ISPConfig3 devel
blame | history | patch | commit | commitdiff | ignore whitespace
Till Brehm
2014-10-19 b79f6ca284856d5ad1e260540b418b7eb634bc16 
 install/dist/lib/fedora.lib.php


@@ -114,7 +114,7 @@




   function configure_postfix($options = '')


   {


      global $conf;


      global $conf,$autoinstall;


      $cf = $conf['postfix'];


      $config_dir = $cf['config_dir'];




@@ -229,8 +229,13 @@




      if(!stristr($options, 'dont-create-certs')) {


         //* Create the SSL certificate


         $command = 'cd '.$config_dir.'; '


            .'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509';


         if(AUTOINSTALL){


            $command = 'cd '.$config_dir.'; '


               ."openssl req -new -subj '/C=".escapeshellcmd($autoinstall['ssl_cert_country'])."/ST=".escapeshellcmd($autoinstall['ssl_cert_state'])."/L=".escapeshellcmd($autoinstall['ssl_cert_locality'])."/O=".escapeshellcmd($autoinstall['ssl_cert_organisation'])."/OU=".escapeshellcmd($autoinstall['ssl_cert_organisation_unit'])."/CN=".escapeshellcmd($autoinstall['ssl_cert_common_name'])."' -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509";


         } else {


            $command = 'cd '.$config_dir.'; '


               .'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';


         }


         exec($command);




         $command = 'chmod o= '.$config_dir.'/smtpd.key';


@@ -392,7 +397,6 @@


         'virtual_transport = dovecot',


         'smtpd_sasl_type = dovecot',


         'smtpd_sasl_path = private/auth',


         'receive_override_options = no_address_mappings'


      );




      // Make a backup copy of the main.cf file


@@ -412,17 +416,18 @@




      //* Get the dovecot version


      exec('dovecot --version', $tmp);


      $parts = explode('.', trim($tmp[0]));


      $dovecot_version = $parts[0];


      $dovecot_version = $tmp[0];


      unset($tmp);


      unset($parts);




      //* Copy dovecot configuration file


      if($dovecot_version == 2) {


      if(version_compare($dovecot_version,2) >= 0) {


         if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot2.conf.master')) {


            copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot2.conf.master', $config_dir.'/'.$configfile);


         } else {


            copy('tpl/fedora_dovecot2.conf.master', $config_dir.'/'.$configfile);


         }


         if(version_compare($dovecot_version,2.1) < 0) {


            removeLine($config_dir.'/'.$configfile, 'ssl_protocols =');


         }


      } else {


         if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot.conf.master')) {


@@ -438,16 +443,22 @@


         copy("$config_dir/$configfile", "$config_dir/$configfile~");


         exec("chmod 400 $config_dir/$configfile~");


      }


		


      if(!@file_exists('/etc/dovecot-sql.conf')) exec('ln -s /etc/dovecot/dovecot-sql.conf /etc/dovecot-sql.conf');




      $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot-sql.conf.master', "tpl/fedora_dovecot-sql.conf.master");


      $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);


      $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);


      $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);


      $content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);


      $content = str_replace('{server_id}', $conf['server_id'], $content);


      wf("$config_dir/$configfile", $content);




      exec("chmod 600 $config_dir/$configfile");


      exec("chown root:root $config_dir/$configfile");


		


      // Dovecot shall ignore mounts in website directory


      if(is_installed('doveadm')) exec("doveadm mount add '/var/www/*' ignore > /dev/null 2> /dev/null");




   }




@@ -642,10 +653,12 @@


      $vhost_conf_dir = $conf['apache']['vhost_conf_dir'];


      $vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];




      // copy('tpl/apache_ispconfig.conf.master',$vhost_conf_dir.'/ispconfig.conf');


      $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/apache_ispconfig.conf.master', 'tpl/apache_ispconfig.conf.master');


      $tpl = new tpl('apache_ispconfig.conf.master');


      $tpl->setVar('apache_version',getapacheversion());


		


      $records = $this->db->queryAllRecords('SELECT * FROM '.$conf['mysql']['master_database'].'.server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'");




      $ip_addresses = array();


		


      if(is_array($records) && count($records) > 0) {


         foreach($records as $rec) {


            if($rec['ip_type'] == 'IPv6') {


@@ -658,15 +671,17 @@


               foreach($ports as $port) {


                  $port = intval($port);


                  if($port > 0 && $port < 65536 && $ip_address != '') {


                     $content .= 'NameVirtualHost '.$ip_address.":".$port."\n";


                     $ip_addresses[] = array('ip_address' => $ip_address, 'port' => $port);


                  }


               }


            }


         }


      }


		


      if(count($ip_addresses) > 0) $tpl->setLoop('ip_adresses',$ip_addresses);




      $content .= "\n";


      wf($vhost_conf_dir.'/ispconfig.conf', $content);


      wf($vhost_conf_dir.'/ispconfig.conf', $tpl->grab());


      unset($tpl);




      if(!@is_link($vhost_conf_enabled_dir."/000-ispconfig.conf")) {


         exec("ln -s ".$vhost_conf_dir."/ispconfig.conf ".$vhost_conf_enabled_dir."/000-ispconfig.conf");


@@ -818,6 +833,31 @@


      //* copy the ISPConfig server part


      $command = "cp -rf ../server $install_dir";


      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");


		


