servnest/fn/ns.php

<?php declare(strict_types=1);

const NS_SOA_VALUES = [
	'ttl' => 10800,
	'email' => CONF['ns']['public_soa_email'],
	'refresh' => 10800,
	'retry' => 3600,
	'expire' => 3628800,
	'negative' => 10800,
];

const NS_MIN_TTL = 300;
const NS_DEFAULT_TTL = 10800;
const NS_MAX_TTL = 1728000;

const NS_ALLOWED_TYPES = ['AAAA', 'A', 'TXT', 'SRV', 'MX', 'SSHFP', 'TLSA', 'NS', 'DS', 'CSYNC', 'CAA', 'CNAME', 'DNAME', 'SVCB', 'HTTPS', 'LOC'];

const NS_TEXTAREA_MAX_CHARACTERS = 10000;

const NS_SYNC_TTL = 10800;

function nsParseCommonRequirements(): array {
	nsCheckZonePossession($_POST['zone']);

	if (($_POST['subdomain'] === '') OR ($_POST['subdomain'] === '@'))
		$values['domain'] = $_POST['zone'];
	else
		$values['domain'] = formatAbsoluteDomain(formatEndWithDot($_POST['subdomain']) . $_POST['zone']);

	$values['ttl'] = intval($_POST['ttl-value'] * $_POST['ttl-multiplier']);

	if ($values['ttl'] < NS_MIN_TTL)
		output(403, sprintf(_('TTLs shorter than %s seconds are forbidden.'), NS_MIN_TTL));
	if ($values['ttl'] > NS_MAX_TTL)
		output(403, sprintf(_('TTLs longer than %s seconds are forbidden.'), NS_MAX_TTL));

	return $values;
}

function nsListUserZones(): array {
	if (isset($_SESSION['id']))
		return query('select', 'zones', ['username' => $_SESSION['id']], ['zone']);
	return [];
}

function nsCheckZonePossession(string $zone): void {
	checkAbsoluteDomainFormat($zone);

	if (!in_array($zone, nsListUserZones(), true))
		output(403, 'You don\'t own this zone on the name server.');
}

function nsDeleteZone(string $zone, string $user_id): void {
	// Remove from Knot configuration
	knotcConfExec([['conf-unset', 'zone[' . $zone . ']']]);

	// Remove Knot zone file
	if (unlink(CONF['ns']['knot_zones_path'] . '/' . $zone . 'zone') !== true)
		output(500, 'Failed to remove Knot zone file.');

	// Remove Knot related data
	exescape([
		CONF['dns']['knotc_path'],
		'--blocking',
		'--timeout',
		'3',
		'--force',
		'--',
		'zone-purge',
		$zone,
		'+orphan',
	], result_code: $code);
	if ($code !== 0)
		output(500, 'Failed to purge zone data.');

	query('delete', 'ns-syncs', ['destination' => $zone]);

	// Remove from database
	query('delete', 'zones', [
		'zone' => $zone,
		'username' => $user_id,
	]);
}

function nsSync(string $source, string $destination): void {
	$zone_raw = file_get_contents(CONF['ns']['knot_zones_path'] . '/' . $destination . 'zone');
	if ($zone_raw === false)
		output(403, 'Unable to read zone file.');

	foreach (['AAAA', 'A', 'CAA'] as $type) {
		// Get source/distant records
		$results = kdig(name: $source, type: $type);

		if ($results['AD'] !== 1)
			throw new NoDnssecException($source . ' not DNSSEC-signed.');

		$source_records = array_column($results['answerRRs'] ?? [], 'rdata' . $type);

		// Get destination/local records
		$dest_records = array_column(parseZoneFile($zone_raw, [$type], $destination, false), 3);

		// Add source records that are not yet in destination
		foreach (array_diff($source_records, $dest_records) as $value_to_add)
			knotcZoneExec($destination, [
				$destination,
				NS_SYNC_TTL,
				$type,
				$value_to_add,
			], 'add');
		// Delete destination records that are not part of source anymore
		foreach (array_diff($dest_records, $source_records) as $value_to_delete)
			knotcZoneExec($destination, [
				$destination,
				$type,
				$value_to_delete,
			], 'delete');
	}
}
declare(strict_types=1); 2023-07-17 21:15:18 +02:00			`<?php declare(strict_types=1);`
Small fixes (in reg) 2021-02-19 13:23:26 +01:00
Add reg/edit.php and regParseRecord() 2023-07-31 01:13:06 +02:00			`const NS_SOA_VALUES = [`
Direct zone file edition through <textarea> 2022-11-20 01:05:03 +01:00			`'ttl' => 10800,`
			`'email' => CONF['ns']['public_soa_email'],`
			`'refresh' => 10800,`
			`'retry' => 3600,`
			`'expire' => 3628800,`
			`'negative' => 10800,`
Fix zone deletion process (again) 2023-05-06 02:39:19 +02:00			`];`
Direct zone file edition through <textarea> 2022-11-20 01:05:03 +01:00
Add reg/edit.php and regParseRecord() 2023-07-31 01:13:06 +02:00			`const NS_MIN_TTL = 300;`
			`const NS_DEFAULT_TTL = 10800;`
			`const NS_MAX_TTL = 1728000;`
Direct zone file edition through <textarea> 2022-11-20 01:05:03 +01:00
Add reg/edit.php and regParseRecord() 2023-07-31 01:13:06 +02:00			`const NS_ALLOWED_TYPES = ['AAAA', 'A', 'TXT', 'SRV', 'MX', 'SSHFP', 'TLSA', 'NS', 'DS', 'CSYNC', 'CAA', 'CNAME', 'DNAME', 'SVCB', 'HTTPS', 'LOC'];`
Direct zone file edition through <textarea> 2022-11-20 01:05:03 +01:00
Add reg/edit.php and regParseRecord() 2023-07-31 01:13:06 +02:00			`const NS_TEXTAREA_MAX_CHARACTERS = 10000;`
Unify ns/ forms 2021-05-16 16:55:39 +02:00
Add reg/edit.php and regParseRecord() 2023-07-31 01:13:06 +02:00			`const NS_SYNC_TTL = 10800;`
Add ns/sync and jobs/ns-syncs 2023-06-24 16:54:36 +02:00
Add type in functions signatures 2023-06-20 00:36:58 +02:00			`function nsParseCommonRequirements(): array {`
2 spaces > tab 2022-04-18 16:05:00 +02:00			`nsCheckZonePossession($_POST['zone']);`
Reinstall on Debian 11 (and lots of small changes) 2021-07-15 15:36:34 +02:00
Direct zone file edition through <textarea> 2022-11-20 01:05:03 +01:00			`if (($_POST['subdomain'] === '') OR ($_POST['subdomain'] === '@'))`
2 spaces > tab 2022-04-18 16:05:00 +02:00			`$values['domain'] = $_POST['zone'];`
			`else`
Add formatAbsoluteDomain, remove regGetUpperDomain 2022-06-15 15:30:18 +02:00			`$values['domain'] = formatAbsoluteDomain(formatEndWithDot($_POST['subdomain']) . $_POST['zone']);`
Unify ns/ forms 2021-05-16 16:55:39 +02:00
Fix zone deletion process (again) 2023-05-06 02:39:19 +02:00			`$values['ttl'] = intval($_POST['ttl-value'] * $_POST['ttl-multiplier']);`
Add Gemini support 2021-03-02 22:56:38 +01:00
Add reg/edit.php and regParseRecord() 2023-07-31 01:13:06 +02:00			`if ($values['ttl'] < NS_MIN_TTL)`
			`output(403, sprintf(_('TTLs shorter than %s seconds are forbidden.'), NS_MIN_TTL));`
			`if ($values['ttl'] > NS_MAX_TTL)`
			`output(403, sprintf(_('TTLs longer than %s seconds are forbidden.'), NS_MAX_TTL));`
Add Gemini support 2021-03-02 22:56:38 +01:00
2 spaces > tab 2022-04-18 16:05:00 +02:00			`return $values;`
Add Gemini support 2021-03-02 22:56:38 +01:00			`}`

Add type in functions signatures 2023-06-20 00:36:58 +02:00			`function nsListUserZones(): array {`
Split pages/ between pg-act/ and pg-view/ 2022-12-20 21:17:03 +01:00			`if (isset($_SESSION['id']))`
ns/sync.php: instant sync when adding new sync 2023-10-08 00:50:48 +02:00			`return query('select', 'zones', ['username' => $_SESSION['id']], ['zone']);`
Split pages/ between pg-act/ and pg-view/ 2022-12-20 21:17:03 +01:00			`return [];`
Fix some PHP8 warnings and use constants for paths 2021-04-14 14:56:02 +02:00			`}`

