7x31/mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Web] Allow aliases as send-as

Browse Source
This commit is contained in:
andryyy
2019-05-26 08:29:10 +02:00
parent ba4ac26ba9
commit 5087d5ce96
3 changed files with 42 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
data/web/inc/functions.inc.php
View File

@@ -256,6 +256,25 @@ function hasMailboxObjectAccess($username, $role, $object) {
} }
return false; return false;
} }
function hasAliasObjectAccess($username, $role, $object) {
global $pdo;
if (!filter_var(html_entity_decode(rawurldecode($username)), FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) {
return false;
}
if ($role != 'admin' && $role != 'domainadmin' && $role != 'user') {
return false;
}
if ($username == $object) {
return true;
}
$stmt = $pdo->prepare("SELECT `domain` FROM `alias` WHERE `address` = :object");
$stmt->execute(array(':object' => $object));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if (isset($row['domain']) && hasDomainAccess($username, $role, $row['domain'])) {
return true;
}
return false;
}
function pem_to_der($pem_key) { function pem_to_der($pem_key) {
// Need to remove BEGIN/END PUBLIC KEY // Need to remove BEGIN/END PUBLIC KEY
$lines = explode("\n", trim($pem_key)); $lines = explode("\n", trim($pem_key));

10
data/web/inc/functions.mailbox.inc.php
View File

@@ -2119,9 +2119,9 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
unset($sender_acl_domain_admin[$key]); unset($sender_acl_domain_admin[$key]);
continue; continue;
} }
// Check if user has mailbox access (if object is email) // Check if user has alias access (if object is email)
if (filter_var($val, FILTER_VALIDATE_EMAIL)) { if (filter_var($val, FILTER_VALIDATE_EMAIL)) {
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $val)) { if (!hasAliasObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $val)) {
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
'type' => 'danger', 'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -2351,11 +2351,11 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
$stmt->execute(array(':logged_in_as' => $_data)); $stmt->execute(array(':logged_in_as' => $_data));
$address_rows = $stmt->fetchAll(PDO::FETCH_ASSOC); $address_rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
while ($address_row = array_shift($address_rows)) { while ($address_row = array_shift($address_rows)) {
if (filter_var($address_row['send_as'], FILTER_VALIDATE_EMAIL) && !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $address_row['send_as'])) { if (filter_var($address_row['send_as'], FILTER_VALIDATE_EMAIL) && !hasAliasObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $address_row['send_as'])) {
$data['sender_acl_addresses']['ro'][] = $address_row['send_as']; $data['sender_acl_addresses']['ro'][] = $address_row['send_as'];
continue; continue;
} }
if (filter_var($address_row['send_as'], FILTER_VALIDATE_EMAIL) && hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $address_row['send_as'])) { if (filter_var($address_row['send_as'], FILTER_VALIDATE_EMAIL) && hasAliasObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $address_row['send_as'])) {
$data['sender_acl_addresses']['rw'][] = $address_row['send_as']; $data['sender_acl_addresses']['rw'][] = $address_row['send_as'];
continue; continue;
} }
@@ -2398,7 +2398,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
)); ));
$rows_mbox = $stmt->fetchAll(PDO::FETCH_ASSOC); $rows_mbox = $stmt->fetchAll(PDO::FETCH_ASSOC);
while ($row = array_shift($rows_mbox)) { while ($row = array_shift($rows_mbox)) {
if (filter_var($row['address'], FILTER_VALIDATE_EMAIL) && hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['address'])) { if (filter_var($row['address'], FILTER_VALIDATE_EMAIL) && hasAliasObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['address'])) {
$data['sender_acl_addresses']['selectable'][] = $row['address']; $data['sender_acl_addresses']['selectable'][] = $row['address'];
} }
} }

18
data/web/mta_sts.php Normal file
View File

@@ -0,0 +1,18 @@
<?php
error_reporting(0);
header('Content-Type: text/plain');
echo $_SERVER['HTTP_HOST'];
foreach (dns_get_record('mailcow.email', DNS_MX) as $mx_r) {
$mx_s[] = $mx_r['target'];
}
!empty($mx_s) ?: exit();
echo 'version: STSv1' . PHP_EOL;
echo 'mode: enforce' . PHP_EOL;
foreach ($mx_s as $mx_r) {
printf('mx: %s' . PHP_EOL, $mx_r);
}
echo 'max_age: 86400' . PHP_EOL;