Commit 72773a67 authored by Marius Cramer's avatar Marius Cramer

Merge branch 'stable-3.0.5'

Conflicts:
	install/dist/lib/fedora.lib.php
	install/dist/lib/opensuse.lib.php
	install/lib/installer_base.lib.php
	install/sql/ispconfig3.sql
	install/tpl/config.inc.php.master
	interface/lib/classes/aps_crawler.inc.php
	interface/lib/classes/auth.inc.php
	interface/lib/classes/plugin_backuplist.inc.php
	interface/lib/config.inc.php
	interface/lib/plugins/mail_user_filter_plugin.inc.php
	interface/web/login/password_reset.php
	interface/web/sites/templates/web_backup_list.htm
	interface/web/sites/webdav_user_edit.php
	interface/web/themes/blue/ispconfig_version
	server/plugins-available/backup_plugin.inc.php
	server/plugins-available/shelluser_base_plugin.inc.php
parents c2470177 0d73295b
......@@ -171,9 +171,9 @@ $conf['powerdns']['init_script'] = 'pdns';
$conf['bind']['installed'] = false; // will be detected automatically during installation
$conf['bind']['bind_user'] = 'named';
$conf['bind']['bind_group'] = 'named';
$conf['bind']['bind_zonefiles_dir'] = '/var/named/chroot/var/named/';
$conf['bind']['named_conf_path'] = '/var/named/chroot/etc/named.conf';
$conf['bind']['named_conf_local_path'] = '/var/named/chroot/var/named/named.local';
$conf['bind']['bind_zonefiles_dir'] = '/var/named';
$conf['bind']['named_conf_path'] = '/etc/named.conf';
$conf['bind']['named_conf_local_path'] = '/etc/named.conf.local';
$conf['bind']['init_script'] = 'named';
//* Jailkit
......
......@@ -679,7 +679,7 @@ class installer_dist extends installer_base {
//* Chown the slave subdirectory to $conf['bind']['bind_user']
exec('chown '.$conf['bind']['bind_user'].':'.$conf['bind']['bind_group'].' '.$content);
exec('chmod 770 '.$content);
exec('chmod 2770 '.$content);
}
......
......@@ -1406,7 +1406,6 @@ class installer_dist extends installer_base {
if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);
if(is_file($conf['amavis']['config_dir'].'/amavisd.conf')) chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
if(is_file($conf['amavis']['config_dir'].'/amavisd.conf~')) chmod($conf['amavis']['config_dir'].'/amavisd.conf~', 0400);
}
}
......
......@@ -181,6 +181,12 @@ function get_distname() {
$distid = 'debian60';
$distbaseid = 'debian';
swriteln("Operating System: Debian 7.0 (Wheezy/Sid) or compatible\n");
} elseif(strstr(trim(file_get_contents('/etc/debian_version')), '8') || substr(trim(file_get_contents('/etc/debian_version')),0,1) == '8') {
$distname = 'Debian';
$distver = 'Jessie';
$distid = 'debian60';
$distbaseid = 'debian';
swriteln("Operating System: Debian 8.0 (Jessie) or compatible\n");
} else {
$distname = 'Debian';
$distver = 'Unknown';
......
......@@ -1321,11 +1321,12 @@ class installer_base {
//* Create the slave subdirectory
$content .= 'slave';
if(!@is_dir($content)) mkdir($content, 0770, true);
if(!@is_dir($content)) mkdir($content, 2770, true);
//* Chown the slave subdirectory to $conf['bind']['bind_user']
chown($content, $conf['bind']['bind_user']);
chgrp($content, $conf['bind']['bind_group']);
chmod($content, 2770);
}
......@@ -2386,8 +2387,6 @@ Email Address []:
if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);
if(is_file($conf['amavis']['config_dir'].'/amavisd.conf')) chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
if(is_file($conf['amavis']['config_dir'].'/amavisd.conf~')) chmod($conf['amavis']['config_dir'].'/amavisd.conf~', 0400);
}
public function configure_dbserver() {
......
......@@ -460,6 +460,7 @@ class ApsCrawler extends ApsBase
}
}
//var_dump($apps);
//echo print_r($apps_to_dl).'<br>-------------------<br>';
// For memory reasons, unset the current vendor and his apps
unset($apps);
......
