ACC SHELL

Path : /proc/self/root/usr/bin/
File Upload :
Current File : //proc/self/root/usr/bin/genDDNSkey

#!/bin/bash
# Peter Poeml poeml@suse.de

progname=$(basename $0)

keyfile_default=/etc/named.keys
keyname_default=DHCP_UPDATER
random_dev_default=/dev/random
force=false

function usage 
{
cat 1>&2 <<- EOF

	Usage:
	
	  $progname <options>  
	
	Options:
	
	  -f|--key-file <FILENAME> 	includable key is written to this file
	                                (default: $keyfile_default)
	  -n|--key-name <NAME>		name of the key (default: $keyname_default)
	  -d|--key-dir <NAME>           public / private key directory
	                                (default is key-file directory)
	  -r|--random			random device to use (default: $random_dev_default)
	  --force			overwrite an existing key file
	  --help			print usage info

	See /usr/share/doc/packages/dhcp-server/DDNS-howto.txt (in dhcp-server
	package) about configuration of a DHCP server to do DDNS updates.

EOF
exit 1
}

while [ $# -ge 1 ]; do
	case "$1" in
	"")
		;;

	-f|--key-file)  
		shift
		KEYFILE=${1:?option requires an argument} ;;

	-n|--key-name)  
		shift
		KEYNAME=${1:?option requires an argument} ;;

	-d|--key-dir)  
		shift
		KEY_DIR=${1:?option requires an argument} ;;

	-r|--random)  
		shift
		RANDOM_DEV=${1:?option requires an argument} ;;

	--force)  
		force=true ;;

	-h|--help|*)  
		usage ;;

	esac
	shift
done

: ${KEYFILE:=$keyfile_default}
: ${KEYNAME:=$keyname_default}
: ${KEY_DIR:=$(dirname "$KEYFILE")}
: ${RANDOM_DEV:=$random_dev_default}

if ! $force; then
	if [ -e "$ROOT/$KEYFILE" ]; then
		echo >&2 "File '$KEYFILE' exists, use --force to overwrite."
		exit 1
	fi
fi

# This is where the keys are created
cd $ROOT/$KEY_DIR &>/dev/null || {
	echo >&2 "Key directory '$KEY_DIR' does not exists."
	exit 1
}

# determine the BIND version
if [ -f /usr/sbin/rndc ]; then 
	bind9=true
elif [ -f /usr/sbin/ndc ]; then
	bind9=false
else
	echo >&2 "Could not determine the BIND version. Exiting."
	exit 1
fi

umask 600

# generate a 512 bit HMAC-MD5 Zone (DNS validation) key
if $bind9; then 
	keyfile=$(/usr/sbin/dnssec-keygen -a hmac-md5 -b 512 -r ${RANDOM_DEV} -n user "${KEYNAME}")
else
	keyfile=$(/usr/sbin/dnskeygen -H 512 -z -c -n "${KEYNAME}")
	# dhskeygen has (had) a weekness, it puts one key into a world readable file
	# (see http://xforce.iss.net/alerts/advise78.php)
	chmod 600 $keyfile*
fi
# now we've got files like these:
# -rw-------    1 root     root           77 Sep 11 01:03 K${KEYNAME}+157+00000.private
# -rw-r--r--    1 root     root           58 Sep 11 01:03 K${KEYNAME}+157+00000.key
#
#                                                          ----------     -----
#                                                          name           key id
#
#                                                                     ---
#                                                                     157 is short
#                                                                     for hmac-md5
echo $keyfile

# read the secret 
while read line; do
	case $line in 
	Key:*)	secret=${line#* }
	esac
done < $keyfile.private


cat >"$KEYFILE" <<-EOF

# generated by $(basename $0) on $(date)

key ${KEYNAME} {
	$(if $bind9; then 
		echo "algorithm hmac-md5;"
	else
		echo "algorithm HMAC-MD5.SIG-ALG.REG.INT;"
	fi)
        secret "$secret";
};


EOF

# set permissions
chown root.named "$KEYFILE"
chmod 640 "$KEYFILE"

ACC SHELL 2018