Merge branch 'master' into 'master'

Add DNS CAA Records to Interface (#4449)



See merge request !596

Author: Till Brehm

install/sql/incremental/upd_dev_collection.sql

@@ -29,3 +29,31 @@ CHANGE `spam_modifies_subj` `spam_modifies_subj` ENUM('N','Y') CHARACTER SET utf
 CHANGE `warnvirusrecip` `warnvirusrecip` ENUM('N','Y') CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT 'N',
 CHANGE `warnbannedrecip` `warnbannedrecip` ENUM('N','Y') CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT 'N',
 CHANGE `warnbadhrecip` `warnbadhrecip` ENUM('N','Y') CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT 'N';
+
+CREATE TABLE IF NOT EXISTS `dns_ssl_ca` (
+  `id` int(10) unsigned NOT AUTO_INCREMENT,
+  `sys_userid` int(11) unsigned NOT NULL DEFAULT '0',
+  `sys_groupid` int(11) unsigned NOT NULL DEFAULT '0',
+  `sys_perm_user` varchar(5) NOT NULL DEFAULT '',
+  `sys_perm_group` varchar(5) NOT NULL DEFAULT '',
+  `sys_perm_other` varchar(5) NOT NULL DEFAULT '',
+  `active` enum('N','Y') NOT NULL DEFAULT 'N',
+  `ca_name` varchar(255) NOT NULL DEFAULT '',
+  `ca_issue` varchar(255) NOT NULL DEFAULT '',
+  `ca_wildcard` enum('Y','N') NOT NULL DEFAULT 'N',
+  `ca_iodef` text NOT NULL,
+  `ca_critical` tinyint(1) NOT NULL DEFAULT '0'
+) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+
+INSERT INTO `dns_ssl_ca` (`id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `active`, `ca_name`, `ca_issue`, `ca_wildcard`, `ca_iodef`, `ca_critical`) VALUES
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Comodo', 'comodoca.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'DigiCert', 'digicert.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Entrust', 'entrust.net', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GeoTrust (Symantec)', 'geotrust.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Izenpe', 'izenpe.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Let''s Encrypt', 'letsencrypt.org', 'N', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Symantec', 'symantec.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Thawte (Symantec)', 'thawte.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'WoSign', 'wosign.com', 'Y', '', 0);
+
+ALTER TABLE `dns_rr` CHANGE `type` `type` ENUM('A','AAAA','ALIAS','CAA','CNAME','DS','HINFO','LOC','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY') CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL;

install/sql/ispconfig3.sql

@@ -489,7 +489,7 @@ CREATE TABLE `dns_rr` (
   `server_id` int(11) NOT NULL default '1',
   `zone` int(11) unsigned NOT NULL DEFAULT '0',
   `name` varchar(255) NOT NULL DEFAULT '',
-  `type` enum('A','AAAA','ALIAS','CNAME','DS','HINFO','LOC','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY') default NULL,
+  `type` enum('A','AAAA','ALIAS','CAA','CNAME','DS','HINFO','LOC','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY') default NULL,
   `data` TEXT NOT NULL,
   `aux` int(11) unsigned NOT NULL default '0',
   `ttl` int(11) unsigned NOT NULL default '3600',
@@ -500,6 +500,39 @@ CREATE TABLE `dns_rr` (
   KEY `rr` (`zone`,`type`,`name`)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
 
