Marius Cramer
2015-08-06 37b29231e47a0c4458dc1c15d98588f16f07e1e2
commit | author | age
0711af 1 <?php
T 2
3 /*
436ed8 4 Copyright (c) 2007, Till Brehm, projektfarm Gmbh
0711af 5 All rights reserved.
T 6
7 Redistribution and use in source and binary forms, with or without modification,
8 are permitted provided that the following conditions are met:
9
10     * Redistributions of source code must retain the above copyright notice,
11       this list of conditions and the following disclaimer.
12     * Redistributions in binary form must reproduce the above copyright notice,
13       this list of conditions and the following disclaimer in the documentation
14       and/or other materials provided with the distribution.
15     * Neither the name of ISPConfig nor the names of its contributors
16       may be used to endorse or promote products derived from this software without
17       specific prior written permission.
18
19 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
20 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
23 INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
24 BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
26 OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
28 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */
30
344393 31 class installer_dist extends installer_base {
223c56 32     protected $mailman_group = 'mailman';
MC 33     
34     public function __construct() {
35         //** check apache modules */
36         $mods = getapachemodules();
37         if(in_array('authz_compat', $mods, true)) {
38             swriteln($inst->lng('    WARNING! You are using mod_authz_compat.'));
39             swriteln($inst->lng('    Please make sure that your apache config uses the new auth syntax:'));
40             swriteln($inst->lng('    <Directory />'));
41             swriteln($inst->lng('    Options None'));
42             swriteln($inst->lng('    AllowOverride None'));
43             swriteln($inst->lng('    Require all denied'));
44             swriteln($inst->lng('    </Directory>'."\n"));
45             
46             swriteln($inst->lng('    If it uses the old syntax (deny from all) ISPConfig would fail to work.'));
526b99 47         }
T 48     }
b1a6a5 49
0711af 50     function configure_postfix($options = '')
b1a6a5 51     {
b51c22 52         global $conf,$autoinstall;
0711af 53         $cf = $conf['postfix'];
T 54         $config_dir = $cf['config_dir'];
b1a6a5 55
0711af 56         if(!is_dir($config_dir)){
b1a6a5 57             $this->error("The postfix configuration directory '$config_dir' does not exist.");
MC 58         }
59
0711af 60         //* mysql-virtual_domains.cf
b1a6a5 61         $this->process_postfix_config('mysql-virtual_domains.cf');
0711af 62
T 63         //* mysql-virtual_forwardings.cf
b1a6a5 64         $this->process_postfix_config('mysql-virtual_forwardings.cf');
0711af 65
T 66         //* mysql-virtual_mailboxes.cf
b1a6a5 67         $this->process_postfix_config('mysql-virtual_mailboxes.cf');
0711af 68
T 69         //* mysql-virtual_email2email.cf
b1a6a5 70         $this->process_postfix_config('mysql-virtual_email2email.cf');
0711af 71
T 72         //* mysql-virtual_transports.cf
b1a6a5 73         $this->process_postfix_config('mysql-virtual_transports.cf');
0711af 74
T 75         //* mysql-virtual_recipient.cf
b1a6a5 76         $this->process_postfix_config('mysql-virtual_recipient.cf');
0711af 77
T 78         //* mysql-virtual_sender.cf
b1a6a5 79         $this->process_postfix_config('mysql-virtual_sender.cf');
0711af 80
03b633 81         //* mysql-virtual_sender_login_maps.cf
D 82         $this->process_postfix_config('mysql-virtual_sender_login_maps.cf');
83         
0711af 84         //* mysql-virtual_client.cf
b1a6a5 85         $this->process_postfix_config('mysql-virtual_client.cf');
MC 86
0711af 87         //* mysql-virtual_relaydomains.cf
b1a6a5 88         $this->process_postfix_config('mysql-virtual_relaydomains.cf');
MC 89
429dcf 90         //* mysql-virtual_relayrecipientmaps.cf
b1a6a5 91         $this->process_postfix_config('mysql-virtual_relayrecipientmaps.cf');
0711af 92
75722e 93         //* mysql-virtual_policy_greylist.cf
D 94         $this->process_postfix_config('mysql-virtual_policy_greylist.cf');
95
b1a6a5 96         //* postfix-dkim
MC 97         $full_file_name=$config_dir.'/tag_as_originating.re';
98         if(is_file($full_file_name)) {
99             copy($full_file_name, $config_dir.$configfile.'~');
100         }
101         wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10026');
ec5716 102
b1a6a5 103         $full_file_name=$config_dir.'/tag_as_foreign.re';
MC 104         if(is_file($full_file_name)) {
105             copy($full_file_name, $config_dir.$configfile.'~');
106         }
107         wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10024');
ec5716 108
0711af 109         //* Changing mode and group of the new created config files.
T 110         caselog('chmod o= '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
b1a6a5 111             __FILE__, __LINE__, 'chmod on mysql-virtual_*.cf*', 'chmod on mysql-virtual_*.cf* failed');
MC 112         caselog('chgrp '.$cf['group'].' '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
113             __FILE__, __LINE__, 'chgrp on mysql-virtual_*.cf*', 'chgrp on mysql-virtual_*.cf* failed');
114
0711af 115         //* Creating virtual mail user and group
T 116         $command = 'groupadd -g '.$cf['vmail_groupid'].' '.$cf['vmail_groupname'];
392450 117         if(!is_group($cf['vmail_groupname'])) caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
0711af 118
T 119         $command = 'useradd -g '.$cf['vmail_groupname'].' -u '.$cf['vmail_userid'].' '.$cf['vmail_username'].' -d '.$cf['vmail_mailbox_base'].' -m';
7b47c0 120         if(!is_user($cf['vmail_username'])) caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
T 121
122         //* These postconf commands will be executed on installation and update
2af58c 123         $server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ?", $conf['server_id']);
7b47c0 124         $server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
T 125         unset($server_ini_rec);
126
127         //* If there are RBL's defined, format the list and add them to smtp_recipient_restrictions to prevent removeal after an update
128         $rbl_list = '';
129         if (@isset($server_ini_array['mail']['realtime_blackhole_list']) && $server_ini_array['mail']['realtime_blackhole_list'] != '') {
b1a6a5 130             $rbl_hosts = explode(",", str_replace(" ", "", $server_ini_array['mail']['realtime_blackhole_list']));
7b47c0 131             foreach ($rbl_hosts as $key => $value) {
T 132                 $rbl_list .= ", reject_rbl_client ". $value;
133             }
134         }
135         unset($rbl_hosts);
75722e 136         
D 137         //* If Postgrey is installed, configure it
138         $greylisting = '';
139         if($conf['postgrey']['installed'] == true) {
20f478 140             $greylisting = ', check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf';
75722e 141         }
D 142         
20f478 143         $reject_sender_login_mismatch = '';
D 144         if(isset($server_ini_array['mail']['reject_sender_login_mismatch']) && ($server_ini_array['mail']['reject_sender_login_mismatch'] == 'y')) {
145             $reject_sender_login_mismatch = ', reject_authenticated_sender_login_mismatch';
146         }
147         unset($server_ini_array);
148         
b1a6a5 149         $postconf_placeholders = array('{config_dir}' => $config_dir,
MC 150             '{vmail_mailbox_base}' => $cf['vmail_mailbox_base'],
151             '{vmail_userid}' => $cf['vmail_userid'],
152             '{vmail_groupid}' => $cf['vmail_groupid'],
75722e 153             '{rbl_list}' => $rbl_list,
D 154             '{greylisting}' => $greylisting,
20f478 155             '{reject_slm}' => $reject_sender_login_mismatch,
75722e 156         );
20f478 157         
b1a6a5 158         $postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_postfix.conf.master', 'tpl/fedora_postfix.conf.master');
MC 159         $postconf_tpl = strtr($postconf_tpl, $postconf_placeholders);
160         $postconf_commands = array_filter(explode("\n", $postconf_tpl)); // read and remove empty lines
161
b67344 162         //* These postconf commands will be executed on installation only
T 163         if($this->is_update == false) {
b1a6a5 164             $postconf_commands = array_merge($postconf_commands, array(
MC 165                     'myhostname = '.$conf['hostname'],
166                     'mydestination = '.$conf['hostname'].', localhost, localhost.localdomain',
167                     'mynetworks = 127.0.0.0/8 [::1]/128'
168                 ));
b67344 169         }
b1a6a5 170
0711af 171         //* Create the header and body check files
T 172         touch($config_dir.'/header_checks');
173         touch($config_dir.'/mime_header_checks');
174         touch($config_dir.'/nested_header_checks');
175         touch($config_dir.'/body_checks');
b1a6a5 176
3f478f 177         //* Create the mailman files
T 178         if(!is_dir('/var/lib/mailman/data')) exec('mkdir -p /var/lib/mailman/data');
179         //if(!is_file('/var/lib/mailman/data/aliases')) touch('/var/lib/mailman/data/aliases');
180         if(is_file('/var/lib/mailman/data/aliases')) unlink('/var/lib/mailman/data/aliases');
b1a6a5 181         if(!is_link('/var/lib/mailman/data/aliases')) symlink('/etc/mailman/aliases', '/var/lib/mailman/data/aliases');
3f478f 182         exec('postalias /var/lib/mailman/data/aliases');
79bd20 183         if(!is_file('/etc/mailman/virtual-mailman')) touch('/etc/mailman/virtual-mailman');
TB 184         exec('postmap /etc/mailman/virtual-mailman');
3f478f 185         if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');
T 186         exec('/usr/sbin/postmap /var/lib/mailman/data/transport-mailman');
b1a6a5 187
0711af 188         //* Make a backup copy of the main.cf file
T 189         copy($config_dir.'/main.cf', $config_dir.'/main.cf~');
b1a6a5 190
0711af 191         //* Executing the postconf commands
T 192         foreach($postconf_commands as $cmd) {
193             $command = "postconf -e '$cmd'";
194             caselog($command." &> /dev/null", __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
195         }
b1a6a5 196
MC 197         if(!stristr($options, 'dont-create-certs')) {
0711af 198             //* Create the SSL certificate
b04e82 199             if(AUTOINSTALL){
TB 200                 $command = 'cd '.$config_dir.'; '
c43c29 201                     ."openssl req -new -subj '/C=".escapeshellcmd($autoinstall['ssl_cert_country'])."/ST=".escapeshellcmd($autoinstall['ssl_cert_state'])."/L=".escapeshellcmd($autoinstall['ssl_cert_locality'])."/O=".escapeshellcmd($autoinstall['ssl_cert_organisation'])."/OU=".escapeshellcmd($autoinstall['ssl_cert_organisation_unit'])."/CN=".escapeshellcmd($autoinstall['ssl_cert_common_name'])."' -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509";
b04e82 202             } else {
TB 203                 $command = 'cd '.$config_dir.'; '
c43c29 204                     .'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';
TB 205             }
0711af 206             exec($command);
b1a6a5 207
01423f 208             $command = 'chmod o= '.$config_dir.'/smtpd.key';
0711af 209             caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
T 210         }
b1a6a5 211
0711af 212         //** We have to change the permissions of the courier authdaemon directory to make it accessible for maildrop.
T 213         $command = 'chmod 755 /var/spool/authdaemon';
214         caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
b1a6a5 215
0711af 216         //* Changing maildrop lines in posfix master.cf
T 217         if(is_file($config_dir.'/master.cf')){
b1a6a5 218             copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
MC 219         }
0711af 220         if(is_file($config_dir.'/master.cf~')){
b1a6a5 221             exec('chmod 400 '.$config_dir.'/master.cf~');
MC 222         }
0711af 223         $configfile = $config_dir.'/master.cf';
T 224         $content = rf($configfile);
2c8f94 225         // if postfix package is from fedora or centios main repo
b1a6a5 226         $content = str_replace('#  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}',
MC 227             '  flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
228             $content);
229
2c8f94 230         // If postfix package is from centos plus repo
b1a6a5 231         $content = str_replace('#  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}',
MC 232             '  flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
233             $content);
234
235         $content = str_replace('  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}',
236             '  flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
237             $content);
238
239
240         $content = str_replace('#maildrop  unix  -       n       n       -       -       pipe',
241             'maildrop  unix  -       n       n       -       -       pipe',
242             $content);
243
0711af 244         wf($configfile, $content);
b1a6a5 245
0711af 246         //* Writing the Maildrop mailfilter file
T 247         $configfile = 'mailfilter';
248         if(is_file($cf['vmail_mailbox_base'].'/.'.$configfile)){
b1a6a5 249             copy($cf['vmail_mailbox_base'].'/.'.$configfile, $cf['vmail_mailbox_base'].'/.'.$configfile.'~');
MC 250         }
615a0a 251         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
0711af 252         $content = str_replace('{dist_postfix_vmail_mailbox_base}', $cf['vmail_mailbox_base'], $content);
T 253         wf($cf['vmail_mailbox_base'].'/.'.$configfile, $content);
b1a6a5 254
0711af 255         //* Create the directory for the custom mailfilters
T 256         $command = 'mkdir '.$cf['vmail_mailbox_base'].'/mailfilters';
257         caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 258
0711af 259         //* Chmod and chown the .mailfilter file
T 260         $command = 'chown -R '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base'].'/.mailfilter';
261         caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 262
0711af 263         $command = 'chmod -R 600 '.$cf['vmail_mailbox_base'].'/.mailfilter';
T 264         caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 265
0711af 266     }
b1a6a5 267
0711af 268     public function configure_saslauthd() {
T 269         global $conf;
b1a6a5 270
0711af 271         $configfile = 'tpl/fedora_saslauthd_smtpd_conf.master';
615a0a 272         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_saslauthd_smtpd_conf.master', $configfile);
b1a6a5 273         wf('/usr/lib/sasl2/smtpd.conf', $content);
MC 274         if(is_dir('/usr/lib64')) wf('/usr/lib64/sasl/smtpd.conf', $content);
275         if(is_dir('/usr/lib64')) wf('/usr/lib64/sasl2/smtpd.conf', $content);
276
0711af 277     }
b1a6a5 278
0711af 279     public function configure_pam()
b1a6a5 280     {
0711af 281         global $conf;
T 282         $pam = $conf['pam'];
283         //* configure pam for SMTP authentication agains the ispconfig database
284         $configfile = 'pamd_smtp';
285         if(is_file("$pam/smtp"))    copy("$pam/smtp", "$pam/smtp~");
286         if(is_file("$pam/smtp~"))   exec("chmod 400 $pam/smtp~");
287
615a0a 288         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
0711af 289         $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
T 290         $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
291         $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
292         $content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
293         wf("$pam/smtp", $content);
03bff7 294         // On some OSes smtp is world readable which allows for reading database information.  Removing world readable rights should have no effect.
T 295         if(is_file("$pam/smtp"))    exec("chmod o= $pam/smtp");
0711af 296     }
b1a6a5 297
0711af 298     public function configure_courier()
b1a6a5 299     {
0711af 300         global $conf;
T 301         $config_dir = $conf['courier']['config_dir'];
302         //* authmysqlrc
303         $configfile = 'authmysqlrc';
304         if(is_file("$config_dir/$configfile")){
b1a6a5 305             copy("$config_dir/$configfile", "$config_dir/$configfile~");
MC 306         }
0711af 307         exec("chmod 400 $config_dir/$configfile~");
615a0a 308         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
b1a6a5 309         $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC 310         $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
311         $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
312         $content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
82e9b9 313         $content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
0711af 314         wf("$config_dir/$configfile", $content);
b1a6a5 315
0711af 316         exec("chmod 660 $config_dir/$configfile");
T 317         exec("chown root:root $config_dir/$configfile");
b1a6a5 318
0711af 319         //* authdaemonrc
T 320         $configfile = $conf['courier']['config_dir'].'/authdaemonrc';
321         if(is_file($configfile)){
b1a6a5 322             copy($configfile, $configfile.'~');
MC 323         }
0711af 324         if(is_file($configfile.'~')){
b1a6a5 325             exec('chmod 400 '.$configfile.'~');
MC 326         }
0711af 327         $content = rf($configfile);
T 328         $content = str_replace('authmodulelist=', 'authmodulelist="authmysql"', $content);
329         wf($configfile, $content);
330     }
b1a6a5 331
0f2bb1 332     public function configure_dovecot()
b1a6a5 333     {
0f2bb1 334         global $conf;
b1a6a5 335
a8aad2 336         $virtual_transport = 'dovecot';
8b23f8 337
FS 338         $configure_lmtp = false;
a8aad2 339         
DM 340         // check if virtual_transport must be changed
341         if ($this->is_update) {
2af58c 342             $tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
a8aad2 343             $ini_array = ini_to_array(stripslashes($tmp['config']));
DM 344             // ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
345             
346             if(isset($ini_array['mail']['mailbox_virtual_uidgid_maps']) && $ini_array['mail']['mailbox_virtual_uidgid_maps'] == 'y') {
347                 $virtual_transport = 'lmtp:unix:private/dovecot-lmtp';
8b23f8 348                 $configure_lmtp = true;
a8aad2 349             }
DM 350         }
351
bd5d26 352         $config_dir = $conf['postfix']['config_dir'];
0f2bb1 353         //* Configure master.cf and add a line for deliver
bd5d26 354         if ($this->postfix_master()) {
FS 355             exec ("postconf -M dovecot.unix", $out, $ret);
356             $add_dovecot_service = @($out[0]=='')?true:false;
357         } else { //* fallback - postfix < 2.9
b1ae8f 358             $content = rf($config_dir.'/master.cf');
bd5d26 359             $add_dovecot_service = @(!stristr($content, "dovecot/deliver"))?true:false;
b1a6a5 360         }
bd5d26 361         if($add_dovecot_service) {
FS 362             //* backup
363             if(is_file($config_dir.'/master.cf')){
364                 copy($config_dir.'/master.cf', $config_dir.'/master.cf~2');
365             }
366             if(is_file($config_dir.'/master.cf~')){
367                 chmod($config_dir.'/master.cf~2', 0400);
368             }
369             //* Configure master.cf and add a line for deliver
370             $content = rf($conf["postfix"]["config_dir"].'/master.cf');
c12031 371             $deliver_content = 'dovecot   unix  -       n       n       -       -       pipe'."\n".'  flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop}';
b1a6a5 372             af($conf["postfix"]["config_dir"].'/master.cf', $deliver_content);
bd5d26 373             unset($content);
FS 374             unset($deliver_content);
0f2bb1 375         }
b1a6a5 376
0f2bb1 377         //* Reconfigure postfix to use dovecot authentication
T 378         // Adding the amavisd commands to the postfix configuration
379         $postconf_commands = array (
380             'dovecot_destination_recipient_limit = 1',
a8aad2 381             'virtual_transport = '.$virtual_transport,
0f2bb1 382             'smtpd_sasl_type = dovecot',
T 383             'smtpd_sasl_path = private/auth',
384         );
b1a6a5 385
0f2bb1 386         // Make a backup copy of the main.cf file
b1a6a5 387         copy($conf["postfix"]["config_dir"].'/main.cf', $conf["postfix"]["config_dir"].'/main.cf~3');
MC 388
0f2bb1 389         // Executing the postconf commands
T 390         foreach($postconf_commands as $cmd) {
391             $command = "postconf -e '$cmd'";
392             caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
393         }
bd5d26 394
FS 395         //* Use /etc/dovecot as config dir if exists
396 //        if(is_dir('/etc/dovecot')) $config_dir = '/etc/dovecot';
397         $config_dir = $conf['dovecot']['config_dir'];
b1a6a5 398
31e0d1 399         //* backup dovecot.conf
0f2bb1 400         $configfile = 'dovecot.conf';
T 401         if(is_file("$config_dir/$configfile")){
b1a6a5 402             copy("$config_dir/$configfile", "$config_dir/$configfile~");
MC 403         }
404
31e0d1 405         //* Get the dovecot version
b1a6a5 406         exec('dovecot --version', $tmp);
b79f6c 407         $dovecot_version = $tmp[0];
31e0d1 408         unset($tmp);
b1a6a5 409
31e0d1 410         //* Copy dovecot configuration file
b79f6c 411         if(version_compare($dovecot_version,2) >= 0) {
b1a6a5 412             if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot2.conf.master')) {
MC 413                 copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot2.conf.master', $config_dir.'/'.$configfile);
414             } else {
415                 copy('tpl/fedora_dovecot2.conf.master', $config_dir.'/'.$configfile);
416             }
b79f6c 417             if(version_compare($dovecot_version,2.1) < 0) {
TB 418                 removeLine($config_dir.'/'.$configfile, 'ssl_protocols =');
419             }
31e0d1 420         } else {
b1a6a5 421             if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot.conf.master')) {
MC 422                 copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot.conf.master', $config_dir.'/'.$configfile);
423             } else {
424                 copy('tpl/fedora_dovecot.conf.master', $config_dir.'/'.$configfile);
425             }
31e0d1 426         }
615a0a 427
8b23f8 428         //* dovecot-lmtpd
FS 429         if($configure_lmtp) {
430             replaceLine($config_dir.'/'.$configfile, 'protocols = imap pop3', 'protocols = imap pop3 lmtp', 1, 0);
431         }
432
0f2bb1 433         //* dovecot-sql.conf
T 434         $configfile = 'dovecot-sql.conf';
435         if(is_file("$config_dir/$configfile")){
b1a6a5 436             copy("$config_dir/$configfile", "$config_dir/$configfile~");
0f2bb1 437             exec("chmod 400 $config_dir/$configfile~");
b1a6a5 438         }
85f6fb 439         
TB 440         if(!@file_exists('/etc/dovecot-sql.conf')) exec('ln -s /etc/dovecot/dovecot-sql.conf /etc/dovecot-sql.conf');
b1a6a5 441
615a0a 442         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot-sql.conf.master', "tpl/fedora_dovecot-sql.conf.master");
b1a6a5 443         $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC 444         $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
445         $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
446         $content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
82e9b9 447         $content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
032b86 448         $content = str_replace('{server_id}', $conf['server_id'], $content);
0f2bb1 449         wf("$config_dir/$configfile", $content);
b1a6a5 450
0f2bb1 451         exec("chmod 600 $config_dir/$configfile");
T 452         exec("chown root:root $config_dir/$configfile");
5e7306 453         
TB 454         // Dovecot shall ignore mounts in website directory
85f6fb 455         if(is_installed('doveadm')) exec("doveadm mount add '/var/www/*' ignore > /dev/null 2> /dev/null");
0f2bb1 456
T 457     }
b1a6a5 458
0711af 459     public function configure_amavis() {
T 460         global $conf;
b1a6a5 461
0711af 462         // amavisd user config file
T 463         $configfile = 'fedora_amavisd_conf';
b1a6a5 464         if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf')) copy($conf["amavis"]["config_dir"].'/amavisd.conf', $conf["amavis"]["config_dir"].'/amavisd.conf~');
0711af 465         if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf~')) exec('chmod 400 '.$conf["amavis"]["config_dir"].'/amavisd.conf~');
615a0a 466         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/".$configfile.".master");
b1a6a5 467         $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC 468         $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
469         $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
470         $content = str_replace('{mysql_server_port}', $conf["mysql"]["port"], $content);
471         $content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
472         $content = str_replace('{hostname}', $conf['hostname'], $content);
473         wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content);
c83951 474         chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
b1a6a5 475
MC 476
0711af 477         // Adding the amavisd commands to the postfix configuration
T 478         $postconf_commands = array (
479             'content_filter = amavis:[127.0.0.1]:10024',
480             'receive_override_options = no_address_mappings'
481         );
b1a6a5 482
0711af 483         // Make a backup copy of the main.cf file
b1a6a5 484         copy($conf["postfix"]["config_dir"].'/main.cf', $conf["postfix"]["config_dir"].'/main.cf~2');
MC 485
0711af 486         // Executing the postconf commands
T 487         foreach($postconf_commands as $cmd) {
488             $command = "postconf -e '$cmd'";
489             caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
490         }
b1a6a5 491
bd5d26 492         $config_dir = $conf['postfix']['config_dir'];
FS 493
494         // Adding amavis-services to the master.cf file if the service does not already exists
495         if ($this->postfix_master()) {
496             exec ("postconf -M amavis.unix", $out, $ret);
497             $add_amavis = @($out[0]=='')?true:false;
498             unset($out);
499             exec ("postconf -M 127.0.0.1:10025.inet", $out, $ret);
500             $add_amavis_10025 = @($out[0]=='')?true:false;
501             unset($out);
502             exec ("postconf -M 127.0.0.1:10027.inet", $out, $ret);
503             $add_amavis_10027 = @($out[0]=='')?true:false;
504             unset($out);
505         } else { //* fallback - postfix < 2.9
44ae08 506             $content = rf($conf['postfix']['config_dir'].'/master.cf');
bd5d26 507             $add_amavis = @(!preg_match('/^amavis\s+unix\s+/m', $content))?true:false;
FS 508             $add_amavis_10025 = @(!preg_match('/^127.0.0.1:10025\s+/m', $content))?true:false;
509             $add_amavis_10027 = @(!preg_match('/^127.0.0.1:10027\s+/m', $content))?true:false;
44ae08 510         }
bd5d26 511
FS 512         if ($add_amavis || $add_amavis_10025 || $add_amavis_10027) {
513             //* backup master.cf
514             if(is_file($config_dir.'/master.cf')) copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
515             // adjust amavis-config
516             if($add_amavis) {
517                 $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis.master', 'tpl/master_cf_amavis.master');
518                 af($config_dir.'/master.cf', $content);
519                 unset($content);
520             }
521             if ($add_amavis_10025) {
522                 $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10025.master', 'tpl/master_cf_amavis10025.master');
523                 af($config_dir.'/master.cf', $content);
524                 unset($content);
525             }
526             if ($add_amavis_10027) {
527                 $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10027.master', 'tpl/master_cf_amavis10027.master');
528                 af($config_dir.'/master.cf', $content);
529                 unset($content);
530             }
44ae08 531         }
b1a6a5 532
MC 533         removeLine('/etc/sysconfig/freshclam', 'FRESHCLAM_DELAY=disabled-warn   # REMOVE ME', 1);
534         replaceLine('/etc/freshclam.conf', 'Example', '# Example', 1);
535
0711af 536         // Add the clamav user to the vscan group
T 537         //exec('groupmod --add-user clamav vscan');
b1a6a5 538
MC 539
0711af 540     }
b1a6a5 541
0711af 542     public function configure_spamassassin()
b1a6a5 543     {
0711af 544         global $conf;
b1a6a5 545
0711af 546         //* Enable spamasasssin on debian and ubuntu
T 547         /*
548         $configfile = '/etc/default/spamassassin';
549         if(is_file($configfile)){
550             copy($configfile, $configfile.'~');
551         }
552         $content = rf($configfile);
553         $content = str_replace('ENABLED=0', 'ENABLED=1', $content);
554         wf($configfile, $content);
555         */
556     }
b1a6a5 557
0711af 558     public function configure_getmail()
b1a6a5 559     {
0711af 560         global $conf;
b1a6a5 561
0711af 562         $config_dir = $conf['getmail']['config_dir'];
b1a6a5 563
0711af 564         if(!is_dir($config_dir)) exec("mkdir -p ".escapeshellcmd($config_dir));
T 565
566         $command = "useradd -d $config_dir getmail";
392450 567         if(!is_user('getmail')) caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 568
0711af 569         $command = "chown -R getmail $config_dir";
T 570         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 571
0711af 572         $command = "chmod -R 700 $config_dir";
T 573         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
574     }
b1a6a5 575
MC 576
0711af 577     public function configure_pureftpd()
b1a6a5 578     {
0711af 579         global $conf;
b1a6a5 580
0711af 581         $config_dir = $conf['pureftpd']['config_dir'];
T 582
583         //* configure pam for SMTP authentication agains the ispconfig database
584         $configfile = 'pureftpd-mysql.conf';
585         if(is_file("$config_dir/$configfile")){
b1a6a5 586             copy("$config_dir/$configfile", "$config_dir/$configfile~");
MC 587         }
0711af 588         if(is_file("$config_dir/$configfile~")){
b1a6a5 589             exec("chmod 400 $config_dir/$configfile~");
MC 590         }
615a0a 591         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/pureftpd_mysql.conf.master', 'tpl/pureftpd_mysql.conf.master');
0711af 592         $content = str_replace('{mysql_server_ispconfig_user}', $conf["mysql"]["ispconfig_user"], $content);
T 593         $content = str_replace('{mysql_server_ispconfig_password}', $conf["mysql"]["ispconfig_password"], $content);
594         $content = str_replace('{mysql_server_database}', $conf["mysql"]["database"], $content);
595         $content = str_replace('{mysql_server_ip}', $conf["mysql"]["ip"], $content);
596         $content = str_replace('{server_id}', $conf["server_id"], $content);
597         wf("$config_dir/$configfile", $content);
598         exec("chmod 600 $config_dir/$configfile");
599         exec("chown root:root $config_dir/$configfile");
b1a6a5 600
0711af 601         // copy our customized copy of pureftpd.conf to the pure-ftpd config directory
615a0a 602         if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_pureftpd_conf.master')) {
b1a6a5 603             exec("cp " . $conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_pureftpd_conf.master ' . "$config_dir/pure-ftpd.conf");
MC 604         }else {
605             exec("cp tpl/fedora_pureftpd_conf.master $config_dir/pure-ftpd.conf");
606         }
607
0711af 608     }
b1a6a5 609
0711af 610     public function configure_mydns()
b1a6a5 611     {
0711af 612         global $conf;
b1a6a5 613
0711af 614         // configure mydns
T 615         $configfile = 'mydns.conf';
b1a6a5 616         if(is_file($conf["mydns"]["config_dir"].'/'.$configfile)) copy($conf["mydns"]["config_dir"].'/'.$configfile, $conf["mydns"]["config_dir"].'/'.$configfile.'~');
0711af 617         if(is_file($conf["mydns"]["config_dir"].'/'.$configfile.'~')) exec('chmod 400 '.$conf["mydns"]["config_dir"].'/'.$configfile.'~');
615a0a 618         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/".$configfile.".master");
b1a6a5 619         $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC 620         $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
621         $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
622         $content = str_replace('{mysql_server_host}', $conf["mysql"]["host"], $content);
223c56 623         $content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
b1a6a5 624         $content = str_replace('{server_id}', $conf["server_id"], $content);
MC 625         wf($conf["mydns"]["config_dir"].'/'.$configfile, $content);
0711af 626         exec('chmod 600 '.$conf["mydns"]["config_dir"].'/'.$configfile);
T 627         exec('chown root:root '.$conf["mydns"]["config_dir"].'/'.$configfile);
b1a6a5 628
0711af 629     }
b1a6a5 630
0f2bb1 631     public function configure_bind() {
T 632         global $conf;
b1a6a5 633
0f2bb1 634         // add the include line at the end of named.conf.
b1a6a5 635         replaceLine('/etc/named.conf', 'include "/etc/named.conf.local";', 'include "/etc/named.conf.local";', 0, 1);
fd4cfd 636
D 637         //* Check if the zonefile directory has a slash at the end
638         $content=$conf['bind']['bind_zonefiles_dir'];
b1a6a5 639         if(substr($content, -1, 1) != '/') {
fd4cfd 640             $content .= '/';
D 641         }
642
643         //* Create the slave subdirectory
644         $content .= 'slave';
645         $content_mkdir = 'mkdir -p '.$content;
646         exec($content_mkdir);
647
648         //* Chown the slave subdirectory to $conf['bind']['bind_user']
649         exec('chown '.$conf['bind']['bind_user'].':'.$conf['bind']['bind_group'].' '.$content);
fc7f1b 650         exec('chmod 2770 '.$content);
b1a6a5 651
0f2bb1 652     }
b1a6a5 653
0711af 654     public function configure_apache()
b1a6a5 655     {
0711af 656         global $conf;
b1a6a5 657
1bd269 658         if($conf['apache']['installed'] == false) return;
bde98e 659         if(is_file('/etc/suphp.conf')) {
4c7fd5 660             //replaceLine('/etc/suphp.conf','php=php:/usr/bin','x-httpd-suphp=php:/usr/bin/php-cgi',0);
b1a6a5 661             replaceLine('/etc/suphp.conf', 'docroot=', 'docroot=/var/www', 0);
MC 662             replaceLine('/etc/suphp.conf', 'umask=0077', 'umask=0022', 0);
bde98e 663         }
b1a6a5 664
0711af 665         //* Create the logging directory for the vhost logfiles
T 666         exec('mkdir -p /var/log/ispconfig/httpd');
b1a6a5 667
0711af 668         // Sites enabled and avaulable dirs
T 669         exec('mkdir -p '.$conf['apache']['vhost_conf_enabled_dir']);
670         exec('mkdir -p '.$conf['apache']['vhost_conf_dir']);
b1a6a5 671
0711af 672         $content = rf('/etc/httpd/conf/httpd.conf');
b1a6a5 673         if(!stristr($content, 'Include /etc/httpd/conf/sites-enabled/')) {
MC 674             af('/etc/httpd/conf/httpd.conf', "\nNameVirtualHost *:80\nNameVirtualHost *:443\nInclude /etc/httpd/conf/sites-enabled/\n\n");
0711af 675         }
T 676         unset($content);
b1a6a5 677
9de0c4 678         //* Copy the ISPConfig configuration include
b1a6a5 679         $vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
MC 680         $vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
681
ccbf14 682         $tpl = new tpl('apache_ispconfig.conf.master');
TB 683         $tpl->setVar('apache_version',getapacheversion());
684         
2af58c 685         $records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);
ccbf14 686         $ip_addresses = array();
TB 687         
fb3a98 688         if(is_array($records) && count($records) > 0) {
86e3bb 689             foreach($records as $rec) {
a2156e 690                 if($rec['ip_type'] == 'IPv6') {
T 691                     $ip_address = '['.$rec['ip_address'].']';
692                 } else {
693                     $ip_address = $rec['ip_address'];
694                 }
b1a6a5 695                 $ports = explode(',', $rec['virtualhost_port']);
a2156e 696                 if(is_array($ports)) {
T 697                     foreach($ports as $port) {
698                         $port = intval($port);
699                         if($port > 0 && $port < 65536 && $ip_address != '') {
ccbf14 700                             $ip_addresses[] = array('ip_address' => $ip_address, 'port' => $port);
a2156e 701                         }
T 702                     }
703                 }
86e3bb 704             }
T 705         }
855547 706         
3de838 707         if(count($ip_addresses) > 0) $tpl->setLoop('ip_adresses',$ip_addresses);
b1a6a5 708
ccbf14 709         wf($vhost_conf_dir.'/ispconfig.conf', $tpl->grab());
TB 710         unset($tpl);
b1a6a5 711
9de0c4 712         if(!@is_link($vhost_conf_enabled_dir."/000-ispconfig.conf")) {
T 713             exec("ln -s ".$vhost_conf_dir."/ispconfig.conf ".$vhost_conf_enabled_dir."/000-ispconfig.conf");
714         }
b1a6a5 715
99d5dc 716         //* make sure that webalizer finds its config file when it is directly in /etc
T 717         if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
718             exec('mkdir /etc/webalizer');
719             exec('ln -s /etc/webalizer.conf /etc/webalizer/webalizer.conf');
720         }
b1a6a5 721
99d5dc 722         if(is_file('/etc/webalizer/webalizer.conf')) {
T 723             // Change webalizer mode to incremental
b1a6a5 724             replaceLine('/etc/webalizer/webalizer.conf', '#IncrementalName', 'IncrementalName webalizer.current', 0, 0);
MC 725             replaceLine('/etc/webalizer/webalizer.conf', '#Incremental', 'Incremental     yes', 0, 0);
726             replaceLine('/etc/webalizer/webalizer.conf', '#HistoryName', 'HistoryName     webalizer.hist', 0, 0);
99d5dc 727         }
b1a6a5 728
6b029a 729         //* add a sshusers group
T 730         $command = 'groupadd sshusers';
731         if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 732
0711af 733     }
b1a6a5 734
d95ed9 735     public function configure_nginx(){
F 736         global $conf;
b1a6a5 737
d95ed9 738         if($conf['nginx']['installed'] == false) return;
F 739         //* Create the logging directory for the vhost logfiles
740         if(!@is_dir($conf['ispconfig_log_dir'].'/httpd')) mkdir($conf['ispconfig_log_dir'].'/httpd', 0755, true);
b1a6a5 741
d95ed9 742         // Sites enabled and avaulable dirs
F 743         exec('mkdir -p '.$conf['nginx']['vhost_conf_enabled_dir']);
744         exec('mkdir -p '.$conf['nginx']['vhost_conf_dir']);
745
b1a6a5 746         wf('/etc/nginx/conf.d/ispconfig_vhosts.conf', "include /etc/nginx/sites-enabled/*.vhost;");
d95ed9 747
F 748         //* make sure that webalizer finds its config file when it is directly in /etc
749         if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
750             mkdir('/etc/webalizer');
b1a6a5 751             symlink('/etc/webalizer.conf', '/etc/webalizer/webalizer.conf');
d95ed9 752         }
F 753
754         if(is_file('/etc/webalizer/webalizer.conf')) {
755             // Change webalizer mode to incremental
b1a6a5 756             replaceLine('/etc/webalizer/webalizer.conf', '#IncrementalName', 'IncrementalName webalizer.current', 0, 0);
MC 757             replaceLine('/etc/webalizer/webalizer.conf', '#Incremental', 'Incremental     yes', 0, 0);
758             replaceLine('/etc/webalizer/webalizer.conf', '#HistoryName', 'HistoryName     webalizer.hist', 0, 0);
d95ed9 759         }
b1a6a5 760
d95ed9 761         // Check the awsatst script
F 762         if(!is_dir('/usr/share/awstats/tools')) exec('mkdir -p /usr/share/awstats/tools');
b1a6a5 763         if(!file_exists('/usr/share/awstats/tools/awstats_buildstaticpages.pl') && file_exists('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl')) symlink('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl', '/usr/share/awstats/tools/awstats_buildstaticpages.pl');
MC 764         if(file_exists('/etc/awstats/awstats.conf.local')) replaceLine('/etc/awstats/awstats.conf.local', 'LogFormat=4', 'LogFormat=1', 0, 1);
765
d95ed9 766         //* add a sshusers group
F 767         $command = 'groupadd sshusers';
768         if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
769     }
b1a6a5 770
ca2165 771     public function configure_bastille_firewall()
0711af 772     {
T 773         global $conf;
b1a6a5 774
0711af 775         $dist_init_scripts = $conf['init_scripts'];
b1a6a5 776
0711af 777         if(is_dir("/etc/Bastille.backup")) caselog("rm -rf /etc/Bastille.backup", __FILE__, __LINE__);
T 778         if(is_dir("/etc/Bastille")) caselog("mv -f /etc/Bastille /etc/Bastille.backup", __FILE__, __LINE__);
b1a6a5 779         @mkdir("/etc/Bastille", octdec($directory_mode));
MC 780         if(is_dir("/etc/Bastille.backup/firewall.d")) caselog("cp -pfr /etc/Bastille.backup/firewall.d /etc/Bastille/", __FILE__, __LINE__);
781         if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/bastille-firewall.cfg.master')) {
782             caselog("cp -f " . $conf['ispconfig_install_dir']."/server/conf-custom/install/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
783         } else {
784             caselog("cp -f tpl/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
785         }
786         caselog("chmod 644 /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
787         $content = rf("/etc/Bastille/bastille-firewall.cfg");
788         $content = str_replace("{DNS_SERVERS}", "", $content);
0711af 789
b1a6a5 790         $tcp_public_services = '';
MC 791         $udp_public_services = '';
792
2af58c 793         $row = $this->db->queryOneRecord('SELECT * FROM ?? WHERE server_id = ?', $conf["mysql"]["database"] . '.firewall', $conf['server_id']);
b1a6a5 794
MC 795         if(trim($row["tcp_port"]) != '' || trim($row["udp_port"]) != ''){
796             $tcp_public_services = trim(str_replace(',', ' ', $row["tcp_port"]));
797             $udp_public_services = trim(str_replace(',', ' ', $row["udp_port"]));
798         } else {
799             $tcp_public_services = '21 22 25 53 80 110 443 3306 8080 10000';
800             $udp_public_services = '53';
801         }
9ce725 802         if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) {
96cc31 803             $tcp_public_services .= ' '.intval($conf['apache']['vhost_port']);
2af58c 804             if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ? WHERE server_id = ?", ',' . intval($conf['apache']['vhost_port']), $conf['server_id']);
9ce725 805         }
0711af 806
b1a6a5 807         $content = str_replace("{TCP_PUBLIC_SERVICES}", $tcp_public_services, $content);
MC 808         $content = str_replace("{UDP_PUBLIC_SERVICES}", $udp_public_services, $content);
0711af 809
b1a6a5 810         wf("/etc/Bastille/bastille-firewall.cfg", $content);
0711af 811
b1a6a5 812         if(is_file($dist_init_scripts."/bastille-firewall")) caselog("mv -f $dist_init_scripts/bastille-firewall $dist_init_scripts/bastille-firewall.backup", __FILE__, __LINE__);
MC 813         caselog("cp -f apps/bastille-firewall $dist_init_scripts", __FILE__, __LINE__);
814         caselog("chmod 700 $dist_init_scripts/bastille-firewall", __FILE__, __LINE__);
0711af 815
b1a6a5 816         if(is_file("/sbin/bastille-ipchains")) caselog("mv -f /sbin/bastille-ipchains /sbin/bastille-ipchains.backup", __FILE__, __LINE__);
MC 817         caselog("cp -f apps/bastille-ipchains /sbin", __FILE__, __LINE__);
818         caselog("chmod 700 /sbin/bastille-ipchains", __FILE__, __LINE__);
819
820         if(is_file("/sbin/bastille-netfilter")) caselog("mv -f /sbin/bastille-netfilter /sbin/bastille-netfilter.backup", __FILE__, __LINE__);
821         caselog("cp -f apps/bastille-netfilter /sbin", __FILE__, __LINE__);
822         caselog("chmod 700 /sbin/bastille-netfilter", __FILE__, __LINE__);
823
0711af 824         if(!@is_dir('/var/lock/subsys')) caselog("mkdir /var/lock/subsys", __FILE__, __LINE__);
T 825
b1a6a5 826         exec("which ipchains &> /dev/null", $ipchains_location, $ret_val);
MC 827         if(!is_file("/sbin/ipchains") && !is_link("/sbin/ipchains") && $ret_val == 0) phpcaselog(@symlink(shell_exec("which ipchains"), "/sbin/ipchains"), 'create symlink', __FILE__, __LINE__);
828         unset($ipchains_location);
829         exec("which iptables &> /dev/null", $iptables_location, $ret_val);
830         if(!is_file("/sbin/iptables") && !is_link("/sbin/iptables") && $ret_val == 0) phpcaselog(@symlink(trim(shell_exec("which iptables")), "/sbin/iptables"), 'create symlink', __FILE__, __LINE__);
831         unset($iptables_location);
0711af 832
T 833     }
b1a6a5 834
0711af 835     public function install_ispconfig()
b1a6a5 836     {
0711af 837         global $conf;
b1a6a5 838
0711af 839         $install_dir = $conf['ispconfig_install_dir'];
T 840
841         //* Create the ISPConfig installation directory
842         if(!@is_dir("$install_dir")) {
843             $command = "mkdir $install_dir";
844             caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
845         }
b1a6a5 846
0711af 847         //* Create a ISPConfig user and group
T 848         $command = 'groupadd ispconfig';
392450 849         if(!is_group('ispconfig')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 850
0711af 851         $command = "useradd -g ispconfig -d $install_dir ispconfig";
392450 852         if(!is_user('ispconfig')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 853
0711af 854         //* copy the ISPConfig interface part
T 855         $command = "cp -rf ../interface $install_dir";
856         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 857
0711af 858         //* copy the ISPConfig server part
T 859         $command = "cp -rf ../server $install_dir";
860         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
a13af2 861         
fb6c56 862         //* Make a backup of the security settings
TB 863         if(is_file('/usr/local/ispconfig/security/security_settings.ini')) copy('/usr/local/ispconfig/security/security_settings.ini','/usr/local/ispconfig/security/security_settings.ini~');
864         
a13af2 865         //* copy the ISPConfig security part
TB 866         $command = 'cp -rf ../security '.$install_dir;
867         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
fb6c56 868         
TB 869         //* Apply changed security_settings.ini values to new security_settings.ini file
870         if(is_file('/usr/local/ispconfig/security/security_settings.ini~')) {
871             $security_settings_old = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini~'));
872             $security_settings_new = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini'));
873             if(is_array($security_settings_new) && is_array($security_settings_old)) {
874                 foreach($security_settings_new as $section => $sval) {
875                     if(is_array($sval)) {
876                         foreach($sval as $key => $val) {
877                             if(isset($security_settings_old[$section]) && isset($security_settings_old[$section][$key])) {
878                                 $security_settings_new[$section][$key] = $security_settings_old[$section][$key];
879                             }
880                         }
881                     }
882                 }
883                 file_put_contents('/usr/local/ispconfig/security/security_settings.ini',array_to_ini($security_settings_new));
884             }
885         }
b1a6a5 886
0711af 887         //* Create a symlink, so ISPConfig is accessible via web
T 888         // Replaced by a separate vhost definition for port 8080
889         // $command = "ln -s $install_dir/interface/web/ /var/www/ispconfig";
890         // caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 891
0711af 892         //* Create the config file for ISPConfig interface
T 893         $configfile = 'config.inc.php';
894         if(is_file($install_dir.'/interface/lib/'.$configfile)){
b1a6a5 895             copy("$install_dir/interface/lib/$configfile", "$install_dir/interface/lib/$configfile~");
MC 896         }
615a0a 897         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
0711af 898         $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
b1a6a5 899         $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
0711af 900         $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
T 901         $content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
82e9b9 902         $content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
b1a6a5 903
12e3ba 904         $content = str_replace('{mysql_master_server_ispconfig_user}', $conf['mysql']['master_ispconfig_user'], $content);
T 905         $content = str_replace('{mysql_master_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content);
906         $content = str_replace('{mysql_master_server_database}', $conf['mysql']['master_database'], $content);
907         $content = str_replace('{mysql_master_server_host}', $conf['mysql']['master_host'], $content);
82e9b9 908         $content = str_replace('{mysql_master_server_port}', $conf['mysql']['master_port'], $content);
b1a6a5 909
7c3b60 910         $content = str_replace('{server_id}', $conf['server_id'], $content);
0711af 911         $content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
56f1f4 912         $content = str_replace('{language}', $conf['language'], $content);
8cf78b 913         $content = str_replace('{timezone}', $conf['timezone'], $content);
41eaa8 914         $content = str_replace('{theme}', $conf['theme'], $content);
992797 915         $content = str_replace('{language_file_import_enabled}', ($conf['language_file_import_enabled'] == true)?'true':'false', $content);
b1a6a5 916
0711af 917         wf("$install_dir/interface/lib/$configfile", $content);
b1a6a5 918
0711af 919         //* Create the config file for ISPConfig server
T 920         $configfile = 'config.inc.php';
921         if(is_file($install_dir.'/server/lib/'.$configfile)){
b1a6a5 922             copy("$install_dir/server/lib/$configfile", "$install_dir/interface/lib/$configfile~");
MC 923         }
615a0a 924         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
0711af 925         $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
T 926         $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
927         $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
928         $content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
82e9b9 929         $content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
b1a6a5 930
12e3ba 931         $content = str_replace('{mysql_master_server_ispconfig_user}', $conf['mysql']['master_ispconfig_user'], $content);
T 932         $content = str_replace('{mysql_master_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content);
933         $content = str_replace('{mysql_master_server_database}', $conf['mysql']['master_database'], $content);
934         $content = str_replace('{mysql_master_server_host}', $conf['mysql']['master_host'], $content);
82e9b9 935         $content = str_replace('{mysql_master_server_port}', $conf['mysql']['master_port'], $content);
b1a6a5 936
0711af 937         $content = str_replace('{server_id}', $conf['server_id'], $content);
T 938         $content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
5898e6 939         $content = str_replace('{language}', $conf['language'], $content);
8cf78b 940         $content = str_replace('{timezone}', $conf['timezone'], $content);
41eaa8 941         $content = str_replace('{theme}', $conf['theme'], $content);
992797 942         $content = str_replace('{language_file_import_enabled}', ($conf['language_file_import_enabled'] == true)?'true':'false', $content);
5c4d55 943
0711af 944         wf("$install_dir/server/lib/$configfile", $content);
b1a6a5 945
fb3a98 946         //* Create the config file for remote-actions (but only, if it does not exist, because
T 947         //  the value is a autoinc-value and so changed by the remoteaction_core_module
948         if (!file_exists($install_dir.'/server/lib/remote_action.inc.php')) {
949             $content = '<?php' . "\n" . '$maxid_remote_action = 0;' . "\n" . '?>';
950             wf($install_dir.'/server/lib/remote_action.inc.php', $content);
951         }
b1a6a5 952
0711af 953         //* Enable the server modules and plugins.
T 954         // TODO: Implement a selector which modules and plugins shall be enabled.
955         $dir = $install_dir.'/server/mods-available/';
956         if (is_dir($dir)) {
957             if ($dh = opendir($dir)) {
958                 while (($file = readdir($dh)) !== false) {
b1a6a5 959                     if($file != '.' && $file != '..' && substr($file, -8, 8) == '.inc.php') {
MC 960                         include_once $install_dir.'/server/mods-available/'.$file;
961                         $module_name = substr($file, 0, -8);
392450 962                         $tmp = new $module_name;
T 963                         if($tmp->onInstall()) {
964                             if(!@is_link($install_dir.'/server/mods-enabled/'.$file)) @symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-enabled/'.$file);
965                             if (strpos($file, '_core_module') !== false) {
966                                 if(!@is_link($install_dir.'/server/mods-core/'.$file)) @symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-core/'.$file);
967                             }
0d0cd9 968                         }
392450 969                         unset($tmp);
0711af 970                     }
T 971                 }
972                 closedir($dh);
973             }
974         }
b1a6a5 975
0711af 976         $dir = $install_dir.'/server/plugins-available/';
T 977         if (is_dir($dir)) {
978             if ($dh = opendir($dir)) {
979                 while (($file = readdir($dh)) !== false) {
1bd269 980                     if($conf['apache']['installed'] == true && $file == 'nginx_plugin.inc.php') continue;
F 981                     if($conf['nginx']['installed'] == true && $file == 'apache2_plugin.inc.php') continue;
b1a6a5 982                     if($file != '.' && $file != '..' && substr($file, -8, 8) == '.inc.php') {
MC 983                         include_once $install_dir.'/server/plugins-available/'.$file;
984                         $plugin_name = substr($file, 0, -8);
392450 985                         $tmp = new $plugin_name;
T 986                         if($tmp->onInstall()) {
987                             if(!@is_link($install_dir.'/server/plugins-enabled/'.$file)) @symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-enabled/'.$file);
988                             if (strpos($file, '_core_plugin') !== false) {
989                                 if(!@is_link($install_dir.'/server/plugins-core/'.$file)) @symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-core/'.$file);
990                             }
0d0cd9 991                         }
392450 992                         unset($tmp);
0711af 993                     }
T 994                 }
995                 closedir($dh);
996             }
997         }
b1a6a5 998
392450 999         // Update the server config
T 1000         $mail_server_enabled = ($conf['services']['mail'])?1:0;
1001         $web_server_enabled = ($conf['services']['web'])?1:0;
1002         $dns_server_enabled = ($conf['services']['dns'])?1:0;
1003         $file_server_enabled = ($conf['services']['file'])?1:0;
1004         $db_server_enabled = ($conf['services']['db'])?1:0;
1005         $vserver_server_enabled = ($conf['services']['vserver'])?1:0;
2af58c 1006         $sql = "UPDATE `server` SET mail_server = ?, web_server = ?, dns_server = ?, file_server = ?, db_server = ?, vserver_server = ? WHERE server_id = ?";
b1a6a5 1007
2af58c 1008         $this->db->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
392450 1009         if($conf['mysql']['master_slave_setup'] == 'y') {
2af58c 1010             $this->dbmaster->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
392450 1011         }
b1a6a5 1012
fa029b 1013         // chown install dir to root and chmod 755
3e0fc8 1014         $command = 'chown root:root '.$install_dir;
TB 1015         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
1016         $command = 'chmod 755 '.$install_dir;
0711af 1017         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
T 1018
fa029b 1019         //* Chmod the files and directories in the install dir
3e0fc8 1020         $command = 'chmod -R 750 '.$install_dir.'/*';
TB 1021         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
1022
