Commit c943b4a8 authored by Florian Schaal's avatar Florian Schaal

FS#2696 - More than 256 chars in DNS record and FS#3679 - allow stronger dkim-keys

parent a52ec4b6
ALTER TABLE `dns_rr` CHANGE `data` `data` TEXT NOT NULL DEFAULT ''
ALTER TABLE `ftp_user` ADD `expires` datetime NOT NULL DEFAULT '0000-00-00 00:00:00' AFTER `dl_bandwidth` ;
......@@ -450,7 +450,7 @@ CREATE TABLE `dns_rr` (
`zone` int(11) unsigned NOT NULL DEFAULT '0',
`name` varchar(255) NOT NULL DEFAULT '',
`type` enum('A','AAAA','ALIAS','CNAME','HINFO','MX','NAPTR','NS','PTR','RP','SRV','TXT') default NULL,
`data` varchar(255) NOT NULL DEFAULT '',
`data` TEXT NOT NULL DEFAULT '',
`aux` int(11) unsigned NOT NULL default '0',
`ttl` int(11) unsigned NOT NULL default '86400',
`active` enum('N','Y') NOT NULL default 'Y',
......
......@@ -33,6 +33,7 @@ module=postfix_mysql
maildir_path=/var/vmail/[domain]/[localpart]
homedir_path=/var/vmail
dkim_path=/var/lib/amavis/dkim
dkim_strength=1024
pop3_imap_daemon=courier
mail_filter_syntax=maildrop
mailuser_uid=5000
......@@ -48,6 +49,19 @@ message_size_limit=0
mailbox_quota_stats=y
realtime_blackhole_list=
overquota_notify_admin=y
q
q
q
q
q
q
q
q
q
q
q
q
q
overquota_notify_client=y
overquota_notify_freq=7
overquota_notify_onok=n
......
......@@ -72,13 +72,17 @@ class validate_dkim {
*
* @return boolean - true if $POST contains a real key-file
*/
function validate_post($key, $value) {
function validate_post($key, $value, $dkim_strength) {
$value=str_replace("\n", "", $value);
switch ($key) {
case 'public':
if (preg_match("/(^-----BEGIN PUBLIC KEY-----)[a-zA-Z0-9\r\n\/\+=]{1,221}(-----END PUBLIC KEY-----(\n|\r)?$)/", $value) === 1) { return true; } else { return false; }
break;
case 'private':
if (preg_match("/(^-----BEGIN RSA PRIVATE KEY-----)[a-zA-Z0-9\r\n\/\+=]{1,850}(-----END RSA PRIVATE KEY-----(\n|\r)?$)/", $value) === 1) { return true; } else { return false; }
if ( $dkim_strength == 1024 ) $range = "{812,816}";
if ( $dkim_strength == 2048 ) $range = "{1588,1592}";
if ( $dkim_strength == 4096 ) $range = "{3132,3136}";
if (preg_match("/^-----BEGIN RSA PRIVATE KEY-----[a-zA-Z0-9\/\+=]".$range."-----END RSA PRIVATE KEY-----$/", $value) === 1) return true; else return false;
break;
}
}
......
......@@ -313,6 +313,12 @@ $form["tabs"]['mail'] = array(
'width' => '40',
'maxlength' => '255'
),
'dkim_strength' => array(
'datatype' => 'INTEGER',
'formtype' => 'SELECT',
'default' => '1024',
'value' => array('1024' => 'normal (1024)', '2048' => 'strong (2048)', '4096' => 'very strong (4096)')
),
'relayhost_password' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
......
......@@ -198,4 +198,5 @@ $wb["v6_prefix_txt"] = 'IPv6 Prefix';
$wb["vhost_rewrite_v6_txt"] = 'Rewrite IPv6 on Mirror';
$wb["v6_prefix_length"] = 'Prefix zu lang fuer angegebene IPv6-Adresse ';
$wb['monitor_system_updates_txt'] = 'Suche nach Linux updates';
$wb['dkim_strength_txt'] = 'DKIM Stärke';
?>
......@@ -202,4 +202,5 @@ $wb["overquota_db_notify_client_txt"] = 'Send DB quota warnings to client';
$wb['monitor_system_updates_txt'] = 'Check for Linux updates';
$wb['php_handler_txt'] = "PHP Handler";
$wb['disabled_txt'] = 'Disabled';
$wb['dkim_strength_txt'] = 'DKIM strength';
?>
......@@ -159,7 +159,7 @@ $wb['backup_mode_txt'] = 'Modo de copias de seguridad';
$wb['backup_mode_userzip'] = 'Copiar archivos del usuario web en un zip';
$wb['backup_mode_rootgz'] = 'Copiar todos los archivos como usuario root';
$wb['realtime_blackhole_list_txt'] = 'Real-time Blackhole List';
$wb['realtime_blackhole_list_note_txt'] = '(Separar RBL's con comas)';
$wb['realtime_blackhole_list_note_txt'] = "(Separar RBL's con comas)";
$wb['ssl_settings_txt'] = 'Configuración SSL';
$wb['permissions_txt'] = 'Permisos';
$wb['php_settings_txt'] = 'Configuración de PHP';
......
