diff options
author | Martin Nagy <mnagy@redhat.com> | 2008-12-09 19:31:51 +0100 |
---|---|---|
committer | Martin Nagy <mnagy@redhat.com> | 2008-12-09 19:31:51 +0100 |
commit | 9b941ce45484431bf095ffc39f242e81c716cbd5 (patch) | |
tree | 5e9fb4d5945e88d78d61591cdd803e8174520f81 /contrib/zkt | |
download | bind_dynamic-9b941ce45484431bf095ffc39f242e81c716cbd5.tar.gz bind_dynamic-9b941ce45484431bf095ffc39f242e81c716cbd5.tar.xz bind_dynamic-9b941ce45484431bf095ffc39f242e81c716cbd5.zip |
Initial import.bind-9-6-0-rc1
Diffstat (limited to 'contrib/zkt')
157 files changed, 23288 insertions, 0 deletions
diff --git a/contrib/zkt/CHANGELOG b/contrib/zkt/CHANGELOG new file mode 100644 index 0000000..40fb02e --- /dev/null +++ b/contrib/zkt/CHANGELOG @@ -0,0 +1,446 @@ +zkt 0.97 -- + +* bug LG_* logging level wasn't mapped to syslog level in lg_mesg(). + gettock() in ncparse.c did not recognize C single line comments "//" + (Thanks to Frank Behrens for finding this out) + +* misc dist_and_reload () now calls the "Distribute_Cmd" twice: + First with argument "distribute" for signed zone file distribution, + second with argument "reload" to initiate a reload. + Again see example/flat/dist.sh for an example script. + +* bug full KSK rollover will (mostly) also work for dynamic zones + This is a hack and requires further investigation. Currently + it will not work if someone is using non standard zone file + names. + +* misc default ZSK lifetime set to 3 month + +* misc get_mtime() renamed to file_mtime() + +* func is_exec_ok() added and called in dist_and_reload () + +* func New parameter "Distribute_Cmd" added for specifing a user + defined distribution (and reload) command (See example/flat/dist.sh). + +* misc Changed wording to be a bit more consistent to + draft-gudmundsson-life-of-dnskey-00.txt + - State of published key will be print as "pub" instead of "pre" + by dnssec-zkt. + - Option --pre-publish of dnssec-zkt changed to --published. + - Changed wording in all comments and log message from "pre-publish" + to "published". + +* func Highly experimental code to do a full automatic ksk rollover + in hierachical mode. + ksk_rollover() added in rollover.c; parameter change for ksk_status() + +* misc Changed name of "dnssec-soaserial" to "zkt-soaserial" + +* bug Fixed verbose logging error if -N or -D option was used + +* func Some LG_INFO messages added about key status change + +* func Remove of function to register a new ksk (zktr.[ch]) + +* misc Changed licence from GNU GPLv2 to BSD licence + +* bug Fixed bug in logging of ZSK rollover + +* misc Changed tar file to zipped one and archive the files with + toplevel directory + +* bug Fixed use of uninitialized vars in zconf.c (line) + +* port Preparation for use of autoconf + - config.h renamed to config_zkt.h and change of include directives + - conditional include of config.h + - ./configure script is able to determine BIND utility path + (BIND_UTIL_PATH) and version (BIND_VERSION) + - compile time options are settable via configure script (--enable-xxx) + - For now, the configure script is not able to set the install dir. + +* bug ksk rollover phase2 did not trigger resigning of parent + (the parent file was copied to the parent directory only + after child zone resigning) + +* bug fixed bad notice message in zskstatus () + +* func dnssec-zkt -Z print out syslog facility & level with + upper case letter and without quotation marks + +* func Syslog facility DAEMON added + +zkt 0.96 -- 19. June 2008 + +* func Config file option "SIG_Parameter" added. + +* func Function verbmesg() added and used for verbose logging + to stdout and/or to syslog resp. file. + Config file parameter VerboseLog added to config file. + +* bug Option -O wasn't recognized by dnssec-signer + +* func Better support of initial setup of dynamic signed + zones (just create an empty "zone.db.dsigned" file + and run dnssec-signer with option -d). + +* func Improved error logging; incr_soa() errors are written + as clear text message instead of error number + +* func elog_mesg() function replaced by a more general + logging mechanism. + ErrorLog config parameter replaced by LogFile, + LogLevel and SyslogFacility, SyslogLevel parameter + +* func New function filesize() added + +* func dki_prt_trustedkey print out old key id if key + is revoked + +* func dki_new() writes gentime (GMT) and proposed key + lifetime (days) as comment into the *.key file + +* bug Doing some housekeeping + +zkt 0.95 -- 19. April 2008 + +* misc This is not a public released version of zkt. + +* func All config file option are now settable via + commandline option -O (--option or --config-option) + +* misc Function fatal() now has an exit code of 127. + This is neccessary because values from 1 to 64 are + reflecting the number of errors occured. + +* func Errorlog functionality added + All dnssec-signer errors will be logged in the file + specified by the Errorlog config file parameter or + specified by the command line option -L (--errorlog). + If a directory is given, then the logging will occur + in a file within this directory which is named + like "zkt-<current-date>.log". + The dnssec-signer command has an exit code of 0 if + no error occured, an exit code of 127 on fatal errors, + an exit code from 1 to 63 reflecting the number of errors + occured, or an exit code of 64 if more than 63 errors + occured. + +* func dnssec-signer: Introducing long options + +* bug New skript added to example/views directory to + read in the right config file + +* func New option -f (--lifetime) and -F (--setlifetime) + added to dnssec-zkt. + +* func New option -e (--expire) added to dnssec-zkt. + (Seems to be that the dnssec-zkt command is a little + bit overloaded with options.) + +* func dki.c and zkt.c supports storage of key lifetime, + generation time and expiration time as a comment in the + .key file. With this, it's possible to change the default + lifetime without any impact on already used keys. + +zkt 0.94 -- 6. Dec 2007 + +* bug Case mismatch of zone name and key file name prevent + dki_read() from reading the key. + Thanks to Alan Clegg for finding this out. + Added some additional error processing and convert + zone name to lower case. + +* misc Builtin default for KSK_randfile changed + from NULL to "/dev/urandom". + +* bug dnssec-signer has to use private keys for signing + even if the revoke bit is set. + To achieve this the file pattern K*.private is added + to the dnssec-signzone run. + +* bug Uninitialized variable "len" in sign_zone(). + +* func Default config file is settable via environment + variable ZKT_CONFFILE + +* func Support of views added + Link dnssec-zkt to dnssec-zkt-<view> and + dnssec-signer to dnssec-signer-<view>. + Option -V and --view added to dnssec-zkt. + Option -V added to dnssec-signer. + View support added to parse_namedconf(). + +zkt 0.93 -- 1. Nov 2007 + +* func The ksk registration mechanism is disabled by + default (see REG_URL in config.h). + +* func Basic support for revoke flag added (RFC5011). + Semantic of option -R of dnssec-zkt changed. + +* func Undocumented option -S changed to lower case. + Pre-pulished KSK will be shown as "standby" key. + New Option -S (standby) for pre-publish KSK. + +* func New command dnssec-soaserial added. + +* bug dnssec-signer do not print the incremented serial + number anymore. + time2str() fixed bug in time format (HAS_STRFTIME=0). + +* port New build dependencies "solaris", "macos" and "help" + added to Makefile. + +zkt 0.92 -- 1. Oct 2007 + +* func Parameter "Serialformat" in dnssec.conf added . + Now it is possible to use the unixtime format for + the SOA serial number. If you use BIND 9.4 or + greater in conjunction with this, than there is no + need for the special SOA serial formating in + the zonefile. (Thanks to Jakob Schlyter for the + -N option of dnssec-signzone and the suggestion to + add the unixtime support to zkt) + +* func Option --ksk-roll-stat added. + +* port Added macro HAS_GETOPT_LONG to support OS with + lack of getopt_long() (e.g. solaris). + Options -[01239] added. + +* misc Unused macro HAS_ULONG removed from config.h. + Deklaration of unsigned types moved from dki.h to + config.h (so it will be available in _all_ source + files). Thanks to Mans Nilsson. + Unused macro isblank() (ncparse.c) removed. + +* bug In dosigning(): freeze the dynamic zone _before_ copying + the zone file. + +zkt 0.91 -- 1. Apr 2007 + +* doc --ksk-rollover option added to usage(). + +* func some experimental code for dynamic zones added. + new functions added: copyzonefile(), dyn_update_freeze(). + New option "-d" added. + +zkt 0.90 -- 6. Dec 2006 + +* func CHECK_RESIGN interval added to config.h. + This is the dnssec-signer calling interval (at least 1 day or 86400 sec). + +* func new function dki_destroy() added; semantic of dk_remove() + changed to rename the key files instead of physical deletion. + +* doc Setup of new example directory (flat and hierarchical). + +* doc dnssec-zkt man page updated. + Added some comments in misc.c + +* misc function strtaint() renamed to str_untaint(), + dki_keycmp() renamed to dki_tagcmp(). + +* func New parameter key_ttl added to dnssec.conf. + New func dki_prt_dnskeyttl () added. + Now dnskey.db is written with key_ttl value. + +* func dnssec-signer: In hierarchical mode sign_zone() copies the + parent-file (if such a file exist) instead of the + keyset-file to the parent directory. + +* func dnssec-zkt: Option --ksk-roll-phase[123] and function + ksk_rollover() added. + +* misc zconf: default values for sigvalidity, resign_int etc. changed, + new dnssec.conf example file created. + +* func dnssec-zkt: Long option support added. + +zkt 0.83 -- 11. Sep 2006 + +* bug dosigning(): Fixed bug in the bug fixing of printing undefined + serial number if incr_serial() failed. (Thanks to Randy McCasskill). + +zkt 0.82 -- 8. Sep 2006 + +* bug Use option -e for dnssec-keygen calls in dki_new(), because + an RSA exponent of 3 is vulnerable. + +* bug dosigning(): Fixed bug in printing undefined serial + number if incr_serial() failed. + + an RSA exponent of 3 is vulnerable. + +* bug dosigning(): Fixed bug in printing undefined serial + number if incr_serial() failed. + +zkt 0.81 -- 13. July 2006 + +* bug The function ceatekey() won't work with USE_TREE. + Size of MAX_DNAME increased. + +zkt 0.8 -- 09. July 2006 + +* func Now a hierarchical directory structure with subdomains stored in + subfolders of the parent domain are allowed. Added copyfile(), + cmpfile() and new_keysetfiles() for that. + +* func Config parameter added to choose if the domain name is + right or left justified listed by dnssec-zkt (printkeyinfo). + +* func New class of key added ("sep"). A SEP key is a (public) key file + without the private counterpart. So we could use the key solely + as an secure entry point. (dki.h, dki_read). + +zkt 0.70 -- 15. Sep 2005 + +* func Experimental code added to use a binary search tree instead of a + single linked list. This is mainly for performance improvement for large + sites. If you don't want to use it, set USE_TREE in config.h to zero. + In the first step only dnssec-zkt use the new data structure. + The tree is build over the domain names and each node is the starting point + of a linked list of keys. + As a result, it's not possible anymore to search on key tags only. You have + to specify the domain name plus the tag. :-( + +* func Function parseurl added. + +* func Experimental code to register a new ksk. Currently it's more like + a key announcement because of the lack of identification and + authentication. + +zkt 0.65 -- 22. Aug 2005 + +* misc Rewrite of the domaincmp() function. Now it's round about 2 times faster. + After some additional changes and the compiler option -O3 the dnssec-zkt + on the ~ 12000 zones requires only a minute + $ time dnssec-zkt -z -r sec > /dev/null + real 0m58.287s + user 0m54.610s + sys 0m3.680s + +* func A keyset directory is introduced (experimental) + The parameter -d is added to the call of the dnssec-signzone command + if the config option KeySetDir is set. + As a result, all dsset-, keyset- and dlvset- files are stored in one directory. + The advantage is, that the chain of trust of all local subzone is build + automatically (This is the reason why we sort the zones with the child zones + first). + The disadvantage is that we store many files in single directory (3 files + per zone). + +zkt 0.64 -- 1. Aug 2005 + +* bug The code for option -Z of dnssec-zkt should be executed before we read the + complete directory tree. This is usefull if we have a very deep directory + structure and the recursive flag is switched on. + +* func SIG_Pseudorand parameter added. + +* func ([KZ]SK)|(SIG)_randfile parameter added. + +* func measure the time used for signing of each zone. + +* bug function logflush() added to misc.c and called by dosigning(). + +* misc some perfomance test made: + - Directory structure "sec/<firstletter>/domain" with round about 12200 domains + - One of the domain is a big one (~ 820000 RRs), the others are mostly very small ones + - We use a dsa with 704 bits as ksk and a rsamd5 with 512 bits as zsk on each domain. + - All test made on Sun Fire V440 with 4 CPU and 4x2GB main memory + + # sequential signing of all zones + $ time dnssec-signer -v -v -f -D sec + real 434m (~ 7h 14min) + user 188 + sys 175 + + # with option -p and -r /dev/urandom + $ time dnssec-signer -v -v -f -D sec > log + real 96m28.306s + user 290m41.980s + sys 6m13.790s + + # one process for each firstletter subdirectory + $ time par_signer.sh + real 394m12.334s + user 295m58.390s + sys 786m42.479s + + # with option -p and -r /dev/urandom + $ time par_signer.sh + real 78m49.323s + user 284m58.350s + sys 5m39.340s + + + $ time dnssec-zkt -z -r sec > /dev/null + real 2m5.722s + user 2m0.060s + sys 0m4.510s + + + # signing the big (820000 RR) domain only + $ time dnssec-signer -v -v -f -D sec/b/big-domain + real 196m23.165 (~ 3h 16min) + user 176m57.610 + sys 167m27.570 + + # with option -p and -r /dev/urandom + $ time dnssec-signer -v -v -f -D sec/b/big-domain + real 49m53.152 + user 173m59.520 + sys 1m40.150 + +zkt 0.63 -- 14. June 2005 + +* bug allow TTL value in keyfiles (see TTL_IN_KEYFILES_ALLOWED + in dki_readfile()). + +* misc function strchop() added to misc.c. + +zkt 0.62 -- 13. May 2005 + +* func dnssec-signer: Option -o added. + Now it works a little bit more like dnssec-signzone. + +* func strlist.c: prepstrlist and unprepstrlist functions get a + second parameter for the delimiter. + +* bug fixed some typos and inaccurate usage of symbolic constants. + Doing some housekeeping. + +zkt 0.61 -- 3. May 2005 + +* bug local config file will not be mentioned if -N switch is used. + +zkt 0.6 -- 1. May 2005 + +* doc dnssec-signer: man page added. + +* func dnssec-signer: Print out a warning message if ksk lifetime is exceeded. + +* func dnssec-signer: Remaining arguments will be interpreted as zone names + (in_strarr () added). + +* func dnssec-signer: Option -D added. + + +zkt 0.51 -- 8. April 2005 + +* func dnssec-signer: Option -N added. + +* func dnssec-signer: change of keystatus from pre-published to active + resets timestamp of key, thus age of active key counts 0. + +* bug prepstrlist: resulting string was not terminated with '\0'. + +* bug dnssec-signer: do signing if there are additional keys, or the + status of any key is changed (function check_keytimestamp). + +* func dnssec-zkt: -l <list> option added. + +* func dnssec-zkt: -p flag defaults to on in key creation mode (-C). diff --git a/contrib/zkt/LICENSE b/contrib/zkt/LICENSE new file mode 100644 index 0000000..1af01c7 --- /dev/null +++ b/contrib/zkt/LICENSE @@ -0,0 +1,30 @@ +Copyright (c) 2005 - 2008, Holger Zuleger HZnet. All rights reserved. + +This software is open source. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +Redistributions of source code must retain the above copyright notice, +this list of conditions and the following disclaimer. + +Redistributions in binary form must reproduce the above copyright notice, +this list of conditions and the following disclaimer in the documentation +and/or other materials provided with the distribution. + +Neither the name of Holger Zuleger HZnet nor the names of its contributors may +be used to endorse or promote products derived from this software without +specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. diff --git a/contrib/zkt/Makefile.in b/contrib/zkt/Makefile.in new file mode 100644 index 0000000..197fd14 --- /dev/null +++ b/contrib/zkt/Makefile.in @@ -0,0 +1,151 @@ +################################################################# +# +# @(#) Makefile for dnssec zone key tool (c) Mar 2005 hoz +# +################################################################# + +INSTALL_DIR ?= $$HOME/bin + +CC ?= @CC@ + +PROFILE = # -pg +OPTIM = # -O3 -DNDEBUG + +#CFLAGS ?= @CFLAGS@ @DEFS@ -I@top_srcdir@ +CFLAGS += -g @DEFS@ -I@top_srcdir@ +CFLAGS += -Wall #-DDBG +CFLAGS += -Wmissing-prototypes +CFLAGS += $(PROFILE) $(OPTIM) +LDFLAGS += $(PROFILE) + +PROJECT = @PACKAGE_TARNAME@ +VERSION = @PACKAGE_VERSION@ + +HEADER = dki.h misc.h domaincmp.h zconf.h config_zkt.h \ + config.h.in strlist.h zone.h zkt.h debug.h \ + ncparse.h log.h rollover.h +SRC_ALL = dki.c misc.c domaincmp.c zconf.c log.c +OBJ_ALL = $(SRC_ALL:.c=.o) + +SRC_SIG = dnssec-signer.c zone.c ncparse.c rollover.c +OBJ_SIG = $(SRC_SIG:.c=.o) +MAN_SIG = dnssec-signer.8 +PROG_SIG= dnssec-signer + +SRC_ZKT = dnssec-zkt.c strlist.c zkt.c +OBJ_ZKT = $(SRC_ZKT:.c=.o) +MAN_ZKT = dnssec-zkt.8 +PROG_ZKT= dnssec-zkt + +SRC_SER = zkt-soaserial.c +OBJ_SER = $(SRC_SER:.c=.o) +#MAN_SER = zkt-soaserial.8 +PROG_SER= zkt-soaserial + +MAN = $(MAN_ZKT) $(MAN_SIG) #$(MAN_SER) +OTHER = README README.logging TODO LICENSE CHANGELOG tags Makefile.in \ + configure examples +SAVE = $(HEADER) $(SRC_ALL) $(SRC_SIG) $(SRC_ZKT) $(SRC_SER) $(MAN) $(OTHER) +MNTSAVE = $(SAVE) configure.ac config.h.in doc + + +all: $(PROG_ZKT) $(PROG_SIG) $(PROG_SER) + +macos: ## for MAC OS +macos: + $(MAKE) CFLAGS="$(CFLAGS) -D HAS_UTYPES=0" all + +solaris: ## for solaris +solaris: + @$(MAKE) CFLAGS="$(CFLAGS) -D HAVE_GETOPT_LONG=0" all + +linux: ## for linux (default) +linux: + @$(MAKE) all + +$(PROG_SIG): $(OBJ_SIG) $(OBJ_ALL) Makefile + $(CC) $(LDFLAGS) $(OBJ_SIG) $(OBJ_ALL) -o $(PROG_SIG) + +$(PROG_ZKT): $(OBJ_ZKT) $(OBJ_ALL) Makefile + $(CC) $(LDFLAGS) $(OBJ_ZKT) $(OBJ_ALL) -o $(PROG_ZKT) + +$(PROG_SER): $(OBJ_SER) Makefile + $(CC) $(LDFLAGS) $(OBJ_SER) -o $(PROG_SER) + +install: ## install binaries in INSTALL_DIR +install: $(PROG_ZKT) $(PROG_SIG) $(PROG_SER) + cp $(PROG_ZKT) $(PROG_SIG) $(PROG_SER) $(INSTALL_DIR) + +tags: ## create tags file +tags: $(SRC_ALL) $(SRC_SIG) $(SRC_ZKT) $(SRC_SER) + ctags $(SRC_ALL) $(SRC_SIG) $(SRC_ZKT) $(SRC_SER) + +clean: ## remove objectfiles and binaries +clean: + rm -f $(OBJ_SIG) $(OBJ_ZKT) $(OBJ_SER) $(OBJ_ALL) + +dist: ## create tar file for distribution +dist: $(PROJECT)-$(VERSION).tar.gz +tar: ## create tar file for distribution +tar: $(PROJECT)-$(VERSION).tar.gz + +maintain: ## create configure script +maintain: configure + +mainttar: ## create tar file for maintenance +mainttar: $(PROJECT)-maint-$(VERSION).tar.gz + +configure: configure.ac + autoconf && autoheader + +man: $(MAN_ZKT).html $(MAN_ZKT).pdf $(MAN_SIG).html $(MAN_SIG).pdf + +$(MAN_ZKT).html: $(MAN_ZKT) + groff -Thtml -man -mhtml $(MAN_ZKT) > $(MAN_ZKT).html +$(MAN_ZKT).pdf: $(MAN_ZKT) + groff -Tps -man $(MAN_ZKT) | ps2pdf - $(MAN_ZKT).pdf +$(MAN_SIG).html: $(MAN_SIG) + groff -Thtml -man -mhtml $(MAN_SIG) > $(MAN_SIG).html +$(MAN_SIG).pdf: $(MAN_SIG) + groff -Tps -man $(MAN_SIG) | ps2pdf - $(MAN_SIG).pdf + + +$(PROJECT)-$(VERSION).tar.gz: $(SAVE) + rm -f examples/hierarchical/log/zkt-* + ( \ + distfiles=`ls -d $(SAVE) | sed 's|^|$(PROJECT)-$(VERSION)/|'` ;\ + cd .. && tar czvf $(PROJECT)-$(VERSION)/$(PROJECT)-$(VERSION).tar.gz $$distfiles ;\ + ) + +$(PROJECT)-maint-$(VERSION).tar.gz: $(MNTSAVE) + ( \ + distfiles=`ls -d $(SAVE) | sed 's|^|$(PROJECT)-$(VERSION)/|'` ;\ + cd .. && tar czvf $(PROJECT)-$(VERSION)/$(PROJECT)-maint-$(VERSION).tar.gz $$distfiles ;\ + ) + +depend: + $(CC) -MM $(SRC_SIG) $(SRC_ZKT) $(SRC_SER) $(SRC_ALL) + +help: + @grep "^.*:[ ]*##" Makefile + +## all dependicies +#:r !make depend +#gcc -MM dnssec-signer.c zone.c ncparse.c rollover.c dnssec-zkt.c strlist.c zkt.c zkt-soaserial.c dki.c misc.c domaincmp.c zconf.c log.c +dnssec-signer.o: dnssec-signer.c config_zkt.h zconf.h debug.h misc.h \ + ncparse.h zone.h dki.h rollover.h log.h +zone.o: zone.c config_zkt.h debug.h domaincmp.h misc.h zconf.h dki.h \ + zone.h +ncparse.o: ncparse.c debug.h misc.h zconf.h log.h ncparse.h +rollover.o: rollover.c config_zkt.h zconf.h debug.h misc.h zone.h dki.h \ + log.h rollover.h +dnssec-zkt.o: dnssec-zkt.c config_zkt.h debug.h misc.h zconf.h strlist.h \ + dki.h zkt.h +strlist.o: strlist.c strlist.h +zkt.o: zkt.c config_zkt.h dki.h misc.h zconf.h strlist.h zkt.h +zkt-soaserial.o: zkt-soaserial.c config_zkt.h +dki.o: dki.c config_zkt.h debug.h domaincmp.h misc.h zconf.h dki.h +misc.o: misc.c config_zkt.h zconf.h log.h debug.h misc.h +domaincmp.o: domaincmp.c domaincmp.h +zconf.o: zconf.c config_zkt.h debug.h misc.h zconf.h dki.h +log.o: log.c config_zkt.h misc.h zconf.h debug.h log.h diff --git a/contrib/zkt/README b/contrib/zkt/README new file mode 100644 index 0000000..0798932 --- /dev/null +++ b/contrib/zkt/README @@ -0,0 +1,44 @@ +# +# README dnssec zone key tool +# +# (c) March 2005 - Aug 2008 by Holger Zuleger hznet +# (c) for domaincmp Aug 2005 by Karle Boss & H. Zuleger (kaho) +# (c) for zconf.c by Jeroen Masar & Holger Zuleger +# + +For more information about the DNSSEC Zone Key Tool please +have a look at "http://www.hznet.de/dns/zkt/" + +You can also subscribe to the zkt-users@sourceforge.net mailing list +on the following website: https://lists.sourceforge.net/lists/listinfo/zkt-users + +The complete software stands under BSD licence (see LICENCE file) + +To build the software: +a) Get the current version of zkt + $ wget http://www.hznet.de/dns/zkt/zkt-0.97.tar.gz + +b) Unpack + $ tar xzvf zkt-0.97.tar.gz + +c) Change to dir + $ cd zkt-0.97 + +d) Run configure script + $ ./configure + +e) (optional) Edit config_zkt.h + +f) Compile + $ make + For MAC users: # this should not needed anymore + $ make macos + For Solaris: # this should not needed anymore + $ make solaris + +g) Install + $ make install # this will copy the binarys to $HOME/bin + +h) (optional) Install and modify the default dnssec.conf file + $ ./dnssec-zkt -c "" -Z > /var/named/dnssec.conf + $ vi /var/named/dnssec.conf diff --git a/contrib/zkt/README.logging b/contrib/zkt/README.logging new file mode 100644 index 0000000..f0f3f90 --- /dev/null +++ b/contrib/zkt/README.logging @@ -0,0 +1,99 @@ +# +# README.logging +# +# Introduction into the new logging feature +# available since v0.96 +# + +In previous version of dnssec-signer every message was written +to the default stdout and stderr channels, and the logging itself +was handled by a redirection of those chanels to the logger command +or to a file. + +Now, since version v0.96, the dnssec-signer command is able to log all +messages by itself. File and SYSLOG logging is supported. + +To enable the logging into a file channel, you have to specify +the file or directory name via the commandline option -L (--logfile) +or via the config file parameter "LogFile". + LogFile: ""|"<file>"|"<directory>" (default is "") +If a file is specified, than each run of dnssec-signer will append the +messages to tat file. If a directory is specified, than a file with a +name of zkt-<ISOdate&timeUTC>.log" will be created on each dnssec-signer run. + +Logging into the syslog channel could be enabled via the config file +parameter "SyslogFacility". + SyslogFacility: NONE|USER|DAEMON|LOCAL0|..|LOCAL7 (default is USER) + +For both channels, the log level could be independently set to one +of six log levels: + LG_FATAL, LG_ERROR, LG_WARNING + LB_NOTICE, LG_INFO, LG_DEBUG + +The loglevel is settable via the config file parameter : + SyslogLevel: FATAL|ERROR|WARNING|NOTICE|INFO|DEBUG + (default is ERROR) +and + LogLevel: FATAL|ERROR|WARNING|NOTICE|INFO|DEBUG + (default is NOTICE) + +All the log parameters are settable on the commandline via the generic +option -O "optstring" (--config-option="opt"). + +A verbose message output to stdout could be achieved by the commandline +option -v (or -v -v). +If you want to log the same messages with loglevel LG_DEBUG to a file or +to syslog, you could enable this by setting the config file option +"VerboseLog" to a value of 1 or 2. + +Current logging messages: + LG_FATAL: Not all of the fatal errors are logged + (e.g.: config file or command line option fatal errors are + not logged) + LG_ERROR: All error messages will be logged + LG_WARNING: KSK lifetime expiration + LG_NOTICE: + Start and stop of dnssec-signer + Re-signing events + Key rollover events + Zone reload resp. freeze/thaw of dynamic zone + LG_INFO: Currently none + planned: + Mesages for key generation and key status change + (e.g.: pre-publish -> activate; revoked -> removed etc.) + LG_DEBUG: all "verbose" (-v) and "very verbose" (-v -v) messages + +Some recomended and useful logging settings + +- The default setting + LogFile: "" + SyslogFacility: USER + SyslogLevel: NOTICE + VerboseLog: 0 + +- Setting as in version v0.95 + LogFile: "zkt-error.log" # or a directory for seperate logfiles + LogLevel: ERROR + SyslogFacility: NONE + VerboseLog: 0 + +- Setting as in previous versions + LogFile: "" + SyslogFacility: NONE + VerboseLog: 0 + +- Recommended setting for normal usage + LogFile: "zkt.log" # or a directory for seperate logfiles + LogLevel: ERROR + SyslogFacility: USER + SyslogLevel: NOTICE + VerboseLog: 0 + +- Recommended setting for debugging + LogFile: "zkt.log" # or a directory for seperate logfiles + LogLevel: DEBUG + SyslogFacility: USER + SyslogLevel: NOTICE + VerboseLog: 2 + +- diff --git a/contrib/zkt/TODO b/contrib/zkt/TODO new file mode 100644 index 0000000..fc53210 --- /dev/null +++ b/contrib/zkt/TODO @@ -0,0 +1,37 @@ +TODO list as of zkt-0.97 + +general: + Renaming of the tools to zkt-* ? + +dnssec-zkt: + feat option to specify the key age as remaining lifetime + (Option -i inverse age ?) As of v0.95 the key lifetime + is stored at the key itself, so this could be possibly + implemented without big effort(?). + +dnssec-signer: + bug Distribute_Cmd will not work properly on dynamic zones + + bug Automatic KSK rollover of dynamic zones will only work if the parent + uses the standard name for the signed zonefile (zonefile.db.signed). + + bug Phase3 of manual ksk rollover do not trigger a resigning of the zone + (Key removal is not recognized by dosigning () function ) + + bug There is no online checking of the key material by design. + So the signer command checks the status of the key as they + are represented in the file system and not in the zone. + The dnssec maintainer is responsible for the lifeliness of the + data in the hosted domain. + In other words: It's highly recommended to use the + option -r when you use dnssec-signer on a production zone. + Then the time of propagation is (more or less) equal to the timestamp + of the zone.db.signed file. + + bug The max_TTL and Key_TTL parameter should be set to the value found + in the zone. A mechanism for setting up a dnssec.conf file for the + zone specific TTL values is needed. + +dki: + feat Use dynamic memory for dname in dki_t + diff --git a/contrib/zkt/config.h.in b/contrib/zkt/config.h.in new file mode 100644 index 0000000..fa6ef0f --- /dev/null +++ b/contrib/zkt/config.h.in @@ -0,0 +1,217 @@ +/* config.h.in. Generated from configure.ac by autoheader. */ + +/* Path to BIND utilities */ +#undef BIND_UTIL_PATH + +/* BIND version as integer number without dots */ +#undef BIND_VERSION + +/* Define to 1 if the `closedir' function returns void instead of `int'. */ +#undef CLOSEDIR_VOID + +/* set path of config file (defaults to /var/named) */ +#undef CONFIG_PATH + +/* Define to 1 if you have the `alarm' function. */ +#undef HAVE_ALARM + +/* Define to 1 if you have the <dirent.h> header file, and it defines `DIR'. + */ +#undef HAVE_DIRENT_H + +/* Define to 1 if you don't have `vprintf' but do have `_doprnt.' */ +#undef HAVE_DOPRNT + +/* Define to 1 if you have the <fcntl.h> header file. */ +#undef HAVE_FCNTL_H + +/* Define to 1 if you have the <getopt.h> header file. */ +#undef HAVE_GETOPT_H + +/* Define to 1 if you have the `getopt_long' function. */ +#undef HAVE_GETOPT_LONG + +/* Define to 1 if you have the `gettimeofday' function. */ +#undef HAVE_GETTIMEOFDAY + +/* Define to 1 if you have the <inttypes.h> header file. */ +#undef HAVE_INTTYPES_H + +/* Define to 1 if your system has a GNU libc compatible `malloc' function, and + to 0 otherwise. */ +#undef HAVE_MALLOC + +/* Define to 1 if you have the <memory.h> header file. */ +#undef HAVE_MEMORY_H + +/* Define to 1 if you have the `memset' function. */ +#undef HAVE_MEMSET + +/* Define to 1 if you have the <ndir.h> header file, and it defines `DIR'. */ +#undef HAVE_NDIR_H + +/* Define to 1 if you have the <netdb.h> header file. */ +#undef HAVE_NETDB_H + +/* Define to 1 if you have the `setenv' function. */ +#undef HAVE_SETENV + +/* Define to 1 if you have the `socket' function. */ +#undef HAVE_SOCKET + +/* Define to 1 if `stat' has the bug that it succeeds when given the + zero-length file name argument. */ +#undef HAVE_STAT_EMPTY_STRING_BUG + +/* Define to 1 if you have the <stdint.h> header file. */ +#undef HAVE_STDINT_H + +/* Define to 1 if you have the <stdlib.h> header file. */ +#undef HAVE_STDLIB_H + +/* Define to 1 if you have the `strcasecmp' function. */ +#undef HAVE_STRCASECMP + +/* Define to 1 if you have the `strchr' function. */ +#undef HAVE_STRCHR + +/* Define to 1 if you have the `strdup' function. */ +#undef HAVE_STRDUP + +/* Define to 1 if you have the `strerror' function. */ +#undef HAVE_STRERROR + +/* Define to 1 if you have the `strftime' function. */ +#undef HAVE_STRFTIME + +/* Define to 1 if you have the <strings.h> header file. */ +#undef HAVE_STRINGS_H + +/* Define to 1 if you have the <string.h> header file. */ +#undef HAVE_STRING_H + +/* Define to 1 if you have the `strncasecmp' function. */ +#undef HAVE_STRNCASECMP + +/* Define to 1 if you have the `strrchr' function. */ +#undef HAVE_STRRCHR + +/* Define to 1 if you have the <syslog.h> header file. */ +#undef HAVE_SYSLOG_H + +/* Define to 1 if you have the <sys/dir.h> header file, and it defines `DIR'. + */ +#undef HAVE_SYS_DIR_H + +/* Define to 1 if you have the <sys/ndir.h> header file, and it defines `DIR'. + */ +#undef HAVE_SYS_NDIR_H + +/* Define to 1 if you have the <sys/socket.h> header file. */ +#undef HAVE_SYS_SOCKET_H + +/* Define to 1 if you have the <sys/stat.h> header file. */ +#undef HAVE_SYS_STAT_H + +/* Define to 1 if you have the <sys/time.h> header file. */ +#undef HAVE_SYS_TIME_H + +/* Define to 1 if you have the <sys/types.h> header file. */ +#undef HAVE_SYS_TYPES_H + +/* Define to 1 if you have the `tzset' function. */ +#undef HAVE_TZSET + +/* Define to 1 if you have the <unistd.h> header file. */ +#undef HAVE_UNISTD_H + +/* Define to 1 if you have the `utime' function. */ +#undef HAVE_UTIME + +/* Define to 1 if you have the <utime.h> header file. */ +#undef HAVE_UTIME_H + +/* Define to 1 if `utime(file, NULL)' sets file's timestamp to the present. */ +#undef HAVE_UTIME_NULL + +/* Define to 1 if you have the `vprintf' function. */ +#undef HAVE_VPRINTF + +/* log with level */ +#undef LOG_WITH_LEVEL + +/* log with progname */ +#undef LOG_WITH_PROGNAME + +/* log with timestamp */ +#undef LOG_WITH_TIMESTAMP + +/* Define to 1 if `lstat' dereferences a symlink specified with a trailing + slash. */ +#undef LSTAT_FOLLOWS_SLASHED_SYMLINK + +/* Define to the address where bug reports for this package should be sent. */ +#undef PACKAGE_BUGREPORT + +/* Define to the full name of this package. */ +#undef PACKAGE_NAME + +/* Define to the full name and version of this package. */ +#undef PACKAGE_STRING + +/* Define to the one symbol short name of this package. */ +#undef PACKAGE_TARNAME + +/* Define to the version of this package. */ +#undef PACKAGE_VERSION + +/* print age of year */ +#undef PRINT_AGE_OF_YEAR + +/* print out timezone */ +#undef PRINT_TIMEZONE + +/* Define to 1 if you have the ANSI C header files. */ +#undef STDC_HEADERS + +/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */ +#undef TIME_WITH_SYS_TIME + +/* Define to 1 if your <sys/time.h> declares `struct tm'. */ +#undef TM_IN_SYS_TIME + +/* TTL in keyfiles allowed */ +#undef TTL_IN_KEYFILE_ALLOWED + +/* Use TREE data structure for dnssec-zkt */ +#undef USE_TREE + +/* ZKT version string */ +#undef ZKT_VERSION + +/* Define to empty if `const' does not conform to ANSI C. */ +#undef const + +/* Define to `int' if <sys/types.h> doesn't define. */ +#undef gid_t + +/* Define to rpl_malloc if the replacement function should be used. */ +#undef malloc + +/* Define to `unsigned' if <sys/types.h> does not define. */ +#undef size_t + +/* Define to `unsigned char' if <sys/types.h> does not define. */ +#undef uchar + +/* Define to `int' if <sys/types.h> doesn't define. */ +#undef uid_t + +/* Define to `unsigned int' if <sys/types.h> does not define. */ +#undef uint + +/* Define to `unsigned long' if <sys/types.h> does not define. */ +#undef ulong + +/* Define to `unsigned short' if <sys/types.h> does not define. */ +#undef ushort diff --git a/contrib/zkt/config_zkt.h b/contrib/zkt/config_zkt.h new file mode 100644 index 0000000..4c04844 --- /dev/null +++ b/contrib/zkt/config_zkt.h @@ -0,0 +1,121 @@ +/***************************************************************** +** +** @(#) config_zkt.h -- config options for ZKT +** +** Copyright (c) Aug 2005, Holger Zuleger HZnet. All rights reserved. +** +** This software is open source. +** +** Redistribution and use in source and binary forms, with or without +** modification, are permitted provided that the following conditions +** are met: +** +** Redistributions of source code must retain the above copyright notice, +** this list of conditions and the following disclaimer. +** +** Redistributions in binary form must reproduce the above copyright notice, +** this list of conditions and the following disclaimer in the documentation +** and/or other materials provided with the distribution. +** +** Neither the name of Holger Zuleger HZnet nor the names of its contributors may +** be used to endorse or promote products derived from this software without +** specific prior written permission. +** +** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +** POSSIBILITY OF SUCH DAMAGE. +** +*****************************************************************/ +#ifndef CONFIG_ZKT_H +# define CONFIG_ZKT_H + +#ifndef HAS_TIMEGM +# define HAS_TIMEGM 1 +#endif + +#ifndef HAS_UTYPES +# define HAS_UTYPES 1 +#endif + +#ifndef LOG_FNAMETMPL +# define LOG_FNAMETMPL "/zkt-%04d-%02d-%02dT%02d%02d%02dZ.log" +#endif + +/* don't change anything below this */ +/* the values here are determined or settable via the ./configure script */ + +#ifndef HAVE_GETOPT_LONG +# define HAVE_GETOPT_LONG 1 +#endif + +#ifndef HAVE_STRFTIME +# define HAVE_STRFTIME 1 +#endif + +#ifndef TTL_IN_KEYFILE_ALLOWED +# define TTL_IN_KEYFILE_ALLOWED 1 +#endif + +#ifndef PRINT_TIMEZONE +# define PRINT_TIMEZONE 0 +#endif + +#ifndef PRINT_AGE_WITH_YEAR +# define PRINT_AGE_WITH_YEAR 0 +#endif + +#ifndef LOG_WITH_PROGNAME +# define LOG_WITH_PROGNAME 0 +#endif + +#ifndef LOG_WITH_TIMESTAMP +# define LOG_WITH_TIMESTAMP 1 +#endif + +#ifndef LOG_WITH_LEVEL +# define LOG_WITH_LEVEL 1 +#endif + +#ifndef CONFIG_PATH +# define CONFIG_PATH "/var/named/" +#endif + +/* tree usage is setable by configure script parameter */ +#ifndef USE_TREE +# define USE_TREE 1 +#endif + +/* BIND version and utility path will be set by ./configure script */ +#ifndef BIND_VERSION +# define BIND_VERSION 942 +#endif + +#ifndef BIND_UTIL_PATH +# define BIND_UTIL_PATH "/usr/local/sbin/" +#endif + +#ifndef ZKT_VERSION +# if defined(USE_TREE) && USE_TREE +# define ZKT_VERSION "vT0.97 (c) Feb 2005 - Aug 2008 Holger Zuleger hznet.de" +# else +# define ZKT_VERSION "v0.97 (c) Feb 2005 - Aug 2008 Holger Zuleger hznet.de" +# endif +#endif + + +#if !defined(HAS_UTYPES) || !HAS_UTYPES +typedef unsigned long ulong; +typedef unsigned int uint; +typedef unsigned short ushort; +typedef unsigned char uchar; +#endif + +#endif diff --git a/contrib/zkt/configure b/contrib/zkt/configure new file mode 100755 index 0000000..178398f --- /dev/null +++ b/contrib/zkt/configure @@ -0,0 +1,6838 @@ +#! /bin/sh +# Guess values for system-dependent variables and create Makefiles. +# Generated by GNU Autoconf 2.59 for ZKT 0.97. +# +# Report bugs to <Holger Zuleger hznet.de>. +# +# Copyright (C) 2003 Free Software Foundation, Inc. +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. +## --------------------- ## +## M4sh Initialization. ## +## --------------------- ## + +# Be Bourne compatible +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' +elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then + set -o posix +fi +DUALCASE=1; export DUALCASE # for MKS sh + +# Support unset when possible. +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + as_unset=unset +else + as_unset=false +fi + + +# Work around bugs in pre-3.0 UWIN ksh. +$as_unset ENV MAIL MAILPATH +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +for as_var in \ + LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ + LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ + LC_TELEPHONE LC_TIME +do + if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then + eval $as_var=C; export $as_var + else + $as_unset $as_var + fi +done + +# Required to use basename. +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + + +# Name of the executable. +as_me=`$as_basename "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)$' \| \ + . : '\(.\)' 2>/dev/null || +echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; } + /^X\/\(\/\/\)$/{ s//\1/; q; } + /^X\/\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + + +# PATH needs CR, and LINENO needs CR and PATH. +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + echo "#! /bin/sh" >conf$$.sh + echo "exit 0" >>conf$$.sh + chmod +x conf$$.sh + if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then + PATH_SEPARATOR=';' + else + PATH_SEPARATOR=: + fi + rm -f conf$$.sh +fi + + + as_lineno_1=$LINENO + as_lineno_2=$LINENO + as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x$as_lineno_3" = "x$as_lineno_2" || { + # Find who we are. Look in the path if we contain no path at all + # relative or not. + case $0 in + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break +done + + ;; + esac + # We did not find ourselves, most probably we were run as `sh COMMAND' + # in which case we are not to be found in the path. + if test "x$as_myself" = x; then + as_myself=$0 + fi + if test ! -f "$as_myself"; then + { echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2 + { (exit 1); exit 1; }; } + fi + case $CONFIG_SHELL in + '') + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for as_base in sh bash ksh sh5; do + case $as_dir in + /*) + if ("$as_dir/$as_base" -c ' + as_lineno_1=$LINENO + as_lineno_2=$LINENO + as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then + $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; } + $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; } + CONFIG_SHELL=$as_dir/$as_base + export CONFIG_SHELL + exec "$CONFIG_SHELL" "$0" ${1+"$@"} + fi;; + esac + done +done +;; + esac + + # Create $as_me.lineno as a copy of $as_myself, but with $LINENO + # uniformly replaced by the line number. The first 'sed' inserts a + # line-number line before each line; the second 'sed' does the real + # work. The second script uses 'N' to pair each line-number line + # with the numbered line, and appends trailing '-' during + # substitution so that $LINENO is not a special case at line end. + # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the + # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-) + sed '=' <$as_myself | + sed ' + N + s,$,-, + : loop + s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3, + t loop + s,-$,, + s,^['$as_cr_digits']*\n,, + ' >$as_me.lineno && + chmod +x $as_me.lineno || + { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2 + { (exit 1); exit 1; }; } + + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensible to this). + . ./$as_me.lineno + # Exit status is that of the last command. + exit +} + + +case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in + *c*,-n*) ECHO_N= ECHO_C=' +' ECHO_T=' ' ;; + *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;; + *) ECHO_N= ECHO_C='\c' ECHO_T= ;; +esac + +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +rm -f conf$$ conf$$.exe conf$$.file +echo >conf$$.file +if ln -s conf$$.file conf$$ 2>/dev/null; then + # We could just check for DJGPP; but this test a) works b) is more generic + # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04). + if test -f conf$$.exe; then + # Don't use ln at all; we don't have any links + as_ln_s='cp -p' + else + as_ln_s='ln -s' + fi +elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln +else + as_ln_s='cp -p' +fi +rm -f conf$$ conf$$.exe conf$$.file + +if mkdir -p . 2>/dev/null; then + as_mkdir_p=: +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +as_executable_p="test -f" + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +# IFS +# We need space, tab and new line, in precisely that order. +as_nl=' +' +IFS=" $as_nl" + +# CDPATH. +$as_unset CDPATH + + +# Name of the host. +# hostname on some systems (SVR3.2, Linux) returns a bogus exit status, +# so uname gets run too. +ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` + +exec 6>&1 + +# +# Initializations. +# +ac_default_prefix=/usr/local +ac_config_libobj_dir=. +cross_compiling=no +subdirs= +MFLAGS= +MAKEFLAGS= +SHELL=${CONFIG_SHELL-/bin/sh} + +# Maximum number of lines to put in a shell here document. +# This variable seems obsolete. It should probably be removed, and +# only ac_max_sed_lines should be used. +: ${ac_max_here_lines=38} + +# Identity of this package. +PACKAGE_NAME='ZKT' +PACKAGE_TARNAME='zkt' +PACKAGE_VERSION='0.97' +PACKAGE_STRING='ZKT 0.97' +PACKAGE_BUGREPORT='Holger Zuleger hznet.de' + +ac_unique_file="dnssec-zkt.c" +# Factoring default headers for most tests. +ac_includes_default="\ +#include <stdio.h> +#if HAVE_SYS_TYPES_H +# include <sys/types.h> +#endif +#if HAVE_SYS_STAT_H +# include <sys/stat.h> +#endif +#if STDC_HEADERS +# include <stdlib.h> +# include <stddef.h> +#else +# if HAVE_STDLIB_H +# include <stdlib.h> +# endif +#endif +#if HAVE_STRING_H +# if !STDC_HEADERS && HAVE_MEMORY_H +# include <memory.h> +# endif +# include <string.h> +#endif +#if HAVE_STRINGS_H +# include <strings.h> +#endif +#if HAVE_INTTYPES_H +# include <inttypes.h> +#else +# if HAVE_STDINT_H +# include <stdint.h> +# endif +#endif +#if HAVE_UNISTD_H +# include <unistd.h> +#endif" + +ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT SIGNZONE_PROG CPP EGREP LIBOBJS LTLIBOBJS' +ac_subst_files='' + +# Initialize some variables set by options. +ac_init_help= +ac_init_version=false +# The variables have the same names as the options, with +# dashes changed to underlines. +cache_file=/dev/null +exec_prefix=NONE +no_create= +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +verbose= +x_includes=NONE +x_libraries=NONE + +# Installation directory options. +# These are left unexpanded so users can "make install exec_prefix=/foo" +# and all the variables that are supposed to be based on exec_prefix +# by default will actually change. +# Use braces instead of parens because sh, perl, etc. also accept them. +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datadir='${prefix}/share' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +libdir='${exec_prefix}/lib' +includedir='${prefix}/include' +oldincludedir='/usr/include' +infodir='${prefix}/info' +mandir='${prefix}/man' + +ac_prev= +for ac_option +do + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval "$ac_prev=\$ac_option" + ac_prev= + continue + fi + + ac_optarg=`expr "x$ac_option" : 'x[^=]*=\(.*\)'` + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case $ac_option in + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir=$ac_optarg ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build_alias ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build_alias=$ac_optarg ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file=$ac_optarg ;; + + --config-cache | -C) + cache_file=config.cache ;; + + -datadir | --datadir | --datadi | --datad | --data | --dat | --da) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \ + | --da=*) + datadir=$ac_optarg ;; + + -disable-* | --disable-*) + ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid feature name: $ac_feature" >&2 + { (exit 1); exit 1; }; } + ac_feature=`echo $ac_feature | sed 's/-/_/g'` + eval "enable_$ac_feature=no" ;; + + -enable-* | --enable-*) + ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid feature name: $ac_feature" >&2 + { (exit 1); exit 1; }; } + ac_feature=`echo $ac_feature | sed 's/-/_/g'` + case $ac_option in + *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;; + *) ac_optarg=yes ;; + esac + eval "enable_$ac_feature='$ac_optarg'" ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix=$ac_optarg ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he | -h) + ac_init_help=long ;; + -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) + ac_init_help=recursive ;; + -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) + ac_init_help=short ;; + + -host | --host | --hos | --ho) + ac_prev=host_alias ;; + -host=* | --host=* | --hos=* | --ho=*) + host_alias=$ac_optarg ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir=$ac_optarg ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir=$ac_optarg ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir=$ac_optarg ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir=$ac_optarg ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst \ + | --locals | --local | --loca | --loc | --lo) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* \ + | --locals=* | --local=* | --loca=* | --loc=* | --lo=*) + localstatedir=$ac_optarg ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir=$ac_optarg ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c | -n) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir=$ac_optarg ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix=$ac_optarg ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix=$ac_optarg ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix=$ac_optarg ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name=$ac_optarg ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir=$ac_optarg ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir=$ac_optarg ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site=$ac_optarg ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir=$ac_optarg ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir=$ac_optarg ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target_alias ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target_alias=$ac_optarg ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers | -V) + ac_init_version=: ;; + + -with-* | --with-*) + ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid package name: $ac_package" >&2 + { (exit 1); exit 1; }; } + ac_package=`echo $ac_package| sed 's/-/_/g'` + case $ac_option in + *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;; + *) ac_optarg=yes ;; + esac + eval "with_$ac_package='$ac_optarg'" ;; + + -without-* | --without-*) + ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid package name: $ac_package" >&2 + { (exit 1); exit 1; }; } + ac_package=`echo $ac_package | sed 's/-/_/g'` + eval "with_$ac_package=no" ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes=$ac_optarg ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries=$ac_optarg ;; + + -*) { echo "$as_me: error: unrecognized option: $ac_option +Try \`$0 --help' for more information." >&2 + { (exit 1); exit 1; }; } + ;; + + *=*) + ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` + # Reject names that are not valid shell variable names. + expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid variable name: $ac_envvar" >&2 + { (exit 1); exit 1; }; } + ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` + eval "$ac_envvar='$ac_optarg'" + export $ac_envvar ;; + + *) + # FIXME: should be removed in autoconf 3.0. + echo "$as_me: WARNING: you should use --build, --host, --target" >&2 + expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && + echo "$as_me: WARNING: invalid host type: $ac_option" >&2 + : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option} + ;; + + esac +done + +if test -n "$ac_prev"; then + ac_option=--`echo $ac_prev | sed 's/_/-/g'` + { echo "$as_me: error: missing argument to $ac_option" >&2 + { (exit 1); exit 1; }; } +fi + +# Be sure to have absolute paths. +for ac_var in exec_prefix prefix +do + eval ac_val=$`echo $ac_var` + case $ac_val in + [\\/$]* | ?:[\\/]* | NONE | '' ) ;; + *) { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2 + { (exit 1); exit 1; }; };; + esac +done + +# Be sure to have absolute paths. +for ac_var in bindir sbindir libexecdir datadir sysconfdir sharedstatedir \ + localstatedir libdir includedir oldincludedir infodir mandir +do + eval ac_val=$`echo $ac_var` + case $ac_val in + [\\/$]* | ?:[\\/]* ) ;; + *) { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2 + { (exit 1); exit 1; }; };; + esac +done + +# There might be people who depend on the old broken behavior: `$host' +# used to hold the argument of --host etc. +# FIXME: To remove some day. +build=$build_alias +host=$host_alias +target=$target_alias + +# FIXME: To remove some day. +if test "x$host_alias" != x; then + if test "x$build_alias" = x; then + cross_compiling=maybe + echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host. + If a cross compiler is detected then cross compile mode will be used." >&2 + elif test "x$build_alias" != "x$host_alias"; then + cross_compiling=yes + fi +fi + +ac_tool_prefix= +test -n "$host_alias" && ac_tool_prefix=$host_alias- + +test "$silent" = yes && exec 6>/dev/null + + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then its parent. + ac_confdir=`(dirname "$0") 2>/dev/null || +$as_expr X"$0" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$0" : 'X\(//\)[^/]' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$0" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + srcdir=$ac_confdir + if test ! -r $srcdir/$ac_unique_file; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r $srcdir/$ac_unique_file; then + if test "$ac_srcdir_defaulted" = yes; then + { echo "$as_me: error: cannot find sources ($ac_unique_file) in $ac_confdir or .." >&2 + { (exit 1); exit 1; }; } + else + { echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2 + { (exit 1); exit 1; }; } + fi +fi +(cd $srcdir && test -r ./$ac_unique_file) 2>/dev/null || + { echo "$as_me: error: sources are in $srcdir, but \`cd $srcdir' does not work" >&2 + { (exit 1); exit 1; }; } +srcdir=`echo "$srcdir" | sed 's%\([^\\/]\)[\\/]*$%\1%'` +ac_env_build_alias_set=${build_alias+set} +ac_env_build_alias_value=$build_alias +ac_cv_env_build_alias_set=${build_alias+set} +ac_cv_env_build_alias_value=$build_alias +ac_env_host_alias_set=${host_alias+set} +ac_env_host_alias_value=$host_alias +ac_cv_env_host_alias_set=${host_alias+set} +ac_cv_env_host_alias_value=$host_alias +ac_env_target_alias_set=${target_alias+set} +ac_env_target_alias_value=$target_alias +ac_cv_env_target_alias_set=${target_alias+set} +ac_cv_env_target_alias_value=$target_alias +ac_env_CC_set=${CC+set} +ac_env_CC_value=$CC +ac_cv_env_CC_set=${CC+set} +ac_cv_env_CC_value=$CC +ac_env_CFLAGS_set=${CFLAGS+set} +ac_env_CFLAGS_value=$CFLAGS +ac_cv_env_CFLAGS_set=${CFLAGS+set} +ac_cv_env_CFLAGS_value=$CFLAGS +ac_env_LDFLAGS_set=${LDFLAGS+set} +ac_env_LDFLAGS_value=$LDFLAGS +ac_cv_env_LDFLAGS_set=${LDFLAGS+set} +ac_cv_env_LDFLAGS_value=$LDFLAGS +ac_env_CPPFLAGS_set=${CPPFLAGS+set} +ac_env_CPPFLAGS_value=$CPPFLAGS +ac_cv_env_CPPFLAGS_set=${CPPFLAGS+set} +ac_cv_env_CPPFLAGS_value=$CPPFLAGS +ac_env_CPP_set=${CPP+set} +ac_env_CPP_value=$CPP +ac_cv_env_CPP_set=${CPP+set} +ac_cv_env_CPP_value=$CPP + +# +# Report the --help message. +# +if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +\`configure' configures ZKT 0.97 to adapt to many kinds of systems. + +Usage: $0 [OPTION]... [VAR=VALUE]... + +To assign environment variables (e.g., CC, CFLAGS...), specify them as +VAR=VALUE. See below for descriptions of some of the useful variables. + +Defaults for the options are specified in brackets. + +Configuration: + -h, --help display this help and exit + --help=short display options specific to this package + --help=recursive display the short help of all the included packages + -V, --version display version information and exit + -q, --quiet, --silent do not print \`checking...' messages + --cache-file=FILE cache test results in FILE [disabled] + -C, --config-cache alias for \`--cache-file=config.cache' + -n, --no-create do not create output files + --srcdir=DIR find the sources in DIR [configure dir or \`..'] + +_ACEOF + + cat <<_ACEOF +Installation directories: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [PREFIX] + +By default, \`make install' will install all the files in +\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify +an installation prefix other than \`$ac_default_prefix' using \`--prefix', +for instance \`--prefix=\$HOME'. + +For better control, use the options below. + +Fine tuning of the installation directories: + --bindir=DIR user executables [EPREFIX/bin] + --sbindir=DIR system admin executables [EPREFIX/sbin] + --libexecdir=DIR program executables [EPREFIX/libexec] + --datadir=DIR read-only architecture-independent data [PREFIX/share] + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --libdir=DIR object code libraries [EPREFIX/lib] + --includedir=DIR C header files [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc [/usr/include] + --infodir=DIR info documentation [PREFIX/info] + --mandir=DIR man documentation [PREFIX/man] +_ACEOF + + cat <<\_ACEOF +_ACEOF +fi + +if test -n "$ac_init_help"; then + case $ac_init_help in + short | recursive ) echo "Configuration of ZKT 0.97:";; + esac + cat <<\_ACEOF + +Optional Features: + --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) + --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --enable-print-timezone print out timezone + --enable-print-age print age of year + --enable-log-progname log with progname + --disable-log-timestamp do not log with timestamp + --disable-log-level do not log with level + --disable-ttl-in-keyfiles + do not allow TTL values in keyfiles + --enable-configpath=PATH + set path of config file (defaults to /var/named) + --disable-tree use single linked list instead of binary tree data + structure for dnssec-zkt + +Some influential environment variables: + CC C compiler command + CFLAGS C compiler flags + LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a + nonstandard directory <lib dir> + CPPFLAGS C/C++ preprocessor flags, e.g. -I<include dir> if you have + headers in a nonstandard directory <include dir> + CPP C preprocessor + +Use these variables to override the choices made by `configure' or to help +it to find libraries and programs with nonstandard names/locations. + +Report bugs to <Holger Zuleger hznet.de>. +_ACEOF +fi + +if test "$ac_init_help" = "recursive"; then + # If there are subdirs, report their specific --help. + ac_popdir=`pwd` + for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue + test -d $ac_dir || continue + ac_builddir=. + +if test "$ac_dir" != .; then + ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` + # A "../" for each directory in $ac_dir_suffix. + ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'` +else + ac_dir_suffix= ac_top_builddir= +fi + +case $srcdir in + .) # No --srcdir option. We are building in place. + ac_srcdir=. + if test -z "$ac_top_builddir"; then + ac_top_srcdir=. + else + ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'` + fi ;; + [\\/]* | ?:[\\/]* ) # Absolute path. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir ;; + *) # Relative path. + ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_builddir$srcdir ;; +esac + +# Do not use `cd foo && pwd` to compute absolute paths, because +# the directories may not exist. +case `pwd` in +.) ac_abs_builddir="$ac_dir";; +*) + case "$ac_dir" in + .) ac_abs_builddir=`pwd`;; + [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";; + *) ac_abs_builddir=`pwd`/"$ac_dir";; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_builddir=${ac_top_builddir}.;; +*) + case ${ac_top_builddir}. in + .) ac_abs_top_builddir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;; + *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_srcdir=$ac_srcdir;; +*) + case $ac_srcdir in + .) ac_abs_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;; + *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_srcdir=$ac_top_srcdir;; +*) + case $ac_top_srcdir in + .) ac_abs_top_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;; + *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;; + esac;; +esac + + cd $ac_dir + # Check for guested configure; otherwise get Cygnus style configure. + if test -f $ac_srcdir/configure.gnu; then + echo + $SHELL $ac_srcdir/configure.gnu --help=recursive + elif test -f $ac_srcdir/configure; then + echo + $SHELL $ac_srcdir/configure --help=recursive + elif test -f $ac_srcdir/configure.ac || + test -f $ac_srcdir/configure.in; then + echo + $ac_configure --help + else + echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 + fi + cd $ac_popdir + done +fi + +test -n "$ac_init_help" && exit 0 +if $ac_init_version; then + cat <<\_ACEOF +ZKT configure 0.97 +generated by GNU Autoconf 2.59 + +Copyright (C) 2003 Free Software Foundation, Inc. +This configure script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it. +_ACEOF + exit 0 +fi +exec 5>config.log +cat >&5 <<_ACEOF +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. + +It was created by ZKT $as_me 0.97, which was +generated by GNU Autoconf 2.59. Invocation command line was + + $ $0 $@ + +_ACEOF +{ +cat <<_ASUNAME +## --------- ## +## Platform. ## +## --------- ## + +hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` + +/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` +hostinfo = `(hostinfo) 2>/dev/null || echo unknown` +/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` +/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` + +_ASUNAME + +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + echo "PATH: $as_dir" +done + +} >&5 + +cat >&5 <<_ACEOF + + +## ----------- ## +## Core tests. ## +## ----------- ## + +_ACEOF + + +# Keep a trace of the command line. +# Strip out --no-create and --no-recursion so they do not pile up. +# Strip out --silent because we don't want to record it for future runs. +# Also quote any args containing shell meta-characters. +# Make two passes to allow for proper duplicate-argument suppression. +ac_configure_args= +ac_configure_args0= +ac_configure_args1= +ac_sep= +ac_must_keep_next=false +for ac_pass in 1 2 +do + for ac_arg + do + case $ac_arg in + -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + continue ;; + *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*) + ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + case $ac_pass in + 1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;; + 2) + ac_configure_args1="$ac_configure_args1 '$ac_arg'" + if test $ac_must_keep_next = true; then + ac_must_keep_next=false # Got value, back to normal. + else + case $ac_arg in + *=* | --config-cache | -C | -disable-* | --disable-* \ + | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ + | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ + | -with-* | --with-* | -without-* | --without-* | --x) + case "$ac_configure_args0 " in + "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; + esac + ;; + -* ) ac_must_keep_next=true ;; + esac + fi + ac_configure_args="$ac_configure_args$ac_sep'$ac_arg'" + # Get rid of the leading space. + ac_sep=" " + ;; + esac + done +done +$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; } +$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; } + +# When interrupted or exit'd, cleanup temporary files, and complete +# config.log. We remove comments because anyway the quotes in there +# would cause problems or look ugly. +# WARNING: Be sure not to use single quotes in there, as some shells, +# such as our DU 5.0 friend, will then `close' the trap. +trap 'exit_status=$? + # Save into config.log some information that might help in debugging. + { + echo + + cat <<\_ASBOX +## ---------------- ## +## Cache variables. ## +## ---------------- ## +_ASBOX + echo + # The following way of writing the cache mishandles newlines in values, +{ + (set) 2>&1 | + case `(ac_space='"'"' '"'"'; set | grep ac_space) 2>&1` in + *ac_space=\ *) + sed -n \ + "s/'"'"'/'"'"'\\\\'"'"''"'"'/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='"'"'\\2'"'"'/p" + ;; + *) + sed -n \ + "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p" + ;; + esac; +} + echo + + cat <<\_ASBOX +## ----------------- ## +## Output variables. ## +## ----------------- ## +_ASBOX + echo + for ac_var in $ac_subst_vars + do + eval ac_val=$`echo $ac_var` + echo "$ac_var='"'"'$ac_val'"'"'" + done | sort + echo + + if test -n "$ac_subst_files"; then + cat <<\_ASBOX +## ------------- ## +## Output files. ## +## ------------- ## +_ASBOX + echo + for ac_var in $ac_subst_files + do + eval ac_val=$`echo $ac_var` + echo "$ac_var='"'"'$ac_val'"'"'" + done | sort + echo + fi + + if test -s confdefs.h; then + cat <<\_ASBOX +## ----------- ## +## confdefs.h. ## +## ----------- ## +_ASBOX + echo + sed "/^$/d" confdefs.h | sort + echo + fi + test "$ac_signal" != 0 && + echo "$as_me: caught signal $ac_signal" + echo "$as_me: exit $exit_status" + } >&5 + rm -f core *.core && + rm -rf conftest* confdefs* conf$$* $ac_clean_files && + exit $exit_status + ' 0 +for ac_signal in 1 2 13 15; do + trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal +done +ac_signal=0 + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -rf conftest* confdefs.h +# AIX cpp loses on an empty file, so make sure it contains at least a newline. +echo >confdefs.h + +# Predefined preprocessor variables. + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_NAME "$PACKAGE_NAME" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_TARNAME "$PACKAGE_TARNAME" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_VERSION "$PACKAGE_VERSION" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_STRING "$PACKAGE_STRING" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" +_ACEOF + + +# Let the site file select an alternate cache file if it wants to. +# Prefer explicitly selected file to automatically selected ones. +if test -z "$CONFIG_SITE"; then + if test "x$prefix" != xNONE; then + CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site" + else + CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" + fi +fi +for ac_site_file in $CONFIG_SITE; do + if test -r "$ac_site_file"; then + { echo "$as_me:$LINENO: loading site script $ac_site_file" >&5 +echo "$as_me: loading site script $ac_site_file" >&6;} + sed 's/^/| /' "$ac_site_file" >&5 + . "$ac_site_file" + fi +done + +if test -r "$cache_file"; then + # Some versions of bash will fail to source /dev/null (special + # files actually), so we avoid doing that. + if test -f "$cache_file"; then + { echo "$as_me:$LINENO: loading cache $cache_file" >&5 +echo "$as_me: loading cache $cache_file" >&6;} + case $cache_file in + [\\/]* | ?:[\\/]* ) . $cache_file;; + *) . ./$cache_file;; + esac + fi +else + { echo "$as_me:$LINENO: creating cache $cache_file" >&5 +echo "$as_me: creating cache $cache_file" >&6;} + >$cache_file +fi + +# Check that the precious variables saved in the cache have kept the same +# value. +ac_cache_corrupted=false +for ac_var in `(set) 2>&1 | + sed -n 's/^ac_env_\([a-zA-Z_0-9]*\)_set=.*/\1/p'`; do + eval ac_old_set=\$ac_cv_env_${ac_var}_set + eval ac_new_set=\$ac_env_${ac_var}_set + eval ac_old_val="\$ac_cv_env_${ac_var}_value" + eval ac_new_val="\$ac_env_${ac_var}_value" + case $ac_old_set,$ac_new_set in + set,) + { echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,set) + { echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5 +echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,);; + *) + if test "x$ac_old_val" != "x$ac_new_val"; then + { echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5 +echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + { echo "$as_me:$LINENO: former value: $ac_old_val" >&5 +echo "$as_me: former value: $ac_old_val" >&2;} + { echo "$as_me:$LINENO: current value: $ac_new_val" >&5 +echo "$as_me: current value: $ac_new_val" >&2;} + ac_cache_corrupted=: + fi;; + esac + # Pass precious variables to config.status. + if test "$ac_new_set" = set; then + case $ac_new_val in + *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*) + ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; + *) ac_arg=$ac_var=$ac_new_val ;; + esac + case " $ac_configure_args " in + *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. + *) ac_configure_args="$ac_configure_args '$ac_arg'" ;; + esac + fi +done +if $ac_cache_corrupted; then + { echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5 +echo "$as_me: error: changes in the environment can compromise the build" >&2;} + { { echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5 +echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;} + { (exit 1); exit 1; }; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + + + + + + + + + + + + + + + + + + + + + + + + + + +### Files to test to check if src dir contains the package + + ac_config_headers="$ac_config_headers config.h" + + + +### Checks for programs. +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="gcc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + CC=$ac_ct_CC +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="cc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + CC=$ac_ct_CC +else + CC="$ac_cv_prog_CC" +fi + +fi +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_prog_rejected=no +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + fi +fi +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="$ac_prog" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + test -n "$ac_ct_CC" && break +done + + CC=$ac_ct_CC +fi + +fi + + +test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH +See \`config.log' for more details." >&5 +echo "$as_me: error: no acceptable C compiler found in \$PATH +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } + +# Provide some information about the compiler. +echo "$as_me:$LINENO:" \ + "checking for C compiler version" >&5 +ac_compiler=`set X $ac_compile; echo $2` +{ (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5 + (eval $ac_compiler --version </dev/null >&5) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (eval echo "$as_me:$LINENO: \"$ac_compiler -v </dev/null >&5\"") >&5 + (eval $ac_compiler -v </dev/null >&5) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (eval echo "$as_me:$LINENO: \"$ac_compiler -V </dev/null >&5\"") >&5 + (eval $ac_compiler -V </dev/null >&5) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } + +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files a.out a.exe b.out" +# Try to create an executable without -o first, disregard a.out. +# It will help us diagnose broken compilers, and finding out an intuition +# of exeext. +echo "$as_me:$LINENO: checking for C compiler default output file name" >&5 +echo $ECHO_N "checking for C compiler default output file name... $ECHO_C" >&6 +ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` +if { (eval echo "$as_me:$LINENO: \"$ac_link_default\"") >&5 + (eval $ac_link_default) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + # Find the output, starting from the most likely. This scheme is +# not robust to junk in `.', hence go to wildcards (a.*) only as a last +# resort. + +# Be careful to initialize this variable, since it used to be cached. +# Otherwise an old cache value of `no' led to `EXEEXT = no' in a Makefile. +ac_cv_exeext= +# b.out is created by i960 compilers. +for ac_file in a_out.exe a.exe conftest.exe a.out conftest a.* conftest.* b.out +do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.o | *.obj ) + ;; + conftest.$ac_ext ) + # This is the source file. + ;; + [ab].out ) + # We found the default executable, but exeext='' is most + # certainly right. + break;; + *.* ) + ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + # FIXME: I believe we export ac_cv_exeext for Libtool, + # but it would be cool to find out if it's true. Does anybody + # maintain Libtool? --akim. + export ac_cv_exeext + break;; + * ) + break;; + esac +done +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { echo "$as_me:$LINENO: error: C compiler cannot create executables +See \`config.log' for more details." >&5 +echo "$as_me: error: C compiler cannot create executables +See \`config.log' for more details." >&2;} + { (exit 77); exit 77; }; } +fi + +ac_exeext=$ac_cv_exeext +echo "$as_me:$LINENO: result: $ac_file" >&5 +echo "${ECHO_T}$ac_file" >&6 + +# Check the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +echo "$as_me:$LINENO: checking whether the C compiler works" >&5 +echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6 +# FIXME: These cross compiler hacks should be removed for Autoconf 3.0 +# If not cross compiling, check that we can run a simple program. +if test "$cross_compiling" != yes; then + if { ac_try='./$ac_file' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + cross_compiling=no + else + if test "$cross_compiling" = maybe; then + cross_compiling=yes + else + { { echo "$as_me:$LINENO: error: cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } + fi + fi +fi +echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + +rm -f a.out a.exe conftest$ac_cv_exeext b.out +ac_clean_files=$ac_clean_files_save +# Check the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +echo "$as_me:$LINENO: checking whether we are cross compiling" >&5 +echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6 +echo "$as_me:$LINENO: result: $cross_compiling" >&5 +echo "${ECHO_T}$cross_compiling" >&6 + +echo "$as_me:$LINENO: checking for suffix of executables" >&5 +echo $ECHO_N "checking for suffix of executables... $ECHO_C" >&6 +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + # If both `conftest.exe' and `conftest' are `present' (well, observable) +# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will +# work properly (i.e., refer to `conftest.exe'), while it won't with +# `rm'. +for ac_file in conftest.exe conftest conftest.*; do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.o | *.obj ) ;; + *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + export ac_cv_exeext + break;; + * ) break;; + esac +done +else + { { echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +fi + +rm -f conftest$ac_cv_exeext +echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5 +echo "${ECHO_T}$ac_cv_exeext" >&6 + +rm -f conftest.$ac_ext +EXEEXT=$ac_cv_exeext +ac_exeext=$EXEEXT +echo "$as_me:$LINENO: checking for suffix of object files" >&5 +echo $ECHO_N "checking for suffix of object files... $ECHO_C" >&6 +if test "${ac_cv_objext+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.o conftest.obj +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + for ac_file in `(ls conftest.o conftest.obj; ls conftest.*) 2>/dev/null`; do + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg ) ;; + *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` + break;; + esac +done +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot compute suffix of object files: cannot compile +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +fi + +rm -f conftest.$ac_cv_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_objext" >&5 +echo "${ECHO_T}$ac_cv_objext" >&6 +OBJEXT=$ac_cv_objext +ac_objext=$OBJEXT +echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5 +echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6 +if test "${ac_cv_c_compiler_gnu+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_compiler_gnu=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_compiler_gnu=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5 +echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6 +GCC=`test $ac_compiler_gnu = yes && echo yes` +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +CFLAGS="-g" +echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5 +echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6 +if test "${ac_cv_prog_cc_g+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_prog_cc_g=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_prog_cc_g=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5 +echo "${ECHO_T}$ac_cv_prog_cc_g" >&6 +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5 +echo $ECHO_N "checking for $CC option to accept ANSI C... $ECHO_C" >&6 +if test "${ac_cv_prog_cc_stdc+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_cv_prog_cc_stdc=no +ac_save_CC=$CC +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <stdarg.h> +#include <stdio.h> +#include <sys/types.h> +#include <sys/stat.h> +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std1 is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std1. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +# Don't try gcc -ansi; that turns off useful extensions and +# breaks some systems' header files. +# AIX -qlanglvl=ansi +# Ultrix and OSF/1 -std1 +# HP-UX 10.20 and later -Ae +# HP-UX older versions -Aa -D_HPUX_SOURCE +# SVR4 -Xc -D__EXTENSIONS__ +for ac_arg in "" -qlanglvl=ansi -std1 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_prog_cc_stdc=$ac_arg +break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext +done +rm -f conftest.$ac_ext conftest.$ac_objext +CC=$ac_save_CC + +fi + +case "x$ac_cv_prog_cc_stdc" in + x|xno) + echo "$as_me:$LINENO: result: none needed" >&5 +echo "${ECHO_T}none needed" >&6 ;; + *) + echo "$as_me:$LINENO: result: $ac_cv_prog_cc_stdc" >&5 +echo "${ECHO_T}$ac_cv_prog_cc_stdc" >&6 + CC="$CC $ac_cv_prog_cc_stdc" ;; +esac + +# Some people use a C++ compiler to compile C. Since we use `exit', +# in C++ we need to declare it. In case someone uses the same compiler +# for both compiling C and C++ we need to have the C++ compiler decide +# the declaration of exit, since it's the most demanding environment. +cat >conftest.$ac_ext <<_ACEOF +#ifndef __cplusplus + choke me +#endif +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + for ac_declaration in \ + '' \ + 'extern "C" void std::exit (int) throw (); using std::exit;' \ + 'extern "C" void std::exit (int); using std::exit;' \ + 'extern "C" void exit (int) throw ();' \ + 'extern "C" void exit (int);' \ + 'void exit (int);' +do + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_declaration +#include <stdlib.h> +int +main () +{ +exit (42); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + : +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +continue +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_declaration +int +main () +{ +exit (42); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +done +rm -f conftest* +if test -n "$ac_declaration"; then + echo '#ifdef __cplusplus' >>confdefs.h + echo $ac_declaration >>confdefs.h + echo '#endif' >>confdefs.h +fi + +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +### find out the path to BIND utils and version +# Extract the first word of "dnssec-signzone", so it can be a program name with args. +set dummy dnssec-signzone; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_path_SIGNZONE_PROG+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + case $SIGNZONE_PROG in + [\\/]* | ?:[\\/]*) + ac_cv_path_SIGNZONE_PROG="$SIGNZONE_PROG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_SIGNZONE_PROG="$as_dir/$ac_word$ac_exec_ext" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + + ;; +esac +fi +SIGNZONE_PROG=$ac_cv_path_SIGNZONE_PROG + +if test -n "$SIGNZONE_PROG"; then + echo "$as_me:$LINENO: result: $SIGNZONE_PROG" >&5 +echo "${ECHO_T}$SIGNZONE_PROG" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +bind_util_path=`dirname $SIGNZONE_PROG` +if test -z "$SIGNZONE_PROG" ; then + { { echo "$as_me:$LINENO: error: *** 'BIND dnssec-signzone dnssec-keygen' missing, please install or fix your \$PATH ***" >&5 +echo "$as_me: error: *** 'BIND dnssec-signzone dnssec-keygen' missing, please install or fix your \$PATH ***" >&2;} + { (exit 1); exit 1; }; } + fi + +# define BIND_UTIL_PATH in config.h.in + +cat >>confdefs.h <<_ACEOF +#define BIND_UTIL_PATH "$bind_util_path/" +_ACEOF + +# define BIND_VERSION in config.h.in +bind_version=`$SIGNZONE_PROG 2>&1 | grep Version: | tr -dc 0-9` + +cat >>confdefs.h <<_ACEOF +#define BIND_VERSION $bind_version +_ACEOF + + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5 +echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6 +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then + if test "${ac_cv_prog_CPP+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + # Double quotes because CPP needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + do + ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since + # <limits.h> exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#ifdef __STDC__ +# include <limits.h> +#else +# include <assert.h> +#endif + Syntax error +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + : +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.$ac_ext + + # OK, works on sane cases. Now check whether non-existent headers + # can be detected and how. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <ac_nonexistent.h> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + # Broken: success on invalid input. +continue +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.err conftest.$ac_ext +if $ac_preproc_ok; then + break +fi + + done + ac_cv_prog_CPP=$CPP + +fi + CPP=$ac_cv_prog_CPP +else + ac_cv_prog_CPP=$CPP +fi +echo "$as_me:$LINENO: result: $CPP" >&5 +echo "${ECHO_T}$CPP" >&6 +ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since + # <limits.h> exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#ifdef __STDC__ +# include <limits.h> +#else +# include <assert.h> +#endif + Syntax error +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + : +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.$ac_ext + + # OK, works on sane cases. Now check whether non-existent headers + # can be detected and how. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <ac_nonexistent.h> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + # Broken: success on invalid input. +continue +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.err conftest.$ac_ext +if $ac_preproc_ok; then + : +else + { { echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details." >&5 +echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +echo "$as_me:$LINENO: checking for egrep" >&5 +echo $ECHO_N "checking for egrep... $ECHO_C" >&6 +if test "${ac_cv_prog_egrep+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if echo a | (grep -E '(a|b)') >/dev/null 2>&1 + then ac_cv_prog_egrep='grep -E' + else ac_cv_prog_egrep='egrep' + fi +fi +echo "$as_me:$LINENO: result: $ac_cv_prog_egrep" >&5 +echo "${ECHO_T}$ac_cv_prog_egrep" >&6 + EGREP=$ac_cv_prog_egrep + + +echo "$as_me:$LINENO: checking for ANSI C header files" >&5 +echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6 +if test "${ac_cv_header_stdc+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <stdlib.h> +#include <stdarg.h> +#include <string.h> +#include <float.h> + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_header_stdc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_header_stdc=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <string.h> + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then + : +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <stdlib.h> + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then + : +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then + : +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <ctype.h> +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) \ + (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif + +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () +{ + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + exit(2); + exit (0); +} +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + : +else + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +( exit $ac_status ) +ac_cv_header_stdc=no +fi +rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi +fi +fi +echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5 +echo "${ECHO_T}$ac_cv_header_stdc" >&6 +if test $ac_cv_header_stdc = yes; then + +cat >>confdefs.h <<\_ACEOF +#define STDC_HEADERS 1 +_ACEOF + +fi + +# On IRIX 5.3, sys/types and inttypes.h are conflicting. + + + + + + + + + +for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ + inttypes.h stdint.h unistd.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default + +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_Header=yes" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +eval "$as_ac_Header=no" +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + +echo "$as_me:$LINENO: checking for uint" >&5 +echo $ECHO_N "checking for uint... $ECHO_C" >&6 +if test "${ac_cv_type_uint+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +if ((uint *) 0) + return 0; +if (sizeof (uint)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type_uint=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_type_uint=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_type_uint" >&5 +echo "${ECHO_T}$ac_cv_type_uint" >&6 +if test $ac_cv_type_uint = yes; then + : +else + +cat >>confdefs.h <<_ACEOF +#define uint unsigned int +_ACEOF + +fi + +echo "$as_me:$LINENO: checking for ulong" >&5 +echo $ECHO_N "checking for ulong... $ECHO_C" >&6 +if test "${ac_cv_type_ulong+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +if ((ulong *) 0) + return 0; +if (sizeof (ulong)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type_ulong=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_type_ulong=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_type_ulong" >&5 +echo "${ECHO_T}$ac_cv_type_ulong" >&6 +if test $ac_cv_type_ulong = yes; then + : +else + +cat >>confdefs.h <<_ACEOF +#define ulong unsigned long +_ACEOF + +fi + +echo "$as_me:$LINENO: checking for ushort" >&5 +echo $ECHO_N "checking for ushort... $ECHO_C" >&6 +if test "${ac_cv_type_ushort+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +if ((ushort *) 0) + return 0; +if (sizeof (ushort)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type_ushort=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_type_ushort=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_type_ushort" >&5 +echo "${ECHO_T}$ac_cv_type_ushort" >&6 +if test $ac_cv_type_ushort = yes; then + : +else + +cat >>confdefs.h <<_ACEOF +#define ushort unsigned short +_ACEOF + +fi + +echo "$as_me:$LINENO: checking for uchar" >&5 +echo $ECHO_N "checking for uchar... $ECHO_C" >&6 +if test "${ac_cv_type_uchar+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +if ((uchar *) 0) + return 0; +if (sizeof (uchar)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type_uchar=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_type_uchar=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_type_uchar" >&5 +echo "${ECHO_T}$ac_cv_type_uchar" >&6 +if test $ac_cv_type_uchar = yes; then + : +else + +cat >>confdefs.h <<_ACEOF +#define uchar unsigned char +_ACEOF + +fi + + +### define configure arguments +# Check whether --enable-printtimezone or --disable-printtimezone was given. +if test "${enable_printtimezone+set}" = set; then + enableval="$enable_printtimezone" + printtimezone=$enableval +fi; +printtimezone=0 +test "$printtimezone" = yes && printtimezone=1 + +cat >>confdefs.h <<_ACEOF +#define PRINT_TIMEZONE $printtimezone +_ACEOF + + +# Check whether --enable-printyear or --disable-printyear was given. +if test "${enable_printyear+set}" = set; then + enableval="$enable_printyear" + printyear=$enableval +fi; +printyear=0 +test "$printyear" = yes && printyear=1 + +cat >>confdefs.h <<_ACEOF +#define PRINT_AGE_OF_YEAR $printyear +_ACEOF + + +# Check whether --enable-logprogname or --disable-logprogname was given. +if test "${enable_logprogname+set}" = set; then + enableval="$enable_logprogname" + logprogname=$enableval +fi; +logprogname=0 +test "$logprogname" = yes && logprogname=1 + +cat >>confdefs.h <<_ACEOF +#define LOG_WITH_PROGNAME $logprogname +_ACEOF + + +# Check whether --enable-logtimestamp or --disable-logtimestamp was given. +if test "${enable_logtimestamp+set}" = set; then + enableval="$enable_logtimestamp" + logtimestamp=$enableval +fi; +logtimestamp=1 +test "$logtimestamp" = no && logtimestamp=0 + +cat >>confdefs.h <<_ACEOF +#define LOG_WITH_TIMESTAMP $logtimestamp +_ACEOF + + +# Check whether --enable-loglevel or --disable-loglevel was given. +if test "${enable_loglevel+set}" = set; then + enableval="$enable_loglevel" + loglevel=$enableval +fi; +loglevel=1 +test "$loglevel" = no && loglevel=0 + +cat >>confdefs.h <<_ACEOF +#define LOG_WITH_LEVEL $loglevel +_ACEOF + + +# Check whether --enable-ttl_in_keyfile or --disable-ttl_in_keyfile was given. +if test "${enable_ttl_in_keyfile+set}" = set; then + enableval="$enable_ttl_in_keyfile" + ttl_in_keyfile=$enableval +fi; +ttl_in_keyfile=1 +test "$ttl_in_keyfile" = no && ttl_in_keyfile=0 + +cat >>confdefs.h <<_ACEOF +#define TTL_IN_KEYFILE_ALLOWED $ttl_in_keyfile +_ACEOF + + +configpath="/var/named" +# Check whether --enable-configpath or --disable-configpath was given. +if test "${enable_configpath+set}" = set; then + enableval="$enable_configpath" + configpath=$enableval +fi; +case "$configpath" in +yes) + configpath="/var/named" + ;; +no) + configpath="" + ;; +*) + ;; +esac + +cat >>confdefs.h <<_ACEOF +#define CONFIG_PATH "$configpath/" +_ACEOF + + +usetree=1 +t="T" +# Check whether --enable-tree or --disable-tree was given. +if test "${enable_tree+set}" = set; then + enableval="$enable_tree" + usetree=$enableval +fi; +if test "$usetree" = no +then + usetree=0 + t="" +fi + +cat >>confdefs.h <<_ACEOF +#define USE_TREE $usetree +_ACEOF + + + +cat >>confdefs.h <<_ACEOF +#define ZKT_VERSION "v$t$PACKAGE_VERSION (c) Feb 2005 - Aug 2008 Holger Zuleger hznet.de" +_ACEOF + + +### Checks for libraries. + + +### Checks for header files. + + + + + +ac_header_dirent=no +for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h; do + as_ac_Header=`echo "ac_cv_header_dirent_$ac_hdr" | $as_tr_sh` +echo "$as_me:$LINENO: checking for $ac_hdr that defines DIR" >&5 +echo $ECHO_N "checking for $ac_hdr that defines DIR... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <sys/types.h> +#include <$ac_hdr> + +int +main () +{ +if ((DIR *) 0) +return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_Header=yes" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +eval "$as_ac_Header=no" +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_hdr" | $as_tr_cpp` 1 +_ACEOF + +ac_header_dirent=$ac_hdr; break +fi + +done +# Two versions of opendir et al. are in -ldir and -lx on SCO Xenix. +if test $ac_header_dirent = dirent.h; then + echo "$as_me:$LINENO: checking for library containing opendir" >&5 +echo $ECHO_N "checking for library containing opendir... $ECHO_C" >&6 +if test "${ac_cv_search_opendir+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_func_search_save_LIBS=$LIBS +ac_cv_search_opendir=no +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char opendir (); +int +main () +{ +opendir (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_search_opendir="none required" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +if test "$ac_cv_search_opendir" = no; then + for ac_lib in dir; do + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char opendir (); +int +main () +{ +opendir (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_search_opendir="-l$ac_lib" +break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + done +fi +LIBS=$ac_func_search_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_search_opendir" >&5 +echo "${ECHO_T}$ac_cv_search_opendir" >&6 +if test "$ac_cv_search_opendir" != no; then + test "$ac_cv_search_opendir" = "none required" || LIBS="$ac_cv_search_opendir $LIBS" + +fi + +else + echo "$as_me:$LINENO: checking for library containing opendir" >&5 +echo $ECHO_N "checking for library containing opendir... $ECHO_C" >&6 +if test "${ac_cv_search_opendir+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_func_search_save_LIBS=$LIBS +ac_cv_search_opendir=no +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char opendir (); +int +main () +{ +opendir (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_search_opendir="none required" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +if test "$ac_cv_search_opendir" = no; then + for ac_lib in x; do + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char opendir (); +int +main () +{ +opendir (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_search_opendir="-l$ac_lib" +break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + done +fi +LIBS=$ac_func_search_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_search_opendir" >&5 +echo "${ECHO_T}$ac_cv_search_opendir" >&6 +if test "$ac_cv_search_opendir" != no; then + test "$ac_cv_search_opendir" = "none required" || LIBS="$ac_cv_search_opendir $LIBS" + +fi + +fi + +echo "$as_me:$LINENO: checking for ANSI C header files" >&5 +echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6 +if test "${ac_cv_header_stdc+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <stdlib.h> +#include <stdarg.h> +#include <string.h> +#include <float.h> + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_header_stdc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_header_stdc=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <string.h> + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then + : +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <stdlib.h> + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then + : +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then + : +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <ctype.h> +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) \ + (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif + +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () +{ + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + exit(2); + exit (0); +} +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + : +else + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +( exit $ac_status ) +ac_cv_header_stdc=no +fi +rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi +fi +fi +echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5 +echo "${ECHO_T}$ac_cv_header_stdc" >&6 +if test $ac_cv_header_stdc = yes; then + +cat >>confdefs.h <<\_ACEOF +#define STDC_HEADERS 1 +_ACEOF + +fi + + + + + + + + + + + + + +for ac_header in fcntl.h netdb.h stdlib.h getopt.h string.h strings.h sys/socket.h sys/time.h sys/types.h syslog.h unistd.h utime.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +else + # Is the header compilable? +echo "$as_me:$LINENO: checking $ac_header usability" >&5 +echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_header_compiler=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6 + +# Is the header present? +echo "$as_me:$LINENO: checking $ac_header presence" >&5 +echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi +rm -f conftest.err conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6 + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} + ( + cat <<\_ASBOX +## -------------------------------------- ## +## Report this to Holger Zuleger hznet.de ## +## -------------------------------------- ## +_ASBOX + ) | + sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + eval "$as_ac_Header=\$ac_header_preproc" +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 + +fi +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + + +### Checks for typedefs, structures, and compiler characteristics. +echo "$as_me:$LINENO: checking for an ANSI C-conforming const" >&5 +echo $ECHO_N "checking for an ANSI C-conforming const... $ECHO_C" >&6 +if test "${ac_cv_c_const+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ +/* FIXME: Include the comments suggested by Paul. */ +#ifndef __cplusplus + /* Ultrix mips cc rejects this. */ + typedef int charset[2]; + const charset x; + /* SunOS 4.1.1 cc rejects this. */ + char const *const *ccp; + char **p; + /* NEC SVR4.0.2 mips cc rejects this. */ + struct point {int x, y;}; + static struct point const zero = {0,0}; + /* AIX XL C 1.02.0.0 rejects this. + It does not let you subtract one const X* pointer from another in + an arm of an if-expression whose if-part is not a constant + expression */ + const char *g = "string"; + ccp = &g + (g ? g-g : 0); + /* HPUX 7.0 cc rejects these. */ + ++ccp; + p = (char**) ccp; + ccp = (char const *const *) p; + { /* SCO 3.2v4 cc rejects this. */ + char *t; + char const *s = 0 ? (char *) 0 : (char const *) 0; + + *t++ = 0; + } + { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */ + int x[] = {25, 17}; + const int *foo = &x[0]; + ++foo; + } + { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */ + typedef const int *iptr; + iptr p = 0; + ++p; + } + { /* AIX XL C 1.02.0.0 rejects this saying + "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ + struct s { int j; const int *ap[3]; }; + struct s *b; b->j = 5; + } + { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ + const int foo = 10; + } +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_c_const=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_c_const=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_c_const" >&5 +echo "${ECHO_T}$ac_cv_c_const" >&6 +if test $ac_cv_c_const = no; then + +cat >>confdefs.h <<\_ACEOF +#define const +_ACEOF + +fi + +echo "$as_me:$LINENO: checking for size_t" >&5 +echo $ECHO_N "checking for size_t... $ECHO_C" >&6 +if test "${ac_cv_type_size_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +if ((size_t *) 0) + return 0; +if (sizeof (size_t)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type_size_t=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_type_size_t=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_type_size_t" >&5 +echo "${ECHO_T}$ac_cv_type_size_t" >&6 +if test $ac_cv_type_size_t = yes; then + : +else + +cat >>confdefs.h <<_ACEOF +#define size_t unsigned +_ACEOF + +fi + +echo "$as_me:$LINENO: checking whether time.h and sys/time.h may both be included" >&5 +echo $ECHO_N "checking whether time.h and sys/time.h may both be included... $ECHO_C" >&6 +if test "${ac_cv_header_time+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <sys/types.h> +#include <sys/time.h> +#include <time.h> + +int +main () +{ +if ((struct tm *) 0) +return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_header_time=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_header_time=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_header_time" >&5 +echo "${ECHO_T}$ac_cv_header_time" >&6 +if test $ac_cv_header_time = yes; then + +cat >>confdefs.h <<\_ACEOF +#define TIME_WITH_SYS_TIME 1 +_ACEOF + +fi + +echo "$as_me:$LINENO: checking whether struct tm is in sys/time.h or time.h" >&5 +echo $ECHO_N "checking whether struct tm is in sys/time.h or time.h... $ECHO_C" >&6 +if test "${ac_cv_struct_tm+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <sys/types.h> +#include <time.h> + +int +main () +{ +struct tm *tp; tp->tm_sec; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_struct_tm=time.h +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_struct_tm=sys/time.h +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_struct_tm" >&5 +echo "${ECHO_T}$ac_cv_struct_tm" >&6 +if test $ac_cv_struct_tm = sys/time.h; then + +cat >>confdefs.h <<\_ACEOF +#define TM_IN_SYS_TIME 1 +_ACEOF + +fi + +echo "$as_me:$LINENO: checking for uid_t in sys/types.h" >&5 +echo $ECHO_N "checking for uid_t in sys/types.h... $ECHO_C" >&6 +if test "${ac_cv_type_uid_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <sys/types.h> + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "uid_t" >/dev/null 2>&1; then + ac_cv_type_uid_t=yes +else + ac_cv_type_uid_t=no +fi +rm -f conftest* + +fi +echo "$as_me:$LINENO: result: $ac_cv_type_uid_t" >&5 +echo "${ECHO_T}$ac_cv_type_uid_t" >&6 +if test $ac_cv_type_uid_t = no; then + +cat >>confdefs.h <<\_ACEOF +#define uid_t int +_ACEOF + + +cat >>confdefs.h <<\_ACEOF +#define gid_t int +_ACEOF + +fi + + + +### Checks for library functions. +echo "$as_me:$LINENO: checking whether closedir returns void" >&5 +echo $ECHO_N "checking whether closedir returns void... $ECHO_C" >&6 +if test "${ac_cv_func_closedir_void+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test "$cross_compiling" = yes; then + ac_cv_func_closedir_void=yes +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header_dirent> +#ifndef __cplusplus +int closedir (); +#endif + +int +main () +{ +exit (closedir (opendir (".")) != 0); + ; + return 0; +} +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_closedir_void=no +else + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +( exit $ac_status ) +ac_cv_func_closedir_void=yes +fi +rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi +fi +echo "$as_me:$LINENO: result: $ac_cv_func_closedir_void" >&5 +echo "${ECHO_T}$ac_cv_func_closedir_void" >&6 +if test $ac_cv_func_closedir_void = yes; then + +cat >>confdefs.h <<\_ACEOF +#define CLOSEDIR_VOID 1 +_ACEOF + +fi + +echo "$as_me:$LINENO: checking for error_at_line" >&5 +echo $ECHO_N "checking for error_at_line... $ECHO_C" >&6 +if test "${ac_cv_lib_error_at_line+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +error_at_line (0, 0, "", 0, ""); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_error_at_line=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_error_at_line=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_error_at_line" >&5 +echo "${ECHO_T}$ac_cv_lib_error_at_line" >&6 +if test $ac_cv_lib_error_at_line = no; then + case $LIBOBJS in + "error.$ac_objext" | \ + *" error.$ac_objext" | \ + "error.$ac_objext "* | \ + *" error.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS error.$ac_objext" ;; +esac + +fi + + +for ac_header in stdlib.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +else + # Is the header compilable? +echo "$as_me:$LINENO: checking $ac_header usability" >&5 +echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_header_compiler=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6 + +# Is the header present? +echo "$as_me:$LINENO: checking $ac_header presence" >&5 +echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi +rm -f conftest.err conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6 + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} + ( + cat <<\_ASBOX +## -------------------------------------- ## +## Report this to Holger Zuleger hznet.de ## +## -------------------------------------- ## +_ASBOX + ) | + sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + eval "$as_ac_Header=\$ac_header_preproc" +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 + +fi +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + +echo "$as_me:$LINENO: checking for GNU libc compatible malloc" >&5 +echo $ECHO_N "checking for GNU libc compatible malloc... $ECHO_C" >&6 +if test "${ac_cv_func_malloc_0_nonnull+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test "$cross_compiling" = yes; then + ac_cv_func_malloc_0_nonnull=no +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#if STDC_HEADERS || HAVE_STDLIB_H +# include <stdlib.h> +#else +char *malloc (); +#endif + +int +main () +{ +exit (malloc (0) ? 0 : 1); + ; + return 0; +} +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_malloc_0_nonnull=yes +else + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +( exit $ac_status ) +ac_cv_func_malloc_0_nonnull=no +fi +rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi +fi +echo "$as_me:$LINENO: result: $ac_cv_func_malloc_0_nonnull" >&5 +echo "${ECHO_T}$ac_cv_func_malloc_0_nonnull" >&6 +if test $ac_cv_func_malloc_0_nonnull = yes; then + +cat >>confdefs.h <<\_ACEOF +#define HAVE_MALLOC 1 +_ACEOF + +else + cat >>confdefs.h <<\_ACEOF +#define HAVE_MALLOC 0 +_ACEOF + + case $LIBOBJS in + "malloc.$ac_objext" | \ + *" malloc.$ac_objext" | \ + "malloc.$ac_objext "* | \ + *" malloc.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS malloc.$ac_objext" ;; +esac + + +cat >>confdefs.h <<\_ACEOF +#define malloc rpl_malloc +_ACEOF + +fi + + + + + + +for ac_header in stdlib.h sys/time.h unistd.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +else + # Is the header compilable? +echo "$as_me:$LINENO: checking $ac_header usability" >&5 +echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_header_compiler=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6 + +# Is the header present? +echo "$as_me:$LINENO: checking $ac_header presence" >&5 +echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi +rm -f conftest.err conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6 + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} + ( + cat <<\_ASBOX +## -------------------------------------- ## +## Report this to Holger Zuleger hznet.de ## +## -------------------------------------- ## +_ASBOX + ) | + sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + eval "$as_ac_Header=\$ac_header_preproc" +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 + +fi +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + +for ac_func in alarm +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:$LINENO: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func. + For example, HP-UX 11i <limits.h> declares gettimeofday. */ +#define $ac_func innocuous_$ac_func + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func (); below. + Prefer <limits.h> to <assert.h> if __STDC__ is defined, since + <limits.h> exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include <limits.h> +#else +# include <assert.h> +#endif + +#undef $ac_func + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +{ +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +char (*f) () = $ac_func; +#endif +#ifdef __cplusplus +} +#endif + +int +main () +{ +return f != $ac_func; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +eval "$as_ac_var=no" +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +echo "$as_me:$LINENO: checking for working mktime" >&5 +echo $ECHO_N "checking for working mktime... $ECHO_C" >&6 +if test "${ac_cv_func_working_mktime+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test "$cross_compiling" = yes; then + ac_cv_func_working_mktime=no +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Test program from Paul Eggert and Tony Leneis. */ +#if TIME_WITH_SYS_TIME +# include <sys/time.h> +# include <time.h> +#else +# if HAVE_SYS_TIME_H +# include <sys/time.h> +# else +# include <time.h> +# endif +#endif + +#if HAVE_STDLIB_H +# include <stdlib.h> +#endif + +#if HAVE_UNISTD_H +# include <unistd.h> +#endif + +#if !HAVE_ALARM +# define alarm(X) /* empty */ +#endif + +/* Work around redefinition to rpl_putenv by other config tests. */ +#undef putenv + +static time_t time_t_max; +static time_t time_t_min; + +/* Values we'll use to set the TZ environment variable. */ +static char *tz_strings[] = { + (char *) 0, "TZ=GMT0", "TZ=JST-9", + "TZ=EST+3EDT+2,M10.1.0/00:00:00,M2.3.0/00:00:00" +}; +#define N_STRINGS (sizeof (tz_strings) / sizeof (tz_strings[0])) + +/* Fail if mktime fails to convert a date in the spring-forward gap. + Based on a problem report from Andreas Jaeger. */ +static void +spring_forward_gap () +{ + /* glibc (up to about 1998-10-07) failed this test. */ + struct tm tm; + + /* Use the portable POSIX.1 specification "TZ=PST8PDT,M4.1.0,M10.5.0" + instead of "TZ=America/Vancouver" in order to detect the bug even + on systems that don't support the Olson extension, or don't have the + full zoneinfo tables installed. */ + putenv ("TZ=PST8PDT,M4.1.0,M10.5.0"); + + tm.tm_year = 98; + tm.tm_mon = 3; + tm.tm_mday = 5; + tm.tm_hour = 2; + tm.tm_min = 0; + tm.tm_sec = 0; + tm.tm_isdst = -1; + if (mktime (&tm) == (time_t)-1) + exit (1); +} + +static void +mktime_test1 (now) + time_t now; +{ + struct tm *lt; + if ((lt = localtime (&now)) && mktime (lt) != now) + exit (1); +} + +static void +mktime_test (now) + time_t now; +{ + mktime_test1 (now); + mktime_test1 ((time_t) (time_t_max - now)); + mktime_test1 ((time_t) (time_t_min + now)); +} + +static void +irix_6_4_bug () +{ + /* Based on code from Ariel Faigon. */ + struct tm tm; + tm.tm_year = 96; + tm.tm_mon = 3; + tm.tm_mday = 0; + tm.tm_hour = 0; + tm.tm_min = 0; + tm.tm_sec = 0; + tm.tm_isdst = -1; + mktime (&tm); + if (tm.tm_mon != 2 || tm.tm_mday != 31) + exit (1); +} + +static void +bigtime_test (j) + int j; +{ + struct tm tm; + time_t now; + tm.tm_year = tm.tm_mon = tm.tm_mday = tm.tm_hour = tm.tm_min = tm.tm_sec = j; + now = mktime (&tm); + if (now != (time_t) -1) + { + struct tm *lt = localtime (&now); + if (! (lt + && lt->tm_year == tm.tm_year + && lt->tm_mon == tm.tm_mon + && lt->tm_mday == tm.tm_mday + && lt->tm_hour == tm.tm_hour + && lt->tm_min == tm.tm_min + && lt->tm_sec == tm.tm_sec + && lt->tm_yday == tm.tm_yday + && lt->tm_wday == tm.tm_wday + && ((lt->tm_isdst < 0 ? -1 : 0 < lt->tm_isdst) + == (tm.tm_isdst < 0 ? -1 : 0 < tm.tm_isdst)))) + exit (1); + } +} + +int +main () +{ + time_t t, delta; + int i, j; + + /* This test makes some buggy mktime implementations loop. + Give up after 60 seconds; a mktime slower than that + isn't worth using anyway. */ + alarm (60); + + for (time_t_max = 1; 0 < time_t_max; time_t_max *= 2) + continue; + time_t_max--; + if ((time_t) -1 < 0) + for (time_t_min = -1; (time_t) (time_t_min * 2) < 0; time_t_min *= 2) + continue; + delta = time_t_max / 997; /* a suitable prime number */ + for (i = 0; i < N_STRINGS; i++) + { + if (tz_strings[i]) + putenv (tz_strings[i]); + + for (t = 0; t <= time_t_max - delta; t += delta) + mktime_test (t); + mktime_test ((time_t) 1); + mktime_test ((time_t) (60 * 60)); + mktime_test ((time_t) (60 * 60 * 24)); + + for (j = 1; 0 < j; j *= 2) + bigtime_test (j); + bigtime_test (j - 1); + } + irix_6_4_bug (); + spring_forward_gap (); + exit (0); +} +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_working_mktime=yes +else + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +( exit $ac_status ) +ac_cv_func_working_mktime=no +fi +rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi +fi +echo "$as_me:$LINENO: result: $ac_cv_func_working_mktime" >&5 +echo "${ECHO_T}$ac_cv_func_working_mktime" >&6 +if test $ac_cv_func_working_mktime = no; then + case $LIBOBJS in + "mktime.$ac_objext" | \ + *" mktime.$ac_objext" | \ + "mktime.$ac_objext "* | \ + *" mktime.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS mktime.$ac_objext" ;; +esac + +fi + +echo "$as_me:$LINENO: checking whether lstat dereferences a symlink specified with a trailing slash" >&5 +echo $ECHO_N "checking whether lstat dereferences a symlink specified with a trailing slash... $ECHO_C" >&6 +if test "${ac_cv_func_lstat_dereferences_slashed_symlink+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + rm -f conftest.sym conftest.file +echo >conftest.file +if test "$as_ln_s" = "ln -s" && ln -s conftest.file conftest.sym; then + if test "$cross_compiling" = yes; then + ac_cv_func_lstat_dereferences_slashed_symlink=no +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +struct stat sbuf; + /* Linux will dereference the symlink and fail. + That is better in the sense that it means we will not + have to compile and use the lstat wrapper. */ + exit (lstat ("conftest.sym/", &sbuf) ? 0 : 1); + ; + return 0; +} +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_lstat_dereferences_slashed_symlink=yes +else + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +( exit $ac_status ) +ac_cv_func_lstat_dereferences_slashed_symlink=no +fi +rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi +else + # If the `ln -s' command failed, then we probably don't even + # have an lstat function. + ac_cv_func_lstat_dereferences_slashed_symlink=no +fi +rm -f conftest.sym conftest.file + +fi +echo "$as_me:$LINENO: result: $ac_cv_func_lstat_dereferences_slashed_symlink" >&5 +echo "${ECHO_T}$ac_cv_func_lstat_dereferences_slashed_symlink" >&6 + +test $ac_cv_func_lstat_dereferences_slashed_symlink = yes && + +cat >>confdefs.h <<_ACEOF +#define LSTAT_FOLLOWS_SLASHED_SYMLINK 1 +_ACEOF + + +if test $ac_cv_func_lstat_dereferences_slashed_symlink = no; then + case $LIBOBJS in + "lstat.$ac_objext" | \ + *" lstat.$ac_objext" | \ + "lstat.$ac_objext "* | \ + *" lstat.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS lstat.$ac_objext" ;; +esac + +fi + +echo "$as_me:$LINENO: checking whether stat accepts an empty string" >&5 +echo $ECHO_N "checking whether stat accepts an empty string... $ECHO_C" >&6 +if test "${ac_cv_func_stat_empty_string_bug+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test "$cross_compiling" = yes; then + ac_cv_func_stat_empty_string_bug=yes +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +struct stat sbuf; + exit (stat ("", &sbuf) ? 1 : 0); + ; + return 0; +} +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_stat_empty_string_bug=yes +else + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +( exit $ac_status ) +ac_cv_func_stat_empty_string_bug=no +fi +rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi +fi +echo "$as_me:$LINENO: result: $ac_cv_func_stat_empty_string_bug" >&5 +echo "${ECHO_T}$ac_cv_func_stat_empty_string_bug" >&6 +if test $ac_cv_func_stat_empty_string_bug = yes; then + case $LIBOBJS in + "stat.$ac_objext" | \ + *" stat.$ac_objext" | \ + "stat.$ac_objext "* | \ + *" stat.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS stat.$ac_objext" ;; +esac + + +cat >>confdefs.h <<_ACEOF +#define HAVE_STAT_EMPTY_STRING_BUG 1 +_ACEOF + +fi + + +for ac_func in strftime +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:$LINENO: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func. + For example, HP-UX 11i <limits.h> declares gettimeofday. */ +#define $ac_func innocuous_$ac_func + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func (); below. + Prefer <limits.h> to <assert.h> if __STDC__ is defined, since + <limits.h> exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include <limits.h> +#else +# include <assert.h> +#endif + +#undef $ac_func + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +{ +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +char (*f) () = $ac_func; +#endif +#ifdef __cplusplus +} +#endif + +int +main () +{ +return f != $ac_func; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +eval "$as_ac_var=no" +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +else + # strftime is in -lintl on SCO UNIX. +echo "$as_me:$LINENO: checking for strftime in -lintl" >&5 +echo $ECHO_N "checking for strftime in -lintl... $ECHO_C" >&6 +if test "${ac_cv_lib_intl_strftime+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lintl $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char strftime (); +int +main () +{ +strftime (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_intl_strftime=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_intl_strftime=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_intl_strftime" >&5 +echo "${ECHO_T}$ac_cv_lib_intl_strftime" >&6 +if test $ac_cv_lib_intl_strftime = yes; then + cat >>confdefs.h <<\_ACEOF +#define HAVE_STRFTIME 1 +_ACEOF + +LIBS="-lintl $LIBS" +fi + +fi +done + +echo "$as_me:$LINENO: checking whether utime accepts a null argument" >&5 +echo $ECHO_N "checking whether utime accepts a null argument... $ECHO_C" >&6 +if test "${ac_cv_func_utime_null+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + rm -f conftest.data; >conftest.data +# Sequent interprets utime(file, 0) to mean use start of epoch. Wrong. +if test "$cross_compiling" = yes; then + ac_cv_func_utime_null=no +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +struct stat s, t; + exit (!(stat ("conftest.data", &s) == 0 + && utime ("conftest.data", (long *)0) == 0 + && stat ("conftest.data", &t) == 0 + && t.st_mtime >= s.st_mtime + && t.st_mtime - s.st_mtime < 120)); + ; + return 0; +} +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_utime_null=yes +else + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +( exit $ac_status ) +ac_cv_func_utime_null=no +fi +rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi +rm -f core *.core +fi +echo "$as_me:$LINENO: result: $ac_cv_func_utime_null" >&5 +echo "${ECHO_T}$ac_cv_func_utime_null" >&6 +if test $ac_cv_func_utime_null = yes; then + +cat >>confdefs.h <<\_ACEOF +#define HAVE_UTIME_NULL 1 +_ACEOF + +fi +rm -f conftest.data + + +for ac_func in vprintf +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:$LINENO: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func. + For example, HP-UX 11i <limits.h> declares gettimeofday. */ +#define $ac_func innocuous_$ac_func + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func (); below. + Prefer <limits.h> to <assert.h> if __STDC__ is defined, since + <limits.h> exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include <limits.h> +#else +# include <assert.h> +#endif + +#undef $ac_func + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +{ +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +char (*f) () = $ac_func; +#endif +#ifdef __cplusplus +} +#endif + +int +main () +{ +return f != $ac_func; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +eval "$as_ac_var=no" +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +echo "$as_me:$LINENO: checking for _doprnt" >&5 +echo $ECHO_N "checking for _doprnt... $ECHO_C" >&6 +if test "${ac_cv_func__doprnt+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define _doprnt to an innocuous variant, in case <limits.h> declares _doprnt. + For example, HP-UX 11i <limits.h> declares gettimeofday. */ +#define _doprnt innocuous__doprnt + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char _doprnt (); below. + Prefer <limits.h> to <assert.h> if __STDC__ is defined, since + <limits.h> exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include <limits.h> +#else +# include <assert.h> +#endif + +#undef _doprnt + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +{ +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char _doprnt (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub__doprnt) || defined (__stub____doprnt) +choke me +#else +char (*f) () = _doprnt; +#endif +#ifdef __cplusplus +} +#endif + +int +main () +{ +return f != _doprnt; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func__doprnt=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_func__doprnt=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_func__doprnt" >&5 +echo "${ECHO_T}$ac_cv_func__doprnt" >&6 +if test $ac_cv_func__doprnt = yes; then + +cat >>confdefs.h <<\_ACEOF +#define HAVE_DOPRNT 1 +_ACEOF + +fi + +fi +done + + +# 2008-07-04 getopt_long added + + + + + + + + + + + + + +for ac_func in getopt_long gettimeofday memset setenv socket strcasecmp strchr strdup strerror strncasecmp strrchr tzset utime +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:$LINENO: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func. + For example, HP-UX 11i <limits.h> declares gettimeofday. */ +#define $ac_func innocuous_$ac_func + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func (); below. + Prefer <limits.h> to <assert.h> if __STDC__ is defined, since + <limits.h> exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include <limits.h> +#else +# include <assert.h> +#endif + +#undef $ac_func + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +{ +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +char (*f) () = $ac_func; +#endif +#ifdef __cplusplus +} +#endif + +int +main () +{ +return f != $ac_func; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +eval "$as_ac_var=no" +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + + + ac_config_files="$ac_config_files Makefile" + +cat >confcache <<\_ACEOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs, see configure's option --config-cache. +# It is not useful on other systems. If it contains results you don't +# want to keep, you may remove or edit it. +# +# config.status only pays attention to the cache file if you give it +# the --recheck option to rerun configure. +# +# `ac_cv_env_foo' variables (set or unset) will be overridden when +# loading this file, other *unset* `ac_cv_foo' will be assigned the +# following values. + +_ACEOF + +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, don't put newlines in cache variables' values. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +{ + (set) 2>&1 | + case `(ac_space=' '; set | grep ac_space) 2>&1` in + *ac_space=\ *) + # `set' does not quote correctly, so add quotes (double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \). + sed -n \ + "s/'/'\\\\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" + ;; + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n \ + "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p" + ;; + esac; +} | + sed ' + t clear + : clear + s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + t end + /^ac_cv_env/!s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ + : end' >>confcache +if diff $cache_file confcache >/dev/null 2>&1; then :; else + if test -w $cache_file; then + test "x$cache_file" != "x/dev/null" && echo "updating cache $cache_file" + cat confcache >$cache_file + else + echo "not updating unwritable cache $cache_file" + fi +fi +rm -f confcache + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +# VPATH may cause trouble with some makes, so we remove $(srcdir), +# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and +# trailing colons and then remove the whole line if VPATH becomes empty +# (actually we leave an empty line to preserve line numbers). +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=/{ +s/:*\$(srcdir):*/:/; +s/:*\${srcdir}:*/:/; +s/:*@srcdir@:*/:/; +s/^\([^=]*=[ ]*\):*/\1/; +s/:*$//; +s/^[^=]*=[ ]*$//; +}' +fi + +DEFS=-DHAVE_CONFIG_H + +ac_libobjs= +ac_ltlibobjs= +for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue + # 1. Remove the extension, and $U if already installed. + ac_i=`echo "$ac_i" | + sed 's/\$U\././;s/\.o$//;s/\.obj$//'` + # 2. Add them. + ac_libobjs="$ac_libobjs $ac_i\$U.$ac_objext" + ac_ltlibobjs="$ac_ltlibobjs $ac_i"'$U.lo' +done +LIBOBJS=$ac_libobjs + +LTLIBOBJS=$ac_ltlibobjs + + + +: ${CONFIG_STATUS=./config.status} +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files $CONFIG_STATUS" +{ echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5 +echo "$as_me: creating $CONFIG_STATUS" >&6;} +cat >$CONFIG_STATUS <<_ACEOF +#! $SHELL +# Generated by $as_me. +# Run this file to recreate the current configuration. +# Compiler output produced by configure, useful for debugging +# configure, is in config.log if it exists. + +debug=false +ac_cs_recheck=false +ac_cs_silent=false +SHELL=\${CONFIG_SHELL-$SHELL} +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF +## --------------------- ## +## M4sh Initialization. ## +## --------------------- ## + +# Be Bourne compatible +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' +elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then + set -o posix +fi +DUALCASE=1; export DUALCASE # for MKS sh + +# Support unset when possible. +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + as_unset=unset +else + as_unset=false +fi + + +# Work around bugs in pre-3.0 UWIN ksh. +$as_unset ENV MAIL MAILPATH +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +for as_var in \ + LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ + LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ + LC_TELEPHONE LC_TIME +do + if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then + eval $as_var=C; export $as_var + else + $as_unset $as_var + fi +done + +# Required to use basename. +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + + +# Name of the executable. +as_me=`$as_basename "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)$' \| \ + . : '\(.\)' 2>/dev/null || +echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; } + /^X\/\(\/\/\)$/{ s//\1/; q; } + /^X\/\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + + +# PATH needs CR, and LINENO needs CR and PATH. +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + echo "#! /bin/sh" >conf$$.sh + echo "exit 0" >>conf$$.sh + chmod +x conf$$.sh + if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then + PATH_SEPARATOR=';' + else + PATH_SEPARATOR=: + fi + rm -f conf$$.sh +fi + + + as_lineno_1=$LINENO + as_lineno_2=$LINENO + as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x$as_lineno_3" = "x$as_lineno_2" || { + # Find who we are. Look in the path if we contain no path at all + # relative or not. + case $0 in + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break +done + + ;; + esac + # We did not find ourselves, most probably we were run as `sh COMMAND' + # in which case we are not to be found in the path. + if test "x$as_myself" = x; then + as_myself=$0 + fi + if test ! -f "$as_myself"; then + { { echo "$as_me:$LINENO: error: cannot find myself; rerun with an absolute path" >&5 +echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2;} + { (exit 1); exit 1; }; } + fi + case $CONFIG_SHELL in + '') + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for as_base in sh bash ksh sh5; do + case $as_dir in + /*) + if ("$as_dir/$as_base" -c ' + as_lineno_1=$LINENO + as_lineno_2=$LINENO + as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then + $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; } + $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; } + CONFIG_SHELL=$as_dir/$as_base + export CONFIG_SHELL + exec "$CONFIG_SHELL" "$0" ${1+"$@"} + fi;; + esac + done +done +;; + esac + + # Create $as_me.lineno as a copy of $as_myself, but with $LINENO + # uniformly replaced by the line number. The first 'sed' inserts a + # line-number line before each line; the second 'sed' does the real + # work. The second script uses 'N' to pair each line-number line + # with the numbered line, and appends trailing '-' during + # substitution so that $LINENO is not a special case at line end. + # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the + # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-) + sed '=' <$as_myself | + sed ' + N + s,$,-, + : loop + s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3, + t loop + s,-$,, + s,^['$as_cr_digits']*\n,, + ' >$as_me.lineno && + chmod +x $as_me.lineno || + { { echo "$as_me:$LINENO: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&5 +echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2;} + { (exit 1); exit 1; }; } + + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensible to this). + . ./$as_me.lineno + # Exit status is that of the last command. + exit +} + + +case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in + *c*,-n*) ECHO_N= ECHO_C=' +' ECHO_T=' ' ;; + *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;; + *) ECHO_N= ECHO_C='\c' ECHO_T= ;; +esac + +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +rm -f conf$$ conf$$.exe conf$$.file +echo >conf$$.file +if ln -s conf$$.file conf$$ 2>/dev/null; then + # We could just check for DJGPP; but this test a) works b) is more generic + # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04). + if test -f conf$$.exe; then + # Don't use ln at all; we don't have any links + as_ln_s='cp -p' + else + as_ln_s='ln -s' + fi +elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln +else + as_ln_s='cp -p' +fi +rm -f conf$$ conf$$.exe conf$$.file + +if mkdir -p . 2>/dev/null; then + as_mkdir_p=: +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +as_executable_p="test -f" + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +# IFS +# We need space, tab and new line, in precisely that order. +as_nl=' +' +IFS=" $as_nl" + +# CDPATH. +$as_unset CDPATH + +exec 6>&1 + +# Open the log real soon, to keep \$[0] and so on meaningful, and to +# report actual input values of CONFIG_FILES etc. instead of their +# values after options handling. Logging --version etc. is OK. +exec 5>>config.log +{ + echo + sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX +## Running $as_me. ## +_ASBOX +} >&5 +cat >&5 <<_CSEOF + +This file was extended by ZKT $as_me 0.97, which was +generated by GNU Autoconf 2.59. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS + CONFIG_LINKS = $CONFIG_LINKS + CONFIG_COMMANDS = $CONFIG_COMMANDS + $ $0 $@ + +_CSEOF +echo "on `(hostname || uname -n) 2>/dev/null | sed 1q`" >&5 +echo >&5 +_ACEOF + +# Files that config.status was made for. +if test -n "$ac_config_files"; then + echo "config_files=\"$ac_config_files\"" >>$CONFIG_STATUS +fi + +if test -n "$ac_config_headers"; then + echo "config_headers=\"$ac_config_headers\"" >>$CONFIG_STATUS +fi + +if test -n "$ac_config_links"; then + echo "config_links=\"$ac_config_links\"" >>$CONFIG_STATUS +fi + +if test -n "$ac_config_commands"; then + echo "config_commands=\"$ac_config_commands\"" >>$CONFIG_STATUS +fi + +cat >>$CONFIG_STATUS <<\_ACEOF + +ac_cs_usage="\ +\`$as_me' instantiates files from templates according to the +current configuration. + +Usage: $0 [OPTIONS] [FILE]... + + -h, --help print this help, then exit + -V, --version print version number, then exit + -q, --quiet do not print progress messages + -d, --debug don't remove temporary files + --recheck update $as_me by reconfiguring in the same conditions + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + --header=FILE[:TEMPLATE] + instantiate the configuration header FILE + +Configuration files: +$config_files + +Configuration headers: +$config_headers + +Report bugs to <bug-autoconf@gnu.org>." +_ACEOF + +cat >>$CONFIG_STATUS <<_ACEOF +ac_cs_version="\\ +ZKT config.status 0.97 +configured by $0, generated by GNU Autoconf 2.59, + with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" + +Copyright (C) 2003 Free Software Foundation, Inc. +This config.status script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it." +srcdir=$srcdir +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF +# If no file are specified by the user, then we need to provide default +# value. By we need to know if files were specified by the user. +ac_need_defaults=: +while test $# != 0 +do + case $1 in + --*=*) + ac_option=`expr "x$1" : 'x\([^=]*\)='` + ac_optarg=`expr "x$1" : 'x[^=]*=\(.*\)'` + ac_shift=: + ;; + -*) + ac_option=$1 + ac_optarg=$2 + ac_shift=shift + ;; + *) # This is not an option, so the user has probably given explicit + # arguments. + ac_option=$1 + ac_need_defaults=false;; + esac + + case $ac_option in + # Handling of the options. +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + ac_cs_recheck=: ;; + --version | --vers* | -V ) + echo "$ac_cs_version"; exit 0 ;; + --he | --h) + # Conflict between --help and --header + { { echo "$as_me:$LINENO: error: ambiguous option: $1 +Try \`$0 --help' for more information." >&5 +echo "$as_me: error: ambiguous option: $1 +Try \`$0 --help' for more information." >&2;} + { (exit 1); exit 1; }; };; + --help | --hel | -h ) + echo "$ac_cs_usage"; exit 0 ;; + --debug | --d* | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + $ac_shift + CONFIG_FILES="$CONFIG_FILES $ac_optarg" + ac_need_defaults=false;; + --header | --heade | --head | --hea ) + $ac_shift + CONFIG_HEADERS="$CONFIG_HEADERS $ac_optarg" + ac_need_defaults=false;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil | --si | --s) + ac_cs_silent=: ;; + + # This is an error. + -*) { { echo "$as_me:$LINENO: error: unrecognized option: $1 +Try \`$0 --help' for more information." >&5 +echo "$as_me: error: unrecognized option: $1 +Try \`$0 --help' for more information." >&2;} + { (exit 1); exit 1; }; } ;; + + *) ac_config_targets="$ac_config_targets $1" ;; + + esac + shift +done + +ac_configure_extra_args= + +if $ac_cs_silent; then + exec 6>/dev/null + ac_configure_extra_args="$ac_configure_extra_args --silent" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF +if \$ac_cs_recheck; then + echo "running $SHELL $0 " $ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6 + exec $SHELL $0 $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion +fi + +_ACEOF + + + + + +cat >>$CONFIG_STATUS <<\_ACEOF +for ac_config_target in $ac_config_targets +do + case "$ac_config_target" in + # Handling of arguments. + "Makefile" ) CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; + *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5 +echo "$as_me: error: invalid argument: $ac_config_target" >&2;} + { (exit 1); exit 1; }; };; + esac +done + +# If the user did not use the arguments to specify the items to instantiate, +# then the envvar interface is used. Set only those that are not. +# We use the long form for the default assignment because of an extremely +# bizarre bug on SunOS 4.1.3. +if $ac_need_defaults; then + test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files + test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers +fi + +# Have a temporary directory for convenience. Make it in the build tree +# simply because there is no reason to put it here, and in addition, +# creating and moving files from /tmp can sometimes cause problems. +# Create a temporary directory, and hook for its removal unless debugging. +$debug || +{ + trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0 + trap '{ (exit 1); exit 1; }' 1 2 13 15 +} + +# Create a (secure) tmp directory for tmp files. + +{ + tmp=`(umask 077 && mktemp -d -q "./confstatXXXXXX") 2>/dev/null` && + test -n "$tmp" && test -d "$tmp" +} || +{ + tmp=./confstat$$-$RANDOM + (umask 077 && mkdir $tmp) +} || +{ + echo "$me: cannot create a temporary directory in ." >&2 + { (exit 1); exit 1; } +} + +_ACEOF + +cat >>$CONFIG_STATUS <<_ACEOF + +# +# CONFIG_FILES section. +# + +# No need to generate the scripts if there are no CONFIG_FILES. +# This happens for instance when ./config.status config.h +if test -n "\$CONFIG_FILES"; then + # Protect against being on the right side of a sed subst in config.status. + sed 's/,@/@@/; s/@,/@@/; s/,;t t\$/@;t t/; /@;t t\$/s/[\\\\&,]/\\\\&/g; + s/@@/,@/; s/@@/@,/; s/@;t t\$/,;t t/' >\$tmp/subs.sed <<\\CEOF +s,@SHELL@,$SHELL,;t t +s,@PATH_SEPARATOR@,$PATH_SEPARATOR,;t t +s,@PACKAGE_NAME@,$PACKAGE_NAME,;t t +s,@PACKAGE_TARNAME@,$PACKAGE_TARNAME,;t t +s,@PACKAGE_VERSION@,$PACKAGE_VERSION,;t t +s,@PACKAGE_STRING@,$PACKAGE_STRING,;t t +s,@PACKAGE_BUGREPORT@,$PACKAGE_BUGREPORT,;t t +s,@exec_prefix@,$exec_prefix,;t t +s,@prefix@,$prefix,;t t +s,@program_transform_name@,$program_transform_name,;t t +s,@bindir@,$bindir,;t t +s,@sbindir@,$sbindir,;t t +s,@libexecdir@,$libexecdir,;t t +s,@datadir@,$datadir,;t t +s,@sysconfdir@,$sysconfdir,;t t +s,@sharedstatedir@,$sharedstatedir,;t t +s,@localstatedir@,$localstatedir,;t t +s,@libdir@,$libdir,;t t +s,@includedir@,$includedir,;t t +s,@oldincludedir@,$oldincludedir,;t t +s,@infodir@,$infodir,;t t +s,@mandir@,$mandir,;t t +s,@build_alias@,$build_alias,;t t +s,@host_alias@,$host_alias,;t t +s,@target_alias@,$target_alias,;t t +s,@DEFS@,$DEFS,;t t +s,@ECHO_C@,$ECHO_C,;t t +s,@ECHO_N@,$ECHO_N,;t t +s,@ECHO_T@,$ECHO_T,;t t +s,@LIBS@,$LIBS,;t t +s,@CC@,$CC,;t t +s,@CFLAGS@,$CFLAGS,;t t +s,@LDFLAGS@,$LDFLAGS,;t t +s,@CPPFLAGS@,$CPPFLAGS,;t t +s,@ac_ct_CC@,$ac_ct_CC,;t t +s,@EXEEXT@,$EXEEXT,;t t +s,@OBJEXT@,$OBJEXT,;t t +s,@SIGNZONE_PROG@,$SIGNZONE_PROG,;t t +s,@CPP@,$CPP,;t t +s,@EGREP@,$EGREP,;t t +s,@LIBOBJS@,$LIBOBJS,;t t +s,@LTLIBOBJS@,$LTLIBOBJS,;t t +CEOF + +_ACEOF + + cat >>$CONFIG_STATUS <<\_ACEOF + # Split the substitutions into bite-sized pieces for seds with + # small command number limits, like on Digital OSF/1 and HP-UX. + ac_max_sed_lines=48 + ac_sed_frag=1 # Number of current file. + ac_beg=1 # First line for current file. + ac_end=$ac_max_sed_lines # Line after last line for current file. + ac_more_lines=: + ac_sed_cmds= + while $ac_more_lines; do + if test $ac_beg -gt 1; then + sed "1,${ac_beg}d; ${ac_end}q" $tmp/subs.sed >$tmp/subs.frag + else + sed "${ac_end}q" $tmp/subs.sed >$tmp/subs.frag + fi + if test ! -s $tmp/subs.frag; then + ac_more_lines=false + else + # The purpose of the label and of the branching condition is to + # speed up the sed processing (if there are no `@' at all, there + # is no need to browse any of the substitutions). + # These are the two extra sed commands mentioned above. + (echo ':t + /@[a-zA-Z_][a-zA-Z_0-9]*@/!b' && cat $tmp/subs.frag) >$tmp/subs-$ac_sed_frag.sed + if test -z "$ac_sed_cmds"; then + ac_sed_cmds="sed -f $tmp/subs-$ac_sed_frag.sed" + else + ac_sed_cmds="$ac_sed_cmds | sed -f $tmp/subs-$ac_sed_frag.sed" + fi + ac_sed_frag=`expr $ac_sed_frag + 1` + ac_beg=$ac_end + ac_end=`expr $ac_end + $ac_max_sed_lines` + fi + done + if test -z "$ac_sed_cmds"; then + ac_sed_cmds=cat + fi +fi # test -n "$CONFIG_FILES" + +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF +for ac_file in : $CONFIG_FILES; do test "x$ac_file" = x: && continue + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case $ac_file in + - | *:- | *:-:* ) # input from stdin + cat >$tmp/stdin + ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + * ) ac_file_in=$ac_file.in ;; + esac + + # Compute @srcdir@, @top_srcdir@, and @INSTALL@ for subdirectories. + ac_dir=`(dirname "$ac_file") 2>/dev/null || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + { if $as_mkdir_p; then + mkdir -p "$ac_dir" + else + as_dir="$ac_dir" + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 +echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} + { (exit 1); exit 1; }; }; } + + ac_builddir=. + +if test "$ac_dir" != .; then + ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` + # A "../" for each directory in $ac_dir_suffix. + ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'` +else + ac_dir_suffix= ac_top_builddir= +fi + +case $srcdir in + .) # No --srcdir option. We are building in place. + ac_srcdir=. + if test -z "$ac_top_builddir"; then + ac_top_srcdir=. + else + ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'` + fi ;; + [\\/]* | ?:[\\/]* ) # Absolute path. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir ;; + *) # Relative path. + ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_builddir$srcdir ;; +esac + +# Do not use `cd foo && pwd` to compute absolute paths, because +# the directories may not exist. +case `pwd` in +.) ac_abs_builddir="$ac_dir";; +*) + case "$ac_dir" in + .) ac_abs_builddir=`pwd`;; + [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";; + *) ac_abs_builddir=`pwd`/"$ac_dir";; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_builddir=${ac_top_builddir}.;; +*) + case ${ac_top_builddir}. in + .) ac_abs_top_builddir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;; + *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_srcdir=$ac_srcdir;; +*) + case $ac_srcdir in + .) ac_abs_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;; + *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_srcdir=$ac_top_srcdir;; +*) + case $ac_top_srcdir in + .) ac_abs_top_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;; + *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;; + esac;; +esac + + + + if test x"$ac_file" != x-; then + { echo "$as_me:$LINENO: creating $ac_file" >&5 +echo "$as_me: creating $ac_file" >&6;} + rm -f "$ac_file" + fi + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + if test x"$ac_file" = x-; then + configure_input= + else + configure_input="$ac_file. " + fi + configure_input=$configure_input"Generated from `echo $ac_file_in | + sed 's,.*/,,'` by configure." + + # First look for the input files in the build tree, otherwise in the + # src tree. + ac_file_inputs=`IFS=: + for f in $ac_file_in; do + case $f in + -) echo $tmp/stdin ;; + [\\/$]*) + # Absolute (can't be DOS-style, as IFS=:) + test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + echo "$f";; + *) # Relative + if test -f "$f"; then + # Build tree + echo "$f" + elif test -f "$srcdir/$f"; then + # Source tree + echo "$srcdir/$f" + else + # /dev/null tree + { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + fi;; + esac + done` || { (exit 1); exit 1; } +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF + sed "$ac_vpsub +$extrasub +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF +:t +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +s,@configure_input@,$configure_input,;t t +s,@srcdir@,$ac_srcdir,;t t +s,@abs_srcdir@,$ac_abs_srcdir,;t t +s,@top_srcdir@,$ac_top_srcdir,;t t +s,@abs_top_srcdir@,$ac_abs_top_srcdir,;t t +s,@builddir@,$ac_builddir,;t t +s,@abs_builddir@,$ac_abs_builddir,;t t +s,@top_builddir@,$ac_top_builddir,;t t +s,@abs_top_builddir@,$ac_abs_top_builddir,;t t +" $ac_file_inputs | (eval "$ac_sed_cmds") >$tmp/out + rm -f $tmp/stdin + if test x"$ac_file" != x-; then + mv $tmp/out $ac_file + else + cat $tmp/out + rm -f $tmp/out + fi + +done +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF + +# +# CONFIG_HEADER section. +# + +# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where +# NAME is the cpp macro being defined and VALUE is the value it is being given. +# +# ac_d sets the value in "#define NAME VALUE" lines. +ac_dA='s,^\([ ]*\)#\([ ]*define[ ][ ]*\)' +ac_dB='[ ].*$,\1#\2' +ac_dC=' ' +ac_dD=',;t' +# ac_u turns "#undef NAME" without trailing blanks into "#define NAME VALUE". +ac_uA='s,^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' +ac_uB='$,\1#\2define\3' +ac_uC=' ' +ac_uD=',;t' + +for ac_file in : $CONFIG_HEADERS; do test "x$ac_file" = x: && continue + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case $ac_file in + - | *:- | *:-:* ) # input from stdin + cat >$tmp/stdin + ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + * ) ac_file_in=$ac_file.in ;; + esac + + test x"$ac_file" != x- && { echo "$as_me:$LINENO: creating $ac_file" >&5 +echo "$as_me: creating $ac_file" >&6;} + + # First look for the input files in the build tree, otherwise in the + # src tree. + ac_file_inputs=`IFS=: + for f in $ac_file_in; do + case $f in + -) echo $tmp/stdin ;; + [\\/$]*) + # Absolute (can't be DOS-style, as IFS=:) + test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + # Do quote $f, to prevent DOS paths from being IFS'd. + echo "$f";; + *) # Relative + if test -f "$f"; then + # Build tree + echo "$f" + elif test -f "$srcdir/$f"; then + # Source tree + echo "$srcdir/$f" + else + # /dev/null tree + { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + fi;; + esac + done` || { (exit 1); exit 1; } + # Remove the trailing spaces. + sed 's/[ ]*$//' $ac_file_inputs >$tmp/in + +_ACEOF + +# Transform confdefs.h into two sed scripts, `conftest.defines' and +# `conftest.undefs', that substitutes the proper values into +# config.h.in to produce config.h. The first handles `#define' +# templates, and the second `#undef' templates. +# And first: Protect against being on the right side of a sed subst in +# config.status. Protect against being in an unquoted here document +# in config.status. +rm -f conftest.defines conftest.undefs +# Using a here document instead of a string reduces the quoting nightmare. +# Putting comments in sed scripts is not portable. +# +# `end' is used to avoid that the second main sed command (meant for +# 0-ary CPP macros) applies to n-ary macro definitions. +# See the Autoconf documentation for `clear'. +cat >confdef2sed.sed <<\_ACEOF +s/[\\&,]/\\&/g +s,[\\$`],\\&,g +t clear +: clear +s,^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*\)\(([^)]*)\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1\2${ac_dC}\3${ac_dD},gp +t end +s,^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD},gp +: end +_ACEOF +# If some macros were called several times there might be several times +# the same #defines, which is useless. Nevertheless, we may not want to +# sort them, since we want the *last* AC-DEFINE to be honored. +uniq confdefs.h | sed -n -f confdef2sed.sed >conftest.defines +sed 's/ac_d/ac_u/g' conftest.defines >conftest.undefs +rm -f confdef2sed.sed + +# This sed command replaces #undef with comments. This is necessary, for +# example, in the case of _POSIX_SOURCE, which is predefined and required +# on some systems where configure will not decide to define it. +cat >>conftest.undefs <<\_ACEOF +s,^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*,/* & */, +_ACEOF + +# Break up conftest.defines because some shells have a limit on the size +# of here documents, and old seds have small limits too (100 cmds). +echo ' # Handle all the #define templates only if necessary.' >>$CONFIG_STATUS +echo ' if grep "^[ ]*#[ ]*define" $tmp/in >/dev/null; then' >>$CONFIG_STATUS +echo ' # If there are no defines, we may have an empty if/fi' >>$CONFIG_STATUS +echo ' :' >>$CONFIG_STATUS +rm -f conftest.tail +while grep . conftest.defines >/dev/null +do + # Write a limited-size here document to $tmp/defines.sed. + echo ' cat >$tmp/defines.sed <<CEOF' >>$CONFIG_STATUS + # Speed up: don't consider the non `#define' lines. + echo '/^[ ]*#[ ]*define/!b' >>$CONFIG_STATUS + # Work around the forget-to-reset-the-flag bug. + echo 't clr' >>$CONFIG_STATUS + echo ': clr' >>$CONFIG_STATUS + sed ${ac_max_here_lines}q conftest.defines >>$CONFIG_STATUS + echo 'CEOF + sed -f $tmp/defines.sed $tmp/in >$tmp/out + rm -f $tmp/in + mv $tmp/out $tmp/in +' >>$CONFIG_STATUS + sed 1,${ac_max_here_lines}d conftest.defines >conftest.tail + rm -f conftest.defines + mv conftest.tail conftest.defines +done +rm -f conftest.defines +echo ' fi # grep' >>$CONFIG_STATUS +echo >>$CONFIG_STATUS + +# Break up conftest.undefs because some shells have a limit on the size +# of here documents, and old seds have small limits too (100 cmds). +echo ' # Handle all the #undef templates' >>$CONFIG_STATUS +rm -f conftest.tail +while grep . conftest.undefs >/dev/null +do + # Write a limited-size here document to $tmp/undefs.sed. + echo ' cat >$tmp/undefs.sed <<CEOF' >>$CONFIG_STATUS + # Speed up: don't consider the non `#undef' + echo '/^[ ]*#[ ]*undef/!b' >>$CONFIG_STATUS + # Work around the forget-to-reset-the-flag bug. + echo 't clr' >>$CONFIG_STATUS + echo ': clr' >>$CONFIG_STATUS + sed ${ac_max_here_lines}q conftest.undefs >>$CONFIG_STATUS + echo 'CEOF + sed -f $tmp/undefs.sed $tmp/in >$tmp/out + rm -f $tmp/in + mv $tmp/out $tmp/in +' >>$CONFIG_STATUS + sed 1,${ac_max_here_lines}d conftest.undefs >conftest.tail + rm -f conftest.undefs + mv conftest.tail conftest.undefs +done +rm -f conftest.undefs + +cat >>$CONFIG_STATUS <<\_ACEOF + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + if test x"$ac_file" = x-; then + echo "/* Generated by configure. */" >$tmp/config.h + else + echo "/* $ac_file. Generated by configure. */" >$tmp/config.h + fi + cat $tmp/in >>$tmp/config.h + rm -f $tmp/in + if test x"$ac_file" != x-; then + if diff $ac_file $tmp/config.h >/dev/null 2>&1; then + { echo "$as_me:$LINENO: $ac_file is unchanged" >&5 +echo "$as_me: $ac_file is unchanged" >&6;} + else + ac_dir=`(dirname "$ac_file") 2>/dev/null || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + { if $as_mkdir_p; then + mkdir -p "$ac_dir" + else + as_dir="$ac_dir" + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 +echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} + { (exit 1); exit 1; }; }; } + + rm -f $ac_file + mv $tmp/config.h $ac_file + fi + else + cat $tmp/config.h + rm -f $tmp/config.h + fi +done +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF + +{ (exit 0); exit 0; } +_ACEOF +chmod +x $CONFIG_STATUS +ac_clean_files=$ac_clean_files_save + + +# configure is writing to config.log, and then calls config.status. +# config.status does its own redirection, appending to config.log. +# Unfortunately, on DOS this fails, as config.log is still kept open +# by configure, so config.status won't be able to write to it; its +# output is simply discarded. So we exec the FD to /dev/null, +# effectively closing config.log, so it can be properly (re)opened and +# appended to by config.status. When coming back to configure, we +# need to make the FD available again. +if test "$no_create" != yes; then + ac_cs_success=: + ac_config_status_args= + test "$silent" = yes && + ac_config_status_args="$ac_config_status_args --quiet" + exec 5>/dev/null + $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false + exec 5>>config.log + # Use ||, not &&, to avoid exiting from the if with $? = 1, which + # would make configure fail if this is the last instruction. + $ac_cs_success || { (exit 1); exit 1; } +fi + diff --git a/contrib/zkt/debug.h b/contrib/zkt/debug.h new file mode 100644 index 0000000..e0c47dc --- /dev/null +++ b/contrib/zkt/debug.h @@ -0,0 +1,66 @@ +/***************************************************************** +** +** @(#) debug.h -- macros for debug messages +** +** compile with cc -DDBG to activate +** +** Copyright (c) Jan 2005, Holger Zuleger HZnet. All rights reserved. +** +** This software is open source. +** +** Redistribution and use in source and binary forms, with or without +** modification, are permitted provided that the following conditions +** are met: +** +** Redistributions of source code must retain the above copyright notice, +** this list of conditions and the following disclaimer. +** +** Redistributions in binary form must reproduce the above copyright notice, +** this list of conditions and the following disclaimer in the documentation +** and/or other materials provided with the distribution. +** +** Neither the name of Holger Zuleger HZnet nor the names of its contributors may +** be used to endorse or promote products derived from this software without +** specific prior written permission. +** +** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +** POSSIBILITY OF SUCH DAMAGE. +** +*****************************************************************/ +#ifndef DEBUG_H +# define DEBUG_H + +# ifdef DBG +# define dbg_line() fprintf (stderr, "DBG: %s(%d) reached\n", __FILE__, __LINE__) +# define dbg_msg(msg) fprintf (stderr, "DBG: %s(%d) %s\n", __FILE__, __LINE__, msg) +# define dbg_val0(text) fprintf (stderr, "DBG: %s(%d) %s", __FILE__, __LINE__, text) +# define dbg_val1(fmt, var) dbg_val (fmt, var) +# define dbg_val(fmt, var) fprintf (stderr, "DBG: %s(%d) " fmt, __FILE__, __LINE__, var) +# define dbg_val2(fmt, v1, v2) fprintf (stderr, "DBG: %s(%d) " fmt, __FILE__, __LINE__, v1, v2) +# define dbg_val3(fmt, v1, v2, v3) fprintf (stderr, "DBG: %s(%d) " fmt, __FILE__, __LINE__, v1, v2, v3) +# define dbg_val4(fmt, v1, v2, v3, v4) fprintf (stderr, "DBG: %s(%d) " fmt, __FILE__, __LINE__, v1, v2, v3, v4) +# define dbg_val5(fmt, v1, v2, v3, v4, v5) fprintf (stderr, "DBG: %s(%d) " fmt, __FILE__, __LINE__, v1, v2, v3, v4, v5) +# define dbg_val6(fmt, v1, v2, v3, v4, v5, v6) fprintf (stderr, "DBG: %s(%d) " fmt, __FILE__, __LINE__, v1, v2, v3, v4, v5, v6) +# else +# define dbg_line() +# define dbg_msg(msg) +# define dbg_val0(text) +# define dbg_val1(fmt, var) +# define dbg_val(fmt, str) +# define dbg_val2(fmt, v1, v2) +# define dbg_val3(fmt, v1, v2, v3) +# define dbg_val4(fmt, v1, v2, v3, v4) +# define dbg_val5(fmt, v1, v2, v3, v4, v5) +# define dbg_val6(fmt, v1, v2, v3, v4, v5, v6) +# endif + +#endif diff --git a/contrib/zkt/dki.c b/contrib/zkt/dki.c new file mode 100644 index 0000000..81498ae --- /dev/null +++ b/contrib/zkt/dki.c @@ -0,0 +1,1185 @@ +/***************************************************************** +** +** @(#) dki.c (c) Jan 2005 Holger Zuleger hznet.de +** +** A library for managing BIND dnssec key files. +** +** Copyright (c) Jan 2005, Holger Zuleger HZnet. All rights reserved. +** +** This software is open source. +** +** Redistribution and use in source and binary forms, with or without +** modification, are permitted provided that the following conditions +** are met: +** +** Redistributions of source code must retain the above copyright notice, +** this list of conditions and the following disclaimer. +** +** Redistributions in binary form must reproduce the above copyright notice, +** this list of conditions and the following disclaimer in the documentation +** and/or other materials provided with the distribution. +** +** Neither the name of Holger Zuleger HZnet nor the names of its contributors may +** be used to endorse or promote products derived from this software without +** specific prior written permission. +** +** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +** POSSIBILITY OF SUCH DAMAGE. +** +** +*****************************************************************/ + +# include <stdio.h> +# include <string.h> +# include <ctype.h> /* tolower(), ... */ +# include <unistd.h> /* link(), unlink(), ... */ +# include <stdlib.h> +# include <sys/types.h> +# include <sys/time.h> +# include <sys/stat.h> +# include <dirent.h> +# include <assert.h> +#ifdef HAVE_CONFIG_H +# include <config.h> +#endif +# include "config_zkt.h" +# include "debug.h" +# include "domaincmp.h" +# include "misc.h" +# include "zconf.h" +#define extern +# include "dki.h" +#undef extern + +/***************************************************************** +** private (static) function declaration and definition +*****************************************************************/ +static char dki_estr[255+1]; + +static dki_t *dki_alloc () +{ + dki_estr[0] = '\0'; + dki_t *dkp = malloc (sizeof (dki_t)); + + if ( (dkp = malloc (sizeof (dki_t))) ) + { + memset (dkp, 0, sizeof (dki_t)); + return dkp; + } + + snprintf (dki_estr, sizeof (dki_estr), + "dki_alloc: Out of memory"); + return NULL; +} + +static int dki_readfile (FILE *fp, dki_t *dkp) +{ + int algo, flags, type; + int c; + char *p; + char buf[4095+1]; + char tag[25+1]; + char val[14+1]; /* e.g. "YYYYMMDDhhmmss" | "60d" */ + + assert (dkp != NULL); + assert (fp != NULL); + + while ( (c = getc (fp)) == ';' ) /* line start with comment ? */ + { + tag[0] = val[0] = '\0'; + if ( (c = getc (fp)) == '%' ) /* special comment? */ + { + while ( (c = getc (fp)) == ' ' || c == '\t' ) + ; + ungetc (c, fp); + /* then try to read in the creation, expire and lifetime */ + if ( fscanf (fp, "%25[a-zA-Z]=%14s", tag, val) == 2 ) + { + dbg_val2 ("dki_readfile: tag=%s val=%s \n", tag, val); + switch ( tolower (tag[0]) ) + { + case 'g': dkp->gentime = timestr2time (val); break; + case 'e': dkp->exptime = timestr2time (val); break; + case 'l': dkp->lifetime = atoi (val) * DAYSEC; break; + } + } + } + else + ungetc (c, fp); + while ( (c = getc (fp)) != EOF && c != '\n' ) /* eat up rest of the line */ + ; + } + ungetc (c, fp); /* push back last char */ + + if ( fscanf (fp, "%4095s", buf) != 1 ) /* read label */ + return -1; + + if ( strcmp (buf, dkp->name) != 0 ) + return -2; + +#if defined(TTL_IN_KEYFILE_ALLOWED) && TTL_IN_KEYFILE_ALLOWED + /* skip optional TTL value */ + while ( (c = getc (fp)) != EOF && isspace (c) ) /* skip spaces */ + ; + if ( isdigit (c) ) /* skip ttl */ + fscanf (fp, "%*d"); + else + ungetc (c, fp); /* oops, no ttl */ +#endif + + if ( (c = fscanf (fp, " IN DNSKEY %d %d %d", &flags, &type, &algo)) != 3 && + (c = fscanf (fp, "KEY %d %d %d", &flags, &type, &algo)) != 3 ) + return -3; + if ( type != 3 || algo != dkp->algo ) + return -4; /* no DNSKEY or algorithm mismatch */ + if ( ((flags >> 8) & 0xFF) != 01 ) + return -5; /* no ZONE key */ + dkp->flags = flags; + + if ( fgets (buf, sizeof buf, fp) == NULL || buf[0] == '\0' ) + return -6; + p = buf + strlen (buf); + *--p = '\0'; /* delete trailing \n */ + /* delete leading ws */ + for ( p = buf; *p && isspace (*p); p++ ) + ; + + dkp->pubkey = strdup (p); + + return 0; +} + +static int dki_writeinfo (const dki_t *dkp, const char *path) +{ + FILE *fp; + + assert (dkp != NULL); + assert (path != NULL && path[0] != '\0'); + + if ( (fp = fopen (path, "w")) == NULL ) + return 0; + dbg_val1 ("dki_writeinfo %s\n", path); + if ( dki_prt_dnskey_raw (dkp, fp) == 0 ) + return 0; + fclose (fp); + touch (path, dkp->time); /* restore time of key file */ + + return 1; +} + +static int dki_setstat (dki_t *dkp, int status, int preserve_time); + +/***************************************************************** +** public function definition +*****************************************************************/ + +/***************************************************************** +** dki_free () +*****************************************************************/ +void dki_free (dki_t *dkp) +{ + assert (dkp != NULL); + + if ( dkp->pubkey ) + free (dkp->pubkey); + free (dkp); +} + +/***************************************************************** +** dki_freelist () +*****************************************************************/ +void dki_freelist (dki_t **listp) +{ + dki_t *curr; + dki_t *next; + + assert (listp != NULL); + + curr = *listp; + while ( curr ) + { + next = curr->next; + dki_free (curr); + curr = next; + } + if ( *listp ) + *listp = NULL; +} + +#if defined(USE_TREE) && USE_TREE +/***************************************************************** +** dki_tfree () +*****************************************************************/ +void dki_tfree (dki_t **tree) +{ + assert (tree != NULL); + // TODO: tdestroy is a GNU extension + // tdestroy (*tree, dki_free); +} +#endif + +/***************************************************************** +** dki_new () +** create new keyfile +** allocate memory for new dki key and init with keyfile +*****************************************************************/ +dki_t *dki_new (const char *dir, const char *name, int ksk, int algo, int bitsize, const char *rfile, int lf_days) +{ + char cmdline[511+1]; + char fname[254+1]; + char randfile[254+1]; + FILE *fp; + int len; + char *flag = ""; + char *expflag = ""; + dki_t *new; + + if ( ksk ) + flag = "-f KSK"; + + randfile[0] = '\0'; + if ( rfile && *rfile ) + snprintf (randfile, sizeof (randfile), "-r %.250s ", rfile); + + if ( algo == DK_ALGO_RSA || algo == DK_ALGO_RSASHA1 ) + expflag = "-e "; + + if ( dir && *dir ) + snprintf (cmdline, sizeof (cmdline), "cd %s ; %s %s%s-n ZONE -a %s -b %d %s %s", + dir, KEYGENCMD, randfile, expflag, dki_algo2str(algo), bitsize, flag, name); + else + snprintf (cmdline, sizeof (cmdline), "%s %s%s-n ZONE -a %s -b %d %s %s", + KEYGENCMD, randfile, expflag, dki_algo2str(algo), bitsize, flag, name); + + dbg_msg (cmdline); + + if ( (fp = popen (cmdline, "r")) == NULL || fgets (fname, sizeof fname, fp) == NULL ) + return NULL; + pclose (fp); + + len = strlen (fname) - 1; + if ( len >= 0 && fname[len] == '\n' ) + fname[len] = '\0'; + + new = dki_read (dir, fname); + if ( new ) + dki_setlifetime (new, lf_days); /* sets gentime + proposed lifetime */ + + return new; +} + +/***************************************************************** +** dki_read () +** read key from file 'filename' (independed of the extension) +*****************************************************************/ +dki_t *dki_read (const char *dirname, const char *filename) +{ + dki_t *dkp; + FILE *fp; + struct stat st; + int len; + int err; + char fname[MAX_FNAMESIZE+1]; + char path[MAX_PATHSIZE+1]; + + dki_estr[0] = '\0'; + if ( (dkp = dki_alloc ()) == NULL ) + return (NULL); + + len = sizeof (fname) - 1; + fname[len] = '\0'; + strncpy (fname, filename, len); + + len = strlen (fname); /* delete extension */ + if ( len > 4 && strcmp (&fname[len - 4], DKI_KEY_FILEEXT) == 0 ) + fname[len - 4] = '\0'; + else if ( len > 10 && strcmp (&fname[len - 10], DKI_PUB_FILEEXT) == 0 ) + fname[len - 10] = '\0'; + else if ( len > 8 && strcmp (&fname[len - 8], DKI_ACT_FILEEXT) == 0 ) + fname[len - 8] = '\0'; + else if ( len > 12 && strcmp (&fname[len - 12], DKI_DEP_FILEEXT) == 0 ) + fname[len - 12] = '\0'; + dbg_line (); + + assert (strlen (dirname)+1 < sizeof (dkp->dname)); + strcpy (dkp->dname, dirname); + + assert (strlen (fname)+1 < sizeof (dkp->fname)); + strcpy (dkp->fname, fname); + dbg_line (); + if ( sscanf (fname, "K%254[^+]+%hd+%d", dkp->name, &dkp->algo, &dkp->tag) != 3 ) + { + snprintf (dki_estr, sizeof (dki_estr), + "dki_read: Filename don't match expected format (%s)", fname); + return (NULL); + } + + pathname (path, sizeof (path), dkp->dname, dkp->fname, DKI_KEY_FILEEXT); + dbg_val ("dki_read: path \"%s\"\n", path); + if ( (fp = fopen (path, "r")) == NULL ) + { + snprintf (dki_estr, sizeof (dki_estr), + "dki_read: Can\'t open file \"%s\" for reading", path); + return (NULL); + } + + dbg_line (); + if ( (err = dki_readfile (fp, dkp)) != 0 ) + { + dbg_line (); + snprintf (dki_estr, sizeof (dki_estr), + "dki_read: Can\'t read key from file %s (errno %d)", path, err); + fclose (fp); + return (NULL); + } + + dbg_line (); + if ( fstat (fileno(fp), &st) ) + { + snprintf (dki_estr, sizeof (dki_estr), + "dki_read: Can\'t stat file %s", fname); + return (NULL); + } + dkp->time = st.st_mtime; + + dbg_line (); + pathname (path, sizeof (path), dkp->dname, dkp->fname, DKI_ACT_FILEEXT); + if ( fileexist (path) ) + { + if ( dki_isrevoked (dkp) ) + dkp->status = DKI_REV; + else + dkp->status = DKI_ACT; + } + else + { + pathname (path, sizeof (path), dkp->dname, dkp->fname, DKI_PUB_FILEEXT); + if ( fileexist (path) ) + dkp->status = DKI_PUB; + else + { + pathname (path, sizeof (path), dkp->dname, dkp->fname, DKI_DEP_FILEEXT); + if ( fileexist (path) ) + dkp->status = DKI_DEP; + else + dkp->status = DKI_SEP; + } + } + + dbg_line (); + fclose (fp); + + dbg_line (); + return dkp; +} + +/***************************************************************** +** dki_readdir () +** read key files from directory 'dir' and, if recursive is +** true, from all directorys below that. +*****************************************************************/ +int dki_readdir (const char *dir, dki_t **listp, int recursive) +{ + dki_t *dkp; + DIR *dirp; + struct dirent *dentp; + char path[MAX_PATHSIZE+1]; + + dbg_val ("directory: opendir(%s)\n", dir); + if ( (dirp = opendir (dir)) == NULL ) + return 0; + + while ( (dentp = readdir (dirp)) != NULL ) + { + if ( is_dotfile (dentp->d_name) ) + continue; + + dbg_val ("directory: check %s\n", dentp->d_name); + pathname (path, sizeof (path), dir, dentp->d_name, NULL); + if ( is_directory (path) && recursive ) + { + dbg_val ("directory: recursive %s\n", path); + dki_readdir (path, listp, recursive); + } + else if ( is_keyfilename (dentp->d_name) ) + if ( (dkp = dki_read (dir, dentp->d_name)) ) + dki_add (listp, dkp); + } + closedir (dirp); + return 1; +} + +/***************************************************************** +** dki_setstatus_preservetime () +** set status of key and change extension to +** ".published", ".private" or ".depreciated" +*****************************************************************/ +int dki_setstatus_preservetime (dki_t *dkp, int status) +{ + return dki_setstat (dkp, status, 1); +} + +/***************************************************************** +** dki_setstatus () +** set status of key and change extension to +** ".published", ".private" or ".depreciated" +*****************************************************************/ +int dki_setstatus (dki_t *dkp, int status) +{ + return dki_setstat (dkp, status, 0); +} + +/***************************************************************** +** dki_setstat () +** low level function of dki_setstatus and dki_setstatus_preservetime +*****************************************************************/ +static int dki_setstat (dki_t *dkp, int status, int preserve_time) +{ + char frompath[MAX_PATHSIZE+1]; + char topath[MAX_PATHSIZE+1]; + time_t totime; + time_t currtime; + + if ( dkp == NULL ) + return 0; + + currtime = time (NULL); + status = tolower (status); + switch ( dkp->status ) /* look at old status */ + { + case 'r': + if ( status == 'r' ) + return 1; + break; + case 'a': + if ( status == 'a' ) + return 1; + pathname (frompath, sizeof (frompath), dkp->dname, dkp->fname, DKI_ACT_FILEEXT); + break; + case 'd': + if ( status == 'd' ) + return 1; + pathname (frompath, sizeof (frompath), dkp->dname, dkp->fname, DKI_DEP_FILEEXT); + break; + case 'p': /* or 's' */ + if ( status == 'p' || status == 's' ) + return 1; + pathname (frompath, sizeof (frompath), dkp->dname, dkp->fname, DKI_PUB_FILEEXT); + break; + default: + /* TODO: set error code */ + return 0; + } + + dbg_val ("dki_setstat: \"%s\"\n", frompath); + dbg_val ("dki_setstat: to status \"%c\"\n", status); + + /* a state change could result in different things: */ + /* 1) write a new keyfile when the REVOKE bit is set or unset */ + if ( status == 'r' || (status == 'a' && dki_isrevoked (dkp)) ) + { + pathname (topath, sizeof (topath), dkp->dname, dkp->fname, DKI_KEY_FILEEXT); + + if ( status == 'r' ) + dki_setflag (dkp, DK_FLAG_REVOKE); /* set REVOKE bit */ + else + dki_unsetflag (dkp, DK_FLAG_REVOKE); /* clear REVOKE bit */ + + + dki_writeinfo (dkp, topath); /* ..and write it to the key file */ + + if ( !preserve_time ) + touch (topath, time (NULL)); + + return 0; + } + + + /* 2) change the filename of the private key in all other cases */ + totime = 0L; + if ( preserve_time ) + totime = file_mtime (frompath); /* get original timestamp */ + topath[0] = '\0'; + switch ( status ) + { + case 'a': + pathname (topath, sizeof (topath), dkp->dname, dkp->fname, DKI_ACT_FILEEXT); + break; + case 'd': + pathname (topath, sizeof (topath), dkp->dname, dkp->fname, DKI_DEP_FILEEXT); + break; + case 's': /* standby means a "published KSK" */ + if ( !dki_isksk (dkp) ) + return 2; + status = 'p'; + /* fall through */ + case 'p': + pathname (topath, sizeof (topath), dkp->dname, dkp->fname, DKI_PUB_FILEEXT); + break; + } + + if ( topath[0] ) + { + dbg_val ("dki_setstat: to \"%s\"\n", topath); + if ( link (frompath, topath) == 0 ) + unlink (frompath); + dkp->status = status; + if ( !totime ) + totime = time (NULL); /* set .key file to current time */ + pathname (topath, sizeof (topath), dkp->dname, dkp->fname, DKI_KEY_FILEEXT); + touch (topath, totime); /* store/restore time of status change */ + } + + return 0; +} + +/***************************************************************** +** dki_remove () +** rename files associated with key, so that the keys are not +** recognized by the zkt tools e.g. +** Kdo.ma.in.+001+12345.key ==> kdo.ma.in.+001+12345.key +** (second one starts with a lower case 'k') +*****************************************************************/ +dki_t *dki_remove (dki_t *dkp) +{ + char path[MAX_PATHSIZE+1]; + char newpath[MAX_PATHSIZE+1]; + char newfile[MAX_FNAMESIZE+1]; + dki_t *next; + const char **pext; + static const char *ext[] = { + DKI_KEY_FILEEXT, DKI_PUB_FILEEXT, + DKI_ACT_FILEEXT, DKI_DEP_FILEEXT, + NULL + }; + + if ( dkp == NULL ) + return NULL; + + strncpy (newfile, dkp->fname, sizeof (newfile)); + *newfile = tolower (*newfile); + for ( pext = ext; *pext; pext++ ) + { + pathname (path, sizeof (path), dkp->dname, dkp->fname, *pext); + if ( fileexist (path) ) + { + pathname (newpath, sizeof (newpath), dkp->dname, newfile, *pext); + + dbg_val2 ("dki_remove: %s ==> %s \n", path, newpath); + rename (path, newpath); + } + } + next = dkp->next; + dki_free (dkp); + + return next; +} + +/***************************************************************** +** dki_destroy () +** delete files associated with key and free allocated memory +*****************************************************************/ +dki_t *dki_destroy (dki_t *dkp) +{ + char path[MAX_PATHSIZE+1]; + dki_t *next; + const char **pext; + static const char *ext[] = { + DKI_KEY_FILEEXT, DKI_PUB_FILEEXT, + DKI_ACT_FILEEXT, DKI_DEP_FILEEXT, + NULL + }; + + if ( dkp == NULL ) + return NULL; + + for ( pext = ext; *pext; pext++ ) + { + pathname (path, sizeof (path), dkp->dname, dkp->fname, *pext); + if ( fileexist (path) ) + { + dbg_val ("dki_remove: %s \n", path); + unlink (path); + } + } + next = dkp->next; + dki_free (dkp); + + return next; +} + +/***************************************************************** +** dki_algo2str () +** return a string describing the key algorithm +*****************************************************************/ +char *dki_algo2str (int algo) +{ + switch ( algo ) + { + case DK_ALGO_RSA: return ("RSAMD5"); + case DK_ALGO_DH: return ("DH"); + case DK_ALGO_DSA: return ("DSA"); + case DK_ALGO_EC: return ("EC"); + case DK_ALGO_RSASHA1: return ("RSASHA1"); + } + return ("unknown"); +} + +/***************************************************************** +** dki_geterrstr () +** return error string +*****************************************************************/ +const char *dki_geterrstr () +{ + return dki_estr; +} + +/***************************************************************** +** dki_prt_dnskey () +*****************************************************************/ +int dki_prt_dnskey (const dki_t *dkp, FILE *fp) +{ + return dki_prt_dnskeyttl (dkp, fp, 0); +} + +/***************************************************************** +** dki_prt_dnskeyttl () +*****************************************************************/ +int dki_prt_dnskeyttl (const dki_t *dkp, FILE *fp, int ttl) +{ + char *p; + + dki_estr[0] = '\0'; + if ( dkp == NULL ) + return 0; + + fprintf (fp, "%s ", dkp->name); + if ( ttl > 0 ) + fprintf (fp, "%d ", ttl); + fprintf (fp, "IN DNSKEY "); + fprintf (fp, "%d 3 %d (", dkp->flags, dkp->algo); + fprintf (fp, "\n\t\t\t"); + for ( p = dkp->pubkey; *p ; p++ ) + if ( *p == ' ' ) + fprintf (fp, "\n\t\t\t"); + else + putc (*p, fp); + fprintf (fp, "\n\t\t"); + if ( dki_isrevoked (dkp) ) + fprintf (fp, ") ; key id = %u (original key id = %u)", (dkp->tag + 128) % 65535, dkp->tag); + else + fprintf (fp, ") ; key id = %u", dkp->tag); + fprintf (fp, "\n"); + + return 1; +} + +/***************************************************************** +** dki_prt_dnskey_raw () +*****************************************************************/ +int dki_prt_dnskey_raw (const dki_t *dkp, FILE *fp) +{ + int days; + + dki_estr[0] = '\0'; + if ( dkp == NULL ) + return 0; + + if ( dkp->gentime ) + fprintf (fp, ";%%\tgenerationtime=%s\n", time2isostr (dkp->gentime, 's')); + if ( (days = dki_lifetimedays (dkp)) ) + fprintf (fp, ";%%\tlifetime=%dd\n", days); + if ( dkp->exptime ) + fprintf (fp, ";%%\texpirationtime=%s\n", time2isostr (dkp->exptime, 's')); + + fprintf (fp, "%s ", dkp->name); +#if 0 + if ( ttl > 0 ) + fprintf (fp, "%d ", ttl); +#endif + fprintf (fp, "IN DNSKEY "); + fprintf (fp, "%d 3 %d ", dkp->flags, dkp->algo); + fprintf (fp, "%s\n", dkp->pubkey); + + return 1; +} + +/***************************************************************** +** dki_prt_comment () +*****************************************************************/ +int dki_prt_comment (const dki_t *dkp, FILE *fp) +{ + int len = 0; + + dki_estr[0] = '\0'; + if ( dkp == NULL ) + return len; + len += fprintf (fp, "; %s ", dkp->name); + len += fprintf (fp, "tag=%u ", dkp->tag); + len += fprintf (fp, "algo=%s ", dki_algo2str(dkp->algo)); + len += fprintf (fp, "generated %s\n", time2str (dkp->time, 's')); + + return len; +} + +/***************************************************************** +** dki_prt_trustedkey () +*****************************************************************/ +int dki_prt_trustedkey (const dki_t *dkp, FILE *fp) +{ + char *p; + int spaces; + int len = 0; + + dki_estr[0] = '\0'; + if ( dkp == NULL ) + return len; + len += fprintf (fp, "\"%s\" ", dkp->name); + spaces = 22 - (strlen (dkp->name) + 3); + len += fprintf (fp, "%*s", spaces > 0 ? spaces : 0 , " "); + len += fprintf (fp, "%d 3 %d ", dkp->flags, dkp->algo); + if ( spaces < 0 ) + len += fprintf (fp, "\n\t\t\t%7s", " "); + len += fprintf (fp, "\""); + for ( p = dkp->pubkey; *p ; p++ ) + if ( *p == ' ' ) + len += fprintf (fp, "\n\t\t\t\t"); + else + putc (*p, fp), len += 1; + + if ( dki_isrevoked (dkp) ) + len += fprintf (fp, "\" ; # key id = %u (original key id = %u)\n\n", (dkp->tag + 128) % 65535, dkp->tag); + else + len += fprintf (fp, "\" ; # key id = %u\n\n", dkp->tag); + return len; +} + + +/***************************************************************** +** dki_cmp () return <0 | 0 | >0 +*****************************************************************/ +int dki_cmp (const dki_t *a, const dki_t *b) +{ + int res; + + dki_estr[0] = '\0'; + if ( a == NULL ) return -1; + if ( b == NULL ) return 1; + + /* sort by domain name, */ + if ( (res = domaincmp (a->name, b->name)) != 0 ) + return res; + + /* then by key type, */ + if ( (res = dki_isksk (b) - dki_isksk (a)) != 0 ) + return res; + + /* and last by creation time, */ + return (ulong)a->time - (ulong)b->time; +} + +#if defined(USE_TREE) && USE_TREE +/***************************************************************** +** dki_allcmp () return <0 | 0 | >0 +*****************************************************************/ +int dki_allcmp (const dki_t *a, const dki_t *b) +{ + int res; + + dki_estr[0] = '\0'; + if ( a == NULL ) return -1; + if ( b == NULL ) return 1; + +// fprintf (stderr, "dki_allcmp %s, %s)\n", a->name, b->name); + /* sort by domain name, */ + if ( (res = domaincmp (a->name, b->name)) != 0 ) + return res; + + /* then by key type, */ + if ( (res = dki_isksk (b) - dki_isksk (a)) != 0 ) + return res; + + /* creation time, */ + if ( (res = (ulong)a->time - (ulong)b->time) != 0 ) + return res; + + /* and last by tag */ + return a->tag - b->tag; +} + +/***************************************************************** +** dki_namecmp () return <0 | 0 | >0 +*****************************************************************/ +int dki_namecmp (const dki_t *a, const dki_t *b) +{ + dki_estr[0] = '\0'; + if ( a == NULL ) return -1; + if ( b == NULL ) return 1; + + return domaincmp (a->name, b->name); +} +/***************************************************************** +** dki_tagcmp () return <0 | 0 | >0 +*****************************************************************/ +int dki_tagcmp (const dki_t *a, const dki_t *b) +{ + dki_estr[0] = '\0'; + if ( a == NULL ) return -1; + if ( b == NULL ) return 1; + + return a->tag - b->tag; +} +#endif + +/***************************************************************** +** dki_timecmp () +*****************************************************************/ +int dki_timecmp (const dki_t *a, const dki_t *b) +{ + dki_estr[0] = '\0'; + if ( a == NULL ) return -1; + if ( b == NULL ) return 1; + + return ((ulong)a->time - (ulong)b->time); +} + +/***************************************************************** +** dki_time () return the timestamp of the key +*****************************************************************/ +time_t dki_time (const dki_t *dkp) +{ + dki_estr[0] = '\0'; + assert (dkp != NULL); + return (dkp->time); +} + +/***************************************************************** +** dki_exptime () return the expiration timestamp of the key +*****************************************************************/ +time_t dki_exptime (const dki_t *dkp) +{ + dki_estr[0] = '\0'; + assert (dkp != NULL); + return (dkp->exptime); +} + +/***************************************************************** +** dki_lifetime (dkp) return the lifetime of the key in sec! +*****************************************************************/ +time_t dki_lifetime (const dki_t *dkp) +{ + dki_estr[0] = '\0'; + assert (dkp != NULL); + return (dkp->lifetime); +} + +/***************************************************************** +** dki_lifetimedays (dkp) return the lifetime of the key in days! +*****************************************************************/ +ushort dki_lifetimedays (const dki_t *dkp) +{ + dki_estr[0] = '\0'; + assert (dkp != NULL); + return (dkp->lifetime / DAYSEC); +} + +/***************************************************************** +** dki_gentime (dkp) return the generation timestamp of the key +*****************************************************************/ +time_t dki_gentime (const dki_t *dkp) +{ + dki_estr[0] = '\0'; + assert (dkp != NULL); + return (dkp->gentime > 0L ? dkp->gentime: dkp->time); +} + +/***************************************************************** +** dki_setlifetime (dkp, int days) +** set the lifetime in days (and also the gentime if not set) +** return the old lifetime of the key in days! +*****************************************************************/ +ushort dki_setlifetime (dki_t *dkp, int days) +{ + ulong lifetsec; + char path[MAX_PATHSIZE+1]; + + dki_estr[0] = '\0'; + assert (dkp != NULL); + + lifetsec = dkp->lifetime; /* old lifetime */ + dkp->lifetime = days * DAYSEC; /* set new lifetime */ + + dbg_val1 ("dki_setlifetime (%d)\n", days); + if ( lifetsec == 0 ) /* initial setup (old lifetime was zero)? */ + dkp->gentime = dkp->time; + + pathname (path, sizeof (path), dkp->dname, dkp->fname, DKI_KEY_FILEEXT); + dki_writeinfo (dkp, path); + + return (lifetsec / DAYSEC); +} + +/***************************************************************** +** dki_setexptime (dkp, time_t sec) +** set the expiration time of the key in seconds since the epoch +** return the old exptime +*****************************************************************/ +time_t dki_setexptime (dki_t *dkp, time_t sec) +{ + char path[MAX_PATHSIZE+1]; + time_t oldexptime; + + dki_estr[0] = '\0'; + assert (dkp != NULL); + + dbg_val1 ("dki_setexptime (%ld)\n", sec); + oldexptime = dkp->exptime; + dkp->exptime = sec; + + pathname (path, sizeof (path), dkp->dname, dkp->fname, DKI_KEY_FILEEXT); + dki_writeinfo (dkp, path); + +#if 0 /* not necessary ? */ + touch (path, time (NULL)); +#endif + return (oldexptime); +} + +/***************************************************************** +** dki_age () return age of key in seconds since 'curr' +*****************************************************************/ +int dki_age (const dki_t *dkp, time_t curr) +{ + dki_estr[0] = '\0'; + assert (dkp != NULL); + return ((ulong)curr - (ulong)dkp->time); +} + +/***************************************************************** +** dki_getflag () return the flags field of a key +*****************************************************************/ +dk_flag_t dki_getflag (const dki_t *dkp, time_t curr) +{ + dki_estr[0] = '\0'; + return dkp->flags; +} + +/***************************************************************** +** dki_setflag () set a flag of a key +*****************************************************************/ +dk_flag_t dki_setflag (dki_t *dkp, dk_flag_t flag) +{ + dki_estr[0] = '\0'; + return dkp->flags |= (ushort)flag; +} + +/***************************************************************** +** dki_unsetflag () unset a flag of a key +*****************************************************************/ +dk_flag_t dki_unsetflag (dki_t *dkp, dk_flag_t flag) +{ + dki_estr[0] = '\0'; + return dkp->flags &= ~((ushort)flag); +} + +/***************************************************************** +** dki_isksk () +*****************************************************************/ +int dki_isksk (const dki_t *dkp) +{ + dki_estr[0] = '\0'; + assert (dkp != NULL); + return (dkp->flags & DK_FLAG_KSK) == DK_FLAG_KSK; +} + +/***************************************************************** +** dki_isrevoked () +*****************************************************************/ +int dki_isrevoked (const dki_t *dkp) +{ + dki_estr[0] = '\0'; + assert (dkp != NULL); + return (dkp->flags & DK_FLAG_REVOKE) == DK_FLAG_REVOKE; +} + +/***************************************************************** +** dki_isdepreciated () +*****************************************************************/ +int dki_isdepreciated (const dki_t *dkp) +{ + dki_estr[0] = '\0'; + return dki_status (dkp) == DKI_DEPRECIATED; +} + +/***************************************************************** +** dki_isactive () +*****************************************************************/ +int dki_isactive (const dki_t *dkp) +{ + dki_estr[0] = '\0'; + return dki_status (dkp) == DKI_ACTIVE; +} + +/***************************************************************** +** dki_ispublished () +*****************************************************************/ +int dki_ispublished (const dki_t *dkp) +{ + dki_estr[0] = '\0'; + return dki_status (dkp) == DKI_PUBLISHED; +} + + +/***************************************************************** +** dki_status () return key status +*****************************************************************/ +dk_status_t dki_status (const dki_t *dkp) +{ + dki_estr[0] = '\0'; + assert (dkp != NULL); + return (dkp->status); +} + +/***************************************************************** +** dki_statusstr () return key status as string +*****************************************************************/ +const char *dki_statusstr (const dki_t *dkp) +{ + dki_estr[0] = '\0'; + assert (dkp != NULL); + switch ( dkp->status ) + { + case DKI_ACT: return "active"; + case DKI_PUB: if ( dki_isksk (dkp) ) + return "standby"; + else + return "published"; + case DKI_DEP: return "depreciated"; + case DKI_REV: return "revoked"; + case DKI_SEP: return "sep"; + } + return "unknown"; +} + +/***************************************************************** +** dki_add () add a key to the given list +*****************************************************************/ +dki_t *dki_add (dki_t **list, dki_t *new) +{ + dki_t *curr; + dki_t *last; + + dki_estr[0] = '\0'; + if ( list == NULL ) + return NULL; + if ( new == NULL ) + return *list; + + last = curr = *list; + while ( curr && dki_cmp (curr, new) < 0 ) + { + last = curr; + curr = curr->next; + } + + if ( curr == *list ) /* add node at start of list */ + *list = new; + else /* add node at end or between two nodes */ + last->next = new; + new->next = curr; + + return *list; +} + +/***************************************************************** +** dki_search () search a key with the given tag, or the first +** occurence of a key with the given name +*****************************************************************/ +const dki_t *dki_search (const dki_t *list, int tag, const char *name) +{ + const dki_t *curr; + + dki_estr[0] = '\0'; + curr = list; + if ( tag ) + while ( curr && (tag != curr->tag || + (name && *name && strcmp (name, curr->name) != 0)) ) + curr = curr->next; + else if ( name && *name ) + while ( curr && strcmp (name, curr->name) != 0 ) + curr = curr->next; + else + curr = NULL; + + return curr; +} + +#if defined(USE_TREE) && USE_TREE +/***************************************************************** +** dki_tadd () add a key to the given tree +*****************************************************************/ +dki_t *dki_tadd (dki_t **tree, dki_t *new) +{ + dki_t **p; + + dki_estr[0] = '\0'; + p = tsearch (new, tree, dki_namecmp); + if ( *p == new ) + dbg_val ("dki_tadd: New entry %s added\n", new->name); + else + { + dbg_val ("dki_tadd: New key added to %s\n", new->name); + dki_add (p, new); + } + + return *p; +} + +/***************************************************************** +** dki_tsearch () search a key with the given tag, or the first +** occurence of a key with the given name +*****************************************************************/ +const dki_t *dki_tsearch (const dki_t *tree, int tag, const char *name) +{ + dki_t search; + dki_t **p; + + dki_estr[0] = '\0'; + search.tag = tag; + snprintf (search.name, sizeof (search.name), "%s", name); + p = tfind (&search, &tree, dki_namecmp); + if ( p == NULL ) + return NULL; + + return dki_search (*p, tag, name); +} +#endif + +/***************************************************************** +** dki_find () find the n'th ksk or zsk key with given status +*****************************************************************/ +const dki_t *dki_find (const dki_t *list, int ksk, int status, int no) +{ + const dki_t *dkp; + const dki_t *last; + + dki_estr[0] = '\0'; + last = NULL; + for ( dkp = list; no > 0 && dkp; dkp = dkp->next ) + if ( dki_isksk (dkp) == ksk && dki_status (dkp) == status ) + { + no--; + last = dkp; + } + + return last; +} diff --git a/contrib/zkt/dki.h b/contrib/zkt/dki.h new file mode 100644 index 0000000..548ce68 --- /dev/null +++ b/contrib/zkt/dki.h @@ -0,0 +1,185 @@ +/***************************************************************** +** +** @(#) dki.h -- Header file for DNSsec Key info/manipulation +** +** Copyright (c) July 2004 - Jan 2005, Holger Zuleger HZnet. All rights reserved. +** +** This software is open source. +** +** Redistribution and use in source and binary forms, with or without +** modification, are permitted provided that the following conditions +** are met: +** +** Redistributions of source code must retain the above copyright notice, +** this list of conditions and the following disclaimer. +** +** Redistributions in binary form must reproduce the above copyright notice, +** this list of conditions and the following disclaimer in the documentation +** and/or other materials provided with the distribution. +** +** Neither the name of Holger Zuleger HZnet nor the names of its contributors may +** be used to endorse or promote products derived from this software without +** specific prior written permission. +** +** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +** POSSIBILITY OF SUCH DAMAGE. +** +*****************************************************************/ +#ifndef DKI_H +# define DKI_H + +# ifndef TYPES_H +# include <sys/types.h> +# include <stdio.h> +# include <time.h> +# endif + +# define MAX_LABELSIZE (255) +# define MAX_FNAMESIZE (1+255+2+3+1+5+1+11) + /* Kdomain.+ALG+KEYID.type */ + /* domain == FQDN (max 255) */ + /* ALG == 3; KEYID == 5 chars */ + /* type == key||published|private|depreciated == 11 chars */ +//# define MAX_DNAMESIZE (254) +# define MAX_DNAMESIZE (1023) + /* /path/name / filename */ +# define MAX_PATHSIZE (MAX_DNAMESIZE + 1 + MAX_FNAMESIZE) + +/* algorithm types */ +# define DK_ALGO_RSA 1 /* RFC2537 */ +# define DK_ALGO_DH 2 /* RFC2539 */ +# define DK_ALGO_DSA 3 /* RFC2536 (mandatory) */ +# define DK_ALGO_EC 4 /* */ +# define DK_ALGO_RSASHA1 5 /* RFC3110 */ + +/* protocol types */ +# define DK_PROTO_DNS 3 + +/* flag bits */ +typedef enum { /* 11 1111 */ + /* 0123 4567 8901 2345 */ + DK_FLAG_KSK= 01, /* 0000 0000 0000 0001 Bit 15 RFC4034/RFC3757 */ + DK_FLAG_REVOKE= 0200, /* 0000 0000 1000 0000 Bit 8 RFC5011 */ + DK_FLAG_ZONE= 0400, /* 0000 0001 0000 0000 Bit 7 RFC4034 */ +} dk_flag_t; + +/* status types */ +typedef enum { + DKI_SEP= 'e', + DKI_SECUREENTRYPOINT= 'e', + DKI_PUB= 'p', + DKI_PUBLISHED= 'p', + DKI_ACT= 'a', + DKI_ACTIVE= 'a', + DKI_DEP= 'd', + DKI_DEPRECIATED= 'd', + DKI_REV= 'r', + DKI_REVOKED= 'r', +} dk_status_t; + +# define DKI_KEY_FILEEXT ".key" +# define DKI_PUB_FILEEXT ".published" +# define DKI_ACT_FILEEXT ".private" +# define DKI_DEP_FILEEXT ".depreciated" + +# define DKI_KSK 1 +# define DKI_ZSK 0 + +typedef struct dki { + char dname[MAX_DNAMESIZE+1]; /* directory */ + char fname[MAX_FNAMESIZE+1]; /* file name without extension */ + char name[MAX_LABELSIZE+1]; /* domain name or label */ + ushort algo; /* key algorithm */ + ushort proto; /* must be 3 (DNSSEC) */ + dk_flag_t flags; /* ZONE, optional SEP or REVOKE flag */ + time_t time; /* key file time */ + time_t gentime; /* key generation time (will be set on key generation and never changed) */ + time_t exptime; /* time the key was expired (0L if not) */ + ulong lifetime; /* proposed key life time at time of generation */ + uint tag; /* key id */ + dk_status_t status; /* key exist (".key") and name of private */ + /* key file is ".published", ".private" */ + /* or ".depreciated" */ + char *pubkey; /* base64 public key */ + struct dki *next; /* ptr to next entry in list */ +} dki_t; + +#if defined(USE_TREE) && USE_TREE +/* + * Instead of including <search.h>, which contains horrible false function + * declarations, we declared it for our usage (Yes, these functions return + * the adress of a pointer variable) + */ +typedef enum +{ + /* we change the naming to the new, and more predictive one, used by Knuth */ + PREORDER, /* preorder, */ + INORDER, /* postorder, */ + POSTORDER, /* endorder, */ + LEAF /* leaf */ +} +VISIT; + +dki_t **tsearch (const dki_t *dkp, dki_t **tree, int(*compar)(const dki_t *, const dki_t *)); +dki_t **tfind (const dki_t *dkp, const dki_t **tree, int(*compar)(const dki_t *, const dki_t *)); +dki_t **tdelete (const dki_t *dkp, dki_t **tree, int(*compar)(const dki_t *, const dki_t *)); +void twalk (const dki_t *root, void (*action)(const dki_t **nodep, VISIT which, int depth)); + +extern void dki_tfree (dki_t **tree); +extern dki_t *dki_tadd (dki_t **tree, dki_t *new); +extern int dki_tagcmp (const dki_t *a, const dki_t *b); +extern int dki_namecmp (const dki_t *a, const dki_t *b); +extern int dki_allcmp (const dki_t *a, const dki_t *b); +#endif + +extern dki_t *dki_read (const char *dir, const char *fname); +extern int dki_readdir (const char *dir, dki_t **listp, int recursive); +extern int dki_prt_trustedkey (const dki_t *dkp, FILE *fp); +extern int dki_prt_dnskey (const dki_t *dkp, FILE *fp); +extern int dki_prt_dnskeyttl (const dki_t *dkp, FILE *fp, int ttl); +extern int dki_prt_dnskey_raw (const dki_t *dkp, FILE *fp); +extern int dki_prt_comment (const dki_t *dkp, FILE *fp); +extern int dki_cmp (const dki_t *a, const dki_t *b); +extern int dki_timecmp (const dki_t *a, const dki_t *b); +extern int dki_age (const dki_t *dkp, time_t curr); +extern dk_flag_t dki_getflag (const dki_t *dkp, time_t curr); +extern dk_flag_t dki_setflag (dki_t *dkp, dk_flag_t flag); +extern dk_flag_t dki_unsetflag (dki_t *dkp, dk_flag_t flag); +extern dk_status_t dki_status (const dki_t *dkp); +extern const char *dki_statusstr (const dki_t *dkp); +extern int dki_isksk (const dki_t *dkp); +extern int dki_isdepreciated (const dki_t *dkp); +extern int dki_isrevoked (const dki_t *dkp); +extern int dki_isactive (const dki_t *dkp); +extern int dki_ispublished (const dki_t *dkp); +extern time_t dki_time (const dki_t *dkp); +extern time_t dki_exptime (const dki_t *dkp); +extern time_t dki_gentime (const dki_t *dkp); +extern time_t dki_lifetime (const dki_t *dkp); +extern ushort dki_lifetimedays (const dki_t *dkp); +extern ushort dki_setlifetime (dki_t *dkp, int days); +extern time_t dki_setexptime (dki_t *dkp, time_t sec); +extern dki_t *dki_new (const char *dir, const char *name, int ksk, int algo, int bitsize, const char *rfile, int lf_days); +extern dki_t *dki_remove (dki_t *dkp); +extern dki_t *dki_destroy (dki_t *dkp); +extern int dki_setstatus (dki_t *dkp, int status); +extern int dki_setstatus_preservetime (dki_t *dkp, int status); +extern dki_t *dki_add (dki_t **dkp, dki_t *new); +extern const dki_t *dki_tsearch (const dki_t *tree, int tag, const char *name); +extern const dki_t *dki_search (const dki_t *list, int tag, const char *name); +extern const dki_t *dki_find (const dki_t *list, int ksk, int status, int first); +extern void dki_free (dki_t *dkp); +extern void dki_freelist (dki_t **listp); +extern char *dki_algo2str (int algo); +extern const char *dki_geterrstr (void); + +#endif diff --git a/contrib/zkt/dnssec-signer.8 b/contrib/zkt/dnssec-signer.8 new file mode 100644 index 0000000..07c3c6c --- /dev/null +++ b/contrib/zkt/dnssec-signer.8 @@ -0,0 +1,436 @@ +.TH dnssec-signer 8 "June 27, 2008" "ZKT 0.96" "" +\" turn off hyphenation +.