From: Brian Wellington Date: Tue, 30 Jun 2020 16:27:06 +0000 (-0700) Subject: Remove the concept from "first" from TSIG. X-Git-Tag: v2.0.0rc2~35^2~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bfdcb567502dcb1e4de443479547a2e26a4547f7;p=thirdparty%2Fdnspython.git Remove the concept from "first" from TSIG. The sign() and validate() routines took a "first" parameter, which indicated that this message was the first in a multi-message sequence. This isn't needed, as it's identical to "not (ctx and multi)". Remove the parameter from both, as well as the now-unneeded field in the message object and message.from_wire() parameter. --- diff --git a/dns/message.py b/dns/message.py index a7c6bfaa..9fd3d77b 100644 --- a/dns/message.py +++ b/dns/message.py @@ -116,7 +116,6 @@ class Message: self.origin = None self.tsig_ctx = None self.multi = False - self.first = True self.index = {} @property @@ -445,8 +444,7 @@ class Message: int(time.time()), self.request_mac, tsig_ctx, - multi, - tsig_ctx is None) + multi) self.tsig.clear() self.tsig.add(new_tsig) r.add_rrset(dns.renderer.ADDITIONAL, self.tsig) @@ -820,8 +818,7 @@ class _WireReader: self.message.request_mac, rr_start, self.message.tsig_ctx, - self.message.multi, - self.message.first) + self.message.multi) self.message.tsig = dns.rrset.from_rdata(absolute_name, 0, rd) else: rrset = self.message.find_rrset(section, name, @@ -865,7 +862,7 @@ class _WireReader: def from_wire(wire, keyring=None, request_mac=b'', xfr=False, origin=None, - tsig_ctx=None, multi=False, first=True, + tsig_ctx=None, multi=False, question_only=False, one_rr_per_rrset=False, ignore_trailing=False, raise_on_truncation=False): """Convert a DNS wire format message into a message @@ -890,9 +887,6 @@ def from_wire(wire, keyring=None, request_mac=b'', xfr=False, origin=None, *multi*, a ``bool``, should be set to ``True`` if this message is part of a multiple message sequence. - *first*, a ``bool``, should be set to ``True`` if this message is - stand-alone, or the first message in a multi-message sequence. - *question_only*, a ``bool``. If ``True``, read only up to the end of the question section. @@ -930,7 +924,6 @@ def from_wire(wire, keyring=None, request_mac=b'', xfr=False, origin=None, message.origin = origin message.tsig_ctx = tsig_ctx message.multi = multi - message.first = first reader = _WireReader(wire, initialize_message, question_only, one_rr_per_rrset, ignore_trailing) diff --git a/dns/message.pyi b/dns/message.pyi index 76af040a..8b83a788 100644 --- a/dns/message.pyi +++ b/dns/message.pyi @@ -35,7 +35,6 @@ class Message: self.tsig_ctx = None self.had_tsig = False self.multi = False - self.first = True self.index : Dict[Tuple[rrset.RRset, name.Name, int, int, Union[int,str], int], rrset.RRset] = {} def is_response(self, other : Message) -> bool: @@ -45,7 +44,7 @@ def from_text(a : str, idna_codec : Optional[name.IDNACodec] = None) -> Message: ... def from_wire(wire, keyring : Optional[Dict[name.Name,bytes]] = None, request_mac = b'', xfr=False, origin=None, - tsig_ctx : Optional[hmac.HMAC] = None, multi=False, first=True, + tsig_ctx : Optional[hmac.HMAC] = None, multi=False, question_only=False, one_rr_per_rrset=False, ignore_trailing=False) -> Message: ... diff --git a/dns/query.py b/dns/query.py index ae4258a6..3404b917 100644 --- a/dns/query.py +++ b/dns/query.py @@ -920,7 +920,6 @@ def xfr(where, zone, rdtype=dns.rdatatype.AXFR, rdclass=dns.rdataclass.IN, origin = None oname = zone tsig_ctx = None - first = True while not done: (_, mexpiration) = _compute_times(timeout) if mexpiration is None or \ @@ -937,13 +936,11 @@ def xfr(where, zone, rdtype=dns.rdatatype.AXFR, rdclass=dns.rdataclass.IN, r = dns.message.from_wire(wire, keyring=q.keyring, request_mac=q.mac, xfr=True, origin=origin, tsig_ctx=tsig_ctx, - multi=True, first=first, - one_rr_per_rrset=is_ixfr) + multi=True, one_rr_per_rrset=is_ixfr) rcode = r.rcode() if rcode != dns.rcode.NOERROR: raise TransferError(rcode) tsig_ctx = r.tsig_ctx - first = False answer_index = 0 if soa_rrset is None: if not r.answer or r.answer[0].name != oname: diff --git a/dns/tsig.py b/dns/tsig.py index 2780c3c1..e4a2520b 100644 --- a/dns/tsig.py +++ b/dns/tsig.py @@ -86,7 +86,7 @@ BADTRUNC = 22 def sign(wire, keyname, rdata, secret, time=None, request_mac=None, - ctx=None, multi=False, first=True): + ctx=None, multi=False): """Return a (tsig_rdata, mac, ctx) tuple containing the HMAC TSIG rdata for the input parameters, the HMAC MAC calculated by applying the TSIG signature algorithm, and the TSIG digest context. @@ -95,6 +95,7 @@ def sign(wire, keyname, rdata, secret, time=None, request_mac=None, @raises NotImplementedError: I{algorithm} is not supported """ + first = not (ctx and multi) (algorithm_name, digestmod) = get_algorithm(rdata.algorithm) if first: ctx = hmac.new(secret, digestmod=digestmod) @@ -136,7 +137,7 @@ def sign(wire, keyname, rdata, secret, time=None, request_mac=None, def validate(wire, keyname, rdata, secret, now, request_mac, tsig_start, - ctx=None, multi=False, first=True): + ctx=None, multi=False): """Validate the specified TSIG rdata against the other input parameters. @raises FormError: The TSIG is badly formed. @@ -164,7 +165,7 @@ def validate(wire, keyname, rdata, secret, now, request_mac, tsig_start, if abs(rdata.time_signed - now) > rdata.fudge: raise BadTime (our_rdata, ctx) = sign(new_wire, keyname, rdata, secret, None, request_mac, - ctx, multi, first) + ctx, multi) if our_rdata.mac != rdata.mac: raise BadSignature return ctx