From 4569cae57f127afd093794310ccd290d2d9fdf36 Mon Sep 17 00:00:00 2001 From: Marius Burkard <m.burkard@pixcept.de> Date: Wed, 20 Apr 2016 10:58:46 -0400 Subject: [PATCH] Merge branch 'stable-3.1' --- install/lib/installer_base.lib.php | 275 ++++++++++++++++++++++++++++++++++++++++++++---------- 1 files changed, 222 insertions(+), 53 deletions(-) diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php index 87533e6..5794355 100644 --- a/install/lib/installer_base.lib.php +++ b/install/lib/installer_base.lib.php @@ -36,6 +36,7 @@ public $conf; public $install_ispconfig_interface = true; public $is_update = false; // true if it is an update, falsi if it is a new install + public $min_php = '5.3.3'; // minimal php-version for update / install protected $mailman_group = 'list'; @@ -66,6 +67,12 @@ $input = $default; } else { $input = $autoinstall[$name]; + } + } elseif($name != '' && $autoupdate[$name] != '') { + if($autoupdate[$name] == 'default') { + $input = $default; + } else { + $input = $autoupdate[$name]; } } else { $answers_str = implode(',', $answers); @@ -104,6 +111,12 @@ } else { $input = $autoinstall[$name]; } + } elseif($name != '' && $autoupdate[$name] != '') { + if($autoupdate[$name] == 'default') { + $input = $default; + } else { + $input = $autoupdate[$name]; + } } else { swrite($this->lng($query).' ['.$default.']: '); $input = sread(); @@ -130,6 +143,12 @@ } */ + //** Detect PHP-Version + public function get_php_version() { + if(version_compare(PHP_VERSION, $this->min_php, '<')) return false; + else return true; + } + //** Detect installed applications public function find_installed_apps() { global $conf; @@ -153,9 +172,9 @@ if(is_installed('squid')) $conf['squid']['installed'] = true; if(is_installed('nginx')) $conf['nginx']['installed'] = true; if(is_installed('iptables') && is_installed('ufw')) $conf['ufw']['installed'] = true; + if(is_installed('iptables') && is_installed('bastille-netfilter')) $conf['firewall']['installed'] = true; if(is_installed('fail2ban-server')) $conf['fail2ban']['installed'] = true; if(is_installed('vzctl')) $conf['openvz']['installed'] = true; - if(is_installed('iptables') && is_installed('bastille-netfilter')) $conf['bastille']['installed'] = true; if(is_installed('metronome') && is_installed('metronomectl')) $conf['xmpp']['installed'] = true; if(is_installed('spamassassin')) $conf['spamassassin']['installed'] = true; if(is_installed('vlogger')) $conf['vlogger']['installed'] = true; @@ -166,7 +185,11 @@ public function force_configure_app($service, $enable_force=true) { $force = false; - swriteln("[WARN] autodetect for $service failed"); + if($enable_force == true) { + swriteln("[WARN] autodetect for $service failed"); + } else { + swriteln("[INFO] service $service not detected"); + } if($enable_force) { if(strtolower($this->simple_query("Force configure $service", array('y', 'n'), 'n') ) == 'y') { $force = true; @@ -175,6 +198,19 @@ return $force; } + public function reconfigure_app($service, $reconfigure_services_answer) { + $reconfigure = false; + if ($reconfigure_services_answer != 'selected') { + $reconfigure = true; + } else { + if(strtolower($this->simple_query("Reconfigure $service", array('y', 'n'), 'y') ) == 'y') { + $reconfigure = true; + } else { + swriteln("Skip reconfigure $service\n"); + } + } + return $reconfigure; + } /** Create the database for ISPConfig */ @@ -185,7 +221,12 @@ //* check sql-mode $check_sql_mode = $this->db->queryOneRecord("SELECT @@sql_mode"); - if ($check_sql_mode['@@sql_mode'] != '' && $check_sql_mode['@@sql_mode'] != 'NO_ENGINE_SUBSTITUTION') die('Wrong SQL-mode. You should use NO_ENGINE_SUBSTITUTION'); + if ($check_sql_mode['@@sql_mode'] != '' && $check_sql_mode['@@sql_mode'] != 'NO_ENGINE_SUBSTITUTION') { + echo "Wrong SQL-mode. You should use NO_ENGINE_SUBSTITUTION. Add\n\n"; + echo " sql-mode=\"NO_ENGINE_SUBSTITUTION\"\n\n"; + echo"to the mysqld-section in /etc/mysql/my.cnf and restart mysqld afterwards\n"; + die(); + } //** Create the database if(!$this->db->query('CREATE DATABASE IF NOT EXISTS ?? DEFAULT CHARACTER SET ?', $conf['mysql']['database'], $conf['mysql']['charset'])) { @@ -231,18 +272,14 @@ } // Delete ISPConfig user in the local database, in case that it exists - $this->db->query("DELETE FROM mysql.user WHERE User = ? AND Host = ?", $conf['mysql']['ispconfig_user'], $from_host); - $this->db->query("DELETE FROM mysql.db WHERE Db = ? AND Host = ?", $conf['mysql']['database'], $from_host); - $this->db->query('FLUSH PRIVILEGES'); + $this->db->query("DROP USER ?@?", $conf['mysql']['ispconfig_user'], $from_host); + $this->db->query("DROP DATABASE IF EXISTS ?", $conf['mysql']['database']); //* Create the ISPConfig database user in the local database $query = 'GRANT SELECT, INSERT, UPDATE, DELETE ON ?? TO ?@? IDENTIFIED BY ?'; if(!$this->db->query($query, $conf['mysql']['database'] . ".*", $conf['mysql']['ispconfig_user'], $from_host, $conf['mysql']['ispconfig_password'])) { $this->error('Unable to create database user: '.$conf['mysql']['ispconfig_user'].' Error: '.$this->db->errorMessage); } - - //* Reload database privelages - $this->db->query('FLUSH PRIVILEGES;'); //* Set the database name in the DB library $this->db->setDBName($conf['mysql']['database']); @@ -333,7 +370,7 @@ $conf['server_id'] = $conf['server_id']; //* Insert the same record in the local DB - $sql = "INSERT INTO `server` (`server_id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES (?,1, 1, 'riud', 'riud', 'r', ?, ?, ?, ?, ?, ?, ?, 0, 1, ?, ?, ?);"; + $sql = "INSERT INTO `server` (`server_id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES (?,1, 1, 'riud', 'riud', 'r', ?, ?, ?, ?, ?, ?, ?, ?, 0, 1, ?, ?, ?);"; $this->db->query($sql, $conf['server_id'], $conf['hostname'], $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $server_ini_content, $current_db_version, $proxy_server_enabled, $firewall_server_enabled); //* username for the ispconfig user @@ -350,6 +387,84 @@ } + } + + public function detect_ips(){ + global $conf; + + exec("ip addr show | awk '/global/ { print $2 }' | cut -d '/' -f 1", $output, $retval); + + if($retval == 0){ + if(is_array($output) && !empty($output)){ + foreach($output as $line){ + $line = trim($line); + $ip_type = ''; + if (filter_var($line, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) { + $ip_type = 'IPv4'; + } + if (filter_var($line, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { + $ip_type = 'IPv6'; + } + if($ip_type == '') continue; + if($this->db->dbHost != $this->dbmaster->dbHost){ + $this->dbmaster->query('INSERT INTO server_ip ( + sys_userid, sys_groupid, sys_perm_user, sys_perm_group, + sys_perm_other, server_id, client_id, ip_type, ip_address, + virtualhost, virtualhost_port + ) VALUES ( + 1, + 1, + "riud", + "riud", + "", + ?, + 0, + ?, + ?, + "y", + "80,443" + )', $conf['server_id'], $ip_type, $line); + $server_ip_id = $this->dbmaster->insertID(); + $this->db->query('INSERT INTO server_ip ( + server_php_id, sys_userid, sys_groupid, sys_perm_user, sys_perm_group, + sys_perm_other, server_id, client_id, ip_type, ip_address, + virtualhost, virtualhost_port + ) VALUES ( + ?, + 1, + 1, + "riud", + "riud", + "", + ?, + 0, + ?, + ?, + "y", + "80,443" + )', $server_ip_id, $conf['server_id'], $ip_type, $line); + } else { + $this->db->query('INSERT INTO server_ip ( + sys_userid, sys_groupid, sys_perm_user, sys_perm_group, + sys_perm_other, server_id, client_id, ip_type, ip_address, + virtualhost, virtualhost_port + ) VALUES ( + 1, + 1, + "riud", + "riud", + "", + ?, + 0, + ?, + ?, + "y", + "80,443" + )', $conf['server_id'], $ip_type, $line); + } + } + } + } } public function grant_master_database_rights($verbose = false) { @@ -543,12 +658,17 @@ if(!$this->dbmaster->query($query, $value['db'] . '.mail_backup', $value['user'], $host)) { $this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage); } + + $query = "GRANT SELECT, UPDATE(`dnssec_initialized`, `dnssec_info`, `dnssec_last_signed`) ON ?? TO ?@?"; + if ($verbose){ + echo $query ."\n"; + } + if(!$this->dbmaster->query($query, $value['db'] . '.dns_soa', $value['user'], $host)) { + $this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage); + } + } - /* - * It is all done. Relod the rights... - */ - $this->dbmaster->query('FLUSH PRIVILEGES'); } } @@ -683,10 +803,25 @@ exec('/usr/sbin/postmap /var/lib/mailman/data/transport-mailman'); } - //* with postfix >= 2.9 we can detect configured services with postconf - public function postfix_master() { - exec("postconf -M", $out, $ret); - return $ret===0?true:false; + public function get_postfix_service($service, $type) { + global $conf; + + exec("postconf -M", $out, $ret); + + if ($ret === 0) { //* with postfix >= 2.9 we can detect configured services with postconf + unset($out); + exec ("postconf -M $service/$type 2> /dev/null", $out, $ret); //* Postfix >= 2.11 + if (!isset($out[0])) { //* try Postfix 2.9 + exec ("postconf -M $service.$type 2> /dev/null", $out, $ret); + } + $postfix_service = @($out[0]=='')?false:true; + } else { //* fallback - Postfix < 2.9 + rf($conf['postfix']['config_dir'].'/master.cf'); + $regex = '/[^#]'.$service.'.*.'.$type.'.*/'; + $postfix_service = @(!preg_match($regex, $content))?true:false; + } + + return $postfix_service; } public function configure_postfix($options = '') { @@ -786,6 +921,8 @@ } unset($server_ini_array); + $tmp = str_replace('.','\.',$conf['hostname']); + $postconf_placeholders = array('{config_dir}' => $config_dir, '{vmail_mailbox_base}' => $cf['vmail_mailbox_base'], '{vmail_userid}' => $cf['vmail_userid'], @@ -793,6 +930,7 @@ '{rbl_list}' => $rbl_list, '{greylisting}' => $greylisting, '{reject_slm}' => $reject_sender_login_mismatch, + '{myhostname}' => $tmp, ); $postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_postfix.conf.master', 'tpl/debian_postfix.conf.master'); @@ -822,6 +960,27 @@ exec('postmap /var/lib/mailman/data/virtual-mailman'); if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman'); exec('/usr/sbin/postmap /var/lib/mailman/data/transport-mailman'); + + //* Create auxillary postfix conf files + $configfile = 'helo_access'; + if(is_file($config_dir.'/'.$configfile)) { + copy($config_dir.'/'.$configfile, $config_dir.'/'.$configfile.'~'); + chmod($config_dir.'/'.$configfile.'~', 0400); + } + $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master'); + $content = strtr($content, $postconf_placeholders); + # todo: look up this server's ip addrs and loop through each + # todo: look up domains hosted on this server and loop through each + wf($config_dir.'/'.$configfile, $content); + + $configfile = 'blacklist_helo'; + if(is_file($config_dir.'/'.$configfile)) { + copy($config_dir.'/'.$configfile, $config_dir.'/'.$configfile.'~'); + chmod($config_dir.'/'.$configfile.'~', 0400); + } + $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master'); + $content = strtr($content, $postconf_placeholders); + wf($config_dir.'/'.$configfile, $content); //* Make a backup copy of the main.cf file copy($config_dir.'/main.cf', $config_dir.'/main.cf~'); @@ -854,10 +1013,10 @@ //* Check maildrop service in posfix master.cf $regex = "/^maildrop unix.*pipe flags=DRhu user=vmail argv=\\/usr\\/bin\\/maildrop -d ".$cf['vmail_username']." \\$\{extension} \\$\{recipient} \\$\{user} \\$\{nexthop} \\$\{sender}/"; $configfile = $config_dir.'/master.cf'; - if ($this->postfix_master()) { - exec ("postconf -M maildrop.unix", $out, $ret); + if($this->get_postfix_service('maildrop', 'unix')) { + exec ("postconf -M maildrop.unix &> /dev/null", $out, $ret); $change_maildrop_flags = @(preg_match($regex, $out[0]) && $out[0] !='')?false:true; - } else { //* fallback - postfix < 2.9 + } else { $change_maildrop_flags = @(preg_match($regex, $configfile))?false:true; } if ($change_maildrop_flags) { @@ -1033,15 +1192,9 @@ } $config_dir = $conf['postfix']['config_dir']; + //* Configure master.cf and add a line for deliver - if ($this->postfix_master()) { - exec ("postconf -M dovecot.unix", $out, $ret); - $add_dovecot_service = @($out[0]=='')?true:false; - } else { //* fallback - postfix < 2.9 - $content = rf($config_dir.'/master.cf'); - $add_dovecot_service = @(!stristr($content, "dovecot/deliver"))?true:false; - } - if($add_dovecot_service) { + if(!$this->get_postfix_service('dovecot', 'unix')) { //* backup if(is_file($config_dir.'/master.cf')){ copy($config_dir.'/master.cf', $config_dir.'/master.cf~2'); @@ -1051,7 +1204,7 @@ } //* Configure master.cf and add a line for deliver $content = rf($conf["postfix"]["config_dir"].'/master.cf'); - $deliver_content = 'dovecot unix - n n - - pipe'."\n".' flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}'; + $deliver_content = 'dovecot unix - n n - - pipe'."\n".' flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}'."\n"; af($config_dir.'/master.cf', $deliver_content); unset($content); unset($deliver_content); @@ -1173,25 +1326,12 @@ caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); } - $config_dir = $conf['postfix']; + $config_dir = $conf['postfix']['config_dir']; // Adding amavis-services to the master.cf file if the service does not already exists - if ($this->postfix_master()) { - exec ("postconf -M amavis.unix", $out, $ret); - $add_amavis = @($out[0]=='')?true:false; - unset($out); - exec ("postconf -M 127.0.0.1:10025.inet", $out, $ret); - $add_amavis_10025 = @($out[0]=='')?true:false; - unset($out); - exec ("postconf -M 127.0.0.1:10027.inet", $out, $ret); - $add_amavis_10027 = @($out[0]=='')?true:false; - unset($out); - } else { //* fallback - postfix < 2.9 - $content = rf($conf['postfix']['config_dir'].'/master.cf'); - $add_amavis = @(!preg_match('/^amavis\s+unix\s+/m', $content))?true:false; - $add_amavis_10025 = @(!preg_match('/^127.0.0.1:10025\s+/m', $content))?true:false; - $add_amavis_10027 = @(!preg_match('/^127.0.0.1:10027\s+/m', $content))?true:false; - } + $add_amavis = !$this->get_postfix_service('amavis','unix'); + $add_amavis_10025 = !$this->get_postfix_service('127.0.0.1:10025','inet'); + $add_amavis_10027 = !$this->get_postfix_service('127.0.0.1:10027','inet'); if ($add_amavis || $add_amavis_10025 || $add_amavis_10027) { //* backup master.cf @@ -1342,9 +1482,6 @@ $this->error('Unable to create user for powerdns database Error: '.$this->db->errorMessage); } - //* Reload database privelages - $this->db->query('FLUSH PRIVILEGES'); - //* load the powerdns databse dump if($conf['mysql']['admin_password'] == '') { caselog("mysql --default-character-set=".$conf['mysql']['charset']." -h '".$conf['mysql']['host']."' -u '".$conf['mysql']['admin_user']."' '".$conf['powerdns']['database']."' < '".ISPC_INSTALL_ROOT."/install/sql/powerdns.sql' &> /dev/null", @@ -1371,6 +1508,27 @@ } + + //** writes bind configuration files + public function process_bind_file($configfile, $target='/', $absolute=false) { + global $conf; + + if ($absolute) $full_file_name = $target.$configfile; + else $full_file_name = $conf['ispconfig_install_dir'].$target.$configfile; + + //* Backup exiting file + if(is_file($full_file_name)) { + copy($full_file_name, $config_dir.$configfile.'~'); + } + $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master'); + $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content); + $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content); + $content = str_replace('{mysql_server_ispconfig_database}', $conf['mysql']['database'], $content); + $content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content); + $content = str_replace('{ispconfig_install_dir}', $conf['ispconfig_install_dir'], $content); + $content = str_replace('{dnssec_conffile}', $conf['ispconfig_install_dir'].'/server/scripts/dnssec-config.sh', $content); + wf($full_file_name, $content); + } public function configure_bind() { global $conf; @@ -1383,13 +1541,15 @@ //* Create the slave subdirectory $content .= 'slave'; - if(!@is_dir($content)) mkdir($content, 2770, true); + if(!@is_dir($content)) mkdir($content, 02770, true); //* Chown the slave subdirectory to $conf['bind']['bind_user'] chown($content, $conf['bind']['bind_user']); chgrp($content, $conf['bind']['bind_group']); - chmod($content, 2770); - + chmod($content, 02770); + + //* Install scripts for dnssec implementation + $this->process_bind_file('named.conf.options', '/etc/bind/', true); //TODO replace hardcoded path } @@ -1538,6 +1698,11 @@ // Comment out the namevirtualhost lines, as they were added by ispconfig in ispconfig.conf file again replaceLine('/etc/apache2/ports.conf', 'NameVirtualHost *:80', '# NameVirtualHost *:80', 1); replaceLine('/etc/apache2/ports.conf', 'NameVirtualHost *:443', '# NameVirtualHost *:443', 1); + } + + if(is_file('/etc/apache2/mods-available/fcgid.conf')) { + // add or modify the parameters for fcgid.conf + replaceLine('/etc/apache2/mods-available/fcgid.conf','MaxRequestLen','MaxRequestLen 15728640',1); } if(is_file('/etc/apache2/apache.conf')) { @@ -1913,6 +2078,10 @@ } $content = str_replace('{use_tcp}', $use_tcp, $content); $content = str_replace('{use_socket}', $use_socket, $content); + + // SSL in apps vhost is off by default. Might change later. + $content = str_replace('{ssl_on}', 'off', $content); + $content = str_replace('{ssl_comment}', '#', $content); wf($vhost_conf_dir.'/apps.vhost', $content); -- Gitblit v1.9.1