maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

Implement general CAA DNS records for all issuers

Browse Source
This commit is contained in:
Marc-André Kolly
2019-07-28 16:28:29 +02:00
parent d4e5e32c14
commit 64fe300e42
9 changed files with 51 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
install/froxlor.sql
View File

@@ -256,7 +256,7 @@ CREATE TABLE `panel_domains` (
`mod_fcgid_maxrequests` int(4) default '-1', `mod_fcgid_maxrequests` int(4) default '-1',
`ismainbutsubto` int(11) unsigned NOT NULL default '0', `ismainbutsubto` int(11) unsigned NOT NULL default '0',
`letsencrypt` tinyint(1) NOT NULL default '0', `letsencrypt` tinyint(1) NOT NULL default '0',
`caa` tinyint(1) NOT NULL default '0', `caa` text default NULL,
`hsts` varchar(10) NOT NULL default '0', `hsts` varchar(10) NOT NULL default '0',
`hsts_sub` tinyint(1) NOT NULL default '0', `hsts_sub` tinyint(1) NOT NULL default '0',
`hsts_preload` tinyint(1) NOT NULL default '0', `hsts_preload` tinyint(1) NOT NULL default '0',

2
install/updates/froxlor/0.10/update_0.10.inc.php
View File

@@ -266,6 +266,6 @@ if (\Froxlor\Froxlor::isFroxlorVersion('0.10.0-rc1')) {
if (\Froxlor\Froxlor::isDatabaseVersion('201904250')) { if (\Froxlor\Froxlor::isDatabaseVersion('201904250')) {
Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ADD `caa` TINYINT(1) NOT NULL DEFAULT '0' AFTER `letsencrypt`;"); Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ADD `caa` text default NULL AFTER `letsencrypt`;");
\Froxlor\Froxlor::updateToDbVersion('201907270'); \Froxlor\Froxlor::updateToDbVersion('201907270');
} }

19
lib/Froxlor/Dns/Dns.php
View File

@@ -131,9 +131,15 @@ class Dns
} }
// additional required records for CAA if activated // additional required records for CAA if activated
if ($domain['caa'] == '1') { if (!is_null($domain['caa'])) {
// check for CAA content later // check for CAA content later
self::addRequiredEntry('@', 'CAA', $required_entries); self::addRequiredEntry('@', 'CAA', $required_entries);
// additional required records by subdomain setting
if ($domain['iswildcarddomain'] == '1') {
self::addRequiredEntry('*', 'CAA', $required_entries);
} elseif ($domain['wwwserveralias'] == '1') {
self::addRequiredEntry('www', 'CAA', $required_entries);
}
} }
// additional required records for SPF and DKIM if activated // additional required records for SPF and DKIM if activated
@@ -287,7 +293,16 @@ class Dns
// CAA // CAA
if (array_key_exists("CAA", $required_entries)) { if (array_key_exists("CAA", $required_entries)) {
$zonerecords[] = new DnsEntry('@', 'CAA', '0 issue "letsencrypt.org"'); foreach ($required_entries as $type => $records) {
if ($type == 'CAA') {
foreach ($records as $record) {
$caa_entries = explode(PHP_EOL, $domain['caa']);
foreach ($caa_entries as $entry) {
$zonerecords[] = new DnsEntry($record, 'CAA', self::encloseTXTContent($entry));
}
}
}
}
} }
} }

