You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
bazarr/libs/dns/renderer.py

347 lines
11 KiB

# Copyright (C) Dnspython Contributors, see LICENSE for text of ISC license
# Copyright (C) 2001-2017 Nominum, Inc.
6 years ago
#
# Permission to use, copy, modify, and distribute this software and its
# documentation for any purpose with or without fee is hereby granted,
# provided that the above copyright notice and this permission notice
# appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND NOMINUM DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NOMINUM BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
"""Help for building DNS wire format messages"""
import contextlib
import io
6 years ago
import random
import struct
6 years ago
import time
import dns.exception
import dns.tsig
QUESTION = 0
ANSWER = 1
AUTHORITY = 2
ADDITIONAL = 3
@contextlib.contextmanager
def prefixed_length(output, length_length):
output.write(b"\00" * length_length)
start = output.tell()
yield
end = output.tell()
length = end - start
if length > 0:
try:
output.seek(start - length_length)
try:
output.write(length.to_bytes(length_length, "big"))
except OverflowError:
raise dns.exception.FormError
finally:
output.seek(end)
class Renderer:
6 years ago
"""Helper class for building DNS wire-format messages.
Most applications can use the higher-level L{dns.message.Message}
class and its to_wire() method to generate wire-format messages.
This class is for those applications which need finer control
over the generation of messages.
Typical use::
r = dns.renderer.Renderer(id=1, flags=0x80, max_size=512)
r.add_question(qname, qtype, qclass)
r.add_rrset(dns.renderer.ANSWER, rrset_1)
r.add_rrset(dns.renderer.ANSWER, rrset_2)
r.add_rrset(dns.renderer.AUTHORITY, ns_rrset)
r.add_rrset(dns.renderer.ADDITIONAL, ad_rrset_1)
r.add_rrset(dns.renderer.ADDITIONAL, ad_rrset_2)
r.add_edns(0, 0, 4096)
6 years ago
r.write_header()
r.add_tsig(keyname, secret, 300, 1, 0, '', request_mac)
wire = r.get_wire()
If padding is going to be used, then the OPT record MUST be
written after everything else in the additional section except for
the TSIG (if any).
output, an io.BytesIO, where rendering is written
id: the message id
flags: the message flags
max_size: the maximum size of the message
origin: the origin to use when rendering relative names
compress: the compression table
section: an int, the section currently being rendered
counts: list of the number of RRs in each section
mac: the MAC of the rendered message (if TSIG was used)
6 years ago
"""
def __init__(self, id=None, flags=0, max_size=65535, origin=None):
"""Initialize a new renderer."""
6 years ago
self.output = io.BytesIO()
6 years ago
if id is None:
self.id = random.randint(0, 65535)
else:
self.id = id
self.flags = flags
self.max_size = max_size
self.origin = origin
self.compress = {}
self.section = QUESTION
self.counts = [0, 0, 0, 0]
self.output.write(b"\x00" * 12)
self.mac = ""
self.reserved = 0
self.was_padded = False
6 years ago
def _rollback(self, where):
"""Truncate the output buffer at offset *where*, and remove any
6 years ago
compression table entries that pointed beyond the truncation
point.
"""
self.output.seek(where)
self.output.truncate()
keys_to_delete = []
for k, v in self.compress.items():
if v >= where:
keys_to_delete.append(k)
for k in keys_to_delete:
del self.compress[k]
def _set_section(self, section):
"""Set the renderer's current section.
Sections must be rendered order: QUESTION, ANSWER, AUTHORITY,
ADDITIONAL. Sections may be empty.
Raises dns.exception.FormError if an attempt was made to set
6 years ago
a section value less than the current section.
"""
if self.section != section:
if self.section > section:
raise dns.exception.FormError
self.section = section
@contextlib.contextmanager
def _track_size(self):
start = self.output.tell()
yield start
if self.output.tell() > self.max_size:
self._rollback(start)
raise dns.exception.TooBig
@contextlib.contextmanager
def _temporarily_seek_to(self, where):
current = self.output.tell()
try:
self.output.seek(where)
yield
finally:
self.output.seek(current)
6 years ago
def add_question(self, qname, rdtype, rdclass=dns.rdataclass.IN):
"""Add a question to the message."""
6 years ago
self._set_section(QUESTION)
with self._track_size():
qname.to_wire(self.output, self.compress, self.origin)
self.output.write(struct.pack("!HH", rdtype, rdclass))
6 years ago
self.counts[QUESTION] += 1
def add_rrset(self, section, rrset, **kw):
"""Add the rrset to the specified section.
Any keyword arguments are passed on to the rdataset's to_wire()
routine.
"""
self._set_section(section)
with self._track_size():
n = rrset.to_wire(self.output, self.compress, self.origin, **kw)
6 years ago
self.counts[section] += n
def add_rdataset(self, section, name, rdataset, **kw):
"""Add the rdataset to the specified section, using the specified
name as the owner name.
Any keyword arguments are passed on to the rdataset's to_wire()
routine.
"""
self._set_section(section)
with self._track_size():
n = rdataset.to_wire(name, self.output, self.compress, self.origin, **kw)
6 years ago
self.counts[section] += n
def add_opt(self, opt, pad=0, opt_size=0, tsig_size=0):
"""Add *opt* to the additional section, applying padding if desired. The
padding will take the specified precomputed OPT size and TSIG size into
account.
Note that we don't have reliable way of knowing how big a GSS-TSIG digest
might be, so we we might not get an even multiple of the pad in that case."""
if pad:
ttl = opt.ttl
assert opt_size >= 11
opt_rdata = opt[0]
size_without_padding = self.output.tell() + opt_size + tsig_size
remainder = size_without_padding % pad
if remainder:
pad = b"\x00" * (pad - remainder)
else:
pad = b""
options = list(opt_rdata.options)
options.append(dns.edns.GenericOption(dns.edns.OptionType.PADDING, pad))
opt = dns.message.Message._make_opt(ttl, opt_rdata.rdclass, options)
self.was_padded = True
self.add_rrset(ADDITIONAL, opt)
6 years ago
def add_edns(self, edns, ednsflags, payload, options=None):
"""Add an EDNS OPT record to the message."""
6 years ago
# make sure the EDNS version in ednsflags agrees with edns
ednsflags &= 0xFF00FFFF
ednsflags |= edns << 16
opt = dns.message.Message._make_opt(ednsflags, payload, options)
self.add_opt(opt)
def add_tsig(
self,
keyname,
secret,
fudge,
id,
tsig_error,
other_data,
request_mac,
algorithm=dns.tsig.default_algorithm,
):
"""Add a TSIG signature to the message."""
s = self.output.getvalue()
if isinstance(secret, dns.tsig.Key):
key = secret
else:
key = dns.tsig.Key(keyname, secret, algorithm)
tsig = dns.message.Message._make_tsig(
keyname, algorithm, 0, fudge, b"", id, tsig_error, other_data
)
(tsig, _) = dns.tsig.sign(s, key, tsig[0], int(time.time()), request_mac)
self._write_tsig(tsig, keyname)
def add_multi_tsig(
self,
ctx,
keyname,
secret,
fudge,
id,
tsig_error,
other_data,
request_mac,
algorithm=dns.tsig.default_algorithm,
):
"""Add a TSIG signature to the message. Unlike add_tsig(), this can be
used for a series of consecutive DNS envelopes, e.g. for a zone
transfer over TCP [RFC2845, 4.4].
For the first message in the sequence, give ctx=None. For each
subsequent message, give the ctx that was returned from the
add_multi_tsig() call for the previous message."""
6 years ago
s = self.output.getvalue()
if isinstance(secret, dns.tsig.Key):
key = secret
else:
key = dns.tsig.Key(keyname, secret, algorithm)
tsig = dns.message.Message._make_tsig(
keyname, algorithm, 0, fudge, b"", id, tsig_error, other_data
)
(tsig, ctx) = dns.tsig.sign(
s, key, tsig[0], int(time.time()), request_mac, ctx, True
)
self._write_tsig(tsig, keyname)
return ctx
def _write_tsig(self, tsig, keyname):
if self.was_padded:
compress = None
else:
compress = self.compress
self._set_section(ADDITIONAL)
with self._track_size():
keyname.to_wire(self.output, compress, self.origin)
self.output.write(
struct.pack("!HHI", dns.rdatatype.TSIG, dns.rdataclass.ANY, 0)
)
with prefixed_length(self.output, 2):
tsig.to_wire(self.output)
6 years ago
self.counts[ADDITIONAL] += 1
with self._temporarily_seek_to(10):
self.output.write(struct.pack("!H", self.counts[ADDITIONAL]))
6 years ago
def write_header(self):
"""Write the DNS message header.
Writing the DNS message header is done after all sections
have been rendered, but before the optional TSIG signature
is added.
"""
with self._temporarily_seek_to(0):
self.output.write(
struct.pack(
"!HHHHHH",
self.id,
self.flags,
self.counts[0],
self.counts[1],
self.counts[2],
self.counts[3],
)
)
6 years ago
def get_wire(self):
"""Return the wire format message."""
6 years ago
return self.output.getvalue()
def reserve(self, size: int) -> None:
"""Reserve *size* bytes."""
if size < 0:
raise ValueError("reserved amount must be non-negative")
if size > self.max_size:
raise ValueError("cannot reserve more than the maximum size")
self.reserved += size
self.max_size -= size
def release_reserved(self) -> None:
"""Release the reserved bytes."""
self.max_size += self.reserved
self.reserved = 0