properly invalidate keycache on adding a new key - this removes the 'should not happe...

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1882 d19b8d6e-7fed-0310-83ef-9ca221ded41b

diff --git a/pdns/dbdnsseckeeper.cc b/pdns/dbdnsseckeeper.cc
index f609098121801e409e21f020a9c7900bcb12c6a7..04344315ce694f2b2e21ccafff995b2889f647a7 100644 (file)
--- a/pdns/dbdnsseckeeper.cc
+++ b/pdns/dbdnsseckeeper.cc
@@ -45,7 +45,7 @@ bool DNSSECKeeper::haveActiveKSKFor(const std::string& zone)
   {
     Lock l(&s_keycachelock);
     keycache_t::const_iterator iter = s_keycache.find(zone);
-    if(iter != s_keycache.end() && iter->d_ttd > time(0)) { 
+    if(iter != s_keycache.end() && iter->d_ttd > (unsigned int)time(0)) { 
       if(iter->d_keys.empty())
         return false;
       else
@@ -76,8 +76,17 @@ void DNSSECKeeper::addKey(const std::string& name, bool keyOrZone, int algorithm
   addKey(name, dpk, active);
 }
 
+void DNSSECKeeper::clearCaches(const std::string& name)
+{
+  Lock l(&s_keycachelock);
+  s_keycache.erase(name);
+  s_nseccache.erase(name);
+}
+
+
 void DNSSECKeeper::addKey(const std::string& name, const DNSSECPrivateKey& dpk, bool active)
 {
+  clearCaches(name);
   DNSBackend::KeyData kd;
   kd.flags = dpk.d_flags; // the dpk doesn't get stored, only they key part
   kd.active = active;
@@ -118,22 +127,25 @@ DNSSECPrivateKey DNSSECKeeper::getKeyById(const std::string& zname, unsigned int
 
 void DNSSECKeeper::removeKey(const std::string& zname, unsigned int id)
 {
+  clearCaches(zname);
   d_db.removeDomainKey(zname, id);
 }
 
 void DNSSECKeeper::deactivateKey(const std::string& zname, unsigned int id)
 {
+  clearCaches(zname);
   d_db.deactivateDomainKey(zname, id);
 }
 
 void DNSSECKeeper::activateKey(const std::string& zname, unsigned int id)
 {
+  clearCaches(zname);
   d_db.activateDomainKey(zname, id);
 }
 
 bool DNSSECKeeper::getNSEC3PARAM(const std::string& zname, NSEC3PARAMRecordContent* ns3p, bool* narrow)
 {
-  time_t now = time(0);
+  unsigned int now = time(0);
   {
     Lock l(&s_nseccachelock); 
     
@@ -197,6 +209,7 @@ bool DNSSECKeeper::getNSEC3PARAM(const std::string& zname, NSEC3PARAMRecordConte
 
 void DNSSECKeeper::setNSEC3PARAM(const std::string& zname, const NSEC3PARAMRecordContent& ns3p, const bool& narrow)
 {
+  clearCaches(zname);
   string descr = ns3p.getZoneRepresentation();
   vector<string> meta;
   meta.push_back(descr);
@@ -210,13 +223,14 @@ void DNSSECKeeper::setNSEC3PARAM(const std::string& zname, const NSEC3PARAMRecor
 
 void DNSSECKeeper::unsetNSEC3PARAM(const std::string& zname)
 {
+  clearCaches(zname);
   d_db.setDomainMetadata(zname, "NSEC3PARAM", vector<string>());
 }
 
 
 DNSSECKeeper::keyset_t DNSSECKeeper::getKeys(const std::string& zone, boost::tribool allOrKeyOrZone) 
 {
-  time_t now = time(0);
+  unsigned int now = time(0);
   {
     Lock l(&s_keycachelock);
     keycache_t::const_iterator iter = s_keycache.find(zone);
@@ -271,5 +285,6 @@ DNSSECKeeper::keyset_t DNSSECKeeper::getKeys(const std::string& zone, boost::tri
 
 void DNSSECKeeper::secureZone(const std::string& name, int algorithm)
 {
+  clearCaches(name); // just to be sure ;)
   addKey(name, true, algorithm);
 }

diff --git a/pdns/dnsseckeeper.hh b/pdns/dnsseckeeper.hh
index 1f93ee53d3d659185580d59d6463ab236b0b9bb7..40c6ba758e0505509f669cae18ec918c25de291c 100644 (file)
--- a/pdns/dnsseckeeper.hh
+++ b/pdns/dnsseckeeper.hh
@@ -142,7 +142,8 @@ public:
   bool getNSEC3PARAM(const std::string& zname, NSEC3PARAMRecordContent* n3p=0, bool* narrow=0);
   void setNSEC3PARAM(const std::string& zname, const NSEC3PARAMRecordContent& n3p, const bool& narrow=false);
   void unsetNSEC3PARAM(const std::string& zname);
-  
+  void clearCaches(const std::string& name);
+private:  
   struct KeyCacheEntry
   {
     typedef vector<DNSSECKeeper::keymeta_t> keys_t;