function vhosts_users_ou($array)
{
$unix = new unix();
$ldap = new clladp();
$sock = new sockets();
$ApacheGroupWarePort = $sock->GET_INFO("ApacheGroupWarePort");
$SSLStrictSNIVHostCheck = $sock->GET_INFO("SSLStrictSNIVHostCheck");
$ou = $array["OU"][0];
$apacheservername = trim($array["apacheservername"][0]);
$wwwservertype = trim($array["wwwservertype"][0]);
$wwwsslmode = $array["wwwsslmode"][0];
$root = $array["apachedocumentroot"][0];
$index_cgi = $unix->BACKUPPC_GET_CGIBIN_PATH();
$img_dir = $unix->BACKUPPC_GET_IMG_DIR();
if ($index_cgi == null) {
echo "Starting Apache..............: BackupPC Unable to stat index.cgi\n";
return;
}
if ($img_dir == null) {
echo "Starting Apache..............: BackupPC Unable to images path\n";
return;
}
@mkdir($root, 0755, true);
shell_exec("/bin/cp {$index_cgi} {$root}/index.cgi");
shell_exec("/bin/ln -s {$img_dir} {$root}/image >/dev/null 2>&1");
shell_exec("chmod 4755 {$root}/index.cgi");
patchIndex($root);
$apacheuser = $unix->APACHE_GROUPWARE_ACCOUNT();
if (preg_match("#(.+?):#", $apacheuser, $re)) {
$apacheuser = $re[1];
}
shell_exec("chown -R backuppc:{$apacheuser} {$root}");
system("chmod 4755 {$root}/index.cgi");
$ApacheGroupWarePort_WRITE = $ApacheGroupWarePort;
echo "Starting Apache..............: BackupPC checking host {$apacheservername} in {$root} for {$apacheuser}:backuppc\n";
if ($wwwsslmode == "TRUE") {
$ssl[] = "\tSSLEngine on";
$ssl[] = "\tSSLCertificateFile {$GLOBALS["SSLKEY_PATH"]}/{$apacheservername}.crt";
$ssl[] = "\tSSLCertificateKeyFile {$GLOBALS["SSLKEY_PATH"]}/{$apacheservername}.key";
$unix->vhosts_BuildCertificate($apacheservername);
$ApacheGroupWarePort_WRITE = "443";
$SSLMODE = true;
$conf[] = "\n<VirtualHost *:{$ApacheGroupWarePort}>";
$conf[] = "\tServerName {$apacheservername}";
$conf[] = "\tRedirect / https://{$apacheservername}";
$conf[] = "</VirtualHost>\n";
}
echo "Starting Apache..............: BackupPC \"{$apacheservername}:{$ApacheGroupWarePort_WRITE}\"\n";
$conf[] = "\n<VirtualHost *:{$ApacheGroupWarePort_WRITE}>";
$conf[] = "\tServerName {$apacheservername}";
//$conf[]="\tSuexecUserGroup backuppc backuppc";
$conf[] = "\tServerAdmin webmaster@{$apacheservername}";
$conf[] = "\tDocumentRoot {$root}";
$conf[] = @implode("\n", $ssl);
include_once dirname(__FILE__) . "/ressources/class.freeweb.inc";
$freeweb = new freeweb();
$conf[] = $freeweb->WebDavBrowserMatches();
$conf[] = "\tAlias /backuppc {$root}";
$conf[] = "\t<Directory \"{$root}\">";
$conf[] = "\tAllowOverride None";
$conf[] = "\tAllow from all";
$conf[] = "\tOptions ExecCGI FollowSymlinks";
$conf[] = "\tAddHandler cgi-script .cgi";
$conf[] = "\tDirectoryIndex index.cgi";
$conf[] = "\t\tAuthType Basic";
$conf[] = "\t\tAuthBasicProvider ldap";
$conf[] = "\t\tAuthzLDAPAuthoritative off";
$conf[] = "\t\tAuthUserFile /dev/null";
$conf[] = "\t\tAuthLDAPBindDN \"cn={$ldap->ldap_admin},{$ldap->suffix}\"";
$conf[] = "\t\tAuthLDAPBindPassword {$ldap->ldap_password}";
$conf[] = "\t\tAuthLDAPUrl ldap://{$ldap->ldap_host}:{$ldap->ldap_port}/ou={$ou},dc=organizations,{$ldap->suffix}?uid";
$conf[] = "\t\tAuthName \"Authorization required\"";
$conf[] = "\t\trequire ldap-filter &(uid=*)";
$conf[] = "\t\trequire valid-user";
$conf[] = "\t</Directory>";
$conf[] = "</VirtualHost>\n";
return @implode("\n", $conf);
}
function buildUsers()
{
$users = new usersMenus();
$unix = new unix();
$sock = new sockets();
$q = new mysql();
$sql = "SELECT * FROM webdavusers";
$results = $q->QUERY_SQL($sql, "artica_backup");
if (!$q->ok) {
die($q->mysql_error);
}
$c = 0;
$APACHE_DIR_SITES_ENABLED = $users->APACHE_DIR_SITES_ENABLED;
if ($GLOBALS["VERBOSE"]) {
echo "APACHE_DIR_SITES_ENABLED.....: {$APACHE_DIR_SITES_ENABLED}\n";
}
foreach (glob("{$APACHE_DIR_SITES_ENABLED}/webdav.*.apache") as $filename) {
if ($GLOBALS["VERBOSE"]) {
echo "Unlink: {$filename}\n";
}
@unlink($filename);
$c++;
}
$EnableWebDavPerUser = $sock->GET_INFO("EnableWebDavPerUser");
$WebDavPerUserSets = unserialize(base64_decode($sock->GET_INFO("WebDavPerUserSets")));
if (!is_numeric($EnableWebDavPerUser)) {
$EnableWebDavPerUser = 0;
}
$EnableFreeWeb = $sock->GET_INFO("EnableFreeWeb");
if (!is_numeric($EnableFreeWeb)) {
$EnableFreeWeb = 0;
}
if ($EnableFreeWeb == 0) {
if ($GLOBALS["VERBOSE"]) {
echo "FreeWebs is not enabled\n";
}
return;
}
if ($EnableWebDavPerUser == 0) {
if ($GLOBALS["VERBOSE"]) {
echo "EnableWebDavPerUser is not enabled\n";
}
return;
}
$WebDavSuffix = $WebDavPerUserSets["WebDavSuffix"];
if ($WebDavSuffix == null) {
if ($GLOBALS["VERBOSE"]) {
echo "WebDavSuffix is not set\n";
}
return;
}
$FreeWebListen = $unix->APACHE_ListenDefaultAddress();
$FreeWebListenPort = $sock->GET_INFO("FreeWebListenPort");
$FreeWebListenSSLPort = $sock->GET_INFO("FreeWebListenSSLPort");
$FreeWebsDisableSSLv2 = $sock->GET_INFO("FreeWebsDisableSSLv2");
if ($FreeWebListen == null) {
$FreeWebListen = "*";
}
if ($FreeWebListen != "*") {
$FreeWebListenApache = "{$FreeWebListen}";
}
if ($FreeWebListenSSLPort == null) {
$FreeWebListenSSLPort = 443;
}
if (!is_numeric($FreeWebListenSSLPort)) {
$FreeWebListenSSLPort = 443;
}
if (!is_numeric($FreeWebListenPort)) {
$FreeWebListenPort = 80;
}
if (!is_numeric($FreeWebsDisableSSLv2)) {
$FreeWebsDisableSSLv2 = 0;
}
if ($unix->IsSquidReverse()) {
$FreeWebListenPort = 82;
$FreeWebListenPort = 447;
$FreeWebListen = "127.0.0.1";
}
if ($unix->isNGnx()) {
$FreeWebListenPort = 82;
$FreeWebListenPort = 447;
$FreeWebListen = "127.0.0.1";
}
$port = $FreeWebListen;
$SSL = $WebDavPerUserSets["EnableSSL"];
if (!is_numeric($SSL)) {
$SSL = 0;
}
echo "Starting......: " . date("H:i:s") . " Apache Listen {$FreeWebListen}:{$FreeWebListenPort}, SSL enabled={$SSL} SSL Port:{$FreeWebListenSSLPort} SSLv2={$FreeWebsDisableSSLv2}\n";
$ldap = new clladp();
while ($ligne = mysql_fetch_array($results, MYSQL_ASSOC)) {
$uid = $ligne["uid"];
$usr = new user($uid);
$HomeDirectory = $usr->homeDirectory;
if (trim($HomeDirectory) == null) {
if ($GLOBALS["VERBOSE"]) {
echo "{$uid}: Home Directory is not set !\n";
continue;
}
}
if (!is_numeric($usr->group_id)) {
if ($GLOBALS["VERBOSE"]) {
echo "Search group of {$uid}...\n";
}
$usr->group_id = getentGroup($uid);
}
if ($GLOBALS["VERBOSE"]) {
echo "servername will be {$uid}.{$WebDavSuffix} usergroup = `{$usr->group_id}`\n";
}
$group = new groups($usr->group_id);
if ($group->groupName == null) {
if ($GLOBALS["VERBOSE"]) {
echo "Cannot find group name for {$uid}\n";
}
continue;
}
$servername = "{$uid}.{$WebDavSuffix}";
@mkdir("{$usr->homeDirectory}/.dav", 0755, true);
$f = array();
if ($SSL == 1) {
$GLOBALS["CLASS_UNIX"]->vhosts_BuildCertificate($servername);
$port = $FreeWebListenSSLPort;
$f[] = "<VirtualHost {$FreeWebListen}:{$FreeWebListenPort}>";
$f[] = "\tRewriteEngine On";
$f[] = "\tRewriteCond %{HTTPS} off";
$f[] = "\tRewriteRule (.*) https://%{HTTP_HOST}:{$FreeWebListenSSLPort}";
$f[] = "</VirtualHost>";
$f[] = "";
$FreeWebListenPort = $FreeWebListenSSLPort;
}
$f[] = "<VirtualHost {$FreeWebListen}:{$FreeWebListenPort}>";
if ($SSL == 1) {
$f[] = "\tSetEnvIf User-Agent \".*MSIE.*\" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0";
$f[] = "\tSSLEngine on";
$f[] = "\tSSLCertificateFile {$GLOBALS["SSLKEY_PATH"]}/{$servername}.crt";
$f[] = "\tSSLCertificateKeyFile {$GLOBALS["SSLKEY_PATH"]}/{$servername}.key";
if ($FreeWebsDisableSSLv2 == 1) {
$f[] = "\tSSLProtocol -ALL +SSLv3 +TLSv1";
$f[] = "\tSSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM";
}
}
$f[] = "\tServerName {$servername}";
$f[] = "\tServerAdmin {$usr->mail}";
$f[] = "\tDocumentRoot {$usr->homeDirectory}";
//$f[]=" ServerAlias hostname.domaine.tld";
$f[] = "\t<IfModule mpm_itk_module>";
$f[] = "\t\tAssignUserId {$usr->uid} {$group->groupName}";
$f[] = "\t</IfModule>";
$f[] = "#WEBDAV";
$f[] = "\tDavLockDB \"{$usr->homeDirectory}/.dav/DavLock\"";
include_once dirname(__FILE__) . "/ressources/class.freeweb.inc";
$freeweb = new freeweb();
$conf[] = $freeweb->WebDavBrowserMatches();
$f[] = "\t<Directory {$usr->homeDirectory}>";
$f[] = "\t\tOptions Indexes FollowSymLinks MultiViews";
$f[] = "\t\tAllowOverride None";
$f[] = "\t\tOrder allow,deny";
$f[] = "\t\tallow from all";
$f[] = "\tDAV On";
$f[] = "\tDAVMinTimeout 600";
$f[] = "\tAuthType Basic";
$f[] = "\tAuthBasicProvider ldap";
$f[] = "\tAuthName \"{$servername} {$uid} Only\"";
$f[] = "\tAuthLDAPURL ldap://{$ldap->ldap_host}:{$ldap->ldap_port}/dc=organizations,{$ldap->suffix}?uid?sub";
$f[] = "\tAuthLDAPBindDN cn={$ldap->ldap_admin},{$ldap->suffix}";
$f[] = "\tAuthLDAPBindPassword {$ldap->ldap_password}";
$f[] = "\tAuthLDAPGroupAttribute memberUid";
$f[] = "\tRequire user {$uid}";
$f[] = "\tRequire valid-user";
$f[] = "\t</Directory>";
$f[] = "";
$f[] = "\tLogFormat \"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\" %V\" combinedv";
$f[] = "\tCustomLog {$usr->homeDirectory}/webdav_access.log combinedv";
$f[] = "\tErrorLog {$usr->homeDirectory}/webdav_error.log";
$f[] = "\tLogLevel warn";
$f[] = "";
$f[] = "</VirtualHost>";
if ($GLOBALS["VERBOSE"]) {
echo "{$uid} saving {$APACHE_DIR_SITES_ENABLED}/webdav.{$uid}.apache\n";
}
@file_put_contents("{$APACHE_DIR_SITES_ENABLED}/webdav.{$uid}.apache", @implode("\n", $f));
$c++;
}
if ($c > 0) {
if ($GLOBALS["VERBOSE"]) {
echo "{$GLOBALS["APACHECTL"]} -k restart 2>&1\n";
}
exec("{$GLOBALS["APACHECTL"]} -k restart 2>&1", $results);
}
}
function vhosts_users_ou($array)
{
$unix = new unix();
$ldap = new clladp();
$sock = new sockets();
$ApacheGroupware = $sock->GET_INFO("ApacheGroupware");
if ($ApacheGroupware == null) {
$ApacheGroupware = 1;
}
$ApacheGroupwareListenIP = $sock->GET_INFO("ApacheGroupwareListenIP");
$ApacheGroupWarePort = $sock->GET_INFO("ApacheGroupWarePort");
$ApacheGroupWarePortSSL = $sock->GET_INFO("ApacheGroupWarePortSSL");
$SSLStrictSNIVHostCheck = $sock->GET_INFO("SSLStrictSNIVHostCheck");
$d_path = $unix->APACHE_DIR_SITES_ENABLED();
if ($ApacheGroupware == 0) {
$ApacheGroupwareListenIP = $unix->APACHE_ListenDefaultAddress();
$ApacheGroupWarePort = $sock->GET_INFO("FreeWebListenPort");
$ApacheGroupWarePortSSL = $sock->GET_INFO("FreeWebListenSSLPort");
echo "Starting......: " . date("H:i:s") . " Apache Webdav switch to Apache source\n";
foreach (glob("{$d_path}/webdav-artica-*") as $filename) {
echo "Starting......: " . date("H:i:s") . " Apache Webdav removing " . basename($filename) . "\n";
}
}
if (!is_numeric($ApacheGroupWarePortSSL)) {
$ApacheGroupWarePortSSL = 443;
}
if (!is_numeric($ApacheGroupWarePort)) {
$ApacheGroupWarePort = 80;
}
if ($ApacheGroupwareListenIP == null) {
$ApacheGroupwareListenIP = "*";
}
$ou = $array["OU"][0];
$apacheservername = trim($array["apacheservername"][0]);
$wwwservertype = trim($array["wwwservertype"][0]);
$wwwsslmode = $array["wwwsslmode"][0];
$root = $array["apachedocumentroot"][0];
$ApacheGroupWarePort_WRITE = $ApacheGroupWarePort;
$ww_account = $unix->APACHE_GROUPWARE_ACCOUNT();
$users = loadWebDavUsers($ou);
if (count($users) < 1) {
return;
}
if ($wwwsslmode == "TRUE") {
$ssl[] = "\tSSLEngine on";
$ssl[] = "\tSSLCertificateFile {$GLOBALS["SSLKEY_PATH"]}/{$apacheservername}.crt";
$ssl[] = "\tSSLCertificateKeyFile {$GLOBALS["SSLKEY_PATH"]}/{$apacheservername}.key";
$unix->vhosts_BuildCertificate($apacheservername);
$ApacheGroupWarePort_WRITE = "443";
$SSLMODE = true;
$conf[] = "\n<VirtualHost *:{$ApacheGroupWarePort}>";
$conf[] = "\tServerName {$apacheservername}";
$conf[] = "\tRedirect / https://{$apacheservername}";
$conf[] = "</VirtualHost>\n";
}
$freeweb = new freeweb();
echo "Starting Apache..............: WebDav \"{$apacheservername}:{$ApacheGroupWarePort_WRITE}\"\n";
if (!is_dir($root)) {
echo "Starting Apache..............: WebDav creating directory {$root}\n";
@mkdir("{$root}", 0755, true);
}
echo "Starting Apache..............: Apache user: {$ww_account}\n";
system("/bin/chown -R {$ww_account} {$root}");
$conf[] = "\n<VirtualHost {$ApacheGroupwareListenIP}:{$ApacheGroupWarePort_WRITE}>";
$conf[] = "\tServerName {$apacheservername}";
$conf[] = "\tServerAdmin webmaster@{$apacheservername}";
$conf[] = "\tDocumentRoot /home";
$conf[] = @implode("\n", $ssl);
$conf[] = "\tDavLockDB \"{$root}/DavLock\"";
include_once dirname(__FILE__) . "/ressources/class.freeweb.inc";
$freeweb = new freeweb();
$conf[] = $freeweb->WebDavBrowserMatches();
while (list($uid, $home) = each($users)) {
$conf[] = "\t<Directory \"{$home}\">";
echo "Starting Apache..............: WebDav \"{$uid}\"\n";
$conf[] = "\tOptions Indexes FollowSymLinks Includes MultiViews";
$conf[] = "\t\tAllowOverride None";
$conf[] = "\t\tOrder allow,deny";
$conf[] = "\t\tAllow from all";
$conf[] = "\t\tDAV On";
$conf[] = "\t\tAuthType Basic";
$conf[] = "\t\tAuthBasicProvider ldap";
$conf[] = "\t\tAuthzLDAPAuthoritative off";
$conf[] = "\t\tAuthUserFile /dev/null";
$conf[] = "\t\tAuthLDAPBindDN \"cn={$ldap->ldap_admin},{$ldap->suffix}\"";
$conf[] = "\t\tAuthLDAPBindPassword {$ldap->ldap_password}";
$conf[] = "\t\tAuthLDAPUrl ldap://{$ldap->ldap_host}:{$ldap->ldap_port}/ou={$ou},dc=organizations,{$ldap->suffix}?uid";
$conf[] = "\t\tAuthName \"Authorization required\"";
$conf[] = "\t\trequire ldap-filter &(uid={$uid})";
$conf[] = "\t\trequire valid-user";
$conf[] = "\t\t<LimitExcept GET PUT HEAD OPTIONS POST>";
$conf[] = "\t\t\tRequire valid-user";
$conf[] = "\t\t</LimitExcept>";
$conf[] = "\t</Directory>";
$unix->THREAD_COMMAND_SET(LOCATE_PHP5_BIN2() . " " . dirname(__FILE__) . "/exec.samba.php --home {$uid}");
}
$conf[] = "LogLevel debug";
$conf[] = "</VirtualHost>\n";
return @implode("\n", $conf);
}