diff options
| author | Brian Wellington <bwelling@xbill.org> | 2020-06-30 09:27:06 -0700 |
|---|---|---|
| committer | Brian Wellington <bwelling@xbill.org> | 2020-06-30 09:27:06 -0700 |
| commit | bfdcb567502dcb1e4de443479547a2e26a4547f7 (patch) | |
| tree | cd69841b0e3a6f44453a84695531103d6ed1296e | |
| parent | 5cb19a0d0f09aa8746f7116528948d697ebcb9d5 (diff) | |
| download | dnspython-bfdcb567502dcb1e4de443479547a2e26a4547f7.tar.gz | |
Remove the concept from "first" from TSIG.
The sign() and validate() routines took a "first" parameter, which
indicated that this message was the first in a multi-message sequence.
This isn't needed, as it's identical to "not (ctx and multi)".
Remove the parameter from both, as well as the now-unneeded field in the
message object and message.from_wire() parameter.
| -rw-r--r-- | dns/message.py | 13 | ||||
| -rw-r--r-- | dns/message.pyi | 3 | ||||
| -rw-r--r-- | dns/query.py | 5 | ||||
| -rw-r--r-- | dns/tsig.py | 7 |
4 files changed, 9 insertions, 19 deletions
diff --git a/dns/message.py b/dns/message.py index a7c6bfa..9fd3d77 100644 --- a/dns/message.py +++ b/dns/message.py @@ -116,7 +116,6 @@ class Message: self.origin = None self.tsig_ctx = None self.multi = False - self.first = True self.index = {} @property @@ -445,8 +444,7 @@ class Message: int(time.time()), self.request_mac, tsig_ctx, - multi, - tsig_ctx is None) + multi) self.tsig.clear() self.tsig.add(new_tsig) r.add_rrset(dns.renderer.ADDITIONAL, self.tsig) @@ -820,8 +818,7 @@ class _WireReader: self.message.request_mac, rr_start, self.message.tsig_ctx, - self.message.multi, - self.message.first) + self.message.multi) self.message.tsig = dns.rrset.from_rdata(absolute_name, 0, rd) else: rrset = self.message.find_rrset(section, name, @@ -865,7 +862,7 @@ class _WireReader: def from_wire(wire, keyring=None, request_mac=b'', xfr=False, origin=None, - tsig_ctx=None, multi=False, first=True, + tsig_ctx=None, multi=False, question_only=False, one_rr_per_rrset=False, ignore_trailing=False, raise_on_truncation=False): """Convert a DNS wire format message into a message @@ -890,9 +887,6 @@ def from_wire(wire, keyring=None, request_mac=b'', xfr=False, origin=None, *multi*, a ``bool``, should be set to ``True`` if this message is part of a multiple message sequence. - *first*, a ``bool``, should be set to ``True`` if this message is - stand-alone, or the first message in a multi-message sequence. - *question_only*, a ``bool``. If ``True``, read only up to the end of the question section. @@ -930,7 +924,6 @@ def from_wire(wire, keyring=None, request_mac=b'', xfr=False, origin=None, message.origin = origin message.tsig_ctx = tsig_ctx message.multi = multi - message.first = first reader = _WireReader(wire, initialize_message, question_only, one_rr_per_rrset, ignore_trailing) diff --git a/dns/message.pyi b/dns/message.pyi index 76af040..8b83a78 100644 --- a/dns/message.pyi +++ b/dns/message.pyi @@ -35,7 +35,6 @@ class Message: self.tsig_ctx = None self.had_tsig = False self.multi = False - self.first = True self.index : Dict[Tuple[rrset.RRset, name.Name, int, int, Union[int,str], int], rrset.RRset] = {} def is_response(self, other : Message) -> bool: @@ -45,7 +44,7 @@ def from_text(a : str, idna_codec : Optional[name.IDNACodec] = None) -> Message: ... def from_wire(wire, keyring : Optional[Dict[name.Name,bytes]] = None, request_mac = b'', xfr=False, origin=None, - tsig_ctx : Optional[hmac.HMAC] = None, multi=False, first=True, + tsig_ctx : Optional[hmac.HMAC] = None, multi=False, question_only=False, one_rr_per_rrset=False, ignore_trailing=False) -> Message: ... diff --git a/dns/query.py b/dns/query.py index ae4258a..3404b91 100644 --- a/dns/query.py +++ b/dns/query.py @@ -920,7 +920,6 @@ def xfr(where, zone, rdtype=dns.rdatatype.AXFR, rdclass=dns.rdataclass.IN, origin = None oname = zone tsig_ctx = None - first = True while not done: (_, mexpiration) = _compute_times(timeout) if mexpiration is None or \ @@ -937,13 +936,11 @@ def xfr(where, zone, rdtype=dns.rdatatype.AXFR, rdclass=dns.rdataclass.IN, r = dns.message.from_wire(wire, keyring=q.keyring, request_mac=q.mac, xfr=True, origin=origin, tsig_ctx=tsig_ctx, - multi=True, first=first, - one_rr_per_rrset=is_ixfr) + multi=True, one_rr_per_rrset=is_ixfr) rcode = r.rcode() if rcode != dns.rcode.NOERROR: raise TransferError(rcode) tsig_ctx = r.tsig_ctx - first = False answer_index = 0 if soa_rrset is None: if not r.answer or r.answer[0].name != oname: diff --git a/dns/tsig.py b/dns/tsig.py index 2780c3c..e4a2520 100644 --- a/dns/tsig.py +++ b/dns/tsig.py @@ -86,7 +86,7 @@ BADTRUNC = 22 def sign(wire, keyname, rdata, secret, time=None, request_mac=None, - ctx=None, multi=False, first=True): + ctx=None, multi=False): """Return a (tsig_rdata, mac, ctx) tuple containing the HMAC TSIG rdata for the input parameters, the HMAC MAC calculated by applying the TSIG signature algorithm, and the TSIG digest context. @@ -95,6 +95,7 @@ def sign(wire, keyname, rdata, secret, time=None, request_mac=None, @raises NotImplementedError: I{algorithm} is not supported """ + first = not (ctx and multi) (algorithm_name, digestmod) = get_algorithm(rdata.algorithm) if first: ctx = hmac.new(secret, digestmod=digestmod) @@ -136,7 +137,7 @@ def sign(wire, keyname, rdata, secret, time=None, request_mac=None, def validate(wire, keyname, rdata, secret, now, request_mac, tsig_start, - ctx=None, multi=False, first=True): + ctx=None, multi=False): """Validate the specified TSIG rdata against the other input parameters. @raises FormError: The TSIG is badly formed. @@ -164,7 +165,7 @@ def validate(wire, keyname, rdata, secret, now, request_mac, tsig_start, if abs(rdata.time_signed - now) > rdata.fudge: raise BadTime (our_rdata, ctx) = sign(new_wire, keyname, rdata, secret, None, request_mac, - ctx, multi, first) + ctx, multi) if our_rdata.mac != rdata.mac: raise BadSignature return ctx |