power-mailinabox/management/daemon.py
2022-02-20 20:45:14 +00:00

1288 lines
36 KiB
Python
Executable file

#!/usr/local/lib/mailinabox/env/bin/python3
#
# The API can be accessed on the command line, e.g. use `curl` like so:
# curl --user $(</var/lib/mailinabox/api.key): http://localhost:10222/mail/users
#
# During development, you can start the Mail-in-a-Box control panel
# by running this script, e.g.:
#
# service mailinabox stop # stop the system process
# DEBUG=1 management/daemon.py
# service mailinabox start # when done debugging, start it up again
import os
import os.path
import re
import json
import time
import multiprocessing.pool
import subprocess
from functools import wraps
from flask import Flask, request, render_template, abort, Response, send_from_directory, make_response
import auth
import utils
from mailconfig import get_mail_users, get_mail_users_ex, get_admins, add_mail_user, set_mail_password, remove_mail_user
from mailconfig import get_mail_user_privileges, add_remove_mail_user_privilege, open_database
from mailconfig import get_mail_aliases, get_mail_aliases_ex, get_mail_domains, add_mail_alias, remove_mail_alias
from mailconfig import get_mail_quota, set_mail_quota, get_default_quota, validate_quota
from mfa import get_public_mfa_state, provision_totp, validate_totp_secret, enable_mfa, disable_mfa
env = utils.load_environment()
auth_service = auth.AuthService()
# We may deploy via a symbolic link, which confuses flask's template finding.
me = __file__
try:
me = os.readlink(__file__)
except OSError:
pass
# for generating CSRs we need a list of country codes
csr_country_codes = []
with open(os.path.join(os.path.dirname(me), "csr_country_codes.tsv")) as f:
for line in f:
if line.strip() == "" or line.startswith("#"):
continue
code, name = line.strip().split("\t")[0:2]
csr_country_codes.append((code, name))
app = Flask(__name__,
template_folder=os.path.abspath(
os.path.join(os.path.dirname(me), "templates")))
# Decorator to protect views that require a user with 'admin' privileges.
def authorized_personnel_only(viewfunc):
@wraps(viewfunc)
def newview(*args, **kwargs):
# Authenticate the passed credentials, which is either the API key or a username:password pair
# and an optional X-Auth-Token token.
error = None
privs = []
try:
email, privs = auth_service.authenticate(request, env)
except ValueError as e:
# Write a line in the log recording the failed login, unless no authorization header
# was given which can happen on an initial request before a 403 response.
if "Authorization" in request.headers:
log_failed_login(request)
# Authentication failed.
error = str(e)
# Authorized to access an API view?
if "admin" in privs:
# Store the email address of the logged in user so it can be accessed
# from the API methods that affect the calling user.
request.user_email = email
request.user_privs = privs
# Call view func.
return viewfunc(*args, **kwargs)
if not error:
error = "You are not an administrator."
# Not authorized. Return a 401 (send auth) and a prompt to authorize by default.
status = 401
headers = {
'WWW-Authenticate':
'Basic realm="{0}"'.format(auth_service.auth_realm),
'X-Reason': error,
}
if request.headers.get('X-Requested-With') == 'XMLHttpRequest':
# Don't issue a 401 to an AJAX request because the user will
# be prompted for credentials, which is not helpful.
status = 403
headers = None
if request.headers.get('Accept') in (None, "", "*/*"):
# Return plain text output.
return Response(error + "\n",
status=status,
mimetype='text/plain',
headers=headers)
else:
# Return JSON output.
return Response(json.dumps({
"status": "error",
"reason": error,
}) + "\n",
status=status,
mimetype='application/json',
headers=headers)
return newview
@app.errorhandler(401)
def unauthorized(error):
return auth_service.make_unauthorized_response()
def json_response(data, status=200):
return Response(json.dumps(data, indent=2, sort_keys=True) + '\n',
status=status,
mimetype='application/json')
###################################
# Control Panel (unauthenticated views)
@app.route('/')
def index():
# Render the control panel. This route does not require user authentication
# so it must be safe!
no_users_exist = (len(get_mail_users(env)) == 0)
no_admins_exist = (len(get_admins(env)) == 0)
utils.fix_boto() # must call prior to importing boto
import boto.s3
backup_s3_hosts = [(r.name, r.endpoint) for r in boto.s3.regions()]
return render_template(
'index.html',
hostname=env['PRIMARY_HOSTNAME'],
storage_root=env['STORAGE_ROOT'],
no_users_exist=no_users_exist,
no_admins_exist=no_admins_exist,
backup_s3_hosts=backup_s3_hosts,
csr_country_codes=csr_country_codes,
)
# Create a session key by checking the username/password in the Authorization header.
@app.route('/login', methods=["POST"])
def login():
# Is the caller authorized?
try:
email, privs = auth_service.authenticate(request, env, login_only=True)
except ValueError as e:
if "missing-totp-token" in str(e):
return json_response({
"status": "missing-totp-token",
"reason": str(e),
})
else:
# Log the failed login
log_failed_login(request)
return json_response({
"status": "invalid",
"reason": str(e),
})
# Return a new session for the user.
resp = {
"status": "ok",
"email": email,
"privileges": privs,
"api_key": auth_service.create_session_key(email, env, type='login'),
}
app.logger.info("New login session created for {}".format(email))
# Return.
return json_response(resp)
@app.route('/logout', methods=["POST"])
def logout():
try:
email, _ = auth_service.authenticate(request, env, logout=True)
app.logger.info("{} logged out".format(email))
except ValueError as e:
pass
finally:
return json_response({"status": "ok"})
# MAIL
@app.route('/mail/users')
@authorized_personnel_only
def mail_users():
if request.args.get("format", "") == "json":
return json_response(get_mail_users_ex(env, with_archived=True))
else:
return "".join(x + "\n" for x in get_mail_users(env))
@app.route('/mail/users/add', methods=['POST'])
@authorized_personnel_only
def mail_users_add():
quota = request.form.get('quota', get_default_quota(env))
try:
return add_mail_user(request.form.get('email', ''),
request.form.get('password', ''),
request.form.get('privileges', ''), quota, env)
except ValueError as e:
return (str(e), 400)
@app.route('/mail/users/quota', methods=['GET'])
@authorized_personnel_only
def get_mail_users_quota():
email = request.values.get('email', '')
quota = get_mail_quota(email, env)
if request.values.get('text'):
return quota
return json_response({"email": email, "quota": quota})
@app.route('/mail/users/quota', methods=['POST'])
@authorized_personnel_only
def mail_users_quota():
try:
return set_mail_quota(request.form.get('email', ''),
request.form.get('quota'), env)
except ValueError as e:
return (str(e), 400)
@app.route('/mail/users/password', methods=['POST'])
@authorized_personnel_only
def mail_users_password():
try:
return set_mail_password(request.form.get('email', ''),
request.form.get('password', ''), env)
except ValueError as e:
return (str(e), 400)
@app.route('/mail/users/remove', methods=['POST'])
@authorized_personnel_only
def mail_users_remove():
return remove_mail_user(request.form.get('email', ''), env)
@app.route('/mail/users/privileges')
@authorized_personnel_only
def mail_user_privs():
privs = get_mail_user_privileges(request.args.get('email', ''), env)
if isinstance(privs, tuple):
return privs # error
return "\n".join(privs)
@app.route('/mail/users/privileges/add', methods=['POST'])
@authorized_personnel_only
def mail_user_privs_add():
return add_remove_mail_user_privilege(request.form.get('email', ''),
request.form.get('privilege', ''),
"add", env)
@app.route('/mail/users/privileges/remove', methods=['POST'])
@authorized_personnel_only
def mail_user_privs_remove():
return add_remove_mail_user_privilege(request.form.get('email', ''),
request.form.get('privilege', ''),
"remove", env)
@app.route('/mail/aliases')
@authorized_personnel_only
def mail_aliases():
if request.args.get("format", "") == "json":
return json_response(get_mail_aliases_ex(env))
else:
return "".join(
address + "\t" + receivers + "\t" + (senders or "") + "\n"
for address, receivers, senders, auto in get_mail_aliases(env))
@app.route('/mail/aliases/add', methods=['POST'])
@authorized_personnel_only
def mail_aliases_add():
return add_mail_alias(request.form.get('address', ''),
request.form.get('forwards_to', ''),
request.form.get('permitted_senders', ''),
env,
update_if_exists=(request.form.get(
'update_if_exists', '') == '1'))
@app.route('/mail/aliases/remove', methods=['POST'])
@authorized_personnel_only
def mail_aliases_remove():
return remove_mail_alias(request.form.get('address', ''), env)
@app.route('/mail/domains')
@authorized_personnel_only
def mail_domains():
return "".join(x + "\n" for x in get_mail_domains(env))
# DNS
@app.route('/dns/zones')
@authorized_personnel_only
def dns_zones():
from dns_update import get_dns_zones
return json_response([z[0] for z in get_dns_zones(env)])
@app.route('/dns/update', methods=['POST'])
@authorized_personnel_only
def dns_update():
from dns_update import do_dns_update
try:
return do_dns_update(env, force=request.form.get('force', '') == '1')
except Exception as e:
return (str(e), 500)
@app.route('/dns/secondary-nameserver')
@authorized_personnel_only
def dns_get_secondary_nameserver():
from dns_update import get_custom_dns_config, get_secondary_dns
return json_response({
"hostnames":
get_secondary_dns(get_custom_dns_config(env), mode=None)
})
@app.route('/dns/secondary-nameserver', methods=['POST'])
@authorized_personnel_only
def dns_set_secondary_nameserver():
from dns_update import set_secondary_dns
try:
return set_secondary_dns([
ns.strip() for ns in re.split(r"[, ]+",
request.form.get('hostnames') or "")
if ns.strip() != ""
], env)
except ValueError as e:
return (str(e), 400)
@app.route('/dns/custom')
@authorized_personnel_only
def dns_get_records(qname=None, rtype=None):
