mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 06:25:31 +00:00
Code Issues Releases Wiki Activity

2780. [bug] dnssec-keygen -A none didn't properly unset the

Browse Source 
activation date in all cases. [RT #20648]

2779.	[bug]		Dynamic key revokation could fail. [RT #20644]

2778.	[bug]		dnssec-signzone could fail when a key was revoked
			without deleting the unrevoked version. [RT #20638]
This commit is contained in:
Evan Hunt
2009-11-23 02:55:41 +00:00
parent 289dbe005c
commit cef109efa7
8 changed files with 67 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
lib/dns/dnssec.c
View File

@@ -16,7 +16,7 @@
*/
/*
* $Id: dnssec.c,v 1.110 2009/11/17 05:46:53 each Exp $
* $Id: dnssec.c,v 1.111 2009/11/23 02:55:41 each Exp $
*/
/*! \file */
@@ -1078,7 +1078,7 @@ get_hints(dns_dnsseckey_t *key) {
*
* If it hasn't already been done, we should also revoke it now.
*/
if (key->hint_publish && (revset && revoke < now)) {
if (key->hint_publish && (revset && revoke <= now)) {
isc_uint32_t flags;
key->hint_sign = ISC_TRUE;
flags = dst_key_flags(key->key);
@@ -1384,7 +1384,7 @@ make_dnskey(dst_key_t *key, unsigned char *buf, int bufsize,
}
static isc_result_t
publish_key(dns_diff_t *add, dns_dnsseckey_t *key, dns_name_t *origin,
publish_key(dns_diff_t *diff, dns_dnsseckey_t *key, dns_name_t *origin,
dns_ttl_t ttl, isc_mem_t *mctx, isc_boolean_t allzsk,
void (*report)(const char *, ...))
{
@@ -1418,7 +1418,7 @@ publish_key(dns_diff_t *add, dns_dnsseckey_t *key, dns_name_t *origin,
/* publish key */
RETERR(dns_difftuple_create(mctx, DNS_DIFFOP_ADD, origin, ttl,
&dnskey, &tuple));
dns_diff_append(add, &tuple);
dns_diff_appendminimal(diff, &tuple);
result = ISC_R_SUCCESS;
failure:
@@ -1426,7 +1426,7 @@ publish_key(dns_diff_t *add, dns_dnsseckey_t *key, dns_name_t *origin,
}
static isc_result_t
remove_key(dns_diff_t *del, dns_dnsseckey_t *key, dns_name_t *origin,
remove_key(dns_diff_t *diff, dns_dnsseckey_t *key, dns_name_t *origin,
dns_ttl_t ttl, isc_mem_t *mctx, const char *reason,
void (*report)(const char *, ...))
{
@@ -1443,7 +1443,7 @@ remove_key(dns_diff_t *del, dns_dnsseckey_t *key, dns_name_t *origin,
RETERR(make_dnskey(key->key, buf, sizeof(buf), &dnskey));
RETERR(dns_difftuple_create(mctx, DNS_DIFFOP_DEL, origin, ttl, &dnskey,
&tuple));
dns_diff_append(del, &tuple);
dns_diff_appendminimal(diff, &tuple);
result = ISC_R_SUCCESS;
failure:
@@ -1459,9 +1459,8 @@ remove_key(dns_diff_t *del, dns_dnsseckey_t *key, dns_name_t *origin,
isc_result_t
dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
dns_dnsseckeylist_t *removed, dns_name_t *origin,
dns_ttl_t ttl, dns_diff_t *add, dns_diff_t *del,
isc_boolean_t allzsk, isc_mem_t *mctx,
void (*report)(const char *, ...))
dns_ttl_t ttl, dns_diff_t *diff, isc_boolean_t allzsk,
isc_mem_t *mctx, void (*report)(const char *, ...))
{
isc_result_t result;
dns_dnsseckey_t *key, *key1, *key2, *next;
@@ -1476,7 +1475,7 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
key = ISC_LIST_NEXT(key, link)) {
if (key->source == dns_keysource_user &&
(key->hint_publish || key->force_publish)) {
RETERR(publish_key(add, key, origin, ttl,
RETERR(publish_key(diff, key, origin, ttl,
mctx, allzsk, report));
}
}
@@ -1515,7 +1514,7 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
if (key1->source != dns_keysource_zoneapex &&
(key1->hint_publish || key1->force_publish)) {
RETERR(publish_key(add, key1, origin, ttl,
RETERR(publish_key(diff, key1, origin, ttl,
mctx, allzsk, report));
if (key1->hint_sign || key1->force_sign)
key1->first_sign = ISC_TRUE;
@@ -1526,7 +1525,7 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
/* Match found: remove or update it as needed */
if (key1->hint_remove) {
RETERR(remove_key(del, key2, origin, ttl, mctx,
RETERR(remove_key(diff, key2, origin, ttl, mctx,
"expired", report));
ISC_LIST_UNLINK(*keys, key2, link);
if (removed != NULL)
@@ -1541,7 +1540,7 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
* We need to remove the old version and pull
* in the new one.
*/
RETERR(remove_key(del, key2, origin, ttl, mctx,
RETERR(remove_key(diff, key2, origin, ttl, mctx,
"revoked", report));
ISC_LIST_UNLINK(*keys, key2, link);
if (removed != NULL)
@@ -1549,7 +1548,7 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
else
dns_dnsseckey_destroy(mctx, &key2);
RETERR(publish_key(add, key1, origin, ttl,
RETERR(publish_key(diff, key1, origin, ttl,
mctx, allzsk, report));
ISC_LIST_UNLINK(*newkeys, key1, link);
ISC_LIST_APPEND(*keys, key1, link);