Changeset 620

Timestamp:

04/25/14 17:36:48 (11 years ago)

Author:

Kris Deugau

Message:

/trunk

Near-complete rewrite of _validate_12() (PTR) to support any-record-in-any-zone.
Introduce new default record template ARPAZONE for those times when you really
want something strange in all your reverse zones.

See #53.

File:

• trunk/DNSDB.pm (modified) (2 diffs)

trunk/DNSDB.pm

@@ -531 +531 @@
     ${$args{host}} =~ s/\.*$/\.$pname/ if (${$args{host}} ne '@' && ${$args{host}} !~ /$pname$/);
 
+    # Check if it's a proper formal .arpa name for an IP, and renormalize it to the IP
+    # value if so.  Done mainly for symmetry with PTR/A+PTR, and saves a conversion on export.
+    if (${$args{val}} =~ /\.arpa$/) {
+      my ($code,$tmp) = _zone2cidr(${$args{val}});
+      if ($code ne 'FAIL') {
+        ${$args{val}} = $tmp->addr;
+        $args{addr} = $tmp;
+      }
+    }
     # Check IP is well-formed, and that it's a v4 address
     # Fail on "compact" IPv4 variants, because they are not consistent and predictable.
@@ -655 +664 @@
 
   my %args = @_;
-
-  if ($args{revrec} eq 'y') {
-    if ($args{defrec} eq 'n') {
-      return ('FAIL', "IP or IP fragment ${$args{val}} is not within ".$self->revName($args{id}))
-        unless $self->_ipparent($args{defrec}, $args{revrec}, $args{val}, $args{id}, \$args{addr});
-      ${$args{val}} = $args{addr}->addr;
+  my $warnflag = '';
+
+  if ($args{defrec} eq 'y') {
+    if ($args{revrec} eq 'y') {
+      if (${$args{val}} =~ /^[\d.]+$/) {
+        # v4 or bare number
+        if (${$args{val}} =~ /^\d+\.\d+\.\d+\.\d+$/) {
+          # probable full IP.  pointless but harmless.  validate/normalize.
+          my $tmp = NetAddr::IP->new(${$args{val}})->addr
+            or return ('FAIL', "${$args{val}} is not a valid IP address");
+          ${$args{val}} = $tmp;
+          $warnflag = "${$args{val}} will only be added to a small number of zones\n";
+        } elsif (${$args{val}} =~ /^\d+$/) {
+          # bare number.  This can be expanded to either a v4 or v6 zone
+          ${$args{val}} =~ s/^\.*/ZONE./ unless ${$args{val}} =~ /^ZONE/;
+        } else {
+          # $deity-only-knows what kind of gibberish we've been given.  Only usable as a formal .arpa name.
+          # Append ARPAZONE to be replaced with the formal .arpa zone name when converted to a live record.
+          ${$args{val}} =~ s/\.*$/.ARPAZONE/ unless ${$args{val}} =~ /ARPAZONE$/;
+        }
+      } elsif (${$args{val}} =~ /^[a-fA-F0-9:]+$/) {
+        # v6 or fragment;  pray it's not complete gibberish
+        ${$args{val}} =~ s/^:*/ZONE::/ unless ${$args{val}} =~ /^ZONE/;
+      } else {
+        # $deity-only-knows what kind of gibberish we've been given.  Only usable as a formal .arpa name.
+        # Append ARPAZONE to be replaced with the formal .arpa zone name when converted to a live record.
+        ${$args{val}} .= ".ARPAZONE" unless ${$args{val}} =~ /ARPAZONE$/;
+      }
     } else {
-      if (${$args{val}} =~ /\./) {
-        # looks like a v4 or fragment
-        if (${$args{val}} =~ /^\d+\.\d+\.\d+\.\d+$/) {
-          # woo!  a complete IP!  validate it and normalize, or fail.
-          $args{addr} = NetAddr::IP->new(${$args{val}})
-                or return ('FAIL', "IP/value looks like IPv4 but isn't valid");
-          ${$args{val}} = $args{addr}->addr;
-        } else {
-          ${$args{val}} =~ s/^\.*/ZONE./ unless ${$args{val}} =~ /^ZONE/;
-        }
-      } elsif (${$args{val}} =~ /[a-f:]/) {
-        # looks like a v6 or fragment
-        ${$args{val}} =~ s/^:*/ZONE::/ if !$args{addr} && ${$args{val}} !~ /^ZONE/;
-        if ($args{addr}) {
-          if ($args{addr}->addr =~ /^0/) {
-            ${$args{val}} =~ s/^:*/ZONE::/ unless ${$args{val}} =~ /^ZONE/;
-          } else {
-            ${$args{val}} = $args{addr}->addr;
-          }
-        }
+      return ('FAIL', "PTR records are not supported in default record sets for forward zones (domains)");
+    }
+  } else {
+    if ($args{revrec} eq 'y') {
+      # Get the revzone, so we can see if ${$args{val}} is in that zone
+      my $revzone = new NetAddr::IP $self->revName($args{id}, 'y');
+
+      return ('FAIL', $errstr) if !$self->_inrev($args{val}, $revzone);
+
+      if (${$args{val}} =~ /\.arpa$/) {
+        # Check that it's well-formed
+        return ('FAIL', $errstr) if ! _check_hostname_form(${$args{val}}, ${$args{rectype}}, $args{defrec}, $args{revrec});
+
+        # Check if it's a proper formal .arpa name for an IP, and renormalize it to the IP
+        # value if so.  I can't see why someone would voluntarily work with those instead of
+        # the natural IP values but what the hey.
+        my ($code,$tmp) = _zone2cidr(${$args{val}});
+        ${$args{val}} = $tmp->addr if $code ne 'FAIL';
       } else {
-        # bare number (probably).  These could be v4 or v6, so we'll
-        # expand on these on creation of a reverse zone.
-        ${$args{val}} = "ZONE,${$args{val}}" unless ${$args{val}} =~ /^ZONE/;
+        # not a formal .arpa name, so it should be an IP value.  Validate...
+        return ('FAIL', "${$args{val}} is not a valid IP value")
+            unless ${$args{val}} =~ /^(?:\d+\.\d+\.\d+\.\d+|[a-fA-F0-9:]+)$/;
+        $args{addr} = NetAddr::IP->new(${$args{val}})
+            or return ('FAIL', "IP/value looks like an IP address but isn't valid");
+        # ... and normalize.
+        ${$args{val}} = $args{addr}->addr;
       }
-      ${$args{host}} =~ s/\.*$/\.$self->{domain}/ if ${$args{host}} !~ /(?:$self->{domain}|ADMINDOMAIN)$/;
-    }
+      # Validate PTR target for form.
+      return ('FAIL', $errstr) if ! _check_hostname_form(${$args{host}}, ${$args{rectype}}, $args{defrec}, $args{revrec});
+    } else { # revrec ne 'y'
+      # Fetch the domain and append if the passed hostname isn't within it.
+      my $pname = ($args{defrec} eq 'y' ? 'DOMAIN' : $self->domainName($args{id}));
+      ${$args{host}} =~ s/\.*$/\.$pname/ if ${$args{host}} !~ /$pname$/;
+      # Validate hostname and target for form
+      return ('FAIL', $errstr) if ! _check_hostname_form(${$args{host}}, ${$args{rectype}}, $args{defrec}, $args{revrec});
+      return ('FAIL', $errstr) if ! _check_hostname_form(${$args{val}}, ${$args{rectype}}, $args{defrec}, $args{revrec});
+    }
+  }
 
 # Multiple PTR records do NOT generally do what most people believe they do,
 # and tend to fail in the most awkward way possible.  Check and warn.
-# We use $val instead of $addr->addr since we may be in a defrec, and may have eg "ZONE::42" or "ZONE.12"
-
-    my @checkvals = (${$args{val}});
-    if (${$args{val}} =~ /,/) {
-      # push . and :: variants into checkvals if val has ,
-      my $tmp;
-      ($tmp = ${$args{val}}) =~ s/,/./;
-      push @checkvals, $tmp;
-      ($tmp = ${$args{val}}) =~ s/,/::/;
-      push @checkvals, $tmp;
-    }
-    my $pcsth = $dbh->prepare("SELECT count(*) FROM "._rectable($args{defrec},$args{revrec})." WHERE val = ?");
-    foreach my $checkme (@checkvals) {
-      if ($args{update}) {
-        # Record update.  There should usually be an existing PTR (the record being updated)
-        my @ptrs = @{ $dbh->selectcol_arrayref("SELECT record_id FROM "._rectable($args{defrec},$args{revrec}).
-                " WHERE val = ?", undef, ($checkme)) };
-        return ('WARN', "PTR record for $checkme already exists;  adding another will probably not do what you want")
-                if @ptrs && (!grep /^$args{update}$/, @ptrs);
-      } else {
-        # New record.  Always warn if a PTR exists
-        my ($ptrcount) = $dbh->selectrow_array("SELECT count(*) FROM "._rectable($args{defrec},$args{revrec}).
-                " WHERE val = ?", undef, ($checkme));
-        return ('WARN', "PTR record for $checkme already exists;  adding another will probably not do what you want")
-                if $ptrcount;
-      }
-    }
-
-  } else {
-    # Not absolutely true but only useful if you hack things up for sub-/24 v4 reverse delegations
-    # Simpler to just create the reverse zone and grant access for the customer to edit it, and create direct
-    # PTR records on export
-    return ('FAIL',"Forward zones cannot contain PTR records");
-  }
+
+  my $chkbase = ${$args{val}};;
+  my $hostcol = 'val';  # Reverse zone hostnames are stored "backwards"
+  if ($args{revrec} eq 'n') {   # PTRs in forward zones should be rare.
+    $chkbase = ${$args{host}};
+    $hostcol = 'host';
+  }
+  my @checkvals = ($chkbase);
+  if ($chkbase =~ /,/) {
+    # push . and :: variants into checkvals if $chkbase has ,
+    my $tmp;
+    ($tmp = $chkbase) =~ s/,/./;
+    push @checkvals, $tmp;
+    ($tmp = $chkbase) =~ s/,/::/;
+    push @checkvals, $tmp;
+  }
+
+  my $pcsth = $dbh->prepare("SELECT count(*) FROM "._rectable($args{defrec},$args{revrec})." WHERE $hostcol = ?");
+  foreach my $checkme (@checkvals) {
+    if ($args{update}) {
+      # $args{update} contains the ID of the record being updated.  If the list of records that matches
+      # the new hostname specification doesn't include this, the change effectively adds a new PTR that's
+      # the same as one or more existing ones.
+      my @ptrs = @{ $dbh->selectcol_arrayref("SELECT record_id FROM "._rectable($args{defrec},$args{revrec}).
+        " WHERE val = ?", undef, ($checkme)) };
+      $warnflag .= "PTR record for $checkme already exists;  adding another will probably not do what you want"
+        if @ptrs && (!grep /^$args{update}$/, @ptrs);
+    } else {
+      # New record.  Always warn if a PTR exists
+      my ($ptrcount) = $dbh->selectrow_array("SELECT count(*) FROM "._rectable($args{defrec},$args{revrec}).
+        " WHERE $hostcol = ?", undef, ($checkme));
+      $warnflag .= "PTR record for $checkme already exists;  adding another will probably not do what you want"
+        if $ptrcount;
+    }
+  }
+
+  return ('WARN',$warnflag) if $warnflag;
 
   return ('OK','OK');