def delzone(zone): # Remove a zone from Knot DNS, so it is no longer served. # Note: The removal is even done when key material still # exists. In this case, the zone is no longer delivered # but the key material is assumed to be cleaned up by an # orthogonal process [that will shrug if the zone has # been removed already]. # # Note: Zone deletion is not done in the parenting procedure, # as it can silently ignore the case of a deleted zone (for which # we need, at minimum, the SOA record). The parenting exchange # needs no hint when we delete a zone. # global_lock = open('/tmp/knotc-global-lock', 'w') fcntl.lockf(global_lock, fcntl.LOCK_EX) rv0 = os.system('/usr/sbin/knotc conf-begin') rv1 = 0 rv2 = 0 if rv0 == 0: rv1 = os.system('/usr/sbin/knotc conf-unset zone.domain "' + zone + '"') if rv0 == 0 and rv1 == 0: rv2 = os.system('/usr/sbin/knotc -f zone-purge "' + zone + '"') if rv0 == 0 and rv1 == 0 and rv2 == 0: os.system('/usr/sbin/knotc conf-commit') else: if rv0 == 0: os.system('/usr/sbin/knotc conf-abort') log_error('Knot DNS could not delete zone', zone, '(%d,%d,%d)' % (rv0, rv1, rv2)) global_lock.close()
def zone_add(zone, knot_zone_file): raise NotImplementedError( 'Add zones in ods-zonerecv instead of in ods-parenting-exchange') return #TODO#HERE-OR-DURING-RECV# global_lock = open('/tmp/knotc-global-lock', 'w') fcntl.lockf(global_lock, fcntl.LOCK_EX) rv0 = os.system('/usr/sbin/knotc conf-begin') if rv0 == 0: rv1 = os.system('/usr/sbin/knotc conf-set zone.domain "' + zone + '"') # Ignore the result, as it may be taken care of already if rv1 != 0: rv1 = 0 if rv0 == 0 and rv1 == 0: try: fd = open(knot_zone_file, 'w') fd.write(zone + ' 300 IN SOA ns1.' + zone + ' dns-beheer.' + zone + ' 0 300 300 300 300\n') fd.close() rv2 = 0 except: rv2 = 2 if rv0 == 0 and rv1 == 0 and rv2 == 0: os.system('/usr/sbin/knotc conf-commit') else: os.system('/usr/sbin/knotc conf-abort') log_error('Knot DNS could not add zone', zone) global_lock.close()
def connect(): global sidn_host, sidn_port, sidn_root try: sox = socket.socket(socket.AF_INET, socket.SOCK_STREAM) soxplus = ssl.wrap_socket(sox, ca_certs=sidn_root, cert_reqs=ssl.CERT_REQUIRED) soxplus.connect((sidn_host, sidn_port)) hello(soxplus) login(soxplus) return soxplus except: log_error('Failed to securely connect to server %s:%d\n' % (sidn_host, sidn_port)) raise
def addzone(zone, zonedata): # Ensure that a zone is served by Knot DNS. # Note: Key setup and DNSSEC signing is orthogonally setup; # it defaults to being off, so an unsigned zone is delivered. # # Note: This procedure is idempotent, zone additions are neutral # for already-existing zones. # # Note: Zone addition is not done in the parenting procedure, # as it makes little sense there without actual zone data (with, # at minimum, the SOA record). The parenting exchange will get # a hint when we add a zone though, so it can append any child # name server records as soon as we add the zone. # global_lock = open('/tmp/knotc-global-lock', 'w') fcntl.lockf(global_lock, fcntl.LOCK_EX) rv0 = os.system('/usr/sbin/knotc conf-begin') rv1 = 0 rv2 = 0 if rv0 == 0: os.system('/usr/sbin/knotc conf-set zone.domain "' + zone + '"') # Ignore the result; the zone may already exist; check that rv1 = os.system('/usr/sbin/knotc conf-get "zone[' + zone + ']"') if rv0 == 0 and rv1 == 0: try: knot_signed = '/var/opendnssec/signed/' + zone + '.txt' shared = stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IWGRP fd = open(knot_signed, 'w') fd.write(zonedata) fd.close() os.chmod(knot_signed, shared) rv2 = os.system('/usr/sbin/knotc conf-set "zone[' + zone + '].file" "' + knot_signed + '"') except: rv2 = 2 if rv0 == 0 and rv1 == 0 and rv2 == 0: os.system('/usr/sbin/knotc conf-commit') log_debug('CMD> ods-keyops-knot-sharekey "' + zone + '"') os.system('ods-keyops-knot-sharekey "' + zone + '"') else: if rv0 == 0: os.system('/usr/sbin/knotc conf-abort') log_error('Knot DNS could not add zone', zone, '(%d,%d,%d)' % (rv0, rv1, rv2)) global_lock.close()
def connect(): # # Create the queueing infrastructure for the parent exchange. # creds = rabbitdnssec.my_credentials(ovr_username='******') cnxparm = rabbitdnssec.my_connectionparameters(creds) intcnx = None chan = None try: intcnx = pika.BlockingConnection(cnxparm) chan = intcnx.channel() #TODO:CLASS# chan.basic_consume (process_msg, queue=queue_name) #TODO:NOTHERE# chan.tx_select () #TODO:CLASS# chan.start_consuming () return (intcnx, chan) except pika.exceptions.AMQPChannelError, e: log_error('AMQP Channel Error:', e) sys.exit(1)
def zone_del(zone): raise NotImplementedError( 'Delete zones in ods-zonerecv instead of in ods-parenting-exchange') return #TODO#HERE-OR-DURING-RECV# global_lock = open('/tmp/knotc-global-lock', 'w') fcntl.lockf(global_lock, fcntl.LOCK_EX) rv0 = os.system('/usr/sbin/knotc conf-begin') if rv0 == 0: rv1 = os.system('/usr/sbin/knotc conf-unset zone.domain "' + zone + '"') if rv0 == 0 and rv1 == 0: rv2 = os.system('/usr/sbin/knotc zone-purge "' + zone + '"') if rv0 == 0 and rv1 == 0 and rv2 == 0: os.system('/usr/sbin/knotc conf-commit') else: os.system('/usr/sbin/knotc conf-abort') log_error('Knot DNS could not delete zone', zone) global_lock.close()
def syncio(sox, query): try: if query: #DEBUG_SHOWS_PASSWORD# sys.stdout.write (query) query = struct.pack('>L', 4 + len(query)) + query sox.send(query) else: log_debug('Picking up response without sending a query\n') except: log_error('Failed to send message to registry server\n') raise try: resplen = struct.unpack('>L', sox.read(4))[0] - 4 # syslog (LOG_DEBUG, 'Receiving %d response bytes from registry' % resplen) xmltext = '' while len(xmltext) < resplen: xmltext = xmltext + sox.read(resplen - len(xmltext)) #DEBUG_SHOWS_ANYTHING# sys.stdout.write (xmltext) except: log_error('Failed to receive reply from registry server\n') raise try: xmltree = etree.fromstring(xmltext) return xmltree except: log_error('Failed to parse XML:\n| ' + xmltext.replace('\n', '\n| ')) raise
def zone_update(zone, new_zone_file, knot_zone_file): tmp_zone_file = '/tmp/' + zone log_debug('CMD> /usr/sbin/knotc zone-read "' + zone + '" | sed \'s/^\[[^]]*\] *//\' > "' + tmp_zone_file + '"') os.system('/usr/sbin/knotc zone-read "' + zone + '" | sed \'s/^\[[^]]*\] *//\' > "' + tmp_zone_file + '"') log_debug('CMD> ldns-zonediff -k -o "' + zone + '" "' + tmp_zone_file + '" "' + new_zone_file + '" | /usr/sbin/knotc') os.system('ldns-zonediff -k -o "' + zone + '" "' + tmp_zone_file + '" "' + new_zone_file + '" | /usr/sbin/knotc') # ignore previous result, but check the result log_debug('CMD> /usr/sbin/knotc zone-read "' + zone + '" | sed \'s/^\[[^]]*\] *//\' > "' + tmp_zone_file + '"') os.system('/usr/sbin/knotc zone-read "' + zone + '" | sed \'s/^\[[^]]*\] *//\' > "' + tmp_zone_file + '"') log_debug('CMD> ldns-zonediff -o "' + zone + '" "' + tmp_zone_file + '" "' + new_zone_file + '"') exitval = os.system('ldns-zonediff -o "' + zone + '" "' + tmp_zone_file + '" "' + new_zone_file + '"') if exitval != 0: log_error( 'Knot DNS has not received/processed complete zone file update for', zone)
def zone_exists(zone_name=''): if os.system("knotc zone-read '" + zone_name + "' > /dev/null") != 0: log_error('Have no zone for ', zone_name) return False else: return True
def fatal(errstr): log_error('Fatal error:', errstr, '-- Closing shell with force') closelog() sys.exit(1)
# sidn_host = cfg['registry_sidn_host'] sidn_port = int(cfg['registry_sidn_port']) sidn_user = cfg['registry_sidn_account'] sidn_pass = cfg['registry_sidn_password'] sidn_root = cfg['registry_sidn_calist'] sidn_lock = cfg['registry_sidn_epplock'] # Check invocation when called as main script # #TODO# Perhaps skip configuration file parsing for main script? # server_tuple = None if __name__ == '__main__': if len(sys.argv) > 3: log_error('Usage: ' + sys.argv[0] + ' [<registry> [<port>]]\n') sys.exit(1) try: if len(sys.argv) >= 2: # Override hostname sidn_host = sys.argv[1] if len(sys.argv) >= 3: # Override port sidn_port = int(sys.argv[2]) except: log_error('Registry ' + sys.argv[1] + ':' + sys.argv[2] + ' is unknown\n') sys.exit(1) # # A few oft-used strings as an easy-to-use (constant-value) variable
creds = rabbitdnssec.my_credentials(ovr_username='******') cnxparm = rabbitdnssec.my_connectionparameters(creds) intcnx = None chan = None try: intcnx = pika.BlockingConnection(cnxparm) chan = intcnx.channel() #TODO:CLASS# chan.basic_consume (process_msg, queue=queue_name) #TODO:NOTHERE# chan.tx_select () #TODO:CLASS# chan.start_consuming () return (intcnx, chan) except pika.exceptions.AMQPChannelError, e: log_error('AMQP Channel Error:', e) sys.exit(1) except pika.exceptions.AMQPError, e: log_error('AMQP Error:', e) sys.exit(1) # # Terminate any outstanding connection to the local parent # def disconnect(cnx): (intcnx, chan) = cnx # # To end this program, unwind all instances and unregister our own # callback to cb_uploaded_hint(). # chan.basic_cancel(uploaded_hints_tag) for pex in parenting_exchange.values(): pex.close()