Version 1.51.4
Released: 2017-06-08
TLSA dns records (SKINS)(TEMPLATES) new
Add support for TLSA dns records.
Will require both skin and template changes.
Disabled by default.
To enable, add this value to your directadmin.conf:
dns_tlsa=1
and restart DirectAdmin.
TEMPLATES
Update:
/usr/local/directadmin/data/templates/named.db
to include the |TLSA| token.
new empty default file:
/usr/local/directadmin/data/templates/dns_tlsa.conf
SKINS
Same idea from SPF, copied to TLSA.
admin/dns_admin_control.html
user/dns_control.html
uses:
|*if DNS_TLSA="yes"|
to confirm the feature is enabled.
TODO
Link LetsEncrypt to automatically add the TLSA records.
CAA dns records (SKINS)(TEMPLATES) new
Add support for CAA dns records.
Will require both skin and template changes.
Disabled by default.
To enable, add this value to your directadmin.conf:
dns_caa=1
and restart DirectAdmin.
IMPORTANT NOTE: DA does not check your version of bind.
Only bind versions BIND ≥ 9.9.6 and higher will support CAA records.
You can find your bind (named) version either in the Admin Level -> System Information page, or by running:
named -v
TEMPLATES
Update:
/usr/local/directadmin/data/templates/named.db
to include the |CAA| token.
new empty default file:
/usr/local/directadmin/data/templates/dns_caa.conf
SKINS
Same idea from TLSA, copied to CAA.
admin/dns_admin_control.html
user/dns_control.html
uses:
|*if DNS_CAA="yes"|
to confirm the feature is enabled.
rotate_httpd_error_log_meg new
To apache/nginx error logs from getting too large in a run-away case, new variable that lets the dataskq check the size of these logs, and rotate them if needed.
Internal default:
rotate_httpd_error_log_meg=0
to keep the domain.com.error.log files with a certain range, set that number in the rotate_httpd_error_log_meg setting.
So if you want a log rotate out at 1gig, you'd set it to 1024 Meg, eg:
rotate_httpd_error_log_meg=1024
Also add option to truncate, instead of rotate:
rotate_httpd_error_log_truncate=0|1
internal default will be 1.
If this is set, then the truncation will create a new log 1/2 the size of the original (half of rotate_httpd_error_log_meg)
We use 1/2 because if you were to truncate to size X, then as the log grows, the truncation would happen every minute which would be a very large burden on the disk I/O.
A truncation to a specific size requires:
fseek to location at 1/2 the size of the log
go forwards byte by byte until you hit the first newline character, then go 1 more.
read each line from the current position, and write to a new log.
re-open the current log from where the end used to be, and continue read/writing, because new data might have been added
delete the old log, rename the new one to the old name, and HUP apache/nginx.
If rotate_httpd_error_log_meg=0 is set, the rotate_httpd_error_log_truncate value has no effect.
If this event is triggered, a notice will be sent to the User and the Admins on the system with a Notice that a large log has been rotated/truncated.
The last 5 lines of the log will be included, either way.
No template for this message currently exists, and the line numbers cannot currently be changed.
If anyone needs the ability to adjust these, let us know.
EXAMPLE #1
rotate_httpd_error_log_meg=1024
rotate_httpd_error_log_truncate=0
Every minute the dataskq will check all logs at:
/var/log/httpd/domains/*.error.log (or nginx)
If any of those logs is greater than 1024 meg, the log is reset to 0 and HUP sent to httpd.
This is very fast, and doesn't cause any excessive disk I/O.
Drawback is Users cannot see previous errors, but chances are, it will fill up quickly again anyway.
EXAMPLE #2
rotate_httpd_error_log_meg=1024
rotate_httpd_error_log_truncate=1
Every minute the dataskq will check all logs at:
/var/log/httpd/domains/*.error.log (or nginx)
If any of those logs is greater than 1024 meg, the dataskq copies the last 512Meg to a new file.
It deletes the big log, renames the new log to the old name, and sends an HUP to httpd.
NOTICES
New directadmin.conf internal default:
rotate_httpd_error_log_notify=3
if you wish to disable the noticed, set this value to 0.
At the moment, 1 and 2 are reserved for future just user or just admin, but are not implemented.
Use 0 or 3 at this time.
vacation_set_pre.sh vacation_set_post.sh new
Custom scripts;
/usr/local/directadmin/scripts/custom/vacation_set_pre.sh
/usr/local/directadmin/scripts/custom/vacation_set_post.sh
used when the User sets a vacation message (creation or alteration)
The pre.sh must exit with code 0, in order to succeed.
Exit with non-zero code and the vacation message will not be set.
Echo any text you want displayed.
The post.sh exit code has no effect, on the setting of the vacation message,
but you can set a non-zero exit code on post.sh which will throw a text output error in the GUI, if you just need to mention something.
Environmental variables vary depending on the exim.conf version (4.4.1+ gives more options).
