12188764554

Committed 05 Dec 2024 10:51AM UTC coverage: 60.687% (-4.0%) from 64.734%

Build # 12188764554

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #14934 from omoerbeek/gh-action-build-name

GH workflow for building packages: change name so target isn't chopped off

Run Details

51057 of 133822 branches covered (38.15%)

Branch coverage included in aggregate %.

140928 of 182532 relevant lines covered (77.21%)

4935591.9 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

25.0

/modules/bindbackend/binddnssec.cc

/*
 * This file is part of PowerDNS or dnsdist.
 * Copyright -- PowerDNS.COM B.V. and its contributors
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of version 2 of the GNU General Public License as
 * published by the Free Software Foundation.
 *
 * In addition, for the avoidance of any doubt, permission is granted to
 * link this program with OpenSSL and to (re)distribute the binaries
 * produced as the result of such linking.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include "bindbackend2.hh"
#include "pdns/arguments.hh"
#include "pdns/dnsrecords.hh"

#ifndef HAVE_SQLITE3

void Bind2Backend::setupDNSSEC()
{
  if (!getArg("dnssec-db").empty()) {
    throw runtime_error("bind-dnssec-db requires building PowerDNS with SQLite3");
  }
}

bool Bind2Backend::doesDNSSEC()
{
  return d_hybrid;
}

bool Bind2Backend::getNSEC3PARAM(const DNSName& /* name */, NSEC3PARAMRecordContent* /* ns3p */)
{
  return false;
}

bool Bind2Backend::getNSEC3PARAMuncached(const DNSName& /* name */, NSEC3PARAMRecordContent* /* ns3p */)
{
  return false;
}

bool Bind2Backend::getAllDomainMetadata(const DNSName& /* name */, std::map<std::string, std::vector<std::string>>& /* meta */)
{
  return false;
}

bool Bind2Backend::getDomainMetadata(const DNSName& /* name */, const std::string& /* kind */, std::vector<std::string>& /* meta */)
{
  return false;
}

bool Bind2Backend::setDomainMetadata(const DNSName& /* name */, const std::string& /* kind */, const std::vector<std::string>& /* meta */)
{
  return false;
}

bool Bind2Backend::getDomainKeys(const DNSName& /* name */, std::vector<KeyData>& /* keys */)
{
  return false;
}

bool Bind2Backend::removeDomainKey(const DNSName& /* name */, unsigned int /* id */)
{
  return false;
}

bool Bind2Backend::addDomainKey(const DNSName& /* name */, const KeyData& /* key */, int64_t& /* id */)
{
  return false;
}

bool Bind2Backend::activateDomainKey(const DNSName& /* name */, unsigned int /* id */)
{
  return false;
}

bool Bind2Backend::deactivateDomainKey(const DNSName& /* name */, unsigned int /* id */)
{
  return false;
}

bool Bind2Backend::publishDomainKey(const DNSName& /* name */, unsigned int /* id */)
{
  return false;
}

bool Bind2Backend::unpublishDomainKey(const DNSName& /* name */, unsigned int /* id */)
{
  return false;
}

bool Bind2Backend::getTSIGKey(const DNSName& /* name */, DNSName& /* algorithm */, string& /* content */)
{
  return false;
}

bool Bind2Backend::setTSIGKey(const DNSName& /* name */, const DNSName& /* algorithm */, const string& /* content */)
{
  return false;
}

bool Bind2Backend::deleteTSIGKey(const DNSName& /* name */)
{
  return false;
}

bool Bind2Backend::getTSIGKeys(std::vector<struct TSIGKey>& /* keys */)
{
  return false;
}

void Bind2Backend::setupStatements()
{
}

void Bind2Backend::freeStatements()
{
}

#else

#include "pdns/logger.hh"
#include "pdns/ssqlite3.hh"

#define ASSERT_ROW_COLUMNS(query, row, num)                                                                                                \
  {                                                                                                                                        \
    if (row.size() != num) {                                                                                                               \
      throw PDNSException(std::string(query) + " returned wrong number of columns, expected " #num ", got " + std::to_string(row.size())); \
    }                                                                                                                                      \
  }

void Bind2Backend::setupDNSSEC()
{
  if (getArg("dnssec-db").empty() || d_hybrid)
    return;
  try {
    d_dnssecdb = std::make_shared<SSQLite3>(getArg("dnssec-db"), getArg("dnssec-db-journal-mode"));
    setupStatements();
  }
  catch (SSqlException& se) {
    // this error is meant to kill the server dead - it makes no sense to continue..
    throw runtime_error("Error opening DNSSEC database in BIND backend: " + se.txtReason());
  }

