rhufsky Posted September 13, 2024 Posted September 13, 2024 I try to create a customer via the API. The customer is created, but the standard subdomain is omitted.When I create a customer via the GUI, the standard subdomain is created. I run 2.2.1-1. This worked fine in last years version. This is my API payload: const command = { command: "Customers.add", params: { new_loginname: customer.loginname, email: customer.email, firstname: customer.firstname, name: customer.lastname, company: `HTL Villach / ${customer.clazz}-24/25`, store_defaultindex: 1, sendpassword: 1, createstdsubdomain: true, // adminid: 1, gender: customer.gender, street: "Tschinowitscher Weg 5", zipcode: "9600", city: "Villach", phone: "", fax: "", customernumber: "", def_language: "de", diskspace: 1000, // diskspace_used: 628, mysqls: 4, ftps: 1, subdomains: 1, traffic: 10, pop3: 0, imap: 0, perlenabled: 1, phpenabled: 1, dnsenabled: 0, logviewenabled: 1, theme: "Froxlor_dark", custom_notes: "", allowed_phpconfigs: [1], allowed_mysqlserver: [0], }, }; I also tried createstdsubdomain: 1, What can I do to create a stabdad subdomain for a customer via the API?
d00p Posted September 13, 2024 Posted September 13, 2024 Whats the result of the API call? Anything in the logs (should be originating from froxlor with [API] prefixed to the message)
rhufsky Posted September 13, 2024 Author Posted September 13, 2024 (edited) This is the API response, iz basically tells me that all is OK { "data": { "customerid": 243, "loginname": "aaaaaa", "password": "$2y$10$py7pPqvFcPVhij9vUd5dxO0kP0/R2jROfP7zB6VYAo77Rwq6etNx.", "adminid": 4, "name": "AA", "firstname": "AA", "gender": 1, "company": "HTL Villach / 2AFITT-24/25", "street": "Tschinowitscher Weg 5", "zipcode": "9600", "city": "Villach", "phone": "", "fax": "", "email": "somebody@tld.com", "customernumber": "", "def_language": "de", "diskspace": 1024000, "diskspace_used": 0, "mysqls": 4, "mysqls_used": 0, "emails": 0, "emails_used": 0, "email_accounts": 0, "email_accounts_used": 0, "email_forwarders": 0, "email_forwarders_used": 0, "email_quota": -1, "email_quota_used": 0, "ftps": 1, "ftps_used": 0, "subdomains": 1, "subdomains_used": 0, "traffic": 10485760, "traffic_used": 0, "documentroot": "/var/customers/webs/aaaaaa/", "standardsubdomain": 0, "guid": 10242, "ftp_lastaccountnumber": 0, "mysql_lastaccountnumber": 0, "deactivated": 0, "phpenabled": 1, "lastlogin_succ": 0, "lastlogin_fail": 0, "loginfail_count": 0, "reportsent": 0, "pop3": 0, "imap": 0, "perlenabled": 1, "dnsenabled": 0, "theme": "Froxlor_dark", "custom_notes": "", "custom_notes_show": 0, "lepublickey": null, "leprivatekey": null, "leregistered": 0, "allowed_phpconfigs": "[1]", "type_2fa": 0, "data_2fa": "", "api_allowed": 1, "logviewenabled": 1, "allowed_mysqlserver": "[0]", "gui_access": 1, "adminname": "wiiadmin" } } The log tells me: [API] Unable to add standard-subdomain: No more resources available I create the user for the admin "wiiadmin" Wiiadmin has unlimited subdomains. Fun fact: when I create the user for "admin", it works. Edited September 13, 2024 by rhufsky additional info
d00p Posted September 13, 2024 Posted September 13, 2024 hm....no resources is weird, a standardcustomerdomain is not supposed to be counted to the domain-resources ... I'll check, thanks for the feedback
rhufsky Posted September 13, 2024 Author Posted September 13, 2024 Seems I found the reason. I created the customer with the credentials of "wiiadmin". This admin had Domains=0, I changed ths to "unlimited" and now it works. What is confusing though: When Domains is set to 0 for an admin, Froxlor API happily creates the customer and just omits the standard domain without further warnings or error messages. When I create the customer with the credentials of "admin", it creates the standard domain anyways. When I move this customer to "wiiadmin" with Domains set to 0 also no complaints. Anyways, the hint to the logs helped a lot.
