1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
<?php
ini_set("display_errors", 1);
ini_set("display_startup_errors", 1);
error_reporting(E_ALL);
function sshrun($command) {
$host = "misc.tghost.co.uk";
$user = "bladns.net";
$keypub = "/home/bladns.net/.ssh/id_rsa.pub";
$keypriv = "/home/bladns.net/.ssh/id_rsa";
$connection = ssh2_connect($host, 22, array("hostkey" => "ssh-rsa"));
ssh2_auth_pubkey_file($connection, $user, $keypub, $keypriv);
$stream = ssh2_exec($connection, $command);
stream_set_blocking($stream, true);
$stream_out = ssh2_fetch_stream($stream, SSH2_STREAM_STDIO);
return stream_get_contents($stream_out);
}
function getzone($domain, $password) {
$zoneroot = "/var/bind/pri/";
$zonesuffix = ".zone";
if (!preg_match('/^[0-9A-Za-z\.\-]*$/', $_POST['domain'])) {
die("invalid domain");
}
$string = sshrun("cat " . $zoneroot . $domain . $zonesuffix);
$zonelines = explode("\n", $string);
$zonehash = explode(" ", $zonelines[0]);
if ($zonehash[sizeof($zonehash) - 1] == $password) {
return $string;
} else {
return;
}
}
function writezone($domain, $password, $zonetext) {
$zoneroot = "/var/bind/pri/";
$zonesuffix = ".zone";
if (!preg_match('/^[0-9A-Za-z\.\-]*$/', $_POST['domain'])) {
die("invalid domain");
}
if (!getzone($domain, $password)) {
die("somehow the password went bad");
}
$zonetext = str_replace('$', '\$', $zonetext);
sshrun("echo -e \"$zonetext\" > $zoneroot$domain$zonesuffix");
sshrun("rndc reload $domain");
}
// Main entry point
if (isset($_POST['domain']) && isset($_POST['password']) && !isset($_POST['zonetext'])) {
if (!preg_match('/^[0-9A-Za-z\.\-]*$/', $_POST['domain'])) {
die("invalid domain");
}
$password = hash("sha256", $_POST['password']);
if ($zonefile = getzone($_POST['domain'], $password)) {
?>
<form action="dns.php" method="post">
<textarea rows="24" cols="80" name="zonetext" autofocus><?php echo $zonefile; ?></textarea><br>
<input type="hidden" name="domain" value="<?php echo $_POST['domain']; ?>">
<input type="hidden" name="password" value="<?php echo $password; ?>">
<input type="submit" value="Update zonefile"><br>
</form>
<?php
} else {
die("sorry, the domain or password is wrong :(");
}
} else if (isset($_POST['domain']) && isset($_POST['password']) && isset($_POST['zonetext'])) {
$zonetext = str_replace("\r", '', $_POST['zonetext']);
writezone($_POST['domain'], $_POST['password'], $zonetext);
echo "all done :)";
} else {
?>
<!DOCTYPE html>
<html>
<head>
<title>BlaDNS</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<form name="login" action="dns.php" method="post">
Domain name: <input type="text" name="domain" autofocus><br>
Password: <input type="password" name="password"><br>
<input type="submit" value="Login">
</form>
</body>
</html>
<?php
}
?>
|
