Changeset 401


Ignore:
Timestamp:
10/03/12 18:17:51 (12 years ago)
Author:
Kris Deugau
Message:

/trunk

Begin updating dns-rpc.cgi. See #43.

Add initRPC() in DNSDB.pm. This sets up the userdata needed
for logging. Prevent the pseudousers added in initRPC() from
being displayed in the user management UI. Sooner or later
this will need to be cleaned up so stale users can be deleted.
Closes #33.

Bring a bit more consistency to error messages, and eliminate
references to odd depths of the code, by adding "\n" to the end
of a few lurking die strings in DNSDB.pm, and all method-sub ones
in dns-rpc.cgi.

Clean up a handful of gross syntax and scope errors from copy-paste
work apparently never checked.

Call new loadConfig() and initRPC() on startup. Add a utility sub
to call from the method subs to check the RPC caller+IP pair against
the new config option.

Update call for delDomain to delZone. Update call to getDomRecs()
to match normalized hash-argument form from r397.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/DNSDB.pm

    r400 r401  
    14071407
    14081408
     1409## DNSDB::initRPC()
     1410# Takes a database handle, remote username, and remote fullname.
     1411# Sets up the RPC logging-pseudouser if needed.
     1412# Sets the %userdata hash for logging.
     1413# Returns undef on failure
     1414sub initRPC {
     1415  my $dbh = shift;
     1416  my %args  = @_;
     1417
     1418  return if !$args{username};
     1419  return if !$args{fullname};
     1420
     1421  %userdata = %{$dbh->selectrow_hashref("SELECT user_id,group_id,firstname,lastname,status FROM users".
     1422        " WHERE username=?", undef, ($args{username}) )};
     1423  if (!%userdata) {
     1424    $dbh->do("INSERT INTO users (username,password,firstname,type) VALUES (?,'RPC',?,'R')", undef,
     1425        ($args{username}, $args{fullname}) );
     1426    %userdata = %{$dbh->selectrow_hashref("SELECT user_id,group_id,firstname,lastname,status FROM users".
     1427        " WHERE username=?", undef, ($args{username}) )};
     1428  }
     1429  $userdata{fullname} = "$userdata{firstname} $userdata{lastname}/$args{rpcsys}";
     1430  return 1 if %userdata;
     1431} # end initRPC()
     1432
     1433
    14091434## DNSDB::login()
    14101435# Takes a database handle, username and password
     
    25852610
    25862611# Permissions!  Gotta set'em all!
    2587     die "Invalid permission string $permstring"
     2612    die "Invalid permission string $permstring\n"
    25882613        if $permstring !~ /^(?:
    25892614                i       # inherit
     
    27032728        ($args{startwith} ? " AND u.username ~* ?" : '').
    27042729        ($args{filter} ? " AND u.username ~* ?" : '').
     2730        " AND NOT u.type = 'R' ".
    27052731        " ORDER BY $args{sortby} $args{sortorder} ".
    27062732        ($args{offset} eq 'all' ? '' : " LIMIT $config{perpage} OFFSET ".$args{offset}*$config{perpage});
     
    42254251          # revzones have records more or less reversed from forward zones.
    42264252          my ($tmpcode,$tmpmsg) = _zone2cidr($host);
    4227           die "Error converting NS record: $tmpmsg" if $tmpcode eq 'FAIL';      # hmm.  may not make sense...
     4253          die "Error converting NS record: $tmpmsg\n" if $tmpcode eq 'FAIL';    # hmm.  may not make sense...
    42284254          $val = "$tmpmsg";
    42294255          $host = $rr->nsdname;

  • trunk/dns-rpc.cgi

    r320 r401  
    3939#package main;
    4040
    41 loadConfig();
     41DNSDB::loadConfig(rpcflag => 1);
    4242
    4343# need to create a DNSDB object too
     
