source: trunk/DNSDB.pm@ 192

Last change on this file since 192 was 192, checked in by Kris Deugau, 13 years ago

/trunk

Ooops, reverting unintended Weirdness in dns.sql, DNSDB.pm, and dns.cgi
accidentally commited along with the intended dns-rpc.cgi change in r191

  • Property svn:keywords set to Date Rev Author Id
File size: 62.3 KB
Line 
1# dns/trunk/DNSDB.pm
2# Abstraction functions for DNS administration
3###
4# SVN revision info
5# $Date: 2011-12-09 21:17:14 +0000 (Fri, 09 Dec 2011) $
6# SVN revision $Rev: 192 $
7# Last update by $Author: kdeugau $
8###
9# Copyright (C) 2008-2011 - Kris Deugau <kdeugau@deepnet.cx>
10
11package DNSDB;
12
13use strict;
14use warnings;
15use Exporter;
16use DBI;
17use Net::DNS;
18use Crypt::PasswdMD5;
19#use Net::SMTP;
20use NetAddr::IP;
21#use POSIX;
22use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
23
24$VERSION = 0.1;
25@ISA = qw(Exporter);
26@EXPORT_OK = qw(
27 &initGlobals
28 &initPermissions &getPermissions &changePermissions &comparePermissions
29 &changeGroup
30 &loadConfig &connectDB &finish
31 &addDomain &delDomain &domainName &domainID
32 &addGroup &delGroup &getChildren &groupName
33 &addUser &updateUser &delUser &userFullName &userStatus &getUserData
34 &getSOA &getRecLine &getDomRecs &getRecCount
35 &addRec &updateRec &delRec
36 &getParents
37 &isParent
38 &domStatus &importAXFR
39 &export
40 %typemap %reverse_typemap %config
41 %permissions @permtypes $permlist
42 );
43
44@EXPORT = (); # Export nothing by default.
45%EXPORT_TAGS = ( ALL => [qw(
46 &initGlobals
47 &initPermissions &getPermissions &changePermissions &comparePermissions
48 &changeGroup
49 &loadConfig &connectDB &finish
50 &addDomain &delDomain &domainName &domainID
51 &addGroup &delGroup &getChildren &groupName
52 &addUser &updateUser &delUser &userFullName &userStatus &getUserData
53 &getSOA &getRecLine &getDomRecs &getRecCount
54 &addRec &updateRec &delRec
55 &getParents
56 &isParent
57 &domStatus &importAXFR
58 &export
59 %typemap %reverse_typemap %config
60 %permissions @permtypes $permlist
61 )]
62 );
63
64our $group = 1;
65our $errstr = '';
66
67# Halfway sane defaults for SOA, TTL, etc.
68# serial defaults to 0 for convenience.
69# value will be either YYYYMMDDNN for BIND/etc, or auto-internal for tinydns
70our %def = qw (
71 contact hostmaster.DOMAIN
72 prins ns1.myserver.com
73 serial 0
74 soattl 86400
75 refresh 10800
76 retry 3600
77 expire 604800
78 minttl 10800
79 ttl 10800
80);
81
82# Arguably defined wholly in the db, but little reason to change without supporting code changes
83our @permtypes = qw (
84 group_edit group_create group_delete
85 user_edit user_create user_delete
86 domain_edit domain_create domain_delete
87 record_edit record_create record_delete
88 self_edit admin
89);
90our $permlist = join(',',@permtypes);
91
92# DNS record type map and reverse map.
93# loaded from the database, from http://www.iana.org/assignments/dns-parameters
94our %typemap;
95our %reverse_typemap;
96
97our %permissions;
98
99# Prepopulate a basic config. Note some of these *will* cause errors if left unset.
100our %config = (
101 # Database connection info
102 dbname => 'dnsdb',
103 dbuser => 'dnsdb',
104 dbpass => 'secret',
105 dbhost => '',
106
107 # Email notice settings
108 mailhost => 'smtp.example.com',
109 mailsender => 'dnsdb@example.com',
110 mailname => 'DNS Administration',
111
112 # Template directory
113 templatedir => 'templates/',
114# fmeh. this is a real web path, not a logical internal one. hm..
115# cssdir => 'templates/',
116
117 # Session params
118 timeout => '3600' # 1 hour default
119 );
120
121
122##
123## Initialization and cleanup subs
124##
125
126
127## DNSDB::loadConfig()
128# Load the minimum required initial state (DB connect info) from a config file
129# Load misc other bits while we're at it.
130# Takes an optional basename and config path to look for
131# Populates the %config and %def hashes
132sub loadConfig {
133 my $basename = shift || ''; # this will work OK
134
135 my $deferr = ''; # place to put error from default config file in case we can't find either one
136
137 my $configroot = '/etc/dnsdb';
138 $configroot = '' if $basename =~ m|^/|;
139 $basename .= ".conf" if $basename !~ /\.conf$/;
140 my $defconfig = "$configroot/dnsdb.conf";
141 my $siteconfig = "$configroot/$basename";
142
143 # System defaults
144 __cfgload("$defconfig") or $deferr = $errstr;
145
146 # Per-site-ish settings.
147 if ($basename ne '.conf') {
148 unless (__cfgload("$siteconfig")) {
149 $errstr = ($deferr ? "Error opening default config file $defconfig: $deferr\n" : '').
150 "Error opening site config file $siteconfig";
151 return;
152 }
153 }
154
155 # All good, clear the error and go home.
156 $errstr = '';
157 return 1;
158} # end loadConfig()
159
160
161## DNSDB::__cfgload()
162# Private sub to parse a config file and load it into %config
163# Takes a file handle on an open config file
164sub __cfgload {
165 $errstr = '';
166 my $cfgfile = shift;
167
168 if (open CFG, "<$cfgfile") {
169 while (<CFG>) {
170 chomp;
171 s/^\s*//;
172 next if /^#/;
173 next if /^$/;
174# hmm. more complex bits in this file might require [heading] headers, maybe?
175# $mode = $1 if /^\[(a-z)+]/;
176 # DB connect info
177 $config{dbname} = $1 if /^dbname\s*=\s*([a-z0-9_.-]+)/i;
178 $config{dbuser} = $1 if /^dbuser\s*=\s*([a-z0-9_.-]+)/i;
179 $config{dbpass} = $1 if /^dbpass\s*=\s*([a-z0-9_.-]+)/i;
180 $config{dbhost} = $1 if /^dbhost\s*=\s*([a-z0-9_.-]+)/i;
181 # SOA defaults
182 $def{contact} = $1 if /^contact\s*=\s*([a-z0-9_.-]+)/i;
183 $def{prins} = $1 if /^prins\s*=\s*([a-z0-9_.-]+)/i;
184 $def{soattl} = $1 if /^soattl\s*=\s*([a-z0-9_.-]+)/i;
185 $def{refresh} = $1 if /^refresh\s*=\s*([a-z0-9_.-]+)/i;
186 $def{retry} = $1 if /^retry\s*=\s*([a-z0-9_.-]+)/i;
187 $def{expire} = $1 if /^expire\s*=\s*([a-z0-9_.-]+)/i;
188 $def{minttl} = $1 if /^minttl\s*=\s*([a-z0-9_.-]+)/i;
189 $def{ttl} = $1 if /^ttl\s*=\s*([a-z0-9_.-]+)/i;
190 # Mail settings
191 $config{mailhost} = $1 if /^mailhost\s*=\s*([a-z0-9_.-]+)/i;
192 $config{mailsender} = $1 if /^mailsender\s*=\s*([a-z0-9_.@-]+)/i;
193 $config{mailname} = $1 if /^mailname\s*=\s*([a-z0-9\s_.-]+)/i;
194 # session - note this is fed directly to CGI::Session
195 $config{timeout} = $1 if /^[tT][iI][mM][eE][oO][uU][tT]\s*=\s*(\d+[smhdwMy]?)/;
196 }
197 close CFG;
198 } else {
199 $errstr = $!;
200 return;
201 }
202 return 1;
203} # end __cfgload()
204
205
206## DNSDB::connectDB()
207# Creates connection to DNS database.
208# Requires the database name, username, and password.
209# Returns a handle to the db.
210# Set up for a PostgreSQL db; could be any transactional DBMS with the
211# right changes.
212sub connectDB {
213 $errstr = '';
214 my $dbname = shift;
215 my $user = shift;
216 my $pass = shift;
217 my $dbh;
218 my $DSN = "DBI:Pg:dbname=$dbname";
219
220 my $host = shift;
221 $DSN .= ";host=$host" if $host;
222
223# Note that we want to autocommit by default, and we will turn it off locally as necessary.
224# We may not want to print gobbledygook errors; YMMV. Have to ponder that further.
225 $dbh = DBI->connect($DSN, $user, $pass, {
226 AutoCommit => 1,
227 PrintError => 0
228 })
229 or return (undef, $DBI::errstr) if(!$dbh);
230
231# Return here if we can't select. Note that this indicates a
232# problem executing the select.
233 my $sth = $dbh->prepare("select group_id from groups limit 1");
234 $sth->execute();
235 return (undef,$DBI::errstr) if ($sth->err);
236
237# See if the select returned anything (or null data). This should
238# succeed if the select executed, but...
239 $sth->fetchrow();
240 return (undef,$DBI::errstr) if ($sth->err);
241
242 $sth->finish;
243
244# If we get here, we should be OK.
245 return ($dbh,"DB connection OK");
246} # end connectDB
247
248
249## DNSDB::finish()
250# Cleans up after database handles and so on.
251# Requires a database handle
252sub finish {
253 my $dbh = $_[0];
254 $dbh->disconnect;
255} # end finish
256
257
258## DNSDB::initGlobals()
259# Initialize global variables
260# NB: this does NOT include web-specific session variables!
261# Requires a database handle
262sub initGlobals {
263 my $dbh = shift;
264
265# load system-wide site defaults and things from config file
266 if (open SYSDEFAULTS, "</etc/dnsdb.conf") {
267##fixme - error check!
268 while (<SYSDEFAULTS>) {
269 next if /^\s*#/;
270 $def{contact} = $1 if /contact ?= ?([a-z0-9_.-]+)/i;
271 $def{prins} = $1 if /prins ?= ?([a-z0-9_.-]+)/i;
272 $def{soattl} = $1 if /soattl ?= ?([a-z0-9_.-]+)/i;
273 $def{refresh} = $1 if /refresh ?= ?([a-z0-9_.-]+)/i;
274 $def{retry} = $1 if /retry ?= ?([a-z0-9_.-]+)/i;
275 $def{expire} = $1 if /expire ?= ?([a-z0-9_.-]+)/i;
276 $def{minttl} = $1 if /minttl ?= ?([a-z0-9_.-]+)/i;
277 $def{ttl} = $1 if /ttl ?= ?([a-z0-9_.-]+)/i;
278##fixme? load DB user/pass from config file?
279 }
280 }
281# load from database
282 my $sth = $dbh->prepare("select val,name from rectypes");
283 $sth->execute;
284 while (my ($recval,$recname) = $sth->fetchrow_array()) {
285 $typemap{$recval} = $recname;
286 $reverse_typemap{$recname} = $recval;
287 }
288} # end initGlobals
289
290
291## DNSDB::initPermissions()
292# Set up permissions global
293# Takes database handle and UID
294sub initPermissions {
295 my $dbh = shift;
296 my $uid = shift;
297
298# %permissions = $(getPermissions($dbh,'user',$uid));
299 getPermissions($dbh, 'user', $uid, \%permissions);
300
301} # end initPermissions()
302
303
304## DNSDB::getPermissions()
305# Get permissions from DB
306# Requires DB handle, group or user flag, ID, and hashref.
307sub getPermissions {
308 my $dbh = shift;
309 my $type = shift;
310 my $id = shift;
311 my $hash = shift;
312
313 my $sql = qq(
314 SELECT
315 p.admin,p.self_edit,
316 p.group_create,p.group_edit,p.group_delete,
317 p.user_create,p.user_edit,p.user_delete,
318 p.domain_create,p.domain_edit,p.domain_delete,
319 p.record_create,p.record_edit,p.record_delete
320 FROM permissions p
321 );
322 if ($type eq 'group') {
323 $sql .= qq(
324 JOIN groups g ON g.permission_id=p.permission_id
325 WHERE g.group_id=?
326 );
327 } else {
328 $sql .= qq(
329 JOIN users u ON u.permission_id=p.permission_id
330 WHERE u.user_id=?
331 );
332 }
333
334 my $sth = $dbh->prepare($sql);
335
336 $sth->execute($id) or die "argh: ".$sth->errstr;
337
338# my $permref = $sth->fetchrow_hashref;
339# return $permref;
340# $hash = $permref;
341# Eww. Need to learn how to forcibly drop a hashref onto an existing hash.
342 ($hash->{admin},$hash->{self_edit},
343 $hash->{group_create},$hash->{group_edit},$hash->{group_delete},
344 $hash->{user_create},$hash->{user_edit},$hash->{user_delete},
345 $hash->{domain_create},$hash->{domain_edit},$hash->{domain_delete},
346 $hash->{record_create},$hash->{record_edit},$hash->{record_delete})
347 = $sth->fetchrow_array;
348
349} # end getPermissions()
350
351
352## DNSDB::changePermissions()
353# Update an ACL entry
354# Takes a db handle, type, owner-id, and hashref for the changed permissions.
355sub changePermissions {
356 my $dbh = shift;
357 my $type = shift;
358 my $id = shift;
359 my $newperms = shift;
360 my $inherit = shift || 0;
361
362 my $failmsg = '';
363
364 # see if we're switching from inherited to custom. for bonus points,
365 # snag the permid and parent permid anyway, since we'll need the permid
366 # to set/alter custom perms, and both if we're switching from custom to
367 # inherited.
368 my $sth = $dbh->prepare("SELECT (u.permission_id=g.permission_id) AS was_inherited,u.permission_id,g.permission_id".
369 " FROM ".($type eq 'user' ? 'users' : 'groups')." u ".
370 " JOIN groups g ON u.".($type eq 'user' ? '' : 'parent_')."group_id=g.group_id ".
371 " WHERE u.".($type eq 'user' ? 'user' : 'group')."_id=?");
372 $sth->execute($id);
373
374 my ($wasinherited,$permid,$parpermid) = $sth->fetchrow_array;
375
376# hack phtoui
377# group id 1 is "special" in that it's it's own parent (err... possibly.)
378# may make its parent id 0 which doesn't exist, and as a bonus is Perl-false.
379 $wasinherited = 0 if ($type eq 'group' && $id == 1);
380
381 local $dbh->{AutoCommit} = 0;
382 local $dbh->{RaiseError} = 1;
383
384 # Wrap all the SQL in a transaction
385 eval {
386 if ($inherit) {
387
388 $dbh->do("UPDATE ".($type eq 'user' ? 'users' : 'groups')." SET inherit_perm='t',permission_id=? ".
389 "WHERE ".($type eq 'user' ? 'user' : 'group')."_id=?", undef, ($parpermid, $id) );
390 $dbh->do("DELETE FROM permissions WHERE permission_id=?", undef, ($permid) );
391
392 } else {
393
394 if ($wasinherited) { # munge new permission entry in if we're switching from inherited perms
395##fixme: need to add semirecursive bit to properly munge inherited permission ID on subgroups and users
396# ... if'n'when we have groups with fully inherited permissions.
397 # SQL is coo
398 $dbh->do("INSERT INTO permissions ($permlist,".($type eq 'user' ? 'user' : 'group')."_id) ".
399 "SELECT $permlist,? FROM permissions WHERE permission_id=?", undef, ($id,$permid) );
400 ($permid) = $dbh->selectrow_array("SELECT permission_id FROM permissions ".
401 "WHERE ".($type eq 'user' ? 'user' : 'group')."_id=?", undef, ($id) );
402 $dbh->do("UPDATE ".($type eq 'user' ? 'users' : 'groups')." SET inherit_perm='f',permission_id=? ".
403 "WHERE ".($type eq 'user' ? 'user' : 'group')."_id=?", undef, ($permid, $id) );
404 }
405
406 # and now set the permissions we were passed
407 foreach (@permtypes) {
408 if (defined ($newperms->{$_})) {
409 $dbh->do("UPDATE permissions SET $_=? WHERE permission_id=?", undef, ($newperms->{$_},$permid) );
410 }
411 }
412
413 } # (inherited->)? custom
414
415 $dbh->commit;
416 }; # end eval
417 if ($@) {
418 my $msg = $@;
419 eval { $dbh->rollback; };
420 return ('FAIL',"$failmsg: $msg ($permid)");
421 } else {
422 return ('OK',$permid);
423 }
424
425} # end changePermissions()
426
427
428## DNSDB::comparePermissions()
429# Compare two permission hashes
430# Returns '>', '<', '=', '!'
431sub comparePermissions {
432 my $p1 = shift;
433 my $p2 = shift;
434
435 my $retval = '='; # assume equality until proven otherwise
436
437 no warnings "uninitialized";
438
439 foreach (@permtypes) {
440 next if $p1->{$_} == $p2->{$_}; # equal is good
441 if ($p1->{$_} && !$p2->{$_}) {
442 if ($retval eq '<') { # if we've already found an unequal pair where
443 $retval = '!'; # $p2 has more access, and we now find a pair
444 last; # where $p1 has more access, the overall access
445 } # is neither greater or lesser, it's unequal.
446 $retval = '>';
447 }
448 if (!$p1->{$_} && $p2->{$_}) {
449 if ($retval eq '>') { # if we've already found an unequal pair where
450 $retval = '!'; # $p1 has more access, and we now find a pair
451 last; # where $p2 has more access, the overall access
452 } # is neither greater or lesser, it's unequal.
453 $retval = '<';
454 }
455 }
456 return $retval;
457} # end comparePermissions()
458
459
460## DNSDB::changeGroup()
461# Change group ID of an entity
462# Takes a database handle, entity type, entity ID, and new group ID
463sub changeGroup {
464 my $dbh = shift;
465 my $type = shift;
466 my $id = shift;
467 my $newgrp = shift;
468
469##fixme: fail on not enough args
470 #return ('FAIL', "Missing
471
472 if ($type eq 'domain') {
473 $dbh->do("UPDATE domains SET group_id=? WHERE domain_id=?", undef, ($newgrp, $id))
474 or return ('FAIL','Group change failed: '.$dbh->errstr);
475 } elsif ($type eq 'user') {
476 $dbh->do("UPDATE users SET group_id=? WHERE user_id=?", undef, ($newgrp, $id))
477 or return ('FAIL','Group change failed: '.$dbh->errstr);
478 } elsif ($type eq 'group') {
479 $dbh->do("UPDATE groups SET parent_group_id=? WHERE group_id=?", undef, ($newgrp, $id))
480 or return ('FAIL','Group change failed: '.$dbh->errstr);
481 }
482 return ('OK','OK');
483} # end changeGroup()
484
485
486## DNSDB::_log()
487# Log an action
488# Internal sub
489# Takes a database handle, domain_id, user_id, group_id, email, name and log entry
490sub _log {
491 my $dbh = shift;
492 my ($domain_id,$user_id,$group_id,$username,$name,$entry) = @_;
493
494##fixme: farm out the actual logging to different subs for file, syslog, internal, etc based on config
495 $dbh->do("INSERT INTO log (domain_id,user_id,group_id,email,name,entry) VALUES (?,?,?,?,?,?)", undef,
496 ($domain_id,$user_id,$group_id,$username,$name,$entry));
497# 123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
498# 1 2 3 4 5 6 7
499} # end _log
500
501
502##
503## Processing subs
504##
505
506## DNSDB::addDomain()
507# Add a domain
508# Takes a database handle, domain name, numeric group, boolean(ish) state (active/inactive),
509# and user info hash (for logging).
510# Returns a status code and message
511sub addDomain {
512 $errstr = '';
513 my $dbh = shift;
514 return ('FAIL',"Need database handle") if !$dbh;
515 my $domain = shift;
516 return ('FAIL',"Domain must not be blank") if !$domain;
517 my $group = shift;
518 return ('FAIL',"Need group") if !defined($group);
519 my $state = shift;
520 return ('FAIL',"Need domain status") if !defined($state);
521
522 my %userinfo = @_; # remaining bits.
523# user ID, username, user full name
524
525 $state = 1 if $state =~ /^active$/;
526 $state = 1 if $state =~ /^on$/;
527 $state = 0 if $state =~ /^inactive$/;
528 $state = 0 if $state =~ /^off$/;
529
530 return ('FAIL',"Invalid domain status") if $state !~ /^\d+$/;
531
532 return ('FAIL', "Invalid characters in domain") if $domain !~ /^[a-zA-Z0-9_.-]+$/;
533
534 my $sth = $dbh->prepare("SELECT domain_id FROM domains WHERE domain=?");
535 my $dom_id;
536
537# quick check to start to see if we've already got one
538 $sth->execute($domain);
539 ($dom_id) = $sth->fetchrow_array;
540
541 return ('FAIL', "Domain already exists") if $dom_id;
542
543 # Allow transactions, and raise an exception on errors so we can catch it later.
544 # Use local to make sure these get "reset" properly on exiting this block
545 local $dbh->{AutoCommit} = 0;
546 local $dbh->{RaiseError} = 1;
547
548my $stage = 'insert';
549 # Wrap all the SQL in a transaction
550 eval {
551 # insert the domain...
552 $dbh->do("INSERT INTO domains (domain,group_id,status) VALUES (?,?,?)", undef, ($domain, $group, $state));
553$stage = 'domid';
554
555 # get the ID...
556 ($dom_id) = $dbh->selectrow_array("SELECT domain_id FROM domains WHERE domain=?", undef, ($domain));
557
558$stage = 'loginsert';
559 _log($dbh, $dom_id, $userinfo{id}, $group, $userinfo{name}, $userinfo{fullname},
560 "Added ".($state ? 'active' : 'inactive')." domain $domain");
561
562$stage = 'getdefrec';
563 # ... and now we construct the standard records from the default set. NB: group should be variable.
564 my $sth = $dbh->prepare("SELECT host,type,val,distance,weight,port,ttl FROM default_records WHERE group_id=?");
565 my $sth_in = $dbh->prepare("INSERT INTO records (domain_id,host,type,val,distance,weight,port,ttl)".
566 " VALUES ($dom_id,?,?,?,?,?,?,?)");
567 $sth->execute($group);
568 while (my ($host,$type,$val,$dist,$weight,$port,$ttl) = $sth->fetchrow_array()) {
569 $host =~ s/DOMAIN/$domain/g;
570 $val =~ s/DOMAIN/$domain/g;
571 $sth_in->execute($host,$type,$val,$dist,$weight,$port,$ttl);
572 if ($typemap{$type} eq 'SOA') {
573 my @tmp1 = split /:/, $host;
574 my @tmp2 = split /:/, $val;
575 _log($dbh, $dom_id, $userinfo{id}, $group, $userinfo{name}, $userinfo{fullname},
576 "[new $domain] Added SOA record [contact $tmp1[0]] [master $tmp1[1]] ".
577 "[refresh $tmp2[0]] [retry $tmp2[1]] [expire $tmp2[2]] [minttl $tmp2[3]], TTL $ttl");
578 } else {
579 my $logentry = "[new $domain] Added record '$host $typemap{$type}";
580 $logentry .= " [distance $dist]" if $typemap{$type} eq 'MX';
581 $logentry .= " [priority $dist] [weight $weight] [port $port]" if $typemap{$type} eq 'SRV';
582 _log($dbh, $dom_id, $userinfo{id}, $group, $userinfo{name}, $userinfo{fullname},
583 $logentry." $val', TTL $ttl");
584 }
585 }
586
587 # once we get here, we should have suceeded.
588 $dbh->commit;
589 }; # end eval
590
591 if ($@) {
592 my $msg = $@;
593 eval { $dbh->rollback; };
594 return ('FAIL',"$msg : $stage");
595 } else {
596 return ('OK',$dom_id);
597 }
598} # end addDomain
599
600
601## DNSDB::delDomain()
602# Delete a domain.
603# for now, just delete the records, then the domain.
604# later we may want to archive it in some way instead (status code 2, for example?)
605sub delDomain {
606 my $dbh = shift;
607 my $domid = shift;
608
609 # Allow transactions, and raise an exception on errors so we can catch it later.
610 # Use local to make sure these get "reset" properly on exiting this block
611 local $dbh->{AutoCommit} = 0;
612 local $dbh->{RaiseError} = 1;
613
614 my $failmsg = '';
615
616 # Wrap all the SQL in a transaction
617 eval {
618 my $sth = $dbh->prepare("delete from records where domain_id=?");
619 $failmsg = "Failure removing domain records";
620 $sth->execute($domid);
621 $sth = $dbh->prepare("delete from domains where domain_id=?");
622 $failmsg = "Failure removing domain";
623 $sth->execute($domid);
624
625 # once we get here, we should have suceeded.
626 $dbh->commit;
627 }; # end eval
628
629 if ($@) {
630 my $msg = $@;
631 eval { $dbh->rollback; };
632 return ('FAIL',"$failmsg: $msg");
633 } else {
634 return ('OK','OK');
635 }
636
637} # end delDomain()
638
639
640## DNSDB::domainName()
641# Return the domain name based on a domain ID
642# Takes a database handle and the domain ID
643# Returns the domain name or undef on failure
644sub domainName {
645 $errstr = '';
646 my $dbh = shift;
647 my $domid = shift;
648 my ($domname) = $dbh->selectrow_array("SELECT domain FROM domains WHERE domain_id=?", undef, ($domid) );
649 $errstr = $DBI::errstr if !$domname;
650 return $domname if $domname;
651} # end domainName()
652
653
654## DNSDB::domainID()
655# Takes a database handle and domain name
656# Returns the domain ID number
657sub domainID {
658 $errstr = '';
659 my $dbh = shift;
660 my $domain = shift;
661 my ($domid) = $dbh->selectrow_array("SELECT domain_id FROM domains WHERE domain=?", undef, ($domain) );
662 $errstr = $DBI::errstr if !$domid;
663 return $domid if $domid;
664} # end domainID()
665
666
667## DNSDB::addGroup()
668# Add a group
669# Takes a database handle, group name, parent group, hashref for permissions,
670# and optional template-vs-cloneme flag
671# Returns a status code and message
672sub addGroup {
673 $errstr = '';
674 my $dbh = shift;
675 my $groupname = shift;
676 my $pargroup = shift;
677 my $permissions = shift;
678
679 # 0 indicates "custom", hardcoded.
680 # Any other value clones that group's default records, if it exists.
681 my $inherit = shift || 0;
682##fixme: need a flag to indicate clone records or <?> ?
683
684 # Allow transactions, and raise an exception on errors so we can catch it later.
685 # Use local to make sure these get "reset" properly on exiting this block
686 local $dbh->{AutoCommit} = 0;
687 local $dbh->{RaiseError} = 1;
688
689 my $sth = $dbh->prepare("SELECT group_id FROM groups WHERE group_name=?");
690 my $group_id;
691
692# quick check to start to see if we've already got one
693 $sth->execute($groupname);
694 ($group_id) = $sth->fetchrow_array;
695
696 return ('FAIL', "Group already exists") if $group_id;
697
698 # Wrap all the SQL in a transaction
699 eval {
700 $sth = $dbh->prepare("INSERT INTO groups (parent_group_id,group_name) VALUES (?,?)");
701 $sth->execute($pargroup,$groupname);
702
703 $sth = $dbh->prepare("SELECT group_id FROM groups WHERE group_name=?");
704 $sth->execute($groupname);
705 my ($groupid) = $sth->fetchrow_array();
706
707# Permissions
708 if ($inherit) {
709 } else {
710 my @permvals;
711 foreach (@permtypes) {
712 if (!defined ($permissions->{$_})) {
713 push @permvals, 0;
714 } else {
715 push @permvals, $permissions->{$_};
716 }
717 }
718
719 $sth = $dbh->prepare("INSERT INTO permissions (group_id,$permlist) values (?".',?'x($#permtypes+1).")");
720 $sth->execute($groupid,@permvals);
721
722 $sth = $dbh->prepare("SELECT permission_id FROM permissions WHERE group_id=?");
723 $sth->execute($groupid);
724 my ($permid) = $sth->fetchrow_array();
725
726 $dbh->do("UPDATE groups SET permission_id=$permid WHERE group_id=$groupid");
727 } # done permission fiddling
728
729# Default records
730 $sth = $dbh->prepare("INSERT INTO default_records (group_id,host,type,val,distance,weight,port,ttl) ".
731 "VALUES ($groupid,?,?,?,?,?,?,?)");
732 if ($inherit) {
733 # Duplicate records from parent. Actually relying on inherited records feels
734 # very fragile, and it would be problematic to roll over at a later time.
735 my $sth2 = $dbh->prepare("SELECT host,type,val,distance,weight,port,ttl FROM default_records WHERE group_id=?");
736 $sth2->execute($pargroup);
737 while (my @clonedata = $sth2->fetchrow_array) {
738 $sth->execute(@clonedata);
739 }
740 } else {
741##fixme: Hardcoding is Bad, mmmmkaaaay?
742 # reasonable basic defaults for SOA, MX, NS, and minimal hosting
743 # could load from a config file, but somewhere along the line we need hardcoded bits.
744 $sth->execute('ns1.example.com:hostmaster.example.com', 6, '10800:3600:604800:10800', 0, 0, 0, 86400);
745 $sth->execute('DOMAIN', 1, '192.168.4.2', 0, 0, 0, 7200);
746 $sth->execute('DOMAIN', 15, 'mx.example.com', 10, 0, 0, 7200);
747 $sth->execute('DOMAIN', 2, 'ns1.example.com', 0, 0, 0, 7200);
748 $sth->execute('DOMAIN', 2, 'ns2.example.com', 0, 0, 0, 7200);
749 $sth->execute('www.DOMAIN', 5, 'DOMAIN', 0, 0, 0, 7200);
750 }
751
752 # once we get here, we should have suceeded.
753 $dbh->commit;
754 }; # end eval
755
756 if ($@) {
757 my $msg = $@;
758 eval { $dbh->rollback; };
759 return ('FAIL',$msg);
760 } else {
761 return ('OK','OK');
762 }
763
764} # end addGroup()
765
766
767## DNSDB::delGroup()
768# Delete a group.
769# Takes a group ID
770# Returns a status code and message
771sub delGroup {
772 my $dbh = shift;
773 my $groupid = shift;
774
775 # Allow transactions, and raise an exception on errors so we can catch it later.
776 # Use local to make sure these get "reset" properly on exiting this block
777 local $dbh->{AutoCommit} = 0;
778 local $dbh->{RaiseError} = 1;
779
780##fixme: locate "knowable" error conditions and deal with them before the eval
781# ... or inside, whatever.
782# -> domains still exist in group
783# -> ...
784 my $failmsg = '';
785
786 # Wrap all the SQL in a transaction
787 eval {
788 my $sth = $dbh->prepare("SELECT count(*) FROM domains WHERE group_id=?");
789 $sth->execute($groupid);
790 my ($domcnt) = $sth->fetchrow_array;
791 $failmsg = "Can't remove group ".groupName($dbh,$groupid);
792 die "$domcnt domains still in group\n" if $domcnt;
793
794 $sth = $dbh->prepare("delete from default_records where group_id=?");
795 $failmsg = "Failed to delete default records for ".groupName($dbh,$groupid);
796 $sth->execute($groupid);
797 $sth = $dbh->prepare("delete from groups where group_id=?");
798 $failmsg = "Failed to remove group ".groupName($dbh,$groupid);
799 $sth->execute($groupid);
800
801 # once we get here, we should have suceeded.
802 $dbh->commit;
803 }; # end eval
804
805 if ($@) {
806 my $msg = $@;
807 eval { $dbh->rollback; };
808 return ('FAIL',"$failmsg: $msg");
809 } else {
810 return ('OK','OK');
811 }
812} # end delGroup()
813
814
815## DNSDB::getChildren()
816# Get a list of all groups whose parent^n is group <n>
817# Takes a database handle, group ID, reference to an array to put the group IDs in,
818# and an optional flag to return only immediate children or all children-of-children
819# default to returning all children
820# Calls itself
821sub getChildren {
822 $errstr = '';
823 my $dbh = shift;
824 my $rootgroup = shift;
825 my $groupdest = shift;
826 my $immed = shift || 'all';
827
828 # special break for default group; otherwise we get stuck.
829 if ($rootgroup == 1) {
830 # by definition, group 1 is the Root Of All Groups
831 my $sth = $dbh->prepare("SELECT group_id FROM groups WHERE NOT (group_id=1)".
832 ($immed ne 'all' ? " AND parent_group_id=1" : ''));
833 $sth->execute;
834 while (my @this = $sth->fetchrow_array) {
835 push @$groupdest, @this;
836 }
837 } else {
838 my $sth = $dbh->prepare("SELECT group_id FROM groups WHERE parent_group_id=?");
839 $sth->execute($rootgroup);
840 return if $sth->rows == 0;
841 my @grouplist;
842 while (my ($group) = $sth->fetchrow_array) {
843 push @$groupdest, $group;
844 getChildren($dbh,$group,$groupdest) if $immed eq 'all';
845 }
846 }
847} # end getChildren()
848
849
850## DNSDB::groupName()
851# Return the group name based on a group ID
852# Takes a database handle and the group ID
853# Returns the group name or undef on failure
854sub groupName {
855 $errstr = '';
856 my $dbh = shift;
857 my $groupid = shift;
858 my $sth = $dbh->prepare("SELECT group_name FROM groups WHERE group_id=?");
859 $sth->execute($groupid);
860 my ($groupname) = $sth->fetchrow_array();
861 $errstr = $DBI::errstr if !$groupname;
862 return $groupname if $groupname;
863} # end groupName
864
865
866## DNSDB::groupID()
867# Return the group ID based on the group name
868# Takes a database handle and the group name
869# Returns the group ID or undef on failure
870sub groupID {
871 $errstr = '';
872 my $dbh = shift;
873 my $group = shift;
874 my ($grpid) = $dbh->selectrow_array("SELECT group_id FROM groups WHERE group=?", undef, ($group) );
875 $errstr = $DBI::errstr if !$grpid;
876 return $grpid if $grpid;
877} # end groupID()
878
879
880## DNSDB::addUser()
881# Add a user.
882# Takes a DB handle, username, group ID, password, state (active/inactive).
883# Optionally accepts:
884# user type (user/admin) - defaults to user
885# permissions string - defaults to inherit from group
886# three valid forms:
887# i - Inherit permissions
888# c:<user_id> - Clone permissions from <user_id>
889# C:<permission list> - Set these specific permissions
890# first name - defaults to username
891# last name - defaults to blank
892# phone - defaults to blank (could put other data within column def)
893# Returns (OK,<uid>) on success, (FAIL,<message>) on failure
894sub addUser {
895 $errstr = '';
896 my $dbh = shift;
897 my $username = shift;
898 my $group = shift;
899 my $pass = shift;
900 my $state = shift;
901
902 return ('FAIL', "Missing one or more required entries") if !defined($state);
903 return ('FAIL', "Username must not be blank") if !$username;
904
905 my $type = shift || 'u'; # create limited users by default - fwiw, not sure yet how this will interact with ACLs
906
907 my $permstring = shift || 'i'; # default is to inhert permissions from group
908
909 my $fname = shift || $username;
910 my $lname = shift || '';
911 my $phone = shift || ''; # not going format-check
912
913 my $sth = $dbh->prepare("SELECT user_id FROM users WHERE username=?");
914 my $user_id;
915
916# quick check to start to see if we've already got one
917 $sth->execute($username);
918 ($user_id) = $sth->fetchrow_array;
919
920 return ('FAIL', "User already exists") if $user_id;
921
922 # Allow transactions, and raise an exception on errors so we can catch it later.
923 # Use local to make sure these get "reset" properly on exiting this block
924 local $dbh->{AutoCommit} = 0;
925 local $dbh->{RaiseError} = 1;
926
927 my $failmsg = '';
928
929 # Wrap all the SQL in a transaction
930 eval {
931 # insert the user... note we set inherited perms by default since
932 # it's simple and cleans up some other bits of state
933 my $sth = $dbh->prepare("INSERT INTO users ".
934 "(group_id,username,password,firstname,lastname,phone,type,status,permission_id,inherit_perm) ".
935 "VALUES (?,?,?,?,?,?,?,?,(SELECT permission_id FROM permissions WHERE group_id=?),'t')");
936 $sth->execute($group,$username,unix_md5_crypt($pass),$fname,$lname,$phone,$type,$state,$group);
937
938 # get the ID...
939 ($user_id) = $dbh->selectrow_array("SELECT currval('users_user_id_seq')");
940
941# Permissions! Gotta set'em all!
942 die "Invalid permission string $permstring"
943 if $permstring !~ /^(?:
944 i # inherit
945 |c:\d+ # clone
946 # custom. no, the leading , is not a typo
947 |C:(?:,(?:group|user|domain|record|self)_(?:edit|create|delete))*
948 )$/x;
949# bleh. I'd call another function to do my dirty work, but we're in the middle of a transaction already.
950 if ($permstring ne 'i') {
951 # for cloned or custom permissions, we have to create a new permissions entry.
952 my $clonesrc = $group;
953 if ($permstring =~ /^c:(\d+)/) { $clonesrc = $1; }
954 $dbh->do("INSERT INTO permissions ($permlist,user_id) ".
955 "SELECT $permlist,? FROM permissions WHERE permission_id=".
956 "(SELECT permission_id FROM permissions WHERE ".($permstring =~ /^c:/ ? 'user' : 'group')."_id=?)",
957 undef, ($user_id,$clonesrc) );
958 $dbh->do("UPDATE users SET permission_id=".
959 "(SELECT permission_id FROM permissions WHERE user_id=?) ".
960 "WHERE user_id=?", undef, ($user_id, $user_id) );
961 }
962 if ($permstring =~ /^C:/) {
963 # finally for custom permissions, we set the passed-in permissions (and unset
964 # any that might have been brought in by the clone operation above)
965 my ($permid) = $dbh->selectrow_array("SELECT permission_id FROM permissions WHERE user_id=?",
966 undef, ($user_id) );
967 foreach (@permtypes) {
968 if ($permstring =~ /,$_/) {
969 $dbh->do("UPDATE permissions SET $_='t' WHERE permission_id=?", undef, ($permid) );
970 } else {
971 $dbh->do("UPDATE permissions SET $_='f' WHERE permission_id=?", undef, ($permid) );
972 }
973 }
974 }
975
976 $dbh->do("UPDATE users SET inherit_perm='n' WHERE user_id=?", undef, ($user_id) );
977
978##fixme: add another table to hold name/email for log table?
979
980 # once we get here, we should have suceeded.
981 $dbh->commit;
982 }; # end eval
983
984 if ($@) {
985 my $msg = $@;
986 eval { $dbh->rollback; };
987 return ('FAIL',$msg." $failmsg");
988 } else {
989 return ('OK',$user_id);
990 }
991} # end addUser
992
993
994## DNSDB::checkUser()
995# Check user/pass combo on login
996sub checkUser {
997 my $dbh = shift;
998 my $user = shift;
999 my $inpass = shift;
1000
1001 my $sth = $dbh->prepare("SELECT user_id,group_id,password,firstname,lastname FROM users WHERE username=?");
1002 $sth->execute($user);
1003 my ($uid,$gid,$pass,$fname,$lname) = $sth->fetchrow_array;
1004 my $loginfailed = 1 if !defined($uid);
1005
1006 if ($pass =~ m|^\$1\$([A-Za-z0-9/.]+)\$|) {
1007 $loginfailed = 1 if $pass ne unix_md5_crypt($inpass,$1);
1008 } else {
1009 $loginfailed = 1 if $pass ne $inpass;
1010 }
1011
1012 # nnnngggg
1013 return ($uid, $gid);
1014} # end checkUser
1015
1016
1017## DNSDB:: updateUser()
1018# Update general data about user
1019sub updateUser {
1020 my $dbh = shift;
1021
1022##fixme: tweak calling convention so that we can update any given bit of data
1023 my $uid = shift;
1024 my $username = shift;
1025 my $group = shift;
1026 my $pass = shift;
1027 my $state = shift;
1028 my $type = shift || 'u';
1029 my $fname = shift || $username;
1030 my $lname = shift || '';
1031 my $phone = shift || ''; # not going format-check
1032
1033 my $failmsg = '';
1034
1035 # Allow transactions, and raise an exception on errors so we can catch it later.
1036 # Use local to make sure these get "reset" properly on exiting this block
1037 local $dbh->{AutoCommit} = 0;
1038 local $dbh->{RaiseError} = 1;
1039
1040 my $sth;
1041
1042 # Password can be left blank; if so we assume there's one on file.
1043 # Actual blank passwords are bad, mm'kay?
1044 if (!$pass) {
1045 $sth = $dbh->prepare("SELECT password FROM users WHERE user_id=?");
1046 $sth->execute($uid);
1047 ($pass) = $sth->fetchrow_array;
1048 } else {
1049 $pass = unix_md5_crypt($pass);
1050 }
1051
1052 eval {
1053 my $sth = $dbh->prepare(q(
1054 UPDATE users
1055 SET username=?, password=?, firstname=?, lastname=?, phone=?, type=?, status=?
1056 WHERE user_id=?
1057 )
1058 );
1059 $sth->execute($username, $pass, $fname, $lname, $phone, $type, $state, $uid);
1060 $dbh->commit;
1061 };
1062 if ($@) {
1063 my $msg = $@;
1064 eval { $dbh->rollback; };
1065 return ('FAIL',"$failmsg: $msg");
1066 } else {
1067 return ('OK','OK');
1068 }
1069} # end updateUser()
1070
1071
1072## DNSDB::delUser()
1073#
1074sub delUser {
1075 my $dbh = shift;
1076 return ('FAIL',"Need database handle") if !$dbh;
1077 my $userid = shift;
1078 return ('FAIL',"Missing userid") if !defined($userid);
1079
1080 my $sth = $dbh->prepare("delete from users where user_id=?");
1081 $sth->execute($userid);
1082
1083 return ('FAIL',"Couldn't remove user: ".$sth->errstr) if $sth->err;
1084
1085 return ('OK','OK');
1086
1087} # end delUser
1088
1089
1090## DNSDB::userFullName()
1091# Return a pretty string!
1092# Takes a user_id and optional printf-ish string to indicate which pieces where:
1093# %u for the username
1094# %f for the first name
1095# %l for the last name
1096# All other text in the passed string will be left as-is.
1097##fixme: need a "smart" option too, so that missing/null/blank first/last names don't give funky output
1098sub userFullName {
1099 $errstr = '';
1100 my $dbh = shift;
1101 my $userid = shift;
1102 my $fullformat = shift || '%f %l (%u)';
1103 my $sth = $dbh->prepare("select username,firstname,lastname from users where user_id=?");
1104 $sth->execute($userid);
1105 my ($uname,$fname,$lname) = $sth->fetchrow_array();
1106 $errstr = $DBI::errstr if !$uname;
1107
1108 $fullformat =~ s/\%u/$uname/g;
1109 $fullformat =~ s/\%f/$fname/g;
1110 $fullformat =~ s/\%l/$lname/g;
1111
1112 return $fullformat;
1113} # end userFullName
1114
1115
1116## DNSDB::userStatus()
1117# Sets and/or returns a user's status
1118# Takes a database handle, user ID and optionally a status argument
1119# Returns undef on errors.
1120sub userStatus {
1121 my $dbh = shift;
1122 my $id = shift;
1123 my $newstatus = shift;
1124
1125 return undef if $id !~ /^\d+$/;
1126
1127 my $sth;
1128
1129# ooo, fun! let's see what we were passed for status
1130 if ($newstatus) {
1131 $sth = $dbh->prepare("update users set status=? where user_id=?");
1132 # ass-u-me caller knows what's going on in full
1133 if ($newstatus =~ /^[01]$/) { # only two valid for now.
1134 $sth->execute($newstatus,$id);
1135 } elsif ($newstatus =~ /^usero(?:n|ff)$/) {
1136 $sth->execute(($newstatus eq 'useron' ? 1 : 0),$id);
1137 }
1138 }
1139
1140 $sth = $dbh->prepare("select status from users where user_id=?");
1141 $sth->execute($id);
1142 my ($status) = $sth->fetchrow_array;
1143 return $status;
1144} # end userStatus()
1145
1146
1147## DNSDB::getUserData()
1148# Get misc user data for display
1149sub getUserData {
1150 my $dbh = shift;
1151 my $uid = shift;
1152
1153 my $sth = $dbh->prepare("SELECT group_id,username,firstname,lastname,phone,type,status,inherit_perm ".
1154 "FROM users WHERE user_id=?");
1155 $sth->execute($uid);
1156 return $sth->fetchrow_hashref();
1157
1158} # end getUserData()
1159
1160
1161## DNSDB::getSOA()
1162# Return all suitable fields from an SOA record in separate elements of a hash
1163# Takes a database handle, default/live flag, and group (default) or domain (live) ID
1164sub getSOA {
1165 $errstr = '';
1166 my $dbh = shift;
1167 my $def = shift;
1168 my $id = shift;
1169 my %ret;
1170
1171 # (ab)use distance and weight columns to store SOA data
1172
1173 my $sql = "SELECT record_id,host,val,ttl,distance from";
1174 if ($def eq 'def' or $def eq 'y') {
1175 $sql .= " default_records WHERE group_id=? AND type=$reverse_typemap{SOA}";
1176 } else {
1177 # we're editing a live SOA record; find based on domain
1178 $sql .= " records WHERE domain_id=? AND type=$reverse_typemap{SOA}";
1179 }
1180 my $sth = $dbh->prepare($sql);
1181 $sth->execute($id);
1182
1183 my ($recid,$host,$val,$ttl,$serial) = $sth->fetchrow_array() or return;
1184 my ($prins,$contact) = split /:/, $host;
1185 my ($refresh,$retry,$expire,$minttl) = split /:/, $val;
1186
1187 $ret{recid} = $recid;
1188 $ret{ttl} = $ttl;
1189 $ret{serial} = $serial;
1190 $ret{prins} = $prins;
1191 $ret{contact} = $contact;
1192 $ret{refresh} = $refresh;
1193 $ret{retry} = $retry;
1194 $ret{expire} = $expire;
1195 $ret{minttl} = $minttl;
1196
1197 return %ret;
1198} # end getSOA()
1199
1200
1201## DNSDB::getRecLine()
1202# Return all data fields for a zone record in separate elements of a hash
1203# Takes a database handle, default/live flag, and record ID
1204sub getRecLine {
1205 $errstr = '';
1206 my $dbh = shift;
1207 my $def = shift;
1208 my $id = shift;
1209
1210 my $sql = "SELECT record_id,host,type,val,distance,weight,port,ttl".
1211 (($def eq 'def' or $def eq 'y') ? ',group_id FROM default_' : ',domain_id FROM ').
1212 "records WHERE record_id=?";
1213 my $ret = $dbh->selectrow_hashref($sql, undef, ($id) );
1214
1215 if ($dbh->err) {
1216 $errstr = $DBI::errstr;
1217 return undef;
1218 }
1219
1220 if (!$ret) {
1221 $errstr = "No such record";
1222 return undef;
1223 }
1224
1225 $ret->{parid} = (($def eq 'def' or $def eq 'y') ? $ret->{group_id} : $ret->{domain_id});
1226
1227 return $ret;
1228}
1229
1230
1231##fixme: should use above (getRecLine()) to get lines for below?
1232## DNSDB::getDomRecs()
1233# Return records for a domain
1234# Takes a database handle, default/live flag, group/domain ID, start,
1235# number of records, sort field, and sort order
1236# Returns a reference to an array of hashes
1237sub getDomRecs {
1238 $errstr = '';
1239 my $dbh = shift;
1240 my $type = shift;
1241 my $id = shift;
1242 my $nrecs = shift || 'all';
1243 my $nstart = shift || 0;
1244
1245## for order, need to map input to column names
1246 my $order = shift || 'host';
1247 my $direction = shift || 'ASC';
1248
1249 my $filter = shift || '';
1250
1251 $type = 'y' if $type eq 'def';
1252
1253 my $sql = "SELECT r.record_id,r.host,r.type,r.val,r.distance,r.weight,r.port,r.ttl FROM ";
1254 $sql .= "default_" if $type eq 'y';
1255 $sql .= "records r ";
1256 $sql .= "INNER JOIN rectypes t ON r.type=t.val "; # for sorting by type alphabetically
1257 if ($type eq 'y') {
1258 $sql .= "WHERE r.group_id=?";
1259 } else {
1260 $sql .= "WHERE r.domain_id=?";
1261 }
1262 $sql .= " AND NOT r.type=$reverse_typemap{SOA}";
1263 $sql .= " AND host ~* ?" if $filter;
1264 # use alphaorder column for "correct" ordering of sort-by-type instead of DNS RR type number
1265 $sql .= " ORDER BY ".($order eq 'type' ? 't.alphaorder' : "r.$order")." $direction";
1266 $sql .= " LIMIT $nrecs OFFSET ".($nstart*$nrecs) if $nstart ne 'all';
1267
1268 my $sth = $dbh->prepare($sql) or warn $dbh->errstr;
1269 $sth->execute($id) or warn "$sql: ".$sth->errstr;
1270
1271 my @retbase;
1272 while (my $ref = $sth->fetchrow_hashref()) {
1273 push @retbase, $ref;
1274 }
1275
1276 my $ret = \@retbase;
1277 return $ret;
1278} # end getDomRecs()
1279
1280
1281## DNSDB::getRecCount()
1282# Return count of non-SOA records in domain (or default records in a group)
1283# Takes a database handle, default/live flag, group/domain ID, and optional filtering modifier
1284# Returns the count
1285sub getRecCount {
1286 my $dbh = shift;
1287 my $defrec = shift;
1288 my $id = shift;
1289 my $filter = shift || '';
1290
1291 # keep the nasties down, since we can't ?-sub this bit. :/
1292 # note this is chars allowed in DNS hostnames
1293 $filter =~ s/[^a-zA-Z0-9_.:-]//g;
1294
1295 my ($count) = $dbh->selectrow_array("SELECT count(*) FROM ".
1296 ($defrec eq 'y' ? 'default_' : '')."records ".
1297 "WHERE ".($defrec eq 'y' ? 'group' : 'domain')."_id=? ".
1298 "AND NOT type=$reverse_typemap{SOA}".
1299 ($filter ? " AND host ILIKE '%$filter%'" : ''),
1300 undef, ($id) );
1301
1302 return $count;
1303
1304} # end getRecCount()
1305
1306
1307## DNSDB::addRec()
1308# Add a new record to a domain or a group's default records
1309# Takes a database handle, default/live flag, group/domain ID,
1310# host, type, value, and TTL
1311# Some types require additional detail: "distance" for MX and SRV,
1312# and weight/port for SRV
1313# Returns a status code and detail message in case of error
1314sub addRec {
1315 $errstr = '';
1316 my $dbh = shift;
1317 my $defrec = shift;
1318 my $id = shift;
1319
1320 my $host = shift;
1321 my $rectype = shift;
1322 my $val = shift;
1323 my $ttl = shift;
1324
1325 # Validation
1326 if ($rectype == $reverse_typemap{A}) {
1327 return ("FAIL", "IPv4 addresses must be in the format n.n.n.n")
1328 unless $val =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/;
1329 }
1330 if ($rectype == $reverse_typemap{AAAA}) {
1331 return ("FAIL", "IPv6 addresses must be in the format h:h:h::h")
1332 unless $val =~ /^[a-fA-F0-9:]+$/
1333 }
1334 if ($rectype == $reverse_typemap{A} or $rectype == $reverse_typemap{AAAA}) {
1335 my $tmpip = new NetAddr::IP $val or
1336 return ("FAIL", "Address must be a valid IP address");
1337 }
1338
1339 my $fields = ($defrec eq 'y' ? 'group_id' : 'domain_id').",host,type,val,ttl";
1340 my $vallen = "?,?,?,?,?";
1341 my @vallist = ($id,$host,$rectype,$val,$ttl);
1342
1343 my $dist;
1344 if ($rectype == $reverse_typemap{MX} or $rectype == $reverse_typemap{SRV}) {
1345 $dist = shift;
1346 return ('FAIL',"Need distance for $typemap{$rectype} record") if !defined($dist);
1347 $fields .= ",distance";
1348 $vallen .= ",?";
1349 push @vallist, $dist;
1350 }
1351 my $weight;
1352 my $port;
1353 if ($rectype == $reverse_typemap{SRV}) {
1354 # check for _service._protocol. NB: RFC2782 does not say "MUST"... nor "SHOULD"...
1355 # it just says (paraphrased) "... is prepended with _ to prevent DNS collisions"
1356 return ('FAIL',"SRV records must begin with _service._protocol")
1357 if $host !~ /^_[A-Za-z]+\._[A-Za-z]+\.[a-z0-9-]+/;
1358 $weight = shift;
1359 $port = shift;
1360 return ('FAIL',"Need weight and port for SRV record") if !defined($weight) or !defined($port);
1361 $fields .= ",weight,port";
1362 $vallen .= ",?,?";
1363 push @vallist, ($weight,$port);
1364 }
1365
1366 # Allow transactions, and raise an exception on errors so we can catch it later.
1367 # Use local to make sure these get "reset" properly on exiting this block
1368 local $dbh->{AutoCommit} = 0;
1369 local $dbh->{RaiseError} = 1;
1370
1371 eval {
1372 $dbh->do("INSERT INTO ".($defrec eq 'y' ? 'default_' : '')."records ($fields) VALUES ($vallen)",
1373 undef, @vallist);
1374 $dbh->commit;
1375 };
1376 if ($@) {
1377 my $msg = $@;
1378 eval { $dbh->rollback; };
1379 return ('FAIL',$msg);
1380 }
1381
1382 return ('OK','OK');
1383
1384} # end addRec()
1385
1386
1387## DNSDB::updateRec()
1388# Update a record
1389sub updateRec {
1390 $errstr = '';
1391
1392 my $dbh = shift;
1393 my $defrec = shift;
1394 my $id = shift;
1395
1396# all records have these
1397 my $host = shift;
1398 my $type = shift;
1399 my $val = shift;
1400 my $ttl = shift;
1401
1402 return('FAIL',"Missing standard argument(s)") if !defined($ttl);
1403
1404# only MX and SRV will use these
1405 my $dist = 0;
1406 my $weight = 0;
1407 my $port = 0;
1408
1409 if ($type == $reverse_typemap{MX} || $type == $reverse_typemap{SRV}) {
1410 $dist = shift;
1411 return ('FAIL',"MX or SRV requires distance") if !defined($dist);
1412 if ($type == $reverse_typemap{SRV}) {
1413 $weight = shift;
1414 return ('FAIL',"SRV requires weight") if !defined($weight);
1415 $port = shift;
1416 return ('FAIL',"SRV requires port") if !defined($port);
1417 }
1418 }
1419
1420 local $dbh->{AutoCommit} = 0;
1421 local $dbh->{RaiseError} = 1;
1422
1423 eval {
1424 $dbh->do("UPDATE ".($defrec eq 'y' ? 'default_' : '')."records ".
1425 "SET host=?,val=?,type=?,ttl=?,distance=?,weight=?,port=? ".
1426 "WHERE record_id=?", undef, ($host, $val, $type, $ttl, $dist, $weight, $port, $id) );
1427 $dbh->commit;
1428 };
1429 if ($@) {
1430 my $msg = $@;
1431 $dbh->rollback;
1432 return ('FAIL', $msg);
1433 }
1434
1435 return ('OK','OK');
1436} # end updateRec()
1437
1438
1439## DNSDB::delRec()
1440# Delete a record.
1441sub delRec {
1442 $errstr = '';
1443 my $dbh = shift;
1444 my $defrec = shift;
1445 my $id = shift;
1446
1447 my $sth = $dbh->prepare("DELETE FROM ".($defrec eq 'y' ? 'default_' : '')."records WHERE record_id=?");
1448 $sth->execute($id);
1449
1450 return ('FAIL',"Couldn't remove record: ".$sth->errstr) if $sth->err;
1451
1452 return ('OK','OK');
1453} # end delRec()
1454
1455
1456 # Reference hashes.
1457 my %par_tbl = (
1458 group => 'groups',
1459 user => 'users',
1460 defrec => 'default_records',
1461 domain => 'domains',
1462 record => 'records'
1463 );
1464 my %id_col = (
1465 group => 'group_id',
1466 user => 'user_id',
1467 defrec => 'record_id',
1468 domain => 'domain_id',
1469 record => 'record_id'
1470 );
1471 my %par_col = (
1472 group => 'parent_group_id',
1473 user => 'group_id',
1474 defrec => 'group_id',
1475 domain => 'group_id',
1476 record => 'domain_id'
1477 );
1478 my %par_type = (
1479 group => 'group',
1480 user => 'group',
1481 defrec => 'group',
1482 domain => 'group',
1483 record => 'domain'
1484 );
1485
1486## DNSDB::getParents()
1487# Find out which entities are parent to the requested id
1488# Returns arrayref containing hash pairs of id/type
1489sub getParents {
1490 my $dbh = shift;
1491 my $id = shift;
1492 my $type = shift;
1493 my $depth = shift || 'all'; # valid values: 'all', 'immed', <int> (stop at this group ID)
1494
1495 my @parlist;
1496
1497 while (1) {
1498 my $result = $dbh->selectrow_hashref("SELECT $par_col{$type} FROM $par_tbl{$type} WHERE $id_col{$type} = ?",
1499 undef, ($id) );
1500 my %tmp = ($result->{$par_col{$type}} => $par_type{$type});
1501 unshift @parlist, \%tmp;
1502 last if $result->{$par_col{$type}} == 1; # group 1 is its own parent
1503 $id = $result->{$par_col{$type}};
1504 $type = $par_type{$type};
1505 }
1506
1507 return \@parlist;
1508
1509} # end getParents()
1510
1511
1512## DNSDB::isParent()
1513# Returns true if $id1 is a parent of $id2, false otherwise
1514sub isParent {
1515 my $dbh = shift;
1516 my $id1 = shift;
1517 my $type1 = shift;
1518 my $id2 = shift;
1519 my $type2 = shift;
1520##todo: immediate, secondary, full (default)
1521
1522 # Return false on invalid types
1523 return 0 if !grep /^$type1$/, ('record','defrec','user','domain','group');
1524 return 0 if !grep /^$type2$/, ('record','defrec','user','domain','group');
1525
1526 # Return false on impossible relations
1527 return 0 if $type1 eq 'record'; # nothing may be a child of a record
1528 return 0 if $type1 eq 'defrec'; # nothing may be a child of a record
1529 return 0 if $type1 eq 'user'; # nothing may be child of a user
1530 return 0 if $type1 eq 'domain' && $type2 ne 'record'; # domain may not be a parent of anything other than a record
1531
1532 # ennnhhhh.... if we're passed an id of 0, it will never be found. usual
1533 # case would be the UI creating a new <thing>, and so we don't have an ID for
1534 # <thing> to look up yet. in that case the UI should check the parent as well.
1535 # argument for returning 1 is
1536 return 0 if $id1 == 0; # nothing can have a parent id of 0
1537 return 1 if $id2 == 0; # anything could have a child id of 0 (or "unknown")
1538
1539 # group 1 is the ultimate root parent
1540 return 1 if $type1 eq 'group' && $id1 == 1;
1541
1542 # groups are always (a) parent of themselves
1543 return 1 if $type1 eq 'group' && $type2 eq 'group' && $id1 == $id2;
1544
1545# almost the same loop as getParents() above
1546 my $id = $id2;
1547 my $type = $type2;
1548 my $foundparent = 0;
1549
1550 my $limiter = 0;
1551 while (1) {
1552 my $sql = "SELECT $par_col{$type} FROM $par_tbl{$type} WHERE $id_col{$type} = ?";
1553 my $result = $dbh->selectrow_hashref($sql,
1554 undef, ($id) );
1555 if (!$result) {
1556 $limiter++;
1557##fixme: how often will this happen on a live site?
1558 warn "no results looking for $sql with id $id (depth $limiter)\n";
1559 last;
1560 }
1561 if ($result && $result->{$par_col{$type}} == $id1) {
1562 $foundparent = 1;
1563 last;
1564 } else {
1565##fixme: do we care about trying to return a "no such record/domain/user/group" error?
1566 warn $dbh->errstr." $sql, $id" if $dbh->errstr;
1567 }
1568 # group 1 is its own parent. need this here more to break strange loops than for detecting a parent
1569 last if $result->{$par_col{$type}} == 1;
1570 $id = $result->{$par_col{$type}};
1571 $type = $par_type{$type};
1572 }
1573
1574 return $foundparent;
1575} # end isParent()
1576
1577
1578## DNSDB::domStatus()
1579# Sets and/or returns a domain's status
1580# Takes a database handle, domain ID and optionally a status argument
1581# Returns undef on errors.
1582sub domStatus {
1583 my $dbh = shift;
1584 my $id = shift;
1585 my $newstatus = shift;
1586
1587 return undef if $id !~ /^\d+$/;
1588
1589 my $sth;
1590
1591# ooo, fun! let's see what we were passed for status
1592 if ($newstatus) {
1593 $sth = $dbh->prepare("update domains set status=? where domain_id=?");
1594 # ass-u-me caller knows what's going on in full
1595 if ($newstatus =~ /^[01]$/) { # only two valid for now.
1596 $sth->execute($newstatus,$id);
1597 } elsif ($newstatus =~ /^domo(?:n|ff)$/) {
1598 $sth->execute(($newstatus eq 'domon' ? 1 : 0),$id);
1599 }
1600 }
1601
1602 $sth = $dbh->prepare("select status from domains where domain_id=?");
1603 $sth->execute($id);
1604 my ($status) = $sth->fetchrow_array;
1605 return $status;
1606} # end domStatus()
1607
1608
1609## DNSDB::importAXFR
1610# Import a domain via AXFR
1611# Takes AXFR host, domain to transfer, group to put the domain in,
1612# and optionally:
1613# - active/inactive state flag (defaults to active)
1614# - overwrite-SOA flag (defaults to off)
1615# - overwrite-NS flag (defaults to off, doesn't affect subdomain NS records)
1616# Returns a status code (OK, WARN, or FAIL) and message - message should be blank
1617# if status is OK, but WARN includes conditions that are not fatal but should
1618# really be reported.
1619sub importAXFR {
1620 my $dbh = shift;
1621 my $ifrom_in = shift;
1622 my $domain = shift;
1623 my $group = shift;
1624 my $status = shift || 1;
1625 my $rwsoa = shift || 0;
1626 my $rwns = shift || 0;
1627
1628##fixme: add mode to delete&replace, merge+overwrite, merge new?
1629
1630 my $nrecs = 0;
1631 my $soaflag = 0;
1632 my $nsflag = 0;
1633 my $warnmsg = '';
1634 my $ifrom;
1635
1636 # choke on possible bad setting in ifrom
1637 # IPv4 and v6, and valid hostnames!
1638 ($ifrom) = ($ifrom_in =~ /^([0-9a-f\:.]+|[0-9a-z_.-]+)$/i);
1639 return ('FAIL', "Bad AXFR source host $ifrom")
1640 unless ($ifrom) = ($ifrom_in =~ /^([0-9a-f\:.]+|[0-9a-z_.-]+)$/i);
1641
1642 # Allow transactions, and raise an exception on errors so we can catch it later.
1643 # Use local to make sure these get "reset" properly on exiting this block
1644 local $dbh->{AutoCommit} = 0;
1645 local $dbh->{RaiseError} = 1;
1646
1647 my $sth = $dbh->prepare("SELECT domain_id FROM domains WHERE domain=?");
1648 my $dom_id;
1649
1650# quick check to start to see if we've already got one
1651 $sth->execute($domain);
1652 ($dom_id) = $sth->fetchrow_array;
1653
1654 return ('FAIL', "Domain already exists") if $dom_id;
1655
1656 eval {
1657 # can't do this, can't nest transactions. sigh.
1658 #my ($dcode, $dmsg) = addDomain(dbh, domain, group, status);
1659
1660##fixme: serial
1661 my $sth = $dbh->prepare("INSERT INTO domains (domain,group_id,status) VALUES (?,?,?)");
1662 $sth->execute($domain,$group,$status);
1663
1664## bizarre DBI<->Net::DNS interaction bug:
1665## sometimes a zone will cause an immediate commit-and-exit (sort of) of the while()
1666## fixed, apparently I was doing *something* odd, but not certain what it was that
1667## caused a commit instead of barfing
1668
1669 # get domain id so we can do the records
1670 $sth = $dbh->prepare("SELECT domain_id FROM domains WHERE domain=?");
1671 $sth->execute($domain);
1672 ($dom_id) = $sth->fetchrow_array();
1673
1674 my $res = Net::DNS::Resolver->new;
1675 $res->nameservers($ifrom);
1676 $res->axfr_start($domain)
1677 or die "Couldn't begin AXFR\n";
1678
1679 while (my $rr = $res->axfr_next()) {
1680 my $type = $rr->type;
1681
1682 my $sql = "INSERT INTO records (domain_id,host,type,ttl,val";
1683 my $vallen = "?,?,?,?,?";
1684
1685 $soaflag = 1 if $type eq 'SOA';
1686 $nsflag = 1 if $type eq 'NS';
1687
1688 my @vallist = ($dom_id, $rr->name, $reverse_typemap{$type}, $rr->ttl);
1689
1690# "Primary" types:
1691# A, NS, CNAME, SOA, PTR(warn in forward), MX, TXT, AAAA, SRV, A6(ob), SPF
1692# maybe KEY
1693
1694# nasty big ugly case-like thing here, since we have to do *some* different
1695# processing depending on the record. le sigh.
1696
1697##fixme: what record types other than TXT can/will have >255-byte payloads?
1698
1699 if ($type eq 'A') {
1700 push @vallist, $rr->address;
1701 } elsif ($type eq 'NS') {
1702# hmm. should we warn here if subdomain NS'es are left alone?
1703 next if ($rwns && ($rr->name eq $domain));
1704 push @vallist, $rr->nsdname;
1705 $nsflag = 1;
1706 } elsif ($type eq 'CNAME') {
1707 push @vallist, $rr->cname;
1708 } elsif ($type eq 'SOA') {
1709 next if $rwsoa;
1710 $vallist[1] = $rr->mname.":".$rr->rname;
1711 push @vallist, ($rr->refresh.":".$rr->retry.":".$rr->expire.":".$rr->minimum);
1712 $soaflag = 1;
1713 } elsif ($type eq 'PTR') {
1714 push @vallist, $rr->ptrdname;
1715 # hmm. PTR records should not be in forward zones.
1716 } elsif ($type eq 'MX') {
1717 $sql .= ",distance";
1718 $vallen .= ",?";
1719 push @vallist, $rr->exchange;
1720 push @vallist, $rr->preference;
1721 } elsif ($type eq 'TXT') {
1722##fixme: Net::DNS docs say this should be deprecated for rdatastr() or char_str_list(),
1723## but don't really seem enthusiastic about it.
1724 my $rrdata = $rr->txtdata;
1725 push @vallist, $rrdata;
1726 } elsif ($type eq 'SPF') {
1727##fixme: and the same caveat here, since it is apparently a clone of ::TXT
1728 my $rrdata = $rr->txtdata;
1729 push @vallist, $rrdata;
1730 } elsif ($type eq 'AAAA') {
1731 push @vallist, $rr->address;
1732 } elsif ($type eq 'SRV') {
1733 $sql .= ",distance,weight,port" if $type eq 'SRV';
1734 $vallen .= ",?,?,?" if $type eq 'SRV';
1735 push @vallist, $rr->target;
1736 push @vallist, $rr->priority;
1737 push @vallist, $rr->weight;
1738 push @vallist, $rr->port;
1739 } elsif ($type eq 'KEY') {
1740 # we don't actually know what to do with these...
1741 push @vallist, ($rr->flags.":".$rr->protocol.":".$rr->algorithm.":".$rr->key.":".$rr->keytag.":".$rr->privatekeyname);
1742 } else {
1743 my $rrdata = $rr->rdatastr;
1744 push @vallist, $rrdata;
1745 # Finding a different record type is not fatal.... just problematic.
1746 # We may not be able to export it correctly.
1747 $warnmsg .= "Unusual record ".$rr->name." ($type) found\n";
1748 }
1749
1750# BIND supports:
1751# A CNAME HINFO MB(ex) MD(ob) MF(ob) MG(ex) MINFO(ex) MR(ex) MX NS NULL
1752# PTR SOA TXT WKS AFSDB(ex) ISDN(ex) RP(ex) RT(ex) X25(ex) PX
1753# ... if one can ever find the right magic to format them correctly
1754
1755# Net::DNS supports:
1756# RRSIG SIG NSAP NS NIMLOC NAPTR MX MR MINFO MG MB LOC ISDN IPSECKEY HINFO
1757# EID DNAME CNAME CERT APL AFSDB AAAA A DS NXT NSEC3PARAM NSEC3 NSEC KEY
1758# DNSKEY DLV X25 TXT TSIG TKEY SSHFP SRV SPF SOA RT RP PX PTR NULL APL::AplItem
1759
1760 $sth = $dbh->prepare($sql.") VALUES (".$vallen.")") or die "problem preparing record insert SQL\n";
1761 $sth->execute(@vallist) or die "failed to insert ".$rr->string.": ".$sth->errstr."\n";
1762
1763 $nrecs++;
1764
1765 } # while axfr_next
1766
1767 # Overwrite SOA record
1768 if ($rwsoa) {
1769 $soaflag = 1;
1770 my $sthgetsoa = $dbh->prepare("SELECT host,val,ttl FROM default_records WHERE group_id=? AND type=?");
1771 my $sthputsoa = $dbh->prepare("INSERT INTO records (domain_id,host,type,val,ttl) VALUES (?,?,?,?,?)");
1772 $sthgetsoa->execute($group,$reverse_typemap{SOA});
1773 while (my ($host,$val,$ttl) = $sthgetsoa->fetchrow_array()) {
1774 $host =~ s/DOMAIN/$domain/g;
1775 $val =~ s/DOMAIN/$domain/g;
1776 $sthputsoa->execute($dom_id,$host,$reverse_typemap{SOA},$val,$ttl);
1777 }
1778 }
1779
1780 # Overwrite NS records
1781 if ($rwns) {
1782 $nsflag = 1;
1783 my $sthgetns = $dbh->prepare("SELECT host,val,ttl FROM default_records WHERE group_id=? AND type=?");
1784 my $sthputns = $dbh->prepare("INSERT INTO records (domain_id,host,type,val,ttl) VALUES (?,?,?,?,?)");
1785 $sthgetns->execute($group,$reverse_typemap{NS});
1786 while (my ($host,$val,$ttl) = $sthgetns->fetchrow_array()) {
1787 $host =~ s/DOMAIN/$domain/g;
1788 $val =~ s/DOMAIN/$domain/g;
1789 $sthputns->execute($dom_id,$host,$reverse_typemap{NS},$val,$ttl);
1790 }
1791 }
1792
1793 die "No records found; either $ifrom is not authoritative or doesn't allow transfers\n" if !$nrecs;
1794 die "Bad zone: No SOA record!\n" if !$soaflag;
1795 die "Bad zone: No NS records!\n" if !$nsflag;
1796
1797 $dbh->commit;
1798
1799 };
1800
1801 if ($@) {
1802 my $msg = $@;
1803 eval { $dbh->rollback; };
1804 return ('FAIL',$msg." $warnmsg");
1805 } else {
1806 return ('WARN', $warnmsg) if $warnmsg;
1807 return ('OK',"Imported OK");
1808 }
1809
1810 # it should be impossible to get here.
1811 return ('WARN',"OOOK!");
1812} # end importAXFR()
1813
1814
1815## DNSDB::export()
1816# Export the DNS database, or a part of it
1817# Takes database handle, export type, optional arguments depending on type
1818# Writes zone data to targets as appropriate for type
1819sub export {
1820 my $dbh = shift;
1821 my $target = shift;
1822
1823 if ($target eq 'tiny') {
1824 __export_tiny($dbh,@_);
1825 }
1826# elsif ($target eq 'foo') {
1827# __export_foo($dbh,@_);
1828#}
1829# etc
1830
1831} # end export()
1832
1833
1834## DNSDB::__export_tiny
1835# Internal sub to implement tinyDNS (compatible) export
1836# Takes database handle, filehandle to write export to, optional argument(s)
1837# to determine which data gets exported
1838sub __export_tiny {
1839 my $dbh = shift;
1840 my $datafile = shift;
1841
1842##fixme: slurp up further options to specify particular zone(s) to export
1843
1844 ## Convert a bare number into an octal-coded pair of octets.
1845 # Take optional arg to indicate a decimal or hex input. Defaults to hex.
1846 sub octalize {
1847 my $tmp = shift;
1848 my $srctype = shift || 'h'; # default assumes hex string
1849 $tmp = sprintf "%0.4x", hex($tmp) if $srctype eq 'h'; # 0-pad hex to 4 digits
1850 $tmp = sprintf "%0.4x", $tmp if $srctype eq 'd'; # 0-pad decimal to 4 hex digits
1851 my @o = ($tmp =~ /^(..)(..)$/); # split into octets
1852 return sprintf "\\%0.3o\\%0.3o", hex($o[0]), hex($o[1]);;
1853 }
1854
1855##fixme: fail if $datafile isn't an open, writable file
1856
1857 # easy case - export all evarything
1858 # not-so-easy case - export item(s) specified
1859 # todo: figure out what kind of list we use to export items
1860
1861 my $domsth = $dbh->prepare("SELECT domain_id,domain,status FROM domains WHERE status=1");
1862 my $recsth = $dbh->prepare("SELECT host,type,val,distance,weight,port,ttl ".
1863 "FROM records WHERE domain_id=?");
1864 $domsth->execute();
1865 while (my ($domid,$dom,$domstat) = $domsth->fetchrow_array) {
1866 $recsth->execute($domid);
1867 while (my ($host,$type,$val,$dist,$weight,$port,$ttl) = $recsth->fetchrow_array) {
1868##fixme: need to store location in the db, and retrieve it here.
1869# temporarily hardcoded to empty so we can include it further down.
1870my $loc = '';
1871
1872##fixme: record validity timestamp. tinydns supports fiddling with timestamps.
1873# note $ttl must be set to 0 if we want to use tinydns's auto-expiring timestamps.
1874# timestamps are TAI64
1875# ~~ 2^62 + time()
1876my $stamp = '';
1877
1878# raw packet in unknown format: first byte indicates length
1879# of remaining data, allows up to 255 raw bytes
1880
1881##fixme? append . to all host/val hostnames
1882 if ($typemap{$type} eq 'SOA') {
1883
1884 # host contains pri-ns:responsible
1885 # val is abused to contain refresh:retry:expire:minttl
1886##fixme: "manual" serial vs tinydns-autoserial
1887 print $datafile "Z$host"."::$val:$ttl:$stamp:$loc\n";
1888
1889 } elsif ($typemap{$type} eq 'A') {
1890
1891 print $datafile "+$host:$val:$ttl:$stamp:$loc\n";
1892
1893 } elsif ($typemap{$type} eq 'NS') {
1894
1895 print $datafile "\&$host"."::$val:$ttl:$stamp:$loc\n";
1896
1897 } elsif ($typemap{$type} eq 'AAAA') {
1898
1899 print $datafile ":$host:28:";
1900 my $altgrp = 0;
1901 my @altconv;
1902 # Split in to up to 8 groups of hex digits (allows for IPv6 :: 0-collapsing)
1903 foreach (split /:/, $val) {
1904 if (/^$/) {
1905 # flag blank entry; this is a series of 0's of (currently) unknown length
1906 $altconv[$altgrp++] = 's';
1907 } else {
1908 # call sub to convert 1-4 hex digits to 2 string-rep octal bytes
1909 $altconv[$altgrp++] = octalize($_)
1910 }
1911 }
1912 foreach my $octet (@altconv) {
1913 # if not 's', output
1914 print $datafile $octet unless $octet =~ /^s$/;
1915 # if 's', output (9-array length)x literal '\000\000'
1916 print $datafile '\000\000'x(9-$altgrp) if $octet =~ /^s$/;
1917 }
1918 print $datafile ":$ttl:$stamp:$loc\n";
1919
1920 } elsif ($typemap{$type} eq 'MX') {
1921
1922 print $datafile "\@$host"."::$val:$dist:$ttl:$stamp:$loc\n";
1923
1924 } elsif ($typemap{$type} eq 'TXT') {
1925
1926##fixme: split v-e-r-y long TXT strings? will need to do so for BIND export, at least
1927 $val =~ s/:/\\072/g; # may need to replace other symbols
1928 print $datafile "'$host:$val:$ttl:$stamp:$loc\n";
1929
1930# by-hand TXT
1931#:deepnet.cx:16:2v\075spf1\040a\040a\072bacon.deepnet.cx\040a\072home.deepnet.cx\040-all:3600
1932#@ IN TXT "v=spf1 a a:bacon.deepnet.cx a:home.deepnet.cx -all"
1933#'deepnet.cx:v=spf1 a a\072bacon.deepnet.cx a\072home.deepnet.cx -all:3600
1934
1935#txttest IN TXT "v=foo bar:bob kn;ob' \" !@#$%^&*()-=_+[]{}<>?"
1936#:txttest.deepnet.cx:16:\054v\075foo\040bar\072bob\040kn\073ob\047\040\042\040\041\100\043\044\045\136\046\052\050\051-\075\137\053\133\135\173\175\074\076\077:3600
1937
1938# very long TXT record as brought in by axfr-get
1939# note tinydns does not support >512-byte RR data, need axfr-dns (for TCP support) for that
1940# also note, tinydns does not seem to support <512, >256-byte RRdata from axfr-get either. :/
1941#:longtxt.deepnet.cx:16:
1942#\170this is a very long txt record. it is really long. long. very long. really very long. this is a very long txt record.
1943#\263 it is really long. long. very long. really very long. this is a very long txt record. it is really long. long. very long. really very long. this is a very long txt record.
1944#\351 it is really long. long. very long. really very long.this is a very long txt record. it is really long. long. very long. really very long. this is a very long txt record. it is really long. long. very long. really very long.
1945#:3600
1946
1947 } elsif ($typemap{$type} eq 'CNAME') {
1948
1949 print $datafile "C$host:$val:$ttl:$stamp:$loc\n";
1950
1951 } elsif ($typemap{$type} eq 'SRV') {
1952
1953 # data is two-byte values for priority, weight, port, in that order,
1954 # followed by length/string data
1955
1956 print $datafile ":$host:33:".octalize($dist,'d').octalize($weight,'d').octalize($port,'d');
1957
1958 $val .= '.' if $val !~ /\.$/;
1959 foreach (split /\./, $val) {
1960 printf $datafile "\\%0.3o%s", length($_), $_;
1961 }
1962 print $datafile "\\000:$ttl:$stamp:$loc\n";
1963
1964 } elsif ($typemap{$type} eq 'RP') {
1965
1966 # RP consists of two mostly free-form strings.
1967 # The first is supposed to be an email address with @ replaced by . (as with the SOA contact)
1968 # The second is the "hostname" of a TXT record with more info.
1969 print $datafile ":$host:17:";
1970 my ($who,$what) = split /\s/, $val;
1971 foreach (split /\./, $who) {
1972 printf $datafile "\\%0.3o%s", length($_), $_;
1973 }
1974 print $datafile '\000';
1975 foreach (split /\./, $what) {
1976 printf $datafile "\\%0.3o%s", length($_), $_;
1977 }
1978 print $datafile "\\000:$ttl:$stamp:$loc\n";
1979
1980 } elsif ($typemap{$type} eq 'PTR') {
1981
1982 # must handle both IPv4 and IPv6
1983##work
1984 # data should already be in suitable reverse order.
1985 print $datafile "^$host:$val:$ttl:$stamp:$loc\n";
1986
1987 } else {
1988 # raw record. we don't know what's in here, so we ASS-U-ME the user has
1989 # put it in correctly, since either the user is messing directly with the
1990 # database, or the record was imported via AXFR
1991 # <split by char>
1992 # convert anything not a-zA-Z0-9.- to octal coding
1993
1994##fixme: add flag to export "unknown" record types - note we'll probably end up
1995# mangling them since they were written to the DB from Net::DNS::RR::<type>->rdatastr.
1996 #print $datafile ":$host:$type:$val:$ttl:$stamp:$loc\n";
1997
1998 } # record type if-else
1999
2000 } # while ($recsth)
2001 } # while ($domsth)
2002} # end __export_tiny()
2003
2004
2005# shut Perl up
20061;
Note: See TracBrowser for help on using the repository browser.