Context Navigation

source: trunk/DNSDB.pm@ 104

Last change on this file since 104 was 104, checked in by Kris Deugau, 13 years ago

/trunk

Tweak getDomRecs() to "correctly" sort domain records on type

(alphabetic instead of DNS RR type number)

Property svn:keywords set to Date Rev Author Id

File size: 52.7 KB

Line
1	# dns/trunk/DNSDB.pm
2	# Abstraction functions for DNS administration
3	###
4	# SVN revision info
5	# $Date: 2011-07-15 19:41:54 +0000 (Fri, 15 Jul 2011) $
6	# SVN revision $Rev: 104 $
7	# Last update by $Author: kdeugau $
8	###
9	# Copyright (C) 2008 - Kris Deugau <kdeugau@deepnet.cx>
10
11	package DNSDB;
12
13	use strict;
14	use warnings;
15	use Exporter;
16	use DBI;
17	use Net::DNS;
18	use Crypt::PasswdMD5;
19	#use Net::SMTP;
20	#use NetAddr::IP qw( Compact );
21	#use POSIX;
22	use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
23
24	$VERSION = 0.1;
25	@ISA = qw(Exporter);
26	@EXPORT_OK = qw(
27	&initGlobals
28	&initPermissions &getPermissions &changePermissions &comparePermissions
29	&connectDB &finish
30	&addDomain &delDomain &domainName &domainID
31	&addGroup &delGroup &getChildren &groupName
32	&addUser &updateUser &delUser &userFullName &userStatus &getUserData
33	&getSOA &getRecLine &getDomRecs &getRecCount
34	&addRec &updateRec &delRec
35	&domStatus &importAXFR
36	&export
37	%typemap %reverse_typemap
38	%permissions @permtypes $permlist
39	);
40
41	@EXPORT = (); # Export nothing by default.
42	%EXPORT_TAGS = ( ALL => [qw(
43	&initGlobals
44	&initPermissions &getPermissions &changePermissions &comparePermissions
45	&connectDB &finish
46	&addDomain &delDomain &domainName &domainID
47	&addGroup &delGroup &getChildren &groupName
48	&addUser &updateUser &delUser &userFullName &userStatus &getUserData
49	&getSOA &getRecLine &getDomRecs &getRecCount
50	&addRec &updateRec &delRec
51	&domStatus &importAXFR
52	&export
53	%typemap %reverse_typemap
54	%permissions @permtypes $permlist
55	)]
56	);
57
58	our $group = 1;
59	our $errstr = '';
60
61	# Halfway sane defaults for SOA, TTL, etc.
62	# serial defaults to 0 for convenience.
63	# value will be either YYYYMMDDNN for BIND/etc, or auto-internal for tinydns
64	our %def = qw (
65	contact hostmaster.DOMAIN
66	prins ns1.myserver.com
67	serial 0
68	soattl 86400
69	refresh 10800
70	retry 3600
71	expire 604800
72	minttl 10800
73	ttl 10800
74	);
75
76	# Arguably defined wholly in the db, but little reason to change without supporting code changes
77	our @permtypes = qw (
78	group_edit group_create group_delete
79	user_edit user_create user_delete
80	domain_edit domain_create domain_delete
81	record_edit record_create record_delete
82	self_edit admin
83	);
84	our $permlist = join(',',@permtypes);
85
86	# DNS record type map and reverse map.
87	# loaded from the database, from http://www.iana.org/assignments/dns-parameters
88	our %typemap;
89	our %reverse_typemap;
90
91	our %permissions;
92
93	##
94	## Initialization and cleanup subs
95	##
96
97
98	## DNSDB::connectDB()
99	# Creates connection to DNS database.
100	# Requires the database name, username, and password.
101	# Returns a handle to the db.
102	# Set up for a PostgreSQL db; could be any transactional DBMS with the
103	# right changes.
104	sub connectDB {
105	$errstr = '';
106	my $dbname = shift;
107	my $user = shift;
108	my $pass = shift;
109	my $dbh;
110	my $DSN = "DBI:Pg:dbname=$dbname";
111
112	my $host = shift;
113	$DSN .= ";host=$host" if $host;
114
115	# Note that we want to autocommit by default, and we will turn it off locally as necessary.
116	# We may not want to print gobbledygook errors; YMMV. Have to ponder that further.
117	$dbh = DBI->connect($DSN, $user, $pass, {
118	AutoCommit => 1,
119	PrintError => 0
120	})
121	or return (undef, $DBI::errstr) if(!$dbh);
122
123	# Return here if we can't select. Note that this indicates a
124	# problem executing the select.
125	my $sth = $dbh->prepare("select group_id from groups limit 1");
126	$sth->execute();
127	return (undef,$DBI::errstr) if ($sth->err);
128
129	# See if the select returned anything (or null data). This should
130	# succeed if the select executed, but...
131	$sth->fetchrow();
132	return (undef,$DBI::errstr) if ($sth->err);
133
134	$sth->finish;
135
136	# If we get here, we should be OK.
137	return ($dbh,"DB connection OK");
138	} # end connectDB
139
140
141	## DNSDB::finish()
142	# Cleans up after database handles and so on.
143	# Requires a database handle
144	sub finish {
145	my $dbh = $_[0];
146	$dbh->disconnect;
147	} # end finish
148
149
150	## DNSDB::initGlobals()
151	# Initialize global variables
152	# NB: this does NOT include web-specific session variables!
153	# Requires a database handle
154	sub initGlobals {
155	my $dbh = shift;
156
157	# load system-wide site defaults and things from config file
158	if (open SYSDEFAULTS, "</etc/dnsdb.conf") {
159	##fixme - error check!
160	while (<SYSDEFAULTS>) {
161	next if /^\s*#/;
162	$def{contact} = $1 if /contact ?= ?([a-z0-9_.-]+)/i;
163	$def{prins} = $1 if /prins ?= ?([a-z0-9_.-]+)/i;
164	$def{soattl} = $1 if /soattl ?= ?([a-z0-9_.-]+)/i;
165	$def{refresh} = $1 if /refresh ?= ?([a-z0-9_.-]+)/i;
166	$def{retry} = $1 if /retry ?= ?([a-z0-9_.-]+)/i;
167	$def{expire} = $1 if /expire ?= ?([a-z0-9_.-]+)/i;
168	$def{minttl} = $1 if /minttl ?= ?([a-z0-9_.-]+)/i;
169	$def{ttl} = $1 if /ttl ?= ?([a-z0-9_.-]+)/i;
170	##fixme? load DB user/pass from config file?
171	}
172	}
173	# load from database
174	my $sth = $dbh->prepare("select val,name from rectypes");
175	$sth->execute;
176	while (my ($recval,$recname) = $sth->fetchrow_array()) {
177	$typemap{$recval} = $recname;
178	$reverse_typemap{$recname} = $recval;
179	}
180	} # end initGlobals
181
182
183	## DNSDB::initPermissions()
184	# Set up permissions global
185	# Takes database handle and UID
186	sub initPermissions {
187	my $dbh = shift;
188	my $uid = shift;
189
190	# %permissions = $(getPermissions($dbh,'user',$uid));
191	getPermissions($dbh, 'user', $uid, \%permissions);
192
193	} # end initPermissions()
194
195
196	## DNSDB::getPermissions()
197	# Get permissions from DB
198	# Requires DB handle, group or user flag, ID, and hashref.
199	sub getPermissions {
200	my $dbh = shift;
201	my $type = shift;
202	my $id = shift;
203	my $hash = shift;
204
205	my $sql = qq(
206	SELECT
207	p.admin,p.self_edit,
208	p.group_create,p.group_edit,p.group_delete,
209	p.user_create,p.user_edit,p.user_delete,
210	p.domain_create,p.domain_edit,p.domain_delete,
211	p.record_create,p.record_edit,p.record_delete
212	FROM permissions p
213	);
214	if ($type eq 'group') {
215	$sql .= qq(
216	JOIN groups g ON g.permission_id=p.permission_id
217	WHERE g.group_id=?
218	);
219	} else {
220	$sql .= qq(
221	JOIN users u ON u.permission_id=p.permission_id
222	WHERE u.user_id=?
223	);
224	}
225
226	my $sth = $dbh->prepare($sql);
227
228	$sth->execute($id) or die "argh: ".$sth->errstr;
229
230	# my $permref = $sth->fetchrow_hashref;
231	# return $permref;
232	# $hash = $permref;
233	# Eww. Need to learn how to forcibly drop a hashref onto an existing hash.
234	($hash->{admin},$hash->{self_edit},
235	$hash->{group_create},$hash->{group_edit},$hash->{group_delete},
236	$hash->{user_create},$hash->{user_edit},$hash->{user_delete},
237	$hash->{domain_create},$hash->{domain_edit},$hash->{domain_delete},
238	$hash->{record_create},$hash->{record_edit},$hash->{record_delete})
239	= $sth->fetchrow_array;
240
241	} # end getPermissions()
242
243
244	## DNSDB::changePermissions()
245	# Update an ACL entry
246	# Takes a db handle, type, owner-id, and hashref for the changed permissions.
