--- a/dnssec-keytool.pl Wed Dec 29 22:11:21 2010 +0100
+++ b/dnssec-keytool.pl Thu Dec 30 12:42:59 2010 +0100
@@ -14,18 +14,18 @@
my @zone;
my $do;
- my %conf = read_conf();
+ my %conf = read_conf();
($do, @zone) = read_argv($conf{master_dir});
# completed the program, if not a valid zones was handed over
unless (@zone) { exit; }
if ($do eq "rm") { rm_keys($conf{master_dir}, @zone); exit; }
-# if ($do eq "ck") { &ck_zone; }
+ if ($do eq "ck") { ck_zone($conf{master_dir}, @zone); }
if ($do eq "ksk") { creat_ksk($conf{master_dir}, @zone); }
creat_zsk($conf{master_dir}, @zone);
-# &post_creat;
+ post_creat($conf{master_dir}, @zone);
}
sub read_conf {
@@ -43,7 +43,6 @@
while (<CONFIG>) {
chomp;
s/#.*//;
- s/\t//g;
s/\s//g;
next unless length;
@@ -55,13 +54,14 @@
}
sub read_argv ($) {
+
# evaluate argv or print the help
my $master_dir = $_[0];
my $arg = shift @ARGV;
my $zone;
- my $do; # return
- my @zone; # return
+ my $do; # return
+ my @zone; # return
if (!defined $arg) {
print " usage: dnssec-keytool <option> zone\n";
@@ -94,6 +94,7 @@
}
sub rm_keys (@) {
+
# deletes all the keys were handed over -rm in argv
my ($master_dir, @zone) = @_;
my @new_zone_content;
@@ -124,9 +125,9 @@
unlink "$zpf/keyset-$zone." and $ep = 1;
}
- for (glob("$zpf/K$zone*")) {
+ for (glob("$zpf/K$zone*")) {
chomp($_);
- unlink ("$_");
+ unlink("$_");
}
if ($ep == 1) {
@@ -143,12 +144,15 @@
push @new_zone_content, $_;
}
}
-
- my $fh = File::Temp->new(DIR => "$zpf")
- or die "Can't create tmpdir: $!\n";
- print $fh join "" => @new_zone_content, "";
- rename($fh->filename => "$zpf/$zone")
- or die "Can't rename " . $fh->filename . " to $zpf/$zone: $!\n";
+
+ {
+ my $fh = File::Temp->new(DIR => "$zpf")
+ or die "Can't create tmpdir: $!\n";
+ print $fh join "" => @new_zone_content, "";
+ rename($fh->filename => "$zpf/$zone")
+ or die "Can't rename " . $fh->filename . " to $zpf/$zone: $!\n";
+ }
+
}
}
@@ -161,11 +165,12 @@
my $zone = $_;
my $zpf = "$master_dir/$zone";
- $keyname = `cd $zpf && dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $zone`;
+ $keyname =
+ `cd $zpf && dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $zone`;
- unless (-f ".index.ksk") { @index = (); }
+ unless (-f "$zpf/.index.ksk") { @index = (); }
else {
- open(INDEX, ".index.ksk") or die "$zpf/.index.ksk: $!\n";
+ open(INDEX, "$zpf/.index.ksk") or die "$zpf/.index.ksk: $!\n";
@index = <INDEX>;
close(INDEX);
}
@@ -173,13 +178,18 @@
push @index, $keyname;
if (@index > 2) { shift(@index); }
- open(INDEX, ">.index.ksk") or die "$zpf/.index.ksk: $!\n";
- print INDEX @index;
- close(INDEX);
+ {
+ my $fh = File::Temp->new(DIR => "$zpf")
+ or die "Can't create tmpdir: $!\n";
+ print $fh join "" => @index, "";
+ rename($fh->filename => "$zpf/.index.ksk")
+ or die "Can't rename "
+ . $fh->filename
+ . " to $zpf/.index.ksk: $!\n";
+ }
chomp($keyname);
print " * $zone: new KSK $keyname\n";
-
print "!! THE KSK must be published !! \n";
}
@@ -196,9 +206,11 @@
$keyname = `cd $zpf && dnssec-keygen -a RSASHA1 -b 512 -n ZONE $zone`;
- unless (-f ".index.zsk") { @index = (); }
+ unless (-f "$zpf/.index.zsk") {
+ @index = ();
+ }
else {
- open(INDEX, ".index.zsk") or die "$zpf/.index.zsk: $!\n";