......@@ -100,7 +100,7 @@ class plugin_backuplist extends plugin_base {
}
//* Get the data
$server_ids = array_unique($server_ids);
$server_ids = array();
$web = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ?", $this->form->id);
$databases = $app->db->queryAllRecords("SELECT server_id FROM web_database WHERE parent_domain_id = ?", $this->form->id);
if($app->functions->intval($web['server_id']) > 0) $server_ids[] = $app->functions->intval($web['server_id']);
......
......@@ -135,41 +135,69 @@ class mail_user_filter_plugin {
$content .= '### BEGIN FILTER_ID:'.$page_form->id."\n";
//$content .= 'require ["fileinto", "regex", "vacation"];'."\n";
$content .= 'if header :regex ["'.strtolower($page_form->dataRecord["source"]).'"] ["';
$searchterm = preg_quote($page_form->dataRecord["searchterm"]);
$searchterm = str_replace(
array(
'"',
'\\[',
'\\]'
),
array(
'\\"',
'\\\\[',
'\\\\]'
), $searchterm);
if($page_form->dataRecord["op"] == 'contains') {
$content .= ".*".$searchterm;
} elseif ($page_form->dataRecord["op"] == 'is') {
$content .= "^".$searchterm."$";
} elseif ($page_form->dataRecord["op"] == 'begins') {
$content .= "^".$searchterm.".*";
} elseif ($page_form->dataRecord["op"] == 'ends') {
$content .= ".*".$searchterm."$";
if($page_form->dataRecord["op"] == 'domain') {
$content .= 'if address :domain :is "'.strtolower($page_form->dataRecord["source"]).'" "'.$page_form->dataRecord["searchterm"].'" {'."\n";
} elseif ($page_form->dataRecord["op"] == 'localpart') {
$content .= 'if address :localpart :is "'.strtolower($page_form->dataRecord["source"]).'" "'.$page_form->dataRecord["searchterm"].'" {'."\n";
} elseif ($page_form->dataRecord["source"] == 'Size') {
if(substr(trim($page_form->dataRecord["searchterm"]),-1) == 'k' || substr(trim($page_form->dataRecord["searchterm"]),-1) == 'K') {
$unit = 'k';
} else {
$unit = 'm';
}
$content .= 'if size :over '.intval($page_form->dataRecord["searchterm"]).$unit.' {'."\n";
} else {
if($page_form->dataRecord["source"] == 'Header') {
$parts = explode(':',trim($page_form->dataRecord["searchterm"]));
$page_form->dataRecord["source"] = trim($parts[0]);
unset($parts[0]);
$page_form->dataRecord["searchterm"] = trim(implode(':',$parts));
unset($parts);
}
$content .= 'if header :regex ["'.strtolower($page_form->dataRecord["source"]).'"] ["';
$searchterm = preg_quote($page_form->dataRecord["searchterm"]);
$searchterm = str_replace(
array(
'"',
'\\[',
'\\]'
),
array(
'\\"',
'\\\\[',
'\\\\]'
), $searchterm);
if($page_form->dataRecord["op"] == 'contains') {
$content .= ".*".$searchterm;
} elseif ($page_form->dataRecord["op"] == 'is') {
$content .= "^".$searchterm."$";
} elseif ($page_form->dataRecord["op"] == 'begins') {
$content .= " ".$searchterm."";
} elseif ($page_form->dataRecord["op"] == 'ends') {
$content .= ".*".$searchterm."$";
}
$content .= '"] {'."\n";
}
$content .= '"] {'."\n";
if($page_form->dataRecord["action"] == 'move') {
$content .= ' fileinto "'.$page_form->dataRecord["target"].'";' . "\n";
$content .= ' fileinto "'.$page_form->dataRecord["target"].'";' . "\n stop;\n";
} elseif ($page_form->dataRecord["action"] == 'keep') {
$content .= " keep;\n";
} elseif ($page_form->dataRecord["action"] == 'stop') {
$content .= " stop;\n";
} elseif ($page_form->dataRecord["action"] == 'reject') {
$content .= ' reject "'.$page_form->dataRecord["target"].'"; stop;\n\n';
} else {
$content .= " discard;\n";
$content .= " discard;\n stop;\n";
}
$content .= " stop;\n}\n";
$content .= "}\n";
$content .= '### END FILTER_ID:'.$page_form->id."\n";
......
