Rechtebechebung für User mit Sudorechte
parent
d6007589ef
commit
450247d163
|
|
@ -17,7 +17,7 @@ class DkimStatus extends Component
|
|||
{
|
||||
$this->domain = $domain;
|
||||
|
||||
// aktiven Selector aus DB; sonst Default aus Config
|
||||
// aktiver Selector aus DB, sonst Default aus config
|
||||
$this->selector = $selector
|
||||
?: optional(
|
||||
$domain->dkimKeys()->where('is_active', true)->latest()->first()
|
||||
|
|
@ -26,46 +26,20 @@ class DkimStatus extends Component
|
|||
}
|
||||
|
||||
/**
|
||||
* Prüft NUR lokal:
|
||||
* - Keyfile: /etc/opendkim/keys/<domain>/<selector>.private
|
||||
* - KeyTable & SigningTable enthalten passende Zeilen
|
||||
* Minimalcheck: ist das Keyfile vorhanden & >0 Bytes?
|
||||
* Nutzt sudo /usr/bin/test, damit www-data auch bei 0600/0750 prüfen kann.
|
||||
*/
|
||||
protected function isDkimReady(string $domain, string $selector): bool
|
||||
{
|
||||
$d = preg_quote($domain, '/');
|
||||
$s = preg_quote($selector, '/');
|
||||
$key = "/etc/opendkim/keys/{$domain}/{$selector}.private";
|
||||
|
||||
// 1) Key-Datei vorhanden & lesbar
|
||||
$keyFile = "/etc/opendkim/keys/{$domain}/{$selector}.private";
|
||||
$hasFile = is_readable($keyFile) && (filesize($keyFile) > 0);
|
||||
// -s => existiert und Größe > 0
|
||||
$res = Process::run(['sudo','-n','/usr/bin/test','-s',$key]);
|
||||
|
||||
// 2) Tabellen-Inhalte lesen (leer wenn Datei fehlt)
|
||||
$keyTab = is_readable('/etc/opendkim/KeyTable')
|
||||
? (string) @file_get_contents('/etc/opendkim/KeyTable')
|
||||
: '';
|
||||
$signTab = is_readable('/etc/opendkim/SigningTable')
|
||||
? (string) @file_get_contents('/etc/opendkim/SigningTable')
|
||||
: '';
|
||||
|
||||
// Beispiel-Zeilen:
|
||||
// KeyTable: mwl1._domainkey.sysmail.toastra.com sysmail.toastra.com:mwl1:/etc/opendkim/keys/sysmail.toastra.com/mwl1.private
|
||||
// SigningTable:*@sysmail.toastra.com mwl1._domainkey.sysmail.toastra.com
|
||||
|
||||
// Robust gegen Mehrfach-Spaces/Tabs:
|
||||
$inKey = (bool) preg_match(
|
||||
"/^{$s}\._domainkey\.{$d}\s+{$d}:{$s}:/m",
|
||||
$keyTab
|
||||
);
|
||||
|
||||
$inSign = (bool) preg_match(
|
||||
"/^\*\@{$d}\s+{$s}\._domainkey\.{$d}\s*$/m",
|
||||
$signTab
|
||||
);
|
||||
|
||||
return $hasFile && $inKey && $inSign;
|
||||
return $res->successful();
|
||||
}
|
||||
|
||||
/** Button: (Re)generieren via Service (der ruft sudo-Helper auf) */
|
||||
/** Button: (Re)generieren → Service kümmert sich um Helper & Reload */
|
||||
public function regenerate(?string $selector = null): void
|
||||
{
|
||||
$selector = $selector
|
||||
|
|
@ -74,25 +48,19 @@ class DkimStatus extends Component
|
|||
try {
|
||||
/** @var DkimService $svc */
|
||||
$svc = app(DkimService::class);
|
||||
|
||||
// erzeugt/aktualisiert Keys in storage, pflegt DB,
|
||||
// ruft /usr/local/sbin/mailwolt-install-dkim via sudo -n auf,
|
||||
// lädt opendkim neu (im Service)
|
||||
$svc->generateForDomain($this->domain, 2048, $selector);
|
||||
|
||||
// Status neu prüfen
|
||||
// Status nach der Erzeugung erneut prüfen
|
||||
$ok = $this->isDkimReady($this->domain->domain, $selector);
|
||||
|
||||
$this->dispatch('toast',
|
||||
type: $ok ? 'success' : 'warning',
|
||||
message: $ok ? 'DKIM ist aktiv.' : 'DKIM generiert – OpenDKIM prüfen.'
|
||||
);
|
||||
|
||||
} catch (\Throwable $e) {
|
||||
$this->dispatch('toast', type: 'error', message: 'DKIM Fehler: '.$e->getMessage());
|
||||
}
|
||||
|
||||
// aktuellen Selector merken (falls der Fallback zuvor anders war)
|
||||
$this->selector = $selector;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ class DkimService
|
|||
{
|
||||
$selector = $selector ?: (string) config('mailpool.defaults.dkim_selector', 'mwl1');
|
||||
|
||||
$dirKey = $this->safeKey($domain);
|
||||
$dirKey = $this->safeKey($domain->domain);
|
||||
$selKey = $this->safeKey($selector, 32);
|
||||
|
||||
// Disk "local" zeigt bei dir auf storage/app/private (siehe Kommentar in deinem Code)
|
||||
|
|
|
|||
Loading…
Reference in New Issue