Skip to content

Commit

Permalink
Add
Browse files Browse the repository at this point in the history 
- Added full 'server' clause inside 'view' clause
- 'dnsrps_option_charset' for 'dnsrps-options'
- 'keysecret_dequoted' in isc_utils.py

Changes

- dequote the 'key-secret' in 'keys' clause

- dnsrps-options - Make string charset a bit more robust
- - (but still wont take curly braces)

- 'server' clause, make parser error more concise.

- 'dnsrps-options' made more robust for whatever they use.
  • Loading branch information
egberts committed May 27, 2022
1 parent 2984000 commit 1eae5a0
Show file tree
Hide file tree
Showing 9 changed files with 211 additions and 158 deletions.
4 changes: 2 additions & 2 deletions bind9_parser/isc_clause_key.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
for ISC-configuration style
"""
from pyparsing import Word, alphanums, Group, Keyword, ZeroOrMore
from bind9_parser.isc_utils import semicolon, lbrack, rbrack, key_id, key_secret
from bind9_parser.isc_utils import semicolon, lbrack, rbrack, key_id, key_secret_dequoted

# NOTE: If any declaration here is to be used OUTSIDE of the 'keys' clause,
# it should instead be defined in isc_utils.py
Expand All @@ -29,7 +29,7 @@
# secret <key_secret>;
key_secret_element = (
Keyword('secret').suppress()
- key_secret('secret')
- key_secret_dequoted('secret')
+ semicolon
)
key_secret_element.setName('secret <key_secret>;')
Expand Down
14 changes: 7 additions & 7 deletions bind9_parser/isc_clause_server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@
# BUG: 'edns' and 'edns-udp-size' are reversed and needs unreversing
server_all_statements_set = (
optviewserver_statements_set # make optviewserver_statements_set firstly due to 'edns-udp-size' pattern
| optviewzoneserver_statements_set
| server_statement_set # make server_statement_set last due to 'edns' pattern
^ optviewzoneserver_statements_set
^ server_statement_set # make server_statement_set last due to 'edns' pattern
)

server_all_statements_series = (
Expand All @@ -33,15 +33,15 @@
Keyword('server').suppress()
- Group(
ip46_addr_or_prefix('ip_addr')
+ lbrack
+ Group(
- lbrack
- Group(
server_all_statements_series
)('configs')
+ rbrack
- rbrack
)('')
+ semicolon
- semicolon
)('server')
clause_stmt_server_standalone.setName('server { ... };')
clause_stmt_server_standalone.setName('server <netprefix> { ... };')

clause_stmt_server_series = (
ZeroOrMore(
Expand Down
18 changes: 15 additions & 3 deletions bind9_parser/isc_optview.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
byte_type, run_me, dequoted_path_name, check_options, \
size_spec, exclamation, iso8601_duration, view_name, \
algorithm_name, fqdn_name_dequoted, fqdn_name_dequotable,\
algorithm_name_list_series
algorithm_name_list_series, charset_filename_base
from bind9_parser.isc_aml import aml_nesting, aml_choices
from bind9_parser.isc_inet import ip4_addr, ip6_addr, ip6s_prefix, \
ip6_optional_prefix, \
Expand Down Expand Up @@ -331,9 +331,20 @@
+ semicolon
).setName('dnsrps-enable <boolean>;')

dnsrps_option_charset = charset_filename_base + ' ' # add whatever char you need here, but not '{};'
optview_stmt_dnsrps_options = (
Keyword('dnsrps-options').suppress()
- Word(alphanums, min=1, max=4096)('dnsrps_options') # TODO Flesh this type of string out
- lbrack
- Optional(
Literal('"').suppress() | Literal("'").suppress()
)
- Word(dnsrps_option_charset, min=1, max=4096)('dnsrps_options') # TODO Flesh this type of string out
- Optional(
Literal('"').suppress() | Literal("'").suppress()
)
- Optional(semicolon)
- rbrack
- semicolon
)('dnsrps_options')

# dnssec-accept-expired <boolean>; [ Opt View ] # v9.4.0+
Expand Down Expand Up @@ -913,7 +924,7 @@

optview_stmt_response_policy_element_dnsrps_options = (
Keyword('dnsrps-options').suppress()
- Word(alphanums, min=1, max=4096)('dnsrps_options') # TODO Flesh this type of string out
- Word(dnsrps_option_charset, min=1, max=4096)('dnsrps_options') # TODO Flesh this type of string out
)

optview_stmt_response_policy_zone_element_set = (
Expand Down Expand Up @@ -1145,6 +1156,7 @@
^ optview_stmt_dns64_server
^ optview_stmt_dns64
^ optview_stmt_dnsrps_enable
^ optview_stmt_dnsrps_options
^ optview_stmt_dnssec_accept_expired
^ optview_stmt_dnssec_enable
^ optview_stmt_dnssec_lookaside
Expand Down
6 changes: 3 additions & 3 deletions bind9_parser/isc_optviewserver.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,9 +48,9 @@
# having been listed firstly
optviewserver_statements_set = (
optviewserver_stmt_provide_ixfr
| optviewserver_stmt_request_ixfr
| optviewserver_stmt_transfer_format
| optviewserver_stmt_edns_udp_size
^ optviewserver_stmt_request_ixfr
^ optviewserver_stmt_transfer_format
^ optviewserver_stmt_edns_udp_size
)

optviewserver_statements_series = (
Expand Down
8 changes: 8 additions & 0 deletions bind9_parser/isc_utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -237,6 +237,14 @@
^ keysecret_dquotable
)('key_secret')
quoted_key_secret.setName('<quoted_key_secret')

keysecret_dedquoted = Combine(Char('"').suppress() + Word(charset_keysecret_dquotable, max=32765) + Char('"').suppress())
keysecret_desquoted = Combine(Char("'").suppress() + Word(charset_keysecret_squotable, max=32765) + Char("'").suppress())
key_secret_dequoted = (
keysecret_desquoted
^ keysecret_dedquoted
)('key_secret')

g_expose_secrets = False

charset_key_id_base = alphanums + '_-'
Expand Down
21 changes: 20 additions & 1 deletion bind9_parser/isc_view.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,10 @@
clause_stmt_view_standalone (that is in clause_view.py/test_clause_view.py)
"""
from pyparsing import Group, Keyword, ZeroOrMore
from bind9_parser.isc_utils import semicolon, isc_boolean
from bind9_parser.isc_utils import semicolon, isc_boolean, lbrack, rbrack
from bind9_parser.isc_inet import ip46_addr_or_prefix
from bind9_parser.isc_aml import aml_nesting
from bind9_parser.isc_server import server_statement_series
from bind9_parser.isc_clause_trusted_keys import clause_stmt_trusted_keys_set


Expand All @@ -45,11 +47,28 @@
+ semicolon
)('')

# re-include 'server' clause as a 'view' statement here
view_stmt_server = (
Keyword('server').suppress()
- Group(
ip46_addr_or_prefix('ip_addr')
+ lbrack
+ Group(
server_statement_series
)('configs')
+ rbrack
)('')
+ semicolon
)('server')
view_stmt_server.setName('server <netprefix> { ... };')


# Keywords are in dictionary-order, but with longest pattern as having been listed firstly
view_statements_set = (
view_stmt_match_recursive_only
| view_stmt_match_destinations
| view_stmt_match_clients
| view_stmt_server
# Don't put clause_stmt_trusted_keys here, you'll get a circular dependency at Python-level
# Insert the clause_stmt_trusted_keys into isc_clause_view.py instead
)
Expand Down
2 changes: 1 addition & 1 deletion examples/named-conf/hidden-master/public/etc/bind/servers-named.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
//// statements are used as defaults.

//// HIDDEN MASTER
server 0.1.2.3/24 {
server 0.1.2.0/24 {

//// If you discover that a remote server is giving out bad data,
//// marking it as bogus will prevent further queries to it.
Expand Down
32 changes: 14 additions & 18 deletions tests/test_clause_options.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,13 +206,10 @@ def test_isc_clause_options_all_statement_set_d_passing(self):
'test.example']},
'dialup': 'notify-passive',
'directory': 'dir/file',
'disable_algorithms': [{'algorithm_name': ['AES512',
'SHA512'],
'domain_name': 'aaaaaaaaaaaaaaaaa'},
{'algorithm_name': ['AES512',
'SHA512',
'RSASHA512'],
'domain_name': '172.in-addr.arpa.'}],
'disable_algorithms': {'algorithms': ['AES512',
'SHA512',
'RSASHA512'],
'domain_name': '172.in-addr.arpa.'},
'disable_ds_digests': [{'algorithm_name': ['RSASHA512'],
'domain_name': '.'}],
'disable_empty_zone': [{'zone_name': '127.in-addr.arpa'}],
Expand Down Expand Up @@ -257,7 +254,7 @@ def test_isc_clause_options_all_statement_set_e_to_i_passing(self):
empty-contact empty-contact-string-content;
empty-server empty-server-string-content;
empty-zones-enable no;
fetch-quota-params 5 1.0 1.0 1.0;
fetch-quota-params 5 10 10 10;
fetches-per-server 5 drop;
fetches-per-zone 4 drop;
files unlimited;
Expand Down Expand Up @@ -486,21 +483,21 @@ def test_isc_clause_options_all_statement_set_all_passing(self):
datasize 1G;
dialup notify-passive;
directory "dir/file";
dns64 172.16.0.0/22 {
break-dnssec no;
clients { 127.0.0.1; 127.0.0.2; };
exclude { 127.0.0.1; };
mapped { 127.0.0.2; };
dns64 64:ff9b::/96 {
break-dnssec yes;
recursive-only no;
suffix fec2:: ;
clients { 127.0.0.1; };
exclude { 127.0.0.1; };
mapped { 127.0.0.1; };
};
dns64-contact "dns64-contact-string-content";
dns64-server "dns64-server-string-content";
dns64-contact dns64.contact.string.content;
dns64-server dns64.server.string.content;
dnskey-sig-validity 3;
dnsrps-enable no;
dnskey-sig-validity 3;
dnsrps-enable no;
# dnsrps-options { <unspecified-text> };
dnsrps-options { "<unspecified-text>"; };
dnssec-accept-expired no;
dnssec-dnskey-kskonly no;
dnssec-loadkeys-interval 1;
Expand All @@ -515,7 +512,6 @@ def test_isc_clause_options_all_statement_set_all_passing(self):
dnstap-output file "dir/file" size unlimited versions 5 suffix timestamp;
dnstap-version none;
dscp 14;
# dual-stack-servers { ( <quoted_string> [ port
dump-file "dir/file";
edns-udp-size 512;
empty-contact "empty-contact-string-content";
Expand Down
Loading

0 comments on commit 1eae5a0

Please sign in to comment.