Commit 86d9389b authored by Till Brehm's avatar Till Brehm
Browse files

Merge branch 'develop' into 'develop'

# Conflicts:
#   interface/web/login/index.php
parents c1250ee2 27db86c9
Pipeline #12292 passed with stage
in 13 seconds
......@@ -90,7 +90,7 @@ build:package:
- if [[ "$VER" == "" ]] ; then VER="3.2dev"$(date +%s) ; fi
- if [[ "$VER" != "" ]] ; then echo "Replacing 3.2dev by $VER" ; sed -i -r 's/3\.2dev/'${VER}'/g' install/tpl/config.inc.php.master install/sql/ispconfig3.sql ; fi
- RET=0
- tar -cpzf ISPConfig-${VER}.tar.gz --exclude "ISPConfig-${VER}.tar.gz" --exclude ".git*" --exclude ".phplint.yml" --transform 's,^\./,ispconfig3_install/,' . || RET=$?
- tar -cpzf ISPConfig-${VER}.tar.gz --exclude "ISPConfig-${VER}.tar.gz" --exclude ".git*" --exclude ".phplint.yml" --transform 's,^\./,ispconfig3_install/,' --mode='0775' ./* || RET=$?
- if [[ $RET > 1 ]] ; then exit $RET ; fi
- echo "Listing tar contents for verification"
- tar -tvf ISPConfig-${VER}.tar.gz
......@@ -101,4 +101,4 @@ build:package:
- echo "Download url is https://download.ispconfig.org/ISPConfig-${VER}.tar.gz"
needs: ["syntax:lint"]
allow_failure: false
\ No newline at end of file
allow_failure: false
......@@ -6,7 +6,7 @@
{vhost_port_listen} Listen {vhost_port}
<tmpl_if name='apache_version' op='<' value='2.4' format='version'>
NameVirtualHost *:{vhost_port}
# NameVirtualHost *:{vhost_port}
</tmpl_if>
<VirtualHost _default_:{vhost_port}>
......
......@@ -52,7 +52,7 @@ class installer_base {
}
public function update_acme() {
$acme = explode("\n", shell_exec('which acme.sh /usr/local/ispconfig/server/scripts/acme.sh /root/.acme.sh/acme.sh'));
$acme = explode("\n", shell_exec('which acme.sh /usr/local/ispconfig/server/scripts/acme.sh /root/.acme.sh/acme.sh 2> /dev/null'));
$acme = reset($acme);
$val = 0;
......@@ -892,6 +892,20 @@ class installer_base {
public function configure_mailman($status = 'insert') {
global $conf;
// Fix for #6314: bug on Debian 11 systems where Mailman3 is not available and broken routes exist in the Mailman config
$data_dir = '/var/lib/mailman';
if (($conf['mailman']['installed'] != true) && is_dir($data_dir)) {
rename($data_dir, $data_dir . '-bk');
//* Create the mailman files
if(!is_dir('/var/lib/mailman/data')) exec('mkdir -p /var/lib/mailman/data');
if(!is_file('/var/lib/mailman/data/aliases')) touch('/var/lib/mailman/data/aliases');
exec('postmap /var/lib/mailman/data/aliases');
if(!is_file('/var/lib/mailman/data/virtual-mailman')) touch('/var/lib/mailman/data/virtual-mailman');
exec('postmap /var/lib/mailman/data/virtual-mailman');
if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');
exec('postmap /var/lib/mailman/data/transport-mailman');
}
$config_dir = $conf['mailman']['config_dir'].'/';
$full_file_name = $config_dir.'mm_cfg.py';
//* Backup exiting file
......@@ -1653,7 +1667,7 @@ class installer_base {
//* These postconf commands will be executed on installation and update
$server_ini_rec = $this->db->queryOneRecord("SELECT mail_server, config FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . '.server', $conf['server_id']);
$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
$mail_server = ($server_ini_rec['mail_server']) ? true : false;
$mail_server = $conf['services']['mail'];
unset($server_ini_rec);
// amavisd user config file
......@@ -1777,7 +1791,7 @@ class installer_base {
//* These postconf commands will be executed on installation and update
$server_ini_rec = $this->db->queryOneRecord("SELECT mail_server, config FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . '.server', $conf['server_id']);
$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
$mail_server = ($server_ini_rec['mail_server']) ? true : false;
$mail_server = $conf['services']['mail'];
unset($server_ini_rec);
$config_dir = $conf['postfix']['config_dir'];
......@@ -1981,8 +1995,13 @@ class installer_base {
exec('chmod a+r /etc/rspamd/local.d/* /etc/rspamd/local.d/maps.d/* /etc/rspamd/override.d/*');
# protect passwords in these files
exec('chgrp _rspamd /etc/rspamd/local.d/redis.conf /etc/rspamd/local.d/classifier-bayes.conf /etc/rspamd/local.d/worker-controller.inc');
exec('chmod 640 /etc/rspamd/local.d/redis.conf /etc/rspamd/local.d/classifier-bayes.conf /etc/rspamd/local.d/worker-controller.inc');
exec('chgrp _rspamd /etc/rspamd/local.d/redis.conf /etc/rspamd/local.d/classifier-bayes.conf');
exec('chmod 640 /etc/rspamd/local.d/redis.conf /etc/rspamd/local.d/classifier-bayes.conf');
if(file_exists('/etc/rspamd/local.d/worker-controller.inc')) {
exec('chgrp _rspamd /etc/rspamd/local.d/worker-controller.inc');
exec('chmod 640 /etc/rspamd/local.d/worker-controller.inc');
