gitlabFork/ISPConfig3.git - Solinfo Gitblit

			@@ -35,6 +35,27 @@

			// job schedule
			protected $_schedule = '30 3 * * *'; //daily at 3:30 a.m.

			private function increase_serial($serial){
			global $app, $conf;

			// increase serial
			$serial_date = $app->functions->intval(substr($serial, 0, 8));
			$count = $app->functions->intval(substr($serial, 8, 2));
			$current_date = date("Ymd");
			if($serial_date >= $current_date){
			$count += 1;
			if ($count > 99) {
			$serial_date += 1;
			$count = 0;
			}
			$count = str_pad($count, 2, "0", STR_PAD_LEFT);
			$new_serial = $serial_date.$count;
			} else {
			$new_serial = $current_date.'01';
			}
			return $new_serial;
			}

			public function onRunJob() {
			global $app, $conf;
			@@ -47,38 +68,14 @@

			//TODO : change this when distribution information has been integrated into server record
			$filespre = (file_exists('/etc/gentoo-release')) ? 'pri/' : 'pri.';

			$soas = $app->db->queryAllRecords('SELECT * FROM dns_soa WHERE dnssec_wanted=\'Y\' AND dnssec_initialized=\'Y\' AND dnssec_last_signed < '.(time()-(3600245)+900)); //Resign zones every 5 days (expiry is 16 days so we have enough safety, 15 minutes tolerance)

			$soas = $app->db->queryAllRecords('SELECT `id`,`serial`,`origin` FROM dns_soa WHERE server_id=? AND active=\'Y\' AND dnssec_wanted=\'Y\' AND dnssec_initialized=\'Y\' AND (dnssec_last_signed < ? OR dnssec_last_signed > ?)', intval($conf['server_id']), time()-(3600245)+900, time()+900); //Resign zones every 5 days (expiry is 16 days so we have enough safety, 15 minutes tolerance)

			foreach ($soas as $data) {
			$domain = substr($data['origin'], 0, strlen($data['origin'])-1);
			if (!file_exists($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain)) return false;
			if (!file_exists($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain)) continue;

			$app->log('DNSSEC Auto-Resign: Resigning zone '.$domain, LOGLEVEL_INFO);

			$zonefile = file_get_contents($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain);
			$keycount=0;
			foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'*.key') as $keyfile) {
			$includeline = '$INCLUDE '.basename($keyfile);
			if (!preg_match('@'.preg_quote($includeline).'@', $zonefile)) $zonefile .= "\n".$includeline."\n";
			$keycount++;
			}
			if ($keycount != 2) $app->log('DNSSEC Warning: There are more or less than 2 keyfiles for zone '.$domain, LOGLEVEL_WARN);
			file_put_contents($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain, $zonefile);

			//Sign the zone and set it valid for max. 16 days
			exec('cd '.escapeshellcmd($dns_config['bind_zonefiles_dir']).';'.
			'/usr/sbin/dnssec-signzone -A -e +1382400 -3 $(head -c 1000 /dev/random \| sha1sum \| cut -b 1-16) -N increment -o '.escapeshellcmd($domain).' -t '.$filespre.escapeshellcmd($domain));

			//Write Data back into DB
			$dnssecdata = "DS-Records:\n".file_get_contents($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.');
			$dnssecdata .= "\n------------------------------------\n\nDNSKEY-Records:\n";
			foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'*.key') as $keyfile) {
			$dnssecdata .= file_get_contents($keyfile)."\n\n";
			}

			$app->db->query('UPDATE dns_soa SET dnssec_info=\''.$dnssecdata.'\', dnssec_initialized=\'Y\', dnssec_last_signed=\''.time().'\' WHERE id='.$data['id']);
			$data = next($soas);
			$app->log('DNSSEC Auto-Resign: Touching zone '.$domain, LOGLEVEL_DEBUG);
			$app->db->datalogUpdate('dns_soa', array("serial" => $this->increase_serial($data['serial'])), 'id', $data['id']);
			}

			parent::onRunJob();
			@@ -86,4 +83,4 @@

			}

			?>
			?>