Merge branch 'stable-3.1'

Marius Burkard

2016-07-10 e1ceb050e19c7574bca146a8da7047ee4ff456b5

 server/plugins-available/mail_plugin_dkim.inc.php

old mode 100644
new mode 100755
@@ -29,7 +29,7 @@
 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 @author Florian Schaal, info@schaal-24.de
 @copyrighth Florian Schaal, info@schaal-24.de
 @copyright Florian Schaal, info@schaal-24.de
 */


@@ -75,9 +75,9 @@
    */
   function get_amavis_config() {
      $pos_config=array(
         '/etc/amavisd.conf',
         '/etc/amavisd.conf/50-user',
         '/etc/amavis/conf.d/50-user',
         '/etc/amavisd.conf',
         '/etc/amavisd/amavisd.conf'
      );
      $amavis_configfile='';
@@ -111,28 +111,57 @@

      //* When we can use 60-dkim for the dkim-keys create the file if it does not exists.
      if (substr_compare($amavis_configfile, '60-dkim', -7) === 0 && !file_exists($amavis_configfile))
         file_put_contents($amavis_configfile, '');
         $app->system->touch($amavis_configfile);

      if ( $amavis_configfile == '' || !is_writeable($amavis_configfile) ) {
         $app->log('Amavis-config not found or not writeable.', LOGLEVEL_ERROR);
         $check=false;
      }

      /* dir for dkim-keys writeable? */
      $mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
      if (isset($mail_config['dkim_path']) && (!empty($mail_config['dkim_path'])) && isset($data['new']['dkim_private']) && !empty($data['new']['dkim_private'])) {

      if (   isset($mail_config['dkim_path']) && 
            !empty($mail_config['dkim_path']) && 
//            isset($data['new']['dkim_private']) && 
//            !empty($data['new']['dkim_private']) &&
            $mail_config['dkim_path'] != '/' 
      ) {
            if (!is_dir($mail_config['dkim_path'])) {
                $app->log('DKIM Path '.$mail_config['dkim_path'].' not found - (re)created.', LOGLEVEL_DEBUG);
                mkdir($mail_config['dkim_path'], 0750, true);
            }
            if($app->system->is_user('amavis')) { 
               $amavis_user='amavis'; 
            } elseif ($app->system->is_user('vscan')) { 
               $amavis_user='vscan'; 
            }
            else { 
               $amavis_user=''; 
            }
            if(!empty($amavis_user)) {
               mkdir($mail_config['dkim_path'], 0750, true);
               $app->system->chown($mail_config['dkim_path'], $amavis_user);
            } else {
               mkdir($mail_config['dkim_path'], 0755, true);
               $app->log('No user amavis or vscan found - using root for '.$mail_config['dkim_path'], LOGLEVEL_WARNING);
            }
            } else {
            if (!$app->system->checkpath($mail_config['dkim_path'])) {
               $app->log('Unable to write DKIM settings - invalid DKIM-Path (symlink?)', LOGLEVEL_ERROR);
               $check=false;
            }
         }

         if (!is_writeable($mail_config['dkim_path'])) {
            $app->log('DKIM Path '.$mail_config['dkim_path'].' not writeable.', LOGLEVEL_ERROR);
            $check=false;
         }

         if ( !$app->system->checkpath($mail_config['dkim_path']) ) {
            $app->log('DKIM Path '.$mail_config['dkim_path'].' failed in checkpath.', LOGLEVEL_ERROR);
            $check = false;
         }

      } else {
         $app->log('Unable to write DKIM settings; Check your config!', LOGLEVEL_ERROR);
         $app->log('Unable to write DKIM settings - no or invalid DKIM-Path defined', LOGLEVEL_ERROR);
         $check=false;
      }
      return $check;
@@ -141,45 +170,41 @@
   /**
    * This function restarts amavis
    */
   function restart_amavis() {
      global $app, $conf;
      $pos_init=array(
         $conf['init_scripts'].'/amavis',
         $conf['init_scripts'].'/amavisd'
      );
      $initfile='';
      foreach($pos_init as $init) {
         if (is_executable($init)) {
            $initfile=$init;
            break;
            }
      }
      $app->log('Restarting amavis: '.$initfile.'.', LOGLEVEL_DEBUG);
      exec(escapeshellarg($initfile).' restart', $output);
    function restart_amavis() {
        global $app;
      $initcommand = $app->system->getinitcommand(array('amavis', 'amavisd'), 'restart');
      $app->log('Restarting amavis: '.$initcommand.'.', LOGLEVEL_DEBUG);
      exec($initcommand, $output);
      foreach($output as $logline) $app->log($logline, LOGLEVEL_DEBUG);
   }
    }

   /**
    * This function writes the keyfiles (public and private)
    * @param string $key_file full path to the key-file
    * @param string $key_value private-key
    * @param string $key_domain mail-domain
    * @return bool - true when the key is written to disk
    * @return bool - true when the private key was written to disk
    */
   function write_dkim_key($key_file, $key_value, $key_domain) {
      global $app, $mailconfig;
      $success=false;
      if (!file_put_contents($key_file.'.private', $key_value) === false) {
      if ($key_file == '' || $key_value  == '' || $key_domain == '') {
         $app->log('DKIM internal error for domain '.$key_domain, LOGLEVEL_ERROR);
         return $success;
      }
      if ( $app->system->file_put_contents($key_file.'.private', $key_value) ) {
         $app->log('Saved DKIM Private-key to '.$key_file.'.private', LOGLEVEL_DEBUG);
         $success=true;
         /* now we get the DKIM Public-key */
         exec('cat '.escapeshellarg($key_file.'.private').'|openssl rsa -pubout', $pubkey, $result);
         exec('cat '.escapeshellarg($key_file.'.private').'|openssl rsa -pubout 2> /dev/null', $pubkey, $result);
         $public_key='';
         foreach($pubkey as $values) $public_key=$public_key.$values."\n";
         /* save the DKIM Public-key in dkim-dir */
         if (!file_put_contents($key_file.'.public', $public_key) === false)
         if ( $app->system->file_put_contents($key_file.'.public', $public_key) )
            $app->log('Saved DKIM Public to '.$key_domain.'.', LOGLEVEL_DEBUG);
         else $app->log('Unable to save DKIM Public to '.$key_domain.'.', LOGLEVEL_DEBUG);
      } else {
         $app->log('Unable to save DKIM Private-key to '.$key_file.'.private', LOGLEVEL_ERROR);
      }
      return $success;
   }
@@ -192,11 +217,11 @@
   function remove_dkim_key($key_file, $key_domain) {
      global $app;
      if (file_exists($key_file.'.private')) {
         exec('rm -f '.escapeshellarg($key_file.'.private'));
         $app->system->unlink($key_file.'.private');
         $app->log('Deleted the DKIM Private-key for '.$key_domain.'.', LOGLEVEL_DEBUG);
      } else $app->log('Unable to delete the DKIM Private-key for '.$key_domain.' (not found).', LOGLEVEL_DEBUG);
      if (file_exists($key_file.'.public')) {
         exec('rm -f '.escapeshellarg($key_file.'.public'));
         $app->system->unlink($key_file.'.public');
         $app->log('Deleted the DKIM Public-key for '.$key_domain.'.', LOGLEVEL_DEBUG);
      } else $app->log('Unable to delete the DKIM Public-key for '.$key_domain.' (not found).', LOGLEVEL_DEBUG);
   }
@@ -217,20 +242,20 @@
      //* If we are using seperate config-files with amavis remove existing keys from 50-user to avoid duplicate keys
      if (substr_compare($amavis_configfile, '60-dkim', -7) === 0) {
         $temp_configfile = str_replace('60-dkim', '50-user', $amavis_configfile);
         $temp_config = file_get_contents($temp_configfile);
         $temp_config = $app->system->file_get_contents($temp_configfile, true);
         if (preg_match($search_regex, $temp_config)) {
            $temp_config = preg_replace($search_regex, '', $temp_config)."\n";
            file_put_contents($temp_configfile, $temp_config);
            $app->system->file_put_contents($temp_configfile, $temp_config, true);
         }
         unset($temp_configfile);
         unset($temp_config);
      }

      $key_value="dkim_key('".$key_domain."', '".$selector."', '".$mail_config['dkim_path']."/".$key_domain.".private');\n";
      $amavis_config = file_get_contents($amavis_configfile);
      $amavis_config = $app->system->file_get_contents($amavis_configfile, true);
      $amavis_config = preg_replace($search_regex, '', $amavis_config).$key_value;

      if (file_put_contents($amavis_configfile, $amavis_config)) {
      if ( $app->system->file_put_contents($amavis_configfile, $amavis_config, true) ) {
         $app->log('Adding DKIM Private-key to amavis-config.', LOGLEVEL_DEBUG);
         $restart = true;
      } else {
@@ -249,13 +274,13 @@

      $restart = false;
      $amavis_configfile = $this->get_amavis_config();
      $amavis_config = file_get_contents($amavis_configfile);
      $amavis_config = $app->system->file_get_contents($amavis_configfile, true);

