--- /dev/null
+#!/bin/bash
+
+set -e
+set -u
+
+BASE_NAME="$( basename ${0} )"
+MY_REAL_NAME=$( readlink -f $0 )
+
+
+if [[ -f /usr/libexec/pixelpark/functions.rc ]] ; then
+ . /usr/libexec/pixelpark/functions.rc
+else
+ echo "Did not found /usr/libexec/pixelpark/functions.rc." >&2
+ exit 5
+fi
+
+declare -a ZONES=()
+
+PDNSUTIL_RV=
+
+detect_color
+
+set_locale "en_US.utf8"
+
+DESCRIPTION=$( cat <<-EOF
+ Enable DNSSEC for the given zones.
+
+ EOF
+)
+
+#------------------------------------------------------------------------------
+usage() {
+ cat <<-EOF
+ Usage: ${BASE_NAME} [Common Options] <ZONE> [<ZONE> ...]
+ ${BASE_NAME} [-h|--help]
+ ${BASE_NAME} [-V|--version]
+
+ Mandatory Parameter(s):
+ ZONE: The name of the zone to enable DNSSEC.
+
+ Common Options:
+ ${STD_USAGE_MSG}
+ EOF
+
+}
+
+#------------------------------------------------------------------------------
+get_options() {
+
+ local tmp=
+ local base_dir=
+
+ set +e
+ tmp=$( getopt -o ${STD_SHORT_OPTIONS} \
+ --long ${STD_LONG_OPTIONS} \
+ -n "${BASE_NAME}" -- "$@" )
+ if [[ $? != 0 ]] ; then
+ echo "" >&2
+ usage >&2
+ exit 1
+ fi
+ set -e
+
+ # Note the quotes around `$TEMP': they are essential!
+ eval set -- "${tmp}"
+ eval_common_options "$@"
+ if [[ "${DEBUG}" == 'y' ]] ; then
+ declare -p REMAINING_OPTS
+ declare -p REMAINING_ARGS
+ fi
+
+ if [[ "${#REMAINING_OPTS[@]}" -gt 0 ]] ; then
+ error "Unknown options: ${REMAINING_OPTS[*]}"
+ echo >&2
+ usage >&2
+ exit 2
+ fi
+
+ if [[ "${#REMAINING_ARGS[@]}" == "0" ]] ; then
+ error "No zones given to enable DNSSEC."
+ echo >&2
+ usage >&2
+ exit 2
+ fi
+
+ local i=0
+ local zone=
+ for zone in "${REMAINING_ARGS[@]}" ; do
+ if [[ "$i" == 0 ]]; then
+ i=1
+ continue
+ fi
+ ZONES+=(${zone})
+ i=$(( $i + 1 ))
+ done
+
+ if [[ "${DEBUG}" == 'y' ]] ; then
+ declare -p ZONES
+ fi
+
+ check_for_root
+
+ if ! type -p pdnsutil >/dev/null ; then
+ error "Command '${RED}pdnsutil${NORMAL}' not found!"
+ exit 7
+ fi
+
+}
+
+#------------------------------------------------------------------------------
+force_exec_pdnsutil() {
+
+ local cmd="pdnsutil $*"
+
+ debug "Executing: ${cmd}" >&2
+
+ eval ${cmd}
+
+}
+
+#------------------------------------------------------------------------------
+exec_pdnsutil() {
+
+ local cmd="pdnsutil $*"
+
+ if [[ "${SIMULATE}" == "y" ]] ; then
+ info "Simulate executing: ${cmd}" >&2
+ else
+ force_exec_pdnsutil "$@"
+ fi
+
+}
+
+#------------------------------------------------------------------------------
+get_zone_info() {
+
+ local zone="$1"
+
+ info "Get zone info for zone '${CYAN}${zone}${NORMAL}' ..." >&2
+ force_exec_pdnsutil show-zone "\"${zone}\""
+
+}
+
+#------------------------------------------------------------------------------
+enable_dnssec() {
+
+ local zone="$1"
+ local rv=
+ local zone_info=
+ local has_dnssec="n"
+ local cmd=
+ local salt=
+ local nsec_params=
+ local api_rectify=
+
+ empty_line
+ line '-' 40
+ set +e
+ zone_info=$( get_zone_info "${zone}" )
+ rv="$?"
+ set -e
+ if [[ "${rv}" != "0" ]] ; then
+ warn "${YELLOW}${rv}${NORMAL}: Zone '${YELLOW}${zone}${NORMAL}' seems not to exists."
+ return 0
+ fi
+
+ info "Checking zone '${CYAN}${zone}${NORMAL}' ..."
+ set +e
+ force_exec_pdnsutil check-zone "\"${zone}\""
+ rv="$?"
+ set -e
+ if [[ "${rv}" != "0" ]] ; then
+ warn "${YELLOW}${rv}${NORMAL}: Zone '${YELLOW}${zone}${NORMAL}' ${CYAN}has to be rectified${NORMAL}."
+ return 0
+ fi
+
+ if echo "${zone_info}" | grep -q -P '^keys:\s*$' ; then
+ has_dnssec="y"
+ fi
+ if [[ "${has_dnssec}" == "y" ]] ; then
+ info "Zone '${CYAN}${zone}${NORMAL}' has already DNSSEC keys."
+ else
+ info "Securing zone '${CYAN}${zone}${NORMAL}' ..."
+ exec_pdnsutil secure-zone "\"${zone}\""
+ sleep 0.5
+ fi
+
+ nsec_params=$( force_exec_pdnsutil get-meta "\"${zone}\"" NSEC3PARAM | \
+ grep 'NSEC3PARAM' | \
+ sed -e 's/^[ ]*NSEC3PARAM[ ]*=[ ]*//' -e 's/[ ]*$//' )
+ if [[ -n "${nsec_params}" ]] ; then
+ info "${CYAN}NSEC3 parameters${NORMAL} '${GREEN}${nsec_params}${NORMAL}' are already set for zone '${CYAN}${zone}${NORMAL}'."
+ else
+ salt=$( printf "%0x" $(( RANDOM + 100 )) | sed -e 's/^\(..\).*/\1/' )
+ nsec_params="1 0 0 ${salt}"
+ info "Setting ${CYAN}NSEC3 parameters${NORMAL} '${GREEN}${nsec_params}${NORMAL}' for zone '${CYAN}${zone}${NORMAL}' ..."
+ exec_pdnsutil set-nsec3 "\"${zone}\"" "'${nsec_params}'"
+ sleep 0.3
+ fi
+
+ api_rectify=$( force_exec_pdnsutil get-meta "\"${zone}\"" API-RECTIFY | \
+ grep 'API-RECTIFY' | \
+ sed -e 's/^[ ]*API-RECTIFY[ *=[ ]*//' -e 's/[ ]*$//' )
+ if [[ "${api_rectify}" == "1" ]] ; then
+ info "${CYAN}API-rectify${NORMAL} is already enabled for zone '${CYAN}${zone}${NORMAL}'."
+ else
+ info "Enabling ${CYAN}API-rectify${NORMAL} for zone '${CYAN}${zone}${NORMAL}' ..."
+ exec_pdnsutil set-meta "\"${zone}\"" API-RECTIFY 1
+ sleep 0.2
+ fi
+
+}
+
+#------------------------------------------------------------------------------
+main() {
+
+ get_options "$@"
+
+ local zone=
+ local i=0
+
+ for zone in "${ZONES[@]}" ; do
+
+ if [[ "$i" -gt "0" ]] ; then
+ sleep 1
+ fi
+ i=$(( i + 1 ))
+ enable_dnssec "${zone}"
+
+ done
+
+}
+
+main "$@"
+
+exit 0
+
+# vim: tabstop=4 expandtab shiftwidth=4 softtabstop=4 list
projects / pixelpark / pp-admin-tools.git / commitdiff