Gitiles
Code Review Sign In
gerrit.benkard.de / kubeia / d1f5b68b557869443f559de96824b2d2aee3b3e7 / . / mailcow / src / mailcow-dockerized / data / web / inc / functions.policy.inc.php
blob: 498f991f72fd26957597a5bc31e86296fca9f5a8 [file] [log] [blame]
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]1<?php
2function policy($_action, $_scope, $_data = null) {
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame]3 global $pdo;
4 global $redis;
5 global $lang;
6 $_data_log = $_data;
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]7 switch ($_action) {
8 case 'add':
9 if (!isset($_SESSION['acl']['spam_policy']) || $_SESSION['acl']['spam_policy'] != "1" ) {
10 $_SESSION['return'][] = array(
11 'type' => 'danger',
12 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
13 'msg' => 'access_denied'
14 );
15 return false;
16 }
17 switch ($_scope) {
18 case 'domain':
19 $object = $_data['domain'];
20 if (is_valid_domain_name($object)) {
21 if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) {
22 $_SESSION['return'][] = array(
23 'type' => 'danger',
24 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
25 'msg' => 'access_denied'
26 );
27 return false;
28 }
29 $object = idn_to_ascii(strtolower(trim($object)), 0, INTL_IDNA_VARIANT_UTS46);
30 }
31 else {
32 $_SESSION['return'][] = array(
33 'type' => 'danger',
34 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
35 'msg' => 'access_denied'
36 );
37 return false;
38 }
39 if ($_data['object_list'] == "bl") {
40 $object_list = "blacklist_from";
41 }
42 elseif ($_data['object_list'] == "wl") {
43 $object_list = "whitelist_from";
44 }
45 $object_from = trim(strtolower($_data['object_from']));
46 if (!ctype_alnum(str_replace(array('@', '_', '.', '-', '*'), '', $object_from))) {
47 $_SESSION['return'][] = array(
48 'type' => 'danger',
49 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
50 'msg' => 'policy_list_from_invalid'
51 );
52 return false;
53 }
54 if ($object_list != "blacklist_from" && $object_list != "whitelist_from") {
55 $_SESSION['return'][] = array(
56 'type' => 'danger',
57 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
58 'msg' => 'access_denied'
59 );
60 return false;
61 }
62 $stmt = $pdo->prepare("SELECT `object` FROM `filterconf`
63 WHERE (`option` = 'whitelist_from' OR `option` = 'blacklist_from')
64 AND `object` = :object
65 AND `value` = :object_from");
66 $stmt->execute(array(':object' => $object, ':object_from' => $object_from));
67 $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
68 if ($num_results != 0) {
69 $_SESSION['return'][] = array(
70 'type' => 'danger',
71 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
72 'msg' => 'policy_list_from_exists'
73 );
74 return false;
75 }
76
77 $stmt = $pdo->prepare("INSERT INTO `filterconf` (`object`, `option` ,`value`)
78 VALUES (:object, :object_list, :object_from)");
79 $stmt->execute(array(
80 ':object' => $object,
81 ':object_list' => $object_list,
82 ':object_from' => $object_from
83 ));
84
85 $_SESSION['return'][] = array(
86 'type' => 'success',
87 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
88 'msg' => array('domain_modified', $object)
89 );
90 break;
91 case 'mailbox':
92 $object = $_data['username'];
93 if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) {
94 $_SESSION['return'][] = array(
95 'type' => 'danger',
96 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
97 'msg' => 'access_denied'
98 );
99 return false;
100 }
101 if ($_data['object_list'] == "bl") {
102 $object_list = "blacklist_from";
103 }
104 elseif ($_data['object_list'] == "wl") {
105 $object_list = "whitelist_from";
106 }
107 $object_from = trim(strtolower($_data['object_from']));
108 if (!ctype_alnum(str_replace(array('@', '_', '.', '-', '*'), '', $object_from))) {
109 $_SESSION['return'][] = array(
110 'type' => 'danger',
111 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
112 'msg' => 'policy_list_from_invalid'
113 );
114 return false;
115 }
116 if ($object_list != "blacklist_from" && $object_list != "whitelist_from") {
117 $_SESSION['return'][] = array(
118 'type' => 'danger',
119 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
120 'msg' => 'access_denied'
121 );
122 return false;
123 }
124 $stmt = $pdo->prepare("SELECT `object` FROM `filterconf`
125 WHERE (`option` = 'whitelist_from' OR `option` = 'blacklist_from')
126 AND `object` = :object
127 AND `value` = :object_from");
128 $stmt->execute(array(':object' => $object, ':object_from' => $object_from));
129 $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
130 if ($num_results != 0) {
131 $_SESSION['return'][] = array(
132 'type' => 'danger',
133 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
134 'msg' => 'policy_list_from_exists'
135 );
136 return false;
137 }
138 $stmt = $pdo->prepare("INSERT INTO `filterconf` (`object`, `option` ,`value`)
139 VALUES (:object, :object_list, :object_from)");
140 $stmt->execute(array(
141 ':object' => $object,
142 ':object_list' => $object_list,
143 ':object_from' => $object_from
144 ));
145 $_SESSION['return'][] = array(
146 'type' => 'success',
147 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
148 'msg' => array('mailbox_modified', $object)
149 );
150 break;
151 }
152 break;
153 case 'delete':
154 if (!isset($_SESSION['acl']['spam_policy']) || $_SESSION['acl']['spam_policy'] != "1" ) {
155 $_SESSION['return'][] = array(
156 'type' => 'danger',
