Hi, yesterday I've set up vegadns-1.1.6 and imported an existing tinydns installation via AXFR for the first time.
To make it work nicely I had to fix some issues: Hunk 1 (axfr_get.php): ====== The path to tcpclient and axfr-get is hard coded to /usr/local/bin. This should probably be configurable. Hunk 2 (index.php), Hunk 3 (src/auth.php) ====== I wanted to have optional certificate based logins. This is a quick hack which assumes that additional restrictions are enforced by the web server before arriving at index.php. It uses a dummy password, which won't be compared to the password stored in the database. This could (and should) probably be done in a nicer way. Hunk 4 (src/domains.php) ====== Domains imported via AXFR had an empty group_id. Hunk 5 (src/domains.php) ====== SRV records imported via AXFR had empty weight and port values. Hunk 6 (src/domains.php), Hunk 7 (src/domains.php) ====== A warning was displayed when $counter reached the maximum number of available default NS entries, because an uninitialized value was read from $def_ns[$counter]. Hunk 8 (src/functions.php) ====== A warning was displayed, because $qname was read (appended to) before initialization. Hunk 9 (src/functions.php), Hunk 10 (src/functions.php) ====== a) The function decode_rdata_octets() was not sufficient to handle rdata octets received through AXFR, because possible ASCII characters are not decoded correctly. This resulted in broken SRV records being added to the database. Original rdata from tinydns config: \000\012\000\000\024\146\006jabber\017abcdefghijklmno\002de\000 Modified rdata received through AXFR: \000\012\000\000\024f\006jabber\017abcdefghijklmno\002de\000 b) In the 'q' case, $rdata[$i] was read (appended to) prior to initialization. Best regards, Andreas
diff -Naur --exclude config.php --exclude update-data.sh --exclude md5upgrade --exclude sessions --exclude templates_c vegadns-1.1.6.orig/axfr_get.php vegadns-1.1.6/axfr_get.php --- vegadns-1.1.6.orig/axfr_get.php 2006-06-14 03:17:35.000000000 +0200 +++ vegadns-1.1.6/axfr_get.php 2007-10-06 02:41:55.000000000 +0200 @@ -45,7 +45,7 @@ $rand = rand(); $file = "/tmp/$domain.$rand"; -$command = "/usr/local/bin/tcpclient '".escapeshellcmd($hostname)."' 53 /usr/local/bin/axfr-get '".escapeshellcmd($domain)."' $file $file.tmp 2>&1"; +$command = "/usr/bin/tcpclient -R '".escapeshellcmd($hostname)."' 53 /usr/bin/axfr-get '".escapeshellcmd($domain)."' $file $file.tmp 2>&1"; exec($command, $out); // Print any errors first diff -Naur --exclude config.php --exclude update-data.sh --exclude md5upgrade --exclude sessions --exclude templates_c vegadns-1.1.6.orig/index.php vegadns-1.1.6/index.php --- vegadns-1.1.6.orig/index.php 2006-06-14 03:17:35.000000000 +0200 +++ vegadns-1.1.6/index.php 2007-10-06 06:15:19.000000000 +0200 @@ -124,6 +124,19 @@ exit; } + // Certificate based login + if (isset($_SERVER['SSL_CLIENT_S_DN_Email'])) { + $q = "SELECT email FROM accounts WHERE email=".$db->Quote(strtolower($_SERVER['SSL_CLIENT_S_DN_Email']))." AND status='active' LIMIT 1"; + $result = $db->Execute($q) or die($db->ErrorMsg()); + $row = $result->FetchRow(); + if ($row['email'] != "") { + $_REQUEST['email'] = $_SERVER["SSL_CLIENT_S_DN_Email"]; + $_REQUEST['password'] = 'password'; + require('src/auth.php'); + exit; + } + } + // LOGIN SCREEN $smarty->display('header.tpl'); diff -Naur --exclude config.php --exclude update-data.sh --exclude md5upgrade --exclude sessions --exclude templates_c vegadns-1.1.6.orig/src/auth.php vegadns-1.1.6/src/auth.php --- vegadns-1.1.6.orig/src/auth.php 2006-06-14 03:17:32.000000000 +0200 +++ vegadns-1.1.6/src/auth.php 2007-10-06 05:34:51.000000000 +0200 @@ -31,10 +31,16 @@ $oldsessions = time()-$timeout; $db->Execute("delete from active_sessions where time < $oldsessions") or die($db->ErrorMsg()); + if (isset($_SERVER['SSL_CLIENT_S_DN_Email'])) { + $q = "select email from accounts where + email=".$db->Quote(strtolower($_SERVER['SSL_CLIENT_S_DN_Email']))." and + status='active' LIMIT 1"; + } else { $q = "select email from accounts where email=".$db->Quote(strtolower($email))." and password='".md5($password)."' and status='active' LIMIT 1"; + } $result = $db->Execute($q) or die($db->ErrorMsg()); $row = $result->FetchRow(); if($row['email'] != "") { diff -Naur --exclude config.php --exclude update-data.sh --exclude md5upgrade --exclude sessions --exclude templates_c vegadns-1.1.6.orig/src/domains.php vegadns-1.1.6/src/domains.php --- vegadns-1.1.6.orig/src/domains.php 2006-06-14 03:17:32.000000000 +0200 +++ vegadns-1.1.6/src/domains.php 2007-10-06 04:05:16.000000000 +0200 @@ -574,8 +574,9 @@ // ADD TO SQL while(list($key,$line) = each($domains_array)) { $domain = $line['domain']; + $group_id = $_SESSION['group']; // add domain first and get the id - $q = "insert into domains (domain,status) values(".$db->Quote($domain).", 'active')"; + $q = "insert into domains (domain,group_id,status) values(".$db->Quote($domain).", '$group_id', 'active')"; $db->Execute($q) or die($db->ErrorMsg()); $domain_id = get_dom_id($domain); @@ -587,15 +588,21 @@ $result['val'] = ereg_replace("DOMAIN", $domain, $def_soa['val']); $result['host'] = ereg_replace("DOMAIN", $domain, $def_soa['host']); } + if ($result['type']!='V') { + $result['weight'] = 'NULL'; + $result['port'] = 'NULL'; + } if (!isset($_REQUEST['default_ns']) || ($result['type']!='N')) { $q = "insert into records - (domain_id,host,type,val,distance,ttl) + (domain_id,host,type,val,distance,weight,port,ttl) values( $domain_id, ".$db->Quote(ereg_replace("[\]052", "*", $result['host'])).", '".$result['type']."', ".$db->Quote($result['val']).", '".$result['distance']."', + '".$result['weight']."', + '".$result['port']."', '".$result['ttl']."')"; $db->Execute($q) or die($db->ErrorMsg().$q); } @@ -603,8 +610,7 @@ } } if (isset($_REQUEST['default_ns']) && is_array($def_ns)) { - $counter = 0; - while ($ns = $def_ns[$counter]) { + foreach ($def_ns as $ns) { $host = ereg_replace("DOMAIN", $domain, $ns['host']); $q = "insert into records (domain_id,host,type,val,distance,ttl) @@ -616,7 +622,6 @@ '".$ns['distance']."', '".$ns['ttl']."')"; $db->Execute($q) or die($db->ErrorMsg().$q); - $counter++; } } $log_entry = "imported via axfr from ".$_REQUEST['hostname']; diff -Naur --exclude config.php --exclude update-data.sh --exclude md5upgrade --exclude sessions --exclude templates_c vegadns-1.1.6.orig/src/functions.php vegadns-1.1.6/src/functions.php --- vegadns-1.1.6.orig/src/functions.php 2006-06-14 03:17:33.000000000 +0200 +++ vegadns-1.1.6/src/functions.php 2007-10-06 06:48:47.000000000 +0200 @@ -470,6 +470,7 @@ // DOPRY: write length octet, then characters... ( I think djbdbs handles converting them to oct... doesn't seem RFC compliant //but produces identical output to Rob Mayoff's SRV generator...); + $qname = ''; foreach ($qnameparts as $part) $qname .= "\\".str_pad(decoct(strlen($part)),3,0,STR_PAD_LEFT)."".$part; // DOPRY: add term octet for QNAME @@ -479,14 +480,6 @@ // DOPRY: end generic record encoding functions // DOPRY: begin generic record decoding functions -function decode_rdata_octets($octets) { - $octs = split('[\\]',$octets); - $data = pack("CC",octdec($octs[1]),octdec($octs[2])); - $value = unpack("ndec",$data); - return $value['dec']; - -} - function decode_rdata_qname($qname) { $hostname = ''; $pos = 0; @@ -539,14 +532,22 @@ $format_code = substr($format,$i,1); switch ($format_code) { case 'c' : - $octets = substr($value,$pos,8); - $rdata[$i] = decode_rdata_octets($octets); - $pos += 8; + $octets = array(); + for ($j = 0; $j < 2; $j++) { + if ($value[$pos] == '\\') { + $octet = substr($value, $pos, 4); + $octets[$j] = octdec($octet); + $pos += 4; + } else { + $octets[$j] = ord($value[$pos]); + $pos += 1; + } + } + $rdata[$i] = ($octets[0] << 8) | $octets[1]; break; case 'q' : if (!preg_match('/.+000/',$value,$qname,0,$pos)) die("decode_rdata: couldn't match qname at format position ".($i+1)."\n"); - print $qname[0]."\n"; - $rdata[$i] .= decode_rdata_qname($qname[0]); + $rdata[$i] = decode_rdata_qname($qname[0]); $pos += strlen($qname[0]); break;