Commit 9af10d96 authored by Till Brehm's avatar Till Brehm

Implements #5249 Backport CAA record feature from 3.2 to 3.1.14

parents 84cb1177 547fd262
......@@ -2,3 +2,79 @@ ALTER TABLE `sys_datalog` ADD `session_id` varchar(64) NOT NULL DEFAULT '' AFTER
ALTER TABLE `sys_user` CHANGE `sys_userid` `sys_userid` INT(11) UNSIGNED NOT NULL DEFAULT '1' COMMENT 'Created by userid';
ALTER TABLE `sys_user` CHANGE `sys_groupid` `sys_groupid` INT(11) UNSIGNED NOT NULL DEFAULT '1' COMMENT 'Created by groupid';
ALTER TABLE `web_domain` ADD COLUMN `php_fpm_chroot` enum('n','y') NOT NULL DEFAULT 'n' AFTER `php_fpm_use_socket`;
CREATE TABLE IF NOT EXISTS `dns_ssl_ca` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`sys_userid` int(11) unsigned NOT NULL DEFAULT '0',
`sys_groupid` int(11) unsigned NOT NULL DEFAULT '0',
`sys_perm_user` varchar(5) NOT NULL DEFAULT '',
`sys_perm_group` varchar(5) NOT NULL DEFAULT '',
`sys_perm_other` varchar(5) NOT NULL DEFAULT '',
`active` enum('N','Y') NOT NULL DEFAULT 'N',
`ca_name` varchar(255) NOT NULL DEFAULT '',
`ca_issue` varchar(255) NOT NULL DEFAULT '',
`ca_wildcard` enum('Y','N') NOT NULL DEFAULT 'N',
`ca_iodef` text NOT NULL,
`ca_critical` tinyint(1) NOT NULL DEFAULT '0',
PRIMARY KEY (`id`),
UNIQUE KEY (`ca_issue`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
ALTER TABLE `dns_ssl_ca` ADD UNIQUE(`ca_issue`);
UPDATE `dns_ssl_ca` SET `ca_issue` = 'comodo.com' WHERE `ca_issue` = 'comodoca.com';
DELETE FROM `dns_ssl_ca` WHERE `ca_issue` = 'geotrust.com';
DELETE FROM `dns_ssl_ca` WHERE `ca_issue` = 'thawte.com';
UPDATE `dns_ssl_ca` SET `ca_name` = 'Symantec / Thawte / GeoTrust' WHERE `ca_issue` = 'symantec.com';
ALTER TABLE `dns_rr` CHANGE `type` `type` ENUM('A','AAAA','ALIAS','CAA','CNAME','DS','HINFO','LOC','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY') CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL;
ALTER TABLE `dns_rr` CHANGE `data` `data` TEXT NOT NULL;
INSERT IGNORE INTO `dns_ssl_ca` (`id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `active`, `ca_name`, `ca_issue`, `ca_wildcard`, `ca_iodef`, `ca_critical`) VALUES
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'AC Camerfirma', 'camerfirma.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'ACCV', 'accv.es', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Actalis', 'actalis.it', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Amazon', 'amazon.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Asseco', 'certum.pl', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Buypass', 'buypass.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CA Disig', 'disig.sk', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CATCert', 'aoc.cat', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Certinomis', 'www.certinomis.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Certizen', 'hongkongpost.gov.hk', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'certSIGN', 'certsign.ro', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CFCA', 'cfca.com.cn', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Chunghwa Telecom', 'cht.com.tw', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Comodo', 'comodoca.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'D-TRUST', 'd-trust.net', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'DigiCert', 'digicert.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'DocuSign', 'docusign.fr', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'e-tugra', 'e-tugra.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'EDICOM', 'edicomgroup.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Entrust', 'entrust.net', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Firmaprofesional', 'firmaprofesional.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'FNMT', 'fnmt.es', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GlobalSign', 'globalsign.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GoDaddy', 'godaddy.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Google Trust Services', 'pki.goog', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GRCA', 'gca.nat.gov.tw', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'HARICA', 'harica.gr', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'IdenTrust', 'identrust.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Izenpe', 'izenpe.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Kamu SM', 'kamusm.gov.tr', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Let''s Encrypt', 'letsencrypt.org', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Microsec e-Szigno', 'e-szigno.hu', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'NetLock', 'netlock.hu', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'PKIoverheid', 'www.pkioverheid.nl', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'PROCERT', 'procert.net.ve', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'QuoVadis', 'quovadisglobal.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'SECOM', 'secomtrust.net', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Sertifitseerimiskeskuse', 'sk.ee', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'StartCom', 'startcomca.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'SwissSign', 'swisssign.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Symantec / Thawte / GeoTrust', 'symantec.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'T-Systems', 'telesec.de', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Telia', 'telia.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Trustwave', 'trustwave.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Web.com', 'web.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'WISeKey', 'wisekey.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'WoSign', 'wosign.com', 'Y', '', 0);
......@@ -478,7 +478,6 @@ CREATE TABLE IF NOT EXISTS `directive_snippets` (
--
-- Table structure for table `dns_rr`
--
CREATE TABLE `dns_rr` (
`id` int(11) unsigned NOT NULL auto_increment,
`sys_userid` int(11) unsigned NOT NULL DEFAULT '0',
......@@ -489,7 +488,7 @@ CREATE TABLE `dns_rr` (
`server_id` int(11) NOT NULL default '1',
`zone` int(11) unsigned NOT NULL DEFAULT '0',
`name` varchar(255) NOT NULL DEFAULT '',
`type` enum('A','AAAA','ALIAS','CNAME','DS','HINFO','LOC','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY') default NULL,
`type` enum('A','AAAA','ALIAS','CNAME','CAA','DS','HINFO','LOC','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY') default NULL,
`data` TEXT NOT NULL,
`aux` int(11) unsigned NOT NULL default '0',
`ttl` int(11) unsigned NOT NULL default '3600',
......@@ -525,6 +524,80 @@ CREATE TABLE `dns_slave` (
-- --------------------------------------------------------
--
-- Table structure for table `dns_ssl_ca`
--
CREATE TABLE IF NOT EXISTS `dns_ssl_ca` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`sys_userid` int(11) unsigned NOT NULL DEFAULT '0',
`sys_groupid` int(11) unsigned NOT NULL DEFAULT '0',
`sys_perm_user` varchar(5) NOT NULL DEFAULT '',
`sys_perm_group` varchar(5) NOT NULL DEFAULT '',
`sys_perm_other` varchar(5) NOT NULL DEFAULT '',
`active` enum('N','Y') NOT NULL DEFAULT 'N',
`ca_name` varchar(255) NOT NULL DEFAULT '',
`ca_issue` varchar(255) NOT NULL DEFAULT '',
`ca_wildcard` enum('Y','N') NOT NULL DEFAULT 'N',
`ca_iodef` text NOT NULL,
`ca_critical` tinyint(1) NOT NULL DEFAULT '0',
PRIMARY KEY (`id`),
UNIQUE KEY (`ca_issue`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
ALTER TABLE `dns_ssl_ca` ADD UNIQUE(`ca_issue`);
INSERT INTO `dns_ssl_ca` (`id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `active`, `ca_name`, `ca_issue`, `ca_wildcard`, `ca_iodef`, `ca_critical`) VALUES
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'AC Camerfirma', 'camerfirma.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'ACCV', 'accv.es', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Actalis', 'actalis.it', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Amazon', 'amazon.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Asseco', 'certum.pl', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Buypass', 'buypass.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CA Disig', 'disig.sk', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CATCert', 'aoc.cat', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Certinomis', 'www.certinomis.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Certizen', 'hongkongpost.gov.hk', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'certSIGN', 'certsign.ro', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CFCA', 'cfca.com.cn', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Chunghwa Telecom', 'cht.com.tw', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Comodo', 'comodoca.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'D-TRUST', 'd-trust.net', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'DigiCert', 'digicert.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'DocuSign', 'docusign.fr', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'e-tugra', 'e-tugra.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'EDICOM', 'edicomgroup.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Entrust', 'entrust.net', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Firmaprofesional', 'firmaprofesional.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'FNMT', 'fnmt.es', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GlobalSign', 'globalsign.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GoDaddy', 'godaddy.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Google Trust Services', 'pki.goog', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GRCA', 'gca.nat.gov.tw', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'HARICA', 'harica.gr', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'IdenTrust', 'identrust.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Izenpe', 'izenpe.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Kamu SM', 'kamusm.gov.tr', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Let''s Encrypt', 'letsencrypt.org', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Microsec e-Szigno', 'e-szigno.hu', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'NetLock', 'netlock.hu', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'PKIoverheid', 'www.pkioverheid.nl', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'PROCERT', 'procert.net.ve', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'QuoVadis', 'quovadisglobal.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'SECOM', 'secomtrust.net', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Sertifitseerimiskeskuse', 'sk.ee', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'StartCom', 'startcomca.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'SwissSign', 'swisssign.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Symantec / Thawte / GeoTrust', 'symantec.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'T-Systems', 'telesec.de', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Telia', 'telia.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Trustwave', 'trustwave.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Web.com', 'web.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'WISeKey', 'wisekey.com', 'Y', '', 0),
(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'WoSign', 'wosign.com', 'Y', '', 0);
-- --------------------------------------------------------
--
-- Table structure for table `dns_soa`
--
......
<?php
/*
Copyright (c) 2017, Florian Schaal, schaal @it UG
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of ISPConfig nor the names of its contributors
may be used to endorse or promote products derived from this software without
specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
class plugin_system_config_dns_ca extends plugin_base {
var $module;
var $form;
var $tab;
var $record_id;
var $formdef;
var $options;
var $error = '';
function onShow() {
global $app;
$pluginTpl = new tpl;
$pluginTpl->newTemplate('templates/system_config_dns_ca_edit.htm');
include 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_system_config.lng';
$pluginTpl->setVar($wb);
$ca_id = $app->functions->intval($_GET['id']);
if(isset($_GET['action']) && ($_GET['action'] == 'edit') && $ca_id > 0) {
$pluginTpl->setVar('edit_record', 1);
$rec = $app->db->queryOneRecord("SELECT * FROM dns_ssl_ca WHERE id = ?", $ca_id);
$pluginTpl->setVar('id', $rec['id']);
$pluginTpl->setVar('ca_name', $rec['ca_name']);
$pluginTpl->setVar('ca_issue', $rec['ca_issue']);
$pluginTpl->setVar('ca_wildcard', $rec['ca_wildcard']);
$pluginTpl->setVar('ca_critical', $rec['ca_critical']);
$pluginTpl->setVar('ca_iodef', $rec['ca_iodef']);
$pluginTpl->setVar('active', $rec['active']);
} elseif(isset($_GET['action']) && ($_GET['action'] == 'save') && $ca_id > 0) {
$pluginTpl->setVar('edit_record', 0);
$pluginTpl->setVar('id', $ca_id);
$pluginTpl->setVar('ca_name', $app->functions->htmlentities($_POST['ca_name']));
$pluginTpl->setVar('ca_issue', $app->functions->htmlentities($_POST['ca_issue']));
$pluginTpl->setVar('ca_wildcard', $app->functions->htmlentities($_POST['ca_wildcard']));
$pluginTpl->setVar('ca_critical', $app->functions->htmlentities($_POST['ca_critical']));
$pluginTpl->setVar('ca_iodef', $app->functions->htmlentities($_POST['ca_iodef']));
$pluginTpl->setVar('active', $app->functions->htmlentities($_POST['active']));
} else {
$pluginTpl->setVar('edit_record', 0);
}
return $pluginTpl->grab();
}
function onUpdate() {
global $app;
$ca_id = $app->functions->intval($_GET['id']);
if(isset($_GET['action']) && $_GET['action'] == 'save') {
if($ca_id > 0) {
$app->db->query("UPDATE dns_ssl_ca SET ca_name = ?, ca_issue = ?, ca_wildcard = ?, ca_iodef = ?, active = ? WHERE id = ?", $_POST['ca_name'], $_POST['ca_issue'], $_POST['ca_wildcard'], $_POST['ca_iodef'], $_POST['active'], $ca_id);
} else {
$app->db->query("INSERT INTO (sys_userid, sys_groupid, sys_perm_user, sys_perm_group, sys_perm_other, ca_name, ca_issue, ca_wildcard, ca_iodef, active) VALUES(1, 1, 'riud', 'riud', '', ?, ?, ?, ?, ?", $_POST['ca_name'], $_POST['ca_issue'], $_POST['ca_wildcard'], $_POST['ca_iodef'], $_POST['active']);
}
}
}
}
?>
<?php
/*
Copyright (c) 2017, Florian Schaal, schaal @it UG
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of ISPConfig nor the names of its contributors
may be used to endorse or promote products derived from this software without
specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
class plugin_system_config_dns_ca_list extends plugin_base {
var $module;
var $form;
var $tab;
var $record_id;
var $formdef;
var $options;
function onShow() {
global $app;
$listTpl = new tpl;
$listTpl->newTemplate('templates/system_config_dns_ca_list.htm');
//* Loading language file
$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_system_config.lng';
include $lng_file;
$listTpl->setVar($wb);
if($_SESSION['s']['user']['typ'] == 'admin') {
if(isset($_GET['action'])) {
$ca_id = $app->functions->intval($_GET['id']);
if($_GET['action'] == 'delete' && $ca_id > 0) {
$app->db->query("DELETE FROM dns_ssl_ca WHERE id = ?", $ca_id);
}
}
}
if(isset($_GET['action']) && $_GET['action'] == 'edit' && $_GET['id'] > 0) $listTpl->setVar('edit_record', 1);
// Getting Datasets from DB
$ca_records = $app->db->queryAllRecords("SELECT * FROM dns_ssl_ca ORDER BY ca_name ASC");
$records=array();
if(is_array($ca_records) && count($ca_records) > 0) {
foreach($ca_records as $ca) {
$rec['ca_id'] = $ca['id'];
$rec['name'] = $ca['ca_name'];
$rec['active'] = $ca['active'];
$records[] = $rec;
unset($rec);
}
$listTpl->setLoop('ca_records', @$records);
}
$listTpl->setVar('parent_id', $this->form->id);
return $listTpl->grab();
}
}
?>
<?php
/*
Copyright (c) 2017, Florian Schaal, schaal @it UG
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of ISPConfig nor the names of its contributors
may be used to endorse or promote products derived from this software without
specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
class system_config_dns_ca_plugin {
var $plugin_name = 'system_config_dns_ca_plugin';
var $class_name = 'system_config_dns_ca_plugin';
function onLoad() {
global $app;
$app->plugin->registerEvent('dns:dns_caa:on_after_update', 'system_config_dns_ca_plugin', 'caa_update');
$app->plugin->registerEvent('dns:dns_caa:on_after_insert', 'system_config_dns_ca_plugin', 'caa_update');
$app->plugin->registerEvent('sites:web_vhost_domain:on_after_insert', 'system_config_dns_ca_plugin', 'web_vhost_domain_edit');
$app->plugin->registerEvent('sites:web_vhost_domain:on_after_update', 'system_config_dns_ca_plugin', 'web_vhost_domain_edit');
}
function caa_update($event_name, $page_form) {
global $app;
if(trim($page_form->dataRecord['additional'] != '')) {
$rec = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE id = ?", $page_form->id);
unset($rec['id']);
$zone = $app->db->queryOneRecord("SELECT origin FROM dns_soa WHERE id = ?", $rec['zone']);
$host=str_replace($zone['origin'], '', $page_form->dataRecord['name']);
$host=rtrim($host,'.');
$page_form->dataRecord['additional']=str_replace($host, '', $page_form->dataRecord['additional']);
$additional=explode(',', $page_form->dataRecord['additional']);
foreach($additional as $new) {
if($new != '') {
$insert_data = $rec;
$insert_data['name'] = $new.'.'.$zone['origin'];
$app->db->datalogInsert('dns_rr', $insert_data, 'id');
}
}
}
}
function web_vhost_domain_edit($event_name, $page_form) {
global $app;
if($page_form->dataRecord['ssl_letsencrypt'] == 'y') {
$domain = $page_form->dataRecord['domain'];
$subdomain = $page_form->dataRecord['subdomain'];
$temp=$app->db->queryAllRecords("SELECT * FROM dns_rr WHERE type = 'CAA' AND (name = ? OR name = ?) AND data like ?", $domain.'.', $subdomain.'.'.$domain.'.', '%letsencrypt%');
if(count($temp) == 0) {
$caa = $app->db->queryOneRecord("SELECT * FROM dns_ssl_ca WHERE ca_issue = 'letsencrypt.org' AND active = 'Y'");
$soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE origin = ?", $domain.'.');
if(is_array($caa) && is_array($soa)) {
$records = array();
$records[] = $domain.'.';;
if($subdomain != '' && $subdomain != 'www') $records[] = $subdomain.'.'.$domain;
foreach($records as $record) {
$new_rr = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE name = ?", $soa['origin']);
unset($new_rr['id']);
$new_rr['type'] = 'CAA';
$new_rr['name'] = $record;
$new_rr['data'] = "0 issue \"$caa[ca_issue]\"";
$new_rr['ttl'] = $soa['ttl'];
$new_rr['active'] = 'Y';
$new_rr['stamp'] = date('Y-m-d H:i:s');
$new_rr['serial'] = $app->validate_dns->increase_serial($new_rr['serial']);
$app->db->datalogInsert('dns_rr', $new_rr, 'id', $new_rr['zone']);
$zone = $app->db->queryOneRecord("SELECT id, serial FROM dns_soa WHERE active = 'Y' AND id = ?", $new_rr['zone']);
$new_serial = $app->validate_dns->increase_serial($zone['serial']);
$app->db->datalogUpdate('dns_soa', array("serial" => $new_serial), 'id', $zone['id']);
}
}
}
}
}
} // End class
?>
......@@ -730,5 +730,21 @@ $form["tabs"]['misc'] = array (
)
);
$form['tabs']['dns_ca'] = array (
'title' => 'DNS CAs',
'width' => 100,
'template' => 'templates/system_config_dns_ca.htm',
'fields' => array (),
'plugins' => array (
'dns_ca' => array (
'class' => 'plugin_system_config_dns_ca',
'options' => array()
),
'dns_ca_list' => array (
'class' => 'plugin_system_config_dns_ca_list',
'options' => array()
)
)
);
?>
......@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
$wb['default_dnsserver_txt'] = 'Default DNS Server';
$wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
$wb['default_dbserver_txt'] = 'Default Database Server';
$wb['ca_name_txt'] = 'Name';
$wb['ca_issue_txt'] = 'Issue';
$wb['ca_wildcard_txt'] = 'Use Wildcard';
$wb['ca_critical_txt'] = 'Strict Check'; //For future use. At this time, CA’s do not recognize any other flag values as described in RFC 6844
$wb['ca_iodef_txt'] = 'iodef';
$wb['active_txt'] = 'Aktive';
$wb['btn_save_txt'] = 'Save';
$wb['btn_cancel_txt'] = 'Cancel';
?>
......@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
$wb['default_dnsserver_txt'] = 'Default DNS Server';
$wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
$wb['default_dbserver_txt'] = 'Default Database Server';
$wb['ca_name_txt'] = 'Name';
$wb['ca_issue_txt'] = 'Issue';
$wb['ca_wildcard_txt'] = 'Use Wildcard';
$wb['ca_critical_txt'] = 'Strict Check'; //For future use. At this time, CA’s do not recognize any other flag values as described in RFC 6844
$wb['ca_iodef_txt'] = 'iodef';
$wb['active_txt'] = 'Aktive';
$wb['btn_save_txt'] = 'Save';
$wb['btn_cancel_txt'] = 'Cancel';
?>
......@@ -79,6 +79,22 @@ $wb['default_mailserver_txt'] = 'Servidor de e-mails padrão';
$wb['default_webserver_txt'] = 'Servidor web padrão';
$wb['default_dnsserver_txt'] = 'Servidor dns padrão';
$wb['default_slave_dnsserver_txt'] = 'Servidor dns secundário padrão';
$wb['ca_name_txt'] = 'Name';
$wb['ca_issue_txt'] = 'Issue';
$wb['ca_wildcard_txt'] = 'Use Wildcard';
$wb['ca_critical_txt'] = 'Strict Check'; //For future use. At this time, CA<E2><80><99>s do not recognize any other flag values as described in RFC 6844
$wb['ca_iodef_txt'] = 'iodef';
$wb['active_txt'] = 'Aktive';
$wb['btn_save_txt'] = 'Save';
$wb['btn_cancel_txt'] = 'Cancel';
$wb['default_dbserver_txt'] = 'Servidor de banco de dados padrão';
$wb['No'] = 'Não';
$wb['ca_name_txt'] = 'Name';
$wb['ca_issue_txt'] = 'Issue';
$wb['ca_wildcard_txt'] = 'Use Wildcard';
$wb['ca_critical_txt'] = 'Strict Check'; //For future use. At this time, CA’s do not recognize any other flag values as described in RFC 6844
$wb['ca_iodef_txt'] = 'iodef';
$wb['active_txt'] = 'Aktive';
$wb['btn_save_txt'] = 'Save';
$wb['btn_cancel_txt'] = 'Cancel';
?>
......@@ -81,4 +81,12 @@ $wb['reseller_can_use_options_txt'] = 'Reseller can use the option-tab for websi
$wb['custom_login_text_txt'] = 'Custom Text on Login-Page';
$wb['custom_login_link_txt'] = 'Custom Link on Login-Page';
$wb['login_link_error_regex'] = 'Invalid Link for Custom Login';
$wb['ca_name_txt'] = 'Name';
$wb['ca_issue_txt'] = 'Issue';
$wb['ca_wildcard_txt'] = 'Use Wildcard';
$wb['ca_critical_txt'] = 'Strict Check'; //For future use. At this time, CA’s do not recognize any other flag values as described in RFC 6844
$wb['ca_iodef_txt'] = 'iodef';
$wb['active_txt'] = 'Aktive';
$wb['btn_save_txt'] = 'Save';
$wb['btn_cancel_txt'] = 'Cancel';
?>
......@@ -81,4 +81,12 @@ $wb['reseller_can_use_options_txt'] = 'Reseller can use the option-tab for websi
$wb['custom_login_text_txt'] = 'Vlastní text na přihlašovací stránce';
$wb['custom_login_link_txt'] = 'Vlastní odkaz (URL) na přihlašovací stránce (vlastní text)';
$wb['login_link_error_regex'] = 'Neplatný formát URL pro vlastní odkaz na přihlašovací stránce';
$wb['ca_name_txt'] = 'Name';
$wb['ca_issue_txt'] = 'Issue';
$wb['ca_wildcard_txt'] = 'Use Wildcard';
$wb['ca_critical_txt'] = 'Strict Check'; //For future use. At this time, CA’s do not recognize any other flag values as described in RFC 6844
$wb['ca_iodef_txt'] = 'iodef';
$wb['active_txt'] = 'Aktive';
$wb['btn_save_txt'] = 'Save';
$wb['btn_cancel_txt'] = 'Cancel';
?>
......@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
$wb['default_dnsserver_txt'] = 'Default DNS Server';
$wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
$wb['default_dbserver_txt'] = 'Default Database Server';
$wb['ca_name_txt'] = 'Name';
$wb['ca_issue_txt'] = 'Issue';
$wb['ca_wildcard_txt'] = 'Wildcard verwenden';
$wb['ca_critical_txt'] = 'Strikte Überprüfung'; //For future use. At this time, CA’s do not recognize any other flag values as described in RFC 6844
$wb['ca_iodef_txt'] = 'iodef';
$wb['active_txt'] = 'Aktiv';
$wb['btn_save_txt'] = 'Speichern';
$wb['btn_cancel_txt'] = 'Abbrechen';
?>
......@@ -81,4 +81,12 @@ $wb['reseller_can_use_options_txt'] = 'Reseller can use the option-tab for websi
$wb['custom_login_text_txt'] = 'Custom Text on Login-Page';
$wb['custom_login_link_txt'] = 'Custom Link on Login-Page';
$wb['login_link_error_regex'] = 'Invalid Link for Custom Login';
$wb['ca_name_txt'] = 'Name';
$wb['ca_issue_txt'] = 'Issue';
$wb['ca_wildcard_txt'] = 'Use Wildcard';
$wb['ca_critical_txt'] = 'Strict Check'; //For future use. At this time, CA’s do not recognize any other flag values as described in RFC 6844
$wb['ca_iodef_txt'] = 'iodef';
$wb['active_txt'] = 'Aktive';
$wb['btn_save_txt'] = 'Save';
$wb['btn_cancel_txt'] = 'Cancel';
?>
......@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
$wb['default_dnsserver_txt'] = 'Default DNS Server';
$wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
$wb['default_dbserver_txt'] = 'Default Database Server';
$wb['ca_name_txt'] = 'Name';
$wb['ca_issue_txt'] = 'Issue';
$wb['ca_wildcard_txt'] = 'Use Wildcard';
$wb['ca_critical_txt'] = 'Strict Check'; //For future use. At this time, CA’s do not recognize any other flag values as described in RFC 6844
$wb['ca_iodef_txt'] = 'iodef';
$wb['active_txt'] = 'Aktive';
$wb['btn_save_txt'] = 'Save';
$wb['btn_cancel_txt'] = 'Cancel';
?>
......@@ -84,4 +84,12 @@ $wb["reseller_can_use_options_txt"] = "Reseller can use the option-tab for websi
$wb["custom_login_text_txt"] = "Custom Text on Login-Page";
$wb["custom_login_link_txt"] = "Custom Link on Login-Page";
$wb["login_link_error_regex"] = "Invalid Link for Custom Login";
$wb['ca_name_txt'] = 'Name';
$wb['ca_issue_txt'] = 'Issue';
$wb['ca_wildcard_txt'] = 'Use Wildcard';
$wb['ca_critical_txt'] = 'Strict Check'; //For future use. At this time, CA’s do not recognize any other flag values as described in RFC 6844
$wb['ca_iodef_txt'] = 'iodef';
$wb['active_txt'] = 'Active';
$wb['btn_save_txt'] = 'Save';
$wb['btn_cancel_txt'] = 'Cancel';
?>
......@@ -81,4 +81,12 @@ $wb['webftp_url_txt'] = 'Enlace al cliente FTP por web';
$wb['webmail_url_error_regex'] = 'Dirección del correo web inválida';
$wb['webmail_url_note_txt'] = 'Marcador de posición:';
$wb['webmail_url_txt'] = 'URL de correo web';
$wb['ca_name_txt'] = 'Name';
$wb['ca_issue_txt'] = 'Issue';
$wb['ca_wildcard_txt'] = 'Use Wildcard';
$wb['ca_critical_txt'] = 'Strict Check'; //For future use. At this time, CA’s do not recognize any other flag values as described in RFC 6844
$wb['ca_iodef_txt'] = 'iodef';
$wb['active_txt'] = 'Aktive';
$wb['btn_save_txt'] = 'Save';
$wb['btn_cancel_txt'] = 'Cancel';
?>
......@@ -81,4 +81,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';