Add script 'bind_change_SPF_qualifier.sh'.

bind_change_SPF_qualifier.sh

@@ -0,0 +1,539 @@
+#!/usr/bin/env bash
+
+
+working_dir="$(dirname $(realpath $0))"
+conf_file="${working_dir}/conf/bind.conf"
+
+log_file="$(mktemp)"
+
+backup_date="$(date +%Y-%m-%d-%H%M)"
+
+_serial_new=`date +%Y%m%d01`
+
+
+#---------------------------------------
+#-----------------------------
+# Base Function(s)
+#-----------------------------
+#---------------------------------------
+
+clean_up() {
+
+   # Perform program exit housekeeping
+   rm $log_file
+   exit $1
+}
+
+echononl(){
+   echo X\\c > /tmp/shprompt$$
+   if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
+      echo -e -n "$*\\c" 1>&2
+   else
+       echo -e -n "$*" 1>&2
+   fi
+   rm /tmp/shprompt$$
+}
+
+fatal(){
+   echo ""
+   echo -e "[ \033[31m\033[1mError\033[m ]: $*"
+   echo ""
+   echo -e "\t\033[31m\033[1mScript is canceled\033[m\033[m"
+   echo ""
+   clean_up 1
+}
+
+warn (){
+   echo ""
+   echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
+   echo ""
+}
+
+info (){
+   echo ""
+   echo -e "\t[ \033[33m\033[1mInfo\033[m ]: $*"
+   echo ""
+}
+
+ok (){
+   echo ""
+   echo -e "\t[ \033[36m\033[1mOk\033[m ]: $*"
+   echo ""
+}
+
+error(){
+   echo ""
+   echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
+   echo ""
+}
+
+echo_ok() {
+   echo -e "\033[75G[ \033[32mok\033[m ]"
+}
+echo_done() {
+   echo -e "\033[75G[ \033[32mok\033[m ]"
+}
+echo_failed(){
+   echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
+}
+echo_skipped() {
+   echo -e "\033[75G[ \033[33m\033[1mskipped\033[m ]"
+}
+
+containsElement () {
+   local e
+   for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
+   return 1
+}
+
+
+## - Test of valid IPv4 Address
+## -
+## -    Returns 0 if valid, > 0 otherwise
+## -
+is_valid_ipv4() {
+  local -a octets=( ${1//\./ } )
+  local RETURNVALUE=0
+
+  # return an error if the IP doesn't have exactly 4 octets
+  [[ ${#octets[@]} -ne 4 ]] && return 1
+
+  for octet in ${octets[@]}
+  do
+    if [[ ${octet} =~ ^[0-9]{1,3}$ ]]
+    then # shift number by 8 bits, anything larger than 255 will be > 0
+      ((RETURNVALUE += octet>>8 ))
+    else # octet wasn't numeric, return error
+      return 1
+    fi
+  done
+  return ${RETURNVALUE}
+}
+
+is_valid_ipv6() {
+   local _ipv6=$1
+
+   if [ "$1" != "${1#[0-9a-f]*:}" ] \
+      && [ "$1" = "${1#*[^0-9a-f:]}" ] \
+      && [ "${1#*[0-9A-Fa-f][0-9A-Fa-f][0-9A-Fa-f][0-9A-Fa-f][0-9A-Fa-f]}" = "${1#*:*:*:*:*:*:*:*:*:}" ]; then
+      return 0
+   else
+      return 1
+   fi
+}
+
+trap clean_up SIGHUP SIGINT SIGTERM
+
+
+
+#---------------------------------------
+#-----------------------------
+# Setting Defaults
+#-----------------------------
+#---------------------------------------
+
+DEFAULT_CONF_FILE_DIR="/etc/bind"
+DEFAULT_BIND_CACHE_DIR="/var/cache/bind"
+
+
+
+#---------------------------------------
+#-----------------------------
+# Load default values from bind.conf
+#
+# Overwrites the settings above
+# 
+#-----------------------------
+#---------------------------------------
+
+#clear
+echo ""
+echo ""
+echononl "   Loading default Configuration values from $(basename ${conf_file}).."
+if [[ ! -f "$conf_file" ]]; then
+   echo_skipped
+else
+   source "${conf_file}" > $log_file 2>&1
+   if [[ $? -eq 0 ]]; then
+      echo_ok
+   else
+      echo_failed
+      fatal "$(cat $log_file)"
+   fi
+fi
+
+[[ -n "$CONF_FILE_DIR" ]] && DEFAULT_CONF_FILE_DIR="$CONF_FILE_DIR"
+
+[[ -n "$BIND_CACHE_DIR" ]] && DEFAULT_BIND_CACHE_DIR="$BIND_CACHE_DIR"
+
+
+if [[ -n "$ZONE_FILE_MASTER_DIR" ]] ; then
+   DEFAULT_ZONE_FILE_MASTER_DIR="$ZONE_FILE_MASTER_DIR"
+else
+   DEFAULT_ZONE_FILE_MASTER_DIR="${DEFAULT_CONF_FILE_DIR}/master"
+fi
+
+if [[ -n "$ZONE_FILE_SLAVE_DIR" ]] ; then
+   DEFAULT_ZONE_FILE_SLAVE_DIR="$ZONE_FILE_SLAVE_DIR"
+else
+   DEFAULT_ZONE_FILE_SLAVE_DIR="${DEFAULT_BIND_CACHE_DIR}"
+fi
+
+if [[ -n "$ZONES_DECLARATION_FILE" ]] ; then
+   DEFAULT_ZONES_DECLARATION_FILE="$ZONES_DECLARATION_FILE"
+else
+   DEFAULT_ZONES_DECLARATION_FILE="${CONF_FILE_DIR}/named.conf.local"
+fi
+   
+
+echo ""
+_set_spf_qualifier=true
+
+echo ""
+echo -e "\033[32m--\033[m"
+echo ""
+echo "Insert current SPF qualifier."
+echo ""
+echo ""
+SPF_CURRENT_QUALIFIER=
+while [ "X$SPF_CURRENT_QUALIFIER" = "X" ]; do
+   echononl "Current SPF Qualifier: "
+   read SPF_CURRENT_QUALIFIER
+   ## - To lower case
+   SPF_CURRENT_QUALIFIER=${SPF_CURRENT_QUALIFIER,,}
+
+   if [ "X$SPF_CURRENT_QUALIFIER" = "X" ]; then
+      echo -e "\n\t\033[33m\033[1mAn entry is required!\033[m\n"
+      SPF_CURRENT_QUALIFIER=""
+      continue
+   fi
+
+   if [[ "$SPF_CURRENT_QUALIFIER" != "-all" ]] \
+      && [[ "$SPF_CURRENT_QUALIFIER" != "+all" ]] \
+      && [[ "$SPF_CURRENT_QUALIFIER" != "~all" ]] \
+      && [[ "$SPF_CURRENT_QUALIFIER" != "?all" ]] ; then
+
+      echo -e "\n\t\033[33m\033[1mInvalid qualifier '$SPF_CURRENT_QUALIFIER'\033[m\n"
+      SPF_CURRENT_QUALIFIER=""
+      continue
+   fi
+done
+
+
+echo ""
+echo -e "\033[32m--\033[m"
+echo ""
+echo "Enter the new qualifier to be replaced."
+echo ""
+
+SPF_NEW_QUALIFIER=
+while [ "X$SPF_NEW_QUALIFIER" = "X" ]; do
+   echononl "New SPF Qualifier: "
+   read SPF_NEW_QUALIFIER
+   ## - To lower case
+   SPF_NEW_QUALIFIER=${SPF_NEW_QUALIFIER,,}
+
+   if [ "X$SPF_NEW_QUALIFIER" = "X" ]; then
+      echo -e "\n\t\033[33m\033[1mAn entry is required!\033[m\n"
+      SPF_NEW_QUALIFIER=""
+      continue
+   fi
+
+   if [[ "$SPF_NEW_QUALIFIER" != "-all" ]] \
+      && [[ "$SPF_NEW_QUALIFIER" != "+all" ]] \
+      && [[ "$SPF_NEW_QUALIFIER" != "~all" ]] \
+      && [[ "$SPF_NEW_QUALIFIER" != "?all" ]] ; then
+
+      echo -e "\n\t\033[33m\033[1mInvalid qualifier '$SPF_CURRENT_QUALIFIER'\033[m\n"
+      SPF_NEW_QUALIFIER=""
+      continue
+   fi
+
+   if [[ "$SPF_NEW_QUALIFIER" = "$SPF_CURRENT_QUALIFIER" ]] ; then
+      echo -e "\n\t\033[33m\033[1mCurrent and new qualifier are identical!\033[m\n"
+      SPF_NEW_QUALIFIER=""
+      continue
+   fi
+done
+
+
+echo ""
+echo ""
+echo -e "\033[32m--\033[m"
+echo "Common parameters"
+echo -e "\033[32m--\033[m"
+
+
+echo ""
+echo "Insert directory containing the bind configuration files."
+echo ""
+CONF_FILE_DIR=""
+if [[ -n "$DEFAULT_CONF_FILE_DIR" ]] ; then
+   echononl "Bind Configuration Directory [${DEFAULT_CONF_FILE_DIR}]: "
+   read CONF_FILE_DIR
+   if [[ "X$CONF_FILE_DIR" = "X" ]]; then
+      CONF_FILE_DIR="$DEFAULT_CONF_FILE_DIR"
+   fi
+else
+   echononl "Bind Configuration Directory: "
+   read CONF_FILE_DIR
+   while [ "X$CONF_FILE_DIR" = "X" ] ; do
+      echo -e "\n\t\033[33m\033[1mSetting 'Bind Configuration Directory' is required!\033[m\n"
+      echononl "Bind Configuration Directory: "
+      read CONF_FILE_DIR
+   done
+fi
+
+[[ -n "$ZONES_DECLARATION_FILE" ]] || DEFAULT_ZONES_DECLARATION_FILE="${CONF_FILE_DIR}/named.conf.local"
+
+
+echo ""
+echo -e "\033[32m--\033[m"
+
+echo ""
+echo "Insert zones declaration file."
+echo ""
+ZONES_DECLARATION_FILE=""
+if [[ -n "$DEFAULT_ZONES_DECLARATION_FILE" ]] ; then
+   echononl "Zones Declaration File [${DEFAULT_ZONES_DECLARATION_FILE}]: "
+   read ZONES_DECLARATION_FILE
+   if [[ "X$ZONES_DECLARATION_FILE" = "X" ]]; then
+      ZONES_DECLARATION_FILE="$DEFAULT_ZONES_DECLARATION_FILE"
+   fi
+else
+   echononl "Zones Declaration File: "
+   read ZONES_DECLARATION_FILE
+   while [ "X$ZONES_DECLARATION_FILE" = "X" ] ; do
+      echo -e "\n\t\033[33m\033[1mSetting 'Zones Declaration File' is required!\033[m\n"
+      echononl "Zones Declaration File: "
+      read ZONES_DECLARATION_FILE
+   done
+fi
+
+
+echo ""
+echo -e "\033[32m--\033[m"
+
+echo ""
+echo "Insert the directory, where your zone-files resides."