# Get the current set of custom DNS records.
from dns_update import get_custom_dns_config, get_dns_zones
records = get_custom_dns_config(env, only_real_records=True)
# Filter per the arguments for the more complex GET routes below.
records = [
r for r in records
if (not qname or r[0] == qname) and (not rtype or r[1] == rtype)
]
# Make a better data structure.
records = [{
"qname": r[0],
"rtype": r[1],
"value": r[2],
"ttl": r[3],
"sort-order": {},
} for r in records]
# To help with grouping by zone in qname sorting, label each record with which zone it is in.
# There's an inconsistency in how we handle zones in get_dns_zones and in sort_domains, so
# do this first before sorting the domains within the zones.
zones = utils.sort_domains([z[0] for z in get_dns_zones(env)], env)
for r in records:
for z in zones:
if r["qname"] == z or r["qname"].endswith("." + z):
r["zone"] = z
break
# Add sorting information. The 'created' order follows the order in the YAML file on disk,
# which tracs the order entries were added in the control panel since we append to the end.
# The 'qname' sort order sorts by our standard domain name sort (by zone then by qname),
# then by rtype, and last by the original order in the YAML file (since sorting by value
# may not make sense, unless we parse IP addresses, for example).
for i, r in enumerate(records):
r["sort-order"]["created"] = i
domain_sort_order = utils.sort_domains([r["qname"] for r in records], env)
for i, r in enumerate(
sorted(
records,
key=lambda r: (
# record is not within a zone managed by the box
zones.index(r["zone"]) if r.get("zone") else 0,
domain_sort_order.index(r["qname"]),
r["rtype"]))):
r["sort-order"]["qname"] = i
# Return.
return json_response(records)
@app.route('/dns/custom/<qname>', methods=['GET', 'POST', 'PUT', 'DELETE'])
@app.route('/dns/custom/<qname>/<rtype>',
methods=['GET', 'POST', 'PUT', 'DELETE'])
@authorized_personnel_only
def dns_set_record(qname, rtype="A"):
from dns_update import do_dns_update, set_custom_dns_record
try:
# Normalize.
rtype = rtype.upper()
# Read the record value from the request BODY, which must be
# ASCII-only. Not used with GET.
rec = request.form
value = ""
ttl = None
if isinstance(rec, dict):
value = request.form.get("value", "")
ttl = request.form.get("ttl", None)
else:
value = request.stream.read().decode("ascii", "ignore").strip()
if ttl is not None:
try:
ttl = int(ttl)
except Exception:
ttl = None
if request.method == "GET":
# Get the existing records matching the qname and rtype.
return dns_get_records(qname, rtype)
elif request.method in ("POST", "PUT"):
# There is a default value for A/AAAA records.
if rtype in ("A", "AAAA") and value == "":
# normally REMOTE_ADDR but we're behind nginx as a reverse proxy
value = request.environ.get("HTTP_X_FORWARDED_FOR")
# Cannot add empty records.
if value == '':
return ("No value for the record provided.", 400)
if request.method == "POST":
# Add a new record (in addition to any existing records
# for this qname-rtype pair).
action = "add"
elif request.method == "PUT":
# In REST, PUT is supposed to be idempotent, so we'll
# make this action set (replace all records for this
# qname-rtype pair) rather than add (add a new record).
action = "set"
elif request.method == "DELETE":
if value == '':
# Delete all records for this qname-type pair.
value = None
else:
# Delete just the qname-rtype-value record exactly.
pass
action = "remove"
if set_custom_dns_record(qname, rtype, value, action, env, ttl=ttl):
return do_dns_update(env) or "Something isn't right."
