auth: prevent new database connections while sending notifies

diff --git a/pdns/communicator.cc b/pdns/communicator.cc
index b3b56ca64831c626b3b75d2d0d42daecb5ec00f6..816b489673ddd05228c8fd71d22e22fc5a03b4ff 100644 (file)
--- a/pdns/communicator.cc
+++ b/pdns/communicator.cc
@@ -118,7 +118,7 @@ void CommunicatorClass::mainloop(void)
     for(;;) {
       slaveRefresh(&P);
       masterUpdateCheck(&P);
-      tick=doNotifications(); // this processes any notification acknowledgements and actually send out our own notifications
+      tick=doNotifications(&P); // this processes any notification acknowledgements and actually send out our own notifications
       
       tick = min (tick, d_tickinterval); 
       
@@ -145,7 +145,7 @@ void CommunicatorClass::mainloop(void)
           break; // something happened
         }
         // this gets executed at least once every second
-        doNotifications();
+        doNotifications(&P);
       }
     }
   }

diff --git a/pdns/communicator.hh b/pdns/communicator.hh
index e0b25758259d018341a47291052c24cf2a6d351e..353a26801e47f05a88683f9dabd6d7ed9edb624b 100644 (file)
--- a/pdns/communicator.hh
+++ b/pdns/communicator.hh
@@ -161,7 +161,7 @@ public:
     d_nsock6 = -1;
     d_preventSelfNotification = false;
   }
-  time_t doNotifications();    
+  time_t doNotifications(PacketHandler *P);
   void go();
   
   
@@ -173,7 +173,7 @@ public:
   void notify(const DNSName &domain, const string &ip);
   void mainloop();
   void retrievalLoopThread();
-  void sendNotification(int sock, const DNSName &domain, const ComboAddress& remote, uint16_t id);
+  void sendNotification(int sock, const DNSName &domain, const ComboAddress& remote, uint16_t id, UeberBackend* B);
 
   static void *launchhelper(void *p)
   {
@@ -185,7 +185,7 @@ public:
     static_cast<CommunicatorClass *>(p)->retrievalLoopThread();
     return 0;
   }
-  bool notifyDomain(const DNSName &domain);
+  bool notifyDomain(const DNSName &domain, UeberBackend* B);
 private:
   void loadArgsIntoSet(const char *listname, set<string> &listset);
   void makeNotifySockets();

diff --git a/pdns/dynhandler.cc b/pdns/dynhandler.cc
index bef847764b4ee1c795d84978c33bff89276055ab..7541fdb656a53089a9b2281f8576e3eb6e625657 100644 (file)
--- a/pdns/dynhandler.cc
+++ b/pdns/dynhandler.cc
@@ -301,7 +301,7 @@ string DLNotifyHandler(const vector<string>&parts, Utility::pid_t ppid)
     for (const auto& di : domains) {
       if (di.kind == DomainInfo::Master || di.kind == DomainInfo::Slave) { // MASTER and Slave if slave-renotify is enabled
         total++;
-        if(Communicator.notifyDomain(di.zone))
+        if(Communicator.notifyDomain(di.zone, &B))
           notified++;
       }
     }
@@ -316,7 +316,7 @@ string DLNotifyHandler(const vector<string>&parts, Utility::pid_t ppid)
     } catch (...) {
       return "Failed to parse domain as valid DNS name";
     }
-    if(!Communicator.notifyDomain(DNSName(parts[1])))
+    if(!Communicator.notifyDomain(DNSName(parts[1]), &B))
       return "Failed to add to the queue - see log";
     return "Added to queue";
   }

diff --git a/pdns/mastercommunicator.cc b/pdns/mastercommunicator.cc
index 1eef51563635f5bdf1cec163c6c04a655219d959..03a25eafee4023f37492adba9dc7908f4f45fe1a 100644 (file)
--- a/pdns/mastercommunicator.cc
+++ b/pdns/mastercommunicator.cc
@@ -112,15 +112,14 @@ void CommunicatorClass::queueNotifyDomain(const DomainInfo& di, UeberBackend* B)
 }
 
 
-bool CommunicatorClass::notifyDomain(const DNSName &domain)
+bool CommunicatorClass::notifyDomain(const DNSName &domain, UeberBackend* B)
 {
   DomainInfo di;
-  UeberBackend B;
-  if(!B.getDomainInfo(domain, di)) {
+  if(!B->getDomainInfo(domain, di)) {
     g_log<<Logger::Error<<"No such domain '"<<domain<<"' in our database"<<endl;
     return false;
   }
-  queueNotifyDomain(di, &B);
+  queueNotifyDomain(di, B);
   // call backend and tell them we sent out the notification - even though that is premature    
   di.backend->setNotified(di.id, di.serial);
 
