From: Nico Kaiser <nico@kaiser.me>
Date: Sun, 23 Jun 2013 17:15:08 +0000 (+0200)
Subject: use keyfile instead of key
X-Git-Tag: v1.0.0~8
X-Git-Url: http://git.neszt.hu/?a=commitdiff_plain;h=c7a7afaae4d24a0b3e988c18a976f47e88c72659;p=Dyndns%2F.git

use keyfile instead of key
---

diff --git a/README.md b/README.md
index 15af565..84e01f1 100644
--- a/README.md
+++ b/README.md
@@ -13,43 +13,31 @@ This script acts like the original DynDNS.org server and handles DNS updates on
 
     http://yourdomain.tld/?hostname=<domain>&myip=<ipaddr>
 
+To be able to dynamically update the BIND DNS server, a DNS key must be generated with the command:
 
-You may have to adjust your own DNS configuration to make "members.dyndns.org" point to your own 
-Server and you Web Servers configuration to make "/nic/update" call the PHP script provided in this 
-package.
+    ddns-confgen
 
+This command outputs instructions for your BIND installation. The generated key has to be added to the named.conf.local:
 
-Furthermore, to be able to dynamically update the BIND DNS server, DNS key must be generated with
-the command:
-
-    dnskeygen -n dyndns.example.com -H 512 -h
-
-(Where "dyndns.example.com" is the key name)
-The resulting key (look at the "Key:" line in the resulting Kdyndns.example.com.+157+00000.private)
-must be copied to both, the  config.php  file (along with the key name, see there for details), and 
-the BIND configuration (see below).
-
-
-The key has to be added to the BIND configuration (named.conf), as well as a DNS zone:
-
-
-    key dyndns.example.com. {
-        algorithm HMAC-MD5;
+    key "ddns-key" {
+        algorithm hmac-sha256;
         secret "bvZ....K5A==";
     };
 
+and saved to a file which is referenced in config.php as "bind.keyfile". In the "zone" entry, you have to add an "update-policy":
+
     zone "dyndns.example.com" {
         type master;
-        file "dyndns.example.com.zone";
-        allow-update {
-            key dyndns.example.com.;
-        };
-    };
+        file "db.dyndns.example.com";
+        ...
+        update-polify {
+            grand ddns-key zonesub ANY;
+        }
+    }
 
-In this case, the zone is also called "dyndns.example.com". The (initial) dyndns.example.com.zone 
-file (located in BIND's cache directory) looks like this:
+In this case, the zone is also called "dyndns.example.com". The (initial) db.dyndns.example.com file (located in BIND's cache directory) looks like this:
 
-$TTL 1h 
+$TTL 1h
 @ IN SOA dyndns.example.com. root.example.com. (
         2007111501      ; serial
         1h              ; refresh
diff --git a/conf/bind/Dyndns.conf.include b/conf/bind/Dyndns.conf.include
deleted file mode 100644
index a4cf5f2..0000000
--- a/conf/bind/Dyndns.conf.include
+++ /dev/null
@@ -1,12 +0,0 @@
-key dyndns.example.com. {
-	algorithm HMAC-MD5;
-	secret "bvZfFHkl16wNGL/LuEUAqvlBeue9lw7C8GkHnQucN6jpKDMjOu29zFR6LlO5YlpNzYquDBmDSPVddX9SuFIK5A==";
-};
-
-zone "dyndns.org" {
-	type master;
-	file "dyndns.org.zone";
-	allow-update {
-		key dyndns.example.com.;
-	};
-};
diff --git a/web/config.php b/web/config.php
index 12e6ebd..59d632c 100644
--- a/web/config.php
+++ b/web/config.php
@@ -9,12 +9,12 @@ if (!isset($dyndns) || !method_exists($dyndns, 'setConfig')) {
 /* 
  * Location of the hosts database
  */
-$dyndns->setConfig('hostsFile', 'conf/dyndns.hosts');
+$dyndns->setConfig('hostsFile', __DIR__ . '/../conf/dyndns.hosts');
 
 /* 
  * Location of the user database
  */
-$dyndns->setConfig('userFile', 'conf/dyndns.user');
+$dyndns->setConfig('userFile', __DIR__ . '/../conf/dyndns.user');
 
 /* 
  * Enable debugging?
@@ -30,7 +30,7 @@ $dyndns->setConfig('debugFile', '/tmp/dyndns.log');
  * Secret Key for BIND nsupdate
  * <keyname>:<secret>
  */
-$dyndns->setConfig('bind.key', 'dyndns.example.com:bvZfFHkl16wNGL/LuEUAqvlBeue9lw7C8GkHnQucN6jpKDMjOu29zFR6LlO5YlpNzYquDBmDSPVddX9SuFIK5A==');
+$dyndns->setConfig('bind.keyfile', __DIR__ . '/../conf/dyn.example.com.key');
 
 /*
  * Address of the BIND server. You can specify any remote DNS server here, 
diff --git a/web/lib/Dyndns/Hosts.php b/web/lib/Dyndns/Hosts.php
index 7d3a11a..ab79dfd 100644
--- a/web/lib/Dyndns/Hosts.php
+++ b/web/lib/Dyndns/Hosts.php
@@ -140,7 +140,7 @@ class Hosts
         $server = $this->getConfig('bind.server');
         $zone = $this->getConfig('bind.zone');
         $ttl = $this->getConfig('bind.ttl') * 1;
-        $key = $this->getConfig('bind.key');
+        $keyfile = $this->getConfig('bind.keyfile');
 
         // sanitiy checks
         if (! Helper::checkValidHost($server)) {
@@ -159,8 +159,8 @@ class Hosts
             $this->debug('bind.ttl is too low. Setting to default 300.');
             $ttl = 300;
         }
-        if (! eregi('^[a-z0-9.-=/]+$', $key)) {
-            $this->debug('ERROR: Invalid bind.key config value');
+        if (! is_readable($keyfile)) {
+            $this->debug('ERROR: Invalid bind.keyfile config value');
             return false;
         }
 
@@ -182,7 +182,7 @@ class Hosts
         fclose($fh);
 
         // Execute nsupdate
-        $result = exec('/usr/bin/nsupdate -y ' . $key . ' ' . $tempfile . ' 2>&1');
+        $result = exec('/usr/bin/nsupdate -k ' . escapeshellarg($keyfile) . ' ' . $tempfile . ' 2>&1');
         unlink($tempfile);
         if ($result != '') {
             $this->debug('ERROR: nsupdate returns: ' . $result);