Add formatAbsoluteDomain, remove regGetUpperDomain

This commit is contained in:
Miraty 2022-06-15 15:30:18 +02:00
parent 40cb0729ad
commit 9bcf3a57a2
14 changed files with 66 additions and 84 deletions

View file

@ -66,11 +66,11 @@ define('DESCRIPTIONS', [
'ip' => 'Indiquer l\'adresse IP d\'un domaine',
'ns' => 'Indiquer le serveur de noms d\'une zone',
'txt' => 'Associer du texte à un domaine',
'caa' => 'Enregistrement <abbr title="Certificate Authority Authorization">CAA</abbr>',
'srv' => 'Indiquer l\'adresse pour un service spécifique',
'mx' => 'Indiquer le serveur mail pour un domaine',
'sshfp' => 'Indiquer les empreintes de clés <abbr title="Secure SHell">SSH</abbr> d\'un domaine',
'tlsa' => 'Indiquer les seules autorités de certifications autorisée à signer les domaines',
'caa' => 'Limiter les autorités de certification autorisées à émettre des certificats',
'srv' => 'Indiquer l\'adresse d\'un service spécifique',
'mx' => 'Indiquer l\'adresse du serveur recevant les courriels',
'sshfp' => 'Indiquer les empreintes des clés <abbr title="Secure SHell">SSH</abbr>',
'tlsa' => 'Mettre en place <abbr title="DNS-based Authentication of Named Entities">DANE</abbr> en indiquant l\'empreinte d\'un certificat <abbr title="Transport Layer Security">TLS</abbr>',
],
'ht' => [
'index' => 'Mettre en ligne son site statique sur un espace <abbr title="SSH File Transfert Protocol">SFTP</abbr>, et le faire répondre en <abbr title="HyperText Transfert Protocol">HTTP</abbr> par DNS ou Tor',

View file

@ -38,6 +38,18 @@ function checkAbsoluteDomainFormat($domain) {
userError("Domain malformed.");
}
function formatEndWithDot($str) {
if (!str_ends_with($str, '.'))
$str .= '.';
return $str;
}
function formatAbsoluteDomain($domain) {
$domain = formatEndWithDot(strtolower($domain));
checkAbsoluteDomainFormat($domain);
return $domain;
}
function checkAction($action) {
return match ($action) {
'add' => '',

View file

@ -15,8 +15,7 @@ function nsParseCommonRequirements() {
if (($_POST['subdomain'] === "") OR ($_POST['subdomain'] === "@"))
$values['domain'] = $_POST['zone'];
else
$values['domain'] = $_POST['subdomain'] . "." . $_POST['zone'];
checkAbsoluteDomainFormat($values['domain']);
$values['domain'] = formatAbsoluteDomain(formatEndWithDot($_POST['subdomain']) . $_POST['zone']);
$values['ttl'] = $_POST['ttl-value'] * $_POST['ttl-multiplier'];
@ -30,9 +29,9 @@ function nsListUserZones($username) {
return query('select', 'zones', ['username' => $username], 'zone');
}
function nsCheckZonePossession($submittedZone) {
checkAbsoluteDomainFormat($submittedZone);
function nsCheckZonePossession($zone) {
checkAbsoluteDomainFormat($zone);
if (!in_array($submittedZone, query('select', 'zones', ['username' => $_SESSION['username']], 'zone'), true))
if (!in_array($zone, query('select', 'zones', ['username' => $_SESSION['username']], 'zone'), true))
userError("You don't own this zone on the nameserver.");
}

View file

@ -1,20 +1,11 @@
<?php
function regGetUpperDomain($domain) {
// Remove anything before the first dot and the first dot itself
return preg_replace("/^[^.]+\./", "", $domain);
}
function regListUserDomains($username) {
return query('select', 'registry', ['username' => $username], 'domain');
}
function regCheckDomainPossession($domain) {
checkAbsoluteDomainFormat($domain);
$ownedDomains = regListUserDomains($_SESSION['username']);
if (in_array($domain, $ownedDomains, true) !== true)
if (in_array($domain, regListUserDomains($_SESSION['username']), true) !== true)
userError("You don't own this domain.");
}

View file

@ -1,5 +1,5 @@
body {
margin: 0;
margin: 1rem;
padding: 0;
background-color: var(--background-color);
color: var(--foreground-color);

