Commit 1fbbeb35 authored by Mukund Sivaraman's avatar Mukund Sivaraman
Browse files

[2165] Stop RRSIGs from being added in getRRsets() itself

... instead of stripping them later.
parent 7f00956d
......@@ -180,6 +180,7 @@ private:
DatabaseClient::Finder::FoundRRsets
DatabaseClient::Finder::getRRsets(const string& name, const WantedTypes& types,
bool sigs,
const string* construct_name, bool any,
DatabaseAccessor::IteratorContextPtr context)
{
......@@ -276,10 +277,12 @@ DatabaseClient::Finder::getRRsets(const string& name, const WantedTypes& types,
isc_throw(DataSourceError, "CNAME shares domain " << name <<
" with something else");
}
// Add signatures to all found RRsets
for (std::map<RRType, RRsetPtr>::iterator i(result.begin());
i != result.end(); ++ i) {
sig_store.appendSignatures(i->second);
if (sigs) {
// Add signatures to all found RRsets
for (std::map<RRType, RRsetPtr>::iterator i(result.begin());
i != result.end(); ++ i) {
sig_store.appendSignatures(i->second);
}
}
if (records_found && any) {
result[RRType::ANY()] = RRsetPtr();
......@@ -448,7 +451,9 @@ DatabaseClient::Finder::findDelegationPoint(const isc::dns::Name& name,
// Look if there's NS or DNAME at this point of the tree, but ignore
// the NS RRs at the apex of the zone.
const FoundRRsets found = getRRsets(superdomain.toText(),
DELEGATION_TYPES());
DELEGATION_TYPES(),
((options & FIND_DNSSEC) ==
FIND_DNSSEC));
if (found.first) {
// This node contains either NS or DNAME RRs so it does exist.
const FoundIterator nsi(found.second.find(RRType::NS()));
......@@ -581,6 +586,8 @@ DatabaseClient::Finder::findWildcardMatch(
// RFC 4592 section 4.4).
// Search for a match. The types are the same as with original query.
const FoundRRsets found = getRRsets(wildcard, final_types,
((options & FIND_DNSSEC) ==
FIND_DNSSEC),
&construct_name,
type == RRType::ANY());
if (found.first) {
......@@ -601,8 +608,7 @@ DatabaseClient::Finder::findWildcardMatch(
DATASRC_DATABASE_WILDCARD_CANCEL_NS).
arg(accessor_->getDBName()).arg(wildcard).
arg(dresult.first_ns->getName());
return (ResultContext(DELEGATION,
stripRRsigs(dresult.first_ns, options)));
return (ResultContext(DELEGATION, dresult.first_ns));
} else if (!hasSubdomains(name.split(i - 1).toText())) {
// The wildcard match is the best one, find the final result
// at it. Note that wildcard should never be the zone origin.
......@@ -686,7 +692,7 @@ DatabaseClient::Finder::FindDNSSECContext::probe() {
// such cases).
const string origin = finder_.getOrigin().toText();
const FoundRRsets nsec3_found =
finder_.getRRsets(origin, NSEC3PARAM_TYPES());
finder_.getRRsets(origin, NSEC3PARAM_TYPES(), true);
const FoundIterator nfi=
nsec3_found.second.find(RRType::NSEC3PARAM());
is_nsec3_ = (nfi != nsec3_found.second.end());
......@@ -697,7 +703,7 @@ DatabaseClient::Finder::FindDNSSECContext::probe() {
// described in Section 10.4 of RFC 5155.
if (!is_nsec3_) {
const FoundRRsets nsec_found =
finder_.getRRsets(origin, NSEC_TYPES());
finder_.getRRsets(origin, NSEC_TYPES(), true);
const FoundIterator nfi =
nsec_found.second.find(RRType::NSEC());
is_nsec_ = (nfi != nsec_found.second.end());
......@@ -750,7 +756,7 @@ DatabaseClient::Finder::FindDNSSECContext::getDNSSECRRset(const Name &name,
const Name& nsec_name =
covering ? finder_.findPreviousName(name) : name;
const FoundRRsets found = finder_.getRRsets(nsec_name.toText(),
NSEC_TYPES());
NSEC_TYPES(), true);
const FoundIterator nci = found.second.find(RRType::NSEC());
if (nci != found.second.end()) {
return (nci->second);
......@@ -810,7 +816,7 @@ DatabaseClient::Finder::findOnNameResult(const Name& name,
// - when we are looking for glue records (FIND_GLUE_OK), or
// - when the query type is DS (which cancels the delegation)
return (logAndCreateResult(name, wildname, type, DELEGATION,
stripRRsigs(nsi->second, options),
nsi->second,
wild ? DATASRC_DATABASE_WILDCARD_NS :
DATASRC_DATABASE_FOUND_DELEGATION_EXACT,
flags));
......@@ -826,8 +832,7 @@ DatabaseClient::Finder::findOnNameResult(const Name& name,
cni->second->getRdataCount() << " rdata at " << name <<
", expected 1");
}
return (logAndCreateResult(name, wildname, type, CNAME,
stripRRsigs(cni->second, options),
return (logAndCreateResult(name, wildname, type, CNAME, cni->second,
wild ? DATASRC_DATABASE_WILDCARD_CNAME :
DATASRC_DATABASE_FOUND_CNAME,
flags));
......@@ -840,7 +845,7 @@ DatabaseClient::Finder::findOnNameResult(const Name& name,
it != found.second.end(); ++it) {
if (it->second) {
// Skip over the empty ANY
target->push_back(stripRRsigs(it->second, options));
target->push_back(it->second);
}
}
if (wild) {
......@@ -868,8 +873,7 @@ DatabaseClient::Finder::findOnNameResult(const Name& name,
// includes the case where we were explicitly querying for a CNAME and
// found it. It also includes the case where we were querying for an
// NS RRset and found it at the apex of the zone.)
