aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorMarcello Coutinho <marcellocoutinho@gmail.com>2013-10-17 16:12:45 -0300
committerMarcello Coutinho <marcellocoutinho@gmail.com>2013-10-17 16:12:45 -0300
commitff195c7cf770dbd9385c22feb9a69289c5cfae23 (patch)
tree332533bbc74015df106ef62813011b34f8f9891e /config
parente141dd9241884c1d0321a48df58ffcd7ba07c6e6 (diff)
downloadpfsense-packages-ff195c7cf770dbd9385c22feb9a69289c5cfae23.tar.gz
pfsense-packages-ff195c7cf770dbd9385c22feb9a69289c5cfae23.tar.bz2
pfsense-packages-ff195c7cf770dbd9385c22feb9a69289c5cfae23.zip
bind - add widget, forward zone, rndc config and check slave zone dir permissions
Diffstat (limited to 'config')
-rw-r--r--config/bind/bind.inc227
-rw-r--r--config/bind/bind.widget.php86
-rw-r--r--config/bind/bind.xml5
-rw-r--r--config/bind/bind_zones.xml37
4 files changed, 267 insertions, 88 deletions
diff --git a/config/bind/bind.inc b/config/bind/bind.inc
index 1bcefa16..6e04e649 100644
--- a/config/bind/bind.inc
+++ b/config/bind/bind.inc
@@ -51,40 +51,72 @@ function bind_zone_validate($post, $input_errors){
if (key_exists("mail",$_POST))
$_POST['mail']=preg_replace("/@/",".",$post['mail']);
- if ($_POST['type']=='slave'){
- if( $_POST['slaveip'] == "")
- $input_errors[] = 'The field \'Master Zone IP\' is required for slave zones.';
- }
- else{
- if($_POST['nameserver']=='')
- $input_errors[] = 'The field \'Name server\' is required for master zones.';
- for ($i=0;$i < count($_POST);$i++){
- if (key_exists("hostname$i",$_POST)){
- if ($_POST['reverso']=="on"){
- $_POST["hostvalue$i"]="";
- if (!preg_match("/(PTR|NS)/",$_POST["hosttype$i"]))
- $input_errors[] = 'On reverse zones, valid record types are NS or PTR';
- }
- if (preg_match("/(MX|NS)/",$_POST["hosttype$i"]))
- $_POST["hostname$i"]="";
- if (!preg_match("/(MX|NS)/",$_POST["hosttype$i"]) && $_POST["hostname$i"]=="")
- $input_errors[] = 'Record cannot be empty for '.$_POST["hosttype$i"].' type ';
- if ($_POST["hosttype$i"]=="MX" && $_POST["hostvalue$i"]=="")
- $_POST["hostvalue$i"]="10";
- if ($_POST["hosttype$i"]!="MX" && $_POST["hostvalue$i"]!="")
- $_POST["hostvalue$i"]="";
- if ($_POST["hostdst$i"]=="")
- $input_errors[] = 'Alias or IP address cannot be empty.';
+ switch ($_POST['type']){
+ case 'slave':
+ if( $_POST['slaveip'] == "")
+ $input_errors[] = 'The field \'Master Zone IP\' is required for slave zones.';
+ break;
+ case 'forward':
+ if( $_POST['forwarders'] == "")
+ $input_errors[] = 'The field \'Forwarders\' is required for forward zones.';
+ break;
+ default:
+ if($_POST['nameserver']=='')
+ $input_errors[] = 'The field \'Name server\' is required for master zones.';
+ for ($i=0;$i < count($_POST);$i++){
+ if (key_exists("hostname$i",$_POST)){
+ if ($_POST['reverso']=="on"){
+ $_POST["hostvalue$i"]="";
+ if (!preg_match("/(PTR|NS)/",$_POST["hosttype$i"]))
+ $input_errors[] = 'On reverse zones, valid record types are NS or PTR';
+ }
+ if (preg_match("/(MX|NS)/",$_POST["hosttype$i"]))
+ $_POST["hostname$i"]="";
+ if (!preg_match("/(MX|NS)/",$_POST["hosttype$i"]) && $_POST["hostname$i"]=="")
+ $input_errors[] = 'Record cannot be empty for '.$_POST["hosttype$i"].' type ';
