diff --git a/README.md b/README.md index eb544d7..94f3107 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,7 @@ Niver is a set of 3 network services: ### Nameserver (`ns`) * Host a zone on the server +* Zone file edition through ` +
+ + + + + +

Valeurs par défaut

+ +

Si le TTL est omis, il sera définit à secondes.

+ +

La précision de la classe (IN) est facultative.

+ +

Valeurs autorisées

+ +

La zone n'est pas autorisée à dépasser caractères.

+ +

Les TTLs ne sont autorisés qu'entre et secondes.

+ +

Les seuls types dont l'édition est autorisée sont :

+ + diff --git a/pages/ns/print.php b/pages/ns/print.php index 727caa0..ed55d2a 100644 --- a/pages/ns/print.php +++ b/pages/ns/print.php @@ -50,7 +50,7 @@ if (processForm()) { if (str_starts_with($zoneLine, ';')) continue; // Ignore comments if (empty($zoneLine)) continue; $elements = preg_split("#[\t ]+#", $zoneLine, 4); - if (!in_array($elements[2], ['CAA', 'A', 'AAAA', 'MX', 'NS', 'SRV', 'SSHFP', 'TLSA', 'TXT'], true)) continue; // Ignore records generated by Knot + if (!in_array($elements[2], ALLOWED_TYPES, true)) continue; // Ignore records generated by Knot echo ' '; foreach ($elements as $element) echo ' ' . htmlspecialchars($element) . ''; @@ -61,15 +61,10 @@ if (processForm()) { if ($_POST['print'] === 'ds') { - $found = preg_match("#\n" . preg_quote($_POST['zone']) . "\s+0\s+CDS\s+([0-9]{1,5})\s+([0-9]{1,2})\s+([0-9])\s+([0-9A-F]{64})\n#", $zoneContent, $matches); + $found = preg_match('/^' . preg_quote($_POST['zone']) . '[\t ]+0[\t ]+CDS[\t ]+(?[0-9]{1,5})[\t ]+(?[0-9]{1,2})[\t ]+(?[0-9])[\t ]+(?[0-9A-F]{64})$/m', $zoneContent, $matches); if ($found !== 1) output(500, 'Unable to get public key record from zone file.'); - $tag = $matches[1]; - $algo = $matches[2]; - $digestType = $matches[3]; - $digest = $matches[4]; - ?>
@@ -79,19 +74,19 @@ if (processForm()) {
Tag
- +
Algorithme
- +
Type de condensat
- +
Condensat
- +
diff --git a/pages/ns/zone-add.php b/pages/ns/zone-add.php index 226d298..29b56b0 100644 --- a/pages/ns/zone-add.php +++ b/pages/ns/zone-add.php @@ -13,10 +13,10 @@ if (processForm()) { checkAbsoluteDomainFormat($parentAuthoritative); exec(CONF['ns']['kdig_path'] . ' ' . $_POST['domain'] . ' NS @' . $parentAuthoritatives[0] . ' +noidn', $results); - if (preg_match('/\n' . preg_quote($_POST['domain'], '/') . '[\t ]+[0-9]{1,8}[\t ]+IN[\t ]+NS[\t ]+([0-9a-f]{8})-([0-9a-f]{32})\.auth-owner.+\n/', implode("\n", $results), $matches) !== 1) + if (preg_match('/^' . preg_quote($_POST['domain'], '/') . '[\t ]+[0-9]{1,8}[\t ]+IN[\t ]+NS[\t ]+(?[0-9a-f]{8})-(?[0-9a-f]{32})\.auth-owner.+$/m', implode("\n", $results), $matches) !== 1) output(403, 'Enregistrement d\'authentification introuvable'); - checkAuthToken($matches[1], $matches[2]); + checkAuthToken($matches['salt'], $matches['hash']); rateLimit(); @@ -26,7 +26,18 @@ if (processForm()) { ]); $knotZonePath = CONF['ns']['knot_zones_path'] . "/" . $_POST['domain'] . "zone"; - $knotZone = $_POST['domain'] . ' 3600 SOA ' . CONF['ns']['servers'][0] . ' admin.niver.test. 1 21600 7200 3628800 3600' . "\n"; + $knotZone = implode(' ', [ + $_POST['domain'], + SOA_VALUES['ttl'], + 'SOA', + CONF['ns']['servers'][0], + SOA_VALUES['email'], + 1, + SOA_VALUES['refresh'], + SOA_VALUES['retry'], + SOA_VALUES['expire'], + SOA_VALUES['negative'], + ]) . "\n"; foreach (CONF['ns']['servers'] as $server) $knotZone .= $_POST['domain'] . ' 86400 NS ' . $server . "\n"; if (is_int(file_put_contents($knotZonePath, $knotZone)) !== true) diff --git a/router.php b/router.php index 1dc2b47..e8fd6ab 100644 --- a/router.php +++ b/router.php @@ -117,11 +117,16 @@ if (in_array(SERVICE, ['reg', 'ns', 'ht']) AND CONF[SERVICE]['enabled'] !== true if (empty($_POST) === false AND (isset($_SERVER['HTTP_SEC_FETCH_SITE']) !== true OR $_SERVER['HTTP_SEC_FETCH_SITE'] !== "same-origin")) output(403, 'Anti-CSRF verification failed ! (Wrong or unset Sec-Fetch-Site HTTP header)'); +function displayFinalMessage() { + global $final_message; + echo $final_message ?? ''; + $final_message = NULL; +} + function executePage() { require "pages/" . PAGE_ADDRESS . ".php"; - global $final_message; - echo $final_message ?? ''; + displayFinalMessage(); ?>