Use kdig for zone-add dns check + add equalArrays()

config.ini

@@ -19,6 +19,7 @@ enabled = true
 knot_zones_path = "/srv/niver/ns"
 servers[] = "ns1.niver.test."
 servers[] = "ns2.niver.test."
+kdig_path = "/usr/bin/kdig"
 
 [ht]
 enabled = true

fn/common.php

@@ -104,6 +104,10 @@ function removeDirectory($dir) {
 		serverError("Unable to remove directory.");
 }
 
+function equalArrays($a, $b) {
+	return array_diff($a, $b) === [] AND array_diff($b, $a) === [];
+}
+
 function linkToDocs($ref, $title) {
 	return '<a rel="help" href="' . CONF['common']['docs_prefix'] . $ref . '.html">' . $title . '</a>';
 }

pages/ht/add-http-dns.php

@@ -14,13 +14,17 @@ if (processForm()) {
 	if (query('select', 'sites', ['domain' => $_POST['domain']], 'domain') !== [])
 		userError("Ce domaine existe déjà sur ce service.");
 
-	$remoteAaaaRecords = array_column(dns_get_record($_POST['domain'], DNS_AAAA), 'ipv6');
-	if (array_merge(array_diff($remoteAaaaRecords, [CONF['ht']['ipv6_address']]), array_diff([CONF['ht']['ipv6_address']], $remoteAaaaRecords)) !== [])
-		userError("Ce domaine doit avoir pour enregistrement AAAA <code>" . CONF['ht']['ipv6_address'] . "</code>.");
-
-	$remoteARecords = array_column(dns_get_record($_POST['domain'], DNS_A), 'ip');
-	if (array_merge(array_diff($remoteARecords, [CONF['ht']['ipv4_address']]), array_diff([CONF['ht']['ipv4_address']], $remoteARecords)) !== [])
-		userError("Ce domaine doit avoir pour enregistrement A <code>" . CONF['ht']['ipv4_address'] . "</code>.");
+	$remoteAaaaRecords = dns_get_record($_POST['domain'], DNS_AAAA);
+	if (is_array($remoteAaaaRecords) !== true)
+		userError("Ce domaine n'existe pas.");
+	if (equalArrays([CONF['ht']['ipv6_address']], array_column($remoteAaaaRecords, 'ipv6')) !== true)
+		userError("Ce domaine doit avoir pour unique enregistrement AAAA <code>" . CONF['ht']['ipv6_address'] . "</code>.");
+
+	$remoteARecords = dns_get_record($_POST['domain'], DNS_A);
+	if (is_array($remoteARecords) !== true)
+		userError("Ce domaine n'existe pas.");
+	if (equalArrays([CONF['ht']['ipv4_address']], array_column($remoteARecords, 'ip')) !== true)
+		userError("Ce domaine doit avoir pour unique enregistrement A <code>" . CONF['ht']['ipv4_address'] . "</code>.");
 
 	addSite($_SESSION['username'], $_POST['dir'], $_POST['domain'], "dns", "http");
 

pages/ns/zone-add.php

@@ -6,11 +6,13 @@ if (processForm()) {
 	if (query('select', 'zones', ['zone' => $_POST['domain']], 'zone') !== [])
 		userError("Cette zone existe déjà sur ce service.");
 
-	$remoteNsRecords = array_column(dns_get_record($_POST['domain'], DNS_NS), 'target');
-	foreach ($remoteNsRecords as $i => $remoteNsRecord)
-		$remoteNsRecords[$i] = formatAbsoluteDomain($remoteNsRecord);
-	if (array_merge(array_diff($remoteNsRecords, CONF['ns']['servers']), array_diff(CONF['ns']['servers'], $remoteNsRecords)) !== [])
-		userError("Ce domaine n'a pas les bons enregistrements NS.");
+	exec(CONF['ns']['kdig_path'] . " " . ltrim(strstr($_POST['domain'], '.'), '.') . " NS +short", $parentAuthoritatives);
+	foreach ($parentAuthoritatives as $parentAuthoritative)
+		checkAbsoluteDomainFormat($parentAuthoritative);
+	exec(CONF['ns']['kdig_path'] . " " . $_POST['domain'] . " NS @" . $parentAuthoritatives[0], $results);
+	preg_match_all('/' . preg_quote($_POST['domain'], '/') . '[\t ]+[0-9]{1,8}[\t ]+IN[\t ]+NS[\t ]+(.+)\n/', implode("\n", $results), $matches);
+	if (equalArrays(CONF['ns']['servers'], $matches[1]) !== true)
+		userError("Les serveurs ayant autorité dans cette zone indiqués par la zone parente ne sont pas ceux de Niver.");
 
 	$db = new PDO('sqlite:' . DB_PATH);
 	$stmt = $db->prepare("INSERT INTO zones(zone, username) VALUES(:zone, :username)");