Skip to content

Commit fed17de

Browse files
author
Florian Schaal
committed
SPF-Support - FS#1644 - DNS SPF Record, FS#3327 - SPF field, and FS#3733 - SPF-Record in the DNS
1 parent 378d832 commit fed17de

25 files changed

+1008
-0
lines changed

interface/web/dns/dns_spf_edit.php

Lines changed: 269 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,269 @@
1+
<?php
2+
3+
/*
4+
Copyright (c) 2014, Florian Schaal, info@schaal-24.de
5+
All rights reserved.
6+
7+
Redistribution and use in source and binary forms, with or without modification,
8+
are permitted provided that the following conditions are met:
9+
10+
* Redistributions of source code must retain the above copyright notice,
11+
this list of conditions and the following disclaimer.
12+
* Redistributions in binary form must reproduce the above copyright notice,
13+
this list of conditions and the following disclaimer in the documentation
14+
and/or other materials provided with the distribution.
15+
* Neither the name of ISPConfig nor the names of its contributors
16+
may be used to endorse or promote products derived from this software without
17+
specific prior written permission.
18+
19+
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
20+
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21+
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22+
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
23+
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
24+
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25+
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
26+
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27+
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
28+
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29+
*/
30+
31+
/******************************************
32+
* Begin Form configuration
33+
******************************************/
34+
35+
$tform_def_file = "form/dns_spf.tform.php";
36+
37+
/******************************************
38+
* End Form configuration
39+
******************************************/
40+
41+
require_once '../../lib/config.inc.php';
42+
require_once '../../lib/app.inc.php';
43+
44+
//* Check permissions for module
45+
$app->auth->check_module_permissions('dns');
46+
47+
// Loading classes
48+
$app->uses('tpl,tform,tform_actions,validate_dns');
49+
$app->load('tform_actions');
50+
51+
class page_action extends tform_actions {
52+
53+
function onShowNew() {
54+
global $app, $conf;
55+
// we will check only users, not admins
56+
if($_SESSION["s"]["user"]["typ"] == 'user') {
57+
58+
// Get the limits of the client
59+
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
60+
$client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = =", $client_group_id);
61+
62+
// Check if the user may add another mailbox.
63+
if($client["limit_dns_record"] >= 0) {
64+
$tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
65+
if($tmp["number"] >= $client["limit_dns_record"]) {
66+
$app->error($app->tform->wordbook["limit_dns_record_txt"]);
67+
}
68+
}
69+
}
70+
71+
parent::onShowNew();
72+
}
73+
74+
function onShowEnd() {
75+
global $app, $conf;
76+
77+
$zone = $app->functions->intval($_GET['zone']);
78+
79+
//* check for an existing spf-record
80+
$sql = "SELECT data, active FROM dns_rr WHERE data LIKE 'v=spf1%' AND zone = ? AND ?";
81+
$rec = $app->db->queryOneRecord($sql, $zone, $app->tform->getAuthSQL('r'));
82+
if ( isset($rec) && !empty($rec) ) {
83+
$this->id = 1;
84+
$old_data = strtolower($rec['data']);
85+
86+
$app->tpl->setVar("data", $old_data);
87+
if ($rec['active'] == 'Y') $app->tpl->setVar("active", "CHECKED"); else $app->tpl->setVar("active", "UNCHECKED");