+ open(INDEX, "$zpf/.index.zsk") or die "$zpf/.index.zsk: $!\n";
@index = <INDEX>;
close(INDEX);
}
@@ -206,28 +218,30 @@
push @index, $keyname;
if (@index > 2) { shift(@index); }
- open(INDEX, ">.index.zsk") or die "$zpf/.index.zsk: $!\n";
- print INDEX @index;
- close(INDEX);
-
+ {
+ my $fh = File::Temp->new(DIR => "$zpf")
+ or die "Can't create tmpdir: $!\n";
+ print $fh join "" => @index, "";
+ rename($fh->filename => "$zpf/.index.zsk")
+ or die "Can't rename "
+ . $fh->filename
+ . " to $zpf/.index.zsk: $!\n";
+ }
chomp($keyname);
print " * $zone: new ZSK $keyname\n";
- open(KC, ">.keycounter") or die "$zpf/keycounter: $!\n";
+ open(KC, ">$zpf/.keycounter") or die "$zpf/keycounter: $!\n";
print KC "0";
close(KC);
-
}
}
sub ck_zone {
- our @zones;
- our $master_dir;
- my $zone;
+ my ($master_dir, @zone) = @_;
- for (@zones) {
- $zone = $_;
- my $zpf = "$master_dir/$zone";
+ for (@zone) {
+ my $zone = $_;
+ my $zpf = "$master_dir/$zone";
my $keyfile;
my @content;
my @keylist;
@@ -235,7 +249,8 @@
for (<$zpf/*>) {
if (m#(K$zone.*\.key)#) {
$keyfile = $1;
- open(KEYFILE, "<$zpf/$keyfile");
+ open(KEYFILE, "<", "$zpf/$keyfile")
+ or die "$zpf/$keyfile: $!\n";
@content = <KEYFILE>;
close(KEYFILE);
for (@content) {
@@ -246,7 +261,7 @@
}
}
- open(INDEX, ">.index.ksk") or die "$zpf/.index.ksk: $!\n";
+ open(INDEX, ">$zpf/.index.ksk") or die "$zpf/.index.ksk: $!\n";
for (@keylist) {
s#\.key##;
print INDEX "$_\n";
@@ -254,7 +269,6 @@
close(INDEX);
print " * $zone: new .index.ksk created\n";
-
if (-f "$zpf/.index.zsk") {
unlink("$zpf/.index.zsk") or die "$zpf/.index.zsk: $!\n";
}
@@ -262,27 +276,23 @@
}
sub post_creat {
- our @zones;
- our $master_dir;
-
- for (@zones) {
+ my ($master_dir, @zone) = @_;
+ for (@zone) {
my $zone = $_;
`touch $master_dir/$zone/$zone`;
-
- &kill_useless_keys($zone);
- &key_to_zonefile($zone);
+ &kill_useless_keys($zone, $master_dir);
+ &key_to_zonefile($zone, $master_dir);
}
-
}
sub kill_useless_keys {
# the function deletes all keys that are not available in the zone
- # of index.zsk
- our $master_dir;
- my $zone = $_[0];
- my @keylist = ();
- my $zpf = "$master_dir/$zone";
+
+ my $zone = $_[0];
+ my $master_dir = $_[1];
+ my @keylist = ();
+ my $zpf = "$master_dir/$zone";
open(INDEX, "<$zpf/.index.zsk") or die "$zpf/.index.zsk: $!\n";
@keylist = <INDEX>;
@@ -299,7 +309,7 @@
# reviewed every key file (KSK, ZSK), whether they are described in
# the respective index file. if not they will be deleted.
- for ( glob("$master_dir/$zone/K*")) {
+ for (glob("$master_dir/$zone/K*")) {
chomp;
my $file = $_;
my $rm_count = 1;
@@ -310,7 +320,7 @@
if ($rm_count == 1) {
unlink "$file";
if ($file =~ /$zpf\/(.*\.key)/) {
- print " * $zone: Schluessel $1 entfernt \n";
+ print " * $zone: Key $1 removed \n";
}
}
}
@@ -319,9 +329,9 @@
sub key_to_zonefile {
# the function added all keys to the indexfile
- our $master_dir;
- my $zone = $_[0];
- my $zpf = "$master_dir/$zone";
+ my $zone = $_[0];
+ my $master_dir = $_[1];
+ my $zpf = "$master_dir/$zone";
my @old_content;
my @new_content = ();
@@ -343,7 +353,6 @@
close(ZONEFILE);
}
-
__END__
=pod
@@ -357,3 +366,5 @@
dnssec-keytool <option> zone
=head1 DESCRIPTION
+
+kommt bald