From 6a25accffe0c2818e00dc3ad5dd3eb3a47c76291 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?A=2E=20T=C3=A4ffner?= Date: Wed, 20 Jan 2016 10:21:44 +0100 Subject: [PATCH] import previous work (not working completely yet) --- TODO.txt | 4 +++ install/lib/installer_base.lib.php | 30 +++++++++++++++++++ .../sql/incremental/upd_dev_collection.sql | 8 +++++ install/sql/ispconfig3.sql | 4 ++- interface/web/dns/form/dns_soa.tform.php | 8 +++++ interface/web/dns/lib/lang/de_dns_soa.lng | 1 + interface/web/dns/lib/lang/en_dns_soa.lng | 1 + interface/web/dns/lib/remote.conf.php | 1 + interface/web/dns/list/dns_a.list.php | 2 +- interface/web/dns/templates/dns_a_list.htm | 1 + server/conf/bind_pri.domain.master | 3 ++ server/plugins-available/bind_plugin.inc.php | 14 +++++++-- 12 files changed, 73 insertions(+), 4 deletions(-) diff --git a/TODO.txt b/TODO.txt index 6dcae104a2..77b138d282 100644 --- a/TODO.txt +++ b/TODO.txt @@ -13,6 +13,10 @@ Installer -------------------------------------- - Add a function to let a server join a existing installation. +Change named.options.conf and add follwoing lines into options-brackets for DNSSEC-Implementation: + dnssec-enable yes; + dnssec-validation yes; + dnssec-lookaside auto; Uninstaller -------------------------------------- diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php index f22a627da9..7643043c9f 100644 --- a/install/lib/installer_base.lib.php +++ b/install/lib/installer_base.lib.php @@ -1469,6 +1469,27 @@ class installer_base { } + + //** writes bind configuration files + public function process_bind_file($configfile, $target='/', $absolute=false) { + global $conf; + + if ($absolute) $full_file_name = $target.$configfile; + else $full_file_name = $conf['ispconfig_install_dir'].$target.$configfile; + + //* Backup exiting file + if(is_file($full_file_name)) { + copy($full_file_name, $config_dir.$configfile.'~'); + } + $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master'); + $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content); + $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content); + $content = str_replace('{mysql_server_ispconfig_database}', $conf['mysql']['database'], $content); + $content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content); + $content = str_replace('{ispconfig_install_dir}', $conf['ispconfig_install_dir'], $content); + $content = str_replace('{dnssec_conffile}', $conf['ispconfig_install_dir'].'/server/scripts/dnssec-config.sh', $content); + wf($full_file_name, $content); + } public function configure_bind() { global $conf; @@ -1487,6 +1508,15 @@ class installer_base { chown($content, $conf['bind']['bind_user']); chgrp($content, $conf['bind']['bind_group']); chmod($content, 2770); + + //* Install scripts for dnssec implementation + $this->process_bind_file('dnssec-update.sh', '/server/scripts/'); + $this->process_bind_file('dnssec-create.sh', '/server/scripts/'); + $this->process_bind_file('dnssec-delete.sh', '/server/scripts/'); + $this->process_bind_file('dnssec-autoupdate.sh', '/server/scripts/'); + $this->process_bind_file('dnssec-autopickup.sh', '/server/scripts/'); + $this->process_bind_file('dnssec-autocreate.sh', '/server/scripts/'); + $this->process_bind_file('dnssec-config.sh', '/server/scripts/'); } diff --git a/install/sql/incremental/upd_dev_collection.sql b/install/sql/incremental/upd_dev_collection.sql index 624d748a52..865f34941d 100644 --- a/install/sql/incremental/upd_dev_collection.sql +++ b/install/sql/incremental/upd_dev_collection.sql @@ -203,3 +203,11 @@ CREATE TABLE `ftp_traffic` ( ALTER TABLE `mail_forwarding` ADD COLUMN `allow_send_as` ENUM('n','y') NOT NULL DEFAULT 'n' AFTER `active`; UPDATE `mail_forwarding` SET `allow_send_as` = 'y' WHERE `type` = 'alias'; + +--- DNSSEC-Implementation by dark alex +--- TODO: Review and resolve conflicts if more has been done in that column +ALTER TABLE `dns_rr` CHANGE COLUMN `type` `type` ENUM('A','AAAA','ALIAS','CNAME','HINFO','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY') NULL DEFAULT NULL AFTER `name`; + +ALTER TABLE `dns_soa` + ADD COLUMN `dnssec_initialized` ENUM('Y','N') NOT NULL DEFAULT 'N', + ADD COLUMN `dnssec_info` TEXT NULL; diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql index f77bbf456d..9cf34992a9 100644 --- a/install/sql/ispconfig3.sql +++ b/install/sql/ispconfig3.sql @@ -478,7 +478,7 @@ CREATE TABLE `dns_rr` ( `server_id` int(11) NOT NULL default '1', `zone` int(11) unsigned NOT NULL DEFAULT '0', `name` varchar(255) NOT NULL DEFAULT '', - `type` enum('A','AAAA','ALIAS','CNAME','HINFO','MX','NAPTR','NS','PTR','RP','SRV','TXT') default NULL, + `type` enum('A','AAAA','ALIAS','CNAME','HINFO','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY') default NULL, `data` TEXT NOT NULL DEFAULT '', `aux` int(11) unsigned NOT NULL default '0', `ttl` int(11) unsigned NOT NULL default '3600', @@ -539,6 +539,8 @@ CREATE TABLE `dns_soa` ( `xfer` varchar(255) NOT NULL DEFAULT '', `also_notify` varchar(255) default NULL, `update_acl` varchar(255) default NULL, + `dnssec_initialized` ENUM('Y','N') NOT NULL DEFAULT 'N', + `dnssec_info` TEXT NULL, PRIMARY KEY (`id`), UNIQUE KEY `origin` (`origin`), KEY `active` (`active`) diff --git a/interface/web/dns/form/dns_soa.tform.php b/interface/web/dns/form/dns_soa.tform.php index 02afa86c53..867bbbcbbe 100644 --- a/interface/web/dns/form/dns_soa.tform.php +++ b/interface/web/dns/form/dns_soa.tform.php @@ -264,6 +264,14 @@ $form["tabs"]['dns_soa'] = array ( 'default' => 'Y', 'value' => array(0 => 'N', 1 => 'Y') ), + 'dnssec_info' => array ( + 'datatype' => 'TEXT', + 'formtype' => 'TEXTAREA', + 'default' => '', + 'value' => '', + 'width' => '30', + 'maxlength' => '10000' + ), //################################# // ENDE Datatable fields //################################# diff --git a/interface/web/dns/lib/lang/de_dns_soa.lng b/interface/web/dns/lib/lang/de_dns_soa.lng index efd6e90551..5f675d88c8 100644 --- a/interface/web/dns/lib/lang/de_dns_soa.lng +++ b/interface/web/dns/lib/lang/de_dns_soa.lng @@ -11,6 +11,7 @@ $wb['minimum_txt'] = 'Minimum'; $wb['ttl_txt'] = 'TTL'; $wb['xfer_txt'] = 'Zonentransfer zu diesen IP Adressen erlauben (mit Komma getrennte Liste)'; $wb['active_txt'] = 'Aktiv'; +$wb['dnssec_info_txt'] = 'DNSSEC DS-Daten für Registry'; $wb['limit_dns_zone_txt'] = 'Die maximale Anzahl an DNS Einträgen für Ihr Konto wurde erreicht.'; $wb['client_txt'] = 'Kunde'; $wb['no_zone_perm'] = 'Sie haben nicht die Berechtigung, einen Eintrag zu dieser DNS Zone hinzuzufügen.'; diff --git a/interface/web/dns/lib/lang/en_dns_soa.lng b/interface/web/dns/lib/lang/en_dns_soa.lng index 433530c02d..9566ce71d8 100644 --- a/interface/web/dns/lib/lang/en_dns_soa.lng +++ b/interface/web/dns/lib/lang/en_dns_soa.lng @@ -11,6 +11,7 @@ $wb["minimum_txt"] = 'Minimum'; $wb["ttl_txt"] = 'TTL'; $wb["xfer_txt"] = 'Allow zone transfers to
these IPs (comma separated list)'; $wb["active_txt"] = 'Active'; +$wb['dnssec_info_txt'] = 'DNSSEC DS-Data for registry'; $wb["limit_dns_zone_txt"] = 'The max. number of DNS zones for your account is reached.'; $wb["client_txt"] = 'Client'; $wb["no_zone_perm"] = 'You do not have the permission to add a record to this DNS zone.'; diff --git a/interface/web/dns/lib/remote.conf.php b/interface/web/dns/lib/remote.conf.php index dcabf94857..ef2ed9e4cc 100644 --- a/interface/web/dns/lib/remote.conf.php +++ b/interface/web/dns/lib/remote.conf.php @@ -7,6 +7,7 @@ $function_list['dns_alias_get,dns_alias_add,dns_alias_update,dns_alias_delete'] $function_list['dns_cname_get,dns_cname_add,dns_cname_update,dns_cname_delete'] = 'DNS cname functions'; $function_list['dns_hinfo_get,dns_hinfo_add,dns_hinfo_update,dns_hinfo_delete'] = 'DNS hinfo functions'; $function_list['dns_mx_get,dns_mx_add,dns_mx_update,dns_mx_delete'] = 'DNS mx functions'; +$function_list['dns_tlsa_get,dns_tlsa_add,dns_tlsa_update,dns_tlsa_delete'] = 'DNS tlsa functions'; $function_list['dns_ns_get,dns_ns_add,dns_ns_update,dns_ns_delete'] = 'DNS ns functions'; $function_list['dns_ptr_get,dns_ptr_add,dns_ptr_update,dns_ptr_delete'] = 'DNS ptr functions'; $function_list['dns_rp_get,dns_rp_add,dns_rp_update,dns_rp_delete'] = 'DNS rp functions'; diff --git a/interface/web/dns/list/dns_a.list.php b/interface/web/dns/list/dns_a.list.php index bf5bf1d52d..1c36c13c67 100644 --- a/interface/web/dns/list/dns_a.list.php +++ b/interface/web/dns/list/dns_a.list.php @@ -132,7 +132,7 @@ $liste["item"][] = array( 'field' => "type", 'prefix' => "", 'suffix' => "", 'width' => "", - 'value' => array('A'=>'A', 'AAAA' => 'AAAA', 'ALIAS'=>'ALIAS', 'CNAME'=>'CNAME', 'HINFO'=>'HINFO', 'MX'=>'MX', 'NS'=>'NS', 'PTR'=>'PTR', 'RP'=>'RP', 'SPF'=>'SPF', 'SRV'=>'SRV', 'TXT'=>'TXT')); + 'value' => array('A'=>'A', 'AAAA' => 'AAAA', 'ALIAS'=>'ALIAS', 'CNAME'=>'CNAME', 'HINFO'=>'HINFO', 'MX'=>'MX', 'NS'=>'NS', 'PTR'=>'PTR', 'RP'=>'RP', 'SPF'=>'SPF', 'SRV'=>'SRV', 'TLSA'=>'TLSA', 'TXT'=>'TXT')); ?> diff --git a/interface/web/dns/templates/dns_a_list.htm b/interface/web/dns/templates/dns_a_list.htm index 790fbdcb39..51aa559d36 100644 --- a/interface/web/dns/templates/dns_a_list.htm +++ b/interface/web/dns/templates/dns_a_list.htm @@ -30,6 +30,7 @@ + diff --git a/server/conf/bind_pri.domain.master b/server/conf/bind_pri.domain.master index 279fbac351..0e9c6cd795 100644 --- a/server/conf/bind_pri.domain.master +++ b/server/conf/bind_pri.domain.master @@ -41,6 +41,9 @@ $TTL {tmpl_var name='ttl'} {tmpl_var name='name'} {tmpl_var name='ttl'} SRV {tmpl_var name='aux'} {tmpl_var name='data'} + +{tmpl_var name='name'} {tmpl_var name='ttl'} TLSA {tmpl_var name='data'} + {tmpl_var name='name'} {tmpl_var name='ttl'} TXT "{tmpl_var name='data'}" diff --git a/server/plugins-available/bind_plugin.inc.php b/server/plugins-available/bind_plugin.inc.php index c538cb9570..3dd2f8418d 100644 --- a/server/plugins-available/bind_plugin.inc.php +++ b/server/plugins-available/bind_plugin.inc.php @@ -163,7 +163,14 @@ class bind_plugin { if(is_file($filename)) unlink($filename); if(is_file($filename.'.err')) unlink($filename.'.err'); - } + + //* DNSSEC-Implementation + if (strlen($data['old']['origin']) > 3) exec('/usr/local/ispconfig/server/scripts/dnssec-delete.sh '.$data['old']['origin']); //delete old keys + exec('/usr/local/ispconfig/server/scripts/dnssec-create.sh '.$data['new']['origin']); //Create new keys for new origin + } + + //* DNSSEC-Implementation + exec('/usr/local/ispconfig/server/scripts/dnssec-update.sh '.$data['new']['origin']); //* Restart bind nameserver if update_acl is not empty, otherwise reload it if($data['new']['update_acl'] != '') { @@ -197,6 +204,9 @@ class bind_plugin { if(is_file($zone_file_name.'.err')) unlink($zone_file_name.'.err'); $app->log("Deleting BIND domain file: ".$zone_file_name, LOGLEVEL_DEBUG); + //* DNSSEC-Implementation + exec('/usr/local/ispconfig/server/scripts/dnssec-delete.sh '.$data['old']['origin']); //delete keys + //* Reload bind nameserver $app->services->restartServiceDelayed('bind', 'reload'); @@ -342,7 +352,7 @@ class bind_plugin { //* Loop trough zones foreach($tmps as $tmp) { - $zone_file = $pri_zonefiles_path.str_replace("/", "_", substr($tmp['origin'], 0, -1)); + $zone_file = $pri_zonefiles_path.str_replace("/", "_", substr($tmp['origin'], 0, -1)).'.signed'; //.signed is for DNSSEC-Implementation $options = ''; if(trim($tmp['xfer']) != '') { -- GitLab