}
# unneccesary, since this was done above?
$command = 'usermod -a -G amavis _rspamd';
......
######################################################
# This virtual host contains the configuration
# for the ISPConfig apps vhost
######################################################
{tmpl_var name='vhost_port_listen'} Listen {tmpl_var name='apps_vhost_port'}
# NameVirtualHost *:{tmpl_var name='apps_vhost_port'}
<VirtualHost {tmpl_var name='apps_vhost_ip'}:{tmpl_var name='apps_vhost_port'}>
ServerAdmin webmaster@localhost
{tmpl_var name='apps_vhost_servername'}
<Directory {tmpl_var name='apps_vhost_dir'}>
<FilesMatch "\.ph(p3?|tml)$">
SetHandler None
</FilesMatch>
</Directory>
# SSL Configuration
<tmpl_var name="ssl_comment">SSLEngine On
<tmpl_if name='apache_version' op='>=' value='2.3.16' format='version'>
<tmpl_var name="ssl_comment">SSLProtocol All -SSLv3 -TLSv1 -TLSv1.1
<tmpl_else>
<tmpl_var name="ssl_comment">SSLProtocol All -SSLv2 -SSLv3
</tmpl_if>
<tmpl_var name="ssl_comment">SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
<tmpl_var name="ssl_comment">SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
<tmpl_var name="ssl_bundle_comment">SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
<tmpl_var name="ssl_comment">SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
<tmpl_var name="ssl_comment">SSLHonorCipherOrder On
<tmpl_if name='apache_version' op='>=' value='2.4.3' format='version'>
<tmpl_var name="ssl_comment">SSLCompression Off
</tmpl_if>
<tmpl_if name='apache_version' op='>=' value='2.4.11' format='version'>
<tmpl_var name="ssl_comment">SSLSessionTickets Off
</tmpl_if>
<IfModule mod_headers.c>
# ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval
Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'"
<tmpl_var name="ssl_comment">Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests"
Header set X-Content-Type-Options: nosniff
Header set X-Frame-Options: SAMEORIGIN
Header set X-XSS-Protection: "1; mode=block"
Header always edit Set-Cookie (.*) "$1; HTTPOnly"
<tmpl_var name="ssl_comment">Header always edit Set-Cookie (.*) "$1; Secure"
<IfVersion >= 2.4.7>
Header setifempty Strict-Transport-Security "max-age=15768000"
</IfVersion>
<IfVersion < 2.4.7>
Header set Strict-Transport-Security "max-age=15768000"
</IfVersion>
RequestHeader unset Proxy early
</IfModule>
<tmpl_if name='apache_version' op='>=' value='2.3.3' format='version'>
<tmpl_var name="ssl_comment">SSLUseStapling On
<tmpl_var name="ssl_comment">SSLStaplingResponderTimeout 5
<tmpl_var name="ssl_comment">SSLStaplingReturnResponderErrors Off
</tmpl_if>
<IfModule mod_headers.c>
RequestHeader unset Proxy early
</IfModule>
<IfModule mod_php5.c>
DocumentRoot {tmpl_var name='apps_vhost_dir'}
AddType application/x-httpd-php .php
<Directory {tmpl_var name='apps_vhost_dir'}>
Options FollowSymLinks
AllowOverride None
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
Require all granted
<tmpl_else>
Order allow,deny
Allow from all
</tmpl_if>
</Directory>
</IfModule>
<IfModule mod_php7.c>
DocumentRoot {tmpl_var name='apps_vhost_dir'}
AddType application/x-httpd-php .php
<Directory {tmpl_var name='apps_vhost_dir'}>
Options FollowSymLinks
AllowOverride None
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
Require all granted
<tmpl_else>
Order allow,deny
Allow from all
</tmpl_if>
</Directory>
</IfModule>
<IfModule mod_fcgid.c>
DocumentRoot {tmpl_var name='apps_vhost_dir'}
