From 7b5fad03067246e24d45e6bde38bf86b3c332f75 Mon Sep 17 00:00:00 2001 From: Xander Bil Date: Sat, 17 Aug 2024 18:59:31 +0200 Subject: [PATCH] add more config and check expiration/inception time --- zns-daemon/src/config.rs | 11 ++++++++++- zns-daemon/src/handlers/update/mod.rs | 2 +- zns-daemon/src/handlers/update/sig.rs | 22 ++++++++++++++++++++++ zns-daemon/src/main.rs | 4 ++-- 4 files changed, 35 insertions(+), 4 deletions(-) diff --git a/zns-daemon/src/config.rs b/zns-daemon/src/config.rs index b65c9e3..6924929 100644 --- a/zns-daemon/src/config.rs +++ b/zns-daemon/src/config.rs @@ -1,4 +1,4 @@ -use std::{env, sync::OnceLock}; +use std::{env, net::IpAddr, sync::OnceLock}; use dotenvy::dotenv; @@ -8,6 +8,8 @@ pub struct Config { pub zauth_url: String, pub db_uri: String, pub authoritative_zone: Vec, + pub port: u16, + pub address: IpAddr, } impl Config { @@ -28,6 +30,13 @@ impl Config { .split(".") .map(str::to_string) .collect(), + port: env::var("ZNS_PORT") + .map(|v| v.parse::().expect("ZNS_PORT is invalid")) + .unwrap_or(5333), + address: env::var("ZNS_ADDRESS") + .unwrap_or(String::from("127.0.0.1")) + .parse() + .expect("ZNS_ADDRESS is invalid"), } }) } diff --git a/zns-daemon/src/handlers/update/mod.rs b/zns-daemon/src/handlers/update/mod.rs index b13142d..fe669d1 100644 --- a/zns-daemon/src/handlers/update/mod.rs +++ b/zns-daemon/src/handlers/update/mod.rs @@ -99,7 +99,7 @@ impl ResponseHandler for UpdateHandler { for rr in &message.authority { if rr.class == zone.qclass { - let _ = insert_into_database(&rr, connection); + let _ = insert_into_database(&rr, connection)?; } else if rr.class == Class::Class(RRClass::ANY) { if rr._type == Type::Type(RRType::ANY) { if rr.name == zone.qname { diff --git a/zns-daemon/src/handlers/update/sig.rs b/zns-daemon/src/handlers/update/sig.rs index 5c5af34..ac3526d 100644 --- a/zns-daemon/src/handlers/update/sig.rs +++ b/zns-daemon/src/handlers/update/sig.rs @@ -1,3 +1,5 @@ +use std::time::{SystemTime, UNIX_EPOCH}; + use base64::prelude::*; use int_enum::IntEnum; @@ -19,6 +21,7 @@ pub struct Sig { } #[allow(dead_code)] +#[derive(Debug)] struct SigRData { type_covered: u16, algo: Algorithm, @@ -80,6 +83,25 @@ impl Sig { let mut reader = Reader::new(&rr.rdata); let key_rdata = SigRData::from_bytes(&mut reader)?; + let now = SystemTime::now() + .duration_since(UNIX_EPOCH) + .map_err(|e| ZNSError::Servfail { + message: e.to_string(), + })? + .as_secs(); + + if (key_rdata.signature_inception as u64) > now { + return Err(ZNSError::Refused { + message: String::from("invalid signature inception time"), + }); + } + + if (key_rdata.signature_expiration as u64) < now { + return Err(ZNSError::Refused { + message: String::from("signature has expired"), + }); + } + let mut raw_data = rr.rdata[0..rr.rdata.len() - key_rdata.signature.len()].to_vec(); raw_data.extend(request); diff --git a/zns-daemon/src/main.rs b/zns-daemon/src/main.rs index 51fa2d3..81426de 100644 --- a/zns-daemon/src/main.rs +++ b/zns-daemon/src/main.rs @@ -1,9 +1,9 @@ use std::{error::Error, net::SocketAddr}; mod config; -mod resolver; mod db; mod handlers; +mod resolver; mod utils; use config::Config; @@ -13,7 +13,7 @@ use crate::resolver::{tcp_listener_loop, udp_listener_loop}; #[tokio::main] async fn main() -> Result<(), Box> { Config::initialize(); - let resolver_add = SocketAddr::from(([127, 0, 0, 1], 8080)); + let resolver_add = SocketAddr::from((Config::get().address, Config::get().port)); let _ = tokio::join!( udp_listener_loop(resolver_add), tcp_listener_loop(resolver_add)