gitlabFork/ISPConfig3.git - Solinfo Gitblit

Fixed: FS#3712 - Client DB credentials not escaped

Till Brehm

2014-10-23 67fedede3887d97078862e9b58524dc71162ba24

commit \| author \| age
32d8e9	1	<?php
T	2
	3	/*
	4	Copyright (c) 2007, Till Brehm, projektfarm Gmbh
	5	All rights reserved.
	6
	7	Redistribution and use in source and binary forms, with or without modification,
	8	are permitted provided that the following conditions are met:
	9
	10	* Redistributions of source code must retain the above copyright notice,
	11	this list of conditions and the following disclaimer.
	12	* Redistributions in binary form must reproduce the above copyright notice,
	13	this list of conditions and the following disclaimer in the documentation
	14	and/or other materials provided with the distribution.
	15	* Neither the name of ISPConfig nor the names of its contributors
	16	may be used to endorse or promote products derived from this software without
	17	specific prior written permission.
	18
	19	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
	20	ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	21	WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	22	IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
	24	BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	25	DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
	26	OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
	27	NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
	28	EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	29	*/
	30
	31	class installer_dist extends installer_base {
60b700	32
MC	33	public function __construct() {
	34	//** check apache modules */
	35	$mods = getapachemodules();
	36	if(in_array('authz_compat', $mods, true)) {
	37	swriteln($inst->lng(' WARNING! You are using mod_authz_compat.'));
	38	swriteln($inst->lng(' Please make sure that your apache config uses the new auth syntax:'));
	39	swriteln($inst->lng(' <Directory />'));
	40	swriteln($inst->lng(' Options None'));
	41	swriteln($inst->lng(' AllowOverride None'));
	42	swriteln($inst->lng(' Require all denied'));
	43	swriteln($inst->lng(' </Directory>'."\n"));
	44
	45	swriteln($inst->lng(' If it uses the old syntax (deny from all) ISPConfig would fail to work.'));
	46	}
	47	}
	48
526b99	49	public function configure_mailman($status = 'insert') {
T	50	global $conf;
	51
	52	$config_dir = $conf['mailman']['config_dir'].'/';
	53	$full_file_name = $config_dir.'mm_cfg.py';
	54	//* Backup exiting file
	55	if(is_file($full_file_name)) {
	56	copy($full_file_name, $config_dir.'mm_cfg.py~');
	57	}
	58
	59	// load files
615a0a	60	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/mm_cfg.py.master', 'tpl/mm_cfg.py.master');
526b99	61	$old_file = rf($full_file_name);
T	62
	63	$old_options = array();
	64	$lines = explode("\n", $old_file);
	65	foreach ($lines as $line)
	66	{
	67	if (trim($line) != '' && substr($line, 0, 1) != '#')
	68	{
	69	@list($key, $value) = @explode("=", $line);
	70	if (!empty($value))
	71	{
	72	$key = rtrim($key);
	73	$old_options[$key] = trim($value);
	74	}
	75	}
	76	}
7fe908	77
526b99	78	if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');
T	79	exec('/usr/sbin/postmap /var/lib/mailman/data/transport-mailman');
	80
	81	$virtual_domains = '';
	82	if($status == 'update')
	83	{
	84	// create virtual_domains list
	85	$domainAll = $this->db->queryAllRecords("SELECT domain FROM mail_mailinglist GROUP BY domain");
	86
	87	if(is_array($domainAll)) {
7fe908	88	foreach($domainAll as $domain)
MC	89	{
	90	if ($domainAll[0]['domain'] == $domain['domain'])
	91	$virtual_domains .= "'".$domain['domain']."'";
	92	else
	93	$virtual_domains .= ", '".$domain['domain']."'";
	94	}
526b99	95	}
T	96	}
	97	else
	98	$virtual_domains = "' '";
	99
	100	$content = str_replace('{hostname}', $conf['hostname'], $content);
	101	if(!isset($old_options['DEFAULT_SERVER_LANGUAGE'])) $old_options['DEFAULT_SERVER_LANGUAGE'] = '';
	102	$content = str_replace('{default_language}', $old_options['DEFAULT_SERVER_LANGUAGE'], $content);
	103	$content = str_replace('{virtual_domains}', $virtual_domains, $content);
	104
	105	wf($full_file_name, $content);
7fe908	106
3f478f	107	//* Write virtual_to_transport.sh script
T	108	$config_dir = $conf['mailman']['config_dir'].'/';
	109	$full_file_name = $config_dir.'virtual_to_transport.sh';
7fe908	110
3f478f	111	//* Backup exiting virtual_to_transport.sh script
T	112	if(is_file($full_file_name)) {
	113	copy($full_file_name, $config_dir.'virtual_to_transport.sh~');
	114	}
7fe908	115
3f478f	116	if(is_dir('/etc/mailman')) {
615a0a	117	if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/mailman-virtual_to_transport.sh')) {
7fe908	118	copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/mailman-virtual_to_transport.sh', $full_file_name);
MC	119	} else {
	120	copy('tpl/mailman-virtual_to_transport.sh', $full_file_name);
	121	}
	122	chgrp($full_file_name, 'mailman');
	123	chmod($full_file_name, 0750);
3f478f	124	}
7fe908	125
3f478f	126	//* Create aliasaes
T	127	exec('/usr/lib/mailman/bin/genaliases 2>/dev/null');
c71d48	128	if(is_file('/var/lib/mailman/data/virtual-mailman')) exec('postmap /var/lib/mailman/data/virtual-mailman');
526b99	129	}
7fe908	130
32d8e9	131	function configure_postfix($options = '')
7fe908	132	{
b51c22	133	global $conf,$autoinstall;
32d8e9	134	$cf = $conf['postfix'];
T	135	$config_dir = $cf['config_dir'];
7fe908	136
32d8e9	137	if(!is_dir($config_dir)){
7fe908	138	$this->error("The postfix configuration directory '$config_dir' does not exist.");
MC	139	}
	140
32d8e9	141	//* mysql-virtual_domains.cf
7fe908	142	$this->process_postfix_config('mysql-virtual_domains.cf');
32d8e9	143
T	144	//* mysql-virtual_forwardings.cf
7fe908	145	$this->process_postfix_config('mysql-virtual_forwardings.cf');
32d8e9	146
T	147	//* mysql-virtual_mailboxes.cf
7fe908	148	$this->process_postfix_config('mysql-virtual_mailboxes.cf');
32d8e9	149
T	150	//* mysql-virtual_email2email.cf
7fe908	151	$this->process_postfix_config('mysql-virtual_email2email.cf');
32d8e9	152
T	153	//* mysql-virtual_transports.cf
7fe908	154	$this->process_postfix_config('mysql-virtual_transports.cf');
32d8e9	155
T	156	//* mysql-virtual_recipient.cf
7fe908	157	$this->process_postfix_config('mysql-virtual_recipient.cf');
32d8e9	158
T	159	//* mysql-virtual_sender.cf
7fe908	160	$this->process_postfix_config('mysql-virtual_sender.cf');
32d8e9	161
T	162	//* mysql-virtual_client.cf
7fe908	163	$this->process_postfix_config('mysql-virtual_client.cf');
MC	164
32d8e9	165	//* mysql-virtual_relaydomains.cf
7fe908	166	$this->process_postfix_config('mysql-virtual_relaydomains.cf');
MC	167
429dcf	168	//* mysql-virtual_relayrecipientmaps.cf
7fe908	169	$this->process_postfix_config('mysql-virtual_relayrecipientmaps.cf');
32d8e9	170
T	171	//* Changing mode and group of the new created config files.
