opensourcemirror
/
opnsense-plugins
mirror of https://github.com/opnsense/plugins.git
1
0
Fork 0
Code Issues Releases Wiki Activity

dns/rfc2136: retain hmac-md5 as default, validation and labels 

PR: https://github.com/opnsense/plugins/pull/3316
This commit is contained in:
Franco Fichtner 2023-02-21 07:47:22 +01:00
parent 4507c7d364
commit 6cf9ae6c57
2 changed files with 18 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
dns/rfc2136/src/etc/inc/plugins.inc.d/rfc2136.inc
View File

@ -121,9 +121,10 @@ function rfc2136_configure_do($verbose = false, $int = '', $updatehost = '', $fo
}
$keyfile = "/var/etc/nsupdatekey{$i}";
$keyalgo = !empty($dnsupdate['keyalgo']) ? $dnsupdate['keyalgo'] : 'hmac-md5';
$keyfill = [
"key \"{$keyname}\" {",
"\talgorithm {$dnsupdate['keyalgo']};",
"\talgorithm {$keyalgo};",
"\tsecret \"{$dnsupdate['keydata']}\";",
"};",
'' /* end of file */

23
dns/rfc2136/src/www/services_rfc2136_edit.php
View File

@ -33,8 +33,15 @@ require_once("interfaces.inc");
require_once("plugins.inc.d/rfc2136.inc");
$a_rfc2136 = &config_read_array('dnsupdates', 'dnsupdate');
$nsukeyalgos = array("hmac-md5", "hmac-sha1", "hmac-sha224", "hmac-sha256", "hmac-sha384", "hmac-sha512");
$nsukeyalgodefault = "hmac-sha512";
$nsukeyalgos = [
'hmac-md5' => 'MD5',
'hmac-sha1' => 'SHA-1',
'hmac-sha224' => 'SHA-244',
'hmac-sha256' => 'SHA-256',
'hmac-sha384' => 'SHA-384',
'hmac-sha512' => 'SHA-512',
];
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if (isset($_GET['id']) && !empty($a_rfc2136[$_GET['id']])) {
@ -51,7 +58,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig['ttl'] = isset($id) &&!empty($a_rfc2136[$id]['ttl']) ? $a_rfc2136[$id]['ttl'] : 60;
$pconfig['keydata'] = isset($id) &&!empty($a_rfc2136[$id]['keydata']) ? $a_rfc2136[$id]['keydata'] : null;
$pconfig['keyname'] = isset($id) &&!empty($a_rfc2136[$id]['keyname']) ? $a_rfc2136[$id]['keyname'] : null;
$pconfig['keyalgo'] = isset($id) &&!empty($a_rfc2136[$id]['keyalgo']) ? $a_rfc2136[$id]['keyalgo'] : $nsukeyalgodefault;
$pconfig['keyalgo'] = isset($id) &&!empty($a_rfc2136[$id]['keyalgo']) ? $a_rfc2136[$id]['keyalgo'] : null;
$pconfig['server'] = isset($id) &&!empty($a_rfc2136[$id]['server']) ? $a_rfc2136[$id]['server'] : null;
$pconfig['interface'] = isset($id) &&!empty($a_rfc2136[$id]['interface']) ? $a_rfc2136[$id]['interface'] : null;
$pconfig['descr'] = isset($id) &&!empty($a_rfc2136[$id]['descr']) ? $a_rfc2136[$id]['descr'] : null;
@ -83,6 +90,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if (!empty($pconfig['keyname']) && !is_domain($pconfig['keyname'])) {
$input_errors[] = gettext("The DNS update key name contains invalid characters.");
}
if (!in_array($pconfig['keyalgo'] , array_keys($nsukeyalgos))) {
$input_errors[] = gettext('The DNS update key algorith is invalid.');
}
if (count($input_errors) == 0) {
$rfc2136 = array();
@ -157,8 +167,7 @@ include("head.inc");
<option value="<?=$if;?>" <?=$pconfig['interface'] == $if ? "selected=\"selected\"" : "";?>>
<?=htmlspecialchars($ifdesc);?>
</option>
<?php
endforeach;?>
<?php endforeach ?>
</select>
</td>
</tr>
@ -201,8 +210,8 @@ include("head.inc");
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Key algorithm");?></td>
<td>
<select name="keyalgo" class="selectpicker">
<?php foreach ($nsukeyalgos as $nsukeyalgo): ?>
<option value="<?=$nsukeyalgo;?>" <?= $pconfig['keyalgo'] == $nsukeyalgo ? 'selected="selected"' : '' ?>><?= gettext($nsukeyalgo) ?></option>
<?php foreach ($nsukeyalgos as $nsukeyalgo => $label): ?>
<option value="<?= html_safe($nsukeyalgo) ?>" <?= $pconfig['keyalgo'] == $nsukeyalgo ? 'selected="selected"' : '' ?>><?= html_safe($label) ?></option>
<?php endforeach ?>
</select>
</td>