1023         //* chown the interface files to the ispconfig user and group
1024         $command = 'chown -R ispconfig:ispconfig '.$install_dir.'/interface';
1025         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
1026         
1027         //* chown the server files to the root user and group
1028         $command = 'chown -R root:root '.$install_dir.'/server';
0711af 1029         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
fa029b 1030         
TB 1031         //* chown the security files to the root user and group
1032         $command = 'chown -R root:root '.$install_dir.'/security';
1033         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
1034         
1035         //* chown the security directory and security_settings.ini to root:ispconfig
1036         $command = 'chown root:ispconfig '.$install_dir.'/security/security_settings.ini';
1037         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
1038         $command = 'chown root:ispconfig '.$install_dir.'/security';
1039         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
cb1221 1040         $command = 'chown root:ispconfig '.$install_dir.'/security/ids.whitelist';
TB 1041         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
1042         $command = 'chown root:ispconfig '.$install_dir.'/security/ids.htmlfield';
1043         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
1044         $command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
0711af 1045         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 1046
0711af 1047         //* Make the global language file directory group writable
T 1048         exec("chmod -R 770 $install_dir/interface/lib/lang");
b1a6a5 1049
0711af 1050         //* Make the temp directory for language file exports writable
T 1051         exec("chmod -R 770 $install_dir/interface/web/temp");
b1a6a5 1052
0711af 1053         //* Make all interface language file directories group writable
T 1054         $handle = @opendir($install_dir.'/interface/web');
b1a6a5 1055         while ($file = @readdir($handle)) {
MC 1056             if ($file != '.' && $file != '..') {
1057                 if(@is_dir($install_dir.'/interface/web'.'/'.$file.'/lib/lang')) {
0711af 1058                     $handle2 = opendir($install_dir.'/interface/web'.'/'.$file.'/lib/lang');
b1a6a5 1059                     chmod($install_dir.'/interface/web'.'/'.$file.'/lib/lang', 0770);
MC 1060                     while ($lang_file = @readdir($handle2)) {
0711af 1061                         if ($lang_file != '.' && $lang_file != '..') {
b1a6a5 1062                             chmod($install_dir.'/interface/web'.'/'.$file.'/lib/lang/'.$lang_file, 0770);
0711af 1063                         }
T 1064                     }
1065                 }
1066             }
1067         }
b1a6a5 1068
477d4e 1069         //* Make the APS directories group writable
T 1070         exec("chmod -R 770 $install_dir/interface/web/sites/aps_meta_packages");
1071         exec("chmod -R 770 $install_dir/server/aps_packages");
b1a6a5 1072
0711af 1073         //* make sure that the server config file (not the interface one) is only readable by the root user
bfcdef 1074         chmod($install_dir.'/server/lib/config.inc.php', 0600);
T 1075         chown($install_dir.'/server/lib/config.inc.php', 'root');
1076         chgrp($install_dir.'/server/lib/config.inc.php', 'root');
b1a6a5 1077
bfcdef 1078         //* Make sure thet the interface config file is readable by user ispconfig only
T 1079         chmod($install_dir.'/interface/lib/config.inc.php', 0600);
1080         chown($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
1081         chgrp($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
b1a6a5 1082
0711af 1083         if(@is_file("$install_dir/server/lib/mysql_clientdb.conf")) {
T 1084             exec("chmod 600 $install_dir/server/lib/mysql_clientdb.conf");
1085             exec("chown root:root $install_dir/server/lib/mysql_clientdb.conf");
1086         }
980485 1087         
TB 1088         if(is_dir($install_dir.'/interface/invoices')) {
1089             exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
1090             exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
1091         }
1092         
1093         exec('chown -R root:root /usr/local/ispconfig/interface/ssl');
b1a6a5 1094
0711af 1095         // TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing
T 1096         // and must be fixed as this will allow the apache user to read the ispconfig files.
1097         // Later this must run as own apache server or via suexec!
63b369 1098         if($conf['apache']['installed'] == true){
F 1099             $command = 'usermod -a -G ispconfig '.$conf['apache']['user'];
1100             caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
272aec 1101             if(is_group('ispapps')){
F 1102                 $command = 'usermod -a -G ispapps '.$conf['apache']['user'];
1103                 caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
1104             }
63b369 1105         }
F 1106         if($conf['nginx']['installed'] == true){
1107             $command = 'usermod -a -G ispconfig '.$conf['nginx']['user'];
1108             caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
272aec 1109             if(is_group('ispapps')){
F 1110                 $command = 'usermod -a -G ispapps '.$conf['nginx']['user'];
1111                 caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
1112             }
63b369 1113         }
b1a6a5 1114
0711af 1115         //* Make the shell scripts executable
T 1116         $command = "chmod +x $install_dir/server/scripts/*.sh";
1117         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 1118
7e1cfb 1119         if($conf['apache']['installed'] == true && $this->install_ispconfig_interface == true){
1bd269 1120             //* Copy the ISPConfig vhost for the controlpanel
F 1121             // TODO: These are missing! should they be "vhost_dist_*_dir" ?
1122             $vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
1123             $vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
b1a6a5 1124
MC 1125
1bd269 1126             // Dont just copy over the virtualhost template but add some custom settings
ccbf14 1127             $tpl = new tpl('apache_ispconfig.vhost.master');
TB 1128             $tpl->setVar('vhost_port',$conf['apache']['vhost_port']);
b1a6a5 1129
1bd269 1130             // comment out the listen directive if port is 80 or 443
F 1131             if($conf['apache']['vhost_port'] == 80 or $conf['apache']['vhost_port'] == 443) {
ccbf14 1132                 $tpl->setVar('vhost_port_listen','#');
1bd269 1133             } else {
ccbf14 1134                 $tpl->setVar('vhost_port_listen','');
1bd269 1135             }
b1a6a5 1136
ccbf14 1137             if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
TB 1138                 $tpl->setVar('ssl_comment','');
1bd269 1139             } else {
ccbf14 1140                 $tpl->setVar('ssl_comment','#');
1bd269 1141             }
10b4c8 1142             if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key') && is_file($install_dir.'/interface/ssl/ispserver.bundle')) {
ccbf14 1143                 $tpl->setVar('ssl_bundle_comment','');
10b4c8 1144             } else {
ccbf14 1145                 $tpl->setVar('ssl_bundle_comment','#');
10b4c8 1146             }
ccbf14 1147             
TB 1148             $tpl->setVar('apache_version',getapacheversion());
b1a6a5 1149
ccbf14 1150             wf($vhost_conf_dir.'/ispconfig.vhost', $tpl->grab());
b1a6a5 1151
1bd269 1152             //copy('tpl/apache_ispconfig.vhost.master', "$vhost_conf_dir/ispconfig.vhost");
F 1153             //* and create the symlink
cc6568 1154             //if($this->is_update == false) {
b1a6a5 1155             if(@is_link("$vhost_conf_enabled_dir/ispconfig.vhost")) unlink("$vhost_conf_enabled_dir/ispconfig.vhost");
MC 1156             if(!@is_link("$vhost_conf_enabled_dir/000-ispconfig.vhost")) {
1157                 exec("ln -s $vhost_conf_dir/ispconfig.vhost $vhost_conf_enabled_dir/000-ispconfig.vhost");
1158             }
1159
1160             /*
1bd269 1161                 exec('mkdir -p /var/www/php-fcgi-scripts/ispconfig');
F 1162                 exec('cp tpl/apache_ispconfig_fcgi_starter.master /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');
1163                 exec('chmod +x /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');
1164                 exec('ln -s /usr/local/ispconfig/interface/web /var/www/ispconfig');
1165                 exec('chown -R ispconfig:ispconfig /var/www/php-fcgi-scripts/ispconfig');
b1a6a5 1166
1bd269 1167                 replaceLine('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter','PHPRC=','PHPRC=/etc/',0,0);
526b99 1168                 */
b1a6a5 1169             //if(!is_file('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter')) {
MC 1170             $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/apache_ispconfig_fcgi_starter.master', 'tpl/apache_ispconfig_fcgi_starter.master');
1171             $content = str_replace('{fastcgi_bin}', $conf['fastcgi']['fastcgi_bin'], $content);
1172             $content = str_replace('{fastcgi_phpini_path}', $conf['fastcgi']['fastcgi_phpini_path'], $content);
1173             if(!is_dir('/var/www/php-fcgi-scripts/ispconfig')) exec('mkdir -p /var/www/php-fcgi-scripts/ispconfig');
1174             wf('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter', $content);
1175             exec('chmod +x /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');
1176             if(!is_link('/var/www/ispconfig')) exec('ln -s /usr/local/ispconfig/interface/web /var/www/ispconfig');
1177             exec('chown -R ispconfig:ispconfig /var/www/php-fcgi-scripts/ispconfig');
1178             //}
cc6568 1179             //}
f6d745 1180         }
b1a6a5 1181
7e1cfb 1182         if($conf['nginx']['installed'] == true && $this->install_ispconfig_interface == true){
1bd269 1183             //* Copy the ISPConfig vhost for the controlpanel
F 1184             $vhost_conf_dir = $conf['nginx']['vhost_conf_dir'];
1185             $vhost_conf_enabled_dir = $conf['nginx']['vhost_conf_enabled_dir'];
1186
1187             // Dont just copy over the virtualhost template but add some custom settings
615a0a 1188             $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/nginx_ispconfig.vhost.master', 'tpl/nginx_ispconfig.vhost.master');
1bd269 1189             $content = str_replace('{vhost_port}', $conf['nginx']['vhost_port'], $content);
b1a6a5 1190
1bd269 1191             if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
10b4c8 1192                 $content = str_replace('{ssl_on}', ' on', $content);
1bd269 1193                 $content = str_replace('{ssl_comment}', '', $content);
F 1194                 $content = str_replace('{fastcgi_ssl}', 'on', $content);
1195             } else {
10b4c8 1196                 $content = str_replace('{ssl_on}', ' off', $content);
1bd269 1197                 $content = str_replace('{ssl_comment}', '#', $content);
F 1198                 $content = str_replace('{fastcgi_ssl}', 'off', $content);
0711af 1199             }
b1a6a5 1200
ca0b77 1201             $socket_dir = escapeshellcmd($conf['nginx']['php_fpm_socket_dir']);
b1a6a5 1202             if(substr($socket_dir, -1) != '/') $socket_dir .= '/';
ca0b77 1203             if(!is_dir($socket_dir)) exec('mkdir -p '.$socket_dir);
F 1204             $fpm_socket = $socket_dir.'ispconfig.sock';
b1a6a5 1205
ca0b77 1206             //$content = str_replace('{fpm_port}', $conf['nginx']['php_fpm_start_port'], $content);
F 1207             $content = str_replace('{fpm_socket}', $fpm_socket, $content);
1bd269 1208
F 1209             wf($vhost_conf_dir.'/ispconfig.vhost', $content);
b1a6a5 1210
1bd269 1211             unset($content);
b1a6a5 1212
1bd269 1213             // PHP-FPM
F 1214             // Dont just copy over the php-fpm pool template but add some custom settings
615a0a 1215             $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/php_fpm_pool.conf.master', 'tpl/php_fpm_pool.conf.master');
1bd269 1216             $content = str_replace('{fpm_pool}', 'ispconfig', $content);
ca0b77 1217             //$content = str_replace('{fpm_port}', $conf['nginx']['php_fpm_start_port'], $content);
F 1218             $content = str_replace('{fpm_socket}', $fpm_socket, $content);
1bd269 1219             $content = str_replace('{fpm_user}', 'ispconfig', $content);
F 1220             $content = str_replace('{fpm_group}', 'ispconfig', $content);
1221             wf($conf['nginx']['php_fpm_pool_dir'].'/ispconfig.conf', $content);
1222
1223             //copy('tpl/nginx_ispconfig.vhost.master', $vhost_conf_dir.'/ispconfig.vhost');
1224             //* and create the symlink
7e1cfb 1225             if($this->is_update == false) {
1bd269 1226                 if(@is_link($vhost_conf_enabled_dir.'/ispconfig.vhost')) unlink($vhost_conf_enabled_dir.'/ispconfig.vhost');
F 1227                 if(!@is_link($vhost_conf_enabled_dir.'/000-ispconfig.vhost')) {
b1a6a5 1228                     symlink($vhost_conf_dir.'/ispconfig.vhost', $vhost_conf_enabled_dir.'/000-ispconfig.vhost');
1bd269 1229                 }
76f197 1230             }
b1a6a5 1231
3b273a 1232             // create symlink from /usr/share/phpmyadmin to /usr/share/phpMyAdmin, if it is installed
b1a6a5 1233             if(!@file_exists('/usr/share/phpmyadmin') && @is_dir('/usr/share/phpMyAdmin')) symlink('/usr/share/phpMyAdmin/', '/usr/share/phpmyadmin');
0711af 1234         }
b1a6a5 1235
0711af 1236         // Make the Clamav log files readable by ISPConfig
T 1237         //exec('chmod +r /var/log/clamav/clamav.log');
1238         //exec('chmod +r /var/log/clamav/freshclam.log');
b1a6a5 1239
66768a 1240         //* Install the update script
b34f99 1241         if(is_file('/usr/local/bin/ispconfig_update_from_dev.sh')) unlink('/usr/local/bin/ispconfig_update_from_dev.sh');
MC 1242         exec('chown root /usr/local/ispconfig/server/scripts/update_from_dev.sh');
1243         exec('chmod 700 /usr/local/ispconfig/server/scripts/update_from_dev.sh');
66768a 1244         exec('chown root /usr/local/ispconfig/server/scripts/update_from_tgz.sh');
T 1245         exec('chmod 700 /usr/local/ispconfig/server/scripts/update_from_tgz.sh');
1246         exec('chown root /usr/local/ispconfig/server/scripts/ispconfig_update.sh');
1247         exec('chmod 700 /usr/local/ispconfig/server/scripts/ispconfig_update.sh');
b34f99 1248         if(!is_link('/usr/local/bin/ispconfig_update_from_dev.sh')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_update.sh /usr/local/bin/ispconfig_update_from_dev.sh');
608a8c 1249         if(!is_link('/usr/local/bin/ispconfig_update.sh')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_update.sh /usr/local/bin/ispconfig_update.sh');
b1a6a5 1250
76f197 1251         // set the fast cgi starter script to executable
T 1252         // exec('chmod 755 '.$install_dir.'/interface/bin/php-fcgi');
b1a6a5 1253
0711af 1254         //* Make the logs readable for the ispconfig user
T 1255         if(@is_file('/var/log/maillog')) exec('chmod +r /var/log/maillog');
1256         //if(@is_file('/var/log/mail.warn')) exec('chmod +r /var/log/mail.warn');
1257         //if(@is_file('/var/log/mail.err')) exec('chmod +r /var/log/mail.err');
1258         if(@is_file('/var/log/messages')) exec('chmod +r /var/log/messages');
b1a6a5 1259
0711af 1260         //To enable apache to read the directories
T 1261         // exec('chmod a+rx /usr/local/ispconfig');
1262         // exec('chmod -R 751 /usr/local/ispconfig/interface');
1263         // exec('chmod a+rx /usr/local/ispconfig/interface/web');
b1a6a5 1264
d9c8a7 1265         //* Create the ispconfig log directory
e38d14 1266         if(!is_dir($conf['ispconfig_log_dir'])) mkdir($conf['ispconfig_log_dir']);
J 1267         if(!is_file($conf['ispconfig_log_dir'].'/ispconfig.log')) exec('touch '.$conf['ispconfig_log_dir'].'/ispconfig.log');
b1a6a5 1268
0c5b42 1269         if(is_user('getmail')) {
T 1270             exec('mv /usr/local/ispconfig/server/scripts/run-getmail.sh /usr/local/bin/run-getmail.sh');
1271             exec('chown getmail /usr/local/bin/run-getmail.sh');
1272             exec('chmod 744 /usr/local/bin/run-getmail.sh');
1273         }
b1a6a5 1274
9f56bd 1275         // Edit the file Edit the file /etc/sudoers and comment out the requiregetty line, otherwise the backup function will fail
b1a6a5 1276         replaceLine('/etc/sudoers', 'Defaults    requiretty', '#Defaults    requiretty', 0, 0);
MC 1277
8cf78b 1278         if(is_dir($install_dir.'/interface/invoices')) {
e94a9f 1279             exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
T 1280             exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
edf806 1281         }
b1a6a5 1282
0799f8 1283         //* Create the ispconfig auth log file and set uid/gid
T 1284         if(!is_file($conf['ispconfig_log_dir'].'/auth.log')) {
1285             touch($conf['ispconfig_log_dir'].'/auth.log');
1286         }
1287         exec('chown ispconfig:ispconfig '. $conf['ispconfig_log_dir'].'/auth.log');
1288         exec('chmod 660 '. $conf['ispconfig_log_dir'].'/auth.log');
b1a6a5 1289
d71bae 1290         //* Remove Domain module as its functions are available in the client module now
T 1291         if(@is_dir('/usr/local/ispconfig/interface/web/domain')) exec('rm -rf /usr/local/ispconfig/interface/web/domain');
021aec 1292         
TB 1293         // Add symlink for patch tool
1294         if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch');
c83951 1295         
TB 1296         // Change mode of a few files from amavisd
1297         if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640);
1298         if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);
1299         if(is_file($conf['amavis']['config_dir'].'/amavisd.conf')) chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
1300         if(is_file($conf['amavis']['config_dir'].'/amavisd.conf~')) chmod($conf['amavis']['config_dir'].'/amavisd.conf~', 0400);
0711af 1301     }
T 1302 }
1303
fd4cfd 1304 ?>