  d_dnssecdb->setLog(::arg().mustDo("query-logging"));
}

void Bind2Backend::setupStatements()
{
  d_getAllDomainMetadataQuery_stmt = d_dnssecdb->prepare("select kind, content from domainmetadata where domain=:domain", 1);
  d_getDomainMetadataQuery_stmt = d_dnssecdb->prepare("select content from domainmetadata where domain=:domain and kind=:kind", 2);
  d_deleteDomainMetadataQuery_stmt = d_dnssecdb->prepare("delete from domainmetadata where domain=:domain and kind=:kind", 2);
  d_insertDomainMetadataQuery_stmt = d_dnssecdb->prepare("insert into domainmetadata (domain, kind, content) values (:domain,:kind,:content)", 3);
  d_getDomainKeysQuery_stmt = d_dnssecdb->prepare("select id,flags, active, published, content from cryptokeys where domain=:domain", 1);
  d_deleteDomainKeyQuery_stmt = d_dnssecdb->prepare("delete from cryptokeys where domain=:domain and id=:key_id", 2);
  d_insertDomainKeyQuery_stmt = d_dnssecdb->prepare("insert into cryptokeys (domain, flags, active, published, content) values (:domain, :flags, :active, :published, :content)", 5);
  d_GetLastInsertedKeyIdQuery_stmt = d_dnssecdb->prepare("select last_insert_rowid()", 0);
  d_activateDomainKeyQuery_stmt = d_dnssecdb->prepare("update cryptokeys set active=1 where domain=:domain and id=:key_id", 2);
  d_deactivateDomainKeyQuery_stmt = d_dnssecdb->prepare("update cryptokeys set active=0 where domain=:domain and id=:key_id", 2);
  d_publishDomainKeyQuery_stmt = d_dnssecdb->prepare("update cryptokeys set published=1 where domain=:domain and id=:key_id", 2);
  d_unpublishDomainKeyQuery_stmt = d_dnssecdb->prepare("update cryptokeys set published=0 where domain=:domain and id=:key_id", 2);
  d_getTSIGKeyQuery_stmt = d_dnssecdb->prepare("select algorithm, secret from tsigkeys where name=:key_name", 1);
  d_setTSIGKeyQuery_stmt = d_dnssecdb->prepare("replace into tsigkeys (name,algorithm,secret) values(:key_name, :algorithm, :content)", 3);
  d_deleteTSIGKeyQuery_stmt = d_dnssecdb->prepare("delete from tsigkeys where name=:key_name", 1);
  d_getTSIGKeysQuery_stmt = d_dnssecdb->prepare("select name,algorithm,secret from tsigkeys", 0);
}

void Bind2Backend::freeStatements()
{
  d_getAllDomainMetadataQuery_stmt.reset();
  d_getDomainMetadataQuery_stmt.reset();
  d_deleteDomainMetadataQuery_stmt.reset();
  d_insertDomainMetadataQuery_stmt.reset();
  d_getDomainKeysQuery_stmt.reset();
  d_deleteDomainKeyQuery_stmt.reset();
  d_insertDomainKeyQuery_stmt.reset();
  d_GetLastInsertedKeyIdQuery_stmt.reset();
  d_activateDomainKeyQuery_stmt.reset();
  d_deactivateDomainKeyQuery_stmt.reset();
  d_publishDomainKeyQuery_stmt.reset();
  d_unpublishDomainKeyQuery_stmt.reset();
  d_getTSIGKeyQuery_stmt.reset();
  d_setTSIGKeyQuery_stmt.reset();
  d_deleteTSIGKeyQuery_stmt.reset();
  d_getTSIGKeysQuery_stmt.reset();
}

bool Bind2Backend::doesDNSSEC()
{
  return d_dnssecdb || d_hybrid;
}

bool Bind2Backend::getNSEC3PARAM(const DNSName& name, NSEC3PARAMRecordContent* ns3p)
{
  BB2DomainInfo bbd;
  if (!safeGetBBDomainInfo(name, &bbd))
    return false;

  if (ns3p != nullptr) {
    *ns3p = bbd.d_nsec3param;
  }

  return bbd.d_nsec3zone;
}

bool Bind2Backend::getNSEC3PARAMuncached(const DNSName& name, NSEC3PARAMRecordContent* ns3p)
{
  if (!d_dnssecdb || d_hybrid)
    return false;

  string value;
  vector<string> meta;
  getDomainMetadata(name, "NSEC3PARAM", meta);
  if (!meta.empty())
    value = *meta.begin();
  else
    return false; // No NSEC3 zone

  static int maxNSEC3Iterations = ::arg().asNum("max-nsec3-iterations");
  if (ns3p) {
    auto tmp = std::dynamic_pointer_cast<NSEC3PARAMRecordContent>(DNSRecordContent::make(QType::NSEC3PARAM, 1, value));
    *ns3p = *tmp;

    if (ns3p->d_iterations > maxNSEC3Iterations) {
      ns3p->d_iterations = maxNSEC3Iterations;
      g_log << Logger::Error << "Number of NSEC3 iterations for zone '" << name << "' is above 'max-nsec3-iterations'. Value adjusted to: " << maxNSEC3Iterations << endl;
    }

    if (ns3p->d_algorithm != 1) {
      g_log << Logger::Error << "Invalid hash algorithm for NSEC3: '" << std::to_string(ns3p->d_algorithm) << "', setting to 1 for zone '" << name << "'." << endl;
      ns3p->d_algorithm = 1;
    }
  }

  return true;
}

bool Bind2Backend::getAllDomainMetadata(const DNSName& name, std::map<std::string, std::vector<std::string>>& meta)
{
  if (!d_dnssecdb || d_hybrid)
    return false;

  try {
    d_getAllDomainMetadataQuery_stmt->bind("domain", name)->execute();

    SSqlStatement::row_t row;
    while (d_getAllDomainMetadataQuery_stmt->hasNextRow()) {
      d_getAllDomainMetadataQuery_stmt->nextRow(row);
      meta[row[0]].push_back(row[1]);
    }

    d_getAllDomainMetadataQuery_stmt->reset();
  }
  catch (SSqlException& se) {
    throw PDNSException("Error accessing DNSSEC database in BIND backend, getAllDomainMetadata(): " + se.txtReason());
  }
  return true;
}

bool Bind2Backend::getDomainMetadata(const DNSName& name, const std::string& kind, std::vector<std::string>& meta)
{
  if (!d_dnssecdb || d_hybrid)
    return false;

  try {
    d_getDomainMetadataQuery_stmt->bind("domain", name)->bind("kind", kind)->execute();

    SSqlStatement::row_t row;
    while (d_getDomainMetadataQuery_stmt->hasNextRow()) {
      d_getDomainMetadataQuery_stmt->nextRow(row);
      meta.push_back(row[0]);
    }

    d_getDomainMetadataQuery_stmt->reset();
  }
  catch (SSqlException& se) {
    throw PDNSException("Error accessing DNSSEC database in BIND backend, getDomainMetadata(): " + se.txtReason());
  }
  return true;
}

bool Bind2Backend::setDomainMetadata(const DNSName& name, const std::string& kind, const std::vector<std::string>& meta)
{
  if (!d_dnssecdb || d_hybrid)
    return false;

  try {
    d_deleteDomainMetadataQuery_stmt->bind("domain", name)->bind("kind", kind)->execute()->reset();
    if (!meta.empty()) {
      for (const auto& value : meta) {
        d_insertDomainMetadataQuery_stmt->bind("domain", name)->bind("kind", kind)->bind("content", value)->execute()->reset();
      }
    }
  }
  catch (SSqlException& se) {
    throw PDNSException("Error accessing DNSSEC database in BIND backend, setDomainMetadata(): " + se.txtReason());
  }
  return true;
}

bool Bind2Backend::getDomainKeys(const DNSName& name, std::vector<KeyData>& keys)
{
  if (!d_dnssecdb || d_hybrid)
    return false;

  try {
    d_getDomainKeysQuery_stmt->bind("domain", name)->execute();

    KeyData kd;
    SSqlStatement::row_t row;
    while (d_getDomainKeysQuery_stmt->hasNextRow()) {
      d_getDomainKeysQuery_stmt->nextRow(row);
      pdns::checked_stoi_into(kd.id, row[0]);
      pdns::checked_stoi_into(kd.flags, row[1]);
      kd.active = (row[2] == "1");
      kd.published = (row[3] == "1");
      kd.content = row[4];
      keys.push_back(kd);
    }

    d_getDomainKeysQuery_stmt->reset();
  }
  catch (SSqlException& se) {
    throw PDNSException("Error accessing DNSSEC database in BIND backend, getDomainKeys(): " + se.txtReason());
  }
  return true;
}

bool Bind2Backend::removeDomainKey(const DNSName& name, unsigned int id)
{
  if (!d_dnssecdb || d_hybrid)
    return false;

  try {
    d_deleteDomainKeyQuery_stmt->bind("domain", name)->bind("key_id", id)->execute()->reset();
  }
  catch (SSqlException& se) {
    throw PDNSException("Error accessing DNSSEC database in BIND backend, removeDomainKeys(): " + se.txtReason());
  }
  return true;
}

bool Bind2Backend::addDomainKey(const DNSName& name, const KeyData& key, int64_t& id)
{
  if (!d_dnssecdb || d_hybrid)
    return false;

  try {
    d_insertDomainKeyQuery_stmt->bind("domain", name)->bind("flags", key.flags)->bind("active", key.active)->bind("published", key.published)->bind("content", key.content)->execute()->reset();
  }
  catch (SSqlException& se) {
    throw PDNSException("Error accessing DNSSEC database in BIND backend, addDomainKey(): " + se.txtReason());
  }

  try {
    d_GetLastInsertedKeyIdQuery_stmt->execute();
    if (!d_GetLastInsertedKeyIdQuery_stmt->hasNextRow()) {
      id = -2;
      return true;
    }
    SSqlStatement::row_t row;
    d_GetLastInsertedKeyIdQuery_stmt->nextRow(row);
    ASSERT_ROW_COLUMNS("get-last-inserted-key-id-query", row, 1);
    id = std::stoi(row[0]);
    d_GetLastInsertedKeyIdQuery_stmt->reset();
    return true;
  }
  catch (SSqlException& e) {
    id = -2;
    return true;
  }
}

bool Bind2Backend::activateDomainKey(const DNSName& name, unsigned int id)
{
  if (!d_dnssecdb || d_hybrid)
    return false;

  try {
    d_activateDomainKeyQuery_stmt->bind("domain", name)->bind("key_id", id)->execute()->reset();
  }
  catch (SSqlException& se) {
    throw PDNSException("Error accessing DNSSEC database in BIND backend, activateDomainKey(): " + se.txtReason());
  }
  return true;
}

bool Bind2Backend::deactivateDomainKey(const DNSName& name, unsigned int id)
{
  if (!d_dnssecdb || d_hybrid)
    return false;

  try {
    d_deactivateDomainKeyQuery_stmt->bind("domain", name)->bind("key_id", id)->execute()->reset();
  }
  catch (SSqlException& se) {
    throw PDNSException("Error accessing DNSSEC database in BIND backend, deactivateDomainKey(): " + se.txtReason());
  }
  return true;
}

bool Bind2Backend::publishDomainKey(const DNSName& name, unsigned int id)
{
  if (!d_dnssecdb || d_hybrid)
    return false;

