[SCM] Samba Shared Repository - branch master updated

Jelmer Vernooij jelmer at samba.org
Thu Dec 9 19:50:02 MST 2010


The branch, master has been updated
       via  10441ed subunitrun: Use unittest.TestProgram if subunit.TestProgram is not available.
       via  636d8cf s4-python: Add convenience function for forcibly importing bundled package.
       via  bdf5a49 subunitrun: Extend hack to cope with older system subunit run installs.
       via  b1daa50 subunitrun: Remove global subunit module when reimporting from a different location.
       via  8f4c064 s4-dist: Remove no longer existing files from blacklist (fixes 'make dist' inclusion of configure)
       via  408a99e s4-python: Fix use of bundled modules.
       via  4571b94 s4-python: Split up ensure_external_module.
       via  c565da0 selftest: Make sure system subunit.run has TestProgram.
       via  365cfb1 smbtorture: Rename --list to --list-suites, add stub --list.
       via  5f6dd9a selftest: Check exit code when listing tests.
       via  680a2fb s4-selftest: Add convenience function for running testsuites using subunitrun.
       via  028ea57 selftest: Allow discovering tests in pure python testsuites.
       via  069ff14 subunitrun: Support --list.
       via  a957d8c selftest: Rename $LIST to $LISTOPT for consistency with testrepository.
       via  75ef8f1 dnspython: Update to newer upstream snapshot.
       via  9143892 subunit: Update to newer upstream snapshot.
       via  2974340 testtools: Import new upstream snapshot.
       via  e6974b0 selftest: add --list option.
       via  34adc74 selftest: Document --testenv in --help output, remove documentation for now obsolete --analyse-cmd.
      from  21b0d5e pidl: use $CC -E if $CPP is not defined, if both undefined use cpp

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 10441ed83d701d6db64c3a933cf09957355e1db2
Author: Jelmer Vernooij <jelmer at samba.org>
Date:   Fri Dec 10 03:03:18 2010 +0100

    subunitrun: Use unittest.TestProgram if subunit.TestProgram is not
    available.
    
    Autobuild-User: Jelmer Vernooij <jelmer at samba.org>
    Autobuild-Date: Fri Dec 10 03:49:03 CET 2010 on sn-devel-104

commit 636d8cfb423bbdf271df25efbc13c91420ebefe8
Author: Jelmer Vernooij <jelmer at samba.org>
Date:   Fri Dec 10 00:47:33 2010 +0100

    s4-python: Add convenience function for forcibly importing bundled
    package.

commit bdf5a49cec064c965c1271d875fc9b474b77f634
Author: Jelmer Vernooij <jelmer at samba.org>
Date:   Thu Dec 9 23:28:25 2010 +0100

    subunitrun: Extend hack to cope with older system subunit run installs.

commit b1daa502935026854758dc47868866b022c53128
Author: Jelmer Vernooij <jelmer at samba.org>
Date:   Thu Dec 9 22:48:16 2010 +0100

    subunitrun: Remove global subunit module when reimporting from a
    different location.

commit 8f4c064b49f01e7d53d5610da6b6574615d9f188
Author: Jelmer Vernooij <jelmer at samba.org>
Date:   Thu Dec 9 22:46:08 2010 +0100

    s4-dist: Remove no longer existing files from blacklist (fixes 'make
    dist' inclusion of configure)

commit 408a99e3bba2e08ad4caf2f8aae446865a3250db
Author: Jelmer Vernooij <jelmer at samba.org>
Date:   Thu Dec 9 21:38:48 2010 +0100

    s4-python: Fix use of bundled modules.

commit 4571b94e7b04acaa7f462262dac509843287e4af
Author: Jelmer Vernooij <jelmer at samba.org>
Date:   Thu Dec 9 19:45:37 2010 +0100

    s4-python: Split up ensure_external_module.

commit c565da0f7148fcfb560bea9abe4b9e2bb59a81e1
Author: Jelmer Vernooij <jelmer at samba.org>
Date:   Thu Dec 9 18:49:38 2010 +0100

    selftest: Make sure system subunit.run has TestProgram.

commit 365cfb1c323cd3a24ff0caf1929674910095b4c6
Author: Jelmer Vernooij <jelmer at samba.org>
Date:   Thu Dec 9 16:57:45 2010 +0100

    smbtorture: Rename --list to --list-suites, add stub --list.

commit 5f6dd9a608271948bb1d4a1fb975e889db70512c
Author: Jelmer Vernooij <jelmer at samba.org>
Date:   Thu Dec 9 16:48:24 2010 +0100

    selftest: Check exit code when listing tests.

commit 680a2fb5173a74b65fa23ac0027f516ddd908e9b
Author: Jelmer Vernooij <jelmer at samba.org>
Date:   Thu Dec 9 16:28:31 2010 +0100

    s4-selftest: Add convenience function for running testsuites using
    subunitrun.

commit 028ea57e554e04dcc891786f32cf79c6587d1708
Author: Jelmer Vernooij <jelmer at samba.org>
Date:   Thu Dec 9 15:41:17 2010 +0100

    selftest: Allow discovering tests in pure python testsuites.

commit 069ff146cb13b5bb6655b9d47540ab5ea9f6183e
Author: Jelmer Vernooij <jelmer at samba.org>
Date:   Thu Dec 9 15:35:51 2010 +0100

    subunitrun: Support --list.

commit a957d8c80f532654f502fdd37aecd34b231a00e8
Author: Jelmer Vernooij <jelmer at samba.org>
Date:   Thu Dec 9 15:35:23 2010 +0100

    selftest: Rename $LIST to $LISTOPT for consistency with testrepository.

commit 75ef8f1dd27f4985b3d705e7681a9218ad513c84
Author: Jelmer Vernooij <jelmer at samba.org>
Date:   Thu Dec 9 14:53:45 2010 +0100

    dnspython: Update to newer upstream snapshot.

commit 91438920b465ec7455dd1cd700bbe8ec5050b3f9
Author: Jelmer Vernooij <jelmer at samba.org>
Date:   Thu Dec 9 14:51:51 2010 +0100

    subunit: Update to newer upstream snapshot.

commit 297434055e2e2b28a2f9cacc09a30786edf8903a
Author: Jelmer Vernooij <jelmer at samba.org>
Date:   Thu Dec 9 14:51:17 2010 +0100

    testtools: Import new upstream snapshot.

commit e6974b0ff0100bb292d57e58ae11bc2e6b0d4053
Author: Jelmer Vernooij <jelmer at samba.org>
Date:   Thu Dec 9 14:46:09 2010 +0100

    selftest: add --list option.

commit 34adc745efa242b7e4167b581d6770560e759e40
Author: Jelmer Vernooij <jelmer at samba.org>
Date:   Thu Dec 9 13:37:13 2010 +0100

    selftest: Document --testenv in --help output, remove documentation for
    now obsolete --analyse-cmd.

-----------------------------------------------------------------------

Summary of changes:
 lib/dnspython/.gitignore                           |    2 +
 lib/dnspython/ChangeLog                            |   79 +++
 lib/dnspython/Makefile                             |   56 ++
 lib/dnspython/README                               |   59 ++-
 lib/dnspython/dns/__init__.py                      |    1 +
 lib/dnspython/dns/dnssec.py                        |  312 ++++++++-
 lib/dnspython/dns/hash.py                          |   67 ++
 lib/dnspython/dns/message.py                       |   12 +-
 lib/dnspython/dns/node.py                          |   14 +-
 lib/dnspython/dns/query.py                         |   84 ++-
 lib/dnspython/dns/rdataset.py                      |    4 +-
 lib/dnspython/dns/resolver.py                      |   17 +-
 lib/dnspython/dns/rrset.py                         |    6 +-
 lib/dnspython/dns/tsig.py                          |   77 ++-
 lib/dnspython/dns/update.py                        |   12 +-
 lib/dnspython/dns/version.py                       |    4 +-
 lib/dnspython/dns/zone.py                          |   20 +-
 lib/dnspython/examples/ddns.py                     |    2 +-
 lib/dnspython/examples/zonediff.py                 |  270 +++++++
 lib/dnspython/setup.py                             |    2 +-
 lib/dnspython/tests/dnssec.py                      |  146 ++++
 lib/dnspython/tests/resolver.py                    |   24 +-
 lib/subunit/INSTALL                                |    9 +-
 lib/subunit/NEWS                                   |   17 +
 lib/subunit/python/subunit/__init__.py             |    6 +
 lib/subunit/python/subunit/run.py                  |    3 +-
 lib/subunit/setup.py                               |    2 +-
 lib/subunit/shell/README                           |    2 +-
 lib/subunit/shell/tests/test_function_output.sh    |   10 +-
 lib/subunit/shell/tests/test_source_library.sh     |   14 +-
 lib/testtools/.testr.conf                          |    4 +
 lib/testtools/HACKING                              |   48 +-
 lib/testtools/MANIFEST.in                          |    1 -
 lib/testtools/MANUAL                               |  120 +++-
 lib/testtools/Makefile                             |    9 +-
 lib/testtools/NEWS                                 |  102 +++
 lib/testtools/README                               |   18 +-
 lib/testtools/setup.py                             |   51 ++-
 lib/testtools/testtools/__init__.py                |   12 +-
 lib/testtools/testtools/_spinner.py                |  317 +++++++++
 lib/testtools/testtools/compat.py                  |   57 +-
 lib/testtools/testtools/content.py                 |   17 +-
 lib/testtools/testtools/deferredruntest.py         |  336 +++++++++
 lib/testtools/testtools/helpers.py                 |   64 ++
 lib/testtools/testtools/matchers.py                |  199 ++++++-
 lib/testtools/testtools/run.py                     |   82 ++-
 lib/testtools/testtools/runtest.py                 |   99 ++-
 lib/testtools/testtools/testcase.py                |  212 ++++---
 lib/testtools/testtools/testresult/doubles.py      |   18 +-
 lib/testtools/testtools/testresult/real.py         |  129 ++--
 lib/testtools/testtools/tests/__init__.py          |   37 +-
 lib/testtools/testtools/tests/helpers.py           |    5 +
 lib/testtools/testtools/tests/test_compat.py       |   20 +-
 lib/testtools/testtools/tests/test_content.py      |   49 +-
 lib/testtools/testtools/tests/test_content_type.py |   10 +-
 .../testtools/tests/test_deferredruntest.py        |  738 ++++++++++++++++++++
 .../testtools/tests/test_fixturesupport.py         |   77 ++
 lib/testtools/testtools/tests/test_helpers.py      |  106 +++
 lib/testtools/testtools/tests/test_matchers.py     |  228 ++++++-
 lib/testtools/testtools/tests/test_monkey.py       |    7 +-
 lib/testtools/testtools/tests/test_run.py          |   77 ++
 lib/testtools/testtools/tests/test_runtest.py      |  129 ++++-
 lib/testtools/testtools/tests/test_spinner.py      |  325 +++++++++
 lib/testtools/testtools/tests/test_testresult.py   |  321 ++++++++-
 lib/testtools/testtools/tests/test_testsuite.py    |    9 +-
 lib/testtools/testtools/tests/test_testtools.py    |   28 +-
 selftest/selftest.pl                               |   33 +-
 source4/scripting/bin/subunitrun                   |   15 +-
 source4/scripting/python/samba/__init__.py         |   30 +-
 source4/selftest/tests.py                          |   34 +-
 source4/selftest/wscript                           |    6 +-
 source4/torture/shell.c                            |    2 +-
 source4/torture/smbtorture.c                       |   21 +-
 source4/torture/smbtorture.h                       |    2 +-
 source4/wscript                                    |    3 +-
 75 files changed, 5022 insertions(+), 518 deletions(-)
 create mode 100644 lib/dnspython/Makefile
 create mode 100644 lib/dnspython/dns/hash.py
 create mode 100755 lib/dnspython/examples/zonediff.py
 create mode 100644 lib/dnspython/tests/dnssec.py
 create mode 100644 lib/testtools/.testr.conf
 create mode 100644 lib/testtools/testtools/_spinner.py
 create mode 100644 lib/testtools/testtools/deferredruntest.py
 create mode 100644 lib/testtools/testtools/helpers.py
 create mode 100644 lib/testtools/testtools/tests/test_deferredruntest.py
 create mode 100644 lib/testtools/testtools/tests/test_fixturesupport.py
 create mode 100644 lib/testtools/testtools/tests/test_helpers.py
 create mode 100644 lib/testtools/testtools/tests/test_run.py
 create mode 100644 lib/testtools/testtools/tests/test_spinner.py


Changeset truncated at 500 lines:

diff --git a/lib/dnspython/.gitignore b/lib/dnspython/.gitignore
index 2abcfc4..5592c97 100644
--- a/lib/dnspython/.gitignore
+++ b/lib/dnspython/.gitignore
@@ -2,4 +2,6 @@ build
 dist
 MANIFEST
 html
+html.zip
+html.tar.gz
 tests/*.out
diff --git a/lib/dnspython/ChangeLog b/lib/dnspython/ChangeLog
index 73a66ed..91e69d3 100644
--- a/lib/dnspython/ChangeLog
+++ b/lib/dnspython/ChangeLog
@@ -1,3 +1,82 @@
+2010-11-23  Bob Halley  <halley at dnspython.org>
+
+	* (Version 1.9.2 released)
+
+2010-11-23  Bob Halley  <halley at dnspython.org>
+
+	* dns/dnssec.py (_need_pycrypto): DSA and RSA are modules, not
+	  functions, and I didn't notice because the test suite masked
+	  the bug!  *sigh*
+
+2010-11-22  Bob Halley  <halley at dnspython.org>
+
+	* (Version 1.9.1 released)
+
+2010-11-22  Bob Halley  <halley at dnspython.org>
+
+	* dns/dnssec.py: the "from" style import used to get DSA from
+	  PyCrypto trashed a DSA constant.  Now a normal import is used
+	  to avoid namespace contamination.
+
+2010-11-20  Bob Halley  <halley at dnspython.org>
+
+	* (Version 1.9.0 released)
+
+2010-11-07  Bob Halley  <halley at dnspython.org>
+
+	* dns/dnssec.py: Added validate() to do basic DNSSEC validation
+	  (requires PyCrypto). Thanks to Brian Wellington for the patch.
+
+	* dns/hash.py: Hash compatibility handling is now its own module.
+
+2010-10-31  Bob Halley  <halley at dnspython.org>
+
+	* dns/resolver.py (zone_for_name): A query name resulting in a
+	  CNAME or DNAME response to a node which had an SOA was incorrectly
+	  treated as a zone origin.  In these cases, we should just look
+	  higher.  Thanks to Gert Berger for reporting this problem.
+
+	* Added zonediff.py to examples.  This program compares two zones
+	  and shows the differences either in diff-like plain text, or
+	  HTML.  Thanks to Dennis Kaarsemaker for contributing this
+	  useful program.
+
+2010-10-27  Bob Halley  <halley at dnspython.org>
+
+	* Incorporate a patch to use poll() instead of select() by
+	  default on platforms which support it.  Thanks to
+	  Peter Schüller and Spotify for the contribution.
+
+2010-10-17  Bob Halley  <halley at dnspython.org>
+
+	* Python prior to 2.5.2 doesn't compute the correct values for
+	  HMAC-SHA384 and HMAC-SHA512.  We now detect attempts to use
+	  them and raise NotImplemented if the Python version is too old.
+	  Thanks to Kevin Chen for reporting the problem.
+
+	* Various routines that took the string forms of rdata types and
+	  classes did not permit the strings to be Unicode strings.
+	  Thanks to Ryan Workman for reporting the issue.
+
+	* dns/tsig.py: Added symbolic constants for the algorithm strings.
+	  E.g. you can now say dns.tsig.HMAC_MD5 instead of
+	  "HMAC-MD5.SIG-ALG.REG.INT".  Thanks to Cillian Sharkey for
+	  suggesting this improvement.
+
+	* dns/tsig.py (get_algorithm): fix hashlib compatibility; thanks to
+	  Kevin Chen for the patch.
+
+	* dns/dnssec.py: Added key_id() and make_ds().
+
+	* dns/message.py: message.py needs to import dns.edns since it uses
+	  it.
+
+2010-05-04  Bob Halley  <halley at dnspython.org>
+
+	* dns/rrset.py (RRset.__init__): "covers" was not passed to the
+	  superclass __init__().  Thanks to Shanmuga Rajan for reporting
+	  the problem.
+
 2010-03-10  Bob Halley  <halley at dnspython.org>
 
