Merge branch 'master' into 'master'

Marius Cramer · Marius Cramer · commit fef8248f4303 · 2014-08-14T13:56:16.000+02:00
Master

See merge request !119
diff --git a/interface/web/mail/mail_domain_edit.php b/interface/web/mail/mail_domain_edit.php
@@ -282,6 +282,37 @@ function onAfterInsert() {
 				unset($tmp_domain);
 			}
 		} // endif spamfilter policy
+
+		//* create dns-record with dkim-values if the zone exists
+		if ( (isset($this->dataRecord['dkim']) && $this->dataRecord['dkim'] == 'y') && (isset($this->dataRecord['active']) && $this->dataRecord['active'] == 'y') ) {
+			$soa_rec = $app->db->queryOneRecord("SELECT id AS zone, sys_userid, sys_groupid, sys_perm_user, sys_perm_group, sys_perm_other, server_id, ttl, serial FROM dns_soa WHERE active = 'Y' AND origin = ?", $this->dataRecord['domain'].'.');
+			if ( isset($soa_rec) ) {
+				//* check for a dkim-record in the dns
+				$dns_data = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE name = ? AND sys_groupid = ?", $this->dataRecord['dkim_selector'].'._domainkey.'.$this->dataRecord['domain'].'.', $_SESSION["s"]["user"]['sys_groupid']);
+				if ( isset($dns_data) ) {
+					$dns_data['data'] = 'v=DKIM1; t=s; p='.str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"), '', $this->dataRecord['dkim_public']);
+					$dns_data['active'] = 'Y';
+					$dns_data['stamp'] = date('Y-m-d H:i:s');
+					$dns_data['serial'] = $app->validate_dns->increase_serial($dns_data['serial']);
+					$app->db->datalogUpdate('dns_rr', $dns_data, 'id', $dns_data['id']);
+					$zone = $app->db->queryOneRecord("SELECT id, serial FROM dns_soa WHERE active = 'Y' AND id = ?", $dns_data['zone']);
+					$new_serial = $app->validate_dns->increase_serial($zone['serial']);
+					$app->db->datalogUpdate('dns_soa', "serial = '".$new_serial."'", 'id', $zone['id']);
+				} else { //* no dkim-record found - create new record
+					$dns_data = $app->db->queryOneRecord("SELECT id AS zone, sys_userid, sys_groupid, sys_perm_user, sys_perm_group, sys_perm_other, server_id, ttl, serial FROM dns_soa WHERE active = 'Y' AND origin = ?", $this->dataRecord['domain'].'.');
+					$dns_data['name'] = $this->dataRecord['dkim_selector'].'._domainkey.'.$this->dataRecord['domain'].'.';
+					$dns_data['type'] = 'TXT';
+					$dns_data['data'] = 'v=DKIM1; t=s; p='.str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"), '', $this->dataRecord['dkim_public']);
+					$dns_data['aux'] = 0;
+					$dns_data['active'] = 'Y';
+					$dns_data['stamp'] = date('Y-m-d H:i:s');
+					$dns_data['serial'] = $app->validate_dns->increase_serial($dns_data['serial']);
+					$app->db->datalogInsert('dns_rr', $dns_data, 'id', $dns_data['zone']);
+					$new_serial = $app->validate_dns->increase_serial($soa_rec['serial']);
+					$app->db->datalogUpdate('dns_soa', "serial = '".$new_serial."'", 'id', $soa_rec['zone']);
+				}
+			}
+		} //* endif add dns-record
 	}
 
 	function onBeforeUpdate() {
@@ -308,6 +339,69 @@ function onBeforeUpdate() {
 			}
 			unset($rec);
 		}
+
+		//* update dns-record when the dkim record was changed
+		// NOTE: only if the domain-name was not changed
+
+		//* get domain-data from the db
+		$mail_data = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain = ?", $this->dataRecord['domain']);
+		
+		if ( isset($mail_data) ) {
+			$post_data = $mail_data;
+			$post_data['dkim_selector'] = $this->dataRecord['dkim_selector'];
+			$post_data['dkim_public'] = $this->dataRecord['dkim_public'];
+			$post_data['dkim_private'] = $this->dataRecord['dkim_private'];
+			if ( isset($this->dataRecord['dkim']) ) $post_data['dkim'] = 'y'; else $post_data['dkim'] = 'n';
+			if ( isset($this->dataRecord['active']) ) $post_data['active'] = 'y'; else      $post_data['active'] = 'n';
+		}
+
+		//* dkim-value changed
+		if ( $mail_data != $post_data ) {
+			//* get the dns-record for the public from the db
+			$dns_data = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE name = ? AND sys_groupid = ?'", $mail_data['dkim_selector'].'._domainkey.'.$mail_data['domain'].'.', $mail_data['sys_groupid']);
+
+			//* we modify dkim dns-values for active mail-domains only
+			if ( $post_data['active'] == 'y' ) {
+				if ( $post_data['dkim'] == 'n' ) {
+					$new_dns_data['active'] = 'N';
+				} else {
+					if ( $post_data['dkim_selector'] != $mail_data['dkim_selector'] )
+						$new_dns_data['name'] = $post_data['dkim_selector'].'._domainkey.'.$post_data['domain'].'.';
+					if ( $post_data['dkim'] != $mail_data['dkim'] )
+						$new_dns_data['active'] = 'Y';
+					if ( $post_data['active'] != $mail_data['active'] && $post_data['active'] == 'y' )
+						$new_dns_data['active'] = 'Y';
+					if ( $post_data['dkim_public'] != $mail_data['dkim_public'] )
+						$new_dns_data['data'] = 'v=DKIM1; t=s; p='.str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"), '', $post_data['dkim_public']);
+				}
+			} else $new_dns_data['active'] = 'N';
+
+			if ( isset($dns_data) && isset($new_dns_data) ) {
+				//* update dns-record
+				$new_dns_data['serial'] = $app->validate_dns->increase_serial($dns_data['serial']);
+				$app->db->datalogUpdate('dns_rr', $new_dns_data, 'id', $dns_data['id']);
+				$zone = $app->db->queryOneRecord("SELECT id, serial FROM dns_soa WHERE active = 'Y' AND id = ?", $dns_data['zone']);
+				$new_serial = $app->validate_dns->increase_serial($zone['serial']);
+				$app->db->datalogUpdate('dns_soa', "serial = '".$new_serial."'", 'id', $zone['id']);
+			} else {
+				//* create a new dns-record
+				$new_dns_data = $app->db->queryOneRecord("SELECT id AS zone, sys_userid, sys_groupid, sys_perm_user, sys_perm_group, sys_perm_other, server_id, ttl, serial FROM dns_soa WHERE active = 'Y' AND origin = ?", $mail_data['domain'].'.');
+				//* create a new record only if the dns-zone exists
+				if ( isset($new_dns_data) && $post_data['dkim'] == 'y' ) {
+					$new_dns_data['name'] = $post_data['dkim_selector'].'._domainkey.'.$post_data['domain'].'.';
+					$new_dns_data['type'] = 'TXT';
+					$new_dns_data['data'] = 'v=DKIM1; t=s; p='.str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"), '', $post_data['dkim_public']);
+					$new_dns_data['aux'] = 0;
+					$new_dns_data['active'] = 'Y';
+					$new_dns_data['stamp'] = date('Y-m-d H:i:s');
+					$new_dns_data['serial'] = $app->validate_dns->increase_serial($new_dns_data['serial']);
+					$app->db->datalogInsert('dns_rr', $new_dns_data, 'id', $new_dns_data['zone']);
+					$zone = $app->db->queryOneRecord("SELECT id, serial FROM dns_soa WHERE active = 'Y' AND id = ?", $new_dns_data['zone']);
+					$new_serial = $app->validate_dns->increase_serial($zone['serial']);
+					$app->db->datalogUpdate('dns_soa', "serial = '".$new_serial."'", 'id', $zone['id']);
+				}
+			}
+		} //* endif $mail_data != $post_data
 	}
 
 	function onAfterUpdate() {
diff --git a/server/plugins-available/mail_plugin_dkim.inc.php b/server/plugins-available/mail_plugin_dkim.inc.php
@@ -119,8 +119,12 @@ function check_system($data) {
 		}
 		/* dir for dkim-keys writeable? */
 		$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
-		if (isset($mail_config['dkim_path']) && (!empty($mail_config['dkim_path'])) && isset($data['new']['dkim_private']) && !empty($data['new']['dkim_private'])) {
-
+		if (	isset($mail_config['dkim_path']) && 
+				!empty($mail_config['dkim_path']) && 
+				isset($data['new']['dkim_private']) && 
+				!empty($data['new']['dkim_private']) &&
+				$mail_config['dkim_path'] != '/'
+		) {
             if (!is_dir($mail_config['dkim_path'])) {
                 $app->log('DKIM Path '.$mail_config['dkim_path'].' not found - (re)created.', LOGLEVEL_DEBUG);
 				if($app->system->is_user('amavis')) { 
@@ -133,10 +137,12 @@ function check_system($data) {
 				}
 				if(!empty($amavis_user)) {
 					mkdir($mail_config['dkim_path'], 0750, true);
-					exec('chown '.$amavis_user.' /var/lib/amavis/dkim');
+					exec('chown '.$amavis_user.' '.escapeshellarg($mail_config['dkim_path']));
 					unset($amavis_user);
 				} else {
 					mkdir($mail_config['dkim_path'], 0755, true);
+					$app->log('No user amavis or vscan found - using root for '.$mail_config['dkim_path']
+, LOGLEVEL_WARNING);
 				}
             }
 
@@ -194,6 +200,8 @@ function write_dkim_key($key_file, $key_value, $key_domain) {
 			if (!file_put_contents($key_file.'.public', $public_key) === false)
 				$app->log('Saved DKIM Public to '.$key_domain.'.', LOGLEVEL_DEBUG);
 			else $app->log('Unable to save DKIM Public to '.$key_domain.'.', LOGLEVEL_DEBUG);
+		} else {
+			$app->log('Unable to save DKIM Privte-key to '.$key_file.'.private', LOGLEVEL_ERROR);
 		}
 		return $success;
 	}
