示例#1
0
    def run(self):
        """docstring for run"""
        if not self.active:
            return None
        if self.last_run != None and self.last_run > (time.time() -
                                                      self.interval):
            return None
        self.last_run = time.time()

        for domain in os.listdir(DNSSEC_KEYS_LOCATION):
            if os.path.isdir(os.path.join(DNSSEC_KEYS_LOCATION, domain)):
                config = ConfigParser.ConfigParser({
                    'src_file':
                    os.path.join(DNS_MASTER_ZONE_PATH, domain),
                    'dst_file':
                    os.path.join(DNS_COMPILED_ZONE_PATH, domain),
                    'in_keyroll':
                    'False',
                    'keyroll_timestamp':
                    '0',
                    'zone_ttl':
                    '3600',
                })
                try:
                    config_fp = open(
                        os.path.join(DNSSEC_KEYS_LOCATION, domain,
                                     'config.ini'), 'r')
                    flock(config_fp, LOCK_SH)
                    config.readfp(config_fp)
                    config_fp.close()
                except:
                    continue
                zonefile = config.get(domain, 'src_file')
                compiled_file = config.get(domain, 'dst_file')
                in_keyroll = config.getboolean(domain, 'in_keyroll')
                zone_ttl = config.getint(domain, 'zone_ttl')
                try:
                    last_signature = config.getint(domain, 'last_signature')
                except:
                    continue

                keyroll_timestamp = config.getint(domain, 'keyroll_timestamp')
                if keyroll_timestamp == 0:
                    keyroll_timestamp = last_signature

                if (last_signature < (time.time() - DNSSEC_ZONE_REHASH)) or (
                        in_keyroll and zone_ttl != None and keyroll_timestamp <
                    (time.time() - zone_ttl)):
                    compile_result = sign_and_compile(domain,
                                                      zonefile,
                                                      compiled_file,
                                                      increment_serial=True)
                    if compile_result == True:
                        base.shell_exec('rndc reload ' + domain)
示例#2
0
def dns_compile_zonefile(base_domain, zonefile, zonefile_compiled):

	####
	return True
	####

	if dns_detect_dnssec(zonefile_compiled):
	#If there are DNSSEC records in zonefile, use prepared function
		compile_result = mydns_sign_and_compile(base_domain, zonefile, zonefile_compiled, True)
		#return dnssec_write

	else:
		#If no dnssec is used, just increase serial and compile zone.
		increment_serial = True
		serial_updated = False
		line = None
		srcfh = open(zonefile,'r+')
		flock(srcfh,LOCK_EX)
		while line == None or line != '':
			line = srcfh.readline()
			if increment_serial and not serial_updated:
				mymatch = re.match('^(\s+([0-9]{10})\s*;\s*serial\s*)$',line)
				if mymatch != None:
					old_serial = int(mymatch.group(2))
					today_serial = int(datetime.date.today().strftime('%Y%m%d00'))
					new_serial = max(old_serial,today_serial)+1
					line = line.replace(mymatch.group(2),str(new_serial))
					filepos = srcfh.tell()
					srcfh.seek(filepos-len(line))
					srcfh.write(line)
					serial_updated=True
		srcfh.close()
		#Compile zone
		(out, err, res) = base.shell_exec2('named-compilezone -o '+zonefile_compiled+' '+ base_domain +' '+zonefile)
		compile_result = res == 0

	os.utime(zonefile_compiled, None)


	if compile_result == True:
		base.shell_exec('rndc reload '+base_domain)
		return [True, "ok" ]
	else:
		return [True, "Zone not loaded:\n"+str(out)+"\n\n"+str(err)]
示例#3
0
def syscmd_update_reverse(data):
    ip, ip6, hostname = base.xml_cut(data, ['ip', 'ip6', 'hostname'])
    hostname = str(hostname)
    if re.match(base.EREG_IP, ip) == None:
        if ip != '':
            return [False, 'invalid ip']
        else:
            updateip4 = False
    else:
        updateip4 = True
    if re.match(base.EREG_IP6, ip6) == None:
        if ip6 != '':
            return [False, 'invalid ip6']
        else:
            updateip6 = False
    else:
        updateip6 = True
    if re.match(base.EREG_DOMAIN_NAME, hostname) == None:
        if hostname != '':
            return [False, 'invalid domain name']

    if updateip4:
        ipbase = ip.split('.')[0:3]
        ipname = str(ip.split('.')[3])
        ipbase.reverse()
        ipzone = '.'.join(ipbase) + '.in-addr.arpa'

    if updateip6:
        ls = os.listdir('/var/named/reverse')
        zonefiles = []
        for file in ls:
            mymatch = re.search('^(.*).ip6.arpa', file)
            if mymatch != None:
                zonefiles.append((mymatch.group(1), file))

    if updateip6:
        updateip6 = False
        ip6list = ip6.split(':')
        ip6hex = ''
        for item in ip6list:
            if item == '':
                item = '0' * (8 - len(ip6list) + 1) * 4
            else:
                item = '0' * (4 - len(item)) + item
            ip6hex += item
        ip6listhex = list(ip6hex)
        ip6listhex.reverse()
        ip6text = '.'.join(ip6listhex)
        for zonefile in zonefiles:
            if ip6text[-1 * len(zonefile[0]):] == zonefile[0]:
                ip6zoneshort = zonefile[0]
                ip6zone = zonefile[1]
                ip6name = ip6text[:-len(zonefile[0]) - 1]
                updateip6 = True
                break

    ip4updated = False
    if updateip4:
        zonefile = '/etc/bind/reverse/' + ipzone
        ip4fh = open(zonefile, 'r+')
        flock(ip4fh, LOCK_EX)
        lines = ip4fh.readlines()

        for key in range(len(lines)):
            mymatch = re.match(
                '^' + re.escape(ipname) +
                '(\s+[0-9]+)?\s+IN\s+PTR\s+[a-zA-Z0-9\.\-]+\.$',
                lines[key].strip('\n'))
            if mymatch != None:
                lines[key] = ipname + mymatch.group(
                    1) + ' IN PTR ' + hostname + '.\n'
                ip4updated = True
            mymatch = re.match('^(\s+)([0-9]+)(\s+\;\s*serial)$', lines[key])
            if mymatch != None:
                lines[key] = mymatch.group(1) + str(
                    int(mymatch.group(2)) + 1) + mymatch.group(3) + '\n'
        if ip4updated:
            ip4fh.seek(0)
            lines = ip4fh.writelines(lines)
            ip4fh.truncate()
            ip4fh.close()
            if sign_and_compile(ipzone, zonefile,
                                os.path.join(DNS_COMPILED_ZONE_PATH, ipzone)):
                base.shell_exec('rndc reload ' + ipzone)
            else:
                return [False, 'Unable to sign zone']
        else:
            ip4fh.close()

    ip6updated = False
    if updateip6 == True:
        zonefile = '/etc/bind/reverse/' + ip6zone
        ip6fh = open(zonefile, 'r+')
        flock(ip6fh, LOCK_EX)
        lines = ip6fh.readlines()
        popkey = None
        for key in range(len(lines)):
            mymatch = re.match(
                '^' + re.escape(ip6name) + '\s+IN\s+PTR\s+[a-zA-Z0-9\.\-]*\.$',
                lines[key].strip('\n'))
            if mymatch != None:
                if hostname == '':
                    popkey = key
                else:
                    lines[key] = ip6name + ' IN PTR ' + hostname + '.\n'
                ip6updated = True
            mymatch = re.match('^(\s+)([0-9]+)(\s+\;\s*serial)$', lines[key])
            if mymatch != None:
                lines[key] = mymatch.group(1) + str(
                    int(mymatch.group(2)) + 1) + mymatch.group(3) + '\n'
        if popkey != None:
            lines.pop(popkey)
        if ip6updated != True and hostname != '':
            lines.append(ip6name + ' IN PTR ' + hostname + '.\n')
            ip6updated = True

        if ip6updated:
            ip6fh.seek(0)
            lines = ip6fh.writelines(lines)
            ip6fh.truncate()
            ip6fh.close()
            if sign_and_compile(
                    ip6zoneshort + '.ip6.arpa', zonefile,
                    os.path.join(DNS_COMPILED_ZONE_PATH,
                                 ip6zoneshort + '.ip6.arpa')):
                base.shell_exec('rndc reload ' + ip6zoneshort + '.ip6.arpa')
            else:
                return [False, 'Unable to sign zone']
            base.shell_exec('rndc reload %s.ip6.arpa' % ip6zoneshort)
        else:
            ip6fh.close()

    return [True, 'reverse record updated']
示例#4
0
def syscmd_domain_update_dns(data):
    trigger_file = '/var/lock/rndc-trigger.lock'
    lock_file = '/var/lock/rndc-reconfig.lock'
    dns = parseString(data)

    domain = dns.getElementsByTagName('domain')[0].childNodes[0].data
    dnssec = bool(int(
        dns.getElementsByTagName('dnssec')[0].childNodes[0].data))
    if re.match(base.EREG_DOMAIN_NAME, domain) == None:
        return [False, "Domena %s neprosla eregem" % domain]
    if os.path.exists(DNS_MASTER_ZONE_PATH):
        zonefile = os.path.join(DNS_MASTER_ZONE_PATH, domain)
        compiled_file = os.path.join(DNS_COMPILED_ZONE_PATH, domain)
        # check original zone serial, increment if needed
        old_serial = 0
        if os.path.exists(zonefile):
            for line in open(zonefile):
                mymatch = re.match('^(\s+([0-9]{10})\s*;\s*serial\s*)$', line)
                if mymatch != None:
                    old_serial = int(mymatch.group(2))
                    break
        serial_checked = False
        f = open(zonefile, "w+")
        flock(f, LOCK_EX)
        for line in dns.getElementsByTagName(
                'zone')[0].childNodes[0].data.split('\n'):
            if not serial_checked:
                mymatch = re.match('^(\s+([0-9]{10})\s*;\s*serial\s*)$', line)
                if mymatch != None:
                    serial_checked = True
                    new_serial = int(mymatch.group(2))
                    if new_serial <= old_serial:
                        line = line.replace(str(new_serial),
                                            str(old_serial + 1))
            f.write(line + '\n')
        f.close()

        # pokud je zonovy soubor j*z v teto vterine upraven, pockame 1 vterinu, aby bylo zajisteno, ze mtime souboru se zmeni.
        # bind odmita znovu reloadnout zonu, pokud se ji nezmenil mtime v celych cislech
        try:
            st = os.stat(compiled_file)
            if int(st.st_mtime) == int(time.time()):
                time.sleep(1)
        except:
            open(compiled_file, 'w').close()
            pass
        lock_fh = ()
        if dnssec:
            compile_result = sign_and_compile(domain, zonefile, compiled_file)
        else:
            if not dnssec and os.path.exists(
                    os.path.join(DNSSEC_KEYS_LOCATION, domain)):
                base.rmrf(os.path.join(DNSSEC_KEYS_LOCATION, domain))
            dst_lock_fh = open(compiled_file, 'r')
            flock(dst_lock_fh, LOCK_EX)
            (out, err,
             res) = base.shell_exec2('named-compilezone -o ' + compiled_file +
                                     ' ' + domain + ' ' + zonefile)
            compile_result = res == 0
            dst_lock_fh.close()

        os.utime(compiled_file, None)
        if compile_result == True:
            if update_master_config(domain):
                base.bind_restart_lock.acquire()
                base.trigger_update(base.bind_restart_data)
                base.bind_restart_lock.release()
            else:
                base.shell_exec('rndc reload ' + domain)
            return [True, "ok"]
        else:
            return [True, "Zone not loaded:\n" + str(out) + "\n\n" + str(err)]

    else:
        return [False, "adresar %s neexistuje" % (DNS_MASTER_ZONE_PATH, )]