+ if ($_POST["hosttype$i"]=="MX" && $_POST["hostvalue$i"]=="")
+ $_POST["hostvalue$i"]="10";
+ if ($_POST["hosttype$i"]!="MX" && $_POST["hostvalue$i"]!="")
+ $_POST["hostvalue$i"]="";
+ if ($_POST["hostdst$i"]=="")
+ $input_errors[] = 'Alias or IP address cannot be empty.';
}
}
- }
+ }
}
function bind_sync(){
global $config;
conf_mount_rw();
-
+ //create rndc
+ $rndc_confgen="/usr/local/sbin/rndc-confgen";
+ if (!file_exists(BIND_LOCALBASE."/etc/rndc-confgen.pfsense") && file_exists($rndc_confgen)){
+ exec("$rndc_confgen ",$rndc_conf);
+ foreach($rndc_conf as $line)
+ $confgen_file.="$line\n";
+ file_put_contents(BIND_LOCALBASE."/etc/rndc-confgen.pfsese",$confgen_file);
+ }
+ if (file_exists(BIND_LOCALBASE."/etc/rndc-confgen.pfsese")){
+ $rndc_conf=file(BIND_LOCALBASE."/etc/rndc-confgen.pfsese");
+ $confgen="rndc.conf";
+ $rndc_bindconf="";
+ foreach ($rndc_conf as $line){
+ if ($confgen =="rndc.conf"){
+ if (!preg_match ("/^#/",$line))
+ $rndc_file.=$line;
+ }
+ else{
+ if (!preg_match ("/named.conf/",$line))
+ $rndc_bindconf.=preg_replace('/#/',"",$line);
+ }
+ if (preg_match("/named.conf/",$line)){
+ $confgen="named.conf";
+ file_put_contents(BIND_LOCALBASE."/etc/rndc.conf",$rndc_file);
+ }
+ }
+ }
+
$bind = $config["installedpackages"]["bind"]["config"][0];
$bind_enable = $bind['enable_bind'];
$bind_forwarder = $bind['bind_forwarder'];
@@ -95,16 +127,17 @@ function bind_zone_validate($post, $input_errors){
$custom_options = base64_decode($bind['bind_custom_options']);
$bind_logging = $bind['bind_logging'];
$bind_conf ="#Bind pfsense configuration\n";
- $bind_conf .="#Do not edit this file!!!\n";
-$bind_conf .= <<<EOD
-
- options {
- directory "/etc/namedb";
- pid-file "/var/run/named/pid";
- statistics-file "/var/log/named.stats";
- max-cache-size {$ram_limit};
- query-source address * port 53;
-
+ $bind_conf .="#Do not edit this file!!!\n\n";
+ $bind_conf .= "$rndc_bindconf\n";
+ $bind_conf .= <<<EOD
+
+options {
+ directory "/etc/namedb";
+ pid-file "/var/run/named/pid";
+ statistics-file "/var/log/named.stats";
+ max-cache-size {$ram_limit};
+ query-source address * port 53;
+
EOD;
// check response rate limit option
//https://kb.isc.org/article/AA-01000/0/A-Quick-Introduction-to-Response-Rate-Limiting.html
@@ -250,6 +283,7 @@ EOD;
$zoneview = $zone['view'];
$zonecustom = $zone['custom'];
$zoneipslave = $zone['slaveip'];
+ $zoneforwarders=$zone['forwarders'];
$zonereverso = $zone['reverso'];
if (!(is_dir(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview")))
@@ -275,22 +309,29 @@ EOD;
$bind_conf .= "\tzone \"$zonename\" {\n";
$bind_conf .= "\t\ttype $zonetype;\n";
- $bind_conf .= "\t\tfile \"/etc/namedb/$zonetype/$zoneview/$zonename.DB\";\n";
- if ($zonetype == "slave")
+ if ($zonetype != "forward")
+ $bind_conf .= "\t\tfile \"/etc/namedb/$zonetype/$zoneview/$zonename.DB\";\n";
+ switch ($zonetype){
+ case "slave":
$bind_conf .= "\t\tmasters { $zoneipslave; };\n";
- if ($zonetype != "slave")
+ break;
+ case "forward":
+ $bind_conf .= "\t\tforward only;\n";
+ $bind_conf .= "\t\tforwarders { $zoneforwarders; };\n";
+ break;
+ default:
$bind_conf .= "\t\tallow-update { $zoneallowupdate;};\n";
- if ($zonetype != "slave")
$bind_conf .= "\t\tallow-query { $zoneallowquery;};\n";
- if ($zonetype != "slave")
- $bind_conf .= "\t\tallow-transfer { $zoneallowtransfer;};\n";
+ $bind_conf .= "\t\tallow-transfer { $zoneallowtransfer;};\n";
+ }
if ($zonecustom != '')
$bind_conf .= "\t\t$zonecustom\n";
$bind_conf .= "\t};\n\n";
- if ($zonetype == "master"){
- $zonetll = $zone['tll'];
+ switch($zonetype){
+ case "master":
+ $zonetll = ($zone['tll']?$zone['tll']:"43200");
$zonemail = ($zone['mail']?$zone['mail']:"zonemaster.{$zonename}");
$zonemail = preg_replace("/@/",".",$zonemail);
$zoneserial = $zone['serial'];
@@ -350,14 +391,18 @@ EOD;
file_put_contents(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB", $zone_conf);
$config["installedpackages"]["bindzone"]["config"][$x][resultconfig]=base64_encode($zone_conf);
$write_config++;
- }
- else{
+ break;
+ case "slave":
+ //check/update slave dir permission
+ chown(CHROOT_LOCALBASE."/etc/namedb/$zonetype","bind");
+ chown(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview","bind");
//check if exists slave zone file
if (file_exists(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB")){
$slave_file=file_get_contents(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB");
$config["installedpackages"]["bindzone"]["config"][$x][resultconfig]=base64_encode($slave_file);
$write_config++;
}
+ break;
}
}
}
@@ -366,17 +411,34 @@ EOD;
}
$bind_conf .= "};\n";
}
- $dirs=array("/etc/namedb","/var/run/named","/var/dump","/var/log","/var/stats");
+ $dirs=array("/etc/namedb","/var/run/named","/var/dump","/var/log","/var/stats","/dev");
foreach ($dirs as $dir){
if (!is_dir(CHROOT_LOCALBASE .$dir))
mkdir(CHROOT_LOCALBASE .$dir,0755,true);
}
- file_put_contents(CHROOT_LOCALBASE.'/etc/namedb/named.conf', $bind_conf);
+ //http://www.unixwiz.net/techtips/bind9-chroot.html
+ //create devices on chroot
+ exec('ls -lL /dev/zero /dev/null /dev/random',$devs);
+ foreach ($devs as $cdev){
+ $dev=explode(" ",preg_replace("/,/","",$cdev));
+ if (preg_match("/\w+/",$dev[15]) && !file_exists(CHROOT_LOCALBASE.$dev[15])){
+ if (preg_match("/\d+/",$dev[9]) && preg_match("/\d+/",$dev[11]))
+ exec("/sbin/mknod ".CHROOT_LOCALBASE."{$dev[15]} c {$dev[9]} {$dev[11]}");
+ }
+ }
+
+ file_put_contents(CHROOT_LOCALBASE.'/etc/namedb/named.conf', $bind_conf);
+ file_put_contents(CHROOT_LOCALBASE.'/etc/namedb/rndc.conf', $rndc_file);
+
if (!file_exists(CHROOT_LOCALBASE."/etc/namedb/named.root")){
+ //dig +tcp @a.root-servers.net > CHROOT_LOCALBASE."/etc/namedb/named.root"
$named_root=file_get_contents("http://www.internic.net/domain/named.root");
file_put_contents(CHROOT_LOCALBASE."/etc/namedb/named.root",$named_root,LOCK_EX);
}
-
+ if (!file_exists(CHROOT_LOCALBASE."/etc/localtime")){
+ copy("/etc/localtime", CHROOT_LOCALBASE."/etc/localtime");
+ }
+
bind_write_rcfile();
chown(CHROOT_LOCALBASE."/var/log","bind");
chgrp(CHROOT_LOCALBASE."/var/log","bind");
@@ -395,32 +457,47 @@ function bind_print_javascript_type_zone(){
var field = document.iform.type;
var tipo = field.options[field.selectedIndex].value;
- if (tipo == 'master') {
-
- document.iform.slaveip.disabled = 1;
- document.iform.tll.disabled = 0;
- document.iform.nameserver.disabled = 0;
