Michel Käser
2015-05-16 82e9b9e7c7ecf1664a7b0d4e57a5c4893739559d
commit | author | age
0711af 1 <?php
T 2
3 /*
436ed8 4 Copyright (c) 2007, Till Brehm, projektfarm Gmbh
0711af 5 All rights reserved.
T 6
7 Redistribution and use in source and binary forms, with or without modification,
8 are permitted provided that the following conditions are met:
9
10     * Redistributions of source code must retain the above copyright notice,
11       this list of conditions and the following disclaimer.
12     * Redistributions in binary form must reproduce the above copyright notice,
13       this list of conditions and the following disclaimer in the documentation
14       and/or other materials provided with the distribution.
15     * Neither the name of ISPConfig nor the names of its contributors
16       may be used to endorse or promote products derived from this software without
17       specific prior written permission.
18
19 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
20 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
23 INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
24 BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
26 OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
28 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */
30
344393 31 class installer_dist extends installer_base {
526b99 32
T 33     public function configure_mailman($status = 'insert') {
34         global $conf;
35
36         $config_dir = $conf['mailman']['config_dir'].'/';
37         $full_file_name = $config_dir.'mm_cfg.py';
38         //* Backup exiting file
39         if(is_file($full_file_name)) {
40             copy($full_file_name, $config_dir.'mm_cfg.py~');
41         }
42
43         // load files
615a0a 44         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/mm_cfg.py.master', 'tpl/mm_cfg.py.master');
526b99 45         $old_file = rf($full_file_name);
T 46
47         $old_options = array();
48         $lines = explode("\n", $old_file);
49         foreach ($lines as $line)
50         {
51             if (trim($line) != '' && substr($line, 0, 1) != '#')
52             {
53                 @list($key, $value) = @explode("=", $line);
54                 if (!empty($value))
55                 {
56                     $key = rtrim($key);
57                     $old_options[$key] = trim($value);
58                 }
59             }
60         }
b1a6a5 61
526b99 62         if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');
T 63         exec('/usr/sbin/postmap /var/lib/mailman/data/transport-mailman');
64
65         $virtual_domains = '';
66         if($status == 'update')
67         {
68             // create virtual_domains list
69             $domainAll = $this->db->queryAllRecords("SELECT domain FROM mail_mailinglist GROUP BY domain");
70
71             if(is_array($domainAll)) {
b1a6a5 72                 foreach($domainAll as $domain)
MC 73                 {
74                     if ($domainAll[0]['domain'] == $domain['domain'])
75                         $virtual_domains .= "'".$domain['domain']."'";
76                     else
77                         $virtual_domains .= ", '".$domain['domain']."'";
78                 }
526b99 79             }
T 80         }
81         else
82             $virtual_domains = "' '";
83
84         $content = str_replace('{hostname}', $conf['hostname'], $content);
85         if(!isset($old_options['DEFAULT_SERVER_LANGUAGE'])) $old_options['DEFAULT_SERVER_LANGUAGE'] = '';
86         $content = str_replace('{default_language}', $old_options['DEFAULT_SERVER_LANGUAGE'], $content);
87         $content = str_replace('{virtual_domains}', $virtual_domains, $content);
88
89         wf($full_file_name, $content);
b1a6a5 90
3f478f 91         //* Write virtual_to_transport.sh script
T 92         $config_dir = $conf['mailman']['config_dir'].'/';
93         $full_file_name = $config_dir.'virtual_to_transport.sh';
b1a6a5 94
3f478f 95         //* Backup exiting virtual_to_transport.sh script
T 96         if(is_file($full_file_name)) {
97             copy($full_file_name, $config_dir.'virtual_to_transport.sh~');
98         }
b1a6a5 99
3f478f 100         if(is_dir('/etc/mailman')) {
b1a6a5 101             if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/mailman-virtual_to_transport.sh')) {
MC 102                 copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/mailman-virtual_to_transport.sh', $full_file_name);
103             } else {
104                 copy('tpl/mailman-virtual_to_transport.sh', $full_file_name);
105             }
106             chgrp($full_file_name, 'mailman');
107             chmod($full_file_name, 0750);
3f478f 108         }
b1a6a5 109
3f478f 110         //* Create aliasaes
T 111         exec('/usr/lib/mailman/bin/genaliases 2>/dev/null');
b1a6a5 112
526b99 113     }
b1a6a5 114
0711af 115     function configure_postfix($options = '')
b1a6a5 116     {
b51c22 117         global $conf,$autoinstall;
0711af 118         $cf = $conf['postfix'];
T 119         $config_dir = $cf['config_dir'];
b1a6a5 120
0711af 121         if(!is_dir($config_dir)){
b1a6a5 122             $this->error("The postfix configuration directory '$config_dir' does not exist.");
MC 123         }
124
0711af 125         //* mysql-virtual_domains.cf
b1a6a5 126         $this->process_postfix_config('mysql-virtual_domains.cf');
0711af 127
T 128         //* mysql-virtual_forwardings.cf
b1a6a5 129         $this->process_postfix_config('mysql-virtual_forwardings.cf');
0711af 130
T 131         //* mysql-virtual_mailboxes.cf
b1a6a5 132         $this->process_postfix_config('mysql-virtual_mailboxes.cf');
0711af 133
T 134         //* mysql-virtual_email2email.cf
b1a6a5 135         $this->process_postfix_config('mysql-virtual_email2email.cf');
0711af 136
T 137         //* mysql-virtual_transports.cf
b1a6a5 138         $this->process_postfix_config('mysql-virtual_transports.cf');
0711af 139
T 140         //* mysql-virtual_recipient.cf
b1a6a5 141         $this->process_postfix_config('mysql-virtual_recipient.cf');
0711af 142
T 143         //* mysql-virtual_sender.cf
b1a6a5 144         $this->process_postfix_config('mysql-virtual_sender.cf');
0711af 145
03b633 146         //* mysql-virtual_sender_login_maps.cf
D 147         $this->process_postfix_config('mysql-virtual_sender_login_maps.cf');
148         
0711af 149         //* mysql-virtual_client.cf
b1a6a5 150         $this->process_postfix_config('mysql-virtual_client.cf');
MC 151
0711af 152         //* mysql-virtual_relaydomains.cf
b1a6a5 153         $this->process_postfix_config('mysql-virtual_relaydomains.cf');
MC 154
429dcf 155         //* mysql-virtual_relayrecipientmaps.cf
b1a6a5 156         $this->process_postfix_config('mysql-virtual_relayrecipientmaps.cf');
0711af 157
75722e 158         //* mysql-virtual_policy_greylist.cf
D 159         $this->process_postfix_config('mysql-virtual_policy_greylist.cf');
160
b1a6a5 161         //* postfix-dkim
MC 162         $full_file_name=$config_dir.'/tag_as_originating.re';
163         if(is_file($full_file_name)) {
164             copy($full_file_name, $config_dir.$configfile.'~');
165         }
166         wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10026');
ec5716 167
b1a6a5 168         $full_file_name=$config_dir.'/tag_as_foreign.re';
MC 169         if(is_file($full_file_name)) {
170             copy($full_file_name, $config_dir.$configfile.'~');
171         }
172         wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10024');
ec5716 173
0711af 174         //* Changing mode and group of the new created config files.
T 175         caselog('chmod o= '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
b1a6a5 176             __FILE__, __LINE__, 'chmod on mysql-virtual_*.cf*', 'chmod on mysql-virtual_*.cf* failed');
MC 177         caselog('chgrp '.$cf['group'].' '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
178             __FILE__, __LINE__, 'chgrp on mysql-virtual_*.cf*', 'chgrp on mysql-virtual_*.cf* failed');
179
0711af 180         //* Creating virtual mail user and group
T 181         $command = 'groupadd -g '.$cf['vmail_groupid'].' '.$cf['vmail_groupname'];
392450 182         if(!is_group($cf['vmail_groupname'])) caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
0711af 183
T 184         $command = 'useradd -g '.$cf['vmail_groupname'].' -u '.$cf['vmail_userid'].' '.$cf['vmail_username'].' -d '.$cf['vmail_mailbox_base'].' -m';
7b47c0 185         if(!is_user($cf['vmail_username'])) caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
T 186
187         //* These postconf commands will be executed on installation and update
2af58c 188         $server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ?", $conf['server_id']);
7b47c0 189         $server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
T 190         unset($server_ini_rec);
191
192         //* If there are RBL's defined, format the list and add them to smtp_recipient_restrictions to prevent removeal after an update
193         $rbl_list = '';
194         if (@isset($server_ini_array['mail']['realtime_blackhole_list']) && $server_ini_array['mail']['realtime_blackhole_list'] != '') {
b1a6a5 195             $rbl_hosts = explode(",", str_replace(" ", "", $server_ini_array['mail']['realtime_blackhole_list']));
7b47c0 196             foreach ($rbl_hosts as $key => $value) {
T 197                 $rbl_list .= ", reject_rbl_client ". $value;
198             }
199         }
200         unset($rbl_hosts);
75722e 201         
D 202         //* If Postgrey is installed, configure it
203         $greylisting = '';
204         if($conf['postgrey']['installed'] == true) {
20f478 205             $greylisting = ', check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf';
75722e 206         }
D 207         
20f478 208         $reject_sender_login_mismatch = '';
D 209         if(isset($server_ini_array['mail']['reject_sender_login_mismatch']) && ($server_ini_array['mail']['reject_sender_login_mismatch'] == 'y')) {
210             $reject_sender_login_mismatch = ', reject_authenticated_sender_login_mismatch';
211         }
212         unset($server_ini_array);
213         
b1a6a5 214         $postconf_placeholders = array('{config_dir}' => $config_dir,
MC 215             '{vmail_mailbox_base}' => $cf['vmail_mailbox_base'],
216             '{vmail_userid}' => $cf['vmail_userid'],
217             '{vmail_groupid}' => $cf['vmail_groupid'],
75722e 218             '{rbl_list}' => $rbl_list,
D 219             '{greylisting}' => $greylisting,
20f478 220             '{reject_slm}' => $reject_sender_login_mismatch,
75722e 221         );
20f478 222         
b1a6a5 223         $postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_postfix.conf.master', 'tpl/fedora_postfix.conf.master');
MC 224         $postconf_tpl = strtr($postconf_tpl, $postconf_placeholders);
225         $postconf_commands = array_filter(explode("\n", $postconf_tpl)); // read and remove empty lines
226
b67344 227         //* These postconf commands will be executed on installation only
T 228         if($this->is_update == false) {
b1a6a5 229             $postconf_commands = array_merge($postconf_commands, array(
MC 230                     'myhostname = '.$conf['hostname'],
231                     'mydestination = '.$conf['hostname'].', localhost, localhost.localdomain',
232                     'mynetworks = 127.0.0.0/8 [::1]/128'
233                 ));
b67344 234         }
b1a6a5 235
0711af 236         //* Create the header and body check files
T 237         touch($config_dir.'/header_checks');
238         touch($config_dir.'/mime_header_checks');
239         touch($config_dir.'/nested_header_checks');
240         touch($config_dir.'/body_checks');
b1a6a5 241
3f478f 242         //* Create the mailman files
T 243         if(!is_dir('/var/lib/mailman/data')) exec('mkdir -p /var/lib/mailman/data');
244         //if(!is_file('/var/lib/mailman/data/aliases')) touch('/var/lib/mailman/data/aliases');
245         if(is_file('/var/lib/mailman/data/aliases')) unlink('/var/lib/mailman/data/aliases');
b1a6a5 246         if(!is_link('/var/lib/mailman/data/aliases')) symlink('/etc/mailman/aliases', '/var/lib/mailman/data/aliases');
3f478f 247         exec('postalias /var/lib/mailman/data/aliases');
79bd20 248         if(!is_file('/etc/mailman/virtual-mailman')) touch('/etc/mailman/virtual-mailman');
TB 249         exec('postmap /etc/mailman/virtual-mailman');
3f478f 250         if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');
T 251         exec('/usr/sbin/postmap /var/lib/mailman/data/transport-mailman');
b1a6a5 252
0711af 253         //* Make a backup copy of the main.cf file
T 254         copy($config_dir.'/main.cf', $config_dir.'/main.cf~');
b1a6a5 255
0711af 256         //* Executing the postconf commands
T 257         foreach($postconf_commands as $cmd) {
258             $command = "postconf -e '$cmd'";
259             caselog($command." &> /dev/null", __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
260         }
b1a6a5 261
MC 262         if(!stristr($options, 'dont-create-certs')) {
0711af 263             //* Create the SSL certificate
b04e82 264             if(AUTOINSTALL){
TB 265                 $command = 'cd '.$config_dir.'; '
c43c29 266                     ."openssl req -new -subj '/C=".escapeshellcmd($autoinstall['ssl_cert_country'])."/ST=".escapeshellcmd($autoinstall['ssl_cert_state'])."/L=".escapeshellcmd($autoinstall['ssl_cert_locality'])."/O=".escapeshellcmd($autoinstall['ssl_cert_organisation'])."/OU=".escapeshellcmd($autoinstall['ssl_cert_organisation_unit'])."/CN=".escapeshellcmd($autoinstall['ssl_cert_common_name'])."' -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509";
b04e82 267             } else {
TB 268                 $command = 'cd '.$config_dir.'; '
c43c29 269                     .'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';
TB 270             }
0711af 271             exec($command);
b1a6a5 272
01423f 273             $command = 'chmod o= '.$config_dir.'/smtpd.key';
0711af 274             caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
T 275         }
b1a6a5 276
0711af 277         //** We have to change the permissions of the courier authdaemon directory to make it accessible for maildrop.
T 278         $command = 'chmod 755 /var/spool/authdaemon';
279         caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
b1a6a5 280
0711af 281         //* Changing maildrop lines in posfix master.cf
T 282         if(is_file($config_dir.'/master.cf')){
b1a6a5 283             copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
MC 284         }
0711af 285         if(is_file($config_dir.'/master.cf~')){
b1a6a5 286             exec('chmod 400 '.$config_dir.'/master.cf~');
MC 287         }
0711af 288         $configfile = $config_dir.'/master.cf';
T 289         $content = rf($configfile);
2c8f94 290         // if postfix package is from fedora or centios main repo
b1a6a5 291         $content = str_replace('#  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}',
MC 292             '  flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
293             $content);
294
2c8f94 295         // If postfix package is from centos plus repo
b1a6a5 296         $content = str_replace('#  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}',
MC 297             '  flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
298             $content);
299
300         $content = str_replace('  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}',
301             '  flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
302             $content);
303
304
305         $content = str_replace('#maildrop  unix  -       n       n       -       -       pipe',
306             'maildrop  unix  -       n       n       -       -       pipe',
307             $content);
308
0711af 309         wf($configfile, $content);
b1a6a5 310
0711af 311         //* Writing the Maildrop mailfilter file
T 312         $configfile = 'mailfilter';
313         if(is_file($cf['vmail_mailbox_base'].'/.'.$configfile)){
b1a6a5 314             copy($cf['vmail_mailbox_base'].'/.'.$configfile, $cf['vmail_mailbox_base'].'/.'.$configfile.'~');
MC 315         }
615a0a 316         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
0711af 317         $content = str_replace('{dist_postfix_vmail_mailbox_base}', $cf['vmail_mailbox_base'], $content);
T 318         wf($cf['vmail_mailbox_base'].'/.'.$configfile, $content);
b1a6a5 319
0711af 320         //* Create the directory for the custom mailfilters
T 321         $command = 'mkdir '.$cf['vmail_mailbox_base'].'/mailfilters';
322         caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 323
0711af 324         //* Chmod and chown the .mailfilter file
T 325         $command = 'chown -R '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base'].'/.mailfilter';
326         caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 327
0711af 328         $command = 'chmod -R 600 '.$cf['vmail_mailbox_base'].'/.mailfilter';
T 329         caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 330
0711af 331     }
b1a6a5 332
0711af 333     public function configure_saslauthd() {
T 334         global $conf;
b1a6a5 335
0711af 336         $configfile = 'tpl/fedora_saslauthd_smtpd_conf.master';
615a0a 337         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_saslauthd_smtpd_conf.master', $configfile);
b1a6a5 338         wf('/usr/lib/sasl2/smtpd.conf', $content);
MC 339         if(is_dir('/usr/lib64')) wf('/usr/lib64/sasl/smtpd.conf', $content);
340         if(is_dir('/usr/lib64')) wf('/usr/lib64/sasl2/smtpd.conf', $content);
341
0711af 342     }
b1a6a5 343
0711af 344     public function configure_pam()
b1a6a5 345     {
0711af 346         global $conf;
T 347         $pam = $conf['pam'];
348         //* configure pam for SMTP authentication agains the ispconfig database
349         $configfile = 'pamd_smtp';
350         if(is_file("$pam/smtp"))    copy("$pam/smtp", "$pam/smtp~");
351         if(is_file("$pam/smtp~"))   exec("chmod 400 $pam/smtp~");
352
615a0a 353         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
0711af 354         $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
T 355         $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
356         $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
357         $content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
358         wf("$pam/smtp", $content);
03bff7 359         // On some OSes smtp is world readable which allows for reading database information.  Removing world readable rights should have no effect.
T 360         if(is_file("$pam/smtp"))    exec("chmod o= $pam/smtp");
0711af 361         //exec("chmod 660 $pam/smtp");
T 362         //exec("chown root:root $pam/smtp");
b1a6a5 363
0711af 364     }
b1a6a5 365
0711af 366     public function configure_courier()
b1a6a5 367     {
0711af 368         global $conf;
T 369         $config_dir = $conf['courier']['config_dir'];
370         //* authmysqlrc
371         $configfile = 'authmysqlrc';
372         if(is_file("$config_dir/$configfile")){
b1a6a5 373             copy("$config_dir/$configfile", "$config_dir/$configfile~");
MC 374         }
0711af 375         exec("chmod 400 $config_dir/$configfile~");
615a0a 376         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
b1a6a5 377         $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC 378         $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
379         $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
380         $content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
82e9b9 381         $content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
0711af 382         wf("$config_dir/$configfile", $content);
b1a6a5 383
0711af 384         exec("chmod 660 $config_dir/$configfile");
T 385         exec("chown root:root $config_dir/$configfile");
b1a6a5 386
0711af 387         //* authdaemonrc
T 388         $configfile = $conf['courier']['config_dir'].'/authdaemonrc';
389         if(is_file($configfile)){
b1a6a5 390             copy($configfile, $configfile.'~');
MC 391         }
0711af 392         if(is_file($configfile.'~')){
b1a6a5 393             exec('chmod 400 '.$configfile.'~');
MC 394         }
0711af 395         $content = rf($configfile);
T 396         $content = str_replace('authmodulelist=', 'authmodulelist="authmysql"', $content);
397         wf($configfile, $content);
398     }
b1a6a5 399
0f2bb1 400     public function configure_dovecot()
b1a6a5 401     {
0f2bb1 402         global $conf;
b1a6a5 403
a8aad2 404         $virtual_transport = 'dovecot';
DM 405         
406         // check if virtual_transport must be changed
407         if ($this->is_update) {
2af58c 408             $tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
a8aad2 409             $ini_array = ini_to_array(stripslashes($tmp['config']));
DM 410             // ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
411             
412             if(isset($ini_array['mail']['mailbox_virtual_uidgid_maps']) && $ini_array['mail']['mailbox_virtual_uidgid_maps'] == 'y') {
413                 $virtual_transport = 'lmtp:unix:private/dovecot-lmtp';
414             }
415         }
416
0f2bb1 417         $config_dir = $conf['dovecot']['config_dir'];
b1a6a5 418
9ec545 419         //* Use /etc/dovecot as config dir if exists
T 420         if(is_dir('/etc/dovecot')) $config_dir = '/etc/dovecot';
b1a6a5 421
0f2bb1 422         //* Configure master.cf and add a line for deliver
T 423         if(is_file($config_dir.'/master.cf')){
b1a6a5 424             copy($config_dir.'/master.cf', $config_dir.'/master.cf~2');
MC 425         }
0f2bb1 426         if(is_file($config_dir.'/master.cf~')){
b1a6a5 427             exec('chmod 400 '.$config_dir.'/master.cf~2');
MC 428         }
0f2bb1 429         $content = rf($conf["postfix"]["config_dir"].'/master.cf');
T 430         // Only add the content if we had not addded it before
b1a6a5 431         if(!stristr($content, "dovecot/deliver")) {
013ae4 432             $deliver_content = 'dovecot   unix  -       n       n       -       -       pipe'."\n".'  flags=DROhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop}';
b1a6a5 433             af($conf["postfix"]["config_dir"].'/master.cf', $deliver_content);
0f2bb1 434         }
T 435         unset($content);
436         unset($deliver_content);
b1a6a5 437
MC 438
0f2bb1 439         //* Reconfigure postfix to use dovecot authentication
T 440         // Adding the amavisd commands to the postfix configuration
441         $postconf_commands = array (
442             'dovecot_destination_recipient_limit = 1',
a8aad2 443             'virtual_transport = '.$virtual_transport,
0f2bb1 444             'smtpd_sasl_type = dovecot',
T 445             'smtpd_sasl_path = private/auth',
446         );
b1a6a5 447
0f2bb1 448         // Make a backup copy of the main.cf file
b1a6a5 449         copy($conf["postfix"]["config_dir"].'/main.cf', $conf["postfix"]["config_dir"].'/main.cf~3');
MC 450
0f2bb1 451         // Executing the postconf commands
T 452         foreach($postconf_commands as $cmd) {
453             $command = "postconf -e '$cmd'";
454             caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
455         }
b1a6a5 456
31e0d1 457         //* backup dovecot.conf
0f2bb1 458         $configfile = 'dovecot.conf';
T 459         if(is_file("$config_dir/$configfile")){
b1a6a5 460             copy("$config_dir/$configfile", "$config_dir/$configfile~");
MC 461         }
462
31e0d1 463         //* Get the dovecot version
b1a6a5 464         exec('dovecot --version', $tmp);
b79f6c 465         $dovecot_version = $tmp[0];
31e0d1 466         unset($tmp);
b1a6a5 467
31e0d1 468         //* Copy dovecot configuration file
b79f6c 469         if(version_compare($dovecot_version,2) >= 0) {
b1a6a5 470             if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot2.conf.master')) {
MC 471                 copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot2.conf.master', $config_dir.'/'.$configfile);
472             } else {
473                 copy('tpl/fedora_dovecot2.conf.master', $config_dir.'/'.$configfile);
474             }
b79f6c 475             if(version_compare($dovecot_version,2.1) < 0) {
TB 476                 removeLine($config_dir.'/'.$configfile, 'ssl_protocols =');
477             }
31e0d1 478         } else {
b1a6a5 479             if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot.conf.master')) {
MC 480                 copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot.conf.master', $config_dir.'/'.$configfile);
481             } else {
482                 copy('tpl/fedora_dovecot.conf.master', $config_dir.'/'.$configfile);
483             }
31e0d1 484         }
615a0a 485
0f2bb1 486         //* dovecot-sql.conf
T 487         $configfile = 'dovecot-sql.conf';
488         if(is_file("$config_dir/$configfile")){
b1a6a5 489             copy("$config_dir/$configfile", "$config_dir/$configfile~");
0f2bb1 490             exec("chmod 400 $config_dir/$configfile~");
b1a6a5 491         }
85f6fb 492         
TB 493         if(!@file_exists('/etc/dovecot-sql.conf')) exec('ln -s /etc/dovecot/dovecot-sql.conf /etc/dovecot-sql.conf');
b1a6a5 494
615a0a 495         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot-sql.conf.master', "tpl/fedora_dovecot-sql.conf.master");
b1a6a5 496         $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC 497         $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
498         $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
499         $content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
82e9b9 500         $content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
032b86 501         $content = str_replace('{server_id}', $conf['server_id'], $content);
0f2bb1 502         wf("$config_dir/$configfile", $content);
b1a6a5 503
0f2bb1 504         exec("chmod 600 $config_dir/$configfile");
T 505         exec("chown root:root $config_dir/$configfile");
5e7306 506         
TB 507         // Dovecot shall ignore mounts in website directory
85f6fb 508         if(is_installed('doveadm')) exec("doveadm mount add '/var/www/*' ignore > /dev/null 2> /dev/null");
0f2bb1 509
T 510     }
b1a6a5 511
0711af 512     public function configure_amavis() {
T 513         global $conf;
b1a6a5 514
0711af 515         // amavisd user config file
T 516         $configfile = 'fedora_amavisd_conf';
b1a6a5 517         if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf')) copy($conf["amavis"]["config_dir"].'/amavisd.conf', $conf["amavis"]["config_dir"].'/amavisd.conf~');
0711af 518         if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf~')) exec('chmod 400 '.$conf["amavis"]["config_dir"].'/amavisd.conf~');
615a0a 519         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/".$configfile.".master");
b1a6a5 520         $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC 521         $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
522         $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
523         $content = str_replace('{mysql_server_port}', $conf["mysql"]["port"], $content);
524         $content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
525         $content = str_replace('{hostname}', $conf['hostname'], $content);
526         wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content);
c83951 527         chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
b1a6a5 528
MC 529
0711af 530         // Adding the amavisd commands to the postfix configuration
T 531         $postconf_commands = array (
532             'content_filter = amavis:[127.0.0.1]:10024',
533             'receive_override_options = no_address_mappings'
534         );
b1a6a5 535
0711af 536         // Make a backup copy of the main.cf file
b1a6a5 537         copy($conf["postfix"]["config_dir"].'/main.cf', $conf["postfix"]["config_dir"].'/main.cf~2');
MC 538
0711af 539         // Executing the postconf commands
T 540         foreach($postconf_commands as $cmd) {
541             $command = "postconf -e '$cmd'";
542             caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
543         }
b1a6a5 544
0711af 545         // Append the configuration for amavisd to the master.cf file
