#!/bin/bash

die() { printf 'Error: %s\n' "$*" >&2; exit 1; }

warn() { printf 'Warning: %s\n' "$*" >&2; }

sql_string()
{
	printf '%s' "'${1//\'/\'\'}'"
}

powerdns_sqlite_add_replace_record()
{
	local sql_record_type="$(sql_string "$2")"
	local sql_ip_address="$(sql_string "$3")"

	zone=${1#*.}
	new_name=${label:+$label.}${1: -64 : 64}

	local sql_new_name="$(sql_string "$new_name")"
	local sql_zone="$(sql_string "$zone")"

	if false
	then
		pdnsutil create-zone "$zone"
		pdnsutil add-record "$zone" "$new_name" "$2" "$3"
		return
	fi

	DBDIR=/etc/powerdns
	DBNAME=powerdns.sqlite3
	DB=$DBDIR/$DBNAME

	test -r $DB    && test -w $DB    || die "Wrong permissions on $DB"
	test -r $DBDIR && test -w $DBDIR || die "Wrong permissions on $DBDIR"

	sqlite3 $DB <<END
${SQL_ECHO:+.echo on}
BEGIN;
	DELETE FROM records WHERE type=$sql_record_type AND name=$sql_new_name;

	INSERT INTO records

		(domain_id,
		name,
		type,
		content,
		ttl,
		prio)

		SELECT
			id,
			$sql_new_name,
			$sql_record_type,
			$sql_ip_address,
			3600,
			0
		FROM domains
		WHERE name=$sql_zone;
COMMIT;
END
	r=$?
	[ $r = 0 ] || return $r

	printf '%s %s\n' "$new_name" "$3"
}

add()
{
        local label=
        if [ $# = 3 ]
        then
                label=$1
                shift
        fi
	local record_type ip="$2"
	case "$ip" in
		*.*.*.*) record_type=A ;;
		*:*) record_type=AAAA ;;
		*) exit 1 ;;
	esac

	powerdns_sqlite_add_replace_record "$domain" "$record_type" "$ip"
}

validate_ssh_server()
{
        e=$(mktemp)
        ssh-keyscan -t "$SSH_CLIENT_KEYTYPE" "$ip_address" | grep -q " $SSH_CLIENT_KEYDATA\$" 2>"$e"
        if [ $? = 0 ]
        then
                rm "$e"
                return 0
        else
                cat "$e" >&2
                rm "$e"
                false
        fi
}

validate_dns_label()
{
	if [ $#1 -gt 64 ]
	then
		warn "ignored DNS label: too long"
		return 1
	fi
	case "$1" in
	-*|*--*|*-)
		warn 'ignored DNS label: invalid use of hyphens'
		return 2
		;;
	*[^-A-Za-z0-9]*)
		warn 'ignored DNS label: invalid character'
		return 3
		;;
	esac
	true
}

main()
{
	validate_ssh_server "$ip_address" || return
	add "$domain" "$ip_address"
	for label in $SSH_ORIGINAL_COMMAND
	do
		validate_dns_label "$label" || continue
		add "$label" "$domain" "$ip_address"
	done
}

PEM_DEST=$HOME/public_rsync

eval "$(samizdat-ssh-uid --copy-pem "$PEM_DEST")"

domain=${SSH_CLIENT_DOMAIN}
ip_address=${SSH_CLIENT%% *}

main "$@"