added configuration adjustment for prodtpd if renew-hook for lets enc…

…rypt is used; updater-compatibility if gui_access field is not present yet (froxlor <2.2); removed depercated gentoo config templates Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
froxlor · Jan 14, 2024 · f420551 · f420551
1 parent 854c930
commit f420551
Show file tree

Hide file tree

Showing 8 changed files with 43 additions and 2,913 deletions.
diff --git a/index.php b/index.php
@@ -165,12 +165,16 @@
 		$loginname = Validate::validate($_POST['loginname'], 'loginname');
 		$password = Validate::validate($_POST['password'], 'password');
 
+		$select_additional = '';
+		if (Settings::Get('panel.db_version') >= 202312230) {
+			$select_additional = ' AND `gui_access` = 1';
+		}
 		$stmt = Database::prepare("
 			SELECT `loginname` AS `customer`
 			FROM `" . TABLE_PANEL_CUSTOMERS . "`
-			WHERE `loginname`= :loginname
-			AND `gui_access` = 1
-		");
+			WHERE `loginname`= :loginname" .
+			$select_additional
+		);
 		Database::pexecute($stmt, [
 			"loginname" => $loginname
 		]);
@@ -243,12 +247,16 @@
 					exit();
 				}
 			} else {
+				$select_additional = '';
+				if (Settings::Get('panel.db_version') >= 202312230) {
+					$select_additional = ' AND `gui_access` = 1';
+				}
 				$stmt = Database::prepare("
 					SELECT `loginname` AS `admin`
 					FROM `" . TABLE_PANEL_ADMINS . "`
-					WHERE `loginname`= :loginname
-					AND `gui_access` = 1
-				");
+					WHERE `loginname`= :loginname" .
+					$select_additional
+				);
 				Database::pexecute($stmt, [
 					"loginname" => $loginname
 				]);

diff --git a/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php b/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php
@@ -621,6 +621,7 @@ private static function runAcmeSh(array $certrow, array $domains, &$cronlog = nu
 					$certificate_folder = self::getCertificateFolder(strtolower(Settings::Get('system.hostname')));
 					$fullchain = FileDir::makeCorrectFile($certificate_folder . '/fullchain.cer');
 					$keyfile = FileDir::makeCorrectFile($certificate_folder . '/' . strtolower(Settings::Get('system.hostname')) . '.key');
+					$ca_file = FileDir::makeCorrectFile($certificate_folder . '/ca.cer');
 
 					if (Settings::IsInList('system.le_renew_services', 'postfix')) {
 						// "postconf -e" for postfix
@@ -641,7 +642,23 @@ private static function runAcmeSh(array $certrow, array $domains, &$cronlog = nu
 						file_put_contents($dovecot_conf, $ssl_content);
 					}
 					if (Settings::IsInList('system.le_renew_services', 'proftpd')) {
-						// @todo
+						$proftpd_conf = '/etc/proftpd/tls.conf'; // @fixme setting?
+						if (strpos($certificate_folder, '_ecc') === false) {
+							// comment out RSA related settings
+							FileDir::safe_exec("sed -i.bak 's|^TLSRSACertificateFile|# TLSRSACertificateFile|' " . escapeshellarg($proftpd_conf));
+							FileDir::safe_exec("sed -i.bak 's|^TLSRSACertificateKeyFile|# TLSRSACertificateKeyFile|' " . escapeshellarg($proftpd_conf));
+							// add ECC directives
+							FileDir::safe_exec("sed -i.bak 's|^#\?\s\?TLSECCertificateFile.*|TLSECCertificateFile " . $fullchain . "|' " . escapeshellarg($proftpd_conf));
+							FileDir::safe_exec("sed -i.bak 's|^#\?\s\?TLSECCertificateKeyFile.*|TLSECCertificateKeyFile " . $keyfile . "|' " . escapeshellarg($proftpd_conf));
+						} else {
+							// comment out ECC related settings
+							FileDir::safe_exec("sed -i.bak 's|^TLSECCertificateFile|# TLSECCertificateFile|' " . escapeshellarg($proftpd_conf));
+							FileDir::safe_exec("sed -i.bak 's|^TLSECCertificateKeyFile|# TLSECCertificateKeyFile|' " . escapeshellarg($proftpd_conf));
+							// add RSA directives
+							FileDir::safe_exec("sed -i.bak 's|^#\?\s\?TLSRSACertificateFile.*|TLSRSACertificateFile " . $fullchain . "|' " . escapeshellarg($proftpd_conf));
+							FileDir::safe_exec("sed -i.bak 's|^#\?\s\?TLSRSACertificateKeyFile.*|TLSRSACertificateKeyFile " . $keyfile . "|' " . escapeshellarg($proftpd_conf));
+						}
+						FileDir::safe_exec("sed -i.bak 's|^#\?\s\?TLSCACertificateFile.*|TLSCACertificateFile " . $ca_file . "|' " . escapeshellarg($proftpd_conf));
 					}
 					// reload the services
 					FileDir::safe_exec(Settings::Get('system.le_renew_hook'));

diff --git a/lib/Froxlor/Install/Install/Core.php b/lib/Froxlor/Install/Install/Core.php
@@ -431,23 +431,14 @@ private function doSettings(object &$db_user)
 
 		// check currently used php version and set values of fpm/fcgid accordingly
 		if (defined('PHP_MAJOR_VERSION') && defined('PHP_MINOR_VERSION')) {
-			// gentoo specific
-			if ($this->validatedData['distribution'] == 'gentoo') {
-				// php-fpm
-				$reload = "/etc/init.d/php-fpm restart";
-				$config_dir = "/etc/php/fpm-php" . PHP_MAJOR_VERSION . "." . PHP_MINOR_VERSION . "/fpm.d/";
-				// fcgid
-				$binary = "/usr/bin/php-cgi";
+			// php-fpm
+			$reload = "service php" . PHP_MAJOR_VERSION . "." . PHP_MINOR_VERSION . "-fpm restart";
+			$config_dir = "/etc/php/" . PHP_MAJOR_VERSION . "." . PHP_MINOR_VERSION . "/fpm/pool.d/";
+			// fcgid
+			if ($this->validatedData['distribution'] == 'bookworm') {
+				$binary = "/usr/bin/php-cgi" . PHP_MAJOR_VERSION . "." . PHP_MINOR_VERSION;
 			} else {
-				// php-fpm
-				$reload = "service php" . PHP_MAJOR_VERSION . "." . PHP_MINOR_VERSION . "-fpm restart";
-				$config_dir = "/etc/php/" . PHP_MAJOR_VERSION . "." . PHP_MINOR_VERSION . "/fpm/pool.d/";
-				// fcgid
-				if ($this->validatedData['distribution'] == 'bookworm') {
-					$binary = "/usr/bin/php-cgi" . PHP_MAJOR_VERSION . "." . PHP_MINOR_VERSION;
-				} else {
-					$binary = "/usr/bin/php" . PHP_MAJOR_VERSION . "." . PHP_MINOR_VERSION . "-cgi";
-				}
+				$binary = "/usr/bin/php" . PHP_MAJOR_VERSION . "." . PHP_MINOR_VERSION . "-cgi";
 			}
 			$db_user->query("UPDATE `" . TABLE_PANEL_FPMDAEMONS . "` SET `reload_cmd` = '" . $reload . "', `config_dir` = '" . $config_dir . "' WHERE `id` ='1';");
 			$db_user->query("UPDATE `" . TABLE_PANEL_PHPCONFIGS . "` SET `binary` = '" . $binary . "';");

diff --git a/lib/configfiles/bookworm.xml b/lib/configfiles/bookworm.xml
@@ -3056,6 +3056,7 @@ TLSRSACertificateFile                   /etc/ssl/certs/proftpd.crt
 TLSRSACertificateKeyFile                /etc/ssl/private/proftpd.key
 TLSECCertificateFile                    /etc/ssl/certs/proftpd_ec.crt
 TLSECCertificateKeyFile                 /etc/ssl/private/proftpd_ec.key
+# TLSCACertificateFile
 TLSOptions                              NoSessionReuseRequired
 TLSVerifyClient                         off
 

diff --git a/lib/configfiles/bullseye.xml b/lib/configfiles/bullseye.xml
@@ -4624,6 +4624,7 @@ TLSRSACertificateFile                   /etc/ssl/certs/proftpd.crt
 TLSRSACertificateKeyFile                /etc/ssl/private/proftpd.key
 TLSECCertificateFile                    /etc/ssl/certs/proftpd_ec.crt
 TLSECCertificateKeyFile                 /etc/ssl/private/proftpd_ec.key
+# TLSCACertificateFile
 TLSOptions                              NoSessionReuseRequired
 TLSVerifyClient                         off
 

diff --git a/lib/configfiles/focal.xml b/lib/configfiles/focal.xml
@@ -3843,6 +3843,7 @@ TLSRSACertificateFile                   /etc/ssl/certs/proftpd.crt
 TLSRSACertificateKeyFile                /etc/ssl/private/proftpd.key
 TLSECCertificateFile                    /etc/ssl/certs/proftpd_ec.crt
 TLSECCertificateKeyFile                 /etc/ssl/private/proftpd_ec.key
+# TLSCACertificateFile
 TLSOptions                              NoSessionReuseRequired
 TLSVerifyClient                         off