From: Bert Hubert Date: Fri, 14 Jan 2011 12:10:47 +0000 (+0000) Subject: properly invalidate keycache on adding a new key - this removes the 'should not happe... X-Git-Tag: auth-3.0~365 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5e91adff5c6b80cd9f03f0b190e89b4e70976eec;p=pdns properly invalidate keycache on adding a new key - this removes the 'should not happen' error on pdnssec-secure git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1882 d19b8d6e-7fed-0310-83ef-9ca221ded41b --- diff --git a/pdns/dbdnsseckeeper.cc b/pdns/dbdnsseckeeper.cc index f60909812..04344315c 100644 --- a/pdns/dbdnsseckeeper.cc +++ b/pdns/dbdnsseckeeper.cc @@ -45,7 +45,7 @@ bool DNSSECKeeper::haveActiveKSKFor(const std::string& zone) { Lock l(&s_keycachelock); keycache_t::const_iterator iter = s_keycache.find(zone); - if(iter != s_keycache.end() && iter->d_ttd > time(0)) { + if(iter != s_keycache.end() && iter->d_ttd > (unsigned int)time(0)) { if(iter->d_keys.empty()) return false; else @@ -76,8 +76,17 @@ void DNSSECKeeper::addKey(const std::string& name, bool keyOrZone, int algorithm addKey(name, dpk, active); } +void DNSSECKeeper::clearCaches(const std::string& name) +{ + Lock l(&s_keycachelock); + s_keycache.erase(name); + s_nseccache.erase(name); +} + + void DNSSECKeeper::addKey(const std::string& name, const DNSSECPrivateKey& dpk, bool active) { + clearCaches(name); DNSBackend::KeyData kd; kd.flags = dpk.d_flags; // the dpk doesn't get stored, only they key part kd.active = active; @@ -118,22 +127,25 @@ DNSSECPrivateKey DNSSECKeeper::getKeyById(const std::string& zname, unsigned int void DNSSECKeeper::removeKey(const std::string& zname, unsigned int id) { + clearCaches(zname); d_db.removeDomainKey(zname, id); } void DNSSECKeeper::deactivateKey(const std::string& zname, unsigned int id) { + clearCaches(zname); d_db.deactivateDomainKey(zname, id); } void DNSSECKeeper::activateKey(const std::string& zname, unsigned int id) { + clearCaches(zname); d_db.activateDomainKey(zname, id); } bool DNSSECKeeper::getNSEC3PARAM(const std::string& zname, NSEC3PARAMRecordContent* ns3p, bool* narrow) { - time_t now = time(0); + unsigned int now = time(0); { Lock l(&s_nseccachelock); @@ -197,6 +209,7 @@ bool DNSSECKeeper::getNSEC3PARAM(const std::string& zname, NSEC3PARAMRecordConte void DNSSECKeeper::setNSEC3PARAM(const std::string& zname, const NSEC3PARAMRecordContent& ns3p, const bool& narrow) { + clearCaches(zname); string descr = ns3p.getZoneRepresentation(); vector meta; meta.push_back(descr); @@ -210,13 +223,14 @@ void DNSSECKeeper::setNSEC3PARAM(const std::string& zname, const NSEC3PARAMRecor void DNSSECKeeper::unsetNSEC3PARAM(const std::string& zname) { + clearCaches(zname); d_db.setDomainMetadata(zname, "NSEC3PARAM", vector()); } DNSSECKeeper::keyset_t DNSSECKeeper::getKeys(const std::string& zone, boost::tribool allOrKeyOrZone) { - time_t now = time(0); + unsigned int now = time(0); { Lock l(&s_keycachelock); keycache_t::const_iterator iter = s_keycache.find(zone); @@ -271,5 +285,6 @@ DNSSECKeeper::keyset_t DNSSECKeeper::getKeys(const std::string& zone, boost::tri void DNSSECKeeper::secureZone(const std::string& name, int algorithm) { + clearCaches(name); // just to be sure ;) addKey(name, true, algorithm); } diff --git a/pdns/dnsseckeeper.hh b/pdns/dnsseckeeper.hh index 1f93ee53d..40c6ba758 100644 --- a/pdns/dnsseckeeper.hh +++ b/pdns/dnsseckeeper.hh @@ -142,7 +142,8 @@ public: bool getNSEC3PARAM(const std::string& zname, NSEC3PARAMRecordContent* n3p=0, bool* narrow=0); void setNSEC3PARAM(const std::string& zname, const NSEC3PARAMRecordContent& n3p, const bool& narrow=false); void unsetNSEC3PARAM(const std::string& zname); - + void clearCaches(const std::string& name); +private: struct KeyCacheEntry { typedef vector keys_t;