55#include " base64.hh"
66#include < boost/foreach.hpp>
77#include < boost/program_options.hpp>
8+ #include < boost/assign/list_of.hpp>
89#include " dnsbackend.hh"
910#include " ueberbackend.hh"
1011#include " arguments.hh"
@@ -656,11 +657,11 @@ void testSpeed(DNSSECKeeper& dk, const string& zone, const string& remote, int c
656657 ;
657658 }
658659 cerr<<" Flushing the pipe, " d_signed <<" signed, " d_queued <<" queued, " d_outstanding <<" outstanding"
659- cerr<<" Net speed: " d_signed / (dt.udiffNoReset ()/1000000.0 ) << " sigs/s\n "
660+ cerr<<" Net speed: " d_signed / (dt.udiffNoReset ()/1000000.0 ) << " sigs/s" <<endl ;
660661 while (signatures = csp.getChunk (true ), !signatures.empty ())
661662 ;
662663 cerr<<" Done, " d_signed <<" signed, " d_queued <<" queued, " d_outstanding <<" outstanding"
663- cerr<<" Net speed: " d_signed / (dt.udiff ()/1000000.0 ) << " sigs/s\n "
664+ cerr<<" Net speed: " d_signed / (dt.udiff ()/1000000.0 ) << " sigs/s" <<endl ;
664665}
665666
666667void verifyCrypto (const string& zone)
@@ -720,7 +721,7 @@ bool disableDNSSECOnZone(DNSSECKeeper& dk, const string& zone)
720721 }
721722
722723 if (!dk.isSecuredZone (zone)) {
723- cerr<<" Zone is not secured\n "
724+ cerr<<" Zone is not secured" <<endl ;
724725 return false ;
725726 }
726727 DNSSECKeeper::keyset_t keyset=dk.getKeys (zone);
@@ -750,7 +751,7 @@ bool showZone(DNSSECKeeper& dk, const std::string& zone)
750751 }
751752
752753 if (!dk.isSecuredZone (zone)) {
753- cerr<<" Zone is not actively secured\n "
754+ cerr<<" Zone is not actively secured" <<endl ;
754755 }
755756 NSEC3PARAMRecordContent ns3pr;
756757 bool narrow;
@@ -766,7 +767,7 @@ bool showZone(DNSSECKeeper& dk, const std::string& zone)
766767 cerr << " Zone uses following TSIG key(s): " boost::join (meta, " ,"
767768 }
768769
769- cout <<" Zone is " isPresigned (zone) ? " " " not " " presigned\n "
770+ cout <<" Zone is " isPresigned (zone) ? " " " not " " presigned" <<endl ;
770771
771772 if (keyset.empty ()) {
772773 cerr << " No keys for zone '" " '."
@@ -863,19 +864,19 @@ bool secureZone(DNSSECKeeper& dk, const std::string& zone)
863864
864865 // run secure-zone with first default algorith, then add keys
865866 if (!dk.secureZone (zone, shorthand2algorithm (k_algos[0 ]), k_size)) {
866- cerr<<" No backend was able to secure '" " ', most likely because no DNSSEC\n "
867- cerr<<" capable backends are loaded, or because the backends have DNSSEC disabled.\n "
868- cerr<<" For the Generic SQL backends, set the 'gsqlite3-dnssec', 'gmysql-dnssec' or\n "
869- cerr<<" 'gpgsql-dnssec' flag. Also make sure the schema has been updated for DNSSEC!\n "
867+ cerr<<" No backend was able to secure '" " ', most likely because no DNSSEC" <<endl ;
868+ cerr<<" capable backends are loaded, or because the backends have DNSSEC disabled." <<endl ;
869+ cerr<<" For the Generic SQL backends, set the 'gsqlite3-dnssec', 'gmysql-dnssec' or" <<endl ;
870+ cerr<<" 'gpgsql-dnssec' flag. Also make sure the schema has been updated for DNSSEC!" <<endl ;
870871 return false ;
871872 }
872873
873874 if (!dk.isSecuredZone (zone)) {
874- cerr<<" Failed to secure zone. Is your backend dnssec enabled? (set \n "
875- cerr<<" gsqlite3-dnssec, or gmysql-dnssec etc). Check this first.\n "
876- cerr<<" If you run with the BIND backend, make sure you have configured\n "
877- cerr<<" it to use DNSSEC with 'bind-dnssec-db=/path/fname' and\n "
878- cerr<<" 'pdnssec create-bind-db /path/fname'!\n "
875+ cerr<<" Failed to secure zone. Is your backend dnssec enabled? (set " <<endl ;
876+ cerr<<" gsqlite3-dnssec, or gmysql-dnssec etc). Check this first." <<endl ;
877+ cerr<<" If you run with the BIND backend, make sure you have configured" <<endl ;
878+ cerr<<" it to use DNSSEC with 'bind-dnssec-db=/path/fname' and" <<endl ;
879+ cerr<<" 'pdnssec create-bind-db /path/fname'!" <<endl ;
879880 return false ;
880881 }
881882
@@ -1027,43 +1028,46 @@ try
10271028 g_verbose = g_vm.count (" verbose"
10281029
10291030 if (cmds.empty () || g_vm.count (" help"
1030- cerr<<" Usage: \n pdnssec [options] <command> [params ..]\n\n "
1031- cerr<<" Commands:\n "
1032- cerr<<" activate-zone-key ZONE KEY-ID Activate the key with key id KEY-ID in ZONE\n "
1033- cerr<<" add-zone-key ZONE zsk|ksk [bits] [active|passive]\n "
1034- cerr<<" [rsasha1|rsasha256|rsasha512|gost|ecdsa256|ecdsa384]\n "
1035- cerr<<" Add a ZSK or KSK to zone and specify algo&bits\n "
1036- cerr<<" check-zone ZONE Check a zone for correctness\n "
1037- cerr<<" check-all-zones Check all zones for correctness\n "
1038- cerr<<" create-bind-db FNAME Create DNSSEC db for BIND backend (bind-dnssec-db)\n "
1039- cerr<<" deactivate-zone-key ZONE KEY-ID Deactivate the key with key id KEY-ID in ZONE\n "
1040- cerr<<" disable-dnssec ZONE Deactivate all keys and unset PRESIGNED in ZONE\n "
1041- cerr<<" export-zone-dnskey ZONE KEY-ID Export to stdout the public DNSKEY described\n "
1042- cerr<<" export-zone-key ZONE KEY-ID Export to stdout the private key described\n "
1043- cerr<<" generate-zone-key zsk|ksk [algorithm] [bits]\n "
1044- cerr<<" Generate a ZSK or KSK to stdout with specified algo&bits\n "
1045- cerr<<" hash-zone-record ZONE RNAME Calculate the NSEC3 hash for RNAME in ZONE\n "
1046- cerr<<" increase-serial ZONE Increases the SOA-serial by 1. Uses SOA-EDIT\n "
1047- cerr<<" import-zone-key ZONE FILE Import from a file a private key, ZSK or KSK\n "
1048- cerr<<" [active|passive][ksk|zsk] Defaults to KSK and active\n "
1049- cerr<<" rectify-zone ZONE [ZONE ..] Fix up DNSSEC fields (order, auth)\n "
1050- cerr<<" rectify-all-zones Rectify all zones.\n "
1051- cerr<<" remove-zone-key ZONE KEY-ID Remove key with KEY-ID from ZONE\n "
1052- cerr<<" secure-zone ZONE [ZONE ..] Add KSK and two ZSKs\n "
1053- cerr<<" set-nsec3 ZONE ['params' [narrow]] Enable NSEC3 with PARAMs. Optionally narrow\n "
1054- cerr<<" set-presigned ZONE Use presigned RRSIGs from storage\n "
1055- cerr<<" show-zone ZONE Show DNSSEC (public) key details about a zone\n "
1056- cerr<<" unset-nsec3 ZONE Switch back to NSEC\n "
