From 3d72be07448fd435640c6d0fdc2859601319d07e Mon Sep 17 00:00:00 2001
From: Martin Schanzenbach <schanzen@gnunet.org>
Date: Thu, 3 Feb 2022 18:12:10 +0100
Subject: GNS: Introduce CRITICAL flag. Fixes #7169

---
 contrib/gana                               |  2 +-
 src/gns/gnunet-service-gns_resolver.c      |  7 ++++++-
 src/gns/plugin_gnsrecord_gns.c             | 15 +++++++++++++++
 src/gnsrecord/gnsrecord.c                  | 21 +++++++++++++++++++++
 src/gnsrecord/plugin_gnsrecord_dns.c       |  7 +++++++
 src/gnsrecord/test_gnsrecord_testvectors.c | 30 +++++++++++++++++-------------
 src/include/gnunet_gnsrecord_lib.h         |  9 +++++++++
 src/include/gnunet_gnsrecord_plugin.h      | 17 +++++++++++++++++
 src/namestore/gnunet-service-namestore.c   |  2 ++
 src/zonemaster/gnunet-service-zonemaster.c |  6 +++++-
 10 files changed, 100 insertions(+), 16 deletions(-)

diff --git a/contrib/gana b/contrib/gana
index 3a71278a2..8bdb18073 160000
--- a/contrib/gana
+++ b/contrib/gana
@@ -1 +1 @@
-Subproject commit 3a71278a2aab67f9a1888af172b507d6e08364cf
+Subproject commit 8bdb180732314481667944cb90c1f3b148bd0088
diff --git a/src/gns/gnunet-service-gns_resolver.c b/src/gns/gnunet-service-gns_resolver.c
index 51e650b4f..f232fb272 100644
--- a/src/gns/gnunet-service-gns_resolver.c
+++ b/src/gns/gnunet-service-gns_resolver.c
@@ -2393,12 +2393,17 @@ handle_gns_resolution_result (void *cls,
                                &rd[0]);
     return;
 
-  default:
+  case GNUNET_GNSRECORD_TYPE_GNS2DNS:
     if (GNUNET_OK ==
         recursive_gns2dns_resolution (rh,
                                       rd_count,
                                       rd))
       return;
+  default:
+    if (GNUNET_YES != GNUNET_GNSRECORD_is_critical (rd[0].record_type))
+      return;
+    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                _ ("Unable to process critical delegation record\n"));
     break;
   }
 fail:
diff --git a/src/gns/plugin_gnsrecord_gns.c b/src/gns/plugin_gnsrecord_gns.c
index b37e84ea3..f270e4473 100644
--- a/src/gns/plugin_gnsrecord_gns.c
+++ b/src/gns/plugin_gnsrecord_gns.c
@@ -323,6 +323,7 @@ static struct
                      { "VPN", GNUNET_GNSRECORD_TYPE_VPN },
                      { "GNS2DNS", GNUNET_GNSRECORD_TYPE_GNS2DNS },
                      { "BOX", GNUNET_GNSRECORD_TYPE_BOX },
+                     { "REDIRECT", GNUNET_GNSRECORD_TYPE_REDIRECT },
                      { NULL, UINT32_MAX } };
 
 
@@ -365,6 +366,19 @@ gns_number_to_typename (void *cls, uint32_t type)
 }
 
 
+static enum GNUNET_GenericReturnValue
+gns_is_critical (void *cls, uint32_t type)
+{
+  return ((type == GNUNET_GNSRECORD_TYPE_PKEY) ||
+          (type == GNUNET_GNSRECORD_TYPE_EDKEY) ||
+          (type == GNUNET_GNSRECORD_TYPE_GNS2DNS) ||
+          (type == GNUNET_GNSRECORD_TYPE_REDIRECT) ?
+          GNUNET_YES : GNUNET_NO);
+}
+
+
+
+
 /**
  * Entry point for the plugin.
  *
@@ -381,6 +395,7 @@ libgnunet_plugin_gnsrecord_gns_init (void *cls)
   api->string_to_value = &gns_string_to_value;
   api->typename_to_number = &gns_typename_to_number;
   api->number_to_typename = &gns_number_to_typename;
+  api->is_critical = &gns_is_critical;
   return api;
 }
 
diff --git a/src/gnsrecord/gnsrecord.c b/src/gnsrecord/gnsrecord.c
index e9994a868..52c480ef6 100644
--- a/src/gnsrecord/gnsrecord.c
+++ b/src/gnsrecord/gnsrecord.c
@@ -260,4 +260,25 @@ GNUNET_GNSRECORD_number_to_typename (uint32_t type)
 }
 
