Skip to content

Commit

Permalink
auth: createForward and createForward6 will use the zone_record as base
Browse files Browse the repository at this point in the history
Closes #7522
  • Loading branch information
BozhanL committed Dec 22, 2024
1 parent d165e0b commit 3a9f092
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 17 deletions.
2 changes: 1 addition & 1 deletion pdns/lua-auth4.hh
Original file line number Diff line number Diff line change
Expand Up @@ -45,5 +45,5 @@ private:
luacall_axfr_filter_t d_axfr_filter;
luacall_prequery_t d_prequery;
};
std::vector<shared_ptr<DNSRecordContent>> luaSynth(const std::string& code, const DNSName& qname,
std::vector<shared_ptr<DNSRecordContent>> luaSynth(const std::string& code, const DNSName& qname, const DNSRecord& zone_record,
const DNSName& zone, int zoneid, const DNSPacket& dnsp, uint16_t qtype, unique_ptr<AuthLua4>& LUA);
25 changes: 20 additions & 5 deletions pdns/lua-record.cc
Original file line number Diff line number Diff line change
Expand Up @@ -654,6 +654,7 @@ typedef struct AuthLuaRecordContext
{
ComboAddress bestwho;
DNSName qname;
DNSRecord zone_record;
DNSName zone;
int zoneid;
} lua_record_ctx_t;
Expand Down Expand Up @@ -915,8 +916,14 @@ static void setupLuaRecords(LuaContext& lua) // NOLINT(readability-function-cogn
return std::string("error");
});
lua.writeFunction("createForward", []() {
static string allZerosIP("0.0.0.0");
DNSName rel=s_lua_record_ctx->qname.makeRelative(s_lua_record_ctx->zone);
static string allZerosIP{"0.0.0.0"};
DNSName record_name{s_lua_record_ctx->zone_record.d_name};
if (record_name.isWildcard() == false) {
return allZerosIP;
}
record_name.chopOff();
DNSName rel{s_lua_record_ctx->qname.makeRelative(record_name)};

// parts is something like ["1", "2", "3", "4", "static"] or
// ["1", "2", "3", "4"] or ["ip40414243", "ip-addresses", ...]
auto parts = rel.getRawLabels();
Expand Down Expand Up @@ -972,7 +979,14 @@ static void setupLuaRecords(LuaContext& lua) // NOLINT(readability-function-cogn
});

lua.writeFunction("createForward6", []() {
DNSName rel=s_lua_record_ctx->qname.makeRelative(s_lua_record_ctx->zone);
static string allZerosIP{"::"};
DNSName record_name{s_lua_record_ctx->zone_record.d_name};
if (record_name.isWildcard() == false) {
return allZerosIP;
}
record_name.chopOff();
DNSName rel{s_lua_record_ctx->qname.makeRelative(record_name)};

auto parts = rel.getRawLabels();
if(parts.size()==8) {
string tot;
Expand Down Expand Up @@ -1008,7 +1022,7 @@ static void setupLuaRecords(LuaContext& lua) // NOLINT(readability-function-cogn
}
}

return std::string("::");
return allZerosIP;
});
lua.writeFunction("createReverse6", [](string format, boost::optional<std::unordered_map<string,string>> e){
vector<ComboAddress> candidates;
Expand Down Expand Up @@ -1395,7 +1409,7 @@ static void setupLuaRecords(LuaContext& lua) // NOLINT(readability-function-cogn
});
}

std::vector<shared_ptr<DNSRecordContent>> luaSynth(const std::string& code, const DNSName& query, const DNSName& zone, int zoneid, const DNSPacket& dnsp, uint16_t qtype, unique_ptr<AuthLua4>& LUA)
std::vector<shared_ptr<DNSRecordContent>> luaSynth(const std::string& code, const DNSName& query, const DNSRecord& zone_record, const DNSName& zone, int zoneid, const DNSPacket& dnsp, uint16_t qtype, unique_ptr<AuthLua4>& LUA)
{
if(!LUA || // we don't have a Lua state yet
!g_LuaRecordSharedState) { // or we want a new one even if we had one
Expand All @@ -1409,6 +1423,7 @@ std::vector<shared_ptr<DNSRecordContent>> luaSynth(const std::string& code, cons

s_lua_record_ctx = std::make_unique<lua_record_ctx_t>();
s_lua_record_ctx->qname = query;
s_lua_record_ctx->zone_record = zone_record;
s_lua_record_ctx->zone = zone;
s_lua_record_ctx->zoneid = zoneid;

Expand Down
4 changes: 2 additions & 2 deletions pdns/packethandler.cc
Original file line number Diff line number Diff line change
Expand Up @@ -427,7 +427,7 @@ bool PacketHandler::getBestWildcard(DNSPacket& p, const DNSName &target, DNSName
// noCache=true;
DLOG(g_log<<"Executing Lua: '"<<rec->getCode()<<"'"<<endl);
try {
auto recvec=luaSynth(rec->getCode(), target, d_sd.qname, d_sd.domain_id, p, rec->d_type, s_LUA);
auto recvec=luaSynth(rec->getCode(), target, rr.dr, d_sd.qname, d_sd.domain_id, p, rec->d_type, s_LUA);
for (const auto& r : recvec) {
rr.dr.d_type = rec->d_type; // might be CNAME
rr.dr.setContent(r);
Expand Down Expand Up @@ -1622,7 +1622,7 @@ std::unique_ptr<DNSPacket> PacketHandler::doQuestion(DNSPacket& p)
if(rec->d_type == QType::CNAME || rec->d_type == p.qtype.getCode() || (p.qtype.getCode() == QType::ANY && rec->d_type != QType::RRSIG)) {
noCache=true;
try {
auto recvec=luaSynth(rec->getCode(), target, d_sd.qname, d_sd.domain_id, p, rec->d_type, s_LUA);
auto recvec=luaSynth(rec->getCode(), target, rr.dr, d_sd.qname, d_sd.domain_id, p, rec->d_type, s_LUA);
if(!recvec.empty()) {
for (const auto& r_it : recvec) {
rr.dr.d_type = rec->d_type; // might be CNAME
Expand Down
12 changes: 3 additions & 9 deletions regression-tests.auth-py/test_LuaRecords.py
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,7 @@ class TestLuaRecords(AuthTest):
filterforwardempty IN LUA A "filterForward('192.0.2.1', newNMG{{'192.1.2.0/24'}}, '')"
*.createforward IN LUA A "filterForward(createForward(), newNMG{{'1.0.0.0/8', '64.0.0.0/8'}})"
*.createforward6 IN LUA AAAA "filterForward(createForward6(), newNMG{{'2000::/3'}}, 'fe80::1')"
*.createreverse IN LUA PTR "createReverse('%5%.example.com', {{['10.10.10.10'] = 'quad10.example.com.'}})"
*.createreverse6 IN LUA PTR "createReverse6('%33%.example.com', {{['2001:db8::1'] = 'example.example.com.'}})"
Expand All @@ -160,14 +161,7 @@ class TestLuaRecords(AuthTest):
dblookup IN LUA A "dblookup('lookmeup.example.org', pdns.A)[1]"
whitespace IN LUA TXT "'foo" "bar'"
""",
'createforward6.example.org': """
createforward6.example.org. 3600 IN SOA {soa}
createforward6.example.org. 3600 IN NS ns1.example.org.
createforward6.example.org. 3600 IN NS ns2.example.org.
* IN LUA AAAA "filterForward(createForward6(), newNMG{{'2000::/3'}}, 'fe80::1')"
"""
# the separate createforward6 zone is because some of the code in lua-record.cc insists on working relatively to the zone apex
"""
}
_web_rrsets = []

Expand Down Expand Up @@ -1004,7 +998,7 @@ def testCreateForwardAndReverse(self):
"invalid": "0.0.0.0",
"1-2-3-4": "1.2.3.4",
"1-2-3-4.foo": "1.2.3.4",
"1-2-3-4.foo.bar": "0.0.0.0",
"1-2-3-4.foo.bar": "1.2.3.4",
"1-2-3-4.foo.bar.baz": "0.0.0.0",
"1-2-3-4.foo.bar.baz.quux": "0.0.0.0",
"ip-1-2-3-4": "1.2.3.4",
Expand Down

0 comments on commit 3a9f092

Please sign in to comment.