Search
j0ke.net Open Build Service
>
Projects
>
home:jg
:
autodns
:
dns
>
pdns
> pdns-2.9.22-axfr-patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File pdns-2.9.22-axfr-patch of Package pdns
diff -ur pdns-2.9.22/debian-pdns/rules pdns-2.9.22-IX/debian-pdns/rules --- pdns-2.9.22/debian-pdns/rules 2008-11-16 18:21:08.000000000 +0100 +++ pdns-2.9.22-IX/debian-pdns/rules 2009-05-04 09:19:04.000000000 +0200 @@ -2,8 +2,10 @@ tmpdir := $(shell pwd)/debian-pdns/tmp be_tmpdir := $(shell pwd)/debian-pdns/tmp-backend -backends := opendbx ldap mysql pipe gmysql gpgsql gsqlite gsqlite3 -debs := opendbx ldap mysql pipe pgsql sqlite sqlite3 +#backends := opendbx ldap mysql pipe gmysql gpgsql gsqlite gsqlite3 +#debs := opendbx ldap mysql pipe pgsql sqlite sqlite3 +backends := mysql pipe gmysql +debs := mysql pipe binary-doc: -make -C pdns/docs html/index.html @@ -51,7 +53,7 @@ --infodir='$${datadir}/info' \ --mandir='$${datadir}/man' \ --with-pgsql-lib=/opt/postgresql/lib --with-pgsql-includes=/opt/postgresql/include \ - --with-modules="mysql gmysql gpgsql pipe pdns gsqlite gsqlite3 geo" \ + --with-modules="mysql gmysql pipe pdns" \ --with-dynmodules="" \ --enable-static-binaries make diff -ur pdns-2.9.22/modules/gmysqlbackend/gmysqlbackend.cc pdns-2.9.22-IX/modules/gmysqlbackend/gmysqlbackend.cc --- pdns-2.9.22/modules/gmysqlbackend/gmysqlbackend.cc 2008-02-03 13:14:00.000000000 +0100 +++ pdns-2.9.22-IX/modules/gmysqlbackend/gmysqlbackend.cc 2009-04-30 17:00:15.000000000 +0200 @@ -75,6 +75,7 @@ declare(suffix,"info-all-master-query","", "select id,name,master,last_check,notified_serial,type from domains where type='MASTER'"); declare(suffix,"delete-zone-query","", "delete from records where domain_id=%d"); + declare(suffix,"lookup-axfr-allow","", "select zone_grants from domains where name='%s'"); } diff -ur pdns-2.9.22/pdns/backends/gsql/gsqlbackend.cc pdns-2.9.22-IX/pdns/backends/gsql/gsqlbackend.cc --- pdns-2.9.22/pdns/backends/gsql/gsqlbackend.cc 2008-12-06 20:43:50.000000000 +0100 +++ pdns-2.9.22-IX/pdns/backends/gsql/gsqlbackend.cc 2009-05-05 12:43:04.000000000 +0200 @@ -16,10 +16,78 @@ #include "pdns/ahuexception.hh" #include "pdns/logger.hh" #include "pdns/arguments.hh" +#include "pdns/iputils.hh" #include <boost/algorithm/string.hpp> #include <sstream> + using namespace boost; +bool GSQLBackend::checkAXFRByZone(const std::string& name , const std::string& ip) +{ +// L << Logger::Warning +// << "ZONE-AXFR: checking " << name << " with " << ip << std::endl; + + char output[1024]; + + snprintf( output,sizeof(output)-1, + d_LookupAxfrAllow.c_str(),name.c_str() + ); + + L << Logger::Warning + << "ZONE-AXFR: checking " << name << " with " << ip << std::endl + << "STATEMENT: "<< output << std::endl; + + try + { + d_db->doQuery(output, d_result); + } + catch(SSqlException &e) + { + throw AhuException("GSQLBackend unable to select AXFR-by Zone . name " + + name + + " with ip " + + ip + + " : " + + e.txtReason()); + } + + if(!d_result.size()) + return false; + + if(d_result.size() > 1) + throw AhuException("Ambigous entries ' " + + name + + "' exists more than once"); + + SSql::row_t row(d_result[0]); + SSql::row_t::const_reverse_iterator zone_str_iter(row.rbegin()); + std::vector<std::string> allowed_ips; + + stringtok(allowed_ips, *zone_str_iter, ";"); + std::vector<std::string>::iterator iter(allowed_ips.begin()), + end(allowed_ips.end()); + + for(;iter!