#!/bin/bash
# Peter Poeml poeml@suse.de

progname=$(basename $0)

keyfile_default=/etc/named.keys
keyname_default=DHCP_UPDATER
random_dev_default=/dev/random
force=false

function usage 
{
cat 1>&2 <<- EOF

	Usage:
	
	  $progname <options>  
	
	Options:
	
	  -f|--key-file <FILENAME> 	includable key is written to this file
	                                (default: $keyfile_default)
	  -n|--key-name <NAME>		name of the key (default: $keyname_default)
	  -d|--key-dir <NAME>           public / private key directory
	                                (default is key-file directory)
	  -r|--random			random device to use (default: $random_dev_default, obsolete)
	  --force			overwrite an existing key file
	  --help			print usage info

	See /usr/share/doc/packages/dhcp-server/DDNS-howto.txt (in dhcp-server
	package) about configuration of a DHCP server to do DDNS updates.

EOF
exit 1
}

while [ $# -ge 1 ]; do
	case "$1" in
	"")
		;;

	-f|--key-file)  
		shift
		KEYFILE=${1:?option requires an argument} ;;

	-n|--key-name)  
		shift
		KEYNAME=${1:?option requires an argument} ;;

	-d|--key-dir)  
		shift
		KEY_DIR=${1:?option requires an argument} ;;

	-r|--random)  
		shift
		echo 'the -r option is obsolete and is ignored' >&2 ;;

	--force)  
		force=true ;;

	-h|--help|*)  
		usage ;;

	esac
	shift
done

: ${KEYFILE:=$keyfile_default}
: ${KEYNAME:=$keyname_default}
: ${KEY_DIR:=$(dirname "$KEYFILE")}

if ! $force; then
	if [ -e "$ROOT/$KEYFILE" ]; then
		echo >&2 "File '$KEYFILE' exists, use --force to overwrite."
		exit 1
	fi
fi

# This is where the keys are created
cd $ROOT/$KEY_DIR &>/dev/null || {
	echo >&2 "Key directory '$KEY_DIR' does not exist."
	exit 1
}

umask 600

# generate a HMAC-SHA512 Zone (DNS validation) key
/usr/sbin/tsig-keygen -a hmac-sha512 "${KEYNAME}" > "$KEYFILE"

# set permissions
chown root.named "$KEYFILE"
chmod 640 "$KEYFILE"