Skip to content

Commit 691e8df

Browse files
author
Till Brehm
committed
Merge branch '6496-move-dns-wizard-function-to-class' into 'develop'
Move dns wizard function to class Closes #6496 See merge request ispconfig/ispconfig3!1720
2 parents 16b9620 + 90aee5c commit 691e8df

File tree

3 files changed

+328
-363
lines changed

3 files changed

+328
-363
lines changed

interface/lib/classes/dns_wizard.inc.php

Lines changed: 297 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,297 @@
1+
<?php
2+
/*
3+
Copyright (c) 2023, Adam Biciste <adam@freshost.cz>
4+
All rights reserved.
5+
6+
Copyright (c) 2008, Till Brehm, projektfarm Gmbh
7+
All rights reserved.
8+
9+
Redistribution and use in source and binary forms, with or without modification,
10+
are permitted provided that the following conditions are met:
11+
12+
* Redistributions of source code must retain the above copyright notice,
13+
this list of conditions and the following disclaimer.
14+
* Redistributions in binary form must reproduce the above copyright notice,
15+
this list of conditions and the following disclaimer in the documentation
16+
and/or other materials provided with the distribution.
17+
* Neither the name of ISPConfig nor the names of its contributors
18+
may be used to endorse or promote products derived from this software without
19+
specific prior written permission.
20+
21+
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
22+
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
23+
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
24+
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
25+
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
26+
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27+
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
28+
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
29+
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
30+
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31+
*/
32+
33+
class dns_wizard
34+
{
35+
function create(array $data)
36+
{
37+
global $app;
38+
$app->uses('getconf');
39+
40+
// get the correct server_id
41+
if (isset($data['server_id'])) {
42+
$server_id = $app->functions->intval($data['server_id']);
43+
$post_server_id = true;
44+
} elseif (isset($data['server_id_value'])) {
45+
$server_id = $app->functions->intval($data['server_id_value']);
46+
$post_server_id = true;
47+
} else {
48+
$settings = $app->getconf->get_global_config('dns');
49+
$server_id = $app->functions->intval($settings['default_dnsserver']);
50+
$post_server_id = false;
51+
}
52+
53+
$error = '';
54+
55+
if ($post_server_id)
56+
{
57+
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
58+
$client = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
59+
60+
$client['dns_servers_ids'] = explode(',', $client['dns_servers']);
61+
62+
// Check if chosen server is in authorized servers for this client
63+
if (!(is_array($client['dns_servers_ids']) && in_array($server_id, $client['dns_servers_ids'])) && $_SESSION["s"]["user"]["typ"] != 'admin') {
64+
$error .= $app->lng('error_not_allowed_server_id').'<br />';
65+
}
66+
}
67+
/*
68+
else
69+
{
70+
$error .= $app->lng('error_no_server_id').'<br />';
71+
}
72+
*/
73+
74+
// apply filters
75+
if(isset($data['domain']) && $data['domain'] != ''){
76+
/* check if the domain module is used - and check if the selected domain can be used! */
77+
if ($domains_settings['use_domain_module'] == 'y') {
78+
if ($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
79+
$data['client_group_id'] = $app->tools_sites->getClientIdForDomain($data['domain']);
80+
}
81+
$domain_check = $app->tools_sites->checkDomainModuleDomain($data['domain']);
82+
if(!$domain_check) {
83+
// invalid domain selected
84+
$data['domain'] = '';
85+
} else {
86+
$data['domain'] = $domain_check;
87+
}
88+
} else {
89+
$data['domain'] = $app->functions->idn_encode($data['domain']);
90+
$data['domain'] = strtolower($data['domain']);
91+
}
92+
}
93+
if(isset($data['ns1']) && $data['ns1'] != ''){
94+
$data['ns1'] = $app->functions->idn_encode($data['ns1']);
95+
$data['ns1'] = strtolower($data['ns1']);
96+
}
97+
if(isset($data['ns2']) && $data['ns2'] != ''){
98+
$data['ns2'] = $app->functions->idn_encode($data['ns2']);
99+
$data['ns2'] = strtolower($data['ns2']);
100+
}
101+
if(isset($data['email']) && $data['email'] != ''){
102+
$data['email'] = $app->functions->idn_encode($data['email']);
103+
$data['email'] = strtolower($data['email']);
104+
}
105+
106+
107+
# fixme: this regex is pretty poor for domain validation
108+
if(isset($data['domain']) && $data['domain'] == '') $error .= $app->lng('error_domain_empty').'<br />';
109+
elseif(isset($data['domain']) && !preg_match('/^[\w\.\-]{1,64}\.[a-zA-Z0-9\-]{2,63}$/', $data['domain'])) $error .= $app->lng('error_domain_regex').'<br />';
110+
111+
if(isset($data['ip']) && $data['ip'] == '') $error .= $app->lng('error_ip_empty').'<br />';
112+
113+
if(isset($data['ipv6']) && $data['ipv6'] == '') $error .= $app->lng('error_ipv6_empty').'<br />';
114+
115+
# fixme: this regex is pretty poor for hostname validation
116+
if(isset($data['ns1']) && $data['ns1'] == '') $error .= $app->lng('error_ns1_empty').'<br />';
117+
elseif(isset($data['ns1']) && !preg_match('/^[\w\.\-]{1,64}\.[a-zA-Z0-9]{2,63}$/', $data['ns1'])) $error .= $app->lng('error_ns1_regex').'<br />';
118+
119+
if(isset($data['ns2']) && $data['ns2'] == '') $error .= $app->lng('error_ns2_empty').'<br />';
120+
elseif(isset($data['ns2']) && !preg_match('/^[\w\.\-]{1,64}\.[a-zA-Z0-9]{2,63}$/', $data['ns2'])) $error .= $app->lng('error_ns2_regex').'<br />';
121+
122+
if(isset($data['email']) && $data['email'] == '') $error .= $app->lng('error_email_empty').'<br />';
123+
elseif(isset($data['email']) && filter_var($data['email'], FILTER_VALIDATE_EMAIL) === false) $error .= $app->lng('error_email_regex').'<br />';
124+
125+
// make sure that the record belongs to the client group and not the admin group when admin inserts it
126+
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($data['client_group_id'])) {
127+
$sys_groupid = $app->functions->intval($data['client_group_id']);
128+
} elseif($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($data['client_group_id'])) {
129+
$sys_groupid = $app->functions->intval($data['client_group_id']);
130+
} else {
131+
$sys_groupid = $_SESSION["s"]["user"]["default_group"];
132+
}
133+
134+
$tform_def_file = "../../web/dns/form/dns_soa.tform.php";
135+
$app->uses('tform');
136+
$app->tform->loadFormDef($tform_def_file);
137+
138+
if($_SESSION['s']['user']['typ'] != 'admin') {
139+
if(!$app->tform->checkClientLimit('limit_dns_zone')) {
140+
$error .= $app->tform->wordbook["limit_dns_zone_txt"];
141+
}
142+
if(!$app->tform->checkResellerLimit('limit_dns_zone')) {
143+
$error .= $app->tform->wordbook["limit_dns_zone_txt"];
144+
}
145+
}
146+
147+
148+
// replace template placeholders
149+
$template_id = (isset($data['template_id']))?$app->functions->intval($data['template_id']):0;
150+
$template_record = $app->db->queryOneRecord("SELECT * FROM dns_template WHERE template_id = ?", $template_id);
151+
$tpl_content = $template_record['template'];
152+
if($data['domain'] != '') $tpl_content = str_replace('{DOMAIN}', $data['domain'], $tpl_content);
153+
if($data['ip'] != '') $tpl_content = str_replace('{IP}', $data['ip'], $tpl_content);
154+
if($data['ipv6'] != '') $tpl_content = str_replace('{IPV6}',$data['ipv6'],$tpl_content);
155+
if($data['ns1'] != '') $tpl_content = str_replace('{NS1}', $data['ns1'], $tpl_content);
156+
if($data['ns2'] != '') $tpl_content = str_replace('{NS2}', $data['ns2'], $tpl_content);
157+
if($data['email'] != '') $tpl_content = str_replace('{EMAIL}', $data['email'], $tpl_content);
158+
// $enable_dnssec = (($data['dnssec'] == 'Y') ? 'Y' : 'N');
159+
// if(isset($data['dnssec'])) $vars['dnssec_wanted'] = 'Y';
160+
if(isset($data['dnssec'])) $tpl_content = str_replace('[ZONE]', '[ZONE]'."\n".'dnssec_wanted=Y', $tpl_content);
161+
if(isset($data['dkim']) && preg_match('/^[\w\.\-\/]{1,255}\.[a-zA-Z0-9\-]{2,63}[\.]{0,1}$/', $data['domain'])) {
162+
$sql = $app->db->queryOneRecord("SELECT dkim_public, dkim_selector FROM mail_domain WHERE domain = ? AND dkim = 'y' AND ".$app->tform->getAuthSQL('r'), $data['domain']);
163+
$public_key = $sql['dkim_public'];
164+
if ($public_key!='') {
165+
if (empty($sql['dkim_selector'])) $sql['dkim_selector'] = 'default';
