diff options
author | Marcello Coutinho <marcellocoutinho@gmail.com> | 2013-10-18 19:11:21 -0300 |
---|---|---|
committer | Marcello Coutinho <marcellocoutinho@gmail.com> | 2013-10-18 19:11:21 -0300 |
commit | 9d38ca45c1aae2c7a492645c629e9725eea225ba (patch) | |
tree | 7a8ea1f4e28c8d3a2fa42c9d80b65e857a537b03 /config | |
parent | d199db0bc5bf99c77ec29d01edb646b7713cc9a8 (diff) | |
download | pfsense-packages-9d38ca45c1aae2c7a492645c629e9725eea225ba.tar.gz pfsense-packages-9d38ca45c1aae2c7a492645c629e9725eea225ba.tar.bz2 pfsense-packages-9d38ca45c1aae2c7a492645c629e9725eea225ba.zip |
bind - fix chroot dev devices again, include dsset info on gui for dnssec zones.
Encode custom options with base64.
sync code change zone type to slave on backup servers
Diffstat (limited to 'config')
-rw-r--r-- | config/bind/bind.inc | 50 | ||||
-rw-r--r-- | config/bind/bind_sync.xml | 12 | ||||
-rw-r--r-- | config/bind/bind_views.xml | 3 | ||||
-rw-r--r-- | config/bind/bind_zones.xml | 45 |
4 files changed, 83 insertions, 27 deletions
diff --git a/config/bind/bind.inc b/config/bind/bind.inc index 658ae229..6ae870db 100644 --- a/config/bind/bind.inc +++ b/config/bind/bind.inc @@ -254,7 +254,7 @@ EOD; $viewallowrecursion = "none"; else $viewallowrecursion = str_replace(',','; ',$views['allow-recursion']); - $viewcustomoptions = $views['bind_custom_options']; + $viewcustomoptions = base64_decode($views['bind_custom_options']); $bind_conf .= "view \"$viewname\" { \n\n"; $bind_conf .= "\trecursion $viewrecursion;\n"; @@ -280,7 +280,7 @@ EOD; $zonename = $zone['name']; $zonetype = $zone['type']; $zoneview = $zone['view']; - $zonecustom = $zone['custom']; + $zonecustom = base64_decode($zone['custom']); $zoneipslave = $zone['slaveip']; $zoneforwarders=$zone['forwarders']; $zonereverso = $zone['reverso']; @@ -405,10 +405,9 @@ EOD; //check dnssec keys creation for master zones if($zone['dnssec']=="on"){ $zone_found=0; - foreach (glob(CHROOT_LOCALBASE."/etc/namedb/keys/*",GLOB_NOSORT) as $filename) { - if (preg_match("/$zonename/i", $filename)) - $zone_found++; - } + foreach (glob(CHROOT_LOCALBASE."/etc/namedb/keys/*{$zonename}*key",GLOB_NOSORT) as $filename){ + $zone_found++; + } if ($zone_found==0){ $dnssec_bin="/usr/local/sbin/dnssec-keygen"; if (file_exists($dnssec_bin)){ @@ -420,6 +419,16 @@ EOD; } } } + //get ds keys + $dsfromkey="/usr/local/sbin/dnssec-dsfromkey"; + foreach (glob(CHROOT_LOCALBASE."/etc/namedb/keys/*{$zonename}*key",GLOB_NOSORT) as $filename) { + $zone_key=file_get_contents($filename); + if (preg_match("/IN DNSKEY 257 /",$zone_key) && file_exists($dsfromkey)){ + exec("$dsfromkey $filename",$dsset); + $config["installedpackages"]["bindzone"]["config"][$x]['dsset']=base64_encode(array_pop($dsset)."\n".array_pop($dsset)); + $write_config++; + } + } } break; case "slave": @@ -446,8 +455,18 @@ EOD; if (!is_dir(CHROOT_LOCALBASE .$dir)) mkdir(CHROOT_LOCALBASE .$dir,0755,true); } + //dev dirs for chroot + $bind_dev_dir=CHROOT_LOCALBASE."/dev"; + if (!file_exists("$bind_dev_dir/random")){ + $dev_dirs=array("null","zero","random","urandom"); + exec("/sbin/mount -t devfs devfs {$bind_dev_dir}",$dout); + exec("/sbin/devfs -m {$bind_dev_dir} ruleset 1",$dout); + exec("/sbin/devfs -m {$bind_dev_dir} rule add hide",$dout); + foreach ($dev_dirs as $dev_dir) + exec("/sbin/devfs -m {$bind_dev_dir} rule add path $dev_dir unhide",$dout); + exec("/sbin/devfs -m {$bind_dev_dir} rule applyset",$dout); + } //http://www.unixwiz.net/techtips/bind9-chroot.html - file_put_contents(CHROOT_LOCALBASE.'/etc/namedb/named.conf', $bind_conf); file_put_contents(CHROOT_LOCALBASE.'/etc/namedb/rndc.conf', $rndc_file); @@ -462,6 +481,7 @@ EOD; bind_write_rcfile(); chown(CHROOT_LOCALBASE."/etc/namedb/keys","bind"); + chown(CHROOT_LOCALBASE."/etc/namedb","bind"); chown(CHROOT_LOCALBASE."/var/log","bind"); chown(CHROOT_LOCALBASE."/var/run/named","bind"); chgrp(CHROOT_LOCALBASE."/var/log","bind"); @@ -534,7 +554,7 @@ function bind_print_javascript_type_zone(){ } function bind_print_javascript_type_zone2(){ - print("<script language=\"JavaScript\">on_type_zone_changed();document.iform.resultconfig.disabled = 1;</script>\n"); + print("<script language=\"JavaScript\">on_type_zone_changed();document.iform.resultconfig.disabled = 1;document.iform.dsset.disabled = 1;</script>\n"); } function bind_write_rcfile() { @@ -586,6 +606,7 @@ function bind_sync_on_changes() { $bind_sync=$config['installedpackages']['bind']['config'][0]; $synconchanges = $bind_sync['synconchanges']; $synctimeout = $bind_sync['synctimeout']; + $master_zone_ip=$bind_sync['masterip']; switch ($synconchanges){ case "manual": if (is_array($bind_sync[row])){ @@ -622,14 +643,14 @@ function bind_sync_on_changes() { else $username = 'admin'; if($password && $sync_to_ip) - bind_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout); + bind_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout,$master_zone_ip); } log_error("[bind] xmlrpc sync is ending."); } } } /* Do the actual XMLRPC sync */ -function bind_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) { +function bind_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout,$master_zone_ip) { global $config, $g; if(!$username) @@ -666,6 +687,15 @@ function bind_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) { $xml['bindacls'] = $config['installedpackages']['bindacls']; $xml['bindviews'] = $config['installedpackages']['bindviews']; $xml['bindzone'] = $config['installedpackages']['bindzone']; + //change master zone to slave on backup servers + if(is_array($xml['bindzone']["config"])) + for ($x=0; $x<sizeof($xml['bindzone']["config"]); $x++){ + if ($xml['bindzone']["config"][$x]['type']=="master"){ + $xml['bindzone']["config"][$x]['type']="slave"; + $xml['bindzone']["config"][$x]['slaveip']=$master_zone_ip; + } + + } /* assemble xmlrpc payload */ $params = array( XML_RPC_encode($password), diff --git a/config/bind/bind_sync.xml b/config/bind/bind_sync.xml index d81f7803..c6a80e98 100644 --- a/config/bind/bind_sync.xml +++ b/config/bind/bind_sync.xml @@ -64,7 +64,7 @@ </tab> <tab> <text>Sync</text> - <url>/pkg.php?xml=bind_sync.xml</url> + <url>/pkg_edit.php?xml=bind_sync.xml</url> <active/> </tab> </tabs> @@ -102,6 +102,16 @@ </options> </field> <field> + <fielddescr>Zone Master IP</fielddescr> + <fieldname>masterip</fieldname> + <description><![CDATA[Set master zone ip you want to use to sync backup server zones with master.<br> + <b>All master zones will be configured as backup on slave servers.</b><br> + Do not forget to create firewall rules to allow zone transfer between master and slave servers.]]></description> + <type>input</type> + <size>20</size> + <required/> + </field> + <field> <fielddescr>Remote Server</fielddescr> <fieldname>none</fieldname> <type>rowhelper</type> diff --git a/config/bind/bind_views.xml b/config/bind/bind_views.xml index 2d620e0c..a6c42552 100644 --- a/config/bind/bind_views.xml +++ b/config/bind/bind_views.xml @@ -148,7 +148,8 @@ <description>You can put your own custom options here, separated by semi-colons (;).</description> <type>textarea</type> <cols>65</cols> - <rows>5</rows> + <rows>8</rows> + <encoding>base64</encoding> </field> </fields> <custom_php_command_before_form> diff --git a/config/bind/bind_zones.xml b/config/bind/bind_zones.xml index a34c7ddc..08acc7ae 100644 --- a/config/bind/bind_zones.xml +++ b/config/bind/bind_zones.xml @@ -119,6 +119,13 @@ <required/> </field> <field> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + <description>Enter the description for this zone.</description> + <type>input</type> + <size>70</size> + </field> + <field> <fielddescr>Zone Type</fielddescr> <fieldname>type</fieldname> <description>Select zone type</description> @@ -147,26 +154,34 @@ <type>checkbox</type> </field> <field> + <fielddescr>custom Option</fielddescr> + <fieldname>custom</fieldname> + <description>You can put your own custom options here.</description> + <type>textarea</type> + <cols>75</cols> + <rows>8</rows> + <encoding>base64</encoding> + </field> + <field> + <type>listtopic</type> + <name>DNSSEC</name> + <fieldname>temp04</fieldname> + </field> + <field> <fielddescr>Inline Signing</fielddescr> <fieldname>dnssec</fieldname> <description>Enable inline DNSSEC Signing for this zones.</description> <type>checkbox</type> </field> <field> - <fielddescr>custom Option</fielddescr> - <fieldname>custom</fieldname> - <description>You can put your own custom options here, separated by semi-colons (;).</description> - <type>textarea</type> - <cols>65</cols> - <rows>3</rows> - </field> - <field> - <fielddescr>Description</fielddescr> - <fieldname>description</fieldname> - <description>Enter the description for this zone.</description> - <type>textarea</type> - <cols>65</cols> - <rows>3</rows> + <fielddescr>DS set</fielddescr> + <fieldname>dsset</fieldname> + <description><![CDATA[Digest fingerprint of the Key Signing KeyResulting for this zone.<br> + Upload this ds set to your domain root server.]]></description> + <type>textarea</type> + <cols>75</cols> + <rows>3</rows> + <encoding>base64</encoding> </field> <field> <type>listtopic</type> @@ -189,7 +204,7 @@ <fieldname>forwarders</fieldname> <description>Enter forwarders IPs for this domain. Separate by semi-colons (;).</description> <type>input</type> - <size>60</size> + <size>70</size> </field> <field> |