......@@ -137,6 +137,15 @@ class page_action extends tform_actions {
/* restrict the names */
$this->dataRecord['username'] = $webdavuser_prefix . $this->dataRecord['username'];
/*
* Get the data of the domain, owning the webdav user
*/
$web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));
/* The server is the server of the domain */
$this->dataRecord["server_id"] = $web["server_id"];
/* The Webdav user shall be owned by the same group then the website */
$this->dataRecord["sys_groupid"] = $web['sys_groupid'];
}
parent::onBeforeInsert();
......@@ -159,7 +168,6 @@ class page_action extends tform_actions {
$sql = "UPDATE webdav_user SET server_id = ?, sys_groupid = ?, password = ? WHERE webdav_user_id = ?";
$app->db->query($sql, $server_id, $sys_groupid, $this->dataRecord["password"], $this->id);
}
function onBeforeUpdate() {
......
......@@ -152,6 +152,11 @@ class monitor_tools {
$distver = 'Wheezy/Sid';
$distid = 'debian60';
$distbaseid = 'debian';
} elseif(strstr(trim(file_get_contents('/etc/debian_version')), '8') || substr(trim(file_get_contents('/etc/debian_version')),0,1) == '8') {
$distname = 'Debian';
$distver = 'Jessie';
$distid = 'debian60';
$distbaseid = 'debian';
} else {
$distname = 'Debian';
$distver = 'Unknown';
......
......@@ -117,7 +117,7 @@ class bind_plugin {
//TODO : change this when distribution information has been integrated into server record
if (file_exists('/etc/gentoo-release')) {
$filename = escapeshellcmd($dns_config['bind_zonefiles_dir'].'/pri.'.str_replace("/", "_", substr($zone['origin'], 0, -1)));
$filename = escapeshellcmd($dns_config['bind_zonefiles_dir'].'/pri/'.str_replace("/", "_", substr($zone['origin'], 0, -1)));
}
else {
$filename = escapeshellcmd($dns_config['bind_zonefiles_dir'].'/pri.'.str_replace("/", "_", substr($zone['origin'], 0, -1)));
......@@ -151,7 +151,7 @@ class bind_plugin {
if($data['old']['origin'] != $data['new']['origin']) {
//TODO : change this when distribution information has been integrated into server record
if (file_exists('/etc/gentoo-release')) {
$filename = $dns_config['bind_zonefiles_dir'].'/pri.'.str_replace("/", "_", substr($data['old']['origin'], 0, -1));
$filename = $dns_config['bind_zonefiles_dir'].'/pri/'.str_replace("/", "_", substr($data['old']['origin'], 0, -1));
}
else {
$filename = $dns_config['bind_zonefiles_dir'].'/pri.'.str_replace("/", "_", substr($data['old']['origin'], 0, -1));
......
......@@ -103,14 +103,27 @@ class shelluser_base_plugin {
if($uid > $this->min_uid) {
//* Remove webfolder protection
$app->system->web_folder_protection($web['document_root'], false);
if(!is_dir($data['new']['dir'])){
$app->file->mkdirs(escapeshellcmd($data['new']['dir']), '0700');
$app->system->chown(escapeshellcmd($data['new']['dir']),escapeshellcmd($data['new']['username']));
$app->system->chgrp(escapeshellcmd($data['new']['dir']),escapeshellcmd($data['new']['pgroup']));
//* Home directory of the new shell user
if($data['new']['chroot'] == 'jailkit') {
$homedir = $data['new']['dir'];
} else {
$homedir = $data['new']['dir'].'/home/'.$data['new']['username'];
}
if(!is_dir($data['new']['dir'].'/home')){
$app->file->mkdirs(escapeshellcmd($data['new']['dir'].'/home'), '0750');
$app->system->chown(escapeshellcmd($data['new']['dir'].'/home'),escapeshellcmd($data['new']['puser']));
$app->system->chgrp(escapeshellcmd($data['new']['dir'].'/home'),escapeshellcmd($data['new']['pgroup']));
}
if(!is_dir($homedir)){
$app->file->mkdirs(escapeshellcmd($homedir), '0750');
$app->system->chown(escapeshellcmd($homedir),escapeshellcmd($data['new']['puser']));
$app->system->chgrp(escapeshellcmd($homedir),escapeshellcmd($data['new']['pgroup']));
}
$command = 'useradd';
$command .= ' -d '.escapeshellcmd($data['new']['dir']);
$command .= ' -d '.escapeshellcmd($homedir);
$command .= ' -g '.escapeshellcmd($data['new']['pgroup']);
