1 #!/usr/bin/perl -w |
1 #!/usr/bin/perl -w |
2 |
2 |
3 use strict; |
3 use strict; |
4 use FindBin; |
4 use FindBin; |
5 |
5 |
6 |
|
7 # liest die Konfiguration ein |
6 # liest die Konfiguration ein |
8 my @configs = ("$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf"); |
7 my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" ); |
9 my %config; |
8 my %config; |
10 |
9 |
11 for (grep {-f} @configs) { |
10 for ( grep {-f} @configs ) { |
12 open(CONFIG, $_) or die "Can't open $_: $!\n"; |
11 open( CONFIG, $_ ) or die "Can't open $_: $!\n"; |
13 } |
12 } |
14 |
13 |
15 unless (seek(CONFIG,0 ,0 )) { |
14 unless ( seek( CONFIG, 0, 0 ) ) { |
16 die "Can't open config (searched: @configs)\n" |
15 die "Can't open config (searched: @configs)\n"; |
17 } |
16 } |
18 |
17 |
19 while (<CONFIG>) { |
18 while (<CONFIG>) { |
20 chomp; |
19 chomp; |
21 s/#.*//; |
20 s/#.*//; |
22 s/\t//g; |
21 s/\t//g; |
23 s/\s//g; |
22 s/\s//g; |
24 |
23 |
25 next unless length; |
24 next unless length; |
26 my ($cname, $ccont) = split (/\s*=\s*/, $_,2); |
25 my ( $cname, $ccont ) = split( /\s*=\s*/, $_, 2 ); |
27 $config{$cname} = $ccont; |
26 $config{$cname} = $ccont; |
28 } |
27 } |
29 close (CONFIG); |
28 close(CONFIG); |
30 |
29 |
31 |
30 my $master_dir = $config{master_dir}; |
32 my $master_dir = $config{master_dir}; |
|
33 my $key_counter_end = $config{key_counter_end}; |
31 my $key_counter_end = $config{key_counter_end}; |
34 my @change; |
32 my @change; |
35 my @manu; |
33 my @manu; |
36 my @index; |
34 my @index; |
37 my $zone; |
35 my $zone; |
38 my $keyname; |
36 my $keyname; |
39 |
37 |
40 # prueft ob eingaben in ARGV domains sind und gibt sie in die liste @manu |
38 # prueft ob eingaben in ARGV domains sind und gibt sie in die liste @manu |
41 for (@ARGV) { |
39 for (@ARGV) { |
42 chomp (my $zone = `idn --quiet "$_"`); |
40 chomp( my $zone = `idn --quiet "$_"` ); |
43 |
41 |
44 if (-d "$master_dir/$zone") { |
42 if ( -d "$master_dir/$zone" ) { |
45 push (@manu, $zone); |
43 push( @manu, $zone ); |
46 } |
44 } |
47 else { |
45 else { |
48 print " $zone not exist\n "; |
46 print " $zone not exist\n "; |
49 } |
47 } |
50 } |
48 } |
51 |
49 |
52 # gibt alle zonen mit abgelaufenen keycounter in die liste @change |
50 # gibt alle zonen mit abgelaufenen keycounter in die liste @change |
53 while (<$master_dir/*>) { |
51 while (<$master_dir/*>) { |
54 chomp ($zone = $_); |
52 chomp( $zone = $_ ); |
55 my $key; |
53 my $key; |
56 |
54 |
57 unless (-f "$zone/.keycounter") { |
55 unless ( -f "$zone/.keycounter" ) { |
58 next |
56 next; |
59 } |
57 } |
60 |
58 |
61 open (KEY, "$zone/.keycounter") or die "$zone/.keycounter: $!\n"; |
59 open( KEY, "$zone/.keycounter" ) or die "$zone/.keycounter: $!\n"; |
62 $key = <KEY>; |
60 $key = <KEY>; |
63 close (KEY); |
61 close(KEY); |
64 |
62 |
65 if ($key_counter_end <= $key) { |
63 if ( $key_counter_end <= $key ) { |
66 $zone =~ s#($master_dir/)(.*)#$2#; |
64 $zone =~ s#($master_dir/)(.*)#$2#; |
67 push (@change, $zone); |
65 push( @change, $zone ); |
68 } |
66 } |
69 } |
67 } |
70 |
68 |
71 #erzeugt zsks |
69 #erzeugt zsks |
72 for (@change, @manu) { |
70 for ( @change, @manu ) { |
73 $zone = $_; |
71 $zone = $_; |
74 |
72 |
75 chdir "$master_dir/$zone" or die "$master_dir/$zone: $!\n"; |
73 chdir "$master_dir/$zone" or die "$master_dir/$zone: $!\n"; |
76 $keyname = `dnssec-keygen -a RSASHA1 -b 512 -n ZONE $zone`; |
74 $keyname = `dnssec-keygen -a RSASHA1 -b 512 -n ZONE $zone`; |
77 |