- document.iform.ipns.disabled = 0;
- document.iform.mail.disabled = 0;
- document.iform.serial.disabled = 0;
- document.iform.refresh.disabled = 0;
- document.iform.retry.disabled = 0;
- document.iform.expire.disabled = 0;
- document.iform.minimum.disabled = 0;
-
- }
- else {
- document.iform.slaveip.disabled = 0;
- document.iform.tll.disabled = 1;
- document.iform.nameserver.disabled = 1;
- document.iform.ipns.disabled = 1;
- document.iform.mail.disabled = 1;
- document.iform.serial.disabled = 1;
- document.iform.refresh.disabled = 1;
- document.iform.retry.disabled = 1;
- document.iform.expire.disabled = 1;
- document.iform.minimum.disabled = 1;
- }
+ switch (tipo){
+ case 'master':
+ document.iform.slaveip.disabled = 1;
+ document.iform.tll.disabled = 0;
+ document.iform.nameserver.disabled = 0;
+ document.iform.forwarders.disabled = 1;
+ document.iform.ipns.disabled = 0;
+ document.iform.mail.disabled = 0;
+ document.iform.serial.disabled = 0;
+ document.iform.refresh.disabled = 0;
+ document.iform.retry.disabled = 0;
+ document.iform.expire.disabled = 0;
+ document.iform.minimum.disabled = 0;
+ break;
+ case 'slave':
+ document.iform.slaveip.disabled = 0;
+ document.iform.tll.disabled = 1;
+ document.iform.nameserver.disabled = 1;
+ document.iform.forwarders.disabled = 1;
+ document.iform.ipns.disabled = 1;
+ document.iform.mail.disabled = 1;
+ document.iform.serial.disabled = 1;
+ document.iform.refresh.disabled = 1;
+ document.iform.retry.disabled = 1;
+ document.iform.expire.disabled = 1;
+ document.iform.minimum.disabled = 1;
+ break;
+ case 'forward':
+ document.iform.slaveip.disabled = 1;
+ document.iform.tll.disabled = 1;
+ document.iform.nameserver.disabled = 1;
+ document.iform.forwarders.disabled = 0;
+ document.iform.ipns.disabled = 1;
+ document.iform.mail.disabled = 1;
+ document.iform.serial.disabled = 1;
+ document.iform.refresh.disabled = 1;
+ document.iform.retry.disabled = 1;
+ document.iform.expire.disabled = 1;
+ document.iform.minimum.disabled = 1;
+ break;
+ }
}
-->
</script>
diff --git a/config/bind/bind.widget.php b/config/bind/bind.widget.php
new file mode 100644
index 00000000..490ded9b
--- /dev/null
+++ b/config/bind/bind.widget.php
@@ -0,0 +1,86 @@
+<?php
+/*
+ Copyright 2013 Marcello Coutinho
+ Part of bind package for pfSense(www.pfsense.com)
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+@require_once("guiconfig.inc");
+@require_once("pfsense-utils.inc");
+@require_once("functions.inc");
+
+$uname=posix_uname();
+if ($uname['machine']=='amd64')
+ ini_set('memory_limit', '250M');
+
+function open_table(){
+ echo "<table style=\"padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">";
+ echo" <tr>";
+}
+function close_table(){
+ echo" </tr>";
+ echo"</table>";
+
+}
+
+$pfb_table=array();
+$img['Sick']="<img src ='/themes/{$g['theme']}/images/icons/icon_interface_down.gif'>";
+$img['Healthy']="<img src ='/themes/{$g['theme']}/images/icons/icon_interface_up.gif'>";
+
+
+#var_dump($pfb_table);
+#exit;
+?><div id='bind'><?php
+global $config;
+$rndc_bin="/usr/local/sbin/rndc";
+
+if (file_exists($rndc_bin))
+ exec("$rndc_bin status",$status);
+
+open_table();
+foreach($status as $line){