\" if n .nh +.nh +.SH NAME +dnssec-signer \(em Secure DNS zone signing tool + +.SH SYNOPSYS +.na +.B dnssec-signer +.RB [ \-L|--logfile +.IR "file" ] +.RB [ \-V|--view +.IR "view" ] +.RB [ \-c +.IR "file" ] +.RB [ \-fhnr ] +.RB [ \-v +.RB [ \-v ]] +.B \-N +.I "named.conf" +.RI [ zone +.RI "" ... ] +.br +.B dnssec-signer +.RB [ \-L|--logfile +.IR "file" ] +.RB [ \-V|--view +.IR "view" ] +.RB [ \-c +.IR "file" ] +.RB [ \-fhnr ] +.RB [ \-v +.RB [ \-v ]] +.RB [ \-D +.IR "directory" ] +.RI [ zone +.RI "" ... ] +.br +.B dnssec-signer +.RB [ \-L|--logfile +.IR "file" ] +.RB [ \-V|--view +.IR "view" ] +.RB [ \-c +.IR "file" ] +.RB [ \-fhnr ] +.RB [ \-v +.RB [ \-v ]] +.B \-o +.IR "origin" +.RI [ zonefile ] + +.SH DESCRIPTION +The +.I dnssec-signer +command is a wrapper around +.I dnssec-signzone(8) +and +.I dnssec-keygen(8) +to sign a zone and manage the necessary zone keys. +It's able to increment the serial number before signing the zone +and can trigger +.I named(8) +to reload the signed zone file. +The command controls several secure zones and, if started in regular +intervals via +.IR cron(8) , +can do all that stuff automatically. +.PP +In the most useful usage scenario the command will be called with option +.B \-N +to read the secure zones out of the given +.I named.conf +file. +If you have a configuration file with views, you have to use option +-V viewname or --view viewname to specify the name of the view. +Alternatively you could link the executable file to a second name like +.I dnssec-signer-viewname +and use that command to specify the name of the view. +All master zone statements will be scanned for filenames +ending with ".signed". +These zones will be checked if the necessary zone- and key signing keys +are existent and fresh enough to be used in the signing process. +If some out-dated keys where found, new keying material will be generated via +the +.I dnssec-keygen(8) +command and the old ones will be marked as depreciated. +So the command do anything needed for a zone key rollover as defined by [2]. +.PP +If the resigning interval is reached or any new key must be announced, +the serial number of the zone will be incremented and the +.I dnssec-signzone(8) +command will be evoked to sign the zone. +After that, if the option +.B \-r +is given, the +.I rndc(8) +command will be called to reload the zone on the +nameserver. +.PP +In the second form of the command it's possible to specify a directory +tree with the option +.B \-D +.IR dir . +Every secure zone found in a subdirectory below +.I dir +will be signed. +However, it's also possible to reduce the signing to those +zones given as arguments. +In directory mode the pre-requisite is, that the directory name is +exactly (including the trailing dot) the same as the zone name. +.PP +In the last form of the command, the functionality is more or less the same +as the +.I dnssec-signzone (8) +command. +The parameter specify the zone file name and the option +.B \-o +takes the name of the zone. +.PP +If neither +.B \-N +nor +.B \-D +nor +.B \-o +is given, then the default directory specified in the +.I dnssec.conf +file by the parameter +.I zonedir +will be used as the top level directory. + +.SH OPTIONS +.TP +.BI \-L " file|dir" ", \-\-logfile=" file|dir +Specify the name of a log file or a directory where +logfiles are created with a name like +.fam C +.\"# define LOG_FNAMETMPL "/zkt-%04d-%02d-%02dT%02d%02d%02dZ.log" +.RI zkt- YYYY-MM-DD T hhmmss Z.log . +.fam T +.\" \&. +If the argument is not an absolute path name and a zone directory +is specified in the config file, this will prepend the given name. +This option is also settable in the dnssec.conf file via the parameter +.BI LogFile . +.br +The default is no file logging, but error logging to syslog with facility +.BI USER +at level +.BI ERROR +is enabled by default. +These parameters are settable via the config file parameter +.BI "SyslogFacility:" , +.BI "SyslogLevel:" , +.BI "LogFile:" +and +.BI "Loglevel" . +.br +There is an additional parameter +.BI VerboseLog: +which specifies the verbosity (0|1|2) of messages that will be logged +with level +.BI DEBUG +to file and syslog. + +.TP +.BI \-V " view" ", \-\-view=" view +Try to read the default configuration out of a file named +.I dnssec-<view>.conf . +Instead of specifying the \-V or --view option every time, +it's also possible to create a hard or softlink to the +executable file with an additional name like +.I dnssec-zkt-<view> . +.TP +.BI \-c " file" ", \-\-config=" file +Read configuration values out of the specified file. +Otherwise the default config file is read or build-in defaults +will be used. +.TP +.BI \-O " optstr" ", \-\-config-option=" optstr +Set any config file option via the commandline. +Several config file options could be specified at the argument string +but have to be delimited by semicolon (or newline). +.TP +.BR \-f ", " \-\-force +Force a resigning of the zone, regardless if the resigning interval +is reached, or any new keys must be announced. +.TP +.BR \-n ", " \-\-noexec +Don't execute the +.I dnssec-signzone(8) +command. +Currently this option is of very limited usage. +.TP +.BR \-r ", " \-\-reload +Reload the zone via +.I rndc(8) +after successful signing. +In a production environment it's recommended to use this option +to be sure that a freshly signed zone will be immediately propagated. +However, that's only feasable if the named runs on the signing +machine, which is not recommended. +Otherwise the signed zonefile must be copied to the production +server before reloading the zone. +If this is the case, the parameter +.I propagation +in the +.I dnssec.conf +file must be set to a reasonable value. +.TP +.BR \-v ", " \-\-verbose +Verbose mode (recommended). +A second +.B \-v +will be a little more verbose. +.TP +.BR \-h ", " \-\-help +Print out the online help. + +.SH SAMPLE USAGE +.TP +.fam C +.B "dnssec-signer \-N /var/named/named.conf \-r \-v \-v +.fam T +Sign all secure zones found in the named.conf file and, if necessary, +trigger a reload of the zone. +Print some explanatory remarks on stdout. +.TP +.fam C +.B "dnssec-signer \-D zonedir/example.net. \-f \-v \-v +.fam T +Force the signing of the zone found in the directory +.I zonedir/example.net . +Do not reload the zone. +.TP +.fam C +.B "dnssec-signer \-D zonedir \-f \-v \-v example.net. +.fam T +Same as above. +.TP +.fam C +.B "dnssec-signer \-f \-v \-v example.net. +.fam T +Same as above if the +.I dnssec.conf +file contains the path of the parent directory of the +.I example.net +zone. +.TP +.fam C +.B "dnssec-signer \-f \-v \-v \-o example.net. zone.db +.fam T +Same as above if we are in the directory containing the +.I example.net +files. +.TP +.fam C +.B "dnssec-signer \-\-config-option='ResignInterval 1d; Sigvalidity 28h; \e +.B ZSK_lifetime 2d;' \-v \-v \-o example.net. zone.db +.fam T +.br +Sign the example.net zone but overwrite some config file values with the parameters +given on the commandline. + +.SH Zone setup and initial preparation +.TP +Create a separate directory for every secure zone. +.br +This is useful because there are many additional files needed to +secure a zone. +Besides the zone file +.RI ( zone.db ), +there is a signed zone file +.RI ( zone.db.signed), +a minimum of four files containing the keying material, +a file called +.I dnskey.db +with the current used keys, +and the +.I dsset- +and +.IR keyset- files +created by the +.I dnssec-signzone(8) +command. +So in summary there is a minimum of nine files used per secure zone. +For every additional key there are two extra files and +every delegated subzone creates also two or three files. +.TP +Name the directory just like the zone. +.br +That's only needed if you want to use the dnssec-signer command in +directory mode +.RB ( \-D ). +Then the name of the zone will be parsed out of the directory name. +.TP +Change the name of the zone file to \fIzone.db\fP +Otherwise you have to set the name via the +.I dnssec.conf +parameter +.IR zonefile , +or you have to use the option +.B \-o +to name the zone and specify the zone file as argument. +.TP +Add the name of the signed zonefile to the \fInamed.conf\fP file +The filename is the name of the zone file with the +extension +.IR .signed . +Create an empty file with the name +.IB zonefile .signed +in the zone directory. +.TP +Include the keyfile in the zone. +The name of the keyfile is settable by the +.I dnssec.conf +parameter +.I keyfile . +The default is +.I dnskey.db . +.br +.if t \{\ +.nf +.fam C + ... + IN NS ns1.example.net. + IN NS ns2.example.net. +$INCLUDE dnskey.db + ... +.fi +.fam T +.\} +.TP +Control the format of the SOA-Record +For automatic incrementation of the serial number, the SOA-Record +must be formated, so that the serial number is on a single line and +left justified in a field of at least 10 spaces! +.if t \{\ +.fam C +.fi 0 +@ IN SOA ns1.example.net. hostmaster.example.net. ( + 60 ; Serial + 43200 ; Refresh + 1800 ; Retry + 2W ; Expire + 7200 ); Minimum +.fi +.fam T +.\} +If you use a BIND Verison of 9.4 or greater and +use the unixtime format for the serial number (See parameter +Serialformat in +.IR dnssec.conf ) +than this is not necessary. +.TP +Try to sign the zone +If the current working directory is the directory of the zone +.IR example.net , +use the command +.fam C +.nf +.sp 0.5 + $ dnssec-signer \-D .. \-v \-v example.net + $ dnssec-signer \-o example.net. +.sp 0.5 +.fi +.fam T +to create the initial keying material and a signed zone file. +Then try to load the file on the name server. + +.SH ENVIRONMENT VARIABLES +.TP +ZKT_CONFFILE +Specifies the name of the default global configuration files. + +.SH FILES +.TP +.I /var/named/dnssec.conf +Built-in default global configuration file. +The name of the default global config file is settable via +the environment variable ZKT_CONFFILE. +Use +.I dnssec-zkt(8) +with option +.B \-Z +to create an initial config file. +.TP +.I /var/named/dnssec-<view>.conf +View specific global configuration file. +.TP +.I ./dnssec.conf +Local configuration file. +.TP +.I dnskey.db +The file contains the currently used key and zone signing keys. +It will be created by +.IR dnsssec-signer(8) . +The name of the file is settable via the dnssec configuration +file (parameter +.IR keyfile ). +.TP +.I zone.db +This is the zone file. +The name of the file is settable via the dnssec configuration +file (parameter +.IR zonefile ). + +.SH BUGS +.PP +The zone name given as an argument must be ending with a dot. +.PP +The named.conf parser is a little bit rudimental and not +very well tested. + +.SH AUTHOR +Holger Zuleger + +.SH COPYRIGHT +Copyright (c) 2005 \- 2008 by Holger Zuleger. +Licensed under the GPL 2. There is NO warranty; not even for MERCHANTABILITY or +FITNESS FOR A PARTICULAR PURPOSE. +.\"-------------------------------------------------- +.SH SEE ALSO +dnssec-keygen(8), dnssec-signzone(8), rndc(8), named.conf(5), dnssec-zkt(8) +.br +RFC4033, RFC4034, RFC4035 +.br +[1] DNSSEC HOWTO Tutorial by Olaf Kolkman, RIPE NCC +.br +(http://www.nlnetlabs.nl/dnssec_howto/) +.br +[2] RFC4641 "DNSSEC Operational Practices" by Miek Gieben and Olaf Kolkman +.br +(http://www.ietf.org/rfc/rfc4641.txt) diff --git a/contrib/zkt/dnssec-signer.c b/contrib/zkt/dnssec-signer.c new file mode 100644 index 0000000..5b2b8f6 --- /dev/null +++ b/contrib/zkt/dnssec-signer.c @@ -0,0 +1,1002 @@ +/***************************************************************** +** +** @(#) dnssec-signer.c (c) Jan 2005 Holger Zuleger hznet.de +** +** A wrapper around the BIND dnssec-signzone command which is able +** to resign a zone if neccessary and doing a zone or key signing key rollover. +** +** Copyright (c) 2005 - 2008, Holger Zuleger HZnet. All rights reserved. +** This software is open source. +** +** Redistribution and use in source and binary forms, with or without +** modification, are permitted provided that the following conditions +** are met: +** +** Redistributions of source code must retain the above copyright notice, +** this list of conditions and the following disclaimer. +** +** Redistributions in binary form must reproduce the above copyright notice, +** this list of conditions and the following disclaimer in the documentation +** and/or other materials provided with the distribution. +** +** Neither the name of Holger Zuleger HZnet nor the names of its contributors may +** be used to endorse or promote products derived from this software without +** specific prior written permission. +** +** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +** POSSIBILITY OF SUCH DAMAGE. +** +*****************************************************************/ + +# include <stdio.h> +# include <string.h> +# include <stdlib.h> +# include <assert.h> +# include <dirent.h> +# include <errno.h> +# include <unistd.h> +# include <ctype.h> + +#ifdef HAVE_CONFIG_H +# include <config.h> +#endif +# include "config_zkt.h" +#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG +# include <getopt.h> +#endif +# include "zconf.h" +# include "debug.h" +# include "misc.h" +# include "ncparse.h" +# include "zone.h" +# include "dki.h" +# include "rollover.h" +# include "log.h" + +#if defined(BIND_VERSION) && BIND_VERSION >= 940 +# define short_options "c:L:V:D:N:o:O:dfHhnrv" +#else +# define short_options "c:L:V:D:N:o:O:fHhnrv" +#endif +#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG +static struct option long_options[] = { + {"reload", no_argument, NULL, 'r'}, + {"force", no_argument, NULL, 'f'}, + {"noexec", no_argument, NULL, 'n'}, + {"verbose", no_argument, NULL, 'v'}, + {"directory", no_argument, NULL, 'd'}, + {"config", required_argument, NULL, 'c'}, + {"option", required_argument, NULL, 'O'}, + {"config-option", required_argument, NULL, 'O'}, + {"logfile", required_argument, NULL, 'L' }, + {"view", required_argument, NULL, 'V' }, + {"directory", required_argument, NULL, 'D'}, + {"named-conf", required_argument, NULL, 'N'}, + {"origin", required_argument, NULL, 'o'}, +#if defined(BIND_VERSION) && BIND_VERSION >= 940 + {"dynamic", no_argument, NULL, 'd' }, +#endif + {"help", no_argument, NULL, 'h'}, + {0, 0, 0, 0} +}; +#endif + + +/** function declaration **/ +static void usage (char *mesg, zconf_t *conf); +static int add2zonelist (const char *dir, const char *view, const char *zone, const char *file); +static int parsedir (const char *dir, zone_t **zp, const zconf_t *conf); +static int dosigning (zone_t *zonelist, zone_t *zp); +static int check_keydb_timestamp (dki_t *keylist, time_t reftime); +static int new_keysetfiles (const char *dir, time_t zone_signing_time); +static int writekeyfile (const char *fname, const dki_t *list, int key_ttl); +static int sign_zone (const char *dir, const char *domain, const char *file, const zconf_t *conf); +static int dyn_update_freeze (const char *domain, const zconf_t *z, int freeze); +static int reload_zone (const char *domain, const zconf_t *z); +static int dist_and_reload (const zone_t *zp); +static void register_key (dki_t *listp, const zconf_t *z); +static void copy_keyset (const char *dir, const char *domain, const zconf_t *conf); + +/** global command line options **/ +extern int optopt; +extern int opterr; +extern int optind; +extern char *optarg; +const char *progname; +const char *viewname = NULL; +const char *logfile = NULL; +const char *origin = NULL; +const char *namedconf = NULL; +const char *dirname = NULL; +static int verbose = 0; +static int force = 0; +static int reloadflag = 0; +static int noexec = 0; +static int dynamic_zone = 0; /* dynamic zone ? */ +static zone_t *zonelist = NULL; /* must be static global because add2zonelist use it */ +static zconf_t *config; + +int main (int argc, char *const argv[]) +{ + int c; + int errcnt; + int opt_index; + char errstr[255+1]; + char *p; + const char *defconfname; + zone_t *zp; + + progname = *argv; + if ( (p = strrchr (progname, '/')) ) + progname = ++p; + viewname = getnameappendix (progname, "dnssec-signer"); + + defconfname = getdefconfname (viewname); + config = loadconfig ("", (zconf_t *)NULL); /* load built in config */ + if ( fileexist (defconfname) ) /* load default config file */ + config = loadconfig (defconfname, config); + if ( config == NULL ) + fatal ("Couldn't load config: Out of memory\n"); + + zonelist = NULL; + opterr = 0; +#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG + while ( (c = getopt_long (argc, argv, short_options, long_options, &opt_index)) != -1 ) +#else + while ( (c = getopt (argc, argv, short_options)) != -1 ) +#endif + { + switch ( c ) + { + case 'V': /* view name */ + viewname = optarg; + defconfname = getdefconfname (viewname); + if ( fileexist (defconfname) ) /* load default config file */ + config = loadconfig (defconfname, config); + if ( config == NULL ) + fatal ("Out of memory\n"); + break; + case 'c': /* load config from file */ + config = loadconfig (optarg, config); + if ( config == NULL ) + fatal ("Out of memory\n"); + break; + case 'O': /* load config option from commandline */ + config = loadconfig_fromstr (optarg, config); + if ( config == NULL ) + fatal ("Out of memory\n"); + break; + case 'o': + origin = optarg; + break; + case 'N': + namedconf = optarg; + break; + case 'D': + dirname = optarg; + break; + case 'L': /* error log file|directory */ + logfile = optarg; + break; + case 'f': + force++; + break; + case 'H': + case 'h': + usage (NULL, config); + break; +#if defined(BIND_VERSION) && BIND_VERSION >= 940 + case 'd': + dynamic_zone = 1; + /* dynamic zone requires a name server reload... */ + reloadflag = 0; /* ...but "rndc thaw" reloads the zone anyway */ + break; +#endif + case 'n': + noexec = 1; + break; + case 'r': + reloadflag = 1; + break; + case 'v': + verbose++; + break; + case '?': + if ( isprint (optopt) ) + snprintf (errstr, sizeof(errstr), + "Unknown option \"-%c\".\n", optopt); + else + snprintf (errstr, sizeof (errstr), + "Unknown option char \\x%x.\n", optopt); + usage (errstr, config); + break; + default: + abort(); + } + } + dbg_line(); + + /* store some of the commandline parameter in the config structure */ + setconfigpar (config, "--view", viewname); + setconfigpar (config, "-v", &verbose); + if ( logfile == NULL ) + logfile = config->logfile; + + if ( lg_open (progname, config->syslogfacility, config->sysloglevel, config->zonedir, logfile, config->loglevel) < -1 ) + fatal ("Couldn't open logfile %s in dir %s\n", logfile, config->zonedir); + +#if defined(DBG) && DBG + for ( zp = zonelist; zp; zp = zp->next ) + zone_print ("in main: ", zp); +#endif + lg_args (LG_NOTICE, argc, argv); + + if ( origin ) /* option -o ? */ + { + if ( (argc - optind) <= 0 ) /* no arguments left ? */ + zone_readdir (".", origin, NULL, &zonelist, config, dynamic_zone); + else + zone_readdir (".", origin, argv[optind], &zonelist, config, dynamic_zone); + + /* anyway, "delete" all (remaining) arguments */ + optind = argc; + + /* complain if nothing could read in */ + if ( zonelist == NULL ) + { + lg_mesg (LG_FATAL, "\"%s\": couldn't read", origin); + fatal ("Couldn't read zone \"%s\"\n", origin); + } + } + if ( namedconf ) /* option -N ? */ + { + char dir[255+1]; + + memset (dir, '\0', sizeof (dir)); + if ( config->zonedir ) + strncpy (dir, config->zonedir, sizeof(dir)); + if ( !parse_namedconf (namedconf, dir, sizeof (dir), add2zonelist) ) + fatal ("Can't read file %s as namedconf file\n", namedconf); + if ( zonelist == NULL ) + fatal ("No signed zone found in file %s\n", namedconf); + } + if ( dirname ) /* option -D ? */ + { + if ( !parsedir (dirname, &zonelist, config) ) + fatal ("Can't read directory tree %s\n", dirname); + if ( zonelist == NULL ) + fatal ("No signed zone found in directory tree %s\n", dirname); + } + + /* none of the above: read current directory tree */ + if ( zonelist == NULL ) + parsedir (config->zonedir, &zonelist, config); + + for ( zp = zonelist; zp; zp = zp->next ) + if ( in_strarr (zp->zone, &argv[optind], argc - optind) ) + { + dosigning (zonelist, zp); + verbmesg (1, zp->conf, "\n"); + } + + zone_freelist (&zonelist); + + errcnt = lg_geterrcnt (); + lg_mesg (LG_NOTICE, "end of run: %d error%s occured", errcnt, errcnt == 1 ? "" : "s"); + lg_close (); + + return errcnt < 64 ? errcnt : 64; +} + +# define sopt_usage(mesg, value) fprintf (stderr, mesg, value) +#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG +# define lopt_usage(mesg, value) fprintf (stderr, mesg, value) +# define loptstr(lstr, sstr) lstr +#else +# define lopt_usage(mesg, value) +# define loptstr(lstr, sstr) sstr +#endif +static void usage (char *mesg, zconf_t *conf) +{ + fprintf (stderr, "%s version %s\n", progname, ZKT_VERSION); + fprintf (stderr, "\n"); + + fprintf (stderr, "usage: %s [-c file] [-O optstr] ", progname); + fprintf (stderr, "[-D directorytree] "); + fprintf (stderr, "[-fhnr] [-v [-v]] [zone ...]\n"); + + fprintf (stderr, "usage: %s [-c file] [-O optstr] ", progname); + fprintf (stderr, "-N named.conf "); + fprintf (stderr, "[-fhnr] [-v [-v]] [zone ...]\n"); + + fprintf (stderr, "usage: %s [-c file] [-O optstr] ", progname); + fprintf (stderr, "-o origin "); + fprintf (stderr, "[-fhnr] [-v [-v]] [zonefile.signed]\n"); + + fprintf (stderr, "\t-c file%s", loptstr (", --config=file\n", "")); + fprintf (stderr, "\t\t read config from <file> instead of %s\n", CONFIG_FILE); + fprintf (stderr, "\t-O optstr%s", loptstr (", --config-option=\"optstr\"\n", "")); + fprintf (stderr, "\t\t set config options on the commandline\n"); + fprintf (stderr, "\t-L file|dir%s", loptstr (", --logfile=file|dir\n", "")); + fprintf (stderr, "\t\t specify file or directory for the log output\n"); + fprintf (stderr, "\t-D dir%s", loptstr (", --directory=dir\n", "")); + fprintf (stderr, "\t\t parse the given directory tree for a list of secure zones \n"); + fprintf (stderr, "\t-N file%s", loptstr (", --named-conf=file\n", "")); + fprintf (stderr, "\t\t get the list of secure zones out of the named like config file \n"); + fprintf (stderr, "\t-o zone%s", loptstr (", --origin=zone", "")); + fprintf (stderr, "\tspecify the name of the zone \n"); + fprintf (stderr, "\t\t The file to sign should be given as an argument (default is \"%s.signed\")\n", conf->zonefile); + fprintf (stderr, "\t-h%s\t print this help\n", loptstr (", --help", "\t")); + fprintf (stderr, "\t-f%s\t force re-signing\n", loptstr (", --force", "\t")); + fprintf (stderr, "\t-n%s\t no execution of external signing command\n", loptstr (", --noexec", "\t")); + // fprintf (stderr, "\t-r%s\t reload zone via <rndc reload zone> (or via the external distribution command)\n", loptstr (", --reload", "\t")); + fprintf (stderr, "\t-r%s\t reload zone via %s\n", loptstr (", --reload", "\t"), conf->dist_cmd ? conf->dist_cmd: "rndc"); + fprintf (stderr, "\t-v%s\t be verbose (use twice to be very verbose)\n", loptstr (", --verbose", "\t")); + + fprintf (stderr, "\t[zone]\t sign only those zones given as argument\n"); + + fprintf (stderr, "\n"); + fprintf (stderr, "\tif neither -D nor -N nor -o is given, the directory tree specified\n"); + fprintf (stderr, "\tin the dnssec config file (\"%s\") will be parsed\n", conf->zonedir); + + if ( mesg && *mesg ) + fprintf (stderr, "%s\n", mesg); + exit (127); +} + +/** fill zonelist with infos coming out of named.conf **/ +static int add2zonelist (const char *dir, const char *view, const char *zone, const char *file) +{ +#ifdef DBG + fprintf (stderr, "printzone "); + fprintf (stderr, "view \"%s\" " , view); + fprintf (stderr, "zone \"%s\" " , zone); + fprintf (stderr, "file "); + if ( dir && *dir ) + fprintf (stderr, "%s/", dir); + fprintf (stderr, "%s", file); + fprintf (stderr, "\n"); +#endif + dbg_line (); + if ( view[0] != '\0' ) /* view found in named.conf */ + { + if ( viewname == NULL || viewname[0] == '\0' ) /* viewname wasn't set on startup ? */ + { + dbg_line (); + error ("zone \"%s\" in view \"%s\" found in name server config, but no matching view was set on startup\n", zone, view); + lg_mesg (LG_ERROR, "\"%s\" in view \"%s\" found in name server config, but no matching view was set on startup", zone, view); + return 0; + } + dbg_line (); + if ( strcmp (viewname, view) != 0 ) /* zone is _not_ in current view */ + return 0; + } + return zone_readdir (dir, zone, file, &zonelist, config, dynamic_zone); +} + +static int parsedir (const char *dir, zone_t **zp, const zconf_t *conf) +{ + DIR *dirp; + struct dirent *dentp; + char path[MAX_PATHSIZE+1]; + + dbg_val ("parsedir: (%s)\n", dir); + if ( !is_directory (dir) ) + return 0; + + dbg_line (); + zone_readdir (dir, NULL, NULL, zp, conf, dynamic_zone); + + dbg_val ("parsedir: opendir(%s)\n", dir); + if ( (dirp = opendir (dir)) == NULL ) + return 0; + + while ( (dentp = readdir (dirp)) != NULL ) + { + if ( is_dotfile (dentp->d_name) ) + continue; + + pathname (path, sizeof (path), dir, dentp->d_name, NULL); + if ( !is_directory (path) ) + continue; + + dbg_val ("parsedir: recursive %s\n", path); + parsedir (path, zp, conf); + } + closedir (dirp); + return 1; +} + +static int dosigning (zone_t *zonelist, zone_t *zp) +{ + char path[MAX_PATHSIZE+1]; + int err; + int newkey; + int newkeysetfile; + int use_unixtime; + time_t currtime; + time_t zfile_time; + time_t zfilesig_time; + char mesg[255+1]; + + verbmesg (1, zp->conf, "parsing zone \"%s\" in dir \"%s\"\n", zp->zone, zp->dir); + + pathname (path, sizeof (path), zp->dir, zp->sfile, NULL); + dbg_val("parsezonedir fileexist (%s)\n", path); + if ( !fileexist (path) ) + { + error ("Not a secure zone directory (%s)!\n", zp->dir); + lg_mesg (LG_ERROR, "\"%s\": not a secure zone directory (%s)!", zp->zone, zp->dir); + return 1; + } + zfilesig_time = file_mtime (path); + + pathname (path, sizeof (path), zp->dir, zp->file, NULL); + dbg_val("parsezonedir fileexist (%s)\n", path); + if ( !fileexist (path) ) + { + error ("No zone file found (%s)!\n", path); + lg_mesg (LG_ERROR, "\"%s\": no zone file found (%s)!", zp->zone, path); + return 2; + } + + zfile_time = file_mtime (path); + currtime = time (NULL); + + /* check rfc5011 key signing keys, create new one if neccessary */ + dbg_msg("parsezonedir check rfc 5011 ksk "); + newkey = ksk5011status (&zp->keys, zp->dir, zp->zone, zp->conf); + if ( (newkey & 02) != 02 ) /* not a rfc 5011 zone ? */ + { + verbmesg (2, zp->conf, "\t\t->not a rfc5011 zone, looking for a regular ksk rollover\n"); + /* check key signing keys, create new one if neccessary */ + dbg_msg("parsezonedir check ksk "); + newkey |= kskstatus (zonelist, zp); + } + else + newkey &= ~02; /* reset bit 2 */ + + /* check age of zone keys, probably retire (depreciate) or remove old keys */ + dbg_msg("parsezonedir check zsk "); + newkey += zskstatus (&zp->keys, zp->dir, zp->zone, zp->conf); + + /* check age of "dnskey.db" file against age of keyfiles */ + pathname (path, sizeof (path), zp->dir, zp->conf->keyfile, NULL); + dbg_val("parsezonedir check_keydb_timestamp (%s)\n", path); + if ( !newkey ) + newkey = check_keydb_timestamp (zp->keys, file_mtime (path)); + + /* if we work in subdir mode, check if there is a new keyset- file */ + newkeysetfile = 0; + if ( !newkey && zp->conf->keysetdir && strcmp (zp->conf->keysetdir, "..") == 0 ) + newkeysetfile = new_keysetfiles (zp->dir, zfilesig_time); + + /** + ** Check if it is time to do a re-sign. This is the case if + ** a) the command line flag -f is set, or + ** b) new keys are generated, or + ** c) we found a new KSK of a delegated domain, or + ** d) the "dnskey.db" file is newer than "zone.db" + ** e) the "zone.db" is newer than "zone.db.signed" or + ** f) "zone.db.signed" is older than the re-sign interval + **/ + mesg[0] = '\0'; + if ( force ) + snprintf (mesg, sizeof(mesg), "Option -f"); + else if ( newkey ) + snprintf (mesg, sizeof(mesg), "New zone key"); + else if ( newkeysetfile ) + snprintf (mesg, sizeof(mesg), "Modified KSK in delegated domain"); + else if ( file_mtime (path) > zfilesig_time ) + snprintf (mesg, sizeof(mesg), "Modified keys"); + else if ( zfile_time > zfilesig_time ) + snprintf (mesg, sizeof(mesg), "Zone file edited"); + else if ( (currtime - zfilesig_time) > zp->conf->resign - (OFFSET) ) + snprintf (mesg, sizeof(mesg), "re-signing interval (%s) reached", + str_delspace (age2str (zp->conf->resign))); + else if ( dynamic_zone ) + snprintf (mesg, sizeof(mesg), "dynamic zone"); + + if ( *mesg ) + verbmesg (1, zp->conf, "\tRe-signing necessary: %s\n", mesg); + else + verbmesg (1, zp->conf, "\tRe-signing not necessary!\n"); + + if ( *mesg ) + lg_mesg (LG_NOTICE, "\"%s\": re-signing triggered: %s", zp->zone, mesg); + + dbg_line (); + if ( !(force || newkey || newkeysetfile || zfile_time > zfilesig_time || + file_mtime (path) > zfilesig_time || + (currtime - zfilesig_time) > zp->conf->resign - (OFFSET) || dynamic_zone) ) + { + verbmesg (2, zp->conf, "\tCheck if there is a parent file to copy\n"); + if ( zp->conf->keysetdir && strcmp (zp->conf->keysetdir, "..") == 0 ) + copy_keyset (zp->dir, zp->zone, zp->conf); /* copy the parent- file if it exist */ + return 0; /* nothing to do */ + } + + /* let's start signing the zone */ + dbg_line (); + + /* create new "dnskey.db" file */ + pathname (path, sizeof (path), zp->dir, zp->conf->keyfile, NULL); + verbmesg (1, zp->conf, "\tWriting key file \"%s\"\n", path); + if ( !writekeyfile (path, zp->keys, zp->conf->key_ttl) ) + { + error ("Can't create keyfile %s \n", path); + lg_mesg (LG_ERROR, "\"%s\": can't create keyfile %s", zp->zone , path); + } + + err = 1; + use_unixtime = ( zp->conf->serialform == Unixtime ); + dbg_val1 ("Use unixtime = %d\n", use_unixtime); +#if defined(BIND_VERSION) && BIND_VERSION >= 940 + if ( !dynamic_zone && !use_unixtime ) /* increment serial no in static zone files */ +#else + if ( !dynamic_zone ) /* increment serial no in static zone files */ +#endif + { + pathname (path, sizeof (path), zp->dir, zp->file, NULL); + err = 0; + if ( noexec == 0 ) + { + if ( (err = inc_serial (path, use_unixtime)) < 0 ) + { + error ("could not increment serialno of domain %s in file %s: %s!\n", + zp->zone, path, inc_errstr (err)); + lg_mesg (LG_ERROR, + "zone \"%s\": couldn't increment serialno in file %s: %s", + zp->zone, path, inc_errstr (err)); + } + else + verbmesg (1, zp->conf, "\tIncrementing serial number in file \"%s\"\n", path); + } + else + verbmesg (1, zp->conf, "\tIncrementing serial number in file \"%s\"\n", path); + } + + /* at last, sign the zone file */ + if ( err > 0 ) + { + time_t timer; + + verbmesg (1, zp->conf, "\tSigning zone \"%s\"\n", zp->zone); + logflush (); + + /* dynamic zones uses incremental signing, so we have to */ + /* prepare the old (signed) file as new input file */ + if ( dynamic_zone ) + { + char zfile[MAX_PATHSIZE+1]; + + dyn_update_freeze (zp->zone, zp->conf, 1); /* freeze dynamic zone ! */ + + pathname (zfile, sizeof (zfile), zp->dir, zp->file, NULL); + pathname (path, sizeof (path), zp->dir, zp->sfile, NULL); + if ( filesize (path) == 0L ) /* initial signing request */ + { + verbmesg (1, zp->conf, "\tDynamic Zone signing: Initial signing request: Add DNSKEYs to zonefile\n"); + copyfile (zfile, path, zp->conf->keyfile); + } + verbmesg (1, zp->conf, "\tDynamic Zone signing: copy old signed zone file %s to new input file %s\n", + path, zfile); + if ( newkey ) /* if we have new keys, they should be added to the zone file */ + copyzonefile (path, zfile, zp->conf->keyfile); + else /* else we can do a simple file copy */ + copyfile (path, zfile, NULL); + } + + timer = start_timer (); + if ( (err = sign_zone (zp->dir, zp->zone, zp->file, zp->conf)) < 0 ) + { + error ("Signing of zone %s failed (%d)!\n", zp->zone, err); + lg_mesg (LG_ERROR, "\"%s\": signing failed!", zp->zone); + } + timer = stop_timer (timer); + + if ( dynamic_zone ) + dyn_update_freeze (zp->zone, zp->conf, 0); /* thaw dynamic zone file */ + + { + const char *tstr = str_delspace (age2str (timer)); + + if ( !tstr || *tstr == '\0' ) + tstr = "0s"; + verbmesg (1, zp->conf, "\tSigning completed after %s.\n", tstr); + } + } + + copy_keyset (zp->dir, zp->zone, zp->conf); + + if ( err >= 0 && reloadflag ) + { + if ( zp->conf->dist_cmd ) + dist_and_reload (zp); + else + reload_zone (zp->zone, zp->conf); + + register_key (zp->keys, zp->conf); + } + + return err; +} + +static void register_key (dki_t *list, const zconf_t *z) +{ + dki_t *dkp; + time_t currtime; + time_t age; + + assert ( list != NULL ); + assert ( z != NULL ); + + currtime = time (NULL); + for ( dkp = list; dkp && dki_isksk (dkp); dkp = dkp->next ) + { + age = dki_age (dkp, currtime); +#if 0 + /* announce "new" and active key signing keys */ + if ( REG_URL && *REG_URL && dki_status (dkp) == DKI_ACT && age <= z->resign * 4 ) + { + if ( verbose ) + logmesg ("\tRegister new KSK with tag %d for domain %s\n", + dkp->tag, dkp->name); + } +#endif + } +} + +/* + * This function is not working with symbolic links to keyset- files, + * because file_mtime() returns the mtime of the underlying file, and *not* + * that of the symlink file. + * This is bad, because the keyset-file will be newly generated by dnssec-signzone + * on every re-signing call. + * Instead, in the case of a hierarchical directory structure, we copy the file + * (and so we change the timestamp) only if it was modified after the last + * generation (checked with cmpfile(), see func sign_zone()). + */ +# define KEYSET_FILE_PFX "keyset-" +static int new_keysetfiles (const char *dir, time_t zone_signing_time) +{ + DIR *dirp; + struct dirent *dentp; + char path[MAX_PATHSIZE+1]; + int newkeysetfile; + + if ( (dirp = opendir (dir)) == NULL ) + return 0; + + newkeysetfile = 0; + dbg_val2 ("new_keysetfile (%s, %s)\n", dir, time2str (zone_signing_time, 's')); + while ( !newkeysetfile && (dentp = readdir (dirp)) != NULL ) + { + if ( strncmp (dentp->d_name, KEYSET_FILE_PFX, strlen (KEYSET_FILE_PFX)) != 0 ) + continue; + + pathname (path, sizeof (path), dir, dentp->d_name, NULL); + dbg_val2 ("newkeysetfile timestamp of %s = %s\n", path, time2str (file_mtime(path), 's')); + if ( file_mtime (path) > zone_signing_time ) + newkeysetfile = 1; + } + closedir (dirp); + + return newkeysetfile; +} + +static int check_keydb_timestamp (dki_t *keylist, time_t reftime) +{ + dki_t *key; + + assert ( keylist != NULL ); + if ( reftime == 0 ) + return 1; + + for ( key = keylist; key; key = key->next ) + if ( dki_time (key) > reftime ) + return 1; + + return 0; +} + +static int writekeyfile (const char *fname, const dki_t *list, int key_ttl) +{ + FILE *fp; + const dki_t *dkp; + time_t curr = time (NULL); + int ksk; + + if ( (fp = fopen (fname, "w")) == NULL ) + return 0; + fprintf (fp, ";\n"); + fprintf (fp, ";\t!!! Don\'t edit this file by hand.\n"); + fprintf (fp, ";\t!!! It will be generated by %s.\n", progname); + fprintf (fp, ";\n"); + fprintf (fp, ";\t Last generation time %s\n", time2str (curr, 's')); + fprintf (fp, ";\n"); + + fprintf (fp, "\n"); + fprintf (fp, "; *** List of Key Signing Keys ***\n"); + ksk = 1; + for ( dkp = list; dkp; dkp = dkp->next ) + { + if ( ksk && !dki_isksk (dkp) ) + { + fprintf (fp, "; *** List of Zone Signing Keys ***\n"); + ksk = 0; + } + dki_prt_comment (dkp, fp); + dki_prt_dnskeyttl (dkp, fp, key_ttl); + putc ('\n', fp); + } + + fclose (fp); + return 1; +} + +static int sign_zone (const char *dir, const char *domain, const char *file, const zconf_t *conf) +{ + char cmd[1023+1]; + char str[1023+1]; + char rparam[254+1]; + char keysetdir[254+1]; + const char *gends; + const char *pseudo; + const char *param; + int len; + FILE *fp; + + assert (conf != NULL); + assert (domain != NULL); + + len = 0; + str[0] = '\0'; + if ( conf->lookaside && conf->lookaside[0] ) + len = snprintf (str, sizeof (str), "-l %.250s", conf->lookaside); + + dbg_line(); +#if defined(BIND_VERSION) && BIND_VERSION >= 940 + if ( !dynamic_zone && conf->serialform == Unixtime ) + snprintf (str+len, sizeof (str) - len, " -N unixtime"); +#endif + + gends = ""; + if ( conf->sig_gends ) + gends = "-g "; + + pseudo = ""; + if ( conf->sig_pseudo ) + pseudo = "-p "; + + param = ""; + if ( conf->sig_param && conf->sig_param[0] ) + param = conf->sig_param; + + dbg_line(); + rparam[0] = '\0'; + if ( conf->sig_random && conf->sig_random[0] ) + snprintf (rparam, sizeof (rparam), "-r %.250s ", conf->sig_random); + + dbg_line(); + keysetdir[0] = '\0'; + if ( conf->keysetdir && conf->keysetdir[0] && strcmp (conf->keysetdir, "..") != 0 ) + snprintf (keysetdir, sizeof (keysetdir), "-d %.250s ", conf->keysetdir); + + if ( dir == NULL || *dir == '\0' ) + dir = "."; + + dbg_line(); +#if defined(BIND_VERSION) && BIND_VERSION >= 940 + if ( dynamic_zone ) + snprintf (cmd, sizeof (cmd), "cd %s; %s %s %s%s%s%s-o %s -e +%d %s -N increment -f %s.dsigned %s K*.private", + dir, SIGNCMD, param, gends, pseudo, rparam, keysetdir, domain, conf->sigvalidity, str, file, file); + else +#endif + snprintf (cmd, sizeof (cmd), "cd %s; %s %s %s%s%s%s-o %s -e +%d %s %s K*.private", + dir, SIGNCMD, param, gends, pseudo, rparam, keysetdir, domain, conf->sigvalidity, str, file); + verbmesg (2, conf, "\t Run cmd \"%s\"\n", cmd); + *str = '\0'; + if ( noexec == 0 ) + { + if ( (fp = popen (cmd, "r")) == NULL || fgets (str, sizeof str, fp) == NULL ) + return -1; + pclose (fp); + } + + dbg_line(); + verbmesg (2, conf, "\t Cmd dnssec-signzone return: \"%s\"\n", str_chop (str, '\n')); + + return 0; +} + +static void copy_keyset (const char *dir, const char *domain, const zconf_t *conf) +{ + char fromfile[1024]; + char tofile[1024]; + int ret; + + /* propagate "keyset"-file to parent dir */ + if ( conf->keysetdir && strcmp (conf->keysetdir, "..") == 0 ) + { + /* check if special parent-file exist (ksk rollover) */ + snprintf (fromfile, sizeof (fromfile), "%s/parent-%s", dir, domain); + if ( !fileexist (fromfile) ) /* use "normal" keyset-file */ + snprintf (fromfile, sizeof (fromfile), "%s/keyset-%s", dir, domain); + + /* verbmesg (2, conf, "\t check \"%s\" against parent dir\n", fromfile); */ + snprintf (tofile, sizeof (tofile), "%s/../keyset-%s", dir, domain); + if ( cmpfile (fromfile, tofile) != 0 ) + { + verbmesg (2, conf, "\t copy \"%s\" to parent dir\n", fromfile); + if ( (ret = copyfile (fromfile, tofile, NULL)) != 0 ) + { + error ("Couldn't copy \"%s\" to parent dir (%d:%s)\n", + fromfile, ret, strerror(errno)); + lg_mesg (LG_ERROR, "\%s\": can't copy \"%s\" to parent dir (%d:%s)", + domain, fromfile, ret, strerror(errno)); + } + } + } +} + +static int dyn_update_freeze (const char *domain, const zconf_t *z, int freeze) +{ + char cmdline[254+1]; + char str[254+1]; + char *action; + FILE *fp; + + assert (z != NULL); + if ( freeze ) + action = "freeze"; + else + action = "thaw"; + + if ( z->view ) + snprintf (str, sizeof (str), "\"%s\" in view \"%s\"", domain, z->view); + else + snprintf (str, sizeof (str), "\"%s\"", domain); + + lg_mesg (LG_NOTICE, "%s: %s dynamic zone", str, action); + verbmesg (1, z, "\t%s dynamic zone %s\n", action, str); + + if ( z->view ) + snprintf (cmdline, sizeof (cmdline), "%s %s %s IN %s", RELOADCMD, action, domain, z->view); + else + snprintf (cmdline, sizeof (cmdline), "%s %s %s", RELOADCMD, action, domain); + + verbmesg (2, z, "\t Run cmd \"%s\"\n", cmdline); + *str = '\0'; + if ( noexec == 0 ) + { + if ( (fp = popen (cmdline, "r")) == NULL || fgets (str, sizeof str, fp) == NULL ) + return -1; + pclose (fp); + } + + verbmesg (2, z, "\t rndc %s return: \"%s\"\n", action, str_chop (str, '\n')); + + return 0; +} + +/***************************************************************** +** distribute and reload a zone via "distribute_command" +*****************************************************************/ +static int dist_and_reload (const zone_t *zp) +{ + char path[MAX_PATHSIZE+1]; + char cmdline[254+1]; + char zone[254+1]; + char str[254+1]; + FILE *fp; + + assert (zp != NULL); + assert (zp->conf->dist_cmd != NULL); + + if ( !is_exec_ok (zp->conf->dist_cmd) ) + { + char *mesg; + + if ( getuid () == 0 ) + mesg = "\tDistribution command %s not run as root\n"; + else + mesg = "\tDistribution command %s not run due to strange file mode settings\n"; + + verbmesg (1, zp->conf, mesg, zp->conf->dist_cmd); + lg_mesg (LG_ERROR, "exec of distribution command %s disabled due to security reasons", zp->conf->dist_cmd); + + return -1; + } + + if ( zp->conf->view ) + snprintf (zone, sizeof (zone), "\"%s\" in view \"%s\"", zp->zone, zp->conf->view); + else + snprintf (zone, sizeof (zone), "\"%s\"", zp->zone); + + + pathname (path, sizeof (path), zp->dir, zp->sfile, NULL); + + lg_mesg (LG_NOTICE, "%s: distribution triggered", zone); + verbmesg (1, zp->conf, "\tDistribute zone %s\n", zone); + if ( zp->conf->view ) + snprintf (cmdline, sizeof (cmdline), "%s distribute %s %s %s", zp->conf->dist_cmd, zp->zone, path, zp->conf->view); + else + snprintf (cmdline, sizeof (cmdline), "%s distribute %s %s", zp->conf->dist_cmd, zp->zone, path); + + *str = '\0'; + if ( noexec == 0 ) + { + verbmesg (2, zp->conf, "\t Run cmd \"%s\"\n", cmdline); + if ( (fp = popen (cmdline, "r")) == NULL || fgets (str, sizeof str, fp) == NULL ) + return -2; + pclose (fp); + verbmesg (2, zp->conf, "\t %s distribute return: \"%s\"\n", zp->conf->dist_cmd, str_chop (str, '\n')); + } + + + lg_mesg (LG_NOTICE, "%s: reload triggered", zone); + verbmesg (1, zp->conf, "\tReload zone %s\n", zone); + if ( zp->conf->view ) + snprintf (cmdline, sizeof (cmdline), "%s reload %s %s %s", zp->conf->dist_cmd, zp->zone, path, zp->conf->view); + else + snprintf (cmdline, sizeof (cmdline), "%s reload %s %s", zp->conf->dist_cmd, zp->zone, path); + + *str = '\0'; + if ( noexec == 0 ) + { + verbmesg (2, zp->conf, "\t Run cmd \"%s\"\n", cmdline); + if ( (fp = popen (cmdline, "r")) == NULL || fgets (str, sizeof str, fp) == NULL ) + return -2; + pclose (fp); + verbmesg (2, zp->conf, "\t %s reload return: \"%s\"\n", zp->conf->dist_cmd, str_chop (str, '\n')); + } + + return 0; +} + +/***************************************************************** +** reload a zone via "rndc" +*****************************************************************/ +static int reload_zone (const char *domain, const zconf_t *z) +{ + char cmdline[254+1]; + char str[254+1]; + FILE *fp; + + assert (z != NULL); + // fprintf (stderr, "reload_zone %d :%s: :%s:\n", z->verbosity, domain, z->view); + if ( z->view ) + snprintf (str, sizeof (str), "\"%s\" in view \"%s\"", domain, z->view); + else + snprintf (str, sizeof (str), "\"%s\"", domain); + + lg_mesg (LG_NOTICE, "%s: reload triggered", str); + verbmesg (1, z, "\tReload zone %s\n", str); + + if ( z->view ) + snprintf (cmdline, sizeof (cmdline), "%s reload %s IN %s", RELOADCMD, domain, z->view); + else + snprintf (cmdline, sizeof (cmdline), "%s reload %s", RELOADCMD, domain); + + *str = '\0'; + if ( noexec == 0 ) + { + verbmesg (2, z, "\t Run cmd \"%s\"\n", cmdline); + if ( (fp = popen (cmdline, "r")) == NULL || fgets (str, sizeof str, fp) == NULL ) + return -1; + pclose (fp); + verbmesg (2, z, "\t rndc reload return: \"%s\"\n", str_chop (str, '\n')); + } + + return 0; +} diff --git a/contrib/zkt/dnssec-zkt.8 b/contrib/zkt/dnssec-zkt.8 new file mode 100644 index 0000000..b53f8bb --- /dev/null +++ b/contrib/zkt/dnssec-zkt.8 @@ -0,0 +1,481 @@ +.TH dnssec-zkt 8 "July 27, 2008" "ZKT 0.97" "" +\" turn off hyphenation +.\" if n .nh +.nh +.SH NAME +dnssec-zkt \(em Secure DNS zone key tool + +.SH SYNOPSYS +.na +.B dnssec-zkt +.RB [ \-V|--view +.IR "view" ] +.RB [ \-c +.IR "file" ] +.RB [ \-l +.IR "list" ] +.RB [ \-adefhkLrptz ] +.RI [{ keyfile | dir } +.RI "" ... ] + +.B dnssec-zkt +.BR \-C <label> +.RB [ \-V|--view +.IR "view" ] +.RB [ \-c +.IR "file" ] +.RB [ \-krpz ] +.RI [{ keyfile | dir } +.RI "" ... ] +.br +.B dnssec-zkt +.BR \-\-create= <label> +.RB [ \-V|--view +.IR "view" ] +.RB [ \-c +.IR "file" ] +.RB [ \-krpz ] +.RI [{ keyfile | dir } +.RI "" ... ] + +.B dnssec-zkt +.BR \- { P | A | D | R } <keytag> +.RB [ \-V|--view +.IR "view" ] +.RB [ \-c +.IR "file" ] +.RB [ \-r ] +.RI [{ keyfile | dir } +.RI "" ... ] +.br +.B dnssec-zkt +.BR \-\-published= <keytag> +.RB [ \-V|--view +.IR "view" ] +.RB [ \-c +.IR "file" ] +.RB [ \-r ] +.RI [{ keyfile | dir } +.RI "" ... ] +.br +.B dnssec-zkt +.BR \-\-active= <keytag> +.RB [ \-V|--view +.IR "view" ] +.RB [ \-c +.IR "file" ] +.RB [ \-r ] +.RI [{ keyfile | dir } +.RI "" ... ] +.br +.B dnssec-zkt +.BR \-\-depreciate= <keytag> +.RB [ \-V|--view +.IR "view" ] +.RB [ \-c +.IR "file" ] +.RB [ \-r ] +.RI [{ keyfile | dir } +.RI "" ... ] +.br +.B dnssec-zkt +.BR \-\-rename= <keytag> +.RB [ \-V|--view +.IR "view" ] +.RB [ \-c +.IR "file" ] +.RB [ \-r ] +.RI [{ keyfile | dir } +.RI "" ... ] + +.B dnssec-zkt +.BR \-\-destroy= <keytag> +.RB [ \-V|--view +.IR "view" ] +.RB [ \-c +.IR "file" ] +.RB [ \-r ] +.RI [{ keyfile | dir } +.RI "" ... ] + +.B dnssec-zkt +.B \-T +.RB [ \-V|--view +.IR "view" ] +.RB [ \-c +.IR "file" ] +.RB [ \-l +.IR "list" ] +.RB [ \-hr ] +.RI [{ keyfile | dir } +.RI "" ... ] +.br +.B dnssec-zkt +.B \-\-list-trustedkeys +.RB [ \-V|--view +.IR "view" ] +.RB [ \-c +.IR "file" ] +.RB [ \-l +.IR "list" ] +.RB [ \-hr ] +.RI [{ keyfile | dir } +.RI "" ... ] + +.B dnssec-zkt +.B \-K +.RB [ \-V|--view +.IR "view" ] +.RB [ \-c +.IR "file" ] +.RB [ \-l +.IR "list" ] +.RB [ \-hkzr ] +.RI [{ keyfile | dir } +.RI "" ... ] +.br +.B dnssec-zkt +.B \-\-list-dnskeys +.RB [ \-V|--view +.IR "view" ] +.RB [ \-c +.IR "file" ] +.RB [ \-l +.IR "list" ] +.RB [ \-hkzr ] +.RI [{ keyfile | dir } +.RI "" ... ] + +.B dnssec-zkt +.B \-Z +.RB [ \-V|--view +.IR "view" ] +.RB [ \-c +.IR "file" ] +.br +.B dnssec-zkt +.B \-\-zone-config +.RB [ \-V|--view +.IR "view" ] +.RB [ \-c +.IR "file" ] + +.B dnssec-zkt +.B \-9 | \-\-ksk-rollover +.br +.B dnssec-zkt +.B \-1 | \-\-ksk-roll-phase1 +.I "do.ma.in." +.RB [ \-V|--view +.IR "view" ] +.RB [ \-c +.IR "file" ] +.br +.B dnssec-zkt +.B \-2 | \-\-ksk-roll-phase2 +.I "do.ma.in." +.RB [ \-V|--view +.IR "view" ] +.RB [ \-c +.IR "file" ] +.br +.B dnssec-zkt +.B \-3 | \-\-ksk-roll-phase3 +.I do.ma.in. +.RB [ \-V|--view +.IR "view" ] +.RB [ \-c +.IR "file" ] +.br +.B dnssec-zkt +.B \-0 | \-\-ksk-roll-stat +.I do.ma.in. +.RB [ \-V|--view +.IR "view" ] +.RB [ \-c +.IR "file" ] +.br +.ad + +.SH DESCRIPTION +The +.I dnssec-zkt +command is a wrapper around +.I dnssec-keygen(8) +to assist in dnssec zone key management. +.PP +In the common usage the command prints out information about +all dnssec (zone) keys found in the given (or predefined default) directory. +It's also possible to specify keyfiles (K*.key) as arguments. +With option +.B \-r +subdirectories will be searched recursively, and all dnssec keys found +will be listed sorted by domain name, key type and generation time. +In that mode the use of the +.B \-p +option may be helpful to find the location of the keyfile in the directory tree. +.PP +Other forms of the command print out keys in a format suitable for +a trusted-key section or as a DNSKEY resource record. +.PP +The command is also useful in dns key management. +It allows key livetime monitoring and status change. + +.SH GENERAL OPTIONS +.TP +.BI \-V " view" ", \-\-view=" view +Try to read the default configuration out of a file named +.I dnssec-<view>.conf . +Instead of specifying the \-V or --view option every time, +it's also possible to create a hard or softlink to the +executable file to give it an additional name like +.I dnssec-zkt-<view> . +.TP +.BI \-c " file" ", \-\-config=" file +Read default values from the specified config file. +Otherwise the default config file is read or build in defaults +will be used. +.TP +.BI \-O " optstr" ", \-\-config-option=" optstr +Set any config file option via the commandline. +Several config file options could be specified at the argument string +but have to be delimited by semicolon (or newline). +.TP +.BI \-l " list" +Print out information solely about domains given in the comma or space separated +list. +Take care of, that every domain name has a trailing dot. +.TP +.BR \-d ", " \-\-directory +Skip directory arguments. +This will be useful in combination with wildcard arguments +to prevent dnsssec-zkt to list all keys found in subdirectories. +For example "dnssec-zkt -d *" will print out a list of all keys only found in +the current directory. +Maybe it's easier to use "dnssec-zkt ." instead (without -r set). +The option works similar to the \-d option of +.IR ls(1) . +.TP +.BR \-L ", " \-\-left-justify +Print out the domain name left justified. +.TP +.BR \-k ", " \-\-ksk +Select and print key signing keys only (default depends on command mode). +.TP +.BR \-z ", " \-\-zsk +Select and print zone signing keys only (default depends on command mode). +.TP +.BR \-r ", " \-\-recursive +Recursive mode (default is off). +.br +Also settable in the dnssec.conf file (Parameter: Recursive). +.TP +.BR \-p ", " \-\-path +Print pathname in listing mode. +In -C mode, don't create the new key in the same directory as (already existing) +keys with the same label. +.TP +.BR \-a ", " \-\-age +Print age of key in weeks, days, hours, minutes and seconds (default is off). +.br +Also settable in the dnssec.conf file (Parameter: PrintAge). +.TP +.BR \-f ", " \-\-lifetime +Print the key lifetime. +.TP +.BR \-F ", " \-\-setlifetime +Set the key lifetime of all the selected keys. +Use option -k, -z, -l or the file and dir argument for key selection. +.TP +.BR \-e ", " \-\-exptime +Print the key expiration time. +.TP +.BR \-t ", " \-\-time +Print the key generation time (default is on). +.br +Also settable in the dnssec.conf file (Parameter: PrintTime). +.TP +.B \-h +No header or trusted-key section header and trailer in -T mode +.PP + +.SH COMMAND OPTIONS +.TP +.BR \-H ", " \-\-help +Print out the online help. +.TP +.BR \-T ", " \-\-list-trustedkeys +List all key signing keys as a +.I named.conf +trusted-key section. +Use +.B \-h +to supress the section header/trailer. +.TP +.BR \-K ", " \-\-list-dnskeys +List the public part of all the keys in DNSKEY resource record format. +Use +.B \-h +to suppress comment lines. +.TP +.BI \-C " zone" ", \-\-create=" zone +Create a new zone signing key for the given zone. +Add option +.B \-k +to create a key signing key. +The key algorithm and key length will be examined from built-in default values +or from the parameter settings in the +.I dnssec.conf +file. +.br +The keyfile will be created in the current directory if +the +.B \-p +option is specified. +.TP +.BI \-R " keyid" ", \-\-revoke=" keyid +Revoke the key signing key with the given keyid. +A revoked key has bit 8 in the flags filed set (see RFC5011). +The keyid is the numeric keytag with an optionally added zone name separated by a colon. +.TP +.BI \-\-rename=" keyid +Rename the key files of the key with the given keyid +(Look at key file names starting with an lower 'k'). +The keyid is the numeric keytag with an optionally added zone name separated by a colon. +.TP +.BI \-\-destroy= keyid +Deletes the key with the given keyid. +The keyid is the numeric keytag with an optionally added zone name separated by a colon. +Beware that this deletes both private and public keyfiles, thus the key is +unrecoverable lost. +.TP +.BI \-P|A|D " keyid," " \-\-published=" keyid, " \-\-active=" keyid, " \-\-depreciated=" keyid +Change the status of the given dnssec key to +published +.RB ( \-P ), +active +.RB ( \-A ) +or depreciated +.RB ( \-D ). +The +.I keyid +is the numeric keytag with an optionally added zone name separated by a colon. +Setting the status to "published" or "depreciate" will change the filename +of the private key file to ".published" or ".depreciated" respectivly. +This prevents the usage of the key as a signing key by the use of +.IR dnssec-signzone(8) . +The time of status change will be stored in the 'mtime' field of the corresponding +".key" file. +Key activation via option +.B \-A +will restore the original timestamp and file name (".private"). +.TP +.BR \-Z ", " \-\-zone-config +Write all config parameters to stdout. +The output is suitable as a template for the +.I dnssec.conf +file, so the easiest way to create a +.I dnssec.conf +file is to redirect the standard output of the above command. +Pay attention not to overwrite an existing file. +.TP +.BI \-\-ksk-roll-phase[123] " do.ma.in." +Initiate a key signing key rollover of the specified domain. +This feature is currently in experimental status and is mainly for the use +in an hierachical environment. +Use --ksk-rollover for a little more detailed description. + + +.SH SAMPLE USAGE +.TP +.fam C +.B "dnssec-zkt \-r . +.fam T +Print out a list of all zone keys found below the current directory. +.TP +.fam C +.B "dnssec-zkt \-Z \-c """" +.fam T +Print out the compiled in default parameters. +.TP +.fam C +.B "dnssec-zkt \-C example.net \-k \-r ./zonedir +.fam T +Create a new key signing key for the zone "example.net". +Store the key in the same directory below "zonedir" where the other +"example.net" keys live. +.TP +.fam C +.B "dnssec-zkt \-T ./zonedir/example.net +.fam T +Print out a trusted-key section containing the key signing keys of "example.net". +.TP +.fam C +.B "dnssec-zkt \-D 123245 \-r . +.fam T +Depreciate the key with tag "12345" below the current directory, +.TP +.fam C +.B "dnssec-zkt --view intern +Print out a list of all zone keys found below the directory where all +the zones of view intern live. +There should be a seperate dnssec config file +.I dnssec-intern.conf +with a directory option to take affect of this. +.TP +.fam C +.B "dnssec-zkt-intern +.fam T +Same as above. +The binary file +.I dnssec-zkt +have linked to +.I dnssec-zkt-intern . + +.SH ENVIRONMENT VARIABLES +.TP +ZKT_CONFFILE +Specifies the name of the default global configuration files. + +.SH FILES +.TP +.I /var/named/dnssec.conf +Built-in default global configuration file. +The name of the default global config file is settable via +the environment variable ZKT_CONFFILE. +.TP +.I /var/named/dnssec-<view>.conf +View specific global configuration file. +.TP +.I ./dnssec.conf +Local configuration file (only used in +.B \-C +mode). + +.SH BUGS +.PP +Some of the general options will not be meaningful in all of the command modes. +.br +The option +.B \-l +and the ksk rollover options +insist on domain names ending with a dot. +.PP + +.SH AUTHOR +Holger Zuleger + +.SH COPYRIGHT +Copyright (c) 2005 \- 2007 by Holger Zuleger. +Licensed under the GPL 2. There is NO warranty; not even for MERCHANTABILITY or +FITNESS FOR A PARTICULAR PURPOSE. +.\"-------------------------------------------------- +.SH SEE ALSO +dnssec-keygen(8), dnssec-signzone(8), rndc(8), named.conf(5), dnssec-signer(8), +.br +RFC4641 +"DNSSEC Operational Practices" by Miek Gieben and Olaf Kolkman, +.br +DNSSEC HOWTO Tutorial by Olaf Kolkman, RIPE NCC +.br +(http://www.nlnetlabs.nl/dnssec_howto/) diff --git a/contrib/zkt/dnssec-zkt.c b/contrib/zkt/dnssec-zkt.c new file mode 100644 index 0000000..803cbc3 --- /dev/null +++ b/contrib/zkt/dnssec-zkt.c @@ -0,0 +1,823 @@ +/***************************************************************** +** +** @(#) dnssec-zkt.c (c) Jan 2005 Holger Zuleger hznet.de +** +** Secure DNS zone key tool +** A wrapper command around the BIND dnssec-keygen utility +** +** Copyright (c) 2005 - 2008, Holger Zuleger HZnet. All rights reserved. +** +** This software is open source. +** +** Redistribution and use in source and binary forms, with or without +** modification, are permitted provided that the following conditions +** are met: +** +** Redistributions of source code must retain the above copyright notice, +** this list of conditions and the following disclaimer. +** +** Redistributions in binary form must reproduce the above copyright notice, +** this list of conditions and the following disclaimer in the documentation +** and/or other materials provided with the distribution. +** +** Neither the name of Holger Zuleger HZnet nor the names of its contributors may +** be used to endorse or promote products derived from this software without +** specific prior written permission. +** +** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +** POSSIBILITY OF SUCH DAMAGE. +** +*****************************************************************/ + +# include <stdio.h> +# include <stdlib.h> /* abort(), exit(), ... */ +# include <string.h> +# include <dirent.h> +# include <assert.h> +# include <unistd.h> +# include <ctype.h> + +#ifdef HAVE_CONFIG_H +# include <config.h> +#endif +# include "config_zkt.h" +#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG +# include <getopt.h> +#endif + +# include "debug.h" +# include "misc.h" +# include "strlist.h" +# include "zconf.h" +# include "dki.h" +# include "zkt.h" + +extern int optopt; +extern int opterr; +extern int optind; +extern char *optarg; +const char *progname; + +char *labellist = NULL; + +int headerflag = 1; +int ageflag = 0; +int lifetime = 0; +int lifetimeflag = 0; +int timeflag = 1; +int exptimeflag = 0; +int pathflag = 0; +int kskflag = 1; +int zskflag = 1; +int ljustflag = 0; + +static int dirflag = 0; +static int recflag = RECURSIVE; +static int trustedkeyflag = 0; +static char *kskdomain = ""; +static const char *view = ""; + +# define short_options ":0:1:2:3:9A:C:D:P:S:R:HKTs:ZV:afF:c:O:dhkLl:prtez" +#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG +static struct option long_options[] = { + {"ksk-rollover", no_argument, NULL, '9'}, + {"ksk-status", required_argument, NULL, '0'}, + {"ksk-roll-status", required_argument, NULL, '0'}, + {"ksk-newkey", required_argument, NULL, '1'}, + {"ksk-publish", required_argument, NULL, '2'}, + {"ksk-delkey", required_argument, NULL, '3'}, + {"ksk-roll-phase1", required_argument, NULL, '1'}, + {"ksk-roll-phase2", required_argument, NULL, '2'}, + {"ksk-roll-phase3", required_argument, NULL, '3'}, + {"list-dnskeys", no_argument, NULL, 'K'}, + {"list-trustedkeys", no_argument, NULL, 'T'}, + {"ksk", no_argument, NULL, 'k'}, + {"zsk", no_argument, NULL, 'z'}, + {"age", no_argument, NULL, 'a'}, + {"lifetime", no_argument, NULL, 'f'}, + {"time", no_argument, NULL, 't'}, + {"expire", no_argument, NULL, 'e'}, + {"recursive", no_argument, NULL, 'r'}, + {"zone-config", no_argument, NULL, 'Z'}, + {"leftjust", no_argument, NULL, 'L'}, + {"path", no_argument, NULL, 'p'}, + {"nohead", no_argument, NULL, 'h'}, + {"directory", no_argument, NULL, 'd'}, + {"config", required_argument, NULL, 'c'}, + {"option", required_argument, NULL, 'O'}, + {"config-option", required_argument, NULL, 'O'}, + {"published", required_argument, NULL, 'P'}, + {"standby", required_argument, NULL, 'S'}, + {"active", required_argument, NULL, 'A'}, + {"depreciated", required_argument, NULL, 'D'}, + {"create", required_argument, NULL, 'C'}, + {"revoke", required_argument, NULL, 'R'}, + {"remove", required_argument, NULL, 19 }, + {"destroy", required_argument, NULL, 20 }, + {"setlifetime", required_argument, NULL, 'F' }, + {"view", required_argument, NULL, 'V' }, + {"help", no_argument, NULL, 'H'}, + {0, 0, 0, 0} +}; +#endif + +static int parsedirectory (const char *dir, dki_t **listp); +static void parsefile (const char *file, dki_t **listp); +static void createkey (const char *keyname, const dki_t *list, const zconf_t *conf); +static void ksk_roll (const char *keyname, int phase, const dki_t *list, const zconf_t *conf); +static int create_parent_file (const char *fname, int phase, int ttl, const dki_t *dkp); +static void usage (char *mesg, zconf_t *cp); +static const char *parsetag (const char *str, int *tagp); + +static void setglobalflags (zconf_t *config) +{ + recflag = config->recursive; + ageflag = config->printage; + timeflag = config->printtime; + ljustflag = config->ljust; +} + +int main (int argc, char *argv[]) +{ + dki_t *data = NULL; + dki_t *dkp; + int c; + int opt_index; + int action; + const char *file; + const char *defconfname = NULL; + char *p; + char str[254+1]; + const char *keyname = NULL; + int searchtag; + zconf_t *config; + + progname = *argv; + if ( (p = strrchr (progname, '/')) ) + progname = ++p; + view = getnameappendix (progname, "dnssec-zkt"); + + defconfname = getdefconfname (view); + config = loadconfig ("", (zconf_t *)NULL); /* load built in config */ + if ( fileexist (defconfname) ) /* load default config file */ + config = loadconfig (defconfname, config); + if ( config == NULL ) + fatal ("Out of memory\n"); + setglobalflags (config); + + opterr = 0; + opt_index = 0; + action = 0; +#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG + while ( (c = getopt_long (argc, argv, short_options, long_options, &opt_index)) != -1 ) +#else + while ( (c = getopt (argc, argv, short_options)) != -1 ) +#endif + { + switch ( c ) + { + case '9': /* ksk rollover help */ + ksk_roll ("help", c - '0', NULL, NULL); + exit (1); + case '1': /* ksk rollover: create new key */ + case '2': /* ksk rollover: publish DS */ + case '3': /* ksk rollover: delete old key */ + case '0': /* ksk rollover: show current status */ + action = c; + if ( !optarg ) + usage ("ksk rollover requires an domain argument", config); + kskdomain = str_tolowerdup (optarg); + break; + case 'T': + trustedkeyflag = 1; + zskflag = pathflag = 0; + /* fall through */ + case 'H': + case 'K': + case 'Z': + action = c; + break; + case 'C': + pathflag = !pathflag; + /* fall through */ + case 'P': + case 'S': + case 'A': + case 'D': + case 'R': + case 's': + case 19: + case 20: + if ( (keyname = parsetag (optarg, &searchtag)) != NULL ) + { + int len = strlen (keyname); + if ( len > 0 && keyname[len-1] != '.' ) + { + snprintf (str, sizeof(str), "%s.", keyname); + keyname = str; + } + } + keyname = str_tolowerdup (keyname); + action = c; + break; + case 'a': /* age */ + ageflag = !ageflag; + break; + case 'f': /* key lifetime */ + lifetimeflag = !lifetimeflag; + break; + case 'F': /* set key lifetime */ + lifetime = atoi (optarg); + lifetimeflag = 1; /* set some flags for more informative output */ + exptimeflag = 1; + timeflag = 1; + action = c; + break; + case 'V': /* view name */ + view = optarg; + defconfname = getdefconfname (view); + if ( fileexist (defconfname) ) /* load default config file */ + config = loadconfig (defconfname, config); + if ( config == NULL ) + fatal ("Out of memory\n"); + setglobalflags (config); + break; + case 'c': + config = loadconfig (optarg, config); + setglobalflags (config); + checkconfig (config); + break; + case 'O': /* read option from commandline */ + config = loadconfig_fromstr (optarg, config); + setglobalflags (config); + checkconfig (config); + break; + case 'd': /* ignore directory arg */ + dirflag = 1; + break; + case 'h': /* print no headline */ + headerflag = 0; + break; + case 'k': /* ksk only */ + zskflag = 0; + break; + case 'L': /* ljust */ + ljustflag = !ljustflag; + break; + case 'l': /* label list */ + labellist = prepstrlist (optarg, LISTDELIM); + if ( labellist == NULL ) + fatal ("Out of memory\n"); + break; + case 'p': /* print path */ + pathflag = 1; + break; + case 'r': /* switch recursive flag */ + recflag = !recflag; + break; + case 't': /* time */ + timeflag = !timeflag; + break; + case 'e': /* expire time */ + exptimeflag = !exptimeflag; + break; + case 'z': /* zsk only */ + kskflag = 0; + break; + case ':': + snprintf (str, sizeof(str), "option \"-%c\" requires an argument.\n", + optopt); + usage (str, config); + break; + case '?': + if ( isprint (optopt) ) + snprintf (str, sizeof(str), "Unknown option \"-%c\".\n", + optopt); + else + snprintf (str, sizeof (str), "Unknown option char \\x%x.\n", + optopt); + usage (str, config); + break; + default: + abort(); + } + } + + /* it's better to do this before we read the whole directory tree */ + if ( action == 'Z' ) + { + printconfig ("stdout", config); + return 0; + } + + if ( kskflag == 0 && zskflag == 0 ) + kskflag = zskflag = 1; + + c = optind; + do { + if ( c >= argc ) /* no args left */ + file = config->zonedir; /* use default directory */ + else + file = argv[c++]; + + if ( is_directory (file) ) + parsedirectory (file, &data); + else + parsefile (file, &data); + + } while ( c < argc ); /* for all arguments */ + + switch ( action ) + { + case 'H': + usage ("", config); + case 'C': + createkey (keyname, data, config); + break; + case 'P': + case 'S': + case 'A': + case 'D': + if ( (dkp = (dki_t*)zkt_search (data, searchtag, keyname)) == NULL ) + fatal ("Key with tag %u not found\n", searchtag); + else if ( dkp == (void *) 01 ) + fatal ("Key with tag %u found multiple times\n", searchtag); + if ( (c = dki_setstatus_preservetime (dkp, action)) != 0 ) + fatal ("Couldn't change status of key %u: %d\n", searchtag, c); + break; + case 19: /* remove (rename) key file */ + if ( (dkp = (dki_t *)zkt_search (data, searchtag, keyname)) == NULL ) + fatal ("Key with tag %u not found\n", searchtag); + else if ( dkp == (void *) 01 ) + fatal ("Key with tag %u found multiple times\n", searchtag); + dki_remove (dkp); + break; + case 20: /* destroy the key (remove the files!) */ + if ( (dkp = (dki_t *)zkt_search (data, searchtag, keyname)) == NULL ) + fatal ("Key with tag %u not found\n", searchtag); + else if ( dkp == (void *) 01 ) + fatal ("Key with tag %u found multiple times\n", searchtag); + dki_destroy (dkp); + break; + case 'R': + if ( (dkp = (dki_t *)zkt_search (data, searchtag, keyname)) == NULL ) + fatal ("Key with tag %u not found\n", searchtag); + else if ( dkp == (void *) 01 ) + fatal ("Key with tag %u found multiple times\n", searchtag); + if ( (c = dki_setstatus (dkp, action)) != 0 ) + fatal ("Couldn't change status of key %u: %d\n", searchtag, c); + break; + case 's': + if ( (dkp = (dki_t *)zkt_search (data, searchtag, keyname)) == NULL ) + fatal ("Key with tag %u not found\n", searchtag); + else if ( dkp == (void *) 01 ) + fatal ("Key with tag %u found multiple times\n", searchtag); + dki_prt_dnskey (dkp, stdout); + break; + case 'K': + zkt_list_dnskeys (data); + break; + case 'T': + zkt_list_trustedkeys (data); + break; + case '1': /* ksk rollover new key */ + case '2': /* ksk rollover publish DS */ + case '3': /* ksk rollover delete old key */ + case '0': /* ksk rollover status */ + ksk_roll (kskdomain, action - '0', data, config); + break; + case 'F': + zkt_setkeylifetime (data); + /* fall through */ + default: + zkt_list_keys (data); + } + + return 0; +} + +# define sopt_usage(mesg, value) fprintf (stderr, mesg, value) +#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG +# define lopt_usage(mesg, value) fprintf (stderr, mesg, value) +# define loptstr(lstr, sstr) lstr +#else +# define lopt_usage(mesg, value) +# define loptstr(lstr, sstr) sstr +#endif +static void usage (char *mesg, zconf_t *cp) +{ + fprintf (stderr, "Secure DNS Zone Key Tool %s\n", ZKT_VERSION); + fprintf (stderr, "\n"); + fprintf (stderr, "Show zone config parameter as %s file\n", LOCALCONF_FILE); + sopt_usage ("\tusage: %s -Z\n", progname); + lopt_usage ("\tusage: %s --zone-config\n", progname); + fprintf (stderr, "\n"); + fprintf (stderr, "List keys in current or given directory (-r for recursive mode)\n"); + sopt_usage ("\tusage: %s [-dhatkzpr] [-c config] [file|dir ...]\n", progname); + fprintf (stderr, "\n"); + fprintf (stderr, "List public part of keys in DNSKEY RR format\n"); + sopt_usage ("\tusage: %s -K [-dhkzr] [-c config] [file|dir ...]\n", progname); + lopt_usage ("\tusage: %s --list-dnskeys [-dhkzr] [-c config] [file|dir ...]\n", progname); + fprintf (stderr, "\n"); + fprintf (stderr, "List keys (output is suitable for trusted-keys section)\n"); + sopt_usage ("\tusage: %s -T [-dhzr] [-c config] [file|dir ...]\n", progname); + lopt_usage ("\tusage: %s --list-trustedkeys [-dhzr] [-c config] [file|dir ...]\n", progname); + fprintf (stderr, "\n"); + fprintf (stderr, "Create a new key \n"); + sopt_usage ("\tusage: %s -C <name> [-k] [-dpr] [-c config] [dir ...]\n", progname); + lopt_usage ("\tusage: %s --create=<name> [-k] [-dpr] [-c config] [dir ...]\n", progname); + fprintf (stderr, "\t\tKSK (use -k): %s %d bits\n", dki_algo2str (cp->k_algo), cp->k_bits); + fprintf (stderr, "\t\tZSK (default): %s %d bits\n", dki_algo2str (cp->z_algo), cp->z_bits); + fprintf (stderr, "\n"); + fprintf (stderr, "Change key status of specified key to published, active or depreciated\n"); + fprintf (stderr, "\t(<keyspec> := tag | tag:name) \n"); + sopt_usage ("\tusage: %s -P|-A|-D <keyspec> [-dr] [-c config] [dir ...]\n", progname); + lopt_usage ("\tusage: %s --published=<keyspec> [-dr] [-c config] [dir ...]\n", progname); + lopt_usage ("\tusage: %s --active=<keyspec> [-dr] [-c config] [dir ...]\n", progname); + lopt_usage ("\tusage: %s --depreciated=<keyspec> [-dr] [-c config] [dir ...]\n", progname); + fprintf (stderr, "\n"); + fprintf (stderr, "Revoke specified key (<keyspec> := tag | tag:name) \n"); + sopt_usage ("\tusage: %s -R <keyspec> [-dr] [-c config] [dir ...]\n", progname); + lopt_usage ("\tusage: %s --revoke=<keyspec> [-dr] [-c config] [dir ...]\n", progname); + fprintf (stderr, "\n"); + fprintf (stderr, "Remove (rename) or destroy (delete) specified key (<keyspec> := tag | tag:name) \n"); + lopt_usage ("\tusage: %s --remove=<keyspec> [-dr] [-c config] [dir ...]\n", progname); + lopt_usage ("\tusage: %s --destroy=<keyspec> [-dr] [-c config] [dir ...]\n", progname); + fprintf (stderr, "\n"); + fprintf (stderr, "Initiate a semi-automated KSK rollover"); + fprintf (stderr, "('%s -9%s' prints out a short description)\n", progname, loptstr ("|--ksk-rollover", "")); + sopt_usage ("\tusage: %s {-1} do.ma.in.\n", progname); + lopt_usage ("\tusage: %s {--ksk-roll-phase1|--ksk-newkey} do.ma.in.\n", progname); + sopt_usage ("\tusage: %s {-2} do.ma.in.\n", progname); + lopt_usage ("\tusage: %s {--ksk-roll-phase2|--ksk-publish} do.ma.in.\n", progname); + sopt_usage ("\tusage: %s {-3} do.ma.in.\n", progname); + lopt_usage ("\tusage: %s {--ksk-roll-phase3|--ksk-delkey} do.ma.in.\n", progname); + sopt_usage ("\tusage: %s {-0} do.ma.in.\n", progname); + lopt_usage ("\tusage: %s {--ksk-roll-status|--ksk-status} do.ma.in.\n", progname); + fprintf (stderr, "\n"); + + fprintf (stderr, "\n"); + fprintf (stderr, "General options \n"); + fprintf (stderr, "\t-c file%s", loptstr (", --config=file\n", "")); + fprintf (stderr, "\t\t read config from <file> instead of %s\n", CONFIG_FILE); + fprintf (stderr, "\t-O optstr%s", loptstr (", --config-option=\"optstr\"\n", "")); + fprintf (stderr, "\t\t read config options from commandline\n"); + fprintf (stderr, "\t-h%s\t no headline or trusted-key section header/trailer in -T mode\n", loptstr (", --nohead", "\t")); + fprintf (stderr, "\t-d%s\t skip directory arguments\n", loptstr (", --directory", "\t")); + fprintf (stderr, "\t-L%s\t print the domain name left justified (default: %s)\n", loptstr (", --leftjust", "\t"), ljustflag ? "on": "off"); + fprintf (stderr, "\t-l list\t\t print out only zone keys out of the given domain list\n"); + fprintf (stderr, "\t-p%s\t show path of keyfile / create key in current directory\n", loptstr (", --path", "\t")); + fprintf (stderr, "\t-r%s\t recursive mode on/off (default: %s)\n", loptstr(", --recursive", "\t"), recflag ? "on": "off"); + fprintf (stderr, "\t-a%s\t print age of key (default: %s)\n", loptstr (", --age", "\t"), ageflag ? "on": "off"); + fprintf (stderr, "\t-t%s\t print key generation time (default: %s)\n", loptstr (", --time", "\t"), + timeflag ? "on": "off"); + fprintf (stderr, "\t-e%s\t print key expiration time\n", loptstr (", --expire", "\t")); + fprintf (stderr, "\t-f%s\t print key lifetime\n", loptstr (", --lifetime", "\t")); + fprintf (stderr, "\t-F days%s=days\t set key lifetime\n", loptstr (", --setlifetime", "\t")); + fprintf (stderr, "\t-k%s\t key signing keys only\n", loptstr (", --ksk", "\t")); + fprintf (stderr, "\t-z%s\t zone signing keys only\n", loptstr (", --zsk", "\t")); + if ( mesg && *mesg ) + fprintf (stderr, "%s\n", mesg); + exit (1); +} + +static void createkey (const char *keyname, const dki_t *list, const zconf_t *conf) +{ + const char *dir = ""; + dki_t *dkp; + + if ( keyname == NULL || *keyname == '\0' ) + fatal ("Create key: no keyname!"); + + dbg_val2 ("createkey: keyname %s, pathflag = %d\n", keyname, pathflag); + /* search for already existent key to get the directory name */ + if ( pathflag && (dkp = (dki_t *)zkt_search (list, 0, keyname)) != NULL ) + { + char path[MAX_PATHSIZE+1]; + zconf_t localconf; + + dir = dkp->dname; + pathname (path, sizeof (path), dir, LOCALCONF_FILE, NULL); + if ( fileexist (path) ) /* load local config file */ + { + dbg_val ("Load local config file \"%s\"\n", path); + memcpy (&localconf, conf, sizeof (zconf_t)); + conf = loadconfig (path, &localconf); + } + } + + if ( zskflag ) + dkp = dki_new (dir, keyname, DKI_ZSK, conf->z_algo, conf->z_bits, conf->z_random, conf->z_life / DAYSEC); + else + dkp = dki_new (dir, keyname, DKI_KSK, conf->k_algo, conf->k_bits, conf->k_random, conf->k_life / DAYSEC); + if ( dkp == NULL ) + fatal ("Can't create key %s: %s!\n", keyname, dki_geterrstr ()); + + /* create a new key always in state published, which means "standby" for ksk */ + dki_setstatus (dkp, DKI_PUB); +} + +static int get_parent_phase (const char *file) +{ + FILE *fp; + int phase; + + if ( (fp = fopen (file, "r")) == NULL ) + return -1; + + phase = 0; + if ( fscanf (fp, "; KSK rollover phase%d", &phase) != 1 ) + phase = 0; + + fclose (fp); + return phase; +} + +static void ksk_roll (const char *keyname, int phase, const dki_t *list, const zconf_t *conf) +{ + char path[MAX_PATHSIZE+1]; + zconf_t localconf; + const char *dir; + dki_t *keylist; + dki_t *dkp; + dki_t *standby; + int parent_exist; + int parent_age; + int parent_phase; + int parent_propagation; + int key_ttl; + int ksk; + + if ( phase == 9 ) /* usage */ + { + fprintf (stderr, "A KSK rollover requires three consecutive steps:\n"); + fprintf (stderr, "\n"); + fprintf (stderr, "-1%s", loptstr ("|--ksk-roll-phase1 (--ksk-newkey)\n", "")); + fprintf (stderr, "\t Create a new KSK.\n"); + fprintf (stderr, "\t This step also creates a parent-<domain> file which contains only\n"); + fprintf (stderr, "\t the _old_ key. This file will be copied in hierarchical mode\n"); + fprintf (stderr, "\t by dnssec-signer to the parent directory as keyset-<domain> file.\n"); + fprintf (stderr, "\t Wait until the new keyset is propagated, before going to the next step.\n"); + fprintf (stderr, "\n"); + fprintf (stderr, "-2%s", loptstr ("|--ksk-roll-phase2 (--ksk-publish)\n", "")); + fprintf (stderr, "\t This step creates a parent-<domain> file with the _new_ key only.\n"); + fprintf (stderr, "\t Please send this file immediately to the parent (In hierarchical\n"); + fprintf (stderr, "\t mode this will be done automatically by the dnssec-signer command).\n"); + fprintf (stderr, "\t Then wait until the new DS is generated by the parent and propagated\n"); + fprintf (stderr, "\t to all the parent name server, plus the old DS TTL before going to step three.\n"); + fprintf (stderr, "\n"); + fprintf (stderr, "-3%s", loptstr ("|--ksk-roll-phase3 (--ksk-delkey)\n", "")); + fprintf (stderr, "\t Remove (rename) the old KSK and the parent-<domain> file.\n"); + fprintf (stderr, "\t You have to manually delete the old KSK (look at file names beginning\n"); + fprintf (stderr, "\t with an lower 'k').\n"); + fprintf (stderr, "\n"); + fprintf (stderr, "-0%s", loptstr ("|--ksk-roll-stat (--ksk-status)\n", "")); + fprintf (stderr, "\t Show the current KSK rollover state of a domain.\n"); + + fprintf (stderr, "\n"); + + return; + } + + if ( keyname == NULL || *keyname == '\0' ) + fatal ("ksk rollover: no domain!"); + + dbg_val2 ("ksk_roll: keyname %s, phase = %d\n", keyname, phase); + + /* search for already existent key to get the directory name */ + if ( (keylist = (dki_t *)zkt_search (list, 0, keyname)) == NULL ) + fatal ("ksk rollover: domain %s not found!\n", keyname); + dkp = keylist; + + /* try to read local config file */ + dir = dkp->dname; + pathname (path, sizeof (path), dir, LOCALCONF_FILE, NULL); + if ( fileexist (path) ) /* load local config file */ + { + dbg_val ("Load local config file \"%s\"\n", path); + memcpy (&localconf, conf, sizeof (zconf_t)); + conf = loadconfig (path, &localconf); + } + key_ttl = conf->key_ttl; + + /* check if parent-file already exist */ + pathname (path, sizeof (path), dir, "parent-", keyname); + parent_phase = parent_age = 0; + if ( (parent_exist = fileexist (path)) != 0 ) + { + parent_phase = get_parent_phase (path); + parent_age = file_age (path); + } + // parent_propagation = 2 * DAYSEC; + parent_propagation = 5 * MINSEC; + + ksk = 0; /* count active(!) key signing keys */ + standby = NULL; /* find standby key if available */ + for ( dkp = keylist; dkp; dkp = dkp->next ) + if ( dki_isksk (dkp) ) + { + if ( dki_status (dkp) == DKI_ACT ) + ksk++; + else if ( dki_status (dkp) == DKI_PUB ) + standby = dkp; + } + + switch ( phase ) + { + case 0: /* print status (debug) */ + fprintf (stdout, "ksk_rollover:\n"); + fprintf (stdout, "\t domain = %s\n", keyname); + fprintf (stdout, "\t phase = %d\n", parent_phase); + fprintf (stdout, "\t parent_file %s %s\n", path, parent_exist ? "exist": "not exist"); + if ( parent_exist ) + fprintf (stdout, "\t age of parent_file %d %s\n", parent_age, str_delspace (age2str (parent_age))); + fprintf (stdout, "\t # of active key signing keys %d\n", ksk); + fprintf (stdout, "\t parent_propagation %d %s\n", parent_propagation, str_delspace (age2str (parent_propagation))); + fprintf (stdout, "\t keys ttl %d %s\n", key_ttl, age2str (key_ttl)); + + for ( dkp = keylist; dkp; dkp = dkp->next ) + { + /* TODO: Nur zum testen */ + dki_prt_dnskey (dkp, stdout); + } + break; + case 1: + if ( parent_exist || ksk > 1 ) + fatal ("Can\'t create new ksk because there is already an ksk rollover in progress\n"); + + fprintf (stdout, "create new ksk \n"); + dkp = dki_new (dir, keyname, DKI_KSK, conf->k_algo, conf->k_bits, conf->k_random, conf->k_life / DAYSEC); + if ( dkp == NULL ) + fatal ("Can't create key %s: %s!\n", keyname, dki_geterrstr ()); + if ( standby ) + { + dki_setstatus (standby, DKI_ACT); /* activate standby key */ + dki_setstatus (dkp, DKI_PUB); /* new key will be the new standby */ + } + + // dkp = keylist; /* use old key to create the parent file */ + if ( (dkp = (dki_t *)dki_find (keylist, 1, 'a', 1)) == NULL ) /* find the oldest active ksk to create the parent file */ + fatal ("ksk_rollover phase1: Couldn't find the old active key\n"); + if ( !create_parent_file (path, phase, key_ttl, dkp) ) + fatal ("Couldn't create parentfile %s\n", path); + break; + + case 2: + if ( ksk < 2 ) + fatal ("Can\'t publish new key because no one exist\n"); + if ( !parent_exist ) + fatal ("More than one KSK but no parent file found!\n"); + if ( parent_phase != 1 ) + fatal ("Parent file exists but is in wrong state (phase = %d)\n", parent_phase); + if ( parent_age < conf->proptime + key_ttl ) + fatal ("ksk_rollover (phase2): you have to wait for the propagation of the new KSK (at least %dsec or %s)\n", + conf->proptime + key_ttl - parent_age, + str_delspace (age2str (conf->proptime + key_ttl - parent_age))); + + fprintf (stdout, "save new ksk in parent file\n"); + dkp = keylist->next; /* set dkp to new ksk */ + if ( !create_parent_file (path, phase, key_ttl, dkp) ) + fatal ("Couldn't create parentfile %s\n", path); + break; + case 3: + if ( !parent_exist || ksk < 2 ) + fatal ("ksk-delkey only allowed after ksk-publish\n"); + if ( parent_phase != 2 ) + fatal ("Parent file exists but is in wrong state (phase = %d)\n", parent_phase); + if ( parent_age < parent_propagation + key_ttl ) + fatal ("ksk_rollover (phase3): you have to wait for DS propagation (at least %dsec or %s)\n", + parent_propagation + key_ttl - parent_age, + str_delspace (age2str (parent_propagation + key_ttl - parent_age))); + /* remove the parentfile */ + fprintf (stdout, "remove parentfile \n"); + unlink (path); + /* remove or rename the old key */ + fprintf (stdout, "old ksk renamed \n"); + dkp = keylist; /* set dkp to old ksk */ + dki_remove (dkp); + break; + default: assert (phase == 1 || phase == 2 || phase == 3); + } +} + +/***************************************************************** +** create_parent_file () +*****************************************************************/ +static int create_parent_file (const char *fname, int phase, int ttl, const dki_t *dkp) +{ + FILE *fp; + + assert ( fname != NULL ); + + if ( dkp == NULL || (phase != 1 && phase != 2) ) + return 0; + + if ( (fp = fopen (fname, "w")) == NULL ) + fatal ("can\'t create new parentfile \"%s\"\n", fname); + + if ( phase == 1 ) + fprintf (fp, "; KSK rollover phase1 (old key)\n"); + else + fprintf (fp, "; KSK rollover phase2 (new key)\n"); + + dki_prt_dnskeyttl (dkp, fp, ttl); + fclose (fp); + + return phase; +} + +static int parsedirectory (const char *dir, dki_t **listp) +{ + dki_t *dkp; + DIR *dirp; + struct dirent *dentp; + char path[MAX_PATHSIZE+1]; + + if ( dirflag ) + return 0; + + dbg_val ("directory: opendir(%s)\n", dir); + if ( (dirp = opendir (dir)) == NULL ) + return 0; + + while ( (dentp = readdir (dirp)) != NULL ) + { + if ( is_dotfile (dentp->d_name) ) + continue; + + dbg_val ("directory: check %s\n", dentp->d_name); + pathname (path, sizeof (path), dir, dentp->d_name, NULL); + if ( is_directory (path) && recflag ) + { + dbg_val ("directory: recursive %s\n", path); + parsedirectory (path, listp); + } + else if ( is_keyfilename (dentp->d_name) ) + if ( (dkp = dki_read (dir, dentp->d_name)) ) + { + // fprintf (stderr, "parsedir: tssearch (%d %s)\n", dkp, dkp->name); +#if defined (USE_TREE) && USE_TREE + dki_tadd (listp, dkp); +#else + dki_add (listp, dkp); +#endif + } + } + closedir (dirp); + return 1; +} + +static void parsefile (const char *file, dki_t **listp) +{ + char path[MAX_PATHSIZE+1]; + dki_t *dkp; + + /* file arg contains path ? ... */ + file = splitpath (path, sizeof (path), file); /* ... then split of */ + + if ( is_keyfilename (file) ) /* plain file name looks like DNS key file ? */ + { + if ( (dkp = dki_read (path, file)) ) /* read DNS key file ... */ +#if defined (USE_TREE) && USE_TREE + dki_tadd (listp, dkp); /* ... and add to tree */ +#else + dki_add (listp, dkp); /* ... and add to list */ +#endif + else + error ("error parsing %s: (%s)\n", file, dki_geterrstr()); + } +} + +static const char *parsetag (const char *str, int *tagp) +{ + const char *p; + + *tagp = 0; + while ( isspace (*str) ) /* skip leading ws */ + str++; + + p = str; + if ( isdigit (*p) ) /* keytag starts with digit */ + { + sscanf (p, "%u", tagp); /* read keytag as number */ + do /* eat up to the end of the number */ + p++; + while ( isdigit (*p) ); + + if ( *p == ':' ) /* label follows ? */ + return p+1; /* return that */ + if ( *p == '\0' ) + return NULL; /* no label */ + } + return str; /* return as label string if not a numeric keytag */ +} + diff --git a/contrib/zkt/domaincmp.c b/contrib/zkt/domaincmp.c new file mode 100644 index 0000000..7d2486f --- /dev/null +++ b/contrib/zkt/domaincmp.c @@ -0,0 +1,190 @@ +/***************************************************************** +** +** @(#) domaincmp.c -- compare two domain names +** +** Copyright (c) Aug 2005, Karle Boss, Holger Zuleger (kaho). +** All rights reserved. +** +** This software is open source. +** +** Redistribution and use in source and binary forms, with or without +** modification, are permitted provided that the following conditions +** are met: +** +** Redistributions of source code must retain the above copyright notice, +** this list of conditions and the following disclaimer. +** +** Redistributions in binary form must reproduce the above copyright notice, +** this list of conditions and the following disclaimer in the documentation +** and/or other materials provided with the distribution. +** +** Neither the name of Karle Boss or Holger Zuleger (kaho) nor the +** names of its contributors may be used to endorse or promote products +** derived from this software without specific prior written permission. +** +** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +** POSSIBILITY OF SUCH DAMAGE. +** +*****************************************************************/ +# include <stdio.h> +# include <string.h> +# include <assert.h> +# include <ctype.h> +#define extern +# include "domaincmp.h" +#undef extern + + +#define goto_labelstart(str, p) while ( (p) > (str) && *((p)-1) != '.' ) \ + (p)-- + +/***************************************************************** +** int domaincmp (a, b) +** compare a and b as fqdns. +** return <0 | 0 | >0 as in strcmp +** A subdomain is less than the corresponding parent domain, +** thus domaincmp ("z.example.net", "example.net") return < 0 !! +*****************************************************************/ +int domaincmp (const char *a, const char *b) +{ + register const char *pa; + register const char *pb; + + if ( a == NULL ) return -1; + if ( b == NULL ) return 1; + + if ( *a == '.' ) /* skip a leading dot */ + a++; + if ( *b == '.' ) /* same at the other string */ + b++; + + /* let pa and pb point to the last non dot char */ + pa = a + strlen (a); + do + pa--; + while ( pa > a && *pa == '.' ); + + pb = b + strlen (b); + do + pb--; + while ( pb > b && *pb == '.' ); + + /* cmp both domains starting at the end */ + while ( *pa == *pb && pa > a && pb > b ) + pa--, pb--; + + if ( *pa != *pb ) /* both domains are different ? */ + { + if ( *pa == '.' ) + pa++; /* set to beginning of next label */ + else + goto_labelstart (a, pa); /* find begin of current label */ + if ( *pb == '.' ) + pb++; /* set to beginning of next label */ + else + goto_labelstart (b, pb); /* find begin of current label */ + } + else /* maybe one of them has a subdomain */ + { + if ( pa > a ) + if ( pa[-1] == '.' ) + return -1; + else + goto_labelstart (a, pa); + else if ( pb > b ) + if ( pb[-1] == '.' ) + return 1; + else + goto_labelstart (b, pb); + else + return 0; /* both are at the beginning, so they are equal */ + } + + /* both domains are definitly unequal */ + while ( *pa == *pb ) /* so we have to look at the point where they differ */ + pa++, pb++; + + return *pa - *pb; +} + +#ifdef DOMAINCMP_TEST +static struct { + char *a; + char *b; + int res; +} ex[] = { + { ".", ".", 0 }, + { "test", "", 1 }, + { "", "test2", -1 }, + { "", "", 0 }, + { "de", "de", 0 }, + { ".de", "de", 0 }, + { "de.", "de.", 0 }, + { ".de", ".de", 0 }, + { ".de.", ".de.", 0 }, + { ".de", "zde", -1 }, + { ".de", "ade", 1 }, + { "zde", ".de", 1 }, + { "ade", ".de", -1 }, + { "a.de", ".de", -1 }, + { ".de", "a.de", 1 }, + { "a.de", "b.de", -1 }, + { "a.de.", "b.de", -1 }, + { "a.de", "b.de.", -1 }, + { "a.de", "a.de.", 0 }, + { "aa.de", "b.de", -1 }, + { "ba.de", "b.de", 1 }, + { "a.de", "a.dk", -1 }, + { "anna.example.de", "anna.example.de", 0 }, + { "anna.example.de", "annamirl.example.de", -1 }, + { "anna.example.de", "ann.example.de", 1 }, + { "example.de.", "xy.example.de.", 1 }, + { "example.de.", "ab.example.de.", 1 }, + { "example.de", "ab.example.de", 1 }, + { "ab.example.de", "example.de", -1 }, + { "ab.mast.de", "axt.de", 1 }, + { "ab.mast.de", "obt.de", -1 }, + { "abc.example.de.", "xy.example.de.", -1 }, + { NULL, NULL, 0 } +}; + +const char *progname; +main (int argc, char *argv[]) +{ + + int expect; + int res; + int c; + int i; + + progname = *argv; + + for ( i = 0; ex[i].a; i++ ) + { + expect = ex[i].res; + if ( expect < 0 ) + c = '<'; + else if ( expect > 0 ) + c = '>'; + else + c = '='; + printf ("%-20s %-20s ==> %c 0 ", ex[i].a, ex[i].b, c); + fflush (stdout); + res = domaincmp (ex[i].a, ex[i].b); + printf ("%3d ", res); + if ( res < 0 && expect < 0 || res > 0 && expect > 0 || res == 0 && expect == 0 ) + puts ("ok"); + else + puts ("not ok"); + } +} +#endif diff --git a/contrib/zkt/domaincmp.h b/contrib/zkt/domaincmp.h new file mode 100644 index 0000000..7051f54 --- /dev/null +++ b/contrib/zkt/domaincmp.h @@ -0,0 +1,40 @@ +/***************************************************************** +** +** @(#) domaincmp.h -- compare two domain names +** +** Copyright (c) Aug 2005, Karle Boss (kaho). All rights reserved. +** +** This software is open source. +** +** Redistribution and use in source and binary forms, with or without +** modification, are permitted provided that the following conditions +** are met: +** +** Redistributions of source code must retain the above copyright notice, +** this list of conditions and the following disclaimer. +** +** Redistributions in binary form must reproduce the above copyright notice, +** this list of conditions and the following disclaimer in the documentation +** and/or other materials provided with the distribution. +** +** Neither the name of Holger Zuleger HZnet nor the names of its contributors may +** be used to endorse or promote products derived from this software without +** specific prior written permission. +** +** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +** POSSIBILITY OF SUCH DAMAGE. +** +*****************************************************************/ +#ifndef DOMAINCMP_H +# define DOMAINCMP_H +extern int domaincmp (const char *a, const char *b); +#endif diff --git a/contrib/zkt/examples/dnskey.db b/contrib/zkt/examples/dnskey.db new file mode 100644 index 0000000..2822e6a --- /dev/null +++ b/contrib/zkt/examples/dnskey.db @@ -0,0 +1,24 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by dnssec-signer. +; +; Last generation time Jun 24 2008 09:58:34 +; + +; *** List of Key Signing Keys *** +; example.net. tag=31674 algo=RSASHA1 generated Jun 24 2008 09:58:34 +example.net. 14400 IN DNSKEY 257 3 5 ( + BQEAAAABC23icFZAD3DFBLoEw7DWKl8Hig7azmEbpXHYyAV98l+QQaTA + b98Ob3YbrVJ9IU8E0KBFb5iYpHobxowPsI8FjUH2oL/7PfhtN1E3NlL6 + Uhbo8Umf6H0UULEsUTlTT8dnX+ikjAr8bN71YJP7BXlszezsFHuMEspN + dOPyMr93230+R2KTEzC2H4CQzSRIr5xXSIq8kkrJ3miGjTyj5awvXfJ+ + eQ== + ) ; key id = 31674 + +; *** List of Zone Signing Keys *** +; example.net. tag=33755 algo=RSASHA1 generated Jun 24 2008 09:58:34 +example.net. 14400 IN DNSKEY 256 3 5 ( + BQEAAAABzN8pvZb5GSy8AozXt4L8HK/x59TQjh9IaZS+mIyyuHDX2iaF + UigOqHixIJtDLD1r/MfelgJ/Mh6+vCu+XmMQuw== + ) ; key id = 33755 + diff --git a/contrib/zkt/examples/dnssec-signer.sh b/contrib/zkt/examples/dnssec-signer.sh new file mode 100755 index 0000000..ee4bfc0 --- /dev/null +++ b/contrib/zkt/examples/dnssec-signer.sh @@ -0,0 +1,12 @@ +#!/bin/sh +# +# Shell script to start the dnssec-signer +# command out of the example directory +# + +if test ! -f dnssec.conf +then + echo Please start this skript out of the flat or hierarchical sub directory + exit 1 +fi +ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-signer "$@" diff --git a/contrib/zkt/examples/dnssec-zkt.sh b/contrib/zkt/examples/dnssec-zkt.sh new file mode 100755 index 0000000..f3976ce --- /dev/null +++ b/contrib/zkt/examples/dnssec-zkt.sh @@ -0,0 +1,12 @@ +#!