44ae08 546         if(is_file($conf['postfix']['config_dir'].'/master.cf')) copy($conf['postfix']['config_dir'].'/master.cf', $conf['postfix']['config_dir'].'/master.cf~');
F 547         $content = rf($conf['postfix']['config_dir'].'/master.cf');
0711af 548         // Only add the content if we had not addded it before
f0bed3 549         if(!preg_match('/^amavis\s+unix\s+/m', $content)) {
0711af 550             unset($content);
44ae08 551             $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis.master', 'tpl/master_cf_amavis.master');
F 552             af($conf['postfix']['config_dir'].'/master.cf', $content);
553             $content = rf($conf['postfix']['config_dir'].'/master.cf');
554         }
8100f2 555         if(!preg_match('/^127.0.0.1:10025\s+/m', $content)) {
44ae08 556             unset($content);
8100f2 557             $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10025.master', 'tpl/master_cf_amavis10025.master');
44ae08 558             af($conf['postfix']['config_dir'].'/master.cf', $content);
F 559             $content = rf($conf['postfix']['config_dir'].'/master.cf');
560         }
8100f2 561         if(!preg_match('/^127.0.0.1:10027\s+/m', $content)) {
44ae08 562             unset($content);
8100f2 563             $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10027.master', 'tpl/master_cf_amavis10027.master');
44ae08 564             af($conf['postfix']['config_dir'].'/master.cf', $content);
0711af 565         }
T 566         unset($content);
b1a6a5 567
MC 568         removeLine('/etc/sysconfig/freshclam', 'FRESHCLAM_DELAY=disabled-warn   # REMOVE ME', 1);
569         replaceLine('/etc/freshclam.conf', 'Example', '# Example', 1);
570
0711af 571         // Add the clamav user to the vscan group
T 572         //exec('groupmod --add-user clamav vscan');
b1a6a5 573
MC 574
0711af 575     }
b1a6a5 576
0711af 577     public function configure_spamassassin()
b1a6a5 578     {
0711af 579         global $conf;
b1a6a5 580
0711af 581         //* Enable spamasasssin on debian and ubuntu
T 582         /*
583         $configfile = '/etc/default/spamassassin';
584         if(is_file($configfile)){
585             copy($configfile, $configfile.'~');
586         }
587         $content = rf($configfile);
588         $content = str_replace('ENABLED=0', 'ENABLED=1', $content);
589         wf($configfile, $content);
590         */
591     }
b1a6a5 592
0711af 593     public function configure_getmail()
b1a6a5 594     {
0711af 595         global $conf;
b1a6a5 596
0711af 597         $config_dir = $conf['getmail']['config_dir'];
b1a6a5 598
0711af 599         if(!is_dir($config_dir)) exec("mkdir -p ".escapeshellcmd($config_dir));
T 600
601         $command = "useradd -d $config_dir getmail";
392450 602         if(!is_user('getmail')) caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 603
0711af 604         $command = "chown -R getmail $config_dir";
T 605         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 606
0711af 607         $command = "chmod -R 700 $config_dir";
T 608         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
609     }
b1a6a5 610
MC 611
0711af 612     public function configure_pureftpd()
b1a6a5 613     {
0711af 614         global $conf;
b1a6a5 615
0711af 616         $config_dir = $conf['pureftpd']['config_dir'];
T 617
618         //* configure pam for SMTP authentication agains the ispconfig database
619         $configfile = 'pureftpd-mysql.conf';
620         if(is_file("$config_dir/$configfile")){
b1a6a5 621             copy("$config_dir/$configfile", "$config_dir/$configfile~");
MC 622         }
0711af 623         if(is_file("$config_dir/$configfile~")){
b1a6a5 624             exec("chmod 400 $config_dir/$configfile~");
MC 625         }
615a0a 626         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/pureftpd_mysql.conf.master', 'tpl/pureftpd_mysql.conf.master');
0711af 627         $content = str_replace('{mysql_server_ispconfig_user}', $conf["mysql"]["ispconfig_user"], $content);
T 628         $content = str_replace('{mysql_server_ispconfig_password}', $conf["mysql"]["ispconfig_password"], $content);
629         $content = str_replace('{mysql_server_database}', $conf["mysql"]["database"], $content);
630         $content = str_replace('{mysql_server_ip}', $conf["mysql"]["ip"], $content);
631         $content = str_replace('{server_id}', $conf["server_id"], $content);
632         wf("$config_dir/$configfile", $content);
633         exec("chmod 600 $config_dir/$configfile");
634         exec("chown root:root $config_dir/$configfile");
b1a6a5 635
0711af 636         // copy our customized copy of pureftpd.conf to the pure-ftpd config directory
615a0a 637         if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_pureftpd_conf.master')) {
b1a6a5 638             exec("cp " . $conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_pureftpd_conf.master ' . "$config_dir/pure-ftpd.conf");
MC 639         }else {
640             exec("cp tpl/fedora_pureftpd_conf.master $config_dir/pure-ftpd.conf");
641         }
642
0711af 643     }
b1a6a5 644
0711af 645     public function configure_mydns()
b1a6a5 646     {
0711af 647         global $conf;
b1a6a5 648
0711af 649         // configure mydns
T 650         $configfile = 'mydns.conf';
b1a6a5 651         if(is_file($conf["mydns"]["config_dir"].'/'.$configfile)) copy($conf["mydns"]["config_dir"].'/'.$configfile, $conf["mydns"]["config_dir"].'/'.$configfile.'~');
0711af 652         if(is_file($conf["mydns"]["config_dir"].'/'.$configfile.'~')) exec('chmod 400 '.$conf["mydns"]["config_dir"].'/'.$configfile.'~');
615a0a 653         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/".$configfile.".master");
b1a6a5 654         $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC 655         $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
656         $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
657         $content = str_replace('{mysql_server_host}', $conf["mysql"]["host"], $content);
82e9b9 658         $content = str_replace('{mysql_server_port}', $conf["mysql"]["port"], $content);
b1a6a5 659         $content = str_replace('{server_id}', $conf["server_id"], $content);
MC 660         wf($conf["mydns"]["config_dir"].'/'.$configfile, $content);
0711af 661         exec('chmod 600 '.$conf["mydns"]["config_dir"].'/'.$configfile);
T 662         exec('chown root:root '.$conf["mydns"]["config_dir"].'/'.$configfile);
b1a6a5 663
0711af 664     }
b1a6a5 665
0f2bb1 666     public function configure_bind() {
T 667         global $conf;
b1a6a5 668
0f2bb1 669         // add the include line at the end of named.conf.
b1a6a5 670         replaceLine('/etc/named.conf', 'include "/etc/named.conf.local";', 'include "/etc/named.conf.local";', 0, 1);
fd4cfd 671
D 672         //* Check if the zonefile directory has a slash at the end
673         $content=$conf['bind']['bind_zonefiles_dir'];
b1a6a5 674         if(substr($content, -1, 1) != '/') {
fd4cfd 675             $content .= '/';
D 676         }
677
678         //* Create the slave subdirectory
679         $content .= 'slave';
680         $content_mkdir = 'mkdir -p '.$content;
681         exec($content_mkdir);
682
683         //* Chown the slave subdirectory to $conf['bind']['bind_user']
684         exec('chown '.$conf['bind']['bind_user'].':'.$conf['bind']['bind_group'].' '.$content);
fc7f1b 685         exec('chmod 2770 '.$content);
b1a6a5 686
0f2bb1 687     }
b1a6a5 688
0711af 689     public function configure_apache()
b1a6a5 690     {
0711af 691         global $conf;
b1a6a5 692
1bd269 693         if($conf['apache']['installed'] == false) return;
bde98e 694         if(is_file('/etc/suphp.conf')) {
4c7fd5 695             //replaceLine('/etc/suphp.conf','php=php:/usr/bin','x-httpd-suphp=php:/usr/bin/php-cgi',0);
b1a6a5 696             replaceLine('/etc/suphp.conf', 'docroot=', 'docroot=/var/www', 0);
MC 697             replaceLine('/etc/suphp.conf', 'umask=0077', 'umask=0022', 0);
bde98e 698         }
b1a6a5 699
0711af 700         //* Create the logging directory for the vhost logfiles
T 701         exec('mkdir -p /var/log/ispconfig/httpd');
b1a6a5 702
0711af 703         // Sites enabled and avaulable dirs
T 704         exec('mkdir -p '.$conf['apache']['vhost_conf_enabled_dir']);
705         exec('mkdir -p '.$conf['apache']['vhost_conf_dir']);
b1a6a5 706
0711af 707         $content = rf('/etc/httpd/conf/httpd.conf');
b1a6a5 708         if(!stristr($content, 'Include /etc/httpd/conf/sites-enabled/')) {
MC 709             af('/etc/httpd/conf/httpd.conf', "\nNameVirtualHost *:80\nNameVirtualHost *:443\nInclude /etc/httpd/conf/sites-enabled/\n\n");
0711af 710         }
T 711         unset($content);
b1a6a5 712
9de0c4 713         //* Copy the ISPConfig configuration include
b1a6a5 714         $vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
MC 715         $vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
716
ccbf14 717         $tpl = new tpl('apache_ispconfig.conf.master');
TB 718         $tpl->setVar('apache_version',getapacheversion());
719         
2af58c 720         $records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);
ccbf14 721         $ip_addresses = array();
TB 722         
fb3a98 723         if(is_array($records) && count($records) > 0) {
86e3bb 724             foreach($records as $rec) {
a2156e 725                 if($rec['ip_type'] == 'IPv6') {
T 726                     $ip_address = '['.$rec['ip_address'].']';
727                 } else {
728                     $ip_address = $rec['ip_address'];
729                 }
b1a6a5 730                 $ports = explode(',', $rec['virtualhost_port']);
a2156e 731                 if(is_array($ports)) {
T 732                     foreach($ports as $port) {
733                         $port = intval($port);
