gitlabFork/ISPConfig3.git - Solinfo Gitblit

Set stronger permission settings on amavis configuration files.

Till Brehm

2015-05-07 5538547761447df757fa42d68c0bf17e219a6a73

commit \| author \| age
32d8e9	1	<?php
T	2
	3	/*
	4	Copyright (c) 2007, Till Brehm, projektfarm Gmbh
	5	All rights reserved.
	6
	7	Redistribution and use in source and binary forms, with or without modification,
	8	are permitted provided that the following conditions are met:
	9
	10	* Redistributions of source code must retain the above copyright notice,
	11	this list of conditions and the following disclaimer.
	12	* Redistributions in binary form must reproduce the above copyright notice,
	13	this list of conditions and the following disclaimer in the documentation
	14	and/or other materials provided with the distribution.
	15	* Neither the name of ISPConfig nor the names of its contributors
	16	may be used to endorse or promote products derived from this software without
	17	specific prior written permission.
	18
	19	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
	20	ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	21	WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	22	IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
	24	BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	25	DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
	26	OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
	27	NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
	28	EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	29	*/
	30
	31	class installer_dist extends installer_base {
60b700	32
MC	33	public function __construct() {
	34	//** check apache modules */
	35	$mods = getapachemodules();
	36	if(in_array('authz_compat', $mods, true)) {
	37	swriteln($inst->lng(' WARNING! You are using mod_authz_compat.'));
	38	swriteln($inst->lng(' Please make sure that your apache config uses the new auth syntax:'));
	39	swriteln($inst->lng(' <Directory />'));
	40	swriteln($inst->lng(' Options None'));
	41	swriteln($inst->lng(' AllowOverride None'));
	42	swriteln($inst->lng(' Require all denied'));
	43	swriteln($inst->lng(' </Directory>'."\n"));
	44
	45	swriteln($inst->lng(' If it uses the old syntax (deny from all) ISPConfig would fail to work.'));
	46	}
	47	}
	48
526b99	49	public function configure_mailman($status = 'insert') {
T	50	global $conf;
	51
	52	$config_dir = $conf['mailman']['config_dir'].'/';
	53	$full_file_name = $config_dir.'mm_cfg.py';
	54	//* Backup exiting file
	55	if(is_file($full_file_name)) {
	56	copy($full_file_name, $config_dir.'mm_cfg.py~');
	57	}
	58
	59	// load files
615a0a	60	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/mm_cfg.py.master', 'tpl/mm_cfg.py.master');
526b99	61	$old_file = rf($full_file_name);
T	62
	63	$old_options = array();
	64	$lines = explode("\n", $old_file);
	65	foreach ($lines as $line)
	66	{
	67	if (trim($line) != '' && substr($line, 0, 1) != '#')
	68	{
	69	@list($key, $value) = @explode("=", $line);
	70	if (!empty($value))
	71	{
	72	$key = rtrim($key);
	73	$old_options[$key] = trim($value);
	74	}
	75	}
	76	}
7fe908	77
526b99	78	if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');
T	79	exec('/usr/sbin/postmap /var/lib/mailman/data/transport-mailman');
	80
	81	$virtual_domains = '';
	82	if($status == 'update')
	83	{
	84	// create virtual_domains list
	85	$domainAll = $this->db->queryAllRecords("SELECT domain FROM mail_mailinglist GROUP BY domain");
	86
	87	if(is_array($domainAll)) {
7fe908	88	foreach($domainAll as $domain)
MC	89	{
	90	if ($domainAll[0]['domain'] == $domain['domain'])
	91	$virtual_domains .= "'".$domain['domain']."'";
	92	else
	93	$virtual_domains .= ", '".$domain['domain']."'";
	94	}
526b99	95	}
T	96	}
	97	else
	98	$virtual_domains = "' '";
	99
	100	$content = str_replace('{hostname}', $conf['hostname'], $content);
	101	if(!isset($old_options['DEFAULT_SERVER_LANGUAGE'])) $old_options['DEFAULT_SERVER_LANGUAGE'] = '';
	102	$content = str_replace('{default_language}', $old_options['DEFAULT_SERVER_LANGUAGE'], $content);
	103	$content = str_replace('{virtual_domains}', $virtual_domains, $content);
	104
	105	wf($full_file_name, $content);
7fe908	106
3f478f	107	//* Write virtual_to_transport.sh script
T	108	$config_dir = $conf['mailman']['config_dir'].'/';
	109	$full_file_name = $config_dir.'virtual_to_transport.sh';
7fe908	110
3f478f	111	//* Backup exiting virtual_to_transport.sh script
T	112	if(is_file($full_file_name)) {
	113	copy($full_file_name, $config_dir.'virtual_to_transport.sh~');
	114	}
7fe908	115
3f478f	116	if(is_dir('/etc/mailman')) {
615a0a	117	if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/mailman-virtual_to_transport.sh')) {
7fe908	118	copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/mailman-virtual_to_transport.sh', $full_file_name);
MC	119	} else {
	120	copy('tpl/mailman-virtual_to_transport.sh', $full_file_name);
	121	}
	122	chgrp($full_file_name, 'mailman');
	123	chmod($full_file_name, 0750);
3f478f	124	}
7fe908	125
3f478f	126	//* Create aliasaes
T	127	exec('/usr/lib/mailman/bin/genaliases 2>/dev/null');
c71d48	128	if(is_file('/var/lib/mailman/data/virtual-mailman')) exec('postmap /var/lib/mailman/data/virtual-mailman');
526b99	129	}
7fe908	130
32d8e9	131	function configure_postfix($options = '')
7fe908	132	{
b51c22	133	global $conf,$autoinstall;
32d8e9	134	$cf = $conf['postfix'];
T	135	$config_dir = $cf['config_dir'];
7fe908	136
32d8e9	137	if(!is_dir($config_dir)){
7fe908	138	$this->error("The postfix configuration directory '$config_dir' does not exist.");
MC	139	}
	140
32d8e9	141	//* mysql-virtual_domains.cf
7fe908	142	$this->process_postfix_config('mysql-virtual_domains.cf');
32d8e9	143
T	144	//* mysql-virtual_forwardings.cf
7fe908	145	$this->process_postfix_config('mysql-virtual_forwardings.cf');
32d8e9	146
T	147	//* mysql-virtual_mailboxes.cf
7fe908	148	$this->process_postfix_config('mysql-virtual_mailboxes.cf');
32d8e9	149
T	150	//* mysql-virtual_email2email.cf
7fe908	151	$this->process_postfix_config('mysql-virtual_email2email.cf');
32d8e9	152
T	153	//* mysql-virtual_transports.cf
7fe908	154	$this->process_postfix_config('mysql-virtual_transports.cf');
32d8e9	155
T	156	//* mysql-virtual_recipient.cf
7fe908	157	$this->process_postfix_config('mysql-virtual_recipient.cf');
32d8e9	158
T	159	//* mysql-virtual_sender.cf
7fe908	160	$this->process_postfix_config('mysql-virtual_sender.cf');
32d8e9	161
T	162	//* mysql-virtual_client.cf
7fe908	163	$this->process_postfix_config('mysql-virtual_client.cf');
MC	164
32d8e9	165	//* mysql-virtual_relaydomains.cf
7fe908	166	$this->process_postfix_config('mysql-virtual_relaydomains.cf');
MC	167
429dcf	168	//* mysql-virtual_relayrecipientmaps.cf
7fe908	169	$this->process_postfix_config('mysql-virtual_relayrecipientmaps.cf');
32d8e9	170
T	171	//* Changing mode and group of the new created config files.
