diff options
-rw-r--r-- | src/etc/inc/dyndns.class | 7 | ||||
-rw-r--r-- | src/etc/inc/r53.class | 53 | ||||
-rw-r--r-- | src/etc/pfSense.obsoletedfiles | 2 | ||||
-rw-r--r-- | src/usr/local/www/fbegin.inc | 2 | ||||
-rw-r--r-- | src/usr/local/www/fend.inc | 2 | ||||
-rw-r--r-- | src/usr/local/www/graph.php | 10 | ||||
-rw-r--r-- | src/usr/local/www/services_dyndns_edit.php | 2 |
7 files changed, 51 insertions, 27 deletions
diff --git a/src/etc/inc/dyndns.class b/src/etc/inc/dyndns.class index 0dfdbac..c88feca 100644 --- a/src/etc/inc/dyndns.class +++ b/src/etc/inc/dyndns.class @@ -96,7 +96,7 @@ * HE.net IPv6 - Last Tested: 7 July 2013 * HE.net Tunnel - Last Tested: 28 June 2011 * SelfHost - Last Tested: 26 December 2011 - * Amazon Route 53 - Last Tested: 30 August 2016 + * Amazon Route 53 - Last Tested: 04 February 2017 * DNS-O-Matic - Last Tested: 9 September 2010 * CloudFlare - Last Tested: 05 September 2016 * CloudFlare IPv6 - Last Tested: 17 July 2016 @@ -650,9 +650,10 @@ case 'route53': require_once("r53.class"); $r53 = new Route53($this->_dnsUser, $this->_dnsPass); - $apiurl = $r53->getApiUrl($this->_dnsZoneID); + list($r53_regionId, $r53_zoneId) = split('/', $this->_dnsZoneID); + $apiurl = $r53->getApiUrl($r53_zoneId); $xmlreq = $r53->getRequestBody($this->_dnsHost, $this->_dnsIP, $this->_dnsTTL); - $httphead = $r53->getHttpPostHeaders(strlen($xmlreq)); + $httphead = $r53->getHttpPostHeaders($r53_zoneId, $r53_regionId, hash("sha256",$xmlreq)); curl_setopt($ch, CURLOPT_HTTPHEADER, $httphead); if($this->_dnsVerboseLog){ log_error(sprintf("Sending reuquest to: %s", $apiurl)); diff --git a/src/etc/inc/r53.class b/src/etc/inc/r53.class index cc50d4a..4ec4cd9 100644 --- a/src/etc/inc/r53.class +++ b/src/etc/inc/r53.class @@ -83,7 +83,7 @@ class Route53 * @return string XML document */ public function getRequestBody($fqdn, $ip, $ttl){ - $xmlreq .= "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"; + $xmlreq = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"; $xmlreq .= "<ChangeResourceRecordSetsRequest xmlns=\"https://route53.amazonaws.com/doc/2013-04-01/\">"; $xmlreq .= "<ChangeBatch><Changes><Change>"; $xmlreq .= "<Action>UPSERT</Action>"; @@ -102,7 +102,7 @@ class Route53 /** * Return API URL * - * @param string $zoneid Amazone Zone ID + * @param string $zoneid Amazon Zone ID * @return string URL */ public function getApiUrl($zoneid){ @@ -112,21 +112,44 @@ class Route53 /** * Return HTTP post headers * - * @param int $bodylen length of the POST bost body + * @param string zoneId Amazon Zone + * @param string regionId Amazon Region Code (e.g. us-east-1) + * @param string requestBodySHA256 SHA256 hash of the request body * @return Array headers */ - public function getHttpPostHeaders($bodylen){ - $reqdate = gmdate('D, d M Y H:i:s e'); - $httphead[] = array(); - $httphead[] = sprintf("Date: %s", $reqdate); - $httphead[] = "Content-Type: text/plain"; - $httphead[] = sprintf("Content-Length: %d", $bodylen); - /* to avoid having user to know their AWS Region, for now use V3 */ - $httphead[] = sprintf( - "X-Amzn-Authorization: AWS3-HTTPS AWSAccessKeyId=%s,Algorithm=HMACSHA256,SignedHeaders=date,Signature=%s", - $this->__accessKey, - base64_encode(hash_hmac("sha256", $reqdate, $this->__secretKey, true)) - ); + public function getHttpPostHeaders($zoneId, $regionId, $requestBodySHA256){ + + $canonical_uri = sprintf("/2013-04-01/hostedzone/%s/rrset", $zoneId); + $amz_date = sprintf("%sT%sZ", gmdate('Ymd'), gmdate('His')); + $date_stamp = gmdate('Ymd'); + + $canonical_headers = sprintf("content-type:%s\nhost:%s\nx-amz-date:%s\n", + "text/xml", "route53.amazonaws.com", $amz_date); + + $signed_headers = "content-type;host;x-amz-date"; + + $canonical_request = sprintf("%s\n%s\n\n%s\n%s\n%s", + "POST", $canonical_uri, $canonical_headers, $signed_headers, $requestBodySHA256); + $algorithm = "AWS4-HMAC-SHA256"; + $credential_scope = sprintf("%s/%s/%s/%s", $date_stamp, $regionId, "route53", "aws4_request"); + $string_to_sign = sprintf("%s\n%s\n%s\n%s", + $algorithm, $amz_date, $credential_scope, hash("sha256", $canonical_request)); + + $kSecret = sprintf("AWS4%s", $this->__secretKey); + $kDate = hash_hmac("sha256", $date_stamp, $kSecret, true); + $kRegion = hash_hmac("sha256", $regionId, $kDate, true); + $kService = hash_hmac("sha256", "route53", $kRegion, true); + $signing_key = hash_hmac("sha256","aws4_request", $kService, true); + + $signature = bin2hex(hash_hmac("sha256", $string_to_sign, $signing_key, true)); + + $authorization_header = sprintf("%s Credential=%s/%s, SignedHeaders=%s, Signature=%s", + $algorithm, $this->__accessKey, $credential_scope, $signed_headers, $signature); + + $httphead[] = "Content-Type: text/xml"; + $httphead[] = sprintf("X-Amz-Date: %s", $amz_date); + $httphead[] = sprintf("Authorization: %s", $authorization_header); return $httphead; } } + diff --git a/src/etc/pfSense.obsoletedfiles b/src/etc/pfSense.obsoletedfiles index 6e8a386..a7004e1 100644 --- a/src/etc/pfSense.obsoletedfiles +++ b/src/etc/pfSense.obsoletedfiles @@ -927,6 +927,8 @@ /usr/local/www/edit.php /usr/local/www/exec.php /usr/local/www/exec_raw.php +/usr/local/www/fbegin.inc +/usr/local/www/fend.inc /usr/local/www/filebrowser/browser.js /usr/local/www/filebrowser/browser.php /usr/local/www/filebrowser/images diff --git a/src/usr/local/www/fbegin.inc b/src/usr/local/www/fbegin.inc deleted file mode 100644 index 652132d..0000000 --- a/src/usr/local/www/fbegin.inc +++ /dev/null @@ -1,2 +0,0 @@ -<!-- temporary until migration to bootstrap has completed --> -<div style="background-color: gray;"> diff --git a/src/usr/local/www/fend.inc b/src/usr/local/www/fend.inc deleted file mode 100644 index 262aeb7..0000000 --- a/src/usr/local/www/fend.inc +++ /dev/null @@ -1,2 +0,0 @@ -<!-- temporary --> -<?php include "foot.inc"; ?> diff --git a/src/usr/local/www/graph.php b/src/usr/local/www/graph.php index f5ec63e..1ab5ec7 100644 --- a/src/usr/local/www/graph.php +++ b/src/usr/local/www/graph.php @@ -108,7 +108,7 @@ print('<?xml version="1.0" encoding="UTF-8"?>' . "\n");?> <text id="graph_out_txt" x="20" y="16" <?=$attribs['out']?>> </text> <text id="ifname" x="<?=$width?>" y="8" <?=$attribs['graphname']?> text-anchor="end"><?=htmlspecialchars($ifname)?></text> <text id="switch_unit" x="<?=$width*0.55?>" y="5" <?=$attribs['switch_unit']?>><?=gettext("Switch to bytes/s"); ?></text> - <text id="switch_scale" x="<?=$width*0.55?>" y="11" <?=$attribs['switch_scale']?>><?=gettext("AutoScale"); ?> (<?=$scale_type?>)</text> + <text id="switch_scale" x="<?=$width*0.55?>" y="11" <?=$attribs['switch_scale']?>><?=gettext("AutoScale"); ?> (<?=gettext($scale_type);?>)</text> <text id="date" x="<?=$width*0.33?>" y="5" <?=$attribs['legend']?>> </text> <text id="time" x="<?=$width*0.33?>" y="11" <?=$attribs['legend']?>> </text> <text id="graphlast" x="<?=$width*0.55?>" y="17" <?=$attribs['legend']?>><?=sprintf(gettext("Graph shows last %s seconds"), $time_interval*$nb_plot)?></text> @@ -178,6 +178,7 @@ var max_num_points = <?=$nb_plot?>; // maximum number of plot data points var step = <?=$width?> / max_num_points ; var unit = 'bits'; var scale_type = '<?=$scale_type?>'; +var scale_type_text = '<?=gettext($scale_type); ?>'; function init(evt) { SVGDoc = evt.target.ownerDocument; @@ -188,13 +189,14 @@ function init(evt) { } function switch_unit(event) { - SVGDoc.getElementById('switch_unit').firstChild.data = '<?=gettext("Switch to"); ?> ' + unit + '/s'; + SVGDoc.getElementById('switch_unit').firstChild.data = (unit == 'bits') ? '<?=gettext("Switch to bits/s"); ?>' : '<?=gettext("Switch to bytes/s"); ?>'; unit = (unit == 'bits') ? 'bytes' : 'bits'; } function switch_scale(event) { - scale_type = (scale_type == 'up') ? '<?=gettext("follow"); ?>' : '<?=gettext("up"); ?>'; - SVGDoc.getElementById('switch_scale').firstChild.data = 'AutoScale (' + scale_type + ')'; + scale_type = (scale_type == 'up') ? 'follow' : 'up'; + scale_type_text = (scale_type == 'up') ? '<?=gettext("up"); ?>' : '<?=gettext("follow"); ?>'; + SVGDoc.getElementById('switch_scale').firstChild.data = '<?=gettext("AutoScale"); ?>' + ' (' + scale_type_text + ')'; } function fetch_data() { diff --git a/src/usr/local/www/services_dyndns_edit.php b/src/usr/local/www/services_dyndns_edit.php index eeaacb1..292590f 100644 --- a/src/usr/local/www/services_dyndns_edit.php +++ b/src/usr/local/www/services_dyndns_edit.php @@ -376,7 +376,7 @@ $section->addInput(new Form_Input( 'Zone ID', 'text', $pconfig['zoneid'] -))->setHelp('Enter Zone ID that was received when creating the domain in Route 53.' . '<br />' . +))->setHelp('Route53: Enter AWS Region and Zone ID in the form REGION/ZONEID (example: "us-east-1/A1B2C3D4E5F6Z").' . '<br />' . 'DNSimple: Enter the Record ID of record to update.'); $section->addInput(new Form_Input( |