servnest/fn/ns.php

119 lines
3.3 KiB
PHP
Raw Normal View History

2023-07-17 19:15:18 +00:00
<?php declare(strict_types=1);
2021-02-19 12:23:26 +00:00
2023-07-30 23:13:06 +00:00
const NS_SOA_VALUES = [
'ttl' => 10800,
'email' => CONF['ns']['public_soa_email'],
'refresh' => 10800,
'retry' => 3600,
'expire' => 3628800,
'negative' => 10800,
2023-05-06 00:39:19 +00:00
];
2023-07-30 23:13:06 +00:00
const NS_MIN_TTL = 300;
const NS_DEFAULT_TTL = 10800;
const NS_MAX_TTL = 1728000;
2023-07-30 23:13:06 +00:00
const NS_ALLOWED_TYPES = ['AAAA', 'A', 'TXT', 'SRV', 'MX', 'SSHFP', 'TLSA', 'NS', 'DS', 'CSYNC', 'CAA', 'CNAME', 'DNAME', 'SVCB', 'HTTPS', 'LOC'];
2023-07-30 23:13:06 +00:00
const NS_TEXTAREA_MAX_CHARACTERS = 10000;
2021-05-16 14:55:39 +00:00
2023-07-30 23:13:06 +00:00
const NS_SYNC_TTL = 10800;
2023-06-24 14:54:36 +00:00
2023-06-19 22:36:58 +00:00
function nsParseCommonRequirements(): array {
2022-04-18 14:05:00 +00:00
nsCheckZonePossession($_POST['zone']);
if (($_POST['subdomain'] === '') OR ($_POST['subdomain'] === '@'))
2022-04-18 14:05:00 +00:00
$values['domain'] = $_POST['zone'];
else
$values['domain'] = formatAbsoluteDomain(formatEndWithDot($_POST['subdomain']) . $_POST['zone']);
2021-05-16 14:55:39 +00:00
2023-05-06 00:39:19 +00:00
$values['ttl'] = intval($_POST['ttl-value'] * $_POST['ttl-multiplier']);
2021-03-02 21:56:38 +00:00
2023-07-30 23:13:06 +00:00
if ($values['ttl'] < NS_MIN_TTL)
output(403, sprintf(_('TTLs shorter than %s seconds are forbidden.'), NS_MIN_TTL));
if ($values['ttl'] > NS_MAX_TTL)
output(403, sprintf(_('TTLs longer than %s seconds are forbidden.'), NS_MAX_TTL));
2021-03-02 21:56:38 +00:00
2022-04-18 14:05:00 +00:00
return $values;
2021-03-02 21:56:38 +00:00
}
2023-06-19 22:36:58 +00:00
function nsListUserZones(): array {
if (isset($_SESSION['id']))
return query('select', 'zones', ['username' => $_SESSION['id']], ['zone']);
return [];
}
2023-06-19 22:36:58 +00:00
function nsCheckZonePossession(string $zone): void {
checkAbsoluteDomainFormat($zone);
2021-02-19 12:23:26 +00:00
if (!in_array($zone, nsListUserZones(), true))
output(403, 'You don\'t own this zone on the name server.');
2021-02-19 12:23:26 +00:00
}
2023-06-19 22:36:58 +00:00
function nsDeleteZone(string $zone, string $user_id): void {
// Remove from Knot configuration
knotcConfExec([['conf-unset', 'zone[' . $zone . ']']]);
2023-05-06 00:39:19 +00:00
// Remove Knot zone file
if (unlink(CONF['ns']['knot_zones_path'] . '/' . $zone . 'zone') !== true)
output(500, 'Failed to remove Knot zone file.');
// Remove Knot related data
exescape([
CONF['dns']['knotc_path'],
'--blocking',
'--timeout',
'3',
'--force',
'--',
'zone-purge',
$zone,
'+orphan',
], result_code: $code);
2023-05-06 00:39:19 +00:00
if ($code !== 0)
output(500, 'Failed to purge zone data.');
2023-06-26 02:13:52 +00:00
query('delete', 'ns-syncs', ['destination' => $zone]);
// Remove from database
query('delete', 'zones', [
'zone' => $zone,
'username' => $user_id,
]);
}
function nsSync(string $source, string $destination): void {
$zone_raw = file_get_contents(CONF['ns']['knot_zones_path'] . '/' . $destination . 'zone');
if ($zone_raw === false)
output(403, 'Unable to read zone file.');
foreach (['AAAA', 'A', 'CAA'] as $type) {
// Get source/distant records
$results = kdig(name: $source, type: $type);
if ($results['AD'] !== 1)
throw new NoDnssecException($source . ' not DNSSEC-signed.');
$source_records = array_column($results['answerRRs'] ?? [], 'rdata' . $type);
// Get destination/local records
$dest_records = array_column(parseZoneFile($zone_raw, [$type], $destination, false), 3);
// Add source records that are not yet in destination
foreach (array_diff($source_records, $dest_records) as $value_to_add)
knotcZoneExec($destination, [
$destination,
NS_SYNC_TTL,
$type,
$value_to_add,
], 'add');
// Delete destination records that are not part of source anymore
foreach (array_diff($dest_records, $source_records) as $value_to_delete)
knotcZoneExec($destination, [
$destination,
$type,
$value_to_delete,
], 'delete');
}
}