=end;++iter) + { + trim(*iter); + + L << Logger::Warning << "ZONE-AXFR: comparing '" << *iter << "' with '" << ip << "'"<< std::endl; + + if(*iter == ip) return true; + + // check for netmasks + if( (*iter).find_first_of('/') != std::string::npos ) // found a mask + { + L << Logger::Warning << "detected mask " << std::endl; + Netmask mask(*iter); + if(mask.match(ip)) return true; + } + + + } + return false; +} + void GSQLBackend::setNotified(uint32_t domain_id, uint32_t serial) { char output[1024]; @@ -239,6 +307,7 @@ d_UpdateLastCheckofZoneQuery=getArg("update-lastcheck-query"); d_InfoOfAllMasterDomainsQuery=getArg("info-all-master-query"); d_DeleteZoneQuery=getArg("delete-zone-query"); + d_LookupAxfrAllow=getArg("lookup-axfr-allow"); } diff -ur pdns-2.9.22/pdns/backends/gsql/gsqlbackend.hh pdns-2.9.22-IX/pdns/backends/gsql/gsqlbackend.hh --- pdns-2.9.22/pdns/backends/gsql/gsqlbackend.hh 2008-02-03 13:13:59.000000000 +0100 +++ pdns-2.9.22-IX/pdns/backends/gsql/gsqlbackend.hh 2009-04-30 17:00:15.000000000 +0200 @@ -21,6 +21,9 @@ d_db=db; } + //checks if a zone is allowed to check axfr-data + bool checkAXFRByZone(const std::string& name , const std::string& ip); + string sqlEscape(const string &name); void lookup(const QType &, const string &qdomain, DNSPacket *p=0, int zoneId=-1); bool list(const string &target, int domain_id); @@ -65,6 +68,7 @@ string d_UpdateSerialOfZoneQuery; string d_UpdateLastCheckofZoneQuery; string d_InfoOfAllMasterDomainsQuery; - string d_DeleteZoneQuery; + string d_DeleteZoneQuery; + string d_LookupAxfrAllow; }; diff -ur pdns-2.9.22/pdns/common_startup.cc pdns-2.9.22-IX/pdns/common_startup.cc --- pdns-2.9.22/pdns/common_startup.cc 2008-11-19 18:56:52.000000000 +0100 +++ pdns-2.9.22-IX/pdns/common_startup.cc 2009-04-30 17:00:15.000000000 +0200 @@ -127,6 +127,9 @@ ::arg().set("max-cache-entries", "Maximum number of cache entries")="1000000"; ::arg().set("entropy-source", "If set, read entropy from this file")="/dev/urandom"; + + ::arg().set("axfr-by-zone","allows configuration of axfr-allows by zone")="yes"; + ::arg().setSwitch("axfr-by-zone","allows configuration of axfr-allows by zone")="yes"; } void declareStats(void) diff -ur pdns-2.9.22/pdns/dnsbackend.cc pdns-2.9.22-IX/pdns/dnsbackend.cc --- pdns-2.9.22/pdns/dnsbackend.cc 2008-11-15 21:32:46.000000000 +0100 +++ pdns-2.9.22-IX/pdns/dnsbackend.cc 2009-04-30 17:00:15.000000000 +0200 @@ -25,6 +25,11 @@ #include <sys/types.h> #include "dnspacket.hh" +bool DNSBackend::checkAXFRByZone(const std::string& name , const std::string& ip) +{ + return false; +} + string DNSBackend::getRemote(DNSPacket *p) { return p->getRemote(); diff -ur pdns-2.9.22/pdns/dnsbackend.hh pdns-2.9.22-IX/pdns/dnsbackend.hh --- pdns-2.9.22/pdns/dnsbackend.hh 2008-02-03 13:13:59.000000000 +0100 +++ pdns-2.9.22-IX/pdns/dnsbackend.hh 2009-04-30 17:00:15.000000000 +0200 @@ -77,6 +77,8 @@ if the backend does not consider itself responsible for the id passed. \param domain_id ID of which a list is requested */ + virtual bool checkAXFRByZone(const std::string& name , const std::string& ip); + virtual bool list(const string &target, int domain_id)=0; virtual ~DNSBackend(){}; diff -ur pdns-2.9.22/pdns/misc.cc pdns-2.9.22-IX/pdns/misc.cc --- pdns-2.9.22/pdns/misc.cc 2008-11-15 21:32:46.000000000 +0100 +++ pdns-2.9.22-IX/pdns/misc.cc 2009-04-30 17:00:15.000000000 +0200 @@ -232,6 +232,10 @@ while (replen) { ret = write(outsock, buffer, replen); + while(ret == -1 && errno == EAGAIN) { + Utility::usleep(1); + ret = write(outsock, buffer, replen); + } if(ret < 0) { if(errno==EAGAIN) { // wait, we might've exhausted the window while(waitForRWData(outsock, false, 1, 0)==0) diff -ur pdns-2.9.22/pdns/tcpreceiver.cc pdns-2.9.22-IX/pdns/tcpreceiver.cc --- pdns-2.9.22/pdns/tcpreceiver.cc 2008-11-19 18:21:11.000000000 +0100 +++ pdns-2.9.22-IX/pdns/tcpreceiver.cc 2009-05-04 10:35:51.000000000 +0200 @@ -346,16 +346,42 @@ if(::arg().mustDo("disable-axfr")) return false; - if( ::arg()["allow-axfr-ips"].empty() || d_ng.match( (ComboAddress *) &q->remote ) ) - return true; + if(::arg().mustDo("axfr-by-zone") ) + { + //DNSBackend *backend = s_P->getBackend(); + PacketHandler P; + DNSBackend *backend = P.getBackend(); + if(backend->checkAXFRByZone( q->qdomain , q->getRemote()) ) + { + L << Logger::Warning + <<"Approved zone-based AXFR of '"<<q->qdomain + << q->getRemote()<<endl; + return true; + } + //a empty list is a failure in case of 'axfr-by-zone' + else if(d_ng.match( (ComboAddress *) &q->remote ) ) + { + L << Logger::Warning << "allowed by config file" << endl; + return true; + } + } + else + { + // L << Logger::Warning<< "no axfr-by-zone" <<endl; + if(::arg()["allow-axfr-ips"].empty() + || d_ng.match( (ComboAddress *) &q->remote ) ) + return true; + } extern CommunicatorClass Communicator; if(Communicator.justNotified(q->qdomain, q->getRemote())) { // we just notified this ip - L<<Logger::Warning<<"Approved AXFR of '"<<q->qdomain<<"' from recently notified slave "<<q->getRemote()<<endl; + L << Logger::Warning << "Approved AXFR of '" << q->qdomain << "' from recently notified slave " << q->getRemote() << endl; return true; } + L << Logger::Warning << "AXFR FAILED" << endl; + return false; } diff -ur pdns-2.9.22/pdns/ueberbackend.cc pdns-2.9.22-IX/pdns/ueberbackend.cc --- pdns-2.9.22/pdns/ueberbackend.cc 2008-11-27 22:56:33.000000000 +0100 +++ pdns-2.9.22-IX/pdns/ueberbackend.cc 2009-04-30 17:00:15.000000000 +0200 @@ -60,6 +60,15 @@ #define RTLD_NOW RTLD_LAZY #endif +bool UeberBackend::checkAXFRByZone( const std::string& name , const std::string& ip) +{ + for ( vector< DNSBackend * >::iterator i = backends.begin(); i != backends.end(); ++i ) + { + if(( *i )->checkAXFRByZone( name , ip) ) return true; + } + return false; +} + //! Loads a module and reports it to all UeberBackend threads bool UeberBackend::loadmodule(const string &name) { diff -ur pdns-2.9.22/pdns/ueberbackend.hh pdns-2.9.22-IX/pdns/ueberbackend.hh --- pdns-2.9.22/pdns/ueberbackend.hh 2008-02-03 13:13:59.000000000 +0100 +++ pdns-2.9.22-IX/pdns/ueberbackend.hh 2009-04-30 17:00:15.000000000 +0200 @@ -57,6 +57,7 @@ UeberBackend(); UeberBackend(const string &); ~UeberBackend(); + virtual bool checkAXFRByZone(const std::string& name , const std::string& ip); typedef DNSBackend *BackendMaker(); //!< typedef for functions returning pointers to new backends bool superMasterBackend(const string &ip, const string &domain, const vector<DNSResourceRecord>&nsset, string *account, DNSBackend **db);