	172	caselog('chmod o= '.$config_dir.'/mysql-virtual_.cf &> /dev/null',
7fe908	173	__FILE__, __LINE__, 'chmod on mysql-virtual_.cf', 'chmod on mysql-virtual_.cf failed');
MC	174	caselog('chgrp '.$cf['group'].' '.$config_dir.'/mysql-virtual_.cf &> /dev/null',
	175	__FILE__, __LINE__, 'chgrp on mysql-virtual_.cf', 'chgrp on mysql-virtual_.cf failed');
	176
1ca823	177	if(!is_dir($cf['vmail_mailbox_base'])) mkdir($cf['vmail_mailbox_base']);
7fe908	178
32d8e9	179	//* Creating virtual mail user and group
fdb514	180	if(is_group($cf['vmail_groupname'])) {
T	181	$command = 'groupmod -g '.$cf['vmail_groupid'].' '.$cf['vmail_groupname'];
	182	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	183	} else {
	184	$command = 'groupadd -g '.$cf['vmail_groupid'].' '.$cf['vmail_groupname'];
	185	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	186	}
7fe908	187
fdb514	188	if(is_user($cf['vmail_username'])) {
T	189	$command = 'usermod -g '.$cf['vmail_groupname'].' -u '.$cf['vmail_userid'].' -d '.$cf['vmail_mailbox_base'].' -s /bin/bash '.$cf['vmail_username'];
	190	caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	191	} else {
	192	$command = 'useradd -g '.$cf['vmail_groupname'].' -u '.$cf['vmail_userid'].' '.$cf['vmail_username'].' -d '.$cf['vmail_mailbox_base'].' -m';
	193	caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
8f898a	194	}
7fe908	195
d2e848	196	if($cf['vmail_mailbox_base'] != '' && strlen($cf['vmail_mailbox_base']) >= 10 && $this->is_update === false) exec('chown -R '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base']);
7fe908	197
b67344	198	//* These postconf commands will be executed on installation and update
7b47c0	199	$server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ".$conf['server_id']);
T	200	$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
	201	unset($server_ini_rec);
	202
	203	//* If there are RBL's defined, format the list and add them to smtp_recipient_restrictions to prevent removeal after an update
	204	$rbl_list = '';
	205	if (@isset($server_ini_array['mail']['realtime_blackhole_list']) && $server_ini_array['mail']['realtime_blackhole_list'] != '') {
7fe908	206	$rbl_hosts = explode(",", str_replace(" ", "", $server_ini_array['mail']['realtime_blackhole_list']));
7b47c0	207	foreach ($rbl_hosts as $key => $value) {
T	208	$rbl_list .= ", reject_rbl_client ". $value;
	209	}
	210	}
	211	unset($rbl_hosts);
	212	unset($server_ini_array);
7fe908	213
7b47c0	214	//* These postconf commands will be executed on installation and update
7fe908	215	$postconf_placeholders = array('{config_dir}' => $config_dir,
MC	216	'{vmail_mailbox_base}' => $cf['vmail_mailbox_base'],
	217	'{vmail_userid}' => $cf['vmail_userid'],
	218	'{vmail_groupid}' => $cf['vmail_groupid'],
	219	'{rbl_list}' => $rbl_list);
	220
	221	$postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_postfix.conf.master', 'tpl/opensuse_postfix.conf.master');
	222	$postconf_tpl = strtr($postconf_tpl, $postconf_placeholders);
	223	$postconf_commands = array_filter(explode("\n", $postconf_tpl)); // read and remove empty lines
	224
b67344	225	//* These postconf commands will be executed on installation only
T	226	if($this->is_update == false) {
7fe908	227	$postconf_commands = array_merge($postconf_commands, array(
MC	228	'myhostname = '.$conf['hostname'],
	229	'mydestination = '.$conf['hostname'].', localhost, localhost.localdomain',
	230	'mynetworks = 127.0.0.0/8 [::1]/128'
	231	));
b67344	232	}
7fe908	233
32d8e9	234	//* Create the header and body check files
T	235	touch($config_dir.'/header_checks');
	236	touch($config_dir.'/mime_header_checks');
	237	touch($config_dir.'/nested_header_checks');
	238	touch($config_dir.'/body_checks');
7fe908	239
3f478f	240	//* Create the mailman files
T	241	if(!is_dir('/var/lib/mailman/data')) exec('mkdir -p /var/lib/mailman/data');
	242	if(!is_file('/var/lib/mailman/data/aliases')) touch('/var/lib/mailman/data/aliases');
	243	exec('postalias /var/lib/mailman/data/aliases');
	244	if(!is_file('/var/lib/mailman/data/virtual-mailman')) touch('/var/lib/mailman/data/virtual-mailman');
	245	exec('postmap /var/lib/mailman/data/virtual-mailman');
	246	if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');
	247	exec('/usr/sbin/postmap /var/lib/mailman/data/transport-mailman');
7fe908	248
32d8e9	249	//* Make a backup copy of the main.cf file
T	250	copy($config_dir.'/main.cf', $config_dir.'/main.cf~');
7fe908	251
32d8e9	252	//* Executing the postconf commands
T	253	foreach($postconf_commands as $cmd) {
	254	$command = "postconf -e '$cmd'";
	255	caselog($command." &> /dev/null", __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
	256	}
7fe908	257
MC	258	if(!stristr($options, 'dont-create-certs')) {
32d8e9	259	//* Create the SSL certificate
b04e82	260	if(AUTOINSTALL){
TB	261	$command = 'cd '.$config_dir.'; '
	262	."openssl req -new -subj '/C=".escapeshellcmd($autoinstall['ssl_cert_country'])."/ST=".escapeshellcmd($autoinstall['ssl_cert_state'])."/L=".escapeshellcmd($autoinstall['ssl_cert_locality'])."/O=".escapeshellcmd($autoinstall['ssl_cert_organisation'])."/OU=".escapeshellcmd($autoinstall['ssl_cert_organisation_unit'])."/CN=".escapeshellcmd($autoinstall['ssl_cert_common_name'])."' -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509";
	263	} else {
	264	$command = 'cd '.$config_dir.'; '
	265	.'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';
	266	}
b51c22	267	exec($command);
7fe908	268
32d8e9	269	$command = 'chmod o= '.$config_dir.'/smtpd.key';
T	270	caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
	271	}
7fe908	272
32d8e9	273	//** We have to change the permissions of the courier authdaemon directory to make it accessible for maildrop.
T	274	$command = 'chmod 755 /var/run/authdaemon.courier-imap';
	275	caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
7fe908	276
32d8e9	277	//* Changing maildrop lines in posfix master.cf
T	278	if(is_file($config_dir.'/master.cf')){
7fe908	279	copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
MC	280	}
32d8e9	281	if(is_file($config_dir.'/master.cf~')){
7fe908	282	exec('chmod 400 '.$config_dir.'/master.cf~');
MC	283	}
32d8e9	284	$configfile = $config_dir.'/master.cf';
T	285	$content = rf($configfile);
7fe908	286
MC	287	$content = str_replace(' flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}',
	288	' flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
	289	$content);
	290
	291	$content = str_replace(' flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}',
	292	' flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
	293	$content);
	294
fdb514	295	// enable tlsmanager
7fe908	296	$content = str_replace('#tlsmgr unix - - n 1000? 1 tlsmgr', 'tlsmgr unix - - n 1000? 1 tlsmgr', $content);
MC	297
32d8e9	298	wf($configfile, $content);
7fe908	299
32d8e9	300	//* Writing the Maildrop mailfilter file
T	301	$configfile = 'mailfilter';
	302	if(is_file($cf['vmail_mailbox_base'].'/.'.$configfile)){
7fe908	303	copy($cf['vmail_mailbox_base'].'/.'.$configfile, $cf['vmail_mailbox_base'].'/.'.$configfile.'~');
MC	304	}
615a0a	305	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
32d8e9	306	$content = str_replace('{dist_postfix_vmail_mailbox_base}', $cf['vmail_mailbox_base'], $content);
T	307	wf($cf['vmail_mailbox_base'].'/.'.$configfile, $content);
7fe908	308
32d8e9	309	//* Create the directory for the custom mailfilters
T	310	$command = 'mkdir '.$cf['vmail_mailbox_base'].'/mailfilters';
	311	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	312
32d8e9	313	//* Chmod and chown the .mailfilter file
T	314	$command = 'chown -R '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base'].'/.mailfilter';
	315	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	316
32d8e9	317	$command = 'chmod -R 600 '.$cf['vmail_mailbox_base'].'/.mailfilter';
T	318	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	319
32d8e9	320	}
7fe908	321
32d8e9	322	public function configure_saslauthd() {
T	323	global $conf;
7fe908	324
32d8e9	325	/*
T	326	$configfile = 'sasl_smtpd.conf';
	327	if(is_file('/etc/sasl2/smtpd.conf')) copy('/etc/sasl2/smtpd.conf','/etc/sasl2/smtpd.conf~');
	328	if(is_file('/etc/sasl2/smtpd.conf~')) exec('chmod 400 '.'/etc/sasl2/smtpd.conf~');
	329	$content = rf("tpl/".$configfile.".master");
	330	$content = str_replace('{mysql_server_ispconfig_user}',$conf['mysql']['ispconfig_user'],$content);
	331	$content = str_replace('{mysql_server_ispconfig_password}',$conf['mysql']['ispconfig_password'], $content);
	332	$content = str_replace('{mysql_server_database}',$conf['mysql']['database'],$content);
	333	$content = str_replace('{mysql_server_ip}',$conf['mysql']['ip'],$content);
	334	wf('/etc/sasl2/smtpd.conf',$content);
	335	*/
7fe908	336
32d8e9	337	// TODO: Chmod and chown on the config file
7fe908	338
MC	339
32d8e9	340	/*
T	341	// Create the spool directory
	342	exec('mkdir -p /var/spool/postfix/var/run/saslauthd');
7fe908	343
32d8e9	344	// Edit the file /etc/default/saslauthd
T	345	$configfile = $conf["saslauthd"]["config"];
	346	if(is_file($configfile)) copy($configfile,$configfile.'~');
	347	if(is_file($configfile.'~')) exec('chmod 400 '.$configfile.'~');
	348	$content = rf($configfile);
	349	$content = str_replace('START=no','START=yes',$content);
	350	$content = str_replace('OPTIONS="-c"','OPTIONS="-m /var/spool/postfix/var/run/saslauthd -r"',$content);
	351	wf($configfile,$content);
	352	*/
7fe908	353
32d8e9	354	// Edit the file /etc/init.d/saslauthd
T	355	$configfile = $conf["init_scripts"].'/'.$conf["saslauthd"]["init_script"];
	356	$content = rf($configfile);
7fe908	357	$content = str_replace('/sbin/startproc $AUTHD_BIN -a $SASLAUTHD_AUTHMECH -n $SASLAUTHD_THREADS > /dev/null 2>&1', '/sbin/startproc $AUTHD_BIN -r -a $SASLAUTHD_AUTHMECH -n $SASLAUTHD_THREADS > /dev/null 2>&1', $content);
MC	358	$content = str_replace('/sbin/startproc $AUTHD_BIN $SASLAUTHD_PARAMS -a $SASLAUTHD_AUTHMECH -n $SASLAUTHD_THREADS > /dev/null 2>&1', '/sbin/startproc $AUTHD_BIN $SASLAUTHD_PARAMS -r -a $SASLAUTHD_AUTHMECH -n $SASLAUTHD_THREADS > /dev/null 2>&1', $content);
	359
	360
	361	if(is_file($configfile)) wf($configfile, $content);
	362
	363
	364
32d8e9	365	}
7fe908	366
32d8e9	367	public function configure_pam()
7fe908	368	{
32d8e9	369	global $conf;
T	370	$pam = $conf['pam'];
	371	//* configure pam for SMTP authentication agains the ispconfig database
	372	$configfile = 'pamd_smtp';
	373	if(is_file("$pam/smtp")) copy("$pam/smtp", "$pam/smtp~");
	374	if(is_file("$pam/smtp~")) exec("chmod 400 $pam/smtp~");
	375
615a0a	376	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
32d8e9	377	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
T	378	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	379	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	380	$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
	381	wf("$pam/smtp", $content);
03bff7	382	// On some OSes smtp is world readable which allows for reading database information. Removing world readable rights should have no effect.
