mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 14:35:26 +00:00
Code Issues Releases Wiki Activity

2840. [bug] Change 2836 was not complete. [RT #20883]

Browse Source
This commit is contained in:
Evan Hunt
2010-01-14 23:27:38 +00:00
parent b4b534f1ee
commit b47d410f84
2 changed files with 19 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@@ -1,3 +1,5 @@
2840. [bug] Change 2836 was not complete. [RT #20883]
2839. [bug] Temporary fixed pkcs11-destroy usage check. 2839. [bug] Temporary fixed pkcs11-destroy usage check.
[RT #20760] [RT #20760]

32
lib/dns/zone.c
View File

@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: zone.c,v 1.553 2010/01/12 23:56:12 fdupont Exp $ */ /* $Id: zone.c,v 1.554 2010/01/14 23:27:38 each Exp $ */
/*! \file */ /*! \file */
@@ -6559,6 +6559,10 @@ zone_sign(dns_zone_t *zone) {
CHECK(dns_private_chains(db, version, zone->privatetype, CHECK(dns_private_chains(db, version, zone->privatetype,
&build_nsec, &build_nsec3)); &build_nsec, &build_nsec3));
/* If neither chain is found, default to NSEC */
if (!build_nsec && !build_nsec3)
build_nsec = ISC_TRUE;
while (signing != NULL && nodes-- > 0 && signatures > 0) { while (signing != NULL && nodes-- > 0 && signatures > 0) {
nextsigning = ISC_LIST_NEXT(signing, link); nextsigning = ISC_LIST_NEXT(signing, link);
@@ -13695,7 +13699,7 @@ zone_rekey(dns_zone_t *zone) {
dns_dnsseckeylist_t dnskeys, keys, rmkeys; dns_dnsseckeylist_t dnskeys, keys, rmkeys;
dns_dnsseckey_t *key; dns_dnsseckey_t *key;
dns_diff_t diff; dns_diff_t diff;
isc_boolean_t commit = ISC_FALSE; isc_boolean_t commit = ISC_FALSE, newactive = ISC_FALSE;
dns_ttl_t ttl = 3600; dns_ttl_t ttl = 3600;
const char *dir; const char *dir;
isc_mem_t *mctx; isc_mem_t *mctx;
@@ -13759,7 +13763,17 @@ zone_rekey(dns_zone_t *zone) {
goto failure; goto failure;
} }
if (!ISC_LIST_EMPTY(diff.tuples) && /* See if any pre-existing keys have newly become active */
for (key = ISC_LIST_HEAD(dnskeys);
key != NULL;
key = ISC_LIST_NEXT(key, link)) {
if (key->first_sign) {
newactive = ISC_TRUE;
break;
}
}
if ((newactive || !ISC_LIST_EMPTY(diff.tuples)) &&
dnskey_sane(zone, db, ver, &diff)) { dnskey_sane(zone, db, ver, &diff)) {
commit = ISC_TRUE; commit = ISC_TRUE;
dns_diff_apply(&diff, db, ver); dns_diff_apply(&diff, db, ver);
@@ -13773,18 +13787,6 @@ zone_rekey(dns_zone_t *zone) {
dns_db_closeversion(db, &ver, commit); dns_db_closeversion(db, &ver, commit);
/* See if any pre-existing keys have newly become active */
if (!commit) {
for (key = ISC_LIST_HEAD(dnskeys);
key != NULL;
key = ISC_LIST_NEXT(key, link)) {
if (key->first_sign) {
commit = ISC_TRUE;
break;
}
}
}
/* Update signatures */ /* Update signatures */
if (commit) { if (commit) {
LOCK_ZONE(zone); LOCK_ZONE(zone);