+-- --------------------------------------------------------
+
+-- 
+-- Table structure for table  `dns_ssl_ca`
+-- 
+
+CREATE TABLE IF NOT EXISTS `dns_ssl_ca` (
+  `id` int(10) unsigned NOT AUTO_INCREMENT,
+  `sys_userid` int(11) unsigned NOT NULL DEFAULT '0',
+  `sys_groupid` int(11) unsigned NOT NULL DEFAULT '0',
+  `sys_perm_user` varchar(5) NOT NULL DEFAULT '',
+  `sys_perm_group` varchar(5) NOT NULL DEFAULT '',
+  `sys_perm_other` varchar(5) NOT NULL DEFAULT '',
+  `active` enum('N','Y') NOT NULL DEFAULT 'N',
+  `ca_name` varchar(255) NOT NULL DEFAULT '',
+  `ca_issue` varchar(255) NOT NULL DEFAULT '',
+  `ca_wildcard` enum('Y','N') NOT NULL DEFAULT 'N',
+  `ca_iodef` text NOT NULL,
+  `ca_critical` tinyint(1) NOT NULL DEFAULT '0'
+) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+
+INSERT INTO `dns_ssl_ca` (`id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `active`, `ca_name`, `ca_issue`, `ca_wildcard`, `ca_iodef`, `ca_critical`) VALUES
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Comodo', 'comodoca.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'DigiCert', 'digicert.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Entrust', 'entrust.net', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GeoTrust (Symantec)', 'geotrust.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Izenpe', 'izenpe.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Let''s Encrypt', 'letsencrypt.org', 'N', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Symantec', 'symantec.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Thawte (Symantec)', 'thawte.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'WoSign', 'wosign.com', 'Y', '', 0);
+
+
 -- --------------------------------------------------------
 
 --

interface/lib/classes/plugin_system_config_dns_ca.inc.php

@@ -0,0 +1,92 @@
+<?php
+
+/*
+Copyright (c) 2017, Florian Schaal, schaal @it UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+class plugin_system_config_dns_ca extends plugin_base {
+
+	var $module;
+	var $form;
+	var $tab;
+	var $record_id;
+	var $formdef;
+	var $options;
+	var $error = '';
+
+	function onShow() {
+		global $app;
+
+		$pluginTpl = new tpl;
+		$pluginTpl->newTemplate('templates/system_config_dns_ca_edit.htm');
+		include 'lib/lang/'.$_SESSION['s']['language'].'_system_config.lng';
+		$pluginTpl->setVar($wb);
+		if(isset($_GET['action']) && ($_GET['action'] == 'edit') && $_GET['id'] > 0) {
+			$pluginTpl->setVar('edit_record', 1);
+			$ca_id = intval($_GET['id']);
+			$rec = $app->db->queryOneRecord("SELECT * FROM dns_ssl_ca WHERE id = ?", $ca_id);
+			$pluginTpl->setVar('id', $rec['id']);
+			$pluginTpl->setVar('ca_name', $rec['ca_name']);
+			$pluginTpl->setVar('ca_issue', $rec['ca_issue']);
+			$pluginTpl->setVar('ca_wildcard', $rec['ca_wildcard']);
+			$pluginTpl->setVar('ca_critical', $rec['ca_critical']);
+			$pluginTpl->setVar('ca_iodef', $rec['ca_iodef']);
+			$pluginTpl->setVar('active', $rec['active']);
+		} elseif(isset($_GET['action']) && ($_GET['action'] == 'save') && $_GET['id'] > 0) {
+			$pluginTpl->setVar('edit_record', 0);
+			$ca_id = intval($_GET['id']);
+			$pluginTpl->setVar('id', $ca_id);
+			$pluginTpl->setVar('ca_name', $_POST['ca_name']);
+			$pluginTpl->setVar('ca_issue', $_POST['ca_issue']);
+			$pluginTpl->setVar('ca_wildcard', $_POST['ca_wildcard']);
+			$pluginTpl->setVar('ca_critical', $_POST['ca_critical']);
+			$pluginTpl->setVar('ca_iodef', $_POST['ca_iodef']);
+			$pluginTpl->setVar('active', $_POST['active']);
+		} else {
+			$pluginTpl->setVar('edit_record', 0);
+		}
+
+		return $pluginTpl->grab();
+
+	}
+
+	function onUpdate() {
+		global $app;
+
+		$id = intval($_GET['id']);
+		if(isset($_GET['action']) && $_GET['action'] == 'save') {
+			if($id > 0) {
+				$app->db->query("UPDATE dns_ssl_ca SET ca_name = ?, ca_issue = ?, ca_wildcard = ?, ca_iodef = ?, active = ? WHERE id = ?", $_POST['ca_name'], $_POST['ca_issue'], $_POST['ca_wildcard'], $_POST['ca_iodef'], $_POST['active'], $_GET['id']);
+			} else {
+				$app->db->query("INSERT INTO (sys_userid, sys_groupid, sys_perm_user, sys_perm_group, sys_perm_other, ca_name, ca_issue, ca_wildcard, ca_iodef, active) VALUES(1, 1, 'riud', 'riud', '', ?, ?, ?, ?, ?", $_POST['ca_name'], $_POST['ca_issue'], $_POST['ca_wildcard'], $_POST['ca_iodef'], $_POST['active']);
+			}
+		}
+	}
+
+}
+
+?>