T	383	if(is_file("$pam/smtp")) exec("chmod o= $pam/smtp");
32d8e9	384	//exec("chmod 660 $pam/smtp");
T	385	//exec("chown root:root $pam/smtp");
7fe908	386
32d8e9	387	}
7fe908	388
32d8e9	389	public function configure_courier()
7fe908	390	{
32d8e9	391	global $conf;
T	392	$config_dir = $conf['courier']['config_dir'];
	393	//* authmysqlrc
	394	$configfile = 'authmysqlrc';
	395	if(is_file("$config_dir/$configfile")){
7fe908	396	copy("$config_dir/$configfile", "$config_dir/$configfile~");
MC	397	}
32d8e9	398	exec("chmod 400 $config_dir/$configfile~");
615a0a	399	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
7fe908	400	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC	401	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	402	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	403	$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
32d8e9	404	wf("$config_dir/$configfile", $content);
7fe908	405
32d8e9	406	exec("chmod 660 $config_dir/$configfile");
T	407	exec("chown root:root $config_dir/$configfile");
7fe908	408
32d8e9	409	//* authdaemonrc
T	410	$configfile = $conf['courier']['config_dir'].'/authdaemonrc';
	411	if(is_file($configfile)){
7fe908	412	copy($configfile, $configfile.'~');
MC	413	}
32d8e9	414	if(is_file($configfile.'~')){
7fe908	415	exec('chmod 400 '.$configfile.'~');
MC	416	}
32d8e9	417	$content = rf($configfile);
T	418	$content = str_replace('authmodulelist=', 'authmodulelist="authmysql"', $content);
	419	wf($configfile, $content);
	420	}
7fe908	421
fdb514	422	public function configure_dovecot()
7fe908	423	{
fdb514	424	global $conf;
7fe908	425
fdb514	426	$config_dir = $conf['dovecot']['config_dir'];
7fe908	427
fdb514	428	//* Configure master.cf and add a line for deliver
T	429	if(is_file($config_dir.'/master.cf')){
7fe908	430	copy($config_dir.'/master.cf', $config_dir.'/master.cf~2');
MC	431	}
fdb514	432	if(is_file($config_dir.'/master.cf~')){
7fe908	433	exec('chmod 400 '.$config_dir.'/master.cf~2');
MC	434	}
fdb514	435	$content = rf($conf["postfix"]["config_dir"].'/master.cf');
T	436	// Only add the content if we had not addded it before
7fe908	437	if(!stristr($content, "dovecot/deliver")) {
013ae4	438	$deliver_content = 'dovecot unix - n n - - pipe'."\n".' flags=DROhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}';
7fe908	439	af($conf["postfix"]["config_dir"].'/master.cf', $deliver_content);
fdb514	440	}
T	441	unset($content);
	442	unset($deliver_content);
7fe908	443
MC	444
fdb514	445	//* Reconfigure postfix to use dovecot authentication
T	446	// Adding the amavisd commands to the postfix configuration
	447	$postconf_commands = array (
	448	'dovecot_destination_recipient_limit = 1',
	449	'virtual_transport = dovecot',
	450	'smtpd_sasl_type = dovecot',
	451	'smtpd_sasl_path = private/auth',
	452	);
7fe908	453
fdb514	454	// Make a backup copy of the main.cf file
7fe908	455	copy($conf["postfix"]["config_dir"].'/main.cf', $conf["postfix"]["config_dir"].'/main.cf~3');
MC	456
fdb514	457	// Executing the postconf commands
T	458	foreach($postconf_commands as $cmd) {
	459	$command = "postconf -e '$cmd'";
	460	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	461	}
7fe908	462
31e0d1	463	//* backup dovecot.conf
fdb514	464	$configfile = 'dovecot.conf';
T	465	if(is_file("$config_dir/$configfile")){
7fe908	466	copy("$config_dir/$configfile", "$config_dir/$configfile~");
MC	467	}
	468
31e0d1	469	//* Get the dovecot version
7fe908	470	exec('dovecot --version', $tmp);
MC	471	$parts = explode('.', trim($tmp[0]));
31e0d1	472	$dovecot_version = $parts[0];
T	473	unset($tmp);
	474	unset($parts);
7fe908	475
31e0d1	476	//* Copy dovecot configuration file
T	477	if($dovecot_version == 2) {
7fe908	478	if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_dovecot2.conf.master')) {
MC	479	copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_dovecot2.conf.master', $config_dir.'/'.$configfile);
	480	} else {
	481	copy('tpl/opensuse_dovecot2.conf.master', $config_dir.'/'.$configfile);
	482	}
31e0d1	483	} else {
7fe908	484	if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_dovecot.conf.master')) {
MC	485	copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_dovecot.conf.master', $config_dir.'/'.$configfile);
	486	} else {
	487	copy('tpl/opensuse_dovecot.conf.master', $config_dir.'/'.$configfile);
	488	}
31e0d1	489	}
7fe908	490
fdb514	491	//* dovecot-sql.conf
T	492	$configfile = 'dovecot-sql.conf';
	493	if(is_file("$config_dir/$configfile")){
7fe908	494	copy("$config_dir/$configfile", "$config_dir/$configfile~");
b67344	495	exec("chmod 400 $config_dir/$configfile~");
7fe908	496	}
MC	497
615a0a	498	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_dovecot-sql.conf.master', "tpl/opensuse_dovecot-sql.conf.master");
7fe908	499	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC	500	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	501	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	502	$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
032b86	503	$content = str_replace('{server_id}', $conf['server_id'], $content);
fdb514	504	wf("$config_dir/$configfile", $content);
7fe908	505
fdb514	506	exec("chmod 600 $config_dir/$configfile");
T	507	exec("chown root:root $config_dir/$configfile");
5e7306	508
TB	509	// Dovecot shall ignore mounts in website directory
f9d95c	510	if(is_installed('doveadm')) exec("doveadm mount add '/srv/www/*' ignore > /dev/null 2> /dev/null");
fdb514	511
T	512	}
7fe908	513
32d8e9	514	public function configure_amavis() {
T	515	global $conf;
7fe908	516
32d8e9	517	// amavisd user config file
T	518	$configfile = 'opensuse_amavisd_conf';
7fe908	519	if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf')) @copy($conf["amavis"]["config_dir"].'/amavisd.conf', $conf["amavis"]["config_dir"].'/amavisd.conf~');
32d8e9	520	if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf~')) exec('chmod 400 '.$conf["amavis"]["config_dir"].'/amavisd.conf~');
615a0a	521	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/".$configfile.".master");
7fe908	522	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC	523	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	524	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	525	$content = str_replace('{mysql_server_port}', $conf["mysql"]["port"], $content);
	526	$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
	527	wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content);
	528
	529
32d8e9	530	// Adding the amavisd commands to the postfix configuration
T	531	$postconf_commands = array (
	532	'content_filter = amavis:[127.0.0.1]:10024',
	533	'receive_override_options = no_address_mappings'
	534	);
7fe908	535
32d8e9	536	// Make a backup copy of the main.cf file
7fe908	537	copy($conf["postfix"]["config_dir"].'/main.cf', $conf["postfix"]["config_dir"].'/main.cf~2');
MC	538
32d8e9	539	// Executing the postconf commands
T	540	foreach($postconf_commands as $cmd) {
	541	$command = "postconf -e '$cmd'";
	542	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	543	}
7fe908	544
32d8e9	545	// Append the configuration for amavisd to the master.cf file
7fe908	546	if(is_file($conf["postfix"]["config_dir"].'/master.cf')) copy($conf["postfix"]["config_dir"].'/master.cf', $conf["postfix"]["config_dir"].'/master.cf~');
32d8e9	547	$content = rf($conf["postfix"]["config_dir"].'/master.cf');
T	548	// Only add the content if we had not addded it before
7fe908	549	if(!stristr($content, "127.0.0.1:10025")) {
32d8e9	550	unset($content);
615a0a	551	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis.master', "tpl/master_cf_amavis.master");
7fe908	552	af($conf["postfix"]["config_dir"].'/master.cf', $content);
32d8e9	553	}
T	554	unset($content);
7fe908	555
32d8e9	556	// Add the clamav user to the vscan group
5edf40	557	//exec('groupmod --add-user clamav vscan');
TB	558	$command = 'usermod -a -G clamav vscan';
	559	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	560
MC	561
32d8e9	562	}
7fe908	563
32d8e9	564	public function configure_spamassassin()
7fe908	565	{
32d8e9	566	global $conf;
7fe908	567
32d8e9	568	//* Enable spamasasssin on debian and ubuntu
T	569	/*
	570	$configfile = '/etc/default/spamassassin';
	571	if(is_file($configfile)){
	572	copy($configfile, $configfile.'~');
	573	}
	574	$content = rf($configfile);
	575	$content = str_replace('ENABLED=0', 'ENABLED=1', $content);
	576	wf($configfile, $content);
	577	*/
	578	}
7fe908	579
32d8e9	580	public function configure_getmail()
7fe908	581	{
32d8e9	582	global $conf;
7fe908	583
32d8e9	584	$config_dir = $conf['getmail']['config_dir'];
7fe908	585
32d8e9	586	if(!is_dir($config_dir)) exec("mkdir -p ".escapeshellcmd($config_dir));
T	587
	588	$command = "useradd -d $config_dir getmail";
	589	if(!is_user('getmail')) caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	590
32d8e9	591	$command = "chown -R getmail $config_dir";
T	592	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	593
32d8e9	594	$command = "chmod -R 700 $config_dir";
T	595	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	596	}
7fe908	597
MC	598
32d8e9	599	public function configure_pureftpd()
7fe908	600	{
32d8e9	601	global $conf;
7fe908	602
32d8e9	603	$config_dir = $conf['pureftpd']['config_dir'];
T	604
	605	//* configure pam for SMTP authentication agains the ispconfig database
	606	$configfile = 'db/mysql.conf';
	607	if(is_file("$config_dir/$configfile")){
7fe908	608	copy("$config_dir/$configfile", "$config_dir/$configfile~");
MC	609	}
32d8e9	610	if(is_file("$config_dir/$configfile~")){
7fe908	611	exec("chmod 400 $config_dir/$configfile~");
MC	612	}
615a0a	613	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/pureftpd_mysql.conf.master', 'tpl/pureftpd_mysql.conf.master');
32d8e9	614	$content = str_replace('{mysql_server_ispconfig_user}', $conf["mysql"]["ispconfig_user"], $content);
T	615	$content = str_replace('{mysql_server_ispconfig_password}', $conf["mysql"]["ispconfig_password"], $content);
	616	$content = str_replace('{mysql_server_database}', $conf["mysql"]["database"], $content);
	617	$content = str_replace('{mysql_server_ip}', $conf["mysql"]["ip"], $content);
	618	$content = str_replace('{server_id}', $conf["server_id"], $content);
	619	wf("$config_dir/$configfile", $content);
	620	exec("chmod 600 $config_dir/$configfile");
	621	exec("chown root:root $config_dir/$configfile");
7fe908	622
32d8e9	623	// copy our customized copy of pureftpd.conf to the pure-ftpd config directory
615a0a	624	if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_pureftpd_conf.master')) {
7fe908	625	exec("cp " . $conf['ispconfig_install_dir']."/server/conf-custom/install/opensuse_pureftpd_conf.master $config_dir/pure-ftpd.conf");
MC	626	} else {
	627	exec("cp tpl/opensuse_pureftpd_conf.master $config_dir/pure-ftpd.conf");
	628	}
	629
32d8e9	630	}
7fe908	631
32d8e9	632	public function configure_mydns()
7fe908	633	{
32d8e9	634	global $conf;
7fe908	635
32d8e9	636	// configure pam for SMTP authentication agains the ispconfig database
T	637	$configfile = 'mydns.conf';
7fe908	638	if(is_file($conf["mydns"]["config_dir"].'/'.$configfile)) copy($conf["mydns"]["config_dir"].'/'.$configfile, $conf["mydns"]["config_dir"].'/'.$configfile.'~');
32d8e9	639	if(is_file($conf["mydns"]["config_dir"].'/'.$configfile.'~')) exec('chmod 400 '.$conf["mydns"]["config_dir"].'/'.$configfile.'~');
615a0a	640	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/".$configfile.".master");
7fe908	641	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC	642	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	643	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	644	$content = str_replace('{mysql_server_host}', $conf["mysql"]["host"], $content);
	645	$content = str_replace('{server_id}', $conf["server_id"], $content);
	646	wf($conf["mydns"]["config_dir"].'/'.$configfile, $content);
32d8e9	647	exec('chmod 600 '.$conf["mydns"]["config_dir"].'/'.$configfile);
T	648	exec('chown root:root '.$conf["mydns"]["config_dir"].'/'.$configfile);
7fe908	649
32d8e9	650	}
7fe908	651
32d8e9	652	public function configure_apache()
7fe908	653	{
32d8e9	654	global $conf;
7fe908	655
1bd269	656	if($conf['apache']['installed'] == false) return;
32d8e9	657	//* Create the logging directory for the vhost logfiles
T	658	exec('mkdir -p /var/log/ispconfig/httpd');
6c9bc3	659
TB	660	//* enable apache logio module
	661	exec('a2enmod logio');
7fe908	662
32d8e9	663	//if(is_file('/etc/suphp.conf')) {
7fe908	664	replaceLine('/etc/suphp.conf', 'php=php', 'x-httpd-suphp="php:/srv/www/cgi-bin/php5"', 0, 0);
MC	665	replaceLine('/etc/suphp.conf', 'php="php', 'x-httpd-suphp="php:/srv/www/cgi-bin/php5"', 0, 0);
	666	replaceLine('/etc/suphp.conf', 'docroot=', 'docroot=/srv/www', 0, 0);
	667	replaceLine('/etc/suphp.conf', 'umask=0077', 'umask=0022', 0);
32d8e9	668	//}
7fe908	669
26c0fc	670	if(!file_exists('/srv/www/cgi-bin/php5') && file_exists('/srv/www/cgi-bin/php')) {
7fe908	671	symlink('/srv/www/cgi-bin/php', '/srv/www/cgi-bin/php5');
26c0fc	672	}
7fe908	673
dbe5b0	674	// Sites enabled and available dirs
32d8e9	675	exec('mkdir -p '.$conf['apache']['vhost_conf_enabled_dir']);
T	676	exec('mkdir -p '.$conf['apache']['vhost_conf_dir']);
7fe908	677
32d8e9	678	$content = rf('/etc/apache2/httpd.conf');
7fe908	679	if(!stristr($content, 'Include /etc/apache2/sites-enabled/')) {
5545f1	680	af('/etc/apache2/httpd.conf', "\n<Directory /srv/www>\n Options +FollowSymlinks\n</Directory>\n\nInclude /etc/apache2/sites-enabled/\n\n");
32d8e9	681	}
T	682	unset($content);
7fe908	683
32d8e9	684	//* Copy the ISPConfig configuration include
7fe908	685	$vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
MC	686	$vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
	687
ccbf14	688	$tpl = new tpl('apache_ispconfig.conf.master');
TB	689	$tpl->setVar('apache_version',getapacheversion());
	690
a2156e	691	$records = $this->db->queryAllRecords('SELECT * FROM '.$conf['mysql']['master_database'].'.server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'");
ccbf14	692	$ip_addresses = array();
TB	693
fb3a98	694	if(is_array($records) && count($records) > 0) {
32d8e9	695	foreach($records as $rec) {
a2156e	696	if($rec['ip_type'] == 'IPv6') {
T	697	$ip_address = '['.$rec['ip_address'].']';
	698	} else {
	699	$ip_address = $rec['ip_address'];
	700	}
7fe908	701	$ports = explode(',', $rec['virtualhost_port']);
a2156e	702	if(is_array($ports)) {
T	703	foreach($ports as $port) {
	704	$port = intval($port);
	705	if($port > 0 && $port < 65536 && $ip_address != '') {
ccbf14	706	$ip_addresses[] = array('ip_address' => $ip_address, 'port' => $port);
a2156e	707	}
T	708	}
	709	}
32d8e9	710	}
T	711	}
855547	712
3de838	713	if(count($ip_addresses) > 0) $tpl->setLoop('ip_adresses',$ip_addresses);
855547	714
ccbf14	715	wf($vhost_conf_dir.'/ispconfig.conf', $tpl->grab());
TB	716	unset($tpl);
7fe908	717
32d8e9	718	if(!@is_link($vhost_conf_enabled_dir."/000-ispconfig.conf")) {
T	719	exec("ln -s ".$vhost_conf_dir."/ispconfig.conf ".$vhost_conf_enabled_dir."/000-ispconfig.conf");
	720	}
7fe908	721
99d5dc	722	//* make sure that webalizer finds its config file when it is directly in /etc
T	723	if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
	724	exec('mkdir /etc/webalizer');
	725	exec('ln -s /etc/webalizer.conf /etc/webalizer/webalizer.conf');
	726	}
7fe908	727
99d5dc	728	if(is_file('/etc/webalizer/webalizer.conf')) {
T	729	// Change webalizer mode to incremental
7fe908	730	replaceLine('/etc/webalizer/webalizer.conf', '#IncrementalName', 'IncrementalName webalizer.current', 0, 0);
MC	731	replaceLine('/etc/webalizer/webalizer.conf', '#Incremental', 'Incremental yes', 0, 0);
	732	replaceLine('/etc/webalizer/webalizer.conf', '#HistoryName', 'HistoryName webalizer.hist', 0, 0);
99d5dc	733	}
7fe908	734
6b029a	735	//* add a sshusers group
T	736	$command = 'groupadd sshusers';
	737	if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	738
526b99	739	// create PHP-FPM pool dir
T	740	exec('mkdir -p '.$conf['nginx']['php_fpm_pool_dir']);
7fe908	741
526b99	742	$content = rf('/etc/php5/fpm/php-fpm.conf');
T	743	if(stripos($content, 'include=/etc/php5/fpm/pool.d/*.conf') === false){
7fe908	744	af('/etc/php5/fpm/php-fpm.conf', "\ninclude=/etc/php5/fpm/pool.d/*.conf");
526b99	745	}
T	746	unset($content);
	747	if(!@is_file($conf['nginx']['php_fpm_ini_path'])){
	748	if(@is_file('/etc/php5/cli/php.ini')){
	749	exec('cp -f /etc/php5/cli/php.ini '.$conf['nginx']['php_fpm_ini_path']);
	750	} elseif(@is_file('/etc/php5/fastcgi/php.ini')){
	751	exec('cp -f /etc/php5/fastcgi/php.ini '.$conf['nginx']['php_fpm_ini_path']);
	752	} elseif(@is_file('/etc/php5/apache2/php.ini')){
	753	exec('cp -f /etc/php5/apache2/php.ini '.$conf['nginx']['php_fpm_ini_path']);
	754	}
	755	}
7fe908	756
32d8e9	757	}
7fe908	758
2d86e1	759	public function configure_nginx(){
F	760	global $conf;
7fe908	761
2d86e1	762	if($conf['nginx']['installed'] == false) return;
F	763	//* Create the logging directory for the vhost logfiles
	764	if(!@is_dir($conf['ispconfig_log_dir'].'/httpd')) mkdir($conf['ispconfig_log_dir'].'/httpd', 0755, true);
7fe908	765
dbe5b0	766	// Sites enabled and available dirs
2d86e1	767	exec('mkdir -p '.$conf['nginx']['vhost_conf_enabled_dir']);
F	768	exec('mkdir -p '.$conf['nginx']['vhost_conf_dir']);
7fe908	769
dbe5b0	770	$content = rf('/etc/nginx/nginx.conf');
F	771	if(stripos($content, 'include /etc/nginx/sites-enabled/*.vhost;') === false){
	772	$content = trim($content);
7fe908	773	$content = substr($content, 0, -1)."\n include /etc/nginx/sites-enabled/*.vhost;\n}";
MC	774	wf('/etc/nginx/nginx.conf', $content);
dbe5b0	775	}
2d86e1	776	unset($content);
7fe908	777
2d86e1	778	// create PHP-FPM pool dir
F	779	exec('mkdir -p '.$conf['nginx']['php_fpm_pool_dir']);
7fe908	780
2d86e1	781	$content = rf('/etc/php5/fpm/php-fpm.conf');
F	782	if(stripos($content, 'include=/etc/php5/fpm/pool.d/*.conf') === false){
7fe908	783	af('/etc/php5/fpm/php-fpm.conf', "\ninclude=/etc/php5/fpm/pool.d/*.conf");
2d86e1	784	}
F	785	unset($content);
59feb7	786	if(!@is_file($conf['nginx']['php_fpm_ini_path'])){
F	787	if(@is_file('/etc/php5/cli/php.ini')){
	788	exec('cp -f /etc/php5/cli/php.ini '.$conf['nginx']['php_fpm_ini_path']);
	789	} elseif(@is_file('/etc/php5/fastcgi/php.ini')){
	790	exec('cp -f /etc/php5/fastcgi/php.ini '.$conf['nginx']['php_fpm_ini_path']);
	791	} elseif(@is_file('/etc/php5/apache2/php.ini')){
	792	exec('cp -f /etc/php5/apache2/php.ini '.$conf['nginx']['php_fpm_ini_path']);
	793	}
	794	}
2d86e1	795
F	796	//* make sure that webalizer finds its config file when it is directly in /etc
	797	if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
	798	mkdir('/etc/webalizer');
7fe908	799	symlink('/etc/webalizer.conf', '/etc/webalizer/webalizer.conf');
2d86e1	800	}
F	801
	802	if(is_file('/etc/webalizer/webalizer.conf')) {
	803	// Change webalizer mode to incremental
7fe908	804	replaceLine('/etc/webalizer/webalizer.conf', '#IncrementalName', 'IncrementalName webalizer.current', 0, 0);
MC	805	replaceLine('/etc/webalizer/webalizer.conf', '#Incremental', 'Incremental yes', 0, 0);
	806	replaceLine('/etc/webalizer/webalizer.conf', '#HistoryName', 'HistoryName webalizer.hist', 0, 0);
2d86e1	807	}
7fe908	808
2d86e1	809	// Check the awsatst script
F	810	if(!is_dir('/usr/share/awstats/tools')) exec('mkdir -p /usr/share/awstats/tools');
7fe908	811	if(!file_exists('/usr/share/awstats/tools/awstats_buildstaticpages.pl') && file_exists('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl')) symlink('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl', '/usr/share/awstats/tools/awstats_buildstaticpages.pl');
MC	812	if(file_exists('/etc/awstats/awstats.conf.local')) replaceLine('/etc/awstats/awstats.conf.local', 'LogFormat=4', 'LogFormat=1', 0, 1);
	813
2d86e1	814	//* add a sshusers group
F	815	$command = 'groupadd sshusers';
	816	if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	817	}
7fe908	818
32d8e9	819	public function configure_firewall()
T	820	{
	821	global $conf;
7fe908	822
32d8e9	823	$dist_init_scripts = $conf['init_scripts'];
7fe908	824
32d8e9	825	if(is_dir("/etc/Bastille.backup")) caselog("rm -rf /etc/Bastille.backup", __FILE__, __LINE__);
T	826	if(is_dir("/etc/Bastille")) caselog("mv -f /etc/Bastille /etc/Bastille.backup", __FILE__, __LINE__);
7fe908	827	@mkdir("/etc/Bastille", octdec($directory_mode));
MC	828	if(is_dir("/etc/Bastille.backup/firewall.d")) caselog("cp -pfr /etc/Bastille.backup/firewall.d /etc/Bastille/", __FILE__, __LINE__);
	829	if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/bastille-firewall.cfg.master')) {
	830	caselog("cp -f " . $conf['ispconfig_install_dir']."/server/conf-custom/install/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
	831	} else {
	832	caselog("cp -f tpl/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
	833	}
	834	caselog("chmod 644 /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
	835	$content = rf("/etc/Bastille/bastille-firewall.cfg");
	836	$content = str_replace("{DNS_SERVERS}", "", $content);
32d8e9	837
7fe908	838	$tcp_public_services = '';
MC	839	$udp_public_services = '';
	840
fb3a98	841	$row = $this->db->queryOneRecord('SELECT * FROM '.$conf["mysql"]["database"].'.firewall WHERE server_id = '.intval($conf['server_id']));
7fe908	842
MC	843	if(trim($row["tcp_port"]) != '' \|\| trim($row["udp_port"]) != ''){
	844	$tcp_public_services = trim(str_replace(',', ' ', $row["tcp_port"]));
	845	$udp_public_services = trim(str_replace(',', ' ', $row["udp_port"]));
	846	} else {
	847	$tcp_public_services = '21 22 25 53 80 110 443 3306 8080 10000';
	848	$udp_public_services = '53';
	849	}
	850
32d8e9	851	if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) {
T	852	$tcp_public_services .= ' '.intval($conf['apache']['vhost_port']);
	853	if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ',".intval($conf['apache']['vhost_port'])."' WHERE server_id = ".intval($conf['server_id']));
	854	}
	855
7fe908	856	$content = str_replace("{TCP_PUBLIC_SERVICES}", $tcp_public_services, $content);
MC	857	$content = str_replace("{UDP_PUBLIC_SERVICES}", $udp_public_services, $content);
32d8e9	858
7fe908	859	wf("/etc/Bastille/bastille-firewall.cfg", $content);
32d8e9	860
7fe908	861	if(is_file($dist_init_scripts."/bastille-firewall")) caselog("mv -f $dist_init_scripts/bastille-firewall $dist_init_scripts/bastille-firewall.backup", __FILE__, __LINE__);
MC	862	caselog("cp -f apps/bastille-firewall $dist_init_scripts", __FILE__, __LINE__);
	863	caselog("chmod 700 $dist_init_scripts/bastille-firewall", __FILE__, __LINE__);
32d8e9	864
7fe908	865	if(is_file("/sbin/bastille-ipchains")) caselog("mv -f /sbin/bastille-ipchains /sbin/bastille-ipchains.backup", __FILE__, __LINE__);
MC	866	caselog("cp -f apps/bastille-ipchains /sbin", __FILE__, __LINE__);
	867	caselog("chmod 700 /sbin/bastille-ipchains", __FILE__, __LINE__);
	868
	869	if(is_file("/sbin/bastille-netfilter")) caselog("mv -f /sbin/bastille-netfilter /sbin/bastille-netfilter.backup", __FILE__, __LINE__);
	870	caselog("cp -f apps/bastille-netfilter /sbin", __FILE__, __LINE__);
	871	caselog("chmod 700 /sbin/bastille-netfilter", __FILE__, __LINE__);
	872
32d8e9	873	if(!@is_dir('/var/lock/subsys')) caselog("mkdir /var/lock/subsys", __FILE__, __LINE__);
T	874
7fe908	875	exec("which ipchains &> /dev/null", $ipchains_location, $ret_val);
MC	876	if(!is_file("/sbin/ipchains") && !is_link("/sbin/ipchains") && $ret_val == 0) phpcaselog(@symlink(shell_exec("which ipchains"), "/sbin/ipchains"), 'create symlink', __FILE__, __LINE__);
	877	unset($ipchains_location);
	878	exec("which iptables &> /dev/null", $iptables_location, $ret_val);
	879	if(!is_file("/sbin/iptables") && !is_link("/sbin/iptables") && $ret_val == 0) phpcaselog(@symlink(trim(shell_exec("which iptables")), "/sbin/iptables"), 'create symlink', __FILE__, __LINE__);
	880	unset($iptables_location);
32d8e9	881
T	882	}
4ae2a0	883
32d8e9	884	public function install_ispconfig()
7fe908	885	{
32d8e9	886	global $conf;
7fe908	887
32d8e9	888	$install_dir = $conf['ispconfig_install_dir'];
T	889
	890	//* Create the ISPConfig installation directory
	891	if(!@is_dir("$install_dir")) {
	892	$command = "mkdir $install_dir";
	893	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	894	}
7fe908	895
32d8e9	896	//* Create a ISPConfig user and group
T	897	$command = 'groupadd ispconfig';
	898	if(!is_group('ispconfig')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	899
32d8e9	900	$command = "useradd -g ispconfig -d $install_dir ispconfig";
T	901	if(!is_user('ispconfig')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	902
32d8e9	903	//* copy the ISPConfig interface part
T	904	$command = "cp -rf ../interface $install_dir";
	905	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	906
32d8e9	907	//* copy the ISPConfig server part
T	908	$command = "cp -rf ../server $install_dir";
	909	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
a13af2	910
fb6c56	911	//* Make a backup of the security settings
TB	912	if(is_file('/usr/local/ispconfig/security/security_settings.ini')) copy('/usr/local/ispconfig/security/security_settings.ini','/usr/local/ispconfig/security/security_settings.ini~');
	913
a13af2	914	//* copy the ISPConfig security part
TB	915	$command = 'cp -rf ../security '.$install_dir;
	916	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
fb6c56	917
TB	918	//* Apply changed security_settings.ini values to new security_settings.ini file
	919	if(is_file('/usr/local/ispconfig/security/security_settings.ini~')) {
	920	$security_settings_old = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini~'));
	921	$security_settings_new = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini'));
	922	if(is_array($security_settings_new) && is_array($security_settings_old)) {
	923	foreach($security_settings_new as $section => $sval) {
	924	if(is_array($sval)) {
	925	foreach($sval as $key => $val) {
	926	if(isset($security_settings_old[$section]) && isset($security_settings_old[$section][$key])) {
	927	$security_settings_new[$section][$key] = $security_settings_old[$section][$key];
	928	}
	929	}
	930	}
	931	}
	932	file_put_contents('/usr/local/ispconfig/security/security_settings.ini',array_to_ini($security_settings_new));
	933	}
	934	}
7fe908	935
32d8e9	936	//* Create a symlink, so ISPConfig is accessible via web
T	937	// Replaced by a separate vhost definition for port 8080
	938	// $command = "ln -s $install_dir/interface/web/ /var/www/ispconfig";
	939	// caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	940
32d8e9	941	//* Create the config file for ISPConfig interface
T	942	$configfile = 'config.inc.php';
	943	if(is_file($install_dir.'/interface/lib/'.$configfile)){
7fe908	944	copy("$install_dir/interface/lib/$configfile", "$install_dir/interface/lib/$configfile~");
MC	945	}
615a0a	946	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
32d8e9	947	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
T	948	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	949	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	950	$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
7fe908	951
32d8e9	952	$content = str_replace('{mysql_master_server_ispconfig_user}', $conf['mysql']['master_ispconfig_user'], $content);
T	953	$content = str_replace('{mysql_master_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content);
	954	$content = str_replace('{mysql_master_server_database}', $conf['mysql']['master_database'], $content);
	955	$content = str_replace('{mysql_master_server_host}', $conf['mysql']['master_host'], $content);
7fe908	956
32d8e9	957	$content = str_replace('{server_id}', $conf['server_id'], $content);
T	958	$content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
5898e6	959	$content = str_replace('{language}', $conf['language'], $content);
8cf78b	960	$content = str_replace('{timezone}', $conf['timezone'], $content);
41eaa8	961	$content = str_replace('{theme}', $conf['theme'], $content);
