Commit c6d29c1c authored by Florian Schaal's avatar Florian Schaal
Browse files

add dkim-keys to the resync-tool

display dns-record for dkim in the mail-domain
rewrite function domain_dkim_update in server/plugins-available/mail_plugin_dkim.inc.php
change dns*.php according to commit 604c0c24
parent 015dffdc
......@@ -57,7 +57,7 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] == 'user') {
// Get the limits of the client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
// Check if the user may add another record.
......@@ -82,7 +82,7 @@ class page_action extends tform_actions {
// Check the client limits, if user is not the admin
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
// Check if the user may add another record.
if($this->id == 0 && $client["limit_dns_record"] >= 0) {
......
......@@ -102,14 +102,14 @@ if($_SESSION['s']['user']['typ'] == 'admin') {
if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
// Get the limits of the client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
// load the list of clients
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id'];
sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$app->functions->intval($client['client_id']);
$clients = $app->db->queryAllRecords($sql);
$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);
$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
if(is_array($clients)) {
foreach( $clients as $client) {
......@@ -122,8 +122,8 @@ if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSIO
}
if($_SESSION["s"]["user"]["typ"] != 'admin')
{
$client_group_id = $_SESSION["s"]["user"]["default_group"];
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);{
$client_dns = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
$client_dns['dns_servers_ids'] = explode(',', $client_dns['dns_servers']);
......@@ -149,7 +149,7 @@ if($_SESSION["s"]["user"]["typ"] != 'admin')
}
$template_record = $app->db->queryOneRecord("SELECT * FROM dns_template WHERE template_id = '$template_id'");
$template_record = $app->db->queryOneRecord("SELECT * FROM dns_template WHERE template_id = '".$app->functions->intval($template_id)."'");
$fields = explode(',', $template_record['fields']);
if(is_array($fields)) {
foreach($fields as $field) {
......@@ -165,7 +165,7 @@ if($_POST['create'] == 1) {
if ($post_server_id)
{
$client_group_id = $_SESSION["s"]["user"]["default_group"];
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
$client['dns_servers_ids'] = explode(',', $client['dns_servers']);
......
......@@ -60,6 +60,7 @@ This Javascript is invoked by
else {
document.getElementsByName('dkim_private')[0].value = request.responseXML.getElementsByTagName('privatekey')[0].firstChild.nodeValue;
document.getElementsByName('dkim_public')[0].value = request.responseXML.getElementsByTagName('publickey')[0].firstChild.nodeValue;
document.getElementsByName('dns_record')[0].value = request.responseXML.getElementsByTagName('dns_record')[0].firstChild.nodeValue;
}
break;
default:
......
......@@ -27,11 +27,13 @@
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
This script is invoked by interface/js/mail_domain_dkim.js
to generate or show the DKIM Private-key and to show the Private-key.
returns DKIM Private-Key and DKIM Public-Key
*/
/**
* This script is invoked by interface/js/mail_domain_dkim.js
* to generate or show the DKIM Private-key and to show the Private-key.
