error(_('You have to create a config.inc.php!'));
}
require '../inc/error.inc.php';
require '../inc/database.inc.php';
require '../inc/file.inc.php';
require '../inc/record.inc.php';
require '../inc/migrations.inc.php';
$db = dbConnect();
$file_name = file_get_name_without_extension(__FILE__);
if (migration_exists($db, $file_name)) {
migration_message('The migration had already been applied!');
exit;
}
$zones = get_zones_with_templates($db);
foreach ($zones as $zone) {
$domain = get_zone_name_from_id($zone['id']);
$templ_records = get_zone_templ_records($zone['zone_templ_id']);
$generated_templ_records = array();
foreach ($templ_records as $templ_record) {
$name = parse_template_value($templ_record['name'], $domain);
$type = $templ_record['type'];
$content = parse_template_value($templ_record['content'], $domain);
$generated_templ_records[] = array('name' => $name, 'type' => $type, 'content' => $content);
}
$records = get_records_by_domain_id($db, $zone['domain_id']);
foreach ($records as $record) {
foreach ($generated_templ_records as $generated_templ_record) {
if ($record['name'] == $generated_templ_record['name'] && $record['type'] == $generated_templ_record['type'] && $record['content'] == $generated_templ_record['content']) {
if (!record_relation_to_templ_exists($db, $zone['domain_id'], $record['id'], $zone['zone_templ_id'])) {
add_record_relation_to_templ($db, $zone['domain_id'], $record['id'], $zone['zone_templ_id']);
}
} elseif (do_hook('verify_permission', 'zone_content_edit_own_as_client')) {
$perm_content_edit = "own_as_client";
} else {
$perm_content_edit = "none";
}
if (do_hook('verify_permission', 'zone_meta_edit_others')) {
$perm_meta_edit = "all";
} elseif (do_hook('verify_permission', 'zone_meta_edit_own')) {
$perm_meta_edit = "own";
} else {
$perm_meta_edit = "none";
}
$zid = get_zone_id_from_record_id($_GET['id']);
$user_is_zone_owner = do_hook('verify_user_is_owner_zoneid', $zid);
$zone_type = get_domain_type($zid);
$zone_name = get_zone_name_from_id($zid);
if (isset($_POST["commit"])) {
if ($zone_type == "SLAVE" || $perm_content_edit == "none" || ($perm_content_edit == "own" || $perm_content_edit == "own_as_client") && $user_is_zone_owner == "0") {
error(ERR_PERM_EDIT_RECORD);
} else {
$old_record_info = get_record_from_id($_POST["rid"]);
$ret_val = edit_record($_POST);
if ($ret_val == "1") {
if ($_POST['type'] != "SOA") {
update_soa_serial($zid);
}
success(SUC_RECORD_UPD);
$new_record_info = get_record_from_id($_POST["rid"]);
log_info(sprintf('client_ip:%s user:%s operation:edit_record' . ' old_record_type:%s old_record:%s old_content:%s old_ttl:%s old_priority:%s' . ' record_type:%s record:%s content:%s ttl:%s priority:%s', $_SERVER['REMOTE_ADDR'], $_SESSION["userlogin"], $old_record_info['type'], $old_record_info['name'], $old_record_info['content'], $old_record_info['ttl'], $old_record_info['prio'], $new_record_info['type'], $new_record_info['name'], $new_record_info['content'], $new_record_info['ttl'], $new_record_info['prio']));