992797	962	$content = str_replace('{language_file_import_enabled}', ($conf['language_file_import_enabled'] == true)?'true':'false', $content);
7fe908	963
MC	964	wf("$install_dir/interface/lib/$configfile", $content);
	965
	966	//* Create the config file for ISPConfig server
	967	$configfile = 'config.inc.php';
	968	if(is_file($install_dir.'/server/lib/'.$configfile)){
	969	copy("$install_dir/server/lib/$configfile", "$install_dir/interface/lib/$configfile~");
	970	}
	971	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
	972	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
	973	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	974	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	975	$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
	976
	977	$content = str_replace('{mysql_master_server_ispconfig_user}', $conf['mysql']['master_ispconfig_user'], $content);
	978	$content = str_replace('{mysql_master_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content);
	979	$content = str_replace('{mysql_master_server_database}', $conf['mysql']['master_database'], $content);
	980	$content = str_replace('{mysql_master_server_host}', $conf['mysql']['master_host'], $content);
	981
	982	$content = str_replace('{server_id}', $conf['server_id'], $content);
	983	$content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
	984	$content = str_replace('{language}', $conf['language'], $content);
	985	$content = str_replace('{timezone}', $conf['timezone'], $content);
	986	$content = str_replace('{theme}', $conf['theme'], $content);
	987	$content = str_replace('{language_file_import_enabled}', ($conf['language_file_import_enabled'] == true)?'true':'false', $content);
	988
32d8e9	989	wf("$install_dir/server/lib/$configfile", $content);
7fe908	990
fb3a98	991	//* Create the config file for remote-actions (but only, if it does not exist, because
T	992	// the value is a autoinc-value and so changed by the remoteaction_core_module
	993	if (!file_exists($install_dir.'/server/lib/remote_action.inc.php')) {
	994	$content = '<?php' . "\n" . '$maxid_remote_action = 0;' . "\n" . '?>';
	995	wf($install_dir.'/server/lib/remote_action.inc.php', $content);
	996	}
7fe908	997
32d8e9	998	//* Enable the server modules and plugins.
T	999	// TODO: Implement a selector which modules and plugins shall be enabled.
	1000	$dir = $install_dir.'/server/mods-available/';
	1001	if (is_dir($dir)) {
	1002	if ($dh = opendir($dir)) {
	1003	while (($file = readdir($dh)) !== false) {
7fe908	1004	if($file != '.' && $file != '..' && substr($file, -8, 8) == '.inc.php') {
MC	1005	include_once $install_dir.'/server/mods-available/'.$file;
	1006	$module_name = substr($file, 0, -8);
32d8e9	1007	$tmp = new $module_name;
T	1008	if($tmp->onInstall()) {
	1009	if(!@is_link($install_dir.'/server/mods-enabled/'.$file)) @symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-enabled/'.$file);
	1010	if (strpos($file, '_core_module') !== false) {
	1011	if(!@is_link($install_dir.'/server/mods-core/'.$file)) @symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-core/'.$file);
	1012	}
	1013	}
	1014	unset($tmp);
	1015	}
	1016	}
	1017	closedir($dh);
	1018	}
	1019	}
7fe908	1020
32d8e9	1021	$dir = $install_dir.'/server/plugins-available/';
T	1022	if (is_dir($dir)) {
	1023	if ($dh = opendir($dir)) {
	1024	while (($file = readdir($dh)) !== false) {
1bd269	1025	if($conf['apache']['installed'] == true && $file == 'nginx_plugin.inc.php') continue;
F	1026	if($conf['nginx']['installed'] == true && $file == 'apache2_plugin.inc.php') continue;
7fe908	1027	if($file != '.' && $file != '..' && substr($file, -8, 8) == '.inc.php') {
MC	1028	include_once $install_dir.'/server/plugins-available/'.$file;
	1029	$plugin_name = substr($file, 0, -8);
32d8e9	1030	$tmp = new $plugin_name;
T	1031	if($tmp->onInstall()) {
	1032	if(!@is_link($install_dir.'/server/plugins-enabled/'.$file)) @symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-enabled/'.$file);
	1033	if (strpos($file, '_core_plugin') !== false) {
	1034	if(!@is_link($install_dir.'/server/plugins-core/'.$file)) @symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-core/'.$file);
	1035	}
	1036	}
	1037	unset($tmp);
	1038	}
	1039	}
	1040	closedir($dh);
	1041	}
	1042	}
7fe908	1043
32d8e9	1044	// Update the server config
T	1045	$mail_server_enabled = ($conf['services']['mail'])?1:0;
	1046	$web_server_enabled = ($conf['services']['web'])?1:0;
	1047	$dns_server_enabled = ($conf['services']['dns'])?1:0;
	1048	$file_server_enabled = ($conf['services']['file'])?1:0;
	1049	$db_server_enabled = ($conf['services']['db'])?1:0;
	1050	$vserver_server_enabled = ($conf['services']['vserver'])?1:0;
	1051	$sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled' WHERE server_id = ".intval($conf['server_id']);
7fe908	1052
32d8e9	1053	if($conf['mysql']['master_slave_setup'] == 'y') {
T	1054	$this->dbmaster->query($sql);
	1055	$this->db->query($sql);
	1056	} else {
	1057	$this->db->query($sql);
	1058	}
7fe908	1059
3e0fc8	1060	// chown install dir to root and chmod 755
TB	1061	$command = 'chown root:root '.$install_dir;
	1062	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1063	$command = 'chmod 755 '.$install_dir;
32d8e9	1064	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
T	1065
fa029b	1066	//* Chmod the files and directories in the install dir
3e0fc8	1067	$command = 'chmod -R 750 '.$install_dir.'/*';
TB	1068	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1069
	1070	//* chown the interface files to the ispconfig user and group
	1071	$command = 'chown -R ispconfig:ispconfig '.$install_dir.'/interface';
	1072	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1073
	1074	//* chown the server files to the root user and group
	1075	$command = 'chown -R root:root '.$install_dir.'/server';
32d8e9	1076	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
fa029b	1077
TB	1078	//* chown the security files to the root user and group
	1079	$command = 'chown -R root:root '.$install_dir.'/security';
	1080	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1081
	1082	//* chown the security directory and security_settings.ini to root:ispconfig
	1083	$command = 'chown root:ispconfig '.$install_dir.'/security/security_settings.ini';
	1084	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1085	$command = 'chown root:ispconfig '.$install_dir.'/security';
	1086	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
cb1221	1087	$command = 'chown root:ispconfig '.$install_dir.'/security/ids.whitelist';
TB	1088	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1089	$command = 'chown root:ispconfig '.$install_dir.'/security/ids.htmlfield';
	1090	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1091	$command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
	1092	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	1093
32d8e9	1094	//* Make the global language file directory group writable
T	1095	exec("chmod -R 770 $install_dir/interface/lib/lang");
7fe908	1096
32d8e9	1097	//* Make the temp directory for language file exports writable
T	1098	exec("chmod -R 770 $install_dir/interface/web/temp");
7fe908	1099
32d8e9	1100	//* Make all interface language file directories group writable
T	1101	$handle = @opendir($install_dir.'/interface/web');
7fe908	1102	while ($file = @readdir($handle)) {
MC	1103	if ($file != '.' && $file != '..') {
	1104	if(@is_dir($install_dir.'/interface/web'.'/'.$file.'/lib/lang')) {
32d8e9	1105	$handle2 = opendir($install_dir.'/interface/web'.'/'.$file.'/lib/lang');
7fe908	1106	chmod($install_dir.'/interface/web'.'/'.$file.'/lib/lang', 0770);
MC	1107	while ($lang_file = @readdir($handle2)) {
32d8e9	1108	if ($lang_file != '.' && $lang_file != '..') {
7fe908	1109	chmod($install_dir.'/interface/web'.'/'.$file.'/lib/lang/'.$lang_file, 0770);
32d8e9	1110	}
T	1111	}
	1112	}
	1113	}
	1114	}
7fe908	1115
477d4e	1116	//* Make the APS directories group writable
T	1117	exec("chmod -R 770 $install_dir/interface/web/sites/aps_meta_packages");
	1118	exec("chmod -R 770 $install_dir/server/aps_packages");
7fe908	1119
32d8e9	1120	//* make sure that the server config file (not the interface one) is only readable by the root user
bfcdef	1121	chmod($install_dir.'/server/lib/config.inc.php', 0600);
T	1122	chown($install_dir.'/server/lib/config.inc.php', 'root');
	1123	chgrp($install_dir.'/server/lib/config.inc.php', 'root');
7fe908	1124
bfcdef	1125	//* Make sure thet the interface config file is readable by user ispconfig only
T	1126	chmod($install_dir.'/interface/lib/config.inc.php', 0600);
	1127	chown($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
	1128	chgrp($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
7fe908	1129
32d8e9	1130	if(@is_file("$install_dir/server/lib/mysql_clientdb.conf")) {
T	1131	exec("chmod 600 $install_dir/server/lib/mysql_clientdb.conf");
	1132	exec("chown root:root $install_dir/server/lib/mysql_clientdb.conf");
	1133	}
980485	1134
TB	1135	if(is_dir($install_dir.'/interface/invoices')) {
	1136	exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
	1137	exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
	1138	}
	1139
	1140	exec('chown -R root:root /usr/local/ispconfig/interface/ssl');
7fe908	1141
32d8e9	1142	// TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing
T	1143	// and must be fixed as this will allow the apache user to read the ispconfig files.
	1144	// Later this must run as own apache server or via suexec!
63b369	1145	if($conf['apache']['installed'] == true){
5edf40	1146	//$command = 'groupmod --add-user '.$conf['apache']['user'].' ispconfig';
TB	1147	$command = 'usermod -a -G ispconfig '.$conf['apache']['user'];
63b369	1148	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
272aec	1149	if(is_group('ispapps')){
5edf40	1150	//$command = 'groupmod --add-user '.$conf['apache']['user'].' ispapps';
TB	1151	$command = 'usermod -a -G ispapps '.$conf['apache']['user'];
272aec	1152	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
F	1153	}
63b369	1154	}
F	1155	if($conf['nginx']['installed'] == true){
5edf40	1156	//$command = 'groupmod --add-user '.$conf['nginx']['user'].' ispconfig';
TB	1157	$command = 'usermod -a -G ispconfig '.$conf['nginx']['user'];
63b369	1158	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
272aec	1159	if(is_group('ispapps')){
5edf40	1160	//$command = 'groupmod --add-user '.$conf['nginx']['user'].' ispapps';
TB	1161	$command = 'usermod -a -G ispapps '.$conf['nginx']['user'];
272aec	1162	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
F	1163	}
5c93f0	1164	// add nobody user to www group, as the default php-fpm pool from opensuse runs as nobody
TB	1165	$command = 'usermod -a -G www nobody';
	1166	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
63b369	1167	}
7fe908	1168
32d8e9	1169	//* Make the shell scripts executable
T	1170	$command = "chmod +x $install_dir/server/scripts/*.sh";
	1171	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
7fe908	1172
MC	1173
7e1cfb	1174	if($conf['apache']['installed'] == true && $this->install_ispconfig_interface == true){
1bd269	1175	//* Copy the ISPConfig vhost for the controlpanel
F	1176	// TODO: These are missing! should they be "vhost_dist_*_dir" ?
	1177	$vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
	1178	$vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
7fe908	1179
MC	1180
1bd269	1181	// Dont just copy over the virtualhost template but add some custom settings
ccbf14	1182	$tpl = new tpl('apache_ispconfig.vhost.master');
TB	1183	$tpl->setVar('vhost_port',$conf['apache']['vhost_port']);
7fe908	1184
1bd269	1185	// comment out the listen directive if port is 80 or 443
F	1186	if($conf['apache']['vhost_port'] == 80 or $conf['apache']['vhost_port'] == 443) {
ccbf14	1187	$tpl->setVar('vhost_port_listen','#');
1bd269	1188	} else {
ccbf14	1189	$tpl->setVar('vhost_port_listen','');
1bd269	1190	}
7fe908	1191
ccbf14	1192	if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
TB	1193	$tpl->setVar('ssl_comment','');
1bd269	1194	} else {
ccbf14	1195	$tpl->setVar('ssl_comment','#');
1bd269	1196	}
10b4c8	1197	if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key') && is_file($install_dir.'/interface/ssl/ispserver.bundle')) {
ccbf14	1198	$tpl->setVar('ssl_bundle_comment','');
10b4c8	1199	} else {
ccbf14	1200	$tpl->setVar('ssl_bundle_comment','#');
10b4c8	1201	}
ccbf14	1202
TB	1203	$tpl->setVar('apache_version',getapacheversion());
7fe908	1204
fbc02f	1205	$content = $tpl->grab();
TB	1206	$content = str_replace('/var/www/', '/srv/www/', $content);
	1207	wf($vhost_conf_dir.'/ispconfig.vhost', $content);
7fe908	1208
cc6568	1209	//if(!is_file('/srv/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter')) {
7fe908	1210	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/apache_ispconfig_fcgi_starter.master', 'tpl/apache_ispconfig_fcgi_starter.master');
MC	1211	$content = str_replace('{fastcgi_bin}', $conf['fastcgi']['fastcgi_bin'], $content);
	1212	$content = str_replace('{fastcgi_phpini_path}', $conf['fastcgi']['fastcgi_phpini_path'], $content);
	1213	exec('mkdir -p /srv/www/php-fcgi-scripts/ispconfig');
	1214	wf('/srv/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter', $content);
	1215	exec('chmod +x /srv/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');
	1216	exec('ln -s /usr/local/ispconfig/interface/web /srv/www/ispconfig');
	1217	exec('chown -R ispconfig:ispconfig /srv/www/php-fcgi-scripts/ispconfig');
	1218
cc6568	1219	//}
7fe908	1220
1bd269	1221	//copy('tpl/apache_ispconfig.vhost.master', "$vhost_conf_dir/ispconfig.vhost");
F	1222	//* and create the symlink
7e1cfb	1223	if($this->is_update == false) {
1bd269	1224	if(@is_link("$vhost_conf_enabled_dir/ispconfig.vhost")) unlink("$vhost_conf_enabled_dir/ispconfig.vhost");
F	1225	if(!@is_link("$vhost_conf_enabled_dir/000-ispconfig.vhost")) {
	1226	exec("ln -s $vhost_conf_dir/ispconfig.vhost $vhost_conf_enabled_dir/000-ispconfig.vhost");
	1227	}
7fe908	1228
1bd269	1229	}
7fe908	1230
1bd269	1231	// Fix a setting in vhost master file for suse
7fe908	1232	replaceLine('/usr/local/ispconfig/server/conf/vhost.conf.master', "suPHP_UserGroup", " suPHP_UserGroup <tmpl_var name='system_user'> <tmpl_var name='system_group'>", 0);
1bd269	1233	}
F	1234
7e1cfb	1235	if($conf['nginx']['installed'] == true && $this->install_ispconfig_interface == true){
1bd269	1236	//* Copy the ISPConfig vhost for the controlpanel
F	1237	$vhost_conf_dir = $conf['nginx']['vhost_conf_dir'];
	1238	$vhost_conf_enabled_dir = $conf['nginx']['vhost_conf_enabled_dir'];
	1239
	1240	// Dont just copy over the virtualhost template but add some custom settings
615a0a	1241	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/nginx_ispconfig.vhost.master', 'tpl/nginx_ispconfig.vhost.master');
1bd269	1242	$content = str_replace('{vhost_port}', $conf['nginx']['vhost_port'], $content);
7fe908	1243
1bd269	1244	if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
10b4c8	1245	$content = str_replace('{ssl_on}', ' on', $content);
1bd269	1246	$content = str_replace('{ssl_comment}', '', $content);
F	1247	$content = str_replace('{fastcgi_ssl}', 'on', $content);
	1248	} else {
10b4c8	1249	$content = str_replace('{ssl_on}', ' off', $content);
1bd269	1250	$content = str_replace('{ssl_comment}', '#', $content);
F	1251	$content = str_replace('{fastcgi_ssl}', 'off', $content);
32d8e9	1252	}
7fe908	1253
ca0b77	1254	$socket_dir = escapeshellcmd($conf['nginx']['php_fpm_socket_dir']);
7fe908	1255	if(substr($socket_dir, -1) != '/') $socket_dir .= '/';
ca0b77	1256	if(!is_dir($socket_dir)) exec('mkdir -p '.$socket_dir);
F	1257	$fpm_socket = $socket_dir.'ispconfig.sock';
7fe908	1258
ca0b77	1259	//$content = str_replace('{fpm_port}', $conf['nginx']['php_fpm_start_port'], $content);
F	1260	$content = str_replace('{fpm_socket}', $fpm_socket, $content);
1bd269	1261
F	1262	wf($vhost_conf_dir.'/ispconfig.vhost', $content);
7fe908	1263
1bd269	1264	unset($content);
7fe908	1265
1bd269	1266	// PHP-FPM
F	1267	// Dont just copy over the php-fpm pool template but add some custom settings
615a0a	1268	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/php_fpm_pool.conf.master', 'tpl/php_fpm_pool.conf.master');
1bd269	1269	$content = str_replace('{fpm_pool}', 'ispconfig', $content);
ca0b77	1270	//$content = str_replace('{fpm_port}', $conf['nginx']['php_fpm_start_port'], $content);
F	1271	$content = str_replace('{fpm_socket}', $fpm_socket, $content);
1bd269	1272	$content = str_replace('{fpm_user}', 'ispconfig', $content);
F	1273	$content = str_replace('{fpm_group}', 'ispconfig', $content);
	1274	wf($conf['nginx']['php_fpm_pool_dir'].'/ispconfig.conf', $content);
	1275
	1276	//copy('tpl/nginx_ispconfig.vhost.master', $vhost_conf_dir.'/ispconfig.vhost');
	1277	//* and create the symlink
7e1cfb	1278	if($this->is_update == false) {
1bd269	1279	if(@is_link($vhost_conf_enabled_dir.'/ispconfig.vhost')) unlink($vhost_conf_enabled_dir.'/ispconfig.vhost');
F	1280	if(!@is_link($vhost_conf_enabled_dir.'/000-ispconfig.vhost')) {
