Setting up Nominet Registrar on a windows platform

[andymcculloch]

Hi There,

 

Has anyone been able to get Nominet domains registrations working on a windows platform? I've searched knowledgebase, manual and forums, but I can't find anything specific about the setup procedure for a windows based system.

 

If anyone has this working I'd be grateful if you'd be willing to share details of what you have installed where, php config, permissions set and the details entered into WHMCS.

 

Here's what i have currently, and it's not giving me anything - no email text file generated, no email sent, no errors - nothing:

 

WHCMS setup and running on windows server 2003 via IIS 6 & PHP 5.2.1

Email settings working for all other systems within WHMCS

GNUPG setup with our Nominet keychain installed

\modules\registrars\nominet\tmp\ directory for created email with write/modify permissions for the web user.

WHCMS pointed to the GNUPG config directory & permissions for the web user enabled

 

Clearly something isn't working somewhere, but I'm at a loss to figure out what it is without any error messages to go with.

 

Any help would be gratefully received.

 

Andy.

[openmind]

I battled for weeks trying to get Nominet to work with AWBS (which was cack anyway) and never got it functioning on Windows.

 

I'm yet to try on Linux but I have a feeling it will work flawlessly with WHMCS.

[CSNM-Carl]

Search the forum for previous Nominet posts, although most of them are people running WHMCS on Linux.

 

We run WHMCS on Linux, it required a bit of messing around but it's working fine at the moment.

[openmind]

TBH I think GPG is just one of those things that just doesn't run happily on Windows. I know of some people who have got it done but it takes some serious mucking around.

[andymcculloch]

I've got GPG functioning just fine on other windows machines, albeit not integrated into anything more complicated than Outlook, so I can't see it being a complete dead end. If it takes some mucking about, then that's what I'll have to do, but it's nigh on impossible without any error logs or debug code.

 

At the moment I can't even get the system to generate the text files with the email contents, let alone sign and send them, so just getting that fixed would be an achievement, and I can then turn my attention to getting the signing working.

 

Matt, do you have any pointers for setting this up in a Windows environments - clearly this has been considered as I see that a "tick if you're using a windows server" option has been added, and presumably you've got this working in your dev environment. Could you please share details of how you intended it to be set up?

 

Cheers,

 

Andy

[othellotech]

if you arent getting the text files then you have an ownership/permission error on the ./tmp/ folder in the nominet modue directory

 

gpg under windows is buggy at best. and the commercial pgpoffering doesnt take to being scripted very well.

[andymcculloch]

I've been having a dialogue with Matt about this in the support system, I've nearly got it nailed and I just thought I'd share my findings with anyone who's looking for some info on this.

 

Matt sent me a couple of code snippets to play with and from using those, I've identified a few issues that I think were/are causing the problem I've been having. I'll run through everything that I've come up against:

 

Permissions

These need to be set for the user that the website runs as for a number of folders and files:

 

%Site Root%/modules/registrars/nominet/tmp - you need to create this folder manually and give the website user read and modify access to create the txt files with the instructions to the Nominet automaton.

 

GPG program file - The web user needs read and execute permissions for the actual GPG program file in order to run it to sign the text file.

 

GPG config and keychain folder - usually C:\Documents and Settings\<username>\Application Data\gnupg - The web user needs read and execute permissions for this folder so that it can access your keychain.

 

%systemroot%\system32\cmd.exe - The web user needs read and execute permissions for this file in order to actually run the gpg.exe program.

 

The permission are only half the story. I have all of these permissions in place, and it still doesn't work fully on my setup. I know that the permissions are correct as I've cobbled together a test script (from the snippets that Matt has sent me) that replicates what the WHMCS system does when it generates the txt files and signs them. This script works fine, but only after I made a tweak in the way that it generates the paths for the functions that it uses.

 

The Nominet registration process uses 2 PHP functions: fopen and shell_exec. The fopen function is used to write the instructions to the nominet automaton into a text file, and shell_exec is used to externally execute the gpg.exe to sign that text file. The problem is that the same path variable is used to specify the file to be created and signed. This doesn't sound like it should be a problem, until you consider that the way that fopen and gpg handle paths to files. WHMCS defines a fully qualified path right down to the root of the drive. Fopen can handle this just fine and will happily create the text file. Gpg can only handle this if the fully qualifies path contains no spaces in the directory names. If your full path contains directories with spaces in the names, the gpg signing will fail. The solution is to use 2 variables, one fully qualified one for fopen, and a relative one for gpg. This is what I've done in the attached script.

 

Matt is currently reviewing this and it may be incorporated into future releases.