      $search_regex = "/(\n|\r)?dkim_key.*".$key_domain.".*(\n|\r)?/";

      if (preg_match($search_regex, $amavis_config)) {
         $amavis_config = preg_replace($search_regex, '', $amavis_config);
         file_put_contents($amavis_configfile, $amavis_config);
         $app->system->file_put_contents($amavis_configfile, $amavis_config, true);
         $app->log('Deleted the DKIM settings from amavis-config for '.$key_domain.'.', LOGLEVEL_DEBUG);
         $restart = true;
      }
@@ -263,10 +288,10 @@
      //* If we are using seperate config-files with amavis remove existing keys from 50-user, too
      if (substr_compare($amavis_configfile, '60-dkim', -7) === 0) {
         $temp_configfile = str_replace('60-dkim', '50-user', $amavis_configfile);
         $temp_config = file_get_contents($temp_configfile);
         $temp_config = $app->system->file_get_contents($temp_configfile, true);
         if (preg_match($search_regex, $temp_config)) {
            $temp_config = preg_replace($search_regex, '', $temp_config);
            file_put_contents($temp_configfile, $temp_config);
            $app->system->file_put_contents($temp_configfile, $temp_config, true);
            $restart = true;
         }
         unset($temp_configfile);
@@ -293,7 +318,7 @@
               $this->remove_dkim_key($mail_config['dkim_path']."/".$data['new']['domain'], $data['new']['domain']);
            }
         } else {
            $app->log('Error saving the DKIM Private-key for '.$data['new']['domain'].' - DKIM is not enabled for the domain.', LOGLEVEL_ERROR);
            $app->log('Error saving the DKIM Private-key for '.$data['new']['domain'].' - DKIM is not enabled for the domain.', LOGLEVEL_DEBUG);
         }
      }
   }
@@ -337,44 +362,46 @@
    */
   function domain_dkim_update($event_name, $data) {
      global $app;
      if ($this->check_system($data)) {
         /* maildomain disabled */
         if ($data['new']['active'] == 'n' && $data['old']['active'] == 'y' && $data['new']['dkim']=='y') {
            $app->log('Maildomain '.$data['new']['domain'].' disabled - remove DKIM-settings', LOGLEVEL_DEBUG);
            $this->remove_dkim($data['new']);
         }
         /* maildomain re-enabled */
         if ($data['new']['active'] == 'y' && $data['old']['active'] == 'n' && $data['new']['dkim']=='y') 
            $this->add_dkim($data);

         /* maildomain active - only dkim changes */
         if ($data['new']['active'] == 'y' && $data['old']['active'] == 'y') {
            /* dkim disabled */
            if ($data['new']['dkim'] != $data['old']['dkim'] && $data['new']['dkim'] == 'n') {
      if($data['new']['dkim'] == 'y' || $data['old']['dkim'] == 'y'){
         if ($this->check_system($data)) {
            /* maildomain disabled */
            if ($data['new']['active'] == 'n' && $data['old']['active'] == 'y' && $data['new']['dkim']=='y') {
               $app->log('Maildomain '.$data['new']['domain'].' disabled - remove DKIM-settings', LOGLEVEL_DEBUG);
               $this->remove_dkim($data['new']);
            }
            /* dkim enabled */
            elseif ($data['new']['dkim'] != $data['old']['dkim'] && $data['new']['dkim'] == 'y') {
            /* maildomain re-enabled */
            if ($data['new']['active'] == 'y' && $data['old']['active'] == 'n' && $data['new']['dkim']=='y') 
               $this->add_dkim($data);
            }
            /* new private-key */
            if ($data['new']['dkim_private'] != $data['old']['dkim_private'] && $data['new']['dkim'] == 'y') {
               $this->add_dkim($data);
            }
            /* new selector */
            if ($data['new']['dkim_selector'] != $data['old']['dkim_selector'] && $data['new']['dkim'] == 'y') {
               $this->add_dkim($data);
            }
            /* new domain-name */
            if ($data['new']['domain'] != $data['old']['domain']) {
               $this->remove_dkim($data['old']);
               $this->add_dkim($data);
            }
         }

         /* resync */
         if ($data['new']['active'] == 'y' && $data['new'] == $data['old']) {
            $this->add_dkim($data);
            /* maildomain active - only dkim changes */
            if ($data['new']['active'] == 'y' && $data['old']['active'] == 'y') {
               /* dkim disabled */
               if ($data['new']['dkim'] != $data['old']['dkim'] && $data['new']['dkim'] == 'n') {
                  $this->remove_dkim($data['new']);
               }
               /* dkim enabled */
               elseif ($data['new']['dkim'] != $data['old']['dkim'] && $data['new']['dkim'] == 'y') {
                  $this->add_dkim($data);
               }
               /* new private-key */
               if ($data['new']['dkim_private'] != $data['old']['dkim_private'] && $data['new']['dkim'] == 'y') {
                  $this->add_dkim($data);
               }
               /* new selector */
               if ($data['new']['dkim_selector'] != $data['old']['dkim_selector'] && $data['new']['dkim'] == 'y') {
                  $this->add_dkim($data);
               }
               /* new domain-name */
               if ($data['new']['domain'] != $data['old']['domain']) {
                  $this->remove_dkim($data['old']);
                  $this->add_dkim($data);
               }
            }

            /* resync */
            if ($data['new']['active'] == 'y' && $data['new'] == $data['old'] && $data['new']['dkim']=='y') {
               $this->add_dkim($data);
            }
         }
      }
   }