Merge branch 'master' of github.com:serghey-rodin/vesta

2025-08-14 02:28:03 -07:00 · 2015-01-26 18:37:16 +02:00 · 2015-01-26 18:37:16 +02:00 · ba8a0800e5
commit ba8a0800e5
parent 084142cdae 642db37c97
14 changed files with 35 additions and 51 deletions
--- a/bin/v-add-mail-account-fwd-only
+++ b/bin/v-add-mail-account-fwd-only
@ -56,7 +56,7 @@ fi

 # Adding account to fwd_only
 if [[ "$MAIL_SYSTEM" =~ exim ]]; then
-    echo "$account" > $HOMEDIR/$user/conf/mail/$domain/fwd_only
+    echo "$account" >> $HOMEDIR/$user/conf/mail/$domain/fwd_only
    chown -R $MAIL_USER:mail $HOMEDIR/$user/conf/mail/$domain/fwd_only
 fi

--- a/install/debian/templates/web/apache2/basedir.stpl
+++ b/install/debian/templates/web/apache2/basedir.stpl
@ -15,7 +15,9 @@
        AllowOverride All
        SSLRequireSSL
        Options +Includes -Indexes +ExecCGI
-        php_admin_value open_basedir %docroot%
+        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
+        php_admin_value upload_tmp_dir %home%/%user%/tmp
+        php_admin_value session.save_path %home%/%user%/tmp
    </Directory>
    <Directory %home%/%user%/web/%domain%/stats>
        AllowOverride All
--- a/install/debian/templates/web/apache2/basedir.tpl
+++ b/install/debian/templates/web/apache2/basedir.tpl
@ -14,7 +14,9 @@
    <Directory %docroot%>
        AllowOverride All
        Options +Includes -Indexes +ExecCGI
-        php_admin_value open_basedir %docroot%
+        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
+        php_admin_value upload_tmp_dir %home%/%user%/tmp
+        php_admin_value session.save_path %home%/%user%/tmp
    </Directory>
    <Directory %home%/%user%/web/%domain%/stats>
        AllowOverride All
--- a/install/rhel/templates/web/httpd/basedir.stpl
+++ b/install/rhel/templates/web/httpd/basedir.stpl
@ -15,7 +15,9 @@
        AllowOverride All
        SSLRequireSSL
        Options +Includes -Indexes +ExecCGI
-        php_admin_value open_basedir %docroot%
+        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
+        php_admin_value upload_tmp_dir %home%/%user%/tmp
+        php_admin_value session.save_path %home%/%user%/tmp
    </Directory>
    <Directory %home%/%user%/web/%domain%/stats>
        AllowOverride All
--- a/install/rhel/templates/web/httpd/basedir.tpl
+++ b/install/rhel/templates/web/httpd/basedir.tpl
@ -14,7 +14,9 @@
    <Directory %docroot%>
        AllowOverride All
        Options +Includes -Indexes +ExecCGI
-        php_admin_value open_basedir %docroot%
+        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
+        php_admin_value upload_tmp_dir %home%/%user%/tmp
+        php_admin_value session.save_path %home%/%user%/tmp
    </Directory>
    <Directory %home%/%user%/web/%domain%/stats>
        AllowOverride All
--- a/install/ubuntu/sudoers.conf
+++ b/install/ubuntu/sudoers.conf
@ -1,31 +0,0 @@
-#
-# This file MUST be edited with the 'visudo' command as root.
-#
-# Please consider adding local content in /etc/sudoers.d/ instead of
-# directly modifying this file.
-#
-# See the man page for details on how to write a sudoers file.
-#
-Defaults	env_reset
-Defaults	mail_badpass
-Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-Defaults	env_keep="VESTA"
-
-# Host alias specification
-
-# User alias specification
-
-# Cmnd alias specification
-
-# User privilege specification
-root	ALL=(ALL:ALL) ALL
-
-# Members of the admin group may gain root privileges
-%admin ALL=(ALL) ALL
-
-# Allow members of group sudo to execute any command
-%sudo	ALL=(ALL:ALL) ALL
-
-# See sudoers(5) for more information on "#include" directives:
-
-#includedir /etc/sudoers.d
--- a/install/ubuntu/sudoers.vestacp.conf
+++ b/install/ubuntu/sudoers.vestacp.conf
@ -0,0 +1 @@
+Defaults	env_keep="VESTA"
--- a/install/ubuntu/templates/web/apache2/basedir.stpl
+++ b/install/ubuntu/templates/web/apache2/basedir.stpl
@ -15,7 +15,9 @@
        AllowOverride All
        SSLRequireSSL
        Options +Includes -Indexes +ExecCGI
-        php_admin_value open_basedir %docroot%
+        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
+        php_admin_value upload_tmp_dir %home%/%user%/tmp
+        php_admin_value session.save_path %home%/%user%/tmp
    </Directory>
    <Directory %home%/%user%/web/%domain%/stats>
        AllowOverride All
--- a/install/ubuntu/templates/web/apache2/basedir.tpl
+++ b/install/ubuntu/templates/web/apache2/basedir.tpl
@ -14,7 +14,9 @@
    <Directory %docroot%>
        AllowOverride All
        Options +Includes -Indexes +ExecCGI
-        php_admin_value open_basedir %docroot%
+        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
+        php_admin_value upload_tmp_dir %home%/%user%/tmp
+        php_admin_value session.save_path %home%/%user%/tmp
    </Directory>
    <Directory %home%/%user%/web/%domain%/stats>
        AllowOverride All
--- a/install/vst-install-ubuntu.sh
+++ b/install/vst-install-ubuntu.sh
@ -300,11 +300,6 @@ mkdir -p $vst_backups/bind
 mkdir -p $vst_backups/vesta
 mkdir -p $vst_backups/home

-# Backup sudoers
-if [ -e '/etc/sudoers' ]; then
-    cp /etc/sudoers $vst_backups/
-fi
-
 # Backup nginx
 service nginx stop > /dev/null 2>&1
 if [ -e '/etc/nginx/nginx.conf' ]; then
@ -535,9 +530,9 @@ echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile
 echo "/sbin/nologin" >> /etc/shells

 # Sudo configuration
-wget $CHOST/$VERSION/sudoers.conf -O /etc/sudoers
+wget $CHOST/$VERSION/sudoers.vestacp.conf -O /etc/sudoers.d/vestacp
 wget $CHOST/$VERSION/sudoers.admin.conf -O /etc/sudoers.d/admin
-chmod 440 /etc/sudoers
+chmod 440 /etc/sudoers.d/vestacp
 chmod 440 /etc/sudoers.d/admin

 # NTP Synchronization
--- a/src/bash_coding_style.txt
+++ b/src/bash_coding_style.txt
@ -5,7 +5,7 @@ Contents:

    1. Introduction
    2. Naming Convention
-    3. Coments
+    3. Comments
    4. Coding Styles
    5. Basic formating
    6. If, For, and While   
@ -41,7 +41,7 @@ Contents:
        }                               #


-3. Coments
+3. Comments
    The total length of a line (including comment) must not exceed more than 80
    characters. Every file must be documented with an introductory comment that
    provides shorthand information on the file name and its contents.
--- a/src/v-check-user-password.c
+++ b/src/v-check-user-password.c
@ -45,10 +45,16 @@ int main (int argc, char** argv) {
    /* open log file */
    FILE* pFile = fopen ("/usr/local/vesta/log/auth.log","a+");
    if (NULL == pFile) {
-        printf("Error: can not open file %s \n", argv[0]);
+        printf("Error: can not open file /usr/local/vesta/log/auth.log \n");
        exit(12);
    }

+    int len = 0;
+    if(strlen(argv[1]) >= 100) {
+        printf("Too long username\n");
+        exit(1);
+    }
+
    /* parse user argument */
    struct passwd* userinfo = getpwnam(argv[1]);
    if (NULL != userinfo) {
--- a/web/api/index.php
+++ b/web/api/index.php
@ -14,10 +14,11 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
        
        $v_user = escapeshellarg($_POST['user']);
        $v_password = escapeshellarg($_POST['password']);
-        exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." '".$_SERVER["REMOTE_ADDR"]."'",  $output, $auth_code);
+        $v_ip_addr = escapeshellarg($_SERVER["REMOTE_ADDR"]);
+        exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." '".$v_ip_addr."'",  $output, $auth_code);
    } else {
        $key = '/usr/local/vesta/data/keys/' . basename($_POST['hash']);
-        if (file_exists($key)) {
+        if (file_exists($key) && is_file($key)) {
            $auth_code = '0';
        }
    }
--- a/web/templates/admin/add_ip.html
+++ b/web/templates/admin/add_ip.html
@ -147,4 +147,4 @@
                    </td>
                </tr>
            </table>
-        </from>
+        </form>