From c6d29c1cac7714642ec9b1bd3f82f1c1fd850c74 Mon Sep 17 00:00:00 2001
From: Florian Schaal <florian@schaal-24.de>
Date: Tue, 19 Nov 2013 16:09:51 -0500
Subject: [PATCH] add dkim-keys to the resync-tool display dns-record for dkim in the mail-domain rewrite function domain_dkim_update in server/plugins-available/mail_plugin_dkim.inc.php change dns*.php according to commit 604c0c24ba44720e052b536abb1ae992eb0ee292
---
interface/web/dns/dns_dkim_edit.php | 4
interface/web/mail/templates/mail_domain_edit.htm | 8 +-
interface/web/tools/lib/lang/de_resync.lng | 1
interface/web/js/mail_domain_dkim.js | 1
server/plugins-available/mail_plugin_dkim.inc.php | 86 +++++++++++----------
interface/web/dns/dns_wizard.php | 14 +-
interface/web/tools/resync.php | 14 +++
interface/web/tools/templates/resync.htm | 6 +
interface/web/mail/mail_domain_dkim_create.php | 53 +++++++-----
interface/web/tools/lib/lang/en_resync.lng | 3
10 files changed, 112 insertions(+), 78 deletions(-)
diff --git a/interface/web/dns/dns_dkim_edit.php b/interface/web/dns/dns_dkim_edit.php
index 46c5a13..6bc3086 100644
--- a/interface/web/dns/dns_dkim_edit.php
+++ b/interface/web/dns/dns_dkim_edit.php
@@ -57,7 +57,7 @@
if($_SESSION["s"]["user"]["typ"] == 'user') {
// Get the limits of the client
- $client_group_id = $_SESSION["s"]["user"]["default_group"];
+ $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
// Check if the user may add another record.
@@ -82,7 +82,7 @@
// Check the client limits, if user is not the admin
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
// Get the limits of the client
- $client_group_id = $_SESSION["s"]["user"]["default_group"];
+ $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
// Check if the user may add another record.
if($this->id == 0 && $client["limit_dns_record"] >= 0) {
diff --git a/interface/web/dns/dns_wizard.php b/interface/web/dns/dns_wizard.php
index 2b657a1..f220fd3 100644
--- a/interface/web/dns/dns_wizard.php
+++ b/interface/web/dns/dns_wizard.php
@@ -102,14 +102,14 @@
if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
// Get the limits of the client
- $client_group_id = $_SESSION["s"]["user"]["default_group"];
+ $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
// load the list of clients
- $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id'];
+ sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$app->functions->intval($client['client_id']);
$clients = $app->db->queryAllRecords($sql);
- $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);
+ $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
if(is_array($clients)) {
foreach( $clients as $client) {
@@ -122,8 +122,8 @@
}
if($_SESSION["s"]["user"]["typ"] != 'admin')
-{
- $client_group_id = $_SESSION["s"]["user"]["default_group"];
+
+ $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);{
$client_dns = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
$client_dns['dns_servers_ids'] = explode(',', $client_dns['dns_servers']);
@@ -149,7 +149,7 @@
}
-$template_record = $app->db->queryOneRecord("SELECT * FROM dns_template WHERE template_id = '$template_id'");
+$template_record = $app->db->queryOneRecord("SELECT * FROM dns_template WHERE template_id = '".$app->functions->intval($template_id)."'");
$fields = explode(',', $template_record['fields']);
if(is_array($fields)) {
foreach($fields as $field) {
@@ -165,7 +165,7 @@
if ($post_server_id)
{
- $client_group_id = $_SESSION["s"]["user"]["default_group"];
+ $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
$client['dns_servers_ids'] = explode(',', $client['dns_servers']);
diff --git a/interface/web/js/mail_domain_dkim.js b/interface/web/js/mail_domain_dkim.js
index f1f14f6..a9d5f0d 100644
--- a/interface/web/js/mail_domain_dkim.js
+++ b/interface/web/js/mail_domain_dkim.js
@@ -60,6 +60,7 @@
else {
document.getElementsByName('dkim_private')[0].value = request.responseXML.getElementsByTagName('privatekey')[0].firstChild.nodeValue;
document.getElementsByName('dkim_public')[0].value = request.responseXML.getElementsByTagName('publickey')[0].firstChild.nodeValue;
+ document.getElementsByName('dns_record')[0].value = request.responseXML.getElementsByTagName('dns_record')[0].firstChild.nodeValue;
}
break;
default:
diff --git a/interface/web/mail/mail_domain_dkim_create.php b/interface/web/mail/mail_domain_dkim_create.php
index 2640894..24198a3 100644
--- a/interface/web/mail/mail_domain_dkim_create.php
+++ b/interface/web/mail/mail_domain_dkim_create.php
@@ -27,11 +27,13 @@
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
- This script is invoked by interface/js/mail_domain_dkim.js
- to generate or show the DKIM Private-key and to show the Private-key.