Add type in functions signatures 2023-06-20 00:36:58 +02:00			`function nsCheckZonePossession(string $zone): void {`
Add formatAbsoluteDomain, remove regGetUpperDomain 2022-06-15 15:30:18 +02:00			`checkAbsoluteDomainFormat($zone);`
Small fixes (in reg) 2021-02-19 13:23:26 +01:00
Gettext internationalization and english translation 2023-01-21 01:27:52 +01:00			`if (!in_array($zone, nsListUserZones(), true))`
			`output(403, 'You don\'t own this zone on the name server.');`
Small fixes (in reg) 2021-02-19 13:23:26 +01:00			`}`
Add form to delete account Move service-specific deletion code to functions 2022-06-18 04:22:05 +02:00
Add type in functions signatures 2023-06-20 00:36:58 +02:00			`function nsDeleteZone(string $zone, string $user_id): void {`
nsDeleteZone: Fix zone deletion process 2023-04-27 22:18:03 +02:00			`// Remove from Knot configuration`
Fix important vulnerability in reg/ds.php + exescape In page reg/ds.php, POST parameter 'key' was directly sent to shell, allowing for remote arbitrary commands execution. This commit fixes this vulnerability, and uses a new function to automatically escape every shell command arguments as an additional generic protection. 2023-06-19 02:15:43 +02:00			`knotcConfExec([['conf-unset', 'zone[' . $zone . ']']]);`
nsDeleteZone: Fix zone deletion process 2023-04-27 22:18:03 +02:00
Fix zone deletion process (again) 2023-05-06 02:39:19 +02:00			`// Remove Knot zone file`
			`if (unlink(CONF['ns']['knot_zones_path'] . '/' . $zone . 'zone') !== true)`
			`output(500, 'Failed to remove Knot zone file.');`

			`// Remove Knot related data`
Fix important vulnerability in reg/ds.php + exescape In page reg/ds.php, POST parameter 'key' was directly sent to shell, allowing for remote arbitrary commands execution. This commit fixes this vulnerability, and uses a new function to automatically escape every shell command arguments as an additional generic protection. 2023-06-19 02:15:43 +02:00			`exescape([`
			`CONF['dns']['knotc_path'],`
			`'--blocking',`
			`'--timeout',`
			`'3',`
			`'--force',`
			`'--',`
			`'zone-purge',`
			`$zone,`
			`'+orphan',`
			`], result_code: $code);`
Fix zone deletion process (again) 2023-05-06 02:39:19 +02:00			`if ($code !== 0)`
			`output(500, 'Failed to purge zone data.');`

ns/sync: translations and bugfixes 2023-06-26 04:13:52 +02:00			`query('delete', 'ns-syncs', ['destination' => $zone]);`

Add form to delete account Move service-specific deletion code to functions 2022-06-18 04:22:05 +02:00			`// Remove from database`
			`query('delete', 'zones', [`
			`'zone' => $zone,`
init.php + jobs + job to delete old testing accounts 2023-06-08 17:36:44 +02:00			`'username' => $user_id,`
Add form to delete account Move service-specific deletion code to functions 2022-06-18 04:22:05 +02:00			`]);`
			`}`
ns/sync.php: instant sync when adding new sync 2023-10-08 00:50:48 +02:00
			`function nsSync(string $source, string $destination): void {`
			`$zone_raw = file_get_contents(CONF['ns']['knot_zones_path'] . '/' . $destination . 'zone');`
			`if ($zone_raw === false)`
			`output(403, 'Unable to read zone file.');`

			`foreach (['AAAA', 'A', 'CAA'] as $type) {`
			`// Get source/distant records`
			`$results = kdig(name: $source, type: $type);`

			`if ($results['AD'] !== 1)`
			`throw new NoDnssecException($source . ' not DNSSEC-signed.');`

			`$source_records = array_column($results['answerRRs'] ?? [], 'rdata' . $type);`

			`// Get destination/local records`
			`$dest_records = array_column(parseZoneFile($zone_raw, [$type], $destination, false), 3);`

			`// Add source records that are not yet in destination`
			`foreach (array_diff($source_records, $dest_records) as $value_to_add)`
			`knotcZoneExec($destination, [`
			`$destination,`
			`NS_SYNC_TTL,`
			`$type,`
			`$value_to_add,`
			`], 'add');`
			`// Delete destination records that are not part of source anymore`
			`foreach (array_diff($dest_records, $source_records) as $value_to_delete)`
			`knotcZoneExec($destination, [`
			`$destination,`
			`$type,`
			`$value_to_delete,`
			`], 'delete');`
			`}`
			`}`