Skip to content

Commit

Permalink
clang-tidy: more descriptive variable name
Browse files Browse the repository at this point in the history
  • Loading branch information
@Habbie
Habbie committed Mar 25, 2024
1 parent 52c9ffb commit 4ec1794
Showing 1 changed file with 19 additions and 19 deletions.
38 changes: 19 additions & 19 deletions pdns/rfc2136handler.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -661,19 +661,19 @@ int PacketHandler::forwardPacket(const string &msgPrefix, const DNSPacket& p, co

}

int PacketHandler::processUpdate(DNSPacket& p) { // NOLINT(readability-function-cognitive-complexity)
int PacketHandler::processUpdate(DNSPacket& packet) { // NOLINT(readability-function-cognitive-complexity)
if (! ::arg().mustDo("dnsupdate"))
return RCode::Refused;

string msgPrefix="UPDATE (" + std::to_string(p.d.id) + ") from " + p.getRemoteString() + " for " + p.qdomain.toLogString() + ": ";
string msgPrefix="UPDATE (" + std::to_string(packet.d.id) + ") from " + packet.getRemoteString() + " for " + packet.qdomain.toLogString() + ": ";
g_log<<Logger::Info<<msgPrefix<<"Processing started."<<endl;

// if there is policy, we delegate all checks to it
if (this->d_update_policy_lua == nullptr) {

// Check permissions - IP based
vector<string> allowedRanges;
B.getDomainMetadata(p.qdomain, "ALLOW-DNSUPDATE-FROM", allowedRanges);
B.getDomainMetadata(packet.qdomain, "ALLOW-DNSUPDATE-FROM", allowedRanges);
if (! ::arg()["allow-dnsupdate-from"].empty())
stringtok(allowedRanges, ::arg()["allow-dnsupdate-from"], ", \t" );

Expand All @@ -682,28 +682,28 @@ int PacketHandler::processUpdate(DNSPacket& p) { // NOLINT(readability-function-
ng.addMask(i);
}

if ( ! ng.match(p.getInnerRemote())) {
if ( ! ng.match(packet.getInnerRemote())) {
g_log<<Logger::Error<<msgPrefix<<"Remote not listed in allow-dnsupdate-from or domainmetadata. Sending REFUSED"<<endl;
return RCode::Refused;
}


// Check permissions - TSIG based.
vector<string> tsigKeys;
B.getDomainMetadata(p.qdomain, "TSIG-ALLOW-DNSUPDATE", tsigKeys);
B.getDomainMetadata(packet.qdomain, "TSIG-ALLOW-DNSUPDATE", tsigKeys);
if (tsigKeys.size() > 0) {
bool validKey = false;

TSIGRecordContent trc;
DNSName inputkey;
string message;
if (! p.getTSIGDetails(&trc, &inputkey)) {
if (! packet.getTSIGDetails(&trc, &inputkey)) {
g_log<<Logger::Error<<msgPrefix<<"TSIG key required, but packet does not contain key. Sending REFUSED"<<endl;
return RCode::Refused;
}
#ifdef ENABLE_GSS_TSIG
if (g_doGssTSIG && p.d_tsig_algo == TSIG_GSS) {
GssName inputname(p.d_peer_principal); // match against principal since GSS requires that
if (g_doGssTSIG && packet.d_tsig_algo == TSIG_GSS) {
GssName inputname(packet.d_peer_principal); // match against principal since GSS requires that
for(const auto& key: tsigKeys) {
if (inputname.match(key)) {
validKey = true;
Expand Down Expand Up @@ -731,39 +731,39 @@ int PacketHandler::processUpdate(DNSPacket& p) { // NOLINT(readability-function-
return RCode::Refused;
}

if (tsigKeys.size() == 0 && p.d_havetsig)
if (tsigKeys.size() == 0 && packet.d_havetsig)

Check warning on line 734 in pdns/rfc2136handler.cc

View workflow job for this annotation

GitHub Actions / Analyze (cpp, auth) 

the 'empty' method should be used to check for emptiness instead of 'size' (readability-container-size-empty - Level=Warning)

Check warning on line 734 in pdns/rfc2136handler.cc

View workflow job for this annotation

GitHub Actions / Analyze (cpp, auth) 

statement should be inside braces (readability-braces-around-statements - Level=Warning)
g_log<<Logger::Warning<<msgPrefix<<"TSIG is provided, but domain is not secured with TSIG. Processing continues"<<endl;

}

// RFC2136 uses the same DNS Header and Message as defined in RFC1035.
// This means we can use the MOADNSParser to parse the incoming packet. The result is that we have some different
// variable names during the use of our MOADNSParser.
MOADNSParser mdp(false, p.getString());
MOADNSParser mdp(false, packet.getString());
if (mdp.d_header.qdcount != 1) {
g_log<<Logger::Warning<<msgPrefix<<"Zone Count is not 1, sending FormErr"<<endl;
return RCode::FormErr;
}

if (p.qtype.getCode() != QType::SOA) { // RFC2136 2.3 - ZTYPE must be SOA
if (packet.qtype.getCode() != QType::SOA) { // RFC2136 2.3 - ZTYPE must be SOA
g_log<<Logger::Warning<<msgPrefix<<"Query ZTYPE is not SOA, sending FormErr"<<endl;
return RCode::FormErr;
}

if (p.qclass != QClass::IN) {
if (packet.qclass != QClass::IN) {
g_log<<Logger::Warning<<msgPrefix<<"Class is not IN, sending NotAuth"<<endl;
return RCode::NotAuth;
}

DomainInfo di;
di.backend=nullptr;
if(!B.getDomainInfo(p.qdomain, di) || !di.backend) {
g_log<<Logger::Error<<msgPrefix<<"Can't determine backend for domain '"<<p.qdomain<<"' (or backend does not support DNS update operation)"<<endl;
if(!B.getDomainInfo(packet.qdomain, di) || !di.backend) {

Check warning on line 760 in pdns/rfc2136handler.cc

View workflow job for this annotation

GitHub Actions / Analyze (cpp, auth) 

implicit conversion 'DNSBackend *' -> bool (readability-implicit-bool-conversion - Level=Warning)
g_log<<Logger::Error<<msgPrefix<<"Can't determine backend for domain '"<<packet.qdomain<<"' (or backend does not support DNS update operation)"<<endl;
return RCode::NotAuth;
}

if (di.kind == DomainInfo::Secondary)
return forwardPacket(msgPrefix, p, di);
return forwardPacket(msgPrefix, packet, di);

// Check if all the records provided are within the zone
for(const auto & answer : mdp.d_answers) {
Expand All @@ -782,8 +782,8 @@ int PacketHandler::processUpdate(DNSPacket& p) { // NOLINT(readability-function-

std::lock_guard<std::mutex> l(s_rfc2136lock); //TODO: i think this lock can be per zone, not for everything
g_log<<Logger::Info<<msgPrefix<<"starting transaction."<<endl;
if (!di.backend->startTransaction(p.qdomain, -1)) { // Not giving the domain_id means that we do not delete the existing records.
g_log<<Logger::Error<<msgPrefix<<"Backend for domain "<<p.qdomain<<" does not support transaction. Can't do Update packet."<<endl;
if (!di.backend->startTransaction(packet.qdomain, -1)) { // Not giving the domain_id means that we do not delete the existing records.
g_log<<Logger::Error<<msgPrefix<<"Backend for domain "<<packet.qdomain<<" does not support transaction. Can't do Update packet."<<endl;
return RCode::NotImp;
}

Expand Down Expand Up @@ -904,7 +904,7 @@ int PacketHandler::processUpdate(DNSPacket& p) { // NOLINT(readability-function-
if (rr->d_place == DNSResourceRecord::AUTHORITY) {
/* see if it's permitted by policy */
if (this->d_update_policy_lua != nullptr) {
if (this->d_update_policy_lua->updatePolicy(rr->d_name, QType(rr->d_type), di.zone, p) == false) {
if (this->d_update_policy_lua->updatePolicy(rr->d_name, QType(rr->d_type), di.zone, packet) == false) {

Check warning on line 907 in pdns/rfc2136handler.cc

View workflow job for this annotation

GitHub Actions / Analyze (cpp, auth) 

redundant boolean literal supplied to boolean operator (readability-simplify-boolean-expr - Level=Warning)
g_log<<Logger::Warning<<msgPrefix<<"Refusing update for " << rr->d_name << "/" << QType(rr->d_type).toString() << ": Not permitted by policy"<<endl;
continue;
} else {
Expand Down Expand Up @@ -995,7 +995,7 @@ int PacketHandler::processUpdate(DNSPacket& p) { // NOLINT(readability-function-
// Notify secondaries
if (di.kind == DomainInfo::Primary) {
vector<string> notify;
B.getDomainMetadata(p.qdomain, "NOTIFY-DNSUPDATE", notify);
B.getDomainMetadata(packet.qdomain, "NOTIFY-DNSUPDATE", notify);
if (!notify.empty() && notify.front() == "1") {
Communicator.notifyDomain(di.zone, &B);
}
Expand Down

0 comments on commit 4ec1794

Please sign in to comment.