diff --git a/interface/web/dns/dns_dkim_edit.php b/interface/web/dns/dns_dkim_edit.php
index 46c5a1390a679c0f2301d9b3f2b72821001afe77..6bc3086d068500f95df5cb4d01a8211d30af1fa0 100644
--- a/interface/web/dns/dns_dkim_edit.php
+++ b/interface/web/dns/dns_dkim_edit.php
@@ -57,7 +57,7 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] == 'user') {
// Get the limits of the client
- $client_group_id = $_SESSION["s"]["user"]["default_group"];
+ $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
// Check if the user may add another record.
@@ -82,7 +82,7 @@ class page_action extends tform_actions {
// Check the client limits, if user is not the admin
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
- $client_group_id = $_SESSION["s"]["user"]["default_group"];
+ $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
// Check if the user may add another record.
if($this->id == 0 && $client["limit_dns_record"] >= 0) {
diff --git a/interface/web/dns/dns_soa_edit.php b/interface/web/dns/dns_soa_edit.php
index 08f6d3d6f78cf4ac6c6aa59761acdb17ed3dfa78..b66babb65f1ec41c6c719e7835870c4d15f3830a 100644
--- a/interface/web/dns/dns_soa_edit.php
+++ b/interface/web/dns/dns_soa_edit.php
@@ -117,7 +117,7 @@ class page_action extends tform_actions {
}
$app->tpl->setVar("client_group_id", $client_select);
- }
+// }
if($_SESSION["s"]["user"]["typ"] != 'admin')
{
diff --git a/interface/web/dns/dns_wizard.php b/interface/web/dns/dns_wizard.php
index f01cb57ca6bf22392fabcc0890010b78f17c6b1f..6aac2cced3d4d321d379547f8ca21cacde45157b 100644
--- a/interface/web/dns/dns_wizard.php
+++ b/interface/web/dns/dns_wizard.php
@@ -120,8 +120,8 @@ if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSIO
}
if($_SESSION["s"]["user"]["typ"] != 'admin')
-{
- $client_group_id = $_SESSION["s"]["user"]["default_group"];
+
+ $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);{
$client_dns = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
$client_dns['dns_servers_ids'] = explode(',', $client_dns['dns_servers']);
@@ -163,7 +163,7 @@ if($_POST['create'] == 1) {
if ($post_server_id)
{
- $client_group_id = $_SESSION["s"]["user"]["default_group"];
+ $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
$client['dns_servers_ids'] = explode(',', $client['dns_servers']);
diff --git a/interface/web/js/mail_domain_dkim.js b/interface/web/js/mail_domain_dkim.js
index f1f14f63578dbdf7c74c9e9562e9554bda39cdee..a9d5f0d527a395e39118ce1448f56cea7ed23aaa 100644
--- a/interface/web/js/mail_domain_dkim.js
+++ b/interface/web/js/mail_domain_dkim.js
@@ -60,6 +60,7 @@ This Javascript is invoked by
else {
document.getElementsByName('dkim_private')[0].value = request.responseXML.getElementsByTagName('privatekey')[0].firstChild.nodeValue;
document.getElementsByName('dkim_public')[0].value = request.responseXML.getElementsByTagName('publickey')[0].firstChild.nodeValue;
+ document.getElementsByName('dns_record')[0].value = request.responseXML.getElementsByTagName('dns_record')[0].firstChild.nodeValue;
}
break;
default:
diff --git a/interface/web/mail/mail_domain_dkim_create.php b/interface/web/mail/mail_domain_dkim_create.php
index 2640894c51562c968a07e3588b0e817f1586fc8c..24198a36849737cb760478ced00f829abb77370e 100644
--- a/interface/web/mail/mail_domain_dkim_create.php
+++ b/interface/web/mail/mail_domain_dkim_create.php
@@ -27,11 +27,13 @@
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
- This script is invoked by interface/js/mail_domain_dkim.js
- to generate or show the DKIM Private-key and to show the Private-key.
- returns DKIM Private-Key and DKIM Public-Key
- */
+/**
+* This script is invoked by interface/js/mail_domain_dkim.js
+* to generate or show the DKIM Private-key and to show the Private-key.
+* returns DKIM Private-Key and DKIM Public-Key
+*/
require_once '../../lib/config.inc.php';
@@ -46,7 +48,6 @@ $app->auth->check_module_permissions('mail');
header('Content-Type: text/xml; charset=utf-8');
header('Cache-Control: must-revalidate, pre-check=0, no-store, no-cache, max-age=0, post-check=0');
-
/**
* This function fix PHP's messing up POST input containing characters space, dot,
* open square bracket and others to be compatible with with the deprecated register_globals
@@ -64,7 +65,6 @@ function getRealPOST() {
return $vars;
}
-
/**
* This function formats the public-key
* @param array $pubkey
@@ -76,32 +76,39 @@ function pub_key($pubkey) {
return $public_key;
}
+function get_public_key($private_key) {
+ require_once('../../lib/classes/validate_dkim.inc.php');
+ $validate_dkim=new validate_dkim ();
+ if($validate_dkim->validate_post('private',$private_key)) { /* validate the $_POST-value */
+ exec('echo '.escapeshellarg($private_key).'|openssl rsa -pubout -outform PEM',$pubkey,$result);
+ $public_key=pub_key($pubkey);
+ } else {
+ $public_key='invalid key';
+ }
+ return $public_key;
+}
+
$_POST=getRealPOST();
switch ($_POST['action']) {
-case 'create': /* create DKIM Private-key */
- exec('openssl rand -out /usr/local/ispconfig/server/temp/random-data.bin 4096', $output, $result);
- exec('openssl genrsa -rand /usr/local/ispconfig/server/temp/random-data.bin 1024', $privkey, $result);
- unlink("/usr/local/ispconfig/server/temp/random-data.bin");
- $private_key='';
- foreach($privkey as $values) $private_key=$private_key.$values."\n";
- if($validate_dkim->validate_post('private', $private_key)) { /* validate the $_POST-value */
- exec('echo '.escapeshellarg($private_key).'|openssl rsa -pubout -outform PEM', $pubkey, $result);
- $public_key=pub_key($pubkey);
- } else { $public_key='invalid key'; }
+ case 'create': /* create DKIM Private-key */
+ exec('openssl rand -out /usr/local/ispconfig/server/temp/random-data.bin 4096', $output, $result);
+ exec('openssl genrsa -rand /usr/local/ispconfig/server/temp/random-data.bin 1024', $privkey, $result);
+ unlink("/usr/local/ispconfig/server/temp/random-data.bin");
+ $private_key='';
break;
-case 'show': /* show the DNS-Record onLoad */
- $private_key=$_POST['pkey'];
- if($validate_dkim->validate_post('private', $private_key)) { /* validate the $_POST-value */
- /* get the public-key */
- exec('echo '.escapeshellarg($private_key).'|openssl rsa -pubout -outform PEM', $pubkey, $result);
- $public_key=pub_key($pubkey);
- } else { $public_key='invalid key'; }
+
+ case 'show': /* show the DNS-Record onLoad */
+ $private_key=$_POST['pkey'];
break;
}
+
+$public_key=get_public_key($private_key);
+$dns_record=str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"),'',$public_key);
echo "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n";
echo "<formatname>\n";
echo "<privatekey>".$private_key."</privatekey>\n";
echo "<publickey>".$public_key."</publickey>\n";
+echo "<dns_record>v=DKIM1; t=s; p=".$dns_record."</dns_record>\n";
echo "</formatname>\n";
?>
diff --git a/interface/web/mail/templates/mail_domain_edit.htm b/interface/web/mail/templates/mail_domain_edit.htm
index 41cb0077ce1e9be25c108b5a9b169c45337249dc..c5230b099e00a0f5227bf5e538876fa68935560b 100644
--- a/interface/web/mail/templates/mail_domain_edit.htm
+++ b/interface/web/mail/templates/mail_domain_edit.htm
@@ -93,10 +93,10 @@
</div>
<div class="ctrlHolder">
<textarea name="dkim_public" style="display:none;" id="dkim_public" rows='5' cols='30' readonly>{tmpl_var name='dkim_public'}</textarea>
-<!--
- <label for="dkim_public">{tmpl_var name='dkim_dns_txt'}</label>
- <textarea name="dkim_public" id="dkim_public" rows='5' cols='30' readonly>{tmpl_var name='dkim_public'}</textarea>
--->
+ </div>
+ <div class="ctrlHolder">
+ <label for="dns_record">{tmpl_var name='dkim_dns_txt'}</label>
+ <textarea name="dns_record" id="dns_record" rows='10' cols='30' readonly>{tmpl_var name='dns_record'}</textarea>
</div>
</div>
diff --git a/interface/web/tools/lib/lang/de_resync.lng b/interface/web/tools/lib/lang/de_resync.lng
index 0387ae6265b891bf5fe5c9b1aca279842a5b2aa9..d18f2ff6f944150695b82353e44a28e8d1900243 100644
--- a/interface/web/tools/lib/lang/de_resync.lng
+++ b/interface/web/tools/lib/lang/de_resync.lng
@@ -7,6 +7,7 @@ $wb['resync_shell_txt'] = 'Shell Benutzer';
$wb['resync_cron_txt'] = 'Cronjobs';
$wb['resync_db_txt'] = 'Datenbanken';
$wb['resync_mailbox_txt'] = 'E-Mail Konten';
+$wb['resync_dkim_txt'] = 'DKIM-Keys';
$wb['resync_dns_txt'] = 'DNS Einträge';
$wb['btn_start_txt'] = 'Start';
$wb['btn_cancel_txt'] = 'Zurück';
diff --git a/interface/web/tools/lib/lang/en_resync.lng b/interface/web/tools/lib/lang/en_resync.lng
index f4cbf0d7fc7ce9f3faeab69ba3bfbd6cbeae1776..bfb22d05d3b9d05c9abe242d9eafe7e4930d6b1e 100644
--- a/interface/web/tools/lib/lang/en_resync.lng
+++ b/interface/web/tools/lib/lang/en_resync.lng
@@ -7,7 +7,8 @@ $wb['resync_shell_txt'] = 'Resync shell users';
$wb['resync_cron_txt'] = 'Resync cronjobs';
$wb['resync_db_txt'] = 'Resync clientdb config';
$wb['resync_mailbox_txt'] = 'Resync Mailboxes';
+$wb['resync_dkim_txt'] = 'Resync DKIM-Keys';
$wb['resync_dns_txt'] = 'Resync DNS records';
$wb['btn_start_txt'] = 'Start';
$wb['btn_cancel_txt'] = 'Cancel';
-?>
\ No newline at end of file
+?>
diff --git a/interface/web/tools/resync.php b/interface/web/tools/resync.php
index a02ac9f11621c2894e8fa85bfe6f980e27d73181..ad716f7bf7bd675171556993be7aaccf0f7cd41d 100644
--- a/interface/web/tools/resync.php
+++ b/interface/web/tools/resync.php
@@ -146,6 +146,20 @@ if(isset($_POST['resync_mailbox']) && $_POST['resync_mailbox'] == 1) {
}
}
+//* Resyncing DKIM-Keys
+if(isset($_POST['resync_dkim']) && $_POST['resync_dkim'] == 1) {
+ $db_table = 'mail_domain';
+ $index_field = 'domain_id';
+ $sql = "SELECT * FROM ".$db_table." WHERE active = 'y' AND dkim = 'y'";
+ $records = $app->db->queryAllRecords($sql);
+ if(is_array($records)) {
+ foreach($records as $rec) {
+ $app->db->datalogUpdate($db_table, $rec, $index_field, $rec[$index_field], true);
+ $msg .= "Resynced DKIM-Key: ".$rec['domain'].'<br />';
+ }
+ }
+}
+
//* Resyncing dns zones
if(isset($_POST['resync_dns']) && $_POST['resync_dns'] == 1) {
$zones = $app->db->queryAllRecords("SELECT id,origin,serial FROM dns_soa WHERE active = 'Y'");
diff --git a/interface/web/tools/templates/resync.htm b/interface/web/tools/templates/resync.htm
index f16466053c39203afa696a40eb4b099e55a2f297..2bb8b064e7cdf44e890b8fecad2d2747e68d7199 100644
--- a/interface/web/tools/templates/resync.htm
+++ b/interface/web/tools/templates/resync.htm
@@ -41,6 +41,12 @@
<input id="resync_mailbox" type="checkbox" value="1" name="resync_mailbox" />
</div>
</div>
+ <div class="ctrlHolder">
+ <p class="label">{tmpl_var name="resync_dkim_txt"}</p>
+ <div class="multiField">
+ <input id="resync_dkim" type="checkbox" value="1" name="resync_dkim" />
+ </div>
+ </div>
<div class="ctrlHolder">
<p class="label">{tmpl_var name="resync_dns_txt"}</p>
<div class="multiField">
diff --git a/server/plugins-available/mail_plugin_dkim.inc.php b/server/plugins-available/mail_plugin_dkim.inc.php
index 322ccd84677be6c62bdb24fb83d6a912f42fabbd..1d5e52169415425fe119e0f1c2e7e811083d6782 100644
--- a/server/plugins-available/mail_plugin_dkim.inc.php
+++ b/server/plugins-available/mail_plugin_dkim.inc.php
@@ -41,7 +41,6 @@ class mail_plugin_dkim {
// private variables
var $action = '';
-
/**
* This function is called during ispconfig installation to determine
* if a symlink shall be created for this plugin.
@@ -57,7 +56,6 @@ class mail_plugin_dkim {
}
-
/**
* This function is called when the plugin is loaded
*/
@@ -71,7 +69,6 @@ class mail_plugin_dkim {
$app->plugins->registerEvent('mail_domain_update', $this->plugin_name, 'domain_dkim_update');
}
-
/**
* This function gets the amavisd-config file
* @return string path to the amavisd-config for dkim-keys
@@ -92,7 +89,6 @@ class mail_plugin_dkim {
return $amavis_configfile;
}
-
/**
* This function checks the relevant configs and disables dkim for the domain
* if the directory for dkim is not writeable or does not exist
@@ -122,10 +118,6 @@ class mail_plugin_dkim {
return $check;
}
-
-
-
-
/**
* This function restarts amavis
*/
@@ -163,7 +155,6 @@ class mail_plugin_dkim {
return $success;
}
-
/**
* This function removes the keyfiles
* @param string $key_file full path to the key-file
@@ -181,7 +172,6 @@ class mail_plugin_dkim {
} else $app->log('Unable to delete the DKIM Public-key for '.$key_domain.' (not found).', LOGLEVEL_DEBUG);
}
-
/**
* This function adds the entry to the amavisd-config
* @param string $key_domain mail-domain
@@ -190,14 +180,17 @@ class mail_plugin_dkim {
global $app, $mail_config;
$amavis_config = file_get_contents($this->get_amavis_config());
$key_value="dkim_key('".$key_domain."', 'default', '".$mail_config['dkim_path']."/".$key_domain.".private');\n";
- if(strpos($amavis_config, $key_value) !== false) $amavis_config = str_replace($key_value, '', $amavis_config);
- if (!file_put_contents($this->get_amavis_config(), $key_value, FILE_APPEND) === false) {
- $app->log('Adding DKIM Private-key to amavis-config.', LOGLEVEL_DEBUG);
- $this->restart_amavis();
+ if(strpos($amavis_config, $key_value) === false) {
+ $amavis_config = str_replace($key_value, '', $amavis_config);
+ if (!file_put_contents($this->get_amavis_config(), $key_value, FILE_APPEND) === false) {
+ $app->log('Adding DKIM Private-key to amavis-config.', LOGLEVEL_DEBUG);
+ $this->restart_amavis();
+ }
+ } else {
+ $app->log('DKIM Private-key already in amavis-config.',LOGLEVEL_DEBUG);
}
}
-
/**
* This function removes the entry from the amavisd-config
* @param string $key_domain mail-domain
@@ -220,7 +213,6 @@ class mail_plugin_dkim {
} else $app->log('Unable to delete the DKIM settings from amavis-config for '.$key_domain.'.', LOGLEVEL_ERROR);
}
-
/**
* This function controlls new key-files and amavisd-entries
* @param array $data mail-settings
@@ -242,7 +234,6 @@ class mail_plugin_dkim {
}
}
-
/**
* This function controlls the removement of keyfiles (public and private)
* and the entry in the amavisd-config
@@ -257,16 +248,14 @@ class mail_plugin_dkim {
$this->remove_from_amavis($_data['domain']);
}
-
/**
* Function called by onLoad
* deletes dkim-keys
*/
function domain_dkim_delete($event_name, $data) {
- if (isset($data['old']['dkim']) && $data['old']['dkim'] == 'y') $this->remove_dkim($data['old']);
+ if (isset($data['old']['dkim']) && $data['old']['dkim'] == 'y' && $data['old']['active'] == 'y') $this->remove_dkim($data['old']);
}
-
/**
* Function called by onLoad
* insert dkim-keys
@@ -277,38 +266,53 @@ class mail_plugin_dkim {
}
}
-
/**
* Function called by onLoad
* chang dkim-settings
*/
function domain_dkim_update($event_name, $data) {
global $app;
- /* get the config */
- if (isset($data['new']['dkim']) && $data['new']['dkim']=='y') { /* DKIM enabled */
- if ($this->check_system($data)) {
- /* new domain-name */
- if ($data['old']['domain'] != $data['new']['domain']) {
+ if ($this->check_system($data)) {
+ /* maildomain disabled */
+ if ($data['new']['active'] == 'n' && $data['old']['active'] == 'y') {
+ $app->log('Maildomain '.$data['new']['domain'].' disabled - remove DKIM-settings', LOGLEVEL_DEBUG);
+ if ($data['new']['dkim']=='y') {
+ $this->remove_dkim($data['new']);
+ }
+ if ($data['old']['dkim']=='y') {
$this->remove_dkim($data['old']);
+ }
+ }
+
+ /* maildomain re-enabled */
+ if ($data['new']['active'] == 'y' && $data['old']['active'] == 'n') {
+ if ($data['new']['dkim']=='y') {
$this->add_dkim($data);
}
- /* new key */
- if (($data['old']['dkim_private'] != $data['new']['dkim_private']) || ($data['old']['dkim'] != $data['new']['dkim'])) {
- if ($data['new']['dkim_private'] != $data['old']['dkim_private']) $this->remove_dkim($data['new']);
+ }
+
+ /* maildomain active - only dkim changes */
+ if ($data['new']['active'] == 'y' && $data['old']['active'] == 'y') {
+ /* dkim disabled */
+ if ($data['new']['dkim'] != $data['old']['dkim'] && $data['new']['dkim'] == 'n') {
+ $this->remove_dkim($data['new']);
+ }
+ /* dkim enabled */
+ elseif ($data['new']['dkim'] != $data['old']['dkim'] && $data['new']['dkim'] == 'y') {
$this->add_dkim($data);
}
- /* change active (on / off) */
- if ($data['old']['active'] != $data['new']['active']) {
- if ($data['new']['active'] == 'y') {
- $this->add_dkim($data);
- } else {
- $this->remove_dkim($data['new']);
- }
+ /* new private-key or new domain-name */
+ if ($data['new']['dkim_private'] != $data['old']['dkim_private'] || $data['new']['domain'] != $data['old']['domain']) {
+ $this->remove_dkim($data['old']);
+ $this->add_dkim($data);
}
}
+
+ /* resync */
+ if ($data['new']['active'] == 'y' && $data['new'] == $data['old']) {
+ $this->add_dkim($data);
+ }
}
- if (isset($data['new']['dkim']) && $data['old']['dkim'] != $data['new']['dkim'])
- if ($this->check_system($data) && $data['new']['dkim'] == 'n') $this->remove_dkim($data['new']);
}
}