+echo ""
+echo ""
+ZONE_FILE_MASTER_DIR=""
+if [[ -n "$DEFAULT_ZONE_FILE_MASTER_DIR" ]] ; then
+   echononl "Zone File Directory (master) [${DEFAULT_ZONE_FILE_MASTER_DIR}]: "
+   read ZONE_FILE_MASTER_DIR
+   if [[ "X$ZONE_FILE_MASTER_DIR" = "X" ]]; then
+      ZONE_FILE_MASTER_DIR="$DEFAULT_ZONE_FILE_MASTER_DIR"
+   fi
+else
+   echononl "Zone File Directory (master): "
+   read ZONE_FILE_MASTER_DIR
+   while [ "X$ZONE_FILE_MASTER_DIR" = "X" ] ; do
+      echo -e "\n\t\033[33m\033[1mSetting 'Zone File Directory (master)' is required!\033[m\n"
+      echononl "Zone File Directory (master): "
+      read ZONE_FILE_MASTER_DIR
+   done
+fi
+
+
+clear
+echo ""
+echo ""
+echo -e "\033[21G\033[32mReplace IP-Address(es)\033[m"
+echo ""
+
+echo ""
+echo "Current SPF Qualifier......................: ${SPF_CURRENT_QUALIFIER}"
+echo "New SPF Qualifier..........................: ${SPF_NEW_QUALIFIER}"
+echo ""
+echo "Bind Configuration Directory...............: $CONF_FILE_DIR"
+echo "Zones Declaration File.....................: $ZONES_DECLARATION_FILE"
+echo "Zone File Directory (master)...............: $ZONE_FILE_MASTER_DIR"
+#echo "Zone File Suffix...........................: $ZONE_FILE_SUFFIX"
+
+echo ""
+OK=
+while [ "$OK" != "yes" -o "$OK" != "no" ] ; do
+   echononl "Parameters ok? [yes/no]: "
+   read OK
+   ## - To lower case
+   OK=${OK,,}
+   if [ "X$OK" = "X" ]; then
+      echo -e "\n\t\033[33m\033[1mAn entry is required!\033[m\n"
+      OK=""
+      continue
+   fi
+   if [ "$OK" != "yes" -o "$OK" != "no" ] ; then
+      break
+   fi
+   echo -e "\n\t\033[33m\033[1mWrong entry!\033[m\n"
+done
+[[ $OK = "yes" ]] || fatal Repeat execution with different parameters
+
+echo ""
+
+
+echononl "\tBackup directory '${ZONE_FILE_MASTER_DIR}'.."
+cp -a "${ZONE_FILE_MASTER_DIR}" "${ZONE_FILE_MASTER_DIR}.${backup_date}" > $log_file 2>&1
+if [[ $? -eq 0 ]]; then
+   echo_ok
+else
+   echo_failed
+   fatal "$(cat $log_file)"
+fi
+
+echo ""
+echo ""
+echo -e "\033[37m\033[1mDetermine zone files conatining SPF record requested for change..\033[m"
+
+_found=false
+_is_master=false
+zonefiles_arr=()
+zone_file=""
+regex_master="type[[:space:]]+master"
+regex_file="^[[:space:]]*file"
+while IFS='' read -r _line || [[ -n $_line ]] ; do
+
+   if [[ $_line  =~ ^[[:space:]]*zone[[:space:]]+ ]]; then
+      _found=true
+      zone="$(echo $_line | awk '{print$2}')"
+      shopt -s extglob
+      if [[ $zone =~ \; ]]; then
+         zone=${zone%%*(\;)}
+      fi
+      if [[ $zone =~ ^\" ]]; then
+         zone=${zone##*(\")}
+         zone=${zone%%*(\")}
+      fi
+      shopt -u extglob
+   fi
+   if $_found ; then
+      if [[ $_line  =~ $regex_file ]]; then
+         zone_file=$(echo $_line | awk '{print$2}')
+         shopt -s extglob
+         if [[ $zone_file =~ \; ]]; then
+            zone_file=${zone_file%%*(\;)}
+         fi
+         if [[ $zone_file =~ ^\" ]]; then
+            zone_file=${zone_file##*(\")}
+            zone_file=${zone_file%%*(\")}
+         fi
+         shopt -u extglob
+      fi
+      if [[ $_line  =~ $regex_master ]]; then
+         _is_master=true
+      fi
+      if [[ "$_line"  =~ ^[[:space:]]*\}[[:space:]]*\; ]]; then
+         if $_is_master && [[ -n "$zone_file" ]]; then
+
+            if $(grep -q -E "\s*.*IN\s*TXT\s*\"v=spf1.*${SPF_CURRENT_QUALIFIER}\"" "$zone_file") ; then
+
+               if [ ${#zonefiles_arr[@]} -eq 0 ] ; then
+                  zonefiles_arr+=("${zone_file}:$zone")
+               else
+                  if ! containsElement "${zone_file}:$zone"  "${zonefiles_arr[@]}" ; then
+                     zonefiles_arr+=("${zone_file}:$zone")
+                  fi
+               fi
+            fi
+         fi
+         _is_master=false
+         _found=false
+         zone_file=""
+      fi
+   fi
+done < "$ZONES_DECLARATION_FILE"
+
+echo ""
+
+
+for _val in ${zonefiles_arr[@]} ; do
+
+   IFS=':' read -a _val_arr <<< "${_val}"
+
+   zone_file="${_val_arr[0]}"
+   zone="${_val_arr[1]}"
+
+   echo -e "\tEditing \033[1m$zone_file\033[m .."
+      
+   _replaced=false
+
+   ## - setze neue ipv4 adresse
+   ## -
+   echononl "\t   Change SPF Qualifier to value '${SPF_NEW_QUALIFIER}'.."
+
+   _replaced=false
+
+   perl -i -n -p -e "s#^(.*IN\s+TXT\s+\"v=spf1.*)${SPF_CURRENT_QUALIFIER}\"#\1${SPF_NEW_QUALIFIER}\"#" $zone_file > /dev/null 2>&1
+
+   if [[ $? -eq 0 ]]; then
+      echo_ok
+      _replaced=true
+   else
+      echo_failed
+   fi
+
+   # - Calculate new serial
+   # -
+   echo ""
+   echononl "\t   Calculate new serial"
+   if $_replaced ; then
+      declare -i __serial=`grep -e "[0-9]\{10\}" $zone_file | grep serial | awk '{print$1}'`
+      while [ ! $_serial_new -gt $__serial ]; do
+         let _serial_new++
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+
+   # - Set new serial
+   # -
+   echononl "\t   Increase Serial for zone file \"`basename $zone_file`\""
+   if $_replaced ; then
+      perl -i -n -p -e "s#^(\s*)\s$__serial(.*)#\1 $_serial_new\2#" $zone_file > /dev/null 2>&1
+      if [ "$?" = "0" ]; then
+         echo_ok
+      else
+         echo_failed
+         error "Increasing Serial for zone file \"`basename $zone_file`\" failed!"
+      fi
+   else
+      echo_skipped
+   fi
+
+   # - Reload Zone
+   # -
+   echononl "\t   Reload zone '${zone}'"
+   if $_replaced ; then
+      /usr/sbin/rndc reload $zone > /dev/null 2>&1
+      if [[ $? -gt 0 ]]; then
+         echo_failed
+      else
+         echo_ok
+      fi
+   else
+      echo_skipped
+   fi
+
+   echo
+
+done
+
+if [[ -d "${ZONE_FILE_MASTER_DIR}.${backup_date}" ]] ; then
+   diff -Nur "${ZONE_FILE_MASTER_DIR}" "${ZONE_FILE_MASTER_DIR}.${backup_date}" > /dev/null 2>&1
+   if [[ $? -eq 0 ]]; then
+      info "No zone file has changed.\n\t          Removing previously created backup"
+      echononl "\tDelete '${ZONE_FILE_MASTER_DIR}.${backup_date}'.."
+      rm -rf "${ZONE_FILE_MASTER_DIR}.${backup_date}" > $log_file 2>&1
+      if [[ $? -eq 0 ]]; then
+         echo_ok
+      else
+         echo_failed
+      fi
+   fi
+fi
+
+
+echo ""
+clean_up 0