85 	{"named-conf",		required_argument, NULL, 'N'},
97 static	void	usage (char *mesg, zconf_t *conf);
99 static	int	parsedir (const char *dir, zone_t **zp, const zconf_t *conf);
106 static	void	copy_keyset (const char *dir, const char *domain, const zconf_t *conf);
327 			verbmesg (1, zp->conf, "\n");
347 static	void	usage (char *mesg, zconf_t *conf)
358 	fprintf (stderr, "-N named.conf ");
375 	fprintf (stderr, "\t-N file%s", loptstr (", --named-conf=file\n", ""));
379 	fprintf (stderr, "\t\t The file to sign should be given as an argument (default is \"%s.signed\")\n", conf->zonefile);
384 	fprintf (stderr, "\t-r%s\t reload zone via %s\n", loptstr (", --reload", "\t"), conf->dist_cmd ? conf->dist_cmd: "rndc");
391 	fprintf (stderr, "\tin the dnssec config file (\"%s\") will be parsed\n", conf->zonedir);
398 /**	fill zonelist with infos coming out of named.conf	**/
412 	if ( view[0] != '\0' )	/* view found in named.conf */
428 static	int	parsedir (const char *dir, zone_t **zp, const zconf_t *conf)
439 	zone_readdir (dir, NULL, NULL, zp, conf, dynamic_zone);
455 		parsedir (path, zp, conf);
473 	verbmesg (1, zp->conf, "parsing zone \"%s\" in dir \"%s\"\n", zp->zone, zp->dir);
498 	if ( is_defined (zp->conf->logdomaindir) )	/* parameter is not null or empty ? */
500 		if ( strcmp (zp->conf->logdomaindir, ".") == 0 )	/* current (".") means zone directory */
503 			lg_zone_start (zp->conf->logdomaindir, zp->zone);
508 	newkey = ksk5011status (&zp->keys, zp->dir, zp->zone, zp->conf);
511 		verbmesg (2, zp->conf, "\t\t->not a rfc5011 zone, looking for a regular ksk rollover\n");
521 	newkey += zskstatus (&zp->keys, zp->dir, zp->zone, zp->conf);
524 	pathname (path, sizeof (path), zp->dir, zp->conf->keyfile, NULL);
536 	if ( !newkey && zp->conf->keysetdir && strcmp (zp->conf->keysetdir, "..") == 0 )
560 	else if ( (currtime - zfilesig_time) > zp->conf->resign - (OFFSET) )
562 						str_delspace (age2str (zp->conf->resign)));
567 		verbmesg (1, zp->conf, "\tRe-signing necessary: %s\n", mesg);
569 		verbmesg (1, zp->conf, "\tRe-signing not necessary!\n");
577 	     (currtime - zfilesig_time) > zp->conf->resign - (OFFSET) ||
580 		verbmesg (2, zp->conf, "\tCheck if there is a parent file to copy\n");
581 		if ( zp->conf->keysetdir && strcmp (zp->conf->keysetdir, "..") == 0 )
582 			copy_keyset (zp->dir, zp->zone, zp->conf);	/* copy the parent- file if it exist */
583 		if ( is_defined (zp->conf->logdomaindir) )
592 	pathname (path, sizeof (path), zp->dir, zp->conf->keyfile, NULL);
593 	verbmesg (1, zp->conf, "\tWriting key file \"%s\"\n", path);
594 	if ( !writekeyfile (path, zp->keys, zp->conf->key_ttl) )
601 	use_unixtime = ( zp->conf->serialform == Unixtime );
622 			verbmesg (1, zp->conf, "\tIncrementing serial number in file \"%s\"\n", path);
625 			verbmesg (1, zp->conf, "\tIncrementing serial number in file \"%s\"\n", path);
633 		verbmesg (1, zp->conf, "\tSigning zone \"%s\"\n", zp->zone);
642 			dyn_update_freeze (zp->zone, zp->conf, 1);	/* freeze dynamic zone ! */
648 				verbmesg (1, zp->conf, "\tDynamic Zone signing: Initial signing request: Add DNSKEYs to zonefile\n");
649 				copyfile (zfile, path, zp->conf->keyfile);
654 				verbmesg (1, zp->conf, "\tDynamic Zone signing: zone file manually edited: Use it as new input file\n");
658 			verbmesg (1, zp->conf, "\tDynamic Zone signing: copy old signed zone file %s to new input file %s\n",
663 				copyzonefile (path, zfile, zp->conf->keyfile);
665 				if ( zp->conf->dist_cmd )
682 			dyn_update_freeze (zp->zone, zp->conf, 0);	/* thaw dynamic zone file */
690 		verbmesg (1, zp->conf, "\tSigning completed after %s.\n", tstr);
694 	copy_keyset (zp->dir, zp->zone, zp->conf);
698 		if ( zp->conf->dist_cmd )
701 			reload_zone (zp->zone, zp->conf);
703 		register_key (zp->keys, zp->conf);
706 	if ( is_defined (zp->conf->logdomaindir) )
842 	const	zconf_t	*conf;
848 	conf = zp->conf;
852 	if ( conf->lookaside && conf->lookaside[0] )
853 		len = snprintf (str, sizeof (str), "-l %.250s", conf->lookaside);
857 	if ( !dynamic_zone && conf->serialform == Unixtime )
862 	if ( conf->sig_gends )
871 	if ( conf->sig_dnskeyksk )
876 	if ( conf->sig_pseudo )
880 	if ( conf->sig_param && conf->sig_param[0] )
881 		param = conf->sig_param;
885 	if ( conf->k_algo == DK_ALGO_NSEC3DSA || conf->k_algo == DK_ALGO_NSEC3RSASHA1 ||
886 	     conf->nsec3 != NSEC3_OFF )
898 		if ( conf->nsec3 == NSEC3_OPTOUT )
918 		if ( gensalt (salt, sizeof (salt), conf->saltbits, seed) )
925 	if ( conf->sig_random && conf->sig_random[0] )
926 		snprintf (rparam, sizeof (rparam), "-r %.250s ", conf->sig_random);
930 	if ( conf->keysetdir && conf->keysetdir[0] && strcmp (conf->keysetdir, "..") != 0 )
931 		snprintf (keysetdir, sizeof (keysetdir), "-d %.250s ", conf->keysetdir);
940 			dir, SIGNCMD, param, nsec3param, dnskeyksk, gends, pseudo, rparam, keysetdir, domain, conf->sigvalidity, str, file, file);
944 			dir, SIGNCMD, param, nsec3param, dnskeyksk, gends, pseudo, rparam, keysetdir, domain, conf->sigvalidity, str, file);
945 	verbmesg (2, conf, "\t  Run cmd \"%s\"\n", cmd);
963 	verbmesg (2, conf, "\t  Cmd dnssec-signzone return: \"%s\"\n", str_chop (str, '\n'));
971 static	void	copy_keyset (const char *dir, const char *domain, const zconf_t *conf)
978 	if ( conf->keysetdir && strcmp (conf->keysetdir, "..") == 0 )
985 		/* verbmesg (2, conf, "\t  check \"%s\" against parent dir\n", fromfile); */
989 			verbmesg (2, conf, "\t  copy \"%s\" to parent dir\n", fromfile);

Indexes created Tue Jul 24 14:28:13 CEST 2018