|
- # Copyright (C) Dnspython Contributors, see LICENSE for text of ISC license
-
- # Copyright (C) 2003-2007, 2009-2011 Nominum, Inc.
- #
- # Permission to use, copy, modify, and distribute this software and its
- # documentation for any purpose with or without fee is hereby granted,
- # provided that the above copyright notice and this permission notice
- # appear in all copies.
- #
- # THE SOFTWARE IS PROVIDED "AS IS" AND NOMINUM DISCLAIMS ALL WARRANTIES
- # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NOMINUM BE LIABLE FOR
- # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
- # OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
- """DNS Zones."""
-
- import re
- import sys
- from typing import Any, Iterable, List, Optional, Set, Tuple, Union
-
- import dns.exception
- import dns.grange
- import dns.name
- import dns.node
- import dns.rdata
- import dns.rdataclass
- import dns.rdatatype
- import dns.rdtypes.ANY.SOA
- import dns.rrset
- import dns.tokenizer
- import dns.transaction
- import dns.ttl
-
-
- class UnknownOrigin(dns.exception.DNSException):
- """Unknown origin"""
-
-
- class CNAMEAndOtherData(dns.exception.DNSException):
- """A node has a CNAME and other data"""
-
-
- def _check_cname_and_other_data(txn, name, rdataset):
- rdataset_kind = dns.node.NodeKind.classify_rdataset(rdataset)
- node = txn.get_node(name)
- if node is None:
- # empty nodes are neutral.
- return
- node_kind = node.classify()
- if (
- node_kind == dns.node.NodeKind.CNAME
- and rdataset_kind == dns.node.NodeKind.REGULAR
- ):
- raise CNAMEAndOtherData("rdataset type is not compatible with a CNAME node")
- elif (
- node_kind == dns.node.NodeKind.REGULAR
- and rdataset_kind == dns.node.NodeKind.CNAME
- ):
- raise CNAMEAndOtherData(
- "CNAME rdataset is not compatible with a regular data node"
- )
- # Otherwise at least one of the node and the rdataset is neutral, so
- # adding the rdataset is ok
-
-
- SavedStateType = Tuple[
- dns.tokenizer.Tokenizer,
- Optional[dns.name.Name], # current_origin
- Optional[dns.name.Name], # last_name
- Optional[Any], # current_file
- int, # last_ttl
- bool, # last_ttl_known
- int, # default_ttl
- bool,
- ] # default_ttl_known
-
-
- def _upper_dollarize(s):
- s = s.upper()
- if not s.startswith("$"):
- s = "$" + s
- return s
-
-
- class Reader:
- """Read a DNS zone file into a transaction."""
-
- def __init__(
- self,
- tok: dns.tokenizer.Tokenizer,
- rdclass: dns.rdataclass.RdataClass,
- txn: dns.transaction.Transaction,
- allow_include: bool = False,
- allow_directives: Union[bool, Iterable[str]] = True,
- force_name: Optional[dns.name.Name] = None,
- force_ttl: Optional[int] = None,
- force_rdclass: Optional[dns.rdataclass.RdataClass] = None,
- force_rdtype: Optional[dns.rdatatype.RdataType] = None,
- default_ttl: Optional[int] = None,
- ):
- self.tok = tok
- (self.zone_origin, self.relativize, _) = txn.manager.origin_information()
- self.current_origin = self.zone_origin
- self.last_ttl = 0
- self.last_ttl_known = False
- if force_ttl is not None:
- default_ttl = force_ttl
- if default_ttl is None:
- self.default_ttl = 0
- self.default_ttl_known = False
- else:
- self.default_ttl = default_ttl
- self.default_ttl_known = True
- self.last_name = self.current_origin
- self.zone_rdclass = rdclass
- self.txn = txn
- self.saved_state: List[SavedStateType] = []
- self.current_file: Optional[Any] = None
- self.allowed_directives: Set[str]
- if allow_directives is True:
- self.allowed_directives = {"$GENERATE", "$ORIGIN", "$TTL"}
- if allow_include:
- self.allowed_directives.add("$INCLUDE")
- elif allow_directives is False:
- # allow_include was ignored in earlier releases if allow_directives was
- # False, so we continue that.
- self.allowed_directives = set()
- else:
- # Note that if directives are explicitly specified, then allow_include
- # is ignored.
- self.allowed_directives = set(_upper_dollarize(d) for d in allow_directives)
- self.force_name = force_name
- self.force_ttl = force_ttl
- self.force_rdclass = force_rdclass
- self.force_rdtype = force_rdtype
- self.txn.check_put_rdataset(_check_cname_and_other_data)
-
- def _eat_line(self):
- while 1:
- token = self.tok.get()
- if token.is_eol_or_eof():
- break
-
- def _get_identifier(self):
- token = self.tok.get()
- if not token.is_identifier():
- raise dns.exception.SyntaxError
- return token
-
- def _rr_line(self):
- """Process one line from a DNS zone file."""
- token = None
- # Name
- if self.force_name is not None:
- name = self.force_name
- else:
- if self.current_origin is None:
- raise UnknownOrigin
- token = self.tok.get(want_leading=True)
- if not token.is_whitespace():
- self.last_name = self.tok.as_name(token, self.current_origin)
- else:
- token = self.tok.get()
- if token.is_eol_or_eof():
- # treat leading WS followed by EOL/EOF as if they were EOL/EOF.
- return
- self.tok.unget(token)
- name = self.last_name
- if not name.is_subdomain(self.zone_origin):
- self._eat_line()
- return
- if self.relativize:
- name = name.relativize(self.zone_origin)
-
- # TTL
- if self.force_ttl is not None:
- ttl = self.force_ttl
- self.last_ttl = ttl
- self.last_ttl_known = True
- else:
- token = self._get_identifier()
- ttl = None
- try:
- ttl = dns.ttl.from_text(token.value)
- self.last_ttl = ttl
- self.last_ttl_known = True
- token = None
- except dns.ttl.BadTTL:
- self.tok.unget(token)
-
- # Class
- if self.force_rdclass is not None:
- rdclass = self.force_rdclass
- else:
- token = self._get_identifier()
- try:
- rdclass = dns.rdataclass.from_text(token.value)
- except dns.exception.SyntaxError:
- raise
- except Exception:
- rdclass = self.zone_rdclass
- self.tok.unget(token)
- if rdclass != self.zone_rdclass:
- raise dns.exception.SyntaxError("RR class is not zone's class")
-
- if ttl is None:
- # support for <class> <ttl> <type> syntax
- token = self._get_identifier()
- ttl = None
- try:
- ttl = dns.ttl.from_text(token.value)
- self.last_ttl = ttl
- self.last_ttl_known = True
- token = None
- except dns.ttl.BadTTL:
- if self.default_ttl_known:
- ttl = self.default_ttl
- elif self.last_ttl_known:
- ttl = self.last_ttl
- self.tok.unget(token)
-
- # Type
- if self.force_rdtype is not None:
- rdtype = self.force_rdtype
- else:
- token = self._get_identifier()
- try:
- rdtype = dns.rdatatype.from_text(token.value)
- except Exception:
- raise dns.exception.SyntaxError(f"unknown rdatatype '{token.value}'")
-
- try:
- rd = dns.rdata.from_text(
- rdclass,
- rdtype,
- self.tok,
- self.current_origin,
- self.relativize,
- self.zone_origin,
- )
- except dns.exception.SyntaxError:
- # Catch and reraise.
- raise
- except Exception:
- # All exceptions that occur in the processing of rdata
- # are treated as syntax errors. This is not strictly
- # correct, but it is correct almost all of the time.
- # We convert them to syntax errors so that we can emit
- # helpful filename:line info.
- (ty, va) = sys.exc_info()[:2]
- raise dns.exception.SyntaxError(f"caught exception {str(ty)}: {str(va)}")
-
- if not self.default_ttl_known and rdtype == dns.rdatatype.SOA:
- # The pre-RFC2308 and pre-BIND9 behavior inherits the zone default
- # TTL from the SOA minttl if no $TTL statement is present before the
- # SOA is parsed.
