auth: prevent new database connections while sending notifies

diff --git a/pdns/communicator.cc b/pdns/communicator.cc
index be8af617239e08a44601ff8c92370d11f06875a9..fedf38be2bc5069ef58faf4df143cf362725dae8 100644 (file)
--- a/pdns/communicator.cc
+++ b/pdns/communicator.cc
@@ -119,7 +119,7 @@ void CommunicatorClass::mainloop(void)
     for(;;) {
       slaveRefresh(&P);
       masterUpdateCheck(&P);
-      tick=doNotifications(); // this processes any notification acknowledgements and actually send out our own notifications
+      tick=doNotifications(&P); // this processes any notification acknowledgements and actually send out our own notifications
       
       tick = min (tick, d_tickinterval); 
       
@@ -146,7 +146,7 @@ void CommunicatorClass::mainloop(void)
           break; // something happened
         }
         // this gets executed at least once every second
-        doNotifications();
+        doNotifications(&P);
       }
     }
   }

diff --git a/pdns/communicator.hh b/pdns/communicator.hh
index 5413e4dacf2335f9a5af69276536204d776719ae..d38f6835c820103454c6b9ba02f7a201cf279d8b 100644 (file)
--- a/pdns/communicator.hh
+++ b/pdns/communicator.hh
@@ -161,7 +161,7 @@ public:
     d_nsock6 = -1;
     d_preventSelfNotification = false;
   }
-  time_t doNotifications();    
+  time_t doNotifications(PacketHandler *P);
   void go();
   
   
@@ -173,7 +173,7 @@ public:
   void notify(const DNSName &domain, const string &ip);
   void mainloop();
   void retrievalLoopThread();
-  void sendNotification(int sock, const DNSName &domain, const ComboAddress& remote, uint16_t id);
+  void sendNotification(int sock, const DNSName &domain, const ComboAddress& remote, uint16_t id, UeberBackend* B);
 
   static void *launchhelper(void *p)
   {
@@ -185,7 +185,7 @@ public:
     static_cast<CommunicatorClass *>(p)->retrievalLoopThread();
     return 0;
   }
-  bool notifyDomain(const DNSName &domain);
+  bool notifyDomain(const DNSName &domain, UeberBackend* B);
 private:
   void loadArgsIntoSet(const char *listname, set<string> &listset);
   void makeNotifySockets();

diff --git a/pdns/dynhandler.cc b/pdns/dynhandler.cc
index bef847764b4ee1c795d84978c33bff89276055ab..7541fdb656a53089a9b2281f8576e3eb6e625657 100644 (file)
--- a/pdns/dynhandler.cc
+++ b/pdns/dynhandler.cc
@@ -301,7 +301,7 @@ string DLNotifyHandler(const vector<string>&parts, Utility::pid_t ppid)
     for (const auto& di : domains) {
       if (di.kind == DomainInfo::Master || di.kind == DomainInfo::Slave) { // MASTER and Slave if slave-renotify is enabled
         total++;
-        if(Communicator.notifyDomain(di.zone))
+        if(Communicator.notifyDomain(di.zone, &B))
           notified++;
       }
     }
@@ -316,7 +316,7 @@ string DLNotifyHandler(const vector<string>&parts, Utility::pid_t ppid)
     } catch (...) {
       return "Failed to parse domain as valid DNS name";
     }
-    if(!Communicator.notifyDomain(DNSName(parts[1])))
+    if(!Communicator.notifyDomain(DNSName(parts[1]), &B))
       return "Failed to add to the queue - see log";
     return "Added to queue";
   }

diff --git a/pdns/mastercommunicator.cc b/pdns/mastercommunicator.cc
index f9c513af3e46a304e569605b766e2eac7009cf35..d349234ebc06f6918554033e0fbee62d6618fd2d 100644 (file)
--- a/pdns/mastercommunicator.cc
+++ b/pdns/mastercommunicator.cc
@@ -112,15 +112,14 @@ void CommunicatorClass::queueNotifyDomain(const DomainInfo& di, UeberBackend* B)
 }
 
 
-bool CommunicatorClass::notifyDomain(const DNSName &domain)
+bool CommunicatorClass::notifyDomain(const DNSName &domain, UeberBackend* B)
 {
   DomainInfo di;
-  UeberBackend B;
-  if(!B.getDomainInfo(domain, di)) {
+  if(!B->getDomainInfo(domain, di)) {
     g_log<<Logger::Error<<"No such domain '"<<domain<<"' in our database"<<endl;
     return false;
   }
-  queueNotifyDomain(di, &B);
+  queueNotifyDomain(di, B);
   // call backend and tell them we sent out the notification - even though that is premature    
   di.backend->setNotified(di.id, di.serial);
 
