wip on enforcing TLSA on subdoms

[pdns-pipe-nmc.git] / PowerDns.hs

diff --git a/PowerDns.hs b/PowerDns.hs
index 457cdcae5b3be03b3160b0dc1f87e38b6b015bc6..9e1da83513130309234647b8246914a09d7d02ce 100644 (file)
--- a/PowerDns.hs
+++ b/PowerDns.hs
@@ -9,12 +9,13 @@ module PowerDns ( RRType(..)
 
 import Data.Text.Lazy (splitOn, pack)
 import Data.Map.Lazy (foldrWithKey)
+import Data.Default.Class (def)
 
 import NmcDom
 
 data RRType = RRTypeSRV   | RRTypeA   | RRTypeAAAA | RRTypeCNAME
             | RRTypeDNAME | RRTypeSOA | RRTypeRP   | RRTypeLOC
-            | RRTypeNS    | RRTypeDS  | RRTypeMX
+            | RRTypeNS    | RRTypeDS  | RRTypeMX   | RRTypeTLSA
             | RRTypeANY   | RRTypeError String
 
 instance Show RRType where
@@ -29,6 +30,7 @@ instance Show RRType where
   show RRTypeNS        = "NS"
   show RRTypeDS        = "DS"
   show RRTypeMX        = "MX"
+  show RRTypeTLSA      = "TLSA"
   show RRTypeANY       = "ANY"
   show (RRTypeError s) = "Unknown RR type: " ++ (show s)
 
@@ -44,6 +46,7 @@ rrType qt = case qt of
   "NS"      -> RRTypeNS
   "DS"      -> RRTypeDS
   "MX"      -> RRTypeMX
+  "TLSA"    -> RRTypeTLSA
   "ANY"     -> RRTypeANY
   _         -> RRTypeError qt
 
@@ -105,7 +108,7 @@ pdnsOutQ ver id gen name rrt edom =
     rrl = case rrt of
       RRTypeANY -> [ RRTypeSRV, RRTypeA, RRTypeAAAA, RRTypeCNAME
                    , RRTypeDNAME, RRTypeRP, RRTypeLOC, RRTypeNS
-                   , RRTypeDS, RRTypeMX -- SOA not included
+                   , RRTypeDS, RRTypeMX, RRTypeTLSA -- SOA not included
                    ]
       x         -> [x]
   in
@@ -121,10 +124,10 @@ pdnsOutXfr ver id gen name edom =
   let
     allrrs = [ RRTypeSRV, RRTypeA, RRTypeAAAA, RRTypeCNAME
              , RRTypeDNAME, RRTypeRP, RRTypeLOC, RRTypeNS
-             , RRTypeDS, RRTypeMX, RRTypeSOA
+             , RRTypeDS, RRTypeMX, RRTypeTLSA, RRTypeSOA
              ]
     walkDom f acc name dom =
-      f name dom $ case domMap dom of
+      f name dom $ case domSubmap dom of
         Nothing -> acc
         Just dm ->
           foldrWithKey (\n d a -> walkDom f a (n ++ "." ++ name) d) acc dm
@@ -162,8 +165,27 @@ dotmail addr =
     "" -> aname ++ "."
     _  -> aname ++ "." ++ (tail adom) ++ "."
 
-dataRR RRTypeSRV   = justl domSrv
+dataRR RRTypeSRV   = \ _ _ dom ->
+  case domSrv dom of
+    Nothing  -> []
+    Just srvs -> map srvStr srvs
+      where
+        srvStr x = (show (srvPrio x)) ++ "\t"
+                ++ (show (srvWeight x)) ++ " "
+                ++ (show (srvPort x)) ++ " "
+                ++ (srvHost x)
+    
 dataRR RRTypeMX    = justl domMx
+dataRR RRTypeTLSA  = \ _ _ dom ->
+  case domTlsa dom of
+    Nothing  -> []
+    Just tlsas -> map tlsaStr tlsas
+      where
+        tlsaStr x = "(3 0 "
+                 ++ (show (tlsMatchType x)) ++ " "
+                 ++ (tlsMatchValue x) ++ ")"
+        -- tlsIncSubdoms is not displayed, it is used for `propagate`.
+
 dataRR RRTypeA     = justl domIp
 dataRR RRTypeAAAA  = justl domIp6
 dataRR RRTypeCNAME = justv domAlias
@@ -177,7 +199,7 @@ dataRR RRTypeSOA   = \ gen name dom ->
       Nothing   -> "hostmaster." ++ name ++ "."
       Just addr -> dotmail addr
   in
-    if dom == emptyNmcDom then []
+    if dom == def then []
     else
     -- Follows a relatively ugly hack to figure if we are at the top
     -- level domain ("something.bit"). Only in such case we provide