Mercurial Mercurial > hg > ius > dnstools / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
dnssec-creatkey
changeset 8 a1eefce2bd5e
parent 6 920c1a51ba0e
child 9 c45415af9a4b 
--- a/dnssec-creatkey	Tue Jun 29 09:54:44 2010 +0200
+++ b/dnssec-creatkey	Wed Jun 30 13:15:11 2010 +0200
@@ -1,54 +1,66 @@
 #!/bin/bash
-
-ZONE_DIR="/etc/bind/master"
-ZSKLIVE=60			# ZSK-Schluessellebensdauer in Tagen
+source dnstools.conf
 
-function TEST_ZSK {			# prueft ob es einen ZSK gibt
-	for DOMAIN in $ZONE_DIR/*
+master_dir=$MASTER_DIR
+key_counter_end=$KEY_COUNTER_END
+eingabe=$@
+
+function test_zsk_aenderung {
+	for domain in $eingabe
 	do
-		test -f $DOMAIN/index.zsk || echo ${DOMAIN##/*/}
+		test -d $master_dir/$domain && echo $domain
 	done
 }
 
-function TEST_KSK {			# prueft ob es einen KSK gibt
-	for DOMAIN in $ZONE_DIR/*
+
+function test_zsk_new {			# prueft ob es einen ZSK gibt
+	for zone in $master_dir/*
 	do
-		test -f $DOMAIN/index.ksk || echo ${DOMAIN##/*/}
+		test -f $zone/index.zsk || echo ${zone##/*/}
 	done
 }
 
-function TEST_ZSK_TIME {		# prueft ob der ZSK abgelaufen ist
-	for DOMAIN in $ZONE_DIR/*
+function test_ksk_new {			# prueft ob es einen KSK gibt
+	for zone in $master_dir/*
 	do
-		STARTTIME=`ls $DOMAIN/index.zsk -l --time-style=+%s | cut -d' ' -f6 2>/dev/null`
-		ENDTIME=$[STARTTIME + $[ZSKLIVE * 86400]]
-		NOWTIME=`date +%s`
+		test -f $zone/index.ksk || echo ${zone##/*/}
+	done
+}
 
-		if [ $ENDTIME -le $NOWTIME ]
+function test_zsk_time {		# prueft den keycounter
+	for zone in $master_dir/*
+	do
+		key_counter_end=$1
+		test -f $zone/keycounter || echo 0 > $zone/keycounter
+		key_counter=`< $zone/keycounter`
+	
+		if [ $key_counter_end -le $key_counter ]
 		then
-			echo ${DOMAIN##/*/} 
+			echo ${zone##/*/} 
 		fi
 	done
 }
 
-
-VAR_ZSK_TIME=`TEST_ZSK_TIME`
-VAR_ZSK=`TEST_ZSK`
-VAR_KSK=`TEST_KSK`
+zsk_aenderung=`test_zsk_aenderung`
+zsk_time=`test_zsk_time $key_counter_end`
+zsk_new=`test_zsk_new`
+ksk_new=`test_ksk_new`
 
 
-for NEW_ZSK_ZONE in $VAR_ZSK $VAR_ZSK_TIME	# Erstellt ZSK
+for NEW_ZSK_ZONE in $zsk_new $zsk_time $zsk_aenderung	# Erstellt ZSK
 do
-	cd $ZONE_DIR/$NEW_ZSK_ZONE
+	cd $master_dir/$NEW_ZSK_ZONE
 	echo "erzeugt zsk fuer" $NEW_ZSK_ZONE
 	dnssec-keygen -a RSASHA1 -b 512 -n ZONE $NEW_ZSK_ZONE >> index.zsk
 	INDEX_ZSK=$( tail -n2 index.zsk )
 	echo $INDEX_ZSK | fmt -w1 > index.zsk
+
+	echo 0 > keycounter	
 done
 
-for NEW_KSK_ZONE in $VAR_KSK		# Erstellt KSK
+for NEW_KSK_ZONE in $ksk_new		# Erstellt KSK
 do	
-	cd $ZONE_DIR/$NEW_KSK_ZONE
+	cd $master_dir/$NEW_KSK_ZONE
 	echo "erzeugt ksk fuer" $NEW_KSK_ZONE
 	dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $NEW_KSK_ZONE >> index.ksk
 	INDEX_KSK=$( tail -n2 index.ksk )
@@ -57,9 +69,9 @@
 
 
 
-for ZONE in $VAR_ZSK $VAR_KSK $VAR_ZSKTIME
+for ZONE in $zsk_time $zsk_new $ksk_new $zsk_aenderung
 do
-	cd $ZONE_DIR/$ZONE
+	cd $master_dir/$ZONE
 
 	#loescht alle Schluessel die nicht in der indexdatei stehen
 	rm $(ls K*[key,private] | grep -v "`cat index.zsk`" | grep -v "`cat index.ksk`") 2> /dev/null
ius/dnstools