Add formatAbsoluteDomain, remove regGetUpperDomain

2022-06-15 15:30:18 +02:00 · 2022-06-15 15:30:18 +02:00 · 9bcf3a57a2
parent 40cb0729ad
commit 9bcf3a57a2
14 changed files with 66 additions and 84 deletions
--- a/common/pages.php
+++ b/common/pages.php
@ -66,11 +66,11 @@ define('DESCRIPTIONS', [
 			'ip' => 'Indiquer l\'adresse IP d\'un domaine',
 			'ns' => 'Indiquer le serveur de noms d\'une zone',
 			'txt' => 'Associer du texte à un domaine',
-			'caa' => 'Enregistrement <abbr title="Certificate Authority Authorization">CAA</abbr>',
+			'caa' => 'Limiter les autorités de certification autorisées à émettre des certificats',
-			'srv' => 'Indiquer l\'adresse pour un service spécifique',
+			'srv' => 'Indiquer l\'adresse d\'un service spécifique',
-			'mx' => 'Indiquer le serveur mail pour un domaine',
+			'mx' => 'Indiquer l\'adresse du serveur recevant les courriels',
-			'sshfp' => 'Indiquer les empreintes de clés <abbr title="Secure SHell">SSH</abbr> d\'un domaine',
+			'sshfp' => 'Indiquer les empreintes des clés <abbr title="Secure SHell">SSH</abbr>',
-			'tlsa' => 'Indiquer les seules autorités de certifications autorisée à signer les domaines',
+			'tlsa' => 'Mettre en place <abbr title="DNS-based Authentication of Named Entities">DANE</abbr> en indiquant l\'empreinte d\'un certificat <abbr title="Transport Layer Security">TLS</abbr>',
 		],
 		'ht' => [
 			'index' => 'Mettre en ligne son site statique sur un espace <abbr title="SSH File Transfert Protocol">SFTP</abbr>, et le faire répondre en <abbr title="HyperText Transfert Protocol">HTTP</abbr> par DNS ou Tor',
--- a/fn/dns.php
+++ b/fn/dns.php
@ -38,6 +38,18 @@ function checkAbsoluteDomainFormat($domain) {
 		userError("Domain malformed.");
 }
 function formatEndWithDot($str) {
 	if (!str_ends_with($str, '.'))
 		$str .= '.';
 	return $str;
 }
 function formatAbsoluteDomain($domain) {
 	$domain = formatEndWithDot(strtolower($domain));
 	checkAbsoluteDomainFormat($domain);
 	return $domain;
 }
 function checkAction($action) {
 	return match ($action) {
 		'add' => '',
--- a/fn/ns.php
+++ b/fn/ns.php
@ -15,8 +15,7 @@ function nsParseCommonRequirements() {
 	if (($_POST['subdomain'] === "") OR ($_POST['subdomain'] === "@"))
 		$values['domain'] = $_POST['zone'];
 	else
-		$values['domain'] = $_POST['subdomain'] . "." . $_POST['zone'];
+		$values['domain'] = formatAbsoluteDomain(formatEndWithDot($_POST['subdomain']) . $_POST['zone']);
 	checkAbsoluteDomainFormat($values['domain']);
 	$values['ttl'] = $_POST['ttl-value'] * $_POST['ttl-multiplier'];
@ -30,9 +29,9 @@ function nsListUserZones($username) {
 	return query('select', 'zones', ['username' => $username], 'zone');
 }
-function nsCheckZonePossession($submittedZone) {
+function nsCheckZonePossession($zone) {
-	checkAbsoluteDomainFormat($submittedZone);
+	checkAbsoluteDomainFormat($zone);
-	if (!in_array($submittedZone, query('select', 'zones', ['username' => $_SESSION['username']], 'zone'), true))
+	if (!in_array($zone, query('select', 'zones', ['username' => $_SESSION['username']], 'zone'), true))
 		userError("You don't own this zone on the nameserver.");
 }
--- a/fn/reg.php
+++ b/fn/reg.php
@ -1,20 +1,11 @@
 <?php
 function regGetUpperDomain($domain) {
 	// Remove anything before the first dot and the first dot itself
 	return preg_replace("/^[^.]+\./", "", $domain);
 }
 function regListUserDomains($username) {
 	return query('select', 'registry', ['username' => $username], 'domain');
 }
 function regCheckDomainPossession($domain) {
-	checkAbsoluteDomainFormat($domain);
+	if (in_array($domain, regListUserDomains($_SESSION['username']), true) !== true)
 	$ownedDomains = regListUserDomains($_SESSION['username']);
 	if (in_array($domain, $ownedDomains, true) !== true)
 		userError("You don't own this domain.");
 }
--- a/public/css/main.css
+++ b/public/css/main.css
@ -1,5 +1,5 @@
 body {
-	margin: 0;
+	margin: 1rem;
 	padding: 0;
 	background-color: var(--background-color);
 	color: var(--foreground-color);
--- a/public/ns/dnssec.php
+++ b/public/ns/dnssec.php
@ -17,52 +17,42 @@ if (isset($_SESSION['username']))
 <?php
-if (isset($_POST['zone']) AND isset($_SESSION['username'])) {
+switchToFormProcess();
-	nsCheckZonePossession($_POST['zone']);
+nsCheckZonePossession($_POST['zone']);
-	$zoneContent = file_get_contents(CONF['ns']['knot_zones_path'] . "/" . $_POST['zone'] . "zone");
+$zoneContent = file_get_contents(CONF['ns']['knot_zones_path'] . "/" . $_POST['zone'] . "zone");
-	$found = preg_match("#\n" . preg_quote($_POST['zone']) . "\s+0\s+CDS\s+([0-9]{1,5})\s+([0-9]{1,2})\s+([0-9])\s+([0-9A-F]{64})\n#", $zoneContent, $matches);
+$found = preg_match("#\n" . preg_quote($_POST['zone']) . "\s+0\s+CDS\s+([0-9]{1,5})\s+([0-9]{1,2})\s+([0-9])\s+([0-9A-F]{64})\n#", $zoneContent, $matches);
-	if ($found !== 1)
+if ($found !== 1)
-		serverError("Unable to get public key record from zone file.");
+	serverError("Unable to get public key record from zone file.");
-	$tag = $matches[1];
+$tag = $matches[1];
-	$algo = $matches[2];
+$algo = $matches[2];
-	$digestType = $matches[3];
+$digestType = $matches[3];
-	$digest = $matches[4];
+$digest = $matches[4];
-	?>
+?>
-	<dl>
+<dl>
-
+	<dt>Zone</dt>
-		<dt>Zone</dt>
+	<dd>
-		<dd>
+		<code><?= $_POST['zone'] ?></code>
-			<code><?= $_POST['zone'] ?></code>
+	</dd>
-		</dd>
+	<dt>Tag</dt>
-
+	<dd>
-		<dt>Tag</dt>
+		<code><?= $tag ?></code>
-		<dd>
+	</dd>
-			<code><?= $tag ?></code>
+	<dt>Algorithme</dt>
-		</dd>
+	<dd>
-
+		<code><?= $algo ?></code><?php if ($algo === "15") echo " (Ed25519)"; ?>
-		<dt>Algorithme</dt>
+	</dd>
-		<dd>
+	<dt>Type de condensat</dt>
-			<code><?= $algo ?></code><?php if ($algo === "15") echo " (Ed25519)"; ?>
+	<dd>
-		</dd>
+		<code><?= $digestType ?></code><?php if ($digestType === "2") echo " (SHA-256)"; ?>
-
+	</dd>
-		<dt>Type de condensat</dt>
+	<dt>Condensat</dt>
-		<dd>
+	<dd>
-			<code><?= $digestType ?></code><?php if ($digestType === "2") echo " (SHA-256)"; ?>
+		<code><?= $digest ?></code>
-		</dd>
+	</dd>
-
+</dl>
 		<dt>Condensat</dt>
 		<dd>
 			<code><?= $digest ?></code>
 		</dd>
 	</dl>
 <?php } ?>
 <?php closeHTML(); ?>
--- a/public/ns/mx.php
+++ b/public/ns/mx.php
@ -29,7 +29,7 @@ $values = nsParseCommonRequirements();
 if (!($_POST['priority'] >= 0 AND $_POST['priority'] <= 255))
 	userError("Wrong value for <code>priority</code>.");
-checkAbsoluteDomainFormat($_POST['host']);
+$_POST['host'] = formatAbsoluteDomain($_POST['host']);
 knotcExec($_POST['zone'], array(
 	$values['domain'],
--- a/public/ns/ns.php
+++ b/public/ns/ns.php
@ -16,7 +16,7 @@ switchToFormProcess();
 $values = nsParseCommonRequirements();
-checkAbsoluteDomainFormat($_POST['ns']);
+$_POST['ns'] = formatAbsoluteDomain($_POST['ns']);
 knotcExec($_POST['zone'], array(
 	$values['domain'],
--- a/public/ns/srv.php
+++ b/public/ns/srv.php
@ -47,7 +47,7 @@ if (!($_POST['weight'] >= 0 AND $_POST['weight'] <= 65535))
 if (!($_POST['port'] >= 0 AND $_POST['port'] <= 65535))
 	userError("Wrong value for <code>port</code>.");
-checkAbsoluteDomainFormat($_POST['target']);
+$_POST['target'] = formatAbsoluteDomain($_POST['target']);
 knotcExec($_POST['zone'], array(
 	$values['domain'],
--- a/public/ns/zone-add.php
+++ b/public/ns/zone-add.php
@ -10,7 +10,7 @@
 switchToFormProcess();
-checkAbsoluteDomainFormat($_POST['domain']);
+$_POST['domain'] = formatAbsoluteDomain($_POST['domain']);
 $db = new PDO('sqlite:' . DB_PATH);
 $stmt = $db->prepare("INSERT INTO zones(zone, username) VALUES(:zone, :username)");
--- a/public/reg/ds.php
+++ b/public/reg/ds.php
@ -86,9 +86,7 @@ regCheckDomainPossession($_POST['zone']);
 $action = checkAction($_POST['action']);
-$suffix = regGetUpperDomain($_POST['zone']);
+knotcExec(CONF['reg']['registry'], array(
 knotcExec($suffix, array(
 	$_POST['zone'],
 	CONF['reg']['ttl'],
 	"DS",
--- a/public/reg/glue.php
+++ b/public/reg/glue.php
@ -41,15 +41,11 @@ switchToFormProcess();
 regCheckDomainPossession($_POST['suffix']);
-$domain = $_POST['subdomain'] . "." . $_POST['suffix'];
+$domain = formatAbsoluteDomain(formatEndWithDot($_POST['subdomain']) . CONF['reg']['registry']);
 checkAbsoluteDomainFormat($domain);
 $record = checkIpFormat($_POST['ip']);
-$publicSuffix = regGetUpperDomain($_POST['suffix']);
+knotcExec(CONF['reg']['registry'], array(
 knotcExec($publicSuffix, array(
 	$domain,
 	CONF['reg']['ttl'],
 	$record,
--- a/public/reg/ns.php
+++ b/public/reg/ns.php
@ -31,11 +31,9 @@ if (isset($_SESSION['username']))
 switchToFormProcess();
 regCheckDomainPossession($_POST['domain']);
-checkAbsoluteDomainFormat($_POST['ns']);
+$_POST['ns'] = formatAbsoluteDomain($_POST['ns']);
-$suffix = regGetUpperDomain($_POST['domain']);
+knotcExec(CONF['reg']['registry'], array(
 knotcExec($suffix, array(
 	$_POST['domain'],
 	CONF['reg']['ttl'],
 	"NS",
--- a/public/reg/register.php
+++ b/public/reg/register.php
@ -20,9 +20,7 @@ switchToFormProcess();
 if (preg_match("/" . CONF['reg']['subdomain_regex'] . "/", $_POST['subdomain']) !== 1)
 	userError("Erreur : Le nom de domaine doit être composé uniquement d'entre 4 et 63 lettres minuscules (a-z)");
-$domain = $_POST['subdomain'] . "." . CONF['reg']['registry'];
+$domain = formatAbsoluteDomain(formatEndWithDot($_POST['subdomain']) . CONF['reg']['registry']);
 checkAbsoluteDomainFormat($domain);
 if (regIsFree($domain) !== true)
 	userError("Ce domaine n'est pas disponible à l'enregistrement. Il est réservé ou déjà enregistré.");