Merge branch 'dnssec-fix-cron' into 'stable-3.1'

DNSSEC-Fix: Possible transfer issue

This fixes the current fact that auto-resigned zones do not change their serial which might cause slave dns servers not to replicate the zone with new RRSIGs.
This is kind of a critical fix.

See merge request !308

Author: Till Brehm

server/lib/classes/cron.d/550-bind_dnssec.inc.php

@@ -35,6 +35,27 @@ class cronjob_bind_dnssec extends cronjob {
 
 	// job schedule
 	protected $_schedule = '30 3 * * *'; //daily at 3:30 a.m.
+	
+	private function increase_serial($serial){
+		global $app, $conf;
+
+		// increase serial
+		$serial_date = $app->functions->intval(substr($serial, 0, 8));
+		$count = $app->functions->intval(substr($serial, 8, 2));
+		$current_date = date("Ymd");
+		if($serial_date >= $current_date){
+			$count += 1;
+			if ($count > 99) {
+				$serial_date += 1;
+				$count = 0;
+			}
+			$count = str_pad($count, 2, "0", STR_PAD_LEFT);
+			$new_serial = $serial_date.$count;
+		} else {
+			$new_serial = $current_date.'01';
+		}
+		return $new_serial;
+	}
 
 	public function onRunJob() {
 		global $app, $conf;
@@ -54,36 +75,13 @@ public function onRunJob() {
 			$domain = substr($data['origin'], 0, strlen($data['origin'])-1);
 			if (!file_exists($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain)) return false;
 
-			$app->log('DNSSEC Auto-Resign: Resigning zone '.$domain, LOGLEVEL_INFO);
-			
-			$zonefile = file_get_contents($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain);
-			$keycount=0;
-			foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'*.key') as $keyfile) {
-				$includeline = '$INCLUDE '.basename($keyfile);
-				if (!preg_match('@'.preg_quote($includeline).'@', $zonefile)) $zonefile .= "\n".$includeline."\n";
-				$keycount++;
-			}
-			if ($keycount != 2) $app->log('DNSSEC Warning: There are more or less than 2 keyfiles for zone '.$domain, LOGLEVEL_WARN);
-			file_put_contents($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain, $zonefile);
-			
-			//Sign the zone and set it valid for max. 16 days
-			exec('cd '.escapeshellcmd($dns_config['bind_zonefiles_dir']).';'.
-				 '/usr/sbin/dnssec-signzone -A -e +1382400 -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N increment -o '.escapeshellcmd($domain).' -t '.$filespre.escapeshellcmd($domain));
-				 
-			//Write Data back into DB
-			$dnssecdata = "DS-Records:\n".file_get_contents($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.');
-			$dnssecdata .= "\n------------------------------------\n\nDNSKEY-Records:\n";
-			foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'*.key') as $keyfile) {
-				$dnssecdata .= file_get_contents($keyfile)."\n\n";
-			}
-			
-			$app->db->query('UPDATE dns_soa SET dnssec_info=\''.$dnssecdata.'\', dnssec_initialized=\'Y\', dnssec_last_signed=\''.time().'\' WHERE id='.$data['id']);
-			$data = next($soas);
+			$app->log('DNSSEC Auto-Resign: Touching zone '.$domain, LOGLEVEL_INFO);
+			$app->db->datalogUpdate('dns_soa', array("serial" => $this->increase_serial($data['serial'])), 'id', $data['id']);
 		}
 
 		parent::onRunJob();
 	}
 
 }
 
-?>
+?>