Run DA in debug mode to see everything that's passed.
https://help.directadmin.com/item.php?id=293
the "username" is also added to the variables.
The "post.sh" gets a return_code=1 (good) or return_code=0 (bad) included, depending on if the actual setting process succeeded.
If the pre-checks or pre.sh scripts failed, then the post.sh won't be called.
CHANGED: json for CMD_DNS_ADMIN new
Relating to:
Format for:
CMD_DNS_ADMIN?json=yes&domain=domain.com
will now be changed to something like:
{
"records": [
{
"type": "A",
"index": "domain.com.",
"value": "1.2.3.4"
},
{
"type": "A",
"index": "ftp",
"value": "1.2.3.4"
},
{
"type": "NS",
"index": "ns1.domain.com.",
"value": "domain.com."
},
{
"type": "NS",
"index": "ns2.domain.com.",
"value": "domain.com."
}
]
}
json for CMD_DNS_CONTROL CMD_DNS_MX new
Users can get their records via json, using:
CMD_DNS_CONTROL?domain=domain.com&json=yes
Output is the same as this:
CHANGED: json for CMD_DNS_ADMIN
Note, you can also add:
&ttl=yes
to include the current ttl value in the json output.
The call to:
CMD_DNS_MX?domain=domain.com&json=yes
will again output the records[] array, but will also include:
"internal": "yes"
or "no" depending on if the "Local Mail Server" option is checked.
email_filter_write_pre.sh & email_filter_write_post.sh new
Two new custom scripts:
/usr/local/directadmin/scripts/custom/email_filter_write_pre.sh
/usr/local/directadmin/scripts/custom/email_filter_write_post.sh
to be called before and after the filter file at:
/etc/virtual/domain.com/fitler
The environmental variables are:
- The contents of:
/etc/virtual/domain.com/filter.conf
The tokens for "filter" setup earlier in the process (before the large texts spans are added)
username=fred
domain=domain.com
The tokens that might be useful are:
DOVECOT=0|1
HOME=/home/fred
INBOX_SPAM=INBOX.spam or Junk, depending on the setting:
Ability to merge old inbox imap folders to new folders
Ability to set Spam folder from INBOX.spam to Junk (TEMPLATES)
the rest are mainly just taken from the filter.conf anyway, which you'll already have loaded (lower case from the filter.conf)
CMD_DNS_ADMIN CMD_DNS_CONTROL CMD_DNS_MX action=edit new
For the skin, a new option called:
action=edit
can be used to simultaneously delete a value, and add a value, in 1 call.
This is not going to be in the enhanced skin, but would be handy for json in the new skin.
Values are a combination of both the action=add and action=select.
So use:
method: POST
action=edit
selecttype=encoded
type=A|NS|MX|CNAME|PTR|AAAA|SRV|DS
where selectype=encoded is the same as deleting values, so see this guide for what to use in place of both "selectype" and "encoded":
API for User and Admin Level DNS Administration
The intent is such that you specify the value you're editing with selectype=encoded, and then provide the new data in type, name, and value.
Although, with the way it's coded, you can delete multiple values if you want, or even values that don't even match the name you're adding.
It's pretty much just a merge of 2 calls into 2, where the deletion happens first.
The "type" variable will be the record type. For most edits, you'll probably specify the same type as in the selectype, eg:
type=A
arecs0=encodeddata
You can optionally include:
json=yes
if you want the output to be json.
CMD_JSON_LANG new
New command to get all tokens for a given command page, eg:
CMD_JSON_LANG?request=CMD_SHOW_DOMAIN
CMD_JSON_LANG?request=global
CMD_JSON_LANG?request=LF_STANDARD&and_global=yes
which will include json output for:
All lang tokens for the given CMD_* based on the PATH lookup in files_*.conf, and over to that lang/en/PATH.
All global tokens if request=global is used.
Any normal CMD or LF request can include &and_global=yes in the GET to include the globals, to save a request.
For the above example, it's in:
files_user.conf:
CMD_SHOW_DOMAIN=user/show_domain.html
so the lookup dumps the tokens from:
/usr/local/directadmin/data/skins/enhanced/lang/en/user/show_domain.html
The global tokens use "no-cache" in the result header, while any other CMD/LF type lookup will use a cache during of 65536 seconds.
This means (for now) if you change the language of your DA, you'll likely need a F5 or ctrl-F5 to grab the new lang pack.
Note the request can be any value from the files_*.conf files, including the LF_STANDARD style entries.
They don't need to be CMD_ entries.
If a value doesn't exist, it will throw a standard json error.
This command does not load hardcoded tokens, as it would when you actually load the /CMD_SOMETHING page.
This only loads the LANG files, or the global tokens that show up on all pages.
The hardcoded tokens are only computed during the actual call of that given CMD_ command.