@@ -166,8 +165,9 @@ void CommunicatorClass::masterUpdateCheck(PacketHandler *P)
   }
 }
 
-time_t CommunicatorClass::doNotifications()
+time_t CommunicatorClass::doNotifications(PacketHandler *P)
 {
+  UeberBackend *B=P->getBackend();
   ComboAddress from;
   Utility::socklen_t fromlen;
   char buffer[1500];
@@ -220,7 +220,7 @@ time_t CommunicatorClass::doNotifications()
         if(d_preventSelfNotification && AddressIsUs(remote))
           continue;
 
-        sendNotification(remote.sin4.sin_family == AF_INET ? d_nsock4 : d_nsock6, domain, remote, id);
+        sendNotification(remote.sin4.sin_family == AF_INET ? d_nsock4 : d_nsock6, domain, remote, id, B);
         drillHole(domain, ip);
       }
       catch(ResolverException &re) {
@@ -234,16 +234,15 @@ time_t CommunicatorClass::doNotifications()
   return d_nq.earliest();
 }
 
-void CommunicatorClass::sendNotification(int sock, const DNSName& domain, const ComboAddress& remote, uint16_t id)
+void CommunicatorClass::sendNotification(int sock, const DNSName& domain, const ComboAddress& remote, uint16_t id, UeberBackend *B)
 {
-  UeberBackend B;
   vector<string> meta;
   DNSName tsigkeyname;
   DNSName tsigalgorithm;
   string tsigsecret64;
   string tsigsecret;
 
-  if (::arg().mustDo("send-signed-notify") && B.getDomainMetadata(domain, "TSIG-ALLOW-AXFR", meta) && meta.size() > 0) {
+  if (::arg().mustDo("send-signed-notify") && B->getDomainMetadata(domain, "TSIG-ALLOW-AXFR", meta) && meta.size() > 0) {
     tsigkeyname = DNSName(meta[0]);
   }
 
@@ -253,7 +252,7 @@ void CommunicatorClass::sendNotification(int sock, const DNSName& domain, const
   pw.getHeader()->aa = true; 
 
   if (tsigkeyname.empty() == false) {
-    if (!B.getTSIGKey(tsigkeyname, &tsigalgorithm, &tsigsecret64)) {
+    if (!B->getTSIGKey(tsigkeyname, &tsigalgorithm, &tsigsecret64)) {
       g_log<<Logger::Error<<"TSIG key '"<<tsigkeyname<<"' for domain '"<<domain<<"' not found"<<endl;
       return;
     }

diff --git a/pdns/rfc2136handler.cc b/pdns/rfc2136handler.cc
index f3e1b791977e1f9b9485125ec85829aa4bd325ba..778dc8558ab85e9dc2d0854451fd4d5fad9f811b 100644 (file)
--- a/pdns/rfc2136handler.cc
+++ b/pdns/rfc2136handler.cc
@@ -1028,7 +1028,7 @@ int PacketHandler::processUpdate(DNSPacket *p) {
         vector<string> notify;
         B.getDomainMetadata(p->qdomain, "NOTIFY-DNSUPDATE", notify);
         if (!notify.empty() && notify.front() == "1") {
-          Communicator.notifyDomain(di.zone);
+          Communicator.notifyDomain(di.zone, &B);
         }
       }
 

diff --git a/pdns/slavecommunicator.cc b/pdns/slavecommunicator.cc
index 1b7c126c1a306f06b758a0f1b6b475a07069ca9b..c6b08fefcfbae0ed90600876b15fb859f09745c2 100644 (file)
--- a/pdns/slavecommunicator.cc
+++ b/pdns/slavecommunicator.cc
@@ -613,7 +613,7 @@ void CommunicatorClass::suck(const DNSName &domain, const ComboAddress& remote)
       }
     }
     if(renotify)
-      notifyDomain(domain);
+      notifyDomain(domain, &B);
   }
   catch(DBException &re) {
     g_log<<Logger::Error<<"Unable to feed record during incoming AXFR of '" << domain<<"': "<<re.reason<<endl;

diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index 69c4fa328242156ef7ef8777df18d149a5aa4e7f..dfe15eb435ba4eb2c73c0b9e96fcdd879c0431d6 100644 (file)
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -1820,7 +1820,7 @@ static void apiServerZoneNotify(HttpRequest* req, HttpResponse* resp) {
     throw HttpNotFoundException();
   }
 
-  if(!Communicator.notifyDomain(zonename))
+  if(!Communicator.notifyDomain(zonename, &B))
     throw ApiException("Failed to add to the queue - see server log");
 
   resp->setSuccessResult("Notification queued");