DKIM-Modifications

skip writing dkim-values for inactive domains
removed the public-dkim-key from the interface
added german language-file

Author: Florian

install/dist/lib/opensuse.lib.php

@@ -265,7 +265,7 @@ function configure_postfix($options = '')
 		$command = 'chmod 755  /var/run/authdaemon.courier-imap';
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
 
-		//* Changing maildrop lines in posfix master.cf
+		//* Changing maildrop lines in posfix master.cf 
 		if(is_file($config_dir.'/master.cf')){
             copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
         }

interface/lib/classes/validate_dkim.inc.php

@@ -0,0 +1,93 @@
+<?php
+
+/**
+Copyright (c) 2007 - 2013, Till Brehm, projektfarm Gmbh
+Copyright (c) 2013, Florian Schaal, info@schaal-24.de
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+@author Florian Schaal, info@schaal-24.de
+@copyrighth Florian Schaal, info@schaal-24.de
+*/
+
+class validate_dkim {
+	
+	function get_error($errmsg) {
+		global $app;
+        	if(isset($app->tform->wordbook[$errmsg])) {
+			return $app->tform->wordbook[$errmsg]."<br>\r\n";
+		} else {
+			return $errmsg."<br>\r\n";
+		}
+    	}
+
+	/**
+	* Validator function for private DKIM-Key 
+	*/
+    	function check_private_key($field_name, $field_value, $validator) {
+		$dkim_enabled=$_POST['dkim'];
+		if ($dkim_enabled == 'y') {
+			if (empty($field_value)) return $this->get_error($validator['errmsg']);
+			exec('echo '.escapeshellarg($field_value).'|openssl rsa -check',$output,$result);
+			if($result != 0) return $this->get_error($validator['errmsg']);
+		}
+	}
+
+	/**
+	* Validator function for DKIM Path 
+	* @return boolean - true when the dkim-path exists and is writeable
+	*/
+	function check_dkim_path($field_name, $field_value, $validator) {
+		if(empty($field_value)) return $this->get_error($validator['errmsg']);
+		if (substr(sprintf('%o', fileperms($field_value)),-3) <= 600)
+			return $this->get_error($validator['errmsg']);
+	}
+
+	/** 
+	* Check function for DNS-Template 
+	*/
+	function check_template($field_name, $field_value, $validator) {
+		$dkim=false;
+		foreach($field_value as $field ) { if($field == 'DKIM') $dkim=true; }
+		if ($dkim && $field_value[0]!='DOMAIN') return $this->get_error($validator['errmsg']);
+	}
+
+	/**
+	* Validator function for $_POST 
+	*
+	* @return boolean - true if $POST contains a real key-file
+	*/
+	function validate_post($key,$value) {
+		switch ($key) {
+			case 'public':	
+				if (preg_match("/(^-----BEGIN PUBLIC KEY-----)[a-zA-Z0-9\r\n\/\+=]{1,221}(-----END PUBLIC KEY-----(\n|\r)$)/",$value) === 1) { return true; } else { return false; }
+			break;
+			case 'private':
+				if (preg_match("/(^-----BEGIN RSA PRIVATE KEY-----)[a-zA-Z0-9\r\n\/\+=]{1,850}(-----END RSA PRIVATE KEY-----(\n|\r)$)/",$value) === 1) { return true; } else { return false; }
+			break;
+		}
+	}	
+}
+

interface/web/admin/form/server_config.tform.php

@@ -282,10 +282,10 @@
 						'formtype' => 'TEXT',
 						'default' => '/var/lib/amavis/dkim',
 						'validators'    => array (  0 => array ('type'  => 'CUSTOM',
-																'class' => 'validate_dkim',
-																'function' => 'check_dkim_path',
-																'errmsg'=> 'dkim_path_error'),
-												 ),
+							   	   'class' => 'validate_dkim',
+								   'function' => 'check_dkim_path',
+								   'errmsg'=> 'dkim_path_error'),
+								 ),
 						'value' => '',
 						'width' => '40',
 						'maxlength' => '255'

