foo

dnstapir · May 27, 2024 · 98eb70e · 98eb70e
1 parent ba74ecd
commit 98eb70e
Show file tree

Hide file tree

Showing 11 changed files with 212 additions and 96 deletions.
diff --git a/apihandler.go b/apihandler.go
@@ -61,7 +61,11 @@ func APIcommand(conf *Config) func(w http.ResponseWriter, r *http.Request) {
 		defer func() {
 			// log.Printf("defer: resp: %v", resp)
 			w.Header().Set("Content-Type", "application/json")
-			json.NewEncoder(w).Encode(resp)
+			err := json.NewEncoder(w).Encode(resp)
+			if err != nil {
+				log.Printf("Error from json encoder: %v", err)
+				log.Printf("resp: %v", resp)
+			}
 		}()
 
 		switch cp.Command {
@@ -85,15 +89,27 @@ func APIcommand(conf *Config) func(w http.ResponseWriter, r *http.Request) {
 			}
 
 		case "mqtt-start":
-			conf.TemData.MqttEngine.StartEngine()
+			_, _, _, err := conf.TemData.MqttEngine.StartEngine()
+			if err != nil {
+				resp.Error = true
+				resp.ErrorMsg = err.Error()
+			}
 			resp.Msg = "MQTT engine started"
 
 		case "mqtt-stop":
-			conf.TemData.MqttEngine.StopEngine()
+			_, err := conf.TemData.MqttEngine.StopEngine()
+			if err != nil {
+				resp.Error = true
+				resp.ErrorMsg = err.Error()
+			}
 			resp.Msg = "MQTT engine stopped"
 
 		case "mqtt-restart":
-			conf.TemData.MqttEngine.RestartEngine()
+			_, err := conf.TemData.MqttEngine.RestartEngine()
+			if err != nil {
+				resp.Error = true
+				resp.ErrorMsg = err.Error()
+			}
 			resp.Msg = "MQTT engine restarted"
 
 		case "rpz-add":
@@ -508,14 +524,18 @@ func APIdispatcher(conf *Config, done <-chan struct{}) {
 	}
 
 	tlsServer := &http.Server{
-		Addr:      tlsaddress,
-		Handler:   router,
-		TLSConfig: tlsConfig,
+		Addr:         tlsaddress,
+		Handler:      router,
+		TLSConfig:    tlsConfig,
+		ReadTimeout:  10 * time.Second,
+		WriteTimeout: 10 * time.Second,
 	}
 	bootstrapTlsServer := &http.Server{
-		Addr:      bootstraptlsaddress,
-		Handler:   bootstraprouter,
-		TLSConfig: tlsConfig,
+		Addr:         bootstraptlsaddress,
+		Handler:      bootstraprouter,
+		TLSConfig:    tlsConfig,
+		ReadTimeout:  10 * time.Second,
+		WriteTimeout: 10 * time.Second,
 	}
 
 	var wg sync.WaitGroup
@@ -525,9 +545,16 @@ func APIdispatcher(conf *Config, done <-chan struct{}) {
 	if address != "" {
 		wg.Add(1)
 		go func(wg *sync.WaitGroup) {
+			apiServer := &http.Server{
+				Addr:         address,
+				Handler:      router,
+				ReadTimeout:  10 * time.Second,
+				WriteTimeout: 10 * time.Second,
+			}
+
 			log.Println("*** API: Starting API dispatcher #1. Listening on", address)
 			wg.Done()
-			TEMExiter(http.ListenAndServe(address, router))
+			TEMExiter(apiServer.ListenAndServe())
 		}(&wg)
 	}
 
@@ -547,9 +574,15 @@ func APIdispatcher(conf *Config, done <-chan struct{}) {
 	if bootstrapaddress != "" {
 		wg.Add(1)
 		go func(wg *sync.WaitGroup) {
+			apiServer := &http.Server{
+				Addr:         bootstrapaddress,
+				Handler:      bootstraprouter,
+				ReadTimeout:  10 * time.Second,
+				WriteTimeout: 10 * time.Second,
+			}
 			log.Println("*** API: Starting Bootstrap API dispatcher #1. Listening on", bootstrapaddress)
 			wg.Done()
-			TEMExiter(http.ListenAndServe(bootstrapaddress, bootstraprouter))
+			TEMExiter(apiServer.ListenAndServe())
 		}(&wg)
 	} else {
 		log.Println("*** API: No bootstrap address specified")
@@ -587,7 +620,7 @@ func BumpSerial(conf *Config, zone string) (string, error) {
 	if resp.Error {
 		log.Printf("BumpSerial: Error from RefreshEngine: %s", resp.ErrorMsg)
 		return fmt.Sprintf("Zone %s: error bumping SOA serial: %s", zone, resp.ErrorMsg),
-			fmt.Errorf("Zone %s: error bumping SOA serial and epoch: %v", zone, resp.ErrorMsg)
+			fmt.Errorf("zone %s: error bumping SOA serial and epoch: %v", zone, resp.ErrorMsg)
 	}
 
