From b250ac5d752b3565b4fdfb74e8de38784ba93d89 Mon Sep 17 00:00:00 2001
From: Petr Spacek <pspacek@redhat.com>
Date: Mon, 31 Aug 2015 18:40:50 +0200
Subject: [PATCH] DNSSEC: Fix key metadata export

Incorrect SQL join condition could lead to situation where metadata from
ZSK and KSK were interchanged.

https://fedorahosted.org/freeipa/ticket/5273

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Oleg Fayans <ofayans@redhat.com>
---
 daemons/dnssec/ipa-ods-exporter | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/daemons/dnssec/ipa-ods-exporter b/daemons/dnssec/ipa-ods-exporter
index 76c7e484c65888b3d722448ee669ca8d95e3f3d9..e0c88936d5983297483c504d422c8d1ee483b6cf 100755
--- a/daemons/dnssec/ipa-ods-exporter
+++ b/daemons/dnssec/ipa-ods-exporter
@@ -174,7 +174,7 @@ def get_ods_keys(zone_name):
 
     # get all keys for given zone ID
     cur = db.execute("SELECT kp.HSMkey_id, kp.generate, kp.algorithm, dnsk.publish, dnsk.active, dnsk.retire, dnsk.dead, dnsk.keytype "
-             "FROM keypairs AS kp JOIN dnsseckeys AS dnsk ON kp.id = dnsk.id "
+             "FROM keypairs AS kp JOIN dnsseckeys AS dnsk ON kp.id = dnsk.keypair_id "
              "WHERE dnsk.zone_id = ?", (zone_id,))
     keys = {}
     for row in cur:
-- 
2.5.1