diff options
| author | Marcello Coutinho <marcellocoutinho@gmail.com> | 2013-10-17 16:12:45 -0300 |
|---|---|---|
| committer | Marcello Coutinho <marcellocoutinho@gmail.com> | 2013-10-17 16:12:45 -0300 |
| commit | ff195c7cf770dbd9385c22feb9a69289c5cfae23 (patch) | |
| tree | 332533bbc74015df106ef62813011b34f8f9891e /config | |
| parent | e141dd9241884c1d0321a48df58ffcd7ba07c6e6 (diff) | |
| download | pfsense-packages-ff195c7cf770dbd9385c22feb9a69289c5cfae23.tar.gz pfsense-packages-ff195c7cf770dbd9385c22feb9a69289c5cfae23.tar.bz2 pfsense-packages-ff195c7cf770dbd9385c22feb9a69289c5cfae23.zip | |
bind - add widget, forward zone, rndc config and check slave zone dir permissions
Diffstat (limited to 'config')
| -rw-r--r-- | config/bind/bind.inc | 227 | ||||
| -rw-r--r-- | config/bind/bind.widget.php | 86 | ||||
| -rw-r--r-- | config/bind/bind.xml | 5 | ||||
| -rw-r--r-- | config/bind/bind_zones.xml | 37 |
4 files changed, 267 insertions, 88 deletions
diff --git a/config/bind/bind.inc b/config/bind/bind.inc index 1bcefa16..6e04e649 100644 --- a/config/bind/bind.inc +++ b/config/bind/bind.inc @@ -51,40 +51,72 @@ function bind_zone_validate($post, $input_errors){ if (key_exists("mail",$_POST)) $_POST['mail']=preg_replace("/@/",".",$post['mail']); - if ($_POST['type']=='slave'){ - if( $_POST['slaveip'] == "") - $input_errors[] = 'The field \'Master Zone IP\' is required for slave zones.'; - } - else{ - if($_POST['nameserver']=='') - $input_errors[] = 'The field \'Name server\' is required for master zones.'; - for ($i=0;$i < count($_POST);$i++){ - if (key_exists("hostname$i",$_POST)){ - if ($_POST['reverso']=="on"){ - $_POST["hostvalue$i"]=""; - if (!preg_match("/(PTR|NS)/",$_POST["hosttype$i"])) - $input_errors[] = 'On reverse zones, valid record types are NS or PTR'; - } - if (preg_match("/(MX|NS)/",$_POST["hosttype$i"])) - $_POST["hostname$i"]=""; - if (!preg_match("/(MX|NS)/",$_POST["hosttype$i"]) && $_POST["hostname$i"]=="") - $input_errors[] = 'Record cannot be empty for '.$_POST["hosttype$i"].' type '; - if ($_POST["hosttype$i"]=="MX" && $_POST["hostvalue$i"]=="") - $_POST["hostvalue$i"]="10"; - if ($_POST["hosttype$i"]!="MX" && $_POST["hostvalue$i"]!="") - $_POST["hostvalue$i"]=""; - if ($_POST["hostdst$i"]=="") - $input_errors[] = 'Alias or IP address cannot be empty.'; + switch ($_POST['type']){ + case 'slave': + if( $_POST['slaveip'] == "") + $input_errors[] = 'The field \'Master Zone IP\' is required for slave zones.'; + break; + case 'forward': + if( $_POST['forwarders'] == "") + $input_errors[] = 'The field \'Forwarders\' is required for forward zones.'; + break; + default: + if($_POST['nameserver']=='') + $input_errors[] = 'The field \'Name server\' is required for master zones.'; + for ($i=0;$i < count($_POST);$i++){ + if (key_exists("hostname$i",$_POST)){ + if ($_POST['reverso']=="on"){ + $_POST["hostvalue$i"]=""; + if (!preg_match("/(PTR|NS)/",$_POST["hosttype$i"])) + $input_errors[] = 'On reverse zones, valid record types are NS or PTR'; + } + if (preg_match("/(MX|NS)/",$_POST["hosttype$i"])) + $_POST["hostname$i"]=""; + if (!preg_match("/(MX|NS)/",$_POST["hosttype$i"]) && $_POST["hostname$i"]=="") + $input_errors[] = 'Record cannot be empty for '.