7fe908	1281	symlink($vhost_conf_dir.'/ispconfig.vhost', $vhost_conf_enabled_dir.'/000-ispconfig.vhost');
1bd269	1282	}
F	1283	}
7fe908	1284
9aec3d	1285	// create symlinks from /usr/share to phpMyAdmin and SquirrelMail, if they are installed
7fe908	1286	if(!@file_exists('/usr/share/phpmyadmin') && @is_dir('/srv/www/htdocs/phpMyAdmin')) symlink('/srv/www/htdocs/phpMyAdmin/', '/usr/share/phpmyadmin');
MC	1287	if(!@file_exists('/usr/share/squirrelmail') && @is_dir('/srv/www/htdocs/squirrelmail')) symlink('/srv/www/htdocs/squirrelmail/', '/usr/share/squirrelmail');
32d8e9	1288	}
7fe908	1289
MC	1290
32d8e9	1291	// Make the Clamav log files readable by ISPConfig
T	1292	//exec('chmod +r /var/log/clamav/clamav.log');
	1293	//exec('chmod +r /var/log/clamav/freshclam.log');
7fe908	1294
32d8e9	1295	//* Install the update script
b34f99	1296	if(is_file('/usr/local/bin/ispconfig_update_from_dev.sh')) unlink('/usr/local/bin/ispconfig_update_from_dev.sh');
MC	1297	exec('chown root /usr/local/ispconfig/server/scripts/update_from_dev.sh');
	1298	exec('chmod 700 /usr/local/ispconfig/server/scripts/update_from_dev.sh');
32d8e9	1299	exec('chown root /usr/local/ispconfig/server/scripts/update_from_tgz.sh');
T	1300	exec('chmod 700 /usr/local/ispconfig/server/scripts/update_from_tgz.sh');
	1301	exec('chown root /usr/local/ispconfig/server/scripts/ispconfig_update.sh');
	1302	exec('chmod 700 /usr/local/ispconfig/server/scripts/ispconfig_update.sh');
b34f99	1303	if(!is_link('/usr/local/bin/ispconfig_update_from_dev.sh')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_update.sh /usr/local/bin/ispconfig_update_from_dev.sh');
32d8e9	1304	if(!is_link('/usr/local/bin/ispconfig_update.sh')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_update.sh /usr/local/bin/ispconfig_update.sh');
7fe908	1305
32d8e9	1306	//set the fast cgi starter script to executable
T	1307	//exec('chmod 755 '.$install_dir.'/interface/bin/php-fcgi');
7fe908	1308
32d8e9	1309	//* Make the logs readable for the ispconfig user
T	1310	if(@is_file('/var/log/mail.log')) exec('chmod +r /var/log/mail.log');
	1311	if(@is_file('/var/log/mail.warn')) exec('chmod +r /var/log/mail.warn');
	1312	if(@is_file('/var/log/mail.err')) exec('chmod +r /var/log/mail.err');
	1313	if(@is_file('/var/log/messages')) exec('chmod +r /var/log/messages');
7fe908	1314
32d8e9	1315	//To enable apache to read the directories
T	1316	exec('chmod a+rx /usr/local/ispconfig');
	1317	exec('chmod -R 751 /usr/local/ispconfig/interface');
	1318	exec('chmod a+rx /usr/local/ispconfig/interface/web');
7fe908	1319
32d8e9	1320	//* Create the ispconfig log directory
e38d14	1321	if(!is_dir($conf['ispconfig_log_dir'])) mkdir($conf['ispconfig_log_dir']);
J	1322	if(!is_file($conf['ispconfig_log_dir'].'/ispconfig.log')) exec('touch '.$conf['ispconfig_log_dir'].'/ispconfig.log');
7fe908	1323
0c5b42	1324	if(is_user('getmail')) {
T	1325	exec('mv /usr/local/ispconfig/server/scripts/run-getmail.sh /usr/local/bin/run-getmail.sh');
	1326	exec('chown getmail /usr/local/bin/run-getmail.sh');
	1327	exec('chmod 744 /usr/local/bin/run-getmail.sh');
	1328	}
7fe908	1329
8cf78b	1330	if(is_dir($install_dir.'/interface/invoices')) {
e94a9f	1331	exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
T	1332	exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
edf806	1333	}
7fe908	1334
0799f8	1335	//* Create the ispconfig auth log file and set uid/gid
T	1336	if(!is_file($conf['ispconfig_log_dir'].'/auth.log')) {
	1337	touch($conf['ispconfig_log_dir'].'/auth.log');
	1338	}
	1339	exec('chown ispconfig:ispconfig '. $conf['ispconfig_log_dir'].'/auth.log');
	1340	exec('chmod 660 '. $conf['ispconfig_log_dir'].'/auth.log');
7fe908	1341
d71bae	1342	//* Remove Domain module as its functions are available in the client module now
T	1343	if(@is_dir('/usr/local/ispconfig/interface/web/domain')) exec('rm -rf /usr/local/ispconfig/interface/web/domain');
021aec	1344
TB	1345	// Add symlink for patch tool
	1346	if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch');
7fe908	1347
MC	1348
32d8e9	1349	}
7fe908	1350
32d8e9	1351	public function configure_dbserver()
T	1352	{
	1353	global $conf;
7fe908	1354
32d8e9	1355	//* If this server shall act as database server for client DB's, we configure this here
T	1356	$install_dir = $conf['ispconfig_install_dir'];
7fe908	1357
MC	1358	// Create a file with the database login details which
32d8e9	1359	// are used to create the client databases.
7fe908	1360
32d8e9	1361	if(!is_dir("$install_dir/server/lib")) {
T	1362	$command = "mkdir $install_dir/server/lib";
	1363	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1364	}
7fe908	1365
615a0a	1366	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/mysql_clientdb.conf.master', "tpl/mysql_clientdb.conf.master");
7fe908	1367	$content = str_replace('{hostname}', $conf['mysql']['host'], $content);
MC	1368	$content = str_replace('{username}', $conf['mysql']['admin_user'], $content);
67fede	1369	$content = str_replace('{password}', addslashes($conf['mysql']['admin_password']), $content);
7fe908	1370	wf("$install_dir/server/lib/mysql_clientdb.conf", $content);
32d8e9	1371	exec('chmod 600 '."$install_dir/server/lib/mysql_clientdb.conf");
T	1372	exec('chown root:root '."$install_dir/server/lib/mysql_clientdb.conf");
7fe908	1373
32d8e9	1374	}
7fe908	1375
32d8e9	1376	public function install_crontab()
7fe908	1377	{
32d8e9	1378	global $conf;
7fe908	1379
32d8e9	1380	//* Root Crontab
T	1381	exec('crontab -u root -l > crontab.txt');
	1382	$existing_root_cron_jobs = file('crontab.txt');
7fe908	1383
32d8e9	1384	// remove existing ispconfig cronjobs, in case the syntax has changed
T	1385	foreach($existing_root_cron_jobs as $key => $val) {
7fe908	1386	if(stristr($val, '/usr/local/ispconfig')) unset($existing_root_cron_jobs[$key]);
32d8e9	1387	}
7fe908	1388
32d8e9	1389	$root_cron_jobs = array(
T	1390	'* * * * * /usr/local/ispconfig/server/server.sh &> /dev/null',
	1391	'30 00 * * * /usr/local/ispconfig/server/cron_daily.sh &> /dev/null'
	1392	);
7fe908	1393
b6a10a	1394	if ($conf['nginx']['installed'] == true) {
F	1395	$root_cron_jobs[] = "0 0 * * * /usr/local/ispconfig/server/scripts/create_daily_nginx_access_logs.sh &> /dev/null";
	1396	}
7fe908	1397
32d8e9	1398	foreach($root_cron_jobs as $cron_job) {
T	1399	if(!in_array($cron_job."\n", $existing_root_cron_jobs)) {
	1400	$existing_root_cron_jobs[] = $cron_job."\n";
	1401	}
	1402	}
	1403	file_put_contents('crontab.txt', $existing_root_cron_jobs);
	1404	exec('crontab -u root crontab.txt &> /dev/null');
	1405	unlink('crontab.txt');
7fe908	1406
32d8e9	1407	//* Getmail crontab
T	1408	if(is_user('getmail')) {
7fe908	1409	$cf = $conf['getmail'];
32d8e9	1410	exec('crontab -u getmail -l > crontab.txt');
T	1411	$existing_cron_jobs = file('crontab.txt');
7fe908	1412
32d8e9	1413	$cron_jobs = array(
7fe908	1414	'/5 * * * /usr/local/bin/run-getmail.sh > /dev/null 2>> /dev/null'
MC	1415	);
	1416
32d8e9	1417	// remove existing ispconfig cronjobs, in case the syntax has changed
T	1418	foreach($existing_cron_jobs as $key => $val) {
7fe908	1419	if(stristr($val, 'getmail')) unset($existing_cron_jobs[$key]);
32d8e9	1420	}
7fe908	1421
32d8e9	1422	foreach($cron_jobs as $cron_job) {
T	1423	if(!in_array($cron_job."\n", $existing_cron_jobs)) {
	1424	$existing_cron_jobs[] = $cron_job."\n";
	1425	}
	1426	}
	1427	file_put_contents('crontab.txt', $existing_cron_jobs);
	1428	exec('crontab -u getmail crontab.txt &> /dev/null');
	1429	unlink('crontab.txt');
	1430	}
7fe908	1431
32d8e9	1432	exec('touch /var/log/ispconfig/cron.log');
cc6568	1433	exec('chmod 660 /var/log/ispconfig/cron.log');
32d8e9	1434	}
T	1435
	1436	}
	1437
e38d14	1438	?>