error(_('You have to create a config.inc.php!')); } require '../inc/error.inc.php'; require '../inc/database.inc.php'; require '../inc/file.inc.php'; require '../inc/record.inc.php'; require '../inc/migrations.inc.php'; $db = dbConnect(); $file_name = file_get_name_without_extension(__FILE__); if (migration_exists($db, $file_name)) { migration_message('The migration had already been applied!'); exit; } $zones = get_zones_with_templates($db); foreach ($zones as $zone) { $domain = get_zone_name_from_id($zone['id']); $templ_records = get_zone_templ_records($zone['zone_templ_id']); $generated_templ_records = array(); foreach ($templ_records as $templ_record) { $name = parse_template_value($templ_record['name'], $domain); $type = $templ_record['type']; $content = parse_template_value($templ_record['content'], $domain); $generated_templ_records[] = array('name' => $name, 'type' => $type, 'content' => $content); } $records = get_records_by_domain_id($db, $zone['domain_id']); foreach ($records as $record) { foreach ($generated_templ_records as $generated_templ_record) { if ($record['name'] == $generated_templ_record['name'] && $record['type'] == $generated_templ_record['type'] && $record['content'] == $generated_templ_record['content']) { if (!record_relation_to_templ_exists($db, $zone['domain_id'], $record['id'], $zone['zone_templ_id'])) { add_record_relation_to_templ($db, $zone['domain_id'], $record['id'], $zone['zone_templ_id']); }
} elseif (do_hook('verify_permission', 'zone_content_edit_own_as_client')) { $perm_content_edit = "own_as_client"; } else { $perm_content_edit = "none"; } if (do_hook('verify_permission', 'zone_meta_edit_others')) { $perm_meta_edit = "all"; } elseif (do_hook('verify_permission', 'zone_meta_edit_own')) { $perm_meta_edit = "own"; } else { $perm_meta_edit = "none"; } $zid = get_zone_id_from_record_id($_GET['id']); $user_is_zone_owner = do_hook('verify_user_is_owner_zoneid', $zid); $zone_type = get_domain_type($zid); $zone_name = get_zone_name_from_id($zid); if (isset($_POST["commit"])) { if ($zone_type == "SLAVE" || $perm_content_edit == "none" || ($perm_content_edit == "own" || $perm_content_edit == "own_as_client") && $user_is_zone_owner == "0") { error(ERR_PERM_EDIT_RECORD); } else { $old_record_info = get_record_from_id($_POST["rid"]); $ret_val = edit_record($_POST); if ($ret_val == "1") { if ($_POST['type'] != "SOA") { update_soa_serial($zid); } success(SUC_RECORD_UPD); $new_record_info = get_record_from_id($_POST["rid"]); log_info(sprintf('client_ip:%s user:%s operation:edit_record' . ' old_record_type:%s old_record:%s old_content:%s old_ttl:%s old_priority:%s' . ' record_type:%s record:%s content:%s ttl:%s priority:%s', $_SERVER['REMOTE_ADDR'], $_SESSION["userlogin"], $old_record_info['type'], $old_record_info['name'], $old_record_info['content'], $old_record_info['ttl'], $old_record_info['prio'], $new_record_info['type'], $new_record_info['name'], $new_record_info['content'], $new_record_info['ttl'], $new_record_info['prio'])); if ($pdnssec_use) { if (dnssec_rectify_zone($zid)) {
} if (isset($_POST["newowner"]) && is_numeric($_POST["domain"]) && is_numeric($_POST["newowner"])) { add_owner_to_zone($_POST["domain"], $_POST["newowner"]); } if (isset($_POST["delete_owner"]) && is_numeric($_POST["delete_owner"])) { delete_owner_from_zone($zone_id, $_POST["delete_owner"]); } if ($perm_view == "none" || $perm_view == "own" && $user_is_zone_owner == "0") { error(ERR_PERM_VIEW_ZONE); } else { if (zone_id_exists($zone_id) == "0") { error(ERR_ZONE_NOT_EXIST); } else { $domain_type = get_domain_type($zone_id); $record_count = count_zone_records($zone_id); echo " <h2>" . _('Edit zone') . " \"" . get_zone_name_from_id($zone_id) . "\"</h2>\n"; echo " <div class=\"showmax\">\n"; show_pages($record_count, $iface_rowamount, $zone_id); echo " </div>\n"; $records = get_records_from_domain_id($zone_id, ROWSTART, $iface_rowamount); if ($records == "-1") { echo " <p>" . _("This zone does not have any records. Weird.") . "</p>\n"; } else { echo " <form method=\"post\">\n"; echo " <table>\n"; echo " <tr>\n"; echo " <th> </th>\n"; echo " <th>" . _('Name') . "</th>\n"; echo " <th>" . _('Type') . "</th>\n"; echo " <th>" . _('Content') . "</th>\n"; echo " <th>" . _('Priority') . "</th>\n";