  try {
    d_publishDomainKeyQuery_stmt->bind("domain", name)->bind("key_id", id)->execute()->reset();
  }
  catch (SSqlException& se) {
    throw PDNSException("Error accessing DNSSEC database in BIND backend, publishDomainKey(): " + se.txtReason());
  }
  return true;
}

bool Bind2Backend::unpublishDomainKey(const DNSName& name, unsigned int id)
{
  if (!d_dnssecdb || d_hybrid)
    return false;

  try {
    d_unpublishDomainKeyQuery_stmt->bind("domain", name)->bind("key_id", id)->execute()->reset();
  }
  catch (SSqlException& se) {
    throw PDNSException("Error accessing DNSSEC database in BIND backend, unpublishDomainKey(): " + se.txtReason());
  }
  return true;
}

bool Bind2Backend::getTSIGKey(const DNSName& name, DNSName& algorithm, string& content)
{
  if (!d_dnssecdb || d_hybrid)
    return false;

  try {
    d_getTSIGKeyQuery_stmt->bind("key_name", name)->execute();

    SSqlStatement::row_t row;
    while (d_getTSIGKeyQuery_stmt->hasNextRow()) {
      d_getTSIGKeyQuery_stmt->nextRow(row);
      if (row.size() >= 2 && (algorithm.empty() || algorithm == DNSName(row[0]))) {
        algorithm = DNSName(row[0]);
        content = row[1];
      }
    }

    d_getTSIGKeyQuery_stmt->reset();
  }
  catch (SSqlException& e) {
    throw PDNSException("Error accessing DNSSEC database in BIND backend, getTSIGKey(): " + e.txtReason());
  }
  return true;
}

bool Bind2Backend::setTSIGKey(const DNSName& name, const DNSName& algorithm, const string& content)
{
  if (!d_dnssecdb || d_hybrid)
    return false;

  try {
    d_setTSIGKeyQuery_stmt->bind("key_name", name)->bind("algorithm", algorithm)->bind("content", content)->execute()->reset();
  }
  catch (SSqlException& e) {
    throw PDNSException("Error accessing DNSSEC database in BIND backend, setTSIGKey(): " + e.txtReason());
  }
  return true;
}

bool Bind2Backend::deleteTSIGKey(const DNSName& name)
{
  if (!d_dnssecdb || d_hybrid)
    return false;

  try {
    d_deleteTSIGKeyQuery_stmt->bind("key_name", name)->execute()->reset();
  }
  catch (SSqlException& e) {
    throw PDNSException("Error accessing DNSSEC database in BIND backend, deleteTSIGKey(): " + e.txtReason());
  }
  return true;
}

bool Bind2Backend::getTSIGKeys(std::vector<struct TSIGKey>& keys)
{
  if (!d_dnssecdb || d_hybrid)
    return false;

  try {
    d_getTSIGKeysQuery_stmt->execute();

    SSqlStatement::row_t row;
    while (d_getTSIGKeysQuery_stmt->hasNextRow()) {
      d_getTSIGKeysQuery_stmt->nextRow(row);
      struct TSIGKey key;
      key.name = DNSName(row[0]);
      key.algorithm = DNSName(row[1]);
      key.key = row[2];
      keys.push_back(key);
    }

    d_getTSIGKeysQuery_stmt->reset();
  }
  catch (SSqlException& e) {
    throw PDNSException("Error accessing DNSSEC database in BIND backend, getTSIGKeys(): " + e.txtReason());
  }
  return true;
}

