foo

dnstapir · May 20, 2024 · 690d015 · 690d015
1 parent 32cae91
commit 690d015
Show file tree

Hide file tree

Showing 9 changed files with 465 additions and 63 deletions.
diff --git a/Makefile b/Makefile
@@ -24,6 +24,10 @@ linux:
 	/bin/sh make-version.sh $(VERSION)-$(COMMIT) $(APPDATE) $(PROG)
 	GOOS=linux GOARCH=amd64 go build $(GOFLAGS) -o ${PROG}.linux
 
+netbsd:	
+	/bin/sh make-version.sh $(VERSION)-$(COMMIT) $(APPDATE) $(PROG)
+	GOOS=netbsd GOARCH=amd64 go build $(GOFLAGS) -o ${PROG}.netbsd
+
 gen-mqtt-msg-new-qname.go: checkout/events-mqtt-message-new_qname.json
 	go-jsonschema checkout/events-mqtt-message-new_qname.json --package main --tags json --only-models --output gen-mqtt-msg-new-qname.go
 

diff --git a/apihandler.go b/apihandler.go
@@ -183,19 +183,56 @@ func APIcommand(conf *Config) func(w http.ResponseWriter, r *http.Request) {
 			//				Msg:    "Daemon was happy, but now winding down",
 			//			}
 
-		case "export-greylist-dns-tapir":
-			// exportGreylistDnsTapir(w, r, conf.TemData)
+		// End of Selection
+		default:
+			resp.Error = true
+			resp.ErrorMsg = fmt.Sprintf("Unknown command: %s", cp.Command)
+		}
+	}
+}
+
+func APIbootstrap(conf *Config) func(w http.ResponseWriter, r *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
+		resp := tapir.BootstrapResponse{
+			Status: "ok", // only status we know, so far
+			Msg:    "We're happy, but send more cookies",
+		}
+
+		defer func() {
+			w.Header().Set("Content-Type", "application/json")
+			err := json.NewEncoder(w).Encode(resp)
+			if err != nil {
+				log.Printf("Error from json encoder: %v", err)
+				log.Printf("resp: %v", resp)
+			}
+		}()
+
+		decoder := json.NewDecoder(r.Body)
+		var bp tapir.BootstrapPost
+		err := decoder.Decode(&bp)
+		if err != nil {
+			log.Println("APIbootstrap: error decoding command post:", err)
+			resp.Error = true
+			resp.ErrorMsg = fmt.Sprintf("Error decoding command post: %v", err)
+			return
+		}
+
+		log.Printf("API: received /bootstrap request (cmd: %s) from %s.\n",
+			bp.Command, r.RemoteAddr)
+
+		switch bp.Command {
+		case "export-greylist":
 			td := conf.TemData
 			td.mu.RLock()
 			defer td.mu.RUnlock()
 
-			greylist, ok := td.Lists["greylist"]["dns-tapir"]
+			greylist, ok := td.Lists["greylist"][bp.ListName]
 			if !ok {
 				resp.Error = true
-				resp.ErrorMsg = "Greylist 'dns-tapir' not found"
+				resp.ErrorMsg = fmt.Sprintf("Greylist '%s' not found", bp.ListName)
 				return
 			}
-			log.Printf("Found dns-tapir greylist: %v", greylist)
+			log.Printf("Found %s greylist: %v", bp.ListName, greylist)
 
 			w.Header().Set("Content-Type", "application/octet-stream")
 			w.Header().Set("Content-Disposition", "attachment; filename=greylist-dns-tapir.gob")
@@ -208,9 +245,8 @@ func APIcommand(conf *Config) func(w http.ResponseWriter, r *http.Request) {
 				resp.ErrorMsg = err.Error()
 				return
 			}
-
 		default:
-			resp.ErrorMsg = fmt.Sprintf("Unknown command: %s", cp.Command)
+			resp.ErrorMsg = fmt.Sprintf("Unknown command: %s", bp.Command)
 			resp.Error = true
 		}
 	}
@@ -333,12 +369,25 @@ func SetupRouter(conf *Config) *mux.Router {
 		viper.GetString("apiserver.key")).Subrouter()
 	sr.HandleFunc("/ping", tapir.APIping("tem", conf.BootTime)).Methods("POST")
 	sr.HandleFunc("/command", APIcommand(conf)).Methods("POST")
+	sr.HandleFunc("/bootstrap", APIbootstrap(conf)).Methods("POST")
 	sr.HandleFunc("/debug", APIdebug(conf)).Methods("POST")
 	// sr.HandleFunc("/show/api", tapir.APIshowAPI(r)).Methods("GET")
 
