gitlabFork/ISPConfig3.git - Solinfo Gitblit

- don't set password via remoting if field is empty

Marius Cramer

2015-08-06 37b29231e47a0c4458dc1c15d98588f16f07e1e2

commit \| author \| age
532ae5	1	<?php
L	2
	3	/*
	4	Copyright (c) 2007-2010, Till Brehm, projektfarm Gmbh
	5	All rights reserved.
	6
	7	Redistribution and use in source and binary forms, with or without modification,
	8	are permitted provided that the following conditions are met:
	9
	10	* Redistributions of source code must retain the above copyright notice,
	11	this list of conditions and the following disclaimer.
	12	* Redistributions in binary form must reproduce the above copyright notice,
	13	this list of conditions and the following disclaimer in the documentation
	14	and/or other materials provided with the distribution.
	15	* Neither the name of ISPConfig nor the names of its contributors
	16	may be used to endorse or promote products derived from this software without
	17	specific prior written permission.
	18
	19	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
	20	ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	21	WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	22	IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
	24	BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	25	DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
	26	OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
	27	NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
	28	EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	29	*/
	30
	31	class installer_base {
	32
	33	var $wb = array();
	34	var $language = 'en';
	35	var $db;
	36	public $conf;
	37	public $install_ispconfig_interface = true;
	38	public $is_update = false; // true if it is an update, falsi if it is a new install
223c56	39	protected $mailman_group = 'list';
532ae5	40
L	41
	42	public function __construct() {
	43	global $conf; //TODO: maybe $conf should be passed to constructor
	44	//$this->conf = $conf;
	45	}
	46
	47	//: TODO Implement the translation function and language files for the installer.
	48	public function lng($text) {
	49	return $text;
	50	}
	51
	52	public function error($msg) {
	53	die('ERROR: '.$msg."\n");
	54	}
	55
	56	public function warning($msg) {
b1a6a5	57	echo 'WARNING: '.$msg."\n";
532ae5	58	}
a8ccf6	59
b04e82	60	public function simple_query($query, $answers, $default, $name = '') {
TB	61	global $autoinstall;
532ae5	62	$finished = false;
L	63	do {
b04e82	64	if($name != '' && $autoinstall[$name] != '') {
TB	65	if($autoinstall[$name] == 'default') {
	66	$input = $default;
	67	} else {
	68	$input = $autoinstall[$name];
	69	}
	70	} else {
	71	$answers_str = implode(',', $answers);
	72	swrite($this->lng($query).' ('.$answers_str.') ['.$default.']: ');
	73	$input = sread();
	74	}
532ae5	75
L	76	//* Stop the installation
	77	if($input == 'quit') {
	78	swriteln($this->lng("Installation terminated by user.\n"));
	79	die();
	80	}
	81
	82	//* Select the default
	83	if($input == '') {
	84	$answer = $default;
	85	$finished = true;
	86	}
	87
	88	//* Set answer id valid
	89	if(in_array($input, $answers)) {
	90	$answer = $input;
	91	$finished = true;
	92	}
	93
	94	} while ($finished == false);
	95	swriteln();
	96	return $answer;
	97	}
	98
b04e82	99	public function free_query($query, $default, $name = '') {
TB	100	global $autoinstall;
	101	if($name != '' && $autoinstall[$name] != '') {
	102	if($autoinstall[$name] == 'default') {
	103	$input = $default;
	104	} else {
	105	$input = $autoinstall[$name];
	106	}
	107	} else {
	108	swrite($this->lng($query).' ['.$default.']: ');
	109	$input = sread();
	110	}
532ae5	111
L	112	//* Stop the installation
	113	if($input == 'quit') {
	114	swriteln($this->lng("Installation terminated by user.\n"));
	115	die();
	116	}
	117
	118	$answer = ($input == '') ? $default : $input;
	119	swriteln();
	120	return $answer;
	121	}
	122
	123	/*
	124	// TODO: this function is not used atmo I think - pedro
	125	function request_language(){
a8ccf6	126
532ae5	127	swriteln(lng('Enter your language'));
L	128	swriteln(lng('de, en'));
a8ccf6	129
532ae5	130	}
L	131	*/
	132
	133	//** Detect installed applications
	134	public function find_installed_apps() {
	135	global $conf;
	136
	137	if(is_installed('mysql') \|\| is_installed('mysqld')) $conf['mysql']['installed'] = true;
	138	if(is_installed('postfix')) $conf['postfix']['installed'] = true;
75722e	139	if(is_installed('postgrey')) $conf['postgrey']['installed'] = true;
a75c81	140	if(is_installed('mailman') \|\| is_installed('mmsitepass')) $conf['mailman']['installed'] = true;
e09a27	141	if(is_installed('apache') \|\| is_installed('apache2') \|\| is_installed('httpd') \|\| is_installed('httpd2')) $conf['apache']['installed'] = true;
532ae5	142	if(is_installed('getmail')) $conf['getmail']['installed'] = true;
1ca823	143	if(is_installed('courierlogger')) $conf['courier']['installed'] = true;
532ae5	144	if(is_installed('dovecot')) $conf['dovecot']['installed'] = true;
74d2dc	145	if(is_installed('saslauthd')) $conf['saslauthd']['installed'] = true;
ac28b5	146	if(is_installed('amavisd-new') \|\| is_installed('amavisd')) $conf['amavis']['installed'] = true;
532ae5	147	if(is_installed('clamdscan')) $conf['clamav']['installed'] = true;
L	148	if(is_installed('pure-ftpd') \|\| is_installed('pure-ftpd-wrapper')) $conf['pureftpd']['installed'] = true;
	149	if(is_installed('mydns') \|\| is_installed('mydns-ng')) $conf['mydns']['installed'] = true;
	150	if(is_installed('jk_chrootsh')) $conf['jailkit']['installed'] = true;
	151	if(is_installed('pdns_server') \|\| is_installed('pdns_control')) $conf['powerdns']['installed'] = true;
	152	if(is_installed('named') \|\| is_installed('bind') \|\| is_installed('bind9')) $conf['bind']['installed'] = true;
80e3c9	153	if(is_installed('squid')) $conf['squid']['installed'] = true;
T	154	if(is_installed('nginx')) $conf['nginx']['installed'] = true;
bd68aa	155	if(is_installed('iptables') && is_installed('ufw')) $conf['ufw']['installed'] = true;
5eb43f	156	if(is_installed('fail2ban-server')) $conf['fail2ban']['installed'] = true;
522ef8	157	if(is_installed('vzctl')) $conf['openvz']['installed'] = true;
a75c81	158	if(is_installed('iptables') && is_installed('bastille-netfilter')) $conf['bastille']['installed'] = true;
FS	159	if(is_installed('metronome') && is_installed('metronomectl')) $conf['xmpp']['installed'] = true;
1bed19	160	if(is_installed('spamassassin')) $conf['spamassassin']['installed'] = true;
a75c81	161	if(is_installed('vlogger')) $conf['vlogger']['installed'] = true;
FS	162	if(is_installed('cron')) $conf['cron']['installed'] = true;
a8ccf6	163
d7cfd7	164	if ($conf['services']['web'] && (($conf['apache']['installed'] && is_file($conf['apache']["vhost_conf_enabled_dir"]."/000-ispconfig.vhost")) \|\| ($conf['nginx']['installed'] && is_file($conf['nginx']["vhost_conf_enabled_dir"]."/000-ispconfig.vhost")))) $this->ispconfig_interface_installed = true;
532ae5	165	}
L	166
bedf79	167	public function force_configure_app($service, $enable_force=true) {
a75c81	168	$force = false;
FS	169	swriteln("[WARN] autodetect for $service failed");
bedf79	170	if($enable_force) {
FS	171	if(strtolower($this->simple_query("Force configure $service", array('y', 'n'), 'n') ) == 'y') {
	172	$force = true;
	173	} else swriteln("Skipping $service\n");
	174	}
a75c81	175	return $force;
FS	176	}
	177
	178
532ae5	179	/** Create the database for ISPConfig */
b1a6a5	180
MC	181
532ae5	182	public function configure_database() {
L	183	global $conf;
	184
670d37	185	//* check sql-mode
FS	186	$check_sql_mode = $this->db->queryOneRecord("SELECT @@sql_mode");
	187
	188	if ($check_sql_mode['@@sql_mode'] != '' && $check_sql_mode['@@sql_mode'] != 'NO_ENGINE_SUBSTITUTION') die('Wrong SQL-mode. You should use NO_ENGINE_SUBSTITUTION');
	189
532ae5	190	//** Create the database
2af58c	191	if(!$this->db->query('CREATE DATABASE IF NOT EXISTS ?? DEFAULT CHARACTER SET ?', $conf['mysql']['database'], $conf['mysql']['charset'])) {
532ae5	192	$this->error('Unable to create MySQL database: '.$conf['mysql']['database'].'.');
L	193	}
	194
	195	//* Set the database name in the DB library
305dda	196	$this->db->setDBName($conf['mysql']['database']);
532ae5	197
L	198	//* Load the database dump into the database, if database contains no tables
	199	$db_tables = $this->db->getTables();
	200	if(count($db_tables) > 0) {
	201	$this->error('Stopped: Database already contains some tables.');
	202	} else {
	203	if($conf['mysql']['admin_password'] == '') {
02bf99	204	caselog("mysql --default-character-set=".escapeshellarg($conf['mysql']['charset'])." -h ".escapeshellarg($conf['mysql']['host'])." -u ".escapeshellarg($conf['mysql']['admin_user'])." ".escapeshellarg($conf['mysql']['database'])." < '".ISPC_INSTALL_ROOT."/install/sql/ispconfig3.sql' &> /dev/null",
b1a6a5	205	__FILE__, __LINE__, 'read in ispconfig3.sql', 'could not read in ispconfig3.sql');
532ae5	206	} else {
02bf99	207	caselog("mysql --default-character-set=".escapeshellarg($conf['mysql']['charset'])." -h ".escapeshellarg($conf['mysql']['host'])." -u ".escapeshellarg($conf['mysql']['admin_user'])." -p".escapeshellarg($conf['mysql']['admin_password'])." ".escapeshellarg($conf['mysql']['database'])." < '".ISPC_INSTALL_ROOT."/install/sql/ispconfig3.sql' &> /dev/null",
b1a6a5	208	__FILE__, __LINE__, 'read in ispconfig3.sql', 'could not read in ispconfig3.sql');
532ae5	209	}
L	210	$db_tables = $this->db->getTables();
	211	if(count($db_tables) == 0) {
	212	$this->error('Unable to load SQL-Dump into database table.');
	213	}
	214
	215	//* Load system.ini into the sys_ini table
2af58c	216	$system_ini = rf('tpl/system.ini.master');
MC	217	$this->db->query("UPDATE sys_ini SET config = ? WHERE sysini_id = 1", $system_ini);
532ae5	218
L	219	}
	220	}
	221
	222	//** Create the server record in the database
	223	public function add_database_server_record() {
	224
	225	global $conf;
	226
	227	if($conf['mysql']['host'] == 'localhost') {
	228	$from_host = 'localhost';
	229	} else {
	230	$from_host = $conf['hostname'];
	231	}
	232
	233	// Delete ISPConfig user in the local database, in case that it exists
2af58c	234	$this->db->query("DELETE FROM mysql.user WHERE User = ? AND Host = ?", $conf['mysql']['ispconfig_user'], $from_host);
MC	235	$this->db->query("DELETE FROM mysql.db WHERE Db = ? AND Host = ?", $conf['mysql']['database'], $from_host);
	236	$this->db->query('FLUSH PRIVILEGES');
532ae5	237
L	238	//* Create the ISPConfig database user in the local database
2af58c	239	$query = 'GRANT SELECT, INSERT, UPDATE, DELETE ON ?? TO ?@? IDENTIFIED BY ?';
MC	240	if(!$this->db->query($query, $conf['mysql']['database'] . ".*", $conf['mysql']['ispconfig_user'], $from_host, $conf['mysql']['ispconfig_password'])) {
532ae5	241	$this->error('Unable to create database user: '.$conf['mysql']['ispconfig_user'].' Error: '.$this->db->errorMessage);
L	242	}
	243
	244	//* Reload database privelages
	245	$this->db->query('FLUSH PRIVILEGES;');
	246
	247	//* Set the database name in the DB library
305dda	248	$this->db->setDBName($conf['mysql']['database']);
532ae5	249
L	250	$tpl_ini_array = ini_to_array(rf('tpl/server.ini.master'));
	251
	252	//* Update further distribution specific parameters for server config here
	253	//* HINT: Every line added here has to be added in update.lib.php too!!
	254	$tpl_ini_array['web']['vhost_conf_dir'] = $conf['apache']['vhost_conf_dir'];
	255	$tpl_ini_array['web']['vhost_conf_enabled_dir'] = $conf['apache']['vhost_conf_enabled_dir'];
	256	$tpl_ini_array['jailkit']['jailkit_chroot_app_programs'] = $conf['jailkit']['jailkit_chroot_app_programs'];
	257	$tpl_ini_array['fastcgi']['fastcgi_phpini_path'] = $conf['fastcgi']['fastcgi_phpini_path'];
	258	$tpl_ini_array['fastcgi']['fastcgi_starter_path'] = $conf['fastcgi']['fastcgi_starter_path'];
526b99	259	$tpl_ini_array['fastcgi']['fastcgi_bin'] = $conf['fastcgi']['fastcgi_bin'];
532ae5	260	$tpl_ini_array['server']['hostname'] = $conf['hostname'];
L	261	$tpl_ini_array['server']['ip_address'] = @gethostbyname($conf['hostname']);
	262	$tpl_ini_array['web']['website_basedir'] = $conf['web']['website_basedir'];
	263	$tpl_ini_array['web']['website_path'] = $conf['web']['website_path'];
	264	$tpl_ini_array['web']['website_symlinks'] = $conf['web']['website_symlinks'];
	265	$tpl_ini_array['cron']['crontab_dir'] = $conf['cron']['crontab_dir'];
	266	$tpl_ini_array['web']['security_level'] = 20;
	267	$tpl_ini_array['web']['user'] = $conf['apache']['user'];
	268	$tpl_ini_array['web']['group'] = $conf['apache']['group'];
	269	$tpl_ini_array['web']['php_ini_path_apache'] = $conf['apache']['php_ini_path_apache'];
	270	$tpl_ini_array['web']['php_ini_path_cgi'] = $conf['apache']['php_ini_path_cgi'];
	271	$tpl_ini_array['mail']['pop3_imap_daemon'] = ($conf['dovecot']['installed'] == true)?'dovecot':'courier';
	272	$tpl_ini_array['mail']['mail_filter_syntax'] = ($conf['dovecot']['installed'] == true)?'sieve':'maildrop';
	273	$tpl_ini_array['dns']['bind_user'] = $conf['bind']['bind_user'];
	274	$tpl_ini_array['dns']['bind_group'] = $conf['bind']['bind_group'];
	275	$tpl_ini_array['dns']['bind_zonefiles_dir'] = $conf['bind']['bind_zonefiles_dir'];
	276	$tpl_ini_array['dns']['named_conf_path'] = $conf['bind']['named_conf_path'];
	277	$tpl_ini_array['dns']['named_conf_local_path'] = $conf['bind']['named_conf_local_path'];
a8ccf6	278
dba68f	279	$tpl_ini_array['web']['nginx_vhost_conf_dir'] = $conf['nginx']['vhost_conf_dir'];
T	280	$tpl_ini_array['web']['nginx_vhost_conf_enabled_dir'] = $conf['nginx']['vhost_conf_enabled_dir'];
	281	$tpl_ini_array['web']['nginx_user'] = $conf['nginx']['user'];
	282	$tpl_ini_array['web']['nginx_group'] = $conf['nginx']['group'];
	283	$tpl_ini_array['web']['nginx_cgi_socket'] = $conf['nginx']['cgi_socket'];
	284	$tpl_ini_array['web']['php_fpm_init_script'] = $conf['nginx']['php_fpm_init_script'];
	285	$tpl_ini_array['web']['php_fpm_ini_path'] = $conf['nginx']['php_fpm_ini_path'];
	286	$tpl_ini_array['web']['php_fpm_pool_dir'] = $conf['nginx']['php_fpm_pool_dir'];
	287	$tpl_ini_array['web']['php_fpm_start_port'] = $conf['nginx']['php_fpm_start_port'];
	288	$tpl_ini_array['web']['php_fpm_socket_dir'] = $conf['nginx']['php_fpm_socket_dir'];
a8ccf6	289
80e3c9	290	if ($conf['nginx']['installed'] == true) {
4ffb51	291	$tpl_ini_array['web']['server_type'] = 'nginx';
F	292	$tpl_ini_array['global']['webserver'] = 'nginx';
80e3c9	293	}
a8ccf6	294
532ae5	295	if (array_key_exists('awstats', $conf)) {
L	296	foreach ($conf['awstats'] as $aw_sett => $aw_value) {
	297	$tpl_ini_array['web']['awstats_'.$aw_sett] = $aw_value;
	298	}
	299	}
	300
	301	$server_ini_content = array_to_ini($tpl_ini_array);
075732	302
532ae5	303	$mail_server_enabled = ($conf['services']['mail'])?1:0;
L	304	$web_server_enabled = ($conf['services']['web'])?1:0;
	305	$dns_server_enabled = ($conf['services']['dns'])?1:0;
	306	$file_server_enabled = ($conf['services']['file'])?1:0;
	307	$db_server_enabled = ($conf['services']['db'])?1:0;
522ef8	308	$vserver_server_enabled = ($conf['openvz']['installed'])?1:0;
c91bdc	309	$proxy_server_enabled = (isset($conf['services']['proxy']) && $conf['services']['proxy'])?1:0;
T	310	$firewall_server_enabled = (isset($conf['services']['firewall']) && $conf['services']['firewall'])?1:0;
a8ccf6	311
532ae5	312	//** Get the database version number based on the patchfiles
L	313	$found = true;
	314	$current_db_version = 1;
	315	while($found == true) {
	316	$next_db_version = intval($current_db_version + 1);
	317	$patch_filename = realpath(dirname(__FILE__).'/../').'/sql/incremental/upd_'.str_pad($next_db_version, 4, '0', STR_PAD_LEFT).'.sql';
	318	if(is_file($patch_filename)) {
	319	$current_db_version = $next_db_version;
	320	} else {
	321	$found = false;
	322	}
	323	}
	324	$current_db_version = intval($current_db_version);
	325
	326
	327	if($conf['mysql']['master_slave_setup'] == 'y') {
	328
	329	//* Insert the server record in master DB
2af58c	330	$sql = "INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES (1, 1, 'riud', 'riud', 'r', ?, ?, ?, ?, ?, ?, ?, ?, 0, 1, ?, ?, ?);";
MC	331	$this->dbmaster->query($sql, $conf['hostname'], $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $server_ini_content, $current_db_version, $proxy_server_enabled, $firewall_server_enabled);
532ae5	332	$conf['server_id'] = $this->dbmaster->insertID();
L	333	$conf['server_id'] = $conf['server_id'];
	334
	335	//* Insert the same record in the local DB
2af58c	336	$sql = "INSERT INTO `server` (`server_id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES (?,1, 1, 'riud', 'riud', 'r', ?, ?, ?, ?, ?, ?, ?, 0, 1, ?, ?, ?);";
MC	337	$this->db->query($sql, $conf['server_id'], $conf['hostname'], $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $server_ini_content, $current_db_version, $proxy_server_enabled, $firewall_server_enabled);
532ae5	338
L	339	//* username for the ispconfig user
	340	$conf['mysql']['master_ispconfig_user'] = 'ispcsrv'.$conf['server_id'];
	341
	342	$this->grant_master_database_rights();
	343
	344	} else {
	345	//* Insert the server, if its not a mster / slave setup
2af58c	346	$sql = "INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES (1, 1, 'riud', 'riud', 'r', ?, ?, ?, ?, ?, ?, ?, ?, 0, 1, ?, ?, ?);";
MC	347	$this->db->query($sql, $conf['hostname'], $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $server_ini_content, $current_db_version, $proxy_server_enabled, $firewall_server_enabled);
532ae5	348	$conf['server_id'] = $this->db->insertID();
L	349	$conf['server_id'] = $conf['server_id'];
	350	}
	351
	352
	353	}
	354
100d41	355	public function grant_master_database_rights($verbose = false) {
532ae5	356	global $conf;
L	357
	358	/*
	359	* The following code is a little bit tricky:
	360	* * If we HAVE a master-slave - Setup then the client has to grant the rights for himself
	361	* at the master.
	362	* * If we DO NOT have a master-slave - Setup then we have two possibilities
	363	* 1) it is a single server
	364	* 2) it is the MASTER of n clients
	365	*/
	366	$hosts = array();
a8ccf6	367
532ae5	368	if($conf['mysql']['master_slave_setup'] == 'y') {
L	369	/*
	370	* it is a master-slave - Setup so the slave has to grant its rights in the master
	371	* database
	372	*/
	373
	374	//* insert the ispconfig user in the remote server
	375	$from_host = $conf['hostname'];
	376	$from_ip = gethostbyname($conf['hostname']);
a8ccf6	377
532ae5	378	$hosts[$from_host]['user'] = $conf['mysql']['master_ispconfig_user'];
L	379	$hosts[$from_host]['db'] = $conf['mysql']['master_database'];
	380	$hosts[$from_host]['pwd'] = $conf['mysql']['master_ispconfig_password'];
	381
	382	$hosts[$from_ip]['user'] = $conf['mysql']['master_ispconfig_user'];
	383	$hosts[$from_ip]['db'] = $conf['mysql']['master_database'];
	384	$hosts[$from_ip]['pwd'] = $conf['mysql']['master_ispconfig_password'];
	385	} else{
	386	/*
	387	* it is NOT a master-slave - Setup so we have to find out all clients and their
	388	* host
	389	*/
	390	$query = "SELECT Host, User FROM mysql.user WHERE User like 'ispcsrv%' ORDER BY User, Host";
	391	$data = $this->dbmaster->queryAllRecords($query);
	392	if($data === false) {
	393	$this->error('Unable to get the user rights: '.$value['db'].' Error: '.$this->dbmaster->errorMessage);
	394	}
	395	foreach ($data as $item){
	396	$hosts[$item['Host']]['user'] = $item['User'];
	397	$hosts[$item['Host']]['db'] = $conf['mysql']['master_database'];
	398	$hosts[$item['Host']]['pwd'] = ''; // the user already exists, so we need no pwd!
	399	}
	400	}
a8ccf6	401
532ae5	402	if(count($hosts) > 0) {
b1a6a5	403	foreach($hosts as $host => $value) {
MC	404	/*
532ae5	405	* If a pwd exists, this means, we have to add the new user (and his pwd).
L	406	* if not, the user already exists and we do not need the pwd
	407	*/
b1a6a5	408	if ($value['pwd'] != ''){
2af58c	409	$query = "CREATE USER ?@? IDENTIFIED BY ?";
b1a6a5	410	if ($verbose){
MC	411	echo "\n\n" . $query ."\n";
	412	}
2af58c	413	$this->dbmaster->query($query, $value['user'], $host, $value['pwd']); // ignore the error
b1a6a5	414	}
MC	415
	416	/*
	417	* Try to delete all rights of the user in case that it exists.
	418	* In Case that it will not exist, do nothing (ignore the error!)
	419	*/
2af58c	420	$query = "REVOKE ALL PRIVILEGES, GRANT OPTION FROM ?@?";
100d41	421	if ($verbose){
V	422	echo "\n\n" . $query ."\n";
	423	}
2af58c	424	$this->dbmaster->query($query, $value['user'], $host); // ignore the error
b1a6a5	425
MC	426	//* Create the ISPConfig database user in the remote database
2af58c	427	$query = "GRANT SELECT ON ?? TO ?@?";
b1a6a5	428	if ($verbose){
MC	429	echo $query ."\n";
	430	}
2af58c	431	if(!$this->dbmaster->query($query, $value['db'] . '.server', $value['user'], $host)) {
b1a6a5	432	$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
MC	433	}
	434
2af58c	435	$query = "GRANT SELECT, INSERT ON ?? TO ?@?";
b1a6a5	436	if ($verbose){
MC	437	echo $query ."\n";
	438	}
2af58c	439	if(!$this->dbmaster->query($query, $value['db'] . '.sys_log', $value['user'], $host)) {
b1a6a5	440	$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
MC	441	}
	442
2af58c	443	$query = "GRANT SELECT, UPDATE(`status`, `error`) ON ?? TO ?@?";
b1a6a5	444	if ($verbose){
MC	445	echo $query ."\n";
	446	}
2af58c	447	if(!$this->dbmaster->query($query, $value['db'] . '.sys_datalog', $value['user'], $host)) {
b1a6a5	448	$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
MC	449	}
	450
2af58c	451	$query = "GRANT SELECT, UPDATE(`status`) ON ?? TO ?@?";
b1a6a5	452	if ($verbose){
MC	453	echo $query ."\n";
	454	}
2af58c	455	if(!$this->dbmaster->query($query, $value['db'] . '.software_update_inst', $value['user'], $host)) {
b1a6a5	456	$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
MC	457	}
	458
2af58c	459	$query = "GRANT SELECT, UPDATE(`updated`) ON ?? TO ?@?";
b1a6a5	460	if ($verbose){
MC	461	echo $query ."\n";
	462	}
2af58c	463	if(!$this->dbmaster->query($query, $value['db'] . '.server', $value['user'], $host)) {
b1a6a5	464	$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
MC	465	}
	466
2af58c	467	$query = "GRANT SELECT, UPDATE (`ssl_request`, `ssl_cert`, `ssl_action`, `ssl_key`) ON ?? TO ?@?";
b1a6a5	468	if ($verbose){
MC	469	echo $query ."\n";
	470	}
2af58c	471	if(!$this->dbmaster->query($query, $value['db'] . '.web_domain', $value['user'], $host)) {
b1a6a5	472	$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
MC	473	}
	474
2af58c	475	$query = "GRANT SELECT ON ?? TO ?@?";
b1a6a5	476	if ($verbose){
MC	477	echo $query ."\n";
	478	}
2af58c	479	if(!$this->dbmaster->query($query, $value['db'] . '.sys_group', $value['user'], $host)) {
b1a6a5	480	$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
MC	481	}
	482
2af58c	483	$query = "GRANT SELECT, UPDATE (`action_state`, `response`) ON ?? TO ?@?";
b1a6a5	484	if ($verbose){
MC	485	echo $query ."\n";
	486	}
2af58c	487	if(!$this->dbmaster->query($query, $value['db'] . '.sys_remoteaction', $value['user'], $host)) {
b1a6a5	488	$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
MC	489	}
	490
2af58c	491	$query = "GRANT SELECT, INSERT , DELETE ON ?? TO ?@?";
b1a6a5	492	if ($verbose){
MC	493	echo $query ."\n";
	494	}
2af58c	495	if(!$this->dbmaster->query($query, $value['db'] . '.monitor_data', $value['user'], $host)) {
b1a6a5	496	$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
MC	497	}
	498
2af58c	499	$query = "GRANT SELECT, INSERT, UPDATE ON ?? TO ?@?";
b1a6a5	500	if ($verbose){
MC	501	echo $query ."\n";
	502	}
2af58c	503	if(!$this->dbmaster->query($query, $value['db'] . '.mail_traffic', $value['user'], $host)) {
b1a6a5	504	$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
MC	505	}
	506
2af58c	507	$query = "GRANT SELECT, INSERT, UPDATE ON ?? TO ?@?";
b1a6a5	508	if ($verbose){
MC	509	echo $query ."\n";
	510	}
2af58c	511	if(!$this->dbmaster->query($query, $value['db'] . '.web_traffic', $value['user'], $host)) {
b1a6a5	512	$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
MC	513	}
	514
2af58c	515	$query = "GRANT SELECT, UPDATE, DELETE ON ?? TO ?@?";
e92eda	516	if ($verbose){
TB	517	echo $query ."\n";
	518	}
2af58c	519	if(!$this->dbmaster->query($query, $value['db'] . '.aps_instances', $value['user'], $host)) {
e92eda	520	$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
TB	521	}
	522
2af58c	523	$query = "GRANT SELECT, DELETE ON ?? TO ?@?";
b1a6a5	524	if ($verbose){
MC	525	echo $query ."\n";
	526	}
2af58c	527	if(!$this->dbmaster->query($query, $value['db'] . '.aps_instances_settings', $value['user'], $host)) {
b1a6a5	528	$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
MC	529	}
	530
2af58c	531	$query = "GRANT SELECT, INSERT, DELETE ON ?? TO ?@?";
b1a6a5	532	if ($verbose){
MC	533	echo $query ."\n";
	534	}
2af58c	535	if(!$this->dbmaster->query($query, $value['db'] . '.web_backup', $value['user'], $host)) {
b1a6a5	536	$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
MC	537	}
	538
2af58c	539	$query = "GRANT SELECT, INSERT, DELETE ON ?? TO ?@?";
2dc842	540	if ($verbose){
FS	541	echo $query ."\n";
	542	}
2af58c	543	if(!$this->dbmaster->query($query, $value['db'] . '.mail_backup', $value['user'], $host)) {
2dc842	544	$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
FS	545	}
532ae5	546	}
L	547
	548	/*
	549	* It is all done. Relod the rights...
	550	*/
2af58c	551	$this->dbmaster->query('FLUSH PRIVILEGES');
532ae5	552	}
L	553
	554	}
	555
	556	//** writes postfix configuration files
	557	public function process_postfix_config($configfile) {
	558	global $conf;
	559
	560	$config_dir = $conf['postfix']['config_dir'].'/';
	561	$full_file_name = $config_dir.$configfile;
	562	//* Backup exiting file
	563	if(is_file($full_file_name)) {
	564	copy($full_file_name, $config_dir.$configfile.'~');
	565	}
615a0a	566	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
532ae5	567	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
L	568	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	569	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	570	$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
	571	$content = str_replace('{server_id}', $conf['server_id'], $content);
	572	wf($full_file_name, $content);
	573	}
	574
	575	public function configure_jailkit() {
	576	global $conf;
	577
	578	$cf = $conf['jailkit'];
	579	$config_dir = $cf['config_dir'];
	580	$jk_init = $cf['jk_init'];
	581	$jk_chrootsh = $cf['jk_chrootsh'];
	582
	583	if (is_dir($config_dir)) {
	584	if(is_file($config_dir.'/'.$jk_init)) copy($config_dir.'/'.$jk_init, $config_dir.'/'.$jk_init.'~');
	585	if(is_file($config_dir.'/'.$jk_chrootsh.'.master')) copy($config_dir.'/'.$jk_chrootsh.'.master', $config_dir.'/'.$jk_chrootsh.'~');
b1a6a5	586
MC	587	if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$jk_init.'.master')) {
	588	copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$jk_init.'.master', $config_dir.'/'.$jk_init);
	589	} else {
	590	copy('tpl/'.$jk_init.'.master', $config_dir.'/'.$jk_init);
	591	}
	592	if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$jk_chrootsh.'.master')) {
	593	copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$jk_chrootsh.'.master', $config_dir.'/'.$jk_chrootsh);
	594	} else {
	595	copy('tpl/'.$jk_chrootsh.'.master', $config_dir.'/'.$jk_chrootsh);
	596	}
532ae5	597	}
a8ccf6	598
edf806	599	//* help jailkit fo find its ini files
T	600	if(!is_link('/usr/jk_socketd.ini')) exec('ln -s /etc/jailkit/jk_socketd.ini /usr/jk_socketd.ini');
	601	if(!is_link('/usr/jk_init.ini')) exec('ln -s /etc/jailkit/jk_init.ini /usr/jk_init.ini');
532ae5	602
L	603	}
a8ccf6	604
532ae5	605	public function configure_mailman($status = 'insert') {
L	606	global $conf;
	607
	608	$config_dir = $conf['mailman']['config_dir'].'/';
	609	$full_file_name = $config_dir.'mm_cfg.py';
	610	//* Backup exiting file
	611	if(is_file($full_file_name)) {
	612	copy($full_file_name, $config_dir.'mm_cfg.py~');
	613	}
a8ccf6	614
532ae5	615	// load files
615a0a	616	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/mm_cfg.py.master', 'tpl/mm_cfg.py.master');
532ae5	617	$old_file = rf($full_file_name);
a8ccf6	618
532ae5	619	$old_options = array();
a8ccf6	620	$lines = explode("\n", $old_file);
532ae5	621	foreach ($lines as $line)
L	622	{
8fe9ab	623	if (trim($line) != '' && substr($line, 0, 1) != '#')
532ae5	624	{
8fe9ab	625	@list($key, $value) = @explode("=", $line);
86e699	626	if (isset($value) && $value !== '')
532ae5	627	{
L	628	$key = rtrim($key);
	629	$old_options[$key] = trim($value);
	630	}
	631	}
	632	}
a8ccf6	633
532ae5	634	$virtual_domains = '';
L	635	if($status == 'update')
	636	{
	637	// create virtual_domains list
	638	$domainAll = $this->db->queryAllRecords("SELECT domain FROM mail_mailinglist GROUP BY domain");
a8ccf6	639
8fe9ab	640	if(is_array($domainAll)) {
b1a6a5	641	foreach($domainAll as $domain)
MC	642	{
	643	if ($domainAll[0]['domain'] == $domain['domain'])
	644	$virtual_domains .= "'".$domain['domain']."'";
	645	else
	646	$virtual_domains .= ", '".$domain['domain']."'";
	647	}
8fe9ab	648	}
532ae5	649	}
L	650	else
	651	$virtual_domains = "' '";
a8ccf6	652
532ae5	653	$content = str_replace('{hostname}', $conf['hostname'], $content);
46c775	654	if(!isset($old_options['DEFAULT_SERVER_LANGUAGE'])) $old_options['DEFAULT_SERVER_LANGUAGE'] = '';
532ae5	655	$content = str_replace('{default_language}', $old_options['DEFAULT_SERVER_LANGUAGE'], $content);
L	656	$content = str_replace('{virtual_domains}', $virtual_domains, $content);
b1a6a5	657
532ae5	658	wf($full_file_name, $content);
b1a6a5	659
cc6568	660	//* Write virtual_to_transport.sh script
H	661	$config_dir = $conf['mailman']['config_dir'].'/';
	662	$full_file_name = $config_dir.'virtual_to_transport.sh';
b1a6a5	663
cc6568	664	//* Backup exiting virtual_to_transport.sh script
H	665	if(is_file($full_file_name)) {
	666	copy($full_file_name, $config_dir.'virtual_to_transport.sh~');
	667	}
b1a6a5	668
cc6568	669	if(is_dir('/etc/mailman')) {
615a0a	670	if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/mailman-virtual_to_transport.sh')) {
b1a6a5	671	copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/mailman-virtual_to_transport.sh', $full_file_name);
MC	672	} else {
	673	copy('tpl/mailman-virtual_to_transport.sh', $full_file_name);
	674	}
223c56	675	chgrp($full_file_name, $this->mailman_group);
d22542	676	chmod($full_file_name, 0755);
cc6568	677	}
b1a6a5	678
cc6568	679	//* Create aliasaes
H	680	exec('/usr/lib/mailman/bin/genaliases 2>/dev/null');
b1a6a5	681
223c56	682	if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');
MC	683	exec('/usr/sbin/postmap /var/lib/mailman/data/transport-mailman');
532ae5	684	}
L	685
bd5d26	686	//* with postfix >= 2.9 we can detect configured services with postconf
FS	687	public function postfix_master() {
	688	exec("postconf -M", $out, $ret);
	689	return $ret===0?true:false;
	690	}
	691
532ae5	692	public function configure_postfix($options = '') {
b04e82	693	global $conf,$autoinstall;
532ae5	694	$cf = $conf['postfix'];
L	695	$config_dir = $cf['config_dir'];
	696
	697	if(!is_dir($config_dir)) {
	698	$this->error("The postfix configuration directory '$config_dir' does not exist.");
	699	}
	700
	701	//* mysql-virtual_domains.cf
	702	$this->process_postfix_config('mysql-virtual_domains.cf');
	703
	704	//* mysql-virtual_forwardings.cf
	705	$this->process_postfix_config('mysql-virtual_forwardings.cf');
	706
	707	//* mysql-virtual_mailboxes.cf
	708	$this->process_postfix_config('mysql-virtual_mailboxes.cf');
	709
	710	//* mysql-virtual_email2email.cf
	711	$this->process_postfix_config('mysql-virtual_email2email.cf');
	712
	713	//* mysql-virtual_transports.cf
	714	$this->process_postfix_config('mysql-virtual_transports.cf');
	715
	716	//* mysql-virtual_recipient.cf
	717	$this->process_postfix_config('mysql-virtual_recipient.cf');
	718
	719	//* mysql-virtual_sender.cf
	720	$this->process_postfix_config('mysql-virtual_sender.cf');
	721
03b633	722	//* mysql-virtual_sender_login_maps.cf
D	723	$this->process_postfix_config('mysql-virtual_sender_login_maps.cf');
	724
532ae5	725	//* mysql-virtual_client.cf
L	726	$this->process_postfix_config('mysql-virtual_client.cf');
	727
	728	//* mysql-virtual_relaydomains.cf
	729	$this->process_postfix_config('mysql-virtual_relaydomains.cf');
	730
	731	//* mysql-virtual_relayrecipientmaps.cf
	732	$this->process_postfix_config('mysql-virtual_relayrecipientmaps.cf');
3361d7	733
R	734	//* mysql-virtual_outgoing_bcc.cf
	735	$this->process_postfix_config('mysql-virtual_outgoing_bcc.cf');
532ae5	736
75722e	737	//* mysql-virtual_policy_greylist.cf
D	738	$this->process_postfix_config('mysql-virtual_policy_greylist.cf');
	739
ec5716	740	//* postfix-dkim
T	741	$full_file_name=$config_dir.'/tag_as_originating.re';
ae3cf8	742	if(is_file($full_file_name)) copy($full_file_name, $full_file_name.'~');
b1a6a5	743	wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10026');
ec5716	744
T	745	$full_file_name=$config_dir.'/tag_as_foreign.re';
ae3cf8	746	if(is_file($full_file_name)) copy($full_file_name, $full_file_name.'~');
b1a6a5	747	wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10024');
ec5716	748
532ae5	749	//* Changing mode and group of the new created config files.