$command .= ' -o '; // non unique
if($data['new']['password'] != '') $command .= ' -p '.escapeshellcmd($data['new']['password']);
......@@ -129,10 +142,10 @@ class shelluser_base_plugin {
$this->_setup_ssh_rsa();
//* Create .bash_history file
$app->system->touch(escapeshellcmd($data['new']['dir']).'/.bash_history');
$app->system->chmod(escapeshellcmd($data['new']['dir']).'/.bash_history', 0755);
$app->system->chown(escapeshellcmd($data['new']['dir']).'/.bash_history', $data['new']['username']);
$app->system->chgrp(escapeshellcmd($data['new']['dir']).'/.bash_history', $data['new']['pgroup']);
$app->system->touch(escapeshellcmd($homedir).'/.bash_history');
$app->system->chmod(escapeshellcmd($homedir).'/.bash_history', 0755);
$app->system->chown(escapeshellcmd($homedir).'/.bash_history', $data['new']['username']);
$app->system->chgrp(escapeshellcmd($homedir).'/.bash_history', $data['new']['pgroup']);
//* Disable shell user temporarily if we use jailkit
if($data['new']['chroot'] == 'jailkit') {
......@@ -185,6 +198,16 @@ class shelluser_base_plugin {
// Get the UID of the parent user
$uid = intval($app->system->getuid($data['new']['puser']));
if($uid > $this->min_uid) {
//* Home directory of the shell user
if($data['new']['chroot'] == 'jailkit') {
$homedir = $data['new']['dir'];
$homedir_old = $data['old']['dir'];
} else {
$homedir = $data['new']['dir'].'/home/'.$data['new']['username'];
$homedir_old = $data['old']['dir'].'/home/'.$data['old']['username'];
}
// Check if the user that we want to update exists, if not, we insert it
if($app->system->is_user($data['old']['username'])) {
/*
......@@ -202,12 +225,32 @@ class shelluser_base_plugin {
$app->log("Executed command: $command ",LOGLEVEL_DEBUG);
*/
//$groupinfo = $app->system->posix_getgrnam($data['new']['pgroup']);
if($data['new']['dir'] != $data['old']['dir'] && !is_dir($data['new']['dir'])){
$app->file->mkdirs(escapeshellcmd($data['new']['dir']), '0700');
$app->system->chown(escapeshellcmd($data['new']['dir']),escapeshellcmd($data['new']['username']));
$app->system->chgrp(escapeshellcmd($data['new']['dir']),escapeshellcmd($data['new']['pgroup']));
if($homedir != $homedir_old && !is_dir($homedir)){
$app->system->web_folder_protection($web['document_root'], false);
if(!is_dir($data['new']['dir'].'/home')){
$app->file->mkdirs(escapeshellcmd($data['new']['dir'].'/home'), '0750');
$app->system->chown(escapeshellcmd($data['new']['dir'].'/home'),escapeshellcmd($data['new']['puser']));
$app->system->chgrp(escapeshellcmd($data['new']['dir'].'/home'),escapeshellcmd($data['new']['pgroup']));
}
$app->file->mkdirs(escapeshellcmd($homedir), '0750');
$app->system->chown(escapeshellcmd($homedir),escapeshellcmd($data['new']['username']));
$app->system->chgrp(escapeshellcmd($homedir),escapeshellcmd($data['new']['pgroup']));
$app->system->web_folder_protection($web['document_root'], true);
} else {
if(!is_dir($homedir)){
$app->system->web_folder_protection($web['document_root'], false);
if(!is_dir($data['new']['dir'].'/home')){
$app->file->mkdirs(escapeshellcmd($data['new']['dir'].'/home'), '0750');
$app->system->chown(escapeshellcmd($data['new']['dir'].'/home'),escapeshellcmd($data['new']['puser']));
$app->system->chgrp(escapeshellcmd($data['new']['dir'].'/home'),escapeshellcmd($data['new']['pgroup']));
}
$app->file->mkdirs(escapeshellcmd($homedir), '0750');
$app->system->chown(escapeshellcmd($homedir),escapeshellcmd($data['new']['puser']));
$app->system->chgrp(escapeshellcmd($homedir),escapeshellcmd($data['new']['pgroup']));
$app->system->web_folder_protection($web['document_root'], true);
}
}
$app->system->usermod($data['old']['username'], 0, $app->system->getgid($data['new']['pgroup']), $data['new']['dir'], $data['new']['shell'], $data['new']['password'], $data['new']['username']);
