--- a/dnssec-keytool.pl Tue Dec 21 13:55:01 2010 +0100
+++ b/dnssec-keytool.pl Tue Dec 21 14:01:08 2010 +0100
@@ -7,18 +7,19 @@
sub del_double {
my %all;
grep { $all{$_} = 0 } @_;
- return ( keys %all );
+ return (keys %all);
}
sub read_conf {
+
# liest die Konfiguration ein
- my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" );
+ my @configs = ("$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf");
our %config;
- for ( grep {-f} @configs ) {
- open( CONFIG, $_ ) or die "Can't open $_: $!\n";
+ for (grep { -f } @configs) {
+ open(CONFIG, $_) or die "Can't open $_: $!\n";
}
- unless ( seek( CONFIG, 0, 0 ) ) {
+ unless (seek(CONFIG, 0, 0)) {
die "Can't open config (searched: @configs)\n";
}
while (<CONFIG>) {
@@ -28,13 +29,14 @@
s/\s//g;
next unless length;
- my ( $cname, $ccont ) = split( /\s*=\s*/, $_, 2 );
+ my ($cname, $ccont) = split(/\s*=\s*/, $_, 2);
$config{$cname} = $ccont;
}
close(CONFIG);
}
sub read_argv {
+
# wertet argv aus oder gibt die hilfe aus
my $arg = shift @ARGV;
my $zone;
@@ -42,7 +44,7 @@
our @zones;
our $master_dir;
- if ( ! defined $arg ) {
+ if (!defined $arg) {
print " usage: dnssec-keytool <option> zone\n";
print " -z erstellt einen neuen ZSK\n";
print " -k erstellt je einen neuen ZSK und KSK\n";
@@ -53,10 +55,10 @@
exit;
}
- elsif ($arg eq "-k") {$do = "ksk";}
- elsif ($arg eq "-rm") {$do = "rm";}
- elsif ($arg eq "-c") {$do = "ck";}
- elsif ($arg eq "-z") {$do = "zsk";}
+ elsif ($arg eq "-k") { $do = "ksk"; }
+ elsif ($arg eq "-rm") { $do = "rm"; }
+ elsif ($arg eq "-c") { $do = "ck"; }
+ elsif ($arg eq "-z") { $do = "zsk"; }
else {
print "keine gueltige Option.\n";
exit;
@@ -64,8 +66,8 @@
# prueft die zonen in argv ob es verwaltete zonen sind
for (@ARGV) {
- chomp( $zone = `idn --quiet "$_"` );
- if ( -e "$master_dir/$zone/$zone" ) {
+ chomp($zone = `idn --quiet "$_"`);
+ if (-e "$master_dir/$zone/$zone") {
push @zones, $zone;
}
}
@@ -82,43 +84,49 @@
$zone = $_;
my $zpf = "$master_dir/$zone";
- my $ep = 0;
+ my $ep = 0;
- if ( -e "$zpf/$zone.signed" ) {
- unlink "$zpf/$zone.signed" and $ep = 1 }
- if ( -e "$zpf/.keycounter" ) {
- unlink "$zpf/.keycounter" and $ep = 1 }
- if ( -e "$zpf/.index.ksk" ) {
- unlink "$zpf/.index.ksk" and $ep = 1 }
- if ( -e "$zpf/.index.zsk" ) {
- unlink "$zpf/.index.zsk" and $ep = 1 }
- if ( -e "$zpf/dsset-$zone." ) {
- unlink "$zpf/dsset-$zone." and $ep = 1 }
- if ( -e "$zpf/keyset-$zone." ) {
- unlink "$zpf/keyset-$zone." and $ep = 1 }
+ if (-e "$zpf/$zone.signed") {
+ unlink "$zpf/$zone.signed" and $ep = 1;
+ }
+ if (-e "$zpf/.keycounter") {
+ unlink "$zpf/.keycounter" and $ep = 1;
+ }
+ if (-e "$zpf/.index.ksk") {
+ unlink "$zpf/.index.ksk" and $ep = 1;
+ }
+ if (-e "$zpf/.index.zsk") {
+ unlink "$zpf/.index.zsk" and $ep = 1;
+ }
+ if (-e "$zpf/dsset-$zone.") {
+ unlink "$zpf/dsset-$zone." and $ep = 1;
