From 73058caa625e5e966beff9122cf235cb45d6b0bc Mon Sep 17 00:00:00 2001
From: Petr Spacek <pspacek@redhat.com>
Date: Sep 03 2015 16:20:36 +0000
Subject: DNSSEC: Fix key metadata export


Incorrect SQL join condition could lead to situation where metadata from
ZSK and KSK were interchanged.

https://fedorahosted.org/freeipa/ticket/5273

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Oleg Fayans <ofayans@redhat.com>

---

diff --git a/daemons/dnssec/ipa-ods-exporter b/daemons/dnssec/ipa-ods-exporter
index 76c7e48..e0c8893 100755
--- a/daemons/dnssec/ipa-ods-exporter
+++ b/daemons/dnssec/ipa-ods-exporter
@@ -174,7 +174,7 @@ def get_ods_keys(zone_name):
 
     # get all keys for given zone ID
     cur = db.execute("SELECT kp.HSMkey_id, kp.generate, kp.algorithm, dnsk.publish, dnsk.active, dnsk.retire, dnsk.dead, dnsk.keytype "
-             "FROM keypairs AS kp JOIN dnsseckeys AS dnsk ON kp.id = dnsk.id "
+             "FROM keypairs AS kp JOIN dnsseckeys AS dnsk ON kp.id = dnsk.keypair_id "
              "WHERE dnsk.zone_id = ?", (zone_id,))
     keys = {}
     for row in cur: