- Timestamp:
- 10/03/12 18:17:51 (12 years ago)
- Location:
- trunk
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/DNSDB.pm
r400 r401 1407 1407 1408 1408 1409 ## DNSDB::initRPC() 1410 # Takes a database handle, remote username, and remote fullname. 1411 # Sets up the RPC logging-pseudouser if needed. 1412 # Sets the %userdata hash for logging. 1413 # Returns undef on failure 1414 sub initRPC { 1415 my $dbh = shift; 1416 my %args = @_; 1417 1418 return if !$args{username}; 1419 return if !$args{fullname}; 1420 1421 %userdata = %{$dbh->selectrow_hashref("SELECT user_id,group_id,firstname,lastname,status FROM users". 1422 " WHERE username=?", undef, ($args{username}) )}; 1423 if (!%userdata) { 1424 $dbh->do("INSERT INTO users (username,password,firstname,type) VALUES (?,'RPC',?,'R')", undef, 1425 ($args{username}, $args{fullname}) ); 1426 %userdata = %{$dbh->selectrow_hashref("SELECT user_id,group_id,firstname,lastname,status FROM users". 1427 " WHERE username=?", undef, ($args{username}) )}; 1428 } 1429 $userdata{fullname} = "$userdata{firstname} $userdata{lastname}/$args{rpcsys}"; 1430 return 1 if %userdata; 1431 } # end initRPC() 1432 1433 1409 1434 ## DNSDB::login() 1410 1435 # Takes a database handle, username and password … … 2585 2610 2586 2611 # Permissions! Gotta set'em all! 2587 die "Invalid permission string $permstring "2612 die "Invalid permission string $permstring\n" 2588 2613 if $permstring !~ /^(?: 2589 2614 i # inherit … … 2703 2728 ($args{startwith} ? " AND u.username ~* ?" : ''). 2704 2729 ($args{filter} ? " AND u.username ~* ?" : ''). 2730 " AND NOT u.type = 'R' ". 2705 2731 " ORDER BY $args{sortby} $args{sortorder} ". 2706 2732 ($args{offset} eq 'all' ? '' : " LIMIT $config{perpage} OFFSET ".$args{offset}*$config{perpage}); … … 4225 4251 # revzones have records more or less reversed from forward zones. 4226 4252 my ($tmpcode,$tmpmsg) = _zone2cidr($host); 4227 die "Error converting NS record: $tmpmsg " if $tmpcode eq 'FAIL'; # hmm. may not make sense...4253 die "Error converting NS record: $tmpmsg\n" if $tmpcode eq 'FAIL'; # hmm. may not make sense... 4228 4254 $val = "$tmpmsg"; 4229 4255 $host = $rr->nsdname; -
trunk/dns-rpc.cgi
r320 r401 39 39 #package main; 40 40 41 loadConfig();41 DNSDB::loadConfig(rpcflag => 1); 42 42 43 43 # need to create a DNSDB object too … … 49 49 my $methods = { 50 50 'dnsdb.addDomain' => \&addDomain, 51 'dnsdb.del Domain' => \&delDomain,51 'dnsdb.delZone' => \&delZone, 52 52 'dnsdb.addGroup' => \&addGroup, 53 53 'dnsdb.delGroup' => \&delGroup, … … 71 71 72 72 # "Can't do that" errors 73 ##fixme: this MUST be loaded from a config file! Also must support multiple IPs74 if ($ENV{REMOTE_ADDR} ne '192.168.2.116') {75 print "Content-type: text/xml\n\n".$res->{_decode}->encode_fault(5, "Access denied");76 exit;77 }78 73 if (!$dbh) { 79 74 print "Content-type: text/xml\n\n".$res->{_decode}->encode_fault(5, $msg); … … 89 84 ## Subs below here 90 85 ## 86 87 # Utility subs 88 sub _aclcheck { 89 my $subsys = shift; 90 return 1 if grep /$ENV{REMOTE_ADDR}/, @{$DNSDB::config{rpcacl}{$subsys}}; 91 return 0; 92 } 91 93 92 94 #sub connectDB { … … 104 106 105 107 # Make sure we've got all the local bits we need 106 die "Missing remote username" if !$args{rpcuser}; # for logging 107 die "Missing remote system name" if !$args{rpcsystem}; # for logging 108 die "Missing remote username\n" if !$args{rpcuser}; # for logging 109 die "Missing remote system name\n" if !$args{rpcsystem}; # for logging 110 die "Access denied\n" if !_aclcheck($args{rpcsystem}); 108 111 109 112 my ($code, $msg) = DNSDB::addDomain($dbh, $args{domain}, $args{group}, $args{state}); … … 112 115 } 113 116 114 sub delDomain { 115 my %args = @_; 116 117 # Make sure we've got all the local bits we need 118 die "Missing remote username" if !$args{rpcuser}; # for logging 119 die "Missing remote system name" if !$args{rpcsystem}; # for logging 120 117 sub delZone { 118 my %args = @_; 119 120 # Make sure we've got all the local bits we need 121 die "Missing remote username\n" if !$args{rpcuser}; # for logging 122 die "Missing remote system name\n" if !$args{rpcsystem}; # for logging 123 die "Access denied\n" if !_aclcheck($args{rpcsystem}); 124 125 # delZone takes zone id and forwrad/reverse flag 121 126 my ($code,$msg); 122 127 # Let's be nice; delete based on domid OR domain name. Saves an RPC call round-trip, maybe. … … 125 130 } else { 126 131 my $domid = DNSDB::domainID($dbh, $args{domain}); 127 die "Can't find domain " if !$domid;132 die "Can't find domain\n" if !$domid; 128 133 ($code,$msg) = DNSDB::delDomain($dbh, $domid); 129 134 } … … 138 143 139 144 # Make sure we've got all the local bits we need 140 die "Missing remote username" if !$args{rpcuser}; # for logging 141 die "Missing remote system name" if !$args{rpcsystem}; # for logging 145 die "Missing remote username\n" if !$args{rpcuser}; # for logging 146 die "Missing remote system name\n" if !$args{rpcsystem}; # for logging 147 die "Access denied\n" if !_aclcheck($args{rpcsystem}); 142 148 143 149 # not sure how to usefully represent permissions from any further out from DNSDB.pm :/ … … 156 162 157 163 # Make sure we've got all the local bits we need 158 die "Missing remote username" if !$args{rpcuser}; # for logging 159 die "Missing remote system name" if !$args{rpcsystem}; # for logging 164 die "Missing remote username\n" if !$args{rpcuser}; # for logging 165 die "Missing remote system name\n" if !$args{rpcsystem}; # for logging 166 die "Access denied\n" if !_aclcheck($args{rpcsystem}); 160 167 161 168 my ($code,$msg); … … 179 186 180 187 # Make sure we've got all the local bits we need 181 die "Missing remote username" if !$args{rpcuser}; # for logging 182 die "Missing remote system name" if !$args{rpcsystem}; # for logging 188 die "Missing remote username\n" if !$args{rpcuser}; # for logging 189 die "Missing remote system name\n" if !$args{rpcsystem}; # for logging 190 die "Access denied\n" if !_aclcheck($args{rpcsystem}); 183 191 184 192 # not sure how to usefully represent permissions from any further out from DNSDB.pm :/ … … 206 214 207 215 # Make sure we've got all the local bits we need 208 die "Missing remote username" if !$args{rpcuser}; # for logging 209 die "Missing remote system name" if !$args{rpcsystem}; # for logging 210 211 die "Missing UID" if !$args{uid}; 216 die "Missing remote username\n" if !$args{rpcuser}; # for logging 217 die "Missing remote system name\n" if !$args{rpcsystem}; # for logging 218 die "Access denied\n" if !_aclcheck($args{rpcsystem}); 219 220 die "Missing UID\n" if !$args{uid}; 212 221 213 222 # not sure how to usefully represent permissions from any further out from DNSDB.pm :/ … … 232 241 233 242 # Make sure we've got all the local bits we need 234 die "Missing remote username" if !$args{rpcuser}; # for logging 235 die "Missing remote system name" if !$args{rpcsystem}; # for logging 236 237 die "Missing UID" if !$args{uid}; 243 die "Missing remote username\n" if !$args{rpcuser}; # for logging 244 die "Missing remote system name\n" if !$args{rpcsystem}; # for logging 245 die "Access denied\n" if !_aclcheck($args{rpcsystem}); 246 247 die "Missing UID\n" if !$args{uid}; 238 248 my ($code,$msg) = DNSDB::delUser($dbh, $args{uid}); 239 249 die $msg if $code eq 'FAIL'; … … 248 258 249 259 # Make sure we've got all the local bits we need 250 die "Missing remote username" if !$args{rpcuser}; # for logging 251 die "Missing remote system name" if !$args{rpcsystem}; # for logging 260 die "Missing remote username\n" if !$args{rpcuser}; # for logging 261 die "Missing remote system name\n" if !$args{rpcsystem}; # for logging 262 die "Access denied\n" if !_aclcheck($args{rpcsystem}); 252 263 253 264 my %ret = DNSDB::getSOA($dbh, $args{def}, $args{id}); 254 265 if (!$ret{recid}) { 255 266 if ($args{def} eq 'y') { 256 die "No default SOA record in group ";267 die "No default SOA record in group\n"; 257 268 } else { 258 die "No SOA record in domain ";269 die "No SOA record in domain\n"; 259 270 } 260 271 } … … 266 277 267 278 # Make sure we've got all the local bits we need 268 die "Missing remote username" if !$args{rpcuser}; # for logging 269 die "Missing remote system name" if !$args{rpcsystem}; # for logging 279 die "Missing remote username\n" if !$args{rpcuser}; # for logging 280 die "Missing remote system name\n" if !$args{rpcsystem}; # for logging 281 die "Access denied\n" if !_aclcheck($args{rpcsystem}); 270 282 271 283 my $ret = DNSDB::getRecLine($dbh, $args{def}, $args{id}); … … 280 292 281 293 # Make sure we've got all the local bits we need 282 die "Missing remote username" if !$args{rpcuser}; # for logging 283 die "Missing remote system name" if !$args{rpcsystem}; # for logging 294 die "Missing remote username\n" if !$args{rpcuser}; # for logging 295 die "Missing remote system name\n" if !$args{rpcsystem}; # for logging 296 die "Access denied\n" if !_aclcheck($args{rpcsystem}); 284 297 285 298 #bleh … … 290 303 $args{direction} = 'ASC' if !$args{direction}; 291 304 292 my $ret = DNSDB::getDomRecs($dbh, $args{def}, $args{id}, $args{nrecs}, $args{nstart}, $args{order}, $args{direction}); 305 my $ret = DNSDB::getDomRecs($dbh, (defrec => $args{defrec}, revrec => $args{revrec}, id => $args{id}, 306 offset => $args{offset}, sortby => $args{sortby}, sortorder => $args{sortorder}, 307 filter => $args{filter}) ); 293 308 294 309 die $DNSDB::errstr if !$ret; … … 301 316 302 317 # Make sure we've got all the local bits we need 303 die "Missing remote username" if !$args{rpcuser}; # for logging 304 die "Missing remote system name" if !$args{rpcsystem}; # for logging 305 306 return DNSDB::getRecCount($dbh, $id); 318 die "Missing remote username\n" if !$args{rpcuser}; # for logging 319 die "Missing remote system name\n" if !$args{rpcsystem}; # for logging 320 die "Access denied\n" if !_aclcheck($args{rpcsystem}); 321 322 return DNSDB::getRecCount($dbh, $args{id}); 307 323 } 308 324 … … 311 327 312 328 # Make sure we've got all the local bits we need 313 die "Missing remote username" if !$args{rpcuser}; # for logging 314 die "Missing remote system name" if !$args{rpcsystem}; # for logging 329 die "Missing remote username\n" if !$args{rpcuser}; # for logging 330 die "Missing remote system name\n" if !$args{rpcsystem}; # for logging 331 die "Access denied\n" if !_aclcheck($args{rpcsystem}); 315 332 316 333 # note dist, weight, port are not reequired on all types; will be ignored if not needed. 317 my ($code, $msg) = DNSDB::addRec($dbh, $args{def}, $args{domid}, $args{host}, $ typemap{$args{type}},334 my ($code, $msg) = DNSDB::addRec($dbh, $args{def}, $args{domid}, $args{host}, $DNSDB::typemap{$args{type}}, 318 335 $args{val}, $args{ttl}, $args{dist}, $args{weight}, $args{port}); 319 336 … … 325 342 326 343 # Make sure we've got all the local bits we need 327 die "Missing remote username" if !$args{rpcuser}; # for logging 328 die "Missing remote system name" if !$args{rpcsystem}; # for logging 344 die "Missing remote username\n" if !$args{rpcuser}; # for logging 345 die "Missing remote system name\n" if !$args{rpcsystem}; # for logging 346 die "Access denied\n" if !_aclcheck($args{rpcsystem}); 329 347 330 348 # note dist, weight, port are not reequired on all types; will be ignored if not needed. 331 my ($code, $msg) = DNSDB::updateRec($dbh, $args{def}, $args{recid}, $args{host}, $ typemap{$args{type}},349 my ($code, $msg) = DNSDB::updateRec($dbh, $args{def}, $args{recid}, $args{host}, $DNSDB::typemap{$args{type}}, 332 350 $args{val}, $args{ttl}, $args{dist}, $args{weight}, $args{port}); 333 351 … … 339 357 340 358 # Make sure we've got all the local bits we need 341 die "Missing remote username" if !$args{rpcuser}; # for logging 342 die "Missing remote system name" if !$args{rpcsystem}; # for logging 359 die "Missing remote username\n" if !$args{rpcuser}; # for logging 360 die "Missing remote system name\n" if !$args{rpcsystem}; # for logging 361 die "Access denied\n" if !_aclcheck($args{rpcsystem}); 343 362 344 363 # note dist, weight, port are not reequired on all types; will be ignored if not needed. … … 354 373 355 374 # Make sure we've got all the local bits we need 356 die "Missing remote username" if !$args{rpcuser}; # for logging 357 die "Missing remote system name" if !$args{rpcsystem}; # for logging 375 die "Missing remote username\n" if !$args{rpcuser}; # for logging 376 die "Missing remote system name\n" if !$args{rpcsystem}; # for logging 377 die "Access denied\n" if !_aclcheck($args{rpcsystem}); 358 378 359 379 my @arglist = ($dbh, $args{domid});
Note:
See TracChangeset
for help on using the changeset viewer.