From ff195c7cf770dbd9385c22feb9a69289c5cfae23 Mon Sep 17 00:00:00 2001
From: Marcello Coutinho <marcellocoutinho@gmail.com>
Date: Thu, 17 Oct 2013 16:12:45 -0300
Subject: bind - add widget, forward zone, rndc config and check slave zone dir
 permissions

---
 config/bind/bind.inc        | 227 +++++++++++++++++++++++++++++---------------
 config/bind/bind.widget.php |  86 +++++++++++++++++
 config/bind/bind.xml        |   5 +
 config/bind/bind_zones.xml  |  37 +++++---
 4 files changed, 267 insertions(+), 88 deletions(-)
 create mode 100644 config/bind/bind.widget.php

(limited to 'config/bind')

diff --git a/config/bind/bind.inc b/config/bind/bind.inc
index 1bcefa16..6e04e649 100644
--- a/config/bind/bind.inc
+++ b/config/bind/bind.inc
@@ -51,40 +51,72 @@ function bind_zone_validate($post, $input_errors){
 	if (key_exists("mail",$_POST))
 		$_POST['mail']=preg_replace("/@/",".",$post['mail']);
 		
-	if ($_POST['type']=='slave'){
-		if( $_POST['slaveip'] == "")
-			$input_errors[] = 'The field \'Master Zone IP\' is required for slave zones.';
-		}
-	else{
-		if($_POST['nameserver']=='')
-			$input_errors[] = 'The field \'Name server\' is required for master zones.';
-		for ($i=0;$i < count($_POST);$i++){
-			if (key_exists("hostname$i",$_POST)){
-				if ($_POST['reverso']=="on"){
-					$_POST["hostvalue$i"]="";
-					if (!preg_match("/(PTR|NS)/",$_POST["hosttype$i"]))
-						$input_errors[] = 'On reverse zones, valid record types are NS or PTR';
-					}
-				if (preg_match("/(MX|NS)/",$_POST["hosttype$i"]))
-					$_POST["hostname$i"]="";
-				if (!preg_match("/(MX|NS)/",$_POST["hosttype$i"]) && $_POST["hostname$i"]=="")
-					$input_errors[] = 'Record cannot be empty for '.$_POST["hosttype$i"].' type ';
-				if ($_POST["hosttype$i"]=="MX" && $_POST["hostvalue$i"]=="")
-					$_POST["hostvalue$i"]="10";
-				if ($_POST["hosttype$i"]!="MX" && $_POST["hostvalue$i"]!="")
-					$_POST["hostvalue$i"]="";
-				if ($_POST["hostdst$i"]=="")
-					$input_errors[] = 'Alias or IP address cannot be empty.';
+	switch ($_POST['type']){
+		case 'slave':
+			if( $_POST['slaveip'] == "")
+				$input_errors[] = 'The field \'Master Zone IP\' is required for slave zones.';
+		break;
+		case 'forward':
+			if( $_POST['forwarders'] == "")
+			$input_errors[] = 'The field \'Forwarders\' is required for forward zones.';
+		break;
+		default:
+			if($_POST['nameserver']=='')
+				$input_errors[] = 'The field \'Name server\' is required for master zones.';
+			for ($i=0;$i < count($_POST);$i++){
+				if (key_exists("hostname$i",$_POST)){
+					if ($_POST['reverso']=="on"){
+						$_POST["hostvalue$i"]="";
+						if (!preg_match("/(PTR|NS)/",$_POST["hosttype$i"]))
+							$input_errors[] = 'On reverse zones, valid record types are NS or PTR';
+						}
+					if (preg_match("/(MX|NS)/",$_POST["hosttype$i"]))
+						$_POST["hostname$i"]="";
+					if (!preg_match("/(MX|NS)/",$_POST["hosttype$i"]) && $_POST["hostname$i"]=="")
+						$input_errors[] = 'Record cannot be empty for '.$_POST["hosttype$i"].' type ';
+					if ($_POST["hosttype$i"]=="MX" && $_POST["hostvalue$i"]=="")
+						$_POST["hostvalue$i"]="10";
+					if ($_POST["hosttype$i"]!="MX" && $_POST["hostvalue$i"]!="")
+						$_POST["hostvalue$i"]="";
+					if ($_POST["hostdst$i"]=="")
+						$input_errors[] = 'Alias or IP address cannot be empty.';
 				}
 			}
-	}
+		}
 }
 
