From d8f88dcac52fd9789bb9fc56dbb1acbd33b5a1dd Mon Sep 17 00:00:00 2001 From: Xander Bil Date: Sun, 14 Jul 2024 22:00:26 +0200 Subject: [PATCH] authoritative zone config --- src/config.rs | 6 ++++++ src/handlers/update/authenticate.rs | 7 ++++--- src/handlers/update/mod.rs | 5 ++++- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/src/config.rs b/src/config.rs index c7ba133..b65c9e3 100644 --- a/src/config.rs +++ b/src/config.rs @@ -7,6 +7,7 @@ static CONFIG: OnceLock = OnceLock::new(); pub struct Config { pub zauth_url: String, pub db_uri: String, + pub authoritative_zone: Vec, } impl Config { @@ -22,6 +23,11 @@ impl Config { Config { db_uri: env::var("DATABASE_URL").expect("DATABASE_URL must be set"), zauth_url: env::var("ZAUTH_URL").expect("ZAUTH_URL must be set"), + authoritative_zone: env::var("ZONE") + .expect("ZONE must be set") + .split(".") + .map(str::to_string) + .collect(), } }) } diff --git a/src/handlers/update/authenticate.rs b/src/handlers/update/authenticate.rs index 0a9d0c1..bc4ae7d 100644 --- a/src/handlers/update/authenticate.rs +++ b/src/handlers/update/authenticate.rs @@ -17,10 +17,11 @@ pub async fn authenticate( zone: &Vec, connection: &mut PgConnection, ) -> Result { - if zone.len() >= 4 { - let username = &zone[zone.len() - 4]; // Should match: username.users.zeus.gent + if zone.len() >= Config::get().authoritative_zone.len() { + let username = &zone[zone.len() - Config::get().authoritative_zone.len() - 1]; + + let ssh_verified = validate_ssh(username, sig).await.is_ok_and(|b| b); - let ssh_verified = validate_ssh(username, sig).await?; if ssh_verified { Ok(true) diff --git a/src/handlers/update/mod.rs b/src/handlers/update/mod.rs index 26c26f7..55a4cf4 100644 --- a/src/handlers/update/mod.rs +++ b/src/handlers/update/mod.rs @@ -1,6 +1,7 @@ use diesel::PgConnection; use crate::{ + config::Config, db::models::{delete_from_database, insert_into_database}, errors::ZNSError, structs::{Class, Message, RRClass, RRType, Type}, @@ -37,7 +38,9 @@ impl ResponseHandler for UpdateHandler { // Check Zone authority let zone = &message.question[0]; let zlen = zone.qname.len(); - if !(zlen >= 2 && zone.qname[zlen - 1] == "gent" && zone.qname[zlen - 2] == "zeus") { + let auth_zone = &Config::get().authoritative_zone; + if !(zlen >= auth_zone.len() && vec_equal(&zone.qname[zlen - auth_zone.len()..], auth_zone)) + { return Err(ZNSError::Formerr { message: "Invalid zone".to_string(), });