From: Eugene Crosser Date: Fri, 30 May 2014 14:27:42 +0000 (+0400) Subject: wip on enforcing TLSA on subdoms X-Git-Tag: 0.9.0.1~3 X-Git-Url: http://www.average.org/gitweb/?p=pdns-pipe-nmc.git;a=commitdiff_plain;h=92504303416dfc46f1a4e4ed45ddd3203919cf8f wip on enforcing TLSA on subdoms --- diff --git a/NmcDom.hs b/NmcDom.hs index 2fdd6b9..dac614b 100644 --- a/NmcDom.hs +++ b/NmcDom.hs @@ -182,7 +182,7 @@ instance Mergeable NmcRRI2p where data NmcRRTlsa = NmcRRTlsa { tlsMatchType :: Int -- 0:exact 1:sha256 2:sha512 , tlsMatchValue :: String - , tlsIncSubdoms :: Int -- 1:enforce on subdoms 0:no + , tlsIncSubdoms :: Bool -- enforce on subdoms? } deriving (Show, Eq) instance FromJSON NmcRRTlsa where @@ -190,7 +190,10 @@ instance FromJSON NmcRRTlsa where if length a == 3 then NmcRRTlsa <$> parseJSON (a ! 0) <*> parseJSON (a ! 1) - <*> parseJSON (a ! 2) + <*> case (a ! 2) of + Number 0 -> return False + Number 1 -> return True + _ -> empty else empty parseJSON _ = empty diff --git a/NmcTransform.hs b/NmcTransform.hs index c461274..23244a5 100644 --- a/NmcTransform.hs +++ b/NmcTransform.hs @@ -75,7 +75,10 @@ mergeSelf base = -- | transfer some elements of `base` into `sub`, notably TLSA propagate :: NmcDom -> NmcDom -> NmcDom -propagate base sub = sub -- FIXME implement it +propagate base sub = sub `merge` (pickglobals base) + where -- FIXME must do this on the map elements, not on the top level + pickglobals dom = def { domTlsa = fmap pickforcedtls (domTlsa dom) } + pickforcedtls = filter (\x -> tlsIncSubdoms x) -- | Presence of some elements require removal of some others normalizeDom :: NmcDom -> NmcDom