If you do want one of those specific hardcoded tokens, you can get it using the load_token variable, available on most pages:
load_token=NAME to output only the value of that token for the given page
Ability to preserve html sequences in messages/tickets new
If you're using multiple different charsets, you might need to use html sequences like:
В
in the message system and ticket system templates.
The new directadmin.conf option:
preserve_html_sequences=0
(which is the internal default)
can be changed to be:
preserve_html_sequences=1
such that message/ticket system will respect any html characters set in the file as long as they use the format:
&#xxxx;
where xxxx is a string of 1 or more numbers 0-9.
Because the client might actually want to write the literal string:
В
if the option is enabled, DA will swap any typed occurrences of & with & so it gets displayed exactly as typed.
CMD_JSON_VALIDATE to verify types before submission new
Command for ajax calls, to make validation checks before submission.
This will save an invalid form post, causing the User to have to re-enter all their info again.
type=user&value=fred
type=domain&value=domain.com
type=password&value=secretpass
type=password&action=get #returns a new random password that passed the difficult password check
type=dbname&value=dbname (exclude the username_ prefix)
type=dbusername&value=dbuser (exclude the username_ prefix)
type=email&value=user@domain.com (full address)
type=ftp&value=user&domain=domain.com (only user part) - added 1.53.1
type=forwarder&value=user@domain.com (full address)
type=username&value=fred (can only be called by Resellers and Admins, or error "Users cannot verify usernames")
type=dns&record=A&domain=domain.com&name=www&value=1.2.3.4(&mx_value=mail.domain.com.(&select=name|value)) - added 1.53.2.
Returns json with either:
{
"error": "some reason"
}
or:
{
"success": ""
}
or for random password generation (action=yes)
{
"success": "newrandompassword"
}
Note that the User and domain checks do use the Multi-Server Setup system, if it's enabled where it will check for external domains or username, if those options are checked.
Similar to the functions:
CMD_AJAX_CHECK_USERNAME
CMD_AJAX_CHECK_DOMAIN
CMD_AJAX_CHECK_PASSWORD
=============
type=dns - added 1.53.2
This method allows validation of dns form values.
There are quite a lot of internal checks and variations depending on record type, so please read carefully.
record=A|NS|MX|CNAME|PTR|TXT|AAAA|SRV|SPF|TLSA|CAA|DS
name=left side of add
value=right side of add
if record=MX, then things change depending on settings.
if full_mx_records=1 in directadmin.conf, then:
value=10 - the priority of the MX
mx_value=mail or mail.domain.com.
if full_mx_records=0, which will be rare and not default, then:
name=mail or mail.domain.com (right side)
value=10 - priority
if record=NS:
value=left side
name=right side
just to be backwards compatible with the older DA where the container could only have a unique index, thus all NS records for the zone would match, hence we flipped to use the value as the index.
But duplicates can now be used, but the value/name are still flipped left to right.
optional for type=dns:
check=name|value
where adding check to "name" or "value" will tell DA only to check the respective name or value.
Lets provides more specific control over the checks.
If it's a domain pointer, use:
domain=maindomain.com
pointer=pointer.com
and the pointer.com zone will be checked/loaded instead.
Ability to shut off dovecot_sni per-domain in the domains/domain.com.conf new
UPDATE: March 30, 2021:
This feature has been tabled to be deprecated due to increasing complexity to support it for upcoming per-host certificates, rather than the previous per-domain certs.
back-end to allow dovecot_sni to be disabled per-domain by adding:
dovecot_sni=OFF
to the domain's config file:
/usr/local/directadmin/data/users/username/domains/domain.com.conf
Possibly an interface change to follow, but for now, just manually add it.
T6630
allow_dns_underscore=1 new internal default new
Changed the allow_dns_underscore setting from 0 to 1 as the new internal default.
enable_ssl_sni=1 new internal default new
For all newer OSs, the enable_ssl_sni=1 setting will be the new default (old was 0).
CentOS 5 and Debian 6 will still have it set to 0 by default (they're end-of-life anyway)
You can still override the setting in the directadmin.conf by adding the enable_ssl_sni varilable to the desired value.
Note that enable_ssl_sni only disables the owned IP check in DA, for accessing the SSL page.
Admin Settings: maxfilesize can be KB, MB, GB, TB, etc (SKINS) new
The maxfilesize variable in the Admin Settings used to require entry in bytes.
As very few people every actually work with those units in terms of file uploads, the variable can now be specified with the size units.
Valid values are now:
536870912
512 KB
512K
512 K
0.5 MB
0.5MB
100MB
1G
0.1 GB
etc..
Valid units are:
blank (for bytes)
K
KB
M
MB
G
GB
T
TB
... although, you'll not likely want to allow anything large than a few Gig, at most for this particular variable.
The number can be an integer or a floating point number, with decimals.
DA will show the number with a space before the unit. The space is not required.
However, upper case characters for the units are required, to avoid confusion with "bits" (vs bytes) where bits are usually a lower case b while bytes are upper case B.
