inc/dns.inc.php
author rejo
Sat, 12 Jul 2008 13:15:50 +0000 (2008-07-12)
changeset 186 a3e83a34f267
parent 182 049347a649e0
child 192 3d18290ac993
permissions -rw-r--r--
[feladat @ 294] Update of SRV record validation. Now checks for a maximum number of characters of content field and allows dash in first label of content field. Closes #45.
<?php

/*  Poweradmin, a friendly web-based admin tool for PowerDNS.
 *  See <https://rejo.zenger.nl/poweradmin> for more details.
 *
 *  Copyright 2007, 2008  Rejo Zenger <rejo@zenger.nl>
 *
 *  This program is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation, either version 3 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

function validate_input($zid, $type, &$content, &$name, &$prio, &$ttl) {

	$zone = get_zone_name_from_id($zid);				// TODO check for return

	if (!(preg_match("/$zone$/i", $name))) {
		if (isset($name) && $name != "") {
			$name = $name . "." . $zone;
		} else {
			$name = $zone;
		}
	}
	
	switch ($type) {

		case "A":
			if (!is_valid_ipv4($content)) return false;
			if (!is_valid_hostname_fqdn($name,1)) return false;
			break;

		case "AAAA":
			if (!is_valid_ipv6($content)) return false;
			if (!is_valid_hostname_fqdn($name,1)) return false;
			break;

		case "CNAME":
			if (!is_valid_rr_cname_name($name)) return false;
			if (!is_valid_hostname_fqdn($name,1)) return false;
			if (!is_valid_hostname_fqdn($content,0)) return false;
			break;

		case "HINFO":
			if (!is_valid_rr_hinfo_content($content)) return false;
			if (!is_valid_hostname_fqdn($name,1)) return false;
			break;

		case "MX":
			if (!is_valid_hostname_fqdn($content,0)) return false;
			if (!is_valid_hostname_fqdn($name,1)) return false;
			if (!is_valid_non_alias_target($content)) return false;
			break;

		case "NS":
			if (!is_valid_hostname_fqdn($content,0)) return false;
			if (!is_valid_hostname_fqdn($name,1)) return false;
			if (!is_valid_non_alias_target($content)) return false;
			break;

		case "PTR":
			if (!is_valid_hostname_fqdn($content,0)) return false;
			if (!is_valid_hostname_fqdn($name,1)) return false;
			break;

		case "SOA":
			if (!is_valid_rr_soa_name($name,$zone)) return false;
			if (!is_valid_hostname_fqdn($name,1)) return false;
			if (!is_valid_rr_soa_content($content)) return false;
			break;
		
		case "SRV":
			if (!is_valid_rr_srv_name($name)) return false;
			if (!is_valid_rr_srv_content($content)) return false;
			break;

		case "TXT":
			if (!is_valid_printable($name)) return false;
			if (!is_valid_printable($content)) return false;
			break;

		case "MBOXFW":
		case "NAPTR":
		case "URL":
			// These types are supported by PowerDNS, but there is not
			// yet code for validation. Validation needs to be added 
			// for these types. One Day Real Soon Now. [tm]
			break;

		default:
			error(ERR_DNS_RR_TYPE);
			return false;
	}

	if (!is_valid_rr_prio($prio,$type)) return false;
	if (!is_valid_rr_ttl($ttl)) return false;

	return true;
}

function is_valid_hostname_fqdn($hostname, $wildcard) {

	global $dns_strict_tld_check;
	global $valid_tlds;

	$hostname = ereg_replace("\.$","",$hostname);

	if (strlen($hostname) > 255) {
		error(ERR_DNS_HN_TOO_LONG);
		return false;
	}

        $hostname_labels = explode ('.', $hostname);
        $label_count = count($hostname_labels);

	foreach ($hostname_labels as $hostname_label) {
		if ($wildcard == 1 && !isset($first)) {
			if (!preg_match('/^(\*|[\w-\/]+)$/',$hostname_label)) { error(ERR_DNS_HN_INV_CHARS); return false; }
			$first = 1;
		} else {
			if (!preg_match('/^[\w-\/]+$/',$hostname_label)) { error(ERR_DNS_HN_INV_CHARS); return false; }
		}
		if (substr($hostname_label, 0, 1) == "-") { error(ERR_DNS_HN_DASH); return false; }
		if (substr($hostname_label, -1, 1) == "-") { error(ERR_DNS_HN_DASH); return false; }
		if (strlen($hostname_label) < 1 || strlen($hostname_label) > 63) { error(ERR_DNS_HN_LENGTH); return false; }
	}
	
	if ($hostname_labels[$label_count-1] == "arpa" && (substr_count($hostname_labels[0], "/") == 1 XOR substr_count($hostname_labels[1], "/") == 1)) {
		if (substr_count($hostname_labels[0], "/") == 1) { 
			$array = explode ("/", $hostname_labels[0]);
		} else {
			$array = explode ("/", $hostname_labels[1]);
		}
		if (count($array) != 2) { error(ERR_DNS_HOSTNAME) ; return false; }
		if (!is_numeric($array[0]) || $array[0] < 0 || $array[0] > 255) { error(ERR_DNS_HOSTNAME) ; return false; }
		if (!is_numeric($array[1]) || $array[1] < 25 || $array[1] > 31) { error(ERR_DNS_HOSTNAME) ; return false; }
	} else {
		if (substr_count($hostname, "/") > 0) { error(ERR_DNS_HN_SLASH) ; return false; }
	}
	
	if ($dns_strict_tld_check == "1" && !in_array($hostname_labels[$label_count-1], $valid_tlds)) {
		error(ERR_DNS_INV_TLD); return false;
	}

	return true;
}

function is_valid_ipv4($ipv4) {

// 20080424/RZ: The current code may be replaced by the following if() 
// statement, but it will raise the required PHP version to ">= 5.2.0". 
// Not sure if we want that now.
//
//	if(filter_var($ipv4, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) === FALSE) {
//		error(ERR_DNS_IPV4); return false;
//	}

	if (!preg_match("/^[0-9\.]{7,15}$/", $ipv4)) {
		error(ERR_DNS_IPV4); return false;
	}

	$quads = explode('.', $ipv4);
	$numquads = count($quads);
	
	if ($numquads != 4) {
		error(ERR_DNS_IPV4); return false;
	}

	for ($i = 0; $i < 4; $i++) {
		if ($quads[$i] > 255) {
			error(ERR_DNS_IPV4); return false;
		}
	}

	return true;
}

function is_valid_ipv6($ipv6) {

// 20080424/RZ: The current code may be replaced by the following if() 
// statement, but it will raise the required PHP version to ">= 5.2.0". 
// Not sure if we want that now.
//
//	if(filter_var($ipv6, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) === FALSE) {
//		error(ERR_DNS_IPV6); return false;
//	}

	if (!preg_match("/^[0-9a-f]{0,4}:([0-9a-f]{0,4}:){0,6}[0-9a-f]{0,4}$/i", $ipv6)) {
		error(ERR_DNS_IPV6); return false;
	}

	$quads = explode(':', $ipv6);
	$numquads = count ($quads);

	if ($numquads > 8 || $numquads < 3) {
		error(ERR_DNS_IPV6); return false;
	}

	$emptyquads = 0;
	for ($i = 1; $i < $numquads-1; $i++) {
		if ($quads[$i] == "") $emptyquads++;
	}

	if ($emptyquads > 1) {
		error(ERR_DNS_IPV6); return false;
	}

	if ($emptyquads == 0 && $numquads != 8) {
		error(ERR_DNS_IPV6); return false;
	}

	return true;
}

function is_valid_printable($string) {
	if (!ereg('^[[:print:]]+$', trim($string))) { error(ERR_DNS_PRINTABLE); return false; }
	return true;
}

function is_valid_rr_cname_name($name) {
	global $db;

	$query = "SELECT type, content 
			FROM records 
			WHERE content = " . $db->quote($name) . "
			AND (type = 'MX' OR type = 'NS')";
	
	$response = $db->query($query);
	if (PEAR::isError($response)) { error($response->getMessage()); return false; };

	if ($response->numRows() > 0) {
		error(ERR_DNS_CNAME); return false;
	}

	return true;
}

function is_valid_non_alias_target($target) {
	global $db;
	
	$query = "SELECT type, name
			FROM records
			WHERE name = " . $db->quote($target) . "
			AND TYPE = 'CNAME'";

	$response = $db->query($query);
	if (PEAR::isError($response)) { error($response->getMessage()); return false; };
	if ($response->numRows() > 0) {
		error(ERR_DNS_NON_ALIAS_TARGET); return false;
	}
	return true;
}

function is_valid_rr_hinfo_content($content) {

	if ($content[0] == "\"") {
		$fields = preg_split('/(?<=") /', $content, 2);
	} else {
		$fields = preg_split('/ /', $content, 2);
	}

	for ($i = 0; ($i < 2); $i++) {
		if (!preg_match("/^([^\s]{1,1000}|\"([^\"]{1,998}\")$/i", $fields[$i])) {
			error(ERR_DNS_HINFO_INV_CONTENT); return false;
		}
	}

	return true;
}

function is_valid_rr_soa_content(&$content) {

	$fields = preg_split("/\s+/", trim($content));
        $field_count = count($fields);

	if ($field_count == 0 || $field_count > 7) {
		return false;
	} else {
		if (!is_valid_hostname_fqdn($fields[0],0) || preg_match('/\.arpa\.?$/',$fields[0])) {
			return false;
		}
		$final_soa = $fields[0];

		if (isset($fields[1])) {
			$addr_input = $fields[1];
		} else {
			global $dns_hostmaster;
			$addr_input = $dns_hostmaster;
		}
		if (!preg_match("/@/", $addr_input)) {
			$addr_input = preg_split('/(?<!\\\)\./', $addr_input, 2);
			$addr_to_check = str_replace("\\", "", $addr_input[0]) . "@" . $addr_input[1];
		} else {
			$addr_to_check = $addr_input;
		}
		
		if (!is_valid_email($addr_to_check)) {
			return false;
		} else {
			$addr_final = explode('@', $addr_to_check, 2);
			$final_soa .= " " . str_replace(".", "\\.", $addr_final[0]) . "." . $addr_final[1];
		}

		if (isset($fields[2])) {
			if (!is_numeric($fields[2])) {
				return false;
			}
			$final_soa .= " " . $fields[2];
		} else {
			$final_soa .= " 0";
		}
		
		if ($field_count == 7) {
			for ($i = 3; ($i < 7); $i++) {
				if (!is_numeric($fields[$i])) {
					return false;
				} else {
					$final_soa .= " " . $fields[$i];
				}
			}
		}
	}
	$content = $final_soa;
	return true;
}

function is_valid_rr_soa_name($name, $zone) {
	if ($name != $zone) {
		error(ERR_DNS_SOA_NAME); return false;
	}
	return true;
}

function is_valid_rr_prio(&$prio, $type) {
	if ($type == "MX" || $type == "SRV" ) {
		if (!is_numeric($prio) || $prio < 0 || $prio > 65535 ) {
			error(ERR_DNS_INV_PRIO); return false;
		}
	} else {
		$prio = "";
	}

	return true;
}

function is_valid_rr_srv_name($name){

	if (strlen($name) > 255) {
		error(ERR_DNS_HN_TOO_LONG);
		return false;
	}

	$fields = explode('.', $name, 3);
	if (!preg_match('/^_[\w-]+$/i', $fields[0])) { error(ERR_DNS_SRV_NAME) ; return false; }
	if (!preg_match('/^_[\w]+$/i', $fields[1])) { error(ERR_DNS_SRV_NAME) ; return false; }
	if (!is_valid_hostname_fqdn($fields[2],0)) { error(ERR_DNS_SRV_NAME) ; return false ; }
	return true ;
}

function is_valid_rr_srv_content($content) {
	$fields = preg_split("/\s+/", trim($content), 3);
	if (!is_numeric($fields[0]) || $fields[0] < 0 || $fields[0] > 65535) { error(ERR_DNS_SRV_WGHT) ; return false; } 
	if (!is_numeric($fields[1]) || $fields[1] < 0 || $fields[1] > 65535) { error(ERR_DNS_SRV_PORT) ; return false; } 
	if ($fields[2] == "" || ($fields[2] != "." && !is_valid_hostname_fqdn($fields[2],0))) {
		error(ERR_DNS_SRV_TRGT) ; return false; 
	} 
	return true;
}

function is_valid_rr_ttl(&$ttl) {

	if (!isset($ttl) || $ttl == "" ) {
		global $dns_ttl;
		$ttl = $dns_ttl;
	}
	
	if (!is_numeric($ttl) ||  $ttl < 0 || $ttl > 2147483647 ) {
		error(ERR_DNS_INV_TTL);	return false;
	}

	return true;
}

function is_valid_search($holygrail) {

	// Only allow for alphanumeric, numeric, dot, dash, underscore and 
	// percent in search string. The last two are wildcards for SQL.
	// Needs extension probably for more usual record types.

	return preg_match('/^[a-z0-9.\-%_]+$/i', $holygrail);
}

?>