From b250ac5d752b3565b4fdfb74e8de38784ba93d89 Mon Sep 17 00:00:00 2001

From: Petr Spacek <pspacek@redhat.com>

Date: Mon, 31 Aug 2015 18:40:50 +0200

Subject: [PATCH] DNSSEC: Fix key metadata export

Incorrect SQL join condition could lead to situation where metadata from

ZSK and KSK were interchanged.

https://fedorahosted.org/freeipa/ticket/5273

Reviewed-By: Martin Basti <mbasti@redhat.com>

Reviewed-By: Oleg Fayans <ofayans@redhat.com>

---

 daemons/dnssec/ipa-ods-exporter | 2 +-

 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/daemons/dnssec/ipa-ods-exporter b/daemons/dnssec/ipa-ods-exporter

index 76c7e484c65888b3d722448ee669ca8d95e3f3d9..e0c88936d5983297483c504d422c8d1ee483b6cf 100755

--- a/daemons/dnssec/ipa-ods-exporter

+++ b/daemons/dnssec/ipa-ods-exporter

@@ -174,7 +174,7 @@ def get_ods_keys(zone_name):

     # get all keys for given zone ID

     cur = db.execute("SELECT kp.HSMkey_id, kp.generate, kp.algorithm, dnsk.publish, dnsk.active, dnsk.retire, dnsk.dead, dnsk.keytype "

-             "FROM keypairs AS kp JOIN dnsseckeys AS dnsk ON kp.id = dnsk.id "

+             "FROM keypairs AS kp JOIN dnsseckeys AS dnsk ON kp.id = dnsk.keypair_id "

              "WHERE dnsk.zone_id = ?", (zone_id,))

     keys = {}

     for row in cur:

-- 

2.5.1