From: Benjamin Zengin <b.zengin@yahoo.de>
Date: Tue, 5 Jul 2016 10:17:32 +0000 (+0200)
Subject: Update addKey in dnsseckeeper (Closes #706)
X-Git-Tag: dnsdist-1.1.0-beta2~136^2~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=db0c616e3ec54ba73be6260ab866fb3b74c1db2e;p=thirdparty%2Fpdns.git

Update addKey in dnsseckeeper (Closes #706)
- Let addKey return the id of the added key
- pdnsutil 'add-zone-key' prints it
- pdnsutil 'import-zone-key' prints it
- pdnsutil 'import-zone-key-pem' prints it
---

diff --git a/pdns/dbdnsseckeeper.cc b/pdns/dbdnsseckeeper.cc
index 14e47373d4..e07a350c85 100644
--- a/pdns/dbdnsseckeeper.cc
+++ b/pdns/dbdnsseckeeper.cc
@@ -73,7 +73,7 @@ bool DNSSECKeeper::isPresigned(const DNSName& name)
   return meta=="1";
 }
 
-bool DNSSECKeeper::addKey(const DNSName& name, bool setSEPBit, int algorithm, int bits, bool active)
+int DNSSECKeeper::addKey(const DNSName& name, bool setSEPBit, int algorithm, int bits, bool active)
 {
   if(!bits) {
     if(algorithm <= 10)
@@ -119,7 +119,7 @@ void DNSSECKeeper::clearCaches(const DNSName& name)
 }
 
 
-bool DNSSECKeeper::addKey(const DNSName& name, const DNSSECPrivateKey& dpk, bool active)
+int DNSSECKeeper::addKey(const DNSName& name, const DNSSECPrivateKey& dpk, bool active)
 {
   clearCaches(name);
   DNSBackend::KeyData kd;
@@ -127,7 +127,7 @@ bool DNSSECKeeper::addKey(const DNSName& name, const DNSSECPrivateKey& dpk, bool
   kd.active = active;
   kd.content = dpk.getKey()->convertToISC();
  // now store it
-  return d_keymetadb->addDomainKey(name, kd) >= 0; // >= 0 == s
+  return d_keymetadb->addDomainKey(name, kd);
 }
 
 
diff --git a/pdns/dnsseckeeper.hh b/pdns/dnsseckeeper.hh
index 38dbc56464..0c5d4e8856 100644
--- a/pdns/dnsseckeeper.hh
+++ b/pdns/dnsseckeeper.hh
@@ -161,8 +161,8 @@ public:
   keyset_t getEntryPoints(const DNSName& zname);
   keyset_t getKeys(const DNSName& zone, bool useCache = true);
   DNSSECPrivateKey getKeyById(const DNSName& zone, unsigned int id);
-  bool addKey(const DNSName& zname, bool setSEPBit, int algorithm, int bits=0, bool active=true);
-  bool addKey(const DNSName& zname, const DNSSECPrivateKey& dpk, bool active=true);
+  int addKey(const DNSName& zname, bool setSEPBit, int algorithm, int bits=0, bool active=true);
+  int addKey(const DNSName& zname, const DNSSECPrivateKey& dpk, bool active=true);
   bool removeKey(const DNSName& zname, unsigned int id);
   bool activateKey(const DNSName& zname, unsigned int id);
   bool deactivateKey(const DNSName& zname, unsigned int id);
diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc
index 6b9a050ce0..29a3c773a0 100644
--- a/pdns/pdnsutil.cc
+++ b/pdns/pdnsutil.cc
@@ -1753,7 +1753,7 @@ bool secureZone(DNSSECKeeper& dk, const DNSName& zone)
 
     int algo = DNSSECKeeper::shorthand2algorithm(k_algo);
 
-    if(!dk.addKey(zone, true, algo, k_size, true)) {
+    if(dk.addKey(zone, true, algo, k_size, true) < 0) {
       cerr<<"No backend was able to secure '"<<zone<<"', most likely because no DNSSEC"<<endl;
       cerr<<"capable backends are loaded, or because the backends have DNSSEC disabled."<<endl;
       cerr<<"For the Generic SQL backends, set the 'gsqlite3-dnssec', 'gmysql-dnssec' or"<<endl;
@@ -1768,7 +1768,7 @@ bool secureZone(DNSSECKeeper& dk, const DNSName& zone)
 
     int algo = DNSSECKeeper::shorthand2algorithm(z_algo);
 
-    if(!dk.addKey(zone, false, algo, z_size, true)) {
+    if(!dk.addKey(zone, false, algo, z_size, true) < 0) {
       cerr<<"No backend was able to secure '"<<zone<<"', most likely because no DNSSEC"<<endl;
       cerr<<"capable backends are loaded, or because the backends have DNSSEC disabled."<<endl;
       cerr<<"For the Generic SQL backends, set the 'gsqlite3-dnssec', 'gmysql-dnssec' or"<<endl;
@@ -2254,7 +2254,8 @@ loadMainConfig(g_vm["config-dir"].as<string>());
         exit(EXIT_FAILURE);;
       }
     }
-    if(!dk.addKey(zone, keyOrZone, algorithm, bits, active)) {
+    int id;
+    if((id = dk.addKey(zone, keyOrZone, algorithm, bits, active)) < 0) {
       cerr<<"Adding key failed, perhaps DNSSEC not enabled in configuration?"<<endl;
       exit(1);
     }
@@ -2262,6 +2263,7 @@ loadMainConfig(g_vm["config-dir"].as<string>());
       cerr<<"Added a " << (keyOrZone ? "KSK" : "ZSK")<<" with algorithm = "<<algorithm<<", active="<<active<<endl;
       if(bits)
         cerr<<"Requested specific key size of "<<bits<<" bits"<<endl;
+      cout<<std::to_string(id)<<endl;
     }
   }
   else if(cmds[0] == "remove-zone-key") {
@@ -2637,11 +2639,13 @@ loadMainConfig(g_vm["config-dir"].as<string>());
     }
     else
       dpk.d_flags = 257; // ksk
-      
-    if(!dk.addKey(DNSName(zone), dpk)) {
+
+    int id;
+    if((id = dk.addKey(DNSName(zone), dpk)) < 0) {
       cerr<<"Adding key failed, perhaps DNSSEC not enabled in configuration?"<<endl;
       exit(1);
     }
+    cout<<std::to_string(id)<<endl;
     
   }
   else if(cmds[0]=="import-zone-key") {
@@ -2677,10 +2681,12 @@ loadMainConfig(g_vm["config-dir"].as<string>());
         exit(1);
       }          
     }
-    if(!dk.addKey(DNSName(zone), dpk, active)) {
+    int id;
+    if((id = dk.addKey(DNSName(zone), dpk, active)) < 0) {
       cerr<<"Adding key failed, perhaps DNSSEC not enabled in configuration?"<<endl;
       exit(1);
     }
+    cout<<std::to_string(id)<<endl;
   }
   else if(cmds[0]=="export-zone-dnskey") {
     if(cmds.size() < 3) {