Commit 08669660 authored by mcramer's avatar mcramer
Browse files

- support for limiting remote access to database to certain ip addresses

- changed GRANTs for slave servers on multiserver setups
- added option for clients to change path of ftp users (inside webroot)
- extended software packaging system (return status of install)
- added 2 plugins for automatically create symlinks webmail and phpmyadmin on each website (not enabled by default)
parent 9253d53c
......@@ -233,33 +233,10 @@ class installer_base {
$sql = "INSERT INTO `server` (`server_id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`) VALUES ('".$conf['server_id']."',1, 1, 'riud', 'riud', 'r', '".$conf['hostname']."', '$mail_server_enabled', '$web_server_enabled', '$dns_server_enabled', '$file_server_enabled', '$db_server_enabled', '$vserver_server_enabled', '$server_ini_content', 0, 1);";
$this->db->query($sql);
//* insert the ispconfig user in the remote server
$from_host = $conf['hostname'];
$from_ip = gethostbyname($conf['hostname']);
//* username for the ispconfig user
$conf['mysql']['master_ispconfig_user'] = 'ispcsrv'.$conf['server_id'];
//* Delete ISPConfig user in the master database, in case that it exists
$this->dbmaster->query("DELETE FROM mysql.user WHERE User = '".$conf['mysql']['master_ispconfig_user']."' AND Host = '".$from_host."';");
$this->dbmaster->query("DELETE FROM mysql.db WHERE Db = '".$conf['mysql']['master_database']."' AND Host = '".$from_host."';");
$this->dbmaster->query("DELETE FROM mysql.user WHERE User = '".$conf['mysql']['master_ispconfig_user']."' AND Host = '".$from_ip."';");
$this->dbmaster->query("DELETE FROM mysql.db WHERE Db = '".$conf['mysql']['master_database']."' AND Host = '".$from_ip."';");
$this->dbmaster->query('FLUSH PRIVILEGES;');
//* Create the ISPConfig database user in the remote database
$query = 'GRANT SELECT, INSERT, UPDATE, DELETE ON '.$conf['mysql']['master_database'].".* "
."TO '".$conf['mysql']['master_ispconfig_user']."'@'".$from_host."' "
."IDENTIFIED BY '".$conf['mysql']['master_ispconfig_password']."';";
if(!$this->dbmaster->query($query)) {
$this->error('Unable to create database user in master database: '.$conf['mysql']['master_ispconfig_user'].' Error: '.$this->dbmaster->errorMessage);
}
$query = 'GRANT SELECT, INSERT, UPDATE, DELETE ON '.$conf['mysql']['master_database'].".* "
."TO '".$conf['mysql']['master_ispconfig_user']."'@'".$from_ip."' "
."IDENTIFIED BY '".$conf['mysql']['master_ispconfig_password']."';";
if(!$this->dbmaster->query($query)) {
$this->error('Unable to create database user in master database: '.$conf['mysql']['master_ispconfig_user'].' Error: '.$this->dbmaster->errorMessage);
}
$this->grant_master_database_rights();
} else {
//* Insert the server, if its not a mster / slave setup
......@@ -272,6 +249,78 @@ class installer_base {
}
public function grant_master_database_rights()
{
global $conf;
if($conf['mysql']['master_slave_setup'] != 'y') return;
//* insert the ispconfig user in the remote server
$from_host = $conf['hostname'];
$from_ip = gethostbyname($conf['hostname']);
//* Delete ISPConfig user in the master database, in case that it exists
$this->dbmaster->query("DELETE FROM mysql.user WHERE User = '".$conf['mysql']['master_ispconfig_user']."' AND Host = '".$from_host."';");
$this->dbmaster->query("DELETE FROM mysql.db WHERE Db = '".$conf['mysql']['master_database']."' AND Host = '".$from_host."';");
$this->dbmaster->query("DELETE FROM mysql.user WHERE User = '".$conf['mysql']['master_ispconfig_user']."' AND Host = '".$from_ip."';");
$this->dbmaster->query("DELETE FROM mysql.db WHERE Db = '".$conf['mysql']['master_database']."' AND Host = '".$from_ip."';");
$this->dbmaster->query('FLUSH PRIVILEGES;');
$hosts = array($from_host, $from_ip);
foreach($hosts as $src_host) {
//* Create the ISPConfig database user in the remote database
$query = "GRANT SELECT ON ".$conf['mysql']['master_database'].".`server` "
