From e1ceb050e19c7574bca146a8da7047ee4ff456b5 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Sun, 10 Jul 2016 05:02:35 -0400
Subject: [PATCH] Merge branch 'stable-3.1'
---
server/plugins-available/xmpp_plugin.inc.php | 156 +++++++++++++++++++++++++++++++++++++++++++++++++--
1 files changed, 149 insertions(+), 7 deletions(-)
diff --git a/server/plugins-available/xmpp_plugin.inc.php b/server/plugins-available/xmpp_plugin.inc.php
index 1b177e7..128a88e 100644
--- a/server/plugins-available/xmpp_plugin.inc.php
+++ b/server/plugins-available/xmpp_plugin.inc.php
@@ -1,9 +1,7 @@
<?php
-
-// TODO Plugin bei Installation symlinken in plugins-enabled!
/*
-Copyright (c) 2007, Till Brehm, projektfarm Gmbh
+Copyright (c) 2015 Michael Fürmann, Spicy Web (spicyweb.de)
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
@@ -35,8 +33,11 @@
var $plugin_name = 'xmpp_server_plugin';
var $class_name = 'xmpp_server_plugin';
-
var $xmpp_config_dir = '/etc/metronome';
+
+ var $ssl_certificate_changed = false;
+ var $ssl_certificate_deleted = false;
+
//* This function is called during ispconfig installation to determine
// if a symlink shall be created for this plugin.
@@ -64,6 +65,11 @@
$app->plugins->registerEvent('server_insert', 'xmpp_plugin', 'insert');
$app->plugins->registerEvent('server_update', 'xmpp_plugin', 'update');
+
+ $app->plugins->registerEvent('xmpp_domain_insert', 'xmpp_plugin', 'ssl');
+ $app->plugins->registerEvent('xmpp_domain_update', 'xmpp_plugin', 'ssl');
+ $app->plugins->registerEvent('xmpp_domain_delete', 'xmpp_plugin', 'ssl');
+
$app->plugins->registerEvent('xmpp_domain_insert', 'xmpp_plugin', 'domainInsert');
$app->plugins->registerEvent('xmpp_domain_update', 'xmpp_plugin', 'domainUpdate');
$app->plugins->registerEvent('xmpp_domain_delete', 'xmpp_plugin', 'domainDelete');
@@ -91,20 +97,22 @@
$old_ini_data = $app->ini_parser->parse_ini_string($data['old']['config']);
$xmpp_config = $app->getconf->get_server_config($conf['server_id'], 'xmpp');
+ // Global server config
$tpl = new tpl();
$tpl->newTemplate('metronome_conf_global.master');
-
$tpl->setVar('ipv6', $xmpp_config['xmpp_use_ipv6']=='y'?'true':'false');
$tpl->setVar('bosh_timeout', intval($xmpp_config['xmpp_bosh_max_inactivity']));
$tpl->setVar('port_http', intval($xmpp_config['xmpp_port_http']));
$tpl->setVar('port_https', intval($xmpp_config['xmpp_port_https']));
$tpl->setVar('port_pastebin', intval($xmpp_config['xmpp_port_pastebin']));
$tpl->setVar('port_bosh', intval($xmpp_config['xmpp_port_bosh']));
+ // Global server admins (for all hosted domains)
$admins = '';
foreach(explode(',', $xmpp_config['xmpp_server_admins']) AS $a)
$admins.= "\t\"".trim($a)."\",\n";
$tpl->setVar('server_admins', $admins);
unset($admins);
+ // enabled modules, so own modules or simmilar prosody-modules can easily be added
$modules = '';
foreach(explode(',', $xmpp_config['xmpp_modules_enabled']) AS $m)
$modules.= "\t\"".trim($m)."\",\n";
@@ -113,6 +121,7 @@
$app->system->file_put_contents($this->xmpp_config_dir.'/global.cfg.lua', $tpl->grab());
unset($tpl);
+ $app->services->restartServiceDelayed('metronome', 'restart');
return;
}
@@ -139,13 +148,14 @@
$tpl->setVar('domain', $data['new']['domain']);
$tpl->setVar('active', $data['new']['active'] == 'y' ? 'true' : 'false');
$tpl->setVar('public_registration', $data['new']['public_registration'] == 'y' ? 'true' : 'false');
-
+ // Domain admins
$admins = array();
foreach(explode(',',$data['new']['domain_admins']) AS $adm){
$admins[] = trim($adm);
}
$tpl->setVar('domain_admins', "\t\t\"".implode("\",\n\t\t\"",$admins)."\"\n");
+ // Enable / Disable features