return "OK"
except ValueError as e:
return (str(e), 400)
@app.route('/dns/dump')
@authorized_personnel_only
def dns_get_dump():
from dns_update import build_recommended_dns
return json_response(build_recommended_dns(env))
@app.route('/dns/zonefile/<zone>')
@authorized_personnel_only
def dns_get_zonefile(zone):
from dns_update import get_dns_zonefile
return Response(get_dns_zonefile(zone, env),
status=200,
mimetype='text/plain')
# SSL
@app.route('/ssl/status')
@authorized_personnel_only
def ssl_get_status():
from ssl_certificates import get_certificates_to_provision
from web_update import get_web_domains_info, get_web_domains
# What domains can we provision certificates for? What unexpected problems do we have?
provision, cant_provision = get_certificates_to_provision(
env, show_valid_certs=False)
# What's the current status of TLS certificates on all of the domain?
domains_status = get_web_domains_info(env)
domains_status = [{
"domain":
d["domain"],
"status":
d["ssl_certificate"][0],
"text":
d["ssl_certificate"][1] + ((" " + cant_provision[d["domain"]]
if d["domain"] in cant_provision else ""))
} for d in domains_status]
# Warn the user about domain names not hosted here because of other settings.
for domain in set(get_web_domains(env, exclude_dns_elsewhere=False)) - set(
get_web_domains(env)):
domains_status.append({
"domain":
domain,
"status":
"not-applicable",
"text":
"The domain's website is hosted elsewhere.",
})
return json_response({
"can_provision": utils.sort_domains(provision, env),
"status": domains_status,
})
@app.route('/ssl/csr/<domain>', methods=['POST'])
@authorized_personnel_only
def ssl_get_csr(domain):
from ssl_certificates import create_csr
ssl_private_key = os.path.join(
os.path.join(env["STORAGE_ROOT"], 'ssl', 'ssl_private_key.pem'))
return create_csr(domain, ssl_private_key,
request.form.get('countrycode', ''), env)
@app.route('/ssl/install', methods=['POST'])
@authorized_personnel_only
def ssl_install_cert():
from web_update import get_web_domains
from ssl_certificates import install_cert
domain = request.form.get('domain')
ssl_cert = request.form.get('cert')
ssl_chain = request.form.get('chain')
if domain not in get_web_domains(env):
return "Invalid domain name."
return install_cert(domain, ssl_cert, ssl_chain, env)
@app.route('/ssl/provision', methods=['POST'])
@authorized_personnel_only
def ssl_provision_certs():
from ssl_certificates import provision_certificates
requests = provision_certificates(env, limit_domains=None)
return json_response({"requests": requests})
# multi-factor auth
@app.route('/mfa/status', methods=['POST'])
@authorized_personnel_only
def mfa_get_status():
# Anyone accessing this route is an admin, and we permit them to
# see the MFA status for any user if they submit a 'user' form
# field. But we don't include provisioning info since a user can
# only provision for themselves.
# user field if given, otherwise the user making the request
email = request.form.get('user', request.user_email)
try:
resp = {"enabled_mfa": get_public_mfa_state(email, env)}
if email == request.user_email:
resp.update({"new_mfa": {"totp": provision_totp(email, env)}})
except ValueError as e:
return (str(e), 400)
return json_response(resp)
@app.route('/mfa/totp/enable', methods=['POST'])
@authorized_personnel_only
def totp_post_enable():
secret = request.form.get('secret')
token = request.form.get('token')
label = request.form.get('label')
if type(token) != str:
return ("Bad Input", 400)
try:
validate_totp_secret(secret)
enable_mfa(request.user_email, "totp", secret, token, label, env)
except ValueError as e:
return (str(e), 400)
return "OK"
@app.route('/mfa/disable', methods=['POST'])
@authorized_personnel_only
def totp_post_disable():
# Anyone accessing this route is an admin, and we permit them to
# disable the MFA status for any user if they submit a 'user' form
# field.
# user field if given, otherwise the user making the request
email = request.form.get('user', request.user_email)
try:
result = disable_mfa(email,
request.form.get('mfa-id') or None,
env) # convert empty string to None
except ValueError as e:
return (str(e), 400)
if result: # success
return "OK"
else: # error
return ("Invalid user or MFA id.", 400)
# WEB
@app.route('/web/domains')
@authorized_personnel_only
def web_get_domains():
from web_update import get_web_domains_info
return json_response(get_web_domains_info(env))
@app.route('/web/update', methods=['POST'])
@authorized_personnel_only
def web_update():
from web_update import do_web_update
try:
return do_web_update(env)
except Exception as e:
return (str(e), 500)
# System
@app.route('/system/version', methods=["GET"])
@authorized_personnel_only
def system_version():
from status_checks import what_version_is_this
try:
return what_version_is_this(env)
except Exception as e:
return (str(e), 500)
@app.route('/system/latest-upstream-version', methods=["POST"])
@authorized_personnel_only
def system_latest_upstream_version():
from status_checks import get_latest_miab_version
try:
return get_latest_miab_version()
except Exception as e:
return (str(e), 500)
@app.route('/system/status', methods=["POST"])
@authorized_personnel_only
def system_status():
from status_checks import run_checks
class WebOutput:
def __init__(self):
self.items = []
def add_heading(self, heading):
self.items.append({
"type": "heading",
"text": heading,
"extra": []
})
def print_ok(self, message):
self.items.append({"type": "ok", "text": message, "extra": []})
def print_error(self, message):
self.items.append({"type": "error", "text": message, "extra": []})
def print_warning(self, message):
self.items.append({
"type": "warning",
"text": message,
"extra": []
})
def print_na(self, message):
self.items.append({"type": "na", "text": message, "extra": []})
def print_line(self, message, monospace=False):
self.items[-1]["extra"].append({
"text": message,
"monospace": monospace
})
output = WebOutput()
# Create a temporary pool of processes for the status checks
with multiprocessing.pool.Pool(processes=5) as pool:
run_checks(False, env, output, pool)
return json_response(output.items)
@app.route('/system/updates')
@authorized_personnel_only
def show_updates():
from status_checks import list_apt_updates
return "".join("%s (%s)\n" % (p["package"], p["version"])
for p in list_apt_updates())
@app.route('/system/update-packages', methods=["POST"])
@authorized_personnel_only
def do_updates():
utils.shell("check_call", ["/usr/bin/apt-get", "-qq", "update"])
return utils.shell("check_output", ["/usr/bin/apt-get", "-y", "upgrade"],
env={"DEBIAN_FRONTEND": "noninteractive"})
@app.route('/system/reboot', methods=["GET"])
@authorized_personnel_only
def needs_reboot():
from status_checks import is_reboot_needed_due_to_package_installation
if is_reboot_needed_due_to_package_installation():
return json_response(True)
else:
return json_response(False)
@app.route('/system/reboot', methods=["POST"])
@authorized_personnel_only
def do_reboot():
# To keep the attack surface low, we don't allow a remote reboot if one isn't necessary.
from status_checks import is_reboot_needed_due_to_package_installation
if is_reboot_needed_due_to_package_installation():
return utils.shell("check_output", ["/sbin/shutdown", "-r", "now"],
capture_stderr=True)
else:
return "No reboot is required, so it is not allowed."
@app.route('/system/backup/status')
@authorized_personnel_only
def backup_status():
from backup import backup_status
try:
return json_response(backup_status(env))
except Exception as e:
return json_response({"error": str(e)})
@app.route('/system/backup/config', methods=["GET"])
@authorized_personnel_only
def backup_get_custom():
from backup import get_backup_config
return json_response(get_backup_config(env, for_ui=True))
@app.route('/system/backup/config', methods=["POST"])
@authorized_personnel_only
def backup_set_custom():
from backup import backup_set_custom
return json_response(
backup_set_custom(env, request.form.get('target', ''),
request.form.get('target_user', ''),
request.form.get('target_pass', ''),
request.form.get('target_rsync_port', ''),
request.form.get('min_age', '')))
@app.route('/system/backup/new', methods=["POST"])
@authorized_personnel_only
def backup_new():
from backup import perform_backup, get_backup_config
# If backups are disabled, don't perform the backup
config = get_backup_config(env)
if config["target"] == "off":
return "Backups are disabled in this machine. Nothing was done."
msg = perform_backup(request.form.get('full', False) == 'true', True)
return "OK" if msg is None else msg
@app.route('/system/privacy', methods=["GET"])
@authorized_personnel_only
def privacy_status_get():
config = utils.load_settings(env)
return json_response(config.get("privacy", True))
@app.route('/system/privacy', methods=["POST"])
@authorized_personnel_only
def privacy_status_set():
config = utils.load_settings(env)
config["privacy"] = (request.form.get('value') == "private")
utils.write_settings(config, env)
return "OK"
@app.route('/system/smtp/relay', methods=["GET"])
@authorized_personnel_only
def smtp_relay_get():
config = utils.load_settings(env)
dkim_rrtxt = ""
rr = config.get("SMTP_RELAY_DKIM_RR", None)
if rr is not None:
if rr.get("p") is None:
raise ValueError("Key doesn't exist!")
