knotc error handling using knotcExec()

common/html.php

@@ -101,7 +101,7 @@ if (isset($page['title']))
 
 // Protect against cross-site request forgery if a POST request is received
 if (empty($_POST) === false AND (isset($_SERVER['HTTP_SEC_FETCH_SITE']) !== true OR $_SERVER['HTTP_SEC_FETCH_SITE'] !== "same-origin"))
-	userError("Anti-CSRF verification failed ! (Wrong or unset <code>Sec-Fetch-Site</code> HTTP header)");
+	userError("Anti-<abbr title='Cross-Site Request Forgery'>CSRF</abbr> verification failed ! (Wrong or unset <code>Sec-Fetch-Site</code> HTTP header)");
 
 function closeHTML() {
 ?>
@@ -118,5 +118,9 @@ function closeHTML() {
 		</footer>
 	</body>
 </html>
+<?php
+
+	exit();
+}
 
-<?php } ?>
+?>

common/init.php

@@ -19,12 +19,11 @@ function userError($msg) {
 	http_response_code(403);
 	echo "<p><strong>Erreur utilisataire</strong> : <em>" . $msg . "</em></p>";
 	closeHTML();
-	exit();
 }
 
 function serverError($msg) {
 	http_response_code(500);
+	error_log("Niver internal error: " . strip_tags($msg));
 	echo "<p><strong>Server error</strong>: The server encountered an error: <em>" . $msg . "</em></p>";
 	closeHTML();
-	exit();
 }

config.ini

@@ -9,13 +9,15 @@ ipv6_example = "2001:db8::3"
 ; From RFC5737: IPv4 Address Blocks Reserved for Documentation
 ipv4_example = "203.0.113.42"
 
-[reg]
+[dns]
 knotc_path = "/usr/sbin/knotc"
+
+[reg]
 registry = niver.test.
+ttl = 86400
 subdomain_regex = "^[a-z0-9]{4,63}$"
 
 [ns]
-knotc_path = "/usr/sbin/knotc"
 knot_zones_path = "/srv/ns"
 
 [ht]

dns.php

@@ -1,5 +1,21 @@
 <?php
 
+function knotcExec($suffix, $cmd) {
+	$action = checkAction($_POST['action']);
+
+	exec(CONF['dns']['knotc_path'] . " zone-begin " . $suffix, $output['begin'], $code['begin']);
+	if ($code['begin'] !== 0)
+		serverError("<code>knotc</code> failed with exit code <samp>" . $code['begin'] . "</samp>: <samp>" . $output['begin'][0] . "</samp>.");
+
+	exec(CONF['dns']['knotc_path'] . " zone-" . $action . "set " . $suffix . " " . implode(" ", $cmd), $output['op'], $code['op']);
+	if ($code['op'] !== 0)
+		serverError("<code>knotc</code> failed with exit code <samp>" . $code['op'] . "</samp>: <samp>" . $output['op'][0] . "</samp>.");
+
+	exec(CONF['dns']['knotc_path'] . " zone-commit " . $suffix, $output['commit'], $code['commit']);
+	if ($code['commit'] !== 0)
+		serverError("<code>knotc</code> failed with exit code <samp>" . $code['commit'] . "</samp>: <samp>" . $output['commit'][0] . "</samp>.");
+}
+
 function checkIpFormat($ip) {
 	if (!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE))
 		userError("IP address is on the private range.");

ns.php

@@ -10,8 +10,6 @@ function nsCommonRequirements() {
 }
 
 function nsParseCommonRequirements() {
-	$values['action'] = checkAction($_POST['action']);
-
 	nsCheckZonePossession($_POST['zone']);
 
 	if (($_POST['subdomain'] === "") OR ($_POST['subdomain'] === "@"))
@@ -35,24 +33,9 @@ function nsListUserZones($username) {
 	$op = $db->prepare('SELECT zone FROM zones WHERE username = ?');
 	$op->execute($usernameArray);
 
