zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-05-14 16:46:59 +02:00
Code Issues Projects Releases Packages Wiki Activity

domain update fixes

Browse source
This commit is contained in:
Pinga 2023-08-28 15:50:57 +03:00
parent b618231880
commit 13b1269281
1 changed files with 192 additions and 77 deletions
Download patch file Download diff file Expand all files Collapse all files

137
epp/src/epp-update.php
View file

@ -997,7 +997,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$contact_list = $xml->xpath('//domain:rem/domain:contact') ?? []; $contact_list = $xml->xpath('//domain:rem/domain:contact') ?? [];
$statusList = $xml->xpath('//domain:rem/domain:status/@s') ?? []; $statusList = $xml->xpath('//domain:rem/domain:status/@s') ?? [];
if (!$ns && count($contact_list) == 0 && count($statusList) == 0) { if (!$ns && count($contact_list) == 0 && count($statusList) == 0 && !$extensionNode) {
sendEppError($conn, $db, 2005, 'At least one element MUST be present', $clTRID, $trans); sendEppError($conn, $db, 2005, 'At least one element MUST be present', $clTRID, $trans);
return; return;
} }
@ -1034,7 +1034,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
$contact_list = $xml->xpath('//domain:add/domain:contact'); $contact_list = $xml->xpath('//domain:add/domain:contact');
$statusList = $xml->xpath('//domain:add/domain:status/@s'); $statusList = $xml->xpath('//domain:add/domain:status/@s');
if (!$ns && !count($contact_list) && !count($statusList) && !count($hostObjList) && !count($hostAttrList)) { if (!$ns && !count($contact_list) && !count($statusList) && !count($hostObjList) && !count($hostAttrList) && !$extensionNode) {
sendEppError($conn, $db, 2005, 'At least one element MUST be present', $clTRID, $trans); sendEppError($conn, $db, 2005, 'At least one element MUST be present', $clTRID, $trans);
return; return;
} }
@ -1253,7 +1253,10 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
} }
} }
$authInfo_pw = (string)$domainChg->xpath('//domain:authInfo/domain:pw[1]')[0]; $authInfo_pw_elements = $domainChg->xpath('//domain:authInfo/domain:pw[1]');
if (!empty($authInfo_pw_elements)) {
$authInfo_pw = (string)$authInfo_pw_elements[0];
if ($authInfo_pw) { if ($authInfo_pw) {
if (strlen($authInfo_pw) < 6 || strlen($authInfo_pw) > 16) { if (strlen($authInfo_pw) < 6 || strlen($authInfo_pw) > 16) {
sendEppError($conn, $db, 2005, 'Password needs to be at least 6 and up to 16 characters long', $clTRID, $trans); sendEppError($conn, $db, 2005, 'Password needs to be at least 6 and up to 16 characters long', $clTRID, $trans);
@ -1271,6 +1274,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
} }
} }
} }
}
if (isset($rgp_update)) { if (isset($rgp_update)) {
$op_attribute = (string) $xml->xpath('//rgp:restore/@op[1]')[0]; $op_attribute = (string) $xml->xpath('//rgp:restore/@op[1]')[0];
@ -1602,8 +1606,8 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
} }
} }
$authInfo = $xml->xpath('//domain:authInfo')[0]; $authInfoNodes = $xml->xpath('//domain:authInfo');
$authInfo_pw = (string)$xml->xpath('//domain:pw[1]')[0]; $authInfo_pw = (!empty($authInfoNodes)) ? (string)$xml->xpath('//domain:pw[1]')[0] : null;
if ($authInfo_pw) { if ($authInfo_pw) {
$sth = $db->prepare("UPDATE `domain_authInfo` SET `authinfo` = ? WHERE `domain_id` = ? AND `authtype` = ?"); $sth = $db->prepare("UPDATE `domain_authInfo` SET `authinfo` = ? WHERE `domain_id` = ? AND `authtype` = ?");
@ -1614,9 +1618,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
} }
$authInfoExtNodes = $xml->xpath('//domain:ext[1]'); $authInfoExtNodes = $xml->xpath('//domain:ext[1]');
if (!empty($authInfoExtNodes)) { $authInfo_ext = (!empty($authInfoExtNodes)) ? (string)$authInfoExtNodes[0] : null;
$authInfo_ext = !empty($authInfoExtNodes) ? (string)$authInfoExtNodes[0] : null;
}
if (isset($authInfo_ext)) { if (isset($authInfo_ext)) {
$sth = $db->prepare("UPDATE `domain_authInfo` SET `authinfo` = ? WHERE `domain_id` = ? AND `authtype` = ?"); $sth = $db->prepare("UPDATE `domain_authInfo` SET `authinfo` = ? WHERE `domain_id` = ? AND `authtype` = ?");
@ -1627,9 +1629,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
} }
$authInfoNullNodes = $xml->xpath('//domain:null[1]'); $authInfoNullNodes = $xml->xpath('//domain:null[1]');
if (!empty($authInfoExtNodes)) { $authInfo_null = (!empty($authInfoNullNodes)) ? (string)$authInfoNullNodes[0] : null;
$authInfo_null = !empty($authInfoNullNodes) ? (string)$authInfoNullNodes[0] : null;
}
if (isset($authInfo_null)) { if (isset($authInfo_null)) {
$sth = $db->prepare("DELETE FROM `domain_authInfo` WHERE `domain_id` = ?"); $sth = $db->prepare("DELETE FROM `domain_authInfo` WHERE `domain_id` = ?");
@ -1742,6 +1742,9 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
if (isset($secdnsRems)) { if (isset($secdnsRems)) {
foreach ($secdnsRems as $secdnsRem) { foreach ($secdnsRems as $secdnsRem) {
$dsDataToRemove = $secdnsRem->xpath('./secDNS:dsData'); $dsDataToRemove = $secdnsRem->xpath('./secDNS:dsData');
$keyDataToRemove = $secdnsRem->xpath('./secDNS:keyData');
if ($dsDataToRemove) {
foreach ($dsDataToRemove as $ds) { foreach ($dsDataToRemove as $ds) {
$keyTag = (int)$ds->xpath('secDNS:keyTag')[0]; $keyTag = (int)$ds->xpath('secDNS:keyTag')[0];
$alg = (int)$ds->xpath('secDNS:alg')[0]; $alg = (int)$ds->xpath('secDNS:alg')[0];
@ -1800,11 +1803,62 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
} }
} }
} }
if ($keyDataToRemove) {
foreach ($keyDataToRemove as $keyData) {
$flags = (int) $keyData->xpath('secDNS:flags')[0];
$protocol = (int) $keyData->xpath('secDNS:protocol')[0];
$algKeyData = (int) $keyData->xpath('secDNS:alg')[0];
$pubKey = (string) $keyData->xpath('secDNS:pubKey')[0];
// Data sanity checks for keyData
// Validate flags
$validFlags = [256, 257];
if (isset($flags) && !in_array($flags, $validFlags)) {
sendEppError($conn, $db, 2005, 'Invalid flags', $clTRID, $trans);
return;
}
// Validate protocol
if (isset($protocol) && $protocol != 3) {
sendEppError($conn, $db, 2006, 'Invalid protocol', $clTRID, $trans);
return;
}
// Validate algKeyData
if (isset($algKeyData)) {
sendEppError($conn, $db, 2005, 'Invalid algKeyData encoding', $clTRID, $trans);
return;
}
// Validate pubKey
if (isset($pubKey) && base64_encode(base64_decode($pubKey, true)) !== $pubKey) {
sendEppError($conn, $db, 2005, 'Invalid pubKey encoding', $clTRID, $trans);
return;
}
try {
$stmt = $db->prepare("DELETE FROM secdns WHERE domain_id = :domain_id AND flags = :flags AND protocol = :protocol AND algKeyData = :algKeyData AND pubKey = :pubKey");
$stmt->execute([
':domain_id' => $domain_id,
':flags' => $flags,
':protocol' => $protocol,
':algKeyData' => $algKeyData,
':pubKey' => $pubKey
]);
} catch (PDOException $e) {
sendEppError($conn, $db, 2400, 'Database error during keyData removal', $clTRID, $trans);
return;
}
}
}
}
} }
if (isset($secdnsAdds)) { if (isset($secdnsAdds)) {
foreach ($secdnsAdds as $secdnsAdd) { foreach ($secdnsAdds as $secdnsAdd) {
$secDNSDataSet = $secdnsAdd->xpath('./secDNS:dsData'); $secDNSDataSet = $secdnsAdd->xpath('./secDNS:dsData');
$keyDataSet = $secdnsAdd->xpath('./secDNS:keyData');
if ($secDNSDataSet) { if ($secDNSDataSet) {
foreach ($secDNSDataSet as $secDNSData) { foreach ($secDNSDataSet as $secDNSData) {
// Extract dsData elements // Extract dsData elements
@ -1890,6 +1944,67 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
} }
} }
try {
$stmt = $db->prepare("INSERT INTO `secdns` (`domain_id`, `maxsiglife`, `interface`, `keytag`, `alg`, `digesttype`, `digest`, `flags`, `protocol`, `keydata_alg`, `pubkey`) VALUES (:domain_id, :maxsiglife, :interface, :keytag, :alg, :digesttype, :digest, :flags, :protocol, :keydata_alg, :pubkey)");
$stmt->execute([
':domain_id' => $domain_id,
':maxsiglife' => $maxSigLife,
':interface' => 'dsData',
':keytag' => $keyTag,
':alg' => $alg,
':digesttype' => $digestType,
':digest' => $digest,
':flags' => $flags ?? null,
':protocol' => $protocol ?? null,
':keydata_alg' => $algKeyData ?? null,
':pubkey' => $pubKey ?? null
]);
} catch (PDOException $e) {
$isMySQLUniqueViolation = $e->getCode() === '23000' && strpos($e->getMessage(), '1062 Duplicate entry') !== false;
$isPostgreSQLUniqueViolation = $e->getCode() === '23505';
if ($isMySQLUniqueViolation || $isPostgreSQLUniqueViolation) {
// Do nothing
} else {
sendEppError($conn, $db, 2400, 'Database error', $clTRID, $trans);
return;
}
}
}
}
if ($keyDataSet) {
foreach ($keyDataSet as $keyDataData) {
$flags = (int) $keyDataData->xpath('secDNS:keyData/secDNS:flags')[0];
$protocol = (int) $keyDataData->xpath('secDNS:keyData/secDNS:protocol')[0];
$algKeyData = (int) $keyDataData->xpath('secDNS:keyData/secDNS:alg')[0];
$pubKey = (string) $keyDataData->xpath('secDNS:keyData/secDNS:pubKey')[0];
// Data sanity checks for keyData
// Validate flags
$validFlags = [256, 257];
if (isset($flags) && !in_array($flags, $validFlags)) {
sendEppError($conn, $db, 2005, 'Invalid flags', $clTRID, $trans);
return;
}
// Validate protocol
if (isset($protocol) && $protocol != 3) {
sendEppError($conn, $db, 2006, 'Invalid protocol', $clTRID, $trans);
return;
}
// Validate algKeyData
if (isset($algKeyData)) {
sendEppError($conn, $db, 2005, 'Invalid algKeyData encoding', $clTRID, $trans);
return;
}
// Validate pubKey
if (isset($pubKey) && base64_encode(base64_decode($pubKey, true)) !== $pubKey) {
sendEppError($conn, $db, 2005, 'Invalid pubKey encoding', $clTRID, $trans);
return;
}
try { try {
$stmt = $db->prepare("INSERT INTO `secdns` (`domain_id`, `maxsiglife`, `interface`, `keytag`, `alg`, `digesttype`, `digest`, `flags`, `protocol`, `keydata_alg`, `pubkey`) VALUES (:domain_id, :maxsiglife, :interface, :keytag, :alg, :digesttype, :digest, :flags, :protocol, :keydata_alg, :pubkey)"); $stmt = $db->prepare("INSERT INTO `secdns` (`domain_id`, `maxsiglife`, `interface`, `keytag`, `alg`, `digesttype`, `digest`, `flags`, `protocol`, `keydata_alg`, `pubkey`) VALUES (:domain_id, :maxsiglife, :interface, :keytag, :alg, :digesttype, :digest, :flags, :protocol, :keydata_alg, :pubkey)");