/bin/sh +# +# Shell script to start the dnssec-zkt command +# out of the example directory +# + +if test ! -f dnssec.conf +then + echo Please start this skript out of the flat or hierarchical sub directory + exit 1 +fi +ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-zkt "$@" diff --git a/contrib/zkt/examples/flat/dist.sh b/contrib/zkt/examples/flat/dist.sh new file mode 100755 index 0000000..c112f55 --- /dev/null +++ b/contrib/zkt/examples/flat/dist.sh @@ -0,0 +1,70 @@ +################################################################# +# +# @(#) dist.sh -- distribute and reload command for dnssec-signer +# +# (c) Jul 2008 Holger Zuleger hznet.de +# +# This shell script will be run by dnssec-signer as a distribution +# and reload command if: +# +# a) the dnssec.conf file parameter Distribute_Cmd: points +# to this file +# and +# b) the user running the dnssec-signer command is not +# root (uid==0) +# and +# c) the owner of this shell script is the same as the +# running user and the access rights don't allow writing +# for anyone except the owner +# or +# d) the group of this shell script is the same as the +# running user and the access rights don't allow writing +# for anyone except the group +# +################################################################# + +# set path to rndc and scp +PATH="/bin:/usr/bin:/usr/local/sbin" + +# remote server and directory +server=localhost # fqdn of remote name server +dir=/var/named # zone directory on remote name server + +progname=$0 +usage() +{ + echo "usage: $progname distribute|reload <domain> <path_to_zonefile> [<viewname>]" 1>&2 + test $# -gt 0 && echo $* 1>&2 + exit 1 +} + +if test $# -lt 3 +then + usage +fi +action="$1" +domain="$2" +zonefile="$3" +view="" +test $# -gt 3 && view="$4" + +case $action in +distribute) + if test -n "$view" + then + echo "scp $zonefile $server:$dir/$view/$domain/" + : scp $zonefile $server:$dir/$view/$domain/ + else + echo "scp $zonefile $server:$dir/$domain/" + : scp $zonefile $server:$dir/$domain/ + fi + ;; +reload) + echo "rndc $action $zone $view" + : rndc $action $zone $view + ;; +*) + usage "illegal action $action" + ;; +esac + diff --git a/contrib/zkt/examples/flat/dnssec.conf b/contrib/zkt/examples/flat/dnssec.conf new file mode 100644 index 0000000..2bd9c58 --- /dev/null +++ b/contrib/zkt/examples/flat/dnssec.conf @@ -0,0 +1,41 @@ +# +# @(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de +# + +# dnssec-zkt options +Zonedir: "." +Recursive: True +PrintTime: False +PrintAge: True +LeftJustify: False + +# zone specific values +ResignInterval: 2d # (172800 seconds) +Sigvalidity: 6d # (518400 seconds) +Max_TTL: 8h # (28800 seconds) +Propagation: 5m # (300 seconds) +KEY_TTL: 1h # (3600 seconds) +Serialformat: incremental + +# signing key parameters +KSK_lifetime: 60d # (5184000 seconds) +KSK_algo: RSASHA1 # (Algorithm ID 5) +KSK_bits: 1300 +KSK_randfile: "/dev/urandom" +ZSK_lifetime: 2w # (1209600 seconds) +ZSK_algo: RSASHA1 # (Algorithm ID 5) +ZSK_bits: 512 +ZSK_randfile: "/dev/urandom" + +# dnssec-signer options +LogFile: "zkt.log" +LogLevel: debug +SyslogFacility: USER +SyslogLevel: notice +VerboseLog: 2 +Keyfile: "dnskey.db" +Zonefile: "zone.db" +KeySetDir: "../keysets" +DLV_Domain: "" +Sig_Pseudorand: True +Distribute_Cmd: "./dist.sh" diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.key b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.key new file mode 100644 index 0000000..6a64c44 --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.key @@ -0,0 +1,3 @@ +;% generationtime=20080609224426 +;% lifetime=60d +dyn.example.net. IN DNSKEY 257 3 3 CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+VNGd4RjwWpEDj8RhEAhQ7 LybJzr0wtHXT2Q/KS55xARkUtcH2TVO/ayMupa30pM38rd8uF38sm+AB KLEvCbPjaLZyW+s10di8nLp1aAxKFFfAEfXkIhl3Wm5g9CvjrMlrxAOf Ny/jtz4v+asIr6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i4RBVWgHH JMmtyqq+SqEkPhZvsTuo2sXgIH9vRS3XgfkGtw/KyTUM29bhZ2eB+Ldq +bggp1gbBDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjAolJwCtaPCD4e 4infmw+YSxjGau+YGgI0Cc0uItzQmNNpSoejM3IWGV+SN/YuPJIzw8wi xDfO6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOTdQjsJWLLdLTApVEH 10kjAGfa30Tm92lQhhG5ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1 diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.private b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.private new file mode 100644 index 0000000..4f7ec3d --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.private @@ -0,0 +1,7 @@ +Private-key-format: v1.2 +Algorithm: 3 (DSA) +Prime(p): 4bble5+VNGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/KS55xARkUtcH2TVO/ayMupa30pM38rd8uF38sm+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfAEfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asIr6/d992V80G9wMKMvTM= +Subprime(q): 20V1WtRQn0w8PLMag+b61IpSCdc= +Base(g): EKAq+EqfbNibm1u/YuEQVVoBxyTJrcqqvkqhJD4Wb7E7qNrF4CB/b0Ut14H5BrcPysk1DNvW4Wdngfi3avm4IKdYGwQ4krMWT48XIosyP5gs11m6vAXX2ei7HXTIwKJScArWjwg+HuIp35sPmEsYxmrvmBoCNAnNLiLc0JjTaUo= +Private_value(x): xY/GSk3U4oHIsvUiAs/9/n+6ttk= +Public_value(y): h6MzchYZX5I39i48kjPDzCLEN87qQI2I+xbjkW+rfXXjxwC9S/CKpg9Dd84145N1COwlYst0tMClUQfXSSMAZ9rfROb3aVCGEbmi9atYIxsWXDgtu+Wif5faydY8263RrU/PhZ1yUNyY1Tx3GLWUW8ZtwnQTioGglUEjMOHgdfU= diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.key b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.key new file mode 100644 index 0000000..d129398 --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.key @@ -0,0 +1,3 @@ +;% generationtime=20080609224426 +;% lifetime=14d +dyn.example.net. IN DNSKEY 256 3 5 BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQuIkM+jbh+s79ZpErpCR7w BS5TswdoTeglX9UjP0D6hLmHfTcsdHQLLeMidQ== diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.private b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.private new file mode 100644 index 0000000..3692946 --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: 1hmOomNafbJ3H76e8V4qmFvlFWQuIkM+jbh+s79ZpErpCR7wBS5TswdoTeglX9UjP0D6hLmHfTcsdHQLLeMidQ== +PublicExponent: AQAAAAE= +PrivateExponent: dAiTob6wk4h5l6frfh49NAzd3RBsVRxqqCsMao52fJvlK06wmOb9PkqOaEMTDroJEGgN6zD/sWcGPK7nYwDMHQ== +Prime1: 731n5xPK9UQqQsQtattcC4MxtL6+OP1CyLy8e2tsd/8= +Prime2: 5NwPUBy32o2zzpw4TDH3omB6yk0fmFItJx4ek3RaBYs= +Exponent1: jzq6en2c8SwS5uQwY3/vFY549HMSTxP58kyS/GJ9hqE= +Exponent2: y52KLCquniy3EwUypKRkPZPftjBoqZkXeQLXSk4b850= +Coefficient: vHnxG4D4n+IKETXrutOFT+iREDDcfj6GpYubIP/goZc= diff --git a/contrib/zkt/examples/flat/dyn.example.net./dnskey.db b/contrib/zkt/examples/flat/dyn.example.net./dnskey.db new file mode 100644 index 0000000..e0f978e --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./dnskey.db @@ -0,0 +1,29 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by dnssec-signer. +; +; Last generation time Jun 12 2008 18:28:38 +; + +; *** List of Key Signing Keys *** +; dyn.example.net. tag=42138 algo=DSA generated Jun 10 2008 00:44:26 +dyn.example.net. 14400 IN DNSKEY 257 3 3 ( + CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+VNGd4RjwWpEDj8RhEAhQ7 + LybJzr0wtHXT2Q/KS55xARkUtcH2TVO/ayMupa30pM38rd8uF38sm+AB + KLEvCbPjaLZyW+s10di8nLp1aAxKFFfAEfXkIhl3Wm5g9CvjrMlrxAOf + Ny/jtz4v+asIr6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i4RBVWgHH + JMmtyqq+SqEkPhZvsTuo2sXgIH9vRS3XgfkGtw/KyTUM29bhZ2eB+Ldq + +bggp1gbBDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjAolJwCtaPCD4e + 4infmw+YSxjGau+YGgI0Cc0uItzQmNNpSoejM3IWGV+SN/YuPJIzw8wi + xDfO6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOTdQjsJWLLdLTApVEH + 10kjAGfa30Tm92lQhhG5ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd + clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1 + ) ; key id = 42138 + +; *** List of Zone Signing Keys *** +; dyn.example.net. tag=1355 algo=RSASHA1 generated Jun 10 2008 00:44:26 +dyn.example.net. 14400 IN DNSKEY 256 3 5 ( + BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQuIkM+jbh+s79ZpErpCR7w + BS5TswdoTeglX9UjP0D6hLmHfTcsdHQLLeMidQ== + ) ; key id = 1355 + diff --git a/contrib/zkt/examples/flat/dyn.example.net./dnssec.conf b/contrib/zkt/examples/flat/dyn.example.net./dnssec.conf new file mode 100644 index 0000000..0998fda --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./dnssec.conf @@ -0,0 +1,5 @@ +# signing key parameters +KSK_lifetime: 60d # (5184000 seconds) +KSK_algo: DSA +KSK_bits: 1024 +KSK_randfile: "/dev/urandom" diff --git a/contrib/zkt/examples/flat/dyn.example.net./dsset-dyn.example.net. b/contrib/zkt/examples/flat/dyn.example.net./dsset-dyn.example.net. new file mode 100644 index 0000000..f94666a --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./dsset-dyn.example.net. @@ -0,0 +1,2 @@ +dyn.example.net. IN DS 42138 3 1 0F49FCDB683D1903F69B6779DB55CA3472974879 +dyn.example.net. IN DS 42138 3 2 94AC94BFE3AFA17F7485F5F741274074FF2E26A360D776D8884F2689 CCED34C6 diff --git a/contrib/zkt/examples/flat/dyn.example.net./keyset-dyn.example.net. b/contrib/zkt/examples/flat/dyn.example.net./keyset-dyn.example.net. new file mode 100644 index 0000000..002217b --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./keyset-dyn.example.net. @@ -0,0 +1,18 @@ +$ORIGIN . +dyn.example.net 7200 IN DNSKEY 257 3 3 ( + CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V + NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K + S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s + m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA + EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI + r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i + 4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v + RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb + BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA + olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u + ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO + 6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT + dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5 + ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd + clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1 + ) ; key id = 42138 diff --git a/contrib/zkt/examples/flat/dyn.example.net./zone.db b/contrib/zkt/examples/flat/dyn.example.net./zone.db new file mode 100644 index 0000000..ee557b8 --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./zone.db @@ -0,0 +1,136 @@ +; File written on Thu Jun 12 18:28:34 2008 +; dnssec_signzone version 9.5.0 +dyn.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 7 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 3 7200 20080622152834 ( + 20080612152834 1355 dyn.example.net. + h8oKA1I7aC378Cll7LdhM2XZzrtsoxOdPaas + SMAd5Ok2zobl8i4nTpxUzmJE27U+yEeOJkf+ + SXgsy934gAaYLw== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 5 3 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + xuEEg3kN7hAVIwdQ8l8lmeEzNhrtz5Ow1PQK + Sm3KTIxXI8RLcqZgc4pMlCWq+gWwxekvxJwz + lU0C+J4VPkA8pA== ) + 7200 NSEC localhost.dyn.example.net. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 3 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + XFDBfmcN874qUtNsGwD9Ir0QAzjYMw3BI40I + HFEOkTBJouhQ8RBpR6YqgWpkLqg1khvES5DH + +6XuqA8u/xPmbw== ) + 3600 DNSKEY 256 3 5 ( + BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQu + IkM+jbh+s79ZpErpCR7wBS5TswdoTeglX9Uj + P0D6hLmHfTcsdHQLLeMidQ== + ) ; key id = 1355 + 3600 DNSKEY 257 3 3 ( + CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V + NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K + S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s + m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA + EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI + r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i + 4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v + RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb + BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA + olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u + ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO + 6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT + dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5 + ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd + clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1 + ) ; key id = 42138 + 3600 RRSIG DNSKEY 3 3 3600 20080615214426 ( + 20080609214426 42138 dyn.example.net. + CIIuZ4cbwEWxoPGO6KDcLRO4Z3y0i2VhXy+5 + 1X+nmHSkpcKJrUty/wY= ) + 3600 RRSIG DNSKEY 5 3 3600 20080615214426 ( + 20080609214426 1355 dyn.example.net. + xGL6ZjA7v2RjPj7BnYjCvsgMRm/Z94j4c5K4 + 7twJsUZ0AO/mURIpdbCigDfFJuK2fy/8X4Vi + 9K8P4EgCcj52Jw== ) +localhost.dyn.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + s+RvcycC8aAYgRcR5qBdVXhpRxBMTFS5Q0Pk + FN7OAdfmJ/3nV7+ehu0eOZ2ZjO2Pm4ZFcSM1 + Sm1ttNxSTe2M8A== ) + 7200 NSEC ns1.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + ZhXlmS/WJPbIiXwLKzNFOxw7RU3owfTA8vEM + +/SDZO/7+aVSj5IgbsUs3qLAuFrMN8BFEAWt + AqArf+M3STbO9g== ) +ns1.dyn.example.net. 7200 IN A 1.0.0.5 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + gPY1vUcxdWRJ1YbFMg/8rgoPZwta6rFrxQZl + KbyBNctNmlbXxeynP6j3qjwq9dydzbNt+sjO + TdWtXSZIlU2JKQ== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + Y/PZmvaKPq4CqDvdG7eA2sxlnCPeNKHkZOB4 + eDvK1x+q/WfTs3BDd3+g4zlG5nMC+NRSlXeO + Q4Pxd2rI9ud1hA== ) + 7200 NSEC ns2.dyn.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + pLgxecgjqGdhVmCcUl59FljWsnC4bjkslUdt + 0etzeGD1SNGUqhFcW10EgZE4Y9pXwvLvw68R + sj80tqtN0NHi/Q== ) +ns2.dyn.example.net. 7200 IN A 1.2.0.6 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + pHtJzfj0HU/AkLE70xT0UG8M/Gvvsia61TnC + UrxR/61uQk1X4Vy2+oPA14Yb2QJ7ZHG5D1cn + LrVtjyQbfimbOA== ) + 7200 NSEC x.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + vjPL9Mb6oUyg9y8m+BpVpTRpac9+WJxu8FHd + Xv4xk67NN+L+Zpukm0D8LSOrk4hZk0X5JkLD + Pz/gpH280yQJFA== ) +x.dyn.example.net. 7200 IN A 1.2.3.4 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + tFyv0gmTKt8/IXdH9VA1H1ymBQ8EIviN2xbC + P8vzWZbay3Az2GPObYmaHKb1dm+Sq1dQUJsb + jn6fdB+T2Zs9Pw== ) + 7200 NSEC y.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + bWhiuA+4V86k/bfw7XQ7qDHwxTwbTyN+2gu5 + MeYQA/WeHdb+3QUOYr6aERRJlbD4q431d4f7 + 0sIwBMHOsDjTSA== ) +y.dyn.example.net. 7200 IN A 1.2.3.5 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + KQbZCcMcXWwGUyHyubt0VRhrpgiOel/0rQpF + 18PyCNIAUIdRra1+Tj12ZaCBT2x5fu+/rtki + qA5CzWo8HIPwmA== ) + 7200 NSEC z.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + e/zPTQ1WxvSJymZ/QSyPYFRYpc8gScTbwfXY + mSyhQGyn1FjfLodAvyicNYbKF/oxR7IaXKLn + lO6C9gQ+Iu9wyw== ) +z.dyn.example.net. 7200 IN A 1.2.3.6 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + hv9KA2BS+b97KSebN4h/nrP8cU4FUASHdsZj + E2GMTf1aV3gpUyPf8LizKhLbUo/LF0bO3CpJ + rWBT4VggwE8blQ== ) + 7200 NSEC dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + r8f5dzQcdnn8gvr0jiExt/n4IUCVKID9Nahx + XMDPLrA7ZH7omol+hKz6wlumYmjphlP2mHUU + TNZYnWKCkD3hAQ== ) diff --git a/contrib/zkt/examples/flat/dyn.example.net./zone.db.dsigned b/contrib/zkt/examples/flat/dyn.example.net./zone.db.dsigned new file mode 100644 index 0000000..9e4c5c8 --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./zone.db.dsigned @@ -0,0 +1,136 @@ +; File written on Thu Jun 12 18:28:39 2008 +; dnssec_signzone version 9.5.0 +dyn.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 8 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 3 7200 20080622152838 ( + 20080612152838 1355 dyn.example.net. + GXyAKsmJ3D+pFic86kQxw+ASoAeGwuGj2rY+ + fby0HR5ud3i/Iq857ZlluDbQbg1EKZuar0l5 + e7HwrB59bxKAuw== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 5 3 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + xuEEg3kN7hAVIwdQ8l8lmeEzNhrtz5Ow1PQK + Sm3KTIxXI8RLcqZgc4pMlCWq+gWwxekvxJwz + lU0C+J4VPkA8pA== ) + 7200 NSEC localhost.dyn.example.net. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 3 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + XFDBfmcN874qUtNsGwD9Ir0QAzjYMw3BI40I + HFEOkTBJouhQ8RBpR6YqgWpkLqg1khvES5DH + +6XuqA8u/xPmbw== ) + 3600 DNSKEY 256 3 5 ( + BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQu + IkM+jbh+s79ZpErpCR7wBS5TswdoTeglX9Uj + P0D6hLmHfTcsdHQLLeMidQ== + ) ; key id = 1355 + 3600 DNSKEY 257 3 3 ( + CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V + NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K + S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s + m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA + EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI + r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i + 4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v + RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb + BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA + olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u + ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO + 6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT + dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5 + ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd + clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1 + ) ; key id = 42138 + 3600 RRSIG DNSKEY 3 3 3600 20080615214426 ( + 20080609214426 42138 dyn.example.net. + CIIuZ4cbwEWxoPGO6KDcLRO4Z3y0i2VhXy+5 + 1X+nmHSkpcKJrUty/wY= ) + 3600 RRSIG DNSKEY 5 3 3600 20080615214426 ( + 20080609214426 1355 dyn.example.net. + xGL6ZjA7v2RjPj7BnYjCvsgMRm/Z94j4c5K4 + 7twJsUZ0AO/mURIpdbCigDfFJuK2fy/8X4Vi + 9K8P4EgCcj52Jw== ) +localhost.dyn.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + s+RvcycC8aAYgRcR5qBdVXhpRxBMTFS5Q0Pk + FN7OAdfmJ/3nV7+ehu0eOZ2ZjO2Pm4ZFcSM1 + Sm1ttNxSTe2M8A== ) + 7200 NSEC ns1.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + ZhXlmS/WJPbIiXwLKzNFOxw7RU3owfTA8vEM + +/SDZO/7+aVSj5IgbsUs3qLAuFrMN8BFEAWt + AqArf+M3STbO9g== ) +ns1.dyn.example.net. 7200 IN A 1.0.0.5 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + gPY1vUcxdWRJ1YbFMg/8rgoPZwta6rFrxQZl + KbyBNctNmlbXxeynP6j3qjwq9dydzbNt+sjO + TdWtXSZIlU2JKQ== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + Y/PZmvaKPq4CqDvdG7eA2sxlnCPeNKHkZOB4 + eDvK1x+q/WfTs3BDd3+g4zlG5nMC+NRSlXeO + Q4Pxd2rI9ud1hA== ) + 7200 NSEC ns2.dyn.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + pLgxecgjqGdhVmCcUl59FljWsnC4bjkslUdt + 0etzeGD1SNGUqhFcW10EgZE4Y9pXwvLvw68R + sj80tqtN0NHi/Q== ) +ns2.dyn.example.net. 7200 IN A 1.2.0.6 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + pHtJzfj0HU/AkLE70xT0UG8M/Gvvsia61TnC + UrxR/61uQk1X4Vy2+oPA14Yb2QJ7ZHG5D1cn + LrVtjyQbfimbOA== ) + 7200 NSEC x.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + vjPL9Mb6oUyg9y8m+BpVpTRpac9+WJxu8FHd + Xv4xk67NN+L+Zpukm0D8LSOrk4hZk0X5JkLD + Pz/gpH280yQJFA== ) +x.dyn.example.net. 7200 IN A 1.2.3.4 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + tFyv0gmTKt8/IXdH9VA1H1ymBQ8EIviN2xbC + P8vzWZbay3Az2GPObYmaHKb1dm+Sq1dQUJsb + jn6fdB+T2Zs9Pw== ) + 7200 NSEC y.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + bWhiuA+4V86k/bfw7XQ7qDHwxTwbTyN+2gu5 + MeYQA/WeHdb+3QUOYr6aERRJlbD4q431d4f7 + 0sIwBMHOsDjTSA== ) +y.dyn.example.net. 7200 IN A 1.2.3.5 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + KQbZCcMcXWwGUyHyubt0VRhrpgiOel/0rQpF + 18PyCNIAUIdRra1+Tj12ZaCBT2x5fu+/rtki + qA5CzWo8HIPwmA== ) + 7200 NSEC z.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + e/zPTQ1WxvSJymZ/QSyPYFRYpc8gScTbwfXY + mSyhQGyn1FjfLodAvyicNYbKF/oxR7IaXKLn + lO6C9gQ+Iu9wyw== ) +z.dyn.example.net. 7200 IN A 1.2.3.6 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + hv9KA2BS+b97KSebN4h/nrP8cU4FUASHdsZj + E2GMTf1aV3gpUyPf8LizKhLbUo/LF0bO3CpJ + rWBT4VggwE8blQ== ) + 7200 NSEC dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + r8f5dzQcdnn8gvr0jiExt/n4IUCVKID9Nahx + XMDPLrA7ZH7omol+hKz6wlumYmjphlP2mHUU + TNZYnWKCkD3hAQ== ) diff --git a/contrib/zkt/examples/flat/dyn.example.net./zone.org b/contrib/zkt/examples/flat/dyn.example.net./zone.org new file mode 100644 index 0000000..c536fc8 --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./zone.org @@ -0,0 +1,30 @@ +;----------------------------------------------------------------- +; +; @(#) dyn.example.net/zone.org +; +;----------------------------------------------------------------- + +$TTL 7200 + +@ IN SOA ns1.example.net. hostmaster.example.net. ( + 1 ; Serial + 43200 ; Refresh + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + IN NS ns1.example.net. + IN NS ns2.example.net. + +ns1 IN A 1.0.0.5 + IN AAAA 2001:db8::53 +ns2 IN A 1.2.0.6 + +localhost IN A 127.0.0.1 + +x IN A 1.2.3.4 +y IN A 1.2.3.5 +z IN A 1.2.3.6 + +$INCLUDE dnskey.db + diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.key b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.key new file mode 100644 index 0000000..bd273d3 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.key @@ -0,0 +1,3 @@ +;% generationtime=20080506212634 +;% lifetime=60d +example.net. IN DNSKEY 257 3 5 BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYVY4wCi2UVjhcehvIb2bF8 VJH2Q9/0ubQR1vQ2VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5HDrs lyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtmDUktDjZgsyVshFHVJShBUSj+ YpnfQkndGViDAbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH+B9rLlBU 8w== diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.published b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.published new file mode 100644 index 0000000..42b8b80 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: DUi2uSUlDjESbnrnY5wd8+pXxhYVY4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5HDrslyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtmDUktDjZgsyVshFHVJShBUSj+YpnfQkndGViDAbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH+B9rLlBU8w== +PublicExponent: AQAAAAE= +PrivateExponent: AzPR74ljfqsl7qB92XeCowR3igYQrN59a2Z8VGB1PegjagkBltDzudzYyDKpvqdigjeFLL54f1MN5JCPo4J2Q6Ij49LAQ5GsXiEd/FWlwR+UztOcW/uZ3W6DNIwuMbSY7ruZmpv/zVPpyeY1PVXgCsJlX2Zj/Wt8QHASHp5rUugGQSPQfVSQ/mBdDXMZw2tEb3b10quziCmKuHegopRYeuNXwQ== +Prime1: A+5jXfxmP0Mfnjr4m8BPrPkDyokgFXZB3dXibxeZqp4ypcwpXeO0xTf1FjSZeIOi2RJOzpym914IYa3wPx4zbxmsGeozr1hTIWE+6Xuz0qjE0w== +Prime2: A2EOffOaSvEoTUf/0dF8Z9/dYxIrE9HBbXRjgrlPc+WoG57lCkjxe/KO5Eclg9o5nrTFcsxpsjrdxOAcIcyTIHsXW8YgxDAb1mFJ0V6tBsabYQ== +Exponent1: vmRAN3zHGTV28Oj4gslB/xA58sDyieCkDrpGaGChsPo7yUPOEeZQ8ep/FDnQoZLhLCn6XkKcN4D99Yo3JxVECBJOHZp8HrFsfF9BzpXk2yH9 +Exponent2: Aj8x3YdZJ0/KzwX2m6G2qZ5WktmkDITa+XHxvSashqlBm2niBCRFN5kNQNhkIO5ZAFWKEPuHSB5BZWTzgj8jeB8mRoYtbPlJom4KbNtCiZ6BYQ== +Coefficient: A87WfUPUBfYDuSAu6kcHLAyr0OnqoXnMeXSgyq28CJXdh3Vg39Al8me07wWeRDjMzfpZGdKEhxyvVIS8WhY3du0FYoGI5YhJMqaYq3XjwLfpsQ== diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.key b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.key new file mode 100644 index 0000000..d72baa9 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.key @@ -0,0 +1,3 @@ +;% generationtime=20080420205422 +;% lifetime=60d +example.net. IN DNSKEY 257 3 5 BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5avmDYgAwXv0EsnNautYn7 kzDGwY3oVTXWDTdII+syK0pt0unjUn2ActoXtyFzIk61VRKDroANM9/W O0PO/y50vNIGMJUL1TiMR6jCp23eSxQ39/1A+BeiU+fMjoJK0/Yc7hbM HWwD8myU0IEX8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjKT1YYVnoQ qw== diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.private b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.private new file mode 100644 index 0000000..554cd12 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: DAnSCbSyScZdP2M6OQTbTGvZRD5avmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdII+syK0pt0unjUn2ActoXtyFzIk61VRKDroANM9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ39/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjKT1YYVnoQqw== +PublicExponent: AQAAAAE= +PrivateExponent: CJPcx+j7bWxMzKCl395v2PxQRYc/YurHU25oJL9i+B/bkxC8sRzSrTe4rRW61vhtAE3R6+CGz1336igirbEWKjHbPyBg42QHu2OCHWcKv4jq8k9yvtYGb9rKVvSUj4HAfZolr130loWW+CNp5soQQcJG0qxP+YkdI/Z+GDQ9kDbn80+r3wtCtVzjhoq0RoUSH3UnKUbs+DvacQmvepMLcM3PgQ== +Prime1: A413lN4gpI+7Imn2Krm4CGyRCBoNwFa2PSr1ZQN195W5enKVZAkKg+49G7hoduMgjW2RAzwoJp0/4cGPx5nugSv93QT/mTMhYupL9KdGKcYUIQ== +Prime2: A2N7TbYY1Q67CsoqHPvogKEP0XtlN421eF+88Yu/YnAZ3Ikd1nMad7rO1bVWptabsNuw0JFkpOmrS3u/GvaWmKCNGBlGjF/XlKr8Bh63V/zLSw== +Exponent1: Aa0C6ssN8NTZIKsoGJEJLVbb9uB48nXtaMq2FxFARogrnmY0Gi/n8AWFc+ulPvAzJhhrjWF3VW38GcuPe3Ss8l3fpAbAexEnrJHOXxKLlOgmwQ== +Exponent2: j78LKeDXSgTL5WmsffdJHSRe32GfaX6SgTF0BKzKVRuNIiOf7vHjzkDn4gdcTsMLTSNVp/Zj4vkWMkfJNq+AqosHpBFvhmd+boUG4Xde4jSp +Coefficient: A1RWhKCgowdNAWs9OF3Q5CBBzC2Fq6O0CspJJD3cmNTEQVbxEbzSWyW7S1NsBgp+6de/HQ72IFtEAL9ChSy6pXWx27PGK6wE89rGbfaJ9Y2gzQ== diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.key b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.key new file mode 100644 index 0000000..235a5df --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.key @@ -0,0 +1,3 @@ +;% generationtime=20080721221039 +;% lifetime=14d +example.net. IN DNSKEY 256 3 5 BQEAAAABz+XkYpKYKuMPi7jA8Y/qfzDuGKdGVadO1kBAK6UnrK+WbxP3 LjoOtWm13QuS8fHsuZipXs2ouT2S9dhdEArKfw== diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.private b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.private new file mode 100644 index 0000000..b5041c0 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: z+XkYpKYKuMPi7jA8Y/qfzDuGKdGVadO1kBAK6UnrK+WbxP3LjoOtWm13QuS8fHsuZipXs2ouT2S9dhdEArKfw== +PublicExponent: AQAAAAE= +PrivateExponent: MF8+pDySZKCy1bZvgH9me1xf6cMd7V7FYgIWqRTSGuGpRWdtnIoltaBWjj2UlCshJYiwT0Y5g3obAsorqBC3wQ== +Prime1: 6M83fhmfDJmatbG+texk1m/E7Aj8yOTLommXQYC/18M= +Prime2: 5JtrNfEt434OYY/aIFo+LpKQ4YHmni1IODDoP9sHkpU= +Exponent1: nCZRKBmE9YucwPIw6E1yLiAJ87fqm9IGNLez0kmtV+0= +Exponent2: 4rEtpIoEBRymA2/iJbg+UmyCd1MKp5Mx4WhFTv1KOS0= +Coefficient: v0eWAC3cl0XllkeNGaq5thp02OnHsxVU8Xwtss3dCMw= diff --git a/contrib/zkt/examples/flat/example.net./dnskey.db b/contrib/zkt/examples/flat/example.net./dnskey.db new file mode 100644 index 0000000..6bd2ba0 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./dnskey.db @@ -0,0 +1,33 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by dnssec-signer. +; +; Last generation time Jul 31 2008 00:25:53 +; + +; *** List of Key Signing Keys *** +; example.net. tag=1764 algo=RSASHA1 generated Jun 19 2008 00:32:22 +example.net. 3600 IN DNSKEY 257 3 5 ( + BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYVY4wCi2UVjhcehvIb2bF8 + VJH2Q9/0ubQR1vQ2VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5HDrs + lyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtmDUktDjZgsyVshFHVJShBUSj+ + YpnfQkndGViDAbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH+B9rLlBU + 8w== + ) ; key id = 1764 + +; example.net. tag=41151 algo=RSASHA1 generated Jun 19 2008 00:32:22 +example.net. 3600 IN DNSKEY 257 3 5 ( + BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5avmDYgAwXv0EsnNautYn7 + kzDGwY3oVTXWDTdII+syK0pt0unjUn2ActoXtyFzIk61VRKDroANM9/W + O0PO/y50vNIGMJUL1TiMR6jCp23eSxQ39/1A+BeiU+fMjoJK0/Yc7hbM + HWwD8myU0IEX8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjKT1YYVnoQ + qw== + ) ; key id = 41151 + +; *** List of Zone Signing Keys *** +; example.net. tag=41300 algo=RSASHA1 generated Jul 24 2008 00:13:57 +example.net. 3600 IN DNSKEY 256 3 5 ( + BQEAAAABz+XkYpKYKuMPi7jA8Y/qfzDuGKdGVadO1kBAK6UnrK+WbxP3 + LjoOtWm13QuS8fHsuZipXs2ouT2S9dhdEArKfw== + ) ; key id = 41300 + diff --git a/contrib/zkt/examples/flat/example.net./dsset-example.net. b/contrib/zkt/examples/flat/example.net./dsset-example.net. new file mode 100644 index 0000000..d4a01ed --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./dsset-example.net. @@ -0,0 +1,4 @@ +example.net. IN DS 1764 5 1 A6F060DDE8DE45CA7FD1C21E2F39C477F214795F +example.net. IN DS 1764 5 2 B7109245C60ACEDD1630E145477FDF574D5BD9CABE530AAC6D7192DB 7FBFAA3F +example.net. IN DS 41151 5 1 BBB692EA07571E412F9385A618C1CAD9BFC1469A +example.net. IN DS 41151 5 2 4D22B44C3DC09BD9EEADFFB917EFCE8E45F22E89FF0C096CD14F4405 CA1CAE3F diff --git a/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.key b/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.key new file mode 100644 index 0000000..fdf427b --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.key @@ -0,0 +1,4 @@ +;% generationtime=20080415164557 +;% lifetime=20d +;% expirationtime=20080506212633 +example.net. IN DNSKEY 385 3 5 BQEAAAABCrDt76ODmeteohszxggclH3vAXO/NXOnXjOzIivP5LaUL4/U uAtafg5JXypl/nCUVap9FG0K1ebCCBCMJaPCoi7pIgD5EgFzHPnxZo2w GvtmWYwK3MaBP4U8YzwpVbGpJIBAW+IZyM89LD6b2cvkJL5YEviPNfMp rMTLo7BOMVjMBpG2IuULOHq7dzyIe/ym/RXKuuYc5AVtHCBBfGKU/Wzn 0Q== diff --git a/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.private b/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.private new file mode 100644 index 0000000..1018561 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: CrDt76ODmeteohszxggclH3vAXO/NXOnXjOzIivP5LaUL4/UuAtafg5JXypl/nCUVap9FG0K1ebCCBCMJaPCoi7pIgD5EgFzHPnxZo2wGvtmWYwK3MaBP4U8YzwpVbGpJIBAW+IZyM89LD6b2cvkJL5YEviPNfMprMTLo7BOMVjMBpG2IuULOHq7dzyIe/ym/RXKuuYc5AVtHCBBfGKU/Wzn0Q== +PublicExponent: AQAAAAE= +PrivateExponent: CWC6hC61oQC954Dcu2Z0NNmLk6Wnr33yh7VCuT7kh5fSOgA6Fm0qQgH+nvW2sv9fpy8JB4WBaa/CnysKkLwjDBFcWkrMw7wDR0KAiixe8bjXCZUy95x2t3B/o23jQtS/ejJgaSSOJFioRcPoT5sv9mm6QCe3ir3g9+3n4COrzf0DY1oGfDLzuhrYDT/AM5MuEjSamlblTPHHsKlI3UCl+AHDLQ== +Prime1: A3ZcDeyxt/SDgmgg4Yk7v66MbFU4GWreYp4/MYhEDsE4jA0cqEY28cAoN8FyPCB1H1t10IVqOs7/LSKrWdXMUKUv57DPMHJp539Wx2HYLmVIfw== +Prime2: AxZ8J01/Sbij24nloiVsDJdjFTAVApr4S6n/QRdBkWumQTLexnQ1ErcTEVc3Fn0po04ZToIO5JNINrWNdAuNiaHYLuiD4pkkHuSAmTajbVsnrw== +Exponent1: Iw7WPWd3zZeJ/b3zQcQtSosUXUWFy430aEsQWimMnibFm+qOVpsjhRkTHW/yZp227Y4sVb/ZhzCZWFGr6qWe0sdHIv5Yx6SkvIxv4rUiHdOL +Exponent2: AhiPWhKq+Iyy/HRZuWpIAalUZ7yE7FeHWFQYQLocatTCnY91VsgNxRLXRwcci6mflhIVoLBDHJal7x4SCRq0Xbze5PeMlMUhsDQdCT+QYTgCRw== +Coefficient: Auw2b1lPzp3gWxpnDNZWeuiwGcWTd9fNfN/4kBrCbulFngYTNVBpqathFqdwtojYXHfM2HZDKHqmZVZgON+FfxvauGvTDWO6MTBxUleeBlLmcg== diff --git a/contrib/zkt/examples/flat/example.net./keyset-example.net. b/contrib/zkt/examples/flat/example.net./keyset-example.net. new file mode 100644 index 0000000..c832578 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./keyset-example.net. @@ -0,0 +1,19 @@ +$ORIGIN . +example.net 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5a + vmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdI + I+syK0pt0unjUn2ActoXtyFzIk61VRKDroAN + M9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ3 + 9/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX + 8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjK + T1YYVnoQqw== + ) ; key id = 41151 + 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYV + Y4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2 + VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5 + HDrslyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtm + DUktDjZgsyVshFHVJShBUSj+YpnfQkndGViD + AbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH + +B9rLlBU8w== + ) ; key id = 1764 diff --git a/contrib/zkt/examples/flat/example.net./zone.db b/contrib/zkt/examples/flat/example.net./zone.db new file mode 100644 index 0000000..42ad067 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./zone.db @@ -0,0 +1,43 @@ +;----------------------------------------------------------------- +; +; @(#) example.net/zone.db +; +;----------------------------------------------------------------- + +$TTL 7200 + +; Be sure that the serial number below is left +; justified in a field of at least 10 chars!! +; 0123456789; +; It's also possible to use the date form e.g. 2005040101 +@ IN SOA ns1.example.net. hostmaster.example.net. ( + 306 ; Serial + 43200 ; Refresh + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + IN NS ns1.example.net. + IN NS ns2.example.net. + +ns1 IN A 1.0.0.5 + IN AAAA 2001:db8::53 +ns2 IN A 1.2.0.6 + +localhost IN A 127.0.0.1 + +a IN A 1.2.3.1 +b IN MX 10 a +;c IN A 1.2.3.2 +d IN A 1.2.3.3 + IN AAAA 2001:0db8::3 + +; Delegation to secure zone; The DS resource record will +; be added by dnssec-signzone automatically if the +; keyset-sub.example.net file is present (run dnssec-signzone +; with option -g or use the dnssec-signer tool) ;-) +sub IN NS ns1.example.net. + +; this file will have all the zone keys +$INCLUDE dnskey.db + diff --git a/contrib/zkt/examples/flat/example.net./zone.db.signed b/contrib/zkt/examples/flat/example.net./zone.db.signed new file mode 100644 index 0000000..b10d122 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./zone.db.signed @@ -0,0 +1,166 @@ +; File written on Thu Jul 31 00:25:53 2008 +; dnssec_signzone version 9.5.1b1 +example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 306 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 2 7200 20080805212553 ( + 20080730212553 41300 example.net. + eRpET793mGv1lKjHoaL/woHNxqFx8mFg1LlT + x3ISMuUH7BJCHI4urjNMIJCOKwTeDsstlmvt + llflqikDp8uLmQ== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 5 2 7200 20080805212553 ( + 20080730212553 41300 example.net. + t7lt/MCYy2plJXQXeZFapUjzkhtYi0NIa4/i + sJInZYv78nT2981zrlYCX5UKswGy6VAchtgu + WDdVL5V3nirNiA== ) + 7200 NSEC a.example.net. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 2 7200 20080805212553 ( + 20080730212553 41300 example.net. + TNq3FKjB7brjHQDD1vReNNddof1UmsAOdioU + vL1alQJa1zXVpL9Yl2NUbtuV3kKVpxxLAZM4 + 8fjJ1uPzW3KVJQ== ) + 3600 DNSKEY 256 3 5 ( + BQEAAAABz+XkYpKYKuMPi7jA8Y/qfzDuGKdG + VadO1kBAK6UnrK+WbxP3LjoOtWm13QuS8fHs + uZipXs2ouT2S9dhdEArKfw== + ) ; key id = 41300 + 3600 DNSKEY 257 3 5 ( + BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5a + vmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdI + I+syK0pt0unjUn2ActoXtyFzIk61VRKDroAN + M9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ3 + 9/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX + 8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjK + T1YYVnoQqw== + ) ; key id = 41151 + 3600 DNSKEY 257 3 5 ( + BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYV + Y4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2 + VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5 + HDrslyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtm + DUktDjZgsyVshFHVJShBUSj+YpnfQkndGViD + AbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH + +B9rLlBU8w== + ) ; key id = 1764 + 3600 RRSIG DNSKEY 5 2 3600 20080805212553 ( + 20080730212553 41151 example.net. + AoLzL97D0rw8R5leKTNH7XuKyLPUdmX2nmfb + Q9RV9mV1mcM7cV37C8nNp1xNqY91frjCiUtd + PjFa95U2B1ZVU6j2CgWzPLRidRTU/aKJy2MZ + dwkAx4P6MGXemCwi5xGY1JLP3WTtdW1ERBjE + tgOT8mOOA8pDk+1S2zUAGbT4WGLx09hf16n+ + b9YR+mNVyEyJ8qJGvWm6U8niyhHOZWFj6QkL + Tw== ) + 3600 RRSIG DNSKEY 5 2 3600 20080805212553 ( + 20080730212553 41300 example.net. + up151hyvd84qGvWxziVwgzuLHvZ9os27gqSU + hMeplk+Q2coXShZ219zSQKfZHRYRQF0Hujwi + FSHnJW5dlBhMow== ) +a.example.net. 7200 IN A 1.2.3.1 + 7200 RRSIG A 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + EOJulnvULgDyx+WXIPkkoAcBot3lKKIHplAM + aa2K3QIXak75/IxCh+K/yUpqgsbeU0wHJakd + vo0cFjkPvCCrHA== ) + 7200 NSEC b.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + Vb+ZkjqQ+TzXmhsVEE1490F6O3Mww5z0GiO/ + 1CtMb+qfUNS0RavmHVnm5rBYs3WyQmG04vQr + 2MS4wJguPpznEg== ) +b.example.net. 7200 IN MX 10 a.example.net. + 7200 RRSIG MX 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + RG6GDR1HAKQeG6TaWbIlp97FYZSp8Xf7ySxi + Q+OJaPw209RmlNFySWt/HQ6XiwPQ3OJUU9KJ + V1VbEaZnFVXu2Q== ) + 7200 NSEC d.example.net. MX RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + MxxrqKlQWoN1PgC6g/VkzTQYRFZpeJfjtm9L + jbnNPVNUJoRFA2knURkrTB4nmQc6k9bms9Na + G1yt/jdFB699yg== ) +d.example.net. 7200 IN A 1.2.3.3 + 7200 RRSIG A 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + LHAxOSR8B+5D4nPxGn3zr4w8E+sSffCRbiqS + 8Giafiugn+FKRRO+QrCBytSF/YBmwfuz7uQF + Xqk7op11oye7fA== ) + 7200 AAAA 2001:db8::3 + 7200 RRSIG AAAA 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + VkBfSCLQGwOsCdzJTCgNenXpIHQ1OfOHhqib + 2UHf/kPtCRxONFQUcKfTC10XSbnOJ7oWcyVC + sJOAIxxNQOefZg== ) + 7200 NSEC localhost.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + e9HXw+0oV/wa8dobs1lstE68JgCzdlmnGUAh + /0878kn5nyoLBaFEW3u6LU1E1YY277Ox2jZD + X51lgVvrlOsMaw== ) +localhost.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + cx0NJFy0/RjCjhlU1X3S0na2q9hMyHmvFLhv + zLk+LqSaK1rHW4GNCCsGlNxQIb9uJjQJuUq1 + U9ZdHxUEqeRRtQ== ) + 7200 NSEC ns1.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + nDPwYL/05NLxkY4iuyzH8ASiBq8FcY0uNQAg + F+bjdtm1xt1uyqTROl5JQ1P3SUb/EuoxCMII + hS9tIVb0spHDuQ== ) +ns1.example.net. 7200 IN A 1.0.0.5 + 7200 RRSIG A 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + swMfIxbBfSCr4ACCa3dJ8d0gtoHD7Z0L0sTp + TFEZ9miQFFN9zxKHGRpk6fBjkiMI3bSAMbtM + bBUOTYWJIMT50g== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + w+weJuOzg5fQ15RGdNQ/7Gf4DxkcKq4Drx0l + CZ16TKV3/fR8ROCzIP9HulPsNJtEFK+J+CbM + 5P5ZMXieZrh+xQ== ) + 7200 NSEC ns2.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + xe9q0umSSgBNQ5H0yLSQ9tONsw2hORQpxMGT + rrfxEcPm86SLMM40dithZQeajNucRlmuadKX + HREpYT/DVVBT0A== ) +ns2.example.net. 7200 IN A 1.2.0.6 + 7200 RRSIG A 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + gOU5QjhdfwBBNHi5uQOs53GoxU7eiSt9I/yk + 06EzlFU2gJ+1cmhYKqrSZM7XC7/c5I61AZDS + 2LaOiuqMIPm8Hw== ) + 7200 NSEC sub.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + dT90BIfl/AJ6gVSbrU0TiOacE5ZffS4N4B5+ + HQzwNup6HfL7ZwBEO/vhKJjSgwd+Oetfc76+ + /l+dJFZ8FtdZTA== ) +sub.example.net. 7200 IN NS ns1.example.net. + 7200 DS 54876 5 1 ( + CAB6127E303A8A8D7D5A29AE05DB60F4C506 + 0B10 ) + 7200 DS 54876 5 2 ( + 7C8CAF1844479F3600213173BB5D1E2A4414 + 3D63B6E0B3E10D8C5310ADF84D30 ) + 7200 RRSIG DS 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + DjNb5DNaKyPMWJgfiLxXbw/BhuxxKd58tHv+ + TQqrp6STx8jZRWNsigEh4QTyx8lyYcAPaYEt + X6JnkVWr89s82A== ) + 7200 NSEC example.net. NS DS RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + kDm+cYjtem6aZSTTsLdSQZnJJVfASXdIsrom + fViO1QIHNSZodbtWT9cqMvhMhmQ1rO5GVRGg + KaG0bEo8TpOAUw== ) diff --git a/contrib/zkt/examples/flat/keysets/dlvset-sub.example.net. b/contrib/zkt/examples/flat/keysets/dlvset-sub.example.net. new file mode 100644 index 0000000..8e00719 --- /dev/null +++ b/contrib/zkt/examples/flat/keysets/dlvset-sub.example.net. @@ -0,0 +1,2 @@ +sub.example.net.dlv.trusted-keys.de. IN DLV 54876 5 1 CAB6127E303A8A8D7D5A29AE05DB60F4C5060B10 +sub.example.net.dlv.trusted-keys.de. IN DLV 54876 5 2 7C8CAF1844479F3600213173BB5D1E2A44143D63B6E0B3E10D8C5310 ADF84D30 diff --git a/contrib/zkt/examples/flat/keysets/dsset-dyn.example.net. b/contrib/zkt/examples/flat/keysets/dsset-dyn.example.net. new file mode 100644 index 0000000..f94666a --- /dev/null +++ b/contrib/zkt/examples/flat/keysets/dsset-dyn.example.net. @@ -0,0 +1,2 @@ +dyn.example.net. IN DS 42138 3 1 0F49FCDB683D1903F69B6779DB55CA3472974879 +dyn.example.net. IN DS 42138 3 2 94AC94BFE3AFA17F7485F5F741274074FF2E26A360D776D8884F2689 CCED34C6 diff --git a/contrib/zkt/examples/flat/keysets/dsset-example.net. b/contrib/zkt/examples/flat/keysets/dsset-example.net. new file mode 100644 index 0000000..d4a01ed --- /dev/null +++ b/contrib/zkt/examples/flat/keysets/dsset-example.net. @@ -0,0 +1,4 @@ +example.net. IN DS 1764 5 1 A6F060DDE8DE45CA7FD1C21E2F39C477F214795F +example.net. IN DS 1764 5 2 B7109245C60ACEDD1630E145477FDF574D5BD9CABE530AAC6D7192DB 7FBFAA3F +example.net. IN DS 41151 5 1 BBB692EA07571E412F9385A618C1CAD9BFC1469A +example.net. IN DS 41151 5 2 4D22B44C3DC09BD9EEADFFB917EFCE8E45F22E89FF0C096CD14F4405 CA1CAE3F diff --git a/contrib/zkt/examples/flat/keysets/dsset-sub.example.net. b/contrib/zkt/examples/flat/keysets/dsset-sub.example.net. new file mode 100644 index 0000000..9bed62a --- /dev/null +++ b/contrib/zkt/examples/flat/keysets/dsset-sub.example.net. @@ -0,0 +1,2 @@ +sub.example.net. IN DS 54876 5 1 CAB6127E303A8A8D7D5A29AE05DB60F4C5060B10 +sub.example.net. IN DS 54876 5 2 7C8CAF1844479F3600213173BB5D1E2A44143D63B6E0B3E10D8C5310 ADF84D30 diff --git a/contrib/zkt/examples/flat/keysets/keyset-dyn.example.net. b/contrib/zkt/examples/flat/keysets/keyset-dyn.example.net. new file mode 100644 index 0000000..002217b --- /dev/null +++ b/contrib/zkt/examples/flat/keysets/keyset-dyn.example.net. @@ -0,0 +1,18 @@ +$ORIGIN . +dyn.example.net 7200 IN DNSKEY 257 3 3 ( + CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V + NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K + S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s + m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA + EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI + r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i + 4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v + RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb + BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA + olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u + ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO + 6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT + dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5 + ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd + clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1 + ) ; key id = 42138 diff --git a/contrib/zkt/examples/flat/keysets/keyset-example.net. b/contrib/zkt/examples/flat/keysets/keyset-example.net. new file mode 100644 index 0000000..c832578 --- /dev/null +++ b/contrib/zkt/examples/flat/keysets/keyset-example.net. @@ -0,0 +1,19 @@ +$ORIGIN . +example.net 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5a + vmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdI + I+syK0pt0unjUn2ActoXtyFzIk61VRKDroAN + M9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ3 + 9/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX + 8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjK + T1YYVnoQqw== + ) ; key id = 41151 + 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYV + Y4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2 + VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5 + HDrslyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtm + DUktDjZgsyVshFHVJShBUSj+YpnfQkndGViD + AbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH + +B9rLlBU8w== + ) ; key id = 1764 diff --git a/contrib/zkt/examples/flat/keysets/keyset-sub.example.net. b/contrib/zkt/examples/flat/keysets/keyset-sub.example.net. new file mode 100644 index 0000000..77aacd6 --- /dev/null +++ b/contrib/zkt/examples/flat/keysets/keyset-sub.example.net. @@ -0,0 +1,8 @@ +$ORIGIN . +sub.example.net 7200 IN DNSKEY 257 3 5 ( + AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+ + bmkWSrsmJHMBHlT8hL507pGTmDoyH0Ae9+3M + ZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36c + BpPe72uDQoUy/TdSn1HLtoqUSMTB+saqCTZW + CfIEqcbHRn0T6PhgqLyCvLzbZ/avYw== + ) ; key id = 54876 diff --git a/contrib/zkt/examples/flat/named.conf b/contrib/zkt/examples/flat/named.conf new file mode 100644 index 0000000..0e8551c --- /dev/null +++ b/contrib/zkt/examples/flat/named.conf @@ -0,0 +1,99 @@ +/***************************************************************** +** +** #(@) named.conf (c) 6. May 2004 (hoz) +** +*****************************************************************/ + +/***************************************************************** +** logging options +*****************************************************************/ +logging { + channel "named-log" { + file "/var/log/named" versions 3 size 2m; + print-time yes; + print-category yes; + print-severity yes; + severity info; + }; + channel "resolver-log" { + file "/var/log/named"; + print-time yes; + print-category yes; + print-severity yes; + severity debug 1; + }; + channel "dnssec-log" { +# file "/var/log/named-dnssec" ; + file "/var/log/named" ; + print-time yes; + print-category yes; + print-severity yes; + severity debug 3; + }; + category "dnssec" { "dnssec-log"; }; + category "default" { "named-log"; }; + category "resolver" { "resolver-log"; }; + category "client" { "resolver-log"; }; + category "queries" { "resolver-log"; }; +}; + +/***************************************************************** +** name server options +*****************************************************************/ +options { + directory "."; + + dump-file "/var/log/named_dump.db"; + statistics-file "/var/log/named.stats"; + + listen-on-v6 { any; }; + + query-source address * port 53; + transfer-source * port 53; + notify-source * port 53; + + recursion yes; + dnssec-enable yes; + edns-udp-size 4096; + +# dnssec-lookaside "." trust-anchor "trusted-keys.de."; + + querylog yes; + +}; + +/***************************************************************** +** include shared secrets... +*****************************************************************/ +/** for control sessions ... **/ +controls { + inet 127.0.0.1 + allow { localhost; }; + inet ::1 + allow { localhost; }; +}; + +/***************************************************************** +** ... and trusted_keys +*****************************************************************/ +# include "trusted-keys.conf" ; + +/***************************************************************** +** root server hints and required 127 stuff +*****************************************************************/ +zone "." in { + type hint; + file "root.hint"; +}; + +zone "localhost" in { + type master; + file "localhost.zone"; +}; + +zone "0.0.127.in-addr.ARPA" in { + type master; + file "127.0.0.zone"; +}; + +include "zone.conf"; diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.key b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.key new file mode 100644 index 0000000..a255a7b --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.key @@ -0,0 +1,3 @@ +;% generationtime=20080725213107 +;% lifetime=3d +sub.example.net. IN DNSKEY 256 3 1 BQEAAAAB4Z/siqZTvCFKzaOrB8+HHTlR9is+/+/Sem6gxhZt/vpWkNMy aSpAT8LjR7nNHr9vNYsJ2KCQtY2dUFjT5BCeqQ== diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.private b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.private new file mode 100644 index 0000000..e636e05 --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 1 (RSA) +Modulus: 4Z/siqZTvCFKzaOrB8+HHTlR9is+/+/Sem6gxhZt/vpWkNMyaSpAT8LjR7nNHr9vNYsJ2KCQtY2dUFjT5BCeqQ== +PublicExponent: AQAAAAE= +PrivateExponent: fcaPYDDCumWIaPKV7FY0JB/PofSCo8amWw5u+eXFxh149WE5PeXYOOS2+x41keA5Z1PhYme4Ma5rcCMRN7n+sQ== +Prime1: /RbDZdmt2zlsChJiLR+Brweas6L1jnzUsJFm78HlSnM= +Prime2: 5DhKYbovzYbkIFhp1b9lt22+ymAU8LOGvFXdfb1y33M= +Exponent1: yw61YMxuJGzEAgxVmlAm6oEH0WaaJ5T1PvZGut1xCU0= +Exponent2: wYNtwOUtI0UQWQF1ZCBiVsquBIkPvI5eR2GQypHaK08= +Coefficient: NqkVvrZjnJ/jVWDEykJ2XYuslJOIJPi1+7+sTUyBhPU= diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.key b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.key new file mode 100644 index 0000000..4e7c3e5 --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.key @@ -0,0 +1,3 @@ +;% generationtime=20080730222553 +;% lifetime=3d +sub.example.net. IN DNSKEY 256 3 1 BQEAAAABxZS/DJA1BUdYVj5cOmMMnA5W/SHlkb4sEZkca3uIqV4gTzgv guftN+M1ZgwyPwarn7DQR1Eb92uW3ALxwN2o6w== diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.published b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.published new file mode 100644 index 0000000..2a3ae65 --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 1 (RSA) +Modulus: xZS/DJA1BUdYVj5cOmMMnA5W/SHlkb4sEZkca3uIqV4gTzgvguftN+M1ZgwyPwarn7DQR1Eb92uW3ALxwN2o6w== +PublicExponent: AQAAAAE= +PrivateExponent: aSglUr7DxsGNZMOhyoyN6W0xGps+JGfI3ErXbewlvflVSFSHrA19x0OafvR6eFzqmzKKGIyZBJkYT5NHqKIG6Q== +Prime1: 4yqINEZm3xDdHGyv31umolirJtS4X2teORhzWDE/r6U= +Prime2: 3qjiidKP41FSrOsXXgkj3XBi+OAH0cpVBZxCuP+ykU8= +Exponent1: p8nyeR3ldgpw7A6tebr6okucM6324S5LPOWlC8ygxp0= +Exponent2: a1qTrKaBO6pN7UI/mHimSYLoevjQBWeX8jB0tmG0NIc= +Coefficient: NB2eeh6Z+a9qMf1w5UY2z9ME+ZyYtvRbYZSkedB4Q4Y= diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.key b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.key new file mode 100644 index 0000000..21098f8 --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.key @@ -0,0 +1 @@ +sub.example.net. IN DNSKEY 257 3 5 AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+bmkWSrsmJHMBHlT8hL50 7pGTmDoyH0Ae9+3MZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36cBpPe 72uDQoUy/TdSn1HLtoqUSMTB+saqCTZWCfIEqcbHRn0T6PhgqLyCvLzb Z/avYw== diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.private b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.private new file mode 100644 index 0000000..ad5b363 --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: oxjTdP4SwNtPltqqNLJLVQHLWCn9TqZ8fm5pFkq7JiRzAR5U/IS+dO6Rk5g6Mh9AHvftzGUkwS9Uvh4QNdgdIbYk6fCG7Tf4GTgW8A9+nAaT3u9rg0KFMv03Up9Ry7aKlEjEwfrGqgk2VgnyBKnGx0Z9E+j4YKi8gry822f2r2M= +PublicExponent: Aw== +PrivateExponent: bLs3o1QMgJI1DzxxeHbc41aHkBv+NG79qZ7wuYcnbsL3VhQ4qFh++J8Lt7rRdr+AFKVJMu4YgMo4fr61eTq+FWije4t8PrILH6qzNdwCqOLsQYyKRUODTPsE+2BU6TZVBsBOBPlpJP9hTBj1DCoUTE6y8Evkkmf4C4Y6U7frF/s= +Prime1: 1t2pJC/eQzdhrLR4qHlaaT6vPmBC+7eNPg8zjdZDA03TKMd/V4kw6XtB6QYQZRi/CXg7JjoLr3dpUgyMY0l8tw== +Prime2: wlIHexyw6bAIC1WmnQFESPLNXjvYYYiyRqCmAPwq4b02/4g7LR/BoKkh+3xiBY+VxvhwUOd5XVEIIVjRcMyOtQ== +Exponent1: jz5wwsqULM+WcyL7GvuRm38ffurXUnpeKV93s+QsrN6MxdpU5QYgm6eBRgQK7hB/W6V8xCaydPpGNrMIQjD9zw== +Exponent2: gYwE/L3LRnVasjkZvgDYMKHePtKQQQXMLxXEAKgcln4kqlrSHhUrwHDBUlLsA7UOhKWgNe+mPjYFa5CLoIhfIw== +Coefficient: DWng17udd0Q2STNt5gshQ6PjNQxEQmQMnCwltkosf8rJhl/rQuYULz0elnWhADcMBDYw7Y6Kb7xjpL4FdR0YnA== diff --git a/contrib/zkt/examples/flat/sub.example.net./dlvset-sub.example.net. b/contrib/zkt/examples/flat/sub.example.net./dlvset-sub.example.net. new file mode 100644 index 0000000..8e00719 --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./dlvset-sub.example.net. @@ -0,0 +1,2 @@ +sub.example.net.dlv.trusted-keys.de. IN DLV 54876 5 1 CAB6127E303A8A8D7D5A29AE05DB60F4C5060B10 +sub.example.net.dlv.trusted-keys.de. IN DLV 54876 5 2 7C8CAF1844479F3600213173BB5D1E2A44143D63B6E0B3E10D8C5310 ADF84D30 diff --git a/contrib/zkt/examples/flat/sub.example.net./dnskey.db b/contrib/zkt/examples/flat/sub.example.net./dnskey.db new file mode 100644 index 0000000..396e7d3 --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./dnskey.db @@ -0,0 +1,29 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by dnssec-signer. +; +; Last generation time Jul 31 2008 13:19:17 +; + +; *** List of Key Signing Keys *** +; sub.example.net. tag=54876 algo=RSASHA1 generated Jun 19 2008 00:32:22 +sub.example.net. 3600 IN DNSKEY 257 3 5 ( + AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+bmkWSrsmJHMBHlT8hL50 + 7pGTmDoyH0Ae9+3MZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36cBpPe + 72uDQoUy/TdSn1HLtoqUSMTB+saqCTZWCfIEqcbHRn0T6PhgqLyCvLzb + Z/avYw== + ) ; key id = 54876 + +; *** List of Zone Signing Keys *** +; sub.example.net. tag=4254 algo=RSAMD5 generated Jul 31 2008 00:25:52 +sub.example.net. 3600 IN DNSKEY 256 3 1 ( + BQEAAAAB4Z/siqZTvCFKzaOrB8+HHTlR9is+/+/Sem6gxhZt/vpWkNMy + aSpAT8LjR7nNHr9vNYsJ2KCQtY2dUFjT5BCeqQ== + ) ; key id = 4254 + +; sub.example.net. tag=56744 algo=RSAMD5 generated Jul 31 2008 00:25:53 +sub.example.net. 3600 IN DNSKEY 256 3 1 ( + BQEAAAABxZS/DJA1BUdYVj5cOmMMnA5W/SHlkb4sEZkca3uIqV4gTzgv + guftN+M1ZgwyPwarn7DQR1Eb92uW3ALxwN2o6w== + ) ; key id = 56744 + diff --git a/contrib/zkt/examples/flat/sub.example.net./dnssec.conf b/contrib/zkt/examples/flat/sub.example.net./dnssec.conf new file mode 100644 index 0000000..4a045ad --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./dnssec.conf @@ -0,0 +1,14 @@ + +resigninterval 1d +sigvalidity 2d +max_ttl 90s + +Serialformat: unixtime +ksk_algo RSASHA1 +ksk_bits 1024 + +zsk_lifetime 3d +zsk_algo RSAMD5 +zsk_bits 512 + +dlv_domain "dlv.trusted-keys.de" diff --git a/contrib/zkt/examples/flat/sub.example.net./zone.db b/contrib/zkt/examples/flat/sub.example.net./zone.db new file mode 100644 index 0000000..c9ec01e --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./zone.db @@ -0,0 +1,25 @@ +;----------------------------------------------------------------- +; +; @(#) sec.example.net/zone.db +; +;----------------------------------------------------------------- + +$TTL 7200 + +@ IN SOA ns1.example.net. hostmaster.example.net. ( + 0 ; Serial + 86400 ; Refresh (RIPE recommendation if NOTIFY is used) + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + + IN NS ns1.example.net. + +$INCLUDE dnskey.db + +localhost IN A 127.0.0.1 + +a IN A 1.2.3.4 +b IN A 1.2.3.5 +c IN A 1.2.3.6 diff --git a/contrib/zkt/examples/flat/sub.example.net./zone.db.signed b/contrib/zkt/examples/flat/sub.example.net./zone.db.signed new file mode 100644 index 0000000..0560d2b --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./zone.db.signed @@ -0,0 +1,103 @@ +; File written on Thu Jul 31 13:19:17 2008 +; dnssec_signzone version 9.5.1b1 +sub.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 1217503157 ; serial + 86400 ; refresh (1 day) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 1 3 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + pAevIprv5lPMcSSR4l0cGzaYTY2pG3HsT6z9 + RkSwssWSyyMxRqgYCuR2gErA1THGJNPlT8Qa + 9bvrMVOXpd0Q1g== ) + 7200 NS ns1.example.net. + 7200 RRSIG NS 1 3 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + zB0f/bN5fvezT404pT+ArKVIW2QHKzTC2osb + k2sUpJiuhKtdJBx1kfBNmyaIuFaZsLtWacJn + 1S/A2bV4S3No7Q== ) + 7200 NSEC a.sub.example.net. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 1 3 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + ElgI6LCNWdDWM3OKh4vNDN9EiSns1bpnmOPK + TmAPb/tStfHfmNOuwBleW6irtDexizZcZFl8 + feRHQBEYFpgvhA== ) + 3600 DNSKEY 256 3 1 ( + BQEAAAABxZS/DJA1BUdYVj5cOmMMnA5W/SHl + kb4sEZkca3uIqV4gTzgvguftN+M1ZgwyPwar + n7DQR1Eb92uW3ALxwN2o6w== + ) ; key id = 56744 + 3600 DNSKEY 256 3 1 ( + BQEAAAAB4Z/siqZTvCFKzaOrB8+HHTlR9is+ + /+/Sem6gxhZt/vpWkNMyaSpAT8LjR7nNHr9v + NYsJ2KCQtY2dUFjT5BCeqQ== + ) ; key id = 4254 + 3600 DNSKEY 257 3 5 ( + AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+ + bmkWSrsmJHMBHlT8hL507pGTmDoyH0Ae9+3M + ZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36c + BpPe72uDQoUy/TdSn1HLtoqUSMTB+saqCTZW + CfIEqcbHRn0T6PhgqLyCvLzbZ/avYw== + ) ; key id = 54876 + 3600 RRSIG DNSKEY 1 3 3600 20080802101917 ( + 20080731101917 4254 sub.example.net. + ASLViHuAWYqnzkZ4i6eywTuKvHyk93xsQBba + 4VjRCKc93KzvkWUA6SgOcwGvuRuAGCGb60VT + UW2clZMFj/Fy6g== ) + 3600 RRSIG DNSKEY 5 3 3600 20080802101917 ( + 20080731101917 54876 sub.example.net. + B2w2YAkeV2vx159FnG+B/H36Vnx8L1WwHt3E + 0YV1yYj2s5ZV6B6Gq34Ahm6y+zs7TsVxeYpO + OCoYCck/D+ehpuHOzZRR7xS2Rz/xLIvfASAK + 7NT/aIOlNPWH6I1J3ZAwhfAwF680KEFHPksv + oFMHe/OpIq7x/a4NdMn3yIWbFtg= ) +a.sub.example.net. 7200 IN A 1.2.3.4 + 7200 RRSIG A 1 4 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + 1bTDrFSMIV8H8HTfEFQiG7dqYGr3a8UvK5fQ + owoh0VJuG4+DCUZU8edUSwnzMW8Yza4Ev0j+ + M4ESPnoKxli7YQ== ) + 7200 NSEC b.sub.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 1 4 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + nmJGbJWWaChlNmTTk5TgWEYRETeSJFiCoYHv + USKfEwLn13LfKk/lRZJarWIkDh7mxoismPOt + 2ODgeGLhUTap7A== ) +b.sub.example.net. 7200 IN A 1.2.3.5 + 7200 RRSIG A 1 4 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + ojTCQ+aB8WClC7ncJsVGaN5RY6lczR7/Q0uz + bydmXQBjGUdF/GsuJvhR26mVbPzJNmF7uDNN + S0Et3ivWZSAVOg== ) + 7200 NSEC c.sub.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 1 4 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + a6adIifDPjibbLme8dVzcKymxSARsIs2pz7B + jHXl0NCH9tmPBc/cBnjHxnSaes3QVDeok04k + +SzjVQtJfxUDsA== ) +c.sub.example.net. 7200 IN A 1.2.3.6 + 7200 RRSIG A 1 4 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + ZeYTG7C6eEXhcHaBS4oIcwWGA5NayJs9aqhb + eWLRoZ75LxgIxhMQYU6A22PQf+zIWLADd0ID + z5HLpC+KbfpJxw== ) + 7200 NSEC localhost.sub.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 1 4 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + IypmujoPBPhfEJqJdst5ZBazYfrr5l8nzrIh + a6xQYUDcw8aI96rVxn0pjeeiGBHuge2HbAAh + 4AnYjZlHjfe+MA== ) +localhost.sub.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 1 4 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + o8kEv5q2Xus/jL8w8gB/M3VSvz7eTP67u38T + X+JO2yRn7W8gIxPo46yYfgr3qB7WXYD8jB8Y + vw4b+pdoWMi0+g== ) + 7200 NSEC sub.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 1 4 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + XbQQpoL8oV9kgpIKHyX2KoCmtMm2Wub1lVu9 + PP0RM4QO5bpWls0ify3KgNiAg0g6qV86UQIr + SgFnqsd6YTxxpw== ) diff --git a/contrib/zkt/examples/flat/zkt.log b/contrib/zkt/examples/flat/zkt.log new file mode 100644 index 0000000..9276f94 --- /dev/null +++ b/contrib/zkt/examples/flat/zkt.log @@ -0,0 +1,2501 @@ +2008-06-10 00:36:45.086: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded +2008-06-10 00:37:09.073: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded +2008-06-10 00:37:09.074: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: not enough space left for serialno +2008-06-10 00:37:24.586: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded +2008-06-10 00:37:24.588: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: not enough space left for serialno +2008-06-10 00:38:02.499: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded +2008-06-10 00:38:14.016: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded +2008-06-10 00:38:14.018: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: couldn't find serialnumber in zone file +2008-06-10 00:38:40.235: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded +2008-06-10 00:38:40.236: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: unexpected end of file +2008-06-10 00:38:49.975: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded +2008-06-11 13:47:16.909: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded () +2008-06-11 13:51:06.959: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded -16781202() +2008-06-11 13:54:29.680: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded (27w5d5h30m5s) +2008-06-11 13:56:36.990: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d5h32m12s +2008-06-11 22:39:48.053: notice: running as ../../dnssec-signer -v -v +2008-06-11 22:39:48.056: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h15m24s +2008-06-11 22:39:48.056: notice: "sub.example.net.": lifetime of zone signing key 44833 exceeded since 2h30m54s: ZSK rollover done +2008-06-11 22:39:48.143: notice: "sub.example.net.": re-signing triggered: New zone key +2008-06-11 22:39:48.617: notice: end of run: 0 errors occured +2008-06-11 22:41:14.103: notice: running as ../../dnssec-signer -v -v +2008-06-11 22:41:14.106: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h16m50s +2008-06-11 22:41:14.106: notice: end of run: 0 errors occured +2008-06-11 22:48:18.445: notice: running as ../../dnssec-signer -v -v +2008-06-11 22:48:18.448: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h23m54s +2008-06-11 22:48:18.448: notice: "sub.example.net.": re-signing triggered: New zone key +2008-06-11 22:48:19.087: notice: end of run: 0 errors occured +2008-06-11 22:56:53.295: notice: running as ../../dnssec-signer -v -v +2008-06-11 22:56:53.297: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h32m29s +2008-06-11 22:56:53.297: notice: end of run: 0 errors occured +2008-06-11 23:01:41.451: notice: running as ../../dnssec-signer -v -v +2008-06-11 23:01:41.454: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h37m17s +2008-06-11 23:01:41.454: notice: end of run: 0 errors occured +2008-06-11 23:04:25.909: notice: running as ../../dnssec-signer -c dnssec.conf -v -v +2008-06-11 23:04:25.911: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h40m1s +2008-06-11 23:04:25.911: notice: end of run: 0 errors occured +2008-06-12 13:06:54.007: notice: running as ../../dnssec-signer -v -v +2008-06-12 13:06:54.055: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d4h42m30s +2008-06-12 13:06:54.056: notice: end of run: 0 errors occured +2008-06-12 13:07:45.126: notice: running as ../../dnssec-signer -v -v +2008-06-12 13:07:45.129: debug: parsing zone "sub.example.net." in dir "./sub.example.net." + +2008-06-12 13:07:45.129: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d4h43m21s +2008-06-12 13:07:45.130: debug: parsing zone "example.net." in dir "./example.net." + +2008-06-12 13:07:45.130: notice: end of run: 0 errors occured +2008-06-12 13:22:02.251: notice: running as ../../dnssec-signer -v -v +2008-06-12 13:22:02.253: debug: parsing zone "sub.example.net." in dir "./sub.example.net." + +2008-06-12 13:22:02.253: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d4h57m38s +2008-06-12 13:22:02.253: debug: parsing zone "example.net." in dir "./example.net." + +2008-06-12 13:22:02.253: notice: end of run: 0 errors occured +2008-06-12 13:24:37.956: notice: running as ../../dnssec-signer -v -v +2008-06-12 13:24:37.958: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 13:24:37.958: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d5h13s +2008-06-12 13:24:37.958: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 13:24:37.958: notice: end of run: 0 errors occured +2008-06-12 13:25:32.993: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v +2008-06-12 13:25:32.997: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d5h1m8s +2008-06-12 13:25:32.997: notice: end of run: 0 errors occured +2008-06-12 13:26:49.861: notice: running as ../../dnssec-signer -O verboselog: 0; -v -v +2008-06-12 13:26:49.864: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d5h2m25s +2008-06-12 13:26:49.864: notice: end of run: 0 errors occured +2008-06-12 16:28:01.977: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v +2008-06-12 16:28:01.979: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h3m37s +2008-06-12 16:28:01.979: notice: end of run: 0 errors occured +2008-06-12 16:28:13.626: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v +2008-06-12 16:28:13.629: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h3m49s +2008-06-12 16:28:13.630: notice: end of run: 0 errors occured +2008-06-12 16:28:30.318: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v +2008-06-12 16:28:30.320: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h4m6s +2008-06-12 16:28:30.320: notice: end of run: 0 errors occured +2008-06-12 16:34:06.968: notice: running as ../../dnssec-signer -v -v +2008-06-12 16:34:06.971: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 16:34:06.971: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h9m42s +2008-06-12 16:34:06.972: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 16:34:06.972: notice: end of run: 0 errors occured +2008-06-12 16:34:15.816: notice: running as ../../dnssec-signer +2008-06-12 16:34:15.818: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 16:34:15.818: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h9m51s +2008-06-12 16:34:15.818: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 16:34:15.818: notice: end of run: 0 errors occured +2008-06-12 16:35:27.777: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v +2008-06-12 16:35:27.780: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h11m3s +2008-06-12 16:35:27.780: notice: end of run: 0 errors occured +2008-06-12 16:44:56.266: notice: running as ../../dnssec-signer -v -v +2008-06-12 16:44:56.269: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 16:44:56.269: debug: ->ksk5011status returns 0 +2008-06-12 16:44:56.269: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h20m32s +2008-06-12 16:44:56.269: debug: Re-signing not necessary! +2008-06-12 16:44:56.269: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 16:44:56.269: debug: ->ksk5011status returns 2 +2008-06-12 16:44:56.269: debug: Re-signing not necessary! +2008-06-12 16:44:56.270: notice: end of run: 0 errors occured +2008-06-12 16:49:23.380: notice: running as ../../dnssec-signer -v -v +2008-06-12 16:49:23.385: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 16:49:23.385: debug: ->ksk5011status returns 0 +2008-06-12 16:49:23.386: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h24m59s +2008-06-12 16:49:23.386: debug: Re-signing not necessary! +2008-06-12 16:49:23.386: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 16:49:23.386: debug: ->ksk5011status returns 2 +2008-06-12 16:49:23.386: debug: Re-signing not necessary! +2008-06-12 16:49:23.386: notice: end of run: 0 errors occured +2008-06-12 16:49:28.284: notice: running as ../../dnssec-signer -r -v -v +2008-06-12 16:49:28.288: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 16:49:28.288: debug: ->ksk5011status returns 0 +2008-06-12 16:49:28.288: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h25m4s +2008-06-12 16:49:28.288: debug: Re-signing not necessary! +2008-06-12 16:49:28.288: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 16:49:28.288: debug: ->ksk5011status returns 2 +2008-06-12 16:49:28.288: debug: Re-signing not necessary! +2008-06-12 16:49:28.288: notice: end of run: 0 errors occured +2008-06-12 16:49:32.079: notice: running as ../../dnssec-signer -f -v -v +2008-06-12 16:49:32.081: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 16:49:32.081: debug: ->ksk5011status returns 0 +2008-06-12 16:49:32.081: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h25m8s +2008-06-12 16:49:32.082: debug: Re-signing necessary: Option -f +2008-06-12 16:49:32.082: notice: "sub.example.net.": re-signing triggered: Option -f +2008-06-12 16:49:32.082: debug: Writing key file "./sub.example.net./dnskey.db" +2008-06-12 16:49:32.082: debug: Signing zone "sub.example.net." +2008-06-12 16:49:32.082: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-06-12 16:49:32.222: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 16:49:32.222: debug: Signing completed after 0s. +2008-06-12 16:49:32.222: debug: +2008-06-12 16:49:32.222: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 16:49:32.222: debug: ->ksk5011status returns 2 +2008-06-12 16:49:32.223: debug: Re-signing necessary: Option -f +2008-06-12 16:49:32.223: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 16:49:32.223: debug: Writing key file "./example.net./dnskey.db" +2008-06-12 16:49:32.223: debug: Incrementing serial number in file "./example.net./zone.db" +2008-06-12 16:49:32.223: debug: Signing zone "example.net." +2008-06-12 16:49:32.223: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g zone.db K*.private" +2008-06-12 16:49:32.335: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 16:49:32.335: debug: Signing completed after 0s. +2008-06-12 16:49:32.335: debug: +2008-06-12 16:49:32.335: notice: end of run: 0 errors occured +2008-06-12 17:02:15.076: notice: running as ../../dnssec-signer -f -v -v +2008-06-12 17:02:15.078: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 17:02:15.078: debug: Check RFC5011 status +2008-06-12 17:02:15.078: debug: ->ksk5011status returns 0 +2008-06-12 17:02:15.078: debug: Check ksk status +2008-06-12 17:02:15.078: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h37m51s +2008-06-12 17:02:15.078: debug: Re-signing necessary: Option -f +2008-06-12 17:02:15.078: notice: "sub.example.net.": re-signing triggered: Option -f +2008-06-12 17:02:15.078: debug: Writing key file "./sub.example.net./dnskey.db" +2008-06-12 17:02:15.079: debug: Signing zone "sub.example.net." +2008-06-12 17:02:15.079: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-06-12 17:02:15.254: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 17:02:15.254: debug: Signing completed after 0s. +2008-06-12 17:02:15.254: debug: +2008-06-12 17:02:15.254: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 17:02:15.255: debug: Check RFC5011 status +2008-06-12 17:02:15.255: debug: ->ksk5011status returns 2 +2008-06-12 17:02:15.255: debug: Re-signing necessary: Option -f +2008-06-12 17:02:15.255: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 17:02:15.255: debug: Writing key file "./example.net./dnskey.db" +2008-06-12 17:02:15.255: debug: Incrementing serial number in file "./example.net./zone.db" +2008-06-12 17:02:15.255: debug: Signing zone "example.net." +2008-06-12 17:02:15.255: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g zone.db K*.private" +2008-06-12 17:02:15.368: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 17:02:15.368: debug: Signing completed after 0s. +2008-06-12 17:02:15.368: debug: +2008-06-12 17:02:15.368: notice: end of run: 0 errors occured +2008-06-12 17:43:50.388: notice: running as ../../dnssec-signer -f -f +2008-06-12 17:43:50.390: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 17:43:50.390: debug: Check RFC5011 status +2008-06-12 17:43:50.390: debug: ->ksk5011status returns 0 +2008-06-12 17:43:50.390: debug: Check ksk status +2008-06-12 17:43:50.390: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h19m26s +2008-06-12 17:43:50.390: debug: Re-signing necessary: Option -f +2008-06-12 17:43:50.390: notice: "sub.example.net.": re-signing triggered: Option -f +2008-06-12 17:43:50.390: debug: Writing key file "./sub.example.net./dnskey.db" +2008-06-12 17:43:50.390: debug: Signing zone "sub.example.net." +2008-06-12 17:43:50.390: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-06-12 17:43:50.533: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 17:43:50.533: debug: Signing completed after 0s. +2008-06-12 17:43:50.533: debug: +2008-06-12 17:43:50.533: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 17:43:50.533: debug: Check RFC5011 status +2008-06-12 17:43:50.533: debug: ->ksk5011status returns 2 +2008-06-12 17:43:50.533: debug: Re-signing necessary: Option -f +2008-06-12 17:43:50.533: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 17:43:50.533: debug: Writing key file "./example.net./dnskey.db" +2008-06-12 17:43:50.534: debug: Incrementing serial number in file "./example.net./zone.db" +2008-06-12 17:43:50.534: debug: Signing zone "example.net." +2008-06-12 17:43:50.534: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g zone.db K*.private" +2008-06-12 17:43:50.645: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 17:43:50.645: debug: Signing completed after 0s. +2008-06-12 17:43:50.645: debug: +2008-06-12 17:43:50.645: notice: end of run: 0 errors occured +2008-06-12 17:49:43.188: notice: running as ../../dnssec-signer -O verboselog: 2 -v -v +2008-06-12 17:49:43.190: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 17:49:43.190: debug: Check RFC5011 status +2008-06-12 17:49:43.190: debug: ->ksk5011status returns 0 +2008-06-12 17:49:43.190: debug: Check ksk status +2008-06-12 17:49:43.190: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h25m19s +2008-06-12 17:49:43.190: debug: Re-signing not necessary! +2008-06-12 17:49:43.190: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 17:49:43.190: debug: Check RFC5011 status +2008-06-12 17:49:43.190: debug: ->ksk5011status returns 2 +2008-06-12 17:49:43.190: debug: Re-signing not necessary! +2008-06-12 17:49:43.190: notice: end of run: 0 errors occured +2008-06-12 17:50:09.325: notice: running as ../../dnssec-signer -v -v +2008-06-12 17:50:09.327: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 17:50:09.327: debug: Check RFC5011 status +2008-06-12 17:50:09.327: debug: ->ksk5011status returns 0 +2008-06-12 17:50:09.327: debug: Check ksk status +2008-06-12 17:50:09.327: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h25m45s +2008-06-12 17:50:09.327: debug: Re-signing not necessary! +2008-06-12 17:50:09.327: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 17:50:09.327: debug: Check RFC5011 status +2008-06-12 17:50:09.327: debug: ->ksk5011status returns 2 +2008-06-12 17:50:09.327: debug: Re-signing not necessary! +2008-06-12 17:50:09.327: notice: end of run: 0 errors occured +2008-06-12 17:52:29.309: notice: running as ../../dnssec-signer -v -v +2008-06-12 17:52:29.311: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 17:52:29.312: debug: Check RFC5011 status +2008-06-12 17:52:29.312: debug: ->ksk5011status returns 0 +2008-06-12 17:52:29.312: debug: Check ksk status +2008-06-12 17:52:29.312: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h28m5s +2008-06-12 17:52:29.312: debug: Re-signing not necessary! +2008-06-12 17:52:29.312: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 17:52:29.313: debug: Check RFC5011 status +2008-06-12 17:52:29.313: debug: ->ksk5011status returns 2 +2008-06-12 17:52:29.313: debug: Re-signing not necessary! +2008-06-12 17:52:29.313: notice: end of run: 0 errors occured +2008-06-12 18:24:57.405: notice: running as ../../dnssec-signer -v -v +2008-06-12 18:24:57.409: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 18:24:57.409: debug: Check RFC5011 status +2008-06-12 18:24:57.409: debug: ->ksk5011status returns 0 +2008-06-12 18:24:57.409: debug: Check ksk status +2008-06-12 18:24:57.409: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d10h33s +2008-06-12 18:24:57.409: debug: Re-signing not necessary! +2008-06-12 18:24:57.409: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 18:24:57.409: debug: Check RFC5011 status +2008-06-12 18:24:57.409: debug: ->ksk5011status returns 2 +2008-06-12 18:24:57.410: debug: Re-signing not necessary! +2008-06-12 18:24:57.410: notice: end of run: 0 errors occured +2008-06-16 23:12:32.309: notice: +2008-06-16 23:12:32.309: notice: running as ../../dnssec-signer -v -v +2008-06-16 23:12:32.654: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-16 23:12:32.654: debug: Check RFC5011 status +2008-06-16 23:12:32.654: debug: ->ksk5011status returns 0 +2008-06-16 23:12:32.654: debug: Check ksk status +2008-06-16 23:12:32.654: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h48m8s +2008-06-16 23:12:32.654: debug: Lifetime(259200 +/-150 sec) of active key 44833 exceeded (433964 sec) +2008-06-16 23:12:32.654: debug: ->depreciate it +2008-06-16 23:12:32.654: debug: ->activate pre-publish key 55267 +2008-06-16 23:12:32.654: notice: "sub.example.net.": lifetime of zone signing key 55267 exceeded since 2d32m44s: ZSK rollover done +2008-06-16 23:12:32.654: debug: New pre-publish key needed +2008-06-16 23:12:32.790: debug: ->creating new pre-publish key 56149 +2008-06-16 23:12:32.791: debug: Re-signing necessary: New zone key +2008-06-16 23:12:32.791: notice: "sub.example.net.": re-signing triggered: New zone key +2008-06-16 23:12:32.791: debug: Writing key file "./sub.example.net./dnskey.db" +2008-06-16 23:12:32.792: debug: Signing zone "sub.example.net." +2008-06-16 23:12:32.792: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-06-16 23:12:33.022: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-16 23:12:33.022: debug: Signing completed after 1s. +2008-06-16 23:12:33.022: debug: +2008-06-16 23:12:33.023: debug: parsing zone "example.net." in dir "./example.net." +2008-06-16 23:12:33.023: debug: Check RFC5011 status +2008-06-16 23:12:33.023: debug: ->ksk5011status returns 2 +2008-06-16 23:12:33.023: debug: Re-signing necessary: re-signing interval (2d) reached +2008-06-16 23:12:33.023: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached +2008-06-16 23:12:33.023: debug: Writing key file "./example.net./dnskey.db" +2008-06-16 23:12:33.024: debug: Incrementing serial number in file "./example.net./zone.db" +2008-06-16 23:12:33.024: debug: Signing zone "example.net." +2008-06-16 23:12:33.024: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g zone.db K*.private" +2008-06-16 23:12:33.169: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-16 23:12:33.170: debug: Signing completed after 0s. +2008-06-16 23:12:33.170: debug: +2008-06-16 23:12:33.170: notice: end of run: 0 errors occured +2008-06-16 23:13:24.119: notice: ===> running as ../../dnssec-signer -v -v <=== +2008-06-16 23:13:24.121: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-16 23:13:24.121: debug: Check RFC5011 status +2008-06-16 23:13:24.121: debug: ->ksk5011status returns 0 +2008-06-16 23:13:24.121: debug: Check ksk status +2008-06-16 23:13:24.121: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h49m +2008-06-16 23:13:24.121: debug: Re-signing not necessary! +2008-06-16 23:13:24.121: debug: parsing zone "example.net." in dir "./example.net." +2008-06-16 23:13:24.121: debug: Check RFC5011 status +2008-06-16 23:13:24.121: debug: ->ksk5011status returns 2 +2008-06-16 23:13:24.121: debug: Re-signing not necessary! +2008-06-16 23:13:24.121: notice: end of run: 0 errors occured +2008-06-16 23:13:56.970: notice: =====> running as ../../dnssec-signer -v -v <===== +2008-06-16 23:13:56.972: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-16 23:13:56.972: debug: Check RFC5011 status +2008-06-16 23:13:56.972: debug: ->ksk5011status returns 0 +2008-06-16 23:13:56.972: debug: Check ksk status +2008-06-16 23:13:56.973: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h49m32s +2008-06-16 23:13:56.973: debug: Re-signing not necessary! +2008-06-16 23:13:56.973: debug: parsing zone "example.net." in dir "./example.net." +2008-06-16 23:13:56.973: debug: Check RFC5011 status +2008-06-16 23:13:56.973: debug: ->ksk5011status returns 2 +2008-06-16 23:13:56.973: debug: Re-signing not necessary! +2008-06-16 23:13:56.973: notice: end of run: 0 errors occured +2008-06-16 23:15:16.980: notice: ------------------------------------------------------------ +2008-06-16 23:15:16.982: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-16 23:15:16.982: debug: Check RFC5011 status +2008-06-16 23:15:16.982: debug: ->ksk5011status returns 0 +2008-06-16 23:15:16.982: debug: Check ksk status +2008-06-16 23:15:16.982: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h50m52s +2008-06-16 23:15:16.982: debug: Re-signing not necessary! +2008-06-16 23:15:16.982: debug: parsing zone "example.net." in dir "./example.net." +2008-06-16 23:15:16.982: debug: Check RFC5011 status +2008-06-16 23:15:16.982: debug: ->ksk5011status returns 2 +2008-06-16 23:15:16.982: debug: Re-signing not necessary! +2008-06-16 23:15:16.983: notice: end of run: 0 errors occured +2008-06-16 23:18:48.101: notice: ------------------------------------------------------------ +2008-06-16 23:18:48.101: notice: running as ../../dnssec-signer -v -v +2008-06-16 23:18:48.103: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-16 23:18:48.103: debug: Check RFC5011 status +2008-06-16 23:18:48.103: debug: ->ksk5011status returns 0 +2008-06-16 23:18:48.103: debug: Check ksk status +2008-06-16 23:18:48.103: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h54m24s +2008-06-16 23:18:48.103: debug: Re-signing not necessary! +2008-06-16 23:18:48.103: debug: +2008-06-16 23:18:48.103: debug: parsing zone "example.net." in dir "./example.net." +2008-06-16 23:18:48.104: debug: Check RFC5011 status +2008-06-16 23:18:48.104: debug: ->ksk5011status returns 2 +2008-06-16 23:18:48.104: debug: Re-signing not necessary! +2008-06-16 23:18:48.104: debug: +2008-06-16 23:18:48.104: notice: end of run: 0 errors occured +2008-06-24 14:55:16.347: notice: ------------------------------------------------------------ +2008-06-24 14:55:16.347: notice: running ../../dnssec-signer -v -v +2008-06-24 14:55:16.349: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-24 14:55:16.349: debug: Check RFC5011 status +2008-06-24 14:55:16.349: debug: ->ksk5011status returns 0 +2008-06-24 14:55:16.349: debug: Check ksk status +2008-06-24 14:55:16.349: debug: Lifetime(390 sec) of depreciated key 44833 exceeded (483774 sec) +2008-06-24 14:55:16.350: debug: ->remove it +2008-06-24 14:55:16.350: debug: Lifetime(259200 +/-150 sec) of active key 55267 exceeded (483774 sec) +2008-06-24 14:55:16.350: debug: ->depreciate it +2008-06-24 14:55:16.350: debug: ->activate pre-publish key 56149 +2008-06-24 14:55:16.350: notice: "sub.example.net.": lifetime of zone signing key 55267 exceeded: ZSK rollover done +2008-06-24 14:55:16.350: notice: "sub.example.net.": lifetime of zone signing key 56149 exceeded since 2d14h22m54s: ZSK rollover deferred: waiting for pre-publish key +2008-06-24 14:55:16.350: debug: New pre-publish key needed +2008-06-24 14:55:16.532: debug: ->creating new pre-publish key 2338 +2008-06-24 14:55:16.532: debug: Re-signing necessary: New zone key +2008-06-24 14:55:16.533: notice: "sub.example.net.": re-signing triggered: New zone key +2008-06-24 14:55:16.533: debug: Writing key file "./sub.example.net./dnskey.db" +2008-06-24 14:55:16.533: debug: Signing zone "sub.example.net." +2008-06-24 14:55:16.533: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-06-24 14:55:16.776: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-24 14:55:16.776: debug: Signing completed after 0s. +2008-06-24 14:55:16.776: debug: +2008-06-24 14:55:16.776: debug: parsing zone "example.net." in dir "./example.net." +2008-06-24 14:55:16.776: debug: Check RFC5011 status +2008-06-24 14:55:16.776: debug: ->ksk5011status returns 2 +2008-06-24 14:55:16.776: debug: Re-signing necessary: re-signing interval (2d) reached +2008-06-24 14:55:16.776: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached +2008-06-24 14:55:16.776: debug: Writing key file "./example.net./dnskey.db" +2008-06-24 14:55:16.777: debug: Incrementing serial number in file "./example.net./zone.db" +2008-06-24 14:55:16.777: debug: Signing zone "example.net." +2008-06-24 14:55:16.777: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g zone.db K*.private" +2008-06-24 14:55:16.922: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-24 14:55:16.922: debug: Signing completed after 0s. +2008-06-24 14:55:16.922: debug: +2008-06-24 14:55:16.922: notice: end of run: 0 errors occured +2008-06-24 14:57:56.093: notice: ------------------------------------------------------------ +2008-06-24 14:57:56.094: notice: running ../../dnssec-signer -v -v +2008-06-24 14:57:56.096: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-24 14:57:56.096: debug: Check RFC5011 status +2008-06-24 14:57:56.096: debug: ->ksk5011status returns 0 +2008-06-24 14:57:56.096: debug: Check ksk status +2008-06-24 14:57:56.097: debug: Re-signing not necessary! +2008-06-24 14:57:56.097: debug: +2008-06-24 14:57:56.097: debug: parsing zone "example.net." in dir "./example.net." +2008-06-24 14:57:56.097: debug: Check RFC5011 status +2008-06-24 14:57:56.097: debug: ->ksk5011status returns 2 +2008-06-24 14:57:56.097: debug: Re-signing not necessary! +2008-06-24 14:57:56.097: debug: +2008-06-24 14:57:56.098: notice: end of run: 0 errors occured +2008-06-24 23:26:12.632: notice: ------------------------------------------------------------ +2008-06-24 23:26:12.632: notice: running ../../dnssec-signer -v -v +2008-06-24 23:26:12.648: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-24 23:26:12.648: debug: Check RFC5011 status +2008-06-24 23:26:12.648: debug: ->ksk5011status returns 0 +2008-06-24 23:26:12.648: debug: Check ksk status +2008-06-24 23:26:12.648: debug: Lifetime(390 sec) of depreciated key 55267 exceeded (30656 sec) +2008-06-24 23:26:12.648: debug: ->remove it +2008-06-24 23:26:12.648: debug: Re-signing necessary: New zone key +2008-06-24 23:26:12.649: notice: "sub.example.net.": re-signing triggered: New zone key +2008-06-24 23:26:12.649: debug: Writing key file "./sub.example.net./dnskey.db" +2008-06-24 23:26:12.655: debug: Signing zone "sub.example.net." +2008-06-24 23:26:12.655: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-06-24 23:26:13.030: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-24 23:26:13.030: debug: Signing completed after 1s. +2008-06-24 23:26:13.030: debug: +2008-06-24 23:26:13.030: debug: parsing zone "example.net." in dir "./example.net." +2008-06-24 23:26:13.030: debug: Check RFC5011 status +2008-06-24 23:26:13.030: debug: ->ksk5011status returns 2 +2008-06-24 23:26:13.030: debug: Re-signing not necessary! +2008-06-24 23:26:13.030: debug: +2008-06-24 23:26:13.030: notice: end of run: 0 errors occured +2008-07-08 00:53:55.013: notice: ------------------------------------------------------------ +2008-07-08 00:53:55.013: notice: running ../../dnssec-signer -v -v +2008-07-08 00:53:55.015: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-08 00:53:55.015: debug: Check RFC5011 status +2008-07-08 00:53:55.015: debug: ->ksk5011status returns 0 +2008-07-08 00:53:55.015: debug: Check KSK status +2008-07-08 00:53:55.015: debug: Check ZSK status +2008-07-08 00:53:55.015: debug: Lifetime(259200 +/-150 sec) of active key 56149 exceeded (1159119 sec) +2008-07-08 00:53:55.015: debug: ->depreciate it +2008-07-08 00:53:55.015: debug: ->activate pre-publish key 2338 +2008-07-08 00:53:55.018: notice: "sub.example.net.": lifetime of zone signing key 56149 exceeded: ZSK rollover done +2008-07-08 00:53:55.018: debug: New pre-publish key needed +2008-07-08 00:53:55.547: debug: ->creating new pre-publish key 9198 +2008-07-08 00:53:55.547: info: "sub.example.net.": new pre-publish key 9198 created +2008-07-08 00:53:55.547: debug: Re-signing necessary: New zone key +2008-07-08 00:53:55.548: notice: "sub.example.net.": re-signing triggered: New zone key +2008-07-08 00:53:55.548: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-08 00:53:55.578: debug: Signing zone "sub.example.net." +2008-07-08 00:53:55.578: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-08 00:53:55.708: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-08 00:53:55.708: debug: Signing completed after 0s. +2008-07-08 00:53:55.708: debug: +2008-07-08 00:53:55.708: debug: parsing zone "example.net." in dir "./example.net." +2008-07-08 00:53:55.708: debug: Check RFC5011 status +2008-07-08 00:53:55.708: debug: ->ksk5011status returns 2 +2008-07-08 00:53:55.708: debug: Check ZSK status +2008-07-08 00:53:55.708: debug: Lifetime(1209600 +/-150 sec) of active key 14939 exceeded (1642893 sec) +2008-07-08 00:53:55.708: debug: ->waiting for pre-publish key +2008-07-08 00:53:55.708: notice: "example.net.": lifetime of zone signing key 14939 exceeded since 5d21m33s: ZSK rollover deferred: waiting for pre-publish key +2008-07-08 00:53:55.708: debug: New pre-publish key needed +2008-07-08 00:53:55.747: debug: ->creating new pre-publish key 16682 +2008-07-08 00:53:55.747: info: "example.net.": new pre-publish key 16682 created +2008-07-08 00:53:55.747: debug: Re-signing necessary: New zone key +2008-07-08 00:53:55.747: notice: "example.net.": re-signing triggered: New zone key +2008-07-08 00:53:55.747: debug: Writing key file "./example.net./dnskey.db" +2008-07-08 00:53:55.748: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-08 00:53:55.748: debug: Signing zone "example.net." +2008-07-08 00:53:55.748: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-08 00:53:55.899: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-08 00:53:55.899: debug: Signing completed after 0s. +2008-07-08 00:53:55.899: debug: +2008-07-08 00:53:55.899: notice: end of run: 0 errors occured +2008-07-08 00:53:57.597: notice: ------------------------------------------------------------ +2008-07-08 00:53:57.597: notice: running ../../dnssec-signer -v -v +2008-07-08 00:53:57.599: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-08 00:53:57.599: debug: Check RFC5011 status +2008-07-08 00:53:57.599: debug: ->ksk5011status returns 0 +2008-07-08 00:53:57.599: debug: Check KSK status +2008-07-08 00:53:57.599: debug: Check ZSK status +2008-07-08 00:53:57.599: debug: Re-signing not necessary! +2008-07-08 00:53:57.599: debug: Check if there is a parent file to copy +2008-07-08 00:53:57.599: debug: +2008-07-08 00:53:57.599: debug: parsing zone "example.net." in dir "./example.net." +2008-07-08 00:53:57.599: debug: Check RFC5011 status +2008-07-08 00:53:57.599: debug: ->ksk5011status returns 2 +2008-07-08 00:53:57.599: debug: Check ZSK status +2008-07-08 00:53:57.599: debug: Lifetime(1209600 +/-150 sec) of active key 14939 exceeded (1642895 sec) +2008-07-08 00:53:57.599: debug: ->waiting for pre-publish key +2008-07-08 00:53:57.600: notice: "example.net.": lifetime of zone signing key 14939 exceeded since 5d21m35s: ZSK rollover deferred: waiting for pre-publish key +2008-07-08 00:53:57.600: debug: Re-signing not necessary! +2008-07-08 00:53:57.600: debug: Check if there is a parent file to copy +2008-07-08 00:53:57.600: debug: +2008-07-08 00:53:57.600: notice: end of run: 0 errors occured +2008-07-08 20:28:20.476: notice: ------------------------------------------------------------ +2008-07-08 20:28:20.476: notice: running ../../dnssec-signer -v -v -N named.conf +2008-07-08 20:28:20.476: debug: parsing zone "sub.example.net." in dir "././sub.example.net." +2008-07-08 20:28:20.476: debug: Check RFC5011 status +2008-07-08 20:28:20.476: debug: ->ksk5011status returns 0 +2008-07-08 20:28:20.476: debug: Check KSK status +2008-07-08 20:28:20.476: debug: Check ZSK status +2008-07-08 20:28:20.476: debug: Lifetime(390 sec) of depreciated key 56149 exceeded (70465 sec) +2008-07-08 20:28:20.476: info: "sub.example.net.": removed old ZSK 56149 + +2008-07-08 20:28:20.656: debug: ->remove it +2008-07-08 20:28:20.656: debug: Re-signing necessary: New zone key +2008-07-08 20:28:20.656: notice: "sub.example.net.": re-signing triggered: New zone key +2008-07-08 20:28:20.656: debug: Writing key file "././sub.example.net./dnskey.db" +2008-07-08 20:28:20.656: debug: Signing zone "sub.example.net." +2008-07-08 20:28:20.656: debug: Run cmd "cd ././sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-08 20:28:20.990: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-08 20:28:20.990: debug: Signing completed after 0s. +2008-07-08 20:28:20.990: debug: +2008-07-08 20:28:20.990: debug: parsing zone "example.net." in dir "././example.net." +2008-07-08 20:28:20.990: debug: Check RFC5011 status +2008-07-08 20:28:20.990: debug: ->ksk5011status returns 2 +2008-07-08 20:28:20.990: debug: Check ZSK status +2008-07-08 20:28:20.990: debug: Lifetime(1209600 +/-150 sec) of active key 14939 exceeded (1713358 sec) +2008-07-08 20:28:20.990: debug: ->depreciate it +2008-07-08 20:28:20.990: debug: ->activate pre-publish key 16682 +2008-07-08 20:28:20.990: notice: "example.net.": lifetime of zone signing key 14939 exceeded: ZSK rollover done +2008-07-08 20:28:20.990: debug: Re-signing necessary: New zone key +2008-07-08 20:28:20.990: notice: "example.net.": re-signing triggered: New zone key +2008-07-08 20:28:20.990: debug: Writing key file "././example.net./dnskey.db" +2008-07-08 20:28:20.991: debug: Incrementing serial number in file "././example.net./zone.db" +2008-07-08 20:28:20.991: debug: Signing zone "example.net." +2008-07-08 20:28:20.991: debug: Run cmd "cd ././example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-08 20:28:21.112: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-08 20:28:21.112: debug: Signing completed after 1s. +2008-07-08 20:28:21.112: debug: +2008-07-08 20:28:21.113: notice: end of run: 0 errors occured +2008-07-08 20:32:23.121: notice: ------------------------------------------------------------ +2008-07-08 20:32:23.121: notice: running ../../dnssec-signer -v -v +2008-07-08 20:32:23.123: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-08 20:32:23.123: debug: Check RFC5011 status +2008-07-08 20:32:23.124: debug: ->ksk5011status returns 0 +2008-07-08 20:32:23.124: debug: Check KSK status +2008-07-08 20:32:23.124: debug: Check ZSK status +2008-07-08 20:32:23.124: debug: Re-signing not necessary! +2008-07-08 20:32:23.124: debug: Check if there is a parent file to copy +2008-07-08 20:32:23.124: debug: +2008-07-08 20:32:23.124: debug: parsing zone "example.net." in dir "./example.net." +2008-07-08 20:32:23.124: debug: Check RFC5011 status +2008-07-08 20:32:23.124: debug: ->ksk5011status returns 2 +2008-07-08 20:32:23.124: debug: Check ZSK status +2008-07-08 20:32:23.124: debug: Re-signing not necessary! +2008-07-08 20:32:23.124: debug: Check if there is a parent file to copy +2008-07-08 20:32:23.124: debug: +2008-07-08 20:32:23.124: notice: end of run: 0 errors occured +2008-07-08 20:32:30.246: notice: ------------------------------------------------------------ +2008-07-08 20:32:30.246: notice: running ../../dnssec-signer -v -v -N named.conf +2008-07-08 20:32:30.246: debug: parsing zone "sub.example.net." in dir "././sub.example.net." +2008-07-08 20:32:30.246: debug: Check RFC5011 status +2008-07-08 20:32:30.246: debug: ->ksk5011status returns 0 +2008-07-08 20:32:30.246: debug: Check KSK status +2008-07-08 20:32:30.246: debug: Check ZSK status +2008-07-08 20:32:30.246: debug: Re-signing not necessary! +2008-07-08 20:32:30.246: debug: Check if there is a parent file to copy +2008-07-08 20:32:30.246: debug: +2008-07-08 20:32:30.246: debug: parsing zone "example.net." in dir "././example.net." +2008-07-08 20:32:30.246: debug: Check RFC5011 status +2008-07-08 20:32:30.246: debug: ->ksk5011status returns 2 +2008-07-08 20:32:30.247: debug: Check ZSK status +2008-07-08 20:32:30.247: debug: Re-signing not necessary! +2008-07-08 20:32:30.247: debug: Check if there is a parent file to copy +2008-07-08 20:32:30.247: debug: +2008-07-08 20:32:30.247: notice: end of run: 0 errors occured +2008-07-08 20:35:51.512: notice: ------------------------------------------------------------ +2008-07-08 20:35:51.512: notice: running ../../dnssec-signer -v -v -N named.conf +2008-07-08 20:35:51.512: debug: parsing zone "sub.example.net." in dir "././sub.example.net." +2008-07-08 20:35:51.512: debug: Check RFC5011 status +2008-07-08 20:35:51.512: debug: ->ksk5011status returns 0 +2008-07-08 20:35:51.513: debug: Check KSK status +2008-07-08 20:35:51.513: debug: Check ZSK status +2008-07-08 20:35:51.513: debug: Re-signing not necessary! +2008-07-08 20:35:51.513: debug: Check if there is a parent file to copy +2008-07-08 20:35:51.513: debug: +2008-07-08 20:35:51.513: debug: parsing zone "example.net." in dir "././example.net." +2008-07-08 20:35:51.513: debug: Check RFC5011 status +2008-07-08 20:35:51.513: debug: ->ksk5011status returns 2 +2008-07-08 20:35:51.513: debug: Check ZSK status +2008-07-08 20:35:51.513: debug: Re-signing not necessary! +2008-07-08 20:35:51.513: debug: Check if there is a parent file to copy +2008-07-08 20:35:51.513: debug: +2008-07-08 20:35:51.513: notice: end of run: 0 errors occured +2008-07-08 20:37:16.569: notice: ------------------------------------------------------------ +2008-07-08 20:37:16.569: notice: running ../../dnssec-signer -v -v -N named.conf +2008-07-08 20:37:16.569: debug: parsing zone "sub.example.net." in dir "././sub.example.net." +2008-07-08 20:37:16.569: debug: Check RFC5011 status +2008-07-08 20:37:16.569: debug: ->ksk5011status returns 0 +2008-07-08 20:37:16.570: debug: Check KSK status +2008-07-08 20:37:16.570: debug: Check ZSK status +2008-07-08 20:37:16.570: debug: Re-signing not necessary! +2008-07-08 20:37:16.570: debug: Check if there is a parent file to copy +2008-07-08 20:37:16.570: debug: +2008-07-08 20:37:16.570: debug: parsing zone "example.net." in dir "././example.net." +2008-07-08 20:37:16.570: debug: Check RFC5011 status +2008-07-08 20:37:16.570: debug: ->ksk5011status returns 2 +2008-07-08 20:37:16.570: debug: Check ZSK status +2008-07-08 20:37:16.570: debug: Re-signing not necessary! +2008-07-08 20:37:16.570: debug: Check if there is a parent file to copy +2008-07-08 20:37:16.570: debug: +2008-07-08 20:37:16.570: notice: end of run: 0 errors occured +2008-07-08 20:37:29.134: notice: ------------------------------------------------------------ +2008-07-08 20:37:29.134: notice: running ../../dnssec-signer -v -v +2008-07-08 20:37:29.137: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-08 20:37:29.137: debug: Check RFC5011 status +2008-07-08 20:37:29.137: debug: ->ksk5011status returns 0 +2008-07-08 20:37:29.137: debug: Check KSK status +2008-07-08 20:37:29.137: debug: Check ZSK status +2008-07-08 20:37:29.137: debug: Re-signing not necessary! +2008-07-08 20:37:29.138: debug: Check if there is a parent file to copy +2008-07-08 20:37:29.138: debug: +2008-07-08 20:37:29.138: debug: parsing zone "example.net." in dir "./example.net." +2008-07-08 20:37:29.138: debug: Check RFC5011 status +2008-07-08 20:37:29.138: debug: ->ksk5011status returns 2 +2008-07-08 20:37:29.138: debug: Check ZSK status +2008-07-08 20:37:29.138: debug: Re-signing not necessary! +2008-07-08 20:37:29.139: debug: Check if there is a parent file to copy +2008-07-08 20:37:29.139: debug: +2008-07-08 20:37:29.139: notice: end of run: 0 errors occured +2008-07-08 20:39:39.895: notice: ------------------------------------------------------------ +2008-07-08 20:39:39.895: notice: running ../../dnssec-signer -N named.conf -v -v +2008-07-08 20:39:39.895: debug: parsing zone "sub.example.net." in dir "././sub.example.net." +2008-07-08 20:39:39.895: debug: Check RFC5011 status +2008-07-08 20:39:39.895: debug: ->ksk5011status returns 0 +2008-07-08 20:39:39.895: debug: Check KSK status +2008-07-08 20:39:39.895: debug: Check ZSK status +2008-07-08 20:39:39.895: debug: Re-signing not necessary! +2008-07-08 20:39:39.895: debug: Check if there is a parent file to copy +2008-07-08 20:39:39.895: debug: +2008-07-08 20:39:39.895: debug: parsing zone "example.net." in dir "././example.net." +2008-07-08 20:39:39.895: debug: Check RFC5011 status +2008-07-08 20:39:39.895: debug: ->ksk5011status returns 2 +2008-07-08 20:39:39.895: debug: Check ZSK status +2008-07-08 20:39:39.895: debug: Re-signing not necessary! +2008-07-08 20:39:39.895: debug: Check if there is a parent file to copy +2008-07-08 20:39:39.895: debug: +2008-07-08 20:39:39.895: notice: end of run: 0 errors occured +2008-07-08 20:42:54.377: notice: ------------------------------------------------------------ +2008-07-08 20:42:54.377: notice: running ../../dnssec-signer -v -v -D . +2008-07-08 20:42:54.377: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-08 20:42:54.377: debug: Check RFC5011 status +2008-07-08 20:42:54.377: debug: ->ksk5011status returns 0 +2008-07-08 20:42:54.377: debug: Check KSK status +2008-07-08 20:42:54.377: debug: Check ZSK status +2008-07-08 20:42:54.377: debug: Re-signing not necessary! +2008-07-08 20:42:54.377: debug: Check if there is a parent file to copy +2008-07-08 20:42:54.377: debug: +2008-07-08 20:42:54.377: debug: parsing