Skip to content

Commit 0866966

Browse files
author
mcramer
committed
- support for limiting remote access to database to certain ip addresses
- changed GRANTs for slave servers on multiserver setups - added option for clients to change path of ftp users (inside webroot) - extended software packaging system (return status of install) - added 2 plugins for automatically create symlinks webmail and phpmyadmin on each website (not enabled by default)
1 parent 9253d53 commit 0866966

21 files changed

+894
-146
lines changed

install/lib/installer_base.lib.php

Lines changed: 74 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -233,33 +233,10 @@ public function add_database_server_record() {
233233
$sql = "INSERT INTO `server` (`server_id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`) VALUES ('".$conf['server_id']."',1, 1, 'riud', 'riud', 'r', '".$conf['hostname']."', '$mail_server_enabled', '$web_server_enabled', '$dns_server_enabled', '$file_server_enabled', '$db_server_enabled', '$vserver_server_enabled', '$server_ini_content', 0, 1);";
234234
$this->db->query($sql);
235235

236-
//* insert the ispconfig user in the remote server
237-
$from_host = $conf['hostname'];
238-
$from_ip = gethostbyname($conf['hostname']);
239-
240236
//* username for the ispconfig user
241237
$conf['mysql']['master_ispconfig_user'] = 'ispcsrv'.$conf['server_id'];
242-
243-
//* Delete ISPConfig user in the master database, in case that it exists
244-
$this->dbmaster->query("DELETE FROM mysql.user WHERE User = '".$conf['mysql']['master_ispconfig_user']."' AND Host = '".$from_host."';");
245-
$this->dbmaster->query("DELETE FROM mysql.db WHERE Db = '".$conf['mysql']['master_database']."' AND Host = '".$from_host."';");
246-
$this->dbmaster->query("DELETE FROM mysql.user WHERE User = '".$conf['mysql']['master_ispconfig_user']."' AND Host = '".$from_ip."';");
247-
$this->dbmaster->query("DELETE FROM mysql.db WHERE Db = '".$conf['mysql']['master_database']."' AND Host = '".$from_ip."';");
248-
$this->dbmaster->query('FLUSH PRIVILEGES;');
249-
250-
//* Create the ISPConfig database user in the remote database
251-
$query = 'GRANT SELECT, INSERT, UPDATE, DELETE ON '.$conf['mysql']['master_database'].".* "
252-
."TO '".$conf['mysql']['master_ispconfig_user']."'@'".$from_host."' "
253-
."IDENTIFIED BY '".$conf['mysql']['master_ispconfig_password']."';";
254-
if(!$this->dbmaster->query($query)) {
255-
$this->error('Unable to create database user in master database: '.$conf['mysql']['master_ispconfig_user'].' Error: '.$this->dbmaster->errorMessage);
256-
}
257-
$query = 'GRANT SELECT, INSERT, UPDATE, DELETE ON '.$conf['mysql']['master_database'].".* "
258-
."TO '".$conf['mysql']['master_ispconfig_user']."'@'".$from_ip."' "
259-
."IDENTIFIED BY '".$conf['mysql']['master_ispconfig_password']."';";
260-
if(!$this->dbmaster->query($query)) {
261-
$this->error('Unable to create database user in master database: '.$conf['mysql']['master_ispconfig_user'].' Error: '.$this->dbmaster->errorMessage);
262-
}
238+
239+
$this->grant_master_database_rights();
263240

264241
} else {
265242
//* Insert the server, if its not a mster / slave setup
@@ -272,6 +249,78 @@ public function add_database_server_record() {
272249

273250
}
274251

252+
public function grant_master_database_rights()
253+
{
254+
global $conf;
255+
256+
if($conf['mysql']['master_slave_setup'] != 'y') return;
257+
258+
//* insert the ispconfig user in the remote server
259+
$from_host = $conf['hostname'];
260+
$from_ip = gethostbyname($conf['hostname']);
261+
262+
//* Delete ISPConfig user in the master database, in case that it exists
263+
$this->dbmaster->query("DELETE FROM mysql.user WHERE User = '".$conf['mysql']['master_ispconfig_user']."' AND Host = '".$from_host."';");
264+
$this->dbmaster->query("DELETE FROM mysql.db WHERE Db = '".$conf['mysql']['master_database']."' AND Host = '".$from_host."';");
265+
$this->dbmaster->query("DELETE FROM mysql.user WHERE User = '".$conf['mysql']['master_ispconfig_user']."' AND Host = '".$from_ip."';");
266+
$this->dbmaster->query("DELETE FROM mysql.db WHERE Db = '".$conf['mysql']['master_database']."' AND Host = '".$from_ip."';");
267+
$this->dbmaster->query('FLUSH PRIVILEGES;');
268+
269+
$hosts = array($from_host, $from_ip);
270+
271+
foreach($hosts as $src_host) {
272+
//* Create the ISPConfig database user in the remote database
273+
$query = "GRANT SELECT ON ".$conf['mysql']['master_database'].".`server` "
274+
."TO '".$conf['mysql']['master_ispconfig_user']."'@'".$src_host."' "
275+
."IDENTIFIED BY '".$conf['mysql']['master_ispconfig_password']."';";
276+
if(!$this->dbmaster->query($query)) {
277+
$this->error('Unable to create database user in master database: '.$conf['mysql']['master_ispconfig_user'].' Error: '.$this->dbmaster->errorMessage);
278+
}
279+
280+
$query = "GRANT SELECT, INSERT ON ".$conf['mysql']['master_database'].".`sys_log` "
281+
."TO '".$conf['mysql']['master_ispconfig_user']."'@'".$src_host."' "
282+
."IDENTIFIED BY '".$conf['mysql']['master_ispconfig_password']."';";
283+
if(!$this->dbmaster->query($query)) {
284+
$this->error('Unable to create database user in master database: '.$conf['mysql']['master_ispconfig_user'].' Error: '.$this->dbmaster->errorMessage);
285+
}
286+
287+
$query = "GRANT SELECT, UPDATE(`status`) ON ".$conf['mysql']['master_database'].".`sys_datalog` "
288+
."TO '".$conf['mysql']['master_ispconfig_user']."'@'".$src_host."' "
289+
."IDENTIFIED BY '".$conf['mysql']['master_ispconfig_password']."';";
290+
if(!$this->dbmaster->query($query)) {
291+
$this->error('Unable to create database user in master database: '.$conf['mysql']['master_ispconfig_user'].' Error: '.$this->dbmaster->errorMessage);
292+
}
293+
294+
$query = "GRANT UPDATE(`status`) ON ".$conf['mysql']['master_database'].".`software_update_inst` "
295+
."TO '".$conf['mysql']['master_ispconfig_user']."'@'".$src_host."' "
296+
."IDENTIFIED BY '".$conf['mysql']['master_ispconfig_password']."';";
297+
if(!$this->dbmaster->query($query)) {
298+
$this->error('Unable to create database user in master database: '.$conf['mysql']['master_ispconfig_user'].' Error: '.$this->dbmaster->errorMessage);
299+
}
300+
301+
$query = "GRANT UPDATE (`ssl_request`, `ssl_cert`, `ssl_action`) ON ".$conf['mysql']['master_database'].".`web_domain` "
302+
."TO '".$conf['mysql']['master_ispconfig_user']."'@'".$src_host."' "
303+
."IDENTIFIED BY '".$conf['mysql']['master_ispconfig_password']."';";
304+
if(!$this->dbmaster->query($query)) {
305+
$this->error('Unable to create database user in master database: '.$conf['mysql']['master_ispconfig_user'].' Error: '.$this->dbmaster->errorMessage);
306+
}
307+
308+
$query = "GRANT SELECT ON ".$conf['mysql']['master_database'].".`sys_group` "
309+
."TO '".$conf['mysql']['master_ispconfig_user']."'@'".$src_host."' "
310+
."IDENTIFIED BY '".$conf['mysql']['master_ispconfig_password']."';";
311+
if(!$this->dbmaster->query($query)) {
312+
$this->error('Unable to create database user in master database: '.$conf['mysql']['master_ispconfig_user'].' Error: '.$this->dbmaster->errorMessage);
313+
}
314+
315+
$query = "GRANT INSERT , DELETE ON ".$conf['mysql']['master_database'].".`monitor_data` "
316+
."TO '".$conf['mysql']['master_ispconfig_user']."'@'".$src_host."' "
317+
."IDENTIFIED BY '".$conf['mysql']['master_ispconfig_password']."';";
318+
if(!$this->dbmaster->query($query)) {
319+
$this->error('Unable to create database user in master database: '.$conf['mysql']['master_ispconfig_user'].' Error: '.$this->dbmaster->errorMessage);
320+
}
321+
}
322+
323+
}
275324

276325
//** writes postfix configuration files
277326
public function process_postfix_config($configfile)

install/sql/ispconfig3.sql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1010,6 +1010,7 @@ CREATE TABLE `web_database` (
10101010
`database_password` varchar(64) default NULL,
10111011
`database_charset` varchar(64) default NULL,
10121012
`remote_access` enum('n','y') NOT NULL default 'y',
1013+
`remote_ips` text NOT NULL,
10131014
`active` enum('n','y') NOT NULL default 'y',
10141015
PRIMARY KEY (`database_id`)
10151016
) ENGINE=MyISAM AUTO_INCREMENT=1;

install/update.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -165,6 +165,9 @@
165165
//** Create the mysql database
166166
$inst->configure_database();
167167

168+
//** Update master database rights
169+
$inst->grant_master_database_rights();
170+
168171
//** empty all databases
169172
$db_tables = $inst->db->getTables();
170173

interface/lib/classes/validate_database.inc.php

Lines changed: 72 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,72 @@
1+
<?php
2+
3+
/*
4+
Copyright (c) 2007, Till Brehm, projektfarm Gmbh
5+
All rights reserved.
6+
7+
Redistribution and use in source and binary forms, with or without modification,
8+
are permitted provided that the following conditions are met:
9+
10+
* Redistributions of source code must retain the above copyright notice,
11+
this list of conditions and the following disclaimer.
12+
* Redistributions in binary form must reproduce the above copyright notice,
13+
this list of conditions and the following disclaimer in the documentation
14+
and/or other materials provided with the distribution.
15+
* Neither the name of ISPConfig nor the names of its contributors
16+
may be used to endorse or promote products derived from this software without
17+
specific prior written permission.
18+
19+
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
20+
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21+
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22+
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
23+
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
24+
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25+
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
26+
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27+
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
28+
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29+
*/
30+
31+
class validate_database {
32+
33+
/*
34+
Validator function to check if a given list of ips is ok.
35+
*/
36+
function valid_ip_list($field_name, $field_value, $validator) {
37+
global $app;
38+
39+
if($_POST["remote_access"] == "y") {
40+
if(trim($field_value) == "") return;
41+
42+
$values = split(",", $field_value);
43+
foreach($values as $cur_value) {
44+
$cur_value = trim($cur_value);
45+
46+
$valid = true;
47+
if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $cur_value)) {
48+
$groups = explode(".", $cur_value);
49+
foreach($groups as $group){
50+
if($group<0 OR $group>255)
51+
$valid=false;
52+
}
53+
} else {
54+
$valid = false;
55+
}
56+
57+
if($valid == false) {
58+
$errmsg = $validator['errmsg'];
59+
if(isset($app->tform->wordbook[$errmsg])) {
60+
return $app->tform->wordbook[$errmsg]."<br>\r\n";
61+
} else {
62+
return $errmsg."<br>\r\n";
63+
}
64+
}
65+
}
66+
}
67+
}
68+
69+
70+
71+
72+
}

interface/lib/classes/validate_ftpuser.inc.php

Lines changed: 89 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,89 @@
1+
<?php
2+
3+
/*
4+
Copyright (c) 2007, Till Brehm, projektfarm Gmbh
5+
All rights reserved.
6+
7+
Redistribution and use in source and binary forms, with or without modification,
8+
are permitted provided that the following conditions are met:
9+
10+
* Redistributions of source code must retain the above copyright notice,
11+
this list of conditions and the following disclaimer.
12+
* Redistributions in binary form must reproduce the above copyright notice,
13+
this list of conditions and the following disclaimer in the documentation
14+
and/or other materials provided with the distribution.
15+
* Neither the name of ISPConfig nor the names of its contributors
16+
may be used to endorse or promote products derived from this software without
17+
specific prior written permission.
18+
19+
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
20+
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21+
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22+
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
23+
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
24+
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25+
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
26+
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27+
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
28+
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29+
*/
30+
31+
class validate_ftpuser {
32+
33+
/*
34+
Validator function to check if a given dir is ok.
35+
*/
36+
function ftp_dir($field_name, $field_value, $validator) {
37+
global $app;
38+
39+
if($app->tform->primary_id == 0) {
40+
$errmsg = $validator['errmsg'];
41+
if(isset($app->tform->wordbook[$errmsg])) {
42+
return $app->tform->wordbook[$errmsg]."<br>\r\n";
43+
} else {
44+
return $errmsg."<br>\r\n";
45+
}
46+
}
47+
48+
49+
$ftp_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM ftp_user WHERE ftp_user_id = '".$app->db->quote($app->tform->primary_id)."'");
50+
if(!$ftp_data["parent_domain_id"]) {
51+
$errmsg = $validator['errmsg'];
52+
if(isset($app->tform->wordbook[$errmsg])) {
53+
return $app->tform->wordbook[$errmsg]."<br>\r\n";
54+
} else {
55+
return $errmsg."<br>\r\n";
56+
}
57+
}
58+
59+
$domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = '".$app->db->quote($ftp_data["parent_domain_id"])."'");
60+
if(!$domain_data["domain_id"]) {
61+
$errmsg = $validator['errmsg'];
62+
if(isset($app->tform->wordbook[$errmsg])) {
63+
return $app->tform->wordbook[$errmsg]."<br>\r\n";
64+
} else {
65+
return $errmsg."<br>\r\n";
66+
}
67+
}
68+
69+
$doc_root = $domain_data["document_root"];
70+
$is_ok = false;
71+
if($doc_root == $field_value) $is_ok = true;
72+
73+
$doc_root .= "/";
74+
if(substr($field_value, 0, strlen($doc_root)) == $doc_root) $is_ok = true;
75+
76+
if($is_ok == false) {
77+
$errmsg = $validator['errmsg'];
78+
if(isset($app->tform->wordbook[$errmsg])) {
79+
return $app->tform->wordbook[$errmsg]."<br>\r\n";
80+
} else {
81+
return $errmsg."<br>\r\n";
82+
}
83+
}
84+
}
85+
86+
87+
88+
89+
}

interface/web/admin/software_package_list.php

Lines changed: 46 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,46 @@
6262
}
6363
}
6464
}
65-
65+
66+
$packages = $app->db->queryAllRecords("SELECT software_package.package_name, v1, v2, v3, v4 FROM software_package LEFT JOIN software_update ON ( software_package.package_name = software_update.package_name ) GROUP BY package_name ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC");
67+
if(is_array($packages)) {
68+
foreach($packages as $p) {
69+
70+
$version = $p['v1'].'.'.$p['v2'].'.'.$p['v3'].'.'.$p['v4'];
71+
$updates = $client->get_updates($p['package_name'], $version,$repo['repo_username'], $repo['repo_password']);
72+
73+
if(is_array($updates)) {
74+
foreach($updates as $u) {
75+
76+
$version_array = explode('.',$u['version']);
77+
$v1 = intval($version_array[0]);
78+
$v2 = intval($version_array[1]);
79+
$v3 = intval($version_array[2]);
80+
$v4 = intval($version_array[3]);
81+
82+
$package_name = $app->db->quote($u['package_name']);
83+
$software_repo_id = intval($repo['software_repo_id']);
84+
$update_url = $app->db->quote($u['url']);
85+
$update_md5 = $app->db->quote($u['md5']);
86+
$update_dependencies = (isset($u['dependencies']))?$app->db->quote($u['dependencies']):'';
87+
$update_title = $app->db->quote($u['title']);
88+
$type = $app->db->quote($u['type']);
89+
90+
// Check that we do not have this update in the database yet
91+
$sql = "SELECT * FROM software_update WHERE package_name = '$package_name' and v1 = '$v1' and v2 = '$v2' and v3 = '$v3' and v4 = '$v4'";
92+
$tmp = $app->db->queryOneRecord($sql);
93+
if(!isset($tmp['software_update_id'])) {
94+
// Insert the update in the datbase
95+
$sql = "INSERT INTO software_update (software_repo_id, package_name, update_url, update_md5, update_dependencies, update_title, v1, v2, v3, v4, type)
96+
VALUES ($software_repo_id, '$package_name', '$update_url', '$update_md5', '$update_dependencies', '$update_title', '$v1', '$v2', '$v3', '$v4', '$type')";
97+
//die($sql);
98+
$app->db->query($sql);
99+
}
100+
101+
}
102+
}
103+
}
104+
}
66105
}
67106
}
68107

@@ -74,8 +113,8 @@
74113
$tmp = $app->db->queryOneRecord($sql);
75114
$software_update_id = $tmp['software_update_id'];
76115

77-
// $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installing')";
78-
$insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installed')";
116+
$insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installing')";
117+
// $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installed')";
79118
$app->db->datalogInsert('software_update_inst', $insert_data, 'software_update_inst_id');
80119

81120
}
@@ -100,8 +139,10 @@
100139

101140
if($inst['status'] == 'installed') {
102141
$installed_txt .= $s['server_name'].": Installed version $version<br />";
103-
} elseif ($inst['status'] == 'installing') {
104-
$installed_txt .= $s['server_name'].": Installation in progress<br />";
142+
} elseif ($inst['status'] == 'installing') {
143+
$installed_txt .= $s['server_name'].": Installation in progress<br />";
144+
} elseif ($inst['status'] == 'failed') {
145+
$installed_txt .= $s['server_name'].": Installation failed<br />";
105146
} elseif ($inst['status'] == 'deleting') {
106147
$installed_txt .= $s['server_name'].": Deletion in progress<br />";
107148
} else {

interface/web/admin/software_update_list.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -104,8 +104,8 @@
104104
$server_id = intval($_GET['server_id']);
105105
$software_update_id = intval($_GET['id']);
106106

107-
// $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installing')";
108-
$insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installed')";
107+
$insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installing')";
108+
// $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installed')";
109109
$app->db->datalogInsert('software_update_inst', $insert_data, 'software_update_inst_id');
110110

111111
}

0 commit comments

Comments
 (0)