Merge pull request #14057 from mind04/auth-catalog-cleanup

Auth: fix a crash and some cleanup in the auth-catalogzone.cc

Author: miodvallat

modules/lmdbbackend/lmdbbackend.cc

@@ -2396,26 +2396,25 @@ void LMDBBackend::setLastCheckTime(domainid_t domain_id, time_t last_check)
 
 void LMDBBackend::getUpdatedPrimaries(vector<DomainInfo>& updatedDomains, std::unordered_set<DNSName>& catalogs, CatalogHashMap& catalogHashes)
 {
-  CatalogInfo ci;
-
-  getAllDomainsFiltered(&(updatedDomains), [this, &catalogs, &catalogHashes, &ci](DomainInfo& di) {
+  getAllDomainsFiltered(&(updatedDomains), [this, &catalogs, &catalogHashes](DomainInfo& di) {
     if (!di.isPrimaryType()) {
       return false;
     }
 
     if (di.kind == DomainInfo::Producer) {
       catalogs.insert(di.zone.operator const DNSName&());
-      catalogHashes[di.zone].process("\0");
+      catalogHashes[di.zone].process("");
       return false; // Producer freshness check is performed elsewhere
     }
 
     if (!di.catalog.empty()) {
-      ci.fromJson(di.options, CatalogInfo::CatalogType::Producer);
-      ci.updateHash(catalogHashes, di);
+      CatalogInfo::updateCatalogHash(catalogHashes, di);
     }
 
     if (getSerial(di) && di.serial != di.notified_serial) {
       di.backend = this;
+      di.catalog.clear();
+      di.options.clear();
       return true;
     }
 

pdns/auth-catalogzone.cc

@@ -25,56 +25,58 @@
 #endif
 
 #include "dnsbackend.hh"
+#include "json.hh"
 
-void CatalogInfo::fromJson(const std::string& json, CatalogType type)
+bool CatalogInfo::parseJson(const std::string& json, CatalogType type)
 {
-  d_type = type;
-  if (d_type == CatalogType::None) {
+  if (type == CatalogType::None) {
     throw std::runtime_error("CatalogType is set to None");
   }
+
+  d_type = type;
+
   if (json.empty()) {
-    return;
+    d_doc = nullptr;
+    return false;
   }
+
   std::string err;
   d_doc = json11::Json::parse(json, err);
-  if (!d_doc.is_null()) {
-    if (!d_doc[getTypeString(d_type)].is_null()) {
-      auto items = d_doc[getTypeString(type)].object_items();
-      if (!items["coo"].is_null()) {
-        if (items["coo"].is_string()) {
-          if (!items["coo"].string_value().empty()) {
-            d_coo = DNSName(items["coo"].string_value());
-          }
-        }
-        else {
-          throw std::out_of_range("Key 'coo' is not a string");
-        }
+  if (d_doc.is_null()) {
+    throw std::runtime_error("Parsing of JSON options failed: " + err);
+  }
+
+  return !d_doc[getTypeString(d_type)].is_null();
+}
+
+void CatalogInfo::fromJson(const std::string& json, CatalogType type)
+{
+  if (parseJson(json, type)) {
+    auto items = d_doc[getTypeString(type)].object_items();
+
+    // coo property
+    if (!items["coo"].is_null()) {
+      d_coo = DNSName(stringFromJson(items, "coo"));
+    }
+
+    // unique property
+    if (!items["unique"].is_null()) {
+      d_unique = DNSName(stringFromJson(items, "unique"));
+      if (d_unique.countLabels() != 1) {
+        throw std::out_of_range("Invalid number of labels in unique value");
       }
-      if (!items["unique"].is_null()) {
-        if (items["unique"].is_string()) {
-          if (!items["unique"].string_value().empty()) {
-            d_unique = DNSName(items["unique"].string_value());
-          }
-        }
-        else {
-          throw std::out_of_range("Key 'unique' is not a string");
-        }
+    }
+
+    // group properties
+    if (!items["group"].is_null()) {
+      if (!items["group"].is_array()) {
+        throw std::out_of_range("Key 'group' is not an array");
       }
-      if (!items["group"].is_null()) {
-        if (items["group"].is_array()) {
-          for (const auto& value : items["group"].array_items()) {
-            d_group.insert(value.string_value());
-          }
-        }
-        else {
-          throw std::out_of_range("Key 'group' is not an array");
-        }
+      for (const auto& value : items["group"].array_items()) {
+        d_group.insert(value.string_value());
       }
     }
   }
-  else {
-    throw std::runtime_error("Parsing of JSON options failed: " + err);
-  }
 }
 
 std::string CatalogInfo::toJson() const
@@ -83,41 +85,48 @@ std::string CatalogInfo::toJson() const
     throw std::runtime_error("CatalogType is set to None");
   }
   json11::Json::object object;
+
+  // coo property
   if (!d_coo.empty()) {
     object["coo"] = d_coo.toString();
   }
+
+  // unique property
   if (!d_unique.empty()) {
-    if (d_unique.countLabels() > 1) {
-      throw std::out_of_range("Multiple labels in a unique value are not allowed");
+    if (d_unique.countLabels() != 1) {
+      throw std::out_of_range("Invalid number of labels in unique value");
     }
     object["unique"] = d_unique.toString();
   }
+
+  // group properties
   if (!d_group.empty()) {
     json11::Json::array entries;
     for (const auto& group : d_group) {
       entries.push_back(group);
     }
     object["group"] = entries;
   }
+
   auto tmp = d_doc.object_items();
   tmp[getTypeString(d_type)] = object;
   const json11::Json ret = tmp;
   return ret.dump();
 }
 
-void CatalogInfo::updateHash(CatalogHashMap& hashes, const DomainInfo& di) const
+void CatalogInfo::updateCatalogHash(CatalogHashMap& hashes, const DomainInfo& di)
 {
-  hashes[di.catalog].process(std::to_string(di.id) + di.zone.toLogString() + string("\0", 1) + d_coo.toLogString() + string("\0", 1) + d_unique.toLogString());
-  for (const auto& group : d_group) {
-    hashes[di.catalog].process(std::to_string(group.length()) + group);
+  CatalogInfo ci;
+  hashes[di.catalog].process(std::to_string(di.id) + di.zone.toLogString());
+  if (ci.parseJson(di.options, CatalogType::Producer)) {
+    hashes[di.catalog].process(ci.d_doc["producer"].dump());
   }
 }
 
 DNSZoneRecord CatalogInfo::getCatalogVersionRecord(const ZoneName& zone)
 {
   DNSZoneRecord dzr;
   dzr.dr.d_name = g_versiondnsname + zone.operator const DNSName&();
-  dzr.dr.d_ttl = 0;
   dzr.dr.d_type = QType::TXT;
   dzr.dr.setContent(std::make_shared<TXTRecordContent>("2"));
   return dzr;
@@ -134,24 +143,24 @@ void CatalogInfo::toDNSZoneRecords(const ZoneName& zone, vector<DNSZoneRecord>&
   }
   prefix += g_zonesdnsname + zone.operator const DNSName&();
 
+  // member zone
   DNSZoneRecord dzr;
   dzr.dr.d_name = prefix;
-  dzr.dr.d_ttl = 0;
   dzr.dr.d_type = QType::PTR;
   dzr.dr.setContent(std::make_shared<PTRRecordContent>(d_zone.operator const DNSName&().toString()));
   dzrs.emplace_back(dzr);
 
+  // coo property
   if (!d_coo.empty()) {
     dzr.dr.d_name = g_coodnsname + prefix;
-    dzr.dr.d_ttl = 0;
     dzr.dr.d_type = QType::PTR;
     dzr.dr.setContent(std::make_shared<PTRRecordContent>(d_coo));
     dzrs.emplace_back(dzr);
   }
 
+  // group properties
   for (const auto& group : d_group) {
     dzr.dr.d_name = g_groupdnsname + prefix;
-    dzr.dr.d_ttl = 0;
     dzr.dr.d_type = QType::TXT;
     dzr.dr.setContent(std::make_shared<TXTRecordContent>("\"" + group + "\""));
     dzrs.emplace_back(dzr);

pdns/auth-catalogzone.hh

@@ -59,7 +59,7 @@ public:
   std::string toJson() const;
   void setType(CatalogType type) { d_type = type; }
 
-  void updateHash(CatalogHashMap& hashes, const DomainInfo& di) const;
+  static void updateCatalogHash(CatalogHashMap& hashes, const DomainInfo& di);
   DNSName getUnique() const { return DNSName(toBase32Hex(hashQNameWithSalt(std::to_string(d_id), 0, DNSName(d_zone)))); } // salt with domain id to detect recreated zones
   static DNSZoneRecord getCatalogVersionRecord(const ZoneName& zone);
   void toDNSZoneRecords(const ZoneName& zone, vector<DNSZoneRecord>& dzrs) const;
@@ -78,4 +78,6 @@ public:
 private:
   CatalogType d_type;
   json11::Json d_doc;
+
+  bool parseJson(const std::string& json, CatalogType type);
 };

pdns/auth-primarycommunicator.cc

@@ -173,17 +173,22 @@ void CommunicatorClass::getUpdatedProducers(UeberBackend* B, vector<DomainInfo>&
           continue;
         }
 
-        B->setDomainMetadata(di.zone, "CATALOG-HASH", mapHash);
+        SOAData sd;
+        try {
+          if (!B->getSOAUncached(di.zone, sd)) {
+            SLOG(g_log << Logger::Warning << "SOA lookup failed for producer zone '" << di.zone << "'" << endl,
+                 d_slog->info(Logr::Warning, "SOA lookup failed for producer zone", "zone", Logging::Loggable(di.zone)));
+            continue;
+          }
+        }
+        catch (...) {
+          continue;
+        }
 
         SLOG(g_log << Logger::Warning << "new CATALOG-HASH '" << mapHash << "' for zone '" << di.zone << "'" << endl,
              d_slog->info(Logr::Warning, "new CATALOG-HASH for zone", "zone", Logging::Loggable(di.zone), "hash", Logging::Loggable(mapHash)));
 
-        SOAData sd;
-        if (!B->getSOAUncached(di.zone, sd)) {
-          SLOG(g_log << Logger::Warning << "SOA lookup failed for producer zone '" << di.zone << "'" << endl,
-               d_slog->info(Logr::Warning, "SOA lookup failed for producer zone", "zone", Logging::Loggable(di.zone)));
-          continue;
-        }
+        B->setDomainMetadata(di.zone, "CATALOG-HASH", mapHash);
 
         DNSResourceRecord rr;
         makeIncreasedSOARecord(sd, "EPOCH", "", rr, d_slog);

pdns/backends/gsql/gsqlbackend.cc

@@ -474,8 +474,8 @@ void GSQLBackend::getUnfreshSecondaryInfos(vector<DomainInfo>* unfreshDomains)
         continue;
       }
       catch (...) {
-        SLOG(g_log << Logger::Warning << __PRETTY_FUNCTION__ << " error while parsing SOA data for zone '" << di.zone << endl,
-           d_slog->info(Logr::Warning, "error while parsing SOA data", "zone", Logging::Loggable(di.zone)));
+        SLOG(g_log << Logger::Warning << __PRETTY_FUNCTION__ << " error while parsing SOA data for zone '" << di.zone << "'" << endl,
+             d_slog->info(Logr::Warning, "error while parsing SOA data", "zone", Logging::Loggable(di.zone)));
         continue;
       }
 
@@ -606,7 +606,7 @@ void GSQLBackend::getUpdatedPrimaries(vector<DomainInfo>& updatedDomains, std::u
 
     if (pdns_iequals(row[2], "PRODUCER")) {
       catalogs.insert(di.zone.operator const DNSName&());
-      catalogHashes[di.zone].process("\0");
+      catalogHashes[di.zone].process("");
       continue; // Producer freshness check is performed elsewhere
     }
     else if (!pdns_iequals(row[2], "MASTER")) {
@@ -616,8 +616,8 @@ void GSQLBackend::getUpdatedPrimaries(vector<DomainInfo>& updatedDomains, std::u
 
     try {
       if (!row[5].empty()) {
-        ci.fromJson(row[4], CatalogInfo::CatalogType::Producer);
-        ci.updateHash(catalogHashes, di);
+        di.options = row[4];
+        CatalogInfo::updateCatalogHash(catalogHashes, di);
       }
     }
     catch (const std::exception& e) {
@@ -653,6 +653,7 @@ void GSQLBackend::getUpdatedPrimaries(vector<DomainInfo>& updatedDomains, std::u
       di.kind = DomainInfo::Primary;
       di.serial = sd.serial;
       di.catalog.clear();
+      di.options.clear();
 
       updatedDomains.emplace_back(di);
     }