zone "example.net." in dir "./example.net." +2008-07-08 20:42:54.378: debug: Check RFC5011 status +2008-07-08 20:42:54.378: debug: ->ksk5011status returns 2 +2008-07-08 20:42:54.378: debug: Check ZSK status +2008-07-08 20:42:54.378: debug: Re-signing not necessary! +2008-07-08 20:42:54.378: debug: Check if there is a parent file to copy +2008-07-08 20:42:54.378: debug: +2008-07-08 20:42:54.378: notice: end of run: 0 errors occured +2008-07-08 20:53:40.414: notice: ------------------------------------------------------------ +2008-07-08 20:53:40.414: notice: running ../../dnssec-signer -v -v -D . +2008-07-08 20:53:40.417: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-08 20:53:40.417: debug: Check RFC5011 status +2008-07-08 20:53:40.417: debug: ->ksk5011status returns 0 +2008-07-08 20:53:40.417: debug: Check KSK status +2008-07-08 20:53:40.417: debug: Check ZSK status +2008-07-08 20:53:40.417: debug: Re-signing not necessary! +2008-07-08 20:53:40.417: debug: Check if there is a parent file to copy +2008-07-08 20:53:40.417: debug: +2008-07-08 20:53:40.417: debug: parsing zone "example.net." in dir "./example.net." +2008-07-08 20:53:40.417: debug: Check RFC5011 status +2008-07-08 20:53:40.417: debug: ->ksk5011status returns 2 +2008-07-08 20:53:40.417: debug: Check ZSK status +2008-07-08 20:53:40.417: debug: Re-signing not necessary! +2008-07-08 20:53:40.418: debug: Check if there is a parent file to copy +2008-07-08 20:53:40.418: debug: +2008-07-08 20:53:40.418: notice: end of run: 0 errors occured +2008-07-08 20:53:49.488: notice: ------------------------------------------------------------ +2008-07-08 20:53:49.488: notice: running ../../dnssec-signer -v -v -N named.conf +2008-07-08 20:53:49.490: debug: parsing zone "sub.example.net." in dir "././sub.example.net." +2008-07-08 20:53:49.490: debug: Check RFC5011 status +2008-07-08 20:53:49.490: debug: ->ksk5011status returns 0 +2008-07-08 20:53:49.491: debug: Check KSK status +2008-07-08 20:53:49.491: debug: Check ZSK status +2008-07-08 20:53:49.491: debug: Re-signing not necessary! +2008-07-08 20:53:49.491: debug: Check if there is a parent file to copy +2008-07-08 20:53:49.491: debug: +2008-07-08 20:53:49.491: debug: parsing zone "example.net." in dir "././example.net." +2008-07-08 20:53:49.492: debug: Check RFC5011 status +2008-07-08 20:53:49.492: debug: ->ksk5011status returns 2 +2008-07-08 20:53:49.492: debug: Check ZSK status +2008-07-08 20:53:49.492: debug: Re-signing not necessary! +2008-07-08 20:53:49.492: debug: Check if there is a parent file to copy +2008-07-08 20:53:49.492: debug: +2008-07-08 20:53:49.492: notice: end of run: 0 errors occured +2008-07-09 00:42:08.103: notice: ------------------------------------------------------------ +2008-07-09 00:42:08.103: notice: running ../../dnssec-signer -v -v +2008-07-09 00:42:08.106: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-09 00:42:08.106: debug: Check RFC5011 status +2008-07-09 00:42:08.106: debug: ->ksk5011status returns 0 +2008-07-09 00:42:08.106: debug: Check KSK status +2008-07-09 00:42:08.106: debug: ksk_rollover +2008-07-09 00:42:08.106: debug: Check ZSK status +2008-07-09 00:42:08.106: debug: Re-signing not necessary! +2008-07-09 00:42:08.106: debug: Check if there is a parent file to copy +2008-07-09 00:42:08.106: debug: +2008-07-09 00:42:08.106: debug: parsing zone "example.net." in dir "./example.net." +2008-07-09 00:42:08.106: debug: Check RFC5011 status +2008-07-09 00:42:08.106: debug: ->ksk5011status returns 2 +2008-07-09 00:42:08.106: debug: Check ZSK status +2008-07-09 00:42:08.106: debug: Re-signing not necessary! +2008-07-09 00:42:08.106: debug: Check if there is a parent file to copy +2008-07-09 00:42:08.106: debug: +2008-07-09 00:42:08.106: notice: end of run: 0 errors occured +2008-07-09 00:45:19.663: notice: ------------------------------------------------------------ +2008-07-09 00:45:19.663: notice: running ../../dnssec-signer -v -v +2008-07-09 00:45:19.665: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-09 00:45:19.665: debug: Check RFC5011 status +2008-07-09 00:45:19.665: debug: ->ksk5011status returns 0 +2008-07-09 00:45:19.665: debug: Check KSK status +2008-07-09 00:45:19.665: debug: Check ZSK status +2008-07-09 00:45:19.665: debug: Re-signing not necessary! +2008-07-09 00:45:19.665: debug: Check if there is a parent file to copy +2008-07-09 00:45:19.665: debug: +2008-07-09 00:45:19.665: debug: parsing zone "example.net." in dir "./example.net." +2008-07-09 00:45:19.665: debug: Check RFC5011 status +2008-07-09 00:45:19.665: debug: ->ksk5011status returns 2 +2008-07-09 00:45:19.665: debug: Check ZSK status +2008-07-09 00:45:19.665: debug: Re-signing not necessary! +2008-07-09 00:45:19.665: debug: Check if there is a parent file to copy +2008-07-09 00:45:19.665: debug: +2008-07-09 00:45:19.665: notice: end of run: 0 errors occured +2008-07-09 23:46:12.682: notice: ------------------------------------------------------------ +2008-07-09 23:46:12.682: notice: running ../../dnssec-signer -v -v -D /home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/ +2008-07-09 23:46:12.702: debug: parsing zone "sub.example.net." in dir "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/sub.example.net." +2008-07-09 23:46:12.702: debug: Check RFC5011 status +2008-07-09 23:46:12.702: debug: ->ksk5011status returns 0 +2008-07-09 23:46:12.702: debug: Check KSK status +2008-07-09 23:46:12.702: debug: Check ZSK status +2008-07-09 23:46:12.702: debug: Re-signing necessary: re-signing interval (1d) reached +2008-07-09 23:46:12.702: notice: "sub.example.net.": re-signing triggered: re-signing interval (1d) reached +2008-07-09 23:46:12.702: debug: Writing key file "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/sub.example.net./dnskey.db" +2008-07-09 23:46:12.702: debug: Signing zone "sub.example.net." +2008-07-09 23:46:12.702: debug: Run cmd "cd /home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-09 23:46:13.222: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-09 23:46:13.222: debug: Signing completed after 1s. +2008-07-09 23:46:13.222: debug: +2008-07-09 23:46:13.222: debug: parsing zone "example.net." in dir "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net." +2008-07-09 23:46:13.222: debug: Check RFC5011 status +2008-07-09 23:46:13.222: debug: ->ksk5011status returns 2 +2008-07-09 23:46:13.222: debug: Check ZSK status +2008-07-09 23:46:13.222: debug: Lifetime(29100 sec) of depreciated key 14939 exceeded (98273 sec) +2008-07-09 23:46:13.222: info: "example.net.": removed old ZSK 14939 + +2008-07-09 23:46:13.222: debug: ->remove it +2008-07-09 23:46:13.222: debug: Re-signing necessary: New zone key +2008-07-09 23:46:13.222: notice: "example.net.": re-signing triggered: New zone key +2008-07-09 23:46:13.222: debug: Writing key file "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net./dnskey.db" +2008-07-09 23:46:13.223: debug: Incrementing serial number in file "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net./zone.db" +2008-07-09 23:46:13.223: debug: Signing zone "example.net." +2008-07-09 23:46:13.223: debug: Run cmd "cd /home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-09 23:46:13.374: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-09 23:46:13.374: debug: Signing completed after 0s. +2008-07-09 23:46:13.374: debug: +2008-07-09 23:46:13.374: notice: end of run: 0 errors occured +2008-07-15 00:21:04.641: notice: ------------------------------------------------------------ +2008-07-15 00:21:04.641: notice: running ../../dnssec-signer -r -v -v +2008-07-15 00:21:05.071: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-15 00:21:05.071: debug: Check RFC5011 status +2008-07-15 00:21:05.071: debug: ->ksk5011status returns 0 +2008-07-15 00:21:05.071: debug: Check KSK status +2008-07-15 00:21:05.071: debug: Check ZSK status +2008-07-15 00:21:05.071: debug: Lifetime(259200 +/-150 sec) of active key 2338 exceeded (602830 sec) +2008-07-15 00:21:05.071: debug: ->depreciate it +2008-07-15 00:21:05.072: debug: ->activate published key 9198 +2008-07-15 00:21:05.072: notice: "sub.example.net.": lifetime of zone signing key 2338 exceeded: ZSK rollover done +2008-07-15 00:21:05.072: debug: New published key needed +2008-07-15 00:21:05.128: debug: ->creating new published key 8397 +2008-07-15 00:21:05.128: info: "sub.example.net.": new published key 8397 created +2008-07-15 00:21:05.128: debug: Re-signing necessary: New zone key +2008-07-15 00:21:05.128: notice: "sub.example.net.": re-signing triggered: New zone key +2008-07-15 00:21:05.129: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-15 00:21:05.129: debug: Signing zone "sub.example.net." +2008-07-15 00:21:05.129: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-15 00:21:05.274: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:21:05.274: debug: Signing completed after 0s. +2008-07-15 00:21:05.274: notice: "sub.example.net.": distribution triggered +2008-07-15 00:21:05.275: debug: Distribute zone "sub.example.net." +2008-07-15 00:21:05.275: debug: Run cmd "./dist.sh reload sub.example.net." +2008-07-15 00:21:05.279: debug: +2008-07-15 00:21:05.279: debug: parsing zone "example.net." in dir "./example.net." +2008-07-15 00:21:05.279: debug: Check RFC5011 status +2008-07-15 00:21:05.279: debug: ->ksk5011status returns 2 +2008-07-15 00:21:05.279: debug: Check ZSK status +2008-07-15 00:21:05.279: debug: Re-signing necessary: re-signing interval (2d) reached +2008-07-15 00:21:05.279: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached +2008-07-15 00:21:05.279: debug: Writing key file "./example.net./dnskey.db" +2008-07-15 00:21:05.280: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-15 00:21:05.280: debug: Signing zone "example.net." +2008-07-15 00:21:05.280: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-15 00:21:05.418: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:21:05.419: debug: Signing completed after 0s. +2008-07-15 00:21:05.419: notice: "example.net.": distribution triggered +2008-07-15 00:21:05.419: debug: Distribute zone "example.net." +2008-07-15 00:21:05.419: debug: Run cmd "./dist.sh reload example.net." +2008-07-15 00:21:05.423: debug: +2008-07-15 00:21:05.423: notice: end of run: 0 errors occured +2008-07-15 00:21:18.128: notice: ------------------------------------------------------------ +2008-07-15 00:21:18.128: notice: running ../../dnssec-signer -r -v -v +2008-07-15 00:21:18.130: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-15 00:21:18.130: debug: Check RFC5011 status +2008-07-15 00:21:18.130: debug: ->ksk5011status returns 0 +2008-07-15 00:21:18.130: debug: Check KSK status +2008-07-15 00:21:18.130: debug: Check ZSK status +2008-07-15 00:21:18.130: debug: Re-signing not necessary! +2008-07-15 00:21:18.130: debug: Check if there is a parent file to copy +2008-07-15 00:21:18.130: debug: +2008-07-15 00:21:18.130: debug: parsing zone "example.net." in dir "./example.net." +2008-07-15 00:21:18.131: debug: Check RFC5011 status +2008-07-15 00:21:18.131: debug: ->ksk5011status returns 2 +2008-07-15 00:21:18.131: debug: Check ZSK status +2008-07-15 00:21:18.131: debug: Re-signing not necessary! +2008-07-15 00:21:18.131: debug: Check if there is a parent file to copy +2008-07-15 00:21:18.131: debug: +2008-07-15 00:21:18.131: notice: end of run: 0 errors occured +2008-07-15 00:21:26.360: notice: ------------------------------------------------------------ +2008-07-15 00:21:26.360: notice: running ../../dnssec-signer -f -r -v -v +2008-07-15 00:21:26.362: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-15 00:21:26.362: debug: Check RFC5011 status +2008-07-15 00:21:26.362: debug: ->ksk5011status returns 0 +2008-07-15 00:21:26.362: debug: Check KSK status +2008-07-15 00:21:26.362: debug: Check ZSK status +2008-07-15 00:21:26.362: debug: Re-signing necessary: Option -f +2008-07-15 00:21:26.362: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-15 00:21:26.362: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-15 00:21:26.363: debug: Signing zone "sub.example.net." +2008-07-15 00:21:26.363: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-15 00:21:26.978: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:21:26.978: debug: Signing completed after 0s. +2008-07-15 00:21:26.978: notice: "sub.example.net.": distribution triggered +2008-07-15 00:21:26.978: debug: Distribute zone "sub.example.net." +2008-07-15 00:21:26.978: debug: Run cmd "./dist.sh reload sub.example.net." +2008-07-15 00:21:26.983: debug: +2008-07-15 00:21:26.983: debug: parsing zone "example.net." in dir "./example.net." +2008-07-15 00:21:26.983: debug: Check RFC5011 status +2008-07-15 00:21:26.983: debug: ->ksk5011status returns 2 +2008-07-15 00:21:26.983: debug: Check ZSK status +2008-07-15 00:21:26.983: debug: Re-signing necessary: Option -f +2008-07-15 00:21:26.983: notice: "example.net.": re-signing triggered: Option -f +2008-07-15 00:21:26.983: debug: Writing key file "./example.net./dnskey.db" +2008-07-15 00:21:26.983: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-15 00:21:26.983: debug: Signing zone "example.net." +2008-07-15 00:21:26.983: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-15 00:21:27.122: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:21:27.122: debug: Signing completed after 1s. +2008-07-15 00:21:27.122: notice: "example.net.": distribution triggered +2008-07-15 00:21:27.122: debug: Distribute zone "example.net." +2008-07-15 00:21:27.122: debug: Run cmd "./dist.sh reload example.net." +2008-07-15 00:21:27.127: debug: +2008-07-15 00:21:27.127: notice: end of run: 0 errors occured +2008-07-15 00:21:52.947: notice: ------------------------------------------------------------ +2008-07-15 00:21:52.947: notice: running ../../dnssec-signer -f -r -v -v +2008-07-15 00:21:52.951: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-15 00:21:52.951: debug: Check RFC5011 status +2008-07-15 00:21:52.951: debug: ->ksk5011status returns 0 +2008-07-15 00:21:52.951: debug: Check KSK status +2008-07-15 00:21:52.951: debug: Check ZSK status +2008-07-15 00:21:52.951: debug: Re-signing necessary: Option -f +2008-07-15 00:21:52.951: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-15 00:21:52.951: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-15 00:21:52.952: debug: Signing zone "sub.example.net." +2008-07-15 00:21:52.952: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-15 00:21:53.119: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:21:53.119: debug: Signing completed after 1s. +2008-07-15 00:21:53.120: notice: "sub.example.net.": distribution triggered +2008-07-15 00:21:53.120: debug: Distribute zone "sub.example.net." +2008-07-15 00:21:53.120: debug: Run cmd "./dist.sh reload sub.example.net." +2008-07-15 00:21:53.126: debug: +2008-07-15 00:21:53.126: debug: parsing zone "example.net." in dir "./example.net." +2008-07-15 00:21:53.126: debug: Check RFC5011 status +2008-07-15 00:21:53.126: debug: ->ksk5011status returns 2 +2008-07-15 00:21:53.126: debug: Check ZSK status +2008-07-15 00:21:53.126: debug: Re-signing necessary: Option -f +2008-07-15 00:21:53.126: notice: "example.net.": re-signing triggered: Option -f +2008-07-15 00:21:53.126: debug: Writing key file "./example.net./dnskey.db" +2008-07-15 00:21:53.126: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-15 00:21:53.126: debug: Signing zone "example.net." +2008-07-15 00:21:53.126: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-15 00:21:53.262: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:21:53.262: debug: Signing completed after 0s. +2008-07-15 00:21:53.262: notice: "example.net.": distribution triggered +2008-07-15 00:21:53.262: debug: Distribute zone "example.net." +2008-07-15 00:21:53.262: debug: Run cmd "./dist.sh reload example.net." +2008-07-15 00:21:53.268: debug: +2008-07-15 00:21:53.268: notice: end of run: 0 errors occured +2008-07-15 00:23:40.781: notice: ------------------------------------------------------------ +2008-07-15 00:23:40.781: notice: running ../../dnssec-signer -f -r -v -v +2008-07-15 00:23:40.783: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-15 00:23:40.783: debug: Check RFC5011 status +2008-07-15 00:23:40.783: debug: ->ksk5011status returns 0 +2008-07-15 00:23:40.783: debug: Check KSK status +2008-07-15 00:23:40.783: debug: Check ZSK status +2008-07-15 00:23:40.783: debug: Re-signing necessary: Option -f +2008-07-15 00:23:40.783: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-15 00:23:40.783: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-15 00:23:40.786: debug: Signing zone "sub.example.net." +2008-07-15 00:23:40.786: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-15 00:23:41.281: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:23:41.281: debug: Signing completed after 1s. +2008-07-15 00:23:41.281: notice: "sub.example.net.": distribution triggered +2008-07-15 00:23:41.281: debug: Distribute zone "sub.example.net." +2008-07-15 00:23:41.281: debug: Run cmd "./dist.sh reload sub.example.net." +2008-07-15 00:23:41.287: debug: +2008-07-15 00:23:41.287: debug: parsing zone "example.net." in dir "./example.net." +2008-07-15 00:23:41.287: debug: Check RFC5011 status +2008-07-15 00:23:41.287: debug: ->ksk5011status returns 2 +2008-07-15 00:23:41.287: debug: Check ZSK status +2008-07-15 00:23:41.287: debug: Re-signing necessary: Option -f +2008-07-15 00:23:41.287: notice: "example.net.": re-signing triggered: Option -f +2008-07-15 00:23:41.288: debug: Writing key file "./example.net./dnskey.db" +2008-07-15 00:23:41.288: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-15 00:23:41.288: debug: Signing zone "example.net." +2008-07-15 00:23:41.289: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-15 00:23:41.561: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:23:41.561: debug: Signing completed after 0s. +2008-07-15 00:23:41.561: notice: "example.net.": distribution triggered +2008-07-15 00:23:41.561: debug: Distribute zone "example.net." +2008-07-15 00:23:41.561: debug: Run cmd "./dist.sh reload example.net." +2008-07-15 00:23:41.566: debug: +2008-07-15 00:23:41.567: notice: end of run: 0 errors occured +2008-07-15 00:31:10.917: notice: ------------------------------------------------------------ +2008-07-15 00:31:10.917: notice: running ../../dnssec-signer -f -r -v -v +2008-07-15 00:31:10.923: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-15 00:31:10.923: debug: Check RFC5011 status +2008-07-15 00:31:10.923: debug: ->ksk5011status returns 0 +2008-07-15 00:31:10.923: debug: Check KSK status +2008-07-15 00:31:10.923: debug: Check ZSK status +2008-07-15 00:31:10.923: debug: Lifetime(390 sec) of depreciated key 2338 exceeded (605 sec) +2008-07-15 00:31:10.923: info: "sub.example.net.": removed old ZSK 2338 + +2008-07-15 00:31:10.924: debug: ->remove it +2008-07-15 00:31:10.924: debug: Re-signing necessary: Option -f +2008-07-15 00:31:10.924: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-15 00:31:10.924: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-15 00:31:11.347: debug: Signing zone "sub.example.net." +2008-07-15 00:31:11.347: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-15 00:31:11.571: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:31:11.571: debug: Signing completed after 0s. +2008-07-15 00:31:11.571: notice: "sub.example.net.": distribution triggered +2008-07-15 00:31:11.571: debug: Distribute zone "sub.example.net." +2008-07-15 00:31:11.571: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-15 00:31:11.579: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed :/sub.example.net." +2008-07-15 00:31:11.579: debug: +2008-07-15 00:31:11.580: debug: parsing zone "example.net." in dir "./example.net." +2008-07-15 00:31:11.580: debug: Check RFC5011 status +2008-07-15 00:31:11.580: debug: ->ksk5011status returns 2 +2008-07-15 00:31:11.580: debug: Check ZSK status +2008-07-15 00:31:11.580: debug: Re-signing necessary: Option -f +2008-07-15 00:31:11.580: notice: "example.net.": re-signing triggered: Option -f +2008-07-15 00:31:11.580: debug: Writing key file "./example.net./dnskey.db" +2008-07-15 00:31:11.581: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-15 00:31:11.581: debug: Signing zone "example.net." +2008-07-15 00:31:11.581: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-15 00:31:11.698: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:31:11.698: debug: Signing completed after 0s. +2008-07-15 00:31:11.698: notice: "example.net.": distribution triggered +2008-07-15 00:31:11.698: debug: Distribute zone "example.net." +2008-07-15 00:31:11.698: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-15 00:31:11.704: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed :/example.net." +2008-07-15 00:31:11.704: debug: +2008-07-15 00:31:11.704: notice: end of run: 0 errors occured +2008-07-15 00:32:00.676: notice: ------------------------------------------------------------ +2008-07-15 00:32:00.676: notice: running ../../dnssec-signer -f -r -v -v +2008-07-15 00:32:00.678: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-15 00:32:00.678: debug: Check RFC5011 status +2008-07-15 00:32:00.678: debug: ->ksk5011status returns 0 +2008-07-15 00:32:00.678: debug: Check KSK status +2008-07-15 00:32:00.678: debug: Check ZSK status +2008-07-15 00:32:00.678: debug: Re-signing necessary: Option -f +2008-07-15 00:32:00.678: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-15 00:32:00.678: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-15 00:32:00.679: debug: Signing zone "sub.example.net." +2008-07-15 00:32:00.679: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-15 00:32:01.282: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:32:01.282: debug: Signing completed after 1s. +2008-07-15 00:32:01.282: notice: "sub.example.net.": distribution triggered +2008-07-15 00:32:01.282: debug: Distribute zone "sub.example.net." +2008-07-15 00:32:01.282: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-15 00:32:01.289: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/sub.example.net." +2008-07-15 00:32:01.289: debug: +2008-07-15 00:32:01.289: debug: parsing zone "example.net." in dir "./example.net." +2008-07-15 00:32:01.289: debug: Check RFC5011 status +2008-07-15 00:32:01.289: debug: ->ksk5011status returns 2 +2008-07-15 00:32:01.289: debug: Check ZSK status +2008-07-15 00:32:01.290: debug: Re-signing necessary: Option -f +2008-07-15 00:32:01.290: notice: "example.net.": re-signing triggered: Option -f +2008-07-15 00:32:01.290: debug: Writing key file "./example.net./dnskey.db" +2008-07-15 00:32:01.291: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-15 00:32:01.291: debug: Signing zone "example.net." +2008-07-15 00:32:01.291: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-15 00:32:01.405: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:32:01.405: debug: Signing completed after 0s. +2008-07-15 00:32:01.406: notice: "example.net.": distribution triggered +2008-07-15 00:32:01.406: debug: Distribute zone "example.net." +2008-07-15 00:32:01.406: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-15 00:32:01.412: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/example.net." +2008-07-15 00:32:01.412: debug: +2008-07-15 00:32:01.412: notice: end of run: 0 errors occured +2008-07-15 00:33:00.866: notice: ------------------------------------------------------------ +2008-07-15 00:33:00.867: notice: running ../../dnssec-signer -f -r -v -v +2008-07-15 00:33:00.869: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-15 00:33:00.869: debug: Check RFC5011 status +2008-07-15 00:33:00.869: debug: ->ksk5011status returns 0 +2008-07-15 00:33:00.869: debug: Check KSK status +2008-07-15 00:33:00.869: debug: Check ZSK status +2008-07-15 00:33:00.869: debug: Re-signing necessary: Option -f +2008-07-15 00:33:00.870: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-15 00:33:00.870: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-15 00:33:00.870: debug: Signing zone "sub.example.net." +2008-07-15 00:33:00.870: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-15 00:33:01.531: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:33:01.531: debug: Signing completed after 1s. +2008-07-15 00:33:01.531: notice: "sub.example.net.": distribution triggered +2008-07-15 00:33:01.531: debug: Distribute zone "sub.example.net." +2008-07-15 00:33:01.531: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-15 00:33:01.537: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net." +2008-07-15 00:33:01.537: debug: +2008-07-15 00:33:01.537: debug: parsing zone "example.net." in dir "./example.net." +2008-07-15 00:33:01.538: debug: Check RFC5011 status +2008-07-15 00:33:01.538: debug: ->ksk5011status returns 2 +2008-07-15 00:33:01.538: debug: Check ZSK status +2008-07-15 00:33:01.538: debug: Re-signing necessary: Option -f +2008-07-15 00:33:01.538: notice: "example.net.": re-signing triggered: Option -f +2008-07-15 00:33:01.538: debug: Writing key file "./example.net./dnskey.db" +2008-07-15 00:33:01.539: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-15 00:33:01.539: debug: Signing zone "example.net." +2008-07-15 00:33:01.539: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-15 00:33:01.655: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:33:01.655: debug: Signing completed after 0s. +2008-07-15 00:33:01.655: notice: "example.net.": distribution triggered +2008-07-15 00:33:01.655: debug: Distribute zone "example.net." +2008-07-15 00:33:01.656: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-15 00:33:01.661: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net." +2008-07-15 00:33:01.662: debug: +2008-07-15 00:33:01.662: notice: end of run: 0 errors occured +2008-07-15 00:34:09.259: notice: ------------------------------------------------------------ +2008-07-15 00:34:09.259: notice: running ../../dnssec-signer -f -r -v -v +2008-07-15 00:34:09.261: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-15 00:34:09.261: debug: Check RFC5011 status +2008-07-15 00:34:09.261: debug: ->ksk5011status returns 0 +2008-07-15 00:34:09.261: debug: Check KSK status +2008-07-15 00:34:09.261: debug: Check ZSK status +2008-07-15 00:34:09.261: debug: Re-signing necessary: Option -f +2008-07-15 00:34:09.261: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-15 00:34:09.261: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-15 00:34:09.261: debug: Signing zone "sub.example.net." +2008-07-15 00:34:09.261: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-15 00:34:10.245: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:34:10.245: debug: Signing completed after 1s. +2008-07-15 00:34:10.245: notice: "sub.example.net.": distribution triggered +2008-07-15 00:34:10.245: debug: Distribute zone "sub.example.net." +2008-07-15 00:34:10.245: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-15 00:34:10.251: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-15 00:34:10.252: debug: +2008-07-15 00:34:10.252: debug: parsing zone "example.net." in dir "./example.net." +2008-07-15 00:34:10.252: debug: Check RFC5011 status +2008-07-15 00:34:10.252: debug: ->ksk5011status returns 2 +2008-07-15 00:34:10.252: debug: Check ZSK status +2008-07-15 00:34:10.252: debug: Re-signing necessary: Option -f +2008-07-15 00:34:10.252: notice: "example.net.": re-signing triggered: Option -f +2008-07-15 00:34:10.252: debug: Writing key file "./example.net./dnskey.db" +2008-07-15 00:34:10.252: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-15 00:34:10.252: debug: Signing zone "example.net." +2008-07-15 00:34:10.252: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-15 00:34:10.369: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:34:10.369: debug: Signing completed after 0s. +2008-07-15 00:34:10.369: notice: "example.net.": distribution triggered +2008-07-15 00:34:10.369: debug: Distribute zone "example.net." +2008-07-15 00:34:10.369: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-15 00:34:10.375: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-15 00:34:10.375: debug: +2008-07-15 00:34:10.375: notice: end of run: 0 errors occured +2008-07-18 00:38:52.860: notice: ------------------------------------------------------------ +2008-07-18 00:38:52.860: notice: running ../../dnssec-signer -v -v +2008-07-18 00:38:52.862: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-18 00:38:52.862: debug: Check RFC5011 status +2008-07-18 00:38:52.862: debug: ->ksk5011status returns 0 +2008-07-18 00:38:52.862: debug: Check KSK status +2008-07-18 00:38:52.862: debug: Check ZSK status +2008-07-18 00:38:52.862: debug: Lifetime(259200 +/-150 sec) of active key 9198 exceeded (260267 sec) +2008-07-18 00:38:52.862: debug: ->depreciate it +2008-07-18 00:38:52.862: debug: ->activate published key 8397 +2008-07-18 00:38:52.862: notice: "sub.example.net.": lifetime of zone signing key 9198 exceeded: ZSK rollover done +2008-07-18 00:38:52.862: debug: New published key needed +2008-07-18 00:38:53.418: debug: ->creating new published key 31081 +2008-07-18 00:38:53.418: info: "sub.example.net.": new key 31081 generated for publishing +2008-07-18 00:38:53.418: debug: Re-signing necessary: New zone key +2008-07-18 00:38:53.418: notice: "sub.example.net.": re-signing triggered: New zone key +2008-07-18 00:38:53.418: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-18 00:38:53.419: debug: Signing zone "sub.example.net." +2008-07-18 00:38:53.419: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-18 00:38:53.556: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-18 00:38:53.556: debug: Signing completed after 0s. +2008-07-18 00:38:53.556: debug: +2008-07-18 00:38:53.556: debug: parsing zone "example.net." in dir "./example.net." +2008-07-18 00:38:53.557: debug: Check RFC5011 status +2008-07-18 00:38:53.557: debug: ->ksk5011status returns 2 +2008-07-18 00:38:53.557: debug: Check ZSK status +2008-07-18 00:38:53.557: debug: Re-signing necessary: re-signing interval (2d) reached +2008-07-18 00:38:53.557: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached +2008-07-18 00:38:53.557: debug: Writing key file "./example.net./dnskey.db" +2008-07-18 00:38:53.558: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-18 00:38:53.558: debug: Signing zone "example.net." +2008-07-18 00:38:53.559: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-18 00:38:53.715: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-18 00:38:53.715: debug: Signing completed after 0s. +2008-07-18 00:38:53.715: debug: +2008-07-18 00:38:53.716: notice: end of run: 0 errors occured +2008-07-18 00:39:29.824: notice: ------------------------------------------------------------ +2008-07-18 00:39:29.824: notice: running ../../dnssec-signer -r -v -v +2008-07-18 00:39:29.827: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-18 00:39:29.827: debug: Check RFC5011 status +2008-07-18 00:39:29.827: debug: ->ksk5011status returns 0 +2008-07-18 00:39:29.827: debug: Check KSK status +2008-07-18 00:39:29.827: debug: Check ZSK status +2008-07-18 00:39:29.827: debug: Re-signing not necessary! +2008-07-18 00:39:29.827: debug: Check if there is a parent file to copy +2008-07-18 00:39:29.827: debug: +2008-07-18 00:39:29.827: debug: parsing zone "example.net." in dir "./example.net." +2008-07-18 00:39:29.827: debug: Check RFC5011 status +2008-07-18 00:39:29.827: debug: ->ksk5011status returns 2 +2008-07-18 00:39:29.827: debug: Check ZSK status +2008-07-18 00:39:29.827: debug: Re-signing not necessary! +2008-07-18 00:39:29.827: debug: Check if there is a parent file to copy +2008-07-18 00:39:29.827: debug: +2008-07-18 00:39:29.828: notice: end of run: 0 errors occured +2008-07-18 00:39:36.641: notice: ------------------------------------------------------------ +2008-07-18 00:39:36.641: notice: running ../../dnssec-signer -r -f -v -v +2008-07-18 00:39:36.644: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-18 00:39:36.644: debug: Check RFC5011 status +2008-07-18 00:39:36.644: debug: ->ksk5011status returns 0 +2008-07-18 00:39:36.644: debug: Check KSK status +2008-07-18 00:39:36.644: debug: Check ZSK status +2008-07-18 00:39:36.644: debug: Re-signing necessary: Option -f +2008-07-18 00:39:36.644: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-18 00:39:36.644: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-18 00:39:36.644: debug: Signing zone "sub.example.net." +2008-07-18 00:39:36.644: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-18 00:39:37.144: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-18 00:39:37.144: debug: Signing completed after 1s. +2008-07-18 00:39:37.144: notice: "sub.example.net.": distribution triggered +2008-07-18 00:39:37.144: debug: Distribute zone "sub.example.net." +2008-07-18 00:39:37.144: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-18 00:39:37.151: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-18 00:39:37.151: debug: +2008-07-18 00:39:37.151: debug: parsing zone "example.net." in dir "./example.net." +2008-07-18 00:39:37.151: debug: Check RFC5011 status +2008-07-18 00:39:37.151: debug: ->ksk5011status returns 2 +2008-07-18 00:39:37.151: debug: Check ZSK status +2008-07-18 00:39:37.151: debug: Re-signing necessary: Option -f +2008-07-18 00:39:37.151: notice: "example.net.": re-signing triggered: Option -f +2008-07-18 00:39:37.151: debug: Writing key file "./example.net./dnskey.db" +2008-07-18 00:39:37.152: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-18 00:39:37.152: debug: Signing zone "example.net." +2008-07-18 00:39:37.152: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-18 00:39:37.313: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-18 00:39:37.313: debug: Signing completed after 0s. +2008-07-18 00:39:37.313: notice: "example.net.": distribution triggered +2008-07-18 00:39:37.313: debug: Distribute zone "example.net." +2008-07-18 00:39:37.313: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-18 00:39:37.319: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-18 00:39:37.319: debug: +2008-07-18 00:39:37.319: notice: end of run: 0 errors occured +2008-07-18 00:42:39.912: notice: ------------------------------------------------------------ +2008-07-18 00:42:39.912: notice: running ../../dnssec-signer -v -v +2008-07-18 00:42:39.914: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-18 00:42:39.914: debug: Check RFC5011 status +2008-07-18 00:42:39.914: debug: ->ksk5011status returns 0 +2008-07-18 00:42:39.914: debug: Check KSK status +2008-07-18 00:42:39.914: debug: Check ZSK status +2008-07-18 00:42:39.914: debug: Re-signing not necessary! +2008-07-18 00:42:39.914: debug: Check if there is a parent file to copy +2008-07-18 00:42:39.914: debug: +2008-07-18 00:42:39.914: debug: parsing zone "example.net." in dir "./example.net." +2008-07-18 00:42:39.914: debug: Check RFC5011 status +2008-07-18 00:42:39.914: debug: ->ksk5011status returns 2 +2008-07-18 00:42:39.914: debug: Check ZSK status +2008-07-18 00:42:39.914: debug: Re-signing not necessary! +2008-07-18 00:42:39.914: debug: Check if there is a parent file to copy +2008-07-18 00:42:39.914: debug: +2008-07-18 00:42:39.914: notice: end of run: 0 errors occured +2008-07-22 00:10:38.346: notice: ------------------------------------------------------------ +2008-07-22 00:10:38.346: notice: running ../../dnssec-signer -v -v +2008-07-22 00:10:38.349: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:10:38.349: debug: Check RFC5011 status +2008-07-22 00:10:38.349: debug: ->ksk5011status returns 0 +2008-07-22 00:10:38.349: debug: Check KSK status +2008-07-22 00:10:38.349: debug: Check ZSK status +2008-07-22 00:10:38.349: debug: Lifetime(390 sec) of depreciated key 9198 exceeded (343906 sec) +2008-07-22 00:10:38.349: info: "sub.example.net.": removed old ZSK 9198 + +2008-07-22 00:10:38.349: debug: ->remove it +2008-07-22 00:10:38.349: debug: Lifetime(259200 +/-150 sec) of active key 8397 exceeded (343906 sec) +2008-07-22 00:10:38.349: debug: ->depreciate it +2008-07-22 00:10:38.349: debug: ->activate published key 31081 +2008-07-22 00:10:38.349: notice: "sub.example.net.": lifetime of zone signing key 8397 exceeded: ZSK rollover done +2008-07-22 00:10:38.349: debug: New published key needed +2008-07-22 00:10:38.870: debug: ->creating new published key 3615 +2008-07-22 00:10:38.870: info: "sub.example.net.": new key 3615 generated for publishing +2008-07-22 00:10:38.870: debug: Re-signing necessary: New zone key +2008-07-22 00:10:38.870: notice: "sub.example.net.": re-signing triggered: New zone key +2008-07-22 00:10:38.870: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:10:38.871: debug: Signing zone "sub.example.net." +2008-07-22 00:10:38.871: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:10:39.208: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:10:39.208: debug: Signing completed after 1s. +2008-07-22 00:10:39.208: debug: +2008-07-22 00:10:39.208: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:10:39.208: debug: Check RFC5011 status +2008-07-22 00:10:39.208: debug: ->ksk5011status returns 2 +2008-07-22 00:10:39.208: debug: Check ZSK status +2008-07-22 00:10:39.208: debug: New published key needed +2008-07-22 00:10:39.255: debug: ->creating new published key 41300 +2008-07-22 00:10:39.255: info: "example.net.": new key 41300 generated for publishing +2008-07-22 00:10:39.255: debug: Re-signing necessary: New zone key +2008-07-22 00:10:39.255: notice: "example.net.": re-signing triggered: New zone key +2008-07-22 00:10:39.255: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:10:39.256: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:10:39.256: debug: Signing zone "example.net." +2008-07-22 00:10:39.256: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:10:39.414: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:10:39.414: debug: Signing completed after 0s. +2008-07-22 00:10:39.414: debug: +2008-07-22 00:10:39.414: notice: end of run: 0 errors occured +2008-07-22 00:16:04.680: notice: ------------------------------------------------------------ +2008-07-22 00:16:04.680: notice: running ../../dnssec-signer -v -v +2008-07-22 00:16:04.682: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:16:04.682: debug: Check RFC5011 status +2008-07-22 00:16:04.682: debug: ->ksk5011status returns 0 +2008-07-22 00:16:04.683: debug: Check KSK status +2008-07-22 00:16:04.683: debug: Check ZSK status +2008-07-22 00:16:04.683: debug: Re-signing not necessary! +2008-07-22 00:16:04.683: debug: Check if there is a parent file to copy +2008-07-22 00:16:04.683: debug: +2008-07-22 00:16:04.683: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:16:04.683: debug: Check RFC5011 status +2008-07-22 00:16:04.683: debug: ->ksk5011status returns 2 +2008-07-22 00:16:04.684: debug: Check ZSK status +2008-07-22 00:16:04.684: debug: Re-signing not necessary! +2008-07-22 00:16:04.684: debug: Check if there is a parent file to copy +2008-07-22 00:16:04.684: debug: +2008-07-22 00:16:04.684: notice: end of run: 0 errors occured +2008-07-22 00:16:09.309: notice: ------------------------------------------------------------ +2008-07-22 00:16:09.309: notice: running ../../dnssec-signer -r -v -v +2008-07-22 00:16:09.311: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:16:09.311: debug: Check RFC5011 status +2008-07-22 00:16:09.311: debug: ->ksk5011status returns 0 +2008-07-22 00:16:09.312: debug: Check KSK status +2008-07-22 00:16:09.312: debug: Check ZSK status +2008-07-22 00:16:09.312: debug: Re-signing not necessary! +2008-07-22 00:16:09.312: debug: Check if there is a parent file to copy +2008-07-22 00:16:09.312: debug: +2008-07-22 00:16:09.312: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:16:09.312: debug: Check RFC5011 status +2008-07-22 00:16:09.312: debug: ->ksk5011status returns 2 +2008-07-22 00:16:09.313: debug: Check ZSK status +2008-07-22 00:16:09.313: debug: Re-signing not necessary! +2008-07-22 00:16:09.313: debug: Check if there is a parent file to copy +2008-07-22 00:16:09.313: debug: +2008-07-22 00:16:09.313: notice: end of run: 0 errors occured +2008-07-22 00:16:13.285: notice: ------------------------------------------------------------ +2008-07-22 00:16:13.285: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 00:16:13.287: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:16:13.287: debug: Check RFC5011 status +2008-07-22 00:16:13.287: debug: ->ksk5011status returns 0 +2008-07-22 00:16:13.287: debug: Check KSK status +2008-07-22 00:16:13.287: debug: Check ZSK status +2008-07-22 00:16:13.287: debug: Re-signing necessary: Option -f +2008-07-22 00:16:13.287: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 00:16:13.287: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:16:13.287: debug: Signing zone "sub.example.net." +2008-07-22 00:16:13.287: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:16:13.822: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:16:13.822: debug: Signing completed after 0s. +2008-07-22 00:16:13.822: notice: "sub.example.net.": distribution triggered +2008-07-22 00:16:13.822: debug: Distribute zone "sub.example.net." +2008-07-22 00:16:13.822: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-22 00:16:13.828: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-22 00:16:13.828: debug: +2008-07-22 00:16:13.829: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:16:13.829: debug: Check RFC5011 status +2008-07-22 00:16:13.829: debug: ->ksk5011status returns 2 +2008-07-22 00:16:13.829: debug: Check ZSK status +2008-07-22 00:16:13.829: debug: Re-signing necessary: Option -f +2008-07-22 00:16:13.829: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 00:16:13.829: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:16:13.830: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:16:13.830: debug: Signing zone "example.net." +2008-07-22 00:16:13.830: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:16:13.976: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:16:13.976: debug: Signing completed after 0s. +2008-07-22 00:16:13.977: notice: "example.net.": distribution triggered +2008-07-22 00:16:13.977: debug: Distribute zone "example.net." +2008-07-22 00:16:13.977: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-22 00:16:13.983: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-22 00:16:13.983: debug: +2008-07-22 00:16:13.983: notice: end of run: 0 errors occured +2008-07-22 00:20:56.119: notice: ------------------------------------------------------------ +2008-07-22 00:20:56.119: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 00:20:56.121: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:20:56.121: debug: Check RFC5011 status +2008-07-22 00:20:56.121: debug: ->ksk5011status returns 0 +2008-07-22 00:20:56.121: debug: Check KSK status +2008-07-22 00:20:56.121: debug: Check ZSK status +2008-07-22 00:20:56.121: debug: Lifetime(390 sec) of depreciated key 8397 exceeded (618 sec) +2008-07-22 00:20:56.121: info: "sub.example.net.": removed old ZSK 8397 + +2008-07-22 00:20:56.122: debug: ->remove it +2008-07-22 00:20:56.122: debug: Re-signing necessary: Option -f +2008-07-22 00:20:56.122: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 00:20:56.122: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:20:56.122: debug: Signing zone "sub.example.net." +2008-07-22 00:20:56.122: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:20:56.627: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:20:56.627: debug: Signing completed after 0s. +2008-07-22 00:20:56.627: notice: "sub.example.net.": distribution triggered +2008-07-22 00:20:56.627: debug: Distribute zone "sub.example.net." +2008-07-22 00:20:56.627: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-22 00:20:56.634: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-22 00:20:56.635: debug: +2008-07-22 00:20:56.635: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:20:56.635: debug: Check RFC5011 status +2008-07-22 00:20:56.635: debug: ->ksk5011status returns 2 +2008-07-22 00:20:56.635: debug: Check ZSK status +2008-07-22 00:20:56.635: debug: Re-signing necessary: Option -f +2008-07-22 00:20:56.635: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 00:20:56.635: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:20:56.636: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:20:56.636: debug: Signing zone "example.net." +2008-07-22 00:20:56.637: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:20:56.760: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:20:56.760: debug: Signing completed after 0s. +2008-07-22 00:20:56.760: notice: "example.net.": distribution triggered +2008-07-22 00:20:56.760: debug: Distribute zone "example.net." +2008-07-22 00:20:56.760: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-22 00:20:56.768: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-22 00:20:56.769: debug: +2008-07-22 00:20:56.769: notice: end of run: 0 errors occured +2008-07-22 00:23:51.528: notice: ------------------------------------------------------------ +2008-07-22 00:23:51.528: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 00:23:51.530: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:23:51.530: debug: Check RFC5011 status +2008-07-22 00:23:51.530: debug: ->ksk5011status returns 0 +2008-07-22 00:23:51.531: debug: Check KSK status +2008-07-22 00:23:51.531: debug: Check ZSK status +2008-07-22 00:23:51.531: debug: Re-signing necessary: Option -f +2008-07-22 00:23:51.531: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 00:23:51.531: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:23:51.531: debug: Signing zone "sub.example.net." +2008-07-22 00:23:51.532: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:23:52.042: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:23:52.042: debug: Signing completed after 1s. +2008-07-22 00:23:52.042: notice: "sub.example.net.": distribution triggered +2008-07-22 00:23:52.042: debug: Distribute zone "sub.example.net." +2008-07-22 00:23:52.043: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-22 00:23:52.049: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-22 00:23:52.049: debug: +2008-07-22 00:23:52.049: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:23:52.049: debug: Check RFC5011 status +2008-07-22 00:23:52.049: debug: ->ksk5011status returns 2 +2008-07-22 00:23:52.049: debug: Check ZSK status +2008-07-22 00:23:52.049: debug: Re-signing necessary: Option -f +2008-07-22 00:23:52.049: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 00:23:52.049: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:23:52.050: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:23:52.050: debug: Signing zone "example.net." +2008-07-22 00:23:52.050: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:23:52.176: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:23:52.176: debug: Signing completed after 0s. +2008-07-22 00:23:52.176: notice: "example.net.": distribution triggered +2008-07-22 00:23:52.176: debug: Distribute zone "example.net." +2008-07-22 00:23:52.176: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-22 00:23:52.185: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-22 00:23:52.185: debug: +2008-07-22 00:23:52.185: notice: end of run: 0 errors occured +2008-07-22 00:24:09.609: notice: ------------------------------------------------------------ +2008-07-22 00:24:09.609: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 00:24:09.614: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:24:09.614: debug: Check RFC5011 status +2008-07-22 00:24:09.614: debug: ->ksk5011status returns 0 +2008-07-22 00:24:09.614: debug: Check KSK status +2008-07-22 00:24:09.614: debug: Check ZSK status +2008-07-22 00:24:09.614: debug: Re-signing necessary: Option -f +2008-07-22 00:24:09.614: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 00:24:09.614: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:24:09.614: debug: Signing zone "sub.example.net." +2008-07-22 00:24:09.614: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:24:10.692: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:24:10.692: debug: Signing completed after 1s. +2008-07-22 00:24:10.692: notice: "sub.example.net.": distribution triggered +2008-07-22 00:24:10.692: debug: Distribute zone "sub.example.net." +2008-07-22 00:24:10.692: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-22 00:24:10.698: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-22 00:24:10.698: debug: +2008-07-22 00:24:10.698: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:24:10.698: debug: Check RFC5011 status +2008-07-22 00:24:10.698: debug: ->ksk5011status returns 2 +2008-07-22 00:24:10.698: debug: Check ZSK status +2008-07-22 00:24:10.698: debug: Re-signing necessary: Option -f +2008-07-22 00:24:10.698: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 00:24:10.698: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:24:10.699: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:24:10.699: debug: Signing zone "example.net." +2008-07-22 00:24:10.699: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:24:10.883: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:24:10.883: debug: Signing completed after 0s. +2008-07-22 00:24:10.883: notice: "example.net.": distribution triggered +2008-07-22 00:24:10.883: debug: Distribute zone "example.net." +2008-07-22 00:24:10.883: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-22 00:24:10.889: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-22 00:24:10.889: debug: +2008-07-22 00:24:10.889: notice: end of run: 0 errors occured +2008-07-22 00:28:44.300: notice: ------------------------------------------------------------ +2008-07-22 00:28:44.300: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 00:28:44.302: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:28:44.302: debug: Check RFC5011 status +2008-07-22 00:28:44.302: debug: ->ksk5011status returns 0 +2008-07-22 00:28:44.302: debug: Check KSK status +2008-07-22 00:28:44.302: debug: Check ZSK status +2008-07-22 00:28:44.302: debug: Re-signing necessary: Option -f +2008-07-22 00:28:44.302: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 00:28:44.302: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:28:44.306: debug: Signing zone "sub.example.net." +2008-07-22 00:28:44.306: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:28:44.898: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:28:44.898: debug: Signing completed after 0s. +2008-07-22 00:28:44.898: notice: "sub.example.net.": distribution triggered +2008-07-22 00:28:44.899: debug: Distribute zone "sub.example.net." +2008-07-22 00:28:44.899: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-22 00:28:44.904: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-22 00:28:44.905: debug: +2008-07-22 00:28:44.905: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:28:44.905: debug: Check RFC5011 status +2008-07-22 00:28:44.905: debug: ->ksk5011status returns 2 +2008-07-22 00:28:44.905: debug: Check ZSK status +2008-07-22 00:28:44.905: debug: Re-signing necessary: Option -f +2008-07-22 00:28:44.905: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 00:28:44.905: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:28:44.906: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:28:44.906: debug: Signing zone "example.net." +2008-07-22 00:28:44.907: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:28:45.039: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:28:45.039: debug: Signing completed after 1s. +2008-07-22 00:28:45.039: notice: "example.net.": distribution triggered +2008-07-22 00:28:45.039: debug: Distribute zone "example.net." +2008-07-22 00:28:45.040: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-22 00:28:45.046: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-22 00:28:45.046: debug: +2008-07-22 00:28:45.046: notice: end of run: 0 errors occured +2008-07-22 00:39:15.968: notice: ------------------------------------------------------------ +2008-07-22 00:39:15.968: notice: running ../../dnssec-signer -r -v -v +2008-07-22 00:39:16.005: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:39:16.006: debug: Check RFC5011 status +2008-07-22 00:39:16.006: debug: ->ksk5011status returns 0 +2008-07-22 00:39:16.006: debug: Check KSK status +2008-07-22 00:39:16.006: debug: Check ZSK status +2008-07-22 00:39:16.006: debug: Re-signing not necessary! +2008-07-22 00:39:16.006: debug: Check if there is a parent file to copy +2008-07-22 00:39:16.006: debug: +2008-07-22 00:39:16.006: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:39:16.006: debug: Check RFC5011 status +2008-07-22 00:39:16.006: debug: ->ksk5011status returns 2 +2008-07-22 00:39:16.007: debug: Check ZSK status +2008-07-22 00:39:16.007: debug: Re-signing not necessary! +2008-07-22 00:39:16.007: debug: Check if there is a parent file to copy +2008-07-22 00:39:16.007: debug: +2008-07-22 00:39:16.007: notice: end of run: 0 errors occured +2008-07-22 00:39:31.578: notice: ------------------------------------------------------------ +2008-07-22 00:39:31.578: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 00:39:31.580: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:39:31.580: debug: Check RFC5011 status +2008-07-22 00:39:31.580: debug: ->ksk5011status returns 0 +2008-07-22 00:39:31.580: debug: Check KSK status +2008-07-22 00:39:31.581: debug: Check ZSK status +2008-07-22 00:39:31.581: debug: Re-signing necessary: Option -f +2008-07-22 00:39:31.581: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 00:39:31.581: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:39:31.581: debug: Signing zone "sub.example.net." +2008-07-22 00:39:31.582: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:39:32.216: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:39:32.216: debug: Signing completed after 1s. +2008-07-22 00:39:32.216: notice: "sub.example.net.": distribution triggered +2008-07-22 00:39:32.216: debug: Distribute zone "sub.example.net." +2008-07-22 00:39:32.217: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-22 00:39:32.223: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-22 00:39:32.223: debug: +2008-07-22 00:39:32.223: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:39:32.223: debug: Check RFC5011 status +2008-07-22 00:39:32.223: debug: ->ksk5011status returns 2 +2008-07-22 00:39:32.223: debug: Check ZSK status +2008-07-22 00:39:32.223: debug: Re-signing necessary: Option -f +2008-07-22 00:39:32.223: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 00:39:32.223: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:39:32.224: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:39:32.224: debug: Signing zone "example.net." +2008-07-22 00:39:32.225: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:39:32.360: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:39:32.361: debug: Signing completed after 0s. +2008-07-22 00:39:32.361: notice: "example.net.": distribution triggered +2008-07-22 00:39:32.361: debug: Distribute zone "example.net." +2008-07-22 00:39:32.361: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-22 00:39:32.367: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-22 00:39:32.367: debug: +2008-07-22 00:39:32.367: notice: end of run: 0 errors occured +2008-07-22 00:41:53.710: notice: ------------------------------------------------------------ +2008-07-22 00:41:53.710: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 00:41:53.712: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:41:53.712: debug: Check RFC5011 status +2008-07-22 00:41:53.712: debug: ->ksk5011status returns 0 +2008-07-22 00:41:53.712: debug: Check KSK status +2008-07-22 00:41:53.712: debug: Check ZSK status +2008-07-22 00:41:53.712: debug: Re-signing necessary: Option -f +2008-07-22 00:41:53.712: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 00:41:53.712: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:41:53.712: debug: Signing zone "sub.example.net." +2008-07-22 00:41:53.713: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:41:53.866: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:41:53.866: debug: Signing completed after 0s. +2008-07-22 00:41:53.866: notice: "sub.example.net.": distribution triggered +2008-07-22 00:41:53.866: debug: Distribute zone "sub.example.net." +2008-07-22 00:41:53.867: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-22 00:41:53.873: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-22 00:41:53.873: debug: +2008-07-22 00:41:53.873: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:41:53.873: debug: Check RFC5011 status +2008-07-22 00:41:53.873: debug: ->ksk5011status returns 2 +2008-07-22 00:41:53.873: debug: Check ZSK status +2008-07-22 00:41:53.873: debug: Re-signing necessary: Option -f +2008-07-22 00:41:53.873: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 00:41:53.873: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:41:53.873: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:41:53.873: debug: Signing zone "example.net." +2008-07-22 00:41:53.873: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:41:53.989: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:41:53.989: debug: Signing completed after 0s. +2008-07-22 00:41:53.989: notice: "example.net.": distribution triggered +2008-07-22 00:41:53.989: debug: Distribute zone "example.net." +2008-07-22 00:41:53.989: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-22 00:41:53.995: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-22 00:41:53.995: debug: +2008-07-22 00:41:53.995: notice: end of run: 0 errors occured +2008-07-22 00:45:46.509: notice: ------------------------------------------------------------ +2008-07-22 00:45:46.509: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 00:45:46.511: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:45:46.512: debug: Check RFC5011 status +2008-07-22 00:45:46.512: debug: ->ksk5011status returns 0 +2008-07-22 00:45:46.512: debug: Check KSK status +2008-07-22 00:45:46.512: debug: Check ZSK status +2008-07-22 00:45:46.512: debug: Re-signing necessary: Option -f +2008-07-22 00:45:46.512: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 00:45:46.512: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:45:46.513: debug: Signing zone "sub.example.net." +2008-07-22 00:45:46.513: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:45:46.734: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:45:46.734: debug: Signing completed after 0s. +2008-07-22 00:45:46.734: notice: "sub.example.net.": distribution triggered +2008-07-22 00:45:46.734: debug: Distribute zone "sub.example.net." +2008-07-22 00:45:46.734: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-22 00:45:46.740: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-22 00:45:46.740: debug: +2008-07-22 00:45:46.740: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:45:46.740: debug: Check RFC5011 status +2008-07-22 00:45:46.741: debug: ->ksk5011status returns 2 +2008-07-22 00:45:46.741: debug: Check ZSK status +2008-07-22 00:45:46.741: debug: Re-signing necessary: Option -f +2008-07-22 00:45:46.741: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 00:45:46.741: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:45:46.742: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:45:46.742: debug: Signing zone "example.net." +2008-07-22 00:45:46.742: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:45:47.013: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:45:47.013: debug: Signing completed after 1s. +2008-07-22 00:45:47.013: notice: "example.net.": distribution triggered +2008-07-22 00:45:47.013: debug: Distribute zone "example.net." +2008-07-22 00:45:47.013: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-22 00:45:47.019: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-22 00:45:47.019: debug: +2008-07-22 00:45:47.019: notice: end of run: 0 errors occured +2008-07-22 00:48:02.761: notice: ------------------------------------------------------------ +2008-07-22 00:48:02.761: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 00:48:02.763: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:48:02.763: debug: Check RFC5011 status +2008-07-22 00:48:02.763: debug: ->ksk5011status returns 0 +2008-07-22 00:48:02.763: debug: Check KSK status +2008-07-22 00:48:02.763: debug: Check ZSK status +2008-07-22 00:48:02.763: debug: Re-signing necessary: Option -f +2008-07-22 00:48:02.763: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 00:48:02.763: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:48:02.763: debug: Signing zone "sub.example.net." +2008-07-22 00:48:02.763: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:48:02.907: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:48:02.907: debug: Signing completed after 0s. +2008-07-22 00:48:02.907: notice: "sub.example.net.": distribution triggered +2008-07-22 00:48:02.907: debug: Distribute zone "sub.example.net." +2008-07-22 00:48:02.907: debug: +2008-07-22 00:48:02.907: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:48:02.907: debug: Check RFC5011 status +2008-07-22 00:48:02.907: debug: ->ksk5011status returns 2 +2008-07-22 00:48:02.907: debug: Check ZSK status +2008-07-22 00:48:02.907: debug: Re-signing necessary: Option -f +2008-07-22 00:48:02.907: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 00:48:02.907: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:48:02.908: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:48:02.908: debug: Signing zone "example.net." +2008-07-22 00:48:02.908: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:48:03.029: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:48:03.029: debug: Signing completed after 1s. +2008-07-22 00:48:03.029: notice: "example.net.": distribution triggered +2008-07-22 00:48:03.029: debug: Distribute zone "example.net." +2008-07-22 00:48:03.029: debug: +2008-07-22 00:48:03.029: notice: end of run: 0 errors occured +2008-07-22 00:48:56.098: notice: ------------------------------------------------------------ +2008-07-22 00:48:56.098: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 00:48:56.100: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:48:56.101: debug: Check RFC5011 status +2008-07-22 00:48:56.101: debug: ->ksk5011status returns 0 +2008-07-22 00:48:56.101: debug: Check KSK status +2008-07-22 00:48:56.101: debug: Check ZSK status +2008-07-22 00:48:56.101: debug: Re-signing necessary: Option -f +2008-07-22 00:48:56.101: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 00:48:56.101: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:48:56.102: debug: Signing zone "sub.example.net." +2008-07-22 00:48:56.102: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:48:56.244: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:48:56.244: debug: Signing completed after 0s. +2008-07-22 00:48:56.244: notice: "sub.example.net.": distribution triggered +2008-07-22 00:48:56.244: debug: Distribute zone "sub.example.net." +2008-07-22 00:48:56.245: debug: +2008-07-22 00:48:56.245: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:48:56.245: debug: Check RFC5011 status +2008-07-22 00:48:56.245: debug: ->ksk5011status returns 2 +2008-07-22 00:48:56.245: debug: Check ZSK status +2008-07-22 00:48:56.245: debug: Re-signing necessary: Option -f +2008-07-22 00:48:56.245: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 00:48:56.246: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:48:56.246: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:48:56.246: debug: Signing zone "example.net." +2008-07-22 00:48:56.247: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:48:56.367: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:48:56.367: debug: Signing completed after 0s. +2008-07-22 00:48:56.367: notice: "example.net.": distribution triggered +2008-07-22 00:48:56.367: debug: Distribute zone "example.net." +2008-07-22 00:48:56.367: debug: +2008-07-22 00:48:56.367: notice: end of run: 0 errors occured +2008-07-22 08:07:30.993: notice: ------------------------------------------------------------ +2008-07-22 08:07:30.993: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 08:07:30.995: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 08:07:30.995: debug: Check RFC5011 status +2008-07-22 08:07:30.995: debug: ->ksk5011status returns 0 +2008-07-22 08:07:30.995: debug: Check KSK status +2008-07-22 08:07:30.995: debug: Check ZSK status +2008-07-22 08:07:30.995: debug: Re-signing necessary: Option -f +2008-07-22 08:07:30.996: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 08:07:30.996: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 08:07:30.996: debug: Signing zone "sub.example.net." +2008-07-22 08:07:30.996: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 08:07:31.454: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 08:07:31.454: debug: Signing completed after 1s. +2008-07-22 08:07:31.454: notice: "sub.example.net.": distribution triggered +2008-07-22 08:07:31.454: debug: Distribute zone "sub.example.net." +2008-07-22 08:07:31.454: debug: +2008-07-22 08:07:31.454: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 08:07:31.454: debug: Check RFC5011 status +2008-07-22 08:07:31.454: debug: ->ksk5011status returns 2 +2008-07-22 08:07:31.454: debug: Check ZSK status +2008-07-22 08:07:31.454: debug: Re-signing necessary: Option -f +2008-07-22 08:07:31.454: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 08:07:31.454: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 08:07:31.454: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 08:07:31.454: debug: Signing zone "example.net." +2008-07-22 08:07:31.455: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 08:07:31.588: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 08:07:31.589: debug: Signing completed after 0s. +2008-07-22 08:07:31.589: notice: "example.net.": distribution triggered +2008-07-22 08:07:31.589: debug: Distribute zone "example.net." +2008-07-22 08:07:31.589: debug: +2008-07-22 08:07:31.589: notice: end of run: 0 errors occured +2008-07-22 08:08:09.237: notice: ------------------------------------------------------------ +2008-07-22 08:08:09.237: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 08:08:09.239: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 08:08:09.239: debug: Check RFC5011 status +2008-07-22 08:08:09.239: debug: ->ksk5011status returns 0 +2008-07-22 08:08:09.239: debug: Check KSK status +2008-07-22 08:08:09.239: debug: Check ZSK status +2008-07-22 08:08:09.239: debug: Re-signing necessary: Option -f +2008-07-22 08:08:09.239: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 08:08:09.239: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 08:08:09.240: debug: Signing zone "sub.example.net." +2008-07-22 08:08:09.240: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 08:08:09.506: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 08:08:09.507: debug: Signing completed after 0s. +2008-07-22 08:08:09.507: notice: "sub.example.net.": distribution triggered +2008-07-22 08:08:09.507: debug: Distribute zone "sub.example.net." +2008-07-22 08:10:10.328: notice: ------------------------------------------------------------ +2008-07-22 08:10:10.328: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 08:10:10.330: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 08:10:10.330: debug: Check RFC5011 status +2008-07-22 08:10:10.330: debug: ->ksk5011status returns 0 +2008-07-22 08:10:10.330: debug: Check KSK status +2008-07-22 08:10:10.330: debug: Check ZSK status +2008-07-22 08:10:10.330: debug: Re-signing necessary: Option -f +2008-07-22 08:10:10.330: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 08:10:10.330: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 08:10:10.331: debug: Signing zone "sub.example.net." +2008-07-22 08:10:10.331: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 08:10:10.950: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 08:10:10.950: debug: Signing completed after 0s. +2008-07-22 08:10:10.950: notice: "sub.example.net.": distribution triggered +2008-07-22 08:10:10.950: debug: Distribute zone "sub.example.net." +2008-07-22 08:11:17.247: notice: ------------------------------------------------------------ +2008-07-22 08:11:17.247: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 08:11:17.249: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 08:11:17.250: debug: Check RFC5011 status +2008-07-22 08:11:17.250: debug: ->ksk5011status returns 0 +2008-07-22 08:11:17.250: debug: Check KSK status +2008-07-22 08:11:17.250: debug: Check ZSK status +2008-07-22 08:11:17.250: debug: Re-signing necessary: Option -f +2008-07-22 08:11:17.250: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 08:11:17.250: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 08:11:17.251: debug: Signing zone "sub.example.net." +2008-07-22 08:11:17.251: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 08:11:17.883: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 08:11:17.883: debug: Signing completed after 0s. +2008-07-22 08:11:17.883: notice: "sub.example.net.": distribution triggered +2008-07-22 08:11:17.883: debug: Distribute zone "sub.example.net." +2008-07-22 08:11:17.883: debug: +2008-07-22 08:11:17.883: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 08:11:17.884: debug: Check RFC5011 status +2008-07-22 08:11:17.884: debug: ->ksk5011status returns 2 +2008-07-22 08:11:17.884: debug: Check ZSK status +2008-07-22 08:11:17.884: debug: Re-signing necessary: Option -f +2008-07-22 08:11:17.884: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 08:11:17.884: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 08:11:17.884: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 08:11:17.884: debug: Signing zone "example.net." +2008-07-22 08:11:17.884: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 08:11:18.005: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 08:11:18.005: debug: Signing completed after 1s. +2008-07-22 08:11:18.006: notice: "example.net.": distribution triggered +2008-07-22 08:11:18.006: debug: Distribute zone "example.net." +2008-07-22 08:11:18.006: debug: +2008-07-22 08:11:18.006: notice: end of run: 0 errors occured +2008-07-24 00:13:56.493: notice: ------------------------------------------------------------ +2008-07-24 00:13:56.493: notice: running ../../dnssec-signer -v -v +2008-07-24 00:13:56.495: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 00:13:56.495: debug: Check RFC5011 status +2008-07-24 00:13:56.495: debug: ->ksk5011status returns 0 +2008-07-24 00:13:56.495: debug: Check KSK status +2008-07-24 00:13:56.495: debug: Check ZSK status +2008-07-24 00:13:56.495: debug: Re-signing necessary: re-signing interval (1d) reached +2008-07-24 00:13:56.495: notice: "sub.example.net.": re-signing triggered: re-signing interval (1d) reached +2008-07-24 00:13:56.495: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 00:13:56.495: debug: Signing zone "sub.example.net." +2008-07-24 00:13:56.495: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 00:13:57.439: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:13:57.439: debug: Signing completed after 1s. +2008-07-24 00:13:57.439: debug: +2008-07-24 00:13:57.439: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 00:13:57.439: debug: Check RFC5011 status +2008-07-24 00:13:57.439: debug: ->ksk5011status returns 2 +2008-07-24 00:13:57.439: debug: Check ZSK status +2008-07-24 00:13:57.440: debug: Lifetime(1209600 +/-150 sec) of active key 16682 exceeded (1309537 sec) +2008-07-24 00:13:57.440: debug: ->depreciate it +2008-07-24 00:13:57.440: debug: ->activate published key 41300 +2008-07-24 00:13:57.440: notice: "example.net.": lifetime of zone signing key 16682 exceeded: ZSK rollover done +2008-07-24 00:13:57.440: debug: Re-signing necessary: New zone key +2008-07-24 00:13:57.440: notice: "example.net.": re-signing triggered: New zone key +2008-07-24 00:13:57.441: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 00:13:57.441: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 00:13:57.441: debug: Signing zone "example.net." +2008-07-24 00:13:57.442: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 00:13:57.562: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:13:57.562: debug: Signing completed after 0s. +2008-07-24 00:13:57.562: debug: +2008-07-24 00:13:57.562: notice: end of run: 0 errors occured +2008-07-24 00:14:08.862: notice: ------------------------------------------------------------ +2008-07-24 00:14:08.862: notice: running ../../dnssec-signer -r -v -v +2008-07-24 00:14:08.864: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 00:14:08.864: debug: Check RFC5011 status +2008-07-24 00:14:08.864: debug: ->ksk5011status returns 0 +2008-07-24 00:14:08.864: debug: Check KSK status +2008-07-24 00:14:08.864: debug: Check ZSK status +2008-07-24 00:14:08.864: debug: Re-signing not necessary! +2008-07-24 00:14:08.864: debug: Check if there is a parent file to copy +2008-07-24 00:14:08.864: debug: +2008-07-24 00:14:08.864: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 00:14:08.864: debug: Check RFC5011 status +2008-07-24 00:14:08.864: debug: ->ksk5011status returns 2 +2008-07-24 00:14:08.864: debug: Check ZSK status +2008-07-24 00:14:08.864: debug: Re-signing not necessary! +2008-07-24 00:14:08.864: debug: Check if there is a parent file to copy +2008-07-24 00:14:08.864: debug: +2008-07-24 00:14:08.864: notice: end of run: 0 errors occured +2008-07-24 00:14:12.963: notice: ------------------------------------------------------------ +2008-07-24 00:14:12.963: notice: running ../../dnssec-signer -r -f -v -v +2008-07-24 00:14:12.965: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 00:14:12.965: debug: Check RFC5011 status +2008-07-24 00:14:12.965: debug: ->ksk5011status returns 0 +2008-07-24 00:14:12.965: debug: Check KSK status +2008-07-24 00:14:12.965: debug: Check ZSK status +2008-07-24 00:14:12.965: debug: Re-signing necessary: Option -f +2008-07-24 00:14:12.965: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 00:14:12.966: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 00:14:12.966: debug: Signing zone "sub.example.net." +2008-07-24 00:14:12.966: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 00:14:13.488: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:14:13.488: debug: Signing completed after 1s. +2008-07-24 00:14:13.488: error: exec of distribution command Ìö÷¿ forbidden due to strange file mode settings +2008-07-24 00:14:13.488: debug: +2008-07-24 00:14:13.488: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 00:14:13.488: debug: Check RFC5011 status +2008-07-24 00:14:13.488: debug: ->ksk5011status returns 2 +2008-07-24 00:14:13.488: debug: Check ZSK status +2008-07-24 00:14:13.488: debug: Re-signing necessary: Option -f +2008-07-24 00:14:13.488: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 00:14:13.488: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 00:14:13.489: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 00:14:13.489: debug: Signing zone "example.net." +2008-07-24 00:14:13.489: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 00:14:13.601: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:14:13.601: debug: Signing completed after 0s. +2008-07-24 00:14:13.601: error: exec of distribution command Ìö÷¿ forbidden due to strange file mode settings +2008-07-24 00:14:13.602: debug: +2008-07-24 00:14:13.602: notice: end of run: 2 errors occured +2008-07-24 00:15:38.304: notice: ------------------------------------------------------------ +2008-07-24 00:15:38.304: notice: running ../../dnssec-signer -f -v -v +2008-07-24 00:15:38.306: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 00:15:38.306: debug: Check RFC5011 status +2008-07-24 00:15:38.307: debug: ->ksk5011status returns 0 +2008-07-24 00:15:38.307: debug: Check KSK status +2008-07-24 00:15:38.307: debug: Check ZSK status +2008-07-24 00:15:38.307: debug: Re-signing necessary: Option -f +2008-07-24 00:15:38.307: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 00:15:38.307: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 00:15:38.308: debug: Signing zone "sub.example.net." +2008-07-24 00:15:38.308: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 00:15:39.280: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:15:39.280: debug: Signing completed after 1s. +2008-07-24 00:15:39.281: debug: +2008-07-24 00:15:39.281: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 00:15:39.281: debug: Check RFC5011 status +2008-07-24 00:15:39.281: debug: ->ksk5011status returns 2 +2008-07-24 00:15:39.281: debug: Check ZSK status +2008-07-24 00:15:39.281: debug: Re-signing necessary: Option -f +2008-07-24 00:15:39.281: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 00:15:39.281: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 00:15:39.282: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 00:15:39.282: debug: Signing zone "example.net." +2008-07-24 00:15:39.282: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 00:15:39.402: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:15:39.402: debug: Signing completed after 0s. +2008-07-24 00:15:39.403: debug: +2008-07-24 00:15:39.403: notice: end of run: 0 errors occured +2008-07-24 00:18:59.568: notice: ------------------------------------------------------------ +2008-07-24 00:18:59.568: notice: running ../../dnssec-signer -r -f -v -v +2008-07-24 00:18:59.570: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 00:18:59.573: debug: Check RFC5011 status +2008-07-24 00:18:59.573: debug: ->ksk5011status returns 0 +2008-07-24 00:18:59.573: debug: Check KSK status +2008-07-24 00:18:59.573: debug: Check ZSK status +2008-07-24 00:18:59.573: debug: Re-signing necessary: Option -f +2008-07-24 00:18:59.573: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 00:18:59.573: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 00:18:59.573: debug: Signing zone "sub.example.net." +2008-07-24 00:18:59.573: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 00:19:00.167: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:19:00.167: debug: Signing completed after 1s. +2008-07-24 00:19:00.168: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings +2008-07-24 00:19:00.168: debug: +2008-07-24 00:19:00.168: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 00:19:00.168: debug: Check RFC5011 status +2008-07-24 00:19:00.168: debug: ->ksk5011status returns 2 +2008-07-24 00:19:00.168: debug: Check ZSK status +2008-07-24 00:19:00.168: debug: Re-signing necessary: Option -f +2008-07-24 00:19:00.168: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 00:19:00.168: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 00:19:00.169: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 00:19:00.169: debug: Signing zone "example.net." +2008-07-24 00:19:00.169: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 00:19:00.280: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:19:00.280: debug: Signing completed after 0s. +2008-07-24 00:19:00.280: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings +2008-07-24 00:19:00.280: debug: +2008-07-24 00:19:00.280: notice: end of run: 2 errors occured +2008-07-24 00:22:24.567: notice: ------------------------------------------------------------ +2008-07-24 00:22:24.567: notice: running ../../dnssec-signer -r -f -v -v +2008-07-24 00:22:24.569: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 00:22:24.569: debug: Check RFC5011 status +2008-07-24 00:22:24.569: debug: ->ksk5011status returns 0 +2008-07-24 00:22:24.569: debug: Check KSK status +2008-07-24 00:22:24.570: debug: Check ZSK status +2008-07-24 00:22:24.570: debug: Re-signing necessary: Option -f +2008-07-24 00:22:24.570: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 00:22:24.570: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 00:22:24.570: debug: Signing zone "sub.example.net." +2008-07-24 00:22:24.571: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 00:22:25.147: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:22:25.148: debug: Signing completed after 1s. +2008-07-24 00:22:25.148: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings +2008-07-24 00:22:25.148: debug: not running distribution command ./dist.sh because of strange file mode settings +2008-07-24 00:22:25.148: debug: +2008-07-24 00:22:25.148: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 00:22:25.148: debug: Check RFC5011 status +2008-07-24 00:22:25.148: debug: ->ksk5011status returns 2 +2008-07-24 00:22:25.148: debug: Check ZSK status +2008-07-24 00:22:25.149: debug: Re-signing necessary: Option -f +2008-07-24 00:22:25.149: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 00:22:25.149: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 00:22:25.150: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 00:22:25.150: debug: Signing zone "example.net." +2008-07-24 00:22:25.150: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 00:22:25.271: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:22:25.271: debug: Signing completed after 0s. +2008-07-24 00:22:25.271: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings +2008-07-24 00:22:25.271: debug: not running distribution command ./dist.sh because of strange file mode settings +2008-07-24 00:22:25.271: debug: +2008-07-24 00:22:25.271: notice: end of run: 2 errors occured +2008-07-24 00:23:08.907: notice: ------------------------------------------------------------ +2008-07-24 00:23:08.907: notice: running ../../dnssec-signer -r -f -v -v +2008-07-24 00:23:08.909: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 00:23:08.909: debug: Check RFC5011 status +2008-07-24 00:23:08.909: debug: ->ksk5011status returns 0 +2008-07-24 00:23:08.909: debug: Check KSK status +2008-07-24 00:23:08.909: debug: Check ZSK status +2008-07-24 00:23:08.909: debug: Re-signing necessary: Option -f +2008-07-24 00:23:08.909: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 00:23:08.909: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 00:23:08.910: debug: Signing zone "sub.example.net." +2008-07-24 00:23:08.910: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 00:23:09.510: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:23:09.510: debug: Signing completed after 1s. +2008-07-24 00:23:09.511: notice: "sub.example.net.": distribution triggered +2008-07-24 00:23:09.511: debug: Distribute zone "sub.example.net." +2008-07-24 00:23:09.511: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 00:23:09.517: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-24 00:23:09.517: debug: +2008-07-24 00:23:09.517: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 00:23:09.517: debug: Check RFC5011 status +2008-07-24 00:23:09.517: debug: ->ksk5011status returns 2 +2008-07-24 00:23:09.517: debug: Check ZSK status +2008-07-24 00:23:09.517: debug: Re-signing necessary: Option -f +2008-07-24 00:23:09.517: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 00:23:09.517: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 00:23:09.518: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 00:23:09.518: debug: Signing zone "example.net." +2008-07-24 00:23:09.518: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 00:23:09.633: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:23:09.633: debug: Signing completed after 0s. +2008-07-24 00:23:09.634: notice: "example.net.": distribution triggered +2008-07-24 00:23:09.634: debug: Distribute zone "example.net." +2008-07-24 00:23:09.634: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-24 00:23:09.640: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-24 00:23:09.640: debug: +2008-07-24 00:23:09.640: notice: end of run: 0 errors occured +2008-07-24 00:33:30.818: notice: ------------------------------------------------------------ +2008-07-24 00:33:30.818: notice: running ../../dnssec-signer -r -f -v -v +2008-07-24 00:33:30.820: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 00:33:30.820: debug: Check RFC5011 status +2008-07-24 00:33:30.821: debug: ->ksk5011status returns 0 +2008-07-24 00:33:30.821: debug: Check KSK status +2008-07-24 00:33:30.821: debug: Check ZSK status +2008-07-24 00:33:30.821: debug: Re-signing necessary: Option -f +2008-07-24 00:33:30.821: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 00:33:30.821: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 00:33:30.822: debug: Signing zone "sub.example.net." +2008-07-24 00:33:30.822: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 00:33:31.320: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:33:31.320: debug: Signing completed after 1s. +2008-07-24 00:33:31.320: error: exec of distribution command ./dist.sh forbidden due to running as root +2008-07-24 00:33:31.320: debug: Not running distribution command ./dist.sh as root +2008-07-24 00:33:31.320: debug: +2008-07-24 00:33:31.320: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 00:33:31.320: debug: Check RFC5011 status +2008-07-24 00:33:31.320: debug: ->ksk5011status returns 2 +2008-07-24 00:33:31.320: debug: Check ZSK status +2008-07-24 00:33:31.320: debug: Re-signing necessary: Option -f +2008-07-24 00:33:31.320: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 00:33:31.320: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 00:33:31.321: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 00:33:31.321: debug: Signing zone "example.net." +2008-07-24 00:33:31.321: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 00:33:31.443: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:33:31.443: debug: Signing completed after 0s. +2008-07-24 00:33:31.443: error: exec of distribution command ./dist.sh forbidden due to running as root +2008-07-24 00:33:31.443: debug: Not running distribution command ./dist.sh as root +2008-07-24 00:33:31.443: debug: +2008-07-24 00:33:31.443: notice: end of run: 2 errors occured +2008-07-24 23:21:55.189: notice: ------------------------------------------------------------ +2008-07-24 23:21:55.189: notice: running ../../dnssec-signer -r -v -v +2008-07-24 23:21:55.196: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:21:55.196: debug: Check RFC5011 status +2008-07-24 23:21:55.196: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:21:55.196: debug: Check KSK status +2008-07-24 23:21:55.196: debug: Check ZSK status +2008-07-24 23:21:55.196: debug: Re-signing not necessary! +2008-07-24 23:21:55.196: debug: Check if there is a parent file to copy +2008-07-24 23:21:55.196: debug: +2008-07-24 23:21:55.196: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:21:55.196: debug: Check RFC5011 status +2008-07-24 23:21:55.196: debug: Check ZSK status +2008-07-24 23:21:55.196: debug: Lifetime(29100 sec) of depreciated key 16682 exceeded (83278 sec) +2008-07-24 23:21:55.196: info: "example.net.": old ZSK 16682 removed +2008-07-24 23:21:55.196: debug: ->remove it +2008-07-24 23:21:55.196: debug: Re-signing necessary: New zone key +2008-07-24 23:21:55.197: notice: "example.net.": re-signing triggered: New zone key +2008-07-24 23:21:55.197: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 23:21:55.197: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 23:21:55.197: debug: Signing zone "example.net." +2008-07-24 23:21:55.197: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 23:21:55.873: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:21:55.873: debug: Signing completed after 0s. +2008-07-24 23:21:55.873: debug: Distribution command ./dist.sh not run as root +2008-07-24 23:21:55.873: error: exec of distribution command ./dist.sh suppressed because of security reasons +2008-07-24 23:21:55.873: debug: +2008-07-24 23:21:55.874: notice: end of run: 1 error occured +2008-07-24 23:23:06.278: notice: ------------------------------------------------------------ +2008-07-24 23:23:06.278: notice: running ../../dnssec-signer -r -v -v +2008-07-24 23:23:06.279: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:23:06.280: debug: Check RFC5011 status +2008-07-24 23:23:06.280: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:23:06.280: debug: Check KSK status +2008-07-24 23:23:06.280: debug: Check ZSK status +2008-07-24 23:23:06.280: debug: Re-signing not necessary! +2008-07-24 23:23:06.280: debug: Check if there is a parent file to copy +2008-07-24 23:23:06.280: debug: +2008-07-24 23:23:06.280: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:23:06.280: debug: Check RFC5011 status +2008-07-24 23:23:06.280: debug: Check ZSK status +2008-07-24 23:23:06.280: debug: Re-signing not necessary! +2008-07-24 23:23:06.280: debug: Check if there is a parent file to copy +2008-07-24 23:23:06.280: debug: +2008-07-24 23:23:06.280: notice: end of run: 0 errors occured +2008-07-24 23:25:21.930: notice: ------------------------------------------------------------ +2008-07-24 23:25:21.930: notice: running ../../dnssec-signer -r -v -v +2008-07-24 23:25:21.932: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:25:21.932: debug: Check RFC5011 status +2008-07-24 23:25:21.932: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:25:21.932: debug: Check KSK status +2008-07-24 23:25:21.932: debug: Check ZSK status +2008-07-24 23:25:21.932: debug: Re-signing not necessary! +2008-07-24 23:25:21.932: debug: Check if there is a parent file to copy +2008-07-24 23:25:21.932: debug: +2008-07-24 23:25:21.932: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:25:21.932: debug: Check RFC5011 status +2008-07-24 23:25:21.932: debug: Check ZSK status +2008-07-24 23:25:21.932: debug: Re-signing not necessary! +2008-07-24 23:25:21.932: debug: Check if there is a parent file to copy +2008-07-24 23:25:21.932: debug: +2008-07-24 23:25:21.932: notice: end of run: 0 errors occured +2008-07-24 23:25:39.009: notice: ------------------------------------------------------------ +2008-07-24 23:25:39.009: notice: running ../../dnssec-signer -f -r -v -v +2008-07-24 23:25:39.011: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:25:39.011: debug: Check RFC5011 status +2008-07-24 23:25:39.011: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:25:39.011: debug: Check KSK status +2008-07-24 23:25:39.011: debug: Check ZSK status +2008-07-24 23:25:39.011: debug: Re-signing necessary: Option -f +2008-07-24 23:25:39.011: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 23:25:39.011: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 23:25:39.011: debug: Signing zone "sub.example.net." +2008-07-24 23:25:39.012: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 23:25:39.591: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:25:39.591: debug: Signing completed after 0s. +2008-07-24 23:25:39.591: debug: Distribution command ./dist.sh not run as root +2008-07-24 23:25:39.591: error: exec of distribution command ./dist.sh suppressed because of security reasons +2008-07-24 23:25:39.592: debug: +2008-07-24 23:25:39.592: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:25:39.592: debug: Check RFC5011 status +2008-07-24 23:25:39.592: debug: Check ZSK status +2008-07-24 23:25:39.592: debug: Re-signing necessary: Option -f +2008-07-24 23:25:39.592: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 23:25:39.592: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 23:25:39.592: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 23:25:39.592: debug: Signing zone "example.net." +2008-07-24 23:25:39.592: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 23:25:39.703: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:25:39.703: debug: Signing completed after 0s. +2008-07-24 23:25:39.703: debug: Distribution command ./dist.sh not run as root +2008-07-24 23:25:39.703: error: exec of distribution command ./dist.sh suppressed because of security reasons +2008-07-24 23:25:39.703: debug: +2008-07-24 23:25:39.703: notice: end of run: 2 errors occured +2008-07-24 23:28:16.436: notice: ------------------------------------------------------------ +2008-07-24 23:28:16.436: notice: running ../../dnssec-signer -r -f -v -v +2008-07-24 23:28:16.438: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:28:16.438: debug: Check RFC5011 status +2008-07-24 23:28:16.438: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:28:16.438: debug: Check KSK status +2008-07-24 23:28:16.438: debug: Check ZSK status +2008-07-24 23:28:16.438: debug: Re-signing necessary: Option -f +2008-07-24 23:28:16.438: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 23:28:16.438: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 23:28:16.438: debug: Signing zone "sub.example.net." +2008-07-24 23:28:16.439: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 23:28:17.008: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:28:17.008: debug: Signing completed after 1s. +2008-07-24 23:28:17.009: notice: "sub.example.net.": distribution triggered +2008-07-24 23:28:17.009: debug: Distribute zone "sub.example.net." +2008-07-24 23:28:17.009: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:28:17.015: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-24 23:28:17.015: debug: +2008-07-24 23:28:17.015: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:28:17.015: debug: Check RFC5011 status +2008-07-24 23:28:17.015: debug: Check ZSK status +2008-07-24 23:28:17.015: debug: Re-signing necessary: Option -f +2008-07-24 23:28:17.015: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 23:28:17.015: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 23:28:17.016: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 23:28:17.016: debug: Signing zone "example.net." +2008-07-24 23:28:17.016: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 23:28:17.132: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:28:17.132: debug: Signing completed after 0s. +2008-07-24 23:28:17.132: notice: "example.net.": distribution triggered +2008-07-24 23:28:17.132: debug: Distribute zone "example.net." +2008-07-24 23:28:17.132: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-24 