From f52de04d050e93914d144421fd6ae0f1982e35e9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20F=C3=BCrmann?= <michael@spicyweb.de>
Date: Tue, 3 Mar 2015 15:57:09 +0100
Subject: [PATCH] Handle host-specific ssl certificates
---
install/apps/metronome-init | 19 ++-
install/sql/incremental/upd_0081.sql | 12 ++
install/sql/ispconfig3.sql | 12 ++
interface/web/mail/form/xmpp_domain.tform.php | 123 +++++++++++++++
.../web/mail/lib/lang/en_xmpp_domain.lng | 28 ++++
.../mail/templates/xmpp_domain_edit_ssl.htm | 100 +++++++++++++
interface/web/mail/xmpp_domain_edit.php | 23 ++-
server/conf/metronome_conf_host.master | 12 +-
server/conf/metronome_conf_ssl.master | 72 +++++++++
server/mods-available/xmpp_module.inc.php | 22 +++
server/plugins-available/xmpp_plugin.inc.php | 140 +++++++++++++++++-
11 files changed, 550 insertions(+), 13 deletions(-)
create mode 100644 interface/web/mail/templates/xmpp_domain_edit_ssl.htm
create mode 100644 server/conf/metronome_conf_ssl.master
diff --git a/install/apps/metronome-init b/install/apps/metronome-init
index e10ef3c32e..78ba7ea14a 100644
--- a/install/apps/metronome-init
+++ b/install/apps/metronome-init
@@ -33,6 +33,16 @@ stop()
$METRONOME stop >> /dev/null
}
+reload()
+{
+ &METRONOME reload >> /dev/null
+}
+
+restart()
+{
+ &METRONOME restart >> /dev/null
+}
+
case "$1" in
start)
echo -n "Starting Metronome..."
@@ -42,13 +52,16 @@ case "$1" in
echo -n "Stopping Metronome..."
stop &
;;
+ reload)
+ echo -n "Reloading Metronome config..."
+ reload &
+ ;;
restart)
echo -n "Restarting Metronome..."
- stop &
- start &
+ restart &
;;
*)
- echo "Usage: $0 {start|stop|restart}" >&2
+ echo "Usage: $0 {start|stop|reload|restart}" >&2
exit 1
;;
esac
diff --git a/install/sql/incremental/upd_0081.sql b/install/sql/incremental/upd_0081.sql
index ce16a5b1bd..5e6b90ecd4 100644
--- a/install/sql/incremental/upd_0081.sql
+++ b/install/sql/incremental/upd_0081.sql
@@ -48,6 +48,18 @@ CREATE TABLE `xmpp_domain` (
`http_archive_show_status` enum('n', 'y') NOT NULL DEFAULT 'n',
`use_status_host` enum('n','y') NOT NULL DEFAULT 'n',
+ `ssl_state` varchar(255) NULL,
+ `ssl_locality` varchar(255) NULL,
+ `ssl_organisation` varchar(255) NULL,
+ `ssl_organisation_unit` varchar(255) NULL,
+ `ssl_country` varchar(255) NULL,
+ `ssl_email` varchar(255) NULL,
+ `ssl_request` mediumtext NULL,
+ `ssl_cert` mediumtext NULL,
+ `ssl_bundle` mediumtext NULL,
+ `ssl_key` mediumtext NULL,
+ `ssl_action` varchar(16) NULL,
+
`active` enum('n','y') NOT NULL DEFAULT 'n',
PRIMARY KEY (`domain_id`),
KEY `server_id` (`server_id`,`domain`),
diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql
index 22c58b1b5c..f1e661a393 100644
--- a/install/sql/ispconfig3.sql
+++ b/install/sql/ispconfig3.sql
@@ -2002,6 +2002,18 @@ CREATE TABLE `xmpp_domain` (
`http_archive_show_status` enum('n', 'y') NOT NULL DEFAULT 'n',
`use_status_host` enum('n','y') NOT NULL DEFAULT 'n',
+ `ssl_state` varchar(255) NULL,
+ `ssl_locality` varchar(255) NULL,
+ `ssl_organisation` varchar(255) NULL,
+ `ssl_organisation_unit` varchar(255) NULL,
+ `ssl_country` varchar(255) NULL,
+ `ssl_email` varchar(255) NULL,
+ `ssl_request` mediumtext NULL,
+ `ssl_cert` mediumtext NULL,
+ `ssl_bundle` mediumtext NULL,
+ `ssl_key` mediumtext NULL,
+ `ssl_action` varchar(16) NULL,
+
`active` enum('n','y') NOT NULL DEFAULT 'n',
PRIMARY KEY (`domain_id`),
KEY `server_id` (`server_id`,`domain`),
diff --git a/interface/web/mail/form/xmpp_domain.tform.php b/interface/web/mail/form/xmpp_domain.tform.php
index b2db7f8f2b..5934497184 100644
--- a/interface/web/mail/form/xmpp_domain.tform.php
+++ b/interface/web/mail/form/xmpp_domain.tform.php