$app->system->usermod($data['old']['username'], 0, $app->system->getgid($data['new']['pgroup']), $homedir, $data['new']['shell'], $data['new']['password'], $data['new']['username']);
$app->log("Updated shelluser: ".$data['old']['username'], LOGLEVEL_DEBUG);
// call the ssh-rsa update function
......@@ -218,10 +261,10 @@ class shelluser_base_plugin {
//* Create .bash_history file
if(!is_file($data['new']['dir']).'/.bash_history') {
$app->system->touch(escapeshellcmd($data['new']['dir']).'/.bash_history');
$app->system->chmod(escapeshellcmd($data['new']['dir']).'/.bash_history', 0755);
$app->system->chown(escapeshellcmd($data['new']['dir']).'/.bash_history', escapeshellcmd($data['new']['username']));
$app->system->chgrp(escapeshellcmd($data['new']['dir']).'/.bash_history', escapeshellcmd($data['new']['pgroup']));
$app->system->touch(escapeshellcmd($homedir).'/.bash_history');
$app->system->chmod(escapeshellcmd($homedir).'/.bash_history', 0755);
$app->system->chown(escapeshellcmd($homedir).'/.bash_history', escapeshellcmd($data['new']['username']));
$app->system->chgrp(escapeshellcmd($homedir).'/.bash_history', escapeshellcmd($data['new']['pgroup']));
}
} else {
......@@ -239,7 +282,7 @@ class shelluser_base_plugin {
function delete($event_name, $data) {
global $app, $conf;
$app->uses('system,getconf');
$app->uses('system,getconf,services');
$security_config = $app->getconf->get_security_config('permissions');
if($security_config['allow_shell_user'] != 'yes') {
......@@ -251,16 +294,22 @@ class shelluser_base_plugin {
// Get the UID of the user
$userid = intval($app->system->getuid($data['old']['username']));
if($userid > $this->min_uid) {
$web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['old']['parent_domain_id']));
// check if we have to delete the dir
$check = $app->db->queryOneRecord('SELECT shell_user_id FROM `shell_user` WHERE `dir` = ?', $data['old']['dir']);
if(!$check && is_dir($data['old']['dir'])) {
$web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $data['old']['parent_domain_id']);
$app->system->web_folder_protection($web['document_root'], false);
// delete dir
$homedir = $data['old']['dir'];
if($data['new']['chroot'] == 'jailkit') {
$homedir = $data['old']['dir'];
} else {
$homedir = $data['old']['dir'].'/home/'.$data['old']['username'];
}
if(substr($homedir, -1) !== '/') $homedir .= '/';
$files = array('.bash_logout', '.bash_history', '.bashrc', '.profile');
$dirs = array('.ssh', '.cache');
......@@ -292,10 +341,33 @@ class shelluser_base_plugin {
// We delete only non jailkit users, jailkit users will be deleted by the jailkit plugin.
if ($data['old']['chroot'] != "jailkit") {
// if this web uses PHP-FPM, that PPH-FPM service must be stopped before we can delete this user
if($web['php'] == 'php-fpm'){
if(trim($web['fastcgi_php_version']) != ''){
$default_php_fpm = false;
list($custom_php_fpm_name, $custom_php_fpm_init_script, $custom_php_fpm_ini_dir, $custom_php_fpm_pool_dir) = explode(':', trim($web['fastcgi_php_version']));
} else {
$default_php_fpm = true;
}
$web_config = $app->getconf->get_server_config($conf["server_id"], 'web');
if(!$default_php_fpm){
$app->services->restartService('php-fpm', 'stop:'.$custom_php_fpm_init_script);
} else {
$app->services->restartService('php-fpm', 'stop:'.$conf['init_scripts'].'/'.$web_config['php_fpm_init_script']);
}
}
$command = 'killall -u '.escapeshellcmd($data['old']['username']).' ; userdel -f';
$command .= ' '.escapeshellcmd($data['old']['username']).' &> /dev/null';
exec($command);
$app->log("Deleted shelluser: ".$data['old']['username'], LOGLEVEL_DEBUG);
// start PHP-FPM again
if($web['php'] == 'php-fpm'){
if(!$default_php_fpm){
$app->services->restartService('php-fpm', 'start:'.$custom_php_fpm_init_script);
} else {
$app->services->restartService('php-fpm', 'start:'.$conf['init_scripts'].'/'.$web_config['php_fpm_init_script']);
}
}
}
} else {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment