commit | author | age
|
7dbea0
|
1 |
<?php |
T |
2 |
|
|
3 |
/* |
|
4 |
Copyright (c) 2009, Till Brehm, projektfarm Gmbh |
|
5 |
All rights reserved. |
|
6 |
|
|
7 |
Redistribution and use in source and binary forms, with or without modification, |
|
8 |
are permitted provided that the following conditions are met: |
|
9 |
|
|
10 |
* Redistributions of source code must retain the above copyright notice, |
|
11 |
this list of conditions and the following disclaimer. |
|
12 |
* Redistributions in binary form must reproduce the above copyright notice, |
|
13 |
this list of conditions and the following disclaimer in the documentation |
|
14 |
and/or other materials provided with the distribution. |
|
15 |
* Neither the name of ISPConfig nor the names of its contributors |
|
16 |
may be used to endorse or promote products derived from this software without |
|
17 |
specific prior written permission. |
|
18 |
|
|
19 |
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND |
|
20 |
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
|
21 |
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
|
22 |
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, |
|
23 |
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, |
|
24 |
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
|
25 |
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY |
|
26 |
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING |
|
27 |
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, |
|
28 |
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
29 |
*/ |
|
30 |
|
|
31 |
class bind_plugin { |
7fe908
|
32 |
|
7dbea0
|
33 |
var $plugin_name = 'bind_plugin'; |
T |
34 |
var $class_name = 'bind_plugin'; |
|
35 |
var $action = 'update'; |
7fe908
|
36 |
|
7dbea0
|
37 |
//* This function is called during ispconfig installation to determine |
T |
38 |
// if a symlink shall be created for this plugin. |
|
39 |
function onInstall() { |
|
40 |
global $conf; |
7fe908
|
41 |
|
4bd960
|
42 |
if(isset($conf['bind']['installed']) && $conf['bind']['installed'] == true && @is_link('/usr/local/ispconfig/server/mods-enabled/dns_module.inc.php')) { |
7dbea0
|
43 |
return true; |
T |
44 |
} else { |
|
45 |
return false; |
|
46 |
} |
7fe908
|
47 |
|
7dbea0
|
48 |
} |
7fe908
|
49 |
|
MC |
50 |
|
7dbea0
|
51 |
/* |
T |
52 |
This function is called when the plugin is loaded |
|
53 |
*/ |
7fe908
|
54 |
|
7dbea0
|
55 |
function onLoad() { |
T |
56 |
global $app; |
7fe908
|
57 |
|
7dbea0
|
58 |
/* |
T |
59 |
Register for the events |
|
60 |
*/ |
a59731
|
61 |
|
7fe908
|
62 |
//* SOA |
MC |
63 |
$app->plugins->registerEvent('dns_soa_insert', $this->plugin_name, 'soa_insert'); |
|
64 |
$app->plugins->registerEvent('dns_soa_update', $this->plugin_name, 'soa_update'); |
|
65 |
$app->plugins->registerEvent('dns_soa_delete', $this->plugin_name, 'soa_delete'); |
|
66 |
|
|
67 |
//* SLAVE |
|
68 |
$app->plugins->registerEvent('dns_slave_insert', $this->plugin_name, 'slave_insert'); |
|
69 |
$app->plugins->registerEvent('dns_slave_update', $this->plugin_name, 'slave_update'); |
|
70 |
$app->plugins->registerEvent('dns_slave_delete', $this->plugin_name, 'slave_delete'); |
|
71 |
|
7dbea0
|
72 |
//* RR |
7fe908
|
73 |
$app->plugins->registerEvent('dns_rr_insert', $this->plugin_name, 'rr_insert'); |
MC |
74 |
$app->plugins->registerEvent('dns_rr_update', $this->plugin_name, 'rr_update'); |
|
75 |
$app->plugins->registerEvent('dns_rr_delete', $this->plugin_name, 'rr_delete'); |
|
76 |
|
7dbea0
|
77 |
} |
7fe908
|
78 |
|
b8611c
|
79 |
//* This creates DNSSEC-Keys and calls soa_dnssec_update. |
708b93
|
80 |