75 |
78 unless (-f ".index.zsk") { |
76 unless ( -f ".index.zsk" ) { |
79 @index = (); |
77 @index = (); |
80 } |
78 } |
81 else { |
79 else { |
82 open (INDEX, ".index.zsk") or die "$master_dir/$zone/.index.zsk: $!\n"; |
80 open( INDEX, ".index.zsk" ) |
83 @index = <INDEX>; |
81 or die "$master_dir/$zone/.index.zsk: $!\n"; |
84 close (INDEX); |
82 @index = <INDEX>; |
85 } |
83 close(INDEX); |
86 |
84 } |
87 push @index, $keyname; |
85 |
88 if (@index > 2){ |
86 push @index, $keyname; |
89 shift (@index); |
87 if ( @index > 2 ) { |
90 } |
88 shift(@index); |
91 |
89 } |
92 open (INDEX, ">.index.zsk") or die "$master_dir/$zone/.index.zsk: $!\n"; |
90 |
93 print INDEX @index; |
91 open( INDEX, ">.index.zsk" ) or die "$master_dir/$zone/.index.zsk: $!\n"; |
94 close (INDEX); |
92 print INDEX @index; |
95 |
93 close(INDEX); |
96 chomp ($keyname); |
94 |
97 print "$keyname (ZSK) erzeugt fuer $zone \n"; |
95 chomp($keyname); |
98 |
96 print "$keyname (ZSK) erzeugt fuer $zone \n"; |
99 open (KC, ">.keycounter") or die "$master_dir/$zone/keycounter: $!\n"; |
97 |
100 print KC "0"; |
98 open( KC, ">.keycounter" ) or die "$master_dir/$zone/keycounter: $!\n"; |
101 close (KC); |
99 print KC "0"; |
|
100 close(KC); |
102 } |
101 } |
103 |
102 |
104 #erzeugt ksks |
103 #erzeugt ksks |
105 for (@manu) { |
104 for (@manu) { |
106 $zone = $_; |
105 $zone = $_; |
107 |
106 |
108 chdir "$master_dir/$zone" or die "$master_dir/$zone: $!\n"; |
107 chdir "$master_dir/$zone" or die "$master_dir/$zone: $!\n"; |
109 $keyname = `dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $zone`; |
108 $keyname = `dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $zone`; |
110 |
109 |
111 unless (-f ".index.ksk") { |
110 unless ( -f ".index.ksk" ) { |
112 @index = (); |
111 @index = (); |
113 } else { |
112 } |
114 open (INDEX, ".index.ksk") or die "$master_dir/$zone/.index.ksk: $!\n"; |
113 else { |
115 @index = <INDEX>; |
114 open( INDEX, ".index.ksk" ) |
116 close (INDEX); |
115 or die "$master_dir/$zone/.index.ksk: $!\n"; |
117 } |
116 @index = <INDEX>; |
118 |
117 close(INDEX); |
119 push @index, $keyname; |
118 } |
120 if (@index > 2){ |
119 |
121 shift (@index); |
120 push @index, $keyname; |
122 } |
121 if ( @index > 2 ) { |
123 |
122 shift(@index); |
124 open (INDEX, ">.index.ksk") or die "$master_dir/$zone/.index.ksk: $!\n"; |
123 } |
125 print INDEX @index; |
124 |
126 close (INDEX); |
125 open( INDEX, ">.index.ksk" ) or die "$master_dir/$zone/.index.ksk: $!\n"; |
127 |
126 print INDEX @index; |
128 chomp ($keyname); |
127 close(INDEX); |
129 print "$keyname (KSK) erzeugt fuer $zone \n"; |
128 |
130 } |
129 chomp($keyname); |
131 |
130 print "$keyname (KSK) erzeugt fuer $zone \n"; |
|
131 } |
132 |
132 |
133 # loescht alle unbenoetigten schluessel, fuegt die schluessel in |
133 # loescht alle unbenoetigten schluessel, fuegt die schluessel in |
134 # die zone-datei |
134 # die zone-datei |
135 for (@change, @manu) { |
135 for ( @change, @manu ) { |
136 $zone = $_; |
136 $zone = $_; |
137 my @old_zone_content = (); |
137 my @old_zone_content = (); |
138 my @new_zone_content = (); |
138 my @new_zone_content = (); |
139 my @keylist = (); |
139 my @keylist = (); |
140 my $file = (); |
140 my $file = (); |
141 |
141 |
142 |
142 open( INDEX, "<$master_dir/$zone/.index.zsk" ) |
143 open (INDEX, "<$master_dir/$zone/.index.zsk") or die "$master_dir/$zone/.index.zsk: $!\n"; |
143 or die "$master_dir/$zone/.index.zsk: $!\n"; |
144 @keylist = <INDEX>; |
144 @keylist = <INDEX>; |
145 close (INDEX); |
145 close(INDEX); |
146 |
146 |
147 open (INDEX, "<$master_dir/$zone/.index.ksk") or die "$master_dir/$zone/.index.ksk: $!\n"; |
147 open( INDEX, "<$master_dir/$zone/.index.ksk" ) |
148 push @keylist, <INDEX>; |
148 or die "$master_dir/$zone/.index.ksk: $!\n"; |
149 close (INDEX); |
149 push @keylist, <INDEX>; |
150 |
150 close(INDEX); |
151 open (ZONE, "<$master_dir/$zone/$zone") or die "$master_dir/$zone/$zone: $!\n"; |
151 |
152 @old_zone_content = <ZONE>; |
152 open( ZONE, "<$master_dir/$zone/$zone" ) |
153 close (ZONE); |
153 or die "$master_dir/$zone/$zone: $!\n"; |
154 |
154 @old_zone_content = <ZONE>; |
155 # kuerzt die schluessel-bezeichnung aus der indexdatei auf die id um sie |
155 close(ZONE); |
156 # besser vergleichen zu koennen. |
156 |
157 for (@keylist) { |
157 # kuerzt die schluessel-bezeichnung aus der indexdatei auf die id um sie |
158 chomp; |
158 # besser vergleichen zu koennen. |
159 s#K.*\+.*\+(.*)#$1#; |
159 for (@keylist) { |
160 } |
160 chomp; |
161 |
161 s#K.*\+.*\+(.*)#$1#; |
162 # filtert alle schluessel aus der zonedatei |
162 } |
163 # old_zone_content ==> new_zone_content |
163 |
164 for (@old_zone_content) { |
164 # filtert alle schluessel aus der zonedatei |
165 unless (/IN\sDNSKEY/) { |
165 # old_zone_content ==> new_zone_content |
166 push @new_zone_content, $_; |
166 for (@old_zone_content) { |
167 } |
167 unless (/IN\sDNSKEY/) { |
168 } |
168 push @new_zone_content, $_; |
169 |
169 } |
170 # prueft alle schluesseldateien (ksk, zsk) ob sie in der jeweiligen |
170 } |
171 # indexdatei beschrieben sind. wenn nicht werden sie geloescht. |
171 |
172 for (`ls $master_dir/$zone/K*[key,private]`){ |
172 # prueft alle schluesseldateien (ksk, zsk) ob sie in der jeweiligen |
173 chomp; |
173 # indexdatei beschrieben sind. wenn nicht werden sie geloescht. |
174 $file = $_; |
174 for (`ls $master_dir/$zone/K*[key,private]`) { |
175 my $rm_count = 1; |
175 chomp; |
176 |
176 $file = $_; |
177 for (@keylist) { |
177 my $rm_count = 1; |
178 |
178 |
179 if ($file =~ /$_/) { |
179 for (@keylist) { |
180 $rm_count = 0; |
180 |
181 |
181 if ( $file =~ /$_/ ) { |
182 # schluessel die in der indexdatei standen, werden an die |
182 $rm_count = 0; |
183 # zonedatei angehangen. |
183 |
184 if ($file =~ /.*key/) { |
184 # schluessel die in der indexdatei standen, werden an die |
185 open (KEYFILE, "<$file") or next "$file: $!\n"; |
185 # zonedatei angehangen. |
186 push @new_zone_content, <KEYFILE>; |
186 if ( $file =~ /.*key/ ) { |
187 close (KEYFILE); |
187 open( KEYFILE, "<$file" ) or next "$file: $!\n"; |
188 |
188 push @new_zone_content, <KEYFILE>; |
189 last; |
189 close(KEYFILE); |
190 } |
190 |
191 } |
191 last; |
192 } |
192 } |
193 |
193 } |
194 #loescht alle unbenoetigten schluessel |
194 } |
195 if ($rm_count == 1) { |
195 |
196 unlink "$file"; |
196 #loescht alle unbenoetigten schluessel |
197 } |
197 if ( $rm_count == 1 ) { |
198 } |
198 unlink "$file"; |
199 |
199 } |
200 |
200 } |
201 open (ZONE, ">$master_dir/$zone/$zone") or die "$master_dir/$zone/$zone: $!\n"; |
201 |
202 print ZONE @new_zone_content; |
202 open( ZONE, ">$master_dir/$zone/$zone" ) |
203 close (ZONE); |
203 or die "$master_dir/$zone/$zone: $!\n"; |
204 |
204 print ZONE @new_zone_content; |
205 print "$master_dir/$zone/$zone wurde neu erstellt \n"; |
205 close(ZONE); |
206 } |
206 |
|
207 print "$master_dir/$zone/$zone wurde neu erstellt \n"; |
|
208 } |