def sslCertView(request):
if request.method == "POST":
try:
keyobj = DomainAttr.getAttrObj(item="ssl_privatekey")
certobj = DomainAttr.getAttrObj(item="ssl_certificate")
privkey = keyobj.value
if not privkey:
messages.add_message(request, messages.ERROR,
u'私钥不存在,请先生成或导入!')
return HttpResponseRedirect(reverse("ssl_maintain"))
fileobj = request.FILES['certfile']
certificate = fileobj.read()
T = sslopts.checkCert(bytes(privkey), bytes(certificate))
if not T:
messages.add_message(request, messages.ERROR,
u'证书与私钥不匹配,无法导入!')
return HttpResponseRedirect(reverse("ssl_maintain"))
certobj.value = certificate
certobj.save()
messages.add_message(request, messages.SUCCESS, u'导入证书成功!')
return HttpResponseRedirect(reverse("ssl_maintain"))
except BaseException as e:
messages.add_message(request, messages.ERROR, u'无法解析证书,请检测证书文件!')
return HttpResponseRedirect(reverse("ssl_maintain"))
raise Http404
def loadDomainAttr(self, item, itemType=""):
if itemType:
value = DomainAttr.getAttrObjValue(domain_id=self.domain_id,
type=itemType,
item=item)
else:
value = DomainAttr.getAttrObjValue(domain_id=self.domain_id,
item=item)
return value
def save(self):
for k in (u"cf_sms_conf", ):
obj = getattr(self, k)
DomainAttr.saveAttrObjValue(domain_id=0,
type="system",
item=k,
value=obj.value)
clear_redis_cache()
redis = get_redis_connection()
redis.rpush("task_queue:apply_setting", "postfix")
def save(self):
DomainAttr.saveAttrObjValue(domain_id=0,
type="system",
item="sw_custom_kkserver_sys_token",
value=self.token.value)
DomainAttr.saveAttrObjValue(domain_id=0,
type="system",
item="sw_custom_kkserver_sys_open",
value=self.open.value)
clear_redis_cache()
def __init__(self, domain, *args, **kwargs):
super(MailboxForm, self).__init__(*args, **kwargs)
self.fields['name'].widget = forms.TextInput(attrs={
"placeholder": _(u"邮箱名称"),
})
self.domain = domain
self.domain_str = domain.domain
self.mailbox = None
self.fields['domain'].required = False
self.fields['domain_str'].required = False
self.fields['username'].required = False
self.fields['recvsms'].required = False
self.fields['name'].widget.attrs.update({'addon': self.domain_str})
self.fields['quota_mailbox'].widget.attrs.update({'addon': u'MB'})
self.fields['quota_netdisk'].widget.attrs.update({'addon': u'MB'})
self.fields['pwd_days'].widget.attrs.update({'addon': _(u'天')})
mailbox_size = DomainAttr.getAttrObjValue(self.domain.id, 'system',
'cf_def_mailbox_size')
netdisk_size = DomainAttr.getAttrObjValue(self.domain.id, 'system',
'cf_def_netdisk_size')
limit_send = DomainAttr.getAttrObjValue(self.domain.id, 'system',
'limit_send')
limit_recv = DomainAttr.getAttrObjValue(self.domain.id, 'system',
'limit_recv')
if self.instance.pk:
limit_send = self.instance.getSendLimit
limit_recv = self.instance.getRecvLimit
self.is_check_passwd = True
if mailbox_size:
self.fields['quota_mailbox'].initial = mailbox_size
if netdisk_size:
self.fields['quota_netdisk'].initial = netdisk_size
if limit_send:
self.fields['limit_send'].initial = limit_send
if limit_recv:
self.fields['limit_recv'].initial = limit_recv
self.raw_password = ""
self.fields['use_group'].required = False
self.fields['limit_send'].required = False
self.fields['limit_recv'].required = False
if self.instance.pk:
self.raw_password = kwargs["instance"].password
self.fields['password1'].required = False
self.fields['password2'].required = False
s = self.instance.size
size = s.size if s else 0
self.fields['quota_mailbox'].widget.attrs.update(
{'addon': _(u'MB(已使用{}MB)').format(size)})
self.fields['name'].widget.attrs.update({'readonly': 'readonly'})
def loadDomainAttr(self, item, itemType=""):
key = "tmp_{}".format(item)
if hasattr(self, key):
return getattr(self, key)
if itemType:
value = DomainAttr.getAttrObjValue(domain_id=self.domain_id,
type=itemType,
item=item)
else:
value = DomainAttr.getAttrObjValue(domain_id=self.domain_id,
item=item)
setattr(self, key, value)
return value
def save(self):
value = {
"server": self.server.value,
"corp": self.corp.value,
"service": self.service.value,
"loginurl": self.loginurl.value,
"open": self.open.value,
}
value = json.dumps(value)
DomainAttr.saveAttrObjValue(domain_id=0,
type="system",
item="sw_custom_kkserver_setting",
value=value)
clear_redis_cache()
def save(self):
value = {
"server": self.server.value,
"username": self.username.value,
"password": self.password.value,
"loginurl": self.loginurl.value,
"open": self.open.value,
}
value = json.dumps(value)
DomainAttr.saveAttrObjValue(domain_id=0,
type="system",
item="sw_custom_kkserver_setting2",
value=value)
clear_redis_cache()
def save(self):
value = self.value.value
if "open_spf" in value:
flag = value.pop("open_spf")
value["spf"] = "1" if flag == "1" else "-1"
if self.instance:
obj = self.instance
obj.domain_id = self.domain_id
obj.type = self.instance.type
obj.item = self.instance.item
obj.value = json.dumps(value)
obj.save()
else:
obj = DomainAttr.objects.create(
domain_id=self.domain_id,
type="system",
item="cf_antispam",
value=json.dumps(value),
)
#sw_antivirus , sw_antispam 两个参数,webmail以前是修改的core_domain表的列,兼容处理
if self.instance_domain:
for key in ("sw_antispam", "sw_antivirus"):
obj = getattr(self, key, None)
if not obj:
continue
if key == "sw_antispam":
self.instance_domain.antispam = obj.value
else:
self.instance_domain.antivirus = obj.value
self.instance_domain.save()
for k in [
"spam_check_local",
"spam_check_outside",
"spam_check_local_spam",
"spam_check_local_virus",
"spam_check_outside_spam",
"spam_check_outside_virus",
]:
value = getattr(self, k).value
DomainAttr.saveAttrObjValue(domain_id=self.domain_id,
type="webmail",
item="sw_%s" % k,
value=value)
clear_redis_cache()
if self.spf_old != self.spf_new:
redis = get_redis_connection()
redis.rpush("task_queue:apply_setting", "postfix")
def _get_domain_mailbox_limit(self, domain_id):
return {
'mailbox_count_limit':
toint(
DomainAttr.getAttrObjValue(domain_id, 'system',
'cf_limit_mailbox_cnt')),
'mailbox_size_limit':
toint(
DomainAttr.getAttrObjValue(domain_id, 'system',
'cf_limit_mailbox_size')),
'netdisk_size_limit':
toint(
DomainAttr.getAttrObjValue(domain_id, 'system',
'cf_limit_netdisk_size')),
}
def save(self):
instance = DomainAttr.getAttrObj(domain_id=0,
type="system",
item=u'cf_moving_default')
instance.value = json.dumps(self.value)
instance.save()
return instance
def smtp(request):
form = SmtpSetForm(initial=DomainAttr.smtpSetValuetoDict())
if request.method == "POST":
form = SmtpSetForm(request.POST)
if form.is_valid():
form.save()
messages.add_message(request, messages.SUCCESS, u'修改设置成功!')
