initial commit of file from CVS for smeserver-phplist on Sat Sep 7 20:52:04 AEST 2024

root/etc/e-smith/db/accounts/defaults/lists/type

@@ -0,0 +1 @@
+url

root/etc/e-smith/db/configuration/defaults/phplist/DbName

@@ -0,0 +1 @@
+phplist

root/etc/e-smith/db/configuration/defaults/phplist/DbUser

@@ -0,0 +1 @@
+phplist

root/etc/e-smith/db/configuration/defaults/phplist/access

@@ -0,0 +1 @@
+private

root/etc/e-smith/db/configuration/defaults/phplist/status

@@ -0,0 +1 @@
+enabled

root/etc/e-smith/db/configuration/defaults/phplist/type

@@ -0,0 +1 @@
+service

root/etc/e-smith/db/configuration/migrate/phplist-database

@@ -0,0 +1,52 @@
+{
+    my $rec = $DB->get('phplist')
+        || $DB->new_record('phplist', {type => 'webapp'});
+    my $pw = $rec->prop('DbPassword');
+    if (not $pw or length($pw) < 57){
+        use MIME::Base64 qw(encode_base64);
+
+        $pw = "not set due to error";
+        if ( open( RANDOM, "/dev/urandom" ) ){
+            my $buf;
+            # 57 bytes is a full line of Base64 coding, and contains
+            # 456 bits of randomness - given a perfectly random /dev/random
+            if ( read( RANDOM, $buf, 57 ) != 57 ){
+                warn("Short read from /dev/random: $!");
+            }
+            else{
+                $pw = encode_base64($buf);
+                chomp $pw;
+            }
+            close RANDOM;
+        }
+        else{
+            warn "Could not open /dev/urandom: $!";
+        }
+        $rec->set_prop('DbPassword', $pw);
+    }
+    my $apw = $rec->prop('AdminPass');
+    if (not $apw or length($apw) < 20){
+        use MIME::Base64 qw(encode_base64);
+        $apw = "not set due to error";
+        if ( open( RANDOM, "/dev/urandom" ) ){
+            my $buf;
+            # 57 bytes is a full line of Base64 coding, and contains
+            # 456 bits of randomness - given a perfectly random /dev/random
+            if ( read( RANDOM, $buf, 20 ) != 20 ){
+                warn("Short read from /dev/random: $!");
+            }
+            else{
+                $apw = encode_base64($buf);
+                chomp $apw;
+            }
+            close RANDOM;
+        }
+        else{
+            warn "Could not open /dev/urandom: $!";
+        }
+        $rec->set_prop('AdminPass', $apw);
+    }
+   my $type = $rec->prop("type");
+   $rec->set_prop("type","service") unless ($type eq "service");
+
+}

root/etc/e-smith/events/actions/phplist-create-pseudo

@@ -0,0 +1,20 @@
+#!/usr/bin/perl -w
+
+use strict;
+use warnings;
+use esmith::AccountsDB;
+
+my $a = esmith::AccountsDB->open or die "Couldn't open AccountsDB\n";
+
+my $pseudo = $a->get('listreports');
+
+if (!$pseudo){
+  $a->new_record('listreports',{
+        type         => 'pseudonym',
+        Account      => 'admin'
+  });
+  unless ( system("/sbin/e-smith/signal-event", "pseudonym-create", "listreports") == 0 ){
+    die "Failed to create pseudonym listreports\n";
+  }
+}
+

root/etc/e-smith/events/actions/phplist-initialise

@@ -0,0 +1,6 @@
+#!/bin/bash
+password=$(config getprop phplist AdminPass)
+domain=$(config get DomainName)
+ADMIN_PASSWORD=$password ADMIN_EMAIL=admin@$domain phplist -pinitialise
+phplist -pdbcheck
+phplist -pupgrade

root/etc/e-smith/templates.metadata/etc/e-smith/sql/init/phplistdb

@@ -0,0 +1 @@
+PERMS=0750

root/etc/e-smith/templates.metadata/etc/phplist/config.php

@@ -0,0 +1,3 @@
+PERMS=0640
+UID="root"
+GID="www"

root/etc/e-smith/templates/etc/e-smith/sql/init/phplistdb

@@ -0,0 +1,46 @@
+{
+my $db = ${'phplist'}{'DbName'} || 'phplist';
+my $user = ${'phplist'}{'DbUser'} || 'phplist';
+my $pass = ${'phplist'}{'DbPassword'} || 'secret';
+
+$OUT .= <<"END";
+
+#! /bin/sh
+if [ ! -d /var/lib/mysql/$db ]; then
+	/usr/bin/mysql -e 'create database $db'
+fi
+
+
+/usr/bin/mysql <<EOF
+USE mysql;
+
+REPLACE INTO user (  
+                     host,
+                     user,
+                     password)
+            VALUES ( 
+                     'localhost',
+                     '${'phplist'}{DbUser}',
+                     PASSWORD ('${'phplist'}{DbPassword}'));
+
+
+REPLACE INTO db (  
+                   host,
+                   db,
+                   user,
+                   select_priv, insert_priv, update_priv, delete_priv,
+                   create_priv, alter_priv, index_priv, drop_priv, create_tmp_table_priv,
+                   grant_priv, lock_tables_priv, references_priv)
+          VALUES ( 
+                   'localhost',
+                   '${'phplist'}{DbName}',
+                   '${'phplist'}{DbUser}',
+                   'Y', 'Y', 'Y', 'Y',
+                   'Y', 'Y', 'Y', 'Y', 'Y',
+                   'N', 'Y', 'Y');
+
+FLUSH PRIVILEGES;
+
+EOF
+END
+}

root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/98phplist

@@ -0,0 +1,71 @@
+{
+
+my $status = $phplist{'status'} || 'disabled';
+my $access = $phplist{'access'} || 'private';
+my $auth   = $phplist{'Authentication'} || 'internal';
+my $alias  =  $phplist{'AliasOnPrimary'} || 'enabled';
+my $ver    = $sysconfig{'ReleaseVersion'} || '8.1';
+
+my $allow = ( $access eq 'public' ) ? 'all granted' : "ip $localAccess $externalSSLAccess";
+$alias = ($alias ne 'enabled') ? '' : 'Alias /lists /usr/share/phplist/www/';
+$auth = ( $auth eq 'http' ) ? 'AuthName "phplist"' . "\n" .
+                              "    AuthType Basic\n" .
+		              "    AuthBasicProvider external\n".
+                              "    AuthExternal pwauth\n".
+                              "    require valid-user\n" : '';
+
+if ($status eq 'enabled') {
+    $OUT .=<<"EOF";
+
+
+$alias
+<Directory /usr/share/phplist/www/>
+    Options None +FollowSymLinks
+    AllowOverride None
+    DirectoryIndex index.php
+    AddType application/x-httpd-php .php 
+    <FilesMatch "\\.(php|inc)\$">
+      Require all denied
+    </FilesMatch>
+    <FilesMatch "(index.php|dl.php|ut.php|lt.php|download.php|connector.php)\$">
+      Require all granted
+      SetHandler "proxy:unix:/var/run/php-fpm/php80-phplist.sock|fcgi://localhost"
+    </FilesMatch>
+    Require $allow
+</Directory>
+
+# Admin section
+<Directory /usr/share/phplist/www/admin>
+    SSLRequireSSL on
+    <FilesMatch "\\.(php|inc)\$">
+      Require all denied
+    </FilesMatch>
+    <FilesMatch "(index.php|connector.php|upload.php)\$">
+      SetHandler "proxy:unix:/var/run/php-fpm/php80-phplist.sock|fcgi://localhost"
+      Require all granted
+    </FilesMatch>
+    SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=\$1
+    <RequireAll>
+     Require $allow
+     $auth
+    </RequireAll>
+</Directory>
+
+<Directory /usr/share/phplist/www/admin/js>
+    <RequireAny>
+      Require $allow
+    </RequireAny>
+</Directory>
+
+<Directory /usr/share/phplist/www/admin/ui>
+    <RequireAny>
+      Require $allow
+    </RequireAny>
+</Directory>
+
+EOF
+}
+else{
+    $OUT .= "# PHPList is disabled\n";
+}
+}

root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/60PhplistSSL

@@ -0,0 +1,13 @@
+{
+my $sslport = $modSSL{'TCPPort'} || '443';
+my $alias = $phplist{'AliasOnPrimary'} || 'enabled';
+
+if ($port ne $sslport && $alias eq 'enabled'){
+
+    ## Redirect Web Address to Secure Address
+    $OUT .= "    RewriteEngine on\n";
+    $OUT .= "    RewriteRule ^/lists/admin(/.*|\$) https://%{HTTP_HOST}/lists/admin\$1 \[L,R\]\n";
+
+}
+}
+

root/etc/e-smith/templates/etc/php-fpm.d/www.conf/15phplist

@@ -0,0 +1,66 @@
+{
+
+if ($PHP_VERSION eq '80'){
+  if (($phplist{'status'} || 'disabled') eq 'enabled'){
+    my $max_upload_size = ($phplist{MaxUploadSize} || '6M');
+    $max_upload_size .= 'M' if ($max_upload_size =~ m/^\d+$/);
+    my $memory_limit = ($phplist{MemoryLimit} || '128M');
+    $memory_limit .= 'M' if ($memory_limit =~ m/^\d+$/);
+    my $open_basedir= $phplist{PHPBaseDir} || '';
+    $open_basedir = "/usr/share/phplist:/var/lib/phplist:/tmp:/etc/phplist:/var/log/phplist:/usr/share/php/auth_translation.php:$open_basedir";
+    my $id = 'phplist';
+    my $max_children = $phplist{'PHPmaxChildren'} || 20;
+    my $min_spare_servers = $phplist{'PHPminServers'} || 4;
+    my $start_servers = $phplist{'PHPstartServers'} || 6;
+    my $max_spare_servers = $phplist{'PHPmaxServers'} || 8;
+    my $max_requests = $phplist{'PHPmaxRequests'} || 1000;
+    $min_spare_servers = ( $min_spare_servers > $max_spare_servers ) ? printf("%.0f",$max_spare_servers/2) : $min_spare_servers;
+    $start_servers = ( $start_servers > $max_spare_servers ) ? printf("%.0f", $max_spare_servers /2 +  $min_spare_servers/2  ) : $start_servers;
+
+    $OUT .=<<_EOF;
+
+[php$PHP_VERSION-$id]
+user = www
+group = www
+listen.owner = root
+listen.group = www
+listen.mode = 0660
+listen = /var/run/php-fpm/php$PHP_VERSION-$id.sock
+pm = dynamic
+pm.max_children = $max_children
+pm.start_servers = $start_servers
+pm.min_spare_servers = $min_spare_servers
+pm.max_spare_servers = $max_spare_servers
+pm.max_requests = $max_requests
+php_admin_value[auto_prepend_file] = /usr/share/php/auth_translation.php
+php_admin_value[session.save_path] = /var/lib/php/$id/session
+php_admin_value[session.gc_maxlifetime] = 86400
+php_admin_value[opcache.file_cache]  = /var/lib/php/$id/opcache
+php_admin_value[upload_tmp_dir] = /var/lib/php/$id/tmp
+php_admin_value[error_log] = /var/log/php/$id/error.log
+slowlog = /var/log/php/phplist/slow.log
+php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f php@{ $DomainName }
+php_admin_flag[display_errors] = off
+php_admin_flag[log_errors] = on
+php_admin_value[error_log] = syslog
+php_admin_value[memory_limit] = $memory_limit
+php_admin_value[max_execution_time] = 3600
+php_admin_value[post_max_size] = $max_upload_size
+php_admin_value[upload_max_filesize] = $max_upload_size
+php_admin_value[disable_functions] = system, show_source, symlink, dl, passthru, phpinfo, escapeshellarg, escapeshellcmd
+php_admin_value[open_basedir] = $open_basedir
+php_admin_flag[allow_url_fopen] = on
+php_admin_flag[file_uploads] = on
+php_admin_flag[session.cookie_httponly] = on
+php_admin_flag[allow_url_include] = off
+php_admin_value[session.save_handler] = files
+php_admin_flag[output_buffering] = off
+
+_EOF
+
+  }
+  else{
+    $OUT .= '; phplist is disabled';
+  }
+}
+}

root/etc/e-smith/templates/etc/phplist/config.php/10Database

@@ -0,0 +1,15 @@
+{
+
+my $dbn = $phplist{'DbName'} || 'phplist';
+my $dbu = $phplist{'DbUser'} || 'phplist';
+my $dbp = $phplist{'DbPassword'} || 'secret';
+
+$OUT .=<<"HERE";
+
+\$database_host = "localhost";
+\$database_name = "$dbn";
+\$database_user = "$dbu";
+\$database_password = '$dbp';
+
+HERE
+}

root/etc/e-smith/templates/etc/phplist/config.php/15Smtp

@@ -0,0 +1 @@
+define("PHPMAILERHOST",'localhost');

root/etc/e-smith/templates/etc/phplist/config.php/20Test

@@ -0,0 +1 @@
+define ("TEST",0);

root/etc/e-smith/templates/etc/phplist/config.php/25Bounces

@@ -0,0 +1,7 @@
+$message_envelope = "phplistbounces@{$DomainName}";
+$bounce_protocol = 'mbox';
+define ("MANUALLY_PROCESS_BOUNCES",0);
+$bounce_mailbox = '/var/lib/phplist/bounces.mbox';
+$bounce_mailbox_purge = 1;
+$bounce_mailbox_purge_unprocessed = 1;
+$bounce_unsubscribe_threshold = 5;

root/etc/e-smith/templates/etc/phplist/config.php/30InstallName

@@ -0,0 +1 @@
+$installation_name = 'phpList {$DomainName}';

root/etc/e-smith/templates/etc/phplist/config.php/35Login

@@ -0,0 +1,9 @@
+$require_login = 1;
+$admin_auth_module = '{(($phplist{'Authentication'} || 'internal') eq 'internal') ? 'phplist_auth.inc':'external_auth.inc'}';
+define("REGISTER",0);
+define("MANUALLY_PROCESS_QUEUE",0);
+define('MAILQUEUE_THROTTLE',0.5);
+define('USE_DOMAIN_THROTTLE',0);
+define('DOMAIN_BATCH_SIZE',30);
+define('DOMAIN_BATCH_PERIOD',300);
+define('MAX_PROCESSQUEUE_TIME',900);

root/etc/e-smith/templates/etc/phplist/config.php/40Tracking

@@ -0,0 +1,12 @@
+{
+if (($phplist{'Tracking'} || 'disabled') eq 'enabled'){
+  $OUT .=<<"EOF";
+define('CLICKTRACK',1);
+define('CLICKTRACK_SHOWDETAIL',1);
+EOF
+}
+else{
+  $OUT .= '# Tracking is disabled';
+}
+}
+define("NOSTATSCOLLECTION",1);

root/etc/e-smith/templates/etc/phplist/config.php/45Queue

@@ -0,0 +1,3 @@
+define("MANUALLY_PROCESS_QUEUE",0);
+define('MAILQUEUE_THROTTLE',0);
+define('USE_DOMAIN_THROTTLE',0);

root/etc/e-smith/templates/etc/phplist/config.php/50Options

@@ -0,0 +1,15 @@
+$attachment_repository = '/var/lib/phplist/tmp';
+define("ALLOW_ATTACHMENTS",1);
+define('USE_ADMIN_DETAILS_FOR_MESSAGES',1);
+define("PLUGIN_ROOTDIR","/usr/share/phplist/www/admin/plugins");
+define("FCKIMAGES_DIR","uploadimages");
+define('UPLOADIMAGES_DIR','uploadimages');
+define("FORWARD_PERSONAL_NOTE_SIZE",500);
+$tmpdir = '/var/lib/phplist/tmp';
+{
+  my $lang = $phplist{'Language'} || '';
+  $lang .= ($lang =~ m/\.inc$/) ? '' : '.inc';
+  if ($lang ne '' && -e '/usr/share/phplist/www/texts/' . $lang){
+    $OUT .= '$language_module = \'' . $lang . '\';';
+  }
+}

root/etc/e-smith/templates/var/qmail/users/assign/90phplist

@@ -0,0 +1,2 @@
+=phplistbounces:www:102:102:/var/qmail/alias:-:phplistbounces:
++phplistbounces-:www:102:102:/var/qmail/alias:-:-phplistbounces-::

root/etc/e-smith/templates/var/service/qpsmtpd/config/goodrcptto/80phplist

@@ -0,0 +1,3 @@
+{
+    $OUT .= "phplistbounces\@$_\n" for (@domains);
+}

root/usr/lib/systemd/system/phplist.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=phplist process queues
+After=network-online.target
+
+[Service]
+ExecStartPre=-/sbin/e-smith/service-status phplist
+ExecStart=/usr/sbin/e-smith/systemd/phplist
+Restart=always
+Restartsec=10s
+RemainAfterExit=yes
+
+[Install]
+WantedBy=sme-server.target

root/usr/local/bin/phplist

@@ -0,0 +1,2 @@
+#!/bin/bash
+/usr/bin/php80 /usr/share/phplist/www/admin/index.php -c /etc/phplist/config.php $*

root/usr/sbin/e-smith/systemd/phplist

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+exec 2>&1
+
+cd /usr/local/bin/
+while true; do
+  /usr/local/bin/setuidgid www ./phplist -pprocessbounces
+  /usr/local/bin/setuidgid www ./phplist -pprocessqueue
+  sleep 120
+done

root/usr/share/phplist/www/admin/auth/external_auth.inc

@@ -0,0 +1,119 @@
+<?php
+
+require_once dirname(__FILE__).'/../accesscheck.php';
+
+$_REQUEST["login"] = $_SERVER["REMOTE_USER"];
+$_REQUEST["password"] = $_SERVER["REMOTE_USER"];
+
+class admin_auth {
+
+  function validateLogin($login,$password) {
+    if (isset($_SERVER["REMOTE_USER"]) && $_SERVER["REMOTE_USER"] !== ""){
+      $query = ' select password, disabled, id' .
+               ' from %s' .
+               ' where loginname = ?';
+      $query = sprintf($query, $GLOBALS['tables']['admin']);
+      $req = Sql_Query_Params($query, array($login));
+      $admindata = Sql_Fetch_Assoc($req);
+      // Nothing in the database yet ? Reject login
+      if (!$admindata['id']){
+        return array(0,s("Login failed"));
+      }
+      elseif ($admindata["disabled"]) {
+        return array(0,s("your account has been disabled"));
+      }
+      else{
+        return array($admindata['id'],"OK");
+      }
+    }
+    else{
+      return array(0,s("Login failed"));
+    }
+  }
+
+  function getPassword($email) {
+    $email = preg_replace("/[;,\"\']/","",$email);
+    $query = sprintf('select email, password, loginname from %s where email = ?', $GLOBALS['tables']['admin']);
+    $req = Sql_Query_Params($query, array($email));
+    if (Sql_Num_Rows($req)) {
+      $row = Sql_Fetch_Row($req);
+      return $row[1];
+    }
+  }
+
+  function validateAccount($id) {
+    /* can only do this after upgrade, which means
+     * that the first login will always fail
+    $query
+    = ' select id, disabled,password,privileges'
+    . ' from %s'
+    . ' where id = ?';
+    */
+
+    $query
+    = ' select id, disabled,password'
+    . ' from %s'
+    . ' where id = ?';
+
+    $query = sprintf($query, $GLOBALS['tables']['admin']);
+    $req = Sql_Query_Params($query, array($id));
+    $data = Sql_Fetch_Row($req);
+    if (!$data[0]) {
+      return array(0,s("No such account"));
+    } elseif ($data[1]) {
+      return array(0,s("your account has been disabled"));
+    }
+
+    ## do this seperately from above, to avoid lock out when the DB hasn't been upgraded.
+    ## so, ignore the error
+    $query
+    = ' select privileges'
+    . ' from %s'
+    . ' where id = ?';
+
+    $query = sprintf($query, $GLOBALS['tables']['admin']);
+    $req = Sql_Query_Params($query, array($id),1);
+    if ($req) {
+      $data = Sql_Fetch_Row($req);
+    } else {
+      $data = array();
+    }
+
+    if (!empty($data[0])) {
+      $_SESSION['privileges'] = unserialize($data[0]);
+    }
+    return array(1,"OK");
+  }
+
+  function adminName($id) {
+    $req = Sql_Fetch_Row_Query(sprintf('select loginname from %s where id = %d',$GLOBALS["tables"]["admin"],$id));
+    return $req[0] ? $req[0] : s("Nobody");
+  }
+
+  function adminEmail($id) {
+    $req = Sql_Fetch_Row_Query(sprintf('select email from %s where id = %d',$GLOBALS["tables"]["admin"],$id));
+    return $req[0] ? $req[0] : "";
+  }
+
+  function adminIdForEmail($email) { #Obtain admin Id from a given email address.
+    $req = Sql_Fetch_Row_Query(sprintf('select id from %s where email = "%s"',$GLOBALS["tables"]["admin"],sql_escape($email)));
+    return $req[0] ? $req[0] : "";
+  }
+
+  function isSuperUser($id) {
+    $req = Sql_Fetch_Row_Query(sprintf('select superuser from %s where id = %d',$GLOBALS["tables"]["admin"],$id));
+    return $req[0];
+  }
+
+  function listAdmins() {
+    $result = array();
+    $req = Sql_Query("select id,loginname from {$GLOBALS["tables"]["admin"]} order by loginname");
+    while ($row = Sql_Fetch_Array($req)) {
+      $result[$row["id"]] = $row["loginname"];
+    }
+    return $result;
+  }
+
+}
+
+?>

root/var/qmail/alias/.qmail-phplistbounces

@@ -0,0 +1 @@
+/var/lib/phplist/bounces.mbox