diff -r 0342c09abf97 -r d5337081ed02 dnssec-creatkey --- a/dnssec-creatkey Thu Aug 05 10:49:36 2010 +0200 +++ b/dnssec-creatkey Mon Aug 09 11:45:43 2010 +0200 @@ -3,33 +3,31 @@ use strict; use FindBin; - # liest die Konfiguration ein -my @configs = ("$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf"); +my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" ); my %config; -for (grep {-f} @configs) { - open(CONFIG, $_) or die "Can't open $_: $!\n"; +for ( grep {-f} @configs ) { + open( CONFIG, $_ ) or die "Can't open $_: $!\n"; } -unless (seek(CONFIG,0 ,0 )) { - die "Can't open config (searched: @configs)\n" +unless ( seek( CONFIG, 0, 0 ) ) { + die "Can't open config (searched: @configs)\n"; } while () { - chomp; - s/#.*//; - s/\t//g; - s/\s//g; + chomp; + s/#.*//; + s/\t//g; + s/\s//g; - next unless length; - my ($cname, $ccont) = split (/\s*=\s*/, $_,2); - $config{$cname} = $ccont; + next unless length; + my ( $cname, $ccont ) = split( /\s*=\s*/, $_, 2 ); + $config{$cname} = $ccont; } -close (CONFIG); +close(CONFIG); - -my $master_dir = $config{master_dir}; +my $master_dir = $config{master_dir}; my $key_counter_end = $config{key_counter_end}; my @change; my @manu; @@ -39,168 +37,172 @@ # prueft ob eingaben in ARGV domains sind und gibt sie in die liste @manu for (@ARGV) { - chomp (my $zone = `idn --quiet "$_"`); + chomp( my $zone = `idn --quiet "$_"` ); - if (-d "$master_dir/$zone") { - push (@manu, $zone); - } - else { - print " $zone not exist\n "; - } + if ( -d "$master_dir/$zone" ) { + push( @manu, $zone ); + } + else { + print " $zone not exist\n "; + } } - + # gibt alle zonen mit abgelaufenen keycounter in die liste @change while (<$master_dir/*>) { - chomp ($zone = $_); - my $key; + chomp( $zone = $_ ); + my $key; - unless (-f "$zone/.keycounter") { - next - } + unless ( -f "$zone/.keycounter" ) { + next; + } - open (KEY, "$zone/.keycounter") or die "$zone/.keycounter: $!\n"; - $key = ; - close (KEY); + open( KEY, "$zone/.keycounter" ) or die "$zone/.keycounter: $!\n"; + $key = ; + close(KEY); - if ($key_counter_end <= $key) { - $zone =~ s#($master_dir/)(.*)#$2#; - push (@change, $zone); - } + if ( $key_counter_end <= $key ) { + $zone =~ s#($master_dir/)(.*)#$2#; + push( @change, $zone ); + } } #erzeugt zsks -for (@change, @manu) { - $zone = $_; +for ( @change, @manu ) { + $zone = $_; - chdir "$master_dir/$zone" or die "$master_dir/$zone: $!\n"; - $keyname = `dnssec-keygen -a RSASHA1 -b 512 -n ZONE $zone`; + chdir "$master_dir/$zone" or die "$master_dir/$zone: $!\n"; + $keyname = `dnssec-keygen -a RSASHA1 -b 512 -n ZONE $zone`; - unless (-f ".index.zsk") { - @index = (); - } - else { - open (INDEX, ".index.zsk") or die "$master_dir/$zone/.index.zsk: $!\n"; - @index = ; - close (INDEX); - } + unless ( -f ".index.zsk" ) { + @index = (); + } + else { + open( INDEX, ".index.zsk" ) + or die "$master_dir/$zone/.index.zsk: $!\n"; + @index = ; + close(INDEX); + } - push @index, $keyname; - if (@index > 2){ - shift (@index); - } + push @index, $keyname; + if ( @index > 2 ) { + shift(@index); + } - open (INDEX, ">.index.zsk") or die "$master_dir/$zone/.index.zsk: $!\n"; - print INDEX @index; - close (INDEX); + open( INDEX, ">.index.zsk" ) or die "$master_dir/$zone/.index.zsk: $!\n"; + print INDEX @index; + close(INDEX); - chomp ($keyname); - print "$keyname (ZSK) erzeugt fuer $zone \n"; + chomp($keyname); + print "$keyname (ZSK) erzeugt fuer $zone \n"; - open (KC, ">.keycounter") or die "$master_dir/$zone/keycounter: $!\n"; - print KC "0"; - close (KC); + open( KC, ">.keycounter" ) or die "$master_dir/$zone/keycounter: $!\n"; + print KC "0"; + close(KC); } #erzeugt ksks for (@manu) { - $zone = $_; - - chdir "$master_dir/$zone" or die "$master_dir/$zone: $!\n"; - $keyname = `dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $zone`; + $zone = $_; - unless (-f ".index.ksk") { - @index = (); - } else { - open (INDEX, ".index.ksk") or die "$master_dir/$zone/.index.ksk: $!\n"; - @index = ; - close (INDEX); - } + chdir "$master_dir/$zone" or die "$master_dir/$zone: $!\n"; + $keyname = `dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $zone`; - push @index, $keyname; - if (@index > 2){ - shift (@index); - } + unless ( -f ".index.ksk" ) { + @index = (); + } + else { + open( INDEX, ".index.ksk" ) + or die "$master_dir/$zone/.index.ksk: $!\n"; + @index = ; + close(INDEX); + } - open (INDEX, ">.index.ksk") or die "$master_dir/$zone/.index.ksk: $!\n"; - print INDEX @index; - close (INDEX); + push @index, $keyname; + if ( @index > 2 ) { + shift(@index); + } - chomp ($keyname); - print "$keyname (KSK) erzeugt fuer $zone \n"; + open( INDEX, ">.index.ksk" ) or die "$master_dir/$zone/.index.ksk: $!\n"; + print INDEX @index; + close(INDEX); + + chomp($keyname); + print "$keyname (KSK) erzeugt fuer $zone \n"; } - # loescht alle unbenoetigten schluessel, fuegt die schluessel in # die zone-datei -for (@change, @manu) { - $zone = $_; - my @old_zone_content = (); - my @new_zone_content = (); - my @keylist = (); - my $file = (); - +for ( @change, @manu ) { + $zone = $_; + my @old_zone_content = (); + my @new_zone_content = (); + my @keylist = (); + my $file = (); - open (INDEX, "<$master_dir/$zone/.index.zsk") or die "$master_dir/$zone/.index.zsk: $!\n"; - @keylist = ; - close (INDEX); + open( INDEX, "<$master_dir/$zone/.index.zsk" ) + or die "$master_dir/$zone/.index.zsk: $!\n"; + @keylist = ; + close(INDEX); - open (INDEX, "<$master_dir/$zone/.index.ksk") or die "$master_dir/$zone/.index.ksk: $!\n"; - push @keylist, ; - close (INDEX); + open( INDEX, "<$master_dir/$zone/.index.ksk" ) + or die "$master_dir/$zone/.index.ksk: $!\n"; + push @keylist, ; + close(INDEX); - open (ZONE, "<$master_dir/$zone/$zone") or die "$master_dir/$zone/$zone: $!\n"; - @old_zone_content = ; - close (ZONE); + open( ZONE, "<$master_dir/$zone/$zone" ) + or die "$master_dir/$zone/$zone: $!\n"; + @old_zone_content = ; + close(ZONE); - # kuerzt die schluessel-bezeichnung aus der indexdatei auf die id um sie - # besser vergleichen zu koennen. - for (@keylist) { - chomp; - s#K.*\+.*\+(.*)#$1#; - } + # kuerzt die schluessel-bezeichnung aus der indexdatei auf die id um sie + # besser vergleichen zu koennen. + for (@keylist) { + chomp; + s#K.*\+.*\+(.*)#$1#; + } - # filtert alle schluessel aus der zonedatei - # old_zone_content ==> new_zone_content - for (@old_zone_content) { - unless (/IN\sDNSKEY/) { - push @new_zone_content, $_; - } - } + # filtert alle schluessel aus der zonedatei + # old_zone_content ==> new_zone_content + for (@old_zone_content) { + unless (/IN\sDNSKEY/) { + push @new_zone_content, $_; + } + } - # prueft alle schluesseldateien (ksk, zsk) ob sie in der jeweiligen - # indexdatei beschrieben sind. wenn nicht werden sie geloescht. - for (`ls $master_dir/$zone/K*[key,private]`){ - chomp; - $file = $_; - my $rm_count = 1; + # prueft alle schluesseldateien (ksk, zsk) ob sie in der jeweiligen + # indexdatei beschrieben sind. wenn nicht werden sie geloescht. + for (`ls $master_dir/$zone/K*[key,private]`) { + chomp; + $file = $_; + my $rm_count = 1; + + for (@keylist) { - for (@keylist) { + if ( $file =~ /$_/ ) { + $rm_count = 0; - if ($file =~ /$_/) { - $rm_count = 0; + # schluessel die in der indexdatei standen, werden an die + # zonedatei angehangen. + if ( $file =~ /.*key/ ) { + open( KEYFILE, "<$file" ) or next "$file: $!\n"; + push @new_zone_content, ; + close(KEYFILE); - # schluessel die in der indexdatei standen, werden an die - # zonedatei angehangen. - if ($file =~ /.*key/) { - open (KEYFILE, "<$file") or next "$file: $!\n"; - push @new_zone_content, ; - close (KEYFILE); - - last; - } - } - } + last; + } + } + } - #loescht alle unbenoetigten schluessel - if ($rm_count == 1) { - unlink "$file"; - } - } - + #loescht alle unbenoetigten schluessel + if ( $rm_count == 1 ) { + unlink "$file"; + } + } - open (ZONE, ">$master_dir/$zone/$zone") or die "$master_dir/$zone/$zone: $!\n"; - print ZONE @new_zone_content; - close (ZONE); - - print "$master_dir/$zone/$zone wurde neu erstellt \n"; + open( ZONE, ">$master_dir/$zone/$zone" ) + or die "$master_dir/$zone/$zone: $!\n"; + print ZONE @new_zone_content; + close(ZONE); + + print "$master_dir/$zone/$zone wurde neu erstellt \n"; }