3 bW& @s~dZddlZddlZddlZddlZddlZddlZddlm Z m Z m Z Gdddej j ZGdddej j ZGd d d ej j ZGd d d eZGd ddeZGdddeZGdddeZejjdZejjdZejjdZejjdZejjdZejjdZedededededediZeZdZd Z d!Z!d"Z"dd#d$efd%d&Z#dd#d$efd'd(Z$d/d)d*Z%d+d,Z&d-d.Z'dS)0zDNS TSIG support.N)long string_types text_typec@seZdZdZdS)BadTimez8The current time is not within the TSIG's validity time.N)__name__ __module__ __qualname____doc__r r /usr/lib/python3.6/tsig.pyrsrc@seZdZdZdS) BadSignaturez#The TSIG signature fails to verify.N)rrr r r r r r r sr c@seZdZdZdS) PeerErrorz;Base class for all TSIG errors generated by the remote peerN)rrr r r r r r r%src@seZdZdZdS) PeerBadKeyz$The peer didn't know the key we usedN)rrr r r r r r r*src@seZdZdZdS)PeerBadSignaturez*The peer didn't like the signature we sentN)rrr r r r r r r/src@seZdZdZdS) PeerBadTimez%The peer didn't like the time we sentN)rrr r r r r r r4src@seZdZdZdS)PeerBadTruncationz=The peer didn't like amount of truncation in the TSIG we sentN)rrr r r r r r r9srzHMAC-MD5.SIG-ALG.REG.INTz hmac-sha1z hmac-sha224z hmac-sha256z hmac-sha384z hmac-sha512ZSHA224ZSHA256ZSHA384ZSHA512ZSHA1ZMD5FTc Cst|tr|j}t| \} }| r\tj||d} t|}|dkr\| jtj d|| j|tj d|}| j|| j|dd| r| j|j | jtj dt j j | jtj dd|td}|d?td@}|td @}tj d |||}| |}t|}|dkrtd tj d |||}| rF| j|| j|n | j|| j}tj dt|}|||||}| rtj||d} t|}| jtj d|| j|nd} ||| fS) ajReturn a (tsig_rdata, mac, ctx) tuple containing the HMAC TSIG rdata for the input parameters, the HMAC MAC calculated by applying the TSIG signature algorithm, and the TSIG digest context. @rtype: (string, string, hmac.HMAC object) @raises ValueError: I{other_data} is too long @raises NotImplementedError: I{algorithm} is not supported ) digestmodrz!HNz!I ilz!HIHz TSIG Other Data is > 65535 bytesz!HH) isinstancerencode get_algorithmhmacnewlenupdatestructpack to_digestablednsZ rdataclassANYr ValueErrorZdigest)wirekeynamesecrettimefudge original_iderror other_data request_macctxmultifirst algorithmZalgorithm_namerZmlidZ long_time upper_time lower_timeZtime_macZpre_macZolZpost_macmacZmpack tsig_rdatar r r signWsN            r9c Cs t|||||||||| | | | S)N)r9) r'r(r)r*r+r,r-r.r/r0r1r2r3r r r hmac_md5sr:c Cstjd|dd\} | dkr&tjj| d8} |ddtjd| |d|} |} tjj|| \}}| |} tjd|| | d\}}}}|tdd>|td}| d7} || | |}| |7} tjd|| | d \}}}| d 7} || | |}| |7} | ||kr tjj|dkrv|t kr:t n<|t krJt n,|t krZtn|tkrjtn td |||}||}||ks||krtt| |||||||||| | | \}}}||krt|S) a*Validate the specified TSIG rdata against the other input parameters. @raises FormError: The TSIG is badly formed. @raises BadTime: There is too much time skew between the client and the server. @raises BadSignature: The TSIG signature did not validate @rtype: hmac.HMAC objectz!H rrz!HIHHrz!HHHzunknown TSIG error code %d)r!unpackr$ exception FormErrorr"name from_wirerBADSIGrBADKEYrBADTIMErBADTRUNCrrrr9r )r'r(r)Znowr/Z tsig_startr8 tsig_rdlenr0r1r2ZadcountZnew_wirecurrentanameusedr5r6r+mac_sizer*r7r,r-Z other_sizer.Ztime_lowZ time_highZjunkZour_macr r r validatesN $         rLc Cs\t|trtjj|}y|jtjjt|fSt k rVt dt |dYnXdS)zReturns the wire format string and the hash module to use for the specified TSIG algorithm @rtype: (string, hash constructor) @raises NotImplementedError: I{algorithm} is not supported zTSIG algorithm z is not supportedN) rrr$rA from_textr#hashZhashes_hashesKeyErrorNotImplementedErrorstr)r3r r r rs   rc Csz|}tjj||\}}||}tjd|||d\}}}} |d7}|||| } || 7}|||krrtjj|| fS)zlReturn the tsig algorithm for the specified tsig_rdata @raises FormError: The TSIG is badly formed. z!HIHHr;)r$rArBr!r>r?r@) r'r8rGrHrIrJr5r6r+rKr7r r r get_algorithm_and_macs  rS)NFT)(r rr!Z dns.exceptionr$Zdns.hashZdns.rdataclassZdns.nameZ_compatrrrr?Z DNSExceptionrr rrrrrrArMZHMAC_MD5Z HMAC_SHA1Z HMAC_SHA224Z HMAC_SHA256Z HMAC_SHA384Z HMAC_SHA512rOZdefault_algorithmrCrDrErFr9r:rLrrSr r r r sL       5  5