kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'master' of git.alternc.org:alternc

This commit is contained in:
root 2014-03-27 16:16:24 +01:00
parent 502dd726db 0f48d94c04
commit e243b63c7c
10 changed files with 493 additions and 443 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitattributes vendored
View File

@ -615,7 +615,6 @@ roundcube/class/m_roundcube.php -text
roundcube/roundcube-install -text
roundcube/roundcube_alternc_logo.png -text
roundcube/templates/apache2/roundcube.conf -text
roundcube/templates/logrotate.d/roundcube-core -text
roundcube/templates/roundcube/main.inc.php -text
roundcube/templates/roundcube/plugins/managesieve/config.inc.php -text
roundcube/templates/roundcube/plugins/password/config.inc.php -text

5
bureau/admin/hta_del.php
View File

@ -35,8 +35,9 @@ reset($_POST);
while (list($key,$val)=each($_POST)) {
if (substr($key,0,4)=="del_") {
// Effacement du dossier $val
$r=$hta->DelDir($val);
if (!$r) {
// $r=$hta->DelDir($val);
$return = $hta->DelDir($val);
if (!$return) {
$error.= $err->errstr()."<br />";
} else {
$error.= sprintf(_("The protected folder %s has been successfully unprotected"),$val)."<br />";

21
bureau/class/functions.php
View File

@ -863,27 +863,6 @@ function display_browser($dir="", $caller="main.dir", $width=350, $height=450) {
}
/**
* Insere un $wrap_string tous les $max caracteres dans $message
*
* @param string $message
* @param int $max
* @param string $wrap_string
* @return string
*/
function auto_wrap($message="",$max=10,$wrap_string="<wbr/>") {
$cpt = 0;
$mot = split(" ",$message);
while (isset($mot[$cpt]) && ($mot[$cpt] != "")){
if(@strlen($mot[$cpt]) > $max){
$nvmot = chunk_split ($mot[$cpt], $max, $wrap_string );
$message = str_replace($mot[$cpt], $nvmot, $message);
}
$cpt++;
}
return $message;
}
/**
* Converts HSV to RGB values
* -----------------------------------------------------

58
bureau/class/m_bro.php
View File

@ -99,12 +99,12 @@ class m_bro {
* @param string $dir
* @global m_mem $mem
* @param string $dir Dossier absolu que l'on souhaite vérifier
* @param boolean $strip
* @return false|string Retourne le nom du dossier vrifi, relatif au
* dossier de l'utilisateur courant, ventuellement corrig.
* @param integer $strip
* @return false|string Retourne le nom du dossier vérifié, relatif au
* dossier de l'utilisateur courant, éventuellement corrigé.
* ou FALSE si le dossier n'est pas dans le dossier de l'utilisateur.
*/
function convertabsolute($dir,$strip=true) {
function convertabsolute($dir,$strip = 1) {
global $mem;
$root = $this->get_user_root($mem->user["login"]);
// Sauvegarde du chemin de base.
@ -200,7 +200,7 @@ class m_bro {
function filelist($dir = "", $showdirsize = false) {
global $db,$cuid,$err;
$db->query("UPDATE browser SET lastdir = '$dir' WHERE uid = '$cuid';");
$absolute=$this->convertabsolute($dir,false);
$absolute = $this->convertabsolute($dir,0);
if (!$absolute || !file_exists($absolute)) {
$err->raise('bro',_("This directory do not exist"));
return false;
@ -260,10 +260,14 @@ class m_bro {
*/
function SetPrefs($editsizex, $editsizey, $listmode, $showicons, $downfmt, $createfile, $showtype, $editor_font, $editor_size, $golastdir) {
global $db,$cuid;
$editsizex=intval($editsizex); $editsizey=intval($editsizey);
$listmode=intval($listmode); $showicons=intval($showicons);
$showtype=intval($showtype); $downfmt=intval($downfmt);
$createfile=intval($createfile); $golastdir=intval($golastdir);
$editsizex = intval($editsizex);
$editsizey = intval($editsizey);
$listmode = intval($listmode);
$showicons = intval($showicons);
$showtype = intval($showtype);
$downfmt = intval($downfmt);
$createfile = intval($createfile);
$golastdir = intval($golastdir);
$db->query("SELECT * FROM browser WHERE uid = '".intval($cuid)."';");
if ($db->num_rows() == 0) {
$db->query("INSERT INTO browser (editsizex, editsizey, listmode, showicons, downfmt, createfile, showtype, uid, editor_font, editor_size, golastdir) VALUES (70, 21, 0, 0, 0, 0, 0, '".intval($cuid)."','Arial, Helvetica, Sans-serif','12px',1);");
@ -391,7 +395,7 @@ class m_bro {
function CreateDir($dir,$file) {
global $db,$cuid,$err;
$file = ssla($file);
$absolute=$this->convertabsolute($dir."/".$file,false);
$absolute = $this->convertabsolute($dir."/".$file,0);
#echo "$absolute";
if ($absolute && (!file_exists($absolute))) {
if (!mkdir($absolute,00777,true)) {
@ -420,7 +424,7 @@ class m_bro {
function CreateFile($dir,$file) {
global $db,$err,$cuid;
$file = ssla($file);
$absolute=$this->convertabsolute($dir."/".$file,false);
$absolute = $this->convertabsolute($dir."/".$file,0);
if (!$absolute || file_exists($absolute)) {
$err->raise("bro",_("File or folder name is incorrect"));
return false;
@ -448,7 +452,7 @@ class m_bro {
function DeleteFile($file_list,$R) {
global $err, $mem;
$root = realpath(getuserpath());
$absolute=$this->convertabsolute($R,false);
$absolute = $this->convertabsolute($R,0);
if (!$absolute && strpos($root,$absolute) === 0 && strlen($absolute) > (strlen($root)+1) ) {
$err->raise("bro",_("File or folder name is incorrect"));
return false;
@ -474,7 +478,7 @@ class m_bro {
*/
function RenameFile($R,$old,$new) {
global $err;
$absolute=$this->convertabsolute($R,false);
$absolute = $this->convertabsolute($R,0);
if (!$absolute) {
$err->raise("bro",_("File or folder name is incorrect"));
return false;
@ -508,7 +512,7 @@ class m_bro {
*/
function MoveFile($d,$old,$new) {
global $err;
$old=$this->convertabsolute($old,false);
$old = $this->convertabsolute($old,0);
if (!$old) {
$err->raise("bro",_("File or folder name is incorrect"));
return false;
@ -517,7 +521,7 @@ class m_bro {
if ($new[0] != '/') {
$new = $old . '/' . $new;
}
$new = $this->convertabsolute($new,false);
$new = $this->convertabsolute($new,0);
if (!$new) {
$err->raise("bro",_("File or folder name is incorrect"));
@ -548,7 +552,7 @@ class m_bro {
*/
function ChangePermissions($R,$d,$perm,$verbose = false) {
global $err;
$absolute=$this->convertabsolute($R,false);
$absolute = $this->convertabsolute($R,0);
if (!$absolute) {
$err->raise("bro",_("File or folder name is incorrect"));
return false;
@ -591,7 +595,7 @@ class m_bro {
*/
function UploadFile($R) {
global $_FILES,$err,$cuid,$action;
$absolute=$this->convertabsolute($R,false);
$absolute = $this->convertabsolute($R,0);
if (!$absolute) {
$err->raise("bro",_("File or folder name is incorrect"));
return false;
@ -647,11 +651,11 @@ class m_bro {
*/
function ExtractFile($file, $dest = null) {
global $err,$cuid,$mem,$action;
$file = $this->convertabsolute($file,false);
$file = $this->convertabsolute($file,0);
if (is_null($dest)) {
$dest = dirname($file);
} else {
$dest = $this->convertabsolute($dest,false);
$dest = $this->convertabsolute($dest,0);
}
if (!$file || !$dest) {
$err->raise("bro",_("File or folder name is incorrect"));
@ -696,12 +700,12 @@ class m_bro {
*/
function CopyFile($d,$old,$new) {
global $err;
$old=$this->convertabsolute($old,false);
$old = $this->convertabsolute($old,0);
if (!$old) {
$err->raise("bro",_("File or folder name is incorrect"));
return false;
}
$new=$this->convertabsolute($new,false);
$new = $this->convertabsolute($new,0);
if (!$new) {
$err->raise("bro",_("File or folder name is incorrect"));
return false;
@ -757,7 +761,7 @@ class m_bro {
* @return string Le code HTML ainsi obtenu.
*/
function PathList($path,$action, $justparent = false) {
$path=$this->convertabsolute($path,true);
$path = $this->convertabsolute($path,1);
$a = explode("/",$path);
if (!is_array($a)) $a = array($a);
$c = '';
@ -789,7 +793,7 @@ class m_bro {
*/
function content($R,$file) {
global $err;
$absolute=$this->convertabsolute($R,false);
$absolute = $this->convertabsolute($R,0);
if (!strpos($file,"/")) {
$absolute .= "/".$file;
if (file_exists($absolute)) {
@ -987,7 +991,7 @@ class m_bro {
*/
function save($file,$R,$texte) {
global $err;
$absolute=$this->convertabsolute($R,false);
$absolute = $this->convertabsolute($R,0);
if (!strpos($file,"/")) {
$absolute .= "/".$file;
if (file_exists($absolute)) {
@ -1015,7 +1019,7 @@ class m_bro {
header("Content-Disposition: attachment; filename = ".$mem->user["login"].".Z");
header("Content-Type: application/x-Z");
header("Content-Transfer-Encoding: binary");
$d=escapeshellarg(".".$this->convertabsolute($dir,true));
$d = escapeshellarg(".".$this->convertabsolute($dir,1));
set_time_limit(0);
passthru("/bin/tar -cZ -C ".getuserpath()."/".$mem->user["login"]."/ $d");
}
@ -1033,7 +1037,7 @@ class m_bro {
header("Content-Disposition: attachment; filename = ".$mem->user["login"].".tgz");
header("Content-Type: application/x-tgz");
header("Content-Transfer-Encoding: binary");
$d=escapeshellarg(".".$this->convertabsolute($dir,true));
$d = escapeshellarg(".".$this->convertabsolute($dir,1));
set_time_limit(0);
passthru("/bin/tar -cz -C ".getuserpath()."/ $d");
}
@ -1051,7 +1055,7 @@ class m_bro {
header("Content-Disposition: attachment; filename = ".$mem->user["login"].".tar.bz2");
header("Content-Type: application/x-bzip2");
header("Content-Transfer-Encoding: binary");
$d=escapeshellarg(".".$this->convertabsolute($dir,true));
$d = escapeshellarg(".".$this->convertabsolute($dir,1));
set_time_limit(0);
passthru("/bin/tar -cj -C ".getuserpath()."/ $d");
}

117
bureau/class/m_hta.php
View File

@ -40,7 +40,6 @@
class m_hta {
/*---------------------------------------------------------------------------*/
/**
* Constructor
*/
@ -50,11 +49,17 @@ class m_hta {
/**
* Password kind used in this class (hook for admin class)
*
* @return array
*/
function alternc_password_policy() {
return array("hta"=>"Protected folders passwords");
}
/**
*
* @return array
*/
function hook_menu() {
$obj = array(
'title' => _("Protected folders"),
@ -67,11 +72,16 @@ class m_hta {
}
/*---------------------------------------------------------------------------*/
/**
* Create a protected folder (.htaccess et .htpasswd)
* @param string $dir Folder to protect (relative to user root)
* @return boolean TRUE if the folder has been protected, or FALSE if an error occurred
*
* @global m_mem $mem
* @global m_bro $bro
* @global m_err $err
* @param string $dir
* @return boolean
*/
function CreateDir($dir) {
global $mem,$bro,$err;
@ -110,12 +120,13 @@ class m_hta {
}
/*---------------------------------------------------------------------------*/
/**
* Returns the list of all user folder currently protected by a .htpasswd file
*
* @global m_err $err
* @global m_mem $mem
* @return array Array containing user folder list
*/
function ListDir(){
global$err,$mem;
$err->log("hta","listdir");
@ -137,11 +148,13 @@ class m_hta {
return $r;
}
/*---------------------------------------------------------------------------*/
/**
* Tells if a folder is protected.
*
* @global m_mem $mem
* @global m_err $err
* @param string $dir Folder to check
* @return boolean if the folder is protected, or FALSE if it is not
* @return boolean If the folder is protected, or FALSE if it is not
*/
function is_protected($dir){
global $mem,$err;
@ -155,9 +168,11 @@ class m_hta {
}
/*---------------------------------------------------------------------------*/
/**
* Returns the list of login for a protected folder.
*
* @global m_mem $mem
* @global m_err $err
* @param string $dir The folder to lookup (relative to user root)
* @return array An array containing the list of logins from the .htpasswd file, or FALSE
*/
@ -176,7 +191,7 @@ class m_hta {
if (!$file) {
return false;
}
// TODO: Tester la validit<EFBFBD> du .htpasswd
// TODO: Tester la validité du .htpasswd
while (!feof($file)) {
$s = fgets($file,1024);
$t = explode(":",$s);
@ -190,35 +205,79 @@ class m_hta {
}
/*---------------------------------------------------------------------------*/
/**
* Unprotect a folder
*
* @global m_mem $mem
* @global m_bro $bro
* @global m_err $err
* @param string $dir Folder to unprotect, relative to user root
* @param boolean $skip For testing purpose mainly, skips the full user path search
* @return boolean TRUE if the folder has been unprotected, or FALSE if an error occurred
*/
function DelDir($dir) {
function DelDir($dir,$skip = 0) {
global $mem,$bro,$err;
$err->log("hta","deldir",$dir);
$dir=$bro->convertabsolute($dir,0);
$dir = $bro->convertabsolute($dir,$skip);
if (!$dir) {
$err->raise("hta",printf(("The folder '%s' does not exist"),$dir));
return false;
}
if (!@unlink("$dir/.htaccess")) {
$err->raise("hta",printf(_("I cannot delete the file '%s/.htaccess'"),$dir));
return false;
$htaccess_file = "$dir/.htaccess";
if( !is_readable($htaccess_file)){
$err->raise("hta",printf(_("I cannot read the file '%s'"),$htaccess_file));
}
if (!@unlink("$dir/.htpasswd")) {
$fileLines = file($htaccess_file);
$patternList = array(
"AuthUserFile.*$",
"AuthName.*$",
"AuthType Basic.*$",
"require valid-user.*$"
);
$count_lines = 0;
foreach($fileLines as $key => $line){
foreach ($patternList as $pattern) {
if(preg_match("/".$pattern."/", $line)){
$count_lines++;
unset($fileLines[$key]);
}
}
}
// If no changes
if( ! $count_lines ){
$err->raise("hta",printf(_("Unexpected: No changes made to '%s'"),$htaccess_file));
}
// If file is empty, remove it
if( !count($fileLines)){
if( ! unlink( $htaccess_file)){
$err->raise("hta",printf(_("I could not delete the file '%s'"),$htaccess_file));
}
}else{
file_put_contents($htaccess_file, implode("\n",$fileLines));
}
$htpasswd_file = "$dir/.htpasswd";
$perms = substr(sprintf('%o', fileperms($dir)), -4);
if( ! is_writable($htpasswd_file)){
$err->raise("hta",printf(_("I cannot read the file '%s'"),$htpasswd_file));
}
else if ( ! unlink($htpasswd_file)) {
$err->raise("hta",printf(_("I cannot delete the file '%s/.htpasswd'"),$dir));
return false;
}
return true;
}
/*---------------------------------------------------------------------------*/
/**
* Add a user to a protected folder
*
* @global m_err $err
* @global m_bro $bro
* @global m_admin $admin
* @param string $user
* @param string $password
* @param string $dir
* @param string $password The password to add (cleartext)
* @param string $dir The folder we add it to (relative to user root).
* @return boolean TRUE if the user has been added, or FALSE if an error occurred
@ -276,9 +335,13 @@ class m_hta {
}
/*---------------------------------------------------------------------------*/
/**
*/
/**
* Delete a user from a protected folder.
*
* @global m_bro $bro
* @global m_err $err
* @param array $lst An array with login to delete.
* @param string $dir The folder, relative to user root, where we want to delete users.
* @return boolean TRUE if users has been deleted, or FALSE if an error occurred.
@ -316,14 +379,23 @@ class m_hta {
}
/*---------------------------------------------------------------------------*/
/**
* Change the password of a user in a protected folder
* @param string $user The users whose password should be changed
* @param string $newpass The new password of this user
* @param string $dir The folder, relative to user root, in which we will change a password
* @return boolean TRUE if the password has been changed, or FALSE if an error occurred
*/
/**
* Change the password of a user in a protected folder
*
* @global m_bro $bro
* @global m_err $err
* @global m_admin $admin
* @param string $user
* @param string $newpass
* @param string $dir
* @return boolean
*/
function change_pass($user,$newpass,$dir) {
global $bro,$err,$admin;
$err->log("hta","change_pass",$user."/".$dir);
@ -363,14 +435,15 @@ class m_hta {
}
/*---------------------------------------------------------------------------*/
/**
* Check that a .htaccess file is valid (for authentication)
*
* @global m_err $err
* @param type $absolute
* @param string $absolute Folder we want to check (relative to user root)
* @return boolean TRUE is the .htaccess is protecting this folder, or FALSE else
* @access private
*/
function _reading_htaccess($absolute) {
private function _reading_htaccess($absolute) {
global $err;
$err->log("hta","_reading_htaccess",$absolute);
$file = fopen("$absolute/.htaccess","r+");

2
phpunit/bootstrap.php
View File

@ -156,4 +156,4 @@ $mem = new \m_mem();
$err = new \m_err();
$authip = new \m_authip();
$hooks = new \m_hooks();
$bro = new \m_bro();

35
phpunit/tests/bureau/class/m_htaTest.php
View File

@ -9,6 +9,9 @@ class m_htaTest extends PHPUnit_Framework_TestCase
*/
protected $object;
const PATH_HTACCESS = "/tmp/.htaccess";
const PATH_HTPASSWD = "/tmp/.htpasswd";
/**
* Sets up the fixture, for example, opens a network connection.
* This method is called before a test is executed.
@ -16,6 +19,10 @@ class m_htaTest extends PHPUnit_Framework_TestCase
protected function setUp()
{
parent::setUp();
touch(self::PATH_HTACCESS);
touch(self::PATH_HTPASSWD);
$file_content = "AuthUserFile \"/tmp/.htpasswd\"\nAuthName \"Restricted area\"\nAuthType Basic\nrequire valid-user\n";
file_put_contents(self::PATH_HTACCESS,$file_content);
$this->object = new m_hta;
}
@ -26,6 +33,12 @@ class m_htaTest extends PHPUnit_Framework_TestCase
protected function tearDown()
{
parent::tearDown();
if(file_exists(self::PATH_HTACCESS)){
unlink (self::PATH_HTACCESS);
}
if(file_exists(self::PATH_HTPASSWD)){
unlink (self::PATH_HTPASSWD);
}
}
/**
@ -114,14 +127,26 @@ class m_htaTest extends PHPUnit_Framework_TestCase
/**
* @covers m_hta::DelDir
* @todo Implement testDelDir().
*/
public function testDelDir()
{
// Remove the following lines when you implement this test.
$this->markTestIncomplete(
'This test has not been implemented yet.'
);
$result = $this->object->DelDir("/tmp",TRUE);
$this->assertTrue($result);
$this->assertFileNotExists(self::PATH_HTACCESS);
$this->assertFileNotExists(self::PATH_HTPASSWD);
}
/**
* @covers m_hta::DelDir
*/
public function testDelDirNotEmpty()
{
file_put_contents(self::PATH_HTACCESS, "\nphpunit", FILE_APPEND);
$result = $this->object->DelDir("/tmp",TRUE);
$this->assertTrue($result);
$this->assertFileExists(self::PATH_HTACCESS);
$this->assertFileNotExists(self::PATH_HTPASSWD);
$this->assertTrue("phpunit" == trim(file_get_contents(self::PATH_HTACCESS)));
}
/**

18
roundcube/roundcube-install
View File

@ -28,7 +28,7 @@ then
# cp -f /etc/alternc/templates/roundcube/avelsieve-config.php /etc/alternc/templates/roundcube/apache.conf /etc/roundcube/
# cp -f /etc/alternc/templates/javascript-common/javascript-common.conf /etc/javascript-common/
LOGIN="2000_roundcube"
LOGIN="0000_roundcube"
PASSWORD="`perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..10)'`"
DESKEY="`perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..24)'`"
@ -40,7 +40,6 @@ then
# Configuration template location
TEMPLATE_DIR="/etc/alternc/templates"
CONFIG_FILES="etc/roundcube/main.inc.php etc/roundcube/plugins/password/config.inc.php etc/roundcube/plugins/managesieve/config.inc.php"
LOGROTATE_FILES="etc/logrotate.d/roundcube-core"
cat > $SED_SCRIPT <<EOF
s\\%%ALTERNC_LOC%%\\$ALTERNC_LOC\\;
@ -62,14 +61,6 @@ EOF
echo " Done"
for file in $LOGROTATE_FILES; do
TEMPLATE="$TEMPLATE_DIR/${file##etc/}"
echo -n " $file"
if [ -f "$TEMPLATE" ]; then
cat $TEMPLATE > /$file
fi
done
echo " Done"
. /usr/lib/alternc/functions.sh
@ -99,10 +90,3 @@ EOF
fi
#This is necessary because upgrading roundcube from 7.1 to 7.2 changes this setting
if [ "$1" = "end" ]; then
chown alternc-roundcube:root /etc/roundcube/main.inc.php
fi

4
roundcube/templates/apache2/roundcube.conf
View File

@ -1,7 +1,7 @@
<VirtualHost *:80>
ServerName %%fqdn%%
AssignUserId alternc-roundcube nogroup
SetEnv LOGIN "%%UID%%-%%LOGIN%%"
AssignUserId www-data www-data
SetEnv LOGIN "0000-roundcube"
DocumentRoot /var/lib/roundcube

15
roundcube/templates/logrotate.d/roundcube-core
View File

@ -1,15 +0,0 @@
######
# Configuration file of Roundcube's logrotate for AlternC
#
# /!\ WARNING /!\ Do not edit this file, edit the one in
# /etc/alternc/templates/logrotate.d/ and launch alternc.install again.
######
/var/log/roundcube/password /var/log/roundcube/errors /var/log/roundcube/sendmail /var/log/roundcube/userlogins {
create 0640 alternc-roundcube root
compress
missingok
notifempty
rotate 52
weekly
}