Commit 38a07fee authored by Michael Fürmann's avatar Michael Fürmann
Browse files

Applied changes from !470 to correct branch

parent e4eefbdf
......@@ -17,15 +17,15 @@ try{
// check for existing user
$dbmail = $db->real_escape_string($arg_email);
$result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?", $dbmail, $isp_server_id);
result_false($result->num_rows != 1);
$user = $result->fetch_object();
// check for domain autologin api key
$domain_key = 'f47kmm5Yh5hJzSws2KTS';
checkAuth($argv[1], $argv[2], $arg_password, $user->password, $domain_key);
$query = $db->prepare("SELECT jid, password FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?");
$query->bind_param('si', $arg_email, $isp_server_id);
$query->execute();
$query->bind_result($jid, $password);
$query->fetch();
$query->close();
result_false(is_null($jid));
checkAuth($arg_password, $password);
}catch(Exception $ex){
echo 0;
exit();
......@@ -40,19 +40,9 @@ function result_true(){
echo 1;
exit();
}
function checkAuth($user, $domain, $pw_arg, $pw_db, $domain_key){
function checkAuth($pw_arg, $pw_db){
if(crypt($pw_arg, $pw_db) == $pw_db)
result_true();
if($domain_key){
$datetime = new DateTime();
$datetime->setTimezone(new DateTimeZone("UTC"));
for($t = $datetime->getTimestamp(); $t >= $datetime->getTimestamp()-30; $t--){
$pw_api = md5($domain.'@'.$domain_key.'@'.$user.'@'.$t);
if($pw_api == $pw_arg)
result_true();
}
}
result_false();
}
?>
\ No newline at end of file
......@@ -15,8 +15,14 @@ try{
// check for existing user
$dbmail = $db->real_escape_string($arg_email);
$result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?", $dbmail, $isp_server_id);
result_false($result->num_rows != 1);
$query = $db->prepare("SELECT count(*) AS usercount FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?");
$query->bind_param('si', $arg_email, $isp_server_id);
$query->execute();
$query->bind_result($usercount);
$query->fetch();
$query->close();
result_false($usercount != 1);
result_true();
}catch(Exception $ex){
......@@ -34,4 +40,4 @@ function result_true(){
exit();
}
?>
\ No newline at end of file
?>
......@@ -1597,6 +1597,7 @@ class installer_base {
// Copy isp libs
if(!@is_dir('/usr/lib/metronome/isp-modules')) mkdir('/usr/lib/metronome/isp-modules', 0755, true);
caselog('cp -rf apps/metronome_libs/* /usr/lib/metronome/isp-modules/', __FILE__, __LINE__);
caselog('chmod 755 /usr/lib/metronome/isp-modules/mod_auth_external/authenticate_isp.sh', __FILE__, __LINE__);
// Process db config
$full_file_name = '/usr/lib/metronome/isp-modules/mod_auth_external/db_conf.inc.php';
$content = rf($full_file_name);
......@@ -1609,13 +1610,14 @@ class installer_base {
if(!stristr($options, 'dont-create-certs')){
// Create SSL Certificate for localhost
echo "writing new private key to 'localhost.key'\n-----\n";
$ssl_country = $this->free_query('Country Name (2 letter code)', 'AU');
$ssl_locality = $this->free_query('Locality Name (eg, city)', '');
// Ensure no line is left blank
echo "writing new private key to 'localhost.key'\n-----\n";
$ssl_country = $this->free_query('Country Name (2 letter code)', 'AU');
$ssl_locality = $this->free_query('Locality Name (eg, city)', 'City Name');
$ssl_organisation = $this->free_query('Organization Name (eg, company)', 'Internet Widgits Pty Ltd');
$ssl_organisation_unit = $this->free_query('Organizational Unit Name (eg, section)', '');
$ssl_organisation_unit = $this->free_query('Organizational Unit Name (eg, section)', 'Infrastructure');
$ssl_domain = $this->free_query('Common Name (e.g. server FQDN or YOUR name)', $conf['hostname']);
$ssl_email = $this->free_query('Email Address', '');
$ssl_email = $this->free_query('Email Address', 'hostmaster@'.$conf['hostname']);
$tpl = new tpl('metronome_conf_ssl.master');
$tpl->setVar('ssl_country',$ssl_country);
......@@ -1632,6 +1634,14 @@ class installer_base {
exec("(cd /etc/metronome/certs && make localhost.cert)");
exec('chmod 0400 /etc/metronome/certs/localhost.key');
exec('chown metronome /etc/metronome/certs/localhost.key');
echo "IMPORTANT:\n";
echo "Localhost Key, Csr and a self-signed Cert have been saved to /etc/metronome/certs\n";
echo "In order to work with all clients, the server must have a trusted certificate, so use the Csr\n";
echo "to get a trusted certificate from your CA or replace Key and Cert with already signed files for\n";
echo "your domain. Clients like Pidgin dont allow to use untrusted self-signed certificates.\n";
echo "\n";
}else{
echo "-----\n";
echo "Metronome XMPP SSL server certificate is not renewed. Run the following command manual as root to recreate it:\n";
......@@ -1645,45 +1655,6 @@ class installer_base {
caselog('update-rc.d metronome defaults', __FILE__, __LINE__);
exec($this->getinitcommand($conf['xmpp']['init_script'], 'restart'));
/*
writing new private key to 'smtpd.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
* */
/*// Dont just copy over the virtualhost template but add some custom settings
$tpl = new tpl('apache_apps.vhost.master');
$tpl->setVar('apps_vhost_port',$conf['web']['apps_vhost_port']);
$tpl->setVar('apps_vhost_dir',$conf['web']['website_basedir'].'/apps');
$tpl->setVar('apps_vhost_basedir',$conf['web']['website_basedir']);
$tpl->setVar('apps_vhost_servername',$apps_vhost_servername);
$tpl->setVar('apache_version',getapacheversion());
// comment out the listen directive if port is 80 or 443
if($conf['web']['apps_vhost_ip'] == 80 or $conf['web']['apps_vhost_ip'] == 443) {
$tpl->setVar('vhost_port_listen','#');
} else {
$tpl->setVar('vhost_port_listen','');
}
wf($vhost_conf_dir.'/apps.vhost', $tpl->grab());
unset($tpl);*/
}
......
