zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-08-05 17:18:04 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fixed potential domain transfer security issue

Browse source
This commit is contained in:
Pinga 2024-03-05 15:25:02 +02:00
parent 6ebfa541de
commit 0c0d980b02
6 changed files with 413 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

116
automation/auto-approve-transfer.php
View file

@ -17,6 +17,8 @@ try {
}
try {
$dbh->beginTransaction();
$query_domain = "SELECT id, name, registrant, crdate, exdate, lastupdate, clid, crid, upid, trdate, trstatus, reid, redate, acid, acdate, transfer_exdate FROM domain WHERE CURRENT_TIMESTAMP > acdate AND trstatus = 'pending'";
$stmt_domain = $dbh->prepare($query_domain);
$stmt_domain->execute();
@ -56,12 +58,118 @@ try {
continue;
}
}
// Fetch contact map
$stmt = $dbh->prepare('SELECT contact_id, type FROM domain_contact_map WHERE domain_id = ?');
$stmt->execute([$domain_id]);
$contactMap = $stmt->fetchAll(PDO::FETCH_ASSOC);
// Prepare an array to hold new contact IDs to prevent duplicating contacts
$newContactIds = [];
// Copy registrant data
$stmt = $dbh->prepare('SELECT * FROM contact WHERE id = ?');
$stmt->execute([$registrant]);
$registrantData = $stmt->fetch(PDO::FETCH_ASSOC);
unset($registrantData['id']);
$registrantData['identifier'] = generateAuthInfo();
$registrantData['clid'] = $reid;
$stmt = $dbh->prepare('INSERT INTO contact (' . implode(', ', array_keys($registrantData)) . ') VALUES (:' . implode(', :', array_keys($registrantData)) . ')');
foreach ($registrantData as $key => $value) {
$stmt->bindValue(':' . $key, $value);
}
$stmt->execute();
$newRegistrantId = $dbh->lastInsertId();
$newContactIds[$registrant] = $newRegistrantId;
// Copy postal info for the registrant
$stmt = $dbh->prepare('SELECT * FROM contact_postalInfo WHERE contact_id = ?');
$stmt->execute([$registrant]);
$postalInfos = $stmt->fetchAll(PDO::FETCH_ASSOC);
foreach ($postalInfos as $postalInfo) {
unset($postalInfo['id']);
$postalInfo['contact_id'] = $newRegistrantId;
$columns = array_keys($postalInfo);
$stmt = $dbh->prepare('INSERT INTO contact_postalInfo (' . implode(', ', $columns) . ') VALUES (:' . implode(', :', $columns) . ')');
foreach ($postalInfo as $key => $value) {
$stmt->bindValue(':' . $key, $value);
}
$stmt->execute();
}
// Insert auth info and status for the new registrant
$new_authinfo = generateAuthInfo();
$dbh->prepare('INSERT INTO contact_authInfo (contact_id, authtype, authinfo) VALUES (?, ?, ?)')->execute([$newRegistrantId, 'pw', $new_authinfo]);
$dbh->prepare('INSERT INTO contact_status (contact_id, status) VALUES (?, ?)')->execute([$newRegistrantId, 'ok']);
// Process each contact in the contact map
foreach ($contactMap as $contact) {
if (!array_key_exists($contact['contact_id'], $newContactIds)) {
$stmt = $dbh->prepare('SELECT * FROM contact WHERE id = ?');
$stmt->execute([$contact['contact_id']]);
$contactData = $stmt->fetch(PDO::FETCH_ASSOC);
unset($contactData['id']);
$contactData['identifier'] = generateAuthInfo();
$contactData['clid'] = $reid;
$stmt = $dbh->prepare('INSERT INTO contact (' . implode(', ', array_keys($contactData)) . ') VALUES (:' . implode(', :', array_keys($contactData)) . ')');
foreach ($contactData as $key => $value) {
$stmt->bindValue(':' . $key, $value);
}
$stmt->execute();
$newContactId = $dbh->lastInsertId();
$newContactIds[$contact['contact_id']] = $newContactId;
// Repeat postal info and auth info/status insertion for each new contact
$stmt = $dbh->prepare('SELECT * FROM contact_postalInfo WHERE contact_id = ?');
$stmt->execute([$contact['contact_id']]);
$postalInfos = $stmt->fetchAll(PDO::FETCH_ASSOC);
foreach ($postalInfos as $postalInfo) {
unset($postalInfo['id']);
$postalInfo['contact_id'] = $newContactId;
$columns = array_keys($postalInfo);
$stmt = $dbh->prepare('INSERT INTO contact_postalInfo (' . implode(', ', $columns) . ') VALUES (:' . implode(', :', $columns) . ')');
foreach ($postalInfo as $key => $value) {
$stmt->bindValue(':' . $key, $value);
}
$stmt->execute();
}
$new_authinfo = generateAuthInfo();
$dbh->prepare('INSERT INTO contact_authInfo (contact_id, authtype, authinfo) VALUES (?, ?, ?)')->execute([$newContactId, 'pw', $new_authinfo]);
$dbh->prepare('INSERT INTO contact_status (contact_id, status) VALUES (?, ?)')->execute([$newContactId, 'ok']);
}
}
$from = $dbh->query("SELECT exdate FROM domain WHERE id = '$domain_id' LIMIT 1")->fetchColumn();
$stmt_update = $dbh->prepare("UPDATE domain SET exdate = DATE_ADD(exdate, INTERVAL $date_add MONTH), lastupdate = CURRENT_TIMESTAMP, clid = '$reid', upid = '$clid', trdate = CURRENT_TIMESTAMP, trstatus = 'serverApproved', acdate = CURRENT_TIMESTAMP, transfer_exdate = NULL WHERE id = '$domain_id'");
$stmt_update = $dbh->prepare("UPDATE domain SET exdate = DATE_ADD(exdate, INTERVAL $date_add MONTH), lastupdate = CURRENT_TIMESTAMP, clid = '$reid', upid = '$clid', registrant = '$newRegistrantId', trdate = CURRENT_TIMESTAMP, trstatus = 'serverApproved', acdate = CURRENT_TIMESTAMP, transfer_exdate = NULL WHERE id = '$domain_id'");
$stmt_update->execute();
$new_authinfo = generateAuthInfo();
$stmt_update_auth = $dbh->prepare("UPDATE domain_authInfo SET authinfo = '$new_authinfo' WHERE domain_id = '$domain_id'");
$stmt_update_auth->execute();
foreach ($contactMap as $contact) {
// Construct the SQL update query
$sql = "UPDATE domain_contact_map SET contact_id = :new_contact_id WHERE domain_id = :domain_id AND type = :type AND contact_id = :contact_id";
// Prepare the SQL statement
$stmt = $dbh->prepare($sql);
// Bind the values to the placeholders
$stmt->bindValue(':new_contact_id', $newContactIds[$contact['contact_id']]);
$stmt->bindValue(':domain_id', $domain_id);
$stmt->bindValue(':type', $contact['type']);
$stmt->bindValue(':contact_id', $contact['contact_id']);
// Execute the update statement
$stmt->execute();
}
$stmt_update_host = $dbh->prepare("UPDATE host SET clid = '$reid', upid = NULL, lastupdate = CURRENT_TIMESTAMP, trdate = CURRENT_TIMESTAMP WHERE domain_id = '$domain_id'");
$stmt_update_host->execute();
@ -112,9 +220,15 @@ try {
}
}
$stmt_contact = null;
$dbh->commit();
$log->info('job finished successfully.');
} catch (PDOException $e) {
$dbh->rollBack();
$log->error('Database error: ' . $e->getMessage());
} catch (PDOException $e) {
$dbh->rollBack();
$log->error('Database error: ' . $e->getMessage());
} catch (Throwable $e) {
$dbh->rollBack();
$log->error('Error: ' . $e->getMessage());
}

30
automation/helpers.php
View file

@ -165,4 +165,34 @@ function getDomainPrice($pdo, $domain_name, $tld_id, $date_add = 12, $command =
}
return ['type' => 'not_found', 'price' => 0];
}
function generateAuthInfo(): string {
$length = 16;
$charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$retVal = "";
$digitCount = 0;
// Generate initial random string
for ($i = 0; $i < $length; $i++) {
$randomIndex = random_int(0, strlen($charset) - 1);
$char = $charset[$randomIndex];
$retVal .= $char;
if ($char >= '0' && $char <= '9') {
$digitCount++;
}
}
// Ensure there are at least two digits in the string
while ($digitCount < 2) {
// Replace a non-digit character at a random position with a digit
$replacePosition = random_int(0, $length - 1);
if (!($retVal[$replacePosition] >= '0' && $retVal[$replacePosition] <= '9')) {
$randomDigit = random_int(0, 9); // Generate a digit from 0 to 9
$retVal = substr_replace($retVal, (string)$randomDigit, $replacePosition, 1);
$digitCount++;
}
}
return $retVal;
}