Dyomedea
/
binder
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix binder to work with TSIG keys not using dnspythons default algorithm 

binder has been broken to work with signatures created with anything but
dnspythons default TSIG algorithm, which currently is HMAC-MD5.
This commit fixes that by properly using the algorithm stored for the key.
This commit is contained in:
Daniel Roschka 2015-03-22 18:07:06 +01:00
parent f0f897fad6
commit a19719a41b
2 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
binder/helpers.py
View File

@ -85,16 +85,19 @@ def delete_record(dns_server, rr_list, key_name):
try:
transfer_key = models.Key.objects.get(name=key_name)
keyring = transfer_key.create_keyring()
except models.Key.DoesNotExist:
keyring = None
algorithm = None
else:
keyring = transfer_key.create_keyring()
algorithm = transfer_key.algorithm
delete_response = []
for current_rr in rr_list:
record_list = current_rr.split(".")
record = record_list[0]
domain = ".".join(record_list[1:])
dns_update = dns.update.Update(domain, keyring = keyring)
dns_update = dns.update.Update(domain, keyring=keyring, keyalgorithm=algorithm)
dns_update.delete(record)
output = send_dns_update(dns_update, dns_server, key_name)
@ -108,11 +111,14 @@ def create_update(dns_server, zone_name, record_name, record_type, record_data,
try:
transfer_key = models.Key.objects.get(name=key_name)
keyring = transfer_key.create_keyring()
except models.Key.DoesNotExist:
keyring = None
algorithm = None
else:
keyring = transfer_key.create_keyring()
algorithm = transfer_key.algorithm
dns_update = dns.update.Update(zone_name, keyring = keyring)
dns_update = dns.update.Update(zone_name, keyring=keyring, keyalgorithm=algorithm)
dns_update.replace(record_name, ttl, record_type, record_data)
output = send_dns_update(dns_update, dns_server, key_name)

7
binder/models.py
View File

@ -88,12 +88,15 @@ class BindServer(models.Model):
try:
transfer_key = Key.objects.get(name=self.default_transfer_key)
keyring = transfer_key.create_keyring()
except Key.DoesNotExist:
keyring = None
algorithm = None
else:
keyring = transfer_key.create_keyring()
algorithm = transfer_key.algorithm
try:
zone = dns.zone.from_xfr(dns.query.xfr(self.hostname, zone_name, keyring=keyring))
zone = dns.zone.from_xfr(dns.query.xfr(self.hostname, zone_name, keyring=keyring, keyalgorithm=algorithm))
except dns.tsig.PeerBadKey:
# The incorrect TSIG key was selected for transfers.
raise exceptions.TransferException("Unable to list zone records because of a TSIG key mismatch.")