-	$data = $op->fetch();
-	if (isset($data['zone']))
-		$zone = $data['zone'];
-	else
-		$zone = NULL;
-
-	$i = 0;
-	$zones = NULL;
-
-	while ($zone != NULL) {
-		$zones[$i] = $zone;
-		$i++;
-		$data = $op->fetch();
-		if (isset($data['zone']))
-			$zone = $data['zone'];
-		else
-			$zone = NULL;
-	}
+	$zones = array();
+	foreach ($op->fetchAll() as $zone)
+		array_push($zones, $zone['zone']);
 
 	return $zones;
 }

public/ns/caa.php

@@ -39,9 +39,15 @@ if (nsCommonRequirements()
 	if (!(preg_match("/^[a-z0-9.-]{1,255}$/", $_POST['value'])))
 		userError("Wrong value for <code>value</code>.");
 
-	exec(CONF['ns']['knotc_path'] . " zone-begin " . $_POST['zone']);
-	exec(CONF['ns']['knotc_path'] . " zone-" . $values['action'] . "set " . $_POST['zone'] . " " . $values['domain'] . " " . $values['ttl'] . " IN CAA " . $_POST['flag'] . " " . $_POST['tag'] . " " . $_POST['value']);
-	exec(CONF['ns']['knotc_path'] . " zone-commit " . $_POST['zone']);
+	knotcExec($_POST['zone'], array(
+		$values['domain'],
+		$values['ttl'],
+		"CAA",
+		$_POST['flag'],
+		$_POST['tag'],
+		$_POST['value']
+	));
+
 	echo "Enregistrement ajouté";
 }
 

public/ns/dnssec.php

@@ -5,19 +5,11 @@ Afin d'activer DNSSEC, vous devez indiquer un enregistrement DS à la zone paren
 <form method="post">
 	<select required="" name="zone" id="zone">
 		<option value="" disabled="" selected="">---</option>
-
-		<?php
-		if (isset($_SESSION['username'])) {
-			$zones = nsListUserZones($_SESSION['username']);
-
-			if ($zones) {
-				foreach($zones as $zone) {
-					echo "<option value='" . $zone . "'>" . $zone . "</option>";
-				}
-			}
-		}
-
-		?>
+<?php
+if (isset($_SESSION['username']))
+	foreach(nsListUserZones($_SESSION['username']) as $zone)
+		echo "		<option value='" . $zone . "'>" . $zone . "</option>\n";
+?>
 	</select>
 	<br>
 	<input value="Valider" type="submit">

public/ns/index.php

@@ -42,12 +42,12 @@
 	<dd>
 		Indiquer les empreintes de clés <abbr title="Secure SHell">SSH</abbr> d'un domaine
 	</dd>
-	<dt><a class="nsButton" href="loc">NOT DONE : Enregistrement LOC</a></dt>
+
+	<!--
+	<dt><a class="nsButton" href="loc">Enregistrement LOC</a></dt>
 	<dd>
 		Indiquer des coordonnées géographiques
 	</dd>
-
-	<!--
 	<dt><a class="nsButton" href="cname">Enregistrement <abbr title="Canonical NAME">CNAME</abbr></a></dt>
 	<dd>
 		Définir un domaine comme étant l'alias d'un autre

public/ns/ip.php

@@ -21,9 +21,12 @@ if (nsCommonRequirements()
 
 	$record = checkIpFormat($_POST['ip']);
 
