From 48af7df6c6e68b6b5d2b0fff5231fe12ef561025 Mon Sep 17 00:00:00 2001 From: tbrehm Date: Fri, 5 Jul 2013 10:50:37 +0000 Subject: [PATCH] Updated dkim support. --- install/sql/incremental/upd_0052.sql | 7 +- interface/lib/classes/validate_dkim.inc.php | 41 +++-- interface/web/dns/dns_dkim_edit.php | 142 +++++++++++++++ interface/web/dns/dns_dkim_get.php | 91 ++++++++++ interface/web/dns/dns_wizard.php | 28 +-- interface/web/dns/form/dns_dkim.tform.php | 154 ++++++++++++++++ interface/web/dns/form/dns_template.tform.php | 27 +-- interface/web/dns/lib/lang/en_dns_dkim.lng | 8 + interface/web/dns/lib/lang/en_dns_wizard.lng | 21 +-- interface/web/dns/templates/dns_a_list.htm | 13 +- interface/web/dns/templates/dns_dkim_edit.htm | 38 ++++ interface/web/dns/templates/dns_wizard.htm | 17 +- interface/web/js/dns_dkim.js | 73 ++++++++ interface/web/js/mail_domain_dkim.js | 72 ++++++++ .../web/mail/lib/lang/en_mail_domain.lng | 13 +- .../web/mail/mail_domain_dkim_create.php | 105 +++++------ .../web/mail/templates/mail_domain_edit.htm | 69 ++----- .../mail_plugin_dkim.inc.php | 170 ++++++++---------- 18 files changed, 827 insertions(+), 262 deletions(-) create mode 100644 interface/web/dns/dns_dkim_edit.php create mode 100644 interface/web/dns/dns_dkim_get.php create mode 100644 interface/web/dns/form/dns_dkim.tform.php create mode 100644 interface/web/dns/lib/lang/en_dns_dkim.lng create mode 100644 interface/web/dns/templates/dns_dkim_edit.htm create mode 100644 interface/web/js/dns_dkim.js create mode 100644 interface/web/js/mail_domain_dkim.js diff --git a/install/sql/incremental/upd_0052.sql b/install/sql/incremental/upd_0052.sql index b8e3829a1f..346589b7a4 100644 --- a/install/sql/incremental/upd_0052.sql +++ b/install/sql/incremental/upd_0052.sql @@ -1,3 +1,4 @@ -ALTER TABLE `mail_domain` ADD `dkim_public` MEDIUMTEXT NOT NULL AFTER `domain`; -ALTER TABLE `mail_domain` ADD `dkim_private` MEDIUMTEXT NOT NULL AFTER `domain`; -ALTER TABLE `mail_domain` ADD `dkim` ENUM( 'n', 'y' ) NOT NULL AFTER `domain`; +ALTER TABLE `client_template` CHANGE `limit_aps` `limit_aps` INT( 11 ) NOT NULL DEFAULT '-1'; +ALTER TABLE `mail_domain` ADD `dkim_public` MEDIUMTEXT NOT NULL AFTER `domain`; +ALTER TABLE `mail_domain` ADD `dkim_private` MEDIUMTEXT NOT NULL AFTER `domain`; +ALTER TABLE `mail_domain` ADD `dkim` ENUM( 'n', 'y' ) NOT NULL AFTER `domain`; diff --git a/interface/lib/classes/validate_dkim.inc.php b/interface/lib/classes/validate_dkim.inc.php index fccd45765d..12c0945875 100644 --- a/interface/lib/classes/validate_dkim.inc.php +++ b/interface/lib/classes/validate_dkim.inc.php @@ -42,19 +42,38 @@ class validate_dkim { /* Validator function for private DKIM-Key */ function check_private_key($field_name, $field_value, $validator) { - $dkim_enabled=$_POST['dkim']; - if ($dkim_enabled == 'y') { - if (empty($field_value)) return $this->get_error($validator['errmsg']); - exec('echo "'.$field_value.'"|openssl rsa -check',$output,$result); - if($result != 0) return $this->get_error($validator['errmsg']); - } - } + $dkim_enabled=$_POST['dkim']; + if ($dkim_enabled == 'y') { + if (empty($field_value)) return $this->get_error($validator['errmsg']); + exec('echo '.escapeshellarg($field_value).'|openssl rsa -check',$output,$result); + if($result != 0) return $this->get_error($validator['errmsg']); + } + } /* Validator function for DKIM Path */ function check_dkim_path($field_name, $field_value, $validator) { if(empty($field_value)) return $this->get_error($validator['errmsg']); if (substr(sprintf('%o', fileperms($field_value)),-3) <= 600) - return $this->get_error($validator['errmsg']); - } - -} + return $this->get_error($validator['errmsg']); + } + + /* Check function for DNS-Template */ + function check_template($field_name, $field_value, $validator) { + $dkim=false; + foreach($field_value as $field ) { if($field == 'DKIM') $dkim=true; } + if ($dkim && $field_value[0]!='DOMAIN') return $this->get_error($validator['errmsg']); + } + + /* Validator function for $_POST */ + function validate_post($key,$value) { + switch ($key) { + case 'public': + if (preg_match("/(^-----BEGIN PUBLIC KEY-----)[a-zA-Z0-9\r\n\/\+=]{1,221}(-----END PUBLIC KEY-----(\n|\r)$)/",$value) === 1) { return true; } else { return false; } + break; + case 'private': + if (preg_match("/(^-----BEGIN RSA PRIVATE KEY-----)[a-zA-Z0-9\r\n\/\+=]{1,850}(-----END RSA PRIVATE KEY-----(\n|\r)$)/",$value) === 1) { return true; } else { return false; } + break; + } + } +} + diff --git a/interface/web/dns/dns_dkim_edit.php b/interface/web/dns/dns_dkim_edit.php new file mode 100644 index 0000000000..61b0bd7fb6 --- /dev/null +++ b/interface/web/dns/dns_dkim_edit.php @@ -0,0 +1,142 @@ +auth->check_module_permissions('dns'); + +// Loading classes +$app->uses('tpl,tform,tform_actions,validate_dns'); +$app->load('tform_actions'); + +class page_action extends tform_actions { + + function onShowNew() { + global $app, $conf; + // we will check only users, not admins + if($_SESSION["s"]["user"]["typ"] == 'user') { + + // Get the limits of the client + $client_group_id = $_SESSION["s"]["user"]["default_group"]; + $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); + + // Check if the user may add another record. + if($client["limit_dns_record"] >= 0) { + $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id"); + if($tmp["number"] >= $client["limit_dns_record"]) { + $app->error($app->tform->wordbook["limit_dns_record_txt"]); + } + } + } + + parent::onShowNew(); + } + + function onSubmit() { + global $app, $conf; + // Get the parent soa record of the domain + $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r')); + // Check if Domain belongs to user + if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"]; + + // Check the client limits, if user is not the admin + if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin + // Get the limits of the client + $client_group_id = $_SESSION["s"]["user"]["default_group"]; + $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); + // Check if the user may add another record. + if($this->id == 0 && $client["limit_dns_record"] >= 0) { + $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id"); + if($tmp["number"] >= $client["limit_dns_record"]) { + $app->error($app->tform->wordbook["limit_dns_record_txt"]); + } + } + } // end if user is not admin + + // Set the server ID of the rr record to the same server ID as the parent record. + $this->dataRecord["server_id"] = $soa["server_id"]; + + // add dkim-settings to the public-key in the txt-record + $this->dataRecord['data']='v=DKIM1; t=s; p='.$this->dataRecord['data']; + $this->dataRecord['name']='default._domainkey.'.$this->dataRecord['name']; + + // Update the serial number and timestamp of the RR record + $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id); + $this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]); + $this->dataRecord["stamp"] = date('Y-m-d H:i:s'); + + // check for duplicate entry + $check=$app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ".$this->dataRecord["zone"]." AND type = '".$this->dataRecord["type"]."' AND data ='".$this->dataRecord["data"]."' AND name = '".$this->dataRecord['name']."'"); + if ($check!='') $app->tform->errorMessage .= $app->tform->wordbook["record_exists_txt"]; + + parent::onSubmit(); + } + + function onAfterInsert() { + global $app, $conf; + + //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record + $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r')); + $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id); + + //* Update the serial number of the SOA record + $soa_id = $app->functions->intval($_POST["zone"]); + $serial = $app->validate_dns->increase_serial($soa["serial"]); + $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id); + } + + function onAfterUpdate() { + global $app, $conf; + + //* Update the serial number of the SOA record + $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r')); + $soa_id = $app->functions->intval($_POST["zone"]); + $serial = $app->validate_dns->increase_serial($soa["serial"]); + $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id); + } +} + +$page = new page_action; +$page->onLoad(); + +?> diff --git a/interface/web/dns/dns_dkim_get.php b/interface/web/dns/dns_dkim_get.php new file mode 100644 index 0000000000..6b8b90b4c2 --- /dev/null +++ b/interface/web/dns/dns_dkim_get.php @@ -0,0 +1,91 @@ +auth->check_module_permissions('dns'); + +global $app, $conf; + +// Loading classes +$app->uses('tform,tform_actions'); + +header('Content-Type: text/xml; charset=utf-8'); +header('Cache-Control: must-revalidate, pre-check=0, no-store, no-cache, max-age=0, post-check=0'); + +/* + This function fix PHP's messing up POST input containing characters space, dot, + open square bracket and others to be compatible with with the deprecated register_globals +*/ +function getRealPOST() { + $pairs = explode("&", file_get_contents("php://input")); + $vars = array(); + foreach ($pairs as $pair) { + $nv = explode("=", $pair, 2); + $name = urldecode($nv[0]); + $value = $nv[1]; + $vars[$name] = $value; + } + return $vars; +} +function pub_key($pubkey) { + $public_key=''; + foreach($pubkey as $values) $public_key=$public_key.$values; + return $public_key; +} + +$_POST=getRealPost(); + +if (ctype_digit($_POST['zone'])) { + // Get the parent soa record of the domain + $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->db->quote($_POST['zone'])."' AND ".$app->tform->getAuthSQL('r')); + + $public_key=$app->db->queryOneRecord("SELECT dkim_public FROM mail_domain WHERE domain = '".substr_replace($soa['origin'],'',-1)."' AND ".$app->tform->getAuthSQL('r')); + + $public_key=pub_key($public_key); + + $public_key=str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"),'',$public_key); + + echo "\n"; + echo "\n"; + echo "".$public_key."\n"; + echo "".$soa['origin']."\n"; + echo "\n"; +} +?> diff --git a/interface/web/dns/dns_wizard.php b/interface/web/dns/dns_wizard.php index aa3a1e520c..c7d70c4096 100644 --- a/interface/web/dns/dns_wizard.php +++ b/interface/web/dns/dns_wizard.php @@ -173,12 +173,20 @@ if($_POST['create'] == 1) { $tpl_content = $template_record['template']; if($_POST['domain'] != '') $tpl_content = str_replace('{DOMAIN}',$_POST['domain'],$tpl_content); if($_POST['ip'] != '') $tpl_content = str_replace('{IP}',$_POST['ip'],$tpl_content); - if($_POST['ns1'] != '') $tpl_content = str_replace('{NS1}',$_POST['ns1'],$tpl_content); - if($_POST['ns2'] != '') $tpl_content = str_replace('{NS2}',$_POST['ns2'],$tpl_content); - if($_POST['email'] != '') $tpl_content = str_replace('{EMAIL}',$_POST['email'],$tpl_content); - - // Parse the template - $tpl_rows = explode("\n",$tpl_content); + if($_POST['ns1'] != '') $tpl_content = str_replace('{NS1}',$_POST['ns1'],$tpl_content); + if($_POST['ns2'] != '') $tpl_content = str_replace('{NS2}',$_POST['ns2'],$tpl_content); + if($_POST['email'] != '') $tpl_content = str_replace('{EMAIL}',$_POST['email'],$tpl_content); + if(isset($_POST['dkim']) && preg_match('/^[\w\.\-\/]{2,255}\.[a-zA-Z0-9\-]{2,30}[\.]{0,1}$/',$_POST['domain'])) { + $public_key=$app->db->queryOneRecord("SELECT dkim_public FROM mail_domain WHERE domain = '".$app->db->quote($_POST['domain'])."' AND dkim = 'y' AND ".$app->tform->getAuthSQL('r')); + if ($public_key!='') { + $dns_record=str_replace(array("\r\n", "\n", "\r","-----BEGIN PUBLIC KEY-----","-----END PUBLIC KEY-----"),'',$public_key['dkim_public']); + $tpl_content = str_replace('{DKIM}','TXT|default._domainkey.'.$_POST['domain'].'.|v=DKIM1; t=s; p='.$dns_record,$tpl_content); + } + } + + + // Parse the template + $tpl_rows = explode("\n",$tpl_content); $section = ''; $vars = array(); $dns_rr = array(); @@ -273,7 +281,7 @@ include($lng_file); $app->tpl->setVar($wb); $app->tpl_defaults(); -$app->tpl->pparse(); - - -?> \ No newline at end of file +$app->tpl->pparse(); + + +?> diff --git a/interface/web/dns/form/dns_dkim.tform.php b/interface/web/dns/form/dns_dkim.tform.php new file mode 100644 index 0000000000..ffeee58bf6 --- /dev/null +++ b/interface/web/dns/form/dns_dkim.tform.php @@ -0,0 +1,154 @@ + 0 id must match with id of current user +$form["auth_preset"]["groupid"] = 0; // 0 = default groupid of the user, > 0 id must match with groupid of current user +$form["auth_preset"]["perm_user"] = 'riud'; //r = read, i = insert, u = update, d = delete +$form["auth_preset"]["perm_group"] = 'riud'; //r = read, i = insert, u = update, d = delete +$form["auth_preset"]["perm_other"] = ''; //r = read, i = insert, u = update, d = delete + +$form["tabs"]['dns'] = array ( + 'title' => "DNS DKIM", + 'width' => 100, + 'template' => "templates/dns_dkim_edit.htm", + 'fields' => array ( + ################################## + # Begin Datatable fields + ################################## + 'server_id' => array ( + 'datatype' => 'INTEGER', + 'formtype' => 'SELECT', + 'default' => '', + 'value' => '', + 'width' => '30', + 'maxlength' => '255' + ), + 'zone' => array ( + 'datatype' => 'INTEGER', + 'formtype' => 'TEXT', + 'default' => @$app->functions->intval($_REQUEST["zone"]), + 'value' => '', + 'width' => '30', + 'maxlength' => '255' + ), + 'name' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'TEXT', + 'filters' => array( 0 => array( 'event' => 'SAVE', + 'type' => 'IDNTOASCII'), + 1 => array( 'event' => 'SHOW', + 'type' => 'IDNTOUTF8'), + 2 => array( 'event' => 'SAVE', + 'type' => 'TOLOWER') + ), + 'validators' => array ( 0 => array ( 'type' => 'REGEX', + 'regex' => '/^[\w\.\-]{0,255}$/', + 'errmsg'=> 'name_error_regex'), + ), + 'default' => '', + 'value' => '', + 'width' => '30', + 'maxlength' => '255' + ), + 'type' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'TEXT', + 'default' => 'TXT', + 'value' => '', + 'width' => '5', + 'maxlength' => '5' + ), + 'data' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'TEXT', + 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY', + 'errmsg'=> 'data_error_empty'), + ), + 'default' => '', + 'value' => '', + 'width' => '30', + 'maxlength' => '255' + ), + 'ttl' => array ( + 'datatype' => 'INTEGER', + 'formtype' => 'TEXT', + 'default' => '86400', + 'value' => '', + 'width' => '10', + 'maxlength' => '10' + ), + 'active' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'CHECKBOX', + 'default' => 'Y', + 'value' => array(0 => 'N',1 => 'Y') + ), + 'stamp' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'TEXT', + 'default' => '', + 'value' => '', + 'width' => '30', + 'maxlength' => '255' + ), + 'serial' => array ( + 'datatype' => 'INTEGER', + 'formtype' => 'TEXT', + 'default' => '', + 'value' => '', + 'width' => '10', + 'maxlength' => '10' + ), + ################################## + # ENDE Datatable fields + ################################## + ) +); + + + +?> diff --git a/interface/web/dns/form/dns_template.tform.php b/interface/web/dns/form/dns_template.tform.php index 1f020da04c..b676d1a1f1 100644 --- a/interface/web/dns/form/dns_template.tform.php +++ b/interface/web/dns/form/dns_template.tform.php @@ -71,13 +71,18 @@ $form["tabs"]['template'] = array ( ), 'fields' => array ( 'datatype' => 'VARCHAR', - 'formtype' => 'CHECKBOXARRAY', - 'default' => '', - 'separator' => ',', - 'value' => array('DOMAIN' => 'Domain','IP' => 'IP Address','NS1' => 'NS 1','NS2' => 'NS 2','EMAIL' => 'Email') - ), - 'template' => array ( - 'datatype' => 'TEXT', + 'formtype' => 'CHECKBOXARRAY', + 'default' => '', + 'separator' => ',', + 'value' => array('DOMAIN' => 'Domain','IP' => 'IP Address','NS1' => 'NS 1','NS2' => 'NS 2','EMAIL' => 'Email', 'DKIM' => 'DKIM (use {DKIM}|0|3600 in your Template)'), + 'validators' => array ( 0 => array ('type' => 'CUSTOM', + 'class' => 'validate_dkim', + 'function' => 'check_template', + 'errmsg'=> 'dkim_domain_error'), + ), + ), + 'template' => array ( + 'datatype' => 'TEXT', 'formtype' => 'TEXTAREA', 'default' => '', 'value' => '', @@ -95,7 +100,7 @@ $form["tabs"]['template'] = array ( ################################## ) ); - - - -?> \ No newline at end of file + + + +?> diff --git a/interface/web/dns/lib/lang/en_dns_dkim.lng b/interface/web/dns/lib/lang/en_dns_dkim.lng new file mode 100644 index 0000000000..526257e909 --- /dev/null +++ b/interface/web/dns/lib/lang/en_dns_dkim.lng @@ -0,0 +1,8 @@ + diff --git a/interface/web/dns/lib/lang/en_dns_wizard.lng b/interface/web/dns/lib/lang/en_dns_wizard.lng index f7057b45c7..8759159a82 100644 --- a/interface/web/dns/lib/lang/en_dns_wizard.lng +++ b/interface/web/dns/lib/lang/en_dns_wizard.lng @@ -6,12 +6,13 @@ $wb['template_id_txt'] = 'Template'; $wb['server_id_txt'] = 'Server'; $wb['client_txt'] = 'Client'; $wb["btn_save_txt"] = 'Create DNS-Record'; -$wb["btn_cancel_txt"] = 'Cancel'; -$wb['domain_txt'] = 'Domain'; -$wb['email_txt'] = 'Email'; -$wb['ns1_txt'] = 'NS 1'; -$wb['ns2_txt'] = 'NS 2'; -$wb['ip_txt'] = 'IP Address'; +$wb["btn_cancel_txt"] = 'Cancel'; +$wb['domain_txt'] = 'Domain'; +$wb['email_txt'] = 'Email'; +$wb['dkim_txt'] = 'DKIM enabled'; +$wb['ns1_txt'] = 'NS 1'; +$wb['ns2_txt'] = 'NS 2'; +$wb['ip_txt'] = 'IP Address'; $wb['error_origin_empty'] = 'Origin empty.'; $wb['error_ns_empty'] = 'NS empty.'; $wb['error_mbox_empty'] = 'Mbox empty.'; @@ -32,7 +33,7 @@ $wb['error_email_regex'] = 'Email does not contain a valid email address.'; $wb['globalsearch_resultslimit_of_txt'] = "of"; $wb['globalsearch_resultslimit_results_txt'] = "results"; $wb['globalsearch_noresults_text_txt'] = "No results."; -$wb['globalsearch_noresults_limit_txt'] = "0 results"; -$wb['globalsearch_searchfield_watermark_txt'] = "Search"; -$wb['globalsearch_suggestions_text_txt'] = "Suggestions"; -?> \ No newline at end of file +$wb['globalsearch_noresults_limit_txt'] = "0 results"; +$wb['globalsearch_searchfield_watermark_txt'] = "Search"; +$wb['globalsearch_suggestions_text_txt'] = "Suggestions"; +?> diff --git a/interface/web/dns/templates/dns_a_list.htm b/interface/web/dns/templates/dns_a_list.htm index 549f0c345a..06c3f941e5 100644 --- a/interface/web/dns/templates/dns_a_list.htm +++ b/interface/web/dns/templates/dns_a_list.htm @@ -18,12 +18,13 @@
{tmpl_var name="toolsarea_head_txt"}
- - - - - - + + + + + + + diff --git a/interface/web/dns/templates/dns_dkim_edit.htm b/interface/web/dns/templates/dns_dkim_edit.htm new file mode 100644 index 0000000000..cbf8db941a --- /dev/null +++ b/interface/web/dns/templates/dns_dkim_edit.htm @@ -0,0 +1,38 @@ +

+

+ +
+
+
+
+ + +
+
+ + +
+ +
+

{tmpl_var name='active_txt'}

+
+ {tmpl_var name='active'} +
+
+
+ + + + + +
+ +
+ + +
+
+ +
+ + diff --git a/interface/web/dns/templates/dns_wizard.htm b/interface/web/dns/templates/dns_wizard.htm index 849c5b4e15..81eb265a14 100644 --- a/interface/web/dns/templates/dns_wizard.htm +++ b/interface/web/dns/templates/dns_wizard.htm @@ -64,12 +64,17 @@
- -
- -
- - + + + + + + + + + + +
diff --git a/interface/web/js/dns_dkim.js b/interface/web/js/dns_dkim.js new file mode 100644 index 0000000000..1294fd0249 --- /dev/null +++ b/interface/web/js/dns_dkim.js @@ -0,0 +1,73 @@ +/* +Copyright (c) 2007 - 2013, Till Brehm, projektfarm Gmbh +Copyright (c) 2013, Florian Schaal, info@schaal-24.de +All rights reserved. + +Redistribution and use in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + * Neither the name of ISPConfig nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, +INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY +OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, +EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + + +This Javascript is invoked by + * dns/templates/dns_dkim_edit.htm to get the public key +*/ + var request = false; + + function setRequest(zone) { + if (window.XMLHttpRequest) {request = new XMLHttpRequest();} + else if (window.ActiveXObject) { + try {request = new ActiveXObject('Msxml2.XMLHTTP');} + catch (e) { + try {request = new ActiveXObject('Microsoft.XMLHTTP');} + catch (e) {} + } + } + if (!request) { + alert("Error creating XMLHTTP-instance"); + return false; + } else { + request.open('POST', 'dns/dns_dkim_get.php', true); + request.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); + request.send('&zone='+zone); + request.onreadystatechange = interpretRequest; + } + } + + function interpretRequest() { + switch (request.readyState) { + case 4: + if (request.status != 200) {alert("Request done but NOK\nError:"+request.status);} + else { + document.getElementsByName('data')[0].value = request.responseXML.getElementsByTagName('data')[0].firstChild.nodeValue; + document.getElementsByName('name')[0].value = request.responseXML.getElementsByTagName('name')[0].firstChild.nodeValue; + } + break; + default: + break; + } + } + +var serverType = jQuery('#zone').val(); +setRequest(serverType); + + diff --git a/interface/web/js/mail_domain_dkim.js b/interface/web/js/mail_domain_dkim.js new file mode 100644 index 0000000000..b07abc4f3e --- /dev/null +++ b/interface/web/js/mail_domain_dkim.js @@ -0,0 +1,72 @@ +/* +Copyright (c) 2007 - 2013, Till Brehm, projektfarm Gmbh +Copyright (c) 2013, Florian Schaal, info@schaal-24.de +All rights reserved. + +Redistribution and use in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + * Neither the name of ISPConfig nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, +INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY +OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, +EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + + +This Javascript is invoked by + * mail/templates/mail_domain_edit.htm to show and/or create the key-pair +*/ + var request = false; + + function setRequest(action,value,privatekey) { + if (window.XMLHttpRequest) {request = new XMLHttpRequest();} + else if (window.ActiveXObject) { + try {request = new ActiveXObject('Msxml2.XMLHTTP');} + catch (e) { + try {request = new ActiveXObject('Microsoft.XMLHTTP');} + catch (e) {} + } + } + if (!request) { + alert("Error creating XMLHTTP-instance"); + return false; + } else { + request.open('POST', 'mail/mail_domain_dkim_create.php', true); + request.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); + request.send('domain='+value+'&action='+action+'&pkey='+privatekey); + request.onreadystatechange = interpretRequest; + } + } + + function interpretRequest() { + switch (request.readyState) { + case 4: + if (request.status != 200) {alert("Request done but NOK\nError:"+request.status);} + else { + document.getElementsByName('dkim_private')[0].value = request.responseXML.getElementsByTagName('privatekey')[0].firstChild.nodeValue; + document.getElementsByName('dkim_public')[0].value = request.responseXML.getElementsByTagName('publickey')[0].firstChild.nodeValue; + } + break; + default: + break; + } + } + +var serverType = jQuery('#dkim_private').val(); +setRequest('show','{tmpl_var name="domain"}',serverType); + diff --git a/interface/web/mail/lib/lang/en_mail_domain.lng b/interface/web/mail/lib/lang/en_mail_domain.lng index 00ddf3332b..5ae48bad0b 100644 --- a/interface/web/mail/lib/lang/en_mail_domain.lng +++ b/interface/web/mail/lib/lang/en_mail_domain.lng @@ -2,12 +2,13 @@ $wb["server_id_txt"] = 'Server'; $wb["domain_txt"] = 'Domain'; $wb["type_txt"] = 'Type'; -$wb["active_txt"] = 'Active'; -$wb["dkim_txt"] = 'enable DKIM'; -$wb["dkim_private_txt"] = 'DKIM Private-key'; -$wb["dkim_generate_txt"] = 'Generate DKIM Private-key'; -$wb["dkim_dns_txt"] = 'DNS-Record (TYPE TXT)

add this record to your DNS'; -$wb["dkim_private_key_error"] = 'Invalid DKIM-Private key'; +$wb["active_txt"] = 'Active'; +$wb["dkim_txt"] = 'enable DKIM'; +$wb["dkim_private_txt"] = 'DKIM Private-key'; +$wb["dkim_public_txt"] = 'DKIM Public-key\nfor information only'; +$wb["dkim_generate_txt"] = 'Generate DKIM Private-key'; +$wb["dkim_dns_txt"] = 'DNS-Record (TYPE TXT)

add this record to your DNS'; +$wb["dkim_private_key_error"] = 'Invalid DKIM-Private key'; $wb["domain_error_empty"] = 'Domain is empty.'; $wb["domain_error_unique"] = 'Duplicate Domain.'; $wb["domain_error_regex"] = 'Invalid domain name.'; diff --git a/interface/web/mail/mail_domain_dkim_create.php b/interface/web/mail/mail_domain_dkim_create.php index 464c01cb26..aab83a6d33 100644 --- a/interface/web/mail/mail_domain_dkim_create.php +++ b/interface/web/mail/mail_domain_dkim_create.php @@ -26,21 +26,24 @@ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -/* - This script is invoked by the java-script in interface/web/mail/templates/mail_domain_edit.htm - when generating the DKIM Private-key. - - return DKIM Private-Key and DNS-record -*/ - -require_once('../../lib/config.inc.php'); -require_once('../../lib/app.inc.php'); - -//* Check permissions for module -$app->auth->check_module_permissions('mail'); - +*/ + +/* + This script is invoked by interface/web/mail/templates/mail_domain_edit.htm + to generate or show the DKIM Private-key. + + returns DKIM Private-Key and DKIM Public-Key +*/ + +require_once('../../lib/config.inc.php'); +require_once('../../lib/app.inc.php'); +require_once('../../lib/classes/validate_dkim.inc.php'); + +$validate_dkim=new validate_dkim (); + +//* Check permissions for module +$app->auth->check_module_permissions('mail'); + header('Content-Type: text/xml; charset=utf-8'); header('Cache-Control: must-revalidate, pre-check=0, no-store, no-cache, max-age=0, post-check=0'); @@ -57,38 +60,40 @@ function getRealPOST() { $value = $nv[1]; $vars[$name] = $value; } - return $vars; -} - -function dns_record() { - global $private_key; - $public_key=''; - exec('echo "'.$private_key.'"|openssl rsa -pubout -outform PEM',$pubkey,$result); - $pubkey=array_diff($pubkey,array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----')); - foreach($pubkey as $values) $public_key=$public_key.$values."\n"; - $dns_record="HOSTNAME: default._domainkey.".$_POST['domain'].".\n\nTEXT: v=DKIM1; t=s; p=".$public_key; - return $dns_record; -} - -$_POST=getRealPOST(); - -switch ($_POST['action']) { - case 'create': /* create DKIM Private-key */ - exec("openssl rand -out /usr/local/ispconfig/server/temp/random-data.bin 4096",$output,$result); - exec("openssl genrsa -rand /usr/local/ispconfig/server/temp/random-data.bin 1024",$privkey,$result); - unlink("/usr/local/ispconfig/server/temp/random-data.bin"); - $private_key=''; - foreach($privkey as $values) $private_key=$private_key.$values."\n"; - $dns_record=dns_record(); - break; - case 'show': /* show the DNS-Record onLoad */ - $private_key=$_POST['pkey']; - $dns_record=dns_record(); - break; -} -echo "\n"; -echo "\n"; -echo "".$private_key."\n"; -echo "".$dns_record."\n"; -echo "\n"; -?> + return $vars; +} + +function pub_key($pubkey) { + $public_key=''; + foreach($pubkey as $values) $public_key=$public_key.$values."\n"; + return $public_key; +} +$_POST=getRealPOST(); + +switch ($_POST['action']) { + case 'create': /* create DKIM Private-key */ + exec('openssl rand -out /usr/local/ispconfig/server/temp/random-data.bin 4096',$output,$result); + exec('openssl genrsa -rand /usr/local/ispconfig/server/temp/random-data.bin 1024',$privkey,$result); + unlink("/usr/local/ispconfig/server/temp/random-data.bin"); + $private_key=''; + foreach($privkey as $values) $private_key=$private_key.$values."\n"; + if($validate_dkim->validate_post('private',$private_key)) { /* validate the $_POST-value */ + exec('echo '.escapeshellarg($private_key).'