    4949my $methods = {
    5050        'dnsdb.addDomain'       => \&addDomain,
    51         'dnsdb.delDomain'       => \&delDomain,
     51        'dnsdb.delZone'         => \&delZone,
    5252        'dnsdb.addGroup'        => \&addGroup,
    5353        'dnsdb.delGroup'        => \&delGroup,
     
    7171
    7272# "Can't do that" errors
    73 ##fixme:  this MUST be loaded from a config file!  Also must support multiple IPs
    74 if ($ENV{REMOTE_ADDR} ne '192.168.2.116') {
    75   print "Content-type: text/xml\n\n".$res->{_decode}->encode_fault(5, "Access denied");
    76   exit;
    77 }
    7873if (!$dbh) {
    7974  print "Content-type: text/xml\n\n".$res->{_decode}->encode_fault(5, $msg);
     
    8984## Subs below here
    9085##
     86
     87# Utility subs
     88sub _aclcheck {
     89  my $subsys = shift;
     90  return 1 if grep /$ENV{REMOTE_ADDR}/, @{$DNSDB::config{rpcacl}{$subsys}};
     91  return 0;
     92}
    9193
    9294#sub connectDB {
     
    104106
    105107  # Make sure we've got all the local bits we need
    106   die "Missing remote username" if !$args{rpcuser};             # for logging
    107   die "Missing remote system name" if !$args{rpcsystem};        # for logging
     108  die "Missing remote username\n" if !$args{rpcuser};           # for logging
     109  die "Missing remote system name\n" if !$args{rpcsystem};      # for logging
     110  die "Access denied\n" if !_aclcheck($args{rpcsystem});
    108111
    109112  my ($code, $msg) = DNSDB::addDomain($dbh, $args{domain}, $args{group}, $args{state});
     
    112115}
    113116
    114 sub delDomain {
    115   my %args = @_;
    116 
    117   # Make sure we've got all the local bits we need
    118   die "Missing remote username" if !$args{rpcuser};             # for logging
    119   die "Missing remote system name" if !$args{rpcsystem};        # for logging
    120 
     117sub delZone {
     118  my %args = @_;
     119
     120  # Make sure we've got all the local bits we need
     121  die "Missing remote username\n" if !$args{rpcuser};           # for logging
     122  die "Missing remote system name\n" if !$args{rpcsystem};      # for logging
     123  die "Access denied\n" if !_aclcheck($args{rpcsystem});
     124
     125# delZone takes zone id and forwrad/reverse flag
    121126  my ($code,$msg);
    122127  # Let's be nice;  delete based on domid OR domain name.  Saves an RPC call round-trip, maybe.
     
    125130  } else {
    126131    my $domid = DNSDB::domainID($dbh, $args{domain});
    127     die "Can't find domain" if !$domid;
     132    die "Can't find domain\n" if !$domid;
    128133    ($code,$msg) = DNSDB::delDomain($dbh, $domid);
    129134  }
     
    138143
    139144  # Make sure we've got all the local bits we need
    140   die "Missing remote username" if !$args{rpcuser};             # for logging
    141   die "Missing remote system name" if !$args{rpcsystem};        # for logging
     145  die "Missing remote username\n" if !$args{rpcuser};           # for logging
     146  die "Missing remote system name\n" if !$args{rpcsystem};      # for logging
     147  die "Access denied\n" if !_aclcheck($args{rpcsystem});
    142148
    143149# not sure how to usefully represent permissions from any further out from DNSDB.pm :/
     
    156162
    157163  # Make sure we've got all the local bits we need
    158   die "Missing remote username" if !$args{rpcuser};             # for logging
    159   die "Missing remote system name" if !$args{rpcsystem};        # for logging
     164  die "Missing remote username\n" if !$args{rpcuser};           # for logging
     165  die "Missing remote system name\n" if !$args{rpcsystem};      # for logging
     166  die "Access denied\n" if !_aclcheck($args{rpcsystem});
    160167
    161168  my ($code,$msg);
     
    179186
    180187  # Make sure we've got all the local bits we need
    181   die "Missing remote username" if !$args{rpcuser};             # for logging
    182   die "Missing remote system name" if !$args{rpcsystem};        # for logging
     188  die "Missing remote username\n" if !$args{rpcuser};           # for logging
     189  die "Missing remote system name\n" if !$args{rpcsystem};      # for logging
     190  die "Access denied\n" if !_aclcheck($args{rpcsystem});
    183191
    184192# not sure how to usefully represent permissions from any further out from DNSDB.pm :/
     
    206214
    207215  # Make sure we've got all the local bits we need
    208   die "Missing remote username" if !$args{rpcuser};             # for logging
    209   die "Missing remote system name" if !$args{rpcsystem};        # for logging
    210 
    211   die "Missing UID" if !$args{uid};
     216  die "Missing remote username\n" if !$args{rpcuser};           # for logging
     217  die "Missing remote system name\n" if !$args{rpcsystem};      # for logging
     218  die "Access denied\n" if !_aclcheck($args{rpcsystem});
     219
     220  die "Missing UID\n" if !$args{uid};
    212221
    213222# not sure how to usefully represent permissions from any further out from DNSDB.pm :/
     
    232241
    233242  # Make sure we've got all the local bits we need
    234   die "Missing remote username" if !$args{rpcuser};             # for logging
    235   die "Missing remote system name" if !$args{rpcsystem};        # for logging
    236 
    237   die "Missing UID" if !$args{uid};
     243  die "Missing remote username\n" if !$args{rpcuser};           # for logging
     244  die "Missing remote system name\n" if !$args{rpcsystem};      # for logging
     245  die "Access denied\n" if !_aclcheck($args{rpcsystem});
     246
     247  die "Missing UID\n" if !$args{uid};
    238248  my ($code,$msg) = DNSDB::delUser($dbh, $args{uid});
    239249  die $msg if $code eq 'FAIL';
     
    248258
    249259  # Make sure we've got all the local bits we need
    250   die "Missing remote username" if !$args{rpcuser};             # for logging
    251   die "Missing remote system name" if !$args{rpcsystem};        # for logging
     260  die "Missing remote username\n" if !$args{rpcuser};           # for logging
     261  die "Missing remote system name\n" if !$args{rpcsystem};      # for logging
     262  die "Access denied\n" if !_aclcheck($args{rpcsystem});
    252263
    253264  my %ret = DNSDB::getSOA($dbh, $args{def}, $args{id});
    254265  if (!$ret{recid}) {
    255266    if ($args{def} eq 'y') {
    256       die "No default SOA record in group";
     267      die "No default SOA record in group\n";
    257268    } else {
    258       die "No SOA record in domain";
     269      die "No SOA record in domain\n";
    259270    }
    260271  }
     
    266277
    267278  # Make sure we've got all the local bits we need
    268   die "Missing remote username" if !$args{rpcuser};             # for logging
    269   die "Missing remote system name" if !$args{rpcsystem};        # for logging
     279  die "Missing remote username\n" if !$args{rpcuser};           # for logging
     280  die "Missing remote system name\n" if !$args{rpcsystem};      # for logging
     281  die "Access denied\n" if !_aclcheck($args{rpcsystem});
    270282
    271283  my $ret = DNSDB::getRecLine($dbh, $args{def}, $args{id});
     
    280292
    281293  # Make sure we've got all the local bits we need
    282   die "Missing remote username" if !$args{rpcuser};             # for logging
    283   die "Missing remote system name" if !$args{rpcsystem};        # for logging
     294  die "Missing remote username\n" if !$args{rpcuser};           # for logging
     295  die "Missing remote system name\n" if !$args{rpcsystem};      # for logging
     296  die "Access denied\n" if !_aclcheck($args{rpcsystem});
    284297
    285298#bleh
     
