| | |
|---|
| | | /** |
|---|
| | | * This script is invoked by interface/js/mail_domain_dkim.js |
|---|
| | | * to generate or show the DKIM Private-key and to show the Private-key. |
|---|
| | | * returns DKIM Private-Key and DKIM Public-Key |
|---|
| | | * returns DKIM keys, selector, and dns-record |
|---|
| | | */ |
|---|
| | | |
|---|
| | | |
|---|
| | |
|---|
| | | require_once '../../lib/app.inc.php'; |
|---|
| | | require_once '../../lib/classes/validate_dkim.inc.php'; |
|---|
| | | |
|---|
| | | $validate_dkim=new validate_dkim (); |
|---|
| | | |
|---|
| | | //* Check permissions for module |
|---|
| | | $app->auth->check_module_permissions('mail'); |
|---|
| | | |
|---|
| | | header('Content-Type: text/xml; charset=utf-8'); |
|---|
| | | header('Cache-Control: must-revalidate, pre-check=0, no-store, no-cache, max-age=0, post-check=0'); |
|---|
| | | |
|---|
| | | function validate_domain($domain) { |
|---|
| | | $regex = '/^[\w\.\-]{2,255}\.[a-zA-Z0-9\-]{2,30}$/'; |
|---|
| | | return preg_match($regex, $domain); |
|---|
| | | } |
|---|
| | | |
|---|
| | | function validate_selector($selector) { |
|---|
| | | $regex = '/^[a-z0-9]{0,63}$/'; |
|---|
| | | return preg_match($regex, $selector); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * This function fix PHP's messing up POST input containing characters space, dot, |
|---|
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | function get_public_key($private_key) { |
|---|
| | | require_once('../../lib/classes/validate_dkim.inc.php'); |
|---|
| | | $validate_dkim=new validate_dkim (); |
|---|
| | | if($validate_dkim->validate_post('private',$private_key)) { /* validate the $_POST-value */ |
|---|
| | | exec('echo '.escapeshellarg($private_key).'|openssl rsa -pubout -outform PEM 2> /dev/null',$pubkey,$result); |
|---|
| | |
|---|
| | | return $public_key; |
|---|
| | | } |
|---|
| | | |
|---|
| | | $_POST=getRealPOST(); |
|---|
| | | /** |
|---|
| | | * This function updates the selector if a new key-pair was created |
|---|
| | | * and the selector is already used in the dns-record |
|---|
| | | * @param string $old_selector |
|---|
| | | * @return string selector |
|---|
| | | */ |
|---|
| | | function new_selector ($old_selector, $domain) { |
|---|
| | | global $app; |
|---|
| | | //* validate post-values |
|---|
| | | if ( validate_domain($domain) && validate_selector($old_selector) ) { |
|---|
| | | //* get active selectors from dns |
|---|
| | | $soa_rec = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE active = 'Y' AND origin = ?", $domain.'.'); |
|---|
| | | if ( isset($soa_rec) && !empty($soa_rec) ) { |
|---|
| | | //* check for a dkim-record in the dns? |
|---|
| | | $dns_data = $app->db->queryOneRecord("SELECT name FROM dns_rr WHERE name = ? AND active = 'Y'", $old_selector.'._domainkey.'.$domain.'.'); |
|---|
| | | $selector = str_replace( '._domainkey.'.$domain.'.', '', $dns_data['name']); |
|---|
| | | if ( $old_selector == $selector) { |
|---|
| | | $selector = substr($old_selector, 0, 53) . time(); //* add unix-timestamp to delimiter to allow old and new key in the dns |
|---|
| | | } else { |
|---|
| | | $selector = $old_selector; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } else { |
|---|
| | | $selector = 'invalid domain or selector'; |
|---|
| | | } |
|---|
| | | return $selector; |
|---|
| | | } |
|---|
| | | |
|---|
| | | switch ($_POST['action']) { |
|---|
| | | case 'create': /* create DKIM Private-key */ |
|---|
| | | $_POST=getRealPOST(); |
|---|
| | | exec('openssl rand -out /usr/local/ispconfig/server/temp/random-data.bin 4096 2> /dev/null', $output, $result); |
|---|
| | | exec('openssl genrsa -rand /usr/local/ispconfig/server/temp/random-data.bin 1024 2> /dev/null', $privkey, $result); |
|---|
| | | unlink("/usr/local/ispconfig/server/temp/random-data.bin"); |
|---|
| | | foreach($privkey as $values) $private_key=$private_key.$values."\n"; |
|---|
| | | //* check the selector for updated dkim-settings only |
|---|
| | | if ( isset($_POST['dkim_public']) && !empty($_POST['dkim_public']) ) $selector = new_selector($_POST['dkim_selector'], $_POST['domain']); |
|---|
| | | break; |
|---|
| | | |
|---|
| | | case 'show': /* show the DNS-Record onLoad */ |
|---|
| | | $private_key=$_POST['pkey']; |
|---|
| | | $private_key=$_POST['dkim_private']; |
|---|
| | | break; |
|---|
| | | } |
|---|
| | | |
|---|
| | | $public_key=get_public_key($private_key); |
|---|
| | | $dns_record=str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"),'',$public_key); |
|---|
| | | |
|---|
| | | if ( !isset($selector) ) { |
|---|
| | | if ( validate_selector($_POST['dkim_selector']) ) $selector=$_POST['dkim_selector']; |
|---|
| | | } |
|---|
| | | echo "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n"; |
|---|
| | | echo "<formatname>\n"; |
|---|
| | | echo "<selector>".$selector."</selector>\n"; |
|---|
| | | echo "<privatekey>".$private_key."</privatekey>\n"; |
|---|
| | | echo "<publickey>".$public_key."</publickey>\n"; |
|---|
| | | echo "<dns_record>v=DKIM1; t=s; p=".$dns_record."</dns_record>\n"; |
|---|
| | | if ( validate_domain($_POST['domain']) ) { |
|---|
| | | echo '<dns_record>'.$selector.'_domainkey.'.$_POST['domain'].'. 3600 TXT "v=DKIM1; t=s; p='.$dns_record.'"</dns_record>'; |
|---|
| | | } |
|---|
| | | echo "</formatname>\n"; |
|---|
| | | ?> |
|---|
