diff -Nur --no-dereference smeserver-horde-1.0.0.old/createlinks smeserver-horde-1.0.0/createlinks
--- smeserver-horde-1.0.0.old/createlinks 2021-03-10 01:11:22.732000000 -0500
+++ smeserver-horde-1.0.0/createlinks 2021-03-10 02:00:28.856000000 -0500
@@ -219,7 +219,7 @@
"/etc/httpd/conf/httpd.conf",
$event);
-foreach $service ( qw(php55-php-fpm php56-php-fpm php70-php-fpm php71-php-fpm php72-php-fpm php73-php-fpm php74-php-fpm) ){
+foreach $service ( qw(php-fpm php55-php-fpm php56-php-fpm php70-php-fpm php71-php-fpm php72-php-fpm php73-php-fpm php74-php-fpm) ){
safe_symlink("reload-or-restart", "root/etc/e-smith/events/".($event, qw(email-update) )."/services2adjust/$service");
}
diff -Nur --no-dereference smeserver-horde-1.0.0.old/root/etc/e-smith/db/configuration/defaults/imp/access smeserver-horde-1.0.0/root/etc/e-smith/db/configuration/defaults/imp/access
--- smeserver-horde-1.0.0.old/root/etc/e-smith/db/configuration/defaults/imp/access 2005-03-15 10:17:45.000000000 -0500
+++ smeserver-horde-1.0.0/root/etc/e-smith/db/configuration/defaults/imp/access 1969-12-31 19:00:00.000000000 -0500
@@ -1 +0,0 @@
-SSL
diff -Nur --no-dereference smeserver-horde-1.0.0.old/root/etc/e-smith/db/configuration/migrate/50horde smeserver-horde-1.0.0/root/etc/e-smith/db/configuration/migrate/50horde
--- smeserver-horde-1.0.0.old/root/etc/e-smith/db/configuration/migrate/50horde 1969-12-31 19:00:00.000000000 -0500
+++ smeserver-horde-1.0.0/root/etc/e-smith/db/configuration/migrate/50horde 2021-03-10 16:15:43.427000000 -0500
@@ -0,0 +1,7 @@
+{
+ #remove access entry for imp as we only accept SSL now
+ $DB->get_prop_and_delete( 'imp', 'access' );
+
+
+
+}
diff -Nur --no-dereference smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/85HordeAccess smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/85HordeAccess
--- smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/85HordeAccess 2021-03-10 01:11:22.695000000 -0500
+++ smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/85HordeAccess 2021-03-10 16:15:42.154000000 -0500
@@ -16,6 +16,7 @@
$OUT .= qq(
# Horde specific configuration files.
+ SSLRequireSSL
Order Deny,Allow
Deny from all
@@ -46,10 +47,14 @@
}
else
{
+ my $c = esmith::ConfigDB->open_ro || die "Couldn't open the config database";
+ my $version = PhpFpmVersionToUse($c->get('horde'),'72');
$OUT .= qq(
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=\$1
-
- SetHandler "proxy:unix:/var/run/php-fpm/horde.sock|fcgi://localhost"
+
+
+ SetHandler "proxy:unix:/var/run/php-fpm/php$version-horde.sock|fcgi://localhost"
+
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
diff -Nur --no-dereference smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/30WebmailAliases smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/30WebmailAliases
--- smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/30WebmailAliases 2021-03-10 01:11:22.715000000 -0500
+++ smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/30WebmailAliases 2021-03-10 16:15:42.400000000 -0500
@@ -3,7 +3,6 @@
$haveSSL = (exists ${modSSL}{status} and ${modSSL}{status} eq "enabled") ? 'yes' : 'no';
my $webmailStatus = $imp{'status'} || "disabled";
- my $webmailAccessType = $imp{'access'} || "SSL";
my $dirs;
$dirs{horde} = '/usr/share/horde';
@@ -14,7 +13,7 @@
foreach $place ('webmail','horde')
{
- if (($port eq "$httpPort") && ($haveSSL eq 'yes') && ($webmailAccessType eq 'SSL'))
+ if (($port eq "$httpPort") && ($haveSSL eq 'yes') )
{
my $portspec = ($httpsPort eq 443) ? "" : ":$httpsPort";
$OUT .= " RewriteRule ^/$place(/.*|\$) https://%{HTTP_HOST}${portspec}/$place\$1 [L,R]\n";
diff -Nur --no-dereference smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/35HordeActivesyncAliases smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/35HordeActivesyncAliases
--- smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/35HordeActivesyncAliases 2021-03-10 01:11:22.715000000 -0500
+++ smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/35HordeActivesyncAliases 2021-03-10 16:15:42.662000000 -0500
@@ -1,13 +1,12 @@
{
$haveSSL = (exists ${modSSL}{status} and ${modSSL}{status} eq "enabled") ? 'yes' : 'no';
my $webmailStatus = $imp{'status'} || "disabled";
- my $webmailAccessType = $imp{'access'} || "SSL";
my $syncStatus = $horde{'ActiveSync'} || "disabled";
return " # ActiveSync is disabled"
unless $webmailStatus eq 'enabled' && $syncStatus eq 'enabled';
- if (($port eq "$httpPort") && ($syncStatus eq 'enabled') && ($haveSSL eq 'yes') && ($webmailAccessType eq 'SSL'))
+ if (($port eq "$httpPort") && ($syncStatus eq 'enabled') && ($haveSSL eq 'yes') )
{
my $portspec = ($httpsPort eq 443) ? "" : ":$httpsPort";
$OUT .= " RewriteRule ^/Microsoft-Server-ActiveSync(/.*|\$) https://%{HTTP_HOST}${portspec}/webmail/rpc.php\$1 [L,R]\n";
diff -Nur --no-dereference smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/php-fpm.d/www.conf/20Horde smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/php-fpm.d/www.conf/20Horde
--- smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/php-fpm.d/www.conf/20Horde 2021-03-10 01:11:22.711000000 -0500
+++ smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/php-fpm.d/www.conf/20Horde 2021-03-10 16:15:41.907000000 -0500
@@ -1,9 +1,10 @@
{
-use esmith::ConfigDB;
-my $c = esmith::ConfigDB->open_ro || die "Couldn't opeen the configuration database\n";
-my $horde = $c->get( "horde" );
+ use esmith::ConfigDB;
+ use esmith::php;
+ my $c = esmith::ConfigDB->open_ro || die "Couldn't opeen the configuration database\n";
+ my $horde = $c->get( "horde" );
- my $version = $horde->prop('PHPVersion') || '72';
+ my $version = PhpFpmVersionToUse($horde,"72"); #$horde->prop('PHPVersion') || '72';
my $status = $horde->prop('status') || 'disabled';
return unless ($status eq 'enabled' && $version eq $PHP_VERSION);
my $key = $horde->key;
@@ -15,17 +16,26 @@
my $post_max_size = $horde->prop('PHPPostMaxSize') || '10M';
my $upload_max_filesize = $horde->prop('PHPUploadMaxFilesize') || '10M';
my $file_upload = $horde->prop('PHPFileUpload') || 'enabled';
- my $include_path = ".:/usr/share/pear-addons:/usr/share/pear:/usr/share/pear-data:/usr/share/php";
+ my $include_path = ".:/usr/share/pear-addons:/usr/share/pear:/usr/share/pear-data/:/usr/share/php".
+ ":/opt/remi/php55/root/usr/share/pear-data/:/opt/remi/php56/root/usr/share/pear-data/".
+ ":/opt/remi/php70/root/usr/share/pear-data/:/opt/remi/php71/root/usr/share/pear-data/:/opt/remi/php72/root/usr/share/pear-data/: /opt/remi/php73/root/usr/share/pear-data/: /opt/remi/php74/root/usr/share/pear-data/".
+ ":/opt/remi/php55/root/usr/share/pear/:/opt/remi/php56/root/usr/share/pear/".
+ ":/opt/remi/php70/root/usr/share/pear/:/opt/remi/php71/root/usr/share/pear/:/opt/remi/php72/root/usr/share/pear/: /opt/remi/php73/root/usr/share/pear/: /opt/remi/php74/root/usr/share/pear/" ;
my $open_basedir = $horde->prop('PHPBaseDir') || '/usr/share/horde' .
- ':/etc/horde/' .
- ':/var/lib/php/' . $key .
- ":$include_path" .
- ":/etc/resolv.conf".
- ":/usr/bin/gpg" ;
+ ':/etc/horde/' .
+ ':/var/lib/php/' . $key .
+ ":$include_path" .
+ ":/etc/resolv.conf".
+ ":/usr/bin/gpg:/usr/bin/gpg2:/usr/bin/hunspell:/usr/bin/openssl:/home/e-smith/ssl.crt/:/usr/bin/convert:/usr/bin/identify:/usr/bin/misc/magic".
+ ":/usr/bin/quota:/bin/grep:/etc/mtab";
+ # needed for php-fpm 5.4, does not seem to handle the sys_temp_dir
+ # not that a security concern as systemd use a rooted /tmp
+ $open_basedir .= ":/tmp/" if $version eq "";
my $disabled_functions = $horde->prop('PHPDisabledFunctions') || 'system,show_source,' .
'symlink,exec,dl,shell_exec,' .
'passthru,phpinfo,' .
'escapeshellarg,escapeshellcmd';
+ my $MailForceSender = $horde->prop('MailForceSender') || "$name\@$DomainName";
# Format vars
$file_upload = ($file_upload =~ m/^1|yes|on|enabled$/) ? 'on' : 'off';
$allow_url_fopen = "off" ; # ($allow_url_fopen =~ m/^1|yes|on|enabled$/) ? 'on' : 'off';
@@ -40,7 +50,7 @@
listen.owner = root
listen.group = www
listen.mode = 0660
-listen = /var/run/php-fpm/$pool_name.sock
+listen = /var/run/php-fpm/php$version-$pool_name.sock
pm = dynamic
pm.max_children = 15
pm.start_servers = 3
@@ -52,7 +62,7 @@
php_admin_value[opcache.file_cache] = /var/lib/php/$key/opcache
php_admin_value[upload_tmp_dir] = /var/lib/php/$key/tmp
php_admin_value[sys_temp_dir] = /var/lib/php/$key/tmp
-php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f php@{ $DomainName }
+php_admin_value[mail.force_extra_parameters] = '-f $MailForceSender'
php_admin_flag[display_errors] = off
php_admin_value[error_reporting] =E_ERROR | E_WARNING | E_PARSE
php_admin_value[error_log] = /var/log/$key/error.log
diff -Nur --no-dereference smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/rsyslog.conf/32horde smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/rsyslog.conf/32horde
--- smeserver-horde-1.0.0.old/root/etc/e-smith/templates/etc/rsyslog.conf/32horde 2021-03-10 01:11:22.720000000 -0500
+++ smeserver-horde-1.0.0/root/etc/e-smith/templates/etc/rsyslog.conf/32horde 2021-03-10 16:15:42.922000000 -0500
@@ -1,4 +1,7 @@
# horde logging
+# first remove noise with php base dir
+if $programname == "HORDE" and $msg contains '/home/e-smith/.pearrc' then stop
+if $programname == "HORDE" and $msg contains '/gpg) is not within the allowed path' then stop
:programname, isequal, "HORDE" /var/log/horde/error.log
:programname, isequal, "HORDE" stop
if $msg contains 'DIGEST-MD5 common mech free' then stop