- Fix #1398: make cachedb secret configurable.

git-svn-id: file:///svn/unbound/trunk@4295 be551aaa-1e26-0410-a405-d3ace91eadb9

cachedb/cachedb.c

@@ -278,9 +278,10 @@ calc_hash(struct module_qstate* qstate, char* buf, size_t len)
 	size_t clen = 0;
 	uint8_t hash[CACHEDB_HASHSIZE/8];
 	const char* hex = "0123456789ABCDEF";
-	const char* secret = "default"; /* TODO: from qstate->env->cfg */
+	const char* secret = qstate->env->cfg->cachedb_secret ?
+		qstate->env->cfg->cachedb_secret : "default";
 	size_t i;
-	
+
 	/* copy the hash info into the clear buffer */
 	if(clen + qstate->qinfo.qname_len < sizeof(clear)) {
 		memmove(clear+clen, qstate->qinfo.qname,

doc/Changelog

@@ -1,3 +1,6 @@
+8 August 2017: Wouter
+	- Fix #1398: make cachedb secret configurable.
+
 7 August 2017: Wouter
 	- Fix #1397: Recursive DS lookups for AS112 zones names should recurse.
 

doc/example.conf.in

@@ -848,3 +848,5 @@ remote-control:
 # included in module-config.
 # cachedb:
 #     backend: "testframe"
+#     # secret seed string to calculate hashed keys
+#     secret-seed: "default"

doc/unbound.conf.5.in

@@ -1479,7 +1479,7 @@ despite the presence of actual AAAA records.
 .LP
 The
 .B dnscrypt:
-clause give the settings of the dnscrypt channel. While those options are
+clause gives the settings of the dnscrypt channel. While those options are
 available, they are only meaningful if unbound was compiled with
 \fB\-\-enable\-dnscrypt\fR.
 Currently certificate and secret/public keys cannot be generated by unbound.
@@ -1621,6 +1621,37 @@ A/AAAA query will be SERVFAIL.  Mainly used for testing.  Defaults to no.
 Whitelist the domain so that the module logic will be executed.  Can
 be given multiple times, for different domains.  If the option is not
 specified, all domains are treated as being whitelisted (default).
+.SS "Cache DB Module Options"
+.LP
+The Cache DB module must be configured in the \fBmodule\-config:\fR
+"validator cachedb iterator" directive and be compiled into the daemon
+with \fB\-\-enable\-cachedb\fR.
+If this module is enabled and configured, the specified backend database
+works as a second level cache:
+When Unbound cannot find an answer to a query in its built-in in-memory
+cache, it consults the specified backend.
+If it finds a valid answer in the backend, Unbound uses it to respond
+to the query without performing iterative DNS resolution.
+If Unbound cannot even find an answer in the backend, it resolves the
+query as usual, and stores the answer in the backend.
+The
+.B cachedb:
+clause gives custom settings of the cache DB module.
+.TP
+.B backend: \fI<backend name>\fR
+Specify the backend database name.
+Currently, only the in-memory "testframe" backend is supported.
+As the name suggests this backend is not of any practical use.
+This option defaults to "testframe".
+.TP
+.B secret-seed: \fI<"secret string">\fR
+Specify a seed to calculate a hash value from query information.
+This value will be used as the key of the corresponding answer for the
+backend database and can be customized if the hash should not be predictable
+operationally.
+If the backend database is shared by multiple Unbound instances,
+all instances must use the same secret seed.
+This option defaults to "default".
 .SH "MEMORY CONTROL EXAMPLE"
 In the example config settings below memory usage is reduced. Some service
 levels are lower, notable very large data and a high TCP load are no longer

util/config_file.c

@@ -292,6 +292,7 @@ config_create(void)
 #endif
 #ifdef USE_CACHEDB
 	cfg->cachedb_backend = NULL;
+	cfg->cachedb_secret = NULL;
 #endif
 	return cfg;
 error_exit:
@@ -963,6 +964,7 @@ config_get_option(struct config_file* cfg, const char* opt,
 #endif
 #ifdef USE_CACHEDB
 	else O_STR(opt, "backend", cachedb_backend)
+	else O_STR(opt, "secret-seed", cachedb_secret)
 #endif
 	/* not here:
 	 * outgoing-permit, outgoing-avoid - have list of ports
@@ -1267,6 +1269,7 @@ config_delete(struct config_file* cfg)
 #endif
 #ifdef USE_CACHEDB
 	free(cfg->cachedb_backend);
+	free(cfg->cachedb_secret);
 #endif
 	free(cfg);
 }

util/config_file.h

@@ -485,6 +485,8 @@ struct config_file {
 #ifdef USE_CACHEDB
 	/** backend DB name */
 	char* cachedb_backend;
+	/** secret seed for hash key calculation */
+	char* cachedb_secret;
 #endif
 };
 

util/configlexer.lex

@@ -425,6 +425,7 @@ ipsecmod-whitelist{COLON}	{ YDVAR(1, VAR_IPSECMOD_WHITELIST) }
 ipsecmod-strict{COLON}		{ YDVAR(1, VAR_IPSECMOD_STRICT) }
 cachedb{COLON}			{ YDVAR(0, VAR_CACHEDB) }
 backend{COLON}			{ YDVAR(1, VAR_CACHEDB_BACKEND) }
+secret-seed{COLON}		{ YDVAR(1, VAR_CACHEDB_SECRETSEED) }
 <INITIAL,val>{NEWLINE}		{ LEXOUT(("NL\n")); cfg_parser->line++; }
 
 	/* Quoted strings. Strip leading and ending quotes */

util/configparser.y

@@ -146,7 +146,7 @@ extern struct config_parser_state* cfg_parser;
 %token VAR_DNSCRYPT_SECRET_KEY VAR_DNSCRYPT_PROVIDER_CERT
 %token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS
 %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT
-%token VAR_CACHEDB VAR_CACHEDB_BACKEND
+%token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED
 
 %%
 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
@@ -2374,7 +2374,7 @@ cachedbstart: VAR_CACHEDB
 	;
 contents_cachedb: contents_cachedb content_cachedb
 	| ;
-content_cachedb: cachedb_backend_name
+content_cachedb: cachedb_backend_name | cachedb_secret_seed
 	;
 cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG
 	{
@@ -2390,6 +2390,21 @@ cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG
 	#endif
 	}
 	;
+cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG
+	{
+	#ifdef USE_CACHEDB
+		OUTYY(("P(secret-seed:%s)\n", $2));
+		if(cfg_parser->cfg->cachedb_secret)
+			yyerror("cachedb secret-seed override, there must be "
+				"only one secret");
+		free(cfg_parser->cfg->cachedb_secret);
+		cfg_parser->cfg->cachedb_secret = $2;
+	#else
+		OUTYY(("P(Compiled without cachedb, ignoring)\n"));
+		free($2);
+	#endif
+	}
+	;
 %%
 
 /* parse helper routines could be here */