Commit 845ac32f authored by Libor Peltan's avatar Libor Peltan Committed by Daniel Salzman

update/dnssec: cancel-out in update's changeset while signing update

parent b9bfa68a
......@@ -242,6 +242,8 @@ int knot_dnssec_sign_update(zone_update_t *update, zone_sign_reschedule_t *resch
kdnssec_ctx_t ctx = { 0 };
zone_keyset_t keyset = { 0 };
update->flags |= UPDATE_CANCELOUT;
// signing pipeline
result = sign_init(update->new_cont, 0, 0, update->zone->kaspdb, &ctx, reschedule);
......
......@@ -350,6 +350,15 @@ void zone_update_clear(zone_update_t *update)
memset(update, 0, sizeof(*update));
}
static changeset_flag_t changeset_flags(const zone_update_t *update)
{
if ((update->flags & UPDATE_CANCELOUT)) {
return CHANGESET_CHECK | CHANGESET_CHECK_CANCELOUT;
} else {
return CHANGESET_CHECK;
}
}
int zone_update_add(zone_update_t *update, const knot_rrset_t *rrset)
{
if (update == NULL || rrset == NULL) {
......@@ -357,7 +366,7 @@ int zone_update_add(zone_update_t *update, const knot_rrset_t *rrset)
}
if (update->flags & UPDATE_INCREMENTAL) {
int ret = changeset_add_addition(&update->change, rrset, CHANGESET_CHECK);
int ret = changeset_add_addition(&update->change, rrset, changeset_flags(update));
if (ret != KNOT_EOK) {
return ret;
}
......@@ -413,7 +422,7 @@ int zone_update_remove(zone_update_t *update, const knot_rrset_t *rrset)
}
if (update->flags & UPDATE_INCREMENTAL) {
int ret = changeset_add_removal(&update->change, rrset, CHANGESET_CHECK);
int ret = changeset_add_removal(&update->change, rrset, changeset_flags(update));
if (ret != KNOT_EOK) {
return ret;
}
......@@ -456,7 +465,7 @@ int zone_update_remove_rrset(zone_update_t *update, knot_dname_t *owner, uint16_
return KNOT_ENOENT;
}
int ret = changeset_add_removal(&update->change, &rrset,
CHANGESET_CHECK);
changeset_flags(update));
if (ret != KNOT_EOK) {
return ret;
}
......@@ -504,7 +513,7 @@ int zone_update_remove_node(zone_update_t *update, const knot_dname_t *owner)
for (int i = 0; i < rrset_count; ++i) {
knot_rrset_t rrset = node_rrset_at(node, rrset_count - 1 - i);
int ret = changeset_add_removal(&update->change, &rrset,
CHANGESET_CHECK);
changeset_flags(update));
if (ret != KNOT_EOK) {
return ret;
}
......
......@@ -47,6 +47,7 @@ typedef enum {
UPDATE_SIGN = 1 << 2, /*!< Sign the resulting zone. */
UPDATE_JOURNAL = 1 << 3, /*!< Using zone-in-journal for a diff update. */
UPDATE_STRICT = 1 << 4, /*!< Apply changes strictly, i.e. fail when removing nonexistent RR. */
UPDATE_CANCELOUT = 1 << 5, /*!< When adding to changeset, cancel-out what has been both added and removed. */
} zone_update_flags_t;
/*!
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment