10
0
Fork 0
mirror of https://github.com/ZeusWPI/ZNS.git synced 2024-11-21 21:41:10 +01:00

make default soa and zauth optional

This commit is contained in:
Xander Bil 2024-09-29 23:39:34 +02:00
parent 0c8775c80e
commit 3779125367
No known key found for this signature in database
GPG key ID: EC9706B54A278598
4 changed files with 31 additions and 19 deletions

View file

@ -6,11 +6,12 @@ use zns::labelstring::LabelString;
static CONFIG: OnceLock<Config> = OnceLock::new(); static CONFIG: OnceLock<Config> = OnceLock::new();
pub struct Config { pub struct Config {
pub zauth_url: String, pub zauth_url: Option<String>,
pub db_uri: String, pub db_uri: String,
pub authoritative_zone: LabelString, pub authoritative_zone: LabelString,
pub port: u16, pub port: u16,
pub address: IpAddr, pub address: IpAddr,
pub default_soa: bool,
} }
impl Config { impl Config {
@ -25,7 +26,7 @@ impl Config {
dotenv().ok(); dotenv().ok();
Config { Config {
db_uri: env::var("DATABASE_URL").expect("DATABASE_URL must be set"), db_uri: env::var("DATABASE_URL").expect("DATABASE_URL must be set"),
zauth_url: env::var("ZAUTH_URL").expect("ZAUTH_URL must be set"), zauth_url: env::var("ZAUTH_URL").ok(),
authoritative_zone: LabelString::from(&env::var("ZONE").expect("ZONE must be set")), authoritative_zone: LabelString::from(&env::var("ZONE").expect("ZONE must be set")),
port: env::var("ZNS_PORT") port: env::var("ZNS_PORT")
.map(|v| v.parse::<u16>().expect("ZNS_PORT is invalid")) .map(|v| v.parse::<u16>().expect("ZNS_PORT is invalid"))
@ -34,6 +35,10 @@ impl Config {
.unwrap_or(String::from("127.0.0.1")) .unwrap_or(String::from("127.0.0.1"))
.parse() .parse()
.expect("ZNS_ADDRESS is invalid"), .expect("ZNS_ADDRESS is invalid"),
default_soa: env::var("ZNS_DEFAULT_SOA")
.unwrap_or(String::from("true"))
.parse()
.expect("ZNS_DEFAULT_SOA should have value `true` or `false`"),
} }
}) })
} }

View file

@ -37,7 +37,9 @@ impl ResponseHandler for QueryHandler {
if rrs.is_empty() { if rrs.is_empty() {
rrs.extend(try_wildcard(question, connection)?); rrs.extend(try_wildcard(question, connection)?);
if rrs.is_empty() { if rrs.is_empty() {
if question.qtype == Type::Type(RRType::SOA) { if question.qtype == Type::Type(RRType::SOA)
&& Config::get().default_soa
{
rrs.extend([get_soa(&question.qname)?]) rrs.extend([get_soa(&question.qname)?])
} else { } else {
return Err(ZNSError::NXDomain { return Err(ZNSError::NXDomain {
@ -87,7 +89,7 @@ fn try_wildcard(question: &Question, connection: &mut PgConnection) -> Result<Ve
fn get_soa(name: &LabelString) -> Result<RR, ZNSError> { fn get_soa(name: &LabelString) -> Result<RR, ZNSError> {
let auth_zone = Config::get().authoritative_zone.clone(); let auth_zone = Config::get().authoritative_zone.clone();
let rdata = if &Config::get().authoritative_zone == name { let rdata = if &auth_zone == name {
// Recommended values taken from wikipedia: https://en.wikipedia.org/wiki/SOA_record // Recommended values taken from wikipedia: https://en.wikipedia.org/wiki/SOA_record
Ok(SoaRData { Ok(SoaRData {
mname: auth_zone, mname: auth_zone,

View file

@ -18,15 +18,20 @@ pub async fn authenticate(
zone: &LabelString, zone: &LabelString,
connection: &mut PgConnection, connection: &mut PgConnection,
) -> Result<bool, ZNSError> { ) -> Result<bool, ZNSError> {
if zone.as_slice().len() > Config::get().authoritative_zone.as_slice().len() { if zone.len() > Config::get().authoritative_zone.len() {
let ssh_verified = match &Config::get().zauth_url {
Some(url) => {
let username = &zone.as_slice() let username = &zone.as_slice()
[zone.as_slice().len() - Config::get().authoritative_zone.as_slice().len() - 1]; [zone.as_slice().len() - Config::get().authoritative_zone.as_slice().len() - 1];
let ssh_verified = validate_ssh(&username.to_lowercase(), sig) validate_ssh(&username.to_lowercase(), url, sig)
.await .await
.map_err(|e| ZNSError::Servfail { .map_err(|e| ZNSError::Servfail {
message: e.to_string(), message: e.to_string(),
})?; })?
}
None => false,
};
if ssh_verified { if ssh_verified {
Ok(true) Ok(true)
@ -40,14 +45,14 @@ pub async fn authenticate(
} }
} }
async fn validate_ssh(username: &String, sig: &Sig) -> Result<bool, reqwest::Error> { async fn validate_ssh(
username: &String,
zauth_url: &String,
sig: &Sig,
) -> Result<bool, reqwest::Error> {
let client = reqwest::Client::new(); let client = reqwest::Client::new();
Ok(client Ok(client
.get(format!( .get(format!("{}/users/{}/keys", zauth_url, username))
"{}/users/{}/keys",
Config::get().zauth_url,
username
))
.header(ACCEPT, "application/json") .header(ACCEPT, "application/json")
.send() .send()
.await? .await?

View file

@ -64,7 +64,7 @@ impl ResponseHandler for UpdateHandler {
let rlen = rr.name.as_slice().len(); let rlen = rr.name.as_slice().len();
// Check if rr has same zone // Check if rr has same zone
if rlen < zlen || !(&zone.qname == &rr.name.as_slice()[rlen - zlen..].into()) { if rlen < zlen || !(zone.qname == rr.name.as_slice()[rlen - zlen..].into()) {
return Err(ZNSError::Refused { return Err(ZNSError::Refused {
message: "RR has different zone from Question".to_string(), message: "RR has different zone from Question".to_string(),
}); });