Compare commits
27 Commits
11_0_0-3_e
...
11_0_0-25_
Author | SHA1 | Date | |
---|---|---|---|
74d45e3c8e | |||
507734d114 | |||
0dfb543664 | |||
8c05c61008 | |||
e4b308e422 | |||
5c4bf19137 | |||
5b938b2987 | |||
3e5231bf84 | |||
6547750d1e | |||
e3e3f2a823 | |||
ed89fb60f4 | |||
ea9bb397dc | |||
0ef4afa787 | |||
4404c2d3f4 | |||
bf6e1e3560 | |||
7738719049 | |||
5a1f39efb3 | |||
8e4fd3be1e | |||
c5e0b6f5aa | |||
d0fb8284d6 | |||
2a87d8e1ba | |||
dbc88b9a2c | |||
cae29fee3b | |||
8a0ed79245 | |||
ed1a112bef | |||
bd36aaf8a1 | |||
0777b5a082 |
2
.gitignore
vendored
2
.gitignore
vendored
@@ -2,3 +2,5 @@
|
||||
*.log
|
||||
*spec-20*
|
||||
*.tar.xz
|
||||
*.bak
|
||||
*gz
|
||||
|
126
LICENSE
126
LICENSE
@@ -1,73 +1,119 @@
|
||||
Apache License
|
||||
Version 2.0, January 2004
|
||||
http://www.apache.org/licenses/
|
||||
GNU GENERAL PUBLIC LICENSE
|
||||
Version 2, June 1991
|
||||
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
|
||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
||||
|
||||
1. Definitions.
|
||||
Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
|
||||
|
||||
"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
|
||||
Preamble
|
||||
|
||||
"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
|
||||
The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too.
|
||||
|
||||
"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
|
||||
When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things.
|
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
|
||||
To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it.
|
||||
|
||||
"Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.
|
||||
For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights.
|
||||
|
||||
"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.
|
||||
We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software.
|
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
|
||||
Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations.
|
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
|
||||
Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all.
|
||||
|
||||
"Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
|
||||
The precise terms and conditions for copying, distribution and modification follow.
|
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
|
||||
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
|
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
|
||||
0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you".
|
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
|
||||
Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does.
|
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
|
||||
1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program.
|
||||
|
||||
(a) You must give any other recipients of the Work or Derivative Works a copy of this License; and
|
||||
You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.
|
||||
|
||||
(b) You must cause any modified files to carry prominent notices stating that You changed the files; and
|
||||
2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:
|
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
|
||||
a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change.
|
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
|
||||
b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.
|
||||
|
||||
You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
|
||||
c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.)
|
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
|
||||
These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.
|
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
|
||||
Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program.
|
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
|
||||
In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.
|
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
|
||||
3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:
|
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.
|
||||
a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
|
||||
|
||||
b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
|
||||
|
||||
c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)
|
||||
|
||||
The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.
|
||||
|
||||
If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code.
|
||||
|
||||
4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.
|
||||
|
||||
5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it.
|
||||
|
||||
6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.
|
||||
|
||||
7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program.
|
||||
|
||||
If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances.
|
||||
|
||||
It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.
|
||||
|
||||
This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.
|
||||
|
||||
8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.
|
||||
|
||||
9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.
|
||||
|
||||
Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation.
|
||||
|
||||
10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.
|
||||
|
||||
NO WARRANTY
|
||||
|
||||
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
|
||||
|
||||
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
APPENDIX: How to apply the Apache License to your work.
|
||||
How to Apply These Terms to Your New Programs
|
||||
|
||||
To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives.
|
||||
If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms.
|
||||
|
||||
Copyright [yyyy] [name of copyright owner]
|
||||
To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
one line to give the program's name and an idea of what it does. Copyright (C) yyyy name of author
|
||||
|
||||
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Also add information on how to contact you by electronic and paper mail.
|
||||
|
||||
If the program is interactive, make it output a short notice like this when it starts in an interactive mode:
|
||||
|
||||
Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details.
|
||||
|
||||
The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program.
|
||||
|
||||
You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names:
|
||||
|
||||
Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker.
|
||||
|
||||
signature of Ty Coon, 1 April 1989 Ty Coon, President of Vice
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
|
@@ -6,7 +6,14 @@ SMEServer Koozali developed git repo for smeserver-base smeserver
|
||||
<br />https://wiki.koozali.org/
|
||||
|
||||
## Bugzilla
|
||||
Show list of outstanding bugs: [here](https://bugs.koozali.org/buglist.cgi?component=smeserver-base&product=SME%20Server%2010.X&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED)\
|
||||
Show list of outstanding bugs:
|
||||
[All](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=UNCONFIRMED&bug_status=CONFIRMED&bug_status=NEEDINFO&bug_status=IN_PROGRESS&bug_status=RESOLVED&bug_status=VERIFIED&cf_package=smeserver-base&classification=SME+Server&list_id=105756&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)
|
||||
[Confirmed](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=CONFIRMED&cf_package=smeserver-base&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)
|
||||
[Unconfirmed](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=UNCONFIRMED&cf_package=smeserver-base&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)
|
||||
[Need info](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=NEEDINFO&cf_package=smeserver-base&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)
|
||||
[In progress](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=IN_PROGRESS&cf_package=smeserver-base&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)
|
||||
[Resolved](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=RESOLVED&cf_package=smeserver-base&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)
|
||||
[Verified](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=VERIFIED&cf_package=smeserver-base&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)
|
||||
And a list of outstanding Legacy bugs: (e-smith-base) [here](https://bugs.koozali.org/buglist.cgi?component=e-smith-base&product=SME%20Server%2010.X&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED)
|
||||
|
||||
## Description
|
||||
|
@@ -1 +0,0 @@
|
||||
D
|
@@ -1 +0,0 @@
|
||||
rpms/e-smith-base/sme10/e-smith-base-5.8.0
|
@@ -1 +0,0 @@
|
||||
:ext:jpp@shell.koozali.org:/cvs/smeserver
|
@@ -1,672 +0,0 @@
|
||||
#!/usr/bin/perl -w
|
||||
|
||||
use esmith::Build::CreateLinks qw(:all);
|
||||
|
||||
templates2events("/etc/sysconfig/i18n", qw(post-install post-upgrade e-smith-base-update));
|
||||
|
||||
templates2events("/etc/selinux/config", qw(post-install post-upgrade e-smith-base-update));
|
||||
|
||||
# give the correct configuration file of dhcpd.conf
|
||||
templates2events("/etc/dhcp/dhcpd.conf", qw(bootstrap-console-save e-smith-base-update));
|
||||
|
||||
# ppp-conf-users
|
||||
|
||||
foreach (qw(pap-secrets chap-secrets))
|
||||
{
|
||||
templates2events("/etc/ppp/$_", qw(
|
||||
bootstrap-console-save
|
||||
console-save
|
||||
remoteaccess-update
|
||||
e-smith-base-update));
|
||||
}
|
||||
|
||||
foreach (qw(
|
||||
/var/service/wan/pppoe.pppd.conf
|
||||
/var/service/wan/run.pppoe.conf
|
||||
/etc/ppp/ip-down.local
|
||||
/etc/ppp/ip-up.local
|
||||
))
|
||||
{
|
||||
templates2events("$_", qw(
|
||||
console-save
|
||||
bootstrap-console-save
|
||||
e-smith-base-update
|
||||
));
|
||||
}
|
||||
|
||||
safe_symlink("daemontools", "root/etc/rc.d/init.d/wan");
|
||||
service_link_enhanced("wan", "S37", "7");
|
||||
service_link_enhanced("wan", "K90", "6");
|
||||
service_link_enhanced("wan", "K90", "0");
|
||||
service_link_enhanced("wan", "K90", "1");
|
||||
|
||||
# conf-dialup
|
||||
foreach (qw(
|
||||
/etc/sysconfig/network-scripts/ifcfg-ppp0
|
||||
/etc/sysconfig/network-scripts/chat-ppp0
|
||||
/etc/ppp/ip-up.local
|
||||
/etc/ppp/ip-down.local
|
||||
/etc/diald.conf
|
||||
/etc/diald.filter
|
||||
/etc/diald/link
|
||||
/var/service/ippp/config
|
||||
/etc/ppp/ioptions
|
||||
))
|
||||
{
|
||||
templates2events($_, qw(console-save bootstrap-console-save e-smith-base-update));
|
||||
}
|
||||
|
||||
# conf-networking
|
||||
|
||||
foreach (qw(
|
||||
/etc/sysconfig/network-scripts/ifcfg-bond0
|
||||
/etc/modprobe.d/bonding.conf
|
||||
/etc/sysconfig/network
|
||||
/etc/nsswitch.conf
|
||||
/etc/HOSTNAME
|
||||
/etc/hosts
|
||||
/etc/resolv.conf
|
||||
/etc/sysctl.conf
|
||||
/var/service/wan/dhclient.config
|
||||
))
|
||||
{
|
||||
templates2events($_, qw(console-save bootstrap-console-save e-smith-base-update));
|
||||
}
|
||||
event_link("update-ifcfg", "console-save", "05");
|
||||
event_link("update-ifcfg", "bootstrap-console-save", "05");
|
||||
|
||||
# conf-other
|
||||
|
||||
templates2events("/etc/crontab", qw(
|
||||
console-save
|
||||
bootstrap-console-save
|
||||
post-install
|
||||
post-upgrade
|
||||
email-update
|
||||
logrotate
|
||||
e-smith-base-update
|
||||
));
|
||||
templates2events("/etc/mime.types", qw(
|
||||
console-save
|
||||
bootstrap-console-save
|
||||
post-install
|
||||
post-upgrade
|
||||
email-update
|
||||
logrotate
|
||||
e-smith-base-update
|
||||
));
|
||||
templates2events("/etc/sysconfig/rsyslog", qw(
|
||||
console-save
|
||||
bootstrap-console-save
|
||||
post-install
|
||||
post-upgrade
|
||||
email-update
|
||||
logrotate
|
||||
e-smith-base-update
|
||||
));
|
||||
templates2events("/etc/rsyslog.conf", qw(
|
||||
console-save
|
||||
bootstrap-console-save
|
||||
post-install
|
||||
post-upgrade
|
||||
email-update
|
||||
logrotate
|
||||
e-smith-base-update
|
||||
));
|
||||
templates2events("/etc/updatedb.conf", qw(
|
||||
bootstrap-console-save
|
||||
e-smith-base-update
|
||||
));
|
||||
templates2events("/etc/openssl.conf", qw(
|
||||
console-save
|
||||
bootstrap-console-save
|
||||
post-install
|
||||
post-upgrade
|
||||
domain-create
|
||||
domain-delete
|
||||
network-create
|
||||
network-delete
|
||||
ip-change
|
||||
e-smith-base-update
|
||||
));
|
||||
|
||||
# conf-routes
|
||||
event_link("update-ifcfg", "network-create", "05");
|
||||
event_link("update-ifcfg", "network-delete", "05");
|
||||
|
||||
# conf-security
|
||||
|
||||
templates2events("/etc/securetty", qw(
|
||||
console-save
|
||||
bootstrap-console-save
|
||||
ibay-create
|
||||
ibay-delete
|
||||
ibay-modify
|
||||
ibay-modify-servers
|
||||
network-create
|
||||
network-delete
|
||||
ip-change
|
||||
email-update
|
||||
remoteaccess-update
|
||||
e-smith-base-update
|
||||
));
|
||||
templates2events("/etc/services", qw(
|
||||
console-save
|
||||
bootstrap-console-save
|
||||
ibay-create
|
||||
ibay-delete
|
||||
ibay-modify
|
||||
ibay-modify-servers
|
||||
network-create
|
||||
network-delete
|
||||
ip-change
|
||||
email-update
|
||||
remoteaccess-update
|
||||
e-smith-base-update
|
||||
));
|
||||
templates2events("/etc/shells", qw(
|
||||
console-save
|
||||
bootstrap-console-save
|
||||
ibay-create
|
||||
ibay-delete
|
||||
ibay-modify
|
||||
ibay-modify-servers
|
||||
network-create
|
||||
network-delete
|
||||
ip-change
|
||||
email-update
|
||||
remoteaccess-update
|
||||
e-smith-base-update
|
||||
));
|
||||
templates2events("/etc/hosts.deny", qw(
|
||||
console-save
|
||||
bootstrap-console-save
|
||||
ibay-create
|
||||
ibay-delete
|
||||
ibay-modify
|
||||
ibay-modify-servers
|
||||
network-create
|
||||
network-delete
|
||||
ip-change
|
||||
email-update
|
||||
remoteaccess-update
|
||||
e-smith-base-update
|
||||
));
|
||||
templates2events("/etc/hosts.allow", qw(
|
||||
console-save
|
||||
bootstrap-console-save
|
||||
ibay-create
|
||||
ibay-delete
|
||||
ibay-modify
|
||||
ibay-modify-servers
|
||||
network-create
|
||||
network-delete
|
||||
ip-change
|
||||
email-update
|
||||
remoteaccess-update
|
||||
e-smith-base-update
|
||||
));
|
||||
foreach my $file (qw(
|
||||
/etc/pam.d/login
|
||||
/etc/pam.d/system-auth
|
||||
/etc/pam.d/passwd
|
||||
/etc/pam.d/pwauth
|
||||
/etc/pam_ldap.conf
|
||||
/etc/pam_ldap.secret
|
||||
/etc/security/pam_abl.conf
|
||||
))
|
||||
{
|
||||
templates2events($file, qw(console-save bootstrap-console-save e-smith-base-update));
|
||||
}
|
||||
|
||||
foreach (qw(
|
||||
/etc/cpu.conf
|
||||
/etc/cpu-system.conf
|
||||
))
|
||||
{
|
||||
templates2events("$_", qw(
|
||||
post-upgrade
|
||||
console-save
|
||||
bootstrap-console-save
|
||||
ldap-update
|
||||
e-smith-base-update
|
||||
));
|
||||
}
|
||||
|
||||
# conf-userlists
|
||||
|
||||
foreach (qw(users.allow accounts.allow accounts.deny))
|
||||
{
|
||||
templates2events("/etc/e-smith/pam/$_", qw(
|
||||
bootstrap-console-save
|
||||
ibay-create
|
||||
ibay-delete
|
||||
user-create
|
||||
user-delete
|
||||
password-modify
|
||||
e-smith-base-update
|
||||
));
|
||||
}
|
||||
|
||||
# fstab-conf
|
||||
|
||||
templates2events("/etc/fstab", qw(post-install post-upgrade e-smith-base-update));
|
||||
|
||||
# init-conf
|
||||
|
||||
templates2events("/etc/inittab", qw(
|
||||
console-save
|
||||
bootstrap-console-save
|
||||
post-install
|
||||
post-upgrade
|
||||
remoteaccess-update
|
||||
e-smith-base-update
|
||||
));
|
||||
|
||||
# lynx-conf
|
||||
|
||||
templates2events("/etc/lynx.cfg", qw(console-save bootstrap-console-save e-smith-base-update));
|
||||
templates2events("/etc/elinks.conf", qw(bootstrap-console-save e-smith-base-update));
|
||||
|
||||
#
|
||||
# Set up generic logfile timestamp renaming/symlinking
|
||||
|
||||
foreach (qw(
|
||||
/var/log/messages
|
||||
/var/log/boot.log
|
||||
/var/log/secure
|
||||
/var/log/cron
|
||||
/var/log/spooler
|
||||
/var/log/maillog
|
||||
))
|
||||
{
|
||||
safe_touch "root/etc/e-smith/events/logrotate/logfiles2timestamp/$_";
|
||||
safe_touch "root/etc/e-smith/events/post-install/logfiles2timestamp/$_";
|
||||
safe_touch "root/etc/e-smith/events/post-upgrade/logfiles2timestamp/$_";
|
||||
safe_touch "root/etc/e-smith/events/e-smith-base-update/logfiles2timestamp/$_";
|
||||
}
|
||||
|
||||
#--------------------------------------------------
|
||||
# functions for manager panel
|
||||
#--------------------------------------------------
|
||||
my $panel = "manager";
|
||||
|
||||
panel_link("groups", $panel);
|
||||
panel_link("localnetworks", $panel);
|
||||
panel_link("online-manual", $panel);
|
||||
panel_link("reboot", $panel);
|
||||
panel_link("remoteaccess", $panel);
|
||||
panel_link("review", $panel);
|
||||
panel_link("useraccounts", $panel);
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for e-smith-base-update event
|
||||
#--------------------------------------------------
|
||||
my $event = "e-smith-base-update";
|
||||
|
||||
|
||||
templates2events("/etc/smartd.conf", $event);
|
||||
templates2events("/home/e-smith/ssl.pem/pem", $event);
|
||||
event_link("fix-startup", $event, "05");
|
||||
event_link("rotate_timestamped_logfiles", $event, "05");
|
||||
event_link("init-accounts", $event, "05");
|
||||
event_link("set-hostname", $event, "10");
|
||||
event_link("rmmod-bonding", $event, "10");
|
||||
event_link("conf-startup", $event, "10");
|
||||
event_link("user-lock-passwd", $event, "15");
|
||||
event_link("group-modify-unix", $event, "15");
|
||||
event_link("update-passwd", $event, "20");
|
||||
event_link("count-active-user-accounts", $event, "25");
|
||||
event_link("conf-modules", $event, "30");
|
||||
event_link("create-mnt-floppy", $event, "50");
|
||||
event_link("conf-routes", $event, "89");
|
||||
event_link("reset-unsavedflag", $event, "95")
|
||||
|
||||
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/wan");
|
||||
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/dhcpd");
|
||||
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/rsyslog");
|
||||
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/crond");
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for console-save event
|
||||
#--------------------------------------------------
|
||||
my $event = "console-save";
|
||||
|
||||
|
||||
templates2events("/etc/smartd.conf", $event);
|
||||
templates2events("/home/e-smith/ssl.pem/pem", $event);
|
||||
event_link("set-hostname", $event, "10");
|
||||
event_link("conf-modules", $event, "30");
|
||||
event_link("conf-startup", $event, "60");
|
||||
event_link("reset-unsavedflag", $event, "95");
|
||||
|
||||
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/wan");
|
||||
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/dhcpd");
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for bootstrap-console-save event
|
||||
#--------------------------------------------------
|
||||
$event = "bootstrap-console-save";
|
||||
|
||||
|
||||
templates2events("/etc/smartd.conf", $event);
|
||||
templates2events("/home/e-smith/ssl.pem/pem", $event);
|
||||
event_link("rmmod-bonding", $event, "10");
|
||||
event_link("set-hostname", $event, "10");
|
||||
event_link("conf-modules", $event, "30");
|
||||
event_link("conf-startup", $event, "60");
|
||||
event_link("conf-routes", $event, "89");
|
||||
event_link("reset-unsavedflag", $event, "95");
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for bootstrap-ldap-save
|
||||
#--------------------------------------------------
|
||||
$event = "bootstrap-ldap-save";
|
||||
|
||||
templates2events("/etc/nsswitch.conf", $event);
|
||||
templates2events("/etc/pam.d/system-auth", $event);
|
||||
event_link("user-lock-passwd", $event, "15");
|
||||
event_link("user-modify-unix", $event, "15");
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for group-create event
|
||||
#--------------------------------------------------
|
||||
|
||||
$event = "group-create";
|
||||
|
||||
event_link("group-create-unix", $event, "04");
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for group-delete event
|
||||
#--------------------------------------------------
|
||||
|
||||
$event = "group-delete";
|
||||
|
||||
event_link("group-delete-unix", $event, "15");
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for group-modify event
|
||||
#--------------------------------------------------
|
||||
|
||||
$event = "group-modify";
|
||||
|
||||
event_link("group-modify-unix", $event, "15");
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for halt event
|
||||
#--------------------------------------------------
|
||||
|
||||
$event = "halt";
|
||||
|
||||
event_link("halt", $event, "70");
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for ip-change event
|
||||
#--------------------------------------------------
|
||||
|
||||
$event = "ip-change";
|
||||
|
||||
event_link("set-external-ip", $event, "03");
|
||||
event_link("update-dns", $event, "85");
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for network-create event
|
||||
#--------------------------------------------------
|
||||
|
||||
$event = "network-create";
|
||||
|
||||
event_link("conf-routes", $event, "89");
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for network-delete event
|
||||
#--------------------------------------------------
|
||||
|
||||
$event = "network-delete";
|
||||
|
||||
event_link("conf-routes", $event, "89");
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for post-install event
|
||||
#--------------------------------------------------
|
||||
|
||||
$event = "post-install";
|
||||
|
||||
event_link("fix-startup", $event, "05");
|
||||
event_link("rotate_timestamped_logfiles", $event, "05");
|
||||
event_link("init-accounts", $event, "05");
|
||||
event_link("init-passwords", $event, "10");
|
||||
event_link("conf-startup", $event, "10");
|
||||
event_link("conf-modules", $event, "30");
|
||||
event_link("create-mnt-floppy", $event, "50");
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for post-upgrade event
|
||||
#--------------------------------------------------
|
||||
|
||||
$event = "post-upgrade";
|
||||
|
||||
event_link("fix-startup", $event, "05");
|
||||
event_link("rotate_timestamped_logfiles", $event, "05");
|
||||
event_link("init-accounts", $event, "05");
|
||||
event_link("conf-startup", $event, "10");
|
||||
event_link("user-lock-passwd", $event, "15");
|
||||
event_link("group-modify-unix", $event, "15");
|
||||
event_link("update-passwd", $event, "20");
|
||||
event_link("count-active-user-accounts", $event, "25");
|
||||
event_link("conf-modules", $event, "30");
|
||||
event_link("create-mnt-floppy", $event, "50");
|
||||
event_link("copy-anaconda-logs", $event, "90");
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for reboot event
|
||||
#--------------------------------------------------
|
||||
|
||||
$event = "reboot";
|
||||
|
||||
safe_symlink("stop", "root/etc/e-smith/events/$event/services2adjust/wan");
|
||||
event_link("reboot", $event, "99");
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for remoteaccess-update event
|
||||
#--------------------------------------------------
|
||||
|
||||
$event = "remoteaccess-update";
|
||||
|
||||
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/dhcpd");
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for user-create event
|
||||
#--------------------------------------------------
|
||||
|
||||
$event = "user-create";
|
||||
|
||||
event_link("user-create-unix", $event, "04");
|
||||
event_link("count-active-user-accounts", $event, "25");
|
||||
event_link("user-group-modify", $event, "85");
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for user-delete event
|
||||
#--------------------------------------------------
|
||||
|
||||
$event = "user-delete";
|
||||
|
||||
event_link("user-delete-groups-and-pseudonyms", $event, "02");
|
||||
event_link("user-delete-unix", $event, "15");
|
||||
event_link("initialize-default-databases", $event, "23");
|
||||
event_link("count-active-user-accounts", $event, "25");
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for user-modify event
|
||||
#--------------------------------------------------
|
||||
|
||||
$event = "user-modify";
|
||||
|
||||
event_link("user-modify-unix", $event, "15");
|
||||
event_link("user-group-modify", $event, "85");
|
||||
|
||||
$event = "user-modify-admin";
|
||||
|
||||
event_link("user-modify-unix", $event, "15");
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for user-lock event
|
||||
#--------------------------------------------------
|
||||
|
||||
$event = "user-lock";
|
||||
|
||||
event_link("user-lock-passwd", $event, "15");
|
||||
event_link("count-active-user-accounts", $event, "25");
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for password-modify event
|
||||
#--------------------------------------------------
|
||||
|
||||
$event = "password-modify";
|
||||
|
||||
event_link("count-active-user-accounts", $event, "25");
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for timeserver-update event
|
||||
#--------------------------------------------------
|
||||
|
||||
$event = "timeserver-update";
|
||||
|
||||
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/crond");
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for ip-up event
|
||||
#--------------------------------------------------
|
||||
|
||||
$event = "ip-up";
|
||||
|
||||
event_link("set-gateway-ip", $event, "55");
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for ip-down event
|
||||
#--------------------------------------------------
|
||||
|
||||
$event = "ip-down";
|
||||
|
||||
event_link("isdn-down-notify", $event, "50");
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for logrotate event
|
||||
#--------------------------------------------------
|
||||
|
||||
$event = "logrotate";
|
||||
|
||||
event_link("rotate_timestamped_logfiles", $event, "05");
|
||||
event_link("purge-old-logs", $event, "75");
|
||||
|
||||
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/rsyslog");
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for local event
|
||||
#--------------------------------------------------
|
||||
|
||||
$event = "local";
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for ldap-update event
|
||||
#--------------------------------------------------
|
||||
|
||||
$event = "ldap-update";
|
||||
|
||||
templates2events("/home/e-smith/ssl.pem/pem", $event);
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for ldap-update event
|
||||
#--------------------------------------------------
|
||||
|
||||
$event = "ssl-update";
|
||||
|
||||
templates2events("/home/e-smith/ssl.pem/pem", $event);
|
||||
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for email-update event:
|
||||
# email parameters have been changed in the e-smith
|
||||
# manager; update system security, rewrite email config
|
||||
# files, configure other system files (crontab is the
|
||||
# important one), and restart server
|
||||
#--------------------------------------------------
|
||||
$event = "email-update";
|
||||
|
||||
|
||||
my %service2order =
|
||||
(
|
||||
# Start rsyslog up before network!
|
||||
raidmonitor => "15",
|
||||
network => "37",
|
||||
dhcpd => "65",
|
||||
'local' => "99",
|
||||
);
|
||||
|
||||
foreach my $service (keys %service2order)
|
||||
{
|
||||
service_link_enhanced($service, $service2order{$service}, 7);
|
||||
}
|
||||
|
||||
%service2order =
|
||||
(
|
||||
dhcpd => "K35",
|
||||
);
|
||||
|
||||
foreach my $service (keys %service2order)
|
||||
{
|
||||
service_link_enhanced($service, $service2order{$service}, 0);
|
||||
service_link_enhanced($service, $service2order{$service}, 6);
|
||||
service_link_enhanced($service, $service2order{$service}, 1);
