diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2014-04-14 17:19:11 +0300 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2014-04-14 17:19:11 +0300 |
commit | d430fb041a224347f07ae1dd65f317aa9c6f4d9b (patch) | |
tree | 6c9d75405cd0a1f05354e61c16cc9adcd105ded7 /vhostcname/vhostcname | |
parent | d34e5a25afa0d4e5aad8ac2651d45335889a655d (diff) | |
download | dnstools-d430fb041a224347f07ae1dd65f317aa9c6f4d9b.tar.gz dnstools-d430fb041a224347f07ae1dd65f317aa9c6f4d9b.tar.bz2 |
vhostcname: accept TSIG key
* vhostcname/vhostcname ($nskey): Remove.
(@tsig_args): New global.
Change --ns-key option to accept the key in form NAME=KEY.
New option --ns-key-file to specify the keyfile.
(ns_update): Fix arguments to sign_tsig.
Diffstat (limited to 'vhostcname/vhostcname')
-rwxr-xr-x | vhostcname/vhostcname | 33 |
1 files changed, 26 insertions, 7 deletions
diff --git a/vhostcname/vhostcname b/vhostcname/vhostcname index 9fcd69c..d8f76ed 100755 --- a/vhostcname/vhostcname +++ b/vhostcname/vhostcname @@ -30,7 +30,8 @@ my $cnamelist = "/var/run/vhostcname.cache"; my $host; # This host name. my @zone; # List of acceptable DNS zones. my $nameserver; # Nameserver to use for updates. -my $nskey; # Path to the DNSSEC key file. +my @tsig_args; # Arguments to sing_tsig (path to the DNSSEC key file, or + # the key name and hash. my $ttl = 3600; # Default TTL. my $confdir; # Apache configuration directory. my $confpat = "*"; # A globbing pattern for Apache configuration files. @@ -73,7 +74,7 @@ sub read_config_file($) { unshift(@ARGV, "--$_"); } close($fd); - } +} sub get_cnames($) { my $dir = shift; @@ -159,7 +160,7 @@ sub ns_update { $update->push($k => $v); } } - $update->sign_tsig($nskey) if defined($nskey); + $update->sign_tsig(@tsig_args) if ($#tsig_args >= 0); my $reply = $resolver->send($update); if ($reply) { if ($reply->header->rcode eq 'NOERROR') { @@ -274,7 +275,19 @@ GetOptions("help" => \$man, "hostname|H=s" => \$host, "apache-config-pattern=s" => \$confpat, "apache-config-directory=s" => \$confdir, - "ns-key=s" => \$nskey, + "ns-key-file=s" => sub { + abend(3, "NS key already set") if ($#tsig_args >= 0); + push @tsig_args, $_[1]; + }, + "ns-key=s" => sub { + abend(3, "NS key already set") if ($#tsig_args >= 0); + if ($_[1] =~ /(.+?)=(.+)/) { + push @tsig_args, $1; + push @tsig_args, $2; + } else { + abend(3, "argument to --ns-key must be NAME=KEY"); + } + }, "cname-file=s" => \$cnamelist, "zone|z=s@" => \@zone, "ttl=i" => \$ttl, @@ -468,12 +481,18 @@ Displays a short help summary and exits. Sets the hostname. Use this if B<vhostcname> is unable to correctly determine it. -=item B<--ns-key=>I<KEYFILE> +=item B<--ns-key=>I<NAME>=I<KEY> + +Define the TSIG key. + +=item B<--ns-key-file=>I<KEYFILE> Name of the key file. The argument should be the name of a file generated by the B<dnssec-keygen> utility. Either B<.key> or B<.private> -file can be used. - +file can be used. + +This option cannot be used together with B<--ns-key-file>. + =item B<--server=>I<NAME> Name of the DNS server to use. Normally B<vhostcname> determines what server |