From 8d05d4a51d8fb80dd5328c8137bbe34386b45b61 Mon Sep 17 00:00:00 2001 From: andryyy Date: Wed, 25 Nov 2020 16:10:33 +0100 Subject: [PATCH] [Web] Cleanup Rspamd, other fixes --- data/web/inc/functions.inc.php | 4 +- data/web/inc/functions.rspamd.inc.php | 196 +++++------------- .../lib/WebAuthn/rootCertificates/nitro.pem | 11 + data/web/inc/prerequisites.inc.php | 1 + data/web/json_api.php | 105 +++++----- data/web/lang/lang.de.json | 1 + data/web/lang/lang.en.json | 2 + 7 files changed, 112 insertions(+), 208 deletions(-) create mode 100644 data/web/inc/lib/WebAuthn/rootCertificates/nitro.pem diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php index e9055744..1181b3f5 100644 --- a/data/web/inc/functions.inc.php +++ b/data/web/inc/functions.inc.php @@ -1059,12 +1059,12 @@ function fido2($_data) { $_SESSION['mailcow_cc_role'] != "admin") { return false; } - $stmt = $pdo->prepare("SELECT SHA2(`credentialId`, 256) AS `cid`, `certificateSubject`, `friendlyName` FROM `fido2` WHERE `username` = :username"); + $stmt = $pdo->prepare("SELECT SHA2(`credentialId`, 256) AS `cid`, `created`, `certificateSubject`, `friendlyName` FROM `fido2` WHERE `username` = :username"); $stmt->execute(array(':username' => $username)); $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); while($row = array_shift($rows)) { $fns[] = array( - "subject" => $row['certificateSubject'], + "subject" => (empty($row['certificateSubject']) ? 'Unknown (' . $row['created'] . ')' : $row['certificateSubject']), "fn" => $row['friendlyName'], "cid" => $row['cid'] ); diff --git a/data/web/inc/functions.rspamd.inc.php b/data/web/inc/functions.rspamd.inc.php index 2d3dbf35..b0ba1f50 100644 --- a/data/web/inc/functions.rspamd.inc.php +++ b/data/web/inc/functions.rspamd.inc.php @@ -24,23 +24,13 @@ function rsettings($_action, $_data = null) { ); return false; } - try { - $stmt = $pdo->prepare("INSERT INTO `settingsmap` (`content`, `desc`, `active`) - VALUES (:content, :desc, :active)"); - $stmt->execute(array( - ':content' => $content, - ':desc' => $desc, - ':active' => $active - )); - } - catch (PDOException $e) { - $_SESSION['return'][] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => array('mysql_error', $e) - ); - return false; - } + $stmt = $pdo->prepare("INSERT INTO `settingsmap` (`content`, `desc`, `active`) + VALUES (:content, :desc, :active)"); + $stmt->execute(array( + ':content' => $content, + ':desc' => $desc, + ':active' => $active + )); $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_action, $_data_log), @@ -73,27 +63,17 @@ function rsettings($_action, $_data = null) { continue; } $content = trim($content); - try { - $stmt = $pdo->prepare("UPDATE `settingsmap` SET - `content` = :content, - `desc` = :desc, - `active` = :active - WHERE `id` = :id"); - $stmt->execute(array( - ':content' => $content, - ':desc' => $desc, - ':active' => $active, - ':id' => $id - )); - } - catch (PDOException $e) { - $_SESSION['return'][] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => array('mysql_error', $e) - ); - continue; - } + $stmt = $pdo->prepare("UPDATE `settingsmap` SET + `content` = :content, + `desc` = :desc, + `active` = :active + WHERE `id` = :id"); + $stmt->execute(array( + ':content' => $content, + ':desc' => $desc, + ':active' => $active, + ':id' => $id + )); $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_action, $_data_log), @@ -112,18 +92,8 @@ function rsettings($_action, $_data = null) { } $ids = (array)$_data['id']; foreach ($ids as $id) { - try { - $stmt = $pdo->prepare("DELETE FROM `settingsmap` WHERE `id`= :id"); - $stmt->execute(array(':id' => $id)); - } - catch (PDOException $e) { - $_SESSION['return'][] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => array('mysql_error', $e) - ); - return