Commit 45e9406a authored by Marius Burkard's avatar Marius Burkard

Merge branch 'stable-3.1'

parents 5e82da8c dad105ff
---------------------------------------
- ISPConfig 3 ToDo list
---------------------------------------
Please see issue tracker for feature requests and bug reports.
Please feel free to edit this file, add new tasks,
remove done tasks or assign yourself to a task.
Form Validators
--------------------------------------
Installer
--------------------------------------
- Add a function to let a server join a existing installation.
- Add Package haveged to requirements (at least if entropy is low) as it raises available entropy significantly which is very needed for DNSSEC Key-generation
If it is not installed and entropy is low generating dnssec-keys lasts minutes (and would time out the server thus is not done) and new signing keys are not generated.
If there are no keys the zones can not be signed and will only be availableas a unsigned copy.
Uninstaller
--------------------------------------
- Add a function to remove ispconfig user
Server
--------------------------------------
Mail module
--------------------------------------
Administration module
--------------------------------------
- Firewall Solution -- Andrew lathama Latham lathama@gmail.com
* Monitor existing IPTABLES rules is done and in the monitor page.
* Add IPTABLES rules
semi-functional and in development also functional in multiserver
* Delete IPTABLES rules
semi-functional and in development also functional in multiserver
* Merge IPTABLES rules made from the CLI with those made from ISPConfig3
Interesting topic about merging control with with the GUI and the CLI
interface for a systems adminitstrator who might add a rule during an
attack or for trouble shooting and forget to remove it.
* Fail2Ban
Add configuration for fail2ban on certian systems. Imagine an admin
wishes to use fail2ban on one service but not others. Rare but an issue
when a large number of clients use a single NAT for all users and failed
logins and traffic looks like an attack. Maybe a whitelist configuration
as an optional setting.
* Remoting
Enable remoting hooks for updating IPTABLES
* Service Checks
Adding saftey checks to make sure that the admin does not lock his/herself
out of the system by accident. We all make mistakes.
-- Note: I'd love a pure iptables firewall as well. I've made such a script for
my work, which uses a simple config file to open/close ports and support for
ip exclusions. I think we could use it as a base to start with, it's up on the dev forum
url: http://www.howtoforge.com/forums/showthread.php?p=261311 (Mark_NL)
Clients module
--------------------------------------
Sites (web) module
--------------------------------------
BE-Designer module
--------------------------------------
WARNING: Please do not use the BE Designer at the moment, the serializing
function of the module editor may break some of the existing modules.
Remoting framework
--------------------------------------
- Add more connections to other data. Remoting hooks for FS and Email Quota
Interface
--------------------------------------
- Enhance the paging in lists (e.g. like this: [1 2 3 4 ... 10])
- DNS: Add Checkbox to switch dnssec_wanted between Y and N to templates and/or wizard. I recommend doing it in the wizard though.
General tasks
--------------------------------------
- Add, extend or modify comments in PEAR syntax so that they can be read with
phpdocumentor.
- Doxygen might be a good idea (phpdocumentor looks nice but no active development)
-- http://drupal.org/node/1354 may have some good ideas.
-- http://engineeredweb.com/blog/10/9/4-reasons-consider-doxygen-over-phpdocumentor
http://git.ispconfig.org/ispconfig/ispconfig3/issues
\ No newline at end of file
......@@ -217,7 +217,12 @@ class installer_base {
//* check sql-mode
$check_sql_mode = $this->db->queryOneRecord("SELECT @@sql_mode");
if ($check_sql_mode['@@sql_mode'] != '' && $check_sql_mode['@@sql_mode'] != 'NO_ENGINE_SUBSTITUTION') die('Wrong SQL-mode. You should use NO_ENGINE_SUBSTITUTION');
if ($check_sql_mode['@@sql_mode'] != '' && $check_sql_mode['@@sql_mode'] != 'NO_ENGINE_SUBSTITUTION') {
echo "Wrong SQL-mode. You should use NO_ENGINE_SUBSTITUTION. Add\n\n";
echo " sql-mode=\"NO_ENGINE_SUBSTITUTION\"\n\n";
echo"to the mysqld-section in /etc/mysql/my.cnf and restart mysqld afterwards\n";
die();
}
//** Create the database
if(!$this->db->query('CREATE DATABASE IF NOT EXISTS ?? DEFAULT CHARACTER SET ?', $conf['mysql']['database'], $conf['mysql']['charset'])) {
......
......@@ -125,7 +125,12 @@ function updateDbAndIni() {
//* check sql-mode
$check_sql_mode = $inst->db->queryOneRecord("SELECT @@sql_mode");
if ($check_sql_mode['@@sql_mode'] != '' && $check_sql_mode['@@sql_mode'] != 'NO_ENGINE_SUBSTITUTION') die('Wrong SQL-mode. You should use NO_ENGINE_SUBSTITUTION');
if ($check_sql_mode['@@sql_mode'] != '' && $check_sql_mode['@@sql_mode'] != 'NO_ENGINE_SUBSTITUTION') {
echo "Wrong SQL-mode. You should use NO_ENGINE_SUBSTITUTION. Add\n\n";
echo " sql-mode=\"NO_ENGINE_SUBSTITUTION\"\n\n";
echo"to the mysqld-section in /etc/mysql/my.cnf and restart mysqld afterwards\n";
die();
}
//* Update $conf array with values from the server.ini that shall be preserved
$tmp = $inst->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . '.server', $conf['server_id']);
......
......@@ -36,7 +36,7 @@ error_reporting(E_ALL|E_STRICT);
require_once "/usr/local/ispconfig/server/lib/config.inc.php";
require_once "/usr/local/ispconfig/server/lib/app.inc.php";
require "/usr/local/ispconfig/server/mysql_clientdb.conf";
require "/usr/local/ispconfig/server/lib/mysql_clientdb.conf";
//** The banner on the command line
echo "\n\n".str_repeat('-', 80)."\n";
......@@ -51,7 +51,7 @@ echo " _____ ___________ _____ __ _ ____
echo "\n".str_repeat('-', 80)."\n";
echo "\n\n>> Uninstall \n\n";
echo "Are you sure you want to uninsatll ISPConfig? [no]";
echo "Are you sure you want to uninstall ISPConfig? [no]";
$input = fgets(STDIN);
$do_uninstall = rtrim($input);
......@@ -62,11 +62,11 @@ if($do_uninstall == 'yes') {
$link = mysqli_connect($clientdb_host, $clientdb_user, $clientdb_password);
if (!$link) {
echo "Unable to connect to the database'.mysql_error($link)";
echo "Unable to connect to the database. mysql_error($link)";
} else {
$result=mysqli_query($link,"DROP DATABASE ".$conf['db_database']."';");
$result=mysqli_query($link,"DROP DATABASE ".$conf['db_database'].";");
if (!$result) echo "Unable to remove the ispconfig-database ".$conf['db_database']." ".mysqli_error($link)."\n";
$result=mysqli_query($link,"DROP USER '".$conf['db_user'] ."';");
$result=mysqli_query($link,"DROP USER '".$conf['db_user']."'@'".$conf['db_host']."';");
if (!$result) echo "Unable to remove the ispconfig-database-user ".$conf['db_user']." ".mysqli_error($link)."\n";
}
mysqli_close($link);
......
<?php
/**
Copyright (c) 2016, Florian Schaal, schaal @it
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of ISPConfig nor the names of its contributors
may be used to endorse or promote products derived from this software without
specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
@author Florian Schaal, info@schaal-24.de
*/
class validate_server {
function get_error($errmsg) {
global $app;
if(isset($app->tform->wordbook[$errmsg])) {
return $app->tform->wordbook[$errmsg]."<br>\r\n";
} else {
return $errmsg."<br>\r\n";
}
}
/**
* Validator function for server-ip
*/
function check_server_ip($field_name, $field_value, $validator) {
if($_POST['ip_type'] == 'IPv4') {
if(!filter_var($field_value, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
return $this->get_error($validator['errmsg']);
}
} elseif ($_POST['ip_type'] == 'IPv6') {
if(!filter_var($field_value, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
return $this->get_error($validator['errmsg']);
}
} else return $this->get_error($validator['errmsg']);
}
}
......@@ -121,7 +121,7 @@ $form["tabs"]['server_ip'] = array (
'ip_address' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'validators' => array ( 0 => array ( 'type' => 'ISIP',
'validators' => array ( 0 => array ( 'type' => 'CUSTOM', 'class' => 'validate_server', 'function' => 'check_server_ip',
'errmsg'=> 'ip_error_wrong'),
1 => array ( 'type' => 'UNIQUE',
'errmsg'=> 'ip_error_unique'),
......
......@@ -69,7 +69,7 @@ $form["tabs"]['server_ip_map'] = array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'validators' => array (
0 => array ( 'type' => 'ISIP', 'errmsg'=> 'ip_error_wrong'),
0 => array ( 'type' => 'ISIPV4', 'errmsg'=> 'ip_error_wrong'),
1 => array ( 'type' => 'NOTEMPTY', 'errmsg'=> 'destination_ip_empty'),
),
'default' => '',
......
......@@ -1119,14 +1119,7 @@ class apache2_plugin {
}
*/
//* Generate Let's Encrypt SSL certificat
if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active
($data['old']['ssl'] == 'n' || $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration
|| ($data['old']['domain'] != $data['new']['domain']) // we have domain update
|| ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain
|| ($data['new']['type'] == 'subdomain') // we have new or update on subdomain
|| ($data['old']['type'] == 'alias' || $data['new']['type'] == 'alias') // we have new or update on aliasdomain
)) {
if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') {
if(substr($domain, 0, 2) === '*.') {
// wildcard domain not yet supported by letsencrypt!
$app->log('Wildcard domains not yet supported by letsencrypt, so changing ' . $domain . ' to ' . substr($domain, 2), LOGLEVEL_WARN);
......@@ -1135,7 +1128,16 @@ class apache2_plugin {
$data['new']['ssl_domain'] = $domain;
$vhost_data['ssl_domain'] = $domain;
}
//* Generate Let's Encrypt SSL certificat
if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active
($data['old']['ssl'] == 'n' || $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration
|| ($data['old']['domain'] != $data['new']['domain']) // we have domain update
|| ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain
|| ($data['new']['type'] == 'subdomain') // we have new or update on subdomain
|| ($data['old']['type'] == 'alias' || $data['new']['type'] == 'alias') // we have new or update on aliasdomain
)) {
// default values
$temp_domains = array();
$lddomain = $domain;
......@@ -1709,7 +1711,7 @@ class apache2_plugin {
$data['new']['ipv6_address'] = implode(':', $explode_v6);
}
}
if($data['new']['ipv6_address'] == '*') $data['new']['ipv6_address'] = '::';
$tmp_vhost_arr = array('ip_address' => '['.$data['new']['ipv6_address'].']', 'ssl_enabled' => 0, 'port' => 80);
if(count($rewrite_rules) > 0) $tmp_vhost_arr = $tmp_vhost_arr + array('redirects' => $rewrite_rules);
if(count($alias_seo_redirects) > 0) $tmp_vhost_arr = $tmp_vhost_arr + array('alias_seo_redirects' => $alias_seo_redirects);
......
......@@ -110,7 +110,7 @@ class network_settings_plugin {
/*
* don't insert the main-ip again!
*/
if ($rec['ip_address'] != $server_config['ip_address'])
if ($rec['ip_address'] != $server_config['ip_address'] && filter_var($rec['ip_address'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4))
{
$ip_records[$n] = array(
'id' => $n,
......@@ -188,7 +188,7 @@ class network_settings_plugin {
/*
* don't insert the main-ip again!
*/
if ($rec['ip_address'] != $server_config['ip_address'])
if ($rec['ip_address'] != $server_config['ip_address'] && filter_var($rec['ip_address'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4))
{
$ip_records[$n] = array(
'id' => $n,
......
......@@ -1232,15 +1232,7 @@ class nginx_plugin {
$tpl->setVar('ssl_letsencrypt', "n");
//* Generate Let's Encrypt SSL certificat
if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active
($data['old']['ssl'] == 'n' || $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration
|| ($data['old']['domain'] != $data['new']['domain']) // we have domain update
|| ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain
|| ($data['new']['type'] == 'subdomain') // we have new or update on subdomain
|| ($data['old']['type'] == 'alias' || $data['new']['type'] == 'alias') // we have new or update on alias domain
)) {
if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y') {
//* be sure to have good domain
if(substr($domain, 0, 2) === '*.') {
// wildcard domain not yet supported by letsencrypt!
......@@ -1250,7 +1242,16 @@ class nginx_plugin {
$data['new']['ssl_domain'] = $domain;
$vhost_data['ssl_domain'] = $domain;
}
//* Generate Let's Encrypt SSL certificat
if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && ( // ssl and let's encrypt is active
($data['old']['ssl'] == 'n' || $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration
|| ($data['old']['domain'] != $data['new']['domain']) // we have domain update
|| ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain
|| ($data['new']['type'] == 'subdomain') // we have new or update on subdomain
|| ($data['old']['type'] == 'alias' || $data['new']['type'] == 'alias') // we have new or update on alias domain
)) {
// default values
$temp_domains = array();
$lddomain = $domain;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment