Michel Käser
2015-05-16 82e9b9e7c7ecf1664a7b0d4e57a5c4893739559d
commit | author | age
32d8e9 1 <?php
T 2
3 /*
4 Copyright (c) 2007, Till Brehm, projektfarm Gmbh
5 All rights reserved.
6
7 Redistribution and use in source and binary forms, with or without modification,
8 are permitted provided that the following conditions are met:
9
10     * Redistributions of source code must retain the above copyright notice,
11       this list of conditions and the following disclaimer.
12     * Redistributions in binary form must reproduce the above copyright notice,
13       this list of conditions and the following disclaimer in the documentation
14       and/or other materials provided with the distribution.
15     * Neither the name of ISPConfig nor the names of its contributors
16       may be used to endorse or promote products derived from this software without
17       specific prior written permission.
18
19 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
20 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
23 INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
24 BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
26 OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
28 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */
30
31 class installer_dist extends installer_base {
60b700 32     
MC 33     public function __construct() {
34         //** check apache modules */
35         $mods = getapachemodules();
36         if(in_array('authz_compat', $mods, true)) {
37             swriteln($inst->lng('    WARNING! You are using mod_authz_compat.'));
38             swriteln($inst->lng('    Please make sure that your apache config uses the new auth syntax:'));
39             swriteln($inst->lng('    <Directory />'));
40             swriteln($inst->lng('    Options None'));
41             swriteln($inst->lng('    AllowOverride None'));
42             swriteln($inst->lng('    Require all denied'));
43             swriteln($inst->lng('    </Directory>'."\n"));
44             
45             swriteln($inst->lng('    If it uses the old syntax (deny from all) ISPConfig would fail to work.'));
46         }
47     }
48     
526b99 49     public function configure_mailman($status = 'insert') {
T 50         global $conf;
51
52         $config_dir = $conf['mailman']['config_dir'].'/';
53         $full_file_name = $config_dir.'mm_cfg.py';
54         //* Backup exiting file
55         if(is_file($full_file_name)) {
56             copy($full_file_name, $config_dir.'mm_cfg.py~');
57         }
58
59         // load files
615a0a 60         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/mm_cfg.py.master', 'tpl/mm_cfg.py.master');
526b99 61         $old_file = rf($full_file_name);
T 62
63         $old_options = array();
64         $lines = explode("\n", $old_file);
65         foreach ($lines as $line)
66         {
67             if (trim($line) != '' && substr($line, 0, 1) != '#')
68             {
69                 @list($key, $value) = @explode("=", $line);
70                 if (!empty($value))
71                 {
72                     $key = rtrim($key);
73                     $old_options[$key] = trim($value);
74                 }
75             }
76         }
b1a6a5 77
526b99 78         if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');
T 79         exec('/usr/sbin/postmap /var/lib/mailman/data/transport-mailman');
80
81         $virtual_domains = '';
82         if($status == 'update')
83         {
84             // create virtual_domains list
85             $domainAll = $this->db->queryAllRecords("SELECT domain FROM mail_mailinglist GROUP BY domain");
86
87             if(is_array($domainAll)) {
b1a6a5 88                 foreach($domainAll as $domain)
MC 89                 {
90                     if ($domainAll[0]['domain'] == $domain['domain'])
91                         $virtual_domains .= "'".$domain['domain']."'";
92                     else
93                         $virtual_domains .= ", '".$domain['domain']."'";
94                 }
526b99 95             }
T 96         }
97         else
98             $virtual_domains = "' '";
99
100         $content = str_replace('{hostname}', $conf['hostname'], $content);
101         if(!isset($old_options['DEFAULT_SERVER_LANGUAGE'])) $old_options['DEFAULT_SERVER_LANGUAGE'] = '';
102         $content = str_replace('{default_language}', $old_options['DEFAULT_SERVER_LANGUAGE'], $content);
103         $content = str_replace('{virtual_domains}', $virtual_domains, $content);
104
105         wf($full_file_name, $content);
b1a6a5 106
3f478f 107         //* Write virtual_to_transport.sh script
T 108         $config_dir = $conf['mailman']['config_dir'].'/';
109         $full_file_name = $config_dir.'virtual_to_transport.sh';
b1a6a5 110
3f478f 111         //* Backup exiting virtual_to_transport.sh script
T 112         if(is_file($full_file_name)) {
113             copy($full_file_name, $config_dir.'virtual_to_transport.sh~');
114         }
b1a6a5 115
3f478f 116         if(is_dir('/etc/mailman')) {
615a0a 117             if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/mailman-virtual_to_transport.sh')) {
b1a6a5 118                 copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/mailman-virtual_to_transport.sh', $full_file_name);
MC 119             } else {
120                 copy('tpl/mailman-virtual_to_transport.sh', $full_file_name);
121             }
122             chgrp($full_file_name, 'mailman');
123             chmod($full_file_name, 0750);
3f478f 124         }
b1a6a5 125
3f478f 126         //* Create aliasaes
T 127         exec('/usr/lib/mailman/bin/genaliases 2>/dev/null');
c71d48 128         if(is_file('/var/lib/mailman/data/virtual-mailman')) exec('postmap /var/lib/mailman/data/virtual-mailman');
526b99 129     }
b1a6a5 130
32d8e9 131     function configure_postfix($options = '')
b1a6a5 132     {
b51c22 133         global $conf,$autoinstall;
32d8e9 134         $cf = $conf['postfix'];
T 135         $config_dir = $cf['config_dir'];
b1a6a5 136
32d8e9 137         if(!is_dir($config_dir)){
b1a6a5 138             $this->error("The postfix configuration directory '$config_dir' does not exist.");
MC 139         }
140
32d8e9 141         //* mysql-virtual_domains.cf
b1a6a5 142         $this->process_postfix_config('mysql-virtual_domains.cf');
32d8e9 143
T 144         //* mysql-virtual_forwardings.cf
b1a6a5 145         $this->process_postfix_config('mysql-virtual_forwardings.cf');
32d8e9 146
T 147         //* mysql-virtual_mailboxes.cf
b1a6a5 148         $this->process_postfix_config('mysql-virtual_mailboxes.cf');
32d8e9 149
T 150         //* mysql-virtual_email2email.cf
b1a6a5 151         $this->process_postfix_config('mysql-virtual_email2email.cf');
32d8e9 152
T 153         //* mysql-virtual_transports.cf
b1a6a5 154         $this->process_postfix_config('mysql-virtual_transports.cf');
32d8e9 155
T 156         //* mysql-virtual_recipient.cf
b1a6a5 157         $this->process_postfix_config('mysql-virtual_recipient.cf');
32d8e9 158
T 159         //* mysql-virtual_sender.cf
b1a6a5 160         $this->process_postfix_config('mysql-virtual_sender.cf');
32d8e9 161
03b633 162         //* mysql-virtual_sender_login_maps.cf
D 163         $this->process_postfix_config('mysql-virtual_sender_login_maps.cf');
164         
32d8e9 165         //* mysql-virtual_client.cf
b1a6a5 166         $this->process_postfix_config('mysql-virtual_client.cf');
MC 167
32d8e9 168         //* mysql-virtual_relaydomains.cf
b1a6a5 169         $this->process_postfix_config('mysql-virtual_relaydomains.cf');
MC 170
429dcf 171         //* mysql-virtual_relayrecipientmaps.cf
b1a6a5 172         $this->process_postfix_config('mysql-virtual_relayrecipientmaps.cf');
32d8e9 173
75722e 174         //* mysql-virtual_policy_greylist.cf
D 175         $this->process_postfix_config('mysql-virtual_policy_greylist.cf');
176
b1a6a5 177         //* postfix-dkim
MC 178         $full_file_name=$config_dir.'/tag_as_originating.re';
179         if(is_file($full_file_name)) {
180             copy($full_file_name, $config_dir.$configfile.'~');
181         }
182         wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10026');
ec5716 183
b1a6a5 184         $full_file_name=$config_dir.'/tag_as_foreign.re';
MC 185         if(is_file($full_file_name)) {
186             copy($full_file_name, $config_dir.$configfile.'~');
187         }
188         wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10024');
ec5716 189
32d8e9 190         //* Changing mode and group of the new created config files.
T 191         caselog('chmod o= '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
b1a6a5 192             __FILE__, __LINE__, 'chmod on mysql-virtual_*.cf*', 'chmod on mysql-virtual_*.cf* failed');
MC 193         caselog('chgrp '.$cf['group'].' '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
194             __FILE__, __LINE__, 'chgrp on mysql-virtual_*.cf*', 'chgrp on mysql-virtual_*.cf* failed');
195
1ca823 196         if(!is_dir($cf['vmail_mailbox_base'])) mkdir($cf['vmail_mailbox_base']);
b1a6a5 197
32d8e9 198         //* Creating virtual mail user and group
fdb514 199         if(is_group($cf['vmail_groupname'])) {
T 200             $command = 'groupmod -g '.$cf['vmail_groupid'].' '.$cf['vmail_groupname'];
201             caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
202         } else {
203             $command = 'groupadd -g '.$cf['vmail_groupid'].' '.$cf['vmail_groupname'];
204             caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
205         }
b1a6a5 206
fdb514 207         if(is_user($cf['vmail_username'])) {
T 208             $command = 'usermod -g '.$cf['vmail_groupname'].' -u '.$cf['vmail_userid'].' -d '.$cf['vmail_mailbox_base'].' -s /bin/bash '.$cf['vmail_username'];
209             caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
210         } else {
211             $command = 'useradd -g '.$cf['vmail_groupname'].' -u '.$cf['vmail_userid'].' '.$cf['vmail_username'].' -d '.$cf['vmail_mailbox_base'].' -m';
212             caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
8f898a 213         }
b1a6a5 214
d2e848 215         if($cf['vmail_mailbox_base'] != '' && strlen($cf['vmail_mailbox_base']) >= 10 && $this->is_update === false) exec('chown -R '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base']);
b1a6a5 216
b67344 217         //* These postconf commands will be executed on installation and update
2af58c 218         $server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ?", $conf['server_id']);
7b47c0 219         $server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
T 220         unset($server_ini_rec);
221
222         //* If there are RBL's defined, format the list and add them to smtp_recipient_restrictions to prevent removeal after an update
223         $rbl_list = '';
224         if (@isset($server_ini_array['mail']['realtime_blackhole_list']) && $server_ini_array['mail']['realtime_blackhole_list'] != '') {
b1a6a5 225             $rbl_hosts = explode(",", str_replace(" ", "", $server_ini_array['mail']['realtime_blackhole_list']));
7b47c0 226             foreach ($rbl_hosts as $key => $value) {
T 227                 $rbl_list .= ", reject_rbl_client ". $value;
228             }
229         }
230         unset($rbl_hosts);
b1a6a5 231
75722e 232         //* If Postgrey is installed, configure it
D 233         $greylisting = '';
234         if($conf['postgrey']['installed'] == true) {
20f478 235             $greylisting = ', check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf';
75722e 236         }
D 237         
20f478 238         $reject_sender_login_mismatch = '';
D 239         if(isset($server_ini_array['mail']['reject_sender_login_mismatch']) && ($server_ini_array['mail']['reject_sender_login_mismatch'] == 'y')) {
240             $reject_sender_login_mismatch = ', reject_authenticated_sender_login_mismatch';
241         }
242         unset($server_ini_array);
243         
b1a6a5 244         $postconf_placeholders = array('{config_dir}' => $config_dir,
MC 245             '{vmail_mailbox_base}' => $cf['vmail_mailbox_base'],
246             '{vmail_userid}' => $cf['vmail_userid'],
247             '{vmail_groupid}' => $cf['vmail_groupid'],
75722e 248             '{rbl_list}' => $rbl_list,
D 249             '{greylisting}' => $greylisting,
20f478 250             '{reject_slm}' => $reject_sender_login_mismatch,
75722e 251         );
20f478 252         
b1a6a5 253         $postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_postfix.conf.master', 'tpl/opensuse_postfix.conf.master');
MC 254         $postconf_tpl = strtr($postconf_tpl, $postconf_placeholders);
255         $postconf_commands = array_filter(explode("\n", $postconf_tpl)); // read and remove empty lines
256
b67344 257         //* These postconf commands will be executed on installation only
T 258         if($this->is_update == false) {
b1a6a5 259             $postconf_commands = array_merge($postconf_commands, array(
MC 260                     'myhostname = '.$conf['hostname'],
261                     'mydestination = '.$conf['hostname'].', localhost, localhost.localdomain',
262                     'mynetworks = 127.0.0.0/8 [::1]/128'
263                 ));
b67344 264         }
b1a6a5 265
32d8e9 266         //* Create the header and body check files
T 267         touch($config_dir.'/header_checks');
268         touch($config_dir.'/mime_header_checks');
269         touch($config_dir.'/nested_header_checks');
270         touch($config_dir.'/body_checks');
b1a6a5 271
3f478f 272         //* Create the mailman files
T 273         if(!is_dir('/var/lib/mailman/data')) exec('mkdir -p /var/lib/mailman/data');
274         if(!is_file('/var/lib/mailman/data/aliases')) touch('/var/lib/mailman/data/aliases');
275         exec('postalias /var/lib/mailman/data/aliases');
276         if(!is_file('/var/lib/mailman/data/virtual-mailman')) touch('/var/lib/mailman/data/virtual-mailman');
277         exec('postmap /var/lib/mailman/data/virtual-mailman');
278         if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');
279         exec('/usr/sbin/postmap /var/lib/mailman/data/transport-mailman');
b1a6a5 280
32d8e9 281         //* Make a backup copy of the main.cf file
T 282         copy($config_dir.'/main.cf', $config_dir.'/main.cf~');
b1a6a5 283
32d8e9 284         //* Executing the postconf commands
T 285         foreach($postconf_commands as $cmd) {
286             $command = "postconf -e '$cmd'";
287             caselog($command." &> /dev/null", __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
288         }
b1a6a5 289
MC 290         if(!stristr($options, 'dont-create-certs')) {
32d8e9 291             //* Create the SSL certificate
b04e82 292             if(AUTOINSTALL){
TB 293                 $command = 'cd '.$config_dir.'; '
294                     ."openssl req -new -subj '/C=".escapeshellcmd($autoinstall['ssl_cert_country'])."/ST=".escapeshellcmd($autoinstall['ssl_cert_state'])."/L=".escapeshellcmd($autoinstall['ssl_cert_locality'])."/O=".escapeshellcmd($autoinstall['ssl_cert_organisation'])."/OU=".escapeshellcmd($autoinstall['ssl_cert_organisation_unit'])."/CN=".escapeshellcmd($autoinstall['ssl_cert_common_name'])."' -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509";
295             } else {
296                 $command = 'cd '.$config_dir.'; '
297                     .'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';
298             }
32d8e9 299             exec($command);
b1a6a5 300
32d8e9 301             $command = 'chmod o= '.$config_dir.'/smtpd.key';
T 302             caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
303         }
b1a6a5 304
32d8e9 305         //** We have to change the permissions of the courier authdaemon directory to make it accessible for maildrop.
T 306         $command = 'chmod 755  /var/run/authdaemon.courier-imap';
307         caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
b1a6a5 308
MC 309         //* Changing maildrop lines in posfix master.cf
32d8e9 310         if(is_file($config_dir.'/master.cf')){
b1a6a5 311             copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
MC 312         }
32d8e9 313         if(is_file($config_dir.'/master.cf~')){
b1a6a5 314             exec('chmod 400 '.$config_dir.'/master.cf~');
MC 315         }
32d8e9 316         $configfile = $config_dir.'/master.cf';
T 317         $content = rf($configfile);
b1a6a5 318
MC 319         $content = str_replace('  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}',
320             '  flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
321             $content);
322
323         $content = str_replace('  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}',
324             '  flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
325             $content);
326
fdb514 327         // enable tlsmanager
b1a6a5 328         $content = str_replace('#tlsmgr    unix  -       -       n       1000?   1       tlsmgr', 'tlsmgr    unix  -       -       n       1000?   1       tlsmgr', $content);
MC 329
32d8e9 330         wf($configfile, $content);
b1a6a5 331
32d8e9 332         //* Writing the Maildrop mailfilter file
T 333         $configfile = 'mailfilter';
334         if(is_file($cf['vmail_mailbox_base'].'/.'.$configfile)){
b1a6a5 335             copy($cf['vmail_mailbox_base'].'/.'.$configfile, $cf['vmail_mailbox_base'].'/.'.$configfile.'~');
MC 336         }
615a0a 337         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
32d8e9 338         $content = str_replace('{dist_postfix_vmail_mailbox_base}', $cf['vmail_mailbox_base'], $content);
T 339         wf($cf['vmail_mailbox_base'].'/.'.$configfile, $content);
b1a6a5 340
32d8e9 341         //* Create the directory for the custom mailfilters
T 342         $command = 'mkdir '.$cf['vmail_mailbox_base'].'/mailfilters';
343         caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 344
32d8e9 345         //* Chmod and chown the .mailfilter file
T 346         $command = 'chown -R '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base'].'/.mailfilter';
347         caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 348
32d8e9 349         $command = 'chmod -R 600 '.$cf['vmail_mailbox_base'].'/.mailfilter';
T 350         caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 351
32d8e9 352     }
b1a6a5 353
32d8e9 354     public function configure_saslauthd() {
T 355         global $conf;
b1a6a5 356
32d8e9 357         /*
T 358         $configfile = 'sasl_smtpd.conf';
359         if(is_file('/etc/sasl2/smtpd.conf')) copy('/etc/sasl2/smtpd.conf','/etc/sasl2/smtpd.conf~');
360         if(is_file('/etc/sasl2/smtpd.conf~')) exec('chmod 400 '.'/etc/sasl2/smtpd.conf~');
361         $content = rf("tpl/".$configfile.".master");
362         $content = str_replace('{mysql_server_ispconfig_user}',$conf['mysql']['ispconfig_user'],$content);
363         $content = str_replace('{mysql_server_ispconfig_password}',$conf['mysql']['ispconfig_password'], $content);
364         $content = str_replace('{mysql_server_database}',$conf['mysql']['database'],$content);
365         $content = str_replace('{mysql_server_ip}',$conf['mysql']['ip'],$content);
366         wf('/etc/sasl2/smtpd.conf',$content);
367         */
b1a6a5 368
32d8e9 369         // TODO: Chmod and chown on the config file
b1a6a5 370
MC 371
32d8e9 372         /*
T 373         // Create the spool directory
374         exec('mkdir -p /var/spool/postfix/var/run/saslauthd');
b1a6a5 375
32d8e9 376         // Edit the file /etc/default/saslauthd
T 377         $configfile = $conf["saslauthd"]["config"];
378         if(is_file($configfile)) copy($configfile,$configfile.'~');
379         if(is_file($configfile.'~')) exec('chmod 400 '.$configfile.'~');
380         $content = rf($configfile);
381         $content = str_replace('START=no','START=yes',$content);
382         $content = str_replace('OPTIONS="-c"','OPTIONS="-m /var/spool/postfix/var/run/saslauthd -r"',$content);
383         wf($configfile,$content);
384         */
b1a6a5 385
32d8e9 386         // Edit the file /etc/init.d/saslauthd
T 387         $configfile = $conf["init_scripts"].'/'.$conf["saslauthd"]["init_script"];
388         $content = rf($configfile);
b1a6a5 389         $content = str_replace('/sbin/startproc $AUTHD_BIN -a $SASLAUTHD_AUTHMECH -n $SASLAUTHD_THREADS > /dev/null 2>&1', '/sbin/startproc $AUTHD_BIN -r -a $SASLAUTHD_AUTHMECH -n $SASLAUTHD_THREADS > /dev/null 2>&1', $content);
MC 390         $content = str_replace('/sbin/startproc $AUTHD_BIN $SASLAUTHD_PARAMS -a $SASLAUTHD_AUTHMECH -n $SASLAUTHD_THREADS > /dev/null 2>&1', '/sbin/startproc $AUTHD_BIN $SASLAUTHD_PARAMS -r -a $SASLAUTHD_AUTHMECH -n $SASLAUTHD_THREADS > /dev/null 2>&1', $content);
391
392
393         if(is_file($configfile)) wf($configfile, $content);
394
395
396
32d8e9 397     }
b1a6a5 398
32d8e9 399     public function configure_pam()
b1a6a5 400     {
32d8e9 401         global $conf;
T 402         $pam = $conf['pam'];
403         //* configure pam for SMTP authentication agains the ispconfig database
404         $configfile = 'pamd_smtp';
405         if(is_file("$pam/smtp"))    copy("$pam/smtp", "$pam/smtp~");
406         if(is_file("$pam/smtp~"))   exec("chmod 400 $pam/smtp~");
407
615a0a 408         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
32d8e9 409         $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
T 410         $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
411         $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
412         $content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
413         wf("$pam/smtp", $content);
03bff7 414         // On some OSes smtp is world readable which allows for reading database information.  Removing world readable rights should have no effect.
T 415         if(is_file("$pam/smtp"))    exec("chmod o= $pam/smtp");
32d8e9 416         //exec("chmod 660 $pam/smtp");
T 417         //exec("chown root:root $pam/smtp");
b1a6a5 418
32d8e9 419     }
b1a6a5 420
32d8e9 421     public function configure_courier()
b1a6a5 422     {
32d8e9 423         global $conf;
T 424         $config_dir = $conf['courier']['config_dir'];
425         //* authmysqlrc
426         $configfile = 'authmysqlrc';
427         if(is_file("$config_dir/$configfile")){
b1a6a5 428             copy("$config_dir/$configfile", "$config_dir/$configfile~");
MC 429         }
32d8e9 430         exec("chmod 400 $config_dir/$configfile~");
615a0a 431         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
b1a6a5 432         $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC 433         $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
434         $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
435         $content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
82e9b9 436         $content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
32d8e9 437         wf("$config_dir/$configfile", $content);
b1a6a5 438
32d8e9 439         exec("chmod 660 $config_dir/$configfile");
T 440         exec("chown root:root $config_dir/$configfile");
b1a6a5 441
32d8e9 442         //* authdaemonrc
T 443         $configfile = $conf['courier']['config_dir'].'/authdaemonrc';
444         if(is_file($configfile)){
b1a6a5 445             copy($configfile, $configfile.'~');
MC 446         }
32d8e9 447         if(is_file($configfile.'~')){
b1a6a5 448             exec('chmod 400 '.$configfile.'~');
MC 449         }
32d8e9 450         $content = rf($configfile);
T 451         $content = str_replace('authmodulelist=', 'authmodulelist="authmysql"', $content);
452         wf($configfile, $content);
453     }
b1a6a5 454
fdb514 455     public function configure_dovecot()
b1a6a5 456     {
fdb514 457         global $conf;
b1a6a5 458
a8aad2 459         $virtual_transport = 'dovecot';
DM 460         
461         // check if virtual_transport must be changed
462         if ($this->is_update) {
2af58c 463             $tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
a8aad2 464             $ini_array = ini_to_array(stripslashes($tmp['config']));
DM 465             // ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
466             
467             if(isset($ini_array['mail']['mailbox_virtual_uidgid_maps']) && $ini_array['mail']['mailbox_virtual_uidgid_maps'] == 'y') {
468                 $virtual_transport = 'lmtp:unix:private/dovecot-lmtp';
469             }
470         }
471
fdb514 472         $config_dir = $conf['dovecot']['config_dir'];
b1a6a5 473
fdb514 474         //* Configure master.cf and add a line for deliver
T 475         if(is_file($config_dir.'/master.cf')){
b1a6a5 476             copy($config_dir.'/master.cf', $config_dir.'/master.cf~2');
MC 477         }
fdb514 478         if(is_file($config_dir.'/master.cf~')){
b1a6a5 479             exec('chmod 400 '.$config_dir.'/master.cf~2');
MC 480         }
fdb514 481         $content = rf($conf["postfix"]["config_dir"].'/master.cf');
T 482         // Only add the content if we had not addded it before
b1a6a5 483         if(!stristr($content, "dovecot/deliver")) {
013ae4 484             $deliver_content = 'dovecot   unix  -       n       n       -       -       pipe'."\n".'  flags=DROhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}';
b1a6a5 485             af($conf["postfix"]["config_dir"].'/master.cf', $deliver_content);
fdb514 486         }
T 487         unset($content);
488         unset($deliver_content);
b1a6a5 489
MC 490
fdb514 491         //* Reconfigure postfix to use dovecot authentication
T 492         // Adding the amavisd commands to the postfix configuration
493         $postconf_commands = array (
494             'dovecot_destination_recipient_limit = 1',
a8aad2 495             'virtual_transport = '.$virtual_transport,
fdb514 496             'smtpd_sasl_type = dovecot',
T 497             'smtpd_sasl_path = private/auth',
498         );
b1a6a5 499
fdb514 500         // Make a backup copy of the main.cf file
b1a6a5 501         copy($conf["postfix"]["config_dir"].'/main.cf', $conf["postfix"]["config_dir"].'/main.cf~3');
MC 502
fdb514 503         // Executing the postconf commands
T 504         foreach($postconf_commands as $cmd) {
505             $command = "postconf -e '$cmd'";
506             caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
507         }
b1a6a5 508
31e0d1 509         //* backup dovecot.conf
fdb514 510         $configfile = 'dovecot.conf';
T 511         if(is_file("$config_dir/$configfile")){
b1a6a5 512             copy("$config_dir/$configfile", "$config_dir/$configfile~");
MC 513         }
514
31e0d1 515         //* Get the dovecot version
b1a6a5 516         exec('dovecot --version', $tmp);
MC 517         $parts = explode('.', trim($tmp[0]));
31e0d1 518         $dovecot_version = $parts[0];
T 519         unset($tmp);
520         unset($parts);
b1a6a5 521
31e0d1 522         //* Copy dovecot configuration file
T 523         if($dovecot_version == 2) {
b1a6a5 524             if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_dovecot2.conf.master')) {
MC 525                 copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_dovecot2.conf.master', $config_dir.'/'.$configfile);
526             } else {
527                 copy('tpl/opensuse_dovecot2.conf.master', $config_dir.'/'.$configfile);
528             }
31e0d1 529         } else {
b1a6a5 530             if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_dovecot.conf.master')) {
MC 531                 copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_dovecot.conf.master', $config_dir.'/'.$configfile);
532             } else {
533                 copy('tpl/opensuse_dovecot.conf.master', $config_dir.'/'.$configfile);
534             }
31e0d1 535         }
b1a6a5 536
fdb514 537         //* dovecot-sql.conf
T 538         $configfile = 'dovecot-sql.conf';
539         if(is_file("$config_dir/$configfile")){
b1a6a5 540             copy("$config_dir/$configfile", "$config_dir/$configfile~");
b67344 541             exec("chmod 400 $config_dir/$configfile~");
b1a6a5 542         }
MC 543
615a0a 544         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_dovecot-sql.conf.master', "tpl/opensuse_dovecot-sql.conf.master");
b1a6a5 545         $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC 546         $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
547         $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
548         $content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
82e9b9 549         $content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
032b86 550         $content = str_replace('{server_id}', $conf['server_id'], $content);
fdb514 551         wf("$config_dir/$configfile", $content);
b1a6a5 552
fdb514 553         exec("chmod 600 $config_dir/$configfile");
T 554         exec("chown root:root $config_dir/$configfile");
5e7306 555         
TB 556         // Dovecot shall ignore mounts in website directory
f9d95c 557         if(is_installed('doveadm')) exec("doveadm mount add '/srv/www/*' ignore > /dev/null 2> /dev/null");
fdb514 558
T 559     }
b1a6a5 560
32d8e9 561     public function configure_amavis() {
T 562         global $conf;
b1a6a5 563
32d8e9 564         // amavisd user config file
T 565         $configfile = 'opensuse_amavisd_conf';
b1a6a5 566         if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf')) @copy($conf["amavis"]["config_dir"].'/amavisd.conf', $conf["amavis"]["config_dir"].'/amavisd.conf~');
32d8e9 567         if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf~')) exec('chmod 400 '.$conf["amavis"]["config_dir"].'/amavisd.conf~');
615a0a 568         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/".$configfile.".master");
b1a6a5 569         $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC 570         $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
571         $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
572         $content = str_replace('{mysql_server_port}', $conf["mysql"]["port"], $content);
573         $content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
574         wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content);
c83951 575         chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
b1a6a5 576
MC 577
32d8e9 578         // Adding the amavisd commands to the postfix configuration
T 579         $postconf_commands = array (
580             'content_filter = amavis:[127.0.0.1]:10024',
581             'receive_override_options = no_address_mappings'
582         );
b1a6a5 583
32d8e9 584         // Make a backup copy of the main.cf file
b1a6a5 585         copy($conf["postfix"]["config_dir"].'/main.cf', $conf["postfix"]["config_dir"].'/main.cf~2');
MC 586
32d8e9 587         // Executing the postconf commands
T 588         foreach($postconf_commands as $cmd) {
589             $command = "postconf -e '$cmd'";
590             caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
591         }
b1a6a5 592
32d8e9 593         // Append the configuration for amavisd to the master.cf file
