Changeset 2221

Timestamp:

06/29/11 10:12:52 (2 years ago)

Author:

ahu

Message:

someone anonymous contributed this patch, thanks!

- Fix up spelling mistake - remove keys when using disable-dnssec - Fix
- formatting of help - Do better checking of arguments given to commands -
- When adding a key don't activate it initially.

Files:

• trunk/pdns/pdns/pdnssec.cc (modified) (19 diffs)

trunk/pdns/pdns/pdnssec.cc

@@ -349 +349 @@
     BOOST_FOREACH(DNSSECKeeper::keyset_t::value_type value, keyset) {
       dk.deactivateKey(zone, value.second.id);
+      dk.removeKey(zone, value.second.id);
     }
   }
@@ -464 +465 @@
     cerr<<"Usage: \npdnssec [options] [show-zone] [secure-zone] [rectify-zone] [add-zone-key] [deactivate-zone-key] [remove-zone-key] [activate-zone-key]\n";
     cerr<<"         [import-zone-key] [export-zone-key] [set-nsec3] [set-presigned] [unset-nsec3] [unset-presigned] [export-zone-dnskey]\n\n";
-    cerr<<"activate-zone-key ZONE KEY-ID   Activate the key with key id KEY-ID in ZONE\n";
-    cerr<<"add-zone-key ZONE [zsk|ksk]     Add a ZSK or KSK to a zone\n";
-    cerr<<"  [bits] [rsasha1|rsasha256]    and specify algorithm & bits\n";
-    cerr<<"check-zone ZONE                 Check a zone for correctness\n";
-    cerr<<"deactivate-zone-key             Dectivate the key with key id KEY-ID in ZONE\n";
-    cerr<<"disable-dnssec ZONE             Deactivate all keys and unset PRESIGNED\n";
-    cerr<<"export-zone-dnskey ZONE KEY-ID  Export to stdout the public DNSKEY described\n";
-    cerr<<"export-zone-key ZONE KEY-ID     Export to stdout the private key described\n";
-    cerr<<"hash-zone-record ZONE RNAME     Calculate the NSEC3 hash for RNAME in ZONE\n";
-    cerr<<"import-zone-key ZONE FILE       Import from a file a private key, ZSK or KSK\n";            
-    cerr<<"                [ksk|zsk]       Defaults to KSK\n";
-    cerr<<"rectify-zone ZONE               Fix up DNSSEC fields (order, auth)\n";
-    cerr<<"remove-zone-key ZONE KEY-ID     Remove key with KEY-ID from ZONE\n";
-    cerr<<"secure-zone ZONE                Add KSK and two ZSKs\n";
-    cerr<<"set-nsec3 ZONE 'params' [narrow]     Enable NSEC3 with PARAMs. Optionally narrow\n";
-    cerr<<"set-presigned ZONE              Use presigned RRSIGs from storage\n";
-    cerr<<"show-zone ZONE                  Show DNSSEC (public) key details about a zone\n";
-    cerr<<"unset-nsec3 ZONE                Switch back to NSEC\n";
-    cerr<<"unset-presigned ZONE            No longer use presigned RRSIGs\n\n";
+    cerr<<"activate-zone-key ZONE KEY-ID    Activate the key with key id KEY-ID in ZONE\n";
+    cerr<<"add-zone-key ZONE [zsk|ksk]      Add a ZSK or KSK to a zone\n";
+    cerr<<"  [bits] [rsasha1|rsasha256]     and specify algorithm & bits\n";
+    cerr<<"check-zone ZONE                  Check a zone for correctness\n";
+    cerr<<"deactivate-zone-key ZONE KEY-ID  Deactivate the key with key id KEY-ID in ZONE\n";
+    cerr<<"disable-dnssec ZONE              Deactivate all keys and unset PRESIGNED in ZONE\n";
+    cerr<<"export-zone-dnskey ZONE KEY-ID   Export to stdout the public DNSKEY described\n";
+    cerr<<"export-zone-key ZONE KEY-ID      Export to stdout the private key described\n";
+    cerr<<"hash-zone-record ZONE RNAME      Calculate the NSEC3 hash for RNAME in ZONE\n";
+    cerr<<"import-zone-key ZONE FILE        Import from a file a private key, ZSK or KSK\n";            
+    cerr<<"                [ksk|zsk]        Defaults to KSK\n";
+    cerr<<"rectify-zone ZONE                Fix up DNSSEC fields (order, auth)\n";
+    cerr<<"remove-zone-key ZONE KEY-ID      Remove key with KEY-ID from ZONE\n";
+    cerr<<"secure-zone ZONE                 Add KSK and two ZSKs\n";
+    cerr<<"set-nsec3 ZONE 'params' [narrow] Enable NSEC3 with PARAMs. Optionally narrow\n";
+    cerr<<"set-presigned ZONE               Use presigned RRSIGs from storage\n";
+    cerr<<"show-zone ZONE                   Show DNSSEC (public) key details about a zone\n";
+    cerr<<"unset-nsec3 ZONE                 Switch back to NSEC\n";
+    cerr<<"unset-presigned ZONE             No longer use presigned RRSIGs\n\n";
     cerr<<"Options:"<<endl;
     cerr<<desc<<endl;
@@ -497 +498 @@
   DNSSECKeeper dk;
 
-  if(cmds[0] == "rectify-zone" || cmds[0] == "order-zone") {
+  if(cmds[0] == "rectify-zone") {
     if(cmds.size() != 2) {
-      cerr << "Error: "<<cmds[0]<<" takes exactly 1 parameter"<<endl;
+      cerr << "Syntax: pdnssec rectify-zone ZONE"<<endl;
       return 0;
     }
@@ -506 +507 @@
   else if(cmds[0] == "check-zone") {
     if(cmds.size() != 2) {
-      cerr << "Error: "<<cmds[0]<<" takes exactly 1 parameter"<<endl;
+      cerr << "Syntax: pdnssec check-zone ZONE"<<endl;
       return 0;
     }
@@ -522 +523 @@
 #endif
   else if(cmds[0] == "test-speed") {
-    if(cmds.size() < 3) {
-      cerr << "Error: "<<cmds[0]<<" takes  2 or 3 parameters, zone numcores [signing-server]"<<endl;
+    if(cmds.size() < 2) {
+      cerr << "Syntax: pdnssec test-speed numcores [signing-server]"<<endl;
       return 0;
     }
@@ -530 +531 @@
   else if(cmds[0] == "verify-crypto") {
     if(cmds.size() != 2) {
-      cerr << "Error: "<<cmds[0]<<" takes exactly 1 parameter"<<endl;
+      cerr << "Syntax: pdnssec verify-crypto FILE"<<endl;
       return 0;
     }
@@ -538 +539 @@
   else if(cmds[0] == "show-zone") {
     if(cmds.size() != 2) {
-      cerr << "Error: "<<cmds[0]<<" takes exactly 1 parameter"<<endl;
+      cerr << "Syntax: pdnssec show-zone ZONE"<<endl;
       return 0;
     }
@@ -546 +547 @@
   else if(cmds[0] == "disable-dnssec") {
     if(cmds.size() != 2) {
-      cerr << "Error: "<<cmds[0]<<" takes exactly 1 parameter"<<endl;
+      cerr << "Syntax: pdnssec disable-dnssec ZONE"<<endl;
       return 0;
     }
@@ -553 +554 @@
   }
   else if(cmds[0] == "activate-zone-key") {
+    if(cmds.size() != 3) {
+      cerr << "Syntax: pdnssec activate-zone-key ZONE KEY-ID"<<endl;
+      return 0;
+    }
     const string& zone=cmds[1];
     unsigned int id=atoi(cmds[2].c_str());
@@ -558 +563 @@
   }
   else if(cmds[0] == "deactivate-zone-key") {
+    if(cmds.size() != 3) {
+      cerr << "Syntax: pdnssec deactivate-zone-key ZONE KEY-ID"<<endl;
+      return 0;
+    }
     const string& zone=cmds[1];
     unsigned int id=atoi(cmds[2].c_str());
@@ -563 +572 @@
   }
   else if(cmds[0] == "add-zone-key") {
+    if(cmds.size() < 3 ) {
+      cerr << "Syntax: pdnssec add-zone-key ZONE [zsk|ksk] [bits] [rsasha1|rsasha256]"<<endl;
+      return 0;
+    }
     const string& zone=cmds[1];
     // need to get algorithm, bits & ksk or zsk from commandline
@@ -595 +608 @@
     if(bits)
       cerr<<"Requesting specific key size of "<<bits<<" bits"<<endl;
-    dk.addKey(zone, keyOrZone, algorithm, bits); 
+    dk.addKey(zone, keyOrZone, algorithm, bits, false); 
   }
   else if(cmds[0] == "remove-zone-key") {
     if(cmds.size() < 3) {
-      cerr<<"Syntax: pdnssec remove-zone-key ZONE KEY-ID\n";
+      cerr<<"Syntax: pdnssec remove-zone-key ZONE KEY-ID";
       return 0;
     }
@@ -609 +622 @@
   else if(cmds[0] == "secure-zone") {
     if(cmds.size() < 2) {
-      cerr << "Error: "<<cmds[0]<<" takes at least 1 parameter"<<endl;
+      cerr << "Syntax: pdnssec secure-zone ZONE"<<endl;
       return 0;
     }
@@ -626 +639 @@
   }
   else if(cmds[0]=="set-nsec3") {
+    if(cmds.size() < 2) {
+      cerr<<"Syntax: pdnssec set-nsec3 ZONE 'params' [narrow]"<<endl;
+      return 0;
+    }
     string nsec3params =  cmds.size() > 2 ? cmds[2] : "1 1 1 ab";
     bool narrow = cmds.size() > 3 && cmds[3]=="narrow";
@@ -638 +655 @@
   else if(cmds[0]=="set-presigned") {
     if(cmds.size() < 2) {
-      cerr<<"Wrong number of arguments, syntax: set-presigned DOMAIN"<<endl;
+      cerr<<"Syntax: pdnssec set-presigned ZONE"<<endl;
+      return 0; 
     }
     dk.setPresigned(cmds[1]);
   }
   else if(cmds[0]=="unset-presigned") {
-        if(cmds.size() < 2) {
-                cerr<<"Wrong number of arguments, syntax: unset-presigned DOMAIN"<<endl;
-        }
+    if(cmds.size() < 2) {
+      cerr<<"Syntax: pdnssec unset-presigned ZONE"<<endl;
+      return 0; 
+    }
     dk.unsetPresigned(cmds[1]);
   }
   else if(cmds[0]=="hash-zone-record") {
     if(cmds.size() < 3) {
-      cerr<<"Wrong number of arguments, syntax: hash-zone-record ZONE RECORD"<<endl;
+      cerr<<"Syntax: pdnssec hash-zone-record ZONE RNAME"<<endl;
       return 0;
     }
@@ -668 +687 @@
   }
   else if(cmds[0]=="unset-nsec3") {
+    if(cmds.size() < 2) {
+      cerr<<"Syntax: pdnssec unset-nsec3 ZONE"<<endl;
+      exit(1);
+    }
     dk.unsetNSEC3PARAM(cmds[1]);
   }
   else if(cmds[0]=="export-zone-key") {
     if(cmds.size() < 3) {
-      cerr<<"Syntax: pdnssec export-zone-key zone-name id"<<endl;
-      cerr<<cmds.size()<<endl;
+      cerr<<"Syntax: pdnssec export-zone-key ZONE KEY-ID"<<endl;
       exit(1);
     }
@@ -684 +706 @@
   else if(cmds[0]=="import-zone-key-pem") {
     if(cmds.size() < 4) {
-      cerr<<"Syntax: pdnssec import-zone-key zone-name filename.pem algorithm [zsk|ksk]"<<endl;
+      cerr<<"Syntax: pdnssec import-zone-key ZONE FILE algorithm [zsk|ksk]"<<endl;
       exit(1);
     }
@@ -728 +750 @@
   }
   else if(cmds[0]=="import-zone-key") {
-    if(cmds.size() < 3) {
-      cerr<<"Syntax: pdnssec import-zone-key zone-name filename [zsk|ksk]"<<endl;
+    if(cmds.size() < 4) {
+      cerr<<"Syntax: pdnssec import-zone-key ZONE FILE [zsk|ksk]"<<endl;
       exit(1);
     }
@@ -762 +784 @@
   else if(cmds[0]=="export-zone-dnskey") {
     if(cmds.size() < 3) {
-      cerr<<"Syntax: pdnssec export-zone-dnskey zone-name id"<<endl;
+      cerr<<"Syntax: pdnssec export-zone-dnskey ZONE KEY-ID"<<endl;
       exit(1);
     }