@@ -280,5 +280,128 @@ $form["tabs"]['muc'] = array (
)
);
+$form["tabs"]['ssl'] = array (
+ 'title' => "SSL",
+ 'width' => 100,
+ 'template' => "templates/xmpp_domain_edit_ssl.htm",
+ 'readonly' => false,
+ 'fields' => array (
+ //#################################
+ // Begin Datatable fields
+ //#################################
+ 'ssl_state' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'TEXT',
+ 'validators' => array ( 0 => array ( 'type' => 'REGEX',
+ 'regex' => '/^(([\.]{0})|([-a-zA-Z0-9._,&äöüÄÖÜ ]{1,255}))$/',
+ 'errmsg'=> 'ssl_state_error_regex'),
+ ),
+ 'default' => '',
+ 'value' => '',
+ 'width' => '30',
+ 'maxlength' => '255'
+ ),
+ 'ssl_locality' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'TEXT',
+ 'validators' => array ( 0 => array ( 'type' => 'REGEX',
+ 'regex' => '/^(([\.]{0})|([-a-zA-Z0-9._,&äöüÄÖÜ ]{1,255}))$/',
+ 'errmsg'=> 'ssl_locality_error_regex'),
+ ),
+ 'default' => '',
+ 'value' => '',
+ 'width' => '30',
+ 'maxlength' => '255'
+ ),
+ 'ssl_organisation' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'TEXT',
+ 'validators' => array ( 0 => array ( 'type' => 'REGEX',
+ 'regex' => '/^(([\.]{0})|([-a-zA-Z0-9._,&äöüÄÖÜ ]{1,255}))$/',
+ 'errmsg'=> 'ssl_organisation_error_regex'),
+ ),
+ 'default' => '',
+ 'value' => '',
+ 'width' => '30',
+ 'maxlength' => '255'
+ ),
+ 'ssl_organisation_unit' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'TEXT',
+ 'validators' => array ( 0 => array ( 'type' => 'REGEX',
+ 'regex' => '/^(([\.]{0})|([-a-zA-Z0-9._,&äöüÄÖÜ ]{1,255}))$/',
+ 'errmsg'=> 'ssl_organistaion_unit_error_regex'),
+ ),
+ 'default' => '',
+ 'value' => '',
+ 'width' => '30',
+ 'maxlength' => '255'
+ ),
+ 'ssl_country' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'SELECT',
+ 'default' => '',
+ 'datasource' => array ( 'type' => 'SQL',
+ 'querystring' => 'SELECT iso,printable_name FROM country ORDER BY printable_name',
+ 'keyfield'=> 'iso',
+ 'valuefield'=> 'printable_name'
+ ),
+ 'value' => ''
+ ),
+ 'ssl_email' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'TEXT',
+ 'default' => '',
+ 'value' => '',
+ 'width' => '30',
+ 'maxlength' => '255',
+ 'validators' => array ( 0 => array ( 'type' => 'ISEMAIL',
+ 'errmsg'=> 'ssl_error_isemail')
+ ),
+ ),
+ 'ssl_key' => array (
+ 'datatype' => 'TEXT',
+ 'formtype' => 'TEXTAREA',
+ 'default' => '',
+ 'value' => '',
+ 'cols' => '30',
+ 'rows' => '10'
+ ),
+ 'ssl_request' => array (
+ 'datatype' => 'TEXT',
+ 'formtype' => 'TEXTAREA',
+ 'default' => '',
+ 'value' => '',
+ 'cols' => '30',
+ 'rows' => '10'
+ ),
+ 'ssl_cert' => array (
+ 'datatype' => 'TEXT',
+ 'formtype' => 'TEXTAREA',
+ 'default' => '',
+ 'value' => '',
+ 'cols' => '30',
+ 'rows' => '10'
+ ),
+ 'ssl_bundle' => array (
+ 'datatype' => 'TEXT',
+ 'formtype' => 'TEXTAREA',
+ 'default' => '',
+ 'value' => '',
+ 'cols' => '30',
+ 'rows' => '10'
+ ),
+ 'ssl_action' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'SELECT',
+ 'default' => '',
+ 'value' => array('' => 'none_txt', 'save' => 'save_certificate_txt', 'create' => 'create_certificate_txt', 'del' => 'delete_certificate_txt')
+ ),
+ //#################################
+ // ENDE Datatable fields
+ //#################################
+ )
+);
+
?>
diff --git a/interface/web/mail/lib/lang/en_xmpp_domain.lng b/interface/web/mail/lib/lang/en_xmpp_domain.lng
index 86abd2b0c7..9e2924cb91 100644
--- a/interface/web/mail/lib/lang/en_xmpp_domain.lng
+++ b/interface/web/mail/lib/lang/en_xmpp_domain.lng
@@ -30,4 +30,32 @@ $wb["cant_change_domainname_txt"] = 'The Domain name of existing XMPP domain can
$wb["about_registration_url_txt"] = 'Link to your registration form.';
$wb["about_registration_message_txt"] = 'Description about your account registration process.';
