From 8133de09d462f8221deefa29ef67877c6676d84d Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Wed, 22 Jan 2014 05:42:29 -0500
Subject: [PATCH] Added: apache version check in system library Changed: apps vhost is now a template (for apache version) Changed: template if tags can now be of format 'version' to make version comparisons (e.g. 2.12 > 2.2 !) Changed: New apache 2.4 syntax for deny from all (-> Require all denied) etc.
---
server/conf/vhost.conf.master | 54 +++++++++-
server/conf/apache_apps.vhost.master | 44 +++++---
server/conf/apache_ispconfig.conf.master | 65 ++++++++++--
server/lib/classes/tpl.inc.php | 21 +++-
server/plugins-available/apache2_plugin.inc.php | 7 +
server/plugins-available/apps_vhost_plugin.inc.php | 39 ++++---
server/lib/classes/system.inc.php | 25 +++++
7 files changed, 195 insertions(+), 60 deletions(-)
diff --git a/server/conf/apache_apps.vhost.master b/server/conf/apache_apps.vhost.master
index ff6d4da..49f829a 100644
--- a/server/conf/apache_apps.vhost.master
+++ b/server/conf/apache_apps.vhost.master
@@ -4,38 +4,46 @@
# for the ISPConfig apps vhost
######################################################
-{vhost_port_listen} Listen {apps_vhost_port}
-# NameVirtualHost *:{apps_vhost_port}
+{tmpl_var name='vhost_port_listen'} Listen {tmpl_var name='apps_vhost_port'}
+# NameVirtualHost *:{tmpl_var name='apps_vhost_port'}
-<VirtualHost {apps_vhost_ip}:{apps_vhost_port}>
+<VirtualHost {tmpl_var name='apps_vhost_ip'}:{tmpl_var name='apps_vhost_port'}>
ServerAdmin webmaster@localhost
- {apps_vhost_servername}
+ {tmpl_var name='apps_vhost_servername'}
<FilesMatch "\.ph(p3?|tml)$">
SetHandler None
</FilesMatch>
<IfModule mod_php5.c>
- DocumentRoot {apps_vhost_dir}
+ DocumentRoot {tmpl_var name='apps_vhost_dir'}
AddType application/x-httpd-php .php
- <Directory {apps_vhost_dir}>
- Options FollowSymLinks
- AllowOverride None
- Order allow,deny
- Allow from all
+ <Directory {tmpl_var name='apps_vhost_dir'}>
+ Options FollowSymLinks
+ AllowOverride None
+ {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+ Require all granted
+ {tmpl_else}
+ Order allow,deny
+ Allow from all
+ {/tmpl_if}
</Directory>
</IfModule>
<IfModule mod_fcgid.c>
- DocumentRoot {apps_vhost_dir}
+ DocumentRoot {tmpl_var name='apps_vhost_dir'}
SuexecUserGroup ispapps ispapps
- <Directory {apps_vhost_dir}>
- Options Indexes FollowSymLinks MultiViews +ExecCGI
- AllowOverride AuthConfig Indexes Limit Options FileInfo
- AddHandler fcgid-script .php
- FCGIWrapper {apps_vhost_basedir}/php-fcgi-scripts/apps/.php-fcgi-starter .php
- Order allow,deny
- Allow from all
+ <Directory {tmpl_var name='apps_vhost_dir'}>
+ Options Indexes FollowSymLinks MultiViews +ExecCGI
+ AllowOverride AuthConfig Indexes Limit Options FileInfo
+ AddHandler fcgid-script .php
+ FCGIWrapper {tmpl_var name='apps_vhost_basedir'}/php-fcgi-scripts/apps/.php-fcgi-starter .php
+ {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+ Require all granted
+ {tmpl_else}
+ Order allow,deny
+ Allow from all
+ {/tmpl_if}
</Directory>
</IfModule>
diff --git a/server/conf/apache_ispconfig.conf.master b/server/conf/apache_ispconfig.conf.master
index 5fb0f2c..a615198 100644
--- a/server/conf/apache_ispconfig.conf.master
+++ b/server/conf/apache_ispconfig.conf.master
@@ -8,61 +8,100 @@
<Directory /var/www/clients>
AllowOverride None
- Order Deny,Allow
- Deny from all
+ {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+ Require all deny
+ {tmpl_else}
+ Order Deny,Allow
+ Deny from all
+ {/tmpl_if}
</Directory>
# Do not allow access to the root file system of the server for security reasons
<Directory />
AllowOverride None
- Order Deny,Allow
- Deny from all
+ {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+ Require all deny
+ {tmpl_else}
+ Order Deny,Allow
+ Deny from all
+ {/tmpl_if}
</Directory>
<Directory /var/www/conf>
AllowOverride None
- Order Deny,Allow
- Deny from all
+ {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+ Require all deny
+ {tmpl_else}
+ Order Deny,Allow
+ Deny from all
+ {/tmpl_if}
</Directory>
# Except of the following directories that contain website scripts
<Directory /usr/share/phpmyadmin>
+ {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+ Require all granted
+ {tmpl_else}
Order allow,deny
Allow from all
+ {/tmpl_if}
</Directory>
<Directory /usr/share/phpMyAdmin>
+ {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+ Require all granted
+ {tmpl_else}
Order allow,deny
Allow from all
+ {/tmpl_if}
</Directory>
<Directory /usr/share/squirrelmail>
+ {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+ Require all granted
+ {tmpl_else}
Order allow,deny
Allow from all
+ {/tmpl_if}
</Directory>
# Allow access to mailman on OpenSuSE
<Directory /usr/lib/mailman/cgi-bin>
- AllowOverride All
- order allow,deny
- allow from all
+ {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+ Require all granted
+ {tmpl_else}
+ Order allow,deny
+ Allow from all
+ {/tmpl_if}
</Directory>
<Directory /usr/lib/mailman/icons>
- order allow,deny
- allow from all
+ {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+ Require all granted
+ {tmpl_else}
+ Order allow,deny
+ Allow from all
+ {/tmpl_if}
</Directory>
<Directory /var/lib/mailman/archives/>
Options +FollowSymLinks
- order allow,deny
- allow from all
+ {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+ Require all granted
+ {tmpl_else}
+ Order allow,deny
+ Allow from all
+ {/tmpl_if}
</Directory>
# allow path to awstats and alias for awstats icons
<Directory /usr/share/awstats>
+ {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+ Require all granted
+ {tmpl_else}
Order allow,deny
Allow from all
+ {/tmpl_if}
</Directory>
Alias /awstats-icon "/usr/share/awstats/icon"
diff --git a/server/conf/vhost.conf.master b/server/conf/vhost.conf.master
index 5d74512..0f8a79a 100644
--- a/server/conf/vhost.conf.master
+++ b/server/conf/vhost.conf.master
@@ -1,8 +1,12 @@
<Directory {tmpl_var name='web_basedir'}/{tmpl_var name='domain'}>
AllowOverride None
+ {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+ Require all deny
+ {tmpl_else}
Order Deny,Allow
Deny from all
+ {/tmpl_if}
</Directory>
<tmpl_loop name="vhosts">
@@ -55,8 +59,12 @@
<Directory {tmpl_var name='web_document_root_www'}>
Options FollowSymLinks
AllowOverride <tmpl_var name='allow_override'>
+ {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+ Require all granted
+ {tmpl_else}
Order allow,deny
Allow from all
+ {/tmpl_if}
<tmpl_if name='ssi' op='==' value='y'>
# ssi enabled
@@ -66,17 +74,25 @@
</tmpl_if>
<tmpl_if name='php' op='==' value='no'>
<Files ~ '.php[s3-6]{0,1}$'>
+ {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+ Require all denied
+ {tmpl_else}
Order allow,deny
Deny from all
Allow from none
+ {/tmpl_if}
</Files>
</tmpl_if>
</Directory>
<Directory {tmpl_var name='web_document_root'}>
Options FollowSymLinks
AllowOverride <tmpl_var name='allow_override'>
+ {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+ Require all granted
+ {tmpl_else}
Order allow,deny
Allow from all
+ {/tmpl_if}
<tmpl_if name='ssi' op='==' value='y'>
# ssi enabled
@@ -86,9 +102,13 @@
</tmpl_if>
<tmpl_if name='php' op='==' value='no'>
<Files ~ '.php[s3-6]{0,1}$'>
- Order allow,deny
- Deny from all
- Allow from none
+ {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+ Require all denied
+ {tmpl_else}
+ Order allow,deny
+ Deny from all
+ Allow from none
+ {/tmpl_if}
</Files>
</tmpl_if>
</Directory>
@@ -141,8 +161,12 @@
<tmpl_if name='cgi' op='==' value='y'>
# cgi enabled
<Directory {tmpl_var name='document_root'}/cgi-bin>
+ {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+ Require all granted
+ {tmpl_else}
Order allow,deny
Allow from all
+ {/tmpl_if}
</Directory>
ScriptAlias /cgi-bin/ <tmpl_var name='document_root'>/cgi-bin/
AddHandler cgi-script .cgi
@@ -189,8 +213,12 @@
Action php5-cgi /php5-cgi
AddHandler php5-cgi .php .php3 .php4 .php5
<Directory {tmpl_var name='cgi_starter_path'}>
- Order allow,deny
- Allow from all
+ {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+ Require all granted
+ {tmpl_else}
+ Order allow,deny
+ Allow from all
+ {/tmpl_if}
</Directory>
</tmpl_if>
<tmpl_if name='php' op='==' value='fast-cgi'>
@@ -224,23 +252,35 @@
FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php
Options +ExecCGI
AllowOverride <tmpl_var name='allow_override'>
+ {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+ Require all granted
+ {tmpl_else}
Order allow,deny
Allow from all
+ {/tmpl_if}
</Directory>
<Directory {tmpl_var name='web_document_root'}>
AddHandler fcgid-script .php .php3 .php4 .php5
FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php
Options +ExecCGI
AllowOverride <tmpl_var name='allow_override'>
+ {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+ Require all granted
+ {tmpl_else}
Order allow,deny
Allow from all
+ {/tmpl_if}
</Directory>
</tmpl_if>
<tmpl_if name='php' op='==' value='php-fpm'>
<IfModule mod_fastcgi.c>
<Directory {tmpl_var name='document_root'}/cgi-bin>
- Order allow,deny
- Allow from all
+ {tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+ Require all granted
+ {tmpl_else}
+ Order allow,deny
+ Allow from all
+ {/tmpl_if}
</Directory>
AddHandler php5-fcgi .php
Action php5-fcgi /php5-fcgi
diff --git a/server/lib/classes/system.inc.php b/server/lib/classes/system.inc.php
index a393384..a05f4f4 100644
--- a/server/lib/classes/system.inc.php
+++ b/server/lib/classes/system.inc.php
@@ -1724,6 +1724,31 @@
if(substr($init_script_directory, -1) === '/') $init_script_directory = substr($init_script_directory, 0, -1);
return $init_script_directory.'/'.$servicename.' '.$action;
}
+
+ function getapacheversion($get_minor = false) {
+ global $app;
+
+ $cmd = '';
+ if($this->is_installed('apache2ctl')) $cmd = 'apache2ctl -v';
+ elseif($this->is_installed('apachectl')) $cmd = 'apachectl -v';
+ else {
+ $app->log("Could not check apache version, apachectl not found.", LOGLEVEL_WARN);
+ return '2.2';
+ }
+
+ exec($cmd, $output, $return_var);
+ if($return_var != 0 || !$output[0]) {
+ $app->log("Could not check apache version, apachectl did not return any data.", LOGLEVEL_WARN);
+ return '2.2';
+ }
+
+ if(preg_match('/version:\s*Apache\/(\d+)(\.(\d+)(\.(\d+))*)?(\D|$)/i', $output[0], $matches)) {