  function bind_sync(){
 
 	global $config;
 	conf_mount_rw();
-	
+	//create rndc
+	$rndc_confgen="/usr/local/sbin/rndc-confgen";
+	if (!file_exists(BIND_LOCALBASE."/etc/rndc-confgen.pfsense") && file_exists($rndc_confgen)){
+		exec("$rndc_confgen ",$rndc_conf);
+		foreach($rndc_conf as $line)
+			$confgen_file.="$line\n";
+		file_put_contents(BIND_LOCALBASE."/etc/rndc-confgen.pfsese",$confgen_file);
+		}
+	if (file_exists(BIND_LOCALBASE."/etc/rndc-confgen.pfsese")){
+		$rndc_conf=file(BIND_LOCALBASE."/etc/rndc-confgen.pfsese");
+		$confgen="rndc.conf";
+		$rndc_bindconf="";
+		foreach ($rndc_conf as $line){
+			if ($confgen =="rndc.conf"){
+				if (!preg_match ("/^#/",$line))
+					$rndc_file.=$line;
+				}
+			else{
+				if (!preg_match ("/named.conf/",$line))
+					$rndc_bindconf.=preg_replace('/#/',"",$line);
+				}
+			if (preg_match("/named.conf/",$line)){
+				$confgen="named.conf";
+				file_put_contents(BIND_LOCALBASE."/etc/rndc.conf",$rndc_file);
+				}
+		}
+	}
+	 
 	$bind = $config["installedpackages"]["bind"]["config"][0];
 	$bind_enable = $bind['enable_bind'];
 	$bind_forwarder = $bind['bind_forwarder'];
@@ -95,16 +127,17 @@ function bind_zone_validate($post, $input_errors){
 	$custom_options = base64_decode($bind['bind_custom_options']);
 	$bind_logging = $bind['bind_logging'];
 	$bind_conf ="#Bind pfsense configuration\n";
-	$bind_conf .="#Do not edit this file!!!\n";
-$bind_conf .= <<<EOD
-
-	options {
-		directory "/etc/namedb";
-		pid-file "/var/run/named/pid";
-		statistics-file "/var/log/named.stats";
-		max-cache-size {$ram_limit};
-		query-source address * port 53;
-
+	$bind_conf .="#Do not edit this file!!!\n\n";
+	$bind_conf .= "$rndc_bindconf\n";
+	$bind_conf .= <<<EOD
+
+options {
+	directory "/etc/namedb";
+	pid-file "/var/run/named/pid";
+	statistics-file "/var/log/named.stats";
+	max-cache-size {$ram_limit};
+	query-source address * port 53;
+	
 EOD;
 	// check response rate limit option
 	//https://kb.isc.org/article/AA-01000/0/A-Quick-Introduction-to-Response-Rate-Limiting.html
@@ -250,6 +283,7 @@ EOD;
 			$zoneview = $zone['view'];
 			$zonecustom = $zone['custom'];
 			$zoneipslave = $zone['slaveip'];
+			$zoneforwarders=$zone['forwarders'];
 			$zonereverso = $zone['reverso'];
 			
 			if (!(is_dir(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview")))
@@ -275,22 +309,29 @@ EOD;
 						$bind_conf .= "\tzone \"$zonename\" {\n";
         		
 					$bind_conf .= "\t\ttype $zonetype;\n";
-        			$bind_conf .= "\t\tfile \"/etc/namedb/$zonetype/$zoneview/$zonename.DB\";\n";
-				 	if ($zonetype == "slave")
+					if ($zonetype != "forward")
+        				$bind_conf .= "\t\tfile \"/etc/namedb/$zonetype/$zoneview/$zonename.DB\";\n";
+        			switch ($zonetype){
+        				case "slave":
         				$bind_conf .= "\t\tmasters { $zoneipslave; };\n";
-				 	if ($zonetype != "slave")
+        				break;
+        				case "forward":
+        				$bind_conf .= "\t\tforward only;\n";
+        				$bind_conf .= "\t\tforwarders { $zoneforwarders; };\n";
+        				break;
+        				default:
 						$bind_conf .= "\t\tallow-update { $zoneallowupdate;};\n"; 
-				 	if ($zonetype != "slave")
 						$bind_conf .= "\t\tallow-query { $zoneallowquery;};\n"; 
-				 	if ($zonetype != "slave")
-						$bind_conf .= "\t\tallow-transfer { $zoneallowtransfer;};\n"; 
+						$bind_conf .= "\t\tallow-transfer { $zoneallowtransfer;};\n";
+        				}
 				 	if ($zonecustom != '')
         				$bind_conf .= "\t\t$zonecustom\n";
         				