- returns DKIM Private-Key and DKIM Public-Key
- */
+/**
+* This script is invoked by interface/js/mail_domain_dkim.js
+* to generate or show the DKIM Private-key and to show the Private-key.
+* returns DKIM Private-Key and DKIM Public-Key
+*/
require_once '../../lib/config.inc.php';
@@ -45,7 +47,6 @@
header('Content-Type: text/xml; charset=utf-8');
header('Cache-Control: must-revalidate, pre-check=0, no-store, no-cache, max-age=0, post-check=0');
-
/**
* This function fix PHP's messing up POST input containing characters space, dot,
@@ -64,7 +65,6 @@
return $vars;
}
-
/**
* This function formats the public-key
* @param array $pubkey
@@ -76,32 +76,39 @@
return $public_key;
}
+function get_public_key($private_key) {
+ require_once('../../lib/classes/validate_dkim.inc.php');
+ $validate_dkim=new validate_dkim ();
+ if($validate_dkim->validate_post('private',$private_key)) { /* validate the $_POST-value */
+ exec('echo '.escapeshellarg($private_key).'|openssl rsa -pubout -outform PEM',$pubkey,$result);
+ $public_key=pub_key($pubkey);
+ } else {
+ $public_key='invalid key';
+ }
+ return $public_key;
+}
+
$_POST=getRealPOST();
switch ($_POST['action']) {
-case 'create': /* create DKIM Private-key */
- exec('openssl rand -out /usr/local/ispconfig/server/temp/random-data.bin 4096', $output, $result);
- exec('openssl genrsa -rand /usr/local/ispconfig/server/temp/random-data.bin 1024', $privkey, $result);
- unlink("/usr/local/ispconfig/server/temp/random-data.bin");
- $private_key='';
- foreach($privkey as $values) $private_key=$private_key.$values."\n";
- if($validate_dkim->validate_post('private', $private_key)) { /* validate the $_POST-value */
- exec('echo '.escapeshellarg($private_key).'|openssl rsa -pubout -outform PEM', $pubkey, $result);
- $public_key=pub_key($pubkey);
- } else { $public_key='invalid key'; }
+ case 'create': /* create DKIM Private-key */
+ exec('openssl rand -out /usr/local/ispconfig/server/temp/random-data.bin 4096', $output, $result);
+ exec('openssl genrsa -rand /usr/local/ispconfig/server/temp/random-data.bin 1024', $privkey, $result);
+ unlink("/usr/local/ispconfig/server/temp/random-data.bin");
+ $private_key='';
break;
-case 'show': /* show the DNS-Record onLoad */
- $private_key=$_POST['pkey'];
- if($validate_dkim->validate_post('private', $private_key)) { /* validate the $_POST-value */
- /* get the public-key */
- exec('echo '.escapeshellarg($private_key).'|openssl rsa -pubout -outform PEM', $pubkey, $result);
- $public_key=pub_key($pubkey);
- } else { $public_key='invalid key'; }
+
+ case 'show': /* show the DNS-Record onLoad */
+ $private_key=$_POST['pkey'];
break;
}
+
+$public_key=get_public_key($private_key);
+$dns_record=str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"),'',$public_key);
echo "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n";
echo "<formatname>\n";
echo "<privatekey>".$private_key."</privatekey>\n";
echo "<publickey>".$public_key."</publickey>\n";
+echo "<dns_record>v=DKIM1; t=s; p=".$dns_record."</dns_record>\n";
echo "</formatname>\n";
?>
diff --git a/interface/web/mail/templates/mail_domain_edit.htm b/interface/web/mail/templates/mail_domain_edit.htm
index 41cb007..c5230b0 100644
--- a/interface/web/mail/templates/mail_domain_edit.htm
+++ b/interface/web/mail/templates/mail_domain_edit.htm
@@ -93,10 +93,10 @@
</div>
<div class="ctrlHolder">
<textarea name="dkim_public" style="display:none;" id="dkim_public" rows='5' cols='30' readonly>{tmpl_var name='dkim_public'}</textarea>
-<!--
- <label for="dkim_public">{tmpl_var name='dkim_dns_txt'}</label>
- <textarea name="dkim_public" id="dkim_public" rows='5' cols='30' readonly>{tmpl_var name='dkim_public'}</textarea>
--->
+ </div>
+ <div class="ctrlHolder">
+ <label for="dns_record">{tmpl_var name='dkim_dns_txt'}</label>
+ <textarea name="dns_record" id="dns_record" rows='10' cols='30' readonly>{tmpl_var name='dns_record'}</textarea>
</div>
</div>
diff --git a/interface/web/tools/lib/lang/de_resync.lng b/interface/web/tools/lib/lang/de_resync.lng
index 0387ae6..d18f2ff 100644
--- a/interface/web/tools/lib/lang/de_resync.lng
+++ b/interface/web/tools/lib/lang/de_resync.lng
@@ -7,6 +7,7 @@
$wb['resync_cron_txt'] = 'Cronjobs';
$wb['resync_db_txt'] = 'Datenbanken';
$wb['resync_mailbox_txt'] = 'E-Mail Konten';
+$wb['resync_dkim_txt'] = 'DKIM-Keys';
$wb['resync_dns_txt'] = 'DNS Einträge';
$wb['btn_start_txt'] = 'Start';
$wb['btn_cancel_txt'] = 'Zurück';
diff --git a/interface/web/tools/lib/lang/en_resync.lng b/interface/web/tools/lib/lang/en_resync.lng
index f4cbf0d..bfb22d0 100644
--- a/interface/web/tools/lib/lang/en_resync.lng
+++ b/interface/web/tools/lib/lang/en_resync.lng
@@ -7,7 +7,8 @@
$wb['resync_cron_txt'] = 'Resync cronjobs';
$wb['resync_db_txt'] = 'Resync clientdb config';
$wb['resync_mailbox_txt'] = 'Resync Mailboxes';
+$wb['resync_dkim_txt'] = 'Resync DKIM-Keys';
$wb['resync_dns_txt'] = 'Resync DNS records';
$wb['btn_start_txt'] = 'Start';
$wb['btn_cancel_txt'] = 'Cancel';
-?>
\ No newline at end of file
+?>
diff --git a/interface/web/tools/resync.php b/interface/web/tools/resync.php
index a02ac9f..ad716f7 100644
--- a/interface/web/tools/resync.php
+++ b/interface/web/tools/resync.php
@@ -146,6 +146,20 @@
}
}
+//* Resyncing DKIM-Keys
+if(isset($_POST['resync_dkim']) && $_POST['resync_dkim'] == 1) {
+ $db_table = 'mail_domain';
+ $index_field = 'domain_id';
+ $sql = "SELECT * FROM ".$db_table." WHERE active = 'y' AND dkim = 'y'";
+ $records = $app->db->queryAllRecords($sql);
+ if(is_array($records)) {
+ foreach($records as $rec) {
+ $app->db->datalogUpdate($db_table, $rec, $index_field, $rec[$index_field], true);
+ $msg .= "Resynced DKIM-Key: ".$rec['domain'].'<br />';
+ }
+ }
+}
+
//* Resyncing dns zones
if(isset($_POST['resync_dns']) && $_POST['resync_dns'] == 1) {
$zones = $app->db->queryAllRecords("SELECT id,origin,serial FROM dns_soa WHERE active = 'Y'");
diff --git a/interface/web/tools/templates/resync.htm b/interface/web/tools/templates/resync.htm
index f164660..2bb8b06 100644
