4 require './bind8-lib.pl';
5 $access{'defaults'} || &error($text{'rndc_ecannot'});
6 &error_setup($text{'rndc_err'});
7 $cfile = &make_chroot($config{'named_conf'});
9 # Generate the RNDC config
10 &execute_command($config{'rndcconf_cmd'}, undef, \$out, \$err);
12 &error("<pre>$err</pre>");
14 &open_lock_tempfile(CONF, ">$config{'rndc_conf'}");
15 &print_tempfile(CONF, $out);
16 &close_tempfile(CONF);
17 &set_ownership_permissions(0, 0, 0600, $config{'rndc_conf'});
18 $rconf = [ &read_config_file($config{'rndc_conf'}) ];
21 $rkey = &find("key", $rconf);
22 $rkey || &error($text{'rndc_ekey'});
23 $secret = &find_value("secret", $rkey->{'members'});
24 $secret || &error($text{'rndc_esecret'});
25 $options = &find("options", $rconf);
27 $port = &find_value("default-port", $options->{'members'});
31 # Add the key to named.conf
33 $parent = &get_config_parent();
34 $conf = &get_config();
35 @keys = &find("key", $conf);
36 ($key) = grep { $_->{'values'}->[0] eq "rndc-key" } @keys;
39 $key = { 'name' => 'key',
41 'values' => [ "rndc-key" ],
45 &save_directive($key, "algorithm", [ { 'name' => 'algorithm',
46 'values' => [ "hmac-md5" ] } ], 1, 1);
47 &save_directive($key, "secret", [ { 'name' => 'secret',
48 'values' => [ $secret ] } ], 1, 1);
49 &save_directive($parent, 'key', \@keys, 0);
51 # Make sure there is a control for the inet port
52 $controls = &find("controls", $conf);
54 # Need to add controls section
55 $controls = { 'name' => 'controls', 'type' => 1 };
56 &save_directive($parent, 'controls', [ $controls ]);
58 $inet = &find("inet", $controls->{'members'});
60 # Need to add inet entry
61 $inet = { 'name' => 'inet',
63 'values' => [ "127.0.0.1", "port", $port ],
64 'members' => { 'allow' => [
65 { 'name' => "127.0.0.1" } ],
67 { 'name' => "rndc-key" } ]
72 # Just make sure it is valid
73 %keys = map { $_->{'name'}, 1 } @{$inet->{'members'}->{'keys'}};
74 if (!$keys{'rndc-key'}) {
75 push(@{$inet->{'members'}->{'keys'}},
76 { 'name' => "rndc-key" });
79 &save_directive($controls, 'inet', [ $inet ], 1);
83 # MacOS specific fix - remove include for /etc/rndc.key , which we don't need
84 $lref = &read_file_lines($cfile);
85 for(my $i=0; $i<@$lref; $i++) {
86 if ($lref->[$i] =~ /^include\s+"\/etc\/rndc.key"/i) {
87 splice(@$lref, $i, 1);
91 &flush_file_lines($cfile);