 					$bind_conf .= "\t};\n\n";
         
-					if ($zonetype == "master"){
-						$zonetll = $zone['tll'];
+					switch($zonetype){
+					  case "master":
+						$zonetll = ($zone['tll']?$zone['tll']:"43200");
 						$zonemail = ($zone['mail']?$zone['mail']:"zonemaster.{$zonename}");
 						$zonemail = preg_replace("/@/",".",$zonemail);				
 						$zoneserial = $zone['serial'];
@@ -350,14 +391,18 @@ EOD;
 						file_put_contents(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB", $zone_conf);
 						$config["installedpackages"]["bindzone"]["config"][$x][resultconfig]=base64_encode($zone_conf);
 						$write_config++;
-					}
-				else{
+					break;
+					case "slave":
+					//check/update slave dir permission
+					chown(CHROOT_LOCALBASE."/etc/namedb/$zonetype","bind");
+					chown(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview","bind");
 					//check if exists slave zone file
 					if (file_exists(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB")){
 						$slave_file=file_get_contents(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB");
 						$config["installedpackages"]["bindzone"]["config"][$x][resultconfig]=base64_encode($slave_file);
 						$write_config++;
 						}
+					break;
 					}
 				}
 		}
@@ -366,17 +411,34 @@ EOD;
 		}
 		$bind_conf .= "};\n";
 	}
-	$dirs=array("/etc/namedb","/var/run/named","/var/dump","/var/log","/var/stats");
+	$dirs=array("/etc/namedb","/var/run/named","/var/dump","/var/log","/var/stats","/dev");
 	foreach ($dirs as $dir){
 		if (!is_dir(CHROOT_LOCALBASE .$dir))
 			mkdir(CHROOT_LOCALBASE .$dir,0755,true);
 		}
-	file_put_contents(CHROOT_LOCALBASE.'/etc/namedb/named.conf', $bind_conf);
+	//http://www.unixwiz.net/techtips/bind9-chroot.html
+	//create devices on chroot
+	exec('ls -lL /dev/zero /dev/null /dev/random',$devs);
+	foreach ($devs as $cdev){
+		$dev=explode(" ",preg_replace("/,/","",$cdev));
+		if (preg_match("/\w+/",$dev[15]) && !file_exists(CHROOT_LOCALBASE.$dev[15])){
+			if (preg_match("/\d+/",$dev[9]) && preg_match("/\d+/",$dev[11]))
+        		exec("/sbin/mknod ".CHROOT_LOCALBASE."{$dev[15]} c {$dev[9]} {$dev[11]}");
+			}
+		}
+
+    file_put_contents(CHROOT_LOCALBASE.'/etc/namedb/named.conf', $bind_conf);
+    file_put_contents(CHROOT_LOCALBASE.'/etc/namedb/rndc.conf', $rndc_file);
+    
 	if (!file_exists(CHROOT_LOCALBASE."/etc/namedb/named.root")){
+		//dig +tcp @a.root-servers.net > CHROOT_LOCALBASE."/etc/namedb/named.root"
 		$named_root=file_get_contents("http://www.internic.net/domain/named.root");
 		file_put_contents(CHROOT_LOCALBASE."/etc/namedb/named.root",$named_root,LOCK_EX);
 	}
-
+	if (!file_exists(CHROOT_LOCALBASE."/etc/localtime")){
+		copy("/etc/localtime", CHROOT_LOCALBASE."/etc/localtime");
+	}
+	
 	bind_write_rcfile();
 	chown(CHROOT_LOCALBASE."/var/log","bind");
 	chgrp(CHROOT_LOCALBASE."/var/log","bind");
@@ -395,32 +457,47 @@ function bind_print_javascript_type_zone(){
 
