paxton
/
mailcow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Web] Cleanup Rspamd, other fixes

master
andryyy 2020-11-25 16:10:33 +01:00
parent 0a593bfe7b
commit 8d05d4a51d
No known key found for this signature in database
GPG Key ID: 8EC34FF2794E25EF
7 changed files with 112 additions and 208 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
data/web/inc/functions.inc.php
View File

@ -1059,12 +1059,12 @@ function fido2($_data) {
$_SESSION['mailcow_cc_role'] != "admin") { $_SESSION['mailcow_cc_role'] != "admin") {
return false; return false;
} }
$stmt = $pdo->prepare("SELECT SHA2(`credentialId`, 256) AS `cid`, `certificateSubject`, `friendlyName` FROM `fido2` WHERE `username` = :username"); $stmt = $pdo->prepare("SELECT SHA2(`credentialId`, 256) AS `cid`, `created`, `certificateSubject`, `friendlyName` FROM `fido2` WHERE `username` = :username");
$stmt->execute(array(':username' => $username)); $stmt->execute(array(':username' => $username));
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC); $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
while($row = array_shift($rows)) { while($row = array_shift($rows)) {
$fns[] = array( $fns[] = array(
"subject" => $row['certificateSubject'], "subject" => (empty($row['certificateSubject']) ? 'Unknown (' . $row['created'] . ')' : $row['certificateSubject']),
"fn" => $row['friendlyName'], "fn" => $row['friendlyName'],
"cid" => $row['cid'] "cid" => $row['cid']
); );

