From 632f1566be6d3a0f153ed1e7fbe4a0716d260d63 Mon Sep 17 00:00:00 2001 From: Marius Burkard <m.burkard@pixcept.de> Date: Wed, 02 Mar 2016 07:18:56 -0500 Subject: [PATCH] - removed unneeded security check (Fixes #3785) --- server/plugins-available/nginx_plugin.inc.php | 94 +++++++++++++++++++++++++++++++++-------------- 1 files changed, 66 insertions(+), 28 deletions(-) diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php index 52bf73d..b3276e4 100644 --- a/server/plugins-available/nginx_plugin.inc.php +++ b/server/plugins-available/nginx_plugin.inc.php @@ -156,10 +156,10 @@ [ req_distinguished_name ] C = ".trim($data['new']['ssl_country'])." - ST = ".trim($data['new']['ssl_state'])." - L = ".trim($data['new']['ssl_locality'])." - O = ".trim($data['new']['ssl_organisation'])." - OU = ".trim($data['new']['ssl_organisation_unit'])." + " . (trim($data['new']['ssl_state']) == '' ? '' : "ST = ".trim($data['new']['ssl_state'])) . " + " . (trim($data['new']['ssl_locality']) == '' ? '' : "L = ".trim($data['new']['ssl_locality']))." + " . (trim($data['new']['ssl_organisation']) == '' ? '' : "O = ".trim($data['new']['ssl_organisation']))." + " . (trim($data['new']['ssl_organisation_unit']) == '' ? '' : "OU = ".trim($data['new']['ssl_organisation_unit']))." CN = $domain emailAddress = webmaster@".$data['new']['domain']." @@ -1231,7 +1231,7 @@ $tpl->setVar('ssl_letsencrypt', "n"); - //* Generate Let's Encrypt SSL certificat + if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') { //* be sure to have good domain if(substr($domain, 0, 2) === '*.') { @@ -1239,14 +1239,66 @@ $app->log('Wildcard domains not yet supported by letsencrypt, so changing ' . $domain . ' to ' . substr($domain, 2), LOGLEVEL_WARN); $domain = substr($domain, 2); } - + $data['new']['ssl_domain'] = $domain; $vhost_data['ssl_domain'] = $domain; - - $lddomain = (string) "$domain"; - if($data['new']['subdomain'] == "www" OR $data['new']['subdomain'] == "*") { - $lddomain .= (string) " --domains www." . $domain; + } + + //* Generate Let's Encrypt SSL certificat + if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active + ($data['old']['ssl'] == 'n' || $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration + || ($data['old']['domain'] != $data['new']['domain']) // we have domain update + || ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain + || ($data['new']['type'] == 'subdomain') // we have new or update on subdomain + || ($data['old']['type'] == 'alias' || $data['new']['type'] == 'alias') // we have new or update on alias domain + )) { + // default values + $temp_domains = array(); + $lddomain = $domain; + $subdomains = null; + $aliasdomains = null; + $sub_prefixes = array(); + + //* be sure to have good domain + if($data['new']['subdomain'] == "www" OR $data['new']['subdomain'] == "*") { + $temp_domains[] = "www." . $domain; } + + //* then, add subdomain if we have + $subdomains = $app->db->queryAllRecords('SELECT domain FROM web_domain WHERE parent_domain_id = '.intval($data['new']['domain_id'])." AND active = 'y' AND type = 'subdomain'"); + if(is_array($subdomains)) { + foreach($subdomains as $subdomain) { + $temp_domains[] = $subdomain['domain']; + $sub_prefixes[] = str_replace($domain, "", $subdomain['domain']); + } + } + + //* then, add alias domain if we have + $aliasdomains = $app->db->queryAllRecords('SELECT domain,subdomain FROM web_domain WHERE parent_domain_id = '.intval($data['new']['domain_id'])." AND active = 'y' AND type = 'alias'"); + if(is_array($aliasdomains)) { + foreach($aliasdomains as $aliasdomain) { + $temp_domains[] = $aliasdomain['domain']; + if(isset($aliasdomain['subdomain']) && ! empty($aliasdomain['subdomain'])) { + $temp_domains[] = $aliasdomain['subdomain'] . "." . $aliasdomain['domain']; + } + + foreach($sub_prefixes as $s) { + $temp_domains[] = $s . $aliasdomain['domain']; + } + } + } + + // prevent duplicate + $temp_domains = array_unique($temp_domains); + + // generate cli format + foreach($temp_domains as $temp_domain) { + $lddomain .= (string) " --domains " . $temp_domain; + } + + // useless data + unset($subdomains); + unset($temp_domains); $tpl->setVar('ssl_letsencrypt', "y"); //* TODO: check dns entry is correct @@ -1258,31 +1310,17 @@ if(!file_exists($crt_tmp_file) && !file_exists($key_tmp_file)) { $app->log("Create Let's Encrypt SSL Cert for: $domain", LOGLEVEL_DEBUG); - if(is_dir($webroot . "/.well-known/")) { - $app->log("Remove old challenge directory", LOGLEVEL_DEBUG); - $this->_exec("rm -rf " . $webroot . "/.well-known/"); - } - - $app->log("Create challenge directory", LOGLEVEL_DEBUG); - $app->system->mkdirpath($webroot . "/.well-known/"); - $app->system->chown($webroot . "/.well-known/", $$data['new']['system_user']); - $app->system->chgrp($webroot . "/.well-known/", $data['new']['system_group']); - $app->system->mkdirpath($webroot . "/.well-known/acme-challenge"); - $app->system->chown($webroot . "/.well-known/acme-challenge/", $data['new']['system_user']); - $app->system->chgrp($webroot . "/.well-known/acme-challenge/", $data['new']['system_group']); - $app->system->chmod($webroot . "/.well-known/acme-challenge", "g+s"); - if(file_exists("/root/.local/share/letsencrypt/bin/letsencrypt")) { - $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path " . escapeshellarg($webroot)); + $this->_exec("/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@$domain --domains $lddomain --webroot-path /usr/local/ispconfig/interface/acme"); } }; //* check is been correctly created if(file_exists($crt_tmp_file) OR file_exists($key_tmp_file)) { - $date = date("YmdHis"); -//* TODO: check if is a symlink, if target same keep it, either remove it + $date = date("YmdHis"); + //* TODO: check if is a symlink, if target same keep it, either remove it if(is_file($key_file)) { - $app->system->copy($key_file, $key_file.'.old'.$date); + $app->system->copy($key_file, $key_file.'.old.'.$date); $app->system->chmod($key_file.'.old.'.$date, 0400); $app->system->unlink($key_file); } -- Gitblit v1.9.1