if($data['new']['use_pubsub']=='y'){
$tpl->setVar('use_pubsub', 'true');
$status_comps[] = 'pubsub.'.$data['new']['domain'];
@@ -178,6 +188,7 @@
$status_comps[] = 'muc.'.$data['new']['domain'];
$tpl->setVar('muc_restrict_room_creation', $data['new']['muc_restrict_room_creation']);
$tpl->setVar('muc_name', strlen($data['new']['muc_name']) ? $data['new']['muc_name'] : $data['new']['domain'].' Chatrooms');
+ // Admins for MUC channels
$admins = array();
foreach(explode(',',$data['new']['muc_admins']) AS $adm){
$admins[] = trim($adm);
@@ -192,6 +203,10 @@
}
+ // Check for SSL
+ if(strlen($data['new']['ssl_cert']) && strlen($data['new']['ssl_key']) && !$this->ssl_certificate_deleted || $this->ssl_certificate_changed)
+ $tpl->setVar('ssl_cert', true);
+
$app->system->file_put_contents($this->xmpp_config_dir.'/hosts/'.$data['new']['domain'].'.cfg.lua', $tpl->grab());
unset($tpl);
@@ -205,6 +220,8 @@
$app->system->file_put_contents($this->xmpp_config_dir.'/status/'.$data['new']['domain'].'.cfg.lua', $tpl->grab());
unset($tpl);
}
+
+ $app->services->restartServiceDelayed('metronome', 'reload');
}
function domainDelete($event_name, $data){
@@ -226,7 +243,7 @@
exec('rm -rf /var/lib/metronome/'.$folder);
exec('rm -rf /var/lib/metronome/*%2e'.$folder);
- $app->services->restartServiceDelayed('metronome', 'restart');
+ $app->services->restartServiceDelayed('metronome', 'reload');
}
function userInsert($event_name, $data){
@@ -250,6 +267,131 @@
exec('metronomectl deluser '.$data['old']['jid']);
}
+ // Handle the creation of SSL certificates
+ function ssl($event_name, $data) {
+ global $app, $conf;
+
+ $app->uses('system,tpl');
+
+ // load the server configuration options
+ $app->uses('getconf');
+ $web_config = $app->getconf->get_server_config($conf['server_id'], 'web');
+
+ $ssl_dir = '/etc/metronome/certs';
+ $domain = $data['new']['domain'];
+ $cnf_file = $ssl_dir.'/'.$domain.'.cnf';
+ $key_file = $ssl_dir.'/'.$domain.'.key';
+ $csr_file = $ssl_dir.'/'.$domain.'.csr';
+ $crt_file = $ssl_dir.'/'.$domain.'.cert';
+
+ //* Create a SSL Certificate, but only if this is not a mirror server.
+ if($data['new']['ssl_action'] == 'create' && $conf['mirror_server_id'] == 0) {
+
+ $this->ssl_certificate_changed = true;
+
+ //* Rename files if they exist
+ if(file_exists($cnf_file)) $app->system->rename($cnf_file, $cnf_file.'.bak');
+ if(file_exists($key_file)){
+ $app->system->rename($key_file, $key_file.'.bak');
+ $app->system->chmod($key_file.'.bak', 0400);
+ $app->system->chown($key_file.'.bak', 'metronome');
+ }
+ if(file_exists($csr_file)) $app->system->rename($csr_file, $csr_file.'.bak');
+ if(file_exists($crt_file)) $app->system->rename($crt_file, $crt_file.'.bak');
+
+ // Write new CNF file
+ $tpl = new tpl();
+ $tpl->newTemplate('metronome_conf_ssl.master');
+ $tpl->setVar('domain', $domain);
+ $tpl->setVar('ssl_country', $data['new']['ssl_country']);
+ $tpl->setVar('ssl_locality', $data['new']['ssl_locality']);
+ $tpl->setVar('ssl_organisation', $data['new']['ssl_organisation']);
+ $tpl->setVar('ssl_organisation_unit', $data['new']['ssl_organisation_unit']);
+ $tpl->setVar('ssl_email', $data['new']['ssl_email']);
+ $app->system->file_put_contents($cnf_file, $tpl->grab());
+
+ // Generate new key, csr and cert
+ exec("(cd /etc/metronome/certs && make $domain.key)");
+ exec("(cd /etc/metronome/certs && make $domain.csr)");
+ exec("(cd /etc/metronome/certs && make $domain.cert)");
+
+ $ssl_key = $app->system->file_get_contents($key_file);
+ $app->system->chmod($key_file, 0400);
+ $app->system->chown($key_file, 'metronome');