L	750	caselog('chmod o= '.$config_dir.'/mysql-virtual_.cf &> /dev/null',
b1a6a5	751	__FILE__, __LINE__, 'chmod on mysql-virtual_.cf', 'chmod on mysql-virtual_.cf failed');
532ae5	752	caselog('chgrp '.$cf['group'].' '.$config_dir.'/mysql-virtual_.cf &> /dev/null',
b1a6a5	753	__FILE__, __LINE__, 'chgrp on mysql-virtual_.cf', 'chgrp on mysql-virtual_.cf failed');
532ae5	754
L	755	//* Creating virtual mail user and group
	756	$command = 'groupadd -g '.$cf['vmail_groupid'].' '.$cf['vmail_groupname'];
	757	if(!is_group($cf['vmail_groupname'])) caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	758
	759	$command = 'useradd -g '.$cf['vmail_groupname'].' -u '.$cf['vmail_userid'].' '.$cf['vmail_username'].' -d '.$cf['vmail_mailbox_base'].' -m';
	760	if(!is_user($cf['vmail_username'])) caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
a8ccf6	761
b67344	762	//* These postconf commands will be executed on installation and update
2af58c	763	$server_ini_rec = $this->db->queryOneRecord("SELECT config FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . '.server', $conf['server_id']);
a296ae	764	$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
M	765	unset($server_ini_rec);
	766
	767	//* If there are RBL's defined, format the list and add them to smtp_recipient_restrictions to prevent removeal after an update
	768	$rbl_list = '';
6882ab	769	if (@isset($server_ini_array['mail']['realtime_blackhole_list']) && $server_ini_array['mail']['realtime_blackhole_list'] != '') {
b1a6a5	770	$rbl_hosts = explode(",", str_replace(" ", "", $server_ini_array['mail']['realtime_blackhole_list']));
a296ae	771	foreach ($rbl_hosts as $key => $value) {
M	772	$rbl_list .= ", reject_rbl_client ". $value;
	773	}
	774	}
	775	unset($rbl_hosts);
b1a6a5	776
75722e	777	//* If Postgrey is installed, configure it
D	778	$greylisting = '';
	779	if($conf['postgrey']['installed'] == true) {
20f478	780	$greylisting = ', check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf';
75722e	781	}
20f478	782
D	783	$reject_sender_login_mismatch = '';
	784	if(isset($server_ini_array['mail']['reject_sender_login_mismatch']) && ($server_ini_array['mail']['reject_sender_login_mismatch'] == 'y')) {
	785	$reject_sender_login_mismatch = ', reject_authenticated_sender_login_mismatch';
	786	}
	787	unset($server_ini_array);
75722e	788
b1a6a5	789	$postconf_placeholders = array('{config_dir}' => $config_dir,
MC	790	'{vmail_mailbox_base}' => $cf['vmail_mailbox_base'],
	791	'{vmail_userid}' => $cf['vmail_userid'],
	792	'{vmail_groupid}' => $cf['vmail_groupid'],
75722e	793	'{rbl_list}' => $rbl_list,
D	794	'{greylisting}' => $greylisting,
20f478	795	'{reject_slm}' => $reject_sender_login_mismatch,
75722e	796	);
b1a6a5	797
MC	798	$postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_postfix.conf.master', 'tpl/debian_postfix.conf.master');
	799	$postconf_tpl = strtr($postconf_tpl, $postconf_placeholders);
	800	$postconf_commands = array_filter(explode("\n", $postconf_tpl)); // read and remove empty lines
a8ccf6	801
b67344	802	//* These postconf commands will be executed on installation only
T	803	if($this->is_update == false) {
b1a6a5	804	$postconf_commands = array_merge($postconf_commands, array(
MC	805	'myhostname = '.$conf['hostname'],
	806	'mydestination = '.$conf['hostname'].', localhost, localhost.localdomain',
	807	'mynetworks = 127.0.0.0/8 [::1]/128'
	808	));
b67344	809	}
532ae5	810
L	811	//* Create the header and body check files
	812	touch($config_dir.'/header_checks');
	813	touch($config_dir.'/mime_header_checks');
	814	touch($config_dir.'/nested_header_checks');
	815	touch($config_dir.'/body_checks');
a8ccf6	816
532ae5	817	//* Create the mailman files
cc6568	818	if(!is_dir('/var/lib/mailman/data')) exec('mkdir -p /var/lib/mailman/data');
5378e9	819	if(!is_file('/var/lib/mailman/data/aliases')) touch('/var/lib/mailman/data/aliases');
T	820	exec('postalias /var/lib/mailman/data/aliases');
	821	if(!is_file('/var/lib/mailman/data/virtual-mailman')) touch('/var/lib/mailman/data/virtual-mailman');
d4d965	822	exec('postmap /var/lib/mailman/data/virtual-mailman');
cc6568	823	if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');
H	824	exec('/usr/sbin/postmap /var/lib/mailman/data/transport-mailman');
532ae5	825
L	826	//* Make a backup copy of the main.cf file
	827	copy($config_dir.'/main.cf', $config_dir.'/main.cf~');
	828
	829	//* Executing the postconf commands
	830	foreach($postconf_commands as $cmd) {
	831	$command = "postconf -e '$cmd'";
	832	caselog($command." &> /dev/null", __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
	833	}
	834
b1a6a5	835	if(!stristr($options, 'dont-create-certs')) {
532ae5	836	//* Create the SSL certificate
b04e82	837	if(AUTOINSTALL){
bcd725	838	$command = 'cd '.$config_dir.'; '
b04e82	839	."openssl req -new -subj '/C=".escapeshellcmd($autoinstall['ssl_cert_country'])."/ST=".escapeshellcmd($autoinstall['ssl_cert_state'])."/L=".escapeshellcmd($autoinstall['ssl_cert_locality'])."/O=".escapeshellcmd($autoinstall['ssl_cert_organisation'])."/OU=".escapeshellcmd($autoinstall['ssl_cert_organisation_unit'])."/CN=".escapeshellcmd($autoinstall['ssl_cert_common_name'])."' -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509";
bcd725	840	} else {
FT	841	$command = 'cd '.$config_dir.'; '
	842	.'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';
	843	}
532ae5	844	exec($command);
L	845
	846	$command = 'chmod o= '.$config_dir.'/smtpd.key';
	847	caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
	848	}
	849
	850	//** We have to change the permissions of the courier authdaemon directory to make it accessible for maildrop.
	851	$command = 'chmod 755 /var/run/courier/authdaemon/';
	852	if(is_file('/var/run/courier/authdaemon/')) caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
	853
bd5d26	854	//* Check maildrop service in posfix master.cf
FS	855	$regex = "/^maildrop unix.*pipe flags=DRhu user=vmail argv=\\/usr\\/bin\\/maildrop -d ".$cf['vmail_username']." \\$\{extension} \\$\{recipient} \\$\{user} \\$\{nexthop} \\$\{sender}/";
532ae5	856	$configfile = $config_dir.'/master.cf';
bd5d26	857	if ($this->postfix_master()) {
FS	858	exec ("postconf -M maildrop.unix", $out, $ret);
	859	$change_maildrop_flags = @(preg_match($regex, $out[0]) && $out[0] !='')?false:true;
	860	} else { //* fallback - postfix < 2.9
	861	$change_maildrop_flags = @(preg_match($regex, $configfile))?false:true;
	862	}
	863	if ($change_maildrop_flags) {
	864	//* Change maildrop service in posfix master.cf
	865	if(is_file($config_dir.'/master.cf')) {
	866	copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
	867	}
	868	if(is_file($config_dir.'/master.cf~')) {
	869	chmod($config_dir.'/master.cf~', 0400);
	870	}
	871	$configfile = $config_dir.'/master.cf';
	872	$content = rf($configfile);
	873	$content = str_replace('flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}',
	874	'flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d '.$cf['vmail_username'].' ${extension} ${recipient} ${user} ${nexthop} ${sender}',
	875	$content);
	876	wf($configfile, $content);
	877	}
532ae5	878
L	879	//* Writing the Maildrop mailfilter file
	880	$configfile = 'mailfilter';
	881	if(is_file($cf['vmail_mailbox_base'].'/.'.$configfile)) {
	882	copy($cf['vmail_mailbox_base'].'/.'.$configfile, $cf['vmail_mailbox_base'].'/.'.$configfile.'~');
	883	}
615a0a	884	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
532ae5	885	$content = str_replace('{dist_postfix_vmail_mailbox_base}', $cf['vmail_mailbox_base'], $content);
L	886	wf($cf['vmail_mailbox_base'].'/.'.$configfile, $content);
	887
	888	//* Create the directory for the custom mailfilters
	889	if(!is_dir($cf['vmail_mailbox_base'].'/mailfilters')) {
	890	$command = 'mkdir '.$cf['vmail_mailbox_base'].'/mailfilters';
	891	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	892	}
	893
	894	//* Chmod and chown the .mailfilter file
419eb7	895	$command = 'chown '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base'].'/.mailfilter';
532ae5	896	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
L	897
419eb7	898	$command = 'chmod 600 '.$cf['vmail_mailbox_base'].'/.mailfilter';
532ae5	899	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
L	900
	901	}
75722e	902
532ae5	903	public function configure_saslauthd() {
L	904	global $conf;
a8ccf6	905
26c0fc	906	//* Get saslsauthd version
b1a6a5	907	exec('saslauthd -v 2>&1', $out);
MC	908	$parts = explode(' ', $out[0]);
26c0fc	909	$saslversion = $parts[1];
T	910	unset($parts);
	911	unset($out);
532ae5	912
0adcbb	913	if(version_compare($saslversion , '2.1.23', '<=')) {
26c0fc	914	//* Configfile for saslauthd versions up to 2.1.23
T	915	$configfile = 'sasl_smtpd.conf';
0adcbb	916	} else {
FS	917	//* Configfile for saslauthd versions 2.1.24 and newer
	918	$configfile = 'sasl_smtpd2.conf';
26c0fc	919	}
a8ccf6	920
b1a6a5	921	if(is_file($conf['postfix']['config_dir'].'/sasl/smtpd.conf')) copy($conf['postfix']['config_dir'].'/sasl/smtpd.conf', $conf['postfix']['config_dir'].'/sasl/smtpd.conf~');
532ae5	922	if(is_file($conf['postfix']['config_dir'].'/sasl/smtpd.conf~')) chmod($conf['postfix']['config_dir'].'/sasl/smtpd.conf~', 0400);
615a0a	923	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
b1a6a5	924	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC	925	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	926	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	927	$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
	928	wf($conf['postfix']['config_dir'].'/sasl/smtpd.conf', $content);
532ae5	929
L	930	// TODO: Chmod and chown on the config file
	931
	932
	933	// Recursively create the spool directory
	934	if(!@is_dir('/var/spool/postfix/var/run/saslauthd')) mkdir('/var/spool/postfix/var/run/saslauthd', 0755, true);
	935
	936	// Edit the file /etc/default/saslauthd
	937	$configfile = $conf['saslauthd']['config'];
b1a6a5	938	if(is_file($configfile)) copy($configfile, $configfile.'~');
532ae5	939	if(is_file($configfile.'~')) chmod($configfile.'~', 0400);
L	940	$content = rf($configfile);
b1a6a5	941	$content = str_replace('START=no', 'START=yes', $content);
532ae5	942	// Debian
b1a6a5	943	$content = str_replace('OPTIONS="-c"', 'OPTIONS="-m /var/spool/postfix/var/run/saslauthd -r"', $content);
532ae5	944	// Ubuntu
b1a6a5	945	$content = str_replace('OPTIONS="-c -m /var/run/saslauthd"', 'OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"', $content);
MC	946	wf($configfile, $content);
532ae5	947
L	948	// Edit the file /etc/init.d/saslauthd
	949	$configfile = $conf['init_scripts'].'/'.$conf['saslauthd']['init_script'];
	950	$content = rf($configfile);
b1a6a5	951	$content = str_replace('PIDFILE=$RUN_DIR/saslauthd.pid', 'PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid"', $content);
MC	952	wf($configfile, $content);
532ae5	953
L	954	// add the postfix user to the sasl group (at least necessary for Ubuntu 8.04 and most likely Debian Lenny as well.
	955	exec('adduser postfix sasl');
	956
	957
	958	}
	959
	960	public function configure_pam() {
	961	global $conf;
	962	$pam = $conf['pam'];
	963	//* configure pam for SMTP authentication agains the ispconfig database
	964	$configfile = 'pamd_smtp';
	965	if(is_file($pam.'/smtp')) copy($pam.'/smtp', $pam.'/smtp~');
	966	if(is_file($pam.'/smtp~')) chmod($pam.'/smtp~', 0400);
	967
615a0a	968	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
532ae5	969	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
L	970	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	971	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	972	$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
	973	wf($pam.'/smtp', $content);
	974	// On some OSes smtp is world readable which allows for reading database information. Removing world readable rights should have no effect.
	975	if(is_file($pam.'/smtp')) exec("chmod o= $pam/smtp");
	976	chmod($pam.'/smtp', 0660);
	977	chown($pam.'/smtp', 'daemon');
	978	chgrp($pam.'/smtp', 'daemon');
	979
	980	}
	981
	982	public function configure_courier() {
	983	global $conf;
	984	$config_dir = $conf['courier']['config_dir'];
	985	//* authmysqlrc
	986	$configfile = 'authmysqlrc';
	987	if(is_file($config_dir.'/'.$configfile)) {
	988	copy($config_dir.'/'.$configfile, $config_dir.'/'.$configfile.'~');
	989	}
	990	chmod($config_dir.'/'.$configfile.'~', 0400);
615a0a	991	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
b1a6a5	992	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC	993	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	994	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	995	$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
82e9b9	996	$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
532ae5	997	wf($config_dir.'/'.$configfile, $content);
L	998
	999	chmod($config_dir.'/'.$configfile, 0660);
	1000	chown($config_dir.'/'.$configfile, 'daemon');
	1001	chgrp($config_dir.'/'.$configfile, 'daemon');
	1002
	1003	//* authdaemonrc
	1004	$configfile = $config_dir.'/authdaemonrc';
	1005	if(is_file($configfile)) {
	1006	copy($configfile, $configfile.'~');
	1007	}
	1008	if(is_file($configfile.'~')) {
	1009	chmod($configfile.'~', 0400);
	1010	}
	1011	$content = rf($configfile);
	1012	$content = str_replace('authmodulelist="authpam"', 'authmodulelist="authmysql"', $content);
	1013	wf($configfile, $content);
	1014	}
	1015
	1016	public function configure_dovecot() {
	1017	global $conf;
59baa4	1018
DM	1019	$virtual_transport = 'dovecot';
8b23f8	1020
FS	1021	$configure_lmtp = false;
59baa4	1022
DM	1023	// check if virtual_transport must be changed
	1024	if ($this->is_update) {
2af58c	1025	$tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
59baa4	1026	$ini_array = ini_to_array(stripslashes($tmp['config']));
DM	1027	// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
	1028
	1029	if(isset($ini_array['mail']['mailbox_virtual_uidgid_maps']) && $ini_array['mail']['mailbox_virtual_uidgid_maps'] == 'y') {
	1030	$virtual_transport = 'lmtp:unix:private/dovecot-lmtp';
8b23f8	1031	$configure_lmtp = true;
59baa4	1032	}
DM	1033	}
532ae5	1034
bd5d26	1035	$config_dir = $conf['postfix']['config_dir'];
532ae5	1036	//* Configure master.cf and add a line for deliver
bd5d26	1037	if ($this->postfix_master()) {
FS	1038	exec ("postconf -M dovecot.unix", $out, $ret);
	1039	$add_dovecot_service = @($out[0]=='')?true:false;
	1040	} else { //* fallback - postfix < 2.9
	1041	$content = rf($config_dir.'/master.cf');
	1042	$add_dovecot_service = @(!stristr($content, "dovecot/deliver"))?true:false;
	1043	}
	1044	if($add_dovecot_service) {
	1045	//* backup
	1046	if(is_file($config_dir.'/master.cf')){
	1047	copy($config_dir.'/master.cf', $config_dir.'/master.cf~2');
	1048	}
	1049	if(is_file($config_dir.'/master.cf~')){
	1050	chmod($config_dir.'/master.cf~2', 0400);
	1051	}
	1052	//* Configure master.cf and add a line for deliver
	1053	$content = rf($conf["postfix"]["config_dir"].'/master.cf');
	1054	$deliver_content = 'dovecot unix - n n - - pipe'."\n".' flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}';
	1055	af($config_dir.'/master.cf', $deliver_content);
	1056	unset($content);
	1057	unset($deliver_content);
532ae5	1058	}
L	1059
	1060	//* Reconfigure postfix to use dovecot authentication
	1061	// Adding the amavisd commands to the postfix configuration
	1062	$postconf_commands = array (
b1a6a5	1063	'dovecot_destination_recipient_limit = 1',
59baa4	1064	'virtual_transport = '.$virtual_transport,
b1a6a5	1065	'smtpd_sasl_type = dovecot',
MC	1066	'smtpd_sasl_path = private/auth'
532ae5	1067	);
L	1068
	1069	// Make a backup copy of the main.cf file
b1a6a5	1070	copy($conf['postfix']['config_dir'].'/main.cf', $conf['postfix']['config_dir'].'/main.cf~3');
532ae5	1071
L	1072	// Executing the postconf commands
	1073	foreach($postconf_commands as $cmd) {
	1074	$command = "postconf -e '$cmd'";
	1075	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1076	}
	1077
31e0d1	1078	//* backup dovecot.conf
bd5d26	1079	$config_dir = $conf['dovecot']['config_dir'];
532ae5	1080	$configfile = 'dovecot.conf';
L	1081	if(is_file($config_dir.'/'.$configfile)) {
	1082	copy($config_dir.'/'.$configfile, $config_dir.'/'.$configfile.'~');
	1083	}
a8ccf6	1084
31e0d1	1085	//* Get the dovecot version
b1a6a5	1086	exec('dovecot --version', $tmp);
1fc360	1087	$dovecot_version = $tmp[0];
31e0d1	1088	unset($tmp);
a8ccf6	1089
31e0d1	1090	//* Copy dovecot configuration file
0adcbb	1091	if(version_compare($dovecot_version,1, '<=')) { //* Dovecot 1.x
FS	1092	if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot.conf.master')) {
	1093	copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot.conf.master', $config_dir.'/'.$configfile);
	1094	} else {
	1095	copy('tpl/debian_dovecot.conf.master', $config_dir.'/'.$configfile);
	1096	}
	1097	} else { //* Dovecot 2.x
b1a6a5	1098	if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot2.conf.master')) {
MC	1099	copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot2.conf.master', $config_dir.'/'.$configfile);
	1100	} else {
	1101	copy('tpl/debian_dovecot2.conf.master', $config_dir.'/'.$configfile);
	1102	}
65576f	1103	replaceLine($config_dir.'/'.$configfile, 'postmaster_address = postmaster@example.com', 'postmaster_address = postmaster@'.$conf['hostname'], 1, 0);
0adcbb	1104	if(version_compare($dovecot_version, 2.1, '<')) {
1fc360	1105	removeLine($config_dir.'/'.$configfile, 'ssl_protocols =');
b1a6a5	1106	}
31e0d1	1107	}
532ae5	1108
8b23f8	1109	//* dovecot-lmtpd
FS	1110	if($configure_lmtp) {
	1111	replaceLine($config_dir.'/'.$configfile, 'protocols = imap pop3', 'protocols = imap pop3 lmtp', 1, 0);
	1112	}
	1113
532ae5	1114	//* dovecot-sql.conf
L	1115	$configfile = 'dovecot-sql.conf';
	1116	if(is_file($config_dir.'/'.$configfile)) {
	1117	copy($config_dir.'/'.$configfile, $config_dir.'/'.$configfile.'~');
	1118	}
edf806	1119	if(is_file($config_dir.'/'.$configfile.'~')) chmod($config_dir.'/'.$configfile.'~', 0400);
