1 #! /usr/bin/perl |
1 #! /usr/bin/perl |
2 |
2 |
3 use warnings; |
3 use warnings; |
4 use strict; |
4 use strict; |
5 use FindBin; |
5 use FindBin; |
|
6 use File::Temp; |
|
7 |
|
8 sub read_conf; |
|
9 sub read_argv($); |
|
10 sub rm_keys(@); |
|
11 sub creat_zsk(@); |
|
12 |
|
13 MAIN: { |
|
14 my @zone; |
|
15 my $do; |
|
16 |
|
17 my %conf = read_conf(); |
|
18 ($do, @zone) = read_argv($conf{master_dir}); |
|
19 |
|
20 # completed the program, if not a valid zones was handed over |
|
21 unless (@zone) { exit; } |
|
22 |
|
23 if ($do eq "rm") { rm_keys($conf{master_dir}, @zone); exit; } |
|
24 # if ($do eq "ck") { &ck_zone; } |
|
25 if ($do eq "ksk") { creat_ksk($conf{master_dir}, @zone); } |
|
26 |
|
27 creat_zsk($conf{master_dir}, @zone); |
|
28 # &post_creat; |
|
29 } |
6 |
30 |
7 sub read_conf { |
31 sub read_conf { |
8 |
32 |
9 # read configuration |
33 # read configuration |
10 my @configs = ("$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf"); |
34 my @conffile = ("etc/dnstools.conf", "$FindBin::Bin/dnstools.conf"); |
11 our %config; |
35 my %return; |
12 |
36 |
13 for (grep { -f } @configs) { |
37 for (grep { -f } @conffile) { |
14 open(CONFIG, $_) or die "Can't open $_: $!\n"; |
38 open(CONFIG, "<", $_) or die "Can't open $_: $!\n"; |
15 } |
39 } |
16 unless (seek(CONFIG, 0, 0)) { |
40 unless (seek(CONFIG, 0, 0)) { |
17 die "Can't open config (searched: @configs)\n"; |
41 die "Can't open config (searched: @conffile)\n"; |
18 } |
42 } |
19 while (<CONFIG>) { |
43 while (<CONFIG>) { |
20 chomp; |
44 chomp; |
21 s/#.*//; |
45 s/#.*//; |
22 s/\t//g; |
46 s/\t//g; |
23 s/\s//g; |
47 s/\s//g; |
24 |
48 |
25 next unless length; |
49 next unless length; |
26 my ($cname, $ccont) = split(/\s*=\s*/, $_, 2); |
50 my ($cname, $ccont) = split(/\s*=\s*/, $_, 2); |
27 $config{$cname} = $ccont; |
51 $return{$cname} = $ccont; |
28 } |
52 } |
29 close(CONFIG); |
53 close(CONFIG); |
30 } |
54 return %return; |
31 |
55 } |
32 sub read_argv { |
56 |
|
57 sub read_argv ($) { |
33 # evaluate argv or print the help |
58 # evaluate argv or print the help |
|
59 my $master_dir = $_[0]; |
|
60 |
34 my $arg = shift @ARGV; |
61 my $arg = shift @ARGV; |
35 my $zone; |
62 my $zone; |
36 our $do; |
63 my $do; # return |
37 our @zones; |
64 my @zone; # return |
38 our $master_dir; |
|
39 |
65 |
40 if (!defined $arg) { |
66 if (!defined $arg) { |
41 print " usage: dnssec-keytool <option> zone\n"; |
67 print " usage: dnssec-keytool <option> zone\n"; |
42 print " -z created a new ZSK\n"; |
68 print " -z created a new ZSK\n"; |
43 print " -k created a new ZSK and KSK\n"; |
69 print " -k created a new ZSK and KSK\n"; |
59 |
85 |
60 # checks the zones in argv if there are managed zones |
86 # checks the zones in argv if there are managed zones |
61 for (@ARGV) { |
87 for (@ARGV) { |
62 chomp($zone = `idn --quiet "$_"`); |
88 chomp($zone = `idn --quiet "$_"`); |
63 if (-e "$master_dir/$zone/$zone") { |
89 if (-e "$master_dir/$zone/$zone") { |
64 push @zones, $zone; |
90 push @zone, $zone; |
65 } |
91 } |
66 } |
92 } |
67 } |
93 return ($do, @zone); |
68 |
94 } |
69 sub rm_keys { |
95 |
|
96 sub rm_keys (@) { |
70 # deletes all the keys were handed over -rm in argv |
97 # deletes all the keys were handed over -rm in argv |
71 our @zones; |
98 my ($master_dir, @zone) = @_; |
72 our $master_dir; |
|
73 my $zone; |
|
74 my @new_zone_content; |
99 my @new_zone_content; |
75 my @old_zone_content; |
100 my @old_zone_content; |
76 |
101 |
77 for (@zones) { |
102 for (@zone) { |
78 $zone = $_; |
103 my $zone = $_; |
79 |
104 |
80 my $zpf = "$master_dir/$zone"; |
105 my $zpf = "$master_dir/$zone"; |
81 my $ep = 0; |
106 my $ep = 0; |
82 |
107 |
83 if (-e "$zpf/$zone.signed") { |
108 if (-e "$zpf/$zone.signed") { |
116 for (@old_zone_content) { |