+ $ssl_request = $app->system->file_get_contents($csr_file);
+ $ssl_cert = $app->system->file_get_contents($crt_file);
+ /* Update the DB of the (local) Server */
+ $app->db->query("UPDATE xmpp_domain SET ssl_request = ?, ssl_cert = ?, ssl_key = ? WHERE domain = ?", $ssl_request, $ssl_cert, $ssl_key, $data['new']['domain']);
+ $app->db->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
+ /* Update also the master-DB of the Server-Farm */
+ $app->dbmaster->query("UPDATE xmpp_domain SET ssl_request = ?, ssl_cert = ?, ssl_key = ? WHERE domain = ?", $ssl_request, $ssl_cert, $ssl_key, $data['new']['domain']);
+ $app->dbmaster->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
+ $app->log('Creating XMPP SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
+ }
+
+ //* Save a SSL certificate to disk
+ if($data["new"]["ssl_action"] == 'save') {
+ $this->ssl_certificate_changed = true;
+
+ //* Rename files if they exist
+ if(file_exists($cnf_file)) $app->system->rename($cnf_file, $cnf_file.'.bak');
+ if(file_exists($key_file)){
+ $app->system->rename($key_file, $key_file.'.bak');
+ $app->system->chmod($key_file.'.bak', 0400);
+ $app->system->chown($key_file.'.bak', 'metronome');
+ }
+ if(file_exists($csr_file)) $app->system->rename($csr_file, $csr_file.'.bak');
+ if(file_exists($crt_file)) $app->system->rename($crt_file, $crt_file.'.bak');
+
+ //* Write new ssl files
+ if(trim($data["new"]["ssl_request"]) != '')
+ $app->system->file_put_contents($csr_file, $data["new"]["ssl_request"]);
+ if(trim($data["new"]["ssl_cert"]) != '')
+ $app->system->file_put_contents($crt_file, $data["new"]["ssl_cert"]);
+
+ //* Write the key file, if field is empty then import the key into the db
+ if(trim($data["new"]["ssl_key"]) != '') {
+ $app->system->file_put_contents($key_file, $data["new"]["ssl_key"]);
+ $app->system->chmod($key_file, 0400);
+ $app->system->chown($key_file, 'metronome');
+ } else {
+ $ssl_key = $app->system->file_get_contents($key_file);
+ /* Update the DB of the (local) Server */
+ $app->db->query("UPDATE xmpp_domain SET ssl_key = ? WHERE domain = ?", $ssl_key, $data['new']['domain']);
+ /* Update also the master-DB of the Server-Farm */
+ $app->dbmaster->query("UPDATE xmpp_domain SET ssl_key = '$ssl_key' WHERE domain = ?", $data['new']['domain']);
+ }
+
+ /* Update the DB of the (local) Server */
+ $app->db->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
+
+ /* Update also the master-DB of the Server-Farm */
+ $app->dbmaster->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
+ $app->log('Saving XMPP SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
+ }
+
+ //* Delete a SSL certificate
+ if($data['new']['ssl_action'] == 'del') {
+ $this->ssl_certificate_deleted = true;
+ $app->system->unlink($csr_file);
+ $app->system->unlink($crt_file);
+ $app->system->unlink($key_file);
+ $app->system->unlink($cnf_file);
+ $app->system->unlink($csr_file.'.bak');
+ $app->system->unlink($crt_file.'.bak');
+ $app->system->unlink($key_file.'.bak');
+ $app->system->unlink($cnf_file.'.bak');
+ /* Update the DB of the (local) Server */
+ $app->db->query("UPDATE xmpp_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = ?", $data['new']['domain']);
+ $app->db->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
+ /* Update also the master-DB of the Server-Farm */
+ $app->dbmaster->query("UPDATE xmpp_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = ?", $data['new']['domain']);
+ $app->dbmaster->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
+ $app->log('Deleting SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
+ }
+
+ }
+
} // end class
?>
--
Gitblit v1.9.1