Page Menu
Home
WMGMC Issues
搜索
Configure Global Search
登录
Files
F16002
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
订阅
标记用于日后
授予令牌
Size
19 KB
Referenced Files
None
订阅者
None
View Options
diff --git a/data/web/inc/ajax/dns_diagnostics.php b/data/web/inc/ajax/dns_diagnostics.php
index 5f8e9aae..bc7b52d1 100644
--- a/data/web/inc/ajax/dns_diagnostics.php
+++ b/data/web/inc/ajax/dns_diagnostics.php
@@ -1,427 +1,427 @@
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/spf.inc.php';
define('state_good', '<span class="glyphicon glyphicon-ok text-success"></span>');
define('state_missing', '<span class="glyphicon glyphicon-remove text-danger"></span>');
define('state_nomatch', "?");
define('state_optional', " <sup>2</sup>");
if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "admin"|| $_SESSION['mailcow_cc_role'] == "domainadmin")) {
$domains = mailbox('get', 'domains');
$alias_domains = array();
foreach($domains as $dn) {
$alias_domains = array_merge($alias_domains, mailbox('get', 'alias_domains', $dn));
}
$domains = array_merge($domains, $alias_domains);
if (isset($_GET['domain'])) {
if (is_valid_domain_name($_GET['domain'])) {
if (in_array($_GET['domain'], $domains)) {
$domain = $_GET['domain'];
}
else {
echo "No such domain in context";
- die();
+ exit();
}
}
else {
echo "Invalid domain name";
- die();
+ exit();
}
}
$ch = curl_init('http://ip4.mailcow.email');
curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
curl_setopt($ch, CURLOPT_VERBOSE, false);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 3);
$ip = curl_exec($ch);
curl_close($ch);
$ch = curl_init('http://ip6.mailcow.email');
curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V6);
curl_setopt($ch, CURLOPT_VERBOSE, false);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 3);
$ip6 = curl_exec($ch);
curl_close($ch);
$ptr = implode('.', array_reverse(explode('.', $ip))) . '.in-addr.arpa';
if (!empty($ip6)) {
$ip6_full = str_replace('::', str_repeat(':', 9-substr_count($ip6, ':')), $ip6);
$ip6_full = str_replace('::', ':0:', $ip6_full);
$ip6_full = str_replace('::', ':0:', $ip6_full);
$ptr6 = '';
foreach (explode(':', $ip6_full) as $part) {
$ptr6 .= str_pad($part, 4, '0', STR_PAD_LEFT);
}
$ptr6 = implode('.', array_reverse(str_split($ptr6, 1))) . '.ip6.arpa';
}
$https_port = strpos($_SERVER['HTTP_HOST'], ':');
if ($https_port === FALSE) {
$https_port = 443;
}
else {
$https_port = substr($_SERVER['HTTP_HOST'], $https_port+1);
}
if (!isset($autodiscover_config['sieve'])) {
$autodiscover_config['sieve'] = array('server' => $mailcow_hostname, 'port' => array_pop(explode(':', getenv('SIEVE_PORT'))));
}
// Init records array
$spf_link = '<a href="https://en.wikipedia.org/wiki/Sender_Policy_Framework" target="_blank">SPF Record Syntax</a><br />';
$dmarc_link = '<a href="https://www.kitterman.com/dmarc/assistant.html" target="_blank">DMARC Assistant</a>';
$records = array();
if ($_SESSION['mailcow_cc_role'] == "admin") {
$records[] = array(
$mailcow_hostname,
'A',
$ip
);
$records[] = array(
$ptr,
'PTR',
$mailcow_hostname
);
if (!empty($ip6)) {
$records[] = array(
$mailcow_hostname,
'AAAA',
$ip6
);
$records[] = array(
$ptr6,
'PTR',
$mailcow_hostname
);
}
$records[] = array(
'_25._tcp.'.$autodiscover_config['smtp']['server'],
'TLSA',
generate_tlsa_digest($autodiscover_config['smtp']['server'], 25, 1)
);
if (!in_array($domain, $alias_domains)) {
$records[] = array(
'_'.$https_port.
'._tcp.'.$mailcow_hostname,
'TLSA',
generate_tlsa_digest($mailcow_hostname, $https_port)
);
$records[] = array(
'_'.$autodiscover_config['pop3']['tlsport'].