-	exec(CONF['ns']['knotc_path'] . " zone-begin " . $_POST['zone']);
-	exec(CONF['ns']['knotc_path'] . " zone-" . $values['action'] . "set " . $_POST['zone'] . " " . $values['domain'] . " " . $values['ttl'] . " IN " . $record . " " . $_POST['ip']);
-	exec(CONF['ns']['knotc_path'] . " zone-commit " . $_POST['zone']);
+	knotcExec($_POST['zone'], array(
+		$values['domain'],
+		$values['ttl'],
+		$record,
+		$_POST['ip']
+	));
 
 	echo "Enregistrement ajouté";
 }

public/ns/loc.php

@@ -1,52 +0,0 @@
-<?php require "../../common/html.php"; ?>
-
-<form method="post">
-
-<?php require "../../form.ns.php"; ?>
-
-	<br>
-	<label for="flag">Flag</label>
-	<br>
-	<input id="flag" min="0" max="127" placeholder="0" name="flag" type="number">
-	<br>
-	<label for="tag">Tag</label>
-	<br>
-	<input id="tag" minlenght="1" maxlength="128" pattern="^[a-z]{1,128}$" placeholder="issue" name="tag" type="text">
-	<br>
-	<label for="value">Valeur</label>
-	<br>
-	<input id="value" minlenght="3" maxlength="1024" pattern="^[a-z0-9.-]{3,1024}$" placeholder="letsencrypt.org" name="value" type="text">
-	<br>
-	<input value="Valider" type="submit">
-</form>
-
-<?php
-
-if (nsCommonRequirements()
-		AND isset($_POST['flag'])
-		AND isset($_POST['tag'])
-		AND isset($_POST['value'])
-	) {
-
-	$values = nsParseCommonRequirements();
-
-	if (!($_POST['flag'] >= 0 AND $_POST['flag'] <= 255))
-		userError("Wrong value for <code>flag</code>.");
-
-	if (!(preg_match("/^[a-z]{1,127}$/", $_POST['tag'])))
-		userError("Wrong value for <code>tag</code>.");
-
-	if (!(preg_match("/^[a-z0-9.-]{1,255}$/", $_POST['value'])))
-		userError("Wrong value for <code>value</code>.");
-
-	exec(CONF['ns']['knotc_path'] . " zone-begin " . $_POST['zone']);
-	exec(CONF['ns']['knotc_path'] . " zone-" . $values['action'] . "set " . $_POST['zone'] . " " . $values['domain'] . " " . $values['ttl'] . " IN CAA " . $_POST['flag'] . " " . $_POST['tag'] . " " . $_POST['value']);
-	exec(CONF['ns']['knotc_path'] . " zone-commit " . $_POST['zone']);
-	echo "Enregistrement ajouté";
-}
-
-
-
-?>
-
-<?php closeHTML(); ?>

public/ns/mx.php

@@ -34,9 +34,14 @@ if (nsCommonRequirements()
 
 	checkAbsoluteDomainFormat($_POST['host']);
 
-	exec(CONF['ns']['knotc_path'] . " zone-begin " . $_POST['zone']);
-	exec(CONF['ns']['knotc_path'] . " zone-" . $values['action'] . "set " . $_POST['zone'] . " " . $values['domain'] . " " . $values['ttl'] . " IN MX " . $_POST['priority'] . " " . $_POST['host']);
-	exec(CONF['ns']['knotc_path'] . " zone-commit " . $_POST['zone']);
+	knotcExec($_POST['zone'], array(
+		$values['domain'],
+		$values['ttl'],
+		"MX",
+		$_POST['priority'],
+		$_POST['host']
+	));
+
 	echo "Enregistrement ajouté";
 }
 

public/ns/ns.php

@@ -19,9 +19,13 @@ if (nsCommonRequirements()
 
 	checkAbsoluteDomainFormat($_POST['ns']);
 
-	exec(CONF['ns']['knotc_path'] . " zone-begin " . $_POST['zone']);
-	exec(CONF['ns']['knotc_path'] . " zone-" . $values['action'] . "set " . $_POST['zone'] . "	" . $values['domain'] . " " . $values['ttl'] . " IN NS " . $_POST['ns']);
-	exec(CONF['ns']['knotc_path'] . " zone-commit " . $_POST['zone']);
+	knotcExec($_POST['zone'], array(
+		$values['domain'],
+		$values['ttl'],
+		"NS",
+		$_POST['ns']
+	));
+
 	echo "Enregistrement ajouté";
 }
 

public/ns/srv.php

@@ -54,9 +54,16 @@ if (nsCommonRequirements()
 
 	checkAbsoluteDomainFormat($_POST['target']);
 
-	exec(CONF['ns']['knotc_path'] . " zone-begin " . $_POST['zone']);
-	exec(CONF['ns']['knotc_path'] . " zone-" . $values['action'] . "set " . $_POST['zone'] . " " . $values['domain'] . " " . $values['ttl'] . " IN SRV " . $_POST['priority'] . " " . $_POST['weight'] . " " . $_POST['port'] . " " . $_POST['target']);
-	exec(CONF['ns']['knotc_path'] . " zone-commit " . $_POST['zone']);
+	knotcExec($_POST['zone'], array(
+		$values['domain'],
+		$values['ttl'],
+		"SRV",
+		$_POST['priority'],
+		$_POST['weight'],
+		$_POST['port'],
+		$_POST['target']
+	));
+
 	echo "Enregistrement ajouté";
 }
 

public/ns/sshfp.php

@@ -51,9 +51,15 @@ if (nsCommonRequirements()
 	if (!(preg_match("/^[a-z0-9]{64}$/", $_POST['fp'])))
 		userError("Wrong value for <code>fp</code>.");
 
-	exec(CONF['ns']['knotc_path'] . " zone-begin " . $_POST['zone']);
-	exec(CONF['ns']['knotc_path'] . " zone-" . $values['action'] . "set " . $_POST['zone'] . " " . $values['domain'] . " " . $values['ttl'] . " IN SSHFP " . $_POST['algo'] . " " . $_POST['type'] . " " . $_POST['fp']);
-	exec(CONF['ns']['knotc_path'] . " zone-commit " . $_POST['zone']);
+	knotcExec($_POST['zone'], array(
+		$values['domain'],
+		$values['ttl'],
+		"SSHFP",
+		$_POST['algo'],
+		$_POST['type'],
+		$_POST['fp']
+	));
+
 	echo "Enregistrement ajouté";
 }
 

public/ns/tlsa.php

@@ -59,15 +59,22 @@ if (nsCommonRequirements()
 	if (!($_POST['selector'] === "0" OR $_POST['selector'] === "1"))
 		userError("Wrong value for <code>selector</code>.");
 
-	if (!($_POST['type'] >= 0 OR $_POST['type'] <= 2))
+	if (!($_POST['type'] >= 0 AND $_POST['type'] <= 2))
 		userError("Wrong value for <code>type</code>.");
 
 	if (!(preg_match("/^[a-zA-Z0-9.-]{1,1024}$/", $_POST['content'])))
 		userError("Wrong value for <code>content</code>.");
 
-	exec(CONF['ns']['knotc_path'] . " zone-begin " . $_POST['zone']);
-	exec(CONF['ns']['knotc_path'] . " zone-" . $values['action'] . "set " . $_POST['zone'] . " " . $values['domain'] . " " . $values['ttl'] . " IN TLSA " . $_POST['use'] . " " . $_POST['selector'] .	" " . $_POST['type'] . " " . $_POST['content']);
-	exec(CONF['ns']['knotc_path'] . " zone-commit " . $_POST['zone']);
+	knotcExec($_POST['zone'], array(
+		$values['domain'],
+		$values['ttl'],
+		"TLSA",
+		$_POST['use'],
+		$_POST['selector'],
+		$_POST['type'],
+		$_POST['content']
+	));
+
 	echo "Enregistrement ajouté";
 }
 

public/ns/txt.php

@@ -20,9 +20,13 @@ if (nsCommonRequirements()
 	if (!(preg_match("/^[a-zA-Z0-9 =:!%$+\/\()[\]_-]{5,8192}$/", $_POST['txt'])))
 		userError("Wrong value for <code>txt</code>.");
 