23:28:17.138: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-24 23:28:17.138: debug: +2008-07-24 23:28:17.138: notice: end of run: 0 errors occured +2008-07-24 23:31:17.354: notice: ------------------------------------------------------------ +2008-07-24 23:31:17.354: notice: running ../../dnssec-signer -r -f -v -v +2008-07-24 23:31:17.364: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:31:17.364: debug: Check RFC5011 status +2008-07-24 23:31:17.364: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:31:17.364: debug: Check KSK status +2008-07-24 23:31:17.364: debug: Check ZSK status +2008-07-24 23:31:17.364: debug: Re-signing necessary: Option -f +2008-07-24 23:31:17.364: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 23:31:17.364: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 23:31:17.364: debug: Signing zone "sub.example.net." +2008-07-24 23:31:17.364: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 23:31:18.032: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:31:18.032: debug: Signing completed after 1s. +2008-07-24 23:31:18.032: notice: "sub.example.net.": distribution triggered +2008-07-24 23:31:18.032: debug: Distribute zone "sub.example.net." +2008-07-24 23:31:18.032: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:31:18.039: debug: ./dist.sh reload return: "rndc reload " +2008-07-24 23:31:18.039: debug: +2008-07-24 23:31:18.039: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:31:18.039: debug: Check RFC5011 status +2008-07-24 23:31:18.039: debug: Check ZSK status +2008-07-24 23:31:18.039: debug: Re-signing necessary: Option -f +2008-07-24 23:31:18.039: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 23:31:18.039: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 23:31:18.040: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 23:31:18.040: debug: Signing zone "example.net." +2008-07-24 23:31:18.040: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 23:31:18.155: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:31:18.155: debug: Signing completed after 0s. +2008-07-24 23:31:18.155: notice: "example.net.": distribution triggered +2008-07-24 23:31:18.155: debug: Distribute zone "example.net." +2008-07-24 23:31:18.155: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-24 23:31:18.161: debug: ./dist.sh reload return: "rndc reload " +2008-07-24 23:31:18.161: debug: +2008-07-24 23:31:18.162: notice: end of run: 0 errors occured +2008-07-24 23:31:28.467: notice: ------------------------------------------------------------ +2008-07-24 23:31:28.467: notice: running ../../dnssec-signer -r -f -v -v +2008-07-24 23:31:28.470: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:31:28.470: debug: Check RFC5011 status +2008-07-24 23:31:28.470: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:31:28.470: debug: Check KSK status +2008-07-24 23:31:28.470: debug: Check ZSK status +2008-07-24 23:31:28.470: debug: Re-signing necessary: Option -f +2008-07-24 23:31:28.470: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 23:31:28.470: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 23:31:28.471: debug: Signing zone "sub.example.net." +2008-07-24 23:31:28.471: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 23:31:29.058: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:31:29.059: debug: Signing completed after 1s. +2008-07-24 23:31:29.059: notice: "sub.example.net.": distribution triggered +2008-07-24 23:31:29.059: debug: Distribute zone "sub.example.net." +2008-07-24 23:31:29.059: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:31:29.066: debug: ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-24 23:31:29.066: notice: scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./: distribution triggered +2008-07-24 23:31:29.066: debug: Distribute zone scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./ +2008-07-24 23:31:29.066: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:31:29.072: debug: ./dist.sh reload return: "rndc reload " +2008-07-24 23:31:29.072: debug: +2008-07-24 23:31:29.073: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:31:29.073: debug: Check RFC5011 status +2008-07-24 23:31:29.073: debug: Check ZSK status +2008-07-24 23:31:29.073: debug: Re-signing necessary: Option -f +2008-07-24 23:31:29.073: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 23:31:29.073: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 23:31:29.074: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 23:31:29.074: debug: Signing zone "example.net." +2008-07-24 23:31:29.075: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 23:31:29.204: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:31:29.204: debug: Signing completed after 0s. +2008-07-24 23:31:29.204: notice: "example.net.": distribution triggered +2008-07-24 23:31:29.204: debug: Distribute zone "example.net." +2008-07-24 23:31:29.205: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed" +2008-07-24 23:31:29.211: debug: ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-24 23:31:29.211: notice: scp ./example.net./zone.db.signed localhost:/var/named/example.net./: distribution triggered +2008-07-24 23:31:29.211: debug: Distribute zone scp ./example.net./zone.db.signed localhost:/var/named/example.net./ +2008-07-24 23:31:29.211: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-24 23:31:29.217: debug: ./dist.sh reload return: "rndc reload " +2008-07-24 23:31:29.217: debug: +2008-07-24 23:31:29.217: notice: end of run: 0 errors occured +2008-07-24 23:35:48.844: notice: ------------------------------------------------------------ +2008-07-24 23:35:48.844: notice: running ../../dnssec-signer -r -f -v -v +2008-07-24 23:35:48.846: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:35:48.846: debug: Check RFC5011 status +2008-07-24 23:35:48.846: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:35:48.846: debug: Check KSK status +2008-07-24 23:35:48.846: debug: Check ZSK status +2008-07-24 23:35:48.846: debug: Re-signing necessary: Option -f +2008-07-24 23:35:48.846: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 23:35:48.846: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 23:35:48.846: debug: Signing zone "sub.example.net." +2008-07-24 23:35:48.846: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 23:35:49.455: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:35:49.455: debug: Signing completed after 1s. +2008-07-24 23:35:49.455: notice: "sub.example.net.": distribution triggered +2008-07-24 23:35:49.455: debug: Distribute zone "sub.example.net." +2008-07-24 23:35:49.455: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:35:49.462: notice: "sub.example.net.": distribution triggered +2008-07-24 23:35:49.462: debug: Distribute zone "sub.example.net." +2008-07-24 23:35:49.462: debug: ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-24 23:35:49.462: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:35:49.468: notice: "sub.example.net.": reload triggered +2008-07-24 23:35:49.468: debug: Reload zone "sub.example.net." +2008-07-24 23:35:49.468: debug: ./dist.sh reload return: "rndc reload " +2008-07-24 23:35:49.468: debug: +2008-07-24 23:35:49.468: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:35:49.468: debug: Check RFC5011 status +2008-07-24 23:35:49.469: debug: Check ZSK status +2008-07-24 23:35:49.469: debug: Re-signing necessary: Option -f +2008-07-24 23:35:49.469: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 23:35:49.469: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 23:35:49.470: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 23:35:49.470: debug: Signing zone "example.net." +2008-07-24 23:35:49.470: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 23:35:49.600: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:35:49.600: debug: Signing completed after 0s. +2008-07-24 23:35:49.600: notice: "example.net.": distribution triggered +2008-07-24 23:35:49.600: debug: Distribute zone "example.net." +2008-07-24 23:35:49.600: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed" +2008-07-24 23:35:49.606: notice: "example.net.": distribution triggered +2008-07-24 23:35:49.606: debug: Distribute zone "example.net." +2008-07-24 23:35:49.606: debug: ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-24 23:35:49.606: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-24 23:35:49.613: notice: "example.net.": reload triggered +2008-07-24 23:35:49.613: debug: Reload zone "example.net." +2008-07-24 23:35:49.613: debug: ./dist.sh reload return: "rndc reload " +2008-07-24 23:35:49.613: debug: +2008-07-24 23:35:49.613: notice: end of run: 0 errors occured +2008-07-24 23:37:41.081: notice: ------------------------------------------------------------ +2008-07-24 23:37:41.081: notice: running ../../dnssec-signer -r -f -v -v +2008-07-24 23:37:41.083: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:37:41.083: debug: Check RFC5011 status +2008-07-24 23:37:41.083: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:37:41.083: debug: Check KSK status +2008-07-24 23:37:41.083: debug: Check ZSK status +2008-07-24 23:37:41.083: debug: Re-signing necessary: Option -f +2008-07-24 23:37:41.083: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 23:37:41.083: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 23:37:41.084: debug: Signing zone "sub.example.net." +2008-07-24 23:37:41.084: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 23:37:41.688: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:37:41.688: debug: Signing completed after 0s. +2008-07-24 23:37:41.689: notice: "sub.example.net.": distribution triggered +2008-07-24 23:37:41.689: debug: Distribute zone "sub.example.net." +2008-07-24 23:37:41.689: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:37:41.695: debug: ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-24 23:37:41.695: notice: "sub.example.net.": reload triggered +2008-07-24 23:37:41.695: debug: Reload zone "sub.example.net." +2008-07-24 23:37:41.695: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:37:41.701: debug: ./dist.sh reload return: "rndc reload " +2008-07-24 23:37:41.701: debug: +2008-07-24 23:37:41.701: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:37:41.701: debug: Check RFC5011 status +2008-07-24 23:37:41.701: debug: Check ZSK status +2008-07-24 23:37:41.701: debug: Re-signing necessary: Option -f +2008-07-24 23:37:41.701: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 23:37:41.701: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 23:37:41.702: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 23:37:41.702: debug: Signing zone "example.net." +2008-07-24 23:37:41.702: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 23:37:41.823: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:37:41.824: debug: Signing completed after 0s. +2008-07-24 23:37:41.824: notice: "example.net.": distribution triggered +2008-07-24 23:37:41.824: debug: Distribute zone "example.net." +2008-07-24 23:37:41.824: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed" +2008-07-24 23:37:41.830: debug: ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-24 23:37:41.831: notice: "example.net.": reload triggered +2008-07-24 23:37:41.831: debug: Reload zone "example.net." +2008-07-24 23:37:41.831: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-24 23:37:41.837: debug: ./dist.sh reload return: "rndc reload " +2008-07-24 23:37:41.837: debug: +2008-07-24 23:37:41.837: notice: end of run: 0 errors occured +2008-07-24 23:37:51.742: notice: ------------------------------------------------------------ +2008-07-24 23:37:51.742: notice: running ../../dnssec-signer -r -f -v +2008-07-24 23:37:51.744: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:37:51.744: debug: Check RFC5011 status +2008-07-24 23:37:51.744: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:37:51.744: debug: Check KSK status +2008-07-24 23:37:51.744: debug: Check ZSK status +2008-07-24 23:37:51.744: debug: Re-signing necessary: Option -f +2008-07-24 23:37:51.744: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 23:37:51.744: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 23:37:51.745: debug: Signing zone "sub.example.net." +2008-07-24 23:37:51.745: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 23:37:52.263: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:37:52.264: debug: Signing completed after 1s. +2008-07-24 23:37:52.264: notice: "sub.example.net.": distribution triggered +2008-07-24 23:37:52.264: debug: Distribute zone "sub.example.net." +2008-07-24 23:37:52.264: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:37:52.270: debug: ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-24 23:37:52.271: notice: "sub.example.net.": reload triggered +2008-07-24 23:37:52.271: debug: Reload zone "sub.example.net." +2008-07-24 23:37:52.271: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:37:52.276: debug: ./dist.sh reload return: "rndc reload " +2008-07-24 23:37:52.277: debug: +2008-07-24 23:37:52.277: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:37:52.277: debug: Check RFC5011 status +2008-07-24 23:37:52.277: debug: Check ZSK status +2008-07-24 23:37:52.277: debug: Re-signing necessary: Option -f +2008-07-24 23:37:52.277: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 23:37:52.277: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 23:37:52.277: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 23:37:52.277: debug: Signing zone "example.net." +2008-07-24 23:37:52.277: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 23:37:52.397: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:37:52.398: debug: Signing completed after 0s. +2008-07-24 23:37:52.398: notice: "example.net.": distribution triggered +2008-07-24 23:37:52.398: debug: Distribute zone "example.net." +2008-07-24 23:37:52.398: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed" +2008-07-24 23:37:52.404: debug: ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-24 23:37:52.404: notice: "example.net.": reload triggered +2008-07-24 23:37:52.404: debug: Reload zone "example.net." +2008-07-24 23:37:52.404: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-24 23:37:52.410: debug: ./dist.sh reload return: "rndc reload " +2008-07-24 23:37:52.410: debug: +2008-07-24 23:37:52.410: notice: end of run: 0 errors occured +2008-07-24 23:44:51.717: notice: ------------------------------------------------------------ +2008-07-24 23:44:51.717: notice: running ../../dnssec-signer -n -r -f -v +2008-07-24 23:44:51.719: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:44:51.719: debug: Check RFC5011 status +2008-07-24 23:44:51.719: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:44:51.719: debug: Check KSK status +2008-07-24 23:44:51.720: debug: Check ZSK status +2008-07-24 23:44:51.720: debug: Re-signing necessary: Option -f +2008-07-24 23:44:51.720: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 23:44:51.720: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 23:44:51.720: debug: Signing zone "sub.example.net." +2008-07-24 23:44:51.720: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 23:44:51.720: debug: Cmd dnssec-signzone return: "" +2008-07-24 23:44:51.720: debug: Signing completed after 0s. +2008-07-24 23:44:51.721: notice: "sub.example.net.": distribution triggered +2008-07-24 23:44:51.721: debug: Distribute zone "sub.example.net." +2008-07-24 23:44:51.721: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:44:51.721: debug: ./dist.sh distribute return: "" +2008-07-24 23:44:51.721: notice: "sub.example.net.": reload triggered +2008-07-24 23:44:51.721: debug: Reload zone "sub.example.net." +2008-07-24 23:44:51.721: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:44:51.721: debug: ./dist.sh reload return: "" +2008-07-24 23:44:51.721: debug: +2008-07-24 23:44:51.721: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:44:51.721: debug: Check RFC5011 status +2008-07-24 23:44:51.721: debug: Check ZSK status +2008-07-24 23:44:51.721: debug: Re-signing necessary: Option -f +2008-07-24 23:44:51.722: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 23:44:51.722: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 23:44:51.722: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 23:44:51.722: notice: "example.net.": distribution triggered +2008-07-24 23:44:51.722: debug: Distribute zone "example.net." +2008-07-24 23:44:51.722: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed" +2008-07-24 23:44:51.722: debug: ./dist.sh distribute return: "" +2008-07-24 23:44:51.722: notice: "example.net.": reload triggered +2008-07-24 23:44:51.722: debug: Reload zone "example.net." +2008-07-24 23:44:51.722: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-24 23:44:51.722: debug: ./dist.sh reload return: "" +2008-07-24 23:44:51.723: debug: +2008-07-24 23:44:51.723: notice: end of run: 0 errors occured +2008-07-24 23:44:57.039: notice: ------------------------------------------------------------ +2008-07-24 23:44:57.040: notice: running ../../dnssec-signer -n -r -f -v -v +2008-07-24 23:44:57.042: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:44:57.042: debug: Check RFC5011 status +2008-07-24 23:44:57.042: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:44:57.042: debug: Check KSK status +2008-07-24 23:44:57.042: debug: Check ZSK status +2008-07-24 23:44:57.042: debug: Re-signing necessary: Option -f +2008-07-24 23:44:57.042: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 23:44:57.042: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 23:44:57.042: debug: Signing zone "sub.example.net." +2008-07-24 23:44:57.042: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 23:44:57.042: debug: Cmd dnssec-signzone return: "" +2008-07-24 23:44:57.042: debug: Signing completed after 0s. +2008-07-24 23:44:57.042: notice: "sub.example.net.": distribution triggered +2008-07-24 23:44:57.042: debug: Distribute zone "sub.example.net." +2008-07-24 23:44:57.042: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:44:57.042: debug: ./dist.sh distribute return: "" +2008-07-24 23:44:57.043: notice: "sub.example.net.": reload triggered +2008-07-24 23:44:57.043: debug: Reload zone "sub.example.net." +2008-07-24 23:44:57.043: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:44:57.043: debug: ./dist.sh reload return: "" +2008-07-24 23:44:57.043: debug: +2008-07-24 23:44:57.043: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:44:57.043: debug: Check RFC5011 status +2008-07-24 23:44:57.043: debug: Check ZSK status +2008-07-24 23:44:57.043: debug: Re-signing necessary: Option -f +2008-07-24 23:44:57.043: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 23:44:57.043: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 23:44:57.043: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 23:44:57.043: notice: "example.net.": distribution triggered +2008-07-24 23:44:57.043: debug: Distribute zone "example.net." +2008-07-24 23:44:57.043: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed" +2008-07-24 23:44:57.043: debug: ./dist.sh distribute return: "" +2008-07-24 23:44:57.043: notice: "example.net.": reload triggered +2008-07-24 23:44:57.043: debug: Reload zone "example.net." +2008-07-24 23:44:57.043: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-24 23:44:57.043: debug: ./dist.sh reload return: "" +2008-07-24 23:44:57.043: debug: +2008-07-24 23:44:57.043: notice: end of run: 0 errors occured +2008-07-25 23:31:07.235: notice: ------------------------------------------------------------ +2008-07-25 23:31:07.236: notice: running ../../dnssec-signer -v -v +2008-07-25 23:31:07.238: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-25 23:31:07.238: debug: Check RFC5011 status +2008-07-25 23:31:07.238: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-25 23:31:07.238: debug: Check KSK status +2008-07-25 23:31:07.238: debug: Check ZSK status +2008-07-25 23:31:07.238: debug: Lifetime(259200 +/-150 sec) of active key 31081 exceeded (343229 sec) +2008-07-25 23:31:07.239: debug: ->depreciate it +2008-07-25 23:31:07.239: debug: ->activate published key 3615 +2008-07-25 23:31:07.239: notice: "sub.example.net.": lifetime of zone signing key 31081 exceeded: ZSK rollover done +2008-07-25 23:31:07.239: debug: New published key needed +2008-07-25 23:31:07.397: debug: ->creating new published key 4254 +2008-07-25 23:31:07.397: info: "sub.example.net.": new key 4254 generated for publishing +2008-07-25 23:31:07.397: debug: Re-signing necessary: New zone key +2008-07-25 23:31:07.397: notice: "sub.example.net.": re-signing triggered: New zone key +2008-07-25 23:31:07.398: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-25 23:31:07.398: debug: Signing zone "sub.example.net." +2008-07-25 23:31:07.398: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-25 23:31:07.639: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-25 23:31:07.639: debug: Signing completed after 0s. +2008-07-25 23:31:07.639: debug: +2008-07-25 23:31:07.639: debug: parsing zone "example.net." in dir "./example.net." +2008-07-25 23:31:07.639: debug: Check RFC5011 status +2008-07-25 23:31:07.639: debug: Check ZSK status +2008-07-25 23:31:07.639: debug: Re-signing necessary: Modified keys +2008-07-25 23:31:07.639: notice: "example.net.": re-signing triggered: Modified keys +2008-07-25 23:31:07.639: debug: Writing key file "./example.net./dnskey.db" +2008-07-25 23:31:07.640: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-25 23:31:07.640: debug: Signing zone "example.net." +2008-07-25 23:31:07.640: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-25 23:31:07.783: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-25 23:31:07.783: debug: Signing completed after 0s. +2008-07-25 23:31:07.783: debug: +2008-07-25 23:31:07.783: notice: end of run: 0 errors occured +2008-07-25 23:32:27.052: notice: ------------------------------------------------------------ +2008-07-25 23:32:27.052: notice: running ../../dnssec-signer -v -v +2008-07-25 23:32:27.054: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-25 23:32:27.054: debug: Check RFC5011 status +2008-07-25 23:32:27.054: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-25 23:32:27.054: debug: Check KSK status +2008-07-25 23:32:27.054: debug: Check ZSK status +2008-07-25 23:32:27.054: debug: Re-signing not necessary! +2008-07-25 23:32:27.054: debug: Check if there is a parent file to copy +2008-07-25 23:32:27.054: debug: +2008-07-25 23:32:27.054: debug: parsing zone "example.net." in dir "./example.net." +2008-07-25 23:32:27.054: debug: Check RFC5011 status +2008-07-25 23:32:27.054: debug: Check ZSK status +2008-07-25 23:32:27.054: debug: Re-signing not necessary! +2008-07-25 23:32:27.054: debug: Check if there is a parent file to copy +2008-07-25 23:32:27.057: debug: +2008-07-25 23:32:27.057: notice: end of run: 0 errors occured +2008-07-31 00:25:52.601: notice: ------------------------------------------------------------ +2008-07-31 00:25:52.601: notice: running ../../dnssec-signer -v -v +2008-07-31 00:25:52.604: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-31 00:25:52.604: debug: Check RFC5011 status +2008-07-31 00:25:52.604: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-31 00:25:52.604: debug: Check KSK status +2008-07-31 00:25:52.604: debug: Check ZSK status +2008-07-31 00:25:52.604: debug: Lifetime(390 sec) of depreciated key 31081 exceeded (435285 sec) +2008-07-31 00:25:52.604: info: "sub.example.net.": old ZSK 31081 removed +2008-07-31 00:25:52.605: debug: ->remove it +2008-07-31 00:25:52.605: debug: Lifetime(259200 +/-150 sec) of active key 3615 exceeded (435285 sec) +2008-07-31 00:25:52.605: debug: ->depreciate it +2008-07-31 00:25:52.605: debug: ->activate published key 4254 +2008-07-31 00:25:52.605: notice: "sub.example.net.": lifetime of zone signing key 3615 exceeded: ZSK rollover done +2008-07-31 00:25:52.605: debug: New key for publishing needed +2008-07-31 00:25:53.128: debug: ->creating new key 56744 +2008-07-31 00:25:53.128: info: "sub.example.net.": new key 56744 generated for publishing +2008-07-31 00:25:53.128: debug: Re-signing necessary: New zone key +2008-07-31 00:25:53.128: notice: "sub.example.net.": re-signing triggered: New zone key +2008-07-31 00:25:53.128: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-31 00:25:53.128: debug: Signing zone "sub.example.net." +2008-07-31 00:25:53.128: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-31 00:25:53.332: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-31 00:25:53.332: debug: Signing completed after 0s. +2008-07-31 00:25:53.332: debug: +2008-07-31 00:25:53.332: debug: parsing zone "example.net." in dir "./example.net." +2008-07-31 00:25:53.332: debug: Check RFC5011 status +2008-07-31 00:25:53.332: debug: Check ZSK status +2008-07-31 00:25:53.332: debug: Re-signing necessary: re-signing interval (2d) reached +2008-07-31 00:25:53.332: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached +2008-07-31 00:25:53.332: debug: Writing key file "./example.net./dnskey.db" +2008-07-31 00:25:53.333: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-31 00:25:53.333: debug: Signing zone "example.net." +2008-07-31 00:25:53.333: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-31 00:25:53.477: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-31 00:25:53.477: debug: Signing completed after 0s. +2008-07-31 00:25:53.477: debug: +2008-07-31 00:25:53.477: notice: end of run: 0 errors occured +2008-07-31 13:19:17.447: notice: ------------------------------------------------------------ +2008-07-31 13:19:17.447: notice: running ../../dnssec-signer -v -v +2008-07-31 13:19:17.449: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-31 13:19:17.449: debug: Check RFC5011 status +2008-07-31 13:19:17.450: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-31 13:19:17.450: debug: Check KSK status +2008-07-31 13:19:17.450: debug: Check ZSK status +2008-07-31 13:19:17.450: debug: Lifetime(390 sec) of depreciated key 3615 exceeded (46405 sec) +2008-07-31 13:19:17.450: info: "sub.example.net.": old ZSK 3615 removed +2008-07-31 13:19:17.450: debug: ->remove it +2008-07-31 13:19:17.450: debug: Re-signing necessary: New zone key +2008-07-31 13:19:17.451: notice: "sub.example.net.": re-signing triggered: New zone key +2008-07-31 13:19:17.451: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-31 13:19:17.451: debug: Signing zone "sub.example.net." +2008-07-31 13:19:17.451: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-31 13:19:17.943: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-31 13:19:17.944: debug: Signing completed after 0s. +2008-07-31 13:19:17.944: debug: +2008-07-31 13:19:17.944: debug: parsing zone "example.net." in dir "./example.net." +2008-07-31 13:19:17.944: debug: Check RFC5011 status +2008-07-31 13:19:17.944: debug: Check ZSK status +2008-07-31 13:19:17.944: debug: Re-signing not necessary! +2008-07-31 13:19:17.944: debug: Check if there is a parent file to copy +2008-07-31 13:19:17.944: debug: +2008-07-31 13:19:17.945: notice: end of run: 0 errors occured diff --git a/contrib/zkt/examples/flat/zone.conf b/contrib/zkt/examples/flat/zone.conf new file mode 100644 index 0000000..0ccc7f6 --- /dev/null +++ b/contrib/zkt/examples/flat/zone.conf @@ -0,0 +1,10 @@ + +zone "example.NET." in { + type master; + file "example.net./zone.db.signed"; +}; + +zone "sub.example.NET." in { + type master; + file "sub.example.net./zone.db.signed"; +}; diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.key b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.key new file mode 100644 index 0000000..a824208 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.key @@ -0,0 +1,3 @@ +;% generationtime=20080717083652 +;% lifetime=28d +example.de. IN DNSKEY 256 3 5 BQEAAAAByN2rMrazHwh+sNOv8cBef3HUotAQTS9QW4Y5NjNuyYNraJBA OqV8KSaGQqIhkh0ZD0oIm2h0JowdyERZVj6ZZQ== diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.published b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.published new file mode 100644 index 0000000..8703816 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: yN2rMrazHwh+sNOv8cBef3HUotAQTS9QW4Y5NjNuyYNraJBAOqV8KSaGQqIhkh0ZD0oIm2h0JowdyERZVj6ZZQ== +PublicExponent: AQAAAAE= +PrivateExponent: PUJ1+zrJn3r8Z+GcNmxwyHaNeLivsjSiSoGZu2FnlJHgHV3Kq5ZL+d5jeGpbPyW6Bc5z+NpkqGPuz/DG9C6OhQ== +Prime1: 8NWUn++L7p45k/tgcIoVKWe9Jgwtn4m8K8PkNQG1H4s= +Prime2: 1YPE6Nw/KsuDHPkM6NAqtnMWugaG9kDq348eSTkhSM8= +Exponent1: tF/x51phYle6xgqBLw3ixmkQJCSpCa3F51pb/zGieV0= +Exponent2: PeU/PmlccGmtux9ZC9rEdu/xmMERXZri3QdBtCzYDLs= +Coefficient: gMF5l8BpGn2VBO7XqZNTJWOkx1lBOytfBc4y6yh+Cn8= diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.key b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.key new file mode 100644 index 0000000..1986117 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.key @@ -0,0 +1,4 @@ +;% generationtime=20080506225722 +;% lifetime=20d +;% expirationtime=20080711220959 +example.de. IN DNSKEY 385 3 5 BQEAAAABCyg92L7v21N3lc/gR07/2iLmvt6dUn1KKauLvmkRuT040XT+ Rd3Iq20iq6BqVPsPS+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrML4D9 Pp1dzgEDKWLam96v+E7KC0GGH/BI6/WelqeqjS5BjI4Gjv4roaTyDCi6 3oXwcMFDVwrSjws4A/5AGANka41Aky+UCGse6+64YmNP/QkSXDAeBZqw rw== diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.private b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.private new file mode 100644 index 0000000..62b7ca4 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: Cyg92L7v21N3lc/gR07/2iLmvt6dUn1KKauLvmkRuT040XT+Rd3Iq20iq6BqVPsPS+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrML4D9Pp1dzgEDKWLam96v+E7KC0GGH/BI6/WelqeqjS5BjI4Gjv4roaTyDCi63oXwcMFDVwrSjws4A/5AGANka41Aky+UCGse6+64YmNP/QkSXDAeBZqwrw== +PublicExponent: AQAAAAE= +PrivateExponent: CGYBtGSIMmSFoqnh6yYuoYlvTP2O7vkBdRrfkN43NwdlQVhco+wQO55QxCZNhCcbp2xau9IdejetNH0pQ3Zfg2Vllx78F8VMTMqkgw2HudWS/RahkMg+Hq6DBUaX/LYt90ToGyy5+FmyBm4fOV8FxJVrmTFMw4m7ULp3FgRcxmzS5zNjKYP2LKU/pYz0wFpyAr88DGNjChgwvRN/GE4obsoJgQ== +Prime1: A18v8idXV3o9tpIzalTEpOeDX7OxKumhUsoDpPhOJf7XqHLS6hYoYwFbRObF23Zi/3kHiAoGffR1Dkd+ji3xZhFOSEcUDuikQ2jdzdY8NxbzQQ== +Prime2: A08XMjIEpsViYvYB+ChuYxPbq7Z/eHtT/r5f8zS+nuEUwYAlKeq/i+U5sIydC1txv5XQuRPqpjtlZTClJ85BpS0GnSspG5PcY3OMwkA2smLX7w== +Exponent1: AcLu8YM68M8LtP7Dr7vYI+vJK6RK5SN/mAnz4ALt53igCUB/iVrfvBWCHp7hEgkRZUQQoItbT9C6YXrC3G9DW+IldSP8vrtqYva4YDBD2X1LAQ== +Exponent2: JdJVp3CAJPPcx0KiKDS8gHDiu22CBV2w1cycnXgwFmJl4aQkbTA7/xlgl15r3lByacAc19JreArqgCQRQV3bS7NG2PiQmzO26XkwCq+Kj7OJ +Coefficient: i6sKgv2zpCvdY9fChryaf5nZyb4nFd2dG/vnjQScBz8YVw4LnfL/XqKIego0Ez6/KlL4AnvkcafzogJ+MtmBB7V4RXEyObcbR6M/MLGMhpL8 diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.key b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.key new file mode 100644 index 0000000..4836d51 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.key @@ -0,0 +1,3 @@ +;% generationtime=20080608210458 +;% lifetime=28d +example.de. IN DNSKEY 256 3 5 BQEAAAABnRJdmY7dzRKi93pVkLToV5FK4Ffm8YnY0c6IHKcAmb5t8FLv pNijniIclCPXTpfio+HNa59a4UA8jTdJb+kT0w== diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.private b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.private new file mode 100644 index 0000000..3b1b32e --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: nRJdmY7dzRKi93pVkLToV5FK4Ffm8YnY0c6IHKcAmb5t8FLvpNijniIclCPXTpfio+HNa59a4UA8jTdJb+kT0w== +PublicExponent: AQAAAAE= +PrivateExponent: I2jMbjLfEzJ4iZHvXDTRZKM2/SXOLH9dTWkzH8zfbW+jzsKObfnt7/yJYaIHv0gQOvOAfQ46RutqryjQpLPtoQ== +Prime1: 0TgZK52tc+JlhyG5229kjntpXP0enYcMqROdLM9lSoM= +Prime2: wDFNEVHv0GDU7L7ZLPIuRewnHg9SHgSnQ+kOWDhZEHE= +Exponent1: aVdC0HyDAG7bvUkwx468HhrL/00lGXQYvnxoKqV3/dU= +Exponent2: quQ/NY7YkT3jYi649bQ9hsWDkaAoBf1FrIVPcf3FSXE= +Coefficient: Td8UjaaoC44Qt0jCQ4uULI1YUQRNdPYH3024NghryrE= diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.key b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.key new file mode 100644 index 0000000..3a636d4 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.key @@ -0,0 +1,3 @@ +;% generationtime=20080608210458 +;% lifetime=20d +example.de. IN DNSKEY 257 3 5 BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLtutggFAJgBW5Ua7uzAR+7 r/DcOE7IfjnT5FQhbYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmXDU9N tu9TDp6X6ZXE11+cFdATa4TPnsAUMSxVkLZanrbyACmcNr1gjT3dz6qI VBVPb5OnUldndbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVOUNdJQGb9 zQ== diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.private b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.private new file mode 100644 index 0000000..b0466be --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: Drm5aXRPuZOmwT4nINnY2qXyXWLtutggFAJgBW5Ua7uzAR+7r/DcOE7IfjnT5FQhbYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmXDU9Ntu9TDp6X6ZXE11+cFdATa4TPnsAUMSxVkLZanrbyACmcNr1gjT3dz6qIVBVPb5OnUldndbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVOUNdJQGb9zQ== +PublicExponent: AQAAAAE= +PrivateExponent: AQM2fRAmc6coPLeTHAK1DCHOYCRPSjsHYXoOzwMzzdIpHschjfxka35UdNSGKYpqM9E+VTZmV96w9ZZK5recxYak/6F72ZYTIYtsWYqCkej18nzhpnlt4nASnRt0nsS9UVVwc1Y7QxqRtSVXEcgcbiW3lr0jq+PSBf/HjY9qOHV4ExXlz7KPYOWbJa1YLFnvGlMd/W7hmQvXNEfTvOwjKURV4Q== +Prime1: A/0Yax4evJzC7VSw0Swt0KNM7gtIJ9nwzDCrTymulzKhu6Wgeu0veU9OAGDhv0Yfmn0kr1JLITpMu4uo3a5jfLb18yZEAyPphejZBA+wPIll+Q== +Prime2: A7EcplBfPWZmeCeL6UnFz4h45nxi3jRfQT00k34Nu5aFt5v+ngExbatcoOMnEKZSq2SQKDQRTp6XBOiwPNB9mVaLmzl9k9tyX6JvkCBEDrM7dQ== +Exponent1: AjoJbjmJarH7I4Zj5UPc9r0I5NtVgrAx4ZltcqPN07/1cBS2QAnZuMSLUvv8pkK+Lng9Wdy9c2FL0XjWY5Q+ORYj4ONGl9OWpi2zKqpTw4WgOQ== +Exponent2: AZfFGuYsztbn6tHFUIdIeXfaFTYyVbSfCEUp2Uv8N75QMyyuT4dzAlkU2cfSg3oAefrlCKWqXtLv9XlOJ1hTeXZOz8jyYAyhvGWGoHmSbeaNKQ== +Coefficient: AX6DKJRk0GXwCnkpfbn91myfZ2wgsUTXKjqasdlTqm3JL9Rtpq8J2MWPhexcSSz8DNa5LQlGduE1nh4eqqntnSNckD6CeImMdWgTNbQS3zV8Bw== diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.key b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.key new file mode 100644 index 0000000..35d4c6a --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.key @@ -0,0 +1,3 @@ +;% generationtime=20080711221000 +;% lifetime=20d +example.de. IN DNSKEY 257 3 5 BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZoRYpwDDuLzBcC7k+G1+wW dftyA1vBm5HMpyq0OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgMzDDO Yv+O1TQU4i3G+iONxB1RAwH/J2lA+U0zCbrdf0KLq/enNquchhPw4gCX 0RB9HC+TkpoPf2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+ONUcLAEt +w== diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.published b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.published new file mode 100644 index 0000000..b7f28db --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: DfaBERX9p+FUi1OXYVig7zLCQFZoRYpwDDuLzBcC7k+G1+wWdftyA1vBm5HMpyq0OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgMzDDOYv+O1TQU4i3G+iONxB1RAwH/J2lA+U0zCbrdf0KLq/enNquchhPw4gCX0RB9HC+TkpoPf2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+ONUcLAEt+w== +PublicExponent: AQAAAAE= +PrivateExponent: /MDd0rAZf9mm/3cDi6TjTqeegMmnidhKYIzxyz1+quzwOA16L3jLf3ucWjz/BlEiOYh1CZbAroGRYqBAskys8u7FDinOQEP5cEn5NUyL5z0WebSCO+qnaqaQSokRs0oUx3+e9tJc9GhhmZIVNXQe4mYxfeYCl6KZS9CXe22y31PkvJ+SQIBh/I+SQnM4rbW012rKroAxdHfTvmalofx+Qb1h +Prime1: A/5Pkk5UAGvEa06GrEcATMOjsxZ0BbgalPuJKLLTFzvtYhdlJY738oY0QfsHba9hEC+iiSwfjWYyNlH/7bcVqSFtbLJiJ0aUfvObj75qw4HjXQ== +Prime2: A38aQzy3UrARKcwUqCiQrSOTM5P7xIDfbruW7ywmaWA1lXCvP3EJAal6MYs0pG2vx1cxVTIPva3Se26NkGaBqZw+RgHxmRmfgxvSoCfWXGZZNw== +Exponent1: OvPYJBkVUbncb0mBtTe5uwa9RgGlCgW4ges93zf3UQuHGvAesUFNnMh6y9zi4vgyVNbz2KOSnA91onc9l42b6NwqRNbExGhDsMc8NQi16vnF +Exponent2: AkkCNzHuGv3HaQ4MpRT/PLPA2UONseMBvJHWlgK+aO2xb6/7I09sPqKnJ4f6Bj5jL8efNZYHWsaN4l335V9lc5791opU+07LHHpULn2qVRpJYw== +Coefficient: An94juF2F5cDtoMC6gwI5iaWDH/qxkeuZ62fnMFoMY18XO0/clTVfdW7XvXCOn1DQyDLDOYpxR5MfeDKkbxtGGYKABWBOWlyaS1A5D5wTQRJzw== diff --git a/contrib/zkt/examples/hierarchical/de./example.de./dnskey.db b/contrib/zkt/examples/hierarchical/de./example.de./dnskey.db new file mode 100644 index 0000000..bd106bd --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./dnskey.db @@ -0,0 +1,48 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by dnssec-signer. +; +; Last generation time Jul 29 2008 12:44:06 +; + +; *** List of Key Signing Keys *** +; example.de. tag=17439 algo=RSASHA1 generated Jun 19 2008 00:32:22 +example.de. 3600 IN DNSKEY 385 3 5 ( + BQEAAAABCyg92L7v21N3lc/gR07/2iLmvt6dUn1KKauLvmkRuT040XT+ + Rd3Iq20iq6BqVPsPS+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrML4D9 + Pp1dzgEDKWLam96v+E7KC0GGH/BI6/WelqeqjS5BjI4Gjv4roaTyDCi6 + 3oXwcMFDVwrSjws4A/5AGANka41Aky+UCGse6+64YmNP/QkSXDAeBZqw + rw== + ) ; key id = 17567 (original key id = 17439) + +; example.de. tag=41145 algo=RSASHA1 generated Jul 12 2008 00:10:00 +example.de. 3600 IN DNSKEY 257 3 5 ( + BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLtutggFAJgBW5Ua7uzAR+7 + r/DcOE7IfjnT5FQhbYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmXDU9N + tu9TDp6X6ZXE11+cFdATa4TPnsAUMSxVkLZanrbyACmcNr1gjT3dz6qI + VBVPb5OnUldndbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVOUNdJQGb9 + zQ== + ) ; key id = 41145 + +; example.de. tag=59244 algo=RSASHA1 generated Jul 12 2008 00:10:00 +example.de. 3600 IN DNSKEY 257 3 5 ( + BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZoRYpwDDuLzBcC7k+G1+wW + dftyA1vBm5HMpyq0OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgMzDDO + Yv+O1TQU4i3G+iONxB1RAwH/J2lA+U0zCbrdf0KLq/enNquchhPw4gCX + 0RB9HC+TkpoPf2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+ONUcLAEt + +w== + ) ; key id = 59244 + +; *** List of Zone Signing Keys *** +; example.de. tag=35672 algo=RSASHA1 generated Jul 17 2008 10:36:52 +example.de. 3600 IN DNSKEY 256 3 5 ( + BQEAAAABnRJdmY7dzRKi93pVkLToV5FK4Ffm8YnY0c6IHKcAmb5t8FLv + pNijniIclCPXTpfio+HNa59a4UA8jTdJb+kT0w== + ) ; key id = 35672 + +; example.de. tag=11867 algo=RSASHA1 generated Jul 17 2008 10:36:52 +example.de. 3600 IN DNSKEY 256 3 5 ( + BQEAAAAByN2rMrazHwh+sNOv8cBef3HUotAQTS9QW4Y5NjNuyYNraJBA + OqV8KSaGQqIhkh0ZD0oIm2h0JowdyERZVj6ZZQ== + ) ; key id = 11867 + diff --git a/contrib/zkt/examples/hierarchical/de./example.de./dsset-example.de. b/contrib/zkt/examples/hierarchical/de./example.de./dsset-example.de. new file mode 100644 index 0000000..a2cb04a --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./dsset-example.de. @@ -0,0 +1,6 @@ +example.de. IN DS 17567 5 1 D2AE03CF2A76AA0A28AE8593B3D96E497C6508E5 +example.de. IN DS 17567 5 2 A9F2D82927721257F7C4325B402F664BBFE58780A786BB7B7188A0DB FD5D7008 +example.de. IN DS 41145 5 1 8F18A5F2A59AEF518DBA5A0CD0F0E259DD0F8C05 +example.de. IN DS 41145 5 2 BA5A78FB98E5A38554B4D73B32F15C4794AEE9E25934B3696B999451 A534102A +example.de. IN DS 59244 5 1 56F34A865AFA3A183D3C008490B94CB1D238BB9A +example.de. IN DS 59244 5 2 08C1BFC17C4634BE4A03A297D65E44CC8EB375B4027534541B7E0596 5E985313 diff --git a/contrib/zkt/examples/hierarchical/de./example.de./keyset-example.de. b/contrib/zkt/examples/hierarchical/de./example.de./keyset-example.de. new file mode 100644 index 0000000..2b40c68 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./keyset-example.de. @@ -0,0 +1,28 @@ +$ORIGIN . +example.de 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZo + RYpwDDuLzBcC7k+G1+wWdftyA1vBm5HMpyq0 + OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgM + zDDOYv+O1TQU4i3G+iONxB1RAwH/J2lA+U0z + Cbrdf0KLq/enNquchhPw4gCX0RB9HC+TkpoP + f2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+ + ONUcLAEt+w== + ) ; key id = 59244 + 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLt + utggFAJgBW5Ua7uzAR+7r/DcOE7IfjnT5FQh + bYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmX + DU9Ntu9TDp6X6ZXE11+cFdATa4TPnsAUMSxV + kLZanrbyACmcNr1gjT3dz6qIVBVPb5OnUldn + dbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVO + UNdJQGb9zQ== + ) ; key id = 41145 + 7200 IN DNSKEY 385 3 5 ( + BQEAAAABCyg92L7v21N3lc/gR07/2iLmvt6d + Un1KKauLvmkRuT040XT+Rd3Iq20iq6BqVPsP + S+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrM + L4D9Pp1dzgEDKWLam96v+E7KC0GGH/BI6/We + lqeqjS5BjI4Gjv4roaTyDCi63oXwcMFDVwrS + jws4A/5AGANka41Aky+UCGse6+64YmNP/QkS + XDAeBZqwrw== + ) ; key id = 17567 diff --git a/contrib/zkt/examples/hierarchical/de./example.de./keyset-sub.example.de. b/contrib/zkt/examples/hierarchical/de./example.de./keyset-sub.example.de. new file mode 100644 index 0000000..04ed33a --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./keyset-sub.example.de. @@ -0,0 +1,8 @@ +$ORIGIN . +sub.example.de 7200 IN DNSKEY 257 3 5 ( + BQEAAAABpL4/T8z6mCbTm46Y9+KJOgCAk+dG + HBoyg75N1f0lwYSZOLyyyOLWwDxlsfkb5Wwv + Z1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicd + IMSvjmOWVBR0GsEb+reREu5X0sdZbqOuxT6C + kKoTXRpRZgU9ouus6W5bSWQAfdQIegTBBKk= + ) ; key id = 40998 diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.key b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.key new file mode 100644 index 0000000..6b6aca1 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.key @@ -0,0 +1,3 @@ +;% generationtime=20080729104405 +;% lifetime=2d +sub.example.de. IN DNSKEY 256 3 1 BQEAAAABny2+yO3erGn/4hCJyG031zbeZa91KPPsQRfqgx3eNgyaQjfD 7NTKuAfJjbSTbHnvXF008duYET+UU9+hS01RIw== diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.private b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.private new file mode 100644 index 0000000..2377635 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 1 (RSA) +Modulus: ny2+yO3erGn/4hCJyG031zbeZa91KPPsQRfqgx3eNgyaQjfD7NTKuAfJjbSTbHnvXF008duYET+UU9+hS01RIw== +PublicExponent: AQAAAAE= +PrivateExponent: njIKbIVXtg54r7CRULxKaNXpW0BUus3VYh/JBkMgd+runwCUtXUccG14jHrZ/H2M6Yx46EIYxebzoi0rStisAQ== +Prime1: zsU5EgehqDuowoV/yRkMTDa/b3unK6hUy4AnqCpumtE= +Prime2: xRPHnd4KuW4H4SueCLf3oduoTfOp6pl6cKdJyjooQbM= +Exponent1: WbbHa11huZfttfhiiocYX0zKzy+2hTHb8vXBJ27mIcE= +Exponent2: JrXRbJt0aQuZ7PEcBuYpcLp0d4WZFD0htANku1j9xHc= +Coefficient: y0cK7SB3Usly0yku3wY50DpxX0k+qPu8HztqHeGCXpg= diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.depreciated b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.depreciated new file mode 100644 index 0000000..934f630 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.depreciated @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 1 (RSA) +Modulus: rPRVqWxFqCoVRrtQ8XYrbeogdBKBvEus359hPgFqYdGHvR1Kkyl8EhioksP/Tze5cGBHTSFCjIh+lGMPEssJCQ== +PublicExponent: AQAAAAE= +PrivateExponent: OGFXm5oxuztSyLrcmyhrWs14NTOKh745RZMjIUVyoem0SLRjkJWdqGlPnMsR+lmyVieKx6OhFTOZnbjRaeu2AQ== +Prime1: 1epbg5Yr1USYkwGu9zV7AXpB74Wfu7I3WDzPabBFQ+k= +Prime2: zvsD4Q/+PCmzXiRwsSlwZwtwpcSump1fuIve+REOCCE= +Exponent1: kMpHQJed0XNHcNZ2hcEZ1/yG3Ex4MZbdJ9DsK2Rgosk= +Exponent2: LEK4vqbV5lWlccULSqR0puA/1lFWmvRbS0yu7qp4OGE= +Coefficient: gXEyODoVUSbHQP2mar5cwP3BDdi1LwDYVvdvKYEPIrw= diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.key b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.key new file mode 100644 index 0000000..2c662a9 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.key @@ -0,0 +1,3 @@ +;% generationtime=20080726213646 +;% lifetime=2d +sub.example.de. IN DNSKEY 256 3 1 BQEAAAABrPRVqWxFqCoVRrtQ8XYrbeogdBKBvEus359hPgFqYdGHvR1K kyl8EhioksP/Tze5cGBHTSFCjIh+lGMPEssJCQ== diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.key b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.key new file mode 100644 index 0000000..3a0fcec --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.key @@ -0,0 +1,3 @@ +;% generationtime=20080731111645 +;% lifetime=2d +sub.example.de. IN DNSKEY 256 3 1 BQEAAAABwutYROLC3W5wyq8jZEN7Fjgn2bLMoUAVJoteHeTZgfc11ekm /T+TEsR0L1Eazfc/MP+8X0OzdEl97NGOPtmT9w== diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.published b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.published new file mode 100644 index 0000000..b45db1f --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 1 (RSA) +Modulus: wutYROLC3W5wyq8jZEN7Fjgn2bLMoUAVJoteHeTZgfc11ekm/T+TEsR0L1Eazfc/MP+8X0OzdEl97NGOPtmT9w== +PublicExponent: AQAAAAE= +PrivateExponent: f7ufWzg6L93T6LUD9P4Enjv0YvfQoIAJwO3OLdaMTuvz7ehqy+FWuAzy4fQwBxr768pDWv/EZqpqPuDIifUCUQ== +Prime1: 50l7b5UFq5ejhH7Y/ZTA03M0JMZiIQDrpJdWL89sn6M= +Prime2: 178TrVx2Of4cF18K9sbgdrbQCL82IotrErwo5YAsb50= +Exponent1: Gs/D3DZdG7gy9INcfyIBH8pOHkcITjxJQbEJotYtp48= +Exponent2: xVkRB61kvgdvwcowk4UnL6FqBPi5p9Jk1AlNteSksMU= +Coefficient: Z9dHWKQ4b7QgZt5kzJNs4gW4iZPvD2pdm31V0jEbPoA= diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.key b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.key new file mode 100644 index 0000000..9c7c36c --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.key @@ -0,0 +1,3 @@ +;% generationtime=20080726221746 +;% lifetime=5d +sub.example.de. IN DNSKEY 257 3 5 BQEAAAABpL4/T8z6mCbTm46Y9+KJOgCAk+dGHBoyg75N1f0lwYSZOLyy yOLWwDxlsfkb5WwvZ1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicdIMSv jmOWVBR0GsEb+reREu5X0sdZbqOuxT6CkKoTXRpRZgU9ouus6W5bSWQA fdQIegTBBKk= diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.private b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.private new file mode 100644 index 0000000..3e39f5a --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: pL4/T8z6mCbTm46Y9+KJOgCAk+dGHBoyg75N1f0lwYSZOLyyyOLWwDxlsfkb5WwvZ1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicdIMSvjmOWVBR0GsEb+reREu5X0sdZbqOuxT6CkKoTXRpRZgU9ouus6W5bSWQAfdQIegTBBKk= +PublicExponent: AQAAAAE= +PrivateExponent: CrFKdhkCOgyF27Jc4GPfo7A6v2q0OgRE2nBdkw7XFUEADEHSVLA6XYUm3AZmAOWxTmrGU8EK+76hfC22DjA6O0BljTNdxLB5cGRL2Dxey603jCIEVt/ahIqyb2STr0pWYEVc3qAKJL93iP4v5r7fJt157sJhQF8F5Zpqj24QvmE= +Prime1: 1EpVvo011F2qgjesKSKplhqtvbmRPjTuhijb7531zIbxDzBF+lXCDyjt3Y/LrWS240t74vbZpo9FUZIETIf/FQ== +Prime2: xqm8Bk18u2WJZ9uUr+/MMPKfh6OgAFqtBwFi81FFJ62kHGL9i8AcychE9tD5IRu74KLCGW+Vk87lyLOF3WU0RQ== +Exponent1: JmLNa+QmMjHVDmAM833bF024/+NIyZgfNSDLnGXxTqYZ3PK/llLHIwBChLMKAQgFvt5PP0id1Nkc9N16xjkuFQ== +Exponent2: rZW7rMmQxQQRHD8TKQTAhCX+31n8jnq7gW9dyVpjY85GDuQe6+3rox6xvsMfUzEOgXk1lgnm46FAIHOH6DhMuQ== +Coefficient: MPoirwMUkLzLWeynO1Izy+lff70hnDnOcZEckS+Sy1TlUkk22uHBF4uNLkgoF26XqeKzK9pG1rCGfccfWTCayQ== diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dlvset-sub.example.de. b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dlvset-sub.example.de. new file mode 100644 index 0000000..c392b9a --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dlvset-sub.example.de. @@ -0,0 +1,2 @@ +sub.example.de.dlv.trusted-keys.net. IN DLV 40998 5 1 1414E9C46F367D787EEF2EC91E1FC66DD087AEAE +sub.example.de.dlv.trusted-keys.net. IN DLV 40998 5 2 6FE53984AB75C31A06778E9944F8CDB4790527D36BBD08CC1E90DA7A E32EEE5F diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnskey.db b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnskey.db new file mode 100644 index 0000000..e922c18 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnskey.db @@ -0,0 +1,35 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by dnssec-signer. +; +; Last generation time Jul 31 2008 13:16:45 +; + +; *** List of Key Signing Keys *** +; sub.example.de. tag=40998 algo=RSASHA1 generated Jul 27 2008 00:17:46 +sub.example.de. 3600 IN DNSKEY 257 3 5 ( + BQEAAAABpL4/T8z6mCbTm46Y9+KJOgCAk+dGHBoyg75N1f0lwYSZOLyy + yOLWwDxlsfkb5WwvZ1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicdIMSv + jmOWVBR0GsEb+reREu5X0sdZbqOuxT6CkKoTXRpRZgU9ouus6W5bSWQA + fdQIegTBBKk= + ) ; key id = 40998 + +; *** List of Zone Signing Keys *** +; sub.example.de. tag=51977 algo=RSAMD5 generated Jul 29 2008 12:44:04 +sub.example.de. 3600 IN DNSKEY 256 3 1 ( + BQEAAAABrPRVqWxFqCoVRrtQ8XYrbeogdBKBvEus359hPgFqYdGHvR1K + kyl8EhioksP/Tze5cGBHTSFCjIh+lGMPEssJCQ== + ) ; key id = 51977 + +; sub.example.de. tag=19793 algo=RSAMD5 generated Jul 29 2008 12:44:05 +sub.example.de. 3600 IN DNSKEY 256 3 1 ( + BQEAAAABny2+yO3erGn/4hCJyG031zbeZa91KPPsQRfqgx3eNgyaQjfD + 7NTKuAfJjbSTbHnvXF008duYET+UU9+hS01RIw== + ) ; key id = 19793 + +; sub.example.de. tag=55699 algo=RSAMD5 generated Jul 31 2008 13:16:45 +sub.example.de. 3600 IN DNSKEY 256 3 1 ( + BQEAAAABwutYROLC3W5wyq8jZEN7Fjgn2bLMoUAVJoteHeTZgfc11ekm + /T+TEsR0L1Eazfc/MP+8X0OzdEl97NGOPtmT9w== + ) ; key id = 55699 + diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnssec.conf b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnssec.conf new file mode 100644 index 0000000..d7d33ca --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnssec.conf @@ -0,0 +1,17 @@ +## +## dnssec-zkt v0.4 (c) Jan 2005 hoz <at> hznet <dot> de ## +## + +resigninterval 36h +sigvalidity 2d +max_ttl 90s + +ksk_lifetime 5d +ksk_algo RSASHA1 +ksk_bits 1024 + +zsk_lifetime 2d +zsk_algo RSAMD5 +zsk_bits 512 + +dlv_domain "dlv.trusted-keys.net" diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dsset-sub.example.de. b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dsset-sub.example.de. new file mode 100644 index 0000000..b8ec77b --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dsset-sub.example.de. @@ -0,0 +1,2 @@ +sub.example.de. IN DS 40998 5 1 1414E9C46F367D787EEF2EC91E1FC66DD087AEAE +sub.example.de. IN DS 40998 5 2 6FE53984AB75C31A06778E9944F8CDB4790527D36BBD08CC1E90DA7A E32EEE5F diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./keyset-sub.example.de. b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./keyset-sub.example.de. new file mode 100644 index 0000000..04ed33a --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./keyset-sub.example.de. @@ -0,0 +1,8 @@ +$ORIGIN . +sub.example.de 7200 IN DNSKEY 257 3 5 ( + BQEAAAABpL4/T8z6mCbTm46Y9+KJOgCAk+dG + HBoyg75N1f0lwYSZOLyyyOLWwDxlsfkb5Wwv + Z1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicd + IMSvjmOWVBR0GsEb+reREu5X0sdZbqOuxT6C + kKoTXRpRZgU9ouus6W5bSWQAfdQIegTBBKk= + ) ; key id = 40998 diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db new file mode 100644 index 0000000..05489a4 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db @@ -0,0 +1,25 @@ +;----------------------------------------------------------------- +; +; @(#) sub.example.de/zone.db +; +;----------------------------------------------------------------- + +$TTL 7200 + +@ IN SOA ns1.example.de. hostmaster.example.de. ( + 2008073101; Serial (up to 10 digits) + 86400 ; Refresh (RIPE recommendation if NOTIFY is used) + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + + IN NS ns1.example.de. + +$INCLUDE dnskey.db + +localhost IN A 127.0.0.1 + +a IN A 1.2.3.4 +b IN A 1.2.3.5 +c IN A 1.2.3.6 diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db.signed b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db.signed new file mode 100644 index 0000000..d607de5 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db.signed @@ -0,0 +1,108 @@ +; File written on Thu Jul 31 13:16:45 2008 +; dnssec_signzone version 9.5.1b1 +sub.example.de. 7200 IN SOA ns1.example.de. hostmaster.example.de. ( + 2008073101 ; serial + 86400 ; refresh (1 day) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 1 3 7200 20080802100259 ( + 20080731101645 19793 sub.example.de. + d/lRqmf+AWENEHoKbG+ABspEFH0UEHsyue0o + DPPUzkAw/gZcHcwoCuf4AsbUYHz1HKyHjeUz + g2+AsH8mPZKGvg== ) + 7200 NS ns1.example.de. + 7200 RRSIG NS 1 3 7200 20080802095409 ( + 20080731101645 19793 sub.example.de. + VoXeajFhxMQjwVXspcxBN/lfM1R6hc1fIVdV + HjWlw0RSeCL7fBOY54HOIWcu6jHegMrjuB9y + KTOgEwv3r8kOiw== ) + 7200 NSEC a.sub.example.de. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 1 3 7200 20080802095639 ( + 20080731101645 19793 sub.example.de. + cmhtmISCv2bbpBkgwyMuKNnlrNsJ3GViYUxT + lhQ8ASHjNH74mIuenBIGy+w3RxyDzoMk1w6Y + J0qpEvDF3FNvRQ== ) + 3600 DNSKEY 256 3 1 ( + BQEAAAABny2+yO3erGn/4hCJyG031zbeZa91 + KPPsQRfqgx3eNgyaQjfD7NTKuAfJjbSTbHnv + XF008duYET+UU9+hS01RIw== + ) ; key id = 19793 + 3600 DNSKEY 256 3 1 ( + BQEAAAABrPRVqWxFqCoVRrtQ8XYrbeogdBKB + vEus359hPgFqYdGHvR1Kkyl8EhioksP/Tze5 + cGBHTSFCjIh+lGMPEssJCQ== + ) ; key id = 51977 + 3600 DNSKEY 256 3 1 ( + BQEAAAABwutYROLC3W5wyq8jZEN7Fjgn2bLM + oUAVJoteHeTZgfc11ekm/T+TEsR0L1Eazfc/ + MP+8X0OzdEl97NGOPtmT9w== + ) ; key id = 55699 + 3600 DNSKEY 257 3 5 ( + BQEAAAABpL4/T8z6mCbTm46Y9+KJOgCAk+dG + HBoyg75N1f0lwYSZOLyyyOLWwDxlsfkb5Wwv + Z1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicd + IMSvjmOWVBR0GsEb+reREu5X0sdZbqOuxT6C + kKoTXRpRZgU9ouus6W5bSWQAfdQIegTBBKk= + ) ; key id = 40998 + 3600 RRSIG DNSKEY 1 3 3600 20080802100935 ( + 20080731101645 19793 sub.example.de. + WU1UIuqpuCLRe/46p4u2eqEvKrfsBvKpzKmx + TLG2AX+AOxWhRH5CqZ1zDiKUd+Xu6ekGxB/g + ZOu0rsPqvux2PA== ) + 3600 RRSIG DNSKEY 5 3 3600 20080802100334 ( + 20080731101645 40998 sub.example.de. + WW23Oq06HTSt5R/4Ds/nOl1n0Egsbf4bztB8 + MZQAv6khorlDzmy3B4WPG1f79yuc26Zb6/Z9 + QxNH0s68kp3X/eBR7FTEfHehsKaoRtaxldhz + V0VjOKI2iu4mhA6n/P0bAEhfxFxxde5tymP/ + Od6//GN4UmNi9LCwWtLbGnF4Gpc= ) +a.sub.example.de. 7200 IN A 1.2.3.4 + 7200 RRSIG A 1 4 7200 20080802095159 ( + 20080731101645 19793 sub.example.de. + LxVthdAkEiBec6khr63+rufhSwtByBNvff8e + HEG/m+yusTBVqVoUp987aabxqaeW5v6f4GaB + 4iK4mspVH4Md7A== ) + 7200 NSEC b.sub.example.de. A RRSIG NSEC + 7200 RRSIG NSEC 1 4 7200 20080802100843 ( + 20080731101645 19793 sub.example.de. + HEqR2LChtQD2AeGCBhCsCemP3kjwAGi3RIXu + UpklHVo44Yu+JINnO/jxZ61CtlvBaZ25dpjt + 4ldl+d6z3bs4pQ== ) +b.sub.example.de. 7200 IN A 1.2.3.5 + 7200 RRSIG A 1 4 7200 20080802095415 ( + 20080731101645 19793 sub.example.de. + eLTaD1maS++Py3rybVftMtz0V8QnJenAH6tQ + PIcoZElIaLt8DGfwJYPmIPJlhwNlyqJH7d2A + SDEWBEFsFCnMkg== ) + 7200 NSEC c.sub.example.de. A RRSIG NSEC + 7200 RRSIG NSEC 1 4 7200 20080802094836 ( + 20080731101645 19793 sub.example.de. + nHvo1ValqHljlwCiPI51hdl0lnd5WiDIHbo7 + MMxxZrYLNAP9ECK5DCzht9UrEGgIpI/MAvsU + 7S7eIlt0jBSehg== ) +c.sub.example.de. 7200 IN A 1.2.3.6 + 7200 RRSIG A 1 4 7200 20080802095037 ( + 20080731101645 19793 sub.example.de. + eVluthAz6YLAJWSaroRGuf5IsjhHoLz60Ot9 + 1KTnw9zAFU16H6vuQ/TIH7ZzHOT0CgdwawF5 + V0L4MAkK76H00w== ) + 7200 NSEC localhost.sub.example.de. A RRSIG NSEC + 7200 RRSIG NSEC 1 4 7200 20080802100135 ( + 20080731101645 19793 sub.example.de. + KRTIiVJPkQayfB8k6sIWyZPm6fqQAZbs8BQ4 + jz/EGrHj3oFPRULUpLMKUdLFAp0kU0qRqCwl + Ull//CFV9J272A== ) +localhost.sub.example.de. 7200 IN A 127.0.0.1 + 7200 RRSIG A 1 4 7200 20080802095833 ( + 20080731101645 19793 sub.example.de. + fXGLRIRCvK/Q9D+dQTia3HUe1xlVBwBL1vcY + wRWdvNQgXQnOkpGtcb9fjKXkPz34SirmyESh + 8kYWUvV1kghBzA== ) + 7200 NSEC sub.example.de. A RRSIG NSEC + 7200 RRSIG NSEC 1 4 7200 20080802101452 ( + 20080731101645 19793 sub.example.de. + EqI9jcbxtroVBCVrCLWezzcxNvwm2xl/1nCt + 6Nogs3WvBPpMExUX2tWvpJMV14vpFSW2qWQK + UoFq9NHsH2WSDw== ) diff --git a/contrib/zkt/examples/hierarchical/de./example.de./zone.db b/contrib/zkt/examples/hierarchical/de./example.de./zone.db new file mode 100644 index 0000000..c485181 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./zone.db @@ -0,0 +1,37 @@ +;----------------------------------------------------------------- +; +; @(#) example.de/zone.db +; +;----------------------------------------------------------------- + +$TTL 7200 + +; Be sure that the serial number below is left +; justified in a field of at least 10 chars!! +; 0123456789; +; It's also possible to use the date form e.g. 2005040101 +@ IN SOA ns1.example.de. hostmaster.example.de. ( + 258 ; Serial + 43200 ; Refresh + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + IN NS ns1.example.de. + IN NS ns2.example.de. + +ns1 IN A 1.0.0.5 + IN AAAA 2001:db8::53 +ns2 IN A 1.2.0.6 + +localhost IN A 127.0.0.1 + +; Delegation to secure zone; The DS resource record will +; be added by dnssec-signzone automatically if the +; keyset-sub.example.de file is present (run dnssec-signzone +; with option -g or use the dnssec-signer tool) ;-) +sub IN NS ns1.example.de. + +; this file will have all the zone keys +$INCLUDE dnskey.db + diff --git a/contrib/zkt/examples/hierarchical/de./example.de./zone.db.signed b/contrib/zkt/examples/hierarchical/de./example.de./zone.db.signed new file mode 100644 index 0000000..4b9b3dc --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./zone.db.signed @@ -0,0 +1,147 @@ +; File written on Tue Jul 29 12:44:06 2008 +; dnssec_signzone version 9.5.1b1 +example.de. 7200 IN SOA ns1.example.de. hostmaster.example.de. ( + 258 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 2 7200 20080808092956 ( + 20080729094406 35672 example.de. + UufM9vATUwvqXJjvgt9WGAytmMhd7Pz/3DK0 + 6a9uReXHcU4NcO0BhTP9chwXAQC5pI2ucRxs + /4p/Vc/L91wUMA== ) + 7200 NS ns1.example.de. + 7200 NS ns2.example.de. + 7200 RRSIG NS 5 2 7200 20080808091515 ( + 20080729094406 35672 example.de. + hpHATL81t7GASSKPPBuheQqBqXU688itETkN + QYfy/OwcE/7g+LvS1oHEBRds6neRkXxUpDa1 + hsdbbCDo6UuHSg== ) + 7200 NSEC localhost.example.de. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 2 7200 20080808092007 ( + 20080729094406 35672 example.de. + aN9cYobVe+qJ5Gw0GPMQI3V7vPQaF7cBuX6T + +yWZ/TAHhKcJYqbwOQH2XQar2s+JwckEMSdI + HFPySUOtQaNNxA== ) + 3600 DNSKEY 256 3 5 ( + BQEAAAABnRJdmY7dzRKi93pVkLToV5FK4Ffm + 8YnY0c6IHKcAmb5t8FLvpNijniIclCPXTpfi + o+HNa59a4UA8jTdJb+kT0w== + ) ; key id = 35672 + 3600 DNSKEY 256 3 5 ( + BQEAAAAByN2rMrazHwh+sNOv8cBef3HUotAQ + TS9QW4Y5NjNuyYNraJBAOqV8KSaGQqIhkh0Z + D0oIm2h0JowdyERZVj6ZZQ== + ) ; key id = 11867 + 3600 DNSKEY 257 3 5 ( + BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZo + RYpwDDuLzBcC7k+G1+wWdftyA1vBm5HMpyq0 + OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgM + zDDOYv+O1TQU4i3G+iONxB1RAwH/J2lA+U0z + Cbrdf0KLq/enNquchhPw4gCX0RB9HC+TkpoP + f2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+ + ONUcLAEt+w== + ) ; key id = 59244 + 3600 DNSKEY 257 3 5 ( + BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLt + utggFAJgBW5Ua7uzAR+7r/DcOE7IfjnT5FQh + bYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmX + DU9Ntu9TDp6X6ZXE11+cFdATa4TPnsAUMSxV + kLZanrbyACmcNr1gjT3dz6qIVBVPb5OnUldn + dbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVO + UNdJQGb9zQ== + ) ; key id = 41145 + 3600 DNSKEY 385 3 5 ( + BQEAAAABCyg92L7v21N3lc/gR07/2iLmvt6d + Un1KKauLvmkRuT040XT+Rd3Iq20iq6BqVPsP + S+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrM + L4D9Pp1dzgEDKWLam96v+E7KC0GGH/BI6/We + lqeqjS5BjI4Gjv4roaTyDCi63oXwcMFDVwrS + jws4A/5AGANka41Aky+UCGse6+64YmNP/QkS + XDAeBZqwrw== + ) ; key id = 17567 + 3600 RRSIG DNSKEY 5 2 3600 20080808092214 ( + 20080729094406 41145 example.de. + BMVp5vW7MgvrhoGfqQhdwGg1mBHNw4xnI+YX + XMYqOAMMRmFg7G6Vn+UcFmUoL1AdUKIdXPp7 + t30UREHQspELWmnLVdJ36HRmzk1eNgwLFuUM + l+Lr+KeoufJ2QlF4TWeItozv0pgmkxaOr0Im + fzRmWKs84rwautwY+R/b5wrCMfZt96/JPGA0 + 4JWDls1wJ7iR0LtiJxe7mvtNRZ5krPFKXBRz + nA== ) + 3600 RRSIG DNSKEY 5 2 3600 20080808092411 ( + 20080729094406 17567 example.de. + BmHQcJsmGmt7HZHqWPAHQuelDrWXASUy7tgc + W4RVIed4voZiHyvxfTPR3cldIWpdP2RqxMm8 + Dj5hlYRqnVt3phSSnwpczcPkfQD4meTqK0DJ + kpX/mBCMHedfvATKf82A9wri13/Zi97N6sTK + 4VZZIWaUH/YDYyMwxgK70+jU0m2N8Iebm3s6 + RshTMxAZjiSH29mgow/HSHtf+cnaTUGAr83P + ug== ) + 3600 RRSIG DNSKEY 5 2 3600 20080808093317 ( + 20080729094406 35672 example.de. + Q5UnfDMbzApCl/wOy9IDna25UVvjKhuV/dos + hFKPUArM4wDx9kJU5tc1Eatwh4MAXPM81kNW + 6DbiKMXJpO7biQ== ) +localhost.example.de. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 3 7200 20080808092724 ( + 20080729094406 35672 example.de. + JW8ScAtavvTR0fHI/ZDZTgARHSXM/QcLT+w6 + dl6kaeR/9JqxTKpKnH6mtYYdfqom4siJnZCI + D66sltGHW/er+Q== ) + 7200 NSEC ns1.example.de. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080808094047 ( + 20080729094406 35672 example.de. + XsTqHahVRcPPyrdffkdyBj0BFlTx2vkmfrvY + IIQcaNiUxrgZfyDBQ1GZbL4tDGK/ujValdz9 + s2s+6ISxxobC3A== ) +ns1.example.de. 7200 IN A 1.0.0.5 + 7200 RRSIG A 5 3 7200 20080808091743 ( + 20080729094406 35672 example.de. + ljYOmOC9r3RlsohXrHt40sIQuF98JSkRSFHb + xKlcToqEVSgxAKkMlwPKBQPaHtRdQhIVkxly + OpCYxAQSguB/MA== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 5 3 7200 20080808094144 ( + 20080729094406 35672 example.de. + nNchBWvoPtgRNxaz9bmFwvv/KtgloYq1SGti + 59yQFFm6ixY0p0l0d+U5nnwgI1iS5h0JGYqI + 0mOu0mNbxtt9gQ== ) + 7200 NSEC ns2.example.de. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080808092537 ( + 20080729094406 35672 example.de. + MgnxPyKHMqQXnmfjh5ffr0FRvgRyl7D56phx + xKzTquSXDECP5ORpDxvybixbvHvM8R59LjYH + 1OZ3fi+/kWVAJg== ) +ns2.example.de. 7200 IN A 1.2.0.6 + 7200 RRSIG A 5 3 7200 20080808091624 ( + 20080729094406 35672 example.de. + MkrwvOLYJQvoNFNeqtLOOmDnVFY0n7qdTOUL + Ia2stlfOn7r/7f4lKQTE5UMM+SBN2iizV4qc + SFFUxREAI5UGkQ== ) + 7200 NSEC sub.example.de. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080808094337 ( + 20080729094406 35672 example.de. + QE8DYRraVloZVQi2RTpYwxEY1P0u3ovHgC58 + AR1NiLtbQ0YCsPJZeIhVSXbdd8qLZzb5gsJ2 + 9AU6m1TfAa5WSw== ) +sub.example.de. 7200 IN NS ns1.example.de. + 7200 DS 40998 5 1 ( + 1414E9C46F367D787EEF2EC91E1FC66DD087 + AEAE ) + 7200 DS 40998 5 2 ( + 6FE53984AB75C31A06778E9944F8CDB47905 + 27D36BBD08CC1E90DA7AE32EEE5F ) + 7200 RRSIG DS 5 3 7200 20080808092142 ( + 20080729094406 35672 example.de. + cdyXeVNOD5TBuab8JFkwcf4GiS2n9F4tgct/ + ZedULbikEqO0CyJddPW3wSsNAZeP2tgXJNI8 + H6SutDh0IiR5MA== ) + 7200 NSEC example.de. NS DS RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080808091754 ( + 20080729094406 35672 example.de. + jkvn4NznbaH8S5PeWkPf/cHaq19kNav8Y78E + 3GVQHD3ApcDAMs8gImjRrJMT1lqSB7yCu/5f + k3CPfTs/+p/8Og== ) diff --git a/contrib/zkt/examples/hierarchical/de./keyset-example.de. b/contrib/zkt/examples/hierarchical/de./keyset-example.de. new file mode 100644 index 0000000..2b40c68 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./keyset-example.de. @@ -0,0 +1,28 @@ +$ORIGIN . +example.de 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZo + RYpwDDuLzBcC7k+G1+wWdftyA1vBm5HMpyq0 + OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgM + zDDOYv+O1TQU4i3G+iONxB1RAwH/J2lA+U0z + Cbrdf0KLq/enNquchhPw4gCX0RB9HC+TkpoP + f2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+ + ONUcLAEt+w== + ) ; key id = 59244 + 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLt + utggFAJgBW5Ua7uzAR+7r/DcOE7IfjnT5FQh + bYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmX + DU9Ntu9TDp6X6ZXE11+cFdATa4TPnsAUMSxV + kLZanrbyACmcNr1gjT3dz6qIVBVPb5OnUldn + dbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVO + UNdJQGb9zQ== + ) ; key id = 41145 + 7200 IN DNSKEY 385 3 5 ( + BQEAAAABCyg92L7v21N3lc/gR07/2iLmvt6d + Un1KKauLvmkRuT040XT+Rd3Iq20iq6BqVPsP + S+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrM + L4D9Pp1dzgEDKWLam96v+E7KC0GGH/BI6/We + lqeqjS5BjI4Gjv4roaTyDCi63oXwcMFDVwrS + jws4A/5AGANka41Aky+UCGse6+64YmNP/QkS + XDAeBZqwrw== + ) ; key id = 17567 diff --git a/contrib/zkt/examples/hierarchical/dnssec.conf b/contrib/zkt/examples/hierarchical/dnssec.conf new file mode 100644 index 0000000..12da654 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/dnssec.conf @@ -0,0 +1,40 @@ +# +# @(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de +# + +# dnssec-zkt options +Zonedir: "." +Recursive: True +PrintTime: False +PrintAge: True +LeftJustify: False + +# zone specific values +ResignInterval: 1w # (604800 seconds) +Sigvalidity: 10d # (864000 seconds) +Max_TTL: 6h # (21600 seconds) +Propagation: 5m # (300 seconds) +KEY_TTL: 1h # (3600 seconds) +Serialformat: incremental + +# signing key parameters +KSK_lifetime: 20d # (1728000 seconds) +KSK_algo: RSASHA1 # (Algorithm ID 5) +KSK_bits: 1300 +KSK_randfile: "/dev/urandom" +ZSK_lifetime: 4w # (2419200 seconds) +ZSK_algo: RSASHA1 # (Algorithm ID 5) +ZSK_bits: 512 +ZSK_randfile: "/dev/urandom" + +# dnssec-signer options +LogFile: "log" +LogLevel: "info" +SyslogFacility: "user" +SyslogLevel: "notice" +Keyfile: "dnskey.db" +Zonefile: "zone.db" +KeySetDir: ".." +DLV_Domain: "" +Sig_Pseudorand: True +Sig_Parameter: "-j 1800" diff --git a/contrib/zkt/examples/hierarchical/named.conf b/contrib/zkt/examples/hierarchical/named.conf new file mode 100644 index 0000000..8bd3f9d --- /dev/null +++ b/contrib/zkt/examples/hierarchical/named.conf @@ -0,0 +1,102 @@ +/***************************************************************** +** +** #(@) named.conf (c) 6. May 2004 (hoz) +** +*****************************************************************/ + +/***************************************************************** +** logging options +*****************************************************************/ +logging { + channel "named-log" { + file "/var/log/named" versions 3 size 2m; + print-time yes; + print-category yes; + print-severity yes; + severity info; + }; + channel "resolver-log" { + file "/var/log/named"; + print-time yes; + print-category yes; + print-severity yes; + severity debug 1; + }; + channel "dnssec-log" { +# file "/var/log/named-dnssec" ; + file "/var/log/named" ; + print-time yes; + print-category yes; + print-severity yes; + severity debug 3; + }; + category "dnssec" { "dnssec-log"; }; + category "default" { "named-log"; }; + category "resolver" { "resolver-log"; }; + category "client" { "resolver-log"; }; + category "queries" { "resolver-log"; }; +}; + +/***************************************************************** +** name server options +*****************************************************************/ +options { + directory "."; + + dump-file "/var/log/named_dump.db"; + statistics-file "/var/log/named.stats"; + + listen-on-v6 { any; }; + + query-source address * port 53; + transfer-source * port 53; + notify-source * port 53; + + recursion yes; + dnssec-enable yes; + edns-udp-size 4096; + +# dnssec-lookaside "." trust-anchor "trusted-keys.de."; + + querylog yes; + +}; + +/***************************************************************** +** include shared secrets... +*****************************************************************/ +/** for control sessions ... **/ +# include "rndc.key"; +controls { + inet 127.0.0.1 + allow { localhost; } + keys { "rndc-key"; }; + inet ::1 + allow { localhost; } + keys { "rndc-key"; }; +}; + +/***************************************************************** +** ... and trusted_keys +*****************************************************************/ +# include "trusted-keys.conf" ; + +/***************************************************************** +** root server hints and required 127 stuff +*****************************************************************/ +zone "." in { + type hint; + file "root.hint"; +}; + +zone "localhost" in { + type master; + file "localhost.zone"; +}; + +zone "0.0.127.in-addr.arpa" in { + type master; + file "127.0.0.zone"; +}; + +include "zone.conf"; diff --git a/contrib/zkt/examples/hierarchical/zone.conf b/contrib/zkt/examples/hierarchical/zone.conf new file mode 100644 index 0000000..6944d5a --- /dev/null +++ b/contrib/zkt/examples/hierarchical/zone.conf @@ -0,0 +1,10 @@ + +zone "example.de." in { + type master; + file "de./example.de./zone.db.signed"; +}; + +zone "sub.example.de." in { + type master; + file "de./example.de./sub.example.de./zone.db.signed"; +}; diff --git a/contrib/zkt/examples/views/dnssec-extern.conf b/contrib/zkt/examples/views/dnssec-extern.conf new file mode 100644 index 0000000..728dcc9 --- /dev/null +++ b/contrib/zkt/examples/views/dnssec-extern.conf @@ -0,0 +1,39 @@ +# +# @(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de +# + +# dnssec-zkt options +Zonedir: "extern" +Recursive: True +PrintTime: False +PrintAge: True +LeftJustify: False + +# zone specific values +ResignInterval: 1w # (604800 seconds) +Sigvalidity: 10d # (864000 seconds) +Max_TTL: 8h # (28800 seconds) +Propagation: 5m # (300 seconds) +KEY_TTL: 1h # (3600 seconds) +Serialformat: unixtime + +# signing key parameters +KSK_lifetime: 1y # (31536000 seconds) +KSK_algo: RSASHA1 # (Algorithm ID 5) +KSK_bits: 1300 +KSK_randfile: "/dev/urandom" +ZSK_lifetime: 30d # (2592000 seconds) +ZSK_algo: RSASHA1 # (Algorithm ID 5) +ZSK_bits: 512 +ZSK_randfile: "/dev/urandom" + +# dnssec-signer options +LogFile: "zkt-ext.log" +LogLevel: "debug" +SyslogFacility: "none" +SyslogLevel: "notice" +VerboseLog: 2 +Keyfile: "dnskey.db" +Zonefile: "zone.db" +DLV_Domain: "" +Sig_Pseudorand: True diff --git a/contrib/zkt/examples/views/dnssec-intern.conf b/contrib/zkt/examples/views/dnssec-intern.conf new file mode 100644 index 0000000..d49fc94 --- /dev/null +++ b/contrib/zkt/examples/views/dnssec-intern.conf @@ -0,0 +1,39 @@ +# +# @(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de +# + +# dnssec-zkt options +Zonedir: "intern" +Recursive: True +PrintTime: False +PrintAge: True +LeftJustify: False + +# zone specific values +ResignInterval: 5h # (18000 seconds) +Sigvalidity: 1d # (86400 seconds) +Max_TTL: 30m # (1800 seconds) +Propagation: 1m # (60 seconds) +KEY_TTL: 30m # (1800 seconds) +Serialformat: unixtime + +# signing key parameters +KSK_lifetime: 1y # (31536000 seconds) +KSK_algo: RSASHA1 # (Algorithm ID 5) +KSK_bits: 1300 +KSK_randfile: "/dev/urandom" +ZSK_lifetime: 30d # (2592000 seconds) +ZSK_algo: RSASHA1 # (Algorithm ID 5) +ZSK_bits: 512 +ZSK_randfile: "/dev/urandom" + +# dnssec-signer options +LogFile: "zkt-int.log" +LogLevel: "debug" +SyslogFacility: "none" +SyslogLevel: "notice" +VerboseLog: 2 +Keyfile: "dnskey.db" +Zonefile: "zone.db" +DLV_Domain: "" +Sig_Pseudorand: True diff --git a/contrib/zkt/examples/views/dnssec-signer-extern b/contrib/zkt/examples/views/dnssec-signer-extern new file mode 100755 index 0000000..910e82a --- /dev/null +++ b/contrib/zkt/examples/views/dnssec-signer-extern @@ -0,0 +1,7 @@ +#!/bin/sh +# +# Shell script to start the dnssec-signer +# command out of the view directory +# + +ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-signer -V extern "$@" diff --git a/contrib/zkt/examples/views/dnssec-signer-intern b/contrib/zkt/examples/views/dnssec-signer-intern new file mode 100755 index 0000000..915ed15 --- /dev/null +++ b/contrib/zkt/examples/views/dnssec-signer-intern @@ -0,0 +1,7 @@ +#!/bin/sh +# +# Shell script to start the dnssec-signer +# command out of the view directory +# + +ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-signer -V intern "$@" diff --git a/contrib/zkt/examples/views/dnssec-zkt-extern b/contrib/zkt/examples/views/dnssec-zkt-extern new file mode 100755 index 0000000..129b4e1 --- /dev/null +++ b/contrib/zkt/examples/views/dnssec-zkt-extern @@ -0,0 +1,7 @@ +#!/bin/sh +# +# Shell script to start the dnssec-zkt command +# out of the view directory +# + +ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-zkt --view extern "$@" diff --git a/contrib/zkt/examples/views/dnssec-zkt-intern b/contrib/zkt/examples/views/dnssec-zkt-intern new file mode 100755 index 0000000..1836840 --- /dev/null +++ b/contrib/zkt/examples/views/dnssec-zkt-intern @@ -0,0 +1,7 @@ +#!/bin/sh +# +# Shell script to start the dnssec-zkt command +# out of the view directory +# + +ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-zkt --view intern "$@" diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.key b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.key new file mode 100644 index 0000000..54ba934 --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.key @@ -0,0 +1,3 @@ +;% generationtime=20080609231143 +;% lifetime=30d +example.net. IN DNSKEY 256 3 5 BQEAAAAB3U9DMT6BkywYADO+5p0lG4VFLLzNvJUMaOc++HqN2N1sKSX4 ZTf2V5gtamPZ/1kMrg8gYImKCl6n3K37EjXYBw== diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.published b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.published new file mode 100644 index 0000000..7240075 --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: 3U9DMT6BkywYADO+5p0lG4VFLLzNvJUMaOc++HqN2N1sKSX4ZTf2V5gtamPZ/1kMrg8gYImKCl6n3K37EjXYBw== +PublicExponent: AQAAAAE= +PrivateExponent: Q3TKb2j5AMk4wn9q5vvgtEy7o1VAhCvv/Nw3QRpXi7xGeHb7WJHj2ia2I44vQQk9fB+Kck1M8KNRMgYt0d0xCQ== +Prime1: 7l4yn7VYrTSOaZu+lubsFvE+JB7asyYyymAEQeod2p0= +Prime2: 7a4LEAmrtZTI/PHjdk/Ij/hbpDmtOe1H0lnWTVG+GfM= +Exponent1: DTpyBBW39+d9b8LqCo7hJf5KQ3oVw9tdnUuHNstGZd0= +Exponent2: b+aBbhRPr/a9ZCNM2JTjZJrrSebtMQCy1GcE33o64HM= +Coefficient: UdvxnKd2GL6In82yHG40rU35WTZ2SUYQ+1mfz3DQqnE= diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.key b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.key new file mode 100644 index 0000000..ec11dcb --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.key @@ -0,0 +1 @@ +example.net. IN DNSKEY 257 3 5 BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOFYGhCjijN109fVGJ4KDnI ZtLhoFrOKru9rZn+pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN19mQ uwvlasJhZPv9pjROPqQGnqLaw3O4OKCY9HgTTPdXK1hQ4Mg2rNU4SM2T u5ki91f5AQqiXF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM6DaiC6E1 sQ== diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.private b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.private new file mode 100644 index 0000000..ea29447 --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: DEEycfY6uqWNTpQO8ygi9xms6NOFYGhCjijN109fVGJ4KDnIZtLhoFrOKru9rZn+pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN19mQuwvlasJhZPv9pjROPqQGnqLaw3O4OKCY9HgTTPdXK1hQ4Mg2rNU4SM2Tu5ki91f5AQqiXF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM6DaiC6E1sQ== +PublicExponent: AQAAAAE= +PrivateExponent: A3ZXTF8afjlxddgO/sDxotc0XLBMa3sNrXhCpdFzeDV1HszZbz1lP8rrZjA1wQgSo56DjiGRKTsHjAAm4xN1lGYKBZuVF4U3uiWie2PhJStt7kckNduKOfV9Nofow5Jh8I2lXKqcOJ8Qd+EJYIsajdBoGQ72PGGfDaHphbN/mW13n59PlilMF4RRRybcMA6jTAOfvIcv5Mes3+ADh0TktHdHQQ== +Prime1: A+SKyrgtNzGVpAXPQysMQ9O/10B/+nhy6//1F5Epxihyuln+d2euh+TjVneojx4D2JUflDUSD5BQAdflDb+KiBXdQjBEmqfWwY+INwSQzv4M5Q== +Prime2: AyXovkiIs7ywIRS6FfRolMMUeh3yeYNtCVAvLB6EC2MiNCzfkDOFB7rpmUkZR8HYUWuz1hQfR781RDO81Sp3RIpSyL7SwOqkpMZyaSgK/GKE3Q== +Exponent1: D1vC405mkcUVfno92EuBXomRiOG7VeSyjwofgCpa0JKR6J2BThdCGrcVbq68ucIddn+cbkD8JsZB3k4aeDYFxm6d1En1Z2C1cVHrzCFi2zFV +Exponent2: N+iliM1Qp3spcsR06kXImb/N4FosHrZkXtcbRIMWhV8NBcyqLDIfGlNluaiztv4rf6Kn2UyVeiGC822nqZHcW5PiXJnBEWs9AC4Di1QzZh0h +Coefficient: AtZ4sYqGgyB5kfdcQBBlIkPbsRRNKrUVAsZkjabdZTQa+ox6tYnlVjh7BgPMHJlj/Z4VTRJ5rfAUPnB4ZwO/r1eAJLd+vxjJb9M7DaGMc+RqQA== diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.key b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.key new file mode 100644 index 0000000..1809a93 --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.key @@ -0,0 +1,4 @@ +;% generationtime=20071217224527 +;% lifetime=30 +;% expiretime=20080116224527 +example.net. IN DNSKEY 256 3 5 BQEAAAABsQvn4MXvSlbajLPMJdGnczsX/Zw5yYSeERYtaO2Wxi+kHz6w iAyKkbBYFUGtmbPJ6JFt+4f9KnNPi1txiBg76Q== diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.private b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.private new file mode 100644 index 0000000..ca789eb --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: sQvn4MXvSlbajLPMJdGnczsX/Zw5yYSeERYtaO2Wxi+kHz6wiAyKkbBYFUGtmbPJ6JFt+4f9KnNPi1txiBg76Q== +PublicExponent: AQAAAAE= +PrivateExponent: fZs/S7/pOPP1C9Jjdb7KhnbfiLfCIXdc7d8LDWmm7d9rL2kZK77WMp+o5WRQhoIDDQPAdv+phoIdFEIiXKLN8Q== +Prime1: 6NEgG3Z86nn9fNjG+3E9OqF/7oaCvrVnb1XogalZgr0= +Prime2: wq0aosO1mWXo38HuxO5JiR2mX/9LWjxxqwK6I9gnJp0= +Exponent1: ZvI2y//PImr1OqeVLoWfFHop2iorgT4+SYiz1Gw9FME= +Exponent2: TBUeoolmnFcOfWO6T1v0S6za7LEib2H1Pgt95UvDA40= +Coefficient: eHmKka0EVRfjDfEpcwRp5nZ36ZHfLxuKF5tGQ1YclBI= diff --git a/contrib/zkt/examples/views/extern/example.net./dnskey.db b/contrib/zkt/examples/views/extern/example.net./dnskey.db new file mode 100644 index 0000000..d46eff9 --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./dnskey.db @@ -0,0 +1,30 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by dnssec-signer. +; +; Last generation time Jun 12 2008 17:56:05 +; + +; *** List of Key Signing Keys *** +; example.net. tag=23553 algo=RSASHA1 generated Nov 20 2007 12:49:04 +example.net. 3600 IN DNSKEY 257 3 5 ( + BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOFYGhCjijN109fVGJ4KDnI + ZtLhoFrOKru9rZn+pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN19mQ + uwvlasJhZPv9pjROPqQGnqLaw3O4OKCY9HgTTPdXK1hQ4Mg2rNU4SM2T + u5ki91f5AQqiXF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM6DaiC6E1 + sQ== + ) ; key id = 23553 + +; *** List of Zone Signing Keys *** +; example.net. tag=35744 algo=RSASHA1 generated Jun 10 2008 01:11:43 +example.net. 3600 IN DNSKEY 256 3 5 ( + BQEAAAABsQvn4MXvSlbajLPMJdGnczsX/Zw5yYSeERYtaO2Wxi+kHz6w + iAyKkbBYFUGtmbPJ6JFt+4f9KnNPi1txiBg76Q== + ) ; key id = 35744 + +; example.net. tag=10367 algo=RSASHA1 generated Jun 10 2008 01:11:43 +example.net. 3600 IN DNSKEY 256 3 5 ( + BQEAAAAB3U9DMT6BkywYADO+5p0lG4VFLLzNvJUMaOc++HqN2N1sKSX4 + ZTf2V5gtamPZ/1kMrg8gYImKCl6n3K37EjXYBw== + ) ; key id = 10367 + diff --git a/contrib/zkt/examples/views/extern/example.net./dsset-example.net. b/contrib/zkt/examples/views/extern/example.net./dsset-example.net. new file mode 100644 index 0000000..cbcd3d0 --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./dsset-example.net. @@ -0,0 +1,2 @@ +example.net. IN DS 23553 5 1 A1A6D06CB84D619730F605AEF2A6DD4148DD9D5B +example.net. IN DS 23553 5 2 B0DCAB8A32C230495CEC1FD61CEC03849450909CA6636FD9BC53D1B3 3B4F3A2D diff --git a/contrib/zkt/examples/views/extern/example.net./keyset-example.net. b/contrib/zkt/examples/views/extern/example.net./keyset-example.net. new file mode 100644 index 0000000..b845245 --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./keyset-example.net. @@ -0,0 +1,10 @@ +$ORIGIN . +example.net 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOF + YGhCjijN109fVGJ4KDnIZtLhoFrOKru9rZn+ + pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN + 19mQuwvlasJhZPv9pjROPqQGnqLaw3O4OKCY + 9HgTTPdXK1hQ4Mg2rNU4SM2Tu5ki91f5AQqi + XF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM + 6DaiC6E1sQ== + ) ; key id = 23553 diff --git a/contrib/zkt/examples/views/extern/example.net./zone.db b/contrib/zkt/examples/views/extern/example.net./zone.db new file mode 100644 index 0000000..4c72928 --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./zone.db @@ -0,0 +1,33 @@ +;----------------------------------------------------------------- +; +; @(#) extern/example.net/zone.db +; +;----------------------------------------------------------------- + +$TTL 7200 + +@ IN SOA ns1.example.net. hostmaster.example.net. ( + 0 ; Serial + 43200 ; Refresh + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + IN NS ns1.example.net. + IN NS ns2.example.net. + +ns1 IN A 1.0.0.5 + IN AAAA 2001:db8::53 +ns2 IN A 1.2.0.6 + +localhost IN A 127.0.0.1 + +; Delegation to secure zone; The DS resource record will +; be added by dnssec-signzone automatically if the +; keyset-sub.example.net file is present (run dnssec-signzone +; with option -g or use the dnssec-signer tool) ;-) +sub IN NS ns1.example.net. + +; this file will have all the zone keys +$INCLUDE dnskey.db + diff --git a/contrib/zkt/examples/views/extern/example.net./zone.db.signed b/contrib/zkt/examples/views/extern/example.net./zone.db.signed new file mode 100644 index 0000000..c0e2801 --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./zone.db.signed @@ -0,0 +1,109 @@ +; File written on Thu Jun 12 17:56:06 2008 +; dnssec_signzone version 9.5.0 +example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 1213286165 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 2 7200 20080622145605 ( + 20080612145605 35744 example.net. + iSF46kemTmJ62ipRyAzcVF0zlND4ZXdMSzAg + wGLfXN1xlgt0IwB8ypP1OjDyUx+YwBpbMlJt + tFsswvYaZtP11Q== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 5 2 7200 20080622145605 ( + 20080612145605 35744 example.net. + fmC9BXzFcy6TRXixIHk51TYTetGd69YcRguc + VlqTalvPJTJ99nKkRS5HdP2CZPJqv9bHOmSO + yQibjS4TA5Pr3g== ) + 7200 NSEC localhost.example.net. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 2 7200 20080622145605 ( + 20080612145605 35744 example.net. + kimcFA1awlsIou/66y2XLByBWKc2e7Wm8vis + Pz/i0NS4NFoe+oSKIeIjUorWOSf5AkpxxntV + 91i/sxof6bc61w== ) + 3600 DNSKEY 256 3 5 ( + BQEAAAABsQvn4MXvSlbajLPMJdGnczsX/Zw5 + yYSeERYtaO2Wxi+kHz6wiAyKkbBYFUGtmbPJ + 6JFt+4f9KnNPi1txiBg76Q== + ) ; key id = 35744 + 3600 DNSKEY 256 3 5 ( + BQEAAAAB3U9DMT6BkywYADO+5p0lG4VFLLzN + vJUMaOc++HqN2N1sKSX4ZTf2V5gtamPZ/1kM + rg8gYImKCl6n3K37EjXYBw== + ) ; key id = 10367 + 3600 DNSKEY 257 3 5 ( + BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOF + YGhCjijN109fVGJ4KDnIZtLhoFrOKru9rZn+ + pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN + 19mQuwvlasJhZPv9pjROPqQGnqLaw3O4OKCY + 9HgTTPdXK1hQ4Mg2rNU4SM2Tu5ki91f5AQqi + XF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM + 6DaiC6E1sQ== + ) ; key id = 23553 + 3600 RRSIG DNSKEY 5 2 3600 20080622145605 ( + 20080612145605 23553 example.net. + Bfg8AMvj3OmC7E5aMCfotsdL4eJ+hPqtH30E + +aGEJojZNgfhnSKZrolMJa5fij4oZ+Fp8U+a + V73egxkrYI+NnddGRVium+vT6NDVknYl6hx0 + kgKmZ8oYMulF8CCmTaw6WXswIX0j/7e17Qtw + ZjbkWZagIXWotE5t0qel3doAQ37ZUaKMMAoc + SRgJ8s+w7OZ86f1kWyGNdhYeF8yY3AraSx7h + fg== ) + 3600 RRSIG DNSKEY 5 2 3600 20080622145605 ( + 20080612145605 35744 example.net. + SrsmKW7eB+zWA+8j2DvlDktthDusinJP4QKV + ihsJN1Gq8fTcHsFX2+3EJLyGZfhKyW7Q5Z1W + dIM4sjx78Zjh5Q== ) +localhost.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 3 7200 20080622145605 ( + 20080612145605 35744 example.net. + DUWSV0Wj/h1U4idKUoDLB+NXgj8M9et1E8BP + X0lhAu4CMrPhsiFU1NN+N3bhC16u7S+xxeEI + N/c7vC223ejn8A== ) + 7200 NSEC ns1.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080622145605 ( + 20080612145605 35744 example.net. + qQ7FB0+O9Ve88VblRspGAm28JXurNAQ23HX9 + rkmbFLL/Z7Xp7xO2899oJZrgHl3CWLcKRBV+ + P50QYwYXET3byw== ) +ns1.example.net. 7200 IN A 1.0.0.5 + 7200 RRSIG A 5 3 7200 20080622145605 ( + 20080612145605 35744 example.net. + qv8y5gEQg/5BpSTMoZvwW6AAzMIxT34ds4VK + QQ9ScfVYOwtKigsaFmr8Zs97R946rl5vh/cs + w8uw5x6/1ECflg== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 5 3 7200 20080622145605 ( + 20080612145605 35744 example.net. + T5MtLR9ZY0e6PKk+nU9cjRpSAWaccH2bGjzI + aYEvKRFcLQ0QPDww8gBZNimYL+BYfCSysyXz + LNjR7KqYQxrXmg== ) + 7200 NSEC ns2.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080622145605 ( + 20080612145605 35744 example.net. + IlRZWwLVtf7oalaLBCMbqH4pxgqCJ7f0wQzO + ftS2jhMGVez+q7SgO8Vpw5f+vhNiSWe6noiN + ogRV1rxohxDyCw== ) +ns2.example.net. 7200 IN A 1.2.0.6 + 7200 RRSIG A 5 3 7200 20080622145605 ( + 20080612145605 35744 example.net. + NR3Nkw9U12uZcZs8ChTY+u3a0QisLV/5okqR + Cy1Jpg8YkEzBJ0nEdxoGX6WUtnb0u5Kjxea1 + iTZYEXffLBchmw== ) + 7200 NSEC sub.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080622145605 ( + 20080612145605 35744 example.net. + eM1ckSfeiEg6pV8JxJEEkDeDo04i1iblO6a1 + pWydc4IGMH0vaCuGHvLlfCmSOZK7TWMFSLJN + SqabEFO1114AyQ== ) +sub.example.net. 7200 IN NS ns1.example.net. + 7200 NSEC example.net. NS RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080622145605 ( + 20080612145605 35744 example.net. + nwfqNjzYHKtWWsJgoiM9ZQFY9UKHMS6pkyNB + ISgm6pTLeG9QXuwf9vTrtfvhPYAp5DRz96AT + db/3/DXIwUnMnA== ) diff --git a/contrib/zkt/examples/views/extern/zkt-ext.log b/contrib/zkt/examples/views/extern/zkt-ext.log new file mode 100644 index 0000000..04fa4fb --- /dev/null +++ b/contrib/zkt/examples/views/extern/zkt-ext.log @@ -0,0 +1,28 @@ +2008-06-12 17:59:04.194: notice: running as ../../dnssec-signer -V extern -v -v +2008-06-12 17:59:04.195: debug: parsing zone "example.net." in dir "extern/example.net." +2008-06-12 17:59:04.196: debug: Check RFC5011 status +2008-06-12 17:59:04.196: debug: ->ksk5011status returns 0 +2008-06-12 17:59:04.196: debug: Check ksk status +2008-06-12 17:59:04.196: debug: Re-signing not necessary! +2008-06-12 17:59:04.196: notice: end of run: 0 errors occured +2008-06-12 17:59:17.435: notice: running as ../../dnssec-signer -V extern -v -v +2008-06-12 17:59:17.436: debug: parsing zone "example.net." in dir "extern/example.net." +2008-06-12 17:59:17.436: debug: Check RFC5011 status +2008-06-12 17:59:17.436: debug: ->ksk5011status returns 0 +2008-06-12 17:59:17.436: debug: Check ksk status +2008-06-12 17:59:17.436: debug: Re-signing not necessary! +2008-06-12 17:59:17.436: notice: end of run: 0 errors occured +2008-06-12 18:00:07.818: notice: running as ../../dnssec-signer -V extern -v -v +2008-06-12 18:00:07.819: debug: parsing zone "example.net." in dir "extern/example.net." +2008-06-12 18:00:07.819: debug: Check RFC5011 status +2008-06-12 18:00:07.819: debug: ->ksk5011status returns 0 +2008-06-12 18:00:07.819: debug: Check ksk status +2008-06-12 18:00:07.819: debug: Re-signing not necessary! +2008-06-12 18:00:07.819: notice: end of run: 0 errors occured +2008-06-12 18:00:39.019: notice: running as ../../dnssec-signer -V extern -v -v +2008-06-12 18:00:39.020: debug: parsing zone "example.net." in dir "extern/example.net." +2008-06-12 18:00:39.020: debug: Check RFC5011 status +2008-06-12 18:00:39.020: debug: ->ksk5011status returns 0 +2008-06-12 18:00:39.020: debug: Check ksk status +2008-06-12 18:00:39.020: debug: Re-signing not necessary! +2008-06-12 18:00:39.020: notice: end of run: 0 errors occured diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.key b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.key new file mode 100644 index 0000000..316e4cf --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.key @@ -0,0 +1 @@ +example.net. IN DNSKEY 257 3 5 BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7PkkgRDlXyxESD+XkpVDkJ3W ey/1Lh7083Ve1WmIuUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS5JqI wF9BTNrNPGLPzzbBaQMHErO88HIbbg4sot7e6bSrtpAEf23MhZ3qZJC9 +nN+DknmsgTE6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4QgrOD6IYq Lw== diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.private b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.private new file mode 100644 index 0000000..96e1ff6 --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: C+JLXRgWPqqGe0cta8CR95tz7PkkgRDlXyxESD+XkpVDkJ3Wey/1Lh7083Ve1WmIuUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS5JqIwF9BTNrNPGLPzzbBaQMHErO88HIbbg4sot7e6bSrtpAEf23MhZ3qZJC9+nN+DknmsgTE6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4QgrOD6IYqLw== +PublicExponent: AQAAAAE= +PrivateExponent: CF6/bss8OtQFdcjO6kJh9EamPFXAsaXFCdcYpHF55CU4H3jBuu7teLFEanvgm6M+wROYF0Yohiyb2aeSBdGLRIfTC9l3xfHD+XixuZVoNk6DqR1/8Wlxwu/a/hW9dq7pUXqDfTbzdZKR6SVRPa4MAdQ0p8aSF4S926NRqZC6E/anqhqNPSlBpxTs3TrRk+wY6u8wMXxPGNjJYoID8Y0Qau/H6Q== +Prime1: A50B7etEtQCDudL8+KBxU1/2sVT3ORMfoZPsOe+ZLFrwcOO9Iyrr6saymuD4QvcIHECdLUM5rsT1JBo87wgvVysibco7oVLxlIfsTcbM70l2Kw== +Prime2: A0n3+qM3ng3WAFzlpYRNUZpH/CW1pMq3nOHjx2olWwDxDZ4tAsUPKuW9n3kVZAR+4FkeUKn2ePR7xRtO3AzvA6QmZuZN6EHuLPlSKRufzeZ+DQ== +Exponent1: Hk5KY5PiXs6pf8T8rSvVs6PJqDX491R01ZDdAIDYjmhIUHKWQ2STAlPEpSAGXi+oqOo4dD1eJWgw36hT0JakjXU4aIvPoSdmVPMs8aod0NUh +Exponent2: AXKBZ5sYApCCj/0fGBTkmU6Zc89/ddQNrFm2lVLrwSTILHQWm/aXDvI+5icpF5kdrukVcNHUeCz1R/RTgeV4N9/qvr5YzbPWieqDNvpG1RcNRQ== +Coefficient: BZxK+fKwUNWoJ5huBqLsi8UMWgrCMqAfXvge4+Y4n4IL0VCU1UUEXZQEEeiATh0g52CuetOMej6FZ4QKbNryWg036ZKl81ataMGtDX/i/yZG diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.key b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.key new file mode 100644 index 0000000..8be3973 --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.key @@ -0,0 +1 @@ +example.net. IN DNSKEY 256 3 5 BQEAAAABsMIdQ+yt52Q/OR1s+QPj7SuBydYb11l0HC5kGIDp+JPQIQHx pyCWa/LaLgcvK3IA1HR8YaO3QXB2LAHEz5B/CQ== diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.private b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.private new file mode 100644 index 0000000..b519641 --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: sMIdQ+yt52Q/OR1s+QPj7SuBydYb11l0HC5kGIDp+JPQIQHxpyCWa/LaLgcvK3IA1HR8YaO3QXB2LAHEz5B/CQ== +PublicExponent: AQAAAAE= +PrivateExponent: fpWuYAOXJWdjMrZnI91hTi1wwuje4sKjDu8xvfnKvqKhr61QxK1gR9TB3mc2FM+Awivphb3xfi8+y2cacq9iUQ== +Prime1: 6DE1tFJXGIm2SW3fSwQymX7Zcw8VSIMWiHQPCqX1FA0= +Prime2: wuHS7u0I9aYOFkDAndfEVyDi8vOh96CcY/BuSvEZ6+0= +Exponent1: sn7RttKPap3cgw2sddmgwcuVSaEpwOswF/O42Ou3fMk= +Exponent2: LoJ305VksT7SWWR6bM5OybcdTm39PTZM0g3V2hOceK0= +Coefficient: SwRF9S9ICVeyeYw3djxbg7kUZjz5AkbHIgz9VeX4mzM= diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.key b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.key new file mode 100644 index 0000000..160110e --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.key @@ -0,0 +1,3 @@ +;% generationtime=20080612154545 +;% lifetime=30d +example.net. IN DNSKEY 256 3 5 BQEAAAABzbx90CiFrOSh0/BkiRQYRC4rHL0QQv96Qwy5/zuOa/3Zy9Lc TpbE13DtEAqOfVGSQ79S4WgKalFJxq6lSk0xrw== diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.published b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.published new file mode 100644 index 0000000..60e4316 --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: zbx90CiFrOSh0/BkiRQYRC4rHL0QQv96Qwy5/zuOa/3Zy9LcTpbE13DtEAqOfVGSQ79S4WgKalFJxq6lSk0xrw== +PublicExponent: AQAAAAE= +PrivateExponent: XZK4eHRUrFka7O0Q/RBuBG3iW8KFng5em4FnjCSBQpwSAvFzTBebqwfNSOcgqKihz8VzvKHxEd6BxVZRGI2dgQ== +Prime1: 8Jji5R57Y4ROxrO5EuEFjxL723VQ/Ym+4KYG+tM3bP8= +Prime2: 2uhGRdJU3UJvnPwx0gJGio6KmRBC6CmDqTMORhYrS1E= +Exponent1: cqVno4KLgMmKN5VPWaYA+pB5e55r6UEIaxqj6WMXATs= +Exponent2: EqSKzb/r02jmNCTv5aX7wHl+57LYR40rJvzgVTfh/tE= +Coefficient: 37ywfYlNFmtR/jZwoZBHNdIEy+C+jIeJ+fEepesSpoI= diff --git a/contrib/zkt/examples/views/intern/example.net./dnskey.db b/contrib/zkt/examples/views/intern/example.net./dnskey.db new file mode 100644 index 0000000..9e2c47f --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./dnskey.db @@ -0,0 +1,30 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by dnssec-signer. +; +; Last generation time Jun 12 2008 18:13:43 +; + +; *** List of Key Signing Keys *** +; example.net. tag=126 algo=RSASHA1 generated Nov 20 2007 12:44:27 +example.net. 1800 IN DNSKEY 257 3 5 ( + BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7PkkgRDlXyxESD+XkpVDkJ3W + ey/1Lh7083Ve1WmIuUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS5JqI + wF9BTNrNPGLPzzbBaQMHErO88HIbbg4sot7e6bSrtpAEf23MhZ3qZJC9 + +nN+DknmsgTE6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4QgrOD6IYq + Lw== + ) ; key id = 126 + +; *** List of Zone Signing Keys *** +; example.net. tag=5972 algo=RSASHA1 generated Nov 20 2007 12:44:27 +example.net. 1800 IN DNSKEY 256 3 5 ( + BQEAAAABsMIdQ+yt52Q/OR1s+QPj7SuBydYb11l0HC5kGIDp+JPQIQHx + pyCWa/LaLgcvK3IA1HR8YaO3QXB2LAHEz5B/CQ== + ) ; key id = 5972 + +; example.net. tag=23375 algo=RSASHA1 generated Jun 12 2008 17:45:45 +example.net. 1800 IN DNSKEY 256 3 5 ( + BQEAAAABzbx90CiFrOSh0/BkiRQYRC4rHL0QQv96Qwy5/zuOa/3Zy9Lc + TpbE13DtEAqOfVGSQ79S4WgKalFJxq6lSk0xrw== + ) ; key id = 23375 + diff --git a/contrib/zkt/examples/views/intern/example.net./dsset-example.net. b/contrib/zkt/examples/views/intern/example.net./dsset-example.net. new file mode 100644 index 0000000..b61c1b6 --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./dsset-example.net. @@ -0,0 +1,2 @@ +example.net. IN DS 126 5 1 D32161DCFCA120944CB9C0394CBED1389FDB72CA +example.net. IN DS 126 5 2 351C6807B25E47223D7A6AA222291E8D7D7DDDA61D64CE839F937F22 47481FC9 diff --git a/contrib/zkt/examples/views/intern/example.net./keyset-example.net. b/contrib/zkt/examples/views/intern/example.net./keyset-example.net. new file mode 100644 index 0000000..0aa2c7d --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./keyset-example.net. @@ -0,0 +1,10 @@ +$ORIGIN . +example.net 7200 IN DNSKEY 257 3 5 ( + BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7Pkk + gRDlXyxESD+XkpVDkJ3Wey/1Lh7083Ve1WmI + uUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS + 5JqIwF9BTNrNPGLPzzbBaQMHErO88HIbbg4s + ot7e6bSrtpAEf23MhZ3qZJC9+nN+DknmsgTE + 6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4Q + grOD6IYqLw== + ) ; key id = 126 diff --git a/contrib/zkt/examples/views/intern/example.net./zone.db b/contrib/zkt/examples/views/intern/example.net./zone.db new file mode 100644 index 0000000..d3e90f7 --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./zone.db @@ -0,0 +1,33 @@ +;----------------------------------------------------------------- +; +; @(#) intern/example.net/zone.db +; +;----------------------------------------------------------------- + +$TTL 7200 + +@ IN SOA ns1.example.net. hostmaster.example.net. ( + 0 ; Serial + 43200 ; Refresh + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + IN NS ns1.example.net. + IN NS ns2.example.net. + +ns1 IN A 192.168.1.53 + IN AAAA fd12:063c:cdbb::53 +ns2 IN A 10.1.2.3 + +localhost IN A 127.0.0.1 + +; Delegation to secure zone; The DS resource record will +; be added by dnssec-signzone automatically if the +; keyset-sub.example.net file is present (run dnssec-signzone +; with option -g or use the dnssec-signer tool) ;-) +sub IN NS ns1.example.net. + +; this file will have all the zone keys +$INCLUDE dnskey.db + diff --git a/contrib/zkt/examples/views/intern/example.net./zone.db.signed b/contrib/zkt/examples/views/intern/example.net./zone.db.signed new file mode 100644 index 0000000..88a42c6 --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./zone.db.signed @@ -0,0 +1,109 @@ +; File written on Thu Jun 12 18:13:43 2008 +; dnssec_signzone version 9.5.0 +example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 1213287223 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 2 7200 20080613151343 ( + 20080612151343 5972 example.net. + Pc3wGwZm0n5gMs9lSHUiRG4EIpalC+UUJPwy + 2LwHbyFkzCdGQz2RDJeL6mRKS4Z+gmt3oNUV + aV3H0KfNq6ITLg== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 5 2 7200 20080613151343 ( + 20080612151343 5972 example.net. + dUy23xqHx9shvAc20zW9uBOt8TnrI5ot31vS + Gas9s5ksxGZuQIIdpdYvbFtufp9jLfAQG98L + a6rQDFcnJ8xzng== ) + 7200 NSEC localhost.example.net. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 2 7200 20080613151343 ( + 20080612151343 5972 example.net. + gWt7VDw60E1q7qS4+pkor6RR2Dfc1sshGHia + UEJBt9F4PiHux3ICJbyWQ2USBLJMzO+uR8GH + kt2inbyQytbPDQ== ) + 1800 DNSKEY 256 3 5 ( + BQEAAAABsMIdQ+yt52Q/OR1s+QPj7SuBydYb + 11l0HC5kGIDp+JPQIQHxpyCWa/LaLgcvK3IA + 1HR8YaO3QXB2LAHEz5B/CQ== + ) ; key id = 5972 + 1800 DNSKEY 256 3 5 ( + BQEAAAABzbx90CiFrOSh0/BkiRQYRC4rHL0Q + Qv96Qwy5/zuOa/3Zy9LcTpbE13DtEAqOfVGS + Q79S4WgKalFJxq6lSk0xrw== + ) ; key id = 23375 + 1800 DNSKEY 257 3 5 ( + BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7Pkk + gRDlXyxESD+XkpVDkJ3Wey/1Lh7083Ve1WmI + uUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS + 5JqIwF9BTNrNPGLPzzbBaQMHErO88HIbbg4s + ot7e6bSrtpAEf23MhZ3qZJC9+nN+DknmsgTE + 6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4Q + grOD6IYqLw== + ) ; key id = 126 + 1800 RRSIG DNSKEY 5 2 1800 20080613151343 ( + 20080612151343 126 example.net. + CPj9rEcjTazkLm5yNpC4PatufPvKQdCkaIj9 + EKFgYUpPftfvhP1MzKcHnKraVq8jU995e1vU + WZ3ac9M4KRynUoYYj4/nMFwWQu/xC9yaUjj0 + XodXMEMlSjjN5BE/2Og3xzKJ9grim7riKClH + fixhNn6WGUXWT7TV1GKNnB7Ix/ZVCpzU4QAz + qr28rqTYvbmoowGXPf6OgafFdRQ6rdTRTzvK + xA== ) + 1800 RRSIG DNSKEY 5 2 1800 20080613151343 ( + 20080612151343 5972 example.net. + dOdjm4GD0nzgoMgRYl8HiEqi4nxP/ocB7n/N + WRKdU4Tuk7OYacr2Bd+tVa2bKLJZ9JmMQR8v + VDkzRjT4eONxuA== ) +localhost.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 3 7200 20080613151343 ( + 20080612151343 5972 example.net. + KRpkDBsuqC+WHv++YBsxW1rhkALl/LWyI24E + qJJevkm0+5tCmHgHa9WovZwDDMEn/tzxOaqi + rk8Mnbf6cYxSlw== ) + 7200 NSEC ns1.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080613151343 ( + 20080612151343 5972 example.net. + GdpOVVyqa1nTaGFuN4ohqxnYs5yG+vGK9gK0 + Tt4aenChFAmcuIvhX7ZcdejXM8x+imttnKCp + Smho3kSGf9gQRQ== ) +ns1.example.net. 7200 IN A 192.168.1.53 + 7200 RRSIG A 5 3 7200 20080613151343 ( + 20080612151343 5972 example.net. + P4vZDd3DBZIEwk9mQWoR1qjqyFTNOvsp+yOt + z2OvdAjSnlVnYHC0lM0LY24RVTQlQPLRq75F + joAIP/0wvXihsA== ) + 7200 AAAA fd12:63c:cdbb::53 + 7200 RRSIG AAAA 5 3 7200 20080613151343 ( + 20080612151343 5972 example.net. + V04kA3VrzhcNfwCEXBpgKyu+eRFYGCIrXuty + XiRCHV2DCOlr9EBKGdXzpR8kUnpRZI2BuP17 + 2a3emgs9BHJJ6A== ) + 7200 NSEC ns2.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080613151343 ( + 20080612151343 5972 example.net. + Y0DaMxmczQLNCtzKO/MA7Nvt4Rh3MdnEvcPJ + 48blsqd3UWGlRcHD/yx1NFV2JxBFSNTsAkBs + JFhw+nVeZJdHJA== ) +ns2.example.net. 7200 IN A 10.1.2.3 + 7200 RRSIG A 5 3 7200 20080613151343 ( + 20080612151343 5972 example.net. + GsvMGEozNeTjBPOuYM3thOZsQ+pPv7/8zQlj + FPnivBwkvkgrk+IyJxoh9xyTnVxd93mPY0Rv + Xsp5ITBTILSM6Q== ) + 7200 NSEC sub.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080613151343 ( + 20080612151343 5972 example.net. + LYIa+Hhk4l6KnbT/QKS0Zqkfy8Ywpz8J9RLh + 9VqzxFcdXrJswV4o/5fbZCT33sBqzebggBVR + LYF/o0HVi5uzJA== ) +sub.example.net. 7200 IN NS ns1.example.net. + 7200 NSEC example.net. NS RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080613151343 ( + 20080612151343 5972 example.net. + nkGsdegvupGxCOpr/8K6kY/0iZH1ZC8y5HwQ + 8Z3/aD0wJxaVK9iMjZ+jbIbQHg3Es5V0UYFR + RPdjTNk7YEC0Mg== ) diff --git a/contrib/zkt/examples/views/intern/zkt-int.log b/contrib/zkt/examples/views/intern/zkt-int.log new file mode 100644 index 0000000..0729139 --- /dev/null +++ b/contrib/zkt/examples/views/intern/zkt-int.log @@ -0,0 +1,169 @@ +2008-06-12 18:02:13.593: notice: running as ../../dnssec-signer -V intern -v -v +2008-06-12 18:02:13.594: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:02:13.594: debug: Check RFC5011 status +2008-06-12 18:02:13.595: debug: ->ksk5011status returns 0 +2008-06-12 18:02:13.595: debug: Check ksk status +2008-06-12 18:02:13.595: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727466 sec) +2008-06-12 18:02:13.595: debug: ->waiting for pre-publish key +2008-06-12 18:02:13.595: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h17m46s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:02:13.595: debug: Re-signing necessary: Modified keys +2008-06-12 18:02:13.595: notice: "example.net.": re-signing triggered: Modified keys +2008-06-12 18:02:13.595: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:02:13.596: debug: Signing zone "example.net." +2008-06-12 18:02:13.596: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:02:13.705: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:02:13.705: debug: Signing completed after 0s. +2008-06-12 18:02:13.705: debug: +2008-06-12 18:02:13.705: notice: end of run: 0 errors occured +2008-06-12 18:03:13.208: notice: running as ../../dnssec-signer -V intern -r -v -v +2008-06-12 18:03:13.209: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:03:13.209: debug: Check RFC5011 status +2008-06-12 18:03:13.209: debug: ->ksk5011status returns 0 +2008-06-12 18:03:13.209: debug: Check ksk status +2008-06-12 18:03:13.209: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727526 sec) +2008-06-12 18:03:13.209: debug: ->waiting for pre-publish key +2008-06-12 18:03:13.209: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h18m46s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:03:13.209: debug: Re-signing not necessary! +2008-06-12 18:03:13.209: notice: end of run: 0 errors occured +2008-06-12 18:03:19.287: notice: running as ../../dnssec-signer -V intern -r -v -v +2008-06-12 18:03:19.288: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:03:19.288: debug: Check RFC5011 status +2008-06-12 18:03:19.289: debug: ->ksk5011status returns 0 +2008-06-12 18:03:19.289: debug: Check ksk status +2008-06-12 18:03:19.289: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727532 sec) +2008-06-12 18:03:19.289: debug: ->waiting for pre-publish key +2008-06-12 18:03:19.289: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h18m52s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:03:19.289: debug: Re-signing not necessary! +2008-06-12 18:03:19.289: notice: end of run: 0 errors occured +2008-06-12 18:03:23.617: notice: running as ../../dnssec-signer -V intern -f -r -v -v +2008-06-12 18:03:23.618: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:03:23.618: debug: Check RFC5011 status +2008-06-12 18:03:23.618: debug: ->ksk5011status returns 0 +2008-06-12 18:03:23.618: debug: Check ksk status +2008-06-12 18:03:23.618: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727536 sec) +2008-06-12 18:03:23.618: debug: ->waiting for pre-publish key +2008-06-12 18:03:23.618: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h18m56s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:03:23.618: debug: Re-signing necessary: Option -f +2008-06-12 18:03:23.618: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:03:23.618: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:03:23.619: debug: Signing zone "example.net." +2008-06-12 18:03:23.619: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:03:23.719: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:03:23.719: debug: Signing completed after 0s. +2008-06-12 18:03:23.720: notice: ""example.net." in view "intern"": reload triggered +2008-06-12 18:03:23.772: debug: +2008-06-12 18:03:23.772: notice: end of run: 0 errors occured +2008-06-12 18:05:39.532: notice: running as ../../dnssec-signer -V intern -f -r -v -v +2008-06-12 18:05:39.533: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:05:39.533: debug: Check RFC5011 status +2008-06-12 18:05:39.533: debug: ->ksk5011status returns 0 +2008-06-12 18:05:39.533: debug: Check ksk status +2008-06-12 18:05:39.533: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727672 sec) +2008-06-12 18:05:39.533: debug: ->waiting for pre-publish key +2008-06-12 18:05:39.533: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h21m12s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:05:39.533: debug: Re-signing necessary: Option -f +2008-06-12 18:05:39.533: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:05:39.533: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:05:39.534: debug: Signing zone "example.net." +2008-06-12 18:05:39.534: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:05:39.629: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:05:39.630: debug: Signing completed after 0s. +2008-06-12 18:05:39.630: notice: ""example.net."": reload triggered +2008-06-12 18:05:39.640: debug: +2008-06-12 18:05:39.640: notice: end of run: 0 errors occured +2008-06-12 18:07:47.753: notice: running as ../../dnssec-signer -V intern -f -r -v -v +2008-06-12 18:07:47.754: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:07:47.754: debug: Check RFC5011 status +2008-06-12 18:07:47.754: debug: ->ksk5011status returns 0 +2008-06-12 18:07:47.754: debug: Check ksk status +2008-06-12 18:07:47.754: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727800 sec) +2008-06-12 18:07:47.754: debug: ->waiting for pre-publish key +2008-06-12 18:07:47.754: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h23m20s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:07:47.754: debug: Re-signing necessary: Option -f +2008-06-12 18:07:47.754: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:07:47.754: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:07:47.754: debug: Signing zone "example.net." +2008-06-12 18:07:47.754: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:07:47.856: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:07:47.856: debug: Signing completed after 0s. +2008-06-12 18:07:47.856: notice: ""example.net."": reload triggered +2008-06-12 18:07:47.866: debug: +2008-06-12 18:07:47.867: notice: end of run: 0 errors occured +2008-06-12 18:10:57.978: notice: running as ../../dnssec-signer -V intern -f -r -v -v +2008-06-12 18:10:57.978: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:10:57.978: debug: Check RFC5011 status +2008-06-12 18:10:57.978: debug: ->ksk5011status returns 0 +2008-06-12 18:10:57.978: debug: Check ksk status +2008-06-12 18:10:57.978: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727990 sec) +2008-06-12 18:10:57.978: debug: ->waiting for pre-publish key +2008-06-12 18:10:57.978: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h26m30s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:10:57.978: debug: Re-signing necessary: Option -f +2008-06-12 18:10:57.978: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:10:57.978: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:10:57.979: debug: Signing zone "example.net." +2008-06-12 18:10:57.979: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:10:58.081: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:10:58.081: debug: Signing completed after 1s. +2008-06-12 18:10:58.081: notice: ""example.net." in view "intern"": reload triggered +2008-06-12 18:10:58.093: debug: +2008-06-12 18:10:58.093: notice: end of run: 0 errors occured +2008-06-12 18:13:29.511: notice: running as ../../dnssec-signer -V intern -f -r -v -v +2008-06-12 18:13:29.512: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:13:29.512: debug: Check RFC5011 status +2008-06-12 18:13:29.512: debug: ->ksk5011status returns 0 +2008-06-12 18:13:29.512: debug: Check ksk status +2008-06-12 18:13:29.512: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17728142 sec) +2008-06-12 18:13:29.512: debug: ->waiting for pre-publish key +2008-06-12 18:13:29.512: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h29m2s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:13:29.512: debug: Re-signing necessary: Option -f +2008-06-12 18:13:29.512: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:13:29.512: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:13:29.513: debug: Signing zone "example.net." +2008-06-12 18:13:29.513: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:13:29.612: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:13:29.612: debug: Signing completed after 0s. +2008-06-12 18:13:29.612: notice: ""example.net." in view "intern"": reload triggered +2008-06-12 18:13:29.612: debug: Reload zone "example.net." in view "intern" +2008-06-12 18:13:29.612: debug: Run cmd "/usr/local/sbin/rndc reload example.net. IN intern" +2008-06-12 18:13:29.623: debug: +2008-06-12 18:13:29.623: notice: end of run: 0 errors occured +2008-06-12 18:13:38.707: notice: running as ../../dnssec-signer -V intern -f -r -v +2008-06-12 18:13:38.708: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:13:38.709: debug: Check RFC5011 status +2008-06-12 18:13:38.709: debug: ->ksk5011status returns 0 +2008-06-12 18:13:38.709: debug: Check ksk status +2008-06-12 18:13:38.709: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17728151 sec) +2008-06-12 18:13:38.709: debug: ->waiting for pre-publish key +2008-06-12 18:13:38.709: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h29m11s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:13:38.709: debug: Re-signing necessary: Option -f +2008-06-12 18:13:38.709: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:13:38.709: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:13:38.710: debug: Signing zone "example.net." +2008-06-12 18:13:38.710: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:13:39.163: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:13:39.163: debug: Signing completed after 1s. +2008-06-12 18:13:39.163: notice: ""example.net." in view "intern"": reload triggered +2008-06-12 18:13:39.163: debug: Reload zone "example.net." in view "intern" +2008-06-12 18:13:39.163: debug: Run cmd "/usr/local/sbin/rndc reload example.net. IN intern" +2008-06-12 18:13:39.174: debug: +2008-06-12 18:13:39.174: notice: end of run: 0 errors occured +2008-06-12 18:13:43.163: notice: running as ../../dnssec-signer -V intern -f -r -v -v +2008-06-12 18:13:43.164: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:13:43.164: debug: Check RFC5011 status +2008-06-12 18:13:43.164: debug: ->ksk5011status returns 0 +2008-06-12 18:13:43.164: debug: Check ksk status +2008-06-12 18:13:43.164: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17728156 sec) +2008-06-12 18:13:43.164: debug: ->waiting for pre-publish key +2008-06-12 18:13:43.164: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h29m16s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:13:43.164: debug: Re-signing necessary: Option -f +2008-06-12 18:13:43.164: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:13:43.164: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:13:43.164: debug: Signing zone "example.net." +2008-06-12 18:13:43.164: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:13:43.262: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:13:43.262: debug: Signing completed after 0s. +2008-06-12 18:13:43.262: notice: ""example.net." in view "intern"": reload triggered +2008-06-12 18:13:43.262: debug: Reload zone "example.net." in view "intern" +2008-06-12 18:13:43.262: debug: Run cmd "/usr/local/sbin/rndc reload example.net. IN intern" +2008-06-12 18:13:43.273: debug: +2008-06-12 18:13:43.273: notice: end of run: 0 errors occured diff --git a/contrib/zkt/examples/views/named.conf b/contrib/zkt/examples/views/named.conf new file mode 100644 index 0000000..1ec3d13 --- /dev/null +++ b/contrib/zkt/examples/views/named.conf @@ -0,0 +1,97 @@ +/***************************************************************** +** +** #(@) named.conf (c) 6. May 2004 (hoz) +*****************************************************************/ + +/***************************************************************** +** logging options +*****************************************************************/ +logging { + channel "named-log" { + file "named.log"; + print-time yes; + print-category yes; + print-severity yes; + severity info; + }; + category "dnssec" { "named-log"; }; + category "edns-disabled" { "named-log"; }; + category "default" { "named-log"; }; +}; + +/***************************************************************** +** name server options +*****************************************************************/ +options { + directory "."; + + pid-file "named.pid"; + listen-on-v6 port 1053 { any; }; + listen-on port 1053 { any; }; + + empty-zones-enable no; + + port 1053; + query-source address * port 1053; + query-source-v6 address * port 1053; + transfer-source * port 53; + transfer-source-v6 * port 53; + use-alt-transfer-source no; + notify-source * port 53; + notify-source-v6 * port 53; + + recursion yes; + dnssec-enable yes; + dnssec-validation yes; /* required by BIND 9.4.0 */ + dnssec-accept-expired false; /* added since BIND 9.5.0 */ + edns-udp-size 1460; /* (M4) */ + max-udp-size 1460; /* (M5) */ + + # allow-query { localhost; }; /* default in 9.4.0 */ + # allow-query-cache { localhost; }; /* default in 9.4.0 */ + + dnssec-must-be-secure "." no; + + querylog yes; + + stats-server 127.0.0.1 port 8881; /* added since BIND 9.5.0 */ +}; + +/***************************************************************** +** view intern +*****************************************************************/ +view "intern" { + match-clients { 127.0.0.1; ::1; }; + recursion yes; + zone "." in { + type hint; + file "root.hint"; + }; + + zone "0.0.127.in-addr.arpa" in { + type master; + file "127.0.0.zone"; + }; + + zone "example.net" in { + type master; + file "intern/example.net./zone.db.signed"; + }; +}; + +/***************************************************************** +** view extern +*****************************************************************/ +view "extern" { + match-clients { any; }; + recursion no; + zone "." in { + type hint; + file "root.hint"; + }; + + zone "example.net" in { + type master; + file "extern/example.net./zone.db.signed"; + }; +}; diff --git a/contrib/zkt/examples/views/named.log b/contrib/zkt/examples/views/named.log new file mode 100644 index 0000000..15d5f7b --- /dev/null +++ b/contrib/zkt/examples/views/named.log @@ -0,0 +1,17 @@ +20-Nov-2007 17:12:58.092 general: critical: couldn't open pid file '/var/run/named.pid': Permission denied +20-Nov-2007 17:12:58.092 general: critical: exiting (due to early fatal error) +20-Nov-2007 17:20:24.941 general: critical: couldn't open pid file '/var/run/named.pid': Permission denied +20-Nov-2007 17:20:24.941 general: critical: exiting (due to early fatal error) +20-Nov-2007 17:28:22.686 general: critical: couldn't open pid file '/var/run/named.pid': Permission denied +20-Nov-2007 17:28:22.686 general: critical: exiting (due to early fatal error) +20-Nov-2007 17:40:12.389 general: error: zone 0.0.127.in-addr.arpa/IN/intern: loading from master file 127.0.0.zone failed: file not found +20-Nov-2007 17:40:12.391 general: info: zone example.net/IN/intern: loaded serial 1195574789 (signed) +20-Nov-2007 17:40:12.393 general: info: zone example.net/IN/extern: loaded serial 1195561217 (signed) +20-Nov-2007 17:40:12.393 general: notice: running +20-Nov-2007 17:40:12.393 notify: info: zone example.net/IN/intern: sending notifies (serial 1195574789) +20-Nov-2007 17:40:12.394 notify: info: zone example.net/IN/extern: sending notifies (serial 1195561217) +20-Nov-2007 19:07:04.016 general: info: shutting down +20-Nov-2007 19:07:04.017 network: info: no longer listening on ::#1053 +20-Nov-2007 19:07:04.017 network: info: no longer listening on 127.0.0.1#1053 +20-Nov-2007 19:07:04.017 network: info: no longer listening on 145.253.100.51#1053 +20-Nov-2007 19:07:04.020 general: notice: exiting diff --git a/contrib/zkt/examples/views/root.hint b/contrib/zkt/examples/views/root.hint new file mode 100644 index 0000000..2b5c167 --- /dev/null +++ b/contrib/zkt/examples/views/root.hint @@ -0,0 +1,45 @@ +; <<>> DiG 9.5.0a6 <<>> ns . @a.root-servers.net +;; global options: printcmd +;; Got answer: +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33355 +;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13 +;; WARNING: recursion requested but not available + +;; QUESTION SECTION: +;. IN NS + +;; ANSWER SECTION: +. 518400 IN NS H.ROOT-SERVERS.NET. +. 518400 IN NS I.ROOT-SERVERS.NET. +. 518400 IN NS J.ROOT-SERVERS.NET. +. 518400 IN NS K.ROOT-SERVERS.NET. +. 518400 IN NS L.ROOT-SERVERS.NET. +. 518400 IN NS M.ROOT-SERVERS.NET. +. 518400 IN NS A.ROOT-SERVERS.NET. +. 518400 IN NS B.ROOT-SERVERS.NET. +. 518400 IN NS C.ROOT-SERVERS.NET. +. 518400 IN NS D.ROOT-SERVERS.NET. +. 518400 IN NS E.ROOT-SERVERS.NET. +. 518400 IN NS F.ROOT-SERVERS.NET. +. 518400 IN NS G.ROOT-SERVERS.NET. + +;; ADDITIONAL SECTION: +A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4 +B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201 +C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12 +D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90 +E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10 +F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241 +G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4 +H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53 +I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17 +J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30 +K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129 +L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42 +M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33 + +;; Query time: 114 msec +;; SERVER: 198.41.0.4#53(198.41.0.4) +;; WHEN: Mon Nov 5 07:28:00 2007 +;; MSG SIZE rcvd: 436 + diff --git a/contrib/zkt/examples/views/viewtest.sh b/contrib/zkt/examples/views/viewtest.sh new file mode 100755 index 0000000..f0a1754 --- /dev/null +++ b/contrib/zkt/examples/views/viewtest.sh @@ -0,0 +1,20 @@ + + +ZKT_CONFFILE=dnssec.conf +export ZKT_CONFFILE + +if true +then + echo "All internal keys:" + ./dnssec-zkt-intern + echo + + echo "All external keys:" + ./dnssec-zkt-extern + echo +fi + +echo "Sign both views" +./dnssec-signer-intern -v -v -f -r +echo +./dnssec-signer-extern -v -v diff --git a/contrib/zkt/examples/zone.db b/contrib/zkt/examples/zone.db new file mode 100644 index 0000000..9864cb1 --- /dev/null +++ b/contrib/zkt/examples/zone.db @@ -0,0 +1,45 @@ +;----------------------------------------------------------------- +; +; @(#) example.net/zone.db +; +;----------------------------------------------------------------- + +$TTL 7200 + +; Be sure that the serial number below is left +; justified in a field of at least 10 chars!! +; 0123456789; +; It's also possible to use the date form e.g. 2005040101 +@ IN SOA ns1.example.net. hostmaster.example.net. ( + 263 ; Serial + 43200 ; Refresh + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + IN NS ns1.example.net. + IN NS ns2.example.net. + +ns1 IN A 1.0.0.5 + IN AAAA 2001:db8::53 +ns2 IN A 1.2.0.6 + +localhost IN A 127.0.0.1 + +a IN A 1.2.3.1 +b IN MX 10 a +;c IN A 1.2.3.2 +d IN A 1.2.3.3 + IN AAAA 2001:0db8::3 + +; Delegation to secure zone; The DS resource record will +; be added by dnssec-signzone automatically if the +; keyset-sub.example.net file is present (run dnssec-signzone +; with option -g or use the dnssec-signer tool) ;-) +sub IN NS ns1.example.net. +sub IN DS 54876 5 1 CAB6127E303A8A8D7D5A29AE05DB60F4C5060B10 +sub IN DS 54876 5 2 7C8CAF1844479F3600213173BB5D1E2A44143D63B6E0B3E10D8C5310 ADF84D30 + +; this file will have all the zone keys +$INCLUDE dnskey.db + diff --git a/contrib/zkt/examples/zone.db.signed b/contrib/zkt/examples/zone.db.signed new file mode 100644 index 0000000..1e389ea --- /dev/null +++ b/contrib/zkt/examples/zone.db.signed @@ -0,0 +1,146 @@ +; File written on Tue Jun 24 10:00:31 2008 +; dnssec_signzone version 9.5.0 +example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 263 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 2 7200 20080724070030 ( + 20080624070030 33755 example.net. + FFUGR4+nzjZbpDT/RAncV7dNvBy1xil4MO17 + DU+gotHHV1Yq+4RRqEnRhOSWydDC9ENAjH7W + lmzr+igFHp8qiw== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 5 2 7200 20080724070030 ( + 20080624070030 33755 example.net. + mpT5zY57UtLMdl6iKVtvr78vINyaA3NkZ0af + E/TtUUBJeIEjLauzxA5jJBGqLWAiLj8HKWhS + dq1VfORhRh/Xng== ) + 7200 NSEC a.example.net. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 2 7200 20080724070030 ( + 20080624070030 33755 example.net. + Q5yxSoL+Df3UbGe1RSFFj01SoBGLgjXvgLd5 + wKota7wnjO8CxidmrN+qcKQHjF+R+mH8GeQ7 + xL1qZxKLQqxmwA== ) + 14400 DNSKEY 256 3 5 ( + BQEAAAABzN8pvZb5GSy8AozXt4L8HK/x59TQ + jh9IaZS+mIyyuHDX2iaFUigOqHixIJtDLD1r + /MfelgJ/Mh6+vCu+XmMQuw== + ) ; key id = 33755 + 14400 DNSKEY 257 3 5 ( + BQEAAAABC23icFZAD3DFBLoEw7DWKl8Hig7a + zmEbpXHYyAV98l+QQaTAb98Ob3YbrVJ9IU8E + 0KBFb5iYpHobxowPsI8FjUH2oL/7PfhtN1E3 + NlL6Uhbo8Umf6H0UULEsUTlTT8dnX+ikjAr8 + bN71YJP7BXlszezsFHuMEspNdOPyMr93230+ + R2KTEzC2H4CQzSRIr5xXSIq8kkrJ3miGjTyj + 5awvXfJ+eQ== + ) ; key id = 31674 + 14400 RRSIG DNSKEY 5 2 14400 20080724070030 ( + 20080624070030 31674 example.net. + BGed6Vivkmx/SM7HuXMy9ex+p0fDWcXW6uTH + SZLs9oAZMSkm8Xh2RNNI1sgZefGpsOc7AZJE + JuIWttqKm5VL57qpEKeTxZ9oE6Vpk4ko5lMo + yTJUoih7lTXo7a1OsNHMFZadE7Fu4Q8pjGUZ + ZJI4zBrT7JmgyPNCkgn1JdC2qJlc6ClHEb4E + 6pQyH3BnSOFudZDz8MdVQnqdxpShGwucnf2i + oA== ) + 14400 RRSIG DNSKEY 5 2 14400 20080724070030 ( + 20080624070030 33755 example.net. + f03G7Cq3CwWz7Lbe7cl61ciSsdEYv4heYnR3 + binJ3xWO7jSiRAvUAfkIYDspdlF/PCOnv8sr + id8TL8q/qQ0MCg== ) +a.example.net. 7200 IN A 1.2.3.1 + 7200 RRSIG A 5 3 7200 20080724070030 ( + 20080624070030 33755 example.net. + VuIrcft9jvWKORJy2SQ4UgWwRnUL4gIiaVpy + 3i5hfjM6X38FHsy0SvGrjxQqiurwZZS4NxXG + ljUerawxMdHWWw== ) + 7200 NSEC b.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080724070030 ( + 20080624070030 33755 example.net. + yc/tsRYQRaYsPp+5jPUj2NR0R3zHKvXBQ/RO + 14b/eKL9i4NnuzS50qFZwzpcOBOJd6XITO4p + yJNZQKtryRJuSg== ) +b.example.net. 7200 IN MX 10 a.example.net. + 7200 RRSIG MX 5 3 7200 20080724070030 ( + 20080624070030 33755 example.net. + xVjOhCO2zJVp1SsoMdM6ePCZUkittsqEP7rI + 7j8r2S1j4oiIdXaxCBBVwddhS/x1eziI/a2S + /HwVRJThIYIKnQ== ) + 7200 NSEC d.example.net. MX RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080724070030 ( + 20080624070030 33755 example.net. + jC171VBU0dqcI1NnMUUqrUIjq09sVHnFo9CH + 0jKNwxkj+K1Zkr7CBm6htH+EkKKhqKFW8kz7 + b2r05FL1xakcnQ== ) +d.example.net. 7200 IN A 1.2.3.3 + 7200 RRSIG A 5 3 7200 20080724070030 ( + 20080624070030 33755 example.net. + Q4C7HCpDR6fxIczzqGDnkpXUL5oxdPDYWF2H + vmAalL++9A5hVGz8S5IfX87dZAg71c1j8ZAe + 5oS0pvLQnweoIw== ) + 7200 AAAA 2001:db8::3 + 7200 RRSIG AAAA 5 3 7200 20080724070030 ( + 20080624070030 33755 example.net. + ECjxqQpJCbL6A9iBk/bImgzDNevUXFjq8n2L + 14ewG5zQSz/0l0NqcHKtCiruBjHd+DEXjTEI + Qo8RvMm7Rn8OsA== ) + 7200 NSEC localhost.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080724070030 ( + 20080624070030 33755 example.net. + k+AhslVfBZgXkTaWjDVB+3nLm2ye8UOGMNhY + QcKxJZaVYKnUZfyX1sJONN4UdFjmnkdNcRVC + 6ouWrLbIwslqIQ== ) +localhost.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 3 7200 20080724070030 ( + 20080624070030 33755 example.net. + wZjK9o3CElHLPSzynvzft/nQAEeBpNOj22vq + 3TWa9HWQ0RqL55NRmzxuDtyMtPOFQpniVxgV + jizb8X3SPJ5V1g== ) + 7200 NSEC ns1.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080724070030 ( + 20080624070030 33755 example.net. + e4nOW7PuqCQBYgSCBQH06V2XB7SF85jmfFIc + dSMbsLRK+1tN/Y2+85WKVSQrXZzWRHgjQ+Hw + iL/FWK5Zfq7ixg== ) +ns1.example.net. 7200 IN A 1.0.0.5 + 7200 RRSIG A 5 3 7200 20080724070030 ( + 20080624070030 33755 example.net. + tTfMDk2ww2uWutlhjRMDPGo9ZPugjJqSbdyP + 6cJcCDJUBce0UZFxjvDBZhfG7O2XUscooUjp + JpXsJ54ksPugXA== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 5 3 7200 20080724070030 ( + 20080624070030 33755 example.net. + x8iMgcICSOxgx4biLForfZxgMbMVpzwMQR6n + naFVK79GOwFFT8krAfo6K6Rg7Fyu0jSE/59H + 3Y15F0ju6YvbAg== ) + 7200 NSEC ns2.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080724070030 ( + 20080624070030 33755 example.net. + EYof9XuXHXuWgRF0MzgO/Z8FGYJEfLlJKWCV + IWh+b8XJejLO1Tt0vlJZl0orrs6yam/B8CWb + dgq8ktbqpNHmvg== ) +ns2.example.net. 7200 IN A 1.2.0.6 + 7200 RRSIG A 5 3 7200 20080724070030 ( + 20080624070030 33755 example.net. + Uh93B1J7mOqBcW8sXWHA6vmeGszGJGE/BtFV + cdO4tBNoIDbIdkzBUJZphc6HfK7/gu7WFhAo + 5v6cZr4bRDOf6A== ) + 7200 NSEC sub.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080724070030 ( + 20080624070030 33755 example.net. + xOkV3aTsgrP7ZyaHfKhLmjJfhboQJpDYFdqV + y0zzZuGQr7Yr4PxWED5WJhm4fFf48agNWBmm + rk1OaFadv6m2uw== ) +sub.example.net. 7200 IN NS ns1.example.net. + 7200 NSEC example.net. NS RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080724070030 ( + 20080624070030 33755 example.net. + Pr8KFvU/Fr2lp9W6Wqqq47VKrnh3tL90S8Eu + KIPsfmBE00g7eGPVswJUWShXMBZFLtfqI8z/ + UBM6VzROSTtryA== ) diff --git a/contrib/zkt/log.c b/contrib/zkt/log.c new file mode 100644 index 0000000..021be98 --- /dev/null +++ b/contrib/zkt/log.c @@ -0,0 +1,443 @@ +/***************************************************************** +** +** @(#) log.c -- The ZKT error logging module +** +** Copyright (c) June 2008, Holger Zuleger HZnet. All rights reserved. +** +** This software is open source. +** +** Redistribution and use in source and binary forms, with or without +** modification, are permitted provided that the following conditions +** are met: +** +** Redistributions of source code must retain the above copyright notice, +** this list of conditions and the following disclaimer. +** +** Redistributions in binary form must reproduce the above copyright notice, +** this list of conditions and the following disclaimer in the documentation +** and/or other materials provided with the distribution. +** +** Neither the name of Holger Zuleger HZnet nor the names of its contributors may +** be used to endorse or promote products derived from this software without +** specific prior written permission. +** +** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +** POSSIBILITY OF SUCH DAMAGE. +** +** +*****************************************************************/ +# include <stdio.h> +# include <string.h> +# include <stdlib.h> +# include <ctype.h> +# include <sys/types.h> +# include <sys/stat.h> +# include <sys/time.h> +# include <time.h> +# include <assert.h> +# include <errno.h> +# include <syslog.h> +#ifdef HAVE_CONFIG_H +# include <config.h> +#endif +# include "config_zkt.h" +# include "misc.h" +# include "debug.h" +#define extern +# include "log.h" +#undef extern + +/***************************************************************** +** module internal vars & declarations +*****************************************************************/ +static FILE *lg_fp; +static int lg_minfilelevel; +static int lg_syslogging; +static int lg_minsyslevel; +static long lg_errcnt; +static const char *lg_progname; + +typedef struct { + lg_lvl_t level; + const char *str; + int syslog_level; +} lg_symtbl_t; + +static lg_symtbl_t symtbl[] = { + { LG_NONE, "none", -1 }, + { LG_DEBUG, "debug", LOG_DEBUG }, + { LG_INFO, "info", LOG_INFO }, + { LG_NOTICE, "notice", LOG_NOTICE }, + { LG_WARNING, "warning", LOG_WARNING }, + { LG_ERROR, "error", LOG_ERR }, + { LG_FATAL, "fatal", LOG_CRIT }, + + { LG_NONE, "user", LOG_USER }, + { LG_NONE, "daemon", LOG_DAEMON }, + { LG_NONE, "local0", LOG_LOCAL0 }, + { LG_NONE, "local1", LOG_LOCAL1 }, + { LG_NONE, "local2", LOG_LOCAL2 }, + { LG_NONE, "local3", LOG_LOCAL3 }, + { LG_NONE, "local4", LOG_LOCAL4 }, + { LG_NONE, "local5", LOG_LOCAL5 }, + { LG_NONE, "local6", LOG_LOCAL6 }, + { LG_NONE, "local7", LOG_LOCAL7 }, + { LG_NONE, NULL, -1 } +}; + +# define MAXFNAME (1023) +/***************************************************************** +** function definitions (for function declarations see log.h) +*****************************************************************/ + +/***************************************************************** +** lg_fileopen (path, name) -- open the log file +** Name is a (absolute or relative) file or directory name. +** If path is given and name is a relative path name then path +** is prepended to name. +** returns the open file pointer or NULL on error +*****************************************************************/ +static FILE *lg_fileopen (const char *path, const char *name) +{ + int len; + FILE *fp; + struct tm *t; + time_t sec; + char fname[MAXFNAME+1]; + + if ( name == NULL || *name == '\0' ) + return NULL; + else if ( *name == '/' || path == NULL ) + snprintf (fname, MAXFNAME, "%s", name); + else + snprintf (fname, MAXFNAME, "%s/%s", path, name); + +# ifdef LOG_TEST + fprintf (stderr, "\t ==> \"%s\"", fname); +# endif + if ( is_directory (fname) ) + { + len = strlen (fname); + + time (&sec); + t = gmtime (&sec); + snprintf (fname+len, MAXFNAME-len, LOG_FNAMETMPL, + t->tm_year + 1900, t->tm_mon+1, t->tm_mday, + t->tm_hour, t->tm_min, t->tm_sec); +# ifdef LOG_TEST + fprintf (stderr, " isdir \"%s\"", fname); +# endif + } + +# ifdef LOG_TEST + fprintf (stderr, "\n"); +# endif + + if ( (fp = fopen (fname, "a")) == NULL ) + return NULL; + + return fp; +} + +/***************************************************************** +** lg_str2lvl (level_name) +*****************************************************************/ +lg_lvl_t lg_str2lvl (const char *name) +{ + lg_symtbl_t *p; + + if ( !name ) + return LG_NONE; + + for ( p = symtbl; p->str; p++ ) + if ( strcasecmp (name, p->str) == 0 ) + return p->level; + + return LG_NONE; +} + +/***************************************************************** +** lg_lvl2syslog (level) +*****************************************************************/ +lg_lvl_t lg_lvl2syslog (lg_lvl_t level) +{ + lg_symtbl_t *p; + + for ( p = symtbl; p->str; p++ ) + if ( level == p->level ) + return p->syslog_level; + + assert ( p->str != NULL ); /* we assume not to reach this! */ + + return LOG_DEBUG; /* if not found, return DEBUG as default */ +} + +/***************************************************************** +** lg_str2syslog (facility_name) +*****************************************************************/ +int lg_str2syslog (const char *facility) +{ + lg_symtbl_t *p; + + dbg_val1 ("lg_str2syslog (%s)\n", facility); + if ( !facility ) + return LG_NONE; + + for ( p = symtbl; p->str; p++ ) + if ( strcasecmp (facility, p->str) == 0 ) + return p->syslog_level; + + return LG_NONE; +} + +/***************************************************************** +** lg_lvl2str (level) +*****************************************************************/ +const char *lg_lvl2str (lg_lvl_t level) +{ + lg_symtbl_t *p; + + if ( level < LG_DEBUG ) + return "none"; + + for ( p = symtbl; p->str; p++ ) + if ( level == p->level ) + return p->str; + return "fatal"; +} + +/***************************************************************** +** lg_geterrcnt () -- returns the current value of the internal +** error counter +*****************************************************************/ +long lg_geterrcnt () +{ + return lg_errcnt; +} + +/***************************************************************** +** lg_seterrcnt () -- sets the internal error counter +** returns the current value +*****************************************************************/ +long lg_seterrcnt (long value) +{ + return lg_errcnt = value; +} + +/***************************************************************** +** lg_reseterrcnt () -- resets the internal error counter to 0 +** returns the current value +*****************************************************************/ +long lg_reseterrcnt () +{ + return lg_seterrcnt (0L); +} + + +/***************************************************************** +** lg_open (prog, facility, syslevel, path, file, filelevel) +** -- open the log channel +** return values: +** 0 on success +** -1 on file open error +*****************************************************************/ +int lg_open (const char *progname, const char *facility, const char *syslevel, const char *path, const char *file, const char *filelevel) +{ + int sysfacility; + + dbg_val6 ("lg_open (%s, %s, %s, %s, %s, %s)\n", progname, facility, syslevel, path, file, filelevel); + + lg_minsyslevel = lg_str2lvl (syslevel); + lg_minfilelevel = lg_str2lvl (filelevel); + + sysfacility = lg_str2syslog (facility); + if ( sysfacility >= 0 ) + { + lg_syslogging = 1; + dbg_val2 ("lg_open: openlog (%s, LOG_NDELAY, %d)\n", progname, lg_str2syslog (facility)); + openlog (progname, LOG_NDELAY, lg_str2syslog (facility)); + } + if ( file && * file ) + { + if ( (lg_fp = lg_fileopen (path, file)) == NULL ) + return -1; + lg_progname = progname; + } + + return 0; +} + +/***************************************************************** +** lg_close () -- close the open filepointer for error logging +** return 0 if no error log file is currently open, +** otherwise the return code of fclose is returned. +*****************************************************************/ +int lg_close () +{ + int ret = 0; + + if ( lg_syslogging ) + { + closelog (); + lg_syslogging = 0; + } + if ( lg_fp ) + { + ret = fclose (lg_fp); + lg_fp = NULL; + } + + return ret; +} + +/***************************************************************** +** +** lg_args (level, argc, argv[]) +** log all command line arguments (up to a length of 511 chars) +** with priority level +** +*****************************************************************/ +void lg_args (lg_lvl_t level, int argc, char * const argv[]) +{ + char cmdline[511+1]; + int len; + int i; + + len = 0; + for ( i = 0; i < argc && len < sizeof (cmdline); i++ ) + len += snprintf (cmdline+len, sizeof (cmdline) - len, " %s", argv[i]); + +#if 1 + lg_mesg (level, "------------------------------------------------------------"); +#else + lg_mesg (level, ""); +#endif + lg_mesg (level, "running%s ", cmdline); +} + +/***************************************************************** +** +** lg_mesg (level, fmt, ...) +** +** Write a given message to the error log file and counts +** all messages written with an level greater than LOG_ERR. +** +** All messages will be on one line in the logfile, so it's +** not necessary to add an '\n' to the message. +** +** To call this function before an elog_open() is called is +** useless! +** +*****************************************************************/ +void lg_mesg (int priority, char *fmt, ...) +{ + va_list ap; + struct timeval tv; + struct tm *t; + char format[256]; + + assert (fmt != NULL); + assert (priority >= LG_DEBUG && priority <= LG_FATAL); + + format[0] ='\0'; + + dbg_val3 ("syslog = %d prio = %d >= sysmin = %d\n", lg_syslogging, priority, lg_minsyslevel); + if ( lg_syslogging && priority >= lg_minsyslevel ) + { +#if defined (LOG_WITH_LEVEL) && LOG_WITH_LEVEL + snprintf (format, sizeof (format), "%s: %s", lg_lvl2str(priority), fmt); + fmt = format; +#endif + va_start(ap, fmt); + vsyslog (lg_lvl2syslog (priority), fmt, ap); + va_end(ap); + } + + dbg_val3 ("filelg = %d prio = %d >= filmin = %d\n", lg_fp!=NULL, priority, lg_minfilelevel); + if ( lg_fp && priority >= lg_minfilelevel ) + { +#if defined (LOG_WITH_TIMESTAMP) && LOG_WITH_TIMESTAMP + gettimeofday (&tv, NULL); + t = localtime ((time_t *) &tv.tv_sec); + fprintf (lg_fp, "%04d-%02d-%02d ", + t->tm_year+1900, t->tm_mon+1, t->tm_mday); + fprintf (lg_fp, "%02d:%02d:%02d.%03ld: ", + t->tm_hour, t->tm_min, t->tm_sec, tv.tv_usec / 1000); +#endif +#if defined (LOG_WITH_PROGNAME) && LOG_WITH_PROGNAME + if ( lg_progname ) + fprintf (lg_fp, "%s: ", lg_progname); +#endif +#if defined (LOG_WITH_LEVEL) && LOG_WITH_LEVEL + if ( fmt != format ) /* level is not in fmt string */ + fprintf (lg_fp, "%s: ", lg_lvl2str(priority)); +#endif + va_start(ap, fmt); + vfprintf (lg_fp, fmt, ap); + va_end(ap); + fprintf (lg_fp, "\n"); + } + + if ( priority >= LG_ERROR ) + lg_errcnt++; +} + + +#ifdef LOG_TEST +const char *progname; +int main (int argc, char *argv[]) +{ + const char *levelstr; + const char *newlevelstr; + int level; + int err; + + progname = *argv; + + if ( --argc ) + levelstr = *++argv; + else + levelstr = "fatal"; + + level = lg_str2lvl (levelstr); + newlevelstr = lg_lvl2str (level+1); + dbg_val4 ("base level = %s(%d) newlevel = %s(%d)\n", levelstr, level, newlevelstr, level+1); + if ( (err = lg_open (progname, +#if 1 + "user", +#else + "none", +#endif + levelstr, ".", +#if 1 + "test.log", +#else + NULL, +#endif + newlevelstr)) ) + fprintf (stderr, "\topen error %d\n", err); + else + { + lg_mesg (LG_DEBUG, "debug message"); + lg_mesg (LG_INFO, "INFO message"); + lg_mesg (LG_NOTICE, "Notice message"); + lg_mesg (LG_WARNING, "Warning message"); + lg_mesg (LG_ERROR, "Error message"); + lg_mesg (LG_FATAL, "Fatal message "); + } + + if ( (err = lg_close ()) < 0 ) + fprintf (stderr, "\tclose error %d\n", err); + + return 0; +} +#endif diff --git a/contrib/zkt/log.h b/contrib/zkt/log.h new file mode 100644 index 0000000..9a5d3ab --- /dev/null +++ b/contrib/zkt/log.h @@ -0,0 +1,66 @@ +/***************************************************************** +** +** @(#) log.h (c) June 2008 Holger Zuleger hznet.de +** +** Copyright (c) June 2008, Holger Zuleger HZnet. All rights reserved. +** +** This software is open source. +** +** Redistribution and use in source and binary forms, with or without +** modification, are permitted provided that the following conditions +** are met: +** +** Redistributions of source code must retain the above copyright notice, +** this list of conditions and the following disclaimer. +** +** Redistributions in binary form must reproduce the above copyright notice, +** this list of conditions and the following disclaimer in the documentation +** and/or other materials provided with the distribution. +** +** Neither the name of Holger Zuleger HZnet nor the names of its contributors may +** be used to endorse or promote products derived from this software without +** specific prior written permission. +** +** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +** POSSIBILITY OF SUCH DAMAGE. +** +*****************************************************************/ +#ifndef LOG_H +# define LOG_H +# include <sys/types.h> +# include <stdarg.h> +# include <stdio.h> +# include <time.h> +# include <syslog.h> + +typedef enum { + LG_NONE = 0, + LG_DEBUG, + LG_INFO, + LG_NOTICE, + LG_WARNING, + LG_ERROR, + LG_FATAL +} lg_lvl_t; + +extern lg_lvl_t lg_str2lvl (const char *name); +extern int lg_str2syslog (const char *facility); +extern const char *lg_lvl2str (lg_lvl_t level); +extern lg_lvl_t lg_lvl2syslog (lg_lvl_t level); +extern long lg_geterrcnt (void); +extern long lg_seterrcnt (long value); +extern long lg_reseterrcnt (void); +extern int lg_open (const char *progname, const char *facility, const char *syslevel, const char *path, const char *file, const char *filelevel); +extern int lg_close (void); +extern void lg_args (lg_lvl_t level, int argc, char * const argv[]); +extern void lg_mesg (int level, char *fmt, ...); +#endif diff --git a/contrib/zkt/misc.c b/contrib/zkt/misc.c new file mode 100644 index 0000000..d2465c3 --- /dev/null +++ b/contrib/zkt/misc.c @@ -0,0 +1,1157 @@ +/***************************************************************** +** +** @(#) misc.c -- helper functions for the dnssec zone key tools +** +** Copyright (c) Jan 2005, Holger Zuleger HZnet. All rights reserved. +** +** This software is open source. +** +** Redistribution and use in source and binary forms, with or without +** modification, are permitted provided that the following conditions +** are met: +** +** Redistributions of source code must retain the above copyright notice, +** this list of conditions and the following disclaimer. +** +** Redistributions in binary form must reproduce the above copyright notice, +** this list of conditions and the following disclaimer in the documentation +** and/or other materials provided with the distribution. +** +** Neither the name of Holger Zuleger HZnet nor the names of its contributors may +** be used to endorse or promote products derived from this software without +** specific prior written permission. +** +** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +** POSSIBILITY OF SUCH DAMAGE. +** +*****************************************************************/ +# include <stdio.h> +# include <string.h> +# include <stdlib.h> +# include <unistd.h> /* for link(), unlink() */ +# include <ctype.h> +# include <sys/types.h> +# include <sys/stat.h> +# include <time.h> +# include <utime.h> +# include <assert.h> +# include <errno.h> +# include <fcntl.h> +#ifdef HAVE_CONFIG_H +# include <config.h> +#endif +# include "config_zkt.h" +# include "zconf.h" +# include "log.h" +# include "debug.h" +#define extern +# include "misc.h" +#undef extern + +# define TAINTEDCHARS "`$@;&<>|" + +extern const char *progname; + +static int inc_soa_serial (FILE *fp, int use_unixtime); + +/***************************************************************** +** getnameappendix (progname, basename) +** return a pointer to the substring in progname subsequent +** following basename "-". +*****************************************************************/ +const char *getnameappendix (const char *progname, const char *basename) +{ + const char *p; + int baselen; + + assert (progname != NULL); + assert (basename != NULL); + + if ( (p = strrchr (progname, '/')) != NULL ) + p++; + else + p = progname; + + baselen = strlen (basename); + if ( strncmp (p, basename, baselen-1) == 0 && *(p+baselen) == '-' ) + { + p += baselen + 1; + if ( *p ) + return p; + } + + return NULL; +} + +/***************************************************************** +** getdefconfname (view) +** returns the default configuration file name +*****************************************************************/ +const char *getdefconfname (const char *view) +{ + char *p; + char *file; + char *buf; + int size; + + if ( (file = getenv ("ZKT_CONFFILE")) == NULL ) + file = CONFIG_FILE; + + if ( view == NULL || *view == '\0' || (p = strrchr (file, '.')) == NULL ) + return strdup (file); + + size = strlen (file) + strlen (view) + 1 + 1; + if ( (buf = malloc (size)) == NULL ) + return file; + + dbg_val1 ("0123456789o123456789o123456789\tsize=%d\n", size); + dbg_val4 ("%.*s-%s%s\n", p - file, file, view, p); + + snprintf (buf, size, "%.*s-%s%s", p - file, file, view, p); + return buf; +} + +/***************************************************************** +** str_tolowerdup (s) +*****************************************************************/ +char *str_tolowerdup (const char *s) +{ + char *new; + char *p; + + if ( s == NULL || (new = p = malloc (strlen (s) + 1)) == NULL ) + return NULL; + + while ( *s ) + *p++ = tolower (*s++); + *p = '\0'; + + return new; +} + +/***************************************************************** +** str_delspace (s) +** Remove in string 's' all white space char +*****************************************************************/ +char *str_delspace (char *s) +{ + char *start; + char *p; + + if ( !s ) /* is there a string ? */ + return s; + + start = s; + for ( p = s; *p; p++ ) + if ( !isspace (*p) ) + *s++ = *p; /* copy each nonspace */ + + *s = '\0'; /* terminate string */ + + return start; +} + +/***************************************************************** +** in_strarr (str, arr, cnt) +** check if string array 'arr' contains the string 'str' +** return 1 if true or 'arr' or 'str' is empty, otherwise 0 +*****************************************************************/ +int in_strarr (const char *str, char *const arr[], int cnt) +{ + if ( arr == NULL || cnt <= 0 ) + return 1; + + if ( str == NULL || *str == '\0' ) + return 0; + + while ( --cnt >= 0 ) + if ( strcmp (str, arr[cnt]) == 0 ) + return 1; + + return 0; +} + +/***************************************************************** +** str_untaint (s) +** Remove in string 's' all TAINTED chars +*****************************************************************/ +char *str_untaint (char *str) +{ + char *p; + + assert (str != NULL); + + for ( p = str; *p; p++ ) + if ( strchr (TAINTEDCHARS, *p) ) + *p = ' '; + return str; +} + +/***************************************************************** +** str_chop (str, c) +** delete all occurrences of char 'c' at the end of string 's' +*****************************************************************/ +char *str_chop (char *str, char c) +{ + int len; + + assert (str != NULL); + + len = strlen (str) - 1; + while ( len >= 0 && str[len] == c ) + str[len--] = '\0'; + + return str; +} + +/***************************************************************** +** parseurl (url, &proto, &host, &port, ¶ ) +** parses the given url (e.g. "proto://host.with.domain:port/para") +** and set the pointer variables to the corresponding part of the string. +*****************************************************************/ +void parseurl (char *url, char **proto, char **host, char **port, char **para) +{ + char *start; + char *p; + + assert ( url != NULL ); + + /* parse protocol */ + if ( (p = strchr (url, ':')) == NULL ) /* no protocol string given ? */ + p = url; + else /* looks like a protocol string */ + if ( p[1] == '/' && p[2] == '/' ) /* protocol string ? */ + { + *p = '\0'; + p += 3; + if ( proto ) + *proto = url; + } + else /* no protocol string found ! */ + p = url; + + /* parse host */ + if ( *p == '[' ) /* ipv6 address as hostname ? */ + { + for ( start = ++p; *p && *p != ']'; p++ ) + ; + if ( *p ) + *p++ = '\0'; + } + else + for ( start = p; *p && *p != ':' && *p != '/'; p++ ) + ; + if ( host ) + *host = start; + + /* parse port */ + if ( *p == ':' ) + { + *p++ = '\0'; + for ( start = p; *p && isdigit (*p); p++ ) + ; + if ( *p ) + *p++ = '\0'; + if ( port ) + *port = start; + } + + if ( *p == '/' ) + *p++ = '\0'; + + if ( *p && para ) + *para = p; +} + +/***************************************************************** +** splitpath (path, size, filename) +*****************************************************************/ +const char *splitpath (char *path, size_t size, const char *filename) +{ + char *p; + + if ( !path ) + return filename; + + *path = '\0'; + if ( !filename ) + return filename; + + if ( (p = strrchr (filename, '/')) ) /* file arg contains path ? */ + { + if ( strlen (filename) > size ) + return filename; + + strcpy (path, filename); + path[p-filename] = '\0'; + filename = ++p; + } + return filename; +} + +/***************************************************************** +** pathname (path, size, dir, file, ext) +** Concatenate 'dir', 'file' and 'ext' (if not null) to build +** a pathname, and store the result in the character array +** with length 'size' pointed to by 'path'. +*****************************************************************/ +char *pathname (char *path, size_t size, const char *dir, const char *file, const char *ext) +{ + int len; + + if ( path == NULL || file == NULL ) + return path; + + len = strlen (file) + 1; + if ( dir ) + len += strlen (dir); + if ( ext ) + len += strlen (ext); + if ( len > size ) + return path; + + *path = '\0'; + if ( dir && *dir ) + { + len = sprintf (path, "%s", dir); + if ( path[len-1] != '/' ) + { + path[len++] = '/'; + path[len] = '\0'; + } + } + strcat (path, file); + if ( ext ) + strcat (path, ext); + return path; +} + +/***************************************************************** +** is_directory (name) +** Check if the given pathname 'name' exists and is a directory. +** returns 0 | 1 +*****************************************************************/ +int is_directory (const char *name) +{ + struct stat st; + + if ( !name || !*name ) + return 0; + + return ( stat (name, &st) == 0 && S_ISDIR (st.st_mode) ); +} + +/***************************************************************** +** fileexist (name) +** Check if a file with the given pathname 'name' exists. +** returns 0 | 1 +*****************************************************************/ +int fileexist (const char *name) +{ + struct stat st; + return ( stat (name, &st) == 0 && S_ISREG (st.st_mode) ); +} + +/***************************************************************** +** filesize (name) +** return the size of the file with the given pathname 'name'. +** returns -1 if the file not exist +*****************************************************************/ +size_t filesize (const char *name) +{ + struct stat st; + if ( stat (name, &st) == -1 ) + return -1L; + return ( st.st_size ); +} + +/***************************************************************** +** is_keyfilename (name) +** Check if the given name looks like a dnssec (public) +** keyfile name. Returns 0 | 1 +*****************************************************************/ +int is_keyfilename (const char *name) +{ + int len; + + if ( name == NULL || *name != 'K' ) + return 0; + + len = strlen (name); + if ( len > 4 && strcmp (&name[len - 4], ".key") == 0 ) + return 1; + + return 0; +} + +/***************************************************************** +** is_dotfile (name) +** Check if the given pathname 'name' looks like "." or "..". +** Returns 0 | 1 +*****************************************************************/ +int is_dotfile (const char *name) +{ + if ( name && ( + (name[0] == '.' && name[1] == '\0') || + (name[0] == '.' && name[1] == '.' && name[2] == '\0')) ) + return 1; + + return 0; +} + +/***************************************************************** +** touch (name, sec) +** Set the modification time of the given pathname 'fname' to +** 'sec'. Returns 0 on success. +*****************************************************************/ +int touch (const char *fname, time_t sec) +{ + struct utimbuf utb; + + utb.actime = utb.modtime = sec; + return utime (fname, &utb); +} + +/***************************************************************** +** linkfile (fromfile, tofile) +*****************************************************************/ +int linkfile (const char *fromfile, const char *tofile) +{ + int ret; + + /* fprintf (stderr, "linkfile (%s, %s)\n", fromfile, tofile); */ + if ( (ret = link (fromfile, tofile)) == -1 && errno == EEXIST ) + if ( unlink (tofile) == 0 ) + ret = link (fromfile, tofile); + + return ret; +} + +/***************************************************************** +** copyfile (fromfile, tofile, dnskeyfile) +*****************************************************************/ +int copyfile (const char *fromfile, const char *tofile, const char *dnskeyfile) +{ + FILE *infp; + FILE *outfp; + int c; + + /* fprintf (stderr, "copyfile (%s, %s)\n", fromfile, tofile); */ + if ( (infp = fopen (fromfile, "r")) == NULL ) + return -1; + if ( (outfp = fopen (tofile, "w")) == NULL ) + { + fclose (infp); + return -2; + } + while ( (c = getc (infp)) != EOF ) + putc (c, outfp); + + fclose (infp); + if ( dnskeyfile && *dnskeyfile && (infp = fopen (dnskeyfile, "r")) != NULL ) + { + while ( (c = getc (infp)) != EOF ) + putc (c, outfp); + fclose (infp); + } + fclose (outfp); + + return 0; +} + +/***************************************************************** +** copyzonefile (fromfile, tofile, dnskeyfile) +** copy a already signed zonefile and replace all zone DNSKEY +** resource records by one "$INCLUDE dnskey.db" line +*****************************************************************/ +int copyzonefile (const char *fromfile, const char *tofile, const char *dnskeyfile) +{ + FILE *infp; + FILE *outfp; + int len; + int dnskeys; + int multi_line_dnskey; + int bufoverflow; + char buf[1024]; + char *p; + + if ( fromfile == NULL ) + infp = stdin; + else + if ( (infp = fopen (fromfile, "r")) == NULL ) + return -1; + if ( tofile == NULL ) + outfp = stdout; + else + if ( (outfp = fopen (tofile, "w")) == NULL ) + { + if ( fromfile ) + fclose (infp); + return -2; + } + + multi_line_dnskey = 0; + dnskeys = 0; + bufoverflow = 0; + while ( fgets (buf, sizeof buf, infp) != NULL ) + { + p = buf; + if ( !bufoverflow && !multi_line_dnskey && (*p == '@' || isspace (*p)) ) /* check if DNSKEY RR */ + { + do + p++; + while ( isspace (*p) ) ; + + /* skip TTL */ + while ( isdigit (*p) ) + p++; + + while ( isspace (*p) ) + p++; + + /* skip Class */ + if ( strncasecmp (p, "IN", 2) == 0 ) + { + p += 2; + while ( isspace (*p) ) + p++; + } + + if ( strncasecmp (p, "DNSKEY", 6) == 0 ) /* bingo! */ + { + dnskeys++; + p += 6; + while ( *p ) + { + if ( *p == '(' ) + multi_line_dnskey = 1; + if ( *p == ')' ) + multi_line_dnskey = 0; + p++; + } + if ( dnskeys == 1 ) + fprintf (outfp, "$INCLUDE %s\n", dnskeyfile); + } + else + fputs (buf, outfp); + } + else + { + if ( bufoverflow ) + fprintf (stderr, "!! buffer overflow in copyzonefile() !!\n"); + if ( !multi_line_dnskey ) + fputs (buf, outfp); + else + { + while ( *p && *p != ')' ) + p++; + if ( *p == ')' ) + multi_line_dnskey = 0; + } + } + + len = strlen (buf); + bufoverflow = buf[len-1] != '\n'; /* line too long ? */ + } + + if ( fromfile ) + fclose (infp); + if ( tofile ) + fclose (outfp); + + return 0; +} + +/***************************************************************** +** cmpfile (file1, file2) +** returns -1 on error, 1 if the files differ and 0 if they +** are identical. +*****************************************************************/ +int cmpfile (const char *file1, const char *file2) +{ + FILE *fp1; + FILE *fp2; + int c1; + int c2; + + /* fprintf (stderr, "cmpfile (%s, %s)\n", file1, file2); */ + if ( (fp1 = fopen (file1, "r")) == NULL ) + return -1; + if ( (fp2 = fopen (file2, "r")) == NULL ) + { + fclose (fp1); + return -1; + } + + do { + c1 = getc (fp1); + c2 = getc (fp2); + } while ( c1 != EOF && c2 != EOF && c1 == c2 ); + + fclose (fp1); + fclose (fp2); + + if ( c1 == c2 ) + return 0; + return 1; +} + +/***************************************************************** +** file_age (fname) +*****************************************************************/ +int file_age (const char *fname) +{ + time_t curr = time (NULL); + time_t mtime = file_mtime (fname); + + return curr - mtime; +} + +/***************************************************************** +** file_mtime (fname) +*****************************************************************/ +time_t file_mtime (const char *fname) +{ + struct stat st; + + if ( stat (fname, &st) < 0 ) + return 0; + return st.st_mtime; +} + +/***************************************************************** +** is_exec_ok (prog) +** Check if we are running as root or if the file owner of +** "prog" do not match the current user or the file permissions +** allows file modification for others then the owner. +** The same condition will be checked for the group ownership. +** return 1 if the execution of the command "prog" will not +** open a big security whole, 0 otherwise +*****************************************************************/ +int is_exec_ok (const char *prog) +{ + uid_t curr_uid; + struct stat st; + + if ( stat (prog, &st) < 0 ) + return 0; + + curr_uid = getuid (); + if ( curr_uid == 0 ) /* don't run the cmd if we are root */ + return 0; + + /* if the file owner and the current user matches and */ + /* the file mode is not writable except for the owner, we are save */ + if ( curr_uid == st.st_uid && (st.st_mode & (S_IWGRP | S_IWOTH)) == 0 ) + return 1; + + /* if the file group and the current group matches and */ + /* the file mode is not writable except for the group, we are also save */ + if ( getgid() != st.st_gid && (st.st_mode & (S_IWUSR | S_IWOTH)) == 0 ) + return 1; + + return 0; +} + +/***************************************************************** +** fatal (fmt, ...) +*****************************************************************/ +void fatal (char *fmt, ...) +{ + va_list ap; + + va_start(ap, fmt); + if ( progname ) + fprintf (stderr, "%s: ", progname); + vfprintf (stderr, fmt, ap); + va_end(ap); + exit (127); +} + +/***************************************************************** +** error (fmt, ...) +*****************************************************************/ +void error (char *fmt, ...) +{ + va_list ap; + + va_start(ap, fmt); + vfprintf (stderr, fmt, ap); + va_end(ap); +} + +/***************************************************************** +** logmesg (fmt, ...) +*****************************************************************/ +void logmesg (char *fmt, ...) +{ + va_list ap; + +#if defined (LOG_WITH_PROGNAME) && LOG_WITH_PROGNAME + fprintf (stdout, "%s: ", progname); +#endif + va_start(ap, fmt); + vfprintf (stdout, fmt, ap); + va_end(ap); +} + +/***************************************************************** +** verbmesg (verblvl, conf, fmt, ...) +*****************************************************************/ +void verbmesg (int verblvl, const zconf_t *conf, char *fmt, ...) +{ + char str[511+1]; + va_list ap; + + str[0] = '\0'; + va_start(ap, fmt); + vsnprintf (str, sizeof (str), fmt, ap); + va_end(ap); + + //fprintf (stderr, "verbmesg (%d stdout=%d filelog=%d str = :%s:\n", verblvl, conf->verbosity, conf->verboselog, str); + if ( verblvl <= conf->verbosity ) /* check if we have to print this to stdout */ + logmesg (str); + + str_chop (str, '\n'); + if ( verblvl <= conf->verboselog ) /* check logging to syslog and/or file */ + lg_mesg (LG_DEBUG, str); +} + + +/***************************************************************** +** logflush () +*****************************************************************/ +void logflush () +{ + fflush (stdout); +} + +/***************************************************************** +** timestr2time (timestr) +** timestr should look like "20071211223901" for 12 dec 2007 22:39:01 +*****************************************************************/ +time_t timestr2time (const char *timestr) +{ + struct tm t; + time_t sec; + + // fprintf (stderr, "timestr = \"%s\"\n", timestr); + if ( sscanf (timestr, "%4d%2d%2d%2d%2d%2d", + &t.tm_year, &t.tm_mon, &t.tm_mday, + &t.tm_hour, &t.tm_min, &t.tm_sec) != 6 ) + return 0L; + t.tm_year -= 1900; + t.tm_mon -= 1; + t.tm_isdst = 0; + +#if defined(HAS_TIMEGM) && HAS_TIMEGM + sec = timegm (&t); +#else + { + time_t ret; + char *tz; + + tz = getenv("TZ"); + // setenv("TZ", "", 1); + setenv("TZ", "UTC", 1); + tzset(); + sec = mktime(&t); + if (tz) + setenv("TZ", tz, 1); + else + unsetenv("TZ"); + tzset(); + } +#endif + + return sec < 0L ? 0L : sec; +} + +/***************************************************************** +** time2str (sec, precison) +** sec is seconds since 1.1.1970 +** precison is currently either 's' (for seconds) or 'm' (minutes) +*****************************************************************/ +char *time2str (time_t sec, int precision) +{ + struct tm *t; + static char timestr[31+1]; /* 27+1 should be enough */ +#if defined(HAVE_STRFTIME) && HAVE_STRFTIME + char tformat[127+1]; + + timestr[0] = '\0'; + if ( sec <= 0L ) + return timestr; + t = localtime (&sec); + if ( precision == 's' ) + strcpy (tformat, "%b %d %Y %T"); + else + strcpy (tformat, "%b %d %Y %R"); +# if PRINT_TIMEZONE + strcat (tformat, " %z"); +# endif + strftime (timestr, sizeof (timestr), tformat, t); + +#else /* no strftime available */ + static char *mstr[] = { + "Jan", "Feb", "Mar", "Apr", "May", "Jun", + "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" + }; + + timestr[0] = '\0'; + if ( sec <= 0L ) + return timestr; + t = localtime (&sec); +# if PRINT_TIMEZONE + { + int h, s; + + s = abs (t->tm_gmtoff); + h = t->tm_gmtoff / 3600; + s = t->tm_gmtoff % 3600; + if ( precision == 's' ) + snprintf (timestr, sizeof (timestr), "%s %2d %4d %02d:%02d:%02d %c%02d%02d", + mstr[t->tm_mon], t->tm_mday, t->tm_year + 1900, + t->tm_hour, t->tm_min, t->tm_sec, + t->tm_gmtoff < 0 ? '-': '+', + h, s); + else + snprintf (timestr, sizeof (timestr), "%s %2d %4d %02d:%02d %c%02d%02d", + mstr[t->tm_mon], t->tm_mday, t->tm_year + 1900, + t->tm_hour, t->tm_min, + t->tm_gmtoff < 0 ? '-': '+', + h, s); + } +# else + if ( precision == 's' ) + snprintf (timestr, sizeof (timestr), "%s %2d %4d %02d:%02d:%02d", + mstr[t->tm_mon], t->tm_mday, t->tm_year + 1900, + t->tm_hour, t->tm_min, t->tm_sec); + else + snprintf (timestr, sizeof (timestr), "%s %2d %4d %02d:%02d", + mstr[t->tm_mon], t->tm_mday, t->tm_year + 1900, + t->tm_hour, t->tm_min); +# endif +#endif + + return timestr; +} + +/***************************************************************** +** time2isostr (sec, precison) +** sec is seconds since 1.1.1970 +** precison is currently either 's' (for seconds) or 'm' (minutes) +*****************************************************************/ +char *time2isostr (time_t sec, int precision) +{ + struct tm *t; + static char timestr[31+1]; /* 27+1 should be enough */ + + timestr[0] = '\0'; + if ( sec <= 0L ) + return timestr; + + t = gmtime (&sec); + if ( precision == 's' ) + snprintf (timestr, sizeof (timestr), "%4d%02d%02d%02d%02d%02d", + t->tm_year + 1900, t->tm_mon+1, t->tm_mday, + t->tm_hour, t->tm_min, t->tm_sec); + else + snprintf (timestr, sizeof (timestr), "%4d%02d%02d%02d%02d", + t->tm_year + 1900, t->tm_mon+1, t->tm_mday, + t->tm_hour, t->tm_min); + + return timestr; +} + +/***************************************************************** +** age2str (sec) +** !!Attention: This function is not reentrant +*****************************************************************/ +char *age2str (time_t sec) +{ + static char str[20+1]; /* "2y51w6d23h50m55s" == 16+1 chars */ + int len; + int strsize = sizeof (str); + + len = 0; +# if PRINT_AGE_WITH_YEAR + if ( sec / (YEARSEC) > 0 ) + { + len += snprintf (str+len, strsize - len, "%1luy", sec / YEARSEC ); + sec %= (YEARSEC); + } + else + len += snprintf (str+len, strsize - len, " "); +# endif + if ( sec / WEEKSEC > 0 ) + { + len += snprintf (str+len, strsize - len, "%2luw", (ulong) sec / WEEKSEC ); + sec %= WEEKSEC; + } + else + len += snprintf (str+len, strsize - len, " "); + if ( sec / DAYSEC > 0 ) + { + len += snprintf (str+len, strsize - len, "%2lud", sec / (ulong)DAYSEC); + sec %= DAYSEC; + } + else + len += snprintf (str+len, strsize - len, " "); + if ( sec / HOURSEC > 0 ) + { + len += snprintf (str+len, strsize - len, "%2luh", sec / (ulong)HOURSEC); + sec %= HOURSEC; + } + else + len += snprintf (str+len, strsize - len, " "); + if ( sec / MINSEC > 0 ) + { + len += snprintf (str+len, strsize - len, "%2lum", sec / (ulong)MINSEC); + sec %= MINSEC; + } + else + len += snprintf (str+len, strsize - len, " "); + if ( sec > 0 ) + snprintf (str+len, strsize - len, "%2lus", (ulong) sec); + else + len += snprintf (str+len, strsize - len, " "); + + return str; +} + +/***************************************************************** +** start_timer () +*****************************************************************/ +time_t start_timer () +{ + return (time(NULL)); +} + +/***************************************************************** +** stop_timer () +*****************************************************************/ +time_t stop_timer (time_t start) +{ + time_t stop = time (NULL); + + return stop - start; +} + +/**************************************************************** +** +** int inc_serial (filename, use_unixtime) +** +** This function depends on a special syntax formating the +** SOA record in the zone file!! +** +** To match the SOA record, the SOA RR must be formatted +** like this: +** @ IN SOA <master.fq.dn.> <hostmaster.fq.dn.> ( +** <SPACEes or TABs> 1234567890; serial number +** <SPACEes or TABs> 86400 ; other values +** ... +** The space from the first digit of the serial number to +** the first none white space char or to the end of the line +** must be at least 10 characters! +** So you have to left justify the serial number in a field +** of at least 10 characters like this: +** <SPACEes or TABs> 1 ; Serial +** +****************************************************************/ +int inc_serial (const char *fname, int use_unixtime) +{ + FILE *fp; + char buf[4095+1]; + char master[254+1]; + int error; + + /** + since BIND 9.4, there is a dnssec-signzone option available for + serial number increment. + If the user request "unixtime" than use this mechanism + **/ +#if defined(BIND_VERSION) && BIND_VERSION >= 940 + if ( use_unixtime ) + return 0; +#endif + if ( (fp = fopen (fname, "r+")) == NULL ) + return -1; + + /* read until the line matches the beginning of a soa record ... */ + while ( fgets (buf, sizeof buf, fp) && + sscanf (buf, "@ IN SOA %255s %*s (\n", master) != 1 ) + ; + + if ( feof (fp) ) + { + fclose (fp); + return -2; + } + + error = inc_soa_serial (fp, use_unixtime); /* .. inc soa serial no ... */ + + if ( fclose (fp) != 0 ) + return -5; + return error; +} + +/***************************************************************** +** return the serial number of the current day in the form +** of YYYYmmdd00 +*****************************************************************/ +static ulong today_serialtime () +{ + struct tm *t; + ulong serialtime; + time_t now; + + now = time (NULL); + t = gmtime (&now); + serialtime = (t->tm_year + 1900) * 10000; + serialtime += (t->tm_mon+1) * 100; + serialtime += t->tm_mday; + serialtime *= 100; + + return serialtime; +} + +/***************************************************************** +** inc_soa_serial (fp, use_unixtime) +** increment the soa serial number of the file 'fp' +** 'fp' must be opened "r+" +*****************************************************************/ +static int inc_soa_serial (FILE *fp, int use_unixtime) +{ + int c; + long pos, eos; + ulong serial; + int digits; + ulong today; + + /* move forward until any non ws reached */ + while ( (c = getc (fp)) != EOF && isspace (c) ) + ; + ungetc (c, fp); /* push back the last char */ + + pos = ftell (fp); /* mark position */ + + serial = 0L; /* read in the current serial number */ + /* be aware of the trailing space in the format string !! */ + if ( fscanf (fp, "%lu ", &serial) != 1 ) /* try to get serial no */ + return -3; + eos = ftell (fp); /* mark first non digit/ws character pos */ + + digits = eos - pos; + if ( digits < 10 ) /* not enough space for serial no ? */ + return -4; + + if ( use_unixtime ) + today = time (NULL); + else + { + today = today_serialtime (); /* YYYYmmdd00 */ + if ( serial > 1970010100L && serial < today ) + serial = today; /* set to current time */ + serial++; /* increment anyway */ + } + + fseek (fp, pos, SEEK_SET); /* go back to the beginning */ + fprintf (fp, "%-*lu", digits, serial); /* write as many chars as before */ + + return 1; /* yep! */ +} + +/***************************************************************** +** return the error text of the inc_serial return coode +*****************************************************************/ +const char *inc_errstr (int err) +{ + switch ( err ) + { + case -1: return "couldn't open zone file for modifying"; + case -2: return "unexpected end of file"; + case -3: return "no serial number found in zone file"; + case -4: return "not enough space left for serialno"; + case -5: return "error on closing zone file"; + } + return ""; +} + +#ifdef SOA_TEST +const char *progname; +main (int argc, char *argv[]) +{ + ulong now; + int err; + char cmd[255]; + + progname = *argv; + + now = today_serialtime (); + printf ("now = %lu\n", now); + + if ( (err = inc_serial (argv[1]), 0) < 0 ) + error ("can't change serial errno=%d\n", err); + + snprintf (cmd, sizeof(cmd), "head -15 %s", argv[1]); + system (cmd); +} +#endif + +#ifdef COPYZONE_TEST +const char *progname; +main (int argc, char *argv[]) +{ + progname = *argv; + + if ( copyzonefile (argv[1], NULL) < 0 ) + error ("can't copy zone file %s\n", argv[1]); +} +#endif + +#ifdef URL_TEST +const char *progname; +main (int argc, char *argv[]) +{ + char *proto; + char *host; + char *port; + char *para; + char url[1024]; + + progname = *argv; + + proto = host = port = para = NULL; + + if ( --argc <= 0 ) + { + fprintf (stderr, "usage: url_test <url>\n"); + fprintf (stderr, "e.g.: url_test http://www.hznet.de:80/zkt\n"); + exit (1); + } + + strcpy (url, argv[1]); + parseurl (url, &proto, &host, &port, ¶); + + if ( proto ) + printf ("proto: \"%s\"\n", proto); + if ( host ) + printf ("host: \"%s\"\n", host); + if ( port ) + printf ("port: \"%s\"\n", port); + if ( para ) + printf ("para: \"%s\"\n", para); + +} +#endif + diff --git a/contrib/zkt/misc.h b/contrib/zkt/misc.h new file mode 100644 index 0000000..842a80d --- /dev/null +++ b/contrib/zkt/misc.h @@ -0,0 +1,84 @@ +/***************************************************************** +** +** @(#) misc.h (c) 2005 - 2007 Holger Zuleger hznet.de +** +** Copyright (c) 2005 - 2007, Holger Zuleger HZnet. All rights reserved. +** +** This software is open source. +** +** Redistribution and use in source and binary forms, with or without +** modification, are permitted provided that the following conditions +** are met: +** +** Redistributions of source code must retain the above copyright notice, +** this list of conditions and the following disclaimer. +** +** Redistributions in binary form must reproduce the above copyright notice, +** this list of conditions and the following disclaimer in the documentation +** and/or other materials provided with the distribution. +** +** Neither the name of Holger Zuleger HZnet nor the names of its contributors may +** be used to endorse or promote products derived from this software without +** specific prior written permission. +** +** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +** POSSIBILITY OF SUCH DAMAGE. +** +*****************************************************************/ +#ifndef MISC_H +# define MISC_H +# include <sys/types.h> +# include <stdarg.h> +# include <stdio.h> +# include "zconf.h" + +# define min(a, b) ((a) < (b) ? (a) : (b)) +# define max(a, b) ((a) > (b) ? (a) : (b)) + +extern const char *getnameappendix (const char *progname, const char *basename); +extern const char *getdefconfname (const char *view); +extern int fileexist (const char *name); +extern size_t filesize (const char *name); +extern int file_age (const char *fname); +extern int touch (const char *fname, time_t sec); +extern int linkfile (const char *fromfile, const char *tofile); +//extern int copyfile (const char *fromfile, const char *tofile); +extern int copyfile (const char *fromfile, const char *tofile, const char *dnskeyfile); +extern int copyzonefile (const char *fromfile, const char *tofile, const char *dnskeyfile); +extern int cmpfile (const char *file1, const char *file2); +extern char *str_delspace (char *s); +extern char *str_tolowerdup (const char *s); +extern int in_strarr (const char *str, char *const arr[], int cnt); +extern const char *splitpath (char *path, size_t size, const char *filename); +extern char *pathname (char *name, size_t size, const char *path, const char *file, const char *ext); +extern char *time2str (time_t sec, int precision); +extern char *time2isostr (time_t sec, int precision); +extern time_t timestr2time (const char *timestr); +extern int is_keyfilename (const char *name); +extern int is_directory (const char *name); +extern time_t file_mtime (const char *fname); +extern int is_exec_ok (const char *prog); +extern char *age2str (time_t sec); +extern time_t stop_timer (time_t start); +extern time_t start_timer (void); +extern void error (char *fmt, ...); +extern void fatal (char *fmt, ...); +extern void logmesg (char *fmt, ...); +extern void verbmesg (int verblvl, const zconf_t *conf, char *fmt, ...); +extern void logflush (void); +extern int inc_serial (const char *fname, int use_unixtime); +extern const char *inc_errstr (int err); +extern char *str_untaint (char *str); +extern char *str_chop (char *str, char c); +extern int is_dotfile (const char *name); +extern void parseurl (char *url, char **proto, char **host, char **port, char **para); +#endif diff --git a/contrib/zkt/ncparse.c b/contrib/zkt/ncparse.c new file mode 100644 index 0000000..e67f4b0 --- /dev/null +++ b/contrib/zkt/ncparse.c @@ -0,0 +1,317 @@ +/***************************************************************** +** +** @(#) ncparse.c -- A very simple named.conf parser +** +** Copyright (c) Apr 2005 - Nov 2007, Holger Zuleger HZnet. All rights reserved. +** +** This software is open source. +** +** Redistribution and use in source and binary forms, with or without +** modification, are permitted provided that the following conditions +** are met: +** +** Redistributions of source code must retain the above copyright notice, +** this list of conditions and the following disclaimer. +** +** Redistributions in binary form must reproduce the above copyright notice, +** this list of conditions and the following disclaimer in the documentation +** and/or other materials provided with the distribution. +** +** Neither the name of Holger Zuleger HZnet nor the names of its contributors may +** be used to endorse or promote products derived from this software without +** specific prior written permission. +** +** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +** POSSIBILITY OF SUCH DAMAGE. +** +*****************************************************************/ +# include <stdio.h> +# include <string.h> +# include <ctype.h> +# include <assert.h> +# include "debug.h" +# include "misc.h" +# include "log.h" +#define extern +# include "ncparse.h" +#undef extern + +# define TOK_STRING 257 +# define TOK_DIR 258 +# define TOK_INCLUDE 259 + +# define TOK_ZONE 260 +# define TOK_TYPE 261 +# define TOK_MASTER 262 +# define TOK_SLAVE 263 +# define TOK_STUB 264 +# define TOK_HINT 265 +# define TOK_FORWARD 266 +# define TOK_DELEGATION 267 +# define TOK_VIEW 268 + +# define TOK_FILE 270 + +# define TOK_UNKNOWN 511 + +/* list of "named.conf" keywords we are interested in */ +static struct KeyWords { + char *name; + int tok; +} kw[] = { + { "STRING", TOK_STRING }, + { "include", TOK_INCLUDE }, + { "directory", TOK_DIR }, + { "file", TOK_FILE }, + { "zone", TOK_ZONE }, +#if 0 /* we don't need the type keyword; master, slave etc. is sufficient */ + { "type", TOK_TYPE }, +#endif + { "master", TOK_MASTER }, + { "slave", TOK_SLAVE }, + { "stub", TOK_STUB }, + { "hint", TOK_HINT }, + { "forward", TOK_FORWARD }, + { "delegation-only", TOK_DELEGATION }, + { "view", TOK_VIEW }, + { NULL, TOK_UNKNOWN }, +}; + +#ifdef DBG +static const char *tok2str (int tok) +{ + int i; + + i = 0; + while ( kw[i].name && kw[i].tok != tok ) + i++; + + return kw[i].name; +} +#endif + +static int searchkw (const char *keyword) +{ + int i; + + dbg_val ("ncparse: searchkw (%s)\n", keyword); + i = 0; + while ( kw[i].name && strcmp (kw[i].name, keyword) != 0 ) + i++; + + return kw[i].tok; +} + +static int gettok (FILE *fp, char *val, size_t valsize) +{ + int lastc; + int c; + char buf[255+1]; + char *p; + char *bufend; + + *val = '\0'; + do { + while ( (c = getc (fp)) != EOF && isspace (c) ) + ; + + if ( c == '#' ) /* single line comment ? */ + { + while ( (c = getc (fp)) != EOF && c != '\n' ) + ; + continue; + } + + if ( c == EOF ) + return EOF; + + if ( c == '{' || c == '}' || c == ';' ) + continue; + + if ( c == '/' ) /* begin of C comment ? */ + { + if ( (c = getc (fp)) == '*' ) /* yes! */ + { + lastc = EOF; /* read until end of c comment */ + while ( (c = getc (fp)) != EOF && !(lastc == '*' && c == '/') ) + lastc = c; + } + else if ( c == '/' ) /* is it a C single line comment ? */ + { + while ( (c = getc (fp)) != EOF && c != '\n' ) + ; + } + else /* no ! */ + ungetc (c, fp); + continue; + } + + if ( c == '\"' ) + { + p = val; + bufend = val + valsize - 1; + while ( (c = getc (fp)) != EOF && p < bufend && c != '\"' ) + *p++ = c; + *p = '\0'; + /* if string buffer is too small, eat up rest of string */ + while ( c != EOF && c != '\"' ) + c = getc (fp); + + return TOK_STRING; + } + + p = buf; + bufend = buf + sizeof (buf) - 1; + do + *p++ = tolower (c); + while ( (c = getc (fp)) != EOF && p < bufend && isalpha (c) ); + *p = '\0'; + ungetc (c, fp); + + if ( (c = searchkw (buf)) != TOK_UNKNOWN ) + return c; + } while ( c != EOF ); + + return EOF; +} + +/***************************************************************** +** +** parse_namedconf (const char *filename, int (*func) ()) +** +** Very dumb named.conf parser. +** - In a zone declaration the _first_ keyword MUST be "type" +** - For every master zone "func (directory, zone, filename)" will be called +** +*****************************************************************/ +int parse_namedconf (const char *filename, char *dir, size_t dirsize, int (*func) ()) +{ + FILE *fp; + int tok; + char path[511+1]; +#if 1 /* this is potentialy too small for key data, but we don't need the keys... */ + char strval[255+1]; +#else + char strval[4095+1]; +#endif + char view[255+1]; + char zone[255+1]; + char zonefile[255+1]; + + dbg_val ("parse_namedconf: parsing file \"%s\" \n", filename); + + assert (filename != NULL); + assert (dir != NULL && dirsize != 0); + assert (func != NULL); + + view[0] = '\0'; + if ( (fp = fopen (filename, "r")) == NULL ) + return 0; + + while ( (tok = gettok (fp, strval, sizeof strval)) != EOF ) + { + if ( tok > 0 && tok < 256 ) + { + error ("parse_namedconf: token found with value %-10d: %c\n", tok, tok); + lg_mesg (LG_ERROR, "parse_namedconf: token found with value %-10d: %c", tok, tok); + } + else if ( tok == TOK_DIR ) + { + if ( gettok (fp, strval, sizeof (strval)) == TOK_STRING ) + { + dbg_val2 ("parse_namedconf: directory found \"%s\" (dir is %s)\n", + strval, dir); + if ( *strval != '/' && *dir ) + snprintf (path, sizeof (path), "%s/%s", dir, strval); + else + snprintf (path, sizeof (path), "%s", strval); + snprintf (dir, dirsize, "%s", path); + dbg_val ("parse_namedconf: new dir \"%s\" \n", dir); + } + } + else if ( tok == TOK_INCLUDE ) + { + if ( gettok (fp, strval, sizeof (strval)) == TOK_STRING ) + { + if ( *strval != '/' && *dir ) + snprintf (path, sizeof (path), "%s/%s", dir, strval); + else + snprintf (path, sizeof (path), "%s", strval); + if ( !parse_namedconf (path, dir, dirsize, func) ) + return 0; + } + else + { + error ("parse_namedconf: need a filename after \"include\"!\n"); + lg_mesg (LG_ERROR, "parse_namedconf: need a filename after \"include\"!"); + } + } + else if ( tok == TOK_VIEW ) + { + if ( gettok (fp, strval, sizeof (strval)) != TOK_STRING ) + continue; + snprintf (view, sizeof view, "%s", strval); /* store the name of the view */ + } + else if ( tok == TOK_ZONE ) + { + if ( gettok (fp, strval, sizeof (strval)) != TOK_STRING ) + continue; + snprintf (zone, sizeof zone, "%s", strval); /* store the name of the zone */ + + if ( gettok (fp, strval, sizeof (strval)) != TOK_MASTER ) + continue; + if ( gettok (fp, strval, sizeof (strval)) != TOK_FILE ) + continue; + if ( gettok (fp, strval, sizeof (strval)) != TOK_STRING ) + continue; + snprintf (zonefile, sizeof zonefile, "%s", strval); /* this is the filename */ + + dbg_val4 ("dir %s view %s zone %s file %s\n", dir, view, zone, zonefile); + (*func) (dir, view, zone, zonefile); + } + else + dbg_val3 ("%-10s(%d): %s\n", tok2str(tok), tok, strval); + } + fclose (fp); + + return 1; +} + +#ifdef TEST_NCPARSE +int printzone (const char *dir, const char *view, const char *zone, const char *file) +{ + printf ("printzone "); + printf ("view \"%s\" " , view); + printf ("zone \"%s\" " , zone); + printf ("file "); + if ( dir && *dir ) + printf ("%s/", dir, file); + printf ("%s", file); + putchar ('\n'); + return 1; +} + +char *progname; + +main (int argc, char *argv[]) +{ + char directory[255+1]; + + progname = argv[0]; + + directory[0] = '\0'; + if ( --argc == 0 ) + parse_namedconf ("/var/named/named.conf", directory, sizeof (directory), printzone); + else + parse_namedconf (argv[1], directory, sizeof (directory), printzone); +} +#endif diff --git a/contrib/zkt/ncparse.h b/contrib/zkt/ncparse.h new file mode 100644 index 0000000..4383c63 --- /dev/null +++ b/contrib/zkt/ncparse.h @@ -0,0 +1,41 @@ +/***************************************************************** +** +** @(#) ncparse.h -- headerfile for a simple named.conf parser +** +** Copyright (c) Apr 2005 - Nov 2007, Holger Zuleger HZnet. All rights reserved. +** +** This software is open source. +** +** Redistribution and use in source and binary forms, with or without +** modification, are permitted provided that the following conditions +** are met: +** +** Redistributions of source code must retain the above copyright notice, +** this list of conditions and the following disclaimer. +** +** Redistributions in binary form must reproduce the above copyright notice, +** this list of conditions and the following disclaimer in the documentation +** and/or other materials provided with the distribution. +** +** Neither the name of Holger Zuleger HZnet nor the names of its contributors may +** be used to endorse or promote products derived from this software without +** specific prior written permission. +** +** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +** POSSIBILITY OF SUCH DAMAGE. +** +*****************************************************************/ + +#ifndef NCPARSE_H +# define NCPARSE_H +extern int parse_namedconf (const char *filename, char *dir, size_t dirsize, int (*func) ()); +#endif diff --git a/contrib/zkt/rollover.c b/contrib/zkt/rollover.c new file mode 100644 index 0000000..0c9fee0 --- /dev/null +++ b/contrib/zkt/rollover.c @@ -0,0 +1,615 @@ +/***************************************************************** +** +** @(#) rollover.c -- The key rollover functions +** +** Copyright (c) Jan 2005 - May 2008, Holger Zuleger HZnet. All rights reserved. +** +** This software is open source. +** +** Redistribution and use in source and binary forms, with or without +** modification, are permitted provided that the following conditions +** are met: +** +** Redistributions of source code must retain the above copyright notice, +** this list of conditions and the following disclaimer. +** +** Redistributions in binary form must reproduce the above copyright notice, +** this list of conditions and the following disclaimer in the documentation +** and/or other materials provided with the distribution. +** +** Neither the name of Holger Zuleger HZnet nor the names of its contributors may +** be used to endorse or promote products derived from this software without +** specific prior written permission. +** +** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +** POSSIBILITY OF SUCH DAMAGE. +** +*****************************************************************/ +# include <stdio.h> +# include <string.h> +# include <stdlib.h> +# include <ctype.h> +# include <time.h> +# include <assert.h> +# include <dirent.h> +# include <errno.h> +# include <unistd.h> +#ifdef HAVE_CONFIG_H +# include <config.h> +#endif +# include "config_zkt.h" +# include "zconf.h" +# include "debug.h" + +# include "misc.h" +# include "zone.h" +# include "dki.h" +# include "log.h" +#define extern +# include "rollover.h" +#undef extern + +/***************************************************************** +** local function definition +*****************************************************************/ + +static dki_t *genkey (dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status) +{ + dki_t *dkp; + + if ( listp == NULL || domain == NULL ) + return NULL; + + if ( ksk ) + dkp = dki_new (dir, domain, DKI_KSK, conf->k_algo, conf->k_bits, conf->k_random, conf->k_life / DAYSEC); + else + dkp = dki_new (dir, domain, DKI_ZSK, conf->z_algo, conf->z_bits, conf->z_random, conf->z_life / DAYSEC); + dki_add (listp, dkp); + dki_setstatus (dkp, status); + + return dkp; +} + +static time_t get_exptime (dki_t *key, const zconf_t *z) +{ + time_t exptime; + + exptime = dki_exptime (key); + if ( exptime == 0L ) + { + if ( dki_lifetime (key) ) + exptime = dki_time (key) + dki_lifetime (key); + else + exptime = dki_time (key) + z->k_life; + } + + return exptime; +} + +/***************************************************************** +** is_parentdirsigned (name) +** Check if the parent directory of the zone specified by zp +** is a directory with a signed zone +** Returns 0 | 1 +*****************************************************************/ +static int is_parentdirsigned (const zone_t *zonelist, const zone_t *zp) +{ + char path[MAX_PATHSIZE+1]; + const char *ext; +#if 0 + const zconf_t *conf; + + /* check if there is a local config file to get the name of the zone file */ + snprintf (path, sizeof (path), "%s/../%s", zp->dir, LOCALCONF_FILE); + if ( fileexist (path) ) /* parent dir has local config file ? */ + conf = loadconfig (path, NULL); + else + conf = zp->conf; + + /* build the path of the .signed zone file */ + snprintf (path, sizeof (path), "%s/../%s.signed", conf->dir, conf->zonefile); + if ( conf != zp->conf ) /* if we read in a local config file.. */ + free (conf); /* ..free the memory used */ + +#else + /* currently we use the signed zone file name of the + * current directory for checking if the file exist. + * TODO: Instead we have to use the name of the zone file + * used in the parent dir (see above) + */ + + ext = strrchr (zp->sfile, '.'); + if ( ext && strcmp (zp->sfile, ".dsigned") == 0 ) /* is the current zone a dynamic one ? */ + /* hack: we are using the standard zone file name for a static zone here */ + snprintf (path, sizeof (path), "%s/../%s", zp->dir, "zone.db.signed"); + else + { +# if 1 + const zone_t *parent; + const char *parentname; + + /* find out name of parent */ + parentname = strchr (zp->zone, '.'); /* find first dot in zone name */ + if ( parentname == NULL ) /* no parent found! */ + return 0; + parentname += 1; /* skip '.' */ + + /* try to find parent zone in zonelist */ + if ( (parent = zone_search (zonelist, parentname)) == NULL ) + return 0; + snprintf (path, sizeof (path), "%s/%s", parent->dir, parent->sfile); +# else + snprintf (path, sizeof (path), "%s/../%s", zp->dir, zp->sfile); +# endif + } +#endif +lg_mesg (LG_DEBUG, "%s: is_parentdirsigned = %d fileexist (%s)\n", zp->zone, fileexist (path), path); + return fileexist (path); /* parent dir has zone.db.signed file ? */ +} + +/***************************************************************** +** create_parent_file () +*****************************************************************/ +static int create_parent_file (const char *fname, int phase, int ttl, const dki_t *dkp) +{ + FILE *fp; + + assert ( fname != NULL ); + + if ( dkp == NULL || (phase != 1 && phase != 2) ) + return 0; + + if ( (fp = fopen (fname, "w")) == NULL ) + fatal ("can\'t create new parentfile \"%s\"\n", fname); + + if ( phase == 1 ) + fprintf (fp, "; KSK rollover phase1 (new key generated but this is alread the old one)\n"); + else + fprintf (fp, "; KSK rollover phase2 (this is the new key)\n"); + + dki_prt_dnskeyttl (dkp, fp, ttl); + fclose (fp); + + return phase; +} + +/***************************************************************** +** get_parent_phase () +*****************************************************************/ +static int get_parent_phase (const char *file) +{ + FILE *fp; + int phase; + + if ( (fp = fopen (file, "r")) == NULL ) + return -1; + + phase = 0; + if ( fscanf (fp, "; KSK rollover phase%d", &phase) != 1 ) + phase = 0; + + fclose (fp); + return phase; +} + +/***************************************************************** +** kskrollover () +*****************************************************************/ +static int kskrollover (dki_t *ksk, zone_t *zonelist, zone_t *zp) +{ + char path[MAX_PATHSIZE+1]; + const zconf_t *z; + time_t lifetime; + time_t currtime; + time_t age; + int currphase; + int parfile_age; + int parent_propagation; + int parent_resign; + int parent_keyttl; + + + assert ( ksk != NULL ); + assert ( zp != NULL ); + + z = zp->conf; + /* check ksk lifetime */ + if ( (lifetime = dki_lifetime (ksk)) == 0 ) /* if lifetime of key is not set.. */ + lifetime = z->k_life; /* ..use global configured lifetime */ + + currtime = time (NULL); + age = dki_age (ksk, currtime); + + /* build path of parent-file */ + pathname (path, sizeof (path), zp->dir, "parent-", zp->zone); + + /* check if we have to change the ksk ? */ + if ( lifetime > 0 && age > lifetime && !fileexist (path) ) /* lifetime is over and no kskrollover in progress */ + { + /* we are using hierachical mode and the parent directory contains a signed zone ? */ + if ( z->keysetdir && strcmp (z->keysetdir, "..") == 0 && is_parentdirsigned (zonelist, zp) ) + { + verbmesg (2, z, "\t\tkskrollover: create new key signing key\n"); + /* create a new key: this is phase one of a double signing key rollover */ + ksk = genkey (&zp->keys, zp->dir, zp->zone, DKI_KSK, z, DKI_ACTIVE); + if ( ksk == NULL ) + { + lg_mesg (LG_ERROR, "\"%s\": unable to generate new ksk for double signing rollover", zp->zone); + return 0; + } + lg_mesg (LG_INFO, "\"%s\": kskrollover phase1: New key %d generated", zp->zone, ksk->tag); + + /* find the oldest active ksk to create the parent file */ + if ( (ksk = (dki_t *)dki_find (zp->keys, 1, 'a', 1)) == NULL ) + lg_mesg (LG_ERROR, "kskrollover phase1: Couldn't find the old active key\n"); + if ( !create_parent_file (path, 1, z->key_ttl, ksk) ) + lg_mesg (LG_ERROR, "Couldn't create parentfile %s\n", path); + + } + else /* print out a warning only */ + { + logmesg ("\t\tWarning: Lifetime of Key Signing Key %d exceeded: %s\n", + ksk->tag, str_delspace (age2str (age))); + lg_mesg (LG_WARNING, "\"%s\": lifetime of key signing key %d exceeded since %s", + zp->zone, ksk->tag, str_delspace (age2str (age - lifetime))); + } + return 1; + } + + /* now check if there is an ongoing key rollover */ + + /* check if parent-file already exist */ + if ( !fileexist (path) ) /* no parent-<zone> file found ? */ + return 0; /* ok, that's it */ + + /* check the ksk rollover phase we are in */ + currphase = get_parent_phase (path); /* this is the actual state we are in */ + parfile_age = file_age (path); + + /* TODO: Set these values to the one found in the parent dnssec.conf file */ + parent_propagation = 5 * MINSEC; + parent_resign = z->resign; + parent_keyttl = z->key_ttl; + + switch ( currphase ) + { + case 1: /* we are currently in state one (new ksk already generated) */ + if ( parfile_age > z->proptime + z->key_ttl ) /* can we go to phase 2 ? */ + { + verbmesg (2, z, "\t\tkskrollover: save new ksk in parent file\n"); + ksk = ksk->next; /* set ksk to new ksk */ + if ( !create_parent_file (path, currphase+1, z->key_ttl, ksk) ) + lg_mesg (LG_ERROR, "Couldn't create parentfile %s\n", path); + lg_mesg (LG_INFO, "\"%s\": kskrollover phase2: send new key %d to the parent zone", zp->zone, ksk->tag); + return 1; + } + else + verbmesg (2, z, "\t\tkskrollover: we are in state 1 and waiting for propagation of the new key (parentfile %d < prop %d + keyttl %d\n", parfile_age, z->proptime, z->key_ttl); + break; + case 2: /* we are currently in state two (propagation of new key to the parent) */ +#if 0 + if ( parfile_age >= parent_propagation + parent_resign + parent_keyttl ) /* can we go to phase 3 ? */ +#else + if ( parfile_age >= parent_propagation + parent_keyttl ) /* can we go to phase 3 ? */ +#endif + { + /* remove the parentfile */ + unlink (path); + + /* remove oldest key from list and mark file as removed */ + zp->keys = dki_remove (ksk); + + // verbmesg (2, z, "kskrollover: remove parentfile and rename old key to k<zone>+<algo>+<tag>.key\n"); + verbmesg (2, z, "\t\tkskrollover: remove parentfile and rename old key to k%s+%03d+%05d.key\n", + ksk->name, ksk->algo, ksk->tag); + lg_mesg (LG_INFO, "\"%s\": kskrollover phase3: Remove old key %d", zp->zone, ksk->tag); + return 1; + } + else +#if 0 + verbmesg (2, z, "\t\tkskrollover: we are in state 2 and waiting for parent propagation (parentfile %d < parentprop %d + parentresig %d + parentkeyttl %d\n", parfile_age, parent_propagation, parent_resign, parent_keyttl); +#else + verbmesg (2, z, "\t\tkskrollover: we are in state 2 and waiting for parent propagation (parentfile %d < parentprop %d + parentkeyttl %d\n", parfile_age, parent_propagation, parent_keyttl); +#endif + break; + default: + assert ( currphase == 1 || currphase == 2 ); + /* NOTREACHED */ + } + + return 0; +} + +/***************************************************************** +** global function definition +*****************************************************************/ + +/***************************************************************** +** ksk5011status () +** Check if the list of zone keys containing a revoked or a +** standby key. +** Remove the revoked key if it is older than 30 days. +** If the lifetime of the active key is reached, do a rfc5011 +** keyrollover. +** Returns an int with the rightmost bit set if a resigning +** is required. The second rightmost bit is set, if it is an +** rfc5011 zone. +*****************************************************************/ +int ksk5011status (dki_t **listp, const char *dir, const char *domain, const zconf_t *z) +{ + dki_t *standbykey; + dki_t *activekey; + dki_t *dkp; + dki_t *prev; + time_t currtime; + time_t exptime; + int ret; + + assert ( listp != NULL ); + assert ( z != NULL ); + + if ( z->k_life == 0 ) + return 0; + + verbmesg (1, z, "\tCheck RFC5011 status\n"); + + ret = 0; + currtime = time (NULL); + + /* go through the list of key signing keys, */ + /* remove revoked keys and set a pointer to standby and active key */ + standbykey = activekey = NULL; + prev = NULL; + for ( dkp = *listp; dkp && dki_isksk (dkp); dkp = dkp->next ) + { + exptime = get_exptime (dkp, z); + if ( dki_isrevoked (dkp) ) + lg_mesg (LG_DEBUG, "Rev Exptime: %s", time2str (exptime, 's')); + + /* revoked key is older than 30 days? */ + if ( dki_isrevoked (dkp) && currtime > exptime + (DAYSEC * 30) ) + { + verbmesg (1, z, "\tRemove revoked key %d which is older than 30 days\n", dkp->tag); + lg_mesg (LG_NOTICE, "zone \"%s\": removing revoked key %d", domain, dkp->tag); + + /* remove key from list and mark file as removed */ + if ( prev == NULL ) /* at the beginning of the list ? */ + *listp = dki_remove (dkp); + else /* anywhere in the middle of the list */ + prev->next = dki_remove (dkp); + + ret |= 01; /* from now on a resigning is neccessary */ + } + + /* remember oldest standby and active key */ + if ( dki_status (dkp) == DKI_PUBLISHED ) + standbykey = dkp; + if ( dki_status (dkp) == DKI_ACTIVE ) + activekey = dkp; + } + + if ( standbykey == NULL && ret == 0 ) /* no standby key and also no revoked key found ? */ + return ret; /* Seems that this is a non rfc5011 zone! */ + + ret |= 02; /* Zone looks like a rfc5011 zone */ + + exptime = get_exptime (activekey, z); +#if 0 + lg_mesg (LG_DEBUG, "Act Exptime: %s", time2str (exptime, 's')); + lg_mesg (LG_DEBUG, "Stb time: %s", time2str (dki_time (standbykey), 's')); + lg_mesg (LG_DEBUG, "Stb time+wait: %s", time2str (dki_time (standbykey) + min (DAYSEC * 30, z->key_ttl), 's')); +#endif + /* At the time we first introduce a standby key, the lifetime of the current KSK should not be expired, */ + /* otherwise we run into an (nearly) immediate key rollover! */ + if ( currtime > exptime && currtime > dki_time (standbykey) + min (DAYSEC * 30, z->key_ttl) ) + { + lg_mesg (LG_NOTICE, "\"%s\": starting rfc5011 rollover", domain); + verbmesg (1, z, "\tLifetime of Key Signing Key %d exceeded (%s): Starting rfc5011 rollover!\n", + activekey->tag, str_delspace (age2str (dki_age (activekey, currtime)))); + verbmesg (2, z, "\t\t=>Generating new standby key signing key\n"); + dkp = genkey (listp, dir, domain, DKI_KSK, z, DKI_PUBLISHED); /* gentime == now; lifetime = z->k_life; exp = 0 */ + if ( !dkp ) + { + error ("\tcould not generate new standby KSK\n"); + lg_mesg (LG_ERROR, "\%s\": can't generate new standby KSK", domain); + } + else + lg_mesg (LG_INFO, "\"%s\": generated new standby KSK %d", domain, dkp->tag); + + /* standby key gets active */ + verbmesg (2, z, "\t\t=>Activating old standby key %d \n", standbykey->tag); + dki_setstatus (standbykey, DKI_ACT); + + /* active key should be revoked */ + verbmesg (2, z, "\t\t=>Revoking old active key %d \n", activekey->tag); + dki_setstatus (activekey, DKI_REVOKED); + dki_setexptime (activekey, currtime); /* now the key is expired */ + + ret |= 01; /* resigning neccessary */ + } + + return ret; +} + +/***************************************************************** +** kskstatus () +** Check the ksk status of a zone if a ksk lifetime is set. +** If there is no key signing key present create a new one. +** Prints out a warning message if the lifetime of the current +** key signing key is over. +** Returns 1 if a resigning of the zone is neccessary, otherwise +** the function returns 0. +*****************************************************************/ +int kskstatus (zone_t *zonelist, zone_t *zp) +{ + dki_t *akey; + const zconf_t *z; + + assert ( zp != NULL ); + + z = zp->conf; + if ( z->k_life == 0 ) + return 0; + + verbmesg (1, z, "\tCheck KSK status\n"); + /* check if a key signing key exist ? */ + akey = (dki_t *)dki_find (zp->keys, 1, 'a', 1); + if ( akey == NULL ) + { + verbmesg (1, z, "\tNo active KSK found: generate new one\n"); + akey = genkey (&zp->keys, zp->dir, zp->zone, DKI_KSK, z, DKI_ACTIVE); + if ( !akey ) + { + error ("\tcould not generate new KSK\n"); + lg_mesg (LG_ERROR, "\"%s\": can't generate new KSK: \"%s\"", + zp->zone, dki_geterrstr()); + } + else + lg_mesg (LG_INFO, "\"%s\": generated new KSK %d", zp->zone, akey->tag); + return akey != NULL; /* return value of 1 forces a resigning of the zone */ + } + else /* try to start a full automatic ksk rollover */ + kskrollover (akey, zonelist, zp); + + return 0; +} + +/***************************************************************** +** zskstatus () +** Check the zsk status of a zone. +** Returns 1 if a resigning of the zone is neccessary, otherwise +** the function returns 0. +*****************************************************************/ +int zskstatus (dki_t **listp, const char *dir, const char *domain, const zconf_t *z) +{ + dki_t *akey; + dki_t *nextkey; + dki_t *dkp, *last; + int keychange; + time_t lifetime; + time_t age; + time_t currtime; + + assert ( listp != NULL ); + /* dir can be NULL */ + assert ( domain != NULL ); + assert ( z != NULL ); + + currtime = time (NULL); + + verbmesg (1, z, "\tCheck ZSK status\n"); + dbg_val("zskstatus for %s \n", domain); + keychange = 0; + /* Is the depreciated key expired ? */ + /* As mentioned by olaf, this is the max_ttl of all the rr in the zone */ + lifetime = z->max_ttl + z->proptime; /* draft kolkman/gieben */ + last = NULL; + dkp = *listp; + while ( dkp ) + if ( !dki_isksk (dkp) && + dki_status (dkp) == DKI_DEPRECIATED && + dki_age (dkp, currtime) > lifetime ) + { + keychange = 1; + verbmesg (1, z, "\tLifetime(%d sec) of depreciated key %d exceeded (%d sec)\n", + lifetime, dkp->tag, dki_age (dkp, currtime)); + lg_mesg (LG_INFO, "\"%s\": old ZSK %d removed", domain, dkp->tag); + dkp = dki_destroy (dkp); /* delete the keyfiles */ + dbg_msg("zskstatus: depreciated key removed "); + if ( last ) + last->next = dkp; + else + *listp = dkp; + verbmesg (1, z, "\t\t->remove it\n"); + } + else + { + last = dkp; + dkp = dkp->next; + } + + /* check status of active key */ + dbg_msg("zskstatus check status of active key "); + lifetime = z->z_life; /* global configured lifetime for zsk */ + akey = (dki_t *)dki_find (*listp, 0, 'a', 1); + if ( akey == NULL && lifetime > 0 ) /* no active key found */ + { + verbmesg (1, z, "\tNo active ZSK found: generate new one\n"); + akey = genkey (listp, dir, domain, DKI_ZSK, z, DKI_ACTIVE); + lg_mesg (LG_INFO, "\"%s\": generated new ZSK %d", domain, akey->tag); + } + else /* active key exist */ + { + if ( dki_lifetime (akey) ) + lifetime = dki_lifetime (akey); /* set lifetime to lt of active key */ + + /* lifetime of active key is expired and published key exist ? */ + age = dki_age (akey, currtime); + if ( lifetime > 0 && age > lifetime - (OFFSET) ) + { + verbmesg (1, z, "\tLifetime(%d +/-%d sec) of active key %d exceeded (%d sec)\n", + lifetime, (OFFSET) , akey->tag, dki_age (akey, currtime) ); + + /* depreciate the key only if there is another active or published key */ + if ( (nextkey = (dki_t *)dki_find (*listp, 0, 'a', 2)) == NULL || + nextkey == akey ) + nextkey = (dki_t *)dki_find (*listp, 0, 'p', 1); + + /* Is the published key sufficient long in the zone ? */ + /* As mentioned by Olaf, this should be the ttl of the DNSKEY RR ! */ + if ( nextkey && dki_age (nextkey, currtime) > z->key_ttl + z->proptime ) + { + keychange = 1; + verbmesg (1, z, "\t\t->depreciate it\n"); + dki_setstatus (akey, 'd'); /* depreciate the active key */ + verbmesg (1, z, "\t\t->activate published key %d\n", nextkey->tag); + dki_setstatus (nextkey, 'a'); /* activate published key */ + lg_mesg (LG_NOTICE, "\"%s\": lifetime of zone signing key %d exceeded: ZSK rollover done", domain, akey->tag); + akey = nextkey; + nextkey = NULL; + } + else + { + verbmesg (1, z, "\t\t->waiting for published key\n"); + lg_mesg (LG_NOTICE, "\"%s\": lifetime of zone signing key %d exceeded since %s: ZSK rollover deferred: waiting for published key", + domain, akey->tag, str_delspace (age2str (age - lifetime))); + } + } + } + /* Should we add a new publish key? This is neccessary if the active + * key will be expired at the next re-signing interval (The published + * time will be checked just before the active key will be removed. + * See above). + */ + nextkey = (dki_t *)dki_find (*listp, 0, 'p', 1); + if ( nextkey == NULL && lifetime > 0 && (akey == NULL || + dki_age (akey, currtime + z->resign) > lifetime - (OFFSET)) ) + { + keychange = 1; + verbmesg (1, z, "\tNew key for publishing needed\n"); + nextkey = genkey (listp, dir, domain, DKI_ZSK, z, DKI_PUB); + + if ( nextkey ) + { + verbmesg (1, z, "\t\t->creating new key %d\n", nextkey->tag); + lg_mesg (LG_INFO, "\"%s\": new key %d generated for publishing", domain, nextkey->tag); + } + else + { + error ("\tcould not generate new ZSK: \"%s\"\n", dki_geterrstr()); + lg_mesg (LG_ERROR, "\"%s\": can't generate new ZSK: \"%s\"", + domain, dki_geterrstr()); + } + } + return keychange; +} + diff --git a/contrib/zkt/rollover.h b/contrib/zkt/rollover.h new file mode 100644 index 0000000..8d53293 --- /dev/null +++ b/contrib/zkt/rollover.h @@ -0,0 +1,52 @@ +/***************************************************************** +** +** @(#) rollover.h (c) 2005 - 2008 Holger Zuleger hznet.de +** +** Copyright (c) 2005 - 2008, Holger Zuleger HZnet. All rights reserved. +** +** This software is open source. +** +** Redistribution and use in source and binary forms, with or without +** modification, are permitted provided that the following conditions +** are met: +** +** Redistributions of source code must retain the above copyright notice, +** this list of conditions and the following disclaimer. +** +** Redistributions in binary form must reproduce the above copyright notice, +** this list of conditions and the following disclaimer in the documentation +** and/or other materials provided with the distribution. +** +** Neither the name of Holger Zuleger HZnet nor the names of its contributors may +** be used to endorse or promote products derived from this software without +** specific prior written permission. +** +** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +** POSSIBILITY OF SUCH DAMAGE. +** +*****************************************************************/ +#ifndef ROLLOVER_H +# define ROLLOVER_H +# include <sys/types.h> +# include <stdarg.h> +# include <stdio.h> + +#ifndef ZCONF_H +# include "zconf.h" +#endif + +# define OFFSET ((int) (2.5 * MINSEC)) + +extern int ksk5011status (dki_t **listp, const char *dir, const char *domain, const zconf_t *z); +extern int kskstatus (zone_t *zonelist, zone_t *zp); +extern int zskstatus (dki_t **listp, const char *dir, const char *domain, const zconf_t *z); +#endif diff --git a/contrib/zkt/strlist.c b/contrib/zkt/strlist.c new file mode 100644 index 0000000..81a84bc --- /dev/null +++ b/contrib/zkt/strlist.c @@ -0,0 +1,166 @@ +/***************************************************************** +** +** @(#) strlist.c (c) Mar 2005 Holger Zuleger +** +** TODO: Maybe we should use a special type for the list: +** typedef struct { char cnt; char list[0+1]; } strlist__t; +** This results in better type control of the function parameters +** +** Copyright (c) Mar 2005, Holger Zuleger HZnet. All rights reserved. +** +** This software is open source. +** +** Redistribution and use in source and binary forms, with or without +** modification, are permitted provided that the following conditions +** are met: +** +** Redistributions of source code must retain the above copyright notice, +** this list of conditions and the following disclaimer. +** +** Redistributions in binary form must reproduce the above copyright notice, +** this list of conditions and the following disclaimer in the documentation +** and/or other materials provided with the distribution. +** +** Neither the name of Holger Zuleger HZnet nor the names of its contributors may +** be used to endorse or promote products derived from this software without +** specific prior written permission. +** +** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +** POSSIBILITY OF SUCH DAMAGE. +** +*****************************************************************/ + +#ifdef TEST +# include <stdio.h> +#endif +#include <string.h> +#include <stdlib.h> +#include "strlist.h" + + +/***************************************************************** +** prepstrlist (str, delim) +** prepare a string with delimeters to a so called strlist. +** 'str' is a list of substrings delimeted by 'delim' +** The # of strings is stored at the first byte of the allocated +** memory. Every substring is stored as a '\0' terminated C-String. +** The function returns a pointer to dynamic allocated memory +*****************************************************************/ +char *prepstrlist (const char *str, const char *delim) +{ + char *p; + char *new; + int len; + int cnt; + + if ( str == NULL ) + return NULL; + + len = strlen (str); + if ( (new = malloc (len + 2)) == NULL ) + return new; + + cnt = 0; + p = new; + for ( *p++ = '\0'; *str; str++ ) + { + if ( strchr (delim, *str) == NULL ) + *p++ = *str; + else if ( p[-1] != '\0' ) + { + *p++ = '\0'; + cnt++; + } + } + *p = '\0'; /*terminate string */ + if ( p[-1] != '\0' ) + cnt++; + *new = cnt & 0xFF; + + return new; +} + +/***************************************************************** +** isinlist (str, list) +** check if 'list' contains 'str' +*****************************************************************/ +int isinlist (const char *str, const char *list) +{ + int cnt; + + if ( list == NULL || *list == '\0' ) + return 1; + if ( str == NULL || *str == '\0' ) + return 0; + + cnt = *list; + while ( cnt-- > 0 ) + { + list++; + if ( strcmp (str, list) == 0 ) + return 1; + list += strlen (list); + } + + return 0; +} + +/***************************************************************** +** unprepstrlist (list, delimc) +*****************************************************************/ +char *unprepstrlist (char *list, char delimc) +{ + char *p; + int cnt; + + cnt = *list & 0xFF; + p = list; + for ( *p++ = delimc; cnt > 1; p++ ) + if ( *p == '\0' ) + { + *p = delimc; + cnt--; + } + + return list; +} + +#ifdef TEST +main (int argc, char *argv[]) +{ + FILE *fp; + char *p; + char *searchlist = NULL; + char group[255]; + + if ( argc > 1 ) + searchlist = prepstrlist (argv[1], LISTDELIM); + + printf ("searchlist: %d entrys: \n", searchlist[0]); + if ( (fp = fopen ("/etc/group", "r")) == NULL ) + exit (fprintf (stderr, "can't open file\n")); + + while ( fscanf (fp, "%[^:]:%*[^\n]\n", group) != EOF ) + if ( isinlist (group, searchlist) ) + printf ("%s\n", group); + + fclose (fp); + + printf ("searchlist: \"%s\"\n", unprepstrlist (searchlist, *LISTDELIM)); + for ( p = searchlist; *p; p++ ) + if ( *p < 32 ) + printf ("<%d>", *p); + else + printf ("%c", *p); + printf ("\n"); +} +#endif diff --git a/contrib/zkt/strlist.h b/contrib/zkt/strlist.h new file mode 100644 index 0000000..fb87356 --- /dev/null +++ b/contrib/zkt/strlist.h @@ -0,0 +1,46 @@ +/***************************************************************** +** +** @(#) strlist.h (c) Mar 2005 Holger Zuleger +** +** Copyright (c) May 2005 Holger Zuleger HZnet. All rights reserved. +** +** This software is open source. +** +** Redistribution and use in source and binary forms, with or without +** modification, are permitted provided that the following conditions +** are met: +** +** Redistributions of source code must retain the above copyright notice, +** this list of conditions and the following disclaimer. +** +** Redistributions in binary form must reproduce the above copyright notice, +** this list of conditions and the following disclaimer in the documentation +** and/or other materials provided with the distribution. +** +** Neither the name of Holger Zuleger HZnet nor the names of its contributors may +** be used to endorse or promote products derived from this software without +** specific prior written permission. +** +** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +** POSSIBILITY OF SUCH DAMAGE. +** +*****************************************************************/ + +#ifndef STRLIST_H +# define STRLIST_H + +# define LISTDELIM " ,:;|^\t" + +char *prepstrlist (const char *str, const char *delim); +int isinlist (const char *str, const char *list); +char *unprepstrlist (char *list, char delimc); +#endif diff --git a/contrib/zkt/tags b/contrib/zkt/tags new file mode 100644 index 0000000..1471aff --- /dev/null +++ b/contrib/zkt/tags @@ -0,0 +1,324 @@ +!_TAG_FILE_FORMAT 2 /extended format; --format=1 will not append ;" to lines/ +!_TAG_FILE_SORTED 1 /0=unsorted, 1=sorted, 2=foldcase/ +!_TAG_PROGRAM_AUTHOR Darren Hiebert /dhiebert@users.sourceforge.net/ +!_TAG_PROGRAM_NAME Exuberant Ctags // +!_TAG_PROGRAM_URL http://ctags.sourceforge.net /official site/ +!_TAG_PROGRAM_VERSION 5.5.4 // +CONF_ALGO zconf.c /^ CONF_ALGO,$/;" e file: +CONF_BOOL zconf.c /^ CONF_BOOL,$/;" e file: +CONF_COMMENT zconf.c /^ CONF_COMMENT,$/;" e file: +CONF_END zconf.c /^ CONF_END = 0,$/;" e file: +CONF_FACILITY zconf.c /^ CONF_FACILITY,$/;" e file: +CONF_INT zconf.c /^ CONF_INT,$/;" e file: +CONF_LEVEL zconf.c /^ CONF_LEVEL,$/;" e file: +CONF_SERIAL zconf.c /^ CONF_SERIAL,$/;" e file: +CONF_STRING zconf.c /^ CONF_STRING,$/;" e file: +CONF_TIMEINT zconf.c /^ CONF_TIMEINT,$/;" e file: +ISCOMMENT zconf.c 68;" d file: +ISDELIM zconf.c 70;" d file: +ISTRUE zconf.c 66;" d file: +KEYSET_FILE_PFX dnssec-signer.c 669;" d file: +KeyWords ncparse.c /^static struct KeyWords {$/;" s file: +MAXFNAME log.c 97;" d file: +STRCONFIG_DELIMITER zconf.c 505;" d file: +TAINTEDCHARS misc.c 60;" d file: +TOK_DELEGATION ncparse.c 59;" d file: +TOK_DIR ncparse.c 49;" d file: +TOK_FILE ncparse.c 62;" d file: +TOK_FORWARD ncparse.c 58;" d file: +TOK_HINT ncparse.c 57;" d file: +TOK_INCLUDE ncparse.c 50;" d file: +TOK_MASTER ncparse.c 54;" d file: +TOK_SLAVE ncparse.c 55;" d file: +TOK_STRING ncparse.c 48;" d file: +TOK_STUB ncparse.c 56;" d file: +TOK_TYPE ncparse.c 53;" d file: +TOK_UNKNOWN ncparse.c 64;" d file: +TOK_VIEW ncparse.c 60;" d file: +TOK_ZONE ncparse.c 52;" d file: +a domaincmp.c /^ char *a;$/;" m file: +add2zonelist dnssec-signer.c /^static int add2zonelist (const char *dir, const char *view, const char *zone, const char *file)$/;" f file: +age2str misc.c /^char *age2str (time_t sec)$/;" f +ageflag dnssec-zkt.c /^int ageflag = 0;$/;" v +b domaincmp.c /^ char *b;$/;" m file: +bool2str zconf.c /^static const char *bool2str (int val)$/;" f file: +check_keydb_timestamp dnssec-signer.c /^static int check_keydb_timestamp (dki_t *keylist, time_t reftime)$/;" f file: +checkconfig zconf.c /^int checkconfig (const zconf_t *z)$/;" f +cmdline zconf.c /^ int cmdline; \/* is this a command line parameter ? *\/$/;" m file: +cmpfile misc.c /^int cmpfile (const char *file1, const char *file2)$/;" f +config dnssec-signer.c /^static zconf_t *config;$/;" v file: +config zconf.c /^static zconf_t *config;$/;" v file: +confpara zconf.c /^static zconf_para_t confpara[] = {$/;" v file: +copy_keyset dnssec-signer.c /^static void copy_keyset (const char *dir, const char *domain, const zconf_t *conf)$/;" f file: +copyfile misc.c /^int copyfile (const char *fromfile, const char *tofile, const char *dnskeyfile)$/;" f +copyzonefile misc.c /^int copyzonefile (const char *fromfile, const char *tofile, const char *dnskeyfile)$/;" f +create_parent_file dnssec-zkt.c /^static int create_parent_file (const char *fname, int phase, int ttl, const dki_t *dkp)$/;" f file: +create_parent_file rollover.c /^static int create_parent_file (const char *fname, int phase, int ttl, const dki_t *dkp)$/;" f file: +createkey dnssec-zkt.c /^static void createkey (const char *keyname, const dki_t *list, const zconf_t *conf)$/;" f file: +ctype_t zconf.c /^} ctype_t;$/;" t file: +def zconf.c /^static zconf_t def = {$/;" v file: +dirflag dnssec-zkt.c /^static int dirflag = 0;$/;" v file: +dirname dnssec-signer.c /^const char *dirname = NULL;$/;" v +dist_and_reload dnssec-signer.c /^static int dist_and_reload (const zone_t *zp)$/;" f file: +dki_add dki.c /^dki_t *dki_add (dki_t **list, dki_t *new)$/;" f +dki_age dki.c /^int dki_age (const dki_t *dkp, time_t curr)$/;" f +dki_algo2str dki.c /^char *dki_algo2str (int algo)$/;" f +dki_allcmp dki.c /^int dki_allcmp (const dki_t *a, const dki_t *b)$/;" f +dki_alloc dki.c /^static dki_t *dki_alloc ()$/;" f file: +dki_cmp dki.c /^int dki_cmp (const dki_t *a, const dki_t *b)$/;" f +dki_destroy dki.c /^dki_t *dki_destroy (dki_t *dkp)$/;" f +dki_estr dki.c /^static char dki_estr[255+1];$/;" v file: +dki_exptime dki.c /^time_t dki_exptime (const dki_t *dkp)$/;" f +dki_find dki.c /^const dki_t *dki_find (const dki_t *list, int ksk, int status, int no)$/;" f +dki_free dki.c /^void dki_free (dki_t *dkp)$/;" f +dki_freelist dki.c /^void dki_freelist (dki_t **listp)$/;" f +dki_gentime dki.c /^time_t dki_gentime (const dki_t *dkp)$/;" f +dki_geterrstr dki.c /^const char *dki_geterrstr ()$/;" f +dki_getflag dki.c /^dk_flag_t dki_getflag (const dki_t *dkp, time_t curr)$/;" f +dki_isactive dki.c /^int dki_isactive (const dki_t *dkp)$/;" f +dki_isdepreciated dki.c /^int dki_isdepreciated (const dki_t *dkp)$/;" f +dki_isksk dki.c /^int dki_isksk (const dki_t *dkp)$/;" f +dki_ispublished dki.c /^int dki_ispublished (const dki_t *dkp)$/;" f +dki_isrevoked dki.c /^int dki_isrevoked (const dki_t *dkp)$/;" f +dki_lifetime dki.c /^time_t dki_lifetime (const dki_t *dkp)$/;" f +dki_lifetimedays dki.c /^ushort dki_lifetimedays (const dki_t *dkp)$/;" f +dki_namecmp dki.c /^int dki_namecmp (const dki_t *a, const dki_t *b)$/;" f +dki_new dki.c /^dki_t *dki_new (const char *dir, const char *name, int ksk, int algo, int bitsize, const char *rfile, int lf_days)$/;" f +dki_prt_comment dki.c /^int dki_prt_comment (const dki_t *dkp, FILE *fp)$/;" f +dki_prt_dnskey dki.c /^int dki_prt_dnskey (const dki_t *dkp, FILE *fp)$/;" f +dki_prt_dnskey_raw dki.c /^int dki_prt_dnskey_raw (const dki_t *dkp, FILE *fp)$/;" f +dki_prt_dnskeyttl dki.c /^int dki_prt_dnskeyttl (const dki_t *dkp, FILE *fp, int ttl)$/;" f +dki_prt_trustedkey dki.c /^int dki_prt_trustedkey (const dki_t *dkp, FILE *fp)$/;" f +dki_read dki.c /^dki_t *dki_read (const char *dirname, const char *filename)$/;" f +dki_readdir dki.c /^int dki_readdir (const char *dir, dki_t **listp, int recursive)$/;" f +dki_readfile dki.c /^static int dki_readfile (FILE *fp, dki_t *dkp)$/;" f file: +dki_remove dki.c /^dki_t *dki_remove (dki_t *dkp)$/;" f +dki_search dki.c /^const dki_t *dki_search (const dki_t *list, int tag, const char *name)$/;" f +dki_setexptime dki.c /^time_t dki_setexptime (dki_t *dkp, time_t sec)$/;" f +dki_setflag dki.c /^dk_flag_t dki_setflag (dki_t *dkp, dk_flag_t flag)$/;" f +dki_setlifetime dki.c /^ushort dki_setlifetime (dki_t *dkp, int days)$/;" f +dki_setstat dki.c /^static int dki_setstat (dki_t *dkp, int status, int preserve_time)$/;" f file: +dki_setstatus dki.c /^int dki_setstatus (dki_t *dkp, int status)$/;" f +dki_setstatus_preservetime dki.c /^int dki_setstatus_preservetime (dki_t *dkp, int status)$/;" f +dki_status dki.c /^dk_status_t dki_status (const dki_t *dkp)$/;" f +dki_statusstr dki.c /^const char *dki_statusstr (const dki_t *dkp)$/;" f +dki_tadd dki.c /^dki_t *dki_tadd (dki_t **tree, dki_t *new)$/;" f +dki_tagcmp dki.c /^int dki_tagcmp (const dki_t *a, const dki_t *b)$/;" f +dki_tfree dki.c /^void dki_tfree (dki_t **tree)$/;" f +dki_time dki.c /^time_t dki_time (const dki_t *dkp)$/;" f +dki_timecmp dki.c /^int dki_timecmp (const dki_t *a, const dki_t *b)$/;" f +dki_tsearch dki.c /^const dki_t *dki_tsearch (const dki_t *tree, int tag, const char *name)$/;" f +dki_unsetflag dki.c /^dk_flag_t dki_unsetflag (dki_t *dkp, dk_flag_t flag)$/;" f +dki_writeinfo dki.c /^static int dki_writeinfo (const dki_t *dkp, const char *path)$/;" f file: +domaincmp domaincmp.c /^int domaincmp (const char *a, const char *b)$/;" f +dosigning dnssec-signer.c /^static int dosigning (zone_t *zonelist, zone_t *zp)$/;" f file: +dupconfig zconf.c /^zconf_t *dupconfig (const zconf_t *conf)$/;" f +dyn_update_freeze dnssec-signer.c /^static int dyn_update_freeze (const char *domain, const zconf_t *z, int freeze)$/;" f file: +dynamic_zone dnssec-signer.c /^static int dynamic_zone = 0; \/* dynamic zone ? *\/$/;" v file: +error misc.c /^void error (char *fmt, ...)$/;" f +ex domaincmp.c /^} ex[] = {$/;" v file: +exptimeflag dnssec-zkt.c /^int exptimeflag = 0;$/;" v +extern dki.c 59;" d file: +extern dki.c 61;" d file: +extern domaincmp.c 42;" d file: +extern domaincmp.c 44;" d file: +extern log.c 55;" d file: +extern log.c 57;" d file: +extern misc.c 56;" d file: +extern misc.c 58;" d file: +extern ncparse.c 44;" d file: +extern ncparse.c 46;" d file: +extern rollover.c 57;" d file: +extern rollover.c 59;" d file: +extern zconf.c 61;" d file: +extern zconf.c 63;" d file: +extern zkt.c 47;" d file: +extern zkt.c 49;" d file: +extern zone.c 53;" d file: +extern zone.c 55;" d file: +fatal misc.c /^void fatal (char *fmt, ...)$/;" f +file_age misc.c /^int file_age (const char *fname)$/;" f +file_mtime misc.c /^time_t file_mtime (const char *fname)$/;" f +fileexist misc.c /^int fileexist (const char *name)$/;" f +filesize misc.c /^size_t filesize (const char *name)$/;" f +force dnssec-signer.c /^static int force = 0;$/;" v file: +genkey rollover.c /^static dki_t *genkey (dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status)$/;" f file: +get_exptime rollover.c /^static time_t get_exptime (dki_t *key, const zconf_t *z)$/;" f file: +get_parent_phase dnssec-zkt.c /^static int get_parent_phase (const char *file)$/;" f file: +get_parent_phase rollover.c /^static int get_parent_phase (const char *file)$/;" f file: +getdefconfname misc.c /^const char *getdefconfname (const char *view)$/;" f +getnameappendix misc.c /^const char *getnameappendix (const char *progname, const char *basename)$/;" f +gettok ncparse.c /^static int gettok (FILE *fp, char *val, size_t valsize)$/;" f file: +goto_labelstart domaincmp.c 47;" d file: +headerflag dnssec-zkt.c /^int headerflag = 1;$/;" v +in_strarr misc.c /^int in_strarr (const char *str, char *const arr[], int cnt)$/;" f +inc_errstr misc.c /^const char *inc_errstr (int err)$/;" f +inc_serial misc.c /^int inc_serial (const char *fname, int use_unixtime)$/;" f +inc_soa_serial misc.c /^static int inc_soa_serial (FILE *fp, int use_unixtime)$/;" f file: +is_directory misc.c /^int is_directory (const char *name)$/;" f +is_dotfile misc.c /^int is_dotfile (const char *name)$/;" f +is_exec_ok misc.c /^int is_exec_ok (const char *prog)$/;" f +is_keyfilename misc.c /^int is_keyfilename (const char *name)$/;" f +is_parentdirsigned rollover.c /^static int is_parentdirsigned (const zone_t *zonelist, const zone_t *zp)$/;" f file: +isinlist strlist.c /^int isinlist (const char *str, const char *list)$/;" f +ksk5011status rollover.c /^int ksk5011status (dki_t **listp, const char *dir, const char *domain, const zconf_t *z)$/;" f +ksk_roll dnssec-zkt.c /^static void ksk_roll (const char *keyname, int phase, const dki_t *list, const zconf_t *conf)$/;" f file: +kskdomain dnssec-zkt.c /^static char *kskdomain = "";$/;" v file: +kskflag dnssec-zkt.c /^int kskflag = 1;$/;" v +kskrollover rollover.c /^static int kskrollover (dki_t *ksk, zone_t *zonelist, zone_t *zp)$/;" f file: +kskstatus rollover.c /^int kskstatus (zone_t *zonelist, zone_t *zp)$/;" f +kw ncparse.c /^} kw[] = {$/;" v file: +label zconf.c /^ char *label; \/* the name of the paramter *\/$/;" m file: +labellist dnssec-zkt.c /^char *labellist = NULL;$/;" v +level log.c /^ lg_lvl_t level;$/;" m file: +lg_args log.c /^void lg_args (lg_lvl_t level, int argc, char * const argv[])$/;" f +lg_close log.c /^int lg_close ()$/;" f +lg_errcnt log.c /^static long lg_errcnt;$/;" v file: +lg_fileopen log.c /^static FILE *lg_fileopen (const char *path, const char *name)$/;" f file: +lg_fp log.c /^static FILE *lg_fp;$/;" v file: +lg_geterrcnt log.c /^long lg_geterrcnt ()$/;" f +lg_lvl2str log.c /^const char *lg_lvl2str (lg_lvl_t level)$/;" f +lg_lvl2syslog log.c /^lg_lvl_t lg_lvl2syslog (lg_lvl_t level)$/;" f +lg_mesg log.c /^void lg_mesg (int priority, char *fmt, ...)$/;" f +lg_minfilelevel log.c /^static int lg_minfilelevel;$/;" v file: +lg_minsyslevel log.c /^static int lg_minsyslevel;$/;" v file: +lg_open log.c /^int lg_open (const char *progname, const char *facility, const char *syslevel, const char *path, const char *file, const char *filelevel)$/;" f +lg_progname log.c /^static const char *lg_progname;$/;" v file: +lg_reseterrcnt log.c /^long lg_reseterrcnt ()$/;" f +lg_seterrcnt log.c /^long lg_seterrcnt (long value)$/;" f +lg_str2lvl log.c /^lg_lvl_t lg_str2lvl (const char *name)$/;" f +lg_str2syslog log.c /^int lg_str2syslog (const char *facility)$/;" f +lg_symtbl_t log.c /^} lg_symtbl_t;$/;" t file: +lg_syslogging log.c /^static int lg_syslogging;$/;" v file: +lifetime dnssec-zkt.c /^int lifetime = 0;$/;" v +lifetimeflag dnssec-zkt.c /^int lifetimeflag = 0;$/;" v +linkfile misc.c /^int linkfile (const char *fromfile, const char *tofile)$/;" f +list_dnskey zkt.c /^static void list_dnskey (const dki_t **nodep, const VISIT which, int depth)$/;" f file: +list_key zkt.c /^static void list_key (const dki_t **nodep, const VISIT which, int depth)$/;" f file: +list_trustedkey zkt.c /^static void list_trustedkey (const dki_t **nodep, const VISIT which, int depth)$/;" f file: +ljustflag dnssec-zkt.c /^int ljustflag = 0;$/;" v +loadconfig zconf.c /^zconf_t *loadconfig (const char *filename, zconf_t *z)$/;" f +loadconfig_fromstr zconf.c /^zconf_t *loadconfig_fromstr (const char *str, zconf_t *z)$/;" f +logfile dnssec-signer.c /^const char *logfile = NULL;$/;" v +logflush misc.c /^void logflush ()$/;" f +logmesg misc.c /^void logmesg (char *fmt, ...)$/;" f +long_options dnssec-signer.c /^static struct option long_options[] = {$/;" v file: +long_options dnssec-zkt.c /^static struct option long_options[] = {$/;" v file: +lopt_usage dnssec-signer.c 302;" d file: +lopt_usage dnssec-signer.c 305;" d file: +lopt_usage dnssec-zkt.c 410;" d file: +lopt_usage dnssec-zkt.c 413;" d file: +loptstr dnssec-signer.c 303;" d file: +loptstr dnssec-signer.c 306;" d file: +loptstr dnssec-zkt.c 411;" d file: +loptstr dnssec-zkt.c 414;" d file: +main dnssec-signer.c /^int main (int argc, char *const argv[])$/;" f +main dnssec-zkt.c /^int main (int argc, char *argv[])$/;" f +main domaincmp.c /^main (int argc, char *argv[])$/;" f +main log.c /^int main (int argc, char *argv[])$/;" f +main misc.c /^main (int argc, char *argv[])$/;" f +main ncparse.c /^main (int argc, char *argv[])$/;" f +main strlist.c /^main (int argc, char *argv[])$/;" f +main zconf.c /^main (int argc, char *argv[])$/;" f +main zkt-soaserial.c /^int main (int argc, char *argv[])$/;" f +name ncparse.c /^ char *name;$/;" m struct:KeyWords file: +namedconf dnssec-signer.c /^const char *namedconf = NULL;$/;" v +new_keysetfiles dnssec-signer.c /^static int new_keysetfiles (const char *dir, time_t zone_signing_time)$/;" f file: +noexec dnssec-signer.c /^static int noexec = 0;$/;" v file: +origin dnssec-signer.c /^const char *origin = NULL;$/;" v +parse_namedconf ncparse.c /^int parse_namedconf (const char *filename, char *dir, size_t dirsize, int (*func) ())$/;" f +parseconfigline zconf.c /^static void parseconfigline (char *buf, unsigned int line, zconf_t *z)$/;" f file: +parsedir dnssec-signer.c /^static int parsedir (const char *dir, zone_t **zp, const zconf_t *conf)$/;" f file: +parsedirectory dnssec-zkt.c /^static int parsedirectory (const char *dir, dki_t **listp)$/;" f file: +parsefile dnssec-zkt.c /^static void parsefile (const char *file, dki_t **listp)$/;" f file: +parsetag dnssec-zkt.c /^static const char *parsetag (const char *str, int *tagp)$/;" f file: +parseurl misc.c /^void parseurl (char *url, char **proto, char **host, char **port, char **para)$/;" f +pathflag dnssec-zkt.c /^int pathflag = 0;$/;" v +pathname misc.c /^char *pathname (char *path, size_t size, const char *dir, const char *file, const char *ext)$/;" f +prepstrlist strlist.c /^char *prepstrlist (const char *str, const char *delim)$/;" f +printconfig zconf.c /^int printconfig (const char *fname, const zconf_t *z)$/;" f +printconfigline zconf.c /^static void printconfigline (FILE *fp, zconf_para_t *cp)$/;" f file: +printkeyinfo zkt.c /^static void printkeyinfo (const dki_t *dkp, const char *oldpath)$/;" f file: +printserial zkt-soaserial.c /^static void printserial (const char *fname, unsigned long serial)$/;" f file: +printzone ncparse.c /^int printzone (const char *dir, const char *view, const char *zone, const char *file)$/;" f +progname dnssec-signer.c /^const char *progname;$/;" v +progname dnssec-zkt.c /^const char *progname;$/;" v +progname domaincmp.c /^const char *progname;$/;" v +progname log.c /^const char *progname;$/;" v +progname misc.c /^const char *progname;$/;" v +progname ncparse.c /^char *progname;$/;" v +progname zconf.c /^const char *progname;$/;" v +progname zkt-soaserial.c /^static const char *progname;$/;" v file: +read_serial_fromfile zkt-soaserial.c /^static int read_serial_fromfile (const char *fname, unsigned long *serial)$/;" f file: +recflag dnssec-zkt.c /^static int recflag = RECURSIVE;$/;" v file: +register_key dnssec-signer.c /^static void register_key (dki_t *list, const zconf_t *z)$/;" f file: +reload_zone dnssec-signer.c /^static int reload_zone (const char *domain, const zconf_t *z)$/;" f file: +reloadflag dnssec-signer.c /^static int reloadflag = 0;$/;" v file: +res domaincmp.c /^ int res;$/;" m file: +searchitem zkt.c /^static int searchitem;$/;" v file: +searchkw ncparse.c /^static int searchkw (const char *keyword)$/;" f file: +searchresult zkt.c /^static const dki_t *searchresult;$/;" v file: +set_all_varptr zconf.c /^static void set_all_varptr (zconf_t *cp)$/;" f file: +set_keylifetime zkt.c /^static void set_keylifetime (const dki_t **nodep, const VISIT which, int depth)$/;" f file: +set_varptr zconf.c /^static int set_varptr (char *entry, void *ptr)$/;" f file: +setconfigpar zconf.c /^int setconfigpar (zconf_t *config, char *entry, const void *pval)$/;" f +setglobalflags dnssec-zkt.c /^static void setglobalflags (zconf_t *config)$/;" f file: +short_options dnssec-signer.c 66;" d file: +short_options dnssec-signer.c 68;" d file: +short_options dnssec-zkt.c 89;" d file: +sign_zone dnssec-signer.c /^static int sign_zone (const char *dir, const char *domain, const char *file, const zconf_t *conf)$/;" f file: +sopt_usage dnssec-signer.c 300;" d file: +sopt_usage dnssec-zkt.c 408;" d file: +splitpath misc.c /^const char *splitpath (char *path, size_t size, const char *filename)$/;" f +start_timer misc.c /^time_t start_timer ()$/;" f +stop_timer misc.c /^time_t stop_timer (time_t start)$/;" f +str log.c /^ const char *str;$/;" m file: +str_chop misc.c /^char *str_chop (char *str, char c)$/;" f +str_delspace misc.c /^char *str_delspace (char *s)$/;" f +str_tolowerdup misc.c /^char *str_tolowerdup (const char *s)$/;" f +str_untaint misc.c /^char *str_untaint (char *str)$/;" f +symtbl log.c /^static lg_symtbl_t symtbl[] = {$/;" v file: +syslog_level log.c /^ int syslog_level;$/;" m file: +tag_search zkt.c /^static void tag_search (const dki_t **nodep, const VISIT which, int depth)$/;" f file: +time2isostr misc.c /^char *time2isostr (time_t sec, int precision)$/;" f +time2str misc.c /^char *time2str (time_t sec, int precision)$/;" f +timeflag dnssec-zkt.c /^int timeflag = 1;$/;" v +timeint2str zconf.c /^static const char *timeint2str (ulong val)$/;" f file: +timestr zkt-soaserial.c /^static char *timestr (time_t sec)$/;" f file: +timestr2time misc.c /^time_t timestr2time (const char *timestr)$/;" f +today_serialtime misc.c /^static ulong today_serialtime ()$/;" f file: +tok ncparse.c /^ int tok;$/;" m struct:KeyWords file: +tok2str ncparse.c /^static const char *tok2str (int tok)$/;" f file: +touch misc.c /^int touch (const char *fname, time_t sec)$/;" f +trustedkeyflag dnssec-zkt.c /^static int trustedkeyflag = 0;$/;" v file: +type zconf.c /^ ctype_t type; \/* the parameter type *\/$/;" m file: +unprepstrlist strlist.c /^char *unprepstrlist (char *list, char delimc)$/;" f +usage dnssec-signer.c /^static void usage (char *mesg, zconf_t *conf)$/;" f file: +usage dnssec-zkt.c /^static void usage (char *mesg, zconf_t *cp)$/;" f file: +usage zkt-soaserial.c /^static void usage (const char *msg)$/;" f file: +var zconf.c /^ void *var; \/* pointer to the parameter variable *\/$/;" m file: +verbmesg misc.c /^void verbmesg (int verblvl, const zconf_t *conf, char *fmt, ...)$/;" f +verbose dnssec-signer.c /^static int verbose = 0;$/;" v file: +view dnssec-zkt.c /^static const char *view = "";$/;" v file: +viewname dnssec-signer.c /^const char *viewname = NULL;$/;" v +writekeyfile dnssec-signer.c /^static int writekeyfile (const char *fname, const dki_t *list, int key_ttl)$/;" f file: +zconf_para_t zconf.c /^} zconf_para_t;$/;" t file: +zkt_list_dnskeys zkt.c /^void zkt_list_dnskeys (const dki_t *data)$/;" f +zkt_list_keys zkt.c /^void zkt_list_keys (const dki_t *data)$/;" f +zkt_list_trustedkeys zkt.c /^void zkt_list_trustedkeys (const dki_t *data)$/;" f +zkt_search zkt.c /^const dki_t *zkt_search (const dki_t *data, int searchtag, const char *keyname)$/;" f +zkt_setkeylifetime zkt.c /^void zkt_setkeylifetime (dki_t *data)$/;" f +zone_add zone.c /^zone_t *zone_add (zone_t **list, zone_t *new)$/;" f +zone_alloc zone.c /^static zone_t *zone_alloc ()$/;" f file: +zone_cmp zone.c /^static int zone_cmp (const zone_t *a, const zone_t *b)$/;" f file: +zone_estr zone.c /^static char zone_estr[255+1];$/;" v file: +zone_free zone.c /^void zone_free (zone_t *zp)$/;" f +zone_freelist zone.c /^void zone_freelist (zone_t **listp)$/;" f +zone_geterrstr zone.c /^const char *zone_geterrstr ()$/;" f +zone_new zone.c /^zone_t *zone_new (zone_t **zp, const char *zone, const char *dir, const char *file, const char *signed_ext, const zconf_t *cp)$/;" f +zone_print zone.c /^int zone_print (const char *mesg, const zone_t *z)$/;" f +zone_readdir zone.c /^int zone_readdir (const char *dir, const char *zone, const char *zfile, zone_t **listp, const zconf_t *conf, int dyn_zone)$/;" f +zone_search zone.c /^const zone_t *zone_search (const zone_t *list, const char *zone)$/;" f +zonelist dnssec-signer.c /^static zone_t *zonelist = NULL; \/* must be static global because add2zonelist use it *\/$/;" v file: +zskflag dnssec-zkt.c /^int zskflag = 1;$/;" v +zskstatus rollover.c /^int zskstatus (dki_t **listp, const char *dir, const char *domain, const zconf_t *z)$/;" f diff --git a/contrib/zkt/zconf.c b/contrib/zkt/zconf.c new file mode 100644 index 0000000..1dee484 --- /dev/null +++ b/contrib/zkt/zconf.c @@ -0,0 +1,775 @@ +/**************************************************************** +** +** @(#) zconf.c -- configuration file parser for dnssec.conf +** +** Most of the code is from the SixXS Heartbeat Client +** written by Jeroen Massar <jeroen@sixxs.net> +** +** New config types and some slightly code changes +** by Holger Zuleger +** +** Copyright (c) Aug 2005, Jeroen Massar, Holger Zuleger. +** All rights reserved. +** +** This software is open source. +** +** Redistribution and use in source and binary forms, with or without +** modification, are permitted provided that the following conditions +** are met: +** +** Redistributions of source code must retain the above copyright notice, +** this list of conditions and the following disclaimer. +** +** Redistributions in binary form must reproduce the above copyright notice, +** this list of conditions and the following disclaimer in the documentation +** and/or other materials provided with the distribution. +** +** Neither the name of Jeroen Masar or Holger Zuleger nor the +** names of its contributors may be used to endorse or promote products +** derived from this software without specific prior written permission. +** +** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +** POSSIBILITY OF SUCH DAMAGE. +** +****************************************************************/ +# include <sys/types.h> +# include <stdio.h> +# include <errno.h> +# include <unistd.h> +# include <stdlib.h> +# include <stdarg.h> +# include <string.h> +# include <strings.h> +# include <assert.h> +# include <ctype.h> + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif +# include "config_zkt.h" +# include "debug.h" +# include "misc.h" +#define extern +# include "zconf.h" +#undef extern +# include "dki.h" + +# define ISTRUE(val) (strcasecmp (val, "yes") == 0 || \ + strcasecmp (val, "true") == 0 ) +# define ISCOMMENT(cp) (*(cp) == '#' || *(cp) == ';' || \ + (*(cp) == '/' && *((cp)+1) == '/') ) +# define ISDELIM(c) ( isspace (c) || (c) == ':' || (c) == '=' ) + + +typedef enum { + CONF_END = 0, + CONF_STRING, + CONF_INT, + CONF_TIMEINT, + CONF_BOOL, + CONF_ALGO, + CONF_SERIAL, + CONF_FACILITY, + CONF_LEVEL, + CONF_COMMENT, +} ctype_t; + +/***************************************************************** +** private (static) variables +*****************************************************************/ +static zconf_t def = { + ZONEDIR, RECURSIVE, + PRINTTIME, PRINTAGE, LJUST, + SIG_VALIDITY, MAX_TTL, KEY_TTL, PROPTIME, Incremental, + RESIGN_INT, + KSK_LIFETIME, KSK_ALGO, KSK_BITS, KSK_RANDOM, + ZSK_LIFETIME, ZSK_ALGO, ZSK_BITS, ZSK_RANDOM, + NULL, /* viewname cmdline paramter */ + LOGFILE, LOGLEVEL, SYSLOGFACILITY, SYSLOGLEVEL, VERBOSELOG, 0, + DNSKEYFILE, ZONEFILE, KEYSETDIR, + LOOKASIDEDOMAIN, + SIG_RANDOM, SIG_PSEUDO, SIG_GENDS, SIG_PARAM, + DIST_CMD /* deafults to NULL which means to run "rndc reload" */ +}; + +typedef struct { + char *label; /* the name of the paramter */ + int cmdline; /* is this a command line parameter ? */ + ctype_t type; /* the parameter type */ + void *var; /* pointer to the parameter variable */ +} zconf_para_t; + +static zconf_para_t confpara[] = { + { "", 0, CONF_COMMENT, ""}, + { "", 0, CONF_COMMENT, "\t@(#) dnssec.conf " ZKT_VERSION }, + { "", 0, CONF_COMMENT, ""}, + { "", 0, CONF_COMMENT, NULL }, + + { "", 0, CONF_COMMENT, "dnssec-zkt options" }, + { "Zonedir", 0, CONF_STRING, &def.zonedir }, + { "Recursive", 0, CONF_BOOL, &def.recursive }, + { "PrintTime", 0, CONF_BOOL, &def.printtime }, + { "PrintAge", 0, CONF_BOOL, &def.printage }, + { "LeftJustify", 0, CONF_BOOL, &def.ljust }, + + { "", 0, CONF_COMMENT, NULL }, + { "", 0, CONF_COMMENT, "zone specific values" }, + { "ResignInterval", 0, CONF_TIMEINT, &def.resign }, + { "Sigvalidity", 0, CONF_TIMEINT, &def.sigvalidity }, + { "Max_TTL", 0, CONF_TIMEINT, &def.max_ttl }, + { "Propagation", 0, CONF_TIMEINT, &def.proptime }, + { "KEY_TTL", 0, CONF_TIMEINT, &def.key_ttl }, +#if defined (DEF_TTL) + { "def_ttl", 0, CONF_TIMEINT, &def.def_ttl }, +#endif + { "Serialformat", 0, CONF_SERIAL, &def.serialform }, + + { "", 0, CONF_COMMENT, NULL }, + { "", 0, CONF_COMMENT, "signing key parameters"}, + { "KSK_lifetime", 0, CONF_TIMEINT, &def.k_life }, + { "KSK_algo", 0, CONF_ALGO, &def.k_algo }, + { "KSK_bits", 0, CONF_INT, &def.k_bits }, + { "KSK_randfile", 0, CONF_STRING, &def.k_random }, + { "ZSK_lifetime", 0, CONF_TIMEINT, &def.z_life }, + { "ZSK_algo", 0, CONF_ALGO, &def.z_algo }, + { "ZSK_bits", 0, CONF_INT, &def.z_bits }, + { "ZSK_randfile", 0, CONF_STRING, &def.z_random }, + + { "", 0, CONF_COMMENT, NULL }, + { "", 0, CONF_COMMENT, "dnssec-signer options"}, + { "--view", 1, CONF_STRING, &def.view }, + { "LogFile", 0, CONF_STRING, &def.logfile }, + { "LogLevel", 0, CONF_LEVEL, &def.loglevel }, + { "SyslogFacility", 0, CONF_FACILITY, &def.syslogfacility }, + { "SyslogLevel", 0, CONF_LEVEL, &def.sysloglevel }, + { "VerboseLog", 0, CONF_INT, &def.verboselog }, + { "-v", 1, CONF_INT, &def.verbosity }, + { "Keyfile", 0, CONF_STRING, &def.keyfile }, + { "Zonefile", 0, CONF_STRING, &def.zonefile }, + { "KeySetDir", 0, CONF_STRING, &def.keysetdir }, + { "DLV_Domain", 0, CONF_STRING, &def.lookaside }, + { "Sig_Randfile", 0, CONF_STRING, &def.sig_random }, + { "Sig_Pseudorand", 0, CONF_BOOL, &def.sig_pseudo }, + { "Sig_GenerateDS", 1, CONF_BOOL, &def.sig_gends }, + { "Sig_Parameter", 0, CONF_STRING, &def.sig_param }, + { "Distribute_Cmd", 0, CONF_STRING, &def.dist_cmd }, + + { NULL, 0, CONF_END, NULL}, +}; + +/***************************************************************** +** private (static) function deklaration and definition +*****************************************************************/ +static const char *bool2str (int val) +{ + return val ? "True" : "False"; +} + +static const char *timeint2str (ulong val) +{ + static char str[20+1]; + + if ( val == 0 ) + snprintf (str, sizeof (str), "%lu", val / YEARSEC); + else if ( val % YEARSEC == 0 ) + snprintf (str, sizeof (str), "%luy", val / YEARSEC); + else if ( val % WEEKSEC == 0 ) + snprintf (str, sizeof (str), "%luw", val / WEEKSEC); + else if ( val % DAYSEC == 0 ) + snprintf (str, sizeof (str), "%lud", val / DAYSEC); + else if ( val % HOURSEC == 0 ) + snprintf (str, sizeof (str), "%luh", val / HOURSEC); + else if ( val % MINSEC == 0 ) + snprintf (str, sizeof (str), "%lum", val / MINSEC); + else + snprintf (str, sizeof (str), "%lus", val); + + return str; +} + +static int set_varptr (char *entry, void *ptr) +{ + zconf_para_t *c; + + for ( c = confpara; c->label; c++ ) + if ( strcasecmp (entry, c->label) == 0 ) + { + c->var = ptr; + return 1; + } + return 0; +} + +static void set_all_varptr (zconf_t *cp) +{ + set_varptr ("zonedir", &cp->zonedir); + set_varptr ("recursive", &cp->recursive); + set_varptr ("printage", &cp->printage); + set_varptr ("printtime", &cp->printtime); + set_varptr ("leftjustify", &cp->ljust); + + set_varptr ("resigninterval", &cp->resign); + set_varptr ("sigvalidity", &cp->sigvalidity); + set_varptr ("max_ttl", &cp->max_ttl); + set_varptr ("key_ttl", &cp->key_ttl); + set_varptr ("propagation", &cp->proptime); +#if defined (DEF_TTL) + set_varptr ("def_ttl", &cp->def_ttl); +#endif + set_varptr ("serialformat", &cp->serialform); + + set_varptr ("ksk_lifetime", &cp->k_life); + set_varptr ("ksk_algo", &cp->k_algo); + set_varptr ("ksk_bits", &cp->k_bits); + set_varptr ("ksk_randfile", &cp->k_random); + + set_varptr ("zsk_lifetime", &cp->z_life); + set_varptr ("zsk_algo", &cp->z_algo); + set_varptr ("zsk_bits", &cp->z_bits); + set_varptr ("zsk_randfile", &cp->z_random); + + set_varptr ("--view", &cp->view); + set_varptr ("logfile", &cp->logfile); + set_varptr ("loglevel", &cp->loglevel); + set_varptr ("syslogfacility", &cp->syslogfacility); + set_varptr ("sysloglevel", &cp->sysloglevel); + set_varptr ("verboselog", &cp->verboselog); + set_varptr ("-v", &cp->verbosity); + set_varptr ("keyfile", &cp->keyfile); + set_varptr ("zonefile", &cp->zonefile); + set_varptr ("keysetdir", &cp->keysetdir); + set_varptr ("dlv_domain", &cp->lookaside); + set_varptr ("sig_randfile", &cp->sig_random); + set_varptr ("sig_pseudorand", &cp->sig_pseudo); + set_varptr ("sig_generateds", &cp->sig_gends); + set_varptr ("sig_parameter", &cp->sig_param); + set_varptr ("distribute_cmd", &cp->dist_cmd); +} + +static void parseconfigline (char *buf, unsigned int line, zconf_t *z) +{ + char *end, *val, *p; + char *tag; + unsigned int len, found; + zconf_para_t *c; + + p = &buf[strlen(buf)-1]; /* Chop off white space at eol */ + while ( p >= buf && isspace (*p) ) + *p-- = '\0'; + + for (p = buf; isspace (*p); p++ ) /* Ignore leading white space */ + ; + + /* Ignore comments and emtpy lines */ + if ( *p == '\0' || ISCOMMENT (p) ) + return; + + tag = p; + /* Get the end of the first argument */ + end = &buf[strlen(buf)-1]; + while ( p < end && !ISDELIM (*p) ) /* Skip until delim */ + p++; + *p++ = '\0'; /* Terminate this argument */ + dbg_val1 ("Parsing \"%s\"\n", tag); + + + while ( p < end && ISDELIM (*p) ) /* Skip delim chars */ + p++; + + val = p; /* Start of the value */ + dbg_val1 ("\tgot value \"%s\"\n", val); + + /* If starting with quote, skip until next quote */ + if ( *p == '"' || *p == '\'' ) + { + p++; /* Find next quote */ + while ( p <= end && *p && *p != *val ) + p++; + *p = '\0'; + val++; /* Skip the first quote */ + } + else /* Otherwise check if there is any comment char at the end */ + { + while ( p < end && *p && !ISCOMMENT(p) ) + p++; + if ( ISCOMMENT (p) ) + { + do /* Chop off white space before comment */ + *p-- = '\0'; + while ( p >= val && isspace (*p) ); + } + } + + /* Otherwise it is already terminated above */ + + found = 0; + c = confpara; + while ( !found && c->type != CONF_END ) + { + len = strlen (c->label); + if ( strcasecmp (tag, c->label) == 0 ) + { + char **str; + char quantity; + int ival; + + found = 1; + switch ( c->type ) + { + case CONF_LEVEL: + case CONF_FACILITY: + case CONF_STRING: + str = (char **)c->var; + *str = strdup (val); + str_untaint (*str); /* remove "bad" characters */ + break; + case CONF_INT: + sscanf (val, "%d", (int *)c->var); + break; + case CONF_TIMEINT: + quantity = 'd'; + sscanf (val, "%d%c", &ival, &quantity); + if ( quantity == 'm' ) + ival *= MINSEC; + else if ( quantity == 'h' ) + ival *= HOURSEC; + else if ( quantity == 'd' ) + ival *= DAYSEC; + else if ( quantity == 'w' ) + ival *= WEEKSEC; + else if ( quantity == 'y' ) + ival *= YEARSEC; + (*(int *)c->var) = ival; + break; + case CONF_ALGO: + if ( strcasecmp (val, "rsa") == 0 || strcasecmp (val, "rsamd5") == 0 ) + *((int *)c->var) = DK_ALGO_RSA; + else if ( strcasecmp (val, "dsa") == 0 ) + *((int *)c->var) = DK_ALGO_DSA; + else if ( strcasecmp (val, "rsasha1") == 0 ) + *((int *)c->var) = DK_ALGO_RSASHA1; + else + error ("Illegal algorithm \"%s\" " + "in line %d.\n" , val, line); + break; + case CONF_SERIAL: + if ( strcasecmp (val, "unixtime") == 0 ) + *((serial_form_t *)c->var) = Unixtime; + else if ( strcasecmp (val, "incremental") == 0 ) + *((serial_form_t *)c->var) = Incremental; + else + error ("Illegal serial no format \"%s\" " + "in line %d.\n" , val, line); + break; + case CONF_BOOL: + *((int *)c->var) = ISTRUE (val); + break; + default: + fatal ("Illegal configuration type in line %d.\n", line); + } + } + c++; + } + if ( !found ) + error ("Unknown configuration statement: %s \"%s\"\n", tag, val); + return; +} + +static void printconfigline (FILE *fp, zconf_para_t *cp) +{ + int i; + + assert (fp != NULL); + assert (cp != NULL); + + switch ( cp->type ) + { + case CONF_COMMENT: + if ( cp->var ) + fprintf (fp, "# %s\n", (char *)cp->var); + else + fprintf (fp, "\n"); + break; + case CONF_LEVEL: + case CONF_FACILITY: + if ( *(char **)cp->var != NULL ) + { + if ( **(char **)cp->var != '\0' ) + { + char *p; + + fprintf (fp, "%s:\t", cp->label); + for ( p = *(char **)cp->var; *p; p++ ) + putc (toupper (*p), fp); + fprintf (fp, "\n"); + } + else + fprintf (fp, "%s:\tNONE", cp->label); + } + break; + case CONF_STRING: + if ( *(char **)cp->var ) + fprintf (fp, "%s:\t\"%s\"\n", cp->label, *(char **)cp->var); + break; + case CONF_BOOL: + fprintf (fp, "%s:\t%s\n", cp->label, bool2str ( *(int*)cp->var )); + break; + case CONF_TIMEINT: + i = *(ulong*)cp->var; + fprintf (fp, "%s:\t%s", cp->label, timeint2str (i)); + if ( i ) + fprintf (fp, "\t# (%d seconds)", i); + putc ('\n', fp); + break; + case CONF_ALGO: + i = *(int*)cp->var; + fprintf (fp, "%s:\t%s", cp->label, dki_algo2str (i)); + fprintf (fp, "\t# (Algorithm ID %d)\n", i); + break; + case CONF_SERIAL: + fprintf (fp, "%s:\t", cp->label); + if ( *(serial_form_t*)cp->var == Unixtime ) + fprintf (fp, "unixtime\n"); + else + fprintf (fp, "incremental\n"); + break; + case CONF_INT: + fprintf (fp, "%s:\t%d\n", cp->label, *(int *)cp->var); + break; + case CONF_END: + /* NOTREACHED */ + break; + } +} + +/***************************************************************** +** public function definition +*****************************************************************/ + +/***************************************************************** +** loadconfig (file, conf) +** Loads a config file into the "conf" structure pointed to by "z". +** If "z" is NULL then a new conf struct will be dynamically +** allocated. +** If no filename is given the conf struct will be initialized +** by the builtin default config +*****************************************************************/ +zconf_t *loadconfig (const char *filename, zconf_t *z) +{ + FILE *fp; + char buf[1023+1]; + unsigned int line; + + if ( z == NULL ) /* allocate new memory for zconf_t */ + { + if ( (z = calloc (1, sizeof (zconf_t))) == NULL ) + return NULL; + + if ( filename && *filename ) + memcpy (z, &def, sizeof (*z)); /* init new struct with defaults */ + } + + if ( filename == NULL || *filename == '\0' ) /* no file name given... */ + { + dbg_val0("loadconfig (NULL)\n"); + memcpy (z, &def, sizeof (*z)); /* ..then init with defaults */ + return z; + } + + dbg_val1 ("loadconfig (%s)\n", filename); + set_all_varptr (z); + + if ( (fp = fopen(filename, "r")) == NULL ) + fatal ("Could not open config file \"%s\"\n", filename); + + line = 0; + while (fgets(buf, sizeof(buf), fp)) + { + line++; + + parseconfigline (buf, line, z); + } + fclose(fp); + return z; +} + +# define STRCONFIG_DELIMITER ";\r\n" +zconf_t *loadconfig_fromstr (const char *str, zconf_t *z) +{ + char *buf; + char *tok, *toksave; + unsigned int line; + + if ( z == NULL ) + { + if ( (z = calloc (1, sizeof (zconf_t))) == NULL ) + return NULL; + memcpy (z, &def, sizeof (*z)); /* init with defaults */ + } + + if ( str == NULL || *str == '\0' ) + { + dbg_val0("loadconfig_fromstr (NULL)\n"); + memcpy (z, &def, sizeof (*z)); /* init with defaults */ + return z; + } + + dbg_val1 ("loadconfig_fromstr (\"%s\")\n", str); + set_all_varptr (z); + + /* str is const, so we have to copy it into a new buffer */ + if ( (buf = strdup (str)) == NULL ) + fatal ("loadconfig_fromstr: Out of memory"); + + line = 0; + tok = strtok_r (buf, STRCONFIG_DELIMITER, &toksave); + while ( tok ) + { + line++; + parseconfigline (tok, line, z); + tok = strtok_r (NULL, STRCONFIG_DELIMITER, &toksave); + } + free (buf); + return z; +} + +/***************************************************************** +** dupconfig (config) +** duplicate config struct and return a ptr to the new struct +*****************************************************************/ +zconf_t *dupconfig (const zconf_t *conf) +{ + zconf_t *z; + + assert (conf != NULL); + + if ( (z = calloc (1, sizeof (zconf_t))) == NULL ) + return NULL; + + memcpy (z, conf, sizeof (*conf)); + + return z; +} + +/***************************************************************** +** setconfigpar (entry, pval) +*****************************************************************/ +int setconfigpar (zconf_t *config, char *entry, const void *pval) +{ + char *str; + zconf_para_t *c; + + set_all_varptr (config); + + for ( c = confpara; c->type != CONF_END; c++ ) + if ( strcasecmp (entry, c->label) == 0 ) + { + switch ( c->type ) + { + case CONF_LEVEL: + case CONF_FACILITY: + case CONF_STRING: + if ( pval ) + { + str = strdup ((char *)pval); + str_untaint (str); /* remove "bad" characters */ + } + else + str = NULL; + *((char **)c->var) = str; + break; + case CONF_BOOL: + /* fall through */ + case CONF_ALGO: + /* fall through */ + case CONF_TIMEINT: + /* fall through */ + case CONF_INT: + *((int *)c->var) = *((int *)pval); + break; + case CONF_SERIAL: + *((serial_form_t *)c->var) = *((serial_form_t *)pval); + break; + case CONF_COMMENT: + case CONF_END: + /* NOTREACHED */ + break; + } + return 1; + } + return 0; +} + +/***************************************************************** +** printconfig (fname, config) +*****************************************************************/ +int printconfig (const char *fname, const zconf_t *z) +{ + zconf_para_t *cp; + FILE *fp; + + if ( z == NULL ) + return 0; + + fp = stdout; + if ( fname && *fname ) + { + if ( strcmp (fname, "stdout") == 0 ) + fp = stdout; + else if ( strcmp (fname, "stderr") == 0 ) + fp = stderr; + else if ( (fp = fopen(fname, "w")) == NULL ) + { + error ("Could not open config file \"%s\" for writing\n", fname); + return -1; + } + } + + set_all_varptr ((zconf_t *)z); + + for ( cp = confpara; cp->type != CONF_END; cp++ ) /* loop through all parameter */ + if ( !cp->cmdline ) /* if this is not a command line parameter ? */ + printconfigline (fp, cp); /* print it out */ + + if ( fp && fp != stdout && fp != stderr ) + fclose (fp); + + return 1; +} + +#if 0 +/***************************************************************** +** printconfigdiff (fname, conf_a, conf_b) +*****************************************************************/ +int printconfigdiff (const char *fname, const zconf_t *ref, const zconf_t *z) +{ + zconf_para_t *cp; + FILE *fp; + + if ( ref == NULL || z == NULL ) + return 0; + + fp = NULL; + if ( fname && *fname ) + { + if ( strcmp (fname, "stdout") == 0 ) + fp = stdout; + else if ( strcmp (fname, "stderr") == 0 ) + fp = stderr; + else if ( (fp = fopen(fname, "w")) == NULL ) + { + error ("Could not open config file \"%s\" for writing\n", fname); + return -1; + } + } + + set_all_varptr ((zconf_t *)z); + + for ( cp = confpara; cp->type != CONF_END; cp++ ) /* loop through all parameter */ + { + if ( cp->cmdline ) + continue; + + + printconfigline (fp, cp); /* print it out */ + } + + if ( fp && fp != stdout && fp != stderr ) + fclose (fp); + + return 1; +} +#endif + +/***************************************************************** +** checkconfig (config) +*****************************************************************/ +int checkconfig (const zconf_t *z) +{ + if ( z == NULL ) + return 1; + + if ( z->sigvalidity < (1 * DAYSEC) || z->sigvalidity > (12 * WEEKSEC) ) + { + fprintf (stderr, "Signature should be valid for at least 1 day and no longer than 3 month (12 weeks)\n"); + fprintf (stderr, "The current value is %s\n", timeint2str (z->sigvalidity)); + } + + if ( z->resign > (z->sigvalidity*5/6) - (z->max_ttl + z->proptime) ) + { + fprintf (stderr, "Re-signing interval (%s) should be less than ", timeint2str (z->resign)); + fprintf (stderr, "5/6 of sigvalidity\n"); + } + if ( z->resign < (z->max_ttl + z->proptime) ) + { + fprintf (stderr, "Re-signing interval (%s) should be ", timeint2str (z->resign)); + fprintf (stderr, "greater than max_ttl (%d) plus ", z->max_ttl); + fprintf (stderr, "propagation time (%d)\n", z->proptime); + } + + if ( z->max_ttl >= z->sigvalidity ) + fprintf (stderr, "Max TTL (%d) should be less than signatur validity (%d)\n", + z->max_ttl, z->sigvalidity); + + if ( z->z_life > (12 * WEEKSEC) * (z->z_bits / 512.) ) + { + fprintf (stderr, "Lifetime of zone signing key (%s) ", timeint2str (z->z_life)); + fprintf (stderr, "seems a little bit high "); + fprintf (stderr, "(In respect of key size (%d))\n", z->z_bits); + } + + if ( z->k_life > 0 && z->k_life <= z->z_life ) + { + fprintf (stderr, "Lifetime of key signing key (%s) ", timeint2str (z->k_life)); + fprintf (stderr, "should be greater than lifetime of zsk\n"); + } + if ( z->k_life > 0 && z->k_life > (26 * WEEKSEC) * (z->k_bits / 512.) ) + { + fprintf (stderr, "Lifetime of key signing key (%s) ", timeint2str (z->k_life)); + fprintf (stderr, "seems a little bit high "); + fprintf (stderr, "(In respect of key size (%d))\n", z->k_bits); + } + + return 1; +} + +#ifdef CONF_TEST +const char *progname; +static zconf_t *config; + +main (int argc, char *argv[]) +{ + char *optstr; + int val; + + progname = *argv; + + config = loadconfig ("", (zconf_t *) NULL); /* load built in defaults */ + + while ( --argc >= 1 ) + { + optstr = *++argv; + config = loadconfig_fromstr (optstr, config); + } + + val = 1; + setconfigpar (config, "-v", &val); + val = 2; + setconfigpar (config, "verboselog", &val); + val = 1; + setconfigpar (config, "recursive", &val); + val = 1200; + setconfigpar (config, "propagation", &val); + + printconfig ("stdout", config); +} +#endif diff --git a/contrib/zkt/zconf.h b/contrib/zkt/zconf.h new file mode 100644 index 0000000..de8b2ef --- /dev/null +++ b/contrib/zkt/zconf.h @@ -0,0 +1,173 @@ +/***************************************************************** +** +** @(#) zconf.h +** +** Copyright (c) Jan 2005, Jeroen Masar, Holger Zuleger. +** All rights reserved. +** +** This software is open source. +** +** Redistribution and use in source and binary forms, with or without +** modification, are permitted provided that the following conditions +** are met: +** +** Redistributions of source code must retain the above copyright notice, +** this list of conditions and the following disclaimer. +** +** Redistributions in binary form must reproduce the above copyright notice, +** this list of conditions and the following disclaimer in the documentation +** and/or other materials provided with the distribution. +** +** Neither the name of Jeroen Masar and Holger Zuleger nor the +** names of its contributors may be used to endorse or promote products +** derived from this software without specific prior written permission. +** +** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +** POSSIBILITY OF SUCH DAMAGE. +** +*****************************************************************/ +#ifndef ZCONF_H +# define ZCONF_H + + +# define MINSEC 60 +# define HOURSEC (MINSEC * 60) +# define DAYSEC (HOURSEC * 24) +# define WEEKSEC (DAYSEC * 7) +# define YEARSEC (DAYSEC * 365) +# define DAY (1) +# define WEEK (DAY * 7) +# define MONTH (DAY * 30) +# define YEAR (DAY * 365) + +# define SIG_VALID_DAYS (10) /* or 3 Weeks ? */ +# define SIG_VALIDITY (SIG_VALID_DAYS * DAYSEC) +# define MAX_TTL ( 8 * HOURSEC) /* default value of maximum ttl time */ +# define KEY_TTL ( 4 * HOURSEC) /* default value of KEY TTL */ +# define PROPTIME ( 5 * MINSEC) /* expected slave propagation time */ + /* should be small if notify is used */ +#if defined (DEF_TTL) +# define DEF_TTL (MAX_TTL/2) /* currently not used */ +#endif + +# define RESIGN_INT ((SIG_VALID_DAYS - (SIG_VALID_DAYS / 3)) * DAYSEC) +# define KSK_LIFETIME (1 * YEARSEC) +#if 0 +# define ZSK_LIFETIME ((SIG_VALID_DAYS * 3) * DAYSEC) /* set to three times the sig validity */ +#else +# define ZSK_LIFETIME ((MONTH * 3) * DAYSEC) /* set fixed to 3 month */ +#endif + +# define KSK_ALGO (DK_ALGO_RSASHA1) +# define KSK_BITS (1300) +# define KSK_RANDOM "/dev/urandom" /* was NULL before v0.94 */ +# define ZSK_ALGO (DK_ALGO_RSASHA1) +# define ZSK_BITS (512) +# define ZSK_RANDOM "/dev/urandom" + +# define ZONEDIR "." +# define RECURSIVE 0 +# define PRINTTIME 1 +# define PRINTAGE 0 +# define LJUST 0 +# define KEYSETDIR NULL /* keysets */ +# define LOGFILE "" +# define LOGLEVEL "error" +# define SYSLOGFACILITY "none" +# define SYSLOGLEVEL "notice" +# define VERBOSELOG 0 +# define ZONEFILE "zone.db" +# define DNSKEYFILE "dnskey.db" +# define LOOKASIDEDOMAIN "" /* "dlv.trusted-keys.de" */ +# define SIG_RANDOM NULL /* "/dev/urandom" */ +# define SIG_PSEUDO 1 +# define SIG_GENDS 1 +# define SIG_PARAM "" +# define DIST_CMD NULL /* default is to run "rndc reload" */ + +#ifndef CONFIG_PATH +# define CONFIG_PATH "/var/named/" +#endif +# define CONFIG_FILE CONFIG_PATH "dnssec.conf" +# define LOCALCONF_FILE "dnssec.conf" + +/* external command execution path (should be set via config.h) */ +#ifndef BIND_UTIL_PATH +# define BIND_UTIL_PATH "/usr/local/sbin/" /* beware of trailing '/' */ +#endif +# define SIGNCMD BIND_UTIL_PATH "dnssec-signzone" +# define KEYGENCMD BIND_UTIL_PATH "dnssec-keygen" +# define RELOADCMD BIND_UTIL_PATH "rndc" + +typedef enum { + Unixtime = 1, + Incremental +} serial_form_t; + +typedef enum { + none = 0, + user, + local0, local1, local2, local3, local4, local5, local6, local7 +} syslog_facility_t; + +typedef struct zconf { + char *zonedir; + int recursive; + int printtime; + int printage; + int ljust; + int sigvalidity; /* should be less than expire time */ + int max_ttl; /* should be set to the maximum used ttl in the zone */ + int key_ttl; + int proptime; /* expected time offset for zone propagation */ +#if defined (DEF_TTL) + int def_ttl; /* default ttl set in soa record */ +#endif + serial_form_t serialform; /* format of serial no */ + int resign; /* resign interval */ + + int k_life; + int k_algo; + int k_bits; + char *k_random; + int z_life; + int z_algo; + int z_bits; + char *z_random; + + char *view; + // char *errlog; + char *logfile; + char *loglevel; + char *syslogfacility; + char *sysloglevel; + int verboselog; + int verbosity; + char *keyfile; + char *zonefile; + char *keysetdir; + char *lookaside; + char *sig_random; + int sig_pseudo; + int sig_gends; + char *sig_param; + char *dist_cmd; /* cmd to run instead of "rndc reload" */ +} zconf_t; + +extern zconf_t *loadconfig (const char *filename, zconf_t *z); +extern zconf_t *loadconfig_fromstr (const char *str, zconf_t *z); +extern zconf_t *dupconfig (const zconf_t *conf); +extern int setconfigpar (zconf_t *conf, char *entry, const void *pval); +extern int printconfig (const char *fname, const zconf_t *cp); +extern int checkconfig (const zconf_t *z); + +#endif diff --git a/contrib/zkt/zkt-soaserial.c b/contrib/zkt/zkt-soaserial.c new file mode 100644 index 0000000..ff107d9 --- /dev/null +++ b/contrib/zkt/zkt-soaserial.c @@ -0,0 +1,222 @@ +/***************************************************************** +** +** @(#) zkt-soaserial.c (c) Oct 2007 Holger Zuleger hznet.de +** +** A small utility to print out the (unixtime) soa serial +** number in a human readable form +** +** Copyright (c) Oct 2007, Holger Zuleger HZnet. All rights reserved. +** +** This software is open source. +** +** Redistribution and use in source and binary forms, with or without +** modification, are permitted provided that the following conditions +** are met: +** +** Redistributions of source code must retain the above copyright notice, +** this list of conditions and the following disclaimer. +** +** Redistributions in binary form must reproduce the above copyright notice, +** this list of conditions and the following disclaimer in the documentation +** and/or other materials provided with the distribution. +** +** Neither the name of Holger Zuleger HZnet nor the names of its contributors may +** be used to endorse or promote products derived from this software without +** specific prior written permission. +** +** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +** POSSIBILITY OF SUCH DAMAGE. +** +*****************************************************************/ +# include <stdio.h> +# include <string.h> +# include <sys/types.h> +# include <time.h> +# include <utime.h> +# include <assert.h> +# include <stdlib.h> +# include <ctype.h> +#ifdef HAVE_CONFIG_H +# include <config.h> +#endif +# include "config_zkt.h" + +static const char *progname; + +static char *timestr (time_t sec); +static int read_serial_fromfile (const char *fname, unsigned long *serial); +static void printserial (const char *fname, unsigned long serial); +static void usage (const char *msg); + +/***************************************************************** +** timestr (sec) +*****************************************************************/ +static char *timestr (time_t sec) +{ + struct tm *t; + static char timestr[31+1]; /* 27+1 should be enough */ + +#if defined(HAVE_STRFTIME) && HAVE_STRFTIME + t = localtime (&sec); + strftime (timestr, sizeof (timestr), "%b %d %Y %T %z", t); +#else + static char *mstr[] = { + "Jan", "Feb", "Mar", "Apr", "May", "Jun", + "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" + }; + int h, s; + + t = localtime (&sec); + s = abs (t->tm_gmtoff); + h = t->tm_gmtoff / 3600; + s = t->tm_gmtoff % 3600; + snprintf (timestr, sizeof (timestr), "%s %2d %4d %02d:%02d:%02d %c%02d%02d", + mstr[t->tm_mon], t->tm_mday, t->tm_year + 1900, + t->tm_hour, t->tm_min, t->tm_sec, + t->tm_gmtoff < 0 ? '-': '+', + h, s); +#endif + + return timestr; +} + + +/**************************************************************** +** +** int read_serial_fromfile (filename) +** +** This function depends on a special syntax formating the +** SOA record in the zone file!! +** +** To match the SOA record, the SOA RR must be formatted +** like this: +** @ IN SOA <master.fq.dn.> <hostmaster.fq.dn.> ( +** <SPACEes or TABs> 1234567890; serial number +** <SPACEes or TABs> 86400 ; other values +** ... +** +****************************************************************/ +static int read_serial_fromfile (const char *fname, unsigned long *serial) +{ + FILE *fp; + char buf[4095+1]; + char master[254+1]; + int c; + int soafound; + + if ( (fp = fopen (fname, "r")) == NULL ) + return -1; /* file not found */ + + /* read until the line matches the beginning of a soa record ... */ + soafound = 0; + while ( !soafound && fgets (buf, sizeof buf, fp) ) + { + if ( sscanf (buf, "%*s %*d IN SOA %255s %*s (\n", master) == 1 ) + soafound = 1; + else if ( sscanf (buf, "%*s IN SOA %255s %*s (\n", master) == 1 ) + soafound = 1; + } + + if ( !soafound ) + return -2; /* no zone file (soa not found) */ + + /* move forward until any non ws is reached */ + while ( (c = getc (fp)) != EOF && isspace (c) ) + ; + ungetc (c, fp); /* pushback the non ws */ + + *serial = 0L; /* read in the current serial number */ + if ( fscanf (fp, "%lu", serial) != 1 ) /* try to get serial no */ + return -3; /* no serial number found */ + + fclose (fp); + + return 0; /* ok! */ +} + +/***************************************************************** +** printserial() +*****************************************************************/ +static void printserial (const char *fname, unsigned long serial) +{ + if ( fname && *fname ) + printf ("%-30s\t", fname); + + printf ("%10lu", serial); + + /* try to guess the soa serial format */ + if ( serial < 1136070000L ) /* plain integer (this is 2006-1-1 00:00 in unixtime format) */ + ; + else if ( serial > 2006010100L ) /* date format */ + { + int y, m, d, v; + + v = serial % 100; + serial /= 100; + d = serial % 100; + serial /= 100; + m = serial % 100; + serial /= 100; + y = serial; + + printf ("\t%d-%02d-%02d Version %02d", y, m, d, v); + } + else /* unixtime */ + printf ("\t%s\n", timestr (serial) ); + + printf ("\n"); +} + +/***************************************************************** +** usage (msg) +*****************************************************************/ +static void usage (const char *msg) +{ + if ( msg && *msg ) + fprintf (stderr, "%s\n", msg); + fprintf (stderr, "usage: %s {-s serial | signed_zonefile [...]}\n", progname); + + exit (1); +} + +/***************************************************************** +** main() +*****************************************************************/ +int main (int argc, char *argv[]) +{ + unsigned long serial; + + progname = *argv; + + if ( --argc == 0 ) + usage (""); + + if ( argv[1][0] == '-' ) + { + if ( argv[1][1] != 's' ) + usage ("illegal option"); + + if ( argc != 2 ) + usage ("Option -s requires an argument"); + + serial = atol (argv[2]); + printserial ("", serial); + } + else + while ( argc-- > 0 ) + if ( (read_serial_fromfile (*++argv, &serial)) != 0 ) + fprintf (stderr, "couldn't read serial number from file %s\n", *argv); + else + printserial (*argv, serial); + + return 0; +} diff --git a/contrib/zkt/zkt.c b/contrib/zkt/zkt.c new file mode 100644 index 0000000..e699842 --- /dev/null +++ b/contrib/zkt/zkt.c @@ -0,0 +1,354 @@ +/***************************************************************** +** +** @(#) zkt.c -- A library for managing a list of dns zone files. +** +** Copyright (c) 2005 - 2008, Holger Zuleger HZnet. All rights reserved. +** +** This software is open source. +** +** Redistribution and use in source and binary forms, with or without +** modification, are permitted provided that the following conditions +** are met: +** +** Redistributions of source code must retain the above copyright notice, +** this list of conditions and the following disclaimer. +** +** Redistributions in binary form must reproduce the above copyright notice, +** this list of conditions and the following disclaimer in the documentation +** and/or other materials provided with the distribution. +** +** Neither the name of Holger Zuleger HZnet nor the names of its contributors may +** be used to endorse or promote products derived from this software without +** specific prior written permission. +** +** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +** POSSIBILITY OF SUCH DAMAGE. +** +*****************************************************************/ +# include <stdio.h> +# include <string.h> +#ifdef HAVE_CONFIG_H +# include <config.h> +#endif +# include "config_zkt.h" +# include "dki.h" +# include "misc.h" +# include "strlist.h" +# include "zconf.h" +#define extern +# include "zkt.h" +#undef extern + +extern char *labellist; +extern int headerflag; +extern int timeflag; +extern int exptimeflag; +extern int lifetime; +extern int ageflag; +extern int lifetimeflag; +extern int kskflag; +extern int zskflag; +extern int pathflag; +extern int ljustflag; + +static void printkeyinfo (const dki_t *dkp, const char *oldpath); + +static void printkeyinfo (const dki_t *dkp, const char *oldpath) +{ + time_t currtime; + + if ( dkp == NULL ) /* print headline */ + { + if ( headerflag ) + { + printf ("%-33.33s %5s %3s %3.3s %-7s", "Keyname", + "Tag", "Typ", "Status", "Algorit"); + if ( timeflag ) + printf (" %-20s", "Generation Time"); + if ( exptimeflag ) + printf (" %-20s", "Expiration Time"); + if ( ageflag ) + printf (" %16s", "Age"); + if ( lifetimeflag ) + printf (" %4s", "LfTm"); + putchar ('\n'); + } + return; + } + time (&currtime); + + /* TODO: use next line if dname is dynamically allocated */ + /* if ( pathflag && dkp->dname && strcmp (oldpath, dkp->dname) != 0 ) */ + if ( pathflag && strcmp (oldpath, dkp->dname) != 0 ) + printf ("%s/\n", dkp->dname); + + if ( (kskflag && dki_isksk (dkp)) || (zskflag && !dki_isksk (dkp)) ) + { + if ( ljustflag ) + printf ("%-33.33s ", dkp->name); + else + printf ("%33.33s ", dkp->name); + printf ("%05d ", dkp->tag); + printf ("%3s ", dki_isksk (dkp) ? "KSK" : "ZSK"); + printf ("%-3.3s ", dki_statusstr (dkp) ); + printf ("%-7s", dki_algo2str(dkp->algo)); + if ( timeflag ) + printf (" %-20s", time2str (dkp->gentime ? dkp->gentime: dkp->time, 's')); + if ( exptimeflag ) + printf (" %-20s", time2str (dkp->exptime, 's')); + if ( ageflag ) + printf (" %16s", age2str (dki_age (dkp, currtime))); + if ( lifetimeflag && dkp->lifetime ) + { + if ( dkp->status == 'a' ) + printf ("%c", (currtime < dkp->time + dkp->lifetime) ? '<' : '!'); + else + putchar (' '); + printf ("%hdd", dki_lifetimedays (dkp)); + } + putchar ('\n'); + } +} + +#if defined(USE_TREE) && USE_TREE +static void list_key (const dki_t **nodep, const VISIT which, int depth) +{ + const dki_t *dkp; + static const char *oldpath = ""; + + if ( nodep == NULL ) + return; +//fprintf (stderr, "listkey %d %d %s\n", which, depth, dkp->name); + + if ( which == INORDER || which == LEAF ) + { + dkp = *nodep; + while ( dkp ) /* loop through list */ + { + if ( labellist == NULL || isinlist (dkp->name, labellist) ) + printkeyinfo (dkp, oldpath); /* print entry */ + oldpath = dkp->dname; + dkp = dkp->next; + } + } +} +#endif + +void zkt_list_keys (const dki_t *data) +{ +#if ! defined(USE_TREE) || !USE_TREE + const dki_t *dkp; + const char *oldpath; +#endif + + if ( data ) /* print headline if list is not empty */ + printkeyinfo (NULL, ""); + +#if defined(USE_TREE) && USE_TREE + twalk (data, list_key); +#else + oldpath = ""; + for ( dkp = data; dkp; dkp = dkp->next ) /* loop through list */ + { + if ( labellist == NULL || isinlist (dkp->name, labellist) ) + printkeyinfo (dkp, oldpath); /* print entry */ + oldpath = dkp->dname; + } +#endif +} + +#if defined(USE_TREE) && USE_TREE +static void list_trustedkey (const dki_t **nodep, const VISIT which, int depth) +{ + const dki_t *dkp; + + if ( nodep == NULL ) + return; + + dkp = *nodep; +//fprintf (stderr, "list_trustedkey %d %d %s\n", which, depth, dkp->name); + if ( which == INORDER || which == LEAF ) + while ( dkp ) /* loop through list */ + { + if ( (dki_isksk (dkp) || zskflag) && + (labellist == NULL || isinlist (dkp->name, labellist)) ) + dki_prt_trustedkey (dkp, stdout); + dkp = dkp->next; + } +} +#endif + +void zkt_list_trustedkeys (const dki_t *data) +{ +#if !defined(USE_TREE) || !USE_TREE + const dki_t *dkp; +#endif + /* print headline if list is not empty */ + if ( data && headerflag ) + printf ("trusted-keys {\n"); + +#if defined(USE_TREE) && USE_TREE + twalk (data, list_trustedkey); +#else + + for ( dkp = data; dkp; dkp = dkp->next ) /* loop through list */ + if ( (dki_isksk (dkp) || zskflag) && + (labellist == NULL || isinlist (dkp->name, labellist)) ) + dki_prt_trustedkey (dkp, stdout); +#endif + + /* print end of trusted-key section */ + if ( data && headerflag ) + printf ("};\n"); +} + +#if defined(USE_TREE) && USE_TREE +static void list_dnskey (const dki_t **nodep, const VISIT which, int depth) +{ + const dki_t *dkp; + int ksk; + + if ( nodep == NULL ) + return; + + if ( which == INORDER || which == LEAF ) + for ( dkp = *nodep; dkp; dkp = dkp->next ) + { + ksk = dki_isksk (dkp); + if ( (ksk && !kskflag) || (!ksk && !zskflag) ) + continue; + + if ( labellist == NULL || isinlist (dkp->name, labellist) ) + { + if ( headerflag ) + dki_prt_comment (dkp, stdout); + dki_prt_dnskey (dkp, stdout); + } + } +} +#endif + +void zkt_list_dnskeys (const dki_t *data) +{ +#if defined(USE_TREE) && USE_TREE + twalk (data, list_dnskey); +#else + const dki_t *dkp; + int ksk; + + for ( dkp = data; dkp; dkp = dkp->next ) + { + ksk = dki_isksk (dkp); + if ( (ksk && !kskflag) || (!ksk && !zskflag) ) + continue; + + if ( labellist == NULL || isinlist (dkp->name, labellist) ) + { + if ( headerflag ) + dki_prt_comment (dkp, stdout); + dki_prt_dnskey (dkp, stdout); + } + } +#endif +} + +#if defined(USE_TREE) && USE_TREE +static void set_keylifetime (const dki_t **nodep, const VISIT which, int depth) +{ + const dki_t *dkp; + int ksk; + + if ( nodep == NULL ) + return; + + if ( which == INORDER || which == LEAF ) + for ( dkp = *nodep; dkp; dkp = dkp->next ) + { + ksk = dki_isksk (dkp); + if ( (ksk && !kskflag) || (!ksk && !zskflag) ) + continue; + + if ( labellist == NULL || isinlist (dkp->name, labellist) ) + dki_setlifetime ((dki_t *)dkp, lifetime); + } +} +#endif + +void zkt_setkeylifetime (dki_t *data) +{ +#if defined(USE_TREE) && USE_TREE + twalk (data, set_keylifetime); +#else + dki_t *dkp; + int ksk; + + for ( dkp = data; dkp; dkp = dkp->next ) + { + ksk = dki_isksk (dkp); + if ( (ksk && !kskflag) || (!ksk && !zskflag) ) + continue; + + if ( labellist == NULL || isinlist (dkp->name, labellist) ) + { + dki_setlifetime (dkp, lifetime); + } + } +#endif +} + + +#if defined(USE_TREE) && USE_TREE +static const dki_t *searchresult; +static int searchitem; +static void tag_search (const dki_t **nodep, const VISIT which, int depth) +{ + const dki_t *dkp; + + if ( nodep == NULL ) + return; + + if ( which == PREORDER || which == LEAF ) + for ( dkp = *nodep; dkp; dkp = dkp->next ) + { + if ( dkp->tag == searchitem ) + { + if ( searchresult == NULL ) + searchresult = dkp; + else + searchitem = 0; + } + } +} +#endif +const dki_t *zkt_search (const dki_t *data, int searchtag, const char *keyname) +{ + const dki_t *dkp = NULL; + +#if defined(USE_TREE) && USE_TREE + if ( keyname == NULL || *keyname == '\0' ) + { + searchresult = NULL; + searchitem = searchtag; + twalk (data, tag_search); + if ( searchresult != NULL && searchitem == 0 ) + dkp = (void *)01; + else + dkp = searchresult; + } + else + dkp = (dki_t*)dki_tsearch (data, searchtag, keyname); +#else + dkp = (dki_t*)dki_search (data, searchtag, keyname); +#endif + return dkp; +} + diff --git a/contrib/zkt/zkt.h b/contrib/zkt/zkt.h new file mode 100644 index 0000000..2f3398d --- /dev/null +++ b/contrib/zkt/zkt.h @@ -0,0 +1,46 @@ +/***************************************************************** +** +** @(#) zkt.h (c) 2005 - 2008 Holger Zuleger hznet.de +** +** Copyright (c) 2005 - 2008, Holger Zuleger HZnet. All rights reserved. +** +** This software is open source. +** +** Redistribution and use in source and binary forms, with or without +** modification, are permitted provided that the following conditions +** are met: +** +** Redistributions of source code must retain the above copyright notice, +** this list of conditions and the following disclaimer. +** +** Redistributions in binary form must reproduce the above copyright notice, +** this list of conditions and the following disclaimer in the documentation +** and/or other materials provided with the distribution. +** +** Neither the name of Holger Zuleger HZnet nor the names of its contributors may +** be used to endorse or promote products derived from this software without +** specific prior written permission. +** +** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +** POSSIBILITY OF SUCH DAMAGE. +** +*****************************************************************/ +#ifndef ZKT_H +# define ZKT_H + +extern const dki_t *zkt_search (const dki_t *data, int searchtag, const char *keyname); +extern void zkt_list_keys (const dki_t *data); +extern void zkt_list_trustedkeys (const dki_t *data); +extern void zkt_list_dnskeys (const dki_t *data); +extern void zkt_setkeylifetime (dki_t *data); + +#endif diff --git a/contrib/zkt/zone.c b/contrib/zkt/zone.c new file mode 100644 index 0000000..dec214e --- /dev/null +++ b/contrib/zkt/zone.c @@ -0,0 +1,336 @@ +/***************************************************************** +** +** @(#) zone.c (c) Mar 2005 Holger Zuleger hznet.de +** +** Copyright (c) Mar 2005, Holger Zuleger HZnet. All rights reserved. +** +** This software is open source. +** +** Redistribution and use in source and binary forms, with or without +** modification, are permitted provided that the following conditions +** are met: +** +** Redistributions of source code must retain the above copyright notice, +** this list of conditions and the following disclaimer. +** +** Redistributions in binary form must reproduce the above copyright notice, +** this list of conditions and the following disclaimer in the documentation +** and/or other materials provided with the distribution. +** +** Neither the name of Holger Zuleger HZnet nor the names of its contributors may +** be used to endorse or promote products derived from this software without +** specific prior written permission. +** +** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +** POSSIBILITY OF SUCH DAMAGE. +** +*****************************************************************/ +# include <stdio.h> +# include <string.h> +# include <stdlib.h> +# include <sys/types.h> +# include <sys/stat.h> +# include <dirent.h> +# include <assert.h> +#ifdef HAVE_CONFIG_H +# include <config.h> +#endif +# include "config_zkt.h" +# include "debug.h" +# include "domaincmp.h" +# include "misc.h" +# include "zconf.h" +# include "dki.h" +#define extern +# include "zone.h" +#undef extern + +/***************************************************************** +** private (static) function declaration and definition +*****************************************************************/ +static char zone_estr[255+1]; + +/***************************************************************** +** zone_alloc () +*****************************************************************/ +static zone_t *zone_alloc () +{ + zone_t *zp; + + if ( (zp = malloc (sizeof (zone_t))) ) + { + memset (zp, 0, sizeof (zone_t)); + return zp; + } + + snprintf (zone_estr, sizeof (zone_estr), + "zone_alloc: Out of memory"); + return NULL; +} + +/***************************************************************** +** zone_cmp () return <0 | 0 | >0 +*****************************************************************/ +static int zone_cmp (const zone_t *a, const zone_t *b) +{ + if ( a == NULL ) return -1; + if ( b == NULL ) return 1; + + return domaincmp (a->zone, b->zone); +} + + +/***************************************************************** +** public function definition +*****************************************************************/ + +/***************************************************************** +** zone_free () +*****************************************************************/ +void zone_free (zone_t *zp) +{ + assert (zp != NULL); + + if ( zp->zone ) free ((char *)zp->zone); + if ( zp->dir ) free ((char *)zp->dir); + if ( zp->file ) free ((char *)zp->file); + if ( zp->sfile ) free ((char *)zp->sfile); +#if 0 + /* TODO: actually there are some problems freeing the config :-( */ + if ( zp->conf ) free ((zconf_t *)zp->conf); +#endif + if ( zp->keys ) dki_freelist (&zp->keys); + free (zp); +} + +/***************************************************************** +** zone_freelist () +*****************************************************************/ +void zone_freelist (zone_t **listp) +{ + zone_t *curr; + zone_t *next; + + assert (listp != NULL); + + curr = *listp; + while ( curr ) + { + next = curr->next; + zone_free (curr); + curr = next; + } + if ( *listp ) + *listp = NULL; +} + +/***************************************************************** +** zone_new () +** allocate memory for new zone structure and initialize it +*****************************************************************/ +zone_t *zone_new (zone_t **zp, const char *zone, const char *dir, const char *file, const char *signed_ext, const zconf_t *cp) +{ + char path[MAX_PATHSIZE+1]; + zone_t *new; + + assert (zp != NULL); + assert (zone != NULL && *zone != '\0'); + + dbg_val3 ("zone_new: (zp, zone: %s, dir: %s, file: %s, cp)\n", zone, dir, file); + if ( dir == NULL || *dir == '\0' ) + dir = "."; + + if ( file == NULL || *file == '\0' ) + file = cp->zonefile; + else + { /* check if file contains a path */ + const char *p; + if ( (p = strrchr (file, '/')) != NULL ) + { + snprintf (path, sizeof (path), "%s/%.*s", dir, p-file, file); + dir = path; + file = p+1; + } + } + + if ( (new = zone_alloc ()) != NULL ) + { + char *p; + + new->zone = str_tolowerdup (zone); + new->dir = strdup (dir); + new->file = strdup (file); + /* check if file ends with ".signed" ? */ + if ( (p = strrchr (new->file, '.')) != NULL && strcmp (p, signed_ext) == 0 ) + { + new->sfile = strdup (new->file); + *p = '\0'; + } + else + { + snprintf (path, sizeof (path), "%s%s", file, signed_ext); + new->sfile = strdup (path); + } + new->conf = cp; + new->keys = NULL; + dki_readdir (new->dir, &new->keys, 0); + new->next = NULL; + } + + return zone_add (zp, new); +} + +/***************************************************************** +** zone_readdir () +*****************************************************************/ +int zone_readdir (const char *dir, const char *zone, const char *zfile, zone_t **listp, const zconf_t *conf, int dyn_zone) +{ + char *p; + char path[MAX_PATHSIZE+1]; + char *signed_ext = ".signed"; + + assert (dir != NULL && *dir != '\0'); + assert (conf != NULL); + + if ( zone == NULL ) /* zone not given ? */ + { + if ( (zone = strrchr (dir, '/')) ) /* try to extract zone name out of directory */ + zone++; + else + zone = dir; + } + dbg_val4 ("zone_readdir: (dir: %s, zone: %s, zfile: %s zp, cp, dyn_zone = %d)\n", + dir, zone, zfile ? zfile: "NULL", dyn_zone); + + if ( dyn_zone ) + signed_ext = ".dsigned"; + + if ( zfile && (p = strrchr (zfile, '/')) ) /* check if zfile contains a directory */ + { + char subdir[MAX_PATHSIZE+1]; + + snprintf (subdir, sizeof (subdir), "%s/%.*s", dir, p - zfile, zfile); + pathname (path, sizeof (path), subdir, LOCALCONF_FILE, NULL); + } + else + pathname (path, sizeof (path), dir, LOCALCONF_FILE, NULL); + dbg_val1 ("zone_readdir: check local config file %s\n", path); + if ( fileexist (path) ) /* load local config file */ + { + zconf_t *localconf; + + localconf = dupconfig (conf); + conf = loadconfig (path, localconf); + } + + if ( zfile == NULL ) + { + zfile = conf->zonefile; + pathname (path, sizeof (path), dir, zfile, signed_ext); + } + else + { + dbg_val2("zone_readdir: add %s to zonefile if not already there ? (%s)\n", signed_ext, zfile); + if ( (p = strrchr (zfile, '.')) == NULL || strcmp (p, signed_ext) != 0 ) + pathname (path, sizeof (path), dir, zfile, signed_ext); + else + pathname (path, sizeof (path), dir, zfile, NULL); + } + + dbg_val1("zone_readdir: fileexist (%s): ", path); + if ( !fileexist (path) ) /* no .signed file found ? ... */ + { + dbg_val0("no!\n"); + return 0; /* ... not a secure zone ! */ + } + dbg_val0("yes!\n"); + + dbg_val("zone_readdir: add zone (%s)\n", zone); + zone_new (listp, zone, dir, zfile, signed_ext, conf); + + return 1; +} + + +/***************************************************************** +** zone_geterrstr () +** return error string +*****************************************************************/ +const char *zone_geterrstr () +{ + return zone_estr; +} + +/***************************************************************** +** zone_add () +*****************************************************************/ +zone_t *zone_add (zone_t **list, zone_t *new) +{ + zone_t *curr; + zone_t *last; + + if ( list == NULL ) + return NULL; + if ( new == NULL ) + return *list; + + last = curr = *list; + while ( curr && zone_cmp (curr, new) < 0 ) + { + last = curr; + curr = curr->next; + } + + if ( curr == *list ) /* add node at the beginning of the list */ + *list = new; + else /* add node at end or between two nodes */ + last->next = new; + new->next = curr; + + return new; +} + +/***************************************************************** +** zone_search () +*****************************************************************/ +const zone_t *zone_search (const zone_t *list, const char *zone) +{ + if ( zone == NULL || *zone == '\0' ) + return NULL; + + while ( list && strcmp (zone, list->zone) != 0 ) + list = list->next; + + return list; +} + +/***************************************************************** +** zone_print () +*****************************************************************/ +int zone_print (const char *mesg, const zone_t *z) +{ + dki_t *dkp; + + if ( !z ) + return 0; + fprintf (stderr, "%s: zone\t %s\n", mesg, z->zone); + fprintf (stderr, "%s: dir\t %s\n", mesg, z->dir); + fprintf (stderr, "%s: file\t %s\n", mesg, z->file); + fprintf (stderr, "%s: sfile\t %s\n", mesg, z->sfile); + + for ( dkp = z->keys; dkp; dkp = dkp->next ) + { + dki_prt_comment (dkp, stderr); + } + + return 1; +} diff --git a/contrib/zkt/zone.h b/contrib/zkt/zone.h new file mode 100644 index 0000000..e785796 --- /dev/null +++ b/contrib/zkt/zone.h @@ -0,0 +1,66 @@ +/***************************************************************** +** +** @(#) zone.h -- Header file for zone info +** +** Copyright (c) Mar 2005, Holger Zuleger HZnet. All rights reserved. +** +** This software is open source. +** +** Redistribution and use in source and binary forms, with or without +** modification, are permitted provided that the following conditions +** are met: +** +** Redistributions of source code must retain the above copyright notice, +** this list of conditions and the following disclaimer. +** +** Redistributions in binary form must reproduce the above copyright notice, +** this list of conditions and the following disclaimer in the documentation +** and/or other materials provided with the distribution. +** +** Neither the name of Holger Zuleger HZnet nor the names of its contributors may +** be used to endorse or promote products derived from this software without +** specific prior written permission. +** +** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +** POSSIBILITY OF SUCH DAMAGE. +** +*****************************************************************/ +#ifndef ZONE_H +# define ZONE_H + +# include <sys/types.h> +# include <stdio.h> +# include <time.h> +# include "dki.h" + +/* all we have to know about a zone */ +typedef struct Zone { + const char *zone; /* domain name or label */ + const char *dir; /* directory of zone data */ + const char *file; /* file name (zone.db) */ + const char *sfile; /* file name of secured zone (zone.db.signed) */ + const zconf_t *conf; /* ptr to config */ /* TODO: Should this be only a ptr to a local config ? */ + dki_t *keys; /* ptr to keylist */ + struct Zone *next; /* ptr to next entry in list */ +} zone_t; + +extern void zone_free (zone_t *zp); +extern void zone_freelist (zone_t **listp); +extern zone_t *zone_new (zone_t **zp, const char *zone, const char *dir, const char *file, const char *signed_ext, const zconf_t *cp); +extern const char *zone_geterrstr (); +extern zone_t *zone_add (zone_t **list, zone_t *new); +extern const zone_t *zone_search (const zone_t *list, const char *name); +extern int zone_readdir (const char *dir, const char *zone, const char *zfile, zone_t **listp, const zconf_t *conf, int dyn_zone); +extern const char *zone_geterrstr (void); +extern int zone_print (const char *mesg, const zone_t *z); + +#endif |