kd.active = active;
kd.content = dpk.getKey()->convertToISC();
// now store it
- return d_keymetadb.addDomainKey(name, kd) >= 0; // >= 0 == s
+ return d_keymetadb->addDomainKey(name, kd) >= 0; // >= 0 == s
}
DNSSECPrivateKey DNSSECKeeper::getKeyById(const std::string& zname, unsigned int id)
{
vector<DNSBackend::KeyData> keys;
- d_keymetadb.getDomainKeys(zname, 0, keys);
+ d_keymetadb->getDomainKeys(zname, 0, keys);
BOOST_FOREACH(const DNSBackend::KeyData& kd, keys) {
if(kd.id != id)
continue;
void DNSSECKeeper::removeKey(const std::string& zname, unsigned int id)
{
clearCaches(zname);
- d_keymetadb.removeDomainKey(zname, id);
+ d_keymetadb->removeDomainKey(zname, id);
}
void DNSSECKeeper::deactivateKey(const std::string& zname, unsigned int id)
{
clearCaches(zname);
- d_keymetadb.deactivateDomainKey(zname, id);
+ d_keymetadb->deactivateDomainKey(zname, id);
}
void DNSSECKeeper::activateKey(const std::string& zname, unsigned int id)
{
clearCaches(zname);
- d_keymetadb.activateDomainKey(zname, id);
+ d_keymetadb->activateDomainKey(zname, id);
}
}
}
vector<string> meta;
- d_keymetadb.getDomainMetadata(zname, key, meta);
+ d_keymetadb->getDomainMetadata(zname, key, meta);
if(!meta.empty())
value=*meta.begin();
string descr = ns3p.getZoneRepresentation();
vector<string> meta;
meta.push_back(descr);
- d_keymetadb.setDomainMetadata(zname, "NSEC3PARAM", meta);
+ d_keymetadb->setDomainMetadata(zname, "NSEC3PARAM", meta);
meta.clear();
if(narrow)
meta.push_back("1");
- d_keymetadb.setDomainMetadata(zname, "NSEC3NARROW", meta);
+ d_keymetadb->setDomainMetadata(zname, "NSEC3NARROW", meta);
}
void DNSSECKeeper::unsetNSEC3PARAM(const std::string& zname)
{
clearCaches(zname);
- d_keymetadb.setDomainMetadata(zname, "NSEC3PARAM", vector<string>());
- d_keymetadb.setDomainMetadata(zname, "NSEC3NARROW", vector<string>());
+ d_keymetadb->setDomainMetadata(zname, "NSEC3PARAM", vector<string>());
+ d_keymetadb->setDomainMetadata(zname, "NSEC3NARROW", vector<string>());
}
clearCaches(zname);
vector<string> meta;
meta.push_back("1");
- d_keymetadb.setDomainMetadata(zname, "PRESIGNED", meta);
+ d_keymetadb->setDomainMetadata(zname, "PRESIGNED", meta);
}
void DNSSECKeeper::unsetPresigned(const std::string& zname)
{
clearCaches(zname);
- d_keymetadb.setDomainMetadata(zname, "PRESIGNED", vector<string>());
+ d_keymetadb->setDomainMetadata(zname, "PRESIGNED", vector<string>());
}
keyset_t retkeyset, allkeyset;
vector<UeberBackend::KeyData> dbkeyset;
- d_keymetadb.getDomainKeys(zone, 0, dbkeyset);
+ d_keymetadb->getDomainKeys(zone, 0, dbkeyset);
BOOST_FOREACH(UeberBackend::KeyData& kd, dbkeyset)
{
{
vector<string> allowed;
- d_keymetadb.getDomainMetadata(zone, "TSIG-ALLOW-AXFR", allowed);
+ d_keymetadb->getDomainMetadata(zone, "TSIG-ALLOW-AXFR", allowed);
BOOST_FOREACH(const string& dbkey, allowed) {
if(pdns_iequals(dbkey, keyname))
bool DNSSECKeeper::getTSIGForAccess(const string& zone, const string& master, string* keyname)
{
vector<string> keynames;
- d_keymetadb.getDomainMetadata(zone, "AXFR-MASTER-TSIG", keynames);
+ d_keymetadb->getDomainMetadata(zone, "AXFR-MASTER-TSIG", keynames);
keyname->clear();
// XXX FIXME this should check for a specific master!
BOOST_FOREACH(const string& dbkey, keynames) {
*keyname=dbkey;
-
return true;
}
return false;
using namespace ::boost::multi_index;
-class DNSSECKeeper
+class DNSSECKeeper : public boost::noncopyable
{
public:
struct KeyMetaData
typedef std::vector<keymeta_t > keyset_t;
private:
- UeberBackend d_keymetadb;
+ UeberBackend* d_keymetadb;
+ bool d_ourDB;
public:
- DNSSECKeeper() : d_keymetadb("key-only")
+ DNSSECKeeper() : d_keymetadb( new UeberBackend("key-only")), d_ourDB(true)
{
+
+ }
+
+ DNSSECKeeper(UeberBackend* db) : d_keymetadb(db), d_ourDB(false)
+ {
+ }
+
+ ~DNSSECKeeper()
+ {
+ if(d_ourDB)
+ delete d_keymetadb;
}
bool isSecuredZone(const std::string& zone);
void startTransaction()
{
- (*d_keymetadb.backends.begin())->startTransaction("", -1);
+ (*d_keymetadb->backends.begin())->startTransaction("", -1);
}
void commitTransaction()
{
- (*d_keymetadb.backends.begin())->commitTransaction();
+ (*d_keymetadb->backends.begin())->commitTransaction();
}
void getFromMeta(const std::string& zname, const std::string& key, std::string& value);
if(rdomains.empty()) // if we have priority domains, check them first
B->getUnfreshSlaveInfos(&rdomains);
- DNSSECKeeper dk;
+ DNSSECKeeper dk(B); // NOW HEAR THIS! This DK uses our B backend, so no interleaved access!
{
Lock l(&d_lock);
typedef UniQueue::index<IDTag>::type domains_by_name_t;
DomainNotificationInfo dni;
dni.di=di;
dni.dnssecOk = dk.isPresigned(di.zone);
+
if(dk.getTSIGForAccess(di.zone, sr.master, &dni.tsigkeyname)) {
string secret64;
B->getTSIGKey(dni.tsigkeyname, &dni.tsigalgname, &secret64);
di.backend->setFresh(di.id);
}
else {
- B->lookup(QType(QType::RRSIG), di.zone);
+ B->lookup(QType(QType::RRSIG), di.zone); // can't use DK before we are done with this lookup!
DNSResourceRecord rr;
uint32_t maxExpire=0, maxInception=0;
while(B->get(rr)) {
projects / pdns / commitdiff