615a0a	1120	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot-sql.conf.master', 'tpl/debian_dovecot-sql.conf.master');
b1a6a5	1121	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC	1122	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	1123	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	1124	$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
82e9b9	1125	$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
032b86	1126	$content = str_replace('{server_id}', $conf['server_id'], $content);
532ae5	1127	wf($config_dir.'/'.$configfile, $content);
L	1128
	1129	chmod($config_dir.'/'.$configfile, 0600);
	1130	chown($config_dir.'/'.$configfile, 'root');
	1131	chgrp($config_dir.'/'.$configfile, 'root');
5e7306	1132
TB	1133	// Dovecot shall ignore mounts in website directory
7db4cd	1134	if(is_installed('doveadm')) exec("doveadm mount add '/var/www/*' ignore > /dev/null 2> /dev/null");
532ae5	1135
L	1136	}
	1137
	1138	public function configure_amavis() {
	1139	global $conf;
	1140
	1141	// amavisd user config file
	1142	$configfile = 'amavisd_user_config';
b1a6a5	1143	if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) copy($conf['amavis']['config_dir'].'/conf.d/50-user', $conf['amavis']['config_dir'].'/50-user~');
c83951	1144	if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);
615a0a	1145	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
b1a6a5	1146	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC	1147	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	1148	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	1149	$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
	1150	$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
	1151	wf($conf['amavis']['config_dir'].'/conf.d/50-user', $content);
c83951	1152	chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640);
532ae5	1153
L	1154	// TODO: chmod and chown on the config file
	1155
	1156
	1157	// Adding the amavisd commands to the postfix configuration
864ee2	1158	// Add array for no error in foreach and maybe future options
X	1159	$postconf_commands = array ();
a8ccf6	1160
864ee2	1161	// Check for amavisd -> pure webserver with postfix for mailing without antispam
ac28b5	1162	if ($conf['amavis']['installed']) {
864ee2	1163	$postconf_commands[] = 'content_filter = amavis:[127.0.0.1]:10024';
X	1164	$postconf_commands[] = 'receive_override_options = no_address_mappings';
	1165	}
532ae5	1166
L	1167	// Make a backup copy of the main.cf file
b1a6a5	1168	copy($conf['postfix']['config_dir'].'/main.cf', $conf['postfix']['config_dir'].'/main.cf~2');
532ae5	1169
L	1170	// Executing the postconf commands
	1171	foreach($postconf_commands as $cmd) {
	1172	$command = "postconf -e '$cmd'";
	1173	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1174	}
	1175
bd5d26	1176	$config_dir = $conf['postfix'];
FS	1177
	1178	// Adding amavis-services to the master.cf file if the service does not already exists
	1179	if ($this->postfix_master()) {
	1180	exec ("postconf -M amavis.unix", $out, $ret);
	1181	$add_amavis = @($out[0]=='')?true:false;
	1182	unset($out);
	1183	exec ("postconf -M 127.0.0.1:10025.inet", $out, $ret);
	1184	$add_amavis_10025 = @($out[0]=='')?true:false;
	1185	unset($out);
	1186	exec ("postconf -M 127.0.0.1:10027.inet", $out, $ret);
	1187	$add_amavis_10027 = @($out[0]=='')?true:false;
	1188	unset($out);
	1189	} else { //* fallback - postfix < 2.9
	1190	$content = rf($conf['postfix']['config_dir'].'/master.cf');
	1191	$add_amavis = @(!preg_match('/^amavis\s+unix\s+/m', $content))?true:false;
	1192	$add_amavis_10025 = @(!preg_match('/^127.0.0.1:10025\s+/m', $content))?true:false;
	1193	$add_amavis_10027 = @(!preg_match('/^127.0.0.1:10027\s+/m', $content))?true:false;
44ae08	1194	}
bd5d26	1195
FS	1196	if ($add_amavis \|\| $add_amavis_10025 \|\| $add_amavis_10027) {
	1197	//* backup master.cf
	1198	if(is_file($config_dir.'/master.cf')) copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
	1199	// adjust amavis-config
	1200	if($add_amavis) {
	1201	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis.master', 'tpl/master_cf_amavis.master');
	1202	af($config_dir.'/master.cf', $content);
	1203	unset($content);
	1204	}
	1205	if ($add_amavis_10025) {
	1206	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10025.master', 'tpl/master_cf_amavis10025.master');
	1207	af($config_dir.'/master.cf', $content);
	1208	unset($content);
	1209	}
	1210	if ($add_amavis_10027) {
	1211	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10027.master', 'tpl/master_cf_amavis10027.master');
	1212	af($config_dir.'/master.cf', $content);
	1213	unset($content);
	1214	}
44ae08	1215	}
532ae5	1216
L	1217	// Add the clamav user to the amavis group
	1218	exec('adduser clamav amavis');
	1219
535a69	1220	// Create the director for DKIM-Keys
be6237	1221	if(!is_dir('/var/lib/amavis/dkim')) mkdir('/var/lib/amavis/dkim', 0750, true);
535a69	1222	// get shell-user for amavis
T	1223	$amavis_user=exec('grep -o "^amavis:\\|^vscan:" /etc/passwd');
	1224	if(!empty($amavis_user)) {
b1a6a5	1225	$amavis_user=rtrim($amavis_user, ":");
44ae08	1226	exec('chown '.$amavis_user.' /var/lib/amavis/dkim');
535a69	1227	}
T	1228	// get shell-group for amavis
	1229	$amavis_group=exec('grep -o "^amavis:\\|^vscan:" /etc/group');
	1230	if(!empty($amavis_group)) {
b1a6a5	1231	$amavis_group=rtrim($amavis_group, ":");
44ae08	1232	exec('chgrp '.$amavis_group.' /var/lib/amavis/dkim');
535a69	1233	}
532ae5	1234	}
L	1235
	1236	public function configure_spamassassin() {
	1237	global $conf;
	1238
	1239	//* Enable spamasasssin on debian and ubuntu
	1240	$configfile = '/etc/default/spamassassin';
	1241	if(is_file($configfile)) {
	1242	copy($configfile, $configfile.'~');
	1243	}
	1244	$content = rf($configfile);
	1245	$content = str_replace('ENABLED=0', 'ENABLED=1', $content);
	1246	wf($configfile, $content);
	1247	}
	1248
	1249	public function configure_getmail() {
	1250	global $conf;
	1251
	1252	$config_dir = $conf['getmail']['config_dir'];
	1253
	1254	if(!@is_dir($config_dir)) mkdir(escapeshellcmd($config_dir), 0700, true);
	1255
	1256	$command = 'useradd -d '.$config_dir.' getmail';
	1257	if(!is_user('getmail')) caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1258
	1259	$command = "chown -R getmail $config_dir";
	1260	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1261
	1262	$command = "chmod -R 700 $config_dir";
	1263	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1264	}
	1265
	1266
	1267	public function configure_pureftpd() {
	1268	global $conf;
	1269
	1270	$config_dir = $conf['pureftpd']['config_dir'];
	1271
	1272	//* configure pure-ftpd for MySQL authentication against the ispconfig database
	1273	$configfile = 'db/mysql.conf';
	1274	if(is_file($config_dir.'/'.$configfile)) {
	1275	copy($config_dir.'/'.$configfile, $config_dir.'/'.$configfile.'~');
	1276	}
	1277	if(is_file($config_dir.'/'.$configfile.'~')) {
	1278	chmod($config_dir.'/'.$configfile.'~', 0400);
	1279	}
615a0a	1280	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/pureftpd_mysql.conf.master', 'tpl/pureftpd_mysql.conf.master');
532ae5	1281	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
L	1282	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	1283	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	1284	$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
	1285	$content = str_replace('{server_id}', $conf['server_id'], $content);
	1286	wf($config_dir.'/'.$configfile, $content);
	1287	chmod($config_dir.'/'.$configfile, 0600);
	1288	chown($config_dir.'/'.$configfile, 'root');
	1289	chgrp($config_dir.'/'.$configfile, 'root');
	1290	// **enable chrooting
	1291	//exec('mkdir -p '.$config_dir.'/conf/ChrootEveryone');
	1292	exec('echo "yes" > '.$config_dir.'/conf/ChrootEveryone');
	1293	exec('echo "yes" > '.$config_dir.'/conf/BrokenClientsCompatibility');
	1294	exec('echo "yes" > '.$config_dir.'/conf/DisplayDotFiles');
	1295
	1296	if(is_file('/etc/default/pure-ftpd-common')) {
b1a6a5	1297	replaceLine('/etc/default/pure-ftpd-common', 'STANDALONE_OR_INETD=inetd', 'STANDALONE_OR_INETD=standalone', 1, 0);
MC	1298	replaceLine('/etc/default/pure-ftpd-common', 'VIRTUALCHROOT=false', 'VIRTUALCHROOT=true', 1, 0);
532ae5	1299	}
L	1300
	1301	if(is_file('/etc/inetd.conf')) {
b1a6a5	1302	replaceLine('/etc/inetd.conf', '/usr/sbin/pure-ftpd-wrapper', '#ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/pure-ftpd-wrapper', 0, 0);
acdd7a	1303	exec($this->getinitcommand('openbsd-inetd', 'restart'));
33bcd0	1304	//if(is_file($conf['init_scripts'].'/'.'openbsd-inetd')) exec($conf['init_scripts'].'/'.'openbsd-inetd restart');
532ae5	1305	}
L	1306
	1307	if(!is_file('/etc/pure-ftpd/conf/DontResolve')) exec('echo "yes" > /etc/pure-ftpd/conf/DontResolve');
	1308	}
	1309
	1310	public function configure_mydns() {
	1311	global $conf;
	1312
	1313	// configure pam for SMTP authentication agains the ispconfig database
	1314	$configfile = 'mydns.conf';
b1a6a5	1315	if(is_file($conf['mydns']['config_dir'].'/'.$configfile)) copy($conf['mydns']['config_dir'].'/'.$configfile, $conf['mydns']['config_dir'].'/'.$configfile.'~');
532ae5	1316	if(is_file($conf['mydns']['config_dir'].'/'.$configfile.'~')) chmod($conf['mydns']['config_dir'].'/'.$configfile.'~', 0400);
615a0a	1317	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
b1a6a5	1318	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC	1319	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	1320	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	1321	$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
82e9b9	1322	$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
b1a6a5	1323	$content = str_replace('{server_id}', $conf['server_id'], $content);
MC	1324	wf($conf['mydns']['config_dir'].'/'.$configfile, $content);
532ae5	1325	chmod($conf['mydns']['config_dir'].'/'.$configfile, 0600);
L	1326	chown($conf['mydns']['config_dir'].'/'.$configfile, 'root');
	1327	chgrp($conf['mydns']['config_dir'].'/'.$configfile, 'root');
	1328
	1329	}
	1330
	1331	public function configure_powerdns() {
	1332	global $conf;
	1333
	1334	//* Create the database
2af58c	1335	if(!$this->db->query('CREATE DATABASE IF NOT EXISTS ?? DEFAULT CHARACTER SET ?', $conf['powerdns']['database'], $conf['mysql']['charset'])) {
532ae5	1336	$this->error('Unable to create MySQL database: '.$conf['powerdns']['database'].'.');
L	1337	}
	1338
	1339	//* Create the ISPConfig database user in the local database
2af58c	1340	$query = "GRANT ALL ON ?? TO ?@'localhost'";
MC	1341	if(!$this->db->query($query, $conf['powerdns']['database'] . '.*', $conf['mysql']['ispconfig_user'])) {
532ae5	1342	$this->error('Unable to create user for powerdns database Error: '.$this->db->errorMessage);
L	1343	}
	1344
	1345	//* Reload database privelages
2af58c	1346	$this->db->query('FLUSH PRIVILEGES');
532ae5	1347
L	1348	//* load the powerdns databse dump
	1349	if($conf['mysql']['admin_password'] == '') {
	1350	caselog("mysql --default-character-set=".$conf['mysql']['charset']." -h '".$conf['mysql']['host']."' -u '".$conf['mysql']['admin_user']."' '".$conf['powerdns']['database']."' < '".ISPC_INSTALL_ROOT."/install/sql/powerdns.sql' &> /dev/null",
b1a6a5	1351	__FILE__, __LINE__, 'read in ispconfig3.sql', 'could not read in powerdns.sql');
532ae5	1352	} else {
L	1353	caselog("mysql --default-character-set=".$conf['mysql']['charset']." -h '".$conf['mysql']['host']."' -u '".$conf['mysql']['admin_user']."' -p'".$conf['mysql']['admin_password']."' '".$conf['powerdns']['database']."' < '".ISPC_INSTALL_ROOT."/install/sql/powerdns.sql' &> /dev/null",
b1a6a5	1354	__FILE__, __LINE__, 'read in ispconfig3.sql', 'could not read in powerdns.sql');
532ae5	1355	}
L	1356
	1357	//* Create the powerdns config file
	1358	$configfile = 'pdns.local';
b1a6a5	1359	if(is_file($conf['powerdns']['config_dir'].'/'.$configfile)) copy($conf['powerdns']['config_dir'].'/'.$configfile, $conf['powerdns']['config_dir'].'/'.$configfile.'~');
532ae5	1360	if(is_file($conf['powerdns']['config_dir'].'/'.$configfile.'~')) chmod($conf['powerdns']['config_dir'].'/'.$configfile.'~', 0400);
615a0a	1361	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
b1a6a5	1362	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC	1363	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	1364	$content = str_replace('{powerdns_database}', $conf['powerdns']['database'], $content);
	1365	$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
82e9b9	1366	$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
b1a6a5	1367	wf($conf['powerdns']['config_dir'].'/'.$configfile, $content);
532ae5	1368	chmod($conf['powerdns']['config_dir'].'/'.$configfile, 0600);
L	1369	chown($conf['powerdns']['config_dir'].'/'.$configfile, 'root');
	1370	chgrp($conf['powerdns']['config_dir'].'/'.$configfile, 'root');
	1371
	1372
	1373	}
	1374
	1375	public function configure_bind() {
	1376	global $conf;
	1377
b1a6a5	1378	//* Check if the zonefile directory has a slash at the end
MC	1379	$content=$conf['bind']['bind_zonefiles_dir'];
	1380	if(substr($content, -1, 1) != '/') {
	1381	$content .= '/';
532ae5	1382	}
L	1383
	1384	//* Create the slave subdirectory
b1a6a5	1385	$content .= 'slave';
fc7f1b	1386	if(!@is_dir($content)) mkdir($content, 2770, true);
532ae5	1387
b1a6a5	1388	//* Chown the slave subdirectory to $conf['bind']['bind_user']
MC	1389	chown($content, $conf['bind']['bind_user']);
	1390	chgrp($content, $conf['bind']['bind_group']);
fc7f1b	1391	chmod($content, 2770);
532ae5	1392
L	1393	}
	1394
	1395
fbe2d6	1396	public function configure_xmpp($options = '') {
9f94a1	1397	global $conf;
MF	1398
	1399	if($conf['xmpp']['installed'] == false) return;
	1400	//* Create the logging directory for xmpp server
	1401	if(!@is_dir('/var/log/metronome')) mkdir('/var/log/metronome', 0755, true);
	1402	chown('/var/log/metronome', 'metronome');
	1403	if(!@is_dir('/var/run/metronome')) mkdir('/var/run/metronome', 0755, true);
	1404	chown('/var/run/metronome', 'metronome');
	1405	if(!@is_dir('/var/lib/metronome')) mkdir('/var/lib/metronome', 0755, true);
	1406	chown('/var/lib/metronome', 'metronome');
	1407	if(!@is_dir('/etc/metronome/hosts')) mkdir('/etc/metronome/hosts', 0755, true);
	1408	if(!@is_dir('/etc/metronome/status')) mkdir('/etc/metronome/status', 0755, true);
	1409	unlink('/etc/metronome/metronome.cfg.lua');
	1410
2af58c	1411	$row = $this->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $conf["server_id"]);
9f94a1	1412	$server_name = $row["server_name"];
MF	1413
	1414	$tpl = new tpl('metronome_conf_main.master');
	1415	wf('/etc/metronome/metronome.cfg.lua', $tpl->grab());
	1416	unset($tpl);
	1417
	1418	$tpl = new tpl('metronome_conf_global.master');
	1419	$tpl->setVar('xmpp_admins','');
	1420	wf('/etc/metronome/global.cfg.lua', $tpl->grab());
	1421	unset($tpl);
	1422
	1423	// Copy isp libs
	1424	if(!@is_dir('/usr/lib/metronome/isp-modules')) mkdir('/usr/lib/metronome/isp-modules', 0755, true);
	1425	caselog('cp -rf apps/metronome_libs/* /usr/lib/metronome/isp-modules/', __FILE__, __LINE__);
3e994a	1426	// Process db config
MF	1427	$full_file_name = '/usr/lib/metronome/isp-modules/mod_auth_external/db_conf.inc.php';
	1428	$content = rf($full_file_name);
	1429	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
	1430	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	1431	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	1432	$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
	1433	$content = str_replace('{server_id}', $conf['server_id'], $content);
	1434	wf($full_file_name, $content);
	1435
fbe2d6	1436	if(!stristr($options, 'dont-create-certs')){
MF	1437	// Create SSL Certificate for localhost
	1438	echo "writing new private key to 'localhost.key'\n-----\n";
	1439	$ssl_country = $this->free_query('Country Name (2 letter code)', 'AU');
	1440	$ssl_locality = $this->free_query('Locality Name (eg, city)', '');
	1441	$ssl_organisation = $this->free_query('Organization Name (eg, company)', 'Internet Widgits Pty Ltd');
	1442	$ssl_organisation_unit = $this->free_query('Organizational Unit Name (eg, section)', '');
	1443	$ssl_domain = $this->free_query('Common Name (e.g. server FQDN or YOUR name)', $conf['hostname']);
	1444	$ssl_email = $this->free_query('Email Address', '');
6886b5	1445
fbe2d6	1446	$tpl = new tpl('metronome_conf_ssl.master');
MF	1447	$tpl->setVar('ssl_country',$ssl_country);
	1448	$tpl->setVar('ssl_locality',$ssl_locality);
	1449	$tpl->setVar('ssl_organisation',$ssl_organisation);
	1450	$tpl->setVar('ssl_organisation_unit',$ssl_organisation_unit);
	1451	$tpl->setVar('domain',$ssl_domain);
	1452	$tpl->setVar('ssl_email',$ssl_email);
	1453	wf('/etc/metronome/certs/localhost.cnf', $tpl->grab());
	1454	unset($tpl);
	1455	// Generate new key, csr and cert
	1456	exec("(cd /etc/metronome/certs && make localhost.key)");
	1457	exec("(cd /etc/metronome/certs && make localhost.csr)");
	1458	exec("(cd /etc/metronome/certs && make localhost.cert)");
	1459	exec('chmod 0400 /etc/metronome/certs/localhost.key');
	1460	exec('chown metronome /etc/metronome/certs/localhost.key');
	1461	}else{
	1462	echo "-----\n";
	1463	echo "Metronome XMPP SSL server certificate is not renewed. Run the following command manual as root to recreate it:\n";
	1464	echo "# (cd /etc/metronome/certs && make localhost.key && make localhost.csr && make localhost.cert && chmod 0400 localhost.key && chown metronome localhost.key)\n";
	1465	echo "-----\n";
	1466	}
9f94a1	1467
MF	1468	// Copy init script
	1469	caselog('cp -f apps/metronome-init /etc/init.d/metronome', __FILE__, __LINE__);
	1470	caselog('chmod u+x /etc/init.d/metronome', __FILE__, __LINE__);
fa79b7	1471	caselog('update-rc.d metronome defaults', __FILE__, __LINE__);
9f94a1	1472
MF	1473	exec($this->getinitcommand('xmpp', 'restart'));
	1474
6886b5	1475	/*
MF	1476	writing new private key to 'smtpd.key'
	1477	-----
	1478	You are about to be asked to enter information that will be incorporated
	1479	into your certificate request.
