/*
* Copyright (C) 2009, 2011, 2014, 2016 Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
/*! \file */
/**
* ddns-confgen generates configuration files for dynamic DNS. It can
* be used as a convenient alternative to writing the ddns.key file
* and the corresponding key and update-policy statements in named.conf.
*/
#include <config.h>
#include <stdlib.h>
#include <stdarg.h>
#include <isc/assertions.h>
#include <isc/commandline.h>
#include <isc/keyboard.h>
#ifdef PKCS11CRYPTO
#endif
#include <dns/keyvalues.h>
#include "util.h"
#include "keygen.h"
const char *progname;
ISC_PLATFORM_NORETURN_PRE static void
static void
if (progmode == progmode_confgen) {
Usage:\n\
%s [-a alg] [-k keyname] [-r randomfile] [-q] [-s name | -z zone]\n\
-a alg: algorithm (default hmac-sha256)\n\
-k keyname: name of the key as it will be used in named.conf\n\
-r randomfile: source of random data (use \"keyboard\" for key timing)\n\
-s name: domain name to be updated using the created key\n\
-z zone: name of the zone as it will be used in named.conf\n\
-q: quiet mode: print the key, with no explanatory text\n",
progname);
} else {
Usage:\n\
%s [-a alg] [-r randomfile] [keyname]\n\
-a alg: algorithm (default hmac-sha256)\n\
-r randomfile: source of random data (use \"keyboard\" for key timing)\n",
progname);
}
}
int
const char *algname;
int len = 0;
int ch;
#ifdef PKCS11CRYPTO
#endif
if (result != ISC_R_SUCCESS)
/*
* Libtool doesn't preserve the program name prior to final
* installation. Remove the libtool prefix ("lt-").
*/
progname += 3;
#define PROGCMP(X) \
if (PROGCMP("tsig-keygen")) {
} else if (PROGCMP("ddns-confgen"))
else
INSIST(0);
"a:hk:Mmr:qs:y:z:")) != -1) {
switch (ch) {
case 'a':
if (alg == DST_ALG_UNKNOWN)
break;
case 'h':
usage(0);
case 'k':
case 'y':
if (progmode == progmode_confgen)
else
usage(1);
break;
case 'M':
break;
case 'm':
break;
case 'q':
if (progmode == progmode_confgen)
else
usage(1);
break;
case 'r':
break;
case 's':
if (progmode == progmode_confgen)
else
usage(1);
break;
case 'z':
if (progmode == progmode_confgen)
else
usage(1);
break;
case '?':
if (isc_commandline_option != '?') {
usage(1);
} else
usage(0);
break;
default:
exit(1);
}
}
if (progmode == progmode_keygen)
if (argc > isc_commandline_index)
usage(1);
/* Use canonical algorithm name */
: CONFGEN_DEFAULT);
if (self_domain != NULL)
fatal("failed to allocate memory for keyname");
}
}
if (!quiet)
printf("\
# To activate this key, place the following in named.conf, and\n\
# in a separate keyfile on the system or systems from which nsupdate\n\
# will be run:\n");
printf("\
key \"%s\" {\n\
algorithm %s;\n\
secret \"%.*s\";\n\
};\n",
(int)isc_buffer_usedlength(&key_txtbuffer),
(char *)isc_buffer_base(&key_txtbuffer));
if (!quiet) {
if (self_domain != NULL) {
printf("\n\
# Then, in the \"zone\" statement for the zone containing the\n\
# name \"%s\", place an \"update-policy\" statement\n\
# like this one, adjusted as needed for your preferred permissions:\n\
update-policy {\n\
grant %s name %s ANY;\n\
};\n",
printf("\n\
# Then, in the \"zone\" definition statement for \"%s\",\n\
# place an \"update-policy\" statement like this one, adjusted as \n\
# needed for your preferred permissions:\n\
update-policy {\n\
grant %s zonesub ANY;\n\
};\n",
} else {
printf("\n\
# Then, in the \"zone\" statement for each zone you wish to dynamically\n\
# update, place an \"update-policy\" statement granting update permission\n\
# to this key. For example, the following statement grants this key\n\
# permission to update any name within the zone:\n\
update-policy {\n\
grant %s zonesub ANY;\n\
};\n",
keyname);
}
printf("\n\
# After the keyfile has been placed, the following command will\n\
# execute nsupdate using this key:\n\
nsupdate -k <keyfile>\n");
}
if (show_final_mem)
return (0);
}