SKINS
admin/admin_settings.html
swapped the |MAXFILE| token with |MAXFILE_UNITS|
The |MAXFILE| token will remain untouched, to be backwards compatible.
The value stored in the directadmin.conf will still be set in bytes.
No DKIM if there is no zone new
Functionality change:
- When deleting a zone from the Admin Level -> DNS Admin, if there are any DKIM keys, they will be removed along with the zone.
If you need to have the DKIM keys, you can re-add them manually with the script:
cd /usr/local/directadmin/scripts
./dkim_create.sh domain.com nodns
- The call to:
echo "action=rewrite&value=dkim" >> /usr/local/directadmin/data/task.queue
will not create the dkim keys if there is no dns zone.
Ability to link IPs through the task.queue new
Related to:
Admin Level -> IP Manager -> click on an IP -> Link IP
this can now be done through the task.queue.
Sample:
echo "action=linked_ips&ip_action=add&ip=1.2.3.4&ip_to_link=1.2.3.5&apache=yes&dns=yes&apply=yes" >> /usr/local/directadmin/data/task.queue
The command is the same as the form in CMD_IP_MANAGER_DETAILS?ip=1.2.3.4, except we move the form action=add to ip_action=add, as the dataskq action needs to be broader.
FileManager head and tail commands new
When requesting a file, eg:
/CMD_FILE_MANAGER/file.txt
You can now add GET options, either
fm_head=10
or:
fm_tail=10
to view the starting or ending number of lines for that file, eg:
/CMD_FILE_MANAGER/file.txt?fm_tail=5
Only one of head or tail can be used at a time.
10 can be replaced with any positive integer.
The Content-Type header will always be set to text/plain.
FTP Backup option to upload md5sum file new
New directadmin.conf internal default option:
backup_ftp_md5=0
which you can add and change to:
backup_ftp_md5=1
in the directadmin.conf to enable md5 uploads, along with the backup file.
The ftp_upload.php will have a new environmental variable:
ftp_md5=1
if this option is enabled, which then uploads a 2nd file, eg:
user.admin.fred.tar.gz.md5
containing the current md5sum of the backup file.
This can be used to verify the integrity of the backup on the remote server, to ensure backup was transferred correctly.
The restore does not currently download or check this file, but if you get an error message during the restore, you'll then be able to manually check the remote file to confirm it's intact, and try again if it is.
The environmental variable ftp_md5=1 is passed to the ftp_restore.php, but the script itself is not currently altered in any way to use it.
Custom Domain Items values available in virtual_host2.conf templates new
The custom_domain_items feature lets you set custom per-domain variables.
This change allow those variables which are set in the domain's config file:
/usr/local/directadmin/data/users/username/domains/domain.com.conf
to be available as a token in the User's httpd.conf templates with the token syntax:
|CUSTOM_DOMAIN_ITEM_%s|
where %s is swapped with the custom item name, and that whole token, when used in the templates, will be swapped with the value from the domain.com.conf.
For example, if you have this file:
/usr/local/directadmin/data/admin/custom_domain_items.conf
loaded with:
banana=type=checkbox&string=Custom 1&desc=Yellow&checked1=yes
Then you can use the token:
|CUSTOM_DOMAIN_ITEM_banana|
in the virtual_host2.conf templates (and subdomains, and pointers).
Note that this token will only be available if:
banana=anything
is actually set in the domain.com.conf file.
If it's unset (name does not exist), then the token will not be set.
An example usage of the token might be:
|*if CUSTOM_DOMAIN_ITEM_banana="ON"|
Options +banana
|*endif|
and a sample, (and invalid) example.
CMD_API_SHOW_SERVICES?all_info=yes to show memory and pids new
You can now show all pids and memory info from the Show Services page, using the extra GET option:
all_info=yes
Changes to generate 3 encoded arrays:
status=<statusarray>&memory=<memoryarray>&pids=<pidarray>
where each of the <subarrays> would be similar to:
status=httpd=on&dovecot=on...
memory=httpd=8.32031&dovecot=39.8398...
pids=httpd=19242 19244 19245 19246 19247 19248 19249 19250 19251 19252 19253 &dovecot=29534
all double-url encoded, as needed.
Here's a sample output:
memory=da%25%32Dpopb%25%33%34smtp%3D%25%33%30%25%32E%25%33%35%25%33%34%25%33%36%25%33%38%25%33%37%25%33%35%26directadmin%3D%25%33%38%25%32E%25%33%33%25%33%32%25%33%30%25%33%33%25%33%31%26dovecot%3D%25%33%33%25%33%39%25%32E%25%33%38%25%33%33%25%33%39%25%33%38%26exim%3D%25%33%31%25%32E%25%33%32%25%33%34%25%33%32%25%33%31%25%33%39%26httpd%3D%25%33%31%25%33%30%25%33%38%25%32E%25%33%38%25%33%36%25%33%37%26mysqld%3D%25%33%31%25%33%35%25%33%35%25%32E%25%33%36%25%33%31%25%33%33%26named%3D%25%33%31%25%33%31%25%32E%25%33%38%25%33%34%25%33%37%25%33%37%26pure%25%32Dftpd%3D%25%33%31%25%32E%25%33%35%25%33%34%25%33%32%25%33%39%25%33%37%26sshd%3D%25%33%34%25%32E%25%33%39%25%33%37%25%33%36%25%33%35%25%33%36&pids=da%25%32Dpopb%25%33%34smtp%3D%25%33%31%25%33%34%25%33%33%25%33%37%25%33%31%25%32%30%26directadmin%3D%25%33%31%25%33%39%25%33%32%25%33%34%25%33%32%25%32%30%25%33%31%25%33%39%25%33%32%25%33%34%25%33%34%25%32%30%25%33%31%25%33%39%25%33%32%25%33%34%25%33%35%25%32%30%25%33%31%25%33%39%25%33%32%25%33%34%25%33%36%25%32%30%25%33%31%25%33%39%25%33%32%25%33%34%25%33%37%25%32%30%25%33%31%25%33%39%25%33%32%25%33%34%25%33%38%25%32%30%25%33%31%25%33%39%25%33%32%25%33%34%25%33%39%25%32%30%25%33%31%25%33%39%25%33%32%25%33%35%25%33%30%25%32%30%25%33%31%25%33%39%25%33%32%25%33%35%25%33%31%25%32%30%25%33%31%25%33%39%25%33%32%25%33%35%25%33%32%25%32%30%25%33%31%25%33%39%25%33%32%25%33%35%25%33%33%25%32%30%26dovecot%3D%25%33%32%25%33%39%25%33%35%25%33%33%25%33%34%25%32%30%26exim%3D%25%33%32%25%33%37%25%33%34%25%33%32%25%33%31%25%32%30%26httpd%3D%25%33%37%25%33%37%25%33%39%25%33%34%25%32%30%25%33%31%25%33%32%25%33%34%25%33%32%25%33%31%25%32%30%25%33%31%25%33%32%25%33%34%25%33%32%25%33%32%25%32%30%25%33%31%25%33%32%25%33%34%25%33%34%25%33%31%25%32%30%25%33%31%25%33%32%25%33%34%25%33%34%25%33%34%25%32%30%25%33%31%25%33%32%25%33%34%25%33%34%25%33%37%25%32%30%26mysqld%3D%25%33%35%25%33%32%25%33%32%25%32%30%25%33%35%25%33%32%25%33%33%25%32%30%25%33%35%25%33%32%25%33%34%25%32%30%25%33%35%25%33%32%25%33%35%25%32%30%25%33%35%25%33%32%25%33%36%25%32%30%25%33%35%25%33%32%25%33%37%25%32%30%25%33%35%25%33%32%25%33%39%25%32%30%25%33%35%25%33%33%25%33%30%25%32%30%25%33%35%25%33%33%25%33%31%25%32%30%25%33%35%25%33%33%25%33%32%25%32%30%26named%3D%25%33%31%25%33%33%25%33%39%25%33%35%25%33%32%25%32%30%25%33%31%25%33%33%25%33%39%25%33%35%25%33%35%25%32%30%25%33%31%25%33%33%25%33%39%25%33%35%25%33%37%25%32%30%25%33%32%25%33%33%25%33%37%25%33%34%25%33%33%25%32%30%26pure%25%32Dftpd%3D%25%33%31%25%33%32%25%33%37%25%33%31%25%33%38%25%32%30%26sshd%3D%25%33%32%25%33%31%25%33%39%25%33%38%25%33%30%25%32%30%25%33%32%25%33%38%25%33%37%25%33%35%25%33%31%25%32%30&status=da%25%32Dpopb%25%33%34smtp%3Don%26directadmin%3Don%26dovecot%3Don%26exim%3Don%26httpd%3Don%26mysqld%3Don%26named%3Don%26pure%25%32Dftpd%3Don%26sshd%3Don
Pass $created_by variable to domain_create_pre.sh / post.sh new
New variable passed to custom scripts:
/usr/local/directadmin/scripts/custom/domain_create_pre.sh
/usr/local/directadmin/scripts/custom/domain_create_post.sh
created_by=0|1|2|3|4
which is the default, set to 0 when a domain is created by the User.
List of options:
0: domain is created with the User, by the Admin or Reseller creator (see creator variable to see who)
1: domain is created by the User via the additional domains section
2: domain is created by the User, via a User Level restore
3: domain is created by Reseller Level restore
4: domain is created by an Admin Level restore
Also added extra variables to the same scripts:
skip_template=0|1 - specifies if the index.html is to be omitted from the domain creation. Set to 1 if the domain already existed or the domains directory is to be restored.
user_creation=0|1 - specifies if the domain creation is happening at the same time this User is being created.
Unable to Logout; The referer used is not safe as it can be controlled by a User fixed
When logged in as a User using the "Login As" option, if you see this message:
Unable to Logout
The referer used is not safe as it can be controlled by a User
it refers to a recent referer check in 1.51.0:
session security improvements (SECURITY)
The bug was that the possibly url encoded referer wasn't being decoded before the check.
Runnin DA in debug mode 2100 will get you more info about the "is_dangerous_referer" function doing the check.
This is the related error that was incorrect:
is_dangerous_referer: /home/username/domains/one%32three.com is either not readable or not a directory. Will not trust it.
where "%32" shoudld have been decoded into "2" before checking the path.
HTML encoded characters missing trailing semi-colon fixed
For characters encoded, say:
2
would be encoded like:
&50;
the semi-colon was not previously added to the end.
Oddly, the didn't seem to be an issue for most browsers, why it wasn't caught sooner.
Regardless, it was not correct, and is now fixed.
domain data files not being removed with domain fixed
The following files were not being removed when a domain was deleted:
/usr/local/directadmin/data/users/username/domains/*
domain.com.cacert
domain.com.cert.combined
domain.com.cert.creation_time
domain.com.csr
domain.com.cust_httpd
domain.com.cust_httpd.1
domain.com.cust_httpd.2
domain.com.cust_httpd.3
domain.com.cust_httpd.4
domain.com.san_config
They were removed with the User, as the entire folder is cleared, but for adding/removing domains within a User, they should be removed with the domain.
awstats_process.sh + cagefs: LogFile not always swapped fixed
The config file for awstats:
/home/user/domains/domain.com/awstats/.data/awstats.domain.com.conf
has a line:
LogFile="/var/log/httpd/domains/domain.com.log"
With cagefs, this should be swapped to:
LogFile="/var/log/user_logs/username/domain.com.log"
at the run-time of the awstats_process.sh script.
Because the perl regex was run as the User, through "su", it required many characters to escape things correctly.
I've swapped it for simpler version.
Also, the awstats_process.sh now has
VERSION=2.5
set near the top, so we can better track which version of awstats_process.sh is present.
If you want to manually grab the v2.5 of this script, it's here:
wget -O /usr/local/directadmin/scripts/awstats_process.sh http://files1.directadmin.com/services/all/awstats/awstats_process.sh
which is worth a try if your stats are not updating.
Worth checking the LogFile value in the config though to see what it's set to.
UPDATE:
version 2.6 fixed the FreeBSD call from /bin/su to /usr/bin/su.
nginx/proxy: php selector using wrong php on secondary domain is default domain swapped, 2nd not fixed
Conditions:
1 - Using either nginx, or nginx/proxy.
2 - using 2 php versions in the CustomBuild options.conf
3 - default domain php selections are changed. This causes nginx_php.conf to be swapped (for ~username php, as default domain controls it)
4 - Secondary domain php versions are NOT swapped, matching the CustomBuild options.
Because of #4, DA didn't consider the secondary domains swapped, so it used the nginx_php.conf, which was incorrect.
Fix was to take note for when the php_nginx.conf was swapped.
If it was, always add secondary domain php code into the nginx.conf, so it's correct, no matter what's in the main file.
Reset Today to also delete per-Email sends fixed
If a User sends their limit of emails in a given day, the Admin or Reseller (if enabaled) can click the "Reset Today" button for that User, which clears the:
/etc/virtual/usage/username
file. However, it did not previously reset:
/etc/virtual/domain.com/usage/user
for the per-email sends.
With this change, the "Reset Today" button will also rest the per-Email sends.
CMD_EMAIL_REG to force download fixed
The download "Outlook Setting" option on the E-Mail Accounts page will now add a new header:
Content-Disposition: attachment; filename=outlook_USER.reg;
to force download of the .reg file.
The USER contain either the DA system account name, or the prefix USER of USER@domain.com
Automatically add quotes for TXT records, if they're needed fixed
When adding a TXT record if there is a space in the name value, but the value "is not quoted", then DA will automatically add "quotes" around the full value.
It also does the same if the value contains an = character.
It's possible that quotes are always required, but if named allows it, I'd prefer not to add rules where not required.
DA does already use the named-checkzone command to ensure zones are syntactically correct, as the final check before putting a change into effect.
Related:
https://tools.ietf.org/html/rfc1464
https://en.wikipedia.org/wiki/TXT_record
FreeBSD: dnssec.sh using wrong binary paths fixed
Related:
http://forum.directadmin.com/threads/54489
Added:
if [ "${OS}" = "FreeBSD" ]; then
BIND_PATH=/etc/namedb
NAMED_BIN=/usr/local/sbin/named
DNSSEC_KEYGEN=/usr/local/sbin/dnssec-keygen
DNSSEC_SIGNZONE=/usr/local/sbin/dnssec-signzone
...
Check for /var/www/html/squirrelmail before backup/restore fixed
If the /var/www/html/squirrelmail path does not exist (directory or link, doesn't matter), then the backup/restore won't happy for the SquirrelMail data.
