Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 1 | <?php
|
| 2 | function policy($_action, $_scope, $_data = null) {
|
| 3 | global $pdo;
|
| 4 | global $redis;
|
| 5 | global $lang;
|
| 6 | $_data_log = $_data;
|
| 7 | switch ($_action) {
|
| 8 | case 'add':
|
| 9 | if (!isset($_SESSION['acl']['spam_policy']) || $_SESSION['acl']['spam_policy'] != "1" ) {
|
| 10 | $_SESSION['return'][] = array(
|
| 11 | 'type' => 'danger',
|
| 12 | 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
|
| 13 | 'msg' => 'access_denied'
|
| 14 | );
|
| 15 | return false;
|
| 16 | }
|
| 17 | switch ($_scope) {
|
| 18 | case 'domain':
|
| 19 | $object = $_data['domain'];
|
| 20 | if (is_valid_domain_name($object)) {
|
| 21 | if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) {
|
| 22 | $_SESSION['return'][] = array(
|
| 23 | 'type' => 'danger',
|
| 24 | 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
|
| 25 | 'msg' => 'access_denied'
|
| 26 | );
|
| 27 | return false;
|
| 28 | }
|
| 29 | $object = idn_to_ascii(strtolower(trim($object)), 0, INTL_IDNA_VARIANT_UTS46);
|
| 30 | }
|
| 31 | else {
|
| 32 | $_SESSION['return'][] = array(
|
| 33 | 'type' => 'danger',
|
| 34 | 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
|
| 35 | 'msg' => 'access_denied'
|
| 36 | );
|
| 37 | return false;
|
| 38 | }
|
| 39 | if ($_data['object_list'] == "bl") {
|
| 40 | $object_list = "blacklist_from";
|
| 41 | }
|
| 42 | elseif ($_data['object_list'] == "wl") {
|
| 43 | $object_list = "whitelist_from";
|
| 44 | }
|
| 45 | $object_from = trim(strtolower($_data['object_from']));
|
| 46 | if (!ctype_alnum(str_replace(array('@', '_', '.', '-', '*'), '', $object_from))) {
|
| 47 | $_SESSION['return'][] = array(
|
| 48 | 'type' => 'danger',
|
| 49 | 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
|
| 50 | 'msg' => 'policy_list_from_invalid'
|
| 51 | );
|
| 52 | return false;
|
| 53 | }
|
| 54 | if ($object_list != "blacklist_from" && $object_list != "whitelist_from") {
|
| 55 | $_SESSION['return'][] = array(
|
| 56 | 'type' => 'danger',
|
| 57 | 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
|
| 58 | 'msg' => 'access_denied'
|
| 59 | );
|
| 60 | return false;
|
| 61 | }
|
| 62 | $stmt = $pdo->prepare("SELECT `object` FROM `filterconf`
|
| 63 | WHERE (`option` = 'whitelist_from' OR `option` = 'blacklist_from')
|
| 64 | AND `object` = :object
|
| 65 | AND `value` = :object_from");
|
| 66 | $stmt->execute(array(':object' => $object, ':object_from' => $object_from));
|
| 67 | $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
|
| 68 | if ($num_results != 0) {
|
| 69 | $_SESSION['return'][] = array(
|
| 70 | 'type' => 'danger',
|
| 71 | 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
|
| 72 | 'msg' => 'policy_list_from_exists'
|
| 73 | );
|
| 74 | return false;
|
| 75 | }
|
| 76 |
|
| 77 | $stmt = $pdo->prepare("INSERT INTO `filterconf` (`object`, `option` ,`value`)
|
| 78 | VALUES (:object, :object_list, :object_from)");
|
| 79 | $stmt->execute(array(
|
| 80 | ':object' => $object,
|
| 81 | ':object_list' => $object_list,
|
| 82 | ':object_from' => $object_from
|
| 83 | ));
|
| 84 |
|
| 85 | $_SESSION['return'][] = array(
|
| 86 | 'type' => 'success',
|
| 87 | 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
|
| 88 | 'msg' => array('domain_modified', $object)
|
| 89 | );
|
| 90 | break;
|
| 91 | case 'mailbox':
|
| 92 | $object = $_data['username'];
|
| 93 | if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) {
|
| 94 | $_SESSION['return'][] = array(
|
| 95 | 'type' => 'danger',
|
| 96 | 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
|
| 97 | 'msg' => 'access_denied'
|
| 98 | );
|
| 99 | return false;
|
| 100 | }
|
| 101 | if ($_data['object_list'] == "bl") {
|
| 102 | $object_list = "blacklist_from";
|
| 103 | }
|
| 104 | elseif ($_data['object_list'] == "wl") {
|
| 105 | $object_list = "whitelist_from";
|
| 106 | }
|
| 107 | $object_from = trim(strtolower($_data['object_from']));
|
| 108 | if (!ctype_alnum(str_replace(array('@', '_', '.', '-', '*'), '', $object_from))) {
|
| 109 | $_SESSION['return'][] = array(
|
| 110 | 'type' => 'danger',
|
| 111 | 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
|
| 112 | 'msg' => 'policy_list_from_invalid'
|
| 113 | );
|
| 114 | return false;
|
| 115 | }
|
| 116 | if ($object_list != "blacklist_from" && $object_list != "whitelist_from") {
|
| 117 | $_SESSION['return'][] = array(
|
| 118 | 'type' => 'danger',
|
| 119 | 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
|
| 120 | 'msg' => 'access_denied'
|
| 121 | );
|
| 122 | return false;
|
| 123 | }
|
| 124 | $stmt = $pdo->prepare("SELECT `object` FROM `filterconf`
|
| 125 | WHERE (`option` = 'whitelist_from' OR `option` = 'blacklist_from')
|
| 126 | AND `object` = :object
|
| 127 | AND `value` = :object_from");
|
| 128 | $stmt->execute(array(':object' => $object, ':object_from' => $object_from));
|
| 129 | $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
|
| 130 | if ($num_results != 0) {
|
| 131 | $_SESSION['return'][] = array(
|
| 132 | 'type' => 'danger',
|
| 133 | 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
|
| 134 | 'msg' => 'policy_list_from_exists'
|
| 135 | );
|
| 136 | return false;
|
| 137 | }
|
| 138 | $stmt = $pdo->prepare("INSERT INTO `filterconf` (`object`, `option` ,`value`)
|
| 139 | VALUES (:object, :object_list, :object_from)");
|
| 140 | $stmt->execute(array(
|
| 141 | ':object' => $object,
|
| 142 | ':object_list' => $object_list,
|
| 143 | ':object_from' => $object_from
|
| 144 | ));
|
| 145 | $_SESSION['return'][] = array(
|
| 146 | 'type' => 'success',
|
| 147 | 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
|
| 148 | 'msg' => array('mailbox_modified', $object)
|
| 149 | );
|
| 150 | break;
|
| 151 | }
|
| 152 | break;
|
| 153 | case 'delete':
|
| 154 | if (!isset($_SESSION['acl']['spam_policy']) || $_SESSION['acl']['spam_policy'] != "1" ) {
|
| 155 | $_SESSION['return'][] = array(
|
| 156 | 'type' => 'danger',
|
| 157 | 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
|
| 158 | 'msg' => 'access_denied'
|
| 159 | );
|
| 160 | return false;
|
| 161 | }
|
| 162 | switch ($_scope) {
|
| 163 | case 'domain':
|
| 164 | (array)$prefids = $_data['prefid'];
|
| 165 | foreach ($prefids as $prefid) {
|
| 166 | if (!is_numeric($prefid)) {
|
| 167 | $_SESSION['return'][] = array(
|
| 168 | 'type' => 'danger',
|
| 169 | 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
|
| 170 | 'msg' => 'access_denied'
|
| 171 | );
|
| 172 | continue;
|
| 173 | }
|
| 174 | $stmt = $pdo->prepare("SELECT `object` FROM `filterconf` WHERE `prefid` = :prefid");
|
| 175 | $stmt->execute(array(':prefid' => $prefid));
|
| 176 | $object = $stmt->fetch(PDO::FETCH_ASSOC)['object'];
|
| 177 | if (is_valid_domain_name($object)) {
|
| 178 | if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) {
|
| 179 | $_SESSION['return'][] = array(
|
| 180 | 'type' => 'danger',
|
| 181 | 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
|
| 182 | 'msg' => 'access_denied'
|
| 183 | );
|
| 184 | continue;
|
| 185 | }
|
| 186 | $object = idn_to_ascii(strtolower(trim($object)), 0, INTL_IDNA_VARIANT_UTS46);
|
| 187 | }
|
| 188 | else {
|
| 189 | $_SESSION['return'][] = array(
|
| 190 | 'type' => 'danger',
|
| 191 | 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
|
| 192 | 'msg' => 'access_denied'
|
| 193 | );
|
| 194 | continue;
|
| 195 | }
|
| 196 | try {
|
| 197 | $stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :object AND `prefid` = :prefid");
|
| 198 | $stmt->execute(array(
|
| 199 | ':object' => $object,
|
| 200 | ':prefid' => $prefid
|
| 201 | ));
|
| 202 | }
|
| 203 | catch (PDOException $e) {
|
| 204 | $_SESSION['return'][] = array(
|
| 205 | 'type' => 'danger',
|
| 206 | 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
|
| 207 | 'msg' => array('mysql_error', $e)
|
| 208 | );
|
| 209 | continue;
|
| 210 | }
|
| 211 | $_SESSION['return'][] = array(
|
| 212 | 'type' => 'success',
|
| 213 | 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
|
| 214 | 'msg' => array('item_deleted',$prefid)
|
| 215 | );
|
| 216 | }
|
| 217 | break;
|
| 218 | case 'mailbox':
|
| 219 | if (!is_array($_data['prefid'])) {
|
| 220 | $prefids = array();
|
| 221 | $prefids[] = $_data['prefid'];
|
| 222 | }
|
| 223 | else {
|
| 224 | $prefids = $_data['prefid'];
|
| 225 | }
|
| 226 | foreach ($prefids as $prefid) {
|
| 227 | if (!is_numeric($prefid)) {
|
| 228 | $_SESSION['return'][] = array(
|
| 229 | 'type' => 'danger',
|
| 230 | 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
|
| 231 | 'msg' => 'access_denied'
|
| 232 | );
|
| 233 | continue;
|
| 234 | }
|
| 235 | $stmt = $pdo->prepare("SELECT `object` FROM `filterconf` WHERE `prefid` = :prefid");
|
| 236 | $stmt->execute(array(':prefid' => $prefid));
|
| 237 | $object = $stmt->fetch(PDO::FETCH_ASSOC)['object'];
|
| 238 | if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) {
|
| 239 | $_SESSION['return'][] = array(
|
| 240 | 'type' => 'danger',
|
| 241 | 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
|
| 242 | 'msg' => 'access_denied'
|
| 243 | );
|
| 244 | continue;
|
| 245 | }
|
| 246 | try {
|
| 247 | $stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :object AND `prefid` = :prefid");
|
| 248 | $stmt->execute(array(
|
| 249 | ':object' => $object,
|
| 250 | ':prefid' => $prefid
|
| 251 | ));
|
| 252 | }
|
| 253 | catch (PDOException $e) {
|
| 254 | $_SESSION['return'][] = array(
|
| 255 | 'type' => 'danger',
|
| 256 | 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
|
| 257 | 'msg' => array('mysql_error', $e)
|
| 258 | );
|
| 259 | continue;
|
| 260 | }
|
| 261 | $_SESSION['return'][] = array(
|
| 262 | 'type' => 'success',
|
| 263 | 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
|
| 264 | 'msg' => array('items_deleted', implode(', ', $prefids))
|
| 265 | );
|
| 266 | }
|
| 267 | break;
|
| 268 | }
|
| 269 | break;
|
| 270 | case 'get':
|
| 271 | switch ($_scope) {
|
| 272 | case 'domain':
|
| 273 | if (!is_valid_domain_name($_data)) {
|
| 274 | return false;
|
| 275 | }
|
| 276 | else {
|
| 277 | if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
|
| 278 | return false;
|
| 279 | }
|
| 280 | $_data = idn_to_ascii(strtolower(trim($_data)), 0, INTL_IDNA_VARIANT_UTS46);
|
| 281 | }
|
| 282 |
|
| 283 | // WHITELIST
|
| 284 | $stmt = $pdo->prepare("SELECT `object`, `value`, `prefid` FROM `filterconf` WHERE `option`='whitelist_from' AND (`object` LIKE :object_mail OR `object` = :object_domain)");
|
| 285 | $stmt->execute(array(':object_mail' => '%@' . $_data, ':object_domain' => $_data));
|
| 286 | $rows['whitelist'] = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
| 287 | // BLACKLIST
|
| 288 | $stmt = $pdo->prepare("SELECT `object`, `value`, `prefid` FROM `filterconf` WHERE `option`='blacklist_from' AND (`object` LIKE :object_mail OR `object` = :object_domain)");
|
| 289 | $stmt->execute(array(':object_mail' => '%@' . $_data, ':object_domain' => $_data));
|
| 290 | $rows['blacklist'] = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
| 291 |
|
| 292 | return $rows;
|
| 293 | break;
|
| 294 | case 'mailbox':
|
| 295 | if (isset($_data) && filter_var($_data, FILTER_VALIDATE_EMAIL)) {
|
| 296 | if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
|
| 297 | return false;
|
| 298 | }
|
| 299 | }
|
| 300 | else {
|
| 301 | $_data = $_SESSION['mailcow_cc_username'];
|
| 302 | }
|
| 303 | $domain = mailbox('get', 'mailbox_details', $_data)['domain'];
|
| 304 | if (empty($domain)) {
|
| 305 | return false;
|
| 306 | }
|
| 307 | // WHITELIST
|
| 308 | $stmt = $pdo->prepare("SELECT `object`, `value`, `prefid` FROM `filterconf` WHERE `option`='whitelist_from' AND (`object` = :username OR `object` = :domain)");
|
| 309 | $stmt->execute(array(':username' => $_data, ':domain' => $domain));
|
| 310 | $rows['whitelist'] = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
| 311 | // BLACKLIST
|
| 312 | $stmt = $pdo->prepare("SELECT `object`, `value`, `prefid` FROM `filterconf` WHERE `option`='blacklist_from' AND (`object` = :username OR `object` = :domain)");
|
| 313 | $stmt->execute(array(':username' => $_data, ':domain' => $domain));
|
| 314 | $rows['blacklist'] = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
| 315 | return $rows;
|
| 316 | break;
|
| 317 | }
|
| 318 | break;
|
| 319 | }
|
| 320 | } |