diff --git a/TODO.txt b/TODO.txt index 4d6881789aa3a5cd7e77c79cfb550c7773a093f6..6dcae104a29e055a6febd2ce4b761d7070052ef3 100644 --- a/TODO.txt +++ b/TODO.txt @@ -13,9 +13,6 @@ Installer -------------------------------------- - Add a function to let a server join a existing installation. -- Add Package haveged to requirements (at least if entropy is low) as it raises available entropy significantly which is very needed for DNSSEC Key-generation - If it is not installed and entropy is low generating dnssec-keys lasts minutes (and would time out the server thus is not done) and new signing keys are not generated. - If there are no keys the zones can not be signed and will only be availableas a unsigned copy. Uninstaller -------------------------------------- @@ -90,7 +87,6 @@ Remoting framework Interface -------------------------------------- - Enhance the paging in lists (e.g. like this: [1 2 3 4 ... 10]) -- DNS: Add Checkbox to switch dnssec_wanted between Y and N to templates and/or wizard. I recommend doing it in the wizard though. General tasks -------------------------------------- diff --git a/install/dist/conf/centos70.conf.php b/install/dist/conf/centos70.conf.php index 8aa66ea0315b4f98558cd5d2bf6e6f86188efeff..a40e88ed70e50d7d0bdffaa6a4235b1b96d0fe48 100644 --- a/install/dist/conf/centos70.conf.php +++ b/install/dist/conf/centos70.conf.php @@ -144,7 +144,7 @@ $conf['saslauthd']['init_script'] = 'saslauthd'; //* Amavisd $conf['amavis']['installed'] = false; // will be detected automatically during installation -$conf['amavis']['config_dir'] = '/etc'; +$conf['amavis']['config_dir'] = '/etc/amavisd'; $conf['amavis']['init_script'] = 'amavisd'; //* ClamAV diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php index c3c59fcd6c9632ff814180fe39802a720344ed67..69d5ccfd9a28da56b5a4cd4a0c46c992a22e93cb 100644 --- a/install/lib/installer_base.lib.php +++ b/install/lib/installer_base.lib.php @@ -1469,27 +1469,6 @@ class installer_base { } - - //** writes bind configuration files - public function process_bind_file($configfile, $target='/', $absolute=false) { - global $conf; - - if ($absolute) $full_file_name = $target.$configfile; - else $full_file_name = $conf['ispconfig_install_dir'].$target.$configfile; - - //* Backup exiting file - if(is_file($full_file_name)) { - copy($full_file_name, $config_dir.$configfile.'~'); - } - $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master'); - $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content); - $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content); - $content = str_replace('{mysql_server_ispconfig_database}', $conf['mysql']['database'], $content); - $content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content); - $content = str_replace('{ispconfig_install_dir}', $conf['ispconfig_install_dir'], $content); - $content = str_replace('{dnssec_conffile}', $conf['ispconfig_install_dir'].'/server/scripts/dnssec-config.sh', $content); - wf($full_file_name, $content); - } public function configure_bind() { global $conf; @@ -1502,15 +1481,13 @@ class installer_base { //* Create the slave subdirectory $content .= 'slave'; - if(!@is_dir($content)) mkdir($content, 2770, true); + if(!@is_dir($content)) mkdir($content, 02770, true); //* Chown the slave subdirectory to $conf['bind']['bind_user'] chown($content, $conf['bind']['bind_user']); chgrp($content, $conf['bind']['bind_group']); - chmod($content, 2770); - - //* Install scripts for dnssec implementation - $this->process_bind_file('named.conf.options', '/etc/bind/', true); //TODO replace hardcoded path + chmod($content, 02770); + } @@ -2845,4 +2822,4 @@ Email Address []: } -?> \ No newline at end of file +?> diff --git a/install/sql/incremental/upd_dev_collection.sql b/install/sql/incremental/upd_dev_collection.sql index 32e85bd876c1178da79b5e3ee7c8a7109dc330db..624d748a52bb52d9869cdb369985ef98647067b7 100644 --- a/install/sql/incremental/upd_dev_collection.sql +++ b/install/sql/incremental/upd_dev_collection.sql @@ -203,13 +203,3 @@ CREATE TABLE `ftp_traffic` ( ALTER TABLE `mail_forwarding` ADD COLUMN `allow_send_as` ENUM('n','y') NOT NULL DEFAULT 'n' AFTER `active`; UPDATE `mail_forwarding` SET `allow_send_as` = 'y' WHERE `type` = 'alias'; - ---- DNSSEC-Implementation by dark alex ---- TODO: Review and resolve conflicts if more has been done in that column -ALTER TABLE `dns_rr` CHANGE COLUMN `type` `type` ENUM('A','AAAA','ALIAS','CNAME','DS','HINFO','LOC','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY') NULL DEFAULT NULL AFTER `name`; - -ALTER TABLE `dns_soa` - ADD COLUMN `dnssec_initialized` ENUM('Y','N') NOT NULL DEFAULT 'N', - ADD COLUMN `dnssec_wanted` ENUM('Y','N') NOT NULL DEFAULT 'N', - ADD COLUMN `dnssec_last_signed` BIGINT NOT NULL DEFAULT '0', - ADD COLUMN `dnssec_info` TEXT NULL; \ No newline at end of file diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql index fedb106bd3172fd68082c1e13223a5dad63fc816..f77bbf456d4ea2a740f18bbc3e30655890853bfb 100644 --- a/install/sql/ispconfig3.sql +++ b/install/sql/ispconfig3.sql @@ -478,7 +478,7 @@ CREATE TABLE `dns_rr` ( `server_id` int(11) NOT NULL default '1', `zone` int(11) unsigned NOT NULL DEFAULT '0', `name` varchar(255) NOT NULL DEFAULT '', - `type` enum('A','AAAA','ALIAS','CNAME','DS','HINFO','LOC','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY') default NULL, + `type` enum('A','AAAA','ALIAS','CNAME','HINFO','MX','NAPTR','NS','PTR','RP','SRV','TXT') default NULL, `data` TEXT NOT NULL DEFAULT '', `aux` int(11) unsigned NOT NULL default '0', `ttl` int(11) unsigned NOT NULL default '3600', @@ -539,10 +539,6 @@ CREATE TABLE `dns_soa` ( `xfer` varchar(255) NOT NULL DEFAULT '', `also_notify` varchar(255) default NULL, `update_acl` varchar(255) default NULL, - `dnssec_initialized` ENUM('Y','N') NOT NULL DEFAULT 'N', - `dnssec_wanted` ENUM('Y','N') NOT NULL DEFAULT 'N', - `dnssec_last_signed` BIGINT NOT NULL DEFAULT '0', - `dnssec_info` TEXT NULL, PRIMARY KEY (`id`), UNIQUE KEY `origin` (`origin`), KEY `active` (`active`) diff --git a/install/tpl/named.conf.options.master b/install/tpl/named.conf.options.master deleted file mode 100644 index f13976ffd6db31f72447c1d0d57be7d2935a556d..0000000000000000000000000000000000000000 --- a/install/tpl/named.conf.options.master +++ /dev/null @@ -1,28 +0,0 @@ -options { - directory "/var/cache/bind"; - - // If there is a firewall between you and nameservers you want - // to talk to, you may need to fix the firewall to allow multiple - // ports to talk. See http://www.kb.cert.org/vuls/id/800113 - - // If your ISP provided one or more IP addresses for stable - // nameservers, you probably want to use them as forwarders. - // Uncomment the following block, and insert the addresses replacing - // the all-0's placeholder. - - // forwarders { - // 0.0.0.0; - // }; - - //======================================================================== - // If BIND logs error messages about the root key being expired, - // you will need to update your keys. See https://www.isc.org/bind-keys - //======================================================================== - dnssec-enable yes; - dnssec-validation yes; - dnssec-lookaside auto; - - auth-nxdomain no; # conform to RFC1035 - listen-on-v6 { any; }; -}; - diff --git a/interface/web/dns/dns_ds_edit.php b/interface/web/dns/dns_ds_edit.php deleted file mode 100644 index 9785916c5d448e25f5d2c5423672e9f80a0104f7..0000000000000000000000000000000000000000 --- a/interface/web/dns/dns_ds_edit.php +++ /dev/null @@ -1,53 +0,0 @@ -onLoad(); - -?> diff --git a/interface/web/dns/dns_loc_edit.php b/interface/web/dns/dns_loc_edit.php deleted file mode 100644 index 6c13ab9f90f9fe4a0b3d70e20e40716bf8cfe296..0000000000000000000000000000000000000000 --- a/interface/web/dns/dns_loc_edit.php +++ /dev/null @@ -1,53 +0,0 @@ -onLoad(); - -?> diff --git a/interface/web/dns/dns_tlsa_edit.php b/interface/web/dns/dns_tlsa_edit.php deleted file mode 100644 index 224475fd5c79e87f5bfd94e6df195690b41b1332..0000000000000000000000000000000000000000 --- a/interface/web/dns/dns_tlsa_edit.php +++ /dev/null @@ -1,161 +0,0 @@ -auth->check_module_permissions('dns'); - -// Loading classes -$app->uses('tpl,tform,tform_actions,validate_dns'); -$app->load('tform_actions'); - -class page_action extends tform_actions { - - function onShowNew() { - global $app, $conf; - - // we will check only users, not admins - if($_SESSION["s"]["user"]["typ"] == 'user') { - - // Get the limits of the client - $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); - $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); - - // Check if the user may add another mailbox. - if($client["limit_dns_record"] >= 0) { - $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id"); - if($tmp["number"] >= $client["limit_dns_record"]) { - $app->error($app->tform->wordbook["limit_dns_record_txt"]); - } - } - } - - parent::onShowNew(); - } - - function onSubmit() { - global $app, $conf; - - // Get the parent soa record of the domain - $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r')); - - // Check if Domain belongs to user - if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"]; - - // Check the client limits, if user is not the admin - if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin - // Get the limits of the client - $client_group_id = intval($_SESSION["s"]["user"]["default_group"]); - $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); - - // Check if the user may add another mailbox. - if($this->id == 0 && $client["limit_dns_record"] >= 0) { - $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id"); - if($tmp["number"] >= $client["limit_dns_record"]) { - $app->error($app->tform->wordbook["limit_dns_record_txt"]); - } - } - } // end if user is not admin - - - // Set the server ID of the rr record to the same server ID as the parent record. - $this->dataRecord["server_id"] = $soa["server_id"]; - - // Update the serial number and timestamp of the RR record - $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id); - $this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]); - $this->dataRecord["stamp"] = date('Y-m-d H:i:s'); - - parent::onSubmit(); - } - - function onInsert() { - global $app, $conf; - - // Check if record is existing already - $duplicate_tlsa = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ".$app->functions->intval($this->dataRecord["zone"])." AND name = '".$app->db->quote($this->dataRecord["name"])."' AND type = '".$app->db->quote($this->dataRecord["type"])."' AND data = '".$app->db->quote($this->dataRecord["data"])."' AND ".$app->tform->getAuthSQL('r')); - - if(is_array($duplicate_tlsa) && !empty($duplicate_tlsa)) $app->error($app->tform->wordbook["duplicate_tlsa_record_txt"]); - - parent::onInsert(); - } - - function onUpdate() { - global $app, $conf; - - // Check if record is existing already - $duplicate_tlsa = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ".$app->functions->intval($this->dataRecord["zone"])." AND name = '".$app->db->quote($this->dataRecord["name"])."' AND type = '".$app->db->quote($this->dataRecord["type"])."' AND data = '".$app->db->quote($this->dataRecord["data"])."' AND id != ".$app->functions->intval($this->dataRecord["id"])." AND ".$app->tform->getAuthSQL('r')); - - if(is_array($duplicate_tlsa) && !empty($duplicate_tlsa)) $app->error($app->tform->wordbook["duplicate_tlsa_record_txt"]); - - parent::onUpdate(); - } - - function onAfterInsert() { - global $app, $conf; - - //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record - $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r')); - $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id); - - //* Update the serial number of the SOA record - $soa_id = $app->functions->intval($_POST["zone"]); - $serial = $app->validate_dns->increase_serial($soa["serial"]); - $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id); - } - - function onAfterUpdate() { - global $app, $conf; - - //* Update the serial number of the SOA record - $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r')); - $soa_id = $app->functions->intval($_POST["zone"]); - $serial = $app->validate_dns->increase_serial($soa["serial"]); - $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id); - } - -} - -$page = new page_action; -$page->onLoad(); - -?> diff --git a/interface/web/dns/dns_wizard.php b/interface/web/dns/dns_wizard.php index 18002593dffb2561c8fb58606b900957504bb2dd..bacadf19c812b73c1cc08550ccb4e628e53e564e 100644 --- a/interface/web/dns/dns_wizard.php +++ b/interface/web/dns/dns_wizard.php @@ -314,6 +314,7 @@ if($_POST['create'] == 1) { $tpl_rows = explode("\n", $tpl_content); $section = ''; $vars = array(); + $vars['xfer']=''; $dns_rr = array(); foreach($tpl_rows as $row) { $row = trim($row); diff --git a/interface/web/dns/form/dns_cname.tform.php b/interface/web/dns/form/dns_cname.tform.php index 5fdf8c9b4ea00fe3718e471240ca48ae687828cb..d04c1d01aff18bf82fffe94ec213e74123684de5 100644 --- a/interface/web/dns/form/dns_cname.tform.php +++ b/interface/web/dns/form/dns_cname.tform.php @@ -115,7 +115,7 @@ $form["tabs"]['dns'] = array ( 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', 'errmsg'=> 'data_error_empty'), 1 => array ( 'type' => 'REGEX', - 'regex' => '/^[a-zA-Z0-9\.\-]{1,255}$/', + 'regex' => '/^[a-zA-Z0-9\.\-\_]{1,255}$/', 'errmsg'=> 'data_error_regex'), ), 'default' => '', diff --git a/interface/web/dns/form/dns_ds.tform.php b/interface/web/dns/form/dns_ds.tform.php deleted file mode 100644 index fe8528f9c8951ff33ee0560f95b562941bcad8c3..0000000000000000000000000000000000000000 --- a/interface/web/dns/form/dns_ds.tform.php +++ /dev/null @@ -1,166 +0,0 @@ - 0 id must match with id of current user -$form["auth_preset"]["groupid"] = 0; // 0 = default groupid of the user, > 0 id must match with groupid of current user -$form["auth_preset"]["perm_user"] = 'riud'; //r = read, i = insert, u = update, d = delete -$form["auth_preset"]["perm_group"] = 'riud'; //r = read, i = insert, u = update, d = delete -$form["auth_preset"]["perm_other"] = ''; //r = read, i = insert, u = update, d = delete - -$form["tabs"]['dns'] = array ( - 'title' => "DNS DS", - 'width' => 100, - 'template' => "templates/dns_ds_edit.htm", - 'fields' => array ( - //################################# - // Begin Datatable fields - //################################# - 'server_id' => array ( - 'datatype' => 'INTEGER', - 'formtype' => 'SELECT', - 'default' => '', - 'value' => '', - 'width' => '30', - 'maxlength' => '255' - ), - 'zone' => array ( - 'datatype' => 'INTEGER', - 'formtype' => 'TEXT', - 'default' => @$app->functions->intval($_REQUEST["zone"]), - 'value' => '', - 'width' => '30', - 'maxlength' => '255' - ), - 'name' => array ( - 'datatype' => 'VARCHAR', - 'formtype' => 'TEXT', - 'filters' => array( 0 => array( 'event' => 'SAVE', - 'type' => 'IDNTOASCII'), - 1 => array( 'event' => 'SHOW', - 'type' => 'IDNTOUTF8'), - 2 => array( 'event' => 'SAVE', - 'type' => 'TOLOWER') - ), - 'validators' => array ( 0 => array ( 'type' => 'REGEX', - 'regex' => '/^[a-zA-Z0-9\.\-\_]{0,255}$/', - 'errmsg'=> 'name_error_regex'), - ), - 'default' => '', - 'value' => '', - 'width' => '30', - 'maxlength' => '255' - ), - 'type' => array ( - 'datatype' => 'VARCHAR', - 'formtype' => 'TEXT', - 'default' => 'DS', - 'value' => '', - 'width' => '5', - 'maxlength' => '5' - ), - 'data' => array ( //TODO Regex validation does not take place obviously - why ever... - 'datatype' => 'VARCHAR', - 'formtype' => 'TEXT', - 'validators' => array ( - 0 => array ( - 'type' => 'REGEX', - 'regex' => "/^\d{1,5}\s\d{1,2}\s\d{1,2}\s.+$/", - 'errmsg'=> 'invalid_type_ds' - ) - ), - 'default' => '', - 'value' => '', - 'width' => '30', - 'maxlength' => '255' - ), - 'ttl' => array ( - 'datatype' => 'INTEGER', - 'formtype' => 'TEXT', - 'validators' => array ( 0 => array ( 'type' => 'RANGE', - 'range' => '60:', - 'errmsg'=> 'ttl_range_error'), - ), - 'default' => '3600', - 'value' => '', - 'width' => '10', - 'maxlength' => '10' - ), - 'active' => array ( - 'datatype' => 'VARCHAR', - 'formtype' => 'CHECKBOX', - 'default' => 'Y', - 'value' => array(0 => 'N', 1 => 'Y') - ), - 'stamp' => array ( - 'datatype' => 'VARCHAR', - 'formtype' => 'TEXT', - 'default' => '', - 'value' => '', - 'width' => '30', - 'maxlength' => '255' - ), - 'serial' => array ( - 'datatype' => 'INTEGER', - 'formtype' => 'TEXT', - 'default' => '', - 'value' => '', - 'width' => '10', - 'maxlength' => '10' - ), - //################################# - // ENDE Datatable fields - //################################# - ) -); - -if($_SESSION["s"]["user"]["typ"] == 'admin') { - unset($form["tabs"]['dns']['fields']['data']['validators']); - $form["tabs"]['dns']['fields']['data']['validators'][0]['type'] = 'NOTEMPTY'; - $form["tabs"]['dns']['fields']['data']['validators'][0]['errmsg'] = 'data_error_empty'; - $form["tabs"]['dns']['fields']['data']['maxlength'] = 512; -} -?> diff --git a/interface/web/dns/form/dns_loc.tform.php b/interface/web/dns/form/dns_loc.tform.php deleted file mode 100644 index 5749a866b23510f7e210336bcb60c59fe2ed241d..0000000000000000000000000000000000000000 --- a/interface/web/dns/form/dns_loc.tform.php +++ /dev/null @@ -1,171 +0,0 @@ - 0 id must match with id of current user -$form["auth_preset"]["groupid"] = 0; // 0 = default groupid of the user, > 0 id must match with groupid of current user -$form["auth_preset"]["perm_user"] = 'riud'; //r = read, i = insert, u = update, d = delete -$form["auth_preset"]["perm_group"] = 'riud'; //r = read, i = insert, u = update, d = delete -$form["auth_preset"]["perm_other"] = ''; //r = read, i = insert, u = update, d = delete - -$form["tabs"]['dns'] = array ( - 'title' => "DNS LOC", - 'width' => 100, - 'template' => "templates/dns_loc_edit.htm", - 'fields' => array ( - //################################# - // Begin Datatable fields - //################################# - 'server_id' => array ( - 'datatype' => 'INTEGER', - 'formtype' => 'SELECT', - 'default' => '', - 'value' => '', - 'width' => '30', - 'maxlength' => '255' - ), - 'zone' => array ( - 'datatype' => 'INTEGER', - 'formtype' => 'TEXT', - 'default' => @$app->functions->intval($_REQUEST["zone"]), - 'value' => '', - 'width' => '30', - 'maxlength' => '255' - ), - 'name' => array ( - 'datatype' => 'VARCHAR', - 'formtype' => 'TEXT', - 'filters' => array( 0 => array( 'event' => 'SAVE', - 'type' => 'IDNTOASCII'), - 1 => array( 'event' => 'SHOW', - 'type' => 'IDNTOUTF8'), - 2 => array( 'event' => 'SAVE', - 'type' => 'TOLOWER') - ), - 'validators' => array ( 0 => array ( 'type' => 'REGEX', - 'regex' => '/^[a-zA-Z0-9\.\-\_]{0,255}$/', - 'errmsg'=> 'name_error_regex'), - ), - 'default' => '', - 'value' => '', - 'width' => '30', - 'maxlength' => '255' - ), - 'type' => array ( - 'datatype' => 'VARCHAR', - 'formtype' => 'TEXT', - 'default' => 'LOC', - 'value' => '', - 'width' => '5', - 'maxlength' => '5' - ), - 'data' => array ( - 'datatype' => 'VARCHAR', - 'formtype' => 'TEXT', - 'validators' => array ( - 0 => array ( - 'type' => 'NOTEMPTY', - 'errmsg'=> 'data_error_empty' - ), - //TODO Regex check... I guess I had an error in this regex as I'm not used to RegEx. Further the check did never actually take place... - // 1 => array ( - // 'type' => 'REGEX', - // 'regex' => "/^(\d+\s)(\d+\s)?(\d+\s)?[NS]{1}\s(\d\s)(\d+\s)?(\d+\s)?[EW]{1}(\s\d+m?)(\s\d+m?)?(\s\d+m?)?(\s\d+m?)?$/s", - // 'errmsg'=> 'invalid_type_dkim' - // ), - ), - 'default' => '', - 'value' => '', - 'width' => '30', - 'maxlength' => '255' - ), - 'ttl' => array ( - 'datatype' => 'INTEGER', - 'formtype' => 'TEXT', - 'validators' => array ( 0 => array ( 'type' => 'RANGE', - 'range' => '60:', - 'errmsg'=> 'ttl_range_error'), - ), - 'default' => '3600', - 'value' => '', - 'width' => '10', - 'maxlength' => '10' - ), - 'active' => array ( - 'datatype' => 'VARCHAR', - 'formtype' => 'CHECKBOX', - 'default' => 'Y', - 'value' => array(0 => 'N', 1 => 'Y') - ), - 'stamp' => array ( - 'datatype' => 'VARCHAR', - 'formtype' => 'TEXT', - 'default' => '', - 'value' => '', - 'width' => '30', - 'maxlength' => '255' - ), - 'serial' => array ( - 'datatype' => 'INTEGER', - 'formtype' => 'TEXT', - 'default' => '', - 'value' => '', - 'width' => '10', - 'maxlength' => '10' - ), - //################################# - // ENDE Datatable fields - //################################# - ) -); - -if($_SESSION["s"]["user"]["typ"] == 'admin') { - unset($form["tabs"]['dns']['fields']['data']['validators']); - $form["tabs"]['dns']['fields']['data']['validators'][0]['type'] = 'NOTEMPTY'; - $form["tabs"]['dns']['fields']['data']['validators'][0]['errmsg'] = 'data_error_empty'; - $form["tabs"]['dns']['fields']['data']['maxlength'] = 512; -} -?> diff --git a/interface/web/dns/form/dns_soa.tform.php b/interface/web/dns/form/dns_soa.tform.php index 05e915740c9dd69467680148c307109ccaad5c08..02afa86c53d28af488c8c49bcc8e8a7fbbd67ccd 100644 --- a/interface/web/dns/form/dns_soa.tform.php +++ b/interface/web/dns/form/dns_soa.tform.php @@ -264,20 +264,6 @@ $form["tabs"]['dns_soa'] = array ( 'default' => 'Y', 'value' => array(0 => 'N', 1 => 'Y') ), - 'dnssec_wanted' => array ( - 'datatype' => 'VARCHAR', - 'formtype' => 'CHECKBOX', - 'default' => 'Y', - 'value' => array(0 => 'N', 1 => 'Y') - ), - 'dnssec_info' => array ( - 'datatype' => 'TEXT', - 'formtype' => 'TEXTAREA', - 'default' => '', - 'value' => '', - 'width' => '30', - 'maxlength' => '10000' - ), //################################# // ENDE Datatable fields //################################# diff --git a/interface/web/dns/form/dns_tlsa.tform.php b/interface/web/dns/form/dns_tlsa.tform.php deleted file mode 100644 index ef6f2a05b16a4028d2334ecd08a380a92778d45a..0000000000000000000000000000000000000000 --- a/interface/web/dns/form/dns_tlsa.tform.php +++ /dev/null @@ -1,158 +0,0 @@ - 0 id must match with id of current user -$form["auth_preset"]["groupid"] = 0; // 0 = default groupid of the user, > 0 id must match with groupid of current user -$form["auth_preset"]["perm_user"] = 'riud'; //r = read, i = insert, u = update, d = delete -$form["auth_preset"]["perm_group"] = 'riud'; //r = read, i = insert, u = update, d = delete -$form["auth_preset"]["perm_other"] = ''; //r = read, i = insert, u = update, d = delete - -$form["tabs"]['dns'] = array ( - 'title' => "DNS tlsa", - 'width' => 100, - 'template' => "templates/dns_tlsa_edit.htm", - 'fields' => array ( - //################################# - // Begin Datatable fields - //################################# - 'server_id' => array ( - 'datatype' => 'INTEGER', - 'formtype' => 'SELECT', - 'default' => '', - 'value' => '', - 'width' => '30', - 'maxlength' => '255' - ), - 'zone' => array ( - 'datatype' => 'INTEGER', - 'formtype' => 'TEXT', - 'default' => @$app->functions->intval($_REQUEST["zone"]), - 'value' => '', - 'width' => '30', - 'maxlength' => '255' - ), - 'name' => array ( - 'datatype' => 'VARCHAR', - 'formtype' => 'TEXT', - 'filters' => array( 0 => array( 'event' => 'SAVE', - 'type' => 'TOLOWER') - ), - 'validators' => array ( 0 => array ( 'type' => 'REGEX', - 'regex' => '/^\_\d{1,5}\.\_(tcp|udp)\.[a-zA-Z0-9\.\-]{1,255}$/', - 'errmsg'=> 'name_error_regex') - ), - 'default' => '', - 'value' => '', - 'width' => '30', - 'maxlength' => '255' - ), - 'type' => array ( - 'datatype' => 'VARCHAR', - 'formtype' => 'TEXT', - 'default' => 'TLSA', - 'value' => '', - 'width' => '5', - 'maxlength' => '5' - ), - 'data' => array ( - 'datatype' => 'TEXT', - 'formtype' => 'TEXT', - 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', - 'errmsg'=> 'data_error_empty'), - 1 => array ( 'type' => 'REGEX', - 'regex' => '/^\d \d \d [a-zA-Z0-9]*$/', - 'errmsg'=> 'data_error_regex') - ), - 'default' => '', - 'value' => '', - 'width' => '30', - 'maxlength' => '255' - ), - 'ttl' => array ( - 'datatype' => 'INTEGER', - 'formtype' => 'TEXT', - 'validators' => array ( 0 => array ( 'type' => 'RANGE', - 'range' => '60:', - 'errmsg'=> 'ttl_range_error'), - ), - 'default' => '7200', - 'value' => '', - 'width' => '10', - 'maxlength' => '10' - ), - 'active' => array ( - 'datatype' => 'VARCHAR', - 'formtype' => 'CHECKBOX', - 'default' => 'Y', - 'value' => array(0 => 'N', 1 => 'Y') - ), - 'stamp' => array ( - 'datatype' => 'VARCHAR', - 'formtype' => 'TEXT', - 'default' => '', - 'value' => '', - 'width' => '30', - 'maxlength' => '255' - ), - 'serial' => array ( - 'datatype' => 'INTEGER', - 'formtype' => 'TEXT', - 'default' => '', - 'value' => '', - 'width' => '10', - 'maxlength' => '10' - ), - //################################# - // ENDE Datatable fields - //################################# - ) -); - - - -?> diff --git a/interface/web/dns/lib/lang/de_dns_ds.lng b/interface/web/dns/lib/lang/de_dns_ds.lng deleted file mode 100644 index 565844cf56ac9c859f043688f4aae3fe64590576..0000000000000000000000000000000000000000 --- a/interface/web/dns/lib/lang/de_dns_ds.lng +++ /dev/null @@ -1,17 +0,0 @@ - diff --git a/interface/web/dns/lib/lang/de_dns_loc.lng b/interface/web/dns/lib/lang/de_dns_loc.lng deleted file mode 100644 index eb2f83263af2bb4ad4f0d25d4b21ad86fffeaf75..0000000000000000000000000000000000000000 --- a/interface/web/dns/lib/lang/de_dns_loc.lng +++ /dev/null @@ -1,16 +0,0 @@ - diff --git a/interface/web/dns/lib/lang/de_dns_soa.lng b/interface/web/dns/lib/lang/de_dns_soa.lng index 6c475ed072cbc3d30af4acc6514d4f63084c227d..efd6e905515e3b6a16d081e54af5e2397d14c43c 100644 --- a/interface/web/dns/lib/lang/de_dns_soa.lng +++ b/interface/web/dns/lib/lang/de_dns_soa.lng @@ -11,9 +11,6 @@ $wb['minimum_txt'] = 'Minimum'; $wb['ttl_txt'] = 'TTL'; $wb['xfer_txt'] = 'Zonentransfer zu diesen IP Adressen erlauben (mit Komma getrennte Liste)'; $wb['active_txt'] = 'Aktiv'; -$wb['dnssec_info_txt'] = 'DNSSEC DS-Daten für Registry'; -$wb['dnssec_wanted_txt'] = 'Zone signieren (DNSSEC)'; -$wb['dnssec_wanted_info'] = 'Wenn DNSSEC bereits aktiviert war und ein Key erstellt wurde, wird dieser durch deaktivieren nicht gelöscht. Die Zone wird dann jedoch nicht länger signiert ausgeliefert.'; $wb['limit_dns_zone_txt'] = 'Die maximale Anzahl an DNS Einträgen für Ihr Konto wurde erreicht.'; $wb['client_txt'] = 'Kunde'; $wb['no_zone_perm'] = 'Sie haben nicht die Berechtigung, einen Eintrag zu dieser DNS Zone hinzuzufügen.'; diff --git a/interface/web/dns/lib/lang/de_dns_spf.lng b/interface/web/dns/lib/lang/de_dns_spf.lng index e75cd7aaaf5b4ac5647c02b0688166fa625d390d..dc2ca3496acd21a0409d4a4338349b2f6b0e1334 100644 --- a/interface/web/dns/lib/lang/de_dns_spf.lng +++ b/interface/web/dns/lib/lang/de_dns_spf.lng @@ -1,5 +1,3 @@ - - - diff --git a/interface/web/dns/lib/lang/de_dns_tlsa.lng b/interface/web/dns/lib/lang/de_dns_tlsa.lng deleted file mode 100644 index ba5e4dca3faa47c8cb99571725907f28bc709a87..0000000000000000000000000000000000000000 --- a/interface/web/dns/lib/lang/de_dns_tlsa.lng +++ /dev/null @@ -1,16 +0,0 @@ - diff --git a/interface/web/dns/lib/lang/en_dns_ds.lng b/interface/web/dns/lib/lang/en_dns_ds.lng deleted file mode 100644 index 3f9b447811389dc80a42c129cd5a7bc5792ee75b..0000000000000000000000000000000000000000 --- a/interface/web/dns/lib/lang/en_dns_ds.lng +++ /dev/null @@ -1,18 +0,0 @@ - diff --git a/interface/web/dns/lib/lang/en_dns_loc.lng b/interface/web/dns/lib/lang/en_dns_loc.lng deleted file mode 100644 index a2e3322bb6d175e6bb32a2cd91fdc7325fcd706a..0000000000000000000000000000000000000000 --- a/interface/web/dns/lib/lang/en_dns_loc.lng +++ /dev/null @@ -1,16 +0,0 @@ - diff --git a/interface/web/dns/lib/lang/en_dns_soa.lng b/interface/web/dns/lib/lang/en_dns_soa.lng index 9018a6f38f75fca1f37a77c1d2a26f9ca58d2e71..433530c02daf50067a71f9302145303c2f936de5 100644 --- a/interface/web/dns/lib/lang/en_dns_soa.lng +++ b/interface/web/dns/lib/lang/en_dns_soa.lng @@ -11,9 +11,6 @@ $wb["minimum_txt"] = 'Minimum'; $wb["ttl_txt"] = 'TTL'; $wb["xfer_txt"] = 'Allow zone transfers to
these IPs (comma separated list)'; $wb["active_txt"] = 'Active'; -$wb['dnssec_info_txt'] = 'DNSSEC DS-Data for registry'; -$wb['dnssec_wanted_txt'] = 'Sign zone (DNSSEC)'; -$wb['dnssec_wanted_info'] = 'When disabling DNSSEC keys are not going to be deleted if DNSSEC was enabled before and keys already have been generated but the zone will no longer be delievered in signed format afterwards.'; $wb["limit_dns_zone_txt"] = 'The max. number of DNS zones for your account is reached.'; $wb["client_txt"] = 'Client'; $wb["no_zone_perm"] = 'You do not have the permission to add a record to this DNS zone.'; diff --git a/interface/web/dns/lib/lang/en_dns_spf.lng b/interface/web/dns/lib/lang/en_dns_spf.lng index 7ac24dd227b26b9a34faa0b6877a8a7c5a53b99a..8a1a611c215e175ac1c981c15083e6f29cb2bc39 100644 --- a/interface/web/dns/lib/lang/en_dns_spf.lng +++ b/interface/web/dns/lib/lang/en_dns_spf.lng @@ -1,5 +1,3 @@ - - - diff --git a/interface/web/dns/lib/lang/en_dns_tlsa.lng b/interface/web/dns/lib/lang/en_dns_tlsa.lng deleted file mode 100644 index dcfb3bfa333d0c65f05f397e7ce4549e6753019b..0000000000000000000000000000000000000000 --- a/interface/web/dns/lib/lang/en_dns_tlsa.lng +++ /dev/null @@ -1,16 +0,0 @@ - \ No newline at end of file diff --git a/interface/web/dns/lib/remote.conf.php b/interface/web/dns/lib/remote.conf.php index ef2ed9e4cc0218a95c67a259bda4437e73cc6ea6..dcabf948575e69ebd707b0f1fd489ce0e6738e0f 100644 --- a/interface/web/dns/lib/remote.conf.php +++ b/interface/web/dns/lib/remote.conf.php @@ -7,7 +7,6 @@ $function_list['dns_alias_get,dns_alias_add,dns_alias_update,dns_alias_delete'] $function_list['dns_cname_get,dns_cname_add,dns_cname_update,dns_cname_delete'] = 'DNS cname functions'; $function_list['dns_hinfo_get,dns_hinfo_add,dns_hinfo_update,dns_hinfo_delete'] = 'DNS hinfo functions'; $function_list['dns_mx_get,dns_mx_add,dns_mx_update,dns_mx_delete'] = 'DNS mx functions'; -$function_list['dns_tlsa_get,dns_tlsa_add,dns_tlsa_update,dns_tlsa_delete'] = 'DNS tlsa functions'; $function_list['dns_ns_get,dns_ns_add,dns_ns_update,dns_ns_delete'] = 'DNS ns functions'; $function_list['dns_ptr_get,dns_ptr_add,dns_ptr_update,dns_ptr_delete'] = 'DNS ptr functions'; $function_list['dns_rp_get,dns_rp_add,dns_rp_update,dns_rp_delete'] = 'DNS rp functions'; diff --git a/interface/web/dns/list/dns_a.list.php b/interface/web/dns/list/dns_a.list.php index c2fe640d90c146f8f6de15c767a45540a9d24b27..bf5bf1d52dbd2400614b7a33c2ed12ce9a40f153 100644 --- a/interface/web/dns/list/dns_a.list.php +++ b/interface/web/dns/list/dns_a.list.php @@ -132,7 +132,7 @@ $liste["item"][] = array( 'field' => "type", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('A'=>'A', 'AAAA' => 'AAAA', 'ALIAS'=>'ALIAS', 'CNAME'=>'CNAME', 'DS'=>'DS', 'HINFO'=>'HINFO', 'LOC'=>'LOC', 'MX'=>'MX', 'NS'=>'NS', 'PTR'=>'PTR', 'RP'=>'RP', 'SPF'=>'SPF', 'SRV'=>'SRV', 'TLSA'=>'TLSA', 'TXT'=>'TXT')); + 'value' => array('A'=>'A', 'AAAA' => 'AAAA', 'ALIAS'=>'ALIAS', 'CNAME'=>'CNAME', 'HINFO'=>'HINFO', 'MX'=>'MX', 'NS'=>'NS', 'PTR'=>'PTR', 'RP'=>'RP', 'SPF'=>'SPF', 'SRV'=>'SRV', 'TXT'=>'TXT')); ?> diff --git a/interface/web/dns/templates/dns_a_list.htm b/interface/web/dns/templates/dns_a_list.htm index 1f9d1251523566ee11c5729efc477aa96bfcfad3..790fbdcb39d06d29be75da3bc849daf9d3093428 100644 --- a/interface/web/dns/templates/dns_a_list.htm +++ b/interface/web/dns/templates/dns_a_list.htm @@ -22,17 +22,14 @@ - - - diff --git a/interface/web/dns/templates/dns_ds_edit.htm b/interface/web/dns/templates/dns_ds_edit.htm deleted file mode 100644 index 56113f0ec0e95df7075d815bfc96a3c63c6c60fc..0000000000000000000000000000000000000000 --- a/interface/web/dns/templates/dns_ds_edit.htm +++ /dev/null @@ -1,32 +0,0 @@ -
-

-
-

- - - -
- -
-
- -
-
- -
-
- -
- {tmpl_var name='active'} -
-
- - - - - - -
- - -
\ No newline at end of file diff --git a/interface/web/dns/templates/dns_loc_edit.htm b/interface/web/dns/templates/dns_loc_edit.htm deleted file mode 100644 index 12cfb6357fd42285214e4423c5e9196b6c5dc7df..0000000000000000000000000000000000000000 --- a/interface/web/dns/templates/dns_loc_edit.htm +++ /dev/null @@ -1,32 +0,0 @@ -
-

-
-

- - - -
- -
-
- -
-
- -
-
- -
- {tmpl_var name='active'} -
-
- - - - - - -
- - -
\ No newline at end of file diff --git a/interface/web/dns/templates/dns_soa_edit.htm b/interface/web/dns/templates/dns_soa_edit.htm index be2e7fa831367c4e0eb9abadceb5eb3c0bde479c..33d429884605be7b702b38d7aed0ccddcaf21afa 100644 --- a/interface/web/dns/templates/dns_soa_edit.htm +++ b/interface/web/dns/templates/dns_soa_edit.htm @@ -125,16 +125,6 @@ -
- -
- {tmpl_var name='dnssec_wanted'}
({tmpl_var name='dnssec_wanted_info'}) -
-
-
- -
-
diff --git a/interface/web/dns/templates/dns_tlsa_edit.htm b/interface/web/dns/templates/dns_tlsa_edit.htm deleted file mode 100644 index c2cde8be6197c060588bf337749b315e6ed151c9..0000000000000000000000000000000000000000 --- a/interface/web/dns/templates/dns_tlsa_edit.htm +++ /dev/null @@ -1,32 +0,0 @@ -
-

-
-

- - - -
- -
-
- -
-
- -
-
- -
- {tmpl_var name='active'} -
-
- - - - - - -
- - -
\ No newline at end of file diff --git a/interface/web/mail/lib/lang/el_mail_domain.lng b/interface/web/mail/lib/lang/el_mail_domain.lng index 7e825ad4ba3737b00facd211a195901521b92236..b40973438fc48ced70db5b1354bcde55eaa2d7c4 100644 --- a/interface/web/mail/lib/lang/el_mail_domain.lng +++ b/interface/web/mail/lib/lang/el_mail_domain.lng @@ -10,4 +10,13 @@ $wb['client_txt'] = 'Πελάτης'; $wb['limit_maildomain_txt'] = 'Έχετε φτάσει το μέγιστο πλήθος των email domains για τον λογαριασμό σας.'; $wb['policy_txt'] = 'Spamfilter'; $wb['no_policy'] = '- ανενεργό -'; +$wb["dkim_txt"] = 'enable DKIM'; +$wb["dkim_private_txt"] = 'DKIM Private-key'; +$wb["dkim_public_txt"] = 'DKIM Public-key\nfor information only'; +$wb["dkim_generate_txt"] = 'Generate DKIM Private-key'; +$wb["dkim_dns_txt"] = 'DNS-Record'; +$wb["dkim_private_key_error"] = 'Invalid DKIM-Private key'; +$wb["dkim_settings_txt"] = 'DomainKeys Identified Mail (DKIM)'; +$wb['dkim_selector_txt'] = 'DKIM-Selector'; +$wb['dkim_selector_error'] = 'Invalid DKIM-Selector. Use only lower-case alphanumeric characters (a-z or 0-9) up to 63 chars'; ?> diff --git a/interface/web/mail/lib/lang/ru_mail_domain.lng b/interface/web/mail/lib/lang/ru_mail_domain.lng index d59edeec5ea93eea90316b44065a22448a406816..f67242d6ec3442faf376aad2ce42057338d90d56 100644 --- a/interface/web/mail/lib/lang/ru_mail_domain.lng +++ b/interface/web/mail/lib/lang/ru_mail_domain.lng @@ -10,4 +10,13 @@ $wb['client_txt'] = 'Клиент'; $wb['limit_maildomain_txt'] = 'Максимальное число почтовых доменов, достигнуто.'; $wb['policy_txt'] = 'Спам-фильтр'; $wb['no_policy'] = '- не включено -'; +$wb["dkim_txt"] = 'enable DKIM'; +$wb["dkim_private_txt"] = 'DKIM Private-key'; +$wb["dkim_public_txt"] = 'DKIM Public-key\nfor information only'; +$wb["dkim_generate_txt"] = 'Generate DKIM Private-key'; +$wb["dkim_dns_txt"] = 'DNS-Record'; +$wb["dkim_private_key_error"] = 'Invalid DKIM-Private key'; +$wb["dkim_settings_txt"] = 'DomainKeys Identified Mail (DKIM)'; +$wb['dkim_selector_txt'] = 'DKIM-Selector'; +$wb['dkim_selector_error'] = 'Invalid DKIM-Selector. Use only lower-case alphanumeric characters (a-z or 0-9) up to 63 chars'; ?> diff --git a/server/conf/bind_pri.domain.master b/server/conf/bind_pri.domain.master index ed395064af5490be0a11aafeac61a67a9ef99d2e..279fbac3517bb75753c560f7c7de30fc35b73f59 100644 --- a/server/conf/bind_pri.domain.master +++ b/server/conf/bind_pri.domain.master @@ -23,15 +23,9 @@ $TTL {tmpl_var name='ttl'} {tmpl_var name='name'} {tmpl_var name='ttl'} CNAME {tmpl_var name='data'} - -{tmpl_var name='name'} {tmpl_var name='ttl'} DS {tmpl_var name='data'} - {tmpl_var name='name'} {tmpl_var name='ttl'} HINFO {tmpl_var name='data'} - -{tmpl_var name='name'} {tmpl_var name='ttl'} LOC {tmpl_var name='data'} - {tmpl_var name='name'} {tmpl_var name='ttl'} MX {tmpl_var name='aux'} {tmpl_var name='data'} @@ -47,9 +41,6 @@ $TTL {tmpl_var name='ttl'} {tmpl_var name='name'} {tmpl_var name='ttl'} SRV {tmpl_var name='aux'} {tmpl_var name='data'} - -{tmpl_var name='name'} {tmpl_var name='ttl'} TLSA {tmpl_var name='data'} - {tmpl_var name='name'} {tmpl_var name='ttl'} TXT "{tmpl_var name='data'}" diff --git a/server/lib/classes/cron.d/550-bind_dnssec.inc.php b/server/lib/classes/cron.d/550-bind_dnssec.inc.php deleted file mode 100644 index a8c643fb65a0d860fe32aea4f9251e94a438de8b..0000000000000000000000000000000000000000 --- a/server/lib/classes/cron.d/550-bind_dnssec.inc.php +++ /dev/null @@ -1,89 +0,0 @@ -uses("getconf,tpl"); - - //* load the server configuration options - $dns_config = $app->getconf->get_server_config($conf["server_id"], 'dns'); - - //TODO : change this when distribution information has been integrated into server record - $filespre = (file_exists('/etc/gentoo-release')) ? 'pri/' : 'pri.'; - - $soas = $app->db->queryAllRecords('SELECT * FROM dns_soa WHERE dnssec_wanted=\'Y\' AND dnssec_initialized=\'Y\' AND dnssec_last_signed < '.(time()-(3600*24*5)+900)); //Resign zones every 5 days (expiry is 16 days so we have enough safety, 15 minutes tolerance) - - foreach ($soas as $data) { - $domain = substr($data['origin'], 0, strlen($data['origin'])-1); - if (!file_exists($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain)) return false; - - $app->log('DNSSEC Auto-Resign: Resigning zone '.$domain, LOGLEVEL_INFO); - - $zonefile = file_get_contents($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain); - $keycount=0; - foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'*.key') as $keyfile) { - $includeline = '$INCLUDE '.basename($keyfile); - if (!preg_match('@'.preg_quote($includeline).'@', $zonefile)) $zonefile .= "\n".$includeline."\n"; - $keycount++; - } - if ($keycount != 2) $app->log('DNSSEC Warning: There are more or less than 2 keyfiles for zone '.$domain, LOGLEVEL_WARN); - file_put_contents($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain, $zonefile); - - //Sign the zone and set it valid for max. 16 days - exec('cd '.escapeshellcmd($dns_config['bind_zonefiles_dir']).';'. - '/usr/sbin/dnssec-signzone -A -e +1382400 -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N increment -o '.escapeshellcmd($domain).' -t '.$filespre.escapeshellcmd($domain)); - - //Write Data back into DB - $dnssecdata = "DS-Records:\n".file_get_contents($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.'); - $dnssecdata .= "\n------------------------------------\n\nDNSKEY-Records:\n"; - foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'*.key') as $keyfile) { - $dnssecdata .= file_get_contents($keyfile)."\n\n"; - } - - $app->db->query('UPDATE dns_soa SET dnssec_info=\''.$dnssecdata.'\', dnssec_initialized=\'Y\', dnssec_last_signed=\''.time().'\' WHERE id='.$data['id']); - $data = next($soas); - } - - parent::onRunJob(); - } - -} - -?> diff --git a/server/plugins-available/bind_plugin.inc.php b/server/plugins-available/bind_plugin.inc.php index cede1cb82c2395c1cc077ab19c571ca80bcdcbc6..c538cb9570ce2d07ca395a3d808626ed56a129aa 100644 --- a/server/plugins-available/bind_plugin.inc.php +++ b/server/plugins-available/bind_plugin.inc.php @@ -76,144 +76,6 @@ class bind_plugin { } - //* This creates DNSSEC-Keys and calls soa_dnssec_update. - function soa_dnssec_create(&$data) { - global $app, $conf; - - //* Load libraries - $app->uses("getconf,tpl"); - - //* load the server configuration options - $dns_config = $app->getconf->get_server_config($conf["server_id"], 'dns'); - - //TODO : change this when distribution information has been integrated into server record - $filespre = (file_exists('/etc/gentoo-release')) ? 'pri/' : 'pri.'; - - $domain = substr($data['new']['origin'], 0, strlen($data['new']['origin'])-1); - if (!file_exists($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain)) return false; - - //* Check Entropy - if (file_get_contents('/proc/sys/kernel/random/entropy_avail') < 400) { - $app->log('DNSSEC ERROR: We are low on entropy. Not generating new Keys for '.$domain.'. Please consider installing package haveged.', LOGLEVEL_WARN); - return false; - } - - //* Verify that we do not already have keys (overwriting-protection) - if (file_exists($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.')) { - return $this->soa_dnssec_update($data); - } else if ($data['new']['dnssec_initialized'] == 'Y') { //In case that we generated keys but the dsset-file was not generated - $keycount=0; - foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'*.key') as $keyfile) { - $keycount++; - } - if ($keycount > 0) { - $this->soa_dnssec_sign($data); - return true; - } - } - - //Do some magic... - exec('cd '.escapeshellcmd($dns_config['bind_zonefiles_dir']).';'. - 'dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE '.escapeshellcmd($domain).';'. - 'dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE '.escapeshellcmd($domain)); - - $this->soa_dnssec_sign($data); //Now sign the zone for the first time - $data['new']['dnssec_initialized']='Y'; - } - - function soa_dnssec_sign(&$data) { - global $app, $conf; - - //* Load libraries - $app->uses("getconf,tpl"); - - //* load the server configuration options - $dns_config = $app->getconf->get_server_config($conf["server_id"], 'dns'); - - //TODO : change this when distribution information has been integrated into server record - $filespre = (file_exists('/etc/gentoo-release')) ? 'pri/' : 'pri.'; - - $domain = substr($data['new']['origin'], 0, strlen($data['new']['origin'])-1); - if (!file_exists($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain)) return false; - - $zonefile = file_get_contents($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain); - $keycount=0; - foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'*.key') as $keyfile) { - $includeline = '$INCLUDE '.basename($keyfile); - if (!preg_match('@'.preg_quote($includeline).'@', $zonefile)) $zonefile .= "\n".$includeline."\n"; - $keycount++; - } - if ($keycount != 2) $app->log('DNSSEC Warning: There are more or less than 2 keyfiles for zone '.$domain, LOGLEVEL_WARN); - file_put_contents($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain, $zonefile); - - //Sign the zone and set it valid for max. 16 days - exec('cd '.escapeshellcmd($dns_config['bind_zonefiles_dir']).';'. - 'dnssec-signzone -A -e +1382400 -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N increment -o '.escapeshellcmd($domain).' -t '.$filespre.escapeshellcmd($domain)); - - //Write Data back ino DB - $dnssecdata = "DS-Records:\n".file_get_contents($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.'); - $dnssecdata .= "\n------------------------------------\n\nDNSKEY-Records:\n"; - foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'*.key') as $keyfile) { - $dnssecdata .= file_get_contents($keyfile)."\n\n"; - } - - $app->db->query('UPDATE dns_soa SET dnssec_info=\''.$dnssecdata.'\', dnssec_initialized=\'Y\', dnssec_last_signed=\''.time().'\' WHERE id='.$data['new']['id']); - } - - function soa_dnssec_update(&$data, $new=false) { - global $app, $conf; - - //* Load libraries - $app->uses("getconf,tpl"); - - //* load the server configuration options - $dns_config = $app->getconf->get_server_config($conf["server_id"], 'dns'); - - //TODO : change this when distribution information has been integrated into server record - $filespre = (file_exists('/etc/gentoo-release')) ? 'pri/' : 'pri.'; - - $domain = substr($data['new']['origin'], 0, strlen($data['new']['origin'])-1); - if (!file_exists($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain)) return false; - - //* Check for available entropy - if (file_get_contents('/proc/sys/kernel/random/entropy_avail') < 200) { - $app->log('DNSSEC ERROR: We are low on entropy. This could cause server script to fail. Please consider installing package haveged.', LOGLEVEL_ERR); - return false; - } - - if (!$new && !file_exists($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.')) $this->soa_dnssec_create($data); - - $dbdata = $app->db->queryOneRecord('SELECT id,serial FROM dns_soa WHERE id='.$data['new']['id']); - exec('cd '.escapeshellcmd($dns_config['bind_zonefiles_dir']).';'. - 'named-checkzone '.escapeshellcmd($domain).' '.escapeshellcmd($dns_config['bind_zonefiles_dir']).'/'.$filespre.escapeshellcmd($domain).' | egrep -ho \'[0-9]{10}\'', $serial, $retState); - if ($retState != 0) { - $app->log('DNSSEC Error: Error in Zonefile for '.$domain, LOGLEVEL_ERR); - return false; - } - - $this->soa_dnssec_sign($data); - } - - function soa_dnssec_delete(&$data) { - global $app, $conf; - - //* Load libraries - $app->uses("getconf,tpl"); - - //* load the server configuration options - $dns_config = $app->getconf->get_server_config($conf["server_id"], 'dns'); - - //TODO : change this when distribution information has been integrated into server record - $filespre = (file_exists('/etc/gentoo-release')) ? 'pri/' : 'pri.'; - - $domain = substr($data['new']['origin'], 0, strlen($data['new']['origin'])-1); - - unlink($dns_config['bind_zonefiles_dir'].'/K'.$domain.'.+*'); - unlink($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain.'.signed'); - unlink($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.'); - - $app->db->query('UPDATE dns_soa SET dnssec_info=\'\', dnssec_initialized=\'N\' WHERE id='.$data['new']['id']); - } function soa_insert($event_name, $data) { global $app, $conf; @@ -283,25 +145,7 @@ class bind_plugin { unset($records_out); unset($zone); } - - //* DNSSEC-Implementation - if($data['old']['origin'] != $data['new']['origin']) { - if (@$data['old']['dnssec_initialized'] == 'Y' && strlen(@$data['old']['origin']) > 3) $this->soa_dnssec_delete($data); //delete old keys - if ($data['new']['dnssec_wanted'] == 'Y') $this->soa_dnssec_create($data); - } - else if ($data['new']['dnssec_wanted'] == 'Y' && $data['old']['dnssec_initialized'] == 'N') $this->soa_dnssec_create($data); - else if ($data['new']['dnssec_wanted'] == 'N' && $data['old']['dnssec_initialized'] == 'Y') { //delete old signed file if dnssec is no longer wanted - //TODO : change this when distribution information has been integrated into server record - if (file_exists('/etc/gentoo-release')) { - $filename = $dns_config['bind_zonefiles_dir'].'/pri/'.str_replace("/", "_", substr($data['old']['origin'], 0, -1)); - } - else { - $filename = $dns_config['bind_zonefiles_dir'].'/pri.'.str_replace("/", "_", substr($data['old']['origin'], 0, -1)); - } - if(is_file($filename.'.signed')) unlink($filename.'.signed'); - } else if ($data['new']['dnssec_wanted'] == 'Y') $this->soa_dnssec_update($data); - // END DNSSEC - + //* rebuild the named.conf file if the origin has changed or when the origin is inserted. //if($this->action == 'insert' || $data['old']['origin'] != $data['new']['origin']) { $this->write_named_conf($data, $dns_config); @@ -319,9 +163,8 @@ class bind_plugin { if(is_file($filename)) unlink($filename); if(is_file($filename.'.err')) unlink($filename.'.err'); - if(is_file($filename.'.signed')) unlink($filename.'.signed'); - } - + } + //* Restart bind nameserver if update_acl is not empty, otherwise reload it if($data['new']['update_acl'] != '') { $app->services->restartServiceDelayed('bind', 'restart'); @@ -354,9 +197,6 @@ class bind_plugin { if(is_file($zone_file_name.'.err')) unlink($zone_file_name.'.err'); $app->log("Deleting BIND domain file: ".$zone_file_name, LOGLEVEL_DEBUG); - //* DNSSEC-Implementation - if ($data['old']['dnssec_initialized'] == 'Y') exec('/usr/local/ispconfig/server/scripts/dnssec-delete.sh '.$data['old']['origin']); //delete keys - //* Reload bind nameserver $app->services->restartServiceDelayed('bind', 'reload'); @@ -483,7 +323,7 @@ class bind_plugin { global $app, $conf; //* Only write the master file for the current server - $tmps = $app->db->queryAllRecords("SELECT origin, xfer, also_notify, update_acl, dnssec_wanted FROM dns_soa WHERE active = 'Y' AND server_id=?", $conf["server_id"]); + $tmps = $app->db->queryAllRecords("SELECT origin, xfer, also_notify, update_acl FROM dns_soa WHERE active = 'Y' AND server_id=?", $conf["server_id"]); $zones = array(); //* Check if the current zone that triggered this function has at least one NS record @@ -501,8 +341,8 @@ class bind_plugin { //* Loop trough zones foreach($tmps as $tmp) { + $zone_file = $pri_zonefiles_path.str_replace("/", "_", substr($tmp['origin'], 0, -1)); - if ($tmp['dnssec_wanted'] == 'Y') $zone_file .= '.signed'; //.signed is for DNSSEC-Implementation $options = ''; if(trim($tmp['xfer']) != '') {