Responses to messages signed with TSIG were broken.

author: Bob Halley <halley@dnspython.org> 2014-04-04 05:34:49 -0700
committer: Bob Halley <halley@dnspython.org> 2014-04-04 05:36:11 -0700
commit: 2db54ba975ed5be22f92af105bb2bd6b0ccbbef1 (patch)
tree: be94232990bd8600bef945af20cc1d3409a9f387 /dns/message.py
parent: 01e5a49816c1c6ffc9cf0a4676662193649a9380 (diff)
download: dnspython-2db54ba975ed5be22f92af105bb2bd6b0ccbbef1.tar.gz
1 files changed, 11 insertions, 4 deletions
diff --git a/dns/message.py b/dns/message.py
index 52c0eae..e523931 100644
--- a/dns/message.py
+++ b/dns/message.py
@@ -665,6 +665,10 @@ class _WireReader(object):
                 secret = self.message.keyring.get(absolute_name)
                 if secret is None:
                     raise UnknownTSIGKey("key '%s' unknown" % name)
+                self.message.keyname = absolute_name
+                (self.message.keyalgorithm, self.message.mac) = \
+                    dns.tsig.get_algorithm_and_mac(self.wire, self.current,
+                                                   rdlen)
                 self.message.tsig_ctx = \
                                       dns.tsig.validate(self.wire,
                                           absolute_name,
@@ -1071,7 +1075,8 @@ def make_query(qname, rdtype, rdclass = dns.rdataclass.IN, use_edns=None,
     m.want_dnssec(want_dnssec)
     return m
 
-def make_response(query, recursion_available=False, our_payload=8192):
+def make_response(query, recursion_available=False, our_payload=8192,
+                  fudge=300):
     """Make a message which is a response for the specified query.
     The message returned is really a response skeleton; it has all
     of the infrastructure required of a response, but none of the
@@ -1088,6 +1093,8 @@ def make_response(query, recursion_available=False, our_payload=8192):
     @param our_payload: payload size to advertise in EDNS responses; default
     is 8192.
     @type our_payload: int
+    @param fudge: TSIG time fudge; default is 300 seconds.
+    @type fudge: int
     @rtype: dns.message.Message object"""
 
     if query.flags & dns.flags.QR:
@@ -1100,8 +1107,8 @@ def make_response(query, recursion_available=False, our_payload=8192):
     response.question = list(query.question)
     if query.edns >= 0:
         response.use_edns(0, 0, our_payload, query.payload)
-    if not query.keyname is None:
-        response.keyname = query.keyname
-        response.keyring = query.keyring
+    if query.had_tsig:
+        response.use_tsig(query.keyring, query.keyname, fudge, None, 0, '',
+                          query.keyalgorithm)
         response.request_mac = query.mac
     return response
author	Bob Halley <halley@dnspython.org>	2014-04-04 05:34:49 -0700
committer	Bob Halley <halley@dnspython.org>	2014-04-04 05:36:11 -0700
commit	2db54ba975ed5be22f92af105bb2bd6b0ccbbef1 (patch)
tree	be94232990bd8600bef945af20cc1d3409a9f387 /dns/message.py
parent	01e5a49816c1c6ffc9cf0a4676662193649a9380 (diff)
download	dnspython-2db54ba975ed5be22f92af105bb2bd6b0ccbbef1.tar.gz