 
+enum GNUNET_GenericReturnValue
+GNUNET_GNSRECORD_is_critical (uint32_t type)
+{
+  struct Plugin *plugin;
+
+  if (GNUNET_GNSRECORD_TYPE_ANY == type)
+    return GNUNET_NO;
+  init ();
+  for (unsigned int i = 0; i < num_plugins; i++)
+  {
+    plugin = gns_plugins[i];
+    if (NULL == plugin->api->is_critical)
+      continue;
+    if (GNUNET_NO == plugin->api->is_critical (plugin->api->cls, type))
+      continue;
+    return GNUNET_YES;
+  }
+  return GNUNET_NO;
+}
+
+
 /* end of gnsrecord.c */
diff --git a/src/gnsrecord/plugin_gnsrecord_dns.c b/src/gnsrecord/plugin_gnsrecord_dns.c
index 123c59905..649133cd1 100644
--- a/src/gnsrecord/plugin_gnsrecord_dns.c
+++ b/src/gnsrecord/plugin_gnsrecord_dns.c
@@ -773,6 +773,12 @@ dns_number_to_typename (void *cls, uint32_t type)
 }
 
 
+static enum GNUNET_GenericReturnValue
+dns_is_critical (void *cls, uint32_t type)
+{
+  return GNUNET_NO;
+}
+
 /**
  * Entry point for the plugin.
  *
@@ -789,6 +795,7 @@ libgnunet_plugin_gnsrecord_dns_init (void *cls)
   api->string_to_value = &dns_string_to_value;
   api->typename_to_number = &dns_typename_to_number;
   api->number_to_typename = &dns_number_to_typename;
+  api->is_critical = &dns_is_critical;
   return api;
 }
 
diff --git a/src/gnsrecord/test_gnsrecord_testvectors.c b/src/gnsrecord/test_gnsrecord_testvectors.c
index 153c56261..6419f9c94 100644
--- a/src/gnsrecord/test_gnsrecord_testvectors.c
+++ b/src/gnsrecord/test_gnsrecord_testvectors.c
@@ -10,11 +10,11 @@
 
 
 static char *d =
-"50d7b652a4efeadff37396909785e5952171a02178c8e7d450fa907925fafd98";
+  "50d7b652a4efeadff37396909785e5952171a02178c8e7d450fa907925fafd98";
 
 
 static char *zid =
-"00010000677c477d2d93097c85b195c6f96d84ff61f5982c2c4fe02d5a11fedfb0c2901f";
+  "00010000677c477d2d93097c85b195c6f96d84ff61f5982c2c4fe02d5a11fedfb0c2901f";
 
 #define RRCOUNT 2
 #define LABEL "test"
@@ -31,12 +31,12 @@ static char *zid =
 #define R1_TYPE 65536
 #define R1_FLAGS 2
 #define R1_DATA \
-"000100000e601be42eb57fb4697610cf3a3b18347b65a33f025b5b174abefb30807bfecf"
+  "000100000e601be42eb57fb4697610cf3a3b18347b65a33f025b5b174abefb30807bfecf"
 
 #define R1_RRBLOCK \
-"000100008e16da87203b5159c5538e9b765742e968c54af9afbc0890dc80205ad14c84e107b0c115fc0089aa38b9c7ab9cbe1d77040d282a51a2ad493f61f3495f02d8170fe473a55ec6bdf9a509ab1701ffc37ea3bb4cac4a672520986df96e67cc1a73000000940000000f0034e53be193799100e4837eb5d04f92903de4b5234e8ccac5736c9793379a59c33375fc8951aca2eb7aad067bf9af60bf26758646a17f5e5c3b6215f94079545b1c4d4f1b2ebb22c2b4dad44126817b6f001530d476401dd67ac0148554e806353da9e4298079f3e1b16942c48d90c4360c61238c40d9d52911aea52cc0037ac7160bb3cf5b2f4a722fd96b"
+  "000100008e16da87203b5159c5538e9b765742e968c54af9afbc0890dc80205ad14c84e107b0c115fc0089aa38b9c7ab9cbe1d77040d282a51a2ad493f61f3495f02d8170fe473a55ec6bdf9a509ab1701ffc37ea3bb4cac4a672520986df96e67cc1a73000000940000000f0034e53be193799100e4837eb5d04f92903de4b5234e8ccac5736c9793379a59c33375fc8951aca2eb7aad067bf9af60bf26758646a17f5e5c3b6215f94079545b1c4d4f1b2ebb22c2b4dad44126817b6f001530d476401dd67ac0148554e806353da9e4298079f3e1b16942c48d90c4360c61238c40d9d52911aea52cc0037ac7160bb3cf5b2f4a722fd96b"
 
-int parsehex(char *src, char *dst, size_t dstlen, int invert)
+int parsehex (char *src, char *dst, size_t dstlen, int invert)
 {
   char *line = src;
   char *data = line;
@@ -44,7 +44,8 @@ int parsehex(char *src, char *dst, size_t dstlen, int invert)
   int read_byte;
   int data_len = 0;
 
-  while (sscanf(data, " %02x%n", &read_byte, &off) == 1) {
+  while (sscanf (data, " %02x%n", &read_byte, &off) == 1)
+  {
     if (invert)
       dst[dstlen - 1 - data_len++] = read_byte;
     else
@@ -62,8 +63,8 @@ res_checker (void *cls,
   int r1_found = 0;
   char r0_data[R0_DATA_SIZE];
   char r1_data[R1_DATA_SIZE];
-  parsehex(R0_DATA, (char*)r0_data, 0, 0);
-  parsehex(R1_DATA, (char*)r1_data, 0, 0);
+  parsehex (R0_DATA, (char*) r0_data, 0, 0);
+  parsehex (R1_DATA, (char*) r1_data, 0, 0);
   GNUNET_assert (rd_count == RRCOUNT);
   for (int i = 0; i < RRCOUNT; i++)
   {
@@ -104,7 +105,7 @@ res_checker (void *cls,
 
 
 int
-main()
+main ()
 {
   struct GNUNET_IDENTITY_PrivateKey priv;
   struct GNUNET_IDENTITY_PublicKey pub;
@@ -112,13 +113,16 @@ main()
   struct GNUNET_GNSRECORD_Block *rrblock;
   char *bdata;
 
-  parsehex(d,(char*)&priv.ecdsa_key, sizeof (priv.ecdsa_key), 1);
+  parsehex (d,(char*) &priv.ecdsa_key, sizeof (priv.ecdsa_key), 1);
   priv.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
-  parsehex(zid,(char*)&pub_parsed, 0, 0);
-  GNUNET_IDENTITY_key_get_public(&priv, &pub);
+  parsehex (zid,(char*) &pub_parsed, 0, 0);
+  GNUNET_IDENTITY_key_get_public (&priv, &pub);
   GNUNET_assert (0 == memcmp (&pub, &pub_parsed, sizeof (pub)));
   rrblock = GNUNET_malloc (strlen (R1_RRBLOCK) / 2);
-  parsehex(R1_RRBLOCK, (char*)rrblock, 0, 0);
+  parsehex (R1_RRBLOCK, (char*) rrblock, 0, 0);
+  GNUNET_assert (GNUNET_YES
+                 == GNUNET_GNSRECORD_is_critical_record_type (
+                   GNUNET_GNSRECORD_TYPE_PKEY));
   GNUNET_GNSRECORD_block_decrypt (rrblock,
                                   &pub_parsed,
                                   LABEL,
diff --git a/src/include/gnunet_gnsrecord_lib.h b/src/include/gnunet_gnsrecord_lib.h
index fdbac3cf5..2b2bd4952 100644
--- a/src/include/gnunet_gnsrecord_lib.h
+++ b/src/include/gnunet_gnsrecord_lib.h
@@ -700,6 +700,15 @@ GNUNET_GNSRECORD_data_from_identity (const struct
 enum GNUNET_GenericReturnValue
 GNUNET_GNSRECORD_is_zonekey_type (uint32_t type);
 
+/**
+ * Check if this type is a critical record.
+ *
+ * @param type the type to check
+ * @return GNUNET_YES if it is critical.
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_GNSRECORD_is_critical (uint32_t type);
+
 
 #if 0 /* keep Emacsens' auto-indent happy */
 {
diff --git a/src/include/gnunet_gnsrecord_plugin.h b/src/include/gnunet_gnsrecord_plugin.h
index aec22c3af..84b7c3c23 100644
--- a/src/include/gnunet_gnsrecord_plugin.h
+++ b/src/include/gnunet_gnsrecord_plugin.h
@@ -105,6 +105,18 @@ typedef const char *
 (*GNUNET_GNSRECORD_NumberToTypenameFunction) (void *cls,
                                               uint32_t type);
 
+/**
+ * Function called to check for critical records.
+ *
+ * @param cls closure
+ * @param type number of a type to check
+ * @return GNUNET_YES if critical, otherwise GNUNET_NO
+ */
+typedef enum GNUNET_GenericReturnValue
+(*GNUNET_GNSRECORD_IsCriticalFunction) (void *cls,
+                                        uint32_t type);
+
+
 
 /**
  * Each plugin is required to return a pointer to a struct of this
@@ -136,6 +148,11 @@ struct GNUNET_GNSRECORD_PluginFunctions
    * Number to typename.
    */
   GNUNET_GNSRECORD_NumberToTypenameFunction number_to_typename;
+
+  /**
+   * Is critical.
+   */
+  GNUNET_GNSRECORD_IsCriticalFunction is_critical;
 };
 
 /** @} */  /* end of group */
diff --git a/src/namestore/gnunet-service-namestore.c b/src/namestore/gnunet-service-namestore.c
index 9b2d9b6f3..3842621ae 100644
--- a/src/namestore/gnunet-service-namestore.c
+++ b/src/namestore/gnunet-service-namestore.c
@@ -1545,6 +1545,8 @@ handle_record_store (void *cls, const struct RecordStoreMessage *rp_msg)
           cache_nick (&rp_msg->private_key, &rd[i]);
           have_nick = GNUNET_YES;
         }
+        if (GNUNET_YES == GNUNET_GNSRECORD_is_critical (rd[i].record_type))
+          rd_clean[i].flags |= GNUNET_GNSRECORD_RF_CRITICAL;
       }
       if ((0 == strcmp (GNUNET_GNS_EMPTY_LABEL_AT, conv_name)) &&
           (GNUNET_NO == have_nick))
diff --git a/src/zonemaster/gnunet-service-zonemaster.c b/src/zonemaster/gnunet-service-zonemaster.c
index bacafb97c..9ff1a97b8 100644
--- a/src/zonemaster/gnunet-service-zonemaster.c
+++ b/src/zonemaster/gnunet-service-zonemaster.c
@@ -562,7 +562,11 @@ convert_records_for_export (const struct GNUNET_GNSRECORD_Data *rd,
         GNUNET_MIN (rd[i].expiration_time,
                     min_relative_record_time.rel_value_us);
     }
-    rd_public[rd_public_count++] = rd[i];
+    rd_public[rd_public_count] = rd[i];
+    /* Make sure critical record types are published as such */
+    if (GNUNET_YES == GNUNET_GNSRECORD_is_critical (rd[i].record_type))
+      rd_public[rd_public_count].flags |= GNUNET_GNSRECORD_RF_CRITICAL;
+    rd_public_count++;
   }
   return rd_public_count;
 }
-- 
cgit v1.2.3