Applied changes from !470 to correct branch

Author: qroac

install/apps/metronome_libs/mod_auth_external/db_auth.php

@@ -17,15 +17,15 @@
 
     // check for existing user
     $dbmail = $db->real_escape_string($arg_email);
-    $result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?", $dbmail, $isp_server_id);
-    result_false($result->num_rows != 1);
-
-    $user = $result->fetch_object();
-
-    // check for domain autologin api key
-    $domain_key = 'f47kmm5Yh5hJzSws2KTS';
-
-    checkAuth($argv[1], $argv[2], $arg_password, $user->password, $domain_key);
+    $query = $db->prepare("SELECT jid, password FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?");
+    $query->bind_param('si', $arg_email, $isp_server_id);
+    $query->execute();
+    $query->bind_result($jid, $password);
+    $query->fetch();
+    $query->close();
+
+    result_false(is_null($jid));
+    checkAuth($arg_password, $password);
 }catch(Exception $ex){
     echo 0;
     exit();
@@ -40,19 +40,9 @@ function result_true(){
     echo 1;
     exit();
 }
-function checkAuth($user, $domain, $pw_arg, $pw_db, $domain_key){
+function checkAuth($pw_arg, $pw_db){
     if(crypt($pw_arg, $pw_db) == $pw_db)
         result_true();
-
-    if($domain_key){
-        $datetime = new DateTime();
-        $datetime->setTimezone(new DateTimeZone("UTC"));
-        for($t = $datetime->getTimestamp(); $t >= $datetime->getTimestamp()-30; $t--){
-            $pw_api = md5($domain.'@'.$domain_key.'@'.$user.'@'.$t);
-            if($pw_api == $pw_arg)
-                result_true();
-        }
-    }
     result_false();
 }
 ?>

install/apps/metronome_libs/mod_auth_external/db_isuser.php

@@ -15,8 +15,14 @@
 
     // check for existing user
     $dbmail = $db->real_escape_string($arg_email);
-    $result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?", $dbmail, $isp_server_id);
-    result_false($result->num_rows != 1);
+    $query = $db->prepare("SELECT count(*) AS usercount FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?");
+    $query->bind_param('si', $arg_email, $isp_server_id);
+    $query->execute();
+    $query->bind_result($usercount);
+    $query->fetch();
+    $query->close();
+
+    result_false($usercount != 1);
     result_true();
 
 }catch(Exception $ex){
@@ -34,4 +40,4 @@ function result_true(){
     exit();
 }
 
-?>
+?>

install/lib/installer_base.lib.php

@@ -1597,6 +1597,7 @@ public function configure_xmpp($options = '') {
         // Copy isp libs
         if(!@is_dir('/usr/lib/metronome/isp-modules')) mkdir('/usr/lib/metronome/isp-modules', 0755, true);
         caselog('cp -rf apps/metronome_libs/* /usr/lib/metronome/isp-modules/', __FILE__, __LINE__);
+        caselog('chmod 755 /usr/lib/metronome/isp-modules/mod_auth_external/authenticate_isp.sh', __FILE__, __LINE__);
         // Process db config
         $full_file_name = '/usr/lib/metronome/isp-modules/mod_auth_external/db_conf.inc.php';
         $content = rf($full_file_name);
@@ -1609,13 +1610,14 @@ public function configure_xmpp($options = '') {
 
         if(!stristr($options, 'dont-create-certs')){
             // Create SSL Certificate for localhost
-            echo "writing new private key to 'localhost.key'\n-----\n";
-            $ssl_country = $this->free_query('Country Name (2 letter code)', 'AU');
-            $ssl_locality = $this->free_query('Locality Name (eg, city)', '');
+            // Ensure no line is left blank
+			echo "writing new private key to 'localhost.key'\n-----\n";
+			$ssl_country = $this->free_query('Country Name (2 letter code)', 'AU');
+            $ssl_locality = $this->free_query('Locality Name (eg, city)', 'City Name');
             $ssl_organisation = $this->free_query('Organization Name (eg, company)', 'Internet Widgits Pty Ltd');
-            $ssl_organisation_unit = $this->free_query('Organizational Unit Name (eg, section)', '');
+            $ssl_organisation_unit = $this->free_query('Organizational Unit Name (eg, section)', 'Infrastructure');
             $ssl_domain = $this->free_query('Common Name (e.g. server FQDN or YOUR name)', $conf['hostname']);
-            $ssl_email = $this->free_query('Email Address', '');
+            $ssl_email = $this->free_query('Email Address', 'hostmaster@'.$conf['hostname']);
 
             $tpl = new tpl('metronome_conf_ssl.master');
             $tpl->setVar('ssl_country',$ssl_country);
@@ -1632,6 +1634,14 @@ public function configure_xmpp($options = '') {
             exec("(cd /etc/metronome/certs && make localhost.cert)");
             exec('chmod 0400 /etc/metronome/certs/localhost.key');
             exec('chown metronome /etc/metronome/certs/localhost.key');
+
+			echo "IMPORTANT:\n";
+			echo "Localhost Key, Csr and a self-signed Cert have been saved to /etc/metronome/certs\n";
+			echo "In order to work with all clients, the server must have a trusted certificate, so use the Csr\n";
+			echo "to get a trusted certificate from your CA or replace Key and Cert with already signed files for\n";
+			echo "your domain. Clients like Pidgin dont allow to use untrusted self-signed certificates.\n";
+			echo "\n";
+
         }else{
             echo "-----\n";
             echo "Metronome XMPP SSL server certificate is not renewed. Run the following command manual as root to recreate it:\n";
@@ -1645,45 +1655,6 @@ public function configure_xmpp($options = '') {
         caselog('update-rc.d metronome defaults', __FILE__, __LINE__);
 
         exec($this->getinitcommand($conf['xmpp']['init_script'], 'restart'));
-
-/*
-writing new private key to 'smtpd.key'
------
-You are about to be asked to enter information that will be incorporated
-into your certificate request.
-What you are about to enter is what is called a Distinguished Name or a DN.
-There are quite a few fields but you can leave some blank
-For some fields there will be a default value,
-If you enter '.', the field will be left blank.
------
-Country Name (2 letter code) [AU]:
-State or Province Name (full name) [Some-State]:
-Locality Name (eg, city) []:
-Organization Name (eg, company) [Internet Widgits Pty Ltd]:
-Organizational Unit Name (eg, section) []:
-Common Name (e.g. server FQDN or YOUR name) []:
-Email Address []:
- * */
-
-        /*// Dont just copy over the virtualhost template but add some custom settings
-        $tpl = new tpl('apache_apps.vhost.master');
-
-        $tpl->setVar('apps_vhost_port',$conf['web']['apps_vhost_port']);
-        $tpl->setVar('apps_vhost_dir',$conf['web']['website_basedir'].'/apps');
-        $tpl->setVar('apps_vhost_basedir',$conf['web']['website_basedir']);
-        $tpl->setVar('apps_vhost_servername',$apps_vhost_servername);
-        $tpl->setVar('apache_version',getapacheversion());
-
-
-        // comment out the listen directive if port is 80 or 443
-        if($conf['web']['apps_vhost_ip'] == 80 or $conf['web']['apps_vhost_ip'] == 443) {
-            $tpl->setVar('vhost_port_listen','#');
-        } else {
-            $tpl->setVar('vhost_port_listen','');
-        }
-
-        wf($vhost_conf_dir.'/apps.vhost', $tpl->grab());
-        unset($tpl);*/
     }
 
 

interface/lib/lang/de.lng

@@ -131,6 +131,12 @@ $wb['datalog_status_d_web_folder'] = 'Verzeichnisschutz löschen';
 $wb['datalog_status_i_web_folder_user'] = 'Verzeichnisschutz Benutzer anlegen';
 $wb['datalog_status_u_web_folder_user'] = 'Verzeichnisschutz Benutzer ändern';
 $wb['datalog_status_d_web_folder_user'] = 'Verzeichnisschutz Benutzer löschen';
+$wb['datalog_status_i_xmpp_domain'] = 'XMPP Domain erstellen';
+$wb['datalog_status_u_xmpp_domain'] = 'XMPP Domain ändern';
+$wb['datalog_status_d_xmpp_domain'] = 'XMPP Domain löschen';
+$wb['datalog_status_i_xmpp_user'] = 'XMPP Benutzer erstellen';
+$wb['datalog_status_u_xmpp_user'] = 'XMPP Benutzer ändern';
+$wb['datalog_status_d_xmpp_user'] = 'XMPP Benutzer löschen';
 $wb['login_as_txt'] = 'Anmelden als';
 $wb['no_domain_perm'] = 'Sie haben keine Berechtigung für diese Domain.';
 $wb['no_destination_perm'] = 'Sie haben keine Berechtigung für dieses Ziel.';

interface/lib/lang/en.lng

@@ -131,6 +131,12 @@ $wb['datalog_status_d_web_folder'] = 'Delete folder protection';
 $wb['datalog_status_i_web_folder_user'] = 'Create folder protection user';
 $wb['datalog_status_u_web_folder_user'] = 'Update folder protection user';
 $wb['datalog_status_d_web_folder_user'] = 'Delete folder protection user';
+$wb['datalog_status_i_xmpp_domain'] = 'Create XMPP domain';
+$wb['datalog_status_u_xmpp_domain'] = 'Update XMPP domain';
+$wb['datalog_status_d_xmpp_domain'] = 'Delete XMPP domain';
+$wb['datalog_status_i_xmpp_user'] = 'Create XMPP user';
+$wb['datalog_status_u_xmpp_user'] = 'Update XMPP user';
+$wb['datalog_status_d_xmpp_user'] = 'Delete XMPP user';
 $wb['err_csrf_attempt_blocked'] = 'CSRF attempt blocked.';
 $wb['login_as_txt'] = 'Log in as';
 $wb["no_domain_perm"] = 'You have no permission for this domain.';

interface/web/mail/xmpp_domain_edit.php

@@ -411,6 +411,9 @@ function onAfterUpdate() {
     private function update_dns($dataRecord, $new_rr) {
         global $app, $conf;
 
+        $sql = "SELECT server_name from server WHERE server_id = " . intval($dataRecord['server_id']);
+        $xmpp_server = $app->db->queryOneRecord($sql);
+
         $rec = $app->db->queryOneRecord("SELECT use_pubsub, use_proxy, use_anon_host, use_vjud, use_muc_host from xmpp_domain WHERE domain_id = ?", $this->id);
         $required_hosts = array('xmpp');
         if($rec['use_pubsub']=='y')
@@ -437,7 +440,7 @@ private function update_dns($dataRecord, $new_rr) {
             $rr = $new_rr;
             $rr['name'] = $h;
             $rr['type'] = 'CNAME';
-            $rr['data'] = 'jalapeno.spicyweb.de.';
+            $rr['data'] = $xmpp_server['server_name'] . '.';
             $rr['aux'] = 0;
             $rr['active'] = 'Y';
             $rr['stamp'] = date('Y-m-d H:i:s');
@@ -449,7 +452,7 @@ private function update_dns($dataRecord, $new_rr) {
         $rr = $new_rr;
         $rr['name'] = '_xmpp-client._tcp.'.$dataRecord['domain'].'.';
         $rr['type'] = 'SRV';
-        $rr['data'] = '5 5222 jalapeno.spicyweb.de.';
+        $rr['data'] = '5 5222 ' . $xmpp_server['server_name'] . '.';
         $rr['aux'] = 0;
         $rr['active'] = 'Y';
         $rr['stamp'] = date('Y-m-d H:i:s');
@@ -458,7 +461,7 @@ private function update_dns($dataRecord, $new_rr) {
         $rr = $new_rr;
         $rr['name'] = '_xmpp-server._tcp.'.$dataRecord['domain'].'.';
         $rr['type'] = 'SRV';
-        $rr['data'] = '5 5269 jalapeno.spicyweb.de.';
+        $rr['data'] = '5 5269 ' . $xmpp_server['server_name'] . '.';
         $rr['aux'] = 0;
         $rr['active'] = 'Y';
         $rr['stamp'] = date('Y-m-d H:i:s');