$wb["no_corresponding_maildomain_txt"] = 'Corresponding mail domain for user management not found. Please create the mail domain first.';
+$wb['ssl_state_txt'] = 'State';
+$wb['ssl_locality_txt'] = 'Locality';
+$wb['ssl_organisation_txt'] = 'Organisation';
+$wb['ssl_organisation_unit_txt'] = 'Organisation Unit';
+$wb['ssl_country_txt'] = 'Country';
+$wb['ssl_key_txt'] = 'SSL Key';
+$wb['ssl_request_txt'] = 'SSL Request';
+$wb['ssl_cert_txt'] = 'SSL Certificate';
+$wb['ssl_bundle_txt'] = 'SSL Bundle';
+$wb['ssl_action_txt'] = 'SSL Action';
+$wb['ssl_email_txt'] = 'Email Address';
+$wb['ssl_txt'] = 'SSL';
+$wb['error_ssl_state_empty'] = 'SSL State is empty.';
+$wb['error_ssl_locality_empty'] = 'SSL Locality is empty.';
+$wb['error_ssl_organisation_empty'] = 'SSL Organisation is empty.';
+$wb['error_ssl_organisation_unit_empty'] = 'SSL Organisation Unit is empty.';
+$wb['error_ssl_country_empty'] = 'SSL Country is empty.';
+$wb['error_ssl_cert_empty'] = 'SSL Certificate field is empty';
+$wb['ssl_state_error_regex'] = 'Invalid SSL State. Valid characters are: a-z, 0-9 and .,-_&äöüÄÖÜ';
+$wb['ssl_locality_error_regex'] = 'Invalid SSL Locality. Valid characters are: a-z, 0-9 and .,-_&äöüÄÖÜ';
+$wb['ssl_organisation_error_regex'] = 'Invalid SSL Organisation. Valid characters are: a-z, 0-9 and .,-_&äöüÄÖÜ';
+$wb['ssl_organistaion_unit_error_regex'] = 'Invalid SSL Organisation Unit. Valid characters are: a-z, 0-9 and .,-_&äöüÄÖÜ';
+$wb['ssl_country_error_regex'] = 'Invalid SSL Country. Valid characters are: A-Z';
+$wb['none_txt'] = 'None';
+$wb['save_certificate_txt'] = 'Save certificate';
+$wb['create_certificate_txt'] = 'Create certificate';
+$wb['delete_certificate_txt'] = 'Delete certificate';
+$wb['ssl_error_isemail'] = 'Please enter a valid email adress for generation of the SSL certificate';
?>
diff --git a/interface/web/mail/templates/xmpp_domain_edit_ssl.htm b/interface/web/mail/templates/xmpp_domain_edit_ssl.htm
new file mode 100644
index 0000000000..2bb7d059aa
--- /dev/null
+++ b/interface/web/mail/templates/xmpp_domain_edit_ssl.htm
@@ -0,0 +1,100 @@
+<div class='page-header'>
+ <h1><tmpl_var name="list_head_txt"></h1>
+</div>
+<p><tmpl_var name="list_desc_txt"></p>
+
+<tmpl_if name="config_error_msg">
+<div style="background: #ffdfdf; border: 1px solid #df7d7d; border-width: 1px 0; margin: 1.5em 0 1.5em 0; padding: 7px;">
+ <p style="font-face:bold">{tmpl_var name='configuration_error_txt'}</p>
+ <div>
+ <div style="float:left;width:150px;">{tmpl_var name='config_error_tstamp'} : </div><div style="padding-left:150px;">{tmpl_var name='config_error_msg'}</div>
+ </div>
+</div>
+</tmpl_if>
+
+
+ <tmpl_if name='show_helper_links'>
+ <div id="show_helper_links" style="display:none;">
+ <label></label>
+ <div class="col-sm-9">
+ <a href="javascript:void(0);" id="load_data"><tmpl_if name='is_admin'>{tmpl_var name='load_client_data_txt'}</tmpl_else>{tmpl_var name='load_my_data_txt'}</tmpl_if></a> <a href="javascript:void(0);" id="reset_data">{tmpl_var name='reset_client_data_txt'}</a>
+ </div>
+ </div>
+ </tmpl_if>
+ <div class="form-group">
+ <label for="ssl_state" class="col-sm-3 control-label">{tmpl_var name='ssl_state_txt'}</label>
+ <div class="col-sm-9"><input type="text" name="ssl_state" id="ssl_state" value="{tmpl_var name='ssl_state'}" class="form-control" /></div></div>
+ <div class="form-group">
+ <label for="ssl_locality" class="col-sm-3 control-label">{tmpl_var name='ssl_locality_txt'}</label>
+ <div class="col-sm-9"><input type="text" name="ssl_locality" id="ssl_locality" value="{tmpl_var name='ssl_locality'}" class="form-control" /></div></div>
+ <div class="form-group">
+ <label for="ssl_organisation" class="col-sm-3 control-label">{tmpl_var name='ssl_organisation_txt'}</label>
+ <div class="col-sm-9"><input type="text" name="ssl_organisation" id="ssl_organisation" value="{tmpl_var name='ssl_organisation'}" class="form-control" /></div></div>
+ <div class="form-group">
+ <label for="ssl_organisation_unit" class="col-sm-3 control-label">{tmpl_var name='ssl_organisation_unit_txt'}</label>
+ <div class="col-sm-9"><input type="text" name="ssl_organisation_unit" id="ssl_organisation_unit" value="{tmpl_var name='ssl_organisation_unit'}" class="form-control" /></div></div>
+ <div class="form-group">
+ <label for="ssl_country" class="col-sm-3 control-label">{tmpl_var name='ssl_country_txt'}</label>
+ <div class="col-sm-9"><select name="ssl_country" id="ssl_country" class="form-control flags">
+ {tmpl_var name='ssl_country'}
+ </select></div>
+ </div>
+ <div class="form-group">
+ <label for="ssl_email" class="col-sm-3 control-label">{tmpl_var name='ssl_email_txt'}</label>
+ <div class="col-sm-9"><input type="email" name="ssl_email" id="ssl_email" value="{tmpl_var name='ssl_email'}" class="form-control" /></div></div>
+ <div class="form-group">
+ <label for="ssl_request" class="col-sm-3 control-label">{tmpl_var name='ssl_key_txt'}</label>
+ <div class="col-sm-9"><textarea class="form-control" name="ssl_key" id="ssl_key" rows='10' cols='30'>{tmpl_var name='ssl_key'}</textarea></div>
+ </div>
+ <div class="form-group">
+ <label for="ssl_request" class="col-sm-3 control-label">{tmpl_var name='ssl_request_txt'}</label>
+ <div class="col-sm-9"><textarea class="form-control" name="ssl_request" id="ssl_request" rows='10' cols='30'>{tmpl_var name='ssl_request'}</textarea></div>
+ </div>
+ <div class="form-group">
+ <label for="ssl_cert" class="col-sm-3 control-label">{tmpl_var name='ssl_cert_txt'}</label>
+ <div class="col-sm-9"><textarea class="form-control" name="ssl_cert" id="ssl_cert" rows='10' cols='30'>{tmpl_var name='ssl_cert'}</textarea></div>
+ </div>
+ <div class="form-group">
+ <label for="ssl_action" class="col-sm-3 control-label">{tmpl_var name='ssl_action_txt'}</label>
+ <div class="col-sm-9"><select name="ssl_action" id="ssl_action" class="form-control">
+ {tmpl_var name='ssl_action'}
+ </select></div>
+ </div>
+
+
+ <input type="hidden" name="id" value="{tmpl_var name='id'}">
+ <input type="hidden" name="type" value="ssl">
+
+ <div class="clear"><div class="right">
+ <button class="btn btn-default formbutton-success" type="button" value="{tmpl_var name='btn_save_txt'}" data-submit-form="pageForm" data-form-action="mail/xmpp_domain_edit.php">{tmpl_var name='btn_save_txt'}</button>
+ <button class="btn btn-default formbutton-default" type="button" value="{tmpl_var name='btn_cancel_txt'}" data-load-content="mail/xmpp_domain_list.php">{tmpl_var name='btn_cancel_txt'}</button>
+ </div></div>
+
+<script>
+<!--
+ <tmpl_if name='show_helper_links'>
+ if($("input[name=id]").val() > 0) $('#show_helper_links:hidden').show();
+
+ $('#reset_data').click(function(){
+ $('#ssl_organisation').add('#ssl_locality').add('#ssl_state').add('#ssl_organisation_unit').val('');
+ $('#ssl_country').val($("#ssl_country option:first").val());
+ });
+ $('#load_data').click(function(){
+ loadClientData();
+ });
+
+
+ function loadClientData() {
+ var web_id = $("input[name=id]").val();
+
+ jQuery.getJSON('sites/ajax_get_json.php'+ '?' + Math.round(new Date().getTime()), {'web_id': web_id, 'type': "getclientssldata"}, function(data) {
+ $('#ssl_organisation').val(data['company_name']);
+ $('#ssl_locality').val(data['city']);
+ $('#ssl_country').val(data['country']);
+ $('#ssl_state').val(data['state']);
+ $('#ssl_organisation_unit').val('IT');
+ });
+ }
+ </tmpl_if>
+//-->
+</script>
\ No newline at end of file
diff --git a/interface/web/mail/xmpp_domain_edit.php b/interface/web/mail/xmpp_domain_edit.php
index 2844a2776a..b30d4d1406 100644
--- a/interface/web/mail/xmpp_domain_edit.php
+++ b/interface/web/mail/xmpp_domain_edit.php
@@ -49,14 +49,16 @@ $app->uses('tpl,tform,tform_actions,tools_sites');
$app->load('tform_actions');
class page_action extends tform_actions {
- var $_xmpp_type = 'domain';
+ var $_xmpp_type = 'server';
function onLoad() {
$show_type = 'server';
- if(isset($_GET['type']) && $_GET['type'] == 'modules') {
+ if(isset($_REQUEST['type']) && $_REQUEST['type'] == 'modules') {
$show_type = 'modules';
- } elseif(isset($_GET['type']) && $_GET['type'] == 'muc') {
+ } elseif(isset($_REQUEST['type']) && $_REQUEST['type'] == 'muc') {
$show_type = 'muc';
+ }elseif(isset($_REQUEST['type']) && $_REQUEST['type'] == 'ssl') {
+ $show_type = 'ssl';
}
$_SESSION['s']['var']['xmpp_type'] = $show_type;
@@ -363,6 +365,21 @@ class page_action extends tform_actions {
}
}
+ if($this->_xmpp_type == 'ssl'){
+ //* Check that all fields for the SSL cert creation are filled
+ if(isset($this->dataRecord['ssl_action']) && $this->dataRecord['ssl_action'] == 'create') {
+ if($this->dataRecord['ssl_state'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_state_empty').'<br />';
+ if($this->dataRecord['ssl_locality'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_locality_empty').'<br />';
+ if($this->dataRecord['ssl_organisation'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_organisation_empty').'<br />';
+ if($this->dataRecord['ssl_organisation_unit'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_organisation_unit_empty').'<br />';
+ if($this->dataRecord['ssl_country'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_country_empty').'<br />';
+ }
+
+ if(isset($this->dataRecord['ssl_action']) && $this->dataRecord['ssl_action'] == 'save') {
+ if(trim($this->dataRecord['ssl_cert']) == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_cert_empty').'<br />';
+ }
+ }
+
//* make sure that the xmpp domain is lowercase
if(isset($this->dataRecord["domain"])) $this->dataRecord["domain"] = strtolower($this->dataRecord["domain"]);
diff --git a/server/conf/metronome_conf_host.master b/server/conf/metronome_conf_host.master
index 2b4783202f..179d533e19 100644
--- a/server/conf/metronome_conf_host.master
+++ b/server/conf/metronome_conf_host.master
@@ -52,12 +52,12 @@ VirtualHost "{tmpl_var name='domain'}"
admins = {
{tmpl_var name='domain_admins'}
};
--- TODO: SSL Certs for Hosts
--- ssl = {
--- key = "/var/lib/metronome/iplay-esports.de.key",
--- certificate = "/var/lib/metronome/iplay-esports.de.crt",
--- };
-
+<tmpl_if name='ssl_cert' op='==' value='true'>
+ ssl = {
+ key = "/etc/metronome/certs/{tmpl_var name='domain'}.key",
+ certificate = "/etc/metronome/certs/{tmpl_var name='domain'}.cert",
+ };
+</tmpl_if>
<tmpl_if name='use_proxy' op='==' value='true'>
VirtualHost "anon.{tmpl_var name='domain'}"
diff --git a/server/conf/metronome_conf_ssl.master b/server/conf/metronome_conf_ssl.master
new file mode 100644
index 0000000000..73ab3a8a35
--- /dev/null
+++ b/server/conf/metronome_conf_ssl.master
@@ -0,0 +1,72 @@
+oid_section = new_oids
+
+[ new_oids ]
+
+# RFC 3920 section 5.1.1 defines this OID
+xmppAddr = 1.3.6.1.5.5.7.8.5
+
+# RFC 4985 defines this OID
+SRVName = 1.3.6.1.5.5.7.8.7
+
+[ req ]
+
+default_bits = 4096
+default_keyfile = {tmpl_var name='domain'}.key
+distinguished_name = distinguished_name
+req_extensions = v3_extensions
+x509_extensions = v3_extensions
+
+# ask about the DN?
