[Opendnssec-commits] [svn.opendnssec.org/svn/dnssec] r5500 - in branches/OpenDNSSEC-1.3: . enforcer/utils

sion at nominet.org.uk sion at nominet.org.uk
Wed Aug 31 10:36:15 CEST 2011


Author: sion
Date: 2011-08-31 10:36:15 +0200 (Wed, 31 Aug 2011)
New Revision: 5500

Modified:
   branches/OpenDNSSEC-1.3/NEWS
   branches/OpenDNSSEC-1.3/enforcer/utils/ksmutil.c
Log:
Fixed issue where first ds-seen command run on a zone would work, but return an error code and not send a HUP to the enforcerd. (Reported to users mailing list by Rick.)
-This line, and those below, will be ignored--

M    enforcer/utils/ksmutil.c
M    NEWS


Modified: branches/OpenDNSSEC-1.3/NEWS
===================================================================
--- branches/OpenDNSSEC-1.3/NEWS	2011-08-31 08:16:13 UTC (rev 5499)
+++ branches/OpenDNSSEC-1.3/NEWS	2011-08-31 08:36:15 UTC (rev 5500)
@@ -16,8 +16,9 @@
   zone would get missing signatures.
 * Zonefetcher: Check inbound serial in transferred file, to prevent
   redundant zone transfers.
+* ods-ksmutil: fixed issue where first ds-seen command run on a zone would work,
+  but return an error code and not send a HUP to the enforcerd.
 
-
 OpenDNSSEC 1.3.0 - 2011-07-12
 
 * Include simple-dnskey-mailer-plugin in dist.

Modified: branches/OpenDNSSEC-1.3/enforcer/utils/ksmutil.c
===================================================================
--- branches/OpenDNSSEC-1.3/enforcer/utils/ksmutil.c	2011-08-31 08:16:13 UTC (rev 5499)
+++ branches/OpenDNSSEC-1.3/enforcer/utils/ksmutil.c	2011-08-31 08:36:15 UTC (rev 5500)
@@ -2756,12 +2756,21 @@
                     return status;
                 }
 
+				/* Cleanup and print an error message... */
+                db_disconnect(lock_fd);
+                StrFree(datetime);
                 if (retired_count != 0) {
                     printf("Error: retiring a key would leave no active keys on zone, skipping...\n");
-                }
-                db_disconnect(lock_fd);
-                StrFree(datetime);
-                return -1;
+					return -1;
+                } else {
+					/* ...Unless this looks like a new zone, in which case poke
+					   the enforcerd */
+					if (restart_enforcerd() != 0)
+					{
+						fprintf(stderr, "Could not HUP ods-enforcerd\n");
+					}
+					return 0;
+				}
             }
 
             status = RetireOldKey(zone_id, policy_id, datetime);




More information about the Opendnssec-commits mailing list