    290303  $args{direction} = 'ASC' if !$args{direction};
    291304
    292   my $ret = DNSDB::getDomRecs($dbh, $args{def}, $args{id}, $args{nrecs}, $args{nstart}, $args{order}, $args{direction});
     305  my $ret = DNSDB::getDomRecs($dbh, (defrec => $args{defrec}, revrec => $args{revrec}, id => $args{id},
     306        offset => $args{offset}, sortby => $args{sortby}, sortorder => $args{sortorder},
     307        filter => $args{filter}) );
    293308
    294309  die $DNSDB::errstr if !$ret;
     
    301316
    302317  # Make sure we've got all the local bits we need
    303   die "Missing remote username" if !$args{rpcuser};             # for logging
    304   die "Missing remote system name" if !$args{rpcsystem};        # for logging
    305 
    306   return DNSDB::getRecCount($dbh, $id);
     318  die "Missing remote username\n" if !$args{rpcuser};           # for logging
     319  die "Missing remote system name\n" if !$args{rpcsystem};      # for logging
     320  die "Access denied\n" if !_aclcheck($args{rpcsystem});
     321
     322  return DNSDB::getRecCount($dbh, $args{id});
    307323}
    308324
     
    311327
    312328  # Make sure we've got all the local bits we need
    313   die "Missing remote username" if !$args{rpcuser};             # for logging
    314   die "Missing remote system name" if !$args{rpcsystem};        # for logging
     329  die "Missing remote username\n" if !$args{rpcuser};           # for logging
     330  die "Missing remote system name\n" if !$args{rpcsystem};      # for logging
     331  die "Access denied\n" if !_aclcheck($args{rpcsystem});
    315332
    316333  # note dist, weight, port are not reequired on all types;  will be ignored if not needed.
    317   my ($code, $msg) = DNSDB::addRec($dbh, $args{def}, $args{domid}, $args{host}, $typemap{$args{type}},
     334  my ($code, $msg) = DNSDB::addRec($dbh, $args{def}, $args{domid}, $args{host}, $DNSDB::typemap{$args{type}},
    318335        $args{val}, $args{ttl}, $args{dist}, $args{weight}, $args{port});
    319336
     
    325342
    326343  # Make sure we've got all the local bits we need
    327   die "Missing remote username" if !$args{rpcuser};             # for logging
    328   die "Missing remote system name" if !$args{rpcsystem};        # for logging
     344  die "Missing remote username\n" if !$args{rpcuser};           # for logging
     345  die "Missing remote system name\n" if !$args{rpcsystem};      # for logging
     346  die "Access denied\n" if !_aclcheck($args{rpcsystem});
    329347
    330348  # note dist, weight, port are not reequired on all types;  will be ignored if not needed.
    331   my ($code, $msg) = DNSDB::updateRec($dbh, $args{def}, $args{recid}, $args{host}, $typemap{$args{type}},
     349  my ($code, $msg) = DNSDB::updateRec($dbh, $args{def}, $args{recid}, $args{host}, $DNSDB::typemap{$args{type}},
    332350        $args{val}, $args{ttl}, $args{dist}, $args{weight}, $args{port});
    333351
     
    339357
    340358  # Make sure we've got all the local bits we need
    341   die "Missing remote username" if !$args{rpcuser};             # for logging
    342   die "Missing remote system name" if !$args{rpcsystem};        # for logging
     359  die "Missing remote username\n" if !$args{rpcuser};           # for logging
     360  die "Missing remote system name\n" if !$args{rpcsystem};      # for logging
     361  die "Access denied\n" if !_aclcheck($args{rpcsystem});
    343362
    344363  # note dist, weight, port are not reequired on all types;  will be ignored if not needed.
     
    354373
    355374  # Make sure we've got all the local bits we need
    356   die "Missing remote username" if !$args{rpcuser};             # for logging
    357   die "Missing remote system name" if !$args{rpcsystem};        # for logging
     375  die "Missing remote username\n" if !$args{rpcuser};           # for logging
     376  die "Missing remote system name\n" if !$args{rpcsystem};      # for logging
     377  die "Access denied\n" if !_aclcheck($args{rpcsystem});
    358378
    359379  my @arglist = ($dbh, $args{domid});
Note: See TracChangeset for help on using the changeset viewer.