ISPConfig3 devel
blame | history | patch | commit | commitdiff | ignore whitespace
Marius Cramer
2015-05-19 6f6aa983d80882d10038945c10d7dedf572e0641 
 install/dist/lib/gentoo.lib.php


@@ -49,7 +49,7 @@




   public function configure_postfix($options = '')


   {


      global $conf;


      global $conf,$autoinstall;




      $cf = $conf['postfix'];


      $config_dir = $cf['config_dir'];


@@ -81,11 +81,40 @@


      }




      //* These postconf commands will be executed on installation and update


      $server_ini_rec = $this->db->queryOneRecord("SELECT config FROM ?? WHERE server_id = ?", $conf["mysql"]["database"].'.server', $conf['server_id']);


      $server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));


      unset($server_ini_rec);




      //* If there are RBL's defined, format the list and add them to smtp_recipient_restrictions to prevent removeal after an update


      $rbl_list = '';


      if (@isset($server_ini_array['mail']['realtime_blackhole_list']) && $server_ini_array['mail']['realtime_blackhole_list'] != '') {


         $rbl_hosts = explode(",", str_replace(" ", "", $server_ini_array['mail']['realtime_blackhole_list']));


         foreach ($rbl_hosts as $key => $value) {


            $rbl_list .= ", reject_rbl_client ". $value;


         }


      }


      unset($rbl_hosts);




      //* If Postgrey is installed, configure it


      $greylisting = '';


      if($conf['postgrey']['installed'] == true) {


         $greylisting = ', check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf';


      }


		


      $reject_sender_login_mismatch = '';


      if(isset($server_ini_array['mail']['reject_sender_login_mismatch']) && ($server_ini_array['mail']['reject_sender_login_mismatch'] == 'y')) {


         $reject_sender_login_mismatch = ', reject_authenticated_sender_login_mismatch';


      }


      unset($server_ini_array);


		


      $postconf_placeholders = array('{config_dir}' => $config_dir,


         '{vmail_mailbox_base}' => $cf['vmail_mailbox_base'],


         '{vmail_userid}' => $cf['vmail_userid'],


         '{vmail_groupid}' => $cf['vmail_groupid'],


         '{rbl_list}' => $rbl_list);


         '{rbl_list}' => $rbl_list,


         '{greylisting}' => $greylisting,


         '{reject_slm}' => $reject_sender_login_mismatch,


      );




      $postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/gentoo_postfix.conf.master', 'tpl/gentoo_postfix.conf.master');


      $postconf_tpl = strtr($postconf_tpl, $postconf_placeholders);


@@ -119,8 +148,13 @@


      //* Create the SSL certificate


      if (!stristr($options, 'dont-create-certs'))


      {


         $command = 'cd '.$config_dir.'; '


            .'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509';


         if(AUTOINSTALL){


            $command = 'cd '.$config_dir.'; '


               ."openssl req -new -subj '/C=".escapeshellcmd($autoinstall['ssl_cert_country'])."/ST=".escapeshellcmd($autoinstall['ssl_cert_state'])."/L=".escapeshellcmd($autoinstall['ssl_cert_locality'])."/O=".escapeshellcmd($autoinstall['ssl_cert_organisation'])."/OU=".escapeshellcmd($autoinstall['ssl_cert_organisation_unit'])."/CN=".escapeshellcmd($autoinstall['ssl_cert_common_name'])."' -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509";


         } else {


            $command = 'cd '.$config_dir.'; '


               .'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';


         }


         exec($command);




         $command = 'chmod o= '.$config_dir.'/smtpd.key';


@@ -220,6 +254,19 @@


   {


      global $conf;




      $virtual_transport = 'dovecot';


		


      // check if virtual_transport must be changed


      if ($this->is_update) {


         $tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"].".server", $conf['server_id']);


         $ini_array = ini_to_array(stripslashes($tmp['config']));


         // ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()


			


         if(isset($ini_array['mail']['mailbox_virtual_uidgid_maps']) && $ini_array['mail']['mailbox_virtual_uidgid_maps'] == 'y') {


            $virtual_transport = 'lmtp:unix:private/dovecot-lmtp';


         }


      }




      $config_dir = $conf['dovecot']['config_dir'];




      $configfile = $conf['postfix']['config_dir'].'/master.cf';


@@ -245,7 +292,7 @@


      //* Reconfigure postfix to use dovecot authentication


      $postconf_commands = array (


         'dovecot_destination_recipient_limit = 1',


         'virtual_transport = lmtp:unix:private/dovecot-lmtp',


         'virtual_transport = '.$virtual_transport,


         'smtpd_sasl_type = dovecot',


         'smtpd_sasl_path = private/auth'


      );


@@ -403,13 +450,13 @@


      global $conf;




      //* Create the database


      if(!$this->db->query('CREATE DATABASE IF NOT EXISTS '.$conf['powerdns']['database'].' DEFAULT CHARACTER SET '.$conf['mysql']['charset'])) {


      if(!$this->db->query('CREATE DATABASE IF NOT EXISTS ?? DEFAULT CHARACTER SET ?', $conf['powerdns']['database'], $conf['mysql']['charset'])) {


         $this->error('Unable to create MySQL database: '.$conf['powerdns']['database'].'.');


      }




      //* Create the ISPConfig database user in the local database


      $query = 'GRANT ALL ON `'.$conf['powerdns']['database'].'` . * TO \''.$conf['mysql']['ispconfig_user'].'\'@\'localhost\';';


      if(!$this->db->query($query)) {


      $query = 'GRANT ALL ON ??.* TO ?@?';


      if(!$this->db->query($query, $conf['powerdns']['database'], $conf['mysql']['ispconfig_user'], 'localhost')) {


         $this->error('Unable to create user for powerdns database Error: '.$this->db->errorMessage);


      }




@@ -519,18 +566,35 @@






      //* Copy the ISPConfig configuration include


      $content = $this->get_template_file('apache_ispconfig.conf', true);




      $records = $this->db->queryAllRecords("SELECT * FROM server_ip WHERE server_id = ".$conf["server_id"]." AND virtualhost = 'y'");


      if(is_array($records) && count($records) > 0)


      {


      $tpl = new tpl('apache_ispconfig.conf.master');


      $tpl->setVar('apache_version',getapacheversion());


		


      $records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);


      $ip_addresses = array();


		


      if(is_array($records) && count($records) > 0) {


         foreach($records as $rec) {


            $content .= "NameVirtualHost ".$rec["ip_address"].":80\n";


            $content .= "NameVirtualHost ".$rec["ip_address"].":443\n";


            if($rec['ip_type'] == 'IPv6') {


               $ip_address = '['.$rec['ip_address'].']';


            } else {


               $ip_address = $rec['ip_address'];


            }


            $ports = explode(',', $rec['virtualhost_port']);


            if(is_array($ports)) {


               foreach($ports as $port) {


                  $port = intval($port);


                  if($port > 0 && $port < 65536 && $ip_address != '') {


                     $ip_addresses[] = array('ip_address' => $ip_address, 'port' => $port);


                  }


               }


            }


         }


      }


		


      if(count($ip_addresses) > 0) $tpl->setLoop('ip_adresses',$ip_addresses);




      $this->write_config_file($conf['apache']['vhost_conf_dir'].'/000-ispconfig.conf', $content);


      wf($conf['apache']['vhost_conf_dir'].'/000-ispconfig.conf', $tpl->grab());


      unset($tpl);




      //* Gentoo by default does not include .vhost files. Add include line to config file.


      $content = rf($conf['apache']['config_file']);


@@ -735,6 +799,31 @@


      //* copy the ISPConfig server part


      $command = "cp -rf ../server $install_dir";


      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");


		


      //* Make a backup of the security settings


      if(is_file('/usr/local/ispconfig/security/security_settings.ini')) copy('/usr/local/ispconfig/security/security_settings.ini','/usr/local/ispconfig/security/security_settings.ini~');


		


      //* copy the ISPConfig security part


      $command = 'cp -rf ../security '.$install_dir;


      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");


		


      //* Apply changed security_settings.ini values to new security_settings.ini file


      if(is_file('/usr/local/ispconfig/security/security_settings.ini~')) {


         $security_settings_old = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini~'));


         $security_settings_new = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini'));


         if(is_array($security_settings_new) && is_array($security_settings_old)) {


            foreach($security_settings_new as $section => $sval) {


               if(is_array($sval)) {


                  foreach($sval as $key => $val) {


                     if(isset($security_settings_old[$section]) && isset($security_settings_old[$section][$key])) {


                        $security_settings_new[$section][$key] = $security_settings_old[$section][$key];


                     }


                  }


               }


            }


            file_put_contents('/usr/local/ispconfig/security/security_settings.ini',array_to_ini($security_settings_new));


         }


      }






      //* Create the config file for ISPConfig interface


@@ -745,6 +834,7 @@


      $content = str_replace('{mysql_master_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content);


      $content = str_replace('{mysql_master_server_database}', $conf['mysql']['master_database'], $content);


      $content = str_replace('{mysql_master_server_host}', $conf['mysql']['master_host'], $content);


      $content = str_replace('{mysql_master_server_port}', $conf['mysql']['master_port'], $content);




      $content = str_replace('{server_id}', $conf['server_id'], $content);


      $content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);


@@ -829,21 +919,45 @@


      $db_server_enabled = ($conf['services']['db'])?1:0;


      $vserver_server_enabled = ($conf['services']['vserver'])?1:0;




      $sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled' WHERE server_id = ".intval($conf['server_id']);


      $sql = "UPDATE `server` SET mail_server = ?, web_server = ?, dns_server = ?, file_server = ?, db_server = ?, vserver_server = ? WHERE server_id = ?";




      $this->db->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);


      if($conf['mysql']['master_slave_setup'] == 'y') {


         $this->dbmaster->query($sql);


         $this->db->query($sql);


      } else {


         $this->db->query($sql);


         $this->dbmaster->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);


      }




      //* Chmod the files


      $command = "chmod -R 750 $install_dir";


      // chown install dir to root and chmod 755


      $command = 'chown root:root '.$install_dir;


      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");


      $command = 'chmod 755 '.$install_dir;


      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");




      //* chown the files to the ispconfig user and group


      $command = "chown -R ispconfig:ispconfig $install_dir";


      //* Chmod the files and directories in the install dir


      $command = 'chmod -R 750 '.$install_dir.'/*';


      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");




      //* chown the interface files to the ispconfig user and group


      $command = 'chown -R ispconfig:ispconfig '.$install_dir.'/interface';


      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");


		


      //* chown the server files to the root user and group


      $command = 'chown -R root:root '.$install_dir.'/server';


      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");


		


      //* chown the security files to the root user and group


      $command = 'chown -R root:root '.$install_dir.'/security';


      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");


		


      //* chown the security directory and security_settings.ini to root:ispconfig


      $command = 'chown root:ispconfig '.$install_dir.'/security/security_settings.ini';


      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");


      $command = 'chown root:ispconfig '.$install_dir.'/security';


      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");


      $command = 'chown root:ispconfig '.$install_dir.'/security/ids.whitelist';


      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");


      $command = 'chown root:ispconfig '.$install_dir.'/security/ids.htmlfield';


      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");


      $command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';


      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");




      //* Make the global language file directory group writable


@@ -898,6 +1012,8 @@


         exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));


         exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));


      }


		


      exec('chown -R root:root /usr/local/ispconfig/interface/ssl');




      // TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing


      // and must be fixed as this will allow the apache user to read the ispconfig files.


@@ -1014,19 +1130,19 @@


      }




      //* Install the update script


      if (is_file('/usr/local/bin/ispconfig_update_from_svn.sh')) {


         unlink('/usr/local/bin/ispconfig_update_from_svn.sh');


      if (is_file('/usr/local/bin/ispconfig_update_from_dev.sh')) {


         unlink('/usr/local/bin/ispconfig_update_from_dev.sh');


      }




      chown($install_dir.'/server/scripts/update_from_svn.sh', 'root');


      chmod($install_dir.'/server/scripts/update_from_svn.sh', 0700);


      chown($install_dir.'/server/scripts/update_from_dev.sh', 'root');


      chmod($install_dir.'/server/scripts/update_from_dev.sh', 0700);


      chown($install_dir.'/server/scripts/update_from_tgz.sh', 'root');


      chmod($install_dir.'/server/scripts/update_from_tgz.sh', 0700);


      chown($install_dir.'/server/scripts/ispconfig_update.sh', 'root');


      chmod($install_dir.'/server/scripts/ispconfig_update.sh', 0700);




      if (!is_link('/usr/local/bin/ispconfig_update_from_svn.sh')) {


         symlink($install_dir.'/server/scripts/ispconfig_update.sh', '/usr/local/bin/ispconfig_update_from_svn.sh');


      if (!is_link('/usr/local/bin/ispconfig_update_from_dev.sh')) {


         symlink($install_dir.'/server/scripts/ispconfig_update.sh', '/usr/local/bin/ispconfig_update_from_dev.sh');


      }




      if (!is_link('/usr/local/bin/ispconfig_update.sh')) {


@@ -1071,7 +1187,16 @@




      //* Remove Domain module as its functions are available in the client module now


      if(@is_dir('/usr/local/ispconfig/interface/web/domain')) exec('rm -rf /usr/local/ispconfig/interface/web/domain');




		


      // Add symlink for patch tool


      if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch');


		


      // Change mode of a few files from amavisd


      if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640);


      if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);


      if(is_file($conf['amavis']['config_dir'].'/amavisd.conf')) chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);


      if(is_file($conf['amavis']['config_dir'].'/amavisd.conf~')) chmod($conf['amavis']['config_dir'].'/amavisd.conf~', 0400);


		


   }




}