Merge branch 'stable-3.1' into do_not_use_fixed_sed_script_path

Makefile

@@ -34,7 +34,7 @@ install:
 install-common:
 # Shell Scripts
 	test -d $(DESTDIR)/usr/lib/alternc || mkdir -p $(DESTDIR)/usr/lib/alternc
-	cp src/* $(DESTDIR)/usr/lib/alternc/
+	cp -r src/* $(DESTDIR)/usr/lib/alternc/
 	chown root:root $(DESTDIR)/usr/lib/alternc/*
 	chmod 755 $(DESTDIR)/usr/lib/alternc/*
 
@@ -69,6 +69,15 @@ install-alternc: install-common
 # Man pages
 	install -o root -g root -m 644 man/*.8 $(DESTDIR)/usr/share/man/man8/
 
+#SSL functions
+	ln -s hosting_vhost-ssl.sh $(DESTDIR)/etc/alternc/functions_hosting/hosting_panel-ssl.sh
+	ln -s hosting_vhost-ssl.sh $(DESTDIR)/etc/alternc/functions_hosting/hosting_vhost-mixssl.sh
+	ln -s hosting_vhost-ssl.sh $(DESTDIR)/etc/alternc/functions_hosting/hosting_roundcube-ssl.sh
+	ln -s hosting_vhost-ssl.sh $(DESTDIR)/etc/alternc/functions_hosting/hosting_squirrelmail-ssl.sh
+	ln -s hosting_vhost-ssl.sh $(DESTDIR)/etc/alternc/functions_hosting/hosting_php52-ssl.sh
+	ln -s hosting_vhost-ssl.sh $(DESTDIR)/etc/alternc/functions_hosting/hosting_php52-mixssl.sh
+	ln -s hosting_vhost-ssl.sh $(DESTDIR)/etc/alternc/functions_hosting/hosting_url-ssl.sh
+
 install-slave: install-common
 # Man pages
 	pod2man --center "" --date "" --release "AlternC" --section=8 man/alternc.install.pod >$(DESTDIR)/usr/share/man/man8/alternc.install.8

api/panel/bootstrap.php

@@ -70,6 +70,7 @@ function __construct() {
 }
 $mem=new m_mem();
 $err=new m_err();
+$msg=new m_messages();
 $authip=new m_authip();
 $hooks=new m_hooks();
 

bureau/admin/styles/style.css

@@ -1022,6 +1022,13 @@ div.progress-bar div.txt {
   padding-left: 30px;
 }
 
+.ssl a, a.ssl, input.ssl, .ssl-menu .menu-title {
+  background-image: url(../images/ssl.png);
+  background-repeat: no-repeat;
+  background-position: 8px 3px;
+  padding-left: 30px;
+}
+
 .filter a, a.edit, input.filter {
   background-image: url(../icon/filter.png);
   background-repeat: no-repeat;
@@ -1093,8 +1100,13 @@ body .ui-widget-content a {
   padding: 0 16px;
 }
 
-th.headerSortUp { 
-  background-image: url(../images/asc.gif); 
+textarea.cert {
+    font-family: Courier New, Courier, monospace, fixed;
+    font-size: 12px;
+}
+
+th.headerSortUp {
+  background-image: url(../images/asc.gif);
   background-repeat: no-repeat;
   background-position: right; 
   cursor: pointer; 
@@ -1196,4 +1208,6 @@ th.headerSortDown {
 		float: none;
 		width:auto;
 	}
+textarea[readonly='readonly'] {
+  background-color: #ddd;
 }

bureau/class/m_cron.php

@@ -236,11 +236,12 @@ function execute_cron() {
                     echo "Will run cron :\n" . print_r($u, true) . "\n";
                 $urllist[] = $u;
             }
+        }
 
-            if (empty($urllist)) { // nothing to do : 
-                exit(0);
-            }
+        if (empty($urllist)) { // nothing to do : 
+            exit(0);
         }
+
         // cron_callback($url, $content, $curlobj) will be called at the end of each http call.
         $this->rolling_curl($urllist, array("m_cron", "cron_callback"));
     }
@@ -358,12 +359,11 @@ function rolling_curl($urls, $callback, $custom_options = null) {
                         break;
                     }
                 }
-
                 // If there is more: start a new request
                 // (it's important to do this before removing the old one)
                 if ($i < count($urls)) {
                     $ch = curl_init();
-                    $options[CURLOPT_URL] = $urls[$i++];  // increment i
+                    $options[CURLOPT_URL] = $urls[$i++]["url"];  // increment i
                     curl_setopt_array($ch, $options);
                     if (strtolower(substr($options[CURLOPT_URL], 0, 5)) == "https") {
                         curl_setopt($ch, CURLOPT_CAINFO, m_cron::DEFAULT_CAFILE);

debian/control

@@ -62,8 +62,11 @@ Conflicts: alternc-admintools
         , alternc-webalizer (<= 0.9.4)
         , alternc-mailman (<< 2.0)
         , courier-authlib
+        , alternc-ssl
 Provides: alternc-admintools
+        , alternc-ssl
 Replaces: alternc-admintools
+        , alternc-ssl
 Suggests: alternc-awstats
        , alternc-mailman
        , alternc-changepass

debian/rules

@@ -16,7 +16,6 @@ override_dh_install:
 	$(MAKE) install-awstats DESTDIR=$(CURDIR)/debian/alternc-awstats
 	$(MAKE) install-slave DESTDIR=$(CURDIR)/debian/alternc-slave
 	$(MAKE) install-api DESTDIR=$(CURDIR)/debian/alternc-api
-	$(MAKE) -C ssl install DESTDIR=$(CURDIR)/debian/alternc-ssl
 
 override_dh_fixperms:
 	dh_fixperms

etc/alternc/templates/alternc/apache2.conf

@@ -75,6 +75,9 @@ ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
   Order allow,deny
   Allow from all
 </Directory>
+<Directory /var/lib/alternc/ssl-cert-alias/>
+	      allow from all
+</Directory>
 
 <VirtualHost *:80>
   Include /etc/alternc/bureau.conf

etc/alternc/templates/opendkim.conf

@@ -14,3 +14,7 @@ KeyTable           /etc/opendkim/KeyTable
 SigningTable       /etc/opendkim/SigningTable
 ExternalIgnoreList /etc/opendkim/TrustedHosts
 InternalHosts      /etc/opendkim/TrustedHosts
+
+# The value from /etc/default/opendkim doesn't seem to be taken into account
+# @see https://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=861169
+Socket             local:/var/run/opendkim/opendkim.sock

install/alternc.install

@@ -201,7 +201,16 @@ PUBLIC_IP_BEGIN=$(echo $PUBLIC_IP|cut -c 1)
 # Secret for PhpMyAdmin sessions
 PHPMYADMIN_BLOWFISH="$(generate_string 24)"
 
+
 SED_SCRIPT=$(mktemp)
+# Escape passwords for sed and restore afterwards
+# Escaping '&' and '|' since those are used as special characters
+MYSQL_PASS_ORIG="$MYSQL_PASS"
+MYSQL_PASS=$(echo "$MYSQL_PASS" | sed -e 's/[|&]/\\&/g')
+MYSQL_MAIL_PASS_ORIG="$MYSQL_MAIL_PASS"
+MYSQL_MAIL_PASS=$(echo "$MYSQL_MAIL_PASS" | sed -e 's/[|&]/\\&/g')
+PHPMYADMIN_BLOWFISH_ORIG="$PHPMYADMIN_BLOWFISH_ORIG"
+PHPMYADMIN_BLOWFISH=$(echo "$PHPMYADMIN_BLOWFISH" | sed -e 's/[|&]/\\&/g')
 cat > $SED_SCRIPT <<EOF
 s\\%%hosting%%\\$HOSTING\\;
 s\\%%fqdn%%\\$FQDN\\;
@@ -215,20 +224,23 @@ s\\%%mx%%\\$DEFAULT_MX\\;
 s\\%%dbhost%%\\$MYSQL_HOST\\;
 s\\%%dbname%%\\$MYSQL_DATABASE\\;
 s\\%%dbuser%%\\$MYSQL_USER\\;
-s\\%%dbpwd%%\\$MYSQL_PASS\\;
+s|%%dbpwd%%|$MYSQL_PASS|;
 s\\%%db_mail_user%%\\$MYSQL_MAIL_USER\\;
-s\\%%db_mail_pwd%%\\$MYSQL_MAIL_PASS\\;
+s|%%db_mail_pwd%%|$MYSQL_MAIL_PASS|;
 s\\%%warning_message%%\\$WARNING\\;
 s\\%%fqdn_lettre%%\\$FQDN_LETTER\\;
 s\\%%version%%\\$VERSION\\;
 s\\%%ns2_ip%%\\$NS2_IP\\;
 s\\%%ALTERNC_HTML%%\\$ALTERNC_HTML\\;
 s\\%%ALTERNC_MAIL%%\\$ALTERNC_MAIL\\;
 s\\%%ALTERNC_LOGS%%\\$ALTERNC_LOGS\\;
-s\\%%PHPMYADMIN_BLOWFISH%%\\$PHPMYADMIN_BLOWFISH\\;
+s|%%PHPMYADMIN_BLOWFISH%%|$PHPMYADMIN_BLOWFISH|;
 EOF
+MYSQL_PASS="$MYSQL_PASS_ORIG"
+MYSQL_MAIL_PASS="$MYSQL_MAIL_PASS_ORIG"
+PHPMYADMIN_BLOWFISH="$PHPMYADMIN_BLOWFISH_ORIG"
 
-# hook 
+# hook
 test -d /usr/lib/alternc/install.d || mkdir -p /usr/lib/alternc/install.d
 run-parts --arg=templates --arg="$SED_SCRIPT" /usr/lib/alternc/install.d
 
@@ -593,6 +605,15 @@ touch /etc/opendkim/TrustedHosts /etc/opendkim/SigningTable /etc/opendkim/KeyTab
 grep -q "^127.0.0.1\$" /etc/opendkim/TrustedHosts || echo "127.0.0.1" >>/etc/opendkim/TrustedHosts
 grep -q "^localhost\$" /etc/opendkim/TrustedHosts || echo "localhost" >>/etc/opendkim/TrustedHosts
 grep -q "^$PUBLIC_IP\$" /etc/opendkim/TrustedHosts || echo "$PUBLIC_IP" >>/etc/opendkim/TrustedHosts
+if [ "$(lsb_release -s -c)" == 'stretch' ] ; then
+    /lib/opendkim/opendkim.service.generate
+    # Without adding '-u opendkim' after the service file is generated, opendkim
+    # will run as root, which we do not want.
+    if [ "$(grep -c 'u opendkim' /etc/systemd/system/opendkim.service.d/override.conf)" == 0 ] ; then
+        sed -i -e 's/inet:8891@127.0.0.1/& -u opendkim/' /etc/systemd/system/opendkim.service.d/override.conf
+    fi
+    systemctl daemon-reload
+fi
 
 # Add opendkim to service to restart
 SERVICES="$SERVICES opendkim"