/** Execute PDNSSEC rectify-zone command for Domain ID * * If a Domain is dnssec enabled, or uses features as * e.g. ALSO-NOTIFY, ALLOW-AXFR-FROM, TSIG-ALLOW-AXFR * following has to be executed * pdnssec rectify-zone $domain * * @param int $domain_id Domain ID * * @return boolean true on success, false on failure or unnecessary */ function dnssec_rectify_zone($domain_id) { global $db; global $pdnssec_command; $output = array(); /* if pdnssec_command is set we perform ``pdnssec rectify-zone $domain`` on all zones, * as pdns needs the "auth" column for all zones if dnssec is enabled * * If there is any entry at domainmetadata table for this domain, * it is an error if pdnssec_command is not set */ $query = "SELECT COUNT(id) FROM domainmetadata WHERE domain_id = " . $db->quote($domain_id, 'integer'); $count = $db->queryOne($query); if (PEAR::isError($count)) { error($count->getMessage()); return false; } if (isset($pdnssec_command)) { $domain = get_zone_name_from_id($domain_id); $command = $pdnssec_command . " rectify-zone " . $domain; if (!dnssec_is_pdnssec_callable()) { return false; } exec($command, $output, $return_code); if ($return_code != 0) { error(ERR_EXEC_PDNSSEC_RECTIFY_ZONE); return false; } return true; } else { if ($count >= 1) { error(ERR_EXEC_PDNSSEC); return false; } } return false; }
/** Delete array of domains * * Deletes a domain by a given id. * Function always succeeds. If the field is not found in the database, thats what we want anyway. * * @param int[] $domains Array of Domain IDs to delete * * @return boolean true on success, false otherwise */ function delete_domains($domains) { global $db; global $pdnssec_use; $error = false; $return = false; $response = $db->beginTransaction(); foreach ($domains as $id) { if (do_hook('verify_permission', 'zone_content_edit_others')) { $perm_edit = "all"; } elseif (do_hook('verify_permission', 'zone_content_edit_own')) { $perm_edit = "own"; } else { $perm_edit = "none"; } $user_is_zone_owner = do_hook('verify_user_is_owner_zoneid', $id); if ($perm_edit == "all" || $perm_edit == "own" && $user_is_zone_owner == "1") { if (is_numeric($id)) { $zone_type = get_domain_type($id); if ($pdnssec_use && $zone_type == 'MASTER') { $zone_name = get_zone_name_from_id($id); dnssec_unsecure_zone($zone_name); } $db->exec("DELETE FROM zones WHERE domain_id=" . $db->quote($id, 'integer')); $db->exec("DELETE FROM domains WHERE id=" . $db->quote($id, 'integer')); $db->exec("DELETE FROM records WHERE domain_id=" . $db->quote($id, 'integer')); $db->query("DELETE FROM records_zone_templ WHERE domain_id=" . $db->quote($id, 'integer')); } else { error(sprintf(ERR_INV_ARGC, "delete_domains", "id must be a number")); $error = true; } } else { error(ERR_PERM_DEL_ZONE); $error = true; } } if (PEAR::isError($response)) { $response = $db->rollback(); $commit = false; } else { $response = $db->commit(); $commit = true; } if (true == $commit && false == $error) { $return = true; } return $return; }
function validate_input($rid, $zid, $type, &$content, &$name, &$prio, &$ttl) { $zone = get_zone_name_from_id($zid); // TODO check for return if (!preg_match("/{$zone}\$/i", $name)) { if (isset($name) && $name != "") { $name = $name . "." . $zone; } else { $name = $zone; } } switch ($type) { case "A": if (!is_valid_ipv4($content)) { return false; } if (!is_valid_rr_cname_exists($name, $rid)) { return false; } if (!is_valid_hostname_fqdn($name, 1)) { return false; } break; case "AAAA": if (!is_valid_ipv6($content)) { return false; } if (!is_valid_rr_cname_exists($name, $rid)) { return false; } if (!is_valid_hostname_fqdn($name, 1)) { return false; } break; case "CNAME": if (!is_valid_rr_cname_name($name)) { return false; } if (!is_valid_rr_cname_unique($name, $rid)) { return false; } if (!is_valid_hostname_fqdn($name, 1)) { return false; } if (!is_valid_hostname_fqdn($content, 0)) { return false; } break; case "HINFO": if (!is_valid_rr_hinfo_content($content)) { return false; } if (!is_valid_hostname_fqdn($name, 1)) { return false; } break; case "MX": if (!is_valid_hostname_fqdn($content, 0)) { return false; } if (!is_valid_hostname_fqdn($name, 1)) { return false; } if (!is_valid_non_alias_target($content)) { return false; } break; case "NS": if (!is_valid_hostname_fqdn($content, 0)) { return false; } if (!is_valid_hostname_fqdn($name, 1)) { return false; } if (!is_valid_non_alias_target($content)) { return false; } break; case "PTR": if (!is_valid_hostname_fqdn($content, 0)) { return false; } if (!is_valid_hostname_fqdn($name, 1)) { return false; } break; case "SOA": if (!is_valid_rr_soa_name($name, $zone)) { return false; } if (!is_valid_hostname_fqdn($name, 1)) { return false; } if (!is_valid_rr_soa_content($content)) { return false; } break; case "SRV": if (!is_valid_rr_srv_name($name)) { return false; } if (!is_valid_rr_srv_content($content)) { return false; } break; case "TXT": if (!is_valid_printable($name)) { return false; } if (!is_valid_printable($content)) { return false; } break; case "CURL": case "MBOXFW": case "NAPTR": case "SPF": /* Validate SPF entry */ if (!is_valid_spf($content)) { return false; } case "SSHFP": case "URL": // These types are supported by PowerDNS, but there is not // yet code for validation. Validation needs to be added // for these types. One Day Real Soon Now. [tm] break; case "LOC": if (!is_valid_loc($content)) { return false; } if (!is_valid_hostname_fqdn($name, 1)) { return false; } break; default: error(ERR_DNS_RR_TYPE); return false; } if (!is_valid_rr_prio($prio, $type)) { return false; } if (!is_valid_rr_ttl($ttl)) { return false; } return true; }
function update_zone_records($zone_id, $zone_template) { global $db; global $dns_ns1; global $dns_hostmaster; global $dns_ttl; if (verify_permission('zone_content_edit_others')) { $perm_edit = "all"; } elseif (verify_permission('zone_content_edit_own')) { $perm_edit = "own"; } else { $perm_edit = "none"; } $user_is_zone_owner = verify_user_is_owner_zoneid($zone_id); if (verify_permission('zone_master_add')) { $zone_master_add = "1"; } if (verify_permission('zone_slave_add')) { $zone_slave_add = "1"; } $response = $db->beginTransaction(); if (0 != $zone_template) { if ($perm_edit == "all" || $perm_edit == "own" && $user_is_zone_owner == "1") { if (is_numeric($zone_id)) { $db->exec("DELETE FROM records WHERE domain_id=" . $db->quote($zone_id, 'integer')); } else { error(sprintf(ERR_INV_ARGC, "delete_domain", "id must be a number")); } } else { error(ERR_PERM_DEL_ZONE); } if ($zone_master_add == "1" || $zone_slave_add == "1") { $domain = get_zone_name_from_id($zone_id); $now = time(); $templ_records = get_zone_templ_records($zone_template); if ($templ_records == -1) { return; } foreach ($templ_records as $r) { if (preg_match('/in-addr.arpa/i', $zone_id) && ($r["type"] == "NS" || $r["type"] == "SOA") || !preg_match('/in-addr.arpa/i', $zone_id)) { $name = parse_template_value($r["name"], $domain); $type = $r["type"]; $content = parse_template_value($r["content"], $domain); $ttl = $r["ttl"]; $prio = intval($r["prio"]); if (!$ttl) { $ttl = $dns_ttl; } $query = "INSERT INTO records (domain_id, name, type, content, ttl, prio, change_date) VALUES (" . $db->quote($zone_id, 'integer') . "," . $db->quote($name, 'text') . "," . $db->quote($type, 'text') . "," . $db->quote($content, 'text') . "," . $db->quote($ttl, 'integer') . "," . $db->quote($prio, 'integer') . "," . $db->quote($now, 'integer') . ")"; $response = $db->exec($query); } } } } $query = "UPDATE zones\n SET zone_templ_id = " . $db->quote($zone_template, 'integer') . "\n WHERE domain_id = " . $db->quote($zone_id, 'integer'); $response = $db->exec($query); if (PEAR::isError($response)) { $response = $db->rollback(); } else { $response = $db->commit(); } }