+prompt = no
+
+[ distinguished_name ]
+
+commonName = {tmpl_var name='domain'}
+countryName = {tmpl_var name='ssl_country'}
+localityName = {tmpl_var name='ssl_locality'}
+organizationName = {tmpl_var name='ssl_organisation'}
+organizationalUnitName = {tmpl_var name='ssl_organisation_unit'}
+emailAddress = {tmpl_var name='ssl_email'}
+
+[ v3_extensions ]
+
+# for certificate requests (req_extensions)
+# and self-signed certificates (x509_extensions)
+
+basicConstraints = CA:FALSE
+keyUsage = digitalSignature,keyEncipherment
+extendedKeyUsage = serverAuth,clientAuth
+subjectAltName = @subject_alternative_name
+
+[ subject_alternative_name ]
+
+# See http://tools.ietf.org/html/draft-ietf-xmpp-3920bis#section-13.7.1.2 for more info.
+
+DNS.0 = {tmpl_var name='domain'}
+otherName.0 = xmppAddr;FORMAT:UTF8,UTF8:{tmpl_var name='domain'}
+otherName.1 = SRVName;IA5STRING:_xmpp-client.{tmpl_var name='domain'}
+otherName.2 = SRVName;IA5STRING:_xmpp-server.{tmpl_var name='domain'}
+
+DNS.1 = muc.{tmpl_var name='domain'}
+otherName.3 = xmppAddr;FORMAT:UTF8,UTF8:muc.{tmpl_var name='domain'}
+otherName.4 = SRVName;IA5STRING:_xmpp-server.muc.{tmpl_var name='domain'}
+
+DNS.2 = pubsub.{tmpl_var name='domain'}
+otherName.5 = xmppAddr;FORMAT:UTF8,UTF8:pubsub.{tmpl_var name='domain'}
+otherName.6 = SRVName;IA5STRING:_xmpp-server.pubsub.{tmpl_var name='domain'}
+
+DNS.3 = anon.{tmpl_var name='domain'}
+otherName.7 = xmppAddr;FORMAT:UTF8,UTF8:anon.{tmpl_var name='domain'}
+otherName.8 = SRVName;IA5STRING:_xmpp-server.anon.{tmpl_var name='domain'}
+
+DNS.4 = xmpp.{tmpl_var name='domain'}
+otherName.9 = xmppAddr;FORMAT:UTF8,UTF8:xmpp.{tmpl_var name='domain'}
+otherName.10= SRVName;IA5STRING:_xmpp-server.xmpp.{tmpl_var name='domain'}
+
+DNS.5 = proxy.{tmpl_var name='domain'}
+otherName.11= xmppAddr;FORMAT:UTF8,UTF8:proxy.{tmpl_var name='domain'}
+otherName.12= SRVName;IA5STRING:_xmpp-server.proxy.{tmpl_var name='domain'}
+
+DNS.6 = vjud.{tmpl_var name='domain'}
+otherName.13= xmppAddr;FORMAT:UTF8,UTF8:vjud.{tmpl_var name='domain'}
+otherName.14= SRVName;IA5STRING:_xmpp-server.vjud.{tmpl_var name='domain'}
\ No newline at end of file
diff --git a/server/mods-available/xmpp_module.inc.php b/server/mods-available/xmpp_module.inc.php
index 145b7f0f58..f8c1526e73 100644
--- a/server/mods-available/xmpp_module.inc.php
+++ b/server/mods-available/xmpp_module.inc.php
@@ -79,6 +79,8 @@ class xmpp_module {
*/
$app->modules->registerTableHook('xmpp_domain', 'xmpp_module', 'process');
+ $app->services->registerService('metronome', 'xmpp_module', 'reloadXMPP');
+ $app->services->registerService('metronome', 'xmpp_module', 'restartXMPP');
}
@@ -104,6 +106,26 @@ class xmpp_module {
} // end switch
} // end function
+
+ function restartXMPP($action = 'restart') {
+ global $app, $conf;
+
+ // load the server configuration options
+ $app->uses('getconf,system');
+ $xmpp_config = $app->getconf->get_server_config($conf['server_id'], 'xmpp');
+
+ $daemon = 'metronome';
+
+ $retval = array('output' => '', 'retval' => 0);
+ if($action == 'restart') {
+ $cmd = $app->system->getinitcommand($daemon, 'restart');
+ } else {
+ $cmd = $app->system->getinitcommand($daemon, 'reload');
+ }
+ exec($cmd.' 2>&1', $retval['output'], $retval['retval']);
+ $app->log("Restarting xmpp: $cmd", LOGLEVEL_DEBUG);
+ return $retval;
+ }
} // end class
?>
diff --git a/server/plugins-available/xmpp_plugin.inc.php b/server/plugins-available/xmpp_plugin.inc.php
index 312a2a9945..2176cc513f 100644
--- a/server/plugins-available/xmpp_plugin.inc.php
+++ b/server/plugins-available/xmpp_plugin.inc.php
@@ -38,6 +38,10 @@ class xmpp_plugin {
var $xmpp_config_dir = '/etc/metronome';
+ var $ssl_certificate_changed = false;
+ var $ssl_certificate_deleted = false;
+
+
//* This function is called during ispconfig installation to determine
// if a symlink shall be created for this plugin.
function onInstall() {
@@ -64,6 +68,11 @@ class xmpp_plugin {
$app->plugins->registerEvent('server_insert', 'xmpp_plugin', 'insert');
$app->plugins->registerEvent('server_update', 'xmpp_plugin', 'update');
+
+ $app->plugins->registerEvent('xmpp_domain_insert', 'xmpp_plugin', 'ssl');
+ $app->plugins->registerEvent('xmpp_domain_update', 'xmpp_plugin', 'ssl');
+ $app->plugins->registerEvent('xmpp_domain_delete', 'xmpp_plugin', 'ssl');
+
$app->plugins->registerEvent('xmpp_domain_insert', 'xmpp_plugin', 'domainInsert');
$app->plugins->registerEvent('xmpp_domain_update', 'xmpp_plugin', 'domainUpdate');
$app->plugins->registerEvent('xmpp_domain_delete', 'xmpp_plugin', 'domainDelete');
@@ -193,6 +202,10 @@ class xmpp_plugin {
}
+ // Check for SSL
+ if(strlen($data['new']['ssl_cert']) && strlen($data['new']['ssl_key']) && !$this->ssl_certificate_deleted || $this->ssl_certificate_changed)
+ $tpl->setVar('ssl_cert', true);
+
$app->system->file_put_contents($this->xmpp_config_dir.'/hosts/'.$data['new']['domain'].'.cfg.lua', $tpl->grab());
unset($tpl);
@@ -207,7 +220,7 @@ class xmpp_plugin {
unset($tpl);
}
- $app->services->restartServiceDelayed('metronome', 'restart');
+ $app->services->restartServiceDelayed('metronome', 'reload');
}
function domainDelete($event_name, $data){
@@ -253,6 +266,131 @@ class xmpp_plugin {
exec('metronomectl deluser '.$data['old']['jid']);
}
+ // Handle the creation of SSL certificates
+ function ssl($event_name, $data) {
+ global $app, $conf;
+
+ $app->uses('system,tpl');
+
+ // load the server configuration options
+ $app->uses('getconf');
+ $web_config = $app->getconf->get_server_config($conf['server_id'], 'web');
+
+ $ssl_dir = '/etc/metronome/certs';
+ $domain = $data['new']['domain'];
+ $cnf_file = $ssl_dir.'/'.$domain.'.cnf';
+ $key_file = $ssl_dir.'/'.$domain.'.key';
+ $csr_file = $ssl_dir.'/'.$domain.'.csr';
+ $crt_file = $ssl_dir.'/'.$domain.'.cert';
+
+ //* Create a SSL Certificate, but only if this is not a mirror server.
+ if($data['new']['ssl_action'] == 'create' && $conf['mirror_server_id'] == 0) {
+
+ $this->ssl_certificate_changed = true;
+
+ //* Rename files if they exist
+ if(file_exists($cnf_file)) $app->system->rename($cnf_file, $cnf_file.'.bak');
+ if(file_exists($key_file)){
+ $app->system->rename($key_file, $key_file.'.bak');
+ $app->system->chmod($key_file.'.bak', 0400);
+ $app->system->chown($key_file.'.bak', 'metronome');
+ }
+ if(file_exists($csr_file)) $app->system->rename($csr_file, $csr_file.'.bak');
+ if(file_exists($crt_file)) $app->system->rename($crt_file, $crt_file.'.bak');
+
+ // Write new CNF file
+ $tpl = new tpl();
+ $tpl->newTemplate('metronome_conf_ssl.master');
+ $tpl->setVar('domain', $domain);
+ $tpl->setVar('ssl_country', $data['new']['ssl_country']);
+ $tpl->setVar('ssl_locality', $data['new']['ssl_locality']);
+ $tpl->setVar('ssl_organisation', $data['new']['ssl_organisation']);
+ $tpl->setVar('ssl_organisation_unit', $data['new']['ssl_organisation_unit']);
+ $tpl->setVar('ssl_email', $data['new']['ssl_email']);
+ $app->system->file_put_contents($cnf_file, $tpl->grab());
+
+ // Generate new key, csr and cert
+ exec("(cd /etc/metronome/certs && make $domain.key)");
+ exec("(cd /etc/metronome/certs && make $domain.csr)");
+ exec("(cd /etc/metronome/certs && make $domain.cert)");
+
+ $ssl_key = $app->db->quote($app->system->file_get_contents($key_file));
+ $app->system->chmod($key_file, 0400);
+ $app->system->chown($key_file, 'metronome');
+ $ssl_request = $app->db->quote($app->system->file_get_contents($csr_file));
+ $ssl_cert = $app->db->quote($app->system->file_get_contents($crt_file));
+ /* Update the DB of the (local) Server */
+ $app->db->query("UPDATE xmpp_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
+ $app->db->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ /* Update also the master-DB of the Server-Farm */
+ $app->dbmaster->query("UPDATE xmpp_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
+ $app->dbmaster->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ $app->log('Creating XMPP SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
+ }
+
+ //* Save a SSL certificate to disk
+ if($data["new"]["ssl_action"] == 'save') {
+ $this->ssl_certificate_changed = true;
+
+ //* Rename files if they exist
+ if(file_exists($cnf_file)) $app->system->rename($cnf_file, $cnf_file.'.bak');
+ if(file_exists($key_file)){
+ $app->system->rename($key_file, $key_file.'.bak');
+ $app->system->chmod($key_file.'.bak', 0400);
+ $app->system->chown($key_file.'.bak', 'metronome');
+ }
+ if(file_exists($csr_file)) $app->system->rename($csr_file, $csr_file.'.bak');
+ if(file_exists($crt_file)) $app->system->rename($crt_file, $crt_file.'.bak');
+
+ //* Write new ssl files
+ if(trim($data["new"]["ssl_request"]) != '')
+ $app->system->file_put_contents($csr_file, $data["new"]["ssl_request"]);
+ if(trim($data["new"]["ssl_cert"]) != '')
+ $app->system->file_put_contents($crt_file, $data["new"]["ssl_cert"]);
+
+ //* Write the key file, if field is empty then import the key into the db
+ if(trim($data["new"]["ssl_key"]) != '') {
+ $app->system->file_put_contents($key_file, $data["new"]["ssl_key"]);
+ $app->system->chmod($key_file, 0400);
+ $app->system->chown($key_file, 'metronome');
+ } else {
+ $ssl_key = $app->db->quote($app->system->file_get_contents($key_file));
+ /* Update the DB of the (local) Server */
+ $app->db->query("UPDATE xmpp_domain SET ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
+ /* Update also the master-DB of the Server-Farm */
+ $app->dbmaster->query("UPDATE xmpp_domain SET ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
+ }
+
+ /* Update the DB of the (local) Server */
+ $app->db->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+
+ /* Update also the master-DB of the Server-Farm */
+ $app->dbmaster->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ $app->log('Saving XMPP SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
+ }
+
+ //* Delete a SSL certificate
+ if($data['new']['ssl_action'] == 'del') {
+ $this->ssl_certificate_deleted = true;
+ $app->system->unlink($csr_file);
+ $app->system->unlink($crt_file);
+ $app->system->unlink($key_file);
+ $app->system->unlink($cnf_file);
+ $app->system->unlink($csr_file.'.bak');
+ $app->system->unlink($crt_file.'.bak');
+ $app->system->unlink($key_file.'.bak');
+ $app->system->unlink($cnf_file.'.bak');
+ /* Update the DB of the (local) Server */
+ $app->db->query("UPDATE xmpp_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = '".$data['new']['domain']."'");
+ $app->db->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ /* Update also the master-DB of the Server-Farm */
+ $app->dbmaster->query("UPDATE xmpp_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = '".$data['new']['domain']."'");
+ $app->dbmaster->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ $app->log('Deleting SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
+ }
+
+ }
+
} // end class
?>
--
GitLab