function soa_dnssec_create(&$data) { |
b1f9b2
|
81 |
global $app, $conf; |
AT |
82 |
|
|
83 |
//* Load libraries |
|
84 |
$app->uses("getconf,tpl"); |
|
85 |
|
|
86 |
//* load the server configuration options |
|
87 |
$dns_config = $app->getconf->get_server_config($conf["server_id"], 'dns'); |
|
88 |
|
cb009e
|
89 |
//TODO : change this when distribution information has been integrated into server record |
AT |
90 |
$filespre = (file_exists('/etc/gentoo-release')) ? 'pri/' : 'pri.'; |
|
91 |
|
b8611c
|
92 |
$domain = substr($data['new']['origin'], 0, strlen($data['new']['origin'])-1); |
cb009e
|
93 |
if (!file_exists($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain)) return false; |
b8611c
|
94 |
|
b1f9b2
|
95 |
//* Check Entropy |
AT |
96 |
if (file_get_contents('/proc/sys/kernel/random/entropy_avail') < 400) { |
2d9676
|
97 |
$app->log('DNSSEC ERROR: We are low on entropy. Not generating new Keys for '.$domain.'. Please consider installing package haveged.', LOGLEVEL_WARN); |
AT |
98 |
echo "DNSSEC ERROR: We are low on entropy. Not generating new Keys for $domain. Please consider installing package haveged.\n"; |
b1f9b2
|
99 |
return false; |
AT |
100 |
} |
|
101 |
|
|
102 |
//* Verify that we do not already have keys (overwriting-protection) |
b8611c
|
103 |
if (file_exists($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.')) { |
02f776
|
104 |
return $this->soa_dnssec_update($data); |
708b93
|
105 |
} else if ($data['new']['dnssec_initialized'] == 'Y') { //In case that we generated keys but the dsset-file was not generated |
AT |
106 |
$keycount=0; |
|
107 |
foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'*.key') as $keyfile) { |
|
108 |
$keycount++; |
|
109 |
} |
|
110 |
if ($keycount > 0) { |
|
111 |
$this->soa_dnssec_sign($data); |
|
112 |
return true; |
|
113 |
} |
b1f9b2
|
114 |
} |
AT |
115 |
|
|
116 |
//Do some magic... |
b8611c
|
117 |
exec('cd '.escapeshellcmd($dns_config['bind_zonefiles_dir']).';'. |
13b62b
|
118 |
'dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE '.escapeshellcmd($domain).';'. |
AT |
119 |
'dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE '.escapeshellcmd($domain)); |
b8611c
|
120 |
|
708b93
|
121 |
$this->soa_dnssec_sign($data); //Now sign the zone for the first time |
AT |
122 |
$data['new']['dnssec_initialized']='Y'; |
|
123 |
} |
|
124 |
|
|
125 |
function soa_dnssec_sign(&$data) { |
|
126 |
global $app, $conf; |
b1f9b2
|
127 |
|
708b93
|
128 |
//* Load libraries |
AT |
129 |
$app->uses("getconf,tpl"); |
|
130 |
|
|
131 |
//* load the server configuration options |
|
132 |
$dns_config = $app->getconf->get_server_config($conf["server_id"], 'dns'); |
|
133 |
|
|
134 |
//TODO : change this when distribution information has been integrated into server record |
|
135 |
$filespre = (file_exists('/etc/gentoo-release')) ? 'pri/' : 'pri.'; |
|
136 |
|
|
137 |
$domain = substr($data['new']['origin'], 0, strlen($data['new']['origin'])-1); |
|
138 |
if (!file_exists($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain)) return false; |
|
139 |
|
|
140 |
$zonefile = file_get_contents($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain); |
|
141 |
$keycount=0; |
|
142 |
foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'*.key') as $keyfile) { |
|
143 |
$includeline = '$INCLUDE '.basename($keyfile); |
|
144 |
if (!preg_match('@'.preg_quote($includeline).'@', $zonefile)) $zonefile .= "\n".$includeline."\n"; |
|
145 |
$keycount++; |
|
146 |
} |
|
147 |
if ($keycount != 2) $app->log('DNSSEC Warning: There are more or less than 2 keyfiles for zone '.$domain, LOGLEVEL_WARN); |
|
148 |
file_put_contents($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain, $zonefile); |
|
149 |
|
|
150 |
//Sign the zone and set it valid for max. 16 days |
|
151 |
exec('cd '.escapeshellcmd($dns_config['bind_zonefiles_dir']).';'. |
13b62b
|
152 |
'dnssec-signzone -A -e +1382400 -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N increment -o '.escapeshellcmd($domain).' -t '.$filespre.escapeshellcmd($domain)); |
708b93
|
153 |
|
AT |
154 |
//Write Data back ino DB |
b8611c
|
155 |
$dnssecdata = "DS-Records:\n".file_get_contents($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.'); |
AT |
156 |
$dnssecdata .= "\n------------------------------------\n\nDNSKEY-Records:\n"; |
708b93
|
157 |
foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'*.key') as $keyfile) { |
b8611c
|
158 |
$dnssecdata .= file_get_contents($keyfile)."\n\n"; |
b1f9b2
|
159 |
} |
AT |
160 |
|
6e91b6
|
161 |
if ($app->dbmaster !== $app->db) $app->dbmaster->query('UPDATE dns_soa SET dnssec_info=?, dnssec_initialized=\'Y\', dnssec_last_signed=? WHERE id=?', $dnssecdata, intval(time()), intval($data['new']['id'])); |
AT |
162 |
$app->db->query('UPDATE dns_soa SET dnssec_info=?, dnssec_initialized=\'Y\', dnssec_last_signed=? WHERE id=?', $dnssecdata, intval(time()), intval($data['new']['id'])); |
b8611c
|
163 |
} |
AT |
164 |
|
708b93
|
165 |
function soa_dnssec_update(&$data, $new=false) { |
b8611c
|
166 |
global $app, $conf; |
AT |
167 |
|
|
168 |
//* Load libraries |
|
169 |
$app->uses("getconf,tpl"); |
|
170 |
|
|
171 |
//* load the server configuration options |
|
172 |
$dns_config = $app->getconf->get_server_config($conf["server_id"], 'dns'); |
|
173 |
|
cb009e
|
174 |
//TODO : change this when distribution information has been integrated into server record |
AT |
175 |
$filespre = (file_exists('/etc/gentoo-release')) ? 'pri/' : 'pri.'; |
|
176 |
|
|
177 |
$domain = substr($data['new']['origin'], 0, strlen($data['new']['origin'])-1); |
|
178 |
if (!file_exists($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain)) return false; |
|
179 |
|
|
180 |
//* Check for available entropy |
b8611c
|
181 |
if (file_get_contents('/proc/sys/kernel/random/entropy_avail') < 200) { |
AT |
182 |
$app->log('DNSSEC ERROR: We are low on entropy. This could cause server script to fail. Please consider installing package haveged.', LOGLEVEL_ERR); |
0c04df
|
183 |
echo "DNSSEC ERROR: We are low on entropy. This could cause server script to fail. Please consider installing package haveged.\n"; |
b8611c
|
184 |
return false; |
AT |
185 |
} |
|
186 |
|
708b93
|
187 |
if (!$new && !file_exists($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.')) $this->soa_dnssec_create($data); |
b8611c
|
188 |
|
6e91b6
|
189 |
$dbdata = $app->db->queryOneRecord('SELECT id,serial FROM dns_soa WHERE id=?', intval($data['new']['id'])); |
cb009e
|
190 |
exec('cd '.escapeshellcmd($dns_config['bind_zonefiles_dir']).';'. |
13b62b
|
191 |
'named-checkzone '.escapeshellcmd($domain).' '.escapeshellcmd($dns_config['bind_zonefiles_dir']).'/'.$filespre.escapeshellcmd($domain).' | egrep -ho \'[0-9]{10}\'', $serial, $retState); |
cb009e
|
192 |
if ($retState != 0) { |
AT |
193 |
$app->log('DNSSEC Error: Error in Zonefile for '.$domain, LOGLEVEL_ERR); |
|
194 |
return false; |
|
195 |
} |
b8611c
|
196 |
|
708b93
|
197 |
$this->soa_dnssec_sign($data); |
AT |
198 |
} |
|
199 |
|
|
200 |
function soa_dnssec_delete(&$data) { |
|
201 |
global $app, $conf; |
|
202 |
|
|
203 |
//* Load libraries |
|
204 |
$app->uses("getconf,tpl"); |
|
205 |
|
|
206 |
//* load the server configuration options |
|
207 |
$dns_config = $app->getconf->get_server_config($conf["server_id"], 'dns'); |
b8611c
|
208 |
|
708b93
|
209 |
//TODO : change this when distribution information has been integrated into server record |
AT |
210 |
$filespre = (file_exists('/etc/gentoo-release')) ? 'pri/' : 'pri.'; |
|
211 |
|
|
212 |
$domain = substr($data['new']['origin'], 0, strlen($data['new']['origin'])-1); |
|
213 |
|
|
214 |
unlink($dns_config['bind_zonefiles_dir'].'/K'.$domain.'.+*'); |
|
215 |
unlink($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain.'.signed'); |
|
216 |
unlink($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.'); |
|
217 |
|
6e91b6
|
218 |
if ($app->dbmaster !== $app->db) $app->dbmaster->query('UPDATE dns_soa SET dnssec_info=\'\', dnssec_initialized=\'N\' WHERE id=?', intval($data['new']['id'])); |
AT |
219 |
$app->db->query('UPDATE dns_soa SET dnssec_info=\'\', dnssec_initialized=\'N\' WHERE id=?', intval($data['new']['id'])); |
b1f9b2
|
220 |
} |
7fe908
|
221 |
|
MC |
222 |
function soa_insert($event_name, $data) { |
7dbea0
|
223 |
global $app, $conf; |
7fe908
|
224 |
|
7dbea0
|
225 |
$this->action = 'insert'; |
7fe908
|
226 |
$this->soa_update($event_name, $data); |
MC |
227 |
|
7dbea0
|
228 |
} |
7fe908
|
229 |
|
MC |
230 |
function soa_update($event_name, $data) { |
7dbea0
|
231 |
global $app, $conf; |
7fe908
|
232 |
|
fc70a2
|
233 |
//* Load libraries |
T |
234 |
$app->uses("getconf,tpl"); |
7fe908
|
235 |
|
7dbea0
|
236 |
//* load the server configuration options |
T |
237 |
$dns_config = $app->getconf->get_server_config($conf["server_id"], 'dns'); |
7fe908
|
238 |
|
7dbea0
|
239 |
//* Write the domain file |
fdb514
|
240 |
if(!empty($data['new']['id'])) { |
8ee180
|
241 |
$tpl = new tpl(); |
T |
242 |
$tpl->newTemplate("bind_pri.domain.master"); |
7fe908
|
243 |
|
8ee180
|
244 |
$zone = $data['new']; |
T |
245 |
$tpl->setVar($zone); |
7fe908
|
246 |
|
7416d2
|
247 |
$records = $app->db->queryAllRecords("SELECT * FROM dns_rr WHERE zone = ? AND active = 'Y'", $zone['id']); |
615a0a
|
248 |
if(is_array($records) && !empty($records)){ |
T |
249 |
for($i=0;$i<sizeof($records);$i++){ |
|
250 |
if($records[$i]['ttl'] == 0) $records[$i]['ttl'] = ''; |
42f822
|
251 |
if($records[$i]['name'] == '') $records[$i]['name'] = '@'; |
793c77
|
252 |
//* Split TXT records, if nescessary |
TB |
253 |
if($records[$i]['type'] == 'TXT' && strlen($records[$i]['data']) > 255) { |
|
254 |
$records[$i]['data'] = implode('" "',str_split( $records[$i]['data'], 255)); |
|
255 |
} |
615a0a
|
256 |
} |
T |
257 |
} |
7fe908
|
258 |
$tpl->setLoop('zones', $records); |
MC |
259 |
|
4b88c2
|
260 |
//TODO : change this when distribution information has been integrated into server record |
7fe908
|
261 |
if (file_exists('/etc/gentoo-release')) { |
d907c0
|
262 |
$filename = escapeshellcmd($dns_config['bind_zonefiles_dir'].'/pri/'.str_replace("/", "_", substr($zone['origin'], 0, -1))); |
7fe908
|
263 |
} |
MC |
264 |
else { |
|
265 |
$filename = escapeshellcmd($dns_config['bind_zonefiles_dir'].'/pri.'.str_replace("/", "_", substr($zone['origin'], 0, -1))); |
|
266 |
} |
|
267 |
|
|
268 |
file_put_contents($filename, $tpl->grab()); |
8e725d
|
269 |
chown($filename, escapeshellcmd($dns_config['bind_user'])); |
J |
270 |
chgrp($filename, escapeshellcmd($dns_config['bind_group'])); |
7fe908
|
271 |
|
f038c0
|
272 |
//* Check the zonefile |
T |
273 |
if(is_file($filename.'.err')) unlink($filename.'.err'); |
7fe908
|
274 |
exec('named-checkzone '.escapeshellarg($zone['origin']).' '.escapeshellarg($filename), $out, $return_status); |
f038c0
|
275 |
if($return_status === 0) { |
7fe908
|
276 |
$app->log("Writing BIND domain file: ".$filename, LOGLEVEL_DEBUG); |
f038c0
|
277 |
} else { |
3fa443
|
278 |
if($dns_config['disable_bind_log'] === 'y') { |
FS |
279 |
$app->log("Writing BIND domain file failed: ".$filename." ".implode(' ', $out), LOGLEVEL_DEBUG); |
|
280 |
} else { |
|
281 |
$app->log("Writing BIND domain file failed: ".$filename." ".implode(' ', $out), LOGLEVEL_WARN); |
|
282 |
} |
7fe908
|
283 |
rename($filename, $filename.'.err'); |
f038c0
|
284 |
} |
8ee180
|
285 |
unset($tpl); |
T |
286 |
unset($records); |
a59ad3
|
287 |
unset($records_out); |
8ee180
|
288 |
unset($zone); |
T |
289 |
} |
24bede
|
290 |
|
AT |
291 |
//* DNSSEC-Implementation |
|
292 |
if($data['old']['origin'] != $data['new']['origin']) { |
708b93
|
293 |
if (@$data['old']['dnssec_initialized'] == 'Y' && strlen(@$data['old']['origin']) > 3) $this->soa_dnssec_delete($data); //delete old keys |
b1f9b2
|
294 |
if ($data['new']['dnssec_wanted'] == 'Y') $this->soa_dnssec_create($data); |
24bede
|
295 |
} |
b1f9b2
|
296 |
else if ($data['new']['dnssec_wanted'] == 'Y' && $data['old']['dnssec_initialized'] == 'N') $this->soa_dnssec_create($data); |
b9f313
|
297 |
else if ($data['new']['dnssec_wanted'] == 'N' && $data['old']['dnssec_initialized'] == 'Y') { //delete old signed file if dnssec is no longer wanted |
4c5357
|
298 |
//TODO : change this when distribution information has been integrated into server record |
AT |
299 |
if (file_exists('/etc/gentoo-release')) { |
|
300 |
$filename = $dns_config['bind_zonefiles_dir'].'/pri/'.str_replace("/", "_", substr($data['old']['origin'], 0, -1)); |
|
301 |
} |
|
302 |
else { |
|
303 |
$filename = $dns_config['bind_zonefiles_dir'].'/pri.'.str_replace("/", "_", substr($data['old']['origin'], 0, -1)); |
|
304 |
} |
|
305 |
if(is_file($filename.'.signed')) unlink($filename.'.signed'); |
b8611c
|
306 |
} else if ($data['new']['dnssec_wanted'] == 'Y') $this->soa_dnssec_update($data); |
4c5357
|
307 |
// END DNSSEC |
24bede
|
308 |
|
7dbea0
|
309 |
//* rebuild the named.conf file if the origin has changed or when the origin is inserted. |
fc70a2
|
310 |
//if($this->action == 'insert' || $data['old']['origin'] != $data['new']['origin']) { |
7fe908
|
311 |
$this->write_named_conf($data, $dns_config); |
fc70a2
|
312 |
//} |
7fe908
|
313 |
|
7dbea0
|
314 |
//* Delete old domain file, if domain name has been changed |
T |
315 |
if($data['old']['origin'] != $data['new']['origin']) { |
4b88c2
|
316 |
//TODO : change this when distribution information has been integrated into server record |
7fe908
|
317 |
if (file_exists('/etc/gentoo-release')) { |
d907c0
|
318 |
$filename = $dns_config['bind_zonefiles_dir'].'/pri/'.str_replace("/", "_", substr($data['old']['origin'], 0, -1)); |
7fe908
|
319 |
} |
MC |
320 |
else { |
|
321 |
$filename = $dns_config['bind_zonefiles_dir'].'/pri.'.str_replace("/", "_", substr($data['old']['origin'], 0, -1)); |
|
322 |
} |
|
323 |
|
f038c0
|
324 |
if(is_file($filename)) unlink($filename); |
T |
325 |
if(is_file($filename.'.err')) unlink($filename.'.err'); |
24bede
|
326 |
if(is_file($filename.'.signed')) unlink($filename.'.signed'); |
6a25ac
|
327 |
} |
AT |
328 |
|
eb64c3
|
329 |
//* Restart bind nameserver if update_acl is not empty, otherwise reload it |
TB |
330 |
if($data['new']['update_acl'] != '') { |
|
331 |
$app->services->restartServiceDelayed('bind', 'restart'); |
|
332 |
} else { |
|
333 |
$app->services->restartServiceDelayed('bind', 'reload'); |
|
334 |
} |
7fe908
|
335 |
|
7dbea0
|
336 |
} |
a59731
|
337 |
|
7fe908
|
338 |
function soa_delete($event_name, $data) { |
a59731
|
339 |
global $app, $conf; |
7fe908
|
340 |
|
MC |
341 |
//* load the server configuration options |
|
342 |
$app->uses("getconf,tpl"); |
|
343 |
$dns_config = $app->getconf->get_server_config($conf["server_id"], 'dns'); |
|
344 |
|
|
345 |
//* rebuild the named.conf file |
|
346 |
$this->write_named_conf($data, $dns_config); |
|
347 |
|
|
348 |
//* Delete the domain file |
|
349 |
//TODO : change this when distribution information has been integrated into server record |
|
350 |
if (file_exists('/etc/gentoo-release')) { |
|
351 |
$zone_file_name = $dns_config['bind_zonefiles_dir'].'/pri/'.str_replace("/", "_", substr($data['old']['origin'], 0, -1)); |
|
352 |
} |
|
353 |
else { |
|
354 |
$zone_file_name = $dns_config['bind_zonefiles_dir'].'/pri.'.str_replace("/", "_", substr($data['old']['origin'], 0, -1)); |
|
355 |
} |
|
356 |
|
|
357 |
if(is_file($zone_file_name)) unlink($zone_file_name); |
|
358 |
if(is_file($zone_file_name.'.err')) unlink($zone_file_name.'.err'); |
|
359 |
$app->log("Deleting BIND domain file: ".$zone_file_name, LOGLEVEL_DEBUG); |
|
360 |
|
6a25ac
|
361 |
//* DNSSEC-Implementation |
24bede
|
362 |
if ($data['old']['dnssec_initialized'] == 'Y') exec('/usr/local/ispconfig/server/scripts/dnssec-delete.sh '.$data['old']['origin']); //delete keys |
6a25ac
|
363 |
|
7fe908
|
364 |
//* Reload bind nameserver |
MC |
365 |
$app->services->restartServiceDelayed('bind', 'reload'); |
|
366 |
|
a59731
|
367 |
} |
7fe908
|
368 |
|
MC |
369 |
function slave_insert($event_name, $data) { |
a59731
|
370 |
global $app, $conf; |
7fe908
|
371 |
|
MC |
372 |
$this->action = 'insert'; |
|
373 |
$this->slave_update($event_name, $data); |
|
374 |
|
|
375 |
} |
|
376 |
|
|
377 |
function slave_update($event_name, $data) { |
|
378 |
global $app, $conf; |
|
379 |
|
a59731
|
380 |
//* Load libraries |
D |
381 |
$app->uses("getconf,tpl"); |
7fe908
|
382 |
|
a59731
|
383 |
//* load the server configuration options |
D |
384 |
$dns_config = $app->getconf->get_server_config($conf["server_id"], 'dns'); |
7fe908
|
385 |
|
a59731
|
386 |
//* rebuild the named.conf file if the origin has changed or when the origin is inserted. |
D |
387 |
//if($this->action == 'insert' || $data['old']['origin'] != $data['new']['origin']) { |
7fe908
|
388 |
$this->write_named_conf($data, $dns_config); |
a59731
|
389 |
//} |
7fe908
|
390 |
|
a59731
|
391 |
//* Delete old domain file, if domain name has been changed |
D |
392 |
if($data['old']['origin'] != $data['new']['origin']) { |
4b88c2
|
393 |
//TODO : change this when distribution information has been integrated into server record |
7fe908
|
394 |
if (file_exists('/etc/gentoo-release')) { |
MC |
395 |
$filename = $dns_config['bind_zonefiles_dir'].'/sec/'.str_replace("/", "_", substr($data['old']['origin'], 0, -1)); |
|
396 |
} |
|
397 |
else { |
|
398 |
$filename = $dns_config['bind_zonefiles_dir'].'/slave/sec.'.str_replace("/", "_", substr($data['old']['origin'], 0, -1)); |
|
399 |
} |
|
400 |
|
a59731
|
401 |
if(is_file($filename)) unset($filename); |
D |
402 |
} |
7fe908
|
403 |
|
355efb
|
404 |
//* Ensure that the named slave directory is writable by the named user |
T |
405 |
if (file_exists('/etc/gentoo-release')) { |
|
406 |
$slave_record_dir = $dns_config['bind_zonefiles_dir'].'/sec'; |
|
407 |
} else { |
|
408 |
$slave_record_dir = $dns_config['bind_zonefiles_dir'].'/slave'; |
|
409 |
} |
7fe908
|
410 |
if(!@is_dir($slave_record_dir)) mkdir($slave_record_dir, 0770); |
MC |
411 |
chown($slave_record_dir, $dns_config['bind_user']); |
|
412 |
chgrp($slave_record_dir, $dns_config['bind_group']); |
|
413 |
|
a59731
|
414 |
//* Reload bind nameserver |
7fe908
|
415 |
$app->services->restartServiceDelayed('bind', 'reload'); |
MC |
416 |
|
a59731
|
417 |
} |
7fe908
|
418 |
|
MC |
419 |
function slave_delete($event_name, $data) { |
a59731
|
420 |
global $app, $conf; |
7fe908
|
421 |
|
MC |
422 |
|
a59731
|
423 |
//* load the server configuration options |
D |
424 |
$app->uses("getconf,tpl"); |
|
425 |
$dns_config = $app->getconf->get_server_config($conf["server_id"], 'dns'); |
7fe908
|
426 |
|
a59731
|
427 |
//* rebuild the named.conf file |
7fe908
|
428 |
$this->write_named_conf($data, $dns_config); |
MC |
429 |
|
a59731
|
430 |
//* Delete the domain file |
4b88c2
|
431 |
//TODO : change this when distribution information has been integrated into server record |
7fe908
|
432 |
if (file_exists('/etc/gentoo-release')) { |
MC |
433 |
$zone_file_name = $dns_config['bind_zonefiles_dir'].'/sec/'.str_replace("/", "_", substr($data['old']['origin'], 0, -1)); |
|
434 |
} |
|
435 |
else { |
|
436 |
$zone_file_name = $dns_config['bind_zonefiles_dir'].'/slave/sec.'.str_replace("/", "_", substr($data['old']['origin'], 0, -1)); |
|
437 |
} |
|
438 |
|
a59731
|
439 |
if(is_file($zone_file_name)) unlink($zone_file_name); |
7fe908
|
440 |
$app->log("Deleting BIND domain file for secondary zone: ".$zone_file_name, LOGLEVEL_DEBUG); |
MC |
441 |
|
a59731
|
442 |
//* Reload bind nameserver |
7fe908
|
443 |
$app->services->restartServiceDelayed('bind', 'reload'); |
MC |
444 |
|
7dbea0
|
445 |
|
T |
446 |
} |
7fe908
|
447 |
|
MC |
448 |
function rr_insert($event_name, $data) { |
7dbea0
|
449 |
global $app, $conf; |
7fe908
|
450 |
|
7dbea0
|
451 |
//* Get the data of the soa and call soa_update |
cc7a82
|
452 |
$tmp = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data['new']['zone']); |
7dbea0
|
453 |
$data["new"] = $tmp; |
T |
454 |
$data["old"] = $tmp; |
|
455 |
$this->action = 'update'; |
7fe908
|
456 |
$this->soa_update($event_name, $data); |
MC |
457 |
|
7dbea0
|
458 |
} |
7fe908
|
459 |
|
MC |
460 |
function rr_update($event_name, $data) { |
7dbea0
|
461 |
global $app, $conf; |
7fe908
|
462 |
|
MC |
463 |
//* Get the data of the soa and call soa_update |
cc7a82
|
464 |
$tmp = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data['new']['zone']); |
7fe908
|
465 |
$data["new"] = $tmp; |
MC |
466 |
$data["old"] = $tmp; |
|
467 |
$this->action = 'update'; |
|
468 |
$this->soa_update($event_name, $data); |
|
469 |
|
|
470 |
} |
|
471 |
|
|
472 |
function rr_delete($event_name, $data) { |
|
473 |
global $app, $conf; |
|
474 |
|
7dbea0
|
475 |
//* Get the data of the soa and call soa_update |
cc7a82
|
476 |
$tmp = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data['old']['zone']); |
7dbea0
|
477 |
$data["new"] = $tmp; |
T |
478 |
$data["old"] = $tmp; |
|
479 |
$this->action = 'update'; |
7fe908
|
480 |
$this->soa_update($event_name, $data); |
MC |
481 |
|
7dbea0
|
482 |
} |
7fe908
|
483 |
|
MC |
484 |
//################################################################## |
|
485 |
|
7dbea0
|
486 |
function write_named_conf($data, $dns_config) { |
T |
487 |
global $app, $conf; |
7fe908
|
488 |
|
MC |
489 |
//* Only write the master file for the current server |
b9f313
|
490 |
$tmps = $app->db->queryAllRecords("SELECT origin, xfer, also_notify, update_acl, dnssec_wanted FROM dns_soa WHERE active = 'Y' AND server_id=?", $conf["server_id"]); |
fc70a2
|
491 |
$zones = array(); |
7fe908
|
492 |
|
957aaf
|
493 |
//* Check if the current zone that triggered this function has at least one NS record |
7fe908
|
494 |
|
4b88c2
|
495 |
//TODO : change this when distribution information has been integrated into server record |
7fe908
|
