ius/dnstools: comparison dnssec-keytool.pl

equal deleted inserted replaced

-:fe2c4391758e
+:86418a892c76
 MAIN: {
 my @zone;
 my $do;
-my %conf     = read_conf();
+my %conf = read_conf();
 ($do, @zone) = read_argv($conf{master_dir});
 # completed the program, if not a valid zones was handed over
 unless (@zone) { exit; }
 if ($do eq "rm") { rm_keys($conf{master_dir}, @zone); exit; }
-#    if ($do eq "ck") { &ck_zone; }
+if ($do eq "ck") { ck_zone($conf{master_dir}, @zone); }
 if ($do eq "ksk") { creat_ksk($conf{master_dir}, @zone); }
 creat_zsk($conf{master_dir}, @zone);
-#    &post_creat;
+post_creat($conf{master_dir}, @zone);
 }
 sub read_conf {
 # read configuration
 die "Can't open config (searched: @conffile)\n";
 }
 while (<CONFIG>) {
 chomp;
 s/#.*//;
-s/\t//g;
 s/\s//g;
 next unless length;
 my ($cname, $ccont) = split(/\s*=\s*/, $_, 2);
 $return{$cname} = $ccont;
 close(CONFIG);
 return %return;
 }
 sub read_argv ($) {
 # evaluate argv or print the help
 my $master_dir = $_[0];
 my $arg = shift @ARGV;
 my $zone;
-my $do;    # return
+my $do;      # return
-my @zone;  # return
+my @zone;    # return
 if (!defined $arg) {
 print " usage: dnssec-keytool <option> zone\n";
 print "   -z  created a new ZSK\n";
 print "   -k  created a new ZSK and KSK\n";
 }
 return ($do, @zone);
 }
 sub rm_keys (@) {
 # deletes all the keys were handed over -rm in argv
 my ($master_dir, @zone) = @_;
 my @new_zone_content;
 my @old_zone_content;
 }
 if (-e "$zpf/keyset-$zone.") {
 unlink "$zpf/keyset-$zone." and $ep = 1;
 }
 for (glob("$zpf/K$zone*")) {
 chomp($_);
-unlink ("$_");
+unlink("$_");
 }
 if ($ep == 1) {
 print " * $zone: removed key-set\n";
 }
 for (@old_zone_content) {
 unless (m#\$INCLUDE.*\"K$zone.*\.key\"#) {
 push @new_zone_content, $_;
 }
 }
-my $fh = File::Temp->new(DIR => "$zpf")
+{
-or die "Can't create tmpdir: $!\n";
+my $fh = File::Temp->new(DIR => "$zpf")
-print $fh join "" => @new_zone_content, "";
+or die "Can't create tmpdir: $!\n";
-rename($fh->filename => "$zpf/$zone")
+print $fh join "" => @new_zone_content, "";
-or die "Can't rename " . $fh->filename . " to $zpf/$zone: $!\n";
+rename($fh->filename => "$zpf/$zone")
+or die "Can't rename " . $fh->filename . " to $zpf/$zone: $!\n";
+}
 }
 }
 sub creat_ksk {
 my ($master_dir, @zone) = @_;
 for (@zone) {
 my $zone = $_;
 my $zpf  = "$master_dir/$zone";
-$keyname = `cd $zpf && dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $zone`;
+$keyname =
+`cd $zpf && dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $zone`;
-unless (-f ".index.ksk") { @index = (); }
+unless (-f "$zpf/.index.ksk") { @index = (); }
 else {
-open(INDEX, ".index.ksk") or die "$zpf/.index.ksk: $!\n";
+open(INDEX, "$zpf/.index.ksk") or die "$zpf/.index.ksk: $!\n";
 @index = <INDEX>;
 close(INDEX);
 }
 push @index, $keyname;
 if (@index > 2) { shift(@index); }
-open(INDEX, ">.index.ksk") or die "$zpf/.index.ksk: $!\n";
+{
-print INDEX @index;
+my $fh = File::Temp->new(DIR => "$zpf")
-close(INDEX);
+or die "Can't create tmpdir: $!\n";
+print $fh join "" => @index, "";
+rename($fh->filename => "$zpf/.index.ksk")
+or die "Can't rename "
+. $fh->filename
+. " to $zpf/.index.ksk: $!\n";
+}
 chomp($keyname);
 print " * $zone: new KSK $keyname\n";
 print "!! THE KSK must be published !! \n";
 }
 }
 my $zone = $_;
 my $zpf  = "$master_dir/$zone";
 $keyname = `cd $zpf && dnssec-keygen -a RSASHA1 -b 512 -n ZONE $zone`;
-unless (-f ".index.zsk") { @index = (); }
+unless (-f "$zpf/.index.zsk") {
+@index = ();
+}
 else {
-open(INDEX, ".index.zsk") or die "$zpf/.index.zsk: $!\n";