+ return $matches[1] . (isset($matches[3]) ? '.' . $matches[3] : '') . (isset($matches[5]) && $get_minor == true ? '.' . $matches[5] : '');
+ } else {
+ $app->log("Could not check apache version, did not find version string in apachectl output.", LOGLEVEL_WARN);
+ return '2.2';
+ }
+ }
}
diff --git a/server/lib/classes/tpl.inc.php b/server/lib/classes/tpl.inc.php
index deb9ca1..b4d8ca2 100644
--- a/server/lib/classes/tpl.inc.php
+++ b/server/lib/classes/tpl.inc.php
@@ -1109,7 +1109,7 @@
* @access private
* @return string used for eval'ing
*/
- function _parseIf ($varname, $value=null, $op=null, $namespace=null) {
+ function _parseIf ($varname, $value=null, $op=null, $namespace=null, $format=null) {
if (isset($namespace)) $namespace = substr($namespace, 0, -1);
$comp_str = ''; // used for extended if statements
@@ -1151,10 +1151,19 @@
}
}
if ($this->OPTIONS['GLOBAL_VARS'] && empty($namespace)) {
- return '(('.$retstr.'[\''.$varname.'\'] !== null) ? '.$retstr.'[\''.$varname.'\'] : $this->_vars[\''.$varname.'\'])'.$comp_str;
+ $retstr = '(('.$retstr.'[\''.$varname.'\'] !== null) ? '.$retstr.'[\''.$varname.'\'] : $this->_vars[\''.$varname.'\'])';
+ if(isset($format) && isset($value) && $format == 'version') {
+ return 'version_compare(' . $retstr . ', \'' . $value . '\', ' . (!empty($op) ? $op : '==') . ')';
+ } else {
+ return $retstr.$comp_str;
+ }
}
else {
- return $retstr."['".$varname."']".$comp_str;
+ if(isset($format) && isset($value) && $format == 'version') {
+ return 'version_compare(' . $retstr."['".$varname."']" . ', \'' . $value . '\', ' . (!empty($op) ? $op : '==') . ')';
+ } else {
+ return $retstr."['".$varname."']".$comp_str;
+ }
}
}
@@ -1330,15 +1339,15 @@
break;
case 'if':
- return '<?php if ('. $this->_parseIf($var, @$value, @$op, @$namespace) .') { ?>'.$newline;
+ return '<?php if ('. $this->_parseIf($var, @$value, @$op, @$namespace, @$format) .') { ?>'.$newline;
break;
case 'unless':
- return '<?php if (!'. $this->_parseIf($var, @$value, @$op, @$namespace) .') { ?>'.$newline;
+ return '<?php if (!'. $this->_parseIf($var, @$value, @$op, @$namespace, @$format) .') { ?>'.$newline;
break;
case 'elseif':
- return '<?php } elseif ('. $this->_parseIf($var, @$value, @$op, @$namespace) .') { ?>'.$newline;
+ return '<?php } elseif ('. $this->_parseIf($var, @$value, @$op, @$namespace, @$format) .') { ?>'.$newline;
break;
case 'loop':
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 4007a7d..0901c23 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -930,6 +930,7 @@
}
$tpl->setVar($vhost_data);
+ $tpl->setVar('apache_version', $app->system->getapacheversion());
// Rewrite rules
$rewrite_rules = array();
@@ -1136,6 +1137,7 @@
$fcgi_tpl = new tpl();
$fcgi_tpl->newTemplate('php-fcgi-starter.master');
+ $fcgi_tpl->setVar('apache_version', $app->system->getapacheversion());
// Support for multiple PHP versions (FastCGI)
if(trim($data['new']['fastcgi_php_version']) != ''){
@@ -1275,6 +1277,7 @@
$cgi_tpl = new tpl();
$cgi_tpl->newTemplate('php-cgi-starter.master');
+ $cgi_tpl->setVar('apache_version', $app->system->getapacheversion());
// This works because PHP "rewrites" a symlink to the physical path
$php_open_basedir = ($data['new']['php_open_basedir'] == '')?$data['new']['document_root']:$data['new']['php_open_basedir'];
@@ -1909,6 +1912,7 @@
$tpl = new tpl();
$tpl->newTemplate('apache_ispconfig.conf.master');
+ $tpl->setVar('apache_version', $app->system->getapacheversion());
$records = $app->db->queryAllRecords('SELECT * FROM server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'");
$records_out= array();
@@ -2609,7 +2613,8 @@
$app->load('tpl');
$tpl = new tpl();
$tpl->newTemplate('php_fpm_pool.conf.master');
-
+ $tpl->setVar('apache_version', $app->system->getapacheversion());
+
if($data['new']['php_fpm_use_socket'] == 'y'){
$use_tcp = 0;
$use_socket = 1;
diff --git a/server/plugins-available/apps_vhost_plugin.inc.php b/server/plugins-available/apps_vhost_plugin.inc.php
index 8251863..320f3d0 100644
--- a/server/plugins-available/apps_vhost_plugin.inc.php
+++ b/server/plugins-available/apps_vhost_plugin.inc.php
@@ -80,13 +80,12 @@
$web_config = $app->getconf->get_server_config($conf["server_id"], 'web');
if($web_config['server_type'] == 'apache'){
- // Dont just copy over the virtualhost template but add some custom settings
- if(file_exists($conf["rootpath"]."/conf-custom/apache_apps.vhost.master")) {
- $content = file_get_contents($conf["rootpath"]."/conf-custom/apache_apps.vhost.master");
- } else {
- $content = file_get_contents($conf["rootpath"]."/conf/apache_apps.vhost.master");
- }
+ $app->load('tpl');
+ $tpl = new tpl();
+ $tpl->newTemplate('apache_apps.vhost.master');
+
+ $tpl->setVar('apache_version', $app->system->getapacheversion());
$vhost_conf_dir = $web_config['vhost_conf_dir'];
$vhost_conf_enabled_dir = $web_config['vhost_conf_enabled_dir'];
@@ -95,21 +94,31 @@
$web_config['apps_vhost_port'] = (empty($web_config['apps_vhost_port']))?8081:$web_config['apps_vhost_port'];
$web_config['apps_vhost_ip'] = (empty($web_config['apps_vhost_ip']))?'_default_':$web_config['apps_vhost_ip'];
+ $tpl->setVar('apps_vhost_ip', $web_config['apps_vhost_ip']);
+ $tpl->setVar('apps_vhost_port', $web_config['apps_vhost_port']);
+ $tpl->setVar('apps_vhost_dir', $web_config['website_basedir'].'/apps');
+ $tpl->setVar('apps_vhost_servername', $apps_vhost_servername);
+ $tpl->setVar('apps_vhost_basedir', $web_config['website_basedir']);
+
+ $vhost_port_listen = '';
+ // comment out the listen directive if port is 80 or 443
+ if($web_config['apps_vhost_port'] == 80 or $web_config['apps_vhost_port'] == 443) {
+ $vhost_port_listen = '#';
+ }
+ $tpl->setVar('vhost_port_listen', $vhost_port_listen);
+
+ $content = $tpl->grab();
+
+ /* for backwards compatibility we replace the old syntax by hand now */
$content = str_replace('{apps_vhost_ip}', $web_config['apps_vhost_ip'], $content);
$content = str_replace('{apps_vhost_port}', $web_config['apps_vhost_port'], $content);
$content = str_replace('{apps_vhost_dir}', $web_config['website_basedir'].'/apps', $content);
$content = str_replace('{apps_vhost_servername}', $apps_vhost_servername, $content);
$content = str_replace('{apps_vhost_basedir}', $web_config['website_basedir'], $content);
+ $content = str_replace('{vhost_port_listen}', $vhost_port_listen, $content);
+ /* end of backwards compatibility section */
-
- // comment out the listen directive if port is 80 or 443
- if($web_config['apps_vhost_port'] == 80 or $web_config['apps_vhost_port'] == 443) {
- $content = str_replace('{vhost_port_listen}', '#', $content);
- } else {
- $content = str_replace('{vhost_port_listen}', '', $content);
- }
-
- file_put_contents("$vhost_conf_dir/apps.vhost", $content);
+ $app->system->file_put_contents("$vhost_conf_dir/apps.vhost", $content);
$app->services->restartServiceDelayed('httpd', 'restart');
}
--
Gitblit v1.9.1