	1480	What you are about to enter is what is called a Distinguished Name or a DN.
	1481	There are quite a few fields but you can leave some blank
	1482	For some fields there will be a default value,
	1483	If you enter '.', the field will be left blank.
	1484	-----
	1485	Country Name (2 letter code) [AU]:
	1486	State or Province Name (full name) [Some-State]:
	1487	Locality Name (eg, city) []:
	1488	Organization Name (eg, company) [Internet Widgits Pty Ltd]:
	1489	Organizational Unit Name (eg, section) []:
	1490	Common Name (e.g. server FQDN or YOUR name) []:
	1491	Email Address []:
	1492	* */
9f94a1	1493
MF	1494	/*// Dont just copy over the virtualhost template but add some custom settings
	1495	$tpl = new tpl('apache_apps.vhost.master');
	1496
	1497	$tpl->setVar('apps_vhost_port',$conf['web']['apps_vhost_port']);
	1498	$tpl->setVar('apps_vhost_dir',$conf['web']['website_basedir'].'/apps');
	1499	$tpl->setVar('apps_vhost_basedir',$conf['web']['website_basedir']);
	1500	$tpl->setVar('apps_vhost_servername',$apps_vhost_servername);
	1501	$tpl->setVar('apache_version',getapacheversion());
	1502
	1503
	1504	// comment out the listen directive if port is 80 or 443
	1505	if($conf['web']['apps_vhost_ip'] == 80 or $conf['web']['apps_vhost_ip'] == 443) {
	1506	$tpl->setVar('vhost_port_listen','#');
	1507	} else {
	1508	$tpl->setVar('vhost_port_listen','');
	1509	}
	1510
	1511	wf($vhost_conf_dir.'/apps.vhost', $tpl->grab());
	1512	unset($tpl);*/
	1513	}
	1514
532ae5	1515
L	1516	public function configure_apache() {
	1517	global $conf;
	1518
4ffb51	1519	if($conf['apache']['installed'] == false) return;
532ae5	1520	//* Create the logging directory for the vhost logfiles
L	1521	if(!@is_dir($conf['ispconfig_log_dir'].'/httpd')) mkdir($conf['ispconfig_log_dir'].'/httpd', 0755, true);
	1522
	1523	if(is_file('/etc/suphp/suphp.conf')) {
b1a6a5	1524	replaceLine('/etc/suphp/suphp.conf', 'php=php:/usr/bin', 'x-httpd-suphp="php:/usr/bin/php-cgi"', 0);
532ae5	1525	//replaceLine('/etc/suphp/suphp.conf','docroot=','docroot=/var/clients',0);
b1a6a5	1526	replaceLine('/etc/suphp/suphp.conf', 'umask=0077', 'umask=0022', 0);
532ae5	1527	}
L	1528
	1529	if(is_file('/etc/apache2/sites-enabled/000-default')) {
b1a6a5	1530	replaceLine('/etc/apache2/sites-available/000-default', 'NameVirtualHost ', 'NameVirtualHost :80', 1, 0);
MC	1531	replaceLine('/etc/apache2/sites-available/000-default', '<VirtualHost >', '<VirtualHost :80>', 1, 0);
532ae5	1532	}
L	1533
	1534	if(is_file('/etc/apache2/ports.conf')) {
	1535	// add a line "Listen 443" to ports conf if line does not exist
b1a6a5	1536	replaceLine('/etc/apache2/ports.conf', 'Listen 443', 'Listen 443', 1);
14001d	1537
TB	1538	// Comment out the namevirtualhost lines, as they were added by ispconfig in ispconfig.conf file again
	1539	replaceLine('/etc/apache2/ports.conf', 'NameVirtualHost :80', '# NameVirtualHost :80', 1);
	1540	replaceLine('/etc/apache2/ports.conf', 'NameVirtualHost :443', '# NameVirtualHost :443', 1);
532ae5	1541	}
L	1542
8eca28	1543	if(is_file('/etc/apache2/apache.conf')) {
MC	1544	if(hasLine('/etc/apache2/apache.conf', 'Include sites-enabled/', 1) == false) {
39e5f0	1545	if(hasLine('/etc/apache2/apache.conf', 'IncludeOptional sites-enabled/*.conf', 1) == false && hasLine('/etc/apache2/apache.conf', 'IncludeOptional sites-enabled/', 1) == false) {
8eca28	1546	replaceLine('/etc/apache2/apache.conf', 'Include sites-enabled/', 'Include sites-enabled/', 1, 1);
MC	1547	} elseif(hasLine('/etc/apache2/apache.conf', 'IncludeOptional sites-enabled/*.vhost', 1) == false) {
39e5f0	1548	replaceLine('/etc/apache2/apache.conf', 'IncludeOptional sites-enabled/*.vhost', 'IncludeOptional sites-enabled/', 1, 1);
TB	1549	}
	1550	}
	1551	}
	1552
	1553	if(is_file('/etc/apache2/apache2.conf')) {
	1554	if(hasLine('/etc/apache2/apache2.conf', 'Include sites-enabled/', 1) == false && hasLine('/etc/apache2/apache2.conf', 'IncludeOptional sites-enabled/', 1) == false) {
d10d15	1555	if(hasLine('/etc/apache2/apache2.conf', 'Include sites-enabled/*.conf', 1) == true) {
TB	1556	replaceLine('/etc/apache2/apache2.conf', 'Include sites-enabled/*.conf', 'Include sites-enabled/', 1, 1);
39e5f0	1557	} elseif(hasLine('/etc/apache2/apache2.conf', 'IncludeOptional sites-enabled/*.conf', 1) == true) {
TB	1558	replaceLine('/etc/apache2/apache2.conf', 'IncludeOptional sites-enabled/*.conf', 'IncludeOptional sites-enabled/', 1, 1);
8eca28	1559	}
MC	1560	}
	1561	}
532ae5	1562
L	1563	//* Copy the ISPConfig configuration include
	1564	$vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
	1565	$vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
	1566
ccbf14	1567	$tpl = new tpl('apache_ispconfig.conf.master');
TB	1568	$tpl->setVar('apache_version',getapacheversion());
	1569
2af58c	1570	$records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);
ccbf14	1571	$ip_addresses = array();
TB	1572
532ae5	1573	if(is_array($records) && count($records) > 0) {
L	1574	foreach($records as $rec) {
a2156e	1575	if($rec['ip_type'] == 'IPv6') {
T	1576	$ip_address = '['.$rec['ip_address'].']';
	1577	} else {
	1578	$ip_address = $rec['ip_address'];
	1579	}
b1a6a5	1580	$ports = explode(',', $rec['virtualhost_port']);
a2156e	1581	if(is_array($ports)) {
T	1582	foreach($ports as $port) {
	1583	$port = intval($port);
	1584	if($port > 0 && $port < 65536 && $ip_address != '') {
ccbf14	1585	$ip_addresses[] = array('ip_address' => $ip_address, 'port' => $port);
a2156e	1586	}
T	1587	}
	1588	}
532ae5	1589	}
L	1590	}
855547	1591
3de838	1592	if(count($ip_addresses) > 0) $tpl->setLoop('ip_adresses',$ip_addresses);
855547	1593
ccbf14	1594	wf($vhost_conf_dir.'/ispconfig.conf', $tpl->grab());
TB	1595	unset($tpl);
532ae5	1596
L	1597	if(!@is_link($vhost_conf_enabled_dir.'/000-ispconfig.conf')) {
b1a6a5	1598	symlink($vhost_conf_dir.'/ispconfig.conf', $vhost_conf_enabled_dir.'/000-ispconfig.conf');
532ae5	1599	}
L	1600
	1601	//* make sure that webalizer finds its config file when it is directly in /etc
	1602	if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
	1603	mkdir('/etc/webalizer');
b1a6a5	1604	symlink('/etc/webalizer.conf', '/etc/webalizer/webalizer.conf');
532ae5	1605	}
L	1606
	1607	if(is_file('/etc/webalizer/webalizer.conf')) {
	1608	// Change webalizer mode to incremental
b1a6a5	1609	replaceLine('/etc/webalizer/webalizer.conf', '#IncrementalName', 'IncrementalName webalizer.current', 0, 0);
MC	1610	replaceLine('/etc/webalizer/webalizer.conf', '#Incremental', 'Incremental yes', 0, 0);
	1611	replaceLine('/etc/webalizer/webalizer.conf', '#HistoryName', 'HistoryName webalizer.hist', 0, 0);
532ae5	1612	}
a8ccf6	1613
532ae5	1614	// Check the awsatst script
L	1615	if(!is_dir('/usr/share/awstats/tools')) exec('mkdir -p /usr/share/awstats/tools');
b1a6a5	1616	if(!file_exists('/usr/share/awstats/tools/awstats_buildstaticpages.pl') && file_exists('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl')) symlink('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl', '/usr/share/awstats/tools/awstats_buildstaticpages.pl');
MC	1617	if(file_exists('/etc/awstats/awstats.conf.local')) replaceLine('/etc/awstats/awstats.conf.local', 'LogFormat=4', 'LogFormat=1', 0, 1);
a8ccf6	1618
532ae5	1619	//* add a sshusers group
L	1620	$command = 'groupadd sshusers';
	1621	if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1622
	1623	}
a8ccf6	1624
4ffb51	1625	public function configure_nginx(){
80e3c9	1626	global $conf;
a8ccf6	1627
4ffb51	1628	if($conf['nginx']['installed'] == false) return;
F	1629	//* Create the logging directory for the vhost logfiles
	1630	if(!@is_dir($conf['ispconfig_log_dir'].'/httpd')) mkdir($conf['ispconfig_log_dir'].'/httpd', 0755, true);
	1631
	1632	//* make sure that webalizer finds its config file when it is directly in /etc
	1633	if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
	1634	mkdir('/etc/webalizer');
b1a6a5	1635	symlink('/etc/webalizer.conf', '/etc/webalizer/webalizer.conf');
4ffb51	1636	}
F	1637
	1638	if(is_file('/etc/webalizer/webalizer.conf')) {
	1639	// Change webalizer mode to incremental
b1a6a5	1640	replaceLine('/etc/webalizer/webalizer.conf', '#IncrementalName', 'IncrementalName webalizer.current', 0, 0);
MC	1641	replaceLine('/etc/webalizer/webalizer.conf', '#Incremental', 'Incremental yes', 0, 0);
	1642	replaceLine('/etc/webalizer/webalizer.conf', '#HistoryName', 'HistoryName webalizer.hist', 0, 0);
4ffb51	1643	}
a8ccf6	1644
4ffb51	1645	// Check the awsatst script
F	1646	if(!is_dir('/usr/share/awstats/tools')) exec('mkdir -p /usr/share/awstats/tools');
b1a6a5	1647	if(!file_exists('/usr/share/awstats/tools/awstats_buildstaticpages.pl') && file_exists('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl')) symlink('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl', '/usr/share/awstats/tools/awstats_buildstaticpages.pl');
MC	1648	if(file_exists('/etc/awstats/awstats.conf.local')) replaceLine('/etc/awstats/awstats.conf.local', 'LogFormat=4', 'LogFormat=1', 0, 1);
a8ccf6	1649
4ffb51	1650	//* add a sshusers group
F	1651	$command = 'groupadd sshusers';
	1652	if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
80e3c9	1653	}
a8ccf6	1654
d083f2	1655	public function configure_fail2ban() {
b1a6a5	1656	// To Do
MC	1657	}
a8ccf6	1658
80e3c9	1659	public function configure_squid()
T	1660	{
	1661	global $conf;
2af58c	1662	$row = $this->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $conf["server_id"]);
80e3c9	1663	$ip_address = gethostbyname($row["server_name"]);
T	1664	$server_name = $row["server_name"];
a8ccf6	1665
80e3c9	1666	$configfile = 'squid.conf';
b1a6a5	1667	if(is_file($conf["squid"]["config_dir"].'/'.$configfile)) copy($conf["squid"]["config_dir"].'/'.$configfile, $conf["squid"]["config_dir"].'/'.$configfile.'~');
80e3c9	1668	if(is_file($conf["squid"]["config_dir"].'/'.$configfile.'~')) exec('chmod 400 '.$conf["squid"]["config_dir"].'/'.$configfile.'~');
615a0a	1669	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/".$configfile.".master");
b1a6a5	1670	$content = str_replace('{server_name}', $server_name, $content);
MC	1671	$content = str_replace('{ip_address}', $ip_address, $content);
	1672	$content = str_replace('{config_dir}', $conf['squid']['config_dir'], $content);
	1673	wf($conf["squid"]["config_dir"].'/'.$configfile, $content);
80e3c9	1674	exec('chmod 600 '.$conf["squid"]["config_dir"].'/'.$configfile);
T	1675	exec('chown root:root '.$conf["squid"]["config_dir"].'/'.$configfile);
	1676	}
a8ccf6	1677
80e3c9	1678	public function configure_ufw_firewall()
T	1679	{
	1680	$configfile = 'ufw.conf';
b1a6a5	1681	if(is_file('/etc/ufw/ufw.conf')) copy('/etc/ufw/ufw.conf', '/etc/ufw/ufw.conf~');
80e3c9	1682	$content = rf("tpl/".$configfile.".master");
b1a6a5	1683	wf('/etc/ufw/ufw.conf', $content);
80e3c9	1684	exec('chmod 600 /etc/ufw/ufw.conf');
a8ccf6	1685	exec('chown root:root /etc/ufw/ufw.conf');
80e3c9	1686	}
532ae5	1687
bd68aa	1688	public function configure_bastille_firewall() {
532ae5	1689	global $conf;
L	1690
	1691	$dist_init_scripts = $conf['init_scripts'];
	1692
	1693	if(is_dir('/etc/Bastille.backup')) caselog('rm -rf /etc/Bastille.backup', __FILE__, __LINE__);
	1694	if(is_dir('/etc/Bastille')) caselog('mv -f /etc/Bastille /etc/Bastille.backup', __FILE__, __LINE__);
	1695	@mkdir('/etc/Bastille', 0700);
	1696	if(is_dir('/etc/Bastille.backup/firewall.d')) caselog('cp -pfr /etc/Bastille.backup/firewall.d /etc/Bastille/', __FILE__, __LINE__);
615a0a	1697	if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/bastille-firewall.cfg.master')) {
b1a6a5	1698	caselog('cp -f ' . $conf['ispconfig_install_dir'].'/server/conf-custom/install/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg', __FILE__, __LINE__);
MC	1699	} else {
	1700	caselog('cp -f tpl/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg', __FILE__, __LINE__);
	1701	}
532ae5	1702	caselog('chmod 644 /etc/Bastille/bastille-firewall.cfg', __FILE__, __LINE__);
L	1703	$content = rf('/etc/Bastille/bastille-firewall.cfg');
	1704	$content = str_replace('{DNS_SERVERS}', '', $content);
	1705
	1706	$tcp_public_services = '';
	1707	$udp_public_services = '';
	1708
2af58c	1709	$row = $this->db->queryOneRecord('SELECT * FROM ?? WHERE server_id = ?', $conf["mysql"]["database"] . '.firewall', $conf['server_id']);
532ae5	1710
L	1711	if(trim($row['tcp_port']) != '' \|\| trim($row['udp_port']) != '') {
b1a6a5	1712	$tcp_public_services = trim(str_replace(',', ' ', $row['tcp_port']));
MC	1713	$udp_public_services = trim(str_replace(',', ' ', $row['udp_port']));
532ae5	1714	} else {
L	1715	$tcp_public_services = '21 22 25 53 80 110 143 443 3306 8080 10000';
	1716	$udp_public_services = '53';
	1717	}
	1718
	1719	if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) {
	1720	$tcp_public_services .= ' '.intval($conf['apache']['vhost_port']);
2af58c	1721	if($row['tcp_port'] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ? WHERE server_id = ?", ',' . intval($conf['apache']['vhost_port']), $conf['server_id']);
532ae5	1722	}
L	1723
	1724	$content = str_replace('{TCP_PUBLIC_SERVICES}', $tcp_public_services, $content);
	1725	$content = str_replace('{UDP_PUBLIC_SERVICES}', $udp_public_services, $content);
	1726
	1727	wf('/etc/Bastille/bastille-firewall.cfg', $content);
	1728
	1729	if(is_file($dist_init_scripts.'/bastille-firewall')) caselog('mv -f '.$dist_init_scripts.'/bastille-firewall '.$dist_init_scripts.'/bastille-firewall.backup', __FILE__, __LINE__);
	1730	caselog('cp -f apps/bastille-firewall '.$dist_init_scripts, __FILE__, __LINE__);
	1731	caselog('chmod 700 '.$dist_init_scripts.'/bastille-firewall', __FILE__, __LINE__);
	1732
	1733	if(is_file('/sbin/bastille-ipchains')) caselog('mv -f /sbin/bastille-ipchains /sbin/bastille-ipchains.backup', __FILE__, __LINE__);
	1734	caselog('cp -f apps/bastille-ipchains /sbin', __FILE__, __LINE__);
	1735	caselog('chmod 700 /sbin/bastille-ipchains', __FILE__, __LINE__);
	1736
	1737	if(is_file('/sbin/bastille-netfilter')) caselog('mv -f /sbin/bastille-netfilter /sbin/bastille-netfilter.backup', __FILE__, __LINE__);
	1738	caselog('cp -f apps/bastille-netfilter /sbin', __FILE__, __LINE__);
	1739	caselog('chmod 700 /sbin/bastille-netfilter', __FILE__, __LINE__);
	1740
	1741	if(!@is_dir('/var/lock/subsys')) caselog('mkdir /var/lock/subsys', __FILE__, __LINE__);
	1742
	1743	exec('which ipchains &> /dev/null', $ipchains_location, $ret_val);
	1744	if(!is_file('/sbin/ipchains') && !is_link('/sbin/ipchains') && $ret_val == 0) phpcaselog(@symlink(shell_exec('which ipchains'), '/sbin/ipchains'), 'create symlink', __FILE__, __LINE__);
	1745	unset($ipchains_location);
	1746	exec('which iptables &> /dev/null', $iptables_location, $ret_val);
	1747	if(!is_file('/sbin/iptables') && !is_link('/sbin/iptables') && $ret_val == 0) phpcaselog(@symlink(trim(shell_exec('which iptables')), '/sbin/iptables'), 'create symlink', __FILE__, __LINE__);
	1748	unset($iptables_location);
	1749
	1750	}
	1751
	1752	public function configure_vlogger() {
	1753	global $conf;
	1754
	1755	//** Configure vlogger to use traffic logging to mysql (master) db
	1756	$configfile = 'vlogger-dbi.conf';
b1a6a5	1757	if(is_file($conf['vlogger']['config_dir'].'/'.$configfile)) copy($conf['vlogger']['config_dir'].'/'.$configfile, $conf['vlogger']['config_dir'].'/'.$configfile.'~');
532ae5	1758	if(is_file($conf['vlogger']['config_dir'].'/'.$configfile.'~')) chmod($conf['vlogger']['config_dir'].'/'.$configfile.'~', 0400);
615a0a	1759	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
532ae5	1760	if($conf['mysql']['master_slave_setup'] == 'y') {
b1a6a5	1761	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['master_ispconfig_user'], $content);
MC	1762	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content);
	1763	$content = str_replace('{mysql_server_database}', $conf['mysql']['master_database'], $content);
	1764	$content = str_replace('{mysql_server_ip}', $conf['mysql']['master_host'], $content);
532ae5	1765	} else {
b1a6a5	1766	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC	1767	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	1768	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	1769	$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
532ae5	1770	}
b1a6a5	1771	wf($conf['vlogger']['config_dir'].'/'.$configfile, $content);
532ae5	1772	chmod($conf['vlogger']['config_dir'].'/'.$configfile, 0600);
L	1773	chown($conf['vlogger']['config_dir'].'/'.$configfile, 'root');
	1774	chgrp($conf['vlogger']['config_dir'].'/'.$configfile, 'root');
	1775
	1776	}
	1777
	1778	public function configure_apps_vhost() {
	1779	global $conf;
	1780
	1781	//* Create the ispconfig apps vhost user and group
165152	1782	if($conf['apache']['installed'] == true){
4ffb51	1783	$apps_vhost_user = escapeshellcmd($conf['web']['apps_vhost_user']);
F	1784	$apps_vhost_group = escapeshellcmd($conf['web']['apps_vhost_group']);
	1785	$install_dir = escapeshellcmd($conf['web']['website_basedir'].'/apps');
532ae5	1786
4ffb51	1787	$command = 'groupadd '.$apps_vhost_user;
F	1788	if(!is_group($apps_vhost_group)) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
532ae5	1789
4ffb51	1790	$command = 'useradd -g '.$apps_vhost_group.' -d '.$install_dir.' '.$apps_vhost_group;
F	1791	if(!is_user($apps_vhost_user)) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
532ae5	1792
L	1793
5edf40	1794	//$command = 'adduser '.$conf['apache']['user'].' '.$apps_vhost_group;
TB	1795	$command = 'usermod -a -G '.$apps_vhost_group.' '.$conf['apache']['user'];
4ffb51	1796	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
532ae5	1797
99b55b	1798	if(!@is_dir($install_dir)){
F	1799	mkdir($install_dir, 0755, true);
	1800	} else {
	1801	chmod($install_dir, 0755);
	1802	}
4ffb51	1803	chown($install_dir, $apps_vhost_user);
F	1804	chgrp($install_dir, $apps_vhost_group);
532ae5	1805
4ffb51	1806	//* Copy the apps vhost file
F	1807	$vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
	1808	$vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
	1809	$apps_vhost_servername = ($conf['web']['apps_vhost_servername'] == '')?'':'ServerName '.$conf['web']['apps_vhost_servername'];
d0356f	1810
TB	1811	//* Get the apps vhost port
	1812	if($this->is_update == true) {
	1813	$conf['web']['apps_vhost_port'] = get_apps_vhost_port_number();
	1814	}
532ae5	1815
4ffb51	1816	// Dont just copy over the virtualhost template but add some custom settings
ccbf14	1817	$tpl = new tpl('apache_apps.vhost.master');
TB	1818	$tpl->setVar('apps_vhost_ip',$conf['web']['apps_vhost_ip']);
	1819	$tpl->setVar('apps_vhost_port',$conf['web']['apps_vhost_port']);
	1820	$tpl->setVar('apps_vhost_dir',$conf['web']['website_basedir'].'/apps');
	1821	$tpl->setVar('apps_vhost_basedir',$conf['web']['website_basedir']);
	1822	$tpl->setVar('apps_vhost_servername',$apps_vhost_servername);
	1823	$tpl->setVar('apache_version',getapacheversion());
532ae5	1824
L	1825
4ffb51	1826	// comment out the listen directive if port is 80 or 443
F	1827	if($conf['web']['apps_vhost_ip'] == 80 or $conf['web']['apps_vhost_ip'] == 443) {
ccbf14	1828	$tpl->setVar('vhost_port_listen','#');
4ffb51	1829	} else {
ccbf14	1830	$tpl->setVar('vhost_port_listen','');
4ffb51	1831	}
532ae5	1832
ccbf14	1833	wf($vhost_conf_dir.'/apps.vhost', $tpl->grab());
TB	1834	unset($tpl);
532ae5	1835
4ffb51	1836	//copy('tpl/apache_ispconfig.vhost.master', "$vhost_conf_dir/ispconfig.vhost");
F	1837	//* and create the symlink
7e1cfb	1838	if(@is_link($vhost_conf_enabled_dir.'/apps.vhost')) unlink($vhost_conf_enabled_dir.'/apps.vhost');
F	1839	if(!@is_link($vhost_conf_enabled_dir.'/000-apps.vhost')) {
b1a6a5	1840	symlink($vhost_conf_dir.'/apps.vhost', $vhost_conf_enabled_dir.'/000-apps.vhost');
4ffb51	1841	}
a8ccf6	1842
4ffb51	1843	if(!is_file($conf['web']['website_basedir'].'/php-fcgi-scripts/apps/.php-fcgi-starter')) {
615a0a	1844	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/apache_apps_fcgi_starter.master', 'tpl/apache_apps_fcgi_starter.master');
526b99	1845	$content = str_replace('{fastcgi_bin}', $conf['fastcgi']['fastcgi_bin'], $content);
T	1846	$content = str_replace('{fastcgi_phpini_path}', $conf['fastcgi']['fastcgi_phpini_path'], $content);
4ffb51	1847	mkdir($conf['web']['website_basedir'].'/php-fcgi-scripts/apps', 0755, true);
526b99	1848	//copy('tpl/apache_apps_fcgi_starter.master',$conf['web']['website_basedir'].'/php-fcgi-scripts/apps/.php-fcgi-starter');
T	1849	wf($conf['web']['website_basedir'].'/php-fcgi-scripts/apps/.php-fcgi-starter', $content);
4ffb51	1850	exec('chmod +x '.$conf['web']['website_basedir'].'/php-fcgi-scripts/apps/.php-fcgi-starter');
F	1851	exec('chown -R ispapps:ispapps '.$conf['web']['website_basedir'].'/php-fcgi-scripts/apps');
	1852
b1a6a5	1853	}
532ae5	1854	}
165152	1855	if($conf['nginx']['installed'] == true){
4ffb51	1856	$apps_vhost_user = escapeshellcmd($conf['web']['apps_vhost_user']);
F	1857	$apps_vhost_group = escapeshellcmd($conf['web']['apps_vhost_group']);
	1858	$install_dir = escapeshellcmd($conf['web']['website_basedir'].'/apps');
532ae5	1859
4ffb51	1860	$command = 'groupadd '.$apps_vhost_user;
F	1861	if(!is_group($apps_vhost_group)) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1862
	1863	$command = 'useradd -g '.$apps_vhost_group.' -d '.$install_dir.' '.$apps_vhost_group;
	1864	if(!is_user($apps_vhost_user)) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1865
	1866
11f2ad	1867	//$command = 'adduser '.$conf['nginx']['user'].' '.$apps_vhost_group;
TB	1868	$command = 'usermod -a -G '.$apps_vhost_group.' '.$conf['nginx']['user'];
4ffb51	1869	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
F	1870
6e2d48	1871	if(!@is_dir($install_dir)){
F	1872	mkdir($install_dir, 0755, true);
	1873	} else {
	1874	chmod($install_dir, 0755);
	1875	}
4ffb51	1876	chown($install_dir, $apps_vhost_user);
F	1877	chgrp($install_dir, $apps_vhost_group);
	1878
	1879	//* Copy the apps vhost file
	1880	$vhost_conf_dir = $conf['nginx']['vhost_conf_dir'];
	1881	$vhost_conf_enabled_dir = $conf['nginx']['vhost_conf_enabled_dir'];
	1882	$apps_vhost_servername = ($conf['web']['apps_vhost_servername'] == '')?'_':$conf['web']['apps_vhost_servername'];
	1883
	1884	// Dont just copy over the virtualhost template but add some custom settings
615a0a	1885	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/nginx_apps.vhost.master', 'tpl/nginx_apps.vhost.master');
a8ccf6	1886
4ffb51	1887	if($conf['web']['apps_vhost_ip'] == '_default_'){
F	1888	$apps_vhost_ip = '';
	1889	} else {
	1890	$apps_vhost_ip = $conf['web']['apps_vhost_ip'].':';
	1891	}
a8ccf6	1892
ca0b77	1893	$socket_dir = escapeshellcmd($conf['nginx']['php_fpm_socket_dir']);
b1a6a5	1894	if(substr($socket_dir, -1) != '/') $socket_dir .= '/';
ca0b77	1895	if(!is_dir($socket_dir)) exec('mkdir -p '.$socket_dir);
F	1896	$fpm_socket = $socket_dir.'apps.sock';
8ab3cd	1897	$cgi_socket = escapeshellcmd($conf['nginx']['cgi_socket']);
4ffb51	1898
F	1899	$content = str_replace('{apps_vhost_ip}', $apps_vhost_ip, $content);
	1900	$content = str_replace('{apps_vhost_port}', $conf['web']['apps_vhost_port'], $content);
	1901	$content = str_replace('{apps_vhost_dir}', $conf['web']['website_basedir'].'/apps', $content);
	1902	$content = str_replace('{apps_vhost_servername}', $apps_vhost_servername, $content);
ca0b77	1903	//$content = str_replace('{fpm_port}', ($conf['nginx']['php_fpm_start_port']+1), $content);
F	1904	$content = str_replace('{fpm_socket}', $fpm_socket, $content);
8ab3cd	1905	$content = str_replace('{cgi_socket}', $cgi_socket, $content);
b1a6a5	1906
183c47	1907	if(file_exists('/var/run/php5-fpm.sock')){
F	1908	$use_tcp = '#';
	1909	$use_socket = '';
	1910	} else {
	1911	$use_tcp = '';
	1912	$use_socket = '#';
	1913	}
	1914	$content = str_replace('{use_tcp}', $use_tcp, $content);
	1915	$content = str_replace('{use_socket}', $use_socket, $content);
4ffb51	1916
F	1917	wf($vhost_conf_dir.'/apps.vhost', $content);
a8ccf6	1918
fbb24a	1919	// PHP-FPM
F	1920	// Dont just copy over the php-fpm pool template but add some custom settings
615a0a	1921	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/apps_php_fpm_pool.conf.master', 'tpl/apps_php_fpm_pool.conf.master');
fbb24a	1922	$content = str_replace('{fpm_pool}', 'apps', $content);
ca0b77	1923	//$content = str_replace('{fpm_port}', ($conf['nginx']['php_fpm_start_port']+1), $content);
F	1924	$content = str_replace('{fpm_socket}', $fpm_socket, $content);
fbb24a	1925	$content = str_replace('{fpm_user}', $apps_vhost_user, $content);
F	1926	$content = str_replace('{fpm_group}', $apps_vhost_group, $content);
	1927	wf($conf['nginx']['php_fpm_pool_dir'].'/apps.conf', $content);
4ffb51	1928
F	1929	//copy('tpl/nginx_ispconfig.vhost.master', "$vhost_conf_dir/ispconfig.vhost");
	1930	//* and create the symlink
7e1cfb	1931	if(@is_link($vhost_conf_enabled_dir.'/apps.vhost')) unlink($vhost_conf_enabled_dir.'/apps.vhost');
F	1932	if(!@is_link($vhost_conf_enabled_dir.'/000-apps.vhost')) {
b1a6a5	1933	symlink($vhost_conf_dir.'/apps.vhost', $vhost_conf_enabled_dir.'/000-apps.vhost');
4ffb51	1934	}
a8ccf6	1935
532ae5	1936	}
L	1937	}
a8ccf6	1938
532ae5	1939	public function make_ispconfig_ssl_cert() {
b04e82	1940	global $conf,$autoinstall;
532ae5	1941
L	1942	$install_dir = $conf['ispconfig_install_dir'];
a8ccf6	1943
532ae5	1944	$ssl_crt_file = $install_dir.'/interface/ssl/ispserver.crt';
L	1945	$ssl_csr_file = $install_dir.'/interface/ssl/ispserver.csr';
	1946	$ssl_key_file = $install_dir.'/interface/ssl/ispserver.key';
a8ccf6	1947
532ae5	1948	if(!@is_dir($install_dir.'/interface/ssl')) mkdir($install_dir.'/interface/ssl', 0755, true);
a8ccf6	1949
b1a6a5	1950	$ssl_pw = substr(md5(mt_rand()), 0, 6);
532ae5	1951	exec("openssl genrsa -des3 -passout pass:$ssl_pw -out $ssl_key_file 4096");
b04e82	1952	if(AUTOINSTALL){
TB	1953	exec("openssl req -new -passin pass:$ssl_pw -passout pass:$ssl_pw -subj '/C=".escapeshellcmd($autoinstall['ssl_cert_country'])."/ST=".escapeshellcmd($autoinstall['ssl_cert_state'])."/L=".escapeshellcmd($autoinstall['ssl_cert_locality'])."/O=".escapeshellcmd($autoinstall['ssl_cert_organisation'])."/OU=".escapeshellcmd($autoinstall['ssl_cert_organisation_unit'])."/CN=".escapeshellcmd($autoinstall['ssl_cert_common_name'])."' -key $ssl_key_file -out $ssl_csr_file");
bcd725	1954	} else {
FT	1955	exec("openssl req -new -passin pass:$ssl_pw -passout pass:$ssl_pw -key $ssl_key_file -out $ssl_csr_file");
	1956	}
532ae5	1957	exec("openssl req -x509 -passin pass:$ssl_pw -passout pass:$ssl_pw -key $ssl_key_file -in $ssl_csr_file -out $ssl_crt_file -days 3650");
L	1958	exec("openssl rsa -passin pass:$ssl_pw -in $ssl_key_file -out $ssl_key_file.insecure");
b1a6a5	1959	rename($ssl_key_file, $ssl_key_file.'.secure');
MC	1960	rename($ssl_key_file.'.insecure', $ssl_key_file);
980485	1961
TB	1962	exec('chown -R root:root /usr/local/ispconfig/interface/ssl');
a8ccf6	1963
532ae5	1964	}
L	1965
	1966	public function install_ispconfig() {
	1967	global $conf;
	1968
	1969	$install_dir = $conf['ispconfig_install_dir'];
	1970
	1971	//* Create the ISPConfig installation directory
	1972	if(!@is_dir($install_dir)) {
	1973	$command = "mkdir $install_dir";
	1974	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1975	}
	1976
	1977	//* Create a ISPConfig user and group
	1978	$command = 'groupadd ispconfig';
	1979	if(!is_group('ispconfig')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1980
	1981	$command = 'useradd -g ispconfig -d '.$install_dir.' ispconfig';
	1982	if(!is_user('ispconfig')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1983
	1984	//* copy the ISPConfig interface part
	1985	$command = 'cp -rf ../interface '.$install_dir;
	1986	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1987
	1988	//* copy the ISPConfig server part
	1989	$command = 'cp -rf ../server '.$install_dir;
	1990	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
a13af2	1991
fb6c56	1992	//* Make a backup of the security settings
TB	1993	if(is_file('/usr/local/ispconfig/security/security_settings.ini')) copy('/usr/local/ispconfig/security/security_settings.ini','/usr/local/ispconfig/security/security_settings.ini~');
	1994
a13af2	1995	//* copy the ISPConfig security part
TB	1996	$command = 'cp -rf ../security '.$install_dir;
	1997	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
fb6c56	1998
TB	1999	//* Apply changed security_settings.ini values to new security_settings.ini file
	2000	if(is_file('/usr/local/ispconfig/security/security_settings.ini~')) {
	2001	$security_settings_old = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini~'));
	2002	$security_settings_new = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini'));
	2003	if(is_array($security_settings_new) && is_array($security_settings_old)) {
	2004	foreach($security_settings_new as $section => $sval) {
	2005	if(is_array($sval)) {
	2006	foreach($sval as $key => $val) {
	2007	if(isset($security_settings_old[$section]) && isset($security_settings_old[$section][$key])) {
	2008	$security_settings_new[$section][$key] = $security_settings_old[$section][$key];
	2009	}
	2010	}
	2011	}
	2012	}
	2013	file_put_contents('/usr/local/ispconfig/security/security_settings.ini',array_to_ini($security_settings_new));
	2014	}
	2015	}
532ae5	2016
L	2017	//* Create a symlink, so ISPConfig is accessible via web
	2018	// Replaced by a separate vhost definition for port 8080
	2019	// $command = "ln -s $install_dir/interface/web/ /var/www/ispconfig";
	2020	// caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	2021
	2022	//* Create the config file for ISPConfig interface
	2023	$configfile = 'config.inc.php';
	2024	if(is_file($install_dir.'/interface/lib/'.$configfile)) {
	2025	copy($install_dir.'/interface/lib/'.$configfile, $install_dir.'/interface/lib/'.$configfile.'~');
	2026	}
615a0a	2027	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
532ae5	2028	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
b1a6a5	2029	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
532ae5	2030	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
L	2031	$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
82e9b9	2032	$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
532ae5	2033
L	2034	$content = str_replace('{mysql_master_server_ispconfig_user}', $conf['mysql']['master_ispconfig_user'], $content);
	2035	$content = str_replace('{mysql_master_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content);
	2036	$content = str_replace('{mysql_master_server_database}', $conf['mysql']['master_database'], $content);
	2037	$content = str_replace('{mysql_master_server_host}', $conf['mysql']['master_host'], $content);
82e9b9	2038	$content = str_replace('{mysql_master_server_port}', $conf['mysql']['master_port'], $content);
532ae5	2039
L	2040	$content = str_replace('{server_id}', $conf['server_id'], $content);
	2041	$content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
b63764	2042	$content = str_replace('{language}', $conf['language'], $content);
8cf78b	2043	$content = str_replace('{timezone}', $conf['timezone'], $content);
f598b0	2044	$content = str_replace('{theme}', $conf['theme'], $content);
992797	2045	$content = str_replace('{language_file_import_enabled}', ($conf['language_file_import_enabled'] == true)?'true':'false', $content);
b63764	2046
532ae5	2047	wf($install_dir.'/interface/lib/'.$configfile, $content);
L	2048
	2049	//* Create the config file for ISPConfig server
	2050	$configfile = 'config.inc.php';
	2051	if(is_file($install_dir.'/server/lib/'.$configfile)) {
	2052	copy($install_dir.'/server/lib/'.$configfile, $install_dir.'/interface/lib/'.$configfile.'~');
	2053	}
615a0a	2054	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
532ae5	2055	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
L	2056	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	2057	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	2058	$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
82e9b9	2059	$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
532ae5	2060
L	2061	$content = str_replace('{mysql_master_server_ispconfig_user}', $conf['mysql']['master_ispconfig_user'], $content);
	2062	$content = str_replace('{mysql_master_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content);
	2063	$content = str_replace('{mysql_master_server_database}', $conf['mysql']['master_database'], $content);
	2064	$content = str_replace('{mysql_master_server_host}', $conf['mysql']['master_host'], $content);
82e9b9	2065	$content = str_replace('{mysql_master_server_port}', $conf['mysql']['master_port'], $content);
532ae5	2066
L	2067	$content = str_replace('{server_id}', $conf['server_id'], $content);
	2068	$content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
	2069	$content = str_replace('{language}', $conf['language'], $content);
8cf78b	2070	$content = str_replace('{timezone}', $conf['timezone'], $content);
f598b0	2071	$content = str_replace('{theme}', $conf['theme'], $content);
992797	2072	$content = str_replace('{language_file_import_enabled}', ($conf['language_file_import_enabled'] == true)?'true':'false', $content);
532ae5	2073
L	2074	wf($install_dir.'/server/lib/'.$configfile, $content);
	2075
	2076	//* Create the config file for remote-actions (but only, if it does not exist, because
	2077	// the value is a autoinc-value and so changed by the remoteaction_core_module
	2078	if (!file_exists($install_dir.'/server/lib/remote_action.inc.php')) {
	2079	$content = '<?php' . "\n" . '$maxid_remote_action = 0;' . "\n" . '?>';
	2080	wf($install_dir.'/server/lib/remote_action.inc.php', $content);
	2081	}
	2082
	2083	//* Enable the server modules and plugins.
	2084	// TODO: Implement a selector which modules and plugins shall be enabled.
	2085	$dir = $install_dir.'/server/mods-available/';
	2086	if (is_dir($dir)) {
	2087	if ($dh = opendir($dir)) {
	2088	while (($file = readdir($dh)) !== false) {
b1a6a5	2089	if($file != '.' && $file != '..' && substr($file, -8, 8) == '.inc.php') {
MC	2090	include_once $install_dir.'/server/mods-available/'.$file;
	2091	$module_name = substr($file, 0, -8);
532ae5	2092	$tmp = new $module_name;
L	2093	if($tmp->onInstall()) {
	2094	if(!@is_link($install_dir.'/server/mods-enabled/'.$file)) {
	2095	@symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-enabled/'.$file);
	2096	// @symlink($install_dir.'/server/mods-available/'.$file, '../mods-enabled/'.$file);
	2097	}
	2098	if (strpos($file, '_core_module') !== false) {
	2099	if(!@is_link($install_dir.'/server/mods-core/'.$file)) {
	2100	@symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-core/'.$file);
	2101	// @symlink($install_dir.'/server/mods-available/'.$file, '../mods-core/'.$file);
	2102	}
	2103	}
	2104	}
	2105	unset($tmp);
	2106	}
	2107	}
	2108	closedir($dh);
	2109	}
	2110	}
	2111
	2112	$dir = $install_dir.'/server/plugins-available/';
	2113	if (is_dir($dir)) {
	2114	if ($dh = opendir($dir)) {
	2115	while (($file = readdir($dh)) !== false) {
4ffb51	2116	if($conf['apache']['installed'] == true && $file == 'nginx_plugin.inc.php') continue;
F	2117	if($conf['nginx']['installed'] == true && $file == 'apache2_plugin.inc.php') continue;
b1a6a5	2118	if($file != '.' && $file != '..' && substr($file, -8, 8) == '.inc.php') {
MC	2119	include_once $install_dir.'/server/plugins-available/'.$file;
	2120	$plugin_name = substr($file, 0, -8);
532ae5	2121	$tmp = new $plugin_name;
b1a6a5	2122	if(method_exists($tmp, 'onInstall') && $tmp->onInstall()) {
532ae5	2123	if(!@is_link($install_dir.'/server/plugins-enabled/'.$file)) {
L	2124	@symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-enabled/'.$file);
	2125	//@symlink($install_dir.'/server/plugins-available/'.$file, '../plugins-enabled/'.$file);
	2126	}
	2127	if (strpos($file, '_core_plugin') !== false) {
	2128	if(!@is_link($install_dir.'/server/plugins-core/'.$file)) {
	2129	@symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-core/'.$file);
	2130	//@symlink($install_dir.'/server/plugins-available/'.$file, '../plugins-core/'.$file);
	2131	}
	2132	}
	2133	}
	2134	unset($tmp);
	2135	}
	2136	}
	2137	closedir($dh);
	2138	}
	2139	}
	2140
	2141	// Update the server config
	2142	$mail_server_enabled = ($conf['services']['mail'])?1:0;
	2143	$web_server_enabled = ($conf['services']['web'])?1:0;
	2144	$dns_server_enabled = ($conf['services']['dns'])?1:0;
	2145	$file_server_enabled = ($conf['services']['file'])?1:0;
	2146	$db_server_enabled = ($conf['services']['db'])?1:0;
8cf955	2147	$vserver_server_enabled = ($conf['openvz']['installed'])?1:0;
80e3c9	2148	$proxy_server_enabled = ($conf['services']['proxy'])?1:0;
T	2149	$firewall_server_enabled = ($conf['services']['firewall'])?1:0;
9f94a1	2150	$xmpp_server_enabled = ($conf['services']['xmpp'])?1:0;
532ae5	2151
2af58c	2152	$sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled', proxy_server = '$proxy_server_enabled', firewall_server = '$firewall_server_enabled', xmpp_server = '.$xmpp_server_enabled.' WHERE server_id = ?";
532ae5	2153
2af58c	2154	$this->db->query($sql, $conf['server_id']);
532ae5	2155	if($conf['mysql']['master_slave_setup'] == 'y') {
2af58c	2156	$this->dbmaster->query($sql, $conf['server_id']);
532ae5	2157	}
L	2158
	2159
3e0fc8	2160	// chown install dir to root and chmod 755
TB	2161	$command = 'chown root:root '.$install_dir;
	2162	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	2163	$command = 'chmod 755 '.$install_dir;
532ae5	2164	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
L	2165
fa029b	2166	//* Chmod the files and directories in the install dir
3e0fc8	2167	$command = 'chmod -R 750 '.$install_dir.'/*';
TB	2168	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	2169
	2170	//* chown the interface files to the ispconfig user and group
	2171	$command = 'chown -R ispconfig:ispconfig '.$install_dir.'/interface';
	2172	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	2173
	2174	//* chown the server files to the root user and group
	2175	$command = 'chown -R root:root '.$install_dir.'/server';
532ae5	2176	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
fa029b	2177
TB	2178	//* chown the security files to the root user and group
	2179	$command = 'chown -R root:root '.$install_dir.'/security';
	2180	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	2181
	2182	//* chown the security directory and security_settings.ini to root:ispconfig
	2183	$command = 'chown root:ispconfig '.$install_dir.'/security/security_settings.ini';
	2184	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	2185	$command = 'chown root:ispconfig '.$install_dir.'/security';
	2186	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
cb1221	2187	$command = 'chown root:ispconfig '.$install_dir.'/security/ids.whitelist';
TB	2188	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	2189	$command = 'chown root:ispconfig '.$install_dir.'/security/ids.htmlfield';
	2190	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	2191	$command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
532ae5	2192	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
L	2193
	2194	//* Make the global language file directory group writable
	2195	exec("chmod -R 770 $install_dir/interface/lib/lang");
	2196
	2197	//* Make the temp directory for language file exports writable
	2198	if(is_dir($install_dir.'/interface/web/temp')) exec("chmod -R 770 $install_dir/interface/web/temp");
	2199
	2200	//* Make all interface language file directories group writable
	2201	$handle = @opendir($install_dir.'/interface/web');
b1a6a5	2202	while ($file = @readdir($handle)) {
532ae5	2203	if ($file != '.' && $file != '..') {
L	2204	if(@is_dir($install_dir.'/interface/web'.'/'.$file.'/lib/lang')) {
	2205	$handle2 = opendir($install_dir.'/interface/web'.'/'.$file.'/lib/lang');
b1a6a5	2206	chmod($install_dir.'/interface/web'.'/'.$file.'/lib/lang', 0770);
MC	2207	while ($lang_file = @readdir($handle2)) {
532ae5	2208	if ($lang_file != '.' && $lang_file != '..') {
b1a6a5	2209	chmod($install_dir.'/interface/web'.'/'.$file.'/lib/lang/'.$lang_file, 0770);
532ae5	2210	}
L	2211	}
	2212	}
	2213	}
	2214	}
a8ccf6	2215
477d4e	2216	//* Make the APS directories group writable
T	2217	exec("chmod -R 770 $install_dir/interface/web/sites/aps_meta_packages");
	2218	exec("chmod -R 770 $install_dir/server/aps_packages");
532ae5	2219
L	2220	//* make sure that the server config file (not the interface one) is only readable by the root user
bfcdef	2221	chmod($install_dir.'/server/lib/config.inc.php', 0600);
T	2222	chown($install_dir.'/server/lib/config.inc.php', 'root');
	2223	chgrp($install_dir.'/server/lib/config.inc.php', 'root');
b1a6a5	2224
bfcdef	2225	//* Make sure thet the interface config file is readable by user ispconfig only
T	2226	chmod($install_dir.'/interface/lib/config.inc.php', 0600);
	2227	chown($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
	2228	chgrp($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
532ae5	2229
L	2230	chmod($install_dir.'/server/lib/remote_action.inc.php', 0600);
	2231	chown($install_dir.'/server/lib/remote_action.inc.php', 'root');
	2232	chgrp($install_dir.'/server/lib/remote_action.inc.php', 'root');
	2233
	2234	if(@is_file($install_dir.'/server/lib/mysql_clientdb.conf')) {
	2235	chmod($install_dir.'/server/lib/mysql_clientdb.conf', 0600);
	2236	chown($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
	2237	chgrp($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
	2238	}
a8ccf6	2239
8cf78b	2240	if(is_dir($install_dir.'/interface/invoices')) {
e94a9f	2241	exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
T	2242	exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
edf806	2243	}
980485	2244
TB	2245	exec('chown -R root:root /usr/local/ispconfig/interface/ssl');
532ae5	2246
L	2247	// TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing
	2248	// and must be fixed as this will allow the apache user to read the ispconfig files.
	2249	// Later this must run as own apache server or via suexec!
63b369	2250	if($conf['apache']['installed'] == true){
F	2251	$command = 'adduser '.$conf['apache']['user'].' ispconfig';
	2252	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
272aec	2253	if(is_group('ispapps')){
F	2254	$command = 'adduser '.$conf['apache']['user'].' ispapps';
	2255	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	2256	}
63b369	2257	}
F	2258	if($conf['nginx']['installed'] == true){
	2259	$command = 'adduser '.$conf['nginx']['user'].' ispconfig';
	2260	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
272aec	2261	if(is_group('ispapps')){
F	2262	$command = 'adduser '.$conf['nginx']['user'].' ispapps';
	2263	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	2264	}
63b369	2265	}
532ae5	2266
L	2267	//* Make the shell scripts executable
	2268	$command = "chmod +x $install_dir/server/scripts/*.sh";
	2269	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	2270
55cb02	2271	if ($this->install_ispconfig_interface == true && isset($conf['interface_password']) && $conf['interface_password']!='admin') {
FS	2272	$sql = "UPDATE sys_user SET passwort = md5(?) WHERE username = 'admin';";
	2273	$this->db->query($sql, $conf['interface_password']);
	2274	}
	2275
7e1cfb	2276	if($conf['apache']['installed'] == true && $this->install_ispconfig_interface == true){
4ffb51	2277	//* Copy the ISPConfig vhost for the controlpanel
F	2278	$vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
	2279	$vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
532ae5	2280
4ffb51	2281	// Dont just copy over the virtualhost template but add some custom settings
ccbf14	2282	$tpl = new tpl('apache_ispconfig.vhost.master');
TB	2283	$tpl->setVar('vhost_port',$conf['apache']['vhost_port']);
532ae5	2284
4ffb51	2285	// comment out the listen directive if port is 80 or 443
F	2286	if($conf['apache']['vhost_port'] == 80 or $conf['apache']['vhost_port'] == 443) {
ccbf14	2287	$tpl->setVar('vhost_port_listen','#');
4ffb51	2288	} else {
ccbf14	2289	$tpl->setVar('vhost_port_listen','');
4ffb51	2290	}
a8ccf6	2291
4ffb51	2292	if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
ccbf14	2293	$tpl->setVar('ssl_comment','');
4ffb51	2294	} else {
ccbf14	2295	$tpl->setVar('ssl_comment','#');
4ffb51	2296	}
10b4c8	2297	if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key') && is_file($install_dir.'/interface/ssl/ispserver.bundle')) {
ccbf14	2298	$tpl->setVar('ssl_bundle_comment','');
10b4c8	2299	} else {
ccbf14	2300	$tpl->setVar('ssl_bundle_comment','#');
10b4c8	2301	}
ccbf14	2302
TB	2303	$tpl->setVar('apache_version',getapacheversion());
532ae5	2304
ccbf14	2305	wf($vhost_conf_dir.'/ispconfig.vhost', $tpl->grab());
532ae5	2306
4ffb51	2307	//* and create the symlink
7e1cfb	2308	if($this->is_update == false) {
4ffb51	2309	if(@is_link($vhost_conf_enabled_dir.'/ispconfig.vhost')) unlink($vhost_conf_enabled_dir.'/ispconfig.vhost');
F	2310	if(!@is_link($vhost_conf_enabled_dir.'/000-ispconfig.vhost')) {
b1a6a5	2311	symlink($vhost_conf_dir.'/ispconfig.vhost', $vhost_conf_enabled_dir.'/000-ispconfig.vhost');
4ffb51	2312	}
F	2313	}
cc6568	2314	//if(!is_file('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter')) {
b1a6a5	2315	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/apache_ispconfig_fcgi_starter.master', 'tpl/apache_ispconfig_fcgi_starter.master');
MC	2316	$content = str_replace('{fastcgi_bin}', $conf['fastcgi']['fastcgi_bin'], $content);
	2317	$content = str_replace('{fastcgi_phpini_path}', $conf['fastcgi']['fastcgi_phpini_path'], $content);
	2318	@mkdir('/var/www/php-fcgi-scripts/ispconfig', 0755, true);
	2319	wf('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter', $content);
	2320	exec('chmod +x /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');
	2321	@symlink($install_dir.'/interface/web', '/var/www/ispconfig');
	2322	exec('chown -R ispconfig:ispconfig /var/www/php-fcgi-scripts/ispconfig');
cc6568	2323	//}
532ae5	2324	}
a8ccf6	2325
7e1cfb	2326	if($conf['nginx']['installed'] == true && $this->install_ispconfig_interface == true){
4ffb51	2327	//* Copy the ISPConfig vhost for the controlpanel
F	2328	$vhost_conf_dir = $conf['nginx']['vhost_conf_dir'];
	2329	$vhost_conf_enabled_dir = $conf['nginx']['vhost_conf_enabled_dir'];
532ae5	2330
4ffb51	2331	// Dont just copy over the virtualhost template but add some custom settings
615a0a	2332	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/nginx_ispconfig.vhost.master', 'tpl/nginx_ispconfig.vhost.master');
4ffb51	2333	$content = str_replace('{vhost_port}', $conf['nginx']['vhost_port'], $content);
a8ccf6	2334
4ffb51	2335	if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
f9b8d0	2336	$content = str_replace('{ssl_on}', 'on', $content);
4ffb51	2337	$content = str_replace('{ssl_comment}', '', $content);
F	2338	$content = str_replace('{fastcgi_ssl}', 'on', $content);
	2339	} else {
f9b8d0	2340	$content = str_replace('{ssl_on}', 'off', $content);
4ffb51	2341	$content = str_replace('{ssl_comment}', '#', $content);
F	2342	$content = str_replace('{fastcgi_ssl}', 'off', $content);
	2343	}
a8ccf6	2344
ca0b77	2345	$socket_dir = escapeshellcmd($conf['nginx']['php_fpm_socket_dir']);
b1a6a5	2346	if(substr($socket_dir, -1) != '/') $socket_dir .= '/';
ca0b77	2347	if(!is_dir($socket_dir)) exec('mkdir -p '.$socket_dir);
F	2348	$fpm_socket = $socket_dir.'ispconfig.sock';
a8ccf6	2349
ca0b77	2350	//$content = str_replace('{fpm_port}', $conf['nginx']['php_fpm_start_port'], $content);
F	2351	$content = str_replace('{fpm_socket}', $fpm_socket, $content);
a8ccf6	2352
4ffb51	2353	wf($vhost_conf_dir.'/ispconfig.vhost', $content);
a8ccf6	2354
4ffb51	2355	unset($content);
a8ccf6	2356
4ffb51	2357	// PHP-FPM
F	2358	// Dont just copy over the php-fpm pool template but add some custom settings
615a0a	2359	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/php_fpm_pool.conf.master', 'tpl/php_fpm_pool.conf.master');
4ffb51	2360	$content = str_replace('{fpm_pool}', 'ispconfig', $content);
ca0b77	2361	//$content = str_replace('{fpm_port}', $conf['nginx']['php_fpm_start_port'], $content);
F	2362	$content = str_replace('{fpm_socket}', $fpm_socket, $content);
4ffb51	2363	$content = str_replace('{fpm_user}', 'ispconfig', $content);
F	2364	$content = str_replace('{fpm_group}', 'ispconfig', $content);
	2365	wf($conf['nginx']['php_fpm_pool_dir'].'/ispconfig.conf', $content);
	2366
	2367	//copy('tpl/nginx_ispconfig.vhost.master', $vhost_conf_dir.'/ispconfig.vhost');
	2368	//* and create the symlink
7e1cfb	2369	if($this->is_update == false) {
4ffb51	2370	if(@is_link($vhost_conf_enabled_dir.'/ispconfig.vhost')) unlink($vhost_conf_enabled_dir.'/ispconfig.vhost');
F	2371	if(!@is_link($vhost_conf_enabled_dir.'/000-ispconfig.vhost')) {
b1a6a5	2372	symlink($vhost_conf_dir.'/ispconfig.vhost', $vhost_conf_enabled_dir.'/000-ispconfig.vhost');
4ffb51	2373	}
F	2374	}
532ae5	2375	}
L	2376
	2377	//* Install the update script
b34f99	2378	if(is_file('/usr/local/bin/ispconfig_update_from_dev.sh')) unlink('/usr/local/bin/ispconfig_update_from_dev.sh');
MC	2379	chown($install_dir.'/server/scripts/update_from_dev.sh', 'root');
	2380	chmod($install_dir.'/server/scripts/update_from_dev.sh', 0700);
532ae5	2381	chown($install_dir.'/server/scripts/update_from_tgz.sh', 'root');
L	2382	chmod($install_dir.'/server/scripts/update_from_tgz.sh', 0700);
	2383	chown($install_dir.'/server/scripts/ispconfig_update.sh', 'root');
	2384	chmod($install_dir.'/server/scripts/ispconfig_update.sh', 0700);
b34f99	2385	if(!is_link('/usr/local/bin/ispconfig_update_from_dev.sh')) symlink($install_dir.'/server/scripts/ispconfig_update.sh', '/usr/local/bin/ispconfig_update_from_dev.sh');
b1a6a5	2386	if(!is_link('/usr/local/bin/ispconfig_update.sh')) symlink($install_dir.'/server/scripts/ispconfig_update.sh', '/usr/local/bin/ispconfig_update.sh');
532ae5	2387
L	2388	//* Make the logs readable for the ispconfig user
	2389	if(@is_file('/var/log/mail.log')) exec('chmod +r /var/log/mail.log');
	2390	if(@is_file('/var/log/mail.warn')) exec('chmod +r /var/log/mail.warn');
	2391	if(@is_file('/var/log/mail.err')) exec('chmod +r /var/log/mail.err');
	2392	if(@is_file('/var/log/messages')) exec('chmod +r /var/log/messages');
	2393	if(@is_file('/var/log/clamav/clamav.log')) exec('chmod +r /var/log/clamav/clamav.log');
	2394	if(@is_file('/var/log/clamav/freshclam.log')) exec('chmod +r /var/log/clamav/freshclam.log');
	2395
	2396	//* Create the ispconfig log file and directory
	2397	if(!is_file($conf['ispconfig_log_dir'].'/ispconfig.log')) {
	2398	if(!is_dir($conf['ispconfig_log_dir'])) mkdir($conf['ispconfig_log_dir'], 0755);
	2399	touch($conf['ispconfig_log_dir'].'/ispconfig.log');
	2400	}
a8ccf6	2401
99c89b	2402	//* Create the ispconfig auth log file and set uid/gid
a8ccf6	2403	if(!is_file($conf['ispconfig_log_dir'].'/auth.log')) {
99c89b	2404	touch($conf['ispconfig_log_dir'].'/auth.log');
a8ccf6	2405	}
0799f8	2406	exec('chown ispconfig:ispconfig '. $conf['ispconfig_log_dir'].'/auth.log');
T	2407	exec('chmod 660 '. $conf['ispconfig_log_dir'].'/auth.log');
a8ccf6	2408
0c5b42	2409	if(is_user('getmail')) {
b1a6a5	2410	rename($install_dir.'/server/scripts/run-getmail.sh', '/usr/local/bin/run-getmail.sh');
0c5b42	2411	if(is_user('getmail')) chown('/usr/local/bin/run-getmail.sh', 'getmail');
T	2412	chmod('/usr/local/bin/run-getmail.sh', 0744);
	2413	}
532ae5	2414
L	2415	//* Add Log-Rotation
	2416	if (is_dir('/etc/logrotate.d')) {
	2417	@unlink('/etc/logrotate.d/logispc3'); // ignore, if the file is not there
	2418	/* We rotate these logs in cron_daily.php
	2419	$fh = fopen('/etc/logrotate.d/logispc3', 'w');
	2420	fwrite($fh,
	2421	"$conf['ispconfig_log_dir']/ispconfig.log { \n" .
	2422	" weekly \n" .
	2423	" missingok \n" .
	2424	" rotate 4 \n" .
	2425	" compress \n" .
	2426	" delaycompress \n" .
	2427	"} \n" .
	2428	"$conf['ispconfig_log_dir']/cron.log { \n" .
	2429	" weekly \n" .
	2430	" missingok \n" .
	2431	" rotate 4 \n" .
	2432	" compress \n" .
	2433	" delaycompress \n" .
	2434	"}");
	2435	fclose($fh);
	2436	*/
	2437	}
b1a6a5	2438
d71bae	2439	//* Remove Domain module as its functions are available in the client module now
T	2440	if(@is_dir('/usr/local/ispconfig/interface/web/domain')) exec('rm -rf /usr/local/ispconfig/interface/web/domain');
f30628	2441
TB	2442	//* Disable rkhunter run and update in debian cronjob as ispconfig is running and updating rkhunter
	2443	if(is_file('/etc/default/rkhunter')) {
	2444	replaceLine('/etc/default/rkhunter', 'CRON_DAILY_RUN="yes"', 'CRON_DAILY_RUN="no"', 1, 0);
	2445	replaceLine('/etc/default/rkhunter', 'CRON_DB_UPDATE="yes"', 'CRON_DB_UPDATE="no"', 1, 0);
	2446	}
	2447
021aec	2448	// Add symlink for patch tool
TB	2449	if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch');
5b3f25	2450
c83951	2451	// Change mode of a few files from amavisd
TB	2452	if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640);
	2453	if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);
	2454	if(is_file($conf['amavis']['config_dir'].'/amavisd.conf')) chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
	2455	if(is_file($conf['amavis']['config_dir'].'/amavisd.conf~')) chmod($conf['amavis']['config_dir'].'/amavisd.conf~', 0400);
532ae5	2456	}
L	2457
	2458	public function configure_dbserver() {
	2459	global $conf;
	2460
	2461	//* If this server shall act as database server for client DB's, we configure this here
	2462	$install_dir = $conf['ispconfig_install_dir'];
	2463
	2464	// Create a file with the database login details which
	2465	// are used to create the client databases.
	2466
	2467	if(!is_dir($install_dir.'/server/lib')) {
	2468	$command = "mkdir $install_dir/server/lib";
	2469	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	2470	}
	2471
615a0a	2472	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/mysql_clientdb.conf.master', 'tpl/mysql_clientdb.conf.master');
b1a6a5	2473	$content = str_replace('{hostname}', $conf['mysql']['host'], $content);
MC	2474	$content = str_replace('{username}', $conf['mysql']['admin_user'], $content);
67fede	2475	$content = str_replace('{password}', addslashes($conf['mysql']['admin_password']), $content);
b1a6a5	2476	wf($install_dir.'/server/lib/mysql_clientdb.conf', $content);
532ae5	2477	chmod($install_dir.'/server/lib/mysql_clientdb.conf', 0600);
L	2478	chown($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
a8ccf6	2479	chgrp($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
532ae5	2480
L	2481	}
	2482
	2483	public function install_crontab() {
	2484	global $conf;
	2485
	2486	$install_dir = $conf['ispconfig_install_dir'];
	2487
	2488	//* Root Crontab
	2489	exec('crontab -u root -l > crontab.txt');
	2490	$existing_root_cron_jobs = file('crontab.txt');
	2491
	2492	// remove existing ispconfig cronjobs, in case the syntax has changed
	2493	foreach($existing_root_cron_jobs as $key => $val) {
b1a6a5	2494	if(stristr($val, $install_dir)) unset($existing_root_cron_jobs[$key]);
532ae5	2495	}
L	2496
	2497	$root_cron_jobs = array(
ad90a3	2498	"* * * * * ".$install_dir."/server/server.sh 2>&1 \| while read line; do echo `/bin/date` \"\$line\" >> ".$conf['ispconfig_log_dir']."/cron.log; done",
MC	2499	"* * * * * ".$install_dir."/server/cron.sh 2>&1 \| while read line; do echo `/bin/date` \"\$line\" >> ".$conf['ispconfig_log_dir']."/cron.log; done"
532ae5	2500	);
a8ccf6	2501
b6a10a	2502	if ($conf['nginx']['installed'] == true) {
F	2503	$root_cron_jobs[] = "0 0 * * * ".$install_dir."/server/scripts/create_daily_nginx_access_logs.sh &> /dev/null";
	2504	}
a8ccf6	2505
532ae5	2506	foreach($root_cron_jobs as $cron_job) {
L	2507	if(!in_array($cron_job."\n", $existing_root_cron_jobs)) {
	2508	$existing_root_cron_jobs[] = $cron_job."\n";
	2509	}
	2510	}
	2511	file_put_contents('crontab.txt', $existing_root_cron_jobs);
	2512	exec('crontab -u root crontab.txt &> /dev/null');
	2513	unlink('crontab.txt');
	2514
	2515	//* Getmail crontab
	2516	if(is_user('getmail')) {
	2517	$cf = $conf['getmail'];
	2518	exec('crontab -u getmail -l > crontab.txt');
	2519	$existing_cron_jobs = file('crontab.txt');
	2520
	2521	$cron_jobs = array(
b1a6a5	2522	'/5 * * * /usr/local/bin/run-getmail.sh > /dev/null 2>> /dev/null'
532ae5	2523	);
L	2524
	2525	// remove existing ispconfig cronjobs, in case the syntax has changed
	2526	foreach($existing_cron_jobs as $key => $val) {
b1a6a5	2527	if(stristr($val, 'getmail')) unset($existing_cron_jobs[$key]);
532ae5	2528	}
L	2529
	2530	foreach($cron_jobs as $cron_job) {
	2531	if(!in_array($cron_job."\n", $existing_cron_jobs)) {
	2532	$existing_cron_jobs[] = $cron_job."\n";
	2533	}
	2534	}
	2535	file_put_contents('crontab.txt', $existing_cron_jobs);
	2536	exec('crontab -u getmail crontab.txt &> /dev/null');
	2537	unlink('crontab.txt');
	2538	}
	2539
	2540	touch($conf['ispconfig_log_dir'].'/cron.log');
cc6568	2541	chmod($conf['ispconfig_log_dir'].'/cron.log', 0660);
532ae5	2542
L	2543	}
5b3f25	2544
d5f2d5	2545	public function create_mount_script(){
MC	2546	global $app, $conf;
	2547	$mount_script = '/usr/local/ispconfig/server/scripts/backup_dir_mount.sh';
	2548	$mount_command = '';
	2549
	2550	if(is_file($mount_script)) return;
	2551	if(is_file('/etc/rc.local')){
	2552	$rc_local = file('/etc/rc.local');
	2553	if(is_array($rc_local) && !empty($rc_local)){
	2554	foreach($rc_local as $line){
	2555	$line = trim($line);
	2556	if(substr($line, 0, 1) == '#') continue;
	2557	if(strpos($line, 'sshfs') !== false && strpos($line, '/var/backup') !== false){
	2558	$mount_command = "#!/bin/sh\n\n";
	2559	$mount_command .= $line."\n\n";
	2560	file_put_contents($mount_script, $mount_command);
	2561	chmod($mount_script, 0755);
	2562	chown($mount_script, 'root');
	2563	chgrp($mount_script, 'root');
	2564	break;
	2565	}
	2566	}
	2567	}
	2568	}
	2569	}
	2570
5b3f25	2571	// This function is called at the end of the update process and contains code to clean up parts of old ISPCONfig releases
TB	2572	public function cleanup_ispconfig() {
	2573	global $app,$conf;
	2574
	2575	// Remove directories recursively
	2576	if(is_dir('/usr/local/ispconfig/interface/web/designer')) exec('rm -rf /usr/local/ispconfig/interface/web/designer');
4c3fcd	2577	if(is_dir('/usr/local/ispconfig/interface/web/themes/default-304')) exec('rm -rf /usr/local/ispconfig/interface/web/themes/default-304');
5b3f25	2578
TB	2579	// Remove files
	2580	if(is_file('/usr/local/ispconfig/interface/lib/classes/db_firebird.inc.php')) unlink('/usr/local/ispconfig/interface/lib/classes/db_firebird.inc.php');
	2581	if(is_file('/usr/local/ispconfig/interface/lib/classes/form.inc.php')) unlink('/usr/local/ispconfig/interface/lib/classes/form.inc.php');
	2582
86bc65	2583	// Change mode of a few files from amavisd
MC	2584	if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640);
	2585	if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);
	2586	if(is_file($conf['amavis']['config_dir'].'/amavisd.conf')) chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
	2587	if(is_file($conf['amavis']['config_dir'].'/amavisd.conf~')) chmod($conf['amavis']['config_dir'].'/amavisd.conf~', 0400);
5b3f25	2588
TB	2589	}
b1a6a5	2590
33bcd0	2591	public function getinitcommand($servicename, $action, $init_script_directory = ''){
FT	2592	global $conf;
	2593	// upstart
	2594	if(is_executable('/sbin/initctl')){
	2595	exec('/sbin/initctl version 2>/dev/null \| /bin/grep -q upstart', $retval['output'], $retval['retval']);
	2596	if(intval($retval['retval']) == 0) return 'service '.$servicename.' '.$action;
	2597	}
bc04c3	2598	// systemd
TB	2599	if(is_executable('/bin/systemd') \|\| is_executable('/usr/bin/systemctl')){
	2600	return 'systemctl '.$action.' '.$servicename.'.service';
	2601	}
33bcd0	2602	// sysvinit
FT	2603	if($init_script_directory == '') $init_script_directory = $conf['init_scripts'];
	2604	if(substr($init_script_directory, -1) === '/') $init_script_directory = substr($init_script_directory, 0, -1);
	2605	return $init_script_directory.'/'.$servicename.' '.$action;
	2606	}
532ae5	2607
L	2608	/**
	2609	* Helper function - get the path to a template file based on
	2610	* the local part of the filename. Checks first for the existence
	2611	* of a distribution specific file and if not found looks in the
	2612	* base template folder. Optionally the behaviour can be changed
	2613	* by setting the 2nd parameter which will fetch the contents
	2614	* of the template file and return it instead of the path. The 3rd
	2615	* parameter further extends this behaviour by filtering the contents
	2616	* by inserting the ispconfig database credentials using the {} placeholders.
	2617	*
	2618	* @param string $tLocal local part of filename
	2619	* @param bool $tRf
	2620	* @param bool $tDBCred
	2621	* @return string Relative path to the chosen template file
	2622	*/
	2623	protected function get_template_file($tLocal, $tRf=false, $tDBCred=false) {
	2624	global $conf, $dist;
	2625
	2626	$final_path = '';
b1a6a5	2627	$dist_template = $conf['ispconfig_install_dir'] . '/server/conf-custom/install/' . $tLocal . '.master';
MC	2628	if (file_exists($dist_template)) {
532ae5	2629	$final_path = $dist_template;
L	2630	} else {
b1a6a5	2631	$dist_template = 'dist/tpl/'.strtolower($dist['name'])."/$tLocal.master";
MC	2632	if (file_exists($dist_template)) {
	2633	$final_path = $dist_template;
	2634	} else {
	2635	$final_path = "tpl/$tLocal.master";
	2636	}
	2637	}
532ae5	2638
L	2639	if (!$tRf) {
	2640	return $final_path;
	2641	} else {
	2642	return (!$tDBCred) ? rf($final_path) : $this->insert_db_credentials(rf($final_path));
	2643	}
	2644	}
	2645
	2646	/**
	2647	* Helper function - writes the contents to a config file
	2648	* and performs a backup if the file exist. Additionally
	2649	* if the file exists the new file will be given the
	2650	* same rights and ownership as the original. Optionally the
	2651	* rights and/or ownership can be overriden by appending umask,
	2652	* user and group to the parameters. Providing only uid and gid
	2653	* values will result in only a chown.
	2654	*
	2655	* @param $tConf
	2656	* @param $tContents
	2657	* @return bool
	2658	*/
	2659	protected function write_config_file($tConf, $tContents) {
	2660	// Backup config file before writing new contents and stat file
	2661	if ( is_file($tConf) ) {
	2662	$stat = exec('stat -c \'%a %U %G\' '.escapeshellarg($tConf), $output, $res);
	2663	if ($res == 0) { // stat successfull
8cddcd	2664	list($access, $user, $group) = explode(" ", $stat);
532ae5	2665	}
L	2666
	2667	if ( copy($tConf, $tConf.'~') ) {
	2668	chmod($tConf.'~', 0400);
	2669	}
	2670	}
	2671
	2672	wf($tConf, $tContents); // write file
	2673
	2674	if (func_num_args() >= 4) // override rights and/or ownership
b1a6a5	2675	{
532ae5	2676	$args = func_get_args();
L	2677	$output = array_slice($args, 2);
	2678
	2679	switch (sizeof($output)) {
b1a6a5	2680	case 3:
MC	2681	$umask = array_shift($output);
	2682	if (is_numeric($umask) && preg_match('/^0?[0-7]{3}$/', $umask)) {
	2683	$access = $umask;
	2684	}
	2685	case 2:
	2686	if (is_user($output[0]) && is_group($output[1])) {
	2687	list($user, $group) = $output;
	2688	}
	2689	break;
532ae5	2690	}
L	2691	}
	2692
	2693	if (!empty($user) && !empty($group)) {
	2694	chown($tConf, $user);
	2695	chgrp($tConf, $group);
	2696	}
	2697
	2698	if (!empty($access)) {
	2699	exec("chmod $access $tConf");
	2700	}
	2701	}
	2702
	2703	/**
	2704	* Helper function - filter the contents of a config
	2705	* file by inserting the common ispconfig database
	2706	* credentials.
	2707	*
	2708	* @param $tContents
	2709	* @return string
	2710	*/
	2711	protected function insert_db_credentials($tContents) {
	2712	global $conf;
	2713
	2714	$tContents = str_replace('{mysql_server_ispconfig_user}', $conf["mysql"]["ispconfig_user"], $tContents);
	2715	$tContents = str_replace('{mysql_server_ispconfig_password}', $conf["mysql"]["ispconfig_password"], $tContents);
	2716	$tContents = str_replace('{mysql_server_database}', $conf["mysql"]["database"], $tContents);
	2717	$tContents = str_replace('{mysql_server_ip}', $conf["mysql"]["ip"], $tContents);
b1a6a5	2718	$tContents = str_replace('{mysql_server_host}', $conf['mysql']['host'], $tContents);
82e9b9	2719	$tContents = str_replace('{mysql_server_port}', $conf['mysql']['port'], $tContents);
b1a6a5	2720	$tContents = str_replace('{mysql_server_port}', $conf["mysql"]["port"], $tContents);
532ae5	2721
L	2722	return $tContents;
	2723	}
b1a6a5	2724
532ae5	2725	}
L	2726
e514ae	2727	?>