Skip to content

Commit 4af49b8

Browse files
ahupowerdnsahupowerdns
committed
add ability too create an 'active' or inactive key using add-zone-key and import-zone-key, plus silenced some debugging.
Fixes 707. Fixing 707. Whatever.
1 parent fae4167 commit 4af49b8

File tree

1 file changed

+30
-23
lines changed

1 file changed

+30
-23
lines changed

pdns/pdnssec.cc

Lines changed: 30 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -928,7 +928,7 @@ try
928928
cerr<<"Usage: \npdnssec [options] <command> [params ..]\n\n";
929929
cerr<<"Commands:\n";
930930
cerr<<"activate-zone-key ZONE KEY-ID Activate the key with key id KEY-ID in ZONE\n";
931-
cerr<<"add-zone-key ZONE zsk|ksk [bits]\n";
931+
cerr<<"add-zone-key ZONE zsk|ksk [bits] [active|passive]\n";
932932
cerr<<" [rsasha1|rsasha256|rsasha512|gost|ecdsa256|ecdsa384]\n";
933933
cerr<<" Add a ZSK or KSK to zone and specify algo&bits\n";
934934
cerr<<"check-zone ZONE Check a zone for correctness\n";
@@ -943,7 +943,7 @@ try
943943
cerr<<"hash-zone-record ZONE RNAME Calculate the NSEC3 hash for RNAME in ZONE\n";
944944
cerr<<"increase-serial ZONE Increases the SOA-serial by 1. Uses SOA-EDIT\n";
945945
cerr<<"import-zone-key ZONE FILE Import from a file a private key, ZSK or KSK\n";
946-
cerr<<" [ksk|zsk] Defaults to KSK\n";
946+
cerr<<" [active|passive][ksk|zsk] Defaults to KSK and active\n";
947947
cerr<<"rectify-zone ZONE [ZONE ..] Fix up DNSSEC fields (order, auth)\n";
948948
cerr<<"rectify-all-zones Rectify all zones.\n";
949949
cerr<<"remove-zone-key ZONE KEY-ID Remove key with KEY-ID from ZONE\n";
@@ -1131,24 +1131,29 @@ try
11311131
int tmp_algo=0;
11321132
int bits=0;
11331133
int algorithm=8;
1134+
bool active=false;
11341135
for(unsigned int n=2; n < cmds.size(); ++n) {
11351136
if(pdns_iequals(cmds[n], "zsk"))
11361137
keyOrZone = false;
11371138
else if(pdns_iequals(cmds[n], "ksk"))
11381139
keyOrZone = true;
11391140
else if((tmp_algo = shorthand2algorithm(cmds[n]))>0) {
11401141
algorithm = tmp_algo;
1141-
} else if(atoi(cmds[n].c_str()))
1142+
} else if(pdns_iequals(cmds[n], "active")) {
1143+
active=true;
1144+
} else if(pdns_iequals(cmds[n], "inactive") || pdns_iequals(cmds[n], "passive")) {
1145+
active=false;
1146+
} else if(atoi(cmds[n].c_str())) {
11421147
bits = atoi(cmds[n].c_str());
1143-
else {
1148+
} else {
11441149
cerr<<"Unknown algorithm, key flag or size '"<<cmds[n]<<"'"<<endl;
11451150
return 0;
11461151
}
11471152
}
1148-
cerr<<"Adding a " << (keyOrZone ? "KSK" : "ZSK")<<" with algorithm = "<<algorithm<<endl;
1153+
cerr<<"Adding a " << (keyOrZone ? "KSK" : "ZSK")<<" with algorithm = "<<algorithm<<", active="<<active<<endl;
11491154
if(bits)
11501155
cerr<<"Requesting specific key size of "<<bits<<" bits"<<endl;
1151-
dk.addKey(zone, keyOrZone, algorithm, bits, false);
1156+
dk.addKey(zone, keyOrZone, algorithm, bits, active);
11521157
}
11531158
else if(cmds[0] == "remove-zone-key") {
11541159
if(cmds.size() < 3) {
@@ -1272,7 +1277,7 @@ try
12721277
}
12731278
else if(cmds[0]=="import-zone-key-pem") {
12741279
if(cmds.size() < 4) {
1275-
cerr<<"Syntax: pdnssec import-zone-key ZONE FILE algorithm [ksk|zsk]"<<endl;
1280+
cerr<<"Syntax: pdnssec import-zone-key-pem ZONE FILE algorithm [ksk|zsk]"<<endl;
12761281
exit(1);
12771282
}
12781283
string zone=cmds[1];
@@ -1317,7 +1322,7 @@ try
13171322
}
13181323
else if(cmds[0]=="import-zone-key") {
13191324
if(cmds.size() < 3) {
1320-
cerr<<"Syntax: pdnssec import-zone-key ZONE FILE [ksk|zsk]"<<endl;
1325+
cerr<<"Syntax: pdnssec import-zone-key ZONE FILE [ksk|zsk] [active|passive]"<<endl;
13211326
exit(1);
13221327
}
13231328
string zone=cmds[1];
@@ -1330,23 +1335,25 @@ try
13301335

13311336
if(dpk.d_algorithm == 7)
13321337
dpk.d_algorithm = 5;
1333-
1334-
cerr<<(int)dpk.d_algorithm<<endl;
13351338

1336-
if(cmds.size() > 3) {
1337-
if(pdns_iequals(cmds[3], "ZSK"))
1338-
dpk.d_flags = 256;
1339-
else if(pdns_iequals(cmds[3], "KSK"))
1340-
dpk.d_flags = 257;
1341-
else {
1342-
cerr<<"Unknown key flag '"<<cmds[3]<<"'\n";
1343-
exit(1);
1344-
}
1339+
dpk.d_flags = 257;
1340+
bool active=false;
1341+
1342+
for(unsigned int n = 3; n < cmds.size(); ++n) {
1343+
if(pdns_iequals(cmds[n], "ZSK"))
1344+
dpk.d_flags = 256;
1345+
else if(pdns_iequals(cmds[n], "KSK"))
1346+
dpk.d_flags = 257;
1347+
else if(pdns_iequals(cmds[n], "active"))
1348+
active = 1;
1349+
else if(pdns_iequals(cmds[n], "passive") || pdns_iequals(cmds[n], "inactive"))
1350+
active = 0;
1351+
else {
1352+
cerr<<"Unknown key flag '"<<cmds[n]<<"'\n";
1353+
exit(1);
1354+
}
13451355
}
1346-
else
1347-
dpk.d_flags = 257;
1348-
1349-
dk.addKey(zone, dpk);
1356+
dk.addKey(zone, dpk, active);
13501357
}
13511358
else if(cmds[0]=="export-zone-dnskey") {
13521359
if(cmds.size() < 3) {

0 commit comments

Comments
 (0)