[Opendnssec-commits] [svn.opendnssec.org/svn/dnssec] r6108 - branches/OpenDNSSEC-1.3/signer/src/shared

matthijs at nlnetlabs.nl matthijs at nlnetlabs.nl
Mon Jan 30 11:28:47 CET 2012


Author: matthijs
Date: 2012-01-30 11:28:46 +0100 (Mon, 30 Jan 2012)
New Revision: 6108

Modified:
   branches/OpenDNSSEC-1.3/signer/src/shared/hsm.c
   branches/OpenDNSSEC-1.3/signer/src/shared/hsm.h
Log:
OPENDNSSEC-33: Signer should check the HSM connection

- two functions, one for checking the connection one for checking the context




Modified: branches/OpenDNSSEC-1.3/signer/src/shared/hsm.c
===================================================================
--- branches/OpenDNSSEC-1.3/signer/src/shared/hsm.c	2012-01-27 14:41:07 UTC (rev 6107)
+++ branches/OpenDNSSEC-1.3/signer/src/shared/hsm.c	2012-01-30 10:28:46 UTC (rev 6108)
@@ -32,11 +32,67 @@
  */
 
 #include "shared/hsm.h"
+#include "shared/locks.h"
 #include "shared/log.h"
 
 static const char* hsm_str = "hsm";
 
+static lock_basic_type hsm_lock;
 
+
+/*
+ * Check the HSM context, recreate if necessary.
+ *
+ */
+void
+lhsm_check_context(hsm_ctx_t** ctx)
+{
+    if (ctx && *ctx) {
+        if (hsm_check_context(*ctx) != HSM_OK) {
+            ods_log_warning("[%s] invalid hsm context, trying to recreate",
+                hsm_str);
+            hsm_destroy_context(*ctx);
+            *ctx = hsm_create_context();
+            if (!*ctx) {
+                ods_log_error("[%s] error creating libhsm context", hsm_str);
+            }
+        }
+    }
+    return;
+}
+
+
+/*
+ * Check the HSM connection, reopen if necessary.
+ *
+ */
+void
+lhsm_check_connection(const char* filename, hsm_ctx_t** ctx)
+{
+    lock_basic_lock(&hsm_lock);
+    if (hsm_check_context(NULL) != HSM_OK) {
+        int result = 0;
+        ods_log_warning("[%s] idle hsm connection closed down, trying to "
+            "reopen", hsm_str);
+        hsm_close();
+        result = hsm_open(filename, hsm_prompt_pin, NULL);
+        if (result != HSM_OK) {
+            char* error =  hsm_get_error(NULL);
+            if (error != NULL) {
+                ods_log_error("[%s] %s", hsm_str, error);
+                free(error);
+            }
+            ods_log_error("[%s] error reopening libhsm (errno %i)", hsm_str,
+                result);
+            /* exit? */
+        }
+        lhsm_check_context(ctx);
+    }
+    lock_basic_unlock(&hsm_lock);
+    return;
+}
+
+
 /**
  * Get key from one of the HSMs.
  *

Modified: branches/OpenDNSSEC-1.3/signer/src/shared/hsm.h
===================================================================
--- branches/OpenDNSSEC-1.3/signer/src/shared/hsm.h	2012-01-27 14:41:07 UTC (rev 6107)
+++ branches/OpenDNSSEC-1.3/signer/src/shared/hsm.h	2012-01-30 10:28:46 UTC (rev 6108)
@@ -45,7 +45,23 @@
 #include <libhsm.h>
 #include <libhsmdns.h>
 
+
 /**
+ * Check the HSM context, recreate if necessary.
+ * \param[out] ctx context
+ *
+ */
+void lhsm_check_context(hsm_ctx_t** ctx);
+
+/**
+ * Check the HSM connection, reopen if necessary.
+ * \param[out] ctx context, recreated if necessary.
+ * \param[in] filename the configuration filename
+ *
+ */
+void lhsm_check_connection(const char* filename, hsm_ctx_t** ctx);
+
+/**
  * Get key from one of the HSMs, store the DNSKEY and HSM key.
  * \param[in] ctx HSM context
  * \param[in] owner the zone owner name




More information about the Opendnssec-commits mailing list