|
||||
}
|
||||
|
||||
# Set up links to daemontools.
|
||||
safe_symlink("daemontools", "root/etc/rc.d/init.d/raidmonitor");
|
||||
|
||||
safe_symlink("run.dhclient", "root/var/service/wan/run.DHCPHostname");
|
||||
safe_symlink("run.dhclient", "root/var/service/wan/run.DHCPEthernetAddress");
|
||||
|
||||
# Local event
|
||||
safe_symlink("../daemontools", "root/etc/rc.d/init.d/supervise/local");
|
||||
safe_symlink("/var/service/local" , 'root/service/local');
|
||||
safe_touch("root/var/service/local/down");
|
||||
|
||||
# no template headers for /etc/pam_ldap.secret
|
||||
safe_touch("root/etc/e-smith/templates/etc/pam_ldap.secret/template-begin");
|
||||
|
||||
|
||||
system('mkdir -p root/usr/lib/systemd/system/multi-user.target.wants/');
|
||||
unlink "root/usr/lib/systemd/system/multi-user.target.wants/bootstrap-console.service";
|
||||
symlink("/usr/lib/systemd/system/bootstrap-console.service",
|
||||
"root/usr/lib/systemd/system/multi-user.target.wants/bootstrap-console.service")
|
||||
or die "Can't symlink to root/usr/lib/systemd/system/multi-user.target.wants/bootstrap-console.service: $!";
|
||||
|
||||
# languages links
|
||||
foreach (qw(fr-be fr-lu fr-mc fr-ch))
|
||||
{
|
||||
safe_symlink("fr", "root/etc/e-smith/locale/$_");
|
||||
}
|
||||
foreach (qw(en-bz en-ca en-ie en-in en-jm en-my en-ph en-sg en-tt en-za en-zw))
|
||||
{
|
||||
safe_symlink("en-us", "root/etc/e-smith/locale/$_");
|
||||
}
|
||||
foreach (qw(es-ar es-bo es-cl es-co es-cr es-do es-ec es-es es-gt es-hn es-mx es-ni es-pa es-pe es-pr es-py es-sv es-us es-uy es-ve))
|
||||
{
|
||||
safe_symlink("es", "root/etc/e-smith/locale/$_");
|
||||
}
|
||||
foreach (qw(de-at de-ch de-de de-li de-lu))
|
||||
{
|
||||
safe_symlink("de", "root/etc/e-smith/locale/$_");
|
||||
}
|
||||
foreach (qw(it-ch it-it))
|
||||
{
|
||||
safe_symlink("it", "root/etc/e-smith/locale/$_");
|
||||
}
|
||||
foreach (qw(ro-ro ro-md))
|
||||
{
|
||||
safe_symlink("ro", "root/etc/e-smith/locale/$_");
|
||||
}
|
||||
foreach (qw(sv-fi sv-se))
|
||||
{
|
||||
safe_symlink("sv", "root/etc/e-smith/locale/$_");
|
||||
}
|
||||
safe_symlink("zh-tw", "root/etc/e-smith/locale/zh-hk");
|
@@ -1 +0,0 @@
|
||||
sme10
|
68
createlinks
68
createlinks
@@ -2,14 +2,14 @@
|
||||
|
||||
use esmith::Build::CreateLinks qw(:all);
|
||||
|
||||
templates2events("/etc/sysconfig/i18n", qw(post-install post-upgrade e-smith-base-update));
|
||||
templates2events("/etc/sysconfig/i18n", qw(post-install post-upgrade smeserver-base-update));
|
||||
|
||||
templates2events("/etc/selinux/config", qw(post-install post-upgrade e-smith-base-update));
|
||||
templates2events("/etc/selinux/config", qw(post-install post-upgrade smeserver-base-update));
|
||||
|
||||
templates2events("/etc/systemd/system-preset/49-koozali.preset", qw(post-install post-upgrade e-smith-base-update console-save bootstrap-console-save bootstrap-ldap-save));
|
||||
templates2events("/etc/systemd/system-preset/49-koozali.preset", qw(post-install post-upgrade smeserver-base-update console-save bootstrap-console-save bootstrap-ldap-save));
|
||||
|
||||
# give the correct configuration file of dhcpd.conf
|
||||
templates2events("/etc/dhcp/dhcpd.conf", qw(bootstrap-console-save e-smith-base-update));
|
||||
templates2events("/etc/dhcp/dhcpd.conf", qw(bootstrap-console-save smeserver-base-update));
|
||||
|
||||
# ppp-conf-users
|
||||
|
||||
@@ -19,7 +19,7 @@ foreach (qw(pap-secrets chap-secrets))
|
||||
bootstrap-console-save
|
||||
console-save
|
||||
remoteaccess-update
|
||||
e-smith-base-update));
|
||||
smeserver-base-update));
|
||||
}
|
||||
|
||||
foreach (qw(
|
||||
@@ -32,7 +32,7 @@ foreach (qw(
|
||||
templates2events("$_", qw(
|
||||
console-save
|
||||
bootstrap-console-save
|
||||
e-smith-base-update
|
||||
smeserver-base-update
|
||||
));
|
||||
}
|
||||
|
||||
@@ -49,7 +49,7 @@ foreach (qw(
|
||||
/etc/ppp/ioptions
|
||||
))
|
||||
{
|
||||
templates2events($_, qw(console-save bootstrap-console-save e-smith-base-update));
|
||||
templates2events($_, qw(console-save bootstrap-console-save smeserver-base-update));
|
||||
}
|
||||
|
||||
# conf-networking
|
||||
@@ -64,9 +64,10 @@ foreach (qw(
|
||||
/etc/resolv.conf
|
||||
/etc/sysctl.conf
|
||||
/var/service/wan/dhclient.config
|
||||
/lib/modprobe.d/systemd.conf
|
||||
))
|
||||
{
|
||||
templates2events($_, qw(console-save bootstrap-console-save e-smith-base-update));
|
||||
templates2events($_, qw(console-save bootstrap-console-save smeserver-base-update));
|
||||
}
|
||||
event_link("update-ifcfg", "console-save", "05");
|
||||
event_link("update-ifcfg", "bootstrap-console-save", "05");
|
||||
@@ -80,7 +81,7 @@ templates2events("/etc/crontab", qw(
|
||||
post-upgrade
|
||||
email-update
|
||||
logrotate
|
||||
e-smith-base-update
|
||||
smeserver-base-update
|
||||
));
|
||||
templates2events("/etc/mime.types", qw(
|
||||
console-save
|
||||
@@ -89,7 +90,7 @@ templates2events("/etc/mime.types", qw(
|
||||
post-upgrade
|
||||
email-update
|
||||
logrotate
|
||||
e-smith-base-update
|
||||
smeserver-base-update
|
||||
));
|
||||
templates2events("/etc/sysconfig/rsyslog", qw(
|
||||
console-save
|
||||
@@ -98,7 +99,7 @@ templates2events("/etc/sysconfig/rsyslog", qw(
|
||||
post-upgrade
|
||||
email-update
|
||||
logrotate
|
||||
e-smith-base-update
|
||||
smeserver-base-update
|
||||
));
|
||||
templates2events("/etc/rsyslog.conf", qw(
|
||||
console-save
|
||||
@@ -107,7 +108,7 @@ templates2events("/etc/rsyslog.conf", qw(
|
||||
post-upgrade
|
||||
email-update
|
||||
logrotate
|
||||
e-smith-base-update
|
||||
smeserver-base-update
|
||||
));
|
||||
templates2events("/etc/logrotate.conf", qw(
|
||||
console-save
|
||||
@@ -116,7 +117,7 @@ templates2events("/etc/logrotate.conf", qw(
|
||||
post-upgrade
|
||||
email-update
|
||||
logrotate
|
||||
e-smith-base-update
|
||||
smeserver-base-update
|
||||
));
|
||||
templates2events("/etc/systemd/journald.conf", qw(
|
||||
console-save
|
||||
@@ -125,11 +126,11 @@ templates2events("/etc/systemd/journald.conf", qw(
|
||||
post-upgrade
|
||||
email-update
|
||||
logrotate
|
||||
e-smith-base-update
|
||||
smeserver-base-update
|
||||
));
|
||||
templates2events("/etc/updatedb.conf", qw(
|
||||
bootstrap-console-save
|
||||
e-smith-base-update
|
||||
smeserver-base-update
|
||||
));
|
||||
templates2events("/etc/openssl.conf", qw(
|
||||
console-save
|
||||
@@ -141,7 +142,7 @@ templates2events("/etc/openssl.conf", qw(
|
||||
network-create
|
||||
network-delete
|
||||
ip-change
|
||||
e-smith-base-update
|
||||
smeserver-base-update
|
||||
));
|
||||
|
||||
# conf-routes
|
||||
@@ -162,7 +163,7 @@ templates2events("/etc/securetty", qw(
|
||||
ip-change
|
||||
email-update
|
||||
remoteaccess-update
|
||||
e-smith-base-update
|
||||
smeserver-base-update
|
||||
));
|
||||
templates2events("/etc/services", qw(
|
||||
console-save
|
||||
@@ -176,7 +177,7 @@ templates2events("/etc/services", qw(
|
||||
ip-change
|
||||
email-update
|
||||
remoteaccess-update
|
||||
e-smith-base-update
|
||||
smeserver-base-update
|
||||
));
|
||||
templates2events("/etc/shells", qw(
|
||||
console-save
|
||||
@@ -190,7 +191,7 @@ templates2events("/etc/shells", qw(
|
||||
ip-change
|
||||
email-update
|
||||
remoteaccess-update
|
||||
e-smith-base-update
|
||||
smeserver-base-update
|
||||
));
|
||||
templates2events("/etc/hosts.deny", qw(
|
||||
console-save
|
||||
@@ -204,7 +205,7 @@ templates2events("/etc/hosts.deny", qw(
|
||||
ip-change
|
||||
email-update
|
||||
remoteaccess-update
|
||||
e-smith-base-update
|
||||
smeserver-base-update
|
||||
));
|
||||
templates2events("/etc/hosts.allow", qw(
|
||||
console-save
|
||||
@@ -218,7 +219,7 @@ templates2events("/etc/hosts.allow", qw(
|
||||
ip-change
|
||||
email-update
|
||||
remoteaccess-update
|
||||
e-smith-base-update
|
||||
smeserver-base-update
|
||||
));
|
||||
foreach my $file (qw(
|
||||
/etc/pam.d/login
|
||||
@@ -230,7 +231,7 @@ foreach my $file (qw(
|
||||
/etc/security/pam_abl.conf
|
||||
))
|
||||
{
|
||||
templates2events($file, qw(console-save bootstrap-console-save e-smith-base-update));
|
||||
templates2events($file, qw(console-save bootstrap-console-save smeserver-base-update));
|
||||
}
|
||||
|
||||
foreach (qw(
|
||||
@@ -243,7 +244,7 @@ foreach (qw(
|
||||
console-save
|
||||
bootstrap-console-save
|
||||
ldap-update
|
||||
e-smith-base-update
|
||||
smeserver-base-update
|
||||
));
|
||||
}
|
||||
|
||||
@@ -258,13 +259,13 @@ foreach (qw(users.allow accounts.allow accounts.deny))
|
||||
user-create
|
||||
user-delete
|
||||
password-modify
|
||||
e-smith-base-update
|
||||
smeserver-base-update
|
||||
));
|
||||
}
|
||||
|
||||
# fstab-conf
|
||||
|
||||
templates2events("/etc/fstab", qw(post-install post-upgrade e-smith-base-update));
|
||||
templates2events("/etc/fstab", qw(post-install post-upgrade smeserver-base-update));
|
||||
|
||||
# init-conf
|
||||
|
||||
@@ -274,13 +275,13 @@ templates2events("/etc/inittab", qw(
|
||||
post-install
|
||||
post-upgrade
|
||||
remoteaccess-update
|
||||
e-smith-base-update
|
||||
smeserver-base-update
|
||||
));
|
||||
|
||||
# lynx-conf
|
||||
|
||||
templates2events("/etc/lynx.cfg", qw(console-save bootstrap-console-save e-smith-base-update));
|
||||
templates2events("/etc/elinks.conf", qw(bootstrap-console-save e-smith-base-update));
|
||||
templates2events("/etc/lynx.cfg", qw(console-save bootstrap-console-save smeserver-base-update));
|
||||
templates2events("/etc/elinks.conf", qw(bootstrap-console-save smeserver-base-update));
|
||||
|
||||
#--------------------------------------------------
|
||||
# functions for manager panel
|
||||
@@ -296,9 +297,9 @@ panel_link("review", $panel);
|
||||
panel_link("useraccounts", $panel);
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for e-smith-base-update event
|
||||
# actions for smeserver-base-update event
|
||||
#--------------------------------------------------
|
||||
my $event = "e-smith-base-update";
|
||||
my $event = "smeserver-base-update";
|
||||
|
||||
|
||||
event_link("remove-templates-custom", $event, "02");
|
||||
@@ -308,6 +309,7 @@ templates2events("/usr/lib/systemd/system/dhcpd.service.d/50koozali.conf", $even
|
||||
event_link("systemd-journald", $event, "02");
|
||||
event_link("fix-startup", $event, "05");
|
||||
event_link("init-accounts", $event, "05");
|
||||
event_link("mail-spool-fix", $event, "05");
|
||||
event_link("logrotate-migrate", $event, "06");
|
||||
event_link("rotate_logfiles", $event, "07");
|
||||
event_link("set-hostname", $event, "10");
|
||||
@@ -324,6 +326,7 @@ event_link("conf-routes", $event, "89");
|
||||
event_link("systemd-default", $event, "88");
|
||||
event_link("systemd-isolate", $event, "89");
|
||||
event_link("systemd-reload", $event, "89");
|
||||
event_link("fix-noise-el8", $event, "89");
|
||||
event_link("raidmonitor-check", $event, "92");
|
||||
|
||||
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/network");
|
||||
@@ -456,6 +459,7 @@ event_link("conf-modules", $event, "30");
|
||||
event_link("create-mnt-floppy", $event, "50");
|
||||
event_link("systemd-default", $event, "88");
|
||||
event_link("systemd-reload", $event, "89");
|
||||
event_link("fix-noise-el8", $event, "89");
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for post-upgrade event
|
||||
@@ -468,6 +472,7 @@ templates2events("/usr/lib/systemd/system/dhcpd.service.d/50koozali.conf", $even
|
||||
event_link("systemd-journald", $event, "02");
|
||||
event_link("fix-startup", $event, "05");
|
||||
event_link("init-accounts", $event, "05");
|
||||
event_link("mail-spool-fix", $event, "05");
|
||||
event_link("logrotate-migrate", $event, "06");
|
||||
event_link("rotate_logfiles", $event, "07");
|
||||
event_link("conf-startup", $event, "10");
|
||||
@@ -511,6 +516,7 @@ $event = "user-create";
|
||||
event_link("user-create-unix", $event, "04");
|
||||
event_link("count-active-user-accounts", $event, "25");
|
||||
event_link("user-group-modify", $event, "85");
|
||||
event_link("mail-spool-fix", $event, "89");
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for user-delete event
|
||||
@@ -522,6 +528,7 @@ event_link("user-delete-groups-and-pseudonyms", $event, "02");
|
||||
event_link("user-delete-unix", $event, "15");
|
||||
event_link("initialize-default-databases", $event, "23");
|
||||
event_link("count-active-user-accounts", $event, "25");
|
||||
event_link("mail-spool-fix", $event, "89");
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for user-modify event
|
||||
@@ -623,6 +630,7 @@ templates2events("/home/e-smith/ssl.pem/pem", $event);
|
||||
$event = "email-update";
|
||||
event_link("systemd-default", $event, "88");
|
||||
event_link("systemd-reload", $event, "89");
|
||||
event_link("mail-spool-fix", $event, "89");
|
||||
|
||||
#--------------------------------------------------
|
||||
# actions for webapps-update event
|
||||
|
@@ -0,0 +1,2 @@
|
||||
# cockpit noise [SME: 12575]
|
||||
cockpit-ws:any:ln -sfn /dev/null /etc/motd.d/cockpit
|
@@ -0,0 +1 @@
|
||||
enabled
|
@@ -1 +0,0 @@
|
||||
system
|
10
root/etc/e-smith/db/accounts/migrate/10primary
Normal file
10
root/etc/e-smith/db/accounts/migrate/10primary
Normal file
@@ -0,0 +1,10 @@
|
||||
{
|
||||
# Delete any pre-existing primary=system record (all lower case)
|
||||
my $p = $DB->get('primary');
|
||||
return unless defined $p;
|
||||
|
||||
my $type = $p->prop('type');
|
||||
return unless defined $type;
|
||||
|
||||
$p->delete if $type eq 'system';
|
||||
}
|
4
root/etc/e-smith/events/actions/fix-noise-el8
Normal file
4
root/etc/e-smith/events/actions/fix-noise-el8
Normal file
@@ -0,0 +1,4 @@
|
||||
#!/bin/bash
|
||||
# remove cockpit alert forever [SME: 12575]
|
||||
ln -sfn /dev/null /etc/motd.d/cockpit
|
||||
|
@@ -2,6 +2,7 @@
|
||||
|
||||
#----------------------------------------------------------------------
|
||||
# copyright (C) 1999-2005 Mitel Networks Corporation
|
||||
# copyright (C) 2024 Koozali foundation inc.
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
@@ -27,7 +28,8 @@ use strict;
|
||||
use Errno;
|
||||
use esmith::ConfigDB;
|
||||
use esmith::AccountsDB;
|
||||
use File::Temp;
|
||||
use esmith::util::ldap;
|
||||
use esmith::util;
|
||||
|
||||
my $conf = esmith::ConfigDB->open_ro
|
||||
or die "Could not open Config DB";
|
||||
@@ -36,10 +38,10 @@ my $accounts = esmith::AccountsDB->open
|
||||
|
||||
my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
|
||||
my $x = 0; # exit value
|
||||
my $result;
|
||||
|
||||
my $domain = $conf->get('DomainName')
|
||||
|| die("Couldn't determine domain name");
|
||||
$domain = $domain->value;
|
||||
# prepare LDAP bind
|
||||
my $ldap=esmith::util::ldap->new();
|
||||
|
||||
my $event = $ARGV [0];
|
||||
my $groupName = $ARGV [1];
|
||||
@@ -97,41 +99,20 @@ if ($ldapauth ne 'enabled')
|
||||
) == 0 or ( $x = 255, warn "Failed to create (unix) user $groupName.\n" );
|
||||
}
|
||||
|
||||
# Create the user's unique group first (in ldap)
|
||||
my $tmpattr = File::Temp->new();
|
||||
print $tmpattr "mail: $groupName\@$domain\n";
|
||||
print $tmpattr "description: $description\n";
|
||||
$tmpattr->flush();
|
||||
system(
|
||||
"/usr/sbin/cpu", "groupadd",
|
||||
"-a", "$tmpattr",
|
||||
"-g", $gid,
|
||||
$groupName
|
||||
) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) group $groupName.\n" );
|
||||
undef $tmpattr;
|
||||
# create group
|
||||
$result = $ldap->ldapgroup($group);
|
||||
$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) group $groupName.\n" );
|
||||
|
||||
# Now create the dummy user account (in ldap)
|
||||
system(
|
||||
"/usr/sbin/cpu", "-C/etc/cpu-system.conf", "useradd",
|
||||
"-u", $uid,
|
||||
"-g", $gid,
|
||||
"-d",
|
||||
"/home/e-smith",
|
||||
"-s",
|
||||
"/bin/false",
|
||||
"$groupName"
|
||||
) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) user $groupName.\n" );
|
||||
#create dedicated group user
|
||||
$result = $ldap->ldapuser($group);
|
||||
$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) user $groupName.\n" );
|
||||
|
||||
# Set the cn of the dummy user account (in ldap)
|
||||
$tmpattr = File::Temp->new();
|
||||
print $tmpattr "cn: $description\n";
|
||||
$tmpattr->flush();
|
||||
system(
|
||||
"/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod",
|
||||
"-a", $tmpattr,
|
||||
"$groupName"
|
||||
) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to update (ldap) user $groupName.\n" );
|
||||
undef $tmpattr;
|
||||
# add to supplementary group
|
||||
# as it is regular group, pm will add www and admin, so no need to add it
|
||||
my @UserArr = ($groupName);
|
||||
$result = $ldap->ldapsetgroupmembers($groupName,\@UserArr);
|
||||
# error code 20 is entry already exits.
|
||||
$result && ( $result->code != 20 ) && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to add (ldap) account $groupName to supplementary group.\n" );
|
||||
|
||||
# Release lock if we have one
|
||||
$lock && esmith::lockfile::UnlockFile($lock);
|
||||
@@ -150,14 +131,15 @@ my @groupMembers = split (/,/, $members);
|
||||
# "www" and "admin" are implicit members of all groups
|
||||
push @groupMembers, 'admin', 'www';
|
||||
|
||||
my $member;
|
||||
foreach $member (@groupMembers)
|
||||
foreach my $member (@groupMembers)
|
||||
{
|
||||
# Get a list of this member's supplementary groups, then add the
|
||||
# new group to the list. Finally sort, join and run the usermod
|
||||
# function to update the group list for this member.
|
||||
|
||||
my $cmd = "/usr/bin/id -G -n '$member'";
|
||||
#my $cmd = "/usr/bin/id -G -n '$member'";
|
||||
# this will not fail in case of apache aliase before www in passwd
|
||||
my $cmd = "/usr/bin/groups '$member' 2>/dev/null | cut -d' ' -f3- ";
|
||||
my $groups = `$cmd 2>/dev/null`;
|
||||
if ($? != 0)
|
||||
{
|
||||
@@ -179,13 +161,6 @@ foreach $member (@groupMembers)
|
||||
system("/usr/sbin/usermod", "-G", "$groups", "$member") == 0
|
||||
or ( $x = 255, warn "Failed to modify supplementary (unix) group list for $member.\n" );
|
||||
}
|
||||
|
||||
# root user/group isn't in ldap
|
||||
@groupList = grep (!/^root$/, @groupList);
|
||||
$groups = join (',', sort (@groupList));
|
||||
|
||||
system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod", "-G", "$groups", "$member") == 0
|
||||
or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify supplementary (ldap) group list for $member.\n" );
|
||||
}
|
||||
|
||||
exit ($x);
|
||||
|
@@ -2,6 +2,7 @@
|
||||
|
||||
#----------------------------------------------------------------------
|
||||
# copyright (C) 1999-2005 Mitel Networks Corporation
|
||||
# copyright (C) 2024 Koozali Foundation inc.
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
@@ -26,6 +27,8 @@ package esmith;
|
||||
use strict;
|
||||
use Errno;
|
||||
use esmith::ConfigDB;
|
||||
use esmith::util;
|
||||
use esmith::util::ldap;
|
||||
|
||||
my $conf = esmith::ConfigDB->open_ro
|
||||
or die "Could not open Config DB";
|
||||
@@ -33,6 +36,9 @@ my $conf = esmith::ConfigDB->open_ro
|
||||
my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
|
||||
my $x = 0; # exit value
|
||||
|
||||
# prepare LDAP bind
|
||||
my $ldap=esmith::util::ldap->new();
|
||||
|
||||
my $event = $ARGV [0];
|
||||
my $groupName = $ARGV [1] or die "Groupname argument missing.";
|
||||
|
||||
@@ -45,10 +51,15 @@ if ($ldapauth ne 'enabled')
|
||||
or ( $x = 255, warn "Failed to delete (unix) group $groupName.\n" );
|
||||
}
|
||||
|
||||
system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "userdel", "$groupName") == 0
|
||||
or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete dummy user for (ldap) group $groupName.\n" );
|
||||
# delete dedicated user group
|
||||
my $result = $ldap->ldapdeluser($groupName);
|
||||
$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete dummy user for (ldap) group $groupName.\n" );
|
||||
|
||||
system("/usr/sbin/cpu", "groupdel", "$groupName") == 0
|
||||
or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete (ldap) group $groupName.\n" );
|
||||
# delete group
|
||||
$result = $ldap->ldapdelgroup($groupName);
|
||||
$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete (ldap) group $groupName.\n" );
|
||||
|
||||
# delete mail spool file
|
||||
unless ($x == 255) { if ( -e "/var/spool/mail/$groupName" ) {unlink("/var/spool/mail/$groupName") or ( $x = 255, warn "Failed to delete /var/spool/mail/$groupName.\n" );} }
|
||||
|
||||
exit ($x);
|
||||
|
@@ -2,6 +2,7 @@
|
||||
|
||||
#----------------------------------------------------------------------
|
||||
# copyright (C) 2002-2005 Mitel Networks Corporation
|
||||
# copyright (C) 2024 Koozali Foundation inc.
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
@@ -27,17 +28,19 @@ use strict;
|
||||
use Errno;
|
||||
use esmith::ConfigDB;
|
||||
use esmith::AccountsDB;
|
||||
use File::Temp;
|
||||
use esmith::util;
|
||||
use utf8;
|
||||
use esmith::util::ldap;
|
||||
|
||||
my $c = esmith::ConfigDB->open_ro || die "Couldn't open config db\n";
|
||||
my $a = esmith::AccountsDB->open_ro || die "Couldn't open accounts db\n";
|
||||
|
||||
my $ldapauth = $c->get('ldap')->prop('Authentication') || 'disabled';
|
||||
my $x = 0; # exit value
|
||||
my $result;
|
||||
|
||||
my $domain = $c->get('DomainName')
|
||||
|| die("Couldn't determine domain name");
|
||||
$domain = $domain->value;
|
||||
# prepare LDAP bind
|
||||
my $ldap=esmith::util::ldap->new();
|
||||
|
||||
my $event = shift || die "Event name arg missing\n";;
|
||||
my @groups;
|
||||
@@ -51,6 +54,11 @@ else
|
||||
@groups = $a->groups;
|
||||
}
|
||||
|
||||
# fix www missing in shared
|
||||
my ( $name, $passwd, $gid, $members ) = getgrnam('shared');
|
||||
my @mb= split(/ /, $members);
|
||||
system("usermod -a -G shared www") unless ( grep(/^www$/, @mb) ) ;
|
||||
|
||||
foreach my $group (@groups)
|
||||
{
|
||||
my $groupName = $group->key;
|
||||
@@ -78,22 +86,12 @@ foreach my $group (@groups)
|
||||
or ( $x = 255, warn "Failed to modify (unix) group description for $groupName.\n" );
|
||||
}
|
||||
|
||||
my $tmpattr = File::Temp->new();
|
||||
print $tmpattr "cn: $groupDesc\n";
|
||||
$tmpattr->flush();
|
||||
system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod", "-a", "$tmpattr", "$groupName") == 0
|
||||
or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify (ldap) group description for $groupName.\n" );
|
||||
|
||||
$tmpattr = File::Temp->new();
|
||||
print $tmpattr "mail: $groupName\@$domain\n";
|
||||
print $tmpattr "description: $groupDesc\n";
|
||||
$tmpattr->flush();
|
||||
system(
|
||||
"/usr/sbin/cpu", "-C/etc/cpu-system.conf", "groupmod",
|
||||
"-a", "$tmpattr",
|
||||
"$groupName"
|
||||
) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify (ldap) group description/email for $groupName.\n" );
|
||||
undef $tmpattr;
|
||||
# modify group dedicated user cn
|
||||
$result = $ldap->ldapmoduser($group);
|
||||
$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify (ldap) group description for $groupName.\n" );
|
||||
# modify Group description and mail
|
||||
$result = $ldap->ldapmodgroup($group);
|
||||
$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify (ldap) group description/email for $groupName.\n" );
|
||||
|
||||
my ($name, $passwd, $gid, $members) = getgrnam ($groupName);
|
||||
my @oldMembers = split (/\s+/, $members);
|
||||
@@ -116,7 +114,11 @@ foreach my $group (@groups)
|
||||
{
|
||||
$oldMembers{$member} = 1;
|
||||
}
|
||||
my (@addMembers, @delMembers);
|
||||
|
||||
# applying list of user memberUid for LDAP for this group
|
||||
$result = $ldap->ldapsetgroupmembers($groupName,\@newMembers);
|
||||
# error code 20 is entry already exits.
|
||||
$result && ( $result->code != 20 ) && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify supplementary (ldap) group membership for $groupName.\n" );
|
||||
|
||||
foreach $member (@newMembers, @oldMembers)
|
||||
{
|
||||
@@ -128,18 +130,23 @@ foreach my $group (@groups)
|
||||
# We need to add or remove this member from the group
|
||||
# Get the supplementary group list for the member we are adding or
|
||||
# deleting.
|
||||
my $cmd = "/usr/bin/id -G -n '$member'";
|
||||
#my $cmd = "/usr/bin/id -G -n '$member'";
|
||||
# this will not fail in case of apache before www in passwd
|
||||
my $cmd = "/usr/bin/groups '$member' 2>/dev/null | cut -d' ' -f3- ";
|
||||
my $groups = `$cmd 2>/dev/null`;
|
||||
if ($? != 0)
|
||||
{
|
||||
die "Failed to get supplementary group list for $member.\n";
|
||||
}
|
||||
$groups =~ s/^.*:\s+//;
|
||||
chomp ($groups);
|
||||
|
||||
my @groupList = split (/\s+/, $groups);
|
||||
@groupList = grep (!/^$member$/, @groupList);
|
||||
# Apache is an alias for www
|
||||
@groupList = map { $_ =~ s/^apache$/www/g; $_ } @groupList;
|
||||
# www needs to be in shared
|
||||
push(@groupList,'shared') if ( ($member eq 'www') and (! grep{$_ eq 'shared'} @groupList));
|
||||
|
||||
if ($oldMembers{$member})
|
||||
{
|
||||
@@ -157,13 +164,8 @@ foreach my $group (@groups)
|
||||
or ( $x = 255, warn "Failed to modify supplementary (unix) group list for $member.\n" );
|
||||
}
|
||||
|
||||
# root user/group isn't in ldap
|
||||
@groupList = grep (!/^root$/, @groupList);
|
||||
$groups = join (',', sort (@groupList));
|
||||
|
||||
system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod", "-G", "$groups", "$member") == 0
|
||||
or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify supplementary (ldap) group list for $member.\n" );
|
||||
}
|
||||
}
|
||||
|
||||
} # end of list of groups
|
||||
|
||||
exit ($x);
|
||||
|
@@ -68,10 +68,10 @@ if ( $apacheuidtest != '102' )
|
||||
|
||||
#order is essential there: --setugids then --setperms, or suid guid perms will be lost
|
||||
warn "failed to fix user group ids for apache" unless (
|
||||
system("/bin/rpm --setugids httpd mod_auth_tkt mod_ssl php pwauth 2> /dev/null") == 0
|
||||
system("/bin/rpm --setugids httpd mod_auth_tkt mod_ssl pwauth 2> /dev/null") == 0
|
||||
);
|
||||
warn "failed to fix permissions for apache" unless (
|
||||
system("/bin/rpm --setperms httpd mod_auth_tkt mod_ssl php pwauth 2> /dev/null") == 0
|
||||
system("/bin/rpm --setperms httpd mod_auth_tkt mod_ssl pwauth 2> /dev/null") == 0
|
||||
);
|
||||
|
||||
# delete unwanted user accounts
|
||||
|
47
root/etc/e-smith/events/actions/mail-spool-fix
Normal file
47
root/etc/e-smith/events/actions/mail-spool-fix
Normal file
@@ -0,0 +1,47 @@
|
||||
#! /bin/bash
|
||||
|
||||
#----------------------------------------------------------------------
|
||||
# copyright (C) 2023 Koozali SME Server
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
#
|
||||
#----------------------------------------------------------------------
|
||||
|
||||
# fix ownership of spool folder content
|
||||
pushd /var/spool/mail/ >/dev/null
|
||||
for file in *; do
|
||||
if [ ! -f "$file" ]; then
|
||||
continue
|
||||
fi
|
||||
if ( ! `id -u $file 2>/dev/null 1>&2`) ; then
|
||||
echo "$file user does not exist deleting mail spool file"
|
||||
rm -f /var/spool/mail/$file
|
||||
continue
|
||||
fi
|
||||
userf=$(stat -c %U /var/spool/mail/$file 2>/dev/null)
|
||||
if [[ "$userf" != "$file" ]]; then
|
||||
uidf=$(stat -c %u /var/spool/mail/$file 2>/dev/null)
|
||||
uiduser=$(id -u $file 2>/dev/null )
|
||||
# extra step needed if username has an alias eg www=apache
|
||||
if [[ "$uidf" != "$uiduser" ]]; then
|
||||
echo "fixing ownership of $file spool mail"
|
||||
# extra security we want to clean it from sensitive information
|
||||
echo ""> /var/spool/mail/$file
|
||||
chown $file /var/spool/mail/$file
|
||||
fi
|
||||
fi
|
||||
done
|
||||
popd >/dev/null
|
||||
|
@@ -34,7 +34,7 @@
|
||||
# remote_ip = $6
|
||||
# ipparam = $7
|
||||
|
||||
if [ "$7" = "diald" ]
|
||||
if [ "$7" = "diald" ] || [ "$7" = "wan" ]
|
||||
then
|
||||
exec /sbin/e-smith/config set GatewayIP "$6"
|
||||
fi
|
||||
|
@@ -20,7 +20,7 @@ my $filename = "/etc/systemd/system-preset/49-koozali.preset";
|
||||
my $filename2 = "/usr/lib/systemd/system/sme-server.target.d/50koozali.conf";
|
||||
my %services;
|
||||
my %files;
|
||||
my @WantedBy;
|
||||
my @WantedBy;my %wantedBy;
|
||||
|
||||
# expand preset file
|
||||
esmith::templates::processTemplate({
|
||||
@@ -36,7 +36,7 @@ esmith::templates::processTemplate({
|
||||
});
|
||||
|
||||
# make sure our target is enabled
|
||||
system("/usr/bin/systemctl enable sme-server.target");
|
||||
system("/usr/bin/systemctl enable sme-server.target 2>/dev/null");
|
||||
# force the main default target in /usr/lib
|
||||
#ln -fs sme-server.target /lib/systemd/system/default.target
|
||||
my $old_qfn = "sme-server.target";
|
||||
@@ -54,7 +54,9 @@ if (!symlink($old_qfn, $new_qfn)) {
|
||||
|
||||
# we let the dedicated systemd command tryin to do what we will do later in this script
|
||||
# as up to systemd 236 it is bugged see:
|
||||
# https://github.com/systemd/systemd/pull/7158 and https://github.com/systemd/systemd/pull/7289
|
||||
# https://github.com/systemd/systemd/pull/7158 : systemctl: respect [Install] section in drop-ins: should be fixed in SME 12 (239)
|
||||
# https://github.com/systemd/systemd/issues/9477 : aliases; open
|
||||
# https://github.com/systemd/systemd/pull/9901 allow instantiated units to be enabled via presets v240
|
||||
system("/usr/bin/systemctl preset-all");
|
||||
# in case preset-all messed up with our default target
|
||||
system("/usr/bin/systemctl set-default sme-server.target");
|
||||
@@ -76,7 +78,7 @@ foreach my $d (@presetdirpaths) {
|
||||
my $smewants = `grep -P '^Wants=' /usr/lib/systemd/system/sme-server.target -rs`;
|
||||
chomp $smewants;
|
||||
my @smematches = ( $smewants =~ /([a-zA-Z0-9\-_]+\.service)/g );
|
||||
|
||||
my %smewants = map { $_ => 1 } @smematches;
|
||||
|
||||
# parse all files on reverse order : lower number take precedence
|
||||
# we ignore joker lines *
|
||||
@@ -101,25 +103,26 @@ foreach my $filen (reverse sort keys %files) {
|
||||
my $service=$2;
|
||||
my $stats=$1;
|
||||
# print $_ ."\n";
|
||||
#ignore service that does not exists !
|
||||
# ignore service that does not exists !
|
||||
# here we are searching for service@instance.service type
|
||||
my $multiple = $service;
|
||||
($multiple = $service ) =~ s/([a-zA-Z0-9\-_.]+@)(.*)/$1.service/ if ( $service =~ /@/ );
|
||||
#print "$stats $service $multiple\n";
|
||||
next unless ( -e "/usr/lib/systemd/system/$service" or -e "/etc/lib/systemd/system/$service" or -e "/usr/lib/systemd/system/$multiple");
|
||||
#print "$stats $service $multiple\n" if $service ne $multiple;
|
||||
next unless ( -e "/usr/lib/systemd/system/$service" or -e "/etc/systemd/system/$service" or -e "/usr/lib/systemd/system/$multiple");
|
||||
# eliminate duplicates, this way we keep only the last entry of the lowest file as we do it in reverse order of file,
|
||||
# but from top to bottom of file.
|
||||
$services{$service}=$stats;
|
||||
|
||||
# list all Services explicitely listed in preset that are also in Wants= or with WantedBy= sme-server.target
|
||||
next if (/^$service$/ ~~ @WantedBy);
|
||||
if ( /^$service$/ ~~ @smematches ) {
|
||||
push(@WantedBy, $service);
|
||||
next if ( exists($wantedBy{$service}));
|
||||
if (exists($smewants{$service}) ) {
|
||||
$wantedBy{$service}=1;
|
||||
#print "want $service \n";
|
||||
}
|
||||
else {
|
||||
my $wanted = `grep -P '^WantedBy=.*sme-server.target' /usr/lib/systemd/system/$service* /etc/systemd/system/$service* -rsh` ;
|
||||
my $wanted = `grep -P '^WantedBy=.*sme-server.target' /usr/lib/systemd/system/$service* /etc/systemd/system/$service* /usr/lib/systemd/system/$multiple* /etc/systemd/system/$multiple* -rsh` ;
|
||||
chomp $wanted;
|
||||
push(@WantedBy , $service) unless ( $wanted eq "") ;
|
||||
$wantedBy{$service}=1 unless ( $wanted eq "");
|
||||
#print "want $service \n" unless ( $wanted eq "") ;
|
||||
}
|
||||
|
||||
@@ -166,7 +169,7 @@ foreach my $fi (@dirfiles) {
|
||||
next;
|
||||
}
|
||||
# if not wanted remove
|
||||
unless ( /^$fi$/ ~~ @WantedBy) {
|
||||
unless ( exists($wantedBy{$fi})){
|
||||
print "remove $d$fi as not declared as WantedBy or in Wants for sme-server.target\n";
|
||||
unlink "$d$fi";
|
||||
}
|
||||
@@ -176,7 +179,7 @@ foreach my $fi (@dirfiles) {
|
||||
# we only do it for sme-server.target, ignoring the remaining of WantedBy
|
||||
foreach my $service (sort keys %services) {
|
||||
my $wanted= "not";
|
||||
$wanted = "want" if ( /^$service$/ ~~ @WantedBy );
|
||||
$wanted = "want" if ( exists($wantedBy{$service}));#( /^$service$/ ~~ @WantedBy );
|
||||
my $status = $services{$service};
|
||||
my $linkedU = ( -e "/usr/lib/systemd/system/sme-server.target.wants/$service" ) ? "linked" : "not";
|
||||
my $linkedE = ( -e "/etc/systemd/system/sme-server.target.wants/$service" ) ? "linked" : "not";
|
||||
@@ -223,8 +226,7 @@ foreach my $fi (@dirfiles) {
|
||||
my $service = $fi;
|
||||
my $wanted = `grep -P '^WantedBy=.*sme-server.target' /usr/lib/systemd/system/$service* /etc/systemd/system/$service* -rsh` ;
|
||||
chomp $wanted;
|
||||
#unless ( /^$fi$/ ~~ @WantedBy ) {
|
||||
unless (grep(/^$fi$/, @WantedBy ) ) {
|
||||
unless ( exists($wantedBy{$fi})) {
|
||||
print "$d$fi is not declared as WantedBy or in Wants for sme-server.target\n";
|
||||
}
|
||||
}
|
||||
|
@@ -18,6 +18,15 @@ if (($c->get('EthernetDriver1')->value || 'unknown') eq 'dummy'){
|
||||
if (($c->get('InternalInterface')->prop('NICBonding') || 'disabled') eq 'enabled'){
|
||||
push @adapters, "bond\tbond\t10:00:01:02:03:04\tBonding virtual Interface\tbond0";
|
||||
}
|
||||
# if external VLAN is configured
|
||||
if (($c->get('ExternalInterface')->prop('VLAN') || 'disabled') ne 'disabled'){
|
||||
my $name= ($c->get('ExternalInterface')->prop('Name') eq "ppp0") ? $c->get('pppoe')->prop('PhysicalInterface') : $c->get('ExternalInterface')->prop('Name') ;
|
||||
my $vlan=$c->get('ExternalInterface')->prop('VLAN');
|
||||
$name=~ s/\.$vlan$//;
|
||||
my ($newl) = grep ( /$name$/ , @adapters);
|
||||
push @adapters, "$newl.$vlan";
|
||||
}
|
||||
#TODO if external virtual lan is configured
|
||||
|
||||
# Expand templates for every adapters found
|
||||
foreach my $adapter (@adapters){
|
||||
|
@@ -2,6 +2,7 @@
|
||||
|
||||
#----------------------------------------------------------------------
|
||||
# copyright (C) 1999-2005 Mitel Networks Corporation
|
||||
# copyright (C) 2024 Koozali foundation inc.
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
@@ -27,7 +28,9 @@ use strict;
|
||||
use Errno;
|
||||
use esmith::ConfigDB;
|
||||
use esmith::AccountsDB;
|
||||
use File::Temp;
|
||||
use esmith::util;
|
||||
use utf8;
|
||||
use esmith::util::ldap;
|
||||
|
||||
my $conf = esmith::ConfigDB->open_ro;
|
||||
my $accounts = esmith::AccountsDB->open;
|
||||
@@ -35,9 +38,8 @@ my $accounts = esmith::AccountsDB->open;
|
||||
my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
|
||||
my $x = 0; # exit value
|
||||
|
||||
my $domain = $conf->get('DomainName')
|
||||
|| die("Couldn't determine domain name");
|
||||
$domain = $domain->value;
|
||||
# prepare LDAP bind
|
||||
my $ldap=esmith::util::ldap->new();
|
||||
|
||||
my $event = $ARGV [0];
|
||||
my $userName = $ARGV [1];
|
||||
@@ -65,13 +67,13 @@ unless ($uid = $acct->prop('Uid'))
|
||||
$acct->set_prop('Uid', $uid);
|
||||
}
|
||||
my $gid = $acct->prop('Gid') || $uid;
|
||||
my $first = $acct->prop('FirstName') || '';
|
||||
my $last = $acct->prop('LastName') || '';
|
||||
my $phone = $acct->prop('Phone') || '';
|
||||
my $company = $acct->prop('Company') || '';
|
||||
my $dept = $acct->prop('Dept') || '';
|
||||
my $city = $acct->prop('City') || '';
|
||||
my $street = $acct->prop('Street') || '';
|
||||
my $first = stringToASCII($acct->prop('FirstName')) || '';
|
||||
my $last = stringToASCII($acct->prop('LastName')) || '';
|
||||
my $phone = stringToASCII($acct->prop('Phone')) || '';
|
||||
my $company = stringToASCII($acct->prop('Company')) || '';
|
||||
my $dept = stringToASCII($acct->prop('Dept')) || '';
|
||||
my $city = stringToASCII($acct->prop('City')) || '';
|
||||
my $street = stringToASCII($acct->prop('Street')) || '';
|
||||
my $shell = $acct->prop('Shell') || '/usr/bin/false';
|
||||
my $groups = "shared";
|
||||
|
||||
@@ -101,38 +103,17 @@ if ($ldapauth ne 'enabled')
|
||||
}
|
||||
|
||||
# Create the user's unique group first (in ldap)
|
||||
system(
|
||||
"/usr/sbin/cpu", "-C/etc/cpu-system.conf", "groupadd",
|
||||
"-g",
|
||||
$gid,
|
||||
$userName
|
||||
) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) group $userName.\n" );
|
||||
my $result = $ldap->ldapgroup($acct);
|
||||
$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) group $userName.\n" );
|
||||
|
||||
# Now create the user account (in ldap)
|
||||
my $tmpattr = File::Temp->new();
|
||||
print $tmpattr "telephoneNumber: $phone\n";
|
||||
print $tmpattr "o: $company\n";
|
||||
print $tmpattr "ou: $dept\n";
|
||||
print $tmpattr "l: $city\n";
|
||||
print $tmpattr "street: $street\n";
|
||||
$tmpattr->flush();
|
||||
system(
|
||||
"/usr/sbin/cpu", "useradd",
|
||||
"-u", $uid,
|
||||
"-g", $gid,
|
||||
"-f", "$first",
|
||||
"-E", "$last",
|
||||
"-e", "$userName\@$domain",
|
||||
"-a", "$tmpattr",
|
||||
"-d", "/home/e-smith/files/users/$userName",
|
||||
"-G", "$groups",
|
||||
"-m",
|
||||
"-k/etc/e-smith/skel/user",
|
||||
"-s", "$shell",
|
||||
$userName
|
||||
) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) account $userName.\n" );
|
||||
undef $tmpattr;
|
||||
$result = $ldap->ldapuser($acct);
|
||||
$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) account $userName.\n" );
|
||||
|
||||
# add to supplementary group
|
||||
my @UserArr = ($userName);
|
||||
$result = $ldap->ldapsetgroupmembers($userName,\@UserArr);
|
||||
$result && ( $result != 20 ) && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to add (ldap) account $userName to supplementary group.\n" );
|
||||
|
||||
# Release lock if we have one
|
||||
$lock && esmith::lockfile::UnlockFile($lock);
|
||||
@@ -141,13 +122,15 @@ $lock && esmith::lockfile::UnlockFile($lock);
|
||||
|
||||
chmod 0700, "/home/e-smith/files/users/$userName";
|
||||
|
||||
# lock user password
|
||||
if ($ldapauth ne 'enabled')
|
||||
{
|
||||
system("/usr/bin/passwd", "-l", "$userName")
|
||||
and ( $x = 255, warn "Could not lock (unix) password for $userName\n" );
|
||||
}
|
||||
system("/usr/sbin/cpu", "usermod", "-L", "$userName")
|
||||
and ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Could not lock (ldap) password for $userName\n" );
|
||||
|
||||
# esmith::util::ldap already lock user on creation, this avoid one more ldap write access.
|
||||
|
||||
system("/usr/bin/smbpasswd", "-a", "-d", "$userName")
|
||||
and ( $x = 255, warn "Could not lock (smb) password for $userName\n" );
|
||||
|
||||
|
@@ -2,6 +2,7 @@
|
||||
|
||||
#----------------------------------------------------------------------
|
||||
# copyright (C) 1999-2005 Mitel Networks Corporation
|
||||
# copyright (C) 2024 Koozali Foundation inc.
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
@@ -27,6 +28,7 @@ use strict;
|
||||
use Errno;
|
||||
use esmith::util;
|
||||
use esmith::ConfigDB;
|
||||
use esmith::util::ldap;
|
||||
|
||||
my $conf = esmith::ConfigDB->open_ro
|
||||
or die "Could not open Config DB";
|
||||
@@ -34,6 +36,9 @@ my $conf = esmith::ConfigDB->open_ro
|
||||
my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
|
||||
my $x = 0; # exit value
|
||||
|
||||
# prepare LDAP bind
|
||||
my $ldap=esmith::util::ldap->new();
|
||||
|
||||
my $event = $ARGV [0];
|
||||
my $userName = $ARGV [1];
|
||||
|
||||
@@ -53,11 +58,21 @@ if ($ldapauth ne 'enabled')
|
||||
( $x = 255, warn "Failed to delete (unix) account $userName.\n" );
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
my $discard = `/bin/rm -rf /home/e-smith/files/users/$userName`;
|
||||
if ($? != 0)
|
||||
{
|
||||
( $x = 255, warn "Failed to delete home dir of account $userName.\n" );
|
||||
}
|
||||
|
||||
system("/usr/sbin/cpu", "userdel", "-r", $userName) == 0
|
||||
or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete (ldap) account $userName.\n" );
|
||||
}
|
||||
# delete user
|
||||
my $result = $ldap->ldapdeluser($userName);
|
||||
$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete (ldap) account $userName.\n" );
|
||||
|
||||
system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "groupdel", $userName) == 0
|
||||
or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete (ldap) group account $userName.\n" );
|
||||
# delete user dedicated group
|
||||
$result = $ldap->ldapdelgroup($userName);
|
||||
$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete (ldap) group account $userName.\n" );
|
||||
|
||||
exit ($x);
|
||||
|
@@ -2,6 +2,7 @@
|
||||
|
||||
#----------------------------------------------------------------------
|
||||
# copyright (C) 2001-2006 Mitel Networks Corporation
|
||||
# copyright (C) 2024 Koozali foundation inc.
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
@@ -25,13 +26,18 @@ use Errno;
|
||||
use esmith::AccountsDB;
|
||||
use esmith::ConfigDB;
|
||||
use English;
|
||||
use esmith::util::ldap;
|
||||
|
||||
my $a = esmith::AccountsDB->open or die "Could not open accounts db";
|
||||
my $conf = esmith::ConfigDB->open or die "Could not open configuration db";
|
||||
|
||||
my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
|
||||
my $result;
|
||||
my $x = 0; # exit value
|
||||
|
||||
# prepare LDAP bind
|
||||
my $ldap=esmith::util::ldap->new();
|
||||
|
||||
my $event = $ARGV [0];
|
||||
|
||||
my @users_to_lock = bad_password_users();
|
||||
@@ -54,13 +60,16 @@ sub lock_user
|
||||
|
||||
my $u = $a->get($userName) or die "No account record for user $userName";
|
||||
|
||||
# lock in unix shadow/passwd if used.
|
||||
if ($ldapauth ne 'enabled')
|
||||
{
|
||||
system("/usr/bin/passwd", "-l", $userName) == 0
|
||||
or ( $x = 255, warn "Error locking (unix) account $userName" );
|
||||
}
|
||||
system("/usr/sbin/cpu", "usermod", "-L", $userName) == 0
|
||||
or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Error locking (ldap) account $userName" );
|
||||
# lock in LDAP
|
||||
$result = $ldap->ldaplockuser($userName);
|
||||
$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Error locking (ldap) account $userName.\n" );
|
||||
# lock in samba
|
||||
system("/usr/bin/smbpasswd", "-d", $userName) == 0
|
||||
or ( $x = 255, warn "Error locking (smb) account $userName" );
|
||||
$u->set_prop('PasswordSet', 'no');
|
||||
|
@@ -22,29 +22,17 @@ use strict;
|
||||
use Errno;
|
||||
use esmith::AccountsDB;
|
||||
use esmith::ConfigDB;
|
||||
use Net::LDAP;
|
||||
use esmith::util;
|
||||
use utf8;
|
||||
use esmith::util::ldap;
|
||||
|
||||
my $conf = esmith::ConfigDB->open or die "Could not open configuration db";
|
||||
|
||||
my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
|
||||
my $x = 0; # exit value
|
||||
|
||||
my $domain = $conf->get('DomainName')
|
||||
|| die("Couldn't determine domain name");
|
||||
$domain = $domain->value;
|
||||
|
||||
# prepare LDAP bind
|
||||
my $pw = esmith::util::LdapPassword();
|
||||
my $base = esmith::util::ldapBase ($domain);
|
||||
|
||||
my $ldap = Net::LDAP->new('localhost')
|
||||
or die "$@";
|
||||
|
||||
$ldap->bind(
|
||||
dn => "cn=root,$base",
|
||||
password => $pw
|
||||
);
|
||||
my $ldap=esmith::util::ldap->new();
|
||||
|
||||
my $event = $ARGV [0];
|
||||
my $userName = $ARGV [1];
|
||||
@@ -94,22 +82,14 @@ foreach my $u (@users)
|
||||
system("/usr/sbin/usermod", '-s', "$new_shell", $userName) == 0
|
||||
or ( $x = 255, warn "Failed to modify shell of (unix) account $userName.\n" );
|
||||
}
|
||||
|
||||
my @new_shell = ($new_shell);
|
||||
$result = $ldap->modify("uid=$userName,ou=Users,$base",
|
||||
replace => {
|
||||
loginShell => \@new_shell
|
||||
}
|
||||
);
|
||||
$result->code && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify shell of (ldap) account $userName.\n" );
|
||||
}
|
||||
|
||||
#------------------------------------------------------------
|
||||
# Modify user's first name and last name if required,
|
||||
# in /etc/passwd using "usermod"
|
||||
#------------------------------------------------------------
|
||||
my $first = $u->prop('FirstName') || "";
|
||||
my $last = $u->prop('LastName') || "";
|
||||
my $first = stringToASCII($u->prop('FirstName') || "");
|
||||
my $last = stringToASCII($u->prop('LastName') || "");
|
||||
my $new_comment = "$first $last";
|
||||
|
||||
unless ($comment eq $new_comment)
|
||||
@@ -119,36 +99,11 @@ foreach my $u (@users)
|
||||
system("/usr/sbin/usermod", "-c", "$first $last", $userName) == 0
|
||||
or ( $x = 255, warn "Failed to modify comment of (unix) account $userName.\n" );
|
||||
}
|
||||
|
||||
my @new_comment = ($new_comment);
|
||||
my @first = ($first);
|
||||
my @last = ($last);
|
||||
$result = $ldap->modify("uid=$userName,ou=Users,$base",
|
||||
replace => {
|
||||
givenName => \@first,
|
||||
sn => \@last,
|
||||
cn => \@new_comment,
|
||||
displayName => \@new_comment
|
||||
}
|
||||
);
|
||||
$result->code && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify comment/name of (ldap) account $userName.\n" );
|
||||
}
|
||||
|
||||
my @new_phone = ($u->prop('Phone')) || ();
|
||||
my @new_company = ($u->prop('Company')) || ();
|
||||
my @new_dept = ($u->prop('Dept')) || ();
|
||||
my @new_city = ($u->prop('City')) || ();
|
||||
my @new_street = ($u->prop('Street')) || ();
|
||||
$result = $ldap->modify("uid=$userName,ou=Users,$base",
|
||||
replace => {
|
||||
telephoneNumber => \@new_phone,
|
||||
o => \@new_company,
|
||||
ou => \@new_dept,
|
||||
l => \@new_city,
|
||||
street => \@new_street
|
||||
}
|
||||
);
|
||||
$result->code && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify email of (ldap) account $userName.\n" );
|
||||
# we do all the test in ldap pm to avoid 3 differents write access, which are costly.
|
||||
$result = $ldap->ldapuser($u);
|
||||
$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify email of (ldap) account $userName.\n" );
|
||||
|
||||
}
|
||||
|
||||
|
@@ -1,16 +1 @@
|
||||
# no packages own wtmp and btmp -- we'll rotate them here
|
||||
/var/log/wtmp \{
|
||||
monthly
|
||||
create 0664 root utmp
|
||||
minsize 1M
|
||||
rotate 1
|
||||
\}
|
||||
|
||||
/var/log/btmp \{
|
||||
missingok
|
||||
monthly
|
||||
create 0600 root utmp
|
||||
rotate 1
|
||||
\}
|
||||
|
||||
# system-specific logs may be also be configured here.
|
||||
|
@@ -2,7 +2,7 @@ password sufficient pam_unix.so nullok md5 shadow
|
||||
{
|
||||
my $status = $ldap{Authentication} || 'disabled';
|
||||
return unless $status eq 'enabled';
|
||||
$OUT .= "password sufficient pam_ldap.so use_authtok";
|
||||
$OUT .= "password sufficient pam_ldap.so";
|
||||
}
|
||||
password required pam_deny.so
|
||||
|
||||
|
@@ -1,4 +1,6 @@
|
||||
session required pam_limits.so
|
||||
-session optional pam_systemd.so
|
||||
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet_success use_uid
|
||||
session required pam_unix.so
|
||||
{
|
||||
my $status = $ldap{Authentication} || 'disabled';
|
||||
|
@@ -0,0 +1,3 @@
|
||||
# PPPOE needs this if using kernel space with rp-pppoe.se plugin
|
||||
/sbin/iptables -t mangle -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
|
||||
|
@@ -0,0 +1 @@
|
||||
LINUX_PLUGIN=/usr/lib64/pppd/2.4.5/rp-pppoe.so
|
@@ -0,0 +1,10 @@
|
||||
{
|
||||
$is_vlan = "no";
|
||||
if ( ( exists $ExternalInterface{VLAN} && $ExternalInterface{VLAN} =~ /^\d+$/ ) && ($is_external || ( $ExternalInterface{Configuration} eq "pppoe") && $pppoe{PhysicalInterface} eq $THIS_DEVICE ) )
|
||||
{
|
||||
$ifup_this_device = "yes";
|
||||
$is_vlan = "yes";
|
||||
}
|
||||
|
||||
"";
|
||||
}
|
@@ -0,0 +1,4 @@
|
||||
{
|
||||
return unless ($is_vlan eq "yes");
|
||||
$OUT = "VLAN=yes\n";
|
||||
}
|
@@ -1 +1 @@
|
||||
SYSLOGD_OPTIONS="-c 5"
|
||||
SYSLOGD_OPTIONS=""
|
||||
|
@@ -11,7 +11,7 @@ foreach my $service ($c->get_all_by_prop(type => 'service')){
|
||||
my $multiple = $servicename;
|
||||
($multiple = $servicename ) =~ s/([a-zA-Z0-9\-_.]+@)(.*)/$1.service/ if ( $servicename =~ /@/ );
|
||||
|
||||
$OUT .= "# Systemd service file does not exist : " unless -e "/usr/lib/systemd/system/$servicename" || -e "/etc/lib/systemd/system/$servicename" || -e "/usr/lib/systemd/system/$multiple";
|
||||
$OUT .= "# Systemd service file does not exist : " unless -e "/usr/lib/systemd/system/$servicename" || -e "/etc/systemd/system/$servicename" || -e "/usr/lib/systemd/system/$multiple";
|
||||
$OUT .= "$status $servicename\n";
|
||||
$OUT .= "$status $multiple\n" unless $multiple eq $servicename ;
|
||||
|
||||
|
@@ -4,6 +4,8 @@
|
||||
use Date::Parse;
|
||||
use Cwd;
|
||||
use Net::IP qw(ip_is_ipv4 ip_is_ipv6);
|
||||
use esmith::Logger;
|
||||
tie *FH, 'esmith::Logger';
|
||||
my $here = getcwd;
|
||||
|
||||
my $Country = $modSSL{Country} || "--";
|
||||
@@ -52,16 +54,16 @@
|
||||
my $key_md5 = `openssl rsa -noout -modulus -in $key | openssl md5`;
|
||||
|
||||
if ( ($ttl_days > 2) && ( "$crt_md5" eq "$key_md5" ) ) {
|
||||
my $expected_issuer = '/C='.$Country .
|
||||
'/ST='.$State;
|
||||
$expected_issuer .= '/L=' . ($defaultCity ? $defaultCity : 'Default City');
|
||||
$expected_issuer .= '/O=' . ($defaultCompany ? $defaultCompany : 'Default Company Ltd');
|
||||
$expected_issuer .= "/OU=$defaultDepartment" if $defaultDepartment;
|
||||
$expected_issuer .= "/CN=$commonName" .
|
||||
"/emailAddress=$email";
|
||||
my $expected_issuer = 'C = '.$Country .
|
||||
', ST = '.$State;
|
||||
$expected_issuer .= ', L = ' . ($defaultCity ? $defaultCity : 'Default City');
|
||||
$expected_issuer .= ', O = ' . ($defaultCompany ? $defaultCompany : 'Default Company Ltd');
|
||||
$expected_issuer .= ", OU = $defaultDepartment" if $defaultDepartment;
|
||||
$expected_issuer .= ", CN = $commonName" .
|
||||
", emailAddress = $email";
|
||||
my $issuer = `openssl x509 -issuer -noout -in $crt`;
|
||||
chomp $issuer;
|
||||
$issuer =~ s/^issuer= //;
|
||||
$issuer =~ s/^issuer=//;
|
||||
my $signatureAlg = `openssl x509 -text -noout -in $crt | grep "Signature Algorithm" | head -1`;
|
||||
chomp $signatureAlg;
|
||||
$signatureAlg =~ s/^ *Signature Algorithm: //;
|
||||
@@ -70,6 +72,9 @@
|
||||
# openssl x509 -text -noout -in /etc/dehydrated/certs/domain/cert.pem | sed -ne '/X509v3 Subject Alternative Name/{ N;s/^.*\n//;:a;s/^\( *\)\(.*\), /\2,\1/;ta;p;q; }'
|
||||
$expected_subjectAltName = `openssl x509 -text -noout -in $crt | sed -ne '/X509v3 Subject Alternative Name/{ N;s/^.*\\n//;:a;s/^\\( *\\)\\(.*\\), /\\2,\\1/;ta;p;q; }'`;
|
||||
chomp $expected_subjectAltName;
|
||||
print FH "Self-Signed Cert: $issuer\n expected $expected_issuer" unless ($issuer eq $expected_issuer);
|
||||
print FH "Self-Signed Cert: $signatureAlg "unless ($signatureAlg ne "sha1WithRSAEncryption");
|
||||
print FH "Self-Signed Cert: $subjectAltName\n expected: $expected_subjectAltName" unless ($subjectAltName eq $expected_subjectAltName);
|
||||
if (
|
||||
($issuer eq $expected_issuer)
|
||||
&& ($signatureAlg ne "sha1WithRSAEncryption")
|
||||
@@ -117,4 +122,5 @@
|
||||
}
|
||||
close(SSL) or die "Closing openssl pipe reported: $!";
|
||||
chdir $here;
|
||||
close FH;
|
||||
}
|
||||
|
@@ -42,7 +42,7 @@
|
||||
/proc/interrupts
|
||||
/proc/ioports
|
||||
/proc/bus/pci/devices
|
||||
/proc/rtc
|
||||
/proc/driver/rtc
|
||||
/proc/uptime
|
||||
)),
|
||||
"$KeySize")
|
||||
|
@@ -0,0 +1,18 @@
|
||||
# SPDX-License-Identifier: LGPL-2.1+
|
||||
#
|
||||
# This file is part of systemd.
|
||||
#
|
||||
# systemd is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU Lesser General Public License as published by
|
||||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# When bonding module is loaded, it creates bond0 by default due to max_bonds
|
||||
# option default value 1. This interferes with the network configuration
|
||||
# management / networkd, as it is not possible to detect whether this bond0 was
|
||||
# intentionally configured by the user, or should be managed by
|
||||
# networkd/NM/etc. Therefore disable bond0 creation.
|
||||
# KOOZALI SME Server we do use it, and do not use NM, so enabling
|
||||
options bonding max_bonds=1
|
||||
|
||||
|
@@ -0,0 +1,5 @@
|
||||
# Do the same for dummy0.
|
||||
# KOOZALI SME Server,we do use it too, so enabling
|
||||
|
||||
options dummy numdummies=1
|
||||
|
@@ -0,0 +1 @@
|
||||
plugin /usr/lib64/pppd/2.4.5/rp-pppoe.so
|
@@ -0,0 +1,2 @@
|
||||
# add pppoe module
|
||||
/sbin/modprobe pppoe
|
@@ -2,7 +2,7 @@
|
||||
missingok
|
||||
sharedscripts
|
||||
postrotate
|
||||
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
|
||||
/usr/bin/systemctl -s HUP kill rsyslog.service >/dev/null 2>&1 || true
|
||||
endscript
|
||||
}
|
||||
|
||||
|
1
root/etc/modules-load.d/vlan.conf
Normal file
1
root/etc/modules-load.d/vlan.conf
Normal file
@@ -0,0 +1 @@
|
||||
8021q
|
1
root/etc/tmpfiles.d/portreserve.conf
Normal file
1
root/etc/tmpfiles.d/portreserve.conf
Normal file
@@ -0,0 +1 @@
|
||||
d /run/portreserve 0755 root root 10d
|
4
root/sbin/e-smith/systemd/network-pre
Normal file
4
root/sbin/e-smith/systemd/network-pre
Normal file
@@ -0,0 +1,4 @@
|
||||
#!/bin/bash
|
||||
# make sure that dummy driver is enabled
|
||||
/usr/sbin/lsmod |/usr/bin/grep -q dummy || /usr/sbin/modprobe dummy numdummies=1
|
||||
|
@@ -2,7 +2,7 @@
|
||||
Description=SME server bootstrap-console
|
||||
DefaultDependencies=no
|
||||
Conflicts=shutdown.target
|
||||
After=livesys.service plymouth-quit-wait.service
|
||||
After=livesys.service
|
||||
After=systemd-vconsole-setup.service
|
||||
Before=getty@tty1.service
|
||||
Before=shutdown.target
|
||||
|
@@ -7,6 +7,7 @@ Conflicts=NetworkManager.service
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStartPre=/sbin/e-smith/systemd/network-pre
|
||||
ExecStart=/etc/rc.d/init.d/network start
|
||||
ExecStop=/etc/rc.d/init.d/network stop
|
||||
ExecReload=/etc/rc.d/init.d/network restart
|
||||
|
@@ -559,9 +559,37 @@ ETHERNET_EXTERNAL:
|
||||
goto ETHERNET_EXTERNAL;
|
||||
}
|
||||
|
||||
goto ETHERNET_EXTERNAL_VLAN;# was SERVER_GATEWAY_DEDICATED;
|
||||
}
|
||||
#------------------------------------------------------------
|
||||
ETHERNET_EXTERNAL_VLAN:
|
||||
#------------------------------------------------------------
|
||||
{
|
||||
($rc, $choice) = $console->input_page
|
||||
(
|
||||
title => gettext("Select External Interface VLAN"),
|
||||
text =>
|
||||
gettext("Your ISP might have provided you a VLAN to use, if not leave empty."),
|
||||
value => $db->get_prop('ExternalInterface', 'VLAN') || ""
|
||||
);
|
||||
|
||||
goto ETHERNET_EXTERNAL unless ($rc == 0);
|
||||
# sanitize if a previous VLAN is present
|
||||
my $extIF = $db->get_prop('ExternalInterface', 'Name');
|
||||
$extIF =~ s/\.\d+$//;
|
||||
if ( $choice =~ /^\d+$/ )
|
||||
{
|
||||
$db->set_prop('ExternalInterface', 'VLAN', $choice );
|
||||
$db->set_prop('ExternalInterface', 'Name', $extIF . ".$choice") unless $db->get_prop('ExternalInterface', 'Name') =~ /\.$choice$/;
|
||||
}
|
||||
else
|
||||
{
|
||||
$db->delete_prop('ExternalInterface', 'VLAN');
|
||||
$db->set_prop('ExternalInterface', 'Name',$extIF);
|
||||
}
|
||||
|
||||
goto SERVER_GATEWAY_DEDICATED;
|
||||
}
|
||||
|
||||
#------------------------------------------------------------
|
||||
SERVER_GATEWAY_DEDICATED:
|
||||
#------------------------------------------------------------
|
||||
|
@@ -6,18 +6,26 @@ use esmith::ConfigDB;
|
||||
|
||||
|
||||
our @ISA = qw(Exporter);
|
||||
our @EXPORT = qw( key_exists_good_size cert_exists_good_size cert_is_cert key_is_key related_key_cert);
|
||||
our @EXPORT = qw( key_exists_good_size cert_exists_good_size cert_is_cert key_is_key related_key_cert SSLproto SSLprotoApache SSLprotoComa SSLprotoHyphen SSLprotoMin SSLprotoLDAP SSLprotoQpsmtpd $smeCiphers $smeSSLprotocol %existingSSLprotos);
|
||||
|
||||
my $configdb = esmith::ConfigDB->open_ro or die "Could not open accounts db";
|
||||
our $SystemName = $configdb->get('SystemName')->value;
|
||||
our $DomainName = $configdb->get('DomainName')->value;
|
||||
our $FQDN = "$SystemName.$DomainName";
|
||||
|
||||
# test key size
|
||||
# test key exists
|
||||
#default cipher list
|
||||
our $smeCiphers = "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:!ADH:!SSLv2:!ADH:!aNULL:!MD5:!RC4";
|
||||
#default protocol list
|
||||
# 2024 phase out : TLS 1.1 and 1.0 ; insuficient: SSL 3.0, 2.0 and 1.0
|
||||
our $smeSSLprotocol = "TLSv1.2 TLSv1.3";
|
||||
|
||||
# SSLv2 and SSLv3 are not available in el8 openssl-1.1.1, while -ssl3 still in man page
|
||||
# it will throw Option unknown option -ssl3
|
||||
our %existingSSLprotos=%{ {'SSLv3'=>1, 'TLSv1'=>1, 'TLSv1.1'=>1, 'TLSv1.2'=>1, 'TLSv1.3'=>1}};
|
||||
|
||||
=head1 NAME
|
||||
|
||||
esmith::php - A few tools to help with php-fpm installed versions
|
||||
esmith::ssl - A few tools to help with ssl handling
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
@@ -42,6 +50,7 @@ returns 0 if key is missing or wrong size
|
||||
returns 1 if key exists and key size is correct
|
||||
|
||||
=cut
|
||||
|
||||
sub key_exists_good_size {
|
||||
my $configdb = esmith::ConfigDB->open_ro or die "Could not open accounts db";
|
||||
my %modSSL = $configdb->as_hash('modSSL');
|
||||
@@ -53,7 +62,7 @@ sub key_exists_good_size {
|
||||
# check key size openssl rsa -in /home/e-smith/ssl.key/$host.$domain.key -text -noout | sed -rn "s/Private-Key: \((.*) bit\)/\1/p"
|
||||
my $signatureKeySize = `openssl rsa -in $key -text -noout | grep "Private-Key" | head -1`;
|
||||
chomp $signatureKeySize;
|
||||
$signatureKeySize =~ s/^ *Private-Key: \((.*) bit\)/$1/p;
|
||||
$signatureKeySize =~ s/^.*Private-Key: \((.*) bit.*\)/$1/p;
|
||||
if ( $signatureKeySize == $KeySize ) {
|
||||
#print "key size is correct ($KeySize)\n";
|
||||
# key exists and key size is correct, we can proceed
|
||||
@@ -74,8 +83,8 @@ sub key_exists_good_size {
|
||||
# check cert size Public-Key
|
||||
# openssl rsa -noout -modulus -in domain.key | openssl md5
|
||||
# openssl x509 -noout -modulus -in domain.crt | openssl md5
|
||||
|
||||
=cut
|
||||
|
||||
sub cert_exists_good_size {
|
||||
my $configdb = esmith::ConfigDB->open_ro or die "Could not open accounts db";
|
||||
my %modSSL = $configdb->as_hash('modSSL');
|
||||
@@ -86,7 +95,7 @@ sub cert_exists_good_size {
|
||||
#openssl x509 -text -noout -in /home/e-smith/ssl.crt/$host.$domain.crt| sed -rn "s/Public-Key: \((.*) bit\)/\1/p"
|
||||
my $signatureKeySize = `openssl x509 -text -noout -in $crt | grep "Public-Key" | head -1`;
|
||||
chomp $signatureKeySize;
|
||||
$signatureKeySize =~ s/^ *Public-Key: \((.*) bit\)/$1/p;
|
||||
$signatureKeySize =~ s/^.*Public-Key: \((.*) bit\)/$1/p;
|
||||
if ( $signatureKeySize == $KeySize ) {
|
||||
#print "$signatureKeySize\n";
|
||||
# cert is correct size and exists, we can proceed.
|
||||
@@ -99,6 +108,10 @@ sub cert_exists_good_size {
|
||||
return 0;
|
||||
}
|
||||
|
||||
=head2 cert_is_cert
|
||||
check if file is really a certificate
|
||||
=cut
|
||||
|
||||
sub cert_is_cert {
|
||||
my $crt = shift || "/home/e-smith/ssl.crt/$FQDN.crt";
|
||||
if ( -f $crt )
|
||||
@@ -115,6 +128,10 @@ sub cert_is_cert {
|
||||
return 0;
|
||||
}
|
||||
|
||||
=head2 key_is_key
|
||||
check if file is really a key
|
||||
=cut
|
||||
|
||||
sub key_is_key {
|
||||
my $key = shift || "/home/e-smith/ssl.key/$FQDN.key";
|
||||
if ( -f $key )
|
||||
@@ -144,7 +161,8 @@ sub related_key_cert {
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
##TODO migrate those actions from
|
||||
|
||||
##TODO write sub and migrate those actions from template fragments
|
||||
# check cert is related to key
|
||||
# => /etc/e-smith/templates/home/e-smith/ssl.crt
|
||||
# check cert domain and alt
|
||||
@@ -152,3 +170,126 @@ sub related_key_cert {
|
||||
# check is valid / expiry date
|
||||
# => /etc/e-smith/templates/home/e-smith/ssl.crt
|
||||
###################################
|
||||
|
||||
=head2 SSLprotoApache
|
||||
output a list of allowed protocols with apache format
|
||||
e.g. -all +TLSv1.2 +TLSv1.3
|
||||
=cut
|
||||
|
||||
sub SSLprotoApache{
|
||||
my $protocols = " -all +".join(" +",split(" ",$smeSSLprotocol)) ." ";
|
||||
my $configdb = esmith::ConfigDB->open_ro or die "Could not open accounts db";
|
||||
my $httpd = $configdb->get('httpd-e-smith');
|
||||
# SSLv2 and SSLv3 are not available in el8 openssl-1.1.1, while -ssl3 still referenced
|
||||
# it will throw Option unknown option -ssl3
|
||||
#$protocols .= " +SSLv3" if ($httpd->{'SSLv3'} || 'disabled') eq 'enabled';
|
||||
# TODO: a loop using existingSSLprotos
|
||||
$protocols .= " +TLSv1" if ($httpd->{'TLSv1'} || 'disabled') eq 'enabled';
|
||||
$protocols .= " +TLSv1.1" if ($httpd->{'TLSv1.1'} || 'disabled') eq 'enabled';
|
||||
# look closely this is to remove what has been added on first line,
|
||||
# hence the minus sign and reverse logic.
|
||||
$protocols .= " -TLSv1.2" unless ($httpd->{'TLSv1.2'} || 'enabled') eq 'enabled';
|
||||
$protocols .= " -TLSv1.3" unless ($httpd->{'TLSv1.3'} || 'enabled') eq 'enabled';
|
||||
return $protocols;
|
||||
}
|
||||
|
||||
=head2 SSLprotoQpsmtpd
|
||||
output an expected IO::Socket::SSL string to enable
|
||||
only the wanted TLS versions
|
||||
SSLv23:!SSLv2:!SSLv3:!TLSv1:!TLSv1_1
|
||||
=cut
|
||||
|
||||
sub SSLprotoQpsmtpd{
|
||||
my $service= shift || 'qpsmtpd';
|
||||
my $configdb = esmith::ConfigDB->open_ro or die "Could not open accounts db";
|
||||
my %qpsmtpd = %{$configdb->get($service)};
|
||||
# SSLv2 and SSLv3 are not available in el8 openssl-1.1.1, while -ssl3 still referenced
|
||||
# it will throw Option unknown option -ssl3
|
||||
my $protocols = "SSLv23:!SSLv2:!SSLv3";
|
||||
# TODO: a loop using existingSSLprotos and SSLprotoHyphen()
|
||||
$protocols .= ':!TLSv1' unless ($qpsmtpd{'TLSv1'} || 'disabled') eq 'enabled';
|
||||
$protocols .= ':!TLSv1_1' unless ($qpsmtpd{'TLSv1.1'} || 'disabled') eq 'enabled';
|
||||
$protocols .= ':!TLSv1_2' unless ($qpsmtpd{'TLSv1.2'} || 'enabled') eq 'enabled';
|
||||
$protocols .= ':!TLSv1_3' unless ($qpsmtpd{'TLSv1.3'} || 'enabled') eq 'enabled';
|
||||
return $protocols;
|
||||
}
|
||||
|
||||
=head2 SSLproto
|
||||
default display of list of protocol. This is how it will be displayed in
|
||||
httpd.conf and proftpd.conf
|
||||
e.g. TLSv1.2 TLSv1.3
|
||||
=cut
|
||||
|
||||
sub SSLproto{
|
||||
return $smeSSLprotocol;
|
||||
}
|
||||
|
||||
=head2 SSLprotoComa
|
||||
way to display protocols in Mariadb as a string list separated by coma
|
||||
e.g. TLSv1.2,TLSv1.3
|
||||
=cut
|
||||
|
||||
sub SSLprotoComa{
|
||||
my $string = shift || $smeSSLprotocol;
|
||||
$string =~ s/[ :]/,/g;
|
||||
return $string;
|
||||
}
|
||||
|
||||
=head2 SSLprotoHyphen
|
||||
convert TLSv1.2 to TLSv1_2
|
||||
This is the format required by perl IO::Socket::SSL; and as the result by
|
||||
qpsmtpd, uqpsmtpd, sqpsmtpd SME Server services
|
||||
=cut
|
||||
|
||||
sub SSLprotoHyphen {
|
||||
my $string = shift || $smeSSLprotocol;
|
||||
$string =~ s/[ ,]/:/g;
|
||||
$string =~ s/\./_/g;
|
||||
return $string;
|
||||
}
|
||||
|
||||
=head2 SSLprotoMin
|
||||
display only the lower protocol, as expected for dovecot
|
||||
ssl_min_protocol = TLSv1.2
|
||||
# limit : will not handle all or sslv23 as input
|
||||
=cut
|
||||
|
||||
sub SSLprotoMin{
|
||||
my @SSLarray = split(" ",shift || $smeSSLprotocol);
|
||||
my %hash ;
|
||||
foreach my $value (@SSLarray) {
|
||||
my $toto = $value =~ s/(.*)(\d{1})+$/$2/r;
|
||||
# hack for TLS > SSL
|
||||
$toto = ($value =~ /^TLS/) ? "2$toto" : "1$toto";
|
||||
$hash{$toto}=$value ;
|
||||
}
|
||||
my @keys_sorted_by_value = sort { $a <=> $b } keys %hash;
|
||||
my $lowest_value = $keys_sorted_by_value[0] ;
|
||||
return $hash{$lowest_value};
|
||||
}
|
||||
|
||||
=head2 SSLprotoLDAP
|
||||
convert min protocol suported to LDAP format
|
||||
TLSProtocolMin 3.3
|
||||
To require TLS 1.x or higher, set this option to 3.(x+1), e.g., TLSProtocolMin 3.2 would require TLS 1.1.
|
||||
from $smeSSLprotocol = "TLSv1.2 TLSv1.3";
|
||||
=cut
|
||||
|
||||
sub SSLprotoLDAP{
|
||||
# convert to array
|
||||
my @SSLarray = split(" ",shift || $smeSSLprotocol);
|
||||
return "3.0" if (grep /^SSLv3$/, @SSLarray);
|
||||
# TLSv1
|
||||
return "3.1" if (grep /^TLSv1$/ , @SSLarray);
|
||||
# keep only digit after .
|
||||
@SSLarray = grep{ $_ =~ s/(.*)(\d{1})+$/$2/ } @SSLarray;
|
||||
# order
|
||||
@SSLarray = sort @SSLarray;
|
||||
# get lower
|
||||
my $num = $SSLarray[0];
|
||||
# sum 3.1 + 0.$x
|
||||
$num = "0.".$num;
|
||||
# return
|
||||
$num = $num +3.1;
|
||||
return $num;
|
||||
}
|
||||
|
@@ -1,6 +1,6 @@
|
||||
#! /bin/sh
|
||||
|
||||
exec \
|
||||
/usr/local/bin/setuidgid smelog \
|
||||
/usr/local/bin/multilog t s5000000 \
|
||||
/usr/bin/setuidgid smelog \
|
||||
/usr/bin/multilog t s5000000 \
|
||||
/var/log/ippp
|
||||
|
@@ -1,7 +1,7 @@
|
||||
#! /bin/sh
|
||||
|
||||
exec \
|
||||
/usr/local/bin/setuidgid smelog \
|
||||
/usr/local/bin/multilog t s5000000 \
|
||||
/usr/bin/setuidgid smelog \
|
||||
/usr/bin/multilog t s5000000 \
|
||||
/var/log/wan
|
||||
|
||||
|
@@ -29,4 +29,4 @@ exec \
|
||||
/usr/local/bin/softlimit -m $PPPD_MLIMIT \
|
||||
/usr/bin/setsid \
|
||||
/usr/sbin/pppd ${extaddr:+$extaddr:} \
|
||||
file pppoe.pppd.conf
|
||||
file pppoe.pppd.conf ${interface}
|
||||
|
@@ -4,7 +4,7 @@ Summary: smeserver server and gateway - base module
|
||||
%define name smeserver-base
|
||||
Name: %{name}
|
||||
%define version 11.0.0
|
||||
%define release 3
|
||||
%define release 25
|
||||
Version: %{version}
|
||||
Release: %{release}%{?dist}
|
||||
License: GPL
|
||||
@@ -15,10 +15,13 @@ Source: %{name}-%{version}.tar.xz
|
||||
|
||||
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
|
||||
Requires: pwauth
|
||||
Requires: smeserver-lib >= 2.2.0-2
|
||||
Requires: smeserver-lib >= 11.0.0-7
|
||||
Requires: server-manager-images, server-manager
|
||||
Requires: smeserver-formmagick >= 1.4.0-12
|
||||
Requires: plymouth
|
||||
Requires: initscripts >= 6.67-1es17
|
||||
Requires: network-scripts
|
||||
Requires: rsyslog
|
||||
Requires: smeserver-daemontools >= 1.7.1-04
|
||||
Requires: perl(Locale::gettext)
|
||||
Requires: perl(Crypt::Cracklib)
|
||||
@@ -36,6 +39,7 @@ Requires: smeserver-bootloader
|
||||
Requires: mdadm
|
||||
Requires: pv
|
||||
Requires: dhcp-server
|
||||
Requires: dhcp-client
|
||||
Requires: diald
|
||||
Requires: /usr/bin/passwd
|
||||
Requires: nss-pam-ldapd
|
||||
@@ -45,8 +49,12 @@ Requires: bash-completion
|
||||
Requires: smeserver-runit >= 2.6.0-7
|
||||
Requires: smeserver-php >= 3.0.0-22
|
||||
Requires: smeserver-yum >= 2.6.0-43
|
||||
# daemontools bins in use
|
||||
Requires: /usr/bin/softlimit
|
||||
Requires: /usr/bin/setuidgid
|
||||
Requires: /usr/bin/multilog
|
||||
Obsoletes: nss_ldap < 254
|
||||
Requires: cpu >= 1.4.3
|
||||
Obsoletes: cpu
|
||||
Obsoletes: rlinetd, e-smith-mod_ssl
|
||||
Obsoletes: e-smith-serial-console
|
||||
Obsoletes: sshell
|
||||
@@ -60,7 +68,8 @@ BuildRequires: perl, perl(Test::Inline) >= 0.12
|
||||
BuildRequires: smeserver-devtools >= 1.13.1-03
|
||||
BuildRequires: gettext
|
||||
Requires: gdisk
|
||||
|
||||
Requires: ppp
|
||||
Requires: rp-pppoe
|
||||
%define dbfiles accounts configuration domains hosts networks
|
||||
AutoReqProv: no
|
||||
|
||||
@@ -98,6 +107,7 @@ rm -rf $RPM_BUILD_ROOT
|
||||
mkdir -p $RPM_BUILD_ROOT/etc/selinux
|
||||
(cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT)
|
||||
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
|
||||
--file /sbin/e-smith/systemd/network-pre 'attr(0554,root,root)' \
|
||||
--file /sbin/e-smith/systemd/mdmonitor-pre 'attr(0554,root,root)' \
|
||||
--file /sbin/e-smith/systemd/rsyslog-pre 'attr(0554,root,root)' \
|
||||
--file /etc/cron.daily/conf-mod_ssl 'attr(0544,root,root)' \
|
||||
@@ -178,6 +188,88 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Feb 04 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-25.sme
|
||||
- fix boot ordering cycle [SME: 12902]
|
||||
|
||||
* Sun Jan 26 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-24.sme
|
||||
- ippp and wan requires daemontools bins [SME: 12566]
|
||||
|
||||
* Sat Jan 18 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-23.sme
|
||||
- handle all ssl ciphers and protocol in one place esmith::ssl [SME: 12827]
|
||||
this will allow to sync all service default protocol and ciphers
|
||||
in one place.
|
||||
|
||||
* Fri Jan 03 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-21.sme
|
||||
- improve support of systemd service with instance service@instance.service [SME: 12859]
|
||||
|
||||
* Thu Jan 02 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-20.sme
|
||||
- Primary default to SSL required and redirect [SME: 12858]
|
||||
- cleanup remove primary=system [SME: 8268]
|
||||
|
||||
* Tue Dec 31 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-19.sme
|
||||
- fix www removed from shared on group creation [SME: 12848]
|
||||
|
||||
* Mon Dec 23 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-18.sme
|
||||
- add vlan support on External Interface [SME: 12677]
|
||||
- fix typo [SME: 12763]
|
||||
|
||||
* Mon Dec 23 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-16.sme
|
||||
- add kernel module support for rp-pppoe plugin [SME: 12678]
|
||||
will allow faster fiber connexion when using multiple queue interface (RSS)
|
||||
set-gateway-ip will propagate both wan and diald ip
|
||||
run.pppoe call an interface
|
||||
|
||||
* Sat Dec 21 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-15.sme
|
||||
- fix use of passwd command when ldap auth enabled [SME: 6453]
|
||||
- delete spool file only if exists to avoid error [SME: 12763]
|
||||
|
||||
* Mon Sep 23 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-14.sme
|
||||
- fix result variable not initialized [SME: 12663]
|
||||
|
||||
* Sun Sep 22 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-13.sme
|
||||
- fix mail spool perms [SME: 12654]
|
||||
- fix motd noise related to cockpit [SME: 12575]
|
||||
- fix /run vs /var/run temps dir noise [SME: 12639]
|
||||
|
||||
* Wed Aug 14 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-12.sme
|
||||
- fix 3 regressions from SME10 [SME: 12654]
|
||||
fix www missing from shared and few groups [SME: 12146]
|
||||
fix group deletion leaves mail spool file [SME: 12431]
|
||||
fix path to /etc/systemd for seeking service files [SME: 12421]
|
||||
|
||||
* Tue Aug 13 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-11.sme
|
||||
- fix new systemd.log does not fill after log rotate [SME: 12688]
|
||||
|
||||
* Wed May 15 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-10.sme
|
||||
- fix user@0.service failed to start [SME: 12568]
|
||||
- stop loging in audit crond success
|
||||
- drop cpu and use esmith:util::ldap [SME: 12663]
|
||||
|
||||
* Wed Apr 17 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-9.sme
|
||||
- fix self-signed cert renewd when not necessary [SME: 12606]
|
||||
|
||||
* Tue Apr 16 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-8.sme
|
||||
- add requirement for ppp [SME: 12622]
|
||||
- add requirement for rp-pppoe [SME: 12628]
|
||||
- enable modprobe dummy and bond [SME: 12627]
|
||||
|
||||
* Sat Apr 13 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-7.sme
|
||||
- fix init-accounts [SME: 12546]
|
||||
|
||||
* Thu Apr 04 2024 Brian Read <brianr@koozali.org> 11.0.0-6.sme
|
||||
- Update createlinks to create smeserver-package-update event[SME: 12579]
|
||||
|
||||
* Thu Apr 04 2024 Brian Read <brianr@koozali.org> 11.0.0-5.sme
|
||||
- Set license file to GPL2.0 [SME: 12577]
|
||||
|
||||
* Tue Mar 26 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-4.sme
|
||||
- fix networking [SME: 12541]
|
||||
- require rsyslog [SME: 12544]
|
||||
- remove unsupported rsyslog option -c [SME: 12545]
|
||||
- remove duplicate entry logrotate for btmp and wtmp [SME: 12547]
|
||||
- rework systemd-default script (error and smartmatches) [SME: 12543]
|
||||
- fix self signed cert templates [SME: 12551]
|
||||
|
||||
* Sat Mar 23 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-3.sme
|
||||
- fix requirement for el8 SME11 [SME: 12521]
|
||||
|
||||
|
Reference in New Issue
Block a user