0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * Copyright (C) 2009, 2011, 2014, 2016 Internet Systems Consortium, Inc. ("ISC")
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * This Source Code Form is subject to the terms of the Mozilla Public
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * License, v. 2.0. If a copy of the MPL was not distributed with this
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * file, You can obtain one at http://mozilla.org/MPL/2.0/.
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt * ddns-confgen generates configuration files for dynamic DNS. It can
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt * be used as a convenient alternative to writing the ddns.key file
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt * and the corresponding key and update-policy statements in named.conf.
46bc64f4b1a0e84ab0397943453fe83a17baf2c4Evan Huntstatic enum { progmode_keygen, progmode_confgen} progmode;
46bc64f4b1a0e84ab0397943453fe83a17baf2c4Evan Huntisc_boolean_t verbose = ISC_FALSE; /* needed by util.c but not used here */
45d4d69a8d662b6a00e3723c5488af40174a63cbTatuya JINMEI 神明達哉 %s [-a alg] [-k keyname] [-r randomfile] [-q] [-s name | -z zone]\n\
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt -a alg: algorithm (default hmac-sha256)\n\
45d4d69a8d662b6a00e3723c5488af40174a63cbTatuya JINMEI 神明達哉 -k keyname: name of the key as it will be used in named.conf\n\
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt -r randomfile: source of random data (use \"keyboard\" for key timing)\n\
90ca8e224dec4bd9350829989a8fb43e4731801bTatuya JINMEI 神明達哉 -s name: domain name to be updated using the created key\n\
45d4d69a8d662b6a00e3723c5488af40174a63cbTatuya JINMEI 神明達哉 -z zone: name of the zone as it will be used in named.conf\n\
45d4d69a8d662b6a00e3723c5488af40174a63cbTatuya JINMEI 神明達哉 -q: quiet mode: print the key, with no explanatory text\n",
46bc64f4b1a0e84ab0397943453fe83a17baf2c4Evan Hunt %s [-a alg] [-r randomfile] [keyname]\n\
46bc64f4b1a0e84ab0397943453fe83a17baf2c4Evan Hunt -a alg: algorithm (default hmac-sha256)\n\
46bc64f4b1a0e84ab0397943453fe83a17baf2c4Evan Hunt -r randomfile: source of random data (use \"keyboard\" for key timing)\n",
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt result = isc_file_progname(*argv, program, sizeof(program));
46bc64f4b1a0e84ab0397943453fe83a17baf2c4Evan Hunt * Libtool doesn't preserve the program name prior to final
46bc64f4b1a0e84ab0397943453fe83a17baf2c4Evan Hunt * installation. Remove the libtool prefix ("lt-").
46bc64f4b1a0e84ab0397943453fe83a17baf2c4Evan Hunt (strcasecmp(progname, X) == 0 || strcasecmp(progname, X ".exe") == 0)
46bc64f4b1a0e84ab0397943453fe83a17baf2c4Evan Hunt /* Use canonical algorithm name */
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt DO("create memory context", isc_mem_create(0, 0, &mctx));
45d4d69a8d662b6a00e3723c5488af40174a63cbTatuya JINMEI 神明達哉 len = strlen(keyname) + strlen(suffix) + 2;
45d4d69a8d662b6a00e3723c5488af40174a63cbTatuya JINMEI 神明達哉 fatal("failed to allocate memory for keyname");
45d4d69a8d662b6a00e3723c5488af40174a63cbTatuya JINMEI 神明達哉 snprintf(keybuf, len, "%s.%s", keyname, suffix);
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt isc_buffer_init(&key_txtbuffer, &key_txtsecret, sizeof(key_txtsecret));
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt generate_key(mctx, randomfile, alg, keysize, &key_txtbuffer);
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt# To activate this key, place the following in named.conf, and\n\
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt# in a separate keyfile on the system or systems from which nsupdate\n\
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt# will be run:\n");
351b62535d4c4f89883bfdba025999dd32490266Evan Huntkey \"%s\" {\n\
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt algorithm %s;\n\
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt secret \"%.*s\";\n\
45d4d69a8d662b6a00e3723c5488af40174a63cbTatuya JINMEI 神明達哉# Then, in the \"zone\" statement for the zone containing the\n\
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt# name \"%s\", place an \"update-policy\" statement\n\
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt# like this one, adjusted as needed for your preferred permissions:\n\
351b62535d4c4f89883bfdba025999dd32490266Evan Huntupdate-policy {\n\
6493425eaa8d09485bcbf78e4f854b1a35ef71edTatuya JINMEI 神明達哉 grant %s name %s ANY;\n\
45d4d69a8d662b6a00e3723c5488af40174a63cbTatuya JINMEI 神明達哉# Then, in the \"zone\" definition statement for \"%s\",\n\
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt# place an \"update-policy\" statement like this one, adjusted as \n\
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt# needed for your preferred permissions:\n\
351b62535d4c4f89883bfdba025999dd32490266Evan Huntupdate-policy {\n\
45d4d69a8d662b6a00e3723c5488af40174a63cbTatuya JINMEI 神明達哉 grant %s zonesub ANY;\n\
45d4d69a8d662b6a00e3723c5488af40174a63cbTatuya JINMEI 神明達哉# Then, in the \"zone\" statement for each zone you wish to dynamically\n\
45d4d69a8d662b6a00e3723c5488af40174a63cbTatuya JINMEI 神明達哉# update, place an \"update-policy\" statement granting update permission\n\
45d4d69a8d662b6a00e3723c5488af40174a63cbTatuya JINMEI 神明達哉# to this key. For example, the following statement grants this key\n\
45d4d69a8d662b6a00e3723c5488af40174a63cbTatuya JINMEI 神明達哉# permission to update any name within the zone:\n\
45d4d69a8d662b6a00e3723c5488af40174a63cbTatuya JINMEI 神明達哉update-policy {\n\
45d4d69a8d662b6a00e3723c5488af40174a63cbTatuya JINMEI 神明達哉 grant %s zonesub ANY;\n\
45d4d69a8d662b6a00e3723c5488af40174a63cbTatuya JINMEI 神明達哉# After the keyfile has been placed, the following command will\n\
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt# execute nsupdate using this key:\n\
351b62535d4c4f89883bfdba025999dd32490266Evan Huntnsupdate -k <keyfile>\n");