79 lines
2.5 KiB
PHP
79 lines
2.5 KiB
PHP
<?php
|
|
|
|
if (processForm()) {
|
|
$_POST['domain'] = formatAbsoluteDomain($_POST['domain']);
|
|
|
|
if (query('select', 'zones', ['zone' => $_POST['domain']], 'zone') !== [])
|
|
output(403, 'Cette zone existe déjà sur ce service.');
|
|
|
|
exec(CONF['ns']['kdig_path'] . ' ' . ltrim(strstr($_POST['domain'], '.'), '.') . ' NS +short', $parentAuthoritatives);
|
|
if ($parentAuthoritatives === [])
|
|
output(403, 'Serveurs de noms de la zone parente introuvables');
|
|
foreach ($parentAuthoritatives as $parentAuthoritative)
|
|
checkAbsoluteDomainFormat($parentAuthoritative);
|
|
|
|
exec(CONF['ns']['kdig_path'] . ' ' . $_POST['domain'] . ' NS @' . $parentAuthoritatives[0] . ' +noidn', $results);
|
|
if (preg_match('/^' . preg_quote($_POST['domain'], '/') . '[\t ]+[0-9]{1,8}[\t ]+IN[\t ]+NS[\t ]+(?<salt>[0-9a-f]{8})-(?<hash>[0-9a-f]{32})\.auth-owner.+$/m', implode("\n", $results), $matches) !== 1)
|
|
output(403, 'Enregistrement d\'authentification introuvable');
|
|
|
|
checkAuthToken($matches['salt'], $matches['hash']);
|
|
|
|
rateLimit();
|
|
|
|
insert('zones', [
|
|
'zone' => $_POST['domain'],
|
|
'username' => $_SESSION['username'],
|
|
]);
|
|
|
|
$knotZonePath = CONF['ns']['knot_zones_path'] . "/" . $_POST['domain'] . "zone";
|
|
$knotZone = implode(' ', [
|
|
$_POST['domain'],
|
|
SOA_VALUES['ttl'],
|
|
'SOA',
|
|
CONF['ns']['servers'][0],
|
|
SOA_VALUES['email'],
|
|
1,
|
|
SOA_VALUES['refresh'],
|
|
SOA_VALUES['retry'],
|
|
SOA_VALUES['expire'],
|
|
SOA_VALUES['negative'],
|
|
]) . "\n";
|
|
foreach (CONF['ns']['servers'] as $server)
|
|
$knotZone .= $_POST['domain'] . ' 86400 NS ' . $server . "\n";
|
|
if (is_int(file_put_contents($knotZonePath, $knotZone)) !== true)
|
|
output(500, 'Failed to write new zone file.');
|
|
if (chmod($knotZonePath, 0660) !== true)
|
|
output(500, 'Failed to chmod new zone file.');
|
|
|
|
knotcConfExec([
|
|
"set 'zone[" . $_POST['domain'] . "]'",
|
|
"set 'zone[" . $_POST['domain'] . "].template' 'niver-ns'",
|
|
]);
|
|
|
|
output(200, 'La requête a été traitée.');
|
|
}
|
|
|
|
$proof = getAuthToken();
|
|
|
|
?>
|
|
|
|
<p>
|
|
Le domaine doit avoir un <?= linkToDocs('ns-record', 'enregistrement NS') ?> qui commence par <code><?= $proof ?>.auth-owner</code> lors du traitement de ce formulaire.
|
|
</p>
|
|
|
|
<p>
|
|
La zone sera servie par ces serveurs de noms :
|
|
<ul>
|
|
<?php
|
|
foreach (CONF['ns']['servers'] as $server)
|
|
echo ' <li><code>' . $server . '</code></li>';
|
|
?>
|
|
</ul>
|
|
</p>
|
|
|
|
<form method="post">
|
|
<label for="domain">Domaine</label><br>
|
|
<input required="" placeholder="domain.<?= PLACEHOLDER_DOMAIN ?>." id="domain" name="domain" type="text"><br>
|
|
<input value="Ajouter" type="submit">
|
|
</form>
|