@@ -166,8 +165,9 @@ void CommunicatorClass::masterUpdateCheck(PacketHandler *P)
   }
 }
 
-time_t CommunicatorClass::doNotifications()
+time_t CommunicatorClass::doNotifications(PacketHandler *P)
 {
+  UeberBackend *B=P->getBackend();
   ComboAddress from;
   Utility::socklen_t fromlen;
   char buffer[1500];
@@ -220,7 +220,7 @@ time_t CommunicatorClass::doNotifications()
         if(d_preventSelfNotification && AddressIsUs(remote))
           continue;
 
-        sendNotification(remote.sin4.sin_family == AF_INET ? d_nsock4 : d_nsock6, domain, remote, id);
+        sendNotification(remote.sin4.sin_family == AF_INET ? d_nsock4 : d_nsock6, domain, remote, id, B);
         drillHole(domain, ip);
       }
       catch(ResolverException &re) {
@@ -234,16 +234,15 @@ time_t CommunicatorClass::doNotifications()
   return d_nq.earliest();
 }
 
-void CommunicatorClass::sendNotification(int sock, const DNSName& domain, const ComboAddress& remote, uint16_t id)
+void CommunicatorClass::sendNotification(int sock, const DNSName& domain, const ComboAddress& remote, uint16_t id, UeberBackend *B)
 {
-  UeberBackend B;
   vector<string> meta;
   DNSName tsigkeyname;
   DNSName tsigalgorithm;
   string tsigsecret64;
   string tsigsecret;
 
-  if (::arg().mustDo("send-signed-notify") && B.getDomainMetadata(domain, "TSIG-ALLOW-AXFR", meta) && meta.size() > 0) {
+  if (::arg().mustDo("send-signed-notify") && B->getDomainMetadata(domain, "TSIG-ALLOW-AXFR", meta) && meta.size() > 0) {
     tsigkeyname = DNSName(meta[0]);
   }
 
@@ -253,7 +252,7 @@ void CommunicatorClass::sendNotification(int sock, const DNSName& domain, const
   pw.getHeader()->aa = true; 
 
   if (tsigkeyname.empty() == false) {
-    if (!B.getTSIGKey(tsigkeyname, &tsigalgorithm, &tsigsecret64)) {
+    if (!B->getTSIGKey(tsigkeyname, &tsigalgorithm, &tsigsecret64)) {
       g_log<<Logger::Error<<"TSIG key '"<<tsigkeyname<<"' for domain '"<<domain<<"' not found"<<endl;
       return;
     }

diff --git a/pdns/rfc2136handler.cc b/pdns/rfc2136handler.cc
index 1797d3080899509a8fd49ab59a6e858454c526c1..c0d4a232e4ab0ea17cb7007387bf9ede35c32140 100644 (file)
--- a/pdns/rfc2136handler.cc
+++ b/pdns/rfc2136handler.cc
@@ -1028,7 +1028,7 @@ int PacketHandler::processUpdate(DNSPacket *p) {
         vector<string> notify;
         B.getDomainMetadata(p->qdomain, "NOTIFY-DNSUPDATE", notify);
         if (!notify.empty() && notify.front() == "1") {
-          Communicator.notifyDomain(di.zone);
+          Communicator.notifyDomain(di.zone, &B);
         }
       }
 

diff --git a/pdns/slavecommunicator.cc b/pdns/slavecommunicator.cc
index 48539485f0d86abdda98a2a24bacb3f47abb7e25..a5d19c0a5964be6ceff40edcc8e09e734243bb3b 100644 (file)
--- a/pdns/slavecommunicator.cc
+++ b/pdns/slavecommunicator.cc
@@ -600,7 +600,7 @@ void CommunicatorClass::suck(const DNSName &domain, const ComboAddress& remote)
 
     g_log<<Logger::Error<<"AXFR done for '"<<domain<<"', zone committed with serial number "<<zs.soa_serial<<endl;
     if(::arg().mustDo("slave-renotify"))
-      notifyDomain(domain);
+      notifyDomain(domain, &B);
   }
   catch(DBException &re) {
     g_log<<Logger::Error<<"Unable to feed record during incoming AXFR of '" << domain<<"': "<<re.reason<<endl;

diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index 8a3783d91970cadbd839080707f60729cf5c88e9..9d009b7362d5e60efa3a921bd58c2a712d86c105 100644 (file)
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -1819,7 +1819,7 @@ static void apiServerZoneNotify(HttpRequest* req, HttpResponse* resp) {
     throw HttpNotFoundException();
   }
 
-  if(!Communicator.notifyDomain(zonename))
+  if(!Communicator.notifyDomain(zonename, &B))
     throw ApiException("Failed to add to the queue - see server log");
 
   resp->setSuccessResult("Notification queued");