--- a/interface/web/tools/templates/resync.htm
+++ b/interface/web/tools/templates/resync.htm
@@ -42,6 +42,12 @@
</div>
</div>
<div class="ctrlHolder">
+ <p class="label">{tmpl_var name="resync_dkim_txt"}</p>
+ <div class="multiField">
+ <input id="resync_dkim" type="checkbox" value="1" name="resync_dkim" />
+ </div>
+ </div>
+ <div class="ctrlHolder">
<p class="label">{tmpl_var name="resync_dns_txt"}</p>
<div class="multiField">
<input id="resync_dns" type="checkbox" value="1" name="resync_dns" />
diff --git a/server/plugins-available/mail_plugin_dkim.inc.php b/server/plugins-available/mail_plugin_dkim.inc.php
index 322ccd8..1d5e521 100644
--- a/server/plugins-available/mail_plugin_dkim.inc.php
+++ b/server/plugins-available/mail_plugin_dkim.inc.php
@@ -41,7 +41,6 @@
// private variables
var $action = '';
-
/**
* This function is called during ispconfig installation to determine
* if a symlink shall be created for this plugin.
@@ -57,7 +56,6 @@
}
-
/**
* This function is called when the plugin is loaded
*/
@@ -70,7 +68,6 @@
$app->plugins->registerEvent('mail_domain_insert', $this->plugin_name, 'domain_dkim_insert');
$app->plugins->registerEvent('mail_domain_update', $this->plugin_name, 'domain_dkim_update');
}
-
/**
* This function gets the amavisd-config file
@@ -91,7 +88,6 @@
}
return $amavis_configfile;
}
-
/**
* This function checks the relevant configs and disables dkim for the domain
@@ -121,10 +117,6 @@
}
return $check;
}
-
-
-
-
/**
* This function restarts amavis
@@ -163,7 +155,6 @@
return $success;
}
-
/**
* This function removes the keyfiles
* @param string $key_file full path to the key-file
@@ -181,7 +172,6 @@
} else $app->log('Unable to delete the DKIM Public-key for '.$key_domain.' (not found).', LOGLEVEL_DEBUG);
}
-
/**
* This function adds the entry to the amavisd-config
* @param string $key_domain mail-domain
@@ -190,13 +180,16 @@
global $app, $mail_config;
$amavis_config = file_get_contents($this->get_amavis_config());
$key_value="dkim_key('".$key_domain."', 'default', '".$mail_config['dkim_path']."/".$key_domain.".private');\n";
- if(strpos($amavis_config, $key_value) !== false) $amavis_config = str_replace($key_value, '', $amavis_config);
- if (!file_put_contents($this->get_amavis_config(), $key_value, FILE_APPEND) === false) {
- $app->log('Adding DKIM Private-key to amavis-config.', LOGLEVEL_DEBUG);
- $this->restart_amavis();
+ if(strpos($amavis_config, $key_value) === false) {
+ $amavis_config = str_replace($key_value, '', $amavis_config);
+ if (!file_put_contents($this->get_amavis_config(), $key_value, FILE_APPEND) === false) {
+ $app->log('Adding DKIM Private-key to amavis-config.', LOGLEVEL_DEBUG);
+ $this->restart_amavis();
+ }
+ } else {
+ $app->log('DKIM Private-key already in amavis-config.',LOGLEVEL_DEBUG);
}
}
-
/**
* This function removes the entry from the amavisd-config
@@ -220,7 +213,6 @@
} else $app->log('Unable to delete the DKIM settings from amavis-config for '.$key_domain.'.', LOGLEVEL_ERROR);
}
-
/**
* This function controlls new key-files and amavisd-entries
* @param array $data mail-settings
@@ -242,7 +234,6 @@
}
}
-
/**
* This function controlls the removement of keyfiles (public and private)
* and the entry in the amavisd-config
@@ -257,15 +248,13 @@
$this->remove_from_amavis($_data['domain']);
}
-
/**
* Function called by onLoad
* deletes dkim-keys
*/
function domain_dkim_delete($event_name, $data) {
- if (isset($data['old']['dkim']) && $data['old']['dkim'] == 'y') $this->remove_dkim($data['old']);
+ if (isset($data['old']['dkim']) && $data['old']['dkim'] == 'y' && $data['old']['active'] == 'y') $this->remove_dkim($data['old']);
}
-
/**
* Function called by onLoad
@@ -277,38 +266,53 @@
}
}
-
/**
* Function called by onLoad
* chang dkim-settings
*/
function domain_dkim_update($event_name, $data) {
global $app;
- /* get the config */
- if (isset($data['new']['dkim']) && $data['new']['dkim']=='y') { /* DKIM enabled */
- if ($this->check_system($data)) {
- /* new domain-name */
- if ($data['old']['domain'] != $data['new']['domain']) {
+ if ($this->check_system($data)) {
+ /* maildomain disabled */
+ if ($data['new']['active'] == 'n' && $data['old']['active'] == 'y') {
+ $app->log('Maildomain '.$data['new']['domain'].' disabled - remove DKIM-settings', LOGLEVEL_DEBUG);
+ if ($data['new']['dkim']=='y') {
+ $this->remove_dkim($data['new']);
+ }
+ if ($data['old']['dkim']=='y') {
+ $this->remove_dkim($data['old']);
+ }
+ }
+
+ /* maildomain re-enabled */
+ if ($data['new']['active'] == 'y' && $data['old']['active'] == 'n') {
+ if ($data['new']['dkim']=='y') {
+ $this->add_dkim($data);
+ }
+ }
+
+ /* maildomain active - only dkim changes */
+ if ($data['new']['active'] == 'y' && $data['old']['active'] == 'y') {
+ /* dkim disabled */
+ if ($data['new']['dkim'] != $data['old']['dkim'] && $data['new']['dkim'] == 'n') {
+ $this->remove_dkim($data['new']);
+ }
+ /* dkim enabled */
+ elseif ($data['new']['dkim'] != $data['old']['dkim'] && $data['new']['dkim'] == 'y') {
+ $this->add_dkim($data);
+ }
+ /* new private-key or new domain-name */
+ if ($data['new']['dkim_private'] != $data['old']['dkim_private'] || $data['new']['domain'] != $data['old']['domain']) {
$this->remove_dkim($data['old']);
$this->add_dkim($data);
}
- /* new key */
- if (($data['old']['dkim_private'] != $data['new']['dkim_private']) || ($data['old']['dkim'] != $data['new']['dkim'])) {
- if ($data['new']['dkim_private'] != $data['old']['dkim_private']) $this->remove_dkim($data['new']);
- $this->add_dkim($data);
- }
- /* change active (on / off) */
- if ($data['old']['active'] != $data['new']['active']) {
- if ($data['new']['active'] == 'y') {
- $this->add_dkim($data);
- } else {
- $this->remove_dkim($data['new']);
- }
- }
+ }
+
+ /* resync */
+ if ($data['new']['active'] == 'y' && $data['new'] == $data['old']) {
+ $this->add_dkim($data);
}
}
- if (isset($data['new']['dkim']) && $data['old']['dkim'] != $data['new']['dkim'])
- if ($this->check_system($data) && $data['new']['dkim'] == 'n') $this->remove_dkim($data['new']);
}
}
--
Gitblit v1.9.1