View file

@ -17,52 +17,42 @@ if (isset($_SESSION['username']))
<?php
if (isset($_POST['zone']) AND isset($_SESSION['username'])) {
switchToFormProcess();
nsCheckZonePossession($_POST['zone']);
nsCheckZonePossession($_POST['zone']);
$zoneContent = file_get_contents(CONF['ns']['knot_zones_path'] . "/" . $_POST['zone'] . "zone");
$zoneContent = file_get_contents(CONF['ns']['knot_zones_path'] . "/" . $_POST['zone'] . "zone");
$found = preg_match("#\n" . preg_quote($_POST['zone']) . "\s+0\s+CDS\s+([0-9]{1,5})\s+([0-9]{1,2})\s+([0-9])\s+([0-9A-F]{64})\n#", $zoneContent, $matches);
if ($found !== 1)
serverError("Unable to get public key record from zone file.");
$found = preg_match("#\n" . preg_quote($_POST['zone']) . "\s+0\s+CDS\s+([0-9]{1,5})\s+([0-9]{1,2})\s+([0-9])\s+([0-9A-F]{64})\n#", $zoneContent, $matches);
if ($found !== 1)
serverError("Unable to get public key record from zone file.");
$tag = $matches[1];
$algo = $matches[2];
$digestType = $matches[3];
$digest = $matches[4];
$tag = $matches[1];
$algo = $matches[2];
$digestType = $matches[3];
$digest = $matches[4];
?>
?>
<dl>
<dt>Zone</dt>
<dd>
<code><?= $_POST['zone'] ?></code>
</dd>
<dt>Tag</dt>
<dd>
<code><?= $tag ?></code>
</dd>
<dt>Algorithme</dt>
<dd>
<code><?= $algo ?></code><?php if ($algo === "15") echo " (Ed25519)"; ?>
</dd>
<dt>Type de condensat</dt>
<dd>
<code><?= $digestType ?></code><?php if ($digestType === "2") echo " (SHA-256)"; ?>
</dd>
<dt>Condensat</dt>
<dd>
<code><?= $digest ?></code>
</dd>
</dl>
<?php } ?>
<?php closeHTML(); ?>
<dl>
<dt>Zone</dt>
<dd>
<code><?= $_POST['zone'] ?></code>
</dd>
<dt>Tag</dt>
<dd>
<code><?= $tag ?></code>
</dd>
<dt>Algorithme</dt>
<dd>
<code><?= $algo ?></code><?php if ($algo === "15") echo " (Ed25519)"; ?>
</dd>
<dt>Type de condensat</dt>
<dd>
<code><?= $digestType ?></code><?php if ($digestType === "2") echo " (SHA-256)"; ?>
</dd>
<dt>Condensat</dt>
<dd>
<code><?= $digest ?></code>
</dd>
</dl>

View file

@ -29,7 +29,7 @@ $values = nsParseCommonRequirements();
if (!($_POST['priority'] >= 0 AND $_POST['priority'] <= 255))
userError("Wrong value for <code>priority</code>.");
checkAbsoluteDomainFormat($_POST['host']);
$_POST['host'] = formatAbsoluteDomain($_POST['host']);
knotcExec($_POST['zone'], array(
$values['domain'],

View file

@ -16,7 +16,7 @@ switchToFormProcess();
$values = nsParseCommonRequirements();
checkAbsoluteDomainFormat($_POST['ns']);
$_POST['ns'] = formatAbsoluteDomain($_POST['ns']);
knotcExec($_POST['zone'], array(
$values['domain'],

View file

@ -47,7 +47,7 @@ if (!($_POST['weight'] >= 0 AND $_POST['weight'] <= 65535))
if (!($_POST['port'] >= 0 AND $_POST['port'] <= 65535))
userError("Wrong value for <code>port</code>.");
checkAbsoluteDomainFormat($_POST['target']);
$_POST['target'] = formatAbsoluteDomain($_POST['target']);
knotcExec($_POST['zone'], array(
$values['domain'],

View file

@ -10,7 +10,7 @@
switchToFormProcess();
checkAbsoluteDomainFormat($_POST['domain']);
$_POST['domain'] = formatAbsoluteDomain($_POST['domain']);
$db = new PDO('sqlite:' . DB_PATH);
$stmt = $db->prepare("INSERT INTO zones(zone, username) VALUES(:zone, :username)");

View file

@ -86,9 +86,7 @@ regCheckDomainPossession($_POST['zone']);
$action = checkAction($_POST['action']);
$suffix = regGetUpperDomain($_POST['zone']);
knotcExec($suffix, array(
knotcExec(CONF['reg']['registry'], array(
$_POST['zone'],
CONF['reg']['ttl'],
"DS",

View file

@ -41,15 +41,11 @@ switchToFormProcess();
regCheckDomainPossession($_POST['suffix']);
$domain = $_POST['subdomain'] . "." . $_POST['suffix'];
checkAbsoluteDomainFormat($domain);
$domain = formatAbsoluteDomain(formatEndWithDot($_POST['subdomain']) . CONF['reg']['registry']);
$record = checkIpFormat($_POST['ip']);
$publicSuffix = regGetUpperDomain($_POST['suffix']);
knotcExec($publicSuffix, array(
knotcExec(CONF['reg']['registry'], array(
$domain,
CONF['reg']['ttl'],
$record,

View file

@ -31,11 +31,9 @@ if (isset($_SESSION['username']))
switchToFormProcess();
regCheckDomainPossession($_POST['domain']);
checkAbsoluteDomainFormat($_POST['ns']);
$_POST['ns'] = formatAbsoluteDomain($_POST['ns']);
$suffix = regGetUpperDomain($_POST['domain']);
knotcExec($suffix, array(
knotcExec(CONF['reg']['registry'], array(
$_POST['domain'],
CONF['reg']['ttl'],
"NS",

View file

@ -20,9 +20,7 @@ switchToFormProcess();
if (preg_match("/" . CONF['reg']['subdomain_regex'] . "/", $_POST['subdomain']) !== 1)
userError("Erreur : Le nom de domaine doit être composé uniquement d'entre 4 et 63 lettres minuscules (a-z)");
$domain = $_POST['subdomain'] . "." . CONF['reg']['registry'];
checkAbsoluteDomainFormat($domain);
$domain = formatAbsoluteDomain(formatEndWithDot($_POST['subdomain']) . CONF['reg']['registry']);
if (regIsFree($domain) !== true)
userError("Ce domaine n'est pas disponible à l'enregistrement. Il est réservé ou déjà enregistré.");