diff options
author | Mike Crute <mike@crute.us> | 2019-05-21 13:00:58 +0000 |
---|---|---|
committer | Mike Crute <mike@crute.us> | 2019-05-21 13:00:58 +0000 |
commit | b2e062c5de3fb233d34bf0c67c7e43cfd9969706 (patch) | |
tree | 5d3438d546bf3a07ac4941fdb7b061386415b266 | |
parent | 59ca7934d3ede5b40a31c98424ba9e3c7ed9f171 (diff) | |
download | go_ddns_manager-b2e062c5de3fb233d34bf0c67c7e43cfd9969706.tar.bz2 go_ddns_manager-b2e062c5de3fb233d34bf0c67c7e43cfd9969706.tar.xz go_ddns_manager-b2e062c5de3fb233d34bf0c67c7e43cfd9969706.zip |
Read secrets from a file
-rw-r--r-- | main.go | 156 |
1 files changed, 137 insertions, 19 deletions
@@ -2,9 +2,13 @@ package main | |||
2 | 2 | ||
3 | import ( | 3 | import ( |
4 | "bytes" | 4 | "bytes" |
5 | "encoding/json" | ||
6 | "errors" | ||
5 | "fmt" | 7 | "fmt" |
6 | "github.com/miekg/dns" | 8 | "github.com/miekg/dns" |
9 | "io/ioutil" | ||
7 | "net/http" | 10 | "net/http" |
11 | "strings" | ||
8 | "text/template" | 12 | "text/template" |
9 | "time" | 13 | "time" |
10 | ) | 14 | ) |
@@ -14,17 +18,115 @@ type Zone struct { | |||
14 | View string | 18 | View string |
15 | } | 19 | } |
16 | 20 | ||
17 | var SECRETS = map[string]string{ | 21 | type TSIGSecrets struct { |
18 | "crute-me-internal.": "", | 22 | secrets map[string]map[string]TSIGSecret |
19 | "crute-me-external.": "", | 23 | viewzones map[string][]string |
20 | "crute-us-internal.": "", | 24 | } |
21 | "crute-us-external.": "", | 25 | |
22 | "crute-org-internal.": "", | 26 | func NewTSIGSecrets() *TSIGSecrets { |
23 | "crute-org-external.": "", | 27 | return &TSIGSecrets{ |
24 | "faldowski-com-internal.": "", | 28 | secrets: make(map[string]map[string]TSIGSecret), |
25 | "faldowski-com-external.": "", | 29 | viewzones: make(map[string][]string), |
26 | "softgroupcorp-com-internal.": "", | 30 | } |
27 | "softgroupcorp-com-external.": "", | 31 | } |
32 | |||
33 | func (t *TSIGSecrets) GetViews() []string { | ||
34 | r := make([]string, 0, len(t.viewzones)) | ||
35 | for k := range t.viewzones { | ||
36 | r = append(r, k) | ||
37 | } | ||
38 | return r | ||
39 | } | ||
40 | |||
41 | func (t *TSIGSecrets) GetViewZones() map[string][]string { | ||
42 | return t.viewzones | ||
43 | } | ||
44 | |||
45 | func (t *TSIGSecrets) UnmarshalJSON(d []byte) error { | ||
46 | v := make(map[string]map[string]string) | ||
47 | |||
48 | if err := json.Unmarshal(d, &v); err != nil { | ||
49 | return err | ||
50 | } | ||
51 | |||
52 | for k, v := range v { | ||
53 | o := strings.Split(k, "-") | ||
54 | view := o[len(o)-1] | ||
55 | |||
56 | d := make([]string, len(o)) | ||
57 | copy(d, o[:len(o)-1]) | ||
58 | dn := strings.Join(d, ".") | ||
59 | |||
60 | a, ok := v["algorithm"] | ||
61 | if !ok { | ||
62 | a = "hmac-sha256." | ||
63 | } | ||
64 | |||
65 | if !strings.HasSuffix(a, ".") { | ||
66 | a = fmt.Sprintf("%s.", a) | ||
67 | } | ||
68 | |||
69 | if _, ok := t.viewzones[view]; !ok { | ||
70 | t.viewzones[view] = make([]string, 1) | ||
71 | t.viewzones[view] = append(t.viewzones[view], dn) | ||
72 | } else { | ||
73 | t.viewzones[view] = append(t.viewzones[view], dn) | ||
74 | } | ||
75 | |||
76 | if _, ok := t.secrets[view]; !ok { | ||
77 | t.secrets[view] = make(map[string]TSIGSecret) | ||
78 | } | ||
79 | |||
80 | if !strings.HasSuffix(k, ".") { | ||
81 | k = fmt.Sprintf("%s.", k) | ||
82 | } | ||
83 | |||
84 | t.secrets[view][dn] = TSIGSecret{ | ||
85 | KeyName: k, | ||
86 | Algorithm: a, | ||
87 | Secret: v["secret"], | ||
88 | } | ||
89 | } | ||
90 | |||
91 | return nil | ||
92 | } | ||
93 | |||
94 | func (t *TSIGSecrets) GetSecret(zone, view string) (*TSIGSecret, error) { | ||
95 | if !strings.HasSuffix(zone, ".") { | ||
96 | zone = fmt.Sprintf("%s.", zone) | ||
97 | } | ||
98 | |||
99 | if _, ok := t.secrets[view]; !ok { | ||
100 | return nil, errors.New("No keys for requested zone") | ||
101 | } | ||
102 | |||
103 | key, ok := t.secrets[view][zone] | ||
104 | if !ok { | ||
105 | return nil, errors.New("No keys for requested view of zone") | ||
106 | } | ||
107 | |||
108 | return &key, nil | ||
109 | } | ||
110 | |||
111 | type Signable interface { | ||
112 | SetTsig(string, string, uint16, int64) *dns.Msg | ||
113 | } | ||
114 | |||
115 | // TODO: Name and Algorithm end with dot (.) | ||
116 | type TSIGSecret struct { | ||
117 | KeyName string | ||
118 | Algorithm string `json:"algorithm"` | ||
119 | Secret string `json:"secret"` | ||
120 | } | ||
121 | |||
122 | func (t *TSIGSecret) Sign(r Signable) { | ||
123 | r.SetTsig(t.KeyName, t.Algorithm, 300, time.Now().Unix()) | ||
124 | } | ||
125 | |||
126 | func (t *TSIGSecret) AsMap() map[string]string { | ||
127 | return map[string]string{ | ||
128 | t.KeyName: t.Secret, | ||
129 | } | ||
28 | } | 130 | } |
29 | 131 | ||
30 | func getValue(v interface{}) string { | 132 | func getValue(v interface{}) string { |
@@ -62,15 +164,17 @@ func getValue(v interface{}) string { | |||
62 | } | 164 | } |
63 | } | 165 | } |
64 | 166 | ||
65 | func getDns() chan *dns.Envelope { | 167 | func getDns(sm *TSIGSecrets) chan *dns.Envelope { |
168 | s, _ := sm.GetSecret("crute.us", "external") | ||
169 | |||
66 | c := &dns.Transfer{} | 170 | c := &dns.Transfer{} |
67 | c.TsigSecret = SECRETS | 171 | c.TsigSecret = s.AsMap() |
68 | 172 | ||
69 | m := &dns.Msg{} | 173 | m := &dns.Msg{} |
70 | m.SetAxfr("crute.me.") | 174 | m.SetAxfr("crute.us.") |
71 | m.SetTsig("crute-me-internal.", dns.HmacSHA256, 300, time.Now().Unix()) | 175 | s.Sign(m) |
72 | 176 | ||
73 | in, err := c.In(m, "172.31.46.225:53") | 177 | in, err := c.In(m, "172.16.18.52:53") |
74 | if err != nil { | 178 | if err != nil { |
75 | fmt.Printf("Error: %s\n", err.Error()) | 179 | fmt.Printf("Error: %s\n", err.Error()) |
76 | return nil | 180 | return nil |
@@ -109,10 +213,24 @@ func handler(w http.ResponseWriter, r *http.Request) { | |||
109 | "dnsTTL": dnsTTL, | 213 | "dnsTTL": dnsTTL, |
110 | } | 214 | } |
111 | t, _ := template.New("").Funcs(fm).ParseFiles("dns.html") | 215 | t, _ := template.New("").Funcs(fm).ParseFiles("dns.html") |
112 | t.ExecuteTemplate(w, "dns.html", getDns()) | 216 | t.ExecuteTemplate(w, "dns.html", getDns(nil)) |
113 | } | 217 | } |
114 | 218 | ||
115 | func main() { | 219 | func main() { |
116 | http.HandleFunc("/", handler) | 220 | /* |
117 | http.ListenAndServe(":8080", nil) | 221 | http.HandleFunc("/", handler) |
222 | http.ListenAndServe(":8080", nil) | ||
223 | */ | ||
224 | |||
225 | c, _ := ioutil.ReadFile("secrets.json") | ||
226 | k := NewTSIGSecrets() | ||
227 | json.Unmarshal(c, k) | ||
228 | |||
229 | //fmt.Printf("%+v\n", k) | ||
230 | for r := range getDns(k) { | ||
231 | for _, rr := range r.RR { | ||
232 | /* hlen := len(rr.Header().String()) | ||
233 | fmt.Printf("%+v\n", rr.String()[hlen:]) */ | ||
234 | } | ||
235 | } | ||
118 | } | 236 | } |