Skip to content

Commit

Permalink
Implement is_zone_secured directly in SQL
Browse files Browse the repository at this point in the history 
Instead of calling pdnssec, do it with SQL for security and performance
  • Loading branch information
Keenan Tims committed Aug 13, 2015
1 parent 63396b5 commit 7051a79
Showing 1 changed file with 13 additions and 10 deletions.
23 changes: 13 additions & 10 deletions inc/dnssec.inc.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -172,16 +172,19 @@ function dnssec_unsecure_zone($domain_name) {
* @return boolean true on success, false on failure
*/
function dnssec_is_zone_secured($domain_name) {
$call_result = dnssec_call_pdnssec('show-zone', $domain_name);
$output = $call_result[0];
$return_code = $call_result[1];

if ($return_code != 0) {
error(ERR_EXEC_PDNSSEC_SHOW_ZONE);
return false;
}

return (count($output) == 0 ? false : true);
global $db;
$query = $db->prepare("SELECT
COUNT(cryptokeys.id) AS active_keys,
COUNT(domainmetadata.id) > 0 AS presigned
FROM domains
LEFT JOIN cryptokeys ON domains.id = cryptokeys.domain_id
LEFT JOIN domainmetadata ON domains.id = domainmetadata.domain_id AND domainmetadata.kind = 'PRESIGNED'
WHERE domains.name = ?
GROUP BY domains.id
");
$query->execute(array($domain_name));
$row = $query->fetch();
return $row['active_keys'] > 0 || $row['presigned'];
}

/** Use presigned RRSIGs from storage
Expand Down

0 comments on commit 7051a79

Please sign in to comment.