-	exec(CONF['ns']['knotc_path'] . " zone-begin " . $_POST['zone']);
-	exec(CONF['ns']['knotc_path'] . " zone-" . $values['action'] . "set " . $_POST['zone'] . " " . $values['domain'] . " " . $values['ttl'] . ' IN TXT \"' . $_POST['txt'] . '\"');
-	exec(CONF['ns']['knotc_path'] . " zone-commit " . $_POST['zone']);
+	knotcExec($_POST['zone'], array(
+		$values['domain'],
+		$values['ttl'],
+		"TXT",
+		"\"" . $_POST['txt'] . "\""
+	));
+
 	echo "Enregistrement ajouté";
 }
 

public/ns/zone.php

@@ -28,10 +28,10 @@ if (isset($_POST['domain']) AND isset($_SESSION['username'])) {
 	file_put_contents($knotZonePath, $knotZone);
 	chmod($knotZonePath, 0660);
 
-	exec(CONF['ns']['knotc_path'] . " conf-begin");
-	exec(CONF['ns']['knotc_path'] . " conf-set 'zone[" . $_POST['domain'] . "]'");
-	exec(CONF['ns']['knotc_path'] . " conf-set 'zone[" . $_POST['domain'] . "].template' 'niver'");
-	exec(CONF['ns']['knotc_path'] . " conf-commit");
+	exec(CONF['dns']['knotc_path'] . " conf-begin");
+	exec(CONF['dns']['knotc_path'] . " conf-set 'zone[" . $_POST['domain'] . "]'");
+	exec(CONF['dns']['knotc_path'] . " conf-set 'zone[" . $_POST['domain'] . "].template' 'niver'");
+	exec(CONF['dns']['knotc_path'] . " conf-commit");
 
 	echo "La requête a été traitée.";
 
@@ -65,15 +65,15 @@ if (isset($_POST['zone']) AND isset($_SESSION['username'])) {
 	nsCheckZonePossession($_POST['zone']);
 
 	// Remove from Knot configuration
-	exec(CONF['ns']['knotc_path'] . " conf-begin");
-	exec(CONF['ns']['knotc_path'] . " conf-unset 'zone[" . $_POST['zone'] . "]'");
-	exec(CONF['ns']['knotc_path'] . " conf-commit");
+	exec(CONF['dns']['knotc_path'] . " conf-begin");
+	exec(CONF['dns']['knotc_path'] . " conf-unset 'zone[" . $_POST['zone'] . "]'");
+	exec(CONF['dns']['knotc_path'] . " conf-commit");
 
 	// Remove Knot zone file
 	unlink(CONF['ns']['knot_zones_path'] . "/" . $_POST['zone'] . "zone");
 
 	// Remove Knot related data
-	exec(CONF['ns']['knotc_path'] . " zone-purge " . $_POST['zone']);
+	exec(CONF['dns']['knotc_path'] . " zone-purge " . $_POST['zone']);
 
 	// Remove from Niver's database
 	$db = new PDO('sqlite:' . DB_PATH);

public/reg/ds.php

@@ -11,17 +11,13 @@
 	<br>
 	<select required="" name="zone" id="zone">
 		<option value="" disabled="" selected="">---</option>
+<?php
 
-		<?php
-		$domains = regListUserDomains($_SESSION['username']);
-
-		if ($domains) {
-			foreach($domains as $domain) {
-				echo "<option value='" . $domain . "'>" . $domain . "</option>";
-			}
-		}
+$domains = regListUserDomains($_SESSION['username']);
 
-		?>
+foreach($domains as $domain)
+	echo "		<option value='" . $domain . "'>" . $domain . "</option>";
+?>
 
