[Opendnssec-commits] [keihatsu.kirei.se/svn/dnssec] r3818 - in trunk/OpenDNSSEC: . enforcer/ksm enforcer/ksm/include/ksm enforcer/utils

Sion Lloyd sion at nominet.org.uk
Fri Aug 27 10:59:09 CEST 2010


Author: sion
Date: 2010-08-27 10:59:08 +0200 (Fri, 27 Aug 2010)
New Revision: 3818

Modified:
   trunk/OpenDNSSEC/NEWS
   trunk/OpenDNSSEC/enforcer/ksm/include/ksm/ksm.h
   trunk/OpenDNSSEC/enforcer/ksm/ksm_policy.c
   trunk/OpenDNSSEC/enforcer/utils/ksmutil.c
Log:
Recalculate salt immediately if salt length is changed, pivotal story 4660517.


Modified: trunk/OpenDNSSEC/NEWS
===================================================================
--- trunk/OpenDNSSEC/NEWS	2010-08-27 08:43:00 UTC (rev 3817)
+++ trunk/OpenDNSSEC/NEWS	2010-08-27 08:59:08 UTC (rev 3818)
@@ -16,6 +16,7 @@
   that the key is in use for.
 * Backup prepare/commit/rollback added for 2-step backups without taking the
   enforcer offline.
+* Recalculate salt immediately if the saltlength is changed.
 
 OpenDNSSEC 1.1.0 branch
 

Modified: trunk/OpenDNSSEC/enforcer/ksm/include/ksm/ksm.h
===================================================================
--- trunk/OpenDNSSEC/enforcer/ksm/include/ksm/ksm.h	2010-08-27 08:43:00 UTC (rev 3817)
+++ trunk/OpenDNSSEC/enforcer/ksm/include/ksm/ksm.h	2010-08-27 08:59:08 UTC (rev 3818)
@@ -275,6 +275,7 @@
 int KsmPolicyReadFromId(KSM_POLICY* policy);
 int KsmPolicyNameFromId(KSM_POLICY* policy);
 int KsmPolicyUpdateSalt(KSM_POLICY* policy);
+int KsmPolicyNullSaltStamp(int policy_id);
 int KsmPolicyPopulateSMFromIds(KSM_POLICY* policy);
 int KsmPolicySetIdFromName(KSM_POLICY *policy);
 int KsmPolicyIdFromZoneId(int zone_id, int* policy_id);

Modified: trunk/OpenDNSSEC/enforcer/ksm/ksm_policy.c
===================================================================
--- trunk/OpenDNSSEC/enforcer/ksm/ksm_policy.c	2010-08-27 08:43:00 UTC (rev 3817)
+++ trunk/OpenDNSSEC/enforcer/ksm/ksm_policy.c	2010-08-27 08:59:08 UTC (rev 3818)
@@ -648,6 +648,58 @@
     return status;
 }
 
+/*+
+ * KsmPolicyNullSaltStamp
+ *
+ * Description:
+ *      Given a policy id set its saltstamp to NULL, this will force a resalt on
+ *      the next enforcer run, suitable for when salt length has changed for 
+ *      instance.
+ *
+ * Arguments:
+ *      int policy_id
+ *      	policy to work on
+ *
+ * Returns:
+ *      int
+ *          Status return:
+ *              0           success
+ *              non-zero    some error occurred and a message has been output.
+ *              -1          no policy found
+ *
+-*/
+
+int KsmPolicyNullSaltStamp(int policy_id)
+{
+    char    buffer[KSM_SQL_SIZE];   /* update statement for salt_stamp */
+    unsigned int    nchar;          /* Number of characters converted */
+    int status = 0;
+   
+    /* check the argument */
+    if (policy_id < 1) {
+        MsgLog(KSM_INVARG, "Negative or zero policy_id");
+        return -1;
+    }
+
+     nchar = snprintf(buffer, sizeof(buffer),
+             "UPDATE policies SET salt_stamp = NULL WHERE ID = %lu",
+             (unsigned long) policy_id);
+
+     if (nchar < sizeof(buffer)) {
+         /* All OK, execute the statement */
+
+         status = DbExecuteSqlNoResult(DbHandle(), buffer);
+     }
+     else {
+         /* Unable to create update statement */
+
+         status = MsgLog(KME_BUFFEROVF, "KsmPolicy");
+     }
+
+     return status;
+}
+
+
 /* Populate security module information for a structure that has the sm_id fields filled in */
 
 int KsmPolicyPopulateSMFromIds(KSM_POLICY* policy)

Modified: trunk/OpenDNSSEC/enforcer/utils/ksmutil.c
===================================================================
--- trunk/OpenDNSSEC/enforcer/utils/ksmutil.c	2010-08-27 08:43:00 UTC (rev 3817)
+++ trunk/OpenDNSSEC/enforcer/utils/ksmutil.c	2010-08-27 08:59:08 UTC (rev 3818)
@@ -4303,6 +4303,17 @@
             printf("Error: Is your database schema up to date?\n");
             return status;
         }
+
+        /* Special step if salt length changed make sure that the salt is 
+           regenerated when the enforcer runs next */
+        if (strncmp(name, "saltlength", 10) == 0) {
+            status = KsmPolicyNullSaltStamp(policy_id);
+            if (status != 0) {
+                printf("Error: unable to insert/update %s for policy\n", name);
+                printf("Error: Is your database schema up to date?\n");
+                return status;
+            }
+        }
     }
 
     return 0;




More information about the Opendnssec-commits mailing list