 	if resp.Msg == "" {

diff --git a/bootstrap.go b/bootstrap.go
@@ -39,7 +39,7 @@ func (td *TemData) BootstrapMqttSource(s *tapir.WBGlist, src SourceConf) (*tapir
 	tlsConfig.InsecureSkipVerify = true
 	err = api.SetupTLS(tlsConfig)
 	if err != nil {
-		return nil, fmt.Errorf("Error setting up TLS for the API client: %v", err)
+		return nil, fmt.Errorf("error setting up TLS for the API client: %v", err)
 	}
 
 	// Iterate over the bootstrap servers
@@ -53,7 +53,7 @@ func (td *TemData) BootstrapMqttSource(s *tapir.WBGlist, src SourceConf) (*tapir
 			continue
 		}
 
-		uptime := time.Now().Sub(pr.BootTime).Round(time.Second)
+		uptime := time.Since(pr.BootTime).Round(time.Second)
 		td.Logger.Printf("MQTT bootstrap server %s uptime: %v. It has processed %d MQTT messages", server, uptime, 17)
 
 		status, buf, err := api.RequestNG(http.MethodPost, "/bootstrap", tapir.BootstrapPost{
@@ -108,5 +108,5 @@ func (td *TemData) BootstrapMqttSource(s *tapir.WBGlist, src SourceConf) (*tapir
 	}
 
 	// If no bootstrap server succeeded
-	return nil, fmt.Errorf("All bootstrap servers failed")
+	return nil, fmt.Errorf("all bootstrap servers failed")
 }
diff --git a/dnshandler.go b/dnshandler.go
@@ -65,7 +65,10 @@ func createHandler(conf *Config) func(w dns.ResponseWriter, r *dns.Msg) {
 			// send NOERROR response
 			m := new(dns.Msg)
 			m.SetReply(r)
-			w.WriteMsg(m)
+			err := w.WriteMsg(m)
+			if err != nil {
+				lg.Printf("Error from WriteMsg(): %v", err)
+			}
 
 			if _, ok := td.RpzSources[qname]; ok {
 				lg.Printf("Received Notify for known zone %s. Fetching from upstream", qname)
@@ -82,14 +85,20 @@ func createHandler(conf *Config) func(w dns.ResponseWriter, r *dns.Msg) {
 			qtype := r.Question[0].Qtype
 			lg.Printf("Zone %s %s request from %s", qname, dns.TypeToString[qtype], w.RemoteAddr())
 			if qname == td.Rpz.ZoneName {
-				td.RpzResponder(w, r, qtype, lg)
+				err := td.RpzResponder(w, r, qtype, lg)
+				if err != nil {
+					lg.Printf("Error from RpzResponder(): %v", err)
+				}
 			} else if zd, ok := td.RpzSources[qname]; ok {
 				// The qname is equal to the name of a zone we have
-				ApexResponder(w, r, zd, qname, qtype, lg)
+				err := ApexResponder(w, r, zd, qname, qtype, lg)
+				if err != nil {
+					lg.Printf("Error from ApexResponder(): %v", err)
+				}
 			} else {
 				lg.Printf("DnsHandler: Qname is '%s', which is not a known zone.", qname)
 				known_zones := []string{td.Rpz.ZoneName}
-				for z, _ := range td.RpzSources {
+				for z := range td.RpzSources {
 					known_zones = append(known_zones, z)
 				}
 				lg.Printf("DnsHandler: Known zones are: %v", known_zones)
@@ -98,26 +107,38 @@ func createHandler(conf *Config) func(w dns.ResponseWriter, r *dns.Msg) {
 				if strings.HasSuffix(qname, td.Rpz.ZoneName) {
 					lg.Printf("Query for qname %s belongs in our own RPZ \"%s\"",
 						qname, td.Rpz.ZoneName)
-					td.QueryResponder(w, r, qname, qtype, lg)
+					err := td.QueryResponder(w, r, qname, qtype, lg)
+					if err != nil {
+						lg.Printf("Error from QueryResponder(): %v", err)
+					}
 					return
 				}
 				zd := td.FindZone(qname)
 				if zd == nil {
 					lg.Printf("After FindZone: zd==nil")
 					m := new(dns.Msg)
 					m.SetRcode(r, dns.RcodeRefused)
-					w.WriteMsg(m)
+					err := w.WriteMsg(m)
+					if err != nil {
+						lg.Printf("Error from WriteMsg(): %v", err)
+					}
 					return // didn't find any zone for that qname or found zone, but it is an XFR zone only
 				}
 				lg.Printf("After FindZone: zd: zd.ZoneType: %v", zd.ZoneType)
 				if zd.ZoneType == tapir.XfrZone {
 					m := new(dns.Msg)
 					m.SetRcode(r, dns.RcodeRefused)
-					w.WriteMsg(m)
+					err := w.WriteMsg(m)
+					if err != nil {
+						lg.Printf("Error from WriteMsg(): %v", err)
+					}
 					return // didn't find any zone for that qname or found zone, but it is an XFR zone only
 				}
 				lg.Printf("Found matching full zone for qname %s: %s", qname, zd.ZoneName)
-				QueryResponder(w, r, zd, qname, qtype, lg)
+				err := QueryResponder(w, r, zd, qname, qtype, lg)
+				if err != nil {
+					lg.Printf("Error from QueryResponder(): %v", err)
+				}
 				return
 			}
 			return
@@ -189,7 +210,10 @@ func (td *TemData) RpzResponder(w dns.ResponseWriter, r *dns.Msg, qtype uint16,
 		m.MsgHdr.Rcode = dns.RcodeRefused
 		m.Ns = append(m.Ns, zd.NSrrs...)
 	}
-	w.WriteMsg(m)
+	err = w.WriteMsg(m)
+	if err != nil {
+		lg.Printf("Error from WriteMsg(): %v", err)
+	}
 	return nil
 }
 
@@ -230,7 +254,10 @@ func ApexResponder(w dns.ResponseWriter, r *dns.Msg, zd *tapir.ZoneData,
 		m.MsgHdr.Rcode = dns.RcodeRefused
 		m.Ns = append(m.Ns, zd.NSrrs...)
 	}
-	w.WriteMsg(m)
+	err := w.WriteMsg(m)
+	if err != nil {
+		lg.Printf("Error from WriteMsg(): %v", err)
+	}
 	return nil
 }
 
@@ -260,8 +287,10 @@ func QueryResponder(w dns.ResponseWriter, r *dns.Msg, zd *tapir.ZoneData, qname
 		// return NXDOMAIN
 		m.MsgHdr.Rcode = dns.RcodeNameError
 		m.Ns = append(m.Ns, apex.RRtypes[dns.TypeSOA].RRs...)
-		w.WriteMsg(m)
-		return
+		err := w.WriteMsg(m)
+		if err != nil {
+			lg.Printf("Error from WriteMsg(): %v", err)
+		}
 	}
 
 	// log.Printf("Zone %s Data: %v", zd.ZoneName, zd.Data)
@@ -281,7 +310,10 @@ func QueryResponder(w dns.ResponseWriter, r *dns.Msg, zd *tapir.ZoneData, qname
 			// return NXDOMAIN
 			m.MsgHdr.Rcode = dns.RcodeNameError
 			m.Ns = append(m.Ns, apex.RRtypes[dns.TypeSOA].RRs...)
-			w.WriteMsg(m)
+			err := w.WriteMsg(m)
+			if err != nil {
+				lg.Printf("Error from WriteMsg(): %v", err)
+			}
 			return nil
 		}
 
@@ -296,7 +328,10 @@ func QueryResponder(w dns.ResponseWriter, r *dns.Msg, zd *tapir.ZoneData, qname
 	if len(owner.RRtypes) == 0 {
 		m.MsgHdr.Rcode = dns.RcodeNameError
 		m.Ns = append(m.Ns, apex.RRtypes[dns.TypeSOA].RRs...)
-		w.WriteMsg(m)
+		err := w.WriteMsg(m)
+		if err != nil {
+			lg.Printf("Error from WriteMsg(): %v", err)
+		}
 		return nil
 	}
 
@@ -318,7 +353,10 @@ func QueryResponder(w dns.ResponseWriter, r *dns.Msg, zd *tapir.ZoneData, qname
 						glue = zd.FindGlue(apex.RRtypes[dns.TypeNS])
 						m.Extra = append(m.Extra, glue.RRs...)
 					}
-					w.WriteMsg(m)
+					err := w.WriteMsg(m)
+					if err != nil {
+						lg.Printf("Error from WriteMsg(): %v", err)
+					}
 					return nil
 				}
 			}
@@ -346,7 +384,10 @@ func QueryResponder(w dns.ResponseWriter, r *dns.Msg, zd *tapir.ZoneData, qname
 		} else {
 			m.Ns = append(m.Ns, apex.RRtypes[dns.TypeSOA].RRs...)
 		}
-		w.WriteMsg(m)
+		err := w.WriteMsg(m)
+		if err != nil {
+			lg.Printf("Error from WriteMsg(): %v", err)
+		}
 		return nil
 
 	default:
@@ -355,7 +396,10 @@ func QueryResponder(w dns.ResponseWriter, r *dns.Msg, zd *tapir.ZoneData, qname
 		m.Ns = append(m.Ns, apex.RRtypes[dns.TypeNS].RRs...)
 		glue = zd.FindGlue(apex.RRtypes[dns.TypeNS])
 		m.Extra = append(m.Extra, glue.RRs...)
-		w.WriteMsg(m)
+		err := w.WriteMsg(m)
+		if err != nil {
+			lg.Printf("Error from WriteMsg(): %v", err)
+		}
 	}
 	return nil
 }
@@ -371,8 +415,10 @@ func (td *TemData) QueryResponder(w dns.ResponseWriter, r *dns.Msg, qname string
 		m.MsgHdr.Rcode = dns.RcodeNameError
 		//		m.Ns = append(m.Ns, apex.RRtypes[dns.TypeSOA].RRs...)
 		m.Ns = append(m.Ns, dns.RR(&td.Rpz.Axfr.SOA))
-		w.WriteMsg(m)
-		return
+		err := w.WriteMsg(m)
+		if err != nil {
+			lg.Printf("Error from WriteMsg(): %v", err)
+		}
 	}
 
 	// log.Printf("Zone %s Data: %v", zd.ZoneName, zd.Data)
@@ -390,7 +436,10 @@ func (td *TemData) QueryResponder(w dns.ResponseWriter, r *dns.Msg, qname string
 		default:
 			m.Ns = append(m.Ns, dns.RR(&td.Rpz.Axfr.SOA))
 		}
-		w.WriteMsg(m)
+		err := w.WriteMsg(m)
+		if err != nil {
+			lg.Printf("Error from WriteMsg(): %v", err)
+		}
 		return nil
 	}
 	returnNXDOMAIN()

diff --git a/logging.go b/logging.go
@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"log"
 	"os"
+	"path/filepath"
 
 	"github.com/spf13/viper"
 	"gopkg.in/natefinch/lumberjack.v2"
@@ -30,7 +31,8 @@ func SetupLogging(conf *Config) {
 
 	logfile = viper.GetString("policy.logfile")
 	if logfile != "" {
-		f, err := os.OpenFile(logfile, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0666)
+		logfile = filepath.Clean(logfile)
+		f, err := os.OpenFile(logfile, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0644)
 		if err != nil {
 			TEMExiter("error opening TEM policy logfile '%s': %v", logfile, err)
 		}
@@ -50,7 +52,8 @@ func SetupLogging(conf *Config) {
 
 	logfile = viper.GetString("dnsengine.logfile")
 	if logfile != "" {
-		f, err := os.OpenFile(logfile, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0666)
+		logfile = filepath.Clean(logfile)
+		f, err := os.OpenFile(logfile, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0644)
 		if err != nil {
 			TEMExiter("error opening TEM dnsengine logfile '%s': %v", logfile, err)
 		}
@@ -70,7 +73,8 @@ func SetupLogging(conf *Config) {
 
 	logfile = viper.GetString("mqtt.logfile")
 	if logfile != "" {
-		f, err := os.OpenFile(logfile, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0666)
+		logfile = filepath.Clean(logfile)
+		f, err := os.OpenFile(logfile, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0644)
 		if err != nil {
 			TEMExiter("error opening TEM MQTT logfile '%s': %v", logfile, err)
 		}