10
0
Fork 0
mirror of https://github.com/ZeusWPI/ZNS.git synced 2024-11-21 13:31:11 +01:00

add more config and check expiration/inception time

This commit is contained in:
Xander Bil 2024-08-17 18:59:31 +02:00
parent fee261d781
commit 7b5fad0306
No known key found for this signature in database
GPG key ID: EC9706B54A278598
4 changed files with 35 additions and 4 deletions

View file

@ -1,4 +1,4 @@
use std::{env, sync::OnceLock};
use std::{env, net::IpAddr, sync::OnceLock};
use dotenvy::dotenv;
@ -8,6 +8,8 @@ pub struct Config {
pub zauth_url: String,
pub db_uri: String,
pub authoritative_zone: Vec<String>,
pub port: u16,
pub address: IpAddr,
}
impl Config {
@ -28,6 +30,13 @@ impl Config {
.split(".")
.map(str::to_string)
.collect(),
port: env::var("ZNS_PORT")
.map(|v| v.parse::<u16>().expect("ZNS_PORT is invalid"))
.unwrap_or(5333),
address: env::var("ZNS_ADDRESS")
.unwrap_or(String::from("127.0.0.1"))
.parse()
.expect("ZNS_ADDRESS is invalid"),
}
})
}

View file

@ -99,7 +99,7 @@ impl ResponseHandler for UpdateHandler {
for rr in &message.authority {
if rr.class == zone.qclass {
let _ = insert_into_database(&rr, connection);
let _ = insert_into_database(&rr, connection)?;
} else if rr.class == Class::Class(RRClass::ANY) {
if rr._type == Type::Type(RRType::ANY) {
if rr.name == zone.qname {

View file

@ -1,3 +1,5 @@
use std::time::{SystemTime, UNIX_EPOCH};
use base64::prelude::*;
use int_enum::IntEnum;
@ -19,6 +21,7 @@ pub struct Sig {
}
#[allow(dead_code)]
#[derive(Debug)]
struct SigRData {
type_covered: u16,
algo: Algorithm,
@ -80,6 +83,25 @@ impl Sig {
let mut reader = Reader::new(&rr.rdata);
let key_rdata = SigRData::from_bytes(&mut reader)?;
let now = SystemTime::now()
.duration_since(UNIX_EPOCH)
.map_err(|e| ZNSError::Servfail {
message: e.to_string(),
})?
.as_secs();
if (key_rdata.signature_inception as u64) > now {
return Err(ZNSError::Refused {
message: String::from("invalid signature inception time"),
});
}
if (key_rdata.signature_expiration as u64) < now {
return Err(ZNSError::Refused {
message: String::from("signature has expired"),
});
}
let mut raw_data = rr.rdata[0..rr.rdata.len() - key_rdata.signature.len()].to_vec();
raw_data.extend(request);

View file

@ -1,9 +1,9 @@
use std::{error::Error, net::SocketAddr};
mod config;
mod resolver;
mod db;
mod handlers;
mod resolver;
mod utils;
use config::Config;
@ -13,7 +13,7 @@ use crate::resolver::{tcp_listener_loop, udp_listener_loop};
#[tokio::main]
async fn main() -> Result<(), Box<dyn Error>> {
Config::initialize();
let resolver_add = SocketAddr::from(([127, 0, 0, 1], 8080));
let resolver_add = SocketAddr::from((Config::get().address, Config::get().port));
let _ = tokio::join!(
udp_listener_loop(resolver_add),
tcp_listener_loop(resolver_add)