From 439df0c067b11510eaaa7a0d6cd06dddc5cf7155 Mon Sep 17 00:00:00 2001
Date: Wed, 12 Jul 2017 15:59:05 -0500
Subject: [PATCH] fix for opendns 2.0.x

---
 install/share/opendnssec_conf.template  | 1 -
 ipaplatform/base/paths.py               | 3 ++-
 ipaserver/dnssec/odsmgr.py              | 8 +++++---
 ipaserver/install/opendnssecinstance.py | 9 ++-------
 4 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/install/share/opendnssec_conf.template b/install/share/opendnssec_conf.template
index 3d01fb415..1dc346863 100644
--- a/install/share/opendnssec_conf.template
+++ b/install/share/opendnssec_conf.template
@@ -8,7 +8,6 @@
 			<Module>$SOFTHSM_LIB</Module>
 			<TokenLabel>$TOKEN_LABEL</TokenLabel>
 			<PIN>$PIN</PIN>
-            <AllowExtraction/>
 		</Repository>
 
 	</RepositoryList>
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index de3cdce44..78f762bab 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -168,7 +168,8 @@ class BasePathNamespace(object):
     NET = "/usr/bin/net"
     BIN_NISDOMAINNAME = "/usr/bin/nisdomainname"
     NSUPDATE = "/usr/bin/nsupdate"
-    ODS_KSMUTIL = "/usr/bin/ods-ksmutil"
+    ODS_ENFORCER = "/usr/bin/ods-enforcer"
+    ODS_ENFORCER_SETUP = "/usr/bin/ods-enforcer-db-setup"
     ODS_SIGNER = "/usr/sbin/ods-signer"
     OPENSSL = "/usr/bin/openssl"
     PK12UTIL = "/usr/bin/pk12util"
diff --git a/ipaserver/dnssec/odsmgr.py b/ipaserver/dnssec/odsmgr.py
index 0308408e0..6852ee4f9 100644
--- a/ipaserver/dnssec/odsmgr.py
+++ b/ipaserver/dnssec/odsmgr.py
@@ -10,6 +10,7 @@ except ImportError:
     from xml.etree import ElementTree as etree
 
 from ipapython import ipa_log_manager, ipautil
+from ipaplatform.paths import paths
 
 # hack: zone object UUID is stored as path to imaginary zone file
 ENTRYUUID_PREFIX = "/var/lib/ipa/dns/zone/entryUUID/"
@@ -129,17 +130,18 @@ class ODSMgr(object):
         self.zl_ldap = LDAPZoneListReader()
 
     def ksmutil(self, params):
-        """Call ods-ksmutil with given parameters and return stdout.
+        """Call ods-enforcer with given parameters and return stdout.
 
         Raises CalledProcessError if returncode != 0.
         """
-        cmd = ['ods-ksmutil'] + params
+        cmd = ['ods-enforcer'] + params
         result = ipautil.run(cmd, capture_output=True)
         return result.output
 
     def get_ods_zonelist(self):
         stdout = self.ksmutil(['zonelist', 'export'])
-        reader = ODSZoneListReader(stdout)
+        with open(paths.OPENDNSSEC_ZONELIST_FILE) as f
+            reader = ODSZoneListReader(f.read())
         return reader
 
     def add_ods_zone(self, uuid, name):
diff --git a/ipaserver/install/opendnssecinstance.py b/ipaserver/install/opendnssecinstance.py
index bc2974a2c..e090d1661 100644
--- a/ipaserver/install/opendnssecinstance.py
+++ b/ipaserver/install/opendnssecinstance.py
@@ -277,20 +277,15 @@ class OpenDNSSECInstance(service.Service):
             os.chmod(paths.OPENDNSSEC_KASP_DB, 0o660)
 
             # regenerate zonelist.xml
-            cmd = [paths.ODS_KSMUTIL, 'zonelist', 'export']
+            cmd = [paths.ODS_ENFORCER, 'zonelist', 'export']
             result = ipautil.run(cmd,
                                  runas=constants.ODS_USER,
                                  capture_output=True)
-            with open(paths.OPENDNSSEC_ZONELIST_FILE, 'w') as zonelistf:
-                zonelistf.write(result.output)
-                os.chown(paths.OPENDNSSEC_ZONELIST_FILE,
-                         self.ods_uid, self.ods_gid)
-                os.chmod(paths.OPENDNSSEC_ZONELIST_FILE, 0o660)
 
         else:
             # initialize new kasp.db
             command = [
-                paths.ODS_KSMUTIL,
+                paths.ODS_ENFORCER_SETUP,
                 'setup'
             ]
 
-- 
2.13.2