From: Bert Hubert Date: Tue, 21 Dec 2010 20:49:33 +0000 (+0000) Subject: move to keys with ids in addition to tags, so we can refer to keys in an unambiguous... X-Git-Tag: auth-3.0~492 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0f954478c556d27113e50641cbfe6af0e6d19842;p=pdns move to keys with ids in addition to tags, so we can refer to keys in an unambiguous fashion. WILL BREAK YOUR PDNSSEC INSTALL! Prefix 000001 .. 000002 to the filenames containing your keys pls. git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1755 d19b8d6e-7fed-0310-83ef-9ca221ded41b --- diff --git a/pdns/dnsseckeeper.cc b/pdns/dnsseckeeper.cc index 7a6aa935b..7f2d43a51 100644 --- a/pdns/dnsseckeeper.cc +++ b/pdns/dnsseckeeper.cc @@ -96,6 +96,26 @@ bool DNSSECKeeper::haveKSKFor(const std::string& zone, DNSSECPrivateKey* dpk) return false; } +unsigned int DNSSECKeeper::getNextKeyIDFromDir(const std::string& dirname) +{ + fs::path full_path = fs::system_complete( fs::path(dirname)); + + if ( !fs::exists( full_path ) ) + unixDie("Unable to get next free key id from '"+dirname+"'"); + + fs::directory_iterator end_iter; + unsigned int maxID=0; + for ( fs::directory_iterator dir_itr( full_path ); + dir_itr != end_iter; + ++dir_itr ) + { + if(ends_with(dir_itr->leaf(),".isc")) { + maxID = max(maxID, (unsigned int)atoi(dir_itr->leaf().c_str())); + } + } + return maxID+1; +} + void DNSSECKeeper::addZSKFor(const std::string& name, int algorithm, bool active) { DNSSECPrivateKey dpk; @@ -106,14 +126,13 @@ void DNSSECKeeper::addZSKFor(const std::string& name, int algorithm, bool active drc.d_flags = 256; // KSK drc.d_algorithm = algorithm; string iscName=d_dirname+"/"+name+"/zsks/"; + unsigned int id = getNextKeyIDFromDir(iscName); time_t inception=time(0); - - struct tm ts; gmtime_r(&inception, &ts); - iscName += (boost::format("%04d%02d%02d%02d%02d") + iscName += (boost::format("%06d-%04d%02d%02d%02d%02d") % id % (1900+ts.tm_year) % (ts.tm_mon + 1) % ts.tm_mday % ts.tm_hour % ts.tm_min).str(); @@ -131,14 +150,12 @@ void DNSSECKeeper::addZSKFor(const std::string& name, int algorithm, bool active } -/* -bool zskSortByDates(const DNSSECKeeper::zskset_t::value_type& a, const DNSSECKeeper::zskset_t::value_type& b) + +static bool zskCompareByID(const DNSSECKeeper::zskset_t::value_type& a, const DNSSECKeeper::zskset_t::value_type& b) { - return - tie(a.second.beginValidity, a.second.endValidity) < - tie(b.second.beginValidity, b.second.endValidity); + return a.second.id < b.second.id; } -* */ + void DNSSECKeeper::deleteZSKFor(const std::string& zname, const std::string& fname) { unlink((d_dirname +"/"+ zname +"/zsks/"+fname).c_str()); @@ -216,7 +233,9 @@ DNSSECKeeper::zskset_t DNSSECKeeper::getZSKsFor(const std::string& zone, bool al memset(&ts1, 0, sizeof(ts1)); memset(&ts2, 0, sizeof(ts2)); - sscanf(dir_itr->leaf().c_str(), "%04d%02d%02d%02d%02d", + unsigned int id; + sscanf(dir_itr->leaf().c_str(), "%06u-%04d%02d%02d%02d%02d", + &id, &ts1.tm_year, &ts1.tm_mon, &ts1.tm_mday, &ts1.tm_hour, &ts1.tm_min); @@ -227,12 +246,12 @@ DNSSECKeeper::zskset_t DNSSECKeeper::getZSKsFor(const std::string& zone, bool al KeyMetaData kmd; - + kmd.id = id; kmd.fname = dir_itr->leaf(); kmd.active = kmd.fname.find(".active") != string::npos; zskset.push_back(make_pair(dpk, kmd)); } - // sort(zskset.begin(), zskset.end(), zskSortByDates); + sort(zskset.begin(), zskset.end(), zskCompareByID); } return zskset; @@ -251,19 +270,22 @@ void DNSSECKeeper::secureZone(const std::string& name, int algorithm) if(mkdir((d_dirname+"/"+name+"/zsks").c_str(), 0700) < 0) unixDie("Making directory for keys in '"+d_dirname+"'"); + // now add the KSK + DNSSECPrivateKey dpk; dpk.d_key.create(2048); // for testing, 1024 string isc = dpk.d_key.convertToISC(); DNSKEYRecordContent drc = dpk.getDNSKEY(); - drc.d_flags = 257; // ZSK + drc.d_flags = 257; // ZSK (?? for a KSK?) drc.d_algorithm = algorithm; string iscName=d_dirname+"/"+name+"/ksks/"; time_t now=time(0); struct tm ts; gmtime_r(&now, &ts); - iscName += (boost::format("%04d%02d%02d%02d%02d.%u") + unsigned int id=1; + iscName += (boost::format("%06d-%04d%02d%02d%02d%02d.%u") % id % (1900+ts.tm_year) % (ts.tm_mon + 1) % ts.tm_mday % ts.tm_hour % ts.tm_min % drc.getTag()).str(); diff --git a/pdns/dnsseckeeper.hh b/pdns/dnsseckeeper.hh index f777c7197..2c0b12a92 100644 --- a/pdns/dnsseckeeper.hh +++ b/pdns/dnsseckeeper.hh @@ -84,6 +84,7 @@ class DNSSECKeeper public: struct KeyMetaData { + unsigned int id; bool active; string fname; }; @@ -103,7 +104,7 @@ public: bool getNSEC3PARAM(const std::string& zname, NSEC3PARAMRecordContent* n3p=0); void setNSEC3PARAM(const std::string& zname, const NSEC3PARAMRecordContent* n3p); - + static unsigned int getNextKeyIDFromDir(const std::string& dirname); private: std::string d_dirname; }; diff --git a/pdns/pdnssec.cc b/pdns/pdnssec.cc index b9b5a64fb..e7b1de00c 100644 --- a/pdns/pdnssec.cc +++ b/pdns/pdnssec.cc @@ -210,6 +210,7 @@ try } checkZone(dk, cmds[1]); } +#if 0 else if(cmds[0] == "update-zone-keys") { if(cmds.size() != 2) { cerr << "Error: "<