false; - } + $stmt = $pdo->prepare("DELETE FROM `settingsmap` WHERE `id`= :id"); + $stmt->execute(array(':id' => $id)); $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__, $_action, $_data_log), @@ -157,55 +127,12 @@ function rsettings($_action, $_data = null) { break; } } -function rspamd($_action, $_data = null) { +function rspamd_maps($_action, $_data = null) { global $pdo; global $lang; global $RSPAMD_MAPS; $_data_log = $_data; switch ($_action) { - case 'add': - if ($_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'][] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => 'access_denied' - ); - return false; - } - $content = $_data['content']; - $desc = $_data['desc']; - $active = intval($_data['active']); - if (empty($content)) { - $_SESSION['return'][] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => 'map_content_empty' - ); - return false; - } - try { - $stmt = $pdo->prepare("INSERT INTO `settingsmap` (`content`, `desc`, `active`) - VALUES (:content, :desc, :active)"); - $stmt->execute(array( - ':content' => $content, - ':desc' => $desc, - ':active' => $active - )); - } - catch (PDOException $e) { - $_SESSION['return'][] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => array('mysql_error', $e) - ); - return false; - } - $_SESSION['return'][] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => 'settings_map_added' - ); - break; case 'edit': if ($_SESSION['mailcow_cc_role'] != "admin") { $_SESSION['return'][] = array( @@ -255,59 +182,30 @@ function rspamd($_action, $_data = null) { ); } break; - case 'delete': - if ($_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'][] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => 'access_denied' - ); - return false; - } - $ids = (array)$_data['id']; - foreach ($ids as $id) { - try { - $stmt = $pdo->prepare("DELETE FROM `settingsmap` WHERE `id`= :id"); - $stmt->execute(array(':id' => $id)); - } - catch (PDOException $e) { - $_SESSION['return'][] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => array('mysql_error', $e) - ); - return false; - } - $_SESSION['return'][] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_action, $_data_log), - 'msg' => array('settings_map_removed', htmlspecialchars($id)) - ); - } - break; - case 'get': - if ($_SESSION['mailcow_cc_role'] != "admin") { - return false; - } - $settingsmaps = array(); - $stmt = $pdo->query("SELECT `id`, `desc`, `active` FROM `settingsmap`"); - $settingsmaps = $stmt->fetchAll(PDO::FETCH_ASSOC); - return $settingsmaps; - break; - case 'details': - if ($_SESSION['mailcow_cc_role'] != "admin" || !isset($_data)) { - return false; - } - $settingsmapdata = array(); - $stmt = $pdo->prepare("SELECT `id`, - `desc`, - `content`, - `active` - FROM `settingsmap` - WHERE `id` = :id"); - $stmt->execute(array(':id' => $_data)); - $settingsmapdata = $stmt->fetch(PDO::FETCH_ASSOC); - return $settingsmapdata; - break; } -} \ No newline at end of file +} +function rspamd_actions() { + if (isset($_SESSION["mailcow_cc_role"]) && $_SESSION["mailcow_cc_role"] == "admin") { + $curl = curl_init(); + curl_setopt($curl, CURLOPT_UNIX_SOCKET_PATH, '/var/lib/rspamd/rspamd.sock'); + curl_setopt($curl, CURLOPT_URL,"http://rspamd/stat"); + curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); + $data = curl_exec($curl); + if ($data) { + $return = array(); + $stats_array = json_decode($data, true)['actions']; + $stats_array['soft reject'] = $stats_array['soft reject'] + $stats_array['greylist']; + unset($stats_array['greylist']); + foreach ($stats_array as $action => $count) { + $return[] = array($action, $count); + } + return $return; + } + else { + return false; + } + } + else { + return false; + } +} diff --git a/data/web/inc/lib/WebAuthn/rootCertificates/nitro.pem b/data/web/inc/lib/WebAuthn/rootCertificates/nitro.pem new file mode 100644 index 00000000..9bd6ea21 --- /dev/null +++ b/data/web/inc/lib/WebAuthn/rootCertificates/nitro.