[SCM] Samba Shared Repository - branch master updated
Jelmer Vernooij
jelmer at samba.org
Thu Dec 9 19:50:02 MST 2010
The branch, master has been updated
via 10441ed subunitrun: Use unittest.TestProgram if subunit.TestProgram is not available.
via 636d8cf s4-python: Add convenience function for forcibly importing bundled package.
via bdf5a49 subunitrun: Extend hack to cope with older system subunit run installs.
via b1daa50 subunitrun: Remove global subunit module when reimporting from a different location.
via 8f4c064 s4-dist: Remove no longer existing files from blacklist (fixes 'make dist' inclusion of configure)
via 408a99e s4-python: Fix use of bundled modules.
via 4571b94 s4-python: Split up ensure_external_module.
via c565da0 selftest: Make sure system subunit.run has TestProgram.
via 365cfb1 smbtorture: Rename --list to --list-suites, add stub --list.
via 5f6dd9a selftest: Check exit code when listing tests.
via 680a2fb s4-selftest: Add convenience function for running testsuites using subunitrun.
via 028ea57 selftest: Allow discovering tests in pure python testsuites.
via 069ff14 subunitrun: Support --list.
via a957d8c selftest: Rename $LIST to $LISTOPT for consistency with testrepository.
via 75ef8f1 dnspython: Update to newer upstream snapshot.
via 9143892 subunit: Update to newer upstream snapshot.
via 2974340 testtools: Import new upstream snapshot.
via e6974b0 selftest: add --list option.
via 34adc74 selftest: Document --testenv in --help output, remove documentation for now obsolete --analyse-cmd.
from 21b0d5e pidl: use $CC -E if $CPP is not defined, if both undefined use cpp
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 10441ed83d701d6db64c3a933cf09957355e1db2
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Fri Dec 10 03:03:18 2010 +0100
subunitrun: Use unittest.TestProgram if subunit.TestProgram is not
available.
Autobuild-User: Jelmer Vernooij <jelmer at samba.org>
Autobuild-Date: Fri Dec 10 03:49:03 CET 2010 on sn-devel-104
commit 636d8cfb423bbdf271df25efbc13c91420ebefe8
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Fri Dec 10 00:47:33 2010 +0100
s4-python: Add convenience function for forcibly importing bundled
package.
commit bdf5a49cec064c965c1271d875fc9b474b77f634
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Thu Dec 9 23:28:25 2010 +0100
subunitrun: Extend hack to cope with older system subunit run installs.
commit b1daa502935026854758dc47868866b022c53128
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Thu Dec 9 22:48:16 2010 +0100
subunitrun: Remove global subunit module when reimporting from a
different location.
commit 8f4c064b49f01e7d53d5610da6b6574615d9f188
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Thu Dec 9 22:46:08 2010 +0100
s4-dist: Remove no longer existing files from blacklist (fixes 'make
dist' inclusion of configure)
commit 408a99e3bba2e08ad4caf2f8aae446865a3250db
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Thu Dec 9 21:38:48 2010 +0100
s4-python: Fix use of bundled modules.
commit 4571b94e7b04acaa7f462262dac509843287e4af
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Thu Dec 9 19:45:37 2010 +0100
s4-python: Split up ensure_external_module.
commit c565da0f7148fcfb560bea9abe4b9e2bb59a81e1
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Thu Dec 9 18:49:38 2010 +0100
selftest: Make sure system subunit.run has TestProgram.
commit 365cfb1c323cd3a24ff0caf1929674910095b4c6
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Thu Dec 9 16:57:45 2010 +0100
smbtorture: Rename --list to --list-suites, add stub --list.
commit 5f6dd9a608271948bb1d4a1fb975e889db70512c
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Thu Dec 9 16:48:24 2010 +0100
selftest: Check exit code when listing tests.
commit 680a2fb5173a74b65fa23ac0027f516ddd908e9b
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Thu Dec 9 16:28:31 2010 +0100
s4-selftest: Add convenience function for running testsuites using
subunitrun.
commit 028ea57e554e04dcc891786f32cf79c6587d1708
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Thu Dec 9 15:41:17 2010 +0100
selftest: Allow discovering tests in pure python testsuites.
commit 069ff146cb13b5bb6655b9d47540ab5ea9f6183e
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Thu Dec 9 15:35:51 2010 +0100
subunitrun: Support --list.
commit a957d8c80f532654f502fdd37aecd34b231a00e8
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Thu Dec 9 15:35:23 2010 +0100
selftest: Rename $LIST to $LISTOPT for consistency with testrepository.
commit 75ef8f1dd27f4985b3d705e7681a9218ad513c84
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Thu Dec 9 14:53:45 2010 +0100
dnspython: Update to newer upstream snapshot.
commit 91438920b465ec7455dd1cd700bbe8ec5050b3f9
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Thu Dec 9 14:51:51 2010 +0100
subunit: Update to newer upstream snapshot.
commit 297434055e2e2b28a2f9cacc09a30786edf8903a
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Thu Dec 9 14:51:17 2010 +0100
testtools: Import new upstream snapshot.
commit e6974b0ff0100bb292d57e58ae11bc2e6b0d4053
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Thu Dec 9 14:46:09 2010 +0100
selftest: add --list option.
commit 34adc745efa242b7e4167b581d6770560e759e40
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Thu Dec 9 13:37:13 2010 +0100
selftest: Document --testenv in --help output, remove documentation for
now obsolete --analyse-cmd.
-----------------------------------------------------------------------
Summary of changes:
lib/dnspython/.gitignore | 2 +
lib/dnspython/ChangeLog | 79 +++
lib/dnspython/Makefile | 56 ++
lib/dnspython/README | 59 ++-
lib/dnspython/dns/__init__.py | 1 +
lib/dnspython/dns/dnssec.py | 312 ++++++++-
lib/dnspython/dns/hash.py | 67 ++
lib/dnspython/dns/message.py | 12 +-
lib/dnspython/dns/node.py | 14 +-
lib/dnspython/dns/query.py | 84 ++-
lib/dnspython/dns/rdataset.py | 4 +-
lib/dnspython/dns/resolver.py | 17 +-
lib/dnspython/dns/rrset.py | 6 +-
lib/dnspython/dns/tsig.py | 77 ++-
lib/dnspython/dns/update.py | 12 +-
lib/dnspython/dns/version.py | 4 +-
lib/dnspython/dns/zone.py | 20 +-
lib/dnspython/examples/ddns.py | 2 +-
lib/dnspython/examples/zonediff.py | 270 +++++++
lib/dnspython/setup.py | 2 +-
lib/dnspython/tests/dnssec.py | 146 ++++
lib/dnspython/tests/resolver.py | 24 +-
lib/subunit/INSTALL | 9 +-
lib/subunit/NEWS | 17 +
lib/subunit/python/subunit/__init__.py | 6 +
lib/subunit/python/subunit/run.py | 3 +-
lib/subunit/setup.py | 2 +-
lib/subunit/shell/README | 2 +-
lib/subunit/shell/tests/test_function_output.sh | 10 +-
lib/subunit/shell/tests/test_source_library.sh | 14 +-
lib/testtools/.testr.conf | 4 +
lib/testtools/HACKING | 48 +-
lib/testtools/MANIFEST.in | 1 -
lib/testtools/MANUAL | 120 +++-
lib/testtools/Makefile | 9 +-
lib/testtools/NEWS | 102 +++
lib/testtools/README | 18 +-
lib/testtools/setup.py | 51 ++-
lib/testtools/testtools/__init__.py | 12 +-
lib/testtools/testtools/_spinner.py | 317 +++++++++
lib/testtools/testtools/compat.py | 57 +-
lib/testtools/testtools/content.py | 17 +-
lib/testtools/testtools/deferredruntest.py | 336 +++++++++
lib/testtools/testtools/helpers.py | 64 ++
lib/testtools/testtools/matchers.py | 199 ++++++-
lib/testtools/testtools/run.py | 82 ++-
lib/testtools/testtools/runtest.py | 99 ++-
lib/testtools/testtools/testcase.py | 212 ++++---
lib/testtools/testtools/testresult/doubles.py | 18 +-
lib/testtools/testtools/testresult/real.py | 129 ++--
lib/testtools/testtools/tests/__init__.py | 37 +-
lib/testtools/testtools/tests/helpers.py | 5 +
lib/testtools/testtools/tests/test_compat.py | 20 +-
lib/testtools/testtools/tests/test_content.py | 49 +-
lib/testtools/testtools/tests/test_content_type.py | 10 +-
.../testtools/tests/test_deferredruntest.py | 738 ++++++++++++++++++++
.../testtools/tests/test_fixturesupport.py | 77 ++
lib/testtools/testtools/tests/test_helpers.py | 106 +++
lib/testtools/testtools/tests/test_matchers.py | 228 ++++++-
lib/testtools/testtools/tests/test_monkey.py | 7 +-
lib/testtools/testtools/tests/test_run.py | 77 ++
lib/testtools/testtools/tests/test_runtest.py | 129 ++++-
lib/testtools/testtools/tests/test_spinner.py | 325 +++++++++
lib/testtools/testtools/tests/test_testresult.py | 321 ++++++++-
lib/testtools/testtools/tests/test_testsuite.py | 9 +-
lib/testtools/testtools/tests/test_testtools.py | 28 +-
selftest/selftest.pl | 33 +-
source4/scripting/bin/subunitrun | 15 +-
source4/scripting/python/samba/__init__.py | 30 +-
source4/selftest/tests.py | 34 +-
source4/selftest/wscript | 6 +-
source4/torture/shell.c | 2 +-
source4/torture/smbtorture.c | 21 +-
source4/torture/smbtorture.h | 2 +-
source4/wscript | 3 +-
75 files changed, 5022 insertions(+), 518 deletions(-)
create mode 100644 lib/dnspython/Makefile
create mode 100644 lib/dnspython/dns/hash.py
create mode 100755 lib/dnspython/examples/zonediff.py
create mode 100644 lib/dnspython/tests/dnssec.py
create mode 100644 lib/testtools/.testr.conf
create mode 100644 lib/testtools/testtools/_spinner.py
create mode 100644 lib/testtools/testtools/deferredruntest.py
create mode 100644 lib/testtools/testtools/helpers.py
create mode 100644 lib/testtools/testtools/tests/test_deferredruntest.py
create mode 100644 lib/testtools/testtools/tests/test_fixturesupport.py
create mode 100644 lib/testtools/testtools/tests/test_helpers.py
create mode 100644 lib/testtools/testtools/tests/test_run.py
create mode 100644 lib/testtools/testtools/tests/test_spinner.py
Changeset truncated at 500 lines:
diff --git a/lib/dnspython/.gitignore b/lib/dnspython/.gitignore
index 2abcfc4..5592c97 100644
--- a/lib/dnspython/.gitignore
+++ b/lib/dnspython/.gitignore
@@ -2,4 +2,6 @@ build
dist
MANIFEST
html
+html.zip
+html.tar.gz
tests/*.out
diff --git a/lib/dnspython/ChangeLog b/lib/dnspython/ChangeLog
index 73a66ed..91e69d3 100644
--- a/lib/dnspython/ChangeLog
+++ b/lib/dnspython/ChangeLog
@@ -1,3 +1,82 @@
+2010-11-23 Bob Halley <halley at dnspython.org>
+
+ * (Version 1.9.2 released)
+
+2010-11-23 Bob Halley <halley at dnspython.org>
+
+ * dns/dnssec.py (_need_pycrypto): DSA and RSA are modules, not
+ functions, and I didn't notice because the test suite masked
+ the bug! *sigh*
+
+2010-11-22 Bob Halley <halley at dnspython.org>
+
+ * (Version 1.9.1 released)
+
+2010-11-22 Bob Halley <halley at dnspython.org>
+
+ * dns/dnssec.py: the "from" style import used to get DSA from
+ PyCrypto trashed a DSA constant. Now a normal import is used
+ to avoid namespace contamination.
+
+2010-11-20 Bob Halley <halley at dnspython.org>
+
+ * (Version 1.9.0 released)
+
+2010-11-07 Bob Halley <halley at dnspython.org>
+
+ * dns/dnssec.py: Added validate() to do basic DNSSEC validation
+ (requires PyCrypto). Thanks to Brian Wellington for the patch.
+
+ * dns/hash.py: Hash compatibility handling is now its own module.
+
+2010-10-31 Bob Halley <halley at dnspython.org>
+
+ * dns/resolver.py (zone_for_name): A query name resulting in a
+ CNAME or DNAME response to a node which had an SOA was incorrectly
+ treated as a zone origin. In these cases, we should just look
+ higher. Thanks to Gert Berger for reporting this problem.
+
+ * Added zonediff.py to examples. This program compares two zones
+ and shows the differences either in diff-like plain text, or
+ HTML. Thanks to Dennis Kaarsemaker for contributing this
+ useful program.
+
+2010-10-27 Bob Halley <halley at dnspython.org>
+
+ * Incorporate a patch to use poll() instead of select() by
+ default on platforms which support it. Thanks to
+ Peter Schüller and Spotify for the contribution.
+
+2010-10-17 Bob Halley <halley at dnspython.org>
+
+ * Python prior to 2.5.2 doesn't compute the correct values for
+ HMAC-SHA384 and HMAC-SHA512. We now detect attempts to use
+ them and raise NotImplemented if the Python version is too old.
+ Thanks to Kevin Chen for reporting the problem.
+
+ * Various routines that took the string forms of rdata types and
+ classes did not permit the strings to be Unicode strings.
+ Thanks to Ryan Workman for reporting the issue.
+
+ * dns/tsig.py: Added symbolic constants for the algorithm strings.
+ E.g. you can now say dns.tsig.HMAC_MD5 instead of
+ "HMAC-MD5.SIG-ALG.REG.INT". Thanks to Cillian Sharkey for
+ suggesting this improvement.
+
+ * dns/tsig.py (get_algorithm): fix hashlib compatibility; thanks to
+ Kevin Chen for the patch.
+
+ * dns/dnssec.py: Added key_id() and make_ds().
+
+ * dns/message.py: message.py needs to import dns.edns since it uses
+ it.
+
+2010-05-04 Bob Halley <halley at dnspython.org>
+
+ * dns/rrset.py (RRset.__init__): "covers" was not passed to the
+ superclass __init__(). Thanks to Shanmuga Rajan for reporting
+ the problem.
+
2010-03-10 Bob Halley <halley at dnspython.org>
* The TSIG algorithm value was passed to use_tsig() incorrectly
diff --git a/lib/dnspython/Makefile b/lib/dnspython/Makefile
new file mode 100644
index 0000000..3dbfe95
--- /dev/null
+++ b/lib/dnspython/Makefile
@@ -0,0 +1,56 @@
+# Copyright (C) 2003-2007, 2009 Nominum, Inc.
+#
+# Permission to use, copy, modify, and distribute this software and its
+# documentation for any purpose with or without fee is hereby granted,
+# provided that the above copyright notice and this permission notice
+# appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND NOMINUM DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NOMINUM BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
+# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile,v 1.16 2004/03/19 00:17:27 halley Exp $
+
+PYTHON=python
+
+all:
+ ${PYTHON} ./setup.py build
+
+install:
+ ${PYTHON} ./setup.py install
+
+clean:
+ ${PYTHON} ./setup.py clean --all
+ find . -name '*.pyc' -exec rm {} \;
+ find . -name '*.pyo' -exec rm {} \;
+ rm -f TAGS
+
+distclean: clean docclean
+ rm -rf build dist
+ rm -f MANIFEST
+
+doc:
+ epydoc -n dnspython -u http://www.dnspython.org \
+ dns/*.py dns/rdtypes/*.py dns/rdtypes/ANY/*.py \
+ dns/rdtypes/IN/*.py
+
+dockits: doc
+ mv html dnspython-html
+ tar czf html.tar.gz dnspython-html
+ zip -r html.zip dnspython-html
+ mv dnspython-html html
+
+docclean:
+ rm -rf html.tar.gz html.zip html
+
+kits:
+ ${PYTHON} ./setup.py sdist --formats=gztar,zip
+# ${PYTHON} ./setup.py bdist_wininst
+# ${PYTHON} ./setup.py bdist_rpm
+
+tags:
+ find . -name '*.py' -print | etags -
diff --git a/lib/dnspython/README b/lib/dnspython/README
index b313d1c..d53dac6 100644
--- a/lib/dnspython/README
+++ b/lib/dnspython/README
@@ -22,7 +22,62 @@ development by continuing to employ the author :).
