From b31bb1f27f066a2d49f5ab9ee0ca15e985efc788 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Mon, 26 Sep 2011 06:50:23 -0400
Subject: [PATCH] Fixed: FS#1619 - Add apache SNI / SAN support for SSL.
---
interface/web/sites/web_domain_edit.php | 74 ++++++++++++++++++++++++++++++++-----
1 files changed, 64 insertions(+), 10 deletions(-)
diff --git a/interface/web/sites/web_domain_edit.php b/interface/web/sites/web_domain_edit.php
index b552a64..13af0a1 100644
--- a/interface/web/sites/web_domain_edit.php
+++ b/interface/web/sites/web_domain_edit.php
@@ -94,8 +94,8 @@
$app->tpl->setVar("server_id","<option value='$client[default_webserver]'>$tmp[server_name]</option>");
unset($tmp);
- // Fill the IP select field with the IP addresses that are allowed for this client
- $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver']." AND client_id=0 OR client_id=".$_SESSION['s']['user']['client_id'];
+ //* Fill the IPv4 select field with the IP addresses that are allowed for this client
+ $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver']." AND ip_type = 'IPv4' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";
$ips = $app->db->queryAllRecords($sql);
$ip_select = "<option value='*'>*</option>";
//$ip_select = "";
@@ -106,6 +106,21 @@
}
}
$app->tpl->setVar("ip_address",$ip_select);
+ unset($tmp);
+ unset($ips);
+
+ //* Fill the IPv6 select field with the IP addresses that are allowed for this client
+ $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver']." AND ip_type = 'IPv6' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";
+ $ips = $app->db->queryAllRecords($sql);
+ $ip_select = "<option value=''></option>";
+ //$ip_select = "";
+ if(is_array($ips)) {
+ foreach( $ips as $ip) {
+ $selected = ($ip["ip_address"] == $this->dataRecord["ipv6_address"])?'SELECTED':'';
+ $ip_select .= "<option value='$ip[ip_address]' $selected>$ip[ip_address]</option>\r\n";
+ }
+ }
+ $app->tpl->setVar("ipv6_address",$ip_select);
unset($tmp);
unset($ips);
@@ -135,8 +150,8 @@
}
$app->tpl->setVar("client_group_id",$client_select);
- // Fill the IP select field with the IP addresses that are allowed for this client
- $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver']." AND client_id=0 OR client_id=".$_SESSION['s']['user']['client_id'];
+ //* Fill the IPv4 select field with the IP addresses that are allowed for this client
+ $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver']." AND ip_type = 'IPv4' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";
$ips = $app->db->queryAllRecords($sql);
$ip_select = "<option value='*'>*</option>";
//$ip_select = "";
@@ -147,6 +162,21 @@
}
}
$app->tpl->setVar("ip_address",$ip_select);
+ unset($tmp);
+ unset($ips);
+
+ //* Fill the IPv6 select field with the IP addresses that are allowed for this client
+ $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver']." AND ip_type = 'IPv6' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";
+ $ips = $app->db->queryAllRecords($sql);
+ $ip_select = "<option value=''></option>";
+ //$ip_select = "";
+ if(is_array($ips)) {
+ foreach( $ips as $ip) {
+ $selected = ($ip["ip_address"] == $this->dataRecord["ipv6_address"])?'SELECTED':'';
+ $ip_select .= "<option value='$ip[ip_address]' $selected>$ip[ip_address]</option>\r\n";
+ }
+ }
+ $app->tpl->setVar("ipv6_address",$ip_select);
unset($tmp);
unset($ips);
@@ -161,8 +191,9 @@
$tmp = $app->db->queryOneRecord("SELECT server_id FROM server WHERE web_server = 1 ORDER BY server_name LIMIT 0,1");
$server_id = $tmp['server_id'];
}
-
- $sql = "SELECT ip_address FROM server_ip WHERE server_id = $server_id";
+
+ //* Fill the IPv4 select field
+ $sql = "SELECT ip_address FROM server_ip WHERE ip_type = 'IPv4' AND server_id = $server_id";
$ips = $app->db->queryAllRecords($sql);
$ip_select = "<option value='*'>*</option>";
//$ip_select = "";
@@ -173,6 +204,21 @@
}
}
$app->tpl->setVar("ip_address",$ip_select);
+ unset($tmp);
+ unset($ips);
+
+ //* Fill the IPv6 select field
+ $sql = "SELECT ip_address FROM server_ip WHERE ip_type = 'IPv6' AND server_id = $server_id";
+ $ips = $app->db->queryAllRecords($sql);
+ $ip_select = "<option value=''></option>";
+ //$ip_select = "";
+ if(is_array($ips)) {
+ foreach( $ips as $ip) {
+ $selected = ($ip["ip_address"] == $this->dataRecord["ipv6_address"])?'SELECTED':'';
+ $ip_select .= "<option value='$ip[ip_address]' $selected>$ip[ip_address]</option>\r\n";
+ }
+ }
+ $app->tpl->setVar("ipv6_address",$ip_select);
unset($tmp);
unset($ips);
@@ -351,9 +397,8 @@
unset($tmp);
// When the record is inserted
} else {
- // set the server ID to the default mailserver of the client
+ //* set the server ID to the default webserver of the client
$this->dataRecord["server_id"] = $client["default_webserver"];
-
// Check if the user may add another web_domain
if($client["limit_web_domain"] >= 0) {
@@ -364,7 +409,6 @@
}
}
-
// Clients may not set the client_group_id, so we unset them if user is not a admin and the client is not a reseller
if(!$app->auth->has_clients($_SESSION['s']['user']['userid'])) unset($this->dataRecord["client_group_id"]);
@@ -372,7 +416,17 @@
//* make sure that the email domain is lowercase
if(isset($this->dataRecord["domain"])) $this->dataRecord["domain"] = strtolower($this->dataRecord["domain"]);
-
+
+ //* get the server config for this server
+ $app->uses("getconf");
+ $web_config = $app->getconf->get_server_config(intval($this->dataRecord["server_id"]),'web');
+ //* Check for duplicate ssl certs per IP if SNI is disabled
+ if(isset($this->dataRecord['ssl']) && $this->dataRecord['ssl'] == 'y' && $web_config['enable_sni'] != 'y') {
+ $sql = "SELECT count(domain_id) as number FROM web_domain WHERE `ssl` = 'y' AND ip_address = '".$app->db->quote($this->dataRecord['ip_address'])."' and domain_id != ".$this->id;
+ $tmp = $app->db->queryOneRecord($sql);
+ if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng("error_no_sni_txt");
+ }
+
parent::onSubmit();
}
--
Gitblit v1.9.1