interface/lib/classes/plugin_system_config_dns_ca_list.inc.php

@@ -0,0 +1,81 @@
+<?php
+
+/*
+Copyright (c) 2017, Florian Schaal, schaal @it UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+class plugin_system_config_dns_ca_list extends plugin_base {
+
+	var $module;
+	var $form;
+	var $tab;
+	var $record_id;
+	var $formdef;
+	var $options;
+
+	function onShow() {
+		global $app;
+
+		$listTpl = new tpl;
+		$listTpl->newTemplate('templates/system_config_dns_ca_list.htm');
+
+		//* Loading language file
+		$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_system_config.lng';
+		include $lng_file;
+		$listTpl->setVar($wb);
+		if($_SESSION['s']['user']['typ'] == 'admin') {
+			if(isset($_GET['action'])) { 
+				$ca_id = $app->functions->intval($_GET['id']);
+				if($_GET['action'] == 'delete' && $ca_id > 0) {
+					$app->db->query("DELETE FROM dns_ssl_ca WHERE id = ?",  $ca_id);
+				}
+			}
+		}
+
+		if(isset($_GET['action']) && $_GET['action'] == 'edit' && $_GET['id'] > 0) $listTpl->setVar('edit_record', 1);
+
+		// Getting Datasets from DB
+		$ca_records = $app->db->queryAllRecords("SELECT * FROM dns_ssl_ca ORDER BY ca_name ASC");
+		$records=array();
+		if(is_array($ca_records) && count($ca_records) > 0) {
+			foreach($ca_records as $ca) {
+				$rec['ca_id'] = $ca['id'];
+				$rec['name'] = $ca['ca_name'];
+				$rec['active'] = $ca['active'];
+				$records[] = $rec;
+				unset($rec);
+			}
+			$listTpl->setLoop('ca_records', @$records);
+		} 
+		$listTpl->setVar('parent_id', $this->form->id);
+
+		return $listTpl->grab();
+	}
+
+}
+
+?>

