#!/bin/bash
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/bind/Regression/bz533229-bind-sdb-postgresql
# Description: bz533229-bind-sdb-postgresql
# Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2011 Red Hat, Inc. All rights reserved.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
DB_USER="named"
DB_PASSWORD="$DB_USER-secret"
NAMED_SERVICE="named-sdb"
# Include rhts environment
. /usr/lib/beakerlib/beakerlib.sh
rlJournalStart
rlPhaseStartSetup
rlAssertRpm 'bind'
rlAssertRpm 'bind-sdb'
rlAssertRpm 'bind-utils'
rlAssertRpm 'mysql'
rlAssertRpm 'mysql-server'
rlFileBackup --clean "/var/lib/mysql" "/etc/rndc.key" "/etc/named.conf" "/etc/sysconfig/named"
rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
rlRun "chmod a+rx $TmpDir"
if rlIsRHEL "<7";then
rlRun "echo 'ENABLE_SDB=yes' > /etc/sysconfig/named"
NAMED_SERVICE=named
else
NAMED_SERVICE=named-sdb
fi
rlRun "ORIGPWD=`pwd`"
rlRun "rlServiceStart mysqld"
rlRun "mysql < dlz.schema" 0,1
rlRun "echo \"CREATE USER '${DB_USER}'@'localhost' IDENTIFIED BY '${DB_PASSWORD}';\" | mysql" 0,1 "Create DB user"
rlRun "echo \"GRANT ALL PRIVILEGES ON BindDB.* TO '${DB_USER}'@'localhost';\" | mysql" 0,1 "Give DB user access rights"
rlRun "mysql --user=\"$DB_USER\" --password=\"${DB_PASSWORD}\" BindDB < dlz.data" 0
rlRun "pushd $TmpDir"
rlPhaseEnd
rlPhaseStartTest
rlRun "rlServiceStart $NAMED_SERVICE"
# some visual checking of the table contents
rlRun "echo 'SELECT * FROM records;' | mysql --user=\"$DB_USER\" --password=\"${DB_PASSWORD}\" BindDB"
# configure bind
rlRun "rlServiceStop $NAMED_SERVICE"
cat >> /etc/named.conf <<EOFD
dlz "mytest" {
database "mysql
{
host=localhost socket=/var/lib/mysql/mysql.sock dbname=BindDB user=${DB_USER} pass=${DB_PASSWORD} threads=2
}
{SELECT zone FROM records WHERE zone = '\$zone$'}
{SELECT ttl, type, mx_priority, IF(type = 'TXT', CONCAT('\"',data,'\"'), data) AS data FROM records WHERE zone = '\$zone$' AND host = '\$record$' AND type <> 'SOA' AND type <> 'NS'}
{SELECT ttl, type, data, primary_ns, resp_contact, serial, refresh, retry, expire, minimum FROM records WHERE zone = '\$zone$' AND (type = 'SOA' OR type='NS')}
{SELECT ttl, type, host, mx_priority, IF(type = 'TXT', CONCAT('\"',data,'\"'), data) AS data, resp_contact, serial, refresh, retry, expire, minimum FROM records WHERE zone = '\$zone$' AND type <> 'SOA' AND type <> 'NS'}
{SELECT zone FROM xfr where zone='\$zone$' AND client = '\$client$'}";
search no;
};
zone "example.com." IN {
type master;
dlz "mytest";
# database "mysql dbname=BindDB user=${DB_USER} pass=${DB_PASSWORD} socket=/var/lib/mysql/mysql.sock";
# database "pgsql BindDB localhost test test";
# ^- DB name ^-Table ^-host ^-user ^-password
};
EOFD
# Supported parameters:
# dbname=
# port=
# compress=
# ssl=
# space=
# host=
# user=
# pass=
# socket=
# threads=
# TODO:
# Needs selinux fixing to allow named connecting to mysql
# type=PROCTITLE msg=audit(05/27/21 17:04:46.894:2036) : proctitle=/usr/sbin/named-sdb -u named -c /etc/named.conf
# type=SYSCALL msg=audit(05/27/21 17:04:46.894:2036) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xc a1=0x7f4657941810 a2=0x6e a3=0x0 items=0 ppid=39368 pid=39370 auid=unset uid=named gid=named euid=named suid=named fsuid=named egid=named sgid=named fsgid=named tty=(none) ses=unset comm=isc-worker0000 exe=/usr/sbin/named-sdb subj=system_u:system_r:named_t:s0 key=(null)
# type=AVC msg=audit(05/27/21 17:04:46.894:2036) : avc: denied { connectto } for pid=39370 comm=isc-worker0000 path=/var/lib/mysql/mysql.sock scontext=system_u:system_r:named_t:s0 tcontext=system_u:system_r:mysqld_t:s0 tclass=unix_stream_socket permissive=1
# type=AVC msg=audit(05/27/21 17:04:46.894:2036) : avc: denied { write } for pid=39370 comm=isc-worker0000 name=mysql.sock dev="vda1" ino=6820019 scontext=system_u:system_r:named_t:s0 tcontext=system_u:object_r:mysqld_var_run_t:s0 tclass=sock_file permissive=1
rlServiceStart $NAMED_SERVICE
# test it all together
for i in 1 2; do
rlRun "dig @localhost ns$i.example.com +short | grep \"192.168.0.[0-9]\+\""
done
rlLogInfo "Following record is note defined:"
rlRun "dig @localhost mailer.example.com | grep \"status: NXDOMAIN\"" 0
[ "$DEBUG" = y ] && PS1="test-debug $PS1" bash -i
rlPhaseEnd
rlPhaseStartCleanup
rlRun "echo \"DROP USER '${DB_USER}'@'localhost';\" | mysql" 0,1 "Destroy DB user"
rlServiceRestore $NAMED_SERVICE
rlRun "mysqladmin drop --force BindDB"
rlServiceRestore mysqld
rlFileRestore
rlPhaseEnd
rlJournalPrintText
rlJournalEnd