$_POST["hosttype$i"].' type '; + if ($_POST["hosttype$i"]=="MX" && $_POST["hostvalue$i"]=="") + $_POST["hostvalue$i"]="10"; + if ($_POST["hosttype$i"]!="MX" && $_POST["hostvalue$i"]!="") + $_POST["hostvalue$i"]=""; + if ($_POST["hostdst$i"]=="") + $input_errors[] = 'Alias or IP address cannot be empty.'; } } - } + } } function bind_sync(){ global $config; conf_mount_rw(); - + //create rndc + $rndc_confgen="/usr/local/sbin/rndc-confgen"; + if (!file_exists(BIND_LOCALBASE."/etc/rndc-confgen.pfsense") && file_exists($rndc_confgen)){ + exec("$rndc_confgen ",$rndc_conf); + foreach($rndc_conf as $line) + $confgen_file.="$line\n"; + file_put_contents(BIND_LOCALBASE."/etc/rndc-confgen.pfsese",$confgen_file); + } + if (file_exists(BIND_LOCALBASE."/etc/rndc-confgen.pfsese")){ + $rndc_conf=file(BIND_LOCALBASE."/etc/rndc-confgen.pfsese"); + $confgen="rndc.conf"; + $rndc_bindconf=""; + foreach ($rndc_conf as $line){ + if ($confgen =="rndc.conf"){ + if (!preg_match ("/^#/",$line)) + $rndc_file.=$line; + } + else{ + if (!preg_match ("/named.conf/",$line)) + $rndc_bindconf.=preg_replace('/#/',"",$line); + } + if (preg_match("/named.conf/",$line)){ + $confgen="named.conf"; + file_put_contents(BIND_LOCALBASE."/etc/rndc.conf",$rndc_file); + } + } + } + $bind = $config["installedpackages"]["bind"]["config"][0]; $bind_enable = $bind['enable_bind']; $bind_forwarder = $bind['bind_forwarder']; @@ -95,16 +127,17 @@ function bind_zone_validate($post, $input_errors){ $custom_options = base64_decode($bind['bind_custom_options']); $bind_logging = $bind['bind_logging']; $bind_conf ="#Bind pfsense configuration\n"; - $bind_conf .="#Do not edit this file!!!\n"; -$bind_conf .= <<<EOD - - options { - directory "/etc/namedb"; - pid-file "/var/run/named/pid"; - statistics-file "/var/log/named.stats"; - max-cache-size {$ram_limit}; - query-source address * port 53; - + $bind_conf .="#Do not edit this file!!!\n\n"; + $bind_conf .= "$rndc_bindconf\n"; + $bind_conf .= <<<EOD + +options { + directory "/etc/namedb"; + pid-file "/var/run/named/pid"; + statistics-file "/var/log/named.stats"; + max-cache-size {$ram_limit}; + query-source address * port 53; + EOD; // check response rate limit option //https://kb.isc.org/article/AA-01000/0/A-Quick-Introduction-to-Response-Rate-Limiting.html @@ -250,6 +283,7 @@ EOD; $zoneview = $zone['view']; $zonecustom = $zone['custom']; $zoneipslave = $zone['slaveip']; + $zoneforwarders=$zone['forwarders']; $zonereverso = $zone['reverso']; if (!(is_dir(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview"))) @@ -275,22 +309,29 @@ EOD; $bind_conf .= "\tzone \"$zonename\" {\n"; $bind_conf .= "\t\ttype $zonetype;\n"; - $bind_conf .= "\t\tfile \"/etc/namedb/$zonetype/$zoneview/$zonename.DB\";\n"; - if ($zonetype == "slave") + if ($zonetype != "forward") + $bind_conf .= "\t\tfile \"/etc/namedb/$zonetype/$zoneview/$zonename.DB\";\n"; + switch ($zonetype){ + case "slave": $bind_conf .= "\t\tmasters { $zoneipslave; };\n"; - if ($zonetype != "slave") + break; + case "forward": + $bind_conf .= "\t\tforward only;\n"; + $bind_conf .= "\t\tforwarders { $zoneforwarders; };\n"; + break; + default: $bind_conf .= "\t\tallow-update { $zoneallowupdate;};\n"; - if ($zonetype != "slave") $bind_conf .= "\t\tallow-query { $zoneallowquery;};\n"; - if ($zonetype != "slave") - $bind_conf .= "\t\tallow-transfer { $zoneallowtransfer;};\n"; + $bind_conf .= "\t\tallow-transfer { $zoneallowtransfer;};\n"; + } if ($zonecustom != '') $bind_conf .= "\t\t$zonecustom\n"; $bind_conf .= "\t};\n\n"; - if ($zonetype == "master"){ - $zonetll = $zone['tll']; + switch($zonetype){ + case "master": + $zonetll = ($zone['tll']?$zone['tll']:"43200"); $zonemail = ($zone['mail']?$zone['mail']:"zonemaster.{$zonename}"); $zonemail = preg_replace("/@/",".",$zonemail); $zoneserial = $zone['serial']; @@ -350,14 +391,18 @@ EOD; file_put_contents(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB", $zone_conf); $config["installedpackages"]["bindzone"]["config"][$x][resultconfig]=base64_encode($zone_conf); $write_config++; - } - else{ + break; + case "slave": + //check/update slave dir permission + chown(CHROOT_LOCALBASE."/etc/namedb/$zonetype","bind"); + chown(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview","bind"); //check if exists slave zone file if (file_exists(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB")){ $slave_file=file_get_contents(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB"); $config["installedpackages"]["bindzone"]["config"][$x][resultconfig]=base64_encode($slave_file); $write_config++; } + break; } } } @@ -366,17 +411,34 @@ EOD; } $bind_conf .= "};\n"; } - $dirs=array("/etc/namedb","/var/run/named","/var/dump","/var/log","/var/stats"); + $dirs=array("/etc/namedb","/var/run/named","/var/dump","/var/log","/var/stats","/dev"); foreach ($dirs as $dir){ if (!is_dir(CHROOT_LOCALBASE .$dir)) mkdir(CHROOT_LOCALBASE .$dir,0755,true); } - file_put_contents(CHROOT_LOCALBASE.'/etc/namedb/named.conf', $bind_conf); + //http://www.unixwiz.net/techtips/bind9-chroot.html + //create devices on chroot + exec('ls -lL /dev/zero /dev/null /dev/random',$devs); + foreach ($devs as $cdev){ + $dev=explode(" ",preg_replace("/,/","",$cdev)); + if (preg_match("/\w+/",$dev[15]) && !file_exists(CHROOT_LOCALBASE.$dev[15])){ + if (preg_match("/\d+/",$dev[9]) && preg_match("/\d+/",$dev[11])) + exec("/sbin/mknod ".CHROOT_LOCALBASE."{$dev[15]} c {$dev[9]} {$dev[11]}"); + } + } + + file_put_contents(CHROOT_LOCALBASE.'/etc/namedb/named.conf', $bind_conf); + file_put_contents(CHROOT_LOCALBASE.'/etc/namedb/rndc.conf', $rndc_file); + if (!file_exists(CHROOT_LOCALBASE."/etc/namedb/named.root")){ + //dig +tcp @a.root-servers.net > CHROOT_LOCALBASE."/etc/namedb/named.root" $named_root=file_get_contents("http://www.internic.net/domain/named.root"); file_put_contents(CHROOT_LOCALBASE."/etc/namedb/named.root",$named_root,LOCK_EX); } - + if (!file_exists(CHROOT_LOCALBASE."/etc/localtime")){ + copy("/etc/localtime", CHROOT_LOCALBASE."/etc/localtime"); + } + bind_write_rcfile(); chown(CHROOT_LOCALBASE."/var/log","bind"); chgrp(CHROOT_LOCALBASE."/var/log","bind"); @@ -395,32 +457,47 @@ function bind_print_javascript_type_zone(){ var field = document.iform.type; var tipo = field.options[field.selectedIndex].value; - if (tipo == 'master') { - - document.iform.slaveip.disabled = 1; - document.iform.tll.disabled = 0; - document.iform.nameserver.disabled = 0; - document.iform.ipns.disabled = 0; - document.iform.mail.disabled = 0; - document.iform.serial.disabled = 0; - document.iform.refresh.disabled = 0; - document.iform.retry.disabled = 0; - document.iform.expire.disabled = 0; - document.iform.minimum.disabled = 0; - - } - else { - document.iform.slaveip.disabled = 0; - document.iform.tll.disabled = 1; - document.iform.nameserver.disabled = 1; - document.iform.ipns.disabled = 1; - document.iform.mail.disabled = 1; - document.iform.serial.disabled = 1; - document.iform.refresh.disabled = 1; - document.iform.retry.disabled = 1; - document.iform.expire.disabled = 1; - document.iform.minimum.disabled = 1; - } + switch (tipo){ + case 'master': + document.iform.slaveip.disabled = 1; + document.iform.tll.disabled = 0; + document.iform.nameserver.disabled = 0; + document.iform.forwarders.disabled = 1; + document.iform.ipns.disabled = 0; + document.iform.mail.disabled = 0; + document.iform.serial.disabled = 0; + document.iform.refresh.disabled = 0; + document.iform.retry.disabled = 0; + document.iform.expire.disabled = 0; + document.iform.minimum.disabled = 0; + break; + case 'slave': + document.iform.slaveip.disabled = 0; + document.iform.tll.disabled = 1; + document.iform.nameserver.disabled = 1; + document.iform.forwarders.disabled = 1; + document.iform.ipns.disabled = 1; + document.iform.mail.disabled = 1; + document.iform.serial.disabled = 1; + document.iform.refresh.disabled = 1; + document.iform.retry.disabled = 1; + document.iform.expire.disabled = 1; + document.iform.minimum.disabled = 1; + break; + case 'forward': + document.iform.slaveip.disabled = 1; + document.iform.tll.disabled = 1; + document.iform.nameserver.disabled = 1; + document.iform.forwarders.disabled = 0; + document.iform.ipns.disabled = 1; + document.iform.mail.disabled = 1; + document.iform.serial.disabled = 1; + document.iform.refresh.disabled = 1; + document.iform.retry.disabled = 1; + document.iform.expire.disabled = 1; + document.iform.minimum.disabled = 1; + break; + } } --> </script> diff --git a/config/bind/bind.widget.php b/config/bind/bind.widget.php new file mode 100644 index 00000000..490ded9b --- /dev/null +++ b/config/bind/bind.widget.php @@ -0,0 +1,86 @@ +<?php +/* + Copyright 2013 Marcello Coutinho + Part of bind package for pfSense(www.pfsense.com) + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +@require_once("guiconfig.inc"); +@require_once("pfsense-utils.inc"); +@require_once("functions.inc"); + +$uname=posix_uname(); +if ($uname['machine']=='amd64') + ini_set('memory_limit', '250M'); + +function open_table(){ + echo "<table style=\"padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">"; + echo" <tr>"; +} +function close_table(){ + echo" </tr>"; + echo"</table>"; + +} + +$pfb_table=array(); +$img['Sick']="<img src ='/themes/{$g['theme']}/images/icons/icon_interface_down.gif'>"; +$img['Healthy']="<img src ='/themes/{$g['theme']}/images/icons/icon_interface_up.gif'>"; + + +#var_dump($pfb_table); +#exit; +?><div id='bind'><?php +global $config; +$rndc_bin="/usr/local/sbin/rndc"; + +if (file_exists($rndc_bin)) + exec("$rndc_bin status",$status); + +open_table(); +foreach($status as $line){ + $fields=explode(":",$line); + print "<tr><td class=\"vncellt\"width=50%><strong>".ucfirst($fields[0])."</strong></td>\n"; + print "<td class=\"listlr\">{$fields[1]}</td>\n</tr>"; + } +close_table(); +echo"</div>"; + +?> +<script type="text/javascript"> + function getstatus_bind() { + var url = "/widgets/widgets/bind.widget.php"; + var pars = 'getupdatestatus=yes'; + var myAjax = new Ajax.Request( + url, + { + method: 'get', + parameters: pars, + onComplete: activitycallback_bind + }); + } + function activitycallback_bind(transport) { + $('bind').innerHTML = transport.responseText; + setTimeout('getstatus_postfix()', 5000); + } + getstatus_bind(); +</script> diff --git a/config/bind/bind.xml b/config/bind/bind.xml index 97dc7012..aa6a5f25 100644 --- a/config/bind/bind.xml +++ b/config/bind/bind.xml @@ -123,6 +123,11 @@ <chmod>0755</chmod> <item>http://www.pfsense.org/packages/config/bind/pkg_bind.inc</item> </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/widgets/widgets/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/bind/bind.widget.php</item> + </additional_files_needed> <fields> <field> <type>listtopic</type> diff --git a/config/bind/bind_zones.xml b/config/bind/bind_zones.xml index 11cfb0e2..508056c0 100644 --- a/config/bind/bind_zones.xml +++ b/config/bind/bind_zones.xml @@ -94,6 +94,10 @@ <fieldname>view</fieldname> </columnitem> <columnitem> + <fielddescr>Serial</fielddescr> + <fieldname>serial</fieldname> + </columnitem> + <columnitem> <fielddescr>Description</fielddescr> <fieldname>description</fieldname> </columnitem> @@ -119,18 +123,11 @@ <fieldname>type</fieldname> <description>Select zone type</description> <type>select</type> - <options> - <option> - <name>Master</name> - <value>master</value> - <enablefields>description</enablefields> - </option> - <option> - <name>Slave</name> - <value>slave</value> - <enablefields>ttl</enablefields> - </option> - </options> + <options> + <option><name>Master</name><value>master</value><enablefields>description</enablefields></option> + <option><name>Slave</name><value>slave</value><enablefields>ttl</enablefields></option> + <option><name>Forward</name><value>forward</value><enablefields>forward</enablefields></option> + </options> <onchange>on_type_zone_changed()</onchange> <required/> </field> @@ -178,6 +175,19 @@ </field> <field> <type>listtopic</type> + <name>Forward Zone Configuration </name> + <fieldname>temp04</fieldname> + </field> + <field> + <fielddescr>Forwarders</fielddescr> + <fieldname>forwarders</fieldname> + <description>Enter forwarders IPs for this domain. Separate by semi-colons (;).</description> + <type>input</type> + <size>60</size> + </field> + + <field> + <type>listtopic</type> <name>Master Zone Configuration </name> <fieldname>temp03</fieldname> </field> @@ -352,7 +362,8 @@ <custom_php_command_before_form> </custom_php_command_before_form> <custom_php_validation_command> - $_POST['serial']=(date("U")+ 1000000000); + if ($_POST['type']=="master") + $_POST['serial']=(date("U")+ 1000000000); bind_zone_validate($_POST, &$input_errors); </custom_php_validation_command> <custom_delete_php_command> |