Changeset 232 for trunk

Timestamp:

02/13/12 17:56:18 (13 years ago)

Author:

Kris Deugau

Message:

/trunk

Checkpoint - almost done PTR, A/AAAA+PTR types. Still need to
figure out validation on default-record inputs.

File:

• trunk/DNSDB.pm (modified) (8 diffs)

trunk/DNSDB.pm

@@ -174 +174 @@
   my $addr = shift;
 
+  return if $revrec ne 'y';     # this sub not useful in forward zones
+
+  $$addr = NetAddr::IP->new($$val);      #necessary?
+
   # subsub to split, reverse, and overlay an IP fragment on a netblock
   sub __rev_overlay {
@@ -183 +187 @@
     my $joinme = $splitme;
     $splitme = '\.' if $splitme eq '.';
-    my @working = reverse(split($splitme, $parnet->addr)) or warn $!;
-    my @parts = reverse(split($splitme, $val));
+    my @working = reverse(split($splitme, $parnet->addr));
+    my @parts = reverse(split($splitme, $$val));
     for (my $i = 0; $i <= $#parts; $i++) {
       $working[$i] = $parts[$i];
     }
-    my $checkme = NetAddr::IP->new(join($joinme, reverse(@working))) or return;
-    return unless $checkme->within($parnet);
+    my $checkme = NetAddr::IP->new(join($joinme, reverse(@working))) or return 0;
+    return 0 unless $checkme->within($parnet);
     $$addr = $checkme;  # force "correct" IP to be recorded.
     return 1;
@@ -198 +202 @@
 
   # Fail early on v6-in-v4 or v4-in-v6.  We're not accepting these ATM.
-  return if $parnet->addr =~ /\./ && $val =~ /:/;
-  return if $parnet->addr =~ /:/ && $val =~ /\./;
-
-  # Arguably this is incorrect, but...
-  if ($val =~ /^::/) {
-    $val =~ s/^:+//;     # gotta strip'em all...
-    return __rev_overlay(':', $parnet, $val, $addr);
-  }
-  if ($val =~ /^\./) {
-    $val =~ s/^\.+//;
-    return __rev_overlay('.', $parnet, $val, $addr);
-  }
-
-  if ($revrec eq 'y') {
-    if ($$addr && !$$addr->{isv6}) {
-      # argh.  12.1 == 12.0.0.1  (WTF?)
-      # so we do this The Hard Way, because of the stupid
-      if ($val =~ /^(?:\d{1,3}\.){3}\d{1,3}$/) {
-        # we really have a real IP.
-        return $dbh->selectrow_array("SELECT count(*) FROM revzones WHERE revnet >> ?", undef, ($val));
-      } else {
-        return __rev_overlay('.', $parnet, $val, $addr);
-      }
-    } elsif ($$addr && $$addr->{isv6}) {
-      # real v6 address.
-      return $dbh->selectrow_array("SELECT count(*) FROM revzones WHERE revnet >> ?", undef, ($val));
-    } else {
-      # v6 tail
+  return 0 if $parnet->addr =~ /\./ && $$val =~ /:/;
+  return 0 if $parnet->addr =~ /:/ && $$val =~ /\./;
+
+  if ($$addr && $$val =~ /^\d[\d:]+\d$/) {
+    # the only case where NetAddr::IP's acceptance of legitimate IPs is "correct" is for a proper IPv6 address.
+    # the rest we have to restructure before fiddling.  *sigh*
+    return 1 if $$addr->within($parnet);
+  } else {
+    # We don't have a complete IP in $$val (yet)
+    if ($parnet->addr =~ /:/) {
+      $$val =~ s/^:+//;  # gotta strip'em all...
       return __rev_overlay(':', $parnet, $val, $addr);
+    }
+    if ($parnet->addr =~ /\./) {
+      $$val =~ s/^\.+//;
+      return __rev_overlay('.', $parnet, $val, $addr);
     }
     # should be impossible to get here...
@@ -234 +225 @@
 } # end _ipparent()
 
+# A little different than _ipparent above;  this tries to *find* the parent zone of a hostname
+sub _hostparent {
+  my $dbh = shift;
+  my $hname = shift;
+  
+  my @hostbits = split /\./, $hname;
+  my $sth = $dbh->prepare("SELECT count(*),domain_id FROM domains WHERE domain = ? GROUP BY domain_id");
+  foreach (@hostbits) {
+    $sth->execute($hname);
+    my ($found, $parid) = $sth->fetchrow_array;
+    if ($found) {
+      return $parid;
+    }
+    $hname =~ s/^$_\.//;
+  }
+} # end _hostparent()
 
 ##
@@ -253 +260 @@
 
   # Check IP is well-formed, and that it's a v4 address
-  return ('FAIL',"A record must be a valid IPv4 address")
+  return ('FAIL',"$typemap{${$args{rectype}}} record must be a valid IPv4 address")
         unless $args{addr} && !$args{addr}->{isv6};
   # coerce IP/value to normalized form for storage
   ${$args{val}} = $args{addr}->addr;
+
+  # Add the necessary fields.
+  ${$args{fields}} = 'domain_id,';
+  push @{$args{vallist}}, $args{id};
 
