From 60396a72b71e384b8d4633fc8f3953a3e03920d6 Mon Sep 17 00:00:00 2001 From: Bob Halley Date: Tue, 7 Jul 2020 16:42:08 -0700 Subject: TSIG code now uses dns.rcode.Rcode enum values for the TSIG error field. --- dns/rcode.py | 14 ++++++++------ dns/tsig.py | 14 +++++--------- tests/test_flags.py | 16 ++++++++++++++++ tests/test_tsig.py | 9 +++++---- 4 files changed, 34 insertions(+), 19 deletions(-) diff --git a/dns/rcode.py b/dns/rcode.py index d3cfdba..0bce2d4 100644 --- a/dns/rcode.py +++ b/dns/rcode.py @@ -46,13 +46,13 @@ class Rcode(dns.enum.IntEnum): #: Bad EDNS version. BADVERS = 16 #: TSIG Signature Failure - # BADSIG = 16 + BADSIG = 16 #: Key not recognized. - BADKEY = 17 + BADKEY = 17 #: Signature out of time window. - BADTIME = 18 + BADTIME = 18 #: Bad TKEY Mode. - BADMODE = 19 + BADMODE = 19 #: Duplicate key name. BADNAME = 20 #: Algorithm not supported. @@ -124,14 +124,16 @@ def to_flags(value): return (v, ev) -def to_text(value): +def to_text(value, tsig=False): """Convert rcode into text. - *value*, and ``int``, the rcode. + *value*, an ``int``, the rcode. Raises ``ValueError`` if rcode is < 0 or > 4095. Returns a ``str``. """ + if tsig and value == Rcode.BADVERS: + return 'BADSIG' return Rcode.to_text(value) diff --git a/dns/tsig.py b/dns/tsig.py index 08ab41e..b554e2e 100644 --- a/dns/tsig.py +++ b/dns/tsig.py @@ -25,6 +25,7 @@ import struct import dns.exception import dns.rdataclass import dns.name +import dns.rcode class BadTime(dns.exception.DNSException): @@ -90,11 +91,6 @@ _hashes = { default_algorithm = HMAC_SHA256 -BADSIG = 16 -BADKEY = 17 -BADTIME = 18 -BADTRUNC = 22 - def sign(wire, key, rdata, time=None, request_mac=None, ctx=None, multi=False): """Return a (tsig_rdata, mac, ctx) tuple containing the HMAC TSIG rdata @@ -162,13 +158,13 @@ def validate(wire, key, owner, rdata, now, request_mac, tsig_start, ctx=None, adcount -= 1 new_wire = wire[0:10] + struct.pack("!H", adcount) + wire[12:tsig_start] if rdata.error != 0: - if rdata.error == BADSIG: + if rdata.error == dns.rcode.BADSIG: raise PeerBadSignature - elif rdata.error == BADKEY: + elif rdata.error == dns.rcode.BADKEY: raise PeerBadKey - elif rdata.error == BADTIME: + elif rdata.error == dns.rcode.BADTIME: raise PeerBadTime - elif rdata.error == BADTRUNC: + elif rdata.error == dns.rcode.BADTRUNC: raise PeerBadTruncation else: raise PeerError('unknown TSIG error code %d' % rdata.error) diff --git a/tests/test_flags.py b/tests/test_flags.py index f3e7f84..479e384 100644 --- a/tests/test_flags.py +++ b/tests/test_flags.py @@ -56,6 +56,22 @@ class FlagsTestCase(unittest.TestCase): flags = dns.flags.QR|dns.flags.AA|dns.flags.RD|dns.flags.RA self.assertEqual(dns.flags.to_text(flags), "QR AA RD RA") + def test_rcode_badvers(self): + rcode = dns.rcode.BADVERS + self.assertEqual(rcode.value, 16) + self.assertEqual(rcode.name, 'BADVERS') + self.assertEqual(dns.rcode.to_text(rcode), 'BADVERS') + + def test_rcode_badsig(self): + rcode = dns.rcode.BADSIG + self.assertEqual(rcode.value, 16) + # Yes, we mean BADVERS on the next line. BADSIG and BADVERS have + # the same code. + self.assertEqual(rcode.name, 'BADVERS') + self.assertEqual(dns.rcode.to_text(rcode), 'BADVERS') + # In TSIG text mode, it should be BADSIG + self.assertEqual(dns.rcode.to_text(rcode, True), 'BADSIG') + if __name__ == '__main__': unittest.main() diff --git a/tests/test_tsig.py b/tests/test_tsig.py index 2722e15..f5c62cc 100644 --- a/tests/test_tsig.py +++ b/tests/test_tsig.py @@ -4,6 +4,7 @@ import hashlib import unittest import time +import dns.rcode import dns.tsig import dns.tsigkeyring import dns.message @@ -50,10 +51,10 @@ class TSIGTestCase(unittest.TestCase): return(q, r) def test_peer_errors(self): - items = [(dns.tsig.BADSIG, dns.tsig.PeerBadSignature), - (dns.tsig.BADKEY, dns.tsig.PeerBadKey), - (dns.tsig.BADTIME, dns.tsig.PeerBadTime), - (dns.tsig.BADTRUNC, dns.tsig.PeerBadTruncation), + items = [(dns.rcode.BADSIG, dns.tsig.PeerBadSignature), + (dns.rcode.BADKEY, dns.tsig.PeerBadKey), + (dns.rcode.BADTIME, dns.tsig.PeerBadTime), + (dns.rcode.BADTRUNC, dns.tsig.PeerBadTruncation), (99, dns.tsig.PeerError), ] for err, ex in items: -- cgit v1.2.1