From b31bb1f27f066a2d49f5ab9ee0ca15e985efc788 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Mon, 26 Sep 2011 06:50:23 -0400
Subject: [PATCH] Fixed: FS#1619 - Add apache SNI / SAN support for SSL.
---
interface/web/sites/web_domain_edit.php | 84 +++++++++++++++++++++++++++++++++--------
1 files changed, 67 insertions(+), 17 deletions(-)
diff --git a/interface/web/sites/web_domain_edit.php b/interface/web/sites/web_domain_edit.php
index 648c4a4..13af0a1 100644
--- a/interface/web/sites/web_domain_edit.php
+++ b/interface/web/sites/web_domain_edit.php
@@ -82,7 +82,7 @@
function onShowEnd() {
global $app, $conf;
- //* Client: If the logged in user is not admin and has no sub clients (no rseller)
+ //* Client: If the logged in user is not admin and has no sub clients (no reseller)
if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
// Get the limits of the client
@@ -94,10 +94,8 @@
$app->tpl->setVar("server_id","<option value='$client[default_webserver]'>$tmp[server_name]</option>");
unset($tmp);
- // Fill the IP select field with the IP addresses that are allowed for this client
- // $ip_select = "<option value='*'>*</option>";
- // $app->tpl->setVar("ip_address",$ip_select);
- $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver'];
+ //* Fill the IPv4 select field with the IP addresses that are allowed for this client
+ $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver']." AND ip_type = 'IPv4' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";
$ips = $app->db->queryAllRecords($sql);
$ip_select = "<option value='*'>*</option>";
//$ip_select = "";
@@ -110,8 +108,23 @@
$app->tpl->setVar("ip_address",$ip_select);
unset($tmp);
unset($ips);
+
+ //* Fill the IPv6 select field with the IP addresses that are allowed for this client
+ $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver']." AND ip_type = 'IPv6' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";
+ $ips = $app->db->queryAllRecords($sql);
+ $ip_select = "<option value=''></option>";
+ //$ip_select = "";
+ if(is_array($ips)) {
+ foreach( $ips as $ip) {
+ $selected = ($ip["ip_address"] == $this->dataRecord["ipv6_address"])?'SELECTED':'';
+ $ip_select .= "<option value='$ip[ip_address]' $selected>$ip[ip_address]</option>\r\n";
+ }
+ }
+ $app->tpl->setVar("ipv6_address",$ip_select);
+ unset($tmp);
+ unset($ips);
- //* Reseller: If the logged in user is not admin and has sub clients (is a rseller)
+ //* Reseller: If the logged in user is not admin and has sub clients (is a reseller)
} elseif ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
// Get the limits of the client
@@ -137,10 +150,8 @@
}
$app->tpl->setVar("client_group_id",$client_select);
- // Fill the IP select field with the IP addresses that are allowed for this client
- //$ip_select = "<option value='*'>*</option>";
- //$app->tpl->setVar("ip_address",$ip_select);
- $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver'];
+ //* Fill the IPv4 select field with the IP addresses that are allowed for this client
+ $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver']." AND ip_type = 'IPv4' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";
$ips = $app->db->queryAllRecords($sql);
$ip_select = "<option value='*'>*</option>";
//$ip_select = "";
@@ -151,6 +162,21 @@
}
}
$app->tpl->setVar("ip_address",$ip_select);
+ unset($tmp);
+ unset($ips);
+
+ //* Fill the IPv6 select field with the IP addresses that are allowed for this client
+ $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver']." AND ip_type = 'IPv6' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";
+ $ips = $app->db->queryAllRecords($sql);
+ $ip_select = "<option value=''></option>";
+ //$ip_select = "";
+ if(is_array($ips)) {
+ foreach( $ips as $ip) {
+ $selected = ($ip["ip_address"] == $this->dataRecord["ipv6_address"])?'SELECTED':'';
+ $ip_select .= "<option value='$ip[ip_address]' $selected>$ip[ip_address]</option>\r\n";
+ }
+ }
+ $app->tpl->setVar("ipv6_address",$ip_select);
unset($tmp);
unset($ips);
@@ -165,8 +191,9 @@
$tmp = $app->db->queryOneRecord("SELECT server_id FROM server WHERE web_server = 1 ORDER BY server_name LIMIT 0,1");
$server_id = $tmp['server_id'];
}
-
- $sql = "SELECT ip_address FROM server_ip WHERE server_id = $server_id";
+
+ //* Fill the IPv4 select field
+ $sql = "SELECT ip_address FROM server_ip WHERE ip_type = 'IPv4' AND server_id = $server_id";
$ips = $app->db->queryAllRecords($sql);
$ip_select = "<option value='*'>*</option>";
//$ip_select = "";
@@ -177,6 +204,21 @@
}
}
$app->tpl->setVar("ip_address",$ip_select);
+ unset($tmp);
+ unset($ips);
+
+ //* Fill the IPv6 select field
+ $sql = "SELECT ip_address FROM server_ip WHERE ip_type = 'IPv6' AND server_id = $server_id";
+ $ips = $app->db->queryAllRecords($sql);
+ $ip_select = "<option value=''></option>";
+ //$ip_select = "";
+ if(is_array($ips)) {
+ foreach( $ips as $ip) {
+ $selected = ($ip["ip_address"] == $this->dataRecord["ipv6_address"])?'SELECTED':'';
+ $ip_select .= "<option value='$ip[ip_address]' $selected>$ip[ip_address]</option>\r\n";
+ }
+ }
+ $app->tpl->setVar("ipv6_address",$ip_select);
unset($tmp);
unset($ips);
@@ -355,9 +397,8 @@
unset($tmp);
// When the record is inserted
} else {
- // set the server ID to the default mailserver of the client
+ //* set the server ID to the default webserver of the client
$this->dataRecord["server_id"] = $client["default_webserver"];
-
// Check if the user may add another web_domain
if($client["limit_web_domain"] >= 0) {
@@ -368,7 +409,6 @@
}
}
-
// Clients may not set the client_group_id, so we unset them if user is not a admin and the client is not a reseller
if(!$app->auth->has_clients($_SESSION['s']['user']['userid'])) unset($this->dataRecord["client_group_id"]);
@@ -376,7 +416,17 @@
//* make sure that the email domain is lowercase
if(isset($this->dataRecord["domain"])) $this->dataRecord["domain"] = strtolower($this->dataRecord["domain"]);
-
+
+ //* get the server config for this server
+ $app->uses("getconf");
+ $web_config = $app->getconf->get_server_config(intval($this->dataRecord["server_id"]),'web');
+ //* Check for duplicate ssl certs per IP if SNI is disabled
+ if(isset($this->dataRecord['ssl']) && $this->dataRecord['ssl'] == 'y' && $web_config['enable_sni'] != 'y') {
+ $sql = "SELECT count(domain_id) as number FROM web_domain WHERE `ssl` = 'y' AND ip_address = '".$app->db->quote($this->dataRecord['ip_address'])."' and domain_id != ".$this->id;
+ $tmp = $app->db->queryOneRecord($sql);
+ if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng("error_no_sni_txt");
+ }
+
parent::onSubmit();
}
@@ -572,7 +622,7 @@
//* Set php_open_basedir if empty or domain or client has been changed
if($web_rec['php_open_basedir'] == '' ||
($this->dataRecord["domain"] != '' && $this->oldDataRecord["domain"] != '' && $this->dataRecord["domain"] != $this->oldDataRecord["domain"]) ||
- (isset($this->dataRecord["client_group_id"]) && $this->dataRecord["client_group_id"] != $this->oldDataRecord["sys_groupid"]))
+ (isset($this->dataRecord["client_group_id"]) && $this->dataRecord["client_group_id"] != $this->oldDataRecord["sys_groupid"])) {
$document_root = $app->db->quote(str_replace("[client_id]",$client_id,$document_root));
$php_open_basedir = str_replace("[website_path]",$document_root,$web_config["php_open_basedir"]);
$php_open_basedir = $app->db->quote(str_replace("[website_domain]",$web_rec['domain'],$php_open_basedir));
--
Gitblit v1.9.1