|openssl rsa -pubout -outform PEM',$pubkey,$result); + $public_key=pub_key($pubkey); + } else { $public_key='invalid key'; } + break; + case 'show': /* show the DNS-Record onLoad */ + $private_key=$_POST['pkey']; + if($validate_dkim->validate_post('private',$private_key)) { /* validate the $_POST-value */ + /* get the public-key */ + exec('echo '.escapeshellarg($private_key).'|openssl rsa -pubout -outform PEM',$pubkey,$result); + $public_key=pub_key($pubkey); + } else { $public_key='invalid key'; } + break; +} +echo "\n"; +echo "\n"; +echo "".$private_key."\n"; +echo "".$public_key."\n"; +echo "\n"; +?> diff --git a/interface/web/mail/templates/mail_domain_edit.htm b/interface/web/mail/templates/mail_domain_edit.htm index f58c2cece9..6426e67bad 100644 --- a/interface/web/mail/templates/mail_domain_edit.htm +++ b/interface/web/mail/templates/mail_domain_edit.htm @@ -69,16 +69,17 @@
- -{tmpl_var name='dkim_generate_txt'} -
-
- - -
- - - + +{tmpl_var name='dkim_generate_txt'} + +
+ + +
+ + + + @@ -86,47 +87,7 @@ - - - - - + + + + diff --git a/server/plugins-available/mail_plugin_dkim.inc.php b/server/plugins-available/mail_plugin_dkim.inc.php index 8b098cce09..1a50cee947 100644 --- a/server/plugins-available/mail_plugin_dkim.inc.php +++ b/server/plugins-available/mail_plugin_dkim.inc.php @@ -1,13 +1,9 @@ -plugins->registerEvent('mail_domain_delete',$this->plugin_name,'domain_dkim_delete'); - $app->plugins->registerEvent('mail_domain_insert',$this->plugin_name,'domain_dkim_insert'); - $app->plugins->registerEvent('mail_domain_update',$this->plugin_name,'domain_dkim_update'); - - // Register service - $app->services->registerService('amavisd','mail_module','restartAmavisd'); - } - - /* + $app->plugins->registerEvent('mail_domain_delete',$this->plugin_name,'domain_dkim_delete'); + $app->plugins->registerEvent('mail_domain_insert',$this->plugin_name,'domain_dkim_insert'); + $app->plugins->registerEvent('mail_domain_update',$this->plugin_name,'domain_dkim_update'); + } + + /* This function gets the amavisd-config file */ - function get_amavis_config() { - $pos_config=array( - '/etc/amavisd.conf', - '/etc/amavisd.conf/50-user' - ); - $amavis_configfile=''; - foreach($pos_config as $conf) { + function get_amavis_config() { + $pos_config=array( + '/etc/amavisd.conf', + '/etc/amavisd.conf/50-user', + '/etc/amavis/conf.d/50-user' + ); + $amavis_configfile=''; + foreach($pos_config as $conf) { if (is_file($conf)) { $amavis_configfile=$conf; break; @@ -111,67 +105,58 @@ class mail_plugin_dkim { $check=false; } } else { - $app->log('Unable to write DKIM settings; Check your config!',LOGLEVEL_ERROR); - $check=false; - } - if (!$check) { - $app->db->query("UPDATE mail_domain SET dkim = 'n' WHERE domain = '".$data['new']['domain']."'"); - $app->dbmaster->query("UPDATE mail_domain SET dkim = 'n' WHERE domain = '".$data['new']['domain']."'"); - } - return $check; - } - + $app->log('Unable to write DKIM settings; Check your config!',LOGLEVEL_ERROR); + $check=false; + } + return $check; + } + /* This function restarts amavis */ function restart_amavis() { - global $app,$conf; - $initfile=$conf['init_scripts'].'/amavis'; - $app->log('Restarting amavis.',LOGLEVEL_DEBUG); - exec($conf['init_scripts'].'/amavis restart',$output); - foreach($output as $logline) $app->log($logline,LOGLEVEL_DEBUG); - } - - /* - This function writes the keyfiles (public and private) - The public-key is always created and stored into the db and local key-file - */ - function write_dkim_key($key_file,$key_value,$key_domain) { - global $app,$mailconfig; + global $app,$conf; + $initfile=$conf['init_scripts'].'/amavis'; + $app->log('Restarting amavis.',LOGLEVEL_DEBUG); + exec(escapeshellarg($conf['init_scripts']).escapeshellarg('/amavis').' restart',$output); + foreach($output as $logline) $app->log($logline,LOGLEVEL_DEBUG); + } + + /* + This function writes the keyfiles (public and private) + */ + function write_dkim_key($key_file,$key_value,$key_domain) { + global $app,$mailconfig; $success=false; if (!file_put_contents($key_file.'.private',$key_value) === false) { - $app->log('Saved DKIM Private-key to '.$key_file.'.private',LOGLEVEL_DEBUG); - $success=true; - /* now we get the DKIM Public-key */ - exec('cat "'.$key_file.'.private'.'"|openssl rsa -pubout',$pubkey,$result); - $public_key=''; - foreach($pubkey as $values) $public_key=$public_key.$values."\n"; - /* save the DKIM Public-key in dkim-dir */ - if (!file_put_contents($key_file.'.public',$public_key) === false) - $app->log('Saved DKIM Public to '.$key_domain.'.',LOGLEVEL_DEBUG); - else $app->log('Unable to save DKIM Public to '.$key_domain.'.',LOGLEVEL_WARNING); - /* store the private-key to the databse(s) */ - $app->log('Store the DKIM Public-key in database.',LOGLEVEL_DEBUG); - $app->db->query("UPDATE mail_domain SET dkim_public = '".$public_key."' WHERE domain = '".$ky_domain."'"); - $app->dbmaster->query("UPDATE mail_domain SET dkim_public = '".$public_key."' WHERE domain = '".$key_domain."'"); - } - return $success; - } + $app->log('Saved DKIM Private-key to '.$key_file.'.private',LOGLEVEL_DEBUG); + $success=true; + /* now we get the DKIM Public-key */ + exec('cat '.escapeshellarg($key_file.'.private').'|openssl rsa -pubout',$pubkey,$result); + $public_key=''; + foreach($pubkey as $values) $public_key=$public_key.$values."\n"; + /* save the DKIM Public-key in dkim-dir */ + if (!file_put_contents($key_file.'.public',$public_key) === false) + $app->log('Saved DKIM Public to '.$key_domain.'.',LOGLEVEL_DEBUG); + else $app->log('Unable to save DKIM Public to '.$key_domain.'.',LOGLEVEL_WARNING); + } + return $success; + } /* This function removes the keyfiles */ - function remove_dkim_key($key_file,$key_domain) { - global $app; - if (file_exists($key_file.'.private')) { - exec('rm -f '.$key_file.'.private'); - $app->log('Deleted the DKIM Private-key for '.$key_domain.'.',LOGLEVEL_DEBUG); - } else $app->log('Unable to delete the DKIM Private-key for '.$key_domain.' (not found).',LOGLEVEL_DEBUG); - if (file_exists($key_file.'.public')) { - exec('rm -f '.$key_file.'.public'); - $app->log('Deleted the DKIM Public-key for '.$key_domain.'.',LOGLEVEL_DEBUG); - } else $app->log('Unable to delete the DKIM Public-key for '.$key_domain.' (not found).',LOGLEVEL_DEBUG); - } + function remove_dkim_key($key_file,$key_domain) { + global $app; + if (file_exists($key_file.'.private')) { + exec('rm -f '.escapeshellarg($key_file.'.private')); + $app->log('Deleted the DKIM Private-key for '.$key_domain.'.',LOGLEVEL_DEBUG); + } else $app->log('Unable to delete the DKIM Private-key for '.$key_domain.' (not found).',LOGLEVEL_DEBUG); + if (file_exists($key_file.'.public')) { + exec('rm -f '.escapeshellarg($key_file.'.public')); + $app->log('Deleted the DKIM Public-key for '.$key_domain.'.',LOGLEVEL_DEBUG); + } else $app->log('Unable to delete the DKIM Public-key for '.$key_domain.' (not found).',LOGLEVEL_DEBUG); + } /* This function adds the entry to the amavisd-config @@ -216,15 +201,13 @@ class mail_plugin_dkim { $mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail'); if ( substr($mail_config['dkim_path'],strlen($mail_config['dkim_path'])-1) == '/' ) $mail_config['dkim_path'] = substr($mail_config['dkim_path'],0,strlen($mail_config['dkim_path'])-1); - if ($this->write_dkim_key($mail_config['dkim_path']."/".$data['new']['domain'],$data['new']['dkim_private'],$data['new']['domain'])) { - $this->add_to_amavis($data['new']['domain']); - } else { - $app->log('Error saving the DKIM Private-key for '.$data['new']['domain'].' - DKIM is now disabled for the domain.',LOGLEVEL_ERROR); - $app->db->query("UPDATE mail_domain SET dkim = 'n' WHERE domain = '".$data['new']['domain']."'"); - $app->dbmaster->query("UPDATE mail_domain SET dkim = 'n' WHERE domain = '".$data['new']['domain']."'"); - } - } - + if ($this->write_dkim_key($mail_config['dkim_path']."/".$data['new']['domain'],$data['new']['dkim_private'],$data['new']['domain'])) { + $this->add_to_amavis($data['new']['domain']); + } else { + $app->log('Error saving the DKIM Private-key for '.$data['new']['domain'].' - DKIM is not enabled for the domain.',LOGLEVEL_ERROR); + } + } + /* This function controlls the removement of keyfiles (public and private) and the entry in the amavisd-config @@ -244,15 +227,12 @@ class mail_plugin_dkim { function domain_dkim_delete($event_name,$data) { if (isset($data['old']['dkim']) && $data['old']['dkim'] == 'y') $this->remove_dkim($data['old']); } - - function domain_dkim_insert($event_name,$data) { - if (isset($data['new']['dkim']) && $data['new']['dkim']=='y' && $this->check_system($data)) { - /* if the domain is already defined, remove from amavis */ - $this->remove_from_amavis($data['new']['domain']); -// $this->remove_from_amavis("dkim_key('".$data['new']['domain']."', 'default', '".$mail_config['dkim_path']."/".$data['new']['domain'].".private');\n",$data['new']['domain']); - $this->add_dkim($data); - } - } + + function domain_dkim_insert($event_name,$data) { + if (isset($data['new']['dkim']) && $data['new']['dkim']=='y' && $this->check_system($data)) { + $this->add_dkim($data); + } + } function domain_dkim_update($event_name,$data) { global $app; -- GitLab