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBmjCCAT8CFBZiBJbp2fT/LaRJ8Xwl9qhX62boMAoGCCqGSM49BAMCME4xCzAJ +BgNVBAYTAkRFMRYwFAYDVQQKDA1OaXRyb2tleSBHbWJIMRAwDgYDVQQLDAdSb290 +IENBMRUwEwYDVQQDDAxuaXRyb2tleS5jb20wIBcNMTkxMjA0MDczNTM1WhgPMjA2 +OTExMjEwNzM1MzVaME4xCzAJBgNVBAYTAkRFMRYwFAYDVQQKDA1OaXRyb2tleSBH +bWJIMRAwDgYDVQQLDAdSb290IENBMRUwEwYDVQQDDAxuaXRyb2tleS5jb20wWTAT +BgcqhkjOPQIBBggqhkjOPQMBBwNCAAQy6KIN2gXqaSMWdWir/Hnx58NBzjthYdNv +k95hdt7jCpyW2cHqLdQ5Sqcvo0CuordgDOach0ZGB60w9GZY8SHJMAoGCCqGSM49 +BAMCA0kAMEYCIQDLmdy2G2mM4rZKjl6CVfjV7khilIS5D3xRQzubeqzQNAIhAKIG +X29SfiB6K9k6Hb3q+q7bRn1o1dhV1cj592YYnu1/ +-----END CERTIFICATE----- diff --git a/data/web/inc/prerequisites.inc.php b/data/web/inc/prerequisites.inc.php index ee13c5fb..220c87cb 100644 --- a/data/web/inc/prerequisites.inc.php +++ b/data/web/inc/prerequisites.inc.php @@ -60,6 +60,7 @@ $formats = $GLOBALS['FIDO2_FORMATS']; $WebAuthn = new \WebAuthn\WebAuthn('WebAuthn Library', $_SERVER['HTTP_HOST'], $formats); $WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/solo.pem'); $WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/apple.pem'); +$WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/nitro.pem'); $WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/yubico.pem'); $WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/hypersecu.pem'); $WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/globalSign.pem'); diff --git a/data/web/json_api.php b/data/web/json_api.php index 04616819..e552b025 100644 --- a/data/web/json_api.php +++ b/data/web/json_api.php @@ -401,27 +401,16 @@ if (isset($_GET['query'])) { return; break; } - if (!isset($_SESSION['pending_mailcow_cc_username'])) { + if (isset($_SESSION['mailcow_cc_role'])) { switch ($category) { case "rspamd": switch ($object) { case "actions": - $curl = curl_init(); - curl_setopt($curl, CURLOPT_UNIX_SOCKET_PATH, '/var/lib/rspamd/rspamd.sock'); - curl_setopt($curl, CURLOPT_URL,"http://rspamd/stat"); - curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); - $data = curl_exec($curl); + $data = rspamd_actions(); if ($data) { - $return = array(); - $stats_array = json_decode($data, true)['actions']; - $stats_array['soft reject'] = $stats_array['soft reject'] + $stats_array['greylist']; - unset($stats_array['greylist']); - foreach ($stats_array as $action => $count) { - $return[] = array($action, $count); - } - echo json_encode($return, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT); + echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT); } - elseif (!isset($data) || empty($data)) { + else { echo '{}'; } break; @@ -1295,53 +1284,55 @@ if (isset($_GET['query'])) { } break; case "status": - switch ($object) { - case "containers": - $containers = (docker('info')); - foreach ($containers as $container => $container_info) { - $container . ' (' . $container_info['Config']['Image'] . ')'; - $containerstarttime = ($container_info['State']['StartedAt']); - $containerstate = ($container_info['State']['Status']); - $containerimage = ($container_info['Config']['Image']); - $temp[$container] = array( + if ($_SESSION['mailcow_cc_role'] == "admin") { + switch ($object) { + case "containers": + $containers = (docker('info')); + foreach ($containers as $container => $container_info) { + $container . ' (' . $container_info['Config']['Image'] . ')'; + $containerstarttime = ($container_info['State']['StartedAt']); + $containerstate = ($container_info['State']['Status']); + $containerimage = ($container_info['Config']['Image']); + $temp[$container] = array( + 'type' => 'info', + 'container' => $container, + 'state' => $containerstate, + 'started_at' => $containerstarttime, + 'image' => $containerimage + ); + } + echo json_encode($temp, JSON_UNESCAPED_SLASHES); + break; + case "vmail": + $exec_fields_vmail = array('cmd' => 'system', 'task' => 'df', 'dir' => '/var/vmail'); + $vmail_df = explode(',', json_decode(docker('post', 'dovecot-mailcow', 'exec', $exec_fields_vmail), true)); + $temp = array( 'type' => 'info', - 'container' => $container, - 'state' => $containerstate, - 'started_at' => $containerstarttime, - 'image' => $containerimage + 'disk' => $vmail_df[0], + 'used' => $vmail_df[2], + 'total'=> $vmail_df[1], + 'used_percent' => $vmail_df[4] ); - } - echo json_encode($temp, JSON_UNESCAPED_SLASHES); + echo json_encode($temp, JSON_UNESCAPED_SLASHES); break; - case "vmail": - $exec_fields_vmail = array('cmd' => 'system', 'task' => 'df', 'dir' => '/var/vmail'); - $vmail_df = explode(',', json_decode(docker('post', 'dovecot-mailcow', 'exec', $exec_fields_vmail), true)); - $temp = array( + case "solr": + $solr_status = solr_status(); + $solr_size = ($solr_status['status']['dovecot-fts']['index']['size']); + $solr_documents = ($solr_status['status']['dovecot-fts']['index']['numDocs']); + if (strtolower(getenv('SKIP_SOLR')) != 'n') { + $solr_enabled = false; + } + else { + $solr_enabled = true; + } + echo json_encode(array( 'type' => 'info', - 'disk' => $vmail_df[0], - 'used' => $vmail_df[2], - 'total'=> $vmail_df[1], - 'used_percent' => $vmail_df[4] - ); - echo json_encode($temp, JSON_UNESCAPED_SLASHES); - break; - case "solr": - $solr_status = solr_status(); - $solr_size = ($solr_status['status']['dovecot-fts']['index']['size']); - $solr_documents = ($solr_status['status']['dovecot-fts']['index']['numDocs']); - if (strtolower(getenv('SKIP_SOLR')) != 'n') { - $solr_enabled = false; + 'solr_enabled' => $solr_enabled, + 'solr_size' => $solr_size, + 'solr_documents' => $solr_documents + )); + break; } - else { - $solr_enabled = true; - } - echo json_encode(array( - 'type' => 'info', - 'solr_enabled' => $solr_enabled, - 'solr_size' => $solr_size, - 'solr_documents' => $solr_documents - )); - break; } break; break; diff --git a/data/web/lang/lang.de.json b/data/web/lang/lang.de.json index bf6272ce..46223842 100644 --- a/data/web/lang/lang.de.json +++ b/data/web/lang/lang.de.json @@ -419,6 +419,7 @@ "targetd_relay_domain": "Ziel-Domain %s ist eine Relay-Domain", "temp_error": "Temporärer Fehler", "text_empty": "Text darf nicht leer sein", + "tfa_token_invalid": "TFA Token ungültig", "tls_policy_map_dest_invalid": "Ziel ist ungültig", "tls_policy_map_entry_exists": "Eine TLS-Richtlinie \"%s\" existiert bereits", "tls_policy_map_parameter_invalid": "Parameter ist ungültig", diff --git a/data/web/lang/lang.en.json b/data/web/lang/lang.en.json index d34e34ac..51825450 100644 --- a/data/web/lang/lang.en.json +++ b/data/web/lang/lang.en.json @@ -419,6 +419,7 @@ "targetd_relay_domain": "Target domain %s is a relay domain", "temp_error": "Temporary error", "text_empty": "Text must not be empty", + "tfa_token_invalid": "TFA Token ungültig", "tls_policy_map_dest_invalid": "Policy destination is invalid", "tls_policy_map_entry_exists": "A TLS policy map entry \"%s\" exists", "tls_policy_map_parameter_invalid": "Policy parameter is invalid", @@ -904,6 +905,7 @@ "set_tfa": "Set two-factor authentication method", "start_u2f_validation": "Start validation", "tfa": "Two-factor authentication", + "tfa_token_invalid": "TFA Token ungültig", "totp": "Time-based OTP (Google Authenticator, Authy, etc.)", "u2f": "U2F authentication", "waiting_usb_auth": "Waiting for USB device...

Please tap the button on your USB device now.",