gitlabFork/ISPConfig3.git - Solinfo Gitblit

parent: b3e3f863 | patch | commit | ignore whitespace

Merge branch 'dns-dnssec-fix-dbmaster' into 'stable-3.1'

Till Brehm

2016-04-12 c92a4ee47ce5a7bb6b0e32a321ce09fece3e11dc

Merge branch 'dns-dnssec-fix-dbmaster' into 'stable-3.1'

Fix: DNSSEC-Info not written back into master DB

adds some permissions for slave servers to DB and enables the slave to write back it's dnssec-info into the master db

See merge request !312

3 files modified

	install/lib/installer_base.lib.php	9 ●●●●● patch \| view \| raw \| blame \| history
	server/lib/classes/cron.d/550-bind_dnssec.inc.php	9 ●●●●● patch \| view \| raw \| blame \| history
	server/plugins-available/bind_plugin.inc.php	10 ●●●●● patch \| view \| raw \| blame \| history

 install/lib/installer_base.lib.php

@@ -658,6 +658,15 @@
                if(!$this->dbmaster->query($query, $value['db'] . '.mail_backup', $value['user'], $host)) {
                    $this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
                }
				
                $query = "GRANT SELECT, UPDATE(`dnssec_initialized`, `dnssec_info`, `dnssec_last_signed`) ON ?? TO ?@?";
                if ($verbose){
                    echo $query ."\n";
                }
                if(!$this->dbmaster->query($query, $value['db'] . '.dns_soa', $value['user'], $host)) {
                    $this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
                }

            }

        }

 server/lib/classes/cron.d/550-bind_dnssec.inc.php

@@ -68,14 +68,13 @@
        
        //TODO : change this when distribution information has been integrated into server record
        $filespre = (file_exists('/etc/gentoo-release')) ? 'pri/' : 'pri.';
		
        $soas = $app->db->queryAllRecords('SELECT * FROM dns_soa WHERE dnssec_wanted=\'Y\' AND dnssec_initialized=\'Y\' AND dnssec_last_signed < '.(time()-(3600*24*5)+900)); //Resign zones every 5 days (expiry is 16 days so we have enough safety, 15 minutes tolerance)
		
        $soas = $app->db->queryAllRecords('SELECT `id`,`serial`,`origin` FROM dns_soa WHERE server_id=? AND active=\'Y\' AND dnssec_wanted=\'Y\' AND dnssec_initialized=\'Y\' AND (dnssec_last_signed < ? OR dnssec_last_signed > ?)', intval($conf['server_id']), time()-(3600*24*5)+900, time()+900); //Resign zones every 5 days (expiry is 16 days so we have enough safety, 15 minutes tolerance)

        foreach ($soas as $data) {
            $domain = substr($data['origin'], 0, strlen($data['origin'])-1);
            if (!file_exists($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain)) return false;
            if (!file_exists($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain)) continue;
            
            $app->log('DNSSEC Auto-Resign: Touching zone '.$domain, LOGLEVEL_INFO);
            $app->log('DNSSEC Auto-Resign: Touching zone '.$domain, LOGLEVEL_DEBUG);
            $app->db->datalogUpdate('dns_soa', array("serial" => $this->increase_serial($data['serial'])), 'id', $data['id']);
        }
        

 server/plugins-available/bind_plugin.inc.php

@@ -95,6 +95,7 @@
        //* Check Entropy
        if (file_get_contents('/proc/sys/kernel/random/entropy_avail') < 400) {
            $app->log('DNSSEC ERROR: We are low on entropy. Not generating new Keys for '.$domain.'. Please consider installing package haveged.', LOGLEVEL_WARN);
            echo "DNSSEC ERROR: We are low on entropy. Not generating new Keys for $domain. Please consider installing package haveged.\n";
            return false;
        }
        
@@ -157,7 +158,8 @@
            $dnssecdata .= file_get_contents($keyfile)."\n\n";
        }
        
        $app->db->query('UPDATE dns_soa SET dnssec_info=\''.$dnssecdata.'\', dnssec_initialized=\'Y\', dnssec_last_signed=\''.time().'\' WHERE id='.$data['new']['id']);
        if ($app->dbmaster !== $app->db) $app->dbmaster->query('UPDATE dns_soa SET dnssec_info=?, dnssec_initialized=\'Y\', dnssec_last_signed=? WHERE id=?', $dnssecdata, intval(time()), intval($data['new']['id']));
        $app->db->query('UPDATE dns_soa SET dnssec_info=?, dnssec_initialized=\'Y\', dnssec_last_signed=? WHERE id=?', $dnssecdata, intval(time()), intval($data['new']['id']));
    }
    
    function soa_dnssec_update(&$data, $new=false) {
@@ -178,12 +180,13 @@
        //* Check for available entropy
        if (file_get_contents('/proc/sys/kernel/random/entropy_avail') < 200) {
            $app->log('DNSSEC ERROR: We are low on entropy. This could cause server script to fail. Please consider installing package haveged.', LOGLEVEL_ERR);
            echo "DNSSEC ERROR: We are low on entropy. This could cause server script to fail. Please consider installing package haveged.\n";
            return false;
        }
        
        if (!$new && !file_exists($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.')) $this->soa_dnssec_create($data);
        
        $dbdata = $app->db->queryOneRecord('SELECT id,serial FROM dns_soa WHERE id='.$data['new']['id']);
        $dbdata = $app->db->queryOneRecord('SELECT id,serial FROM dns_soa WHERE id=?', intval($data['new']['id']));
        exec('cd '.escapeshellcmd($dns_config['bind_zonefiles_dir']).';'.
             'named-checkzone '.escapeshellcmd($domain).' '.escapeshellcmd($dns_config['bind_zonefiles_dir']).'/'.$filespre.escapeshellcmd($domain).' | egrep -ho \'[0-9]{10}\'', $serial, $retState);
        if ($retState != 0) {
@@ -212,7 +215,8 @@
        unlink($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain.'.signed');
        unlink($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.');
        
        $app->db->query('UPDATE dns_soa SET dnssec_info=\'\', dnssec_initialized=\'N\' WHERE id='.$data['new']['id']);
        if ($app->dbmaster !== $app->db) $app->dbmaster->query('UPDATE dns_soa SET dnssec_info=\'\', dnssec_initialized=\'N\' WHERE id=?', intval($data['new']['id']));
        $app->db->query('UPDATE dns_soa SET dnssec_info=\'\', dnssec_initialized=\'N\' WHERE id=?', intval($data['new']['id']));
    }

    function soa_insert($event_name, $data) {

			@@ -658,6 +658,15 @@
			if(!$this->dbmaster->query($query, $value['db'] . '.mail_backup', $value['user'], $host)) {
			$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
			}

			$query = "GRANT SELECT, UPDATE(`dnssec_initialized`, `dnssec_info`, `dnssec_last_signed`) ON ?? TO ?@?";
			if ($verbose){
			echo $query ."\n";
			}
			if(!$this->dbmaster->query($query, $value['db'] . '.dns_soa', $value['user'], $host)) {
			$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
			}

			}

			}

			@@ -68,14 +68,13 @@

			//TODO : change this when distribution information has been integrated into server record
			$filespre = (file_exists('/etc/gentoo-release')) ? 'pri/' : 'pri.';

			$soas = $app->db->queryAllRecords('SELECT * FROM dns_soa WHERE dnssec_wanted=\'Y\' AND dnssec_initialized=\'Y\' AND dnssec_last_signed < '.(time()-(3600245)+900)); //Resign zones every 5 days (expiry is 16 days so we have enough safety, 15 minutes tolerance)

			$soas = $app->db->queryAllRecords('SELECT `id`,`serial`,`origin` FROM dns_soa WHERE server_id=? AND active=\'Y\' AND dnssec_wanted=\'Y\' AND dnssec_initialized=\'Y\' AND (dnssec_last_signed < ? OR dnssec_last_signed > ?)', intval($conf['server_id']), time()-(3600245)+900, time()+900); //Resign zones every 5 days (expiry is 16 days so we have enough safety, 15 minutes tolerance)

			foreach ($soas as $data) {
			$domain = substr($data['origin'], 0, strlen($data['origin'])-1);
			if (!file_exists($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain)) return false;
			if (!file_exists($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain)) continue;

			$app->log('DNSSEC Auto-Resign: Touching zone '.$domain, LOGLEVEL_INFO);
			$app->log('DNSSEC Auto-Resign: Touching zone '.$domain, LOGLEVEL_DEBUG);
			$app->db->datalogUpdate('dns_soa', array("serial" => $this->increase_serial($data['serial'])), 'id', $data['id']);
			}

			@@ -95,6 +95,7 @@
			//* Check Entropy
			if (file_get_contents('/proc/sys/kernel/random/entropy_avail') < 400) {
			$app->log('DNSSEC ERROR: We are low on entropy. Not generating new Keys for '.$domain.'. Please consider installing package haveged.', LOGLEVEL_WARN);
			echo "DNSSEC ERROR: We are low on entropy. Not generating new Keys for $domain. Please consider installing package haveged.\n";
			return false;
			}

			@@ -157,7 +158,8 @@
			$dnssecdata .= file_get_contents($keyfile)."\n\n";
			}

			$app->db->query('UPDATE dns_soa SET dnssec_info=\''.$dnssecdata.'\', dnssec_initialized=\'Y\', dnssec_last_signed=\''.time().'\' WHERE id='.$data['new']['id']);
			if ($app->dbmaster !== $app->db) $app->dbmaster->query('UPDATE dns_soa SET dnssec_info=?, dnssec_initialized=\'Y\', dnssec_last_signed=? WHERE id=?', $dnssecdata, intval(time()), intval($data['new']['id']));
			$app->db->query('UPDATE dns_soa SET dnssec_info=?, dnssec_initialized=\'Y\', dnssec_last_signed=? WHERE id=?', $dnssecdata, intval(time()), intval($data['new']['id']));
			}

			function soa_dnssec_update(&$data, $new=false) {
			@@ -178,12 +180,13 @@
			//* Check for available entropy
			if (file_get_contents('/proc/sys/kernel/random/entropy_avail') < 200) {
			$app->log('DNSSEC ERROR: We are low on entropy. This could cause server script to fail. Please consider installing package haveged.', LOGLEVEL_ERR);
			echo "DNSSEC ERROR: We are low on entropy. This could cause server script to fail. Please consider installing package haveged.\n";
			return false;
			}

			if (!$new && !file_exists($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.')) $this->soa_dnssec_create($data);

			$dbdata = $app->db->queryOneRecord('SELECT id,serial FROM dns_soa WHERE id='.$data['new']['id']);
			$dbdata = $app->db->queryOneRecord('SELECT id,serial FROM dns_soa WHERE id=?', intval($data['new']['id']));
			exec('cd '.escapeshellcmd($dns_config['bind_zonefiles_dir']).';'.
			'named-checkzone '.escapeshellcmd($domain).' '.escapeshellcmd($dns_config['bind_zonefiles_dir']).'/'.$filespre.escapeshellcmd($domain).' \| egrep -ho \'[0-9]{10}\'', $serial, $retState);
			if ($retState != 0) {
			@@ -212,7 +215,8 @@
			unlink($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain.'.signed');
			unlink($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.');

			$app->db->query('UPDATE dns_soa SET dnssec_info=\'\', dnssec_initialized=\'N\' WHERE id='.$data['new']['id']);
			if ($app->dbmaster !== $app->db) $app->dbmaster->query('UPDATE dns_soa SET dnssec_info=\'\', dnssec_initialized=\'N\' WHERE id=?', intval($data['new']['id']));
			$app->db->query('UPDATE dns_soa SET dnssec_info=\'\', dnssec_initialized=\'N\' WHERE id=?', intval($data['new']['id']));
			}

			function soa_insert($event_name, $data) {