diff -r 9cad6f1c5505 -r a1eefce2bd5e dnssec-creatkey --- a/dnssec-creatkey Tue Jun 29 09:54:44 2010 +0200 +++ b/dnssec-creatkey Wed Jun 30 13:15:11 2010 +0200 @@ -1,54 +1,66 @@ #!/bin/bash - -ZONE_DIR="/etc/bind/master" -ZSKLIVE=60 # ZSK-Schluessellebensdauer in Tagen +source dnstools.conf -function TEST_ZSK { # prueft ob es einen ZSK gibt - for DOMAIN in $ZONE_DIR/* +master_dir=$MASTER_DIR +key_counter_end=$KEY_COUNTER_END +eingabe=$@ + +function test_zsk_aenderung { + for domain in $eingabe do - test -f $DOMAIN/index.zsk || echo ${DOMAIN##/*/} + test -d $master_dir/$domain && echo $domain done } -function TEST_KSK { # prueft ob es einen KSK gibt - for DOMAIN in $ZONE_DIR/* + +function test_zsk_new { # prueft ob es einen ZSK gibt + for zone in $master_dir/* do - test -f $DOMAIN/index.ksk || echo ${DOMAIN##/*/} + test -f $zone/index.zsk || echo ${zone##/*/} done } -function TEST_ZSK_TIME { # prueft ob der ZSK abgelaufen ist - for DOMAIN in $ZONE_DIR/* +function test_ksk_new { # prueft ob es einen KSK gibt + for zone in $master_dir/* do - STARTTIME=`ls $DOMAIN/index.zsk -l --time-style=+%s | cut -d' ' -f6 2>/dev/null` - ENDTIME=$[STARTTIME + $[ZSKLIVE * 86400]] - NOWTIME=`date +%s` + test -f $zone/index.ksk || echo ${zone##/*/} + done +} - if [ $ENDTIME -le $NOWTIME ] +function test_zsk_time { # prueft den keycounter + for zone in $master_dir/* + do + key_counter_end=$1 + test -f $zone/keycounter || echo 0 > $zone/keycounter + key_counter=`< $zone/keycounter` + + if [ $key_counter_end -le $key_counter ] then - echo ${DOMAIN##/*/} + echo ${zone##/*/} fi done } - -VAR_ZSK_TIME=`TEST_ZSK_TIME` -VAR_ZSK=`TEST_ZSK` -VAR_KSK=`TEST_KSK` +zsk_aenderung=`test_zsk_aenderung` +zsk_time=`test_zsk_time $key_counter_end` +zsk_new=`test_zsk_new` +ksk_new=`test_ksk_new` -for NEW_ZSK_ZONE in $VAR_ZSK $VAR_ZSK_TIME # Erstellt ZSK +for NEW_ZSK_ZONE in $zsk_new $zsk_time $zsk_aenderung # Erstellt ZSK do - cd $ZONE_DIR/$NEW_ZSK_ZONE + cd $master_dir/$NEW_ZSK_ZONE echo "erzeugt zsk fuer" $NEW_ZSK_ZONE dnssec-keygen -a RSASHA1 -b 512 -n ZONE $NEW_ZSK_ZONE >> index.zsk INDEX_ZSK=$( tail -n2 index.zsk ) echo $INDEX_ZSK | fmt -w1 > index.zsk + + echo 0 > keycounter done -for NEW_KSK_ZONE in $VAR_KSK # Erstellt KSK +for NEW_KSK_ZONE in $ksk_new # Erstellt KSK do - cd $ZONE_DIR/$NEW_KSK_ZONE + cd $master_dir/$NEW_KSK_ZONE echo "erzeugt ksk fuer" $NEW_KSK_ZONE dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $NEW_KSK_ZONE >> index.ksk INDEX_KSK=$( tail -n2 index.ksk ) @@ -57,9 +69,9 @@ -for ZONE in $VAR_ZSK $VAR_KSK $VAR_ZSKTIME +for ZONE in $zsk_time $zsk_new $ksk_new $zsk_aenderung do - cd $ZONE_DIR/$ZONE + cd $master_dir/$ZONE #loescht alle Schluessel die nicht in der indexdatei stehen rm $(ls K*[key,private] | grep -v "`cat index.zsk`" | grep -v "`cat index.ksk`") 2> /dev/null