+ }
+ if (-e "$zpf/keyset-$zone.") {
+ unlink "$zpf/keyset-$zone." and $ep = 1;
+ }
- for (`ls $zpf/K$zone*`) {
+ for (`ls $zpf/K$zone*`) {
chomp($_);
print "weg du scheissezwerg $_";
- unlink ("$_");
+ unlink("$_");
}
if ($ep == 1) {
print " * $zone: schluesselmaterial entfernt\n";
}
- open( ZONE, "$zpf/$zone" )
- or die "$zpf/$zone: $!\n";
+ open(ZONE, "$zpf/$zone")
+ or die "$zpf/$zone: $!\n";
@old_zone_content = <ZONE>;
close(ZONE);
-
+
for (@old_zone_content) {
unless (m#\$INCLUDE.*\"K$zone.*\.key\"#) {
push @new_zone_content, $_;
}
}
- open( ZONE, ">$zpf/$zone" ) or die "$zpf/$zone: $!\n";
+ open(ZONE, ">$zpf/$zone") or die "$zpf/$zone: $!\n";
print ZONE @new_zone_content;
close(ZONE);
}
@@ -134,28 +142,27 @@
for (@zones) {
$zone = $_;
- $zpf = "$master_dir/$zone";
+ $zpf = "$master_dir/$zone";
chdir "$zpf" or die "$zpf: $!\n";
$keyname = `dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $zone`;
- unless ( -f ".index.ksk" ) { @index = ();}
+ unless (-f ".index.ksk") { @index = (); }
else {
- open( INDEX, ".index.ksk" ) or die "$zpf/.index.ksk: $!\n";
+ open(INDEX, ".index.ksk") or die "$zpf/.index.ksk: $!\n";
@index = <INDEX>;
close(INDEX);
}
push @index, $keyname;
- if ( @index > 2 ) { shift(@index);}
+ if (@index > 2) { shift(@index); }
- open( INDEX, ">.index.ksk" ) or die "$zpf/.index.ksk: $!\n";
+ open(INDEX, ">.index.ksk") or die "$zpf/.index.ksk: $!\n";
print INDEX @index;
close(INDEX);
chomp($keyname);
print " * $zone: neuer KSK $keyname\n";
-
print "!! DER KSK muss der Chain of Trust veroeffentlicht werden !! \n";
@@ -172,29 +179,29 @@
for (@zones) {
$zone = $_;
- $zpf = "$master_dir/$zone";
+ $zpf = "$master_dir/$zone";
chdir "$zpf" or die "$zpf: $!\n";
$keyname = `dnssec-keygen -a RSASHA1 -b 512 -n ZONE $zone`;
- unless ( -f ".index.zsk" ) { @index = ();}
+ unless (-f ".index.zsk") { @index = (); }
else {
- open( INDEX, ".index.zsk" ) or die "$zpf/.index.zsk: $!\n";
+ open(INDEX, ".index.zsk") or die "$zpf/.index.zsk: $!\n";
@index = <INDEX>;
close(INDEX);
}
push @index, $keyname;
- if ( @index > 2 ) { shift(@index);}
+ if (@index > 2) { shift(@index); }
- open( INDEX, ">.index.zsk" ) or die "$zpf/.index.zsk: $!\n";
+ open(INDEX, ">.index.zsk") or die "$zpf/.index.zsk: $!\n";
print INDEX @index;
close(INDEX);
chomp($keyname);
print " * $zone: neuer ZSK $keyname\n";
- open( KC, ">.keycounter" ) or die "$zpf/keycounter: $!\n";
+ open(KC, ">.keycounter") or die "$zpf/keycounter: $!\n";
print KC "0";
close(KC);
@@ -216,9 +223,9 @@
for (<$zpf/*>) {
if (m#(K$zone.*\.key)#) {
$keyfile = $1;
- open (KEYFILE, "<$zpf/$keyfile");
+ open(KEYFILE, "<$zpf/$keyfile");
@content = <KEYFILE>;
- close (KEYFILE);
+ close(KEYFILE);
for (@content) {
if (m#DNSKEY.257#) {
push @keylist, $keyfile;
@@ -227,17 +234,17 @@
}
}
- open( INDEX, ">.index.ksk" ) or die "$zpf/.index.ksk: $!\n";
+ open(INDEX, ">.index.ksk") or die "$zpf/.index.ksk: $!\n";
for (@keylist) {
s#\.key##;
print INDEX "$_\n";
}
close(INDEX);
-
+
print " * $zone: neue .index.ksk erzeugt\n";
if (-f "$zpf/.index.zsk") {
- unlink ("$zpf/.index.zsk") or die "$zpf/.index.zsk: $!\n";
+ unlink("$zpf/.index.zsk") or die "$zpf/.index.zsk: $!\n";
}
}
}
@@ -257,22 +264,23 @@
}
sub kill_useless_keys {
+
# die funktion loescht alle schluessel die nicht in der index.zsk
# der uebergebenen zone stehen
our $master_dir;
- my $zone = $_[0];
- my @keylist = ();
- my $zpf = "$master_dir/$zone";
+ my $zone = $_[0];
+ my @keylist = ();
+ my $zpf = "$master_dir/$zone";
- open (INDEX, "<$zpf/.index.zsk") or die "$zpf/.index.zsk: $!\n";
+ open(INDEX, "<$zpf/.index.zsk") or die "$zpf/.index.zsk: $!\n";
@keylist = <INDEX>;
close(INDEX);
- open (INDEX, "<$zpf/.index.ksk") or die "$zpf/.index.ksk: $!\n";
+ open(INDEX, "<$zpf/.index.ksk") or die "$zpf/.index.ksk: $!\n";
push @keylist, <INDEX>;
# kuerzt die schluessel-bezeichnung aus der indexdatei auf die id um sie
# besser vergleichen zu koennen.
- for ( @keylist ) {
+ for (@keylist) {
chomp;
s#K.*\+.*\+(.*)#$1#;
}
@@ -281,15 +289,15 @@
# indexdatei beschrieben sind. wenn nicht werden sie geloescht.
for (`ls $master_dir/$zone/K*[key,private]`) {
chomp;
- my $file = $_;
+ my $file = $_;
my $rm_count = 1;
my $keyname;
for (@keylist) {
- if ( $file =~ /$_/ ) { $rm_count = 0;}
+ if ($file =~ /$_/) { $rm_count = 0; }
}
if ($rm_count == 1) {
unlink "$file";
- if ($file =~ /$zpf\/(.*\.key)/ ) {
+ if ($file =~ /$zpf\/(.*\.key)/) {
print " * $zone: Schluessel $1 entfernt \n";
}
}
@@ -297,10 +305,11 @@
}
sub key_to_zonefile {
+
# die funktion fugt alle schluessel in eine zonedatei
our $master_dir;
my $zone = $_[0];
- my $zpf = "$master_dir/$zone";
+ my $zpf = "$master_dir/$zone";
my @old_content;
my @new_content = ();
@@ -317,17 +326,16 @@
push @new_content, "\$INCLUDE \"$2\"\n";
}
}
- open( ZONEFILE, ">$zpf/$zone" ) or die "$zpf/$zone: $!\n";
+ open(ZONEFILE, ">$zpf/$zone") or die "$zpf/$zone: $!\n";
print ZONEFILE @new_content;
close(ZONEFILE);
}
-
&read_conf;
our %config;
-our $do; # arbeitsschritte aus argv
-our @zones; # liste der zonen in argv
+our $do; # arbeitsschritte aus argv
+our @zones; # liste der zonen in argv
our $master_dir = $config{master_dir};
our $bind_dir = $config{bind_dir};
our $conf_dir = $config{zone_conf_dir};
@@ -338,14 +346,13 @@
&read_argv;
-unless (@zones) {exit;} # beendet das programm, wurden keine
- # gueltigen zonen uebergeben
+unless (@zones) { exit; } # beendet das programm, wurden keine
+ # gueltigen zonen uebergeben
-if ($do eq "rm") { &rm_keys; exit;}
-if ($do eq "ck") { &ck_zone;}
+if ($do eq "rm") { &rm_keys; exit; }
+if ($do eq "ck") { &ck_zone; }
if ($do eq "ksk") { &creat_ksk; }
&creat_zsk;
&post_creat;
-