 	* The TSIG algorithm value was passed to use_tsig() incorrectly
diff --git a/lib/dnspython/Makefile b/lib/dnspython/Makefile
new file mode 100644
index 0000000..3dbfe95
--- /dev/null
+++ b/lib/dnspython/Makefile
@@ -0,0 +1,56 @@
+# Copyright (C) 2003-2007, 2009 Nominum, Inc.
+#
+# Permission to use, copy, modify, and distribute this software and its
+# documentation for any purpose with or without fee is hereby granted,
+# provided that the above copyright notice and this permission notice
+# appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND NOMINUM DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NOMINUM BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
+# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile,v 1.16 2004/03/19 00:17:27 halley Exp $
+
+PYTHON=python
+
+all:
+	${PYTHON} ./setup.py build
+
+install:
+	${PYTHON} ./setup.py install
+
+clean:
+	${PYTHON} ./setup.py clean --all
+	find . -name '*.pyc' -exec rm {} \;
+	find . -name '*.pyo' -exec rm {} \;
+	rm -f TAGS
+
+distclean: clean docclean
+	rm -rf build dist
+	rm -f MANIFEST
+
+doc:
+	epydoc -n dnspython -u http://www.dnspython.org \
+		dns/*.py dns/rdtypes/*.py dns/rdtypes/ANY/*.py \
+		dns/rdtypes/IN/*.py
+
+dockits: doc
+	mv html dnspython-html
+	tar czf html.tar.gz dnspython-html
+	zip -r html.zip dnspython-html
+	mv dnspython-html html
+
+docclean:
+	rm -rf html.tar.gz html.zip html
+
+kits:
+	${PYTHON} ./setup.py sdist --formats=gztar,zip
+#	${PYTHON} ./setup.py bdist_wininst
+#	${PYTHON} ./setup.py bdist_rpm
+
+tags:
+	find . -name '*.py' -print | etags -
diff --git a/lib/dnspython/README b/lib/dnspython/README
index b313d1c..d53dac6 100644
--- a/lib/dnspython/README
+++ b/lib/dnspython/README
@@ -22,7 +22,62 @@ development by continuing to employ the author :).
 
 ABOUT THIS RELEASE
 
-This is dnspython 1.8.0
+This is dnspython 1.9.2
+
+New since 1.9.1:
+
+    	Nothing.
+
+Bugs fixed since 1.9.1:
+
+	The dns.dnssec module didn't work at all due to missing
+	imports that escaped detection in testing because the test
+	suite also did the imports.  The third time is the charm!
+
+New since 1.9.0:
+
+    	Nothing.
+
+Bugs fixed since 1.9.0:
+
+        The dns.dnssec module didn't work with DSA due to namespace
+	contamination from a "from"-style import.
+
+New since 1.8.0:
+
+    	dnspython now uses poll() instead of select() when available.
+
+	Basic DNSSEC validation can be done using dns.dnsec.validate()
+	and dns.dnssec.validate_rrsig() if you have PyCrypto 2.3 or
+	later installed.  Complete secure resolution is not yet
+	available.
+
+	Added key_id() to the DNSSEC module, which computes the DNSSEC
+	key id of a DNSKEY rdata.
+
+	Added make_ds() to the DNSSEC module, which returns the DS RR
+	for a given DNSKEY rdata.
+
+	dnspython now raises an exception if HMAC-SHA284 or
+	HMAC-SHA512 are used with a Python older than 2.5.2.  (Older
+	Pythons do not compute the correct value.)
+
+	Symbolic constants are now available for TSIG algorithm names.
+
+Bugs fixed since 1.8.0
+
+        dns.resolver.zone_for_name() didn't handle a query response
+	with a CNAME or DNAME correctly in some cases.
+
+        When specifying rdata types and classes as text, Unicode
+	strings may now be used.
+
+	Hashlib compatibility issues have been fixed.
+
+	dns.message now imports dns.edns.
+
+	The TSIG algorithm value was passed incorrectly to use_tsig()
+	in some cases.
 
 New since 1.7.1:
 
@@ -310,7 +365,7 @@ the prior release.
 
 REQUIREMENTS
 
-Python 2.2 or later.
+Python 2.4 or later.
 
 
 INSTALLATION
diff --git a/lib/dnspython/dns/__init__.py b/lib/dnspython/dns/__init__.py
index 5ad5737..56e1e8a 100644
--- a/lib/dnspython/dns/__init__.py
+++ b/lib/dnspython/dns/__init__.py
@@ -22,6 +22,7 @@ __all__ = [
     'entropy',
     'exception',
     'flags',
+    'hash',
     'inet',
     'ipv4',
     'ipv6',
diff --git a/lib/dnspython/dns/dnssec.py b/lib/dnspython/dns/dnssec.py
index 54fd78d..a595fd4 100644
--- a/lib/dnspython/dns/dnssec.py
+++ b/lib/dnspython/dns/dnssec.py
@@ -15,6 +15,27 @@
 
 """Common DNSSEC-related functions and constants."""
 
+import cStringIO
+import struct
+import time
+
+import dns.exception
+import dns.hash
+import dns.name
+import dns.node
+import dns.rdataset
+import dns.rdata
+import dns.rdatatype
+import dns.rdataclass
+
+class UnsupportedAlgorithm(dns.exception.DNSException):
+    """Raised if an algorithm is not supported."""
+    pass
+
+class ValidationFailure(dns.exception.DNSException):
+    """The DNSSEC signature is invalid."""
+    pass
+
 RSAMD5 = 1
 DH = 2
 DSA = 3
@@ -49,14 +70,10 @@ _algorithm_by_text = {
 
 _algorithm_by_value = dict([(y, x) for x, y in _algorithm_by_text.iteritems()])
 
-class UnknownAlgorithm(Exception):
-    """Raised if an algorithm is unknown."""
-    pass
-
 def algorithm_from_text(text):
     """Convert text into a DNSSEC algorithm value
     @rtype: int"""
-    
+
     value = _algorithm_by_text.get(text.upper())
     if value is None:
         value = int(text)
@@ -65,8 +82,291 @@ def algorithm_from_text(text):
 def algorithm_to_text(value):
     """Convert a DNSSEC algorithm value to text
     @rtype: string"""
-    
+
     text = _algorithm_by_value.get(value)
     if text is None:
         text = str(value)
     return text
+
+def _to_rdata(record, origin):
+    s = cStringIO.StringIO()
+    record.to_wire(s, origin=origin)
+    return s.getvalue()
+
+def key_id(key, origin=None):
+    rdata = _to_rdata(key, origin)
+    if key.algorithm == RSAMD5:
+        return (ord(rdata[-3]) << 8) + ord(rdata[-2])
+    else:
+        total = 0
+        for i in range(len(rdata) / 2):
+            total += (ord(rdata[2 * i]) << 8) + ord(rdata[2 * i + 1])
+        if len(rdata) % 2 != 0:
+            total += ord(rdata[len(rdata) - 1]) << 8
+        total += ((total >> 16) & 0xffff);
+        return total & 0xffff
+
+def make_ds(name, key, algorithm, origin=None):
+    if algorithm.upper() == 'SHA1':
+        dsalg = 1
+        hash = dns.hash.get('SHA1')()
+    elif algorithm.upper() == 'SHA256':
+        dsalg = 2
+        hash = dns.hash.get('SHA256')()
+    else:
+        raise UnsupportedAlgorithm, 'unsupported algorithm "%s"' % algorithm
+
+    if isinstance(name, (str, unicode)):
+        name = dns.name.from_text(name, origin)
+    hash.update(name.canonicalize().to_wire())
+    hash.update(_to_rdata(key, origin))
+    digest = hash.digest()
+
+    dsrdata = struct.pack("!HBB", key_id(key), key.algorithm, dsalg) + digest
+    return dns.rdata.from_wire(dns.rdataclass.IN, dns.rdatatype.DS, dsrdata, 0,
+                               len(dsrdata))
+
+def _find_key(keys, rrsig):
+    value = keys.get(rrsig.signer)
+    if value is None:
+        return None
+    if isinstance(value, dns.node.Node):
+        try:
+            rdataset = node.find_rdataset(dns.rdataclass.IN,
+                                          dns.rdatatype.DNSKEY)
+        except KeyError:
+            return None
+    else:
+        rdataset = value
+    for rdata in rdataset:
+        if rdata.algorithm == rrsig.algorithm and \
+               key_id(rdata) == rrsig.key_tag:
+            return rdata
+    return None
+
+def _is_rsa(algorithm):
+    return algorithm in (RSAMD5, RSASHA1,
+                         RSASHA1NSEC3SHA1, RSASHA256,
+                         RSASHA512)
+
+def _is_dsa(algorithm):
+    return algorithm in (DSA, DSANSEC3SHA1)
+
+def _is_md5(algorithm):
+    return algorithm == RSAMD5
+
+def _is_sha1(algorithm):
+    return algorithm in (DSA, RSASHA1,
+                         DSANSEC3SHA1, RSASHA1NSEC3SHA1)
+
+def _is_sha256(algorithm):
+    return algorithm == RSASHA256
+
+def _is_sha512(algorithm):
+    return algorithm == RSASHA512
+
+def _make_hash(algorithm):
+    if _is_md5(algorithm):
+        return dns.hash.get('MD5')()
+    if _is_sha1(algorithm):
+        return dns.hash.get('SHA1')()
+    if _is_sha256(algorithm):
+        return dns.hash.get('SHA256')()
+    if _is_sha512(algorithm):
+        return dns.hash.get('SHA512')()
+    raise ValidationFailure, 'unknown hash for algorithm %u' % algorithm
+
+def _make_algorithm_id(algorithm):
+    if _is_md5(algorithm):
+        oid = [0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05]
+    elif _is_sha1(algorithm):
+        oid = [0x2b, 0x0e, 0x03, 0x02, 0x1a]
+    elif _is_sha256(algorithm):
+        oid = [0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01]