- self.default_ttl = rd.minimum
- self.default_ttl_known = True
- if ttl is None:
- # if we didn't have a TTL on the SOA, set it!
- ttl = rd.minimum
-
- # TTL check. We had to wait until now to do this as the SOA RR's
- # own TTL can be inferred from its minimum.
- if ttl is None:
- raise dns.exception.SyntaxError("Missing default TTL value")
-
- self.txn.add(name, ttl, rd)
-
- def _parse_modify(self, side: str) -> Tuple[str, str, int, int, str]:
- # Here we catch everything in '{' '}' in a group so we can replace it
- # with ''.
- is_generate1 = re.compile(r"^.*\$({(\+|-?)(\d+),(\d+),(.)}).*$")
- is_generate2 = re.compile(r"^.*\$({(\+|-?)(\d+)}).*$")
- is_generate3 = re.compile(r"^.*\$({(\+|-?)(\d+),(\d+)}).*$")
- # Sometimes there are modifiers in the hostname. These come after
- # the dollar sign. They are in the form: ${offset[,width[,base]]}.
- # Make names
- mod = ""
- sign = "+"
- offset = "0"
- width = "0"
- base = "d"
- g1 = is_generate1.match(side)
- if g1:
- mod, sign, offset, width, base = g1.groups()
- if sign == "":
- sign = "+"
- else:
- g2 = is_generate2.match(side)
- if g2:
- mod, sign, offset = g2.groups()
- if sign == "":
- sign = "+"
- width = "0"
- base = "d"
- else:
- g3 = is_generate3.match(side)
- if g3:
- mod, sign, offset, width = g3.groups()
- if sign == "":
- sign = "+"
- base = "d"
-
- ioffset = int(offset)
- iwidth = int(width)
-
- if sign not in ["+", "-"]:
- raise dns.exception.SyntaxError(f"invalid offset sign {sign}")
- if base not in ["d", "o", "x", "X", "n", "N"]:
- raise dns.exception.SyntaxError(f"invalid type {base}")
-
- return mod, sign, ioffset, iwidth, base
-
- def _generate_line(self):
- # range lhs [ttl] [class] type rhs [ comment ]
- """Process one line containing the GENERATE statement from a DNS
- zone file."""
- if self.current_origin is None:
- raise UnknownOrigin
-
- token = self.tok.get()
- # Range (required)
- try:
- start, stop, step = dns.grange.from_text(token.value)
- token = self.tok.get()
- if not token.is_identifier():
- raise dns.exception.SyntaxError
- except Exception:
- raise dns.exception.SyntaxError
-
- # lhs (required)
- try:
- lhs = token.value
- token = self.tok.get()
- if not token.is_identifier():
- raise dns.exception.SyntaxError
- except Exception:
- raise dns.exception.SyntaxError
-
- # TTL
- try:
- ttl = dns.ttl.from_text(token.value)
- self.last_ttl = ttl
- self.last_ttl_known = True
- token = self.tok.get()
- if not token.is_identifier():
- raise dns.exception.SyntaxError
- except dns.ttl.BadTTL:
- if not (self.last_ttl_known or self.default_ttl_known):
- raise dns.exception.SyntaxError("Missing default TTL value")
- if self.default_ttl_known:
- ttl = self.default_ttl
- elif self.last_ttl_known:
- ttl = self.last_ttl
- # Class
- try:
- rdclass = dns.rdataclass.from_text(token.value)
- token = self.tok.get()
- if not token.is_identifier():
- raise dns.exception.SyntaxError
- except dns.exception.SyntaxError:
- raise dns.exception.SyntaxError
- except Exception:
- rdclass = self.zone_rdclass
- if rdclass != self.zone_rdclass:
- raise dns.exception.SyntaxError("RR class is not zone's class")
- # Type
- try:
- rdtype = dns.rdatatype.from_text(token.value)
- token = self.tok.get()
- if not token.is_identifier():
- raise dns.exception.SyntaxError
- except Exception:
- raise dns.exception.SyntaxError(f"unknown rdatatype '{token.value}'")
-
- # rhs (required)
- rhs = token.value
-
- def _calculate_index(counter: int, offset_sign: str, offset: int) -> int:
- """Calculate the index from the counter and offset."""
- if offset_sign == "-":
- offset *= -1
- return counter + offset
-
- def _format_index(index: int, base: str, width: int) -> str:
- """Format the index with the given base, and zero-fill it
- to the given width."""
- if base in ["d", "o", "x", "X"]:
- return format(index, base).zfill(width)
-
- # base can only be n or N here
- hexa = _format_index(index, "x", width)
- nibbles = ".".join(hexa[::-1])[:width]
- if base == "N":
- nibbles = nibbles.upper()
- return nibbles
-
- lmod, lsign, loffset, lwidth, lbase = self._parse_modify(lhs)
- rmod, rsign, roffset, rwidth, rbase = self._parse_modify(rhs)
- for i in range(start, stop + 1, step):
- # +1 because bind is inclusive and python is exclusive
-
- lindex = _calculate_index(i, lsign, loffset)
- rindex = _calculate_index(i, rsign, roffset)
-
- lzfindex = _format_index(lindex, lbase, lwidth)
- rzfindex = _format_index(rindex, rbase, rwidth)
-
- name = lhs.replace(f"${lmod}", lzfindex)
- rdata = rhs.replace(f"${rmod}", rzfindex)
-
- self.last_name = dns.name.from_text(
- name, self.current_origin, self.tok.idna_codec
- )
- name = self.last_name
- if not name.is_subdomain(self.zone_origin):
- self._eat_line()
- return
- if self.relativize:
- name = name.relativize(self.zone_origin)
-
- try:
- rd = dns.rdata.from_text(
- rdclass,
- rdtype,
- rdata,
- self.current_origin,
- self.relativize,
- self.zone_origin,
- )
- except dns.exception.SyntaxError:
- # Catch and reraise.
- raise
- except Exception:
- # All exceptions that occur in the processing of rdata
- # are treated as syntax errors. This is not strictly
- # correct, but it is correct almost all of the time.
- # We convert them to syntax errors so that we can emit
- # helpful filename:line info.
- (ty, va) = sys.exc_info()[:2]
- raise dns.exception.SyntaxError(
- f"caught exception {str(ty)}: {str(va)}"
- )
-
- self.txn.add(name, ttl, rd)
-
- def read(self) -> None:
- """Read a DNS zone file and build a zone object.
-
- @raises dns.zone.NoSOA: No SOA RR was found at the zone origin
- @raises dns.zone.NoNS: No NS RRset was found at the zone origin
- """
-
- try:
- while 1:
- token = self.tok.get(True, True)
- if token.is_eof():
- if self.current_file is not None:
- self.current_file.close()
- if len(self.saved_state) > 0:
- (
- self.tok,
- self.current_origin,
- self.last_name,
- self.current_file,
- self.last_ttl,
- self.last_ttl_known,
- self.default_ttl,
- self.default_ttl_known,
- ) = self.saved_state.pop(-1)
- continue
- break
- elif token.is_eol():
- continue
- elif token.is_comment():
- self.tok.get_eol()
- continue
- elif token.value[0] == "$" and len(self.allowed_directives) > 0:
- # Note that we only run directive processing code if at least
- # one directive is allowed in order to be backwards compatible
- c = token.value.upper()
- if c not in self.allowed_directives:
- raise dns.exception.SyntaxError(
- f"zone file directive '{c}' is not allowed"
- )
- if c == "$TTL":
- token = self.tok.get()
- if not token.is_identifier():
- raise dns.exception.SyntaxError("bad $TTL")
- self.default_ttl = dns.ttl.from_text(token.value)
- self.default_ttl_known = True
- self.tok.get_eol()
- elif c == "$ORIGIN":
- self.current_origin = self.tok.get_name()
- self.tok.get_eol()
- if self.zone_origin is None:
- self.zone_origin = self.current_origin
- self.txn._set_origin(self.current_origin)
- elif c == "$INCLUDE":
- token = self.tok.get()
- filename = token.value
- token = self.tok.get()
- new_origin: Optional[dns.name.Name]
- if token.is_identifier():
- new_origin = dns.name.from_text(
- token.value, self.current_origin, self.tok.idna_codec
- )
- self.tok.get_eol()
- elif not token.is_eol_or_eof():
- raise dns.exception.SyntaxError("bad origin in $INCLUDE")
- else:
- new_origin = self.current_origin
- self.saved_state.append(
- (
- self.tok,
- self.current_origin,
- self.last_name,
- self.current_file,
- self.last_ttl,
- self.last_ttl_known,
- self.default_ttl,
- self.default_ttl_known,
- )
- )
- self.current_file = open(filename)
- self.tok = dns.tokenizer.Tokenizer(self.current_file, filename)
- self.current_origin = new_origin
- elif c == "$GENERATE":
- self._generate_line()
- else:
- raise dns.exception.SyntaxError(
- f"Unknown zone file directive '{c}'"
- )
- continue
- self.tok.unget(token)
- self._rr_line()
- except dns.exception.SyntaxError as detail:
- (filename, line_number) = self.tok.where()
- if detail is None:
- detail = "syntax error"
- ex = dns.exception.SyntaxError(
- "%s:%d: %s" % (filename, line_number, detail)
- )
- tb = sys.exc_info()[2]
- raise ex.with_traceback(tb) from None
-
-
- class RRsetsReaderTransaction(dns.transaction.Transaction):
- def __init__(self, manager, replacement, read_only):
- assert not read_only
- super().__init__(manager, replacement, read_only)
- self.rdatasets = {}
-
- def _get_rdataset(self, name, rdtype, covers):
- return self.rdatasets.get((name, rdtype, covers))
-
- def _get_node(self, name):
- rdatasets = []
- for (rdataset_name, _, _), rdataset in self.rdatasets.items():
- if name == rdataset_name:
- rdatasets.append(rdataset)
- if len(rdatasets) == 0:
- return None
- node = dns.node.Node()
- node.rdatasets = rdatasets
- return node
-
- def _put_rdataset(self, name, rdataset):
- self.rdatasets[(name, rdataset.rdtype, rdataset.covers)] = rdataset
-
- def _delete_name(self, name):
- # First remove any changes involving the name
- remove = []
- for key in self.rdatasets:
- if key[0] == name:
- remove.append(key)
- if len(remove) > 0:
- for key in remove:
- del self.rdatasets[key]
-
- def _delete_rdataset(self, name, rdtype, covers):
- try:
- del self.rdatasets[(name, rdtype, covers)]
- except KeyError:
- pass
-
- def _name_exists(self, name):
- for n, _, _ in self.rdatasets:
- if n == name:
- return True
- return False
-
- def _changed(self):
- return len(self.rdatasets) > 0
-
- def _end_transaction(self, commit):
- if commit and self._changed():
- rrsets = []
- for (name, _, _), rdataset in self.rdatasets.items():
- rrset = dns.rrset.RRset(
- name, rdataset.rdclass, rdataset.rdtype, rdataset.covers
- )
- rrset.update(rdataset)
- rrsets.append(rrset)
- self.manager.set_rrsets(rrsets)
-
- def _set_origin(self, origin):
- pass
-
- def _iterate_rdatasets(self):
- raise NotImplementedError # pragma: no cover
-
- def _iterate_names(self):
- raise NotImplementedError # pragma: no cover
-
-
- class RRSetsReaderManager(dns.transaction.TransactionManager):
- def __init__(
- self, origin=dns.name.root, relativize=False, rdclass=dns.rdataclass.IN
- ):
- self.origin = origin
- self.relativize = relativize
- self.rdclass = rdclass
- self.rrsets = []
-
- def reader(self): # pragma: no cover
- raise NotImplementedError
-
- def writer(self, replacement=False):
- assert replacement is True
- return RRsetsReaderTransaction(self, True, False)
-
- def get_class(self):
- return self.rdclass
-
- def origin_information(self):
- if self.relativize:
- effective = dns.name.empty
- else:
- effective = self.origin
- return (self.origin, self.relativize, effective)
-
- def set_rrsets(self, rrsets):
- self.rrsets = rrsets
-
-
- def read_rrsets(
- text: Any,
- name: Optional[Union[dns.name.Name, str]] = None,
- ttl: Optional[int] = None,
- rdclass: Optional[Union[dns.rdataclass.RdataClass, str]] = dns.rdataclass.IN,
- default_rdclass: Union[dns.rdataclass.RdataClass, str] = dns.rdataclass.IN,
- rdtype: Optional[Union[dns.rdatatype.RdataType, str]] = None,
- default_ttl: Optional[Union[int, str]] = None,
- idna_codec: Optional[dns.name.IDNACodec] = None,
- origin: Optional[Union[dns.name.Name, str]] = dns.name.root,
- relativize: bool = False,
- ) -> List[dns.rrset.RRset]:
- """Read one or more rrsets from the specified text, possibly subject
- to restrictions.
-
- *text*, a file object or a string, is the input to process.
-
- *name*, a string, ``dns.name.Name``, or ``None``, is the owner name of
- the rrset. If not ``None``, then the owner name is "forced", and the
- input must not specify an owner name. If ``None``, then any owner names
- are allowed and must be present in the input.
-
- *ttl*, an ``int``, string, or None. If not ``None``, the the TTL is
- forced to be the specified value and the input must not specify a TTL.
- If ``None``, then a TTL may be specified in the input. If it is not
- specified, then the *default_ttl* will be used.
-
- *rdclass*, a ``dns.rdataclass.RdataClass``, string, or ``None``. If
- not ``None``, then the class is forced to the specified value, and the
- input must not specify a class. If ``None``, then the input may specify
- a class that matches *default_rdclass*. Note that it is not possible to
- return rrsets with differing classes; specifying ``None`` for the class
- simply allows the user to optionally type a class as that may be convenient
- when cutting and pasting.
-
- *default_rdclass*, a ``dns.rdataclass.RdataClass`` or string. The class
- of the returned rrsets.
-
- *rdtype*, a ``dns.rdatatype.RdataType``, string, or ``None``. If not
- ``None``, then the type is forced to the specified value, and the
- input must not specify a type. If ``None``, then a type must be present
- for each RR.
-
- *default_ttl*, an ``int``, string, or ``None``. If not ``None``, then if
- the TTL is not forced and is not specified, then this value will be used.
- if ``None``, then if the TTL is not forced an error will occur if the TTL
- is not specified.
-
- *idna_codec*, a ``dns.name.IDNACodec``, specifies the IDNA
- encoder/decoder. If ``None``, the default IDNA 2003 encoder/decoder
- is used. Note that codecs only apply to the owner name; dnspython does
- not do IDNA for names in rdata, as there is no IDNA zonefile format.
-
- *origin*, a string, ``dns.name.Name``, or ``None``, is the origin for any
- relative names in the input, and also the origin to relativize to if
- *relativize* is ``True``.
-
- *relativize*, a bool. If ``True``, names are relativized to the *origin*;
- if ``False`` then any relative names in the input are made absolute by
- appending the *origin*.
- """
- if isinstance(origin, str):
- origin = dns.name.from_text(origin, dns.name.root, idna_codec)
- if isinstance(name, str):
- name = dns.name.from_text(name, origin, idna_codec)
- if isinstance(ttl, str):
- ttl = dns.ttl.from_text(ttl)
- if isinstance(default_ttl, str):
- default_ttl = dns.ttl.from_text(default_ttl)
- if rdclass is not None:
- rdclass = dns.rdataclass.RdataClass.make(rdclass)
- else:
- rdclass = None
- default_rdclass = dns.rdataclass.RdataClass.make(default_rdclass)
- if rdtype is not None:
- rdtype = dns.rdatatype.RdataType.make(rdtype)
- else:
- rdtype = None
- manager = RRSetsReaderManager(origin, relativize, default_rdclass)
- with manager.writer(True) as txn:
- tok = dns.tokenizer.Tokenizer(text, "<input>", idna_codec=idna_codec)
- reader = Reader(
- tok,
- default_rdclass,
- txn,
- allow_directives=False,
- force_name=name,
- force_ttl=ttl,
- force_rdclass=rdclass,
- force_rdtype=rdtype,
- default_ttl=default_ttl,
- )
- reader.read()
- return manager.rrsets
|
