Commit 08c0b746 authored by Vladimír Čunát's avatar Vladimír Čunát

knot_dname_in(): replace

This second part of API replacement in particular lengthens the code,
but I hope the new expression will be easier to understand at least.
parent 64d03716
......@@ -173,7 +173,7 @@ static int kr_rrset_validate_with_key(kr_rrset_validation_ctx_t *vctx,
/* It's just caller's approximation that the RR is in that particular zone.
* We MUST guard against attempts of zones signing out-of-bailiwick records. */
if (!knot_dname_in(zone_name, covered->owner)) {
if (knot_dname_in_bailiwick(covered->owner, zone_name) < 0) {
vctx->result = kr_error(ENOENT);
return vctx->result;
}
......
......@@ -98,7 +98,8 @@ static bool is_authoritative(const knot_pkt_t *answer, struct kr_query *query)
const knot_pktsection_t *ns = knot_pkt_section(answer, KNOT_AUTHORITY);
for (unsigned i = 0; i < ns->count; ++i) {
const knot_rrset_t *rr = knot_pkt_rr(ns, i);
if (rr->type == KNOT_RRTYPE_SOA && knot_dname_in(query->zone_cut.name, rr->owner)) {
if (rr->type == KNOT_RRTYPE_SOA
&& knot_dname_in_bailiwick(rr->owner, query->zone_cut.name) >= 0) {
return true;
}
}
......@@ -260,8 +261,9 @@ static int update_cut(knot_pkt_t *pkt, const knot_rrset_t *rr,
/* New authority MUST be at/below the authority of the current cut;
* also qname must be below new authority;
* otherwise it's a possible cache injection attempt. */
if (!knot_dname_in(current_cut, rr->owner) ||
!knot_dname_in(rr->owner, qry->sname)) {
const bool ok = knot_dname_in_bailiwick(rr->owner, current_cut) >= 0
&& knot_dname_in_bailiwick(qry->sname, rr->owner) >= 0;
if (!ok) {
VERBOSE_MSG("<= authority: ns outside bailiwick\n");
#ifdef STRICT_MODE
return KR_STATE_FAIL;
......@@ -297,7 +299,8 @@ static int update_cut(knot_pkt_t *pkt, const knot_rrset_t *rr,
++i, rdata_i = knot_rdataset_next(rdata_i)) {
const knot_dname_t *ns_name = knot_ns_name(rdata_i);
/* Glue is mandatory for NS below zone */
if (knot_dname_in(rr->owner, ns_name) && !has_glue(pkt, ns_name)) {
if (knot_dname_in_bailiwick(ns_name, rr->owner) >= 0
&& !has_glue(pkt, ns_name)) {
const char *msg =
"<= authority: missing mandatory glue, skipping NS";
WITH_VERBOSE(qry) {
......@@ -310,13 +313,14 @@ static int update_cut(knot_pkt_t *pkt, const knot_rrset_t *rr,
assert(!ret); (void)ret;
/* Choose when to use glue records. */
bool in_bailiwick = knot_dname_in(current_cut, ns_name);
const bool in_bailiwick =
knot_dname_in_bailiwick(ns_name, current_cut) >= 0;
bool do_fetch;
if (qry->flags.PERMISSIVE) {
do_fetch = true;
} else if (qry->flags.STRICT) {
/* Strict mode uses only mandatory glue. */
do_fetch = knot_dname_in(cut->name, ns_name);
do_fetch = knot_dname_in_bailiwick(ns_name, cut->name) >= 0;
} else {
/* Normal mode uses in-bailiwick glue. */
do_fetch = in_bailiwick;
......@@ -369,7 +373,8 @@ static int pick_authority(knot_pkt_t *pkt, struct kr_request *req, bool to_wire)
for (unsigned i = 0; i < ns->count; ++i) {
const knot_rrset_t *rr = knot_pkt_rr(ns, i);
if (rr->rclass != KNOT_CLASS_IN || !knot_dname_in(zonecut_name, rr->owner)) {
if (rr->rclass != KNOT_CLASS_IN
|| knot_dname_in_bailiwick(rr->owner, zonecut_name) < 0) {
continue;
}
uint8_t rank = get_initial_rank(rr, qry, false,
......@@ -511,7 +516,7 @@ static int unroll_cname(knot_pkt_t *pkt, struct kr_request *req, bool referral,
/* TODO: actually handle DNAMEs */
if (rr->rclass != KNOT_CLASS_IN || !type_OK
|| !knot_dname_is_equal(rr->owner, cname)
|| !knot_dname_in(query->zone_cut.name, rr->owner)) {
|| knot_dname_in_bailiwick(rr->owner, query->zone_cut.name) < 0) {
continue;
}
......@@ -577,7 +582,7 @@ static int unroll_cname(knot_pkt_t *pkt, struct kr_request *req, bool referral,
break;
}
/* Information outside bailiwick is not trusted. */
if (!knot_dname_in(query->zone_cut.name, pending_cname)) {
if (knot_dname_in_bailiwick(pending_cname, query->zone_cut.name) < 0) {
cname = pending_cname;
break;
}
......
......@@ -207,7 +207,8 @@ static int validate_keyset(struct kr_request *req, knot_pkt_t *answer, bool has_
const knot_pktsection_t *an = knot_pkt_section(answer, KNOT_ANSWER);
for (unsigned i = 0; i < an->count; ++i) {
const knot_rrset_t *rr = knot_pkt_rr(an, i);
if ((rr->type != KNOT_RRTYPE_DNSKEY) || !knot_dname_in(qry->zone_cut.name, rr->owner)) {
if (rr->type != KNOT_RRTYPE_DNSKEY
|| knot_dname_in_bailiwick(rr->owner, qry->zone_cut.name) < 0) {
continue;
}
/* Merge with zone cut (or replace ancestor key). */
......@@ -493,7 +494,7 @@ static int rrsig_not_found(kr_layer_t *ctx, const knot_rrset_t *rr)
struct kr_zonecut *cut = &qry->zone_cut;
const knot_dname_t *cut_name_start = qry->zone_cut.name;
bool use_cut = true;
if (!knot_dname_in(cut_name_start, rr->owner)) {
if (knot_dname_in_bailiwick(rr->owner, cut_name_start) < 0) {
int zone_labels = knot_dname_labels(qry->zone_cut.name, NULL);
int matched_labels = knot_dname_matched_labels(qry->zone_cut.name, rr->owner);
int skip_labels = zone_labels - matched_labels;
......@@ -794,7 +795,8 @@ static void rank_records(kr_layer_t *ctx, enum kr_rank rank_to_set,
if (entry->qry_uid != qry->uid) {
continue;
}
if (bailiwick && !knot_dname_in(bailiwick, entry->rr->owner)) {
if (bailiwick && knot_dname_in_bailiwick(entry->rr->owner,
bailiwick) < 0) {
continue;
}
if (kr_rank_test(entry->rank, KR_RANK_INITIAL)
......
......@@ -1003,7 +1003,7 @@ static int forward_trust_chain_check(struct kr_request *request, struct kr_query
if (qry->parent != NULL &&
!(qry->forward_flags.CNAME) &&
!(qry->flags.DNS64_MARK) &&
knot_dname_in(qry->parent->zone_cut.name, qry->zone_cut.name)) {
knot_dname_in_bailiwick(qry->zone_cut.name, qry->parent->zone_cut.name) >= 0) {
return KR_STATE_PRODUCE;
}
......@@ -1298,7 +1298,8 @@ static int zone_cut_check(struct kr_request *request, struct kr_query *qry, knot
* (and need glue from parent), or DS refetch. */
if (qry->parent) {
const knot_dname_t *parent = qry->parent->zone_cut.name;
if (parent[0] != '\0' && knot_dname_in(parent, qry->sname)) {
if (parent[0] != '\0'
&& knot_dname_in_bailiwick(qry->sname, parent) >= 0) {
requested_name = knot_wire_next_label(parent, NULL);
}
} else if ((qry->stype == KNOT_RRTYPE_DS) && (qry->sname[0] != '\0')) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment