[Opendnssec-commits] [keihatsu.kirei.se/svn/dnssec] r4140 - in trunk/OpenDNSSEC/enforcer: enforcerd ksm ksm/include/ksm utils

Sion Lloyd sion at nominet.org.uk
Mon Oct 25 16:11:31 CEST 2010


Author: sion
Date: 2010-10-25 16:11:31 +0200 (Mon, 25 Oct 2010)
New Revision: 4140

Modified:
   trunk/OpenDNSSEC/enforcer/enforcerd/enforcer.c
   trunk/OpenDNSSEC/enforcer/ksm/include/ksm/ksm.h
   trunk/OpenDNSSEC/enforcer/ksm/ksm_key.c
   trunk/OpenDNSSEC/enforcer/utils/ksmutil.c
Log:
Return to old view for allocating keys to non-shared-key policies, pivotal story 5858607.


Modified: trunk/OpenDNSSEC/enforcer/enforcerd/enforcer.c
===================================================================
--- trunk/OpenDNSSEC/enforcer/enforcerd/enforcer.c	2010-10-25 13:03:38 UTC (rev 4139)
+++ trunk/OpenDNSSEC/enforcer/enforcerd/enforcer.c	2010-10-25 14:11:31 UTC (rev 4140)
@@ -1257,7 +1257,7 @@
     for (i=0 ; i < new_keys ; i++){
         key_pair_id = 0;
         if (key_type == KSM_TYPE_KSK) {
-            status = KsmKeyGetUnallocated(policy->id, policy->ksk->sm, policy->ksk->bits, policy->ksk->algorithm, zone_id, &key_pair_id);
+            status = KsmKeyGetUnallocated(policy->id, policy->ksk->sm, policy->ksk->bits, policy->ksk->algorithm, zone_id, policy->keys->share_keys, &key_pair_id);
             if (status == -1 || key_pair_id == 0) {
                 if (man_key_gen == 0) {
                     log_msg(NULL, LOG_WARNING, "Not enough keys to satisfy ksk policy for zone: %s", zone_name);
@@ -1274,7 +1274,7 @@
                 return 3;
             }
         } else {
-            status = KsmKeyGetUnallocated(policy->id, policy->zsk->sm, policy->zsk->bits, policy->zsk->algorithm, zone_id, &key_pair_id);
+            status = KsmKeyGetUnallocated(policy->id, policy->zsk->sm, policy->zsk->bits, policy->zsk->algorithm, zone_id, policy->keys->share_keys, &key_pair_id);
             if (status == -1 || key_pair_id == 0) {
                 if (man_key_gen == 0) {
                     log_msg(NULL, LOG_WARNING, "Not enough keys to satisfy zsk policy for zone: %s", zone_name);

Modified: trunk/OpenDNSSEC/enforcer/ksm/include/ksm/ksm.h
===================================================================
--- trunk/OpenDNSSEC/enforcer/ksm/include/ksm/ksm.h	2010-10-25 13:03:38 UTC (rev 4139)
+++ trunk/OpenDNSSEC/enforcer/ksm/include/ksm/ksm.h	2010-10-25 14:11:31 UTC (rev 4140)
@@ -139,7 +139,7 @@
 int KsmKeyPredict(int policy_id, int keytype, int shared_keys, int interval, int *count, int rollover_scheme, int zone_count);
 int KsmKeyCountQueue(int keytype, int* count, int zone_id);
 int KsmKeyCountStillGood(int policy_id, int sm, int bits, int algorithm, int interval, const char* datetime, int *count, int keytype);
-int KsmKeyGetUnallocated(int policy_id, int sm, int bits, int algorithm, int zone_id, int *keypair_id);
+int KsmKeyGetUnallocated(int policy_id, int sm, int bits, int algorithm, int zone_id, int share_keys, int *keypair_id);
 int KsmMarkKeysAsDead(int zone_id);
 int KsmKillKey(int keypair_id);
 

Modified: trunk/OpenDNSSEC/enforcer/ksm/ksm_key.c
===================================================================
--- trunk/OpenDNSSEC/enforcer/ksm/ksm_key.c	2010-10-25 13:03:38 UTC (rev 4139)
+++ trunk/OpenDNSSEC/enforcer/ksm/ksm_key.c	2010-10-25 14:11:31 UTC (rev 4140)
@@ -849,6 +849,8 @@
  *          algorithm of key desired
  *      int zone_id
  *          zone we are allocating to
+ *      int share_keys
+ *          0 if keys are not shared; 1 if they are
  *      int *keypair_id (out)
  *          id of next keypair
  *
@@ -858,7 +860,7 @@
  *          -1 == no free keys on that policy
  */
 
-int KsmKeyGetUnallocated(int policy_id, int sm, int bits, int algorithm, int zone_id, int *keypair_id) 
+int KsmKeyGetUnallocated(int policy_id, int sm, int bits, int algorithm, int zone_id, int share_keys, int *keypair_id) 
 {
 
     int     where = 0;          /* WHERE clause value */
@@ -869,23 +871,28 @@
     char    in_sql[1024];
     char    in_sql2[1024];
 
-    /* check the arguments? */
-    /*if (zone_name == NULL) {
-        return MsgLog(KSM_INVARG, "NULL zone name");
-    }*/
-    snprintf(in_sql, 1024, "(select id from KEYALLOC_VIEW where zone_id = %d)", zone_id);
-    snprintf(in_sql2, 1024, "(select distinct id from KEYDATA_VIEW where policy_id = %d and state in (%d, %d))", policy_id, KSM_STATE_RETIRE, KSM_STATE_DEAD);
+    if (share_keys == KSM_KEYS_NOT_SHARED) {
+        /* Construct the query */
+        sql = DqsSpecifyInit("KEYDATA_VIEW","min(id)");
+        DqsConditionInt(&sql, "policy_id", DQS_COMPARE_EQ, policy_id, where++);
+        DqsConditionInt(&sql, "securitymodule_id", DQS_COMPARE_EQ, sm, where++);
+        DqsConditionInt(&sql, "size", DQS_COMPARE_EQ, bits, where++);
+        DqsConditionInt(&sql, "algorithm", DQS_COMPARE_EQ, algorithm, where++);
+        DqsConditionKeyword(&sql, "zone_id", DQS_COMPARE_IS, "NULL", where++);
+    } else {
+        snprintf(in_sql, 1024, "(select id from KEYALLOC_VIEW where zone_id = %d)", zone_id);
+        snprintf(in_sql2, 1024, "(select distinct id from KEYDATA_VIEW where policy_id = %d and state in (%d, %d))", policy_id, KSM_STATE_RETIRE, KSM_STATE_DEAD);
 
-    /* Construct the query */
-    sql = DqsSpecifyInit("KEYALLOC_VIEW","min(id)");
-    DqsConditionInt(&sql, "policy_id", DQS_COMPARE_EQ, policy_id, where++);
-    DqsConditionInt(&sql, "securitymodule_id", DQS_COMPARE_EQ, sm, where++);
-    DqsConditionInt(&sql, "size", DQS_COMPARE_EQ, bits, where++);
-    DqsConditionInt(&sql, "algorithm", DQS_COMPARE_EQ, algorithm, where++);
-    DqsConditionKeyword(&sql, "zone_id", DQS_COMPARE_IS, "NULL", where++);
-    DqsConditionKeyword(&sql, "id", DQS_COMPARE_NOT_IN, in_sql, where++);
-    DqsConditionKeyword(&sql, "id", DQS_COMPARE_NOT_IN, in_sql2, where++);
-
+        /* Construct the query */
+        sql = DqsSpecifyInit("KEYALLOC_VIEW","min(id)");
+        DqsConditionInt(&sql, "policy_id", DQS_COMPARE_EQ, policy_id, where++);
+        DqsConditionInt(&sql, "securitymodule_id", DQS_COMPARE_EQ, sm, where++);
+        DqsConditionInt(&sql, "size", DQS_COMPARE_EQ, bits, where++);
+        DqsConditionInt(&sql, "algorithm", DQS_COMPARE_EQ, algorithm, where++);
+        DqsConditionKeyword(&sql, "zone_id", DQS_COMPARE_IS, "NULL", where++);
+        DqsConditionKeyword(&sql, "id", DQS_COMPARE_NOT_IN, in_sql, where++);
+        DqsConditionKeyword(&sql, "id", DQS_COMPARE_NOT_IN, in_sql2, where++);
+    }
     /* Execute query and free up the query string */
     status = DbExecuteSql(DbHandle(), sql, &result);
     DqsFree(sql);

Modified: trunk/OpenDNSSEC/enforcer/utils/ksmutil.c
===================================================================
--- trunk/OpenDNSSEC/enforcer/utils/ksmutil.c	2010-10-25 13:03:38 UTC (rev 4139)
+++ trunk/OpenDNSSEC/enforcer/utils/ksmutil.c	2010-10-25 14:11:31 UTC (rev 4140)
@@ -7713,7 +7713,7 @@
     for (i=0 ; i < new_keys ; i++){
         key_pair_id = 0;
         if (key_type == KSM_TYPE_KSK) {
-            status = KsmKeyGetUnallocated(policy->id, policy->ksk->sm, policy->ksk->bits, policy->ksk->algorithm, zone_id, &key_pair_id);
+            status = KsmKeyGetUnallocated(policy->id, policy->ksk->sm, policy->ksk->bits, policy->ksk->algorithm, zone_id, policy->keys->share_keys, &key_pair_id);
             if (status == -1 || key_pair_id == 0) {
                 if (man_key_gen == 0) {
                     printf("Not enough keys to satisfy ksk policy for zone: %s", zone_name);
@@ -7730,7 +7730,7 @@
                 return 3;
             }
         } else {
-            status = KsmKeyGetUnallocated(policy->id, policy->zsk->sm, policy->zsk->bits, policy->zsk->algorithm, zone_id, &key_pair_id);
+            status = KsmKeyGetUnallocated(policy->id, policy->zsk->sm, policy->zsk->bits, policy->zsk->algorithm, zone_id, policy->keys->share_keys, &key_pair_id);
             if (status == -1 || key_pair_id == 0) {
                 if (man_key_gen == 0) {
                     printf("Not enough keys to satisfy zsk policy for zone: %s", zone_name);




More information about the Opendnssec-commits mailing list