#endif

1	/*
2	* This file is part of PowerDNS or dnsdist.
3	* Copyright -- PowerDNS.COM B.V. and its contributors
4	*
5	* This program is free software; you can redistribute it and/or modify
6	* it under the terms of version 2 of the GNU General Public License as
7	* published by the Free Software Foundation.
8	*
9	* In addition, for the avoidance of any doubt, permission is granted to
10	* link this program with OpenSSL and to (re)distribute the binaries
11	* produced as the result of such linking.
12	*
13	* This program is distributed in the hope that it will be useful,
14	* but WITHOUT ANY WARRANTY; without even the implied warranty of
15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16	* GNU General Public License for more details.
17	*
18	* You should have received a copy of the GNU General Public License
19	* along with this program; if not, write to the Free Software
20	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21	*/
22
23	#ifdef HAVE_CONFIG_H
24	#include "config.h"
25	#endif
26	#include "bindbackend2.hh"
27	#include "pdns/arguments.hh"
28	#include "pdns/dnsrecords.hh"
29
30	#ifndef HAVE_SQLITE3
31
32	void Bind2Backend::setupDNSSEC()
33	{
34	if (!getArg("dnssec-db").empty()) {
35	throw runtime_error("bind-dnssec-db requires building PowerDNS with SQLite3");
36	}
37	}
38
39	bool Bind2Backend::doesDNSSEC()
40	{
41	return d_hybrid;
42	}
43
44	bool Bind2Backend::getNSEC3PARAM(const DNSName& /* name /, NSEC3PARAMRecordContent /* ns3p */)
45	{
46	return false;
47	}
48
49	bool Bind2Backend::getNSEC3PARAMuncached(const DNSName& /* name /, NSEC3PARAMRecordContent /* ns3p */)
50	{
51	return false;
52	}
53
54	bool Bind2Backend::getAllDomainMetadata(const DNSName& /* name /, std::map<std::string, std::vector<std::string>>& / meta */)
55	{
56	return false;
57	}
58
59	bool Bind2Backend::getDomainMetadata(const DNSName& /* name /, const std::string& / kind /, std::vector<std::string>& / meta */)
60	{
61	return false;
62	}
63
64	bool Bind2Backend::setDomainMetadata(const DNSName& /* name /, const std::string& / kind /, const std::vector<std::string>& / meta */)
65	{
66	return false;
67	}
68
69	bool Bind2Backend::getDomainKeys(const DNSName& /* name /, std::vector<KeyData>& / keys */)
70	{
71	return false;
72	}
73
74	bool Bind2Backend::removeDomainKey(const DNSName& /* name /, unsigned int / id */)
75	{
76	return false;
77	}
78
79	bool Bind2Backend::addDomainKey(const DNSName& /* name /, const KeyData& / key /, int64_t& / id */)
80	{
81	return false;
82	}
83
84	bool Bind2Backend::activateDomainKey(const DNSName& /* name /, unsigned int / id */)
85	{
86	return false;
87	}
88
89	bool Bind2Backend::deactivateDomainKey(const DNSName& /* name /, unsigned int / id */)
90	{
91	return false;
92	}
93
94	bool Bind2Backend::publishDomainKey(const DNSName& /* name /, unsigned int / id */)
95	{
96	return false;
97	}
98
99	bool Bind2Backend::unpublishDomainKey(const DNSName& /* name /, unsigned int / id */)
100	{
101	return false;
102	}
103
104	bool Bind2Backend::getTSIGKey(const DNSName& /* name /, DNSName& / algorithm /, string& / content */)
105	{
106	return false;
107	}
108
109	bool Bind2Backend::setTSIGKey(const DNSName& /* name /, const DNSName& / algorithm /, const string& / content */)
110	{
111	return false;
112	}
113
114	bool Bind2Backend::deleteTSIGKey(const DNSName& /* name */)
115	{
116	return false;
117	}
118
119	bool Bind2Backend::getTSIGKeys(std::vector<struct TSIGKey>& /* keys */)
120	{
121	return false;
122	}
123
124	void Bind2Backend::setupStatements()
125	{
126	}
127
128	void Bind2Backend::freeStatements()
129	{
130	}
131
132	#else
133
134	#include "pdns/logger.hh"
135	#include "pdns/ssqlite3.hh"
136
137	#define ASSERT_ROW_COLUMNS(query, row, num) \
138	{ \	11✔
139	if (row.size() != num) { \	11✔
140	throw PDNSException(std::string(query) + " returned wrong number of columns, expected " #num ", got " + std::to_string(row.size())); \	×
141	} \	×
142	}	11✔
143
144	void Bind2Backend::setupDNSSEC()
145	{	3,550✔
146	if (getArg("dnssec-db").empty() \|\| d_hybrid)	3,550!
147	return;	3,528✔
148	try {	22✔
149	d_dnssecdb = std::make_shared<SSQLite3>(getArg("dnssec-db"), getArg("dnssec-db-journal-mode"));	22✔
150	setupStatements();	22✔
151	}	22✔
152	catch (SSqlException& se) {	22✔
153	// this error is meant to kill the server dead - it makes no sense to continue..
154	throw runtime_error("Error opening DNSSEC database in BIND backend: " + se.txtReason());	×
155	}	×
156
157	d_dnssecdb->setLog(::arg().mustDo("query-logging"));	22✔
158	}	22✔
159
160	void Bind2Backend::setupStatements()
161	{	22✔
162	d_getAllDomainMetadataQuery_stmt = d_dnssecdb->prepare("select kind, content from domainmetadata where domain=:domain", 1);	22✔
163	d_getDomainMetadataQuery_stmt = d_dnssecdb->prepare("select content from domainmetadata where domain=:domain and kind=:kind", 2);	22✔
164	d_deleteDomainMetadataQuery_stmt = d_dnssecdb->prepare("delete from domainmetadata where domain=:domain and kind=:kind", 2);	22✔
165	d_insertDomainMetadataQuery_stmt = d_dnssecdb->prepare("insert into domainmetadata (domain, kind, content) values (:domain,:kind,:content)", 3);	22✔
166	d_getDomainKeysQuery_stmt = d_dnssecdb->prepare("select id,flags, active, published, content from cryptokeys where domain=:domain", 1);	22✔
167	d_deleteDomainKeyQuery_stmt = d_dnssecdb->prepare("delete from cryptokeys where domain=:domain and id=:key_id", 2);	22✔
168	d_insertDomainKeyQuery_stmt = d_dnssecdb->prepare("insert into cryptokeys (domain, flags, active, published, content) values (:domain, :flags, :active, :published, :content)", 5);	22✔
169	d_GetLastInsertedKeyIdQuery_stmt = d_dnssecdb->prepare("select last_insert_rowid()", 0);	22✔
170	d_activateDomainKeyQuery_stmt = d_dnssecdb->prepare("update cryptokeys set active=1 where domain=:domain and id=:key_id", 2);	22✔
171	d_deactivateDomainKeyQuery_stmt = d_dnssecdb->prepare("update cryptokeys set active=0 where domain=:domain and id=:key_id", 2);	22✔
172	d_publishDomainKeyQuery_stmt = d_dnssecdb->prepare("update cryptokeys set published=1 where domain=:domain and id=:key_id", 2);	22✔
173	d_unpublishDomainKeyQuery_stmt = d_dnssecdb->prepare("update cryptokeys set published=0 where domain=:domain and id=:key_id", 2);	22✔
174	d_getTSIGKeyQuery_stmt = d_dnssecdb->prepare("select algorithm, secret from tsigkeys where name=:key_name", 1);	22✔
175	d_setTSIGKeyQuery_stmt = d_dnssecdb->prepare("replace into tsigkeys (name,algorithm,secret) values(:key_name, :algorithm, :content)", 3);	22✔
176	d_deleteTSIGKeyQuery_stmt = d_dnssecdb->prepare("delete from tsigkeys where name=:key_name", 1);	22✔
177	d_getTSIGKeysQuery_stmt = d_dnssecdb->prepare("select name,algorithm,secret from tsigkeys", 0);	22✔
178	}	22✔
179
180	void Bind2Backend::freeStatements()
181	{	3,518✔
182	d_getAllDomainMetadataQuery_stmt.reset();	3,518✔
183	d_getDomainMetadataQuery_stmt.reset();	3,518✔
184	d_deleteDomainMetadataQuery_stmt.reset();	3,518✔
185	d_insertDomainMetadataQuery_stmt.reset();	3,518✔
186	d_getDomainKeysQuery_stmt.reset();	3,518✔
187	d_deleteDomainKeyQuery_stmt.reset();	3,518✔
188	d_insertDomainKeyQuery_stmt.reset();	3,518✔
189	d_GetLastInsertedKeyIdQuery_stmt.reset();	3,518✔
190	d_activateDomainKeyQuery_stmt.reset();	3,518✔
191	d_deactivateDomainKeyQuery_stmt.reset();	3,518✔
192	d_publishDomainKeyQuery_stmt.reset();	3,518✔
193	d_unpublishDomainKeyQuery_stmt.reset();	3,518✔
194	d_getTSIGKeyQuery_stmt.reset();	3,518✔
195	d_setTSIGKeyQuery_stmt.reset();	3,518✔
196	d_deleteTSIGKeyQuery_stmt.reset();	3,518✔
197	d_getTSIGKeysQuery_stmt.reset();	3,518✔
198	}	3,518✔
199
200	bool Bind2Backend::doesDNSSEC()
201	{	×
202	return d_dnssecdb \|\| d_hybrid;	×
203	}	×
204
205	bool Bind2Backend::getNSEC3PARAM(const DNSName& name, NSEC3PARAMRecordContent* ns3p)
206	{	×
207	BB2DomainInfo bbd;	×
208	if (!safeGetBBDomainInfo(name, &bbd))	×
209	return false;	×
210
211	if (ns3p != nullptr) {	×
212	*ns3p = bbd.d_nsec3param;	×
213	}	×
214
215	return bbd.d_nsec3zone;	×
216	}	×
217
218	bool Bind2Backend::getNSEC3PARAMuncached(const DNSName& name, NSEC3PARAMRecordContent* ns3p)
219	{	2✔
220	if (!d_dnssecdb \|\| d_hybrid)	2!
221	return false;	×
222
223	string value;	2✔
224	vector<string> meta;	2✔
225	getDomainMetadata(name, "NSEC3PARAM", meta);	2✔
226	if (!meta.empty())	2!
227	value = *meta.begin();	×
228	else	2✔
229	return false; // No NSEC3 zone	2✔
230
231	static int maxNSEC3Iterations = ::arg().asNum("max-nsec3-iterations");	×
232	if (ns3p) {	×
233	auto tmp = std::dynamic_pointer_cast<NSEC3PARAMRecordContent>(DNSRecordContent::make(QType::NSEC3PARAM, 1, value));	×
234	ns3p = tmp;	×
235
236	if (ns3p->d_iterations > maxNSEC3Iterations) {	×
237	ns3p->d_iterations = maxNSEC3Iterations;	×
238	g_log << Logger::Error << "Number of NSEC3 iterations for zone '" << name << "' is above 'max-nsec3-iterations'. Value adjusted to: " << maxNSEC3Iterations << endl;	×
239	}	×
240
241	if (ns3p->d_algorithm != 1) {	×
242	g_log << Logger::Error << "Invalid hash algorithm for NSEC3: '" << std::to_string(ns3p->d_algorithm) << "', setting to 1 for zone '" << name << "'." << endl;	×
243	ns3p->d_algorithm = 1;	×
244	}	×
245	}	×
246
247	return true;	×
248	}	2✔
249
250	bool Bind2Backend::getAllDomainMetadata(const DNSName& name, std::map<std::string, std::vector<std::string>>& meta)
251	{	×
252	if (!d_dnssecdb \|\| d_hybrid)	×
253	return false;	×
254
255	try {	×
256	d_getAllDomainMetadataQuery_stmt->bind("domain", name)->execute();	×
257
258	SSqlStatement::row_t row;	×
259	while (d_getAllDomainMetadataQuery_stmt->hasNextRow()) {	×
260	d_getAllDomainMetadataQuery_stmt->nextRow(row);	×
261	meta[row[0]].push_back(row[1]);	×
262	}	×
263
264	d_getAllDomainMetadataQuery_stmt->reset();	×
265	}	×
266	catch (SSqlException& se) {	×
267	throw PDNSException("Error accessing DNSSEC database in BIND backend, getAllDomainMetadata(): " + se.txtReason());	×
268	}	×
269	return true;	×
270	}	×
271
272	bool Bind2Backend::getDomainMetadata(const DNSName& name, const std::string& kind, std::vector<std::string>& meta)
273	{	10✔
274	if (!d_dnssecdb \|\| d_hybrid)	10!
275	return false;	8✔
276
277	try {	2✔
278	d_getDomainMetadataQuery_stmt->bind("domain", name)->bind("kind", kind)->execute();	2✔
279
280	SSqlStatement::row_t row;	2✔
281	while (d_getDomainMetadataQuery_stmt->hasNextRow()) {	2!
282	d_getDomainMetadataQuery_stmt->nextRow(row);	×
283	meta.push_back(row[0]);	×
284	}	×
285
286	d_getDomainMetadataQuery_stmt->reset();	2✔
287	}	2✔
288	catch (SSqlException& se) {	2✔
289	throw PDNSException("Error accessing DNSSEC database in BIND backend, getDomainMetadata(): " + se.txtReason());	×
290	}	×
291	return true;	2✔
292	}	2✔
293
294	bool Bind2Backend::setDomainMetadata(const DNSName& name, const std::string& kind, const std::vector<std::string>& meta)
295	{	×
296	if (!d_dnssecdb \|\| d_hybrid)	×
297	return false;	×
298
299	try {	×
300	d_deleteDomainMetadataQuery_stmt->bind("domain", name)->bind("kind", kind)->execute()->reset();	×
301	if (!meta.empty()) {	×
302	for (const auto& value : meta) {	×
303	d_insertDomainMetadataQuery_stmt->bind("domain", name)->bind("kind", kind)->bind("content", value)->execute()->reset();	×
304	}	×
305	}	×
306	}	×
307	catch (SSqlException& se) {	×
308	throw PDNSException("Error accessing DNSSEC database in BIND backend, setDomainMetadata(): " + se.txtReason());	×
309	}	×
310	return true;	×
311	}	×
312
313	bool Bind2Backend::getDomainKeys(const DNSName& name, std::vector<KeyData>& keys)
314	{	×
315	if (!d_dnssecdb \|\| d_hybrid)	×
316	return false;	×
317
318	try {	×
319	d_getDomainKeysQuery_stmt->bind("domain", name)->execute();	×
320
321	KeyData kd;	×
322	SSqlStatement::row_t row;	×
323	while (d_getDomainKeysQuery_stmt->hasNextRow()) {	×
324	d_getDomainKeysQuery_stmt->nextRow(row);	×
325	pdns::checked_stoi_into(kd.id, row[0]);	×
326	pdns::checked_stoi_into(kd.flags, row[1]);	×
327	kd.active = (row[2] == "1");	×
328	kd.published = (row[3] == "1");	×
329	kd.content = row[4];	×
330	keys.push_back(kd);	×
331	}	×
332
333	d_getDomainKeysQuery_stmt->reset();	×
334	}	×
335	catch (SSqlException& se) {	×
336	throw PDNSException("Error accessing DNSSEC database in BIND backend, getDomainKeys(): " + se.txtReason());	×
337	}	×
338	return true;	×
339	}	×
340
341	bool Bind2Backend::removeDomainKey(const DNSName& name, unsigned int id)
342	{	×
343	if (!d_dnssecdb \|\| d_hybrid)	×
344	return false;	×
345
346	try {	×
347	d_deleteDomainKeyQuery_stmt->bind("domain", name)->bind("key_id", id)->execute()->reset();	×
348	}	×
349	catch (SSqlException& se) {	×
350	throw PDNSException("Error accessing DNSSEC database in BIND backend, removeDomainKeys(): " + se.txtReason());	×
351	}	×
352	return true;	×
353	}	×
354
355	bool Bind2Backend::addDomainKey(const DNSName& name, const KeyData& key, int64_t& id)
356	{	11✔
357	if (!d_dnssecdb \|\| d_hybrid)	11!
358	return false;	×
359
360	try {	11✔
361	d_insertDomainKeyQuery_stmt->bind("domain", name)->bind("flags", key.flags)->bind("active", key.active)->bind("published", key.published)->bind("content", key.content)->execute()->reset();	11✔
362	}	11✔
363	catch (SSqlException& se) {	11✔
364	throw PDNSException("Error accessing DNSSEC database in BIND backend, addDomainKey(): " + se.txtReason());	×
365	}	×
366
367	try {	11✔
368	d_GetLastInsertedKeyIdQuery_stmt->execute();	11✔
369	if (!d_GetLastInsertedKeyIdQuery_stmt->hasNextRow()) {	11!
370	id = -2;	×
371	return true;	×
372	}	×
373	SSqlStatement::row_t row;	11✔
374	d_GetLastInsertedKeyIdQuery_stmt->nextRow(row);	11✔
375	ASSERT_ROW_COLUMNS("get-last-inserted-key-id-query", row, 1);	11!
376	id = std::stoi(row[0]);	11✔
377	d_GetLastInsertedKeyIdQuery_stmt->reset();	11✔
378	return true;	11✔
379	}	11✔
380	catch (SSqlException& e) {	11✔
381	id = -2;	×
382	return true;	×
383	}	×
384	}	11✔
385
386	bool Bind2Backend::activateDomainKey(const DNSName& name, unsigned int id)
387	{	×
388	if (!d_dnssecdb \|\| d_hybrid)	×
389	return false;	×
390
391	try {	×
392	d_activateDomainKeyQuery_stmt->bind("domain", name)->bind("key_id", id)->execute()->reset();	×
393	}	×
394	catch (SSqlException& se) {	×
395	throw PDNSException("Error accessing DNSSEC database in BIND backend, activateDomainKey(): " + se.txtReason());	×
396	}	×
397	return true;	×
398	}	×
399
400	bool Bind2Backend::deactivateDomainKey(const DNSName& name, unsigned int id)
401	{	×
402	if (!d_dnssecdb \|\| d_hybrid)	×
403	return false;	×
404
405	try {	×
406	d_deactivateDomainKeyQuery_stmt->bind("domain", name)->bind("key_id", id)->execute()->reset();	×
407	}	×
408	catch (SSqlException& se) {	×
409	throw PDNSException("Error accessing DNSSEC database in BIND backend, deactivateDomainKey(): " + se.txtReason());	×
410	}	×
411	return true;	×
412	}	×
413
414	bool Bind2Backend::publishDomainKey(const DNSName& name, unsigned int id)
415	{	×
416	if (!d_dnssecdb \|\| d_hybrid)	×
417	return false;	×
418
419	try {	×
420	d_publishDomainKeyQuery_stmt->bind("domain", name)->bind("key_id", id)->execute()->reset();	×
421	}	×
422	catch (SSqlException& se) {	×
423	throw PDNSException("Error accessing DNSSEC database in BIND backend, publishDomainKey(): " + se.txtReason());	×
424	}	×
425	return true;	×
426	}	×
427
428	bool Bind2Backend::unpublishDomainKey(const DNSName& name, unsigned int id)
429	{	×
430	if (!d_dnssecdb \|\| d_hybrid)	×
431	return false;	×
432
433	try {	×
434	d_unpublishDomainKeyQuery_stmt->bind("domain", name)->bind("key_id", id)->execute()->reset();	×
435	}	×
436	catch (SSqlException& se) {	×
437	throw PDNSException("Error accessing DNSSEC database in BIND backend, unpublishDomainKey(): " + se.txtReason());	×
438	}	×
439	return true;	×
440	}	×
441
442	bool Bind2Backend::getTSIGKey(const DNSName& name, DNSName& algorithm, string& content)
443	{	×
444	if (!d_dnssecdb \|\| d_hybrid)	×
445	return false;	×
446
447	try {	×
448	d_getTSIGKeyQuery_stmt->bind("key_name", name)->execute();	×
449
450	SSqlStatement::row_t row;	×
451	while (d_getTSIGKeyQuery_stmt->hasNextRow()) {	×
452	d_getTSIGKeyQuery_stmt->nextRow(row);	×
453	if (row.size() >= 2 && (algorithm.empty() \|\| algorithm == DNSName(row[0]))) {	×
454	algorithm = DNSName(row[0]);	×
455	content = row[1];	×
456	}	×
457	}	×
458
459	d_getTSIGKeyQuery_stmt->reset();	×
460	}	×
461	catch (SSqlException& e) {	×
462	throw PDNSException("Error accessing DNSSEC database in BIND backend, getTSIGKey(): " + e.txtReason());	×
463	}	×
464	return true;	×
465	}	×
466
467	bool Bind2Backend::setTSIGKey(const DNSName& name, const DNSName& algorithm, const string& content)
468	{	×
469	if (!d_dnssecdb \|\| d_hybrid)	×
470	return false;	×
471
472	try {	×
473	d_setTSIGKeyQuery_stmt->bind("key_name", name)->bind("algorithm", algorithm)->bind("content", content)->execute()->reset();	×
474	}	×
475	catch (SSqlException& e) {	×
476	throw PDNSException("Error accessing DNSSEC database in BIND backend, setTSIGKey(): " + e.txtReason());	×
477	}	×
478	return true;	×
479	}	×
480
481	bool Bind2Backend::deleteTSIGKey(const DNSName& name)
482	{	×
483	if (!d_dnssecdb \|\| d_hybrid)	×
484	return false;	×
485
486	try {	×
487	d_deleteTSIGKeyQuery_stmt->bind("key_name", name)->execute()->reset();	×
488	}	×
489	catch (SSqlException& e) {	×
490	throw PDNSException("Error accessing DNSSEC database in BIND backend, deleteTSIGKey(): " + e.txtReason());	×
491	}	×
492	return true;	×
493	}	×
494
495	bool Bind2Backend::getTSIGKeys(std::vector<struct TSIGKey>& keys)
496	{	×
497	if (!d_dnssecdb \|\| d_hybrid)	×
498	return false;	×
499
500	try {	×
501	d_getTSIGKeysQuery_stmt->execute();	×
502
503	SSqlStatement::row_t row;	×
504	while (d_getTSIGKeysQuery_stmt->hasNextRow()) {	×
505	d_getTSIGKeysQuery_stmt->nextRow(row);	×
506	struct TSIGKey key;	×
507	key.name = DNSName(row[0]);	×
508	key.algorithm = DNSName(row[1]);	×
509	key.key = row[2];	×
510	keys.push_back(key);	×
511	}	×
512
513	d_getTSIGKeysQuery_stmt->reset();	×
514	}	×
515	catch (SSqlException& e) {	×
516	throw PDNSException("Error accessing DNSSEC database in BIND backend, getTSIGKeys(): " + e.txtReason());	×
517	}	×
518	return true;	×
519	}	×
520
521	#endif

PowerDNS / pdns / 12188764554

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous