diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2014-04-14 17:19:11 +0300 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2014-04-14 17:19:11 +0300 |
commit | d430fb041a224347f07ae1dd65f317aa9c6f4d9b (patch) | |
tree | 6c9d75405cd0a1f05354e61c16cc9adcd105ded7 | |
parent | d34e5a25afa0d4e5aad8ac2651d45335889a655d (diff) | |
download | dnstools-d430fb041a224347f07ae1dd65f317aa9c6f4d9b.tar.gz dnstools-d430fb041a224347f07ae1dd65f317aa9c6f4d9b.tar.bz2 |
vhostcname: accept TSIG key
* vhostcname/vhostcname ($nskey): Remove.
(@tsig_args): New global.
Change --ns-key option to accept the key in form NAME=KEY.
New option --ns-key-file to specify the keyfile.
(ns_update): Fix arguments to sign_tsig.
-rwxr-xr-x | vhostcname/vhostcname | 33 |
1 files changed, 26 insertions, 7 deletions
diff --git a/vhostcname/vhostcname b/vhostcname/vhostcname index 9fcd69c..d8f76ed 100755 --- a/vhostcname/vhostcname +++ b/vhostcname/vhostcname @@ -27,13 +27,14 @@ my $script; # This script name; my $config_file = "/etc/vhostcname.conf"; my $cnamelist = "/var/run/vhostcname.cache"; my $host; # This host name. my @zone; # List of acceptable DNS zones. my $nameserver; # Nameserver to use for updates. -my $nskey; # Path to the DNSSEC key file. +my @tsig_args; # Arguments to sing_tsig (path to the DNSSEC key file, or + # the key name and hash. my $ttl = 3600; # Default TTL. my $confdir; # Apache configuration directory. my $confpat = "*"; # A globbing pattern for Apache configuration files. my $dry_run; # Dry-run mode. my $debug; # Debug level. @@ -70,13 +71,13 @@ sub read_config_file($) { s/\s+=\s+/=/; s/#.*//; next if ($_ eq ""); unshift(@ARGV, "--$_"); } close($fd); - } +} sub get_cnames($) { my $dir = shift; my %ret; foreach my $file (glob "$dir/$confpat") { @@ -156,13 +157,13 @@ sub ns_update { if ($k eq 'ignore') { $ignorerr{$v} = 1; } else { $update->push($k => $v); } } - $update->sign_tsig($nskey) if defined($nskey); + $update->sign_tsig(@tsig_args) if ($#tsig_args >= 0); my $reply = $resolver->send($update); if ($reply) { if ($reply->header->rcode eq 'NOERROR') { print STDERR "$script: update successful\n" if ($debug>3); } elsif ($ignorerr{$reply->header->rcode}) { print STDERR "$script: ignoring " . $reply->header->rcode . ': ' . @@ -271,13 +272,25 @@ GetOptions("help" => \$man, "h" => \$help, "debug|d+" => \$debug, "dry-run|n" => \$dry_run, "hostname|H=s" => \$host, "apache-config-pattern=s" => \$confpat, "apache-config-directory=s" => \$confdir, - "ns-key=s" => \$nskey, + "ns-key-file=s" => sub { + abend(3, "NS key already set") if ($#tsig_args >= 0); + push @tsig_args, $_[1]; + }, + "ns-key=s" => sub { + abend(3, "NS key already set") if ($#tsig_args >= 0); + if ($_[1] =~ /(.+?)=(.+)/) { + push @tsig_args, $1; + push @tsig_args, $2; + } else { + abend(3, "argument to --ns-key must be NAME=KEY"); + } + }, "cname-file=s" => \$cnamelist, "zone|z=s@" => \@zone, "ttl=i" => \$ttl, "server=s" => \$nameserver, ) or exit(3); @@ -465,18 +478,24 @@ Displays a short help summary and exits. =item B<-H>, B<--hostname>=I<NAME> Sets the hostname. Use this if B<vhostcname> is unable to correctly determine it. -=item B<--ns-key=>I<KEYFILE> +=item B<--ns-key=>I<NAME>=I<KEY> + +Define the TSIG key. + +=item B<--ns-key-file=>I<KEYFILE> Name of the key file. The argument should be the name of a file generated by the B<dnssec-keygen> utility. Either B<.key> or B<.private> -file can be used. - +file can be used. + +This option cannot be used together with B<--ns-key-file>. + =item B<--server=>I<NAME> Name of the DNS server to use. Normally B<vhostcname> determines what server to use based on the B<SOA> record of the zone to be updated, so this option is rarely needed. |