diff options
author | Marcello Coutinho <marcellocoutinho@gmail.com> | 2013-10-18 19:11:21 -0300 |
---|---|---|
committer | Marcello Coutinho <marcellocoutinho@gmail.com> | 2013-10-18 19:11:21 -0300 |
commit | 9d38ca45c1aae2c7a492645c629e9725eea225ba (patch) | |
tree | 7a8ea1f4e28c8d3a2fa42c9d80b65e857a537b03 | |
parent | d199db0bc5bf99c77ec29d01edb646b7713cc9a8 (diff) | |
download | pfsense-packages-9d38ca45c1aae2c7a492645c629e9725eea225ba.tar.gz pfsense-packages-9d38ca45c1aae2c7a492645c629e9725eea225ba.tar.bz2 pfsense-packages-9d38ca45c1aae2c7a492645c629e9725eea225ba.zip |
bind - fix chroot dev devices again, include dsset info on gui for dnssec zones.
Encode custom options with base64.
sync code change zone type to slave on backup servers
-rw-r--r-- | config/bind/bind.inc | 50 | ||||
-rw-r--r-- | config/bind/bind_sync.xml | 12 | ||||
-rw-r--r-- | config/bind/bind_views.xml | 3 | ||||
-rw-r--r-- | config/bind/bind_zones.xml | 45 |
4 files changed, 83 insertions, 27 deletions
diff --git a/config/bind/bind.inc b/config/bind/bind.inc index 658ae229..6ae870db 100644 --- a/config/bind/bind.inc +++ b/config/bind/bind.inc @@ -254,7 +254,7 @@ EOD; $viewallowrecursion = "none"; else $viewallowrecursion = str_replace(',','; ',$views['allow-recursion']); - $viewcustomoptions = $views['bind_custom_options']; + $viewcustomoptions = base64_decode($views['bind_custom_options']); $bind_conf .= "view \"$viewname\" { \n\n"; $bind_conf .= "\trecursion $viewrecursion;\n"; @@ -280,7 +280,7 @@ EOD; $zonename = $zone['name']; $zonetype = $zone['type']; $zoneview = $zone['view']; - $zonecustom = $zone['custom']; + $zonecustom = base64_decode($zone['custom']); $zoneipslave = $zone['slaveip']; $zoneforwarders=$zone['forwarders']; $zonereverso = $zone['reverso']; @@ -405,10 +405,9 @@ EOD; //check dnssec keys creation for master zones if($zone['dnssec']=="on"){ $zone_found=0; - foreach (glob(CHROOT_LOCALBASE."/etc/namedb/keys/*",GLOB_NOSORT) as $filename) { - if (preg_match("/$zonename/i", $filename)) - $zone_found++; - } + foreach (glob(CHROOT_LOCALBASE."/etc/namedb/keys/*{$zonename}*key",GLOB_NOSORT) as $filename){ + $zone_found++; + } if ($zone_found==0){ $dnssec_bin="/usr/local/sbin/dnssec-keygen"; if (file_exists($dnssec_bin)){ @@ -420,6 +419,16 @@ EOD; } } } + //get ds keys + $dsfromkey="/usr/local/sbin/dnssec-dsfromkey"; + foreach (glob(CHROOT_LOCALBASE."/etc/namedb/keys/*{$zonename}*key",GLOB_NOSORT) as $filename) { + $zone_key=file_get_contents($filename); + if (preg_match("/IN DNSKEY 257 /",$zone_key) && file_exists($dsfromkey)){ + exec("$dsfromkey $filename",$dsset); + $config["installedpackages"]["bindzone"]["config"][$x]['dsset']=base64_encode(array_pop($dsset)."\n".array_pop($dsset)); + $write_config++; + } + } } break; case "slave": @@ -446,8 +455,18 @@ EOD; if (!is_dir(CHROOT_LOCALBASE .$dir)) mkdir(CHROOT_LOCALBASE .$dir,0755,true); } + //dev dirs for chroot + $bind_dev_dir=CHROOT_LOCALBASE."/dev"; + if (!file_exists("$bind_dev_dir/random")){ + $dev_dirs=array("null","zero","random","urandom"); + exec("/sbin/mount -t devfs devfs {$bind_dev_dir}",$dout); + exec("/sbin/devfs -m {$bind_dev_dir} ruleset 1",$dout); + exec("/sbin/devfs -m {$bind_dev_dir} rule add hide",$dout); + foreach ($dev_dirs as $dev_dir) + exec("/sbin/devfs -m {$bind_dev_dir} rule add path $dev_dir unhide",$dout); + exec("/sbin/devfs -m {$bind_dev_dir} rule applyset",$dout); + } //http://www.unixwiz.net/techtips/bind9-chroot.html - file_put_contents(CHROOT_LOCALBASE.'/etc/namedb/named.conf', $bind_conf); file_put_contents(CHROOT_LOCALBASE.'/etc/namedb/rndc.conf', $rndc_file); @@ -462,6 +481,7 @@ EOD; bind_write_rcfile(); chown(CHROOT_LOCALBASE."/etc/namedb/keys","bind"); + chown(CHROOT_LOCALBASE."/etc/namedb","bind"); chown(CHROOT_LOCALBASE."/var/log","bind"); chown(CHROOT_LOCALBASE."/var/run/named","bind"); chgrp(CHROOT_LOCALBASE."/var/log","bind"); @@ -534,7 +554,7 @@ function bind_print_javascript_type_zone(){ } function bind_print_javascript_type_zone2(){ - print("<script language=\"JavaScript\">on_type_zone_changed();document.iform.resultconfig.disabled = 1;</script>\n"); + print("<script language=\"JavaScript\">on_type_zone_changed();document.iform.resultconfig.disabled = 1;document.iform.dsset.disabled = 1;</script>\n"); } function bind_write_rcfile() { @@ -586,6 +606,7 @@ function bind_sync_on_changes() { $bind_sync=$config['installedpackages']['bind']['config'][0]; $synconchanges = $bind_sync['synconchanges']; $synctimeout = $bind_sync['synctimeout']; + $master_zone_ip=$bind_sync['masterip']; switch ($synconchanges){ case "manual": if (is_array($bind_sync[row])){ @@ -622,14 +643,14 @@ function bind_sync_on_changes() { else $username = 'admin'; if($password && $sync_to_ip) - bind_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout); + bind_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout,$master_zone_ip); } log_error("[bind] xmlrpc sync is ending."); } } } /* Do the actual XMLRPC sync */ -function bind_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) { +function bind_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout,$master_zone_ip) { global $config, $g; if(!$username) @@ -666,6 +687,15 @@ function bind_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) { $xml['bindacls'] = $config['installedpackages']['bindacls']; $xml['bindviews'] = $config['installedpackages']['bindviews']; $xml['bindzone'] = $config['installedpackages']['bindzone']; + //change master zone to slave on backup servers + if(is_array($xml['bindzone']["config"])) + for ($x=0; $x<sizeof($xml['bindzone']["config"]); $x++){ + if ($xml['bindzone']["config"][$x]['type']=="master"){ + $xml['bindzone']["config"][$x]['type']="slave"; + $xml['bindzone']["config"][$x]['slaveip']=$master_zone_ip; + } + + } /* assemble xmlrpc payload */ $params = array( XML_RPC_encode($password), diff --git a/config/bind/bind_sync.xml b/config/bind/bind_sync.xml index d81f7803..c6a80e98 100644 --- a/config/bind/bind_sync.xml +++ b/config/bind/bind_sync.xml @@ -64,7 +64,7 @@ </tab> <tab> <text>Sync</text> - <url>/pkg.php?xml=bind_sync.xml</url> + <url>/pkg_edit.php?xml=bind_sync.xml</url> <active/> </tab> </tabs> @@ -102,6 +102,16 @@ </options> </field> <field> + <fielddescr>Zone Master IP</fielddescr> + <fieldname>masterip</fieldname> + <description><![CDATA[Set master zone ip you want to use to sync backup server zones with master.<br> + <b>All master zones will be configured as backup on slave servers.</b><br> + Do not forget to create firewall rules to allow zone transfer between master and slave servers.]]></description> + <type>input</type> + <size>20</size> + <required/> + </field> + <field> <fielddescr>Remote Server</fielddescr> <fieldname>none</fieldname> <type>rowhelper</type> diff --git a/config/bind/bind_views.xml b/config/bind/bind_views.xml index 2d620e0c..a6c42552 100644 --- a/config/bind/bind_views.xml +++ b/config/bind/bind_views.xml @@ -148,7 +148,8 @@ <description>You can put your own custom options here, separated by semi-colons (;).</description> <type>textarea</type> <cols>65</cols> - <rows>5</rows> + <rows>8</rows> + <encoding>base64</encoding> </field> </fields> <custom_php_command_before_form> diff --git a/config/bind/bind_zones.xml b/config/bind/bind_zones.xml index a34c7ddc..08acc7ae 100644 --- a/config/bind/bind_zones.xml +++ b/config/bind/bind_zones.xml @@ -119,6 +119,13 @@ <required/> </field> <field> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + <description>Enter the description for this zone.</description> + <type>input</type> + <size>70</size> + </field> + <field> <fielddescr>Zone Type</fielddescr> <fieldname>type</fieldname> <description>Select zone type</description> @@ -147,26 +154,34 @@ <type>checkbox</type> </field> <field> + <fielddescr>custom Option</fielddescr> + <fieldname>custom</fieldname> + <description>You can put your own custom options here.</description> + <type>textarea</type> + <cols>75</cols> + <rows>8</rows> + <encoding>base64</encoding> + </field> + <field> + <type>listtopic</type> + <name>DNSSEC</name> + <fieldname>temp04</fieldname> + </field> + <field> <fielddescr>Inline Signing</fielddescr> <fieldname>dnssec</fieldname> <description>Enable inline DNSSEC Signing for this zones.</description> <type>checkbox</type> </field> <field> - <fielddescr>custom Option</fielddescr> - <fieldname>custom</fieldname> - <description>You can put your own custom options here, separated by semi-colons (;).</description> - <type>textarea</type> - <cols>65</cols> - <rows>3</rows> - </field> - <field> - <fielddescr>Description</fielddescr> - <fieldname>description</fieldname> - <description>Enter the description for this zone.</description> - <type>textarea</type> - <cols>65</cols> - <rows>3</rows> + <fielddescr>DS set</fielddescr> + <fieldname>dsset</fieldname> + <description><![CDATA[Digest fingerprint of the Key Signing KeyResulting for this zone.<br> + Upload this ds set to your domain root server.]]></description> + <type>textarea</type> + <cols>75</cols> + <rows>3</rows> + <encoding>base64</encoding> </field> <field> <type>listtopic</type> @@ -189,7 +204,7 @@ <fieldname>forwarders</fieldname> <description>Enter forwarders IPs for this domain. Separate by semi-colons (;).</description> <type>input</type> - <size>60</size> + <size>70</size> </field> <field> |