Changeset 1032 for branches/stable

Timestamp:

02/10/26 13:30:58 (3 days ago)

Author:

Kris Deugau

Message:

/branches/stable

Start merging changes from /trunk forward based on changes actually applied
in production

Location:

branches/stable

Files:

• . (modified) (1 prop)
• DNSDB.pm (modified) (21 diffs)
• Makefile (modified) (2 diffs)
• bulk-add-domain (copied) (copied from trunk/bulk-add-domain )
• compact-recs.pl (modified) (1 diff)
• dns-rpc.cgi (modified) (34 diffs)
• dns-upd-1.4.1.sql (copied) (copied from trunk/dns-upd-1.4.1.sql )
• dns.cgi (modified) (3 diffs)
• dns.sql (modified) (6 diffs)
• mergerecs (modified) (1 diff)
• templates/menu.tmpl (modified) (1 diff)
• tiny-import.pl (modified) (1 diff)

branches/stable/DNSDB.pm

@@ -3 +3 @@
 ##
 # $Id$
-# Copyright 2008-2016 Kris Deugau <kdeugau@deepnet.cx>
+# Copyright 2008-2017 Kris Deugau <kdeugau@deepnet.cx>
 # 
 #    This program is free software: you can redistribute it and/or modify
@@ -983 +983 @@
   ${$args{weight}} =~ s/\s*//g;
   ${$args{port}} =~ s/\s*//g;
-  return ('FAIL',"Distance, port and weight are required, and must be numeric")
-        unless ${$args{weight}} =~ /^\d+$/ && ${$args{port}} =~ /^\d+$/;
+  my @ferr;
+  push @ferr, "distance" unless ${$args{dist}} =~ /^\d+$/;
+  push @ferr, "weight" unless ${$args{weight}} =~ /^\d+$/;
+  push @ferr, "port" unless ${$args{port}} =~ /^\d+$/;
+  return ('FAIL',"Distance, port and weight are required, and must be numeric (check ".join(",", @ferr).")")
+        unless ${$args{dist}} =~ /^\d+$/ && ${$args{weight}} =~ /^\d+$/ && ${$args{port}} =~ /^\d+$/;
 
   ${$args{fields}} = "distance,weight,port,";
@@ -1369 +1373 @@
   }
   return ('OK','OK');
-}
+} # done delegation record
+
+# ALIAS record
+# A specialized variant of the CNAME, which retrieves the A record list on each
+# export and publishes the A records instead.  Primarily for "root CNAME" or "apex
+# alias" records.  See https://secure.deepnet.cx/trac/dnsadmin/ticket/55.
+# Not allowed in reverse zones because this is already a hack, and reverse zones
+# don't get pointed to CNAMEed CDNs the way domains do.
+sub _validate_65300 {
+  my $self = shift;
+  my $dbh = $self->{dbh};
+
+  my %args = @_;
+
+  return ('FAIL',"ALIAS records are not permitted in reverse zones") if $args{revrec} eq 'y';
+
+  # Make sure target is a well-formed hostname
+  return ('FAIL', $errstr) if ! _check_hostname_form(${$args{val}}, ${$args{rectype}}, $args{defrec}, $args{revrec});
+
+  # Coerce all hostnames to end in ".DOMAIN" for group/default records,
+  # or the intended parent domain for live records.
+  my $pname = ($args{defrec} eq 'y' ? 'DOMAIN' : $self->domainName($args{id}));
+  ${$args{host}} =~ s/\.*$/\.$pname/ if (${$args{host}} ne '@' && ${$args{host}} !~ /$pname$/i);
+
+  # Only do the cache thing on live/active records
+  return ('OK','OK') unless $args{defrec} eq 'n';
+
+  # now we check/update the cached target address info
+  my ($iplist) = $self->{dbh}->selectrow_array("SELECT auxdata FROM records WHERE record_id = ?", undef, $args{recid});
+  my $warnmsg;
+  $iplist = '' if !$iplist;
+
+  # shared target-name-to-IP converter
+  my $liveips = $self->_grab_65300($args{recid}, ${$args{val}});
+  $liveips = '' if !$liveips;
+
+  # check to see if there was an OOOOPS checking for updated A records on the target.  also make sure we have something cached.
+  if (!$liveips) {
+    if (!$iplist) {
+      # not fatal since we do the lookup on export as well
+      $warnmsg = "No cached data and no live DNS data for ALIAS target ${$args{val}};  record may be SKIPPED on export!";
+    }
+  }
+
+  # munge the insert/update fieldlist and data array
+  # note we always force this;  if the target has changed the cached data is almost certainly invalid anyway
+  if ($liveips && ($iplist ne $liveips)) {
+    ${$args{fields}} .= "auxdata,";
+    push @{$args{vallist}}, $liveips;
+  }
+
+  return ('WARN', join("\n", $errstr, $warnmsg) ) if $warnmsg;
+  
+  return ('OK','OK');
+} # done ALIAS record
+
+# this segment used multiple places to update ALIAS target details
+sub _grab_65300 {
+  my $self = shift;
+  my $dbh = $self->{dbh};
+
+  my $recid = shift;
+  my $target = shift;
+
+  my $res = Net::DNS::Resolver->new;
+  $res->tcp_timeout(2);
+  $res->udp_timeout(2);
+  my $reply = $res->query($target);
+
+  my $liveips = '';
+  if ($reply) {
+    # default to a one-hour TTL, which should be variously modified down the chain.  Arguably this could
+    # default even lower, since "The Cloud" often uses sub-1-minute TTLs on the final A records.
+    my $minttl = 3600;
+    my @newlist;
+    foreach my $rr ($reply->answer) {  #@alist) {
+      next unless $rr->type eq "A";
+      push @newlist, $rr->address;
+      $minttl = $rr->ttl if $rr->ttl < $minttl;
+    }
+    # safety limit.  could arguably take this lower, or for extra
+    # complexity, reference off the zone SOA minTTL
+    $minttl = 60 if $minttl < 60;
+    # we don't need this to be perfectly correct IP address order, just consistent.
+    $liveips = "$minttl:".join(':', sort(@newlist)) if @newlist;
+#fixme:  should it be a formal error case if there are no A records returned?
+  } else {
+    $errstr = "Lookup failure retrieving ALIAS IP list: ".$res->errorstring;
+  }
+
+  return $liveips;
+} # _grab_65300()
+
 
