#!/usr/bin/perl -Tw
-# autodns 0.0.8
-# Copyright 1999-2005 Project Purple. Written by Jonathan McDowell
+# autodns 1.0.0
+# Copyright 1999-2006 Project Purple. Written by Jonathan McDowell
# See ACKNOWLEDGEMENTS file for full details of contributors.
# http://www.earth.li/projectpurple/progs/autodns.html
# Released under the GPL.
#
-# $Id: autodns.pl,v 1.15 2005/06/15 10:26:25 noodles Exp $
-#
use strict;
use Date::Parse;
use Fcntl qw(:flock);
+use File::Path;
use File::Temp qw(tempfile);
use IPC::Open3;
use MIME::Parser;
-$ENV{'PATH'}="/usr/local/bin:/usr/bin:/bin:/usr/sbin";
+$ENV{'PATH'} = "/usr/local/bin:/usr/bin:/bin:/usr/sbin";
my ($from, $subject, $gpguser, $gpggood, $priv);
my ($user, $server, $inprocess, $delcount, $addcount);
my ($domain, @MAIL, @GPGERROR, @COMMANDS, %zones, $VERSION);
use vars qw($me $ccreply $conffile $domainlistroot @cfgfiles $usersfile
- $lockfile $reload_command $expiry);
+ $lockfile $reload_command $expiry $zonefiledir);
-$VERSION="0.0.8";
+$VERSION = "1.0.0";
#
# Load our config
close(LOCKFILE);
unlink($lockfile);
-# die $message;
exit;
}
#
# A users entry looks like:
#
-# <username>:<keyid>:<priviledge level>:<master server ip>
+# <username>:<keyid>:<privilege level>:<master server ip>
#
# Priviledge level is not currently used.
#
#
sub getuserinfo($) {
my $gpguser = shift;
- my ($user, $priviledge, $server);
+ my ($user, $privilege, $server);
open (CONFIGFILE, "< $usersfile") or
fatalerror("Couldn't open user configuration file.");
foreach (<CONFIGFILE>) {
if (/^([^#.]+):$gpguser:(\d+):(.+)$/) {
- $user=$1;
- $priviledge=$2;
- $server=$3;
+ $user = $1;
+ $privilege = $2;
+ $server = $3;
chomp $user;
- chomp $priviledge;
+ chomp $privilege;
chomp $server;
if ($user !~ /^.+$/) {
close(CONFIGFILE);
- fatalerror("Error in user configuration file: Can't get username.\n");
+ fatalerror("Error in user configuration ".
+ "file: Can't get username.\n");
}
if ($server !~ /^(\d{1,3}\.){3}\d{1,3}$/) {
$server =~ s/\d\.]//g;
close(CONFIGFILE);
- fatalerror("Error in user configuration file: Invalid primary server IP address ($server)\n");
+ fatalerror("Error in user configuration ".
+ "file: Invalid primary server IP ".
+ "address ($server)\n");
exit;
}
}
fatalerror("User not found.\n");
}
- return ($user, $priviledge, $server);
+ return ($user, $privilege, $server);
+}
+
+#
+# Add a new AutoDNS user.
+#
+# addautodnsuser($username, $keyid, $priv, $masterip);
+# <username>:<keyid>:<privilege level>:<master server ip>
+#
+sub addautodnsuser($$$$) {
+ my $username = shift;
+ my $keyid = shift;
+ my $priv = shift;
+ my $masterip = shift;
+
+ # Create domains file for the user.
+ open (DOMAINLIST, ">>$domainlistroot$username") or
+ fatalerror("Couldn't create domains file.\n");
+ close DOMAINLIST;
+
+ # Make the directory for the zone files.
+ my @dirs = mkpath("$zonefiledir/$username", 0, 0775);
+ fatalerror("Couldn't create zone file directory.\n")
+ if scalar(@dirs) == 0;
+
+ # Actually add them to the users file.
+ open(USERFILE, ">> $usersfile") or
+ fatalerror("Couldn't open user configuration file.");
+ print USERFILE "$username:$keyid:$priv:$masterip\n";
+ close(USERFILE);
}
-$delcount=$addcount=$inprocess=0;
+$delcount = $addcount = $inprocess = 0;
# Read in the mail from stdin.
-@MAIL=<>;
+@MAIL = <>;
$subject = "Reply from AutoDNS";
# Now lets try to find out who it's from.
foreach (@MAIL) {
if (/^$/) { last; }
- if (/^From: (.*)/i) { $from=$1; chomp $from;}
- if (/^Subject:\s+(re:)?(.*)$/i) { $subject="Re: ".$2 if ($2);}
+ if (/^From: (.*)/i) { $from = $1; chomp $from;}
+ if (/^Subject:\s+(re:)?(.*)$/i) { $subject = "Re: ".$2 if ($2);}
}
if ((! defined($from)) || $from =~ /^$/ ) {
die "From address is mailer-daemon, ignoring.";
}
-if (! defined($subject)) { $subject="Reply from AutoDNS"; };
+if (! defined($subject)) { $subject = "Reply from AutoDNS"; };
# We've got a from address. Start a reply.
Subject: $subject
AutoDNS $VERSION
-Copyright 1999-2004 Project Purple. Written by Jonathan McDowell.
+Copyright 1999-2006 Project Purple. Written by Jonathan McDowell.
Released under the GPL.
EOF
#
# Make sure locale is set to C so we get messages in English as we expect.
#
-$ENV{'LC_ALL'}="C";
+$ENV{'LC_ALL'} = "C";
if ($entity->parts) {
# MIME
my ($got_sig, $got_text) = (0, 0);
- my ($sig_name,$sig_fh,$text_name,$text_fh);
- ($sig_fh, $sig_name) = tempfile();
- ($text_fh, $text_name) = tempfile();
+ my ($sig_fh, $sig_name) = tempfile();
+ my ($text_fh, $text_name) = tempfile();
foreach my $subent ($entity->parts) {
if ($subent->effective_type eq "text/plain") {
print $sig_fh $subent->as_string;
close($sig_fh);
$got_sig++;
+ } elsif ($subent->effective_type eq "multipart/mixed") {
+ my $str = $subent->as_string;
+ print $text_fh $str;
+ close($text_fh);
+ $got_text++;
+
+ foreach my $mixent ($subent->parts) {
+ if ($mixent->effective_type eq "text/plain") {
+ push @COMMANDS, (split /\n/,
+ $mixent->bodyhandle->as_string);
+ }
+ if ($mixent->effective_type eq
+ "application/pgp-keys") {
+ push @COMMANDS, (split /\n/,
+ $mixent->bodyhandle->as_string);
+ }
+ }
}
}
close GPGIN;
- @GPGERROR=<GPGERR>;
- my @GPGOUTPUT=<GPGOUT>;
+ @GPGERROR = <GPGERR>;
+ my @GPGOUTPUT = <GPGOUT>;
close GPGERR;
close GPGOUT;
waitpid $pid, 0;
} else {
# Clear text.
- my $pid = open3(\*GPGIN, \*GPGOUT, \*GPGERR, "gpg --batch");
+ my $pid = open3(\*GPGIN, \*GPGOUT, \*GPGERR, "gpg --batch --verify");
# Feed it the mail.
print GPGIN $entity->bodyhandle->as_string;
close GPGIN;
# And grab what it has to say.
- @GPGERROR=<GPGERR>;
- @COMMANDS=<GPGOUT>;
+ @GPGERROR = <GPGERR>;
+ @COMMANDS = <GPGOUT>;
+ @COMMANDS = split /\n/,$entity->bodyhandle->as_string;
close GPGERR;
close GPGOUT;
waitpid $pid, 0;
chomp;
if (/Signature made (.*) using.*ID (.*)$/) {
$sigtime = str2time($1);
- $gpguser=$2;
+ $gpguser = $2;
} elsif (/error/) {
$gpggood = 0;
print REPLY "Some errors ocurred\n";
# Empty line, so ignore it.
#
} elsif (/^END$/) {
- $inprocess=0;
+ $inprocess = 0;
} elsif (/^BEGIN$/) {
- $inprocess=1;
+ $inprocess = 1;
} elsif ($inprocess && /^ADD\s+(.*)$/) {
$domain = $1;
$domain =~ tr/[A-Z]/[a-z]/;
if (! valid_domain($domain)) {
$domain =~ s/[-a-z0-9.]//g;
- print REPLY "Invalid character(s) in domain name: $domain\n";
+ print REPLY "Invalid character(s) in domain name:",
+ " $domain\n";
} elsif (defined($zones{$domain}) && $zones{$domain}) {
print REPLY "We already secondary $domain\n";
} else {
print REPLY "Adding domain $domain\n";
- $zones{$domain}=1;
+ $zones{$domain} = 1;
my $df = $domain;
$df =~ tr,/,:,;
$domain =~ tr/[A-Z]/[a-z]/;
if (!valid_domain($domain)) {
$domain =~ s/[-a-z0-9.]//g;
- print REPLY "Invalid character(s) in domain name: $domain\n";
+ print REPLY "Invalid character(s) in domain name:",
+ " $domain\n";
} elsif (!defined($zones{$domain}) || !$zones{$domain}) {
print REPLY "$domain does not exist!\n";
} else {
print REPLY "Deleting domain $domain\n";
- my (@newcfg,$found);
+ my (@newcfg, $found);
open (DOMAINLIST, "<$domainlistroot$user") or
- fatalerror("Couldn't open file $domainlistroot$user for reading: $!.\n");
+ fatalerror("Couldn't open file ".
+ $domainlistroot.$user.
+ " for reading: $!.\n");
my @cfg = <DOMAINLIST>;
close(DOMAINLIST);
@newcfg = grep { ! /^$domain$/ } @cfg;
if (scalar @cfg == scalar @newcfg) {
- print REPLY "Didn't find $domain in $domainlistroot$user!\n";
- print REPLY "You are only allowed to delete your own domains that exist.\n";
+ print REPLY "Didn't find $domain in ",
+ "$domainlistroot$user!\n";
+ print REPLY "You are only allowed to delete",
+ " your own domains that exist.\n";
next;
}
open (DOMAINLIST, ">$domainlistroot$user") or
- fatalerror("Couldn't open file $domainlistroot$user for writing: $!.\n");
+ fatalerror("Couldn't open file ".
+ $domainlistroot.$user.
+ " for writing: $!.\n");
print DOMAINLIST @newcfg;
close DOMAINLIST;
- $found=0;
- @newcfg=();
+ $found = 0;
+ @newcfg = ();
open (DOMAINSFILE, "<$conffile") or
- fatalerror("Couldn't open file $conffile for reading: $!\n");
+ fatalerror("Couldn't open file $conffile for".
+ " reading: $!\n");
{
local $/ = ''; # eat whole paragraphs
while (<DOMAINSFILE>) {
unless (/^\s*zone\s+"$domain"/) {
push @newcfg, $_;
} else {
- $found=1;
+ $found = 1;
if ($newcfg[-1] =~ /^###/) {
# remove comment and \n
pop @newcfg;
} # end of paragraph eating
if (!$found) {
- print REPLY "Didn't find $domain in $conffile!\n";
+ print REPLY "Didn't find $domain in",
+ " $conffile!\n";
next;
}
open (DOMAINSFILE, ">$conffile") or
- fatalerror("Couldn't open $conffile for writing: $!\n");
+ fatalerror("Couldn't open $conffile for".
+ " writing: $!\n");
print DOMAINSFILE @newcfg;
close DOMAINSFILE;
$delcount++;
print REPLY "$1 doesn't look like a valid IPv4 ",
"address to me.\n";
}
+ } elsif ($inprocess && /^ADDUSER\s(.*)$/) {
+ if (($priv & 2) != 2) {
+ print REPLY "You're not authorised to use the ",
+ "ADDUSER command.\n";
+ } elsif ($1 =~ /^([a-z0-9]+) ([A-Fa-f0-9]{8}) (\d+) (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/) {
+ addautodnsuser($1, $2, $3, $4);
+
+ print REPLY "Attempting to import new key:\n";
+
+ # Feed our command mail to GPG so we can pull the
+ # (hopefully included) new GPG key out from it.
+ my $pid = open3(\*GPGIN, \*GPGOUT, \*GPGERR,
+ "gpg --batch --import");
+
+ # Feed it the mail.
+ print GPGIN join("\n", @COMMANDS);
+ close GPGIN;
+
+ # And grab what it has to say.
+ @GPGERROR = <GPGERR>;
+ my @GPGOUTPUT = <GPGOUT>;
+ close GPGERR;
+ close GPGOUT;
+ waitpid $pid, 0;
+
+ print REPLY @GPGERROR;
+ } else {
+ print REPLY "ADDUSER parameter error.\n";
+ }
} elsif ($inprocess && /^HELP$/) {
- print REPLY "In order to use the service, you will need to send GPG signed\n";
- print REPLY "messages.\n\n";
- print REPLY "The format of the text in these messages is important, as they represent\n";
- print REPLY "commands to autodns. Commands are formatted one per line, and enclosed\n";
- print REPLY "by \"BEGIN\" and \"END\" commands (without the quotes).\n";
- print REPLY "Current valid commands are:\n";
- print REPLY "BEGIN - begin processing.\n";
- print REPLY "END - end processing.\n";
- print REPLY "HELP - display this message.\n";
- print REPLY "LIST - show all the zones currently held by you.\n";
- print REPLY "ADD <domain> - adds the domain <domain> for processing.\n";
- print REPLY "DEL <domain> - removes the domain <domain> if you own it.\n";
+ print REPLY <<EOF;
+In order to use the service, you will need to send GPG signed messages.
+The format of the text in these messages is important, as they represent
+commands to autodns. Commands are formatted one per line, and enclosed
+by "BEGIN" and "END" commands (without the quotes).
+
+Current valid commands are:
+
+BEGIN - begin processing.
+END - end processing.
+HELP - display this message.
+LIST - show all the zones currently held by you.
+ADD <domain> - adds the domain <domain> for processing.
+DEL <domain> - removes the domain <domain> if you own it.
+EOF
if (($priv & 1) == 1) {
print REPLY "MASTER <ip address> - set the nameserver".
- " we should slave off for subsequent ADD commands.\n";
+ " we should slave off for subsequent ADD\ncommands.\n";
+ }
+ if (($priv & 2) == 2) {
+ print REPLY "ADDUSER <username> <keyid> <privilege> ",
+ "<masterip> - add a new user. Imports any key",
+ "\nattached to the message into the keyring.\n";
}
} elsif ($inprocess) {
print REPLY "Unknown command!\n";