Class Symbiosis::Domain
In: common/lib/symbiosis/domain.rb
common/lib/symbiosis/domain/dkim.rb
common/lib/symbiosis/domain/ssl.rb
dns/lib/symbiosis/domain/dns.rb
email/lib/symbiosis/domain/mailbox.rb
ftpd/lib/symbiosis/domain/ftp.rb
httpd/lib/symbiosis/test/http.rb
httpd/lib/symbiosis/domain/http.rb
xmpp/lib/symbiosis/domain/xmpp.rb
Parent: Object
Array Utmp EventMachine::Connection ApacheLogger StandardError CrontabFormatError Enumerable IPAddr ::IPAddr Host Range Domain ConfigFile Prosody Tinydns Apache Webalizer Directory IPListDirectory TemplateDirectory Domains Alert Crontab CrontabRecord StateDB Check Runner TCPConnection Test Process BlacklistDB Template Logtail Pattern Ports Blacklist Monitor ConfigFiles Utils Firewall Symbiosis dot/f_0.png

Ruby class to model a Symbiosis domain.

Methods

Included Modules

Utils

Classes and Modules

Class Symbiosis::Domain::FTPUser
Class Symbiosis::Domain::Mailbox

Constants

NAME_REGEXP = /^[a-z0-9-]+\.([a-z0-9-]+\.?)+$/i   This is a regular expression that matches valid domain names.

Attributes

directory  [R] 
gid  [R] 
group  [R] 
name  [R] 
prefix  [R] 
symlink  [R] 
uid  [R] 
user  [R] 

Public Class methods

Create a Domain given a directory.

Creates a new domain object. If no name is set a random domain name is generated, based on 10 characters in the imaginary .test TLD.

Public Instance methods

Return the directory where CGI executables are server

Checks a given password against the real one, which may be hashed using crypt_password. An argument error is raised if either password is empty.

First the two passwords are compared using crypt(), and if that fails, then a plain text comparison is made.

If the real password starts with {CRYPT} or a recognisable salt, i.e. something like $1$salt$ then only the crypted comparison is done.

If the real password contains characters other than those allowed in crypt()’d hashes, just the plain text comparison is made.

Returns true or false.

Global config directory. Defaults to self.directory/config

Create the /srv/ directory if we‘re supposed to.

Create a stub CGI script

Create directories using our default uid/gid

Create a stub index file.

Encrypt a password, using the cyrpt() function, with MD5 hashing and an 8 character salt. The function returns the crypt() output, prepended with {CRYPT}.

Fetches the default mailbox quota for the domain. Returns an integer, or nil if no quota was set or the set quota could not be parsed.

Set the default mailbox quota for the domain. Uses Symbiosis::Utils#parse_quota to check the argment. Returns an interpreted quota, i.e. an integer or nil.

Destroy if necessary

Returns true if DKIM public and private keys are available, and match.

Returns the domains SSL key as an OpenSSL::PKey::RSA object, or nil if no key file could be found.

Returns the domains SSL key as an OpenSSL::PKey::RSA object, or nil if no key file could be found.

Returns the public part of the DKIM key, or nil of no DKIM key is available

This returns the Base64 encoded public DKIM key for use in a TXT record.

This returns the dkim selector, stored in config/dkim. If that file is empty, then either /etc/mailname, /etc/hostname, or the hostname returned by the hostname(1) command is used. If none of those produce FQDNs, then gethostbyname() is used.

Does the domain name exist locally?

Find a mailbox for this domain, based on its local part.

Returns the FTP chroot directory. Currently defaults to the domain‘s public directory.

Returns true if the domain is enabled for single or multi user Ftp

Checks to see if multi-user FTP has been enabled for this domain.

Returns an array of FTP multi users for this domain

Returns the name of the FTP password file.

Return the default FTP quota for the domain.

Returns the old-style single FTP user for this domain.

Checks to see if single-user FTP has been enabled for this domain.

Returns the name of the FTP password file.

Generates a DKIM private key.

has_dkim?()

Alias for dkim_enabled?

has_spf?()

Alias for spf_enabled?

Returns true if this domain has a chat server enabled.

Returns the directory where HTML documents are served from. Defaults to public/htdocs

Returns the first IPv4 address, or the first IPv6 address if no IPv4 addresses are defined, or nil.

Return the filename of the IP file, or nil if none has been set.

Return all this domain‘s IPs (IPv4 and 6) as an array. If none have been set, then the host‘s primary IPv4 and IPv6 addresses are returned.

This will use config/ip, or config/ips if config/ip is missing. The documentation should only ever refer to config/ip.

Return this domain‘s IPv4 addresses as an array

Return this domains IPv6 addresses as an array.

Returns if this domain is in fact a symlink to another.

Domains logfile directory. Defaults to self.directory/public/logs

Return all the mailboxes for this domain. This method is not thread-safe, I don‘t think.

Public directory — this is where non-private stuff is stored, i.e. logs and htdocs, mostly.

Change the permissions on our stub CGI-script to make it executable.

Create a stub index file.

Sets the domain to have statistics generated, or not. Expects true if statistics are wanted, or false if not.

Checks to see if a domain should have statistics generated for it. Returns true if statistics should be generated, false if not.

Returns true if a domain has SPF enabled.

Add a path with extra SSL certs (for testing).

This returns an array of files for the domain that contain valid certificates.

Return the available certificate/key files for a domain. It will check files with the following extensions for both keys and certificates.

 * combined
 * key
 * crt
 * pem

It will return an array of certificate and key filenames that could be read and parsed successfully by OpenSSL. The array has to sub-arrays, the first being certificate filenames, the second key filenames, i.e. [[certificates] , [keys]]. If a file contains both a certificate and key, it will appear in both arrays.

This returns an array of files for the domain that contain valid keys.

ssl_bundle_file()

Returns the certificate chain filename, if one exists, or one has been set, or nil if nothing could be found.

ssl_certificate_file()
ssl_certificate_file=(f)

Sets up and returns a new OpenSSL::X509::Store.

If any CA paths have been set using ssl_add_ca_path, then these are added to the store.

If ssl_certificate_chain_file has been set, then this is added to the store.

This is regenerated on every call.

Returns true if SSL has been enabled. SSL is enabled if there is a matching key and certificate found using ssl_find_matching_certificate_and_key.

Tests each of the available key and certificate files, until a matching pair is found. Returns an array of [certificate filename, key_filename], or nil if no match is found.

The order in which keys and certficates are matched is determined by ssl_available_files.

Returns the domains SSL key as an OpenSSL::PKey::RSA object, or nil if no key file could be found.

Searches for the domain‘s SSL key using ssl_find_matching_certificate_and_key, and returns the key‘s filename, or nil if nothing could be found.

Sets the domains‘s SSL key filename.

Do we redirect to the SSL only version of this site?

This method performs a variety of checks on an SSL certificate and key:

  • Is the certificate valid for this domain name or any of its aliases
  • Has the certificate started yet?
  • Has the certificate expired?

If any of these checks fail, a warning is raised.

  • Does the key match the certificate?
  • If the certificate is not self-signed, does it need a bundle?

If either of these last two checks fail, a OpenSSL::X509::CertificateError is raised.

Returns the X509 certificate object

Searches for the domain‘s SSL certificate using ssl_find_matching_certificate_and_key, and returns the certificate‘s filename, or nil if nothing could be found.

Sets the domains SSL certificate filename.

Returns the directory where stats files should be kept. Defaults to stats inside the htdocs_dir

Returns the domain name as a string.

Sets the Bytemark anti-spam flag. Expects true or false.

Fetches the Bytemark anti-spam flag. Returns true or false. This causes the DNS template to be changed to point the MX records at the Bytemark anti-spam service, as per www.bytemark.co.uk/nospam . Also the Exim4 config checks for this flag, and will defer mail that doesn‘t come via the anti-spam servers.

[Validate]