From e171a03a715a40ff6e76f698d5d6f7d7a67f5967 Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Sun, 11 Mar 2012 00:57:48 +0100 Subject: [PATCH] initial import --- createlinks | 68 ++++++ root/etc/cron.hourly/qpsmtpd-cleanup | 21 ++ root/etc/cron.monthly/maillog-rotate | 30 +++ root/etc/e-smith/db/accounts/defaults/scan/type | 1 + .../db/configuration/defaults/autofs/status | 1 + .../e-smith/db/configuration/defaults/autofs/type | 1 + .../defaults/ipasserelle/LdapMailAlias | 1 + .../defaults/ipasserelle/LdapReverseGroups | 1 + .../db/configuration/defaults/ipasserelle/status | 1 + .../db/configuration/defaults/ipasserelle/type | 1 + .../e-smith/db/configuration/defaults/ipmi/status | 1 + .../e-smith/db/configuration/defaults/ipmi/type | 1 + .../etc/e-smith/events/actions/generate-email-sign | 129 +++++++++++ .../events/actions/ipasserelle-init-accounts | 130 +++++++++++ .../events/actions/ipasserelle-init-domains | 52 +++++ .../e-smith/events/actions/ipasserelle-init-shares | 95 ++++++++ root/etc/e-smith/events/actions/ldap-update-info | 95 ++++++++ root/etc/e-smith/events/actions/private-cacert | 11 + root/etc/e-smith/events/actions/share-modify-scan | 46 ++++ .../e-smith/events/actions/update-ldap-pseudonyms | 149 +++++++++++++ .../e-smith/events/actions/update-reverse-group | 140 ++++++++++++ .../locale/fr/etc/e-smith/web/functions/userinfo | 102 +++++++++ .../etc/e-smith/web/functions/userpanel-viewgroups | 30 +++ .../templates-custom/etc/syslog.conf/local5 | 2 + .../etc/cpu.conf/16iPasserelleObjectClass | 6 + .../templates/etc/cron.hourly/qmail-notify/10All | 3 + .../etc/mail/spamassassin/local.cf/00setup | 10 + root/etc/e-smith/templates/etc/my.cnf/035openfiles | 1 + .../etc/openldap/slapd.conf/10schema99iPasserelle | 1 + .../etc/openldap/slapd.conf/90indexes99iPasserelle | 2 + root/etc/e-smith/templates/etc/smb.conf/91scan | 16 ++ .../templates/etc/squid/squid.conf/20ACL45yum | 6 + .../e-smith/templates/etc/squid/squid.conf/95cache | 5 + .../templates/etc/squid/squid.conf/96xForwardedFor | 6 + .../templates/etc/sysconfig/raid-check/10All | 1 + .../service/qpsmtpd/config/peers/0/10greylisting | 5 + root/etc/e-smith/web/functions/userinfo | 148 +++++++++++++ .../etc/e-smith/web/functions/userpanel-viewgroups | 56 +++++ root/etc/logrotate.d/samba-audit | 8 + root/etc/openldap/schema/ipasserelle.schema | 26 +++ .../site_perl/esmith/FormMagick/Panel/userinfo.pm | 244 +++++++++++++++++++++ .../esmith/FormMagick/Panel/userpanelViewgroups.pm | 191 ++++++++++++++++ root/var/qmail/control/queuenotifymsg | 6 + 43 files changed, 1850 insertions(+) create mode 100644 createlinks create mode 100644 root/etc/cron.hourly/qpsmtpd-cleanup create mode 100644 root/etc/cron.monthly/maillog-rotate create mode 100644 root/etc/e-smith/db/accounts/defaults/scan/type create mode 100644 root/etc/e-smith/db/configuration/defaults/autofs/status create mode 100644 root/etc/e-smith/db/configuration/defaults/autofs/type create mode 100644 root/etc/e-smith/db/configuration/defaults/ipasserelle/LdapMailAlias create mode 100644 root/etc/e-smith/db/configuration/defaults/ipasserelle/LdapReverseGroups create mode 100644 root/etc/e-smith/db/configuration/defaults/ipasserelle/status create mode 100644 root/etc/e-smith/db/configuration/defaults/ipasserelle/type create mode 100644 root/etc/e-smith/db/configuration/defaults/ipmi/status create mode 100644 root/etc/e-smith/db/configuration/defaults/ipmi/type create mode 100644 root/etc/e-smith/events/actions/generate-email-sign create mode 100644 root/etc/e-smith/events/actions/ipasserelle-init-accounts create mode 100644 root/etc/e-smith/events/actions/ipasserelle-init-domains create mode 100644 root/etc/e-smith/events/actions/ipasserelle-init-shares create mode 100644 root/etc/e-smith/events/actions/ldap-update-info create mode 100644 root/etc/e-smith/events/actions/private-cacert create mode 100644 root/etc/e-smith/events/actions/share-modify-scan create mode 100644 root/etc/e-smith/events/actions/update-ldap-pseudonyms create mode 100644 root/etc/e-smith/events/actions/update-reverse-group create mode 100644 root/etc/e-smith/locale/fr/etc/e-smith/web/functions/userinfo create mode 100644 root/etc/e-smith/locale/fr/etc/e-smith/web/functions/userpanel-viewgroups create mode 100644 root/etc/e-smith/templates-custom/etc/syslog.conf/local5 create mode 100644 root/etc/e-smith/templates/etc/cpu.conf/16iPasserelleObjectClass create mode 100644 root/etc/e-smith/templates/etc/cron.hourly/qmail-notify/10All create mode 100644 root/etc/e-smith/templates/etc/mail/spamassassin/local.cf/00setup create mode 100644 root/etc/e-smith/templates/etc/my.cnf/035openfiles create mode 100644 root/etc/e-smith/templates/etc/openldap/slapd.conf/10schema99iPasserelle create mode 100644 root/etc/e-smith/templates/etc/openldap/slapd.conf/90indexes99iPasserelle create mode 100644 root/etc/e-smith/templates/etc/smb.conf/91scan create mode 100644 root/etc/e-smith/templates/etc/squid/squid.conf/20ACL45yum create mode 100644 root/etc/e-smith/templates/etc/squid/squid.conf/95cache create mode 100644 root/etc/e-smith/templates/etc/squid/squid.conf/96xForwardedFor create mode 100644 root/etc/e-smith/templates/etc/sysconfig/raid-check/10All create mode 100644 root/etc/e-smith/templates/var/service/qpsmtpd/config/peers/0/10greylisting create mode 100644 root/etc/e-smith/web/functions/userinfo create mode 100644 root/etc/e-smith/web/functions/userpanel-viewgroups create mode 100644 root/etc/logrotate.d/samba-audit create mode 100644 root/etc/openldap/schema/ipasserelle.schema create mode 100644 root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/userinfo.pm create mode 100644 root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/userpanelViewgroups.pm create mode 100644 root/var/qmail/control/queuenotifymsg diff --git a/createlinks b/createlinks new file mode 100644 index 0000000..e499966 --- /dev/null +++ b/createlinks @@ -0,0 +1,68 @@ +#!/usr/bin/perl -w + +use esmith::Build::CreateLinks qw(:all); + +foreach my $event (qw/user-create user-modify group-create group-modify group-delete ldap-update bootstrap-ldap-save/){ + event_link("update-reverse-group", "$event", "85"); +} +foreach my $event (qw/user-modify user-modify-admin pseudonym-create pseudonym-modify pseudonym-delete ldap-update bootstrap-ldap-save/){ + event_link("update-ldap-pseudonyms", "$event", "86"); +} + +# Initialisation des comptes, partages et domaines +foreach my $event (qw/ipasserelle-update bootstrap-ldap-save/){ + event_link("ipasserelle-init-accounts", "$event", "10"); + event_link("ipasserelle-init-shares", "$event", "15"); + event_link("ipasserelle-init-domains", "$event", "20"); +} + +# Generateur de signature +foreach my $event (qw/ipasserelle-update bootstrap-console-save user-create user-modify user-modify-admin ldap-update/){ + event_link("generate-email-sign", "$event", "50"); +} + +# CAcert +# Initialisation des domaines +foreach my $event (qw/ipasserelle-update bootstrap-ldap-save/){ + event_link("private-cacert", "$event", "25"); +} + +# Activation de qmail-notify +templates2events("/etc/cron.hourly/qmail-notify", qw(email-update bootstrap-console-save)); + +# Desactivation des checks RAID +templates2events("/etc/sysconfig/raid-check", qw(ipasserelle-update bootstrap-console-save)); + +# Config des panels +event_link("conf-userpanelsymlinks", "ipasserelle-update", "60"); + +# Reset unsavedchange +event_link("reset-unsavedflag", "ipasserelle-update", "80"); + +safe_symlink("sighup", "root/etc/e-smith/events/ipasserelle-update/services2adjust/smbd"); + +# Permissions scan +event_link("share-modify-scan", "user-create", "80"); +event_link("share-modify-scan", "user-delete", "80"); +event_link("share-modify-scan", "ipasserelle-update", "80"); + +# Update LDAP attr on user-modify +event_link("ldap-update-info", "user-modify", "89"); +event_link("ldap-update-info", "user-modify-admin", "89"); +event_link("ldap-update-info", "ldap-update", "89"); +event_link("ldap-update-info", "bootstrap-ldap-save", "89"); + +# Init DB +event_link("initialize-default-databases", "ipasserelle-update", "06"); + +# Service IPMI +service_link_enhanced("ipmi", "S26", "7"); +service_link_enhanced("ipmi", "K74", "6"); +# Autofs +service_link_enhanced("autofs", "S28", "7"); +service_link_enhanced("autofs", "K72", "6"); + +# Panels +panel_link('userinfo','manager'); +panel_link('userpanel-viewgroups','user'); + diff --git a/root/etc/cron.hourly/qpsmtpd-cleanup b/root/etc/cron.hourly/qpsmtpd-cleanup new file mode 100644 index 0000000..6b0172c --- /dev/null +++ b/root/etc/cron.hourly/qpsmtpd-cleanup @@ -0,0 +1,21 @@ +#!/usr/bin/perl + +use Sys::Syslog qw( :DEFAULT setlogsock); +use Proc::ProcessTable; +use Proc::ProcessTable::Process; + +setlogsock('unix'); +openlog($0,'','user'); +$t = new Proc::ProcessTable; +foreach $p ( @{$t->table} ){ + next unless $p->cmndline =~ m#^/usr/bin/qpsmtpd-forkserver#; + my $diff = time - $p->start; + # Process is more than 30 minutes old ? + if ($diff > 1800){ + syslog('info', "Killing PID " . $p->pid . "(" . $p->cmndline . + ") because it looks like a stalled qpsmtpd process"); + $p->kill(9); + } +} +closelog; + diff --git a/root/etc/cron.monthly/maillog-rotate b/root/etc/cron.monthly/maillog-rotate new file mode 100644 index 0000000..6ae5542 --- /dev/null +++ b/root/etc/cron.monthly/maillog-rotate @@ -0,0 +1,30 @@ +#!/bin/bash + +BCC=$(db configuration getprop qpsmtpd Bcc || echo 'disabled') +ARCHIVE=$(db configuration getprop qpsmtpd ArchiveBcc || echo 'disabled') + +# Exit now if BCC is disabled +if [ "$BCC" != "enabled" -o "$ARCHIVE" != "enabled" ]; then + exit 0 +fi + +USER=$(db configuration getprop qpsmtpd BccUser || echo 'maillog') +HOME="/home/e-smith/files/users/$USER" + +MONTH=$(date +%m) +YEAR=$(date +%Y) + +su - -s /bin/bash $USER -c "maildirmake -f $YEAR $HOME/Maildir" +su - -s /bin/bash $USER -c "maildirmake -f $YEAR.$MONTH $HOME/Maildir" + + +# Lock mail delivery +chmod +t $HOME +cd $HOME +find Maildir/cur/ -type f | xargs -I __INPUT__ mv __INPUT__ Maildir/.$YEAR.$MONTH/cur/ 2>&1 > /dev/null +find Maildir/new/ -type f | xargs -I __INPUT__ mv __INPUT__ Maildir/.$YEAR.$MONTH/new/ 2>&1 > /dev/null +su - -s /bin/bash $USER -c "tar cjf $HOME/mails_$YEAR.$MONTH.tar.bz2 Maildir/.$YEAR.$MONTH/" +su - -s /bin/bash $USER -c "rm -rf Maildir/.$YEAR.$MONTH/" +# Unlock mail delivery +chmod -t $HOME + diff --git a/root/etc/e-smith/db/accounts/defaults/scan/type b/root/etc/e-smith/db/accounts/defaults/scan/type new file mode 100644 index 0000000..6202d07 --- /dev/null +++ b/root/etc/e-smith/db/accounts/defaults/scan/type @@ -0,0 +1 @@ +ipstore diff --git a/root/etc/e-smith/db/configuration/defaults/autofs/status b/root/etc/e-smith/db/configuration/defaults/autofs/status new file mode 100644 index 0000000..7a68b11 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/autofs/status @@ -0,0 +1 @@ +disabled diff --git a/root/etc/e-smith/db/configuration/defaults/autofs/type b/root/etc/e-smith/db/configuration/defaults/autofs/type new file mode 100644 index 0000000..24e1098 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/autofs/type @@ -0,0 +1 @@ +service diff --git a/root/etc/e-smith/db/configuration/defaults/ipasserelle/LdapMailAlias b/root/etc/e-smith/db/configuration/defaults/ipasserelle/LdapMailAlias new file mode 100644 index 0000000..86981e6 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/ipasserelle/LdapMailAlias @@ -0,0 +1 @@ +enabled diff --git a/root/etc/e-smith/db/configuration/defaults/ipasserelle/LdapReverseGroups b/root/etc/e-smith/db/configuration/defaults/ipasserelle/LdapReverseGroups new file mode 100644 index 0000000..86981e6 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/ipasserelle/LdapReverseGroups @@ -0,0 +1 @@ +enabled diff --git a/root/etc/e-smith/db/configuration/defaults/ipasserelle/status b/root/etc/e-smith/db/configuration/defaults/ipasserelle/status new file mode 100644 index 0000000..86981e6 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/ipasserelle/status @@ -0,0 +1 @@ +enabled diff --git a/root/etc/e-smith/db/configuration/defaults/ipasserelle/type b/root/etc/e-smith/db/configuration/defaults/ipasserelle/type new file mode 100644 index 0000000..24e1098 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/ipasserelle/type @@ -0,0 +1 @@ +service diff --git a/root/etc/e-smith/db/configuration/defaults/ipmi/status b/root/etc/e-smith/db/configuration/defaults/ipmi/status new file mode 100644 index 0000000..7a68b11 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/ipmi/status @@ -0,0 +1 @@ +disabled diff --git a/root/etc/e-smith/db/configuration/defaults/ipmi/type b/root/etc/e-smith/db/configuration/defaults/ipmi/type new file mode 100644 index 0000000..24e1098 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/ipmi/type @@ -0,0 +1 @@ +service diff --git a/root/etc/e-smith/events/actions/generate-email-sign b/root/etc/e-smith/events/actions/generate-email-sign new file mode 100644 index 0000000..1c5c309 --- /dev/null +++ b/root/etc/e-smith/events/actions/generate-email-sign @@ -0,0 +1,129 @@ +#!/usr/bin/perl -w + +#---------------------------------------------------------------------- +# copyright (C) 2011 Firewall-Services +# daniel@firewall-services.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +#---------------------------------------------------------------------- + +package esmith; + +use strict; +use Errno; +use esmith::ConfigDB; +use esmith::AccountsDB; +use esmith::templates; +use User::pwent; +use File::Path qw(mkpath); + +my $configdb = esmith::ConfigDB->open_ro or + die "Could not open configuration db\n"; +my $accountsdb = esmith::AccountsDB->open_ro or + die "Could not open accounts db\n"; + +my $domain = $configdb->get('DomainName')->value(); +my $l = $configdb->get('ldap') or die 'Error reading ldap configuration'; + +my $defCity = $l->prop('defaultCity') || ''; +my $defComp = $l->prop('defaultCompany') || ''; +my $defDep = $l->prop('defaultDepartment') || ''; +my $defTel = $l->prop('defaultPhoneNumber') || ''; +my $defStreet = $l->prop('defaultStreet') || ''; + +my $event = shift; +my $userName = shift; +my @users; + +if (defined $userName) +{ + my $rec = $accountsdb->get($userName); + die + "Account $userName is not a user account; signature generation failed.