."TO '".$conf['mysql']['master_ispconfig_user']."'@'".$src_host."' "
."IDENTIFIED BY '".$conf['mysql']['master_ispconfig_password']."';";
if(!$this->dbmaster->query($query)) {
$this->error('Unable to create database user in master database: '.$conf['mysql']['master_ispconfig_user'].' Error: '.$this->dbmaster->errorMessage);
}
$query = "GRANT SELECT, INSERT ON ".$conf['mysql']['master_database'].".`sys_log` "
."TO '".$conf['mysql']['master_ispconfig_user']."'@'".$src_host."' "
."IDENTIFIED BY '".$conf['mysql']['master_ispconfig_password']."';";
if(!$this->dbmaster->query($query)) {
$this->error('Unable to create database user in master database: '.$conf['mysql']['master_ispconfig_user'].' Error: '.$this->dbmaster->errorMessage);
}
$query = "GRANT SELECT, UPDATE(`status`) ON ".$conf['mysql']['master_database'].".`sys_datalog` "
."TO '".$conf['mysql']['master_ispconfig_user']."'@'".$src_host."' "
."IDENTIFIED BY '".$conf['mysql']['master_ispconfig_password']."';";
if(!$this->dbmaster->query($query)) {
$this->error('Unable to create database user in master database: '.$conf['mysql']['master_ispconfig_user'].' Error: '.$this->dbmaster->errorMessage);
}
$query = "GRANT UPDATE(`status`) ON ".$conf['mysql']['master_database'].".`software_update_inst` "
."TO '".$conf['mysql']['master_ispconfig_user']."'@'".$src_host."' "
."IDENTIFIED BY '".$conf['mysql']['master_ispconfig_password']."';";
if(!$this->dbmaster->query($query)) {
$this->error('Unable to create database user in master database: '.$conf['mysql']['master_ispconfig_user'].' Error: '.$this->dbmaster->errorMessage);
}
$query = "GRANT UPDATE (`ssl_request`, `ssl_cert`, `ssl_action`) ON ".$conf['mysql']['master_database'].".`web_domain` "
."TO '".$conf['mysql']['master_ispconfig_user']."'@'".$src_host."' "
."IDENTIFIED BY '".$conf['mysql']['master_ispconfig_password']."';";
if(!$this->dbmaster->query($query)) {
$this->error('Unable to create database user in master database: '.$conf['mysql']['master_ispconfig_user'].' Error: '.$this->dbmaster->errorMessage);
}
$query = "GRANT SELECT ON ".$conf['mysql']['master_database'].".`sys_group` "
."TO '".$conf['mysql']['master_ispconfig_user']."'@'".$src_host."' "
."IDENTIFIED BY '".$conf['mysql']['master_ispconfig_password']."';";
if(!$this->dbmaster->query($query)) {
$this->error('Unable to create database user in master database: '.$conf['mysql']['master_ispconfig_user'].' Error: '.$this->dbmaster->errorMessage);
}
$query = "GRANT INSERT , DELETE ON ".$conf['mysql']['master_database'].".`monitor_data` "
."TO '".$conf['mysql']['master_ispconfig_user']."'@'".$src_host."' "
."IDENTIFIED BY '".$conf['mysql']['master_ispconfig_password']."';";
if(!$this->dbmaster->query($query)) {
$this->error('Unable to create database user in master database: '.$conf['mysql']['master_ispconfig_user'].' Error: '.$this->dbmaster->errorMessage);
}
}
}
//** writes postfix configuration files
public function process_postfix_config($configfile)
......
......@@ -1010,6 +1010,7 @@ CREATE TABLE `web_database` (
`database_password` varchar(64) default NULL,
`database_charset` varchar(64) default NULL,
`remote_access` enum('n','y') NOT NULL default 'y',
`remote_ips` text NOT NULL,
`active` enum('n','y') NOT NULL default 'y',
PRIMARY KEY (`database_id`)
) ENGINE=MyISAM AUTO_INCREMENT=1;
......
......@@ -165,6 +165,9 @@ if( !$inst->db->query('DROP DATABASE IF EXISTS '.$conf['mysql']['database']) ) {
//** Create the mysql database
$inst->configure_database();
//** Update master database rights
$inst->grant_master_database_rights();
//** empty all databases
$db_tables = $inst->db->getTables();
......
<?php
/*
Copyright (c) 2007, Till Brehm, projektfarm Gmbh
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of ISPConfig nor the names of its contributors
may be used to endorse or promote products derived from this software without
specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
class validate_database {
/*
Validator function to check if a given list of ips is ok.
*/
function valid_ip_list($field_name, $field_value, $validator) {
global $app;
if($_POST["remote_access"] == "y") {
if(trim($field_value) == "") return;
$values = split(",", $field_value);
foreach($values as $cur_value) {
$cur_value = trim($cur_value);
$valid = true;
if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $cur_value)) {
$groups = explode(".", $cur_value);
foreach($groups as $group){
if($group<0 OR $group>255)
$valid=false;
}
} else {
$valid = false;
}
if($valid == false) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
return $app->tform->wordbook[$errmsg]."<br>\r\n";
} else {
return $errmsg."<br>\r\n";
}
}
}
}
}
}
\ No newline at end of file
<?php
/*
Copyright (c) 2007, Till Brehm, projektfarm Gmbh
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of ISPConfig nor the names of its contributors
may be used to endorse or promote products derived from this software without
specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
class validate_ftpuser {
/*
Validator function to check if a given dir is ok.
*/
function ftp_dir($field_name, $field_value, $validator) {
global $app;
if($app->tform->primary_id == 0) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
return $app->tform->wordbook[$errmsg]."<br>\r\n";
} else {
return $errmsg."<br>\r\n";
}
}
$ftp_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM ftp_user WHERE ftp_user_id = '".$app->db->quote($app->tform->primary_id)."'");
if(!$ftp_data["parent_domain_id"]) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
return $app->tform->wordbook[$errmsg]."<br>\r\n";
} else {
return $errmsg."<br>\r\n";
}
}
$domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = '".$app->db->quote($ftp_data["parent_domain_id"])."'");
if(!$domain_data["domain_id"]) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
return $app->tform->wordbook[$errmsg]."<br>\r\n";
} else {
return $errmsg."<br>\r\n";
}
}
$doc_root = $domain_data["document_root"];
$is_ok = false;
if($doc_root == $field_value) $is_ok = true;
$doc_root .= "/";
if(substr($field_value, 0, strlen($doc_root)) == $doc_root) $is_ok = true;
if($is_ok == false) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
return $app->tform->wordbook[$errmsg]."<br>\r\n";
} else {
return $errmsg."<br>\r\n";
}
}
}
}
\ No newline at end of file
......@@ -62,7 +62,46 @@ if(is_array($repos)) {
}
}
}
$packages = $app->db->queryAllRecords("SELECT software_package.package_name, v1, v2, v3, v4 FROM software_package LEFT JOIN software_update ON ( software_package.package_name = software_update.package_name ) GROUP BY package_name ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC");
if(is_array($packages)) {
foreach($packages as $p) {
$version = $p['v1'].'.'.$p['v2'].'.'.$p['v3'].'.'.$p['v4'];
$updates = $client->get_updates($p['package_name'], $version,$repo['repo_username'], $repo['repo_password']);
if(is_array($updates)) {
foreach($updates as $u) {
$version_array = explode('.',$u['version']);
$v1 = intval($version_array[0]);
$v2 = intval($version_array[1]);
$v3 = intval($version_array[2]);
$v4 = intval($version_array[3]);
$package_name = $app->db->quote($u['package_name']);
$software_repo_id = intval($repo['software_repo_id']);
$update_url = $app->db->quote($u['url']);
$update_md5 = $app->db->quote($u['md5']);
$update_dependencies = (isset($u['dependencies']))?$app->db->quote($u['dependencies']):'';
$update_title = $app->db->quote($u['title']);
$type = $app->db->quote($u['type']);
// Check that we do not have this update in the database yet
$sql = "SELECT * FROM software_update WHERE package_name = '$package_name' and v1 = '$v1' and v2 = '$v2' and v3 = '$v3' and v4 = '$v4'";
$tmp = $app->db->queryOneRecord($sql);
if(!isset($tmp['software_update_id'])) {
// Insert the update in the datbase
$sql = "INSERT INTO software_update (software_repo_id, package_name, update_url, update_md5, update_dependencies, update_title, v1, v2, v3, v4, type)
VALUES ($software_repo_id, '$package_name', '$update_url', '$update_md5', '$update_dependencies', '$update_title', '$v1', '$v2', '$v3', '$v4', '$type')";
//die($sql);
$app->db->query($sql);
}
}
}
}
}
}
}
......@@ -74,8 +113,8 @@ if(isset($_GET['action']) && $_GET['action'] == 'install' && $_GET['package'] !=
$tmp = $app->db->queryOneRecord($sql);
$software_update_id = $tmp['software_update_id'];
// $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installing')";
$insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installed')";
$insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installing')";
// $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installed')";
$app->db->datalogInsert('software_update_inst', $insert_data, 'software_update_inst_id');
}
......@@ -100,8 +139,10 @@ if(is_array($packages)) {
if($inst['status'] == 'installed') {
$installed_txt .= $s['server_name'].": Installed version $version<br />";
} elseif ($inst['status'] == 'installing') {
$installed_txt .= $s['server_name'].": Installation in progress<br />";
} elseif ($inst['status'] == 'installing') {
$installed_txt .= $s['server_name'].": Installation in progress<br />";
} elseif ($inst['status'] == 'failed') {
$installed_txt .= $s['server_name'].": Installation failed<br />";
} elseif ($inst['status'] == 'deleting') {
$installed_txt .= $s['server_name'].": Deletion in progress<br />";
} else {
......
