From 5de1ce81e51bb6c1b9a4c573132eb223748daf06 Mon Sep 17 00:00:00 2001
From: Florian Schaal <florian@schaal-24.de>
Date: Fri, 05 Sep 2014 08:23:31 -0400
Subject: [PATCH] auto create / update dns-records for dkim-handling

---
 interface/web/mail/mail_domain_dkim_create.php |   57 ++++++++++++++++++++++++++++++++++++++++++++++++++-------
 1 files changed, 50 insertions(+), 7 deletions(-)

diff --git a/interface/web/mail/mail_domain_dkim_create.php b/interface/web/mail/mail_domain_dkim_create.php
index 0f636b1..084f2a5 100644
--- a/interface/web/mail/mail_domain_dkim_create.php
+++ b/interface/web/mail/mail_domain_dkim_create.php
@@ -32,7 +32,7 @@
 /**
 * This script is invoked by interface/js/mail_domain_dkim.js
 * to generate or show the DKIM Private-key and to show the Private-key.
-* returns DKIM Private-Key and DKIM Public-Key
+* returns DKIM keys, selector, and dns-record
 */
 
 
@@ -40,13 +40,21 @@
 require_once '../../lib/app.inc.php';
 require_once '../../lib/classes/validate_dkim.inc.php';
 
-$validate_dkim=new validate_dkim ();
-
 //* Check permissions for module
 $app->auth->check_module_permissions('mail');
 
 header('Content-Type: text/xml; charset=utf-8');
 header('Cache-Control: must-revalidate, pre-check=0, no-store, no-cache, max-age=0, post-check=0');
+
+function validate_domain($domain) {
+	$regex = '/^[\w\.\-]{2,255}\.[a-zA-Z0-9\-]{2,30}$/';
+	return preg_match($regex, $domain);
+}
+
+function validate_selector($selector) {
+	$regex = '/^[a-z0-9]{0,63}$/';
+	return preg_match($regex, $selector);
+}
 
 /**
  * This function fix PHP's messing up POST input containing characters space, dot,
@@ -77,7 +85,6 @@
 }
 
 function get_public_key($private_key) {
-	require_once('../../lib/classes/validate_dkim.inc.php');
 	$validate_dkim=new validate_dkim ();
 	if($validate_dkim->validate_post('private',$private_key)) { /* validate the $_POST-value */
 		exec('echo '.escapeshellarg($private_key).'|openssl rsa -pubout -outform PEM 2> /dev/null',$pubkey,$result);
@@ -88,27 +95,63 @@
 	return $public_key;
 }
 
-$_POST=getRealPOST();
+/**
+ * This function updates the selector if a new key-pair was created
+ * and the selector is already used in the dns-record
+ * @param string $old_selector
+ * @return string selector
+ */
+function new_selector ($old_selector, $domain) {
+	global $app;
+	//* validate post-values
+	if ( validate_domain($domain) && validate_selector($old_selector) ) {
+		//* get active selectors from dns
+		$soa_rec = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE active = 'Y' AND origin = ?", $domain.'.');
+		if ( isset($soa_rec) && !empty($soa_rec) ) {
+			//* check for a dkim-record in the dns?
+			$dns_data = $app->db->queryOneRecord("SELECT name FROM dns_rr WHERE name = ? AND active = 'Y'", $old_selector.'._domainkey.'.$domain.'.');
+			$selector = str_replace( '._domainkey.'.$domain.'.', '', $dns_data['name']);
+				if ( $old_selector == $selector) {
+					$selector = substr($old_selector, 0, 53) . time(); //* add unix-timestamp to delimiter to allow old and new key in the dns
+				} else {
+					$selector = $old_selector;
+				}
+		}
+	} else {
+		$selector = 'invalid domain or selector';
+	}
+	return $selector;
+}
 
 switch ($_POST['action']) {
 	case 'create': /* create DKIM Private-key */
+		$_POST=getRealPOST();
 		exec('openssl rand -out /usr/local/ispconfig/server/temp/random-data.bin 4096 2> /dev/null', $output, $result);
 		exec('openssl genrsa -rand /usr/local/ispconfig/server/temp/random-data.bin 1024 2> /dev/null', $privkey, $result);
 		unlink("/usr/local/ispconfig/server/temp/random-data.bin");
 		foreach($privkey as $values) $private_key=$private_key.$values."\n";
+		//* check the selector for updated dkim-settings only
+		if ( isset($_POST['dkim_public']) && !empty($_POST['dkim_public']) ) $selector = new_selector($_POST['dkim_selector'], $_POST['domain']); 
 	break;
 
 	case 'show': /* show the DNS-Record onLoad */
-		$private_key=$_POST['pkey'];
+		$private_key=$_POST['dkim_private'];
 	break;
 }
 
 $public_key=get_public_key($private_key);
 $dns_record=str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"),'',$public_key);
+
+if ( !isset($selector) ) {
+	if ( validate_selector($_POST['dkim_selector']) ) $selector=$_POST['dkim_selector']; 
+}
 echo "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n";
 echo "<formatname>\n";
+echo "<selector>".$selector."</selector>\n";
 echo "<privatekey>".$private_key."</privatekey>\n";
 echo "<publickey>".$public_key."</publickey>\n";
-echo "<dns_record>v=DKIM1; t=s; p=".$dns_record."</dns_record>\n";
+if ( validate_domain($_POST['domain']) ) {
+	echo '<dns_record>'.$selector.'_domainkey.'.$_POST['domain'].'. 3600	TXT	"v=DKIM1; t=s; p='.$dns_record.'"</dns_record>';
+}
 echo "</formatname>\n";
 ?>

--
Gitblit v1.9.1