734                         if($port > 0 && $port < 65536 && $ip_address != '') {
ccbf14 735                             $ip_addresses[] = array('ip_address' => $ip_address, 'port' => $port);
a2156e 736                         }
T 737                     }
738                 }
86e3bb 739             }
T 740         }
855547 741         
3de838 742         if(count($ip_addresses) > 0) $tpl->setLoop('ip_adresses',$ip_addresses);
b1a6a5 743
ccbf14 744         wf($vhost_conf_dir.'/ispconfig.conf', $tpl->grab());
TB 745         unset($tpl);
b1a6a5 746
9de0c4 747         if(!@is_link($vhost_conf_enabled_dir."/000-ispconfig.conf")) {
T 748             exec("ln -s ".$vhost_conf_dir."/ispconfig.conf ".$vhost_conf_enabled_dir."/000-ispconfig.conf");
749         }
b1a6a5 750
99d5dc 751         //* make sure that webalizer finds its config file when it is directly in /etc
T 752         if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
753             exec('mkdir /etc/webalizer');
754             exec('ln -s /etc/webalizer.conf /etc/webalizer/webalizer.conf');
755         }
b1a6a5 756
99d5dc 757         if(is_file('/etc/webalizer/webalizer.conf')) {
T 758             // Change webalizer mode to incremental
b1a6a5 759             replaceLine('/etc/webalizer/webalizer.conf', '#IncrementalName', 'IncrementalName webalizer.current', 0, 0);
MC 760             replaceLine('/etc/webalizer/webalizer.conf', '#Incremental', 'Incremental     yes', 0, 0);
761             replaceLine('/etc/webalizer/webalizer.conf', '#HistoryName', 'HistoryName     webalizer.hist', 0, 0);
99d5dc 762         }
b1a6a5 763
6b029a 764         //* add a sshusers group
T 765         $command = 'groupadd sshusers';
766         if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 767
0711af 768     }
b1a6a5 769
d95ed9 770     public function configure_nginx(){
F 771         global $conf;
b1a6a5 772
d95ed9 773         if($conf['nginx']['installed'] == false) return;
F 774         //* Create the logging directory for the vhost logfiles
775         if(!@is_dir($conf['ispconfig_log_dir'].'/httpd')) mkdir($conf['ispconfig_log_dir'].'/httpd', 0755, true);
b1a6a5 776
d95ed9 777         // Sites enabled and avaulable dirs
F 778         exec('mkdir -p '.$conf['nginx']['vhost_conf_enabled_dir']);
779         exec('mkdir -p '.$conf['nginx']['vhost_conf_dir']);
780
b1a6a5 781         wf('/etc/nginx/conf.d/ispconfig_vhosts.conf', "include /etc/nginx/sites-enabled/*.vhost;");
d95ed9 782
F 783         //* make sure that webalizer finds its config file when it is directly in /etc
784         if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
785             mkdir('/etc/webalizer');
b1a6a5 786             symlink('/etc/webalizer.conf', '/etc/webalizer/webalizer.conf');
d95ed9 787         }
F 788
789         if(is_file('/etc/webalizer/webalizer.conf')) {
790             // Change webalizer mode to incremental
b1a6a5 791             replaceLine('/etc/webalizer/webalizer.conf', '#IncrementalName', 'IncrementalName webalizer.current', 0, 0);
MC 792             replaceLine('/etc/webalizer/webalizer.conf', '#Incremental', 'Incremental     yes', 0, 0);
793             replaceLine('/etc/webalizer/webalizer.conf', '#HistoryName', 'HistoryName     webalizer.hist', 0, 0);
d95ed9 794         }
b1a6a5 795
d95ed9 796         // Check the awsatst script
F 797         if(!is_dir('/usr/share/awstats/tools')) exec('mkdir -p /usr/share/awstats/tools');
b1a6a5 798         if(!file_exists('/usr/share/awstats/tools/awstats_buildstaticpages.pl') && file_exists('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl')) symlink('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl', '/usr/share/awstats/tools/awstats_buildstaticpages.pl');
MC 799         if(file_exists('/etc/awstats/awstats.conf.local')) replaceLine('/etc/awstats/awstats.conf.local', 'LogFormat=4', 'LogFormat=1', 0, 1);
800
d95ed9 801         //* add a sshusers group
F 802         $command = 'groupadd sshusers';
803         if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
804     }
b1a6a5 805
ca2165 806     public function configure_bastille_firewall()
0711af 807     {
T 808         global $conf;
b1a6a5 809
0711af 810         $dist_init_scripts = $conf['init_scripts'];
b1a6a5 811
0711af 812         if(is_dir("/etc/Bastille.backup")) caselog("rm -rf /etc/Bastille.backup", __FILE__, __LINE__);
T 813         if(is_dir("/etc/Bastille")) caselog("mv -f /etc/Bastille /etc/Bastille.backup", __FILE__, __LINE__);
b1a6a5 814         @mkdir("/etc/Bastille", octdec($directory_mode));
MC 815         if(is_dir("/etc/Bastille.backup/firewall.d")) caselog("cp -pfr /etc/Bastille.backup/firewall.d /etc/Bastille/", __FILE__, __LINE__);
816         if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/bastille-firewall.cfg.master')) {
817             caselog("cp -f " . $conf['ispconfig_install_dir']."/server/conf-custom/install/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
818         } else {
819             caselog("cp -f tpl/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
820         }
821         caselog("chmod 644 /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
822         $content = rf("/etc/Bastille/bastille-firewall.cfg");
823         $content = str_replace("{DNS_SERVERS}", "", $content);
0711af 824
b1a6a5 825         $tcp_public_services = '';
MC 826         $udp_public_services = '';
827
2af58c 828         $row = $this->db->queryOneRecord('SELECT * FROM ?? WHERE server_id = ?', $conf["mysql"]["database"] . '.firewall', $conf['server_id']);
b1a6a5 829
MC 830         if(trim($row["tcp_port"]) != '' || trim($row["udp_port"]) != ''){
831             $tcp_public_services = trim(str_replace(',', ' ', $row["tcp_port"]));
832             $udp_public_services = trim(str_replace(',', ' ', $row["udp_port"]));
833         } else {
834             $tcp_public_services = '21 22 25 53 80 110 443 3306 8080 10000';
835             $udp_public_services = '53';
836         }
9ce725 837         if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) {
96cc31 838             $tcp_public_services .= ' '.intval($conf['apache']['vhost_port']);
2af58c 839             if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ? WHERE server_id = ?", ',' . intval($conf['apache']['vhost_port']), $conf['server_id']);
9ce725 840         }
0711af 841
b1a6a5 842         $content = str_replace("{TCP_PUBLIC_SERVICES}", $tcp_public_services, $content);
MC 843         $content = str_replace("{UDP_PUBLIC_SERVICES}", $udp_public_services, $content);
0711af 844
b1a6a5 845         wf("/etc/Bastille/bastille-firewall.cfg", $content);
0711af 846
b1a6a5 847         if(is_file($dist_init_scripts."/bastille-firewall")) caselog("mv -f $dist_init_scripts/bastille-firewall $dist_init_scripts/bastille-firewall.backup", __FILE__, __LINE__);
MC 848         caselog("cp -f apps/bastille-firewall $dist_init_scripts", __FILE__, __LINE__);
849         caselog("chmod 700 $dist_init_scripts/bastille-firewall", __FILE__, __LINE__);
0711af 850
b1a6a5 851         if(is_file("/sbin/bastille-ipchains")) caselog("mv -f /sbin/bastille-ipchains /sbin/bastille-ipchains.backup", __FILE__, __LINE__);
MC 852         caselog("cp -f apps/bastille-ipchains /sbin", __FILE__, __LINE__);
853         caselog("chmod 700 /sbin/bastille-ipchains", __FILE__, __LINE__);
854
855         if(is_file("/sbin/bastille-netfilter")) caselog("mv -f /sbin/bastille-netfilter /sbin/bastille-netfilter.backup", __FILE__, __LINE__);
856         caselog("cp -f apps/bastille-netfilter /sbin", __FILE__, __LINE__);
857         caselog("chmod 700 /sbin/bastille-netfilter", __FILE__, __LINE__);
858
0711af 859         if(!@is_dir('/var/lock/subsys')) caselog("mkdir /var/lock/subsys", __FILE__, __LINE__);
T 860
b1a6a5 861         exec("which ipchains &> /dev/null", $ipchains_location, $ret_val);
MC 862         if(!is_file("/sbin/ipchains") && !is_link("/sbin/ipchains") && $ret_val == 0) phpcaselog(@symlink(shell_exec("which ipchains"), "/sbin/ipchains"), 'create symlink', __FILE__, __LINE__);
863         unset($ipchains_location);
864         exec("which iptables &> /dev/null", $iptables_location, $ret_val);
865         if(!is_file("/sbin/iptables") && !is_link("/sbin/iptables") && $ret_val == 0) phpcaselog(@symlink(trim(shell_exec("which iptables")), "/sbin/iptables"), 'create symlink', __FILE__, __LINE__);
866         unset($iptables_location);
0711af 867
T 868     }
b1a6a5 869
MC 870
0711af 871     public function install_ispconfig()
b1a6a5 872     {
0711af 873         global $conf;
b1a6a5 874
0711af 875         $install_dir = $conf['ispconfig_install_dir'];
T 876
877         //* Create the ISPConfig installation directory
878         if(!@is_dir("$install_dir")) {
879             $command = "mkdir $install_dir";
880             caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
881         }
b1a6a5 882
0711af 883         //* Create a ISPConfig user and group
T 884         $command = 'groupadd ispconfig';
392450 885         if(!is_group('ispconfig')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 886
0711af 887         $command = "useradd -g ispconfig -d $install_dir ispconfig";
392450 888         if(!is_user('ispconfig')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 889
0711af 890         //* copy the ISPConfig interface part
T 891         $command = "cp -rf ../interface $install_dir";
892         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 893
0711af 894         //* copy the ISPConfig server part
T 895         $command = "cp -rf ../server $install_dir";
896         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
a13af2 897         
fb6c56 898         //* Make a backup of the security settings
TB 899         if(is_file('/usr/local/ispconfig/security/security_settings.ini')) copy('/usr/local/ispconfig/security/security_settings.ini','/usr/local/ispconfig/security/security_settings.ini~');
900         
a13af2 901         //* copy the ISPConfig security part
TB 902         $command = 'cp -rf ../security '.$install_dir;
903         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
fb6c56 904         
TB 905         //* Apply changed security_settings.ini values to new security_settings.ini file
906         if(is_file('/usr/local/ispconfig/security/security_settings.ini~')) {
907             $security_settings_old = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini~'));
908             $security_settings_new = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini'));
909             if(is_array($security_settings_new) && is_array($security_settings_old)) {
910                 foreach($security_settings_new as $section => $sval) {
911                     if(is_array($sval)) {
912                         foreach($sval as $key => $val) {
913                             if(isset($security_settings_old[$section]) && isset($security_settings_old[$section][$key])) {
914                                 $security_settings_new[$section][$key] = $security_settings_old[$section][$key];
915                             }
916                         }
917                     }
918                 }
919                 file_put_contents('/usr/local/ispconfig/security/security_settings.ini',array_to_ini($security_settings_new));
920             }
921         }
b1a6a5 922
0711af 923         //* Create a symlink, so ISPConfig is accessible via web
T 924         // Replaced by a separate vhost definition for port 8080
925         // $command = "ln -s $install_dir/interface/web/ /var/www/ispconfig";
926         // caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 927
0711af 928         //* Create the config file for ISPConfig interface
T 929         $configfile = 'config.inc.php';
930         if(is_file($install_dir.'/interface/lib/'.$configfile)){
b1a6a5 931             copy("$install_dir/interface/lib/$configfile", "$install_dir/interface/lib/$configfile~");
MC 932         }
615a0a 933         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
0711af 934         $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
b1a6a5 935         $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
0711af 936         $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
T 937         $content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
82e9b9 938         $content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
b1a6a5 939
12e3ba 940         $content = str_replace('{mysql_master_server_ispconfig_user}', $conf['mysql']['master_ispconfig_user'], $content);
T 941         $content = str_replace('{mysql_master_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content);
942         $content = str_replace('{mysql_master_server_database}', $conf['mysql']['master_database'], $content);
943         $content = str_replace('{mysql_master_server_host}', $conf['mysql']['master_host'], $content);
82e9b9 944         $content = str_replace('{mysql_master_server_port}', $conf['mysql']['master_port'], $content);
b1a6a5 945
7c3b60 946         $content = str_replace('{server_id}', $conf['server_id'], $content);
0711af 947         $content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
56f1f4 948         $content = str_replace('{language}', $conf['language'], $content);
8cf78b 949         $content = str_replace('{timezone}', $conf['timezone'], $content);
41eaa8 950         $content = str_replace('{theme}', $conf['theme'], $content);
992797 951         $content = str_replace('{language_file_import_enabled}', ($conf['language_file_import_enabled'] == true)?'true':'false', $content);
b1a6a5 952
0711af 953         wf("$install_dir/interface/lib/$configfile", $content);
b1a6a5 954
0711af 955         //* Create the config file for ISPConfig server
T 956         $configfile = 'config.inc.php';
957         if(is_file($install_dir.'/server/lib/'.$configfile)){
b1a6a5 958             copy("$install_dir/server/lib/$configfile", "$install_dir/interface/lib/$configfile~");
MC 959         }
615a0a 960         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
0711af 961         $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
T 962         $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
963         $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
964         $content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
82e9b9 965         $content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
b1a6a5 966
12e3ba 967         $content = str_replace('{mysql_master_server_ispconfig_user}', $conf['mysql']['master_ispconfig_user'], $content);
T 968         $content = str_replace('{mysql_master_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content);
969         $content = str_replace('{mysql_master_server_database}', $conf['mysql']['master_database'], $content);
970         $content = str_replace('{mysql_master_server_host}', $conf['mysql']['master_host'], $content);
82e9b9 971         $content = str_replace('{mysql_master_server_port}', $conf['mysql']['master_port'], $content);
b1a6a5 972
0711af 973         $content = str_replace('{server_id}', $conf['server_id'], $content);
T 974         $content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
5898e6 975         $content = str_replace('{language}', $conf['language'], $content);
8cf78b 976         $content = str_replace('{timezone}', $conf['timezone'], $content);
41eaa8 977         $content = str_replace('{theme}', $conf['theme'], $content);
992797 978         $content = str_replace('{language_file_import_enabled}', ($conf['language_file_import_enabled'] == true)?'true':'false', $content);
5c4d55 979
0711af 980         wf("$install_dir/server/lib/$configfile", $content);
b1a6a5 981
fb3a98 982         //* Create the config file for remote-actions (but only, if it does not exist, because
T 983         //  the value is a autoinc-value and so changed by the remoteaction_core_module
984         if (!file_exists($install_dir.'/server/lib/remote_action.inc.php')) {
985             $content = '<?php' . "\n" . '$maxid_remote_action = 0;' . "\n" . '?>';
986             wf($install_dir.'/server/lib/remote_action.inc.php', $content);
987         }
b1a6a5 988
MC 989
0711af 990         //* Enable the server modules and plugins.
T 991         // TODO: Implement a selector which modules and plugins shall be enabled.
992         $dir = $install_dir.'/server/mods-available/';
993         if (is_dir($dir)) {
994             if ($dh = opendir($dir)) {
995                 while (($file = readdir($dh)) !== false) {
b1a6a5 996                     if($file != '.' && $file != '..' && substr($file, -8, 8) == '.inc.php') {
MC 997                         include_once $install_dir.'/server/mods-available/'.$file;
998                         $module_name = substr($file, 0, -8);
392450 999                         $tmp = new $module_name;
T 1000                         if($tmp->onInstall()) {
1001                             if(!@is_link($install_dir.'/server/mods-enabled/'.$file)) @symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-enabled/'.$file);
1002                             if (strpos($file, '_core_module') !== false) {
1003                                 if(!@is_link($install_dir.'/server/mods-core/'.$file)) @symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-core/'.$file);
1004                             }
0d0cd9 1005                         }
392450 1006                         unset($tmp);
0711af 1007                     }
T 1008                 }
1009                 closedir($dh);
1010             }
1011         }
b1a6a5 1012
0711af 1013         $dir = $install_dir.'/server/plugins-available/';
T 1014         if (is_dir($dir)) {
1015             if ($dh = opendir($dir)) {
1016                 while (($file = readdir($dh)) !== false) {
1bd269 1017                     if($conf['apache']['installed'] == true && $file == 'nginx_plugin.inc.php') continue;
F 1018                     if($conf['nginx']['installed'] == true && $file == 'apache2_plugin.inc.php') continue;
b1a6a5 1019                     if($file != '.' && $file != '..' && substr($file, -8, 8) == '.inc.php') {
MC 1020                         include_once $install_dir.'/server/plugins-available/'.$file;
1021                         $plugin_name = substr($file, 0, -8);
392450 1022                         $tmp = new $plugin_name;
T 1023                         if($tmp->onInstall()) {
1024                             if(!@is_link($install_dir.'/server/plugins-enabled/'.$file)) @symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-enabled/'.$file);
1025                             if (strpos($file, '_core_plugin') !== false) {
1026                                 if(!@is_link($install_dir.'/server/plugins-core/'.$file)) @symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-core/'.$file);
1027                             }
0d0cd9 1028                         }
392450 1029                         unset($tmp);
0711af 1030                     }
T 1031                 }
1032                 closedir($dh);
1033             }
1034         }
b1a6a5 1035
392450 1036         // Update the server config
T 1037         $mail_server_enabled = ($conf['services']['mail'])?1:0;
1038         $web_server_enabled = ($conf['services']['web'])?1:0;
1039         $dns_server_enabled = ($conf['services']['dns'])?1:0;
1040         $file_server_enabled = ($conf['services']['file'])?1:0;
1041         $db_server_enabled = ($conf['services']['db'])?1:0;
1042         $vserver_server_enabled = ($conf['services']['vserver'])?1:0;
