From b0486ea57a2eb3d383fa6cce24ae23ab1796fc24 Mon Sep 17 00:00:00 2001
From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Fri, 17 Nov 2017 13:20:52 +0100
Subject: [PATCH] Fix hang when PATCHing zone during rectify

Before, we would spawn a new UeberBackend in the DNSSECKeeper, but there
was already a transaction going on, so the rectify would never finish,
as rectifyZone would not return.
---
 pdns/dbdnsseckeeper.cc | 4 ++++
 pdns/ws-auth.cc        | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/pdns/dbdnsseckeeper.cc b/pdns/dbdnsseckeeper.cc
index aca1b38d3..d006bac02 100644
--- a/pdns/dbdnsseckeeper.cc
+++ b/pdns/dbdnsseckeeper.cc
@@ -626,6 +626,10 @@ bool DNSSECKeeper::rectifyZone(const DNSName& zone, string& error, string& info,
   std::unique_ptr<UeberBackend> b;
 
   if (d_ourDB) {
+    if (!doTransaction) {
+      error = "Can not rectify a zone with a new Ueberbackend inside a transaction.";
+      return false;
+    }
     // We don't have a *full* Ueberbackend, just a key-only one.
     // Let's create one and use it
     b = std::unique_ptr<UeberBackend>(new UeberBackend());
diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index 460952f6c..d2d587afe 100644
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -1709,7 +1709,7 @@ static void patchZone(HttpRequest* req, HttpResponse* resp) {
     throw;
   }
 
-  DNSSECKeeper dk;
+  DNSSECKeeper dk(&B);
   string api_rectify;
   di.backend->getDomainMetadataOne(zonename, "API-RECTIFY", api_rectify);
   if (dk.isSecuredZone(zonename) && !dk.isPresigned(zonename) && api_rectify == "1") {
-- 
2.40.0