	172	caselog('chmod o= '.$config_dir.'/mysql-virtual_.cf &> /dev/null',
7fe908	173	__FILE__, __LINE__, 'chmod on mysql-virtual_.cf', 'chmod on mysql-virtual_.cf failed');
MC	174	caselog('chgrp '.$cf['group'].' '.$config_dir.'/mysql-virtual_.cf &> /dev/null',
	175	__FILE__, __LINE__, 'chgrp on mysql-virtual_.cf', 'chgrp on mysql-virtual_.cf failed');
	176
1ca823	177	if(!is_dir($cf['vmail_mailbox_base'])) mkdir($cf['vmail_mailbox_base']);
7fe908	178
32d8e9	179	//* Creating virtual mail user and group
fdb514	180	if(is_group($cf['vmail_groupname'])) {
T	181	$command = 'groupmod -g '.$cf['vmail_groupid'].' '.$cf['vmail_groupname'];
	182	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	183	} else {
	184	$command = 'groupadd -g '.$cf['vmail_groupid'].' '.$cf['vmail_groupname'];
	185	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	186	}
7fe908	187
fdb514	188	if(is_user($cf['vmail_username'])) {
T	189	$command = 'usermod -g '.$cf['vmail_groupname'].' -u '.$cf['vmail_userid'].' -d '.$cf['vmail_mailbox_base'].' -s /bin/bash '.$cf['vmail_username'];
	190	caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	191	} else {
	192	$command = 'useradd -g '.$cf['vmail_groupname'].' -u '.$cf['vmail_userid'].' '.$cf['vmail_username'].' -d '.$cf['vmail_mailbox_base'].' -m';
	193	caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
8f898a	194	}
7fe908	195
d2e848	196	if($cf['vmail_mailbox_base'] != '' && strlen($cf['vmail_mailbox_base']) >= 10 && $this->is_update === false) exec('chown -R '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base']);
7fe908	197
b67344	198	//* These postconf commands will be executed on installation and update
7b47c0	199	$server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ".$conf['server_id']);
T	200	$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
	201	unset($server_ini_rec);
	202
	203	//* If there are RBL's defined, format the list and add them to smtp_recipient_restrictions to prevent removeal after an update
	204	$rbl_list = '';
	205	if (@isset($server_ini_array['mail']['realtime_blackhole_list']) && $server_ini_array['mail']['realtime_blackhole_list'] != '') {
7fe908	206	$rbl_hosts = explode(",", str_replace(" ", "", $server_ini_array['mail']['realtime_blackhole_list']));
7b47c0	207	foreach ($rbl_hosts as $key => $value) {
T	208	$rbl_list .= ", reject_rbl_client ". $value;
	209	}
	210	}
	211	unset($rbl_hosts);
	212	unset($server_ini_array);
7fe908	213
7b47c0	214	//* These postconf commands will be executed on installation and update
7fe908	215	$postconf_placeholders = array('{config_dir}' => $config_dir,
MC	216	'{vmail_mailbox_base}' => $cf['vmail_mailbox_base'],
	217	'{vmail_userid}' => $cf['vmail_userid'],
	218	'{vmail_groupid}' => $cf['vmail_groupid'],
	219	'{rbl_list}' => $rbl_list);
	220
	221	$postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_postfix.conf.master', 'tpl/opensuse_postfix.conf.master');
	222	$postconf_tpl = strtr($postconf_tpl, $postconf_placeholders);
	223	$postconf_commands = array_filter(explode("\n", $postconf_tpl)); // read and remove empty lines
	224
b67344	225	//* These postconf commands will be executed on installation only
T	226	if($this->is_update == false) {
7fe908	227	$postconf_commands = array_merge($postconf_commands, array(
MC	228	'myhostname = '.$conf['hostname'],
	229	'mydestination = '.$conf['hostname'].', localhost, localhost.localdomain',
	230	'mynetworks = 127.0.0.0/8 [::1]/128'
	231	));
b67344	232	}
7fe908	233
32d8e9	234	//* Create the header and body check files
T	235	touch($config_dir.'/header_checks');
	236	touch($config_dir.'/mime_header_checks');
	237	touch($config_dir.'/nested_header_checks');
	238	touch($config_dir.'/body_checks');
7fe908	239
3f478f	240	//* Create the mailman files
T	241	if(!is_dir('/var/lib/mailman/data')) exec('mkdir -p /var/lib/mailman/data');
	242	if(!is_file('/var/lib/mailman/data/aliases')) touch('/var/lib/mailman/data/aliases');
	243	exec('postalias /var/lib/mailman/data/aliases');
	244	if(!is_file('/var/lib/mailman/data/virtual-mailman')) touch('/var/lib/mailman/data/virtual-mailman');
	245	exec('postmap /var/lib/mailman/data/virtual-mailman');
	246	if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');
	247	exec('/usr/sbin/postmap /var/lib/mailman/data/transport-mailman');
7fe908	248
32d8e9	249	//* Make a backup copy of the main.cf file
T	250	copy($config_dir.'/main.cf', $config_dir.'/main.cf~');
7fe908	251
32d8e9	252	//* Executing the postconf commands
T	253	foreach($postconf_commands as $cmd) {
	254	$command = "postconf -e '$cmd'";
	255	caselog($command." &> /dev/null", __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
	256	}
7fe908	257
MC	258	if(!stristr($options, 'dont-create-certs')) {
32d8e9	259	//* Create the SSL certificate
b04e82	260	if(AUTOINSTALL){
TB	261	$command = 'cd '.$config_dir.'; '
	262	."openssl req -new -subj '/C=".escapeshellcmd($autoinstall['ssl_cert_country'])."/ST=".escapeshellcmd($autoinstall['ssl_cert_state'])."/L=".escapeshellcmd($autoinstall['ssl_cert_locality'])."/O=".escapeshellcmd($autoinstall['ssl_cert_organisation'])."/OU=".escapeshellcmd($autoinstall['ssl_cert_organisation_unit'])."/CN=".escapeshellcmd($autoinstall['ssl_cert_common_name'])."' -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509";
	263	} else {
	264	$command = 'cd '.$config_dir.'; '
	265	.'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';
	266	}
b51c22	267	exec($command);
7fe908	268
32d8e9	269	$command = 'chmod o= '.$config_dir.'/smtpd.key';
T	270	caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
	271	}
7fe908	272
32d8e9	273	//** We have to change the permissions of the courier authdaemon directory to make it accessible for maildrop.
T	274	$command = 'chmod 755 /var/run/authdaemon.courier-imap';
	275	caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
7fe908	276
32d8e9	277	//* Changing maildrop lines in posfix master.cf
T	278	if(is_file($config_dir.'/master.cf')){
7fe908	279	copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
MC	280	}
32d8e9	281	if(is_file($config_dir.'/master.cf~')){
7fe908	282	exec('chmod 400 '.$config_dir.'/master.cf~');
MC	283	}
32d8e9	284	$configfile = $config_dir.'/master.cf';
T	285	$content = rf($configfile);
7fe908	286
MC	287	$content = str_replace(' flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}',
	288	' flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
	289	$content);
	290
	291	$content = str_replace(' flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}',
	292	' flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
	293	$content);
	294
fdb514	295	// enable tlsmanager
7fe908	296	$content = str_replace('#tlsmgr unix - - n 1000? 1 tlsmgr', 'tlsmgr unix - - n 1000? 1 tlsmgr', $content);
MC	297
32d8e9	298	wf($configfile, $content);
7fe908	299
32d8e9	300	//* Writing the Maildrop mailfilter file
T	301	$configfile = 'mailfilter';
	302	if(is_file($cf['vmail_mailbox_base'].'/.'.$configfile)){
7fe908	303	copy($cf['vmail_mailbox_base'].'/.'.$configfile, $cf['vmail_mailbox_base'].'/.'.$configfile.'~');
MC	304	}
615a0a	305	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
32d8e9	306	$content = str_replace('{dist_postfix_vmail_mailbox_base}', $cf['vmail_mailbox_base'], $content);
T	307	wf($cf['vmail_mailbox_base'].'/.'.$configfile, $content);
7fe908	308
32d8e9	309	//* Create the directory for the custom mailfilters
T	310	$command = 'mkdir '.$cf['vmail_mailbox_base'].'/mailfilters';
	311	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	312
32d8e9	313	//* Chmod and chown the .mailfilter file
T	314	$command = 'chown -R '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base'].'/.mailfilter';
	315	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	316
32d8e9	317	$command = 'chmod -R 600 '.$cf['vmail_mailbox_base'].'/.mailfilter';
T	318	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	319
32d8e9	320	}
7fe908	321
32d8e9	322	public function configure_saslauthd() {
T	323	global $conf;
7fe908	324
32d8e9	325	/*
T	326	$configfile = 'sasl_smtpd.conf';
	327	if(is_file('/etc/sasl2/smtpd.conf')) copy('/etc/sasl2/smtpd.conf','/etc/sasl2/smtpd.conf~');
	328	if(is_file('/etc/sasl2/smtpd.conf~')) exec('chmod 400 '.'/etc/sasl2/smtpd.conf~');
	329	$content = rf("tpl/".$configfile.".master");
	330	$content = str_replace('{mysql_server_ispconfig_user}',$conf['mysql']['ispconfig_user'],$content);
	331	$content = str_replace('{mysql_server_ispconfig_password}',$conf['mysql']['ispconfig_password'], $content);
	332	$content = str_replace('{mysql_server_database}',$conf['mysql']['database'],$content);
	333	$content = str_replace('{mysql_server_ip}',$conf['mysql']['ip'],$content);
	334	wf('/etc/sasl2/smtpd.conf',$content);
	335	*/
7fe908	336
32d8e9	337	// TODO: Chmod and chown on the config file
7fe908	338
MC	339
32d8e9	340	/*
T	341	// Create the spool directory
	342	exec('mkdir -p /var/spool/postfix/var/run/saslauthd');
7fe908	343
32d8e9	344	// Edit the file /etc/default/saslauthd
T	345	$configfile = $conf["saslauthd"]["config"];
	346	if(is_file($configfile)) copy($configfile,$configfile.'~');
	347	if(is_file($configfile.'~')) exec('chmod 400 '.$configfile.'~');
	348	$content = rf($configfile);
	349	$content = str_replace('START=no','START=yes',$content);
	350	$content = str_replace('OPTIONS="-c"','OPTIONS="-m /var/spool/postfix/var/run/saslauthd -r"',$content);
	351	wf($configfile,$content);
	352	*/
7fe908	353
32d8e9	354	// Edit the file /etc/init.d/saslauthd
T	355	$configfile = $conf["init_scripts"].'/'.$conf["saslauthd"]["init_script"];
	356	$content = rf($configfile);
7fe908	357	$content = str_replace('/sbin/startproc $AUTHD_BIN -a $SASLAUTHD_AUTHMECH -n $SASLAUTHD_THREADS > /dev/null 2>&1', '/sbin/startproc $AUTHD_BIN -r -a $SASLAUTHD_AUTHMECH -n $SASLAUTHD_THREADS > /dev/null 2>&1', $content);
MC	358	$content = str_replace('/sbin/startproc $AUTHD_BIN $SASLAUTHD_PARAMS -a $SASLAUTHD_AUTHMECH -n $SASLAUTHD_THREADS > /dev/null 2>&1', '/sbin/startproc $AUTHD_BIN $SASLAUTHD_PARAMS -r -a $SASLAUTHD_AUTHMECH -n $SASLAUTHD_THREADS > /dev/null 2>&1', $content);
	359
	360
	361	if(is_file($configfile)) wf($configfile, $content);
	362
	363
	364
32d8e9	365	}
7fe908	366
32d8e9	367	public function configure_pam()
7fe908	368	{
32d8e9	369	global $conf;
T	370	$pam = $conf['pam'];
	371	//* configure pam for SMTP authentication agains the ispconfig database
	372	$configfile = 'pamd_smtp';
	373	if(is_file("$pam/smtp")) copy("$pam/smtp", "$pam/smtp~");
	374	if(is_file("$pam/smtp~")) exec("chmod 400 $pam/smtp~");
	375
615a0a	376	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
32d8e9	377	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
T	378	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	379	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	380	$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
	381	wf("$pam/smtp", $content);
03bff7	382	// On some OSes smtp is world readable which allows for reading database information. Removing world readable rights should have no effect.
T	383	if(is_file("$pam/smtp")) exec("chmod o= $pam/smtp");
32d8e9	384	//exec("chmod 660 $pam/smtp");
T	385	//exec("chown root:root $pam/smtp");
7fe908	386
32d8e9	387	}
7fe908	388
32d8e9	389	public function configure_courier()
7fe908	390	{
32d8e9	391	global $conf;
T	392	$config_dir = $conf['courier']['config_dir'];
	393	//* authmysqlrc
	394	$configfile = 'authmysqlrc';
	395	if(is_file("$config_dir/$configfile")){
7fe908	396	copy("$config_dir/$configfile", "$config_dir/$configfile~");
MC	397	}
32d8e9	398	exec("chmod 400 $config_dir/$configfile~");
615a0a	399	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
7fe908	400	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC	401	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	402	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	403	$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
32d8e9	404	wf("$config_dir/$configfile", $content);
7fe908	405
32d8e9	406	exec("chmod 660 $config_dir/$configfile");
T	407	exec("chown root:root $config_dir/$configfile");
7fe908	408
32d8e9	409	//* authdaemonrc
T	410	$configfile = $conf['courier']['config_dir'].'/authdaemonrc';
	411	if(is_file($configfile)){
7fe908	412	copy($configfile, $configfile.'~');
MC	413	}
32d8e9	414	if(is_file($configfile.'~')){
7fe908	415	exec('chmod 400 '.$configfile.'~');
MC	416	}
32d8e9	417	$content = rf($configfile);
T	418	$content = str_replace('authmodulelist=', 'authmodulelist="authmysql"', $content);
	419	wf($configfile, $content);
	420	}
7fe908	421
fdb514	422	public function configure_dovecot()
7fe908	423	{
fdb514	424	global $conf;
7fe908	425
fdb514	426	$config_dir = $conf['dovecot']['config_dir'];
7fe908	427
fdb514	428	//* Configure master.cf and add a line for deliver
T	429	if(is_file($config_dir.'/master.cf')){
7fe908	430	copy($config_dir.'/master.cf', $config_dir.'/master.cf~2');
MC	431	}
fdb514	432	if(is_file($config_dir.'/master.cf~')){
7fe908	433	exec('chmod 400 '.$config_dir.'/master.cf~2');
MC	434	}
fdb514	435	$content = rf($conf["postfix"]["config_dir"].'/master.cf');
T	436	// Only add the content if we had not addded it before
7fe908	437	if(!stristr($content, "dovecot/deliver")) {
013ae4	438	$deliver_content = 'dovecot unix - n n - - pipe'."\n".' flags=DROhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}';
7fe908	439	af($conf["postfix"]["config_dir"].'/master.cf', $deliver_content);
fdb514	440	}
T	441	unset($content);
	442	unset($deliver_content);
7fe908	443
MC	444
fdb514	445	//* Reconfigure postfix to use dovecot authentication
T	446	// Adding the amavisd commands to the postfix configuration
	447	$postconf_commands = array (
	448	'dovecot_destination_recipient_limit = 1',
	449	'virtual_transport = dovecot',
	450	'smtpd_sasl_type = dovecot',
	451	'smtpd_sasl_path = private/auth',
	452	);
7fe908	453
fdb514	454	// Make a backup copy of the main.cf file
7fe908	455	copy($conf["postfix"]["config_dir"].'/main.cf', $conf["postfix"]["config_dir"].'/main.cf~3');
MC	456
fdb514	457	// Executing the postconf commands
T	458	foreach($postconf_commands as $cmd) {
	459	$command = "postconf -e '$cmd'";
	460	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	461	}
7fe908	462
31e0d1	463	//* backup dovecot.conf
fdb514	464	$configfile = 'dovecot.conf';
T	465	if(is_file("$config_dir/$configfile")){
7fe908	466	copy("$config_dir/$configfile", "$config_dir/$configfile~");
MC	467	}
	468
31e0d1	469	//* Get the dovecot version
7fe908	470	exec('dovecot --version', $tmp);
MC	471	$parts = explode('.', trim($tmp[0]));
31e0d1	472	$dovecot_version = $parts[0];
T	473	unset($tmp);
	474	unset($parts);
7fe908	475
31e0d1	476	//* Copy dovecot configuration file
T	477	if($dovecot_version == 2) {
7fe908	478	if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_dovecot2.conf.master')) {
MC	479	copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_dovecot2.conf.master', $config_dir.'/'.$configfile);
	480	} else {
	481	copy('tpl/opensuse_dovecot2.conf.master', $config_dir.'/'.$configfile);
	482	}
31e0d1	483	} else {
7fe908	484	if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_dovecot.conf.master')) {
MC	485	copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_dovecot.conf.master', $config_dir.'/'.$configfile);
	486	} else {
	487	copy('tpl/opensuse_dovecot.conf.master', $config_dir.'/'.$configfile);
	488	}
31e0d1	489	}
7fe908	490
fdb514	491	//* dovecot-sql.conf
T	492	$configfile = 'dovecot-sql.conf';
	493	if(is_file("$config_dir/$configfile")){
7fe908	494	copy("$config_dir/$configfile", "$config_dir/$configfile~");
b67344	495	exec("chmod 400 $config_dir/$configfile~");
7fe908	496	}
MC	497
615a0a	498	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_dovecot-sql.conf.master', "tpl/opensuse_dovecot-sql.conf.master");
7fe908	499	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC	500	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	501	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	502	$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
032b86	503	$content = str_replace('{server_id}', $conf['server_id'], $content);
fdb514	504	wf("$config_dir/$configfile", $content);
7fe908	505
fdb514	506	exec("chmod 600 $config_dir/$configfile");
T	507	exec("chown root:root $config_dir/$configfile");
5e7306	508
TB	509	// Dovecot shall ignore mounts in website directory
f9d95c	510	if(is_installed('doveadm')) exec("doveadm mount add '/srv/www/*' ignore > /dev/null 2> /dev/null");
fdb514	511
T	512	}
7fe908	513
32d8e9	514	public function configure_amavis() {
T	515	global $conf;
7fe908	516
32d8e9	517	// amavisd user config file
T	518	$configfile = 'opensuse_amavisd_conf';
7fe908	519	if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf')) @copy($conf["amavis"]["config_dir"].'/amavisd.conf', $conf["amavis"]["config_dir"].'/amavisd.conf~');
32d8e9	520	if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf~')) exec('chmod 400 '.$conf["amavis"]["config_dir"].'/amavisd.conf~');
615a0a	521	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/".$configfile.".master");
7fe908	522	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC	523	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	524	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	525	$content = str_replace('{mysql_server_port}', $conf["mysql"]["port"], $content);
	526	$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
	527	wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content);
553854	528	chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
7fe908	529
MC	530
32d8e9	531	// Adding the amavisd commands to the postfix configuration
T	532	$postconf_commands = array (
	533	'content_filter = amavis:[127.0.0.1]:10024',
	534	'receive_override_options = no_address_mappings'
	535	);
7fe908	536
32d8e9	537	// Make a backup copy of the main.cf file
7fe908	538	copy($conf["postfix"]["config_dir"].'/main.cf', $conf["postfix"]["config_dir"].'/main.cf~2');
MC	539
32d8e9	540	// Executing the postconf commands
T	541	foreach($postconf_commands as $cmd) {
	542	$command = "postconf -e '$cmd'";
	543	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	544	}
7fe908	545
32d8e9	546	// Append the configuration for amavisd to the master.cf file
7fe908	547	if(is_file($conf["postfix"]["config_dir"].'/master.cf')) copy($conf["postfix"]["config_dir"].'/master.cf', $conf["postfix"]["config_dir"].'/master.cf~');
32d8e9	548	$content = rf($conf["postfix"]["config_dir"].'/master.cf');
T	549	// Only add the content if we had not addded it before
7fe908	550	if(!stristr($content, "127.0.0.1:10025")) {
32d8e9	551	unset($content);
615a0a	552	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis.master', "tpl/master_cf_amavis.master");
7fe908	553	af($conf["postfix"]["config_dir"].'/master.cf', $content);
32d8e9	554	}
T	555	unset($content);
7fe908	556
32d8e9	557	// Add the clamav user to the vscan group
5edf40	558	//exec('groupmod --add-user clamav vscan');
TB	559	$command = 'usermod -a -G clamav vscan';
	560	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	561
MC	562
32d8e9	563	}
7fe908	564
32d8e9	565	public function configure_spamassassin()
7fe908	566	{
32d8e9	567	global $conf;
7fe908	568
32d8e9	569	//* Enable spamasasssin on debian and ubuntu
T	570	/*
	571	$configfile = '/etc/default/spamassassin';
	572	if(is_file($configfile)){
	573	copy($configfile, $configfile.'~');
	574	}
	575	$content = rf($configfile);
	576	$content = str_replace('ENABLED=0', 'ENABLED=1', $content);
	577	wf($configfile, $content);
	578	*/
	579	}
7fe908	580
32d8e9	581	public function configure_getmail()
7fe908	582	{
32d8e9	583	global $conf;
7fe908	584
32d8e9	585	$config_dir = $conf['getmail']['config_dir'];
7fe908	586
32d8e9	587	if(!is_dir($config_dir)) exec("mkdir -p ".escapeshellcmd($config_dir));
T	588
	589	$command = "useradd -d $config_dir getmail";
	590	if(!is_user('getmail')) caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	591
32d8e9	592	$command = "chown -R getmail $config_dir";
T	593	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	594
32d8e9	595	$command = "chmod -R 700 $config_dir";
T	596	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	597	}
7fe908	598
MC	599
32d8e9	600	public function configure_pureftpd()
7fe908	601	{
32d8e9	602	global $conf;
7fe908	603
32d8e9	604	$config_dir = $conf['pureftpd']['config_dir'];
T	605
	606	//* configure pam for SMTP authentication agains the ispconfig database
