingpipe.hh
index ce4cdc5f7..4c63aea72 100644
--- a/pdns/signingpipe.hh
+++ b/pdns/signingpipe.hh
@@ -19,7 +19,7 @@ public:
   typedef vector<DNSResourceRecord> rrset_t; 
   typedef rrset_t chunk_t; // for now
   
-  ChunkedSigningPipe(const DNSName& signerName, bool mustSign, /* FIXME servers is unused? */ const pdns::string& servers=pdns::string(), unsigned int numWorkers=3);
+  ChunkedSigningPipe(const DNSName& signerName, bool mustSign, /* FIXME servers is unused? */ const string& servers=string(), unsigned int numWorkers=3);
   ~ChunkedSigningPipe();
   bool submit(const DNSResourceRecord& rr);
   chunk_t getChunk(bool final=false);
diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc
index e74e19b68..c64f00fd8 100644
--- a/pdns/tcpreceiver.cc
+++ b/pdns/tcpreceiver.cc
@@ -424,7 +424,7 @@ bool TCPNameserver::canDoAXFR(shared_ptr<DNSPacket> q)
     } else {
       getTSIGHashEnum(trc.d_algoName, q->d_tsig_algo);
       if (q->d_tsig_algo == TSIG_GSS) {
-        GssContext gssctx(keyname);
+        GssContext gssctx(keyname.toStringNoDot());
         if (!gssctx.getPeerPrincipal(q->d_peer_principal)) {
           L<<Logger::Warning<<"Failed to extract peer principal from GSS context with keyname '"<<keyname<<"'"<<endl;
         }
diff --git a/pdns/tkey.cc b/pdns/tkey.cc
index f0d3c88b5..f4725850b 100644
--- a/pdns/tkey.cc
+++ b/pdns/tkey.cc
@@ -6,7 +6,7 @@
 void PacketHandler::tkeyHandler(DNSPacket *p, DNSPacket *r) {
   TKEYRecordContent tkey_in;
   std::shared_ptr<TKEYRecordContent> tkey_out(new TKEYRecordContent());
-  string label;
+  DNSName label;
   bool sign = false;
 
   if (!p->getTKEYRecord(&tkey_in, &label)) {
@@ -22,19 +22,17 @@ void PacketHandler::tkeyHandler(DNSPacket *p, DNSPacket *r) {
   tkey_out->d_inception = time((time_t*)NULL);
   tkey_out->d_expiration = tkey_out->d_inception+15;
 
-  GssContext ctx(label);
+  GssContext ctx(label.toStringNoDot());
 
   if (tkey_in.d_mode == 3) { // establish context
     if (tkey_in.d_algo == "gss-tsig.") {
       std::vector<std::string> meta;
-      string tmpLabel = toLowerCanonic(label);
-      bool ok = true;
-      while(ok) {
+      DNSName tmpLabel(label);
+      do {
         if (B.getDomainMetadata(tmpLabel, "GSS-ACCEPTOR-PRINCIPAL", meta) && meta.size()>0) {
           break;
         }
-        ok = chopOff(tmpLabel);
-      }
+      } while(tmpLabel.chopOff());
 
       if (meta.size()>0) {
         ctx.setLocalPrincipal(meta[0]);
@@ -97,7 +95,7 @@ void PacketHandler::tkeyHandler(DNSPacket *p, DNSPacket *r) {
     trc.d_eRcode = 0;
     trc.d_otherData = "";
     // this should cause it to lookup label context
-    r->setTSIGDetails(trc, label, label, "", false);
+    r->setTSIGDetails(trc, label, label.toStringNoDot(), "", false);
   }
 
   r->commitD();
-- 
2.40.0