if ($pdnssec_use) {
if (dnssec_rectify_zone($zid)) {
}
if (isset($_POST["newowner"]) && is_numeric($_POST["domain"]) && is_numeric($_POST["newowner"])) {
add_owner_to_zone($_POST["domain"], $_POST["newowner"]);
}
if (isset($_POST["delete_owner"]) && is_numeric($_POST["delete_owner"])) {
delete_owner_from_zone($zone_id, $_POST["delete_owner"]);
}
if ($perm_view == "none" || $perm_view == "own" && $user_is_zone_owner == "0") {
error(ERR_PERM_VIEW_ZONE);
} else {
if (zone_id_exists($zone_id) == "0") {
error(ERR_ZONE_NOT_EXIST);
} else {
$domain_type = get_domain_type($zone_id);
$record_count = count_zone_records($zone_id);
echo " <h2>" . _('Edit zone') . " \"" . get_zone_name_from_id($zone_id) . "\"</h2>\n";
echo " <div class=\"showmax\">\n";
show_pages($record_count, $iface_rowamount, $zone_id);
echo " </div>\n";
$records = get_records_from_domain_id($zone_id, ROWSTART, $iface_rowamount);
if ($records == "-1") {
echo " <p>" . _("This zone does not have any records. Weird.") . "</p>\n";
} else {
echo " <form method=\"post\">\n";
echo " <table>\n";
echo " <tr>\n";
echo " <th> </th>\n";
echo " <th>" . _('Name') . "</th>\n";
echo " <th>" . _('Type') . "</th>\n";
echo " <th>" . _('Content') . "</th>\n";
echo " <th>" . _('Priority') . "</th>\n";
/** Execute PDNSSEC rectify-zone command for Domain ID
*
* If a Domain is dnssec enabled, or uses features as
* e.g. ALSO-NOTIFY, ALLOW-AXFR-FROM, TSIG-ALLOW-AXFR
* following has to be executed
* pdnssec rectify-zone $domain
*
* @param int $domain_id Domain ID
*
* @return boolean true on success, false on failure or unnecessary
*/
function dnssec_rectify_zone($domain_id)
{
global $db;
global $pdnssec_command;
$output = array();
/* if pdnssec_command is set we perform ``pdnssec rectify-zone $domain`` on all zones,
* as pdns needs the "auth" column for all zones if dnssec is enabled
*
* If there is any entry at domainmetadata table for this domain,
* it is an error if pdnssec_command is not set */
$query = "SELECT COUNT(id) FROM domainmetadata WHERE domain_id = " . $db->quote($domain_id, 'integer');
$count = $db->queryOne($query);
if (PEAR::isError($count)) {
error($count->getMessage());
return false;
}
if (isset($pdnssec_command)) {
$domain = get_zone_name_from_id($domain_id);
$command = $pdnssec_command . " rectify-zone " . $domain;
if (!dnssec_is_pdnssec_callable()) {
return false;
}
exec($command, $output, $return_code);
if ($return_code != 0) {
error(ERR_EXEC_PDNSSEC_RECTIFY_ZONE);
return false;
}
return true;
} else {
if ($count >= 1) {
error(ERR_EXEC_PDNSSEC);
return false;
}
}
return false;
}
/** Delete array of domains
*
* Deletes a domain by a given id.
* Function always succeeds. If the field is not found in the database, thats what we want anyway.