ABOUT THIS RELEASE
-This is dnspython 1.8.0
+This is dnspython 1.9.2
+
+New since 1.9.1:
+
+ Nothing.
+
+Bugs fixed since 1.9.1:
+
+ The dns.dnssec module didn't work at all due to missing
+ imports that escaped detection in testing because the test
+ suite also did the imports. The third time is the charm!
+
+New since 1.9.0:
+
+ Nothing.
+
+Bugs fixed since 1.9.0:
+
+ The dns.dnssec module didn't work with DSA due to namespace
+ contamination from a "from"-style import.
+
+New since 1.8.0:
+
+ dnspython now uses poll() instead of select() when available.
+
+ Basic DNSSEC validation can be done using dns.dnsec.validate()
+ and dns.dnssec.validate_rrsig() if you have PyCrypto 2.3 or
+ later installed. Complete secure resolution is not yet
+ available.
+
+ Added key_id() to the DNSSEC module, which computes the DNSSEC
+ key id of a DNSKEY rdata.
+
+ Added make_ds() to the DNSSEC module, which returns the DS RR
+ for a given DNSKEY rdata.
+
+ dnspython now raises an exception if HMAC-SHA284 or
+ HMAC-SHA512 are used with a Python older than 2.5.2. (Older
+ Pythons do not compute the correct value.)
+
+ Symbolic constants are now available for TSIG algorithm names.
+
+Bugs fixed since 1.8.0
+
+ dns.resolver.zone_for_name() didn't handle a query response
+ with a CNAME or DNAME correctly in some cases.
+
+ When specifying rdata types and classes as text, Unicode
+ strings may now be used.
+
+ Hashlib compatibility issues have been fixed.
+
+ dns.message now imports dns.edns.
+
+ The TSIG algorithm value was passed incorrectly to use_tsig()
+ in some cases.
New since 1.7.1:
@@ -310,7 +365,7 @@ the prior release.
REQUIREMENTS
-Python 2.2 or later.
+Python 2.4 or later.
INSTALLATION
diff --git a/lib/dnspython/dns/__init__.py b/lib/dnspython/dns/__init__.py
index 5ad5737..56e1e8a 100644
--- a/lib/dnspython/dns/__init__.py
+++ b/lib/dnspython/dns/__init__.py
@@ -22,6 +22,7 @@ __all__ = [
'entropy',
'exception',
'flags',
+ 'hash',
'inet',
'ipv4',
'ipv6',
diff --git a/lib/dnspython/dns/dnssec.py b/lib/dnspython/dns/dnssec.py
index 54fd78d..a595fd4 100644
--- a/lib/dnspython/dns/dnssec.py
+++ b/lib/dnspython/dns/dnssec.py
@@ -15,6 +15,27 @@
"""Common DNSSEC-related functions and constants."""
+import cStringIO
+import struct
+import time
+
+import dns.exception
+import dns.hash
+import dns.name
+import dns.node
+import dns.rdataset
+import dns.rdata
+import dns.rdatatype
+import dns.rdataclass
+
+class UnsupportedAlgorithm(dns.exception.DNSException):
+ """Raised if an algorithm is not supported."""
+ pass
+
+class ValidationFailure(dns.exception.DNSException):
+ """The DNSSEC signature is invalid."""
+ pass
+
RSAMD5 = 1
DH = 2
DSA = 3
@@ -49,14 +70,10 @@ _algorithm_by_text = {
_algorithm_by_value = dict([(y, x) for x, y in _algorithm_by_text.iteritems()])
-class UnknownAlgorithm(Exception):
- """Raised if an algorithm is unknown."""
- pass
-
def algorithm_from_text(text):
"""Convert text into a DNSSEC algorithm value
@rtype: int"""
-
+
value = _algorithm_by_text.get(text.upper())
if value is None:
value = int(text)
@@ -65,8 +82,291 @@ def algorithm_from_text(text):
def algorithm_to_text(value):
"""Convert a DNSSEC algorithm value to text
@rtype: string"""
-
+
text = _algorithm_by_value.get(value)
if text is None:
text = str(value)
return text
+
+def _to_rdata(record, origin):
+ s = cStringIO.StringIO()
+ record.to_wire(s, origin=origin)
+ return s.getvalue()
+
+def key_id(key, origin=None):
+ rdata = _to_rdata(key, origin)
+ if key.algorithm == RSAMD5:
+ return (ord(rdata[-3]) << 8) + ord(rdata[-2])
+ else:
+ total = 0
+ for i in range(len(rdata) / 2):
+ total += (ord(rdata[2 * i]) << 8) + ord(rdata[2 * i + 1])
+ if len(rdata) % 2 != 0:
+ total += ord(rdata[len(rdata) - 1]) << 8
+ total += ((total >> 16) & 0xffff);
+ return total & 0xffff
+
+def make_ds(name, key, algorithm, origin=None):
+ if algorithm.upper() == 'SHA1':
+ dsalg = 1
+ hash = dns.hash.get('SHA1')()
+ elif algorithm.upper() == 'SHA256':
+ dsalg = 2
+ hash = dns.hash.get('SHA256')()
+ else:
+ raise UnsupportedAlgorithm, 'unsupported algorithm "%s"' % algorithm
+
+ if isinstance(name, (str, unicode)):
+ name = dns.name.from_text(name, origin)
+ hash.update(name.canonicalize().to_wire())
+ hash.update(_to_rdata(key, origin))
+ digest = hash.digest()
+
+ dsrdata = struct.pack("!HBB", key_id(key), key.algorithm, dsalg) + digest
+ return dns.rdata.from_wire(dns.rdataclass.IN, dns.rdatatype.DS, dsrdata, 0,
+ len(dsrdata))
+
+def _find_key(keys, rrsig):
+ value = keys.get(rrsig.signer)
+ if value is None:
+ return None
+ if isinstance(value, dns.node.Node):
+ try:
+ rdataset = node.find_rdataset(dns.rdataclass.IN,
+ dns.rdatatype.DNSKEY)
+ except KeyError:
+ return None
+ else:
+ rdataset = value
+ for rdata in rdataset:
+ if rdata.algorithm == rrsig.algorithm and \
+ key_id(rdata) == rrsig.key_tag:
+ return rdata
+ return None
+
+def _is_rsa(algorithm):
+ return algorithm in (RSAMD5, RSASHA1,
+ RSASHA1NSEC3SHA1, RSASHA256,
+ RSASHA512)
+
+def _is_dsa(algorithm):
+ return algorithm in (DSA, DSANSEC3SHA1)
+
+def _is_md5(algorithm):
+ return algorithm == RSAMD5
+
+def _is_sha1(algorithm):
+ return algorithm in (DSA, RSASHA1,
+ DSANSEC3SHA1, RSASHA1NSEC3SHA1)
+
+def _is_sha256(algorithm):
+ return algorithm == RSASHA256
+
+def _is_sha512(algorithm):
+ return algorithm == RSASHA512
+
+def _make_hash(algorithm):
+ if _is_md5(algorithm):
+ return dns.hash.get('MD5')()
+ if _is_sha1(algorithm):
+ return dns.hash.get('SHA1')()
+ if _is_sha256(algorithm):
+ return dns.hash.get('SHA256')()
+ if _is_sha512(algorithm):
+ return dns.hash.get('SHA512')()
+ raise ValidationFailure, 'unknown hash for algorithm %u' % algorithm
+
+def _make_algorithm_id(algorithm):
+ if _is_md5(algorithm):
+ oid = [0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05]
+ elif _is_sha1(algorithm):
+ oid = [0x2b, 0x0e, 0x03, 0x02, 0x1a]
+ elif _is_sha256(algorithm):
+ oid = [0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01]
+ elif _is_sha512(algorithm):
+ oid = [0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03]
+ else:
+ raise ValidationFailure, 'unknown algorithm %u' % algorithm
+ olen = len(oid)
+ dlen = _make_hash(algorithm).digest_size
+ idbytes = [0x30] + [8 + olen + dlen] + \
+ [0x30, olen + 4] + [0x06, olen] + oid + \
+ [0x05, 0x00] + [0x04, dlen]
+ return ''.join(map(chr, idbytes))
+
+def _validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
+ """Validate an RRset against a single signature rdata
+
+ The owner name of the rrsig is assumed to be the same as the owner name
+ of the rrset.
+
+ @param rrset: The RRset to validate
+ @type rrset: dns.rrset.RRset or (dns.name.Name, dns.rdataset.Rdataset)
+ tuple
+ @param rrsig: The signature rdata
+ @type rrsig: dns.rrset.Rdata
+ @param keys: The key dictionary.
+ @type keys: a dictionary keyed by dns.name.Name with node or rdataset values
+ @param origin: The origin to use for relative names
+ @type origin: dns.name.Name or None
+ @param now: The time to use when validating the signatures. The default
+ is the current time.
+ @type now: int
+ """
+
+ if isinstance(origin, (str, unicode)):
+ origin = dns.name.from_text(origin, dns.name.root)
+
+ key = _find_key(keys, rrsig)
+ if not key:
+ raise ValidationFailure, 'unknown key'
+
+ # For convenience, allow the rrset to be specified as a (name, rdataset)
+ # tuple as well as a proper rrset
+ if isinstance(rrset, tuple):
+ rrname = rrset[0]
+ rdataset = rrset[1]
+ else:
+ rrname = rrset.name
+ rdataset = rrset
+
+ if now is None:
+ now = time.time()
+ if rrsig.expiration < now:
+ raise ValidationFailure, 'expired'
+ if rrsig.inception > now:
+ raise ValidationFailure, 'not yet valid'
+
+ hash = _make_hash(rrsig.algorithm)
+
+ if _is_rsa(rrsig.algorithm):
+ keyptr = key.key
+ (bytes,) = struct.unpack('!B', keyptr[0:1])
+ keyptr = keyptr[1:]
+ if bytes == 0:
+ (bytes,) = struct.unpack('!H', keyptr[0:2])
+ keyptr = keyptr[2:]
+ rsa_e = keyptr[0:bytes]
+ rsa_n = keyptr[bytes:]
+ keylen = len(rsa_n) * 8
+ pubkey = Crypto.PublicKey.RSA.construct(
+ (Crypto.Util.number.bytes_to_long(rsa_n),
+ Crypto.Util.number.bytes_to_long(rsa_e)))
+ sig = (Crypto.Util.number.bytes_to_long(rrsig.signature),)
+ elif _is_dsa(rrsig.algorithm):
+ keyptr = key.key
+ (t,) = struct.unpack('!B', keyptr[0:1])
+ keyptr = keyptr[1:]
+ octets = 64 + t * 8
+ dsa_q = keyptr[0:20]
+ keyptr = keyptr[20:]
+ dsa_p = keyptr[0:octets]
+ keyptr = keyptr[octets:]
+ dsa_g = keyptr[0:octets]
+ keyptr = keyptr[octets:]
+ dsa_y = keyptr[0:octets]
+ pubkey = Crypto.PublicKey.DSA.construct(
+ (Crypto.Util.number.bytes_to_long(dsa_y),
+ Crypto.Util.number.bytes_to_long(dsa_g),
+ Crypto.Util.number.bytes_to_long(dsa_p),
+ Crypto.Util.number.bytes_to_long(dsa_q)))
+ (dsa_r, dsa_s) = struct.unpack('!20s20s', rrsig.signature[1:])
+ sig = (Crypto.Util.number.bytes_to_long(dsa_r),
+ Crypto.Util.number.bytes_to_long(dsa_s))
+ else:
+ raise ValidationFailure, 'unknown algorithm %u' % rrsig.algorithm
+
+ hash.update(_to_rdata(rrsig, origin)[:18])
+ hash.update(rrsig.signer.to_digestable(origin))
+
+ if rrsig.labels < len(rrname) - 1:
--
Samba Shared Repository
More information about the samba-cvs
mailing list