141 for (@old_zone_content) { |
117 unless (m#\$INCLUDE.*\"K$zone.*\.key\"#) { |
142 unless (m#\$INCLUDE.*\"K$zone.*\.key\"#) { |
118 push @new_zone_content, $_; |
143 push @new_zone_content, $_; |
119 } |
144 } |
120 } |
145 } |
121 |
146 |
122 open(ZONE, ">$zpf/$zone") or die "$zpf/$zone: $!\n"; |
147 my $fh = File::Temp->new(DIR => "$zpf") |
123 print ZONE @new_zone_content; |
148 or die "Can't create tmpdir: $!\n"; |
124 close(ZONE); |
149 print $fh join "" => @new_zone_content, ""; |
|
150 rename($fh->filename => "$zpf/$zone") |
|
151 or die "Can't rename " . $fh->filename . " to $zpf/$zone: $!\n"; |
125 } |
152 } |
126 } |
153 } |
127 |
154 |
128 sub creat_ksk { |
155 sub creat_ksk { |
129 our @zones; |
156 my ($master_dir, @zone) = @_; |
130 our $master_dir; |
|
131 my @index; |
157 my @index; |
132 my $zone; |
|
133 my $keyname; |
158 my $keyname; |
134 my $zpf; |
159 |
135 |
160 for (@zone) { |
136 for (@zones) { |
161 my $zone = $_; |
137 $zone = $_; |
162 my $zpf = "$master_dir/$zone"; |
138 $zpf = "$master_dir/$zone"; |
163 |
139 |
164 $keyname = `cd $zpf && dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $zone`; |
140 chdir "$zpf" or die "$zpf: $!\n"; |
|
141 $keyname = `dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $zone`; |
|
142 |
165 |
143 unless (-f ".index.ksk") { @index = (); } |
166 unless (-f ".index.ksk") { @index = (); } |
144 else { |
167 else { |
145 open(INDEX, ".index.ksk") or die "$zpf/.index.ksk: $!\n"; |
168 open(INDEX, ".index.ksk") or die "$zpf/.index.ksk: $!\n"; |
146 @index = <INDEX>; |
169 @index = <INDEX>; |
160 print "!! THE KSK must be published !! \n"; |
183 print "!! THE KSK must be published !! \n"; |
161 |
184 |
162 } |
185 } |
163 } |
186 } |
164 |
187 |
165 sub creat_zsk { |
188 sub creat_zsk (@) { |
166 our @zones; |
189 my ($master_dir, @zone) = @_; |
167 our $master_dir; |
|
168 my @index; |
190 my @index; |
169 my $zone; |
|
170 my $keyname; |
191 my $keyname; |
171 my $zpf; |
192 |
172 |
193 for (@zone) { |
173 for (@zones) { |
194 my $zone = $_; |
174 $zone = $_; |
195 my $zpf = "$master_dir/$zone"; |
175 $zpf = "$master_dir/$zone"; |
196 |
176 |
197 $keyname = `cd $zpf && dnssec-keygen -a RSASHA1 -b 512 -n ZONE $zone`; |
177 chdir "$zpf" or die "$zpf: $!\n"; |
|
178 $keyname = `dnssec-keygen -a RSASHA1 -b 512 -n ZONE $zone`; |
|
179 |
198 |
180 unless (-f ".index.zsk") { @index = (); } |
199 unless (-f ".index.zsk") { @index = (); } |
181 else { |
200 else { |
182 open(INDEX, ".index.zsk") or die "$zpf/.index.zsk: $!\n"; |
201 open(INDEX, ".index.zsk") or die "$zpf/.index.zsk: $!\n"; |
183 @index = <INDEX>; |
202 @index = <INDEX>; |
322 open(ZONEFILE, ">$zpf/$zone") or die "$zpf/$zone: $!\n"; |
341 open(ZONEFILE, ">$zpf/$zone") or die "$zpf/$zone: $!\n"; |
323 print ZONEFILE @new_content; |
342 print ZONEFILE @new_content; |
324 close(ZONEFILE); |
343 close(ZONEFILE); |
325 } |
344 } |
326 |
345 |
327 &read_conf; |
|
328 |
|
329 our %config; |
|
330 our $do; # statements from argv |
|
331 our @zones; # list of zones from argv |
|
332 our $master_dir = $config{master_dir}; |
|
333 our $bind_dir = $config{bind_dir}; |
|
334 our $conf_dir = $config{zone_conf_dir}; |
|
335 our $sign_alert_time = $config{sign_alert_time}; |
|
336 our $indexzone = $config{indexzone}; |
|
337 our $key_counter_end = $config{key_counter_end}; |
|
338 our $ablauf_zeit = $config{abl_zeit}; |
|
339 |
|
340 &read_argv; |
|
341 |
|
342 # completed the program, if not a valid zones was handed over |
|
343 unless (@zones) { exit; } |
|
344 |
|
345 if ($do eq "rm") { &rm_keys; exit; } |
|
346 if ($do eq "ck") { &ck_zone; } |
|
347 if ($do eq "ksk") { &creat_ksk; } |
|
348 |
|
349 &creat_zsk; |
|
350 &post_creat; |
|
351 |
346 |
352 __END__ |
347 __END__ |
353 |
348 |
354 =pod |
349 =pod |
355 |
350 |