diff --git a/conf/delete_dkim_key.conf.sample b/conf/delete_dkim_key.conf.sample new file mode 100644 index 0000000..873759d --- /dev/null +++ b/conf/delete_dkim_key.conf.sample @@ -0,0 +1,62 @@ +# --------------------------------------------------------- +# - Parameter Settings for script 'delete_dkim_key.sh'. +# --------------------------------------------------------- + + +# ---------- +# DNS Server +# ---------- + +# - DNS_DKIM_ZONE_MASTER_SERVER +# - +# - The DNS Server who is serving the update zone and is used +# - for the dynamic updates (nsupdate) +# - +# - Example: +# - +# - DNS_DKIM_ZONE_MASTER_SERVER="b.ns.oopen.de" +# - DNS_DKIM_ZONE_MASTER_SERVER="dns0.warenform.de" +# +DNS_DKIM_ZONE_MASTER_SERVER="b.ns.oopen.de" + + +# ---------- +# TSIG Key +# ---------- + +# - KEY_SECRET +# - +# - Sectret Key used by 'nsupdate' to create/update the +# - DKIM TXT record. +# - +# - Example: +# - +# - # Key b.ns.oopen.de +# - key_secret="EtvvMdW0PXD4GMHP+onuHZ0dT/Z8OSJGlce/xH10OwI=" +# - +# - # Key dns0.warenform.de +# - key_secret="qG9e/gOucCXcwVUTU+uewU0Yth1iJh2JHgnogrHvh2A=" +# - +#KEY_SECRET="" + +# - KEY_ALGO +# - +# - The key algorithm used for key creation. Available choices are: hmac-md5, +# - hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384 and hmac-sha512. The +# - default is hmac-sha256. Options are case-insensitive. +# - +# - Example: +# - KEY_ALGO="hmac-md5" +# - +# - Defaults to 'hmac-sha256' +# - +#KEY_ALGO="hmac-sha256" + +# - KEY_NAME +# - +# - Name of the Key +# - +# - Defaults to "$update_zone" +# - +#KEY_NAME="update-dkim" + diff --git a/delete_dkim_key.sh b/delete_dkim_key.sh new file mode 100755 index 0000000..a514e9b --- /dev/null +++ b/delete_dkim_key.sh @@ -0,0 +1,495 @@ +#!/usr/bin/env bash + + +script_name="$(basename $(realpath $0))" +working_dir="$(dirname $(realpath $0))" + +conf_file="${working_dir}/conf/${script_name%%.*}.conf" + +LOCK_DIR="/tmp/$(basename $0).$$.LOCK" +log_file="${LOCK_DIR}/${script_name%%.*}.log" + + +# ---------- +# Base Function(s) +# ---------- + +usage() { + + + [[ -n "$1" ]] && error "$1" + + + [[ $terminal ]] && echo -e " +\033[1mUsage:\033[m + + $(basename $0) [OPTION [OPTION .. + +\033[1mDescription\033[m + + + +\033[1mOptions\033[m + + + +\033[1mFiles\033[m + + $conf_file: Configuration file + +\033[1mExample:\033[m + + + + $(basename $0) .. + + + + $(basename $0) .. + +" + + clean_up 1 + +} + +clean_up() { + + # Perform program exit housekeeping + rm -rf "$LOCK_DIR" + blank_line + exit $1 +} + +echononl(){ + if $terminal ; then + echo X\\c > /tmp/shprompt$$ + if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then + echo -e -n " $*\\c" 1>&2 + else + echo -e -n " $*" 1>&2 + fi + rm /tmp/shprompt$$ + fi +} + +fatal(){ + echo "" + if $terminal ; then + echo -e " [ \033[31m\033[1mFatal\033[m ]: $*" + echo "" + echo -e " \033[31m\033[1mScript was interupted\033[m!" + else + echo " [ Fatal ]: $*" + echo "" + echo " Script was terminated...." + fi + echo "" + clean_up 1 +} + +error (){ + echo "" + if $terminal ; then + echo -e " [ \033[31m\033[1mError\033[m ]: $*" + else + echo " [ Error ]: $*" + fi + echo "" +} + +warn (){ + if $terminal ; then + echo "" + echo -e " [ \033[33m\033[1mWarning\033[m ]: $*" + echo "" + fi +} + +info (){ + if $terminal ; then + echo "" + echo -e " [ \033[32m\033[1mInfo\033[m ]: $*" + echo "" + fi +} + +ok (){ + if $terminal ; then + echo "" + echo -e " [ \033[32m\033[1mOk\033[m ] $*" + echo "" + fi +} + +echo_done() { + if $terminal ; then + echo -e "\033[95G[ \033[32mdone\033[m ]" + fi +} +echo_ok() { + if $terminal ; then + echo -e "\033[95G[ \033[32mok\033[m ]" + fi +} +echo_warn() { + if $terminal ; then + echo -e "\033[95G[ \033[33mwarn\033[m ]" + fi +} +echo_failed(){ + if $terminal ; then + echo -e "\033[95G[ \033[1;31mfailed\033[m ]" + fi +} +echo_skipped() { + if $terminal ; then + echo -e "\033[95G[ \033[90m\033[1mskipped\033[m ]" + fi +} +echo_wait(){ + if $terminal ; then + echo -en "\033[95G[ \033[5m\033[1m...\033[m ]" + fi +} + +trim() { + local var="$*" + var="${var#"${var%%[![:space:]]*}"}" # remove leading whitespace characters + var="${var%"${var##*[![:space:]]}"}" # remove trailing whitespace characters + echo -n "$var" +} + +blank_line() { + if $terminal ; then + echo "" + fi +} + + + +# ---------- +# - Jobhandling +# ---------- + +# - Run 'clean_up' for signals SIGHUP SIGINT SIGTERM +# - +trap clean_up SIGHUP SIGINT SIGTERM + +# - Create lock directory '$LOCK_DIR" +# +mkdir "$LOCK_DIR" + + + +# ---------- +# - Some checks .. +# ---------- + +# - Running in a terminal? +# - +if [[ -t 1 ]] ; then + terminal=true +else + terminal=false +fi + + + +# ------------- +# - Default values +# ------------- + +# - Give your default values here +# - +DEFAULT_DNS_DKIM_ZONE_MASTER_SERVER="b.ns.oopen.de" +DEFAULT_KEY_ALGO="hmac-sha256" +DEFAULT_KEY_NAME="update-dkim" + +DEFAULT_DKIM_SELECTOR="" + + + +if [[ -f "$conf_file" ]]; then + source "$conf_file" +else + warn "No configuration file '$conf_file' present.\n + Loading default values.." +fi + + +if [[ -n "$(trim "$DNS_DKIM_ZONE_MASTER_SERVER")" ]] ; then + DEFAULT_DNS_DKIM_ZONE_MASTER_SERVER="${DNS_DKIM_ZONE_MASTER_SERVER}" + DNS_DKIM_ZONE_MASTER_SERVER="" +fi + +if [[ -n "$(trim "$KEY_ALGO")" ]] ; then + DEFAULT_KEY_ALGO="${KEY_ALGO}" + KEY_ALGO="" +fi + +if [[ -n "$(trim "$KEY_NAME")" ]] ; then + DEFAULT_KEY_NAME="${KEY_NAME}" + KEY_NAME="" +fi + +if [[ -n "$(trim "$KEY_SECRET")" ]] ; then + DEFAULT_KEY_SECRET="${KEY_SECRET}" + KEY_SECRET="" +fi + + +if $terminal ; then + + echo "" + echo -e "\033[32m--\033[m" + echo "" + echo " Insert the mail domain name for which a DKIM should be deleted." + echo "" + echo "" + echononl " DKIM domain: " + read DKIM_DOMAIN + while [ "X$DKIM_DOMAIN" = "X" ] ; do + echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n" + echononl " DKIM domain: " + read DKIM_DOMAIN + done + + + DEFAULT_DKIM_UPDATE_ZONE="_domainkey.${DKIM_DOMAIN}" + + echo -e "\033[32m--\033[m" + echo "" + echo " Insert the zone containing the DKIM key record." + echo "" + echo "" + echononl " DKIM Zone [${DEFAULT_DKIM_UPDATE_ZONE}]: " + read DKIM_UPDATE_ZONE + if [[ "X$DKIM_UPDATE_ZONE" = "X" ]] ; then + DKIM_UPDATE_ZONE="${DEFAULT_DKIM_UPDATE_ZONE}" + fi + + + echo "" + echo -e "\033[32m--\033[m" + echo "" + echo " Specify the DKIM selector to delete" + echo "" + echo "" + echononl " DKIM selector: " + read DKIM_SELECTOR + while [ "X$DKIM_SELECTOR" = "X" ] ; do + echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n" + echononl " DKIM selector: " + read DKIM_SELECTOR + done + + + echo "" + echo -e "\033[32m--\033[m" + echo "" + echo -e " Insert DNS master server for domain \033[1m$DKIM_UPDATE_ZONE\033[m" + echo "" + echo "" + + if [[ -n "${DEFAULT_KEY_SECRET}" ]] ; then + echononl " DNS master server [${DEFAULT_DNS_DKIM_ZONE_MASTER_SERVER}]: " + read DNS_DKIM_ZONE_MASTER_SERVER + if [[ "X$DNS_DKIM_ZONE_MASTER_SERVER" = "X" ]] ; then + DNS_DKIM_ZONE_MASTER_SERVER="${DEFAULT_DNS_DKIM_ZONE_MASTER_SERVER}" + fi + else + echononl " DNS master server: " + read KEY_SECRET + while [[ "X$KEY_SECRET" = "X" ]] ; do + echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n" + echononl " Key secret: " + read KEY_SECRET + done + fi + + + + echo "" + echo -e "\033[32m--\033[m" + echo "" + echo " Insert Key name" + echo "" + echo "" + echononl " Key name [${DEFAULT_KEY_NAME}]: " + read KEY_NAME + if [[ "X$KEY_NAME" = "X" ]] ; then + KEY_NAME="${DEFAULT_KEY_NAME}" + fi + + + echo "" + echo -e "\033[32m--\033[m" + echo "" + echo " Insert Key secret" + echo "" + echo "" + + if [[ -n "${DEFAULT_KEY_SECRET}" ]] ; then + echononl " Key secret [${DEFAULT_KEY_SECRET}]: " + read KEY_SECRET + if [[ "X$KEY_SECRET" = "X" ]] ; then + KEY_SECRET="${DEFAULT_KEY_SECRET}" + fi + else + echononl " Key secret: " + read KEY_SECRET + while [[ "X$KEY_SECRET" = "X" ]] ; do + echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n" + echononl " Key secret: " + read KEY_SECRET + done + fi + + + echo "" + echo -e "\033[32m--\033[m" + echo "" + echo " Specifies the algorithm to use for the TSIG key." + echo "" + if [[ "hmac-md5" = "${DEFAULT_KEY_ALGO}" ]] ; then + echo -e " [1] \033[37m\033[1m${DEFAULT_KEY_ALGO}\033[m" + else + echo " [1] hmac-md5" + fi + if [[ "hmac-sha1" = "${DEFAULT_KEY_ALGO}" ]] ; then + echo -e " [2] \033[37m\033[1m${DEFAULT_KEY_ALGO}\033[m" + else + echo " [2] hmac-sha1" + fi + if [[ "hmac-sha224" = "${DEFAULT_KEY_ALGO}" ]] ; then + echo -e " [3] \033[37m\033[1m${DEFAULT_KEY_ALGO}\033[m" + else + echo " [3] hmac-sha224" + fi + if [[ "hmac-sha256" = "${DEFAULT_KEY_ALGO}" ]] ; then + echo -e " [4] \033[37m\033[1m${DEFAULT_KEY_ALGO}\033[m" + else + echo " [4] hmac-sha256" + fi + if [[ "hmac-sha384" = "${DEFAULT_KEY_ALGO}" ]] ; then + echo -e " [5] \033[37m\033[1m${DEFAULT_KEY_ALGO}\033[m" + else + echo " [5] hmac-sha384" + fi + if [[ "hmac-sha512" = "${DEFAULT_KEY_ALGO}" ]] ; then + echo -e " [6] \033[37m\033[1m${DEFAULT_KEY_ALGO}\033[m" + else + echo " [6] hmac-sha512" + fi + + echo "" + echo " Type a number or press to choose highlighted value" + echo "" + echononl " Key algorithm [${DEFAULT_KEY_ALGO}]: " + + while [[ "$KEY_ALGO" != "hmac-md5" ]] \ + && [[ "$KEY_ALGO" != "hmac-sha1" ]] \ + && [[ "$KEY_ALGO" != "hmac-sha224" ]] \ + && [[ "$KEY_ALGO" != "hmac-sha256" ]] \ + && [[ "$KEY_ALGO" != "hmac-sha384" ]] \ + && [[ "$KEY_ALGO" != "hmac-sha512" ]] ; do + read OPTION + case $OPTION in + 1) KEY_ALGO="hmac-md5" ;; + 2) KEY_ALGO="hmac-sha1" ;; + 3) KEY_ALGO="hmac-sha224" ;; + 4) KEY_ALGO="hmac-sha256" ;; + 5) KEY_ALGO="hmac-sha384" ;; + 6) KEY_ALGO="hmac-sha512" ;; + '') KEY_ALGO="${DEFAULT_KEY_ALGO}" ;; + *) echo "" + echo -e " \033[33m\033[1mFalsche Eingabe ! [ 1 = hmac-md5 | 2 = hmac-sha1 | .. ]\033[m" + echo "" + echononl " Key algorithm [hmac-sha256]:" + ;; + esac + done + +fi + + +if [[ -z "$(trim "${DKIM_DOMAIN}")" ]]; then + fatal "Variable \033[1mDKIM_DOMAIN\033[m not set!" +fi + +if [[ -z "$(trim "${DKIM_UPDATE_ZONE}")" ]]; then + fatal "Variable \033[1mDKIM_UPDATE_ZONE\033[m not set!" +fi + +if [[ -z "$(trim "${DKIM_SELECTOR}")" ]]; then + fatal "Variable \033[1mDKIM_SELECTOR\033[m not set!" +fi + +if [[ -z "$(trim "${KEY_SECRET}")" ]]; then + fatal "Variable \033[1mKEY_SECRET\033[m not set!" +fi + + + +if $terminal ; then + echo "" + echo "" + echo -e " \033[1m----------\033[m" + echo " DKIM Domain......................: $DKIM_DOMAIN" + echo " DKIM Selector....................: $DKIM_SELECTOR" + echo "" + echo " Domain used for DKIM TXT record..: $DKIM_UPDATE_ZONE" + echo " Secret for the update key........: $KEY_SECRET" + echo " Algorithm used for the TSIG key..: $KEY_ALGO" + echo " Name of the TSIG key.............: $KEY_NAME" + echo "" + echo " DNS Master Server................: $DNS_DKIM_ZONE_MASTER_SERVER" + + echo "" + echo -n " Type upper case 'YES' to start: " + read OK + if [[ "$OK" != "YES" ]] ; then + fatal "Abort by user request - Answer iwas not 'YES'" + fi + echo "" +fi + +if $terminal ; then + echo "" + echo -e " \033[32mUpdate Zone \033[37m\033[1m${DKIM_UPDATE_ZONE}\033[m\033[32m DNS Server \033[37m\033[1m${DNS_DKIM_ZONE_MASTER_SERVER}\033[m" + echo "" +fi + + +echononl " Delete DKIM entry for domain \033[1m${DKIM_DOMAIN}\033[m with selector \033[1m${DKIM_SELECTOR} .." +cat < $log_file 2>&1 +server $DNS_DKIM_ZONE_MASTER_SERVER +zone $DKIM_UPDATE_ZONE +key ${KEY_ALGO}:$KEY_NAME $KEY_SECRET +update delete ${DKIM_SELECTOR}.${DKIM_UPDATE_ZONE}. +send +EOF +if [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed + + cat <