FYI, I found that zkt-keyman doesn't handle cidr zones well.
For instance: # zkt-1.1.2/zkt-keyman -C 10/15.10.10.10.in-addr.arpaWhen dnssec-keygen is called it creates a file like K10%2F15.10.10.10.in-addr.arpa.+005+40064.key, but that fails a check in dki.c:dki_readfile() that the zone file matches the zone name.
Attached are two small hacked up patches.1) To work around that by also checking to see if the zone name with / replace with %2F matches.
2) A very quick attempt at a debian package patch for zkt (in case some one else wants it).
My skills at either are not great, so there's almost surely room for improvement.
Let me know if you have any questions. Thanks, Brian
Adding some simple checks for CIDR zone naming conventions which replace "/" characters with "%2F". --- a/dki.c +++ b/dki.c @@ -86,7 +86,9 @@ int algo, flags, type; int c; char *p; - char buf[4095+1]; + int buflen = 4095+1; + char buf[buflen]; + char buf2[buflen]; char tag[25+1]; char val[14+1]; /* e.g. "YYYYMMDDhhmmss" | "60d" */ @@ -123,7 +125,30 @@ if ( fscanf (fp, "%4095s", buf) != 1 ) /* read label */ return -1; - if ( strcmp (buf, dkp->name) != 0 ) + /* + * Also check for matches of CIDR style reverse blocks per: + * http://tools.ietf.org/html/rfc2317 + * The dnssec-keygen tool currently changes the / (normally a directory + * separator) to %2F. + * Adapted from code found here: + * http://roseindia.net/c-tutorials/c-replace-string.shtml + */ + if ((p = strstr(buf, "/"))) + { + strncpy(buf2, buf, p-buf); + buf2[p-buf] = '\0'; + sprintf(buf2+(p-buf), "%s%s", "%2F", p+1); + } + else + { + strncpy(buf2, buf, buflen); + buf2[buflen - 1] = '\0'; + } + dbg_msg(buf); + dbg_msg(dkp->name); + dbg_msg(buf2); + + if ( strcmp (buf, dkp->name) != 0 && strcmp (buf2, dkp->name) != 0 ) return -2; #if defined(TTL_IN_KEYFILE_ALLOWED) && TTL_IN_KEYFILE_ALLOWED
zkt_1.1.2-2.debian.tar.gz
Description: Binary data
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122912
_______________________________________________ zkt-users mailing list zkt-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/zkt-users