X-Git-Url: https://the.earth.li/gitweb/?a=blobdiff_plain;f=autodns.pl;h=fa4e09b6a337cb4005e18f1a2b62d126ad5e3571;hb=f42fd5611d122bd25736db2acb453aad297feb91;hp=6f14bd35efe3ba46266b45135e4996ac164ae9af;hpb=c233fb649154c99c88fbba671aa8d1d5e98c07a4;p=autodns.git

diff --git a/autodns.pl b/autodns.pl
index 6f14bd3..fa4e09b 100755
--- a/autodns.pl
+++ b/autodns.pl
@@ -5,10 +5,11 @@
 # http://www.earth.li/projectpurple/progs/autodns.html
 # Released under the GPL.
 #
-# $Id: autodns.pl,v 1.11 2005/05/16 17:26:47 noodles Exp $
+# $Id: autodns.pl,v 1.15 2005/06/15 10:26:25 noodles Exp $
 #
 
 use strict;
+use Date::Parse;
 use Fcntl qw(:flock);
 use File::Temp qw(tempfile);
 use IPC::Open3;
@@ -21,7 +22,7 @@ my ($user, $server, $inprocess, $delcount, $addcount);
 my ($domain, @MAIL, @GPGERROR, @COMMANDS, %zones, $VERSION);
 
 use vars qw($me $ccreply $conffile $domainlistroot @cfgfiles $usersfile
-	$lockfile $reload_command);
+	$lockfile $reload_command $expiry);
 
 $VERSION="0.0.8";
 
@@ -47,13 +48,13 @@ unless (my $ret = do $file) {
 #
 # Call with the name of a config file to read:
 #
-# &getzones("/etc/named.conf");
+# getzones("/etc/named.conf");
 #
-sub getzones {
-	my ($namedfile) = @_;
+sub getzones($) {
+	my $namedfile = shift;
 
 	open (NAMEDCONF, "< $namedfile") or
-		&fatalerror("Can't open $namedfile");
+		fatalerror("Can't open $namedfile");
 
 	while (<NAMEDCONF>) {
 		if (/^\s*zone\s*"([^"]+)"/) {
@@ -69,10 +70,11 @@ sub getzones {
 #
 # These are: a-z, 0-9, - or .
 #
-sub valid_domain {
+sub valid_domain($) {
 	my $domain = shift;
 	$domain = lc $domain;
-	if ($domain =~ /^(?:[a-z0-9-]+\.)+[a-z]{2,4}$/) {
+
+	if ($domain =~ /^(?:[a-z0-9-]+\.)+[a-z]{2,6}$/) {
 		return 1;
 	} elsif ($domain =~ /^(?:[0-9\/-]+\.)+in-addr.arpa$/) {
 		return 1;
@@ -87,7 +89,7 @@ sub valid_domain {
 #
 # fatalerror("I'm melting!");
 #
-sub fatalerror {
+sub fatalerror($) {
 	my $message = shift;
 
 	print REPLY $message;
@@ -110,14 +112,14 @@ sub fatalerror {
 #
 # Priviledge level is not currently used.
 #
-# ($user, $priv, $server) = &getuserinfo("5B430367");
+# ($user, $priv, $server) = getuserinfo("5B430367");
 #
-sub getuserinfo {
+sub getuserinfo($) {
 	my $gpguser = shift;
 	my ($user, $priviledge, $server);
 
 	open (CONFIGFILE, "< $usersfile") or
-		&fatalerror("Couldn't open user configuration file.");
+		fatalerror("Couldn't open user configuration file.");
 
 	foreach (<CONFIGFILE>) {
 		if (/^([^#.]+):$gpguser:(\d+):(.+)$/) {
@@ -130,13 +132,13 @@ sub getuserinfo {
 	
 			if ($user !~ /^.+$/) {
 				close(CONFIGFILE);
-				&fatalerror("Error in user configuration file: Can't get username.\n");
+				fatalerror("Error in user configuration file: Can't get username.\n");
 			}
 
 			if ($server !~ /^(\d{1,3}\.){3}\d{1,3}$/) {
 				$server =~ s/\d\.]//g;
 				close(CONFIGFILE); 
-				&fatalerror("Error in user configuration file: Invalid primary server IP address ($server)\n");
+				fatalerror("Error in user configuration file: Invalid primary server IP address ($server)\n");
 				exit;
 			} 
 		}
@@ -144,7 +146,7 @@ sub getuserinfo {
 	close(CONFIGFILE);
 
 	if ($user =~ /^$/) {
-		&fatalerror("User not found.\n");
+		fatalerror("User not found.\n");
 	}
 
 	return ($user, $priviledge, $server);
@@ -253,7 +255,7 @@ if ($entity->parts) {
 	my $pid = open3(\*GPGIN, \*GPGOUT, \*GPGERR, "gpg --batch");
 
