source: trunk/dns-rpc.cgi@ 683

Last change on this file since 683 was 683, checked in by Kris Deugau, 10 years ago

/trunk

Fix semantic snafu in RPC handler's delByCIDR(); subsets of the passed
CIDR were being deleted when they shouldn't have been. Also separate
some code segments for reading clarity.

  • Property svn:executable set to *
  • Property svn:keywords set to Date Rev Author Id
File size: 33.0 KB
RevLine 
[216]1#!/usr/bin/perl -w -T
[262]2# XMLRPC interface to manipulate most DNS DB entities
3##
[200]4# $Id: dns-rpc.cgi 683 2015-06-17 19:12:58Z kdeugau $
[496]5# Copyright 2012,2013 Kris Deugau <kdeugau@deepnet.cx>
[262]6#
7# This program is free software: you can redistribute it and/or modify
8# it under the terms of the GNU General Public License as published by
9# the Free Software Foundation, either version 3 of the License, or
10# (at your option) any later version.
11#
12# This program is distributed in the hope that it will be useful,
13# but WITHOUT ANY WARRANTY; without even the implied warranty of
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15# GNU General Public License for more details.
16#
17# You should have received a copy of the GNU General Public License
18# along with this program. If not, see <http://www.gnu.org/licenses/>.
19##
[119]20
21use strict;
22use warnings;
[216]23
24# don't remove! required for GNU/FHS-ish install from tarball
25use lib '.'; ##uselib##
[490]26use DNSDB;
[216]27
[490]28use FCGI;
[119]29#use Frontier::RPC2;
30use Frontier::Responder;
31
32## We need to handle a couple of things globally, rather than pasting the same bit into *every* sub.
33## So, let's subclass Frontier::RPC2 + Frontier::Responder, so we can override the single sub in each
34## that needs kicking
35#### hmm. put this in a separate file?
36#package DNSDB::RPC;
37#our @ISA = ("Frontier::RPC2", "Frontier::Responder");
38#package main;
39
[468]40my $dnsdb = DNSDB->new();
[191]41
[119]42my $methods = {
[515]43#sub getPermissions {
44#sub changePermissions {
45#sub comparePermissions {
46#sub changeGroup {
[119]47 'dnsdb.addDomain' => \&addDomain,
[401]48 'dnsdb.delZone' => \&delZone,
[515]49#sub domainName {
50#sub revName {
[500]51 'dnsdb.domainID' => \&domainID,
[515]52#sub revID {
[405]53 'dnsdb.addRDNS' => \&addRDNS,
[515]54#sub getZoneCount {
55#sub getZoneList {
56#sub getZoneLocation {
[121]57 'dnsdb.addGroup' => \&addGroup,
58 'dnsdb.delGroup' => \&delGroup,
[515]59#sub getChildren {
60#sub groupName {
61#sub getGroupCount {
62#sub getGroupList {
63#sub groupID {
[121]64 'dnsdb.addUser' => \&addUser,
[515]65#sub getUserCount {
66#sub getUserList {
67#sub getUserDropdown {
[121]68 'dnsdb.updateUser' => \&updateUser,
69 'dnsdb.delUser' => \&delUser,
[515]70#sub userFullName {
71#sub userStatus {
72#sub getUserData {
73#sub addLoc {
74#sub updateLoc {
75#sub delLoc {
76#sub getLoc {
77#sub getLocCount {
78#sub getLocList {
[447]79 'dnsdb.getLocDropdown' => \&getLocDropdown,
[121]80 'dnsdb.getSOA' => \&getSOA,
[515]81#sub updateSOA {
[123]82 'dnsdb.getRecLine' => \&getRecLine,
[495]83 'dnsdb.getRecList' => \&getRecList,
[123]84 'dnsdb.getRecCount' => \&getRecCount,
[659]85 'dnsdb.addRec' => \&rpc_addRec,
[675]86 'dnsdb.updateRec' => \&rpc_updateRec,
[515]87#sub downconvert {
[453]88 'dnsdb.addOrUpdateRevRec' => \&addOrUpdateRevRec,
[676]89 'dnsdb.updateRevSet' => \&updateRevSet,
[680]90 'dnsdb.splitTemplate' => \&splitTemplate,
[681]91 'dnsdb.resizeTemplate' => \&resizeTemplate,
[682]92 'dnsdb.templatesToRecords' => \&templatesToRecords,
[123]93 'dnsdb.delRec' => \&delRec,
[459]94 'dnsdb.delByCIDR' => \&delByCIDR,
[452]95#sub getLogCount {}
96#sub getLogEntries {}
97 'dnsdb.getRevPattern' => \&getRevPattern,
[673]98 'dnsdb.getRevSet' => \&getRevSet,
[506]99 'dnsdb.getTypelist' => \&getTypelist,
[504]100 'dnsdb.getTypemap' => \&getTypemap,
101 'dnsdb.getReverse_typemap' => \&getReverse_typemap,
[515]102#sub parentID {
103#sub isParent {
[405]104 'dnsdb.zoneStatus' => \&zoneStatus,
[452]105 'dnsdb.getZonesByCIDR' => \&getZonesByCIDR,
[515]106#sub importAXFR {
107#sub importBIND {
108#sub import_tinydns {
109#sub export {
110#sub mailNotify {
[121]111
[119]112 'dnsdb.getMethods' => \&get_method_list
113};
114
[490]115my $reqcnt = 0;
116
117while (FCGI::accept >= 0) {
118 my $res = Frontier::Responder->new(
[119]119 methods => $methods
120 );
121
[490]122 # "Can't do that" errors
123 if (!$dnsdb) {
124 print "Content-type: text/xml\n\n".$res->{_decode}->encode_fault(5, $dnsdb->err);
125 } else {
126 print $res->answer;
127 }
128 last if $reqcnt++ > $dnsdb->{maxfcgi};
129} # while FCGI::accept
[119]130
131
132exit;
133
134##
135## Subs below here
136##
137
[490]138# Check RPC ACL
[401]139sub _aclcheck {
140 my $subsys = shift;
[486]141 return 1 if grep /$ENV{REMOTE_ADDR}/, @{$dnsdb->{rpcacl}{$subsys}};
[505]142 warn "$subsys/$ENV{REMOTE_ADDR} not in ACL\n"; # a bit of logging
[401]143 return 0;
144}
145
[405]146# Let's see if we can factor these out of the RPC method subs
147sub _commoncheck {
148 my $argref = shift;
149 my $needslog = shift;
150
151 die "Missing remote system name\n" if !$argref->{rpcsystem};
152 die "Access denied\n" if !_aclcheck($argref->{rpcsystem});
153 if ($needslog) {
154 die "Missing remote username\n" if !$argref->{rpcuser};
155 die "Couldn't set userdata for logging\n"
[486]156 unless $dnsdb->initRPC(username => $argref->{rpcuser}, rpcsys => $argref->{rpcsystem},
157 fullname => ($argref->{fullname} ? $argref->{fullname} : $argref->{rpcuser}) );
[405]158 }
159}
160
[511]161# check for defrec and revrec; only call on subs that deal with records
162sub _reccheck {
163 my $argref = shift;
164 die "Missing defrec and/or revrec flags\n" if !($argref->{defrec} || $argref->{revrec});
165}
166
[453]167# set location to the zone's default location if none is specified
168sub _loccheck {
169 my $argref = shift;
170 if (!$argref->{location} && $argref->{defrec} eq 'n') {
[477]171 $argref->{location} = $dnsdb->getZoneLocation($argref->{revrec}, $argref->{parent_id});
[453]172 }
173}
174
175# set ttl to zone defailt minttl if none is specified
176sub _ttlcheck {
177 my $argref = shift;
178 if (!$argref->{ttl}) {
[486]179 my $tmp = $dnsdb->getSOA($argref->{defrec}, $argref->{revrec}, $argref->{parent_id});
[453]180 $argref->{ttl} = $tmp->{minttl};
181 }
182}
183
[119]184#sub connectDB {
185#sub finish {
186#sub initGlobals {
187#sub initPermissions {
188#sub getPermissions {
189#sub changePermissions {
190#sub comparePermissions {
191#sub changeGroup {
192#sub _log {
193
194sub addDomain {
195 my %args = @_;
196
[405]197 _commoncheck(\%args, 'y');
[119]198
[516]199 my ($code, $msg) = $dnsdb->addDomain($args{domain}, $args{group}, $args{state}, $args{location});
[511]200 die "$msg\n" if $code eq 'FAIL';
[119]201 return $msg; # domain ID
202}
203
[401]204sub delZone {
[119]205 my %args = @_;
206
[405]207 _commoncheck(\%args, 'y');
208 die "Need forward/reverse zone flag\n" if !$args{revrec};
[119]209
[121]210 my ($code,$msg);
[405]211 # Let's be nice; delete based on zone id OR zone name. Saves an RPC call round-trip, maybe.
212 if ($args{zone} =~ /^\d+$/) {
[477]213 ($code,$msg) = $dnsdb->delZone($args{zone}, $args{revrec});
[119]214 } else {
[405]215 my $zoneid;
[477]216 $zoneid = $dnsdb->domainID($args{zone}) if $args{revrec} eq 'n';
217 $zoneid = $dnsdb->revID($args{zone}) if $args{revrec} eq 'y';
[671]218 die "Can't find zone: ".$dnsdb->errstr."\n" if !$zoneid;
[477]219 ($code,$msg) = $dnsdb->delZone($zoneid, $args{revrec});
[119]220 }
[511]221 die "$msg\n" if $code eq 'FAIL';
[405]222 return $msg;
[119]223}
224
[405]225#sub domainName {}
226#sub revName {}
[500]227
228sub domainID {
229 my %args = @_;
230
231 _commoncheck(\%args, 'y');
232
233 my $domid = $dnsdb->domainID($args{domain});
[671]234 die $dnsdb->errstr."\n" if !$domid;
[500]235 return $domid;
236}
237
[405]238#sub revID {}
[119]239
[405]240sub addRDNS {
241 my %args = @_;
242
243 _commoncheck(\%args, 'y');
244
[477]245 my ($code, $msg) = $dnsdb->addRDNS($args{revzone}, $args{revpatt}, $args{group}, $args{state}, $args{defloc});
[447]246 die "$msg\n" if $code eq 'FAIL';
[405]247 return $msg; # domain ID
248}
249
250#sub getZoneCount {}
251#sub getZoneList {}
252#sub getZoneLocation {}
253
[119]254sub addGroup {
255 my %args = @_;
256
[405]257 _commoncheck(\%args, 'y');
[407]258 die "Missing new group name\n" if !$args{groupname};
259 die "Missing parent group ID\n" if !$args{parent_id};
[119]260
[407]261# not sure how to usefully represent permissions via RPC. :/
[121]262# not to mention, permissions are checked at the UI layer, not the DB layer.
[119]263 my $perms = {domain_edit => 1, domain_create => 1, domain_delete => 1,
264 record_edit => 1, record_create => 1, record_delete => 1
265 };
266## optional $inhert arg?
[476]267 my ($code,$msg) = $dnsdb->addGroup($args{groupname}, $args{parent_id}, $perms);
[511]268 die "$msg\n" if $code eq 'FAIL';
[119]269 return $msg;
270}
271
272sub delGroup {
273 my %args = @_;
274
[405]275 _commoncheck(\%args, 'y');
[407]276 die "Missing group ID or name to remove\n" if !$args{group};
[119]277
[121]278 my ($code,$msg);
[119]279 # Let's be nice; delete based on groupid OR group name. Saves an RPC call round-trip, maybe.
280 if ($args{group} =~ /^\d+$/) {
[476]281 ($code,$msg) = $dnsdb->delGroup($args{group});
[119]282 } else {
[486]283 my $grpid = $dnsdb->groupID($args{group});
[407]284 die "Can't find group\n" if !$grpid;
[476]285 ($code,$msg) = $dnsdb->delGroup($grpid);
[119]286 }
[511]287 die "$msg\n" if $code eq 'FAIL';
[407]288 return $msg;
[119]289}
290
[405]291#sub getChildren {}
292#sub groupName {}
293#sub getGroupCount {}
294#sub getGroupList {}
295#sub groupID {}
[119]296
297sub addUser {
298 my %args = @_;
299
[405]300 _commoncheck(\%args, 'y');
[119]301
[409]302# not sure how to usefully represent permissions via RPC. :/
[121]303# not to mention, permissions are checked at the UI layer, not the DB layer.
[119]304 # bend and twist; get those arguments in in the right order!
305 $args{type} = 'u' if !$args{type};
306 $args{permstring} = 'i' if !defined($args{permstring});
307 my @userargs = ($args{username}, $args{group}, $args{pass}, $args{state}, $args{type}, $args{permstring});
308 for my $argname ('fname','lname','phone') {
309 last if !$args{$argname};
310 push @userargs, $args{$argname};
311 }
[479]312 my ($code,$msg) = $dnsdb->addUser(@userargs);
[511]313 die "$msg\n" if $code eq 'FAIL';
[119]314 return $msg;
315}
316
[405]317#sub getUserCount {}
318#sub getUserList {}
319#sub getUserDropdown {}
320#sub checkUser {}
[119]321
322sub updateUser {
323 my %args = @_;
324
[405]325 _commoncheck(\%args, 'y');
[119]326
[401]327 die "Missing UID\n" if !$args{uid};
[121]328
[119]329 # bend and twist; get those arguments in in the right order!
[411]330 $args{type} = 'u' if !$args{type};
[119]331 my @userargs = ($args{uid}, $args{username}, $args{group}, $args{pass}, $args{state}, $args{type});
332 for my $argname ('fname','lname','phone') {
333 last if !$args{$argname};
334 push @userargs, $args{$argname};
335 }
336##fixme: also underlying in DNSDB::updateUser(): no way to just update this or that attribute;
337# have to pass them all in to be overwritten
[479]338 my ($code,$msg) = $dnsdb->updateUser(@userargs);
[511]339 die "$msg\n" if $code eq 'FAIL';
[412]340 return $msg;
[119]341}
342
343sub delUser {
344 my %args = @_;
345
[405]346 _commoncheck(\%args, 'y');
[119]347
[401]348 die "Missing UID\n" if !$args{uid};
[479]349 my ($code,$msg) = $dnsdb->delUser($args{uid});
[511]350 die "$msg\n" if $code eq 'FAIL';
[412]351 return $msg;
[119]352}
353
[405]354#sub userFullName {}
355#sub userStatus {}
356#sub getUserData {}
[119]357
[405]358#sub addLoc {}
359#sub updateLoc {}
360#sub delLoc {}
361#sub getLoc {}
362#sub getLocCount {}
363#sub getLocList {}
364
[447]365sub getLocDropdown {
366 my %args = @_;
367
368 _commoncheck(\%args);
369 $args{defloc} = '' if !$args{defloc};
370
[480]371 my $ret = $dnsdb->getLocDropdown($args{group}, $args{defloc});
[447]372 return $ret;
373}
374
[119]375sub getSOA {
376 my %args = @_;
377
[405]378 _commoncheck(\%args);
[121]379
[511]380 _reccheck(\%args);
381
[481]382 my $ret = $dnsdb->getSOA($args{defrec}, $args{revrec}, $args{id});
[413]383 if (!$ret) {
384 if ($args{defrec} eq 'y') {
[401]385 die "No default SOA record in group\n";
[121]386 } else {
[413]387 die "No SOA record in zone\n";
[121]388 }
389 }
[413]390 return $ret;
[119]391}
392
[405]393#sub updateSOA {}
394
[119]395sub getRecLine {
396 my %args = @_;
397
[405]398 _commoncheck(\%args);
[123]399
[511]400 _reccheck(\%args);
401
[481]402 my $ret = $dnsdb->getRecLine($args{defrec}, $args{revrec}, $args{id});
[123]403
[671]404 die $dnsdb->errstr."\n" if !$ret;
[123]405
406 return $ret;
[119]407}
408
[495]409sub getRecList {
[119]410 my %args = @_;
411
[405]412 _commoncheck(\%args);
[123]413
[500]414 # deal gracefully with alternate calling convention for args{id}
415 $args{id} = $args{ID} if !$args{id} && $args{ID};
416 # ... and fail if we don't have one
417 die "Missing zone ID\n" if !$args{id};
418
[405]419 # set some optional args
[500]420 $args{offset} = 0 if !$args{offset};
[123]421## for order, need to map input to column names
422 $args{order} = 'host' if !$args{order};
423 $args{direction} = 'ASC' if !$args{direction};
[500]424 $args{defrec} = 'n' if !$args{defrec};
425 $args{revrec} = 'n' if !$args{revrec};
[123]426
[500]427 # convert zone name to zone ID, if needed
428 if ($args{defrec} eq 'n') {
429 if ($args{revrec} eq 'n') {
430 $args{id} = $dnsdb->domainID($args{id}) if $args{id} !~ /^\d+$/;
431 } else {
432 $args{id} = $dnsdb->revID($args{id}) if $args{id} !~ /^\d+$/
433 }
434 }
435
[502]436 # fail if we *still* don't have a valid zone ID
[671]437 die $dnsdb->errstr."\n" if !$args{id};
[502]438
[500]439 # and finally retrieve the records.
[495]440 my $ret = $dnsdb->getRecList(defrec => $args{defrec}, revrec => $args{revrec}, id => $args{id},
[500]441 offset => $args{offset}, nrecs => $args{nrecs}, sortby => $args{sortby},
442 sortorder => $args{sortorder}, filter => $args{filter});
[671]443 die $dnsdb->errstr."\n" if !$ret;
[123]444
445 return $ret;
[119]446}
447
[123]448sub getRecCount {
449 my %args = @_;
[119]450
[405]451 _commoncheck(\%args);
[123]452
[511]453 _reccheck(\%args);
454
[405]455 # set some optional args
456 $args{nrecs} = 'all' if !$args{nrecs};
457 $args{nstart} = 0 if !$args{nstart};
458## for order, need to map input to column names
459 $args{order} = 'host' if !$args{order};
460 $args{direction} = 'ASC' if !$args{direction};
461
[666]462 my $ret = $dnsdb->getRecCount(defrec => $args{defrec}, revrec => $args{revrec},
463 id => $args{id}, filter => $args{filter});
[405]464
[671]465 die $dnsdb->errstr."\n" if !$ret;
[405]466
467 return $ret;
[123]468}
469
[659]470sub rpc_addRec {
[119]471 my %args = @_;
472
[405]473 _commoncheck(\%args, 'y');
[123]474
[511]475 _reccheck(\%args);
[453]476 _loccheck(\%args);
477 _ttlcheck(\%args);
[123]478
[498]479 # allow passing text types rather than DNS integer IDs
[499]480 $args{type} = $DNSDB::reverse_typemap{$args{type}} if $args{type} !~ /^\d+$/;
[498]481
[481]482 my @recargs = ($args{defrec}, $args{revrec}, $args{parent_id},
[543]483 \$args{name}, \$args{type}, \$args{address}, $args{ttl}, $args{location},
484 $args{expires}, $args{stamp});
[426]485 if ($args{type} == $DNSDB::reverse_typemap{MX} or $args{type} == $DNSDB::reverse_typemap{SRV}) {
486 push @recargs, $args{distance};
487 if ($args{type} == $DNSDB::reverse_typemap{SRV}) {
488 push @recargs, $args{weight};
489 push @recargs, $args{port};
490 }
491 }
492
[481]493 my ($code, $msg) = $dnsdb->addRec(@recargs);
[426]494
[511]495 die "$msg\n" if $code eq 'FAIL';
[426]496 return $msg;
[659]497} # rpc_addRec
[119]498
[675]499sub rpc_updateRec {
[119]500 my %args = @_;
501
[405]502 _commoncheck(\%args, 'y');
[123]503
[511]504 _reccheck(\%args);
505
[543]506 # put some caller-friendly names in their rightful DB column places
[680]507 $args{val} = $args{address} if !$args{val};
508 $args{host} = $args{name} if !$args{host};
[543]509
[452]510 # get old line, so we can update only the bits that the caller passed to change
[481]511 my $oldrec = $dnsdb->getRecLine($args{defrec}, $args{revrec}, $args{id});
[543]512 foreach my $field (qw(host type val ttl location expires distance weight port)) {
[452]513 $args{$field} = $oldrec->{$field} if !$args{$field} && defined($oldrec->{$field});
514 }
[543]515 # stamp has special handling when blank or 0. "undefined" from the caller should mean "don't change"
[659]516 $args{stamp} = $oldrec->{stamp} if !defined($args{stamp}) && $oldrec->{stampactive};
[452]517
[498]518 # allow passing text types rather than DNS integer IDs
[499]519 $args{type} = $DNSDB::reverse_typemap{$args{type}} if $args{type} !~ /^\d+$/;
[498]520
[405]521 # note dist, weight, port are not required on all types; will be ignored if not needed.
[426]522 # parent_id is the "primary" zone we're updating; necessary for forward/reverse voodoo
[481]523 my ($code, $msg) = $dnsdb->updateRec($args{defrec}, $args{revrec}, $args{id}, $args{parent_id},
[543]524 \$args{host}, \$args{type}, \$args{val}, $args{ttl}, $args{location},
525 $args{expires}, $args{stamp},
[426]526 $args{distance}, $args{weight}, $args{port});
[123]527
[511]528 die "$msg\n" if $code eq 'FAIL';
[426]529 return $msg;
[680]530} # rpc_updateRec
[119]531
[453]532# Takes a passed CIDR block and DNS pattern; adds a new record or updates the record(s) affected
533sub addOrUpdateRevRec {
534 my %args = @_;
535
536 _commoncheck(\%args, 'y');
[459]537 my $cidr = new NetAddr::IP $args{cidr};
[453]538
[477]539 my $zonelist = $dnsdb->getZonesByCIDR(%args);
[453]540 if (scalar(@$zonelist) == 0) {
541 # enhh.... WTF?
542 } elsif (scalar(@$zonelist) == 1) {
543 # check if the single zone returned is bigger than the CIDR. if so, we can just add a record
544 my $zone = new NetAddr::IP $zonelist->[0]->{revnet};
[459]545 if ($zone->contains($cidr)) {
[454]546 # We need to strip the CIDR mask on IPv4 /32 assignments, or we just add a new record all the time.
[459]547 my $filt = ($cidr->{isv6} || $cidr->masklen != 32 ? "$cidr" : $cidr->addr);
[495]548 my $reclist = $dnsdb->getRecList(defrec => 'n', revrec => 'y',
[454]549 id => $zonelist->[0]->{rdns_id}, filter => $filt);
[671]550##fixme: Figure some new magic to automerge new incoming A(AAA)+PTR requests
551# with existing A records to prevent duplication of A(AAA) records
[453]552 if (scalar(@$reclist) == 0) {
553 # Aren't Magic Numbers Fun? See pseudotype list in dnsadmin.
[672]554 my $type = ($cidr->{isv6} ? ($cidr->masklen == 128 ? 65281 : 65284) : ($cidr->masklen == 32 ? 65280 : 65283) );
[659]555 rpc_addRec(defrec => 'n', revrec => 'y', parent_id => $zonelist->[0]->{rdns_id}, type => $type,
[459]556 address => "$cidr", %args);
[453]557 } else {
[459]558 my $flag = 0;
[453]559 foreach my $rec (@$reclist) {
[454]560 # pure PTR plus composite types
561 next unless $rec->{type} == 12 || $rec->{type} == 65280 || $rec->{type} == 65281
562 || $rec->{type} == 65282 || $rec->{type} == 65283 || $rec->{type} == 65284;
563 next unless $rec->{val} eq $filt; # make sure we really update the record we want to update.
[675]564 rpc_updateRec(defrec =>'n', revrec => 'y', id => $rec->{record_id},
[672]565 parent_id => $zonelist->[0]->{rdns_id}, address => "$cidr", %args);
[459]566 $flag = 1;
[453]567 last; # only do one record.
568 }
[459]569 unless ($flag) {
570 # Nothing was updated, so we didn't really have a match. Add as per @$reclist==0
571 # Aren't Magic Numbers Fun? See pseudotype list in dnsadmin.
572 my $type = ($cidr->{isv6} ? 65282 : ($cidr->masklen == 32 ? 65280 : 65283) );
[659]573 rpc_addRec(defrec => 'n', revrec => 'y', parent_id => $zonelist->[0]->{rdns_id}, type => $type,
[459]574 address => "$cidr", %args);
575 }
[453]576 }
577 } else {
578 # ebbeh? CIDR is only partly represented in DNS. This needs manual intervention.
579 } # done single-zone-contains-$cidr
580 } else {
581 # Overlapping reverse zones shouldn't be possible, so if we're here we've got a CIDR
582 # that spans multiple reverse zones (eg, /23 CIDR -> 2 /24 rzones)
583 foreach my $zdata (@$zonelist) {
[495]584 my $reclist = $dnsdb->getRecList(defrec => 'n', revrec => 'y',
[453]585 id => $zdata->{rdns_id}, filter => $zdata->{revnet});
586 if (scalar(@$reclist) == 0) {
587 my $type = ($args{cidr}->{isv6} ? 65282 : ($args{cidr}->masklen == 32 ? 65280 : 65283) );
[659]588 rpc_addRec(defrec => 'n', revrec => 'y', parent_id => $zdata->{rdns_id}, type => $type,
[453]589 address => "$args{cidr}", %args);
590 } else {
591 foreach my $rec (@$reclist) {
[454]592 # only the composite and/or template types; pure PTR or nontemplate composite
593 # types are nominally impossible here.
[453]594 next unless $rec->{type} == 65282 || $rec->{type} == 65283 || $rec->{type} == 65284;
[678]595 rpc_updateRec(defrec => 'n', revrec => 'y', id => $rec->{record_id},
[453]596 parent_id => $zdata->{rdns_id}, %args);
597 last; # only do one record.
598 }
599 }
600 } # iterate zones within $cidr
601 } # done $cidr-contains-zones
[676]602##fixme: what about errors? what about warnings?
603} # done addOrUpdateRevRec()
[453]604
[676]605# Update rDNS on a whole batch of IP addresses. Presented as a separate sub via RPC
606# since RPC calls can be s...l...o...w....
607sub updateRevSet {
608 my %args = @_;
609
610 _commoncheck(\%args, 'y');
611
612 my @ret;
613 # loop over passed IP/hostname pairs
614 foreach my $key (keys %args) {
[678]615 next unless $key =~ m{^host_((?:[\d.]+|[\da-f:]+)(?:/\d+)?)$};
[676]616 my $ip = $1;
617 push @ret, addOrUpdateRevRec(cidr => $ip, name => $args{$key}, %args);
618 }
619##fixme: what about errors? what about warnings?
620 return \@ret;
621} # done updateRevSet()
622
[680]623# Split a template record as per a passed CIDR.
624# Requires the CIDR and the new mask length
625sub splitTemplate {
626 my %args = @_;
627
628 _commoncheck(\%args, 'y');
629
630 my $cidr = new NetAddr::IP $args{cidr};
631
632 my $zonelist = $dnsdb->getZonesByCIDR(%args);
633
634 if (scalar(@$zonelist) == 0) {
635 # enhh.... WTF?
636
637 } elsif (scalar(@$zonelist) == 1) {
638 my $zone = new NetAddr::IP $zonelist->[0]->{revnet};
639 if ($zone->contains($cidr)) {
640 # Find the first record in the reverse zone that matches the CIDR we're splitting...
641 my $reclist = $dnsdb->getRecList(defrec => 'n', revrec => 'y',
642 id => $zonelist->[0]->{rdns_id}, filter => $cidr, sortby => 'val', sortorder => 'DESC');
643 my $oldrec;
644 foreach my $rec (@$reclist) {
645 my $reccidr = new NetAddr::IP $rec->{val};
646 next unless $cidr->contains($reccidr); # not sure this is needed here
647 # ... and is a reverse-template type.
648 # Could arguably trim the list below to just 65282, 65283, 65284
649 next unless $rec->{type} == 12 || $rec->{type} == 65280 || $rec->{type} == 65281 ||
650 $rec->{type} == 65282 || $rec->{type} == 65283 ||$rec->{type} == 65284;
651 # snag old record so we can copy its data
652 $oldrec = $dnsdb->getRecLine('n', 'y', $rec->{record_id});
653 last; # we've found one record that meets our criteria; Extras Are Irrelevant
654 }
655
656 my @newblocks = $cidr->split($args{newmask});
657 # Change the existing record with the new CIDR
658 my $up_res = rpc_updateRec(%args, val => $newblocks[0], id => $oldrec->{record_id}, defrec => 'n', revrec => 'y');
659 my @ret;
660 # the update is assumed to have succeeded if it didn't fail.
661##fixme: find a way to save and return "warning" states?
662 push @ret, {block => "$newblocks[0]", code => "OK", msg => $up_res};
663 # And now add new record(s) for each of the new CIDR entries, reusing the old data
664 for (my $i = 1; $i <= $#newblocks; $i++) {
665 my $newval = "$newblocks[$i]";
666 my @recargs = ('n', 'y', $oldrec->{rdns_id}, \$oldrec->{host}, \$oldrec->{type}, \$newval,
667 $oldrec->{ttl}, $oldrec->{location}, 0, '');
668 my ($code, $msg) = $dnsdb->addRec(@recargs);
669 # Note failures here are not fatal; this should typically only ever be called by IPDB
670 push @ret, {block => "$newblocks[$i]", code => $code, msg => $up_res};
671 }
672 # return an info hash in case of warnings doing the update or add(s)
673 return \@ret;
674
675 } else { # $cidr > $zone but we only have one zone
676 # ebbeh? CIDR is only partly represented in DNS. This needs manual intervention.
677 return "Warning: $args{cidr} is only partly represented in DNS. Check and update DNS records manually.";
678 } # done single-zone-contains-$cidr
679
680 } else {
681 # multiple zones nominally "contain" $cidr
682 } # done $cidr-contains-zones
683
684} # done splitTemplate()
685
[681]686# Resize a template according to an old/new CIDR pair
687# Takes the old cidr in $args{oldcidr} and the new in $args{newcidr}
688sub resizeTemplate {
689 my %args = @_;
690
691 _commoncheck(\%args, 'y');
692
693 my $oldcidr = new NetAddr::IP $args{oldcidr};
694 my $newcidr = new NetAddr::IP $args{newcidr};
695 die "$oldcidr and $newcidr do not overlap"
696 unless $oldcidr->contains($newcidr) || $newcidr->contains($oldcidr);
697 $args{cidr} = $args{oldcidr};
698
699 my $up_res;
700
701 my $zonelist = $dnsdb->getZonesByCIDR(%args);
702 if (scalar(@$zonelist) == 0) {
703 # enhh.... WTF?
704
705 } elsif (scalar(@$zonelist) == 1) {
706 my $zone = new NetAddr::IP $zonelist->[0]->{revnet};
707 if ($zone->contains($oldcidr)) {
708 # Find record(s) matching the old and new CIDR
709
710 my $sql = q(
711 SELECT record_id,host,val
712 FROM records
713 WHERE rdns_id = ?
714 AND type IN (12, 65280, 65281, 65282, 65283, 65284)
715 AND (val = ? OR val = ?)
716 ORDER BY masklen(inetlazy(val)) ASC
717 );
718 my $sth = $dnsdb->{dbh}->prepare($sql);
719 $sth->execute($zonelist->[0]->{rdns_id}, "$oldcidr", "$newcidr");
720 my $upd_id;
721 my $oldhost;
722 while (my ($recid, $host, $val) = $sth->fetchrow_array) {
723 my $tcidr = NetAddr::IP->new($val);
724 if ($tcidr == $newcidr) {
725 # Match found for new CIDR. Delete this record.
726 $up_res = $dnsdb->delRec('n', 'y', $recid);
727 } else {
728 # Update this record, then exit the loop
729 $up_res = rpc_updateRec(%args, val => $newcidr, id => $recid, defrec => 'n', revrec => 'y');
730 last;
731 }
732 # Your llama is on fire
733 }
734 $sth->finish;
735
736 return "Template record for $oldcidr changed to $newcidr.";
737
738 } else { # $cidr > $zone but we only have one zone
739 # ebbeh? CIDR is only partly represented in DNS. This needs manual intervention.
740 return "Warning: $args{cidr} is only partly represented in DNS. Check and update DNS records manually.";
741 } # done single-zone-contains-$cidr
742
743 } else {
744 # multiple zones nominally "contain" $cidr
745 }
746
747 return $up_res;
748} # done resizeTemplate()
749
[682]750# Convert one or more template records to a set of individual IP records. Expands the template.
751# Handle the case of nested templates, although the primary caller (IPDB) should not be
752# able to generate records that would trigger that case.
753# Accounts for existing PTR or A+PTR records same as on-export template expansion.
754# Takes a list of templates and a bounding CIDR?
755sub templatesToRecords {
756 my %args = @_;
757
758 _commoncheck(\%args, 'y');
759
760 my %iplist;
761 my @retlist;
762
763 my $zsth = $dnsdb->{dbh}->prepare("SELECT rdns_id,group_id FROM revzones WHERE revnet >>= ?");
764 # Going to assume template records with no expiry
765 # Also note IPv6 template records don't expand sanely the way v4 records do
766 my $recsth = $dnsdb->{dbh}->prepare(q(
767 SELECT record_id, domain_id, host, type, val, ttl, location
768 FROM records
769 WHERE rdns_id = ?
770 AND type IN (12, 65280, 65282, 65283)
771 AND inetlazy(val) <<= ?
772 ORDER BY masklen(inetlazy(val)) DESC
773 ));
774 my $insth = $dnsdb->{dbh}->prepare("INSERT INTO records (domain_id, rdns_id, host, type, val, ttl, location)".
775 " VALUES (?,?,?,?,?,?,?)");
776 my $delsth = $dnsdb->{dbh}->prepare("DELETE FROM records WHERE record_id = ?");
777 my %typedown = (12 => 12, 65280 => 65280, 65281 => 65281, 65282 => 12, 65283 => 65280, 65284 => 65281);
778
779 my @checkrange;
780
781 local $dnsdb->{dbh}->{AutoCommit} = 0;
782 local $dnsdb->{dbh}->{RaiseError} = 1;
783
784 eval {
785 foreach my $template (@{$args{templates}}) {
786 $zsth->execute($template);
787 my ($zid,$zgrp) = $zsth->fetchrow_array;
788 if (!$zid) {
789 push @retlist, {$template, "Zone not found"};
790 next;
791 }
792 $recsth->execute($zid, $template);
793 while (my ($recid, $domid, $host, $type, $val, $ttl, $loc) = $recsth->fetchrow_array) {
794 # Skip single IPs with PTR or A+PTR records
795 if ($type == 12 || $type == 65280) {
796 $iplist{"$val/32"}++;
797 next;
798 }
799 my @newips = NetAddr::IP->new($template)->split(32);
800 $type = $typedown{$type};
801 foreach my $ip (@newips) {
802 next if $iplist{$ip};
803 my $newhost = $host;
804 DNSDB::_template4_expand(\$newhost, $ip->addr);
805 $insth->execute($domid, $zid, $newhost, $type, $ip->addr, $ttl, $loc);
806 $iplist{$ip}++;
807 }
808 $delsth->execute($recid);
809 $dnsdb->_log(group_id => $zgrp, domain_id => $domid, rdns_id => $zid,
810 entry => "$template converted to individual $typemap{$type} records");
811 push @retlist, "$template converted to individual records";
812 } # record fetch
813 } # foreach passed template CIDR
814
815 $dnsdb->{dbh}->commit;
816 };
817 if ($@) {
818 die "Error converting a template record to individual records: $@";
819 }
820
821 return \@retlist;
822
823} # done templatesToRecords()
824
[119]825sub delRec {
826 my %args = @_;
827
[405]828 _commoncheck(\%args, 'y');
[123]829
[511]830 _reccheck(\%args);
831
[481]832 my ($code, $msg) = $dnsdb->delRec($args{defrec}, $args{recrev}, $args{id});
[123]833
[511]834 die "$msg\n" if $code eq 'FAIL';
[426]835 return $msg;
[119]836}
837
[459]838sub delByCIDR {
839 my %args = @_;
840
841 _commoncheck(\%args, 'y');
842
[683]843 # Caller may pass 'n' in delsubs. Assume it should be false/undefined
844 # unless the caller explicitly requested 'yes'
845 $args{delsubs} = 0 if $args{delsubs} ne 'y';
846
[459]847 # much like addOrUpdateRevRec()
[477]848 my $zonelist = $dnsdb->getZonesByCIDR(%args);
[459]849 my $cidr = new NetAddr::IP $args{cidr};
850
851 if (scalar(@$zonelist) == 0) {
852 # enhh.... WTF?
853 } elsif (scalar(@$zonelist) == 1) {
854
855 # check if the single zone returned is bigger than the CIDR
856 my $zone = new NetAddr::IP $zonelist->[0]->{revnet};
857 if ($zone->contains($cidr)) {
858 if ($args{delsubs}) {
859 # Delete ALL EVARYTHING!!one11!! in $args{cidr}
[495]860 my $reclist = $dnsdb->getRecList(defrec => 'n', revrec => 'y', id => $zonelist->[0]->{rdns_id});
[459]861 foreach my $rec (@$reclist) {
862 my $reccidr = new NetAddr::IP $rec->{val};
863 next unless $cidr->contains($reccidr);
[460]864 next unless $rec->{type} == 12 || $rec->{type} == 65280 || $rec->{type} == 65281 ||
865 $rec->{type} == 65282 || $rec->{type} == 65283 ||$rec->{type} == 65284;
[459]866 ##fixme: multiple records, wanna wax'em all, how to report errors?
867 if ($args{delforward} ||
868 $rec->{type} == 12 || $rec->{type} == 65282 ||
869 $rec->{type} == 65283 || $rec->{type} == 65284) {
[481]870 my ($code,$msg) = $dnsdb->delRec('n', 'y', $rec->{record_id});
[459]871 } else {
[481]872 my $ret = $dnsdb->downconvert($rec->{record_id}, $DNSDB::reverse_typemap{A});
[459]873 }
874 }
[460]875 if ($args{parpatt} && $zone == $cidr) {
876 # Edge case; we've just gone and axed all the records in the reverse zone.
877 # Re-add one to match the parent if we've been given a pattern to use.
[659]878 rpc_addRec(defrec => 'n', revrec => 'y', parent_id => $zonelist->[0]->{rdns_id},
[672]879 type => ($zone->{isv6} ? 65284 : 65283), address => "$cidr", name => $args{parpatt}, %args);
[460]880 }
[459]881
882 } else {
883 # Selectively delete only exact matches on $args{cidr}
884 # We need to strip the CIDR mask on IPv4 /32 assignments, or we can't find single-IP records
885 my $filt = ($cidr->{isv6} || $cidr->masklen != 32 ? "$cidr" : $cidr->addr);
[495]886 my $reclist = $dnsdb->getRecList(defrec => 'n', revrec => 'y',
[459]887 id => $zonelist->[0]->{rdns_id}, filter => $filt, sortby => 'val', sortorder => 'DESC');
888 foreach my $rec (@$reclist) {
889 my $reccidr = new NetAddr::IP $rec->{val};
890 next unless $cidr == $reccidr;
[460]891 next unless $rec->{type} == 12 || $rec->{type} == 65280 || $rec->{type} == 65281 ||
892 $rec->{type} == 65282 || $rec->{type} == 65283 ||$rec->{type} == 65284;
[459]893 if ($args{delforward} || $rec->{type} == 12) {
[481]894 my ($code,$msg) = $dnsdb->delRec('n', 'y', $rec->{record_id});
[511]895 die "$msg\n" if $code eq 'FAIL';
[459]896 return $msg;
897 } else {
[481]898 my $ret = $dnsdb->downconvert($rec->{record_id}, $DNSDB::reverse_typemap{A});
[671]899 die $dnsdb->errstr."\n" if !$ret;
[459]900 return "A+PTR for $args{cidr} split and PTR removed";
901 }
902 } # foreach @$reclist
903 }
904
905 } else { # $cidr > $zone but we only have one zone
906 # ebbeh? CIDR is only partly represented in DNS. This needs manual intervention.
907 return "Warning: $args{cidr} is only partly represented in DNS. Check and remove DNS records manually.";
908 } # done single-zone-contains-$cidr
909
910 } else { # multiple zones nominally "contain" $cidr
911 # Overlapping reverse zones shouldn't be possible, so if we're here we've got a CIDR
912 # that spans multiple reverse zones (eg, /23 CIDR -> 2 /24 rzones)
913 foreach my $zdata (@$zonelist) {
[495]914 my $reclist = $dnsdb->getRecList(defrec => 'n', revrec => 'y', id => $zdata->{rdns_id});
[459]915 if (scalar(@$reclist) == 0) {
[460]916# nothing to do? or do we (re)add a record based on the parent?
917# yes, yes we do, past the close of the else
918# my $type = ($args{cidr}->{isv6} ? 65282 : ($args{cidr}->masklen == 32 ? 65280 : 65283) );
[659]919# rpc_addRec(defrec => 'n', revrec => 'y', parent_id => $zdata->{rdns_id}, type => $type,
[460]920# address => "$args{cidr}", %args);
[459]921 } else {
922 foreach my $rec (@$reclist) {
[460]923 next unless $rec->{type} == 12 || $rec->{type} == 65280 || $rec->{type} == 65281 ||
924 $rec->{type} == 65282 || $rec->{type} == 65283 || $rec->{type} == 65284;
925 # Template types are only useful when attached to a reverse zone.
926##fixme ..... or ARE THEY?
927 if ($args{delforward} ||
928 $rec->{type} == 12 || $rec->{type} == 65282 ||
929 $rec->{type} == 65283 || $rec->{type} == 65284) {
[481]930 my ($code,$msg) = $dnsdb->delRec('n', 'y', $rec->{record_id});
[460]931 } else {
[481]932 my $ret = $dnsdb->downconvert($rec->{record_id}, $DNSDB::reverse_typemap{A});
[460]933 }
[459]934 } # foreach @$reclist
[460]935 } # nrecs != 0
936 if ($args{parpatt}) {
937 # We've just gone and axed all the records in the reverse zone.
938 # Re-add one to match the parent if we've been given a pattern to use.
[659]939 rpc_addRec(defrec => 'n', revrec => 'y', parent_id => $zdata->{rdns_id},
[460]940 type => ($cidr->{isv6} ? 65284 : 65283),
941 address => $zdata->{revnet}, name => $args{parpatt}, %args);
[459]942 }
943 } # iterate zones within $cidr
944 } # done $cidr-contains-zones
945
946} # end delByCIDR()
947
[405]948#sub getLogCount {}
949#sub getLogEntries {}
[452]950
951sub getRevPattern {
952 my %args = @_;
953
954 _commoncheck(\%args, 'y');
955
[483]956 return $dnsdb->getRevPattern($args{cidr}, $args{group});
[452]957}
958
[673]959sub getRevSet {
960 my %args = @_;
961
962 _commoncheck(\%args, 'y');
963
964 return $dnsdb->getRevSet($args{cidr}, $args{group});
965}
966
[506]967sub getTypelist {
968 my %args = @_;
969 _commoncheck(\%args, 'y');
[504]970
[506]971 $args{selected} = $reverse_typemap{A} if !$args{selected};
972
973 return $dnsdb->getTypelist($args{recgroup}, $args{selected});
974}
975
[504]976sub getTypemap {
977 my %args = @_;
978 _commoncheck(\%args, 'y');
979 return \%typemap;
980}
981
982sub getReverse_typemap {
983 my %args = @_;
984 _commoncheck(\%args, 'y');
985 return \%reverse_typemap;
986}
987
[405]988#sub parentID {}
989#sub isParent {}
[123]990
[405]991sub zoneStatus {
[123]992 my %args = @_;
993
[405]994 _commoncheck(\%args, 'y');
[123]995
[477]996 my @arglist = ($args{zoneid});
[123]997 push @arglist, $args{status} if defined($args{status});
998
[477]999 my $status = $dnsdb->zoneStatus(@arglist);
[123]1000}
1001
[452]1002# Get a list of hashes referencing the reverse zone(s) for a passed CIDR block
1003sub getZonesByCIDR {
1004 my %args = @_;
1005
1006 _commoncheck(\%args, 'y');
1007
[477]1008 return $dnsdb->getZonesByCIDR(%args);
[452]1009}
1010
[405]1011#sub importAXFR {}
1012#sub importBIND {}
1013#sub import_tinydns {}
1014#sub export {}
1015#sub __export_tiny {}
1016#sub _printrec_tiny {}
1017#sub mailNotify {}
[119]1018
1019sub get_method_list {
1020 my @methods = keys %{$methods};
1021 return \@methods;
1022}
Note: See TracBrowser for help on using the repository browser.