2af58c 1043         $sql = "UPDATE `server` SET mail_server = ?, web_server = ?, dns_server = ?, file_server = ?, db_server = ?, vserver_server = ? WHERE server_id = ?";
b1a6a5 1044
2af58c 1045         $this->db->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
392450 1046         if($conf['mysql']['master_slave_setup'] == 'y') {
2af58c 1047             $this->dbmaster->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
392450 1048         }
b1a6a5 1049
fa029b 1050         // chown install dir to root and chmod 755
3e0fc8 1051         $command = 'chown root:root '.$install_dir;
TB 1052         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
1053         $command = 'chmod 755 '.$install_dir;
0711af 1054         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
T 1055
fa029b 1056         //* Chmod the files and directories in the install dir
3e0fc8 1057         $command = 'chmod -R 750 '.$install_dir.'/*';
TB 1058         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
1059
1060         //* chown the interface files to the ispconfig user and group
1061         $command = 'chown -R ispconfig:ispconfig '.$install_dir.'/interface';
1062         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
1063         
1064         //* chown the server files to the root user and group
1065         $command = 'chown -R root:root '.$install_dir.'/server';
0711af 1066         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
fa029b 1067         
TB 1068         //* chown the security files to the root user and group
1069         $command = 'chown -R root:root '.$install_dir.'/security';
1070         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
1071         
1072         //* chown the security directory and security_settings.ini to root:ispconfig
1073         $command = 'chown root:ispconfig '.$install_dir.'/security/security_settings.ini';
1074         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
1075         $command = 'chown root:ispconfig '.$install_dir.'/security';
1076         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
cb1221 1077         $command = 'chown root:ispconfig '.$install_dir.'/security/ids.whitelist';
TB 1078         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
1079         $command = 'chown root:ispconfig '.$install_dir.'/security/ids.htmlfield';
1080         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
1081         $command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
0711af 1082         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 1083
0711af 1084         //* Make the global language file directory group writable
T 1085         exec("chmod -R 770 $install_dir/interface/lib/lang");
b1a6a5 1086
0711af 1087         //* Make the temp directory for language file exports writable
T 1088         exec("chmod -R 770 $install_dir/interface/web/temp");
b1a6a5 1089
0711af 1090         //* Make all interface language file directories group writable
T 1091         $handle = @opendir($install_dir.'/interface/web');
b1a6a5 1092         while ($file = @readdir($handle)) {
MC 1093             if ($file != '.' && $file != '..') {
1094                 if(@is_dir($install_dir.'/interface/web'.'/'.$file.'/lib/lang')) {
0711af 1095                     $handle2 = opendir($install_dir.'/interface/web'.'/'.$file.'/lib/lang');
b1a6a5 1096                     chmod($install_dir.'/interface/web'.'/'.$file.'/lib/lang', 0770);
MC 1097                     while ($lang_file = @readdir($handle2)) {
0711af 1098                         if ($lang_file != '.' && $lang_file != '..') {
b1a6a5 1099                             chmod($install_dir.'/interface/web'.'/'.$file.'/lib/lang/'.$lang_file, 0770);
0711af 1100                         }
T 1101                     }
1102                 }
1103             }
1104         }
b1a6a5 1105
477d4e 1106         //* Make the APS directories group writable
T 1107         exec("chmod -R 770 $install_dir/interface/web/sites/aps_meta_packages");
1108         exec("chmod -R 770 $install_dir/server/aps_packages");
b1a6a5 1109
0711af 1110         //* make sure that the server config file (not the interface one) is only readable by the root user
bfcdef 1111         chmod($install_dir.'/server/lib/config.inc.php', 0600);
T 1112         chown($install_dir.'/server/lib/config.inc.php', 'root');
1113         chgrp($install_dir.'/server/lib/config.inc.php', 'root');
b1a6a5 1114
bfcdef 1115         //* Make sure thet the interface config file is readable by user ispconfig only
T 1116         chmod($install_dir.'/interface/lib/config.inc.php', 0600);
1117         chown($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
1118         chgrp($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
b1a6a5 1119
0711af 1120         if(@is_file("$install_dir/server/lib/mysql_clientdb.conf")) {
T 1121             exec("chmod 600 $install_dir/server/lib/mysql_clientdb.conf");
1122             exec("chown root:root $install_dir/server/lib/mysql_clientdb.conf");
1123         }
980485 1124         
TB 1125         if(is_dir($install_dir.'/interface/invoices')) {
1126             exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
1127             exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
1128         }
1129         
1130         exec('chown -R root:root /usr/local/ispconfig/interface/ssl');
b1a6a5 1131
0711af 1132         // TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing
T 1133         // and must be fixed as this will allow the apache user to read the ispconfig files.
1134         // Later this must run as own apache server or via suexec!
63b369 1135         if($conf['apache']['installed'] == true){
F 1136             $command = 'usermod -a -G ispconfig '.$conf['apache']['user'];
1137             caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
272aec 1138             if(is_group('ispapps')){
F 1139                 $command = 'usermod -a -G ispapps '.$conf['apache']['user'];
1140                 caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
1141             }
63b369 1142         }
F 1143         if($conf['nginx']['installed'] == true){
1144             $command = 'usermod -a -G ispconfig '.$conf['nginx']['user'];
1145             caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
8ab3cd 1146             //if(is_user('ispapps')){
b1a6a5 1147             // Allow the ispapps vhost access to /etc/squirrelmail
MC 1148             //$command = 'usermod -a -G '.$conf['apache']['group'].' ispapps';
1149             //caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
8ab3cd 1150             //}
272aec 1151             if(is_group('ispapps')){
F 1152                 $command = 'usermod -a -G ispapps '.$conf['nginx']['user'];
1153                 caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
1154             }
63b369 1155         }
b1a6a5 1156
0711af 1157         //* Make the shell scripts executable
T 1158         $command = "chmod +x $install_dir/server/scripts/*.sh";
1159         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 1160
7e1cfb 1161         if($conf['apache']['installed'] == true && $this->install_ispconfig_interface == true){
1bd269 1162             //* Copy the ISPConfig vhost for the controlpanel
F 1163             // TODO: These are missing! should they be "vhost_dist_*_dir" ?
1164             $vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
1165             $vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
b1a6a5 1166
MC 1167
1bd269 1168             // Dont just copy over the virtualhost template but add some custom settings
ccbf14 1169             $tpl = new tpl('apache_ispconfig.vhost.master');
TB 1170             $tpl->setVar('vhost_port',$conf['apache']['vhost_port']);
b1a6a5 1171
1bd269 1172             // comment out the listen directive if port is 80 or 443
F 1173             if($conf['apache']['vhost_port'] == 80 or $conf['apache']['vhost_port'] == 443) {
ccbf14 1174                 $tpl->setVar('vhost_port_listen','#');
1bd269 1175             } else {
ccbf14 1176                 $tpl->setVar('vhost_port_listen','');
1bd269 1177             }
b1a6a5 1178
ccbf14 1179             if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
TB 1180                 $tpl->setVar('ssl_comment','');
1bd269 1181             } else {
ccbf14 1182                 $tpl->setVar('ssl_comment','#');
1bd269 1183             }
10b4c8 1184             if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key') && is_file($install_dir.'/interface/ssl/ispserver.bundle')) {
ccbf14 1185                 $tpl->setVar('ssl_bundle_comment','');
10b4c8 1186             } else {
ccbf14 1187                 $tpl->setVar('ssl_bundle_comment','#');
10b4c8 1188             }
ccbf14 1189             
TB 1190             $tpl->setVar('apache_version',getapacheversion());
b1a6a5 1191
ccbf14 1192             wf($vhost_conf_dir.'/ispconfig.vhost', $tpl->grab());
b1a6a5 1193
1bd269 1194             //copy('tpl/apache_ispconfig.vhost.master', "$vhost_conf_dir/ispconfig.vhost");
F 1195             //* and create the symlink
cc6568 1196             //if($this->is_update == false) {
b1a6a5 1197             if(@is_link("$vhost_conf_enabled_dir/ispconfig.vhost")) unlink("$vhost_conf_enabled_dir/ispconfig.vhost");
MC 1198             if(!@is_link("$vhost_conf_enabled_dir/000-ispconfig.vhost")) {
1199                 exec("ln -s $vhost_conf_dir/ispconfig.vhost $vhost_conf_enabled_dir/000-ispconfig.vhost");
1200             }
1201
1202             /*
1bd269 1203                 exec('mkdir -p /var/www/php-fcgi-scripts/ispconfig');
F 1204                 exec('cp tpl/apache_ispconfig_fcgi_starter.master /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');
1205                 exec('chmod +x /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');
1206                 exec('ln -s /usr/local/ispconfig/interface/web /var/www/ispconfig');
1207                 exec('chown -R ispconfig:ispconfig /var/www/php-fcgi-scripts/ispconfig');
b1a6a5 1208
1bd269 1209                 replaceLine('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter','PHPRC=','PHPRC=/etc/',0,0);
526b99 1210                 */
b1a6a5 1211             //if(!is_file('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter')) {
MC 1212             $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/apache_ispconfig_fcgi_starter.master', 'tpl/apache_ispconfig_fcgi_starter.master');
1213             $content = str_replace('{fastcgi_bin}', $conf['fastcgi']['fastcgi_bin'], $content);
1214             $content = str_replace('{fastcgi_phpini_path}', $conf['fastcgi']['fastcgi_phpini_path'], $content);
1215             if(!is_dir('/var/www/php-fcgi-scripts/ispconfig')) exec('mkdir -p /var/www/php-fcgi-scripts/ispconfig');
1216             wf('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter', $content);
1217             exec('chmod +x /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');
1218             if(!is_link('/var/www/ispconfig')) exec('ln -s /usr/local/ispconfig/interface/web /var/www/ispconfig');
1219             exec('chown -R ispconfig:ispconfig /var/www/php-fcgi-scripts/ispconfig');
1220             //}
cc6568 1221             //}
f6d745 1222         }
b1a6a5 1223
7e1cfb 1224         if($conf['nginx']['installed'] == true && $this->install_ispconfig_interface == true){
1bd269 1225             //* Copy the ISPConfig vhost for the controlpanel
F 1226             $vhost_conf_dir = $conf['nginx']['vhost_conf_dir'];
1227             $vhost_conf_enabled_dir = $conf['nginx']['vhost_conf_enabled_dir'];
1228
1229             // Dont just copy over the virtualhost template but add some custom settings
615a0a 1230             $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/nginx_ispconfig.vhost.master', 'tpl/nginx_ispconfig.vhost.master');
1bd269 1231             $content = str_replace('{vhost_port}', $conf['nginx']['vhost_port'], $content);
b1a6a5 1232
1bd269 1233             if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
10b4c8 1234                 $content = str_replace('{ssl_on}', ' on', $content);
1bd269 1235                 $content = str_replace('{ssl_comment}', '', $content);
F 1236                 $content = str_replace('{fastcgi_ssl}', 'on', $content);
1237             } else {
10b4c8 1238                 $content = str_replace('{ssl_on}', ' off', $content);
1bd269 1239                 $content = str_replace('{ssl_comment}', '#', $content);
F 1240                 $content = str_replace('{fastcgi_ssl}', 'off', $content);
0711af 1241             }
b1a6a5 1242
ca0b77 1243             $socket_dir = escapeshellcmd($conf['nginx']['php_fpm_socket_dir']);
b1a6a5 1244             if(substr($socket_dir, -1) != '/') $socket_dir .= '/';
ca0b77 1245             if(!is_dir($socket_dir)) exec('mkdir -p '.$socket_dir);
F 1246             $fpm_socket = $socket_dir.'ispconfig.sock';
b1a6a5 1247
ca0b77 1248             //$content = str_replace('{fpm_port}', $conf['nginx']['php_fpm_start_port'], $content);
F 1249             $content = str_replace('{fpm_socket}', $fpm_socket, $content);
1bd269 1250
F 1251             wf($vhost_conf_dir.'/ispconfig.vhost', $content);
b1a6a5 1252
1bd269 1253             unset($content);
b1a6a5 1254
1bd269 1255             // PHP-FPM
F 1256             // Dont just copy over the php-fpm pool template but add some custom settings
615a0a 1257             $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/php_fpm_pool.conf.master', 'tpl/php_fpm_pool.conf.master');
1bd269 1258             $content = str_replace('{fpm_pool}', 'ispconfig', $content);
ca0b77 1259             //$content = str_replace('{fpm_port}', $conf['nginx']['php_fpm_start_port'], $content);
F 1260             $content = str_replace('{fpm_socket}', $fpm_socket, $content);
1bd269 1261             $content = str_replace('{fpm_user}', 'ispconfig', $content);
F 1262             $content = str_replace('{fpm_group}', 'ispconfig', $content);
1263             wf($conf['nginx']['php_fpm_pool_dir'].'/ispconfig.conf', $content);
1264
1265             //copy('tpl/nginx_ispconfig.vhost.master', $vhost_conf_dir.'/ispconfig.vhost');
1266             //* and create the symlink
7e1cfb 1267             if($this->is_update == false) {
1bd269 1268                 if(@is_link($vhost_conf_enabled_dir.'/ispconfig.vhost')) unlink($vhost_conf_enabled_dir.'/ispconfig.vhost');
F 1269                 if(!@is_link($vhost_conf_enabled_dir.'/000-ispconfig.vhost')) {
b1a6a5 1270                     symlink($vhost_conf_dir.'/ispconfig.vhost', $vhost_conf_enabled_dir.'/000-ispconfig.vhost');
1bd269 1271                 }
76f197 1272             }
b1a6a5 1273
3b273a 1274             // create symlink from /usr/share/phpmyadmin to /usr/share/phpMyAdmin, if it is installed
b1a6a5 1275             if(!@file_exists('/usr/share/phpmyadmin') && @is_dir('/usr/share/phpMyAdmin')) symlink('/usr/share/phpMyAdmin/', '/usr/share/phpmyadmin');
0711af 1276         }
b1a6a5 1277
0711af 1278         // Make the Clamav log files readable by ISPConfig
T 1279         //exec('chmod +r /var/log/clamav/clamav.log');
1280         //exec('chmod +r /var/log/clamav/freshclam.log');
b1a6a5 1281
66768a 1282         //* Install the update script
b34f99 1283         if(is_file('/usr/local/bin/ispconfig_update_from_dev.sh')) unlink('/usr/local/bin/ispconfig_update_from_dev.sh');
MC 1284         exec('chown root /usr/local/ispconfig/server/scripts/update_from_dev.sh');
1285         exec('chmod 700 /usr/local/ispconfig/server/scripts/update_from_dev.sh');
66768a 1286         exec('chown root /usr/local/ispconfig/server/scripts/update_from_tgz.sh');
T 1287         exec('chmod 700 /usr/local/ispconfig/server/scripts/update_from_tgz.sh');
1288         exec('chown root /usr/local/ispconfig/server/scripts/ispconfig_update.sh');
1289         exec('chmod 700 /usr/local/ispconfig/server/scripts/ispconfig_update.sh');
b34f99 1290         if(!is_link('/usr/local/bin/ispconfig_update_from_dev.sh')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_update.sh /usr/local/bin/ispconfig_update_from_dev.sh');
608a8c 1291         if(!is_link('/usr/local/bin/ispconfig_update.sh')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_update.sh /usr/local/bin/ispconfig_update.sh');
b1a6a5 1292
76f197 1293         // set the fast cgi starter script to executable
T 1294         // exec('chmod 755 '.$install_dir.'/interface/bin/php-fcgi');
b1a6a5 1295
0711af 1296         //* Make the logs readable for the ispconfig user
T 1297         if(@is_file('/var/log/maillog')) exec('chmod +r /var/log/maillog');
1298         //if(@is_file('/var/log/mail.warn')) exec('chmod +r /var/log/mail.warn');
1299         //if(@is_file('/var/log/mail.err')) exec('chmod +r /var/log/mail.err');
1300         if(@is_file('/var/log/messages')) exec('chmod +r /var/log/messages');
b1a6a5 1301
0711af 1302         //To enable apache to read the directories
T 1303         // exec('chmod a+rx /usr/local/ispconfig');
1304         // exec('chmod -R 751 /usr/local/ispconfig/interface');
1305         // exec('chmod a+rx /usr/local/ispconfig/interface/web');
b1a6a5 1306
d9c8a7 1307         //* Create the ispconfig log directory
e38d14 1308         if(!is_dir($conf['ispconfig_log_dir'])) mkdir($conf['ispconfig_log_dir']);
J 1309         if(!is_file($conf['ispconfig_log_dir'].'/ispconfig.log')) exec('touch '.$conf['ispconfig_log_dir'].'/ispconfig.log');
b1a6a5 1310
0c5b42 1311         if(is_user('getmail')) {
T 1312             exec('mv /usr/local/ispconfig/server/scripts/run-getmail.sh /usr/local/bin/run-getmail.sh');
1313             exec('chown getmail /usr/local/bin/run-getmail.sh');
1314             exec('chmod 744 /usr/local/bin/run-getmail.sh');
1315         }
b1a6a5 1316
9f56bd 1317         // Edit the file Edit the file /etc/sudoers and comment out the requiregetty line, otherwise the backup function will fail
b1a6a5 1318         replaceLine('/etc/sudoers', 'Defaults    requiretty', '#Defaults    requiretty', 0, 0);
MC 1319
8cf78b 1320         if(is_dir($install_dir.'/interface/invoices')) {
e94a9f 1321             exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
T 1322             exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
edf806 1323         }
b1a6a5 1324
0799f8 1325         //* Create the ispconfig auth log file and set uid/gid
T 1326         if(!is_file($conf['ispconfig_log_dir'].'/auth.log')) {
1327             touch($conf['ispconfig_log_dir'].'/auth.log');
1328         }
1329         exec('chown ispconfig:ispconfig '. $conf['ispconfig_log_dir'].'/auth.log');
1330         exec('chmod 660 '. $conf['ispconfig_log_dir'].'/auth.log');
b1a6a5 1331
d71bae 1332         //* Remove Domain module as its functions are available in the client module now
T 1333         if(@is_dir('/usr/local/ispconfig/interface/web/domain')) exec('rm -rf /usr/local/ispconfig/interface/web/domain');
021aec 1334         
TB 1335         // Add symlink for patch tool
1336         if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch');
c83951 1337         
TB 1338         // Change mode of a few files from amavisd
1339         if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640);
1340         if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);
1341         if(is_file($conf['amavis']['config_dir'].'/amavisd.conf')) chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
1342         if(is_file($conf['amavis']['config_dir'].'/amavisd.conf~')) chmod($conf['amavis']['config_dir'].'/amavisd.conf~', 0400);
0711af 1343     }
T 1344 }
1345
fd4cfd 1346 ?>