\n" + unless $userName eq 'admin' || ($rec && $rec->prop('type') eq "user"); + @users = ($rec); +} +else +{ + @users = ( $accountsdb->users, $accountsdb->get('admin') ); +} + +foreach my $user (@users) +{ + $userName = $user->key; + + setpwent(); + my $home = getpwnam($userName)->dir; + my $uid = getpwnam($userName)->uid; + my $gid = getpwnam($userName)->gid; + my $dir = $home . '/home/signature'; + mkpath "$dir"; + chown $uid, $gid, $dir; + + my $first = $user->prop('FirstName') || ''; + my $last = $user->prop('LastName') || ''; + my $mail = $user->prop('PreferredEmail') || "$userName\@$domain"; + my $tel = $user->prop('Phone') || $defTel; + my $mob = $user->prop('Mobile') || ''; + my $fax = $user->prop('Fax') || ''; + my $func = $user->prop('Function1') || ''; + my $func2 = $user->prop('Function2') || ''; + my $func3 = $user->prop('Function3') || ''; + my $func4 = $user->prop('Function4') || ''; + my $comp = $user->prop('Company') || $defComp; + my $dep = $user->prop('Dept') || $defDep; + my $postalcode = $user->prop('PostalCode') || ''; + my $street = $user->prop('Street') || $defStreet; + my $city = $user->prop('City') || $defCity; + my $url = $user->prop('Url') || ''; + my $template = $user->prop('SignatureTemplate') || "email"; + + my $addr = "$street $postalcode $city"; + + $tel = ($tel eq '') ? '':"Tel: $tel"; + $mob = ($mob eq '') ? '':"Mobile: $mob"; + $fax = ($fax eq '') ? '':"Fax: $fax"; + $url = ($url eq '') ? '':"Web: $url"; + + foreach my $ext (qw/txt html/){ + open(R, '<', "/home/e-smith/files/shares/tools/files/templates_signatures/$template.$ext") || + next; + open(W, '>', "$dir/email.$ext") || die "Error opening output file $dir/email.$ext\n"; + + foreach (){ + s/__NOM__/$last/g; + s/__PRENOM__/$first/g; + s/__EMAIL__/$mail/g; + s/__TEL__/$tel/g; + s/__MOBILE__/$mob/g; + s/__FAX__/$fax/g; + s/__FONCTION__/$func/g; + s/__FONCTION2__/$func2/g; + s/__FONCTION3__/$func3/g; + s/__FONCTION4__/$func4/g; + s/__SERVICE__/$dep/g; + s/__ENTREPRISE__/$comp/g; + s/__ADRESSE__/$addr/g; + s/__URL__/$url/g; + print W $_; + } + close R; + close W; + } +} + +exit (0); + diff --git a/root/etc/e-smith/events/actions/ipasserelle-init-accounts b/root/etc/e-smith/events/actions/ipasserelle-init-accounts new file mode 100644 index 0000000..af0e0f2 --- /dev/null +++ b/root/etc/e-smith/events/actions/ipasserelle-init-accounts @@ -0,0 +1,130 @@ +#!/usr/bin/perl -w + +#---------------------------------------------------------------------- +# copyright (C) 2010 Firewall-Services +# daniel@firewall-services.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# Technical support for this program is available from Mitel Networks +# Please visit our web site www.mitel.com/sme/ for details. +#---------------------------------------------------------------------- + +use esmith::util; +use esmith::AccountsDB; + +my $a = esmith::AccountsDB->open() or die "Couldn't open AccountsDB\n"; + +# Check user fws +my $fws = $a->get("fws"); + +if (!$fws){ + $a->new_record("fws", { + type => 'user', + FirstName => 'Firewall', + LastName => 'Services', + Phone => '0556641532', + EmailForward => 'forward', + ForwardAddress => 'sme6admin@firewall-services.com', + Company => 'Firewall-Services', + City => 'Martillac', + Dept => 'Administration', + Removable => 'no' + }); + + unless ( system("/sbin/e-smith/signal-event", "user-create", "fws") == 0 ){ + die "Failed to create user account fws\n"; + } +} + +# Check user maillog +my $maillog = $a->get("maillog"); + +if (!$maillog){ + $a->new_record("maillog", { + type => 'user', + FirstName => 'Mail', + LastName => 'Log', + EmailForward => 'local', + Removable => 'no' + }); + + unless ( system("/sbin/e-smith/signal-event", "user-create", "maillog") == 0 ){ + die "Failed to create user account maillog\n"; + } +} + +# Check user scan +my $scan = $a->get("scanner"); + +if (!$scan){ + $a->new_record("scanner", { + type => 'user', + FirstName => 'Network', + LastName => 'Scan', + EmailForward => 'local', + Removable => 'no' + }); + + unless ( system("/sbin/e-smith/signal-event", "user-create", "scanner") == 0 ){ + die "Failed to create user account scanner\n"; + } +} + +# Check group mailadmin +my $mailadm = $a->get("mailadmin"); + +if (!$mailadm){ + $a->new_record("mailadmin", { + type => 'group', + Description => 'Mail Admins', + Members => 'fws', + }); + + unless ( system("/sbin/e-smith/signal-event", "group-create", "mailadmin") == 0 ){ + die "Failed to create group mailadmin\n"; + } +} + +# Check group admins +my $admins = $a->get("admins"); + +if (!$admins){ + $a->new_record("admins", { + type => 'group', + Description => 'Domain Admins', + Members => 'fws', + }); + + unless ( system("/sbin/e-smith/signal-event", "group-create", "admins") == 0 ){ + die "Failed to create group admins\n"; + } +} + +# Check group equipe +my $equipe = $a->get("equipe"); + +if (!$equipe){ + $a->new_record("equipe", { + type => 'group', + Description => 'Utilisateurs internes', + Members => '', + }); + + unless ( system("/sbin/e-smith/signal-event", "group-create", "equipe") == 0 ){ + die "Failed to create group admins\n"; + } +} + diff --git a/root/etc/e-smith/events/actions/ipasserelle-init-domains b/root/etc/e-smith/events/actions/ipasserelle-init-domains new file mode 100644 index 0000000..16741da --- /dev/null +++ b/root/etc/e-smith/events/actions/ipasserelle-init-domains @@ -0,0 +1,52 @@ +#!/usr/bin/perl -w +#---------------------------------------------------------------------- +# copyright (C) 2010-2011 Firewall-Services +# daniel@firewall-services.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# Technical support for this program is available from Mitel Networks +# Please visit our web site www.mitel.com/sme/ for details. +#---------------------------------------------------------------------- + +use strict; +use warnings; +use esmith::DomainsDB; +use esmith::ConfigDB; + +my $d = esmith::DomainsDB->open or die "Couldn't open DomainsDB\n"; +my $c = esmith::ConfigDB->open_ro() or die "Couldn't open ConfigDB\n"; + +my $domain = $c->get('DomainName')->value; +my $vhost; + +$vhost = $d->get("extranet.$domain"); + +if (!$vhost){ + $d->new_record("extranet.$domain",{ + type => 'domain', + Content => 'Primary', + Description => "Extranet", + Nameservers => 'internet', + TemplatePath => 'WebAppVirtualHost', + DocumentRoot => '/home/e-smith/files/shares/extranet/files', + Removable => 'yes', + }); + + unless ( system("/sbin/e-smith/signal-event", "domain-create", "extranet.$domain") == 0 ){ + die "Failed to create domain extranet.$domain\n"; + } +} + diff --git a/root/etc/e-smith/events/actions/ipasserelle-init-shares b/root/etc/e-smith/events/actions/ipasserelle-init-shares new file mode 100644 index 0000000..a262231 --- /dev/null +++ b/root/etc/e-smith/events/actions/ipasserelle-init-shares @@ -0,0 +1,95 @@ +#!/usr/bin/perl -w + +#---------------------------------------------------------------------- +# copyright (C) 2010 Firewall-Services +# daniel@firewall-services.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# Technical support for this program is available from Mitel Networks +# Please visit our web site www.mitel.com/sme/ for details. +#---------------------------------------------------------------------- + +use esmith::util; +use esmith::AccountsDB; + +my $a = esmith::AccountsDB->open() or die "Couldn't open AccountsDB\n"; + +# Check share intranet +my $intranet = $a->get("intranet"); + +if (!$intranet){ + $a->new_record("intranet", { + type => 'share', + Name => 'Partage Commun', + WriteGroups => 'admins,equipe', + smbAccess => 'browseable', + httpAccess => 'none', + RecycleBin => 'disabled' + }); + + unless ( system("/sbin/e-smith/signal-event", "share-create", "intranet") == 0 ){ + die "Failed to create share intranet\n"; + } +} + +# Check share extranet +my $extranet = $a->get("extranet"); + +if (!$extranet){ + $a->new_record("extranet", { + type => 'share', + Name => 'Partage Externe', + WriteGroups => 'admins,equipe', + smbAccess => 'browseable', + httpAccess => 'global', + RequireSSL => 'disabled', + Indexes => 'enabled', + DynamicContent => 'disabled', + RecycleBin => 'disabled' + }); + + unless ( system("/sbin/e-smith/signal-event", "share-create", "extranet") == 0 ){ + die "Failed to create share extranet\n"; + } +} + +# Check share tools +my $tools = $a->get('tools'); + +if (!$tools){ + $a->new_record("tools", { + type => 'share', + Name => 'Outils iPasserelle', + WriteGroups => 'admins', + ReadGroups => 'equipe', + smbAccess => 'non-browseable', + httpAccess => 'local', + RequireSSL => 'disabled', + Indexes => 'enabled', + DynamicContent => 'disabled', + RecycleBin => 'disabled' + }); + + unless ( system("/sbin/e-smith/signal-event", "share-create", "tools") == 0 ){ + die "Failed to create share tools\n"; + } +} +else{ + unless ( system("/sbin/e-smith/signal-event", "share-modify-files", "tools") == 0 ){ + die "Failed to modify share tools\n"; + } +} + diff --git a/root/etc/e-smith/events/actions/ldap-update-info b/root/etc/e-smith/events/actions/ldap-update-info new file mode 100644 index 0000000..86a338d --- /dev/null +++ b/root/etc/e-smith/events/actions/ldap-update-info @@ -0,0 +1,95 @@ +#!/usr/bin/perl -w + +package esmith; + +use strict; +use Errno; +use esmith::ConfigDB; +use esmith::AccountsDB; +use esmith::util; +use Net::LDAP; +use File::Temp; + +my $c = esmith::ConfigDB->open_ro; +my $a = esmith::AccountsDB->open_ro; + +my $ldapauth = $c->get('ldap')->prop('Authentication') || 'disabled'; +my $x = 0; # exit value + +my $l = $c->get('ldap'); +my $status = $l->prop('status') || "disabled"; +unless ($status eq "enabled" ) +{ + warn "Not running action script $0, LDAP service not enabled!\n"; + exit(0); +} + +my $domain = $c->get('DomainName') + || die("Couldn't determine domain name"); +$domain = $domain->value; + +my @accounts; +my $account; +my $event = shift || die "Event name is missing\n"; +if ($event eq 'ldap-update' or + $event eq 'bootstrap-ldap-save') +{ + @accounts = ($a->users); + push(@accounts, $a->get('admin')); +} +else +{ + my @name = @ARGV; + die "Account name argument missing." unless scalar (@name) >= 1; + + foreach my $name (@name) + { + $account = $a->get($name); + die "Account $name not found.\n" unless defined $account; + + push @accounts, $account; + } +} + +foreach my $acc (@accounts){ + my $user = $acc->key; + my $postalcode = $acc->prop('PostalCode') || ''; + my $mobile = $acc->prop('Mobile') || ''; + my $extension = $acc->prop('Extension') || ''; + my $fax = $acc->prop('Fax') || ''; + my $function1 = $acc->prop('Function1') || ''; + my $function2 = $acc->prop('Function2') || ''; + my $function3 = $acc->prop('Function3') || ''; + my $function4 = $acc->prop('Function4') || ''; + my $initials = $acc->prop('Initials') || ''; + my $dshell = $acc->prop('DesktopShell') || ''; + my $preferredemail = $acc->prop('PreferredEmail') || ''; + $preferredemail = "$user\@$domain" if ($preferredemail eq ''); + + my $tmpattr = File::Temp->new(); + print $tmpattr "postalCode: $postalcode\n"; + print $tmpattr "mobile: $mobile\n"; + print $tmpattr "extensionNumber: $extension\n"; + print $tmpattr "facsimileTelephoneNumber: $fax\n"; + print $tmpattr "title: $function1\n" if ($function1 ne ''); + print $tmpattr "title: $function2\n" if ($function2 ne ''); + print $tmpattr "title: $function3\n" if ($function3 ne ''); + print $tmpattr "title: $function4\n" if ($function4 ne ''); + # remove the emplyeeType attr if all 4 functions are empty + if ($function1 eq '' && + $function2 eq '' && + $function3 eq '' && + $function4 eq ''){ + print $tmpattr "title: \n"; + } + print $tmpattr "initials: $initials\n"; + print $tmpattr "desktopLoginShell: $dshell\n"; + print $tmpattr "preferredMail: $preferredemail\n"; + $tmpattr->flush(); + + system("/usr/sbin/cpu", "usermod", "-a", "$tmpattr", $user) == 0 + or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify ldap informations for account $user.\n" ); + undef $tmpattr; +} + +exit ($x); diff --git a/root/etc/e-smith/events/actions/private-cacert b/root/etc/e-smith/events/actions/private-cacert new file mode 100644 index 0000000..51ceac8 --- /dev/null +++ b/root/etc/e-smith/events/actions/private-cacert @@ -0,0 +1,11 @@ +#!/bin/bash + +# Copy PHPki CAcert in the global cert store +# and run c_rehash + +if [ ! -e /etc/pki/tls/certs/cacert.pem -a -e /opt/phpki/phpki-store/CA/certs/cacert.pem ]; then + cp /opt/phpki/phpki-store/CA/certs/cacert.pem /etc/pki/tls/certs/cacert.pem + chmod 644 /etc/pki/tls/certs/cacert.pem + c_rehash /etc/pki/tls/certs/ +fi + diff --git a/root/etc/e-smith/events/actions/share-modify-scan b/root/etc/e-smith/events/actions/share-modify-scan new file mode 100644 index 0000000..f7344e6 --- /dev/null +++ b/root/etc/e-smith/events/actions/share-modify-scan @@ -0,0 +1,46 @@ +#!/usr/bin/perl -w + +package esmith; +use File::Path qw(mkpath rmtree); +use esmith::AccountsDB; + +my $a = esmith::AccountsDB->open_ro(); + +$ENV{'PATH'} = "/bin"; +my $setfacl = "/usr/bin/setfacl"; + +my $event = $ARGV [0]; +my $name = $ARGV [1]; + +if ($event eq 'user-create'){ + mkpath "/home/e-smith/files/scan/$name"; + system ("$setfacl", + '-m', + "u:scanner:w,u:$name:rwX,d:u:$name:rw", + '--', + "/home/e-smith/files/scan/$name"); +} +elsif ($event eq 'user-delete'){ + rmtree "/home/e-smith/files/scan/$name"; +} +else { + system ("$setfacl", + '-R', + '--remove-all', + '--remove-default', + '--', + "/home/e-smith/files/scan/"); + + foreach ($a->users,$a->get('admin')){ + my $name = $_->key; + mkdir "/home/e-smith/files/scan/$name", 0700 + unless (-d "/home/e-smith/files/scan/$name"); + system ("$setfacl", + '-m', + "u:scanner:rwX,u:$name:rwX,d:u:$name:rwX", + '--', + "/home/e-smith/files/scan/$name"); + } +} + +exit (0); diff --git a/root/etc/e-smith/events/actions/update-ldap-pseudonyms b/root/etc/e-smith/events/actions/update-ldap-pseudonyms new file mode 100644 index 0000000..d437cec --- /dev/null +++ b/root/etc/e-smith/events/actions/update-ldap-pseudonyms @@ -0,0 +1,149 @@ +#!/usr/bin/perl -w + +#---------------------------------------------------------------------- +# copyright (C) 20102011 Firewall Services +# dani@firewall-services.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +#---------------------------------------------------------------------- + +package esmith; + +use strict; +use Errno; +use esmith::ConfigDB; +use esmith::AccountsDB; +use esmith::util; +use List::MoreUtils qw(uniq); +use Net::LDAP; +use Encode; +use Text::Unaccent::PurePerl qw(unac_string); + +my $c = esmith::ConfigDB->open_ro; +my $a = esmith::AccountsDB->open_ro; + +my $i = $c->get('ipasserelle'); +my $ip = $i->prop('status') || 'disabled'; +my $alias = $i->prop('LdapMailAlias') || 'disabled'; + +if (($ip eq 'disabled') || ($alias eq 'disabled')){ + exit (0); +} + +my $l = $c->get('ldap'); +my $status = $l->prop('status') || "disabled"; +unless ($status eq "enabled" ) +{ + warn "Not running action script $0, LDAP service not enabled!\n"; + exit(0); +} + +my $hostname = $c->get('SystemName') + || die("Couldn't determine system name"); +$hostname = $hostname->value; + +my $domain = $c->get('DomainName') + || die("Couldn't determine domain name"); +$domain = $domain->value; + +my @accounts; +my $account; +my $event = shift || die "Event name must be specified"; +if ($event eq 'ldap-update' or + $event eq 'bootstrap-ldap-save' or + $event =~ m/(pseudonym)\-(create|modify|delete)/) +{ + @accounts = ($a->users,$a->groups); + push(@accounts, $a->get('admin')); +} +else +{ + my @name = @ARGV; + die "Account name argument missing." unless scalar (@name) >= 1; + + foreach my $name (@name) + { + $account = $a->get($name); + die "Account $name not found.\n" unless defined $account; + + push @accounts, $account; + } +} + +my $base = esmith::util::ldapBase ($domain); +my $pw = esmith::util::LdapPassword(); + +my $ldap = Net::LDAP->new('localhost') + or die "$@"; + +$ldap->bind( + dn => "cn=root,$base", + password => $pw +); + +my $result; +foreach my $acct (@accounts) +{ + my $key = $acct->key; + + my @pseudo = ("$key"); + + foreach my $pseudo ($a->pseudonyms){ + push (@pseudo, $pseudo->key) if ($pseudo->prop('Account') eq $key); + } + # Do another loop to include pseudonyms of pseudonyms + foreach my $pseudo ($a->pseudonyms){ + push (@pseudo, $pseudo->key) if ( + grep { $_ eq $pseudo->prop('Account') } @pseudo + ); + } + + # Include AltEmailX addresses + foreach my $alt qw(1 2 3 4){ + push (@pseudo, $acct->prop('AltEmail' . $alt)) if ( + ($acct->prop('AltEmail' . $alt) || '') ne '' + ); + } + + # Put PreferredMail at the top of the list + @pseudo = ($acct->prop('PreferredEmail'), @pseudo) if ( + ($acct->prop('PreferredEmail') || '') ne '' + ); + + my @alias = (); + foreach (@pseudo){ + $_ = $_ . "\@$domain" if $_ !~ /\@/; + push (@alias, unac_string(decode('utf-8',$_))); + } + @alias = uniq(@alias); + + my $ou = 'Users'; + my $dn = 'uid'; + if ($acct->prop('type') eq 'group'){ + $ou = "Groups"; + $dn = "cn"; + } + $result = $ldap->modify( + "$dn=$key,ou=$ou,$base", + replace => { + mail => \@alias + } + ); + $result->code && warn "failed to modify entry $dn=$key,ou=$ou,$base: ", $result->error; +} + +$ldap->unbind; + diff --git a/root/etc/e-smith/events/actions/update-reverse-group b/root/etc/e-smith/events/actions/update-reverse-group new file mode 100644 index 0000000..b83870a --- /dev/null +++ b/root/etc/e-smith/events/actions/update-reverse-group @@ -0,0 +1,140 @@ +#!/usr/bin/perl -w + +#---------------------------------------------------------------------- +# copyright (C) 2010 Firewall Services +# dani@firewall-services.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# Technical support for this program is available from e-smith, inc. +# For details, please visit our web site at www.e-smith.com or +# call us on 1 888 ESMITH 1 (US/Canada toll free) or +1 613 564 8000 +#---------------------------------------------------------------------- + +package esmith; + +use strict; +use Errno; +use esmith::ConfigDB; +use esmith::AccountsDB; +use esmith::util; +use Net::LDAP; + +my $c = esmith::ConfigDB->open_ro; +my $a = esmith::AccountsDB->open_ro; + +my $i = $c->get('ipasserelle'); +my $ip = $i->prop('status') || 'disabled'; +my $reverse = $i->prop('LdapReverseGroups') || 'disabled'; + +if (($ip eq 'disabled') || ($reverse eq 'disabled')){ + exit (0); +} + +my $l = $c->get('ldap'); +my $status = $l->prop('status') || "disabled"; +unless ($status eq "enabled" ) +{ + warn "Not running action script $0, LDAP service not enabled!\n"; + exit(0); +} + +my $hostname = $c->get('SystemName') + || die("Couldn't determine system name"); +$hostname = $hostname->value; + +my $domain = $c->get('DomainName') + || die("Couldn't determine domain name"); +$domain = $domain->value; + +my @accounts; +my $account; +my $event = shift || die "Event name must be specified"; +if ($event eq 'ldap-update' or + $event eq 'bootstrap-ldap-save' or + $event =~ m/group\-(create|modify|delete)/) +{ + @accounts = ($a->users); + push(@accounts, $a->get('admin')); +} +else +{ + my @name = @ARGV; + die "Account name argument missing." unless scalar (@name) >= 1; + + foreach my $name (@name) + { + $account = $a->get($name); + die "Account $name not found.\n" unless defined $account; + my $type = $account->prop('type') || "unknown"; + + die "Account $name is not a user account; update LDAP entry failed.\n" + unless ($type eq 'user' or $name eq 'admin'); + push @accounts, $account; + } +} + +my $base = esmith::util::ldapBase ($domain); +my $pw = esmith::util::LdapPassword(); + +my $ldap = Net::LDAP->new('localhost') + or die "$@"; + +$ldap->bind( + dn => "cn=root,$base", + password => $pw +); + +my $result; +foreach my $acct (@accounts) +{ + my $key = $acct->key; + + # Ensure this account has the iPasserelleUser objectclass + $result = $ldap->search( + base => "ou=Users,". $base, + scope => 'sub', + filter => "uid=$key" + ); + $result->code && warn "Error looking for entry uid=$key,ou=Users,$base: ", $result->error; + my @oc = (); + foreach my $entry ($result->all_entries()){ + push @oc, $entry->get_value('objectClass'); + } + + push @oc, 'iPasserelleUser' unless (grep { $_ =~ /iPasserelleUser/i } @oc); + + $result = $ldap->modify( + "uid=$key,ou=Users,$base", + replace => { + objectClass => \@oc + } + ); + $result->code && warn "failed to modify entry uid=$key,ou=Users,$base: ", $result->error; + + + my @groups = $a->user_group_list($key); + + $result = $ldap->modify( + "uid=$key,ou=Users,$base", + replace => { + posixMemberOf => \@groups + } + ); + $result->code && warn "failed to modify entry uid=$key,ou=Users,$base: ", $result->error; +} + +$ldap->unbind; + diff --git a/root/etc/e-smith/locale/fr/etc/e-smith/web/functions/userinfo b/root/etc/e-smith/locale/fr/etc/e-smith/web/functions/userinfo new file mode 100644 index 0000000..49be422 --- /dev/null +++ b/root/etc/e-smith/locale/fr/etc/e-smith/web/functions/userinfo @@ -0,0 +1,102 @@ + + + User Informations + Informations Utilisateurs + + + FORM_TITLE + Informations Utilisateurs + + + FIRSTPAGE_DESC + Cette page vous permet de modifier certaines informations liées aux utiliseurs. Ces informations seront publiées dans l'annuaire LDAP. + + + USER_MODIFIED + Utilisateur modifié avec succès + + + CANNOT_MODIFY_USER + Une erreur est survenue lors de la modification de l'utilisateur. + + + MODIFY_DESC + Modification des informations de l'utilisateur + + + FIRSTNAME + Prénom + + + LASTNAME + Nom + + + DEPARTMENT + Service + + + COMPANY + Société + + + STREET_ADDRESS + Adresse + + + POSTAL_CODE + Code postal + + + CITY + Ville + + + PHONE_NUMBER + Téléphone + + + MOBILE_NUMBER + Téléphone portable + + + EXTENSION_NUMBER + Téléphone interne + + + FAX_NUMBER + Fax + + + FUNCTION + Fonction + + + INITIALS + Initiales + + + ALT_EMAIL + Adresse Email alternative + + + PREFERRED_EMAIL + Adresse Email préférée + + + BAD_SYNTAX + Erreur de syntaxe + + + URL + Site web + + + SHELL + Shell de connexion au serveur + + + DESKTOP_SHELL + Shell de connexion aux postes de travail + + diff --git a/root/etc/e-smith/locale/fr/etc/e-smith/web/functions/userpanel-viewgroups b/root/etc/e-smith/locale/fr/etc/e-smith/web/functions/userpanel-viewgroups new file mode 100644 index 0000000..871f8a9 --- /dev/null +++ b/root/etc/e-smith/locale/fr/etc/e-smith/web/functions/userpanel-viewgroups @@ -0,0 +1,30 @@ + + + FORM_TITLE + Liste des groupes d'utilisateurs + + + CURRENT_LIST + Liste des groupes existants + + + VIEWGROUPS + Liste des groupes d'utilisateurs + + + VIEW + Détails + + + VIEW_USER_GROUP + Détails du groupe + + + GROUP_DESC + Description + + + GROUP_MAIL + Adresses mail du groupe + + diff --git a/root/etc/e-smith/templates-custom/etc/syslog.conf/local5 b/root/etc/e-smith/templates-custom/etc/syslog.conf/local5 new file mode 100644 index 0000000..644a1b3 --- /dev/null +++ b/root/etc/e-smith/templates-custom/etc/syslog.conf/local5 @@ -0,0 +1,2 @@ +local5.=notice -/var/log/smb_audit.log +local5.*;local5.!=notice -{ "${messages}" } diff --git a/root/etc/e-smith/templates/etc/cpu.conf/16iPasserelleObjectClass b/root/etc/e-smith/templates/etc/cpu.conf/16iPasserelleObjectClass new file mode 100644 index 0000000..228870b --- /dev/null +++ b/root/etc/e-smith/templates/etc/cpu.conf/16iPasserelleObjectClass @@ -0,0 +1,6 @@ +{ + +push @userObjectClass, 'iPasserelleUser'; +$OUT .= ''; + +} diff --git a/root/etc/e-smith/templates/etc/cron.hourly/qmail-notify/10All b/root/etc/e-smith/templates/etc/cron.hourly/qmail-notify/10All new file mode 100644 index 0000000..2657edc --- /dev/null +++ b/root/etc/e-smith/templates/etc/cron.hourly/qmail-notify/10All @@ -0,0 +1,3 @@ +#!/bin/sh +exec qmail-notify -r -m -f /var/qmail/control/queuenotifymsg + diff --git a/root/etc/e-smith/templates/etc/mail/spamassassin/local.cf/00setup b/root/etc/e-smith/templates/etc/mail/spamassassin/local.cf/00setup new file mode 100644 index 0000000..9221ce7 --- /dev/null +++ b/root/etc/e-smith/templates/etc/mail/spamassassin/local.cf/00setup @@ -0,0 +1,10 @@ +{ + +# Work arround a bug with some locales +# See http://bugs.contribs.org/show_bug.cgi?id=4644 + +use POSIX; +setlocale LC_ALL, 'en_US'; +$OUT .= ''; + +} diff --git a/root/etc/e-smith/templates/etc/my.cnf/035openfiles b/root/etc/e-smith/templates/etc/my.cnf/035openfiles new file mode 100644 index 0000000..6d52c2f --- /dev/null +++ b/root/etc/e-smith/templates/etc/my.cnf/035openfiles @@ -0,0 +1 @@ +open_files_limit = 4096 diff --git a/root/etc/e-smith/templates/etc/openldap/slapd.conf/10schema99iPasserelle b/root/etc/e-smith/templates/etc/openldap/slapd.conf/10schema99iPasserelle new file mode 100644 index 0000000..ef7e10f --- /dev/null +++ b/root/etc/e-smith/templates/etc/openldap/slapd.conf/10schema99iPasserelle @@ -0,0 +1 @@ +include /etc/openldap/schema/ipasserelle.schema diff --git a/root/etc/e-smith/templates/etc/openldap/slapd.conf/90indexes99iPasserelle b/root/etc/e-smith/templates/etc/openldap/slapd.conf/90indexes99iPasserelle new file mode 100644 index 0000000..7eac13b --- /dev/null +++ b/root/etc/e-smith/templates/etc/openldap/slapd.conf/90indexes99iPasserelle @@ -0,0 +1,2 @@ +index posixMemberOf eq +index preferredMail eq,subinitial diff --git a/root/etc/e-smith/templates/etc/smb.conf/91scan b/root/etc/e-smith/templates/etc/smb.conf/91scan new file mode 100644 index 0000000..4e4d5f8 --- /dev/null +++ b/root/etc/e-smith/templates/etc/smb.conf/91scan @@ -0,0 +1,16 @@ +[scan] +comment = Scan Reseau +path = /home/e-smith/files/scan/ +read only = no +writable = yes +printable = no +browseable = no +inherit permissions = yes +create mode = 0660 +vfs objects = full_audit + full_audit:priority=notice + full_audit:success=opendir mkdir rmdir open write rename unlink + full_audit:failure=connect + full_audit:facility=local5 + full_audit:prefix=%u|%I|%m|%S + diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/20ACL45yum b/root/etc/e-smith/templates/etc/squid/squid.conf/20ACL45yum new file mode 100644 index 0000000..d9770cb --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/20ACL45yum @@ -0,0 +1,6 @@ + +acl yum url_regex repomd\.xml$ +acl yum url_regex sqlite\.bz2$ +acl yum url_regex xml\.gz$ +cache deny yum + diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/95cache b/root/etc/e-smith/templates/etc/squid/squid.conf/95cache new file mode 100644 index 0000000..2388378 --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/95cache @@ -0,0 +1,5 @@ + +cache_dir aufs /var/spool/squid {($squid{'CacheSize'} || '2000')} 16 256 +maximum_object_size {($squid{'MaxObjectSize'} || '15')} MB +cache_mem {($squid{'CacheMemSize'} || '100')} MB + diff --git a/root/etc/e-smith/templates/etc/squid/squid.conf/96xForwardedFor b/root/etc/e-smith/templates/etc/squid/squid.conf/96xForwardedFor new file mode 100644 index 0000000..3d856af --- /dev/null +++ b/root/etc/e-smith/templates/etc/squid/squid.conf/96xForwardedFor @@ -0,0 +1,6 @@ + +acl localhost src 127.0.0.1 +follow_x_forwarded_for allow localhost +forwarded_for off +header_access X-Forwarded-For deny all + diff --git a/root/etc/e-smith/templates/etc/sysconfig/raid-check/10All b/root/etc/e-smith/templates/etc/sysconfig/raid-check/10All new file mode 100644 index 0000000..db41ab3 --- /dev/null +++ b/root/etc/e-smith/templates/etc/sysconfig/raid-check/10All @@ -0,0 +1 @@ +ENABLED=no diff --git a/root/etc/e-smith/templates/var/service/qpsmtpd/config/peers/0/10greylisting b/root/etc/e-smith/templates/var/service/qpsmtpd/config/peers/0/10greylisting new file mode 100644 index 0000000..d379764 --- /dev/null +++ b/root/etc/e-smith/templates/var/service/qpsmtpd/config/peers/0/10greylisting @@ -0,0 +1,5 @@ +{ + my $grey = $qpsmtpd{'GreyListing'} || 'disabled'; + return '' unless ($grey eq 'enabled'); + return "greylisting black_timeout 60 db_dir /var/lib/qpsmtpd/greylisting sender"; +} diff --git a/root/etc/e-smith/web/functions/userinfo b/root/etc/e-smith/web/functions/userinfo new file mode 100644 index 0000000..3c94170 --- /dev/null +++ b/root/etc/e-smith/web/functions/userinfo @@ -0,0 +1,148 @@ +#!/usr/bin/perl -wT + +# vim: ft=xml ts=4 sw=4 et: +#---------------------------------------------------------------------- +# heading : Collaboration +# description : User Informations +# navigation : 2000 2100 +#---------------------------------------------------------------------- +#---------------------------------------------------------------------- +# copyright (C) 2011 Firewall-Services +# daniel@firewall-services.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# Technical support for this program is available from Mitel Networks +# Please visit our web site www.mitel.com/sme/ for details. +#---------------------------------------------------------------------- + +use strict; +use esmith::TestUtils; +use esmith::FormMagick::Panel::userinfo; + +my $fm = esmith::FormMagick::Panel::userinfo->new(); + +use CGI; +my $q = new CGI; +$fm->display(); + +__DATA__ +
+ + FIRSTPAGE_DESC + + + + MODIFY_DESC + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ diff --git a/root/etc/e-smith/web/functions/userpanel-viewgroups b/root/etc/e-smith/web/functions/userpanel-viewgroups new file mode 100644 index 0000000..5257b94 --- /dev/null +++ b/root/etc/e-smith/web/functions/userpanel-viewgroups @@ -0,0 +1,56 @@ +#!/usr/bin/perl -wT + +# vim: ft=xml ts=4 sw=4 et: +#---------------------------------------------------------------------- +# heading : Collaboration +# description : VIEWGROUPS +# navigation : 2000 2200 +#---------------------------------------------------------------------- +#---------------------------------------------------------------------- +# copyright (C) 2011 Firewall-Services +# daniel@firewall-services.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# Technical support for this program is available from Mitel Networks +# Please visit our web site www.mitel.com/sme/ for details. +#---------------------------------------------------------------------- + + +use strict; +use esmith::FormMagick::Panel::userpanelViewgroups; +my $f = esmith::FormMagick::Panel::userpanelViewgroups->new(); +$f->display(); + +__DATA__ +
+ + + + + VIEW_USER_GROUP + + + + + + + + + + + +
+ diff --git a/root/etc/logrotate.d/samba-audit b/root/etc/logrotate.d/samba-audit new file mode 100644 index 0000000..5d734f2 --- /dev/null +++ b/root/etc/logrotate.d/samba-audit @@ -0,0 +1,8 @@ +/var/log/smb_audit.log { + rotate 360 + daily + compress + missingok + notifempty + copytruncate +} diff --git a/root/etc/openldap/schema/ipasserelle.schema b/root/etc/openldap/schema/ipasserelle.schema new file mode 100644 index 0000000..ca24e29 --- /dev/null +++ b/root/etc/openldap/schema/ipasserelle.schema @@ -0,0 +1,26 @@ +attributetype ( 1.3.6.1.4.1.37518.1.1.2.1 NAME 'posixMemberOf' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.37518.1.1.2.2 NAME 'preferredMail' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.37518.1.1.2.3 NAME 'extensionNumber' + DESC 'Internal Telephone Number' + EQUALITY telephoneNumberMatch + SUBSTR telephoneNumberSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) + +attributetype ( 1.3.6.1.4.1.37518.1.1.2.4 NAME 'desktopLoginShell' + DESC 'The path to the login shell for desktop machines' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +objectclass ( 1.3.6.1.4.1.37518.1.1.1.1 NAME 'iPasserelleUser' + DESC 'iPasserelle User' + SUP top AUXILIARY + MAY ( posixMemberOf $ preferredMail $ extensionNumber $ desktopLoginShell)) diff --git a/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/userinfo.pm b/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/userinfo.pm new file mode 100644 index 0000000..c2dc7f0 --- /dev/null +++ b/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/userinfo.pm @@ -0,0 +1,244 @@ +#!/usr/bin/perl -w + +#--------------------------------------------------------------------- +# copyright (C) 2011 Firewall-Services +# daniel@firewall-services.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +#---------------------------------------------------------------------- +package esmith::FormMagick::Panel::userinfo; + +use strict; + +use esmith::FormMagick; +use esmith::AccountsDB; +use esmith::ConfigDB; +use esmith::cgi; +use esmith::util; +use File::Basename; +use Exporter; +use Carp qw(verbose); + +our @ISA = qw(esmith::FormMagick Exporter); + +our @EXPORT = qw( + print_user_table + get_ldap_value + print_save_button + get_prop +); + +our $accountdb = esmith::AccountsDB->open(); +our $configdb = esmith::ConfigDB->open(); + +sub new { + shift; + my $self = esmith::FormMagick->new(); + $self->{calling_package} = (caller)[0]; + bless $self; + return $self; +} + +sub print_user_table { + my $self = shift; + my $q = $self->{cgi}; + my $account = $self->localise('ACCOUNT'); + my $acctName = $self->localise('USER_NAME'); + + my $modify = $self->localise('MODIFY'); + + my @users = $accountdb->get('admin'); + push @users, $accountdb->users(); + + unless ( scalar @users ) + { + print $q->Tr($q->td($self->localise('NO_USER_ACCOUNTS'))); + return ""; + } + print " \n \n "; + print $q->start_table ({-CLASS => "sme-border"}),"\n "; + print $q->Tr( + esmith::cgi::genSmallCell($q, $self->localise($account),"header"), + esmith::cgi::genSmallCell($q, $self->localise($acctName),"header"), + esmith::cgi::genSmallCell($q, $self->localise('ACTION'),"header",4)); + + my $scriptname = basename($0); + my $index=0; + + foreach my $u (@users) { + my $username = $u->key(); + my $first = $u->prop('FirstName'); + my $last = $u->prop('LastName'); + + my $action1 = "$modify"; + + print $q->Tr(esmith::cgi::genSmallCell($q, $username,"normal")," ", + esmith::cgi::genSmallCell($q, "$first $last","normal")," ", + esmith::cgi::genSmallCell($q, "$action1","normal")); + } + + print qq(\n); + + return ""; +} + +sub get_ldap_value { + my ($self, $field) = @_; + + my $user = $self->{cgi}->param('acctName'); + + return $accountdb->get("$user")->prop("$field") || ''; +} + +sub print_save_button { + + my ($self) = @_; + + my $cgi = $self->{cgi}; + + $self->print_button("SAVE"); +} + +sub modify_user { + my ($self) = @_; + my $acctName = $self->{cgi}->param('acctName'); + + unless (($acctName) = ($acctName =~ /^(\w[\-\w_\.]*)$/)) { + return $self->error($self->localise('TAINTED_USER', + { acctName => $acctName })); + } + # Untaint the username before use in system() + $acctName = $1; + + my $acct = $accountdb->get($acctName); + my $acctType = $acct->prop('type'); + + if ($acctType eq "user" || $acctName eq 'admin') + { + $accountdb->remove_user_auto_pseudonyms($acctName); + my %newProperties = ( + 'FirstName' => $self->{cgi}->param('FirstName'), + 'LastName' => $self->{cgi}->param('LastName'), + 'Phone' => $self->{cgi}->param('Phone'), + 'Company' => $self->{cgi}->param('Company'), + 'Dept' => $self->{cgi}->param('Dept'), + 'City' => $self->{cgi}->param('City'), + 'Street' => $self->{cgi}->param('Street'), + 'PostalCode' => $self->{cgi}->param('PostalCode'), + 'Mobile' => $self->{cgi}->param('Mobile'), + 'Extension' => $self->{cgi}->param('Extension'), + 'Fax' => $self->{cgi}->param('Fax'), + 'Function1' => $self->{cgi}->param('Function1'), + 'Function2' => $self->{cgi}->param('Function2'), + 'Function3' => $self->{cgi}->param('Function3'), + 'Function4' => $self->{cgi}->param('Function4'), + 'Initials' => $self->{cgi}->param('Initials'), + 'AltEmail1' => $self->{cgi}->param('AltEmail1'), + 'AltEmail2' => $self->{cgi}->param('AltEmail2'), + 'AltEmail3' => $self->{cgi}->param('AltEmail3'), + 'AltEmail4' => $self->{cgi}->param('AltEmail4'), + 'PreferredEmail' => $self->{cgi}->param('PreferredEmail'), + 'Url' => $self->{cgi}->param('Url'), + 'Shell' => $self->{cgi}->param('Shell'), + 'DesktopShell' => $self->{cgi}->param('DesktopShell'), + ); + + $acct->merge_props(%newProperties); + + $accountdb->create_user_auto_pseudonyms($acctName); + + undef $accountdb; + + my $event = ($acctName eq 'admin') ? 'user-modify-admin':'user-modify'; + unless (system ("/sbin/e-smith/signal-event", "$event", + $acctName) == 0) { + $accountdb = esmith::AccountsDB->open(); + return $self->error('CANNOT_MODIFY_USER'); + } + $accountdb = esmith::AccountsDB->open(); + } + $self->success('USER_MODIFIED'); +} + +sub pseudonym_clash { + my ($self, $first) = @_; + $first ||= ""; + my $last = $self->{cgi}->param('LastName') || ""; + my $acctName = $self->{cgi}->param('acctName') || ""; + + my $up = "$first $last"; + + $up =~ s/^\s+//; + $up =~ s/\s+$//; + $up =~ s/\s+/ /g; + $up =~ s/\s/_/g; + + my $dp = $up; + $dp =~ s/_/./g; + + $dp = $accountdb->get($dp); + $up = $accountdb->get($up); + + my $da = $dp->prop('Account') if $dp; + my $ua = $up->prop('Account') if $up; + if ($dp and $da and $da ne $acctName) + { + return $self->localise('PSEUDONYM_CLASH', + { + acctName => $acctName, + clashName => $da, + pseudonym => $dp->key + }); + } + elsif ($up and $ua and $ua ne $acctName) + { + return $self->localise('PSEUDONYM_CLASH', + { + acctName => $acctName, + clashName => $ua, + pseudonym => $up->key + }); + } + else + { + return "OK"; + } +} + +sub numbers_or_empty { + my ($self, $field) = @_; + my $ret = $self->localise('BAD_SYNTAX'); + + $ret = "OK" if (($field =~ m/\d+/) || ($field eq '')); + return $ret; +} + +sub email_or_empty { + my ($self, $field) = @_; + my $ret = $self->localise('BAD_SYNTAX'); + + $ret = "OK" if (($field =~ m/^[a-zA-Z][a-zA-Z0-9\._\-]*\@?([a-zA-Z0-9\._\-]*)?$/) || ($field eq '')); + return $ret; +} + +sub url_or_empty { + my ($self, $field) = @_; + my $ret = $self->localise('BAD_SYNTAX'); + + $ret = 'OK' if (($field =~ m/^https?:\/\/[a-zA-Z0-9\._\-\/]*/) || ($field eq '')); + return $ret; +} + +1; diff --git a/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/userpanelViewgroups.pm b/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/userpanelViewgroups.pm new file mode 100644 index 0000000..07e8aab --- /dev/null +++ b/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/userpanelViewgroups.pm @@ -0,0 +1,191 @@ +#!/usr/bin/perl -w + +package esmith::FormMagick::Panel::userpanelViewgroups; + +use strict; + +use esmith::FormMagick; +use esmith::ConfigDB; +use esmith::AccountsDB; +use File::Basename; +use Exporter; +use Carp; + +our @ISA = qw(esmith::FormMagick Exporter); + +our @EXPORT = qw( + + show_initial + genUsers + get_accounts_prop + get_description + get_group_mail +); + +our $accounts = esmith::AccountsDB->open() || die "Couldn't open accounts"; +our $db = esmith::ConfigDB->open || die "Couldn't open config db"; + +our $VERSION = sprintf '%d.%03d', q$Revision: 1.38 $ =~ /: (\d+).(\d+)/; + + +sub new { + shift; + my $self = esmith::FormMagick->new(); + $self->{calling_package} = (caller)[0]; + bless $self; + return $self; +} + + +=head2 get_accounts_prop ITEM PROP + +A simple accessor for esmith::AccountsDB::Record::prop + +=cut + +sub get_accounts_prop { + my $fm = shift; + my $item = shift; + my $prop = shift; + + my $record = $accounts->get($item); + + if ($record) { + return $record->prop($prop); + } + else { + return ''; + } +} + +=head2 get_description + +Get the Description for the group named in the CGI argument "GroupName" + +=cut + +sub get_description { + my $fm = shift; + my $group = $fm->{'cgi'}->param('groupName'); + return ( $fm->get_accounts_prop( $group, 'Description' ) ); +} + +=head2 get_group_mail + +Get the mail address for the group named in the CGI argument "GroupName" + +=cut + +sub get_group_mail { + my $fm = shift; + my $group = $fm->{'cgi'}->param('groupName'); + # Get all the pseudonymes + my $domain = $db->get('DomainName')->value(); + my @mails = ("$group\@$domain"); + foreach ($accounts->pseudonyms()){ + push @mails, $_->key . "\@$domain" if (($_->prop('Account') || '') eq $group); + } + return join("
",@mails); +} + +=head1 ACTION + + +=head2 show_initial FM + +Show the "start" page for this panel + +=cut + +sub show_initial () { + my $fm = shift; + my $q = $fm->{cgi}; + $q->Delete('groupName'); + + my $params = $fm->build_cgi_params(); + + my $numGroups = $accounts->groups; + + if ( $numGroups == 0 ) { + print $q->Tr($q->td( + '

' . $fm->localise("ACCOUNT_GROUP_NONE") . '

')); + + } + else { + print $q->Tr($q->td({-colspan => 2}, $fm->localise('CURRENT_LIST'))); + print $q->start_table({-CLASS => "sme-border"}),"\n"; + print "" + . $fm->localise("GROUP") + . " " + . $fm->localise('DESCRIPTION') + . "" + . $fm->localise('ACTION') + . ""; + foreach my $group ( $accounts->groups() ) { + $params = $fm->build_cgi_params( $group->key ); + print "" . "" + . $group->key . "" . "" + . $group->prop('Description') . "" + . "" + . $fm->localise("VIEW") . "" + + } + print $q->end_table,"\n"; + } + return; +} + +=head2 build_cgi_params() + +Builds a CGI query string, using various sensible +defaults and esmith::FormMagick's props_to_query_string() method. + +=cut + +sub build_cgi_params { + my ( $fm, $group ) = @_; + + my %props = ( + page => 0, + page_stack => "", + ".id" => $fm->{cgi}->param('.id') || "", + groupName => $group, + ); + + return $fm->props_to_query_string( \%props ); +} + +=head2 genUsers MEMBERS + +Takes a comma delimited list of users and returns a string of +html checkboxes for all system users with the members of the group +in $fm->{cgi}->parm('groupName')checked. + +=cut + +sub genUsers () { + my $fm = shift; + my $members = ""; + my $group = $fm->{'cgi'}->param('groupName'); + + if ($accounts->get($group)) { + $members = $accounts->get($group)->prop('Members'); + } + my @members = split(/[,;]/, $members); + + my $out = "\n " + . $fm->localise('GROUP_MEMBERS') + . "\n \n" + . " \n"; + foreach my $user (@members) { + my $name = $accounts->get($user)->prop('FirstName') . " " . $accounts->get($user)->prop('LastName'); + + $out .=" \n" + . "\n \n"; + + } + + $out .= "
$name (".$user.")
\n \n \n"; + return $out; +} + diff --git a/root/var/qmail/control/queuenotifymsg b/root/var/qmail/control/queuenotifymsg new file mode 100644 index 0000000..6f762a3 --- /dev/null +++ b/root/var/qmail/control/queuenotifymsg @@ -0,0 +1,6 @@ +Le serveur %s a bien pris en compte votre message, mais n'a +pas pu le remettre aux destinataires suivants au bout de %s de tentative. +Le serveur de mail va continuer d'essayer de remettre votre message +pendant %s (au total). Ceci n'est qu'un avertissement, +vous n'avez pas besoin de renvoyer votre message pour le moment. +