Merge branch 'main' into release

Author: jaapmarcus

CHANGELOG.md

@@ -3,6 +3,34 @@ All notable changes to this project will be documented in this file.
 
 ## [1.4.2] - Service release
 
+### Features
+
+- Include DMARC record in DNS record list #1836
+- Enabled phpMyAdmin Single Sign On support #1460
+- Add command to add / delete from API_ALLOWED_IP list (#1904)
+
+### Bugfixes
+
+- Improve the calculated disk size of a new backup estimated by excluding the exclude folders, mail accounts and database in backups (#1616) @Myself5
+- Improve v-update-firewall / v-stop-firewall to make it self healing (#1892) @myrevery 
+- Update phpMyAdmin version to 1.5.1 (See https://www.phpmyadmin.net/news/2021/6/4/phpmyadmin-511-released/)
+- Fixed a bug after rebuilding mail with Exim4 and suspended domains (#1886)
+- Fixed "Allowed IP addresses for API" field with strange behaviour #1866
+- Fixed an issue where the "Saved confirmation" was not set due to a redirect #1879
+- Increased minimal memory requirements for ClamD / ClamAV.  #1840
+- Restore of backup did not rebuild the "Forced SSL" and "HSTS" config on new account #1862
+- Keep changes made by /install/upgrade/manual/install_awstats_geopip.sh on update HestiaCP (via Discord)
+- Refactor/improve PHP and HTML code @s0t (#1860)
+- Fixed XSS vulnerability in login page and a few other locations @briansemrau / @numanturle
+- Delete old session after session_regenerate_id() @briansemrau
+- Improve error message when domain all ready exists on different account.
+- Fixed an issue where phpmyadmin did not update when Postgresql was available.
+- Webmail clients set to rainloop where not able to create a SSL certificate via LE #1913
+- Fixed an issue where plugin-hestia-change-pasword did not change the port on v-change-sys-port (Rainloop) #1895
+- Fixed an issue where HELO message was not set / error was created on NAT IP
+
+## [1.4.2] - Service release
+
 - **NOTE:** During the 1.4.1 / 1.4.0 release we have introduced a bug for Ubuntu 20.04 and 18.04 users with multiple network ports on the server. This release will solve the problems caused by this bug! If you are unable to download the Hestia packages via apt. Run the following command via CLI or SSH as root
 
 ```

README.md

@@ -2,7 +2,7 @@
 
 [Hestia Control Panel](https://www.hestiacp.com/)
 ==================================================
-**Latest stable release:** Version 1.4.2 | [View Changelog](https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md)<br>
+**Latest stable release:** Version 1.4.3 | [View Changelog](https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md)<br>
 
 **Web:** [www.hestiacp.com](https://www.hestiacp.com/)<br>
 **Documentation:** [docs.hestiacp.com](https://docs.hestiacp.com/)<br>

bin/v-add-fastcgi-cache

@@ -31,7 +31,7 @@ source $HESTIA/conf/hestia.conf
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '2' "$#" 'USER DOMAIN DEBUG'
+check_args '2' "$#" 'USER DOMAIN [DURATION] [DEBUG] [RESTART]'
 is_format_valid 'user' 'domain'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
@@ -85,7 +85,7 @@ cat << EOF > $fastcgi
     set $no_cache 0;
 EOF
 
-if [ ! -z "$debug" ]; then
+if [ "$debug" = 'yes' ]; then
     echo "    add_header \"X-STATUS\" \"$status\";" >> $fastcgi
 fi
 

bin/v-add-letsencrypt-domain

@@ -315,11 +315,31 @@ for auth in $authz; do
                 chown -R $user:$user $well_known
             fi
         else
-            well_known="/var/lib/roundcube/.well-known"
-            acme_challenge="$well_known/acme-challenge"
-            mkdir -p $acme_challenge
-            echo "$token.$THUMB" > $acme_challenge/$token
-            chown -R $user:$user $well_known
+            if [ "$WEB_SYSTEM" = 'nginx' ] || [ "$PROXY_SYSTEM" = 'nginx' ]; then
+                conf="$HOMEDIR/$user/conf/mail/$root_domain/nginx.conf_letsencrypt"
+                sconf="$HOMEDIR/$user/conf/mail/$root_domain/nginx.ssl.conf_letsencrypt"
+                echo 'location ~ "^/\.well-known/acme-challenge/([-_A-Za-z0-9]+)$" {' \
+                    > $conf
+                echo '    default_type text/plain;' >> $conf
+                echo '    return 200 "$1.'$THUMB'";' >> $conf
+                echo '}' >> $conf
+                if [ ! -e "$sconf" ]; then
+                    ln -s "$conf" "$sconf"
+                fi
+                if [ ! -z "$PROXY_SYSTEM" ]; then
+                    $BIN/v-restart-proxy
+                    check_result $? "Proxy restart failed" > /dev/null
+                fi
+            else  
+                get_object_value 'mail' 'DOMAIN' "$domain" "WEBMAIL" 
+                if [ ! -z "$WEBMAIL" ]; then 
+                    well_known="/var/lib/$WEBMAIL/.well-known"
+                    acme_challenge="$well_known/acme-challenge"
+                    mkdir -p $acme_challenge
+                    echo "$token.$THUMB" > $acme_challenge/$token
+                    chown -R $user:$user $well_known
+                fi
+            fi
         fi
         if [ "$WEB_SYSTEM" = 'nginx' ]; then
             $BIN/v-restart-web

bin/v-add-mail-domain-smtp-relay

@@ -0,0 +1,46 @@
+#!/bin/bash
+# info: add ip adresss to allowed ip list api
+# options: IP 
+# labels: hestia
+#
+# example: v-add-sys-api-ip 1.1.1.1
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+ip46=${1// /}
+
+# Includes
+
+# shellcheck source=/usr/local/hestia/func/main.sh
+source $HESTIA/func/main.sh
+# shellcheck source=/usr/local/hestia/func/ip.sh
+source $HESTIA/func/ip.sh
+# shellcheck source=/usr/local/hestia/conf/hestia.conf
+source $HESTIA/conf/hestia.conf
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'IP'
+is_format_valid 'ip46'
+
+# Perform verification if read-only mode is enabled
+check_hestia_demo_mode
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+if [ "$API_ALLOWED_IP" != "" ]; then
+    $BIN/v-change-sys-config-value 'API_ALLOWED_IP' "$API_ALLOWED_IP,$ip46"
+else
+    $BIN/v-change-sys-config-value 'API_ALLOWED_IP' "$ip46"
+fi
+
+# Logging
+$BIN/v-log-action "system" "Warning" "System" "Added new IP address added to Allowed IP API (IP: $ip46)"
+log_event "$OK" "$ARGUMENTS"

bin/v-add-sys-api-ip

@@ -3,7 +3,7 @@
 # options: USER
 # labels: hestia
 #
-# example: v-add-user-composer user
+# example: v-add-user-composer user [version]
 #
 # The function adds support for composer (php dependency manager)
 # Homepage: https://getcomposer.org/
@@ -15,6 +15,7 @@
 
 # Argument definition
 user=$1
+version=${2-2}
 
 if [ -z "$HESTIA" ]; then
     HESTIA="/usr/local/hestia"
@@ -31,8 +32,9 @@ source $HESTIA/conf/hestia.conf
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '1' "$#" 'USER'
+check_args '1' "$#" 'USER [VERSION]'
 is_format_valid 'user'
+is_number_format_valid "$version" "version"
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 
@@ -78,7 +80,7 @@ if [[ "$signature" != $(sha384sum $COMPOSER_SETUP_FILE | cut -f 1 -d " ") ]]; th
     check_result $E_INVALID "Composer signature does not match"
 fi
 
-COMPOSER_HOME="$HOMEDIR/$user/.config/composer" user_exec /usr/bin/php "$COMPOSER_SETUP_FILE" --1 --quiet --install-dir="$COMPOSER_DIR" --filename=composer
+COMPOSER_HOME="$HOMEDIR/$user/.config/composer" user_exec /usr/bin/php "$COMPOSER_SETUP_FILE" --quiet "--$version" --install-dir="$COMPOSER_DIR" --filename=composer
 check_result $? "Composer install failed"
 
 [ -f "$COMPOSER_SETUP_FILE" ] && rm -f "$COMPOSER_SETUP_FILE"

bin/v-add-sys-smtp-relay

@@ -31,6 +31,111 @@ source $HESTIA/func/backup.sh
 # shellcheck source=/usr/local/hestia/conf/hestia.conf
 source $HESTIA/conf/hestia.conf
 
+# Return Disk Usage
+get_user_disk_usage() {
+    u_usage=0
+    web_exclusions=''
+    mail_exclusions=''
+    db_exclusions=''
+    user_exclusions=''
+
+    # Parsing excludes
+    if [ -e "$USER_DATA/backup-excludes.conf" ]; then
+        web_exclusions=$(grep 'WEB=' $USER_DATA/backup-excludes.conf |\
+            awk -F "WEB='" '{print $2}' | cut -f 1 -d \')
+        mail_exclusions=$(grep 'MAIL=' $USER_DATA/backup-excludes.conf |\
+            awk -F "MAIL='" '{print $2}' | cut -f 1 -d \')
+        db_exclusions=$(grep 'DB=' $USER_DATA/backup-excludes.conf |\
+            awk -F "DB='" '{print $2}' | cut -f 1 -d \')
+        user_exclusions=$(grep 'USER=' $USER_DATA/backup-excludes.conf |\
+            awk -F "USER='" '{print $2}' | cut -f 1 -d \')
+    fi
+
+    if [ -f "$USER_DATA/web.conf" ] && [ "$web_exclusions" != '*' ]; then
+        usage=0
+        domains=$(grep 'DOMAIN=' $USER_DATA/web.conf |\
+            awk -F "DOMAIN='" '{print $2}' | cut -f 1 -d \')
+
+        for domain in $domains; do
+            exclusion=$(echo -e "$web_exclusions" |tr ',' '\n' |grep "^$domain$")
+            if [ -z "$exclusion" ]; then
+                # Defining home directory
+                home_dir="$HOMEDIR/$user/web/$domain/"
+                exlusion=$(echo -e "$web_exclusions" |tr ',' '\n' |grep "^$domain:")
+                fargs=()
+
+                if [ ! -z "$exlusion" ]; then
+                    xdirs="$(echo -e "$exlusion" |tr ':' '\n' |grep -v $domain)"
+                    for xpath in $xdirs; do
+                        fargs+=(--exclude=$xpath)
+                    done
+                fi
+
+                # Checking home directory exist
+                if [ -e "$home_dir" ]; then
+                    disk_usage=$(nice -n 19 du -shm $home_dir ${fargs[@]} | cut -f 1 )
+                    u_usage=$((u_usage + disk_usage))
+                fi
+            fi
+        done
+    fi
+
+    if [ -f "$USER_DATA/mail.conf" ] && [ "$mail_exclusions" != '*' ]; then
+        usage=0
+        domains=$(grep 'DOMAIN=' $USER_DATA/mail.conf |\
+            awk -F "DOMAIN='" '{print $2}' | cut -f 1 -d \')
+
+        for domain in $domains; do
+            check_exl=$(echo "$mail_exclusions" |tr ',' '\n' |grep "^$domain$")
+            if [ -f "$USER_DATA/mail/$domain.conf" ] && [ -z "$check_exl" ]; then
+                accounts=$(grep 'ACCOUNT=' $USER_DATA/mail/$domain.conf |\
+                    awk -F "ACCOUNT='" '{print $2}' | cut -f 1 -d \')
+
+                for account in $accounts; do
+                    home_dir=$HOMEDIR/$user/mail/$domain/$account
+                    exclusion=$(echo "$mail_exclusions" |tr ',' '\n' |grep "$domain:")
+                    exclusion=$(echo "$exclusion" |tr ':' '\n' |grep -E "^$account|\*")
+
+                    if [ -z "$exclusion" ] && [ -e "$home_dir" ]; then
+                        disk_usage=$(nice -n 19 du -shm $home_dir | cut -f 1 )
+                        u_usage=$((u_usage + disk_usage))
+                    fi
+                done
+            fi
+        done
+    fi
+
+    if [ -f "$USER_DATA/db.conf" ] && [ "$db_exclusions" != '*' ]; then
+        usage=0
+        databases=$(grep 'DB=' $USER_DATA/db.conf |\
+            awk -F "DB='" '{print $2}' | cut -f 1 -d \')
+        for database in $databases; do
+            exclusion=$(echo "$db_exclusions" |tr ',' '\n' |grep "^$database$")
+            if [ -z "$exclusion" ]; then
+                # Get database values
+                get_database_values
+
+                # Switching on db type
+                case $DB_SYSTEM in
+                    mysql) get_mysql_disk_usage ;;
+                    pgsql) get_pgsql_disk_usage ;;
+                esac
+                u_usage=$((u_usage + usage))
+            fi
+        done
+    fi
+
+    if [ "$user_exclusions" != '*' ]; then
+        fargs=()
+        for xpath in $(echo "$user_exclusions" |tr ',' '\n'); do
+            fargs+=(--exclude=$xpath)
+        done
+        usage=$(du -shm $HOMEDIR/$user --exclude $HOMEDIR/$user/web --exclude $HOMEDIR/$user/mail --exclude $HOMEDIR/$user/conf ${fargs[@]} |cut -f 1 )
+        u_usage=$((u_usage + usage))
+    fi
+
+    echo ${u_usage}
+}
 
 #----------------------------------------------------------#
 #                    Verifications                         #
@@ -73,7 +178,7 @@ subj="$user → backup failed"
 email=$(grep CONTACT $HESTIA/data/users/admin/user.conf |cut -f 2 -d \')
 
 # Validate available disk space (take usage * 2, due to the backup handling)
-let u_disk=$(grep "U_DISK=" $HESTIA/data/users/$user/user.conf |cut -f 2 -d \')*2
+let u_disk=$(($(get_user_disk_usage) * 2))
 let v_disk=$(($(stat -f --format="%a*%S" $BACKUP)))/1024/1024
 
 if [ "$u_disk" -gt "$v_disk" ]; then