15
lib/formfields/admin/domains/formfield.domains_add.php
View File

@@ -215,17 +215,14 @@ return array(
'value' => array() 'value' => array()
), ),
'caa' => array( 'caa' => array(
'visible' => (\Froxlor\Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false), 'visible' => $ssl_ipsandports != '' ? true : false,
'style' => 'align-top',
'label' => $lng['admin']['caa']['title'], 'label' => $lng['admin']['caa']['title'],
'desc' => $lng['admin']['caa']['description'], 'desc' => $lng['admin']['caa']['description'],
'type' => 'checkbox', 'type' => 'textarea',
'values' => array( 'value' => (\Froxlor\Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? '0 issue "letsencrypt.org"' : '') : ''),
array( 'cols' => 60,
'label' => $lng['panel']['yes'], 'rows' => 5
'value' => '1'
)
),
'value' => array()
), ),
'http2' => array( 'http2' => array(
'visible' => ($ssl_ipsandports != '' ? true : false) && \Froxlor\Settings::Get('system.webserver') != 'lighttpd' && \Froxlor\Settings::Get('system.http2_support') == '1', 'visible' => ($ssl_ipsandports != '' ? true : false) && \Froxlor\Settings::Get('system.webserver') != 'lighttpd' && \Froxlor\Settings::Get('system.http2_support') == '1',

17
lib/formfields/admin/domains/formfield.domains_edit.php
View File

@@ -251,19 +251,14 @@ return array(
) )
), ),
'caa' => array( 'caa' => array(
'visible' => (\Froxlor\Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false), 'visible' => $ssl_ipsandports != '' ? true : false,
'style' => 'align-top',
'label' => $lng['admin']['caa']['title'], 'label' => $lng['admin']['caa']['title'],
'desc' => $lng['admin']['caa']['description'], 'desc' => $lng['admin']['caa']['description'],
'type' => 'checkbox', 'type' => 'textarea',
'values' => array( 'value' => $result['caa'],
array( 'cols' => 60,
'label' => $lng['panel']['yes'], 'rows' => 5
'value' => '1'
)
),
'value' => array(
$result['caa']
)
), ),
'http2' => array( 'http2' => array(
'visible' => ($ssl_ipsandports != '' ? true : false) && \Froxlor\Settings::Get('system.webserver') != 'lighttpd' && \Froxlor\Settings::Get('system.http2_support') == '1', 'visible' => ($ssl_ipsandports != '' ? true : false) && \Froxlor\Settings::Get('system.webserver') != 'lighttpd' && \Froxlor\Settings::Get('system.http2_support') == '1',

15
lib/formfields/customer/domains/formfield.domains_add.php
View File

@@ -109,17 +109,14 @@ return array(
'value' => array() 'value' => array()
), ),
'caa' => array( 'caa' => array(
'visible' => \Froxlor\Settings::Get('system.leenabled') == '1' ? true : false, 'visible' => $ssl_ipsandports != '' ? true : false,
'style' => 'align-top',
'label' => $lng['customer']['caa']['title'], 'label' => $lng['customer']['caa']['title'],
'desc' => $lng['customer']['caa']['description'], 'desc' => $lng['customer']['caa']['description'],
'type' => 'checkbox', 'type' => 'textarea',
'values' => array( 'value' => (\Froxlor\Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? '0 issue "letsencrypt.org"' : '') : ''),
array( 'cols' => 60,
'label' => $lng['panel']['yes'], 'rows' => 5
'value' => '1'
)
),
'value' => array()
), ),
'hsts_maxage' => array( 'hsts_maxage' => array(
'label' => $lng['admin']['domain_hsts_maxage']['title'], 'label' => $lng['admin']['domain_hsts_maxage']['title'],

17
lib/formfields/customer/domains/formfield.domains_edit.php
View File

@@ -129,19 +129,14 @@ return array(
) )
), ),
'caa' => array( 'caa' => array(
'visible' => \Froxlor\Settings::Get('system.leenabled') == '1' ? true : false, 'visible' => $ssl_ipsandports != '' ? true : false,
'style' => 'align-top',
'label' => $lng['customer']['caa']['title'], 'label' => $lng['customer']['caa']['title'],
'desc' => $lng['customer']['caa']['description'], 'desc' => $lng['customer']['caa']['description'],
'type' => 'checkbox', 'type' => 'textarea',
'values' => array( 'value' => $result['caa'],
array( 'cols' => 60,
'label' => $lng['panel']['yes'], 'rows' => 5
'value' => '1'
)
),
'value' => array(
$result['caa']
)
), ),
'hsts_maxage' => array( 'hsts_maxage' => array(
'label' => $lng['admin']['domain_hsts_maxage']['title'], 'label' => $lng['admin']['domain_hsts_maxage']['title'],