b1a6a5 594         if(is_file($conf["postfix"]["config_dir"].'/master.cf')) copy($conf["postfix"]["config_dir"].'/master.cf', $conf["postfix"]["config_dir"].'/master.cf~');
32d8e9 595         $content = rf($conf["postfix"]["config_dir"].'/master.cf');
8100f2 596         // Only add the content if we had not addded it before
f0bed3 597         if(!preg_match('/^amavis\s+unix\s+/m', $content)) {
32d8e9 598             unset($content);
8100f2 599             $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis.master', 'tpl/master_cf_amavis.master');
F 600             af($conf['postfix']['config_dir'].'/master.cf', $content);
601             $content = rf($conf['postfix']['config_dir'].'/master.cf');
602         }
603         if(!preg_match('/^127.0.0.1:10025\s+/m', $content)) {
604             unset($content);
605             $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10025.master', 'tpl/master_cf_amavis10025.master');
606             af($conf['postfix']['config_dir'].'/master.cf', $content);
607             $content = rf($conf['postfix']['config_dir'].'/master.cf');
608         }
609         if(!preg_match('/^127.0.0.1:10027\s+/m', $content)) {
610             unset($content);
611             $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10027.master', 'tpl/master_cf_amavis10027.master');
612             af($conf['postfix']['config_dir'].'/master.cf', $content);
32d8e9 613         }
T 614         unset($content);
b1a6a5 615
32d8e9 616         // Add the clamav user to the vscan group
5edf40 617         //exec('groupmod --add-user clamav vscan');
TB 618         $command = 'usermod -a -G clamav vscan';
619         caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 620
MC 621
32d8e9 622     }
b1a6a5 623
32d8e9 624     public function configure_spamassassin()
b1a6a5 625     {
32d8e9 626         global $conf;
b1a6a5 627
32d8e9 628         //* Enable spamasasssin on debian and ubuntu
T 629         /*
630         $configfile = '/etc/default/spamassassin';
631         if(is_file($configfile)){
632             copy($configfile, $configfile.'~');
633         }
634         $content = rf($configfile);
635         $content = str_replace('ENABLED=0', 'ENABLED=1', $content);
636         wf($configfile, $content);
637         */
638     }
b1a6a5 639
32d8e9 640     public function configure_getmail()
b1a6a5 641     {
32d8e9 642         global $conf;
b1a6a5 643
32d8e9 644         $config_dir = $conf['getmail']['config_dir'];
b1a6a5 645
32d8e9 646         if(!is_dir($config_dir)) exec("mkdir -p ".escapeshellcmd($config_dir));
T 647
648         $command = "useradd -d $config_dir getmail";
649         if(!is_user('getmail')) caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 650
32d8e9 651         $command = "chown -R getmail $config_dir";
T 652         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 653
32d8e9 654         $command = "chmod -R 700 $config_dir";
T 655         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
656     }
b1a6a5 657
MC 658
32d8e9 659     public function configure_pureftpd()
b1a6a5 660     {
32d8e9 661         global $conf;
b1a6a5 662
32d8e9 663         $config_dir = $conf['pureftpd']['config_dir'];
T 664
665         //* configure pam for SMTP authentication agains the ispconfig database
666         $configfile = 'db/mysql.conf';
667         if(is_file("$config_dir/$configfile")){
b1a6a5 668             copy("$config_dir/$configfile", "$config_dir/$configfile~");
MC 669         }
32d8e9 670         if(is_file("$config_dir/$configfile~")){
b1a6a5 671             exec("chmod 400 $config_dir/$configfile~");
MC 672         }
615a0a 673         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/pureftpd_mysql.conf.master', 'tpl/pureftpd_mysql.conf.master');
32d8e9 674         $content = str_replace('{mysql_server_ispconfig_user}', $conf["mysql"]["ispconfig_user"], $content);
T 675         $content = str_replace('{mysql_server_ispconfig_password}', $conf["mysql"]["ispconfig_password"], $content);
676         $content = str_replace('{mysql_server_database}', $conf["mysql"]["database"], $content);
677         $content = str_replace('{mysql_server_ip}', $conf["mysql"]["ip"], $content);
678         $content = str_replace('{server_id}', $conf["server_id"], $content);
679         wf("$config_dir/$configfile", $content);
680         exec("chmod 600 $config_dir/$configfile");
681         exec("chown root:root $config_dir/$configfile");
b1a6a5 682
32d8e9 683         // copy our customized copy of pureftpd.conf to the pure-ftpd config directory
615a0a 684         if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_pureftpd_conf.master')) {
b1a6a5 685             exec("cp " . $conf['ispconfig_install_dir']."/server/conf-custom/install/opensuse_pureftpd_conf.master $config_dir/pure-ftpd.conf");
MC 686         } else {
687             exec("cp tpl/opensuse_pureftpd_conf.master $config_dir/pure-ftpd.conf");
688         }
689
32d8e9 690     }
b1a6a5 691
32d8e9 692     public function configure_mydns()
b1a6a5 693     {
32d8e9 694         global $conf;
b1a6a5 695
32d8e9 696         // configure pam for SMTP authentication agains the ispconfig database
T 697         $configfile = 'mydns.conf';
b1a6a5 698         if(is_file($conf["mydns"]["config_dir"].'/'.$configfile)) copy($conf["mydns"]["config_dir"].'/'.$configfile, $conf["mydns"]["config_dir"].'/'.$configfile.'~');
32d8e9 699         if(is_file($conf["mydns"]["config_dir"].'/'.$configfile.'~')) exec('chmod 400 '.$conf["mydns"]["config_dir"].'/'.$configfile.'~');
615a0a 700         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/".$configfile.".master");
b1a6a5 701         $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC 702         $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
703         $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
704         $content = str_replace('{mysql_server_host}', $conf["mysql"]["host"], $content);
82e9b9 705         $content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
b1a6a5 706         $content = str_replace('{server_id}', $conf["server_id"], $content);
MC 707         wf($conf["mydns"]["config_dir"].'/'.$configfile, $content);
32d8e9 708         exec('chmod 600 '.$conf["mydns"]["config_dir"].'/'.$configfile);
T 709         exec('chown root:root '.$conf["mydns"]["config_dir"].'/'.$configfile);
b1a6a5 710
32d8e9 711     }
b1a6a5 712
32d8e9 713     public function configure_apache()
b1a6a5 714     {
32d8e9 715         global $conf;
b1a6a5 716
1bd269 717         if($conf['apache']['installed'] == false) return;
32d8e9 718         //* Create the logging directory for the vhost logfiles
T 719         exec('mkdir -p /var/log/ispconfig/httpd');
6c9bc3 720         
TB 721         //* enable apache logio module
722         exec('a2enmod logio');
b1a6a5 723
32d8e9 724         //if(is_file('/etc/suphp.conf')) {
b1a6a5 725         replaceLine('/etc/suphp.conf', 'php=php', 'x-httpd-suphp="php:/srv/www/cgi-bin/php5"', 0, 0);
MC 726         replaceLine('/etc/suphp.conf', 'php="php', 'x-httpd-suphp="php:/srv/www/cgi-bin/php5"', 0, 0);
727         replaceLine('/etc/suphp.conf', 'docroot=', 'docroot=/srv/www', 0, 0);
728         replaceLine('/etc/suphp.conf', 'umask=0077', 'umask=0022', 0);
32d8e9 729         //}
b1a6a5 730
26c0fc 731         if(!file_exists('/srv/www/cgi-bin/php5') && file_exists('/srv/www/cgi-bin/php')) {
b1a6a5 732             symlink('/srv/www/cgi-bin/php', '/srv/www/cgi-bin/php5');
26c0fc 733         }
b1a6a5 734
dbe5b0 735         // Sites enabled and available dirs
32d8e9 736         exec('mkdir -p '.$conf['apache']['vhost_conf_enabled_dir']);
T 737         exec('mkdir -p '.$conf['apache']['vhost_conf_dir']);
b1a6a5 738
32d8e9 739         $content = rf('/etc/apache2/httpd.conf');
b1a6a5 740         if(!stristr($content, 'Include /etc/apache2/sites-enabled/')) {
5545f1 741             af('/etc/apache2/httpd.conf', "\n<Directory /srv/www>\n    Options +FollowSymlinks\n</Directory>\n\nInclude /etc/apache2/sites-enabled/\n\n");
32d8e9 742         }
T 743         unset($content);
b1a6a5 744
32d8e9 745         //* Copy the ISPConfig configuration include
b1a6a5 746         $vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
MC 747         $vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
748
ccbf14 749         $tpl = new tpl('apache_ispconfig.conf.master');
TB 750         $tpl->setVar('apache_version',getapacheversion());
751         
2af58c 752         $records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);
ccbf14 753         $ip_addresses = array();
TB 754         
fb3a98 755         if(is_array($records) && count($records) > 0) {
32d8e9 756             foreach($records as $rec) {
a2156e 757                 if($rec['ip_type'] == 'IPv6') {
T 758                     $ip_address = '['.$rec['ip_address'].']';
759                 } else {
760                     $ip_address = $rec['ip_address'];
761                 }
b1a6a5 762                 $ports = explode(',', $rec['virtualhost_port']);
a2156e 763                 if(is_array($ports)) {
T 764                     foreach($ports as $port) {
765                         $port = intval($port);
766                         if($port > 0 && $port < 65536 && $ip_address != '') {
