Add script 'delete_dkim_key.sh'.

conf/delete_dkim_key.conf.sample

@@ -0,0 +1,62 @@
+# ---------------------------------------------------------
+# - Parameter Settings for script 'delete_dkim_key.sh'.
+# ---------------------------------------------------------
+ 
+ 
+# ---------- 
+# DNS Server 
+# ---------- 
+ 
+# - DNS_DKIM_ZONE_MASTER_SERVER
+# - 
+# - The DNS Server who is serving the update zone and is used 
+# - for the dynamic updates (nsupdate) 
+# -
+# - Example:
+# -
+# -    DNS_DKIM_ZONE_MASTER_SERVER="b.ns.oopen.de"
+# -    DNS_DKIM_ZONE_MASTER_SERVER="dns0.warenform.de"
+#
+DNS_DKIM_ZONE_MASTER_SERVER="b.ns.oopen.de"
+
+
+# ----------
+# TSIG Key
+# ----------
+
+# - KEY_SECRET
+# -
+# - Sectret Key used by 'nsupdate' to create/update the
+# - DKIM TXT record.
+# -
+# - Example:
+# -
+# -    # Key b.ns.oopen.de
+# -    key_secret="EtvvMdW0PXD4GMHP+onuHZ0dT/Z8OSJGlce/xH10OwI="
+# -
+# -    # Key dns0.warenform.de
+# -    key_secret="qG9e/gOucCXcwVUTU+uewU0Yth1iJh2JHgnogrHvh2A="
+# -
+#KEY_SECRET=""
+
+# - KEY_ALGO
+# -
+# - The key algorithm used for key creation. Available choices are: hmac-md5, 
+# - hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384 and hmac-sha512. The 
+# - default is hmac-sha256. Options are case-insensitive.
+# -
+# - Example:
+# -    KEY_ALGO="hmac-md5"
+# -
+# - Defaults to 'hmac-sha256'
+# -
+#KEY_ALGO="hmac-sha256"
+
+# - KEY_NAME
+# -
+# - Name of the Key
+# -
+# - Defaults to "$update_zone"
+# -
+#KEY_NAME="update-dkim"
+

delete_dkim_key.sh

@@ -0,0 +1,495 @@
+#!/usr/bin/env bash
+
+
+script_name="$(basename $(realpath $0))"
+working_dir="$(dirname $(realpath $0))"
+
+conf_file="${working_dir}/conf/${script_name%%.*}.conf"
+
+LOCK_DIR="/tmp/$(basename $0).$$.LOCK"
+log_file="${LOCK_DIR}/${script_name%%.*}.log"
+
+
+# ----------
+# Base Function(s)
+# ----------
+
+usage() {
+
+
+   [[ -n  "$1" ]] && error "$1"
+
+
+   [[ $terminal ]] && echo -e "
+\033[1mUsage:\033[m
+
+   $(basename $0) [OPTION [OPTION ..
+
+\033[1mDescription\033[m
+
+   <Some Description>
+
+\033[1mOptions\033[m
+
+   <List Options>
+
+\033[1mFiles\033[m
+
+   $conf_file: Configuration file
+
+\033[1mExample:\033[m
+   
+   <description example>
+
+      $(basename $0) .. <comand example>
+
+   <description another example>
+   
+      $(basename $0) .. <command another example>
+
+"
+
+   clean_up 1
+
+}
+
+clean_up() {
+
+   # Perform program exit housekeeping
+   rm -rf "$LOCK_DIR"
+   blank_line
+   exit $1
+}
+
+echononl(){
+   if $terminal ; then
+      echo X\\c > /tmp/shprompt$$
+      if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
+         echo -e -n "   $*\\c" 1>&2
+      else
+         echo -e -n "   $*" 1>&2
+      fi
+      rm /tmp/shprompt$$
+   fi
+}
+
+fatal(){
+   echo ""
+   if $terminal ; then
+      echo -e "   [ \033[31m\033[1mFatal\033[m ]: $*"
+      echo ""
+      echo -e "              \033[31m\033[1mScript was interupted\033[m!"
+   else
+      echo "   [ Fatal ]: $*"
+      echo ""
+      echo "              Script was terminated...."
+   fi
+   echo ""
+   clean_up 1
+}
+
+error (){
+   echo ""
+   if $terminal ; then
+      echo -e "   [ \033[31m\033[1mError\033[m ]: $*"
+   else
+      echo "   [ Error ]: $*"
+   fi
+   echo ""
+}
+
+warn (){
+   if $terminal ; then
+      echo ""
+      echo -e "   [ \033[33m\033[1mWarning\033[m ]: $*"
+      echo ""
+   fi
+}
+
+info (){
+   if $terminal ; then
+      echo ""
+      echo -e "   [ \033[32m\033[1mInfo\033[m ]: $*"
+      echo ""
+   fi
+}
+
+ok (){
+   if $terminal ; then
+      echo ""
+      echo -e "   [ \033[32m\033[1mOk\033[m ]    $*"
+      echo ""
+   fi
+}
+
+echo_done() {
+   if $terminal ; then
+      echo -e "\033[95G[ \033[32mdone\033[m ]"
+   fi
+}
+echo_ok() {
+   if $terminal ; then
+      echo -e "\033[95G[ \033[32mok\033[m ]"
+   fi
+}
+echo_warn() {
+   if $terminal ; then
+      echo -e "\033[95G[ \033[33mwarn\033[m ]"
+   fi
+}
+echo_failed(){
+   if $terminal ; then
+      echo -e "\033[95G[ \033[1;31mfailed\033[m ]"
+   fi
+}
+echo_skipped() {
+   if $terminal ; then
+      echo -e "\033[95G[ \033[90m\033[1mskipped\033[m ]"
+   fi
+}
+echo_wait(){
+   if $terminal ; then
+      echo -en "\033[95G[ \033[5m\033[1m...\033[m ]"
+   fi
+}
+
+trim() {
+    local var="$*"
+    var="${var#"${var%%[![:space:]]*}"}"   # remove leading whitespace characters
+    var="${var%"${var##*[![:space:]]}"}"   # remove trailing whitespace characters
+    echo -n "$var"
+}
+
+blank_line() {
+   if $terminal ; then
+      echo ""
+   fi
+}
+
+
+
+# ----------
+# - Jobhandling
+# ----------
+
+# - Run 'clean_up' for signals SIGHUP SIGINT SIGTERM
+# -
+trap clean_up SIGHUP SIGINT SIGTERM
+
+# - Create lock directory '$LOCK_DIR"
+#
+mkdir "$LOCK_DIR"
+
+
+
+# ----------
+# - Some checks ..
+# ----------
+
+# - Running in a terminal?
+# -
+if [[ -t 1 ]] ; then
+   terminal=true
+else
+   terminal=false
+fi
+
+
+
+# -------------
+# - Default values
+# -------------
+
+# - Give your default values here
+# -
+DEFAULT_DNS_DKIM_ZONE_MASTER_SERVER="b.ns.oopen.de"
+DEFAULT_KEY_ALGO="hmac-sha256"
+DEFAULT_KEY_NAME="update-dkim"
+
+DEFAULT_DKIM_SELECTOR=""
+
+
+
+if [[ -f "$conf_file" ]]; then
+   source "$conf_file"
+else
+   warn "No configuration file '$conf_file' present.\n
+             Loading default values.."
+fi
+
+
+if [[ -n "$(trim "$DNS_DKIM_ZONE_MASTER_SERVER")" ]] ; then
+   DEFAULT_DNS_DKIM_ZONE_MASTER_SERVER="${DNS_DKIM_ZONE_MASTER_SERVER}"
+   DNS_DKIM_ZONE_MASTER_SERVER=""
+fi
+
+if [[ -n "$(trim "$KEY_ALGO")" ]] ; then
+   DEFAULT_KEY_ALGO="${KEY_ALGO}"
+   KEY_ALGO=""
+fi
+
+if [[ -n "$(trim "$KEY_NAME")" ]] ; then
+   DEFAULT_KEY_NAME="${KEY_NAME}"
+   KEY_NAME=""
+fi
+
+if [[ -n "$(trim "$KEY_SECRET")" ]] ; then
+   DEFAULT_KEY_SECRET="${KEY_SECRET}"
+   KEY_SECRET=""
+fi
+
+
+if $terminal ; then
+
+   echo ""
+   echo -e "\033[32m--\033[m"
+   echo ""
+   echo "   Insert the mail domain name for which a DKIM should be deleted."
+   echo ""
+   echo ""
+   echononl "   DKIM domain: "
+   read DKIM_DOMAIN
+   while [ "X$DKIM_DOMAIN" = "X" ] ; do
+      echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n"
+      echononl "   DKIM domain: "
+      read DKIM_DOMAIN
+   done
+
+
+   DEFAULT_DKIM_UPDATE_ZONE="_domainkey.${DKIM_DOMAIN}"
+
+   echo -e "\033[32m--\033[m"
+   echo ""
+   echo "   Insert the zone containing the DKIM key record."
+   echo ""
+   echo ""
+   echononl "   DKIM Zone [${DEFAULT_DKIM_UPDATE_ZONE}]: "
+   read DKIM_UPDATE_ZONE
+   if [[ "X$DKIM_UPDATE_ZONE" = "X" ]] ; then
+      DKIM_UPDATE_ZONE="${DEFAULT_DKIM_UPDATE_ZONE}"
+   fi
+
+
+   echo ""
+   echo -e "\033[32m--\033[m"
+   echo ""
+   echo "   Specify the DKIM selector to delete"
+   echo ""
+   echo ""
+   echononl "   DKIM selector: "
+   read DKIM_SELECTOR
+   while [ "X$DKIM_SELECTOR" = "X" ] ; do
+      echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n"
+      echononl "   DKIM selector: "
+      read DKIM_SELECTOR
+   done
+
+
+   echo ""
+   echo -e "\033[32m--\033[m"
+   echo ""
+   echo -e "   Insert DNS master server for domain \033[1m$DKIM_UPDATE_ZONE\033[m"
+   echo ""
+   echo ""
+
+   if [[ -n "${DEFAULT_KEY_SECRET}" ]] ; then
+      echononl "   DNS master server [${DEFAULT_DNS_DKIM_ZONE_MASTER_SERVER}]: "
+      read DNS_DKIM_ZONE_MASTER_SERVER
+      if [[ "X$DNS_DKIM_ZONE_MASTER_SERVER" = "X" ]] ; then
+         DNS_DKIM_ZONE_MASTER_SERVER="${DEFAULT_DNS_DKIM_ZONE_MASTER_SERVER}"
+      fi
+   else
+      echononl "   DNS master server: "
+      read KEY_SECRET
+      while [[ "X$KEY_SECRET" = "X" ]] ; do
+         echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n"
+         echononl "   Key secret: "
+         read KEY_SECRET
+      done
+   fi
+
+
+
+   echo ""
+   echo -e "\033[32m--\033[m"
+   echo ""
+   echo "   Insert Key name"
+   echo ""
+   echo ""
+   echononl "   Key name [${DEFAULT_KEY_NAME}]: "
+   read KEY_NAME
+   if [[ "X$KEY_NAME" = "X" ]] ; then
+      KEY_NAME="${DEFAULT_KEY_NAME}"
+   fi
+
+
+   echo ""
+   echo -e "\033[32m--\033[m"
+   echo ""
+   echo "   Insert Key secret"
+   echo ""
+   echo ""
+
+   if [[ -n "${DEFAULT_KEY_SECRET}" ]] ; then
+      echononl "   Key secret [${DEFAULT_KEY_SECRET}]: "
+      read KEY_SECRET
+      if [[ "X$KEY_SECRET" = "X" ]] ; then
+         KEY_SECRET="${DEFAULT_KEY_SECRET}"
+      fi
+   else
+      echononl "   Key secret: "
+      read KEY_SECRET
+      while [[ "X$KEY_SECRET" = "X" ]] ; do
+         echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n"
+         echononl "   Key secret: "
+         read KEY_SECRET
+      done
+   fi
+
+
+   echo ""
+   echo -e "\033[32m--\033[m"
+   echo ""
+   echo "   Specifies the algorithm to use for the TSIG key."
+   echo ""
+   if [[ "hmac-md5" = "${DEFAULT_KEY_ALGO}" ]] ; then
+      echo -e "   [1] \033[37m\033[1m${DEFAULT_KEY_ALGO}\033[m"
+   else
+      echo "   [1] hmac-md5"
+   fi
+   if [[ "hmac-sha1" = "${DEFAULT_KEY_ALGO}" ]] ; then
+      echo -e "   [2] \033[37m\033[1m${DEFAULT_KEY_ALGO}\033[m"
+   else
+      echo "   [2] hmac-sha1"
+   fi
+   if [[ "hmac-sha224" = "${DEFAULT_KEY_ALGO}" ]] ; then
+      echo -e "   [3] \033[37m\033[1m${DEFAULT_KEY_ALGO}\033[m"
+   else
+      echo "   [3] hmac-sha224"
+   fi
+   if [[ "hmac-sha256" = "${DEFAULT_KEY_ALGO}" ]] ; then
+      echo -e "   [4] \033[37m\033[1m${DEFAULT_KEY_ALGO}\033[m"
+   else
+      echo "   [4] hmac-sha256"
+   fi
+   if [[ "hmac-sha384" = "${DEFAULT_KEY_ALGO}" ]] ; then
+      echo -e "   [5] \033[37m\033[1m${DEFAULT_KEY_ALGO}\033[m"
+   else
+      echo "   [5] hmac-sha384"
+   fi
+   if [[ "hmac-sha512" = "${DEFAULT_KEY_ALGO}" ]] ; then
+      echo -e "   [6] \033[37m\033[1m${DEFAULT_KEY_ALGO}\033[m"
+   else
+      echo "   [6] hmac-sha512"
+   fi
+
+   echo "" 
+   echo "   Type a number or press <RETURN> to choose highlighted value"
+   echo ""
+   echononl "   Key algorithm [${DEFAULT_KEY_ALGO}]: "
+
+   while [[ "$KEY_ALGO" != "hmac-md5" ]] \
+         &&  [[ "$KEY_ALGO" != "hmac-sha1" ]] \
+         &&  [[ "$KEY_ALGO" != "hmac-sha224" ]] \
+         &&  [[ "$KEY_ALGO" != "hmac-sha256" ]] \
+         &&  [[ "$KEY_ALGO" != "hmac-sha384" ]] \
+         &&  [[ "$KEY_ALGO" != "hmac-sha512" ]] ; do
+      read OPTION
+      case $OPTION in
+         1)    KEY_ALGO="hmac-md5" ;;
+         2)    KEY_ALGO="hmac-sha1" ;;
+         3)    KEY_ALGO="hmac-sha224" ;;
+         4)    KEY_ALGO="hmac-sha256" ;;
+         5)    KEY_ALGO="hmac-sha384" ;;
+         6)    KEY_ALGO="hmac-sha512" ;;
+         '')   KEY_ALGO="${DEFAULT_KEY_ALGO}" ;;
+         *) echo ""  
+            echo -e "      \033[33m\033[1mFalsche Eingabe ! [ 1 = hmac-md5 | 2 = hmac-sha1 | .. ]\033[m"
+            echo ""
+            echononl "   Key algorithm [hmac-sha256]:"
+            ;;
+      esac
+   done
+
+fi
+
+
+if [[ -z "$(trim "${DKIM_DOMAIN}")" ]]; then
+   fatal "Variable \033[1mDKIM_DOMAIN\033[m not set!"
+fi
+
+if [[ -z "$(trim "${DKIM_UPDATE_ZONE}")" ]]; then
+   fatal "Variable \033[1mDKIM_UPDATE_ZONE\033[m not set!"
+fi
+
+if [[ -z "$(trim "${DKIM_SELECTOR}")" ]]; then
+   fatal "Variable \033[1mDKIM_SELECTOR\033[m not set!"
+fi
+
+if [[ -z "$(trim "${KEY_SECRET}")" ]]; then
+   fatal "Variable \033[1mKEY_SECRET\033[m not set!"
+fi
+
+
+
+if $terminal ; then
+   echo ""
+   echo ""
+   echo -e "   \033[1m----------\033[m"
+   echo "   DKIM Domain......................: $DKIM_DOMAIN"
+   echo "   DKIM Selector....................: $DKIM_SELECTOR"
+   echo ""
+   echo "   Domain used for DKIM TXT record..: $DKIM_UPDATE_ZONE"
+   echo "   Secret for the update key........: $KEY_SECRET"
+   echo "   Algorithm used for the TSIG key..: $KEY_ALGO"
+   echo "   Name of the TSIG key.............: $KEY_NAME"
+   echo ""
+   echo "   DNS Master Server................: $DNS_DKIM_ZONE_MASTER_SERVER"
+
+   echo ""
+   echo -n "   Type upper case 'YES' to start: "
+   read OK
+   if [[ "$OK" != "YES" ]] ; then
+      fatal "Abort by user request - Answer iwas not 'YES'"
+   fi
+   echo ""
+fi
+
+if $terminal ; then
+   echo ""
+   echo -e  "   \033[32mUpdate Zone \033[37m\033[1m${DKIM_UPDATE_ZONE}\033[m\033[32m DNS Server \033[37m\033[1m${DNS_DKIM_ZONE_MASTER_SERVER}\033[m"
+   echo ""
+fi
+
+
+echononl "   Delete DKIM entry for domain \033[1m${DKIM_DOMAIN}\033[m with selector \033[1m${DKIM_SELECTOR} .."
+cat <<EOF | nsupdate -v -L3 > $log_file 2>&1
+server $DNS_DKIM_ZONE_MASTER_SERVER
+zone $DKIM_UPDATE_ZONE
+key ${KEY_ALGO}:$KEY_NAME $KEY_SECRET
+update delete ${DKIM_SELECTOR}.${DKIM_UPDATE_ZONE}.
+send
+EOF
+if [[ $? -eq 0 ]] ; then
+   echo_ok
+else
+   echo_failed
+
+   cat <<END
+
+Command was:
+
+cat <<EOF | nsupdate -v -L3
+server $DNS_DKIM_ZONE_MASTER_SERVER
+zone $DKIM_UPDATE_ZONE
+key ${KEY_ALGO}:$KEY_NAME $KEY_SECRET
+update delete ${DKIM_SELECTOR}.${DKIM_UPDATE_ZONE}.
+send
+EOF
+END
+
+   error "$(cat $log_file)"
+fi
+
+
+clean_up 0