 		var field = document.iform.type;
        		var tipo = field.options[field.selectedIndex].value;
-        		if (tipo == 'master') {
-		        	
-       				document.iform.slaveip.disabled = 1;
-                                document.iform.tll.disabled = 0;
-                                document.iform.nameserver.disabled = 0;
-                                document.iform.ipns.disabled = 0;
-                                document.iform.mail.disabled = 0;
-                                document.iform.serial.disabled = 0;
-                                document.iform.refresh.disabled = 0;
-                                document.iform.retry.disabled = 0;
-                                document.iform.expire.disabled = 0;
-                                document.iform.minimum.disabled = 0;
-               
-        		}
-        		else {
-       				document.iform.slaveip.disabled = 0;
-                                document.iform.tll.disabled = 1;
-                                document.iform.nameserver.disabled = 1;
-                                document.iform.ipns.disabled = 1;
-                                document.iform.mail.disabled = 1;
-                                document.iform.serial.disabled = 1;
-                                document.iform.refresh.disabled = 1;
-                                document.iform.retry.disabled = 1;
-                                document.iform.expire.disabled = 1;
-                                document.iform.minimum.disabled = 1;
-			}
+       			switch (tipo){
+       			case 'master':
+					document.iform.slaveip.disabled = 1;
+					document.iform.tll.disabled = 0;
+					document.iform.nameserver.disabled = 0;
+					document.iform.forwarders.disabled = 1;
+					document.iform.ipns.disabled = 0;
+					document.iform.mail.disabled = 0;
+					document.iform.serial.disabled = 0;
+					document.iform.refresh.disabled = 0;
+					document.iform.retry.disabled = 0;
+					document.iform.expire.disabled = 0;
+					document.iform.minimum.disabled = 0;
+               	break;
+               	case 'slave':
+					document.iform.slaveip.disabled = 0;
+					document.iform.tll.disabled = 1;
+					document.iform.nameserver.disabled = 1;
+					document.iform.forwarders.disabled = 1;
+					document.iform.ipns.disabled = 1;
+					document.iform.mail.disabled = 1;
+					document.iform.serial.disabled = 1;
+					document.iform.refresh.disabled = 1;
+					document.iform.retry.disabled = 1;
+					document.iform.expire.disabled = 1;
+					document.iform.minimum.disabled = 1;
+					break;
+               	case 'forward':
+					document.iform.slaveip.disabled = 1;
+					document.iform.tll.disabled = 1;
+					document.iform.nameserver.disabled = 1;
+					document.iform.forwarders.disabled = 0;
+					document.iform.ipns.disabled = 1;
+					document.iform.mail.disabled = 1;
+					document.iform.serial.disabled = 1;
+					document.iform.refresh.disabled = 1;
+					document.iform.retry.disabled = 1;
+					document.iform.expire.disabled = 1;
+					document.iform.minimum.disabled = 1;
+				break;
+       			}
         }
         -->
         </script>
diff --git a/config/bind/bind.widget.php b/config/bind/bind.widget.php
new file mode 100644
index 00000000..490ded9b
--- /dev/null
+++ b/config/bind/bind.widget.php
@@ -0,0 +1,86 @@
+<?php 
+/*
+        Copyright 2013 Marcello Coutinho
+        Part of bind package for pfSense(www.pfsense.com)
+
+        Redistribution and use in source and binary forms, with or without
+        modification, are permitted provided that the following conditions are met:
+
+        1. Redistributions of source code must retain the above copyright notice,
+           this list of conditions and the following disclaimer.
+
+        2. Redistributions in binary form must reproduce the above copyright
+           notice, this list of conditions and the following disclaimer in the
+           documentation and/or other materials provided with the distribution.
+
+        THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+        INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+        AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+        AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+        OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+        SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+        INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+        CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+        ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+        POSSIBILITY OF SUCH DAMAGE.
+*/
+@require_once("guiconfig.inc");
+@require_once("pfsense-utils.inc");
+@require_once("functions.inc");
+
+$uname=posix_uname();
+if ($uname['machine']=='amd64')
+        ini_set('memory_limit', '250M');
+        
+function open_table(){
+	echo "<table style=\"padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">";
+	echo"  <tr>";
+}
+function close_table(){
+	echo"  </tr>";
+	echo"</table>";
+	
+}
+
+$pfb_table=array();
+$img['Sick']="<img src ='/themes/{$g['theme']}/images/icons/icon_interface_down.gif'>";
+$img['Healthy']="<img src ='/themes/{$g['theme']}/images/icons/icon_interface_up.gif'>";
+
+
+#var_dump($pfb_table);
+#exit;
+?><div id='bind'><?php 
+global $config;
+$rndc_bin="/usr/local/sbin/rndc";
+
+if (file_exists($rndc_bin))
+	exec("$rndc_bin status",$status);
+
+open_table();
+foreach($status as $line){
+	$fields=explode(":",$line);
+	print "<tr><td class=\"vncellt\"width=50%><strong>".ucfirst($fields[0])."</strong></td>\n";
+	print "<td class=\"listlr\">{$fields[1]}</td>\n</tr>";
+	}
+close_table();
+echo"</div>";
+
+?>
+<script type="text/javascript">
+	function getstatus_bind() {
+		var url = "/widgets/widgets/bind.widget.php";
+		var pars = 'getupdatestatus=yes';
+		var myAjax = new Ajax.Request(
+			url,
+			{
+				method: 'get',
+				parameters: pars,
+				onComplete: activitycallback_bind
+			});
+		}
+	function activitycallback_bind(transport) {
+		$('bind').innerHTML = transport.responseText;
+		setTimeout('getstatus_postfix()', 5000);
+	}
+	getstatus_bind();
+</script>
diff --git a/config/bind/bind.xml b/config/bind/bind.xml
index 97dc7012..aa6a5f25 100644
--- a/config/bind/bind.xml
+++ b/config/bind/bind.xml
@@ -123,6 +123,11 @@
             <chmod>0755</chmod>
                 <item>http://www.pfsense.org/packages/config/bind/pkg_bind.inc</item>
         </additional_files_needed>
+        <additional_files_needed>
+            <prefix>/usr/local/www/widgets/widgets/</prefix>
+            <chmod>0755</chmod>
+                <item>http://www.pfsense.org/packages/config/bind/bind.widget.php</item>
+        </additional_files_needed>
         <fields>
                 <field>
                         <type>listtopic</type>
diff --git a/config/bind/bind_zones.xml b/config/bind/bind_zones.xml
index 11cfb0e2..508056c0 100644
--- a/config/bind/bind_zones.xml
+++ b/config/bind/bind_zones.xml
@@ -93,6 +93,10 @@
 			<fielddescr>View Name</fielddescr>
 			<fieldname>view</fieldname>
 		</columnitem>
+		<columnitem>
+			<fielddescr>Serial</fielddescr>
+			<fieldname>serial</fieldname>
+		</columnitem>
 		<columnitem>
 			<fielddescr>Description</fielddescr>
 			<fieldname>description</fieldname>
@@ -119,18 +123,11 @@
 			<fieldname>type</fieldname>
 			<description>Select zone type</description>
 		        <type>select</type>
-                        	<options>
-                                <option>
-                                        <name>Master</name>
-                                        <value>master</value>
-                                        <enablefields>description</enablefields>
-				</option>
-                                <option>
-                                        <name>Slave</name>
-                                        <value>slave</value>
-                                        <enablefields>ttl</enablefields>
-                                </option>
-                        </options>
+					<options>
+						<option><name>Master</name><value>master</value><enablefields>description</enablefields></option>
+						<option><name>Slave</name><value>slave</value><enablefields>ttl</enablefields></option>
+						<option><name>Forward</name><value>forward</value><enablefields>forward</enablefields></option>
+					</options>
                        <onchange>on_type_zone_changed()</onchange> 
 			<required/>
 		</field>
@@ -176,6 +173,19 @@
 			<description>If zone is slave, enter the IP address of the master DNS zone.</description>
 			<type>input</type>
 		</field>
+		<field>
+		        <type>listtopic</type>
+                        <name>Forward Zone Configuration </name>
+                        <fieldname>temp04</fieldname>
+		</field>
+		<field>
+			<fielddescr>Forwarders</fielddescr>
+			<fieldname>forwarders</fieldname>
+			<description>Enter forwarders IPs for this domain. Separate by semi-colons (;).</description>
+			<type>input</type>
+			<size>60</size>
+		</field>
+
 		<field>
 		        <type>listtopic</type>
                         <name>Master Zone Configuration </name>
@@ -352,7 +362,8 @@
         <custom_php_command_before_form>
         </custom_php_command_before_form>
 	<custom_php_validation_command>
-		$_POST['serial']=(date("U")+ 1000000000);
+		if ($_POST['type']=="master")
+			$_POST['serial']=(date("U")+ 1000000000);
 		bind_zone_validate($_POST, &amp;$input_errors);
 	</custom_php_validation_command>
 	<custom_delete_php_command>
-- 
cgit v1.2.3