beenull/servnest
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add TLSA record form in ns/

Browse source
This commit is contained in:
Miraty 2021-05-22 14:07:25 +02:00
parent 14999f1ee0
commit c023674fd0
12 changed files with 251 additions and 159 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
exe.php
View file

@ -1,14 +0,0 @@
<?php
exec("touch /var/lib/knot/zones/chouquette.atope.art.zone", $output);
var_dump($output);
/*
exec("/usr/sbin/knotc conf-begin", $output);
var_dump($output);
exec("/usr/sbin/knotc conf-abort");
if(function_exists('exec')) {
echo "exec is enabled";
} else {
echo "exec is disabled";
}
*/

2
inc/form/form.ns.inc.php
View file

@ -43,4 +43,4 @@
<label for="domain">Domaine</label>
<br>
<input id="domain" placeholder="monsite.atope.art." name="domain" type="text">
<input id="domain" placeholder="exemple." name="domain" type="text">

1
inc/ns.inc.php
View file

@ -42,6 +42,7 @@ function nsListUserZones($username) {
$zone = NULL;
$i = 0;
$zones = NULL;
while ($zone != NULL) {
$zones[$i] = $zone;

3
inc/pages.inc.php
View file

@ -34,6 +34,9 @@ switch (SERVICE) {
case "sshfp":
$page['title'] = "Enregistrement SSHFP";
break;
case "tlsa":
$page['title'] = "Enregistrement TLSA";
break;
case "zone":
$page['title'] = "Ajouter une zone";
break;

6
niver.log
View file

@ -100,3 +100,9 @@
stdout:
stderr: useradd: cannot lock /etc/passwd; try again later.
2021-05-17 13:09:55 pale enabled SFTP on their account
status: exit code: 1
stdout:
stderr: useradd: cannot lock /etc/passwd; try again later.

11
ns/index.php
View file

@ -21,10 +21,7 @@
<dd>
Associer du texte à un domaine
</dd>
<dt><a class="nsButton" href="caa">Enregistrement <abbr title="Certification Authority Authorization">CAA</abbr></a></dt>
<dd>
Indiquer les seules autorités de certifications autorisée à signer les domaines
</dd>
<dt><a class="nsButton" href="srv">Enregistrement SRV</a></dt>
<dd>
Indiquer un serveur pour un domaine
@ -37,11 +34,15 @@
<dd>
Indiquer les empreintes de clés <abbr title="Secure SHell">SSH</abbr> d'un domaine
</dd>
<!--
<dt><a class="nsButton" href="tlsa">Enregistrement <abbr title="Transport Layer Security Association">TLSA</abbr></a></dt>
<dd>
Mettre en place <abbr title="DNS-based Authentication of Named Entities">DANE</abbr> en indiquant l'empreinte d'un certificat <abbr title="Transport Layer Security">TLS</abbr>
</dd>
<dt><a class="nsButton" href="caa">Enregistrement <abbr title="Certification Authority Authorization">CAA</abbr></a></dt>
<dd>
Indiquer les seules autorités de certifications autorisée à signer les domaines
</dd>
<!--
<dt><a class="nsButton" href="loc">Enregistrement LOC</a></dt>
<dd>
Indiquer la localisation physique d'un domaine

4
ns/sshfp.php
View file

@ -42,10 +42,10 @@ if (nsCommonRequirements()
$values = nsParseCommonRequirements();
if (!($_POST['algo'] === 1 OR $_POST['algo'] === 3 OR $_POST['algo'] === 4))
if (!($_POST['algo'] === "1" OR $_POST['algo'] === "3" OR $_POST['algo'] === "4"))
exit("ERROR: Wrong value for algo");
if (!($_POST['type'] === 2))
if (!($_POST['type'] === "2"))
exit("ERROR: Wrong value for type");
if (!(preg_match("/^[a-z0-9]{64}$/", $_POST['fp'])))

78
ns/tlsa.php Normal file
View file

@ -0,0 +1,78 @@
<?php include "../top.inc.php"; ?>
<form method="post">
<?php require "../inc/form/form.ns.inc.php"; ?>
<br>
<label for="use">Utilisation</label>
<br>
<select required="" name="use" id="use">
<option value="" selected="" disabled="">-</option>
<option value="0">0 (PKIX-TA, <abbr title="also known as">aka<abbr> CA constraint)</option>
<option value="1">1 (PKIX-EE, <abbr title="also known as">aka<abbr> Service certificate constraint)</option>
<option value="2">2 (DANE-TA, <abbr title="also known as">aka<abbr> Trust Anchor Assertion)</option>
<option value="3">3 (DANE-EE, <abbr title="also known as">aka<abbr> Domain issued certificate)</option>
</select>
<br>
<label for="selector">Selecteur</label>
<br>
<select required="" name="selector" id="selector">
<option value="" selected="" disabled="">-</option>
<option value="0">0 (le certificat entier doit correspondre)</option>
<option value="1">1 (la clé publique du certificat doit correspondre)</option>
</select>
<br>
<label for="type">Type de correspondance</label>
<br>
<select required="" name="type" id="type">
<option value="" selected="" disabled="">-</option>
<option value="0">0 (certificat entier)</option>
<option value="1">1 (SHA-256)</option>
<option value="2">2 (SHA-512)</option>
</select>
<br>
<label for="content">Contenu</label>
<br>
<input id="content" minlenght="3" maxlength="1024" pattern="^[a-zA-Z0-9.-]{3,1024}$" placeholder="gjioerjgioer" name="content" type="text">
<br>
<input value="Valider" type="submit">
</form>
<?php
if (nsCommonRequirements()
AND isset($_POST['use'])
AND isset($_POST['selector'])
AND isset($_POST['type'])
AND isset($_POST['content'])
) {
$values = nsParseCommonRequirements();
if (!($_POST['use'] >= 0 AND $_POST['use'] <= 3))
exit("ERROR: Wrong value for use");
if (!($_POST['selector'] === "0" OR $_POST['selector'] === "1"))
exit("ERROR: Wrong value for selector");
if (!($_POST['type'] >= 0 OR $_POST['type'] <= 2))
exit("ERROR: Wrong value for type");
if (!(preg_match("/^[a-zA-Z0-9.-]{1,1024}$/", $_POST['content'])))
exit("ERROR: Wrong value for content");
exec(KNOTC_PATH . " zone-begin " . $_POST['zone']);
exec(KNOTC_PATH . " zone-" . $values['action'] . "set " . $_POST['zone'] . " " . $_POST['domain'] . " " . $values['ttl'] . " IN TLSA " . $_POST['use'] . " " . $_POST['selector'] . " " . $_POST['type'] . " " . $_POST['content']);
exec(KNOTC_PATH . " zone-commit " . $_POST['zone']);
echo "Enregistrement ajouté";
}
?>
<?php include "../bottom.inc.php"; ?>

4
reg/ds.php
View file

@ -36,9 +36,9 @@
<option value="8">8 (RSASHA256)</option>
<option value="10" disabled="">10 (RSASHA512)</option>
<option value="12" disabled="">12 (ECC-GOST)</option>
<option value="13" selected="">13 (ECDSAP256SHA256)</option>
<option value="13">13 (ECDSAP256SHA256)</option>
<option value="14">14 (ECDSAP384SHA384)</option>
<option value="15">15 (ED25519)</option>
<option value="15" selected="">15 (ED25519)</option>
<option value="16">16 (ED448)</option>
</select>
<br>

9
reg/ns.php
View file

@ -43,12 +43,9 @@ if (isset($_POST['domain']) AND isset($_POST['action']) AND isset($_POST['ns'])
$suffix = regGetSuffix($_POST['domain']);
exec(KNOTC_PATH . " zone-begin " . $suffix, $output);
var_dump($output);
exec(KNOTC_PATH . " zone-" . $action . "set " . $suffix . " " . $_POST['domain'] . " 86400 NS " . $_POST['ns'], $output);
var_dump($output);
exec(KNOTC_PATH . " zone-commit " . $suffix, $output);
var_dump($output);
exec(KNOTC_PATH . " zone-begin " . $suffix);
exec(KNOTC_PATH . " zone-" . $action . "set " . $suffix . " " . $_POST['domain'] . " 86400 NS " . $_POST['ns']);
exec(KNOTC_PATH . " zone-commit " . $suffix);
echo "Enregistrement NS ajouté";
}

4
reg/register.php
View file

@ -5,6 +5,8 @@ Doit être composé uniquement de lettres latines non accentuées, au moins 4
<br>
<br>
<form method="post">
<fieldset>
<legend>Domaine</legend>
<input id="subdomain" pattern="<?= SUBDOMAIN_REGEX ?>" required="" placeholder="niver" name="subdomain" type="text">
.
<select required="" id="label" name="suffix">
@ -122,7 +124,7 @@ Doit être composé uniquement de lettres latines non accentuées, au moins 4
</optgroup>
</select>
</fieldset>
<br>
<input value="Valider" type="submit">
</form>

42
top.inc.php
View file

@ -2,6 +2,8 @@
if (strpos($_SERVER['PHP_SELF'], "inc.php") !== false)
exit("This file is meant to be included.");
// Définition de constantes
define("USERNAME_REGEX", "^[a-z]{4,32}$");
define("PASSWORD_REGEX", "^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])[a-zA-Z0-9]{8,1024}|.{10,1024}$");
define("SUBDOMAIN_REGEX", "^[a-z]{4,63}$");
@ -25,6 +27,17 @@ define("HT_PATH", "/srv/ht");
define("SERVICE", substr(dirname($_SERVER['PHP_SELF']), strlen(PREFIX) + 1));
define("PAGE", basename($_SERVER['PHP_SELF'], '.php'));
define("THEME", array(
'htColor' => "#FF0000",
'regColor' => "#DA03E5",
'authColor' => "#00FF00",
'nsColor' => "#00c4c4",
'lightColor' => '#FFFFFF',
'darkColor' => '#2a2a2a',
));
// Initialisation de la session (avec des cookies)
session_start([
'name' => 'niver',
'sid_length' => 64,
@ -39,44 +52,49 @@ session_start([
'use_only_cookies' => true,
]);
// Redirige vers la page de connexion si pas connecté·e
if (SERVICE != "auth" AND !isset($_SESSION['username'])) {
header('Location: ' . PREFIX . '/auth/login?redir=' . SERVICE . "/" . PAGE, true, 302);
exit;
}
// Enlève .php de l'URL (si jamais)
if (substr($_SERVER['REQUEST_URI'], -4) == ".php") {
header("Location: " . PREFIX . "/" . SERVICE . "/" . PAGE, true, 301); // 301 Moved Permanently
exit;
}
$theme = array(
'htColor' => "#FF0000",
'regColor' => "#DA03E5",
'authColor' => "#00FF00",
'nsColor' => "#00c4c4",
'lightColor' => '#FFFFFF',
'darkColor' => '#2a2a2a',
);
// Fonctions utiles partout
require "inc/all.inc.php";
require "inc/format.inc.php";
// Fonctions specifiques à un service
require "inc/ht.inc.php";
require "inc/ns.inc.php";
require "inc/pages.inc.php";
require "inc/reg.inc.php";
// Définitions des titres de pages
require "inc/pages.inc.php";
// Compilation du Less vers le CSS
require_once 'lessphp/lib/Less/Autoloader.php';
Less_Autoloader::register();
// Liste les fichiers dans le dossier less/
$relativeLessFiles = array_diff(scandir(ROOT_PATH . "/less"), array('..', '.'));
// Remplace les clés par les valeurs, et les valeurs par les clés
$relativeLessFiles = array_flip($relativeLessFiles);
// Transforme les chemins relatifs en chemins absolus
foreach ($relativeLessFiles as $relativeLessFile => $nothing) {
$absoluteLessFiles[ROOT_PATH . "/less/" . $relativeLessFile] = "";
}
$options = array('cache_dir' => ROOT_PATH . '/css/', 'compress' => true);
$cssFileName = Less_Cache::Get($absoluteLessFiles, $options, $theme);
// Génère un seul fichier CSS minimifié dans css/ à partir des sources dans less/
$options = array(
'cache_dir' => ROOT_PATH . '/css/',
'compress' => true
);
$cssFileName = Less_Cache::Get($absoluteLessFiles, $options, THEME);
?>
<!DOCTYPE html>