diff options
Diffstat (limited to 'dns')
-rw-r--r-- | dns/rcode.py | 14 | ||||
-rw-r--r-- | dns/tsig.py | 14 |
2 files changed, 13 insertions, 15 deletions
diff --git a/dns/rcode.py b/dns/rcode.py index d3cfdba..0bce2d4 100644 --- a/dns/rcode.py +++ b/dns/rcode.py @@ -46,13 +46,13 @@ class Rcode(dns.enum.IntEnum): #: Bad EDNS version. BADVERS = 16 #: TSIG Signature Failure - # BADSIG = 16 + BADSIG = 16 #: Key not recognized. - BADKEY = 17 + BADKEY = 17 #: Signature out of time window. - BADTIME = 18 + BADTIME = 18 #: Bad TKEY Mode. - BADMODE = 19 + BADMODE = 19 #: Duplicate key name. BADNAME = 20 #: Algorithm not supported. @@ -124,14 +124,16 @@ def to_flags(value): return (v, ev) -def to_text(value): +def to_text(value, tsig=False): """Convert rcode into text. - *value*, and ``int``, the rcode. + *value*, an ``int``, the rcode. Raises ``ValueError`` if rcode is < 0 or > 4095. Returns a ``str``. """ + if tsig and value == Rcode.BADVERS: + return 'BADSIG' return Rcode.to_text(value) diff --git a/dns/tsig.py b/dns/tsig.py index 08ab41e..b554e2e 100644 --- a/dns/tsig.py +++ b/dns/tsig.py @@ -25,6 +25,7 @@ import struct import dns.exception import dns.rdataclass import dns.name +import dns.rcode class BadTime(dns.exception.DNSException): @@ -90,11 +91,6 @@ _hashes = { default_algorithm = HMAC_SHA256 -BADSIG = 16 -BADKEY = 17 -BADTIME = 18 -BADTRUNC = 22 - def sign(wire, key, rdata, time=None, request_mac=None, ctx=None, multi=False): """Return a (tsig_rdata, mac, ctx) tuple containing the HMAC TSIG rdata @@ -162,13 +158,13 @@ def validate(wire, key, owner, rdata, now, request_mac, tsig_start, ctx=None, adcount -= 1 new_wire = wire[0:10] + struct.pack("!H", adcount) + wire[12:tsig_start] if rdata.error != 0: - if rdata.error == BADSIG: + if rdata.error == dns.rcode.BADSIG: raise PeerBadSignature - elif rdata.error == BADKEY: + elif rdata.error == dns.rcode.BADKEY: raise PeerBadKey - elif rdata.error == BADTIME: + elif rdata.error == dns.rcode.BADTIME: raise PeerBadTime - elif rdata.error == BADTRUNC: + elif rdata.error == dns.rcode.BADTRUNC: raise PeerBadTruncation else: raise PeerError('unknown TSIG error code %d' % rdata.error) |