Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

auth: lmdb backend , cannot delete tsigkeys #14779

Closed
thibmac opened this issue Oct 16, 2024 · 5 comments
Closed

auth: lmdb backend , cannot delete tsigkeys #14779

thibmac opened this issue Oct 16, 2024 · 5 comments
Assignees
@miodvallat
Labels
auth defect
Milestone
auth-5

Comments

@thibmac
Copy link

thibmac commented Oct 16, 2024

  • Program: Authoritative 4.9.2
  • Issue type: Bug report

Short description

Really similar - if not identical - problem to issue #12394 and PR #12322

Environment

  • Operating system: Debian 12
  • Software version: auth 4.9.2
  • Software source: PowerDNS repos

Steps to reproduce

I'm not sure how and when the keys were added, maybe before the issue and PR mentioned earlier.

> pdnsutil list-tsig-keys
tsigkey1. hmac-sha256. 1111
tsigkey1. hmac-sha256. 1111
tsigkey1. hmac-sha256. 1111
tsigkey2. hmac-sha256. 2222
tsigkey1. hmac-sha256. 1111
tsigkey2. hmac-sha256. 2222
tsigkey1. hmac-sha256. 1111
tsigkey1. hmac-sha256. 1111

> curl -XGET @ /servers/localhost/tsigkeys (sample)

  {
    "algorithm": "hmac-sha256",
    "id": "tsigkey2.",
    "key": "",
    "name": "tsigkey2",
    "type": "TSIGKey"
  },
  {
    "algorithm": "hmac-sha256",
    "id": "tsigkey1.",
    "key": "",
    "name": "tsigkey1",
    "type": "TSIGKey"
  },
  {
    "algorithm": "hmac-sha256",
    "id": "tsigkey1.",
    "key": "",
    "name": "tsigkey1",
    "type": "TSIGKey"
  },

> curl -XGET @ /servers/localhost/tsigkeys/tsigkey1.
Not Found#         

> pdnsutil delete-tsig-key tsigkey1.
Deleted TSIG key tsigkey1 
[doesn't change anything in the list]

Expected behaviour

Both

>pdnsutil delete-tsig-key tsigkey1. 
or 
> curl -XDELETE @ /servers/localhost/tsigkeys/tsigkey1.

to actually delete the keys with id "tsigkey1."

Actual behaviour

Described earlier :

pdnsutil gives a "Deleted TSIG key tsigkey1" message but not taken into account
pdns API gives a "Not found" answer

Config lmdb snippet

launch=lmdb
lmdb-filename=/etc/powerdns/lmdb/pdns.lmdb
lmdb-sync-mode=sync
@Habbie Habbie added this to the auth-5 milestone Oct 17, 2024
@miodvallat
Copy link
Contributor

I am not able to reproduce this using a fresh lmdb database (using schema version 5). Is your lmdb database an older schema which got upgraded to v5? In other words, did you use this lmdb database with a PowerDNS version older than 4.8?

@thibmac
Copy link
Author

thibmac commented Dec 30, 2024
edited
Loading

Hello,

The LMDB base was as old as dec. 2022 I believe and pdns 4.8 came around June 2023 , so it's likely the base schema got upgraded since.

Best,

@miodvallat
Copy link
Contributor

Indeed, creating and populating an lmdb database with 4.7.x, the 4.9.x pdnsutil will only remove one key matching the identifier, rather than all of them.

@miodvallat
Copy link
Contributor

Ah, worse. It can remove the first one, and then none of the remaining ones. This probably matches the state of your setup.

Good! Now that I can reproduce, I can work on the problem.

@miodvallat miodvallat mentioned this issue Jan 2, 2025
Merged
7 tasks
@miodvallat
Copy link
Contributor

Tentative fix in #15004.

@miodvallat miodvallat self-assigned this Jan 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@miodvallat miodvallat

Labels
auth defect
Projects
None yet
Milestone
auth-5
Development

No branches or pull requests
3 participants
@Habbie @thibmac @miodvallat