From e7f6671a878e9eb4526c7a1102687fd3ae637bbd Mon Sep 17 00:00:00 2001 From: Herman van Rink Date: Sun, 14 Apr 2024 21:19:56 +0200 Subject: [PATCH 1/2] Cleanup ajax code to generate a DKIM key, #6689 --- interface/web/mail/ajax_get_json.php | 82 +++++-------------- .../web/mail/templates/mail_domain_edit.htm | 8 +- 2 files changed, 23 insertions(+), 67 deletions(-) diff --git a/interface/web/mail/ajax_get_json.php b/interface/web/mail/ajax_get_json.php index d5b4d7edd7..91695b4c5d 100644 --- a/interface/web/mail/ajax_get_json.php +++ b/interface/web/mail/ajax_get_json.php @@ -40,7 +40,6 @@ $type = $_GET['type']; $domain_id = $app->functions->idn_encode($_GET['domain_id']); if($type == 'create_dkim' && $domain_id != ''){ - $dkim_public = $_GET['dkim_public']; $dkim_selector = $_GET['dkim_selector']; $domain = $domain_id; if(is_numeric($domain_id)) { @@ -49,74 +48,37 @@ if($type == 'create_dkim' && $domain_id != ''){ } $rec = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = ?", $domain); $server_id = $rec['server_id']; - $maildomain = $rec['domain']; unset($rec); $mail_config = $app->getconf->get_server_config($server_id, 'mail'); $dkim_strength = $app->functions->intval($mail_config['dkim_strength']); if ($dkim_strength == '' || $dkim_strength == 0 ) $dkim_strength = 2048; - $rnd_val = $dkim_strength * 10; - $app->system->exec_safe('openssl rand -out ../../temp/random-data.bin '.$rnd_val.' 2> /dev/null'); - $app->system->exec_safe('openssl genrsa -rand ../../temp/random-data.bin '.$dkim_strength.' 2> /dev/null'); - $privkey = $app->system->last_exec_out(); - unlink("../../temp/random-data.bin"); - $dkim_private=''; - foreach($privkey as $values) $dkim_private=$dkim_private.$values."\n"; + // Generate a new private key. + $dkim_private = openssl_pkey_new(['private_key_bits' => $dkim_strength]); + $dkim_private_pem = ''; + openssl_pkey_export($dkim_private, $dkim_private_pem); + $dkim_public = openssl_pkey_get_details($dkim_private)['key']; - if ($dkim_public != '' && $maildomain != '') { - if (validate_domain($domain) && validate_selector($dkim_selector) ) { - //* get active selectors from dns - $soa_rec = $app->db->queryOneRecord("SELECT origin FROM dns_soa WHERE active = 'Y' AND origin = ?", $domain.'.'); - if (isset($soa_rec) && !empty($soa_rec)) { - //* check for a dkim-record in the dns? - $dns_data = $app->db->queryOneRecord("SELECT name FROM dns_rr WHERE name = ? AND active = 'Y'", $dkim_selector.'._domainkey.'.$domain.'.'); - if (!empty($dns_data)){ - $selector = str_replace( '._domainkey.'.$domain.'.', '', $dns_data['name']); - } else { - } - } - if ($dkim_selector == $selector || !isset($selector)) { - $selector = substr($old_selector,0,53).time(); //* add unix-timestamp to delimiter to allow old and new key in the dns - } - } else { - $selector = 'invalid domain or selector'; - } - unset($dkim_public); - $app->system->exec_safe('echo ?|openssl rsa -pubout -outform PEM 2> /dev/null', $dkim_private); - $pubkey = $app->system->last_exec_out(); - foreach($pubkey as $values) $dkim_public=$dkim_public.$values."\n"; - $selector = $dkim_selector; - } else { - unset($dkim_public); - $app->system->exec_safe('echo ?|openssl rsa -pubout -outform PEM 2> /dev/null', $dkim_private); - $pubkey = $app->system->last_exec_out(); - foreach($pubkey as $values) $dkim_public=$dkim_public.$values."\n"; - $selector = $dkim_selector; + if (!validate_selector($dkim_selector) ) { + $dkim_selector = 'invalid selector'; } - $dns_record=str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"),'',$dkim_public); - $dns_record = str_replace(array("\r\n", "\n", "\r"),'',$dns_record); - - $dkim_private=json_encode($dkim_private); - $dkim_private=substr($dkim_private, 1, -1); - - $dkim_public=json_encode($dkim_public); - $dkim_public=substr($dkim_public, 1, -1); - - $json = '{'; - $json .= '"dkim_private":"'.$dkim_private.'"'; - $json .= ',"dkim_public":"'.$dkim_public.'"'; - $json .= ',"dkim_selector":"'.$selector.'"'; - $json .= ',"dns_record":"'.$dns_record.'"'; - $json .= ',"domain":"'.$domain.'"'; - $json .= '}'; + $dns_key = str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"), '', $dkim_public); + $dkim_txt_data = 'v=DKIM1; t=s; p=' . $dns_key; + $dns_record = $dkim_selector . '._domainkey.' . $domain . '. 3600 IN TXT "' . $dkim_txt_data . '"'; + + $output = [ + 'dkim_private' => $dkim_private_pem, + 'dkim_public' => $dkim_public, + 'dkim_selector' => $dkim_selector, + 'dns_record' => $dns_record, + 'domain' => $domain, + ]; + header('Content-type: application/json'); + echo json_encode($output); } -header('Content-type: application/json'); -echo $json; - -function validate_domain($domain) { - $regex = '/^[\w\.\-]{1,255}\.[a-zA-Z0-9\-]{2,63}$/'; - if ( preg_match($regex, $domain) === 1 ) return true; else return false; +else { + // Invalid } function validate_selector($selector) { diff --git a/interface/web/mail/templates/mail_domain_edit.htm b/interface/web/mail/templates/mail_domain_edit.htm index cc7031b787..396676442c 100644 --- a/interface/web/mail/templates/mail_domain_edit.htm +++ b/interface/web/mail/templates/mail_domain_edit.htm @@ -154,21 +154,15 @@ function getDKIM() { var domain_id = jQuery('#domain').val(); var dkim_selector = jQuery('#dkim_selector').val(); - var dkim_public = jQuery('#dkim_public').val(); jQuery.getJSON('mail/ajax_get_json.php'+ '?' + Math.round(new Date().getTime()), { domain_id : domain_id, - dkim_public : dkim_public, dkim_selector : dkim_selector, type : "create_dkim" }, function(data) { - var dkim_txt = 'v=DKIM1; t=s; p=' + data['dns_record'].replace(/(\r\n|\n|\r)/gm, ""); - //var dns=data['dkim_selector'] + '._domainkey.' + data['domain'] + '. 3600 IN TXT ' + dkim_txt.match(new RegExp('.{1,' + '200' + '}', 'g')).map(chunk => '"' + chunk + '"').join(''); - var dns=data['dkim_selector'] + '._domainkey.' + data['domain'] + '. 3600 IN TXT "' + dkim_txt + '"'; - $("#dkim_selector").val(data.dkim_selector); $("#dkim_public").val(data.dkim_public); $("#dkim_private").val(data.dkim_private); - $("#dns_record").val(dns); + $("#dns_record").val(data.dns_record); $('#dkim').prop("checked", true); }); }; -- GitLab From f1a3a528023c992c0e8fe3d7da673fc2d7796a38 Mon Sep 17 00:00:00 2001 From: Herman van Rink Date: Sun, 14 Apr 2024 21:21:51 +0200 Subject: [PATCH 2/2] Unused query value --- interface/web/mail/ajax_get_json.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/interface/web/mail/ajax_get_json.php b/interface/web/mail/ajax_get_json.php index 91695b4c5d..7dda661572 100644 --- a/interface/web/mail/ajax_get_json.php +++ b/interface/web/mail/ajax_get_json.php @@ -46,7 +46,7 @@ if($type == 'create_dkim' && $domain_id != ''){ $temp = $app->db->queryOneRecord("SELECT domain FROM domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), $domain_id); $domain = $temp['domain']; } - $rec = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = ?", $domain); + $rec = $app->db->queryOneRecord("SELECT server_id FROM mail_domain WHERE domain = ?", $domain); $server_id = $rec['server_id']; unset($rec); $mail_config = $app->getconf->get_server_config($server_id, 'mail'); -- GitLab