for c, d in (("v", "DKIM1"), ("h", None), ("k", "rsa"), ("n", None),
("s", None), ("t", None)):
txt = rr.get(c, d)
if txt is None:
continue
else:
dkim_rrtxt += f"{c}={txt}; "
dkim_rrtxt += f"p={rr.get('p')}"
return {
"enabled": config.get("SMTP_RELAY_ENABLED", False),
"host": config.get("SMTP_RELAY_HOST", ""),
"port": config.get("SMTP_RELAY_PORT", None),
"user": config.get("SMTP_RELAY_USER", ""),
"authorized_servers": config.get("SMTP_RELAY_AUTHORIZED_SERVERS", []),
"spf_record": config.get("SMTP_RELAY_SPF_RECORD", None),
"dkim_selector": config.get("SMTP_RELAY_DKIM_SELECTOR", None),
"dkim_rr": dkim_rrtxt
}
@app.route('/system/smtp/relay', methods=["POST"])
@authorized_personnel_only
def smtp_relay_set():
from editconf import edit_conf
from os import chmod
import re
import socket
import ssl
config = utils.load_settings(env)
newconf = request.form
# Is DKIM configured?
sel = newconf.get("dkim_selector")
if sel is None or sel.strip() == "":
config["SMTP_RELAY_DKIM_SELECTOR"] = None
config["SMTP_RELAY_DKIM_RR"] = None
elif re.fullmatch(r"[a-z\d\._]+", sel.strip()) is None:
return ("The DKIM selector is invalid!", 400)
# DKIM selector looks good, try processing the RR
rr = newconf.get("dkim_rr", "")
if rr.strip() == "":
return ("Cannot publish a selector with an empty key!", 400)
components = {}
for r in re.split(r"[;\s]+", rr):
sp = re.split(r"\=", r)
if len(sp) != 2:
return ("DKIM public key RR is malformed!", 400)
components[sp[0]] = sp[1]
if not components.get("p"):
return ("The DKIM public key doesn't exist!", 400)
config["SMTP_RELAY_DKIM_SELECTOR"] = sel
config["SMTP_RELAY_DKIM_RR"] = components
relay_on = False
implicit_tls = False
if newconf.get("enabled") == "true":
relay_on = True
# Try negotiating TLS directly. We need to know this because we need to configure Postfix
# to be aware of this detail.
try:
ctx = ssl.create_default_context()
with socket.create_connection(
(newconf.get("host"), int(newconf.get("port"))), 5) as sock:
with ctx.wrap_socket(sock,
server_hostname=newconf.get("host")):
implicit_tls = True
except ssl.SSLError as sle:
# Couldn't connect via TLS, configure Postfix to send via STARTTLS
print(sle.reason)
except (socket.herror, socket.gaierror) as he:
return (
f"Unable to resolve hostname (it probably is incorrect): {he.strerror}",
400)
except socket.timeout:
return (
"We couldn't connect to the server. Is it down or did you write the wrong port number?",
400)
pw_file = "/etc/postfix/sasl_passwd"
modify_password = True
# Check that if the provided password is empty, that there was a password saved before
if (newconf.get("key", "") == ""):
if os.path.isfile(pw_file):
modify_password = False
else:
return (
"Please provide a password/key (there is no existing password to retain).",
400)
try:
# Write on daemon settings
config["local_dkim_selector"] = "mailorigin" if relay_on and sel == "mail" else "mail"
config["SMTP_RELAY_ENABLED"] = relay_on
config["SMTP_RELAY_HOST"] = newconf.get("host")
config["SMTP_RELAY_PORT"] = int(newconf.get("port"))
config["SMTP_RELAY_USER"] = newconf.get("user")
config["SMTP_RELAY_AUTHORIZED_SERVERS"] = [s.strip() for s in re.split(r"[, ]+", newconf.get("authorized_servers", []) or "") if s.strip() != ""]
config["SMTP_RELAY_SPF_RECORD"] = newconf.get("spf_record")
utils.write_settings(config, env)
# Write on Postfix configs
edit_conf("/etc/postfix/main.cf", [
"relayhost=" +
(f"[{config['SMTP_RELAY_HOST']}]:{config['SMTP_RELAY_PORT']}"
if config["SMTP_RELAY_ENABLED"] else ""),
f"smtp_tls_wrappermode={'yes' if implicit_tls else 'no'}"
],
delimiter_re=r"\s*=\s*",
delimiter="=",
comment_char="#")
# Edit the sasl password (still will edit the file, but keep the pw)
with open(pw_file, "a+") as f:
f.seek(0)
pwm = re.match(r"\[.+\]\:[0-9]+\s.+\:(.*)", f.readline())
if (pwm is None or len(pwm.groups()) != 1) and not modify_password:
# Well if this isn't a bruh moment
return (
"Please provide a password/key (there is no existing password to retain).",
400)
f.truncate(0)
f.write(
f"[{config['SMTP_RELAY_HOST']}]:{config['SMTP_RELAY_PORT']} {config['SMTP_RELAY_USER']}:{newconf.get('key') if modify_password else pwm[1]}\n"
)
chmod(pw_file, 0o600)
utils.shell("check_output", ["/usr/sbin/postmap", pw_file],
capture_stderr=True)
# Regenerate DNS (to apply whatever changes need to be made)
from dns_update import do_dns_update
do_dns_update(env)
# Restart Postfix
return utils.shell("check_output", ["/usr/sbin/postfix", "reload"],
capture_stderr=True)
except Exception as e:
return (str(e), 400)
# PGP
@app.route('/system/pgp/', methods=["GET"])
@authorized_personnel_only
def get_keys():
from pgp import get_daemon_key, get_imported_keys, key_representation
return {
"daemon": key_representation(get_daemon_key()),
"imported": list(map(key_representation, get_imported_keys()))
}
@app.route('/system/pgp/<fpr>', methods=["GET"])
@authorized_personnel_only
def get_key(fpr):
from pgp import get_key, key_representation
k = get_key(fpr)
if k is None:
abort(404)
return key_representation(k)
@app.route('/system/pgp/<fpr>', methods=["DELETE"])
@authorized_personnel_only
def delete_key(fpr):
from pgp import delete_key
from wkd import parse_wkd_list, build_wkd
try:
if delete_key(fpr) is None:
abort(404)
removed = parse_wkd_list()[0]
build_wkd()
return json_response([e[0] for e in removed])
except ValueError as e:
return (str(e), 400)
@app.route('/system/pgp/<fpr>/export', methods=["GET"])
@authorized_personnel_only
def export_key(fpr):
from pgp import export_key
exp = export_key(fpr)
if exp is None:
abort(404)
return exp
@app.route('/system/pgp/import', methods=["POST"])
@authorized_personnel_only
def import_key():
from pgp import import_key
from wkd import build_wkd
k = request.form.get('key')
try:
result = import_key(k)
build_wkd() # Rebuild the WKD
return {
"keys_read": result.considered,
"keys_added": result.imported,
"keys_unchanged": result.unchanged,
"uids_added": result.new_user_ids,
"sigs_added": result.new_signatures,
"revs_added": result.new_revocations
}
except ValueError as e:
return (str(e), 400)
# Web Key Directory
@app.route('/system/pgp/wkd', methods=["GET"])
@authorized_personnel_only
def get_wkd_status():
from pgp import get_daemon_key, get_imported_keys, key_representation
from wkd import get_user_fpr_maps, get_wkd_config
from mailconfig import get_domain
options = get_user_fpr_maps()
chosen = get_wkd_config()
wkd_tmp = {
x: {
"options": list(options.get(x)),
"selected": chosen.get(x)
}
for x in options.keys()
}
wkd = {}
for e in wkd_tmp.keys():
if wkd.get(get_domain(e)) is None:
wkd[get_domain(e)] = {}
wkd[get_domain(e)][e] = wkd_tmp[e]
return {
"keys": {
x.get("master_fpr"): x
for x in map(key_representation, [get_daemon_key()] +
get_imported_keys())
},
"wkd": wkd
}
@app.route('/system/pgp/wkd', methods=["POST"])
@authorized_personnel_only
def update_wkd():
from wkd import update_wkd_config, build_wkd
update_wkd_config(request.form)
build_wkd()
return "OK"
@app.route('/system/default-quota', methods=["GET"])
@authorized_personnel_only
def default_quota_get():
if request.values.get('text'):
return get_default_quota(env)
else:
return json_response({
"default-quota": get_default_quota(env),
})
@app.route('/system/default-quota', methods=["POST"])
@authorized_personnel_only
def default_quota_set():
config = utils.load_settings(env)
try:
config["default-quota"] = validate_quota(
request.values.get('default_quota'))
utils.write_settings(config, env)
except ValueError as e:
return ("ERROR: %s" % str(e), 400)
return "OK"
# MUNIN
@app.route('/munin/')
@authorized_personnel_only
def munin_start():
# Munin pages, static images, and dynamically generated images are served
# outside of the AJAX API. We'll start with a 'start' API that sets a cookie
# that subsequent requests will read for authorization. (We don't use cookies
# for the API to avoid CSRF vulnerabilities.)
response = make_response("OK")
response.set_cookie("session",
auth_service.create_session_key(request.user_email,
env,
type='cookie'),
max_age=60 * 30,
secure=True,
httponly=True,
samesite="Strict") # 30 minute duration
return response
def check_request_cookie_for_admin_access():
session = auth_service.get_session(None,
request.cookies.get("session",
""), "cookie", env)
if not session:
return False
privs = get_mail_user_privileges(session["email"], env)
if not isinstance(privs, list):
return False
if "admin" not in privs:
return False
return True
def authorized_personnel_only_via_cookie(f):
@wraps(f)
def g(*args, **kwargs):
if not check_request_cookie_for_admin_access():
return Response("Unauthorized",
status=403,
mimetype='text/plain',
headers={})
return f(*args, **kwargs)
return g
@app.route('/munin/<path:filename>')
@authorized_personnel_only_via_cookie
def munin_static_file(filename=""):
# Proxy the request to static files.
if filename == "":
filename = "index.html"
return send_from_directory("/var/cache/munin/www", filename)
@app.route('/munin/cgi-graph/<path:filename>')
@authorized_personnel_only_via_cookie
def munin_cgi(filename):
""" Relay munin cgi dynazoom requests
/usr/lib/munin/cgi/munin-cgi-graph is a perl cgi script in the munin package
that is responsible for generating binary png images _and_ associated HTTP
headers based on parameters in the requesting URL. All output is written
to stdout which munin_cgi splits into response headers and binary response
data.
munin-cgi-graph reads environment variables to determine
what it should do. It expects a path to be in the env-var PATH_INFO, and a
querystring to be in the env-var QUERY_STRING.
munin-cgi-graph has several failure modes. Some write HTTP Status headers and
others return nonzero exit codes.
Situating munin_cgi between the user-agent and munin-cgi-graph enables keeping
the cgi script behind mailinabox's auth mechanisms and avoids additional
support infrastructure like spawn-fcgi.
"""
COMMAND = 'su - munin --preserve-environment --shell=/bin/bash -c /usr/lib/munin/cgi/munin-cgi-graph'
# su changes user, we use the munin user here
# --preserve-environment retains the environment, which is where Popen's `env` data is
# --shell=/bin/bash ensures the shell used is bash
# -c "/usr/lib/munin/cgi/munin-cgi-graph" passes the command to run as munin
# "%s" is a placeholder for where the request's querystring will be added
if filename == "":
return ("a path must be specified", 404)
query_str = request.query_string.decode("utf-8", 'ignore')
env = {
'PATH_INFO': '/%s/' % filename,
'REQUEST_METHOD': 'GET',
'QUERY_STRING': query_str
}
code, binout = utils.shell(
'check_output',
COMMAND.split(" ", 5),
# Using a maxsplit of 5 keeps the last arguments together
env=env,
return_bytes=True,
trap=True)
if code != 0:
# nonzero returncode indicates error
app.logger.error(
"munin_cgi: munin-cgi-graph returned nonzero exit code, %s", code)
return ("error processing graph image", 500)
# /usr/lib/munin/cgi/munin-cgi-graph returns both headers and binary png when successful.
# A double-Windows-style-newline always indicates the end of HTTP headers.
headers, image_bytes = binout.split(b'\r\n\r\n', 1)
response = make_response(image_bytes)
for line in headers.splitlines():
name, value = line.decode("utf8").split(':', 1)
response.headers[name] = value
if 'Status' in response.headers and '404' in response.headers['Status']:
app.logger.warning(
"munin_cgi: munin-cgi-graph returned 404 status code. PATH_INFO=%s",
env['PATH_INFO'])
return response
def log_failed_login(request):
# We need to figure out the ip to list in the message, all our calls are routed
# through nginx who will put the original ip in X-Forwarded-For.
# During setup we call the management interface directly to determine the user
# status. So we can't always use X-Forwarded-For because during setup that header
# will not be present.
if request.headers.getlist("X-Forwarded-For"):
ip = request.headers.getlist("X-Forwarded-For")[0]
else:
ip = request.remote_addr
# We need to add a timestamp to the log message, otherwise /dev/log will eat the "duplicate"
# message.
app.logger.warning(
"Mail-in-a-Box Management Daemon: Failed login attempt from ip %s - timestamp %s"
% (ip, time.time()))
# APP
if __name__ == '__main__':
if "DEBUG" in os.environ:
# Turn on Flask debugging.
app.debug = True
if not app.debug:
app.logger.addHandler(utils.create_syslog_handler())
#app.logger.info('API key: ' + auth_service.key)
# Start the application server. Listens on 127.0.0.1 (IPv4 only).
app.run(port=10222)