#!/usr/bin/env python
# Contributed 2006 by Stephane Bortzmeyer.
# Changed 20070102 by Wouter to handle primary zones and file names.

# Converts a nsd 2 "nsd.zones" file to a nsd 3 "nsd.conf" file.

# Change at will
nsd_zones_name = "/etc/nsd.zones"
key_dir = "/etc/nsd/keys" # Directory holding the TSIG keys

import re
import os.path

primary_line_re = re.compile("^zone\s+([a-z0-9\.-]+)\s+([a-z0-9/\.-]+)\s*$", re.IGNORECASE)
secondary_line_re = re.compile("^zone\s+([a-z0-9\.-]+)\s+([a-z0-9/\.-]+)\s+masters\s+([0-9a-f:\. ]*)\s*$", re.IGNORECASE)
notify_line_re = re.compile("^zone\s+([a-z0-9\.-]+)\s+([a-z0-9/\.-]+)\s+notify\s+([0-9a-f:\. ]*)\s*$", re.IGNORECASE)
comment_re = re.compile("^\s*;")
empty_re = re.compile("^\s*$")
                        
nsd_zones = open(nsd_zones_name)
keys = {}
for line in nsd_zones.xreadlines():
    if comment_re.search(line) or empty_re.search(line):
	pass
    elif secondary_line_re.search(line):
    	match = secondary_line_re.search(line)
        zone = match.group(1)
        zonefile = match.group(2)
        master_group = match.group(3)
        masters = re.split("\s+", master_group)
        print """zone:
        name: "%s"
        zonefile: "%s"
        # This is to allow "nsdc update" to work.
        allow-notify: 127.0.0.1 NOKEY
        # This is a slave zone. Masters are listed below.""" % (zone, zonefile)
        for master in masters:
            if re.search("^\s*$", master):
                continue
            key_filename = "%s/%s.tsiginfo" % (key_dir, master)
            if os.path.exists(key_filename):
                key_content = open(key_filename)
                peer_ip = key_content.readline()
                peer_ip = peer_ip[:-1]
                key_name = key_content.readline()
                key_name = key_name[:-1]
                algorithm = key_content.readline()
                algorithm = int(algorithm[:-1])
                if algorithm == 157:
                    algorithm_name = "hmac-md5"
                else:
                    raise Exception("Unsupported TSIG algorithm %i" % algorithm)
                secret = key_content.readline()
                secret = secret[:-1]
                key_content.close()
                key = key_name
                keys[key_name] = {
                    'algorithm': algorithm_name,
                    'secret': secret}
            else:
                key = "NOKEY"
            print """        allow-notify: %s %s
        request-xfr: %s %s""" % (master, key, master, key)
        print ""
    elif primary_line_re.search(line):
	match = primary_line_re.search(line)
	zone = match.group(1)
	zonefile = match.group(2)
	print """zone:
	name: "%s"
	zonefile: "%s"
	""" % (zone, zonefile)
    elif notify_line_re.search(line):
    	match = notify_line_re.search(line)
        zone = match.group(1)
        zonefile = match.group(2)
        notify_group = match.group(3)
        notifies = re.split("\s+", notify_group)
        print """zone:
        name: "%s"
        zonefile: "%s"
        # This is a master zone. Slaves are listed below.""" % (zone, zonefile)
        for notify in notifies:
            if re.search("^\s*$", notify):
                continue
            key = "NOKEY"
            print """        notify: %s %s""" % (notify, key)
        print ""
    else:
	raise Exception("Invalid line \"%s\"" % line)
nsd_zones.close()
for key in keys.keys():
    print """key:
        name: "%s"
        algorithm: %s
        secret: "%s" """ % (key, keys[key]['algorithm'], keys[key]['secret'])
    print ""
    
## Local Variables: ##
## mode:python ##
## End: ##