......@@ -45,7 +45,7 @@ $wb['phpmyadmin_url_error_regex'] = 'URL de phpmyadmin no válida';
$wb['use_combobox_txt'] = 'Usar Combobox de jQuery UI';
$wb['use_loadindicator_txt'] = 'Usar indicador de carga';
$wb['f5_to_reload_js_txt'] = 'Si cambias esto, podrías tener que pulsar F5 para que tu navegador recargue las librerías JavaScript o vacíar la caché del navegador.';
$wb['client_username_web_check_disabled_txt'] = 'Desactivar comprobación de la palabra 'web' en el nombre de cliente.';
$wb['client_username_web_check_disabled_txt'] = "Desactivar comprobación de la palabra 'web' en el nombre de cliente.";
$wb['mailbox_show_autoresponder_tab_txt'] = 'Mostrar pestaña autoresponder en los detalles de la cuenta de correo';
$wb['mailbox_show_mail_filter_tab_txt'] = 'Mostrar pestaña filtro de correo en los detalles de la cuenta de correo';
$wb['mailbox_show_custom_rules_tab_txt'] = 'Mostrar pestaña filtros personalizados en los detalles de la cuenta de correo';
......
......@@ -30,7 +30,7 @@ $wb['message_size_limit_txt'] = 'Taille maximale des messages';
$wb['ip_address_txt'] = 'Adresse IP';
$wb['netmask_txt'] = 'Masque de réau';
$wb['gateway_txt'] = 'Passerelle';
$wb['hostname_txt'] = 'Hô;
$wb['hostname_txt'] = 'Hô';
$wb['nameservers_txt'] = 'Serveurs de nom';
$wb['auto_network_configuration_txt'] = 'Configuration du réau';
$wb['website_basedir_txt'] = 'Rértoire de base web';
......@@ -44,7 +44,7 @@ $wb['config_dir_txt'] = 'Rértoire de configuration';
$wb['init_script_txt'] = 'Nom du script Cron de lancement';
$wb['crontab_dir_txt'] = 'Chemin des difféntes tables Cron';
$wb['wget_txt'] = 'Chemin du programme wget';
$wb['security_level_txt'] = 'Niveau de sérité
$wb['security_level_txt'] = 'Niveau de sérité';
$wb['web_user_txt'] = 'Utilisateur Apache';
$wb['web_group_txt'] = 'Groupe Apache';
$wb['loglevel_txt'] = 'Loglevel';
......@@ -76,20 +76,20 @@ $wb['php_ini_path_cgi_txt'] = 'Chemin php.ini CGI';
$wb['php_ini_path_apache_txt'] = 'Chemin php.ini Apache';
$wb['check_apache_config_txt'] = 'Tester la configuration Apache au redérrage';
$wb['ufw_enable_txt'] = 'Enable';
$wb['ufw_manage_builtins_txt'] = 'Gér les Rées Intéé;
$wb['ufw_manage_builtins_txt'] = 'Gér les Rées Intéé';
$wb['ufw_ipv6_txt'] = 'Activer l\'IPv6';
$wb['ufw_default_input_policy_txt'] = 'Politique Entrant (Input) par déult';
$wb['ufw_default_output_policy_txt'] = 'Politique Sortant (Output) par déult';
$wb['ufw_default_forward_policy_txt'] = 'Politique de Forward par déult';
$wb['ufw_default_application_policy_txt'] = 'Politique Application par déult';
$wb['ufw_log_level_txt'] = 'Niveau de Log';
$wb['network_config_warning_txt'] = 'L\'option de configuration du réau n'est disponible QUE pour les serveurs Debian et Ubuntu. NE PAS activer cette option si votre carte réau n'est pas en eth0.';
$wb['network_config_warning_txt'] = "L\'option de configuration du réau n'est disponible QUE pour les serveurs Debian et Ubuntu. NE PAS activer cette option si votre carte réau n'est pas en eth0.";
$wb['CA_path_txt'] = 'Chemin CA';
$wb['CA_pass_txt'] = 'Mot de passe CA';
$wb['fastcgi_config_syntax_txt'] = 'FastCGI config syntax';
$wb['server_type_txt'] = 'Type de Serveur';
$wb['nginx_vhost_conf_dir_txt'] = 'Repertoire Nginx Vhost config';
$wb['nginx_vhost_conf_enabled_dir_txt'] = 'Repertoire Nginx Vhost config activé
$wb['nginx_vhost_conf_enabled_dir_txt'] = 'Repertoire Nginx Vhost config activé';
$wb['nginx_user_txt'] = 'Utilisateur Nginx';
$wb['nginx_group_txt'] = 'Gorupe Nginx';
$wb['nginx_cgi_socket_txt'] = 'Nginx CGI Socket';
