#!/bin/bash
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
#   runtest.sh of /CoreOS/bind/Regression/bz533229-bind-sdb-postgresql
#   Description: bz533229-bind-sdb-postgresql
#   Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
#   Copyright (c) 2011 Red Hat, Inc. All rights reserved.
#
#   This copyrighted material is made available to anyone wishing
#   to use, modify, copy, or redistribute it subject to the terms
#   and conditions of the GNU General Public License version 2.
#
#   This program is distributed in the hope that it will be
#   useful, but WITHOUT ANY WARRANTY; without even the implied
#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
#   PURPOSE. See the GNU General Public License for more details.
#
#   You should have received a copy of the GNU General Public
#   License along with this program; if not, write to the Free
#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
#   Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

DB_USER="named"
DB_PASSWORD="$DB_USER-secret"
NAMED_SERVICE="named-sdb"

# Include rhts environment
. /usr/lib/beakerlib/beakerlib.sh

rlJournalStart
    rlPhaseStartSetup
        rlAssertRpm 'bind'
        rlAssertRpm 'bind-sdb'
        rlAssertRpm 'bind-utils'
        rlAssertRpm 'mysql'
        rlAssertRpm 'mysql-server'
        rlFileBackup --clean "/var/lib/mysql" "/etc/rndc.key" "/etc/named.conf" "/etc/sysconfig/named"
        rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
        rlRun "chmod a+rx $TmpDir"
        if rlIsRHEL "<7";then
            rlRun "echo 'ENABLE_SDB=yes' > /etc/sysconfig/named"
            NAMED_SERVICE=named
        else
            NAMED_SERVICE=named-sdb
        fi
        rlRun "ORIGPWD=`pwd`"
        rlRun "rlServiceStart mysqld"
	rlRun "mysql < dlz.schema" 0,1
	rlRun "echo \"CREATE USER '${DB_USER}'@'localhost' IDENTIFIED BY '${DB_PASSWORD}';\" | mysql" 0,1 "Create DB user"
	rlRun "echo \"GRANT ALL PRIVILEGES ON BindDB.* TO '${DB_USER}'@'localhost';\" | mysql" 0,1 "Give DB user access rights"
	rlRun "mysql --user=\"$DB_USER\" --password=\"${DB_PASSWORD}\" BindDB < dlz.data" 0
        rlRun "pushd $TmpDir"
    rlPhaseEnd

    rlPhaseStartTest
	rlRun "rlServiceStart $NAMED_SERVICE"
        # some visual checking of the table contents
        rlRun "echo 'SELECT * FROM records;' | mysql --user=\"$DB_USER\" --password=\"${DB_PASSWORD}\" BindDB"

        # configure bind
	rlRun "rlServiceStop $NAMED_SERVICE"

cat >> /etc/named.conf <<EOFD

dlz "mytest" {
        database "mysql
           {
             host=localhost socket=/var/lib/mysql/mysql.sock dbname=BindDB user=${DB_USER} pass=${DB_PASSWORD} threads=2
           }
           {SELECT zone FROM records WHERE zone = '\$zone$'}
           {SELECT ttl, type, mx_priority, IF(type = 'TXT', CONCAT('\"',data,'\"'), data) AS data FROM records WHERE zone = '\$zone$' AND host = '\$record$' AND type <> 'SOA' AND type <> 'NS'}
           {SELECT ttl, type, data, primary_ns, resp_contact, serial, refresh, retry, expire, minimum FROM records WHERE zone = '\$zone$' AND (type = 'SOA' OR type='NS')}
           {SELECT ttl, type, host, mx_priority, IF(type = 'TXT', CONCAT('\"',data,'\"'), data) AS data, resp_contact, serial, refresh, retry, expire, minimum FROM records WHERE zone = '\$zone$' AND type <> 'SOA' AND type <> 'NS'}
           {SELECT zone FROM xfr where zone='\$zone$' AND client = '\$client$'}";
	search no;
};

zone "example.com." IN {
        type master;
	dlz "mytest";
        # database "mysql  dbname=BindDB        user=${DB_USER}     pass=${DB_PASSWORD} socket=/var/lib/mysql/mysql.sock";
        # database "pgsql  BindDB             localhost test   test";
        #                ^- DB name  ^-Table  ^-host    ^-user ^-password
};

EOFD
# Supported parameters:
# dbname=
# port=
# compress=
# ssl=
# space=
# host=
# user=
# pass=
# socket=
# threads=

# TODO:
# Needs selinux fixing to allow named connecting to mysql
# type=PROCTITLE msg=audit(05/27/21 17:04:46.894:2036) : proctitle=/usr/sbin/named-sdb -u named -c /etc/named.conf 
# type=SYSCALL msg=audit(05/27/21 17:04:46.894:2036) : arch=x86_64 syscall=connect success=yes exit=0 a0=0xc a1=0x7f4657941810 a2=0x6e a3=0x0 items=0 ppid=39368 pid=39370 auid=unset uid=named gid=named euid=named suid=named fsuid=named egid=named sgid=named fsgid=named tty=(none) ses=unset comm=isc-worker0000 exe=/usr/sbin/named-sdb subj=system_u:system_r:named_t:s0 key=(null) 
# type=AVC msg=audit(05/27/21 17:04:46.894:2036) : avc:  denied  { connectto } for  pid=39370 comm=isc-worker0000 path=/var/lib/mysql/mysql.sock scontext=system_u:system_r:named_t:s0 tcontext=system_u:system_r:mysqld_t:s0 tclass=unix_stream_socket permissive=1 
# type=AVC msg=audit(05/27/21 17:04:46.894:2036) : avc:  denied  { write } for  pid=39370 comm=isc-worker0000 name=mysql.sock dev="vda1" ino=6820019 scontext=system_u:system_r:named_t:s0 tcontext=system_u:object_r:mysqld_var_run_t:s0 tclass=sock_file permissive=1 

        rlServiceStart $NAMED_SERVICE

        # test it all together
        for i in 1 2; do
                rlRun "dig @localhost ns$i.example.com +short | grep \"192.168.0.[0-9]\+\""
        done
        rlLogInfo "Following record is note defined:"
        rlRun "dig @localhost mailer.example.com | grep \"status: NXDOMAIN\"" 0

	[ "$DEBUG" = y ] && PS1="test-debug $PS1" bash -i
    rlPhaseEnd

    rlPhaseStartCleanup
	rlRun "echo \"DROP USER '${DB_USER}'@'localhost';\" | mysql" 0,1 "Destroy DB user"
        rlServiceRestore $NAMED_SERVICE
	rlRun "mysqladmin drop --force BindDB"
        rlServiceRestore mysqld
        rlFileRestore
    rlPhaseEnd
rlJournalPrintText
rlJournalEnd