Permalink
Browse files

Add ACL option to control access to DNSSEC for zones https://sourcefo…

  • Loading branch information...
jcameron committed Sep 25, 2012
1 parent 4106580 commit dab9c91013c7510c81e52d9e8e32ebd0c908873a
View
@@ -148,6 +148,12 @@ sub acl_security_form
printf "<input type=radio name=slaves value=0 %s> $text{'no'}</td>\n",
$_[0]->{'slaves'} ? "" : "checked";
+print "<td><b>$text{'acl_dnssec'}</b></td> <td nowrap>\n";
+printf "<input type=radio name=dnssec value=1 %s> $text{'yes'}\n",
+ $_[0]->{'dnssec'} ? "checked" : "";
+printf "<input type=radio name=dnssec value=0 %s> $text{'no'}</td> </tr>\n",
+ $_[0]->{'dnssec'} ? "" : "checked";
+
print "</tr>\n";
print "<tr> <td><b>$text{'acl_views'}</b></td> <td colspan=3>\n";
@@ -218,6 +224,7 @@ sub acl_security_save
$_[0]->{'slaves'} = $in{'slaves'};
$_[0]->{'views'} = $in{'views'};
$_[0]->{'remote'} = $in{'remote'};
+$_[0]->{'dnssec'} = $in{'dnssec'};
$_[0]->{'gen'} = $in{'gen'};
$_[0]->{'whois'} = $in{'whois'};
$_[0]->{'vlist'} = $in{'vlist_def'} == 1 ? "*" :
View
@@ -1,4 +1,3 @@
-
#!/usr/local/bin/perl
# Remove the signing key records for a zone
@@ -14,6 +13,7 @@ $zone = &get_zone_name($in{'index'}, $in{'view'});
$dom = $zone->{'name'};
&can_edit_zone($zone) ||
&error($text{'master_ecannot'});
+$access{'dnssec'} || &error($text{'dnssec_ecannot'});
$desc = &ip6int_to_net(&arpa_to_ip($dom));
&ui_print_unbuffered_header($desc, $text{'dt_enable_title'}, "",
View
@@ -105,7 +105,7 @@ if ($access{'whois'} && &has_command($config{'whois_cmd'}) &&
push(@titles, $text{'master_whois'});
push(@images, "images/whois.gif");
}
-if (&supports_dnssec()) {
+if ($access{'dnssec'} && &supports_dnssec()) {
if (&have_dnssec_tools_support()) {
# DNSSEC Automation
push(@links, "edit_zonedt.cgi?index=$in{'index'}&view=$in{'view'}");
View
@@ -1,4 +1,3 @@
-
#!/usr/local/bin/perl
# Display the signing key for a zone, or offer to set one up
@@ -14,6 +13,7 @@ $zone = &get_zone_name($in{'index'}, $in{'view'});
$dom = $zone->{'name'};
&can_edit_zone($zone) ||
&error($text{'master_ecannot'});
+$access{'dnssec'} || &error($text{'dnssec_ecannot'});
$desc = &ip6int_to_net(&arpa_to_ip($dom));
&ui_print_header($desc, $text{'dt_zone_title'}, "",
View
@@ -7,6 +7,7 @@ $zone = &get_zone_name($in{'index'}, $in{'view'});
$dom = $zone->{'name'};
&can_edit_zone($zone) ||
&error($text{'master_ecannot'});
+$access{'dnssec'} || &error($text{'dnssec_ecannot'});
$desc = &ip6int_to_net(&arpa_to_ip($dom));
&ui_print_header($desc, $text{'zonekey_title'}, "",
View
@@ -1,4 +1,3 @@
-
#!/usr/local/bin/perl
# Create a signing key for a zone, add it, and sign the zone
@@ -14,6 +13,7 @@ $zone = &get_zone_name($in{'index'}, $in{'view'});
$dom = $zone->{'name'};
&can_edit_zone($zone) ||
&error($text{'master_ecannot'});
+$access{'dnssec'} || &error($text{'dnssec_ecannot'});
$desc = &ip6int_to_net(&arpa_to_ip($dom));
&ui_print_unbuffered_header($desc, $text{'dt_enable_title'}, "",
View
@@ -488,6 +488,7 @@ acl_slaves=Can manage cluster slave servers?
acl_views=Can create and edit views?
acl_edonly=Edit only
acl_remote=Can create slave zones on remote servers?
+acl_dnssec=Can configure DNSSEC for zones?
acl_gen=Can edit record generators?
acl_whois=Can lookup WHOIS information?
acl_vlist=Views this user can edit and add zones to
@@ -1,4 +1,3 @@
-
#!/usr/local/bin/perl
# Perform one of a number of DNSSEC-related operations for the zone
@@ -14,6 +13,7 @@ $zone = &get_zone_name($in{'index'}, $in{'view'});
$dom = $zone->{'name'};
&can_edit_zone($zone) ||
&error($text{'master_ecannot'});
+$access{'dnssec'} || &error($text{'dnssec_ecannot'});
if (&have_dnssec_tools_support()) {
my $optype = $in{'optype'};
@@ -1,4 +1,3 @@
-
#!/usr/local/bin/perl
# Migrate an existing DNSSEC signed zone to using the DNSSEC-Tools suite for DNSSEC-related automation
@@ -15,6 +14,7 @@ $zone = &get_zone_name($in{'index'}, $in{'view'});
$dom = $zone->{'name'};
&can_edit_zone($zone) ||
&error($text{'master_ecannot'});
+$access{'dnssec'} || &error($text{'dnssec_ecannot'});
$desc = &ip6int_to_net(&arpa_to_ip($dom));
&ui_print_unbuffered_header($desc, $text{'dt_enable_title'}, "",

0 comments on commit dab9c91

Please sign in to comment.