interface/web/admin/lib/lang/de_server_config.lng

@@ -19,8 +19,8 @@ $wb['fastcgi_bin_txt'] = 'FastCGI Bin';
 $wb['module_txt'] = 'Modul';
 $wb['maildir_path_txt'] = 'Maildir Pfad';
 $wb['homedir_path_txt'] = 'Homedir Pfad';
-$wb["dkim_path_txt"] = 'DKIM Pfad';
-$wb["dkim_path_error"] = 'DKIM Pfad nicht gefunden oder nicht beschreibbar.';
+$wb['dkim_path_txt'] = 'DKIM Pfad';
+$wb['dkim_path_error'] = 'DKIM Pfad nicht gefunden oder nicht beschreibbar.';
 $wb['mailuser_uid_txt'] = 'Mailbenutzer UID';
 $wb['mailuser_gid_txt'] = 'Mailbenutzer GID';
 $wb['mailuser_name_txt'] = 'Mailbenutzer Name';

interface/web/admin/lib/lang/en_server_config.lng

@@ -30,6 +30,8 @@ $wb["fastcgi_bin_txt"] = 'FastCGI Bin';
 $wb["module_txt"] = 'Module';
 $wb["maildir_path_txt"] = 'Maildir Path';
 $wb["homedir_path_txt"] = 'Homedir Path';
+$wb["dkim_path_txt"] = 'DKIM Path';
+$wb["dkim_path_error"] = 'DKIM Path not found or not writeable.';
 $wb["mailuser_uid_txt"] = 'Mailuser UID';
 $wb["mailuser_gid_txt"] = 'Mailuser GID';
 $wb["mailuser_name_txt"] = 'Mailuser Name';

interface/web/admin/templates/server_config_mail_edit.htm

@@ -19,6 +19,10 @@ <h2><tmpl_var name="list_head_txt"></h2>
                 <label for="homedir_path">{tmpl_var name='homedir_path_txt'}</label>
                 <input name="homedir_path" id="homedir_path" value="{tmpl_var name='homedir_path'}" size="40" maxlength="255" type="text" class="textInput" />
             </div>
+            <div class="ctrlHolder">
+                <label for="dkim_path">{tmpl_var name='dkim_path_txt'}</label>
+                <input name="dkim_path" id="dkim_path" value="{tmpl_var name='dkim_path'}" size="40" maxlength="255" type="text" class="textInput" />
+            </div>
             <div class="ctrlHolder">
                 <p class="label">{tmpl_var name='pop3_imap_daemon_txt'}</p>
                 <div class="multiField">
@@ -113,4 +117,4 @@ <h2><tmpl_var name="list_head_txt"></h2>
         </div>
     </div>
 
-</div>
+</div>

interface/web/dns/dns_dkim_edit.php

@@ -0,0 +1,142 @@
+<?php
+
+/*
+Copyright (c) 2007, Till Brehm, projektfarm Gmbh
+Copyright (c) 2013, Florian Schaal, info@schaal-24.de
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+/******************************************
+* Begin Form configuration
+******************************************/
+
+$tform_def_file = "form/dns_dkim.tform.php";
+
+/******************************************
+* End Form configuration
+******************************************/
+
+require_once('../../lib/config.inc.php');
+require_once('../../lib/app.inc.php');
+
+//* Check permissions for module
+$app->auth->check_module_permissions('dns');
+
+// Loading classes
+$app->uses('tpl,tform,tform_actions,validate_dns');
+$app->load('tform_actions');
+
+class page_action extends tform_actions {
+	
+	function onShowNew() {
+		global $app, $conf;
+		// we will check only users, not admins
+		if($_SESSION["s"]["user"]["typ"] == 'user') {
+			
+			// Get the limits of the client
+			$client_group_id = $_SESSION["s"]["user"]["default_group"];
+			$client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+			
+			// Check if the user may add another record.
+			if($client["limit_dns_record"] >= 0) {
+				$tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
+				if($tmp["number"] >= $client["limit_dns_record"]) {
+					$app->error($app->tform->wordbook["limit_dns_record_txt"]);
+				}
+			}
+		}
+
+		parent::onShowNew();
+	}
+
+	function onSubmit() {
+		global $app, $conf;
+		// Get the parent soa record of the domain
+		$soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+		// Check if Domain belongs to user
+		if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
+		
+		// Check the client limits, if user is not the admin
+		if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
+			// Get the limits of the client
+			$client_group_id = $_SESSION["s"]["user"]["default_group"];
+			$client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+			// Check if the user may add another record.
+			if($this->id == 0 && $client["limit_dns_record"] >= 0) {
+				$tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
+				if($tmp["number"] >= $client["limit_dns_record"]) {
+					$app->error($app->tform->wordbook["limit_dns_record_txt"]);
+				}
+			}
+		} // end if user is not admin
+		
+		// Set the server ID of the rr record to the same server ID as the parent record.
+		$this->dataRecord["server_id"] = $soa["server_id"];
+		
+		// add dkim-settings to the public-key in the txt-record
+		$this->dataRecord['data']='v=DKIM1; t=s; p='.$this->dataRecord['data'];
+		$this->dataRecord['name']='default._domainkey.'.$this->dataRecord['name'];
+
+		// Update the serial number  and timestamp of the RR record
+		$soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);
+		$this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);
+		$this->dataRecord["stamp"] = date('Y-m-d H:i:s');
+		
+		// check for duplicate entry
+		$check=$app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ".$this->dataRecord["zone"]." AND type = '".$this->dataRecord["type"]."' AND data ='".$this->dataRecord["data"]."' AND name = '".$this->dataRecord['name']."'");
+		if ($check!='') $app->tform->errorMessage .= $app->tform->wordbook["record_exists_txt"];
+
+		parent::onSubmit();
+	}
+	
+	function onAfterInsert() {
+		global $app, $conf;
+		
+		//* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
+		$soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+		$app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
+
+		//* Update the serial number of the SOA record
+		$soa_id = $app->functions->intval($_POST["zone"]);
+		$serial = $app->validate_dns->increase_serial($soa["serial"]);
+		$app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
+	}
+	
+	function onAfterUpdate() {
+		global $app, $conf;
+		
+		//* Update the serial number of the SOA record
+		$soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+		$soa_id = $app->functions->intval($_POST["zone"]);
+		$serial = $app->validate_dns->increase_serial($soa["serial"]);
+		$app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
+	}
+}
+
+$page = new page_action;
+$page->onLoad();
+
+?>

interface/web/dns/dns_dkim_get.php

@@ -0,0 +1,99 @@
+<?php
+/**
+Copyright (c) 2007 - 2013, Till Brehm, projektfarm Gmbh
+Copyright (c) 2013, Florian Schaal, info@schaal-24.de
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+/**
+* This script is invoked by interface/web/dns/templates/dns_dkim_edit.htm
+* when generating the DKIM Private-key.
+*
+* return DKIM Public-Key for the DNS-record
+*/ 
+
+require_once('../../lib/config.inc.php');
+require_once('../../lib/app.inc.php');
+
+//* Check permissions for module
+$app->auth->check_module_permissions('dns');
+
+global $app, $conf;
+
+// Loading classes
+$app->uses('tform,tform_actions');
+
+header('Content-Type: text/xml; charset=utf-8');
+header('Cache-Control: must-revalidate, pre-check=0, no-store, no-cache, max-age=0, post-check=0');
+
+/**
+* This function fix PHP's messing up POST input containing characters space, dot,
+* open square bracket and others to be compatible with with the deprecated register_globals
+* @return array POST
+*/
+
+function getRealPOST() {
+    $pairs = explode("&", file_get_contents("php://input"));
+    $vars = array();
+    foreach ($pairs as $pair) {
+        $nv = explode("=", $pair, 2);
+        $name = urldecode($nv[0]);
+        $value = $nv[1];
+        $vars[$name] = $value;
+    }
+    return $vars;
+}
+
+/**
+* This function formats the public-key
+* @param array $pubkey
+* @return string public-key
+*/
+function pub_key($pubkey) {
+        $public_key='';
+        foreach($pubkey as $values) $public_key=$public_key.$values;
+        return $public_key;
+}
+
+$_POST=getRealPost();
+
+if (ctype_digit($_POST['zone'])) {
+	// Get the parent soa record of the domain
+	$soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->db->quote($_POST['zone'])."' AND ".$app->tform->getAuthSQL('r'));
+
+	$public_key=$app->db->queryOneRecord("SELECT dkim_public FROM mail_domain WHERE domain = '".substr_replace($soa['origin'],'',-1)."' AND ".$app->tform->getAuthSQL('r'));		
+
+	$public_key=pub_key($public_key);
+
+	$public_key=str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"),'',$public_key);
+
+	echo "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n";
+	echo "<formatname>\n";
+	echo "<data>".$public_key."</data>\n";
+	echo "<name>".$soa['origin']."</name>\n";
+	echo "</formatname>\n";
+}
+?>