3 # Copyright 1999-2003 Project Purple. Written by Jonathan McDowell
4 # See ACKNOWLEDGEMENTS file for full details of contributors.
5 # http://www.earth.li/projectpurple/progs/autodns.html
6 # Released under the GPL.
8 # $Id: autodns.pl,v 1.3 2004/04/08 10:45:44 noodles Exp $
15 $ENV{'PATH'}="/usr/local/bin:/usr/bin:/bin:/usr/sbin";
17 my ($from, $subject, $gpguser, $gpggood, $usersfile, $lockfile, $priv);
18 my ($user, $server, $inprocess, $delcount, $addcount, $reload_command);
19 my ($domain, @MAIL, @GPGERROR, @COMMANDS, %zones);
20 my ($me, $ccreply, $conffile, $domainlistroot, @cfgfiles, $VERSION);
25 # Local configuration here (until it gets moved to a config file).
27 # These are sort of suitable for a Debian setup.
30 # Who I should reply as.
31 $me="autodns\@earth.li";
33 # Who replies should be CCed to.
34 $ccreply="noodles\@earth.li";
36 # Where to look for zones we're already hosting.
37 @cfgfiles=("/etc/bind/named.conf",
38 "/etc/bind/named.secondary.conf");
40 # The file we should add/delete domains from.
41 $conffile="/etc/bind/named.secondary.conf";
43 # The file that contains details of the authorized users.
44 $usersfile="/etc/bind/autodns.users";
46 # Base file name to for list of users domains.
47 $domainlistroot="/etc/bind/domains.";
49 # The lockfile we use to ensure we have exclusive access to the
50 # $domainlistroot$user files and $conffile.
51 $lockfile="/etc/bind/autodns.lck";
53 # The command to reload the nameserver domains list.
54 $reload_command="sudo ndc reconfig 2>&1";
57 ### There should be no need to edit anything below (unless you're not
58 ### using BIND). This statement might even be true now - let me know if not.
62 # Try to figure out what zones we currently know about by parsing config
63 # files. Sets the item in %zones to 1 for each zone it finds.
65 # Call with the name of a config file to read:
67 # &getzones("/etc/named.conf");
72 open (NAMEDCONF, "< $namedfile") or
73 &fatalerror("Can't open $namedfile");
76 if (/^\s*zone\s*"([^"]+)"/) {
85 # Check that a domain is only made up of valid characters.
87 # These are: a-z, 0-9, - or .
92 if ($domain =~ /^(?:[a-z0-9-]+\.)+[a-z]{2,4}$/) {
94 } elsif ($domain =~ /^(?:[0-9\/-]+\.)+in-addr.arpa$/) {
102 # Deal with a fatal error by printing an error message, closing the pipe to
103 # sendmail and exiting.
105 # fatalerror("I'm melting!");
110 print REPLY $message;
113 flock(LOCKFILE, LOCK_UN);
122 # Get user details from usersfile based on a PGP ID.
124 # A users entry looks like:
126 # <username>:<keyid>:<priviledge level>:<master server ip>
128 # Priviledge level is not currently used.
130 # ($user, $priv, $server) = &getuserinfo("5B430367");
134 my ($user, $priviledge, $server);
136 open (CONFIGFILE, "< $usersfile") or
137 &fatalerror("Couldn't open user configuration file.");
139 foreach (<CONFIGFILE>) {
140 if (/^([^#.]+):$gpguser:(\d+):(.+)$/) {
148 if ($user !~ /^.+$/) {
150 &fatalerror("Error in user configuration file: Can't get username.\n");
153 if ($server !~ /^(\d{1,3}\.){3}\d{1,3}$/) {
154 $server =~ s/\d\.]//g;
156 &fatalerror("Error in user configuration file: Invalid primary server IP address ($server)\n");
164 &fatalerror("User not found.\n");
167 return ($user, $priviledge, $server);
170 $delcount=$addcount=$inprocess=0;
172 # Read in the mail from stdin.
175 $subject = "Reply from AutoDNS";
176 # Now lets try to find out who it's from.
179 if (/^From: (.*)/i) { $from=$1; chomp $from;}
180 if (/^Subject:\s+(re:)?(.*)$/i) { $subject="Re: ".$2 if ($2);}
183 if ((! defined($from)) || $from =~ /^$/ ) {
184 die "Couldn't find a from address.";
185 } elsif ($from =~ /mailer-daemon@/i) {
186 die "From address is mailer-daemon, ignoring.";
189 if (! defined($subject)) { $subject="Reply from AutoDNS"; };
191 # We've got a from address. Start a reply.
193 open(REPLY, "|sendmail -t -oem -oi") or die "Couldn't spawn sendmail";
195 print REPLY "From: $me\n";
196 print REPLY "To: $from\n";
198 # Check to see if our CC address is the same as the from address and if so
201 if ($from ne $ccreply) {
202 print REPLY "Cc: $ccreply\n";
208 Copyright 1999-2001 Project Purple. Written by Jonathan McDowell.
209 Released under the GPL.
214 # Now run GPG against our incoming mail, first making sure that our locale is
215 # set to C so that we get the messages in English as we expect.
218 open3(\*GPGIN, \*GPGOUT, \*GPGERR, "gpg --batch");
224 # And grab what it has to say.
230 # Check who it's from and if the signature was a good one.
232 foreach (@GPGERROR) {
234 if (/Signature made.* (.*)$/) {
238 print REPLY "Some errors ocurred\n";
239 } elsif (/BAD signature/) {
241 print REPLY "BAD signature!\n";
242 } elsif (/public key not found/) {
244 print REPLY "Public Key not found\n";
248 # If we have an empty user it probably wasn't signed.
250 print REPLY "Message appears not to be GPG signed.\n";
255 # Check the signature we got was ok.
257 print REPLY "Good GPG signature found. ($gpguser)\n";
259 print REPLY "Bad GPG signature!\n";
264 # Now let's check if we know this person.
265 ($user, $priv, $server) = &getuserinfo($gpguser);
267 if (! defined($user) || ! $user) {
268 print REPLY "Unknown user.\n";
273 print REPLY "Got user '$user'\n";
275 # Right. We know this is a valid user. Get a lock to ensure we have exclusive
276 # access to the configs from here on in.
277 open (LOCKFILE,">$lockfile") ||
278 &fatalerror("Couldn't open lock file\n");
279 &fatalerror("Couldn't get lock\n") unless(flock(LOCKFILE,LOCK_EX));
281 # Ok, now we should figure out what domains we already know about.
282 foreach my $cfgfile (@cfgfiles) {
286 foreach (@COMMANDS) {
287 # Remove trailing CRs and leading/trailing whitespace
294 print REPLY ">>>$_\n";
299 # Empty line, so ignore it.
303 } elsif (/^BEGIN$/) {
305 } elsif ($inprocess && /^ADD\s+(.*)$/) {
308 # Convert domain to lower case.
309 $domain =~ tr/[A-Z]/[a-z]/;
310 if (! valid_domain($domain)) {
311 $domain =~ s/[-a-z0-9.]//g;
312 print REPLY "Invalid character(s) in domain name: $domain\n";
313 } elsif (defined($zones{$domain}) && $zones{$domain}) {
314 print REPLY "We already secondary $domain\n";
316 print REPLY "Adding domain $domain\n";
322 open (DOMAINSFILE, ">>$conffile");
324 ### Domain added for '$user'
328 masters { $server; };
329 file \"secondary/$user/$df\";
330 allow-transfer { none; };
331 allow-query { any; };
335 open (DOMAINLIST, ">>$domainlistroot$user") or
336 &fatalerror("Couldn't open file.\n");
337 print DOMAINLIST "$domain\n";
341 } elsif ($inprocess && /^DEL\s(.*)$/) {
344 # Convert domain to lower case.
345 $domain =~ tr/[A-Z]/[a-z]/;
346 if (!valid_domain($domain)) {
347 $domain =~ s/[-a-z0-9.]//g;
348 print REPLY "Invalid character(s) in domain name: $domain\n";
349 } elsif (!defined($zones{$domain}) || !$zones{$domain}) {
350 print REPLY "$domain does not exist!\n";
352 print REPLY "Deleting domain $domain\n";
355 open (DOMAINLIST, "<$domainlistroot$user") or
356 &fatalerror("Couldn't open file $domainlistroot$user for reading: $!.\n");
357 my @cfg = <DOMAINLIST>;
359 @newcfg = grep { ! /^$domain$/ } @cfg;
360 if (scalar @cfg == scalar @newcfg) {
361 print REPLY "Didn't find $domain in $domainlistroot$user!\n";
362 print REPLY "You are only allowed to delete your own domains that exist.\n";
366 open (DOMAINLIST, ">$domainlistroot$user") or
367 &fatalerror("Couldn't open file $domainlistroot$user for writing: $!.\n");
368 print DOMAINLIST @newcfg;
373 open (DOMAINSFILE, "<$conffile") or
374 &fatalerror("Couldn't open file $conffile for reading: $!\n");
376 local $/ = ''; # eat whole paragraphs
377 while (<DOMAINSFILE>) {
378 unless (/^\s*zone\s+"$domain"/) {
382 if ($newcfg[-1] =~ /^###/) {
383 # remove comment and \n
388 } # end of paragraph eating
391 print REPLY "Didn't find $domain in $conffile!\n";
395 open (DOMAINSFILE, ">$conffile") or
396 &fatalerror("Couldn't open $conffile for writing: $!\n");
397 print DOMAINSFILE @newcfg;
402 } elsif ($inprocess && /^LIST$/) {
403 print REPLY "Listing domains for user $user\n";
404 print REPLY "------\n";
405 if (open (DOMAINLIST, "<$domainlistroot$user")) {
407 while (<DOMAINLIST>) {
412 print REPLY "------\n";
413 print REPLY "Total of $count domains.\n";
415 print REPLY "Couldn't open $domainlistroot$user: $!\n";
417 } elsif ($inprocess && /^HELP$/) {
418 print REPLY "In order to use the service, you will need to send GPG signed\n";
419 print REPLY "messages.\n\n";
420 print REPLY "The format of the text in these messages is important, as they represent\n";
421 print REPLY "commands to autodns. Commands are formatted one per line, and enclosed\n";
422 print REPLY "by \"BEGIN\" and \"END\" commands (without the quotes).\n";
423 print REPLY "Current valid commands are:\n";
424 print REPLY "BEGIN - begin processing.\n";
425 print REPLY "END - end processing.\n";
426 print REPLY "HELP - display this message.\n";
427 print REPLY "LIST - show all the zones currently held by you.\n";
428 print REPLY "ADD <domain> - adds the domain <domain> for processing.\n";
429 print REPLY "DEL <domain> - removes the domain <domain> if you own it.\n";
430 } elsif ($inprocess) {
431 print REPLY "Unknown command!\n";
434 flock(LOCKFILE, LOCK_UN);
438 print REPLY "Added $addcount domains.\n" if $addcount;
439 print REPLY "Removed $delcount domains.\n" if $delcount;
440 if ($addcount || $delcount) {
441 print REPLY "Reloading nameserver config.\n";
442 print REPLY `$reload_command`;