return (ResultContext(SUCCESS, stripRRsigs(wti->second, options),
flags));
return (ResultContext(SUCCESS, wti->second, flags));
}
// If we get here, we have found something at the requested name but not
......@@ -884,13 +888,11 @@ DatabaseClient::Finder::findOnNameResult(const Name& name,
if (dnssec_rrset) {
// This log message covers both normal and wildcard cases, so we pass
// NULL for 'wildname'.
return (logAndCreateResult(name, NULL, type, NXRRSET,
dnssec_rrset,
return (logAndCreateResult(name, NULL, type, NXRRSET, dnssec_rrset,
DATASRC_DATABASE_FOUND_NXRRSET_NSEC,
flags | RESULT_NSEC_SIGNED));
}
return (logAndCreateResult(name, wildname, type, NXRRSET,
dnssec_rrset,
return (logAndCreateResult(name, wildname, type, NXRRSET, dnssec_rrset,
wild ? DATASRC_DATABASE_WILDCARD_NXRRSET :
DATASRC_DATABASE_FOUND_NXRRSET,
flags | dnssec_ctx.getResultFlags()));
......@@ -969,8 +971,7 @@ DatabaseClient::Finder::findInternal(const Name& name, const RRType& type,
const DelegationSearchResult dresult = findDelegationPoint(name, options);
if (dresult.rrset) {
// In this case no special flags are needed.
return (ResultContext(dresult.code,
stripRRsigs(dresult.rrset, options)));
return (ResultContext(dresult.code, dresult.rrset));
}
// If there is no delegation, look for the exact match to the request
......@@ -982,6 +983,8 @@ DatabaseClient::Finder::findInternal(const Name& name, const RRType& type,
WantedTypes final_types(FINAL_TYPES());
final_types.insert(type);
const FoundRRsets found = getRRsets(name.toText(), final_types,
((options & FIND_DNSSEC) ==
FIND_DNSSEC),
NULL, type == RRType::ANY());
FindDNSSECContext dnssec_ctx(*this, options);
if (found.first) {
......@@ -1015,7 +1018,8 @@ DatabaseClient::Finder::findNSEC3(const Name& name, bool recursive) {
// Now, we need to get the NSEC3 params from the apex and create the hash
// creator for it.
const FoundRRsets nsec3param(getRRsets(getOrigin().toText(),
NSEC3PARAM_TYPES()));
NSEC3PARAM_TYPES(),
true));
const FoundIterator param(nsec3param.second.find(RRType::NSEC3PARAM()));
if (!nsec3param.first || param == nsec3param.second.end()) {
// No NSEC3 params? :-(
......@@ -1055,6 +1059,7 @@ DatabaseClient::Finder::findNSEC3(const Name& name, bool recursive) {
}
const FoundRRsets nsec3(getRRsets(hash + "." + otext, NSEC3_TYPES(),
true,
NULL, false, context));
if (nsec3.first) {
......@@ -1080,7 +1085,8 @@ DatabaseClient::Finder::findNSEC3(const Name& name, bool recursive) {
arg(labels).arg(prevHash);
context = accessor_->getNSEC3Records(prevHash, zone_id_);
const FoundRRsets prev_nsec3(getRRsets(prevHash + "." + otext,
NSEC3_TYPES(), NULL, false,
NSEC3_TYPES(), true,
NULL, false,
context));
if (!prev_nsec3.first) {
......
......@@ -963,6 +963,8 @@ public:
///
/// \param name Which domain name should be scanned.
/// \param types List of types the caller is interested in.
/// \param sigs Return RRSIGs if true is passed. Otherwise, no
/// associated RRSIGs are set on the returned RRsets.
/// \param construct_name If this is NULL, the resulting RRsets have
/// their name set to name. If it is not NULL, it overrides the
/// name and uses this one (this can be used for wildcard
......@@ -984,6 +986,7 @@ public:
/// database or the database contains bad data.
FoundRRsets getRRsets(const std::string& name,
const WantedTypes& types,
bool sigs,
const std::string* construct_name = NULL,
bool any = false,
DatabaseAccessor::IteratorContextPtr srcContext =
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment