add user management

2012-08-07 19:04:52 +02:00 · 2012-08-07 19:04:52 +02:00 · 7e213aea0d
parent 70b98c505e
commit 7e213aea0d
4 changed files with 40 additions and 6 deletions
--- a/ex/fksd/cmds/config.mkd
+++ b/ex/fksd/cmds/config.mkd
@ -42,10 +42,10 @@ Zones are listed in the additional section of the reply packet

 ## Add user

-    USER. TXT   "ADD miekg tsig 
+    USER. TXT   "ADD miekg [tsig-secret]"

    USER. TXT   "DROP miekg"

-    USER. TXT   "ADDRIGHT miekg list"   // list/write/drop
+    USER. TXT   "ADDRIGHT miekg list"   // list/write/drop/right

    USER. TXT   "DROPRIGHT miekg list"
--- a/ex/fksd/config.go
+++ b/ex/fksd/config.go
@ -5,14 +5,27 @@ import (
 	"strings"
 )

+const (
+	R_LIST  = 1 // Right to list stuff
+	R_WRITE = 2 // Right to write stuff
+	R_DROP  = 4 // Right to drop stuff
+	R_USER  = 8 // Right to add users
+)
+
 // fks config
 type Config struct {
-	Zones map[string]*dns.Zone
+	Zones  map[string]*dns.Zone // All zones we are authoritative for
+	Users  map[string]bool      // All known users
+	Tsigs  map[string]string    // Tsig keys for all users
+	Rights map[string]int       // Rights for all users
 }

 func NewConfig() *Config {
 	c := new(Config)
 	c.Zones = make(map[string]*dns.Zone)
+	c.Users = make(map[string]bool)
+	c.Tsigs = make(map[string]string)
+	c.Rights = make(map[string]int)
 	return c
 }

@ -54,9 +67,14 @@ func config(w dns.ResponseWriter, req *dns.Msg, c *Config) {
 				formerr(w, req)
 				return
 			}
+		case "USER.":
+			if e := configUSER(w, req, t, c); e != nil {
+				formerr(w, req)
+				return
+			}
 		default:
+			formerr(w, req)
 			return
-			// error back
 		}
 	}
 }
@ -114,3 +132,12 @@ func configZONE(w dns.ResponseWriter, req *dns.Msg, t *dns.RR_TXT, c *Config) er
 	}
 	return nil
 }
+
+// Deal with the user options
+func configUSER(w dns.ResponseWriter, req *dns.Msg, t *dns.RR_TXT, c *Config) error {
+	sx := strings.Split(t.Txt[0], " ")
+	if len(sx) == 0 {
+		return nil
+	}
+	return nil
+}
--- a/ex/fksd/log.go
+++ b/ex/fksd/log.go
@ -5,7 +5,7 @@ import "log"
 const NAME = "fksd: "

 func logPrintf(format string, a ...interface{}) {
-	if *l {
+	if *flaglog {
 		log.Printf(NAME + format, a...)
 	}
 }
--- a/ex/fksd/main.go
+++ b/ex/fksd/main.go
@ -8,7 +8,9 @@ import (
 )

 var (
-	l = flag.Bool("log", false, "log incoming queries")
+	flaglog   = flag.Bool("log", false, "log incoming queries")
+	superuser = flag.String("user", "root", "username to use for the superuser")
+	superkey  = flag.String("key", dns.HmacSHA1+":c3R1cGlk", "tsig [hmac:base64] key for superuser authentication")
 )

 func main() {
@ -26,8 +28,13 @@ func main() {
 			log.Fatal("fksd: could not start config listener: %s", err.Error())
 		}
 	}()
+	conf.Users[*superuser] = true
+	conf.Tsigs[*superuser] = superkey
+	conf.Rights[*superuser] = R_LIST | R_WRITE | R_DROP | R_USER // *all* of them
 	// Yes, we HIJACK zone. ... not sure on how to make this "private"
 	dns.HandleFunc("ZONE.", func(w dns.ResponseWriter, req *dns.Msg) { config(w, req, conf) })
+	// Gasp!! And USER.
+	dns.HandleFunc("USER.", func(w dns.ResponseWriter, req *dns.Msg) { config(w, req, conf) })

 	sig := make(chan os.Signal)
 forever: