public/ws-vacation Changeset - r39:e8bd111763c9

Changeset - r39:e8bd111763c9

Parent rev.

Child rev.

[Not reviewed]

default

0 3 0

Wolfgang Scherer (ws) - 11 years ago 2014-11-17 09:53:23
wolfgang.scherer@gmx.de

index.php: provisions for user aliases, forward files w/extension

3 files changed with 266 insertions and 17 deletions:

index.php

lib/config.php

201

lib/ws-vacation-sudo.in

0 comments (0 inline, 0 general)

index.php

➞

Show inline comments

@@ @@ -189,23 +189,35 @@ if ($_debug) { @@
+}
 $vacation_msg_file = sprintf('%s/%s', $home, $VACATION_MSG_FILE);
 $vacation_db_file = sprintf('%s/%s', $home, $VACATION_DB_FILE);
 $forward_file = sprintf('%s/%s', $home, $FORWARD_FILE);
 $forward_active = test_readable($forward_file, $user);
 $user_alias = '';
 $vacation_args = Array();
 if (array_key_exists($user, $USER_ALIASES)) {
     $user_alias = $USER_ALIASES[$user];
     $vacation_args[] = '-a';
     $vacation_args[] = $user_alias;
+}
 $vacation_args[] = $user;
 $forward_settings = Array(
-    '\\'.$user, '', sprintf($VACATION_FORWARD_ENTRY, $user));
+    '\\'.$user, '', sprintf($VACATION_FORWARD_ENTRY, implode(' ', $vacation_args)));
 if ($forward_active)
+{
     $forward_settings = cat_file($forward_file, $user);
     $lines = explode("\n", $forward_settings);
     $forward_settings = preg_split('/, */', $lines[0]);
     if (count($forward_settings) < 3) {
         $forward_settings[2] = $forward_settings[1];
         $forward_settings[1] = '';
+    }
     // refresh vacation command
 #    $forward_settings[2] = sprintf($VACATION_FORWARD_ENTRY, implode(' ', $vacation_args));
+}
 $vacation_setup_raw = isset($_REQUEST["raw"]);
 $vacation_clear = isset($_REQUEST['clear']);
 if ($vacation_clear || !test_readable($vacation_msg_file, $user)) {
     // Reset to default
@@ @@ -250,12 +262,14 @@ if ( !$vacation_refresh && !$vacation_cl @@
     $vacation_forward_to = $forward_settings[1];
     $vacation_forward_to = preg_replace('/^\\\\/', '', $vacation_forward_to);
     if (empty($vacation_forward_to)) {
         $vacation_forward_to = vacation_find_forward($vacation_headers);
+    }
+}
 // remove domain suffix
 $vacation_forward_to = preg_replace('/@.*$/', '', $vacation_forward_to);
 // --------------------------------------------------
 // |||:sec:||| Set vacation(1) parameters
 // --------------------------------------------------
 $vacation_setup = isset($_REQUEST['save']);
@@ @@ -273,15 +287,16 @@ if ( $vacation_del_log ) { @@
 if ($vacation_setup || $vacation_setup_raw || $vacation_del_log) {
     $forward_active = isset($_REQUEST['active']);
     // validate forward to
     if ($vacation_forward_to == $user) {
         $vacation_forward_to = '';
+    }
     $forward_settings = Array(
         '\\'.$user, $vacation_forward_to,
-        sprintf($VACATION_FORWARD_ENTRY, $user));
+        sprintf($VACATION_FORWARD_ENTRY, implode(' ', $vacation_args)));
     if ( $vacation_setup_raw ) {
         $vacation_msg = isset($_REQUEST['message']) ? trim($_REQUEST['message']) : '';
         $message_parts = message_split($vacation_msg);
         $vacation_headers = header_clean($message_parts[0]);
         $vacation_body = $message_parts[1];
@@ @@ -295,14 +310,23 @@ if ($vacation_setup || $vacation_setup_r @@
         $x_wsv_raw = False;
+    }
     while (True) {
         if ($vacation_del_log) {
             system(sprintf(
                        '%s -u %s %s %s -i',
                        $SUDO_CMD, $user, $SUDO_OPT_H, $VACATION_CMD));
                        '%s -u %s %s %s %s',
                        $SUDO_CMD, $user, $SUDO_OPT_H, $VACATION_CMD, $VACATION_INIT_OPTS));
             $vacation_excl_pipe = popen(sprintf(
                       '%s -u %s %s %s %s',
                       $SUDO_CMD, $user, $SUDO_OPT_H, $VACATION_CMD, $VACATION_EXLCUDE_OPTS),
                 'w');
             fwrite($vacation_excl_pipe, sprintf("%s%s\n", $user, $DOMAIN_SUFFIX));
             if (!empty($user_alias)) {
                 fwrite($vacation_excl_pipe, sprintf("%s%s\n", $user_alias, $DOMAIN_SUFFIX));
+            }
             pclose($vacation_excl_pipe);
             break;
+        }
         if (empty ($vacation_subject)) {
             error_msg(get_text('error_no_subject'));
             break;
@@ @@ -334,35 +358,65 @@ if ($vacation_setup || $vacation_setup_r @@
         fwrite($vacation_msg_pipe, $vacation_msg);
         pclose($vacation_msg_pipe);
         // Initialize vacation(1) if necessary.
         if (!test_readable($vacation_db_file, $user)) {
             system(sprintf(
                        '%s -u %s %s %s -i',
                        $SUDO_CMD, $user, $SUDO_OPT_H, $VACATION_CMD));
                        '%s -u %s %s %s %s',
                        $SUDO_CMD, $user, $SUDO_OPT_H, $VACATION_CMD, $VACATION_INIT_OPTS));
             $vacation_excl_pipe = popen(sprintf(
                       '%s -u %s %s %s %s',
                       $SUDO_CMD, $user, $SUDO_OPT_H, $VACATION_CMD, $VACATION_EXLCUDE_OPTS),
                 'w');
             fwrite($vacation_excl_pipe, sprintf("%s%s\n", $user, $DOMAIN_SUFFIX));
             if (!empty($user_alias)) {
                 fwrite($vacation_excl_pipe, sprintf("%s%s\n", $user_alias, $DOMAIN_SUFFIX));
+            }
             pclose($vacation_excl_pipe);
+        }
         // Write or remove .forward file
         if ($forward_active) {
             $expanded_forward_settings = $forward_settings;
             if (!empty($expanded_forward_settings[1])) {
                 $expanded_forward_settings[1] .= $DOMAIN_SUFFIX;
+            }
             $use_fs = Array();
-            foreach ($forward_settings as $fs) {
+            foreach ($expanded_forward_settings as $fs) {
                 if (empty($fs)) {
                     continue;
+                }
                 $use_fs[] = $fs;
+            }
             $forward_file_pipe = popen(sprintf(
                       '%s -u %s %s %s %s',
                       $SUDO_CMD, $user, $SUDO_OPT_H, $WRITE_TO_CMD, $forward_file),
                 'w');
             fwrite($forward_file_pipe, implode(", ", $use_fs)."\n");
             pclose($forward_file_pipe);
             if (!empty($VACATION_FORWARD_EXT_ENTRY)) {
                 foreach ($FORWARD_EXTENSIONS as $fe) {
                     $cmd = sprintf(
                         '%s -u %s %s %s %s%s',
                         $SUDO_CMD, $user, $SUDO_OPT_H, $WRITE_TO_CMD, $forward_file, $fe);
                     $forward_file_pipe = popen($cmd, 'w');
                     fwrite($forward_file_pipe, $VACATION_FORWARD_EXT_ENTRY."\n");
                     pclose($forward_file_pipe);
+                }
+            }
         } else {
             system(sprintf(
                        '%s -u %s %s %s %s',
                        $SUDO_CMD, $user, $SUDO_OPT_H, $RM_CMD, $forward_file));
             if (!empty($VACATION_FORWARD_EXT_ENTRY)) {
                 foreach ($FORWARD_EXTENSIONS as $fe) {
                     system(sprintf(
                                '%s -u %s %s %s %s%s',
                                $SUDO_CMD, $user, $SUDO_OPT_H, $RM_CMD, $forward_file, $fe));
+                }
+            }
+        }
         break;
+    }
+}
 // echo ('<pre>'."\n");            // |:debug:|

lib/config.php

➞

Show inline comments

@@ @@ -35,32 +35,219 @@ @@
 // $USER_ID_MAX werden in Betracht gezogen:
 // 1. Falls der Benutzer in $ALLOWED_USERS angegeben ist, wird er immer zugelassen.
 // 2. Wenn das HOME-Verzeichnis nicht mit $HOME_PFX beginnnt, wird der Benutzer nicht zugelasssen.
 // 3. Wenn der Benutzer in $INVALID_USERS angegeben ist, wird er nicht zugelasssen.
 // 4. Der Benutzer wird zugelassen.
 $DOMAIN_SUFFIX = '@ws-gruppe.de';
 // User which are always allowed.
 // If the user appears in $PASSWD_FILE, he is always enabled.
 $ALLOWED_USERS = Array(
     );
 // Administrators can modify the settings of all users.
 $ADMIN_USERS = Array(
     'js',
     'sw',
     'wscherer',
     'admin',
     'lm',
     'sc',
     );
 // User aliases for vacation
 $USER_ALIASES = Array(
     # auto-generated |:conf:| /etc/srvconfig/mail/userdb-user-for-mx.sh --php-alias
     'admin' => 'ws.admin',
     'am' => 'andreas.mogel',
     'ar' => 'steffen.arndt',
     'av' => 'andreas.vehe',
     'aw' => 'anne-marie.wolf',
     'ba' => 'sandra.bauer',
     'be' => 'bernhard.etzelmueller',
     'bk' => 'benjamin.kirner',
     'bm' => 'michael.bayer',
     'bn' => 'bert.nebelung',
     'br' => 'robert.biedermann',
     'bs' => 'bianca.sattes',
     'bt' => 'torhan.bartel',
     'bw' => 'bruno.wendel',
     'ch' => 'christian.heid',
     'chh' => 'christian.hoerner',
     'cl' => 'christian.lindner',
     'cm' => 'claus.mayer',
     'co' => 'concepcion.ocana-moreno',
     'cp' => 'carolin.prinz',
     'cr' => 'christian.roeding',
     'ct' => 'carsten.thieme',
     'de' => 'dieter.ebert',
     'dg' => 'daniel.graf',
     'dk' => 'david.kuehnl',
     'dm' => 'dmitri.riss',
     'dr' => 'dieter.reuthal',
     'ds' => 'david.stroebel',
     'du' => 'denis.uhde',
     'dz' => 'dominik.zimmermann',
     'em' => 'beate.etzelmueller',
     'en' => 'ellen.nicklisch',
     'es' => 'edith.schneider',
     'fg' => 'guido.fischer',
     'fm' => 'frank.mueller',
     'fr' => 'frank.richter',
     'fs' => 'frank.stiegler',
     'fu' => 'friedrich.ullrich',
     'gs' => 'gabi.schoenwald',
     'gw' => 'gudrun.wende',
     'ha' => 'ralf.haubrich',
     'hb' => 'harry.bitterer',
     'he' => 'heiko.simeth',
     'hh' => 'helmut.henning',
     'hm' => 'sebastian.herrmann',
     'ho' => 'bernd.hoffmann',
     'hp' => 'holger.poeschel',
     'hs' => 'hubert.snoppek',
     'iv' => 'irene.vehe',
     'jh' => 'johannes.schaefer',
     'jj' => 'jens.jirschik',
     'jm' => 'juergen.mueller',
     'jn' => 'jochen.neumeier',
     'jo' => 'jonathan.stroebel',
     'jp' => 'johannes.perli',
     'js' => 'juergen.schroll',
     'ju' => 'justin.schwarz',
     'jw' => 'jan.von.wietersheim',
     'kf' => 'katharina.fischer',
     'kk' => 'karl-heinz.kaiser',
     'kl' => 'rolf.kluge',
     'kn' => 'birgit.knaus',
     'kr' => 'karin.reuthal',
     'ks' => 'karol.schuster',
     'lm' => 'michael.letsch',
     'ln' => 'lutz.nicklisch',
     'lotte' => 'lotte.etzelmueller',
     'ma' => 'michael.arz',
     'mb' => 'marika.burggraf',
     'md' => 'markus.dusel',
     'me' => 'marco.melber',
     'mf' => 'frank.macha',
     'mg' => 'martin.glaessner',
     'mi' => 'maria.interrante',
     'mj' => 'mandy.junghans',
     'ml' => 'markus.ludwig',
     'mm' => 'mario.manfrini',
     'mo' => 'karlheinz.mog',
     'mp' => 'marco.pohlenz',
     'mr' => 'marianne.rose',
     'ms' => 'martin.seiler',
     'mt' => 'marcus.thoene',
     'mw' => 'mario.weiler',
     'mz' => 'martin.zeptner',
     'nd' => 'nadine.dehler',
     'ne' => 'nina.etzelmueller',
     'ng' => 'norbert.goess',
     'nm' => 'nikolei.mauckner',
     'no' => 'norbert.wirsching',
     'nt' => 'norbert.zengay',
     'nw' => 'niklas.weickert',
     'ob' => 'ottmar.boettcher',
     'os' => 'oliver.schmidt',
     'ow' => 'odile.weide',
     'pb' => 'praktikant.brehna',
     'pm' => 'praktikant.marktsteft',
     'pn' => 'praktikant.nuernberg',
     'po' => 'iris.posch',
     'pp' => 'pia.lentowitsch',
     'ps' => 'peter.scheck',
     'pw' => 'peter.weigand',
     'qm' => 'uwe.hertlein',
     'ra' => 'andreas.reichelt',
     'rb' => 'rene.becker',
     'rc' => 'roman.conrad',
     're' => 'daniel.reuther',
     'rh' => 'raina.hesse',
     'rj' => 'julian.rueckel',
     'rk' => 'roland.kopitsch',
     'rp' => 'renate.paul',
     'rs' => 'simone.ruetzel',
     'ry' => 'manfred.rychlik',
     'sb' => 'denis.steinberg',
     'sc' => 'markus.schmitt',
     'se' => 'daniel.seemann',
     'sf' => 'sebastian.fick',
     'sh' => 'stefan.holzmann',
     'si' => 'simon.henning',
     'sj' => 'joerg.schmittlein',
     'sk' => 'sandra.kleinschrod',
     'sl' => 'jonas.schroll',
     'sm' => 'stefan.mueller',
     'sr' => 'steffen.reichart',
     'su' => 'uwe.schaaf',
     'sv' => 'benjamin.schraven',
     'sw' => 'wolfgang.scherer',
     'tb' => 'thomas.bachmann',
     'te' => 'tim.etzelmueller',
     'tg' => 'thomas.gruebl',
     'th' => 'thorsten.heim',
     'tm' => 'thorsten.manger',
     'ts' => 'thomas.steinruck',
     'ug' => 'ute.gumler',
     'us' => 'ursula.schleif',
     'vk' => 'volker.kohlhepp',
     'vr' => 'volker.reihs',
     'vs' => 'vitalij.stein',
     'wg' => 'gabi.watl',
     'wh' => 'waldemar.hoppe',
     'wi' => 'ralf.winkler',
     'wk' => 'wolfgang.kirchner',
     'wn' => 'wolfgang.neumayr',
     'wscherer' => 'shop.admin',
     'wv' => 'werner.vehe',
     'yh' => 'yves.hensler',
     );
 // Invalid users.
 // These users are always ignored.
 $INVALID_USERS = Array(
     'clamav',
     'elektriker',
     'info',
     'postman',
     'vmail',
     );
 // Administrators can modify the settings of all users.
 $ADMIN_USERS = Array(
     'js',
     'sw',
     'ws',
     'wscherer',
     'julian',
     'reserviert2',
     'reserviert11',
     'reserviert12',
     'reserviert30',
     'mbak',
     'spam',
     'ws-gruppe',
     'chh',
     'kk',
     # |:conf:| auto-generated: /etc/srvconfig/mail/userdb-user-for-mx.sh x | sed "s,^,    ',;s/$/',/"//
     'cm',
     'cp',
     'cr',
     'de',
     'dg',
     'ds',
     'fg',
     'fs',
     'hb',
     'hp',
     'jm',
     'jw',
     'me',
     'mo',
     'mz',
     'pw',
     're',
     'sb',
     'sl',
     'sv',
     'ts',
     'wn',
     );
 $LANGUAGE = 'en';
 $LANGUAGE = 'de';
 $PASSWD_FILE = '/etc/passwd';
@@ @@ -78,14 +265,18 @@ @@
 $WRITE_TO_CMD = dirname(__FILE__) . '/write_to.sh';
 $FORMAIL_CMD = '/usr/bin/formail';
 $VACATION_CMD = '/usr/bin/vacation';
 $VACATION_MSG_FILE = '.vacation.msg';
 $VACATION_DB_FILE = '.vacation.db';
 $VACATION_FORWARD_ENTRY = sprintf('"| %s -c | %s -t1 %%s"', $FORMAIL_CMD, $VACATION_CMD); // use sprintf($VFE, $user);
 $VACATION_INIT_OPTS = '-i -r 1';
 $VACATION_EXLCUDE_OPTS = '-x';
 $VACATION_FORWARD_ENTRY = sprintf('"| %s -c | %s %%s"', $FORMAIL_CMD, $VACATION_CMD); // use sprintf($VFE, $user);
 $FORWARD_FILE = '.forward';
 $VACATION_FORWARD_EXT_ENTRY = '"| /usr/bin/formail -c | /etc/postfix/dovecot-deliver.sh"';
 $FORWARD_EXTENSIONS = Array('+sent', '+drafts', '+trash');
 $EXPERT_ENABLED = True;
 $HEADER_REMOVE = Array(
     'bcc',
     'cc',
     'date',

lib/ws-vacation-sudo.in

➞

Show inline comments

 # Allow www user to run the vacation command as a user, but not as root
 User_Alias WWWRUN = wwwrun,www-data
 Runas_Alias NOTROOT = ALL,!root
 Cmnd_Alias VACATION=/usr/bin/vacation *
 Cmnd_Alias RM_FORWARD=/bin/rm -f /home/*/.forward
 Cmnd_Alias RM_FORWARD_EXT=/bin/rm -f /home/*/.forward+*
 Cmnd_Alias TEST_FORWARD=@base_dir@/lib/test_readable.sh /home/*/.forward
 Cmnd_Alias TEST_VACATION_MSG=@base_dir@/lib/test_readable.sh /home/*/.vacation.msg
 Cmnd_Alias TEST_VACATION_DB=@base_dir@/lib/test_readable.sh /home/*/.vacation.db
 Cmnd_Alias GET_FORWARD=/bin/cat /home/*/.forward
 Cmnd_Alias GET_VACATION_MSG=/bin/cat /home/*/.vacation.msg
 Cmnd_Alias PUT_FORWARD=@base_dir@/lib/write_to.sh /home/*/.forward
 Cmnd_Alias PUT_FORWARD_EXT=@base_dir@/lib/write_to.sh /home/*/.forward+*
 Cmnd_Alias PUT_VACATION_MSG=@base_dir@/lib/write_to.sh /home/*/.vacation.msg
 WWWRUN ALL=(NOTROOT) NOPASSWD: VACATION
 WWWRUN ALL=(NOTROOT) NOPASSWD: RM_FORWARD
 WWWRUN ALL=(NOTROOT) NOPASSWD: RM_FORWARD_EXT
 WWWRUN ALL=(NOTROOT) NOPASSWD: TEST_FORWARD
 WWWRUN ALL=(NOTROOT) NOPASSWD: TEST_VACATION_MSG
 WWWRUN ALL=(NOTROOT) NOPASSWD: TEST_VACATION_DB
 WWWRUN ALL=(NOTROOT) NOPASSWD: GET_FORWARD
 WWWRUN ALL=(NOTROOT) NOPASSWD: GET_VACATION_MSG
 WWWRUN ALL=(NOTROOT) NOPASSWD: PUT_FORWARD
 WWWRUN ALL=(NOTROOT) NOPASSWD: PUT_FORWARD_EXT
 WWWRUN ALL=(NOTROOT) NOPASSWD: PUT_VACATION_MSG

0 comments (0 inline, 0 general)