From: Kees Monshouwer Date: Thu, 14 Jul 2022 09:41:18 +0000 (+0200) Subject: auth: add set-option in pdnsutil X-Git-Tag: auth-4.8.0-alpha0~7^2~12 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9e675887cdd7d01fe1d907c0ff476ea1af9349aa;p=thirdparty%2Fpdns.git auth: add set-option in pdnsutil --- diff --git a/docs/manpages/pdnsutil.1.rst b/docs/manpages/pdnsutil.1.rst index 8121f6c8c2..7cb5590709 100644 --- a/docs/manpages/pdnsutil.1.rst +++ b/docs/manpages/pdnsutil.1.rst @@ -246,6 +246,12 @@ secure-all-zones [**increase-serial**] rectify-all-zones' afterwards. set-kind *ZONE* *KIND* Change the kind of *ZONE* to *KIND* (primary, secondary, native). +set-options-json *ZONE* *JSON* + Change the options of *ZONE* to *JSON* +set-option *ZONE* [*producer*|*consumer*] [*coo*|*unique*|*group*] *VALUE* [*VALUE* ...] + Set or remove an option for *ZONE*. Providing an empty value removes an option. +set-catalog *ZONE* *CATALOG* + Change the catalog of *ZONE* to *CATALOG* set-account *ZONE* *ACCOUNT* Change the account (owner) of *ZONE* to *ACCOUNT*. add-meta *ZONE* *ATTRIBUTE* *VALUE* [*VALUE*]... diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc index ad033150a2..76d4820ff0 100644 --- a/pdns/pdnsutil.cc +++ b/pdns/pdnsutil.cc @@ -1859,7 +1859,7 @@ static bool disableDNSSECOnZone(DNSSECKeeper& dk, const DNSName& zone) return ret; } -static int setZoneOptions(const DNSName& zone, const string& options) +static int setZoneOptionsJson(const DNSName& zone, const string& options) { UeberBackend B("default"); DomainInfo di; @@ -1875,6 +1875,45 @@ static int setZoneOptions(const DNSName& zone, const string& options) return EXIT_SUCCESS; } +static int setZoneOption(const DNSName& zone, const string& type, const string& option, const set& values) +{ + UeberBackend B("default"); + DomainInfo di; + CatalogInfo ci; + + if (!B.getDomainInfo(zone, di)) { + cerr << "No such zone " << zone << " in the database" << endl; + return EXIT_FAILURE; + } + + CatalogInfo::CatalogType ctype; + if (type == "producer") { + ctype = CatalogInfo::CatalogType::Producer; + } + else { + ctype = CatalogInfo::CatalogType::Consumer; + } + + ci.fromJson(di.options, ctype); + + if (option == "coo") { + ci.d_coo = (!values.empty() ? DNSName(*values.begin()) : DNSName()); + } + else if (option == "unique") { + ci.d_unique = (!values.empty() ? DNSName(*values.begin()) : DNSName()); + } + else if (option == "group") { + ci.d_group = values; + } + + if (!di.backend->setOptions(zone, ci.toJson())) { + cerr << "Could not find backend willing to accept new zone configuration" << endl; + return EXIT_FAILURE; + } + + return EXIT_SUCCESS; +} + static int setZoneCatalog(const DNSName& zone, const DNSName& catalog) { UeberBackend B("default"); @@ -2505,7 +2544,11 @@ try cout << "secure-all-zones [increase-serial] Secure all zones without keys" << endl; cout << "secure-zone ZONE [ZONE ..] Add DNSSEC to zone ZONE" << endl; cout << "set-kind ZONE KIND Change the kind of ZONE to KIND (primary, secondary, native)" << endl; - cout << "set-options ZONE OPTIONS Change the options of ZONE to OPTIONS" << endl; + cout << "set-options-json ZONE JSON Change the options of ZONE to JSON" << endl; + cout << "set-option ZONE Set or remove an option for ZONE Providing an empty value removes an option" << endl; + cout << " [producer|consumer]" << endl; + cout << " [coo|unique|group] VALUE" << endl; + cout << " [VALUE ...]" << endl; cout << "set-catalog ZONE CATALOG Change the catalog of ZONE to CATALOG" << endl; cout << "set-account ZONE ACCOUNT Change the account (owner) of ZONE to ACCOUNT" << endl; cout << "set-nsec3 ZONE ['PARAMS' [narrow]] Enable NSEC3 with PARAMS. Optionally narrow" << endl; @@ -3153,11 +3196,12 @@ try auto kind = DomainInfo::stringToKind(cmds.at(2)); return setZoneKind(zone, kind); } - else if (cmds.at(0) == "set-options") { + else if (cmds.at(0) == "set-options-json") { if (cmds.size() != 3) { - cerr << "Syntax: pdnsutil set-options ZONE OPTIONS" << endl; - return 0; + cerr << "Syntax: pdnsutil set-options ZONE VALUE" << endl; + return EXIT_FAILURE; } + // Verify json if (!cmds.at(2).empty()) { std::string err; @@ -3167,8 +3211,31 @@ try return EXIT_FAILURE; } } + + DNSName zone(cmds.at(1)); + + return setZoneOptionsJson(zone, cmds.at(2)); + } + else if (cmds.at(0) == "set-option") { + if (cmds.size() < 5 || (cmds.size() > 5 && (cmds.at(3) != "group"))) { + cerr << "Syntax: pdnsutil set-option ZONE [producer|consumer] [coo|unique|group] VALUE [VALUE ...]1" << endl; + return EXIT_FAILURE; + } + + if ((cmds.at(2) != "producer" && cmds.at(2) != "consumer") || (cmds.at(3) != "coo" && cmds.at(3) != "unique" && cmds.at(3) != "group")) { + cerr << "Syntax: pdnsutil set-option ZONE [producer|consumer] [coo|unique|group] VALUE [VALUE ...]" << endl; + return EXIT_FAILURE; + } + DNSName zone(cmds.at(1)); - return setZoneOptions(zone, cmds.at(2)); + set values; + for (unsigned int n = 4; n < cmds.size(); ++n) { + if (!cmds.at(n).empty()) { + values.insert(cmds.at(n)); + } + } + + return setZoneOption(zone, cmds.at(2), cmds.at(3), values); } else if (cmds.at(0) == "set-catalog") { if (cmds.size() != 3) { diff --git a/regression-tests/backends/gmysql-master b/regression-tests/backends/gmysql-master index 030fea859a..5b2ed60fc2 100644 --- a/regression-tests/backends/gmysql-master +++ b/regression-tests/backends/gmysql-master @@ -41,8 +41,9 @@ __EOF__ $PDNSUTIL --config-dir=. --config-name=gmysql load-zone catalog.invalid zones/catalog.invalid $PDNSUTIL --config-dir=. --config-name=gmysql set-kind catalog.invalid producer - $PDNSUTIL --config-dir=. --config-name=gmysql set-options test.com '{"producer":{"coo":"other-catalog.invalid","unique":"123"}}' - $PDNSUTIL --config-dir=. --config-name=gmysql set-options tsig.com '{"producer":{"group":["pdns-group-x","pdns-group-y"]}}' + $PDNSUTIL --config-dir=. --config-name=gmysql set-option test.com producer coo other-catalog.invalid + $PDNSUTIL --config-dir=. --config-name=gmysql set-option test.com producer unique 123 + $PDNSUTIL --config-dir=. --config-name=gmysql set-option tsig.com producer group pdns-group-x pdns-group-y fi gsql_master gmysql dyndns diff --git a/regression-tests/backends/gmysql-slave b/regression-tests/backends/gmysql-slave index 3d792ff664..1d9ee2bdbd 100644 --- a/regression-tests/backends/gmysql-slave +++ b/regression-tests/backends/gmysql-slave @@ -37,19 +37,21 @@ __EOF__ if [ "$zone" = "test.com" ]; then $PDNSUTIL --config-dir=. --config-name=gmysql2 create-secondary-zone $zone 127.0.0.1:$port $PDNSUTIL --config-dir=. --config-name=gmysql2 set-catalog $zone other-catalog.invalid - $PDNSUTIL --config-dir=. --config-name=gmysql2 set-options $zone '{"consumer":{"coo":"catalog.invalid","unique":"42"}}' + $PDNSUTIL --config-dir=. --config-name=gmysql2 set-option $zone consumer coo catalog.invalid + $PDNSUTIL --config-dir=. --config-name=gmysql2 set-option $zone consumer unique 42 fi if [ "$zone" = "tsig.com" ]; then $PDNSUTIL --config-dir=. --config-name=gmysql2 create-secondary-zone $zone 127.0.0.2:$port $PDNSUTIL --config-dir=. --config-name=gmysql2 set-catalog $zone catalog.invalid - $PDNSUTIL --config-dir=. --config-name=gmysql2 set-options $zone "{\"consumer\":{\"unique\":\"$($SAXFR 127.0.0.1 $port catalog.invalid | grep $zone | grep PTR | cut -d'.' -f1)\"}}" + $PDNSUTIL --config-dir=. --config-name=gmysql2 set-option $zone consumer unique $($SAXFR 127.0.0.1 $port catalog.invalid | grep $zone | grep PTR | cut -d'.' -f1) $PDNSUTIL --config-dir=. --config-name=gmysql2 import-tsig-key test $ALGORITHM $KEY $PDNSUTIL --config-dir=. --config-name=gmysql2 activate-tsig-key tsig.com test secondary fi if [ "$zone" = "stest.com" ]; then $PDNSUTIL --config-dir=. --config-name=gmysql2 create-secondary-zone $zone 127.0.0.1:$port $PDNSUTIL --config-dir=. --config-name=gmysql2 set-catalog $zone other-catalog.invalid - $PDNSUTIL --config-dir=. --config-name=gmysql2 set-options $zone "{\"consumer\":{\"coo\":\"catalog.invalid\",\"unique\":\"$($SAXFR 127.0.0.1 $port catalog.invalid | grep $zone | grep PTR | cut -d'.' -f1)\"}}" + $PDNSUTIL --config-dir=. --config-name=gmysql2 set-option $zone consumer coo catalog.invalid + $PDNSUTIL --config-dir=. --config-name=gmysql2 set-option $zone consumer unique $($SAXFR 127.0.0.1 $port catalog.invalid | grep $zone | grep PTR | cut -d'.' -f1) if [[ $skipreasons != *nolua* ]]; then $PDNSUTIL --config-dir=. --config-name=gmysql2 set-meta stest.com AXFR-SOURCE 127.0.0.2 fi @@ -57,7 +59,7 @@ __EOF__ if [ "$zone" = "wtest.com" ]; then $PDNSUTIL --config-dir=. --config-name=gmysql2 create-secondary-zone $zone 127.0.0.1:$port $PDNSUTIL --config-dir=. --config-name=gmysql2 set-catalog $zone catalog.invalid - $PDNSUTIL --config-dir=. --config-name=gmysql2 set-options $zone '{"consumer":{"unique":"42"}}' + $PDNSUTIL --config-dir=. --config-name=gmysql2 set-option $zone consumer unique 42 fi if [ "$zone" = "." ]; then $PDNSUTIL --config-dir=. --config-name=gmysql2 create-secondary-zone $zone 127.0.0.1:$port diff --git a/regression-tests/backends/lmdb-master b/regression-tests/backends/lmdb-master index 54b889960e..f7937a6f66 100644 --- a/regression-tests/backends/lmdb-master +++ b/regression-tests/backends/lmdb-master @@ -64,8 +64,8 @@ __EOF__ $PDNSUTIL --config-dir=. --config-name=lmdb load-zone catalog.invalid zones/catalog.invalid $PDNSUTIL --config-dir=. --config-name=lmdb set-kind catalog.invalid producer - $PDNSUTIL --config-dir=. --config-name=lmdb set-options test.com '{"producer":{"coo":"other-catalog.invalid","unique":"123"}}' - $PDNSUTIL --config-dir=. --config-name=lmdb set-options tsig.com '{"producer":{"group":["pdns-group-x","pdns-group-y"]}}' + $PDNSUTIL --config-dir=. --config-name=lmdb set-options-json test.com '{"producer":{"coo":"other-catalog.invalid","unique":"123"}}' + $PDNSUTIL --config-dir=. --config-name=lmdb set-options-json tsig.com '{"producer":{"group":["pdns-group-x","pdns-group-y"]}}' fi $RUNWRAPPER $PDNS --daemon=no --local-address=$address --local-port=$port --config-dir=. \ diff --git a/regression-tests/backends/lmdb-slave b/regression-tests/backends/lmdb-slave index 785b3b715f..697ee7aa8f 100644 --- a/regression-tests/backends/lmdb-slave +++ b/regression-tests/backends/lmdb-slave @@ -16,19 +16,19 @@ __EOF__ if [ "$zone" = "test.com" ]; then $PDNSUTIL --config-dir=. --config-name=lmdb2 create-secondary-zone $zone 127.0.0.1:$port $PDNSUTIL --config-dir=. --config-name=lmdb2 set-catalog $zone other-catalog.invalid - $PDNSUTIL --config-dir=. --config-name=lmdb2 set-options $zone '{"consumer":{"coo":"catalog.invalid","unique":"42"}}' + $PDNSUTIL --config-dir=. --config-name=lmdb2 set-options-json $zone '{"consumer":{"coo":"catalog.invalid","unique":"42"}}' fi if [ "$zone" = "tsig.com" ]; then $PDNSUTIL --config-dir=. --config-name=lmdb2 create-secondary-zone $zone 127.0.0.2:$port $PDNSUTIL --config-dir=. --config-name=lmdb2 set-catalog $zone catalog.invalid - $PDNSUTIL --config-dir=. --config-name=lmdb2 set-options $zone "{\"consumer\":{\"unique\":\"$($SAXFR 127.0.0.1 $port catalog.invalid | grep $zone | grep PTR | cut -d'.' -f1)\"}}" + $PDNSUTIL --config-dir=. --config-name=lmdb2 set-options-json $zone "{\"consumer\":{\"unique\":\"$($SAXFR 127.0.0.1 $port catalog.invalid | grep $zone | grep PTR | cut -d'.' -f1)\"}}" $PDNSUTIL --config-dir=. --config-name=lmdb2 import-tsig-key test $ALGORITHM $KEY $PDNSUTIL --config-dir=. --config-name=lmdb2 activate-tsig-key tsig.com test secondary fi if [ "$zone" = "stest.com" ]; then $PDNSUTIL --config-dir=. --config-name=lmdb2 create-secondary-zone $zone 127.0.0.1:$port $PDNSUTIL --config-dir=. --config-name=lmdb2 set-catalog $zone other-catalog.invalid - $PDNSUTIL --config-dir=. --config-name=lmdb2 set-options $zone "{\"consumer\":{\"coo\":\"catalog.invalid\",\"unique\":\"$($SAXFR 127.0.0.1 $port catalog.invalid | grep $zone | grep PTR | cut -d'.' -f1)\"}}" + $PDNSUTIL --config-dir=. --config-name=lmdb2 set-options-json $zone "{\"consumer\":{\"coo\":\"catalog.invalid\",\"unique\":\"$($SAXFR 127.0.0.1 $port catalog.invalid | grep $zone | grep PTR | cut -d'.' -f1)\"}}" if [[ $skipreasons != *nolua* ]]; then $PDNSUTIL --config-dir=. --config-name=lmdb2 set-meta stest.com AXFR-SOURCE 127.0.0.2 fi @@ -36,7 +36,7 @@ __EOF__ if [ "$zone" = "wtest.com" ]; then $PDNSUTIL --config-dir=. --config-name=lmdb2 create-secondary-zone $zone 127.0.0.1:$port $PDNSUTIL --config-dir=. --config-name=lmdb2 set-catalog $zone catalog.invalid - $PDNSUTIL --config-dir=. --config-name=lmdb2 set-options $zone '{"consumer":{"unique":"42"}}' + $PDNSUTIL --config-dir=. --config-name=lmdb2 set-options-json $zone '{"consumer":{"unique":"42"}}' fi if [ "$zone" = "." ]; then $PDNSUTIL --config-dir=. --config-name=lmdb2 create-secondary-zone $zone 127.0.0.1:$port