From fbf1c7b7c1a9a5c27034f329f1f402bd03ad1a2f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9?= Date: Tue, 23 Oct 2018 21:12:37 +0200 Subject: [PATCH] [DockerAPI] WIP: change of structure, add some more commands to control mail queue --- data/Dockerfiles/dockerapi/server.py | 315 ++++++++++++++++++--------- 1 file changed, 209 insertions(+), 106 deletions(-) diff --git a/data/Dockerfiles/dockerapi/server.py b/data/Dockerfiles/dockerapi/server.py index a161c8a6..4a8a8a71 100644 --- a/data/Dockerfiles/dockerapi/server.py +++ b/data/Dockerfiles/dockerapi/server.py @@ -1,6 +1,7 @@ from flask import Flask from flask_restful import Resource, Api from flask import jsonify +from flask import Response from flask import request from threading import Thread from OpenSSL import crypto @@ -71,112 +72,214 @@ class container_post(Resource): if not request.json or not 'cmd' in request.json: return jsonify(type='danger', msg='cmd is missing') - if request.json['cmd'] == 'df' and request.json['dir']: - try: - for container in docker_client.containers.list(filters={"id": container_id}): - # Should be changed to be able to validate a path - directory = re.sub('[^0-9a-zA-Z/]+', '', request.json['dir']) - df_return = container.exec_run(["/bin/bash", "-c", "/bin/df -H " + directory + " | /usr/bin/tail -n1 | /usr/bin/tr -s [:blank:] | /usr/bin/tr ' ' ','"], user='nobody') - if df_return.exit_code == 0: - return df_return.output.rstrip() - else: - return "0,0,0,0,0,0" - except Exception as e: - return jsonify(type='danger', msg=str(e)) - elif request.json['cmd'] == 'sieve_list' and request.json['username']: - try: - for container in docker_client.containers.list(filters={"id": container_id}): - sieve_return = container.exec_run(["/bin/bash", "-c", "/usr/local/bin/doveadm sieve list -u '" + request.json['username'].replace("'", "'\\''") + "'"]) - return sieve_return.output - except Exception as e: - return jsonify(type='danger', msg=str(e)) - elif request.json['cmd'] == 'sieve_print' and request.json['script_name'] and request.json['username']: - try: - for container in docker_client.containers.list(filters={"id": container_id}): - sieve_return = container.exec_run(["/bin/bash", "-c", "/usr/local/bin/doveadm sieve get -u '" + request.json['username'].replace("'", "'\\''") + "' '" + request.json['script_name'].replace("'", "'\\''") + "'"]) - return sieve_return.output - except Exception as e: - return jsonify(type='danger', msg=str(e)) - # not in use... - elif request.json['cmd'] == 'mail_crypt_generate' and request.json['username'] and request.json['old_password'] and request.json['new_password']: - try: - for container in docker_client.containers.list(filters={"id": container_id}): - # create if missing - crypto_generate = container.exec_run(["/bin/bash", "-c", "/usr/local/bin/doveadm mailbox cryptokey generate -u '" + request.json['username'].replace("'", "'\\''") + "' -URf"], user='vmail') - if crypto_generate.exit_code == 0: - # open a shell, bind stdin and return socket - cryptokey_shell = container.exec_run(["/bin/bash"], stdin=True, socket=True, user='vmail') - # command to be piped to shell - cryptokey_cmd = "/usr/local/bin/doveadm mailbox cryptokey password -u '" + request.json['username'].replace("'", "'\\''") + "' -n '" + request.json['new_password'].replace("'", "'\\''") + "' -o '" + request.json['old_password'].replace("'", "'\\''") + "'\n" - # socket is .output - cryptokey_socket = cryptokey_shell.output; - try : - # send command utf-8 encoded - cryptokey_socket.sendall(cryptokey_cmd.encode('utf-8')) - # we won't send more data than this - cryptokey_socket.shutdown(socket.SHUT_WR) - except socket.error: - # exit on socket error - return jsonify(type='danger', msg=str('socket error')) - # read response - cryptokey_response = recv_socket_data(cryptokey_socket) - crypto_error = re.search('dcrypt_key_load_private.+failed.+error', cryptokey_response) - if crypto_error is not None: - return jsonify(type='danger', msg=str("dcrypt_key_load_private error")) - return jsonify(type='success', msg=str("key pair generated")) - else: - return jsonify(type='danger', msg=str(crypto_generate.output)) - except Exception as e: - return jsonify(type='danger', msg=str(e)) - elif request.json['cmd'] == 'maildir_cleanup' and request.json['maildir']: - try: - for container in docker_client.containers.list(filters={"id": container_id}): - sane_name = re.sub(r'\W+', '', request.json['maildir']) - maildir_cleanup = container.exec_run(["/bin/bash", "-c", "if [[ -d '/var/vmail/" + request.json['maildir'].replace("'", "'\\''") + "' ]]; then /bin/mv '/var/vmail/" + request.json['maildir'].replace("'", "'\\''") + "' '/var/vmail/_garbage/" + str(int(time.time())) + "_" + sane_name + "'; fi"], user='vmail') - if maildir_cleanup.exit_code == 0: - return jsonify(type='success', msg=str("moved to garbage")) - else: - return jsonify(type='danger', msg=str(maildir_cleanup.output)) - except Exception as e: - return jsonify(type='danger', msg=str(e)) - elif request.json['cmd'] == 'worker_password' and request.json['raw']: - try: - for container in docker_client.containers.list(filters={"id": container_id}): - worker_shell = container.exec_run(["/bin/bash"], stdin=True, socket=True, user='_rspamd') - worker_cmd = "/usr/bin/rspamadm pw -e -p '" + request.json['raw'].replace("'", "'\\''") + "' 2> /dev/null\n" - worker_socket = worker_shell.output; - try : - worker_socket.sendall(worker_cmd.encode('utf-8')) - worker_socket.shutdown(socket.SHUT_WR) - except socket.error: - return jsonify(type='danger', msg=str('socket error')) - worker_response = recv_socket_data(worker_socket) - matched = False - for line in worker_response.split("\n"): - if '$2$' in line: - matched = True - hash = line.strip() - hash_out = re.search('\$2\$.+$', hash).group(0) - f = open("/access.inc", "w") - f.write('enable_password = "' + re.sub('[^0-9a-zA-Z\$]+', '', hash_out.rstrip()) + '";\n') - f.close() - container.restart() - if matched: - return jsonify(type='success', msg='command completed successfully') - else: - return jsonify(type='danger', msg='command did not complete') - except Exception as e: - return jsonify(type='danger', msg=str(e)) - elif request.json['cmd'] == 'mailman_password' and request.json['email'] and request.json['passwd']: - try: - for container in docker_client.containers.list(filters={"id": container_id}): - add_su = container.exec_run(["/bin/bash", "-c", "/opt/mm_web/add_su.py '" + request.json['passwd'].replace("'", "'\\''") + "' '" + request.json['email'].replace("'", "'\\''") + "'"], user='mailman') - if add_su.exit_code == 0: - return jsonify(type='success', msg='command completed successfully') - else: - return jsonify(type='danger', msg='command did not complete, exit code was ' + int(add_su.exit_code)) - except Exception as e: - return jsonify(type='danger', msg=str(e)) + if request.json['cmd'] == 'mailq': + if 'items' in request.json: + # Check if queue id is valid + r = re.compile("^[0-9a-fA-F]+$") + filtered_qids = filter(r.match, request.json['items']) + if filtered_qids: + if request.json['task'] == 'delete': + flagged_qids = ['-d %s' % i for i in filtered_qids] + sanitized_string = str(' '.join(flagged_qids)); + try: + for container in docker_client.containers.list(filters={"id": container_id}): + postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string]) + if postsuper_r.exit_code == 0: + return jsonify(type='success', msg='command completed successfully') + else: + return jsonify(type='danger', msg=str(postsuper_r.output)) + except Exception as e: + return jsonify(type='danger', msg=str(e)) + if request.json['task'] == 'hold': + flagged_qids = ['-h %s' % i for i in filtered_qids] + sanitized_string = str(' '.join(flagged_qids)); + try: + for container in docker_client.containers.list(filters={"id": container_id}): + postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string]) + if postsuper_r.exit_code == 0: + return jsonify(type='success', msg='command completed successfully') + else: + return jsonify(type='danger', msg=str(postsuper_r.output)) + except Exception as e: + return jsonify(type='danger', msg=str(e)) + if request.json['task'] == 'unhold': + flagged_qids = ['-H %s' % i for i in filtered_qids] + sanitized_string = str(' '.join(flagged_qids)); + try: + for container in docker_client.containers.list(filters={"id": container_id}): + postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string]) + if postsuper_r.exit_code == 0: + return jsonify(type='success', msg='command