 	# Feed it the mail.
-	print GPGIN @MAIL;
+	print GPGIN $entity->bodyhandle->as_string;
 	close GPGIN;
 
 	# And grab what it has to say.
@@ -266,10 +268,12 @@ if ($entity->parts) {
 
 # Check who it's from and if the signature was a good one.
 $gpggood=1;
+my $sigtime = 0;
 foreach (@GPGERROR) {
 	chomp;
-	if (/Signature made.* (.*)$/) {
-		$gpguser=$1; 
+	if (/Signature made (.*) using.*ID (.*)$/) {
+		$sigtime = str2time($1);
+		$gpguser=$2; 
 	} elsif (/error/) {
 		$gpggood = 0;
 		print REPLY "Some errors ocurred\n";
@@ -298,8 +302,23 @@ if ($gpggood) {
 	exit;
 }
 
+# Check if the signature is outside our acceptable range.
+if (!defined($sigtime)) {
+	print REPLY "Couldn't parse signature time.\n";
+	close REPLY;
+	exit;
+} elsif ($sigtime > (time + $expiry)) {
+	print REPLY "Signature too far into the future.\n";
+	close REPLY;
+	exit;
+} elsif ($sigtime < (time - $expiry)) {
+	print REPLY "Signature too far into the past.\n";
+	close REPLY;
+	exit;
+}
+
 # Now let's check if we know this person.
-($user, $priv, $server) = &getuserinfo($gpguser);
+($user, $priv, $server) = getuserinfo($gpguser);
 
 if (! defined($user) || ! $user) {
 	print REPLY "Unknown user.\n";
@@ -312,8 +331,8 @@ print REPLY "Got user '$user'\n";
 # Right. We know this is a valid user. Get a lock to ensure we have exclusive
 # access to the configs from here on in.
 open (LOCKFILE,">$lockfile") ||
-	 &fatalerror("Couldn't open lock file\n");
-&fatalerror("Couldn't get lock\n") unless(flock(LOCKFILE,LOCK_EX));
+	 fatalerror("Couldn't open lock file\n");
+fatalerror("Couldn't get lock\n") unless(flock(LOCKFILE,LOCK_EX));
 
 # Ok, now we should figure out what domains we already know about.
 foreach my $cfgfile (@cfgfiles) {
@@ -323,7 +342,7 @@ foreach my $cfgfile (@cfgfiles) {
 # Force existance of the $domainlistroot$user file
 if (! -e $domainlistroot.$user) {
 	open (DOMAINLIST, ">>$domainlistroot$user") or
-			&fatalerror("Couldn't create domains file.\n");
+			fatalerror("Couldn't create domains file.\n");
 	close DOMAINLIST;
 }
 
@@ -377,7 +396,7 @@ zone \"$domain\" {
 			close DOMAINSFILE;
 
 			open (DOMAINLIST, ">>$domainlistroot$user") or
-				&fatalerror("Couldn't open file.\n");
+				fatalerror("Couldn't open file.\n");
 			print DOMAINLIST "$domain\n";
 			close DOMAINLIST;
 			$addcount++;
@@ -397,7 +416,7 @@ zone \"$domain\" {
 			my (@newcfg,$found);
 
 			open (DOMAINLIST, "<$domainlistroot$user") or
-				&fatalerror("Couldn't open file $domainlistroot$user for reading: $!.\n");
+				fatalerror("Couldn't open file $domainlistroot$user for reading: $!.\n");
 			my @cfg = <DOMAINLIST>;
 			close(DOMAINLIST);
 			@newcfg = grep { ! /^$domain$/ } @cfg;
@@ -408,14 +427,14 @@ zone \"$domain\" {
 			}
 
 			open (DOMAINLIST, ">$domainlistroot$user") or 
-				&fatalerror("Couldn't open file $domainlistroot$user for writing: $!.\n");
+				fatalerror("Couldn't open file $domainlistroot$user for writing: $!.\n");
 			print DOMAINLIST @newcfg;
 			close DOMAINLIST;
 
 			$found=0;
 			@newcfg=();
 			open (DOMAINSFILE, "<$conffile") or
-				&fatalerror("Couldn't open file $conffile for reading: $!\n");
+				fatalerror("Couldn't open file $conffile for reading: $!\n");
 			{
 			local $/ = ''; # eat whole paragraphs
 			while (<DOMAINSFILE>) {
@@ -437,7 +456,7 @@ zone \"$domain\" {
 			}
 
 			open (DOMAINSFILE, ">$conffile") or
-				&fatalerror("Couldn't open $conffile for writing: $!\n");
+				fatalerror("Couldn't open $conffile for writing: $!\n");
 			print DOMAINSFILE @newcfg;
 			close DOMAINSFILE;
 			$delcount++;
@@ -482,6 +501,10 @@ zone \"$domain\" {
 		print REPLY "LIST - show all the zones currently held by you.\n";
 		print REPLY "ADD <domain> - adds the domain <domain> for processing.\n";
 		print REPLY "DEL <domain> - removes the domain <domain> if you own it.\n";
+		if (($priv & 1) == 1) {
+			print REPLY "MASTER <ip address> - set the nameserver".
+			" we should slave off for subsequent ADD commands.\n";
+		}
 	} elsif ($inprocess) {
 		print REPLY "Unknown command!\n";
 	}