+    elif _is_sha512(algorithm):
+        oid = [0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03]
+    else:
+        raise ValidationFailure, 'unknown algorithm %u' % algorithm
+    olen = len(oid)
+    dlen = _make_hash(algorithm).digest_size
+    idbytes = [0x30] + [8 + olen + dlen] + \
+              [0x30, olen + 4] + [0x06, olen] + oid + \
+              [0x05, 0x00] + [0x04, dlen]
+    return ''.join(map(chr, idbytes))
+
+def _validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
+    """Validate an RRset against a single signature rdata
+
+    The owner name of the rrsig is assumed to be the same as the owner name
+    of the rrset.
+
+    @param rrset: The RRset to validate
+    @type rrset: dns.rrset.RRset or (dns.name.Name, dns.rdataset.Rdataset)
+    tuple
+    @param rrsig: The signature rdata
+    @type rrsig: dns.rrset.Rdata
+    @param keys: The key dictionary.
+    @type keys: a dictionary keyed by dns.name.Name with node or rdataset values
+    @param origin: The origin to use for relative names
+    @type origin: dns.name.Name or None
+    @param now: The time to use when validating the signatures.  The default
+    is the current time.
+    @type now: int
+    """
+
+    if isinstance(origin, (str, unicode)):
+        origin = dns.name.from_text(origin, dns.name.root)
+
+    key = _find_key(keys, rrsig)
+    if not key:
+        raise ValidationFailure, 'unknown key'
+
+    # For convenience, allow the rrset to be specified as a (name, rdataset)
+    # tuple as well as a proper rrset
+    if isinstance(rrset, tuple):
+        rrname = rrset[0]
+        rdataset = rrset[1]
+    else:
+        rrname = rrset.name
+        rdataset = rrset
+
+    if now is None:
+        now = time.time()
+    if rrsig.expiration < now:
+        raise ValidationFailure, 'expired'
+    if rrsig.inception > now:
+        raise ValidationFailure, 'not yet valid'
+
+    hash = _make_hash(rrsig.algorithm)
+
+    if _is_rsa(rrsig.algorithm):
+        keyptr = key.key
+        (bytes,) = struct.unpack('!B', keyptr[0:1])
+        keyptr = keyptr[1:]
+        if bytes == 0:
+            (bytes,) = struct.unpack('!H', keyptr[0:2])
+            keyptr = keyptr[2:]
+        rsa_e = keyptr[0:bytes]
+        rsa_n = keyptr[bytes:]
+        keylen = len(rsa_n) * 8
+        pubkey = Crypto.PublicKey.RSA.construct(
+            (Crypto.Util.number.bytes_to_long(rsa_n),
+             Crypto.Util.number.bytes_to_long(rsa_e)))
+        sig = (Crypto.Util.number.bytes_to_long(rrsig.signature),)
+    elif _is_dsa(rrsig.algorithm):
+        keyptr = key.key
+        (t,) = struct.unpack('!B', keyptr[0:1])
+        keyptr = keyptr[1:]
+        octets = 64 + t * 8
+        dsa_q = keyptr[0:20]
+        keyptr = keyptr[20:]
+        dsa_p = keyptr[0:octets]
+        keyptr = keyptr[octets:]
+        dsa_g = keyptr[0:octets]
+        keyptr = keyptr[octets:]
+        dsa_y = keyptr[0:octets]
+        pubkey = Crypto.PublicKey.DSA.construct(
+            (Crypto.Util.number.bytes_to_long(dsa_y),
+             Crypto.Util.number.bytes_to_long(dsa_g),
+             Crypto.Util.number.bytes_to_long(dsa_p),
+             Crypto.Util.number.bytes_to_long(dsa_q)))
+        (dsa_r, dsa_s) = struct.unpack('!20s20s', rrsig.signature[1:])
+        sig = (Crypto.Util.number.bytes_to_long(dsa_r),
+               Crypto.Util.number.bytes_to_long(dsa_s))
+    else:
+        raise ValidationFailure, 'unknown algorithm %u' % rrsig.algorithm
+
+    hash.update(_to_rdata(rrsig, origin)[:18])
+    hash.update(rrsig.signer.to_digestable(origin))
+
+    if rrsig.labels < len(rrname) - 1:


-- 
Samba Shared Repository


More information about the samba-cvs mailing list