157 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
158 'msg' => 'access_denied'
159 );
160 return false;
161 }
162 switch ($_scope) {
163 case 'domain':
164 (array)$prefids = $_data['prefid'];
165 foreach ($prefids as $prefid) {
166 if (!is_numeric($prefid)) {
167 $_SESSION['return'][] = array(
168 'type' => 'danger',
169 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
170 'msg' => 'access_denied'
171 );
172 continue;
173 }
174 $stmt = $pdo->prepare("SELECT `object` FROM `filterconf` WHERE `prefid` = :prefid");
175 $stmt->execute(array(':prefid' => $prefid));
176 $object = $stmt->fetch(PDO::FETCH_ASSOC)['object'];
177 if (is_valid_domain_name($object)) {
178 if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) {
179 $_SESSION['return'][] = array(
180 'type' => 'danger',
181 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
182 'msg' => 'access_denied'
183 );
184 continue;
185 }
186 $object = idn_to_ascii(strtolower(trim($object)), 0, INTL_IDNA_VARIANT_UTS46);
187 }
188 else {
189 $_SESSION['return'][] = array(
190 'type' => 'danger',
191 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
192 'msg' => 'access_denied'
193 );
194 continue;
195 }
196 try {
197 $stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :object AND `prefid` = :prefid");
198 $stmt->execute(array(
199 ':object' => $object,
200 ':prefid' => $prefid
201 ));
202 }
203 catch (PDOException $e) {
204 $_SESSION['return'][] = array(
205 'type' => 'danger',
206 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
207 'msg' => array('mysql_error', $e)
208 );
209 continue;
210 }
211 $_SESSION['return'][] = array(
212 'type' => 'success',
213 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
214 'msg' => array('item_deleted',$prefid)
215 );
216 }
217 break;
218 case 'mailbox':
219 if (!is_array($_data['prefid'])) {
220 $prefids = array();
221 $prefids[] = $_data['prefid'];
222 }
223 else {
224 $prefids = $_data['prefid'];
225 }
226 foreach ($prefids as $prefid) {
227 if (!is_numeric($prefid)) {
228 $_SESSION['return'][] = array(
229 'type' => 'danger',
230 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
231 'msg' => 'access_denied'
232 );
233 continue;
234 }
235 $stmt = $pdo->prepare("SELECT `object` FROM `filterconf` WHERE `prefid` = :prefid");
236 $stmt->execute(array(':prefid' => $prefid));
237 $object = $stmt->fetch(PDO::FETCH_ASSOC)['object'];
238 if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) {
239 $_SESSION['return'][] = array(
240 'type' => 'danger',
241 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
242 'msg' => 'access_denied'
243 );
244 continue;
245 }
246 try {
247 $stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :object AND `prefid` = :prefid");
248 $stmt->execute(array(
249 ':object' => $object,
250 ':prefid' => $prefid
251 ));
252 }
253 catch (PDOException $e) {
254 $_SESSION['return'][] = array(
255 'type' => 'danger',
256 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
257 'msg' => array('mysql_error', $e)
258 );
259 continue;
260 }
261 $_SESSION['return'][] = array(
262 'type' => 'success',
263 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame]264 'msg' => array('items_deleted', implode(', ', (array)$prefids))
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]265 );
266 }
267 break;
268 }
269 break;
270 case 'get':
271 switch ($_scope) {
272 case 'domain':
273 if (!is_valid_domain_name($_data)) {
274 return false;
275 }
276 else {
277 if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
278 return false;
279 }
280 $_data = idn_to_ascii(strtolower(trim($_data)), 0, INTL_IDNA_VARIANT_UTS46);
281 }
282
283 // WHITELIST
284 $stmt = $pdo->prepare("SELECT `object`, `value`, `prefid` FROM `filterconf` WHERE `option`='whitelist_from' AND (`object` LIKE :object_mail OR `object` = :object_domain)");
285 $stmt->execute(array(':object_mail' => '%@' . $_data, ':object_domain' => $_data));
286 $rows['whitelist'] = $stmt->fetchAll(PDO::FETCH_ASSOC);
287 // BLACKLIST
288 $stmt = $pdo->prepare("SELECT `object`, `value`, `prefid` FROM `filterconf` WHERE `option`='blacklist_from' AND (`object` LIKE :object_mail OR `object` = :object_domain)");
289 $stmt->execute(array(':object_mail' => '%@' . $_data, ':object_domain' => $_data));
290 $rows['blacklist'] = $stmt->fetchAll(PDO::FETCH_ASSOC);
291
292 return $rows;
293 break;
294 case 'mailbox':
295 if (isset($_data) && filter_var($_data, FILTER_VALIDATE_EMAIL)) {
296 if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
297 return false;
298 }
299 }
300 else {
301 $_data = $_SESSION['mailcow_cc_username'];
302 }
303 $domain = mailbox('get', 'mailbox_details', $_data)['domain'];
304 if (empty($domain)) {
305 return false;
306 }
307 // WHITELIST
308 $stmt = $pdo->prepare("SELECT `object`, `value`, `prefid` FROM `filterconf` WHERE `option`='whitelist_from' AND (`object` = :username OR `object` = :domain)");
309 $stmt->execute(array(':username' => $_data, ':domain' => $domain));
310 $rows['whitelist'] = $stmt->fetchAll(PDO::FETCH_ASSOC);
311 // BLACKLIST
312 $stmt = $pdo->prepare("SELECT `object`, `value`, `prefid` FROM `filterconf` WHERE `option`='blacklist_from' AND (`object` = :username OR `object` = :domain)");
313 $stmt->execute(array(':username' => $_data, ':domain' => $domain));
314 $rows['blacklist'] = $stmt->fetchAll(PDO::FETCH_ASSOC);
315 return $rows;
316 break;
317 }
318 break;
319 }
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame]320}