gitlabFork/ISPConfig3.git - Solinfo Gitblit

			@@ -150,7 +150,7 @@
			if(is_installed('named') \|\| is_installed('bind') \|\| is_installed('bind9')) $conf['bind']['installed'] = true;
			if(is_installed('squid')) $conf['squid']['installed'] = true;
			if(is_installed('nginx')) $conf['nginx']['installed'] = true;
			// if(is_installed('iptables') && is_installed('ufw')) $conf['ufw']['installed'] = true;
			if(is_installed('iptables') && is_installed('ufw')) $conf['ufw']['installed'] = true;
			if(is_installed('fail2ban-server')) $conf['fail2ban']['installed'] = true;
			if(is_installed('vzctl')) $conf['openvz']['installed'] = true;
			if(is_dir("/etc/Bastille")) $conf['bastille']['installed'] = true;
			@@ -516,6 +516,13 @@
			$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
			}

			$query = "GRANT SELECT, INSERT, DELETE ON ".$value['db'].".`mail_backup` TO '".$value['user']."'@'".$host."' ";
			if ($verbose){
			echo $query ."\n";
			}
			if(!$this->dbmaster->query($query)) {
			$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
			}
			}

			/*
			@@ -646,7 +653,7 @@
			copy('tpl/mailman-virtual_to_transport.sh', $full_file_name);
			}
			chgrp($full_file_name, 'list');
			chmod($full_file_name, 0750);
			chmod($full_file_name, 0755);
			}

			//* Create aliasaes
			@@ -693,6 +700,18 @@

			//* mysql-virtual_relayrecipientmaps.cf
			$this->process_postfix_config('mysql-virtual_relayrecipientmaps.cf');

			//* mysql-virtual_outgoing_bcc.cf
			$this->process_postfix_config('mysql-virtual_outgoing_bcc.cf');

			//* postfix-dkim
			$full_file_name=$config_dir.'/tag_as_originating.re';
			if(is_file($full_file_name)) copy($full_file_name, $full_file_name.'~');
			wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10026');

			$full_file_name=$config_dir.'/tag_as_foreign.re';
			if(is_file($full_file_name)) copy($full_file_name, $full_file_name.'~');
			wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10024');

			//* Changing mode and group of the new created config files.
			caselog('chmod o= '.$config_dir.'/mysql-virtual_.cf &> /dev/null',
			@@ -937,6 +956,19 @@

			public function configure_dovecot() {
			global $conf;

			$virtual_transport = 'dovecot';

			// check if virtual_transport must be changed
			if ($this->is_update) {
			$tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
			$ini_array = ini_to_array(stripslashes($tmp['config']));
			// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()

			if(isset($ini_array['mail']['mailbox_virtual_uidgid_maps']) && $ini_array['mail']['mailbox_virtual_uidgid_maps'] == 'y') {
			$virtual_transport = 'lmtp:unix:private/dovecot-lmtp';
			}
			}

			$config_dir = $conf['dovecot']['config_dir'];

			@@ -961,7 +993,7 @@
			// Adding the amavisd commands to the postfix configuration
			$postconf_commands = array (
			'dovecot_destination_recipient_limit = 1',
			'virtual_transport = dovecot',
			'virtual_transport = '.$virtual_transport,
			'smtpd_sasl_type = dovecot',
			'smtpd_sasl_path = private/auth'
			);
			@@ -983,19 +1015,20 @@

			//* Get the dovecot version
			exec('dovecot --version', $tmp);
			$parts = explode('.', trim($tmp[0]));
			$dovecot_version = $parts[0];
			$dovecot_version = $tmp[0];
			unset($tmp);
			unset($parts);

			//* Copy dovecot configuration file
			if($dovecot_version == 2) {
			if(version_compare($dovecot_version,2) >= 0) {
			if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot2.conf.master')) {
			copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot2.conf.master', $config_dir.'/'.$configfile);
			} else {
			copy('tpl/debian_dovecot2.conf.master', $config_dir.'/'.$configfile);
			}
			replaceLine($config_dir.'/'.$configfile, 'postmaster_address = postmaster@example.com', 'postmaster_address = postmaster@'.$conf['hostname'], 1, 0);
			if(version_compare($dovecot_version,2.1) < 0) {
			removeLine($config_dir.'/'.$configfile, 'ssl_protocols =');
			}
			} else {
			if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot.conf.master')) {
			copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot.conf.master', $config_dir.'/'.$configfile);
			@@ -1068,9 +1101,21 @@
			if(is_file($conf['postfix']['config_dir'].'/master.cf')) copy($conf['postfix']['config_dir'].'/master.cf', $conf['postfix']['config_dir'].'/master.cf~');
			$content = rf($conf['postfix']['config_dir'].'/master.cf');
			// Only add the content if we had not addded it before
			if(!stristr($content, '127.0.0.1:10025')) {
			if(!preg_match('/^amavis\s+unix\s+/m', $content)) {
			unset($content);
			$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis.master', 'tpl/master_cf_amavis.master');
			af($conf['postfix']['config_dir'].'/master.cf', $content);
			$content = rf($conf['postfix']['config_dir'].'/master.cf');
			}
			if(!preg_match('/^127.0.0.1:10025\s+/m', $content)) {
			unset($content);
			$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10025.master', 'tpl/master_cf_amavis10025.master');
			af($conf['postfix']['config_dir'].'/master.cf', $content);
			$content = rf($conf['postfix']['config_dir'].'/master.cf');
			}
			if(!preg_match('/^127.0.0.1:10027\s+/m', $content)) {
			unset($content);
			$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10027.master', 'tpl/master_cf_amavis10027.master');
			af($conf['postfix']['config_dir'].'/master.cf', $content);
			}
			unset($content);
			@@ -1078,7 +1123,20 @@
			// Add the clamav user to the amavis group
			exec('adduser clamav amavis');


			// Create the director for DKIM-Keys
			if(!is_dir('/var/lib/amavis/dkim')) mkdir('/var/lib/amavis/dkim', 0750, true);
			// get shell-user for amavis
			$amavis_user=exec('grep -o "^amavis:\\|^vscan:" /etc/passwd');
			if(!empty($amavis_user)) {
			$amavis_user=rtrim($amavis_user, ":");
			exec('chown '.$amavis_user.' /var/lib/amavis/dkim');
			}
			// get shell-group for amavis
			$amavis_group=exec('grep -o "^amavis:\\|^vscan:" /etc/group');
			if(!empty($amavis_group)) {
			$amavis_group=rtrim($amavis_group, ":");
			exec('chgrp '.$amavis_group.' /var/lib/amavis/dkim');
			}
			}

			public function configure_spamassassin() {
			@@ -1431,19 +1489,17 @@
			exec('chown root:root '.$conf["squid"]["config_dir"].'/'.$configfile);
			}

			/*
			public function configure_ufw_firewall()
			{
			$configfile = 'ufw.conf';
			if(is_file('/etc/ufw/ufw.conf')) copy('/etc/ufw/ufw.conf','/etc/ufw/ufw.conf~');
			if(is_file('/etc/ufw/ufw.conf')) copy('/etc/ufw/ufw.conf', '/etc/ufw/ufw.conf~');
			$content = rf("tpl/".$configfile.".master");
			wf('/etc/ufw/ufw.conf',$content);
			wf('/etc/ufw/ufw.conf', $content);
			exec('chmod 600 /etc/ufw/ufw.conf');
			exec('chown root:root /etc/ufw/ufw.conf');
			}
			*/

			public function configure_firewall() {
			public function configure_bastille_firewall() {
			global $conf;

			$dist_init_scripts = $conf['init_scripts'];
			@@ -1716,6 +1772,8 @@
			exec("openssl rsa -passin pass:$ssl_pw -in $ssl_key_file -out $ssl_key_file.insecure");
			rename($ssl_key_file, $ssl_key_file.'.secure');
			rename($ssl_key_file.'.insecure', $ssl_key_file);

			exec('chown -R root:root /usr/local/ispconfig/interface/ssl');

			}

			@@ -1744,6 +1802,31 @@
			//* copy the ISPConfig server part
			$command = 'cp -rf ../server '.$install_dir;
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

			//* Make a backup of the security settings
			if(is_file('/usr/local/ispconfig/security/security_settings.ini')) copy('/usr/local/ispconfig/security/security_settings.ini','/usr/local/ispconfig/security/security_settings.ini~');

			//* copy the ISPConfig security part
			$command = 'cp -rf ../security '.$install_dir;
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

			//* Apply changed security_settings.ini values to new security_settings.ini file
			if(is_file('/usr/local/ispconfig/security/security_settings.ini~')) {
			$security_settings_old = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini~'));
			$security_settings_new = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini'));
			if(is_array($security_settings_new) && is_array($security_settings_old)) {
			foreach($security_settings_new as $section => $sval) {
			if(is_array($sval)) {
			foreach($sval as $key => $val) {
			if(isset($security_settings_old[$section]) && isset($security_settings_old[$section][$key])) {
			$security_settings_new[$section][$key] = $security_settings_old[$section][$key];
			}
			}
			}
			}
			file_put_contents('/usr/local/ispconfig/security/security_settings.ini',array_to_ini($security_settings_new));
			}
			}

			//* Create a symlink, so ISPConfig is accessible via web
			// Replaced by a separate vhost definition for port 8080
			@@ -1885,12 +1968,38 @@
			}


			//* Chmod the files
			$command = 'chmod -R 750 '.$install_dir;
			// chown install dir to root and chmod 755
			$command = 'chown root:root '.$install_dir;
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
			$command = 'chmod 755 '.$install_dir;
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