*
* @param int[] $domains Array of Domain IDs to delete
*
* @return boolean true on success, false otherwise
*/
function delete_domains($domains)
{
global $db;
global $pdnssec_use;
$error = false;
$return = false;
$response = $db->beginTransaction();
foreach ($domains as $id) {
if (do_hook('verify_permission', 'zone_content_edit_others')) {
$perm_edit = "all";
} elseif (do_hook('verify_permission', 'zone_content_edit_own')) {
$perm_edit = "own";
} else {
$perm_edit = "none";
}
$user_is_zone_owner = do_hook('verify_user_is_owner_zoneid', $id);
if ($perm_edit == "all" || $perm_edit == "own" && $user_is_zone_owner == "1") {
if (is_numeric($id)) {
$zone_type = get_domain_type($id);
if ($pdnssec_use && $zone_type == 'MASTER') {
$zone_name = get_zone_name_from_id($id);
dnssec_unsecure_zone($zone_name);
}
$db->exec("DELETE FROM zones WHERE domain_id=" . $db->quote($id, 'integer'));
$db->exec("DELETE FROM domains WHERE id=" . $db->quote($id, 'integer'));
$db->exec("DELETE FROM records WHERE domain_id=" . $db->quote($id, 'integer'));
$db->query("DELETE FROM records_zone_templ WHERE domain_id=" . $db->quote($id, 'integer'));
} else {
error(sprintf(ERR_INV_ARGC, "delete_domains", "id must be a number"));
$error = true;
}
} else {
error(ERR_PERM_DEL_ZONE);
$error = true;
}
}
if (PEAR::isError($response)) {
$response = $db->rollback();
$commit = false;
} else {
$response = $db->commit();
$commit = true;
}
if (true == $commit && false == $error) {
$return = true;
}
return $return;
}
function validate_input($rid, $zid, $type, &$content, &$name, &$prio, &$ttl)
{
$zone = get_zone_name_from_id($zid);
// TODO check for return
if (!preg_match("/{$zone}\$/i", $name)) {
if (isset($name) && $name != "") {
$name = $name . "." . $zone;
} else {
$name = $zone;
}
}
switch ($type) {
case "A":
if (!is_valid_ipv4($content)) {
return false;
}
if (!is_valid_rr_cname_exists($name, $rid)) {
return false;
}
if (!is_valid_hostname_fqdn($name, 1)) {
return false;
}
break;
case "AAAA":
if (!is_valid_ipv6($content)) {
return false;
}
if (!is_valid_rr_cname_exists($name, $rid)) {
return false;
}
if (!is_valid_hostname_fqdn($name, 1)) {
return false;
}
break;
case "CNAME":
if (!is_valid_rr_cname_name($name)) {
return false;
}
if (!is_valid_rr_cname_unique($name, $rid)) {
return false;
}
if (!is_valid_hostname_fqdn($name, 1)) {
return false;
}
if (!is_valid_hostname_fqdn($content, 0)) {
return false;
}
break;
case "HINFO":
if (!is_valid_rr_hinfo_content($content)) {
return false;
}
if (!is_valid_hostname_fqdn($name, 1)) {
return false;
}
break;
case "MX":
if (!is_valid_hostname_fqdn($content, 0)) {
return false;
}
if (!is_valid_hostname_fqdn($name, 1)) {
return false;
}
if (!is_valid_non_alias_target($content)) {
return false;
}
break;
case "NS":
if (!is_valid_hostname_fqdn($content, 0)) {
return false;
}
if (!is_valid_hostname_fqdn($name, 1)) {
return false;
}
if (!is_valid_non_alias_target($content)) {
return false;
}
break;
case "PTR":
if (!is_valid_hostname_fqdn($content, 0)) {
return false;
}
if (!is_valid_hostname_fqdn($name, 1)) {
return false;
}
break;
case "SOA":
if (!is_valid_rr_soa_name($name, $zone)) {
return false;
}
if (!is_valid_hostname_fqdn($name, 1)) {
return false;
}
if (!is_valid_rr_soa_content($content)) {
return false;
}
break;
case "SRV":
if (!is_valid_rr_srv_name($name)) {
return false;
}
if (!is_valid_rr_srv_content($content)) {
return false;
}
break;
case "TXT":
if (!is_valid_printable($name)) {
return false;
}
if (!is_valid_printable($content)) {
return false;
}
break;
case "CURL":
case "MBOXFW":
case "NAPTR":
case "SPF":
/*
Validate SPF entry
*/
if (!is_valid_spf($content)) {
return false;
}
case "SSHFP":
case "URL":
// These types are supported by PowerDNS, but there is not
// yet code for validation. Validation needs to be added
// for these types. One Day Real Soon Now. [tm]
break;
case "LOC":
if (!is_valid_loc($content)) {
return false;
}
if (!is_valid_hostname_fqdn($name, 1)) {
return false;
}
break;
default:
error(ERR_DNS_RR_TYPE);
return false;
}
if (!is_valid_rr_prio($prio, $type)) {
return false;
}
if (!is_valid_rr_ttl($ttl)) {
return false;
}
return true;
}
function update_zone_records($zone_id, $zone_template)
{
global $db;
global $dns_ns1;
global $dns_hostmaster;
global $dns_ttl;
if (verify_permission('zone_content_edit_others')) {
$perm_edit = "all";
} elseif (verify_permission('zone_content_edit_own')) {
$perm_edit = "own";
} else {
$perm_edit = "none";
}
$user_is_zone_owner = verify_user_is_owner_zoneid($zone_id);
if (verify_permission('zone_master_add')) {
$zone_master_add = "1";
}
if (verify_permission('zone_slave_add')) {
$zone_slave_add = "1";
}
$response = $db->beginTransaction();
if (0 != $zone_template) {
if ($perm_edit == "all" || $perm_edit == "own" && $user_is_zone_owner == "1") {
if (is_numeric($zone_id)) {
$db->exec("DELETE FROM records WHERE domain_id=" . $db->quote($zone_id, 'integer'));
} else {
error(sprintf(ERR_INV_ARGC, "delete_domain", "id must be a number"));
}
} else {
error(ERR_PERM_DEL_ZONE);
}
if ($zone_master_add == "1" || $zone_slave_add == "1") {
$domain = get_zone_name_from_id($zone_id);
$now = time();
$templ_records = get_zone_templ_records($zone_template);
if ($templ_records == -1) {
return;
}
foreach ($templ_records as $r) {
if (preg_match('/in-addr.arpa/i', $zone_id) && ($r["type"] == "NS" || $r["type"] == "SOA") || !preg_match('/in-addr.arpa/i', $zone_id)) {
$name = parse_template_value($r["name"], $domain);
$type = $r["type"];
$content = parse_template_value($r["content"], $domain);
$ttl = $r["ttl"];
$prio = intval($r["prio"]);
if (!$ttl) {
$ttl = $dns_ttl;
}
$query = "INSERT INTO records (domain_id, name, type, content, ttl, prio, change_date) VALUES (" . $db->quote($zone_id, 'integer') . "," . $db->quote($name, 'text') . "," . $db->quote($type, 'text') . "," . $db->quote($content, 'text') . "," . $db->quote($ttl, 'integer') . "," . $db->quote($prio, 'integer') . "," . $db->quote($now, 'integer') . ")";
$response = $db->exec($query);
}
}
}
}
$query = "UPDATE zones\n SET zone_templ_id = " . $db->quote($zone_template, 'integer') . "\n WHERE domain_id = " . $db->quote($zone_id, 'integer');
$response = $db->exec($query);
if (PEAR::isError($response)) {
$response = $db->rollback();
} else {
$response = $db->commit();
}
}
}
$key_id = "-1";
if (isset($_GET['key_id']) && v_num($_GET['key_id'])) {
$key_id = (int) $_GET['key_id'];
}
$confirm = "-1";
if (isset($_GET['confirm']) && v_num($_GET['confirm'])) {
$confirm = $_GET['confirm'];
}
$user_is_zone_owner = do_hook('verify_user_is_owner_zoneid', $zone_id);
if ($zone_id == "-1") {
error(ERR_INV_INPUT);
include_once "inc/footer.inc.php";
exit;
}
$domain_name = get_zone_name_from_id($zone_id);
if ($key_id == "-1") {
error(ERR_INV_INPUT);
include_once "inc/footer.inc.php";
exit;
}
if (!dnssec_zone_key_exists($domain_name, $key_id)) {
error(ERR_INV_INPUT);
include_once "inc/footer.inc.php";
exit;
}
$key_info = dnssec_get_zone_key($domain_name, $key_id);
if ($key_info[5]) {
echo " <h2>" . _('Deactivate zone key') . "</h2>\n";
} else {
echo " <h2>" . _('Activate zone key') . "</h2>\n";
/** Validate DNS record input
*
* @param int $rid Record ID
* @param int $zid Zone ID
* @param string $type Record Type
* @param mixed $content content part of record
* @param mixed $name Name part of record
* @param mixed $prio Priority
* @param mixed $ttl TTL
*
* @return boolean true on success, false otherwise
*/
function validate_input($rid, $zid, $type, &$content, &$name, &$prio, &$ttl)
{
$zone = get_zone_name_from_id($zid);
// TODO check for return
if (!preg_match("/{$zone}\$/i", $name)) {
if (isset($name) && $name != "") {
$name = $name . "." . $zone;
} else {
$name = $zone;
}
}
switch ($type) {
case "A":
if (!is_valid_ipv4($content)) {
return false;
}
if (!is_valid_rr_cname_exists($name, $rid)) {
return false;
}
if (!is_valid_hostname_fqdn($name, 1)) {
return false;
}
break;
case "AAAA":
if (!is_valid_ipv6($content)) {
return false;
}
if (!is_valid_rr_cname_exists($name, $rid)) {
return false;
}
if (!is_valid_hostname_fqdn($name, 1)) {
return false;
}
break;
case "AFSDB":
// TODO: implement validation.
break;
case "CERT":
// TODO: implement validation.
break;
case "CNAME":
if (!is_valid_rr_cname_name($name)) {
return false;
}
if (!is_valid_rr_cname_unique($name, $rid)) {
return false;
}
if (!is_valid_hostname_fqdn($name, 1)) {
return false;
}
if (!is_valid_hostname_fqdn($content, 0)) {
return false;
}
if (!is_not_empty_cname_rr($name, $zone)) {
return false;
}
break;
case 'DHCID':
// TODO: implement validation
break;
case 'DLV':
// TODO: implement validation
break;
case 'DNSKEY':
// TODO: implement validation
break;
case 'DS':
// TODO: implement validation
break;
case 'EUI48':
// TODO: implement validation
break;
case 'EUI64':
// TODO: implement validation
break;
case "HINFO":
if (!is_valid_rr_hinfo_content($content)) {
return false;
}
if (!is_valid_hostname_fqdn($name, 1)) {
return false;
}
break;
case 'IPSECKEY':
// TODO: implement validation
break;
case 'KEY':
// TODO: implement validation
break;
case 'KX':
// TODO: implement validation
break;
case "LOC":
if (!is_valid_loc($content)) {
return false;
}
if (!is_valid_hostname_fqdn($name, 1)) {
return false;
}
break;
case 'MINFO':
// TODO: implement validation
break;
case 'MR':
// TODO: implement validation
break;
case "MX":
if (!is_valid_hostname_fqdn($content, 0)) {
return false;
}
if (!is_valid_hostname_fqdn($name, 1)) {
return false;
}
if (!is_valid_non_alias_target($content)) {
return false;
}
break;
case 'NAPTR':
// TODO: implement validation
break;
case "NS":
if (!is_valid_hostname_fqdn($content, 0)) {
return false;
}
if (!is_valid_hostname_fqdn($name, 1)) {
return false;
}
if (!is_valid_non_alias_target($content)) {
return false;
}
break;
case 'NSEC':
// TODO: implement validation
break;
case 'NSEC3':
// TODO: implement validation
break;
case 'NSEC3PARAM':
// TODO: implement validation
break;
case 'OPT':
// TODO: implement validation
break;
case "PTR":
if (!is_valid_hostname_fqdn($content, 0)) {
return false;
}
if (!is_valid_hostname_fqdn($name, 1)) {
return false;
}
break;
case 'RKEY':
// TODO: implement validation
break;
case 'RP':
// TODO: implement validation
break;
case 'RRSIG':
// TODO: implement validation
break;
case "SOA":
if (!is_valid_rr_soa_name($name, $zone)) {
return false;
}
if (!is_valid_hostname_fqdn($name, 1)) {
return false;
}
if (!is_valid_rr_soa_content($content)) {
error(ERR_DNS_CONTENT);
return false;
}
break;
case "SPF":
if (!is_valid_spf($content)) {
return false;
}
break;
case "SRV":
if (!is_valid_rr_srv_name($name)) {
return false;
}
if (!is_valid_rr_srv_content($content)) {
return false;
}
break;
case 'SSHFP':
// TODO: implement validation
break;
case 'TLSA':
// TODO: implement validation
break;
case 'TSIG':
// TODO: implement validation
break;
case "TXT":
if (!is_valid_printable($name)) {
return false;
}
if (!is_valid_printable($content)) {
return false;
}
break;
case 'WKS':
// TODO: implement validation
break;
case "CURL":
case "MBOXFW":
case "URL":
// TODO: implement validation?
// Fancy types are not supported anymore in PowerDNS
break;
default:
error(ERR_DNS_RR_TYPE);
return false;
}
if (!is_valid_rr_prio($prio, $type)) {
return false;
}
if (!is_valid_rr_ttl($ttl)) {
return false;
}
return true;
}
} else {
$meta_edit = "0";
}
do_hook('verify_permission', 'user_view_others') ? $perm_view_others = "1" : ($perm_view_others = "0");
if ($perm_view == "none" || $perm_view == "own" && $user_is_zone_owner == "0") {
error(ERR_PERM_VIEW_ZONE);
include_once "inc/footer.inc.php";
exit;
}
if (zone_id_exists($zone_id) == "0") {
error(ERR_ZONE_NOT_EXIST);
include_once "inc/footer.inc.php";
exit;
}
$domain_type = get_domain_type($zone_id);
$domain_name = get_zone_name_from_id($zone_id);
$record_count = count_zone_records($zone_id);
$zone_templates = get_list_zone_templ($_SESSION['userid']);
$zone_template_id = get_zone_template($zone_id);
echo " <h2>" . _('DNSSEC public records for zone') . " \"" . get_zone_name_from_id($zone_id) . "\"</h2>\n";
echo " <h3>" . _('DNSKEY') . "</h3>\n";
$dnskey_record = dnssec_get_dnskey_record($domain_name);
echo $dnskey_record . "<br>\n";
echo "<br>";
echo " <h3>" . _('DS record') . "</h3>\n";
$ds_records = dnssec_get_ds_records($domain_name);
foreach ($ds_records as $record) {
echo $record . "<br>\n";
}
echo "<br>";
include_once "inc/footer.inc.php";
if ($perm_view == "none" || $perm_view == "own" && $user_is_zone_owner == "0") {
error(ERR_PERM_VIEW_ZONE);
include_once "inc/footer.inc.php";
exit;
}
if (zone_id_exists($zone_id) == "0") {
error(ERR_ZONE_NOT_EXIST);
include_once "inc/footer.inc.php";
exit;
}
$domain_type = get_domain_type($zone_id);
$domain_name = get_zone_name_from_id($zone_id);
$record_count = count_zone_records($zone_id);
$zone_templates = get_list_zone_templ($_SESSION['userid']);
$zone_template_id = get_zone_template($zone_id);
echo " <h2>" . _('DNSSEC keys for zone') . " \"" . get_zone_name_from_id($zone_id) . "\"</h2>\n";
echo " <table>\n";
echo " <tr>\n";
echo " <th> </th>\n";
echo " <th>" . _('ID') . "</th>\n";
echo " <th>" . _('Type') . "</th>\n";
echo " <th>" . _('Tag') . "</th>\n";
echo " <th>" . _('Algorithm') . "</th>\n";
echo " <th>" . _('Bits') . "</th>\n";
echo " <th>" . _('Active') . "</th>\n";
echo " </tr>\n";
$keys = dnssec_get_keys($domain_name);
foreach ($keys as $item) {
echo "<tr>\n";
echo "<td width=\"60\" class=\"actions\"> \n";
echo "<a href=\"dnssec_edit_key.php?id=" . $zone_id . "&key_id=" . $item[0] . "\"><img src=\"images/edit.gif\" title=\"" . _('Edit zone key') . " " . $item[0] . "\" alt=\"[ " . _('Edit zone key') . " " . $domain_name . " ]\"></a>\n";