......@@ -104,8 +104,8 @@ if(isset($_GET['action']) && $_GET['action'] == 'install' && $_GET['package'] !=
$server_id = intval($_GET['server_id']);
$software_update_id = intval($_GET['id']);
// $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installing')";
$insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installed')";
$insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installing')";
// $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installed')";
$app->db->datalogInsert('software_update_inst', $insert_data, 'software_update_inst_id');
}
......
......@@ -133,6 +133,18 @@ $form["tabs"]['database'] = array (
'default' => 'y',
'value' => array(0 => 'n',1 => 'y')
),
'remote_ips' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXT',
'validators' => array ( 0 => array ( 'type' => 'CUSTOM',
'class' => 'validate_database',
'function' => 'valid_ip_list',
'errmsg' => 'database_remote_error_ips'),
),
'default' => '',
'value' => '',
'width' => '60'
),
##################################
# ENDE Datatable fields
##################################
......
......@@ -131,93 +131,125 @@ $form["tabs"]['ftp'] = array (
if($_SESSION["s"]["user"]["typ"] == 'admin') {
$form["tabs"]['advanced'] = array (
'title' => "Options",
'width' => 100,
'template' => "templates/ftp_user_advanced.htm",
'fields' => array (
##################################
# Begin Datatable fields
##################################
'uid' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'uid_error_empty'),
),
'default' => '0',
'value' => '',
'width' => '30',
'maxlength' => '255'
),
'gid' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'uid_error_empty'),
),
'default' => '0',
'value' => '',
'width' => '30',
'maxlength' => '255'
),
'dir' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'directory_error_empty'),
),
'default' => '',
'value' => '',
'width' => '30',
'maxlength' => '255'
),
'quota_files' => array (
'datatype' => 'INTEGER',
'formtype' => 'TEXT',
'default' => '0',
'value' => '',
'width' => '7',
'maxlength' => '7'
),
'ul_ratio' => array (
'datatype' => 'INTEGER',
'formtype' => 'TEXT',
'default' => '0',
'value' => '',
'width' => '7',
'maxlength' => '7'
),
'dl_ratio' => array (
'datatype' => 'INTEGER',
'formtype' => 'TEXT',
'default' => '0',
'value' => '',
'width' => '7',
'maxlength' => '7'
),
'ul_bandwidth' => array (
'datatype' => 'INTEGER',
'formtype' => 'TEXT',
'default' => '0',
'value' => '',
'width' => '7',
'maxlength' => '7'
),
'dl_bandwidth' => array (
'datatype' => 'INTEGER',
'formtype' => 'TEXT',
'default' => '0',
'value' => '',
'width' => '7',
'maxlength' => '7'
),
##################################
# ENDE Datatable fields
##################################
)
'title' => "Options",
'width' => 100,
'template' => "templates/ftp_user_advanced.htm",
'fields' => array (
##################################
# Begin Datatable fields
##################################
'uid' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'uid_error_empty'),
),
'default' => '0',
'value' => '',
'width' => '30',
'maxlength' => '255'
),
'gid' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'uid_error_empty'),
),
'default' => '0',
'value' => '',
'width' => '30',
'maxlength' => '255'
),
'dir' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
'errmsg'=> 'directory_error_empty'),
),
'default' => '',
'value' => '',
'width' => '30',
'maxlength' => '255'
),
'quota_files' => array (
'datatype' => 'INTEGER',
'formtype' => 'TEXT',
'default' => '0',
'value' => '',
'width' => '7',
'maxlength' => '7'
),
'ul_ratio' => array (
'datatype' => 'INTEGER',
'formtype' => 'TEXT',
'default' => '0',
'value' => '',
'width' => '7',
'maxlength' => '7'
),
'dl_ratio' => array (
'datatype' => 'INTEGER',
'formtype' => 'TEXT',
'default' => '0',
'value' => '',
'width' => '7',
'maxlength' => '7'
),
'ul_bandwidth' => array (
'datatype' => 'INTEGER',
'formtype' => 'TEXT',
'default' => '0',
'value' => '',
'width' => '7',
'maxlength' => '7'
),
'dl_bandwidth' => array (
'datatype' => 'INTEGER',
'formtype' => 'TEXT',
'default' => '0',
'value' => '',
'width' => '7',
'maxlength' => '7'
),
##################################
# ENDE Datatable fields
##################################
)
);