	607	$configfile = 'db/mysql.conf';
	608	if(is_file("$config_dir/$configfile")){
7fe908	609	copy("$config_dir/$configfile", "$config_dir/$configfile~");
MC	610	}
32d8e9	611	if(is_file("$config_dir/$configfile~")){
7fe908	612	exec("chmod 400 $config_dir/$configfile~");
MC	613	}
615a0a	614	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/pureftpd_mysql.conf.master', 'tpl/pureftpd_mysql.conf.master');
32d8e9	615	$content = str_replace('{mysql_server_ispconfig_user}', $conf["mysql"]["ispconfig_user"], $content);
T	616	$content = str_replace('{mysql_server_ispconfig_password}', $conf["mysql"]["ispconfig_password"], $content);
	617	$content = str_replace('{mysql_server_database}', $conf["mysql"]["database"], $content);
	618	$content = str_replace('{mysql_server_ip}', $conf["mysql"]["ip"], $content);
	619	$content = str_replace('{server_id}', $conf["server_id"], $content);
	620	wf("$config_dir/$configfile", $content);
	621	exec("chmod 600 $config_dir/$configfile");
	622	exec("chown root:root $config_dir/$configfile");
7fe908	623
32d8e9	624	// copy our customized copy of pureftpd.conf to the pure-ftpd config directory
615a0a	625	if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_pureftpd_conf.master')) {
7fe908	626	exec("cp " . $conf['ispconfig_install_dir']."/server/conf-custom/install/opensuse_pureftpd_conf.master $config_dir/pure-ftpd.conf");
MC	627	} else {
	628	exec("cp tpl/opensuse_pureftpd_conf.master $config_dir/pure-ftpd.conf");
	629	}
	630
32d8e9	631	}
7fe908	632
32d8e9	633	public function configure_mydns()
7fe908	634	{
32d8e9	635	global $conf;
7fe908	636
32d8e9	637	// configure pam for SMTP authentication agains the ispconfig database
T	638	$configfile = 'mydns.conf';
7fe908	639	if(is_file($conf["mydns"]["config_dir"].'/'.$configfile)) copy($conf["mydns"]["config_dir"].'/'.$configfile, $conf["mydns"]["config_dir"].'/'.$configfile.'~');
32d8e9	640	if(is_file($conf["mydns"]["config_dir"].'/'.$configfile.'~')) exec('chmod 400 '.$conf["mydns"]["config_dir"].'/'.$configfile.'~');
615a0a	641	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/".$configfile.".master");
7fe908	642	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC	643	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	644	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	645	$content = str_replace('{mysql_server_host}', $conf["mysql"]["host"], $content);
	646	$content = str_replace('{server_id}', $conf["server_id"], $content);
	647	wf($conf["mydns"]["config_dir"].'/'.$configfile, $content);
32d8e9	648	exec('chmod 600 '.$conf["mydns"]["config_dir"].'/'.$configfile);
T	649	exec('chown root:root '.$conf["mydns"]["config_dir"].'/'.$configfile);
7fe908	650
32d8e9	651	}
7fe908	652
32d8e9	653	public function configure_apache()
7fe908	654	{
32d8e9	655	global $conf;
7fe908	656
1bd269	657	if($conf['apache']['installed'] == false) return;
32d8e9	658	//* Create the logging directory for the vhost logfiles
T	659	exec('mkdir -p /var/log/ispconfig/httpd');
6c9bc3	660
TB	661	//* enable apache logio module
	662	exec('a2enmod logio');
7fe908	663
32d8e9	664	//if(is_file('/etc/suphp.conf')) {
7fe908	665	replaceLine('/etc/suphp.conf', 'php=php', 'x-httpd-suphp="php:/srv/www/cgi-bin/php5"', 0, 0);
MC	666	replaceLine('/etc/suphp.conf', 'php="php', 'x-httpd-suphp="php:/srv/www/cgi-bin/php5"', 0, 0);
	667	replaceLine('/etc/suphp.conf', 'docroot=', 'docroot=/srv/www', 0, 0);
	668	replaceLine('/etc/suphp.conf', 'umask=0077', 'umask=0022', 0);
32d8e9	669	//}
7fe908	670
26c0fc	671	if(!file_exists('/srv/www/cgi-bin/php5') && file_exists('/srv/www/cgi-bin/php')) {
7fe908	672	symlink('/srv/www/cgi-bin/php', '/srv/www/cgi-bin/php5');
26c0fc	673	}
7fe908	674
dbe5b0	675	// Sites enabled and available dirs
32d8e9	676	exec('mkdir -p '.$conf['apache']['vhost_conf_enabled_dir']);
T	677	exec('mkdir -p '.$conf['apache']['vhost_conf_dir']);
7fe908	678
32d8e9	679	$content = rf('/etc/apache2/httpd.conf');
7fe908	680	if(!stristr($content, 'Include /etc/apache2/sites-enabled/')) {
5545f1	681	af('/etc/apache2/httpd.conf', "\n<Directory /srv/www>\n Options +FollowSymlinks\n</Directory>\n\nInclude /etc/apache2/sites-enabled/\n\n");
32d8e9	682	}
T	683	unset($content);
7fe908	684
32d8e9	685	//* Copy the ISPConfig configuration include
7fe908	686	$vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
MC	687	$vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
	688
ccbf14	689	$tpl = new tpl('apache_ispconfig.conf.master');
TB	690	$tpl->setVar('apache_version',getapacheversion());
	691
a2156e	692	$records = $this->db->queryAllRecords('SELECT * FROM '.$conf['mysql']['master_database'].'.server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'");
ccbf14	693	$ip_addresses = array();
TB	694
fb3a98	695	if(is_array($records) && count($records) > 0) {
32d8e9	696	foreach($records as $rec) {
a2156e	697	if($rec['ip_type'] == 'IPv6') {
T	698	$ip_address = '['.$rec['ip_address'].']';
	699	} else {
	700	$ip_address = $rec['ip_address'];
	701	}
7fe908	702	$ports = explode(',', $rec['virtualhost_port']);
a2156e	703	if(is_array($ports)) {
T	704	foreach($ports as $port) {
	705	$port = intval($port);
	706	if($port > 0 && $port < 65536 && $ip_address != '') {
ccbf14	707	$ip_addresses[] = array('ip_address' => $ip_address, 'port' => $port);
a2156e	708	}
T	709	}
	710	}
32d8e9	711	}
T	712	}
855547	713
3de838	714	if(count($ip_addresses) > 0) $tpl->setLoop('ip_adresses',$ip_addresses);
855547	715
ccbf14	716	wf($vhost_conf_dir.'/ispconfig.conf', $tpl->grab());
TB	717	unset($tpl);
7fe908	718
32d8e9	719	if(!@is_link($vhost_conf_enabled_dir."/000-ispconfig.conf")) {
T	720	exec("ln -s ".$vhost_conf_dir."/ispconfig.conf ".$vhost_conf_enabled_dir."/000-ispconfig.conf");
	721	}
7fe908	722
99d5dc	723	//* make sure that webalizer finds its config file when it is directly in /etc
T	724	if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
	725	exec('mkdir /etc/webalizer');
	726	exec('ln -s /etc/webalizer.conf /etc/webalizer/webalizer.conf');
	727	}
7fe908	728
99d5dc	729	if(is_file('/etc/webalizer/webalizer.conf')) {
T	730	// Change webalizer mode to incremental
7fe908	731	replaceLine('/etc/webalizer/webalizer.conf', '#IncrementalName', 'IncrementalName webalizer.current', 0, 0);
MC	732	replaceLine('/etc/webalizer/webalizer.conf', '#Incremental', 'Incremental yes', 0, 0);
	733	replaceLine('/etc/webalizer/webalizer.conf', '#HistoryName', 'HistoryName webalizer.hist', 0, 0);
99d5dc	734	}
7fe908	735
6b029a	736	//* add a sshusers group
T	737	$command = 'groupadd sshusers';
	738	if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	739
526b99	740	// create PHP-FPM pool dir
T	741	exec('mkdir -p '.$conf['nginx']['php_fpm_pool_dir']);
7fe908	742
526b99	743	$content = rf('/etc/php5/fpm/php-fpm.conf');
T	744	if(stripos($content, 'include=/etc/php5/fpm/pool.d/*.conf') === false){
7fe908	745	af('/etc/php5/fpm/php-fpm.conf', "\ninclude=/etc/php5/fpm/pool.d/*.conf");
526b99	746	}
T	747	unset($content);
	748	if(!@is_file($conf['nginx']['php_fpm_ini_path'])){
	749	if(@is_file('/etc/php5/cli/php.ini')){
	750	exec('cp -f /etc/php5/cli/php.ini '.$conf['nginx']['php_fpm_ini_path']);
	751	} elseif(@is_file('/etc/php5/fastcgi/php.ini')){
	752	exec('cp -f /etc/php5/fastcgi/php.ini '.$conf['nginx']['php_fpm_ini_path']);
	753	} elseif(@is_file('/etc/php5/apache2/php.ini')){
	754	exec('cp -f /etc/php5/apache2/php.ini '.$conf['nginx']['php_fpm_ini_path']);
	755	}
	756	}
7fe908	757
32d8e9	758	}
7fe908	759
2d86e1	760	public function configure_nginx(){
F	761	global $conf;
7fe908	762
2d86e1	763	if($conf['nginx']['installed'] == false) return;
F	764	//* Create the logging directory for the vhost logfiles
	765	if(!@is_dir($conf['ispconfig_log_dir'].'/httpd')) mkdir($conf['ispconfig_log_dir'].'/httpd', 0755, true);
7fe908	766
dbe5b0	767	// Sites enabled and available dirs
2d86e1	768	exec('mkdir -p '.$conf['nginx']['vhost_conf_enabled_dir']);
F	769	exec('mkdir -p '.$conf['nginx']['vhost_conf_dir']);
7fe908	770
dbe5b0	771	$content = rf('/etc/nginx/nginx.conf');
F	772	if(stripos($content, 'include /etc/nginx/sites-enabled/*.vhost;') === false){
	773	$content = trim($content);
7fe908	774	$content = substr($content, 0, -1)."\n include /etc/nginx/sites-enabled/*.vhost;\n}";
MC	775	wf('/etc/nginx/nginx.conf', $content);
dbe5b0	776	}
2d86e1	777	unset($content);
7fe908	778
2d86e1	779	// create PHP-FPM pool dir
F	780	exec('mkdir -p '.$conf['nginx']['php_fpm_pool_dir']);
7fe908	781
2d86e1	782	$content = rf('/etc/php5/fpm/php-fpm.conf');
F	783	if(stripos($content, 'include=/etc/php5/fpm/pool.d/*.conf') === false){
7fe908	784	af('/etc/php5/fpm/php-fpm.conf', "\ninclude=/etc/php5/fpm/pool.d/*.conf");
2d86e1	785	}
F	786	unset($content);
59feb7	787	if(!@is_file($conf['nginx']['php_fpm_ini_path'])){
F	788	if(@is_file('/etc/php5/cli/php.ini')){
	789	exec('cp -f /etc/php5/cli/php.ini '.$conf['nginx']['php_fpm_ini_path']);
	790	} elseif(@is_file('/etc/php5/fastcgi/php.ini')){
	791	exec('cp -f /etc/php5/fastcgi/php.ini '.$conf['nginx']['php_fpm_ini_path']);
	792	} elseif(@is_file('/etc/php5/apache2/php.ini')){
	793	exec('cp -f /etc/php5/apache2/php.ini '.$conf['nginx']['php_fpm_ini_path']);
	794	}
	795	}
2d86e1	796
F	797	//* make sure that webalizer finds its config file when it is directly in /etc
	798	if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