'._tcp.'.$autodiscover_config['pop3']['server'],
'TLSA',
generate_tlsa_digest($autodiscover_config['pop3']['server'], $autodiscover_config['pop3']['tlsport'], 1)
);
$records[] = array(
'_'.$autodiscover_config['imap']['tlsport'].
'._tcp.'.$autodiscover_config['imap']['server'],
'TLSA',
generate_tlsa_digest($autodiscover_config['imap']['server'], $autodiscover_config['imap']['tlsport'], 1)
);
$records[] = array(
'_'.$autodiscover_config['smtp']['port'].
'._tcp.'.$autodiscover_config['smtp']['server'],
'TLSA',
generate_tlsa_digest($autodiscover_config['smtp']['server'], $autodiscover_config['smtp']['port'])
);
$records[] = array(
'_'.$autodiscover_config['smtp']['tlsport'].
'._tcp.'.$autodiscover_config['smtp']['server'],
'TLSA',
generate_tlsa_digest($autodiscover_config['smtp']['server'], $autodiscover_config['smtp']['tlsport'], 1)
);
$records[] = array(
'_'.$autodiscover_config['imap']['port'].
'._tcp.'.$autodiscover_config['imap']['server'],
'TLSA',
generate_tlsa_digest($autodiscover_config['imap']['server'], $autodiscover_config['imap']['port'])
);
$records[] = array(
'_'.$autodiscover_config['pop3']['port'].
'._tcp.'.$autodiscover_config['pop3']['server'],
'TLSA',
generate_tlsa_digest($autodiscover_config['pop3']['server'], $autodiscover_config['pop3']['port'])
);
$records[] = array(
'_'.$autodiscover_config['sieve']['port'].
'._tcp.'.$autodiscover_config['sieve']['server'],
'TLSA',
generate_tlsa_digest($autodiscover_config['sieve']['server'], $autodiscover_config['sieve']['port'], 1)
);
}
}
$records[] = array(
$domain,
'MX',
$mailcow_hostname
);
if (!in_array($domain, $alias_domains)) {
$records[] = array(
'autodiscover.'.$domain,
'CNAME',
$mailcow_hostname
);
$records[] = array(
'_autodiscover._tcp.'.$domain,
'SRV',
$mailcow_hostname.
' '.$https_port
);
$records[] = array(
'autoconfig.'.$domain,
'CNAME',
$mailcow_hostname
);
}
$records[] = array(
$domain,
'TXT',
$spf_link,
state_optional
);
$records[] = array(
'_dmarc.'.$domain,
'TXT',
$dmarc_link,
state_optional
);
if (!empty($dkim = dkim('details', $domain))) {
$records[] = array(
$dkim['dkim_selector'] . '._domainkey.' . $domain,
'TXT',
$dkim['dkim_txt']
);
}
if (!in_array($domain, $alias_domains)) {
$current_records = dns_get_record('_pop3._tcp.' . $domain, DNS_SRV);
if (count($current_records) == 0 || $current_records[0]['target'] != '') {
if ($autodiscover_config['pop3']['tlsport'] != '110') {
$records[] = array(
'_pop3._tcp.' . $domain,
'SRV',
$autodiscover_config['pop3']['server'] . ' ' . $autodiscover_config['pop3']['tlsport']
);
}
}
else {
$records[] = array(
'_pop3._tcp.' . $domain,
'SRV',
'. 0'
);
}
$current_records = dns_get_record('_pop3s._tcp.' . $domain, DNS_SRV);
if (count($current_records) == 0 || $current_records[0]['target'] != '') {
if ($autodiscover_config['pop3']['port'] != '995') {
$records[] = array(
'_pop3s._tcp.' . $domain,
'SRV',
$autodiscover_config['pop3']['server'] . ' ' . $autodiscover_config['pop3']['port']
);
}
}
else {
$records[] = array(
'_pop3s._tcp.' . $domain,
'SRV',
'. 0'
);
}
if ($autodiscover_config['imap']['tlsport'] != '143') {
$records[] = array(
'_imap._tcp.' . $domain,
'SRV',
$autodiscover_config['imap']['server'] . ' ' . $autodiscover_config['imap']['tlsport']
);
}
if ($autodiscover_config['imap']['port'] != '993') {
$records[] = array(
'_imaps._tcp.' . $domain,
'SRV',
$autodiscover_config['imap']['server'] . ' ' . $autodiscover_config['imap']['port']
);
}
if ($autodiscover_config['smtp']['tlsport'] != '587') {
$records[] = array(
'_submission._tcp.' . $domain,
'SRV',
$autodiscover_config['smtp']['server'] . ' ' . $autodiscover_config['smtp']['tlsport']
);
}
if ($autodiscover_config['smtp']['port'] != '465') {
$records[] = array(
'_smtps._tcp.' . $domain,
'SRV',
$autodiscover_config['smtp']['server'] . ' ' . $autodiscover_config['smtp']['port']
);
}
if ($autodiscover_config['sieve']['port'] != '4190') {
$records[] = array(
'_sieve._tcp.' . $domain,
'SRV',
$autodiscover_config['sieve']['server'] . ' ' . $autodiscover_config['sieve']['port']
);
}
}
$record_types = array(
'A' => DNS_A,
'AAAA' => DNS_AAAA,
'CNAME' => DNS_CNAME,
'MX' => DNS_MX,
'PTR' => DNS_PTR,
'SRV' => DNS_SRV,
'TXT' => DNS_TXT,
);
$data_field = array(
'A' => 'ip',
'AAAA' => 'ipv6',
'CNAME' => 'target',
'MX' => 'target',
'PTR' => 'target',
'SRV' => 'data',
'TLSA' => 'data',
'TXT' => 'txt',
);
?>
<div class="table-responsive" id="dnstable">
<table class="table table-striped">
<tr>
<th><?=$lang['diagnostics']['dns_records_name'];?></th>
<th><?=$lang['diagnostics']['dns_records_type'];?></th>
<th><?=$lang['diagnostics']['dns_records_data'];?></th>
<th><?=$lang['diagnostics']['dns_records_status'];?></th>
</tr>
<?php
foreach ($records as $record) {
$record[1] = strtoupper($record[1]);
$state = state_missing;
if ($record[1] == 'TLSA') {
$currents = dns_get_record($record[0], 52, $_, $_, TRUE);
foreach ($currents as &$current) {
$current['type'] = 'TLSA';
$current['cert_usage'] = hexdec(bin2hex($current['data']{0}));
$current['selector'] = hexdec(bin2hex($current['data']{1}));
$current['match_type'] = hexdec(bin2hex($current['data']{2}));
$current['cert_data'] = bin2hex(substr($current['data'], 3));
$current['data'] = $current['cert_usage'] . ' ' . $current['selector'] . ' ' . $current['match_type'] . ' ' . $current['cert_data'];
}
unset($current);
}
else {
$currents = dns_get_record($record[0], $record_types[$record[1]]);
if ($record[1] == 'SRV') {
foreach ($currents as &$current) {
if ($current['target'] == '') {
$current['target'] = '.';
$current['port'] = '0';
}
$current['data'] = $current['target'] . ' ' . $current['port'];
}
unset($current);
}
elseif ($record[1] == 'TXT') {
foreach ($currents as &$current) {
unset($current);
}
unset($current);
}
}
if ($record[1] == 'CNAME' && count($currents) == 0) {
// A and AAAA are also valid instead of CNAME
$a = dns_get_record($record[0], DNS_A);
$cname = dns_get_record($record[2], DNS_A);
if (count($a) > 0 && count($cname) > 0) {
if ($a[0]['ip'] == $cname[0]['ip']) {
$currents = array(array('host' => $record[0], 'class' => 'IN', 'type' => 'CNAME', 'target' => $record[2]));
$aaaa = dns_get_record($record[0], DNS_AAAA);
$cname = dns_get_record($record[2], DNS_AAAA);
if (count($aaaa) == 0 || count($cname) == 0 || $aaaa[0]['ipv6'] != $cname[0]['ipv6']) {
$currents[0]['target'] = $aaaa[0]['ipv6'] . ' <sup>1</sup>';
}
}
else {
$currents = array(array('host' => $record[0], 'class' => 'IN', 'type' => 'CNAME', 'target' => $a[0]['ip'] . ' <sup>1</sup>'));
}
}
}
foreach ($currents as &$current) {
if ($current['type'] == 'TXT' &&
stripos($current['txt'], 'v=dmarc') === 0 &&
$record[2] == $dmarc_link) {
$current['txt'] = str_replace(' ', '', $current['txt']);
$state = $current[$data_field[$current['type']]] . state_optional;
}
elseif ($current['type'] == 'TXT' &&
stripos($current['txt'], 'v=spf') === 0 &&
$record[2] == $spf_link) {
$state = state_nomatch;
$rslt = get_spf_allowed_hosts($record[0]);
if(in_array($ip, $rslt) && in_array($ip6, $rslt)){
$state = state_good;
}
$state .= '<br />' . $current[$data_field[$current['type']]].state_optional;
}
elseif ($current['type'] == 'TXT' &&
stripos($current['txt'], 'v=dkim') === 0 &&
stripos($record[2], 'v=dkim') === 0) {
preg_match('/v=DKIM1;.*k=rsa;.*p=(.*)/i', $current[$data_field[$current['type']]], $dkim_matches_current);
preg_match('/v=DKIM1;.*k=rsa;.*p=(.*)/i', $record[2], $dkim_matches_good);
if ($dkim_matches_current[1] == $dkim_matches_good[1]) {
$state = state_good;
}
}
elseif ($current['type'] != 'TXT' &&
isset($data_field[$current['type']]) && $state != state_good) {
$state = state_nomatch;
if ($current[$data_field[$current['type']]] == $record[2]) {
$state = state_good;
}
}
}
unset($current);
if (isset($record[3]) &&
$record[3] == state_optional &&
($state == state_missing || $state == state_nomatch)) {
$state = state_optional;
}
if ($state == state_nomatch) {
$state = array();
foreach ($currents as $current) {
$state[] = $current[$data_field[$current['type']]];
}
$state = implode('<br />', $state);
}
echo sprintf('<tr>
<td>%s</td>
<td>%s</td>
<td class="dns-found">%s</td>
<td class="dns-recommended">%s</td>
</tr>', $record[0], $record[1], $record[2], $state);
}
?>
</table>
</div>
<p class="help-block">
<sup>1</sup> <?=$lang['diagnostics']['cname_from_a'];?><br />
<sup>2</sup> <?=$lang['diagnostics']['optional'];?>
</p>
<?php
} else {
echo "Session invalid";
- die();
+ exit();
}
?>
diff --git a/data/web/inc/lib/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/ResourceControllerInterface.php b/data/web/inc/lib/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/ResourceControllerInterface.php
index 0e847ca6..9d005143 100644
--- a/data/web/inc/lib/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/ResourceControllerInterface.php
+++ b/data/web/inc/lib/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/ResourceControllerInterface.php
@@ -1,41 +1,41 @@
<?php
namespace OAuth2\Controller;
use OAuth2\RequestInterface;
use OAuth2\ResponseInterface;
/**
* This controller is called when a "resource" is requested.
* call verifyResourceRequest in order to determine if the request
* contains a valid token.
*
* @code
* if (!$resourceController->verifyResourceRequest(OAuth2\Request::createFromGlobals(), $response = new OAuth2\Response())) {
* $response->send(); // authorization failed
- * die();
+ * exit();
* }
* return json_encode($resource); // valid token! Send the stuff!
* @endcode
*/
interface ResourceControllerInterface
{
/**
* Verify the resource request
*
* @param RequestInterface $request - Request object
* @param ResponseInterface $response - Response object
* @param string $scope
* @return mixed
*/
public function verifyResourceRequest(RequestInterface $request, ResponseInterface $response, $scope = null);
/**
* Get access token data.
*
* @param RequestInterface $request - Request object
* @param ResponseInterface $response - Response object
* @return mixed
*/
public function getAccessTokenData(RequestInterface $request, ResponseInterface $response);
}
diff --git a/data/web/inc/sessions.inc.php b/data/web/inc/sessions.inc.php
index 20232511..bb9d3c81 100644
--- a/data/web/inc/sessions.inc.php
+++ b/data/web/inc/sessions.inc.php
@@ -1,133 +1,133 @@
<?php
// Start session
if (session_status() !== PHP_SESSION_ACTIVE) {
ini_set("session.cookie_httponly", 1);
ini_set('session.gc_maxlifetime', $SESSION_LIFETIME);
}
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) &&
strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == "https") {
if (session_status() !== PHP_SESSION_ACTIVE) {
ini_set("session.cookie_secure", 1);
}
$IS_HTTPS = true;
}
elseif (isset($_SERVER['HTTPS'])) {
if (session_status() !== PHP_SESSION_ACTIVE) {
ini_set("session.cookie_secure", 1);
}
$IS_HTTPS = true;
}
else {
$IS_HTTPS = false;
}
if (session_status() !== PHP_SESSION_ACTIVE) {
session_start();
}
if (!isset($_SESSION['CSRF']['TOKEN'])) {
$_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32));
}
// Set session UA
if (!isset($_SESSION['SESS_REMOTE_UA'])) {
$_SESSION['SESS_REMOTE_UA'] = $_SERVER['HTTP_USER_AGENT'];
}
// Keep session active
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > $SESSION_LIFETIME)) {
session_unset();
session_destroy();
}
$_SESSION['LAST_ACTIVITY'] = time();
// API
if (!empty($_SERVER['HTTP_X_API_KEY'])) {
$stmt = $pdo->prepare("SELECT `allow_from` FROM `api` WHERE `api_key` = :api_key AND `active` = '1';");
$stmt->execute(array(
':api_key' => preg_replace('/[^a-zA-Z0-9-]/', '', $_SERVER['HTTP_X_API_KEY'])
));
$api_return = $stmt->fetch(PDO::FETCH_ASSOC);
if (!empty($api_return['allow_from'])) {
$remote = get_remote_ip(false);
$allow_from = array_map('trim', preg_split( "/( |,|;|\n)/", $api_return['allow_from']));
if (in_array($remote, $allow_from)) {
$_SESSION['mailcow_cc_username'] = 'API';
$_SESSION['mailcow_cc_role'] = 'admin';
$_SESSION['mailcow_cc_api'] = true;
}
else {
$redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);
error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
http_response_code(401);
echo json_encode(array(
'type' => 'error',
'msg' => 'api access denied for ip ' . $_SERVER['REMOTE_ADDR']
));
unset($_POST);
- die();
+ exit();
}
}
else {
$redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);
error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
http_response_code(401);
echo json_encode(array(
'type' => 'error',
'msg' => 'authentication failed'
));
unset($_POST);
- die();
+ exit();
}
}
// Handle logouts
if (isset($_POST["logout"])) {
if (isset($_SESSION["dual-login"])) {
$_SESSION["mailcow_cc_username"] = $_SESSION["dual-login"]["username"];
$_SESSION["mailcow_cc_role"] = $_SESSION["dual-login"]["role"];
unset($_SESSION["dual-login"]);
header("Location: /mailbox");
exit();
}
else {
session_regenerate_id(true);
session_unset();
session_destroy();
session_write_close();
header("Location: /");
}
}
// Check session
function session_check() {
if (isset($_SESSION['mailcow_cc_api']) && $_SESSION['mailcow_cc_api'] === true) {
return true;
}
if (!isset($_SESSION['SESS_REMOTE_UA']) || ($_SESSION['SESS_REMOTE_UA'] != $_SERVER['HTTP_USER_AGENT'])) {
$_SESSION['return'][] = array(
'type' => 'warning',
'msg' => 'session_ua'
);
return false;
}
if (!empty($_POST)) {
if ($_SESSION['CSRF']['TOKEN'] != $_POST['csrf_token']) {
$_SESSION['return'][] = array(
'type' => 'warning',
'msg' => 'session_token'
);
return false;
}
unset($_POST['csrf_token']);
$_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32));
$_SESSION['CSRF']['TIME'] = time();
}
return true;
}
if (isset($_SESSION['mailcow_cc_role']) && session_check() === false) {
$_POST = array();
$_FILES = array();
}
File Metadata
详情
附加的
Mime Type
text/x-diff
Expires
9月 11 Thu, 1:28 PM (1 d, 45 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
5473
默认替代文本
(19 KB)
Attached To
Mode
rMAILCOW mailcow-tracking
附加的
Detach File
Event Timeline
Log In to Comment