maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

correctly read in domain's ssl-ips for CAA entries if enabled, fixes #903

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2021-01-12 21:08:10 +01:00
parent acfbf55d15
commit 2841051649
1 changed files with 34 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
lib/Froxlor/Dns/Dns.php
View File

@@ -131,10 +131,27 @@ class Dns
} }
// additional required records for CAA if activated // additional required records for CAA if activated
if (Settings::Get('system.dns_createcaaentry') && Settings::Get('system.use_ssl') == "1" && !empty($domain['p_ssl_ipandports'])) { if (Settings::Get('system.dns_createcaaentry') && Settings::Get('system.use_ssl') == "1") {
$result_stmt = Database::prepare("
SELECT i.`ip`, i.`port`, i.`ssl`
FROM " . TABLE_PANEL_IPSANDPORTS . " i
LEFT JOIN " . TABLE_DOMAINTOIP . " dip ON dip.id_ipandports = i.id
WHERE i.ssl = 1 AND dip.id_domain = :domainid
");
Database::pexecute($result_stmt, array(
'domainid' => $domain['id']
));
$ssl_ipandports = array();
while ($ssl_ipandport = $result_stmt->fetch(\PDO::FETCH_ASSOC)) {
$ssl_ipandports[] = $ssl_ipandport;
}
if (! empty($ssl_ipandports)) {
// check for CAA content later // check for CAA content later
self::addRequiredEntry('@CAA@', 'CAA', $required_entries); self::addRequiredEntry('@CAA@', 'CAA', $required_entries);
} }
}
// additional required records for SPF and DKIM if activated // additional required records for SPF and DKIM if activated
if ($domain['isemaildomain'] == '1') { if ($domain['isemaildomain'] == '1') {
@@ -160,7 +177,7 @@ class Dns
// unset special CAA required-entry // unset special CAA required-entry
unset($required_entries[$entry['type']][md5("@CAA@")]); unset($required_entries[$entry['type']][md5("@CAA@")]);
} }
if (Settings::Get('spf.use_spf') == '1' && $entry['type'] == 'TXT' && $entry['record'] == '@' && (strtolower(substr($entry['content'], 0, 7)) == '"v=spf1' || strtolower(substr($entry['content'], 0, 6)) == 'v=spf1') ) { if (Settings::Get('spf.use_spf') == '1' && $entry['type'] == 'TXT' && $entry['record'] == '@' && (strtolower(substr($entry['content'], 0, 7)) == '"v=spf1' || strtolower(substr($entry['content'], 0, 6)) == 'v=spf1')) {
// unset special spf required-entry // unset special spf required-entry
unset($required_entries[$entry['type']][md5("@SPF@")]); unset($required_entries[$entry['type']][md5("@SPF@")]);
} }
@@ -169,7 +186,11 @@ class Dns
$primary_ns = $entry['content']; $primary_ns = $entry['content'];
} }
// check for CNAME on @, www- or wildcard-Alias and remove A/AAAA record accordingly // check for CNAME on @, www- or wildcard-Alias and remove A/AAAA record accordingly
foreach (['@', 'www', '*'] as $crceord) { foreach ([
'@',
'www',
'*'
] as $crceord) {
if ($entry['type'] == 'CNAME' && $entry['record'] == '@' && (array_key_exists(md5($crceord), $required_entries['A']) || array_key_exists(md5($crceord), $required_entries['AAAA']))) { if ($entry['type'] == 'CNAME' && $entry['record'] == '@' && (array_key_exists(md5($crceord), $required_entries['A']) || array_key_exists(md5($crceord), $required_entries['AAAA']))) {
unset($required_entries['A'][md5($crceord)]); unset($required_entries['A'][md5($crceord)]);
unset($required_entries['AAAA'][md5($crceord)]); unset($required_entries['AAAA'][md5($crceord)]);
@@ -309,6 +330,7 @@ class Dns
} }
foreach ($caa_entries as $entry) { foreach ($caa_entries as $entry) {
if (empty($entry)) continue;
$zonerecords[] = new DnsEntry('@', 'CAA', $entry); $zonerecords[] = new DnsEntry('@', 'CAA', $entry);
// additional required records by subdomain setting // additional required records by subdomain setting
if ($domain['wwwserveralias'] == '1') { if ($domain['wwwserveralias'] == '1') {