Home Explore Help
Sign In
sra
/
tsig-keygen
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 851f2b128f
Branches Tags
tsig-keygen
/
tsig-keygen.py

tsig-keygen.py 2.3 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071 
  1. #!/usr/bin/env python
    2. 

  2. 

  3. """
    4. 

  4. Pure Python TSIG key generator with multiple output formats.
    5. 

  5. """
    6. 

  6. 

  7. import os, base64, argparse, jinja2
    8. 

  8. 

  9. algorithm_bits = dict(("hmac-sha{}".format(bits), bits // 8) for bits in (256, 384, 512))
    10. 

  10. algorithm_choices = tuple(sorted(algorithm_bits))
    11. 

  11. 

  12. templates = dict(
    13. 

  13. 

  14.     bind9 = '''
    15. 

  15. key {{ args.name }} {
    16. 

  16.     algorithm {{ args.algorithm }};
    17. 

  17.     secret "{{ args.key }}";
    18. 

  18. };
    19. 

  19. 

  20. {% if args.servers %}
    21. 

  21. {%- for server in args.servers -%}
    22. 

  22. server {{ server }} { keys { {{ args.name }}; }; };
    23. 

  23. {% endfor -%}
    24. 

  24. {% for zone in args.zones %}
    25. 

  25. zone "{{ zone }}" {
    26. 

  26.     file "{{args.directory }}/{{ zone }}"; 
    27. 

  27.     type slave; 
    28. 

  28.     masters { {%- for server in args.servers %} {{ server }}; {% endfor %} };
    29. 

  29. };
    30. 

  30. {% endfor %}
    31. 

  31. {% endif %}
    32. 

  32. ''',
    33. 

  33. 

  34.     nsd = '''
    35. 

  35. key:
    36. 

  36.     name: "{{ args.name }}"
    37. 

  37.     algorithm: {{ args.algorithm }}
    38. 

  38.     secret: "{{ args.key }}"
    39. 

  39. 

  40. {% if args.servers -%}
    41. 

  41. pattern:
    42. 

  42.     name: "secondary.{{ args.name }}"
    43. 

  43.     zonefile: "{{ args.directory }}/%s"
    44. 

  44. {%- for server in args.servers %}
    45. 

  45.     allow-notify: {{ server }} {{ args.name }}
    46. 

  46.     request-xfr:  {{ server }} {{ args.name }}
    47. 

  47. {%- endfor %}
    48. 

  48. {%- for zone in args.zones %}
    49. 

  49. 

  50. zone:
    51. 

  51.     name: "{{ zone }}"
    52. 

  52.     include-pattern: "secondary.{{ args.name }}"
    53. 

  53. {%- endfor %}
    54. 

  54. {% endif %}
    55. 

  55. ''')
    56. 

  56. 

  57. ap = argparse.ArgumentParser(description = __doc__)
    58. 

  58. ap.add_argument("-a", "--algorithm", choices = algorithm_choices, default = algorithm_choices[0])
    59. 

  59. ap.add_argument("-d", "--directory", default = "secondary", help = "where to store secondary zone files")
    60. 

  60. ap.add_argument("-f", "--format",    choices = tuple(templates), default = "nsd")
    61. 

  61. ap.add_argument("-k", "--key",       help = "TSIG shared secret (default: generate new secret)")
    62. 

  62. ap.add_argument("-n", "--name",      default = "tsig.example.org", help = "DNS name for TSIG shared secret")
    63. 

  63. ap.add_argument("-o", "--output",    default = "-", type = argparse.FileType("w"), help = "output file")
    64. 

  64. ap.add_argument("-s", "--servers",   nargs = "+", default = [], help = "address(es) of primary nameserver(s)")
    65. 

  65. ap.add_argument("-z", "--zones",     nargs = "+", default = [], help = "zone(s) to xfr from specified nameserver(s)")
    66. 

  66. args = ap.parse_args()
    67. 

  67. 

  68. if args.key is None:
    69. 

  69.     args.key = base64.b64encode(os.urandom(algorithm_bits[args.algorithm])).decode("ascii")
    70. 

  70. 

  71. args.output.write(jinja2.Template(templates[args.format]).render(args = args))
    72.