 # Subs not specific to a particular record type
@@ -4416 +4512 @@
 
   # do simple validation first
+  $ttl = '' if !$ttl;
+  $ttl =~ s/\s*//g;
   return ('FAIL', "TTL must be numeric") unless $ttl =~ /^-?\d+$/;
 
@@ -4566 +4664 @@
 
   # do simple validation first
+  $ttl = '' if !$ttl;
+  $ttl =~ s/\s*//g;
   return ('FAIL', "TTL must be numeric") unless $ttl =~ /^-?\d+$/;
 
@@ -5924 +6024 @@
   # Error check - does the cache dir exist, if we're using one?
   if ($self->{usecache}) {
-    die "Cache directory does not exist\n" if !-e $self->{exportcache};
+    die "Cache directory $self->{exportcache} does not exist\n" if !-e $self->{exportcache};
     die "$self->{exportcache} is not a directory\n" if !-d $self->{exportcache};
     die "$self->{exportcache} must be both readable and writable\n"
@@ -6138 +6238 @@
       #  - the cache file does not exist
       #  - the cache file is empty
+      #  - the zone contains ALIAS pseudorecords, which need to cascade changes from the upstream CNAME farm at every opportunity
+      if ( ($dbh->selectrow_array("SELECT count(*) FROM records WHERE domain_id = ? AND type=65300", undef, $domid))[0] ) {
+        $changed = 1;  # abuse this flag for zones with ALIAS records
+      }
       if (!$self->{usecache} || $self->{force_refresh} || $changed || !-e $cachefile || -z $cachefile) {
         if ($self->{usecache}) {
@@ -6398 +6502 @@
     print $datafile "Z$zone:$primary:$email"."::$refresh:$retry:$expire:$min_ttl:$ttl:$stamp:$loc\n"
       or die $!;
-
-  } elsif ($typemap{$type} eq 'A') {
-
+  } # SOA
+
+  elsif ($typemap{$type} eq 'A') {
     ($host,$val) = __revswap($host,$val) if $revrec eq 'y';
     print $datafile "+$host:$val:$ttl:$stamp:$loc\n" or die $!;
-
-  } elsif ($typemap{$type} eq 'NS') {
-
+  } # A
+
+  elsif ($typemap{$type} eq 'NS') {
     if ($revrec eq 'y') {
       $val = NetAddr::IP->new($val);
@@ -6431 +6535 @@
       print $datafile "\&$host"."::$val:$ttl:$stamp:$loc\n" or die $!;
     }
-
-  } elsif ($typemap{$type} eq 'AAAA') {
-
+  } # NS
+
+  elsif ($typemap{$type} eq 'AAAA') {
     ($host,$val) = __revswap($host,$val) if $revrec eq 'y';
     my $altgrp = 0;
@@ -6455 +6559 @@
     }
     print $datafile "$prefix:$ttl:$stamp:$loc\n" or die $!;
-
-  } elsif ($typemap{$type} eq 'MX') {
-
+  } # AAAA
+
+  elsif ($typemap{$type} eq 'MX') {
     ($host,$val) = __revswap($host,$val) if $revrec eq 'y';
     print $datafile "\@$host"."::$val:$dist:$ttl:$stamp:$loc\n" or die $!;
-
-  } elsif ($typemap{$type} eq 'TXT') {
-
+  } # MX
+
+  elsif ($typemap{$type} eq 'TXT') {
     ($host,$val) = __revswap($host,$val) if $revrec eq 'y';
 # le sigh.  Some idiot DNS implementations don't seem to like tinydns autosplitting
@@ -6506 +6610 @@
 #:3600
 
-  } elsif ($typemap{$type} eq 'CNAME') {
-
+  } # TXT
+
+  elsif ($typemap{$type} eq 'CNAME') {
     ($host,$val) = __revswap($host,$val) if $revrec eq 'y';
     print $datafile "C$host:$val:$ttl:$stamp:$loc\n" or die $!;
-
-  } elsif ($typemap{$type} eq 'SRV') {
-
+  } # CNAME
+
+  elsif ($typemap{$type} eq 'SRV') {
     ($host,$val) = __revswap($host,$val) if $revrec eq 'y';
 