* returns DKIM Private-Key and DKIM Public-Key
*/
require_once '../../lib/config.inc.php';
......@@ -46,7 +48,6 @@ $app->auth->check_module_permissions('mail');
header('Content-Type: text/xml; charset=utf-8');
header('Cache-Control: must-revalidate, pre-check=0, no-store, no-cache, max-age=0, post-check=0');
/**
* This function fix PHP's messing up POST input containing characters space, dot,
* open square bracket and others to be compatible with with the deprecated register_globals
......@@ -64,7 +65,6 @@ function getRealPOST() {
return $vars;
}
/**
* This function formats the public-key
* @param array $pubkey
......@@ -76,32 +76,39 @@ function pub_key($pubkey) {
return $public_key;
}
function get_public_key($private_key) {
require_once('../../lib/classes/validate_dkim.inc.php');
$validate_dkim=new validate_dkim ();
if($validate_dkim->validate_post('private',$private_key)) { /* validate the $_POST-value */
exec('echo '.escapeshellarg($private_key).'|openssl rsa -pubout -outform PEM',$pubkey,$result);
$public_key=pub_key($pubkey);
} else {
$public_key='invalid key';
}
return $public_key;
}
$_POST=getRealPOST();
switch ($_POST['action']) {
case 'create': /* create DKIM Private-key */
exec('openssl rand -out /usr/local/ispconfig/server/temp/random-data.bin 4096', $output, $result);
exec('openssl genrsa -rand /usr/local/ispconfig/server/temp/random-data.bin 1024', $privkey, $result);
unlink("/usr/local/ispconfig/server/temp/random-data.bin");
$private_key='';
foreach($privkey as $values) $private_key=$private_key.$values."\n";
if($validate_dkim->validate_post('private', $private_key)) { /* validate the $_POST-value */
exec('echo '.escapeshellarg($private_key).'|openssl rsa -pubout -outform PEM', $pubkey, $result);
$public_key=pub_key($pubkey);
} else { $public_key='invalid key'; }
case 'create': /* create DKIM Private-key */
exec('openssl rand -out /usr/local/ispconfig/server/temp/random-data.bin 4096', $output, $result);
exec('openssl genrsa -rand /usr/local/ispconfig/server/temp/random-data.bin 1024', $privkey, $result);
unlink("/usr/local/ispconfig/server/temp/random-data.bin");
$private_key='';
break;
case 'show': /* show the DNS-Record onLoad */
$private_key=$_POST['pkey'];
if($validate_dkim->validate_post('private', $private_key)) { /* validate the $_POST-value */
/* get the public-key */
exec('echo '.escapeshellarg($private_key).'|openssl rsa -pubout -outform PEM', $pubkey, $result);
$public_key=pub_key($pubkey);
} else { $public_key='invalid key'; }
case 'show': /* show the DNS-Record onLoad */
$private_key=$_POST['pkey'];
break;
}
$public_key=get_public_key($private_key);
$dns_record=str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"),'',$public_key);
echo "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n";
echo "<formatname>\n";
echo "<privatekey>".$private_key."</privatekey>\n";
echo "<publickey>".$public_key."</publickey>\n";
echo "<dns_record>v=DKIM1; t=s; p=".$dns_record."</dns_record>\n";
echo "</formatname>\n";
?>
......@@ -93,10 +93,10 @@
</div>
<div class="ctrlHolder">
<textarea name="dkim_public" style="display:none;" id="dkim_public" rows='5' cols='30' readonly>{tmpl_var name='dkim_public'}</textarea>
<!--
<label for="dkim_public">{tmpl_var name='dkim_dns_txt'}</label>
<textarea name="dkim_public" id="dkim_public" rows='5' cols='30' readonly>{tmpl_var name='dkim_public'}</textarea>
-->
</div>
<div class="ctrlHolder">
<label for="dns_record">{tmpl_var name='dkim_dns_txt'}</label>
<textarea name="dns_record" id="dns_record" rows='10' cols='30' readonly>{tmpl_var name='dns_record'}</textarea>
</div>
</div>
......
......@@ -7,6 +7,7 @@ $wb['resync_shell_txt'] = 'Shell Benutzer';
$wb['resync_cron_txt'] = 'Cronjobs';
$wb['resync_db_txt'] = 'Datenbanken';
$wb['resync_mailbox_txt'] = 'E-Mail Konten';
$wb['resync_dkim_txt'] = 'DKIM-Keys';
$wb['resync_dns_txt'] = 'DNS Einträge';
$wb['btn_start_txt'] = 'Start';
$wb['btn_cancel_txt'] = 'Zurück';
......
