Mercurial Mercurial > hg > ius > dnstools / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sbin/dnssec-keytool
changeset 150 3db363880766
parent 142 ae564015b7b0
equal deleted inserted replaced
146:a3860111db49 150:3db363880766 
    37         "rm"  => sub { push @$cmd => "rm" },
 
    37         "rm"  => sub { push @$cmd => "rm" },
 
    38         "check" => sub { $cmd = "check" },
 
    38         "check" => sub { $cmd = "check" },
 
    39         "h|help" => sub { pod2usage(-exit => 0, -verbose => 1) },
 
    39         "h|help" => sub { pod2usage(-exit => 0, -verbose => 1) },
 
    40         "m|man"  => sub {
 
    40         "m|man"  => sub {
 
    41             pod2usage(
 
    41             pod2usage(
 
    42                 -exit      => 0,
 
    42                 -exit => 0,
 
    43                 # "system('perldoc -V &>/dev/null')" appears shorter, but may not
 
    43 
    44                 # do what you expect ( it still returns 0 on debian squeeze with
 
    44                # "system('perldoc -V &>/dev/null')" appears shorter, but may not
 
    45                 # dash as system shell even if cannot find the command in $PATH)
 
    45                # do what you expect ( it still returns 0 on debian squeeze with
 
       
    46                # dash as system shell even if cannot find the command in $PATH)
 
    46                 -noperldoc => system('perldoc -V >/dev/null 2>&1'),
 
    47                 -noperldoc => system('perldoc -V >/dev/null 2>&1'),
 
    47                 -verbose   => 2
 
    48                 -verbose   => 2
 
    48             );
 
    49             );
 
    49         },
 
    50         },
 
    50       )
 
    51       )
 
    63 
    64 
    64         push @zones, $zone;
 
    65         push @zones, $zone;
 
    65     }
 
    66     }
 
    66 
    67 
    67     given ($cmd) {
 
    68     given ($cmd) {
 
    68         when ("zsk")   { exit create_zsk(@zones) };
 
    69         when ("zsk") { exit create_zsk(@zones) };
 
    69         when ("ksk")   { exit create_ksk(@zones) };
 
    70         when ("ksk") { exit create_ksk(@zones) };
 
       
    71 
    70         #when ("check") { exit check_zone(@zones) };
 
    72         #when ("check") { exit check_zone(@zones) };
 
    71         when ("rm")    { exit rm_keys(@zones) };
 
    73         when ("rm") { exit rm_keys(@zones) };
 
    72 	default		{ die "not implemented\n" };
 
    74         default     { die "not implemented\n" };
 
    73     };
 
    75     };
 
    74 
    76 
    75 }
 
    77 }
 
    76 
    78 
    77 sub rm_keys (@) {
 
    79 sub rm_keys (@) {
 
    78 
    80 
    79     my @zones = @_;
 
    81     my @zones      = @_;
 
    80     my $master_dir = "$cf{master_dir}";
 
    82     my $master_dir = "$cf{master_dir}";
 
    81 
    83 
    82     for my $zone (@zones) {
 
    84     for my $zone (@zones) {
 
    83 
    85 
    84         my $dir = "$master_dir/$zone";
 
    86         my $dir = "$master_dir/$zone";
 
    85         my $ep  = 0;
 
    87         my $ep  = 0;
 
    86 
    88 
    87         my @files = map "$dir/$_", ("$zone.signed",
 
    89         my @files = map "$dir/$_",
 
    88             ".keycounter",
 
    90           (
 
    89             ".index.ksk",
 
    91             "$zone.signed", ".keycounter", ".index.ksk", ".index.zsk",
 
    90             ".index.zsk",
 
    92             "dsset-$zone.", "keyset-$zone."
 
    91             "dsset-$zone.",
 
    93           );
 
    92             "keyset-$zone.");
 
       
    93         push @files, glob "$dir/K$zone*";
 
    94         push @files, glob "$dir/K$zone*";
 
    94 
    95 
    95         for my $f (@files) {
 
    96         for my $f (@files) {
 
    96             if (-e $f) {
 
    97             if (-e $f) {
 
    97                 unlink $f or die "Can't unlink '$f': $!\n";
 
    98                 unlink $f or die "Can't unlink '$f': $!\n";
 
   102         say " * $zone: removed key-set" if $ep;
 
   103         say " * $zone: removed key-set" if $ep;
 
   103 
   104 
   104         open my $old, "$dir/$zone" or die "Can't open '$dir/$zone': $!\n";
 
   105         open my $old, "$dir/$zone" or die "Can't open '$dir/$zone': $!\n";
 
   105         my @old = <$old>;
 
   106         my @old = <$old>;
 
   106         close $old;
 
   107         close $old;
 
   107         my @new = grep { not /^\s*\$include\s+("?)K\Q$zone\E.*\.key\1\s*$/i } @old; 
   108         my @new =
 
       
   109           grep { not /^\s*\$include\s+("?)K\Q$zone\E.*\.key\1\s*$/i } @old;
 
   108         return if @new ~~ @old;
 
   110         return if @new ~~ @old;
 
   109 
   111 
   110         my $new = File::Temp->new(UNLINK => 0)
 
   112         my $new = File::Temp->new(UNLINK => 0)
 
   111           or die "Can't create tmpfile\n";
 
   113           or die "Can't create tmpfile\n";
 
   112         print $new @new;
 
   114         print $new @new;
 
   125     my $args = {
 
   127     my $args = {
 
   126 
   128 
   127         ksk => {
 
   129         ksk => {
 
   128             cmd => 'cd %s && dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE %s'
 
   130             cmd => 'cd %s && dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE %s'
 
   129         },
 
   131         },
 
   130         zsk => {
 
   132         zsk => { cmd => 'cd %s && dnssec-keygen -a RSASHA1 -b 512 -n ZONE %s' }
 
   131             cmd => 'cd %s && dnssec-keygen -a RSASHA1 -b 512 -n ZONE %s'
 
       
   132         }
 
       
   133 
   133 
   134     };
 
   134     };
 
   135 
   135 
   136     die "Invalid type $type" unless defined $args->{$type};
 
   136     die "Invalid type $type" unless defined $args->{$type};
 
   137 
   137 
   140         my (@index, $keyname, $idx);
 
   140         my (@index, $keyname, $idx);
 
   141         my $dir = "$master_dir/$zone";
 
   141         my $dir = "$master_dir/$zone";
 
   142         my $cmd = sprintf $args->{$type}->{cmd}, $dir, $zone;
 
   142         my $cmd = sprintf $args->{$type}->{cmd}, $dir, $zone;
 
   143 
   143 
   144         chomp($keyname = qx/$cmd/);
 
   144         chomp($keyname = qx/$cmd/);
 
   145         die "Key generation failed! (output was: '$keyname')" unless $keyname =~ /^K\Q$zone\E\.?\+\d{3}\+\d{5}$/;
 
   145         die "Key generation failed! (output was: '$keyname')"
 
   146 
   146           unless $keyname =~ /^K\Q$zone\E\.?\+\d{3}\+\d{5}$/;
 
   147         open $idx, '+>>', "$dir/.index.$type" or die "Can't open $dir/.index.$type: $!\n";
 
   147 
   148         seek $idx, 0 ,0 or die "Cant' seek: $!";
 
   148         open $idx, '+>>', "$dir/.index.$type"
 
   149         chomp (@index = <$idx>);
 
   149           or die "Can't open $dir/.index.$type: $!\n";
 
       
   150         seek $idx, 0, 0 or die "Cant' seek: $!";
 
       
   151         chomp(@index = <$idx>);
 
   150 
   152 
   151         push @index, $keyname;
 
   153         push @index, $keyname;
 
       
   154 
   152         # TODO: this should be part of the key removal procedure, no?
 
   155         # TODO: this should be part of the key removal procedure, no?
 
   153         # shift @index if @index > 2;
 
   156         # shift @index if @index > 2;
 
   154 
   157 
   155         seek $idx, 0 ,0 or die "Cant' seek: $!";
 
   158         seek $idx, 0, 0 or die "Cant' seek: $!";
 
   156         truncate $idx, 0 or die "Can't truncate: $!";
 
   159         truncate $idx, 0 or die "Can't truncate: $!";
 
   157         print $idx join "\n" => @index, '';
 
   160         print $idx join "\n" => @index, '';
 
   158         close $idx;
 
   161         close $idx;
 
   159 
   162 
   160         say "$zone: new ", uc $type, " $keyname";
 
   163         say "$zone: new ", uc $type, " $keyname";
 
   161 
   164 
   162         key_to_zonefile($keyname);
 
   165         key_to_zonefile($keyname);
 
   163 
   166 
   164         if (lc $type eq 'zsk') {
 
   167         if (lc $type eq 'zsk') {
 
   165             open my $kc, '>', "$dir/.keycounter" or die "Can't open $dir/.keycounter: $!\n";
 
   168             open my $kc, '>', "$dir/.keycounter"
 
       
   169               or die "Can't open $dir/.keycounter: $!\n";
 
   166             print $kc "0\n";
 
   170             print $kc "0\n";
 
   167             close $kc;
 
   171             close $kc;
 
   168         }
 
   172         }
 
   169 
   173 
   170     }
 
   174     }
 
   271     my $zone = $1 or die "Can't determine zone from key name '$keyname'\n";
 
   275     my $zone = $1 or die "Can't determine zone from key name '$keyname'\n";
 
   272     my $zf = "$cf{master_dir}/$zone/$zone";
 
   276     my $zf = "$cf{master_dir}/$zone/$zone";
 
   273     my (@lines, $tmp);
 
   277     my (@lines, $tmp);
 
   274 
   278 
   275     open OLD, '<', $zf or die "Can't open $zf: $!\n";
 
   279     open OLD, '<', $zf or die "Can't open $zf: $!\n";
 
   276     chomp (@lines = <OLD>);
 
   280     chomp(@lines = <OLD>);
 
   277     close OLD;
 
   281     close OLD;
 
   278 
   282 
   279     return if grep /^\s*\$include\s+("?)\Q$keyname\E\.key\1\s*$/i, @lines;
 
   283     return if grep /^\s*\$include\s+("?)\Q$keyname\E\.key\1\s*$/i, @lines;
 
   280 
   284 
   281     $tmp = File::Temp->new(UNLINK => 0) or die "Can't create temporary file\n";
 
   285     $tmp = File::Temp->new(UNLINK => 0) or die "Can't create temporary file\n";
ius/dnstools