From 7e0e74375fbd8d542e1a7e4b247a0c74cdf52a2d Mon Sep 17 00:00:00 2001 From: John Soros Date: Sun, 5 May 2019 03:47:13 +0200 Subject: [PATCH 1/9] allow override of MultiViews option in .htaccess --- etc/alternc/templates/apache2/vhost-https.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/alternc/templates/apache2/vhost-https.conf b/etc/alternc/templates/apache2/vhost-https.conf index 5438454c..1f5ed85d 100644 --- a/etc/alternc/templates/apache2/vhost-https.conf +++ b/etc/alternc/templates/apache2/vhost-https.conf @@ -24,7 +24,7 @@ php_admin_value sendmail_path '/usr/lib/alternc/sendmail "%%mail_account%%" ' php_admin_flag mail.add_x_header on Options +MultiViews -FollowSymLinks +SymLinksIfOwnerMatch - AllowOverride AuthConfig FileInfo Limit Options Indexes + AllowOverride AuthConfig FileInfo Limit Options Indexes Options=All,MultiViews SSLEngine On From ade7a3f29fdf7a87ce85f094300353b467ff664a Mon Sep 17 00:00:00 2001 From: John Soros Date: Mon, 13 May 2019 19:54:25 +0100 Subject: [PATCH 2/9] allow override of MultiViews option in .htaccess also for vhosts hosted using http and http+https --- etc/alternc/templates/apache2/vhost-both.conf | 4 ++-- etc/alternc/templates/apache2/vhost-http.conf | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/etc/alternc/templates/apache2/vhost-both.conf b/etc/alternc/templates/apache2/vhost-both.conf index 4240975a..51883cc5 100644 --- a/etc/alternc/templates/apache2/vhost-both.conf +++ b/etc/alternc/templates/apache2/vhost-both.conf @@ -11,7 +11,7 @@ php_admin_value sendmail_path '/usr/lib/alternc/sendmail "%%mail_account%%" ' php_admin_flag mail.add_x_header on Options +MultiViews -FollowSymLinks +SymLinksIfOwnerMatch - AllowOverride AuthConfig FileInfo Limit Options Indexes + AllowOverride AuthConfig FileInfo Limit Options Indexes Options=All,MultiViews @@ -29,7 +29,7 @@ php_admin_value sendmail_path '/usr/lib/alternc/sendmail "%%mail_account%%" ' php_admin_flag mail.add_x_header on Options +MultiViews -FollowSymLinks +SymLinksIfOwnerMatch - AllowOverride AuthConfig FileInfo Limit Options Indexes + AllowOverride AuthConfig FileInfo Limit Options Indexes Options=All,MultiViews SSLEngine On diff --git a/etc/alternc/templates/apache2/vhost-http.conf b/etc/alternc/templates/apache2/vhost-http.conf index df6165f2..a910a2ec 100644 --- a/etc/alternc/templates/apache2/vhost-http.conf +++ b/etc/alternc/templates/apache2/vhost-http.conf @@ -30,7 +30,7 @@ php_admin_value sendmail_path '/usr/lib/alternc/sendmail "%%mail_account%%" ' php_admin_flag mail.add_x_header on Options -MultiViews -FollowSymLinks +SymLinksIfOwnerMatch - AllowOverride AuthConfig FileInfo Limit Options Indexes + AllowOverride AuthConfig FileInfo Limit Options Indexes Options=All,MultiViews Order allow,deny Allow from all Require all granted From 39dba8188b09bd61e563a5e75e6c98e4e86bdab3 Mon Sep 17 00:00:00 2001 From: Kienan Stewart Date: Mon, 13 May 2019 17:28:05 -0400 Subject: [PATCH 3/9] Fix domain deletion query Fixes #336 --- bureau/class/m_dom.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bureau/class/m_dom.php b/bureau/class/m_dom.php index 7d94e238..a3d8199d 100644 --- a/bureau/class/m_dom.php +++ b/bureau/class/m_dom.php @@ -1928,7 +1928,7 @@ class m_dom { } if ($onedom["dns_action"]=="DELETE") { - $db->query("DELETE FROM domaines WHERE domaine=?;",array($onedom)); + $db->query("DELETE FROM domaines WHERE domaine=?;",array($onedom['domaine'])); } else { // we keep the highest result returned by hooks... rsort($ret,SORT_NUMERIC); $returncode=$ret[0]; From f6860ed2be4ec02215e8aff2a7b4d6f5d9183492 Mon Sep 17 00:00:00 2001 From: Kienan Stewart Date: Tue, 14 May 2019 12:13:44 -0400 Subject: [PATCH 4/9] Use pma_sso script to connect PhpMyAdmin from admin menu Refs #335 --- bureau/class/m_admin.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bureau/class/m_admin.php b/bureau/class/m_admin.php index 29bce577..7668b63a 100644 --- a/bureau/class/m_admin.php +++ b/bureau/class/m_admin.php @@ -106,7 +106,7 @@ class m_admin { ); $obj['links'][] = array( 'txt' => _("PhpMyAdmin"), - 'url' => '/alternc-sql/', + 'url' => 'sql_pma_sso.php', 'class' => 'adminmenu', 'target' => '_blank', ); From 70184caa3af2fcc8dd9cbb2ec23092b4dfe00fb2 Mon Sep 17 00:00:00 2001 From: Kienan Stewart Date: Tue, 14 May 2019 12:14:25 -0400 Subject: [PATCH 5/9] Return an error when attempting to connect to PHPMyAdmin with no DBs Refs #335 --- bureau/class/m_mysql.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/bureau/class/m_mysql.php b/bureau/class/m_mysql.php index 64ab4cfb..28d648c6 100644 --- a/bureau/class/m_mysql.php +++ b/bureau/class/m_mysql.php @@ -157,9 +157,15 @@ class m_mysql { function php_myadmin_connect() { global $db, $cuid, $msg; $msg->log("mysql", "php_myadmin_connect"); + $db->query("SELECT count(0) as count from db where uid = ?;", array($cuid)); + $db->next_record(); + if ($db->f('count') == 0) { + $msg->raise("ERROR", "mysql", _("Cannot connect to PhpMyAdmin, no databases for user {$cuid}")); + return false; + } $db->query("SELECT dbu.name,dbu.password, dbs.host FROM dbusers dbu, db_servers dbs, membres m WHERE dbu.uid= ? and enable='ADMIN' and dbs.id=m.db_server_id and m.uid= ? ;", array($cuid, $cuid)); if (!$db->num_rows()) { - $msg->raise("ERROR", "mysql", _("Cannot connect to PhpMyAdmin")); + $msg->raise("ERROR", "mysql", _("Cannot connect to PhpMyAdmin, no admin user for uid {$cuid}")); return false; } $db->next_record(); From 82c87c43e0c225160ddc4e69cf06fbda267eddbf Mon Sep 17 00:00:00 2001 From: Kienan Stewart Date: Tue, 14 May 2019 12:15:00 -0400 Subject: [PATCH 6/9] Increase blowfish secret length from 24 to 32 Refs #335 --- install/alternc.install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/alternc.install b/install/alternc.install index c367e367..1e980597 100755 --- a/install/alternc.install +++ b/install/alternc.install @@ -240,7 +240,7 @@ fi PUBLIC_IP_BEGIN=$(echo $PUBLIC_IP|cut -c 1) # Secret for PhpMyAdmin sessions -PHPMYADMIN_BLOWFISH="$(generate_string 24)" +PHPMYADMIN_BLOWFISH="$(generate_string 32)" # XXX: I assume this is secure if /tmp is sticky (+t) # we should have a better way to deal with templating, of course. From f3207ec2f15c4ad7055c3c9bdc52bb103dc2f630 Mon Sep 17 00:00:00 2001 From: Kienan Stewart Date: Tue, 14 May 2019 12:15:23 -0400 Subject: [PATCH 7/9] Override owner and group for phpmyadmin lib files Refs #335 --- install/alternc.install | 2 ++ 1 file changed, 2 insertions(+) diff --git a/install/alternc.install b/install/alternc.install index 1e980597..b152fdbe 100755 --- a/install/alternc.install +++ b/install/alternc.install @@ -714,6 +714,8 @@ done # Fix phpmyadmin import trac#1557 test -d "/var/lib/phpmyadmin/tmp" && dpkg-statoverride --update --add www-data alterncpanel 0775 "/var/lib/phpmyadmin/tmp" 2>/dev/null || true test -f "/etc/phpmyadmin/config-db.php" && dpkg-statoverride --update --add www-data alterncpanel 0644 "/etc/phpmyadmin/config-db.php" 2>/dev/null || true +test -f "/var/lib/phpmyadmin/blowfish_secret.inc.php" && dpkg-statoverride --update --add www-data alterncpanel 0660 "/var/lib/phpmyadmin/blowfish_secret.inc.php" 2> /dev/null || true +test -f "/var/lib/phpmyadmin/config.inc.php" && dpkg-statoverride --update --add www-data alterncpanel 0660 "/var/lib/phpmyadmin/config.inc.php" 2> /dev/null || true # hook run-parts --arg=end /usr/lib/alternc/install.d From 53570e236a0d7dfe7f60e3fa1d893be9b72117e7 Mon Sep 17 00:00:00 2001 From: Kienan Stewart Date: Wed, 15 May 2019 17:46:15 -0400 Subject: [PATCH 8/9] Enter default db_server information before templating Refs #335 --- install/alternc.install | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/install/alternc.install b/install/alternc.install index b152fdbe..f0318208 100755 --- a/install/alternc.install +++ b/install/alternc.install @@ -90,6 +90,23 @@ lock_jobs # hook run-parts --arg=startup /usr/lib/alternc/install.d +####################################################################### +# Enter the initial database configuration if needed +# + +# Creating admin user if needed +# This is done before any templating, since it adds the default database server. +# User feedback is provided near the end of the script. +HAS_ROOT=`mysql --defaults-file=/etc/alternc/my.cnf -e "SELECT COUNT(*) FROM membres WHERE login = 'admin' OR login = 'root' and su = 1" | tail -1` +if [ "$HAS_ROOT" != "1" ] ; then + echo "Creating admin user..." + echo "" + + su - alterncpanel -s /bin/bash -c /usr/share/alternc/install/newone.php + NEWONE_RETVAL=$? +fi + + ####################################################################### # Script configuration # @@ -606,15 +623,8 @@ chown alterncpanel:adm /var/log/alternc/bureau.log /var/log/alternc/update_domai # Launch a script that will populate AlternC variables as needed su - alterncpanel -s /bin/bash -c /usr/share/alternc/install/variables.php -# Creating admin user if needed -HAS_ROOT=`mysql --defaults-file=/etc/alternc/my.cnf -e "SELECT COUNT(*) FROM membres WHERE login = 'admin' OR login = 'root' and su = 1" | tail -1` - if [ "$HAS_ROOT" != "1" ]; then - echo "Creating admin user..." - echo "" - - if su - alterncpanel -s /bin/bash -c /usr/share/alternc/install/newone.php - then + if [ "$NEWONE_RETVAL" ] ; then echo "*******************************************" echo "* *" echo "* Admin account *" @@ -626,7 +636,7 @@ if [ "$HAS_ROOT" != "1" ]; then echo "* *" echo "*******************************************" else - echo "Unable to create the first AlternC account (named 'admin'). newone.php returned $?. Check your MySQL database, PHP, and the /etc/alternc/local.sh file. Also check for any error above during install." + echo "Unable to create the first AlternC account (named 'admin'). newone.php returned $NEWONE_RETVAL. Check your MySQL database, PHP, and the /etc/alternc/local.sh file. Also check for any error above during install." fi else ##UPDATE default db_server following /etc/alternc/my.cnf values From bb6d5c68637a394134222a4fa210e7fcf8c4a96d Mon Sep 17 00:00:00 2001 From: Kienan Stewart Date: Fri, 12 Jul 2019 14:46:36 -0400 Subject: [PATCH 9/9] Fix insert query failure during import_cert The sslcsr is just set to an empty string so that the query works properly. Without it, queries fail since sslcsr does not have a default value set. Improved the detail of the messages logged during the failure of that query as well. --- bureau/class/m_ssl.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bureau/class/m_ssl.php b/bureau/class/m_ssl.php index dcae0c9f..d88855e8 100644 --- a/bureau/class/m_ssl.php +++ b/bureau/class/m_ssl.php @@ -511,11 +511,13 @@ INSTR(CONCAT(sd.sub,IF(sd.sub!='','.',''),sd.domaine),'.')+1))=? $altnames = $this->parseAltNames($crtdata["extensions"]["subjectAltName"]); // Everything is PERFECT and has been thoroughly checked, let's insert those in the DB ! + // The sslcsr column is required as it has no default value, giving it an empty value. $db->query( - "INSERT INTO certificates SET uid=?, status=?, fqdn=?, altnames=?, validstart=FROM_UNIXTIME(?), validend=FROM_UNIXTIME(?), sslkey=?, sslcrt=?, sslchain=?, provider=?;", + "INSERT INTO certificates SET uid=?, status=?, fqdn=?, altnames=?, validstart=FROM_UNIXTIME(?), validend=FROM_UNIXTIME(?), sslkey=?, sslcrt=?, sslchain=?, provider=?, sslcsr = '';", array($cuid, self::STATUS_OK, $fqdn, $altnames, intval($validstart), intval($validend), $key, $crt, $chain, $provider) ); if (!($id = $db->lastid())) { + $msg->log('ssl', 'impoert_cert', 'insert query failed (' . print_r($db->last_error(), TRUE) . ')'); $msg->raise("ERROR","ssl", _("Can't save the Key/Crt/Chain now. Please try later.")); return false; }