return redirect('smtp_set')
return render(request,
template_name="setting/smtp.html",
context={
"form": form,
})
def cfilter_config(request):
obj = DomainAttr.getAttrObj(domain_id=0,
type="system",
item='sw_use_cfilter_new')
form = ExtCfilterConfigForm(instance=obj)
if request.method == "POST":
form = ExtCfilterConfigForm(post=request.POST)
if form.is_valid():
form.save()
messages.add_message(request, messages.SUCCESS, u'修改开关成功')
return HttpResponseRedirect(reverse("cfilter_config"))
return render(request,
"setting/cfilter_config.html",
context={
"form": form,
})
def sslPrivateView(request):
if request.method == "POST":
status = request.POST.get("sslkey_status", "")
obj = DomainAttr.getAttrObj(item="ssl_privatekey")
value = obj.value
if status == "import":
keywd = request.POST.get("sslkey_passwd_import", "").strip()
keywd = keywd or None
if value:
messages.add_message(request, messages.ERROR, u'私钥已存在,设置私钥失败!')
return HttpResponseRedirect(reverse("ssl_maintain"))
else:
try:
fileobj = request.FILES['sslkeyfile']
privkey = fileobj.read()
privkey = sslopts.importPrivKey(privkey, passwd=keywd)
obj.value = privkey
obj.save()
messages.add_message(request, messages.SUCCESS, u'导入私钥成功')
return HttpResponseRedirect(reverse("ssl_maintain"))
except BaseException as e:
messages.add_message(request, messages.ERROR,
u'导入私钥失败(保护密码错误、非密钥文件等), 请重新导入!')
return HttpResponseRedirect(reverse("ssl_maintain"))
if status == "export":
keywd = request.POST.get("sslkey_passwd_export", "").strip()
keywd = keywd or None
if value:
try:
privkey = sslopts.exportPrivKey(bytes(value), passwd=keywd)
wrapper = FileWrapper(StringIO.StringIO(privkey))
response = HttpResponse(
wrapper, content_type='application/octet-stream')
response['Content-Length'] = sslopts.getPrivateKeySize(
bytes(value))
response[
'Content-Disposition'] = 'attachment; filename=%s' % "ssl_private.key"
return response
except BaseException as e:
messages.add_message(request, messages.ERROR,
u'私钥不正确,请重新生成私钥导出!')
return HttpResponseRedirect(reverse("ssl_maintain"))
else:
messages.add_message(request, messages.ERROR, u'私钥不存在,导出失败!')
return HttpResponseRedirect(reverse("ssl_maintain"))
return HttpResponseRedirect(reverse("ssl_maintain"))
raise Http404
def mailTransferSender(request):
obj = DomainAttr.getAttrObj(domain_id=0,
type="system",
item='deliver_transfer_sender')
form = MailTransferSenderForm(instance=obj)
if request.method == "POST":
form = MailTransferSenderForm(post=request.POST)
if form.is_valid():
form.save()
messages.add_message(request, messages.SUCCESS, u'添加数据成功')
return HttpResponseRedirect(reverse('mail_transfer_sender'))
return render(request,
"setting/mail_transfer_sender.html",
context={
"form": form,
})
def __initialize(self):
self.spf_old = ""
self.spf_new = ""
default = constants.SPAMSET_PARAM_DEFAULT
if self.instance:
self.domain_id = self.instance.domain_id
value = json.loads(self.instance.value)
if "spf" in value:
self.spf_old = value["spf"]
elif "open_spf" in value:
self.spf_old = value["open_spf"]
else:
value = copy.copy(default)
data = self.post if self.post else self.get
if data:
for k in constants.SPAMSET_PARAM_DEFAULT.keys():
if k in data:
value[k] = data[k]
elif k in value:
del value[k]
self.domain_id = data.get("domain_id", 0)
for k, v in constants.SPAMSET_PARAM_DEFAULT.items():
if not k in value:
value[k] = v
if not value.get("host", "").strip() and self.request:
value["host"] = get_client_request(self.request)
#删除一个废弃的key
if "open_spf" in value:
flag = value.pop("open_spf")
value["spf"] = "1" if flag == "1" else "-1"
if "spf" in value:
self.spf_new = value["spf"]
#检测等级在 app 2.2.54 后废弃
if "check_level" in value:
level = value.pop("check_level")
#兼容一下旧数据
if level == "senior":
value["spf"] = "1"
value["sender_blacklist"] = "1"
value["subject_blacklist"] = "1"
value["content_blacklist"] = "1"
value["high_risk_attachment"] = "1"
value["low_risk_attachment"] = "1"
value["dspam"] = "1"
value["ctasd"] = "-1"
value["spamassassin"] = "1"
elif level == "intermediate":
value["sender_blacklist"] = "1"
value["subject_blacklist"] = "1"
value["content_blacklist"] = "1"
value["high_risk_attachment"] = "1"
value["low_risk_attachment"] = "1"
value["dspam"] = "1"
value["ctasd"] = "-1"
value["spamassassin"] = "1"
else:
value["dspam"] = "1"
value["spamassassin"] = "1"
value["sender_blacklist"] = "1"
value["subject_blacklist"] = "1"
value["content_blacklist"] = "1"
value["low_risk_attachment"] = "1"
for k, v in value.iteritems():
self[k] = BaseFied(value=get_unicode(v), error=None)
self.value = BaseFied(value=value, error=None)
#sw_antispam、sw_antivirus的值保存在core_domain表中
instance = Domain.objects.filter(id=self.domain_id).first()
self.instance_domain = instance
if instance:
self.sw_antispam = BaseFied(value=get_unicode(instance.antispam),
error=None)
self.sw_antivirus = BaseFied(value=get_unicode(instance.antivirus),
error=None)
else:
self.sw_antispam = BaseFied(value='-1', error=None)
self.sw_antivirus = BaseFied(value='-1', error=None)
if data:
self.sw_antispam = BaseFied(value=data.get("sw_antispam", '-1'),
error=None)
self.sw_antivirus = BaseFied(value=data.get("sw_antivirus", '-1'),
error=None)
SPAM_TARGET_DEFAULT = {
"spam_check_local": "-1",
"spam_check_outside": "1",
"spam_check_local_spam": "1",
"spam_check_local_virus": "1",
"spam_check_outside_spam": "1",
"spam_check_outside_virus": "1",
}
for k, default in SPAM_TARGET_DEFAULT.items():
key = item = "sw_%s" % k
obj = DomainAttr.objects.filter(domain_id=self.domain_id,
type="webmail",
item=key).first()
if not obj:
DomainAttr.saveAttrObjValue(domain_id=self.domain_id,
type="webmail",
item=key,
value=default)
obj = DomainAttr.getAttrObj(domain_id=self.domain_id,
type="webmail",
item=key)
setattr(self, k, BaseFied(value=obj.value, error=None))
if data:
if k in data:
setattr(self, k, BaseFied(value=data[k], error=None))
else:
setattr(self, k, BaseFied(value="-1", error=None))
def sslView(request):
# ssl开关
sslobj = CoreConfig.getFuctionObj('ssl')
# 私钥数据
keyobj = DomainAttr.getAttrObj(item="ssl_privatekey")
value = keyobj.value or None
# 签名请求数据
sigobj = DomainAttr.getAttrObj(item="ssl_signrequest")
# 证书
certobj = DomainAttr.getAttrObj(item="ssl_certificate")
if request.method == "POST":
status = request.POST.get("status", "")
if status == "generate":
# 系统生成私钥
if value:
messages.add_message(request, messages.ERROR, u'私钥已存在,设置私钥失败!')
return HttpResponseRedirect(reverse("ssl_maintain"))
else:
try:
privkey = sslopts.genPrivKey()
keyobj.value = privkey
keyobj.save()
messages.add_message(request, messages.SUCCESS, u'生成私钥成功')
return HttpResponseRedirect(reverse("ssl_maintain"))
except:
messages.add_message(request, messages.ERROR,
u'生成私钥失败,请重新生成')
return HttpResponseRedirect(reverse("ssl_maintain"))
if status == "clear":
# 清除私钥
keyobj.value = ""
keyobj.save()
# 清空证书签名请求
DomainAttr.emptyAttrObjValue(item="ssl_signrequest")
# 清除证书
DomainAttr.emptyAttrObjValue(item="ssl_certificate")
messages.add_message(request, messages.SUCCESS, u'清除私钥成功')
return HttpResponseRedirect(reverse("ssl_maintain"))
if status == "export-signature":
# 导出签名请求
sigvalue = sigobj.value or None
if not sigvalue:
messages.add_message(request, messages.ERROR, u'签名请求 不存在')
return HttpResponseRedirect(reverse("ssl_maintain"))
else:
try:
wrapper = FileWrapper(StringIO.StringIO(sigvalue))
response = HttpResponse(
wrapper, content_type='application/octet-stream')
response['Content-Length'] = len(value)
response[
'Content-Disposition'] = 'attachment; filename=%s' % "ssl_signrequest.csr"
return response
except:
messages.add_message(request, messages.ERROR,
u'导出签名请求失败,请重新导出')
return HttpResponseRedirect(reverse("ssl_maintain"))
if status == "clear-signature":
# 清除签名请求
DomainAttr.emptyAttrObjValue(item="ssl_signrequest")
messages.add_message(request, messages.SUCCESS, u'清除签名请求成功')
return HttpResponseRedirect(reverse("ssl_maintain"))
if status == "cert-export":
# 导出证书
certvalue = certobj.value or None
if not certvalue:
messages.add_message(request, messages.ERROR, u'证书 不存在')
return HttpResponseRedirect(reverse("ssl_maintain"))
else:
try:
wrapper = FileWrapper(StringIO.StringIO(certvalue))
response = HttpResponse(
wrapper, content_type='application/octet-stream')
response['Content-Length'] = len(value)
response[
'Content-Disposition'] = 'attachment; filename=%s' % "ssl_certificate.crt"
return response
except:
messages.add_message(request, messages.ERROR,
u'导出证书失败,请重新导出')
return HttpResponseRedirect(reverse("ssl_maintain"))
if status == "cert-clear":
# 清除证书
DomainAttr.emptyAttrObjValue(item="ssl_certificate")
messages.add_message(request, messages.SUCCESS, u'清除证书成功成功')
return HttpResponseRedirect(reverse("ssl_maintain"))
is_verify = False
signature = DomainAttr.getSignatureCache()
if sigobj.value:
is_verify, signature2 = sslopts.parseSignature(sigobj.value)
if is_verify: signature = signature2
is_ca = False
cert_subject, sert_issuer = None, None
if certobj.value:
is_ca = True
cert_subject, sert_issuer = sslopts.parseCert(certobj.value)
return render(
request,
"maintain/ssl.html",
context={
"sslobj": sslobj,
"keyValue":
sslopts.getPrivateKeySize(bytes(value)) if value else None,
"is_verify": is_verify,
"signature": signature,
"is_ca": is_ca,
"cert_subject": cert_subject,
"sert_issuer": sert_issuer,
})
shutil.copy(licence_file, '{}.{}'.format(licence_file, now))
open(licence_file, 'w').write(licence_data)
messages.add_message(request, messages.SUCCESS, u'授权文件更新成功')
return HttpResponseRedirect(reverse('system_licence'))
try:
lic = Licence(licence_file=licence_file)
info = lic.get_licence_info()
except:
info = {}
messages.add_message(request, messages.ERROR, u'授权文件格式错误,请重新导入')
# 测试用户信息处理
if info.get('evaluation', ''):
# 生成试用期信息
system_created = DomainAttr.getAttrObjValue(1, 'system', 'created')
trial_begin = datetime.datetime.strptime(system_created,
'%Y-%m-%d %H:%M:%S')
trial_end = trial_begin + datetime.timedelta(days=30)
extra_module = ['all']
else:
# 正式用户信息处理
trial_begin = ''
trial_end = ''
# 扩展模块信息
try:
extra_module = lic.get_available_module()
except:
extra_module = ''
def sslSignatureView(request):
if request.method == "POST":
obj = DomainAttr.getAttrObj(item="ssl_signrequest")
keyobj = DomainAttr.getAttrObj(item="ssl_privatekey")
keyvalue = keyobj.value
if obj.value:
messages.add_message(request, messages.ERROR,
u'证书签名请求已存在,生成证书签名请求失败!')
return HttpResponseRedirect(reverse("ssl_maintain"))
else:
sig_domain = request.POST.get("sig_domain", "").strip()
sig_organization = request.POST.get("sig_organization", "").strip()
sig_depart = request.POST.get("sig_depart", "").strip()
sig_province = request.POST.get("sig_province", "").strip()
sig_locale = request.POST.get("sig_locale", "").strip()
j = {}
msg = []
if not validators.check_domain(u"@{}".format(sig_domain)):
msg.append(u"域名 填写错误")
j.update(sig_domain=sig_domain)
if not sig_organization:
msg.append(u"单位/组织 不能为空")
elif not validators.check_English(sig_organization):
msg.append(u"单位/组织 只能填写英文字符")
j.update(sig_organization=sig_organization)
if sig_depart and not validators.check_English(sig_depart):
msg.append(u"部门 只能填写英文字符")
j.update(sig_depart=sig_depart)
if not sig_province:
msg.append(u"省/市/自治区 不能为空")
elif not validators.check_English(sig_province):
msg.append(u"省/市/自治区 只能填写英文字符")
j.update(sig_province=sig_province)
if not sig_locale:
msg.append(u"所在地 不能为空")
elif not validators.check_English(sig_locale):
msg.append(u"所在地 只能填写英文字符")
j.update(sig_locale=sig_locale)
DomainAttr.saveAttrObjValue(item="ssl_signrequest_cache",
value=json.dumps(j))
if not keyvalue:
messages.add_message(request, messages.ERROR, u'私钥不存在,请先设置私钥!')
return HttpResponseRedirect(reverse("ssl_maintain"))
if msg:
messages.add_message(request, messages.ERROR, u",".join(msg))
return HttpResponseRedirect(reverse("ssl_maintain"))
else:
signature = sslopts.genSignature(
privkey=bytes(keyvalue),
sig_domain=sig_domain,
sig_depart=sig_depart,
sig_organization=sig_organization,
sig_province=sig_province,
sig_locale=sig_locale)
obj.value = signature
obj.save()
messages.add_message(request, messages.SUCCESS, u'生成证书签名请求成功')
return HttpResponseRedirect(reverse("ssl_maintain"))
return HttpResponseRedirect(reverse("ssl_maintain"))
raise Http404
info = lic.get_licence_info()
except Exception,err:
print "licence error: ",err
lines = []
import traceback
for line in traceback.format_exc().strip().split('\n') : lines.append(' > ' + line)
err_msg = '\n'.join(lines)
print "err_msg: ",err_msg
return False
now = datetime.datetime.now().strftime('%Y%m%d%H%M%S')
#试用期用户
try:
if info['evaluation']:
from app.core.models import DomainAttr
value = DomainAttr.getAttrObjValue(domain_id=1,type='system',item='created')
if not value:
print "domain_attr has no created flag!!!"
return False
start = time.mktime(time.strptime(value,'%Y-%m-%d %H:%M:%S'))
end = int(start) + 30*24*3600
end = time.strftime('%Y-%m-%d %H:%M:%S',time.localtime(end))
info["expires_time"] = datetime.datetime.strptime(end,'%Y-%m-%d %H:%M:%S')
#print "evaluation version start: %s end: %s"%(value, end)
except Exception,err:
print "licence trans time error: ",err
return False
#print info
if info.get("expires_time","") and info["expires_time"].strftime('%Y%m%d%H%M%S')<=now:
print "invalid licence expires_time: ",info