247	sub changePermissions {
248	my $dbh = shift;
249	my $type = shift;
250	my $id = shift;
251	my $newperms = shift;
252	my $inherit = shift \|\| 0;
253
254	my $failmsg = '';
255
256	# see if we're switching from inherited to custom. for bonus points,
257	# snag the permid and parent permid anyway, since we'll need the permid
258	# to set/alter custom perms, and both if we're switching from custom to
259	# inherited.
260	my $sth = $dbh->prepare("SELECT (u.permission_id=g.permission_id) AS was_inherited,u.permission_id,g.permission_id".
261	" FROM ".($type eq 'user' ? 'users' : 'groups')." u ".
262	" JOIN groups g ON u.".($type eq 'user' ? '' : 'parent_')."group_id=g.group_id ".
263	" WHERE u.".($type eq 'user' ? 'user' : 'group')."_id=?");
264	$sth->execute($id);
265
266	my ($wasinherited,$permid,$parpermid) = $sth->fetchrow_array;
267
268	# hack phtoui
269	# group id 1 is "special" in that it's it's own parent (err... possibly.)
270	# may make its parent id 0 which doesn't exist, and as a bonus is Perl-false.
271	$wasinherited = 0 if ($type eq 'group' && $id == 1);
272
273	local $dbh->{AutoCommit} = 0;
274	local $dbh->{RaiseError} = 1;
275
276	# Wrap all the SQL in a transaction
277	eval {
278	if ($inherit) {
279
280	$dbh->do("UPDATE ".($type eq 'user' ? 'users' : 'groups')." SET inherit_perm='t',permission_id=? ".
281	"WHERE ".($type eq 'user' ? 'user' : 'group')."_id=?", undef, ($parpermid, $id) );
282	$dbh->do("DELETE FROM permissions WHERE permission_id=?", undef, ($permid) );
283
284	} else {
285
286	if ($wasinherited) { # munge new permission entry in if we're switching from inherited perms
287	##fixme: need to add semirecursive bit to properly munge inherited permission ID on subgroups and users
288	# ... if'n'when we have groups with fully inherited permissions.
289	# SQL is coo
290	$dbh->do("INSERT INTO permissions ($permlist,".($type eq 'user' ? 'user' : 'group')."_id) ".
291	"SELECT $permlist,? FROM permissions WHERE permission_id=?", undef, ($id,$permid) );
292	($permid) = $dbh->selectrow_array("SELECT permission_id FROM permissions ".
293	"WHERE ".($type eq 'user' ? 'user' : 'group')."_id=?", undef, ($id) );
294	$dbh->do("UPDATE ".($type eq 'user' ? 'users' : 'groups')." SET inherit_perm='f',permission_id=? ".
295	"WHERE ".($type eq 'user' ? 'user' : 'group')."_id=?", undef, ($permid, $id) );
296	}
297
298	# and now set the permissions we were passed
299	foreach (@permtypes) {
300	if (defined ($newperms->{$_})) {
301	$dbh->do("UPDATE permissions SET $_=? WHERE permission_id=?", undef, ($newperms->{$_},$permid) );
302	}
303	}
304
305	} # (inherited->)? custom
306
307	$dbh->commit;
308	}; # end eval
309	if ($@) {
310	my $msg = $@;
311	eval { $dbh->rollback; };
312	return ('FAIL',"$failmsg: $msg ($permid)");
313	} else {
314	return ('OK',$permid);
315	}
316
317	} # end changePermissions()
318
319
320	## DNSDB::comparePermissions()
321	# Compare two permission hashes
322	# Returns '>', '<', '=', '!'
323	sub comparePermissions {
324	my $p1 = shift;
325	my $p2 = shift;
326
327	my $retval = '='; # assume equality until proven otherwise
328
329	no warnings "uninitialized";
330
331	foreach (@permtypes) {
332	next if $p1->{$_} == $p2->{$_}; # equal is good
333	if ($p1->{$_} && !$p2->{$_}) {
334	if ($retval eq '<') { # if we've already found an unequal pair where
335	$retval = '!'; # $p2 has more access, and we now find a pair
336	last; # where $p1 has more access, the overall access
337	} # is neither greater or lesser, it's unequal.
338	$retval = '>';
339	}
340	if (!$p1->{$_} && $p2->{$_}) {
341	if ($retval eq '>') { # if we've already found an unequal pair where
342	$retval = '!'; # $p1 has more access, and we now find a pair
343	last; # where $p2 has more access, the overall access
344	} # is neither greater or lesser, it's unequal.
345	$retval = '<';
346	}
347	}
348	return $retval;
349	} # end comparePermissions()
350
351
352	## DNSDB::_log()
353	# Log an action
354	# Internal sub
355	# Takes a database handle, <foo>, <bar>
356	sub _log {
357	} # end _log
358
359
360	##
361	## Processing subs
362	##
363
364	## DNSDB::addDomain()
365	# Add a domain
366	# Takes a database handle, domain name, numeric group, and boolean(ish) state (active/inactive)
367	# Returns a status code and message
368	sub addDomain {
369	$errstr = '';
370	my $dbh = shift;
371	return ('FAIL',"Need database handle") if !$dbh;
372	my $domain = shift;
373	return ('FAIL',"Domain must not be blank") if !$domain;
374	my $group = shift;
375	return ('FAIL',"Need group") if !defined($group);
376	my $state = shift;
377	return ('FAIL',"Need domain status") if !defined($state);
378
379	my $sth = $dbh->prepare("SELECT domain_id FROM domains WHERE domain=?");
380	my $dom_id;
381
382	# quick check to start to see if we've already got one
383	$sth->execute($domain);
384	($dom_id) = $sth->fetchrow_array;
385
386	return ('FAIL', "Domain already exists") if $dom_id;
387
388	# Allow transactions, and raise an exception on errors so we can catch it later.
389	# Use local to make sure these get "reset" properly on exiting this block
390	local $dbh->{AutoCommit} = 0;
391	local $dbh->{RaiseError} = 1;
392
393	# Wrap all the SQL in a transaction
394	eval {
395	# insert the domain...
396	my $sth = $dbh->prepare("insert into domains (domain,group_id,status) values (?,?,?)");
397	$sth->execute($domain,$group,$state);
398
399	# get the ID...
400	$sth = $dbh->prepare("select domain_id from domains where domain='$domain'");
401	$sth->execute;
402	($dom_id) = $sth->fetchrow_array();
403
404	# ... and now we construct the standard records from the default set. NB: group should be variable.
405	$sth = $dbh->prepare("select host,type,val,distance,weight,port,ttl from default_records where group_id=$group");
406	my $sth_in = $dbh->prepare("insert into records (domain_id,host,type,val,distance,weight,port,ttl)".
407	" values ($dom_id,?,?,?,?,?,?,?)");
408	$sth->execute;
409	while (my ($host,$type,$val,$dist,$weight,$port,$ttl) = $sth->fetchrow_array()) {
410	$host =~ s/DOMAIN/$domain/g;
411	$val =~ s/DOMAIN/$domain/g;
412	$sth_in->execute($host,$type,$val,$dist,$weight,$port,$ttl);
413	}
414
415	# once we get here, we should have suceeded.
416	$dbh->commit;
417	}; # end eval
418
419	if ($@) {
420	my $msg = $@;
421	eval { $dbh->rollback; };
422	return ('FAIL',$msg);
423	} else {
424	return ('OK',$dom_id);
425	}
426	} # end addDomain
427
428
429	## DNSDB::delDomain()
430	# Delete a domain.
431	# for now, just delete the records, then the domain.
432	# later we may want to archive it in some way instead (status code 2, for example?)
433	sub delDomain {
434	my $dbh = shift;
435	my $domid = shift;
436
437	# Allow transactions, and raise an exception on errors so we can catch it later.
438	# Use local to make sure these get "reset" properly on exiting this block
439	local $dbh->{AutoCommit} = 0;
440	local $dbh->{RaiseError} = 1;
441
442	my $failmsg = '';
443
444	# Wrap all the SQL in a transaction
445	eval {
446	my $sth = $dbh->prepare("delete from records where domain_id=?");
447	$failmsg = "Failure removing domain records";
448	$sth->execute($domid);
449	$sth = $dbh->prepare("delete from domains where domain_id=?");
450	$failmsg = "Failure removing domain";
451	$sth->execute($domid);
452
453	# once we get here, we should have suceeded.
454	$dbh->commit;
455	}; # end eval
456
457	if ($@) {
458	my $msg = $@;
459	eval { $dbh->rollback; };
460	return ('FAIL',"$failmsg: $msg");
461	} else {
462	return ('OK','OK');
463	}
464
465	} # end delDomain()
466
467
468	## DNSDB::domainName()
469	# Return the domain name based on a domain ID
470	# Takes a database handle and the domain ID
471	# Returns the domain name or undef on failure
472	sub domainName {
473	$errstr = '';
474	my $dbh = shift;
475	my $domid = shift;
476	my ($domname) = $dbh->selectrow_array("SELECT domain FROM domains WHERE domain_id=?", undef, ($domid) );
477	$errstr = $DBI::errstr if !$domname;
478	return $domname if $domname;
479	} # end domainName()
480
481
482	## DNSDB::domainID()
483	# Takes a database handle and domain name
484	# Returns the domain ID number
485	sub domainID {
486	$errstr = '';
487	my $dbh = shift;
488	my $domain = shift;
489	my ($domid) = $dbh->selectrow_array("SELECT domain_id FROM domains WHERE domain=?", undef, ($domain) );
490	$errstr = $DBI::errstr if !$domid;
491	return $domid if $domid;
492	} # end domainID()
493
494
495	## DNSDB::addGroup()
496	# Add a group
497	# Takes a database handle, group name, parent group, hashref for permissions,
498	# and optional template-vs-cloneme flag
499	# Returns a status code and message
500	sub addGroup {
501	$errstr = '';
502	my $dbh = shift;
503	my $groupname = shift;
504	my $pargroup = shift;
505	my $permissions = shift;
506
507	# 0 indicates "custom", hardcoded.
508	# Any other value clones that group's default records, if it exists.
509	my $inherit = shift \|\| 0;
510	##fixme: need a flag to indicate clone records or <?> ?
511
512	# Allow transactions, and raise an exception on errors so we can catch it later.
513	# Use local to make sure these get "reset" properly on exiting this block
514	local $dbh->{AutoCommit} = 0;
515	local $dbh->{RaiseError} = 1;
516
517	my $sth = $dbh->prepare("SELECT group_id FROM groups WHERE group_name=?");
518	my $group_id;
519
520	# quick check to start to see if we've already got one
521	$sth->execute($groupname);
522	($group_id) = $sth->fetchrow_array;
523
524	return ('FAIL', "Group already exists") if $group_id;
525
526	# Wrap all the SQL in a transaction
527	eval {
528	$sth = $dbh->prepare("INSERT INTO groups (parent_group_id,group_name) VALUES (?,?)");
529	$sth->execute($pargroup,$groupname);
530
531	$sth = $dbh->prepare("SELECT group_id FROM groups WHERE group_name=?");
532	$sth->execute($groupname);
533	my ($groupid) = $sth->fetchrow_array();
534
535	# Permissions
536	if ($inherit) {
537	} else {
538	my @permvals;
539	foreach (@permtypes) {
540	if (!defined ($permissions->{$_})) {
541	push @permvals, 0;
542	} else {
543	push @permvals, $permissions->{$_};
544	}
545	}
546
547	$sth = $dbh->prepare("INSERT INTO permissions (group_id,$permlist) values (?".',?'x($#permtypes+1).")");
548	$sth->execute($groupid,@permvals);
549
550	$sth = $dbh->prepare("SELECT permission_id FROM permissions WHERE group_id=?");
551	$sth->execute($groupid);
552	my ($permid) = $sth->fetchrow_array();
553
554	$dbh->do("UPDATE groups SET permission_id=$permid WHERE group_id=$groupid");
555	} # done permission fiddling
556
557	# Default records
558	$sth = $dbh->prepare("INSERT INTO default_records (group_id,host,type,val,distance,weight,port,ttl) ".
559	"VALUES ($groupid,?,?,?,?,?,?,?)");
560	if ($inherit) {
561	# Duplicate records from parent. Actually relying on inherited records feels
562	# very fragile, and it would be problematic to roll over at a later time.
563	my $sth2 = $dbh->prepare("SELECT host,type,val,distance,weight,port,ttl FROM default_records WHERE group_id=?");
564	$sth2->execute($pargroup);
565	while (my @clonedata = $sth2->fetchrow_array) {
566	$sth->execute(@clonedata);
567	}
568	} else {
569	##fixme: Hardcoding is Bad, mmmmkaaaay?
570	# reasonable basic defaults for SOA, MX, NS, and minimal hosting
571	# could load from a config file, but somewhere along the line we need hardcoded bits.
572	$sth->execute('ns1.example.com:hostmaster.example.com', 6, '10800:3600:604800:10800', 0, 0, 0, 86400);
573	$sth->execute('DOMAIN', 1, '192.168.4.2', 0, 0, 0, 7200);
574	$sth->execute('DOMAIN', 15, 'mx.example.com', 10, 0, 0, 7200);
575	$sth->execute('DOMAIN', 2, 'ns1.example.com', 0, 0, 0, 7200);
576	$sth->execute('DOMAIN', 2, 'ns2.example.com', 0, 0, 0, 7200);
577	$sth->execute('www.DOMAIN', 5, 'DOMAIN', 0, 0, 0, 7200);
578	}
579
580	# once we get here, we should have suceeded.
581	$dbh->commit;
582	}; # end eval
583
584	if ($@) {
585	my $msg = $@;
586	eval { $dbh->rollback; };
587	return ('FAIL',$msg);
588	} else {
589	return ('OK','OK');
590	}
591
592	} # end addGroup()
593
594
595	## DNSDB::delGroup()
596	# Delete a group.
597	# Takes a group ID
598	# Returns a status code and message
599	sub delGroup {
600	my $dbh = shift;
601	my $groupid = shift;
602
603	# Allow transactions, and raise an exception on errors so we can catch it later.
604	# Use local to make sure these get "reset" properly on exiting this block
605	local $dbh->{AutoCommit} = 0;
606	local $dbh->{RaiseError} = 1;
607
608	##fixme: locate "knowable" error conditions and deal with them before the eval
609	# ... or inside, whatever.
610	# -> domains still exist in group
611	# -> ...
612	my $failmsg = '';
613
614	# Wrap all the SQL in a transaction
615	eval {
616	my $sth = $dbh->prepare("SELECT count(*) FROM domains WHERE group_id=?");
617	$sth->execute($groupid);
618	my ($domcnt) = $sth->fetchrow_array;
619	$failmsg = "Can't remove group ".groupName($dbh,$groupid);
620	die "$domcnt domains still in group\n" if $domcnt;
621
622	$sth = $dbh->prepare("delete from default_records where group_id=?");
623	$failmsg = "Failed to delete default records for ".groupName($dbh,$groupid);
624	$sth->execute($groupid);
625	$sth = $dbh->prepare("delete from groups where group_id=?");
626	$failmsg = "Failed to remove group ".groupName($dbh,$groupid);
627	$sth->execute($groupid);
628
629	# once we get here, we should have suceeded.
630	$dbh->commit;
631	}; # end eval
632
633	if ($@) {
634	my $msg = $@;
635	eval { $dbh->rollback; };
636	return ('FAIL',"$failmsg: $msg");
637	} else {
638	return ('OK','OK');
639	}
640	} # end delGroup()
641
642
643	## DNSDB::getChildren()
644	# Get a list of all groups whose parent^n is group <n>
645	# Takes a database handle, group ID, reference to an array to put the group IDs in,
646	# and an optional flag to return only immediate children or all children-of-children
647	# default to returning all children
648	# Calls itself
649	sub getChildren {
650	$errstr = '';
651	my $dbh = shift;
652	my $rootgroup = shift;
653	my $groupdest = shift;
654	my $immed = shift \|\| 'all';
655
656	# special break for default group; otherwise we get stuck.
657	if ($rootgroup == 1) {
658	# by definition, group 1 is the Root Of All Groups
659	my $sth = $dbh->prepare("SELECT group_id FROM groups WHERE NOT (group_id=1)".
660	($immed ne 'all' ? " AND parent_group_id=1" : ''));
661	$sth->execute;
662	while (my @this = $sth->fetchrow_array) {
663	push @$groupdest, @this;
664	}
665	} else {
666	my $sth = $dbh->prepare("SELECT group_id FROM groups WHERE parent_group_id=?");
667	$sth->execute($rootgroup);
668	return if $sth->rows == 0;
669	my @grouplist;
670	while (my ($group) = $sth->fetchrow_array) {
671	push @$groupdest, $group;
672	getChildren($dbh,$group,$groupdest) if $immed eq 'all';
673	}
674	}
675	} # end getChildren()
676
677
678	## DNSDB::groupName()
679	# Return the group name based on a group ID
680	# Takes a database handle and the group ID
681	# Returns the group name or undef on failure
682	sub groupName {
683	$errstr = '';
684	my $dbh = shift;
685	my $groupid = shift;
686	my $sth = $dbh->prepare("SELECT group_name FROM groups WHERE group_id=?");
687	$sth->execute($groupid);
688	my ($groupname) = $sth->fetchrow_array();
689	$errstr = $DBI::errstr if !$groupname;
690	return $groupname if $groupname;
691	} # end groupName
692
693
694	## DNSDB::addUser()
695	# Add a user.
696	# Takes a DB handle, username, group ID, password, state (active/inactive).
697	# Optionally accepts:
698	# user type (user/admin) - defaults to user
699	# permissions string - defaults to inherit from group
700	# three valid forms:
701	# i - Inherit permissions
702	# c:<user_id> - Clone permissions from <user_id>
703	# C:<permission list> - Set these specific permissions
704	# first name - defaults to username
705	# last name - defaults to blank
706	# phone - defaults to blank (could put other data within column def)
707	# Returns (OK,<uid>) on success, (FAIL,<message>) on failure
708	sub addUser {
709	$errstr = '';
710	my $dbh = shift;
711	my $username = shift;
712	my $group = shift;
713	my $pass = shift;
714	my $state = shift;
715
716	return ('FAIL', "Missing one or more required entries") if !defined($state);
717	return ('FAIL', "Username must not be blank") if !$username;
718
719	my $type = shift \|\| 'u'; # create limited users by default - fwiw, not sure yet how this will interact with ACLs
720
721	my $permstring = shift \|\| 'i'; # default is to inhert permissions from group
722
723	my $fname = shift \|\| $username;
724	my $lname = shift \|\| '';
725	my $phone = shift \|\| ''; # not going format-check
726
727	my $sth = $dbh->prepare("SELECT user_id FROM users WHERE username=?");
728	my $user_id;
729
730	# quick check to start to see if we've already got one
731	$sth->execute($username);
732	($user_id) = $sth->fetchrow_array;
733
734	return ('FAIL', "User already exists") if $user_id;
735
736	# Allow transactions, and raise an exception on errors so we can catch it later.
737	# Use local to make sure these get "reset" properly on exiting this block
738	local $dbh->{AutoCommit} = 0;
739	local $dbh->{RaiseError} = 1;
740
741	my $failmsg = '';
742
743	# Wrap all the SQL in a transaction
744	eval {
745	# insert the user... note we set inherited perms by default since
746	# it's simple and cleans up some other bits of state
747	my $sth = $dbh->prepare("INSERT INTO users ".
748	"(group_id,username,password,firstname,lastname,phone,type,status,permission_id,inherit_perm) ".
749	"VALUES (?,?,?,?,?,?,?,?,(SELECT permission_id FROM permissions WHERE group_id=?),'t')");
750	$sth->execute($group,$username,unix_md5_crypt($pass),$fname,$lname,$phone,$type,$state,$group);
751
752	# get the ID...
753	($user_id) = $dbh->selectrow_array("SELECT currval('users_user_id_seq')");
754
755	# Permissions! Gotta set'em all!
756	die "Invalid permission string $permstring"
757	if $permstring !~ /^(?:
758	i # inherit
759	\|c:\d+ # clone
760	# custom. no, the leading , is not a typo
761	\|C:(?:,(?:group\|user\|domain\|record\|self)_(?:edit\|create\|delete))+
762	)$/x;
763	# bleh. I'd call another function to do my dirty work, but we're in the middle of a transaction already.
764	if ($permstring ne 'i') {
765	# for cloned or custom permissions, we have to create a new permissions entry.
766	my $clonesrc = $group;
767	if ($permstring =~ /^c:(\d+)/) { $clonesrc = $1; }
768	$dbh->do("INSERT INTO permissions ($permlist,user_id) ".
769	"SELECT $permlist,? FROM permissions WHERE permission_id=".
770	"(SELECT permission_id FROM permissions WHERE ".($permstring =~ /^c:/ ? 'user' : 'group')."_id=?)",
771	undef, ($user_id,$clonesrc) );
772	$dbh->do("UPDATE users SET permission_id=".
773	"(SELECT permission_id FROM permissions WHERE user_id=?) ".
774	"WHERE user_id=?", undef, ($user_id, $user_id) );
775	}
776	if ($permstring =~ /^C:/) {
777	# finally for custom permissions, we set the passed-in permissions (and unset
778	# any that might have been brought in by the clone operation above)
779	my ($permid) = $dbh->selectrow_array("SELECT permission_id FROM permissions WHERE user_id=?",
780	undef, ($user_id) );
781	foreach (@permtypes) {
782	if ($permstring =~ /,$_/) {
783	$dbh->do("UPDATE permissions SET $_='t' WHERE permission_id=?", undef, ($permid) );
784	} else {
785	$dbh->do("UPDATE permissions SET $_='f' WHERE permission_id=?", undef, ($permid) );
786	}
787	}
788	}
789
790	$dbh->do("UPDATE users SET inherit_perm='n' WHERE user_id=?", undef, ($user_id) );
791
792	##fixme: add another table to hold name/email for log table?
793
794	# once we get here, we should have suceeded.
795	$dbh->commit;
796	}; # end eval
797
798	if ($@) {
799	my $msg = $@;
800	eval { $dbh->rollback; };
801	return ('FAIL',$msg." $failmsg");
802	} else {
803	return ('OK',$user_id);
804	}
805	} # end addUser
806
807
808	## DNSDB::checkUser()
809	# Check user/pass combo on login
810	sub checkUser {
811	my $dbh = shift;
812	my $user = shift;
813	my $inpass = shift;
814
815	my $sth = $dbh->prepare("SELECT user_id,group_id,password,firstname,lastname FROM users WHERE username=?");
816	$sth->execute($user);
817	my ($uid,$gid,$pass,$fname,$lname) = $sth->fetchrow_array;
818	my $loginfailed = 1 if !defined($uid);
819
820	if ($pass =~ m\|^\$1\$([A-Za-z0-9/.]+)\$\|) {
821	$loginfailed = 1 if $pass ne unix_md5_crypt($inpass,$1);
822	} else {
823	$loginfailed = 1 if $pass ne $inpass;
824	}
825
826	# nnnngggg
827	return ($uid, $gid);
828	} # end checkUser
829
830
831	## DNSDB:: updateUser()
832	# Update general data about user
833	sub updateUser {
834	my $dbh = shift;
835	my $uid = shift;
836	my $username = shift;
837	my $group = shift;
838	my $pass = shift;
839	my $state = shift;
840	my $type = shift \|\| 'u';
841	my $fname = shift \|\| $username;
842	my $lname = shift \|\| '';
843	my $phone = shift \|\| ''; # not going format-check
844
845	my $failmsg = '';
846
847	# Allow transactions, and raise an exception on errors so we can catch it later.
848	# Use local to make sure these get "reset" properly on exiting this block
849	local $dbh->{AutoCommit} = 0;
850	local $dbh->{RaiseError} = 1;
851
852	my $sth;
853
854	# Password can be left blank; if so we assume there's one on file.
855	# Actual blank passwords are bad, mm'kay?
856	if (!$pass) {
857	$sth = $dbh->prepare("SELECT password FROM users WHERE user_id=?");
858	$sth->execute($uid);
859	($pass) = $sth->fetchrow_array;
860	} else {
861	$pass = unix_md5_crypt($pass);
862	}
863
864	eval {
865	my $sth = $dbh->prepare(q(
866	UPDATE users
867	SET username=?, password=?, firstname=?, lastname=?, phone=?, type=?, status=?
868	WHERE user_id=?
869	)
870	);
871	$sth->execute($username, $pass, $fname, $lname, $phone, $type, $state, $uid);
872	$dbh->commit;
873	};
874	if ($@) {
875	my $msg = $@;
876	eval { $dbh->rollback; };
877	return ('FAIL',"$failmsg: $msg");
878	} else {
879	return ('OK','OK');
880	}
881	} # end updateUser()
882
883
884	## DNSDB::delUser()
885	#
886	sub delUser {
887	my $dbh = shift;
888	return ('FAIL',"Need database handle") if !$dbh;
889	my $userid = shift;
890	return ('FAIL',"Missing userid") if !defined($userid);
891
892	my $sth = $dbh->prepare("delete from users where user_id=?");
893	$sth->execute($userid);
894
895	return ('FAIL',"Couldn't remove user: ".$sth->errstr) if $sth->err;
896
897	return ('OK','OK');
898
899	} # end delUser
900
901
902	## DNSDB::userFullName()
903	# Return a pretty string!
904	# Takes a user_id and optional printf-ish string to indicate which pieces where:
905	# %u for the username
906	# %f for the first name
907	# %l for the last name
908	# All other text in the passed string will be left as-is.
909	##fixme: need a "smart" option too, so that missing/null/blank first/last names don't give funky output
910	sub userFullName {
911	$errstr = '';
912	my $dbh = shift;
913	my $userid = shift;
914	my $fullformat = shift \|\| '%f %l (%u)';
915	my $sth = $dbh->prepare("select username,firstname,lastname from users where user_id=?");
916	$sth->execute($userid);
917	my ($uname,$fname,$lname) = $sth->fetchrow_array();
918	$errstr = $DBI::errstr if !$uname;
919
920	$fullformat =~ s/\%u/$uname/g;
921	$fullformat =~ s/\%f/$fname/g;
922	$fullformat =~ s/\%l/$lname/g;
923
924	return $fullformat;
925	} # end userFullName
926
927
928	## DNSDB::userStatus()
929	# Sets and/or returns a user's status
930	# Takes a database handle, user ID and optionally a status argument
931	# Returns undef on errors.
932	sub userStatus {
933	my $dbh = shift;
934	my $id = shift;
935	my $newstatus = shift;
936
937	return undef if $id !~ /^\d+$/;
938
939	my $sth;
940
941	# ooo, fun! let's see what we were passed for status
942	if ($newstatus) {
943	$sth = $dbh->prepare("update users set status=? where user_id=?");
944	# ass-u-me caller knows what's going on in full
945	if ($newstatus =~ /^[01]$/) { # only two valid for now.
946	$sth->execute($newstatus,$id);
947	} elsif ($newstatus =~ /^usero(?:n\|ff)$/) {
948	$sth->execute(($newstatus eq 'useron' ? 1 : 0),$id);
949	}
950	}
951
952	$sth = $dbh->prepare("select status from users where user_id=?");
953	$sth->execute($id);
954	my ($status) = $sth->fetchrow_array;
955	return $status;
956	} # end userStatus()
957
958
959	## DNSDB::getUserData()
960	# Get misc user data for display
961	sub getUserData {
962	my $dbh = shift;
963	my $uid = shift;
964
965	my $sth = $dbh->prepare("SELECT group_id,username,firstname,lastname,phone,type,status,inherit_perm ".
966	"FROM users WHERE user_id=?");
967	$sth->execute($uid);
968	return $sth->fetchrow_hashref();
969
970	} # end getUserData()
971
972
973	## DNSDB::getSOA()
974	# Return all suitable fields from an SOA record in separate elements of a hash
975	# Takes a database handle, default/live flag, and group (default) or domain (live) ID
976	sub getSOA {
977	$errstr = '';
978	my $dbh = shift;
979	my $def = shift;
980	my $id = shift;
981	my %ret;
982
983	# (ab)use distance and weight columns to store SOA data
984
985	my $sql = "SELECT record_id,host,val,ttl,distance from";
986	if ($def eq 'def' or $def eq 'y') {
987	$sql .= " default_records WHERE group_id=? AND type=$reverse_typemap{SOA}";
988	} else {
989	# we're editing a live SOA record; find based on domain
990	$sql .= " records WHERE domain_id=? AND type=$reverse_typemap{SOA}";
991	}
992	my $sth = $dbh->prepare($sql);
993	$sth->execute($id);
994
995	my ($recid,$host,$val,$ttl,$serial) = $sth->fetchrow_array();
996	my ($prins,$contact) = split /:/, $host;
997	my ($refresh,$retry,$expire,$minttl) = split /:/, $val;
998
999	$ret{recid} = $recid;
1000	$ret{ttl} = $ttl;
1001	$ret{serial} = $serial;
1002	$ret{prins} = $prins;
1003	$ret{contact} = $contact;
1004	$ret{refresh} = $refresh;
1005	$ret{retry} = $retry;
1006	$ret{expire} = $expire;
1007	$ret{minttl} = $minttl;
1008
1009	return %ret;
1010	} # end getSOA()
1011
1012
1013	## DNSDB::getRecLine()
1014	# Return all data fields for a zone record in separate elements of a hash
1015	# Takes a database handle, default/live flag, and record ID
1016	sub getRecLine {
1017	$errstr = '';
1018	my $dbh = shift;
1019	my $def = shift;
1020	my $id = shift;
1021
1022	my $sql = "SELECT r.record_id,r.host,r.type,r.val,r.distance,r.weight,r.port,r.ttl,r.longrec_id,l.recdata".
1023	(($def eq 'def' or $def eq 'y') ? ',r.group_id FROM default_' : ',r.domain_id FROM ').
1024	"records r LEFT OUTER JOIN longrecs l ON r.longrec_id=l.longrec_id WHERE record_id=?";
1025	my $ret = $dbh->selectrow_hashref($sql, undef, ($id) ) or warn $dbh->errstr;
1026
1027	if ($dbh->err) {
1028	$errstr = $DBI::errstr;
1029	return undef;
1030	}
1031
1032	$ret->{val} = $ret->{recdata} if $ret->{longrec_id}; # put the long data in the real value space
1033	delete $ret->{longrec_id}; # remove these since they shouldn't be exposed - the caller
1034	delete $ret->{recdata}; # should not care about "long records" vs normal ones.
1035
1036	return $ret;
1037	}
1038
1039
1040	##fixme: should use above (getRecLine()) to get lines for below?
1041	## DNSDB::getDomRecs()
1042	# Return records for a domain
1043	# Takes a database handle, default/live flag, group/domain ID, start,
1044	# number of records, sort field, and sort order
1045	# Returns a reference to an array of hashes
1046	sub getDomRecs {
1047	$errstr = '';
1048	my $dbh = shift;
1049	my $type = shift;
1050	my $id = shift;
1051	my $nrecs = shift \|\| 'all';
1052	my $nstart = shift \|\| 0;
1053
1054	## for order, need to map input to column names
1055	my $order = shift \|\| 'host';
1056	my $direction = shift \|\| 'ASC';
1057
1058	$type = 'y' if $type eq 'def';
1059
1060	my $sql = "SELECT r.record_id,r.host,r.type,r.val,r.distance,r.weight,r.port,r.ttl,r.longrec_id,l.recdata FROM ";
1061	$sql .= "default_" if $type eq 'y';
1062	$sql .= "records r ";
1063	$sql .= "INNER JOIN rectypes t ON r.type=t.val "; # for sorting by type alphabetically
1064	$sql .= "LEFT OUTER JOIN longrecs l ON r.longrec_id=l.longrec_id ";
1065	if ($type eq 'y') {
1066	$sql .= "WHERE r.group_id=?";
1067	} else {
1068	$sql .= "WHERE r.domain_id=?";
1069	}
1070	$sql .= " AND NOT r.type=$reverse_typemap{SOA}";
1071	# use alphaorder column for "correct" ordering of sort-by-type instead of DNS RR type number
1072	$sql .= " ORDER BY ".($order eq 'type' ? 't.alphaorder' : "r.$order")." $direction";
1073	$sql .= " LIMIT $nrecs OFFSET ".($nstart*$nrecs) if $nstart ne 'all';
1074
1075	my $sth = $dbh->prepare($sql) or warn $dbh->errstr;
1076	$sth->execute($id) or warn "$sql: ".$sth->errstr;
1077
1078	my @retbase;
1079	while (my $ref = $sth->fetchrow_hashref()) {
1080	$ref->{val} = $ref->{recdata} if $ref->{longrec_id}; # put the long data in the real value space
1081	delete $ref->{longrec_id}; # remove these since they shouldn't be exposed - the caller
1082	delete $ref->{recdata}; # should not care about "long records" vs normal ones.
1083	push @retbase, $ref;
1084	}
1085
1086	my $ret = \@retbase;
1087	return $ret;
1088	} # end getDomRecs()
1089
1090
1091	## DNSDB::getRecCount()
1092	# Return count of non-SOA records in domain (or default records in a group)
1093	# Takes a database handle, default/live flag and group/domain ID
1094	# Returns the count
1095	sub getRecCount {
1096	my $dbh = shift;
1097	my $defrec = shift;
1098	my $id = shift;
1099
1100	my ($count) = $dbh->selectrow_array("SELECT count(*) FROM ".
1101	($defrec eq 'y' ? 'default_' : '')."records ".
1102	"WHERE ".($defrec eq 'y' ? 'group' : 'domain')."_id=? ".
1103	"AND NOT type=$reverse_typemap{SOA}", undef, ($id) );
1104
1105	return $count;
1106
1107	} # end getRecCount()
1108
1109
1110	## DNSDB::addRec()
1111	# Add a new record to a domain or a group's default records
1112	# Takes a database handle, default/live flag, group/domain ID,
1113	# host, type, value, and TTL
1114	# Some types require additional detail: "distance" for MX and SRV,
1115	# and weight/port for SRV
1116	# Returns a status code and detail message in case of error
1117	sub addRec {
1118	$errstr = '';
1119	my $dbh = shift;
1120	my $defrec = shift;
1121	my $id = shift;
1122
1123	my $host = shift;
1124	my $rectype = shift;
1125	my $val = shift;
1126	my $ttl = shift;
1127
1128	my $fields = ($defrec eq 'y' ? 'group_id' : 'domain_id').",host,type,val,ttl";
1129	my $vallen = "?,?,?,?,?";
1130	my @vallist = ($id,$host,$rectype,$val,$ttl);
1131
1132	my $dist;
1133	if ($rectype == $reverse_typemap{MX} or $rectype == $reverse_typemap{SRV}) {
1134	$dist = shift;
1135	return ('FAIL',"Need distance for $typemap{$rectype} record") if !defined($dist);
1136	$fields .= ",distance";
1137	$vallen .= ",?";
1138	push @vallist, $dist;
1139	}
1140	my $weight;
1141	my $port;
1142	if ($rectype == $reverse_typemap{SRV}) {
1143	# check for _service._protocol. NB: RFC2782 does not say "MUST"... nor "SHOULD"...
1144	# it just says (paraphrased) "... is prepended with _ to prevent DNS collisions"
1145	return ('FAIL',"SRV records must begin with _service._protocol")
1146	if $host !~ /^_[A-Za-z]+\._[A-Za-z]+\.[a-z0-9-]+/;
1147	$weight = shift;
1148	$port = shift;
1149	return ('FAIL',"Need weight and port for SRV record") if !defined($weight) or !defined($port);
1150	$fields .= ",weight,port";
1151	$vallen .= ",?,?";
1152	push @vallist, ($weight,$port);
1153	}
1154
1155	# Allow transactions, and raise an exception on errors so we can catch it later.
1156	# Use local to make sure these get "reset" properly on exiting this block
1157	local $dbh->{AutoCommit} = 0;
1158	local $dbh->{RaiseError} = 1;
1159
1160	eval {
1161	if (length($val) > 100 ) {
1162	# extralong records get an entry in a separate table.
1163	$dbh->do("INSERT INTO longrecs (recdata) VALUES (?)", undef, ($val) );
1164	my ($longid) = $dbh->selectrow_array("SELECT longrec_id FROM longrecs WHERE recdata=?", undef, ($val) );
1165	$fields .= ",longrec_id";
1166	$vallen .= ",?";
1167	push @vallist, $longid;
1168	$vallist[3] = ''; # so we don't barf when we insert the main record
1169	}
1170	$dbh->do("INSERT INTO ".($defrec eq 'y' ? 'default_' : '')."records ($fields) VALUES ($vallen)",
1171	undef, @vallist);
1172	$dbh->commit;
1173	};
1174	if ($@) {
1175	my $msg = $@;
1176	eval { $dbh->rollback; };
1177	return ('FAIL',$msg);
1178	}
1179
1180	return ('OK','OK');
1181
1182	} # end addRec()
1183
1184
1185	## DNSDB::updateRec()
1186	# Update a record
1187	sub updateRec {
1188	$errstr = '';
1189
1190	my $dbh = shift;
1191	my $defrec = shift;
1192	my $id = shift;
1193
1194	# all records have these
1195	my $host = shift;
1196	my $type = shift;
1197	my $val = shift;
1198	my $ttl = shift;
1199
1200	return('FAIL',"Missing standard argument(s)") if !defined($ttl);
1201
1202	# only MX and SRV will use these
1203	my $dist = 0;
1204	my $weight = 0;
1205	my $port = 0;
1206
1207	if ($type == $reverse_typemap{MX} \|\| $type == $reverse_typemap{SRV}) {
1208	$dist = shift;
1209	return ('FAIL',"MX or SRV requires distance") if !defined($dist);
1210	if ($type == $reverse_typemap{SRV}) {
1211	$weight = shift;
1212	return ('FAIL',"SRV requires weight") if !defined($weight);
1213	$port = shift;
1214	return ('FAIL',"SRV requires port") if !defined($port);
1215	}
1216	}
1217
1218	# my $sql = "SELECT r.record_id,r.host,r.type,r.val,r.distance,r.weight,r.port,r.ttl,r.longrec_id,l.recdata FROM ";
1219	# $sql .= "default_" if $type eq 'y';
1220	# $sql .= "records r ";
1221	# $sql .= "LEFT OUTER JOIN longrecs l ON r.longrec_id=l.longrec_id ";
1222
1223	# get the long record ID, if any
1224	my ($longid) = $dbh->selectrow_array("SELECT longrec_id FROM ".($defrec eq 'y' ? 'default_' : '')."records ".
1225	"WHERE record_id=?", undef, ($id) );
1226
1227	local $dbh->{AutoCommit} = 0;
1228	local $dbh->{RaiseError} = 1;
1229
1230	eval {
1231	# there's really no tidy way to squash this down. :/
1232	if (length($val) > 100) {
1233	if ($longid) {
1234	$dbh->do("UPDATE longrecs SET recdata=? WHERE longrec_id=?", undef, ($val, $longid) );
1235	} else {
1236	##fixme: has to be a better way to be sure we get the right recid back once inserted...
1237	$dbh->do("INSERT INTO longrecs (recdata) VALUES (?)", undef, ($val) );
1238	my ($newlongid) = $dbh->selectrow_array("SELECT currval('longrecs_longrec_id_seq')");
1239	$dbh->do("UPDATE ".($defrec eq 'y' ? 'default_' : '')."records SET val=?,longrec_id=? ".
1240	"WHERE record_id=?", undef, ('', $newlongid, $id) );
1241	}
1242	} else {
1243	if ($longid) {
1244	$dbh->do("DELETE FROM longrecs WHERE longrec_id=?", undef, ($longid) );
1245	$dbh->do("UPDATE ".($defrec eq 'y' ? 'default_' : '')."records SET val=?,longrec_id=NULL ".
1246	"WHERE record_id=?", undef, ($val, $id) );
1247	} else {
1248	$dbh->do("UPDATE ".($defrec eq 'y' ? 'default_' : '')."records SET val=? ".
1249	"WHERE record_id=?", undef, ($val, $id) );
1250	}
1251	}
1252
1253	$dbh->do("UPDATE ".($defrec eq 'y' ? 'default_' : '')."records ".
1254	"SET host=?,type=?,ttl=?,distance=?,weight=?,port=? ".
1255	"WHERE record_id=?", undef, ($host, $type, $ttl, $dist, $weight, $port, $id) );
1256
1257	};
1258	if ($@) {
1259	my $msg = $@;
1260	$dbh->rollback;
1261	return ('FAIL', $msg);
1262	}
1263	# return ('FAIL',$sth->errstr."<br>\n$errstr<br>\n") if $sth->err;
1264
1265	return ('OK','OK');
1266	} # end updateRec()
1267
1268
1269	## DNSDB::delRec()
1270	# Delete a record.
1271	sub delRec {
1272	$errstr = '';
1273	my $dbh = shift;
1274	my $defrec = shift;
1275	my $id = shift;
1276
1277	my $sth = $dbh->prepare("DELETE FROM ".($defrec eq 'y' ? 'default_' : '')."records WHERE record_id=?");
1278	$sth->execute($id);
1279
1280	return ('FAIL',"Couldn't remove record: ".$sth->errstr) if $sth->err;
1281
1282	return ('OK','OK');
1283	} # end delRec()
1284
1285
1286	## DNSDB::domStatus()
1287	# Sets and/or returns a domain's status
1288	# Takes a database handle, domain ID and optionally a status argument
1289	# Returns undef on errors.
1290	sub domStatus {
1291	my $dbh = shift;
1292	my $id = shift;
1293	my $newstatus = shift;
1294
1295	return undef if $id !~ /^\d+$/;
1296
1297	my $sth;
1298
1299	# ooo, fun! let's see what we were passed for status
1300	if ($newstatus) {
1301	$sth = $dbh->prepare("update domains set status=? where domain_id=?");
1302	# ass-u-me caller knows what's going on in full
1303	if ($newstatus =~ /^[01]$/) { # only two valid for now.
1304	$sth->execute($newstatus,$id);
1305	} elsif ($newstatus =~ /^domo(?:n\|ff)$/) {
1306	$sth->execute(($newstatus eq 'domon' ? 1 : 0),$id);
1307	}
1308	}
1309
1310	$sth = $dbh->prepare("select status from domains where domain_id=?");
1311	$sth->execute($id);
1312	my ($status) = $sth->fetchrow_array;
1313	return $status;
1314	} # end domStatus()
1315
1316
1317	## DNSDB::importAXFR
1318	# Import a domain via AXFR
1319	# Takes AXFR host, domain to transfer, group to put the domain in,
1320	# and optionally:
1321	# - active/inactive state flag (defaults to active)
1322	# - overwrite-SOA flag (defaults to off)
1323	# - overwrite-NS flag (defaults to off, doesn't affect subdomain NS records)
1324	# Returns a status code (OK, WARN, or FAIL) and message - message should be blank
1325	# if status is OK, but WARN includes conditions that are not fatal but should
1326	# really be reported.
1327	sub importAXFR {
1328	my $dbh = shift;
1329	my $ifrom_in = shift;
1330	my $domain = shift;
1331	my $group = shift;
1332	my $status = shift \|\| 1;
1333	my $rwsoa = shift \|\| 0;
1334	my $rwns = shift \|\| 0;
1335
1336	##fixme: add mode to delete&replace, merge+overwrite, merge new?
1337
1338	my $nrecs = 0;
1339	my $soaflag = 0;
1340	my $nsflag = 0;
1341	my $warnmsg = '';
1342	my $ifrom;
1343
1344	# choke on possible bad setting in ifrom
1345	# IPv4 and v6, and valid hostnames!
1346	($ifrom) = ($ifrom_in =~ /^([0-9a-f\:.]+\|[0-9a-z_.-]+)$/i);
1347	return ('FAIL', "Bad AXFR source host $ifrom")
1348	unless ($ifrom) = ($ifrom_in =~ /^([0-9a-f\:.]+\|[0-9a-z_.-]+)$/i);
1349
1350	# Allow transactions, and raise an exception on errors so we can catch it later.
1351	# Use local to make sure these get "reset" properly on exiting this block
1352	local $dbh->{AutoCommit} = 0;
1353	local $dbh->{RaiseError} = 1;
1354
1355	my $sth = $dbh->prepare("SELECT domain_id FROM domains WHERE domain=?");
1356	my $dom_id;
1357
1358	# quick check to start to see if we've already got one
1359	$sth->execute($domain);
1360	($dom_id) = $sth->fetchrow_array;
1361
1362	return ('FAIL', "Domain already exists") if $dom_id;
1363
1364	eval {
1365	# can't do this, can't nest transactions. sigh.
1366	#my ($dcode, $dmsg) = addDomain(dbh, domain, group, status);
1367
1368	##fixme: serial
1369	my $sth = $dbh->prepare("INSERT INTO domains (domain,group_id,status) VALUES (?,?,?)");
1370	$sth->execute($domain,$group,$status);
1371
1372	## bizarre DBI<->Net::DNS interaction bug:
1373	## sometimes a zone will cause an immediate commit-and-exit (sort of) of the while()
1374	## fixed, apparently I was doing something odd, but not certain what it was that
1375	## caused a commit instead of barfing
1376
1377	# get domain id so we can do the records
1378	$sth = $dbh->prepare("SELECT domain_id FROM domains WHERE domain=?");
1379	$sth->execute($domain);
1380	($dom_id) = $sth->fetchrow_array();
1381
1382	my $res = Net::DNS::Resolver->new;
1383	$res->nameservers($ifrom);
1384	$res->axfr_start($domain)
1385	or die "Couldn't begin AXFR\n";
1386
1387	while (my $rr = $res->axfr_next()) {
1388	my $type = $rr->type;
1389
1390	my $sql = "INSERT INTO records (domain_id,host,type,ttl,val";
1391	my $vallen = "?,?,?,?,?";
1392
1393	$soaflag = 1 if $type eq 'SOA';
1394	$nsflag = 1 if $type eq 'NS';
1395
1396	my @vallist = ($dom_id, $rr->name, $reverse_typemap{$type}, $rr->ttl);
1397
1398	# "Primary" types:
1399	# A, NS, CNAME, SOA, PTR(warn in forward), MX, TXT, AAAA, SRV, A6(ob), SPF
1400	# maybe KEY
1401
1402	# nasty big ugly case-like thing here, since we have to do some different
1403	# processing depending on the record. le sigh.
1404
1405	if ($type eq 'A') {
1406	push @vallist, $rr->address;
1407	} elsif ($type eq 'NS') {
1408	# hmm. should we warn here if subdomain NS'es are left alone?
1409	next if ($rwns && ($rr->name eq $domain));
1410	push @vallist, $rr->nsdname;
1411	$nsflag = 1;
1412	} elsif ($type eq 'CNAME') {
1413	push @vallist, $rr->cname;
1414	} elsif ($type eq 'SOA') {
1415	next if $rwsoa;
1416	$vallist[1] = $rr->mname.":".$rr->rname;
1417	push @vallist, ($rr->refresh.":".$rr->retry.":".$rr->expire.":".$rr->minimum);
1418	$soaflag = 1;
1419	} elsif ($type eq 'PTR') {
1420	# hmm. PTR records should not be in forward zones.
1421	} elsif ($type eq 'MX') {
1422	$sql .= ",distance";
1423	$vallen .= ",?";
1424	push @vallist, $rr->exchange;
1425	push @vallist, $rr->preference;
1426	} elsif ($type eq 'TXT') {
1427	##fixme: Net::DNS docs say this should be deprecated for rdatastr() or char_str_list(),
1428	## but don't really seem enthusiastic about it.
1429	push @vallist, $rr->txtdata;
1430	} elsif ($type eq 'SPF') {
1431	##fixme: and the same caveat here, since it is apparently a clone of ::TXT
1432	push @vallist, $rr->txtdata;
1433	} elsif ($type eq 'AAAA') {
1434	push @vallist, $rr->address;
1435	} elsif ($type eq 'SRV') {
1436	$sql .= ",distance,weight,port" if $type eq 'SRV';
1437	$vallen .= ",?,?,?" if $type eq 'SRV';
1438	push @vallist, $rr->target;
1439	push @vallist, $rr->priority;
1440	push @vallist, $rr->weight;
1441	push @vallist, $rr->port;
1442	} elsif ($type eq 'KEY') {
1443	# we don't actually know what to do with these...
1444	push @vallist, ($rr->flags.":".$rr->protocol.":".$rr->algorithm.":".$rr->key.":".$rr->keytag.":".$rr->privatekeyname);
1445	} else {
1446	push @vallist, $rr->rdatastr;
1447	# Finding a different record type is not fatal.... just problematic.
1448	# We may not be able to export it correctly.
1449	$warnmsg .= "Unusual record ".$rr->name." ($type) found\n";
1450	}
1451
1452	# BIND supports:
1453	# A CNAME HINFO MB(ex) MD(ob) MF(ob) MG(ex) MINFO(ex) MR(ex) MX NS NULL
1454	# PTR SOA TXT WKS AFSDB(ex) ISDN(ex) RP(ex) RT(ex) X25(ex) PX
1455	# ... if one can ever find the right magic to format them correctly
1456
1457	# Net::DNS supports:
1458	# RRSIG SIG NSAP NS NIMLOC NAPTR MX MR MINFO MG MB LOC ISDN IPSECKEY HINFO
1459	# EID DNAME CNAME CERT APL AFSDB AAAA A DS NXT NSEC3PARAM NSEC3 NSEC KEY
1460	# DNSKEY DLV X25 TXT TSIG TKEY SSHFP SRV SPF SOA RT RP PX PTR NULL APL::AplItem
1461
1462	$sth = $dbh->prepare($sql.") VALUES (".$vallen.")") or die "problem preparing record insert SQL\n";
1463	$sth->execute(@vallist) or die "failed to insert ".$rr->string.": ".$sth->errstr."\n";
1464
1465	$nrecs++;
1466
1467	} # while axfr_next
1468
1469	# Overwrite SOA record
1470	if ($rwsoa) {
1471	$soaflag = 1;
1472	my $sthgetsoa = $dbh->prepare("SELECT host,val,ttl FROM default_records WHERE group_id=? AND type=?");
1473	my $sthputsoa = $dbh->prepare("INSERT INTO records (domain_id,host,type,val,ttl) VALUES (?,?,?,?,?)");
1474	$sthgetsoa->execute($group,$reverse_typemap{SOA});
1475	while (my ($host,$val,$ttl) = $sthgetsoa->fetchrow_array()) {
1476	$host =~ s/DOMAIN/$domain/g;
1477	$val =~ s/DOMAIN/$domain/g;
1478	$sthputsoa->execute($dom_id,$host,$reverse_typemap{SOA},$val,$ttl);
1479	}
1480	}
1481
1482	# Overwrite NS records
1483	if ($rwns) {
1484	$nsflag = 1;
1485	my $sthgetns = $dbh->prepare("SELECT host,val,ttl FROM default_records WHERE group_id=? AND type=?");
1486	my $sthputns = $dbh->prepare("INSERT INTO records (domain_id,host,type,val,ttl) VALUES (?,?,?,?,?)");
1487	$sthgetns->execute($group,$reverse_typemap{NS});
1488	while (my ($host,$val,$ttl) = $sthgetns->fetchrow_array()) {
1489	$host =~ s/DOMAIN/$domain/g;
1490	$val =~ s/DOMAIN/$domain/g;
1491	$sthputns->execute($dom_id,$host,$reverse_typemap{NS},$val,$ttl);
1492	}
1493	}
1494
1495	die "No records found; either $ifrom is not authoritative or doesn't allow transfers\n" if !$nrecs;
1496	die "Bad zone: No SOA record!\n" if !$soaflag;
1497	die "Bad zone: No NS records!\n" if !$nsflag;
1498
1499	$dbh->commit;
1500
1501	};
1502
1503	if ($@) {
1504	my $msg = $@;
1505	eval { $dbh->rollback; };
1506	return ('FAIL',$msg." $warnmsg");
1507	} else {
1508	return ('WARN', $warnmsg) if $warnmsg;
1509	return ('OK',"Imported OK");
1510	}
1511
1512	# it should be impossible to get here.
1513	return ('WARN',"OOOK!");
1514	} # end importAXFR()
1515
1516
1517	## DNSDB::export()
1518	# Export the DNS database, or a part of it
1519	# Takes database handle, export type, optional arguments depending on type
1520	# Writes zone data to targets as appropriate for type
1521	sub export {
1522	my $dbh = shift;
1523	my $target = shift;
1524
1525	if ($target eq 'tiny') {
1526	__export_tiny($dbh,@_);
1527	}
1528	# elsif ($target eq 'foo') {
1529	# __export_foo($dbh,@_);
1530	#}
1531	# etc
1532
1533	} # end export()
1534
1535
1536	## DNSDB::__export_tiny
1537	# Internal sub to implement tinyDNS (compatible) export
1538	# Takes database handle, filehandle to write export to, optional argument(s)
1539	# to determine which data gets exported
1540	sub __export_tiny {
1541	my $dbh = shift;
1542	my $datafile = shift;
1543
1544	##fixme: slurp up further options to specify particular zone(s) to export
1545
1546	## Convert a bare number into an octal-coded pair of octets.
1547	# Take optional arg to indicate a decimal or hex input. Defaults to hex.
1548	sub octalize {
1549	my $tmp = shift;
1550	my $srctype = shift \|\| 'h'; # default assumes hex string
1551	$tmp = sprintf "%0.4x", hex($tmp) if $srctype eq 'h'; # 0-pad hex to 4 digits
1552	$tmp = sprintf "%0.4x", $tmp if $srctype eq 'd'; # 0-pad decimal to 4 hex digits
1553	my @o = ($tmp =~ /^(..)(..)$/); # split into octets
1554	return sprintf "\\%0.3o\\%0.3o", hex($o[0]), hex($o[1]);;
1555	}
1556
1557	##fixme: fail if $datafile isn't an open, writable file
1558
1559	# easy case - export all evarything
1560	# not-so-easy case - export item(s) specified
1561	# todo: figure out what kind of list we use to export items
1562
1563	my $domsth = $dbh->prepare("SELECT domain_id,domain,status FROM domains WHERE status=1");
1564	my $recsth = $dbh->prepare("SELECT r.host,r.type,r.val,r.distance,r.weight,r.port,r.ttl,l.recdata ".
1565	"FROM records r LEFT OUTER JOIN longrecs l ON r.longrec_id=l.longrec_id WHERE domain_id=?");
1566	$domsth->execute();
1567	while (my ($domid,$dom,$domstat) = $domsth->fetchrow_array) {
1568	$recsth->execute($domid);
1569	while (my ($host,$type,$val,$dist,$weight,$port,$ttl,$lval) = $recsth->fetchrow_array) {
1570	$val = $lval if $lval;
1571
1572	# raw packet in unknown format: first byte indicates length
1573	# of remaining data, allows up to 255 raw bytes
1574
1575	##fixme? append . to all host/val hostnames
1576	if ($typemap{$type} eq 'SOA') {
1577
1578	# host contains pri-ns:responsible
1579	# val is abused to contain refresh:retry:expire:minttl
1580	##fixme: "manual" serial vs tinydns-autoserial
1581	print $datafile "Z$host"."::$val:$ttl\n";
1582
1583	} elsif ($typemap{$type} eq 'A') {
1584
1585	print $datafile "+$host:$val:$ttl\n";
1586
1587	} elsif ($typemap{$type} eq 'NS') {
1588
1589	print $datafile "\&$host"."::$val:$ttl\n";
1590
1591	} elsif ($typemap{$type} eq 'AAAA') {
1592
1593	print $datafile ":$host:28:";
1594	my $altgrp = 0;
1595	my @altconv;
1596	# Split in to up to 8 groups of hex digits (allows for :: 0-collapsing)
1597	foreach (split /:/, $val) {
1598	if (/^$/) {
1599	# flag blank entry; this is a series of 0's of (currently) unknown length
1600	$altconv[$altgrp++] = 's';
1601	} else {
1602	# call sub to convert 1-4 hex digits to 2 string-rep octal bytes
1603	$altconv[$altgrp++] = octalize($_)
1604	}
1605	}
1606	foreach my $octet (@altconv) {
1607	# if not 's', output
1608	print $datafile $octet unless $octet =~ /^s$/;
1609	# if 's', output (9-array length)x literal '\000\000'
1610	print $datafile '\000\000'x(9-$altgrp) if $octet =~ /^s$/;
1611	}
1612	print $datafile ":$ttl\n";
1613
1614	} elsif ($typemap{$type} eq 'MX') {
1615
1616	print $datafile "\@$host"."::$val:$dist:$ttl\n";
1617
1618	} elsif ($typemap{$type} eq 'TXT') {
1619
1620	##fixme: split v-e-r-y long TXT strings? will need to do so for BIND export, at least
1621	$val =~ s/:/\\072/g; # may need to replace other symbols
1622	print $datafile "'$host:$val:$ttl\n";
1623
1624	# by-hand TXT
1625	#:deepnet.cx:16:2v\075spf1\040a\040a\072bacon.deepnet.cx\040a\072home.deepnet.cx\040-all:3600
1626	#@ IN TXT "v=spf1 a a:bacon.deepnet.cx a:home.deepnet.cx -all"
1627	#'deepnet.cx:v=spf1 a a\072bacon.deepnet.cx a\072home.deepnet.cx -all:3600
1628
1629	#txttest IN TXT "v=foo bar:bob kn;ob' \" !@#$%^&*()-=_+[]{}<>?"
1630	#:txttest.deepnet.cx:16:\054v\075foo\040bar\072bob\040kn\073ob\047\040\042\040\041\100\043\044\045\136\046\052\050\051-\075\137\053\133\135\173\175\074\076\077:3600
1631
1632	# very long TXT record as brought in by axfr-get
1633	# note tinydns does not support >512-byte RR data, need axfr-dns (for TCP support) for that
1634	# also note, tinydns does not seem to support <512, >256-byte RRdata from axfr-get either. :/
1635	#:longtxt.deepnet.cx:16:
1636	#\170this is a very long txt record. it is really long. long. very long. really very long. this is a very long txt record.
1637	#\263 it is really long. long. very long. really very long. this is a very long txt record. it is really long. long. very long. really very long. this is a very long txt record.
1638	#\351 it is really long. long. very long. really very long.this is a very long txt record. it is really long. long. very long. really very long. this is a very long txt record. it is really long. long. very long. really very long.
1639	#:3600
1640
1641	} elsif ($typemap{$type} eq 'CNAME') {
1642
1643	print $datafile "C$host:$val:$ttl\n";
1644
1645	} elsif ($typemap{$type} eq 'SRV') {
1646
1647	# data is two-byte values for priority, weight, port, in that order,
1648	# followed by length/string data
1649
1650	print $datafile ":$host:33:".octalize($dist,'d').octalize($weight,'d').octalize($port,'d');
1651
1652	$val .= '.' if $val !~ /\.$/;
1653	foreach (split /\./, $val) {
1654	printf $datafile "\\%0.3o%s", length($_), $_;
1655	}
1656	print $datafile "\\000:$ttl\n";
1657
1658	} elsif ($typemap{$type} eq 'RP') {
1659
1660	# RP consists of two mostly free-form strings.
1661	# The first is supposed to be an email address with @ replaced by . (as with the SOA contact)
1662	# The second is the "hostname" of a TXT record with more info.
1663	print $datafile ":$host:17:";
1664	my ($who,$what) = split /\s/, $val;
1665	foreach (split /\./, $who) {
1666	printf $datafile "\\%0.3o%s", length($_), $_;
1667	}
1668	print $datafile '\000';
1669	foreach (split /\./, $what) {
1670	printf $datafile "\\%0.3o%s", length($_), $_;
1671	}
1672	print $datafile "\\000:$ttl\n";
1673
1674	} elsif ($typemap{$type} eq 'PTR') {
1675
1676	# must handle both IPv4 and IPv6
1677	##work
1678
1679	} # record type if-else
1680
1681	} # while ($recsth)
1682	} # while ($domsth)
1683	} # end __export_tiny()
1684
1685
1686	# shut Perl up
1687	1;

Note: See TracBrowser for help on using the repository browser.

Download in other formats: