Server IP : 103.119.228.120 / Your IP : 3.141.198.13 Web Server : Apache System : Linux v8.techscape8.com 3.10.0-1160.119.1.el7.tuxcare.els2.x86_64 #1 SMP Mon Jul 15 12:09:18 UTC 2024 x86_64 User : nobody ( 99) PHP Version : 5.6.40 Disable Function : shell_exec,symlink,system,exec,proc_get_status,proc_nice,proc_terminate,define_syslog_variables,syslog,openlog,closelog,escapeshellcmd,passthru,ocinum cols,ini_alter,leak,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dl,dll,myshellexec,proc_open,socket_bind,proc_close,escapeshellarg,parse_ini_filepopen,fpassthru,exec,passthru,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,popen,show_source,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,dl,symlink,shell_exec,system,dl,passthru,escapeshellarg,escapeshellcmd,myshellexec,c99_buff_prepare,c99_sess_put,fpassthru,getdisfunc,fx29exec,fx29exec2,is_windows,disp_freespace,fx29sh_getupdate,fx29_buff_prepare,fx29_sess_put,fx29shexit,fx29fsearch,fx29ftpbrutecheck,fx29sh_tools,fx29sh_about,milw0rm,imagez,sh_name,myshellexec,checkproxyhost,dosyayicek,c99_buff_prepare,c99_sess_put,c99getsource,c99sh_getupdate,c99fsearch,c99shexit,view_perms,posix_getpwuid,posix_getgrgid,posix_kill,parse_perms,parsesort,view_perms_color,set_encoder_input,ls_setcheckboxall,ls_reverse_all,rsg_read,rsg_glob,selfURL,dispsecinfo,unix2DosTime,addFile,system,get_users,view_size,DirFiles,DirFilesWide,DirPrintHTMLHeaders,GetFilesTotal,GetTitles,GetTimeTotal,GetMatchesCount,GetFileMatchesCount,GetResultFiles,fs_copy_dir,fs_copy_obj,fs_move_dir,fs_move_obj,fs_rmdir,SearchText,getmicrotime MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /usr/local/ssl/local/ssl/local/ssl/lib/python2.7/site-packages/isc/ |
Upload File : |
############################################################################ # Copyright (C) Internet Systems Consortium, Inc. ("ISC") # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. # # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. ############################################################################ from __future__ import print_function import os, sys, argparse, glob, re, time, calendar, pprint from collections import defaultdict prog='dnssec-keymgr' from isc import dnskey, keydict, keyseries, policy, parsetab, utils ############################################################################ # print a fatal error and exit ############################################################################ def fatal(*args, **kwargs): print(*args, **kwargs) sys.exit(1) ############################################################################ # find the location of an external command ############################################################################ def set_path(command, default=None): """ find the location of a specified command. If a default is supplied, exists and it's an executable, we use it; otherwise we search PATH for an alternative. :param command: command to look for :param default: default value to use :return: PATH with the location of a suitable binary """ fpath = default if not fpath or not os.path.isfile(fpath) or not os.access(fpath, os.X_OK): path = os.environ["PATH"] if not path: path = os.path.defpath for directory in path.split(os.pathsep): fpath = directory + os.sep + command if os.path.isfile(fpath) and os.access(fpath, os.X_OK): break fpath = None return fpath ############################################################################ # parse arguments ############################################################################ def parse_args(): """ Read command line arguments, returns 'args' object :return: args object properly prepared """ keygen = set_path('dnssec-keygen', os.path.join(utils.prefix('sbin'), 'dnssec-keygen')) settime = set_path('dnssec-settime', os.path.join(utils.prefix('sbin'), 'dnssec-settime')) parser = argparse.ArgumentParser(description=prog + ': schedule ' 'DNSSEC key rollovers according to a ' 'pre-defined policy') parser.add_argument('zone', type=str, nargs='*', default=None, help='Zone(s) to which the policy should be applied ' + '(default: all zones in the directory)') parser.add_argument('-K', dest='path', type=str, help='Directory containing keys', metavar='dir') parser.add_argument('-c', dest='policyfile', type=str, help='Policy definition file', metavar='file') parser.add_argument('-g', dest='keygen', default=keygen, type=str, help='Path to \'dnssec-keygen\'', metavar='path') parser.add_argument('-r', dest='randomdev', type=str, default=None, help='Path to a file containing random data to pass to \'dnssec-keygen\'', metavar='path') parser.add_argument('-s', dest='settime', default=settime, type=str, help='Path to \'dnssec-settime\'', metavar='path') parser.add_argument('-k', dest='no_zsk', action='store_true', default=False, help='Only apply policy to key-signing keys (KSKs)') parser.add_argument('-z', dest='no_ksk', action='store_true', default=False, help='Only apply policy to zone-signing keys (ZSKs)') parser.add_argument('-f', '--force', dest='force', action='store_true', default=False, help='Force updates to key events '+ 'even if they are in the past') parser.add_argument('-q', '--quiet', dest='quiet', action='store_true', default=False, help='Update keys silently') parser.add_argument('-v', '--version', action='version', version=utils.version) args = parser.parse_args() if args.no_zsk and args.no_ksk: fatal("ERROR: -z and -k cannot be used together.") if args.keygen is None: fatal("ERROR: dnssec-keygen not found") if args.settime is None: fatal("ERROR: dnssec-settime not found") # if a policy file was specified, check that it exists. # if not, use the default file, unless it doesn't exist if args.policyfile is not None: if not os.path.exists(args.policyfile): fatal('ERROR: Policy file "%s" not found' % args.policyfile) else: args.policyfile = os.path.join(utils.sysconfdir, 'dnssec-policy.conf') if not os.path.exists(args.policyfile): args.policyfile = None return args ############################################################################ # main ############################################################################ def main(): args = parse_args() # As we may have specific locations for the binaries, we put that info # into a context object that can be passed around context = {'keygen_path': args.keygen, 'settime_path': args.settime, 'keys_path': args.path, 'randomdev': args.randomdev} try: dp = policy.dnssec_policy(args.policyfile) except Exception as e: fatal('Unable to load DNSSEC policy: ' + str(e)) try: kd = keydict(dp, path=args.path, zones=args.zone) except Exception as e: fatal('Unable to build key dictionary: ' + str(e)) try: ks = keyseries(kd, context=context) except Exception as e: fatal('Unable to build key series: ' + str(e)) try: ks.enforce_policy(dp, ksk=args.no_zsk, zsk=args.no_ksk, force=args.force, quiet=args.quiet) except Exception as e: fatal('Unable to apply policy: ' + str(e))