token-validator: Don't use hardcoded tsig anymore
This commit is contained in:
parent
8a3160da10
commit
331192ccbe
@ -15,12 +15,12 @@ import (
|
||||
"git.nemunai.re/lectures/adlin/libadlin"
|
||||
)
|
||||
|
||||
const (
|
||||
var (
|
||||
ControlSocket = "[2a01:e0a:2b:2250::b]:53"
|
||||
tsigName = "ddns."
|
||||
tsigSecret = ""
|
||||
)
|
||||
|
||||
var tsigSecret = map[string]string{"ddns.": "so6ZGir4GPAqINNh9U5c3A=="}
|
||||
|
||||
func init() {
|
||||
router.GET("/api/adomains/", apiAuthHandler(func(student adlin.Student, ps httprouter.Params, body []byte) (interface{}, error) {
|
||||
return student.GetAssociatedDomains(), nil
|
||||
@ -139,9 +139,9 @@ func parseZoneRead(globalDomain string, domain string) (rr []Entry, err error) {
|
||||
t := new(dns.Transfer)
|
||||
|
||||
m := new(dns.Msg)
|
||||
t.TsigSecret = tsigSecret
|
||||
t.TsigSecret = map[string]string{tsigName: tsigSecret}
|
||||
m.SetAxfr(globalDomain)
|
||||
m.SetTsig("rndc-key.", dns.HmacSHA256, 300, time.Now().Unix())
|
||||
m.SetTsig(tsigName, dns.HmacSHA256, 300, time.Now().Unix())
|
||||
|
||||
c, err := t.In(m, ControlSocket)
|
||||
if err != nil {
|
||||
@ -227,8 +227,8 @@ func delAssociatedDomains(student adlin.Student, dn string) (err error) {
|
||||
m1.Remove(rrs)
|
||||
|
||||
c := new(dns.Client)
|
||||
c.TsigSecret = tsigSecret
|
||||
m1.SetTsig("rndc-key.", dns.HmacSHA256, 300, time.Now().Unix())
|
||||
c.TsigSecret = map[string]string{tsigName: tsigSecret}
|
||||
m1.SetTsig(tsigName, dns.HmacSHA256, 300, time.Now().Unix())
|
||||
|
||||
_, _, err = c.Exchange(m1, ControlSocket)
|
||||
if err != nil {
|
||||
@ -267,8 +267,8 @@ func AddAssociatedDomains(student adlin.Student, aaaa net.IP) (err error) {
|
||||
m2.Insert([]dns.RR{rrAAAA})
|
||||
|
||||
c := new(dns.Client)
|
||||
c.TsigSecret = tsigSecret
|
||||
m2.SetTsig("rndc-key.", dns.HmacSHA256, 300, time.Now().Unix())
|
||||
c.TsigSecret = map[string]string{tsigName: tsigSecret}
|
||||
m2.SetTsig(tsigName, dns.HmacSHA256, 300, time.Now().Unix())
|
||||
|
||||
_, _, err = c.Exchange(m2, ControlSocket)
|
||||
return
|
||||
@ -314,8 +314,8 @@ func AddNSDelegatedDomain(student adlin.Student, dn string, ttl uint32, ns strin
|
||||
m1.Insert([]dns.RR{rrNS})
|
||||
|
||||
c := new(dns.Client)
|
||||
c.TsigSecret = tsigSecret
|
||||
m1.SetTsig("rndc-key.", dns.HmacSHA256, 300, time.Now().Unix())
|
||||
c.TsigSecret = map[string]string{tsigName: tsigSecret}
|
||||
m1.SetTsig(tsigName, dns.HmacSHA256, 300, time.Now().Unix())
|
||||
|
||||
_, _, err = c.Exchange(m1, ControlSocket)
|
||||
}
|
||||
@ -342,8 +342,8 @@ func UpdateNSDelegatedDomain(student adlin.Student, dn string, ttl uint32, oldns
|
||||
m1.Insert([]dns.RR{rrNS})
|
||||
|
||||
c := new(dns.Client)
|
||||
c.TsigSecret = tsigSecret
|
||||
m1.SetTsig("rndc-key.", dns.HmacSHA256, 300, time.Now().Unix())
|
||||
c.TsigSecret = map[string]string{tsigName: tsigSecret}
|
||||
m1.SetTsig(tsigName, dns.HmacSHA256, 300, time.Now().Unix())
|
||||
|
||||
_, _, err = c.Exchange(m1, ControlSocket)
|
||||
}
|
||||
@ -379,8 +379,8 @@ func AddGLUEDelegatedDomain(student adlin.Student, dn string, ttl uint32, aaaa s
|
||||
m1.Insert([]dns.RR{rr})
|
||||
|
||||
c := new(dns.Client)
|
||||
c.TsigSecret = tsigSecret
|
||||
m1.SetTsig("rndc-key.", dns.HmacSHA256, 300, time.Now().Unix())
|
||||
c.TsigSecret = map[string]string{tsigName: tsigSecret}
|
||||
m1.SetTsig(tsigName, dns.HmacSHA256, 300, time.Now().Unix())
|
||||
|
||||
_, _, err = c.Exchange(m1, ControlSocket)
|
||||
|
||||
@ -422,8 +422,8 @@ func UpdateGLUEDelegatedDomain(student adlin.Student, dn string, ttl uint32, old
|
||||
m1.Insert([]dns.RR{rr})
|
||||
|
||||
c := new(dns.Client)
|
||||
c.TsigSecret = tsigSecret
|
||||
m1.SetTsig("rndc-key.", dns.HmacSHA256, 300, time.Now().Unix())
|
||||
c.TsigSecret = map[string]string{tsigName: tsigSecret}
|
||||
m1.SetTsig(tsigName, dns.HmacSHA256, 300, time.Now().Unix())
|
||||
|
||||
_, _, err = c.Exchange(m1, ControlSocket)
|
||||
return
|
||||
@ -472,8 +472,8 @@ func AddDSDelegatedDomain(student adlin.Student, dn string, ttl uint32, rdata st
|
||||
m1.Insert([]dns.RR{ds})
|
||||
|
||||
c := new(dns.Client)
|
||||
c.TsigSecret = tsigSecret
|
||||
m1.SetTsig("rndc-key.", dns.HmacSHA256, 300, time.Now().Unix())
|
||||
c.TsigSecret = map[string]string{tsigName: tsigSecret}
|
||||
m1.SetTsig(tsigName, dns.HmacSHA256, 300, time.Now().Unix())
|
||||
|
||||
_, _, err = c.Exchange(m1, ControlSocket)
|
||||
return
|
||||
@ -506,8 +506,8 @@ func DeleteRRDelegatedDomain(student adlin.Student, dn string, rr string, values
|
||||
m1.Remove([]dns.RR{rrr})
|
||||
|
||||
c := new(dns.Client)
|
||||
c.TsigSecret = tsigSecret
|
||||
m1.SetTsig("rndc-key.", dns.HmacSHA256, 300, time.Now().Unix())
|
||||
c.TsigSecret = map[string]string{tsigName: tsigSecret}
|
||||
m1.SetTsig(tsigName, dns.HmacSHA256, 300, time.Now().Unix())
|
||||
|
||||
_, _, err = c.Exchange(m1, ControlSocket)
|
||||
|
||||
|
@ -59,12 +59,25 @@ func StripPrefix(prefix string, h http.Handler) http.Handler {
|
||||
}
|
||||
|
||||
func main() {
|
||||
if v, exists := os.LookupEnv("ADLIN_NS_HOST"); exists {
|
||||
ControlSocket = v
|
||||
}
|
||||
if v, exists := os.LookupEnv("ADLIN_TSIG_NAME"); exists {
|
||||
tsigName = v
|
||||
}
|
||||
if v, exists := os.LookupEnv("ADLIN_TSIG_SECRET"); exists {
|
||||
tsigSecret = v
|
||||
}
|
||||
|
||||
var bind = flag.String("bind", ":8081", "Bind port/socket")
|
||||
var dsn = flag.String("dsn", adlin.DSNGenerator(), "DSN to connect to the MySQL server")
|
||||
flag.StringVar(&baseURL, "baseurl", baseURL, "URL prepended to each URL")
|
||||
flag.StringVar(&adlin.SharedSecret, "sharedsecret", "adelina", "secret used to communicate with remote validator")
|
||||
flag.StringVar(&AuthorizedKeysLocation, "authorizedkeyslocation", AuthorizedKeysLocation, "File for allowing user to SSH to the machine")
|
||||
flag.StringVar(&SshPiperLocation, "sshPiperLocation", SshPiperLocation, "Directory containing directories for sshpiperd")
|
||||
flag.StringVar(&ControlSocket, "ns-host", ControlSocket, "Host:port of the nameserver to use")
|
||||
flag.StringVar(&tsigName, "tsig-name", tsigName, "TSIG name to use to contact NS")
|
||||
flag.StringVar(&tsigSecret, "tsig-secret", tsigSecret, "TSIG secret to use to contact NS")
|
||||
var dummyauth = flag.Bool("dummyauth", false, "don't perform password check")
|
||||
flag.Parse()
|
||||
|
||||
|
Reference in New Issue
Block a user