This extra check was added to prevent errors for backing up things if the server doesn't have SM installed.
The path check will use an internal cache method, so a new lstat is not run for each User. The dataskq would store it in the backup.
The directadmin processes should also be safe from cache issues because the parent doesn't call this check, and each chiled is forked.
(in case you delete the /var/www/html/squirrelmail path, but DA still thinks it's there).. but even if you have issues, just restart DA.
CMD_API_FILE_MANAGER type returned incorrect value fixed
DirectAdmin 1.51.3 introduced a bug where the call to;
CMD_API_FILE_MANAGER
return a 'type' value for files of:
<img border='0' alt="File" src="/IMG_FILE" />
and directories:
<img alt="Directory" src="/IMG_FOLDER" border='0' />
instead of "file" or "dir", respectively.
BlockCracking: variables.conf.custom values show extra = character in notices fixed
The DirectAdmin template:
block_cracking_notice_script.txt
will use some of the values from the BlockCracking variables.
If you're using a custom variables override file, the values are set with double == characters.
When DA was reading that file, it only used the first = character, and assumed the 2nd was the value, so using something like:
BC_LIM == 2
would cause the |COUNT| token to incorrect be filled with:
= 2
where it should have just been 2.
Missing headers for API response of "...does not exist in your authority level" fixed
Recent changes to the internal header code caused the scenario where you've run a wrong command which normally gives you this error:
error=1&text=You cannot execute that command&details=The request you've made cannot be executed because it does not exist in your authority level
to not generate HTTP response headers first, and also causing DA to continue to try and send a blank request, so you'd end up with 404 headers after the above code was sent.
This bug would cause confusion in cases where a command is entered incorrectly, or the commands.allow/commands.deny isn't allowing it, since parsers cannot find the end of the headers, since the first output isn't "HTTP/1.1", but instead gave "error=1" which isn't valid to start a response.
So browsers or API scripts would just give blank output, even though the above output was given, just without headers (plus a junk 404 at the end)
It's possible there were other cases where no headers were generated first, but this fix simply confirms that they were, rather than assuming they were.
No CGI for a domain should not have Options Includes (SECURITY)(TEMPLATES) fixed
If you disable CGI for a domain, "Includes" is now removed from the Options list the AllowOverride list.
If you have CGI enabled, then cgi based server-side includes are allowed.
Reasoning:
Adding IncludesNoExec does not negate the exec portion of already added Includes Option because it's a binary "OR"
so "+Includes +IncludesNoExec" does allow exec, which is not what we want.
Must be "-Includes +IncludesNoExec"
IMPORTANT:
If you have CGI disabled, but have an .htaccess with:
Options +Includes
you will get an internal server error, so change it to be:
Options +IncludesNoExec
TEMPLATES:
Changes to the 4 virtual_host2*.conf files for the CGI=off case:
Token now set to:
|?ALLOW_OVERRIDE=AllowOverride AuthConfig FileInfo Indexes Limit Options=Indexes,IncludesNOEXEC,MultiViews,SymLinksIfOwnerMatch,FollowSymLinks,None|
where Includes has been removed from the AllowOverride
as well:
|*if CGI=""|
|ALLOW_OVERRIDE|
Options -ExecCGI -Includes +IncludesNOEXEC
|*endif|
so Includes is not allowed without CGI, which is correct (as server-side includes exec have the same permissions as cgi-bin files)
Moved php-fpm section into <Directory> section of VirtualHost (TEMPLATES) fixed
The HAVE_PHP1_FPM and HAVE_PHP2_FPM sections for php-fpm have been moved from outside the <Directory> section, to within the <Directory> section.
This was to allows for mixing lsphp and php-fpm.
This will move them past the CUSTOM, CUSTOM2, and CUSTOM3 tokens, which should affect people unless they're changing any of the tokens the php-fpm section uses:
PHP1_RELEASE, PHP2_RELEASE, and USER
TEMPLATES
virtual_host2.conf
virtual_host2_secure.conf
virtual_host2_sub.conf
virtual_host2_secure_sub.conf
CMD_FILE_MANAGER could not use path token to set other token fixed
Code changes made on Dec 10th to do more creative things with the Evolution skin caused the "path" token to be unset at the time of the FileManager pre-load.
(The pre-load is done to run any scripts like |$/usr/local/bin/php ... before the FM is chrooted to ~/)
This prevented things like:
|?CUSTOMPATH=`path`|
from working, while using |path| would have still worked fine as the token was added after the pre-load.
Change was to add the path token before the pre-load.
Update: Also added missing COMMAND token, used for the "Back" button in template.html standard messages.
Allow forward slash in PTR record names fixed
If you need to add a range of IPs, you can now add a zone like:
4.3.2.in-addr.arpa
where that's the domain name (don't use the rDNS checkbox)
and add a PTR name value (left size) like:
5.0/24
to specify which IPs it should cover.
You can then clear out all other records, just leave the PTR and NS record.
dovecot_sni rename domain didn't swap /etc/dovecot/conf/sni/domain.com.conf fixed
- Added fix to remove the dovecot sni file:
/etc/dovecot/conf/sni/domain.com.conf
then swap the domain name as usual
then re-rewrite a conf/sni/newdomain.com.conf file.
Also found and fixed a bug where the:
/usr/local/directadmin/data/users/username/domains/domain.com.mime.types
was not being renamed to newdomain.com.mime.types.
Removed old logs from deleted domains fixed
DirectAdmin does not delete the old logs from deleted domains so that User cannot bypass bandwidth counting by deleting and re-adding their domains.
The side-effect would be that over time, the apache/nginx domain log paths get irrelevant left-over logs.
This change is to clean up those old logs after 60 days.
It will remove logs ending in:
.log
.log.1
.bytes
.bytes.X (1-(logs_to_keep))
which are older than the 60 day max.
This feature only runs if:
rotation=1
is enabled, which is used to rotate to the logs into the Users log folders.
If you set rotation=0, then you're 100% responsible for adding rotation to this directory (eg: add something into logrotate, etc)
Linked IPs should only duplicate local IPs in DNS fixed
Previously, when linking IPs at:
Admin Level -> IP Manager -> click the IP -> link IP
the dns portion would just take a fresh copy of the dns_*.conf templates, and add all A and AAAA records from there using the new IP.
This was not logically correct for some cases where a custom A record was added, pointing to an external IP.
Functionality change in the DNS portion for linked IPs, where only matching A or AAAA records for the local IP, will be duplicated with the linked IP.
For example, domain is on 1.2.3.4 with A records:
www A 1.2.3.4
ftp A 1.2.3.4
pop A 2.3.4.5
smtp A 2.3.4.5
mail A 2.3.4.5
where 2.3.4.5 might be some external server managing the mail.
If you link 1.2.3.5 to the dns for 1.2.3.4, the new zone will now look like:
www A 1.2.3.4
www A 1.2.3.5
ftp A 1.2.3.4
ftp A 1.2.3.5
pop A 2.3.4.5
smtp A 2.3.4.5
mail A 2.3.4.5
Previously, the 2.3.4.5 A records would have been duplicated too, causing a round robin to both 1.2.3.5 and 2.3.4.5, which is is not likely the desired effect.
This change also applies for AAAA records, in either order (linking IPv4 to IPv6 or IPv6 to IPv4)
mod_security logs not rotated if awstats=1 fixed
If you're running mod_security, and need the log rotation of the logs in:
/var/log/modsec_audit
a bug where awstats=1 would prevent those logs from being rotated, because, DA only rotates the logs to the .1 files if only webalizer is used, as it states a live log shouldn't be used.
But we changed it to use live logs with awstats anyway, so the apache log rotation didn't happen, which is where the mod_security log rotation function was called.
Fix was to simply move the function call out of the apache log rotation function.
It still requires rotation=1 though.
Disable SSLv2/SSLv2 for outboud client calls fixed
DirectAdmin sometimes makes outbound calls to remote servers using SSL.
Some examples would be plugin updates, DA or License updates, or when using the Multi-Server Setup.
This change disables the client calls from being allowed to use SSLv2 or SSLv3, forcing them to use TLS.
The effect of this will only be that server side of the connection, that is being connected to, must support TLS, and any server that does not will no longer work.
Notify Admins on LetsEncrypt renewal error fixed
If there are any renewal errors, previously only the User was notified.
This change will also notify the Admins, should any renewal errors occur.
If there is a problem with the script itself, then only the Admin can fix it anyway, hence they might as well get a notice.
As before, no notice is sent to anyone if the renewal occurs without any errors.
Don't throw error is User is deleted mid-backup fixed
As some systems take quite a while to generate a single backup of all accounts, it's possible that the User might be deleted mid-run.
In this case, DA would have thrown the error:
User deleteduser has unknown usertype
<13:31:40>
Cannot find /tmp/admin.123456/user.admin.deleteduser.tar.gz for upload.
and in some cases, we would not want the backup error to generate an error if we know we deleted the User.
This change adds checks to see if the error is actual an error with a present User, or if the User was actually deleted,
but only exempts the error is the User Selection method is "All Users" or "All Users except".
Should a specific User list be used and this account is missing an error will be generated.
To confirm if a User is deleted, DA will check for the uid via the /etc/passwd file.
It will also look for the directory /usr/local/directadmin/data/users/username
If either exist, then the User was not deleted, and an error is thrown.
If both are missing, then DA assumes the User was deleted, and in addition to the above usertype error, a message is added to the output:
"Looks like the User was deleted mid-backup. Ignoring the error."
and the result is a non-error, just extra text in the message.
If you set the option to only send an email on backup errors, then no message/email would be generated.