 	return r
 }
 
+func SetupBootstrapRouter(conf *Config) *mux.Router {
+	r := mux.NewRouter().StrictSlash(true)
+
+	sr := r.PathPrefix("/api/v1").Headers("X-API-Key", viper.GetString("apiserver.key")).Subrouter()
+	sr.HandleFunc("/ping", tapir.APIping("tem", conf.BootTime)).Methods("POST")
+	sr.HandleFunc("/bootstrap", APIbootstrap(conf)).Methods("POST")
+	// sr.HandleFunc("/debug", APIdebug(conf)).Methods("POST")
+	// sr.HandleFunc("/show/api", tapir.APIshowAPI(r)).Methods("GET")
+
+	return r
+}
+
 func walkRoutes(router *mux.Router, address string) {
 	log.Printf("Defined API endpoints for router on: %s\n", address)
 
@@ -370,6 +419,10 @@ func APIdispatcher(conf *Config, done <-chan struct{}) {
 	certfile := viper.GetString("certs.tem.cert")
 	keyfile := viper.GetString("certs.tem.key")
 
+	bootstrapaddress := viper.GetString("bootstrapserver.address")
+	bootstraptlsaddress := viper.GetString("bootstrapserver.tlsaddress")
+	bootstraprouter := SetupBootstrapRouter(conf)
+
 	tlspossible := true
 
 	_, err := os.Stat(certfile)
@@ -384,7 +437,7 @@ func APIdispatcher(conf *Config, done <-chan struct{}) {
 	tlsConfig, err := tapir.NewServerConfig(viper.GetString("certs.cacertfile"), tls.VerifyClientCertIfGiven)
 	// Alternatives are: tls.RequireAndVerifyClientCert, tls.VerifyClientCertIfGiven,
 	// tls.RequireAnyClientCert, tls.RequestClientCert, tls.NoClientCert
-	// We would like to request a client cert, but until all labgroup servers have certs we cannot do that.
+
 	if err != nil {
 		TEMExiter("Error creating API server tls config: %v\n", err)
 	}
@@ -394,27 +447,65 @@ func APIdispatcher(conf *Config, done <-chan struct{}) {
 		Handler:   router,
 		TLSConfig: tlsConfig,
 	}
+	bootstrapTlsServer := &http.Server{
+		Addr:      bootstraptlsaddress,
+		Handler:   bootstraprouter,
+		TLSConfig: tlsConfig,
+	}
 
 	var wg sync.WaitGroup
 
-	go func() {
-		log.Println("Starting API dispatcher #1. Listening on", address)
-		TEMExiter(http.ListenAndServe(address, router))
-	}()
+	log.Println("*** API: Starting API dispatcher #1. Listening on", address)
+
+	if address != "" {
+		wg.Add(1)
+		go func(wg *sync.WaitGroup) {
+			log.Println("*** API: Starting API dispatcher #1. Listening on", address)
+			wg.Done()
+			TEMExiter(http.ListenAndServe(address, router))
+		}(&wg)
+	}
 
 	if tlsaddress != "" {
 		if tlspossible {
 			wg.Add(1)
 			go func(wg *sync.WaitGroup) {
-				log.Println("Starting TLS API dispatcher #1. Listening on", tlsaddress)
+				log.Println("*** API: Starting TLS API dispatcher #1. Listening on", tlsaddress)
+				wg.Done()
 				TEMExiter(tlsServer.ListenAndServeTLS(certfile, keyfile))
+			}(&wg)
+		} else {
+			log.Printf("*** API: APIdispatcher: Error: Cannot provide TLS service without cert and key files.\n")
+		}
+	}
+
+	if bootstrapaddress != "" {
+		wg.Add(1)
+		go func(wg *sync.WaitGroup) {
+			log.Println("*** API: Starting Bootstrap API dispatcher #1. Listening on", bootstrapaddress)
+			wg.Done()
+			TEMExiter(http.ListenAndServe(bootstrapaddress, bootstraprouter))
+		}(&wg)
+	} else {
+		log.Println("*** API: No bootstrap address specified")
+	}
+
+	if bootstraptlsaddress != "" {
+		if tlspossible {
+			wg.Add(1)
+			go func(wg *sync.WaitGroup) {
+				log.Println("*** API: Starting Bootstrap TLS API dispatcher #1. Listening on", bootstraptlsaddress)
 				wg.Done()
+				TEMExiter(bootstrapTlsServer.ListenAndServeTLS(certfile, keyfile))
 			}(&wg)
 		} else {
-			log.Printf("APIdispatch Error: Cannot provide TLS service without cert and key files.\n")
+			log.Printf("*** API: APIdispatcher: Error: Cannot provide Bootstrap TLS service without cert and key files.\n")
 		}
+	} else {
+		log.Println("*** API: No bootstrap TLS address specified")
 	}
 
