Annotate

mod_dnsupdate/mod_dnsupdate.lua @ 4828:56eba4bca28f

mod_password_policy: Allow check_password() to indicate the policy that failed
author Matthew Wild <mwild1@gmail.com>
date Wed, 22 Dec 2021 14:01:53 +0000
parent 4779:6395d4732bc6
child 4882:28f6322fad50
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4762
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 module:set_global();
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 local config = require "core.configmanager";
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 local argparse = require "util.argparse";
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 local dns = require"net.adns".resolver();
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 local async = require "util.async";
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 local set = require "util.set";
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 local nameprep = require"util.encodings".stringprep.nameprep;
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9 local idna_to_ascii = require"util.encodings".idna.to_ascii;
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10
4779
6395d4732bc6 mod_dnsupdate: Add support for components
Kim Alvefur <zash@zash.se>
parents: 4765
diff changeset
11 local virtualhost_services = { "xmpp-client"; "xmpps-client"; "xmpp-server"; "xmpps-server" }
6395d4732bc6 mod_dnsupdate: Add support for components
Kim Alvefur <zash@zash.se>
parents: 4765
diff changeset
12 local component_services = { "xmpp-server"; "xmpps-server" }
4762
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 local function validate_dnsname_option(options, option_name, default)
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 local host = options[option_name];
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 if host == nil then return default end
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 local normalized = nameprep(host);
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18 if not normalized then
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19 module:log("error", "--%s %q fails normalization");
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 return;
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 end
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 local alabel = idna_to_ascii(normalized);
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 if not alabel then
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 module:log("error", "--%s %q fails IDNA");
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25 return;
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 end
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 return alabel;
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 end
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30 function module.command(arg)
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31 local opts = argparse.parse(arg, {
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32 short_params = { d = "domain"; p = "primary"; t = "target"; l = "ttl"; h = "help"; ["?"] = "help" };
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33 value_params = { domain = true; primary = true; target = true; ttl = true };
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34 });
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
35
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36 if not arg[1] or arg[2] or not opts or opts.help or not opts.domain then
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 local out = opts.help and io.stdout or io.stderr;
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38 out:write("prosodyctl mod_dnsupdate [options] virtualhost\n");
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39 out:write("\t-d --domain\tbase domain name *required*\n");
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40 out:write("\t-p --primary\tprimary DNS name server\n");
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 out:write("\t-t --target\ttarget hostname for SRV\n");
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42 out:write("\t-l --ttl\tTTL to use\n");
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 out:write("\t--each\tremove and replace individual SRV records\n");
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44 out:write("\t--reset\tremove and replace all SRV records\n");
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45 return opts and opts.help and 0 or 1;
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46 end
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48 local vhost = nameprep(arg[1]); -- TODO loop over arg[]?
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
49 if not vhost then
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
50 module:log("error", "Host %q fails normalization", arg[1]);
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
51 return 1;
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
52 end
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
53 local ihost = idna_to_ascii(vhost);
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
54 if not ihost then
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55 module:log("error", "Host %q falis IDNA", vhost);
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
56 return 1;
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
57 end
4779
6395d4732bc6 mod_dnsupdate: Add support for components
Kim Alvefur <zash@zash.se>
parents: 4765
diff changeset
58 local is_component = config.get(vhost, "component_module");
6395d4732bc6 mod_dnsupdate: Add support for components
Kim Alvefur <zash@zash.se>
parents: 4765
diff changeset
59 if not is_component and not config.get(vhost, "defined") then
4762
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
60 module:log("error", "Host %q is not defined in the config", vhost);
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
61 return 1;
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
62 end
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
63
4779
6395d4732bc6 mod_dnsupdate: Add support for components
Kim Alvefur <zash@zash.se>
parents: 4765
diff changeset
64 local services = virtualhost_services;
6395d4732bc6 mod_dnsupdate: Add support for components
Kim Alvefur <zash@zash.se>
parents: 4765
diff changeset
65 if is_component then services = component_services; end
6395d4732bc6 mod_dnsupdate: Add support for components
Kim Alvefur <zash@zash.se>
parents: 4765
diff changeset
66
4762
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
67 local domain = validate_dnsname_option(opts, "domain");
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
68 if not domain then
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
69 module:log("error", "--domain is required");
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
70 return 1;
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
71 end
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
72 local primary = validate_dnsname_option(opts, "primary")
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
73 or async.wait_for(dns:lookup_promise(domain, "SOA"):next(function(ret) return ret[1].soa.mname; end));
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
74 if not primary then
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
75 module:log("error", "Could not discover primary name server, specify it with --primary");
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
76 return 1;
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
77 end
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
78 local target = validate_dnsname_option(opts, "target", module:context(vhost):get_option_string("xmpp_host", ihost));
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
79 -- TODO validate that target has A/AAAA
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
80
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
81 local configured_ports = {
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
82 ["xmpp-client"] = module:get_option_array("c2s_ports", { 5222 });
4763
91077c928c57 mod_dnsupdate: Fix to use correct port settings
Kim Alvefur <zash@zash.se>
parents: 4762
diff changeset
83 ["xmpp-server"] = module:get_option_array("s2s_ports", { 5269 });
4762
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
84 ["xmpps-client"] = module:get_option_array("c2s_direct_tls_ports", {});
4763
91077c928c57 mod_dnsupdate: Fix to use correct port settings
Kim Alvefur <zash@zash.se>
parents: 4762
diff changeset
85 ["xmpps-server"] = module:get_option_array("s2s_direct_tls_ports", {});
4762
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
86 };
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
87
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
88 if opts.multiplex then
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
89 for opt, ports in pairs(configured_ports) do
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
90 ports:append(module:get_option_array(opt:sub(1, 5) == "xmpps" and "ssl_ports" or "ports", {}));
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
91 end
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
92 end
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
93
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
94 local existing_srv = {};
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
95 for _, service in ipairs(services) do
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
96 existing_srv[service] = dns:lookup_promise(("_%s._tcp.%s"):format(service, ihost), "SRV");
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
97 end
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
98
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
99 print("zone", domain);
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
100 print("server", primary);
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
101 print("ttl " .. tostring(opts.ttl or 60 * 60));
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
102
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
103 for _, service in ipairs(services) do
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
104 local ports = set.new(configured_ports[service]);
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
105 local records = (async.wait_for(existing_srv[service]));
4764
a754f7e380b2 mod_dnsupdate: Rewrite port config vs DNS comparison code
Kim Alvefur <zash@zash.se>
parents: 4763
diff changeset
106 if opts.reset then
a754f7e380b2 mod_dnsupdate: Rewrite port config vs DNS comparison code
Kim Alvefur <zash@zash.se>
parents: 4763
diff changeset
107 print(("del _%s._tcp.%s IN SRV"):format(service, ihost));
a754f7e380b2 mod_dnsupdate: Rewrite port config vs DNS comparison code
Kim Alvefur <zash@zash.se>
parents: 4763
diff changeset
108 else
a754f7e380b2 mod_dnsupdate: Rewrite port config vs DNS comparison code
Kim Alvefur <zash@zash.se>
parents: 4763
diff changeset
109 for _, rr in ipairs(records) do
a754f7e380b2 mod_dnsupdate: Rewrite port config vs DNS comparison code
Kim Alvefur <zash@zash.se>
parents: 4763
diff changeset
110 if ports:contains(rr.srv.port) and target == nameprep(rr.srv.target):gsub("%.$", "") then
a754f7e380b2 mod_dnsupdate: Rewrite port config vs DNS comparison code
Kim Alvefur <zash@zash.se>
parents: 4763
diff changeset
111 ports:remove(rr.srv.port)
4765
3632836f35b0 mod_dnsupdate: Restore the --each option
Kim Alvefur <zash@zash.se>
parents: 4764
diff changeset
112 elseif not opts.each then
3632836f35b0 mod_dnsupdate: Restore the --each option
Kim Alvefur <zash@zash.se>
parents: 4764
diff changeset
113 print(("del _%s._tcp.%s IN SRV"):format(service, ihost));
3632836f35b0 mod_dnsupdate: Restore the --each option
Kim Alvefur <zash@zash.se>
parents: 4764
diff changeset
114 break
4764
a754f7e380b2 mod_dnsupdate: Rewrite port config vs DNS comparison code
Kim Alvefur <zash@zash.se>
parents: 4763
diff changeset
115 else
a754f7e380b2 mod_dnsupdate: Rewrite port config vs DNS comparison code
Kim Alvefur <zash@zash.se>
parents: 4763
diff changeset
116 print(("del _%s._tcp.%s IN SRV %s"):format(service, ihost, rr));
4762
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
117 end
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
118 end
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
119 end
4764
a754f7e380b2 mod_dnsupdate: Rewrite port config vs DNS comparison code
Kim Alvefur <zash@zash.se>
parents: 4763
diff changeset
120 for port in ports do print(("add _%s._tcp.%s IN SRV 1 1 %d %s"):format(service, ihost, port, target)); end
4762
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
121 end
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
122
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
123 print("show");
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
124 print("send");
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
125 print("answer");
ba312cd7907f mod_dnsupdate: Use with nsupdate to update DNS records from config
Kim Alvefur <zash@zash.se>
parents:
diff changeset
126 end