Commit 77fec955 authored by Marius Burkard's avatar Marius Burkard
Browse files

Merge branch 'develop' into 'develop'

Develop

See merge request ispconfig/ispconfig3!1576
parents e71e7738 754c4710
......@@ -29,7 +29,7 @@ $autoinstall['ssl_cert_email'] = 'hostmaster@'.$autoinstall['hostname'];
/* optional expert mode settings, needed only for expert mode */
$autoinstall['mysql_ispconfig_user'] = 'ispconfig'; // default: ispconfig
$autoinstall['mysql_ispconfig_password'] = md5(uniqid(rand()));
$autoinstall['mysql_ispconfig_password'] = bin2hex(random_bytes(20));
$autoinstall['join_multiserver_setup'] = 'n'; // y, n (default)
$autoinstall['mysql_master_hostname'] = 'master.example.com';
$autoinstall['mysql_master_root_user'] = 'root';
......@@ -70,4 +70,4 @@ $autoupdate['svc_detect_change_firewall_server'] = 'yes'; // yes (default), no
$autoupdate['svc_detect_change_vserver_server'] = 'yes'; // yes (default), no
$autoupdate['svc_detect_change_db_server'] = 'yes'; // yes (default), no
?>
\ No newline at end of file
?>
......@@ -63,14 +63,14 @@ $conf['mysql']['admin_user'] = 'root';
$conf['mysql']['admin_password'] = '';
$conf['mysql']['charset'] = 'utf8';
$conf['mysql']['ispconfig_user'] = 'ispconfig';
$conf['mysql']['ispconfig_password'] = md5(uniqid(rand()));
$conf['mysql']['ispconfig_password'] = md5(random_bytes(20));
$conf['mysql']['master_slave_setup'] = 'n';
$conf['mysql']['master_host'] = '';
$conf['mysql']['master_database'] = 'dbispconfig';
$conf['mysql']['master_admin_user'] = 'root';
$conf['mysql']['master_admin_password'] = '';
$conf['mysql']['master_ispconfig_user'] = '';
$conf['mysql']['master_ispconfig_password'] = md5(uniqid(rand()));
$conf['mysql']['master_ispconfig_password'] = md5(random_bytes(20));
//* Apache
$conf['apache']['installed'] = false; // will be detected automatically during installation
......
......@@ -65,14 +65,14 @@ $conf['mysql']['admin_user'] = 'root';
$conf['mysql']['admin_password'] = '';
$conf['mysql']['charset'] = 'utf8';
$conf['mysql']['ispconfig_user'] = 'ispconfig';
$conf['mysql']['ispconfig_password'] = md5(uniqid(rand()));
$conf['mysql']['ispconfig_password'] = md5(random_bytes(20));
$conf['mysql']['master_slave_setup'] = 'n';
$conf['mysql']['master_host'] = '';
$conf['mysql']['master_database'] = 'dbispconfig';
$conf['mysql']['master_admin_user'] = 'root';
$conf['mysql']['master_admin_password'] = '';
$conf['mysql']['master_ispconfig_user'] = '';
$conf['mysql']['master_ispconfig_password'] = md5(uniqid(rand()));
$conf['mysql']['master_ispconfig_password'] = md5(random_bytes(20));
//* Apache
$conf['apache']['installed'] = false; // will be detected automatically during installation
......
......@@ -65,14 +65,14 @@ $conf['mysql']['admin_user'] = 'root';
$conf['mysql']['admin_password'] = '';
$conf['mysql']['charset'] = 'utf8';
$conf['mysql']['ispconfig_user'] = 'ispconfig';
$conf['mysql']['ispconfig_password'] = md5(uniqid(rand()));
$conf['mysql']['ispconfig_password'] = md5(random_bytes(20));
$conf['mysql']['master_slave_setup'] = 'n';
$conf['mysql']['master_host'] = '';
$conf['mysql']['master_database'] = 'dbispconfig';
$conf['mysql']['master_admin_user'] = 'root';
$conf['mysql']['master_admin_password'] = '';
$conf['mysql']['master_ispconfig_user'] = '';
$conf['mysql']['master_ispconfig_password'] = md5(uniqid(rand()));
$conf['mysql']['master_ispconfig_password'] = md5(random_bytes(20));
//* Apache
$conf['apache']['installed'] = false; // will be detected automatically during installation
......
......@@ -65,14 +65,14 @@ $conf['mysql']['admin_user'] = 'root';
$conf['mysql']['admin_password'] = '';
$conf['mysql']['charset'] = 'utf8';
$conf['mysql']['ispconfig_user'] = 'ispconfig';
$conf['mysql']['ispconfig_password'] = md5(uniqid(rand()));
$conf['mysql']['ispconfig_password'] = md5(random_bytes(20));
$conf['mysql']['master_slave_setup'] = 'n';
$conf['mysql']['master_host'] = '';
$conf['mysql']['master_database'] = 'dbispconfig';
$conf['mysql']['master_admin_user'] = 'root';
$conf['mysql']['master_admin_password'] = '';
$conf['mysql']['master_ispconfig_user'] = '';
$conf['mysql']['master_ispconfig_password'] = md5(uniqid(rand()));
$conf['mysql']['master_ispconfig_password'] = md5(random_bytes(20));
//* Apache
$conf['apache']['installed'] = false; // will be detected automatically during installation
......
......@@ -65,14 +65,14 @@ $conf['mysql']['admin_user'] = 'root';
$conf['mysql']['admin_password'] = '';
$conf['mysql']['charset'] = 'utf8';
$conf['mysql']['ispconfig_user'] = 'ispconfig';
$conf['mysql']['ispconfig_password'] = md5(uniqid(rand()));
$conf['mysql']['ispconfig_password'] = md5(random_bytes(20));
$conf['mysql']['master_slave_setup'] = 'n';
$conf['mysql']['master_host'] = '';
$conf['mysql']['master_database'] = 'dbispconfig';
$conf['mysql']['master_admin_user'] = 'root';
$conf['mysql']['master_admin_password'] = '';
$conf['mysql']['master_ispconfig_user'] = '';
$conf['mysql']['master_ispconfig_password'] = md5(uniqid(rand()));
$conf['mysql']['master_ispconfig_password'] = md5(random_bytes(20));
//* Apache
$conf['apache']['installed'] = false; // will be detected automatically during installation
......
......@@ -63,14 +63,14 @@ $conf['mysql']['admin_user'] = 'root';
$conf['mysql']['admin_password'] = '';
$conf['mysql']['charset'] = 'utf8';
$conf['mysql']['ispconfig_user'] = 'ispconfig';
$conf['mysql']['ispconfig_password'] = md5(uniqid(rand()));
$conf['mysql']['ispconfig_password'] = md5(random_bytes(20));
$conf['mysql']['master_slave_setup'] = 'n';
$conf['mysql']['master_host'] = '';
$conf['mysql']['master_database'] = 'dbispconfig';
$conf['mysql']['master_admin_user'] = 'root';
$conf['mysql']['master_admin_password'] = '';
$conf['mysql']['master_ispconfig_user'] = '';
$conf['mysql']['master_ispconfig_password'] = md5(uniqid(rand()));
$conf['mysql']['master_ispconfig_password'] = md5(random_bytes(20));
//* SuPHP
$conf['suphp']['config_file'] = '/etc/suphp.conf';
......
......@@ -65,14 +65,14 @@ $conf['mysql']['admin_user'] = 'root';
$conf['mysql']['admin_password'] = '';
$conf['mysql']['charset'] = 'utf8';
$conf['mysql']['ispconfig_user'] = 'ispconfig';
$conf['mysql']['ispconfig_password'] = md5(uniqid(rand()));
$conf['mysql']['ispconfig_password'] = md5(random_bytes(20));
$conf['mysql']['master_slave_setup'] = 'n';
$conf['mysql']['master_host'] = '';
$conf['mysql']['master_database'] = 'dbispconfig';
$conf['mysql']['master_admin_user'] = 'root';
$conf['mysql']['master_admin_password'] = '';
$conf['mysql']['master_ispconfig_user'] = '';
$conf['mysql']['master_ispconfig_password'] = md5(uniqid(rand()));
$conf['mysql']['master_ispconfig_password'] = md5(random_bytes(20));
//* Apache
$conf['apache']['installed'] = false; // will be detected automatically during installation
......
......@@ -65,14 +65,14 @@ $conf['mysql']['admin_user'] = 'root';
$conf['mysql']['admin_password'] = '';
$conf['mysql']['charset'] = 'utf8';
$conf['mysql']['ispconfig_user'] = 'ispconfig';
$conf['mysql']['ispconfig_password'] = md5(uniqid(rand()));
$conf['mysql']['ispconfig_password'] = md5(random_bytes(20));
$conf['mysql']['master_slave_setup'] = 'n';
$conf['mysql']['master_host'] = '';
$conf['mysql']['master_database'] = 'dbispconfig';
$conf['mysql']['master_admin_user'] = 'root';
$conf['mysql']['master_admin_password'] = '';
$conf['mysql']['master_ispconfig_user'] = '';
$conf['mysql']['master_ispconfig_password'] = md5(uniqid(rand()));
$conf['mysql']['master_ispconfig_password'] = md5(random_bytes(20));
//* Apache
$conf['apache']['installed'] = false; // will be detected automatically during installation
......
