diff options
| author | Rob Austein <sra@hactrn.net> | 2019-12-25 17:19:17 -0500 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2019-12-25 17:19:17 -0500 |
| commit | a9a7c270c0781c198440bc3501fd78cbfb99d309 (patch) | |
| tree | ca415f15e7fe040e850014df9917c775c4340056 | |
| parent | 176b5c9b46c15d5d15e1de6a9d58d49609c51c8a (diff) | |
Archive development backups
| -rw-r--r-- | tsig-keygen.py | 88 |
1 files changed, 55 insertions, 33 deletions
diff --git a/tsig-keygen.py b/tsig-keygen.py index 311141a..c66fa75 100644 --- a/tsig-keygen.py +++ b/tsig-keygen.py @@ -4,46 +4,68 @@ Pure Python TSIG key generator, with multiple output formats. """ -import os, base64, argparse +import os, base64, argparse, jinja2 algorithm_bits = dict(("hmac-sha{}".format(bits), bits // 8) for bits in (256, 384, 512)) +algorithm_choices = tuple(sorted(algorithm_bits)) -bind9_template = ''' -key {name} {{ - algorithm {algorithm}; - secret "{secret}"; -}}; -''' +templates = dict( -nsd_template = ''' + bind9 = ''' +key {{ args.name }} { + algorithm {{ args.algorithm }}; + secret "{{ args.key }}"; +}; + +{% if args.servers %} +{%- for server in args.servers -%} +server {{ server }} { keys { {{ args.name }}; }; }; +{% endfor -%} +{% for zone in args.zones %} +zone "{{ zone }}" { + file "{{args.directory }}/{{ zone }}"; + type slave; + masters { {%- for server in args.servers %} {{ server }}; {% endfor %} }; +}; +{% endfor %} +{% endif %} +''', + + nsd = ''' key: - name: "{name}" - algorithm: {algorithm} - secret: "{secret}" -''' + name: "{{ args.name }}" + algorithm: {{ args.algorithm }} + secret: "{{ args.key }}" + +{% if args.servers -%} +pattern: + name: "secondary.{{ args.name }}" + zonefile: "{{ args.directory }}/%s" +{%- for server in args.servers %} + allow-notify: {{ server }} {{ args.name }} + request-xfr: {{ server }} {{ args.name }} +{%- endfor %} +{%- for zone in args.zones %} + +zone: + name: "{{ zone }}" + include-pattern: "secondary.{{ args.name }}" +{%- endfor %} +{% endif %} +''') ap = argparse.ArgumentParser(description = __doc__) -ap.add_argument("-a", "--algorithm", - choices = tuple(sorted(algorithm_bits)), - default = sorted(algorithm_bits)[0]) -ap.add_argument("-f", "--format", - choices = ("bind9", "nsd")) -ap.add_argument("-n", "--name", - default = "tsig.example.org") -ap.add_argument("-o", "--output", - default = "-", type = argparse.FileType("w")) -ap.add_argument("-s", "--servers", nargs = "+") -ap.add_argument("-z", "--zones", nargs = "+") +ap.add_argument("-a", "--algorithm", choices = algorithm_choices, default = algorithm_choices[0]) +ap.add_argument("-d", "--directory", default = "secondary", help = "where to store secondary zone files") +ap.add_argument("-f", "--format", choices = tuple(templates), default = "nsd") +ap.add_argument("-k", "--key", help = "TSIG shared secret (default: generate new secret)") +ap.add_argument("-n", "--name", default = "tsig.example.org", help = "DNS name for TSIG shared secret") +ap.add_argument("-o", "--output", default = "-", type = argparse.FileType("w"), help = "output file")) +ap.add_argument("-s", "--servers", nargs = "+", default = [], help = "address(es) of primary nameserver(s)") +ap.add_argument("-z", "--zones", nargs = "+", default = [], help = "zone(s) to xfr from specified nameserver(s)") args = ap.parse_args() -params = dict( - name = args.name, - algorithm = args.algorithm, - secret = base64.b64encode(os.urandom(algorithm_bits[args.algorithm])).decode("ascii"), -) - -if args.format is None or args.format == "bind9": - args.output.write(bind9_template.format(**params)) +if args.key is None: + args.key = base64.b64encode(os.urandom(algorithm_bits[args.algorithm])).decode("ascii") -if args.format is None or args.format == "nsd": - args.output.write(nsd_template.format(**params)) +args.output.write(jinja2.Template(templates[args.format]).render(args = args)) |