diff --git a/config.ini b/config.ini
index b91ba11..c8bf876 100644
--- a/config.ini
+++ b/config.ini
@@ -19,6 +19,7 @@ enabled = true
knot_zones_path = "/srv/niver/ns"
servers[] = "ns1.niver.test."
servers[] = "ns2.niver.test."
+kdig_path = "/usr/bin/kdig"
[ht]
enabled = true
diff --git a/fn/common.php b/fn/common.php
index bb92a2c..46002fc 100644
--- a/fn/common.php
+++ b/fn/common.php
@@ -104,6 +104,10 @@ function removeDirectory($dir) {
serverError("Unable to remove directory.");
}
+function equalArrays($a, $b) {
+ return array_diff($a, $b) === [] AND array_diff($b, $a) === [];
+}
+
function linkToDocs($ref, $title) {
return '' . $title . '';
}
diff --git a/pages/ht/add-http-dns.php b/pages/ht/add-http-dns.php
index d857eec..0f3b41e 100644
--- a/pages/ht/add-http-dns.php
+++ b/pages/ht/add-http-dns.php
@@ -14,13 +14,17 @@ if (processForm()) {
if (query('select', 'sites', ['domain' => $_POST['domain']], 'domain') !== [])
userError("Ce domaine existe déjà sur ce service.");
- $remoteAaaaRecords = array_column(dns_get_record($_POST['domain'], DNS_AAAA), 'ipv6');
- if (array_merge(array_diff($remoteAaaaRecords, [CONF['ht']['ipv6_address']]), array_diff([CONF['ht']['ipv6_address']], $remoteAaaaRecords)) !== [])
- userError("Ce domaine doit avoir pour enregistrement AAAA " . CONF['ht']['ipv6_address'] . "
.");
+ $remoteAaaaRecords = dns_get_record($_POST['domain'], DNS_AAAA);
+ if (is_array($remoteAaaaRecords) !== true)
+ userError("Ce domaine n'existe pas.");
+ if (equalArrays([CONF['ht']['ipv6_address']], array_column($remoteAaaaRecords, 'ipv6')) !== true)
+ userError("Ce domaine doit avoir pour unique enregistrement AAAA " . CONF['ht']['ipv6_address'] . "
.");
- $remoteARecords = array_column(dns_get_record($_POST['domain'], DNS_A), 'ip');
- if (array_merge(array_diff($remoteARecords, [CONF['ht']['ipv4_address']]), array_diff([CONF['ht']['ipv4_address']], $remoteARecords)) !== [])
- userError("Ce domaine doit avoir pour enregistrement A " . CONF['ht']['ipv4_address'] . "
.");
+ $remoteARecords = dns_get_record($_POST['domain'], DNS_A);
+ if (is_array($remoteARecords) !== true)
+ userError("Ce domaine n'existe pas.");
+ if (equalArrays([CONF['ht']['ipv4_address']], array_column($remoteARecords, 'ip')) !== true)
+ userError("Ce domaine doit avoir pour unique enregistrement A " . CONF['ht']['ipv4_address'] . "
.");
addSite($_SESSION['username'], $_POST['dir'], $_POST['domain'], "dns", "http");
diff --git a/pages/ns/zone-add.php b/pages/ns/zone-add.php
index 52f1d40..fb0d95a 100644
--- a/pages/ns/zone-add.php
+++ b/pages/ns/zone-add.php
@@ -6,11 +6,13 @@ if (processForm()) {
if (query('select', 'zones', ['zone' => $_POST['domain']], 'zone') !== [])
userError("Cette zone existe déjà sur ce service.");
- $remoteNsRecords = array_column(dns_get_record($_POST['domain'], DNS_NS), 'target');
- foreach ($remoteNsRecords as $i => $remoteNsRecord)
- $remoteNsRecords[$i] = formatAbsoluteDomain($remoteNsRecord);
- if (array_merge(array_diff($remoteNsRecords, CONF['ns']['servers']), array_diff(CONF['ns']['servers'], $remoteNsRecords)) !== [])
- userError("Ce domaine n'a pas les bons enregistrements NS.");
+ exec(CONF['ns']['kdig_path'] . " " . ltrim(strstr($_POST['domain'], '.'), '.') . " NS +short", $parentAuthoritatives);
+ foreach ($parentAuthoritatives as $parentAuthoritative)
+ checkAbsoluteDomainFormat($parentAuthoritative);
+ exec(CONF['ns']['kdig_path'] . " " . $_POST['domain'] . " NS @" . $parentAuthoritatives[0], $results);
+ preg_match_all('/' . preg_quote($_POST['domain'], '/') . '[\t ]+[0-9]{1,8}[\t ]+IN[\t ]+NS[\t ]+(.+)\n/', implode("\n", $results), $matches);
+ if (equalArrays(CONF['ns']['servers'], $matches[1]) !== true)
+ userError("Les serveurs ayant autorité dans cette zone indiqués par la zone parente ne sont pas ceux de Niver.");
$db = new PDO('sqlite:' . DB_PATH);
$stmt = $db->prepare("INSERT INTO zones(zone, username) VALUES(:zone, :username)");