Skip to content

Commit

Permalink
Add ACL option to control access to DNSSEC for zones https://sourcefo…
Browse files Browse the repository at this point in the history 
…rge.net/tracker/?func=detail&atid=117457&aid=3571551&group_id=17457
  • Loading branch information
@jcameron
jcameron committed Sep 25, 2012
1 parent 4106580 commit dab9c91
Show file tree
Hide file tree
Showing 9 changed files with 15 additions and 6 deletions.
7 changes: 7 additions & 0 deletions bind8/acl_security.pl
View file
Expand Up @@ -148,6 +148,12 @@ sub acl_security_form
printf "<input type=radio name=slaves value=0 %s> $text{'no'}</td>\n", printf "<input type=radio name=slaves value=0 %s> $text{'no'}</td>\n",
$_[0]->{'slaves'} ? "" : "checked"; $_[0]->{'slaves'} ? "" : "checked";


print "<td><b>$text{'acl_dnssec'}</b></td> <td nowrap>\n";
printf "<input type=radio name=dnssec value=1 %s> $text{'yes'}\n",
$_[0]->{'dnssec'} ? "checked" : "";
printf "<input type=radio name=dnssec value=0 %s> $text{'no'}</td> </tr>\n",
$_[0]->{'dnssec'} ? "" : "checked";

print "</tr>\n"; print "</tr>\n";


print "<tr> <td><b>$text{'acl_views'}</b></td> <td colspan=3>\n"; print "<tr> <td><b>$text{'acl_views'}</b></td> <td colspan=3>\n";
Expand Down Expand Up @@ -218,6 +224,7 @@ sub acl_security_save
$_[0]->{'slaves'} = $in{'slaves'}; $_[0]->{'slaves'} = $in{'slaves'};
$_[0]->{'views'} = $in{'views'}; $_[0]->{'views'} = $in{'views'};
$_[0]->{'remote'} = $in{'remote'}; $_[0]->{'remote'} = $in{'remote'};
$_[0]->{'dnssec'} = $in{'dnssec'};
$_[0]->{'gen'} = $in{'gen'}; $_[0]->{'gen'} = $in{'gen'};
$_[0]->{'whois'} = $in{'whois'}; $_[0]->{'whois'} = $in{'whois'};
$_[0]->{'vlist'} = $in{'vlist_def'} == 1 ? "*" : $_[0]->{'vlist'} = $in{'vlist_def'} == 1 ? "*" :
Expand Down
2 changes: 1 addition & 1 deletion bind8/disable_zonedt.cgi
View file
@@ -1,4 +1,3 @@

#!/usr/local/bin/perl #!/usr/local/bin/perl
# Remove the signing key records for a zone # Remove the signing key records for a zone


Expand All @@ -14,6 +13,7 @@ $zone = &get_zone_name($in{'index'}, $in{'view'});
$dom = $zone->{'name'}; $dom = $zone->{'name'};
&can_edit_zone($zone) || &can_edit_zone($zone) ||
&error($text{'master_ecannot'}); &error($text{'master_ecannot'});
$access{'dnssec'} || &error($text{'dnssec_ecannot'});
$desc = &ip6int_to_net(&arpa_to_ip($dom)); $desc = &ip6int_to_net(&arpa_to_ip($dom));


&ui_print_unbuffered_header($desc, $text{'dt_enable_title'}, "", &ui_print_unbuffered_header($desc, $text{'dt_enable_title'}, "",
Expand Down
2 changes: 1 addition & 1 deletion bind8/edit_master.cgi
View file
Expand Up @@ -105,7 +105,7 @@ if ($access{'whois'} && &has_command($config{'whois_cmd'}) &&
push(@titles, $text{'master_whois'}); push(@titles, $text{'master_whois'});
push(@images, "images/whois.gif"); push(@images, "images/whois.gif");
} }
if (&supports_dnssec()) { if ($access{'dnssec'} && &supports_dnssec()) {
if (&have_dnssec_tools_support()) { if (&have_dnssec_tools_support()) {
# DNSSEC Automation # DNSSEC Automation
push(@links, "edit_zonedt.cgi?index=$in{'index'}&view=$in{'view'}"); push(@links, "edit_zonedt.cgi?index=$in{'index'}&view=$in{'view'}");
Expand Down
2 changes: 1 addition & 1 deletion bind8/edit_zonedt.cgi
View file
@@ -1,4 +1,3 @@

#!/usr/local/bin/perl #!/usr/local/bin/perl
# Display the signing key for a zone, or offer to set one up # Display the signing key for a zone, or offer to set one up


Expand All @@ -14,6 +13,7 @@ $zone = &get_zone_name($in{'index'}, $in{'view'});
$dom = $zone->{'name'}; $dom = $zone->{'name'};
&can_edit_zone($zone) || &can_edit_zone($zone) ||
&error($text{'master_ecannot'}); &error($text{'master_ecannot'});
$access{'dnssec'} || &error($text{'dnssec_ecannot'});
$desc = &ip6int_to_net(&arpa_to_ip($dom)); $desc = &ip6int_to_net(&arpa_to_ip($dom));


