87 	{"named-conf",		required_argument, NULL, 'N'},
99 static	void	usage (char *mesg, zconf_t *conf);
101 static	int	parsedir (const char *dir, zone_t **zp, const zconf_t *conf);
108 static	void	copy_keyset (const char *dir, const char *domain, const zconf_t *conf);
329 			verbmesg (1, zp->conf, "\n");
349 static	void	usage (char *mesg, zconf_t *conf)
360 	fprintf (stderr, "-N named.conf ");
377 	fprintf (stderr, "\t-N file%s", loptstr (", --named-conf=file\n", ""));
381 	fprintf (stderr, "\t\t The file to sign should be given as an argument (default is \"%s.signed\")\n", conf->zonefile);
386 	fprintf (stderr, "\t-r%s\t reload zone via %s\n", loptstr (", --reload", "\t"), conf->dist_cmd ? conf->dist_cmd: "rndc");
393 	fprintf (stderr, "\tin the dnssec config file (\"%s\") will be parsed\n", conf->zonedir);
400 /**	fill zonelist with infos coming out of named.conf	**/
414 	if ( view[0] != '\0' )	/* view found in named.conf */
430 static	int	parsedir (const char *dir, zone_t **zp, const zconf_t *conf)
441 	zone_readdir (dir, NULL, NULL, zp, conf, dynamic_zone);
457 		parsedir (path, zp, conf);
475 	verbmesg (1, zp->conf, "parsing zone \"%s\" in dir \"%s\"\n", zp->zone, zp->dir);
500 	if ( is_defined (zp->conf->logdomaindir) )	/* parameter is not null or empty ? */
502 		if ( strcmp (zp->conf->logdomaindir, ".") == 0 )	/* current (".") means zone directory */
505 			lg_zone_start (zp->conf->logdomaindir, zp->zone);
510 	newkey = ksk5011status (&zp->keys, zp->dir, zp->zone, zp->conf);
513 		verbmesg (2, zp->conf, "\t\t->not a rfc5011 zone, looking for a regular ksk rollover\n");
523 	newkey += zskstatus (&zp->keys, zp->dir, zp->zone, zp->conf);
526 	pathname (path, sizeof (path), zp->dir, zp->conf->keyfile, NULL);
538 	if ( !newkey && zp->conf->keysetdir && strcmp (zp->conf->keysetdir, "..") == 0 )
562 	else if ( (currtime - zfilesig_time) > zp->conf->resign - (OFFSET) )
564 						str_delspace (age2str (zp->conf->resign)));
569 		verbmesg (1, zp->conf, "\tRe-signing necessary: %s\n", mesg);
571 		verbmesg (1, zp->conf, "\tRe-signing not necessary!\n");
579 	     (currtime - zfilesig_time) > zp->conf->resign - (OFFSET) ||
582 		verbmesg (2, zp->conf, "\tCheck if there is a parent file to copy\n");
583 		if ( zp->conf->keysetdir && strcmp (zp->conf->keysetdir, "..") == 0 )
584 			copy_keyset (zp->dir, zp->zone, zp->conf);	/* copy the parent- file if it exist */
585 		if ( is_defined (zp->conf->logdomaindir) )
594 	pathname (path, sizeof (path), zp->dir, zp->conf->keyfile, NULL);
595 	verbmesg (1, zp->conf, "\tWriting key file \"%s\"\n", path);
596 	if ( !writekeyfile (path, zp->keys, zp->conf->key_ttl) )
603 	use_unixtime = ( zp->conf->serialform == Unixtime );
624 			verbmesg (1, zp->conf, "\tIncrementing serial number in file \"%s\"\n", path);
627 			verbmesg (1, zp->conf, "\tIncrementing serial number in file \"%s\"\n", path);
635 		verbmesg (1, zp->conf, "\tSigning zone \"%s\"\n", zp->zone);
644 			dyn_update_freeze (zp->zone, zp->conf, 1);	/* freeze dynamic zone ! */
650 				verbmesg (1, zp->conf, "\tDynamic Zone signing: Initial signing request: Add DNSKEYs to zonefile\n");
651 				copyfile (zfile, path, zp->conf->keyfile);
656 				verbmesg (1, zp->conf, "\tDynamic Zone signing: zone file manually edited: Use it as new input file\n");
660 			verbmesg (1, zp->conf, "\tDynamic Zone signing: copy old signed zone file %s to new input file %s\n",
665 				copyzonefile (path, zfile, zp->conf->keyfile);
667 				if ( zp->conf->dist_cmd )
684 			dyn_update_freeze (zp->zone, zp->conf, 0);	/* thaw dynamic zone file */
692 		verbmesg (1, zp->conf, "\tSigning completed after %s.\n", tstr);
696 	copy_keyset (zp->dir, zp->zone, zp->conf);
700 		if ( zp->conf->dist_cmd )
703 			reload_zone (zp->zone, zp->conf);
705 		register_key (zp->keys, zp->conf);
708 	if ( is_defined (zp->conf->logdomaindir) )
844 	const	zconf_t	*conf;
850 	conf = zp->conf;
854 	if ( conf->lookaside && conf->lookaside[0] )
855 		len = snprintf (str, sizeof (str), "-l %.250s", conf->lookaside);
859 	if ( !dynamic_zone && conf->serialform == Unixtime )
864 	if ( conf->sig_gends )
873 	if ( conf->sig_dnskeyksk )
878 	if ( conf->sig_pseudo )
882 	if ( conf->sig_param && conf->sig_param[0] )
883 		param = conf->sig_param;
887 	if ( conf->k_algo == DK_ALGO_NSEC3DSA || conf->k_algo == DK_ALGO_NSEC3RSASHA1 ||
888 	     conf->nsec3 != NSEC3_OFF )
900 		if ( conf->nsec3 == NSEC3_OPTOUT )
920 		if ( gensalt (salt, sizeof (salt), conf->saltbits, seed) )
927 	if ( conf->sig_random && conf->sig_random[0] )
928 		snprintf (rparam, sizeof (rparam), "-r %.250s ", conf->sig_random);
932 	if ( conf->keysetdir && conf->keysetdir[0] && strcmp (conf->keysetdir, "..") != 0 )
933 		snprintf (keysetdir, sizeof (keysetdir), "-d %.250s ", conf->keysetdir);
942 			dir, SIGNCMD, param, nsec3param, dnskeyksk, gends, pseudo, rparam, keysetdir, domain, conf->sigvalidity, str, file, file);
946 			dir, SIGNCMD, param, nsec3param, dnskeyksk, gends, pseudo, rparam, keysetdir, domain, conf->sigvalidity, str, file);
947 	verbmesg (2, conf, "\t  Run cmd \"%s\"\n", cmd);
965 	verbmesg (2, conf, "\t  Cmd dnssec-signzone return: \"%s\"\n", str_chop (str, '\n'));
973 static	void	copy_keyset (const char *dir, const char *domain, const zconf_t *conf)
980 	if ( conf->keysetdir && strcmp (conf->keysetdir, "..") == 0 )
987 		/* verbmesg (2, conf, "\t  check \"%s\" against parent dir\n", fromfile); */
991 			verbmesg (2, conf, "\t  copy \"%s\" to parent dir\n", fromfile);

Indexes created Fri Jul 05 22:58:02 MDT 2024