	799	mkdir('/etc/webalizer');
7fe908	800	symlink('/etc/webalizer.conf', '/etc/webalizer/webalizer.conf');
2d86e1	801	}
F	802
	803	if(is_file('/etc/webalizer/webalizer.conf')) {
	804	// Change webalizer mode to incremental
7fe908	805	replaceLine('/etc/webalizer/webalizer.conf', '#IncrementalName', 'IncrementalName webalizer.current', 0, 0);
MC	806	replaceLine('/etc/webalizer/webalizer.conf', '#Incremental', 'Incremental yes', 0, 0);
	807	replaceLine('/etc/webalizer/webalizer.conf', '#HistoryName', 'HistoryName webalizer.hist', 0, 0);
2d86e1	808	}
7fe908	809
2d86e1	810	// Check the awsatst script
F	811	if(!is_dir('/usr/share/awstats/tools')) exec('mkdir -p /usr/share/awstats/tools');
7fe908	812	if(!file_exists('/usr/share/awstats/tools/awstats_buildstaticpages.pl') && file_exists('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl')) symlink('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl', '/usr/share/awstats/tools/awstats_buildstaticpages.pl');
MC	813	if(file_exists('/etc/awstats/awstats.conf.local')) replaceLine('/etc/awstats/awstats.conf.local', 'LogFormat=4', 'LogFormat=1', 0, 1);
	814
2d86e1	815	//* add a sshusers group
F	816	$command = 'groupadd sshusers';
	817	if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	818	}
7fe908	819
32d8e9	820	public function configure_firewall()
T	821	{
	822	global $conf;
7fe908	823
32d8e9	824	$dist_init_scripts = $conf['init_scripts'];
7fe908	825
32d8e9	826	if(is_dir("/etc/Bastille.backup")) caselog("rm -rf /etc/Bastille.backup", __FILE__, __LINE__);
T	827	if(is_dir("/etc/Bastille")) caselog("mv -f /etc/Bastille /etc/Bastille.backup", __FILE__, __LINE__);
7fe908	828	@mkdir("/etc/Bastille", octdec($directory_mode));
MC	829	if(is_dir("/etc/Bastille.backup/firewall.d")) caselog("cp -pfr /etc/Bastille.backup/firewall.d /etc/Bastille/", __FILE__, __LINE__);
	830	if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/bastille-firewall.cfg.master')) {
	831	caselog("cp -f " . $conf['ispconfig_install_dir']."/server/conf-custom/install/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
	832	} else {
	833	caselog("cp -f tpl/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
	834	}
	835	caselog("chmod 644 /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
	836	$content = rf("/etc/Bastille/bastille-firewall.cfg");
	837	$content = str_replace("{DNS_SERVERS}", "", $content);
32d8e9	838
7fe908	839	$tcp_public_services = '';
MC	840	$udp_public_services = '';
	841
fb3a98	842	$row = $this->db->queryOneRecord('SELECT * FROM '.$conf["mysql"]["database"].'.firewall WHERE server_id = '.intval($conf['server_id']));
7fe908	843
MC	844	if(trim($row["tcp_port"]) != '' \|\| trim($row["udp_port"]) != ''){
	845	$tcp_public_services = trim(str_replace(',', ' ', $row["tcp_port"]));
	846	$udp_public_services = trim(str_replace(',', ' ', $row["udp_port"]));
	847	} else {
	848	$tcp_public_services = '21 22 25 53 80 110 443 3306 8080 10000';
	849	$udp_public_services = '53';
	850	}
	851
32d8e9	852	if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) {
T	853	$tcp_public_services .= ' '.intval($conf['apache']['vhost_port']);
	854	if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ',".intval($conf['apache']['vhost_port'])."' WHERE server_id = ".intval($conf['server_id']));
	855	}
	856
7fe908	857	$content = str_replace("{TCP_PUBLIC_SERVICES}", $tcp_public_services, $content);
MC	858	$content = str_replace("{UDP_PUBLIC_SERVICES}", $udp_public_services, $content);
32d8e9	859
7fe908	860	wf("/etc/Bastille/bastille-firewall.cfg", $content);
32d8e9	861
7fe908	862	if(is_file($dist_init_scripts."/bastille-firewall")) caselog("mv -f $dist_init_scripts/bastille-firewall $dist_init_scripts/bastille-firewall.backup", __FILE__, __LINE__);
MC	863	caselog("cp -f apps/bastille-firewall $dist_init_scripts", __FILE__, __LINE__);
	864	caselog("chmod 700 $dist_init_scripts/bastille-firewall", __FILE__, __LINE__);
32d8e9	865
7fe908	866	if(is_file("/sbin/bastille-ipchains")) caselog("mv -f /sbin/bastille-ipchains /sbin/bastille-ipchains.backup", __FILE__, __LINE__);
MC	867	caselog("cp -f apps/bastille-ipchains /sbin", __FILE__, __LINE__);
	868	caselog("chmod 700 /sbin/bastille-ipchains", __FILE__, __LINE__);
	869
	870	if(is_file("/sbin/bastille-netfilter")) caselog("mv -f /sbin/bastille-netfilter /sbin/bastille-netfilter.backup", __FILE__, __LINE__);
	871	caselog("cp -f apps/bastille-netfilter /sbin", __FILE__, __LINE__);
	872	caselog("chmod 700 /sbin/bastille-netfilter", __FILE__, __LINE__);
	873
32d8e9	874	if(!@is_dir('/var/lock/subsys')) caselog("mkdir /var/lock/subsys", __FILE__, __LINE__);
T	875
7fe908	876	exec("which ipchains &> /dev/null", $ipchains_location, $ret_val);
MC	877	if(!is_file("/sbin/ipchains") && !is_link("/sbin/ipchains") && $ret_val == 0) phpcaselog(@symlink(shell_exec("which ipchains"), "/sbin/ipchains"), 'create symlink', __FILE__, __LINE__);
	878	unset($ipchains_location);
	879	exec("which iptables &> /dev/null", $iptables_location, $ret_val);
	880	if(!is_file("/sbin/iptables") && !is_link("/sbin/iptables") && $ret_val == 0) phpcaselog(@symlink(trim(shell_exec("which iptables")), "/sbin/iptables"), 'create symlink', __FILE__, __LINE__);
	881	unset($iptables_location);
32d8e9	882
T	883	}
4ae2a0	884
32d8e9	885	public function install_ispconfig()
7fe908	886	{
32d8e9	887	global $conf;
7fe908	888
32d8e9	889	$install_dir = $conf['ispconfig_install_dir'];
T	890
	891	//* Create the ISPConfig installation directory
	892	if(!@is_dir("$install_dir")) {
	893	$command = "mkdir $install_dir";
	894	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	895	}
7fe908	896
32d8e9	897	//* Create a ISPConfig user and group
T	898	$command = 'groupadd ispconfig';
	899	if(!is_group('ispconfig')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	900
32d8e9	901	$command = "useradd -g ispconfig -d $install_dir ispconfig";
T	902	if(!is_user('ispconfig')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	903
32d8e9	904	//* copy the ISPConfig interface part
T	905	$command = "cp -rf ../interface $install_dir";
	906	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	907
32d8e9	908	//* copy the ISPConfig server part
T	909	$command = "cp -rf ../server $install_dir";
	910	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
a13af2	911
fb6c56	912	//* Make a backup of the security settings
TB	913	if(is_file('/usr/local/ispconfig/security/security_settings.ini')) copy('/usr/local/ispconfig/security/security_settings.ini','/usr/local/ispconfig/security/security_settings.ini~');
	914
a13af2	915	//* copy the ISPConfig security part
TB	916	$command = 'cp -rf ../security '.$install_dir;
	917	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
fb6c56	918
TB	919	//* Apply changed security_settings.ini values to new security_settings.ini file
	920	if(is_file('/usr/local/ispconfig/security/security_settings.ini~')) {
	921	$security_settings_old = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini~'));
	922	$security_settings_new = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini'));
	923	if(is_array($security_settings_new) && is_array($security_settings_old)) {
	924	foreach($security_settings_new as $section => $sval) {
	925	if(is_array($sval)) {
	926	foreach($sval as $key => $val) {
	927	if(isset($security_settings_old[$section]) && isset($security_settings_old[$section][$key])) {
	928	$security_settings_new[$section][$key] = $security_settings_old[$section][$key];
	929	}
	930	}
	931	}
	932	}
	933	file_put_contents('/usr/local/ispconfig/security/security_settings.ini',array_to_ini($security_settings_new));
	934	}
	935	}
7fe908	936
32d8e9	937	//* Create a symlink, so ISPConfig is accessible via web
T	938	// Replaced by a separate vhost definition for port 8080
	939	// $command = "ln -s $install_dir/interface/web/ /var/www/ispconfig";
	940	// caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	941
32d8e9	942	//* Create the config file for ISPConfig interface
T	943	$configfile = 'config.inc.php';
	944	if(is_file($install_dir.'/interface/lib/'.$configfile)){
7fe908	945	copy("$install_dir/interface/lib/$configfile", "$install_dir/interface/lib/$configfile~");
MC	946	}
615a0a	947	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
32d8e9	948	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
T	949	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	950	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	951	$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
7fe908	952
32d8e9	953	$content = str_replace('{mysql_master_server_ispconfig_user}', $conf['mysql']['master_ispconfig_user'], $content);
T	954	$content = str_replace('{mysql_master_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content);
	955	$content = str_replace('{mysql_master_server_database}', $conf['mysql']['master_database'], $content);
	956	$content = str_replace('{mysql_master_server_host}', $conf['mysql']['master_host'], $content);
7fe908	957
32d8e9	958	$content = str_replace('{server_id}', $conf['server_id'], $content);
T	959	$content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
5898e6	960	$content = str_replace('{language}', $conf['language'], $content);
8cf78b	961	$content = str_replace('{timezone}', $conf['timezone'], $content);
41eaa8	962	$content = str_replace('{theme}', $conf['theme'], $content);