interface/lib/plugins/system_config_dns_ca_plugin.inc.php

@@ -0,0 +1,103 @@
+<?php
+
+/*
+Copyright (c) 2017, Florian Schaal, schaal @it UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+class system_config_dns_ca_plugin {
+
+	var $plugin_name = 'system_config_dns_ca_plugin';
+	var $class_name = 'system_config_dns_ca_plugin';
+
+	function onLoad() {
+		global $app;
+
+		$app->plugin->registerEvent('dns:dns_caa:on_after_update', 'system_config_dns_ca_plugin', 'caa_update');
+		$app->plugin->registerEvent('dns:dns_caa:on_after_insert', 'system_config_dns_ca_plugin', 'caa_update');
+
+		$app->plugin->registerEvent('sites:web_vhost_domain:on_after_insert', 'system_config_dns_ca_plugin', 'web_vhost_domain_edit');
+		$app->plugin->registerEvent('sites:web_vhost_domain:on_after_update', 'system_config_dns_ca_plugin', 'web_vhost_domain_edit');
+	}
+
+	function caa_update($event_name, $page_form) {
+		global $app;
+
+		if(trim($page_form->dataRecord['additional'] != '')) {
+			$rec = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE id = ?", $page_form->id);
+			unset($rec['id']);
+			$zone = $app->db->queryOneRecord("SELECT origin FROM dns_soa WHERE id = ?", $rec['zone']);
+			$host=str_replace($zone['origin'], '', $page_form->dataRecord['name']);
+			$host=rtrim($host,'.');
+			$page_form->dataRecord['additional']=str_replace($host, '', $page_form->dataRecord['additional']);
+			$additional=explode(',', $page_form->dataRecord['additional']);
+			foreach($additional as $new) {
+				if($new != '') {
+					$insert_data = $rec;
+					$insert_data['name'] = $new.'.'.$zone['origin'];
+					$app->db->datalogInsert('dns_rr', $insert_data, 'id');
+				}
+			}
+		}
+	} //* End function
+
+	function web_vhost_domain_edit($event_name, $page_form) {
+		global $app;
+
+		if($page_form->dataRecord['ssl_letsencrypt'] == 'y') {
+			$domain = $page_form->dataRecord['domain'];
+			$subdomain = $page_form->dataRecord['subdomain'];
+			$temp=$app->db->queryAllRecords("SELECT * FROM dns_rr WHERE type = 'CAA' AND (name = ? OR name = ?) AND data like ?", $domain.'.', $subdomain.'.'.$domain.'.', '%letsencrypt%');
+			if(count($temp) == 0) {
+				$caa = $app->db->queryOneRecord("SELECT * FROM dns_ssl_ca WHERE ca_issue = 'letsencrypt.org' AND active = 'Y'");
+				$soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE origin = ?", $domain.'.');
+				if(is_array($caa) && is_array($soa)) {
+					$records = array();
+					$records[] = $domain.'.';;
+					if($subdomain != '' && $subdomain != 'www') $records[] = $subdomain.'.'.$domain;
+					foreach($records as $record) {
+						$new_rr = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE name = ?", $soa['origin']);
+						unset($new_rr['id']);
+						$new_rr['type'] = 'CAA';
+						$new_rr['name'] = $record;
+						$new_rr['data'] = "0 issue \"$caa[ca_issue]\"";
+						$new_rr['ttl'] = $soa['ttl'];
+						$new_rr['active'] = 'Y';
+				        $new_rr['stamp'] = date('Y-m-d H:i:s');
+		        		$new_rr['serial'] = $app->validate_dns->increase_serial($new_rr['serial']);
+				        $app->db->datalogInsert('dns_rr', $new_rr, 'id', $new_rr['zone']);
+						$zone = $app->db->queryOneRecord("SELECT id, serial FROM dns_soa WHERE active = 'Y' AND id = ?", $new_rr['zone']);
+						$new_serial = $app->validate_dns->increase_serial($zone['serial']);
+						$app->db->datalogUpdate('dns_soa', array("serial" => $new_serial), 'id', $zone['id']);
+					}
+				}
+			}
+		}
+	}
+
+} // End class
+
+?>

interface/web/admin/form/system_config.tform.php

@@ -646,5 +646,21 @@
 	)
 );
 
+$form['tabs']['dns_ca'] = array (
+	'title'  => 'DNS CAs',
+	'width'  => 100,
+	'template'  => 'templates/system_config_dns_ca.htm',
+	'fields'  => array (),
+	'plugins' => array (
+		'dns_ca' => array (
+			'class'   => 'plugin_dns_ca',
+			'options' => array()
+		),
+		'dns_ca_list' => array (
+			'class'   => 'plugin_dns_ca_list',
+			'options' => array()
+		)
+	)
+);
 
 ?>

interface/web/admin/lib/lang/ar_system_config.lng

@@ -82,4 +82,12 @@ $wb['default_webserver_txt'] = 'Default Webserver';
 $wb['default_dnsserver_txt'] = 'Default DNS Server';
 $wb['default_slave_dnsserver_txt'] = 'Default Secondary DNS Server';
 $wb['default_dbserver_txt'] = 'Default Database Server';
+$wb['ca_name_txt'] = 'Name';
+$wb['ca_issue_txt'] = 'Issue';
+$wb['ca_wildcard_txt'] = 'Use Wildcard';
+$wb['ca_critical_txt'] = 'Strict Check'; //For future use.  At this time, CA<E2><80><99>s do not recognize any other flag values as described in RFC 6844
+$wb['ca_iodef_txt'] = 'iodef';
+$wb['active_txt'] = 'Aktive';
+$wb['btn_save_txt'] = 'Save';
+$wb['btn_cancel_txt'] = 'Cancel';
 ?>