summaryrefslogtreecommitdiffabout
authorSergey Poznyakoff <gray@gnu.org.ua>2014-04-14 14:19:11 (GMT)
committer Sergey Poznyakoff <gray@gnu.org.ua>2014-04-14 14:19:11 (GMT)
commitd430fb041a224347f07ae1dd65f317aa9c6f4d9b (patch) (side-by-side diff)
tree6c9d75405cd0a1f05354e61c16cc9adcd105ded7
parentd34e5a25afa0d4e5aad8ac2651d45335889a655d (diff)
downloaddnstools-d430fb041a224347f07ae1dd65f317aa9c6f4d9b.tar.gz
dnstools-d430fb041a224347f07ae1dd65f317aa9c6f4d9b.tar.bz2
vhostcname: accept TSIG key
* vhostcname/vhostcname ($nskey): Remove. (@tsig_args): New global. Change --ns-key option to accept the key in form NAME=KEY. New option --ns-key-file to specify the keyfile. (ns_update): Fix arguments to sign_tsig.
Diffstat (more/less context) (ignore whitespace changes)
-rwxr-xr-xvhostcname/vhostcname33
1 files changed, 26 insertions, 7 deletions
diff --git a/vhostcname/vhostcname b/vhostcname/vhostcname
index 9fcd69c..d8f76ed 100755
--- a/vhostcname/vhostcname
+++ b/vhostcname/vhostcname
@@ -30,7 +30,8 @@ my $cnamelist = "/var/run/vhostcname.cache";
my $host; # This host name.
my @zone; # List of acceptable DNS zones.
my $nameserver; # Nameserver to use for updates.
-my $nskey; # Path to the DNSSEC key file.
+my @tsig_args; # Arguments to sing_tsig (path to the DNSSEC key file, or
+ # the key name and hash.
my $ttl = 3600; # Default TTL.
my $confdir; # Apache configuration directory.
my $confpat = "*"; # A globbing pattern for Apache configuration files.
@@ -73,7 +74,7 @@ sub read_config_file($) {
unshift(@ARGV, "--$_");
}
close($fd);
- }
+}
sub get_cnames($) {
my $dir = shift;
@@ -159,7 +160,7 @@ sub ns_update {
$update->push($k => $v);
}
}
- $update->sign_tsig($nskey) if defined($nskey);
+ $update->sign_tsig(@tsig_args) if ($#tsig_args >= 0);
my $reply = $resolver->send($update);
if ($reply) {
if ($reply->header->rcode eq 'NOERROR') {
@@ -274,7 +275,19 @@ GetOptions("help" => \$man,
"hostname|H=s" => \$host,
"apache-config-pattern=s" => \$confpat,
"apache-config-directory=s" => \$confdir,
- "ns-key=s" => \$nskey,
+ "ns-key-file=s" => sub {
+ abend(3, "NS key already set") if ($#tsig_args >= 0);
+ push @tsig_args, $_[1];
+ },
+ "ns-key=s" => sub {
+ abend(3, "NS key already set") if ($#tsig_args >= 0);
+ if ($_[1] =~ /(.+?)=(.+)/) {
+ push @tsig_args, $1;
+ push @tsig_args, $2;
+ } else {
+ abend(3, "argument to --ns-key must be NAME=KEY");
+ }
+ },
"cname-file=s" => \$cnamelist,
"zone|z=s@" => \@zone,
"ttl=i" => \$ttl,
@@ -468,12 +481,18 @@ Displays a short help summary and exits.
Sets the hostname. Use this if B<vhostcname> is unable to correctly
determine it.
-=item B<--ns-key=>I<KEYFILE>
+=item B<--ns-key=>I<NAME>=I<KEY>
+
+Define the TSIG key.
+
+=item B<--ns-key-file=>I<KEYFILE>
Name of the key file. The argument should be the name of a file
generated by the B<dnssec-keygen> utility. Either B<.key> or B<.private>
-file can be used.
-
+file can be used.
+
+This option cannot be used together with B<--ns-key-file>.
+
=item B<--server=>I<NAME>
Name of the DNS server to use. Normally B<vhostcname> determines what server

Return to:

Send suggestions and report system problems to the System administrator.