} $key_id = "-1"; if (isset($_GET['key_id']) && v_num($_GET['key_id'])) { $key_id = (int) $_GET['key_id']; } $confirm = "-1"; if (isset($_GET['confirm']) && v_num($_GET['confirm'])) { $confirm = $_GET['confirm']; } $user_is_zone_owner = do_hook('verify_user_is_owner_zoneid', $zone_id); if ($zone_id == "-1") { error(ERR_INV_INPUT); include_once "inc/footer.inc.php"; exit; } $domain_name = get_zone_name_from_id($zone_id); if ($key_id == "-1") { error(ERR_INV_INPUT); include_once "inc/footer.inc.php"; exit; } if (!dnssec_zone_key_exists($domain_name, $key_id)) { error(ERR_INV_INPUT); include_once "inc/footer.inc.php"; exit; } $key_info = dnssec_get_zone_key($domain_name, $key_id); if ($key_info[5]) { echo " <h2>" . _('Deactivate zone key') . "</h2>\n"; } else { echo " <h2>" . _('Activate zone key') . "</h2>\n";
/** Validate DNS record input * * @param int $rid Record ID * @param int $zid Zone ID * @param string $type Record Type * @param mixed $content content part of record * @param mixed $name Name part of record * @param mixed $prio Priority * @param mixed $ttl TTL * * @return boolean true on success, false otherwise */ function validate_input($rid, $zid, $type, &$content, &$name, &$prio, &$ttl) { $zone = get_zone_name_from_id($zid); // TODO check for return if (!preg_match("/{$zone}\$/i", $name)) { if (isset($name) && $name != "") { $name = $name . "." . $zone; } else { $name = $zone; } } switch ($type) { case "A": if (!is_valid_ipv4($content)) { return false; } if (!is_valid_rr_cname_exists($name, $rid)) { return false; } if (!is_valid_hostname_fqdn($name, 1)) { return false; } break; case "AAAA": if (!is_valid_ipv6($content)) { return false; } if (!is_valid_rr_cname_exists($name, $rid)) { return false; } if (!is_valid_hostname_fqdn($name, 1)) { return false; } break; case "AFSDB": // TODO: implement validation. break; case "CERT": // TODO: implement validation. break; case "CNAME": if (!is_valid_rr_cname_name($name)) { return false; } if (!is_valid_rr_cname_unique($name, $rid)) { return false; } if (!is_valid_hostname_fqdn($name, 1)) { return false; } if (!is_valid_hostname_fqdn($content, 0)) { return false; } if (!is_not_empty_cname_rr($name, $zone)) { return false; } break; case 'DHCID': // TODO: implement validation break; case 'DLV': // TODO: implement validation break; case 'DNSKEY': // TODO: implement validation break; case 'DS': // TODO: implement validation break; case 'EUI48': // TODO: implement validation break; case 'EUI64': // TODO: implement validation break; case "HINFO": if (!is_valid_rr_hinfo_content($content)) { return false; } if (!is_valid_hostname_fqdn($name, 1)) { return false; } break; case 'IPSECKEY': // TODO: implement validation break; case 'KEY': // TODO: implement validation break; case 'KX': // TODO: implement validation break; case "LOC": if (!is_valid_loc($content)) { return false; } if (!is_valid_hostname_fqdn($name, 1)) { return false; } break; case 'MINFO': // TODO: implement validation break; case 'MR': // TODO: implement validation break; case "MX": if (!is_valid_hostname_fqdn($content, 0)) { return false; } if (!is_valid_hostname_fqdn($name, 1)) { return false; } if (!is_valid_non_alias_target($content)) { return false; } break; case 'NAPTR': // TODO: implement validation break; case "NS": if (!is_valid_hostname_fqdn($content, 0)) { return false; } if (!is_valid_hostname_fqdn($name, 1)) { return false; } if (!is_valid_non_alias_target($content)) { return false; } break; case 'NSEC': // TODO: implement validation break; case 'NSEC3': // TODO: implement validation break; case 'NSEC3PARAM': // TODO: implement validation break; case 'OPT': // TODO: implement validation break; case "PTR": if (!is_valid_hostname_fqdn($content, 0)) { return false; } if (!is_valid_hostname_fqdn($name, 1)) { return false; } break; case 'RKEY': // TODO: implement validation break; case 'RP': // TODO: implement validation break; case 'RRSIG': // TODO: implement validation break; case "SOA": if (!is_valid_rr_soa_name($name, $zone)) { return false; } if (!is_valid_hostname_fqdn($name, 1)) { return false; } if (!is_valid_rr_soa_content($content)) { error(ERR_DNS_CONTENT); return false; } break; case "SPF": if (!is_valid_spf($content)) { return false; } break; case "SRV": if (!is_valid_rr_srv_name($name)) { return false; } if (!is_valid_rr_srv_content($content)) { return false; } break; case 'SSHFP': // TODO: implement validation break; case 'TLSA': // TODO: implement validation break; case 'TSIG': // TODO: implement validation break; case "TXT": if (!is_valid_printable($name)) { return false; } if (!is_valid_printable($content)) { return false; } break; case 'WKS': // TODO: implement validation break; case "CURL": case "MBOXFW": case "URL": // TODO: implement validation? // Fancy types are not supported anymore in PowerDNS break; default: error(ERR_DNS_RR_TYPE); return false; } if (!is_valid_rr_prio($prio, $type)) { return false; } if (!is_valid_rr_ttl($ttl)) { return false; } return true; }
} else { $meta_edit = "0"; } do_hook('verify_permission', 'user_view_others') ? $perm_view_others = "1" : ($perm_view_others = "0"); if ($perm_view == "none" || $perm_view == "own" && $user_is_zone_owner == "0") { error(ERR_PERM_VIEW_ZONE); include_once "inc/footer.inc.php"; exit; } if (zone_id_exists($zone_id) == "0") { error(ERR_ZONE_NOT_EXIST); include_once "inc/footer.inc.php"; exit; } $domain_type = get_domain_type($zone_id); $domain_name = get_zone_name_from_id($zone_id); $record_count = count_zone_records($zone_id); $zone_templates = get_list_zone_templ($_SESSION['userid']); $zone_template_id = get_zone_template($zone_id); echo " <h2>" . _('DNSSEC public records for zone') . " \"" . get_zone_name_from_id($zone_id) . "\"</h2>\n"; echo " <h3>" . _('DNSKEY') . "</h3>\n"; $dnskey_record = dnssec_get_dnskey_record($domain_name); echo $dnskey_record . "<br>\n"; echo "<br>"; echo " <h3>" . _('DS record') . "</h3>\n"; $ds_records = dnssec_get_ds_records($domain_name); foreach ($ds_records as $record) { echo $record . "<br>\n"; } echo "<br>"; include_once "inc/footer.inc.php";
if ($perm_view == "none" || $perm_view == "own" && $user_is_zone_owner == "0") { error(ERR_PERM_VIEW_ZONE); include_once "inc/footer.inc.php"; exit; } if (zone_id_exists($zone_id) == "0") { error(ERR_ZONE_NOT_EXIST); include_once "inc/footer.inc.php"; exit; } $domain_type = get_domain_type($zone_id); $domain_name = get_zone_name_from_id($zone_id); $record_count = count_zone_records($zone_id); $zone_templates = get_list_zone_templ($_SESSION['userid']); $zone_template_id = get_zone_template($zone_id); echo " <h2>" . _('DNSSEC keys for zone') . " \"" . get_zone_name_from_id($zone_id) . "\"</h2>\n"; echo " <table>\n"; echo " <tr>\n"; echo " <th> </th>\n"; echo " <th>" . _('ID') . "</th>\n"; echo " <th>" . _('Type') . "</th>\n"; echo " <th>" . _('Tag') . "</th>\n"; echo " <th>" . _('Algorithm') . "</th>\n"; echo " <th>" . _('Bits') . "</th>\n"; echo " <th>" . _('Active') . "</th>\n"; echo " </tr>\n"; $keys = dnssec_get_keys($domain_name); foreach ($keys as $item) { echo "<tr>\n"; echo "<td width=\"60\" class=\"actions\"> \n"; echo "<a href=\"dnssec_edit_key.php?id=" . $zone_id . "&key_id=" . $item[0] . "\"><img src=\"images/edit.gif\" title=\"" . _('Edit zone key') . " " . $item[0] . "\" alt=\"[ " . _('Edit zone key') . " " . $domain_name . " ]\"></a>\n";