@@ -6525 +6630 @@
     }
     print $datafile "$prefix\\000:$ttl:$stamp:$loc\n" or die $!;
-
-  } elsif ($typemap{$type} eq 'RP') {
-
+  } # SRV
+
+  elsif ($typemap{$type} eq 'RP') {
     ($host,$val) = __revswap($host,$val) if $revrec eq 'y';
     # RP consists of two mostly free-form strings.
@@ -6542 +6647 @@
     }
     print $datafile "$prefix\\000:$ttl:$stamp:$loc\n" or die $!;
-
-  } elsif ($typemap{$type} eq 'PTR') {
-
+  } # RP
+
+  elsif ($typemap{$type} eq 'PTR') {
     $$recflags{$val}++;
     if ($revrec eq 'y') {
@@ -6573 +6678 @@
       print $datafile "^$host:$val:$ttl:$stamp:$loc\n" or die $!;
     }
-
-  } elsif ($type == 65280) { # A+PTR
-
+  } # PTR
+
+  elsif ($type == 65280) { # A+PTR
     $$recflags{$val}++;
     print $datafile "=$host:$val:$ttl:$stamp:$loc\n" or die $!;
-
-  } elsif ($type == 65281) { # AAAA+PTR
-
+  } # A+PTR
+
+  elsif ($type == 65281) { # AAAA+PTR
     $$recflags{$val}++;
     # treat these as two separate records.  since tinydns doesn't have
@@ -6593 +6698 @@
 ##fixme: add a config flag to indicate use of the patch from http://www.fefe.de/dns/
 # type 6 is for AAAA+PTR, type 3 is for AAAA
-
-  } elsif ($type == 65282) { # PTR template
-
+  } # AAAA+PTR
+
+  elsif ($type == 65282) { # PTR template
     # only useful for v4 with standard DNS software, since this expands all
     # IPs in $zone (or possibly $val?) with autogenerated records
@@ -6608 +6713 @@
       $self->__publish_subnet($val, $recflags, $host, $datafile, $ttl, $stamp, $loc, $zone, 1);
     }
-
-  } elsif ($type == 65283) { # A+PTR template
-
+  } # PTR template
+
+  elsif ($type == 65283) { # A+PTR template
     $val = NetAddr::IP->new($val);
     # Just In Case.  An A+PTR should be impossible to add to a v6 revzone via API.
@@ -6622 +6727 @@
       $self->__publish_subnet($val, $recflags, $host, $datafile, $ttl, $stamp, $loc, $zone, 0);
     }
-
-  } elsif ($type == 65284) { # AAAA+PTR template
+  } # A+PTR template
+
+  elsif ($type == 65284) { # AAAA+PTR template
     # Stub for completeness.  Could be exported to DNS software that supports
     # some degree of internal automagic in generic-record-creation
     # (eg http://search.cpan.org/dist/AllKnowingDNS/ )
-
-  } elsif ($type == 65285) { # Delegation
+  } # AAAA+PTR template
+
+  elsif ($type == 65285) { # Delegation
     # This is intended for reverse zones, but may prove useful in forward zones.
 
@@ -6653 +6760 @@
       }
     }
+  } # Delegation
+
+  elsif ($type == 65300) { # ALIAS
+    # Implemented as a unique record in parallel with many other
+    # management tools, for clarity VS formal behviour around CNAME
+    # Mainly for "root CNAME" or "apex alias";  limited value for any
+    # other use case since CNAME can generally be used elsewhere.
+
+    # .arpa zones don't need this hack.  shouldn't be allowed into
+    # the DB in the first place, but Just In Case...
+    return if $revrec eq 'y';
+
+    my ($iplist) = $self->{dbh}->selectrow_array("SELECT auxdata FROM records WHERE record_id = ?", undef, $recid);
+    $iplist = '' if !$iplist;
+
+    # shared target-name-to-IP converter
+    my $liveips = $self->_grab_65300($recid, $val);
+    # only update the cache if the live lookup actually returned data
+    if ($liveips && ($iplist ne $liveips)) {
+      $self->{dbh}->do("UPDATE records SET auxdata = ? WHERE record_id = ?", undef, $liveips, $recid);
+      $iplist = $liveips;
+    }
+
+    # slice the TTL we'll actually publish off the front
+    my @asubs = split ':', $iplist;
+    my $attl = shift @asubs;
+
+    # output a plain old A record for each IP the target name really points to.
+    # in the event that, for whatever reason, no A records are available for $val, nothing will be output.
+    foreach my $subip (@asubs) {
+      print $datafile "+$host:$subip:$attl:$stamp:$loc\n" or die $!;
+    }
+  } # ALIAS
 
 ##
@@ -6658 +6798 @@
 ##
 
-  } elsif ($type == 44) { # SSHFP
-
+  elsif ($type == 44) { # SSHFP
     ($host,$val) = __revswap($host,$val) if $revrec eq 'y';
 
@@ -6671 +6810 @@
     print $datafile "$rec:$ttl:$stamp:$loc\n" or die $!;
 
-  } else {
+  } # SSHFP
+
+  else {
     # raw record.  we don't know what's in here, so we ASS-U-ME the user has
     # put it in correctly, since either the user is messing directly with the
@@ -6682 +6823 @@
     #print $datafile ":$host:$type:$val:$ttl:$stamp:$loc\n";
 
-  } # record type if-else
+  } # "other"
 
 } # end _printrec_tiny()

branches/stable/Makefile

@@ -46 +46 @@
         INSTALL COPYING TODO Makefile dnsadmin.spec \
         \
-        dns.sql dns-1.0-1.2.sql dns-1.2.3-1.2.4.sql dns-upd-1.2.6.sql dns-upd-1.4.0.sql \
+        dns.sql dns-1.0-1.2.sql dns-1.2.3-1.2.4.sql dns-upd-1.2.6.sql dns-upd-1.4.0.sql dns-upd-1.4.1.sql \
         \
         $(SCRIPTS) $(MODULES) \
@@ -68 +68 @@
 
