Fix bugs and make tsig working
This commit is contained in:
parent
fa093f0dc3
commit
0bb09aad72
|
@ -0,0 +1,5 @@
|
|||
server 127.0.0.1 8053
|
||||
zone ZONE.
|
||||
update add USER. 60 IN TXT "LIST"
|
||||
key root c3R1cGlk
|
||||
send
|
|
@ -1,5 +1,5 @@
|
|||
server 127.0.0.1 8053
|
||||
zone ZONE.
|
||||
update add ZONE. 60 IN TXT "LIST"
|
||||
key miekg c3R1cGlk
|
||||
key miekg bWlla2c=
|
||||
send
|
||||
|
|
|
@ -16,15 +16,14 @@ const (
|
|||
|
||||
// fks config
|
||||
type Config struct {
|
||||
Server *dns.Server // Server instance for this configuration
|
||||
Zones map[string]*dns.Zone // All zones we are authoritative for
|
||||
Tsigs map[string]string // Tsig keys for all users
|
||||
Rights map[string]int // Rights for all users
|
||||
}
|
||||
|
||||
func NewConfig() *Config {
|
||||
c := new(Config)
|
||||
c.Zones = make(map[string]*dns.Zone)
|
||||
c.Tsigs = make(map[string]string)
|
||||
c.Rights = make(map[string]int)
|
||||
return c
|
||||
}
|
||||
|
@ -72,8 +71,8 @@ func config(w dns.ResponseWriter, req *dns.Msg, c *Config) {
|
|||
return
|
||||
}
|
||||
|
||||
if w.TsigStatus() != nil {
|
||||
logPrintf("non config command (tsig fail)")
|
||||
if e := w.TsigStatus(); e != nil {
|
||||
logPrintf("non config command (tsig fail): %s", e.Error())
|
||||
formerr(w, req)
|
||||
return
|
||||
}
|
||||
|
@ -179,17 +178,26 @@ func configUSER(w dns.ResponseWriter, req *dns.Msg, t *dns.RR_TXT, c *Config) er
|
|||
return nil
|
||||
}
|
||||
logPrintf("config: ADD %s with %s\n", dns.Fqdn(sx[1]), sx[2])
|
||||
c.Tsigs[sx[1]] = sx[2]
|
||||
c.Rights[sx[1]] = R_NONE
|
||||
c.Server.TsigSecret[dns.Fqdn(sx[1])] = sx[2]
|
||||
c.Rights[dns.Fqdn(sx[1])] = R_NONE
|
||||
noerr(w, req)
|
||||
case "DROP":
|
||||
if len(sx) != 2 {
|
||||
return nil
|
||||
}
|
||||
logPrintf("config: DROP %s\n", dns.Fqdn(sx[1]))
|
||||
delete(c.Tsigs, sx[1])
|
||||
delete(c.Rights, sx[1])
|
||||
delete(c.Server.TsigSecret, dns.Fqdn(sx[1]))
|
||||
delete(c.Rights, dns.Fqdn(sx[1]))
|
||||
noerr(w, req)
|
||||
case "LIST":
|
||||
for u, p := range c.Server.TsigSecret {
|
||||
logPrintf("config: USER %s: %s\n", u, p)
|
||||
}
|
||||
fallthrough
|
||||
case "ADDRIGHT":
|
||||
fallthrough
|
||||
case "DROPRIGHT":
|
||||
noerr(w, req)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
|
|
@ -16,9 +16,8 @@ var (
|
|||
|
||||
func main() {
|
||||
flag.Parse()
|
||||
conf := NewConfig()
|
||||
*superuser = strings.ToLower(*superuser)
|
||||
conf.Tsigs[dns.Fqdn(*superuser)] = *superkey
|
||||
conf := NewConfig()
|
||||
conf.Rights[*superuser] = R_LIST | R_WRITE | R_DROP | R_USER // *all* of them
|
||||
|
||||
go func() {
|
||||
|
@ -28,11 +27,14 @@ func main() {
|
|||
}
|
||||
}()
|
||||
go func() {
|
||||
err := dns.ListenAndServeTsig(":8053", "tcp", nil, conf.Tsigs)
|
||||
conf.Server = &dns.Server{Addr: ":8053", Net: "tcp", TsigSecret: map[string]string{dns.Fqdn(*superuser): *superkey}}
|
||||
err := conf.Server.ListenAndServe()
|
||||
if err != nil {
|
||||
log.Fatal("fksd: could not start config listener: %s", err.Error())
|
||||
}
|
||||
}()
|
||||
|
||||
|
||||
// Yes, we HIJACK zone. ... not sure on how to make this "private"
|
||||
dns.HandleFunc("ZONE.", func(w dns.ResponseWriter, req *dns.Msg) { config(w, req, conf) })
|
||||
// Gasp!! And USER.
|
||||
|
|
Loading…
Reference in New Issue