gitlabFork/ISPConfig3.git - Solinfo Gitblit

			@@ -76,6 +76,46 @@

			}

			//* This creates DNSSEC-Keys but does NOT actually sign the zone.
			function soa_dnssec_create(&$data) {
			global $app, $conf;

			//* Load libraries
			$app->uses("getconf,tpl");

			//* load the server configuration options
			$dns_config = $app->getconf->get_server_config($conf["server_id"], 'dns');

			//* Check Entropy
			if (file_get_contents('/proc/sys/kernel/random/entropy_avail') < 400) {
			if($dns_config['disable_bind_log'] === 'y') {
			$app->log('DNSSEC ERROR: We are low on entropy. Not generating new Keys for '.$data['new']['origin'].'. Please consider installing package haveged.', LOGLEVEL_DEBUG);
			} else {
			$app->log('DNSSEC ERROR: We are low on entropy. Not generating new Keys for '.$data['new']['origin'].'. Please consider installing package haveged.', LOGLEVEL_WARN);
			}
			return false;
			}

			//* Verify that we do not already have keys (overwriting-protection)
			//TODO : change this when distribution information has been integrated into server record
			if (file_exists($dns_config['bind_zonefiles_dir'].'/dsset-'.$data['new']['origin'].'.')) {
			return $this->soa_dnssec_update(&$data);
			}

			//Do some magic...
			exec('cd '.escapeshellargs($dns_config['bind_zonefiles_dir']).';'.
			'dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE '.escapeshellargs($data['new']['origin']).';'.
			'dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE '.escapeshellargs($data['new']['origin']));

			$dnssecdata = "DS-Records:\n\r".file_get_contents($dns_config['bind_zonefiles_dir'].'/dsset-'.$data['new']['origin'].'.');
			opendir($dns_config['bind_zonefiles_dir']);
			$dnssecdata .= "\n\r------------------------------------\n\r\n\rDNSKEY-Records:\n\r"
			foreach (glob('K'.$data['new']['origin'].'*.key') as $keyfile) {
			$dnssecdata .= file_get_contents($keyfile)."\n\r\n\r";
			}

			$app->db->datalogUpdate('dns_soa', array('dnssec_info' => $dnssecdata), 'id', $data['new']['id']);
			}

			function soa_insert($event_name, $data) {
			global $app, $conf;
			@@ -102,17 +142,22 @@
			$zone = $data['new'];
			$tpl->setVar($zone);

			$records = $app->db->queryAllRecords("SELECT * FROM dns_rr WHERE zone = ".$zone['id']." AND active = 'Y'");
			$records = $app->db->queryAllRecords("SELECT * FROM dns_rr WHERE zone = ? AND active = 'Y'", $zone['id']);
			if(is_array($records) && !empty($records)){
			for($i=0;$i<sizeof($records);$i++){
			if($records[$i]['ttl'] == 0) $records[$i]['ttl'] = '';
			if($records[$i]['name'] == '') $records[$i]['name'] = '@';
			//* Split TXT records, if nescessary
			if($records[$i]['type'] == 'TXT' && strlen($records[$i]['data']) > 255) {
			$records[$i]['data'] = implode('" "',str_split( $records[$i]['data'], 255));
			}
			}
			}
			$tpl->setLoop('zones', $records);

			//TODO : change this when distribution information has been integrated into server record
			if (file_exists('/etc/gentoo-release')) {
			$filename = escapeshellcmd($dns_config['bind_zonefiles_dir'].'/pri.'.str_replace("/", "_", substr($zone['origin'], 0, -1)));
			$filename = escapeshellcmd($dns_config['bind_zonefiles_dir'].'/pri/'.str_replace("/", "_", substr($zone['origin'], 0, -1)));
			}
			else {
			$filename = escapeshellcmd($dns_config['bind_zonefiles_dir'].'/pri.'.str_replace("/", "_", substr($zone['origin'], 0, -1)));
			@@ -128,7 +173,11 @@
			if($return_status === 0) {
			$app->log("Writing BIND domain file: ".$filename, LOGLEVEL_DEBUG);
			} else {
			$app->log("Writing BIND domain file failed: ".$filename." ".implode(' ', $out), LOGLEVEL_WARN);
			if($dns_config['disable_bind_log'] === 'y') {
			$app->log("Writing BIND domain file failed: ".$filename." ".implode(' ', $out), LOGLEVEL_DEBUG);
			} else {
			$app->log("Writing BIND domain file failed: ".$filename." ".implode(' ', $out), LOGLEVEL_WARN);
			}
			rename($filename, $filename.'.err');
			}
			unset($tpl);
			@@ -136,7 +185,25 @@
			unset($records_out);
			unset($zone);
			}


			//* DNSSEC-Implementation
			if($data['old']['origin'] != $data['new']['origin']) {
			if (@$data['old']['dnssec_initialized'] == 'Y' && strlen(@$data['old']['origin']) > 3) exec('/usr/local/ispconfig/server/scripts/dnssec-delete.sh '.escapeshellcmd($data['old']['origin'])); //delete old keys
			if ($data['new']['dnssec_wanted'] == 'Y') $this->soa_dnssec_create($data);
			}
			else if ($data['new']['dnssec_wanted'] == 'Y' && $data['old']['dnssec_initialized'] == 'N') $this->soa_dnssec_create($data);
			else if ($data['new']['dnssec_wanted'] == 'N' && $data['old']['dnssec_initialized'] == 'Y') { //delete old signed file if dnssec is no longer wanted
			//TODO : change this when distribution information has been integrated into server record
			if (file_exists('/etc/gentoo-release')) {
			$filename = $dns_config['bind_zonefiles_dir'].'/pri/'.str_replace("/", "_", substr($data['old']['origin'], 0, -1));
			}
			else {
			$filename = $dns_config['bind_zonefiles_dir'].'/pri.'.str_replace("/", "_", substr($data['old']['origin'], 0, -1));
			}
			if(is_file($filename.'.signed')) unlink($filename.'.signed');
			} else if ($data['new']['dnssec_wanted'] == 'Y') exec('/usr/local/ispconfig/server/scripts/dnssec-update.sh '.escapeshellcmd($data['new']['origin']));
			// END DNSSEC

			//* rebuild the named.conf file if the origin has changed or when the origin is inserted.
			//if($this->action == 'insert' \|\| $data['old']['origin'] != $data['new']['origin']) {
			$this->write_named_conf($data, $dns_config);
			@@ -146,7 +213,7 @@
			if($data['old']['origin'] != $data['new']['origin']) {
			//TODO : change this when distribution information has been integrated into server record
			if (file_exists('/etc/gentoo-release')) {
			$filename = $dns_config['bind_zonefiles_dir'].'/pri.'.str_replace("/", "_", substr($data['old']['origin'], 0, -1));
			$filename = $dns_config['bind_zonefiles_dir'].'/pri/'.str_replace("/", "_", substr($data['old']['origin'], 0, -1));
			}
			else {
			$filename = $dns_config['bind_zonefiles_dir'].'/pri.'.str_replace("/", "_", substr($data['old']['origin'], 0, -1));
			@@ -154,10 +221,15 @@

			if(is_file($filename)) unlink($filename);
			if(is_file($filename.'.err')) unlink($filename.'.err');
			if(is_file($filename.'.signed')) unlink($filename.'.signed');
			}

			//* Restart bind nameserver if update_acl is not empty, otherwise reload it
			if($data['new']['update_acl'] != '') {
			$app->services->restartServiceDelayed('bind', 'restart');
			} else {
			$app->services->restartServiceDelayed('bind', 'reload');
			}

			//* Reload bind nameserver
			$app->services->restartServiceDelayed('bind', 'reload');

			}

			@@ -184,6 +256,9 @@
			if(is_file($zone_file_name.'.err')) unlink($zone_file_name.'.err');
			$app->log("Deleting BIND domain file: ".$zone_file_name, LOGLEVEL_DEBUG);

			//* DNSSEC-Implementation
			if ($data['old']['dnssec_initialized'] == 'Y') exec('/usr/local/ispconfig/server/scripts/dnssec-delete.sh '.$data['old']['origin']); //delete keys

			//* Reload bind nameserver
			$app->services->restartServiceDelayed('bind', 'reload');

			@@ -272,7 +347,7 @@
			global $app, $conf;

			//* Get the data of the soa and call soa_update
			$tmp = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ".$data['new']['zone']);
			$tmp = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data['new']['zone']);
			$data["new"] = $tmp;
			$data["old"] = $tmp;
			$this->action = 'update';
			@@ -284,7 +359,7 @@
			global $app, $conf;

			//* Get the data of the soa and call soa_update
			$tmp = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ".$data['new']['zone']);
			$tmp = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data['new']['zone']);
			$data["new"] = $tmp;
			$data["old"] = $tmp;
			$this->action = 'update';
			@@ -296,7 +371,7 @@
			global $app, $conf;

			//* Get the data of the soa and call soa_update
			$tmp = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ".intval($data['old']['zone']));
			$tmp = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data['old']['zone']);
			$data["new"] = $tmp;
			$data["old"] = $tmp;
			$this->action = 'update';
			@@ -310,18 +385,10 @@
			global $app, $conf;

			//* Only write the master file for the current server
			$tmps = $app->db->queryAllRecords("SELECT origin, xfer, also_notify, update_acl FROM dns_soa WHERE active = 'Y' AND server_id=".$conf["server_id"]);
			$tmps = $app->db->queryAllRecords("SELECT origin, xfer, also_notify, update_acl, dnssec_wanted FROM dns_soa WHERE active = 'Y' AND server_id=?", $conf["server_id"]);
			$zones = array();

			//* Check if the current zone that triggered this function has at least one NS record
			/* Has been replaced by a better zone check
			$rec_num = $app->db->queryOneRecord("SELECT count(id) as ns FROM dns_rr WHERE type = 'NS' AND zone = ".intval($data['new']['id'])." AND active = 'Y'");
			if($rec_num['ns'] == 0) {
			$exclude_zone = $data['new']['origin'];
			} else {
			$exclude_zone = '';
			}
			*/

			//TODO : change this when distribution information has been integrated into server record
			if (file_exists('/etc/gentoo-release')) {
			@@ -336,8 +403,8 @@

			//* Loop trough zones
			foreach($tmps as $tmp) {

			$zone_file = $pri_zonefiles_path.str_replace("/", "_", substr($tmp['origin'], 0, -1));
			if ($tmp['dnssec_wanted'] == 'Y') $zone_file .= '.signed'; //.signed is for DNSSEC-Implementation

			$options = '';
			if(trim($tmp['xfer']) != '') {
			@@ -361,7 +428,7 @@
			$tpl->setLoop('zones', $zones);

			//* And loop through the secondary zones, but only for the current server
			$tmps_sec = $app->db->queryAllRecords("SELECT origin, xfer, ns FROM dns_slave WHERE active = 'Y' AND server_id=".$conf["server_id"]);
			$tmps_sec = $app->db->queryAllRecords("SELECT origin, xfer, ns FROM dns_slave WHERE active = 'Y' AND server_id=?", $conf["server_id"]);
			$zones_sec = array();

			foreach($tmps_sec as $tmp) {