......@@ -131,6 +131,12 @@ $wb['datalog_status_d_web_folder'] = 'Verzeichnisschutz löschen';
$wb['datalog_status_i_web_folder_user'] = 'Verzeichnisschutz Benutzer anlegen';
$wb['datalog_status_u_web_folder_user'] = 'Verzeichnisschutz Benutzer ändern';
$wb['datalog_status_d_web_folder_user'] = 'Verzeichnisschutz Benutzer löschen';
$wb['datalog_status_i_xmpp_domain'] = 'XMPP Domain erstellen';
$wb['datalog_status_u_xmpp_domain'] = 'XMPP Domain ändern';
$wb['datalog_status_d_xmpp_domain'] = 'XMPP Domain löschen';
$wb['datalog_status_i_xmpp_user'] = 'XMPP Benutzer erstellen';
$wb['datalog_status_u_xmpp_user'] = 'XMPP Benutzer ändern';
$wb['datalog_status_d_xmpp_user'] = 'XMPP Benutzer löschen';
$wb['login_as_txt'] = 'Anmelden als';
$wb['no_domain_perm'] = 'Sie haben keine Berechtigung für diese Domain.';
$wb['no_destination_perm'] = 'Sie haben keine Berechtigung für dieses Ziel.';
......
......@@ -131,6 +131,12 @@ $wb['datalog_status_d_web_folder'] = 'Delete folder protection';
$wb['datalog_status_i_web_folder_user'] = 'Create folder protection user';
$wb['datalog_status_u_web_folder_user'] = 'Update folder protection user';
$wb['datalog_status_d_web_folder_user'] = 'Delete folder protection user';
$wb['datalog_status_i_xmpp_domain'] = 'Create XMPP domain';
$wb['datalog_status_u_xmpp_domain'] = 'Update XMPP domain';
$wb['datalog_status_d_xmpp_domain'] = 'Delete XMPP domain';
$wb['datalog_status_i_xmpp_user'] = 'Create XMPP user';
$wb['datalog_status_u_xmpp_user'] = 'Update XMPP user';
$wb['datalog_status_d_xmpp_user'] = 'Delete XMPP user';
$wb['err_csrf_attempt_blocked'] = 'CSRF attempt blocked.';
$wb['login_as_txt'] = 'Log in as';
$wb["no_domain_perm"] = 'You have no permission for this domain.';
......
......@@ -411,6 +411,9 @@ class page_action extends tform_actions {
private function update_dns($dataRecord, $new_rr) {
global $app, $conf;
$sql = "SELECT server_name from server WHERE server_id = " . intval($dataRecord['server_id']);
$xmpp_server = $app->db->queryOneRecord($sql);
$rec = $app->db->queryOneRecord("SELECT use_pubsub, use_proxy, use_anon_host, use_vjud, use_muc_host from xmpp_domain WHERE domain_id = ?", $this->id);
$required_hosts = array('xmpp');
if($rec['use_pubsub']=='y')
......@@ -437,7 +440,7 @@ class page_action extends tform_actions {
$rr = $new_rr;
$rr['name'] = $h;
$rr['type'] = 'CNAME';
$rr['data'] = 'jalapeno.spicyweb.de.';
$rr['data'] = $xmpp_server['server_name'] . '.';
$rr['aux'] = 0;
$rr['active'] = 'Y';
$rr['stamp'] = date('Y-m-d H:i:s');
......@@ -449,7 +452,7 @@ class page_action extends tform_actions {
$rr = $new_rr;
$rr['name'] = '_xmpp-client._tcp.'.$dataRecord['domain'].'.';
$rr['type'] = 'SRV';
$rr['data'] = '5 5222 jalapeno.spicyweb.de.';
$rr['data'] = '5 5222 ' . $xmpp_server['server_name'] . '.';
$rr['aux'] = 0;
$rr['active'] = 'Y';
$rr['stamp'] = date('Y-m-d H:i:s');
......@@ -458,7 +461,7 @@ class page_action extends tform_actions {
$rr = $new_rr;
$rr['name'] = '_xmpp-server._tcp.'.$dataRecord['domain'].'.';
$rr['type'] = 'SRV';
$rr['data'] = '5 5269 jalapeno.spicyweb.de.';
$rr['data'] = '5 5269 ' . $xmpp_server['server_name'] . '.';
$rr['aux'] = 0;
$rr['active'] = 'Y';
$rr['stamp'] = date('Y-m-d H:i:s');
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment