gitlabFork/ISPConfig3.git - Solinfo Gitblit

Fixed #3979 Mailbox users unable to save autoresponders

Till Brehm

2016-07-24 b9a3ef486ebcde18a5ade37865ff8f397185d24f

commit \| author \| age
32d8e9	1	<?php
T	2
	3	/*
	4	Copyright (c) 2007, Till Brehm, projektfarm Gmbh
	5	All rights reserved.
	6
	7	Redistribution and use in source and binary forms, with or without modification,
	8	are permitted provided that the following conditions are met:
	9
	10	* Redistributions of source code must retain the above copyright notice,
	11	this list of conditions and the following disclaimer.
	12	* Redistributions in binary form must reproduce the above copyright notice,
	13	this list of conditions and the following disclaimer in the documentation
	14	and/or other materials provided with the distribution.
	15	* Neither the name of ISPConfig nor the names of its contributors
	16	may be used to endorse or promote products derived from this software without
	17	specific prior written permission.
	18
	19	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
	20	ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	21	WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	22	IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
	24	BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	25	DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
	26	OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
	27	NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
	28	EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	29	*/
	30
	31	class installer_dist extends installer_base {
223c56	32	protected $mailman_group = 'mailman';
60b700	33
MC	34	public function __construct() {
	35	//** check apache modules */
	36	$mods = getapachemodules();
	37	if(in_array('authz_compat', $mods, true)) {
	38	swriteln($inst->lng(' WARNING! You are using mod_authz_compat.'));
	39	swriteln($inst->lng(' Please make sure that your apache config uses the new auth syntax:'));
	40	swriteln($inst->lng(' <Directory />'));
	41	swriteln($inst->lng(' Options None'));
	42	swriteln($inst->lng(' AllowOverride None'));
	43	swriteln($inst->lng(' Require all denied'));
	44	swriteln($inst->lng(' </Directory>'."\n"));
	45
	46	swriteln($inst->lng(' If it uses the old syntax (deny from all) ISPConfig would fail to work.'));
	47	}
526b99	48	}
b1a6a5	49
32d8e9	50	function configure_postfix($options = '')
b1a6a5	51	{
b51c22	52	global $conf,$autoinstall;
32d8e9	53	$cf = $conf['postfix'];
T	54	$config_dir = $cf['config_dir'];
b1a6a5	55
32d8e9	56	if(!is_dir($config_dir)){
b1a6a5	57	$this->error("The postfix configuration directory '$config_dir' does not exist.");
MC	58	}
	59
32d8e9	60	//* mysql-virtual_domains.cf
b1a6a5	61	$this->process_postfix_config('mysql-virtual_domains.cf');
32d8e9	62
T	63	//* mysql-virtual_forwardings.cf
b1a6a5	64	$this->process_postfix_config('mysql-virtual_forwardings.cf');
32d8e9	65
T	66	//* mysql-virtual_mailboxes.cf
b1a6a5	67	$this->process_postfix_config('mysql-virtual_mailboxes.cf');
32d8e9	68
T	69	//* mysql-virtual_email2email.cf
b1a6a5	70	$this->process_postfix_config('mysql-virtual_email2email.cf');
32d8e9	71
T	72	//* mysql-virtual_transports.cf
b1a6a5	73	$this->process_postfix_config('mysql-virtual_transports.cf');
32d8e9	74
T	75	//* mysql-virtual_recipient.cf
b1a6a5	76	$this->process_postfix_config('mysql-virtual_recipient.cf');
32d8e9	77
T	78	//* mysql-virtual_sender.cf
b1a6a5	79	$this->process_postfix_config('mysql-virtual_sender.cf');
32d8e9	80
03b633	81	//* mysql-virtual_sender_login_maps.cf
D	82	$this->process_postfix_config('mysql-virtual_sender_login_maps.cf');
	83
32d8e9	84	//* mysql-virtual_client.cf
b1a6a5	85	$this->process_postfix_config('mysql-virtual_client.cf');
MC	86
32d8e9	87	//* mysql-virtual_relaydomains.cf
b1a6a5	88	$this->process_postfix_config('mysql-virtual_relaydomains.cf');
MC	89
429dcf	90	//* mysql-virtual_relayrecipientmaps.cf
b1a6a5	91	$this->process_postfix_config('mysql-virtual_relayrecipientmaps.cf');
32d8e9	92
75722e	93	//* mysql-virtual_policy_greylist.cf
D	94	$this->process_postfix_config('mysql-virtual_policy_greylist.cf');
	95
b1a6a5	96	//* postfix-dkim
MC	97	$full_file_name=$config_dir.'/tag_as_originating.re';
	98	if(is_file($full_file_name)) {
	99	copy($full_file_name, $config_dir.$configfile.'~');
	100	}
	101	wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10026');
ec5716	102
b1a6a5	103	$full_file_name=$config_dir.'/tag_as_foreign.re';
MC	104	if(is_file($full_file_name)) {
	105	copy($full_file_name, $config_dir.$configfile.'~');
	106	}
	107	wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10024');
ec5716	108
32d8e9	109	//* Changing mode and group of the new created config files.
T	110	caselog('chmod o= '.$config_dir.'/mysql-virtual_.cf &> /dev/null',
b1a6a5	111	__FILE__, __LINE__, 'chmod on mysql-virtual_.cf', 'chmod on mysql-virtual_.cf failed');
MC	112	caselog('chgrp '.$cf['group'].' '.$config_dir.'/mysql-virtual_.cf &> /dev/null',
	113	__FILE__, __LINE__, 'chgrp on mysql-virtual_.cf', 'chgrp on mysql-virtual_.cf failed');
	114
1ca823	115	if(!is_dir($cf['vmail_mailbox_base'])) mkdir($cf['vmail_mailbox_base']);
b1a6a5	116
32d8e9	117	//* Creating virtual mail user and group
fdb514	118	if(is_group($cf['vmail_groupname'])) {
T	119	$command = 'groupmod -g '.$cf['vmail_groupid'].' '.$cf['vmail_groupname'];
	120	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	121	} else {
	122	$command = 'groupadd -g '.$cf['vmail_groupid'].' '.$cf['vmail_groupname'];
	123	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	124	}
b1a6a5	125
fdb514	126	if(is_user($cf['vmail_username'])) {
T	127	$command = 'usermod -g '.$cf['vmail_groupname'].' -u '.$cf['vmail_userid'].' -d '.$cf['vmail_mailbox_base'].' -s /bin/bash '.$cf['vmail_username'];
	128	caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	129	} else {
	130	$command = 'useradd -g '.$cf['vmail_groupname'].' -u '.$cf['vmail_userid'].' '.$cf['vmail_username'].' -d '.$cf['vmail_mailbox_base'].' -m';
	131	caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
8f898a	132	}
b1a6a5	133
d2e848	134	if($cf['vmail_mailbox_base'] != '' && strlen($cf['vmail_mailbox_base']) >= 10 && $this->is_update === false) exec('chown -R '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base']);
b1a6a5	135
b67344	136	//* These postconf commands will be executed on installation and update
2af58c	137	$server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ?", $conf['server_id']);
7b47c0	138	$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
T	139	unset($server_ini_rec);
	140
	141	//* If there are RBL's defined, format the list and add them to smtp_recipient_restrictions to prevent removeal after an update
	142	$rbl_list = '';
	143	if (@isset($server_ini_array['mail']['realtime_blackhole_list']) && $server_ini_array['mail']['realtime_blackhole_list'] != '') {
b1a6a5	144	$rbl_hosts = explode(",", str_replace(" ", "", $server_ini_array['mail']['realtime_blackhole_list']));
7b47c0	145	foreach ($rbl_hosts as $key => $value) {
T	146	$rbl_list .= ", reject_rbl_client ". $value;
	147	}
	148	}
	149	unset($rbl_hosts);
b1a6a5	150
75722e	151	//* If Postgrey is installed, configure it
D	152	$greylisting = '';
	153	if($conf['postgrey']['installed'] == true) {
20f478	154	$greylisting = ', check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf';
75722e	155	}
D	156
20f478	157	$reject_sender_login_mismatch = '';
D	158	if(isset($server_ini_array['mail']['reject_sender_login_mismatch']) && ($server_ini_array['mail']['reject_sender_login_mismatch'] == 'y')) {
	159	$reject_sender_login_mismatch = ', reject_authenticated_sender_login_mismatch';
	160	}
	161	unset($server_ini_array);
	162
b1a6a5	163	$postconf_placeholders = array('{config_dir}' => $config_dir,
MC	164	'{vmail_mailbox_base}' => $cf['vmail_mailbox_base'],
	165	'{vmail_userid}' => $cf['vmail_userid'],
	166	'{vmail_groupid}' => $cf['vmail_groupid'],
75722e	167	'{rbl_list}' => $rbl_list,
D	168	'{greylisting}' => $greylisting,
20f478	169	'{reject_slm}' => $reject_sender_login_mismatch,
75722e	170	);
20f478	171
b1a6a5	172	$postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_postfix.conf.master', 'tpl/opensuse_postfix.conf.master');
MC	173	$postconf_tpl = strtr($postconf_tpl, $postconf_placeholders);
	174	$postconf_commands = array_filter(explode("\n", $postconf_tpl)); // read and remove empty lines
	175
b67344	176	//* These postconf commands will be executed on installation only
T	177	if($this->is_update == false) {
b1a6a5	178	$postconf_commands = array_merge($postconf_commands, array(
MC	179	'myhostname = '.$conf['hostname'],
	180	'mydestination = '.$conf['hostname'].', localhost, localhost.localdomain',
	181	'mynetworks = 127.0.0.0/8 [::1]/128'
	182	));
b67344	183	}
b1a6a5	184
32d8e9	185	//* Create the header and body check files
T	186	touch($config_dir.'/header_checks');
	187	touch($config_dir.'/mime_header_checks');
	188	touch($config_dir.'/nested_header_checks');
	189	touch($config_dir.'/body_checks');
b1a6a5	190
3f478f	191	//* Create the mailman files
T	192	if(!is_dir('/var/lib/mailman/data')) exec('mkdir -p /var/lib/mailman/data');
	193	if(!is_file('/var/lib/mailman/data/aliases')) touch('/var/lib/mailman/data/aliases');
	194	exec('postalias /var/lib/mailman/data/aliases');
	195	if(!is_file('/var/lib/mailman/data/virtual-mailman')) touch('/var/lib/mailman/data/virtual-mailman');
	196	exec('postmap /var/lib/mailman/data/virtual-mailman');
	197	if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');
	198	exec('/usr/sbin/postmap /var/lib/mailman/data/transport-mailman');
b1a6a5	199
616ad0	200	//* Create auxillary postfix conf files
FS	201	$configfile = 'helo_access';
	202	if(is_file($config_dir.'/'.$configfile)) {
	203	copy($config_dir.'/'.$configfile, $config_dir.'/'.$configfile.'~');
	204	chmod($config_dir.'/'.$configfile.'~', 0400);
	205	}
	206	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
	207	$content = strtr($content, $postconf_placeholders);
	208	# todo: look up this server's ip addrs and loop through each
	209	# todo: look up domains hosted on this server and loop through each
	210	wf($config_dir.'/'.$configfile, $content);
	211
	212	$configfile = 'blacklist_helo';
	213	if(is_file($config_dir.'/'.$configfile)) {
	214	copy($config_dir.'/'.$configfile, $config_dir.'/'.$configfile.'~');
	215	chmod($config_dir.'/'.$configfile.'~', 0400);
	216	}
	217	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
	218	$content = strtr($content, $postconf_placeholders);
	219	wf($config_dir.'/'.$configfile, $content);
	220
32d8e9	221	//* Make a backup copy of the main.cf file
T	222	copy($config_dir.'/main.cf', $config_dir.'/main.cf~');
b1a6a5	223
32d8e9	224	//* Executing the postconf commands
T	225	foreach($postconf_commands as $cmd) {
	226	$command = "postconf -e '$cmd'";
	227	caselog($command." &> /dev/null", __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
	228	}
b1a6a5	229
MC	230	if(!stristr($options, 'dont-create-certs')) {
32d8e9	231	//* Create the SSL certificate
b04e82	232	if(AUTOINSTALL){
TB	233	$command = 'cd '.$config_dir.'; '
	234	."openssl req -new -subj '/C=".escapeshellcmd($autoinstall['ssl_cert_country'])."/ST=".escapeshellcmd($autoinstall['ssl_cert_state'])."/L=".escapeshellcmd($autoinstall['ssl_cert_locality'])."/O=".escapeshellcmd($autoinstall['ssl_cert_organisation'])."/OU=".escapeshellcmd($autoinstall['ssl_cert_organisation_unit'])."/CN=".escapeshellcmd($autoinstall['ssl_cert_common_name'])."' -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509";
	235	} else {
	236	$command = 'cd '.$config_dir.'; '
	237	.'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';
	238	}
32d8e9	239	exec($command);
b1a6a5	240
32d8e9	241	$command = 'chmod o= '.$config_dir.'/smtpd.key';
T	242	caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
	243	}
b1a6a5	244
32d8e9	245	//** We have to change the permissions of the courier authdaemon directory to make it accessible for maildrop.
T	246	$command = 'chmod 755 /var/run/authdaemon.courier-imap';
	247	caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
b1a6a5	248
bd5d26	249	//* Check maildrop service in posfix master.cf
FS	250	$regex = "/^maildrop unix.*pipe flags=DRhu user=vmail argv=\\/usr\\/bin\\/maildrop -d ".$cf['vmail_username']." \\$\{extension} \\$\{recipient} \\$\{user} \\$\{nexthop} \\$\{sender}/";
32d8e9	251	$configfile = $config_dir.'/master.cf';
9c6782	252	if($this->get_postfix_service('maildrop', 'unix')) {
ea30e1	253	exec ("postconf -M maildrop.unix &> /dev/null", $out, $ret);
bd5d26	254	$change_maildrop_flags = @(preg_match($regex, $out[0]) && $out[0] !='')?false:true;
9c6782	255	} else {
bd5d26	256	$change_maildrop_flags = @(preg_match($regex, $configfile))?false:true;
FS	257	}
	258	if ($change_maildrop_flags) {
	259	//* Change maildrop service in posfix master.cf
	260	if(is_file($config_dir.'/master.cf')) {
	261	copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
	262	}
	263	if(is_file($config_dir.'/master.cf~')) {
	264	chmod($config_dir.'/master.cf~', 0400);
	265	}
	266	$configfile = $config_dir.'/master.cf';
	267	$content = rf($configfile);
	268	$content = str_replace(' flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}',
	269	'flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d '.$cf['vmail_username'].' ${extension} ${recipient} ${user} ${nexthop} ${sender}',
	270	$content);
	271	$content = str_replace(' flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}',
	272	'flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d '.$cf['vmail_username'].' ${extension} ${recipient} ${user} ${nexthop} ${sender}',
	273	$content);
	274	}
fdb514	275	// enable tlsmanager
b1a6a5	276	$content = str_replace('#tlsmgr unix - - n 1000? 1 tlsmgr', 'tlsmgr unix - - n 1000? 1 tlsmgr', $content);
32d8e9	277	wf($configfile, $content);
b1a6a5	278
32d8e9	279	//* Writing the Maildrop mailfilter file
T	280	$configfile = 'mailfilter';
	281	if(is_file($cf['vmail_mailbox_base'].'/.'.$configfile)){
b1a6a5	282	copy($cf['vmail_mailbox_base'].'/.'.$configfile, $cf['vmail_mailbox_base'].'/.'.$configfile.'~');
MC	283	}
615a0a	284	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
32d8e9	285	$content = str_replace('{dist_postfix_vmail_mailbox_base}', $cf['vmail_mailbox_base'], $content);
T	286	wf($cf['vmail_mailbox_base'].'/.'.$configfile, $content);
b1a6a5	287
32d8e9	288	//* Create the directory for the custom mailfilters
T	289	$command = 'mkdir '.$cf['vmail_mailbox_base'].'/mailfilters';
	290	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5	291
32d8e9	292	//* Chmod and chown the .mailfilter file
T	293	$command = 'chown -R '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base'].'/.mailfilter';
	294	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5	295
32d8e9	296	$command = 'chmod -R 600 '.$cf['vmail_mailbox_base'].'/.mailfilter';
T	297	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5	298
32d8e9	299	}
b1a6a5	300
32d8e9	301	public function configure_saslauthd() {
T	302	global $conf;
b1a6a5	303
32d8e9	304	// Edit the file /etc/init.d/saslauthd
T	305	$configfile = $conf["init_scripts"].'/'.$conf["saslauthd"]["init_script"];
	306	$content = rf($configfile);
b1a6a5	307	$content = str_replace('/sbin/startproc $AUTHD_BIN -a $SASLAUTHD_AUTHMECH -n $SASLAUTHD_THREADS > /dev/null 2>&1', '/sbin/startproc $AUTHD_BIN -r -a $SASLAUTHD_AUTHMECH -n $SASLAUTHD_THREADS > /dev/null 2>&1', $content);
MC	308	$content = str_replace('/sbin/startproc $AUTHD_BIN $SASLAUTHD_PARAMS -a $SASLAUTHD_AUTHMECH -n $SASLAUTHD_THREADS > /dev/null 2>&1', '/sbin/startproc $AUTHD_BIN $SASLAUTHD_PARAMS -r -a $SASLAUTHD_AUTHMECH -n $SASLAUTHD_THREADS > /dev/null 2>&1', $content);
	309
	310
	311	if(is_file($configfile)) wf($configfile, $content);
	312
32d8e9	313	}
b1a6a5	314
32d8e9	315	public function configure_pam()
b1a6a5	316	{
32d8e9	317	global $conf;
T	318	$pam = $conf['pam'];
	319	//* configure pam for SMTP authentication agains the ispconfig database
	320	$configfile = 'pamd_smtp';
	321	if(is_file("$pam/smtp")) copy("$pam/smtp", "$pam/smtp~");
	322	if(is_file("$pam/smtp~")) exec("chmod 400 $pam/smtp~");
	323
615a0a	324	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
32d8e9	325	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
T	326	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	327	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	328	$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
	329	wf("$pam/smtp", $content);
03bff7	330	// On some OSes smtp is world readable which allows for reading database information. Removing world readable rights should have no effect.
T	331	if(is_file("$pam/smtp")) exec("chmod o= $pam/smtp");
32d8e9	332	}
b1a6a5	333
32d8e9	334	public function configure_courier()
b1a6a5	335	{
32d8e9	336	global $conf;
T	337	$config_dir = $conf['courier']['config_dir'];
	338	//* authmysqlrc
	339	$configfile = 'authmysqlrc';
	340	if(is_file("$config_dir/$configfile")){
b1a6a5	341	copy("$config_dir/$configfile", "$config_dir/$configfile~");
MC	342	}
32d8e9	343	exec("chmod 400 $config_dir/$configfile~");
615a0a	344	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
b1a6a5	345	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC	346	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	347	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	348	$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
82e9b9	349	$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
32d8e9	350	wf("$config_dir/$configfile", $content);
b1a6a5	351
32d8e9	352	exec("chmod 660 $config_dir/$configfile");
T	353	exec("chown root:root $config_dir/$configfile");
b1a6a5	354
32d8e9	355	//* authdaemonrc
T	356	$configfile = $conf['courier']['config_dir'].'/authdaemonrc';
	357	if(is_file($configfile)){
b1a6a5	358	copy($configfile, $configfile.'~');
MC	359	}
32d8e9	360	if(is_file($configfile.'~')){
b1a6a5	361	exec('chmod 400 '.$configfile.'~');
MC	362	}
32d8e9	363	$content = rf($configfile);
T	364	$content = str_replace('authmodulelist=', 'authmodulelist="authmysql"', $content);
	365	wf($configfile, $content);
	366	}
b1a6a5	367
fdb514	368	public function configure_dovecot()
b1a6a5	369	{
fdb514	370	global $conf;
b1a6a5	371
a8aad2	372	$virtual_transport = 'dovecot';
8b23f8	373
FS	374	$configure_lmtp = false;
a8aad2	375
DM	376	// check if virtual_transport must be changed
	377	if ($this->is_update) {
2af58c	378	$tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
a8aad2	379	$ini_array = ini_to_array(stripslashes($tmp['config']));
DM	380	// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
	381
	382	if(isset($ini_array['mail']['mailbox_virtual_uidgid_maps']) && $ini_array['mail']['mailbox_virtual_uidgid_maps'] == 'y') {
	383	$virtual_transport = 'lmtp:unix:private/dovecot-lmtp';
8b23f8	384	$configure_lmtp = true;
a8aad2	385	}
DM	386	}
	387
bd5d26	388	$config_dir = $conf['postfix']['config_dir'];
9c6782	389
fdb514	390	//* Configure master.cf and add a line for deliver
9c6782	391	if(!$this->get_postfix_service('dovecot', 'unix')) {
bd5d26	392	//* backup
FS	393	if(is_file($config_dir.'/master.cf')){
	394	copy($config_dir.'/master.cf', $config_dir.'/master.cf~2');
	395	}
	396	if(is_file($config_dir.'/master.cf~')){
	397	chmod($config_dir.'/master.cf~2', 0400);
	398	}
	399	//* Configure master.cf and add a line for deliver
	400	$content = rf($conf["postfix"]["config_dir"].'/master.cf');
9c6782	401	$deliver_content = 'dovecot unix - n n - - pipe'."\n".' flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}'."\n";
b1a6a5	402	af($conf["postfix"]["config_dir"].'/master.cf', $deliver_content);
bd5d26	403	unset($content);
FS	404	unset($deliver_content);
fdb514	405	}
b1a6a5	406
fdb514	407	//* Reconfigure postfix to use dovecot authentication
T	408	// Adding the amavisd commands to the postfix configuration
	409	$postconf_commands = array (
	410	'dovecot_destination_recipient_limit = 1',
a8aad2	411	'virtual_transport = '.$virtual_transport,
fdb514	412	'smtpd_sasl_type = dovecot',
T	413	'smtpd_sasl_path = private/auth',
	414	);
b1a6a5	415
fdb514	416	// Make a backup copy of the main.cf file
b1a6a5	417	copy($conf["postfix"]["config_dir"].'/main.cf', $conf["postfix"]["config_dir"].'/main.cf~3');
MC	418
fdb514	419	// Executing the postconf commands
T	420	foreach($postconf_commands as $cmd) {
	421	$command = "postconf -e '$cmd'";
	422	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	423	}
bd5d26	424
FS	425	$config_dir = $conf['dovecot']['config_dir'];
b1a6a5	426
31e0d1	427	//* backup dovecot.conf
fdb514	428	$configfile = 'dovecot.conf';
T	429	if(is_file("$config_dir/$configfile")){
b1a6a5	430	copy("$config_dir/$configfile", "$config_dir/$configfile~");
MC	431	}
	432
31e0d1	433	//* Get the dovecot version
b1a6a5	434	exec('dovecot --version', $tmp);
MC	435	$parts = explode('.', trim($tmp[0]));
31e0d1	436	$dovecot_version = $parts[0];
T	437	unset($tmp);
	438	unset($parts);
b1a6a5	439
31e0d1	440	//* Copy dovecot configuration file
T	441	if($dovecot_version == 2) {
b1a6a5	442	if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_dovecot2.conf.master')) {
MC	443	copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_dovecot2.conf.master', $config_dir.'/'.$configfile);
	444	} else {
	445	copy('tpl/opensuse_dovecot2.conf.master', $config_dir.'/'.$configfile);
	446	}
31e0d1	447	} else {
b1a6a5	448	if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_dovecot.conf.master')) {
MC	449	copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_dovecot.conf.master', $config_dir.'/'.$configfile);
	450	} else {
	451	copy('tpl/opensuse_dovecot.conf.master', $config_dir.'/'.$configfile);
	452	}
31e0d1	453	}
b1a6a5	454
8b23f8	455	//* dovecot-lmtpd
FS	456	if($configure_lmtp) {
	457	replaceLine($config_dir.'/'.$configfile, 'protocols = imap pop3', 'protocols = imap pop3 lmtp', 1, 0);
	458	}
	459
fdb514	460	//* dovecot-sql.conf
T	461	$configfile = 'dovecot-sql.conf';
	462	if(is_file("$config_dir/$configfile")){
b1a6a5	463	copy("$config_dir/$configfile", "$config_dir/$configfile~");
b67344	464	exec("chmod 400 $config_dir/$configfile~");
b1a6a5	465	}
MC	466
615a0a	467	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_dovecot-sql.conf.master', "tpl/opensuse_dovecot-sql.conf.master");
b1a6a5	468	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC	469	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	470	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	471	$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
82e9b9	472	$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
032b86	473	$content = str_replace('{server_id}', $conf['server_id'], $content);
94b284	474	# enable iterate_query for dovecot2
812da3	475	if(version_compare($dovecot_version,2, '>=')) {
FS	476	$content = str_replace('# iterate_query', 'iterate_query', $content);
	477	}
fdb514	478	wf("$config_dir/$configfile", $content);
b1a6a5	479
fdb514	480	exec("chmod 600 $config_dir/$configfile");
T	481	exec("chown root:root $config_dir/$configfile");
5e7306	482
TB	483	// Dovecot shall ignore mounts in website directory
f9d95c	484	if(is_installed('doveadm')) exec("doveadm mount add '/srv/www/*' ignore > /dev/null 2> /dev/null");
fdb514	485
T	486	}
b1a6a5	487
32d8e9	488	public function configure_amavis() {
T	489	global $conf;
b1a6a5	490
32d8e9	491	// amavisd user config file
T	492	$configfile = 'opensuse_amavisd_conf';
b1a6a5	493	if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf')) @copy($conf["amavis"]["config_dir"].'/amavisd.conf', $conf["amavis"]["config_dir"].'/amavisd.conf~');
32d8e9	494	if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf~')) exec('chmod 400 '.$conf["amavis"]["config_dir"].'/amavisd.conf~');
615a0a	495	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/".$configfile.".master");
b1a6a5	496	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC	497	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	498	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	499	$content = str_replace('{mysql_server_port}', $conf["mysql"]["port"], $content);
	500	$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
223c56	501	$content = str_replace('{hostname}', $conf['hostname'], $content);
b1a6a5	502	wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content);
c83951	503	chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
b1a6a5	504
MC	505
32d8e9	506	// Adding the amavisd commands to the postfix configuration
T	507	$postconf_commands = array (
	508	'content_filter = amavis:[127.0.0.1]:10024',
	509	'receive_override_options = no_address_mappings'
	510	);
b1a6a5	511
32d8e9	512	// Make a backup copy of the main.cf file
b1a6a5	513	copy($conf["postfix"]["config_dir"].'/main.cf', $conf["postfix"]["config_dir"].'/main.cf~2');
MC	514
32d8e9	515	// Executing the postconf commands
T	516	foreach($postconf_commands as $cmd) {
	517	$command = "postconf -e '$cmd'";
	518	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	519	}
b1a6a5	520
bd5d26	521	$config_dir = $conf['postfix']['config_dir'];
FS	522
	523	// Adding amavis-services to the master.cf file if the service does not already exists
9c6782	524	$add_amavis = !$this->get_postfix_service('amavis','unix');
FS	525	$add_amavis_10025 = !$this->get_postfix_service('127.0.0.1:10025','inet');
	526	$add_amavis_10027 = !$this->get_postfix_service('127.0.0.1:10027','inet');
bd5d26	527
FS	528	if ($add_amavis \|\| $add_amavis_10025 \|\| $add_amavis_10027) {
	529	//* backup master.cf
	530	if(is_file($config_dir.'/master.cf')) copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
	531	// adjust amavis-config
	532	if($add_amavis) {
	533	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis.master', 'tpl/master_cf_amavis.master');
	534	af($config_dir.'/master.cf', $content);
	535	unset($content);
	536	}
	537	if ($add_amavis_10025) {
	538	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10025.master', 'tpl/master_cf_amavis10025.master');
	539	af($config_dir.'/master.cf', $content);
	540	unset($content);
	541	}
	542	if ($add_amavis_10027) {
	543	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10027.master', 'tpl/master_cf_amavis10027.master');
	544	af($config_dir.'/master.cf', $content);
	545	unset($content);
	546	}
8100f2	547	}
b1a6a5	548
32d8e9	549	// Add the clamav user to the vscan group
5edf40	550	//exec('groupmod --add-user clamav vscan');
TB	551	$command = 'usermod -a -G clamav vscan';
	552	caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5	553
MC	554
32d8e9	555	}
b1a6a5	556
32d8e9	557	public function configure_spamassassin()
b1a6a5	558	{
32d8e9	559	global $conf;
b1a6a5	560
32d8e9	561	//* Enable spamasasssin on debian and ubuntu
T	562	/*
	563	$configfile = '/etc/default/spamassassin';
	564	if(is_file($configfile)){
	565	copy($configfile, $configfile.'~');
	566	}
	567	$content = rf($configfile);
	568	$content = str_replace('ENABLED=0', 'ENABLED=1', $content);
	569	wf($configfile, $content);
	570	*/
	571	}
b1a6a5	572
32d8e9	573	public function configure_getmail()
b1a6a5	574	{
32d8e9	575	global $conf;
b1a6a5	576
32d8e9	577	$config_dir = $conf['getmail']['config_dir'];
b1a6a5	578
32d8e9	579	if(!is_dir($config_dir)) exec("mkdir -p ".escapeshellcmd($config_dir));
T	580
	581	$command = "useradd -d $config_dir getmail";
	582	if(!is_user('getmail')) caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5	583
32d8e9	584	$command = "chown -R getmail $config_dir";
T	585	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5	586
32d8e9	587	$command = "chmod -R 700 $config_dir";
T	588	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	589	}
b1a6a5	590
MC	591
32d8e9	592	public function configure_pureftpd()
b1a6a5	593	{
32d8e9	594	global $conf;
b1a6a5	595
32d8e9	596	$config_dir = $conf['pureftpd']['config_dir'];
T	597
	598	//* configure pam for SMTP authentication agains the ispconfig database
	599	$configfile = 'db/mysql.conf';
	600	if(is_file("$config_dir/$configfile")){
b1a6a5	601	copy("$config_dir/$configfile", "$config_dir/$configfile~");
MC	602	}
32d8e9	603	if(is_file("$config_dir/$configfile~")){
b1a6a5	604	exec("chmod 400 $config_dir/$configfile~");
MC	605	}
615a0a	606	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/pureftpd_mysql.conf.master', 'tpl/pureftpd_mysql.conf.master');
32d8e9	607	$content = str_replace('{mysql_server_ispconfig_user}', $conf["mysql"]["ispconfig_user"], $content);
T	608	$content = str_replace('{mysql_server_ispconfig_password}', $conf["mysql"]["ispconfig_password"], $content);
	609	$content = str_replace('{mysql_server_database}', $conf["mysql"]["database"], $content);
	610	$content = str_replace('{mysql_server_ip}', $conf["mysql"]["ip"], $content);
	611	$content = str_replace('{server_id}', $conf["server_id"], $content);
	612	wf("$config_dir/$configfile", $content);
	613	exec("chmod 600 $config_dir/$configfile");
	614	exec("chown root:root $config_dir/$configfile");
b1a6a5	615
32d8e9	616	// copy our customized copy of pureftpd.conf to the pure-ftpd config directory
615a0a	617	if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_pureftpd_conf.master')) {
b1a6a5	618	exec("cp " . $conf['ispconfig_install_dir']."/server/conf-custom/install/opensuse_pureftpd_conf.master $config_dir/pure-ftpd.conf");
MC	619	} else {
	620	exec("cp tpl/opensuse_pureftpd_conf.master $config_dir/pure-ftpd.conf");
	621	}
	622
32d8e9	623	}
b1a6a5	624
32d8e9	625	public function configure_mydns()
b1a6a5	626	{
32d8e9	627	global $conf;
b1a6a5	628
223c56	629	// configure mydns
32d8e9	630	$configfile = 'mydns.conf';
b1a6a5	631	if(is_file($conf["mydns"]["config_dir"].'/'.$configfile)) copy($conf["mydns"]["config_dir"].'/'.$configfile, $conf["mydns"]["config_dir"].'/'.$configfile.'~');
32d8e9	632	if(is_file($conf["mydns"]["config_dir"].'/'.$configfile.'~')) exec('chmod 400 '.$conf["mydns"]["config_dir"].'/'.$configfile.'~');
615a0a	633	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/".$configfile.".master");
b1a6a5	634	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
MC	635	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	636	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	637	$content = str_replace('{mysql_server_host}', $conf["mysql"]["host"], $content);
82e9b9	638	$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
b1a6a5	639	$content = str_replace('{server_id}', $conf["server_id"], $content);
MC	640	wf($conf["mydns"]["config_dir"].'/'.$configfile, $content);
32d8e9	641	exec('chmod 600 '.$conf["mydns"]["config_dir"].'/'.$configfile);
T	642	exec('chown root:root '.$conf["mydns"]["config_dir"].'/'.$configfile);
b1a6a5	643
32d8e9	644	}
b1a6a5	645
32d8e9	646	public function configure_apache()
b1a6a5	647	{
32d8e9	648	global $conf;
b1a6a5	649
1bd269	650	if($conf['apache']['installed'] == false) return;
32d8e9	651	//* Create the logging directory for the vhost logfiles
T	652	exec('mkdir -p /var/log/ispconfig/httpd');
6c9bc3	653
TB	654	//* enable apache logio module
	655	exec('a2enmod logio');
b1a6a5	656
32d8e9	657	//if(is_file('/etc/suphp.conf')) {
b1a6a5	658	replaceLine('/etc/suphp.conf', 'php=php', 'x-httpd-suphp="php:/srv/www/cgi-bin/php5"', 0, 0);
MC	659	replaceLine('/etc/suphp.conf', 'php="php', 'x-httpd-suphp="php:/srv/www/cgi-bin/php5"', 0, 0);
	660	replaceLine('/etc/suphp.conf', 'docroot=', 'docroot=/srv/www', 0, 0);
	661	replaceLine('/etc/suphp.conf', 'umask=0077', 'umask=0022', 0);
32d8e9	662	//}
b1a6a5	663
26c0fc	664	if(!file_exists('/srv/www/cgi-bin/php5') && file_exists('/srv/www/cgi-bin/php')) {
b1a6a5	665	symlink('/srv/www/cgi-bin/php', '/srv/www/cgi-bin/php5');
26c0fc	666	}
b1a6a5	667
dbe5b0	668	// Sites enabled and available dirs
32d8e9	669	exec('mkdir -p '.$conf['apache']['vhost_conf_enabled_dir']);
T	670	exec('mkdir -p '.$conf['apache']['vhost_conf_dir']);
b1a6a5	671
32d8e9	672	$content = rf('/etc/apache2/httpd.conf');
b1a6a5	673	if(!stristr($content, 'Include /etc/apache2/sites-enabled/')) {
5545f1	674	af('/etc/apache2/httpd.conf', "\n<Directory /srv/www>\n Options +FollowSymlinks\n</Directory>\n\nInclude /etc/apache2/sites-enabled/\n\n");
32d8e9	675	}
T	676	unset($content);
b1a6a5	677
32d8e9	678	//* Copy the ISPConfig configuration include
b1a6a5	679	$vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
MC	680	$vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
	681
ccbf14	682	$tpl = new tpl('apache_ispconfig.conf.master');
TB	683	$tpl->setVar('apache_version',getapacheversion());
	684
2af58c	685	$records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);
ccbf14	686	$ip_addresses = array();
TB	687
fb3a98	688	if(is_array($records) && count($records) > 0) {
32d8e9	689	foreach($records as $rec) {
a2156e	690	if($rec['ip_type'] == 'IPv6') {
T	691	$ip_address = '['.$rec['ip_address'].']';
	692	} else {
	693	$ip_address = $rec['ip_address'];
	694	}
b1a6a5	695	$ports = explode(',', $rec['virtualhost_port']);
a2156e	696	if(is_array($ports)) {
T	697	foreach($ports as $port) {
	698	$port = intval($port);
	699	if($port > 0 && $port < 65536 && $ip_address != '') {
ccbf14	700	$ip_addresses[] = array('ip_address' => $ip_address, 'port' => $port);
a2156e	701	}
T	702	}
	703	}
32d8e9	704	}
T	705	}
855547	706
3de838	707	if(count($ip_addresses) > 0) $tpl->setLoop('ip_adresses',$ip_addresses);
223c56	708
ccbf14	709	wf($vhost_conf_dir.'/ispconfig.conf', $tpl->grab());
TB	710	unset($tpl);
b1a6a5	711
32d8e9	712	if(!@is_link($vhost_conf_enabled_dir."/000-ispconfig.conf")) {
T	713	exec("ln -s ".$vhost_conf_dir."/ispconfig.conf ".$vhost_conf_enabled_dir."/000-ispconfig.conf");
	714	}
b1a6a5	715
99d5dc	716	//* make sure that webalizer finds its config file when it is directly in /etc
T	717	if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
	718	exec('mkdir /etc/webalizer');
	719	exec('ln -s /etc/webalizer.conf /etc/webalizer/webalizer.conf');
	720	}
b1a6a5	721
99d5dc	722	if(is_file('/etc/webalizer/webalizer.conf')) {
T	723	// Change webalizer mode to incremental
b1a6a5	724	replaceLine('/etc/webalizer/webalizer.conf', '#IncrementalName', 'IncrementalName webalizer.current', 0, 0);
MC	725	replaceLine('/etc/webalizer/webalizer.conf', '#Incremental', 'Incremental yes', 0, 0);
	726	replaceLine('/etc/webalizer/webalizer.conf', '#HistoryName', 'HistoryName webalizer.hist', 0, 0);
99d5dc	727	}
b1a6a5	728
6b029a	729	//* add a sshusers group
T	730	$command = 'groupadd sshusers';
	731	if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5	732
526b99	733	// create PHP-FPM pool dir
T	734	exec('mkdir -p '.$conf['nginx']['php_fpm_pool_dir']);
b1a6a5	735
526b99	736	$content = rf('/etc/php5/fpm/php-fpm.conf');
T	737	if(stripos($content, 'include=/etc/php5/fpm/pool.d/*.conf') === false){
b1a6a5	738	af('/etc/php5/fpm/php-fpm.conf', "\ninclude=/etc/php5/fpm/pool.d/*.conf");
526b99	739	}
T	740	unset($content);
	741	if(!@is_file($conf['nginx']['php_fpm_ini_path'])){
	742	if(@is_file('/etc/php5/cli/php.ini')){
	743	exec('cp -f /etc/php5/cli/php.ini '.$conf['nginx']['php_fpm_ini_path']);
	744	} elseif(@is_file('/etc/php5/fastcgi/php.ini')){
	745	exec('cp -f /etc/php5/fastcgi/php.ini '.$conf['nginx']['php_fpm_ini_path']);
	746	} elseif(@is_file('/etc/php5/apache2/php.ini')){
	747	exec('cp -f /etc/php5/apache2/php.ini '.$conf['nginx']['php_fpm_ini_path']);
	748	}
	749	}
b1a6a5	750
32d8e9	751	}
b1a6a5	752
2d86e1	753	public function configure_nginx(){
F	754	global $conf;
b1a6a5	755
2d86e1	756	if($conf['nginx']['installed'] == false) return;
F	757	//* Create the logging directory for the vhost logfiles
	758	if(!@is_dir($conf['ispconfig_log_dir'].'/httpd')) mkdir($conf['ispconfig_log_dir'].'/httpd', 0755, true);
b1a6a5	759
dbe5b0	760	// Sites enabled and available dirs
2d86e1	761	exec('mkdir -p '.$conf['nginx']['vhost_conf_enabled_dir']);
F	762	exec('mkdir -p '.$conf['nginx']['vhost_conf_dir']);
b1a6a5	763
dbe5b0	764	$content = rf('/etc/nginx/nginx.conf');
F	765	if(stripos($content, 'include /etc/nginx/sites-enabled/*.vhost;') === false){
	766	$content = trim($content);
b1a6a5	767	$content = substr($content, 0, -1)."\n include /etc/nginx/sites-enabled/*.vhost;\n}";
MC	768	wf('/etc/nginx/nginx.conf', $content);
dbe5b0	769	}
2d86e1	770	unset($content);
b1a6a5	771
2d86e1	772	// create PHP-FPM pool dir
F	773	exec('mkdir -p '.$conf['nginx']['php_fpm_pool_dir']);
b1a6a5	774
2d86e1	775	$content = rf('/etc/php5/fpm/php-fpm.conf');
F	776	if(stripos($content, 'include=/etc/php5/fpm/pool.d/*.conf') === false){
b1a6a5	777	af('/etc/php5/fpm/php-fpm.conf', "\ninclude=/etc/php5/fpm/pool.d/*.conf");
2d86e1	778	}
F	779	unset($content);
59feb7	780	if(!@is_file($conf['nginx']['php_fpm_ini_path'])){
F	781	if(@is_file('/etc/php5/cli/php.ini')){
	782	exec('cp -f /etc/php5/cli/php.ini '.$conf['nginx']['php_fpm_ini_path']);
	783	} elseif(@is_file('/etc/php5/fastcgi/php.ini')){
	784	exec('cp -f /etc/php5/fastcgi/php.ini '.$conf['nginx']['php_fpm_ini_path']);
	785	} elseif(@is_file('/etc/php5/apache2/php.ini')){
	786	exec('cp -f /etc/php5/apache2/php.ini '.$conf['nginx']['php_fpm_ini_path']);
	787	}
	788	}
2d86e1	789
F	790	//* make sure that webalizer finds its config file when it is directly in /etc
	791	if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
	792	mkdir('/etc/webalizer');
b1a6a5	793	symlink('/etc/webalizer.conf', '/etc/webalizer/webalizer.conf');
2d86e1	794	}
F	795
	796	if(is_file('/etc/webalizer/webalizer.conf')) {
	797	// Change webalizer mode to incremental
b1a6a5	798	replaceLine('/etc/webalizer/webalizer.conf', '#IncrementalName', 'IncrementalName webalizer.current', 0, 0);
MC	799	replaceLine('/etc/webalizer/webalizer.conf', '#Incremental', 'Incremental yes', 0, 0);
	800	replaceLine('/etc/webalizer/webalizer.conf', '#HistoryName', 'HistoryName webalizer.hist', 0, 0);
2d86e1	801	}
b1a6a5	802
2d86e1	803	// Check the awsatst script
F	804	if(!is_dir('/usr/share/awstats/tools')) exec('mkdir -p /usr/share/awstats/tools');
b1a6a5	805	if(!file_exists('/usr/share/awstats/tools/awstats_buildstaticpages.pl') && file_exists('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl')) symlink('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl', '/usr/share/awstats/tools/awstats_buildstaticpages.pl');
MC	806	if(file_exists('/etc/awstats/awstats.conf.local')) replaceLine('/etc/awstats/awstats.conf.local', 'LogFormat=4', 'LogFormat=1', 0, 1);
	807
2d86e1	808	//* add a sshusers group
F	809	$command = 'groupadd sshusers';
	810	if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	811	}
b1a6a5	812
ca2165	813	public function configure_bastille_firewall()
32d8e9	814	{
T	815	global $conf;
b1a6a5	816
32d8e9	817	$dist_init_scripts = $conf['init_scripts'];
b1a6a5	818
32d8e9	819	if(is_dir("/etc/Bastille.backup")) caselog("rm -rf /etc/Bastille.backup", __FILE__, __LINE__);
T	820	if(is_dir("/etc/Bastille")) caselog("mv -f /etc/Bastille /etc/Bastille.backup", __FILE__, __LINE__);
b1a6a5	821	@mkdir("/etc/Bastille", octdec($directory_mode));
MC	822	if(is_dir("/etc/Bastille.backup/firewall.d")) caselog("cp -pfr /etc/Bastille.backup/firewall.d /etc/Bastille/", __FILE__, __LINE__);
	823	if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/bastille-firewall.cfg.master')) {
	824	caselog("cp -f " . $conf['ispconfig_install_dir']."/server/conf-custom/install/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
	825	} else {
	826	caselog("cp -f tpl/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
	827	}
	828	caselog("chmod 644 /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
	829	$content = rf("/etc/Bastille/bastille-firewall.cfg");
	830	$content = str_replace("{DNS_SERVERS}", "", $content);
32d8e9	831
b1a6a5	832	$tcp_public_services = '';
MC	833	$udp_public_services = '';
	834
2af58c	835	$row = $this->db->queryOneRecord('SELECT * FROM ?? WHERE server_id = ?', $conf["mysql"]["database"] . '.firewall', $conf['server_id']);
b1a6a5	836
MC	837	if(trim($row["tcp_port"]) != '' \|\| trim($row["udp_port"]) != ''){
	838	$tcp_public_services = trim(str_replace(',', ' ', $row["tcp_port"]));
	839	$udp_public_services = trim(str_replace(',', ' ', $row["udp_port"]));
	840	} else {
	841	$tcp_public_services = '21 22 25 53 80 110 443 3306 8080 10000';
	842	$udp_public_services = '53';
	843	}
32d8e9	844	if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) {
T	845	$tcp_public_services .= ' '.intval($conf['apache']['vhost_port']);
2af58c	846	if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ? WHERE server_id = ?", ',' . intval($conf['apache']['vhost_port']), $conf['server_id']);
32d8e9	847	}
T	848
b1a6a5	849	$content = str_replace("{TCP_PUBLIC_SERVICES}", $tcp_public_services, $content);
MC	850	$content = str_replace("{UDP_PUBLIC_SERVICES}", $udp_public_services, $content);
32d8e9	851
b1a6a5	852	wf("/etc/Bastille/bastille-firewall.cfg", $content);
32d8e9	853
b1a6a5	854	if(is_file($dist_init_scripts."/bastille-firewall")) caselog("mv -f $dist_init_scripts/bastille-firewall $dist_init_scripts/bastille-firewall.backup", __FILE__, __LINE__);
MC	855	caselog("cp -f apps/bastille-firewall $dist_init_scripts", __FILE__, __LINE__);
	856	caselog("chmod 700 $dist_init_scripts/bastille-firewall", __FILE__, __LINE__);
32d8e9	857
b1a6a5	858	if(is_file("/sbin/bastille-ipchains")) caselog("mv -f /sbin/bastille-ipchains /sbin/bastille-ipchains.backup", __FILE__, __LINE__);
MC	859	caselog("cp -f apps/bastille-ipchains /sbin", __FILE__, __LINE__);
	860	caselog("chmod 700 /sbin/bastille-ipchains", __FILE__, __LINE__);
	861
	862	if(is_file("/sbin/bastille-netfilter")) caselog("mv -f /sbin/bastille-netfilter /sbin/bastille-netfilter.backup", __FILE__, __LINE__);
	863	caselog("cp -f apps/bastille-netfilter /sbin", __FILE__, __LINE__);
	864	caselog("chmod 700 /sbin/bastille-netfilter", __FILE__, __LINE__);
	865
32d8e9	866	if(!@is_dir('/var/lock/subsys')) caselog("mkdir /var/lock/subsys", __FILE__, __LINE__);
T	867
b1a6a5	868	exec("which ipchains &> /dev/null", $ipchains_location, $ret_val);
MC	869	if(!is_file("/sbin/ipchains") && !is_link("/sbin/ipchains") && $ret_val == 0) phpcaselog(@symlink(shell_exec("which ipchains"), "/sbin/ipchains"), 'create symlink', __FILE__, __LINE__);
	870	unset($ipchains_location);
	871	exec("which iptables &> /dev/null", $iptables_location, $ret_val);
	872	if(!is_file("/sbin/iptables") && !is_link("/sbin/iptables") && $ret_val == 0) phpcaselog(@symlink(trim(shell_exec("which iptables")), "/sbin/iptables"), 'create symlink', __FILE__, __LINE__);
	873	unset($iptables_location);
32d8e9	874
T	875	}
4ae2a0	876
32d8e9	877	public function install_ispconfig()
b1a6a5	878	{
32d8e9	879	global $conf;
b1a6a5	880
32d8e9	881	$install_dir = $conf['ispconfig_install_dir'];
T	882
	883	//* Create the ISPConfig installation directory
	884	if(!@is_dir("$install_dir")) {
	885	$command = "mkdir $install_dir";
	886	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	887	}
b1a6a5	888
32d8e9	889	//* Create a ISPConfig user and group
T	890	$command = 'groupadd ispconfig';
	891	if(!is_group('ispconfig')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5	892
32d8e9	893	$command = "useradd -g ispconfig -d $install_dir ispconfig";
T	894	if(!is_user('ispconfig')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5	895
32d8e9	896	//* copy the ISPConfig interface part
T	897	$command = "cp -rf ../interface $install_dir";
	898	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5	899
32d8e9	900	//* copy the ISPConfig server part
T	901	$command = "cp -rf ../server $install_dir";
	902	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
a13af2	903
fb6c56	904	//* Make a backup of the security settings
TB	905	if(is_file('/usr/local/ispconfig/security/security_settings.ini')) copy('/usr/local/ispconfig/security/security_settings.ini','/usr/local/ispconfig/security/security_settings.ini~');
	906
a13af2	907	//* copy the ISPConfig security part
TB	908	$command = 'cp -rf ../security '.$install_dir;
	909	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
fb6c56	910
TB	911	//* Apply changed security_settings.ini values to new security_settings.ini file
	912	if(is_file('/usr/local/ispconfig/security/security_settings.ini~')) {
	913	$security_settings_old = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini~'));
	914	$security_settings_new = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini'));
	915	if(is_array($security_settings_new) && is_array($security_settings_old)) {
	916	foreach($security_settings_new as $section => $sval) {
	917	if(is_array($sval)) {
	918	foreach($sval as $key => $val) {
	919	if(isset($security_settings_old[$section]) && isset($security_settings_old[$section][$key])) {
	920	$security_settings_new[$section][$key] = $security_settings_old[$section][$key];
	921	}
	922	}
	923	}
	924	}
	925	file_put_contents('/usr/local/ispconfig/security/security_settings.ini',array_to_ini($security_settings_new));
	926	}
	927	}
b1a6a5	928
32d8e9	929	//* Create a symlink, so ISPConfig is accessible via web
T	930	// Replaced by a separate vhost definition for port 8080
	931	// $command = "ln -s $install_dir/interface/web/ /var/www/ispconfig";
	932	// caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5	933
32d8e9	934	//* Create the config file for ISPConfig interface
T	935	$configfile = 'config.inc.php';
	936	if(is_file($install_dir.'/interface/lib/'.$configfile)){
b1a6a5	937	copy("$install_dir/interface/lib/$configfile", "$install_dir/interface/lib/$configfile~");
MC	938	}
615a0a	939	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
32d8e9	940	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
T	941	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	942	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	943	$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
82e9b9	944	$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
b1a6a5	945
32d8e9	946	$content = str_replace('{mysql_master_server_ispconfig_user}', $conf['mysql']['master_ispconfig_user'], $content);
T	947	$content = str_replace('{mysql_master_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content);
	948	$content = str_replace('{mysql_master_server_database}', $conf['mysql']['master_database'], $content);
	949	$content = str_replace('{mysql_master_server_host}', $conf['mysql']['master_host'], $content);
82e9b9	950	$content = str_replace('{mysql_master_server_port}', $conf['mysql']['master_port'], $content);
b1a6a5	951
32d8e9	952	$content = str_replace('{server_id}', $conf['server_id'], $content);
T	953	$content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
5898e6	954	$content = str_replace('{language}', $conf['language'], $content);
8cf78b	955	$content = str_replace('{timezone}', $conf['timezone'], $content);
41eaa8	956	$content = str_replace('{theme}', $conf['theme'], $content);
992797	957	$content = str_replace('{language_file_import_enabled}', ($conf['language_file_import_enabled'] == true)?'true':'false', $content);
b1a6a5	958
MC	959	wf("$install_dir/interface/lib/$configfile", $content);
	960
	961	//* Create the config file for ISPConfig server
	962	$configfile = 'config.inc.php';
	963	if(is_file($install_dir.'/server/lib/'.$configfile)){
	964	copy("$install_dir/server/lib/$configfile", "$install_dir/interface/lib/$configfile~");
	965	}
	966	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
	967	$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
	968	$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
	969	$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
	970	$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
82e9b9	971	$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
b1a6a5	972
MC	973	$content = str_replace('{mysql_master_server_ispconfig_user}', $conf['mysql']['master_ispconfig_user'], $content);
	974	$content = str_replace('{mysql_master_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content);
	975	$content = str_replace('{mysql_master_server_database}', $conf['mysql']['master_database'], $content);
	976	$content = str_replace('{mysql_master_server_host}', $conf['mysql']['master_host'], $content);
82e9b9	977	$content = str_replace('{mysql_master_server_port}', $conf['mysql']['master_port'], $content);
b1a6a5	978
MC	979	$content = str_replace('{server_id}', $conf['server_id'], $content);
	980	$content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
	981	$content = str_replace('{language}', $conf['language'], $content);
	982	$content = str_replace('{timezone}', $conf['timezone'], $content);
	983	$content = str_replace('{theme}', $conf['theme'], $content);
	984	$content = str_replace('{language_file_import_enabled}', ($conf['language_file_import_enabled'] == true)?'true':'false', $content);
	985
32d8e9	986	wf("$install_dir/server/lib/$configfile", $content);
b1a6a5	987
fb3a98	988	//* Create the config file for remote-actions (but only, if it does not exist, because
T	989	// the value is a autoinc-value and so changed by the remoteaction_core_module
	990	if (!file_exists($install_dir.'/server/lib/remote_action.inc.php')) {
	991	$content = '<?php' . "\n" . '$maxid_remote_action = 0;' . "\n" . '?>';
	992	wf($install_dir.'/server/lib/remote_action.inc.php', $content);
	993	}
b1a6a5	994
32d8e9	995	//* Enable the server modules and plugins.
T	996	// TODO: Implement a selector which modules and plugins shall be enabled.
	997	$dir = $install_dir.'/server/mods-available/';
	998	if (is_dir($dir)) {
	999	if ($dh = opendir($dir)) {
	1000	while (($file = readdir($dh)) !== false) {
b1a6a5	1001	if($file != '.' && $file != '..' && substr($file, -8, 8) == '.inc.php') {
MC	1002	include_once $install_dir.'/server/mods-available/'.$file;
	1003	$module_name = substr($file, 0, -8);
32d8e9	1004	$tmp = new $module_name;
T	1005	if($tmp->onInstall()) {
	1006	if(!@is_link($install_dir.'/server/mods-enabled/'.$file)) @symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-enabled/'.$file);
	1007	if (strpos($file, '_core_module') !== false) {
	1008	if(!@is_link($install_dir.'/server/mods-core/'.$file)) @symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-core/'.$file);
	1009	}
	1010	}
	1011	unset($tmp);
	1012	}
	1013	}
	1014	closedir($dh);
	1015	}
	1016	}
b1a6a5	1017
32d8e9	1018	$dir = $install_dir.'/server/plugins-available/';
T	1019	if (is_dir($dir)) {
	1020	if ($dh = opendir($dir)) {
	1021	while (($file = readdir($dh)) !== false) {
1bd269	1022	if($conf['apache']['installed'] == true && $file == 'nginx_plugin.inc.php') continue;
F	1023	if($conf['nginx']['installed'] == true && $file == 'apache2_plugin.inc.php') continue;
b1a6a5	1024	if($file != '.' && $file != '..' && substr($file, -8, 8) == '.inc.php') {
MC	1025	include_once $install_dir.'/server/plugins-available/'.$file;
	1026	$plugin_name = substr($file, 0, -8);
32d8e9	1027	$tmp = new $plugin_name;
T	1028	if($tmp->onInstall()) {
	1029	if(!@is_link($install_dir.'/server/plugins-enabled/'.$file)) @symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-enabled/'.$file);
	1030	if (strpos($file, '_core_plugin') !== false) {
	1031	if(!@is_link($install_dir.'/server/plugins-core/'.$file)) @symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-core/'.$file);
	1032	}
	1033	}
	1034	unset($tmp);
	1035	}
	1036	}
	1037	closedir($dh);
	1038	}
	1039	}
b1a6a5	1040
32d8e9	1041	// Update the server config
T	1042	$mail_server_enabled = ($conf['services']['mail'])?1:0;
	1043	$web_server_enabled = ($conf['services']['web'])?1:0;
	1044	$dns_server_enabled = ($conf['services']['dns'])?1:0;
	1045	$file_server_enabled = ($conf['services']['file'])?1:0;
	1046	$db_server_enabled = ($conf['services']['db'])?1:0;
	1047	$vserver_server_enabled = ($conf['services']['vserver'])?1:0;
2af58c	1048	$sql = "UPDATE `server` SET mail_server = ?, web_server = ?, dns_server = ?, file_server = ?, db_server = ?, vserver_server = ? WHERE server_id = ?";
b1a6a5	1049
a6e3ae	1050	$this->db->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
32d8e9	1051	if($conf['mysql']['master_slave_setup'] == 'y') {
a6e3ae	1052	$this->dbmaster->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
32d8e9	1053	}
b1a6a5	1054
3e0fc8	1055	// chown install dir to root and chmod 755
TB	1056	$command = 'chown root:root '.$install_dir;
	1057	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1058	$command = 'chmod 755 '.$install_dir;
32d8e9	1059	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
T	1060
fa029b	1061	//* Chmod the files and directories in the install dir
3e0fc8	1062	$command = 'chmod -R 750 '.$install_dir.'/*';
TB	1063	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1064
	1065	//* chown the interface files to the ispconfig user and group
	1066	$command = 'chown -R ispconfig:ispconfig '.$install_dir.'/interface';
	1067	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1068
	1069	//* chown the server files to the root user and group
	1070	$command = 'chown -R root:root '.$install_dir.'/server';
32d8e9	1071	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
fa029b	1072
TB	1073	//* chown the security files to the root user and group
	1074	$command = 'chown -R root:root '.$install_dir.'/security';
	1075	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1076
	1077	//* chown the security directory and security_settings.ini to root:ispconfig
	1078	$command = 'chown root:ispconfig '.$install_dir.'/security/security_settings.ini';
	1079	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1080	$command = 'chown root:ispconfig '.$install_dir.'/security';
	1081	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
cb1221	1082	$command = 'chown root:ispconfig '.$install_dir.'/security/ids.whitelist';
TB	1083	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1084	$command = 'chown root:ispconfig '.$install_dir.'/security/ids.htmlfield';
	1085	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	1086	$command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
32d8e9	1087	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5	1088
32d8e9	1089	//* Make the global language file directory group writable
T	1090	exec("chmod -R 770 $install_dir/interface/lib/lang");
b1a6a5	1091
32d8e9	1092	//* Make the temp directory for language file exports writable
T	1093	exec("chmod -R 770 $install_dir/interface/web/temp");
b1a6a5	1094
32d8e9	1095	//* Make all interface language file directories group writable
T	1096	$handle = @opendir($install_dir.'/interface/web');
b1a6a5	1097	while ($file = @readdir($handle)) {
MC	1098	if ($file != '.' && $file != '..') {
	1099	if(@is_dir($install_dir.'/interface/web'.'/'.$file.'/lib/lang')) {
32d8e9	1100	$handle2 = opendir($install_dir.'/interface/web'.'/'.$file.'/lib/lang');
b1a6a5	1101	chmod($install_dir.'/interface/web'.'/'.$file.'/lib/lang', 0770);
MC	1102	while ($lang_file = @readdir($handle2)) {
32d8e9	1103	if ($lang_file != '.' && $lang_file != '..') {
b1a6a5	1104	chmod($install_dir.'/interface/web'.'/'.$file.'/lib/lang/'.$lang_file, 0770);
32d8e9	1105	}
T	1106	}
	1107	}
	1108	}
	1109	}
b1a6a5	1110
477d4e	1111	//* Make the APS directories group writable
T	1112	exec("chmod -R 770 $install_dir/interface/web/sites/aps_meta_packages");
	1113	exec("chmod -R 770 $install_dir/server/aps_packages");
b1a6a5	1114
32d8e9	1115	//* make sure that the server config file (not the interface one) is only readable by the root user
bfcdef	1116	chmod($install_dir.'/server/lib/config.inc.php', 0600);
T	1117	chown($install_dir.'/server/lib/config.inc.php', 'root');
	1118	chgrp($install_dir.'/server/lib/config.inc.php', 'root');
b1a6a5	1119
bfcdef	1120	//* Make sure thet the interface config file is readable by user ispconfig only
T	1121	chmod($install_dir.'/interface/lib/config.inc.php', 0600);
	1122	chown($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
	1123	chgrp($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
b1a6a5	1124
32d8e9	1125	if(@is_file("$install_dir/server/lib/mysql_clientdb.conf")) {
T	1126	exec("chmod 600 $install_dir/server/lib/mysql_clientdb.conf");
	1127	exec("chown root:root $install_dir/server/lib/mysql_clientdb.conf");
	1128	}
980485	1129
TB	1130	if(is_dir($install_dir.'/interface/invoices')) {
	1131	exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
	1132	exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
	1133	}
	1134
	1135	exec('chown -R root:root /usr/local/ispconfig/interface/ssl');
b1a6a5	1136
32d8e9	1137	// TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing
T	1138	// and must be fixed as this will allow the apache user to read the ispconfig files.
	1139	// Later this must run as own apache server or via suexec!
63b369	1140	if($conf['apache']['installed'] == true){
5edf40	1141	$command = 'usermod -a -G ispconfig '.$conf['apache']['user'];
63b369	1142	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
272aec	1143	if(is_group('ispapps')){
5edf40	1144	$command = 'usermod -a -G ispapps '.$conf['apache']['user'];
272aec	1145	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
F	1146	}
63b369	1147	}
F	1148	if($conf['nginx']['installed'] == true){
223c56	1149	$command = 'usermod -a -G ispconfig '.$conf['nginx']['user'];
63b369	1150	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
272aec	1151	if(is_group('ispapps')){
5edf40	1152	$command = 'usermod -a -G ispapps '.$conf['nginx']['user'];
272aec	1153	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
F	1154	}
5c93f0	1155	// add nobody user to www group, as the default php-fpm pool from opensuse runs as nobody
TB	1156	$command = 'usermod -a -G www nobody';
	1157	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
63b369	1158	}
b1a6a5	1159
32d8e9	1160	//* Make the shell scripts executable
T	1161	$command = "chmod +x $install_dir/server/scripts/*.sh";
	1162	caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
b1a6a5	1163
7e1cfb	1164	if($conf['apache']['installed'] == true && $this->install_ispconfig_interface == true){
1bd269	1165	//* Copy the ISPConfig vhost for the controlpanel
F	1166	// TODO: These are missing! should they be "vhost_dist_*_dir" ?
	1167	$vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
	1168	$vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
b1a6a5	1169
MC	1170
1bd269	1171	// Dont just copy over the virtualhost template but add some custom settings
ccbf14	1172	$tpl = new tpl('apache_ispconfig.vhost.master');
TB	1173	$tpl->setVar('vhost_port',$conf['apache']['vhost_port']);
b1a6a5	1174
1bd269	1175	// comment out the listen directive if port is 80 or 443
F	1176	if($conf['apache']['vhost_port'] == 80 or $conf['apache']['vhost_port'] == 443) {
ccbf14	1177	$tpl->setVar('vhost_port_listen','#');
1bd269	1178	} else {
ccbf14	1179	$tpl->setVar('vhost_port_listen','');
1bd269	1180	}
b1a6a5	1181
ccbf14	1182	if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
TB	1183	$tpl->setVar('ssl_comment','');
1bd269	1184	} else {
