D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
usr
/
share
/
crypto-policies
/
python
/
policygenerators
/
Filename :
bind.py
back
Copy
# SPDX-License-Identifier: LGPL-2.1-or-later # Copyright (c) 2019 Red Hat, Inc. # Copyright (c) 2019 Tomáš Mráz <tmraz@fedoraproject.org> from subprocess import check_output, CalledProcessError from tempfile import mkstemp import os from .configgenerator import ConfigGenerator class BindGenerator(ConfigGenerator): CONFIG_NAME = 'bind' SCOPES = {'dnssec', 'bind'} RELOAD_CMD = 'systemctl try-reload-or-restart bind.service 2>/dev/null || :\n' sign_not_map = { 'RSA-MD5':'RSAMD5', 'DSA-SHA1':'DSA', 'ECDSA-SHA1':'', 'RSA-SHA1':'RSASHA1;\nNSEC3RSASHA1' } hash_not_map = { 'MD5':'', 'SHA1':'SHA-1', 'GOST':'GOST', 'SHA2-256':'SHA-256', 'SHA2-384':'SHA-384' } @classmethod def generate_config(cls, policy): ip = policy.disabled sep = ';\n' cfg = 'disable-algorithms "." {\n' s = '' for i in ip['sign']: try: s = cls.append(s, cls.sign_not_map[i], sep) except KeyError: pass cfg += cls.append(s, '}', sep) cfg = cls.append(cfg, 'disable-ds-digests "." {\n', sep) s = '' for i in ip['hash']: try: s = cls.append(s, cls.hash_not_map[i], sep) except KeyError: pass cfg += cls.append(s, '};\n', sep) return cfg @classmethod def test_config(cls, config): fd, path = mkstemp() try: with os.fdopen(fd, 'w') as f: f.write('options {\n') f.write(config) f.write('\n};\n') try: _ = check_output(["/usr/sbin/named-checkconf", path]) except CalledProcessError: cls.eprint("There is an error in bind generated policy") cls.eprint("Policy:\n%s" % config) return False except OSError: # Ignore missing check command pass finally: os.unlink(path) return True