1 #!/usr/bin/perl |
|
2 |
|
3 use strict; |
|
4 use warnings; |
|
5 use FindBin; |
|
6 |
|
7 sub del_double { |
|
8 my %all; |
|
9 grep { $all{$_} = 0 } @_; |
|
10 return ( keys %all ); |
|
11 } |
|
12 |
|
13 # liest die Konfiguration ein |
|
14 my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" ); |
|
15 my %config; |
|
16 |
|
17 for ( grep {-f} @configs ) { |
|
18 open( CONFIG, $_ ) or die "Can't open $_: $!\n"; |
|
19 } |
|
20 |
|
21 unless ( seek( CONFIG, 0, 0 ) ) { |
|
22 die "Can't open config (searched: @configs)\n"; |
|
23 } |
|
24 |
|
25 while (<CONFIG>) { |
|
26 chomp; |
|
27 s/#.*//; |
|
28 s/\t//g; |
|
29 s/\s//g; |
|
30 |
|
31 next unless length; |
|
32 my ( $cname, $ccont ) = split( /\s*=\s*/, $_, 2 ); |
|
33 $config{$cname} = $ccont; |
|
34 } |
|
35 close(CONFIG); |
|
36 |
|
37 my $master_dir = $config{master_dir}; |
|
38 my $sign_alert_time = $config{sign_alert_time}; |
|
39 my $zone; |
|
40 my ( @manu, @auto ); |
|
41 my @zone_sig_content; |
|
42 my $sig_date; |
|
43 my $kc; |
|
44 my $serial_up = 0; |
|
45 |
|
46 for (@ARGV) { |
|
47 if ( $_ eq "-s" ) { |
|
48 $serial_up = 1; |
|
49 shift @ARGV; |
|
50 } |
|
51 } |
|
52 |
|
53 # prueft zonen aus ARGV und fuegt sie in die liste @manu ein |
|
54 for (@ARGV) { |
|
55 chomp( my $zone = `idn --quiet "$_"` ); |
|
56 |
|
57 if ( -e "$master_dir/$zone/.keycounter" ) { |
|
58 push @manu, $zone; |
|
59 } |
|
60 } |
|
61 |
|
62 chomp( my $unixtime = `date +%s` ); |
|
63 $unixtime = $unixtime + ( 3600 * $sign_alert_time ); |
|
64 my $time = `date -d \@$unixtime +%Y%m%d%H`; |
|
65 |
|
66 # vergleicht fuer alle zonen im ordner $master_dir mit einer |
|
67 # <zone>.signed-datei den zeitpunkt in $time mit dem ablaufdatum der |
|
68 # signatur, welcher aus der datei <zone>.signed ausgelesen wird. |
|
69 for (<$master_dir/*>) { |
|
70 s#($master_dir/)(.*)#$2#; |
|
71 $zone = $_; |
|
72 |
|
73 if ( -e "$master_dir/$zone/$zone.signed" ) { |
|
74 |
|
75 open( ZONE, "$master_dir/$zone/$zone.signed" ); |
|
76 @zone_sig_content = <ZONE>; |
|
77 close(ZONE); |
|
78 |
|
79 for (@zone_sig_content) { |
|
80 if (m#SOA.*[0-9]{14}#) { |
|
81 s#.*([0-9]{10})([0-9]{4}).*#$1#; |
|
82 if ( $_ < $time ) { |
|
83 push @auto, $zone; |
|
84 `touch $master_dir/$zone/$zone` |
|
85 } |
|
86 } |
|
87 } |
|
88 } |
|
89 } |
|
90 |
|
91 #gibt zonen mit schluessel aber ohne signatur in die liste @auto |
|
92 #for (<$master_dir/*>) { |
|
93 # s#($master_dir/)(.*)#$2#; |
|
94 # $zone = $_; |
|
95 # |
|
96 # if ( -e "$master_dir/$zone/.keycounter" ) { |
|
97 # |
|
98 # open( KC, "$master_dir/$zone/.keycounter" ); |
|
99 # $kc = <KC>; |
|
100 # close(KC); |
|
101 # |
|
102 # if ( $kc < 1 ) { |
|
103 # push @auto, $zone; |
|
104 # } |
|
105 # } |
|
106 #} |
|
107 |
|
108 # signiert alle zonen in @auto und @manu und erhoeht den wert in |
|
109 # der keycounter-datei |
|
110 for ( &del_double( @auto, @manu ) ) { |
|
111 $zone = $_; |
|
112 |
|
113 chdir "$master_dir/$zone"; |
|
114 |
|
115 if (`dnssec-signzone $zone 2>/dev/null`) { |
|
116 print "$zone neu signiert \n"; |
|
117 |
|
118 open( KC, "$master_dir/$zone/.keycounter" ); |
|
119 $kc = <KC>; |
|
120 close(KC); |
|
121 $kc += 1; |
|
122 open( KC, ">$master_dir/$zone/.keycounter" ); |
|
123 print KC $kc; |
|
124 close(KC); |
|
125 |
|
126 } |
|
127 else { |
|
128 print "$zone konnte nicht signiert werden \n"; |
|
129 } |
|
130 } |
|
131 |
|