......@@ -7,7 +7,8 @@ $wb['resync_shell_txt'] = 'Resync shell users';
$wb['resync_cron_txt'] = 'Resync cronjobs';
$wb['resync_db_txt'] = 'Resync clientdb config';
$wb['resync_mailbox_txt'] = 'Resync Mailboxes';
$wb['resync_dkim_txt'] = 'Resync DKIM-Keys';
$wb['resync_dns_txt'] = 'Resync DNS records';
$wb['btn_start_txt'] = 'Start';
$wb['btn_cancel_txt'] = 'Cancel';
?>
\ No newline at end of file
?>
......@@ -146,6 +146,20 @@ if(isset($_POST['resync_mailbox']) && $_POST['resync_mailbox'] == 1) {
}
}
//* Resyncing DKIM-Keys
if(isset($_POST['resync_dkim']) && $_POST['resync_dkim'] == 1) {
$db_table = 'mail_domain';
$index_field = 'domain_id';
$sql = "SELECT * FROM ".$db_table." WHERE active = 'y' AND dkim = 'y'";
$records = $app->db->queryAllRecords($sql);
if(is_array($records)) {
foreach($records as $rec) {
$app->db->datalogUpdate($db_table, $rec, $index_field, $rec[$index_field], true);
$msg .= "Resynced DKIM-Key: ".$rec['domain'].'<br />';
}
}
}
//* Resyncing dns zones
if(isset($_POST['resync_dns']) && $_POST['resync_dns'] == 1) {
$zones = $app->db->queryAllRecords("SELECT id,origin,serial FROM dns_soa WHERE active = 'Y'");
......
......@@ -41,6 +41,12 @@
<input id="resync_mailbox" type="checkbox" value="1" name="resync_mailbox" />
</div>
</div>
<div class="ctrlHolder">
<p class="label">{tmpl_var name="resync_dkim_txt"}</p>
<div class="multiField">
<input id="resync_dkim" type="checkbox" value="1" name="resync_dkim" />
</div>
</div>
<div class="ctrlHolder">
<p class="label">{tmpl_var name="resync_dns_txt"}</p>
<div class="multiField">
......
......@@ -41,7 +41,6 @@ class mail_plugin_dkim {
// private variables
var $action = '';
/**
* This function is called during ispconfig installation to determine
* if a symlink shall be created for this plugin.
......@@ -57,7 +56,6 @@ class mail_plugin_dkim {
}
/**
* This function is called when the plugin is loaded
*/
......@@ -71,7 +69,6 @@ class mail_plugin_dkim {
$app->plugins->registerEvent('mail_domain_update', $this->plugin_name, 'domain_dkim_update');
}
/**
* This function gets the amavisd-config file
* @return string path to the amavisd-config for dkim-keys
......@@ -92,7 +89,6 @@ class mail_plugin_dkim {
return $amavis_configfile;
}
/**
* This function checks the relevant configs and disables dkim for the domain
* if the directory for dkim is not writeable or does not exist
......@@ -122,10 +118,6 @@ class mail_plugin_dkim {
return $check;
}
/**
* This function restarts amavis
*/
......@@ -163,7 +155,6 @@ class mail_plugin_dkim {
return $success;
}
/**
* This function removes the keyfiles
* @param string $key_file full path to the key-file
......@@ -181,7 +172,6 @@ class mail_plugin_dkim {
} else $app->log('Unable to delete the DKIM Public-key for '.$key_domain.' (not found).', LOGLEVEL_DEBUG);
}
/**
* This function adds the entry to the amavisd-config
* @param string $key_domain mail-domain
......@@ -190,14 +180,17 @@ class mail_plugin_dkim {
global $app, $mail_config;
$amavis_config = file_get_contents($this->get_amavis_config());
$key_value="dkim_key('".$key_domain."', 'default', '".$mail_config['dkim_path']."/".$key_domain.".private');\n";
if(strpos($amavis_config, $key_value) !== false) $amavis_config = str_replace($key_value, '', $amavis_config);
if (!file_put_contents($this->get_amavis_config(), $key_value, FILE_APPEND) === false) {
$app->log('Adding DKIM Private-key to amavis-config.', LOGLEVEL_DEBUG);
$this->restart_amavis();
if(strpos($amavis_config, $key_value) === false) {
$amavis_config = str_replace($key_value, '', $amavis_config);
if (!file_put_contents($this->get_amavis_config(), $key_value, FILE_APPEND) === false) {
$app->log('Adding DKIM Private-key to amavis-config.', LOGLEVEL_DEBUG);
$this->restart_amavis();
}
} else {
$app->log('DKIM Private-key already in amavis-config.',LOGLEVEL_DEBUG);
}
}
/**
* This function removes the entry from the amavisd-config
* @param string $key_domain mail-domain
......@@ -220,7 +213,6 @@ class mail_plugin_dkim {
} else $app->log('Unable to delete the DKIM settings from amavis-config for '.$key_domain.'.', LOGLEVEL_ERROR);
}
/**
* This function controlls new key-files and amavisd-entries
* @param array $data mail-settings
......@@ -242,7 +234,6 @@ class mail_plugin_dkim {
}
}
/**
* This function controlls the removement of keyfiles (public and private)
* and the entry in the amavisd-config
......@@ -257,16 +248,14 @@ class mail_plugin_dkim {
$this->remove_from_amavis($_data['domain']);
}
/**
* Function called by onLoad
* deletes dkim-keys
*/
function domain_dkim_delete($event_name, $data) {
if (isset($data['old']['dkim']) && $data['old']['dkim'] == 'y') $this->remove_dkim($data['old']);
if (isset($data['old']['dkim']) && $data['old']['dkim'] == 'y' && $data['old']['active'] == 'y') $this->remove_dkim($data['old']);
}
/**
* Function called by onLoad
* insert dkim-keys
......@@ -277,38 +266,53 @@ class mail_plugin_dkim {
}
}
/**
* Function called by onLoad
* chang dkim-settings
*/
function domain_dkim_update($event_name, $data) {
global $app;
/* get the config */
if (isset($data['new']['dkim']) && $data['new']['dkim']=='y') { /* DKIM enabled */
if ($this->check_system($data)) {
/* new domain-name */
if ($data['old']['domain'] != $data['new']['domain']) {
if ($this->check_system($data)) {
/* maildomain disabled */
if ($data['new']['active'] == 'n' && $data['old']['active'] == 'y') {
$app->log('Maildomain '.$data['new']['domain'].' disabled - remove DKIM-settings', LOGLEVEL_DEBUG);
if ($data['new']['dkim']=='y') {
$this->remove_dkim($data['new']);
}
if ($data['old']['dkim']=='y') {
$this->remove_dkim($data['old']);
}
}
/* maildomain re-enabled */
if ($data['new']['active'] == 'y' && $data['old']['active'] == 'n') {
if ($data['new']['dkim']=='y') {
$this->add_dkim($data);
}
/* new key */
if (($data['old']['dkim_private'] != $data['new']['dkim_private']) || ($data['old']['dkim'] != $data['new']['dkim'])) {
if ($data['new']['dkim_private'] != $data['old']['dkim_private']) $this->remove_dkim($data['new']);
}
/* maildomain active - only dkim changes */
if ($data['new']['active'] == 'y' && $data['old']['active'] == 'y') {
/* dkim disabled */
if ($data['new']['dkim'] != $data['old']['dkim'] && $data['new']['dkim'] == 'n') {
$this->remove_dkim($data['new']);
}
/* dkim enabled */
elseif ($data['new']['dkim'] != $data['old']['dkim'] && $data['new']['dkim'] == 'y') {
$this->add_dkim($data);
}
/* change active (on / off) */
if ($data['old']['active'] != $data['new']['active']) {
if ($data['new']['active'] == 'y') {
$this->add_dkim($data);
} else {
$this->remove_dkim($data['new']);
}
/* new private-key or new domain-name */
if ($data['new']['dkim_private'] != $data['old']['dkim_private'] || $data['new']['domain'] != $data['old']['domain']) {
$this->remove_dkim($data['old']);
$this->add_dkim($data);
}
}
/* resync */
if ($data['new']['active'] == 'y' && $data['new'] == $data['old']) {
$this->add_dkim($data);
}
}
if (isset($data['new']['dkim']) && $data['old']['dkim'] != $data['new']['dkim'])
if ($this->check_system($data) && $data['new']['dkim'] == 'n') $this->remove_dkim($data['new']);
}
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment