def syncio(sox, query):
try:
if query:
#DEBUG_SHOWS_PASSWORD# sys.stdout.write (query)
query = struct.pack('>L', 4 + len(query)) + query
sox.send(query)
else:
log_debug('Picking up response without sending a query\n')
except:
log_error('Failed to send message to registry server\n')
raise
try:
resplen = struct.unpack('>L', sox.read(4))[0] - 4
# syslog (LOG_DEBUG, 'Receiving %d response bytes from registry' % resplen)
xmltext = ''
while len(xmltext) < resplen:
xmltext = xmltext + sox.read(resplen - len(xmltext))
#DEBUG_SHOWS_ANYTHING# sys.stdout.write (xmltext)
except:
log_error('Failed to receive reply from registry server\n')
raise
try:
xmltree = etree.fromstring(xmltext)
return xmltree
except:
log_error('Failed to parse XML:\n| ' + xmltext.replace('\n', '\n| '))
raise
def runcmd(cmdline, more=False):
syslog(LOG_INFO, 'Running: ' + cmdline)
retval = os.system('sudo ' + cmdline)
if retval != 0:
fatal('Error: ' + str(retval) + '\n')
elif not more:
log_debug('OK\n')
def addzone(zone, zonedata):
# Ensure that a zone is served by Knot DNS.
# Note: Key setup and DNSSEC signing is orthogonally setup;
# it defaults to being off, so an unsigned zone is delivered.
#
# Note: This procedure is idempotent, zone additions are neutral
# for already-existing zones.
#
# Note: Zone addition is not done in the parenting procedure,
# as it makes little sense there without actual zone data (with,
# at minimum, the SOA record). The parenting exchange will get
# a hint when we add a zone though, so it can append any child
# name server records as soon as we add the zone.
#
global_lock = open('/tmp/knotc-global-lock', 'w')
fcntl.lockf(global_lock, fcntl.LOCK_EX)
rv0 = os.system('/usr/sbin/knotc conf-begin')
rv1 = 0
rv2 = 0
if rv0 == 0:
os.system('/usr/sbin/knotc conf-set zone.domain "' + zone + '"')
# Ignore the result; the zone may already exist; check that
rv1 = os.system('/usr/sbin/knotc conf-get "zone[' + zone + ']"')
if rv0 == 0 and rv1 == 0:
try:
knot_signed = '/var/opendnssec/signed/' + zone + '.txt'
shared = stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IWGRP
fd = open(knot_signed, 'w')
fd.write(zonedata)
fd.close()
os.chmod(knot_signed, shared)
rv2 = os.system('/usr/sbin/knotc conf-set "zone[' + zone +
'].file" "' + knot_signed + '"')
except:
rv2 = 2
if rv0 == 0 and rv1 == 0 and rv2 == 0:
os.system('/usr/sbin/knotc conf-commit')
log_debug('CMD> ods-keyops-knot-sharekey "' + zone + '"')
os.system('ods-keyops-knot-sharekey "' + zone + '"')
else:
if rv0 == 0:
os.system('/usr/sbin/knotc conf-abort')
log_error('Knot DNS could not add zone', zone,
'(%d,%d,%d)' % (rv0, rv1, rv2))
global_lock.close()
def zone_update(zone, new_zone_file, knot_zone_file):
tmp_zone_file = '/tmp/' + zone
log_debug('CMD> /usr/sbin/knotc zone-read "' + zone +
'" | sed \'s/^\[[^]]*\] *//\' > "' + tmp_zone_file + '"')
os.system('/usr/sbin/knotc zone-read "' + zone +
'" | sed \'s/^\[[^]]*\] *//\' > "' + tmp_zone_file + '"')
log_debug('CMD> ldns-zonediff -k -o "' + zone + '" "' + tmp_zone_file +
'" "' + new_zone_file + '" | /usr/sbin/knotc')
os.system('ldns-zonediff -k -o "' + zone + '" "' + tmp_zone_file + '" "' +
new_zone_file + '" | /usr/sbin/knotc')
# ignore previous result, but check the result
log_debug('CMD> /usr/sbin/knotc zone-read "' + zone +
'" | sed \'s/^\[[^]]*\] *//\' > "' + tmp_zone_file + '"')
os.system('/usr/sbin/knotc zone-read "' + zone +
'" | sed \'s/^\[[^]]*\] *//\' > "' + tmp_zone_file + '"')
log_debug('CMD> ldns-zonediff -o "' + zone + '" "' + tmp_zone_file +
'" "' + new_zone_file + '"')
exitval = os.system('ldns-zonediff -o "' + zone + '" "' + tmp_zone_file +
'" "' + new_zone_file + '"')
if exitval != 0:
log_error(
'Knot DNS has not received/processed complete zone file update for',
zone)
def dbgprint(str):
log_debug(str)
def shell_session(cnx):
global shellname, action_argcount, sidn_host, sidn_port, sidn_user, sidn_pass
shellname = 'registry_shell'
openlog('registry_shell',
LOG_PID | (LOG_PERROR if sys.stderr.isatty() else 0), LOG_DAEMON)
syslog(LOG_INFO,
'Opening new shell to ' + sidn_host + ':' + str(sidn_port))
loggedin = False
last_contact = None
last_user = None
try:
login(cnx)
loggedin = True
moretodo = True
while moretodo:
prompt()
cmd = sys.stdin.readline()
if cmd == '':
log_debug('exit\nOK\n')
break
if cmd == '\n' or cmd[:1] == '#':
continue
cmd = cmd.strip()
syslog(LOG_INFO, 'Received: ' + cmd)
while cmd.find(' ') != -1:
cmd = cmd.replace(' ', ' ')
argv = cmd.split(' ')
if not action_argcount[shellname].has_key(argv[0]):
fatal('Command not allowed')
if len(argv) != 1 + action_argcount[shellname][argv[0]]:
fatal('Wrong args')
elif argv[0] == 'keysync':
keysync(cnx, argv[1])
elif argv[0] == 'eppkeys':
keyset = eppkeys(cnx, argv[1])
ctr = 0
for key in keyset:
# print key.to_text ()
ctr = ctr + 1
log_debug('Number of KSK keys found: ', ctr)
elif argv[0] == 'help' and os.isatty(sys.stdin.fileno()):
prefix = 'Supported commands: '
for cmd in action_argcount[shellname].keys():
log_debug(prefix + cmd)
prefix = ', '
log_debug('\nOK\n')
elif argv[0] == 'exit' or argv[0] == 'quit':
log_debug('OK\n')
moretodo = False
else:
fatal('Unknown command')
except SystemExit:
raise
except Exception, e:
syslog('Shell exception: ' + str(e))
fatal('You hurt my feelings -- this is goodbye')
sys.exit(1)
def prompt():
if os.isatty(sys.stdin.fileno()):
log_debug(shellname + '$ ')