88+
89+
$spf_hostname = '';
90+
$spf_ip = '';
91+
$spf_domain = '';
92+
$spf_mechanism = '';
93+
94+
// browse through data
95+
$temp = explode(' ', $old_data);
96+
foreach ($temp as $part) {
97+
if ($part == 'a') $app->tpl->setVar("spf_a_active", "CHECKED");
98+
if ($part == 'mx') $app->tpl->setVar("spf_mx_active", "CHECKED");
99+
if (preg_match("/^ip(4|6):/", $part)) $spf_ip .= str_replace(array('ip4:','ip6:'), '', $part) . ' ';
100+
if (preg_match("/^a:/", $part)) $spf_hostname .= str_replace('a:', '', $part) . ' ';
101+
if (preg_match("/^\\??include/", $part)) $spf_domain .= str_replace(array('include:', '?'), '', $part) . ' ';
102+
}
103+
unset($temp);
104+
$spf_ip = rtrim($spf_ip);
105+
$spf_hostname = rtrim($spf_hostname);
106+
$spf_domain = rtrim($spf_domain);
107+
$spf_mechanism = substr($rec['data'], -4, 1);
108+
}
109+
110+
//set html-values
111+
$app->tpl->setVar("spf_ip", $spf_ip);
112+
$app->tpl->setVar("spf_hostname", $spf_hostname);
113+
$app->tpl->setVar("spf_domain", $spf_domain);
114+
//create spf-mechanism-list
115+
$spf_mechanism_value = array(
116+
'+' => 'spf_mechanism_pass_txt',
117+
'-' => 'spf_mechanism_fail_txt',
118+
'~' => 'spf_mechanism_softfail_txt',
119+
'?' => 'spf_mechanism_neutral_txt'
120+
);
121+
$spf_mechanism_list='';
122+
foreach($spf_mechanism_value as $value => $txt) {
123+
$selected = @($spf_mechanism == $value)?' selected':'';
124+
$spf_mechanism_list .= "<option value='$value'$selected>".$app->tform->wordbook[$txt]."</option>\r\n";
125+
}
126+
$app->tpl->setVar('spf_mechanism', $spf_mechanism_list);
127+
128+
parent::onShowEnd();
129+
130+
}
131+
132+
function onSubmit() {
133+
global $app, $conf;
134+
135+
136+
// Get the parent soa record of the domain
137+
$soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND ?", $app->functions->intval($_POST["zone"]), $app->tform->getAuthSQL('r'));
138+
139+
// Check if Domain belongs to user
140+
if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
141+
142+
// Check the client limits, if user is not the admin
143+
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
144+
// Get the limits of the client
145+
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
146+
$client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
147+
148+
// Check if the user may add another mailbox.
149+
if($this->id == 0 && $client["limit_dns_record"] >= 0) {
150+
$tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
151+
if($tmp["number"] >= $client["limit_dns_record"]) {
152+
$app->error($app->tform->wordbook["limit_dns_record_txt"]);
153+
}
154+
}
155+
} // end if user is not admin
156+
157+
//create spf-record
158+
if (!empty($this->dataRecord['spf_mx'])) {
159+
$spf_record[] = 'mx';
160+
}
161+
if (!empty($this->dataRecord['spf_a'])) {
162+
$spf_record[] = 'a';
163+
}
164+
$spf_ip = trim($this->dataRecord['spf_ip']);
165+
if (!empty($spf_ip)) {
166+
$rec = split(' ', $spf_ip);
167+
foreach ($rec as $ip) {
168+
$temp_ip = explode('/', $ip);
169+
if (filter_var($temp_ip[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
170+
$temp = 'ip4:' . $temp_ip[0];
171+
if (isset($temp_ip[1])) $temp .= '/' . $temp_ip[1];
172+
$spf_record[] = $temp;
173+
unset($temp);
174+
}
175+
elseif (filter_var($temp_ip[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
176+
$temp = 'ip6:' . $temp_ip[0];
177+
if (isset($temp_ip[1])) $temp .= '/' . $temp_ip[1];
178+
$spf_record[] = $temp;
179+
unset($temp);
180+
}
181+
else {
182+
if (isset($app->tform->errorMessage )) $app->tform->errorMessage = '<br/>' . $app->tform->errorMessage;
183+
$app->tform->errorMessage .= $app->tform->wordbook["spf_invalid_ip_txt"]. $temp_ip[0];
184+
if (isset( $temp_ip[1])) $app->tform->errorMessage .= "/".$temp_ip[1];
185+
}
186+
}
187+
}
188+
$spf_hostname = trim($this->dataRecord['spf_hostname']);
189+
if (!empty($spf_hostname)) {
190+
$rec = split(' ', $spf_hostname);
191+
foreach ($rec as $hostname) {
192+
if (preg_match('/^[a-zA-Z0-9\\.\\-\\*]{0,64}$/', $hostname))
193+
$spf_record[] = 'a:' . $hostname;
194+
else {
195+
if (isset($app->tform->errorMessage )) $app->tform->errorMessage .= '<br/>' . $app->tform->wordbook["spf_invalid_hostname_txt"]. $hostname;
196+
$app->tform->errorMessage .= $app->tform->wordbook["spf_invalid_hostname_txt"]. $hostname;
197+
}
198+
}
199+
unset($rec);
200+
}
201+
$spf_domain = trim($this->dataRecord['spf_domain']);
202+
if (!empty($spf_domain)) {
203+
$rec = split(' ', $spf_domain);
204+
foreach ($rec as $domain) {
205+
if (preg_match('/^[a-zA-Z0-9\\.\\-\\*]{0,64}$/', $domain))
206+
$spf_record[] = 'include:' . $domain;
207+
else {
208+
if (isset($app->tform->errorMessage )) $app->tform->errorMessage .= '<br/>' . $app->tform->wordbook["spf_invalid_domain_txt"]. $domain;
209+
$app->tform->errorMessage .= $app->tform->wordbook["spf_invalid_domain_txt"]. $domain;
210+
}
211+
}
212+
}
213+
214+
$temp = implode(' ', $spf_record);unset($spf_record);
215+
if (!empty($temp))
216+
$this->dataRecord['data'] = 'v=spf1 ' . $temp . ' ' . $this->dataRecord['spf_mechanism'] . 'all';
217+
else $this->dataRecord['data'] = 'v=spf1 ' . $this->dataRecord['spf_mechanism'] . 'all';
218+
unset($temp);
219+
220+
$this->dataRecord['name'] = $soa['origin'];
221+
if (isset($this->dataRecord['active'])) $this->dataRecord['active'] = 'Y';
222+
223+
// Set the server ID of the rr record to the same server ID as the parent record.
224+
$this->dataRecord["server_id"] = $soa["server_id"];
225+
226+
// Update the serial number and timestamp of the RR record
227+
$soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ?", $this->id);
228+
$this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);
229+
$this->dataRecord["stamp"] = date('Y-m-d H:i:s');
230+
231+
// always update an existing entry
232+
$check=$app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ? AND type = ? AND data LIKE 'v=spf1%' AND name = ?", $this->dataRecord["zone"], $this->dataRecord["type"], $this->dataRecord['name'].'.');
233+
$this->id = $check['id'];
234+
235+
if (!isset($this->dataRecord['active'])) $this->dataRecord['active'] = 'N';
236+
237+
parent::onSubmit();
238+
}
239+
240+
function onAfterInsert() {
241+
global $app, $conf;
242+
243+
//* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
244+
$soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = ? AND ?", $app->functions->intval($this->dataRecord["zone"]), $app->tform->getAuthSQL('r'));
245+
$app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
246+
247+
//* Update the serial number of the SOA record
248+
$soa_id = $app->functions->intval($_POST["zone"]);
249+
$serial = $app->validate_dns->increase_serial($soa["serial"]);
250+
$app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
251+
252+
}
253+
254+
function onAfterUpdate() {
255+
global $app, $conf;
256+
257+
//* Update the serial number of the SOA record
258+
$soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ? AND ?", $app->functions->intval($this->dataRecord["zone"]), $app->tform->getAuthSQL('r'));
259+
$soa_id = $app->functions->intval($_POST["zone"]);
260+
$serial = $app->validate_dns->increase_serial($soa["serial"]);
261+
$app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);
262+
}
263+
264+
}
265+
266+
$page = new page_action;
267+
$page->onLoad();
268+
269+
?>

0 commit comments

Comments
 (0)