Changeset 996 for branches

Timestamp:

01/22/26 18:21:37 (6 days ago)

Author:

Kris Deugau

Message:

/branches/cname-collision

Significant rewrite of most of the collision lookups due to edge cases
checking for various overlapping expiry/valid-after timestamps and
optionally resetting them to non-overlapping values.
Includes a truth table in a .ods spreadsheet.
See #72

Location:

branches/cname-collision

Files:

• DNSDB.pm (modified) (2 diffs)
• collision-truth-table.ods (added)

branches/cname-collision/DNSDB.pm

@@ -645 +645 @@
   foreach my $tcompare ('<>', '=') {
     next if $tcompare eq '<>' && ${$args{rectype}} != 5;
+
+# Merging these sets of SQL statements is far too messy and doesn't reasonably
+# allow for more fine-grained error/warning messages to be returned
+
+    # First lookup fails out collisions with records without timestamps or default records (which can not have timestamps)
     my $sql = "SELECT count(*) FROM "._rectable($args{defrec}, $args{revrec}).
         " WHERE "._recparent($args{defrec}, $args{revrec})." = ? AND type $tcompare 5 AND $hfield = ?";
-    if ($args{defrec} eq 'n') {
-      # Expired records
-      $sql .= " AND (stampactive = 'f' OR (stampactive = 't' AND (expires = 't' AND stamp >= now())))";
-    }
     my @lookupargs = ($args{id}, $hcheck);
+    $sql .= " AND stampactive = 'f'" if $args{defrec} eq 'n';
     if ($args{update}) {
       $sql .= " AND record_id <> ?";
@@ -667 +669 @@
     }
 
-    # Check timestamps of pending active-after records.  Coerce expires-at timestamp down to soonest match if overlapping.
-    if ($args{defrec} eq 'n') {
-      $sql = "SELECT extract(epoch from stamp),stamp < now() FROM "._rectable($args{defrec}, $args{revrec}).
+    # By this point, all failure cases for default records have been checked.
+    # Default records cannot carry timestamps, so cannot have timestamp-based collisions
+    return ('OK','OK') if $args{defrec} ne 'n';
+
+    # Second lookup fails out various timestamp-exists collision cases when adding/updating with a timestamp
+    $sql = "SELECT count(*) FROM "._rectable($args{defrec}, $args{revrec}).
         " WHERE "._recparent($args{defrec}, $args{revrec})." = ? AND type $tcompare 5 AND $hfield = ?".
-        " AND stampactive = 't' AND expires = 'f'";
-      my @lookupargs = ($args{id}, $hcheck);
-      if ($args{update}) {
-        $sql .= " AND record_id <> ?";
-        push @lookupargs, $args{update};
+        " AND stampactive = 't'";
+    @lookupargs = ($args{id}, $hcheck);
+    if (${$args{stamp}} && ${$args{expires}}) {
+      $sql .= " AND expires = ?";
+      push @lookupargs, ${$args{expires}};
+      if ($self->{coerce_cname_timestamp} eq 'none') {
+        # no coercion means new valid-after < existing expires or new expires > existing valid-after will fail
+        $sql .= " AND ". (${$args{expires}} eq 'f' ? "expires = 't' AND stamp <= ?)" : "expires = 'f' AND stamp >= ?");
+        push @lookupargs, ${$args{stamp}};
       }
+    }
+    if ($args{update}) {
+      $sql .= " AND record_id <> ?";
+      push @lookupargs, $args{update};
+    }
+    @t = $dbh->selectrow_array($sql, undef, @lookupargs);
+    if ($t[0] > 0) {
+      if ($tcompare eq '<>') {
+        return ('FAIL', "One or more non-CNAME records with timestamps already exist for ".($args{revrec} eq 'y' ? $arpaname : $hcheck).
+                ".  CNAME records must expire before or become valid after any records with the same name.");
+      } else {
+        return ('FAIL', "There is already a CNAME with a timestamp present for ".($args{revrec} eq 'y' ? $arpaname : $hcheck).
+                ".  Records with a matching name must expire before or become valid after this CNAME.");
+      }
+    }
+
+    # Third check starts retrieving actual timestamps to see if we need to,
+    # and then if we can, coerce the new/updated record's timestamp to match
+    $sql = "SELECT extract(epoch from stamp),expires,stamp < now() FROM "._rectable($args{defrec}, $args{revrec}).
+        " WHERE "._recparent($args{defrec}, $args{revrec})." = ? AND type $tcompare 5 AND $hfield = ?".
+        " AND stampactive = 't'";
+    @lookupargs = ($args{id}, $hcheck);
+    if ($args{update}) {
+      $sql .= " AND record_id <> ?";
+      push @lookupargs, $args{update};
+    }
+    if (${$args{stamp}}) {
+      $sql .= " ORDER BY stamp ".(${$args{expires}} eq 'f' ? 'ASC' : 'DESC' )." LIMIT 1";
+    } else {
       $sql .= " ORDER BY stamp LIMIT 1";
-      my @t = $dbh->selectrow_array($sql, undef, @lookupargs);
-      if (@t) {
-        # existing record with valid-after stamp is present
-        if (${$args{stamp}}) {
-          # caller requested an expiry time
-          if (${$args{expires}} eq 'f') {
-            # valid-after can't be used together with expires-at, so we can't coerce
-            # the new record to expire as well as keeping valid-after
-            return ('FAIL', "Cannot add CNAME, another record with a later valid-after time already exists");
-          }
-          my $reqstamp = str2time(${$args{stamp}});
-          if ($reqstamp < $t[0]) {
-            # do nothing, new record will expire before the one we found
-          } else {
+    }
+    @t = $dbh->selectrow_array($sql, undef, @lookupargs);
+    if (@t) {
+      # caller requested an expiry time
+      if (${$args{expires}} eq 'f') {
+        # valid-after can't be used together with expires-at on one record, so we can't
+        # coerce the new record to expire as well as keeping valid-after
+        if ($tcompare eq '<>') {
+          return ('FAIL', "Cannot ".($args{update} ? 'update' : 'add')." CNAME, another record".
+                " with a valid-after time already exists for this name");
+        } else {
+          return ('FAIL', "Cannot ".($args{update} ? 'update' : 'add')." ".$typemap{${$args{rectype}}}.
+                ", a CNAME with a valid-after time already exists for this name");
+        }
+      } else {
+        my $reqstamp = str2time(${$args{stamp}});
+        if ($reqstamp < $t[0]) {
+          # do nothing, new record will expire before the one we found
+        } else {
+          if ($self->{coerce_cname_timestamp} eq 'adjust') {
             # coerce the expiry timestamp
             ${$args{stamp}} = strftime('%Y-%m-%d %H:%M:%S', localtime($t[0]));
-            return ('WARN', "CNAME added with modified expiry time;  conflicting valid-after record found");
-          }
-        } else {
-          if ($t[1]) {
-            return('FAIL', "Cannot add CNAME, a record with a valid-after time in the past is already present");
+            return ('WARN', $typemap{${$args{rectype}}}." ".($args{update} ? 'updated' : 'added').
+                " with modified expiry time;  conflicting valid-after record found");
           } else {
-            # no expiry requested, but we found a valid-after, so coerce the new record down to expiring at that time
-            ${$args{stamp}} = strftime('%Y-%m-%d %H:%M:%S', localtime($t[0]));
-            ${$args{expires}} = 't';
-            return ('WARN', "CNAME added with expiry time;  conflicting valid-after record found");
+            return ('FAIL', "Cannot ".($args{update} ? 'update' : 'add')." ".$typemap{${$args{rectype}}}.
+                ", another record with an overlapping valid-after timestamp already exists for this name");
           }
         }
-      }
-    } # args{defrecs} eq 'n'
+      } # args{expires} ne 'f'
+    } # if @t
+
   } # each $tcompare