   return ('OK','OK');
@@ -316 +327 @@
 # PTR record
 sub _validate_12 {
+  my $dbh = shift;
+
+  my %args = @_;
+
+  if ($args{revrec} eq 'y') {
+    if ($args{defrec} eq 'n') {
+      return ('FAIL', "IP or IP fragment ${$args{val}} is not within ".revName($dbh, $args{id}))
+        unless _ipparent($dbh, $args{defrec}, $args{revrec}, $args{val}, $args{id}, \$args{addr});
+      ${$args{val}} = $args{addr}->addr;
+    } else {
+      ${$args{val}} =~ s/^([:.]*)/ZONE$1/;
+    }
+
+    ${$args{fields}} = _recparent($args{defrec},$args{revrec}).",";
+    push @{$args{vallist}}, $args{id};
+
+# Multiple PTR records do NOT generally do what most people believe they do,
+# and tend to fail in the most awkward way possible.  Check and warn.
+# We use $val instead of $addr->addr since we may be in a defrec, and may have eg "ZONE::42" or "ZONE.12"
+    my ($ptrcount) = $dbh->selectrow_array("SELECT count(*) FROM "._rectable($args{defrec},$args{revrec}).
+        " WHERE val = ?", undef, ${$args{val}});
+    return ('WARN', "PTR record for ${$args{val}} already exists;  adding another will probably not do what you want")
+        if $ptrcount;
+  } else {
+    # Not absolutely true but only useful if you hack things up for sub-/24 v4 reverse delegations
+    # Simpler to just create the reverse zone and grant access for the customer to edit it, and create direct
+    # PTR records on export
+    return ('FAIL',"Forward zones cannot contain PTR records");
+  }
+
   return ('OK','OK');
 } # done PTR record
@@ -369 +410 @@
 
   # Check IP is well-formed, and that it's a v6 address
-  return ('FAIL',"AAAA record must be a valid IPv6 address")
+  return ('FAIL',"$typemap{${$args{rectype}}} record must be a valid IPv6 address")
         unless $args{addr} && $args{addr}->{isv6};
   # coerce IP/value to normalized form for storage
   ${$args{val}} = $args{addr}->addr;
+
+  # Add the necessary fields.
+  ${$args{fields}} = 'domain_id,';
+  push @{$args{vallist}}, $args{id};
 
   return ('OK','OK');
@@ -413 +458 @@
 # Now the custom types
 
-# A+PTR record
+# A+PTR record.  With a very little bit of magic we can also use this sub to validate AAAA+PTR.  Whee!
 sub _validate_65280 {
-  return ('OK','OK');
+  my $dbh = shift;
+
+  my %args = @_;
+
+  my $code = 'OK';
+  my $msg = 'OK';
+
+  if ($args{defrec} eq 'n') {
+    # live record;  revrec determines whether we validate the PTR or A component first.
+    if ($args{revrec} eq 'y') {
+      ($code,$msg) = _validate_12($dbh, %args);
+      return ($code,$msg) if $code eq 'FAIL';
+
+      # Check if the reqested domain exists.  If not, coerce the type down to PTR and warn.
+      if (!(${$args{domid}} = _hostparent($dbh, ${$args{host}}))) {
+        my $addmsg = "Record added as PTR instead of $typemap{${$args{rectype}}};  domain not found for ${$args{host}}";
+        $msg .= "\n$addmsg" if $code eq 'WARN';
+        $msg = $addmsg if $code eq 'OK';
+        ${$args{rectype}} = $reverse_typemap{PTR};
+        return ('WARN', $msg);
+      }
+      ${$args{fields}} .= "domain_id,";
+      push @{$args{vallist}}, ${$args{domid}};
+
+    } else {
+      ($code,$msg) = _validate_1($dbh, %args) if ${$args{rectype}} == 65280;
+      ($code,$msg) = _validate_28($dbh, %args) if ${$args{rectype}} == 65281;
+      return ($code,$msg) if $code eq 'FAIL';
+
+      # Check if the requested reverse zone exists - note, an IP fragment won't
+      # work here since we don't *know* which parent to put it in.
+      my ($revid) = $dbh->selectrow_array("SELECT rdns_id FROM revzones WHERE revnet >> ?".
+        " ORDER BY masklen(revnet) DESC", undef, (${$args{val}}));
+      if (!$revid) {
+        $msg = "Record added as ".(${$args{rectype}} == 65280 ? 'A' : 'AAAA').
+                " instead of $typemap{${$args{rectype}}};  reverse zone not found for ${$args{val}}";
+        ${$args{rectype}} = (${$args{rectype}} == 65280 ? $reverse_typemap{A} : $reverse_typemap{AAAA});
+        return ('WARN', $msg);
+      }
+
+      # Check for duplicate PTRs.  Note we don't have to play games with $code and $msg, because
+      # by definition there can't be duplicate PTRs if the reverse zone isn't managed here.
+      my ($ptrcount) = $dbh->selectrow_array("SELECT count(*) FROM "._rectable($args{defrec},$args{revrec}).
+        " WHERE val = ?", undef, ${$args{val}});
+      if ($ptrcount) {
+        $msg = "PTR record for ${$args{val}} already exists;  adding another will probably not do what you want";
+        $code = 'WARN';
+      }
+
+      ${$args{fields}} .= "rdns_id,";
+      push @{$args{vallist}}, $revid;
+    }
+
+  } else {
+    # defrec eq 'y'
+  }
+
+  return ($code, $msg);
 } # done A+PTR record
 
 # AAAA+PTR record
+# A+PTR above has been magicked to handle AAAA+PTR as well.
 sub _validate_65281 {
-  return ('OK','OK');
+  return _validate_65280(@_);
 } # done AAAA+PTR record