From 3779125367af84e9f18299d01e16c293da6d1acd Mon Sep 17 00:00:00 2001 From: Xander Bil Date: Sun, 29 Sep 2024 23:39:34 +0200 Subject: [PATCH] make default soa and zauth optional --- zns-daemon/src/config.rs | 9 +++-- zns-daemon/src/handlers/query.rs | 6 ++-- .../src/handlers/update/authenticate.rs | 33 +++++++++++-------- zns-daemon/src/handlers/update/mod.rs | 2 +- 4 files changed, 31 insertions(+), 19 deletions(-) diff --git a/zns-daemon/src/config.rs b/zns-daemon/src/config.rs index 84360c5..d05b6b8 100644 --- a/zns-daemon/src/config.rs +++ b/zns-daemon/src/config.rs @@ -6,11 +6,12 @@ use zns::labelstring::LabelString; static CONFIG: OnceLock = OnceLock::new(); pub struct Config { - pub zauth_url: String, + pub zauth_url: Option, pub db_uri: String, pub authoritative_zone: LabelString, pub port: u16, pub address: IpAddr, + pub default_soa: bool, } impl Config { @@ -25,7 +26,7 @@ impl Config { dotenv().ok(); Config { db_uri: env::var("DATABASE_URL").expect("DATABASE_URL must be set"), - zauth_url: env::var("ZAUTH_URL").expect("ZAUTH_URL must be set"), + zauth_url: env::var("ZAUTH_URL").ok(), authoritative_zone: LabelString::from(&env::var("ZONE").expect("ZONE must be set")), port: env::var("ZNS_PORT") .map(|v| v.parse::().expect("ZNS_PORT is invalid")) @@ -34,6 +35,10 @@ impl Config { .unwrap_or(String::from("127.0.0.1")) .parse() .expect("ZNS_ADDRESS is invalid"), + default_soa: env::var("ZNS_DEFAULT_SOA") + .unwrap_or(String::from("true")) + .parse() + .expect("ZNS_DEFAULT_SOA should have value `true` or `false`"), } }) } diff --git a/zns-daemon/src/handlers/query.rs b/zns-daemon/src/handlers/query.rs index 79040ce..6ddf5dd 100644 --- a/zns-daemon/src/handlers/query.rs +++ b/zns-daemon/src/handlers/query.rs @@ -37,7 +37,9 @@ impl ResponseHandler for QueryHandler { if rrs.is_empty() { rrs.extend(try_wildcard(question, connection)?); if rrs.is_empty() { - if question.qtype == Type::Type(RRType::SOA) { + if question.qtype == Type::Type(RRType::SOA) + && Config::get().default_soa + { rrs.extend([get_soa(&question.qname)?]) } else { return Err(ZNSError::NXDomain { @@ -87,7 +89,7 @@ fn try_wildcard(question: &Question, connection: &mut PgConnection) -> Result Result { let auth_zone = Config::get().authoritative_zone.clone(); - let rdata = if &Config::get().authoritative_zone == name { + let rdata = if &auth_zone == name { // Recommended values taken from wikipedia: https://en.wikipedia.org/wiki/SOA_record Ok(SoaRData { mname: auth_zone, diff --git a/zns-daemon/src/handlers/update/authenticate.rs b/zns-daemon/src/handlers/update/authenticate.rs index b2a2369..446fd7c 100644 --- a/zns-daemon/src/handlers/update/authenticate.rs +++ b/zns-daemon/src/handlers/update/authenticate.rs @@ -18,15 +18,20 @@ pub async fn authenticate( zone: &LabelString, connection: &mut PgConnection, ) -> Result { - if zone.as_slice().len() > Config::get().authoritative_zone.as_slice().len() { - let username = &zone.as_slice() - [zone.as_slice().len() - Config::get().authoritative_zone.as_slice().len() - 1]; + if zone.len() > Config::get().authoritative_zone.len() { + let ssh_verified = match &Config::get().zauth_url { + Some(url) => { + let username = &zone.as_slice() + [zone.as_slice().len() - Config::get().authoritative_zone.as_slice().len() - 1]; - let ssh_verified = validate_ssh(&username.to_lowercase(), sig) - .await - .map_err(|e| ZNSError::Servfail { - message: e.to_string(), - })?; + validate_ssh(&username.to_lowercase(), url, sig) + .await + .map_err(|e| ZNSError::Servfail { + message: e.to_string(), + })? + } + None => false, + }; if ssh_verified { Ok(true) @@ -40,14 +45,14 @@ pub async fn authenticate( } } -async fn validate_ssh(username: &String, sig: &Sig) -> Result { +async fn validate_ssh( + username: &String, + zauth_url: &String, + sig: &Sig, +) -> Result { let client = reqwest::Client::new(); Ok(client - .get(format!( - "{}/users/{}/keys", - Config::get().zauth_url, - username - )) + .get(format!("{}/users/{}/keys", zauth_url, username)) .header(ACCEPT, "application/json") .send() .await? diff --git a/zns-daemon/src/handlers/update/mod.rs b/zns-daemon/src/handlers/update/mod.rs index b7a6cb1..a2c973e 100644 --- a/zns-daemon/src/handlers/update/mod.rs +++ b/zns-daemon/src/handlers/update/mod.rs @@ -64,7 +64,7 @@ impl ResponseHandler for UpdateHandler { let rlen = rr.name.as_slice().len(); // Check if rr has same zone - if rlen < zlen || !(&zone.qname == &rr.name.as_slice()[rlen - zlen..].into()) { + if rlen < zlen || !(zone.qname == rr.name.as_slice()[rlen - zlen..].into()) { return Err(ZNSError::Refused { message: "RR has different zone from Question".to_string(), });