diff options
author | Andrew Cady <d@jerkface.net> | 2021-10-09 06:18:18 -0400 |
---|---|---|
committer | Andrew Cady <d@jerkface.net> | 2021-10-09 06:18:18 -0400 |
commit | bba4578f2a9de3211d467d2767eb59039afa18bd (patch) | |
tree | 5e828662964346397db8df9b78b69dead4b4044d | |
parent | 01f2462f6b553ba649a26874ab1b9096f6f082f1 (diff) |
-rwxr-xr-x | bin/cryptonomic-dyndns-command | 29 | ||||
-rwxr-xr-x | bin/samizdat-ssh-uid | 7 |
2 files changed, 31 insertions, 5 deletions
diff --git a/bin/cryptonomic-dyndns-command b/bin/cryptonomic-dyndns-command index c191066..3e69f56 100755 --- a/bin/cryptonomic-dyndns-command +++ b/bin/cryptonomic-dyndns-command | |||
@@ -14,11 +14,12 @@ powerdns_sqlite_add_replace_record() | |||
14 | local sql_record_type="$(sql_string "$2")" | 14 | local sql_record_type="$(sql_string "$2")" |
15 | local sql_ip_address="$(sql_string "$3")" | 15 | local sql_ip_address="$(sql_string "$3")" |
16 | 16 | ||
17 | zone=${1#*.} | 17 | zone=cryptonomic.net |
18 | new_name=${label:+$label.}${1: -64 : 64} | 18 | new_name=${label:+$label.}${1: -64 : 64} |
19 | 19 | ||
20 | local sql_new_name="$(sql_string "$new_name")" | 20 | local sql_new_name="$(sql_string "$new_name")" |
21 | local sql_zone="$(sql_string "$zone")" | 21 | local sql_zone="$(sql_string "$zone")" |
22 | local sql_sshfp="$(sql_string "$SSH_CLIENT_SSHFP_DATA")" | ||
22 | 23 | ||
23 | if false | 24 | if false |
24 | then | 25 | then |
@@ -37,7 +38,7 @@ powerdns_sqlite_add_replace_record() | |||
37 | sqlite3 $DB <<END | 38 | sqlite3 $DB <<END |
38 | ${SQL_ECHO:+.echo on} | 39 | ${SQL_ECHO:+.echo on} |
39 | BEGIN; | 40 | BEGIN; |
40 | DELETE FROM records WHERE type=$sql_record_type AND name=$sql_new_name; | 41 | DELETE FROM records WHERE name=$sql_new_name; |
41 | 42 | ||
42 | INSERT INTO records | 43 | INSERT INTO records |
43 | 44 | ||
@@ -53,10 +54,30 @@ BEGIN; | |||
53 | $sql_new_name, | 54 | $sql_new_name, |
54 | $sql_record_type, | 55 | $sql_record_type, |
55 | $sql_ip_address, | 56 | $sql_ip_address, |
56 | 3600, | 57 | 600, |
57 | 0 | 58 | 0 |
58 | FROM domains | 59 | FROM domains |
59 | WHERE name=$sql_zone; | 60 | WHERE name=$sql_zone; |
61 | |||
62 | INSERT INTO records | ||
63 | |||
64 | (domain_id, | ||
65 | name, | ||
66 | type, | ||
67 | content, | ||
68 | ttl, | ||
69 | prio) | ||
70 | |||
71 | SELECT | ||
72 | id, | ||
73 | $sql_new_name, | ||
74 | 'SSHFP', | ||
75 | $sql_sshfp, | ||
76 | 600, | ||
77 | 0 | ||
78 | FROM domains | ||
79 | WHERE name=$sql_zone; | ||
80 | |||
60 | COMMIT; | 81 | COMMIT; |
61 | END | 82 | END |
62 | r=$? | 83 | r=$? |
@@ -133,6 +154,8 @@ PEM_DEST=$HOME/public_rsync | |||
133 | 154 | ||
134 | eval "$(samizdat-ssh-uid --copy-pem "$PEM_DEST")" | 155 | eval "$(samizdat-ssh-uid --copy-pem "$PEM_DEST")" |
135 | 156 | ||
157 | [ "$SSH_CLIENT_SSHFP_DATA" ] || die wtf | ||
158 | |||
136 | domain=${SSH_CLIENT_DOMAIN} | 159 | domain=${SSH_CLIENT_DOMAIN} |
137 | ip_address=${SSH_CLIENT%% *} | 160 | ip_address=${SSH_CLIENT%% *} |
138 | 161 | ||
diff --git a/bin/samizdat-ssh-uid b/bin/samizdat-ssh-uid index 2612bdc..2180cd5 100755 --- a/bin/samizdat-ssh-uid +++ b/bin/samizdat-ssh-uid | |||
@@ -21,8 +21,10 @@ get_domain() | |||
21 | get_sshfp() | 21 | get_sshfp() |
22 | { | 22 | { |
23 | [ -f "$1" ] || return | 23 | [ -f "$1" ] || return |
24 | sshfp_b16=$(ssh-keygen -r . -f "$1" | sed -ne 's/^. IN SSHFP [0-9]* 2 //p') && | 24 | sshfp_raw=$(ssh-keygen -r . -f "$1" | sed -ne 's/^. IN SSHFP \([0-9]* 2 \)/\1/p' | head -n1) || die 'ssh-keygen' |
25 | [ "$sshfp_b16" ] || die "could not determine ssh client fingerprint" | 25 | |
26 | sshfp_b16=$(echo "$sshfp_raw" | sed -ne 's/^[0-9]* 2 //p') && | ||
27 | [ "$sshfp_b16" ] || die "could not determine ssh client fingerprint" | ||
26 | sshfp_b32=$(b16_to_b32 "$sshfp_b16") | 28 | sshfp_b32=$(b16_to_b32 "$sshfp_b16") |
27 | } | 29 | } |
28 | 30 | ||
@@ -82,6 +84,7 @@ dispose_of_temp_pem_files "$@" | |||
82 | 84 | ||
83 | env -i \ | 85 | env -i \ |
84 | SSH_CLIENT_DOMAIN="$domain" \ | 86 | SSH_CLIENT_DOMAIN="$domain" \ |
87 | SSH_CLIENT_SSHFP_DATA="'$sshfp_raw'" \ | ||
85 | SSH_CLIENT_FINGERPRINT="$sshfp_b32" \ | 88 | SSH_CLIENT_FINGERPRINT="$sshfp_b32" \ |
86 | SSH_CLIENT_KEYTYPE="$keytype" \ | 89 | SSH_CLIENT_KEYTYPE="$keytype" \ |
87 | SSH_CLIENT_KEYDATA="$keydata" | 90 | SSH_CLIENT_KEYDATA="$keydata" |