 	</select>
 	<br>
@@ -91,9 +87,16 @@ if (isset($_POST['zone']) AND isset($_POST['keytag']) AND isset($_POST['algo'])
 
 	$suffix = regGetUpperDomain($_POST['zone']);
 
-	exec(CONF['reg']['knotc_path'] . " zone-begin " . $suffix);
-	exec(CONF['reg']['knotc_path'] . " zone-" . $action . "set " . $suffix . " " . $_POST['zone'] . " 86400 IN DS " . $_POST['keytag'] . " " . $_POST['algo'] . " " . $_POST['dt'] . " " . $_POST['key']);
-	exec(CONF['reg']['knotc_path'] . " zone-commit " . $suffix);
+	knotcExec($suffix, array(
+		$_POST['zone'],
+		CONF['reg']['ttl'],
+		"DS",
+		$_POST['keytag'],
+		$_POST['algo'],
+		$_POST['dt'],
+		$_POST['key']
+	));
+
 	echo "La requête a été envoyée à Knot";
 }
 

public/reg/glue.php

@@ -19,12 +19,13 @@
 			<select required="" name="suffix" id="suffix">
 				<option value="" disabled="" selected="">---</option>
 
-				<?php
+<?php
 
-				foreach(regListUserDomains($_SESSION['username']) as $suffix)
-						echo "				<option value='" . $suffix . "'>." . $suffix . "</option>";
+if (isset($_SESSION['username']))
+	foreach(regListUserDomains($_SESSION['username']) as $suffix)
+		echo "				<option value='" . $suffix . "'>." . $suffix . "</option>";
 
-				?>
+?>
 			</select>
 		</div>
 	</fieldset>
@@ -46,13 +47,15 @@ if (isset($_POST['action']) AND isset($_POST['subdomain']) AND isset($_POST['suf
 
 	$record = checkIpFormat($_POST['ip']);
 
-	$action = checkAction($_POST['action']);
-
 	$publicSuffix = regGetUpperDomain($_POST['suffix']);
 
-	exec(CONF['reg']['knotc_path'] . " zone-begin " . $publicSuffix);
-	exec(CONF['reg']['knotc_path'] . " zone-" . $action . "set " . $publicSuffix . " " . $domain . " 86400 IN " . $record . " " . $_POST['ip']);
-	exec(CONF['reg']['knotc_path'] . " zone-commit " . $publicSuffix);
+	knotcExec($publicSuffix, array(
+		$domain
+		CONF['reg']['ttl'],
+		$record,
+		$_POST['ip']
+	));
+
 	echo "Glue record ajouté";
 }
 

public/reg/ns.php

@@ -34,25 +34,16 @@ if (isset($_POST['domain']) AND isset($_POST['action']) AND isset($_POST['ns'])
 	regCheckDomainPossession($_POST['domain']);
 	checkAbsoluteDomainFormat($_POST['ns']);
 
-	$action = checkAction($_POST['action']);
-
 	$suffix = regGetUpperDomain($_POST['domain']);
 
-	exec(CONF['reg']['knotc_path'] . " zone-begin " . $suffix, $output);
-	exec(CONF['reg']['knotc_path'] . " zone-" . $action . "set " . $suffix . " " . $_POST['domain'] . " 86400 IN NS " . $_POST['ns'], $output);
-	exec(CONF['reg']['knotc_path'] . " zone-commit " . $suffix, $output);
-	$error = false;
-	var_dump($output);
-	foreach ($output as $line) {
-		if ($line !== "OK") {
-			$error = true;
-		}
-	}
-	if ($error) {
-		echo "An ERROR occured!";
-	} else {
-		echo "Modification effectuée avec succès";
-	}
+	knotcExec($suffix, array(
+		$_POST['domain'],
+		CONF['reg']['ttl'],
+		"NS",
+		$_POST['ns']
+	));
+
+	echo "Modification effectuée avec succès";
 }
 
 ?>