......@@ -145,7 +145,7 @@ $wb['php_fpm_socket_dir_error_empty'] = 'Repertoire PHP-FPM socket est vide.';
$wb['try_rescue_txt'] = 'Activer le service de monitoring et redérrer sur éec';
$wb['do_not_try_rescue_mysql_txt'] = 'Déctiver le monitoring MySQL';
$wb['do_not_try_rescue_mail_txt'] = 'Déctiver le monitoring Email';
$wb['rescue_description_txt'] = '<b>Information:</b> Si vous voulez arreter mysql vous devez selectionner la case Déctiver le monitoring MySQL puis attendre 2 à minutes.<br>Si vous n'attendez pas 2 à minutes, rescue va tenter de redérrer mysql!';
$wb['rescue_description_txt'] = "<b>Information:</b> Si vous voulez arreter mysql vous devez selectionner la case Déctiver le monitoring MySQL puis attendre 2 à minutes.<br>Si vous n'attendez pas 2 à minutes, rescue va tenter de redérrer mysql!";
$wb['enable_sni_txt'] = 'Activer SNI';
$wb['do_not_try_rescue_httpd_txt'] = 'Déctiver le monitoring HTTPD ';
$wb['set_folder_permissions_on_update_txt'] = 'Regler les permissions des dossiers lors de mise a jour';
......@@ -155,7 +155,7 @@ $wb['connect_userid_to_webid_start_txt'] = 'ID de dért pour la liason userid/we
$wb['website_autoalias_txt'] = 'Auto alias Site web';
$wb['website_autoalias_note_txt'] = 'Placeholders:';
$wb['backup_mode_txt'] = 'Mode Sauvegarde';
$wb['backup_mode_userzip'] = 'Sauvegarder les fichiers web dont l'utilisateur est propriéire en tant que zip';
$wb['backup_mode_userzip'] = "Sauvegarder les fichiers web dont l'utilisateur est propriéire en tant que zip";
$wb['backup_mode_rootgz'] = 'Sauvegarder tous les fichiers dans le repertoire web en tant qu\'utilisateur root';
$wb['realtime_blackhole_list_txt'] = 'Blackhole (trou noir) List en temps ré';
$wb['realtime_blackhole_list_note_txt'] = '(Separer les RBL avec des virgules)';
......@@ -170,7 +170,7 @@ $wb['enable_ip_wildcard_txt'] = 'Autoriser un joker (wildcard) IP (*)';
$wb['web_folder_protection_txt'] = 'Rendre les dossiers web immuables (attributs éndus)';
$wb['overtraffic_notify_admin_txt'] = 'Envoyer notification d\'overtraffic à\'admin';
$wb['overtraffic_notify_client_txt'] = 'Envoyer notification d\'overtraffic au client';
$wb['rbl_error_regex'] = 'Merci de renseigner des noms d' RBL valides.';
$wb['rbl_error_regex'] = "Merci de renseigner des noms d'hô RBL valides.";
$wb['overquota_notify_admin_txt'] = 'Envoyer alertes quota à\'admin';
$wb['overquota_notify_client_txt'] = 'Envoyer alertes quota au client';
$wb['overquota_notify_onok_txt'] = 'Envoyer message quota ok au client';
......@@ -189,13 +189,13 @@ $wb['munin_password_txt'] = 'Mot de passe Munin';
$wb['munin_url_error_regex'] = 'URL Munin non valide ';
$wb['munin_url_note_txt'] = 'Placeholder:';
$wb['backup_dir_is_mount_txt'] = 'Repertoir de Backup/sauvegarde est un mount?';
$wb['backup_dir_mount_cmd_txt'] = 'Commande Mount, si le repertoire de sauvegarde/backup n'est pas monté
$wb['backup_dir_mount_cmd_txt'] = "Commande Mount, si le repertoire de sauvegarde/backup n'est pas monté";
$wb['monitor_system_updates_txt'] = 'Verifier pour des mises àour Linux';
$wb['dkim_path_txt'] = 'Chemin DKIM';
$wb["v6_prefix_txt"] = 'Prefix IPv6';
$wb["vhost_rewrite_v6_txt"] = 'Récrire IPv6 sur miroir';
$wb["v6_prefix_length"] = 'D\'aprèl'IPv6 déni, le préx est trop long ';
$wb["overquota_db_notify_admin_txt"] = 'Envoyer avertissement DB quota à\'admin';
$wb["vhost_rewrite_v6_txt"] = "Récrire IPv6 sur miroir";
$wb["v6_prefix_length"] = "D\'aprèl'IPv6 déni, le préx est trop long";
$wb["overquota_db_notify_admin_txt"] = "Envoyer avertissement DB quota à\'admin'";
$wb["overquota_db_notify_client_txt"] = 'Envoyer avertissement DB quota au client';
?>
......@@ -23,6 +23,14 @@
<label for="dkim_path">{tmpl_var name='dkim_path_txt'}</label>
<input name="dkim_path" id="dkim_path" value="{tmpl_var name='dkim_path'}" size="40" maxlength="255" type="text" class="textInput" />
</div>
<div class="ctrlHolder">
<p class="label">{tmpl_var name='dkim_strength_txt'}</p>
<div class="multiField">
<select name="dkim_strength" id="dkim_strength" class="selectInput">
{tmpl_var name='dkim_strength'}
</select>
</div>
</div>
<div class="ctrlHolder">
<p class="label">{tmpl_var name='pop3_imap_daemon_txt'}</p>
<div class="multiField">
......
......@@ -207,7 +207,7 @@ class page_action extends tform_actions {
if($_SESSION["s"]["user"]["typ"] != 'admin' && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
$group = $app->db->queryOneRecord("SELECT sys_group.groupid FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." AND sys_group.groupid = ".$this->dataRecord["client_group_id"]." ORDER BY client.company_name, client.contact_name, sys_group.name";
$group = $app->db->queryOneRecord("SELECT sys_group.groupid FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." AND sys_group.groupid = ".$this->dataRecord["client_group_id"]." ORDER BY client.company_name, client.contact_name, sys_group.name");
$this->dataRecord["client_group_id"] = $group["groupid"];
}
......
......@@ -84,9 +84,9 @@ function pub_key($pubkey) {
return $public_key;
}
function get_public_key($private_key) {
function get_public_key($private_key, $dkim_strength) {
$validate_dkim=new validate_dkim ();
if($validate_dkim->validate_post('private',$private_key)) { /* validate the $_POST-value */
if($validate_dkim->validate_post('private', $private_key, $dkim_strength)) { /* validate the $_POST-value */
exec('echo '.escapeshellarg($private_key).'|openssl rsa -pubout -outform PEM 2> /dev/null',$pubkey,$result);
$public_key=pub_key($pubkey);
} else {
......@@ -123,12 +123,18 @@ function new_selector ($old_selector, $domain) {
return $selector;
}
//* get dkim-strength for server_id
$mail_server_id = $app->functions->intval( $app->db->queryOneRecord("SELECT server_id from mail_domain WHERE domain = ?", $_POST['domain']) );
$dkim_strength = $app->functions->intval( $app->getconf->get_server_config($mail_server_id, 'mail')['dkim_strength'] );
if ( empty($dkim_strength) ) $dkim_strength = 1024;
switch ($_POST['action']) {
case 'create': /* create DKIM Private-key */
$rnd_val = $dkim_strength * 10;
exec('openssl rand -out ../../temp/random-data.bin '.$rnd_val.' 2> /dev/null', $output, $result);
exec('openssl genrsa -rand ../../temp/random-data.bin '.$dkim_strength.' 2> /dev/null', $privkey, $result);
unlink('../../temp/random-data.bin');
$_POST=getRealPOST();
exec('openssl rand -out /usr/local/ispconfig/server/temp/random-data.bin 4096 2> /dev/null', $output, $result);
exec('openssl genrsa -rand /usr/local/ispconfig/server/temp/random-data.bin 1024 2> /dev/null', $privkey, $result);
unlink("/usr/local/ispconfig/server/temp/random-data.bin");
foreach($privkey as $values) $private_key=$private_key.$values."\n";
//* check the selector for updated dkim-settings only
if ( isset($_POST['dkim_public']) && !empty($_POST['dkim_public']) ) $selector = new_selector($_POST['dkim_selector'], $_POST['domain']);
......@@ -139,7 +145,7 @@ switch ($_POST['action']) {
break;
}
$public_key=get_public_key($private_key);
$public_key=get_public_key($private_key, $dkim_strength);
$dns_record=str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"),'',$public_key);
if ( !isset($selector) ) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment