From c943b4a88af9c9468013089869a5be6f3804de30 Mon Sep 17 00:00:00 2001
From: Florian Schaal <florian@schaal-24.de>
Date: Mon, 22 Sep 2014 08:55:56 -0400
Subject: [PATCH] FS#2696 - More than 256 chars in DNS record and FS#3679 - allow stronger dkim-keys

---
 interface/web/mail/mail_domain_dkim_create.php |   18 ++++++++++++------
 1 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/interface/web/mail/mail_domain_dkim_create.php b/interface/web/mail/mail_domain_dkim_create.php
index d0ac3e8..854bf9f 100644
--- a/interface/web/mail/mail_domain_dkim_create.php
+++ b/interface/web/mail/mail_domain_dkim_create.php
@@ -84,9 +84,9 @@
 	return $public_key;
 }
 
-function get_public_key($private_key) {
+function get_public_key($private_key, $dkim_strength) {
 	$validate_dkim=new validate_dkim ();
-	if($validate_dkim->validate_post('private',$private_key)) { /* validate the $_POST-value */
+	if($validate_dkim->validate_post('private', $private_key, $dkim_strength)) { /* validate the $_POST-value */
 		exec('echo '.escapeshellarg($private_key).'|openssl rsa -pubout -outform PEM 2> /dev/null',$pubkey,$result);
 		$public_key=pub_key($pubkey);
 	} else {
@@ -123,12 +123,18 @@
 	return $selector;
 }
 
+//* get dkim-strength for server_id
+$mail_server_id = $app->functions->intval( $app->db->queryOneRecord("SELECT server_id from mail_domain WHERE domain = ?", $_POST['domain']) );
+$dkim_strength = $app->functions->intval( $app->getconf->get_server_config($mail_server_id, 'mail')['dkim_strength'] );
+if ( empty($dkim_strength) ) $dkim_strength = 1024;
+
 switch ($_POST['action']) {
 	case 'create': /* create DKIM Private-key */
+		$rnd_val = $dkim_strength * 10;
+		exec('openssl rand -out ../../temp/random-data.bin '.$rnd_val.' 2> /dev/null', $output, $result);
+		exec('openssl genrsa -rand ../../temp/random-data.bin '.$dkim_strength.' 2> /dev/null', $privkey, $result);
+		unlink('../../temp/random-data.bin');
 		$_POST=getRealPOST();
-		exec('openssl rand -out /usr/local/ispconfig/server/temp/random-data.bin 4096 2> /dev/null', $output, $result);
-		exec('openssl genrsa -rand /usr/local/ispconfig/server/temp/random-data.bin 1024 2> /dev/null', $privkey, $result);
-		unlink("/usr/local/ispconfig/server/temp/random-data.bin");
 		foreach($privkey as $values) $private_key=$private_key.$values."\n";
 		//* check the selector for updated dkim-settings only
 		if ( isset($_POST['dkim_public']) && !empty($_POST['dkim_public']) ) $selector = new_selector($_POST['dkim_selector'], $_POST['domain']); 
@@ -139,7 +145,7 @@
 	break;
 }
 
-$public_key=get_public_key($private_key);
+$public_key=get_public_key($private_key, $dkim_strength);
 $dns_record=str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"),'',$public_key);
 
 if ( !isset($selector) ) {

--
Gitblit v1.9.1