From 38a07fee228f14fdbc8314dd00099557d05268d7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20F=C3=BCrmann?= <michael@spicyweb.de>
Date: Sun, 9 Oct 2016 21:02:37 +0200
Subject: [PATCH] Applied changes from !470 to correct branch
---
.../mod_auth_external/db_auth.php | 30 ++++------
.../mod_auth_external/db_isuser.php | 12 +++-
install/lib/installer_base.lib.php | 59 +++++--------------
interface/lib/lang/de.lng | 6 ++
interface/lib/lang/en.lng | 6 ++
interface/web/mail/xmpp_domain_edit.php | 9 ++-
6 files changed, 52 insertions(+), 70 deletions(-)
diff --git a/install/apps/metronome_libs/mod_auth_external/db_auth.php b/install/apps/metronome_libs/mod_auth_external/db_auth.php
index 3df135bc12..2d3faa3379 100644
--- a/install/apps/metronome_libs/mod_auth_external/db_auth.php
+++ b/install/apps/metronome_libs/mod_auth_external/db_auth.php
@@ -17,15 +17,15 @@ try{
// check for existing user
$dbmail = $db->real_escape_string($arg_email);
- $result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?", $dbmail, $isp_server_id);
- result_false($result->num_rows != 1);
-
- $user = $result->fetch_object();
-
- // check for domain autologin api key
- $domain_key = 'f47kmm5Yh5hJzSws2KTS';
-
- checkAuth($argv[1], $argv[2], $arg_password, $user->password, $domain_key);
+ $query = $db->prepare("SELECT jid, password FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?");
+ $query->bind_param('si', $arg_email, $isp_server_id);
+ $query->execute();
+ $query->bind_result($jid, $password);
+ $query->fetch();
+ $query->close();
+
+ result_false(is_null($jid));
+ checkAuth($arg_password, $password);
}catch(Exception $ex){
echo 0;
exit();
@@ -40,19 +40,9 @@ function result_true(){
echo 1;
exit();
}
-function checkAuth($user, $domain, $pw_arg, $pw_db, $domain_key){
+function checkAuth($pw_arg, $pw_db){
if(crypt($pw_arg, $pw_db) == $pw_db)
result_true();
-
- if($domain_key){
- $datetime = new DateTime();
- $datetime->setTimezone(new DateTimeZone("UTC"));
- for($t = $datetime->getTimestamp(); $t >= $datetime->getTimestamp()-30; $t--){
- $pw_api = md5($domain.'@'.$domain_key.'@'.$user.'@'.$t);
- if($pw_api == $pw_arg)
- result_true();
- }
- }
result_false();
}
?>
\ No newline at end of file
diff --git a/install/apps/metronome_libs/mod_auth_external/db_isuser.php b/install/apps/metronome_libs/mod_auth_external/db_isuser.php
index e6820635bc..520785a8a2 100644
--- a/install/apps/metronome_libs/mod_auth_external/db_isuser.php
+++ b/install/apps/metronome_libs/mod_auth_external/db_isuser.php
@@ -15,8 +15,14 @@ try{
// check for existing user
$dbmail = $db->real_escape_string($arg_email);
- $result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?", $dbmail, $isp_server_id);
- result_false($result->num_rows != 1);
+ $query = $db->prepare("SELECT count(*) AS usercount FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?");
+ $query->bind_param('si', $arg_email, $isp_server_id);
+ $query->execute();
+ $query->bind_result($usercount);
+ $query->fetch();
+ $query->close();
+
+ result_false($usercount != 1);
result_true();
}catch(Exception $ex){
@@ -34,4 +40,4 @@ function result_true(){
exit();
}
-?>
\ No newline at end of file
+?>
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index da090fdb0b..5adfbafd0e 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -1597,6 +1597,7 @@ class installer_base {
// Copy isp libs
if(!@is_dir('/usr/lib/metronome/isp-modules')) mkdir('/usr/lib/metronome/isp-modules', 0755, true);
caselog('cp -rf apps/metronome_libs/* /usr/lib/metronome/isp-modules/', __FILE__, __LINE__);
+ caselog('chmod 755 /usr/lib/metronome/isp-modules/mod_auth_external/authenticate_isp.sh', __FILE__, __LINE__);
// Process db config
$full_file_name = '/usr/lib/metronome/isp-modules/mod_auth_external/db_conf.inc.php';
$content = rf($full_file_name);
@@ -1609,13 +1610,14 @@ class installer_base {
if(!stristr($options, 'dont-create-certs')){
// Create SSL Certificate for localhost
- echo "writing new private key to 'localhost.key'\n-----\n";
- $ssl_country = $this->free_query('Country Name (2 letter code)', 'AU');
- $ssl_locality = $this->free_query('Locality Name (eg, city)', '');
+ // Ensure no line is left blank
+ echo "writing new private key to 'localhost.key'\n-----\n";
+ $ssl_country = $this->free_query('Country Name (2 letter code)', 'AU');
+ $ssl_locality = $this->free_query('Locality Name (eg, city)', 'City Name');
$ssl_organisation = $this->free_query('Organization Name (eg, company)', 'Internet Widgits Pty Ltd');
- $ssl_organisation_unit = $this->free_query('Organizational Unit Name (eg, section)', '');
+ $ssl_organisation_unit = $this->free_query('Organizational Unit Name (eg, section)', 'Infrastructure');
$ssl_domain = $this->free_query('Common Name (e.g. server FQDN or YOUR name)', $conf['hostname']);
- $ssl_email = $this->free_query('Email Address', '');
+ $ssl_email = $this->free_query('Email Address', 'hostmaster@'.$conf['hostname']);
$tpl = new tpl('metronome_conf_ssl.master');
$tpl->setVar('ssl_country',$ssl_country);
@@ -1632,6 +1634,14 @@ class installer_base {
exec("(cd /etc/metronome/certs && make localhost.cert)");
exec('chmod 0400 /etc/metronome/certs/localhost.key');
exec('chown metronome /etc/metronome/certs/localhost.key');
+
+ echo "IMPORTANT:\n";
+ echo "Localhost Key, Csr and a self-signed Cert have been saved to /etc/metronome/certs\n";
+ echo "In order to work with all clients, the server must have a trusted certificate, so use the Csr\n";
+ echo "to get a trusted certificate from your CA or replace Key and Cert with already signed files for\n";
+ echo "your domain. Clients like Pidgin dont allow to use untrusted self-signed certificates.\n";
+ echo "\n";
+
}else{
echo "-----\n";
echo "Metronome XMPP SSL server certificate is not renewed. Run the following command manual as root to recreate it:\n";
@@ -1645,45 +1655,6 @@ class installer_base {
caselog('update-rc.d metronome defaults', __FILE__, __LINE__);
exec($this->getinitcommand($conf['xmpp']['init_script'], 'restart'));
-
-/*
-writing new private key to 'smtpd.key'
------
-You are about to be asked to enter information that will be incorporated
-into your certificate request.
-What you are about to enter is what is called a Distinguished Name or a DN.
-There are quite a few fields but you can leave some blank
-For some fields there will be a default value,
-If you enter '.', the field will be left blank.
------
-Country Name (2 letter code) [AU]:
-State or Province Name (full name) [Some-State]:
-Locality Name (eg, city) []:
-Organization Name (eg, company) [Internet Widgits Pty Ltd]:
-Organizational Unit Name (eg, section) []:
-Common Name (e.g. server FQDN or YOUR name) []:
-Email Address []:
- * */
-
- /*// Dont just copy over the virtualhost template but add some custom settings
- $tpl = new tpl('apache_apps.vhost.master');
-
- $tpl->setVar('apps_vhost_port',$conf['web']['apps_vhost_port']);
- $tpl->setVar('apps_vhost_dir',$conf['web']['website_basedir'].'/apps');
- $tpl->setVar('apps_vhost_basedir',$conf['web']['website_basedir']);
- $tpl->setVar('apps_vhost_servername',$apps_vhost_servername);
- $tpl->setVar('apache_version',getapacheversion());
-
-
- // comment out the listen directive if port is 80 or 443
- if($conf['web']['apps_vhost_ip'] == 80 or $conf['web']['apps_vhost_ip'] == 443) {
- $tpl->setVar('vhost_port_listen','#');
- } else {
- $tpl->setVar('vhost_port_listen','');
- }
-
- wf($vhost_conf_dir.'/apps.vhost', $tpl->grab());
- unset($tpl);*/
}