completed successfully') + else: + return jsonify(type='danger', msg=str(postsuper_r.output)) + except Exception as e: + return jsonify(type='danger', msg=str(e)) + if request.json['task'] == 'deliver': + flagged_qids = ['-i %s' % i for i in filtered_qids] + try: + for container in docker_client.containers.list(filters={"id": container_id}): + for i in flagged_qids: + postqueue_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postqueue " + i], user='postfix') + # todo: check each exit code + return jsonify(type='success', msg=str("Scheduled immediate delivery")) + except Exception as e: + return jsonify(type='danger', msg=str(e)) + elif request.json['task'] == 'list': + try: + for container in docker_client.containers.list(filters={"id": container_id}): + mailq_return = container.exec_run(["/usr/sbin/postqueue", "-j"], user='postfix') + if mailq_return.exit_code == 0: + # We want plain text content from Postfix + r = Response(response=mailq_return.output, status=200, mimetype="text/plain") + r.headers["Content-Type"] = "text/plain; charset=utf-8" + return r + except Exception as e: + return jsonify(type='danger', msg=str(e)) + elif request.json['task'] == 'flush': + try: + for container in docker_client.containers.list(filters={"id": container_id}): + postqueue_r = container.exec_run(["/usr/sbin/postqueue", "-f"], user='postfix') + if postqueue_r.exit_code == 0: + return jsonify(type='success', msg='command completed successfully') + else: + return jsonify(type='danger', msg=str(postqueue_r.output)) + except Exception as e: + return jsonify(type='danger', msg=str(e)) + elif request.json['task'] == 'super_delete': + try: + for container in docker_client.containers.list(filters={"id": container_id}): + postsuper_r = container.exec_run(["/usr/sbin/postsuper", "-d", "ALL"]) + if postsuper_r.exit_code == 0: + return jsonify(type='success', msg='command completed successfully') + else: + return jsonify(type='danger', msg=str(postsuper_r.output)) + except Exception as e: + return jsonify(type='danger', msg=str(e)) + + elif request.json['cmd'] == 'system': + if request.json['task'] == 'df': + if 'dir' in request.json: + try: + for container in docker_client.containers.list(filters={"id": container_id}): + # Should be changed to be able to validate a path + directory = re.sub('[^0-9a-zA-Z/]+', '', request.json['dir']) + df_return = container.exec_run(["/bin/bash", "-c", "/bin/df -H " + directory + " | /usr/bin/tail -n1 | /usr/bin/tr -s [:blank:] | /usr/bin/tr ' ' ','"], user='nobody') + if df_return.exit_code == 0: + return df_return.output.rstrip() + else: + return "0,0,0,0,0,0" + except Exception as e: + return jsonify(type='danger', msg=str(e)) + + elif request.json['cmd'] == 'sieve': + if request.json['task'] == 'list': + if 'username' in request.json: + try: + for container in docker_client.containers.list(filters={"id": container_id}): + sieve_return = container.exec_run(["/bin/bash", "-c", "/usr/local/bin/doveadm sieve list -u '" + request.json['username'].replace("'", "'\\''") + "'"]) + r = Response(response=sieve_return.output, status=200, mimetype="text/plain") + r.headers["Content-Type"] = "text/plain; charset=utf-8" + return r + except Exception as e: + return jsonify(type='danger', msg=str(e)) + elif request.json['task'] == 'print': + if 'username' in request.json and 'script_name' in request.json: + try: + for container in docker_client.containers.list(filters={"id": container_id}): + sieve_return = container.exec_run(["/bin/bash", "-c", "/usr/local/bin/doveadm sieve get -u '" + request.json['username'].replace("'", "'\\''") + "' '" + request.json['script_name'].replace("'", "'\\''") + "'"]) + r = Response(response=sieve_return.output, status=200, mimetype="text/plain") + r.headers["Content-Type"] = "text/plain; charset=utf-8" + return r + except Exception as e: + return jsonify(type='danger', msg=str(e)) + + # elif request.json['cmd'] == 'mail_crypt_generate' and request.json['username'] and request.json['old_password'] and request.json['new_password']: + # try: + # for container in docker_client.containers.list(filters={"id": container_id}): + # # create if missing + # crypto_generate = container.exec_run(["/bin/bash", "-c", "/usr/local/bin/doveadm mailbox cryptokey generate -u '" + request.json['username'].replace("'", "'\\''") + "' -URf"], user='vmail') + # if crypto_generate.exit_code == 0: + # # open a shell, bind stdin and return socket + # cryptokey_shell = container.exec_run(["/bin/bash"], stdin=True, socket=True, user='vmail') + # # command to be piped to shell + # cryptokey_cmd = "/usr/local/bin/doveadm mailbox cryptokey password -u '" + request.json['username'].replace("'", "'\\''") + "' -n '" + request.json['new_password'].replace("'", "'\\''") + "' -o '" + request.json['old_password'].replace("'", "'\\''") + "'\n" + # # socket is .output + # cryptokey_socket = cryptokey_shell.output; + # try : + # # send command utf-8 encoded + # cryptokey_socket.sendall(cryptokey_cmd.encode('utf-8')) + # # we won't send more data than this + # cryptokey_socket.shutdown(socket.SHUT_WR) + # except socket.error: + # # exit on socket error + # return jsonify(type='danger', msg=str('socket error')) + # # read response + # cryptokey_response = recv_socket_data(cryptokey_socket) + # crypto_error = re.search('dcrypt_key_load_private.+failed.+error', cryptokey_response) + # if crypto_error is not None: + # return jsonify(type='danger', msg=str("dcrypt_key_load_private error")) + # return jsonify(type='success', msg=str("key pair generated")) + # else: + # return jsonify(type='danger', msg=str(crypto_generate.output)) + # except Exception as e: + # return jsonify(type='danger', msg=str(e)) + + elif request.json['cmd'] == 'maildir': + if request.json['task'] == 'cleanup': + if 'maildir' in request.json: + try: + for container in docker_client.containers.list(filters={"id": container_id}): + sane_name = re.sub(r'\W+', '', request.json['maildir']) + maildir_cleanup = container.exec_run(["/bin/bash", "-c", "if [[ -d '/var/vmail/" + request.json['maildir'].replace("'", "'\\''") + "' ]]; then /bin/mv '/var/vmail/" + request.json['maildir'].replace("'", "'\\''") + "' '/var/vmail/_garbage/" + str(int(time.time())) + "_" + sane_name + "'; fi"], user='vmail') + if maildir_cleanup.exit_code == 0: + return jsonify(type='success', msg=str("moved to garbage")) + else: + return jsonify(type='danger', msg=str(maildir_cleanup.output)) + except Exception as e: + return jsonify(type='danger', msg=str(e)) + + elif request.json['cmd'] == 'rspamd': + if request.json['task'] == 'worker_password': + if 'raw' in request.json: + try: + for container in docker_client.containers.list(filters={"id": container_id}): + worker_shell = container.exec_run(["/bin/bash"], stdin=True, socket=True, user='_rspamd') + worker_cmd = "/usr/bin/rspamadm pw -e -p '" + request.json['raw'].replace("'", "'\\''") + "' 2> /dev/null\n" + worker_socket = worker_shell.output; + try : + worker_socket.sendall(worker_cmd.encode('utf-8')) + worker_socket.shutdown(socket.SHUT_WR) + except socket.error: + return jsonify(type='danger', msg=str('socket error')) + worker_response = recv_socket_data(worker_socket) + matched = False + for line in worker_response.split("\n"): + if '$2$' in line: + matched = True + hash = line.strip() + hash_out = re.search('\$2\$.+$', hash).group(0) + f = open("/access.inc", "w") + f.write('enable_password = "' + re.sub('[^0-9a-zA-Z\$]+', '', hash_out.rstrip()) + '";\n') + f.close() + container.restart() + if matched: + return jsonify(type='success', msg='command completed successfully') + else: + return jsonify(type='danger', msg='command did not complete') + except Exception as e: + return jsonify(type='danger', msg=str(e)) + # elif request.json['cmd'] == 'mailman': + # if request.json['task'] == 'password': + # if request.json['email'] and request.json['passwd']: + # try: + # for container in docker_client.containers.list(filters={"id": container_id}): + # add_su = container.exec_run(["/bin/bash", "-c", "/opt/mm_web/add_su.py '" + request.json['passwd'].replace("'", "'\\''") + "' '" + request.json['email'].replace("'", "'\\''") + "'"], user='mailman') + # if add_su.exit_code == 0: + # return jsonify(type='success', msg='command completed successfully') + # else: + # return jsonify(type='danger', msg='command did not complete, exit code was ' + int(add_su.exit_code)) + # except Exception as e: + # return jsonify(type='danger', msg=str(e)) else: return jsonify(type='danger', msg='Unknown command')