diff options
| author | Marcello Coutinho <marcellocoutinho@gmail.com> | 2013-10-17 16:12:45 -0300 |
|---|---|---|
| committer | Marcello Coutinho <marcellocoutinho@gmail.com> | 2013-10-17 16:12:45 -0300 |
| commit | ff195c7cf770dbd9385c22feb9a69289c5cfae23 (patch) | |
| tree | 332533bbc74015df106ef62813011b34f8f9891e /config/bind/bind.inc | |
| parent | e141dd9241884c1d0321a48df58ffcd7ba07c6e6 (diff) | |
| download | pfsense-packages-ff195c7cf770dbd9385c22feb9a69289c5cfae23.tar.gz pfsense-packages-ff195c7cf770dbd9385c22feb9a69289c5cfae23.tar.bz2 pfsense-packages-ff195c7cf770dbd9385c22feb9a69289c5cfae23.zip | |
bind - add widget, forward zone, rndc config and check slave zone dir permissions
Diffstat (limited to 'config/bind/bind.inc')
| -rw-r--r-- | config/bind/bind.inc | 227 |
1 files changed, 152 insertions, 75 deletions
diff --git a/config/bind/bind.inc b/config/bind/bind.inc index 1bcefa16..6e04e649 100644 --- a/config/bind/bind.inc +++ b/config/bind/bind.inc @@ -51,40 +51,72 @@ function bind_zone_validate($post, $input_errors){ if (key_exists("mail",$_POST)) $_POST['mail']=preg_replace("/@/",".",$post['mail']); - if ($_POST['type']=='slave'){ - if( $_POST['slaveip'] == "") - $input_errors[] = 'The field \'Master Zone IP\' is required for slave zones.'; - } - else{ - if($_POST['nameserver']=='') - $input_errors[] = 'The field \'Name server\' is required for master zones.'; - for ($i=0;$i < count($_POST);$i++){ - if (key_exists("hostname$i",$_POST)){ - if ($_POST['reverso']=="on"){ - $_POST["hostvalue$i"]=""; - if (!preg_match("/(PTR|NS)/",$_POST["hosttype$i"])) - $input_errors[] = 'On reverse zones, valid record types are NS or PTR'; - } - if (preg_match("/(MX|NS)/",$_POST["hosttype$i"])) - $_POST["hostname$i"]=""; - if (!preg_match("/(MX|NS)/",$_POST["hosttype$i"]) && $_POST["hostname$i"]=="") - $input_errors[] = 'Record cannot be empty for '.$_POST["hosttype$i"].' type '; - if ($_POST["hosttype$i"]=="MX" && $_POST["hostvalue$i"]=="") - $_POST["hostvalue$i"]="10"; - if ($_POST["hosttype$i"]!="MX" && $_POST["hostvalue$i"]!="") - $_POST["hostvalue$i"]=""; - if ($_POST["hostdst$i"]=="") - $input_errors[] = 'Alias or IP address cannot be empty.'; + switch ($_POST['type']){ + case 'slave': + if( $_POST['slaveip'] == "") + $input_errors[] = 'The field \'Master Zone IP\' is required for slave zones.'; + break; + case 'forward': + if( $_POST['forwarders'] == "") + $input_errors[] = 'The field \'Forwarders\' is required for forward zones.'; + break; + default: + if($_POST['nameserver']=='') + $input_errors[] = 'The field \'Name server\' is required for master zones.'; + for ($i=0;$i < count($_POST);$i++){ + if (key_exists("hostname$i",$_POST)){ + if ($_POST['reverso']=="on"){ + $_POST["hostvalue$i"]=""; + if (!preg_match("/(PTR|NS)/",$_POST["hosttype$i"])) + $input_errors[] = 'On reverse zones, valid record types are NS or PTR'; + } + if (preg_match("/(MX|NS)/",$_POST["hosttype$i"])) + $_POST["hostname$i"]=""; + if (!preg_match("/(MX|NS)/",$_POST["hosttype$i"]) && $_POST["hostname$i"]=="") + $input_errors[] = 'Record cannot be empty for '.$_POST["hosttype$i"].' type '; + if ($_POST["hosttype$i"]=="MX" && $_POST["hostvalue$i"]=="") + $_POST["hostvalue$i"]="10"; + if ($_POST["hosttype$i"]!="MX" && $_POST["hostvalue$i"]!="") + $_POST["hostvalue$i"]=""; + if ($_POST["hostdst$i"]=="") + $input_errors[] = 'Alias or IP address cannot be empty.'; } } - } + } } function bind_sync(){ global $config; conf_mount_rw(); - + //create rndc + $rndc_confgen="/usr/local/sbin/rndc-confgen"; + if (!file_exists(BIND_LOCALBASE."/etc/rndc-confgen.pfsense") && file_exists($rndc_confgen)){ + exec("$rndc_confgen ",$rndc_conf); + foreach($rndc_conf as $line) + $confgen_file.="$line\n"; + file_put_contents(BIND_LOCALBASE."/etc/rndc-confgen.pfsese",$confgen_file); + } + if (file_exists(BIND_LOCALBASE."