ccbf14	1185	$tpl->setVar('ssl_comment','#');
1bd269	1186	}
10b4c8	1187	if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key') && is_file($install_dir.'/interface/ssl/ispserver.bundle')) {
ccbf14	1188	$tpl->setVar('ssl_bundle_comment','');
10b4c8	1189	} else {
ccbf14	1190	$tpl->setVar('ssl_bundle_comment','#');
10b4c8	1191	}
ccbf14	1192
TB	1193	$tpl->setVar('apache_version',getapacheversion());
b1a6a5	1194
8c9637	1195	$content = $tpl->grab();
MS	1196	$content = str_replace('/var/www/', '/srv/www/', $content);
	1197	wf($vhost_conf_dir.'/ispconfig.vhost', $content);
b1a6a5	1198
cc6568	1199	//if(!is_file('/srv/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter')) {
b1a6a5	1200	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/apache_ispconfig_fcgi_starter.master', 'tpl/apache_ispconfig_fcgi_starter.master');
MC	1201	$content = str_replace('{fastcgi_bin}', $conf['fastcgi']['fastcgi_bin'], $content);
	1202	$content = str_replace('{fastcgi_phpini_path}', $conf['fastcgi']['fastcgi_phpini_path'], $content);
	1203	exec('mkdir -p /srv/www/php-fcgi-scripts/ispconfig');
	1204	wf('/srv/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter', $content);
	1205	exec('chmod +x /srv/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');
	1206	exec('ln -s /usr/local/ispconfig/interface/web /srv/www/ispconfig');
	1207	exec('chown -R ispconfig:ispconfig /srv/www/php-fcgi-scripts/ispconfig');
	1208
cc6568	1209	//}
b1a6a5	1210
1bd269	1211	//copy('tpl/apache_ispconfig.vhost.master', "$vhost_conf_dir/ispconfig.vhost");
F	1212	//* and create the symlink
7e1cfb	1213	if($this->is_update == false) {
1bd269	1214	if(@is_link("$vhost_conf_enabled_dir/ispconfig.vhost")) unlink("$vhost_conf_enabled_dir/ispconfig.vhost");
F	1215	if(!@is_link("$vhost_conf_enabled_dir/000-ispconfig.vhost")) {
	1216	exec("ln -s $vhost_conf_dir/ispconfig.vhost $vhost_conf_enabled_dir/000-ispconfig.vhost");
	1217	}
b1a6a5	1218
1bd269	1219	}
b1a6a5	1220
1bd269	1221	// Fix a setting in vhost master file for suse
b1a6a5	1222	replaceLine('/usr/local/ispconfig/server/conf/vhost.conf.master', "suPHP_UserGroup", " suPHP_UserGroup <tmpl_var name='system_user'> <tmpl_var name='system_group'>", 0);
1bd269	1223	}
F	1224
7e1cfb	1225	if($conf['nginx']['installed'] == true && $this->install_ispconfig_interface == true){
1bd269	1226	//* Copy the ISPConfig vhost for the controlpanel
F	1227	$vhost_conf_dir = $conf['nginx']['vhost_conf_dir'];
	1228	$vhost_conf_enabled_dir = $conf['nginx']['vhost_conf_enabled_dir'];
	1229
	1230	// Dont just copy over the virtualhost template but add some custom settings
615a0a	1231	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/nginx_ispconfig.vhost.master', 'tpl/nginx_ispconfig.vhost.master');
1bd269	1232	$content = str_replace('{vhost_port}', $conf['nginx']['vhost_port'], $content);
b1a6a5	1233
1bd269	1234	if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
10b4c8	1235	$content = str_replace('{ssl_on}', ' on', $content);
1bd269	1236	$content = str_replace('{ssl_comment}', '', $content);
F	1237	$content = str_replace('{fastcgi_ssl}', 'on', $content);
	1238	} else {
10b4c8	1239	$content = str_replace('{ssl_on}', ' off', $content);
1bd269	1240	$content = str_replace('{ssl_comment}', '#', $content);
F	1241	$content = str_replace('{fastcgi_ssl}', 'off', $content);
32d8e9	1242	}
b1a6a5	1243
ca0b77	1244	$socket_dir = escapeshellcmd($conf['nginx']['php_fpm_socket_dir']);
b1a6a5	1245	if(substr($socket_dir, -1) != '/') $socket_dir .= '/';
ca0b77	1246	if(!is_dir($socket_dir)) exec('mkdir -p '.$socket_dir);
F	1247	$fpm_socket = $socket_dir.'ispconfig.sock';
b1a6a5	1248
ca0b77	1249	//$content = str_replace('{fpm_port}', $conf['nginx']['php_fpm_start_port'], $content);
F	1250	$content = str_replace('{fpm_socket}', $fpm_socket, $content);
1bd269	1251
F	1252	wf($vhost_conf_dir.'/ispconfig.vhost', $content);
b1a6a5	1253
1bd269	1254	unset($content);
b1a6a5	1255
1bd269	1256	// PHP-FPM
F	1257	// Dont just copy over the php-fpm pool template but add some custom settings
615a0a	1258	$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/php_fpm_pool.conf.master', 'tpl/php_fpm_pool.conf.master');
1bd269	1259	$content = str_replace('{fpm_pool}', 'ispconfig', $content);
ca0b77	1260	//$content = str_replace('{fpm_port}', $conf['nginx']['php_fpm_start_port'], $content);
F	1261	$content = str_replace('{fpm_socket}', $fpm_socket, $content);
1bd269	1262	$content = str_replace('{fpm_user}', 'ispconfig', $content);
F	1263	$content = str_replace('{fpm_group}', 'ispconfig', $content);
	1264	wf($conf['nginx']['php_fpm_pool_dir'].'/ispconfig.conf', $content);
	1265
	1266	//copy('tpl/nginx_ispconfig.vhost.master', $vhost_conf_dir.'/ispconfig.vhost');
	1267	//* and create the symlink
7e1cfb	1268	if($this->is_update == false) {
1bd269	1269	if(@is_link($vhost_conf_enabled_dir.'/ispconfig.vhost')) unlink($vhost_conf_enabled_dir.'/ispconfig.vhost');
F	1270	if(!@is_link($vhost_conf_enabled_dir.'/000-ispconfig.vhost')) {
b1a6a5	1271	symlink($vhost_conf_dir.'/ispconfig.vhost', $vhost_conf_enabled_dir.'/000-ispconfig.vhost');
1bd269	1272	}
F	1273	}
b1a6a5	1274
9aec3d	1275	// create symlinks from /usr/share to phpMyAdmin and SquirrelMail, if they are installed
b1a6a5	1276	if(!@file_exists('/usr/share/phpmyadmin') && @is_dir('/srv/www/htdocs/phpMyAdmin')) symlink('/srv/www/htdocs/phpMyAdmin/', '/usr/share/phpmyadmin');
MC	1277	if(!@file_exists('/usr/share/squirrelmail') && @is_dir('/srv/www/htdocs/squirrelmail')) symlink('/srv/www/htdocs/squirrelmail/', '/usr/share/squirrelmail');
32d8e9	1278	}
b1a6a5	1279
32d8e9	1280	// Make the Clamav log files readable by ISPConfig
T	1281	//exec('chmod +r /var/log/clamav/clamav.log');
	1282	//exec('chmod +r /var/log/clamav/freshclam.log');
b1a6a5	1283
32d8e9	1284	//* Install the update script
b34f99	1285	if(is_file('/usr/local/bin/ispconfig_update_from_dev.sh')) unlink('/usr/local/bin/ispconfig_update_from_dev.sh');
MC	1286	exec('chown root /usr/local/ispconfig/server/scripts/update_from_dev.sh');
	1287	exec('chmod 700 /usr/local/ispconfig/server/scripts/update_from_dev.sh');
32d8e9	1288	exec('chown root /usr/local/ispconfig/server/scripts/update_from_tgz.sh');
T	1289	exec('chmod 700 /usr/local/ispconfig/server/scripts/update_from_tgz.sh');
	1290	exec('chown root /usr/local/ispconfig/server/scripts/ispconfig_update.sh');
	1291	exec('chmod 700 /usr/local/ispconfig/server/scripts/ispconfig_update.sh');
b34f99	1292	if(!is_link('/usr/local/bin/ispconfig_update_from_dev.sh')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_update.sh /usr/local/bin/ispconfig_update_from_dev.sh');
32d8e9	1293	if(!is_link('/usr/local/bin/ispconfig_update.sh')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_update.sh /usr/local/bin/ispconfig_update.sh');
b1a6a5	1294
32d8e9	1295	//set the fast cgi starter script to executable
T	1296	//exec('chmod 755 '.$install_dir.'/interface/bin/php-fcgi');
b1a6a5	1297
32d8e9	1298	//* Make the logs readable for the ispconfig user
T	1299	if(@is_file('/var/log/mail.log')) exec('chmod +r /var/log/mail.log');
	1300	if(@is_file('/var/log/mail.warn')) exec('chmod +r /var/log/mail.warn');
	1301	if(@is_file('/var/log/mail.err')) exec('chmod +r /var/log/mail.err');
	1302	if(@is_file('/var/log/messages')) exec('chmod +r /var/log/messages');
b1a6a5	1303
32d8e9	1304	//To enable apache to read the directories
T	1305	exec('chmod a+rx /usr/local/ispconfig');
	1306	exec('chmod -R 751 /usr/local/ispconfig/interface');
	1307	exec('chmod a+rx /usr/local/ispconfig/interface/web');
b1a6a5	1308
32d8e9	1309	//* Create the ispconfig log directory
e38d14	1310	if(!is_dir($conf['ispconfig_log_dir'])) mkdir($conf['ispconfig_log_dir']);
J	1311	if(!is_file($conf['ispconfig_log_dir'].'/ispconfig.log')) exec('touch '.$conf['ispconfig_log_dir'].'/ispconfig.log');
b1a6a5	1312
0c5b42	1313	if(is_user('getmail')) {
T	1314	exec('mv /usr/local/ispconfig/server/scripts/run-getmail.sh /usr/local/bin/run-getmail.sh');
	1315	exec('chown getmail /usr/local/bin/run-getmail.sh');
	1316	exec('chmod 744 /usr/local/bin/run-getmail.sh');
	1317	}
b1a6a5	1318
8cf78b	1319	if(is_dir($install_dir.'/interface/invoices')) {
e94a9f	1320	exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
T	1321	exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
edf806	1322	}
b1a6a5	1323
0799f8	1324	//* Create the ispconfig auth log file and set uid/gid
T	1325	if(!is_file($conf['ispconfig_log_dir'].'/auth.log')) {
	1326	touch($conf['ispconfig_log_dir'].'/auth.log');
	1327	}
	1328	exec('chown ispconfig:ispconfig '. $conf['ispconfig_log_dir'].'/auth.log');
	1329	exec('chmod 660 '. $conf['ispconfig_log_dir'].'/auth.log');
b1a6a5	1330
d71bae	1331	//* Remove Domain module as its functions are available in the client module now
T	1332	if(@is_dir('/usr/local/ispconfig/interface/web/domain')) exec('rm -rf /usr/local/ispconfig/interface/web/domain');
021aec	1333
TB	1334	// Add symlink for patch tool
	1335	if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch');
c83951	1336
TB	1337	// Change mode of a few files from amavisd
	1338	if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640);
	1339	if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);
	1340	if(is_file($conf['amavis']['config_dir'].'/amavisd.conf')) chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
	1341	if(is_file($conf['amavis']['config_dir'].'/amavisd.conf~')) chmod($conf['amavis']['config_dir'].'/amavisd.conf~', 0400);
32d8e9	1342	}
T	1343	}
	1344
e38d14	1345	?>