1057- cerr<<" unset-presigned ZONE No longer use presigned RRSIGs\n "
1058- cerr<<" test-schema ZONE Test DB schema - will create ZONE\n "
1059- cerr<<" import-tsig-key NAME ALGORITHM KEY Import TSIG key\n "
1060- cerr<<" create-tsig-key NAME ALGORITHM Generate new TSIG key\n "
1061- cerr<<" list-tsig-keys List all TSIG keys\n "
1062- cerr<<" delete-tsig-key NAME Delete TSIG key (warning! will not unmap key!)\n "
1063- cerr<<" enable-tsig-key ZONE NAME [master|slave]\n "
1064- cerr<<" Enable TSIG key for a zone\n "
1065- cerr<<" disable-tsig-key ZONE NAME [master|slave]\n "
1066- cerr<<" Disable TSIG key for a zone\n "
1031+ cerr<<" Usage: \n pdnssec [options] <command> [params ..]\n "
1032+ cerr<<" Commands:"
1033+ cerr<<" activate-zone-key ZONE KEY-ID Activate the key with key id KEY-ID in ZONE"
1034+ cerr<<" add-zone-key ZONE zsk|ksk [bits] [active|passive]"
1035+ cerr<<" [rsasha1|rsasha256|rsasha512|gost|ecdsa256|ecdsa384]"
1036+ cerr<<" Add a ZSK or KSK to zone and specify algo&bits"
1037+ cerr<<" check-zone ZONE Check a zone for correctness"
1038+ cerr<<" check-all-zones Check all zones for correctness"
1039+ cerr<<" create-bind-db FNAME Create DNSSEC db for BIND backend (bind-dnssec-db)"
1040+ cerr<<" create-tsig-key NAME ALGORITHM Generate new TSIG key"
1041+ cerr<<" deactivate-zone-key ZONE KEY-ID Deactivate the key with key id KEY-ID in ZONE"
1042+ cerr<<" delete-tsig-key NAME Delete TSIG key (warning! will not unmap key!)"
1043+ cerr<<" disable-dnssec ZONE Deactivate all keys and unset PRESIGNED in ZONE"
1044+ cerr<<" disable-tsig-key ZONE NAME [master|slave]"
1045+ cerr<<" Disable TSIG key for a zone"
1046+ cerr<<" enable-tsig-key ZONE NAME [master|slave]"
1047+ cerr<<" Enable TSIG key for a zone"
1048+ cerr<<" export-zone-dnskey ZONE KEY-ID Export to stdout the public DNSKEY described"
1049+ cerr<<" export-zone-key ZONE KEY-ID Export to stdout the private key described"
1050+ cerr<<" generate-zone-key zsk|ksk [algorithm] [bits]"
1051+ cerr<<" Generate a ZSK or KSK to stdout with specified algo&bits"
1052+ cerr<<" get-meta ZONE [KIND] Get zone metadata. If no KIND given, lists all"
1053+ cerr<<" hash-zone-record ZONE RNAME Calculate the NSEC3 hash for RNAME in ZONE"
1054+ cerr<<" increase-serial ZONE Increases the SOA-serial by 1. Uses SOA-EDIT"
1055+ cerr<<" import-tsig-key NAME ALGORITHM KEY Import TSIG key"
1056+ cerr<<" import-zone-key ZONE FILE Import from a file a private key, ZSK or KSK"
1057+ cerr<<" [active|passive][ksk|zsk] Defaults to KSK and active"
1058+ cerr<<" list-tsig-keys List all TSIG keys"
1059+ cerr<<" rectify-zone ZONE [ZONE ..] Fix up DNSSEC fields (order, auth)"
1060+ cerr<<" rectify-all-zones Rectify all zones."
1061+ cerr<<" remove-zone-key ZONE KEY-ID Remove key with KEY-ID from ZONE"
1062+ cerr<<" secure-zone ZONE [ZONE ..] Add KSK and two ZSKs"
1063+ cerr<<" set-nsec3 ZONE ['params' [narrow]] Enable NSEC3 with PARAMs. Optionally narrow"
1064+ cerr<<" set-presigned ZONE Use presigned RRSIGs from storage"
1065+ cerr<<" set-meta ZONE KIND value [value ..]"