SuexecUserGroup ispapps ispapps
<Directory {tmpl_var name='apps_vhost_dir'}>
Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
AllowOverride AuthConfig Indexes Limit Options FileInfo
<FilesMatch "\.php$">
SetHandler fcgid-script
</FilesMatch>
FCGIWrapper {tmpl_var name='apps_vhost_basedir'}/php-fcgi-scripts/apps/.php-fcgi-starter .php
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
Require all granted
<tmpl_else>
Order allow,deny
Allow from all
</tmpl_if>
</Directory>
IPCCommTimeout 7200
MaxRequestLen 15728640
</IfModule>
{tmpl_if name="use_rspamd"}
<Location /rspamd>
Order allow,deny
Allow from all
</Location>
RewriteEngine On
RewriteRule ^/rspamd$ /rspamd/ [R,L]
RewriteRule ^/rspamd/(.*) http://127.0.0.1:11334/$1 [P]
{/tmpl_if}
</VirtualHost>
<tmpl_if name='apache_version' op='>=' value='2.3.3' format='version'>
<IfModule mod_ssl.c>
<tmpl_var name="ssl_comment">SSLStaplingCache shmcb:/var/run/ocsp(128000)
</IfModule>
</tmpl_if>
server/conf/apache_apps.vhost.master
\ No newline at end of file
......@@ -140,6 +140,7 @@ php_fpm_default_chroot=n
bind_user=root
bind_group=bind
bind_zonefiles_dir=/etc/bind
bind_keyfiles_dir=/etc/bind
named_conf_path=/etc/bind/named.conf
named_conf_local_path=/etc/bind/named.conf.local
disable_bind_log=n
......
......@@ -1652,6 +1652,20 @@ $form["tabs"]['dns'] = array(
'width' => '40',
'maxlength' => '255'
),
'bind_keyfiles_dir' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
'validators' => array( 0 => array('type' => 'NOTEMPTY',
'errmsg' => 'bind_keyfiles_dir_error_empty'),
1 => array ( 'type' => 'REGEX',
'regex' => '/^\/[a-zA-Z0-9\.\-\_\/]{1,128}$/',
'errmsg'=> 'bind_keyfiles_dir_error_regex'),
),
'value' => '',
'width' => '40',
'maxlength' => '255'
),
'named_conf_path' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
......
......@@ -251,7 +251,7 @@ $form['tabs']['users'] = array (
'formtype' => 'CHECKBOX',
'regex' => '',
'errmsg' => '',
'default' => '',
'default' => '1',
'value' => array(0 => 0, 1 => 1),
'separator' => '',
'width' => '30',
......
......@@ -91,10 +91,12 @@ $wb['apps_vhost_servername_txt'] = 'Apps-vhost Domain';
$wb['bind_user_txt'] = 'BIND User';
$wb['bind_group_txt'] = 'BIND Group';
$wb['bind_zonefiles_dir_txt'] = 'BIND zonefiles directory';
$wb['bind_keyfiles_dir_txt'] = 'BIND keyfiles directory';
$wb['named_conf_path_txt'] = 'BIND named.conf path';
$wb['bind_user_error_empty'] = 'BIND user is empty.';
$wb['bind_group_error_empty'] = 'BIND group is empty.';
$wb['bind_zonefiles_dir_error_empty'] = 'BIND zonefiles directory is empty.';
$wb['bind_keyfiles_dir_error_empty'] = 'BIND keyfiles directory is empty.';
$wb['named_conf_path_error_empty'] = 'BIND named.conf path is empty.';
$wb['named_conf_local_path_error_empty'] = 'BIND named.conf.local path is empty.';
$wb['mail_filter_syntax_txt'] = 'Mailfilter Syntax';
......@@ -281,6 +283,7 @@ $wb['awstats_buildstaticpages_pl_error_regex'] = 'Invalid awstats_buildstaticpag
$wb['invalid_bind_user_txt'] = 'Invalid BIND user.';
$wb['invalid_bind_group_txt'] = 'Invalid BIND group.';
$wb['bind_zonefiles_dir_error_regex'] = 'Invalid BIND zonefiles directory.';
$wb['bind_keyfiles_dir_error_regex'] = 'Invalid BIND keyfiles directory.';
$wb['named_conf_path_error_regex'] = 'Invalid named.conf path.';
$wb['named_conf_local_path_error_regex'] = 'Invalid named.conf.local path.';
$wb['fastcgi_starter_path_error_regex'] = 'Invalid fastcgi starter path.';
......
......@@ -11,6 +11,9 @@
<div class="form-group">
<label for="bind_zonefiles_dir" class="col-sm-3 control-label">{tmpl_var name='bind_zonefiles_dir_txt'}</label>
<div class="col-sm-9"><input type="text" name="bind_zonefiles_dir" id="bind_zonefiles_dir" value="{tmpl_var name='bind_zonefiles_dir'}" class="form-control" /></div></div>
<div class="form-group">
<label for="bind_keyfiles_dir" class="col-sm-3 control-label">{tmpl_var name='bind_keyfiles_dir_txt'}</label>
<div class="col-sm-9"><input type="text" name="bind_keyfiles_dir" id="bind_keyfiles_dir" value="{tmpl_var name='bind_keyfiles_dir'}" class="form-control" /></div></div>
<div class="form-group">
<label for="named_conf_path" class="col-sm-3 control-label">{tmpl_var name='named_conf_path_txt'}</label>
<div class="col-sm-9"><input type="text" name="named_conf_path" id="named_conf_path" value="{tmpl_var name='named_conf_path'}" class="form-control" /></div></div>
......
......@@ -318,7 +318,7 @@ $form["tabs"]['address'] = array (
'country' => array (
'datatype' => 'VARCHAR',
'formtype' => 'SELECT',
'default' => (isset($conf['language']) ? strtoupper($conf['language']) : ''),
'default' => (isset($conf['default_country'])) ? strtoupper($conf['default_country']) : ((isset($conf['language'])) ? strtoupper($conf['language']) : ''),
'datasource' => array ( 'type' => 'SQL',
'querystring' => 'SELECT iso,printable_name FROM country ORDER BY printable_name ASC',
'keyfield' => 'iso',
......
......@@ -140,7 +140,7 @@ function process_login_request(app $app, &$error, $conf, $module)
} else {
//* Do 2FA authentication
if(isset($user['otp_type']) and $user['otp_type'] != 'none') {
if(isset($user['otp_type']) && $user['otp_type'] != 'none') {
//* Save session in pending state and destroy original session
$_SESSION['s_pending'] = $_SESSION['s'];
......
......@@ -9,10 +9,12 @@
<VirtualHost {tmpl_var name='apps_vhost_ip'}:{tmpl_var name='apps_vhost_port'}>
ServerAdmin webmaster@localhost
{tmpl_var name='apps_vhost_servername'}
<FilesMatch "\.ph(p3?|tml)$">
SetHandler None
</FilesMatch>
<Directory {tmpl_var name='apps_vhost_dir'}>
<FilesMatch "\.ph(p3?|tml)$">
SetHandler None
</FilesMatch>
</Directory>
# SSL Configuration
<tmpl_var name="ssl_comment">SSLEngine On
......@@ -96,7 +98,7 @@
DocumentRoot {tmpl_var name='apps_vhost_dir'}
SuexecUserGroup ispapps ispapps
<Directory {tmpl_var name='apps_vhost_dir'}>
Options +Indexes +FollowSymLinks +MultiViews +ExecCGI
Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
AllowOverride AuthConfig Indexes Limit Options FileInfo
<FilesMatch "\.php$">
SetHandler fcgid-script
......@@ -109,6 +111,8 @@
Allow from all
</tmpl_if>
</Directory>
IPCCommTimeout 7200
MaxRequestLen 15728640
</IfModule>
{tmpl_if name="use_rspamd"}
......
......@@ -17,4 +17,7 @@ pm.max_spare_servers = 5
chdir = /
; php_admin_value[open_basedir] = /var/www/apps:/srv/www/apps:/usr/share
php_admin_flag[magic_quotes_gpc] = off
\ No newline at end of file
php_admin_flag[magic_quotes_gpc] = off
php_admin_value[post_max_size] = 100M
php_admin_value[upload_max_filesize] = 100M
......@@ -408,6 +408,13 @@
</tmpl_if>
<tmpl_if name='use_tcp'>
#ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ fcgi://127.0.0.1:<tmpl_var name='fpm_port'><tmpl_var name='web_document_root'>/$1
<Directory {tmpl_var name='web_document_root_www'}>
<FilesMatch "\.php[345]?$">
<If "-f '%{REQUEST_FILENAME}'">
SetHandler "proxy:fcgi://127.0.0.1:<tmpl_var name='fpm_port'>"
</If>
</FilesMatch>
</Directory>
<Directory {tmpl_var name='web_document_root'}>
<FilesMatch "\.php[345]?$">
<If "-f '%{REQUEST_FILENAME}'">
......@@ -418,6 +425,13 @@
</tmpl_if>
<tmpl_if name='use_socket'>
#ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ unix://<tmpl_var name='fpm_socket'>|fcgi://localhost/<tmpl_var name='web_document_root'>/$1
<Directory {tmpl_var name='web_document_root_www'}>
<FilesMatch "\.php[345]?$">
<If "-f '%{REQUEST_FILENAME}'">
SetHandler "proxy:unix:<tmpl_var name='fpm_socket'>|fcgi://localhost"
</If>
</FilesMatch>
</Directory>
<Directory {tmpl_var name='web_document_root'}>
<FilesMatch "\.php[345]?$">
<If "-f '%{REQUEST_FILENAME}'">
......
......@@ -44,7 +44,7 @@ class letsencrypt {
}
public function get_acme_script() {
$acme = explode("\n", shell_exec('which acme.sh /usr/local/ispconfig/server/scripts/acme.sh /root/.acme.sh/acme.sh'));
$acme = explode("\n", shell_exec('which acme.sh /usr/local/ispconfig/server/scripts/acme.sh /root/.acme.sh/acme.sh 2> /dev/null'));
$acme = reset($acme);
if(is_executable($acme)) {
return $acme;
......
......@@ -98,11 +98,11 @@ class bind_plugin {
//* Verify that we do not already have keys (overwriting-protection)
if($data['old']['dnssec_algo'] == $data['new']['dnssec_algo']) {
if (file_exists($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.')) {
if (file_exists($dns_config['bind_keyfiles_dir'].'/dsset-'.$domain.'.')) {
return $this->soa_dnssec_update($data);
} else if ($data['new']['dnssec_initialized'] == 'Y') { //In case that we generated keys but the dsset-file was not generated
$keycount=0;
foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'*.key') as $keyfile) {
foreach (glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'*.key') as $keyfile) {
$keycount++;
}
if ($keycount > 0) {
......@@ -116,11 +116,11 @@ class bind_plugin {
$dnssec_algo = explode(',',$data['new']['dnssec_algo']);
//* Create the Zone Signing and Key Signing Keys
if(in_array('ECDSAP256SHA256',$dnssec_algo) && count(glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'.+013*.key')) == 0) {
$app->system->exec_safe('cd ?; dnssec-keygen -3 -a ECDSAP256SHA256 -n ZONE ?; dnssec-keygen -f KSK -3 -a ECDSAP256SHA256 -n ZONE ?', $dns_config['bind_zonefiles_dir'], $domain, $domain);
if(in_array('ECDSAP256SHA256',$dnssec_algo) && count(glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'.+013*.key')) == 0) {
$app->system->exec_safe('cd ?; dnssec-keygen -3 -a ECDSAP256SHA256 -n ZONE ?; dnssec-keygen -f KSK -3 -a ECDSAP256SHA256 -n ZONE ?', $dns_config['bind_keyfiles_dir'], $domain, $domain);
}
if(in_array('NSEC3RSASHA1',$dnssec_algo) && count(glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'.+007*.key')) == 0) {
$app->system->exec_safe('cd ?; dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE ?; dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE ?', $dns_config['bind_zonefiles_dir'], $domain, $domain);
if(in_array('NSEC3RSASHA1',$dnssec_algo) && count(glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'.+007*.key')) == 0) {
$app->system->exec_safe('cd ?; dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE ?; dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE ?', $dns_config['bind_keyfiles_dir'], $domain, $domain);
}
$this->soa_dnssec_sign($data); //Now sign the zone for the first time
......@@ -149,8 +149,8 @@ class bind_plugin {
//* Include ECDSAP256SHA256 keys in zone
if(in_array('ECDSAP256SHA256',$dnssec_algo)) {
foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'.+013*.key') as $keyfile) {
$includeline = '$INCLUDE '.basename($keyfile);
foreach (glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'.+013*.key') as $keyfile) {
$includeline = '$INCLUDE ' . $keyfile;
if (!preg_match('@'.preg_quote($includeline).'@', $zonefile)) $zonefile .= "\n".$includeline."\n";
$keycount++;
}
......@@ -158,8 +158,8 @@ class bind_plugin {
//* Include NSEC3RSASHA1 keys in zone
if(in_array('NSEC3RSASHA1',$dnssec_algo)) {
foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'.+007*.key') as $keyfile) {
$includeline = '$INCLUDE '.basename($keyfile);
foreach (glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'.+007*.key') as $keyfile) {
$includeline = '$INCLUDE ' . $keyfile;
if (!preg_match('@'.preg_quote($includeline).'@', $zonefile)) $zonefile .= "\n".$includeline."\n";
$keycount++;
}
......@@ -171,20 +171,20 @@ class bind_plugin {
file_put_contents($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain, $zonefile);
//* Sign the zone and set it valid for max. 16 days
$app->system->exec_safe('cd ?; dnssec-signzone -A -e +1382400 -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N increment -o ? -t ?', $dns_config['bind_zonefiles_dir'], $domain, $filespre.$domain);
$app->system->exec_safe('cd ?; dnssec-signzone -A -e +1382400 -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N increment -o ? -K ? -t ?', $dns_config['bind_zonefiles_dir'], $domain, $dns_config['bind_keyfiles_dir'], $dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain);
//* Write Data back ino DB
$dnssecdata = "DS-Records:\n".file_get_contents($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.');
$dnssecdata = "DS-Records:\n".file_get_contents($dns_config['bind_keyfiles_dir'].'/dsset-'.$domain.'.');
$dnssecdata .= "\n------------------------------------\n\nDNSKEY-Records:\n";
if(in_array('ECDSAP256SHA256',$dnssec_algo)) {
foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'.+013*.key') as $keyfile) {
foreach (glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'.+013*.key') as $keyfile) {
$dnssecdata .= file_get_contents($keyfile)."\n\n";
}
}
if(in_array('NSEC3RSASHA1',$dnssec_algo)) {
foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'.+007*.key') as $keyfile) {
foreach (glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'.+007*.key') as $keyfile) {
$dnssecdata .= file_get_contents($keyfile)."\n\n";
}
}
......@@ -213,7 +213,7 @@ class bind_plugin {
return false;
}
if (!$new && !file_exists($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.')) $this->soa_dnssec_create($data);
if (!$new && !file_exists($dns_config['bind_keyfiles_dir'].'/dsset-'.$domain.'.')) $this->soa_dnssec_create($data);
$dbdata = $app->db->queryOneRecord('SELECT id,serial FROM dns_soa WHERE id=?', intval($data['new']['id']));
$app->system->exec_safe('cd ?; named-checkzone ? ? | egrep -ho \'[0-9]{10}\'', $dns_config['bind_zonefiles_dir'], $domain, $dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain);
......@@ -237,12 +237,12 @@ class bind_plugin {
$domain = substr($data['new']['origin'], 0, strlen($data['new']['origin'])-1);
$key_files = glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'.+*');
$key_files = glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'.+*');
foreach($key_files as $file) {
unlink($file);
}
unlink($dns_config['bind_zonefiles_dir'].'/'.$this->zone_file_prefix().$domain.'.signed');
unlink($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.');
unlink($dns_config['bind_keyfiles_dir'].'/dsset-'.$domain.'.');
if ($app->dbmaster !== $app->db) $app->dbmaster->query('UPDATE dns_soa SET dnssec_info=\'\', dnssec_initialized=\'N\' WHERE id=?', intval($data['new']['id']));
$app->db->query('UPDATE dns_soa SET dnssec_info=\'\', dnssec_initialized=\'N\' WHERE id=?', intval($data['new']['id']));
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment