From 6f519facbd16a07adf3c693d3a9059f75d0b263a Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Mon, 11 Apr 2011 17:57:51 -0700
Subject: [PATCH] Zone transfer test page

---
 bind8/CHANGELOG       |   2 ++
 bind8/bind8-lib.pl    |  34 ++++++++++++++++++++++++++++
 bind8/edit_slave.cgi  |   3 +++
 bind8/images/xfer.gif | Bin 0 -> 1620 bytes
 bind8/lang/en         |   8 +++++++
 bind8/xfer.cgi        |  51 ++++++++++++++++++++++++++++++++++++++++++
 6 files changed, 98 insertions(+)
 create mode 100644 bind8/images/xfer.gif
 create mode 100644 bind8/xfer.cgi

diff --git a/bind8/CHANGELOG b/bind8/CHANGELOG
index bb9a15c86..374cf73d6 100644
--- a/bind8/CHANGELOG
+++ b/bind8/CHANGELOG
@@ -125,3 +125,5 @@ Added the Delete Records In Selected button to the main page, for removing the s
 The default view for new zones can now be set via an option on the Module Config page.
 When adding cluster slave servers, their IPs are added to the also-notify and allow-transfer blocks of each domain added to the slave.
 IPv6 addresses can now be used for remote nameservers in slave and delegation zones.
+---- Changes since 1.540 ----
+Added the Test Zone Transfer button to the slave zone page, to check if zone transfers are possible or not.
diff --git a/bind8/bind8-lib.pl b/bind8/bind8-lib.pl
index 0e8bf4f5d..1146393be 100755
--- a/bind8/bind8-lib.pl
+++ b/bind8/bind8-lib.pl
@@ -3279,5 +3279,39 @@ if (&find_byname("nscd")) {
 	}
 }
 
+# transfer_slave_records(zone, &masters, [file])
+# Transfer DNS records from a master into some file. Returns a map from master
+# IPs to errors.
+sub transfer_slave_records
+{
+my ($dom, $masters, $file) = @_;
+my %rv;
+my $dig = &has_command("dig");
+foreach my $ip (@$masters) {
+	if (!$dig) {
+		$rv{$ip} = "Missing dig command";
+		}
+	else {
+		my $out = &backquote_logged("$dig IN AXFR ".quotemeta($dom).
+					    " \@".quotemeta($ip)." 2>&1");
+		if ($?) {
+			$rv{$ip} = $out;
+			}
+		elsif (!$out) {
+			$rv{$ip} = "No records transferred";
+			}
+		else {
+			if ($file) {
+				&open_tempfile(XFER, ">$file");
+				&print_tempfile(XFER, $out);
+				&close_tempfile(XFER);
+				$file = undef;
+				}
+			}
+		}
+	}
+return \%rv;
+}
+
 1;
 
diff --git a/bind8/edit_slave.cgi b/bind8/edit_slave.cgi
index 972c7b9c9..3ced542ba 100755
--- a/bind8/edit_slave.cgi
+++ b/bind8/edit_slave.cgi
@@ -81,6 +81,9 @@ if ($access{'whois'} && &has_command($config{'whois_cmd'}) &&
 	push(@titles, $text{'master_whois'});
 	push(@images, "images/whois.gif");
 	}
+push(@links, "xfer.cgi?index=$in{'index'}&view=$in{'view'}");
+push(@titles, $text{'slave_xfer'});
+push(@images, "images/xfer.gif");
 if (@links) {
 	print &ui_hr() if ($done_recs);
 	&icons_table(\@links, \@titles, \@images);
diff --git a/bind8/images/xfer.gif b/bind8/images/xfer.gif
new file mode 100644
index 0000000000000000000000000000000000000000..969922e8df9176126594a08aaa17d8b98db162f2
GIT binary patch
literal 1620
zcmV-a2CMl;Nk%w1VK4wN0O$Vz7ea#zNQW9kgd0VL4@rm-N{Jvxh#^XaBTI%TOOz*0
zi6d2zCRCg;QJX4PpDJ3FH&~lBT97zhlsaFQEo7xHW~Vu2p*wU5J7=RkX{AAHsXuL_
zI&iE*ZmUUdpgVD`J#wx-bFWQuq(ODEM|7)5b*w{ov`crdMR~PFh$u~XutJL%PI<9Z
zc&bQ>B0`KKPkORNjT%sUvqX+1QGB#geYI15wnvl)T7I!fl>k+Lw^o3;T!6DomjG9R
zx=)0=RfDxqg}hFg0A7N%QHH%wngC#fw^E0`P@4i-hPYdWzEg<5W`wd~g}70i1XPK@
zVura^iosloyHlPAX@<02i@jKk!)A%SS&hVHi@0BnzgmvPVUECOjk;ow!Dx=VTBH<X
zkiu4|1Zj}HWRb&VlEh-A7i*HgXOqTplDb)|3v!dYZIr=imB(SK4O^@ZbCkSbsvK#S
z$#0dyYnRG(mcCxE6n2-tahSz!n$38b!D_86WU~lxoX=vj8GoC;dz{2;v>kn($7r_@
zbFevPw;yn{GitdMfT78YpTl^xG-kaShoZ)Bxh`zHCTPDLdbdA{rpa-?9&f)YbiFf+
zr^<G|Dr>_ajHt_kxk`?z&2Ggba>p5gzDIk*FL%Z#amXlq#4wAzRf)bxe!@YAzE75}
z%yr5hldscw$TWY)Gl{`be#bp^%q*F)&w$7^iNaZb$Ucn2Q;5Y)c+Mk%%0Q0ARgA@4
zowd_~%t3?ALZ7zPk;qt&$X}ee+=J0Hh0jExxYvx%MUTu=k;-9{%Ug}lMvl!~n#gXX
zyxNk_R-VdgrM=sb(n*ofUaGy;roP;e(@~nvY^T57ozG^I)l8JrVUpHVt-;!z(QlL2
zRhZRWrOtem*jBK_-K5fZn%G{K+E}F3Y@FF&pW0fU++wHMaHZU9yUO0K*MzFsexl!H
zs@sO7;%KqlkEG*pwB3oa;DxK@dbZ<%w&jVr<(I+dp}Omp$>^iT>Yl{vq{Ho)&hW9(
z@T$!6tN;K1A^s6Va%Ew3Wn>_CX>@2HM@dak03rDV0SW;B04x9i001xmFaQ7u{s8|8
z97wRB!Gj1BDqP60p~Hs-4?vvgaDzmO7!iJ9L?EL_f@yGQQt<I(ni3i?Nhq0d&4~&a
z5P1l|@?Zb~ICJ700Ea~e3KRgfpjngPon*|QDP@){*e+BoG++RFhDw2=1K|V-vSi7T
zAUkNF7y+U~1`9xq2tt7MADkyquwb$B1Z<7595iIuo1p|Ml11xi;Sz?77c6ykz#z+^
zgNDZ%IJkOH^o|!YZQ7s-W95hs8YV!T0KuWOX-yt3e!N2l4V^r6&>;R%!vqT$Craop
zL83PzCPY2nLDMErpV(aL-UU(vhKlDZPDn2yXpL%&tlPYfJ-bGdBt~lf$QVyvMHN$k
zF&24oCk*k}oR|36!9|J@AUbg9sDXpVok#$9B!nn22<8PEn_&?JSet2KpAis3h)Eg&
zW+VhM$ix7L6jo@lg%(j9@xvT*oWVsEP(UGt6iw_hlt)N#6Gtf;DzQWqQ9SV#9(c^b
z#ur^wkwq3)cr(FAU~uDx7_w*>%#*(C!i+cAOp}ZrXMCY09^Nb<AR)`VA!d^aG|&J8
zXEMNm0}z-ZNQq}uvP*gt36V)JVv1=?DWml1XP=#<P|2HY?DB^I0>Uzj9gH#>NF$I&
z8YwY?B7(;=R8)u&63dX{$ETo%Dk>kmq!0-s-iQz!MNXtcNg@8Q!pg_2wAMN+FD^ua
zP6SB0<H)bTIx@(x#1=aUsV^i#=R`sn!p<a<SR(DTlN@60wb&kV%nSy2RKzXfcp|PR
zp_DtWB#Wf0?z+x6@lg@!DD%oIth^G-y|K*u$|8^S>#x7oxcgBL(wI}r!3Zau$|ejq
z%<v-tv(!T=@d#tg#TN^su`r)F?C>@Mm(+tI^+aRx$<Z{UGANw1>@p`HV`YXt+l152
z%{NC=O*O5Y;`7hrgj|yo_?$xyIpHL&bU45K>~qj<{Zj-y^NeFPIrOOWO*Yw3!^<(l
zgpEYh{|M1bKI^1?kI-Zv)B_~_ytB?eY`1;T9{k8dw;$aMfuWB-b@OeI5cUKvctJN5
SaX3R4EbjQ@kVoEjKma?QaspQX

literal 0
HcmV?d00001

diff --git a/bind8/lang/en b/bind8/lang/en
index ab0e6732c..99859cb8b 100644
--- a/bind8/lang/en
+++ b/bind8/lang/en
@@ -192,6 +192,7 @@ slave_apply=Force Update
 slave_applymsg2=Click this button to force a re-transfer of the zone from the master server, so that it gets all the latest records.
 slave_last=Last transferred : $1
 slave_never=Never
+slave_xfer=Test Zone Transfer
 
 screate_title1=Create Slave Zone
 screate_title2=Create Stub Zone
@@ -1109,4 +1110,11 @@ trusted_ealg=Missing or invalid algorithm number in row $1
 trusted_ekey=Missing base-64 encoded trusted zone key in row $1
 trusted_setup=For DNSSEC to be useful to verify the majority of signed zones on the Internet, BIND must be configured to use a DLV server. Webmin can set this up for you, using the ICS DLV server at $1.
 trusted_ok=Setup DLV and Enable DNSSEC Verification
+
+xfer_title=Test Zone Transfer
+xfer_doing=Testing transfer of slave zone from $1 ..
+xfer_failed=.. from $1 : Failed : $2
+xfer_done=.. from $1 : Completed OK
+xfer_count=Test transfer successfully fetched $1 records from at least one nameserver. Actual transfers by BIND should also succeed.
+
 __norefs=1
diff --git a/bind8/xfer.cgi b/bind8/xfer.cgi
new file mode 100644
index 000000000..fe16a4c93
--- /dev/null
+++ b/bind8/xfer.cgi
@@ -0,0 +1,51 @@
+#!/usr/local/bin/perl
+# Force a zone transfer for a slave domain
+
+require './bind8-lib.pl';
+&ReadParse();
+$zone = &get_zone_name($in{'index'}, $in{'view'});
+&can_edit_zone($zone) ||
+	&error($text{'master_ecannot'});
+
+# Get config object
+$bconf = $conf = &get_config();
+if ($in{'view'} ne '') {
+	$view = $conf->[$in{'view'}];
+	$conf = $view->{'members'};
+	}
+$zconf = $conf->[$in{'index'}]->{'members'};
+$file = &find_value("file", $zconf);
+
+$desc = &ip6int_to_net(&arpa_to_ip($zone->{'name'}));
+&ui_print_header($desc, $text{'xfer_title'}, "",
+		 undef, undef, undef, undef, &restart_links($zone));
+
+# Get master IPs
+$masters = &find("masters", $zconf);
+foreach $av (@{$masters->{'members'}}) {
+	push(@ips, join(" ", $av->{'name'}, @{$av->{'values'}}));
+	}
+print &text('xfer_doing', join(" ", @ips)),"<br>\n";
+$temp = &transname();
+$rv = &transfer_slave_records($zone->{'name'}, \@ips, $temp);
+foreach $ip (@ips) {
+	if ($rv->{$ip}) {
+		print &text('xfer_failed', $ip,
+		    "<font color=red>".&html_escape($rv->{$ip})."</font>"),
+		    "<br>\n";
+		}
+	else {
+		print &text('xfer_done', $ip),"<br>\n";
+		}
+	}
+print "<p>\n";
+
+# Show records
+if (-r $temp) {
+	@recs = &read_zone_file($temp, $zone->{'name'}.".");
+	print &text('xfer_count', scalar(@recs)),"<p>\n";
+	}
+&unlink_file($temp);
+
+&ui_print_footer("edit_slave.cgi?index=$in{'index'}&view=$in{'view'}",
+		 $text{'master_return'});