BlueGreycalmElegant

Català-Valencià – Catalan中文 – Chinese (Simplified)中文 – Chinese (Traditional)Česky – CzechDansk – DanishNederlands – DutchEnglish – EnglishSuomi – FinnishFrançais – FrenchDeutsch – Germanעברית – Hebrewहिंदी – HindiMagyar – HungarianBahasa Indonesia – IndonesianItaliano – Italian日本語 – Japanese한국어 – KoreanМакедонски – Macedonianमराठी – MarathiNorsk – NorwegianPolski – PolishPortuguês – PortuguesePortuguês – Portuguese (Brazil)Русский – RussianSlovenčina – SlovakSlovenščina – SlovenianEspañol – SpanishSvenska – SwedishTürkçe – TurkishУкраїнська – UkrainianOëzbekcha – Uzbek

Compare Revisions

• This comparison shows the changes necessary to convert path

  → / @ 2989

  → / @ 2990

  ↔ Reverse comparison

• Compare Path:	Rev

  With Path:	Rev

No changes between revisions

Ignore whitespace Rev 2989 → Rev 2990

/CHANGELOG
1,6 → 1,14
# $Id$
********** ALCASAR CHANGELOG **********
-------------------- 3.5.5 --------------------
NEWS
- mail registration service
CHANGES
- Add a third RPM repository (http://ftp.free.fr)
- Improve firewall local rules
BUGS
- Adapt "alcasar-network.sh" when ALCASAR is in DHCP mode
-------------------- 3.5.4 --------------------
NEWS
- Multi-WAN access with load balancing per user (Thx to Pierre RIVAULT for this great job)

/VERSION
1,0 → 0,0
3.5.4
3.5.5b

/alcasar.sh
12,7 → 12,8
# -i or --install
# -u or --uninstall
# Functions :
# testing : connectivity tests, free space test and mageia version test
# system_testing : Free space test and mageia version test
# network_testing : Internet connectivity tests
# init : Installation of RPM and scripts
# network : Network parameters
# ACC : ALCASAR Control Center installation
20,14 → 21,14
# time_server : NTPd configuration
# init_db : Initilization of radius database managed with MariaDB
# freeradius : FreeRadius initialisation
# chilli : coovachilli initialisation (+authentication page)
# chilli : Coovachilli initialisation (+authentication page)
# e2guardian : E2Guardian filtering HTTP proxy configuration
# antivirus : clamav & freshclam configuration
# ulogd : log system in userland (match NFLOG target of iptables)
# antivirus : Clamav & freshclam configuration
# ulogd : Log system in userland (match NFLOG target of iptables)
# nfsen : Configuration of Netflow grapher (nfsen) & netflow collector (nfcapd)
# unbound : Name server configuration
# dnsmasq : Name server configuration (for whitelist ipset support)
# vnstat : little network stat daemon
# vnstat : Little network stat daemon
# BL : Adaptation of Toulouse University BlackList : split into 3 BL (for unbound, for e2guardian and for Netfilter)
# cron : Logs export + watchdog + connexion statistics
# fail2ban : Fail2ban IDS installation and configuration
34,6 → 35,7
# gammu_smsd : Autoregister addon via SMS (gammu-smsd)
# msec : Mageia security package configuration
# letsencrypt : Let's Encrypt client
# mail_service : Mail service for email authentification method
# post_install : Security, log rotation, etc.
DEBUG_ALCASAR='off'; export DEBUG_ALCASAR # Debug mode = wait (hit key) after each function
104,13 → 106,13
} # End of header_install()
########################################################
## Function "testing_system" ##
## "system_testing" ##
## - Test Mageia version ##
## - Test ALCASAR version (if already installed) ##
## - Test free space on /var (>10G) ##
## - Test Internet access ##
########################################################
testing_system()
system_testing()
{
# Test of Mageia version
# extract the current Mageia version and hardware architecture (i586 ou X64)
222,13 → 224,13
fi
exit 0
fi
} # End of testing_system
} # End of system_testing
########################################################
## Function "testing_network" ##
## - Test Internet access ##
## "network_testing" ##
## - Internet access test ##
########################################################
testing_network()
network_testing()
{
# Detect external/internal interfaces
if [ -z "$EXTIF" ]; then
393,10 → 395,10
exit 1
fi
echo ". : ok"
} # End of testing_network()
} # End of network_testing()
#######################################################################
## Function "init" ##
## "init" ##
## - Creation of ALCASAR conf file "/usr/local/etc/alcasar.conf ##
## - Creation of random password for GRUB, mariadb (admin and user) ##
#######################################################################
472,7 → 474,7
} # End of init()
#########################################################
## Function "network" ##
## "network" ##
## - Define the several network address ##
## - Define the DNS naming ##
## - INTIF parameters (consultation network) ##
753,7 → 755,7
} # End of network()
##################################################################
## Fonction "CA" ##
## "CA" ##
## - Creating the CA and the server certificate (lighttpd) ##
##################################################################
CA()
769,13 → 771,13
chmod 644 /etc/pki/tls/certs/* # "freshclam" need to access to that bundle
} # End of CA()
###################################################
## Function "ACC" ##
## - copy ALCASAR Control Center (ACC) files ##
## - configuration of the web server (Lighttpd) ##
## - creation of the first ACC admin account ##
## - secure the ACC access ##
###################################################
######################################################
## "ACC" ##
## - copy ALCASAR Control Center (ACC) files ##
## - configuration of the web server (Lighttpd) ##
## - creation of the first ACC admin account ##
## - secure the ACC access ##
######################################################
ACC()
{
[ -d $DIR_WEB ] && rm -rf $DIR_WEB
891,7 → 893,7
} # End of ACC()
#############################################################
## Function "time_server" ##
## "time_server" ##
## - Configuring NTP server ##
#############################################################
time_server()
922,7 → 924,7
} # End of time_server()
#####################################################################
## Function "init_db" ##
## "init_db" ##
## - Mysql initialization ##
## - Set admin (root) password ##
## - Remove unused users & databases ##
975,7 → 977,7
} # End of init_db()
###################################################################
## Function "freeradius" ##
## "freeradius" ##
## - Set the configuration files ##
## - Set the shared secret between coova-chilli and freeradius ##
## - Adapt the Mysql conf file and counters ##
1061,7 → 1063,7
} # End of freeradius()
#############################################################################
## Function "chilli" ##
## "chilli" ##
## - Creation of the conf file and init file (systemd) for coova-chilli ##
## - Adapt the authentication web page (intercept.php) ##
#############################################################################
1262,7 → 1264,7
} # End of chilli()
################################################################
## Function "e2guardian" ##
## "e2guardian" ##
## - Set the parameters of this HTML proxy (as controler) ##
################################################################
e2guardian()
1373,7 → 1375,7
} # End of e2guardian()
##################################################################
## Function "antivirus" ##
## "antivirus" ##
## - Set the parameters of clamav and freshclam ##
##################################################################
antivirus()
1408,7 → 1410,7
} # End of antivirus()
##############################################################
## function "ulogd" ##
## "ulogd" ##
## - Ulog config for multi-log files ##
##############################################################
ulogd()
1436,7 → 1438,7
} # End of ulogd()
##########################################################
## Function "nfsen" ##
## "nfsen" ##
## - configure NetFlow collector (nfcapd) ##
## - configure NetFlow grapher (nfsen-ng) ##
##########################################################
1475,17 → 1477,17
} # End of nfsen()
###########################################################
## Function "vnstat" ##
## "vnstat" ##
## - Initialization of vnstat and vnstat-dashboard ##
###########################################################
vnstat()
{
# vnstat
# vnstat
[ -e /etc/vnstat.conf.default ] || cp /etc/vnstat.conf /etc/vnstat.conf.default
$SED "s?^Interface.*?Interface \"$EXTIF\"?g" /etc/vnstat.conf
$SED "s?^DatabaseDir.*?DatabaseDir /var/log/vnstat?g" /etc/vnstat.conf
$SED "s?^MaxBandwidth.*?MaxBandwidth 10000?g" /etc/vnstat.conf
# vnstat-dashboard
# vnstat-dashboard
$SED "s?^\$thisInterface.*?\$thisInterface = \"$EXTIF\";?" $DIR_ACC/manager/vnstat/index.php
cp /lib/systemd/system/vnstat.service /etc/systemd/system/vnstat.service
$SED "s?^PIDFile=.*?PIDFile=/run/vnstat/vnstat.pid?g" /etc/systemd/system/vnstat.service
1492,7 → 1494,7
} # End of vnstat()
###################################################################
## Function "dnsmasq" ##
## "dnsmasq" ##
## - creation of the conf files of dnsmasq (whitelist for ipset )##
###################################################################
dnsmasq()
1517,7 → 1519,8
server=$DNS1
server=$DNS2
EOF
# Don't run dnsmasq service. Create dnsmasq-whitelist unit
# Don't run dnsmasq service. Create dnsmasq-whitelist unit
systemctl disable dnsmasq.service
cp -f /lib/systemd/system/dnsmasq.service /etc/systemd/system/dnsmasq-whitelist.service
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /etc/systemd/system/dnsmasq-whitelist.service
1525,7 → 1528,7
} # End of dnsmasq()
#########################################################
## Function "unbound" ##
## "unbound" ##
## - create the conf files for 4 unbound services ##
## - create the systemd files for 4 unbound services ##
#########################################################
1689,7 → 1692,6
include: /etc/unbound/conf.d/common/local-dns/*
include: /etc/unbound/conf.d/blackhole/*
EOF
cp /lib/systemd/system/unbound.service /etc/systemd/system/unbound.service
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/unbound -d -c /etc/unbound/unbound.conf?g" /etc/systemd/system/unbound.service
$SED "s?^After=.*?After=syslog.target network-online.target chilli.service?g" /etc/systemd/system/unbound.service
1703,7 → 1705,7
} # End of unbound()
##################################################
## Function "dhcpd" ##
## "dhcpd" ##
##################################################
dhcpd()
{
1722,7 → 1724,7
} # End of dhcpd()
##########################################################
## Function "BL" ##
## "BL" ##
## - copy & adapt Toulouse BL to ALCASAR architecture ##
## - domain names for unbound-bl & unbound-wl ##
## - URLs for E²guardian ##
1731,7 → 1733,7
##########################################################
BL()
{
# copy the Toulouse university BL in order to be adapted to ALCASAR architecture (alcasar-bl.sh -adapt)
# copy the Toulouse university BL in order to be adapted to ALCASAR architecture (alcasar-bl.sh -adapt)
rm -rf $DIR_DG/lists/blacklists
mkdir -p /tmp/blacklists
cp $DIR_BLACKLIST/blacklists.tar.gz /tmp/blacklists/
1760,7 → 1762,7
} # End of BL()
#######################################################
## Function "cron" ##
## "cron" ##
## - write all cron & anacron files ##
#######################################################
cron()
1851,7 → 1853,7
} # End of cron()
########################################################################
## Fonction "Fail2Ban" ##
## "Fail2Ban" ##
##- Adapt conf file to ALCASAR ##
##- Secure items : DDOS, SSH-Brute-Force, Intercept & ACC brute-Force ##
########################################################################
1858,12 → 1860,12
fail2ban()
{
# adapt fail2ban to Mageia (fedora like) & ALCASAR behaviour
[ -e /etc/fail2ban/jail.conf.default ] || cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.default
$SED "s?^before =.*?before = paths-fedora.conf?g" /etc/fail2ban/jail.conf
[ -e /etc/fail2ban/jail.conf.default ] || cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.default
$SED "s?^before =.*?before = paths-fedora.conf?g" /etc/fail2ban/jail.conf
# add 5 jails and their filters
## sshd : Ban after 3 failed attempts (ie. brute-force). This "jail" uses the default "sshd" f2b filter.
cat << EOF > /etc/fail2ban/jail.d/01-alcasar_sshd.conf
cat << EOF > /etc/fail2ban/jail.d/01-alcasar_sshd.conf
[sshd]
enabled = true
#enabled = false
1873,7 → 1875,7
EOF
## lighttpd-auth : Ban after 3 failed attempts on ACC. This "jail" uses the default "lighttpd-auth" f2b filter.
cat << EOF > /etc/fail2ban/jail.d/02-alcasar_lighttpd-auth.conf
cat << EOF > /etc/fail2ban/jail.d/02-alcasar_lighttpd-auth.conf
[lighttpd-auth]
enabled = true
#enabled = false
1883,7 → 1885,7
EOF
## mod-evasive : Ban after 3 failed retrieve page attempts (ie : unknown page)
cat << EOF > /etc/fail2ban/jail.d/03-alcasar_mod-evasive.conf
cat << EOF > /etc/fail2ban/jail.d/03-alcasar_mod-evasive.conf
[alcasar_mod-evasive]
#enabled = true
enabled = false
1895,7 → 1897,7
bantime = 3m
findtime = 3m
EOF
cat << EOF > /etc/fail2ban/filter.d/alcasar_mod-evasive.conf
cat << EOF > /etc/fail2ban/filter.d/alcasar_mod-evasive.conf
[Definition]
failregex = <HOST> .+\] "[^"]+" 403
ignoreregex =
1902,7 → 1904,7
EOF
### alcasar_intercept : ban after 5 failed user login attemps on intercept.php
cat << EOF > /etc/fail2ban/jail.d/04-alcasar_intercept.conf
cat << EOF > /etc/fail2ban/jail.d/04-alcasar_intercept.conf
[alcasar_intercept]
enabled = true
#enabled = false
1914,7 → 1916,7
bantime = 3m
findtime = 3m
EOF
cat << EOF > /etc/fail2ban/filter.d/alcasar_intercept.conf
cat << EOF > /etc/fail2ban/filter.d/alcasar_intercept.conf
[Definition]
failregex = <HOST> .* \"GET \/intercept\.php\?res=failed\&reason=reject
ignoreregex =
1921,7 → 1923,7
EOF
## alcasar_change-pwd : ban after 5 failed user change password attempts
cat << EOF > /etc/fail2ban/jail.d/05-alcasar_change-pwd.conf
cat << EOF > /etc/fail2ban/jail.d/05-alcasar_change-pwd.conf
[alcasar_change-pwd]
enabled = true
#enabled = false
1933,7 → 1935,7
bantime = 3m
findtime = 3m
EOF
cat << EOF > /etc/fail2ban/filter.d/alcasar_change-pwd.conf
cat << EOF > /etc/fail2ban/filter.d/alcasar_change-pwd.conf
[Definition]
failregex = <HOST> .* \"POST \/password\.php
ignoreregex =
1946,17 → 1948,17
chmod 644 $DIR_SAVE/security/watchdog.log
/usr/bin/touch /var/log/auth.log
# fail2ban unit
cp /lib/systemd/system/fail2ban.service /etc/systemd/system/fail2ban.service
$SED '/ExecStart=/a\ExecStop=/usr/bin/fail2ban-client stop' /etc/systemd/system/fail2ban.service
$SED '/Type=/a\PIDFile=/run/fail2ban/fail2ban.pid' /etc/systemd/system/fail2ban.service
$SED '/After=*/c After=syslog.target network.target lighttpd.service' /etc/systemd/system/fail2ban.service
cp /lib/systemd/system/fail2ban.service /etc/systemd/system/fail2ban.service
$SED '/ExecStart=/a\ExecStop=/usr/bin/fail2ban-client stop' /etc/systemd/system/fail2ban.service
$SED '/Type=/a\PIDFile=/run/fail2ban/fail2ban.pid' /etc/systemd/system/fail2ban.service
$SED '/After=*/c After=syslog.target network.target lighttpd.service' /etc/systemd/system/fail2ban.service
} # End of fail2ban()
#########################################################
## Fonction "gammu_smsd" ##
## - Creating of SMS management database ##
## - Write the gammu a gammu_smsd conf files ##
#########################################################
########################################################
## "gammu_smsd" ##
## - Creating of SMS management database ##
## - Write the gammu a gammu_smsd conf files ##
########################################################
gammu_smsd()
{
# Create 'gammu' system user
2041,18 → 2043,18
} # End of gammu_smsd()
############################################################
## Fonction "msec" ##
## - Apply the "fileserver" security level ##
## - remove the "system request" for rebooting ##
## - Fix several file permissions ##
############################################################
########################################################
## "msec" ##
## - Apply the "fileserver" security level ##
## - remove the "system request" for rebooting ##
## - Fix several file permissions ##
########################################################
msec()
{
# Apply fileserver security level
[ -e /etc/security/msec/security.conf.default ] || cp /etc/security/msec/security.conf /etc/security/msec/security.conf.default
echo "BASE_LEVEL=fileserver" > /etc/security/msec/security.conf
[ -e /etc/security/msec/security.conf.default ] || cp /etc/security/msec/security.conf /etc/security/msec/security.conf.default
echo "BASE_LEVEL=fileserver" > /etc/security/msec/security.conf
# Set permissions monitoring and enforcement
cat <<EOF > /etc/security/msec/perm.local
2077,8 → 2079,8
/var/lib/clamav/ e2guardian.e2guardian 755 force
EOF
# apply now hourly & daily checks
/usr/sbin/msec
/etc/cron.weekly/msec
/usr/sbin/msec
/etc/cron.weekly/msec
} # End of msec()
2090,9 → 2092,9
letsencrypt()
{
echo "Installing Let's Encrypt client..."
# Remove potential old installers
# Remove potential old installers
rm -rf /tmp/acme.sh-*
# Extract acme.sh
# Extract acme.sh
tar xzf ./conf/letsencrypt-client/acme.sh-*.tar.gz -C /tmp/
pwdInstall=$(pwd)
cd /tmp/acme.sh-* || { echo "Unable to find ACME directory"; exit 1; }
2099,7 → 2101,7
acmesh_installDir="/opt/acme.sh"
acmesh_confDir="/usr/local/etc/letsencrypt"
acmesh_userAgent="ALCASAR"
# Install acme.sh
# Install acme.sh
./acme.sh --install \
--home $acmesh_installDir \
--config-home $acmesh_confDir/data \
2112,7 → 2114,7
if [ $? -ne 0 ]; then
echo "Error during installation of Let's Encrypt client (acme.sh)."
fi
# Create configuration file
# Create configuration file
cat <<EOF > /usr/local/etc/alcasar-letsencrypt
email=
dateIssueRequest=
2127,6 → 2129,27
} # End of letsencrypt()
##################################################################
## "mail_service" ##
## - Install mail service for email registration method ##
##################################################################
mail_service()
{
[ -e /etc/postfix/main.cf.default ] || cp /etc/postfix/main.cf /etc/postfix/main.cf.default
cat << EOT >> /etc/postfix/main.cf
myhostname = $HOSTNAME.$DOMAIN
# Enable SASL authentication
smtp_sasl_auth_enable = yes
# Disallow methods that allow anonymous authentication
smtp_sasl_security_options = noanonymous
# Location of sasl_passwd
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
EOT
# postfix banner anonymisation
$SED "s?^smtpd_banner =.*?smtpd_banner = \$myhostname ESMTP?g" /etc/postfix/main.cf
chown -R postfix:postfix /var/lib/postfix
} # end of mail_service
##################################################################
## Fonction "post_install" ##
## - Modifying banners (locals et ssh) & prompts ##
## - SSH config ##
2148,10 → 2171,6
# sshd authorized certificate for root login
$SED "s?^PermitRootLogin.*?PermitRootLogin without-password?g" /etc/ssh/sshd_config
$SED "s?^X11Forwarding.*?#X11Forwarding yes?g" /etc/ssh/sshd_config
# postfix banner anonymisation
$SED "s?^smtpd_banner =.*?smtpd_banner = \$myhostname ESMTP?g" /etc/postfix/main.cf
chown -R postfix:postfix /var/lib/postfix
# ALCASAR conf file
echo "HTTPS_LOGIN=off" >> $CONF_FILE
echo "HTTPS_CHILLI=off" >> $CONF_FILE
2353,7 → 2372,7
exit 0
;;
-i | --install)
for func in license testing_system testing_network
for func in license system_testing network_testing
do
header_install
$func
2440,7 → 2459,7
fi
mode="update"
fi
for func in init network CA ACC time_server init_db freeradius chilli e2guardian antivirus ulogd nfsen vnstat dnsmasq unbound dhcpd BL cron fail2ban gammu_smsd msec letsencrypt post_install
for func in init network CA ACC time_server init_db freeradius chilli e2guardian antivirus ulogd nfsen vnstat dnsmasq unbound dhcpd BL cron fail2ban gammu_smsd msec letsencrypt mail_service post_install
do
$func
if [ $DEBUG_ALCASAR == "on" ]

/conf/etc/alcasar-mail.conf
0,0 → 1,8
MAIL=
TYPE_MAIL=
smtpIP="0.0.0.0/0"
port=
smtp=
mailAddr=
whiteDomain=
adminMail=

/conf/sudoers
13,7 → 13,7
User_Alias SMS=gammu_smsd # gammu-smsd owner
# Cmnd alias specification
Cmnd_Alias NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/bin/alcasar-dhcp.sh,/usr/local/bin/alcasar-dns-local.sh,/usr/local/bin/alcasar-network.sh,/usr/local/bin/alcasar-list-ip_gw.sh # network commands
Cmnd_Alias NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/bin/alcasar-dhcp.sh,/usr/local/bin/alcasar-dns-local.sh,/usr/local/bin/alcasar-network.sh,/usr/local/bin/alcasar-list-ip_gw.sh # network commands
Cmnd_Alias URPMI=/usr/sbin/urpmi,/usr/sbin/urpmi.update # packages managment
Cmnd_Alias BYPASS=/usr/local/bin/alcasar-bypass.sh # authentication bypass
Cmnd_Alias RADDB=/usr/bin/radwho,/usr/sbin/chilli_query # manage users in command line
32,6 → 32,7
Cmnd_Alias LDAP=/usr/local/bin/alcasar-ldap.sh # enable/disable LDAP connection
Cmnd_Alias IOT_CAPTURE=/usr/local/bin/alcasar-iot_capture.sh # enable/disable raw capture of Iot (pcap) --> in activity ACC page
Cmnd_Alias WIFI4EU=/usr/local/bin/alcasar-wifi4eu.sh # enable/disable wifi4eu integration (logo + snippet)
Cmnd_Alias MAIL_SERVICE=/usr/bin/bash,/usr/local/bin/alcasar-mail-install-V2.sh,/usr/local/bin/alcasar-iptables.sh,/usr/local/etc/alcasar-iptables-local.sh # Service mail commands to execute with web server
# Defaults specification
# Defaults syslog=auth
51,6 → 52,6
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
ADMWEB LAN_ORG=(root) NOPASSWD: NET,SYSTEM_BACKUP,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,GAMMU,SSL,HTDIGEST,LOG_GEN,LDAP,IOT_CAPTURE,WIFI4EU
ADMWEB LAN_ORG=(root) NOPASSWD: NET,SYSTEM_BACKUP,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,GAMMU,SSL,HTDIGEST,LOG_GEN,LDAP,IOT_CAPTURE,WIFI4EU,MAIL_SERVICE
ADMIN LAN_ORG=(root) NOPASSWD: NET,URPMI,BYPASS,SYSTEM_BACKUP,SQL,EXPORT,SERVICE,SSL
SMS LAN_ORG=(root) NOPASSWD: GAMMU

/rpms/rpm-build-howto
9,7 → 9,7
This howto explains how to build RPM of these programs in order to keep the distribution clean
The compilation options are set in /etc/rpm/macro.d/*
The .spec & RPM can be test check with the tool "rpmlint"
The .spec & RPM can be test with the tool "rpmlint"
**** Prepare the RPM creation structure ***
- upadate your system : urpmi --auto-update

/scripts/alcasar-mail-install-V2.sh
0,0 → 1,93
#!/bin/bash
##############################################################################################################################
##
## ALCASAR SERVICE MAIL INSTALL
##
## Script by joss_p
## V 1.0 Dec 2021.
## This script configure the mail conf file and execute the fonfiguration from the acc.
##
##
##############################################################################################################################
#. /usr/local/etc/alcasar-mail.conf
saslPath="/etc/postfix/sasl"
smtpIP="0.0.0.0/0"
if [[ ${#} -ne 0 ]]
then
while getopts ":s:p:r:m:o:a:w:123" option
do
case $option in
1)
TYPE_MAIL=1
;;
2)
TYPE_MAIL=2
;;
3)
TYPE_MAIL=3
;;
s)
smtp=$OPTARG
;;
p)
port=$OPTARG
;;
r)
smtpIP=$OPTARG
;;
m)
mailAddr=$OPTARG
;;
o)
mailMdp=$OPTARG
;;
a)
adminMail=$OPTARG
;;
w)
whiteDomain=$OPTARG
;;
:)
echo "L'option $OPTARG requiert un argument"
exit 1
;;
\?)
echo "$OPTARG : option invalide"
exit 1
;;
esac
done
fi
if [[ $TYPE_MAIL -eq 2 ]]; then
echo "relayhost = [${smtp}]:${port}" >> /etc/postfix/main.cf
elif [[ $TYPE_MAIL -eq 3 ]]; then
echo "relayhost = [${smtp}]:${port}" >> /etc/postfix/main.cf
[ -d ${saslPath} ] || mkdir ${saslPath}
echo "[${smtp}]:${port} ${mailAddr}:${mailMdp}" > ${saslPath}/sasl_passwd
postmap ${saslPath}/sasl_passwd
chmod -R 777 ${saslPath}
#chown root:root ${saslPath}/sasl_passwd*
#chmod 0600 ${saslPath}/sasl_passwd*
else
echo "Erreur ! Aucun type de messagerie sélectionné !"
exit 0
fi
old_smtpIP=`grep "SMTP_IP=" /usr/local/etc/alcasar-iptables-local.sh | cut -d "'" -f2`
old_port=`grep "SMTP_PORT=" /usr/local/etc/alcasar-iptables-local.sh | cut -d "=" -f2 | cut -f1`
sed -ie "/SMTP_IP=/ s@${old_smtpIP}@${smtpIP}@" /usr/local/etc/alcasar-iptables-local.sh
sed -ie "/SMTP_PORT=/ s/${old_port}/${port}/" /usr/local/etc/alcasar-iptables-local.sh
sed -ie "/SMTP_IP=/ s/^#//" /usr/local/etc/alcasar-iptables-local.sh
sed -ie "/SMTP_PORT/ s/^#//g" /usr/local/etc/alcasar-iptables-local.sh
#chmod 740 /usr/local/etc/alcasar-iptables-local.sh
#chmod 700 /usr/local/bin/alcasar-iptables.sh
bash /usr/local/bin/alcasar-iptables.sh
exit 0
Property changes:
Added: svn:eol-style
+native
\ No newline at end of property
Added: svn:executable
+*
\ No newline at end of property

/scripts/alcasar-rpm.sh
4,8 → 4,8
# by 3abtux and Rexy
# This script is distributed under the Gnu General Public License (GPL)
# script de mise en place des dépots RPM
# configure the RPM repository
# script de mise en place des dépots RPM + installation des RPM complémentaires
# configure the RPM repository + complementary RPM installation
Lang=`echo $LANG|cut -c 1-2`
SED="/bin/sed -i"
19,8 → 19,9
# "lsscsi" & nvme-cli" : needed by phpsysinfo
# "socat" : avoid a warning when run the install script of letsencrypt ("acme.sh")
# "sudo" : needed after a reinstallation (to be investigated)
# "clamav + clamav-db" : needed because of a lack of mutual dependance
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamav clamav-db clamd fail2ban gnupg2 ulogd pm-fallback-policy ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat"
# "clamav" + "clamav-db" : needed because of a lack of mutual dependance
# "postfix" + "cyrus-sasl" : email registration method
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamav clamav-db clamd fail2ban gnupg2 ulogd pm-fallback-policy ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat postfix cyrus-sasl"
rpm_repository_sync ()
{
76,11 → 77,13
# Set the RPM repository (if not already set)
ACTIVE_REPO=`cat /etc/urpmi/urpmi.cfg|grep "mageia.org"|wc -l`
MIRROR_NBR=2
MIRROR_NBR=3
# For French
MIRRORLIST1="http://ftp.free.fr/mirrors/mageia.org/distrib/$VERSION/$ARCH"
# For Europeans
MIRRORLIST1="https://www.mirrorservice.org/pub/mageia/distrib/$VERSION/$ARCH"
# For International install
MIRRORLIST2="https://mirrors.mageia.org/api/mageia.$VERSION.$ARCH.list"
MIRRORLIST2="https://www.mirrorservice.org/pub/mageia/distrib/$VERSION/$ARCH"
# For everybody
MIRRORLIST3="https://mirrors.mageia.org/api/mageia.$VERSION.$ARCH.list"
try_nb="0"; nb_repository="0"
while [ "$nb_repository" != "4" ]
do

/web/acc/admin/mail.php
0,0 → 1,508
<?php
# $Id: mail.php 2853 2020-07-19 21:50:07Z joss_p $
/* written by Joss_p */
/****************************************************************
* GLOBAL FILE PATHS *
*****************************************************************/
define('CONF_FILE', '/usr/local/etc/alcasar-mail.conf');
/****************************************************************
* FILE reading test *
*****************************************************************/
$conf_files = array(CONF_FILE);
foreach ($conf_files as $file) {
if (!file_exists($file)) {
exit("Fichier $file non présent");
}
if (!is_readable($file)) {
exit("Vous n'avez pas les droits de lecture sur le fichier $file");
}
}
/****************************************************************
* Read CONF_FILE *
*****************************************************************/
$file_conf = fopen(CONF_FILE, 'r');
if (!$file_conf) {
exit('Error opening the file '.CONF_FILE);
}
while (!feof($file_conf)) {
$buffer = fgets($file_conf, 4096);
if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) {
$tmp = explode('=', $buffer, 2);
$conf[trim($tmp[0])] = trim($tmp[1]);
}
}
fclose($file_conf);
/****************************************************************
* Choice of language *
*****************************************************************/
$Language = 'en';
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
$Langue = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
$Language = strtolower(substr(chop($Langue[0]), 0, 2));
}
if ($Language === 'fr') {
$l_ldap_update = "Mise à jour des paramètres LDAP effectuée";
$l_mail_title = "Authentification externe : Adresse mail";
$l_ldap_legend = "Authentification LDAP";
$l_mail_auth_enable_label = "Activer l'authentification par mail :";
$l_mail_YES = "OUI";
$l_mail_NO = "NON";
$l_ldap_server_label = "Serveur LDAP:";
$l_ldap_server_text = "Adresse IP du serveur";
$l_ldap_base_dn_label = "DN de la base:";
$l_ldap_base_dn_text = "Le DN (Distinguished Name) définit où se situent les informations des utilisateurs dans l'annuaire.<br> - Exemple LDAP: 'o=mycompany, c=FR'.<br> - Exemple AD 'cn=Users,dc=server_name,dc=localdomain'";
$l_ldap_uid_label = "Identifiant d'utilisateur (UID):";
$l_ldap_uid_text = "Clé utilisée pour rechercher un identifiant de connexion.<br> - Exemple LDAP: 'uid', 'sn', etc.<br> - Pour A.D. mettre 'sAMAccountName'.";
$l_ldap_base_filter_label = "Filtre de recherche des utilisateurs (optionnel):";
$l_ldap_base_filter_text = "Vous pouvez limiter les objets recherchés avec des filtres additionnels.<br> Exemple 'objectClass=posixGroup' ajouterait le filtre '(&amp;(uid=username)(objectClass=posixGroup))'";
$l_ldap_user_label = "CN de l'utilisateur exploité par ALCASAR:";
$l_ldap_user_text = "CN=Common Name. Laissez vide pour utiliser un accès invité (ou anonyme). Obligatoire sur un AD.<br> - Exemple LDAP : 'uid=username,ou=my_lan,o=mycompany,c=FR'.<br> - Exemple AD : 'username' ou 'cn=username,cn=Users,dc=server_name,dc=localdomain'";
$l_ldap_password_label = "Mot de passe:";
$l_ldap_password_text = "Laissez vide pour un accès invité (ou anonyme). Obligatoire sur un AD.";
$l_ldap_ssl_label = "Connexion chiffré";
$l_mail_type_text = "Utiliser une connexion chiffré avec SSL (LDAPS)";
$l_ldap_cert_required_label = "Vérifier le certificat SSL";
$l_ldap_cert_required_text = "Vérifier que le serveur LDAP utilise un certificat connu";
$l_ldap_cert_label = "Certificat SSL (CA)";
$l_ldap_cert_text = "Certificat de l'authorité de certification signant celui du serveur LDAP";
$l_ad_dns_domain_label = "Nom de domaine interne";
$l_ad_dns_domain_text = "Nom de domaine qui sera redirigé vers le serveur DNS de l'annuaire LDAP (vide pour désactivé)";
$l_ldap_cert_status_cur = "Certificat actuel : ";
$l_ldap_cert_status_no = "Aucun certificat installé";
$l_mail_submit = "Enregistrer";
$l_ldap_test_service_failed = "Service LDAP injoignable sur ce serveur (vérifiez l'@IP).";
$l_ldap_test_service_ok = "Un port 389 (636 avec SSL) est actif sur ce serveur";
$l_ldap_test_connection_failed = "Connexion LDAP impossible (vérifiez le service LDAP sur ce serveur)";
$l_ldap_test_connection_ok = "Une connexion LDAP a été établie";
$l_ldap_test_bind_failed = "Echec d'authentification (vérifiez l'utilisateur et le mot de passe)";
$l_ldap_test_bind_ok = "L'authentification a réussie";
$l_ldap_test_dn_failed = "Le DN de la base semble incorrect (vérifiez le)";
$l_ldap_test_dn_ok = "Le DN de la base semble correct";
$l_ldap_error = "erreur LDAP";
$l_ldap_entries = "entrées dans la base";
$l_ldap_cert_cn_diff_dn = "Le CommonName du certificat (§cert_domainName§) est différent du nom de domaine du serveur";
$l_check = "Vérifier cette configuration";
$l_checkingConf = "Vérification de cette configuration...";
} else {
$l_ldap_update = "LDAP settings updated";
$l_mail_title = "External authentication : Address mail";
$l_ldap_legend = "LDAP authentication";
$l_mail_auth_enable_label = "Enable email authentication :";
$l_mail_YES = "YES";
$l_mail_NO = "NO";
$l_ldap_server_label = "LDAP server :";
$l_ldap_server_text = "IP address of the LDAP server.";
$l_ldap_base_dn_label = "DN of the base:";
$l_ldap_base_dn_text = "The DN (Distinguished Name) is used to locate the users information in the directory.<br> e.g. LDAP : 'o=MyCompany,c=US'.<br> e.g. AD : 'cn=Users,dc=server_name,dc=localdomain'";
$l_ldap_uid_label = "User IDentifier (UID):";
$l_ldap_uid_text = "Key used to search for a given login identity.<br>e.g. 'uid', 'sn', etc.. For AD use 'sAMAccountName'.";
$l_ldap_base_filter_label = "User search filter (optional):";
$l_ldap_base_filter_text = "You can further limit the searched objects with additional filters.<br> For example 'objectClass=posixGroup' would result in the use of '(&amp;(uid=username)(objectClass=posixGroup))'";
$l_ldap_user_label = "CN of the user operated by ALCASAR:";
$l_ldap_user_text = "CN=Common Name. Leave blank to use anonymous binding. Mandatory for AD.<br> e.g. LDAP :'uid=Username,ou=my_lan,o=mycompany,c=US'.<br> e.g. AD : 'username' or 'cn=username,cn=Users,dc=server_name,dc=localdomain'";
$l_ldap_password_label = "Password:";
$l_ldap_password_text = "Leave blank to use anonymous binding. Mandatory for AD.";
$l_ldap_ssl_label = "Secure connection";
$l_mail_type_text = "Use an encrypted connection with SSL (LDAPS)";
$l_ldap_cert_required_label = "Check the SSL certificate";
$l_ldap_cert_required_text = "Verify that the LDAP server uses a trusted certificate";
$l_ldap_cert_label = "SSL certificate (CA)";
$l_ldap_cert_text = "Certificate of the certification authority that signed the LDAP server certificate";
$l_ad_dns_domain_label = "Internal domain name";
$l_ad_dns_domain_text = "Domain name that will be forwarded to the DNS server of the LDAP directory (empty for disabled)";
$l_ldap_cert_status_cur = "Current certificate:";
$l_ldap_cert_status_no = "No certificate imported";
$l_mail_submit = "Save";
$l_ldap_test_service_failed = "LDAP service is not reachable on that server (check IP)";
$l_ldap_test_service_ok = "A port 389 (636 with SSL) is open on this server";
$l_ldap_test_connection_failed = "LDAP connexion failed (check the LDAP service on this server)";
$l_ldap_test_connection_ok = "A LDAP connexion is established";
$l_ldap_test_bind_failed = "LDAP authentication failed (check the LDAP user and password)";
$l_ldap_test_bind_ok = "Successful authentication";
$l_ldap_test_dn_failed = "DN of the base seems to be wrong (check it)";
$l_ldap_test_dn_ok = "DN of the base seems to be ok";
$l_ldap_error = "LDAP error";
$l_ldap_entries = "entries in the base";
$l_ldap_cert_cn_diff_dn = "Certificate CommonName (§cert_domainName§) is different from the server domain name";
$l_check = "Check this config";
$l_checkingConf = "Checking this configuration...";
}
// Mail configuration params
$mail_status = $conf['MAIL'];
$mail_type = $conf['TYPE_MAIL'];
$mail_address_mail = $conf['mailAddr'];
$mail_smtp = $conf['smtp'];
$mail_port = $conf['port'];
$mail_address_ip = $conf['mailIP'];
$mail_server = "";
$mail_password_mail = "";
$mail_password_mail_2 = "";
$admin_address = $conf['adminMail'];
$mail_whitelist = $conf['whiteDomain'];
if(isset($_POST['submit'])){
if($_POST['auth_enable'] === '1')
{
exec("systemctl start postfix");
$mail_status = $_POST['auth_enable'];
$mail_type = $_POST['mail_type'];
$mail_address = $_POST['mail_address'];
$mail_ip = $_POST['mail_ip'];
$mail_server = $_POST['mail_server'];
$mail_mdp = $_POST['mail_mdp'];
$mail_mdp2 = $_POST['mail_mdp2'];
$admin_enable = $_POST['admin_enable'];
$admin_address = $_POST['admin_address'];
$mail_whitelist = $_POST['mail_whitelist'];
exec("cp /var/www/mail/header.php /var/www/html");
exec("cp /var/www/mail/inscription.php /var/www/html");
exec("cp /var/www/mail/inscription_traitement.php /var/www/html");
exec("cp /var/www/html/acc/admin/services.php /var/www/html/acc/admin/services.php.origin");
exec("cp /var/www/mail/services.php /var/www/html/acc/admin");
if ($mail_mdp == $mail_mdp2) {
switch ($mail_server) {
case '1':
$mail_smtp = "smtp.orange.fr";
$mail_port = 465;
break;
case '2':
$mail_smtp = "smtp.live.com";
$mail_port = 587;
break;
case '3':
$mail_smtp = "smtp.office365.com";
$mail_port = 587;
break;
case '4':
$mail_smtp = "smtp.sfr.fr";
$mail_port = 465;
break;
case '5':
$mail_smtp = "smtp.free.fr";
$mail_port = 465;
break;
case '6':
$mail_smtp = "smtp.gmail.com";
$mail_port = 587;
break;
case '7':
$mail_smtp = "smtp.laposte.net";
$mail_port = 465;
break;
case '8':
$mail_smtp = "smtp.bbox.fr";
$mail_port = 587;
break;
default:
echo "Erreur dans la saisie !";
break;
}
file_put_contents(CONF_FILE, str_replace('MAIL='.$conf['MAIL'],'MAIL='.$mail_status,file_get_contents(CONF_FILE)));
file_put_contents(CONF_FILE, str_replace('TYPE_MAIL='.$conf['TYPE_MAIL'],'TYPE_MAIL='.$mail_type,file_get_contents(CONF_FILE)));
file_put_contents(CONF_FILE, str_replace('mailAddr='.$conf['mailAddr'],'mailAddr='.$mail_address,file_get_contents(CONF_FILE)));
file_put_contents(CONF_FILE, str_replace('mailIP='.$conf['mailIP'],'mailIP='.$mail_ip,file_get_contents(CONF_FILE)));
file_put_contents(CONF_FILE, str_replace('smtp='.$conf['smtp'],'smtp='.$mail_smtp,file_get_contents(CONF_FILE)));
file_put_contents(CONF_FILE, str_replace('port='.$conf['port'],'port='.$mail_port,file_get_contents(CONF_FILE)));
file_put_contents(CONF_FILE, str_replace('whiteDomain='.$conf['mail_whitelist'],'whiteDomain='.$mail_whitelist,file_get_contents(CONF_FILE)));
if (isset($admin_address)) {
file_put_contents(CONF_FILE, str_replace('adminMail='.$conf['admin_address'],'adminMail='.$admin_address,file_get_contents(CONF_FILE)));
}
switch ($mail_type) {
case '1':
$mail_port = 25;
file_put_contents(CONF_FILE, str_replace('port='.$conf['port'],'port='.$mail_port,file_get_contents(CONF_FILE)));
if(isset($mail_admin)){
exec("sudo /usr/bin/bash /usr/local/bin/alcasar-mail-install-V2.sh -1 -a $admin_address -w $mail_whitelist");
}
else {
exec("sudo /usr/bin/bash /usr/local/bin/alcasar-mail-install-V2.sh -1 -w $mail_whitelist");
}
break;
case '2':
if(isset($mail_admin)){
exec("sudo /usr/bin/bash /usr/local/bin/alcasar-mail-install-V2.sh -2 -s $mail_smtp -p $mail_port -r $mail_ip -a $admin_address -w $mail_whitelist");
}
else {
exec("sudo /usr/bin/bash /usr/local/bin/alcasar-mail-install-V2.sh -2 -s $mail_smtp -p $mail_port -r $mail_ip -w $mail_whitelist");
}
break;
case '3':
if(isset($mail_admin)){
exec("sudo /usr/bin/bash /usr/local/bin/alcasar-mail-install-V2.sh -3 -s $mail_smtp -p $mail_port -m $mail_address -o $mail_mdp -a $admin_address -w $mail_whitelist");
}
else {
exec("sudo /usr/bin/bash /usr/local/bin/alcasar-mail-install-V2.sh -3 -s $mail_smtp -p $mail_port -m $mail_address -o $mail_mdp -w $mail_whitelist");
}
break;
default:
echo "Erreur dans la saisie !";
break;
}
}
else {
echo "Erreur";
}
}
else {
exec("cp -f /etc/postfix/main.cf.origin /etc/postfix/main.cf");
exec("rm -rf /etc/postfix/sasl/");
exec("cp -f /var/www/mail/alcasar-mail.conf /usr/local/etc/");
exec("systemctl restart postfix");
exec("systemctl stop postfix");
exec("sed -i '/SMTP_IP=/ s/^/#/g' /usr/local/etc/alcasar-iptables-local.sh");
exec("sed -i '/SMTP_PORT=/ s/^/#/g' /usr/local/etc/alcasar-iptables-local.sh");
exec("rm -f /var/www/html/header.php");
exec("rm -f /var/www/html/inscription.php");
exec("rm -f /var/www/html/inscription_traitement.php");
exec("cp -f /var/www/html/acc/admin/services.php.origin /var/www/html/acc/admin/services.php");
exec("sudo /usr/bin/bash /usr/local/bin/alcasar-iptables.sh");
}
header("Refresh:0");
exit;
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title><?= $l_mail_title ?></title>
<link type="text/css" href="/css/acc.css" rel="stylesheet">
<link type="text/css" href="/css/mail.css" rel="stylesheet">
<script>
function onMailStatusChange() {
var listToDisables1 = ['mail_type','admin_enable','admin_address','mail_whitelist'];
var listToDisables2 = ['mail_server','mail_type','admin_enable','admin_address','mail_whitelist','mail_ip'];
var listToDisables3 = ['mail_server','mail_mdp2','mail_mdp','mail_address','mail_type','admin_enable','admin_address','mail_whitelist'];
var formSubmit = document.querySelector('form input[type="submit"]');
var btn_checkConf = document.getElementById('btn-checkconf');
var isChecked = false;
if (document.getElementById('auth_enable').value === '1') {
for (var i=0; i<listToDisables1.length; i++) {
document.getElementById(listToDisables1[i]).style.backgroundColor = '#c0c0c0';
document.getElementById(listToDisables1[i]).disabled = true;
}
for (var i=0; i<listToDisables2.length; i++) {
document.getElementById(listToDisables2[i]).style.backgroundColor = '#c0c0c0';
document.getElementById(listToDisables2[i]).disabled = true;
}
for (var i=0; i<listToDisables3.length; i++) {
document.getElementById(listToDisables3[i]).style.backgroundColor = '#c0c0c0';
document.getElementById(listToDisables3[i]).disabled = true;
}
document.getElementById('mail_type').style.backgroundColor = null;
document.getElementById('mail_type').disabled = false;
if (document.getElementById('mail_type').value === '1') {
for (var i=0; i<listToDisables1.length; i++) {
document.getElementById(listToDisables1[i]).style.backgroundColor = null;
document.getElementById(listToDisables1[i]).disabled = false;
}
if (document.getElementById('admin_enable').value === '0') {
document.getElementById('admin_address').style.backgroundColor = '#c0c0c0';
document.getElementById('admin_address').disabled = true;
}
}
else if (document.getElementById('mail_type').value === '2') {
for (var i=0; i<listToDisables2.length; i++) {
document.getElementById(listToDisables2[i]).style.backgroundColor = null;
document.getElementById(listToDisables2[i]).disabled = false;
}
if (document.getElementById('admin_enable').value === '0') {
document.getElementById('admin_address').style.backgroundColor = '#c0c0c0';
document.getElementById('admin_address').disabled = true;
}
}
else if (document.getElementById('mail_type').value === '3') {
for (var i=0; i<listToDisables3.length; i++) {
document.getElementById(listToDisables3[i]).style.backgroundColor = null;
document.getElementById(listToDisables3[i]).disabled = false;
}
if (document.getElementById('admin_enable').value === '0') {
document.getElementById('admin_address').style.backgroundColor = '#c0c0c0';
document.getElementById('admin_address').disabled = true;
}
}
formSubmit.style.display = null;
btn_checkConf.style.display = 'none';
} else {
for (var i=0; i<listToDisables1.length; i++) {
document.getElementById(listToDisables1[i]).style.backgroundColor = '#c0c0c0';
document.getElementById(listToDisables1[i]).disabled = true;
}
for (var i=0; i<listToDisables2.length; i++) {
document.getElementById(listToDisables2[i]).style.backgroundColor = '#c0c0c0';
document.getElementById(listToDisables2[i]).disabled = true;
}
for (var i=0; i<listToDisables3.length; i++) {
document.getElementById(listToDisables3[i]).style.backgroundColor = '#c0c0c0';
document.getElementById(listToDisables3[i]).disabled = true;
}
formSubmit.style.display = null;
btn_checkConf.style.display = 'none';
}
}
</script>
</head>
<body onLoad="onMailStatusChange();">
<div class="panel">
<div class="panel-header"><?= "Authentication Mail" ?></div>
<div class="panel-body">
<form id="form-config_mail" name="config_mail" method="POST" action="<?= htmlspecialchars($_SERVER['PHP_SELF']) ?>" enctype="multipart/form-data">
<fieldset>
<legend>
<br>
<div style="text-align: center">
</div>
</legend>
<dl>
<dt>
<label for="auth_enable"><?= "Activer l'authentification par mail :" ?></label>
</dt>
<dd>
<select id="auth_enable" name="auth_enable" onchange="onMailStatusChange();">
<option value="1"<?= ($mail_status) ? ' selected="selected"' : '' ?>><?= $l_mail_YES ?></option>
<option value="0"<?= (!$mail_status) ? ' selected="selected"' : '' ?>><?= $l_mail_NO ?></option>
</select>
</dd>
</dl>
<dl>
<dt>
<label for="mail_type"><?= "Type Messagerie" ?></label><br>
<?= "Choississez le type de messagerie a utiliser" ?><br>
</dt>
<dd>
<select id="mail_type" name="mail_type" onchange="onMailStatusChange();">
<option value=1>Nom de domaine</option>
<option value=2>Serveur mail ou serveur SMTP</option>
<option value=3>Adresse de messagerie</option>
</select>
</dd>
</dl>
<dl>
<dt>
<label for="mail_address"><?= "Adresse Messagerie"?></label><br>
<?= "Adresse de messagerie utilisé pour l'envoi" ?>
</dt>
<dd>
<input type="text" id="mail_address" size="40" name="mail_address" value="<?= $mail_address_mail ?>" oninput="onMailStatusChange();">
</dd>
</dl>
<dl>
<dt>
<label for="mail_mdp"><?= "Mot de passe Messagerie"?></label><br>
<?= "Mot de passe de la messagerie utilisé pour l'envoi" ?>
</dt>
<dd>
<input type="text" id="mail_mdp" size="40" name="mail_mdp" value="<?= $mail_password_mail ?>" oninput="onMailStatusChange();">
</dd>
</dl>
<dl>
<dt>
<label for="mail_mdp2"><?= "Confirmer Mot de passe Messagerie"?></label><br>
<?= "Confirmer le mot de passe de la messagerie utilisé pour l'envoi" ?>
</dt>
<dd>
<input type="text" id="mail_mdp2" size="40" name="mail_mdp2" value="<?= $mail_password_mail_2 ?>" oninput="onMailStatusChange();">
</dd>
</dl>
<dl>
<dt>
<label for="mail_server"><?= "CHoix Serveur SMTP" ?></label><br>
<?= "Choissisiez le serveur SMTP correspondant à l'adress de messagerie" ?><br>
</dt>
<dd>
<select id="mail_server" name="mail_server" onchange="onMailStatusChange();">
<option value=1>Orange/Wanadoo</option>
<option value=2>Hotmail</option>
<option value=3>Outlook</option>
<option value=4>SFR</option>
<option value=5>Free</option>
<option value=6>Gmail</option>
<option value=7>Laposte</option>
<option value=8>Bouygues</option>
<option value=9>Personnalisé</option>
</select>
</dd>
</dl>
<dl>
<dt>
<label for="mail_ip"><?= "IP du serveur SMTP"?></label><br>
<?= "Adresse IP du serveur SMTP utilisé" ?>
</dt>
<dd>
<input type="text" id="mail_ip" size="40" name="mail_ip" value="<?= $mail_address_ip ?>" oninput="onMailStatusChange();">
</dd>
</dl>
<dl>
<dt>
<label for="admin_enable"><?= "Activer l'adresse admin :" ?></label>
</dt>
<dd>
<select id="admin_enable" name="admin_enable" onchange="onMailStatusChange();">
<option value="1"<?= ($mail_status) ? ' selected="selected"' : '' ?>><?= $l_mail_YES ?></option>
<option value="0"<?= (!$mail_status) ? ' selected="selected"' : '' ?>><?= $l_mail_NO ?></option>
</select>
</dd>
</dl>
<dl>
<dt>
<label for="admin_address"><?= "Adresse Messagerie admin"?></label><br>
<?= "Adresse de messagerie utilisé pour l'envoi" ?>
</dt>
<dd>
<input type="text" id="admin_address" size="40" name="admin_address" value="<?= $admin_address ?>" oninput="onMailStatusChange();">
</dd>
</dl>
<dl>
<dt>
<label for="mail_whitelist"><?= "whitelist domaine"?></label><br>
<?= "Adresse de messagerie utilisé pour l'envoi" ?>
</dt>
<dd>
<input type="text" id="mail_whitelist" size="40" name="mail_whitelist" value="<?= $mail_whitelist ?>" oninput="onMailStatusChange();">
</dd>
</dl>
<p>
<!--<button id="btn-checkconf" onclick="checkConfig(); return false;"><?= $l_check ?></button>-->
<input id="submit" type="submit" value="<?= $l_mail_submit ?>" name="submit">
</p>
</fieldset>
</form>
</div>
</div>
</body>
</html>

/web/acc/admin/services.php
1,5 → 1,87
<?php
/* written by steweb57 & Rexy */
// partie $_POST du service mail
$php_self = htmlspecialchars($_SERVER['PHP_SELF']);
// Traiter les formulaires de la partie MAIL SERVICE
if(!empty($_POST)){
var_dump($_POST);
/* // procéder a l'installtion de postfix
if (!empty($_POST['install'])){
exec('sudo dnf install -y postfix', $output, $retval);
// header("Location:services.php");
var_dump($output);
echo "<br>\$retval : " . $retval;
}
*/
// La variable qui contiendra les options et les arguments a passer à l'install
$optArg = "";
if(!empty($_POST['testConf'])){
$optArg .= " -".trim($_POST['testConf']);
}
if(!empty($_POST['smtp'])){
$optArg .= " -s \"".trim($_POST['smtp'])."\"";
}
if(!empty($_POST['port'])){
$optArg .= " -p \"".trim($_POST['port'])."\"";
}
if(!empty($_POST['smtpPort'])){
$smtpPort = explode(" ", $_POST['smtpPort']);
$optArg .= " -s \"".trim($smtpPort[0])."\" -p \"".trim($smtpPort[1])."\"";
}
if(!empty($_POST['smtpIP'])){
$optArg .= " -r \"".trim($_POST['smtpIP'])."\"";
}
if(!empty($_POST['mailAddr'])){
$optArg .= " -m \"".trim($_POST['mailAddr'])."\"";
}
if(!empty($_POST['pswd1']) && !empty($_POST['pswd2'])){
if (trim($_POST['pswd1']) == trim($_POST['pswd2'])){
$optArg .= " -o \"".trim($_POST['pswd2'])."\"";
} else {
echo "<script> alert(\"Les deux mots de passe sont différents\"); window.location.href=\"services.php\";</script>";
}
}
if(!empty($_POST['adminMail'])){
$optArg .= " -a \"".$_POST['adminMail']."\"";
}
if(!empty($_POST['wld'])){
$optArg .= " -w \"".str_replace("\r"," ",trim($_POST['wld']))."\"";
}
// Supprimer la WLD ou l'email de l'admin
if(!empty($_POST['unset'])){
exec("sudo sed -i '/". $_POST['unset']."/d' /usr/local/etc/alcasar-mail.conf", $output, $retval);
var_dump($output);
echo "<br>\$retval : " . $retval;
}
// Supprimer toute la configuration actuelle
if(!empty($_POST['uninstall'])){
// echo "sudo /usr/local/bin/alcasar-mail-uninstall.sh <br>";
exec("sudo /usr/local/bin/alcasar-mail-uninstall.sh", $output, $retval);
var_dump($output);
echo "<br>\$retval : " . $retval;
}
if(!empty($optArg)){
echo "sudo /usr/local/bin/alcasar-mail-install.sh".$optArg;
exec("sudo /usr/local/bin/alcasar-mail-install.sh".escapeshellcmd($optArg), $output, $retval);
var_dump($output);
echo "<br>\$retval : " . $retval;
}
// à décommenté une fois tests et debugs réalisé pour recharger la page sansle $_POST
// header("Location:services.php");
}// Fin de la partie $_POST du service mail
# Choice of language
$Language = 'en';
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){
27,6 → 109,7
$l_clamav_freshclam = "Mise à jour de l'antivirus (toutes les 4 heures)";
$l_clamav_daemon = "Antimalware";
$l_ntpd = "Service de mise à l'heure réseau";
$l_postfix = "Service de messagerie";
$l_fail2ban = "Détecteur d'intrusion";
$l_nfcapd = "Collecteur de flux NetFlow";
$l_vnstat = "Grapheur de flux réseau";
223,7 → 306,7
//-------------------------------
// Actions on services
//-------------------------------
$autorizeService = array("radiusd","chilli","mysqld","lighttpd","unbound-forward","ulogd-ssh","ulogd-ext-access","ulogd-traceability","unbound-blacklist","unbound-whitelist","dnsmasq-whitelist","unbound-blackhole","e2guardian","clamav-daemon","clamav-freshclam","sshd","ntpd","fail2ban","nfcapd","vnstat");
$autorizeService = array("radiusd","chilli","mysqld","lighttpd","unbound-forward","ulogd-ssh","ulogd-ext-access","ulogd-traceability","unbound-blacklist","unbound-whitelist","dnsmasq-whitelist","unbound-blackhole","e2guardian","clamav-daemon","clamav-freshclam","sshd","ntpd","fail2ban","nfcapd","vnstat","postfix");
$autorizeAction = array("start","stop","restart");
if (isset($_GET['service'])&&(in_array($_GET['service'], $autorizeService))) {
250,6 → 333,7
$MainServiceStatus['ntpd'] = checkServiceStatus("ntpd");
$MainServiceStatus['fail2ban'] = checkServiceStatus("fail2ban");
$MainServiceStatus['vnstat'] = checkServiceStatus("vnstat");
$MainServiceStatus['postfix'] = checkServiceStatus("postfix");
$FilterServiceStatus = array();
$FilterServiceStatus['unbound_blacklist'] = checkServiceStatus("unbound-blacklist");
270,6 → 354,7
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title><?php echo $l_services_title; ?></title>
<link rel="stylesheet" href="/css/acc.css" type="text/css">
<script type="text/javascript" src="/js/jquery.min.js"></script>
</head>
<body>
<div class="panel">
279,7 → 364,8
<tr align="center"><td><?php echo $l_service_status;?></td><td colspan="2"><?php echo $l_service_title;?></td><td colspan="3"><?php echo $l_service_action;?></td></tr>
<?php foreach( $MainServiceStatus as $serviceName => $statusOK ) { ?>
<tr>
<?php if ($statusOK) { ?>
<?php if ($serviceName != "postfix"){
if ($statusOK) { ?>
<td align="center"><img src="/images/state_ok.gif" width="15" height="15" alt="<?php echo $l_service_status_img_ok; ?>"></td>
<td align="center"><?php $comment="l_$serviceName"; echo "<b>$serviceName</b></td><td>${$comment}" ;?> </td>
<td width="80" align="center">---</td>
293,7 → 379,8
<td width="80" align="center">---</td>
<?php } ?>
</tr>
<?php } ?>
<?php }
} ?>
</table>
</div>
</div>
326,9 → 413,78
<div class="panel">
<div class="panel-header"><?= $l_opt_services ?></div>
<div class="panel-row">
<form action="<?php echo $_SERVER['PHP_SELF']?>" method=POST>
<table width="100%" border=0 cellspacing=0 cellpadding=0>
<tr align="center"><td><?php echo $l_service_status;?></td><td colspan="2"> </td><td colspan="3"><?php echo $l_service_action;?></td></tr>
<?php
/*
// POSTFIX
exec("sudo rpm" . escapeshellarg("-q postfix"), $output, $retval);
var_dump($output);
echo "<br>\$retval : " . $retval;
exec("sudo ip" . escapeshellarg("a"), $output, $retval);
var_dump($output);
echo "<br>\$retval : " . $retval;
// si POSTFIX n'est pas installé, on propose l'installation
if ($retval == 1){
echo <<<EOT
<tr align="center">
<td colspan="3"><b>POSTFIX n'est pas installé.</b></td>
<td>
<form id="install" action="$php_self" method=POST>
<input type="hidden" name="install" value="install">
<input type=submit form="install" value="Install">
</form>
</td>
</tr>
EOT;
// si POSFIX est installé
} else {
*/
// la partie tableau qui affiche les statut du service POSTFIX, et possiblité de start, restart & stop
$serviceName = "postfix";
if(array_key_exists($serviceName, $MainServiceStatus)){
$statusOK = $MainServiceStatus['postfix'];
$comment="l_$serviceName";
$stopService = $_SERVER['PHP_SELF']."?action=stop&service=".str_replace('_','-',$serviceName);
$startService = $_SERVER['PHP_SELF']."?action=start&service=".str_replace('_','-',$serviceName);
$restartService = $_SERVER['PHP_SELF']."?action=restart&service=".str_replace('_','-',$serviceName);
// $restartService = $_SERVER['PHP_SELF']."?action=restart&service=".str_replace('_','-',$serviceName)."\\";
echo "<tr>";
if ($statusOK) {
echo <<<EOT
<td align="center"><img src="/images/state_ok.gif" width="15" height="15" alt="$l_service_status_img_ok"></td>
<td align="center"><b>$serviceName</b></td>
<td align="center">${$comment}</td>
<td width="80" align="center">---</td>
<td width="80" align="center">
<a href=$stopService>$l_service_stop</a></td>
<td width="80" align="center">
<a href=$restartService>$l_service_restart</a></td>
EOT;
} else {
echo <<<EOT
<td align="center"><img src="/images/state_error.gif" width="15" height="15" alt="$l_service_status_img_ko"></td>
<td align="center">$serviceName</td>
<td align="center">${$comment}</td>
<td width="80" align="center">
<a href=$startService>$l_service_start</a></td>
<td width="80" align="center">---</td>
<td width="80" align="center">---</td>
EOT;
}
echo "</tr>";
}
//}
// POSTFIX end
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method=POST>
<tr>
<?php if ($wifi4eu == "on") { ?>
<td align="center"><img src="/images/state_ok.gif" width="15" height="15" alt="<?php echo $l_service_status_img_ok; ?>"></td>
344,10 → 500,13
<td width="80" align="center">---</td>
<?php } ?>
</tr>
</form>
</table>
</form>
</div>
</div>
<div class="panel">
<div class="panel-header"><?= $l_stop_restart ?></div>
<div class="panel-row">
364,5 → 523,391
</table>
</div>
</div>
<!-- Code de la partie mail service, il ne faut pas oublier de rajouter jquery dans le head du html -->
<?php
echo <<<EOT
<div class="panel">
<div class="panel-header">POSTFIX actuelle Configuration</div>
<div class="panel-row">
<table width="100%" border=0 cellspacing=0 cellpadding=0><br>
EOT;
// la conf actuelle, si le fichier alcasar-mail.conf est présent
$alcasarMailConf = "/usr/local/etc/alcasar-mail.conf";
if (is_file ($alcasarMailConf)){
$tab=file($alcasarMailConf);
if ($tab){
foreach ($tab as $line) {
$field=explode("=", $line);
switch ($field[0]) {
case 'smtp':
$smtp = trim($field[1]);
echo <<<EOT
<tr align="center">
<td><b>SMTP : </b>$smtp</td>
</tr>
EOT;
break;
case 'port':
$port = trim($field[1]);
echo <<<EOT
<tr align="center">
<td><b>Port : </b>$port</td>
</tr>
EOT;
break;
case 'smtpIP':
$smtpIP = trim($field[1]);
echo <<<EOT
<tr align="center">
<td><b>SMTP ip : </b>$smtpIP</td>
</tr>
EOT;
break;
case 'mailAddr':
$mailAddr = trim($field[1]);
echo <<<EOT
<tr align="center">
<td><b>Email Addr : </b>$mailAddr</td>
</tr>
EOT;
break;
case 'adminMail':
$adminMail = trim($field[1]);
echo <<<EOT
<tr align="center">
<td><b>Admin email : </b>$adminMail</td>
</tr>
EOT;
break;
case 'whiteDomain':
$whiteDomain = explode(" ", trim($field[1]));
break;
}
}
}
echo <<<EOT
<form action="$php_self" method="post">
<tr align="center">
<td colspan="2">
<input type="hidden" name="uninstall" value="uninstall">
<br><input type="submit" class="btn btn-default" name="submit" value="Supprimer toute la configuration">
</td>
</tr>
</form>
<tr align="center">
<td colspan="2"><font color=red>ATTENTION : la suppression enlève toute la configuration du SERVICE MAIL</font>
</td>
</tr>
EOT;
// si le fichier alcasar-mail.conf n'existe pas
} else {
echo <<<EOT
<tr align="center">
<td><b>POSTFIX n'est pas configuré par ALCASAR.</b></td>
</tr>
EOT;
}
// Partie de paramétrage de la configuration
// Configuration de l'adresse email de l'administrateur
echo <<<EOT
</table><br>
</div>
</div><br>
<div class="panel">
<div class="panel-header">POSTFIX Configuration</div>
<div class="panel-row conf" id="conf">
<table width="100%" border=0 cellspacing=0 cellpadding=0><br>
<tr align="center">
<td><input type="radio" name="conf" class="mail" value="One"/><b>Service autonome</b></td>
<td><input type="radio" name="conf" class="mail" value="Two"/><b>Service relay</b></td>
<td><input type="radio" name="conf" class="mail" value="Three"/> <b>Adresse mail</b></td>
</tr>
</table><br>
</div>
<div class="myDiv hide" id="showOne">
<table width="100%" border=0 cellspacing=0 cellpadding=0><br>
<tr align="center">
<td><b>Serveur mail est autonome :</b></td>
</tr>
<tr align="center">
<td>
<form action="$php_self" method="post">
<input type="hidden" name="testConf" value="1">
<input type="submit" class="btn btn-default" name="submit" value="Configurer"><br>
</form>
</td>
</tr>
</table>
</div>
<div class="myDiv hide" id="showTwo">
<table width="100%" border=0 cellspacing=0 cellpadding=0><br>
<form action="$php_self" method="post">
<tr align="center">
<td colspan="2"><b>SMTP Relais :</b></td>
</tr>
<tr align="center">
<td colspan="2">Postfix envois, ralaye les emails sorants à un autre serveur SMTP.</td>
</tr>
<tr>
<td><label>Enterez le serveur SMTP relai en FQDN ou IP</label></td>
<td><input type="text" name="smtp" placeholder="SMTP" required/></td>
</tr>
<tr>
<td><label>Enterez le port SMTP</label></td>
<td><input type="text" name="port" placeholder="port" required/></td>
</tr>
<tr>
<td><label>Enterez l'IP du serveur SMTP relais (0.0.0.0/0 si c'est dynamique/par défaut si vide)</label></td>
<td><input type="text" name="smtpIP" placeholder="IP du SMTP relais" required/></td>
</tr>
<tr align="center">
<td colspan="2">
<input type="hidden" name="testConf" value="2">
<input type="submit" class="btn btn-default" name="submit" value="Valider"><br>
</td>
</tr>
</form>
</table><br>
</div>
<div class="myDiv hide" id="showThree">
<table width="100%" border=0 cellspacing=0 cellpadding=0><br>
<form method="post" action="$php_self">
<tr colspan="2" align="center">
<td><b>Configuration de serveur mail via un compte email :</b></td>
</tr>
<tr align="center">
<td>
<table class="table table-striped">
<tr>
<td><label>Entez votre email</label></td>
<td><input type="email" name="mailAddr" placeholder="Enter your email" required/></td>
</tr>
<tr>
<td><label>Entez le mot de passe</label></td>
<td><input type="password" id="pswd1" name="pswd1" required/></td>
</tr>
<tr>
<td><label>Confirmer le mot de passe</label></td>
<td><input type="password" id="pswd2" name="pswd2" required/></td>
</tr>
</table>
<table class="table table-striped">
<thead>
<tr>
<th scope="col">#</th>
<th scope="col">compte de messagerie</th>
<th scope="col">adresse de messagerie</th>
<th scope="col">serveur sortant</th>
<th scope="col">port sortant</th>
</tr>
</thead>
<tbody>
EOT;
$smtpsConf = [
["Orange", "Orange/Wanadoo", "orange.fr /wanadoo.fr", "smtp.orange.fr", 465],
["Hotmail", "Hotmail", "hotmail.com/.fr / live.com/.fr / msn.com", "smtp.live.com", 587],
["Outlook", "Outlook", "hotmail.xx/live.xx/msn.com/outlook/office365", "smtp.office365.com", 587],
["SFR", "SFR", "sfr.fr", "smtp.sfr.fr", 465],
["Free", "Free", "free.fr", "smtp.free.fr", 465],
["Gmail", "Gmail", "gmail.com", "smtp.gmail.com", 587],
["Laposte", "Laposte", "laposte.net", "smtp.laposte.net", 465],
["Bouygues", "Bouygues Telecom", "bbox.fr", "smtp.bbox.fr", 587]
];
foreach( $smtpsConf as $smtpConf ) {
echo <<< EOT
<tr>
<th scope="row"><input class="form-check-input blur" type="radio" name="smtpPort" value="$smtpConf[3] $smtpConf[4]"/></th>
<td>$smtpConf[1]</td>
<td>$smtpConf[2]</td>
<td>$smtpConf[3]</td>
<td align="center">$smtpConf[4]</td>
</tr>
EOT;
}
echo<<<EOT
<tr>
<th scope="row"><input id="perso" class="form-check-input" type="radio" name="smtpPort"/></th>
<td>Personalisez votre smtp</td>
<td><input type="text" id="smtpPerso" name="smtpPerso" class="perso" oninput="valPerso()" placeholder="Entrez le serveur SMTP" disabled/></td>
<td>Personalisez le port</td>
<td><input type="text" id="portPerso" name="portPerso" class="perso" oninput="valPerso()" placeholder="Entrez le serveur Port" disabled/></td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr align="center">
<td class="testConf3">
</td>
</tr>
<tr align="center">
<td>
<input type="hidden" name="testConf" value="3">
<input type="submit" class="btn btn-default" name="submit" value="Valider" id="testConf3"><br>
</td>
</tr>
</form>
</table><br>
</div>
</div><br>
<div class="panel">
<div class="panel-header">Mail admin</div>
<div class="panel-row conf" id="conf">
<table width="100%" border=0 cellspacing=0 cellpadding=0><br>
<form action="$php_self" method="post">
<tr align="center">
<td colspan="2"><b>Mail admin</b></td>
</tr>
<tr align="center">
<td colspan="2">L'adresse email de l'administrateur pour recevoir les alertes des nouvelles inscriptions, et l'archive hebdomadaire des logs</td>
</tr>
<tr>
EOT;
if (empty($adminMail)){
echo "<td><label>Enterez l'adresse email</label></td>";
} else {
echo "<td>L'email configuré actuellement est : " . $adminMail . "</td>";
}
echo <<<EOT
<td><input type="email" name="adminMail" placeholder="Enter your email" required/></td>
</tr>
<tr align="center">
<td colspan="2">
<input type="submit" class="btn btn-default" name="submit" value="Valider"><br>
</td>
</tr>
</form>
<form action="$php_self" method="post">
<tr align="center">
<td colspan="2">
<input type="hidden" name="unset" value="adminMail">
<input type="submit" class="btn btn-default" name="submit" value="Supprimer l'admin email"><br>
</td>
</tr>
</form>
</table><br>
</div>
</div><br>
<div class="panel">
<div class="panel-header">WhiteList Domains Configuration</div>
<div class="panel-row conf" id="conf">
<table width="100%" border=0 cellspacing=0 cellpadding=0><br>
<tr align="center">
<td>La liste blanche limite les inscriptions utilisateurs à un, ou plusieurs domaines.</td>
</tr>
<form method="post" action="$php_self">
<tr align="center">
<td width="50%" align="center">Mettez vos domaines à configurer. Un par ligne</td>
</tr>
<tr align="center">
<td>
<br><textarea name='wld' rows=5 cols=50 placeholder="Aucune WLD configurée actuellement"">
EOT;
if(!empty($whiteDomain)){
foreach ($whiteDomain as $domain){
echo "$domain\n";
}
}
echo<<<EOT
</textarea>
</td>
</tr>
<tr align="center">
<td colspan="2">
<br><input type="submit" class="btn btn-default" name="submit" value="Valider"><br>
</td>
</tr>
</form>
<form action="$php_self" method="post">
<tr align="center">
<td colspan="2">
<input type="hidden" name="unset" value="whiteDomain">
<input type="submit" class="btn btn-default" name="submit" value="Supprimer la WLD"><br>
</td>
</tr>
</form>
</table><br>
</div>
</div><br>
EOT;
?>
<script>
$(document).ready(function(){
$("div.hide").hide();
$('#conf input[type="radio"]').click(function(){
var value = $(this).val();
$("div.myDiv").hide();
$("#show"+value).show();
});
//On vérifie si le mot de passe est ok
$("#pswd2").keyup(function(){
if($("#pswd1").val() != "" && $("#pswd2").val() != "" && $("#pswd1").val() != $("#pswd2").val()){
$(".testConf3").html("<br>Les deux mots de passe sont différents");
$("#testConf3").attr("disabled", true);
} else {
$("#testConf3").attr("disabled", false);
$(".testConf3").fadeOut(800);
}
})
});
$('#perso').click(function(){
$(".perso").attr("disabled", false);
});
$('.blur').click(function(){
$(".perso").attr("disabled", true);
});
function valPerso(){
var valSmtpPerso = document.getElementById("smtpPerso").value;
var valPortPerso = document.getElementById("portPerso").value;
document.getElementById("perso").value = valSmtpPerso + " " + valPortPerso;
};
function hideShow(x){
$("div." + x).toggle();
var value = $("input." + x).val();
var elem = document.getElementById("btn-" + x);
if (elem.value=="Configurer"){
elem.value = "Annuler";
} else{
elem.value = "Configurer";
}
};
</script>
</body>
</html>
</html>

/web/acc/menu.php
73,6 → 73,7
$l_whitelist = "Liste blanche";
$l_network = "Réseau";
$l_ldap = "LDAP/A.D.";
$l_mail = "Mail";
$l_access_nb = "Nb d'accès à l'ACC";
$l_create_user = "Créer des utilisateurs";
$l_edit_user = "Gérer les utilisateurs";
104,6 → 105,7
$l_whitelist = "Lista Blanca";
$l_network = "Red";
$l_ldap = "LDAP/A.D.";
$l_mail = "Mail";
$l_access_nb = "Registros de accesos ACC";
$l_create_user = "Crear usuarios";
$l_edit_user = "Administrar usuarios";
136,6 → 138,7
$l_whitelist = "Whitelist";
$l_network = "Network";
$l_ldap = "LDAP/A.D.";
$l_mail = "Mail";
$l_access_nb = "ACC access Nbr";
$l_create_user = "Create users";
$l_edit_user = "Manage users";
201,6 → 204,7
<li><div class="caret"></div><a href="admin/network.php" target="REXY2"><?= $l_network ?></a></li>
<li><div class="caret"></div><a href="admin/services.php" target="REXY2">Services</a></li>
<li><div class="caret"></div><a href="admin/ldap.php" target="REXY2"><?= $l_ldap ?></a></li>
<li><div class="caret"></div><a href="admin/mail.php" target="REXY2"><?= $l_mail ?></a></li>
</ul>
</li>
<?php endif; ?>

/web/mail_registration_back.php
0,0 → 1,372
<?php
/******************************************************************************** * *
* ALCASAR INSCRIPTION *
* *
* By K@M3L 1101130512.1901090409 & T3RRY LaPlateforme_. *
* V 1.0 June 2021. *
* *
* Partie back de la page d'inscription des utilisateurs *
* elle traite les infos de la partie front de l'inscription *
* -Lit le fichier de configuration /usr/local/etc/alcasar-mail.conf. *
* -Verifie si le login est présent dans la radcheck. *
* -Verifie si le mail est présent dans la userinfo. *
* -Verifie si le domaine du mail est sur WLD (optionnel). *
* -Inscrit l'utilisateur avec mot de passe aléatoire. *
* -Envoi l'email à l'utilisaeur, et à l'admin avec date et IP. *
* *
*********************************************************************************/
if (is_file("acc/manager/lib/langues.php"))
include("acc/manager/lib/langues.php");
if(!isset($create)) $create=0;
if(!isset($show)) $show=0;
if(!isset($login)) $login = '';
if(!isset($cn)) $cn = '';
if(!isset($mail)) $mail = '';
if(!isset($langue_imp)) $langue_imp = '';
if(!isset($selected)) $selected = array();
if(!isset($selected['='])) $selected['='] = '';
require('/etc/freeradius-web/config.php');
require('acc/manager/lib/attrshow.php');
require('acc/manager/lib/defaults.php');
if (false && /* Hide operator column */ $config['general_lib_type'] == 'sql' && $config['sql_use_operators'] == 'true') {
$colspan = 2;
$show_ops = 1;
require('acc/manager/lib/operators.php');
} else {
$show_ops = 0;
$colspan = 1;
}
if (is_file("acc/manager/lib/sql/drivers/$config[sql_type]/functions.php"))
require("acc/manager/lib/sql/drivers/$config[sql_type]/functions.php");
else{
echo "<b>Could not include SQL library</b><br />\n";
exit();
}
require('acc/manager/lib/functions.php');
if ($config['sql_use_operators'] == 'true'){
include_once("acc/manager/lib/operators.php");
$text = ',op';
$passwd_op = ",':='";
}
$da_abort=0;
$op_val2 = '';
function GenPassword($nb_car="8")
{
// Random password
$password = "";
$chaine = "aAzZeErRtTyYuUIopP152346897mMLkK";
$chaine .= "jJhHgGfFdDsSqQwWxXcCvVbBnN152346897";
while($nb_car != 0) {
//$i = rand(0,71);
// Bug corrigé
$i = rand(0,66);
$password .= $chaine[$i];
$nb_car--;
}
return $password;
}
// Lecture du fichier de configuration, récupération des listes WLD et l'email de l'admin
$alcasarMailConf = "/usr/local/etc/alcasar-mail.conf";
if (is_file ($alcasarMailConf)){
$tab=file($alcasarMailConf);
if ($tab){
foreach ($tab as $line){
$field=explode("=", $line);
switch ($field[0]){
case 'whiteDomain':
$whiteDomain = explode(" ", strtolower(trim($field[1])));
break;
case 'adminMail':
$adminMail = $field[1];
break;
}
}
}
}
if(isset($_POST['Fmail'])){
extract($_POST);
$Fmail = htmlentities(strtolower(trim($Fmail)));
if(!filter_var($Fmail, FILTER_VALIDATE_EMAIL)){
echo "<b>L'adresse email est invalide</b><br />\n";
exit();
}
// on récupère le nom de domaine du mail@domain.com
list($user, $domain) = explode('@', $Fmail);
// on vérifie si le domaine est dans la WLD, sinon on bloque
if (!empty($whiteDomain)){
if (!in_array($domain, $whiteDomain)){
echo "Le domaine $domain n'est pas autorisé";
exit();
}
}
$login = $Fmail;
// si le login est présent
$link = @da_sql_pconnect($config);
if ($link) {
$sql = "SELECT id FROM $config[sql_check_table] WHERE username = '$login';";
$res = @da_sql_query($link,$config, $sql);
}
$login_check = da_sql_num_rows($res,$config);
// da_sql_close($link,$config)
// si le mail est présent
$link = @da_sql_pconnect($config);
if ($link) {
$sql = "SELECT id FROM $config[sql_user_info_table] WHERE mail = '$Fmail';";
$res = @da_sql_query($link,$config, $sql);
}
$email_check = da_sql_num_rows($res,$config);
// da_sql_close($link,$config)
if($login_check > 0) {
//Adresse email utilisée en tant que login
echo "<b>L'adresse email est déjà utilisée.</b><br />\n";
} else if($email_check > 0) {
echo "<b>L'adresse mail est déjà utilisée.</b><br />\n";
} else {
$password = GenPassword();
// si on ajoute des inputs pour les infos user
/* $Fcn = "$prenom".".$nom";
$Fou = "";
$Fhomephone = "";
$Ftelephonenumber = "";
$Fmobile = "";
*/
$link = da_sql_pconnect($config);
if ($link){
mysqli_set_charset($link,"utf8");
if (is_file("acc/manager/lib/crypt/$config[general_encryption_method].php")){
include_once("acc/manager/lib/crypt/$config[general_encryption_method].php");
$passwd = da_encrypt($password);
$passwd = da_sql_escape_string($link, $passwd);
$res = da_sql_query($link,$config,
"INSERT INTO $config[sql_check_table] (attribute,value,username $text)
VALUES ('$config[sql_password_attribute]','$passwd','$login' $passwd_op);");
if (!$res || !da_sql_affected_rows($link,$res,$config)){
echo "<b>Erreur lors de la création de l'utilisateur $login: " . da_sql_error($link,$config) . "</b><br />\n";
$da_abort=1;
}
if ($config['sql_use_user_info_table'] == 'true' && !$da_abort){
$res = da_sql_query($link,$config,
"SELECT username FROM $config[sql_user_info_table] WHERE
username = '$login';");
if ($res){
if (!da_sql_num_rows($res,$config)){
$Fcn = (isset($Fcn)) ? da_sql_escape_string($link, $Fcn) : '';
$Fmail = (isset($Fmail)) ? da_sql_escape_string($link, $Fmail) : '';
$Fou = (isset($Fou)) ? da_sql_escape_string($link, $Fou) : '';
$Fhomephone = (isset($Fhomephone)) ? da_sql_escape_string($link, $Fhomephone) : '';
$Ftelephonenumber = (isset($Ftelephonenumber)) ? da_sql_escape_string($link, $Ftelephonenumber) : '';
$Fmobile = (isset($Fmobile)) ? da_sql_escape_string($link, $Fmobile) : '';
$res = da_sql_query($link,$config,
"INSERT INTO $config[sql_user_info_table]
(username,name,mail,department,homephone,workphone,mobile) VALUES
('$login','$Fcn','$Fmail','$Fou','$Fhomephone','$Ftelephonenumber','$Fmobile');");
if (!$res || !da_sql_affected_rows($link,$res,$config))
// Erreur sql à supprimer : l'info ne devrait pas être communiquer au client.
echo "<b>Une erreur s'est produite lors de la création du compte : " . da_sql_error($link,$config) . "</b><br />\n";
}
else
echo "<b>L'utilisateur existe déjà</b><br />\n";
}
else
echo "<b>Une erreur s'est produite lors de la création du compte : " . da_sql_error($link,$config) . "</b><br />\n";
}
// si on veut ajouter les nouveau utilisateurs a un groupe par défaut, autre que celui par défaut d'alcasar
if (isset($Fgroup) && $Fgroup != ''){
$Fgroup = da_sql_escape_string($link, $Fgroup);
$res = da_sql_query($link,$config,
"SELECT username FROM $config[sql_usergroup_table]
WHERE username = '$login' AND groupname = '$Fgroup';");
if ($res){
if (!da_sql_num_rows($res,$config)){
$res = da_sql_query($link,$config,
"INSERT INTO $config[sql_usergroup_table]
(username,groupname) VALUES ('$login','$Fgroup');");
if (!$res || !da_sql_affected_rows($link,$res,$config))
echo "<b>Impossible d'ajouter l'utilisateur dans le groupe $Fgroup.</b><br />\n";
}
else
echo "<b>L'utilisateur est déjà présent dans le groupe $Fgroup</b><br />\n";
}
else
echo "<b>Impossible d'ajouter l'utilisateur dans le groupe $Fgroup: " . da_sql_error($link,$config) . "</b><br />\n";
}
if (!$da_abort){
if (isset($Fgroup) && $Fgroup != '')
require('acc/manager/lib/defaults.php');
foreach($show_attrs as $key => $attr){
if ($attrmap["$key"] == 'none')
continue;
if ($key == "Filter-Id" && $$attrmap["$key"] == "None")
continue;
if ($attrmap["$key"] == ''){
$attrmap["$key"] = $key;
$attr_type["$key"] = 'replyItem';
$rev_attrmap["$key"] = $key;
}
if (isset($attr_type["$key"]) && $attr_type["$key"] == 'checkItem'){
$table = "$config[sql_check_table]";
$type = 1;
}
else if (isset($attr_type["$key"]) && $attr_type["$key"] == 'replyItem'){
$table = "$config[sql_reply_table]";
$type = 2;
}
$val = (isset($_POST[$attrmap["$key"]])) ? $_POST[$attrmap["$key"]] : '';
$val = da_sql_escape_string($link, $val);
$op_name = $attrmap["$key"] . '_op';
$op_val = (isset($$op_name)) ? $$op_name : '';
if ($op_val != ''){
$op_val = da_sql_escape_string($link, $op_val);
if (check_operator($op_val,$type) == -1){
echo "<b>Invalid operator ($op_val) for attribute $key</b><br />\n";
continue;
}
$op_val2 = ",'$op_val'";
}
$chkdef = (isset($default_vals["$key"])) ? check_defaults($val,$op_val,$default_vals["$key"]) : 0;
if ($val == '' || $chkdef)
continue;
$sqlquery = "INSERT INTO $table (attribute,value,username $text)
VALUES ('$attrmap[$key]','$val','$login' $op_val2);";
$res = da_sql_query($link,$config,$sqlquery);
if (!$res || !da_sql_affected_rows($link,$res,$config))
echo "<b>Query failed for attribute $key: " . da_sql_error($link,$config) . "</b><br />\n";
}
}
// L'utilisateur est ajouter dans la radcheck, ses info dans la userinfo, on envoi le mail avec identifiant et passwd
$ip = $_SERVER['REMOTE_ADDR'];
$time = date_create('now')->format('d-m-Y H:i:s');
$domain = $conf["DOMAIN"];
$hostname = $conf["HOSTNAME"].'.'.$domain;
$hostname = "alcasar.laplateforme.io";
$to = $Fmail;
$from = "alcasar@$domain";
$subject = "Activation de votre compte ALCASAR";
$message = "<!DOCTYPE html>
<html>
<head>
<meta charset=\"UTF-8\" />
</head>
<body>
Bonjour,<br/><br/>
<h3>Bienvenue sur ALCASAR @ $domain</h3>
<p>Ceci est un email automatique avec vos identifiants, veuillez changer votre mot de passe.<br/>
<h4>Indentifiants de connexion:</h4>
<pre>
Adresse e-mail : $Fmail
Login : $login
Mot de passe : $password
</pre>
<p>Rendez-vous sur le portail <a href=\"https://$hostname\">$domain</a></p>
</body>
</html>";
$header = "From: $from\n";
$header .= "MIME-Version: 1.0\n";
$header .= "Content-type: text/html; charset=utf-8\n";
if(mail($to, $subject, $message, $header)){
echo "<center>success : <b>Vous y êtes presque ! $l_user '$login' $l_created</b></center><br />";
echo "<center>success : <b>Un email contenant vos informations de connexion vient de vous être envoyé.</b></center><br />";
// le mail pour l'uitilisateur est envoyé, si l'admin a configuré son mail, on lui envoi
// une notification d'inscription avec l'ip, l'heure, et le login de l'utilisateur
if (!empty($adminMail)){
$to = $adminMail;
$from = "alcasar@$domain";
$subject = "Nouvelle inscription sur ALCASAR";
$message = "<!DOCTYPE html>
<html>
<head>
<meta charset=\"UTF-8\" />
</head>
<body>
Bonjour,<br/><br/>
<p>Ceci est un mail automatique.<br/>
<h3>Une nouvelle inscription à <strong>ALCASR $domain</strong> a été faite.</h3>
<h4>Indentifiants de connexion:</h4>
<pre>
Adresse IP : $ip
Heure : $time;
Login : $login
Email : $Fmail
</pre>
<p>ALCASAR <a href=\"https://$hostname\">$domain</a></p>
</body>
</html>";
$header = "From: $from\n";
$header .= "MIME-Version: 1.0\n";
$header .= "Content-type: text/html; charset=utf-8\n";
mail($to, $subject, $message, $header);
}
} else {
//Le mot de passe est généré aléatoirement, si le mail n'est pas envoyé, on supprime le compte de la bdd ou on lui demande d'utiliser la page reset
/* $link = da_sql_pconnect($config);
$res2 = da_sql_query($link,$config,
"DELETE FROM $config[sql_user_info_table] WHERE username = '$login';");
$res3 = da_sql_query($link,$config,
"DELETE FROM $config[sql_check_table] WHERE username = '$login';");
// da_sql_close($link,$config)
*/
echo "<b>Erreur lors de l'envoi du mail, veuillez renouveler votre inscription. Utilisez le formulaire de réinitialisation, ou contactez votre administrateur.</b><br />\n";
}
}
else // Could not open encryption library file
echo "<b>Erreur lors de la création du compte</b><br />\n";
}
else // Could not connect to SQL database
echo "<b>Erreur lors de la création du compte</b><br />\n";
}
}
?>

/web/mail_registration_front.php
0,0 → 1,150
<?php
/********************************************************************
* *
* ALCASAR EMAIL INSCRIPTION *
* *
* By K@M3L 1101130512.1901090409 & T3RRY @ La Plateforme_ *
* V 1.0 June 2021. *
* *
* Partie front de la page d'inscription des utilisateurs *
* elle envoi les infos à traiter à la page de traitement *
* via AJAX. *
* *
/********************************************************************/
$l_title = "Inscription";
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>ALCASAR - <?=$l_title ?></title>
<link rel="stylesheet" type="text/css" href="css/bootstrap.min.css">
<link rel="stylesheet" type="text/css" href="css/pass.css">
<link rel="icon" href="images/favicon-48.ico" type="image/ico">
<script type="text/javascript" src="js/jquery.min.js"></script>
<script type="text/javascript" src="js/bootstrap.min.js"></script>
</head>
<body>
<nav class="navbar navbar navbar-inverse" style="margin-bottom:0px;">
<div class="container-fluid">
<div class="navbar-header">
<a href="index.php"><img src="images/logo-alcasar_70.png" width="50" ><font color=red><b> ALCASAR Accueil</b></font></a>
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
</div>
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav">
<li>
<a href="index.php?url=www.euronews.com">Login</a>
</li>
<li>
<a href="inscription.php">Inscription</a>
</li>
<li>
<a href="password.php">Changement de mot de passe</a>
</li>
<li>
<a href="reset.php">Réinitialisation de mot de passe</a>
</li>
</ul>
<ul class="nav navbar-nav navbar-right">
<a href="contact.php" class="navbar-brand">Contact</a>
<a href="contact.php"><img src="images/organisme.png" width="40"></a>
</ul>
</div>
</div>
</nav>
<div class="col-xs-12 col-md-10 col-md-offset-1">
<!-- HeaderBox -->
<div class="row banner">
<!-- Logo box -->
<div class="hidden-xs col-sm-3 col-md-2 col-lg-2">
<img class="img-responsive img-A" src="images/organisme.png">
</div>
<!-- Title -->
<div id="cadre_titre" class="titre_banner col-xs-12 col-sm-8">
<div class="row">
<p id="acces_controle" class="titre_controle"><?= $l_title ?></p>
</div>
<!-- <div class="row">
<?php if (isset($changePasswordMessage)): ?>
<?= $changePasswordMessage ?>
<?php endif; ?>
</div>-->
</div>
<!-- Logo box -->
<div class="img_banner hidden-xs col-sm-3 col-md-2 col-lg-2">
<img class="img-responsive img-organisme" src="images/logo-alcasar_70.png">
</div>
</div>
<section id="inscription" class="row">
<form name="master" id="contenu_acces" onsubmit="return false;" class="col-xs-12 col-sm-12 col-md-offset-1 col-md-10">
<div class="row input_row">
<div class="label_name col-xs-3 col-sm-3 col-md-4">courrier électronique: *</div>
<div class="col-xs-6 col-sm-6 col-md-4">
<input type="email" placeholder="User@exemple.com" id="email" name="email" required class="form-control"/>
</div>
<small id="output_email" class="row"></small>
</div>
<div id="status">
* Remplir tous les champs obligatoires
</div>
<div class="row input_row">
<div class="col-xs-5 col-xs-offset-1 col-sm-4 col-sm-offset-2">
<input id="buttons" class="btn btn-default" value="Annuler" onclick="window.location.href = 'index.php';">
</div>
<div class="col-xs-5 col-sm-4">
<button type="submit" class="btn btn-primary btn-lg" id="buttons" >Inscription</button>
</div>
</div>
</form>
</section>
<script type="text/javascript" src="js/jquery.min.js"></script>
<script>
$(document).ready(function(){
$("#contenu_acces input").focus(function(){
$("#status").fadeOut(800);
});
//Traitement du formulaire d'inscription
$("#contenu_acces").submit(function(){
var status = $("#status");
var Fmail = $("#email").val();
$.ajax({
type: "post",
url: "inscription_traitement.php",
data: {
'Fmail' : Fmail,
},
beforeSend: function(){
$("#status").attr("value", "Traitement en cours...");
},
success: function(data){
if (data.match("success")) {
status.html(data).fadeIn(400);
alert("Encore une dernière étape!\n\nUn mot de passe temporaire vient de vous être envoyé à votre adresse électronique.\n Veuillez changer votre mot de passe.\n\n(Pensez à vérifier vos spams ou courriers indésirables, si vous ne voyez pas ce mail dans votre boîte de réception).\n\nSi vous ne recevez pas le mail dans les 24 heures, utilisez le formulaire de réinitialisation, ou contactez votre administrateur.")
document.location.href="index.php";
} else {
console.log(data);
alert("Une erreur s'est produite.\n\nVeuillez renouveler votre inscription, utilisez le formulaire de réinitialisation, ou contactez votre administrateur.");
status.css("color", "red").html(data).fadeIn(400);
}
}
});
});
});
</script>
</div>
</body>
</html>