mirror of
https://github.com/ZeusWPI/ZNS.git
synced 2024-11-21 21:41:10 +01:00
make default soa and zauth optional
This commit is contained in:
parent
0c8775c80e
commit
3779125367
4 changed files with 31 additions and 19 deletions
|
@ -6,11 +6,12 @@ use zns::labelstring::LabelString;
|
||||||
static CONFIG: OnceLock<Config> = OnceLock::new();
|
static CONFIG: OnceLock<Config> = OnceLock::new();
|
||||||
|
|
||||||
pub struct Config {
|
pub struct Config {
|
||||||
pub zauth_url: String,
|
pub zauth_url: Option<String>,
|
||||||
pub db_uri: String,
|
pub db_uri: String,
|
||||||
pub authoritative_zone: LabelString,
|
pub authoritative_zone: LabelString,
|
||||||
pub port: u16,
|
pub port: u16,
|
||||||
pub address: IpAddr,
|
pub address: IpAddr,
|
||||||
|
pub default_soa: bool,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl Config {
|
impl Config {
|
||||||
|
@ -25,7 +26,7 @@ impl Config {
|
||||||
dotenv().ok();
|
dotenv().ok();
|
||||||
Config {
|
Config {
|
||||||
db_uri: env::var("DATABASE_URL").expect("DATABASE_URL must be set"),
|
db_uri: env::var("DATABASE_URL").expect("DATABASE_URL must be set"),
|
||||||
zauth_url: env::var("ZAUTH_URL").expect("ZAUTH_URL must be set"),
|
zauth_url: env::var("ZAUTH_URL").ok(),
|
||||||
authoritative_zone: LabelString::from(&env::var("ZONE").expect("ZONE must be set")),
|
authoritative_zone: LabelString::from(&env::var("ZONE").expect("ZONE must be set")),
|
||||||
port: env::var("ZNS_PORT")
|
port: env::var("ZNS_PORT")
|
||||||
.map(|v| v.parse::<u16>().expect("ZNS_PORT is invalid"))
|
.map(|v| v.parse::<u16>().expect("ZNS_PORT is invalid"))
|
||||||
|
@ -34,6 +35,10 @@ impl Config {
|
||||||
.unwrap_or(String::from("127.0.0.1"))
|
.unwrap_or(String::from("127.0.0.1"))
|
||||||
.parse()
|
.parse()
|
||||||
.expect("ZNS_ADDRESS is invalid"),
|
.expect("ZNS_ADDRESS is invalid"),
|
||||||
|
default_soa: env::var("ZNS_DEFAULT_SOA")
|
||||||
|
.unwrap_or(String::from("true"))
|
||||||
|
.parse()
|
||||||
|
.expect("ZNS_DEFAULT_SOA should have value `true` or `false`"),
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
@ -37,7 +37,9 @@ impl ResponseHandler for QueryHandler {
|
||||||
if rrs.is_empty() {
|
if rrs.is_empty() {
|
||||||
rrs.extend(try_wildcard(question, connection)?);
|
rrs.extend(try_wildcard(question, connection)?);
|
||||||
if rrs.is_empty() {
|
if rrs.is_empty() {
|
||||||
if question.qtype == Type::Type(RRType::SOA) {
|
if question.qtype == Type::Type(RRType::SOA)
|
||||||
|
&& Config::get().default_soa
|
||||||
|
{
|
||||||
rrs.extend([get_soa(&question.qname)?])
|
rrs.extend([get_soa(&question.qname)?])