&ui_print_header($desc, $text{'dt_zone_title'}, "", &ui_print_header($desc, $text{'dt_zone_title'}, "",
Expand Down
1 change: 1 addition & 0 deletions bind8/edit_zonekey.cgi
View file
Expand Up @@ -7,6 +7,7 @@ $zone = &get_zone_name($in{'index'}, $in{'view'});
$dom = $zone->{'name'}; $dom = $zone->{'name'};
&can_edit_zone($zone) || &can_edit_zone($zone) ||
&error($text{'master_ecannot'}); &error($text{'master_ecannot'});
$access{'dnssec'} || &error($text{'dnssec_ecannot'});
$desc = &ip6int_to_net(&arpa_to_ip($dom)); $desc = &ip6int_to_net(&arpa_to_ip($dom));


&ui_print_header($desc, $text{'zonekey_title'}, "", &ui_print_header($desc, $text{'zonekey_title'}, "",
Expand Down
2 changes: 1 addition & 1 deletion bind8/enable_zonedt.cgi
View file
@@ -1,4 +1,3 @@

#!/usr/local/bin/perl #!/usr/local/bin/perl
# Create a signing key for a zone, add it, and sign the zone # Create a signing key for a zone, add it, and sign the zone


Expand All @@ -14,6 +13,7 @@ $zone = &get_zone_name($in{'index'}, $in{'view'});
$dom = $zone->{'name'}; $dom = $zone->{'name'};
&can_edit_zone($zone) || &can_edit_zone($zone) ||
&error($text{'master_ecannot'}); &error($text{'master_ecannot'});
$access{'dnssec'} || &error($text{'dnssec_ecannot'});
$desc = &ip6int_to_net(&arpa_to_ip($dom)); $desc = &ip6int_to_net(&arpa_to_ip($dom));


&ui_print_unbuffered_header($desc, $text{'dt_enable_title'}, "", &ui_print_unbuffered_header($desc, $text{'dt_enable_title'}, "",
Expand Down
1 change: 1 addition & 0 deletions bind8/lang/en
View file
Expand Up @@ -488,6 +488,7 @@ acl_slaves=Can manage cluster slave servers?
acl_views=Can create and edit views? acl_views=Can create and edit views?
acl_edonly=Edit only acl_edonly=Edit only
acl_remote=Can create slave zones on remote servers? acl_remote=Can create slave zones on remote servers?
acl_dnssec=Can configure DNSSEC for zones?
acl_gen=Can edit record generators? acl_gen=Can edit record generators?
acl_whois=Can lookup WHOIS information? acl_whois=Can lookup WHOIS information?
acl_vlist=Views this user can edit and add zones to acl_vlist=Views this user can edit and add zones to
Expand Down
2 changes: 1 addition & 1 deletion bind8/zone_dnssecmgt_dt.cgi
View file
@@ -1,4 +1,3 @@

#!/usr/local/bin/perl #!/usr/local/bin/perl
# Perform one of a number of DNSSEC-related operations for the zone # Perform one of a number of DNSSEC-related operations for the zone


Expand All @@ -14,6 +13,7 @@ $zone = &get_zone_name($in{'index'}, $in{'view'});
$dom = $zone->{'name'}; $dom = $zone->{'name'};
&can_edit_zone($zone) || &can_edit_zone($zone) ||
&error($text{'master_ecannot'}); &error($text{'master_ecannot'});
$access{'dnssec'} || &error($text{'dnssec_ecannot'});


if (&have_dnssec_tools_support()) { if (&have_dnssec_tools_support()) {
my $optype = $in{'optype'}; my $optype = $in{'optype'};
Expand Down
2 changes: 1 addition & 1 deletion bind8/zone_dnssecmigrate_dt.cgi
View file
@@ -1,4 +1,3 @@

#!/usr/local/bin/perl #!/usr/local/bin/perl
# Migrate an existing DNSSEC signed zone to using the DNSSEC-Tools suite for DNSSEC-related automation # Migrate an existing DNSSEC signed zone to using the DNSSEC-Tools suite for DNSSEC-related automation


Expand All @@ -15,6 +14,7 @@ $zone = &get_zone_name($in{'index'}, $in{'view'});
$dom = $zone->{'name'}; $dom = $zone->{'name'};
&can_edit_zone($zone) || &can_edit_zone($zone) ||
&error($text{'master_ecannot'}); &error($text{'master_ecannot'});
$access{'dnssec'} || &error($text{'dnssec_ecannot'});
$desc = &ip6int_to_net(&arpa_to_ip($dom)); $desc = &ip6int_to_net(&arpa_to_ip($dom));


&ui_print_unbuffered_header($desc, $text{'dt_enable_title'}, "", &ui_print_unbuffered_header($desc, $text{'dt_enable_title'}, "",
Expand Down

0 comments on commit dab9c91

Please sign in to comment.