Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Version 1.0.0 #27

Merged
merged 15 commits into from
Jan 8, 2021
Merged

Version 1.0.0 #27

merged 15 commits into from
Jan 8, 2021

Conversation

bodgit
Copy link
Owner

@bodgit bodgit commented Jan 8, 2021

Now that the upstream DNS library has accepted a revised PR, this library can be finalised.

@bodgit
Add methods to match GSS-TSIG second attempt
a5126f8
@bodgit
Hit things with the refactor stick
7319763 
* Remove the forked DNS client
* Rename dh.DH -> dh.Client and gss.GSS -> gss.Client as there can in
  theory be a server version
* Rename dh.New -> dh.NewClient and gss.New -> gss.NewClient which now
  takes a *dns.Client which is used for the TKEY negotiation
* Change dh.Client.NegotiateKey to return literal values instead of pointers
* Change dh.Client.DeleteKey to require a literal string
* Rename gss.Client.GenerateGSS and gss.Client.VerifyGSS to
  gss.Client.Generate and gss.Client.Verify respectively and update the
  signatures to just be passed []byte and *dns.TSIG
* Change gss.Client.NegotiateContext* to return literal values instead
  of pointers
* Change gss.Client.DeleteContext to require a literal string
* Change tsig.ExchangeTKEY to require a dns.Client and literal strings
* Add tsig.CopyDNSClient which returns a copy of a dns.Client with the
  network changed to TCP, respecting any IPv4 or IPv6 choice

fixes #15
@bodgit
Require host:port format when negotiating
6debf55 
Drop tsig.SplitHostPort and use net.SplitHostPort instead.
@bodgit
Use internal package for shared code
bdb351e 
Make util.ExchangeTKEY not require the optional TSIG MAC but require the
passed dns.Client to be configured beforehand.
@bodgit
Unexport the gokrb5 sequence implementation
da7097f
@bodgit
Make the TKEY constants private
947530a
@bodgit
Use newer TsigProvider interface
5ba93ef
@bodgit
Add gssNoVerify TSIG provider
f4f9625 
This is needed because Windows signs the TKEY response with a TSIG
record using the same TKEY which creates a chicken & egg problem.
@bodgit
Refactor to use error variable
68bbb34 
Makes it easier to test later.
@bodgit
Add missing Release() call
9d9716b
@bodgit
Bump github.com/miekg/dns
9fa5f94 
This version has the necessary dns.TsigProvider interface.
@bodgit
Add integration tests
69bb176 
Builds and spins up Kerberos and BIND containers in Docker and exports a
keytab for tests.
@bodgit
Add GoReleaser workflow
bbffb99
@bodgit
Lint
2cfb271
@bodgit
Add coverage
60f3c1f
@bodgit bodgit added the enhancement New feature or request label Jan 8, 2021
@bodgit bodgit self-assigned this Jan 8, 2021
@bodgit bodgit added this to the v1.0.0 milestone Jan 8, 2021
This was linked to issues Jan 8, 2021
Unable to tune DNS client used to negotiate TKEY #15
Closed
Try refactoring how to solve this. #22
Closed
@bodgit bodgit merged commit 61c03d3 into master Jan 8, 2021
@bodgit bodgit deleted the v1 branch January 8, 2021 11:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@bodgit bodgit

Labels
enhancement New feature or request
Projects
None yet
Milestone
v1.0.0
Development

Successfully merging this pull request may close these issues.

Try refactoring how to solve this. Unable to tune DNS client used to negotiate TKEY
1 participant
@bodgit