"Fossies" - the Fresh Open Source Software Archive

Member "bind-9.16.7/bin/python/isc/keymgr.py.in" (4 Sep 2020, 6533 Bytes) of package /linux/misc/dns/bind9/9.16.7/bind-9.16.7.tar.xz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Python source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 ############################################################################
    2 # Copyright (C) Internet Systems Consortium, Inc. ("ISC")
    3 #
    4 # This Source Code Form is subject to the terms of the Mozilla Public
    5 # License, v. 2.0. If a copy of the MPL was not distributed with this
    6 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
    7 #
    8 # See the COPYRIGHT file distributed with this work for additional
    9 # information regarding copyright ownership.
   10 ############################################################################
   11 
   12 from __future__ import print_function
   13 import os, sys, argparse, glob, re, time, calendar, pprint
   14 from collections import defaultdict
   15 
   16 prog='dnssec-keymgr'
   17 
   18 from isc import dnskey, keydict, keyseries, policy, parsetab, utils
   19 
   20 ############################################################################
   21 # print a fatal error and exit
   22 ############################################################################
   23 def fatal(*args, **kwargs):
   24     print(*args, **kwargs)
   25     sys.exit(1)
   26 
   27 ############################################################################
   28 # find the location of an external command
   29 ############################################################################
   30 def set_path(command, default=None):
   31     """ find the location of a specified command. If a default is supplied,
   32     exists and it's an executable, we use it; otherwise we search PATH
   33     for an alternative.
   34     :param command: command to look for
   35     :param default: default value to use
   36     :return: PATH with the location of a suitable binary
   37     """
   38     fpath = default
   39     if not fpath or not os.path.isfile(fpath) or not os.access(fpath, os.X_OK):
   40         path = os.environ["PATH"]
   41         if not path:
   42             path = os.path.defpath
   43         for directory in path.split(os.pathsep):
   44             fpath = directory + os.sep + command
   45             if os.path.isfile(fpath) and os.access(fpath, os.X_OK):
   46                 break
   47             fpath = None
   48 
   49     return fpath
   50 
   51 ############################################################################
   52 # parse arguments
   53 ############################################################################
   54 def parse_args():
   55     """ Read command line arguments, returns 'args' object
   56     :return: args object properly prepared
   57     """
   58 
   59     keygen = set_path('dnssec-keygen',
   60                       os.path.join(utils.prefix('sbin'), 'dnssec-keygen'))
   61     settime = set_path('dnssec-settime',
   62                        os.path.join(utils.prefix('sbin'), 'dnssec-settime'))
   63 
   64     parser = argparse.ArgumentParser(description=prog + ': schedule '
   65                                      'DNSSEC key rollovers according to a '
   66                                      'pre-defined policy')
   67 
   68     parser.add_argument('zone', type=str, nargs='*', default=None,
   69                         help='Zone(s) to which the policy should be applied ' +
   70                         '(default: all zones in the directory)')
   71     parser.add_argument('-K', dest='path', type=str,
   72                         help='Directory containing keys', metavar='dir')
   73     parser.add_argument('-c', dest='policyfile', type=str,
   74                         help='Policy definition file', metavar='file')
   75     parser.add_argument('-g', dest='keygen', default=keygen, type=str,
   76                         help='Path to \'dnssec-keygen\'',
   77                         metavar='path')
   78     parser.add_argument('-r', dest='randomdev', type=str, default=None,
   79                         help='DEPRECATED',
   80                         metavar='path')
   81     parser.add_argument('-s', dest='settime', default=settime, type=str,
   82                         help='Path to \'dnssec-settime\'',
   83                         metavar='path')
   84     parser.add_argument('-k', dest='no_zsk',
   85                         action='store_true', default=False,
   86                         help='Only apply policy to key-signing keys (KSKs)')
   87     parser.add_argument('-z', dest='no_ksk',
   88                         action='store_true', default=False,
   89                         help='Only apply policy to zone-signing keys (ZSKs)')
   90     parser.add_argument('-f', '--force', dest='force', action='store_true',
   91                         default=False, help='Force updates to key events '+
   92                         'even if they are in the past')
   93     parser.add_argument('-q', '--quiet', dest='quiet', action='store_true',
   94                         default=False, help='Update keys silently')
   95     parser.add_argument('-v', '--version', action='version',
   96                         version=utils.version)
   97 
   98     args = parser.parse_args()
   99 
  100     if args.randomdev:
  101         fatal("ERROR: -r option has been deprecated.")
  102     
  103     if args.no_zsk and args.no_ksk:
  104         fatal("ERROR: -z and -k cannot be used together.")
  105 
  106     if args.keygen is None:
  107         fatal("ERROR: dnssec-keygen not found")
  108 
  109     if args.settime is None:
  110         fatal("ERROR: dnssec-settime not found")
  111 
  112     # if a policy file was specified, check that it exists.
  113     # if not, use the default file, unless it doesn't exist
  114     if args.policyfile is not None:
  115         if not os.path.exists(args.policyfile):
  116             fatal('ERROR: Policy file "%s" not found' % args.policyfile)
  117     else:
  118         args.policyfile = os.path.join(utils.sysconfdir,
  119                                        'dnssec-policy.conf')
  120         if not os.path.exists(args.policyfile):
  121             args.policyfile = None
  122 
  123     return args
  124 
  125 ############################################################################
  126 # main
  127 ############################################################################
  128 def main():
  129     args = parse_args()
  130 
  131     # As we may have specific locations for the binaries, we put that info
  132     # into a context object that can be passed around
  133     context = {'keygen_path': args.keygen,
  134                'settime_path': args.settime,
  135                'keys_path': args.path,
  136                'randomdev': args.randomdev}
  137 
  138     try:
  139         dp = policy.dnssec_policy(args.policyfile)
  140     except Exception as e:
  141         fatal('Unable to load DNSSEC policy: ' + str(e))
  142 
  143     try:
  144         kd = keydict(dp, path=args.path, zones=args.zone)
  145     except Exception as e:
  146         fatal('Unable to build key dictionary: ' + str(e))
  147 
  148     try:
  149         ks = keyseries(kd, context=context)
  150     except Exception as e:
  151         fatal('Unable to build key series: ' + str(e))
  152 
  153     try:
  154         ks.enforce_policy(dp, ksk=args.no_zsk, zsk=args.no_ksk,
  155                           force=args.force, quiet=args.quiet)
  156     except Exception as e:
  157         fatal('Unable to apply policy: ' + str(e))