166+
$dns_record=str_replace(array("\r\n", "\n", "\r", "-----BEGIN PUBLIC KEY-----", "-----END PUBLIC KEY-----"), '', $public_key);
167+
$tpl_content .= "\n".'TXT|'.$sql['dkim_selector'].'._domainkey.'.$data['domain'].'.|v=DKIM1; t=s; p='.$dns_record;
168+
}
169+
}
170+
171+
// Parse the template
172+
$tpl_rows = explode("\n", $tpl_content);
173+
$section = '';
174+
$vars = array();
175+
$vars['xfer']='';
176+
$vars['dnssec_wanted']='N';
177+
$vars['dnssec_algo']='ECDSAP256SHA256';
178+
$dns_rr = array();
179+
foreach($tpl_rows as $row) {
180+
$row = trim($row);
181+
if(substr($row, 0, 1) == '[') {
182+
if($row == '[ZONE]') {
183+
$section = 'zone';
184+
} elseif($row == '[DNS_RECORDS]') {
185+
$section = 'dns_records';
186+
} else {
187+
die('Unknown section type');
188+
}
189+
} else {
190+
if($row != '') {
191+
// Handle zone section
192+
if($section == 'zone') {
193+
$parts = explode('=', $row);
194+
$key = trim($parts[0]);
195+
$val = trim($parts[1]);
196+
if($key != '') $vars[$key] = $val;
197+
}
198+
// Handle DNS Record rows
199+
if($section == 'dns_records') {
200+
$parts = explode('|', $row);
201+
$dns_rr[] = array(
202+
'name' => $parts[1],
203+
'type' => $parts[0],
204+
'data' => $parts[2],
205+
'aux' => $parts[3],
206+
'ttl' => $parts[4]
207+
);
208+
}
209+
}
210+
}
211+
212+
} // end foreach
213+
214+
if($vars['origin'] == '') $error .= $app->lng('error_origin_empty').'<br />';
215+
if($vars['ns'] == '') $error .= $app->lng('error_ns_empty').'<br />';
216+
if($vars['mbox'] == '') $error .= $app->lng('error_mbox_empty').'<br />';
217+
if($vars['refresh'] == '') $error .= $app->lng('error_refresh_empty').'<br />';
218+
if($vars['retry'] == '') $error .= $app->lng('error_retry_empty').'<br />';
219+
if($vars['expire'] == '') $error .= $app->lng('error_expire_empty').'<br />';
220+
if($vars['minimum'] == '') $error .= $app->lng('error_minimum_empty').'<br />';
221+
if($vars['ttl'] == '') $error .= $app->lng('error_ttl_empty').'<br />';
222+
223+
if($error == '') {
224+
// Insert the soa record
225+
$sys_userid = $_SESSION['s']['user']['userid'];
226+
$origin = $vars['origin'];
227+
$ns = $vars['ns'];
228+
$mbox = str_replace('@', '.', $vars['mbox']);
229+
$refresh = $vars['refresh'];
230+
$retry = $vars['retry'];
231+
$expire = $vars['expire'];
232+
$minimum = $vars['minimum'];
233+
$ttl = $vars['ttl'];
234+
$xfer = $vars['xfer'];
235+
$also_notify = $vars['also_notify'];
236+
$update_acl = $vars['update_acl'];
237+
$dnssec_wanted = $vars['dnssec_wanted'];
238+
$dnssec_algo = $vars['dnssec_algo'];
239+
$serial = $app->validate_dns->increase_serial(0);
240+
241+
$insert_data = array(
242+
"sys_userid" => $sys_userid,
243+
"sys_groupid" => $sys_groupid,
244+
"sys_perm_user" => 'riud',
245+
"sys_perm_group" => 'riud',
246+
"sys_perm_other" => '',
247+
"server_id" => $server_id,
248+
"origin" => $origin,
249+
"ns" => $ns,
250+
"mbox" => $mbox,
251+
"serial" => $serial,
252+
"refresh" => $refresh,
253+
"retry" => $retry,
254+
"expire" => $expire,
255+
"minimum" => $minimum,
256+
"ttl" => $ttl,
257+
"active" => 'Y',
258+
"xfer" => $xfer,
259+
"also_notify" => $also_notify,
260+
"update_acl" => $update_acl,
261+
"dnssec_wanted" => $dnssec_wanted,
262+
"dnssec_algo" => $dnssec_algo
263+
);
264+
265+
$dns_soa_id = $app->db->datalogInsert('dns_soa', $insert_data, 'id');
266+
if($dns_soa_id > 0) $app->plugin->raiseEvent('dns:wizard:on_after_insert', $dns_soa_id);
267+
268+
// Insert the dns_rr records
269+
if(is_array($dns_rr) && $dns_soa_id > 0) {
270+
foreach($dns_rr as $rr) {
271+
$insert_data = array(
272+
"sys_userid" => $sys_userid,
273+
"sys_groupid" => $sys_groupid,
274+
"sys_perm_user" => 'riud',
275+
"sys_perm_group" => 'riud',
276+
"sys_perm_other" => '',
277+
"server_id" => $server_id,
278+
"zone" => $dns_soa_id,
279+
"name" => $rr['name'],
280+
"type" => $rr['type'],
281+
"data" => $rr['data'],
282+
"aux" => $rr['aux'],
283+
"ttl" => $rr['ttl'],
284+
"active" => 'Y'
285+
);
286+
$dns_rr_id = $app->db->datalogInsert('dns_rr', $insert_data, 'id');
287+
}
288+
}
289+
290+
return 'ok';
291+
292+
} else {
293+
return $error;
294+
}
295+
}
296+
297+
}

0 commit comments

Comments
 (0)