diff --git a/interface/lib/lang/de.lng b/interface/lib/lang/de.lng
index 8ad879cf34..61551ceeab 100644
--- a/interface/lib/lang/de.lng
+++ b/interface/lib/lang/de.lng
@@ -131,6 +131,12 @@ $wb['datalog_status_d_web_folder'] = 'Verzeichnisschutz löschen';
$wb['datalog_status_i_web_folder_user'] = 'Verzeichnisschutz Benutzer anlegen';
$wb['datalog_status_u_web_folder_user'] = 'Verzeichnisschutz Benutzer ändern';
$wb['datalog_status_d_web_folder_user'] = 'Verzeichnisschutz Benutzer löschen';
+$wb['datalog_status_i_xmpp_domain'] = 'XMPP Domain erstellen';
+$wb['datalog_status_u_xmpp_domain'] = 'XMPP Domain ändern';
+$wb['datalog_status_d_xmpp_domain'] = 'XMPP Domain löschen';
+$wb['datalog_status_i_xmpp_user'] = 'XMPP Benutzer erstellen';
+$wb['datalog_status_u_xmpp_user'] = 'XMPP Benutzer ändern';
+$wb['datalog_status_d_xmpp_user'] = 'XMPP Benutzer löschen';
$wb['login_as_txt'] = 'Anmelden als';
$wb['no_domain_perm'] = 'Sie haben keine Berechtigung für diese Domain.';
$wb['no_destination_perm'] = 'Sie haben keine Berechtigung für dieses Ziel.';
diff --git a/interface/lib/lang/en.lng b/interface/lib/lang/en.lng
index 680561fce1..66f4ee3811 100644
--- a/interface/lib/lang/en.lng
+++ b/interface/lib/lang/en.lng
@@ -131,6 +131,12 @@ $wb['datalog_status_d_web_folder'] = 'Delete folder protection';
$wb['datalog_status_i_web_folder_user'] = 'Create folder protection user';
$wb['datalog_status_u_web_folder_user'] = 'Update folder protection user';
$wb['datalog_status_d_web_folder_user'] = 'Delete folder protection user';
+$wb['datalog_status_i_xmpp_domain'] = 'Create XMPP domain';
+$wb['datalog_status_u_xmpp_domain'] = 'Update XMPP domain';
+$wb['datalog_status_d_xmpp_domain'] = 'Delete XMPP domain';
+$wb['datalog_status_i_xmpp_user'] = 'Create XMPP user';
+$wb['datalog_status_u_xmpp_user'] = 'Update XMPP user';
+$wb['datalog_status_d_xmpp_user'] = 'Delete XMPP user';
$wb['err_csrf_attempt_blocked'] = 'CSRF attempt blocked.';
$wb['login_as_txt'] = 'Log in as';
$wb["no_domain_perm"] = 'You have no permission for this domain.';
diff --git a/interface/web/mail/xmpp_domain_edit.php b/interface/web/mail/xmpp_domain_edit.php
index 16046dbc8f..3f62dbdb03 100644
--- a/interface/web/mail/xmpp_domain_edit.php
+++ b/interface/web/mail/xmpp_domain_edit.php
@@ -411,6 +411,9 @@ class page_action extends tform_actions {
private function update_dns($dataRecord, $new_rr) {
global $app, $conf;
+ $sql = "SELECT server_name from server WHERE server_id = " . intval($dataRecord['server_id']);
+ $xmpp_server = $app->db->queryOneRecord($sql);
+
$rec = $app->db->queryOneRecord("SELECT use_pubsub, use_proxy, use_anon_host, use_vjud, use_muc_host from xmpp_domain WHERE domain_id = ?", $this->id);
$required_hosts = array('xmpp');
if($rec['use_pubsub']=='y')
@@ -437,7 +440,7 @@ class page_action extends tform_actions {
$rr = $new_rr;
$rr['name'] = $h;
$rr['type'] = 'CNAME';
- $rr['data'] = 'jalapeno.spicyweb.de.';
+ $rr['data'] = $xmpp_server['server_name'] . '.';
$rr['aux'] = 0;
$rr['active'] = 'Y';
$rr['stamp'] = date('Y-m-d H:i:s');
@@ -449,7 +452,7 @@ class page_action extends tform_actions {
$rr = $new_rr;
$rr['name'] = '_xmpp-client._tcp.'.$dataRecord['domain'].'.';
$rr['type'] = 'SRV';
- $rr['data'] = '5 5222 jalapeno.spicyweb.de.';
+ $rr['data'] = '5 5222 ' . $xmpp_server['server_name'] . '.';
$rr['aux'] = 0;
$rr['active'] = 'Y';
$rr['stamp'] = date('Y-m-d H:i:s');
@@ -458,7 +461,7 @@ class page_action extends tform_actions {
$rr = $new_rr;
$rr['name'] = '_xmpp-server._tcp.'.$dataRecord['domain'].'.';
$rr['type'] = 'SRV';
- $rr['data'] = '5 5269 jalapeno.spicyweb.de.';
+ $rr['data'] = '5 5269 ' . $xmpp_server['server_name'] . '.';
$rr['aux'] = 0;
$rr['active'] = 'Y';
$rr['stamp'] = date('Y-m-d H:i:s');
--
GitLab