			//* chown the files to the ispconfig user and group
			$command = 'chown -R ispconfig:ispconfig '.$install_dir;
			//* Chmod the files and directories in the install dir
			$command = 'chmod -R 750 '.$install_dir.'/*';
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

			//* chown the interface files to the ispconfig user and group
			$command = 'chown -R ispconfig:ispconfig '.$install_dir.'/interface';
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

			//* chown the server files to the root user and group
			$command = 'chown -R root:root '.$install_dir.'/server';
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

			//* chown the security files to the root user and group
			$command = 'chown -R root:root '.$install_dir.'/security';
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

			//* chown the security directory and security_settings.ini to root:ispconfig
			$command = 'chown root:ispconfig '.$install_dir.'/security/security_settings.ini';
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
			$command = 'chown root:ispconfig '.$install_dir.'/security';
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
			$command = 'chown root:ispconfig '.$install_dir.'/security/ids.whitelist';
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
			$command = 'chown root:ispconfig '.$install_dir.'/security/ids.htmlfield';
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
			$command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

			//* Make the global language file directory group writable
			@@ -1943,6 +2052,8 @@
			exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
			exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
			}

			exec('chown -R root:root /usr/local/ispconfig/interface/ssl');

			// TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing
			// and must be fixed as this will allow the apache user to read the ispconfig files.
			@@ -2142,7 +2253,7 @@

			// Add symlink for patch tool
			if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch');


			}

			public function configure_dbserver() {
			@@ -2162,7 +2273,7 @@
			$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/mysql_clientdb.conf.master', 'tpl/mysql_clientdb.conf.master');
			$content = str_replace('{hostname}', $conf['mysql']['host'], $content);
			$content = str_replace('{username}', $conf['mysql']['admin_user'], $content);
			$content = str_replace('{password}', $conf['mysql']['admin_password'], $content);
			$content = str_replace('{password}', addslashes($conf['mysql']['admin_password']), $content);
			wf($install_dir.'/server/lib/mysql_clientdb.conf', $content);
			chmod($install_dir.'/server/lib/mysql_clientdb.conf', 0600);
			chown($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
			@@ -2185,8 +2296,8 @@
			}

			$root_cron_jobs = array(
			"* * * * * ".$install_dir."/server/server.sh 2>&1 > /dev/null \| while read line; do echo `/bin/date` \"\$line\" >> ".$conf['ispconfig_log_dir']."/cron.log; done",
			"30 00 * * * ".$install_dir."/server/cron_daily.sh 2>&1 > /dev/null \| while read line; do echo `/bin/date` \"\$line\" >> ".$conf['ispconfig_log_dir']."/cron.log; done"
			"* * * * * ".$install_dir."/server/server.sh 2>&1 \| while read line; do echo `/bin/date` \"\$line\" >> ".$conf['ispconfig_log_dir']."/cron.log; done",
			"* * * * * ".$install_dir."/server/cron.sh 2>&1 \| while read line; do echo `/bin/date` \"\$line\" >> ".$conf['ispconfig_log_dir']."/cron.log; done"
			);

			if ($conf['nginx']['installed'] == true) {
			@@ -2231,18 +2342,34 @@
			chmod($conf['ispconfig_log_dir'].'/cron.log', 0660);

			}

			// This function is called at the end of the update process and contains code to clean up parts of old ISPCONfig releases
			public function cleanup_ispconfig() {
			global $app,$conf;

			// Remove directories recursively
			if(is_dir('/usr/local/ispconfig/interface/web/designer')) exec('rm -rf /usr/local/ispconfig/interface/web/designer');
			if(is_dir('/usr/local/ispconfig/interface/web/themes/default-304')) exec('rm -rf /usr/local/ispconfig/interface/web/themes/default-304');

			// Remove files
			if(is_file('/usr/local/ispconfig/interface/lib/classes/db_firebird.inc.php')) unlink('/usr/local/ispconfig/interface/lib/classes/db_firebird.inc.php');
			if(is_file('/usr/local/ispconfig/interface/lib/classes/form.inc.php')) unlink('/usr/local/ispconfig/interface/lib/classes/form.inc.php');



			}

			public function getinitcommand($servicename, $action, $init_script_directory = ''){
			global $conf;
			// systemd
			if(is_executable('/bin/systemd')){
			return 'systemctl '.$action.' '.$servicename.'.service';
			}
			// upstart
			if(is_executable('/sbin/initctl')){
			exec('/sbin/initctl version 2>/dev/null \| /bin/grep -q upstart', $retval['output'], $retval['retval']);
			if(intval($retval['retval']) == 0) return 'service '.$servicename.' '.$action;
			}
			// systemd
			if(is_executable('/bin/systemd') \|\| is_executable('/usr/bin/systemctl')){
			return 'systemctl '.$action.' '.$servicename.'.service';
			}
			// sysvinit
			if($init_script_directory == '') $init_script_directory = $conf['init_scripts'];
			if(substr($init_script_directory, -1) === '/') $init_script_directory = substr($init_script_directory, 0, -1);