992797	963	$content = str_replace('{language_file_import_enabled}', ($conf['language_file_import_enabled'] == true)?'true':'false', $content);
7fe908	964
MC	965	wf("$install_dir/interface/lib/$configfile", $content);
	966
	967	//* Create the config file for ISPConfig server
	968	$configfile = 'config.inc.php';
	969	if(is_file($install_dir.'/server/lib/'.$configfile)){
	970	copy("$install_dir/server/lib/$configfile", "$install_dir/interface/lib/$configfile~");
	971	}
	972	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
	973	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
	974	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	975	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	976	$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
	977
	978	$content = str_replace('{mysql_master_server_ispconfig_user}', $conf['mysql']['master_ispconfig_user'], $content);
	979	$content = str_replace('{mysql_master_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content);
	980	$content = str_replace('{mysql_master_server_database}', $conf['mysql']['master_database'], $content);
	981	$content = str_replace('{mysql_master_server_host}', $conf['mysql']['master_host'], $content);
	982
	983	$content = str_replace('{server_id}', $conf['server_id'], $content);
	984	$content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
	985	$content = str_replace('{language}', $conf['language'], $content);
	986	$content = str_replace('{timezone}', $conf['timezone'], $content);
	987	$content = str_replace('{theme}', $conf['theme'], $content);
	988	$content = str_replace('{language_file_import_enabled}', ($conf['language_file_import_enabled'] == true)?'true':'false', $content);
	989
32d8e9	990	wf("$install_dir/server/lib/$configfile", $content);
7fe908	991
fb3a98	992	//* Create the config file for remote-actions (but only, if it does not exist, because
T	993	// the value is a autoinc-value and so changed by the remoteaction_core_module
	994	if (!file_exists($install_dir.'/server/lib/remote_action.inc.php')) {
	995	$content = '<?php' . "\n" . '$maxid_remote_action = 0;' . "\n" . '?>';
	996	wf($install_dir.'/server/lib/remote_action.inc.php', $content);
	997	}
7fe908	998
32d8e9	999	//* Enable the server modules and plugins.
T	1000	// TODO: Implement a selector which modules and plugins shall be enabled.
	1001	$dir = $install_dir.'/server/mods-available/';
	1002	if (is_dir($dir)) {
	1003	if ($dh = opendir($dir)) {
	1004	while (($file = readdir($dh)) !== false) {
7fe908	1005	if($file != '.' && $file != '..' && substr($file, -8, 8) == '.inc.php') {
MC	1006	include_once $install_dir.'/server/mods-available/'.$file;
	1007	$module_name = substr($file, 0, -8);
32d8e9	1008	$tmp = new $module_name;
T	1009	if($tmp->onInstall()) {
	1010	if(!@is_link($install_dir.'/server/mods-enabled/'.$file)) @symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-enabled/'.$file);
	1011	if (strpos($file, '_core_module') !== false) {
	1012	if(!@is_link($install_dir.'/server/mods-core/'.$file)) @symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-core/'.$file);
	1013	}
	1014	}
	1015	unset($tmp);
	1016	}
	1017	}
	1018	closedir($dh);
	1019	}
	1020	}
7fe908	1021
32d8e9	1022	$dir = $install_dir.'/server/plugins-available/';
T	1023	if (is_dir($dir)) {
	1024	if ($dh = opendir($dir)) {
	1025	while (($file = readdir($dh)) !== false) {
1bd269	1026	if($conf['apache']['installed'] == true && $file == 'nginx_plugin.inc.php') continue;
F	1027	if($conf['nginx']['installed'] == true && $file == 'apache2_plugin.inc.php') continue;
7fe908	1028	if($file != '.' && $file != '..' && substr($file, -8, 8) == '.inc.php') {
MC	1029	include_once $install_dir.'/server/plugins-available/'.$file;
	1030	$plugin_name = substr($file, 0, -8);
32d8e9	1031	$tmp = new $plugin_name;
T	1032	if($tmp->onInstall()) {
	1033	if(!@is_link($install_dir.'/server/plugins-enabled/'.$file)) @symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-enabled/'.$file);
	1034	if (strpos($file, '_core_plugin') !== false) {
	1035	if(!@is_link($install_dir.'/server/plugins-core/'.$file)) @symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-core/'.$file);
	1036	}
	1037	}
	1038	unset($tmp);
	1039	}
	1040	}
	1041	closedir($dh);
	1042	}
	1043	}
7fe908	1044
32d8e9	1045	// Update the server config
T	1046	$mail_server_enabled = ($conf['services']['mail'])?1:0;
	1047	$web_server_enabled = ($conf['services']['web'])?1:0;
	1048	$dns_server_enabled = ($conf['services']['dns'])?1:0;
	1049	$file_server_enabled = ($conf['services']['file'])?1:0;
	1050	$db_server_enabled = ($conf['services']['db'])?1:0;
	1051	$vserver_server_enabled = ($conf['services']['vserver'])?1:0;
	1052	$sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled' WHERE server_id = ".intval($conf['server_id']);
7fe908	1053
32d8e9	1054	if($conf['mysql']['master_slave_setup'] == 'y') {
T	1055	$this->dbmaster->query($sql);
	1056	$this->db->query($sql);
	1057	} else {
	1058	$this->db->query($sql);
	1059	}
7fe908	1060
3e0fc8	1061	// chown install dir to root and chmod 755
TB	1062	$command = 'chown root:root '.$install_dir;
	1063	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1064	$command = 'chmod 755 '.$install_dir;
32d8e9	1065	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
T	1066
fa029b	1067	//* Chmod the files and directories in the install dir
3e0fc8	1068	$command = 'chmod -R 750 '.$install_dir.'/*';
TB	1069	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1070
	1071	//* chown the interface files to the ispconfig user and group
	1072	$command = 'chown -R ispconfig:ispconfig '.$install_dir.'/interface';
	1073	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1074
	1075	//* chown the server files to the root user and group
	1076	$command = 'chown -R root:root '.$install_dir.'/server';
32d8e9	1077	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
fa029b	1078
TB	1079	//* chown the security files to the root user and group
	1080	$command = 'chown -R root:root '.$install_dir.'/security';
	1081	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1082
	1083	//* chown the security directory and security_settings.ini to root:ispconfig
	1084	$command = 'chown root:ispconfig '.$install_dir.'/security/security_settings.ini';
	1085	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1086	$command = 'chown root:ispconfig '.$install_dir.'/security';
	1087	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
cb1221	1088	$command = 'chown root:ispconfig '.$install_dir.'/security/ids.whitelist';
TB	1089	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1090	$command = 'chown root:ispconfig '.$install_dir.'/security/ids.htmlfield';
	1091	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1092	$command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
	1093	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	1094
32d8e9	1095	//* Make the global language file directory group writable
T	1096	exec("chmod -R 770 $install_dir/interface/lib/lang");
7fe908	1097
32d8e9	1098	//* Make the temp directory for language file exports writable
T	1099	exec("chmod -R 770 $install_dir/interface/web/temp");
7fe908	1100
32d8e9	1101	//* Make all interface language file directories group writable
T	1102	$handle = @opendir($install_dir.'/interface/web');
7fe908	1103	while ($file = @readdir($handle)) {
MC	1104	if ($file != '.' && $file != '..') {
	1105	if(@is_dir($install_dir.'/interface/web'.'/'.$file.'/lib/lang')) {
32d8e9	1106	$handle2 = opendir($install_dir.'/interface/web'.'/'.$file.'/lib/lang');
7fe908	1107	chmod($install_dir.'/interface/web'.'/'.$file.'/lib/lang', 0770);
MC	1108	while ($lang_file = @readdir($handle2)) {
32d8e9	1109	if ($lang_file != '.' && $lang_file != '..') {
7fe908	1110	chmod($install_dir.'/interface/web'.'/'.$file.'/lib/lang/'.$lang_file, 0770);
32d8e9	1111	}
T	1112	}
	1113	}
	1114	}
	1115	}
7fe908	1116
477d4e	1117	//* Make the APS directories group writable
T	1118	exec("chmod -R 770 $install_dir/interface/web/sites/aps_meta_packages");
	1119	exec("chmod -R 770 $install_dir/server/aps_packages");
7fe908	1120
32d8e9	1121	//* make sure that the server config file (not the interface one) is only readable by the root user
bfcdef	1122	chmod($install_dir.'/server/lib/config.inc.php', 0600);
T	1123	chown($install_dir.'/server/lib/config.inc.php', 'root');
	1124	chgrp($install_dir.'/server/lib/config.inc.php', 'root');
7fe908	1125
bfcdef	1126	//* Make sure thet the interface config file is readable by user ispconfig only
T	1127	chmod($install_dir.'/interface/lib/config.inc.php', 0600);
	1128	chown($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
	1129	chgrp($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
7fe908	1130
32d8e9	1131	if(@is_file("$install_dir/server/lib/mysql_clientdb.conf")) {
T	1132	exec("chmod 600 $install_dir/server/lib/mysql_clientdb.conf");
	1133	exec("chown root:root $install_dir/server/lib/mysql_clientdb.conf");
	1134	}
980485	1135
TB	1136	if(is_dir($install_dir.'/interface/invoices')) {
	1137	exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
	1138	exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
	1139	}
	1140
	1141	exec('chown -R root:root /usr/local/ispconfig/interface/ssl');
7fe908	1142
32d8e9	1143	// TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing
T	1144	// and must be fixed as this will allow the apache user to read the ispconfig files.
	1145	// Later this must run as own apache server or via suexec!
63b369	1146	if($conf['apache']['installed'] == true){
5edf40	1147	//$command = 'groupmod --add-user '.$conf['apache']['user'].' ispconfig';
TB	1148	$command = 'usermod -a -G ispconfig '.$conf['apache']['user'];
63b369	1149	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
272aec	1150	if(is_group('ispapps')){
5edf40	1151	//$command = 'groupmod --add-user '.$conf['apache']['user'].' ispapps';
TB	1152	$command = 'usermod -a -G ispapps '.$conf['apache']['user'];
272aec	1153	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
F	1154	}
63b369	1155	}
F	1156	if($conf['nginx']['installed'] == true){
5edf40	1157	//$command = 'groupmod --add-user '.$conf['nginx']['user'].' ispconfig';
TB	1158	$command = 'usermod -a -G ispconfig '.$conf['nginx']['user'];
63b369	1159	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
272aec	1160	if(is_group('ispapps')){
5edf40	1161	//$command = 'groupmod --add-user '.$conf['nginx']['user'].' ispapps';
TB	1162	$command = 'usermod -a -G ispapps '.$conf['nginx']['user'];
272aec	1163	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
F	1164	}
5c93f0	1165	// add nobody user to www group, as the default php-fpm pool from opensuse runs as nobody
TB	1166	$command = 'usermod -a -G www nobody';
	1167	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
63b369	1168	}
7fe908	1169
32d8e9	1170	//* Make the shell scripts executable
T	1171	$command = "chmod +x $install_dir/server/scripts/*.sh";
	1172	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	1173
MC	1174
7e1cfb	1175	if($conf['apache']['installed'] == true && $this->install_ispconfig_interface == true){
1bd269	1176	//* Copy the ISPConfig vhost for the controlpanel
F	1177	// TODO: These are missing! should they be "vhost_dist_*_dir" ?
	1178	$vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
	1179	$vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
7fe908	1180
MC	1181
1bd269	1182	// Dont just copy over the virtualhost template but add some custom settings
ccbf14	1183	$tpl = new tpl('apache_ispconfig.vhost.master');
TB	1184	$tpl->setVar('vhost_port',$conf['apache']['vhost_port']);
7fe908	1185
1bd269	1186	// comment out the listen directive if port is 80 or 443
F	1187	if($conf['apache']['vhost_port'] == 80 or $conf['apache']['vhost_port'] == 443) {
ccbf14	1188	$tpl->setVar('vhost_port_listen','#');
1bd269	1189	} else {
ccbf14	1190	$tpl->setVar('vhost_port_listen','');
1bd269	1191	}
7fe908	1192
ccbf14	1193	if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
TB	1194	$tpl->setVar('ssl_comment','');
1bd269	1195	} else {
ccbf14	1196	$tpl->setVar('ssl_comment','#');
1bd269	1197	}
10b4c8	1198	if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key') && is_file($install_dir.'/interface/ssl/ispserver.bundle')) {
ccbf14	1199	$tpl->setVar('ssl_bundle_comment','');
10b4c8	1200	} else {
ccbf14	1201	$tpl->setVar('ssl_bundle_comment','#');
10b4c8	1202	}
ccbf14	1203
TB	1204	$tpl->setVar('apache_version',getapacheversion());
7fe908	1205
fbc02f	1206	$content = $tpl->grab();
TB	1207	$content = str_replace('/var/www/', '/srv/www/', $content);
	1208	wf($vhost_conf_dir.'/ispconfig.vhost', $content);
7fe908	1209
cc6568	1210	//if(!is_file('/srv/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter')) {
7fe908	1211	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/apache_ispconfig_fcgi_starter.master', 'tpl/apache_ispconfig_fcgi_starter.master');
MC	1212	$content = str_replace('{fastcgi_bin}', $conf['fastcgi']['fastcgi_bin'], $content);
	1213	$content = str_replace('{fastcgi_phpini_path}', $conf['fastcgi']['fastcgi_phpini_path'], $content);
	1214	exec('mkdir -p /srv/www/php-fcgi-scripts/ispconfig');
	1215	wf('/srv/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter', $content);
	1216	exec('chmod +x /srv/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');
	1217	exec('ln -s /usr/local/ispconfig/interface/web /srv/www/ispconfig');
	1218	exec('chown -R ispconfig:ispconfig /srv/www/php-fcgi-scripts/ispconfig');
	1219
cc6568	1220	//}
7fe908	1221
1bd269	1222	//copy('tpl/apache_ispconfig.vhost.master', "$vhost_conf_dir/ispconfig.vhost");
F	1223	//* and create the symlink
7e1cfb	1224	if($this->is_update == false) {
1bd269	1225	if(@is_link("$vhost_conf_enabled_dir/ispconfig.vhost")) unlink("$vhost_conf_enabled_dir/ispconfig.vhost");
F	1226	if(!@is_link("$vhost_conf_enabled_dir/000-ispconfig.vhost")) {
	1227	exec("ln -s $vhost_conf_dir/ispconfig.vhost $vhost_conf_enabled_dir/000-ispconfig.vhost");
	1228	}
7fe908	1229
1bd269	1230	}
7fe908	1231
1bd269	1232	// Fix a setting in vhost master file for suse
7fe908	1233	replaceLine('/usr/local/ispconfig/server/conf/vhost.conf.master', "suPHP_UserGroup", " suPHP_UserGroup <tmpl_var name='system_user'> <tmpl_var name='system_group'>", 0);
1bd269	1234	}
F	1235
7e1cfb	1236	if($conf['nginx']['installed'] == true && $this->install_ispconfig_interface == true){
1bd269	1237	//* Copy the ISPConfig vhost for the controlpanel
F	1238	$vhost_conf_dir = $conf['nginx']['vhost_conf_dir'];
	1239	$vhost_conf_enabled_dir = $conf['nginx']['vhost_conf_enabled_dir'];
	1240
	1241	// Dont just copy over the virtualhost template but add some custom settings
615a0a	1242	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/nginx_ispconfig.vhost.master', 'tpl/nginx_ispconfig.vhost.master');
1bd269	1243	$content = str_replace('{vhost_port}', $conf['nginx']['vhost_port'], $content);
7fe908	1244
1bd269	1245	if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
10b4c8	1246	$content = str_replace('{ssl_on}', ' on', $content);
1bd269	1247	$content = str_replace('{ssl_comment}', '', $content);
F	1248	$content = str_replace('{fastcgi_ssl}', 'on', $content);
	1249	} else {
10b4c8	1250	$content = str_replace('{ssl_on}', ' off', $content);
1bd269	1251	$content = str_replace('{ssl_comment}', '#', $content);
F	1252	$content = str_replace('{fastcgi_ssl}', 'off', $content);
32d8e9	1253	}
7fe908	1254
ca0b77	1255	$socket_dir = escapeshellcmd($conf['nginx']['php_fpm_socket_dir']);
7fe908	1256	if(substr($socket_dir, -1) != '/') $socket_dir .= '/';
ca0b77	1257	if(!is_dir($socket_dir)) exec('mkdir -p '.$socket_dir);
F	1258	$fpm_socket = $socket_dir.'ispconfig.sock';
7fe908	1259
ca0b77	1260	//$content = str_replace('{fpm_port}', $conf['nginx']['php_fpm_start_port'], $content);
F	1261	$content = str_replace('{fpm_socket}', $fpm_socket, $content);
1bd269	1262
F	1263	wf($vhost_conf_dir.'/ispconfig.vhost', $content);
7fe908	1264
1bd269	1265	unset($content);
7fe908	1266
1bd269	1267	// PHP-FPM
F	1268	// Dont just copy over the php-fpm pool template but add some custom settings
615a0a	1269	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/php_fpm_pool.conf.master', 'tpl/php_fpm_pool.conf.master');
1bd269	1270	$content = str_replace('{fpm_pool}', 'ispconfig', $content);
ca0b77	1271	//$content = str_replace('{fpm_port}', $conf['nginx']['php_fpm_start_port'], $content);
F	1272	$content = str_replace('{fpm_socket}', $fpm_socket, $content);
1bd269	1273	$content = str_replace('{fpm_user}', 'ispconfig', $content);
F	1274	$content = str_replace('{fpm_group}', 'ispconfig', $content);
	1275	wf($conf['nginx']['php_fpm_pool_dir'].'/ispconfig.conf', $content);
	1276
	1277	//copy('tpl/nginx_ispconfig.vhost.master', $vhost_conf_dir.'/ispconfig.vhost');
	1278	//* and create the symlink
7e1cfb	1279	if($this->is_update == false) {
1bd269	1280	if(@is_link($vhost_conf_enabled_dir.'/ispconfig.vhost')) unlink($vhost_conf_enabled_dir.'/ispconfig.vhost');
F	1281	if(!@is_link($vhost_conf_enabled_dir.'/000-ispconfig.vhost')) {
7fe908	1282	symlink($vhost_conf_dir.'/ispconfig.vhost', $vhost_conf_enabled_dir.'/000-ispconfig.vhost');
1bd269	1283	}
F	1284	}
7fe908	1285
9aec3d	1286	// create symlinks from /usr/share to phpMyAdmin and SquirrelMail, if they are installed
