From 87019fc4e0f0fdd4e344b26ace61380ea4972793 Mon Sep 17 00:00:00 2001 From: Andres Petralli Date: Mon, 23 Dec 2013 20:20:32 -0800 Subject: Enabling advanced RFC 2136 configuration for DHCPd service This change adds the ability to configure RFC 2136 domain name updates using a hmac-md5 keyname/key. --- etc/inc/services.inc | 143 +++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 103 insertions(+), 40 deletions(-) (limited to 'etc') diff --git a/etc/inc/services.inc b/etc/inc/services.inc index cb79d72..182a76a 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -408,6 +408,7 @@ log-facility local7; one-lease-per-client true; deny duplicates; ping-check true; +update-conflict-detection false; EOD; @@ -837,48 +838,20 @@ EOD; $dhcpdifs[] = get_real_interface($dhcpif); if ($newzone['domain-name']) + { + if ($need_ddns_updates) + { + $newzone['dns-servers'] = array($dhcpifconf['ddnsdomainprimary']); + } $ddns_zones[] = $newzone; + } } if ($need_ddns_updates) { $dhcpdconf .= "ddns-update-style interim;\n"; - $dhcpdconf .= "update-static-leases on;\n"; - - if (is_array($ddns_zones)) { - $added_zones = array(); - foreach ($ddns_zones as $zone) { - if (!is_array($zone) || empty($zone) || !is_array($zone['dns-servers'])) - continue; - $primary = $zone['dns-servers'][0]; - $secondary = empty($zone['dns-servers'][1]) ? "" : $zone['dns-servers'][1]; - // Make sure we aren't using any invalid or IPv6 DNS servers. - if (!is_ipaddrv4($primary)) { - if (is_ipaddrv4($secondary)) { - $primary = $secondary; - $secondary = ""; - } else { - continue; - } - } - // We don't need to add zones multiple times. - if (!in_array($zone['domain-name'], $added_zones)) { - $dhcpdconf .= "zone {$zone['domain-name']} {\n"; - $dhcpdconf .= " primary {$primary};\n"; - if (is_ipaddrv4($secondary)) - $dhcpdconf .= " secondary {$secondary};\n"; - $dhcpdconf .= "}\n"; - $added_zones[] = $zone['domain-name']; - } - if (!in_array($zone['ptr-domain'], $added_zones)) { - $dhcpdconf .= "zone {$zone['ptr-domain']} {\n"; - $dhcpdconf .= " primary {$primary};\n"; - if (is_ipaddrv4($secondary)) - $dhcpdconf .= " secondary {$secondary};\n"; - $dhcpdconf .= "}\n"; - $added_zones[] = $zone['ptr-domain']; - } - } - } + + $dhcpdconf .= dhcpdkey($dhcpifconf); + $dhcpdconf .= dhcpdzones($ddns_zones, $dhcpifconf); } /* write dhcpd.conf */ @@ -905,6 +878,69 @@ EOD; return 0; } +function dhcpdkey($dhcpifconf) +{ + $dhcpdconf = ""; + if ($dhcpifconf['ddnsdomainkeyname'] <> "" && $dhcpifconf['ddnsdomainkey'] <> "") + { + $dhcpdconf .= "key {$dhcpifconf['ddnsdomainkeyname']} {\n"; + $dhcpdconf .= " algorithm hmac-md5;\n"; + $dhcpdconf .= " secret {$dhcpifconf['ddnsdomainkey']};\n"; + $dhcpdconf .= "}\n"; + } + + return $dhcpdconf; +} + +function dhcpdzones($ddns_zones, $dhcpifconf) +{ + $dhcpdconf = ""; + + if (is_array($ddns_zones)) { + $added_zones = array(); + foreach ($ddns_zones as $zone) { + if (!is_array($zone) || empty($zone) || !is_array($zone['dns-servers'])) + continue; + $primary = $zone['dns-servers'][0]; + $secondary = empty($zone['dns-servers'][1]) ? "" : $zone['dns-servers'][1]; + + // Make sure we aren't using any invalid or IPv6 DNS servers. + if (!is_ipaddrv4($primary)) { + if (is_ipaddrv4($secondary)) { + $primary = $secondary; + $secondary = ""; + } else { + continue; + } + } + + // We don't need to add zones multiple times. + if ($zone['domain-name'] && !in_array($zone['domain-name'], $added_zones)) { + $dhcpdconf .= "zone {$zone['domain-name']}. {\n"; + $dhcpdconf .= " primary {$primary};\n"; + if (is_ipaddrv4($secondary)) + $dhcpdconf .= " secondary {$secondary};\n"; + if($dhcpifconf['ddnsdomainkeyname'] <> "" && $dhcpifconf['ddnsdomainkey'] <> "") + $dhcpdconf .= " key {$dhcpifconf['ddnsdomainkeyname']};\n"; + $dhcpdconf .= "}\n"; + $added_zones[] = $zone['domain-name']; + } + if ($zone['ptr-domain'] && !in_array($zone['ptr-domain'], $added_zones)) { + $dhcpdconf .= "zone {$zone['ptr-domain']} {\n"; + $dhcpdconf .= " primary {$primary};\n"; + if (is_ipaddrv4($secondary)) + $dhcpdconf .= " secondary {$secondary};\n"; + if($dhcpifconf['ddnsdomainkeyname'] <> "" && $dhcpifconf['ddnsdomainkey'] <> "") + $dhcpdconf .= " key {$dhcpifconf['ddnsdomainkeyname']};\n"; + $dhcpdconf .= "}\n"; + $added_zones[] = $zone['ptr-domain']; + } + } + } + + return $dhcpdconf; +} + function services_dhcpdv6_configure() { global $config, $g; @@ -1015,10 +1051,10 @@ option domain-search-list code 119 = text; default-lease-time 7200; max-lease-time 86400; log-facility local7; -ddns-update-style none; one-lease-per-client true; deny duplicates; ping-check true; +update-conflict-detection false; EOD; @@ -1031,8 +1067,12 @@ EOD; $dhcpdv6ifs = array(); $dhcpv6num = 0; + $nsupdate = false; + foreach ($dhcpdv6cfg as $dhcpv6if => $dhcpv6ifconf) { + $ddns_zones = array(); + $ifcfgv6 = $config['interfaces'][$dhcpv6if]; if (!isset($dhcpv6ifconf['enable']) || !isset($Iflist[$dhcpv6if])) @@ -1052,15 +1092,16 @@ EOD; $dnscfgv6 .= " option domain-name \"{$dhcpv6ifconf['domain']}\";\n"; } - if ($dhcpv6ifconf['domainsearchlist'] <> "") { + if ($dhcpv6ifconf['domainsearchlist'] <> "") { $dnscfgv6 .= " option domain-search \"" . join("\",\"", preg_split("/[ ;]+/", $dhcpv6ifconf['domainsearchlist'])) . "\";\n"; - } + } if (isset($dhcpv6ifconf['ddnsupdate'])) { if($dhcpv6ifconf['ddnsdomain'] <> "") { $dnscfgv6 .= " ddns-domainname \"{$dhcpv6ifconf['ddnsdomain']}\";\n"; } $dnscfgv6 .= " ddns-update-style interim;\n"; + $nsupdate = true; } if (is_array($dhcpv6ifconf['dnsserver']) && ($dhcpv6ifconf['dnsserver'][0])) { @@ -1078,6 +1119,13 @@ EOD; $dnscfgv6 .= " option dhcp6.name-servers " . join(",", $dns_arrv6) . ";"; } + if ($dhcpv6ifconf['domain']) { + $newzone = array(); + $newzone['domain-name'] = $dhcpv6ifconf['domain']; + $newzone['dns-servers'][] = $dhcpv6ifconf['ddnsdomainprimary']; + $ddns_zones[] = $newzone; + } + if (is_ipaddrv6($ifcfgipv6)) { $dhcpdv6conf .= "subnet6 {$subnetv6}/{$ifcfgsnv6}"; } else { @@ -1178,6 +1226,12 @@ EOD; } } + if ($dhcpv6ifconf['domain']) + { + $dhcpdv6conf .= dhcpdkey($dhcpv6ifconf); + $dhcpdv6conf .= dhcpdzones($ddns_zones, $dhcpv6ifconf); + } + if ($config['dhcpdv6'][$dhcpv6if]['ramode'] <> "unmanaged") { if(preg_match("/poes/si", $dhcpv6if)) { /* magic here */ @@ -1196,6 +1250,15 @@ EOD; } } + if ($nsupdate) + { + $dhcpdv6conf .= "ddns-update-style interim;\n"; + } + else + { + $dhcpdv6conf .= "ddns-update-style none;\n"; + } + /* write dhcpdv6.conf */ if (!@file_put_contents("{$g['dhcpd_chroot_path']}/etc/dhcpdv6.conf", $dhcpdv6conf)) { log_error("Error: cannot open {$g['dhcpd_chroot_path']}/etc/dhcpdv6.conf in services_dhcpdv6_configure().\n"); -- cgit v1.1