......@@ -65,14 +65,14 @@ $conf['mysql']['admin_user'] = 'root';
$conf['mysql']['admin_password'] = '';
$conf['mysql']['charset'] = 'utf8';
$conf['mysql']['ispconfig_user'] = 'ispconfig';
$conf['mysql']['ispconfig_password'] = md5(uniqid(rand()));
$conf['mysql']['ispconfig_password'] = md5(random_bytes(20));
$conf['mysql']['master_slave_setup'] = 'n';
$conf['mysql']['master_host'] = '';
$conf['mysql']['master_database'] = 'dbispconfig';
$conf['mysql']['master_admin_user'] = 'root';
$conf['mysql']['master_admin_password'] = '';
$conf['mysql']['master_ispconfig_user'] = '';
$conf['mysql']['master_ispconfig_password'] = md5(uniqid(rand()));
$conf['mysql']['master_ispconfig_password'] = md5(random_bytes(20));
//* Apache
$conf['apache']['installed'] = false; // will be detected automatically during installation
......
......@@ -65,14 +65,14 @@ $conf['mysql']['admin_user'] = 'root';
$conf['mysql']['admin_password'] = '';
$conf['mysql']['charset'] = 'utf8';
$conf['mysql']['ispconfig_user'] = 'ispconfig';
$conf['mysql']['ispconfig_password'] = md5(uniqid(rand()));
$conf['mysql']['ispconfig_password'] = md5(random_bytes(20));
$conf['mysql']['master_slave_setup'] = 'n';
$conf['mysql']['master_host'] = '';
$conf['mysql']['master_database'] = 'dbispconfig';
$conf['mysql']['master_admin_user'] = 'root';
$conf['mysql']['master_admin_password'] = '';
$conf['mysql']['master_ispconfig_user'] = '';
$conf['mysql']['master_ispconfig_password'] = md5(uniqid(rand()));
$conf['mysql']['master_ispconfig_password'] = md5(random_bytes(20));
//* Apache
$conf['apache']['installed'] = false; // will be detected automatically during installation
......
......@@ -190,6 +190,7 @@ class installer_base {
$salt_length = 12;
}
// todo: replace the below with password_hash() when we drop php5.4 support
if(function_exists('openssl_random_pseudo_bytes')) {
$salt .= substr(bin2hex(openssl_random_pseudo_bytes($salt_length)), 0, $salt_length);
} else {
......
......@@ -9,10 +9,12 @@
<VirtualHost {tmpl_var name='apps_vhost_ip'}:{tmpl_var name='apps_vhost_port'}>
ServerAdmin webmaster@localhost
{tmpl_var name='apps_vhost_servername'}
<FilesMatch "\.ph(p3?|tml)$">
SetHandler None
</FilesMatch>
<Directory {tmpl_var name='apps_vhost_dir'}>
<FilesMatch "\.ph(p3?|tml)$">
SetHandler None
</FilesMatch>
</Directory>
# SSL Configuration
<tmpl_var name="ssl_comment">SSLEngine On
......@@ -96,7 +98,7 @@
DocumentRoot {tmpl_var name='apps_vhost_dir'}
SuexecUserGroup ispapps ispapps
<Directory {tmpl_var name='apps_vhost_dir'}>
Options +Indexes +FollowSymLinks +MultiViews +ExecCGI
Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
AllowOverride AuthConfig Indexes Limit Options FileInfo
<FilesMatch "\.php$">
SetHandler fcgid-script
......@@ -109,6 +111,8 @@
Allow from all
</tmpl_if>
</Directory>
IPCCommTimeout 7200
MaxRequestLen 15728640
</IfModule>
{tmpl_if name="use_rspamd"}
......
......@@ -59,3 +59,5 @@ smtp_sender_dependent_authentication = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous, noplaintext
smtp_sasl_tls_security_options = noanonymous
authorized_flush_users =
authorized_mailq_users = nagios, icinga
......@@ -55,3 +55,5 @@ smtp_sender_dependent_authentication = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous, noplaintext
smtp_sasl_tls_security_options = noanonymous
authorized_flush_users =
authorized_mailq_users = nagios, icinga
......@@ -54,3 +54,5 @@ smtp_sender_dependent_authentication = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous, noplaintext
smtp_sasl_tls_security_options = noanonymous
authorized_flush_users =
authorized_mailq_users = nagios, icinga
......@@ -57,3 +57,5 @@ smtp_sender_dependent_authentication = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous, noplaintext
smtp_sasl_tls_security_options = noanonymous
authorized_flush_users =
authorized_mailq_users = nagios, icinga
......@@ -28,6 +28,8 @@ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
require_once 'compatibility.inc.php';
//* Enable gzip compression for the interface
ob_start('ob_gzhandler');
......
......@@ -231,7 +231,7 @@ class auth {
public function get_random_password($minLength = 8, $special = false) {
if($minLength < 8) $minLength = 8;
$maxLength = $minLength + 5;
$length = mt_rand($minLength, $maxLength);
$length = random_int($minLength, $maxLength);
$alphachars = "abcdefghijklmnopqrstuvwxyz";
$upperchars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
......@@ -240,28 +240,28 @@ class auth {
$num_special = 0;
if($special == true) {
$num_special = intval(mt_rand(0, round($length / 4))) + 1;
$num_special = intval(random_int(0, round($length / 4))) + 1;
}
$numericlen = mt_rand(1, 2);
$numericlen = random_int(1, 2);
$alphalen = $length - $num_special - $numericlen;
$upperlen = intval($alphalen / 2);
$alphalen = $alphalen - $upperlen;
$password = '';
for($i = 0; $i < $alphalen; $i++) {
$password .= substr($alphachars, mt_rand(0, strlen($alphachars) - 1), 1);
$password .= substr($alphachars, random_int(0, strlen($alphachars) - 1), 1);
}
for($i = 0; $i < $upperlen; $i++) {
$password .= substr($upperchars, mt_rand(0, strlen($upperchars) - 1), 1);
$password .= substr($upperchars, random_int(0, strlen($upperchars) - 1), 1);
}
for($i = 0; $i < $num_special; $i++) {
$password .= substr($specialchars, mt_rand(0, strlen($specialchars) - 1), 1);
$password .= substr($specialchars, random_int(0, strlen($specialchars) - 1), 1);
}
for($i = 0; $i < $numericlen; $i++) {
$password .= substr($numchars, mt_rand(0, strlen($numchars) - 1), 1);
$password .= substr($numchars, random_int(0, strlen($numchars) - 1), 1);
}
return str_shuffle($password);
......@@ -298,8 +298,8 @@ class auth {
public function csrf_token_get($form_name) {
/* CSRF PROTECTION */
// generate csrf protection id and key
$_csrf_id = uniqid($form_name . '_'); // form id
$_csrf_key = sha1(uniqid(microtime(true), true)); // the key
$_csrf_id = $form_name . '_' . bin2hex(random_bytes(12)); // form id
$_csrf_key = sha1(random_bytes(20)); // the key
if(!isset($_SESSION['_csrf'])) $_SESSION['_csrf'] = array();
if(!isset($_SESSION['_csrf_timeout'])) $_SESSION['_csrf_timeout'] = array();
$_SESSION['_csrf'][$_csrf_id] = $_csrf_key;
......
......@@ -28,6 +28,8 @@ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
require_once __DIR__.'/../compatibility.inc.php';
//* The purpose of this library is to provide some general functions.
//* This class is loaded automatically by the ispconfig framework.
......@@ -437,10 +439,10 @@ class functions {
$iteration = 0;
$password = "";
$maxLength = $minLength + 5;
$length = $this->getRandomInt($minLength, $maxLength);
$length = random_int($minLength, $maxLength);
while($iteration < $length){
$randomNumber = (floor(((mt_rand() / mt_getrandmax()) * 100)) % 94) + 33;
$randomNumber = random_int(33, 126);
if(!$special){
if (($randomNumber >=33) && ($randomNumber <=47)) { continue; }
if (($randomNumber >=58) && ($randomNumber <=64)) { continue; }
......@@ -455,10 +457,6 @@ class functions {
return $password;
}
public function getRandomInt($min, $max){
return floor((mt_rand() / mt_getrandmax()) * ($max - $min + 1)) + $min;
}
public function generate_customer_no(){
global $app;
// generate customer no.
......@@ -474,14 +472,17 @@ class functions {
global $app;
// generate the SSH key pair for the client
$id_rsa_file = '/tmp/'.uniqid('',true);
if (! $tmpdir = $app->system->exec_safe('mktemp -dt id_rsa.XXXXXXXX')) {
$app->log("mktemp failed, cannot create SSH keypair for ".$username, LOGLEVEL_WARN);
}
$id_rsa_file = $tmpdir . uniqid('',true);
$id_rsa_pub_file = $id_rsa_file.'.pub';
if(file_exists($id_rsa_file)) unset($id_rsa_file);
if(file_exists($id_rsa_pub_file)) unset($id_rsa_pub_file);
if(!file_exists($id_rsa_file) && !file_exists($id_rsa_pub_file)) {
$app->system->exec_safe('ssh-keygen -t rsa -C ? -f ? -N ""', $username.'-rsa-key-'.time(), $id_rsa_file);
$app->db->query("UPDATE client SET created_at = UNIX_TIMESTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", @file_get_contents($id_rsa_file), @file_get_contents($id_rsa_pub_file), $client_id);
$app->system->exec_safe('rm -f ? ?', $id_rsa_file, $id_rsa_pub_file);
$app->system->rmdir($tmpdir, true);
} else {
$app->log("Failed to create SSH keypair for ".$username, LOGLEVEL_WARN);
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment