TSIG code now uses dns.rcode.Rcode enum values for the TSIG error field.

author Bob Halley <halley@dnspython.org>

Tue, 7 Jul 2020 23:42:08 +0000 (16:42 -0700)

committer Bob Halley <halley@dnspython.org>

Tue, 7 Jul 2020 23:42:08 +0000 (16:42 -0700)
author Bob Halley <halley@dnspython.org>
Tue, 7 Jul 2020 23:42:08 +0000 (16:42 -0700)
committer Bob Halley <halley@dnspython.org>
Tue, 7 Jul 2020 23:42:08 +0000 (16:42 -0700)
diff --git a/dns/rcode.py b/dns/rcode.py

index d3cfdbac36aa351a65fbbb7ef235617aeb5a4be4..0bce2d4b8b0e14dcec2c4fe3e3af0064a48c00d1 100644 (file)
--- a/dns/rcode.py
+++ b/dns/rcode.py
@@ -46,13 +46,13 @@ class Rcode(dns.enum.IntEnum):
      #: Bad EDNS version.
      BADVERS = 16
      #: TSIG Signature Failure
-    # BADSIG = 16
+    BADSIG = 16
      #: Key not recognized.
-    BADKEY     = 17
+    BADKEY = 17
      #: Signature out of time window.
-    BADTIME    = 18
+    BADTIME = 18
      #: Bad TKEY Mode.
-    BADMODE    = 19
+    BADMODE = 19
      #: Duplicate key name.
      BADNAME = 20
      #: Algorithm not supported.
@@ -124,14 +124,16 @@ def to_flags(value):
      return (v, ev)
  
  
-def to_text(value):
+def to_text(value, tsig=False):
      """Convert rcode into text.
  
-    *value*, and ``int``, the rcode.
+    *value*, an ``int``, the rcode.
  
      Raises ``ValueError`` if rcode is < 0 or > 4095.
  
      Returns a ``str``.
      """
  
+    if tsig and value == Rcode.BADVERS:
+        return 'BADSIG'
      return Rcode.to_text(value)
diff --git a/dns/tsig.py b/dns/tsig.py

index 08ab41e45689b1e9618b72887cc78ab4794a9c90..b554e2e76af2775173f7e4a9745c42c76d924ce4 100644 (file)
--- a/dns/tsig.py
+++ b/dns/tsig.py
@@ -25,6 +25,7 @@ import struct
  import dns.exception
  import dns.rdataclass
  import dns.name
+import dns.rcode
  
  class BadTime(dns.exception.DNSException):
  
@@ -90,11 +91,6 @@ _hashes = {
  
  default_algorithm = HMAC_SHA256
  
-BADSIG = 16
-BADKEY = 17
-BADTIME = 18
-BADTRUNC = 22
-
  
  def sign(wire, key, rdata, time=None, request_mac=None, ctx=None, multi=False):
      """Return a (tsig_rdata, mac, ctx) tuple containing the HMAC TSIG rdata
@@ -162,13 +158,13 @@ def validate(wire, key, owner, rdata, now, request_mac, tsig_start, ctx=None,
      adcount -= 1
      new_wire = wire[0:10] + struct.pack("!H", adcount) + wire[12:tsig_start]
      if rdata.error != 0:
-        if rdata.error == BADSIG:
+        if rdata.error == dns.rcode.BADSIG:
              raise PeerBadSignature
-        elif rdata.error == BADKEY:
+        elif rdata.error == dns.rcode.BADKEY:
              raise PeerBadKey
-        elif rdata.error == BADTIME:
+        elif rdata.error == dns.rcode.BADTIME:
              raise PeerBadTime
-        elif rdata.error == BADTRUNC:
+        elif rdata.error == dns.rcode.BADTRUNC:
              raise PeerBadTruncation
          else:
              raise PeerError('unknown TSIG error code %d' % rdata.error)
diff --git a/tests/test_flags.py b/tests/test_flags.py

index f3e7f845e508f343370a021f3314ad2646e5780b..479e38461d3848ee4a378f3017783da4114d91f9 100644 (file)
--- a/tests/test_flags.py
+++ b/tests/test_flags.py
@@ -56,6 +56,22 @@ class FlagsTestCase(unittest.TestCase):
          flags = dns.flags.QR|dns.flags.AA|dns.flags.RD|dns.flags.RA
          self.assertEqual(dns.flags.to_text(flags), "QR AA RD RA")
  
+    def test_rcode_badvers(self):
+        rcode = dns.rcode.BADVERS
+        self.assertEqual(rcode.value, 16)
+        self.assertEqual(rcode.name, 'BADVERS')
+        self.assertEqual(dns.rcode.to_text(rcode), 'BADVERS')
+
+    def test_rcode_badsig(self):
+        rcode = dns.rcode.BADSIG
+        self.assertEqual(rcode.value, 16)
+        # Yes, we mean BADVERS on the next line.  BADSIG and BADVERS have
+        # the same code.
+        self.assertEqual(rcode.name, 'BADVERS')
+        self.assertEqual(dns.rcode.to_text(rcode), 'BADVERS')
+        # In TSIG text mode, it should be BADSIG
+        self.assertEqual(dns.rcode.to_text(rcode, True), 'BADSIG')
+
  
  if __name__ == '__main__':
      unittest.main()
diff --git a/tests/test_tsig.py b/tests/test_tsig.py

index 2722e154536999a75e14c91254fffbd291de5f2a..f5c62cc5d11988f03e68d58ef245e9a23d27c929 100644 (file)
--- a/tests/test_tsig.py
+++ b/tests/test_tsig.py
@@ -4,6 +4,7 @@ import hashlib
  import unittest
  import time
  
+import dns.rcode
  import dns.tsig
  import dns.tsigkeyring
  import dns.message
@@ -50,10 +51,10 @@ class TSIGTestCase(unittest.TestCase):
          return(q, r)
  
      def test_peer_errors(self):
-        items = [(dns.tsig.BADSIG, dns.tsig.PeerBadSignature),
-                 (dns.tsig.BADKEY, dns.tsig.PeerBadKey),
-                 (dns.tsig.BADTIME, dns.tsig.PeerBadTime),
-                 (dns.tsig.BADTRUNC, dns.tsig.PeerBadTruncation),
+        items = [(dns.rcode.BADSIG, dns.tsig.PeerBadSignature),
+                 (dns.rcode.BADKEY, dns.tsig.PeerBadKey),
+                 (dns.rcode.BADTIME, dns.tsig.PeerBadTime),
+                 (dns.rcode.BADTRUNC, dns.tsig.PeerBadTruncation),
                   (99, dns.tsig.PeerError),
                   ]
          for err, ex in items:
author	Bob Halley <halley@dnspython.org>
	Tue, 7 Jul 2020 23:42:08 +0000 (16:42 -0700)
committer	Bob Halley <halley@dnspython.org>
	Tue, 7 Jul 2020 23:42:08 +0000 (16:42 -0700)
dns/rcode.py		patch \| blob \| blame \| history
dns/tsig.py		patch \| blob \| blame \| history
tests/test_flags.py		patch \| blob \| blame \| history
tests/test_tsig.py		patch \| blob \| blame \| history