+open(INDEX, "$zpf/.index.zsk") or die "$zpf/.index.zsk: $!\n";
 @index = <INDEX>;
 close(INDEX);
 }
 push @index, $keyname;
 if (@index > 2) { shift(@index); }
-open(INDEX, ">.index.zsk") or die "$zpf/.index.zsk: $!\n";
+{
-print INDEX @index;
+my $fh = File::Temp->new(DIR => "$zpf")
-close(INDEX);
+or die "Can't create tmpdir: $!\n";
+print $fh join "" => @index, "";
+rename($fh->filename => "$zpf/.index.zsk")
+or die "Can't rename "
+. $fh->filename
+. " to $zpf/.index.zsk: $!\n";
+}
 chomp($keyname);
 print " * $zone: new ZSK $keyname\n";
-open(KC, ">.keycounter") or die "$zpf/keycounter: $!\n";
+open(KC, ">$zpf/.keycounter") or die "$zpf/keycounter: $!\n";
 print KC "0";
 close(KC);
 }
 }
 sub ck_zone {
-our @zones;
+my ($master_dir, @zone) = @_;
-our $master_dir;
-my $zone;
+for (@zone) {
+my $zone = $_;
-for (@zones) {
+my $zpf  = "$master_dir/$zone";
-$zone = $_;
-my $zpf = "$master_dir/$zone";
 my $keyfile;
 my @content;
 my @keylist;
 for (<$zpf/*>) {
 if (m#(K$zone.*\.key)#) {
 $keyfile = $1;
-open(KEYFILE, "<$zpf/$keyfile");
+open(KEYFILE, "<", "$zpf/$keyfile")
+or die "$zpf/$keyfile: $!\n";
 @content = <KEYFILE>;
 close(KEYFILE);
 for (@content) {
 if (m#DNSKEY.257#) {
 push @keylist, $keyfile;
 }
 }
 }
 }
-open(INDEX, ">.index.ksk") or die "$zpf/.index.ksk: $!\n";
+open(INDEX, ">$zpf/.index.ksk") or die "$zpf/.index.ksk: $!\n";
 for (@keylist) {
 s#\.key##;
 print INDEX "$_\n";
 }
 close(INDEX);
 print " * $zone: new .index.ksk created\n";
 if (-f "$zpf/.index.zsk") {
 unlink("$zpf/.index.zsk") or die "$zpf/.index.zsk: $!\n";
 }
 }
 }
 sub post_creat {
-our @zones;
+my ($master_dir, @zone) = @_;
-our $master_dir;
+for (@zone) {
-for (@zones) {
 my $zone = $_;
 `touch $master_dir/$zone/$zone`;
+&kill_useless_keys($zone, $master_dir);
-&kill_useless_keys($zone);
+&key_to_zonefile($zone, $master_dir);
-&key_to_zonefile($zone);
+}
-}
 }
 sub kill_useless_keys {
 # the function deletes all keys that are not available in the zone
-# of index.zsk
-our $master_dir;
+my $zone       = $_[0];
-my $zone    = $_[0];
+my $master_dir = $_[1];
-my @keylist = ();
+my @keylist    = ();
-my $zpf     = "$master_dir/$zone";
+my $zpf        = "$master_dir/$zone";
 open(INDEX, "<$zpf/.index.zsk") or die "$zpf/.index.zsk: $!\n";
 @keylist = <INDEX>;
 close(INDEX);
 open(INDEX, "<$zpf/.index.ksk") or die "$zpf/.index.ksk: $!\n";
 s#K.*\+.*\+(.*)#$1#;
 }
 # reviewed every key file (KSK, ZSK), whether they are described in
 # the respective index file. if not they will be deleted.
-for ( glob("$master_dir/$zone/K*")) {
+for (glob("$master_dir/$zone/K*")) {
 chomp;
 my $file     = $_;
 my $rm_count = 1;
 my $keyname;
 for (@keylist) {
 if ($file =~ /$_/) { $rm_count = 0; }
 }
 if ($rm_count == 1) {
 unlink "$file";
 if ($file =~ /$zpf\/(.*\.key)/) {
-print " * $zone: Schluessel $1 entfernt \n";
+print " * $zone: Key $1 removed \n";
 }
 }
 }
 }
 sub key_to_zonefile {
 # the function added all keys to the indexfile
-our $master_dir;
+my $zone       = $_[0];
-my $zone = $_[0];
+my $master_dir = $_[1];
-my $zpf  = "$master_dir/$zone";
+my $zpf        = "$master_dir/$zone";
 my @old_content;
 my @new_content = ();
 open(ZONEFILE, "<$zpf/$zone");
 @old_content = <ZONEFILE>;
 open(ZONEFILE, ">$zpf/$zone") or die "$zpf/$zone: $!\n";
 print ZONEFILE @new_content;
 close(ZONEFILE);
 }
 __END__
 =pod
 =head1 NAME
 =head1 SYNOPSIS
 dnssec-keytool <option> zone
 =head1 DESCRIPTION
+kommt bald

branch	hs12
changeset 64	86418a892c76
parent 61	991f8f1593dc
child 66	c44bc1c8e396