From 7e213aea0d410b85bfe26d347d53081bc0fb5cc0 Mon Sep 17 00:00:00 2001 From: Miek Gieben Date: Tue, 7 Aug 2012 19:04:52 +0200 Subject: [PATCH] add user management --- ex/fksd/cmds/config.mkd | 4 ++-- ex/fksd/config.go | 31 +++++++++++++++++++++++++++++-- ex/fksd/log.go | 2 +- ex/fksd/main.go | 9 ++++++++- 4 files changed, 40 insertions(+), 6 deletions(-) diff --git a/ex/fksd/cmds/config.mkd b/ex/fksd/cmds/config.mkd index 7e8c773a..805e57dc 100644 --- a/ex/fksd/cmds/config.mkd +++ b/ex/fksd/cmds/config.mkd @@ -42,10 +42,10 @@ Zones are listed in the additional section of the reply packet ## Add user - USER. TXT "ADD miekg tsig + USER. TXT "ADD miekg [tsig-secret]" USER. TXT "DROP miekg" - USER. TXT "ADDRIGHT miekg list" // list/write/drop + USER. TXT "ADDRIGHT miekg list" // list/write/drop/right USER. TXT "DROPRIGHT miekg list" diff --git a/ex/fksd/config.go b/ex/fksd/config.go index cb744af4..9f7eeaff 100644 --- a/ex/fksd/config.go +++ b/ex/fksd/config.go @@ -5,14 +5,27 @@ import ( "strings" ) +const ( + R_LIST = 1 // Right to list stuff + R_WRITE = 2 // Right to write stuff + R_DROP = 4 // Right to drop stuff + R_USER = 8 // Right to add users +) + // fks config type Config struct { - Zones map[string]*dns.Zone + Zones map[string]*dns.Zone // All zones we are authoritative for + Users map[string]bool // All known users + Tsigs map[string]string // Tsig keys for all users + Rights map[string]int // Rights for all users } func NewConfig() *Config { c := new(Config) c.Zones = make(map[string]*dns.Zone) + c.Users = make(map[string]bool) + c.Tsigs = make(map[string]string) + c.Rights = make(map[string]int) return c } @@ -54,9 +67,14 @@ func config(w dns.ResponseWriter, req *dns.Msg, c *Config) { formerr(w, req) return } + case "USER.": + if e := configUSER(w, req, t, c); e != nil { + formerr(w, req) + return + } default: + formerr(w, req) return - // error back } } } @@ -114,3 +132,12 @@ func configZONE(w dns.ResponseWriter, req *dns.Msg, t *dns.RR_TXT, c *Config) er } return nil } + +// Deal with the user options +func configUSER(w dns.ResponseWriter, req *dns.Msg, t *dns.RR_TXT, c *Config) error { + sx := strings.Split(t.Txt[0], " ") + if len(sx) == 0 { + return nil + } + return nil +} diff --git a/ex/fksd/log.go b/ex/fksd/log.go index f47e3bdb..912cd86d 100644 --- a/ex/fksd/log.go +++ b/ex/fksd/log.go @@ -5,7 +5,7 @@ import "log" const NAME = "fksd: " func logPrintf(format string, a ...interface{}) { - if *l { + if *flaglog { log.Printf(NAME + format, a...) } } diff --git a/ex/fksd/main.go b/ex/fksd/main.go index e1b716d7..3ab3321b 100644 --- a/ex/fksd/main.go +++ b/ex/fksd/main.go @@ -8,7 +8,9 @@ import ( ) var ( - l = flag.Bool("log", false, "log incoming queries") + flaglog = flag.Bool("log", false, "log incoming queries") + superuser = flag.String("user", "root", "username to use for the superuser") + superkey = flag.String("key", dns.HmacSHA1+":c3R1cGlk", "tsig [hmac:base64] key for superuser authentication") ) func main() { @@ -26,8 +28,13 @@ func main() { log.Fatal("fksd: could not start config listener: %s", err.Error()) } }() + conf.Users[*superuser] = true + conf.Tsigs[*superuser] = superkey + conf.Rights[*superuser] = R_LIST | R_WRITE | R_DROP | R_USER // *all* of them // Yes, we HIJACK zone. ... not sure on how to make this "private" dns.HandleFunc("ZONE.", func(w dns.ResponseWriter, req *dns.Msg) { config(w, req, conf) }) + // Gasp!! And USER. + dns.HandleFunc("USER.", func(w dns.ResponseWriter, req *dns.Msg) { config(w, req, conf) }) sig := make(chan os.Signal) forever: