diff --git a/README.md b/README.md index 0226d60..bf61770 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ Roundcube for YunoHost [Roundcube](https://roundcube.net/) is a browser-based multilingual IMAP client with an application-like user interface. -**Shipped version:** 1.2.3 +**Shipped version:** 1.2.5 ![](https://roundcube.net/images/screens/mailview.jpg) @@ -48,10 +48,10 @@ Let's say for example that we want to install the $ sudo -i ``` -2. Log in as the `www-data` user - which owns the roundcube directory - and navigate +2. Log in as the `roundcube` user - which owns the roundcube directory - and navigate in it: ``` - # su -s /bin/bash - www-data + # su -s /bin/bash - roundcube $ cd /var/www/roundcube ``` @@ -74,7 +74,7 @@ steps as needed. #### Manual installation You can also download the plugin and put it under the `plugins/` directory. In this -case, do not forget to change ownerships of this folder to `www-data`. +case, do not forget to change ownerships of this folder to `roundcube`. ## Links diff --git a/check_process b/check_process index b6daece..4ca01a5 100644 --- a/check_process +++ b/check_process @@ -1,9 +1,9 @@ ;; Test complet - auto_remove=1 ; Manifest domain="domain.tld" (DOMAIN) path="/path" (PATH) with_carddav=1 + with_enigma=1 ; Checks pkg_linter=1 setup_sub_dir=1 @@ -14,22 +14,22 @@ upgrade=1 backup_restore=1 multi_instance=1 - wrong_user=1 - wrong_path=1 incorrect_path=1 - corrupt_source=0 - fail_download_source=0 port_already_use=0 - final_path_already_use=0 + change_url=0 ;;; Levels Level 1=auto Level 2=auto Level 3=auto -# Niveau 4 à 1, mais c'est à confirmé par le mainteneur de l'application. +# https://github.com/YunoHost-Apps/roundcube_ynh/blob/master/conf/config.inc.php#L103-L118 Level 4=1 - Level 5=auto +# https://github.com/YunoHost-Apps/roundcube_ynh/issues/10 + Level 5=1 Level 6=auto Level 7=auto Level 8=0 Level 9=0 Level 10=0 +;;; Options +Email= +Notification=none diff --git a/conf/app.src b/conf/app.src new file mode 100644 index 0000000..417b0a2 --- /dev/null +++ b/conf/app.src @@ -0,0 +1,6 @@ +SOURCE_URL=https://github.com/roundcube/roundcubemail/releases/download/1.3.0/roundcubemail-1.3.0.tar.gz +SOURCE_SUM=a37e55a3b5f83420930ae20ef3ac6dbedb499c920bbcf3fc93a8f784f7773d21 +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=tar.gz +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= \ No newline at end of file diff --git a/conf/nginx.conf b/conf/nginx.conf index 84b835f..4d3f57a 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,5 +1,5 @@ -location #PATH# { - alias #DESTDIR#; +location __PATH__ { + alias __FINALPATH__/; if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; @@ -13,7 +13,7 @@ location #PATH# { location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php5-fpm-roundcube.sock; + fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; fastcgi_index index.php; fastcgi_param REMOTE_USER $remote_user; fastcgi_param PATH_INFO $fastcgi_path_info; @@ -26,15 +26,15 @@ location #PATH# { } # prevent useless logs -location #PATH#/favicon.ico { +location __PATH__/favicon.ico { access_log off; log_not_found off; } # deny access to sensitive files -location ~ ^#PATH#/(config|temp|logs)/ { +location ~ ^__PATH__/(config|temp|logs)/ { deny all; } -location ~ ^#PATH#/(.+/|)\. { +location ~ ^__PATH__/(.+/|)\. { deny all; } diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index 47b2ac1..7bad39e 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -1,7 +1,7 @@ ; Start a new pool named 'www'. ; the variable $pool can we used in any directive and will be replaced by the ; pool name ('www' here) -[#POOLNAME#] +[__NAMETOCHANGE__] ; Per pool prefix ; It only applies on the following directives: @@ -16,6 +16,12 @@ ; Default Value: none ;prefix = /path/to/pools/$pool +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = __USER__ +group = __USER__ + ; The address on which to accept FastCGI requests. ; Valid syntaxes are: ; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on @@ -24,12 +30,21 @@ ; specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -listen = /var/run/php5-fpm-#POOLNAME#.sock +listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock -; Set listen(2) backlog. A value of '-1' means unlimited. +; Set listen(2) backlog. ; Default Value: 128 (-1 on FreeBSD and OpenBSD) -;listen.backlog = -1 +;listen.backlog = 128 +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = www-data +listen.group = www-data +;listen.mode = 0660 + ; List of ipv4 addresses of FastCGI clients which are allowed to connect. ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address @@ -38,26 +53,20 @@ listen = /var/run/php5-fpm-#POOLNAME#.sock ; Default Value: any ;listen.allowed_clients = 127.0.0.1 -; Set permissions for unix socket, if one is used. In Linux, read/write -; permissions must be set in order to allow connections from a web server. Many -; BSD-derived systems allow connections regardless of permissions. -; Default Values: user and group are set as the running user -; mode is set to 0666 -listen.owner = www-data -listen.group = www-data -listen.mode = 0600 - -; Unix user/group of processes -; Note: The user is mandatory. If the group is not set, the default user's group -; will be used. -user = www-data -group = www-data +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; priority = -19 ; Choose how the process manager will control the number of child processes. ; Possible Values: ; static - a fixed number (pm.max_children) of child processes; ; dynamic - the number of child processes are set dynamically based on the -; following directives: +; following directives. With this process management, there will be +; always at least 1 children. ; pm.max_children - the maximum number of children that can ; be alive at the same time. ; pm.start_servers - the number of children created on startup. @@ -69,34 +78,46 @@ group = www-data ; state (waiting to process). If the number ; of 'idle' processes is greater than this ; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. ; Note: This value is mandatory. pm = dynamic ; The number of child processes to be created when pm is set to 'static' and the -; maximum number of child processes to be created when pm is set to 'dynamic'. +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. ; This value sets the limit on the number of simultaneous requests that will be ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP -; CGI. -; Note: Used when pm is set to either 'static' or 'dynamic' +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' ; Note: This value is mandatory. -pm.max_children = 6 +pm.max_children = 10 ; The number of child processes created on startup. ; Note: Used only when pm is set to 'dynamic' ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 -pm.start_servers = 3 +pm.start_servers = 2 ; The desired minimum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.min_spare_servers = 3 +pm.min_spare_servers = 1 ; The desired maximum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.max_spare_servers = 5 +pm.max_spare_servers = 3 +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + ; The number of requests each child process should execute before respawning. ; This can be useful to work around memory leaks in 3rd party libraries. For ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. @@ -104,39 +125,104 @@ pm.max_spare_servers = 5 pm.max_requests = 500 ; The URI to view the FPM status page. If this value is not set, no URI will be -; recognized as a status page. By default, the status page shows the following -; information: -; accepted conn - the number of request accepted by the pool; +; recognized as a status page. It shows the following informations: ; pool - the name of the pool; -; process manager - static or dynamic; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; ; idle processes - the number of idle processes; ; active processes - the number of active processes; -; total processes - the number of idle + active processes. +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; ; max children reached - number of times, the process limit has been reached, ; when pm tries to start more children (works only for -; pm 'dynamic') -; The values of 'idle processes', 'active processes' and 'total processes' are -; updated each second. The value of 'accepted conn' is updated in real time. +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. ; Example output: -; accepted conn: 12073 ; pool: www ; process manager: static -; idle processes: 35 -; active processes: 65 -; total processes: 100 -; max children reached: 1 +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; ; By default the status page output is formatted as text/plain. Passing either -; 'html' or 'json' as a query string will return the corresponding output -; syntax. Example: +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: ; http://www.foo.bar/status ; http://www.foo.bar/status?json ; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: ${prefix}/share/fpm/status.html +; ; Note: The value must start with a leading slash (/). The value can be ; anything, but it may not be a good idea to use the .php extension or it ; may conflict with a real PHP file. -; Default Value: not set -pm.status_path = /fpm-status - +; Default Value: not set +;pm.status_path = /status + ; The ping URI to call the monitoring page of FPM. If this value is not set, no ; URI will be recognized as a ping page. This could be used to test from outside ; that FPM is alive and responding, or to @@ -147,56 +233,115 @@ pm.status_path = /fpm-status ; anything, but it may not be a good idea to use the .php extension or it ; may conflict with a real PHP file. ; Default Value: not set -ping.path = /ping +;ping.path = /ping ; This directive may be used to customize the response of a ping request. The ; response is formatted as text/plain with a 200 response code. ; Default Value: pong ;ping.response = pong -; The timeout for serving a single request after which the worker process will -; be killed. This option should be used when the 'max_execution_time' ini option -; does not stop script execution for some reason. A value of '0' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 -request_terminate_timeout = 120s +; The access log file +; Default: not set +;access.log = log/$pool.access.log +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: ouput header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log + ; The timeout for serving a single request after which a PHP backtrace will be ; dumped to the 'slowlog' file. A value of '0s' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 request_slowlog_timeout = 5s - -; The log file for slow requests -; Default Value: not set -; Note: slowlog is mandatory if request_slowlog_timeout is set -slowlog = /var/log/nginx/#POOLNAME#.slow.log - + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_terminate_timeout = 1d + ; Set open file descriptor rlimit. ; Default Value: system defined value -rlimit_files = 4096 - +;rlimit_files = 1024 + ; Set max core size rlimit. ; Possible Values: 'unlimited' or an integer greater or equal to 0 ; Default Value: system defined value -rlimit_core = 0 - +;rlimit_core = 0 + ; Chroot to this directory at the start. This value must be defined as an ; absolute path. When this value is not set, chroot is not used. ; Note: you can prefix with '$prefix' to chroot to the pool prefix or one ; of its subdirectories. If the pool prefix is not set, the global prefix ; will be used instead. -; Note: chrooting is a great security feature and should be used whenever +; Note: chrooting is a great security feature and should be used whenever ; possible. However, all PHP paths will be relative to the chroot ; (error_log, sessions.save_path, ...). ; Default Value: not set -;chroot = - +;chroot = + ; Chdir to this directory at the start. ; Note: relative path can be used. ; Default Value: current directory or / when chroot -chdir = #DESTDIR# - +chdir = __FINALPATH__ + ; Redirect worker stdout and stderr into main error log. If not set, stdout and ; stderr will be redirected to /dev/null according to FastCGI specs. ; Note: on highloaded environement, this can cause some delay in the page @@ -204,6 +349,14 @@ chdir = #DESTDIR# ; Default Value: no catch_workers_output = yes +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; exectute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 + ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from ; the current environment. ; Default Value: clean env @@ -217,7 +370,7 @@ catch_workers_output = yes ; overwrite the values previously defined in the php.ini. The directives are the ; same as the PHP SAPI: ; php_value/php_flag - you can set classic ini defines which can -; be overwritten from PHP call 'ini_set'. +; be overwritten from PHP call 'ini_set'. ; php_admin_value/php_admin_flag - these directives won't be overwritten by ; PHP call 'ini_set' ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. @@ -236,8 +389,4 @@ catch_workers_output = yes ;php_flag[display_errors] = off ;php_admin_value[error_log] = /var/log/fpm-php.www.log ;php_admin_flag[log_errors] = on -;php_admin_value[memory_limit] = 32M - -php_value[upload_max_filesize] = 10G -php_value[post_max_size] = 10G -php_value[mail.add_x_header] = Off +;php_admin_value[memory_limit] = 32M \ No newline at end of file diff --git a/conf/php-fpm.ini b/conf/php-fpm.ini new file mode 100644 index 0000000..55e2ba7 --- /dev/null +++ b/conf/php-fpm.ini @@ -0,0 +1,3 @@ +upload_max_filesize=30M +post_max_size=30M +; max_execution_time=60 \ No newline at end of file diff --git a/conf/roundcube-deps.control b/conf/roundcube-deps.control deleted file mode 100644 index 55503a8..0000000 --- a/conf/roundcube-deps.control +++ /dev/null @@ -1,20 +0,0 @@ -Section: misc -Priority: optional -Homepage: https://roundcube.net/ -Standards-Version: 3.9.2 - -Package: roundcube-deps -Version: 1.2-1 -Depends: php5-cli, php5-common, php5-intl, php5-json, php5-mcrypt - , php-pear, php-auth-sasl, php-mail-mime, php-patchwork-utf8 - , php-net-smtp, php-net-socket, php-crypt-gpg - , php-net-ldap2, php-net-ldap3 -Architecture: all -Description: meta package for roundcube dependencies - RoundCube Webmail is a browser-based multilingual IMAP client with an - application-like user interface. It provides full functionality expected - from an e-mail client, including MIME support, address book, folder - manipulation and message filters. - . - . - This meta-package is only responsible of installing its dependencies. diff --git a/manifest.json b/manifest.json index 7b77120..8d558a7 100644 --- a/manifest.json +++ b/manifest.json @@ -1,17 +1,17 @@ { - "package_format": 1, "id": "roundcube", "name": "Roundcube", + "packaging_format": 1, "description": { "en": "Open Source Webmail software", "fr": "Webmail Open Source" }, "url": "https://roundcube.net/", "license": "GPL-3", - "version": "1.2.3", + "version": "1.3.0", "maintainer": { - "name": "-", - "email": "-" + "name": "YunoHost Contributors", + "email": "apps@yunohost.org" }, "multi_instance": true, "services": [ @@ -20,7 +20,7 @@ "mysql" ], "requirements": { - "yunohost": ">= 2.4.0" + "yunohost": ">= 2.7.2" }, "arguments": { "install" : [ @@ -51,6 +51,15 @@ "fr": "Installer le plugin de synchronisation CardDAV ?" }, "default": false + }, + { + "name": "with_enigma", + "type": "boolean", + "ask": { + "en": "Install Enigma messages encryption plugin?", + "fr": "Installer le plugin de chiffrement des messages Enigma ?" + }, + "default": false } ] } diff --git a/patches/00-installto-opts.patch b/patches/00-installto-opts.patch deleted file mode 100644 index 5c66498..0000000 --- a/patches/00-installto-opts.patch +++ /dev/null @@ -1,45 +0,0 @@ ---- a/bin/installto.sh 2016-03-30 15:46:11.686447589 +0200 -+++ b/bin/installto.sh 2016-03-30 15:49:27.184064426 +0200 -@@ -23,6 +23,9 @@ - - require_once INSTALL_PATH . 'program/include/clisetup.php'; - -+// get arguments -+$opts = rcube_utils::get_opt(array('f' => 'force', 'y' => 'accept')); -+ - $target_dir = unslashify($_SERVER['argv'][1]); - - if (empty($target_dir) || !is_dir(realpath($target_dir))) -@@ -35,13 +38,15 @@ - - $oldversion = $m[1]; - --if (version_compare(version_parse($oldversion), version_parse(RCMAIL_VERSION), '>=')) -+if (version_compare(version_parse($oldversion), version_parse(RCMAIL_VERSION), '>=') && !opts['force']) - rcube::raise_error("Installation at target location is up-to-date!", false, true); - --echo "Upgrading from $oldversion. Do you want to continue? (y/N)\n"; --$input = trim(fgets(STDIN)); -+if (!opts['accept']) { -+ echo "Upgrading from $oldversion. Do you want to continue? (y/N)\n"; -+ $input = trim(fgets(STDIN)); -+} - --if (strtolower($input) == 'y') { -+if ($opts['accept'] || strtolower($input) == 'y') { - $err = false; - echo "Copying files to target location..."; - $dirs = array('program','installer','bin','SQL','plugins','skins'); -@@ -77,7 +82,11 @@ - - if (!$err) { - echo "Running update script at target...\n"; -- system("cd $target_dir && php bin/update.sh --version=$oldversion"); -+ $command = "cd $target_dir && php bin/update.sh --version=$oldversion"; -+ if ($opts['accept']) { -+ $command .= " --accept"; -+ } -+ system($command); - echo "All done.\n"; - } - } diff --git a/scripts/_common.sh b/scripts/_common.sh index 0dfab9b..a9f36f9 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,112 +1,66 @@ -# -# Common variables -# -# Roundcube version -VERSION="1.2.3" -# Package name for Roundcube dependencies -DEPS_PKG_NAME="roundcube-deps" +# ============================================================================= +# COMMON VARIABLES +# ============================================================================= -# Roundcube complete tarball checksum -ROUNDCUBE_SOURCE_SHA256="2df820d2ccc7bb320f854a821a1dc9983792f42a3353a1d38fe0822d94980d4d" +# Package dependencies +pkg_dependencies="php5-cli php5-common php5-intl php5-json php5-mcrypt php-pear php-auth-sasl php-mail-mime php-patchwork-utf8 php-net-smtp php-net-socket php-crypt-gpg php-net-ldap2 php-net-ldap3" -# Remote URL to fetch Roundcube source tarball -ROUNDCUBE_SOURCE_URL="https://github.com/roundcube/roundcubemail/releases/download/${VERSION}/roundcubemail-${VERSION}.tar.gz" +# Plugins version +contextmenu_version=2.3 +automatic_addressbook_version=v0.4.3 +carddav_version=2.0.4 -# App package root directory should be the parent folder -PKGDIR=$(cd ../; pwd) - -# -# Common helpers -# - -# Download and extract Roundcube sources to the given directory -# usage: extract_roundcube_to DESTDIR -extract_roundcube() { - local DESTDIR=$1 - - # retrieve and extract Roundcube tarball - rc_tarball="${DESTDIR}/roundcube.tar.gz" - wget -q -O "$rc_tarball" "$ROUNDCUBE_SOURCE_URL" \ - || ynh_die "Unable to download Roundcube tarball" - echo "$ROUNDCUBE_SOURCE_SHA256 $rc_tarball" | sha256sum -c >/dev/null \ - || ynh_die "Invalid checksum of downloaded tarball" - tar xf "$rc_tarball" -C "$DESTDIR" --strip-components 1 \ - || ynh_die "Unable to extract Roundcube tarball" - rm "$rc_tarball" - - # apply patches - (cd "$DESTDIR" \ - && for p in ${PKGDIR}/patches/*.patch; do patch -p1 < $p; done) \ - || ynh_die "Unable to apply patches to Roundcube" - - # copy composer.json-dist for Roundcube with complete dependencies - cp "${PKGDIR}/sources/composer.json-dist" "${DESTDIR}/composer.json-dist" -} - -# Execute a command as another user -# usage: exec_as USER COMMAND [ARG ...] -exec_as() { - local USER=$1 - shift 1 - - if [[ $USER = $(whoami) ]]; then - eval $@ - else - # use sudo twice to be root and be allowed to use another user - sudo sudo -u "$USER" $@ - fi -} +# ============================================================================= +# COMMON ROUNDCUBE FUNCTIONS +# ============================================================================= # Execute a composer command from a given directory -# usage: composer_exec AS_USER WORKDIR COMMAND [ARG ...] +# usage: composer_exec workdir COMMAND [ARG ...] exec_composer() { - local AS_USER=$1 - local WORKDIR=$2 - shift 2 + local workdir=$1 + shift 1 - exec_as "$AS_USER" COMPOSER_HOME="${WORKDIR}/.composer" \ - php "${WORKDIR}/composer.phar" $@ \ - -d "${WORKDIR}" --quiet --no-interaction + COMPOSER_HOME="${workdir}/.composer" \ + php "${workdir}/composer.phar" $@ \ + -d "${workdir}" --quiet --no-interaction } # Install and initialize Composer in the given directory -# usage: init_composer DESTDIR [AS_USER] +# usage: init_composer destdir init_composer() { - local DESTDIR=$1 - local AS_USER=${2:-admin} + local destdir=$1 # install composer curl -sS https://getcomposer.org/installer \ - | exec_as "$AS_USER" COMPOSER_HOME="${DESTDIR}/.composer" \ - php -- --quiet --install-dir="$DESTDIR" \ + | COMPOSER_HOME="${destdir}/.composer" \ + php -- --quiet --install-dir="$destdir" \ || ynh_die "Unable to install Composer" # install composer.json - exec_as "$AS_USER" \ - cp "${DESTDIR}/composer.json-dist" "${DESTDIR}/composer.json" + cp "${destdir}/composer.json-dist" "${destdir}/composer.json" # update dependencies to create composer.lock - exec_composer "$AS_USER" "$DESTDIR" install --no-dev --prefer-dist \ + exec_composer "$destdir" install --no-dev \ || ynh_die "Unable to update Roundcube core dependencies" } # Install and configure CardDAV plugin for Roundcube -# usage: install_carddav DESTDIR [AS_USER] +# usage: install_carddav destdir +# https://plugins.roundcube.net/packages/roundcube/carddav install_carddav() { - local DESTDIR=$1 - local AS_USER=${2:-www-data} + local destdir=$1 - local carddav_config="${DESTDIR}/plugins/carddav/config.inc.php" - local carddav_tmp_config="${PKGDIR}/conf/carddav.config.inc.php" + local carddav_config="${destdir}/plugins/carddav/config.inc.php" + local carddav_tmp_config="../conf/carddav.config.inc.php" - exec_composer "$AS_USER" "$DESTDIR" require \ - "roundcube/carddav dev-master" + exec_composer "$destdir" require \ + "roundcube/carddav $carddav_version" # Look for installed and supported CardDAV servers for carddav_app in "owncloud" "baikal"; do - local app_id=$(sudo yunohost app list --installed -f "$carddav_app" \ + local app_id=$(yunohost app list --installed -f "$carddav_app" \ --output-as json | grep -Po '"id":[ ]?"\K.*?(?=")' | head -1) [[ -z "$app_id" ]] || { # Retrieve app settings and enable relevant preset @@ -121,6 +75,5 @@ install_carddav() { done # Copy plugin the configuration file - sudo cp "$carddav_tmp_config" "$carddav_config" - sudo chown "${AS_USER}:" "$carddav_config" + cp "$carddav_tmp_config" "$carddav_config" } diff --git a/scripts/backup b/scripts/backup index 634d927..0f35234 100644 --- a/scripts/backup +++ b/scripts/backup @@ -1,30 +1,59 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error +#================================================= +# GENERIC START +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit on command errors and treat access to unset variables as an error set -eu -# Get multi-instances specific variables +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +if [ ! -e _common.sh ]; then + # Get the _common.sh file if it's not in the current directory + cp ../settings/scripts/_common.sh ./_common.sh + chmod a+rx _common.sh +fi +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# LOAD SETTINGS +#================================================= + app=$YNH_APP_INSTANCE_NAME -# Set app specific variables -dbname=$app -dbuser=$app +final_path=$(ynh_app_setting_get $app final_path) +domain=$(ynh_app_setting_get $app domain) +db_name=$(ynh_app_setting_get $app db_name) -# Source app helpers -. /usr/share/yunohost/helpers +#================================================= +# STANDARD BACKUP STEPS +#================================================= +# BACKUP THE APP MAIN DIR +#================================================= -# Retrieve app settings -domain=$(ynh_app_setting_get "$app" domain) -path=$(ynh_app_setting_get "$app" path) -dbpass=$(ynh_app_setting_get "$app" mysqlpwd) +ynh_backup "$final_path" -# Copy the app files -DESTDIR="/var/www/$app" -ynh_backup "$DESTDIR" "sources" +#================================================= +# BACKUP THE NGINX CONFIGURATION +#================================================= -# Copy the conf files -ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" "nginx.conf" -ynh_backup "/etc/php5/fpm/pool.d/${app}.conf" "php-fpm.conf" +ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" -# Dump the database -mysqldump -u "$dbuser" -p"$dbpass" --no-create-db "$dbname" > ./dump.sql +#================================================= +# BACKUP THE PHP-FPM CONFIGURATION +#================================================= + +ynh_backup "/etc/php5/fpm/pool.d/$app.conf" +ynh_backup "/etc/php5/fpm/conf.d/20-$app.ini" + +#================================================= +# BACKUP THE MYSQL DATABASE +#================================================= + +ynh_mysql_dump_db "$db_name" > db.sql diff --git a/scripts/install b/scripts/install index 49ee240..04b23be 100644 --- a/scripts/install +++ b/scripts/install @@ -1,113 +1,189 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source ./_common.sh +source /usr/share/yunohost/helpers + +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# RETRIEVE ARGUMENTS FROM THE MANIFEST +#================================================= + +domain=$YNH_APP_ARG_DOMAIN +path_url=$YNH_APP_ARG_PATH +with_carddav=$YNH_APP_ARG_WITH_CARDDAV +with_enigma=$YNH_APP_ARG_WITH_ENIGMA -# Get multi-instances specific variables app=$YNH_APP_INSTANCE_NAME -# Retrieve arguments -domain=$1 -path=${2%/} -with_carddav=$3 +#================================================= +# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS +#================================================= -# Load common variables -. ./_common.sh +# Normalize the url path syntax +path_url=$(ynh_normalize_url_path $path_url) -# Set app specific variables -dbname=$app -dbuser=$app +final_path=/var/www/$app +test ! -e "$final_path" || ynh_die "This path already contains a folder" -# Source app helpers -. /usr/share/yunohost/helpers +# Check web path availability +ynh_webpath_available $domain $path_url +# Register (book) web path +ynh_webpath_register $app $domain $path_url -# Check domain/path availability -sudo yunohost app checkurl "${domain}${path}" -a "$app" \ - || exit 1 +#================================================= +# STORE SETTINGS FROM MANIFEST +#================================================= -# Check destination directory -DESTDIR="/var/www/$app" -[[ -d $DESTDIR ]] && ynh_die \ -"The destination directory '$DESTDIR' already exists.\ - You should safely delete it before installing this app." +ynh_app_setting_set $app domain $domain +ynh_app_setting_set $app path $path_url +ynh_app_setting_set $app with_carddav $with_carddav +ynh_app_setting_set $app with_enigma $with_enigma -# FIXME: jessie-backports is needed for php-net-ldap3 +#================================================= +# STANDARD MODIFICATIONS +#================================================= +# INSTALL DEPENDENCIES +#================================================= + +# jessie-backports is needed for php-net-ldap3 grep -q -R 'jessie-backports' /etc/apt/sources.list{,.d} || { echo "deb http://httpredir.debian.org/debian jessie-backports main" \ - | sudo tee -a /etc/apt/sources.list.d/backports.list >/dev/null + | tee -a /etc/apt/sources.list.d/backports.list >/dev/null } -# Install dependencies -ynh_package_install_from_equivs ../conf/${DEPS_PKG_NAME}.control \ - || ynh_die "Unable to install dependencies" +ynh_install_app_dependencies "$pkg_dependencies" -# Create tmp directory and install app inside -TMPDIR=$(ynh_mkdir_tmp) -extract_roundcube "$TMPDIR" -init_composer "$TMPDIR" +#================================================= +# CREATE A MYSQL DATABASE +#================================================= -# Generate random DES key & password -deskey=$(ynh_string_random 24) -dbpass=$(ynh_string_random) +db_name=$(ynh_sanitize_dbid $app) +ynh_app_setting_set $app db_name $db_name +ynh_mysql_setup_db $db_name $db_name -# Initialize database -ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" -ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" \ - < "${TMPDIR}/SQL/mysql.initial.sql" +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= -# Copy and set Roundcube configuration -rc_conf="${TMPDIR}/config/config.inc.php" +ynh_app_setting_set $app final_path $final_path +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source "$final_path" + +#================================================= +# NGINX CONFIGURATION +#================================================= + +# Create a dedicated nginx config +ynh_add_nginx_config + +#================================================= +# CREATE DEDICATED USER +#================================================= + +# Create a system user +ynh_system_user_create $app + +#================================================= +# PHP-FPM CONFIGURATION +#================================================= + +# Create a dedicated php-fpm config +ynh_add_fpm_config + +#================================================= +# SPECIFIC SETUP +#================================================= +# INSTALL AND INITIALIZE COMPOSER +#================================================= + +init_composer "$final_path" + +#================================================= +# INITIALIZE DATABASE +#================================================= + +ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" \ + < "${final_path}/SQL/mysql.initial.sql" + +#================================================= +# CONFIGURE ROUNDCUBE +#================================================= + +rc_conf="${final_path}/config/config.inc.php" cp ../conf/config.inc.php "$rc_conf" -sed -i "s/#DESKEY#/${deskey}/g" "$rc_conf" -sed -i "s/#DBUSER#/${dbuser}/g" "$rc_conf" -sed -i "s/#DBPASS#/${dbpass}/g" "$rc_conf" -sed -i "s/#DBNAME#/${dbname}/g" "$rc_conf" -# Install files and set permissions -sudo mv "$TMPDIR" "$DESTDIR" -sudo mkdir -p "${DESTDIR}/logs" "${DESTDIR}/temp" -sudo chown -R www-data: "$DESTDIR" +ynh_replace_string "#DESKEY#" "$(ynh_string_random 24)" "$rc_conf" +ynh_replace_string "#DBUSER#" "$db_name" "$rc_conf" +ynh_replace_string "#DBPASS#" "$db_pwd" "$rc_conf" +ynh_replace_string "#DBNAME#" "$db_name" "$rc_conf" -# Install some plugins manually -sudo cp -r ../sources/plugins/ldapAliasSync "${DESTDIR}/plugins" -sudo chown -R www-data: "${DESTDIR}/plugins/ldapAliasSync" -installed_plugins=" 'ldapAliasSync'," +#================================================= +# INSTALL ADDITIONAL PLUGINS +#================================================= -# Install additional plugins -exec_composer www-data "$DESTDIR" require \ - "johndoh/contextmenu dev-release-2.1" \ - "sblaisot/automatic_addressbook" +# Create logs and temp directories +mkdir -p "${final_path}/logs" "${final_path}/temp" + +# Install contextmenu and automatic_addressbook plugins +# https://plugins.roundcube.net/packages/sblaisot/automatic_addressbook +# https://plugins.roundcube.net/packages/johndoh/contextmenu +exec_composer "$final_path" require \ + "johndoh/contextmenu $contextmenu_version" \ + "sblaisot/automatic_addressbook $automatic_addressbook_version" installed_plugins+=" 'contextmenu', 'automatic_addressbook'," -# Instal CardDAV plugin +# Install CardDAV plugin if [[ $with_carddav -eq 1 ]]; then - install_carddav "$DESTDIR" \ + install_carddav "$final_path" \ && installed_plugins+=" 'carddav'," \ || echo "Unable to install CardDAV plugin" >&2 fi -# Update Roundcube configuration -sudo sed -i "s#^\s*// installed plugins#&\n ${installed_plugins}#" \ - "${DESTDIR}/config/config.inc.php" +# Install Enigma plugin +if [[ $with_enigma -eq 1 ]]; then + cp -a "$final_path/plugins/enigma/config.inc.php.dist" "$final_path/plugins/enigma/config.inc.php" \ + && installed_plugins+=" 'enigma'," \ + || echo "Unable to install Enigma plugin" >&2 +fi -# Copy and set nginx configuration -nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" -sed -i "s@#PATH#@${path:-/}@g" ../conf/nginx.conf -sed -i "s@#DESTDIR#@${DESTDIR}/@g" ../conf/nginx.conf -sudo cp ../conf/nginx.conf "$nginx_conf" +#================================================= +# UPDATE ROUNDCUBE CONFIGURATION +#================================================= -# Copy and set php-fpm configuration -phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" -sed -i "s@#POOLNAME#@${app}@g" ../conf/php-fpm.conf -sed -i "s@#DESTDIR#@${DESTDIR}/@g" ../conf/php-fpm.conf -sudo cp ../conf/php-fpm.conf "$phpfpm_conf" -sudo chown root: $phpfpm_conf -sudo chmod 644 $phpfpm_conf +sed -i "s#^\s*// installed plugins#&\n ${installed_plugins}#" \ + "${final_path}/config/config.inc.php" -# Save app settings -ynh_app_setting_set "$app" with_carddav "$with_carddav" -ynh_app_setting_set "$app" mysqlpwd "$dbpass" +# Update javascript dependencies +(cd "${final_path}" +/usr/bin/php -q ./bin/install-jsdeps.sh) -# Reload services -sudo service php5-fpm restart || true -sudo service nginx reload || true +# Store the config file checksum into the app settings +ynh_store_file_checksum "${final_path}/config/config.inc.php" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= + +# Set permissions to app files +chown -R root: "$final_path" +chown -R $app: "${final_path}/temp/" "${final_path}/logs/" + +#================================================= +# RELOAD NGINX +#================================================= + +systemctl reload nginx diff --git a/scripts/remove b/scripts/remove index e7e7553..eb2be9e 100644 --- a/scripts/remove +++ b/scripts/remove @@ -1,33 +1,79 @@ #!/bin/bash -# Load common variables and helpers -. ./_common.sh +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -# Set app specific variables -app=$1 -dbname=$app -dbuser=$app - -# Source app helpers -. /usr/share/yunohost/helpers - -# Drop MySQL database and user -ynh_mysql_drop_db "$dbname" 2>&1 || true -ynh_mysql_drop_user "$dbuser" 2>&1 || true - -# Retrieve domain from app settings -domain=$(ynh_app_setting_get $app domain) - -# Delete app directory and configurations -sudo rm -rf "/var/www/${app}" -sudo rm -f "/etc/php5/fpm/pool.d/${app}.conf" -[[ -n $domain ]] && sudo rm -f "/etc/nginx/conf.d/${domain}.d/${app}.conf" - -# Reload services -sudo service php5-fpm restart || true -sudo service nginx reload || true - -# Remove app dependencies -if ynh_package_is_installed "$DEPS_PKG_NAME"; then - ynh_package_autoremove "$DEPS_PKG_NAME" +if [ ! -e _common.sh ]; then + # Get file fonction if not been to the current directory + cp ../settings/scripts/_common.sh ./_common.sh + chmod a+rx _common.sh fi +# Source app helpers +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# LOAD SETTINGS +#================================================= + +app=$YNH_APP_INSTANCE_NAME + +domain=$(ynh_app_setting_get $app domain) +db_name=$(ynh_app_setting_get $app db_name) + +#================================================= +# STANDARD REMOVE +#================================================= +# REMOVE DEPENDENCIES +#================================================= + +# Remove metapackage and its dependencies +ynh_remove_app_dependencies + +#================================================= +# REMOVE THE MYSQL DATABASE +#================================================= + +# Remove a database if it exists, along with the associated user +ynh_mysql_remove_db $db_name $db_name + +#================================================= +# REMOVE APP MAIN DIR +#================================================= + +# Remove the app directory securely +ynh_secure_remove "/var/www/$app" + +#================================================= +# REMOVE NGINX CONFIGURATION +#================================================= + +# Remove the dedicated nginx config +ynh_remove_nginx_config + +#================================================= +# REMOVE PHP-FPM CONFIGURATION +#================================================= + +# Remove the dedicated php-fpm config +ynh_remove_fpm_config + +#================================================= +# SPECIFIC REMOVE +#================================================= + +# The following command is kept as a matter of transition with the previous way +# of managing dependencies +ynh_package_autoremove "roundcube-ynh-deps" || true + +#================================================= +# GENERIC FINALIZATION +#================================================= +# REMOVE DEDICATED USER +#================================================= + +# Delete a system user +ynh_system_user_delete $app diff --git a/scripts/restore b/scripts/restore index c26e989..2a2cea6 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,58 +1,95 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error +#================================================= +# GENERIC START +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit on command errors and treat access to unset variables as an error set -eu -# Get multi-instances specific variables +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +if [ ! -e _common.sh ]; then + # Get the _common.sh file if it's not in the current directory + cp ../settings/scripts/_common.sh ./_common.sh + chmod a+rx _common.sh +fi +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# LOAD SETTINGS +#================================================= + app=$YNH_APP_INSTANCE_NAME -# Set app specific variables -dbname=$app -dbuser=$app +domain=$(ynh_app_setting_get $app domain) +path_url=$(ynh_app_setting_get $app path) +final_path=$(ynh_app_setting_get $app final_path) +db_name=$(ynh_app_setting_get $app db_name) -# Source app helpers -. /usr/share/yunohost/helpers +#================================================= +# CHECK IF THE APP CAN BE RESTORED +#================================================= -# Retrieve old app settings -domain=$(ynh_app_setting_get "$app" domain) -path=$(ynh_app_setting_get "$app" path) -dbpass=$(ynh_app_setting_get "$app" mysqlpwd) +ynh_webpath_available $domain $path_url \ + || ynh_die "Path not available: ${domain}${path_url}" +test ! -d $final_path \ + || ynh_die "There is already a directory: $final_path " -# Check domain/path availability -sudo yunohost app checkurl "${domain}${path}" -a "$app" \ - || exit 1 +#================================================= +# STANDARD RESTORATION STEPS +#================================================= +# RESTORE THE NGINX CONFIGURATION +#================================================= -# Check destination directory -DESTDIR="/var/www/$app" -[[ -d $DESTDIR ]] && ynh_die \ -"The destination directory '$DESTDIR' already exists.\ - You should safely delete it before restoring this app." +ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" -# Check configuration files -nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" -[[ -f $nginx_conf ]] && ynh_die \ -"The NGINX configuration already exists at '${nginx_conf}'. - You should safely delete it before restoring this app." -phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" -[[ -f $phpfpm_conf ]] && ynh_die \ -"The PHP FPM configuration already exists at '${phpfpm_conf}'. - You should safely delete it before restoring this app." +#================================================= +# RESTORE THE APP MAIN DIR +#================================================= -# Restore the app files -sudo cp -a ./sources "$DESTDIR" +ynh_restore_file "$final_path" -# Create and restore the database -ynh_mysql_create_db $dbname $dbuser $dbpass -ynh_mysql_connect_as $dbuser $dbpass $dbname < ./dump.sql +#================================================= +# RESTORE THE MYSQL DATABASE +#================================================= -# Fix installation directories and permissions -sudo mkdir -p "${DESTDIR}/logs" "${DESTDIR}/temp" -sudo chown -R www-data: "$DESTDIR" +db_pwd=$(ynh_app_setting_get $app mysqlpwd) +ynh_mysql_setup_db $db_name $db_name $db_pwd +ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql -# Restore configuration files -sudo cp -a ./nginx.conf "$nginx_conf" -sudo cp -a ./php-fpm.conf "$phpfpm_conf" +#================================================= +# RECREATE THE DEDICATED USER +#================================================= -# Reload services -sudo service php5-fpm restart || true -sudo service nginx reload || true +# Create the dedicated user (if not existing) +ynh_system_user_create $app + +#================================================= +# RESTORE USER RIGHTS +#================================================= + +# Restore permissions on app files +chown -R root: "$final_path" +chown -R $app: "${final_path}/temp/" "${final_path}/logs/" + +#================================================= +# RESTORE THE PHP-FPM CONFIGURATION +#================================================= + +ynh_restore_file "/etc/php5/fpm/pool.d/$app.conf" +ynh_restore_file "/etc/php5/fpm/conf.d/20-$app.ini" + +#================================================= +# GENERIC FINALISATION +#================================================= +# RELOAD NGINX AND PHP-FPM +#================================================= + +systemctl reload php5-fpm +systemctl reload nginx diff --git a/scripts/upgrade b/scripts/upgrade index 311e22c..4e433ac 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,120 +1,203 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# LOAD SETTINGS +#================================================= -# Get multi-instances specific variables app=$YNH_APP_INSTANCE_NAME -# Load common variables and helpers -. ./_common.sh +domain=$(ynh_app_setting_get $app domain) +path_url=$(ynh_app_setting_get $app path) +final_path=$(ynh_app_setting_get $app final_path) +db_name=$(ynh_app_setting_get $app db_name) +with_carddav=$(ynh_app_setting_get $app with_carddav) +with_enigma=$(ynh_app_setting_get $app with_enigma) -# Set app specific variables -dbname=$app -dbuser=$app +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= -# Source app helpers -. /usr/share/yunohost/helpers +ynh_backup_before_upgrade # Backup the current version of the app +ynh_clean_setup () { + ynh_restore_upgradebackup # restore it if the upgrade fails +} +ynh_abort_if_errors # Active trap pour arrêter le script si une erreur est détectée. -# Retrieve app settings -domain=$(ynh_app_setting_get "$app" domain) -path=$(ynh_app_setting_get "$app" path) -path=${path%/} -dbpass=$(ynh_app_setting_get "$app" mysqlpwd) -with_carddav=$(ynh_app_setting_get "$app" with_carddav) +#================================================= +# CHECK THE PATH +#================================================= -# Check destination directory -DESTDIR="/var/www/$app" -[[ ! -d $DESTDIR ]] && ynh_die \ -"The destination directory '$DESTDIR' does not exist.\ - The app is not correctly installed, you should remove it first." +# Normalize the URL path syntax +path_url=$(ynh_normalize_url_path $path_url) -# FIXME: jessie-backports is needed for php-net-ldap3 +#================================================= +# STANDARD UPGRADE STEPS +#================================================= +# INSTALL DEPENDENCIES +#================================================= + +# jessie-backports is needed for php-net-ldap3 grep -q -R 'jessie-backports' /etc/apt/sources.list{,.d} || { echo "deb http://httpredir.debian.org/debian jessie-backports main" \ - | sudo tee -a /etc/apt/sources.list.d/backports.list >/dev/null + | tee -a /etc/apt/sources.list.d/backports.list >/dev/null } -# Install dependencies -ynh_package_install_from_equivs ../conf/${DEPS_PKG_NAME}.control \ - || ynh_die "Unable to install dependencies" +ynh_install_app_dependencies "$pkg_dependencies" -# Create tmp directory and install app inside -TMPDIR=$(ynh_mkdir_tmp) -extract_roundcube "$TMPDIR" +#================================================= +# CREATE DEDICATED USER +#================================================= -# Install the new Roundcube version -sudo php "${TMPDIR}/bin/installto.sh" "$DESTDIR" --force --accept \ - || ynh_die "Unable to update Roundcube installation" -rm -rf "$TMPDIR" +# Create a system user +ynh_system_user_create $app -# Generate a new random DES key -deskey=$(ynh_string_random 24) +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= -# Copy and set Roundcube configuration -rc_conf="${DESTDIR}/config/config.inc.php" -sed -i "s/#DESKEY#/${deskey}/g" ../conf/config.inc.php -sed -i "s/#DBUSER#/${dbuser}/g" ../conf/config.inc.php -sed -i "s/#DBPASS#/${dbpass}/g" ../conf/config.inc.php -sed -i "s/#DBNAME#/${dbname}/g" ../conf/config.inc.php -sudo cp ../conf/config.inc.php "$rc_conf" +# Get the current version of roundcube +oldversion=$(grep RCMAIL_VERSION "$final_path/program/include/iniset.php" | cut -d\' -f4) -# Fix installation directories and permissions -sudo mkdir -p "${DESTDIR}/logs" "${DESTDIR}/temp" -sudo chown -R www-data: "$DESTDIR" +ynh_app_setting_set $app final_path $final_path +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source "$final_path" -# Check if dependencies need to be updated with composer -if [[ -f ${DESTDIR}/composer.json ]]; then - exec_composer www-data "$DESTDIR" update --no-dev --prefer-dist -else - init_composer "$DESTDIR" www-data +#================================================= +# NGINX CONFIGURATION +#================================================= + +# Create a dedicated nginx config +ynh_add_nginx_config + +#================================================= +# PHP-FPM CONFIGURATION +#================================================= + +# Create a dedicated php-fpm config +ynh_add_fpm_config + +#================================================= +# SPECIFIC UPGRADE +#================================================= +# INSTALL THE NEW ROUNDCUBE VERSION +#================================================= + +# Verify the checksum and backup the file if it's different +ynh_store_file_checksum "${final_path}/config/config.inc.php" + +# Get the new version of roundcube +newversion=$(grep RCMAIL_VERSION "$final_path/program/include/iniset.php" | cut -d\' -f4) + +# Do the upgrade only if it's really needed +if [ "$newversion" != "$oldversion" ] +then + (cd "$final_path" + /usr/bin/php -q ./bin/installto.sh "${final_path}") fi -# Install some plugins manually -sudo rm -rf "${DESTDIR}/plugins/ldapAliasSync" -sudo cp -r ../sources/plugins/ldapAliasSync "${DESTDIR}/plugins" -sudo chown -R www-data: "${DESTDIR}/plugins/ldapAliasSync" -installed_plugins=" 'ldapAliasSync'," +#================================================= +# CONFIGURE ROUNDCUBE +#================================================= -# Update or install additional plugins -exec_composer www-data "$DESTDIR" require \ - "johndoh/contextmenu dev-release-2.1" \ - "sblaisot/automatic_addressbook" +rc_conf="${final_path}/config/config.inc.php" +cp ../conf/config.inc.php "$rc_conf" +ynh_replace_string "#DESKEY#" "$(ynh_string_random 24)" "$rc_conf" +ynh_replace_string "#DBUSER#" "$db_name" "$rc_conf" +db_pwd=$(ynh_app_setting_get $app mysqlpwd) +ynh_replace_string "#DBPASS#" "$db_pwd" "$rc_conf" +ynh_replace_string "#DBNAME#" "$db_name" "$rc_conf" + +#================================================= +# UPDATE DEPENDENCIES WITH COMPOSER +#================================================= + +# Check if dependencies need to be updated with composer +if [[ -f ${final_path}/composer.json ]]; then + exec_composer "${final_path}" update --no-dev --prefer-dist +else + init_composer "${final_path}" +fi + +#================================================= +# UPGRADE ADDITIONAL PLUGINS +#================================================= + +# Create logs and temp directories +mkdir -p "${final_path}/logs" "${final_path}/temp" + +# Update or install contextmenu and automatic_addressbook plugins +# https://plugins.roundcube.net/packages/sblaisot/automatic_addressbook +# https://plugins.roundcube.net/packages/johndoh/contextmenu +exec_composer "${final_path}" update --no-dev --prefer-dist \ + "johndoh/contextmenu $contextmenu_version" \ + "sblaisot/automatic_addressbook $automatic_addressbook_version" installed_plugins+=" 'contextmenu', 'automatic_addressbook'," # Guess with_carddav value if empty if [[ -z "${with_carddav:-}" ]]; then - [[ -f "${DESTDIR}/plugins/carddav/config.inc.php" ]] \ + [[ -f "${final_path}/plugins/carddav/config.inc.php" ]] \ && with_carddav=1 \ || with_carddav=0 ynh_app_setting_set "$app" with_carddav "$with_carddav" fi -# Update or instal CardDAV plugin +# Update or install CardDAV plugin if [[ $with_carddav -eq 1 ]]; then - install_carddav "$DESTDIR" \ + install_carddav "${final_path}" \ && installed_plugins+=" 'carddav'," \ || echo "Unable to install CardDAV plugin" >&2 fi -# Update Roundcube configuration -sudo sed -i "s#^\s*// installed plugins#&\n ${installed_plugins}#" \ +# Guess with_enigma value if empty +if [[ -z "${with_enigma:-}" ]]; then + [[ -f "${final_path}/plugins/enigma/config.inc.php" ]] \ + && with_enigma=1 \ + || with_enigma=0 + ynh_app_setting_set "$app" with_enigma "$with_enigma" +fi + +# Install Enigma plugin +if [[ $with_enigma -eq 1 ]]; then + cp -a "$final_path/plugins/enigma/config.inc.php.dist" "$final_path/plugins/enigma/config.inc.php" \ + && installed_plugins+=" 'enigma'," \ + || echo "Unable to install Enigma plugin" >&2 +fi + +#================================================= +# UPDATE ROUNDCUBE CONFIGURATION +#================================================= + +sed -i "s#^\s*// installed plugins#&\n ${installed_plugins}#" \ "$rc_conf" -# Copy and set nginx configuration -nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" -sed -i "s@#PATH#@${path:-/}@g" ../conf/nginx.conf -sed -i "s@#DESTDIR#@${DESTDIR}/@g" ../conf/nginx.conf -sudo cp ../conf/nginx.conf "$nginx_conf" +# Update javascript dependencies +( cd "${final_path}" +/usr/bin/php -q ./bin/install-jsdeps.sh) -# Copy and set php-fpm configuration -phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" -sed -i "s@#POOLNAME#@${app}@g" ../conf/php-fpm.conf -sed -i "s@#DESTDIR#@${DESTDIR}/@g" ../conf/php-fpm.conf -sudo cp ../conf/php-fpm.conf "$phpfpm_conf" -sudo chown root: $phpfpm_conf -sudo chmod 644 $phpfpm_conf +# Store the config file checksum into the app settings +ynh_store_file_checksum "${final_path}/config/config.inc.php" -# Reload services -sudo service php5-fpm restart || true -sudo service nginx reload || true +#================================================= +# GENERIC FINALIZATION +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= + +# Set permissions to app files +chown -R root: "$final_path" +chown -R $app: "${final_path}/temp/" "${final_path}/logs/" + +#================================================= +# RELOAD NGINX +#================================================= + +systemctl reload nginx diff --git a/sources/composer.json-dist b/sources/composer.json-dist deleted file mode 100644 index 10c6eec..0000000 --- a/sources/composer.json-dist +++ /dev/null @@ -1,20 +0,0 @@ -{ - "name": "roundcube/roundcubemail", - "description": "The Roundcube Webmail suite", - "license": "GPL-3.0+", - "repositories": [ - { - "type": "vcs", - "url": "https://github.com/roundcube/Net_Sieve.git" - }, - { - "type": "composer", - "url": "https://plugins.roundcube.net/" - } - ], - "require": { - "roundcube/plugin-installer": "dev-master", - "roundcube/net_sieve": "~1.5.0" - }, - "minimum-stability": "dev" -} diff --git a/sources/plugins/ldapAliasSync/COPYING b/sources/plugins/ldapAliasSync/COPYING deleted file mode 100644 index 52d1b97..0000000 --- a/sources/plugins/ldapAliasSync/COPYING +++ /dev/null @@ -1,583 +0,0 @@ - GNU GENERAL PUBLIC LICENSE - Version 3, 29 June 2007 - - Copyright (C) 2007 Free Software Foundation, Inc. - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The GNU General Public License is a free, copyleft license for -software and other kinds of works. - - The licenses for most software and other practical works are designed -to take away your freedom to share and change the works. By contrast, -the GNU General Public License is intended to guarantee your freedom to -share and change all versions of a program--to make sure it remains free -software for all its users. We, the Free Software Foundation, use the -GNU General Public License for most of our software; it applies also to -any other work released this way by its authors. You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -them if you wish), that you receive source code or can get it if you -want it, that you can change the software or use pieces of it in new -free programs, and that you know you can do these things. - - To protect your rights, we need to prevent others from denying you -these rights or asking you to surrender the rights. Therefore, you have -certain responsibilities if you distribute copies of the software, or if -you modify it: responsibilities to respect the freedom of others. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must pass on to the recipients the same -freedoms that you received. You must make sure that they, too, receive -or can get the source code. And you must show them these terms so they -know their rights. - - Developers that use the GNU GPL protect your rights with two steps: -(1) assert copyright on the software, and (2) offer you this License -giving you legal permission to copy, distribute and/or modify it. - - For the developers' and authors' protection, the GPL clearly explains -that there is no warranty for this free software. For both users' and -authors' sake, the GPL requires that modified versions be marked as -changed, so that their problems will not be attributed erroneously to -authors of previous versions. - - Some devices are designed to deny users access to install or run -modified versions of the software inside them, although the manufacturer -can do so. This is fundamentally incompatible with the aim of -protecting users' freedom to change the software. The systematic -pattern of such abuse occurs in the area of products for individuals to -use, which is precisely where it is most unacceptable. Therefore, we -have designed this version of the GPL to prohibit the practice for those -products. If such problems arise substantially in other domains, we -stand ready to extend this provision to those domains in future versions -of the GPL, as needed to protect the freedom of users. - - Finally, every program is threatened constantly by software patents. -States should not allow patents to restrict development and use of -software on general-purpose computers, but in those that do, we wish to -avoid the special danger that patents applied to a free program could -make it effectively proprietary. To prevent this, the GPL assures that -patents cannot be used to render the program non-free. - - The precise terms and conditions for copying, distribution and -modification follow. - - TERMS AND CONDITIONS - - 0. Definitions. - - "This License" refers to version 3 of the GNU General Public License. - - "Copyright" also means copyright-like laws that apply to other kinds of -works, such as semiconductor masks. - - "The Program" refers to any copyrightable work licensed under this -License. Each licensee is addressed as "you". "Licensees" and -"recipients" may be individuals or organizations. - - To "modify" a work means to copy from or adapt all or part of the work -in a fashion requiring copyright permission, other than the making of an -exact copy. The resulting work is called a "modified version" of the -earlier work or a work "based on" the earlier work. - - A "covered work" means either the unmodified Program or a work based -on the Program. - - To "propagate" a work means to do anything with it that, without -permission, would make you directly or secondarily liable for -infringement under applicable copyright law, except executing it on a -computer or modifying a private copy. Propagation includes copying, -distribution (with or without modification), making available to the -public, and in some countries other activities as well. - - To "convey" a work means any kind of propagation that enables other -parties to make or receive copies. Mere interaction with a user through -a computer network, with no transfer of a copy, is not conveying. - - An interactive user interface displays "Appropriate Legal Notices" -to the extent that it includes a convenient and prominently visible -feature that (1) displays an appropriate copyright notice, and (2) -tells the user that there is no warranty for the work (except to the -extent that warranties are provided), that licensees may convey the -work under this License, and how to view a copy of this License. If -the interface presents a list of user commands or options, such as a -menu, a prominent item in the list meets this criterion. - - 1. Source Code. - - The "source code" for a work means the preferred form of the work -for making modifications to it. "Object code" means any non-source -form of a work. - - A "Standard Interface" means an interface that either is an official -standard defined by a recognized standards body, or, in the case of -interfaces specified for a particular programming language, one that -is widely used among developers working in that language. - - The "System Libraries" of an executable work include anything, other -than the work as a whole, that (a) is included in the normal form of -packaging a Major Component, but which is not part of that Major -Component, and (b) serves only to enable use of the work with that -Major Component, or to implement a Standard Interface for which an -implementation is available to the public in source code form. A -"Major Component", in this context, means a major essential component -(kernel, window system, and so on) of the specific operating system -(if any) on which the executable work runs, or a compiler used to -produce the work, or an object code interpreter used to run it. - - The "Corresponding Source" for a work in object code form means all -the source code needed to generate, install, and (for an executable -work) run the object code and to modify the work, including scripts to -control those activities. However, it does not include the work's -System Libraries, or general-purpose tools or generally available free -programs which are used unmodified in performing those activities but -which are not part of the work. For example, Corresponding Source -includes interface definition files associated with source files for -the work, and the source code for shared libraries and dynamically -linked subprograms that the work is specifically designed to require, -such as by intimate data communication or control flow between those -subprograms and other parts of the work. - - The Corresponding Source need not include anything that users -can regenerate automatically from other parts of the Corresponding -Source. - - The Corresponding Source for a work in source code form is that -same work. - - 2. Basic Permissions. - - All rights granted under this License are granted for the term of -copyright on the Program, and are irrevocable provided the stated -conditions are met. This License explicitly affirms your unlimited -permission to run the unmodified Program. The output from running a -covered work is covered by this License only if the output, given its -content, constitutes a covered work. This License acknowledges your -rights of fair use or other equivalent, as provided by copyright law. - - You may make, run and propagate covered works that you do not -convey, without conditions so long as your license otherwise remains -in force. You may convey covered works to others for the sole purpose -of having them make modifications exclusively for you, or provide you -with facilities for running those works, provided that you comply with -the terms of this License in conveying all material for which you do -not control copyright. Those thus making or running the covered works -for you must do so exclusively on your behalf, under your direction -and control, on terms that prohibit them from making any copies of -your copyrighted material outside their relationship with you. - - Conveying under any other circumstances is permitted solely under -the conditions stated below. Sublicensing is not allowed; section 10 -makes it unnecessary. - - 3. Protecting Users' Legal Rights From Anti-Circumvention Law. - - No covered work shall be deemed part of an effective technological -measure under any applicable law fulfilling obligations under article -11 of the WIPO copyright treaty adopted on 20 December 1996, or -similar laws prohibiting or restricting circumvention of such -measures. - - When you convey a covered work, you waive any legal power to forbid -circumvention of technological measures to the extent such circumvention -is effected by exercising rights under this License with respect to -the covered work, and you disclaim any intention to limit operation or -modification of the work as a means of enforcing, against the work's -users, your or third parties' legal rights to forbid circumvention of -technological measures. - - 4. Conveying Verbatim Copies. - - You may convey verbatim copies of the Program's source code as you -receive it, in any medium, provided that you conspicuously and -appropriately publish on each copy an appropriate copyright notice; -keep intact all notices stating that this License and any -non-permissive terms added in accord with section 7 apply to the code; -keep intact all notices of the absence of any warranty; and give all -recipients a copy of this License along with the Program. - - You may charge any price or no price for each copy that you convey, -and you may offer support or warranty protection for a fee. - - 5. Conveying Modified Source Versions. - - You may convey a work based on the Program, or the modifications to -produce it from the Program, in the form of source code under the -terms of section 4, provided that you also meet all of these conditions: - - a) The work must carry prominent notices stating that you modified - it, and giving a relevant date. - - b) The work must carry prominent notices stating that it is - released under this License and any conditions added under section - 7. This requirement modifies the requirement in section 4 to - "keep intact all notices". - - c) You must license the entire work, as a whole, under this - License to anyone who comes into possession of a copy. This - License will therefore apply, along with any applicable section 7 - additional terms, to the whole of the work, and all its parts, - regardless of how they are packaged. This License gives no - permission to license the work in any other way, but it does not - invalidate such permission if you have separately received it. - - d) If the work has interactive user interfaces, each must display - Appropriate Legal Notices; however, if the Program has interactive - interfaces that do not display Appropriate Legal Notices, your - work need not make them do so. - - A compilation of a covered work with other separate and independent -works, which are not by their nature extensions of the covered work, -and which are not combined with it such as to form a larger program, -in or on a volume of a storage or distribution medium, is called an -"aggregate" if the compilation and its resulting copyright are not -used to limit the access or legal rights of the compilation's users -beyond what the individual works permit. Inclusion of a covered work -in an aggregate does not cause this License to apply to the other -parts of the aggregate. - - 6. Conveying Non-Source Forms. - - You may convey a covered work in object code form under the terms -of sections 4 and 5, provided that you also convey the -machine-readable Corresponding Source under the terms of this License, -in one of these ways: - - a) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by the - Corresponding Source fixed on a durable physical medium - customarily used for software interchange. - - b) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by a - written offer, valid for at least three years and valid for as - long as you offer spare parts or customer support for that product - model, to give anyone who possesses the object code either (1) a - copy of the Corresponding Source for all the software in the - product that is covered by this License, on a durable physical - medium customarily used for software interchange, for a price no - more than your reasonable cost of physically performing this - conveying of source, or (2) access to copy the - Corresponding Source from a network server at no charge. - - c) Convey individual copies of the object code with a copy of the - written offer to provide the Corresponding Source. This - alternative is allowed only occasionally and noncommercially, and - only if you received the object code with such an offer, in accord - with subsection 6b. - - d) Convey the object code by offering access from a designated - place (gratis or for a charge), and offer equivalent access to the - Corresponding Source in the same way through the same place at no - further charge. You need not require recipients to copy the - Corresponding Source along with the object code. If the place to - copy the object code is a network server, the Corresponding Source - may be on a different server (operated by you or a third party) - that supports equivalent copying facilities, provided you maintain - clear directions next to the object code saying where to find the - Corresponding Source. Regardless of what server hosts the - Corresponding Source, you remain obligated to ensure that it is - available for as long as needed to satisfy these requirements. - - e) Convey the object code using peer-to-peer transmission, provided - you inform other peers where the object code and Corresponding - Source of the work are being offered to the general public at no - charge under subsection 6d. - - A separable portion of the object code, whose source code is excluded -from the Corresponding Source as a System Library, need not be -included in conveying the object code work. - - A "User Product" is either (1) a "consumer product", which means any -tangible personal property which is normally used for personal, family, -or household purposes, or (2) anything designed or sold for incorporation -into a dwelling. In determining whether a product is a consumer product, -doubtful cases shall be resolved in favor of coverage. For a particular -product received by a particular user, "normally used" refers to a -typical or common use of that class of product, regardless of the status -of the particular user or of the way in which the particular user -actually uses, or expects or is expected to use, the product. A product -is a consumer product regardless of whether the product has substantial -commercial, industrial or non-consumer uses, unless such uses represent -the only significant mode of use of the product. - - "Installation Information" for a User Product means any methods, -procedures, authorization keys, or other information required to install -and execute modified versions of a covered work in that User Product from -a modified version of its Corresponding Source. The information must -suffice to ensure that the continued functioning of the modified object -code is in no case prevented or interfered with solely because -modification has been made. - - If you convey an all -be treated as though they were included in this License, to the extent -that they are valid under applicable law. If additional permissions -apply only to part of the Program, that part may be used separately -under those permissions, but the entire Program remains governed by -this License without regard to the additional permissions. - - When you convey a copy of a covered work, you may at your option -remove any additional permissions from that copy, or from any part of -it. (Additional permissions may be written to require their own -removal in certain cases when you modify the work.) You may place -additional permissions on material, added by you to a covered work, -for which you have or can give appropriate copyright permission. - - Notwithstanding any other provision of this License, for material you -add to a covered work, you may (if authorized by the copyright holders of -that material) supplement the terms of this License with terms: - - a) Disclaiming warranty or limiting liability differently from the - terms of sections 15 and 16 of this License; or - - b) Requiring preservation of specified reasonable legal notices or - author attributions in that material or in the Appropriate Legal - Notices displayed by works containing it; or - - c) Prohibiting misrepresentation of the origin of that material, or - requiring that modified versions of such material be marked in - reasonable ways as different from the original version; or - - d) Limiting the use for publicity purposes of names of licensors or - authors of the material; or - - e) Declining to grant rights under trademark law for use of some - trade names, trademarks, or service marks; or - - f) Requiring indemnification of licensors and authors of that - material by anyone who conveys the material (or modified versions of - it) with contractual assumptions of liability to the recipient, for - any liability that these contractual assumptions directly impose on - those licensors and authors. - - All other non-permissive additional terms are considered "further -restrictions" within the meaning of section 10. If the Program as you -received it, or any part of it, contains a notice stating that it is -governed by this License along with a term that is a further -restriction, you may remove that term. If a license document contains -a further restriction but permits relicensing or conveying under this -License, you may add to a covered work material governed by the terms -of that license document, provided that the further restriction does -not survive such relicensing or conveying. - - If you add terms to a covered work in accord with this section, you -must place, in the relevant source files, a statement of the -additional terms that apply to those files, or a notice indicating -where to find the applicable terms. - - Additional terms, permissive or non-permissive, may be stated in the -form of a separately written license, or stated as exceptions; -the above requirements apply either way. - - 8. Termination. - - You may not propagate or modify a covered work except as expressly -provided under this License. Any attempt otherwise to propagate or -modify it is void, and will automatically terminate your rights under -this License (including any patent licenses granted under the third -paragraph of section 11). - - However, if you cease all violation of this License, then your -license from a particular copyright holder is reinstated (a) -provisionally, unless and until the copyright holder explicitly and -finally terminates your license, and (b) permanently, if the copyright -holder fails to notify you of the violation by some reasonable means -prior to 60 days after the cessation. - - Moreover, your license from a particular copyright holder is -reinstated permanently if the copyright holder notifies you of the -violation by some reasonable means, this is the first time you have -received notice of violation of this License (for any work) from that -copyright holder, and you cure the violation prior to 30 days after -your receipt of the notice. - - Termination of yourganization, or merging organizations. If propagation of a covered -work results from an entity transaction, each party to that -transaction who receives a copy of the work also receives whatever -licenses to the work the party's predecessor in interest had or could -give under the previous paragraph, plus a right to possession of the -Corresponding Source of the work from the predecessor in interest, if -the predecessor has it or can get it with reasonable efforts. - - You may not impose any further restrictions on the exercise of the -rights granted or affirmed under this License. For example, you may -not impose a license fee, royalty, or other charge for exercise of -rights granted under this License, and you may not initiate litigation -(including a cross-claim or counterclaim in a lawsuit) alleging that -any patent claim is infringed by making, using, selling, offering for -sale, or importing the Program or any portion of it. - - 11. Patents. - - A "contributor" is a copyright holder who authorizes use under this -License of the Program or a work on which the Program is based. The -work thus licensed is called the contributor's "contributor version". - - A contributor's "essential patent claims" are all patent claims -owned or controlled by the contributor, whether already acquired or -hereafter acquired, that would be infringed by some manner, permitted -by this License, of making, using, or selling its contributor version, -but do not include claims that would be infringed only as a -consequence of further modification of the contributor version. For -purposes of this definition, "control" includes the right to grant -patent sublicenses in a manner consistent with the requirements of -this License. - - Each contributor grants you a non-exclusive, worldwide, royalty-free -patent license under the contributor's essential patent claims, to -make, use, sell, offer for sale, import and otherwise run, modify and -propagate the contents of its contributor version. - - In the following three paragraphs, a "patent license" is any express -agreement or commitment, however denominated, not to enforce a patent -(such as an express permission to practice a patent or covenant not to -sue for patent infringement). To "grant" such a patent license to a -party means to make such an agreement or commitment not to enforce a -patent against the party. - - If you convey a covered work, knowingly relying on a patent license, -and the Corresponding Source of the work is not available for anyone -to copy, free of charge and under the terms of this License, through a -publicly available network server or other readily accessible means, -then you must either (1) cause the Corresponding Source to be so -available, or (2) arrange to deprive yourself of the benefit of the -patent license for this particular work, or (3) arrange, in a manner -consistent with the requirements of this License, to extend the patent -license to downstream recipients. "Knowingly relying" means you have -actual knowledge that, but for the patent license, your conveying the -covered work in a country, or your recipient's use of the covered work -in a country, would infringe one or more identifiable patents in that -country that you have reason to believe are valid. - - If, pursuant to or in connection with a single transaction or -arrangement, you convey, or propagate by procuring conveyance of, a -covered work, and grant a patent license to some of the parties -receiving the covered work authorizing them to use, propagate, modify -or convey a specific copy of the covered work, then the patent license -you grant is automatically extended to all recipients of the covered -work and works based on it. - - A patent license is "discriminatory" if it does not include within -the scope of its coverage, prohibits the exercise of, or is -conditioned on the non-exercise of one or more of the rights that are -specifically granted under this License. You may not convey a covered -work if you are a party to an arrangement with a third party that is -in the business of distributing software, under which you make payment -to the third conditions of this License. If you cannot convey a -covered work so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you may -not convey it at all. For example, if you agree to terms that obligate you -to collect a royalty for further conveying from those to whom you convey -the Program, the only way you could satisfy both those terms and this -License would be to refrain entirely from conveying the Program. - - 13. Use with the GNU Affero General Public License. - - Notwithstanding any other provision of this License, you have -permission to link or combine any covered work with a work licensed -under version 3 of the GNU Affero General Public License into a single -combined work, and to convey the resulting work. The terms of this -License will continue to apply to the part which is the covered work, -but the special requirements of the GNU Affero General Public License, -section 13, concerning interaction through a network will apply to the -combination as such. - - 14. Revised Versions of this License. - - The Free Software Foundation may publish revised and/or new versions of -the GNU General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - - Each version is given a distinguishing version number. If the -Program specifies that a certain numbered version of the GNU General -Public License "or any later version" applies to it, you have the -option of following the terms and conditions either of that numbered -version or of any later version published by the Free Software -Foundation. If the Program does not specify a version number of the -GNU General Public License, you may choose any version ever published -by the Free Software Foundation. - - If the Program specifies that a proxy can decide which future -versions of the GNU General Public License can be used, that proxy's -public statement of acceptance of a version permanently authorizes you -to choose that version for the Program. - - Later license versions may give you additional or different -permissions. However, no additional obligations are imposed on any -author or copyright holder as a result of your choosing to follow a -later version. - - 15. Disclaimer of Warranty. - - THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY -APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT -HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY -OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM -IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF -ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - - 16. Limitation of Liability. - - IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS -THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY -GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE -USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF -DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD -PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), -EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF -SUCH DAMAGES. - - 17. Interpretation of Sections 15 and 16. - - If the disclaimer of warranty and limitation of liability provided -above cannot be given local legal effect according to their terms, -reviewing courts shall apply local law that most closely approximates -an absolute waiver of all civil liability in connection with the -Program, unless a warranty or assumption of liability accompanies a -copy of the Program in return for a fee. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, aLAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - -Also add information on how to contact you by electronic and paper mail. - - If the program does terminal interaction, make it output a short -notice like this when it starts in an interactive mode: - - Copyright (C) - This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, your program's commands -might be different; for a GUI interface, you would use an "about box". - - You should also get your employer (if you work as a programmer) or school, -if any, to sign a "copyright disclaimer" for the program, if necessary. -For more information on this, and how to apply and follow the GNU GPL, see -. - - The GNU General Public License does not permit incorporating your program -into proprietary programs. If your program is a subroutine library, you -may consider it more useful to permit linking proprietary applications with -the library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. But first, please read -. diff --git a/sources/plugins/ldapAliasSync/README.md b/sources/plugins/ldapAliasSync/README.md deleted file mode 100644 index 9221c92..0000000 --- a/sources/plugins/ldapAliasSync/README.md +++ /dev/null @@ -1,16 +0,0 @@ -ldapAliasSync -============= - -Roundcube Plugin for fetching Identities (name, email, organization, reply, bcc, signature) from LDAP Aliases at login - -Based on the 'Identiteam' Plugin (https://github.com/arodier/Roundcube-Plugins/tree/master/plugins/identiteam) by André Rodier . -Special thanks to Rocco (https://github.com/roccosportal), who made this plugin work :) -Extended features by Dominik George . - -Copyright according to GPLv3 (see COPYING). - -Bugs & Issues: -- Enter bug reports in https://github.com/dim-0/ldapAliasSync/issues - -Basic Installation: -- Copy config-default.inc.php in config.inc.php, and modify the values you need. diff --git a/sources/plugins/ldapAliasSync/composer.json b/sources/plugins/ldapAliasSync/composer.json deleted file mode 100644 index 3dd3980..0000000 --- a/sources/plugins/ldapAliasSync/composer.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "name": "dim-0/ldap-alias-sync", - "type": "roundcube-plugin", - "license": "GPLv3", - "repositories": [ - { - "type": "composer", - "url": "https://plugins.roundcube.net" - } - ], - "require": { - "roundcube/plugin-installer": ">=0.1.3" - } -} diff --git a/sources/plugins/ldapAliasSync/config-default.inc.php b/sources/plugins/ldapAliasSync/config-default.inc.php deleted file mode 100644 index 279f33d..0000000 --- a/sources/plugins/ldapAliasSync/config-default.inc.php +++ /dev/null @@ -1,248 +0,0 @@ - array( - # Domain to use for LDAP searches (required, if 'replace_domain' is true) - # If no login name is given (or 'replace_domain' is true), - # the domain part for the LDAP filter is set to this value - # Default: none - #'search_domain' => '', - - # Replace domain part for LDAP searches (optional) - # This parameter can be used in order to override the login domain part with - # the value maintained in 'search_domain' - # Possible values: true, false - # Default: false - #'replace_domain' => false, - - # Dovecot master user separator (optional) - # If you use the dovecot impersonation feature, this separator will be used - # in order to determine the actual login name. - # Set it to the same character if using this feature, otherwise you can also - # leave it empty. - # Default: none - #'dovecot_separator' => '', - ), - - // LDAP parameters - 'ldap' => array( - # LDAP connection scheme (optional) - # Possible values: 'ldap', 'ldaps', 'ldapi' - # Default: 'ldap' - #'scheme' => 'ldap', - - # LDAP server address (optional) - # Default: 'localhost' - #'server' => 'localhost', - - # LDAP server port (optional) - # Default: '389' - #'port' => '389', - - # LDAP Bind DN (requried, if no anonymous read rights are set for the accounts) - # Default: none - #'bind_dn' => '', - - # Bind password (required, if the bind DN needs to authenticate) - # Default: none - #'bind_pw' => '', - ), - - # 'user_search' holds all config variables for the user search - 'user_search' => array( - # LDAP search base (required) - # - Use '%login' as a place holder for the login name - # - Use '%local' as a place holder for the login name local part - # - Use '%domain' as a place holder for the login name domain part (/'search_domain', if not given or replaced) - # - Use '%email' as a place holder for the email address ('%local'@'%domain') - # - Use '%%' as a place holder for '%' - 'base_dn' => 'uid=%local,ou=users,dc=example,dc=com', - - # LDAP search filter (optional) - # This open filter possibility is the heart of the LDAP search. - # - Use '%login' as a place holder for the login name - # - Use '%local' as a place holder for the login name local part - # - Use '%domain' as a place holder for the login name domain part (/'search_domain', if not given or replaced) - # - Use '%email' as a place holder for the email address ('%local'@'%domain') - # - Use '%%' as a place holder for '%' - # Default: '(objectClass=*)' - #'filter' => '(objectClass=*)', - - # LDAP alias derefencing (optional) - # Possible values: never, search, find, always - # Default: 'never' - #'deref' => 'never', - - # How to find the e-mail addresses (required) - # Possible values are: - # - 'attribute' - e-mail address will be taken from the entry's 'attr_mail' attribute - # - 'dn' - e-mail address local part will be taken from the entry's 'attr_local'; - # e-mail address domain part will be taken from the DN's 'attr_dom' attributes - # - 'memberof' - e-mail address local part will be taken form the entry's 'attr_local'; - # e-mail address domain part will be taken from the memberof attributes' 'attr_dom' attributes - # - 'static' - e-mail address local part will be taken form the entry's 'attr_local'; - # e-mail address domain part will be copied from 'domain_static' - 'mail_by' => 'attribute', - - # LDAP e-mail attribute (required, if 'mail_by' is 'attribute') - 'attr_mail' => 'mail', - - # LDAP e-mail local part attribute (required, if 'mail_by' is 'dn', 'memberof' or 'static') - # Default: none - #'attr_local' => '', - - # LDAP e-mail domain part attribute (required, if 'mail_by' is 'dn' or 'memberof') - # Default: none - #'attr_dom' => '', - - # Static domain to append to local parts (required, if 'mail_by' is 'static') - # Default: none - #'domain_static' => '', - - # Users with one of the following domains will be ignored (optional) - # Default: none - #'ignore_domains' => array(), - - # How to handle non-domain attributes in a DN (optional) - # Set to 'stop', if you want to stop the search (e.g. uid=u1,dc=mail,dc=de,ou=dom,dc=example,dc=com --> mail.de) - # Set to 'stop', if you want to skip non-domain attributes (e.g. uid=u1,dc=mail,dc=de,ou=dom,dc=example,dc=com --> mail.de.example.com) - # Possible values: 'stop', 'skip' - # Default: 'stop' - #'non_domain_attr' => 'stop', - - ### The following attributes can be fetched from LDAP in order to provide additional identity information - - # LDAP name attribute (optional) - # Default: none - #'attr_name' => '', - - # LDAP organization attribute (optional) - # Default: none - #'attr_org' => '', - - # LDAP reply-to attribute (optional) - # Default: none - #'attr_reply' => '', - - # LDAP bcc (blind carbon copy) attribute (optional) - # Default: none - #'attr_bcc' => '', - - # LDAP signature attribute (optional) - # Default: none - #'attr_sig' => '', - ), - - # 'alias_search' holds all config variables for the alias search - 'alias_search' => array( - # LDAP search base (required) - # - Use '%login' as a place holder for the login name - # - Use '%local' as a place holder for the login name local part - # - Use '%domain' as a place holder for the login name domain part (/'search_domain', if not given or replaced) - # - Use '%email' as a place holder for the email address ('%local'@'%domain') - # - Use '%dn' as a place holder for the DN returned by the user search - # - Use '%%' as a place holder for '%' - 'base_dn' => 'ou=aliases,dc=example,dc=com', - - # LDAP search filter (optional) - # This open filter possibility is the heart of the LDAP search. - # - Use '%login' as a place holder for the login name - # - Use '%local' as a place holder for the login name local part - # - Use '%domain' as a place holder for the login name domain part (/'search_domain', if not given or replaced) - # - Use '%email' as a place holder for the email address ('%local'@'%domain') - # - Use '%dn' as a place holder for the DN returned by the user search - # - Use '%%' as a place holder for '%' - # Default: '(objectClass=*)' - #'filter' => '(objectClass=*)', - - # LDAP alias derefencing (optional) - # Possible values: never, search, find, always - # Default: 'never' - #'deref' => 'never', - - # How to find the e-mail addresses (required) - # Possible values are: - # - 'attribute' - e-mail address will be taken from the entry's 'attr_mail' attribute - # - 'dn' - e-mail address local part will be taken from the entry's 'attr_local'; - # e-mail address domain part will be taken from the DN's 'attr_dom' attributes - # - 'memberof' - e-mail address local part will be taken form the entry's 'attr_local'; - # e-mail address domain part will be taken from the memberOf attributes' 'attr_dom' attributes - # - 'static' - e-mail address local part will be taken form the entry's 'attr_local'; - # e-mail address domain part will be copied from 'domain_static' - 'mail_by' => 'attribute', - - # LDAP e-mail attribute (required, if 'mail_by' is 'attribute') - 'attr_mail' => 'mail', - - # LDAP e-mail local part attribute (required, if 'mail_by' is 'dn', 'memberof' or 'static') - # Default: none - #'attr_local' => '', - - # LDAP e-mail domain part attribute (required, if 'mail_by' is 'dn' or 'memberof') - # Default: none - #'attr_dom' => '', - - # Static domain to append to local parts (required, if 'mail_by' is 'static') - # Default: none - #'domain_static' => '', - - # Users with one of the following domains will be ignored (optional) - # Default: none - #'ignore_domains' => array(), - - # How to handle non-domain attributes in a DN (optional) - # Set to 'stop', if you want to stop the search (e.g. uid=u1,dc=mail,dc=de,ou=dom,dc=example,dc=com --> mail.de) - # Set to 'skip', if you want to skip non-domain attributes (e.g. uid=u1,dc=mail,dc=de,ou=dom,dc=example,dc=com --> mail.de.example.com) - # Possible values: 'stop', 'skip' - # Default: 'stop' - #'non_domain_attr' => 'stop', - - ### The following attributes can be fetched from LDAP in order to provide additional identity information - - # LDAP name attribute (optional) - # Default: none - #'attr_name' => '', - - # LDAP organization attribute (optional) - # Default: none - #'attr_org' => '', - - # LDAP reply-to attribute (optional) - # Default: none - #'attr_reply' => '', - - # LDAP bcc (blind carbon copy) attribute (optional) - # Default: none - #'attr_bcc' => '', - - # LDAP signature attribute (optional) - # Default: none - #'attr_sig' => '', - ), - - 'general' => array( - # Log level (optional) - # Set the level of log details to be logged by this plugin - # Possible values: 'error', 'warn', 'info', 'debug' - # Default: 'error' - #'log_level' => 'error', - - # Update identity (optional) - # Set to true, if you want update an existing identity with the same e-mail address in the database - # Possible values: true, false - # Default: false - #'update_existing' => false, - - # Update empty fields of the identity (optional) - # Set to true, if you want to also update empty fields of the identity. - # Possible values: true, false - # Default: false - #'update_empty_fields' => false, - ), -); -?> diff --git a/sources/plugins/ldapAliasSync/ldapAliasSync.php b/sources/plugins/ldapAliasSync/ldapAliasSync.php deleted file mode 100644 index 6b81144..0000000 --- a/sources/plugins/ldapAliasSync/ldapAliasSync.php +++ /dev/null @@ -1,831 +0,0 @@ - - * Author: Lukas Mika - * Licence: GPLv3. (See copying) - */ -class ldapAliasSync extends rcube_plugin { -// ---------- Global variables - // Internal variables - public $task = 'login'; - private $initialised; - private $app; - private $rc_user; - - // Config variables - private $config = array(); - private $cfg_ldap = array(); - private $cfg_mail = array(); - private $cfg_user = array(); - private $cfg_alias = array(); - private $cfg_general = array(); - - // Plugin variables - private $ldap_con; - -// ---------- Main functions - // Plugin initialization - function init() { - try { - $this->log_debug('Initialising...'); - - // Load general roundcube config settings - $this->load_config('config.inc.php'); - $this->app = rcmail::get_instance(); - - // Load plugin config settings - $this->config = $this->app->config->get('ldapAliasSync'); - - $this->cfg_ldap = $this->check_ldap_config($this->config['ldap']); - $this->cfg_mail = $this->check_mail_config($this->config['mail']); - $this->cfg_user = $this->check_user_config($this->config['user_search']); - $this->cfg_alias = $this->check_alias_config($this->config['alias_search']); - $this->cfg_general = $this->check_general_config($this->config['general']); - $this->log_debug('Configuration successfully loaded'); - - // register hook - $this->add_hook('login_after', array($this, 'login_after')); - $this->initialised = true; - $this->log_debug('Plugin Hook \'login_after\' set'); - } catch ( Exception $exc ) { - $this->log_error('Failed to initialise: '.$exc->getMessage()); - } - - if ( $this->initialised ) { - $this->log_info('Plugin initialised'); - } - } - - /** - * login_after - * - * See http://trac.roundcube.net/wiki/Plugin_Hooks - * Arguments: - * - URL parameters (e.g. task, action, etc.) - * Return values: - * - task - * - action - * - more URL parameters - */ - function login_after($args) { - $login = array(); - - try { - $this->rc_user = rcmail::get_instance()->user; - $login = $this->get_login_info($this->rc_user->get_username('mail'), $this->cfg_mail); - $this->log_debug("User information: %login: ".$login['login'].", %local: ".$login['local'].", %domain: ".$login['domain'].", %email: ".$login['email']); - - $this->ldap_con = $this->initialize_ldap($this->cfg_ldap); - $this->log_debug("LDAP connection established"); - - $identities = $this->fetch_identities($login); - $this->log_info("Fetched ".count($identities)." identities"); - - $this->sync_identities_db($identities); - $this->log_info("Identities in DB synchronized"); - } catch ( Exception $exc ) { - $this->log_error('Runtime error: '.$exc->getMessage()); - } - - ldap_close($this->ldap_con); - $this->log_debug("LDAP connection closed"); - - return $args; - } - -// ---------- Helper functions - function initialize_ldap($config) { - $uri = ''; - $con = null; - - $uri = $config['scheme'].'://'.$config['server'].':'.$config['port']; - - $con = ldap_connect($uri); - - if ( is_resource($con) ) { - $this->log_debug("LDAP resource: ".$uri); - ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3); - } else { - throw new Exception(sprintf("Connection to the server failed: (Error=%s)", ldap_errno($con))); - } - - // Bind to server - if ( $this->cfg_ldap['bind_dn'] ){ - $bound = @ldap_bind($con, $this->cfg_ldap['bind_dn'], $this->cfg_ldap['bind_pw']); - } else { - $bound = @ldap_bind($con); - } - - if ( ! $bound ) { - throw new Exception(sprintf("Bind to server '%s' failed. Con: (%s), Error: (%s)", $this->cfg_ldap['server'], $con, ldap_errno($con))); - } else { - $this->log_debug("LDAP Bind successfull"); - } - - return $con; - } - - function get_login_info($info, $config) { - $login = array(); - - $login['login'] = $info; - - if ( strstr($info, '@') ) { - $login_parts = explode('@', $info); - - $login['local'] = $login_parts[0]; - $login['domain'] = $login_parts[1]; - - if ( $config['replace_domain'] && $config['search_domain'] ) { - $login['domain'] = $config['search_domain']; - } - } else { - $login['local'] = $login; - - if ( $config['search_domain'] ) { - $login['domain'] = $config['search_domain']; - } - } - - if ( $config['dovecot_separator'] && strstr($login['local'], $config['dovecot_separator']) ) { - $login['local'] = array_shift(explode($config['dovecot_separator'], $login['local'])); - } - - if ( $login['local'] && $login['domain'] ) { - $login['email'] = $login['local']."@".$login['domain']; - } - - return $login; - } - - function fetch_identities($login) { - $ldap_users = array(); - $ldap_user = array(); - $aliases = array(); - $alias = array(); - $identities = array(); - - $ldap_users = $this->get_ldap_identities($login, $this->cfg_user, ''); - - if ( count($ldap_users) == 0 ) { - throw new Exception(sprintf("User '%s' not found.", $login['login'])); - } else { - $this->log_debug("Found ".count($ldap_users)." for user ".$login['login']); - } - - foreach ( $ldap_users as $ldap_user ) { - array_push($identities, $ldap_user); - $aliases = $this->get_ldap_identities($login, $this->cfg_alias, $ldap_user['dn']); - $this->log_debug("Found ".count($aliases)." aliases"); - foreach ( $aliases as $alias ) { - array_push($identities, $alias); - } - } - - return $identities; - } - - function get_ldap_identities($login, $config, $dn) { - $base_dn = $config['base_dn']; - $filter = $config['filter']; - $fields = array(); - $bound = false; - $result = null; - $entries = array(); - $identities = array(); - - // Prepare LDAP query base DN - $base_dn = str_replace('%login', $login['login'], $base_dn); - $base_dn = str_replace('%local', $login['local'], $base_dn); - $base_dn = str_replace('%domain', $login['domain'], $base_dn); - $base_dn = str_replace('%email', $login['email'], $base_dn); - $base_dn = str_replace('%dn', $dn, $base_dn); - $base_dn = str_replace('%%', '%', $base_dn); - - // Prepare LDAP query filter - $filter = str_replace('%login', $login['login'], $filter); - $filter = str_replace('%local', $login['local'], $filter); - $filter = str_replace('%domain', $login['domain'], $filter); - $filter = str_replace('%email', $login['email'], $filter); - $filter = str_replace('%dn', $dn, $filter); - $filter = str_replace('%%', '%', $filter); - - // Prepare LDAP query attributes - if ( $config['attr_mail'] ) { - array_push($fields, $config['attr_mail']); - } - if ( $config['attr_local'] ) { - array_push($fields, $config['attr_local']); - } - if ( $config['attr_dom'] ) { - array_push($fields, $config['attr_dom']); - } - if ( $config['attr_name'] ) { - array_push($fields, $config['attr_name']); - } - if ( $config['attr_org'] ) { - array_push($fields, $config['attr_org']); - } - if ( $config['attr_reply'] ) { - array_push($fields, $config['attr_reply']); - } - if ( $config['attr_bcc'] ) { - array_push($fields, $config['attr_bcc']); - } - if ( $config['attr_sig'] ) { - array_push($fields, $config['attr_sig']); - } - if ( $config['mail_by'] == 'memberof' ) { - array_push($fields, 'memberof'); - } - - $this->log_debug("LDAP Query: base DN: ".$base_dn.", filter: ".$filter); - $result = @ldap_search($this->ldap_con, $base_dn, $filter, $fields, 0, 0, 0, $config['deref']); - - if ( $result ) { - $entries = @ldap_get_entries($this->ldap_con, $result); - } else { - $this->log_warning("LDAP Message: ".ldap_errno($this->ldap_con).": ".ldap_error($this->ldap_con)); - } - - $this->log_debug("LDAP Query returned ".$entries['count']." entries."); - for ($i=0; $i<$entries['count']; $i++) { - $entry = null; - $entry = $entries["$i"]; - $ids = $this->get_ids_from_obj($entry, $config); - $this->log_debug(count($ids)." IDs fetched"); - foreach ( $ids as $id ) { - array_push($identities, $id); - } - } - $this->log_debug(count($identities)." IDs fetched in total for this LDAP query"); - return $identities; - } - - function get_ids_from_obj($ldap_id, $config) { - $identity = array(); - $identities = array(); - $entries = array(); - $entry = array(); - $local = ''; - $domain = ''; - $stop = true; - - // Get attributes - $identity['dn'] = $ldap_id['dn']; - - if ( $config['attr_name'] ) { - $ldap_temp = $ldap_id[$config['attr_name']]; - $identity['name'] = $ldap_temp[0]; - } - - if ( $config['attr_org'] ) { - $ldap_temp = $ldap_id[$config['attr_org']]; - $identity['organization'] = $ldap_temp[0]; - } - - if ( $config['attr_reply'] ) { - $ldap_temp = $ldap_id[$config['attr_reply']]; - $identity['reply-to'] = $ldap_temp[0]; - } - - if ( $config['attr_bcc'] ) { - $ldap_temp = $ldap_id[$config['attr_bcc']]; - $identity['bcc'] = $ldap_temp[0]; - } - - if ( $config['attr_sig'] ) { - $ldap_temp = $ldap_id[$config['attr_sig']]; - $identity['signature'] = $ldap_temp[0]; - } - - if ( preg_match('/^\s*<[a-zA-Z]+/', $identity['signature']) ) { - $identity['html_signature'] = 1; - } else { - $identity['html_signature'] = 0; - } - - // Get e-mail address - switch ( $config['mail_by'] ) { - case 'attribute': - $ldap_temp = $ldap_id[$config['attr_mail']]; - foreach ( $ldap_temp as $attr ) { - if ( strstr($attr, '@') ) { - $domain_expl = explode('@', $attr); - $domain = $domain_expl[1]; - if ( $domain && ! in_array( $domain, $config['ignore_domains']) ) { - $identity['email'] = $attr; - if ( ! $identity['name'] ) { - $identity_expl = explode('@', $attr); - $identity['name'] = $identity_expl[0]; - } - array_push($identities, $identity); - $this->log_debug("Found address ".$identity['email']); - } - } - } - break; - case 'dn': - $ldap_temp = $ldap_id[$config['attr_local']]; - $local = $ldap_temp[0]; - if ( $config['non_domain_attr'] == 'skip' ) { - $stop = false; - } else { - $stop = true; - } - $domain = $this->get_domain_name($ldap_id['dn'], $config['attr_dom'], $stop); - if ( $local && $domain && ! in_array($domain, $config['ignore_domains']) ) { - $identity['email'] = $local.'@'.$domain; - if ( ! $identity['name'] ) { - $identity['name'] = $local; - } - array_push($identities, $identity); - $this->log_debug("Found address ".$identity['email']); - } - break; - case 'memberof': - $ldap_temp = $ldap_id[$config['attr_local']]; - $local = $ldap_temp[0]; - if ( $config['non_domain_attr'] == 'skip' ) { - $stop = false; - } else { - $stop = true; - } - $ldap_temp = $ldap_id['memberof']; - foreach ( $ldap_temp as $memberof ) { - $domain = $this->get_domain_name($memberof, $config['attr_dom'], $stop); - if ( $local && $domain && ! in_array($domain, $config['ignore_domains']) ) { - $identity['email'] = $local.'@'.$domain; - if ( ! $identity['name'] ) { - $identity['name'] = $local; - } - array_push($identities, $identity); - $this->log_debug("Found address ".$identity['email']); - } - } - break; - case 'static': - $ldap_temp = $ldap_id[$config['attr_local']]; - $local = $ldap_temp[0]; - if ( $local && $config['domain_static'] && ! in_array($config['domain_static'], $config['ignore_domains']) ) { - $identity['email'] = $local.'@'.$config['domain_static']; - if ( ! $identity['name'] ) { - $identity['name'] = $local; - } - array_push($identities, $identity); - $this->log_debug("Found address ".$identity['email']); - } - break; - } - return $identities; - } - - function get_domain_name( $dn, $attr, $stop = true ) { - $found = false; - $domain = ''; - - $dn_parts = explode(',', $dn); - - foreach( $dn_parts as $dn_part ) { - $objs = explode('=', $dn_part); - if ($objs[0] == $attr) { - $found = true; - if ( strlen( $domain ) == 0 ) { - $domain = $objs[1]; - } else { - $domain .= ".".$objs[1]; - } - } elseif ( $found == true && $stop == true ) { - break; - } - } - return $domain; - } - - function sync_identities_db($identities) { - $db_identities = array(); - $db_identity = array(); - $identity = array(); - $key = ''; - $value = ''; - $in_db = false; - $in_ldap = false; - - if ( count($identities) > 0 && $db_identities = $this->rc_user->list_identities() ) { - - # Check which identities not yet contained in the database - foreach ( $identities as $identity ) { - $in_db = false; - unset($identity['dn']); - - foreach ( $db_identities as $db_identity ) { - # email is our only comparison parameter - if( $db_identity['email'] == $identity['email'] ) { - if ( $this->cfg_general['update_existing'] ) { - if ( ! $this->cfg_general['update_empty_fields']) { - foreach ($identity as $key => $value) { - if ( empty($identity[$key]) ) { - unset($identity[$key]); - } - } - } - $this->rc_user->update_identity ( $db_identity['identity_id'], $identity ); - $this->log_info("Updated identity ".$identity['email']); - } - $in_db = true; - break; - } - } - - if( !$in_db ) { - $this->rc_user->insert_identity( $identity ); - $this->log_info("Inserted identity ".$identity['email']); - } - } - - # Check which identities are available in database but nut in LDAP and delete those - foreach ( $db_identities as $db_identity ) { - $in_ldap = false; - - foreach ( $identities as $identity ) { - # email is our only comparison parameter - if( $db_identity['email'] == $identity['email'] ) { - $in_ldap = true; - break; - } - } - - # If this identity does not exist in LDAP, delete it from database - if( !$in_ldap ) { - $this->rc_user->delete_identity($db_identity['identity_id']); - $this->log_warning("Deleted identity ".$db_identity['email']); - } - } - } - } - - function log_error($msg) { - write_log('ldapAliasSync', "ERROR: ".$msg); - } - - function log_warning($msg) { - if ( $this->cfg_general['log_level'] >= 1 ) { - write_log('ldapAliasSync', "WARNING: ".$msg); - } - } - - function log_info($msg) { - if ( $this->cfg_general['log_level'] >= 2 ) { - write_log('ldapAliasSync', "INFO: ".$msg); - } - } - - function log_debug($msg) { - if ( $this->cfg_general['log_level'] >= 3 ) { - write_log('ldapAliasSync', "DEBUG: ".$msg); - } - } - -// ---------- Configuration functions - function check_ldap_config($config) { - $SCHEMES = array('ldap', 'ldaps', 'ldapi'); - - // Set default values for empty config parameters - if (! $config['scheme']) { - $config['scheme'] = 'ldap'; - } - if (! $config['server']) { - $config['server'] = 'localhost'; - } - if (! $config['port']) { - $config['port'] = '389'; - } - if (! $config['bind_dn']) { - $config['bind_dn'] = ''; - } - if (! $config['bind_pw']) { - $config['bind_pw'] = ''; - } - - // Check parameters with fixed value set - if (! in_array($config['scheme'], $SCHEMES)) { - throw new Exception('[ldap] scheme "'.$config['scheme'].'" is invalid'); - } - - return $config; - } - - function check_mail_config($config) { - // Set default values for empty config parameters - if (! $config['search_domain']) { - $config['search_domain'] = ''; - } - if (! $config['replace_domain']) { - $config['replace_domain'] = false; - } - if (! $config['dovecot_separator']) { - $config['dovecot_separator'] = ''; - } - - // Check parameter combinations - if ($config['replace_domain'] && ! $config['search_domain']) { - throw new Exception('[mail] search_domain must not be initial, if replace_domain is set to "true"!'); - } - - return $config; - } - - function check_user_config($config) { - $DEREFS = array($LDAP_DEREF_NEVER, $LDAP_DEREF_FINDING, $LDAP_DEREF_SEARCHING, $LDAP_DEREF_ALWAYS); - $MAIL_BYS = array('attribute', 'dn', 'memberof', 'static'); - $NDATTRS = array('stop', 'skip'); - - // Set default values for empty config parameters - if (! $config['base_dn']) { - $config['base_dn'] = ''; - } - if (! $config['filter']) { - $config['filter'] = '(objectClass=*)'; - } - if (! $config['deref']) { - $config['deref'] = 'never'; - } - if (! $config['mail_by']) { - $config['mail_by'] = 'attribute'; - } - if (! $config['attr_mail']) { - $config['attr_mail'] = 'mail'; - } else { - $config['attr_mail'] = strtolower($config['attr_mail']); - } - if (! $config['attr_local']) { - $config['attr_local'] = ''; - } else { - $config['attr_local'] = strtolower($config['attr_local']); - } - if (! $config['attr_dom']) { - $config['attr_dom'] = ''; - } else { - $config['attr_dom'] = strtolower($config['attr_dom']); - } - if (! $config['domain_static']) { - $config['domain_static'] = ''; - } - if (! $config['ignore_domains']) { - $config['ignore_domains'] = array(); - } - if (! $config['non_domain_attr']) { - $config['non_domain_attr'] = 'stop'; - } - if (! $config['attr_name']) { - $config['attr_name'] = ''; - } else { - $config['attr_name'] = strtolower($config['attr_name']); - } - if (! $config['attr_org']) { - $config['attr_org'] = ''; - } else { - $config['attr_org'] = strtolower($config['attr_org']); - } - if (! $config['attr_reply']) { - $config['attr_reply'] = ''; - } else { - $config['attr_reply'] = strtolower($config['attr_reply']); - } - if (! $config['attr_bcc']) { - $config['attr_bcc'] = ''; - } else { - $config['attr_bcc'] = strtolower($config['attr_bcc']); - } - if (! $config['attr_sig']) { - $config['attr_sig'] = ''; - } else { - $config['attr_sig'] = strtolower($config['attr_sig']); - } - - // Override values - switch ( $config['deref'] ) { - case 'never': - $config['deref'] = $LDAP_DEREF_NEVER; - break; - case 'search': - $config['deref'] = $LDAP_DEREF_SEARCHING; - break; - case 'find': - $config['deref'] = $LDAP_DEREF_FINDING; - break; - case 'always': - $config['deref'] = $LDAP_DEREF_ALWAYS; - break; - } - - // Check on empty parameters - if (! $config['base_dn']) { - throw new Exception('[user_search] base_dn must not be initial!'); - } - - // Check parameters with fixed value set - if (! in_array($config['deref'], $DEREFS)) { - throw new Exception('[user_search] deref "'.$config['deref'].'" is invalid'); - } - if (! in_array($config['mail_by'], $MAIL_BYS)) { - throw new Exception('[user_search] mail_by "'.$config['mail_by'].'" is invalid'); - } - if (! in_array($config['non_domain_attr'], $NDATTRS)) { - throw new Exception('[user_search] non_domain_attr "'.$config['non_domain_attr'].'" is invalid'); - } - - // Check parameter combinations - if ($config['mail_by'] == 'attribute' && ! $config['attr_mail']) { - throw new Exception('[user_search] attr_mail must not be initial, if mail_by is set to "attribute"!'); - } - if ($config['mail_by'] == 'dn' && ! $config['attr_local']) { - throw new Exception('[user_search] attr_local must not be initial, if mail_by is set to "dn"!'); - } - if ($config['mail_by'] == 'dn' && ! $config['attr_dom']) { - throw new Exception('[user_search] attr_dom must not be initial, if mail_by is set to "dn"!'); - } - if ($config['mail_by'] == 'memberof' && ! $config['attr_local']) { - throw new Exception('[user_search] attr_local must not be initial, if mail_by is set to "memberof"!'); - } - if ($config['mail_by'] == 'memberof' && ! $config['attr_dom']) { - throw new Exception('[user_search] attr_dom must not be initial, if mail_by is set to "memberof"!'); - } - if ($config['mail_by'] == 'static' && ! $config['attr_local']) { - throw new Exception('[user_search] attr_local must not be initial, if mail_by is set to "static"!'); - } - if ($config['mail_by'] == 'static' && ! $config['domain_static']) { - throw new Exception('[user_search] domain_static must not be initial, if mail_by is set to "static"!'); - } - - return $config; - } - - function check_alias_config($config) { - $DEREFS = array($LDAP_DEREF_NEVER, $LDAP_DEREF_SEARCHING, $LDAP_DEREF_FINDING, $LDAP_DEREF_ALWAYS); - $MAIL_BYS = array('attribute', 'dn', 'memberof', 'static'); - $NDATTRS = array('stop', 'skip'); - - // Set default values for empty config parameters - if (! $config['base_dn']) { - $config['base_dn'] = ''; - } - if (! $config['filter']) { - $config['filter'] = '(objectClass=*)'; - } - if (! $config['deref']) { - $config['deref'] = 'never'; - } - if (! $config['mail_by']) { - $config['mail_by'] = 'attribute'; - } - if (! $config['attr_mail']) { - $config['attr_mail'] = 'mail'; - } else { - $config['attr_mail'] = strtolower($config['attr_mail']); - } - if (! $config['attr_local']) { - $config['attr_local'] = ''; - } else { - $config['attr_local'] = strtolower($config['attr_local']); - } - if (! $config['attr_dom']) { - $config['attr_dom'] = ''; - } else { - $config['attr_dom'] = strtolower($config['attr_dom']); - } - if (! $config['domain_static']) { - $config['domain_static'] = ''; - } - if (! $config['ignore_domains']) { - $config['ignore_domains'] = array(); - } - if (! $config['non_domain_attr']) { - $config['non_domain_attr'] = 'stop'; - } - if (! $config['attr_name']) { - $config['attr_name'] = ''; - } else { - $config['attr_name'] = strtolower($config['attr_name']); - } - if (! $config['attr_org']) { - $config['attr_org'] = ''; - } else { - $config['attr_org'] = strtolower($config['attr_org']); - } - if (! $config['attr_reply']) { - $config['attr_reply'] = ''; - } else { - $config['attr_reply'] = strtolower($config['attr_reply']); - } - if (! $config['attr_bcc']) { - $config['attr_bcc'] = ''; - } else { - $config['attr_bcc'] = strtolower($config['attr_bcc']); - } - if (! $config['attr_sig']) { - $config['attr_sig'] = ''; - } else { - $config['attr_sig'] = strtolower($config['attr_sig']); - } - - // Override values - switch ( $config['deref'] ) { - case 'never': - $config['deref'] = $LDAP_DEREF_NEVER; - break; - case 'search': - $config['deref'] = $LDAP_DEREF_SEARCHING; - break; - case 'find': - $config['deref'] = $LDAP_DEREF_FINDING; - break; - case 'always': - $config['deref'] = $LDAP_DEREF_ALWAYS; - break; - } - - // Check on empty parameters - if (! $config['base_dn']) { - throw new Exception('[alias_search] base_dn must not be initial!'); - } - - // Check parameters with fixed value set - if (! in_array($config['deref'], $DEREFS)) { - throw new Exception('[alias_search] deref "'.$config['deref'].'" is invalid'); - } - if (! in_array($config['mail_by'], $MAIL_BYS)) { - throw new Exception('[alias_search] mail_by "'.$config['mail_by'].'" is invalid'); - } - if (! in_array($config['non_domain_attr'], $NDATTRS)) { - throw new Exception('[alias_search] non_domain_attr "'.$config['non_domain_attr'].'" is invalid'); - } - - // Check parameter combinations - if ($config['mail_by'] == 'attribute' && ! $config['attr_mail']) { - throw new Exception('[alias_search] attr_mail must not be initial, if mail_by is set to "attribute"!'); - } - if ($config['mail_by'] == 'dn' && ! $config['attr_local']) { - throw new Exception('[alias_search] attr_local must not be initial, if mail_by is set to "dn"!'); - } - if ($config['mail_by'] == 'dn' && ! $config['attr_dom']) { - throw new Exception('[alias_search] attr_dom must not be initial, if mail_by is set to "dn"!'); - } - if ($config['mail_by'] == 'memberof' && ! $config['attr_local']) { - throw new Exception('[alias_search] attr_local must not be initial, if mail_by is set to "memberof"!'); - } - if ($config['mail_by'] == 'memberof' && ! $config['attr_dom']) { - throw new Exception('[alias_search] attr_dom must not be initial, if mail_by is set to "memberof"!'); - } - if ($config['mail_by'] == 'static' && ! $config['attr_local']) { - throw new Exception('[alias_search] attr_local must not be initial, if mail_by is set to "static"!'); - } - if ($config['mail_by'] == 'static' && ! $config['domain_static']) { - throw new Exception('[alias_search] domain_static must not be initial, if mail_by is set to "static"!'); - } - - return $config; - } - - function check_general_config($config) { - $LOG_LEVELS = array(3, 2, 1, 0); - - // Set default values for empty parameters - if (! $config['log_level']) { - $config['log_level'] = 'error'; - } - if (! $config['update_existing']) { - $config['update_existing'] = false; - } - if (! $config['update_empty_fields']) { - $config['update_empty_fields'] = false; - } - - // Override values - switch ( $config['log_level'] ) { - case 'debug': - $config['log_level'] = 3; - break; - case 'info': - $config['log_level'] = 2; - break; - case 'warning': - $config['log_level'] = 1; - break; - case 'error': - $config['log_level'] = 0; - break; - } - - // Check parameters with fixed value set - if (! in_array($config['log_level'], $LOG_LEVELS)) { - throw new Exception('[general] log_level "'.$config['log_level'].'" is invalid'); - } - - return $config; - } -} -?>