496 |
if (file_exists('/etc/gentoo-release')) { |
MC |
497 |
$pri_zonefiles_path = $dns_config['bind_zonefiles_dir'].'/pri/'; |
|
498 |
$sec_zonefiles_path = $dns_config['bind_zonefiles_dir'].'/sec/'; |
|
499 |
|
|
500 |
} |
|
501 |
else { |
|
502 |
$pri_zonefiles_path = $dns_config['bind_zonefiles_dir'].'/pri.'; |
|
503 |
$sec_zonefiles_path = $dns_config['bind_zonefiles_dir'].'/slave/sec.'; |
|
504 |
} |
a59ad3
|
505 |
|
957aaf
|
506 |
//* Loop trough zones |
fc70a2
|
507 |
foreach($tmps as $tmp) { |
24bede
|
508 |
$zone_file = $pri_zonefiles_path.str_replace("/", "_", substr($tmp['origin'], 0, -1)); |
b9f313
|
509 |
if ($tmp['dnssec_wanted'] == 'Y') $zone_file .= '.signed'; //.signed is for DNSSEC-Implementation |
7fe908
|
510 |
|
a59ad3
|
511 |
$options = ''; |
a59731
|
512 |
if(trim($tmp['xfer']) != '') { |
7fe908
|
513 |
$options .= " allow-transfer {".str_replace(',', ';', $tmp['xfer']).";};\n"; |
a59731
|
514 |
} else { |
D |
515 |
$options .= " allow-transfer {none;};\n"; |
|
516 |
} |
7fe908
|
517 |
if(trim($tmp['also_notify']) != '') $options .= ' also-notify {'.str_replace(',', ';', $tmp['also_notify']).";};\n"; |
MC |
518 |
if(trim($tmp['update_acl']) != '') $options .= " allow-update {".str_replace(',', ';', $tmp['update_acl']).";};\n"; |
|
519 |
|
f038c0
|
520 |
if(file_exists($zone_file)) { |
7fe908
|
521 |
$zones[] = array( 'zone' => substr($tmp['origin'], 0, -1), |
MC |
522 |
'zonefile_path' => $zone_file, |
|
523 |
'options' => $options |
|
524 |
); |
957aaf
|
525 |
} |
fc70a2
|
526 |
} |
a59731
|
527 |
|
7dbea0
|
528 |
$tpl = new tpl(); |
T |
529 |
$tpl->newTemplate("bind_named.conf.local.master"); |
7fe908
|
530 |
$tpl->setLoop('zones', $zones); |
MC |
531 |
|
a59731
|
532 |
//* And loop through the secondary zones, but only for the current server |
cc7a82
|
533 |
$tmps_sec = $app->db->queryAllRecords("SELECT origin, xfer, ns FROM dns_slave WHERE active = 'Y' AND server_id=?", $conf["server_id"]); |
a59731
|
534 |
$zones_sec = array(); |
D |
535 |
|
|
536 |
foreach($tmps_sec as $tmp) { |
7fe908
|
537 |
|
a59731
|
538 |
$options = " masters {".$tmp['ns'].";};\n"; |
7fe908
|
539 |
if(trim($tmp['xfer']) != '') { |
MC |
540 |
$options .= " allow-transfer {".str_replace(',', ';', $tmp['xfer']).";};\n"; |
|
541 |
} else { |
|
542 |
$options .= " allow-transfer {none;};\n"; |
|
543 |
} |
a59731
|
544 |
|
D |
545 |
|
7fe908
|
546 |
$zones_sec[] = array( 'zone' => substr($tmp['origin'], 0, -1), |
MC |
547 |
'zonefile_path' => $sec_zonefiles_path.str_replace("/", "_", substr($tmp['origin'], 0, -1)), |
|
548 |
'options' => $options |
|
549 |
); |
a59731
|
550 |
|
7fe908
|
551 |
// $filename = escapeshellcmd($dns_config['bind_zonefiles_dir'].'/slave/sec.'.substr($tmp['origin'],0,-1)); |
MC |
552 |
// $app->log("Writing BIND domain file: ".$filename,LOGLEVEL_DEBUG); |
|
553 |
|
|
554 |
|
a59731
|
555 |
} |
7fe908
|
556 |
|
a59731
|
557 |
$tpl_sec = new tpl(); |
D |
558 |
$tpl_sec->newTemplate("bind_named.conf.local.slave"); |
7fe908
|
559 |
$tpl_sec->setLoop('zones', $zones_sec); |
a59731
|
560 |
|
7fe908
|
561 |
file_put_contents($dns_config['named_conf_local_path'], $tpl->grab()."\n".$tpl_sec->grab()); |
MC |
562 |
$app->log("Writing BIND named.conf.local file: ".$dns_config['named_conf_local_path'], LOGLEVEL_DEBUG); |
|
563 |
|
|
564 |
unset($tpl_sec); |
|
565 |
unset($zones_sec); |
|
566 |
unset($tmps_sec); |
7dbea0
|
567 |
unset($tpl); |
fc70a2
|
568 |
unset($zones); |
T |
569 |
unset($tmps); |
7fe908
|
570 |
|
7dbea0
|
571 |
} |
7fe908
|
572 |
|
MC |
573 |
|
|
574 |
|
7dbea0
|
575 |
|
T |
576 |
} // end class |
|
577 |
|
a59731
|
578 |
?> |