diff --git a/zns-daemon/src/handlers/update/authenticate.rs b/zns-daemon/src/handlers/update/authenticate.rs index c01c910..e362231 100644 --- a/zns-daemon/src/handlers/update/authenticate.rs +++ b/zns-daemon/src/handlers/update/authenticate.rs @@ -7,21 +7,20 @@ use zns::{ errors::ZNSError, parser::FromBytes, reader::Reader, - structs::{Class, RRClass, RRType, Type}, + structs::{Class, LabelString, RRClass, RRType, Type}, }; use super::{dnskey::DNSKeyRData, sig::Sig}; pub async fn authenticate( sig: &Sig, - zone: &[String], + zone: &LabelString, connection: &mut PgConnection, ) -> Result { - if zone.len() >= Config::get().authoritative_zone.len() { - //TODO: panic? subtract + if zone.len() > Config::get().authoritative_zone.len() { let username = &zone[zone.len() - Config::get().authoritative_zone.len() - 1]; - let ssh_verified = validate_ssh(username, sig) + let ssh_verified = validate_ssh(&username.to_lowercase(), sig) .await .map_err(|e| ZNSError::Servfail { message: e.to_string(), diff --git a/zns-daemon/src/handlers/update/mod.rs b/zns-daemon/src/handlers/update/mod.rs index 867a9d2..addefcd 100644 --- a/zns-daemon/src/handlers/update/mod.rs +++ b/zns-daemon/src/handlers/update/mod.rs @@ -6,7 +6,7 @@ use crate::{ }; use zns::structs::{Class, Message, RRClass, RRType, Type}; -use zns::{errors::ZNSError, utils::vec_equal}; +use zns::{errors::ZNSError, utils::labels_equal}; use self::sig::Sig; @@ -64,7 +64,7 @@ impl ResponseHandler for UpdateHandler { let rlen = rr.name.len(); // Check if rr has same zone - if rlen < zlen || !(vec_equal(&zone.qname, &rr.name[rlen - zlen..])) { + if rlen < zlen || !(labels_equal(&zone.qname, &rr.name[rlen - zlen..].into())) { return Err(ZNSError::Refused { message: "RR has different zone from Question".to_string(), }); diff --git a/zns/src/message.rs b/zns/src/message.rs index 2e4265f..f12de1d 100644 --- a/zns/src/message.rs +++ b/zns/src/message.rs @@ -1,7 +1,7 @@ use crate::{ errors::ZNSError, structs::{LabelString, Message, Opcode, RCODE}, - utils::vec_equal, + utils::labels_equal, }; impl Message { @@ -23,7 +23,7 @@ impl Message { for question in &self.question { let zlen = question.qname.len(); if !(zlen >= auth_zone.len() - && vec_equal(&question.qname[zlen - auth_zone.len()..], auth_zone)) + && labels_equal(&question.qname[zlen - auth_zone.len()..].into(), auth_zone)) { return Err(ZNSError::Refused { message: format!("Not authoritative for: {}", question.qname.join(".")), @@ -68,17 +68,21 @@ mod tests { } #[test] - fn test_not_authoritative() { - let message = get_message(Some(vec![ + fn test_authoritative() { + let name = vec![ String::from("not"), String::from("good"), String::from("zone"), - ])); + ]; - let zone = vec![String::from("good")]; + let message = get_message(Some(name)); assert!(message - .check_authoritative(&zone) + .check_authoritative(&vec![String::from("good")]) .is_err_and(|x| x.rcode() == RCODE::REFUSED)); + + assert!(message + .check_authoritative(&vec![String::from("Zone")]) + .is_ok()) } } diff --git a/zns/src/utils.rs b/zns/src/utils.rs index 2fa2923..f3c98ef 100644 --- a/zns/src/utils.rs +++ b/zns/src/utils.rs @@ -1,13 +1,34 @@ -pub fn vec_equal(vec1: &[T], vec2: &[T]) -> bool { +use crate::structs::LabelString; + +pub fn labels_equal(vec1: &LabelString, vec2: &LabelString) -> bool { if vec1.len() != vec2.len() { return false; } for (elem1, elem2) in vec1.iter().zip(vec2.iter()) { - if elem1 != elem2 { + if elem1.to_lowercase() != elem2.to_lowercase() { return false; } } true } + +#[cfg(test)] +mod tests { + + use super::*; + + #[test] + fn test_labels_equal() { + assert!(labels_equal( + &vec![String::from("one"), String::from("two")], + &vec![String::from("oNE"), String::from("two")] + )); + + assert!(!labels_equal( + &vec![String::from("one"), String::from("two")], + &vec![String::from("oNEe"), String::from("two")] + )); + } +}