|
||||||
} else {
|
} else {
|
||||||
return Err(ZNSError::NXDomain {
|
return Err(ZNSError::NXDomain {
|
||||||
|
@ -87,7 +89,7 @@ fn try_wildcard(question: &Question, connection: &mut PgConnection) -> Result<Ve
|
||||||
|
|
||||||
fn get_soa(name: &LabelString) -> Result<RR, ZNSError> {
|
fn get_soa(name: &LabelString) -> Result<RR, ZNSError> {
|
||||||
let auth_zone = Config::get().authoritative_zone.clone();
|
let auth_zone = Config::get().authoritative_zone.clone();
|
||||||
let rdata = if &Config::get().authoritative_zone == name {
|
let rdata = if &auth_zone == name {
|
||||||
// Recommended values taken from wikipedia: https://en.wikipedia.org/wiki/SOA_record
|
// Recommended values taken from wikipedia: https://en.wikipedia.org/wiki/SOA_record
|
||||||
Ok(SoaRData {
|
Ok(SoaRData {
|
||||||
mname: auth_zone,
|
mname: auth_zone,
|
||||||
|
|
|
@ -18,15 +18,20 @@ pub async fn authenticate(
|
||||||
zone: &LabelString,
|
zone: &LabelString,
|
||||||
connection: &mut PgConnection,
|
connection: &mut PgConnection,
|
||||||
) -> Result<bool, ZNSError> {
|
) -> Result<bool, ZNSError> {
|
||||||
if zone.as_slice().len() > Config::get().authoritative_zone.as_slice().len() {
|
if zone.len() > Config::get().authoritative_zone.len() {
|
||||||
|
let ssh_verified = match &Config::get().zauth_url {
|
||||||
|
Some(url) => {
|
||||||
let username = &zone.as_slice()
|
let username = &zone.as_slice()
|
||||||
[zone.as_slice().len() - Config::get().authoritative_zone.as_slice().len() - 1];
|
[zone.as_slice().len() - Config::get().authoritative_zone.as_slice().len() - 1];
|
||||||
|
|
||||||
let ssh_verified = validate_ssh(&username.to_lowercase(), sig)
|
validate_ssh(&username.to_lowercase(), url, sig)
|
||||||
.await
|
.await
|
||||||
.map_err(|e| ZNSError::Servfail {
|
.map_err(|e| ZNSError::Servfail {
|
||||||
message: e.to_string(),
|
message: e.to_string(),
|
||||||
})?;
|
})?
|
||||||
|
}
|
||||||
|
None => false,
|
||||||
|
};
|
||||||
|
|
||||||
if ssh_verified {
|
if ssh_verified {
|
||||||
Ok(true)
|
Ok(true)
|
||||||
|
@ -40,14 +45,14 @@ pub async fn authenticate(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn validate_ssh(username: &String, sig: &Sig) -> Result<bool, reqwest::Error> {
|
async fn validate_ssh(
|
||||||
|
username: &String,
|
||||||
|
zauth_url: &String,
|
||||||
|
sig: &Sig,
|
||||||
|
) -> Result<bool, reqwest::Error> {
|
||||||
let client = reqwest::Client::new();
|
let client = reqwest::Client::new();
|
||||||
Ok(client
|
Ok(client
|
||||||
.get(format!(
|
.get(format!("{}/users/{}/keys", zauth_url, username))
|
||||||
"{}/users/{}/keys",
|
|
||||||
Config::get().zauth_url,
|
|
||||||
username
|
|
||||||
))
|
|
||||||
.header(ACCEPT, "application/json")
|
.header(ACCEPT, "application/json")
|
||||||
.send()
|
.send()
|
||||||
.await?
|
.await?
|
||||||
|
|
|
@ -64,7 +64,7 @@ impl ResponseHandler for UpdateHandler {
|
||||||
let rlen = rr.name.as_slice().len();
|
let rlen = rr.name.as_slice().len();
|
||||||
|
|
||||||
// Check if rr has same zone
|
// Check if rr has same zone
|
||||||
if rlen < zlen || !(&zone.qname == &rr.name.as_slice()[rlen - zlen..].into()) {
|
if rlen < zlen || !(zone.qname == rr.name.as_slice()[rlen - zlen..].into()) {
|
||||||
return Err(ZNSError::Refused {
|
return Err(ZNSError::Refused {
|
||||||
message: "RR has different zone from Question".to_string(),
|
message: "RR has different zone from Question".to_string(),
|
||||||
});
|
});
|
||||||
|
|
Loading…
Reference in a new issue