7fe908	1287	if(!@file_exists('/usr/share/phpmyadmin') && @is_dir('/srv/www/htdocs/phpMyAdmin')) symlink('/srv/www/htdocs/phpMyAdmin/', '/usr/share/phpmyadmin');
MC	1288	if(!@file_exists('/usr/share/squirrelmail') && @is_dir('/srv/www/htdocs/squirrelmail')) symlink('/srv/www/htdocs/squirrelmail/', '/usr/share/squirrelmail');
32d8e9	1289	}
7fe908	1290
MC	1291
32d8e9	1292	// Make the Clamav log files readable by ISPConfig
T	1293	//exec('chmod +r /var/log/clamav/clamav.log');
	1294	//exec('chmod +r /var/log/clamav/freshclam.log');
7fe908	1295
32d8e9	1296	//* Install the update script
b34f99	1297	if(is_file('/usr/local/bin/ispconfig_update_from_dev.sh')) unlink('/usr/local/bin/ispconfig_update_from_dev.sh');
MC	1298	exec('chown root /usr/local/ispconfig/server/scripts/update_from_dev.sh');
	1299	exec('chmod 700 /usr/local/ispconfig/server/scripts/update_from_dev.sh');
32d8e9	1300	exec('chown root /usr/local/ispconfig/server/scripts/update_from_tgz.sh');
T	1301	exec('chmod 700 /usr/local/ispconfig/server/scripts/update_from_tgz.sh');
	1302	exec('chown root /usr/local/ispconfig/server/scripts/ispconfig_update.sh');
	1303	exec('chmod 700 /usr/local/ispconfig/server/scripts/ispconfig_update.sh');
b34f99	1304	if(!is_link('/usr/local/bin/ispconfig_update_from_dev.sh')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_update.sh /usr/local/bin/ispconfig_update_from_dev.sh');
32d8e9	1305	if(!is_link('/usr/local/bin/ispconfig_update.sh')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_update.sh /usr/local/bin/ispconfig_update.sh');
7fe908	1306
32d8e9	1307	//set the fast cgi starter script to executable
T	1308	//exec('chmod 755 '.$install_dir.'/interface/bin/php-fcgi');
7fe908	1309
32d8e9	1310	//* Make the logs readable for the ispconfig user
T	1311	if(@is_file('/var/log/mail.log')) exec('chmod +r /var/log/mail.log');
	1312	if(@is_file('/var/log/mail.warn')) exec('chmod +r /var/log/mail.warn');
	1313	if(@is_file('/var/log/mail.err')) exec('chmod +r /var/log/mail.err');
	1314	if(@is_file('/var/log/messages')) exec('chmod +r /var/log/messages');
7fe908	1315
32d8e9	1316	//To enable apache to read the directories
T	1317	exec('chmod a+rx /usr/local/ispconfig');
	1318	exec('chmod -R 751 /usr/local/ispconfig/interface');
	1319	exec('chmod a+rx /usr/local/ispconfig/interface/web');
7fe908	1320
32d8e9	1321	//* Create the ispconfig log directory
e38d14	1322	if(!is_dir($conf['ispconfig_log_dir'])) mkdir($conf['ispconfig_log_dir']);
J	1323	if(!is_file($conf['ispconfig_log_dir'].'/ispconfig.log')) exec('touch '.$conf['ispconfig_log_dir'].'/ispconfig.log');
7fe908	1324
0c5b42	1325	if(is_user('getmail')) {
T	1326	exec('mv /usr/local/ispconfig/server/scripts/run-getmail.sh /usr/local/bin/run-getmail.sh');
	1327	exec('chown getmail /usr/local/bin/run-getmail.sh');
	1328	exec('chmod 744 /usr/local/bin/run-getmail.sh');
	1329	}
7fe908	1330
8cf78b	1331	if(is_dir($install_dir.'/interface/invoices')) {
e94a9f	1332	exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
T	1333	exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
edf806	1334	}
7fe908	1335
0799f8	1336	//* Create the ispconfig auth log file and set uid/gid
T	1337	if(!is_file($conf['ispconfig_log_dir'].'/auth.log')) {
	1338	touch($conf['ispconfig_log_dir'].'/auth.log');
	1339	}
	1340	exec('chown ispconfig:ispconfig '. $conf['ispconfig_log_dir'].'/auth.log');
	1341	exec('chmod 660 '. $conf['ispconfig_log_dir'].'/auth.log');
7fe908	1342
d71bae	1343	//* Remove Domain module as its functions are available in the client module now
T	1344	if(@is_dir('/usr/local/ispconfig/interface/web/domain')) exec('rm -rf /usr/local/ispconfig/interface/web/domain');
021aec	1345
TB	1346	// Add symlink for patch tool
	1347	if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch');
7fe908	1348
553854	1349	// Change mode of a few files from amavisd
TB	1350	if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640);
	1351	if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);
	1352	if(is_file($conf['amavis']['config_dir'].'/amavisd.conf')) chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
	1353	if(is_file($conf['amavis']['config_dir'].'/amavisd.conf~')) chmod($conf['amavis']['config_dir'].'/amavisd.conf~', 0400);
	1354
32d8e9	1355	}
7fe908	1356
32d8e9	1357	public function configure_dbserver()
T	1358	{
	1359	global $conf;
7fe908	1360
32d8e9	1361	//* If this server shall act as database server for client DB's, we configure this here
T	1362	$install_dir = $conf['ispconfig_install_dir'];
7fe908	1363
MC	1364	// Create a file with the database login details which
32d8e9	1365	// are used to create the client databases.
7fe908	1366
32d8e9	1367	if(!is_dir("$install_dir/server/lib")) {
T	1368	$command = "mkdir $install_dir/server/lib";
	1369	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1370	}
7fe908	1371
615a0a	1372	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/mysql_clientdb.conf.master', "tpl/mysql_clientdb.conf.master");
7fe908	1373	$content = str_replace('{hostname}', $conf['mysql']['host'], $content);
MC	1374	$content = str_replace('{username}', $conf['mysql']['admin_user'], $content);
67fede	1375	$content = str_replace('{password}', addslashes($conf['mysql']['admin_password']), $content);
7fe908	1376	wf("$install_dir/server/lib/mysql_clientdb.conf", $content);
32d8e9	1377	exec('chmod 600 '."$install_dir/server/lib/mysql_clientdb.conf");
T	1378	exec('chown root:root '."$install_dir/server/lib/mysql_clientdb.conf");
7fe908	1379
32d8e9	1380	}
7fe908	1381
32d8e9	1382	public function install_crontab()
7fe908	1383	{
32d8e9	1384	global $conf;
7fe908	1385
32d8e9	1386	//* Root Crontab
T	1387	exec('crontab -u root -l > crontab.txt');
	1388	$existing_root_cron_jobs = file('crontab.txt');
7fe908	1389
32d8e9	1390	// remove existing ispconfig cronjobs, in case the syntax has changed
T	1391	foreach($existing_root_cron_jobs as $key => $val) {
7fe908	1392	if(stristr($val, '/usr/local/ispconfig')) unset($existing_root_cron_jobs[$key]);
32d8e9	1393	}
7fe908	1394
32d8e9	1395	$root_cron_jobs = array(
T	1396	'* * * * * /usr/local/ispconfig/server/server.sh &> /dev/null',
	1397	'30 00 * * * /usr/local/ispconfig/server/cron_daily.sh &> /dev/null'
	1398	);
7fe908	1399
b6a10a	1400	if ($conf['nginx']['installed'] == true) {
F	1401	$root_cron_jobs[] = "0 0 * * * /usr/local/ispconfig/server/scripts/create_daily_nginx_access_logs.sh &> /dev/null";
	1402	}
7fe908	1403
32d8e9	1404	foreach($root_cron_jobs as $cron_job) {
T	1405	if(!in_array($cron_job."\n", $existing_root_cron_jobs)) {
	1406	$existing_root_cron_jobs[] = $cron_job."\n";
	1407	}
	1408	}
	1409	file_put_contents('crontab.txt', $existing_root_cron_jobs);
	1410	exec('crontab -u root crontab.txt &> /dev/null');
	1411	unlink('crontab.txt');
7fe908	1412
32d8e9	1413	//* Getmail crontab
T	1414	if(is_user('getmail')) {
7fe908	1415	$cf = $conf['getmail'];
32d8e9	1416	exec('crontab -u getmail -l > crontab.txt');
T	1417	$existing_cron_jobs = file('crontab.txt');
7fe908	1418
32d8e9	1419	$cron_jobs = array(
7fe908	1420	'/5 * * * /usr/local/bin/run-getmail.sh > /dev/null 2>> /dev/null'
MC	1421	);
	1422
32d8e9	1423	// remove existing ispconfig cronjobs, in case the syntax has changed
T	1424	foreach($existing_cron_jobs as $key => $val) {
7fe908	1425	if(stristr($val, 'getmail')) unset($existing_cron_jobs[$key]);
32d8e9	1426	}
7fe908	1427
32d8e9	1428	foreach($cron_jobs as $cron_job) {
T	1429	if(!in_array($cron_job."\n", $existing_cron_jobs)) {
	1430	$existing_cron_jobs[] = $cron_job."\n";
	1431	}
	1432	}
	1433	file_put_contents('crontab.txt', $existing_cron_jobs);
	1434	exec('crontab -u getmail crontab.txt &> /dev/null');
	1435	unlink('crontab.txt');
	1436	}
7fe908	1437
32d8e9	1438	exec('touch /var/log/ispconfig/cron.log');
cc6568	1439	exec('chmod 660 /var/log/ispconfig/cron.log');
32d8e9	1440	}
T	1441
	1442	}
	1443
e38d14	1444	?>