Hi,
yesterday I've set up vegadns-1.1.6 and imported an existing tinydns
installation via AXFR for the first time.
To make it work nicely I had to fix some issues:
Hunk 1 (axfr_get.php):
======
The path to tcpclient and axfr-get is hard coded to /usr/local/bin. This
should probably be configurable.
Hunk 2 (index.php), Hunk 3 (src/auth.php)
======
I wanted to have optional certificate based logins. This is a quick hack
which assumes that additional restrictions are enforced by the web
server before arriving at index.php.
It uses a dummy password, which won't be compared to the password stored
in the database.
This could (and should) probably be done in a nicer way.
Hunk 4 (src/domains.php)
======
Domains imported via AXFR had an empty group_id.
Hunk 5 (src/domains.php)
======
SRV records imported via AXFR had empty weight and port values.
Hunk 6 (src/domains.php), Hunk 7 (src/domains.php)
======
A warning was displayed when $counter reached the maximum number of
available default NS entries, because an uninitialized value was read
from $def_ns[$counter].
Hunk 8 (src/functions.php)
======
A warning was displayed, because $qname was read (appended to) before
initialization.
Hunk 9 (src/functions.php), Hunk 10 (src/functions.php)
======
a) The function decode_rdata_octets() was not sufficient to handle rdata
octets received through AXFR, because possible ASCII characters are not
decoded correctly. This resulted in broken SRV records being added to
the database.
Original rdata from tinydns config:
\000\012\000\000\024\146\006jabber\017abcdefghijklmno\002de\000
Modified rdata received through AXFR:
\000\012\000\000\024f\006jabber\017abcdefghijklmno\002de\000
b) In the 'q' case, $rdata[$i] was read (appended to) prior to
initialization.
Best regards,
Andreas
diff -Naur --exclude config.php --exclude update-data.sh --exclude md5upgrade --exclude sessions --exclude templates_c vegadns-1.1.6.orig/axfr_get.php vegadns-1.1.6/axfr_get.php
--- vegadns-1.1.6.orig/axfr_get.php 2006-06-14 03:17:35.000000000 +0200
+++ vegadns-1.1.6/axfr_get.php 2007-10-06 02:41:55.000000000 +0200
@@ -45,7 +45,7 @@
$rand = rand();
$file = "/tmp/$domain.$rand";
-$command = "/usr/local/bin/tcpclient '".escapeshellcmd($hostname)."' 53 /usr/local/bin/axfr-get '".escapeshellcmd($domain)."' $file $file.tmp 2>&1";
+$command = "/usr/bin/tcpclient -R '".escapeshellcmd($hostname)."' 53 /usr/bin/axfr-get '".escapeshellcmd($domain)."' $file $file.tmp 2>&1";
exec($command, $out);
// Print any errors first
diff -Naur --exclude config.php --exclude update-data.sh --exclude md5upgrade --exclude sessions --exclude templates_c vegadns-1.1.6.orig/index.php vegadns-1.1.6/index.php
--- vegadns-1.1.6.orig/index.php 2006-06-14 03:17:35.000000000 +0200
+++ vegadns-1.1.6/index.php 2007-10-06 06:15:19.000000000 +0200
@@ -124,6 +124,19 @@
exit;
}
+ // Certificate based login
+ if (isset($_SERVER['SSL_CLIENT_S_DN_Email'])) {
+ $q = "SELECT email FROM accounts WHERE email=".$db->Quote(strtolower($_SERVER['SSL_CLIENT_S_DN_Email']))." AND status='active' LIMIT 1";
+ $result = $db->Execute($q) or die($db->ErrorMsg());
+ $row = $result->FetchRow();
+ if ($row['email'] != "") {
+ $_REQUEST['email'] = $_SERVER["SSL_CLIENT_S_DN_Email"];
+ $_REQUEST['password'] = 'password';
+ require('src/auth.php');
+ exit;
+ }
+ }
+
// LOGIN SCREEN
$smarty->display('header.tpl');
diff -Naur --exclude config.php --exclude update-data.sh --exclude md5upgrade --exclude sessions --exclude templates_c vegadns-1.1.6.orig/src/auth.php vegadns-1.1.6/src/auth.php
--- vegadns-1.1.6.orig/src/auth.php 2006-06-14 03:17:32.000000000 +0200
+++ vegadns-1.1.6/src/auth.php 2007-10-06 05:34:51.000000000 +0200
@@ -31,10 +31,16 @@
$oldsessions = time()-$timeout;
$db->Execute("delete from active_sessions where time < $oldsessions")
or die($db->ErrorMsg());
+ if (isset($_SERVER['SSL_CLIENT_S_DN_Email'])) {
+ $q = "select email from accounts where
+ email=".$db->Quote(strtolower($_SERVER['SSL_CLIENT_S_DN_Email']))." and
+ status='active' LIMIT 1";
+ } else {
$q = "select email from accounts where
email=".$db->Quote(strtolower($email))." and
password='".md5($password)."' and
status='active' LIMIT 1";
+ }
$result = $db->Execute($q) or die($db->ErrorMsg());
$row = $result->FetchRow();
if($row['email'] != "") {
diff -Naur --exclude config.php --exclude update-data.sh --exclude md5upgrade --exclude sessions --exclude templates_c vegadns-1.1.6.orig/src/domains.php vegadns-1.1.6/src/domains.php
--- vegadns-1.1.6.orig/src/domains.php 2006-06-14 03:17:32.000000000 +0200
+++ vegadns-1.1.6/src/domains.php 2007-10-06 04:05:16.000000000 +0200
@@ -574,8 +574,9 @@
// ADD TO SQL
while(list($key,$line) = each($domains_array)) {
$domain = $line['domain'];
+ $group_id = $_SESSION['group'];
// add domain first and get the id
- $q = "insert into domains (domain,status) values(".$db->Quote($domain).", 'active')";
+ $q = "insert into domains (domain,group_id,status) values(".$db->Quote($domain).", '$group_id', 'active')";
$db->Execute($q) or die($db->ErrorMsg());
$domain_id = get_dom_id($domain);
@@ -587,15 +588,21 @@
$result['val'] = ereg_replace("DOMAIN", $domain, $def_soa['val']);
$result['host'] = ereg_replace("DOMAIN", $domain, $def_soa['host']);
}
+ if ($result['type']!='V') {
+ $result['weight'] = 'NULL';
+ $result['port'] = 'NULL';
+ }
if (!isset($_REQUEST['default_ns']) || ($result['type']!='N')) {
$q = "insert into records
- (domain_id,host,type,val,distance,ttl)
+ (domain_id,host,type,val,distance,weight,port,ttl)
values(
$domain_id,
".$db->Quote(ereg_replace("[\]052", "*", $result['host'])).",
'".$result['type']."',
".$db->Quote($result['val']).",
'".$result['distance']."',
+ '".$result['weight']."',
+ '".$result['port']."',
'".$result['ttl']."')";
$db->Execute($q) or die($db->ErrorMsg().$q);
}
@@ -603,8 +610,7 @@
}
}
if (isset($_REQUEST['default_ns']) && is_array($def_ns)) {
- $counter = 0;
- while ($ns = $def_ns[$counter]) {
+ foreach ($def_ns as $ns) {
$host = ereg_replace("DOMAIN", $domain, $ns['host']);
$q = "insert into records
(domain_id,host,type,val,distance,ttl)
@@ -616,7 +622,6 @@
'".$ns['distance']."',
'".$ns['ttl']."')";
$db->Execute($q) or die($db->ErrorMsg().$q);
- $counter++;
}
}
$log_entry = "imported via axfr from ".$_REQUEST['hostname'];
diff -Naur --exclude config.php --exclude update-data.sh --exclude md5upgrade --exclude sessions --exclude templates_c vegadns-1.1.6.orig/src/functions.php vegadns-1.1.6/src/functions.php
--- vegadns-1.1.6.orig/src/functions.php 2006-06-14 03:17:33.000000000 +0200
+++ vegadns-1.1.6/src/functions.php 2007-10-06 06:48:47.000000000 +0200
@@ -470,6 +470,7 @@
// DOPRY: write length octet, then characters... ( I think djbdbs handles converting them to oct... doesn't seem RFC compliant
//but produces identical output to Rob Mayoff's SRV generator...);
+ $qname = '';
foreach ($qnameparts as $part) $qname .= "\\".str_pad(decoct(strlen($part)),3,0,STR_PAD_LEFT)."".$part;
// DOPRY: add term octet for QNAME
@@ -479,14 +480,6 @@
// DOPRY: end generic record encoding functions
// DOPRY: begin generic record decoding functions
-function decode_rdata_octets($octets) {
- $octs = split('[\\]',$octets);
- $data = pack("CC",octdec($octs[1]),octdec($octs[2]));
- $value = unpack("ndec",$data);
- return $value['dec'];
-
-}
-
function decode_rdata_qname($qname) {
$hostname = '';
$pos = 0;
@@ -539,14 +532,22 @@
$format_code = substr($format,$i,1);
switch ($format_code) {
case 'c' :
- $octets = substr($value,$pos,8);
- $rdata[$i] = decode_rdata_octets($octets);
- $pos += 8;
+ $octets = array();
+ for ($j = 0; $j < 2; $j++) {
+ if ($value[$pos] == '\\') {
+ $octet = substr($value, $pos, 4);
+ $octets[$j] = octdec($octet);
+ $pos += 4;
+ } else {
+ $octets[$j] = ord($value[$pos]);
+ $pos += 1;
+ }
+ }
+ $rdata[$i] = ($octets[0] << 8) | $octets[1];
break;
case 'q' :
if (!preg_match('/.+000/',$value,$qname,0,$pos)) die("decode_rdata: couldn't match qname at format position ".($i+1)."\n");
- print $qname[0]."\n";
- $rdata[$i] .= decode_rdata_qname($qname[0]);
+ $rdata[$i] = decode_rdata_qname($qname[0]);
$pos += strlen($qname[0]);
break;