/etc/rndc-confgen.pfsese")){ + $rndc_conf=file(BIND_LOCALBASE."/etc/rndc-confgen.pfsese"); + $confgen="rndc.conf"; + $rndc_bindconf=""; + foreach ($rndc_conf as $line){ + if ($confgen =="rndc.conf"){ + if (!preg_match ("/^#/",$line)) + $rndc_file.=$line; + } + else{ + if (!preg_match ("/named.conf/",$line)) + $rndc_bindconf.=preg_replace('/#/',"",$line); + } + if (preg_match("/named.conf/",$line)){ + $confgen="named.conf"; + file_put_contents(BIND_LOCALBASE."/etc/rndc.conf",$rndc_file); + } + } + } + $bind = $config["installedpackages"]["bind"]["config"][0]; $bind_enable = $bind['enable_bind']; $bind_forwarder = $bind['bind_forwarder']; @@ -95,16 +127,17 @@ function bind_zone_validate($post, $input_errors){ $custom_options = base64_decode($bind['bind_custom_options']); $bind_logging = $bind['bind_logging']; $bind_conf ="#Bind pfsense configuration\n"; - $bind_conf .="#Do not edit this file!!!\n"; -$bind_conf .= <<<EOD - - options { - directory "/etc/namedb"; - pid-file "/var/run/named/pid"; - statistics-file "/var/log/named.stats"; - max-cache-size {$ram_limit}; - query-source address * port 53; - + $bind_conf .="#Do not edit this file!!!\n\n"; + $bind_conf .= "$rndc_bindconf\n"; + $bind_conf .= <<<EOD + +options { + directory "/etc/namedb"; + pid-file "/var/run/named/pid"; + statistics-file "/var/log/named.stats"; + max-cache-size {$ram_limit}; + query-source address * port 53; + EOD; // check response rate limit option //https://kb.isc.org/article/AA-01000/0/A-Quick-Introduction-to-Response-Rate-Limiting.html @@ -250,6 +283,7 @@ EOD; $zoneview = $zone['view']; $zonecustom = $zone['custom']; $zoneipslave = $zone['slaveip']; + $zoneforwarders=$zone['forwarders']; $zonereverso = $zone['reverso']; if (!(is_dir(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview"))) @@ -275,22 +309,29 @@ EOD; $bind_conf .= "\tzone \"$zonename\" {\n"; $bind_conf .= "\t\ttype $zonetype;\n"; - $bind_conf .= "\t\tfile \"/etc/namedb/$zonetype/$zoneview/$zonename.DB\";\n"; - if ($zonetype == "slave") + if ($zonetype != "forward") + $bind_conf .= "\t\tfile \"/etc/namedb/$zonetype/$zoneview/$zonename.DB\";\n"; + switch ($zonetype){ + case "slave": $bind_conf .= "\t\tmasters { $zoneipslave; };\n"; - if ($zonetype != "slave") + break; + case "forward": + $bind_conf .= "\t\tforward only;\n"; + $bind_conf .= "\t\tforwarders { $zoneforwarders; };\n"; + break; + default: $bind_conf .= "\t\tallow-update { $zoneallowupdate;};\n"; - if ($zonetype != "slave") $bind_conf .= "\t\tallow-query { $zoneallowquery;};\n"; - if ($zonetype != "slave") - $bind_conf .= "\t\tallow-transfer { $zoneallowtransfer;};\n"; + $bind_conf .= "\t\tallow-transfer { $zoneallowtransfer;};\n"; + } if ($zonecustom != '') $bind_conf .= "\t\t$zonecustom\n"; $bind_conf .= "\t};\n\n"; - if ($zonetype == "master"){ - $zonetll = $zone['tll']; + switch($zonetype){ + case "master": + $zonetll = ($zone['tll']?$zone['tll']:"43200"); $zonemail = ($zone['mail']?$zone['mail']:"zonemaster.{$zonename}"); $zonemail = preg_replace("/@/",".",$zonemail); $zoneserial = $zone['serial']; @@ -350,14 +391,18 @@ EOD; file_put_contents(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB", $zone_conf); $config["installedpackages"]["bindzone"]["config"][$x][resultconfig]=base64_encode($zone_conf); $write_config++; - } - else{ + break; + case "slave": + //check/update slave dir permission + chown(CHROOT_LOCALBASE."/etc/namedb/$zonetype","bind"); + chown(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview","bind"); //check if exists slave zone file if (file_exists(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB")){ $slave_file=file_get_contents(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB"); $config["installedpackages"]["bindzone"]["config"][$x][resultconfig]=base64_encode($slave_file); $write_config++; } + break; } } } @@ -366,17 +411,34 @@ EOD; } $bind_conf .= "};\n"; } - $dirs=array("/etc/namedb","/var/run/named","/var/dump","/var/log","/var/stats"); + $dirs=array("/etc/namedb","/var/run/named","/var/dump","/var/log","/var/stats","/dev"); foreach ($dirs as $dir){ if (!is_dir(CHROOT_LOCALBASE .$dir)) mkdir(CHROOT_LOCALBASE .$dir,0755,true); } - file_put_contents(CHROOT_LOCALBASE.'/etc/namedb/named.conf', $bind_conf); + //http://www.unixwiz.net/techtips/bind9-chroot.html + //create devices on chroot + exec('ls -lL /dev/zero /dev/null /dev/random',$devs); + foreach ($devs as $cdev){ + $dev=explode(" ",preg_replace("/,/","",$cdev)); + if (preg_match("/\w+/",$dev[15]) && !file_exists(CHROOT_LOCALBASE.$dev[15])){ + if (preg_match("/\d+/",$dev[9]) && preg_match("/\d+/",$dev[11])) + exec("/sbin/mknod ".CHROOT_LOCALBASE."{$dev[15]} c {$dev[9]} {$dev[11]}"); + } + } + + file_put_contents(CHROOT_LOCALBASE.'/etc/namedb/named.conf', $bind_conf); + file_put_contents(CHROOT_LOCALBASE.'/etc/namedb/rndc.conf', $rndc_file); + if (!file_exists(CHROOT_LOCALBASE."/etc/namedb/named.root")){ + //dig +tcp @a.root-servers.net > CHROOT_LOCALBASE."/etc/namedb/named.root" $named_root=file_get_contents("http://www.internic.net/domain/named.root"); file_put_contents(CHROOT_LOCALBASE."/etc/namedb/named.root",$named_root,LOCK_EX); } - + if (!file_exists(CHROOT_LOCALBASE."/etc/localtime")){ + copy("/etc/localtime", CHROOT_LOCALBASE."/etc/localtime"); + } + bind_write_rcfile(); chown(CHROOT_LOCALBASE."/var/log","bind"); chgrp(CHROOT_LOCALBASE."/var/log","bind"); @@ -395,32 +457,47 @@ function bind_print_javascript_type_zone(){ var field = document.iform.type; var tipo = field.options[field.selectedIndex].value; - if (tipo == 'master') { - - document.iform.slaveip.disabled = 1; - document.iform.tll.disabled = 0; - document.iform.nameserver.disabled = 0; - document.iform.ipns.disabled = 0; - document.iform.mail.disabled = 0; - document.iform.serial.disabled = 0; - document.iform.refresh.disabled = 0; - document.iform.retry.disabled = 0; - document.iform.expire.disabled = 0; - document.iform.minimum.disabled = 0; - - } - else { - document.iform.slaveip.disabled = 0; - document.iform.tll.disabled = 1; - document.iform.nameserver.disabled = 1; - document.iform.ipns.disabled = 1; - document.iform.mail.disabled = 1; - document.iform.serial.disabled = 1; - document.iform.refresh.disabled = 1; - document.iform.retry.disabled = 1; - document.iform.expire.disabled = 1; - document.iform.minimum.disabled = 1; - } + switch (tipo){ + case 'master': + document.iform.slaveip.disabled = 1; + document.iform.tll.disabled = 0; + document.iform.nameserver.disabled = 0; + document.iform.forwarders.disabled = 1; + document.iform.ipns.disabled = 0; + document.iform.mail.disabled = 0; + document.iform.serial.disabled = 0; + document.iform.refresh.disabled = 0; + document.iform.retry.disabled = 0; + document.iform.expire.disabled = 0; + document.iform.minimum.disabled = 0; + break; + case 'slave': + document.iform.slaveip.disabled = 0; + document.iform.tll.disabled = 1; + document.iform.nameserver.disabled = 1; + document.iform.forwarders.disabled = 1; + document.iform.ipns.disabled = 1; + document.iform.mail.disabled = 1; + document.iform.serial.disabled = 1; + document.iform.refresh.disabled = 1; + document.iform.retry.disabled = 1; + document.iform.expire.disabled = 1; + document.iform.minimum.disabled = 1; + break; + case 'forward': + document.iform.slaveip.disabled = 1; + document.iform.tll.disabled = 1; + document.iform.nameserver.disabled = 1; + document.iform.forwarders.disabled = 0; + document.iform.ipns.disabled = 1; + document.iform.mail.disabled = 1; + document.iform.serial.disabled = 1; + document.iform.refresh.disabled = 1; + document.iform.retry.disabled = 1; + document.iform.expire.disabled = 1; + document.iform.minimum.disabled = 1; + break; + } } --> </script> |