add user management
This commit is contained in:
parent
70b98c505e
commit
7e213aea0d
|
@ -42,10 +42,10 @@ Zones are listed in the additional section of the reply packet
|
|||
|
||||
## Add user
|
||||
|
||||
USER. TXT "ADD miekg tsig
|
||||
USER. TXT "ADD miekg [tsig-secret]"
|
||||
|
||||
USER. TXT "DROP miekg"
|
||||
|
||||
USER. TXT "ADDRIGHT miekg list" // list/write/drop
|
||||
USER. TXT "ADDRIGHT miekg list" // list/write/drop/right
|
||||
|
||||
USER. TXT "DROPRIGHT miekg list"
|
||||
|
|
|
@ -5,14 +5,27 @@ import (
|
|||
"strings"
|
||||
)
|
||||
|
||||
const (
|
||||
R_LIST = 1 // Right to list stuff
|
||||
R_WRITE = 2 // Right to write stuff
|
||||
R_DROP = 4 // Right to drop stuff
|
||||
R_USER = 8 // Right to add users
|
||||
)
|
||||
|
||||
// fks config
|
||||
type Config struct {
|
||||
Zones map[string]*dns.Zone
|
||||
Zones map[string]*dns.Zone // All zones we are authoritative for
|
||||
Users map[string]bool // All known users
|
||||
Tsigs map[string]string // Tsig keys for all users
|
||||
Rights map[string]int // Rights for all users
|
||||
}
|
||||
|
||||
func NewConfig() *Config {
|
||||
c := new(Config)
|
||||
c.Zones = make(map[string]*dns.Zone)
|
||||
c.Users = make(map[string]bool)
|
||||
c.Tsigs = make(map[string]string)
|
||||
c.Rights = make(map[string]int)
|
||||
return c
|
||||
}
|
||||
|
||||
|
@ -54,9 +67,14 @@ func config(w dns.ResponseWriter, req *dns.Msg, c *Config) {
|
|||
formerr(w, req)
|
||||
return
|
||||
}
|
||||
case "USER.":
|
||||
if e := configUSER(w, req, t, c); e != nil {
|
||||
formerr(w, req)
|
||||
return
|
||||
}
|
||||
default:
|
||||
formerr(w, req)
|
||||
return
|
||||
// error back
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -114,3 +132,12 @@ func configZONE(w dns.ResponseWriter, req *dns.Msg, t *dns.RR_TXT, c *Config) er
|
|||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// Deal with the user options
|
||||
func configUSER(w dns.ResponseWriter, req *dns.Msg, t *dns.RR_TXT, c *Config) error {
|
||||
sx := strings.Split(t.Txt[0], " ")
|
||||
if len(sx) == 0 {
|
||||
return nil
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
|
|
@ -5,7 +5,7 @@ import "log"
|
|||
const NAME = "fksd: "
|
||||
|
||||
func logPrintf(format string, a ...interface{}) {
|
||||
if *l {
|
||||
if *flaglog {
|
||||
log.Printf(NAME + format, a...)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -8,7 +8,9 @@ import (
|
|||
)
|
||||
|
||||
var (
|
||||
l = flag.Bool("log", false, "log incoming queries")
|
||||
flaglog = flag.Bool("log", false, "log incoming queries")
|
||||
superuser = flag.String("user", "root", "username to use for the superuser")
|
||||
superkey = flag.String("key", dns.HmacSHA1+":c3R1cGlk", "tsig [hmac:base64] key for superuser authentication")
|
||||
)
|
||||
|
||||
func main() {
|
||||
|
@ -26,8 +28,13 @@ func main() {
|
|||
log.Fatal("fksd: could not start config listener: %s", err.Error())
|
||||
}
|
||||
}()
|
||||
conf.Users[*superuser] = true
|
||||
conf.Tsigs[*superuser] = superkey
|
||||
conf.Rights[*superuser] = R_LIST | R_WRITE | R_DROP | R_USER // *all* of them
|
||||
// Yes, we HIJACK zone. ... not sure on how to make this "private"
|
||||
dns.HandleFunc("ZONE.", func(w dns.ResponseWriter, req *dns.Msg) { config(w, req, conf) })
|
||||
// Gasp!! And USER.
|
||||
dns.HandleFunc("USER.", func(w dns.ResponseWriter, req *dns.Msg) { config(w, req, conf) })
|
||||
|
||||
sig := make(chan os.Signal)
|
||||
forever:
|
||||
|
|
Loading…
Reference in New Issue