 SCRIPTS = \
-        compact-recs.pl dns.cgi dns-rpc.cgi dns-rpc.fcgi export.pl mergerecs textrecs.cgi tiny-import.pl \
-        vega-import.pl
+        bulk-add-domain compact-recs.pl dns.cgi dns-rpc.cgi dns-rpc.fcgi export.pl mergerecs textrecs.cgi \
+        tiny-import.pl vega-import.pl
 
 MODULES = DNSDB.pm

branches/stable/compact-recs.pl

@@ -53 +53 @@
 # get userdata for log
 ($dnsdb->{logusername}, undef, undef, undef, undef, undef, $dnsdb->{logfullname}) = getpwuid($<);
+$dnsdb->{logfullname} =~ s/,//g;
 $dnsdb->{loguserid} = 0;        # not worth setting up a pseudouser the way the RPC system does
 $dnsdb->{logusername} = $dnsdb->{logusername}."/compact-recs.pl";

branches/stable/dns-rpc.cgi

@@ -134 +134 @@
 exit;
 
+
+=head1 dns-rpc.cgi
+
+The RPC API for DeepNet DNS Administrator.
+
+=head2 Common required arguments
+
+A few arguments for primitive authorization are required on all calls.
+
+=over 4
+
+=item rpcuser
+
+A string identifying the remote user in some way.  Used to generate a hidden local user for logging.
+
+=item rpcsystem
+
+A string identifying the remote system doing the RPC call.  This is checked against a list of IPs allowed to 
+claim this system identifier.
+
+=back
+
+=cut
+
 ##
 ## Subs below here
@@ -214 +238 @@
 ## Shims for DNSDB core subs
 ##
+
+
+=head2 Exposed RPC subs
+
+=cut
+#over 4
+
 
 #sub connectDB {
@@ -225 +256 @@
 #sub _log {
 
+
+=head3 addDomain
+
+Add a domain.  Note that while this should accept a formal .arpa reverse zone name, doing so will disrupt 
+several features that ease management of bulk reverse records.  Use C<addRDNS> to add reverse zones.
+
+=over 4
+
+=item domain
+
+The domain to add.
+
+=item group
+
+The group ID to add the domain to.  Group ID 1 is expected to exist;  otherwise a list of groups should be 
+retrieved with C<getGroupList> for selection.  The group defines which template records will be used to create 
+the initial record set in the domain.
+
+=item state
+
+Active/inactive flag.  Send C<active>, C<on>, or C<1> for domains that should be published;  C<inactive>, 
+C<off>, or C<0> for domains that should be added but not currently published.
+
+=item defloc
+
+Optional argument for the default location/view the domain's records should be published in.  Leave blank, or a 
+list of locations can be retrieved with C<getLocList> or C<getLocDropdown> for selection.
+
+=back
+
+Returns the ID of the domain.
+
+=cut
 sub addDomain {
   my %args = @_;
@@ -235 +299 @@
 }
 
+
+=head3 delZone
+
+Delete a domain or reverse zone
+
+=over 4
+
+=item zone
+
+The domain name, domain ID, .arpa zone name, or logical CIDR range to remove
+
+=item revrec
+
+Flag to indicate whether to go looking for a domain or a reverse zone to delete.  Accepts "y" or "n".
+
+=back
+
+Returns an informational confirmation message on success.
+
+=cut
 sub delZone {
   my %args = @_;
@@ -258 +342 @@
 } # delZone()
 
+
 #sub domainName {}
 #sub revName {}
 
+
+=head3 domainID
+
+Retrieve the ID for a domain
+
+=over 4
+
+=item domain
+
+The domain name to find the ID for
+
+=back
+
+Returns the integer ID of the domain if found.
+
+=cut
 sub domainID {
   my %args = @_;
@@ -273 +374 @@
 #sub revID {}
 
+
+=head3 addRDNS
+
+Add a reverse zone
+
+=over 4
+
+=item revzone
+
+The logical reverse zone to be added.  Can be specified as either formal .arpa notation or a valid CIDR 
+netblock.  Using a CIDR netblock allows logical aggregation of related records even if the CIDR range covers 
+multiple formal .arpa zone boundaries.  For example, the logical zone 192.168.4.0/22 covers 
+4.168.192.in-addr.arpa, 5.168.192.in-addr.arpa, 6.168.192.in-addr.arpa, and 7.168.192.in-addr.arpa, and will be 
+correctly published as such.
+
+=item revpatt
+
+A string representing the pattern to use for an initial template record.
+
+=item group
+
+The group ID to add the zone to.
+
+=item state
+
+Active/inactive flag.  Send C<active>, C<on>, or 1 for zones that should be published;  C<inactive>, 
+C<off>, or C<0> for zones that should be added but not currently published.
+
+=item defloc
+
+Optional argument for the default location/view the zone's records should be published in.  Leave blank, or a 
+list of locations can be retrieved with C<getLocList> or C<getLocDropdown> for selection.
+
+=back
+
+Returns the zone ID on success.
+
+=cut
 sub addRDNS {
   my %args = @_;
@@ -287 +426 @@
 #sub getZoneLocation {}
 
+
+=head3 addGroup
+
+Add a group
+
+=over 4
+
+=item groupname
+
+The name for the new group
+
+=item parent_id
+
+The ID of the group to put the new group in
+
+=back
+
+Note that the RPC API does not currently expose the full DNSDB::addGroup interface;  the permissions hashref is 
+substituted with a reasonable standard default user permissions allowing users to add/edit/delete zones and 
+records.
+
+Returns literal 'OK' on success.
+
+=cut
 sub addGroup {
   my %args = @_;
@@ -305 +468 @@
 }
 
+
+=head3 delGroup
+
+Delete a group.  The group must be empty of users, zones, or subgroups.
+
+=over 4
+
+=item group
+
+The group name or group ID to delete
+
+=back
+
+Returns an informational message on success.
+
+=cut
 sub delGroup {
   my %args = @_;
@@ -330 +509 @@
 #sub groupID {}
 
+
+=head3 addUser
+
+Add a user.
+
+=over 4
+
+=item username
+
+The username to add
+
+=item group
+
+The group ID to add the user in.  Users in subgroups only have access to data in that group and its subgroups.
+
+=item pass
+
+The password for the account
+
+=item state
+
+Flag to indicate if the account should be active on creation or set to inactive.  Accepts the same values as 
+domains and reverse zones - C<active>, C<on>, or C<1> for an active user, C<inactive>, C<off>, or C<0> for an 
+inactive one.
+
+=back
+
+B<Optional arguments>
+
+=over 4
+
+=item type
+
+Type of user account to add.  Current types are C<u> (normal user) and C<s> (superuser).  Defaults to C<u>.
+
+=item permstring
+
+A string encoding the permissions a normal user receives.  By default this is set to C<i> indicating
+permissions are inherited from the group.
+
+C<c:[digits]> clones permissions from user with id [digits]
+
+C<C:,[string]> sets the exact permissions indicated by [string].  It is currently up to the caller to ensure 
+that related/cascading permissions are set correctly;  see C<%DNSDB::permchains> for the current set.  Current 
+valid permission identifiers match 
+C<(group|user|domain|record|location|self)_(edit|create|delete|locchg|view)>, however see C<@DNSDB::permtypes> 
+for the exact list.
+
+The comma after the colon is not a typo.
+
+=item fname
+
+First name
+
+=item lname
+
+Last name
+
+=item phone
+
+Phone number
+
+=back
+
+Note that some user properties originate in DNS Administrator's inspiration, VegaDNS.
+
+=cut
 sub addUser {
   my %args = @_;
@@ -355 +601 @@
 #sub checkUser {}
 
+
+=head3 updateUser
+
+Update a user's username, password, state, type, first/last names, and/or phone number
+
+Most arguments are the same as for addUser.
+
+=over 4
+
+=item uid
+
+The ID of the user record
+
+=item username
+
+The username
+
+=item group
+
+The group ID the user is in (for logging).  Users cannot currently be moved to a different group.
+
+=item pass
+
+An updated password, if provided.  Leave blank to keep the existing password.
+
+=item state
+
+The account state (active/inactive).  Takes the same values as addUser.
+
+=item type
+
+The account type (user [C<u>] or superuser [C<S>])
+
+=item fname
+
+First name (optional)
+
+=item lname
+
+Last name (optional)
+
+=item phone
+
+Phone contact (optional)
+
+=back
+
+=cut
 sub updateUser {
   my %args = @_;
@@ -376 +670 @@
 }
 
+
+=head3 delUser
+
+Delete a user
+
+=over 4
+
+=item uid
+
+The ID of the user record to delete
+
+=back
+
+=cut
 sub delUser {
   my %args = @_;
@@ -398 +706 @@
 #sub getLocList {}
 
+
+=head3 getLocDropdown
+
+Retrieve a list of locations for display in a dropdown.
+
+=over 4
+
+=item group
+
+The group ID to select locations from
+
+=item defloc
+
+Optional argument to flag the "default" location in the list
+
+=back
+
+Returns an arrayref to a list of hashrefs with elements C<locname>, C<loc> and C<selected>.  C<selected> will 
+be 0 for all entries unless the C<loc> value matches C<defloc>, where it will be set to 1.
+
+=cut
 sub getLocDropdown {
   my %args = @_;
@@ -408 +737 @@
 }
 
+
+=head3 getSOA
+
+Retrieve the SOA record for a zone
+
+=over 4
+
+=item defrec
+
+Default/live records flag.  Accepts C<y> and C<n>.
+
+=item revrec
+
+Forward/reverse flag.  Accepts C<y> and C<n>.
+
+=item id
+
+The zone ID (if C<defrec> is C<y>) or the group ID (if C<defrec> is C<n>) to retrieve the SOA from
+
+=back
+
+=cut
 sub getSOA {
   my %args = @_;
@@ -428 +779 @@
 #sub updateSOA {}
 
+
+=head3 getRecLine
+
+Retrieve all fields for a specific record
+
+=over 4
+
+=item defrec
+
+Default/live records flag.  Accepts C<y> and C<n>.
+
+=item revrec
+
+Forward/reverse flag.  Accepts C<y> and C<n>.  Mildly abused to determine whether to include C<distance>, 
+C<weight>, and C<port> fields, since MX and SRV records don't make much sense in reverse zones.
+
+=item id
+
+The record ID (if C<defrec> is C<y>) or default record ID (if C<defrec> is C<n>) to retrieve
+
+=back
+
+=cut
 sub getRecLine {
   my %args = @_;
@@ -442 +816 @@
 }
 
+
+=head3 getRecList
+
+Retrieve a list of records for a zone.
+
+=over 4
+
+=item id
+
+The zone ID (if C<defrec> is C<n>) or group ID (if C<defrec> is C<y>) to retrieve records from
+
+=item defrec
+
+Default/live records flag.  Accepts C<y> and C<n>.
+
+=item revrec
+
+Forward/reverse flag.  Accepts C<y> and C<n>.
+
+=back
+
+Optional arguments
+
+=over 4
+
+=item offset
+
+Offset from the start of the raw record list.  Mainly for pagination.  Defaults 0.
+
+=item nrecs
+
+Number of records to return.  Defaults to C<$DNSDB::perpage>
+
+=item sortby
+
+Sort field.  Defaults to host for domain zones, val for reverse zones.  Supports multifield sorts;  pass the 
+fields in order separated by commas.
+
+=item sortorder
+
+SQL sort order.  Defaults to C<ASC>.
+
+=item filter
+
+Return only records whose host or val fields match this string.
+
+=item type, distance, weight, port, ttl, description
+
+If these arguments are present, use the value to filter on that field.
+
+=back
+
+=cut
 sub getRecList {
   my %args = @_;
@@ -486 +913 @@
 }
 
+
+=head3 getRecCount
+
+Return count of non-SOA records in zone (or default records in a group).
+
+Uses the same arguments as getRecList, except for C<offset>, C<nrecs>, C<sortby>, and C<sortorder>.
+
+=cut
 sub getRecCount {
   my %args = @_;
@@ -525 +960 @@
 } # getRecCount()
 
+
+=head3 addRec
+
+Add a record to a zone or add a default record to a group.
+
+Note that the name, type, and address arguments may be modified for normalization or to match available zones 
+for A+PTR and related metatypes.
+
+=over 4
+
+=item defrec
+
+Default/live records flag. Accepts C<y> and C<n>.
+
+=item revrec
+
+Forward/reverse flag. Accepts C<y> and C<n>.
+
+=item parent_id
+
+The ID of the parent zone or group.
+
+=item name
+
+The fully-qualified hostname for the record.  Trailing periods will automatically be stripped for storage, and 
+added on export as needed.  Note that for reverse zone records, this is the nominal record target.
+
+=item type
+
+The record type.  Both the nominal text identifiers and the bare integer types are accepted.
+
+=item address
+
+The record data or target.  Note that for reverse zones this is the nominal .arpa name for the record.
+
+=item ttl
+
+The record TTL.
+
+=item location
+
+The location identifier for the record.
+
+=item expires
+
+Flag to indicate the record will either expire at a certain time or become active at a certain time.
+
+=item stamp
+
+The timestamp a record will expire or become active at.  Note that depending on the DNS system in use this may 
+not result in an exact expiry or activation time.
+
+=back
+
+B<Optional arguments>
+
+=over 4
+
+=item distance
+
+MX and SRV distance or priority
+
+=item weight
+
+SRV weight
+
+=item port
+
+SRV port number
+
+=back
+
+=cut
 # The core sub uses references for some arguments to allow limited modification for
 # normalization or type+zone matching/mapping/availability.
@@ -556 +1064 @@
 } # rpc_addRec
 
+
+=head3 updateRec
+
+Update a record.
+
+Takes the same arguments as C<addRec> except that C<id> is the record to update, not the primary parent zone ID.
+
+If C<stamp> is blank or undefined, any timestamp will be removed.
+
+=cut
 sub rpc_updateRec {
   my %args = @_;
@@ -590 +1108 @@
 
 
+
+=head3 addOrUpdateRevRec
+
+Add or update a reverse DNS record (usually A+PTR template) as appropriate based on a passed CIDR address and 
+hostname pattern.  The record will automatically be downconverted to a PTR template if the forward zone 
+referenced by the hostname pattern is not managed in this DNSAdmin instance.
+
+=over 4
+
+=item cidr
+
+The CIDR address or IP for the record
+
+=item name
+
+The hostname pattern for template records, or the hostname for single IP records
+
+=back
+
+=cut
 # Takes a passed CIDR block and DNS pattern;  adds a new record or updates the record(s) affected
 sub addOrUpdateRevRec {
@@ -685 +1223 @@
 } # done addOrUpdateRevRec()
 
+
+=head3 updateRevSet
+
+Update reverse DNS entries for a set of IP addresses all at once.  Calls addOrUpdateRevRec internally.
+
+=over 4
+
+=item host_[ip.add.re.ss] (Multiple entries)
+
+One or more identifiers for one or more IP addresses to update reverse DNS on.  The value of the argument is the 
+hostname to set on that IP.
+
+=back
+
+=cut
 # Update rDNS on a whole batch of IP addresses.  Presented as a separate sub via RPC
 # since RPC calls can be s...l...o...w....
@@ -715 +1268 @@
 } # done updateRevSet()
 
+
+=head3 splitTemplate
+
+Split a PTR template record into multiple records.
+
+=over 4
+
+=item cidr
+
+The CIDR address for the record to split
+
+=item newmask
+
+The new masklength for the new records.  
+
+=back
+
+=cut
 # Split a template record as per a passed CIDR.
 # Requires the CIDR and the new mask length
@@ -782 +1353 @@
 } # done splitTemplate()
 
+
+=head3 resizeTemplate
+
+Resize a template record based on a pair of passed CIDR addresses.
+
+=over 4
+
+=item oldcidr
+
+The old CIDR to look for in the existing records
+
+=item newcidr
+
+The new CIDR
+
+=back
+
+=cut
 # Resize a template according to an old/new CIDR pair
 # Takes the old cidr in $args{oldcidr} and the new in $args{newcidr}
@@ -850 +1439 @@
 } # done resizeTemplate()
 
+
+=head3 templatesToRecords
+
+Convert one or more template records to individual IP records, expanding the template as would be done on 
+export.
+
+=over 4
+
+=item templates
+
+A list/array of CIDR addresses to search for for conversion.
+
+=back
+
+=cut
 # Convert one or more template records to a set of individual IP records.  Expands the template.
 # Handle the case of nested templates, although the primary caller (IPDB) should not be
@@ -928 +1532 @@
 } # done templatesToRecords()
 
+
+=head3 delRec
+
+Delete a record.
+
+=over 4
+
+=item defrec
+
+Default/live records flag. Accepts C<y> and C<n>.
+
+=item revrec
+
+Forward/reverse flag. Accepts C<y> and C<n>.  Used for logging to pick the "primary" zone of the record.
+
+=item id
+
+The record to delete.
+
+=back
+
+=cut
 sub delRec {
   my %args = @_;
@@ -941 +1567 @@
 }
 
+
+=head3 delByCIDR
+
+Delete a record by CIDR address.
+
+=over 4
+
+=item cidr
+
+The CIDR address for the record or record group to delete.
+
+=back
+
+B<Optional arguments>
+
+=over 4
+
+=item delforward (default 0/off)
+
+Delete the matching A record on A+PTR and similar metarecords.
+
+=item delsubs (default 0/off)
+
+Delete all records within C<cidr>.  Send C<y> if desired, otherwise it reverts to default even for other 
+otherwise "true" values.
+
+=item parpatt
+
+Template pattern to add a replacement record if the delete removes all records from a reverse zone.
+
+=back
+
+=cut
 sub delByCIDR {
   my %args = @_;
@@ -1059 +1718 @@
 } # end delByCIDR()
 
+
+=head3 delRevSet
+
+Delete a set of single-IP records similar to updateRevSet
+
+=over 4
+
+=item cidrlist
+
+Simple comma-separated string containing the IP addresses that should be removed.
+
+=back
+
+=cut
 # Batch-delete a set of reverse entries similar to updateRevSet
 sub delRevSet {
@@ -1077 +1750 @@
 #sub getLogEntries {}
 
+
+=head3 getRevPattern
+
+Get the pattern that would be applied to IPs in a CIDR range that do not have narrower patterns or separate 
+individual reverse entries.
+
+=over 4
+
+=item cidr
+
+The CIDR address range to find a pattern for.
+
+=item group
+
+The group to restrict reverse zone matches to.
+
+=item location
+
+The DNS view/location to restrict record matches to.
+
+=back
+
+=cut
 sub getRevPattern {
   my %args = @_;
@@ -1085 +1781 @@
 }
 
+
+=head3 getRevSet
+
+Retrieve the set of per-IP reverse records within a CIDR range, if any.
+
+Returns a list of hashes.
+
+=over 4
+
+=item cidr
+
+The CIDR address range to find a pattern for.
+
+=item group
+
+The group to restrict reverse zone matches to.
+
+=item location
+
+The DNS view/location to restrict record matches to.
+
+=back
+
+=cut
 sub getRevSet {
   my %args = @_;
@@ -1093 +1813 @@
 }
 
+
+=head3 getTypelist
+
+Retrieve a list of record types suitable for a dropdown form field.  Returns only record types currently 
+supported by DNSAdmin.
+
+Returns a list of hashes.
+
+=over 4
+
+=item recgroup
+
+Flag argument to determine which record types will be returned.  Values not listed fall back to C<f>.
+
+=over 4
+
+=item r
+
+Logical records commonly found in reverse zones (includes A+PTR and related metatypes)
+
+=item l
+
+Records that can actually be looked up in the DNS.
+
+=item f
+
+Logical records commonly found in forward zones (includes A+PTR and similar metatypes that include a forward 
+record component).  Append C<o> to exclude the metatypes.
+
+=back
+
+=item selected
+
+Optional flag argument if a particular type should be "selected".  Sets the C<tselect> key on that entry.  Note 
+that the passed type will always be present in the returned list, even if it wouldn't be otherwise - eg, PTR 
+template if C<recgroup> is set to C<fo>, or SRV if C<recgroup> is set to C<r>.
+
+=back
+
+=cut
 sub getTypelist {
   my %args = @_;
@@ -1102 +1862 @@
 }
 
+
+=head3 getTypemap
+
+Return DNS record type hash mapping DNS integer type values to text names
+
+=cut
 sub getTypemap {
   my %args = @_;
@@ -1108 +1874 @@
 }
 
+
+=head3 getReverse_typemap
+
+Return DNS record type hash mapping text names to integer type values
+
+=cut
 sub getReverse_typemap {
   my %args = @_;
@@ -1117 +1889 @@
 #sub isParent {}
 
+
+=head3 zoneStatus
+
+Get or set the status of a zone.  Returns the status of the zone.
+
+=over 4
+
+=item zoneid
+
+The ID of the zone to get or set status on
+
+=back
+
+B<Optional arguments>
+
+=over 4
+
+=item reverse
+
+Set to C<y> if you want to get/set the status for a reverse zone
+
+=item status
+
+Pass C<0> or C<domoff> to set the zone to inactive;  C<1> or C<domon> to set it to active
+
+=back
+
+=cut
 sub zoneStatus {
   my %args = @_;
@@ -1128 +1928 @@
   my $status = $dnsdb->zoneStatus(@arglist);
 }
+
+
+=head3 getZonesByCIDR
+
+Get a list of reverse zones within a passed CIDR block.  Returns a list of hashes.
+
+=over 4
+
+=item cidr
+
+The CIDR range to look for reverse zones in
+
+=back
+
+=cut
 
 # Get a list of hashes referencing the reverse zone(s) for a passed CIDR block
@@ -1150 +1965 @@
   return \@methods;
 }
+
+
+# and we're done.  close the POD
+
+#back

branches/stable/dns.cgi

@@ -1734 +1734 @@
     my @results;
     foreach my $domain (@domlist) {
+##fixme: Net::DNS has made changes somewhere between 0.66something (~~ Debian wheezy) and
+# 0.81 (~~ Debian jessie) that cause taint failures when providing a hostname as a nameserver
+# for AXFR.  A proper fix may boil down to "split AXFR into its own script".  Feh.
+# For now, we'll just convert the requested AXFR host to an IP, and pass that down the chain instead.
+      my $nsip = gethostbyname($webvar{ifrom});
+      use Socket;
+      $nsip = inet_ntoa($nsip);
+      # strangely enough we don't seem to need to detaint:
+      #($nsip) = ($nsip =~ /^([a-fA-F0-9:.]+)$/);
       my %row;
-      my ($code,$msg) = $dnsdb->importAXFR($webvar{ifrom}, $domain, $webvar{group},
+      my ($code,$msg) = $dnsdb->importAXFR($nsip, $domain, $webvar{group},
         status => $webvar{domactive}, rwsoa => $webvar{rwsoa}, rwns => $webvar{rwns},
         newttl => ($webvar{forcettl} ? $webvar{newttl} : 0),
@@ -1968 +1977 @@
 # fill in general URL-to-self
   $page->param(script_self => "$ENV{SCRIPT_NAME}?");
+# fill in the generalized path-to-instance
+  $page->param(webpath => ($ENV{SCRIPT_NAME} =~ m|(/.+)/[^/]+$|)[0]);
 }
 
@@ -2153 +2164 @@
 
   foreach my $rec (@$foo2) {
-    $rec->{type} = $typemap{$rec->{type}};
+    if ($typemap{$rec->{type}}) {
+      $rec->{type} = $typemap{$rec->{type}};
+    } else {
+      $rec->{type} = "TYPE$rec->{type}";
+    }
     $rec->{fwdzone} = $rev eq 'n';
     $rec->{ttl} = '(auto)' if $rec->{ttl} == -1;

branches/stable/dns.sql

@@ -191 +191 @@
     stamp TIMESTAMP WITH TIME ZONE DEFAULT 'epoch' NOT NULL,
     expires boolean DEFAULT 'n' NOT NULL,
-    stampactive boolean DEFAULT 'n' NOT NULL
+    stampactive boolean DEFAULT 'n' NOT NULL,
+    auxdata text
 );
 CREATE INDEX rec_domain_index ON records USING btree (domain_id);
@@ -206 +207 @@
 
 -- Types are required.  NB:  these are vaguely read-only too
--- data from http://www.iana.org/assignments/dns-parameters
+-- data from https://www.iana.org/assignments/dns-parameters
 COPY rectypes (val, name, stdflag, listorder, alphaorder) FROM stdin;
 1       A       1       1       1
@@ -259 +260 @@
 50      NSEC3   5       255     41
 51      NSEC3PARAM      5       255     42
+52      TLSA    5       255     255
+53      SMIMEA  5       255     255
 55      HIP     5       255     19
+56      NINFO   5       255     255
+57      RKEY    5       255     255
+58      TALINK  5       255     255
+59      CDS     5       255     255
+60      CDNSKEY 5       255     255
+61      OPENPGPKEY      5       255     255
+62      CSYNC   5       255     255
 99      SPF     5       255     54
 100     UINFO   5       255     62
@@ -265 +275 @@
 102     GID     5       255     16
 103     UNSPEC  5       255     63
+104     NID     5       255     255
+105     L32     5       255     255
+106     L64     5       255     255
+107     LP      5       255     255
+108     EUI48   5       255     255
+109     EUI64   5       255     255
 249     TKEY    5       255     58
 250     TSIG    5       255     59
@@ -271 +287 @@
 253     MAILB   5       255     27
 254     MAILA   5       255     26
+255     *       5       255     255
+256     URI     5       255     255
+257     CAA     5       255     255
+258     AVC     5       255     255
 32768   TA      5       255     57
 32769   DLV     5       255     11
@@ -283 +303 @@
 65284   AAAA+PTR template       2       8       2
 65285   Delegation      2       9       2
+65300   ALIAS   2       16      255
 \.
 

branches/stable/mergerecs

@@ -63 +63 @@
 # get userdata for log
 ($dnsdb->{logusername}, undef, undef, undef, undef, undef, $dnsdb->{logfullname}) = getpwuid($<);
+$dnsdb->{logfullname} =~ s/,//g;
 $dnsdb->{loguserid} = 0;        # not worth setting up a pseudouser the way the RPC system does
 $dnsdb->{logusername} = $dnsdb->{logusername}."/mergerecs";

branches/stable/templates/menu.tmpl

@@ +1 @@
+<TMPL_IF 0><TMPL_VAR NAME=webpath></TMPL_IF>
 <td class="menu">
 <TMPL_VAR NAME=username> logged in<br />

branches/stable/tiny-import.pl

@@ -118 +118 @@
 # collect some things for logging
 ($dnsdb->{logusername}, undef, undef, undef, undef, undef, $dnsdb->{logfullname}) = getpwuid($<);
+$dnsdb->{logfullname} =~ s/,//g;
 $dnsdb->{loguserid} = 0;        # not worth setting up a pseudouser the way the RPC system does
 $dnsdb->{logusername} = $dnsdb->{logusername}."/tiny-import.pl";