From 4aaa412cdceaae303bf45b93ee2354e6f541eb63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Grenier?= Date: Wed, 11 Jul 2018 16:38:43 -0300 Subject: [PATCH 1/7] clean old conf for apache 2.2 --- etc/alternc/templates/apache2/vhost-http.conf | 2 -- 1 file changed, 2 deletions(-) diff --git a/etc/alternc/templates/apache2/vhost-http.conf b/etc/alternc/templates/apache2/vhost-http.conf index 5754a8e9..9a31b45b 100644 --- a/etc/alternc/templates/apache2/vhost-http.conf +++ b/etc/alternc/templates/apache2/vhost-http.conf @@ -30,8 +30,6 @@ php_admin_flag mail.add_x_header on Options -MultiViews -FollowSymLinks +SymLinksIfOwnerMatch AllowOverride AuthConfig FileInfo Limit Options Indexes - Order allow,deny - Allow from all Require all granted From ab4778ce0c9d05864914b6dbb16d4cbf263decc3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Grenier?= Date: Wed, 11 Jul 2018 16:47:48 -0300 Subject: [PATCH 2/7] creation of domaines_type to support ssl apache template --- install/mysql.sql | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/install/mysql.sql b/install/mysql.sql index 2e43504c..c7e3b847 100644 --- a/install/mysql.sql +++ b/install/mysql.sql @@ -480,7 +480,9 @@ CREATE TABLE IF NOT EXISTS `domaines_type` ( ) ENGINE=InnoDB COMMENT = 'Type of domains allowed'; INSERT IGNORE INTO `domaines_type` (name, description, target, entry, compatibility, only_dns, need_dns, advanced, enable) values -('vhost', 'Locally hosted', 'DIRECTORY', '%SUB% IN A @@PUBLIC_IP@@', 'txt,defmx,defmx2,mx,mx2', false, false, false, 'ALL'), +('vhost', 'Locally hosted with https->http', 'DIRECTORY', '%SUB% IN A @@PUBLIC_IP@@', 'txt,defmx,defmx2,mx,mx2', false, false, false, 'ALL'), +('vhost-https','Locally hosted with http->https', 'DIRECTORY', '%SUB% IN A @@PUBLIC_IP@@', 'txt,defmx,defmx2,mx,mx2', false, false, false, 'ALL'), +('vhost-both', 'Locally hosted with http and https', 'DIRECTORY', '%SUB% IN A @@PUBLIC_IP@@', 'txt,defmx,defmx2,mx,mx2', false, false, false, 'ALL'), ('url', 'URL redirection', 'URL', '%SUB% IN A @@PUBLIC_IP@@', 'txt,defmx,defmx2', false, false, false, 'ALL'), ('ip', 'IPv4 redirect', 'IP', '%SUB% IN A %TARGET%', 'url,ip,ipv6,txt,mx,mx2,defmx,defmx2', true, true, false, 'ALL'), ('ipv6', 'IPv6 redirect', 'IPV6', '%SUB% IN AAAA %TARGET%', 'ip,ipv6,txt,mx,mx2,defmx,defmx2', true, true, true, 'ALL'), From 891c71aea12936d41e18aedd13f33df5734c111b Mon Sep 17 00:00:00 2001 From: Kienan Stewart Date: Wed, 11 Jul 2018 15:48:37 -0400 Subject: [PATCH 3/7] Select vhost- if https is set for subdomains --- src/update_domains.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/update_domains.sh b/src/update_domains.sh index feb2f923..ea7920b5 100755 --- a/src/update_domains.sh +++ b/src/update_domains.sh @@ -57,7 +57,7 @@ mysql_query "update sub_domaines sd, domaines d set sd.web_action = 'DELETE' whe # Sub_domaines we want to delete # sub_domaines.web_action = delete -for sub in $( mysql_query "select concat_ws('$B',lower(sd.type), if(length(sd.sub)>0,concat_ws('.',sd.sub,sd.domaine),sd.domaine)) from sub_domaines sd where web_action ='DELETE';") ; do +for sub in $( mysql_query "select concat_ws('$B',if(length(sd.https)>0,concat_ws('-',sd.type,sd.https),lower(sd.type)), if(length(sd.sub)>0,concat_ws('.',sd.sub,sd.domaine),sd.domaine)) from sub_domaines sd where web_action ='DELETE';") ; do host_delete ${sub/$B/ } mysql_query "delete from sub_domaines where concat_ws('$B',lower(type), if(length(sub)>0,concat_ws('.',sub,domaine),domaine)) = '$sub' and web_action ='DELETE';" echo 1 > "$RELOAD_WEB" @@ -67,7 +67,7 @@ done # sub_domaines.web_action = update and sub_domains.only_dns = false IFS="$NEWIFS" mysql_query " -select concat_ws('$IFS',sd.id, lower(sd.type), if(length(sd.sub)>0,concat_ws('.',sd.sub,sd.domaine),sd.domaine), concat_ws('@',m.login,v.value), sd.valeur ) +select concat_ws('$IFS',sd.id, if(length(sd.https)>0,concat_ws('-',sd.type,sd.https),lower(sd.type)), if(length(sd.sub)>0,concat_ws('.',sd.sub,sd.domaine),sd.domaine), concat_ws('@',m.login,v.value), sd.valeur ) from sub_domaines sd,membres m,variable v where sd.compte=m.uid and sd.web_action ='UPDATE' and v.name='mailname_bounce' ;" | while read sdid type domain mail valeur ; do @@ -77,14 +77,14 @@ where sd.compte=m.uid and sd.web_action ='UPDATE' and v.name='mailname_bounce' done # Domaine to enable -mysql_query "select concat_ws('$IFS',sd.id, lower(sd.type),if(length(sd.sub)>0,concat_ws('.',sd.sub,sd.domaine),sd.domaine),sd.valeur) from sub_domaines sd where sd.enable ='ENABLE' ;"|while read sdid type domain valeur ; do +mysql_query "select concat_ws('$IFS',sd.id, if(length(sd.https)>0,concat_ws('-',sd.type,sd.https),lower(sd.type)),if(length(sd.sub)>0,concat_ws('.',sd.sub,sd.domaine),sd.domaine),sd.valeur) from sub_domaines sd where sd.enable ='ENABLE' ;"|while read sdid type domain valeur ; do host_enable "$type" "$domain" "$valeur" mysql_query "update sub_domaines sd set enable='ENABLED' where sd.id = '$sdid' ;" echo 1 > "$RELOAD_WEB" done # Domains to disable -mysql_query "select concat_ws('$IFS', sd.id, lower(sd.type),if(length(sd.sub)>0,concat_ws('.',sd.sub,sd.domaine),sd.domaine),sd.valeur) from sub_domaines sd where sd.enable ='DISABLE' ;"|while read sdid type domain valeur ; do +mysql_query "select concat_ws('$IFS', sd.id, if(length(sd.https)>0,concat_ws('-',sd.type,sd.https),lower(sd.type)),if(length(sd.sub)>0,concat_ws('.',sd.sub,sd.domaine),sd.domaine),sd.valeur) from sub_domaines sd where sd.enable ='DISABLE' ;"|while read sdid type domain valeur ; do host_disable "$type" "$domain" "$valeur" mysql_query "update sub_domaines sd set enable='DISABLED' where sd.id = '$sdid' ;" echo 1 > "$RELOAD_WEB" From e35dbc6d5f2cf1cd94d42446967f2a1b41ff8fad Mon Sep 17 00:00:00 2001 From: Kienan Stewart Date: Wed, 11 Jul 2018 17:25:07 -0400 Subject: [PATCH 4/7] Fix sub domain deletion; the vhost overload type is not important here --- src/update_domains.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/update_domains.sh b/src/update_domains.sh index ea7920b5..ac7cb98b 100755 --- a/src/update_domains.sh +++ b/src/update_domains.sh @@ -57,7 +57,7 @@ mysql_query "update sub_domaines sd, domaines d set sd.web_action = 'DELETE' whe # Sub_domaines we want to delete # sub_domaines.web_action = delete -for sub in $( mysql_query "select concat_ws('$B',if(length(sd.https)>0,concat_ws('-',sd.type,sd.https),lower(sd.type)), if(length(sd.sub)>0,concat_ws('.',sd.sub,sd.domaine),sd.domaine)) from sub_domaines sd where web_action ='DELETE';") ; do +for sub in $( mysql_query "select concat_ws('$B', lower(sd.type), if(length(sd.sub)>0,concat_ws('.',sd.sub,sd.domaine),sd.domaine)) from sub_domaines sd where web_action ='DELETE';") ; do host_delete ${sub/$B/ } mysql_query "delete from sub_domaines where concat_ws('$B',lower(type), if(length(sub)>0,concat_ws('.',sub,domaine),domaine)) = '$sub' and web_action ='DELETE';" echo 1 > "$RELOAD_WEB" From 166b1b4f40124c391695cde80b0ffe7c97a6dbbc Mon Sep 17 00:00:00 2001 From: Kienan Stewart Date: Wed, 11 Jul 2018 17:27:01 -0400 Subject: [PATCH 5/7] Disable vhost SSL overload types for use in the interface, and set has_https_option for vhost --- install/mysql.sql | 34 ++++++++++++++++++++-------------- install/upgrades/3.5.0.2.sql | 5 +++++ 2 files changed, 25 insertions(+), 14 deletions(-) create mode 100644 install/upgrades/3.5.0.2.sql diff --git a/install/mysql.sql b/install/mysql.sql index c7e3b847..e885d17e 100644 --- a/install/mysql.sql +++ b/install/mysql.sql @@ -479,20 +479,26 @@ CREATE TABLE IF NOT EXISTS `domaines_type` ( PRIMARY KEY ( `name` ) ) ENGINE=InnoDB COMMENT = 'Type of domains allowed'; -INSERT IGNORE INTO `domaines_type` (name, description, target, entry, compatibility, only_dns, need_dns, advanced, enable) values -('vhost', 'Locally hosted with https->http', 'DIRECTORY', '%SUB% IN A @@PUBLIC_IP@@', 'txt,defmx,defmx2,mx,mx2', false, false, false, 'ALL'), -('vhost-https','Locally hosted with http->https', 'DIRECTORY', '%SUB% IN A @@PUBLIC_IP@@', 'txt,defmx,defmx2,mx,mx2', false, false, false, 'ALL'), -('vhost-both', 'Locally hosted with http and https', 'DIRECTORY', '%SUB% IN A @@PUBLIC_IP@@', 'txt,defmx,defmx2,mx,mx2', false, false, false, 'ALL'), -('url', 'URL redirection', 'URL', '%SUB% IN A @@PUBLIC_IP@@', 'txt,defmx,defmx2', false, false, false, 'ALL'), -('ip', 'IPv4 redirect', 'IP', '%SUB% IN A %TARGET%', 'url,ip,ipv6,txt,mx,mx2,defmx,defmx2', true, true, false, 'ALL'), -('ipv6', 'IPv6 redirect', 'IPV6', '%SUB% IN AAAA %TARGET%', 'ip,ipv6,txt,mx,mx2,defmx,defmx2', true, true, true, 'ALL'), -('cname', 'CNAME DNS entry', 'DOMAIN', '%SUB% CNAME %TARGET%', '', true, true, true, 'ALL'), -('txt', 'TXT DNS entry', 'TXT', '%SUB% IN TXT "%TARGET%"', 'vhost,url,ip,ipv6,txt,mx,mx2,defmx,defmx2', true, true, true, 'ALL'), -('mx', 'MX DNS entry', 'DOMAIN', '%SUB% IN MX 5 %TARGET%', 'vhost,url,ip,ipv6,txt,mx,mx2', true, true, true, 'ALL'), -('mx2', 'secondary MX DNS entry', 'DOMAIN', '%SUB% IN MX 10 %TARGET%', 'vhost,url,ip,ipv6,txt,mx,mx2', true, true, true, 'ALL'), -('defmx', 'Default mail server', 'NONE', '%SUB% IN MX 5 @@DEFAULT_MX@@.', 'vhost,url,ip,ipv6,txt,defmx2', true, true, true, 'ADMIN'), -('defmx2', 'Default backup mail server', 'NONE', '%SUB% IN MX 10 @@DEFAULT_SECONDARY_MX@@.', 'vhost,url,ip,ipv6,txt,defmx', true, true, true, 'ADMIN'), -('panel', 'AlternC panel access', 'NONE', '%SUB% IN A @@PUBLIC_IP@@', 'vhost,url,ip,ipv6,txt,mx,mx2,defmx,defmx2', false, false, true, 'ALL') +INSERT IGNORE INTO `domaines_type` (name, description, target, entry, compatibility, only_dns, need_dns, advanced, enable, has_https_option) values +-- Default vhost type to maintains compatibility across versions. +-- This is overloaded depending on the value of the https column in sub_domaines +('vhost', 'Locally hosted', 'DIRECTORY', '%SUB% IN A @@PUBLIC_IP@@', 'txt,defmx,defmx2,mx,mx2', false, false, false, 'ALL', true), +-- The following 3 types (vhost-http, vhost-https, vhost-both) are overloads for vhost +-- and are "disabled" to not be available from the interface, but still be valid domaine types +-- when checking in m_ssl::updateDomain. +('vhost-http','Locally hosted with http->https', 'DIRECTORY', '%SUB% IN A @@PUBLIC_IP@@', 'txt,defmx,defmx2,mx,mx2', false, false, false, 'NONE', false), +('vhost-https','Locally hosted with http->https', 'DIRECTORY', '%SUB% IN A @@PUBLIC_IP@@', 'txt,defmx,defmx2,mx,mx2', false, false, false, 'NONE', false), +('vhost-both', 'Locally hosted with http and https', 'DIRECTORY', '%SUB% IN A @@PUBLIC_IP@@', 'txt,defmx,defmx2,mx,mx2', false, false, false, 'NONE', false), +('url', 'URL redirection', 'URL', '%SUB% IN A @@PUBLIC_IP@@', 'txt,defmx,defmx2', false, false, false, 'ALL', false), +('ip', 'IPv4 redirect', 'IP', '%SUB% IN A %TARGET%', 'url,ip,ipv6,txt,mx,mx2,defmx,defmx2', true, true, false, 'ALL', false), +('ipv6', 'IPv6 redirect', 'IPV6', '%SUB% IN AAAA %TARGET%', 'ip,ipv6,txt,mx,mx2,defmx,defmx2', true, true, true, 'ALL', false), +('cname', 'CNAME DNS entry', 'DOMAIN', '%SUB% CNAME %TARGET%', '', true, true, true, 'ALL', false), +('txt', 'TXT DNS entry', 'TXT', '%SUB% IN TXT "%TARGET%"', 'vhost,url,ip,ipv6,txt,mx,mx2,defmx,defmx2', true, true, true, 'ALL', false), +('mx', 'MX DNS entry', 'DOMAIN', '%SUB% IN MX 5 %TARGET%', 'vhost,url,ip,ipv6,txt,mx,mx2', true, true, true, 'ALL', false), +('mx2', 'secondary MX DNS entry', 'DOMAIN', '%SUB% IN MX 10 %TARGET%', 'vhost,url,ip,ipv6,txt,mx,mx2', true, true, true, 'ALL', false), +('defmx', 'Default mail server', 'NONE', '%SUB% IN MX 5 @@DEFAULT_MX@@.', 'vhost,url,ip,ipv6,txt,defmx2', true, true, true, 'ADMIN', false), +('defmx2', 'Default backup mail server', 'NONE', '%SUB% IN MX 10 @@DEFAULT_SECONDARY_MX@@.', 'vhost,url,ip,ipv6,txt,defmx', true, true, true, 'ADMIN', false), +('panel', 'AlternC panel access', 'NONE', '%SUB% IN A @@PUBLIC_IP@@', 'vhost,url,ip,ipv6,txt,mx,mx2,defmx,defmx2', false, false, true, 'ALL', false) ; UPDATE domaines_type SET create_tmpdir=true, create_targetdir=true WHERE target='DIRECTORY'; diff --git a/install/upgrades/3.5.0.2.sql b/install/upgrades/3.5.0.2.sql new file mode 100644 index 00000000..21ae6b9f --- /dev/null +++ b/install/upgrades/3.5.0.2.sql @@ -0,0 +1,5 @@ +-- upgrade from 3.5.0.1 to 3.5.0.2 +INSERT IGNORE INTO `domaines_type` (name, description, target, entry, compatibility, only_dns, need_dns, advanced, enable, has_https_option) values +('vhost-http','Locally hosted with http->https', 'DIRECTORY', '%SUB% IN A @@PUBLIC_IP@@', 'txt,defmx,defmx2,mx,mx2', false, false, false, 'NONE', false), +('vhost-https','Locally hosted with http->https', 'DIRECTORY', '%SUB% IN A @@PUBLIC_IP@@', 'txt,defmx,defmx2,mx,mx2', false, false, false, 'NONE', false), +('vhost-both', 'Locally hosted with http and https', 'DIRECTORY', '%SUB% IN A @@PUBLIC_IP@@', 'txt,defmx,defmx2,mx,mx2', false, false, false, 'NONE', false), From 541ce254600cc114f8fca7b46cdab9aa87469d62 Mon Sep 17 00:00:00 2001 From: Kienan Stewart Date: Wed, 11 Jul 2018 17:27:52 -0400 Subject: [PATCH 6/7] Match type more broadly for vhost when searching subdomains --- bureau/class/m_ssl.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/bureau/class/m_ssl.php b/bureau/class/m_ssl.php index 109241c4..8587fe24 100644 --- a/bureau/class/m_ssl.php +++ b/bureau/class/m_ssl.php @@ -567,14 +567,22 @@ SELECT ?,?,?, FROM_UNIXTIME(?), FROM_UNIXTIME(?), ?, ?, sslcsr FROM certificate return; // nothing to do : this domain type does not involve Vhosts } + // The 'vhost' type is overloaded with -http, -https, and -both. + // If the type starts with vhost, we should match vhost% + // Generally, only 'vhost' is used since the overloads are not enabled + // for use in the interface. + $type_match = $type; + if (substr($type, 0, 5) == 'vhost') { + $type_match = 'vhost%'; + } if ($action == "postinst") { $msg->log("ssl", "update_domain:CREATE($action,$type,$fqdn)"); $offset = 0; $found = false; do { // try each subdomain (strtok-style) and search them in sub_domaines table: $db->query( - "SELECT * FROM sub_domaines WHERE sub=? AND domaine=? AND web_action NOT IN ('','OK') AND type=?", - array(substr($fqdn, 0, $offset), substr($fqdn, $offset + ($offset != 0)), $type) + "SELECT * FROM sub_domaines WHERE sub=? AND domaine=? AND web_action NOT IN ('','OK') AND type LIKE ?", + array(substr($fqdn, 0, $offset), substr($fqdn, $offset + ($offset != 0)), $type_match) ); if ($db->next_record()) { $found = true; From fa2e40b16c0ea69d7864db1ac70c6fbe7ff78419 Mon Sep 17 00:00:00 2001 From: Kienan Stewart Date: Wed, 11 Jul 2018 17:57:27 -0400 Subject: [PATCH 7/7] Select default value for SSL type properly --- bureau/admin/dom_edit.inc.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bureau/admin/dom_edit.inc.php b/bureau/admin/dom_edit.inc.php index a4a63617..bbb122d2 100755 --- a/bureau/admin/dom_edit.inc.php +++ b/bureau/admin/dom_edit.inc.php @@ -130,8 +130,8 @@ $dom->unlock();