+ $fields=explode(":",$line);
+ print "<tr><td class=\"vncellt\"width=50%><strong>".ucfirst($fields[0])."</strong></td>\n";
+ print "<td class=\"listlr\">{$fields[1]}</td>\n</tr>";
+ }
+close_table();
+echo"</div>";
+
+?>
+<script type="text/javascript">
+ function getstatus_bind() {
+ var url = "/widgets/widgets/bind.widget.php";
+ var pars = 'getupdatestatus=yes';
+ var myAjax = new Ajax.Request(
+ url,
+ {
+ method: 'get',
+ parameters: pars,
+ onComplete: activitycallback_bind
+ });
+ }
+ function activitycallback_bind(transport) {
+ $('bind').innerHTML = transport.responseText;
+ setTimeout('getstatus_postfix()', 5000);
+ }
+ getstatus_bind();
+</script>
diff --git a/config/bind/bind.xml b/config/bind/bind.xml
index 97dc7012..aa6a5f25 100644
--- a/config/bind/bind.xml
+++ b/config/bind/bind.xml
@@ -123,6 +123,11 @@
<chmod>0755</chmod>
<item>http://www.pfsense.org/packages/config/bind/pkg_bind.inc</item>
</additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/www/widgets/widgets/</prefix>
+ <chmod>0755</chmod>
+ <item>http://www.pfsense.org/packages/config/bind/bind.widget.php</item>
+ </additional_files_needed>
<fields>
<field>
<type>listtopic</type>
diff --git a/config/bind/bind_zones.xml b/config/bind/bind_zones.xml
index 11cfb0e2..508056c0 100644
--- a/config/bind/bind_zones.xml
+++ b/config/bind/bind_zones.xml
@@ -94,6 +94,10 @@
<fieldname>view</fieldname>
</columnitem>
<columnitem>
+ <fielddescr>Serial</fielddescr>
+ <fieldname>serial</fieldname>
+ </columnitem>
+ <columnitem>
<fielddescr>Description</fielddescr>
<fieldname>description</fieldname>
</columnitem>
@@ -119,18 +123,11 @@
<fieldname>type</fieldname>
<description>Select zone type</description>
<type>select</type>
- <options>
- <option>
- <name>Master</name>
- <value>master</value>
- <enablefields>description</enablefields>
- </option>
- <option>
- <name>Slave</name>
- <value>slave</value>
- <enablefields>ttl</enablefields>
- </option>
- </options>
+ <options>
+ <option><name>Master</name><value>master</value><enablefields>description</enablefields></option>
+ <option><name>Slave</name><value>slave</value><enablefields>ttl</enablefields></option>
+ <option><name>Forward</name><value>forward</value><enablefields>forward</enablefields></option>
+ </options>
<onchange>on_type_zone_changed()</onchange>
<required/>
</field>
@@ -178,6 +175,19 @@
</field>
<field>
<type>listtopic</type>
+ <name>Forward Zone Configuration </name>
+ <fieldname>temp04</fieldname>
+ </field>
+ <field>
+ <fielddescr>Forwarders</fielddescr>
+ <fieldname>forwarders</fieldname>
+ <description>Enter forwarders IPs for this domain. Separate by semi-colons (;).</description>
+ <type>input</type>
+ <size>60</size>
+ </field>
+
+ <field>
+ <type>listtopic</type>
<name>Master Zone Configuration </name>
<fieldname>temp03</fieldname>
</field>
@@ -352,7 +362,8 @@
<custom_php_command_before_form>
</custom_php_command_before_form>
<custom_php_validation_command>
- $_POST['serial']=(date("U")+ 1000000000);
+ if ($_POST['type']=="master")
+ $_POST['serial']=(date("U")+ 1000000000);
bind_zone_validate($_POST, &amp;$input_errors);
</custom_php_validation_command>
<custom_delete_php_command>