 

One last thing that the gpg-spaces-in-paths issue affects is the PGP home specified in the nominet registrar settings in the admin panel. This needs to be specified with short DOS file names with double backslashes. e.g. "C:\Documents and Settings\user\Application Data\gnupg" should be entered into the admin panel as "C:\\Docume~1\\user\\Applic~1\\gnupg\\" but will appear as "C:\Docume~1\user\Applic~1\gnupg\" once it has been saved.

 

As I said, I'm still having an issue with this for some reason. I couldn't get v3.4.1 to generate anything, but after rolling back to v3.4.0 the txt file generation works, but not the signing (for reasons stated above). Matt assures me there is no difference in the nominet code between the 2 versions, which leaves me even more confused.

 

That's about all I can think of in terms of what I've had to do to get this far. The attached file should be run from the nominet folder - %Site Root%/modules/registrars/nominet/ and will create and sign a text file in the tmp folder if all the permissions are setup correctly.

 

If anyone else is having trouble with this or has any comments, please give me a shout.

 

Cheers,

 

Andy

signing_debug.txt

[Mark Donne]

Andy,

 

You post helped us no end in getting the Nominet PGP signing working.

 

The only extra item we had to do which was not mentioned in your text was ensure that the PATH to both php.exe AND gpg.exe was in the environment for the user the website was running as.

 

Once we did this the text files were being signed without any problems.

 

Hope this little extra bit helps anyone who needs it!

 

Thanks Andy

[Rob K]

The script creates the .txt file but does not create the .asc version.

If I manually run the command that is shown on the debug page it works from a cmd prompt.

I have gone over the permissions so many times and have given 'everyone' read and exec on the gpg.exe and pgp files but it still wont work.

 

Any ideas?

[Mark Donne]

What result does this give you...

 

<?php

$output = shell_exec('PATH');

echo "<pre>$output</pre>";

?>

[Rob K]

It echos my entire server path including the path to gpg.exe.

It starts:

PATH=C:\Program Files\GNU\GnuPG;C:\Perl\bin\;C:\CFusionMX7......................... etc

[Mark Donne]

Does it have the path to PHP in there as well?

[Rob K]

nope - should it?

[Mark Donne]

Actually scrap that, it wouldn't need the path to PHP in there to work from the website!

 

The only other thing I can think of is that the path to your GPG home contains no spaces (as andy said do a dir/x to see what it is called) and make sure that you are using double \\ when refering to the folde

 

1. Check IUSR has READ and EXECUTE permission to the GPG programs folder

2. Make sure your GPG home folder is defined with double quotes.

Ours is D:\\webs\\BILLIN~1.UK\\pgp\\ and that the IUSR has READ permissions

 

Hope this helps

[Rob K]

I have moved the files from C:\Program Files\GNU\GnuPG into c:\pgp and directly called the gpg.exe as follows:

$exec_command = "echo $passphrase| c:\\pgp\\gpg.exe --no-tty --passphrase-fd 0 --homedir $pgphome --clearsign $file1";

it gives this on the debug page:

echo mypassphrase| c:\pgp\gpg.exe --no-tty --passphrase-fd 0 --homedir C:\pgp\ --clearsign tmp\nominet1202902026.txt

But it still wont create the .asc file.

Is there a way to debug so I can find out why it is failing?

[Mark Donne]

Ours works and our debug.php gives

 

Full path to file being written: D:\webs\billing.host100.co.uk\htdocs\billing\modules\registrars\nominet\tmp\nominet1202904961.txt

 

Path to PGP home being passed: D:\webs\BILLIN~1.UK\pgp\

 

Relative path to file being signed: tmp\nominet1202904961.txt

 

PGP script being executed: echo PASSWORD| gpg.exe --no-tty --passphrase-fd 0 --homedir D:\webs\BILLIN~1.UK\pgp\ --clearsign tmp\nominet1202904961.txt

 

Have you tried running the debug.php locally, php.exe debug.php. If that works it HAS to be permissions.

[Rob K]

yes it works locally, I have given everything 'everyone' rx that is involved here.

[Rob K]

I have used 'echo exec('whoami');' to find out who the website is running as and it gives 'maxwell01\iwam_plesk(default)'

 

So I have given iwam_plesk(default) rx permissions on the PGP folder, the gpg.exe file and the tmp dir - but it still won't work......

It can create files in the tmp location but it will not create the .asc file.

[Rob K]

wow - I got it working, as we thought it was permissions, the iwam account needed rx on cmd.exe.

Odd as it was able to create the txt file but not the asc.

Right - now gotta get my PGP working with Nominet........

[Mark Donne]

Kewl.

 

Well done. We got there in the end