      //* Make a backup of the security settings


      if(is_file('/usr/local/ispconfig/security/security_settings.ini')) copy('/usr/local/ispconfig/security/security_settings.ini','/usr/local/ispconfig/security/security_settings.ini~');


		


      //* copy the ISPConfig security part


      $command = 'cp -rf ../security '.$install_dir;


      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");


		


      //* Apply changed security_settings.ini values to new security_settings.ini file


      if(is_file('/usr/local/ispconfig/security/security_settings.ini~')) {


         $security_settings_old = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini~'));


         $security_settings_new = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini'));


         if(is_array($security_settings_new) && is_array($security_settings_old)) {


            foreach($security_settings_new as $section => $sval) {


               if(is_array($sval)) {


                  foreach($sval as $key => $val) {


                     if(isset($security_settings_old[$section]) && isset($security_settings_old[$section][$key])) {


                        $security_settings_new[$section][$key] = $security_settings_old[$section][$key];


                     }


                  }


               }


            }


            file_put_contents('/usr/local/ispconfig/security/security_settings.ini',array_to_ini($security_settings_new));


         }


      }




      //* Create a symlink, so ISPConfig is accessible via web


      // Replaced by a separate vhost definition for port 8080


@@ -944,12 +984,38 @@


         $this->db->query($sql);


      }




      //* Chmod the files


      $command = "chmod -R 750 $install_dir";


      // chown install dir to root and chmod 755


      $command = 'chown root:root '.$install_dir;


      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");


      $command = 'chmod 755 '.$install_dir;


      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");




      //* chown the files to the ispconfig user and group


      $command = "chown -R ispconfig:ispconfig $install_dir";


      //* Chmod the files and directories in the install dir


      $command = 'chmod -R 750 '.$install_dir.'/*';


      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");




      //* chown the interface files to the ispconfig user and group


      $command = 'chown -R ispconfig:ispconfig '.$install_dir.'/interface';


      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");


		


      //* chown the server files to the root user and group


      $command = 'chown -R root:root '.$install_dir.'/server';


      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");


		


      //* chown the security files to the root user and group


      $command = 'chown -R root:root '.$install_dir.'/security';


      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");


		


      //* chown the security directory and security_settings.ini to root:ispconfig


      $command = 'chown root:ispconfig '.$install_dir.'/security/security_settings.ini';


      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");


      $command = 'chown root:ispconfig '.$install_dir.'/security';


      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");


      $command = 'chown root:ispconfig '.$install_dir.'/security/ids.whitelist';


      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");


      $command = 'chown root:ispconfig '.$install_dir.'/security/ids.htmlfield';


      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");


      $command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';


      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");




      //* Make the global language file directory group writable


@@ -992,6 +1058,13 @@


         exec("chmod 600 $install_dir/server/lib/mysql_clientdb.conf");


         exec("chown root:root $install_dir/server/lib/mysql_clientdb.conf");


      }


		


      if(is_dir($install_dir.'/interface/invoices')) {


         exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));


         exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));


      }


		


      exec('chown -R root:root /usr/local/ispconfig/interface/ssl');




      // TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing


      // and must be fixed as this will allow the apache user to read the ispconfig files.


@@ -1030,28 +1103,30 @@






         // Dont just copy over the virtualhost template but add some custom settings


         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/apache_ispconfig.vhost.master', "tpl/apache_ispconfig.vhost.master");


         $content = str_replace('{vhost_port}', $conf['apache']['vhost_port'], $content);


         $tpl = new tpl('apache_ispconfig.vhost.master');


         $tpl->setVar('vhost_port',$conf['apache']['vhost_port']);




         // comment out the listen directive if port is 80 or 443


         if($conf['apache']['vhost_port'] == 80 or $conf['apache']['vhost_port'] == 443) {


            $content = str_replace('{vhost_port_listen}', '#', $content);


            $tpl->setVar('vhost_port_listen','#');


         } else {


            $content = str_replace('{vhost_port_listen}', '', $content);


            $tpl->setVar('vhost_port_listen','');


         }




         if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {


            $content = str_replace('{ssl_comment}', '', $content);


         if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {


            $tpl->setVar('ssl_comment','');


         } else {


            $content = str_replace('{ssl_comment}', '#', $content);


            $tpl->setVar('ssl_comment','#');


         }


         if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key') && is_file($install_dir.'/interface/ssl/ispserver.bundle')) {


            $content = str_replace('{ssl_bundle_comment}', '', $content);


            $tpl->setVar('ssl_bundle_comment','');


         } else {


            $content = str_replace('{ssl_bundle_comment}', '#', $content);


            $tpl->setVar('ssl_bundle_comment','#');


         }


			


         $tpl->setVar('apache_version',getapacheversion());




         wf("$vhost_conf_dir/ispconfig.vhost", $content);


         wf($vhost_conf_dir.'/ispconfig.vhost', $tpl->grab());




         //copy('tpl/apache_ispconfig.vhost.master', "$vhost_conf_dir/ispconfig.vhost");


         //* and create the symlink


@@ -1193,6 +1268,9 @@




      //* Remove Domain module as its functions are available in the client module now


      if(@is_dir('/usr/local/ispconfig/interface/web/domain')) exec('rm -rf /usr/local/ispconfig/interface/web/domain');


		


      // Add symlink for patch tool


      if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch');




   }