[Opendnssec-user] kaspConnect() causes ods-enforcer brittleness
Havard Eidnes
he at uninett.no
Tue Dec 8 08:22:21 UTC 2015
Hi,
the ods-enforcer daemon loops, periodically looking for things
which need to be done / scheduled. Inside its service loop it
has this piece of code:
log_msg(config, LOG_INFO, "Connecting to Database...");
kaspConnect(config, &dbhandle);
followed by misleadingly-indented code (that's a minor issue).
However... What happens if an administrator just happens to run
"ods-ksmutil key list ..." at exactly that time when the enforcer
wants to connect to the database? This is what the log can tell:
Dec 8 08:32:43 hugin ods-enforcerd: Connecting to Database...
Dec 8 08:32:43 hugin ods-enforcerd: ERROR: error executing SQL - database is locked
and this time it looks like ods-enforcerd really means that this
is an error, because kaspConnect() doesn't return an error but
does an exit() if connecting to the database fails:
/*
* Connect to the DB
*/
void
kaspConnect(DAEMONCONFIG* config, DB_HANDLE *handle)
{
/* Note that all these XML derived strings are unsigned chars */
if (DbConnect(handle, (char *)config->schema, (char *)config->host, (char *)config->password, (char *)config->user, (char *)config->port) != 0) {
unlink(config->pidfile);
exit(-1);
}
}
That's not a good way to design a library function interface!
This makes ods-enforcer brittle, provides no automatic error
recovery, and requires operator intervention to restart the
now-dead enforcer.
Again, this is with OpenDNSSEC 1.4.7, using sqlite3.
Regards,
- Håvard
More information about the Opendnssec-user
mailing list