--- bind/bin/rndc/rndc-confgen.c +++ bind/bin/rndc/rndc-confgen.c @@ -45,7 +45,7 @@ #include "util.h" -#define DEFAULT_KEYLENGTH 128 /* Bits. */ +#define DEFAULT_KEYLENGTH 256 /* Bits. */ #define DEFAULT_KEYNAME "rndc-key" #define DEFAULT_SERVER "127.0.0.1" #define DEFAULT_PORT 953 @@ -62,8 +62,9 @@ usage(int status) { fprintf(stderr, "\ Usage:\n\ - %s [-a] [-b bits] [-c keyfile] [-k keyname] [-p port] [-r randomfile] \ + %s [-A|-a] [-b bits] [-c keyfile] [-k keyname] [-p port] [-r randomfile] \ [-s addr] [-t chrootdir] [-u user]\n\ + -A: generate just the key clause and output it to stdout\n\ -a: generate just the key clause and write it to keyfile (%s)\n\ -b bits: from 1 through 512, default %d; total length of the secret\n\ -c keyfile: specify an alternate key file (requires -a)\n\ @@ -135,6 +136,7 @@ main(int argc, char **argv) { char *chrootdir = NULL; char *user = NULL; isc_boolean_t keyonly = ISC_FALSE; + isc_boolean_t gen_key_only = ISC_FALSE; int len; keydef = keyfile = RNDC_KEYFILE; @@ -150,11 +152,14 @@ main(int argc, char **argv) { port = DEFAULT_PORT; while ((ch = isc_commandline_parse(argc, argv, - "ab:c:hk:Mmp:r:s:t:u:Vy")) != -1) { + "Aab:c:hk:Mmp:r:s:t:u:Vy")) != -1) { switch (ch) { case 'a': keyonly = ISC_TRUE; break; + case 'A': + gen_key_only = ISC_TRUE; + break; case 'b': keysize = strtol(isc_commandline_argument, &p, 10); if (*p != '\0' || keysize < 0) @@ -212,6 +217,9 @@ main(int argc, char **argv) { } } + if (keyonly && gen_key_only) + fatal("-a and -A are mutually exclusive options"); + argc -= isc_commandline_index; argv += isc_commandline_index; @@ -263,7 +271,11 @@ main(int argc, char **argv) { isc_entropy_detach(&ectx); dst_lib_destroy(); - if (keyonly) { + if (gen_key_only) { + printf("%.*s\n", + (int)isc_buffer_usedlength(&key_txtbuffer), + (char *)isc_buffer_base(&key_txtbuffer)); + } else if (keyonly) { write_key_file(keyfile, chrootdir == NULL ? user : NULL, keyname, &key_txtbuffer);