d00p Posted September 13, 2024 Posted September 13, 2024 I agree, there should be an active display of "issues" when creating a customer which not directly affects the resource "customer" (e.g. std-subdomain could not be added, or similar). For the main issue, as any admin who can create users should be able to create std-subdomains, you might want to test the following patch: NoResourceCheckIfStandardSubdomain.patch
rhufsky Posted September 13, 2024 Author Posted September 13, 2024 Thanks, I will happily test that. Alas, the attachment seems to be unavailable for now. Maybe both of us should enjoy the upcoming weekend now 🙂
d00p Posted September 13, 2024 Posted September 13, 2024 Weird, I'm not aware of any restrictions for attachments...need to check. In the meatime here: diff --git a/lib/Froxlor/Api/Commands/Customers.php b/lib/Froxlor/Api/Commands/Customers.php index ccbef644..f0492ed2 100644 --- a/lib/Froxlor/Api/Commands/Customers.php +++ b/lib/Froxlor/Api/Commands/Customers.php @@ -738,11 +738,12 @@ class Customers extends ApiCommand implements ResourceEntity 'adminid' => $this->getUserDetail('adminid'), 'docroot' => $documentroot, 'phpenabled' => $phpenabled, - 'openbasedir' => '1' + 'openbasedir' => '1', + 'is_stdsubdomain' => 1 ]; $domainid = -1; try { - $std_domain = $this->apiCall('Domains.add', $ins_data); + $std_domain = $this->apiCall('Domains.add', $ins_data, true); $domainid = $std_domain['id']; } catch (Exception $e) { $this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_ERR, "[API] Unable to add standard-subdomain: " . $e->getMessage()); diff --git a/lib/Froxlor/Api/Commands/Domains.php b/lib/Froxlor/Api/Commands/Domains.php index 2dfbfb94..0ed0fbc9 100644 --- a/lib/Froxlor/Api/Commands/Domains.php +++ b/lib/Froxlor/Api/Commands/Domains.php @@ -274,7 +274,8 @@ class Domains extends ApiCommand implements ResourceEntity * $override_tls is true * @param string $description * optional custom description (currently not used/shown in the frontend), default empty - * + * @param bool $is_stdsubdomain (internally) + * optional whether this is a standard subdomain for a customer which is being added so no usage is decreased * @access admin * @return string json-encoded array * @throws Exception @@ -282,7 +283,8 @@ class Domains extends ApiCommand implements ResourceEntity public function add() { if ($this->isAdmin()) { - if ($this->getUserDetail('domains_used') < $this->getUserDetail('domains') || $this->getUserDetail('domains') == '-1') { + $is_stdsubdomain = $this->isInternal() ? $this->getBoolParam('is_stdsubdomain', true, 0) : false; + if ($is_stdsubdomain || $this->getUserDetail('domains_used') < $this->getUserDetail('domains') || $this->getUserDetail('domains') == '-1') { // parameters $p_domain = $this->getParam('domain'); @@ -795,12 +797,15 @@ class Domains extends ApiCommand implements ResourceEntity $ins_data['id'] = $domainid; unset($ins_data); - $upd_stmt = Database::prepare(" - UPDATE `" . TABLE_PANEL_ADMINS . "` SET `domains_used` = `domains_used` + 1 - WHERE `adminid` = :adminid"); - Database::pexecute($upd_stmt, [ - 'adminid' => $adminid - ], true, true); + if (!$is_stdsubdomain) { + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_PANEL_ADMINS . "` SET `domains_used` = `domains_used` + 1 + WHERE `adminid` = :adminid + "); + Database::pexecute($upd_stmt, [ + 'adminid' => $adminid + ], true, true); + } $ins_stmt = Database::prepare(" INSERT INTO `" . TABLE_DOMAINTOIP . "` SET
Exploit Posted February 6 Posted February 6 The same experience I just have by creating a new customer, with only a standard subdomain in the admin panel. No error message, no subdomain is created. The switch for creating a standard subdomain, which I've turned on, is just turned off, when I go back to the customers settings. I think that it's the same issue. The System-Log shows the following: " [API] Unable to add standard-subdomain: Wenn SSL aktiviert ist, muss eine SSL IP/Port angegeben werden" The form to create a new customer doesn't have any SSL options. In the past subdomains were created without problems and they are running with SSL flawlessly.
d00p Posted February 6 Posted February 6 Do you have default ssl-ips in System-Settings -> Default SSL IP/Port ? If not, froxlor cannot fallback to valid ssl-ips when creating a (std-sub)domain with ssl=1
Exploit Posted February 6 Posted February 6 10 minutes ago, d00p said: Do you have default ssl-ips in System-Settings -> Default SSL IP/Port ? If not, froxlor cannot fallback to valid ssl-ips when creating a (std-sub)domain with ssl=1 Yes, port 80 and ssl on port 443, like usual, all domains are using them and they are working fine. looks like there's some SSL part missing in the API call in the background.
d00p Posted February 6 Posted February 6 ssl if enabled globally is set to true by default, and if no ssl-ip is given explicitly (which is the case when adding std.subdomains) froxlor falls back to the default-ssl-ip setting. Now if SSL is enabled, and Domain-SSL = 1 (which is true) and NO ssl-ips are given, then the exception you got is returned...
Exploit Posted February 6 Posted February 6 21 minutes ago, d00p said: ssl if enabled globally is set to true by default, and if no ssl-ip is given explicitly (which is the case when adding std.subdomains) froxlor falls back to the default-ssl-ip setting. Now if SSL is enabled, and Domain-SSL = 1 (which is true) and NO ssl-ips are given, then the exception you got is returned... In the admin panel: IP-Adresse Welche Haupt-IP-Adresse hat der Server? Standard-IP/Port-Kombination Welche IP/Port-Kombination sollen standardmäßig verwendet werden? Standard SSL IP/Port-Kombination Welche ssl-fähigen IP/Port-Kombination sollen standardmäßig verwendet werden? are all set, do I miss something?
Exploit Posted February 6 Posted February 6 Okay, thank you for your fast response. The froxlor support works always amazing! I've just created the following bug report: https://github.com/froxlor/Froxlor/issues/1307
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now