ccbf14 767                             $ip_addresses[] = array('ip_address' => $ip_address, 'port' => $port);
a2156e 768                         }
T 769                     }
770                 }
32d8e9 771             }
T 772         }
855547 773         
3de838 774         if(count($ip_addresses) > 0) $tpl->setLoop('ip_adresses',$ip_addresses);
855547 775         
ccbf14 776         wf($vhost_conf_dir.'/ispconfig.conf', $tpl->grab());
TB 777         unset($tpl);
b1a6a5 778
32d8e9 779         if(!@is_link($vhost_conf_enabled_dir."/000-ispconfig.conf")) {
T 780             exec("ln -s ".$vhost_conf_dir."/ispconfig.conf ".$vhost_conf_enabled_dir."/000-ispconfig.conf");
781         }
b1a6a5 782
99d5dc 783         //* make sure that webalizer finds its config file when it is directly in /etc
T 784         if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
785             exec('mkdir /etc/webalizer');
786             exec('ln -s /etc/webalizer.conf /etc/webalizer/webalizer.conf');
787         }
b1a6a5 788
99d5dc 789         if(is_file('/etc/webalizer/webalizer.conf')) {
T 790             // Change webalizer mode to incremental
b1a6a5 791             replaceLine('/etc/webalizer/webalizer.conf', '#IncrementalName', 'IncrementalName webalizer.current', 0, 0);
MC 792             replaceLine('/etc/webalizer/webalizer.conf', '#Incremental', 'Incremental     yes', 0, 0);
793             replaceLine('/etc/webalizer/webalizer.conf', '#HistoryName', 'HistoryName     webalizer.hist', 0, 0);
99d5dc 794         }
b1a6a5 795
6b029a 796         //* add a sshusers group
T 797         $command = 'groupadd sshusers';
798         if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 799
526b99 800         // create PHP-FPM pool dir
T 801         exec('mkdir -p '.$conf['nginx']['php_fpm_pool_dir']);
b1a6a5 802
526b99 803         $content = rf('/etc/php5/fpm/php-fpm.conf');
T 804         if(stripos($content, 'include=/etc/php5/fpm/pool.d/*.conf') === false){
b1a6a5 805             af('/etc/php5/fpm/php-fpm.conf', "\ninclude=/etc/php5/fpm/pool.d/*.conf");
526b99 806         }
T 807         unset($content);
808         if(!@is_file($conf['nginx']['php_fpm_ini_path'])){
809             if(@is_file('/etc/php5/cli/php.ini')){
810                 exec('cp -f /etc/php5/cli/php.ini '.$conf['nginx']['php_fpm_ini_path']);
811             } elseif(@is_file('/etc/php5/fastcgi/php.ini')){
812                 exec('cp -f /etc/php5/fastcgi/php.ini '.$conf['nginx']['php_fpm_ini_path']);
813             } elseif(@is_file('/etc/php5/apache2/php.ini')){
814                 exec('cp -f /etc/php5/apache2/php.ini '.$conf['nginx']['php_fpm_ini_path']);
815             }
816         }
b1a6a5 817
32d8e9 818     }
b1a6a5 819
2d86e1 820     public function configure_nginx(){
F 821         global $conf;
b1a6a5 822
2d86e1 823         if($conf['nginx']['installed'] == false) return;
F 824         //* Create the logging directory for the vhost logfiles
825         if(!@is_dir($conf['ispconfig_log_dir'].'/httpd')) mkdir($conf['ispconfig_log_dir'].'/httpd', 0755, true);
b1a6a5 826
dbe5b0 827         // Sites enabled and available dirs
2d86e1 828         exec('mkdir -p '.$conf['nginx']['vhost_conf_enabled_dir']);
F 829         exec('mkdir -p '.$conf['nginx']['vhost_conf_dir']);
b1a6a5 830
dbe5b0 831         $content = rf('/etc/nginx/nginx.conf');
F 832         if(stripos($content, 'include /etc/nginx/sites-enabled/*.vhost;') === false){
833             $content = trim($content);
b1a6a5 834             $content = substr($content, 0, -1)."\n    include /etc/nginx/sites-enabled/*.vhost;\n}";
MC 835             wf('/etc/nginx/nginx.conf', $content);
dbe5b0 836         }
2d86e1 837         unset($content);
b1a6a5 838
2d86e1 839         // create PHP-FPM pool dir
F 840         exec('mkdir -p '.$conf['nginx']['php_fpm_pool_dir']);
b1a6a5 841
2d86e1 842         $content = rf('/etc/php5/fpm/php-fpm.conf');
F 843         if(stripos($content, 'include=/etc/php5/fpm/pool.d/*.conf') === false){
b1a6a5 844             af('/etc/php5/fpm/php-fpm.conf', "\ninclude=/etc/php5/fpm/pool.d/*.conf");
2d86e1 845         }
F 846         unset($content);
59feb7 847         if(!@is_file($conf['nginx']['php_fpm_ini_path'])){
F 848             if(@is_file('/etc/php5/cli/php.ini')){
849                 exec('cp -f /etc/php5/cli/php.ini '.$conf['nginx']['php_fpm_ini_path']);
850             } elseif(@is_file('/etc/php5/fastcgi/php.ini')){
851                 exec('cp -f /etc/php5/fastcgi/php.ini '.$conf['nginx']['php_fpm_ini_path']);
852             } elseif(@is_file('/etc/php5/apache2/php.ini')){
853                 exec('cp -f /etc/php5/apache2/php.ini '.$conf['nginx']['php_fpm_ini_path']);
854             }
855         }
2d86e1 856
F 857         //* make sure that webalizer finds its config file when it is directly in /etc
858         if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
859             mkdir('/etc/webalizer');
b1a6a5 860             symlink('/etc/webalizer.conf', '/etc/webalizer/webalizer.conf');
2d86e1 861         }
F 862
863         if(is_file('/etc/webalizer/webalizer.conf')) {
864             // Change webalizer mode to incremental
b1a6a5 865             replaceLine('/etc/webalizer/webalizer.conf', '#IncrementalName', 'IncrementalName webalizer.current', 0, 0);
MC 866             replaceLine('/etc/webalizer/webalizer.conf', '#Incremental', 'Incremental     yes', 0, 0);
867             replaceLine('/etc/webalizer/webalizer.conf', '#HistoryName', 'HistoryName     webalizer.hist', 0, 0);
2d86e1 868         }
b1a6a5 869
2d86e1 870         // Check the awsatst script
F 871         if(!is_dir('/usr/share/awstats/tools')) exec('mkdir -p /usr/share/awstats/tools');
b1a6a5 872         if(!file_exists('/usr/share/awstats/tools/awstats_buildstaticpages.pl') && file_exists('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl')) symlink('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl', '/usr/share/awstats/tools/awstats_buildstaticpages.pl');
MC 873         if(file_exists('/etc/awstats/awstats.conf.local')) replaceLine('/etc/awstats/awstats.conf.local', 'LogFormat=4', 'LogFormat=1', 0, 1);
874
2d86e1 875         //* add a sshusers group
F 876         $command = 'groupadd sshusers';
877         if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
878     }
b1a6a5 879
ca2165 880     public function configure_bastille_firewall()
32d8e9 881     {
T 882         global $conf;
b1a6a5 883
32d8e9 884         $dist_init_scripts = $conf['init_scripts'];
b1a6a5 885
32d8e9 886         if(is_dir("/etc/Bastille.backup")) caselog("rm -rf /etc/Bastille.backup", __FILE__, __LINE__);
T 887         if(is_dir("/etc/Bastille")) caselog("mv -f /etc/Bastille /etc/Bastille.backup", __FILE__, __LINE__);
b1a6a5 888         @mkdir("/etc/Bastille", octdec($directory_mode));
MC 889         if(is_dir("/etc/Bastille.backup/firewall.d")) caselog("cp -pfr /etc/Bastille.backup/firewall.d /etc/Bastille/", __FILE__, __LINE__);
890         if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/bastille-firewall.cfg.master')) {
891             caselog("cp -f " . $conf['ispconfig_install_dir']."/server/conf-custom/install/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
892         } else {
893             caselog("cp -f tpl/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
894         }
895         caselog("chmod 644 /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
896         $content = rf("/etc/Bastille/bastille-firewall.cfg");
897         $content = str_replace("{DNS_SERVERS}", "", $content);
32d8e9 898
b1a6a5 899         $tcp_public_services = '';
MC 900         $udp_public_services = '';
901
2af58c 902         $row = $this->db->queryOneRecord('SELECT * FROM ?? WHERE server_id = ?', $conf["mysql"]["database"] . '.firewall', $conf['server_id']);
b1a6a5 903
MC 904         if(trim($row["tcp_port"]) != '' || trim($row["udp_port"]) != ''){
905             $tcp_public_services = trim(str_replace(',', ' ', $row["tcp_port"]));
906             $udp_public_services = trim(str_replace(',', ' ', $row["udp_port"]));
907         } else {
908             $tcp_public_services = '21 22 25 53 80 110 443 3306 8080 10000';
909             $udp_public_services = '53';
910         }
911
32d8e9 912         if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) {
T 913             $tcp_public_services .= ' '.intval($conf['apache']['vhost_port']);
2af58c 914             if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ? WHERE server_id = ?", ',' . intval($conf['apache']['vhost_port']), $conf['server_id']);
32d8e9 915         }
T 916
b1a6a5 917         $content = str_replace("{TCP_PUBLIC_SERVICES}", $tcp_public_services, $content);
MC 918         $content = str_replace("{UDP_PUBLIC_SERVICES}", $udp_public_services, $content);
32d8e9 919
b1a6a5 920         wf("/etc/Bastille/bastille-firewall.cfg", $content);
32d8e9 921
b1a6a5 922         if(is_file($dist_init_scripts."/bastille-firewall")) caselog("mv -f $dist_init_scripts/bastille-firewall $dist_init_scripts/bastille-firewall.backup", __FILE__, __LINE__);
MC 923         caselog("cp -f apps/bastille-firewall $dist_init_scripts", __FILE__, __LINE__);
924         caselog("chmod 700 $dist_init_scripts/bastille-firewall", __FILE__, __LINE__);
32d8e9 925
b1a6a5 926         if(is_file("/sbin/bastille-ipchains")) caselog("mv -f /sbin/bastille-ipchains /sbin/bastille-ipchains.backup", __FILE__, __LINE__);
MC 927         caselog("cp -f apps/bastille-ipchains /sbin", __FILE__, __LINE__);
928         caselog("chmod 700 /sbin/bastille-ipchains", __FILE__, __LINE__);
929
930         if(is_file("/sbin/bastille-netfilter")) caselog("mv -f /sbin/bastille-netfilter /sbin/bastille-netfilter.backup", __FILE__, __LINE__);
931         caselog("cp -f apps/bastille-netfilter /sbin", __FILE__, __LINE__);
932         caselog("chmod 700 /sbin/bastille-netfilter", __FILE__, __LINE__);
933
32d8e9 934         if(!@is_dir('/var/lock/subsys')) caselog("mkdir /var/lock/subsys", __FILE__, __LINE__);
T 935
b1a6a5 936         exec("which ipchains &> /dev/null", $ipchains_location, $ret_val);
MC 937         if(!is_file("/sbin/ipchains") && !is_link("/sbin/ipchains") && $ret_val == 0) phpcaselog(@symlink(shell_exec("which ipchains"), "/sbin/ipchains"), 'create symlink', __FILE__, __LINE__);
938         unset($ipchains_location);
939         exec("which iptables &> /dev/null", $iptables_location, $ret_val);
940         if(!is_file("/sbin/iptables") && !is_link("/sbin/iptables") && $ret_val == 0) phpcaselog(@symlink(trim(shell_exec("which iptables")), "/sbin/iptables"), 'create symlink', __FILE__, __LINE__);
941         unset($iptables_location);
32d8e9 942
T 943     }
4ae2a0 944
32d8e9 945     public function install_ispconfig()
b1a6a5 946     {
32d8e9 947         global $conf;
b1a6a5 948
32d8e9 949         $install_dir = $conf['ispconfig_install_dir'];
T 950
951         //* Create the ISPConfig installation directory
952         if(!@is_dir("$install_dir")) {
953             $command = "mkdir $install_dir";
954             caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
955         }
b1a6a5 956
32d8e9 957         //* Create a ISPConfig user and group
T 958         $command = 'groupadd ispconfig';
959         if(!is_group('ispconfig')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 960
32d8e9 961         $command = "useradd -g ispconfig -d $install_dir ispconfig";
T 962         if(!is_user('ispconfig')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 963
32d8e9 964         //* copy the ISPConfig interface part
T 965         $command = "cp -rf ../interface $install_dir";
966         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 967
32d8e9 968         //* copy the ISPConfig server part
T 969         $command = "cp -rf ../server $install_dir";
970         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
a13af2 971         
fb6c56 972         //* Make a backup of the security settings
TB 973         if(is_file('/usr/local/ispconfig/security/security_settings.ini')) copy('/usr/local/ispconfig/security/security_settings.ini','/usr/local/ispconfig/security/security_settings.ini~');
974         
a13af2 975         //* copy the ISPConfig security part
TB 976         $command = 'cp -rf ../security '.$install_dir;
977         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
fb6c56 978         
TB 979         //* Apply changed security_settings.ini values to new security_settings.ini file
980         if(is_file('/usr/local/ispconfig/security/security_settings.ini~')) {
981             $security_settings_old = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini~'));
982             $security_settings_new = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini'));
983             if(is_array($security_settings_new) && is_array($security_settings_old)) {
984                 foreach($security_settings_new as $section => $sval) {
985                     if(is_array($sval)) {
986                         foreach($sval as $key => $val) {
987                             if(isset($security_settings_old[$section]) && isset($security_settings_old[$section][$key])) {
988                                 $security_settings_new[$section][$key] = $security_settings_old[$section][$key];
989                             }
990                         }
991                     }
992                 }
993                 file_put_contents('/usr/local/ispconfig/security/security_settings.ini',array_to_ini($security_settings_new));
994             }
995         }
b1a6a5 996
32d8e9 997         //* Create a symlink, so ISPConfig is accessible via web
T 998         // Replaced by a separate vhost definition for port 8080
999         // $command = "ln -s $install_dir/interface/web/ /var/www/ispconfig";
1000         // caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 1001
32d8e9 1002         //* Create the config file for ISPConfig interface
T 1003         $configfile = 'config.inc.php';
1004         if(is_file($install_dir.'/interface/lib/'.$configfile)){
b1a6a5 1005             copy("$install_dir/interface/lib/$configfile", "$install_dir/interface/lib/$configfile~");
MC 1006         }
615a0a 1007         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
32d8e9 1008         $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
T 1009         $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
1010         $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
1011         $content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
82e9b9 1012         $content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
b1a6a5 1013
32d8e9 1014         $content = str_replace('{mysql_master_server_ispconfig_user}', $conf['mysql']['master_ispconfig_user'], $content);
T 1015         $content = str_replace('{mysql_master_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content);
1016         $content = str_replace('{mysql_master_server_database}', $conf['mysql']['master_database'], $content);
1017         $content = str_replace('{mysql_master_server_host}', $conf['mysql']['master_host'], $content);
82e9b9 1018         $content = str_replace('{mysql_master_server_port}', $conf['mysql']['master_port'], $content);
b1a6a5 1019
32d8e9 1020         $content = str_replace('{server_id}', $conf['server_id'], $content);
T 1021         $content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
5898e6 1022         $content = str_replace('{language}', $conf['language'], $content);
8cf78b 1023         $content = str_replace('{timezone}', $conf['timezone'], $content);
41eaa8 1024         $content = str_replace('{theme}', $conf['theme'], $content);
992797 1025         $content = str_replace('{language_file_import_enabled}', ($conf['language_file_import_enabled'] == true)?'true':'false', $content);
b1a6a5 1026
MC 1027         wf("$install_dir/interface/lib/$configfile", $content);
1028
1029         //* Create the config file for ISPConfig server
1030         $configfile = 'config.inc.php';
1031         if(is_file($install_dir.'/server/lib/'.$configfile)){
1032             copy("$install_dir/server/lib/$configfile", "$install_dir/interface/lib/$configfile~");
1033         }
1034         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
1035         $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
1036         $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
1037         $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
1038         $content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
82e9b9 1039         $content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
b1a6a5 1040
MC 1041         $content = str_replace('{mysql_master_server_ispconfig_user}', $conf['mysql']['master_ispconfig_user'], $content);
1042         $content = str_replace('{mysql_master_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content);
1043         $content = str_replace('{mysql_master_server_database}', $conf['mysql']['master_database'], $content);
1044         $content = str_replace('{mysql_master_server_host}', $conf['mysql']['master_host'], $content);
82e9b9 1045         $content = str_replace('{mysql_master_server_port}', $conf['mysql']['master_port'], $content);
b1a6a5 1046
MC 1047         $content = str_replace('{server_id}', $conf['server_id'], $content);
1048         $content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
1049         $content = str_replace('{language}', $conf['language'], $content);
1050         $content = str_replace('{timezone}', $conf['timezone'], $content);
1051         $content = str_replace('{theme}', $conf['theme'], $content);
1052         $content = str_replace('{language_file_import_enabled}', ($conf['language_file_import_enabled'] == true)?'true':'false', $content);
1053
32d8e9 1054         wf("$install_dir/server/lib/$configfile", $content);
b1a6a5 1055
fb3a98 1056         //* Create the config file for remote-actions (but only, if it does not exist, because
T 1057         //  the value is a autoinc-value and so changed by the remoteaction_core_module
1058         if (!file_exists($install_dir.'/server/lib/remote_action.inc.php')) {
1059             $content = '<?php' . "\n" . '$maxid_remote_action = 0;' . "\n" . '?>';
1060             wf($install_dir.'/server/lib/remote_action.inc.php', $content);
1061         }
b1a6a5 1062
32d8e9 1063         //* Enable the server modules and plugins.
T 1064         // TODO: Implement a selector which modules and plugins shall be enabled.
1065         $dir = $install_dir.'/server/mods-available/';
1066         if (is_dir($dir)) {
1067             if ($dh = opendir($dir)) {
1068                 while (($file = readdir($dh)) !== false) {
b1a6a5 1069                     if($file != '.' && $file != '..' && substr($file, -8, 8) == '.inc.php') {
MC 1070                         include_once $install_dir.'/server/mods-available/'.$file;
1071                         $module_name = substr($file, 0, -8);
32d8e9 1072                         $tmp = new $module_name;
T 1073                         if($tmp->onInstall()) {
1074                             if(!@is_link($install_dir.'/server/mods-enabled/'.$file)) @symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-enabled/'.$file);
1075                             if (strpos($file, '_core_module') !== false) {
1076                                 if(!@is_link($install_dir.'/server/mods-core/'.$file)) @symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-core/'.$file);
1077                             }
1078                         }
1079                         unset($tmp);
1080                     }
1081                 }
1082                 closedir($dh);
1083             }
1084         }
b1a6a5 1085
32d8e9 1086         $dir = $install_dir.'/server/plugins-available/';
T 1087         if (is_dir($dir)) {
1088             if ($dh = opendir($dir)) {
1089                 while (($file = readdir($dh)) !== false) {
1bd269 1090                     if($conf['apache']['installed'] == true && $file == 'nginx_plugin.inc.php') continue;
F 1091                     if($conf['nginx']['installed'] == true && $file == 'apache2_plugin.inc.php') continue;
b1a6a5 1092                     if($file != '.' && $file != '..' && substr($file, -8, 8) == '.inc.php') {
MC 1093                         include_once $install_dir.'/server/plugins-available/'.$file;
1094                         $plugin_name = substr($file, 0, -8);
32d8e9 1095                         $tmp = new $plugin_name;
T 1096                         if($tmp->onInstall()) {
1097                             if(!@is_link($install_dir.'/server/plugins-enabled/'.$file)) @symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-enabled/'.$file);
1098                             if (strpos($file, '_core_plugin') !== false) {
1099                                 if(!@is_link($install_dir.'/server/plugins-core/'.$file)) @symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-core/'.$file);
1100                             }
1101                         }
1102                         unset($tmp);
1103                     }
1104                 }
1105                 closedir($dh);
1106             }
1107         }
b1a6a5 1108
32d8e9 1109         // Update the server config
T 1110         $mail_server_enabled = ($conf['services']['mail'])?1:0;
1111         $web_server_enabled = ($conf['services']['web'])?1:0;
1112         $dns_server_enabled = ($conf['services']['dns'])?1:0;
1113         $file_server_enabled = ($conf['services']['file'])?1:0;
1114         $db_server_enabled = ($conf['services']['db'])?1:0;
1115         $vserver_server_enabled = ($conf['services']['vserver'])?1:0;
2af58c 1116         $sql = "UPDATE `server` SET mail_server = ?, web_server = ?, dns_server = ?, file_server = ?, db_server = ?, vserver_server = ? WHERE server_id = ?";
b1a6a5 1117
a6e3ae 1118         $this->db->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
32d8e9 1119         if($conf['mysql']['master_slave_setup'] == 'y') {
a6e3ae 1120             $this->dbmaster->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
32d8e9 1121         }
b1a6a5 1122
3e0fc8 1123         // chown install dir to root and chmod 755
TB 1124         $command = 'chown root:root '.$install_dir;
1125         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
1126         $command = 'chmod 755 '.$install_dir;
32d8e9 1127         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
T 1128
fa029b 1129         //* Chmod the files and directories in the install dir
3e0fc8 1130         $command = 'chmod -R 750 '.$install_dir.'/*';
TB 1131         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
1132
1133         //* chown the interface files to the ispconfig user and group
1134         $command = 'chown -R ispconfig:ispconfig '.$install_dir.'/interface';
1135         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
1136         
1137         //* chown the server files to the root user and group
1138         $command = 'chown -R root:root '.$install_dir.'/server';
32d8e9 1139         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
fa029b 1140         
TB 1141         //* chown the security files to the root user and group
1142         $command = 'chown -R root:root '.$install_dir.'/security';
1143         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
1144         
1145         //* chown the security directory and security_settings.ini to root:ispconfig
1146         $command = 'chown root:ispconfig '.$install_dir.'/security/security_settings.ini';
1147         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
1148         $command = 'chown root:ispconfig '.$install_dir.'/security';
1149         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
cb1221 1150         $command = 'chown root:ispconfig '.$install_dir.'/security/ids.whitelist';
TB 1151         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
1152         $command = 'chown root:ispconfig '.$install_dir.'/security/ids.htmlfield';
1153         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
1154         $command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
32d8e9 1155         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 1156
32d8e9 1157         //* Make the global language file directory group writable
T 1158         exec("chmod -R 770 $install_dir/interface/lib/lang");
b1a6a5 1159
32d8e9 1160         //* Make the temp directory for language file exports writable
T 1161         exec("chmod -R 770 $install_dir/interface/web/temp");
b1a6a5 1162
32d8e9 1163         //* Make all interface language file directories group writable
T 1164         $handle = @opendir($install_dir.'/interface/web');
b1a6a5 1165         while ($file = @readdir($handle)) {
MC 1166             if ($file != '.' && $file != '..') {
1167                 if(@is_dir($install_dir.'/interface/web'.'/'.$file.'/lib/lang')) {
32d8e9 1168                     $handle2 = opendir($install_dir.'/interface/web'.'/'.$file.'/lib/lang');
b1a6a5 1169                     chmod($install_dir.'/interface/web'.'/'.$file.'/lib/lang', 0770);
MC 1170                     while ($lang_file = @readdir($handle2)) {
32d8e9 1171                         if ($lang_file != '.' && $lang_file != '..') {
b1a6a5 1172                             chmod($install_dir.'/interface/web'.'/'.$file.'/lib/lang/'.$lang_file, 0770);
32d8e9 1173                         }
T 1174                     }
1175                 }
1176             }
1177         }
b1a6a5 1178
477d4e 1179         //* Make the APS directories group writable
T 1180         exec("chmod -R 770 $install_dir/interface/web/sites/aps_meta_packages");
1181         exec("chmod -R 770 $install_dir/server/aps_packages");
b1a6a5 1182
32d8e9 1183         //* make sure that the server config file (not the interface one) is only readable by the root user
bfcdef 1184         chmod($install_dir.'/server/lib/config.inc.php', 0600);
T 1185         chown($install_dir.'/server/lib/config.inc.php', 'root');
1186         chgrp($install_dir.'/server/lib/config.inc.php', 'root');
b1a6a5 1187
bfcdef 1188         //* Make sure thet the interface config file is readable by user ispconfig only
T 1189         chmod($install_dir.'/interface/lib/config.inc.php', 0600);
1190         chown($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
1191         chgrp($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
b1a6a5 1192
32d8e9 1193         if(@is_file("$install_dir/server/lib/mysql_clientdb.conf")) {
T 1194             exec("chmod 600 $install_dir/server/lib/mysql_clientdb.conf");
1195             exec("chown root:root $install_dir/server/lib/mysql_clientdb.conf");
1196         }
980485 1197         
TB 1198         if(is_dir($install_dir.'/interface/invoices')) {
1199             exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
1200             exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
1201         }
1202         
1203         exec('chown -R root:root /usr/local/ispconfig/interface/ssl');
b1a6a5 1204
32d8e9 1205         // TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing
T 1206         // and must be fixed as this will allow the apache user to read the ispconfig files.
1207         // Later this must run as own apache server or via suexec!
63b369 1208         if($conf['apache']['installed'] == true){
5edf40 1209             //$command = 'groupmod --add-user '.$conf['apache']['user'].' ispconfig';
TB 1210             $command = 'usermod -a -G ispconfig '.$conf['apache']['user'];
63b369 1211             caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
272aec 1212             if(is_group('ispapps')){
5edf40 1213                 //$command = 'groupmod --add-user '.$conf['apache']['user'].' ispapps';
TB 1214                 $command = 'usermod -a -G ispapps '.$conf['apache']['user'];
272aec 1215                 caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
F 1216             }
63b369 1217         }
F 1218         if($conf['nginx']['installed'] == true){
5edf40 1219             //$command = 'groupmod --add-user '.$conf['nginx']['user'].' ispconfig';
TB 1220              $command = 'usermod -a -G ispconfig '.$conf['nginx']['user'];
63b369 1221             caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
272aec 1222             if(is_group('ispapps')){
5edf40 1223                 //$command = 'groupmod --add-user '.$conf['nginx']['user'].' ispapps';
TB 1224                 $command = 'usermod -a -G ispapps '.$conf['nginx']['user'];
272aec 1225                 caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
F 1226             }
5c93f0 1227             // add nobody user to www group, as the default php-fpm pool from opensuse runs as nobody
TB 1228             $command = 'usermod -a -G www nobody';
1229             caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
63b369 1230         }
b1a6a5 1231
32d8e9 1232         //* Make the shell scripts executable
T 1233         $command = "chmod +x $install_dir/server/scripts/*.sh";
1234         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5 1235
MC 1236
7e1cfb 1237         if($conf['apache']['installed'] == true && $this->install_ispconfig_interface == true){
1bd269 1238             //* Copy the ISPConfig vhost for the controlpanel
F 1239             // TODO: These are missing! should they be "vhost_dist_*_dir" ?
1240             $vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
1241             $vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
b1a6a5 1242
MC 1243
1bd269 1244             // Dont just copy over the virtualhost template but add some custom settings
ccbf14 1245             $tpl = new tpl('apache_ispconfig.vhost.master');
TB 1246             $tpl->setVar('vhost_port',$conf['apache']['vhost_port']);
b1a6a5 1247
1bd269 1248             // comment out the listen directive if port is 80 or 443
F 1249             if($conf['apache']['vhost_port'] == 80 or $conf['apache']['vhost_port'] == 443) {
ccbf14 1250                 $tpl->setVar('vhost_port_listen','#');
1bd269 1251             } else {
ccbf14 1252                 $tpl->setVar('vhost_port_listen','');
1bd269 1253             }
b1a6a5 1254
ccbf14 1255             if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
TB 1256                 $tpl->setVar('ssl_comment','');
1bd269 1257             } else {
ccbf14 1258                 $tpl->setVar('ssl_comment','#');
1bd269 1259             }
10b4c8 1260             if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key') && is_file($install_dir.'/interface/ssl/ispserver.bundle')) {
ccbf14 1261                 $tpl->setVar('ssl_bundle_comment','');
10b4c8 1262             } else {
ccbf14 1263                 $tpl->setVar('ssl_bundle_comment','#');
10b4c8 1264             }
ccbf14 1265             
TB 1266             $tpl->setVar('apache_version',getapacheversion());
b1a6a5 1267
8c9637 1268             $content = $tpl->grab();
MS 1269             $content = str_replace('/var/www/', '/srv/www/', $content);
1270             wf($vhost_conf_dir.'/ispconfig.vhost', $content);
b1a6a5 1271
cc6568 1272             //if(!is_file('/srv/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter')) {
b1a6a5 1273             $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/apache_ispconfig_fcgi_starter.master', 'tpl/apache_ispconfig_fcgi_starter.master');
MC 1274             $content = str_replace('{fastcgi_bin}', $conf['fastcgi']['fastcgi_bin'], $content);
1275             $content = str_replace('{fastcgi_phpini_path}', $conf['fastcgi']['fastcgi_phpini_path'], $content);
1276             exec('mkdir -p /srv/www/php-fcgi-scripts/ispconfig');
1277             wf('/srv/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter', $content);
1278             exec('chmod +x /srv/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');
1279             exec('ln -s /usr/local/ispconfig/interface/web /srv/www/ispconfig');
1280             exec('chown -R ispconfig:ispconfig /srv/www/php-fcgi-scripts/ispconfig');
1281
cc6568 1282             //}
b1a6a5 1283
1bd269 1284             //copy('tpl/apache_ispconfig.vhost.master', "$vhost_conf_dir/ispconfig.vhost");
F 1285             //* and create the symlink
7e1cfb 1286             if($this->is_update == false) {
1bd269 1287                 if(@is_link("$vhost_conf_enabled_dir/ispconfig.vhost")) unlink("$vhost_conf_enabled_dir/ispconfig.vhost");
F 1288                 if(!@is_link("$vhost_conf_enabled_dir/000-ispconfig.vhost")) {
1289                     exec("ln -s $vhost_conf_dir/ispconfig.vhost $vhost_conf_enabled_dir/000-ispconfig.vhost");
1290                 }
b1a6a5 1291
1bd269 1292             }
b1a6a5 1293
1bd269 1294             // Fix a setting in vhost master file for suse
b1a6a5 1295             replaceLine('/usr/local/ispconfig/server/conf/vhost.conf.master', "suPHP_UserGroup", "        suPHP_UserGroup <tmpl_var name='system_user'> <tmpl_var name='system_group'>", 0);
1bd269 1296         }
F 1297
7e1cfb 1298         if($conf['nginx']['installed'] == true && $this->install_ispconfig_interface == true){
1bd269 1299             //* Copy the ISPConfig vhost for the controlpanel
F 1300             $vhost_conf_dir = $conf['nginx']['vhost_conf_dir'];
1301             $vhost_conf_enabled_dir = $conf['nginx']['vhost_conf_enabled_dir'];
1302
1303             // Dont just copy over the virtualhost template but add some custom settings
615a0a 1304             $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/nginx_ispconfig.vhost.master', 'tpl/nginx_ispconfig.vhost.master');
1bd269 1305             $content = str_replace('{vhost_port}', $conf['nginx']['vhost_port'], $content);
b1a6a5 1306
1bd269 1307             if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
10b4c8 1308                 $content = str_replace('{ssl_on}', ' on', $content);
1bd269 1309                 $content = str_replace('{ssl_comment}', '', $content);
F 1310                 $content = str_replace('{fastcgi_ssl}', 'on', $content);
1311             } else {
10b4c8 1312                 $content = str_replace('{ssl_on}', ' off', $content);
1bd269 1313                 $content = str_replace('{ssl_comment}', '#', $content);
F 1314                 $content = str_replace('{fastcgi_ssl}', 'off', $content);
32d8e9 1315             }
b1a6a5 1316
ca0b77 1317             $socket_dir = escapeshellcmd($conf['nginx']['php_fpm_socket_dir']);
b1a6a5 1318             if(substr($socket_dir, -1) != '/') $socket_dir .= '/';
ca0b77 1319             if(!is_dir($socket_dir)) exec('mkdir -p '.$socket_dir);
F 1320             $fpm_socket = $socket_dir.'ispconfig.sock';
b1a6a5 1321
ca0b77 1322             //$content = str_replace('{fpm_port}', $conf['nginx']['php_fpm_start_port'], $content);
F 1323             $content = str_replace('{fpm_socket}', $fpm_socket, $content);
1bd269 1324
F 1325             wf($vhost_conf_dir.'/ispconfig.vhost', $content);
b1a6a5 1326
1bd269 1327             unset($content);
b1a6a5 1328
1bd269 1329             // PHP-FPM
F 1330             // Dont just copy over the php-fpm pool template but add some custom settings
615a0a 1331             $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/php_fpm_pool.conf.master', 'tpl/php_fpm_pool.conf.master');
1bd269 1332             $content = str_replace('{fpm_pool}', 'ispconfig', $content);
ca0b77 1333             //$content = str_replace('{fpm_port}', $conf['nginx']['php_fpm_start_port'], $content);
F 1334             $content = str_replace('{fpm_socket}', $fpm_socket, $content);
1bd269 1335             $content = str_replace('{fpm_user}', 'ispconfig', $content);
F 1336             $content = str_replace('{fpm_group}', 'ispconfig', $content);
1337             wf($conf['nginx']['php_fpm_pool_dir'].'/ispconfig.conf', $content);
1338
1339             //copy('tpl/nginx_ispconfig.vhost.master', $vhost_conf_dir.'/ispconfig.vhost');
1340             //* and create the symlink
7e1cfb 1341             if($this->is_update == false) {
1bd269 1342                 if(@is_link($vhost_conf_enabled_dir.'/ispconfig.vhost')) unlink($vhost_conf_enabled_dir.'/ispconfig.vhost');
F 1343                 if(!@is_link($vhost_conf_enabled_dir.'/000-ispconfig.vhost')) {
b1a6a5 1344                     symlink($vhost_conf_dir.'/ispconfig.vhost', $vhost_conf_enabled_dir.'/000-ispconfig.vhost');
1bd269 1345                 }
F 1346             }
b1a6a5 1347
9aec3d 1348             // create symlinks from /usr/share to phpMyAdmin and SquirrelMail, if they are installed
b1a6a5 1349             if(!@file_exists('/usr/share/phpmyadmin') && @is_dir('/srv/www/htdocs/phpMyAdmin')) symlink('/srv/www/htdocs/phpMyAdmin/', '/usr/share/phpmyadmin');
MC 1350             if(!@file_exists('/usr/share/squirrelmail') && @is_dir('/srv/www/htdocs/squirrelmail')) symlink('/srv/www/htdocs/squirrelmail/', '/usr/share/squirrelmail');
32d8e9 1351         }
b1a6a5 1352
MC 1353
32d8e9 1354         // Make the Clamav log files readable by ISPConfig
T 1355         //exec('chmod +r /var/log/clamav/clamav.log');
1356         //exec('chmod +r /var/log/clamav/freshclam.log');
b1a6a5 1357
32d8e9 1358         //* Install the update script
b34f99 1359         if(is_file('/usr/local/bin/ispconfig_update_from_dev.sh')) unlink('/usr/local/bin/ispconfig_update_from_dev.sh');
MC 1360         exec('chown root /usr/local/ispconfig/server/scripts/update_from_dev.sh');
1361         exec('chmod 700 /usr/local/ispconfig/server/scripts/update_from_dev.sh');
32d8e9 1362         exec('chown root /usr/local/ispconfig/server/scripts/update_from_tgz.sh');
T 1363         exec('chmod 700 /usr/local/ispconfig/server/scripts/update_from_tgz.sh');
1364         exec('chown root /usr/local/ispconfig/server/scripts/ispconfig_update.sh');
1365         exec('chmod 700 /usr/local/ispconfig/server/scripts/ispconfig_update.sh');
b34f99 1366         if(!is_link('/usr/local/bin/ispconfig_update_from_dev.sh')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_update.sh /usr/local/bin/ispconfig_update_from_dev.sh');
32d8e9 1367         if(!is_link('/usr/local/bin/ispconfig_update.sh')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_update.sh /usr/local/bin/ispconfig_update.sh');
b1a6a5 1368
32d8e9 1369         //set the fast cgi starter script to executable
T 1370         //exec('chmod 755 '.$install_dir.'/interface/bin/php-fcgi');
b1a6a5 1371
32d8e9 1372         //* Make the logs readable for the ispconfig user
T 1373         if(@is_file('/var/log/mail.log')) exec('chmod +r /var/log/mail.log');
1374         if(@is_file('/var/log/mail.warn')) exec('chmod +r /var/log/mail.warn');
1375         if(@is_file('/var/log/mail.err')) exec('chmod +r /var/log/mail.err');
1376         if(@is_file('/var/log/messages')) exec('chmod +r /var/log/messages');
b1a6a5 1377
32d8e9 1378         //To enable apache to read the directories
T 1379         exec('chmod a+rx /usr/local/ispconfig');
1380         exec('chmod -R 751 /usr/local/ispconfig/interface');
1381         exec('chmod a+rx /usr/local/ispconfig/interface/web');
b1a6a5 1382
32d8e9 1383         //* Create the ispconfig log directory
e38d14 1384         if(!is_dir($conf['ispconfig_log_dir'])) mkdir($conf['ispconfig_log_dir']);
J 1385         if(!is_file($conf['ispconfig_log_dir'].'/ispconfig.log')) exec('touch '.$conf['ispconfig_log_dir'].'/ispconfig.log');
b1a6a5 1386
0c5b42 1387         if(is_user('getmail')) {
T 1388             exec('mv /usr/local/ispconfig/server/scripts/run-getmail.sh /usr/local/bin/run-getmail.sh');
1389             exec('chown getmail /usr/local/bin/run-getmail.sh');
1390             exec('chmod 744 /usr/local/bin/run-getmail.sh');
1391         }
b1a6a5 1392
8cf78b 1393         if(is_dir($install_dir.'/interface/invoices')) {
e94a9f 1394             exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
T 1395             exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
edf806 1396         }
b1a6a5 1397
0799f8 1398         //* Create the ispconfig auth log file and set uid/gid
T 1399         if(!is_file($conf['ispconfig_log_dir'].'/auth.log')) {
1400             touch($conf['ispconfig_log_dir'].'/auth.log');
1401         }
1402         exec('chown ispconfig:ispconfig '. $conf['ispconfig_log_dir'].'/auth.log');
1403         exec('chmod 660 '. $conf['ispconfig_log_dir'].'/auth.log');
b1a6a5 1404
d71bae 1405         //* Remove Domain module as its functions are available in the client module now
T 1406         if(@is_dir('/usr/local/ispconfig/interface/web/domain')) exec('rm -rf /usr/local/ispconfig/interface/web/domain');
021aec 1407         
TB 1408         // Add symlink for patch tool
1409         if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch');
c83951 1410         
TB 1411         // Change mode of a few files from amavisd
1412         if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640);
1413         if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);
1414         if(is_file($conf['amavis']['config_dir'].'/amavisd.conf')) chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
1415         if(is_file($conf['amavis']['config_dir'].'/amavisd.conf~')) chmod($conf['amavis']['config_dir'].'/amavisd.conf~', 0400);
32d8e9 1416     }
b1a6a5 1417
32d8e9 1418 }
T 1419
e38d14 1420 ?>