196
data/web/inc/functions.rspamd.inc.php
View File

@ -24,23 +24,13 @@ function rsettings($_action, $_data = null) {
); );
return false; return false;
} }
try { $stmt = $pdo->prepare("INSERT INTO `settingsmap` (`content`, `desc`, `active`)
$stmt = $pdo->prepare("INSERT INTO `settingsmap` (`content`, `desc`, `active`) VALUES (:content, :desc, :active)");
VALUES (:content, :desc, :active)"); $stmt->execute(array(
$stmt->execute(array( ':content' => $content,
':content' => $content, ':desc' => $desc,
':desc' => $desc, ':active' => $active
':active' => $active ));
));
}
catch (PDOException $e) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('mysql_error', $e)
);
return false;
}
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
'type' => 'success', 'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log), 'log' => array(__FUNCTION__, $_action, $_data_log),
@ -73,27 +63,17 @@ function rsettings($_action, $_data = null) {
continue; continue;
} }
$content = trim($content); $content = trim($content);
try { $stmt = $pdo->prepare("UPDATE `settingsmap` SET
$stmt = $pdo->prepare("UPDATE `settingsmap` SET `content` = :content,
`content` = :content, `desc` = :desc,
`desc` = :desc, `active` = :active
`active` = :active WHERE `id` = :id");
WHERE `id` = :id"); $stmt->execute(array(
$stmt->execute(array( ':content' => $content,
':content' => $content, ':desc' => $desc,
':desc' => $desc, ':active' => $active,
':active' => $active, ':id' => $id
':id' => $id ));
));
}
catch (PDOException $e) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('mysql_error', $e)
);
continue;
}
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
'type' => 'success', 'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log), 'log' => array(__FUNCTION__, $_action, $_data_log),
@ -112,18 +92,8 @@ function rsettings($_action, $_data = null) {
} }
$ids = (array)$_data['id']; $ids = (array)$_data['id'];
foreach ($ids as $id) { foreach ($ids as $id) {
try { $stmt = $pdo->prepare("DELETE FROM `settingsmap` WHERE `id`= :id");
$stmt = $pdo->prepare("DELETE FROM `settingsmap` WHERE `id`= :id"); $stmt->execute(array(':id' => $id));
$stmt->execute(array(':id' => $id));
}
catch (PDOException $e) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('mysql_error', $e)
);
return false;
}
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
'type' => 'success', 'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log), 'log' => array(__FUNCTION__, $_action, $_data_log),
@ -157,55 +127,12 @@ function rsettings($_action, $_data = null) {
break; break;
} }
} }
function rspamd($_action, $_data = null) { function rspamd_maps($_action, $_data = null) {
global $pdo; global $pdo;
global $lang; global $lang;
global $RSPAMD_MAPS; global $RSPAMD_MAPS;
$_data_log = $_data; $_data_log = $_data;
switch ($_action) { switch ($_action) {
case 'add':
if ($_SESSION['mailcow_cc_role'] != "admin") {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'access_denied'
);
return false;
}
$content = $_data['content'];
$desc = $_data['desc'];
$active = intval($_data['active']);
if (empty($content)) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'map_content_empty'
);
return false;
}
try {
$stmt = $pdo->prepare("INSERT INTO `settingsmap` (`content`, `desc`, `active`)
VALUES (:content, :desc, :active)");
$stmt->execute(array(
':content' => $content,
':desc' => $desc,
':active' => $active
));
}
catch (PDOException $e) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('mysql_error', $e)
);
return false;
}
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'settings_map_added'
);
break;
case 'edit': case 'edit':
if ($_SESSION['mailcow_cc_role'] != "admin") { if ($_SESSION['mailcow_cc_role'] != "admin") {
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
@ -255,59 +182,30 @@ function rspamd($_action, $_data = null) {
); );
} }
break; break;
case 'delete':
if ($_SESSION['mailcow_cc_role'] != "admin") {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'access_denied'
);
return false;
}
$ids = (array)$_data['id'];
foreach ($ids as $id) {
try {
$stmt = $pdo->prepare("DELETE FROM `settingsmap` WHERE `id`= :id");
$stmt->execute(array(':id' => $id));
}
catch (PDOException $e) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('mysql_error', $e)
);
return false;
}
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('settings_map_removed', htmlspecialchars($id))
);
}
break;
case 'get':
if ($_SESSION['mailcow_cc_role'] != "admin") {
return false;
}
$settingsmaps = array();
$stmt = $pdo->query("SELECT `id`, `desc`, `active` FROM `settingsmap`");
$settingsmaps = $stmt->fetchAll(PDO::FETCH_ASSOC);
return $settingsmaps;
break;
case 'details':
if ($_SESSION['mailcow_cc_role'] != "admin" || !isset($_data)) {
return false;
}
$settingsmapdata = array();
$stmt = $pdo->prepare("SELECT `id`,
`desc`,
`content`,
`active`
FROM `settingsmap`
WHERE `id` = :id");
$stmt->execute(array(':id' => $_data));
$settingsmapdata = $stmt->fetch(PDO::FETCH_ASSOC);
return $settingsmapdata;
break;
} }
} }
function rspamd_actions() {
if (isset($_SESSION["mailcow_cc_role"]) && $_SESSION["mailcow_cc_role"] == "admin") {
$curl = curl_init();
curl_setopt($curl, CURLOPT_UNIX_SOCKET_PATH, '/var/lib/rspamd/rspamd.sock');
curl_setopt($curl, CURLOPT_URL,"http://rspamd/stat");
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$data = curl_exec($curl);
if ($data) {
$return = array();
$stats_array = json_decode($data, true)['actions'];
$stats_array['soft reject'] = $stats_array['soft reject'] + $stats_array['greylist'];
unset($stats_array['greylist']);
foreach ($stats_array as $action => $count) {
$return[] = array($action, $count);
}
return $return;
}
else {
return false;
}
}
else {
return false;
}
}

11
data/web/inc/lib/WebAuthn/rootCertificates/nitro.pem 100644
View File

@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBmjCCAT8CFBZiBJbp2fT/LaRJ8Xwl9qhX62boMAoGCCqGSM49BAMCME4xCzAJ
BgNVBAYTAkRFMRYwFAYDVQQKDA1OaXRyb2tleSBHbWJIMRAwDgYDVQQLDAdSb290
IENBMRUwEwYDVQQDDAxuaXRyb2tleS5jb20wIBcNMTkxMjA0MDczNTM1WhgPMjA2
OTExMjEwNzM1MzVaME4xCzAJBgNVBAYTAkRFMRYwFAYDVQQKDA1OaXRyb2tleSBH
bWJIMRAwDgYDVQQLDAdSb290IENBMRUwEwYDVQQDDAxuaXRyb2tleS5jb20wWTAT
BgcqhkjOPQIBBggqhkjOPQMBBwNCAAQy6KIN2gXqaSMWdWir/Hnx58NBzjthYdNv
k95hdt7jCpyW2cHqLdQ5Sqcvo0CuordgDOach0ZGB60w9GZY8SHJMAoGCCqGSM49
BAMCA0kAMEYCIQDLmdy2G2mM4rZKjl6CVfjV7khilIS5D3xRQzubeqzQNAIhAKIG
X29SfiB6K9k6Hb3q+q7bRn1o1dhV1cj592YYnu1/
-----END CERTIFICATE-----

1
data/web/inc/prerequisites.inc.php
View File

@ -60,6 +60,7 @@ $formats = $GLOBALS['FIDO2_FORMATS'];
$WebAuthn = new \WebAuthn\WebAuthn('WebAuthn Library', $_SERVER['HTTP_HOST'], $formats); $WebAuthn = new \WebAuthn\WebAuthn('WebAuthn Library', $_SERVER['HTTP_HOST'], $formats);
$WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/solo.pem'); $WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/solo.pem');
$WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/apple.pem'); $WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/apple.pem');
$WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/nitro.pem');
$WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/yubico.pem'); $WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/yubico.pem');
$WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/hypersecu.pem'); $WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/hypersecu.pem');
$WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/globalSign.pem'); $WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates/globalSign.pem');

105
data/web/json_api.php
View File

@ -401,27 +401,16 @@ if (isset($_GET['query'])) {
return; return;
break; break;
} }
if (!isset($_SESSION['pending_mailcow_cc_username'])) { if (isset($_SESSION['mailcow_cc_role'])) {
switch ($category) { switch ($category) {
case "rspamd": case "rspamd":
switch ($object) { switch ($object) {
case "actions": case "actions":
$curl = curl_init(); $data = rspamd_actions();
curl_setopt($curl, CURLOPT_UNIX_SOCKET_PATH, '/var/lib/rspamd/rspamd.sock');
curl_setopt($curl, CURLOPT_URL,"http://rspamd/stat");
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$data = curl_exec($curl);
if ($data) { if ($data) {
$return = array(); echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
$stats_array = json_decode($data, true)['actions'];
$stats_array['soft reject'] = $stats_array['soft reject'] + $stats_array['greylist'];
unset($stats_array['greylist']);
foreach ($stats_array as $action => $count) {
$return[] = array($action, $count);
}
echo json_encode($return, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
} }
elseif (!isset($data) || empty($data)) { else {
echo '{}'; echo '{}';
} }
break; break;
@ -1295,53 +1284,55 @@ if (isset($_GET['query'])) {
} }
break; break;
case "status": case "status":
switch ($object) { if ($_SESSION['mailcow_cc_role'] == "admin") {
case "containers": switch ($object) {
$containers = (docker('info')); case "containers":
foreach ($containers as $container => $container_info) { $containers = (docker('info'));
$container . ' (' . $container_info['Config']['Image'] . ')'; foreach ($containers as $container => $container_info) {
$containerstarttime = ($container_info['State']['StartedAt']); $container . ' (' . $container_info['Config']['Image'] . ')';
$containerstate = ($container_info['State']['Status']); $containerstarttime = ($container_info['State']['StartedAt']);
$containerimage = ($container_info['Config']['Image']); $containerstate = ($container_info['State']['Status']);
$temp[$container] = array( $containerimage = ($container_info['Config']['Image']);
$temp[$container] = array(
'type' => 'info',
'container' => $container,
'state' => $containerstate,
'started_at' => $containerstarttime,
'image' => $containerimage
);
}
echo json_encode($temp, JSON_UNESCAPED_SLASHES);
break;
case "vmail":
$exec_fields_vmail = array('cmd' => 'system', 'task' => 'df', 'dir' => '/var/vmail');
$vmail_df = explode(',', json_decode(docker('post', 'dovecot-mailcow', 'exec', $exec_fields_vmail), true));
$temp = array(
'type' => 'info', 'type' => 'info',
'container' => $container, 'disk' => $vmail_df[0],
'state' => $containerstate, 'used' => $vmail_df[2],
'started_at' => $containerstarttime, 'total'=> $vmail_df[1],
'image' => $containerimage 'used_percent' => $vmail_df[4]
); );
} echo json_encode($temp, JSON_UNESCAPED_SLASHES);
echo json_encode($temp, JSON_UNESCAPED_SLASHES);
break; break;
case "vmail": case "solr":
$exec_fields_vmail = array('cmd' => 'system', 'task' => 'df', 'dir' => '/var/vmail'); $solr_status = solr_status();
$vmail_df = explode(',', json_decode(docker('post', 'dovecot-mailcow', 'exec', $exec_fields_vmail), true)); $solr_size = ($solr_status['status']['dovecot-fts']['index']['size']);
$temp = array( $solr_documents = ($solr_status['status']['dovecot-fts']['index']['numDocs']);
if (strtolower(getenv('SKIP_SOLR')) != 'n') {
$solr_enabled = false;
}
else {
$solr_enabled = true;
}
echo json_encode(array(
'type' => 'info', 'type' => 'info',
'disk' => $vmail_df[0], 'solr_enabled' => $solr_enabled,
'used' => $vmail_df[2], 'solr_size' => $solr_size,
'total'=> $vmail_df[1], 'solr_documents' => $solr_documents
'used_percent' => $vmail_df[4] ));
); break;
echo json_encode($temp, JSON_UNESCAPED_SLASHES);
break;
case "solr":
$solr_status = solr_status();
$solr_size = ($solr_status['status']['dovecot-fts']['index']['size']);
$solr_documents = ($solr_status['status']['dovecot-fts']['index']['numDocs']);
if (strtolower(getenv('SKIP_SOLR')) != 'n') {
$solr_enabled = false;
} }
else {
$solr_enabled = true;
}
echo json_encode(array(
'type' => 'info',
'solr_enabled' => $solr_enabled,
'solr_size' => $solr_size,
'solr_documents' => $solr_documents
));
break;
} }
break; break;
break; break;

1
data/web/lang/lang.de.json
View File

@ -419,6 +419,7 @@
"targetd_relay_domain": "Ziel-Domain %s ist eine Relay-Domain", "targetd_relay_domain": "Ziel-Domain %s ist eine Relay-Domain",
"temp_error": "Temporärer Fehler", "temp_error": "Temporärer Fehler",
"text_empty": "Text darf nicht leer sein", "text_empty": "Text darf nicht leer sein",
"tfa_token_invalid": "TFA Token ungültig",
"tls_policy_map_dest_invalid": "Ziel ist ungültig", "tls_policy_map_dest_invalid": "Ziel ist ungültig",
"tls_policy_map_entry_exists": "Eine TLS-Richtlinie \"%s\" existiert bereits", "tls_policy_map_entry_exists": "Eine TLS-Richtlinie \"%s\" existiert bereits",
"tls_policy_map_parameter_invalid": "Parameter ist ungültig", "tls_policy_map_parameter_invalid": "Parameter ist ungültig",

2
data/web/lang/lang.en.json
View File

@ -419,6 +419,7 @@
"targetd_relay_domain": "Target domain %s is a relay domain", "targetd_relay_domain": "Target domain %s is a relay domain",
"temp_error": "Temporary error", "temp_error": "Temporary error",
"text_empty": "Text must not be empty", "text_empty": "Text must not be empty",
"tfa_token_invalid": "TFA Token ungültig",
"tls_policy_map_dest_invalid": "Policy destination is invalid", "tls_policy_map_dest_invalid": "Policy destination is invalid",
"tls_policy_map_entry_exists": "A TLS policy map entry \"%s\" exists", "tls_policy_map_entry_exists": "A TLS policy map entry \"%s\" exists",
"tls_policy_map_parameter_invalid": "Policy parameter is invalid", "tls_policy_map_parameter_invalid": "Policy parameter is invalid",
@ -904,6 +905,7 @@
"set_tfa": "Set two-factor authentication method", "set_tfa": "Set two-factor authentication method",
"start_u2f_validation": "Start validation", "start_u2f_validation": "Start validation",
"tfa": "Two-factor authentication", "tfa": "Two-factor authentication",
"tfa_token_invalid": "TFA Token ungültig",
"totp": "Time-based OTP (Google Authenticator, Authy, etc.)", "totp": "Time-based OTP (Google Authenticator, Authy, etc.)",
"u2f": "U2F authentication", "u2f": "U2F authentication",
"waiting_usb_auth": "<i>Waiting for USB device...</i><br><br>Please tap the button on your USB device now.", "waiting_usb_auth": "<i>Waiting for USB device...</i><br><br>Please tap the button on your USB device now.",