SSHFP can also be independant records
This commit is contained in:
parent
597bdcbcff
commit
ec952b50fa
@ -88,13 +88,8 @@ func (s *Server) GenRRs(domain string, ttl uint32, origin string) (rrs models.Re
|
||||
|
||||
rrs = append(rrs, rc)
|
||||
}
|
||||
for _, sshfp := range s.SSHFP {
|
||||
rc := utils.NewRecordConfig(domain, "SSHFP", ttl, origin)
|
||||
rc.SshfpAlgorithm = sshfp.Algorithm
|
||||
rc.SshfpFingerprint = sshfp.Type
|
||||
rc.SetTarget(sshfp.FingerPrint)
|
||||
|
||||
rrs = append(rrs, rc)
|
||||
if len(s.SSHFP) > 0 {
|
||||
rrs = append(rrs, (&svcs.SSHFPs{SSHFP: s.SSHFP}).GenRRs(domain, ttl, origin)...)
|
||||
}
|
||||
|
||||
return
|
||||
|
||||
@ -21,10 +21,96 @@
|
||||
|
||||
package svcs
|
||||
|
||||
import ()
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/StackExchange/dnscontrol/v4/models"
|
||||
"github.com/miekg/dns"
|
||||
|
||||
"git.happydns.org/happyDomain/model"
|
||||
"git.happydns.org/happyDomain/utils"
|
||||
)
|
||||
|
||||
type SSHFP struct {
|
||||
Algorithm uint8 `json:"algorithm"`
|
||||
Type uint8 `json:"type"`
|
||||
FingerPrint string `json:"fingerprint"`
|
||||
}
|
||||
|
||||
type SSHFPs struct {
|
||||
SSHFP []*SSHFP `json:"SSHFP,omitempty" happydomain:"label=SSH Fingerprint,description=Server's SSH fingerprint"`
|
||||
}
|
||||
|
||||
func (s *SSHFPs) GetNbResources() int {
|
||||
return len(s.SSHFP)
|
||||
}
|
||||
|
||||
func (s *SSHFPs) GenComment(origin string) string {
|
||||
return fmt.Sprintf("%d fingerprints", len(s.SSHFP))
|
||||
}
|
||||
|
||||
func (s *SSHFPs) GenRRs(domain string, ttl uint32, origin string) (rrs models.Records) {
|
||||
for _, sshfp := range s.SSHFP {
|
||||
rc := utils.NewRecordConfig(domain, "SSHFP", ttl, origin)
|
||||
rc.SshfpAlgorithm = sshfp.Algorithm
|
||||
rc.SshfpFingerprint = sshfp.Type
|
||||
rc.SetTarget(sshfp.FingerPrint)
|
||||
|
||||
rrs = append(rrs, rc)
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
func sshfp_analyze(a *Analyzer) error {
|
||||
pool := map[string]models.Records{}
|
||||
|
||||
for _, record := range a.SearchRR(AnalyzerRecordFilter{Type: dns.TypeSSHFP}) {
|
||||
domain := record.NameFQDN
|
||||
|
||||
pool[domain] = append(pool[domain], record)
|
||||
}
|
||||
|
||||
for dn, rrs := range pool {
|
||||
s := &SSHFPs{}
|
||||
|
||||
for _, rr := range rrs {
|
||||
if rr.Type == "SSHFP" {
|
||||
s.SSHFP = append(s.SSHFP, &SSHFP{
|
||||
Algorithm: rr.SshfpAlgorithm,
|
||||
Type: rr.SshfpFingerprint,
|
||||
FingerPrint: rr.GetTargetField(),
|
||||
})
|
||||
|
||||
a.UseRR(rr, dn, s)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func init() {
|
||||
RegisterService(
|
||||
func() happydns.Service {
|
||||
return &SSHFPs{}
|
||||
},
|
||||
sshfp_analyze,
|
||||
ServiceInfos{
|
||||
Name: "SSHFP",
|
||||
Description: "Store SSH key fingerprints in DNS.",
|
||||
Categories: []string{
|
||||
"security",
|
||||
},
|
||||
RecordTypes: []uint16{
|
||||
dns.TypeSSHFP,
|
||||
},
|
||||
Restrictions: ServiceRestrictions{
|
||||
NeedTypes: []uint16{
|
||||
dns.TypeSSHFP,
|
||||
},
|
||||
},
|
||||
},
|
||||
1000,
|
||||
)
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user