Changeset 1982

Timestamp:

02/07/11 10:31:12 (2 years ago)

Author:

ahu

Message:

make sure that addKey lets us know if it worked, allowing us to spot non-working configurations
unthread the keycache, reintroducing the 'shared key' problem, but plugging a massive memory leak

Location:

trunk/pdns/pdns

Files:

• dbdnsseckeeper.cc (modified) (8 diffs)
• dnsseckeeper.hh (modified) (3 diffs)

trunk/pdns/pdns/dbdnsseckeeper.cc

@@ -36 +36 @@
 using namespace boost;
 
-__thread DNSSECKeeper::keycache_t* DNSSECKeeper::t_keycache;
+DNSSECKeeper::keycache_t DNSSECKeeper::s_keycache;
 DNSSECKeeper::metacache_t DNSSECKeeper::s_metacache;
 pthread_mutex_t DNSSECKeeper::s_metacachelock = PTHREAD_MUTEX_INITIALIZER;
+pthread_mutex_t DNSSECKeeper::s_keycachelock = PTHREAD_MUTEX_INITIALIZER;
 
 bool DNSSECKeeper::isSecuredZone(const std::string& zone) 
@@ -44 +45 @@
   if(isPresigned(zone))
     return true;
-          
-  keycache_t::const_iterator iter = t_keycache->find(zone);
-  if(iter != t_keycache->end() && iter->d_ttd > (unsigned int)time(0)) { 
-    if(iter->d_keys.empty())
-      return false;
+  
+  {
+    Lock l(&s_keycachelock);
+    keycache_t::const_iterator iter = s_keycache.find(zone);
+    if(iter != s_keycache.end() && iter->d_ttd > (unsigned int)time(0)) { 
+      if(iter->d_keys.empty())
+        return false;
+      else
+        return true;
+    }
     else
-      return true;
-  }
-  else
-    ; 
-  
+      ; 
+  }  
   keyset_t keys = getKeys(zone, true);
   
@@ -72 +75 @@
 }
 
-void DNSSECKeeper::addKey(const std::string& name, bool keyOrZone, int algorithm, int bits, bool active)
+bool DNSSECKeeper::addKey(const std::string& name, bool keyOrZone, int algorithm, int bits, bool active)
 {
   if(!bits) {
@@ -93 +96 @@
   dspk.d_algorithm = algorithm;
   dspk.d_flags = keyOrZone ? 257 : 256;
-  addKey(name, dspk, active);
+  return addKey(name, dspk, active);
 }
 
 void DNSSECKeeper::clearCaches(const std::string& name)
 {
-  t_keycache->erase(name); // should this be broadcast in some way?
-  
+  {
+    Lock l(&s_keycachelock);
+    s_keycache.erase(name); 
+  }
   Lock l(&s_metacachelock);
   pair<metacache_t::iterator, metacache_t::iterator> range = s_metacache.equal_range(name);
@@ -107 +112 @@
 
 
-void DNSSECKeeper::addKey(const std::string& name, const DNSSECPrivateKey& dpk, bool active)
+bool DNSSECKeeper::addKey(const std::string& name, const DNSSECPrivateKey& dpk, bool active)
 {
   clearCaches(name);
@@ -115 +120 @@
   kd.content = dpk.getKey()->convertToISC();
  // now store it
-  d_keymetadb.addDomainKey(name, kd);
+  return d_keymetadb.addDomainKey(name, kd) >= 0; // >= 0 == s
 }
 
@@ -257 +262 @@
 {
   unsigned int now = time(0);
-  keycache_t::const_iterator iter = t_keycache->find(zone);
-    
-  if(iter != t_keycache->end() && iter->d_ttd > now) { 
-    keyset_t ret;
-    BOOST_FOREACH(const keyset_t::value_type& value, iter->d_keys) {
-      if(boost::indeterminate(allOrKeyOrZone) || allOrKeyOrZone == value.second.keyOrZone)
-        ret.push_back(value);
-    }
-    return ret;
-  }
-    
+  {
+    Lock l(&s_keycachelock);
+    keycache_t::const_iterator iter = s_keycache.find(zone);
+      
+    if(iter != s_keycache.end() && iter->d_ttd > now) { 
+      keyset_t ret;
+      BOOST_FOREACH(const keyset_t::value_type& value, iter->d_keys) {
+        if(boost::indeterminate(allOrKeyOrZone) || allOrKeyOrZone == value.second.keyOrZone)
+          ret.push_back(value);
+      }
+      return ret;
+    }
+  }    
   keyset_t retkeyset, allkeyset;
   vector<UeberBackend::KeyData> dbkeyset;
@@ -301 +308 @@
   kce.d_keys = allkeyset;
   kce.d_ttd = now + 30;
-  replacing_insert(*t_keycache, kce);
+  {
+    Lock l(&s_keycachelock);
+    replacing_insert(s_keycache, kce);
+  }
   
   return retkeyset;
 }
 
-void DNSSECKeeper::secureZone(const std::string& name, int algorithm)
+bool DNSSECKeeper::secureZone(const std::string& name, int algorithm)
 {
   clearCaches(name); // just to be sure ;)
-  addKey(name, true, algorithm);
+  return addKey(name, true, algorithm);
 }
 

trunk/pdns/pdns/dnsseckeeper.hh

@@ -33 +33 @@
   DNSSECKeeper() : d_keymetadb("key-only")
   {
-    if(!t_keycache)
-      t_keycache = new keycache_t();
   }
   bool isSecuredZone(const std::string& zone);
@@ -40 +38 @@
   keyset_t getKeys(const std::string& zone, boost::tribool allOrKeyOrZone = boost::indeterminate);
   DNSSECPrivateKey getKeyById(const std::string& zone, unsigned int id);
-  void addKey(const std::string& zname, bool keyOrZone, int algorithm=5, int bits=0, bool active=true);
-  void addKey(const std::string& zname, const DNSSECPrivateKey& dpk, bool active=true);
+  bool addKey(const std::string& zname, bool keyOrZone, int algorithm=5, int bits=0, bool active=true);
+  bool addKey(const std::string& zname, const DNSSECPrivateKey& dpk, bool active=true);
   void removeKey(const std::string& zname, unsigned int id);
   void activateKey(const std::string& zname, unsigned int id);
   void deactivateKey(const std::string& zname, unsigned int id);
 
-  void secureZone(const std::string& fname, int algorithm);
+  bool secureZone(const std::string& fname, int algorithm);
 
   bool getNSEC3PARAM(const std::string& zname, NSEC3PARAMRecordContent* n3p=0, bool* narrow=0);
@@ -107 +105 @@
   > metacache_t;
 
-  static __thread keycache_t* t_keycache;
+  static keycache_t s_keycache;
   static metacache_t s_metacache;
   static pthread_mutex_t s_metacachelock;
+  static pthread_mutex_t s_keycachelock;
 };