1066+ cerr<<" Set zone metadata, optionally providing more than one value"
1067+ cerr<<" show-zone ZONE Show DNSSEC (public) key details about a zone"
1068+ cerr<<" unset-nsec3 ZONE Switch back to NSEC"
1069+ cerr<<" unset-presigned ZONE No longer use presigned RRSIGs"
1070+ cerr<<" test-schema ZONE Test DB schema - will create ZONE"
10671071 cerr<<desc<<endl;
10681072 return 0 ;
10691073 }
@@ -1437,7 +1441,7 @@ try
14371441 else if (pdns_iequals (cmds[4 ], " KSK"
14381442 dpk.d_flags = 257 ;
14391443 else {
1440- cerr<<" Unknown key flag '" 4 ]<<" '\n "
1444+ cerr<<" Unknown key flag '" 4 ]<<" '" <<endl ;
14411445 exit (1 );
14421446 }
14431447 }
@@ -1479,7 +1483,7 @@ try
14791483 else if (pdns_iequals (cmds[n], " passive" pdns_iequals (cmds[n], " inactive"
14801484 active = 0 ;
14811485 else {
1482- cerr<<" Unknown key flag '" " '\n "
1486+ cerr<<" Unknown key flag '" " '" <<endl ;
14831487 exit (1 );
14841488 }
14851489 }
@@ -1706,8 +1710,56 @@ try
17061710 return 1 ;
17071711 }
17081712 return 0 ;
1709- }
1710- else {
1713+ } else if (cmds[0 ]==" get-meta"
1714+ UeberBackend B (" default"
1715+ if (cmds.size () < 2 ) {
1716+ cerr << " Syntax: " 0 ] << " zone [kind kind ..]"
1717+ return 1 ;
1718+ }
1719+ string zone = cmds[1 ];
1720+ vector<string> keys;
1721+ DomainInfo di;
1722+
1723+ if (!B.getDomainInfo (zone, di)) {
1724+ cerr << " Invalid zone '" " '"
1725+ return 1 ;
1726+ }
1727+
1728+ if (cmds.size () > 2 ) {
1729+ keys.assign (cmds.begin () + 2 , cmds.end ());
1730+ } else {
1731+ keys = boost::assign::list_of (" ALLOW-AXFR-FROM"
1732+ (" ALLOW-2136-FROM" " TSIG-ALLOW-2136" " TSIG-ALLOW-2136"
1733+ (" SOA-EDIT-2136" " ALSO-NOTIFY" " AXFR-MASTER-TSIG"
1734+ (" LUA-AXFR-SCRIPT" " NSEC3NARROW" " NSEC3PARAM"
1735+ (" PRESIGNED" " SOA-EDIT" " TSIG-ALLOW-AXFR" // NOTE: Add new metas here
1736+
1737+ }
1738+ std::cout << " Metadata for '" " '"
1739+ BOOST_FOREACH (const string kind, keys) {
1740+ vector<string> meta;
1741+ meta.clear ();
1742+ if (B.getDomainMetadata (zone, kind, meta)) {
1743+ cout << kind << " = " boost::join (meta, " , "
1744+ }
1745+ }
1746+ } else if (cmds[0 ]==" set-meta"
1747+ UeberBackend B (" default"
1748+ if (cmds.size () < 3 ) {
1749+ cerr << " Syntax: " 0 ] << " zone kind [value value ..]"
1750+ return 1 ;
1751+ }
1752+ string zone = cmds[1 ];
1753+ string kind = cmds[2 ];
1754+ vector<string> meta (cmds.begin () + 3 , cmds.end ());
1755+
1756+ if (!B.setDomainMetadata (zone, kind, meta)) {
1757+ cerr << " Unable to set meta for '" " '"
1758+ return 1 ;
1759+ } else {
1760+ cout << " Set '" " ' meta " " = " boost::join (meta, " , "
1761+ }
1762+ } else {
17111763 cerr<<" Unknown command '" 0 ] << endl;
17121764 return 1 ;
17131765 }
0 commit comments