Changeset 340

Timestamp:

06/08/12 18:14:05 (12 years ago)

Author:

Kris Deugau

Message:

/trunk

Fill in validation stubs for type 65282 (PTR template) and
65283 (A+PTR template). See #26.

File:

• trunk/DNSDB.pm (modified) (3 diffs)

trunk/DNSDB.pm

@@ -268 +268 @@
   return 0 if $parnet->addr =~ /:/ && $$val =~ /\./;
 
-  if ($$addr && $$val =~ /^[\da-fA-F][\da-fA-F:]+[\da-fA-F]$/) {
-    # the only case where NetAddr::IP's acceptance of legitimate IPs is "correct" is for a proper IPv6 address.
+  if ($$addr && ($$val =~ /^[\da-fA-F][\da-fA-F:]+[\da-fA-F]$/ || $$val =~ m|/\d+$|)) {
+    # the only case where NetAddr::IP's acceptance of legitimate IPs is "correct" is for a proper IPv6 address,
+    # or a netblock (only expected on templates)
     # the rest we have to restructure before fiddling.  *sigh*
     return 1 if $$addr->within($parnet);
   } else {
-    # We don't have a complete IP in $$val (yet)
+    # We don't have a complete IP in $$val (yet)... unless we have a netblock
     if ($parnet->addr =~ /:/) {
       $$val =~ s/^:+//;  # gotta strip'em all...
@@ -734 +735 @@
 # PTR template record
 sub _validate_65282 {
+  my $dbh = shift;
+
+  my %args = @_;
+
+  # we're *this* >.< close to being able to just call _validate_12... unfortunately we can't, quite.
+  if ($args{revrec} eq 'y') {
+    if ($args{defrec} eq 'n') {
+      return ('FAIL', "Template block ${$args{val}} is not within ".revName($dbh, $args{id}))
+        unless _ipparent($dbh, $args{defrec}, $args{revrec}, $args{val}, $args{id}, \$args{addr});
+##fixme:  warn if $args{val} is not /31 or larger block?
+      ${$args{val}} = "$args{addr}";
+    } else {
+      if (${$args{val}} =~ /\./) {
+        # looks like a v4 or fragment
+        if (${$args{val}} =~ m|^\d+\.\d+\.\d+\.\d+(?:/\d+)?$|) {
+          # woo!  a complete IP!  validate it and normalize, or fail.
+          $args{addr} = NetAddr::IP->new(${$args{val}})
+                or return ('FAIL', "IP/value looks like IPv4 but isn't valid");
+          ${$args{val}} = "$args{addr}";
+        } else {
+          ${$args{val}} =~ s/^\.*/ZONE./ unless ${$args{val}} =~ /^ZONE/;
+        }
+      } elsif (${$args{val}} =~ /[a-f:]/) {
+        # looks like a v6 or fragment
+        ${$args{val}} =~ s/^:*/ZONE::/ if !$args{addr} && ${$args{val}} !~ /^ZONE/;
+        if ($args{addr}) {
+          if ($args{addr}->addr =~ /^0/) {
+            ${$args{val}} =~ s/^:*/ZONE::/ unless ${$args{val}} =~ /^ZONE/;
+          } else {
+            ${$args{val}} = "$args{addr}";
+          }
+        }
+      } else {
+        # bare number (probably).  These could be v4 or v6, so we'll
+        # expand on these on creation of a reverse zone.
+        ${$args{val}} = "ZONE,${$args{val}}" unless ${$args{val}} =~ /^ZONE/;
+      }
+    }
+##fixme:  validate %-patterns?
+
+# Unlike single PTR records, there is absolutely no way to sanely support multiple
+# PTR templates for the same block, since they expect to expand to all the individual
+# IPs on export.  Nested templates should be supported though.
+
+    my @checkvals = (${$args{val}});
+    if (${$args{val}} =~ /,/) {
+      # push . and :: variants into checkvals if val has ,
+      my $tmp;
+      ($tmp = ${$args{val}}) =~ s/,/./;
+      push @checkvals, $tmp;
+      ($tmp = ${$args{val}}) =~ s/,/::/;
+      push @checkvals, $tmp;
+    }
+##fixme:  this feels wrong still - need to restrict template pseudorecords to One Of Each
+# Per Netblock such that they don't conflict on export
+    my $typeck;
+# type 65282 -> ptr template -> look for any of 65282, 65283, 65284
+    $typeck = 'type=65283 OR type=65284' if ${$args{rectype}} == 65282;
+# type 65283 -> a+ptr template -> v4 -> look for 65282 or 65283
+    $typeck = 'type=65283' if ${$args{rectype}} == 65282;
+# type 65284 -> aaaa+ptr template -> v6 -> look for 65282 or 65284
+    $typeck = 'type=65284' if ${$args{rectype}} == 65282;
+    my $pcsth = $dbh->prepare("SELECT count(*) FROM "._rectable($args{defrec},$args{revrec})." WHERE val = ? ".
+        "AND (type=65282 OR $typeck)");
+    foreach my $checkme (@checkvals) {
+      $pcsth->execute($checkme);
+      my ($rc) = $pcsth->fetchrow_array;
+      return ('FAIL', "Only one template pseudorecord may exist for a given IP block") if $rc;
+    }
+
+  } else {
+    return ('FAIL', "Forward zones cannot contain PTR records");
+  }
+
   return ('OK','OK');
 } # done PTR template record
@@ -739 +814 @@
 # A+PTR template record
 sub _validate_65283 {
+  my $dbh = shift;
+
+  my %args = @_;
+
+  my ($code,$msg) = ('OK','OK');
+
+##fixme:  need to fiddle things since A+PTR templates are acceptable in live
+# forward zones but not default records
+  if ($args{defrec} eq 'n') {
+    if ($args{revrec} eq 'n') {
+      ($code,$msg) = _validate_1($dbh, %args) if ${$args{rectype}} == 65280;
+      ($code,$msg) = _validate_28($dbh, %args) if ${$args{rectype}} == 65281;
+      return ($code,$msg) if $code eq 'FAIL';
+
+      # Check if the requested reverse zone exists - note, an IP fragment won't
+      # work here since we don't *know* which parent to put it in.
+      # ${$args{val}} has been validated as a valid IP by now, in one of the above calls.
+      my ($revid) = $dbh->selectrow_array("SELECT rdns_id FROM revzones WHERE revnet >> ?".
+        " ORDER BY masklen(revnet) DESC", undef, (${$args{val}}));
+      # Fail if no match;  we can't coerce a PTR-template type down to not include the PTR bit currently.
+      if (!$revid) {
+        $msg = "Can't ".($args{update} ? 'update' : 'add')." ${$args{host}}/${$args{val}} as ".
+                "$typemap{${$args{rectype}}}:  reverse zone not found for ${$args{val}}";
+##fixme:  add A template, AAAA template types?
+#       ${$args{rectype}} = (${$args{rectype}} == 65280 ? $reverse_typemap{A} : $reverse_typemap{AAAA});
+        return ('FAIL', $msg);
+      }
+
+      # Add reverse zone ID to field list and values
+      ${$args{fields}} .= "rdns_id,";
+      push @{$args{vallist}}, $revid;
+
+    } else {
+      return ('FAIL', "IP or IP fragment ${$args{val}} is not within ".revName($dbh, $args{id}))
+        unless _ipparent($dbh, $args{defrec}, $args{revrec}, $args{val}, $args{id}, \$args{addr});
+      ${$args{val}} = "$args{addr}";
+
+      if (!(${$args{domid}} = _hostparent($dbh, ${$args{host}}))) {
+        my $addmsg = "Record ".($args{update} ? 'updated' : 'added').
+                " as PTR template instead of $typemap{${$args{rectype}}};  domain not found for ${$args{host}}";
+        $msg .= "\n$addmsg" if $code eq 'WARN';
+        $msg = $addmsg if $code eq 'OK';
+        ${$args{rectype}} = 65282;
+        return ('WARN', $msg);
+      }
+
+      # Add domain ID to field list and values
+      ${$args{fields}} .= "domain_id,";
+      push @{$args{vallist}}, ${$args{domid}};
+    }
+
+  } else {
+    my ($code,$msg) = _validate_65282($dbh, %args);
+    return ($code, $msg) if $code eq 'FAIL';
+    # get domain, check against ${$args{name}}
+  }
+
+  # check domain, if nonexistent coerce down to PTR template
   return ('OK','OK');
 } # done AAAA+PTR template record