diff --git a/ex/fksd/cmds/listuser b/ex/fksd/cmds/listuser new file mode 100644 index 00000000..38c7d86f --- /dev/null +++ b/ex/fksd/cmds/listuser @@ -0,0 +1,5 @@ +server 127.0.0.1 8053 +zone ZONE. +update add USER. 60 IN TXT "LIST" +key root c3R1cGlk +send diff --git a/ex/fksd/cmds/listzone-miekg b/ex/fksd/cmds/listzone-miekg index 1e9effd0..11ad220a 100644 --- a/ex/fksd/cmds/listzone-miekg +++ b/ex/fksd/cmds/listzone-miekg @@ -1,5 +1,5 @@ server 127.0.0.1 8053 zone ZONE. update add ZONE. 60 IN TXT "LIST" -key miekg c3R1cGlk +key miekg bWlla2c= send diff --git a/ex/fksd/config.go b/ex/fksd/config.go index 936d2f34..4e41fd4b 100644 --- a/ex/fksd/config.go +++ b/ex/fksd/config.go @@ -16,15 +16,14 @@ const ( // fks config type Config struct { + Server *dns.Server // Server instance for this configuration Zones map[string]*dns.Zone // All zones we are authoritative for - Tsigs map[string]string // Tsig keys for all users Rights map[string]int // Rights for all users } func NewConfig() *Config { c := new(Config) c.Zones = make(map[string]*dns.Zone) - c.Tsigs = make(map[string]string) c.Rights = make(map[string]int) return c } @@ -72,8 +71,8 @@ func config(w dns.ResponseWriter, req *dns.Msg, c *Config) { return } - if w.TsigStatus() != nil { - logPrintf("non config command (tsig fail)") + if e := w.TsigStatus(); e != nil { + logPrintf("non config command (tsig fail): %s", e.Error()) formerr(w, req) return } @@ -179,17 +178,26 @@ func configUSER(w dns.ResponseWriter, req *dns.Msg, t *dns.RR_TXT, c *Config) er return nil } logPrintf("config: ADD %s with %s\n", dns.Fqdn(sx[1]), sx[2]) - c.Tsigs[sx[1]] = sx[2] - c.Rights[sx[1]] = R_NONE + c.Server.TsigSecret[dns.Fqdn(sx[1])] = sx[2] + c.Rights[dns.Fqdn(sx[1])] = R_NONE + noerr(w, req) case "DROP": if len(sx) != 2 { return nil } logPrintf("config: DROP %s\n", dns.Fqdn(sx[1])) - delete(c.Tsigs, sx[1]) - delete(c.Rights, sx[1]) + delete(c.Server.TsigSecret, dns.Fqdn(sx[1])) + delete(c.Rights, dns.Fqdn(sx[1])) + noerr(w, req) + case "LIST": + for u, p := range c.Server.TsigSecret { + logPrintf("config: USER %s: %s\n", u, p) + } + fallthrough case "ADDRIGHT": + fallthrough case "DROPRIGHT": + noerr(w, req) } return nil } diff --git a/ex/fksd/main.go b/ex/fksd/main.go index d9a8b3a9..8c1d5f70 100644 --- a/ex/fksd/main.go +++ b/ex/fksd/main.go @@ -16,9 +16,8 @@ var ( func main() { flag.Parse() - conf := NewConfig() *superuser = strings.ToLower(*superuser) - conf.Tsigs[dns.Fqdn(*superuser)] = *superkey + conf := NewConfig() conf.Rights[*superuser] = R_LIST | R_WRITE | R_DROP | R_USER // *all* of them go func() { @@ -28,11 +27,14 @@ func main() { } }() go func() { - err := dns.ListenAndServeTsig(":8053", "tcp", nil, conf.Tsigs) + conf.Server = &dns.Server{Addr: ":8053", Net: "tcp", TsigSecret: map[string]string{dns.Fqdn(*superuser): *superkey}} + err := conf.Server.ListenAndServe() if err != nil { log.Fatal("fksd: could not start config listener: %s", err.Error()) } }() + + // Yes, we HIJACK zone. ... not sure on how to make this "private" dns.HandleFunc("ZONE.", func(w dns.ResponseWriter, req *dns.Msg) { config(w, req, conf) }) // Gasp!! And USER.