+	wg.Wait()
 	log.Println("API dispatcher: unclear how to stop the http server nicely.")
 }
 

diff --git a/config.go b/config.go
@@ -24,10 +24,10 @@ type Config struct {
 		Verbose *bool  `validate:"required"`
 		Debug   *bool  `validate:"required"`
 	}
-	Loggers	struct {
-		Mqtt		*log.Logger
-		Dnsengine	*log.Logger
-		Policy		*log.Logger
+	Loggers struct {
+		Mqtt      *log.Logger
+		Dnsengine *log.Logger
+		Policy    *log.Logger
 	}
 	Internal InternalConf
 	TemData  *TemData
@@ -48,20 +48,25 @@ type ServerConf struct {
 }
 
 type SourceConf struct {
-	Active      *bool  `validate:"required"`
-	Name        string `validate:"required"`
-	Description string `validate:"required"`
-	Type        string `validate:"required"`
-	Format      string `validate:"required"`
-	Source      string `validate:"required"`
-	Filename    string
-	Upstream    string
-	Zone        string
+	Active       *bool  `validate:"required"`
+	Name         string `validate:"required"`
+	Description  string `validate:"required"`
+	Type         string `validate:"required"`
+	Format       string `validate:"required"`
+	Source       string `validate:"required"`
+	Topic        string
+	ValidatorKey string
+	Bootstrap    []string
+	BootstrapUrl string
+	BootstrapKey string
+	Filename     string
+	Upstream     string
+	Zone         string
 }
 
 type PolicyConf struct {
-	Logfile   string
-//	Logger    *log.Logger
+	Logfile string
+	//	Logger    *log.Logger
 	Whitelist struct {
 		Action string `validate:"required"`
 	}
@@ -96,7 +101,7 @@ type ApiserverConf struct {
 type DnsengineConf struct {
 	Address string `validate:"required"`
 	Logfile string `validate:"required"`
-//	Logger  *log.Logger
+	// Logger  *log.Logger
 }
 
 type InternalConf struct {

diff --git a/main.go b/main.go
@@ -177,10 +177,18 @@ func main() {
 		TEMExiter("Error from NewTemData: %v", err)
 	}
 	go td.RefreshEngine(&conf, stopch)
-	err = td.ParseSources()
+
+	log.Println("*** main: Calling ParseSourcesNG()")
+	err = td.ParseSourcesNG()
 	if err != nil {
-		TEMExiter("Error from ParseSources: %v", err)
+		TEMExiter("Error from ParseSourcesNG: %v", err)
 	}
+	log.Println("*** main: Returned from ParseSourcesNG()")
+
+	//err = td.ParseSources()
+	//if err != nil {
+	//	TEMExiter("Error from ParseSources: %v", err)
+	//}
 
 	err = td.ParseOutputs()
 	if err != nil {

diff --git a/mqtt.go b/mqtt.go
@@ -93,7 +93,7 @@ func (td *TemData) ProcessTapirUpdate(tpkg tapir.MqttPkg) (bool, error) {
 			TTL:       ttl,
 			TagMask:   name.TagMask,
 		}
-		wbgl.Names[name.Name] = &tmp
+		wbgl.Names[name.Name] = tmp
 
 		td.Logger.Printf("ProcessTapirUpdate: adding name %s to %s (TimeAdded: %s ttl: %v)",
 			name.Name, wbgl.Name, name.TimeAdded.Format(tapir.TimeLayout), name.TTL)

diff --git a/output.go b/output.go
@@ -40,7 +40,7 @@ func (td *TemData) ParseOutputs() error {
 		Outputs: make(map[string]TemOutput),
 	}
 
-	td.Logger.Printf("ParseOutputs: config read: %s", cfgdata)
+	// td.Logger.Printf("ParseOutputs: config read: %s", cfgdata)
 	err = yaml.Unmarshal(cfgdata, &oconf)
 	if err != nil {
 		log.Fatalf("Error from yaml.Unmarshal(OutputsConfig): %v", err)
@@ -155,7 +155,7 @@ func (td *TemData) GenerateRpzAxfr() error {
 							tmp.Action = tmp.Action | v.Action
 							grey[k] = tmp
 						} else {
-							grey[k] = v
+							grey[k] = &v
 						}
 					}
 				}
@@ -259,7 +259,7 @@ func (td *TemData) ComputeRpzGreylistAction(name string) tapir.Action {
 			if v, exists := list.Names[name]; exists {
 				// td.Logger.Printf("ComputeRpzGreylistAction: found %s in greylist %s (%d names)",
 				// 	name, listname, len(list.Names))
-				greyHits[listname] = v
+				greyHits[listname] = &v
 			}
 			//		case "trie":
 			//			if list.Trie.Search(name) != nil {