tuend/DirectAdmin-1.62.4
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

z

Browse Source
This commit is contained in:
tuend-work
2025-11-13 07:41:56 +07:00
parent 7f357f3a30
commit 4478491d73
1729 changed files with 193578 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

186
update/scripts/tlsa.sh Normal file
View File

@@ -0,0 +1,186 @@
#!/bin/sh
#VERSION=0.3
# This script is written by Martynas Bendorius and DirectAdmin
# It is used to recreate tlsa records for domain
# Official DirectAdmin webpage: http://www.directadmin.com
# Usage:
# ./tlsa <domain>
MYUID=`/usr/bin/id -u`
if [ "${MYUID}" != 0 ]; then
echo "You require Root Access to run this script";
exit 0;
fi
DA_BIN=/usr/local/directadmin/directadmin
TASK_QUEUE=/usr/local/directadmin/data/task.queue.cb
if [ $# -ne 2 ]; then
echo "usage: $0 <domain> <web|mail|all>"
exit 1
fi
OPENSSL=/usr/bin/openssl
run_dataskq() {
DATASKQ_OPT=$1
/usr/local/directadmin/dataskq ${DATASKQ_OPT} --custombuild
}
DOMAIN=$1
TLSATYPE=$2
case "$TLSATYPE" in
"all")
;;
"web")
;;
"mail")
;;
*)
echo "usage: $0 <domain> <web|mail|all>"
exit 1
esac
DOMAINARR=`echo "${DOMAIN}" | perl -p0 -e "s/,/ /g"`
FOUNDDOMAIN=0
for TDOMAIN in ${DOMAINARR}
do
DOMAIN=${TDOMAIN}
DOMAIN_ESCAPED="`echo ${DOMAIN} | perl -p0 -e 's#\.#\\\.#g'`"
if grep -m1 -q "^${DOMAIN_ESCAPED}:" /etc/virtual/domainowners; then
USER=`grep -m1 "^${DOMAIN_ESCAPED}:" /etc/virtual/domainowners | cut -d' ' -f2`
HOSTNAME=0
FOUNDDOMAIN=1
break
elif grep -m1 -q "^${DOMAIN_ESCAPED}$" /etc/virtual/domains; then
USER="root"
if ${DA_BIN} c | grep -m1 -q "^servername=${DOMAIN_ESCAPED}\$"; then
HOSTNAME=1
FOUNDDOMAIN=1
break
else
echo "Domain exists in /etc/virtual/domains, but is not set as a hostname in DirectAdmin. Unable to find 'servername=${DOMAIN}' in the output of '/usr/local/directadmin/directadmin c'."
#exit 1
fi
else
echo "Domain does not exist on the system. Unable to find ${DOMAIN} in /etc/virtual/domainowners."
#exit 1
fi
done
if [ ${FOUNDDOMAIN} -eq 0 ]; then
echo "no valid domain found - exiting"
exit 1
fi
DA_USERDIR="/usr/local/directadmin/data/users/${USER}"
DA_CONFDIR="/usr/local/directadmin/conf"
if [ ! -d "${DA_USERDIR}" ] && [ "${HOSTNAME}" -eq 0 ]; then
echo "${DA_USERDIR} not found, exiting..."
exit 1
elif [ ! -d "${DA_CONFDIR}" ] && [ "${HOSTNAME}" -eq 1 ]; then
echo "${DA_CONFDIR} not found, exiting..."
exit 1
fi
add_record() {
echo "action=dns&do=add&domain=${1}&type=TLSA&name=${2}&value=${3}&ttl=300&named_reload=yes" >> ${TASK_QUEUE}
GENERATED=1
}
try_gen_tlsa() {
if [ ! -x /usr/local/directadmin/directadmin ]; then
echo 1
else
if ! /usr/local/directadmin/directadmin c | grep -m1 -q '^dns_tlsa=1$'; then
echo 2
else
if [ "${HOSTNAME}" -eq 0 ]; then
CERT="${DA_USERDIR}/domains/${DOMAIN}.cert"
else
CERT=`${DA_BIN} c |grep ^cacert= | cut -d= -f2`
fi
if [ ! -f "${CERT}" ] && [ "$TLSATYPE" == "web" ]; then
echo 2
else
GENERATED=0
TLSA_HASH_SHA256_PUB=`${OPENSSL} x509 -in ${CERT} -noout -pubkey | ${OPENSSL} pkey -pubin -outform DER |${OPENSSL} sha256 | cut -d' ' -f2`
HOST_TLSA_VAL="3 1 1 ${TLSA_HASH_SHA256_PUB}"
DNSLIST=`openssl x509 -in ${CERT} -text -noout| grep -A1 "Subject Alternative Name"|tail -1`
WEB_RECORDS_TO_CLEANUP="_443._tcp.${DOMAIN}. _443._udp.${DOMAIN}. _443._tcp.www.${DOMAIN}. _443._udp.www.${DOMAIN}."
MAIL_RECORDS_TO_CLEANUP="_25._tcp.${DOMAIN}. _25._tcp.mail.${DOMAIN}. _25._tcp.www.${DOMAIN}."
if [ "$TLSATYPE" == "web" ] || [ "$TLSATYPE" == "all" ]; then
for name in `echo ${WEB_RECORDS_TO_CLEANUP}`; do {
echo "action=dns&do=delete&domain=${DOMAIN}&type=TLSA&name=${name}" >> ${TASK_QUEUE}
}
done
fi
if [ "$TLSATYPE" == "mail" ] || [ "$TLSATYPE" == "all" ]; then
for name in `echo ${MAIL_RECORDS_TO_CLEANUP}`; do {
echo "action=dns&do=delete&domain=${DOMAIN}&type=TLSA&name=${name}" >> ${TASK_QUEUE}
}
done
fi
run_dataskq
for DNSN in ${DNSLIST}; do {
DNSN=`echo ${DNSN}|cut -d':' -f2| tr -d ','`
if [ "${DNSN}" == "${DOMAIN}" ]; then
if [ "$TLSATYPE" == "web" ] || [ "$TLSATYPE" == "all" ]; then
add_record "${DOMAIN}" "_443._tcp.${DNSN}." "${HOST_TLSA_VAL}"
add_record "${DOMAIN}" "_443._udp.${DNSN}." "${HOST_TLSA_VAL}"
fi
if [ "$TLSATYPE" == "mail" ] || [ "$TLSATYPE" == "all" ]; then
add_record "${DOMAIN}" "_25._tcp.${DNSN}." "${HOST_TLSA_VAL}"
fi
elif [ "${DNSN}" == "www.${DOMAIN}" ]; then
if [ "$TLSATYPE" == "web" ] || [ "$TLSATYPE" == "all" ]; then
add_record "${DOMAIN}" "_443._tcp.${DNSN}." "${HOST_TLSA_VAL}"
add_record "${DOMAIN}" "_443._udp.${DNSN}." "${HOST_TLSA_VAL}"
fi
if [ "$TLSATYPE" == "mail" ] || [ "$TLSATYPE" == "all" ]; then
add_record "${DOMAIN}" "_25._tcp.${DNSN}." "${HOST_TLSA_VAL}"
fi
elif [ "${DNSN}" == "mail.${DOMAIN}" ]; then
if [ "$TLSATYPE" == "mail" ] || [ "$TLSATYPE" == "all" ]; then
add_record "${DOMAIN}" "_25._tcp.${DNSN}." "${HOST_TLSA_VAL}"
fi
fi
}; done
fi
run_dataskq
if [ ${GENERATED} -ne 1 ]; then
echo 4
else
echo 0
fi
fi
fi
}
RETTLSA=`try_gen_tlsa`
if [ $RETTLSA -ne 0 ]
then
echo "TLSA gen failed"
case "$RETTLSA" in
1)
echo "No directadmin binary found."
;;
2)
echo "TLSA not enabled in directadmin.conf"
;;
*)
echo "Unexpected problem: no domain of specified type found or cert doesn't exist.."
;;
esac
exit $RETTLSA
else
echo "TLSA gen succeeded"
fi
exit 0