Merge branch 'master' of github.com:serghey-rodin/vesta

Author: serghey-rodin

bin/v-add-backup-host

@@ -137,8 +137,10 @@ if [ "$type" = 'sftp' ]; then
     if [ -z $port ]; then
         port=22
     fi
-    sftmpdir="$path/vst.bK76A9SUkt"
-    sftpc "mkdir $sftmpdir" "rmdir $sftmpdir" > /dev/null 2>&1
+    if sftpc "mkdir $path" > /dev/null 2>&1 ; then
+        sftmpdir="$path/vst.bK76A9SUkt"
+        sftpc "mkdir $sftmpdir" "rmdir $sftmpdir" > /dev/null 2>&1
+    fi
     rc=$?
     if [[ "$rc" != 0 ]]; then
         case $rc in

bin/v-backup-user

@@ -434,7 +434,7 @@ if [ "$USER" != '*' ]; then
     set -f
     i=0
 
-    for udir in $(ls -a |egrep -v "conf|web|dns|mail|^\.\.$|^\.$"); do
+    for udir in $(ls -a |egrep -v "^conf$|^web$|^dns$|^mail$|^\.\.$|^\.$"); do
         exclusion=$(echo "$USER" |tr ',' '\n' |grep "^$udir$")
         if [ -z "$exclusion" ]; then
             ((i ++))

bin/v-check-user-password

@@ -49,13 +49,24 @@ fi
 #----------------------------------------------------------#
 
 # Parsing user's salt
-shadow=$(grep "^$user:" /etc/shadow)
-salt=$(echo "$shadow" |cut -f 3 -d \$)
-method=$(echo "$shadow" |cut -f 2 -d \$)
-if [ "$method" -eq '1' ]; then
-    method='md5'
+shadow=$(grep "^$user:" /etc/shadow | cut -f 2 -d :)
+
+if echo "$shadow" | grep -qE '^\$[0-9a-z]+\$[^\$]+\$'
+then
+    salt=$(echo "$shadow" |cut -f 3 -d \$)
+    method=$(echo "$shadow" |cut -f 2 -d \$)
+    if [ "$method" -eq '1' ]; then
+        method='md5'
+    elif [ "$method" -eq '6' ]; then
+        method='sha-512'
+    else
+        echo "Error: password missmatch"
+        echo "$DATE $TIME $user $ip failed to login" >> $VESTA/log/auth.log
+        exit 9
+    fi
 else
-    method='sha-512'
+    salt=${shadow:0:2}
+    method='des'
 fi
 
 if [ -z "$salt" ]; then
@@ -64,7 +75,7 @@ if [ -z "$salt" ]; then
     exit 9
 fi
 
-# Generating SHA-512
+# Generating hash
 hash=$($BIN/v-generate-password-hash $method $salt <<< $password)
 if [[ -z "$hash" ]]; then
     echo "Error: password missmatch"

bin/v-generate-password-hash

@@ -37,5 +37,10 @@ if ($crypt == 'htpasswd' ) {
     $hash = crypt($password, base64_encode($password));
 }
 
+// Generating DES hash
+if ($crypt == 'des' ) {
+    $hash = crypt($password, $salt);
+}
+
 // Printing result
 echo $hash . "\n";

bin/v-list-sys-vesta-autoupdate

@@ -1,6 +1,6 @@
 #!/bin/bash
 # info: list vesta autoupdate settings
-# options: NONE
+# options: [FORMAT]
 #
 # The function for obtaining autoupdate setings.
 

bin/v-update-firewall

@@ -64,6 +64,19 @@ tmp=$(mktemp)
 echo "$iptables -P INPUT ACCEPT" >> $tmp
 echo "$iptables -F INPUT" >> $tmp
 
+# Enabling stateful support
+if [ "$conntrack" != 'no' ]; then
+    str="$iptables -A INPUT -m state"
+    str="$str --state ESTABLISHED,RELATED -j ACCEPT"
+    echo "$str" >> $tmp
+fi
+
+# Handling local traffic
+for ip in $(ls $VESTA/data/ips); do
+    echo "$iptables -A INPUT -s $ip -j ACCEPT" >> $tmp
+done
+echo "$iptables -A INPUT -s 127.0.0.1 -j ACCEPT" >> $tmp
+
 # Pasring iptables rules
 IFS=$'\n'
 for line in $(sort -r -n -k 2 -t \' $rules); do
@@ -100,25 +113,6 @@ for line in $(sort -r -n -k 2 -t \' $rules); do
     fi
 done
 
-# Handling local traffic
-for ip in $(ls $VESTA/data/ips); do
-    echo "$iptables -A INPUT -s $ip -j ACCEPT" >> $tmp
-done
-echo "$iptables -A INPUT -s 127.0.0.1 -j ACCEPT" >> $tmp
-IFS=$'\n'
-for p_rule in $(cat $ports); do
-    eval $p_rule
-    rule="$iptables -A INPUT -p $PROTOCOL"
-    echo "$rule --sport $PORT -j ACCEPT" >> $tmp
-done
-
-# Enabling stateful support
-if [ "$conntrack" != 'no' ]; then
-    str="$iptables -A INPUT -p tcp -m state"
-    str="$str --state ESTABLISHED,RELATED -j ACCEPT"
-    echo "$str" >> $tmp
-fi
-
 # Switching chain policy to DROP
 echo "$iptables -P INPUT DROP" >> $tmp
 

install/debian/7/exim/exim4.conf.template

@@ -227,7 +227,7 @@ procmail:
 autoreplay:
   driver = accept
   require_files = /etc/exim4/domains/$domain/autoreply.${local_part}.msg
-  condition = ${if exists{/etc/exim4/domains/$domain/autoreply.${local_part}.msg}}{yes}{no}}
+  condition = ${if exists{/etc/exim4/domains/$domain/autoreply.${local_part}.msg}{yes}{no}}
   retry_use_local_part
   transport = userautoreply
   unseen

install/debian/7/templates/web/nginx/php5-fpm/modx.stpl

@@ -0,0 +1,64 @@
+server {
+    listen      %ip%:%web_ssl_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl         on;
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+#   if you need to rewrite www to non-www uncomment bellow
+#   if ($host != '%domain%' ) {
+#       rewrite      ^/(.*)$  https://%domain%/$1  permanent;
+#    }
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location / {
+        try_files $uri $uri/ @rewrite;
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+    }
+    location @rewrite {
+        rewrite ^/(.*)$ /index.php?q=$1;
+    }
+
+	location ~ \.php$ {
+        	try_files $uri =404;
+            fastcgi_pass %backend_lsnr%;
+            fastcgi_index index.php;
+		    fastcgi_param SCRIPT_FILENAME $request_filename;
+            include /etc/nginx/fastcgi_params;
+        }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/nginx.%domain%.conf*;
+}

install/debian/7/templates/web/nginx/php5-fpm/modx.tpl

@@ -0,0 +1,60 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+#   if you need to rewrite www to non-www uncomment bellow
+#   if ($host != '%domain%' ) {
+#       rewrite      ^/(.*)$  http://%domain%/$1  permanent;
+#    }
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location / {
+        try_files $uri $uri/ @rewrite;
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+        }
+    }
+    location @rewrite {
+        rewrite ^/(.*)$ /index.php?q=$1;
+    }
+
+    location ~ \.php$ {
+        try_files $uri =404;
+        fastcgi_pass %backend_lsnr%;
+        fastcgi_index index.php;
+        fastcgi_param SCRIPT_FILENAME $request_filename;
+        include /etc/nginx/fastcgi_params;
+    }
+
+    error_page  403 /error/404.html;
+    error_page  404 /error/404.html;
+    error_page  500 502 503 504 /error/50x.html;
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     /etc/nginx/conf.d/webmail.inc*;
+
+    include     %home%/%user%/conf/web/nginx.%domain%.conf*;
+}

install/debian/7/templates/web/php5-fpm/no-php.tpl

@@ -1,13 +1,13 @@
-#[%backend%]
-#user = %user%
-#group = %user%
-#listen = /dev/null
+;[%backend%]
+;user = %user%
+;group = %user%
+;listen = /dev/null
 
-#listen.owner = %user%
-#listen.group = nginx
+;listen.owner = %user%
+;listen.group = nginx
 
-#pm = dynamic
-#pm.max_children = 50
-#pm.start_servers = 3
-#pm.min_spare_servers = 2
-#pm.max_spare_servers = 10
+;pm = dynamic
+;pm.max_children = 50
+;pm.start_servers = 3
+;pm.min_spare_servers = 2
+;pm.max_spare_servers = 10