8
lng/english.lng.php
View File

@@ -1849,10 +1849,10 @@ $lng['serversettings']['leenabled']['description'] = "If activated, customers ar
$lng['domains']['ssl_redirect_temporarilydisabled'] = "<br>The SSL redirect is temporarily deactivated while a new Let's Encrypt certificate is generated. It will be activated again after the certificate was generated."; $lng['domains']['ssl_redirect_temporarilydisabled'] = "<br>The SSL redirect is temporarily deactivated while a new Let's Encrypt certificate is generated. It will be activated again after the certificate was generated.";
// Added for CAA record support // Added for CAA record support
$lng['admin']['caa']['title'] = 'Use CAA DNS record'; $lng['admin']['caa']['title'] = 'Use CAA DNS records';
$lng['admin']['caa']['description'] = 'DNS Certification Authority Authorization (CAA) is an Internet security policy mechanism which allows domain name holders to indicate to certificate authorities whether they are authorized to issue digital certificates for a particular domain name. It does this by means of a new "CAA" Domain Name System (DNS) resource record. Currently it only supports Let\'s Encrypt. This feature is still in beta.'; $lng['admin']['caa']['description'] = 'DNS Certification Authority Authorization (CAA) is an Internet security policy mechanism which allows domain name holders to indicate to certificate authorities whether they are authorized to issue digital certificates for a particular domain name. It does this by means of a new "CAA" Domain Name System (DNS) resource record.<br>The content of this field will be included into the DNS zone directly (each line results in a CAA record). An example for the use with Let\'s Encrypt would be:<br><code>0 issue "letsencrypt.org"</code><br>To enable Incident Reporting, you would need to add an <code>iodef</code> record. An example for sending such report to <code>me@example.com</code> would be:<br><code>0 iodef "mailto:me@example.com"</code><br><strong>Attention:</strong> The code won\'t be checked for any errors. If it contains errors, DNS server might not start again!';
$lng['customer']['caa']['title'] = 'Use CAA DNS record'; $lng['customer']['caa']['title'] = 'Use CAA DNS records';
$lng['customer']['caa']['description'] = 'DNS Certification Authority Authorization (CAA) is an Internet security policy mechanism which allows domain name holders to indicate to certificate authorities whether they are authorized to issue digital certificates for a particular domain name. It does this by means of a new "CAA" Domain Name System (DNS) resource record. Currently it only supports Let\'s Encrypt. This feature is still in beta.'; $lng['customer']['caa']['description'] = 'DNS Certification Authority Authorization (CAA) is an Internet security policy mechanism which allows domain name holders to indicate to certificate authorities whether they are authorized to issue digital certificates for a particular domain name. It does this by means of a new "CAA" Domain Name System (DNS) resource record.<br>The content of this field will be included into the DNS zone directly (each line results in a CAA record). An example for the use with Let\'s Encrypt would be:<br><code>0 issue "letsencrypt.org"</code><br>To enable Incident Reporting, you would need to add an <code>iodef</code> record. An example for sending such report to <code>me@example.com</code> would be:<br><code>0 iodef "mailto:me@example.com"</code><br><strong>Attention:</strong> The code won\'t be checked for any errors. If it contains errors, DNS server might not start again!';
// Autoupdate // Autoupdate
$lng['admin']['autoupdate'] = 'Auto-Update'; $lng['admin']['autoupdate'] = 'Auto-Update';

8
lng/german.lng.php
View File

@@ -1501,10 +1501,10 @@ $lng['serversettings']['leenabled']['description'] = "Wenn dies aktiviert ist, k
$lng['domains']['ssl_redirect_temporarilydisabled'] = "<br>Die SSL-Umleitung ist, während ein neues Let's Encrypt - Zertifikat erstellt wird, temporär deaktiviert. Die Umleitung wird nach der Zertifikatserstellung wieder aktiviert."; $lng['domains']['ssl_redirect_temporarilydisabled'] = "<br>Die SSL-Umleitung ist, während ein neues Let's Encrypt - Zertifikat erstellt wird, temporär deaktiviert. Die Umleitung wird nach der Zertifikatserstellung wieder aktiviert.";
// Added for CAA record support // Added for CAA record support
$lng['admin']['caa']['title'] = 'CAA DNS Eintrag erstellen'; $lng['admin']['caa']['title'] = 'CAA DNS Einträge erstellen';
$lng['admin']['caa']['description'] = 'DNS Certification Authority Authorization (CAA) verwendet das Domain Name System, um dem Besitzer einer Domain die Möglichkeit zu bieten, gewisse Zertifizierungsstellen (CAs) dazu zu berechtigen, ein Zertifikat für die betroffene Domain auszustellen. CAA Records sollen verhindern, dass Zertifikate fälschlicherweise für eine Domain ausgestellt werden. Im Moment wird nur Let\'s Encrypt unterstützt. Dieses Feature befindet sich noch im Test.'; $lng['admin']['caa']['description'] = 'DNS Certification Authority Authorization (CAA) verwendet das Domain Name System, um dem Besitzer einer Domain die Möglichkeit zu bieten, gewisse Zertifizierungsstellen (CAs) dazu zu berechtigen, ein Zertifikat für die betroffene Domain auszustellen. CAA Records sollen verhindern, dass Zertifikate fälschlicherweise für eine Domain ausgestellt werden.<br>Der Inhalt dieses Feldes wird direkt in die DNS Zone übernommen (eine Zeile pro CAA Record). Ein Beispiel für Let\'s Encrypt wäre:<br><code>0 issue "letsencrypt.org"</code><br>Um Incident Reporting per Mail zu aktivieren, muss eine <code>iodef</code> Zeile angefügt werden. Ein Beispiel für einen Report an <code>me@example.com</code> wäre:<br><code>0 iodef "mailto:me@example.com"</code><br><strong>ACHTUNG:</strong> Der Code wird nicht auf Fehler geprüft. Etwaige Fehler werden also auch übernommen. Der DNS-Server könnte nicht mehr starten!';
$lng['customer']['caa']['title'] = 'CAA DNS Eintrag erstellen'; $lng['customer']['caa']['title'] = 'CAA DNS Einträge erstellen';
$lng['customer']['caa']['description'] = 'DNS Certification Authority Authorization (CAA) verwendet das Domain Name System, um dem Besitzer einer Domain die Möglichkeit zu bieten, gewisse Zertifizierungsstellen (CAs) dazu zu berechtigen, ein Zertifikat für die betroffene Domain auszustellen. CAA Records sollen verhindern, dass Zertifikate fälschlicherweise für eine Domain ausgestellt werden. Im Moment wird nur Let\'s Encrypt unterstützt. Dieses Feature befindet sich noch im Test.'; $lng['customer']['caa']['description'] = 'DNS Certification Authority Authorization (CAA) verwendet das Domain Name System, um dem Besitzer einer Domain die Möglichkeit zu bieten, gewisse Zertifizierungsstellen (CAs) dazu zu berechtigen, ein Zertifikat für die betroffene Domain auszustellen. CAA Records sollen verhindern, dass Zertifikate fälschlicherweise für eine Domain ausgestellt werden.<br>Der Inhalt dieses Feldes wird direkt in die DNS Zone übernommen (eine Zeile pro CAA Record). Ein Beispiel für Let\'s Encrypt wäre:<br><code>0 issue "letsencrypt.org"</code><br>Um Incident Reporting per Mail zu aktivieren, muss eine <code>iodef</code> Zeile angefügt werden. Ein Beispiel für einen Report an <code>me@example.com</code> wäre:<br><code>0 iodef "mailto:me@example.com"</code><br><strong>ACHTUNG:</strong> Der Code wird nicht auf Fehler geprüft. Etwaige Fehler werden also auch übernommen. Der DNS-Server könnte nicht mehr starten!';
// Autoupdate // Autoupdate
$lng['admin']['autoupdate'] = 'Auto-Update'; $lng['admin']['autoupdate'] = 'Auto-Update';