Context Navigation

← Previous Changeset
Next Changeset →

Changeset 1758

Timestamp:

12/27/10 16:57:14 (2 years ago)

Author:

ahu

Message:

this implies that there will be more dnsseckeepers - database backed for example

Files:

: 1 copied

trunk/pdns/pdns/fsdnsseckeeper.cc (copied) (copied from trunk/pdns/pdns/dnsseckeeper.cc) (14 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/pdns/pdns/fsdnsseckeeper.cc

r1755	r1758
63	63	}
64	64
65		bool DNSSECKeeper::haveKSKFor(const std::string& zone, DNSSECPrivateKey* dpk)
66		{
67		fs::path full_path = fs::system_complete( fs::path(d_dirname + "/" + zone + "/ksks/" ) );
	65	bool DNSSECKeeper::haveActiveKSKFor(const std::string& zone, DNSSECPrivateKey* dpk)
	66	{
	67	keyset_t keys = getKeys(zone, true);
	68	// need to get an active one!
	69	if(dpk && !keys.empty()) {
	70	*dpk = keys.begin()->first;
	71	}
	72	return !keys.empty();
	73
	74	#if 0
	75	fs::path full_path = fs::system_complete( fs::path(d_dirname + "/" + zone + "/keys/" ) );
68	76
69	77	if ( !fs::exists( full_path ) )
…	…
95	103
96	104	return false;
	105	#endif
97	106	}
98	107
…	…
117	126	}
118	127
119		void DNSSECKeeper::addZSKFor(const std::string& name, int algorithm, bool active)
	128	std::string DNSSECKeeper::getKeyFilenameById(const std::string& dirname, unsigned int id)
	129	{
	130	fs::path full_path = fs::system_complete( fs::path(dirname));
	131
	132	if ( !fs::exists( full_path ) )
	133	unixDie("Unable to get free key id from '"+dirname+"'");
	134
	135	fs::directory_iterator end_iter;
	136	pair<string, string> parts;
	137	for ( fs::directory_iterator dir_itr( full_path );
	138	dir_itr != end_iter;
	139	++dir_itr )
	140	{
	141	parts = splitField(dir_itr->leaf(), '-');
	142	if(atoi(parts.first.c_str()) == (signed int)id)
	143	return dirname+"/"+dir_itr->leaf();
	144	}
	145	throw runtime_error("Could not get filename for key id '"+lexical_cast<string>(id)+"'");
	146	}
	147
	148
	149	void DNSSECKeeper::addKey(const std::string& name, bool keyOrZone, int algorithm, bool active)
120	150	{
121	151	DNSSECPrivateKey dpk;
…	…
126	156	drc.d_flags = 256; // KSK
127	157	drc.d_algorithm = algorithm;
128		string iscName=d_dirname+"/"+name+"/~~zsk~~s/";
	158	string iscName=d_dirname+"/"+name+"/keys/";
129	159	unsigned int id = getNextKeyIDFromDir(iscName);
130	160	time_t inception=time(0);
…	…
133	163	gmtime_r(&inception, &ts);
134	164
135		iscName += (boost::format("%06d-%04d%02d%02d%02d%02d") % id
	165	iscName += (boost::format("%06d-%04d%02d%02d%02d%02d.%u") % id
136	166	% (1900+ts.tm_year) % (ts.tm_mon + 1)
137		% ts.tm_mday % ts.tm_hour % ts.tm_min).str();
138
	167	% ts.tm_mday % ts.tm_hour % ts.tm_min % drc.getTag()).str();
	168
	169	iscName += keyOrZone ? ".ksk" : ".zsk";
139	170	iscName += active ? ".active" : ".passive";
140	171
…	…
152	183
153	184
154		static bool zskCompareByID(const DNSSECKeeper::~~zskset_t::value_type& a, const DNSSECKeeper::zsk~~set_t::value_type& b)
	185	static bool zskCompareByID(const DNSSECKeeper::keyset_t::value_type& a, const DNSSECKeeper::keyset_t::value_type& b)
155	186	{
156	187	return a.second.id < b.second.id;
157	188	}
158	189
159		void DNSSECKeeper::deleteZSKFor(const std::string& zname, const std::string& fname)
160		{
161		unlink((d_dirname +"/"+ zname +"/zsks/"+fname).c_str());
	190	void DNSSECKeeper::removeKey(const std::string& zname, unsigned int id)
	191	{
	192	// unlink((d_dirname +"/"+ zname +"/zsks/"+fname).c_str());
	193	abort();
	194	}
	195
	196	void DNSSECKeeper::deactivateKey(const std::string& zname, unsigned int id)
	197	{
	198	// unlink((d_dirname +"/"+ zname +"/zsks/"+fname).c_str());
	199	string fname = getKeyFilenameById(d_dirname+"/keys/", id);
	200	string newname = boost::replace_last_copy(fname, ".active", ".passive");
	201	if(rename(fname.c_str(), newname.c_str()) < 0)
	202	unixDie("renaming file to deactivate key, from: '"+fname+"' to '"+newname+"'");
	203	}
	204
	205	void DNSSECKeeper::activateKey(const std::string& zname, unsigned int id)
	206	{
	207	// unlink((d_dirname +"/"+ zname +"/zsks/"+fname).c_str());
	208	abort();
162	209	}
163	210
…	…
202	249
203	250
204		DNSSECKeeper::~~zskset_t DNSSECKeeper::getZSKsFor(const std::string& zone, bool all~~)
205		{
206		~~zskset_t zsk~~set;
207
208		fs::path full_path = fs::system_complete( fs::path(d_dirname + "/" + zone + "/~~zsk~~s/" ) );
	251	DNSSECKeeper::keyset_t DNSSECKeeper::getKeys(const std::string& zone, boost::tribool allOrKeyOrZone)
	252	{
	253	keyset_t keyset;
	254
	255	fs::path full_path = fs::system_complete( fs::path(d_dirname + "/" + zone + "/keys/" ) );
209	256
210	257	if ( !fs::exists( full_path ) )
211		return ~~zsk~~set;
	258	return keyset;
212	259
213	260	fs::directory_iterator end_iter;
…	…
216	263	++dir_itr )
217	264	{
218		// cerr<<"Entry: '"<< dir_itr->leaf() <<"'"<<endl;
	265	//cerr<<"Entry: '"<< dir_itr->leaf() <<"'"<<endl;
219	266	if(ends_with(dir_itr->leaf(),".isc")) {
220		~~//cerr<<"Hit!"<<endl;~~
221	267	DNSSECPrivateKey dpk;
222	268	getRSAKeyFromISC(&dpk.d_key.getContext(), dir_itr->path().file_string().c_str());
…	…
236	282	unsigned int id;
237	283	sscanf(dir_itr->leaf().c_str(), "%06u-%04d%02d%02d%02d%02d",
238		&id,
239		&ts1.tm_year,
240		&ts1.tm_mon, &ts1.tm_mday, &ts1.tm_hour, &ts1.tm_min);
	284	&id,
	285	&ts1.tm_year,
	286	&ts1.tm_mon, &ts1.tm_mday, &ts1.tm_hour, &ts1.tm_min);
241	287
242	288
…	…
247	293	KeyMetaData kmd;
248	294
249		kmd.id = id;
	295	kmd.id = id;
250	296	kmd.fname = dir_itr->leaf();
251	297	kmd.active = kmd.fname.find(".active") != string::npos;
252		zskset.push_back(make_pair(dpk, kmd));
	298	kmd.keyOrZone = kmd.fname.find(".ksk") != string::npos;
	299	if(boost::indeterminate(allOrKeyOrZone) \|\| allOrKeyOrZone == kmd.keyOrZone)
	300	keyset.push_back(make_pair(dpk, kmd));
253	301	}
254		sort(~~zskset.begin(), zsk~~set.end(), zskCompareByID);
255		}
256
257		return ~~zsk~~set;
	302	sort(keyset.begin(), keyset.end(), zskCompareByID);
	303	}
	304
	305	return keyset;
258	306	}
259	307
…	…
267	315	{
268	316	mkdir((d_dirname+"/"+name).c_str(), 0700);
269		mkdir((d_dirname+"/"+name+"/ksks").c_str(), 0700);
270		if(mkdir((d_dirname+"/"+name+"/zsks").c_str(), 0700) < 0)
	317	if(mkdir((d_dirname+"/"+name+"/keys").c_str(), 0700) < 0)
271	318	unixDie("Making directory for keys in '"+d_dirname+"'");
272	319
	320
273	321	// now add the KSK
	322
	323	addKey(name, true, algorithm);
	324	#if 0
274	325
275	326	DNSSECPrivateKey dpk;
…	…
280	331	drc.d_flags = 257; // ZSK (?? for a KSK?)
281	332	drc.d_algorithm = algorithm;
282		string iscName=d_dirname+"/"+name+"/ksks/";
	333	string iscName=d_dirname+"/"+name+"/keys/";
283	334
284	335	time_t now=time(0);
…	…
286	337	gmtime_r(&now, &ts);
287	338	unsigned int id=1;
288		iscName += (boost::format("%06d-%04d%02d%02d%02d%02d.%u") % id
	339	iscName += (boost::format("%06d-%04d%02d%02d%02d%02d.%u.%s.%s") % id
289	340	% (1900+ts.tm_year) % (ts.tm_mon + 1)
290		% ts.tm_mday % ts.tm_hour % ts.tm_min % drc.getTag()).str();
	341	% ts.tm_mday % ts.tm_hour % ts.tm_min % drc.getTag() % "ksk" % "active").str();
291	342
292	343
…	…
300	351	dnskeyFile << toCanonic("", name) << " IN DNSKEY " << drc.getZoneRepresentation()<<endl;
301	352	}
302
	353	#endif
303	354	}
304	355

Context Navigation

Changeset 1758

Legend:

trunk/pdns/pdns/fsdnsseckeeper.cc

Download in other formats: