Newer
Older
$issued_successfully = false;
Hj Ahmad Rasyid Hj Ismail
committed
// Backup existing ispserver ssl files
if(file_exists($ssl_crt_file) || is_link($ssl_crt_file)) {
rename($ssl_crt_file, $ssl_crt_file . '-temporary.bak');
}
if(file_exists($ssl_key_file) || is_link($ssl_key_file)) {
rename($ssl_key_file, $ssl_key_file . '-temporary.bak');
}
if(file_exists($ssl_pem_file) || is_link($ssl_pem_file)) {
rename($ssl_pem_file, $ssl_pem_file . '-temporary.bak');
}
Hj Ahmad Rasyid Hj Ismail
committed
Hj Ahmad Rasyid Hj Ismail
committed
// Attempt to use Neilpang acme.sh first, as it is now the preferred LE client
if (is_executable($acme)) {
$acme_cert_dir = dirname($acme) . '/' . $hostname;
swriteln('acme.sh is installed, overriding certificate path to use ' . $acme_cert_dir);
Hj Ahmad Rasyid Hj Ismail
committed
# acme.sh does not set umask, resulting in incorrect permissions (ispconfig issue #6015)
$old_umask = umask(0022);
Hj Ahmad Rasyid Hj Ismail
committed
$out = null;
$ret = null;
if($conf['nginx']['installed'] == true || $conf['apache']['installed'] == true) {
exec("$acme --issue -w /usr/local/ispconfig/interface/acme -d " . escapeshellarg($hostname) . " $renew_hook", $out, $ret);
Hj Ahmad Rasyid Hj Ismail
committed
}
// Else, it is not webserver, so we use standalone
else {
exec("$acme --issue --standalone -d " . escapeshellarg($hostname) . " $hook", $out, $ret);
Hj Ahmad Rasyid Hj Ismail
committed
}
if($ret == 0 || ($ret == 2 && file_exists($check_acme_file))) {
// acme.sh returns with 2 on issue for already existing certificate
$check_acme_file = $ssl_crt_file;
// Define LE certs name and path, then install them
//$acme_cert = "--cert-file $acme_cert_dir/cert.pem";
$acme_key = "--key-file " . escapeshellarg($ssl_key_file);
$acme_chain = "--fullchain-file " . escapeshellarg($ssl_crt_file);
exec("$acme --install-cert -d " . escapeshellarg($hostname) . " $acme_key $acme_chain");
$issued_successfully = true;
Hj Ahmad Rasyid Hj Ismail
committed
// Make temporary backup of self-signed certs permanent
if(file_exists($ssl_crt_file.'-temporary.bak') || is_link($ssl_crt_file.'-temporary.bak'))
rename($ssl_crt_file.'-temporary.bak', $ssl_crt_file.'-'.$date->format('YmdHis').'.bak');
if(file_exists($ssl_key_file.'-temporary.bak') || is_link($ssl_key_file.'-temporary.bak'))
rename($ssl_key_file.'-temporary.bak', $ssl_key_file.'-'.$date->format('YmdHis').'.bak');
if(file_exists($ssl_pem_file.'-temporary.bak') || is_link($ssl_pem_file.'-temporary.bak'))
rename($ssl_pem_file.'-temporary.bak', $ssl_pem_file.'-'.$date->format('YmdHis').'.bak');
} else {
swriteln('Issuing certificate via acme.sh failed. Please check that your hostname can be verified by letsencrypt');
Hj Ahmad Rasyid Hj Ismail
committed
Hj Ahmad Rasyid Hj Ismail
committed
// Restore temporary backup of self-signed certs
if(file_exists($ssl_crt_file.'-temporary.bak') || is_link($ssl_crt_file.'-temporary.bak'))
rename($ssl_crt_file.'-temporary.bak', $ssl_crt_file);
if(file_exists($ssl_key_file.'-temporary.bak') || is_link($ssl_key_file.'-temporary.bak'))
rename($ssl_key_file.'-temporary.bak', $ssl_key_file);
if(file_exists($ssl_pem_file.'-temporary.bak') || is_link($ssl_pem_file.'-temporary.bak'))
rename($ssl_pem_file.'-temporary.bak', $ssl_pem_file);
Hj Ahmad Rasyid Hj Ismail
committed
// Else, we attempt to use the official LE certbot client certbot
} else {
// But only if it is otherwise available
if(is_executable($le_client)) {
$out = null;
$ret = null;
Hj Ahmad Rasyid Hj Ismail
committed
// Get its version info due to be used for webroot arguement issues
$le_info = exec($le_client . ' --version 2>&1', $ret, $val);
if(preg_match('/^(\S+|\w+)\s+(\d+(\.\d+)+)$/', $le_info, $matches)) {
$le_version = $matches[2];
}
// Define certbot commands
$acme_version = '--server https://acme-v0' . (($le_version >=0.22) ? '2' : '1') . '.api.letsencrypt.org/directory';
$certonly = 'certonly --agree-tos --non-interactive --expand --rsa-key-size 4096';
// If this is a webserver
if($conf['nginx']['installed'] == true || $conf['apache']['installed'] == true) {
exec("$le_client $certonly $acme_version --authenticator webroot --webroot-path /usr/local/ispconfig/interface/acme --email " . escapeshellarg('postmaster@' . $hostname) . " -d " . escapeshellarg($hostname) . " $renew_hook", $out, $ret);
Hj Ahmad Rasyid Hj Ismail
committed
// Else, it is not webserver, so we use standalone
else {
exec("$le_client $certonly $acme_version --standalone --email " . escapeshellarg('postmaster@' . $hostname) . " -d " . escapeshellarg($hostname) . " $hook", $out, $ret);
}
if($ret == 0) {
// certbot returns with 0 on issue for already existing certificate
$acme_cert_dir = '/etc/letsencrypt/live/' . $hostname;
symlink($acme_cert_dir . '/fullchain.pem', $ssl_crt_file);
symlink($acme_cert_dir . '/privkey.pem', $ssl_key_file);
$issued_successfully = true;
Hj Ahmad Rasyid Hj Ismail
committed
// Make temporary backup of self-signed certs permanent
if(file_exists($ssl_crt_file.'-temporary.bak') || is_link($ssl_crt_file.'-temporary.bak'))
rename($ssl_crt_file.'-temporary.bak', $ssl_crt_file.'-'.$date->format('YmdHis').'.bak');
if(file_exists($ssl_key_file.'-temporary.bak') || is_link($ssl_key_file.'-temporary.bak'))
rename($ssl_key_file.'-temporary.bak', $ssl_key_file.'-'.$date->format('YmdHis').'.bak');
if(file_exists($ssl_pem_file.'-temporary.bak') || is_link($ssl_pem_file.'-temporary.bak'))
rename($ssl_pem_file.'-temporary.bak', $ssl_pem_file.'-'.$date->format('YmdHis').'.bak');
} else {
swriteln('Issuing certificate via certbot failed. Please check log files and make sure that your hostname can be verified by letsencrypt');
Hj Ahmad Rasyid Hj Ismail
committed
// Restore temporary backup of self-signed certs
if(file_exists($ssl_crt_file.'-temporary.bak') || is_link($ssl_crt_file.'-temporary.bak'))
rename($ssl_crt_file.'-temporary.bak', $ssl_crt_file);
if(file_exists($ssl_key_file.'-temporary.bak') || is_link($ssl_key_file.'-temporary.bak'))
rename($ssl_key_file.'-temporary.bak', $ssl_key_file);
if(file_exists($ssl_pem_file.'-temporary.bak') || is_link($ssl_pem_file.'-temporary.bak'))
rename($ssl_pem_file.'-temporary.bak', $ssl_pem_file);
} else {
swriteln('Did not find any valid acme client (acme.sh or certbot)');
Hj Ahmad Rasyid Hj Ismail
committed
}
}
if($restore_conf_symlink) {
if(!@is_link($vhost_conf_enabled_dir.'/000-ispconfig.conf')) {
symlink($vhost_conf_dir.'/ispconfig.conf', $vhost_conf_enabled_dir.'/000-ispconfig.conf');
}
}
if($ip_address_match) {
// the directory already exists so we have to assume that it was created previously
$issued_successfully = true;
}
Hj Ahmad Rasyid Hj Ismail
committed
}
// If the LE SSL certs for this hostname exists
if(!is_dir($acme_cert_dir) || !file_exists($check_acme_file) || !$issued_successfully) {
if(!$issued_successfully) {
swriteln('Could not issue letsencrypt certificate, falling back to self-signed.');
} else {
swriteln('Issuing certificate seems to have succeeded but ' . $check_acme_file . ' seems to be missing. Falling back to self-signed.');
}
Hj Ahmad Rasyid Hj Ismail
committed
// We can still use the old self-signed method
$ssl_pw = substr(md5(mt_rand()), 0, 6);
exec("openssl genrsa -des3 -passout pass:$ssl_pw -out $ssl_key_file 4096");
if(AUTOINSTALL){
exec("openssl req -new -passin pass:$ssl_pw -passout pass:$ssl_pw -subj '/C=".escapeshellcmd($autoinstall['ssl_cert_country'])."/ST=".escapeshellcmd($autoinstall['ssl_cert_state'])."/L=".escapeshellcmd($autoinstall['ssl_cert_locality'])."/O=".escapeshellcmd($autoinstall['ssl_cert_organisation'])."/OU=".escapeshellcmd($autoinstall['ssl_cert_organisation_unit'])."/CN=".escapeshellcmd($autoinstall['ssl_cert_common_name'])."' -key $ssl_key_file -out $ssl_csr_file");
} else {
exec("openssl req -new -passin pass:$ssl_pw -passout pass:$ssl_pw -key $ssl_key_file -out $ssl_csr_file");
}
exec("openssl req -x509 -passin pass:$ssl_pw -passout pass:$ssl_pw -key $ssl_key_file -in $ssl_csr_file -out $ssl_crt_file -days 3650");
exec("openssl rsa -passin pass:$ssl_pw -in $ssl_key_file -out $ssl_key_file.insecure");
rename($ssl_key_file, $ssl_key_file.'.secure');
rename($ssl_key_file.'.insecure', $ssl_key_file);
Hj Ahmad Rasyid Hj Ismail
committed
// Build ispserver.pem file and chmod it
if(file_exists($ssl_key_file)) {
exec("cat $ssl_key_file $ssl_crt_file > $ssl_pem_file; chmod 600 $ssl_pem_file");
Hj Ahmad Rasyid Hj Ismail
committed
// Extend LE SSL certs to postfix
if ($conf['postfix']['installed'] == true && strtolower($this->simple_query('Symlink ISPConfig SSL certs to Postfix?', array('y', 'n'), 'y','ispconfig_postfix_ssl_symlink')) == 'y') {
Hj Ahmad Rasyid Hj Ismail
committed
// Define folder, file(s)
$cf = $conf['postfix'];
$postfix_dir = $cf['config_dir'];
if(!is_dir($postfix_dir)) $this->error("The Postfix configuration directory '$postfix_dir' does not exist.");
$smtpd_crt = $postfix_dir.'/smtpd.cert';
$smtpd_key = $postfix_dir.'/smtpd.key';
Hj Ahmad Rasyid Hj Ismail
committed
// Backup existing postfix ssl files
if (file_exists($smtpd_crt)) rename($smtpd_crt, $smtpd_crt . '-' .$date->format('YmdHis') . '.bak');
if (file_exists($smtpd_key)) rename($smtpd_key, $smtpd_key . '-' .$date->format('YmdHis') . '.bak');
Hj Ahmad Rasyid Hj Ismail
committed
// Create symlink to ISPConfig SSL files
symlink($ssl_crt_file, $smtpd_crt);
symlink($ssl_key_file, $smtpd_key);
}
Hj Ahmad Rasyid Hj Ismail
committed
// Extend LE SSL certs to pureftpd
if ($conf['pureftpd']['installed'] == true && strtolower($this->simple_query('Symlink ISPConfig SSL certs to Pure-FTPd? Creating dhparam file may take some time.', array('y', 'n'), 'y','ispconfig_pureftpd_ssl_symlink')) == 'y') {
Hj Ahmad Rasyid Hj Ismail
committed
// Define folder, file(s)
$pureftpd_dir = '/etc/ssl/private';
if(!is_dir($pureftpd_dir)) mkdir($pureftpd_dir, 0755, true);
$pureftpd_pem = $pureftpd_dir.'/pure-ftpd.pem';
Hj Ahmad Rasyid Hj Ismail
committed
// Backup existing pureftpd ssl files
if (file_exists($pureftpd_pem)) rename($pureftpd_pem, $pureftpd_pem . '-' .$date->format('YmdHis') . '.bak');
Hj Ahmad Rasyid Hj Ismail
committed
// Create symlink to ISPConfig SSL files
symlink($ssl_pem_file, $pureftpd_pem);
if (!file_exists("$pureftpd_dir/pure-ftpd-dhparams.pem"))
exec("cd $pureftpd_dir; openssl dhparam -out dhparam2048.pem 2048; ln -sf dhparam2048.pem pure-ftpd-dhparams.pem");
}
Hj Ahmad Rasyid Hj Ismail
committed
}
exec("chown -R root:root $ssl_dir");
3206
3207
3208
3209
3210
3211
3212
3213
3214
3215
3216
3217
3218
3219
3220
3221
3222
3223
3224
3225
3226
3227
3228
3229
3230
3231
3232
}
public function install_ispconfig() {
global $conf;
$install_dir = $conf['ispconfig_install_dir'];
//* Create the ISPConfig installation directory
if(!@is_dir($install_dir)) {
$command = "mkdir $install_dir";
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
}
//* Create a ISPConfig user and group
$command = 'groupadd ispconfig';
if(!is_group('ispconfig')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
$command = 'useradd -g ispconfig -d '.$install_dir.' ispconfig';
if(!is_user('ispconfig')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
//* copy the ISPConfig interface part
$command = 'cp -rf ../interface '.$install_dir;
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
//* copy the ISPConfig server part
$command = 'cp -rf ../server '.$install_dir;
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
//* Make a backup of the security settings
if(is_file('/usr/local/ispconfig/security/security_settings.ini')) copy('/usr/local/ispconfig/security/security_settings.ini','/usr/local/ispconfig/security/security_settings.ini~');
//* copy the ISPConfig security part
$command = 'cp -rf ../security '.$install_dir;
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
$configfile = 'security_settings.ini';
if(is_file($install_dir.'/security/'.$configfile)) {
copy($install_dir.'/security/'.$configfile, $install_dir.'/security/'.$configfile.'~');
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
wf($install_dir.'/security/'.$configfile, $content);
//* Create a symlink, so ISPConfig is accessible via web
// Replaced by a separate vhost definition for port 8080
// $command = "ln -s $install_dir/interface/web/ /var/www/ispconfig";
// caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
//* Create the config file for ISPConfig interface
$configfile = 'config.inc.php';
if(is_file($install_dir.'/interface/lib/'.$configfile)) {
copy($install_dir.'/interface/lib/'.$configfile, $install_dir.'/interface/lib/'.$configfile.'~');
}
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
Michel Käser
committed
$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
$content = str_replace('{mysql_master_server_ispconfig_user}', $conf['mysql']['master_ispconfig_user'], $content);
$content = str_replace('{mysql_master_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content);
$content = str_replace('{mysql_master_server_database}', $conf['mysql']['master_database'], $content);
$content = str_replace('{mysql_master_server_host}', $conf['mysql']['master_host'], $content);
Michel Käser
committed
$content = str_replace('{mysql_master_server_port}', $conf['mysql']['master_port'], $content);
$content = str_replace('{server_id}', $conf['server_id'], $content);
$content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
$content = str_replace('{language}', $conf['language'], $content);
$content = str_replace('{timezone}', $conf['timezone'], $content);
$content = str_replace('{theme}', $conf['theme'], $content);
$content = str_replace('{language_file_import_enabled}', ($conf['language_file_import_enabled'] == true)?'true':'false', $content);
wf($install_dir.'/interface/lib/'.$configfile, $content);
//* Create the config file for ISPConfig server
$configfile = 'config.inc.php';
if(is_file($install_dir.'/server/lib/'.$configfile)) {
copy($install_dir.'/server/lib/'.$configfile, $install_dir.'/interface/lib/'.$configfile.'~');
}
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
Michel Käser
committed
$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
$content = str_replace('{mysql_master_server_ispconfig_user}', $conf['mysql']['master_ispconfig_user'], $content);
$content = str_replace('{mysql_master_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content);
$content = str_replace('{mysql_master_server_database}', $conf['mysql']['master_database'], $content);
$content = str_replace('{mysql_master_server_host}', $conf['mysql']['master_host'], $content);
Michel Käser
committed
$content = str_replace('{mysql_master_server_port}', $conf['mysql']['master_port'], $content);
$content = str_replace('{server_id}', $conf['server_id'], $content);
$content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
$content = str_replace('{language}', $conf['language'], $content);
$content = str_replace('{timezone}', $conf['timezone'], $content);
$content = str_replace('{theme}', $conf['theme'], $content);
$content = str_replace('{language_file_import_enabled}', ($conf['language_file_import_enabled'] == true)?'true':'false', $content);
wf($install_dir.'/server/lib/'.$configfile, $content);
//* Create the config file for remote-actions (but only, if it does not exist, because
// the value is a autoinc-value and so changed by the remoteaction_core_module
if (!file_exists($install_dir.'/server/lib/remote_action.inc.php')) {
$content = '<?php' . "\n" . '$maxid_remote_action = 0;' . "\n" . '?>';
wf($install_dir.'/server/lib/remote_action.inc.php', $content);
}
//* Enable the server modules and plugins.
// TODO: Implement a selector which modules and plugins shall be enabled.
$dir = $install_dir.'/server/mods-available/';
if (is_dir($dir)) {
if ($dh = opendir($dir)) {
while (($file = readdir($dh)) !== false) {
if($file != '.' && $file != '..' && substr($file, -8, 8) == '.inc.php') {
include_once $install_dir.'/server/mods-available/'.$file;
$module_name = substr($file, 0, -8);
3323
3324
3325
3326
3327
3328
3329
3330
3331
3332
3333
3334
3335
3336
3337
3338
3339
3340
3341
3342
3343
3344
3345
3346
$tmp = new $module_name;
if($tmp->onInstall()) {
if(!@is_link($install_dir.'/server/mods-enabled/'.$file)) {
@symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-enabled/'.$file);
// @symlink($install_dir.'/server/mods-available/'.$file, '../mods-enabled/'.$file);
}
if (strpos($file, '_core_module') !== false) {
if(!@is_link($install_dir.'/server/mods-core/'.$file)) {
@symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-core/'.$file);
// @symlink($install_dir.'/server/mods-available/'.$file, '../mods-core/'.$file);
}
}
}
unset($tmp);
}
}
closedir($dh);
}
}
$dir = $install_dir.'/server/plugins-available/';
if (is_dir($dir)) {
if ($dh = opendir($dir)) {
while (($file = readdir($dh)) !== false) {
if($conf['apache']['installed'] == true && $file == 'nginx_plugin.inc.php') continue;
if($conf['nginx']['installed'] == true && $file == 'apache2_plugin.inc.php') continue;
if($file != '.' && $file != '..' && substr($file, -8, 8) == '.inc.php') {
include_once $install_dir.'/server/plugins-available/'.$file;
$plugin_name = substr($file, 0, -8);
if(method_exists($tmp, 'onInstall') && $tmp->onInstall()) {
3354
3355
3356
3357
3358
3359
3360
3361
3362
3363
3364
3365
3366
3367
3368
3369
3370
3371
3372
3373
3374
3375
3376
3377
if(!@is_link($install_dir.'/server/plugins-enabled/'.$file)) {
@symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-enabled/'.$file);
//@symlink($install_dir.'/server/plugins-available/'.$file, '../plugins-enabled/'.$file);
}
if (strpos($file, '_core_plugin') !== false) {
if(!@is_link($install_dir.'/server/plugins-core/'.$file)) {
@symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-core/'.$file);
//@symlink($install_dir.'/server/plugins-available/'.$file, '../plugins-core/'.$file);
}
}
}
unset($tmp);
}
}
closedir($dh);
}
}
// Update the server config
$mail_server_enabled = ($conf['services']['mail'])?1:0;
$web_server_enabled = ($conf['services']['web'])?1:0;
$dns_server_enabled = ($conf['services']['dns'])?1:0;
$file_server_enabled = ($conf['services']['file'])?1:0;
$db_server_enabled = ($conf['services']['db'])?1:0;
$vserver_server_enabled = ($conf['openvz']['installed'])?1:0;
$proxy_server_enabled = ($conf['services']['proxy'])?1:0;
$firewall_server_enabled = ($conf['services']['firewall'])?1:0;
$xmpp_server_enabled = ($conf['services']['xmpp'])?1:0;
A. Täffner
committed
$sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled', proxy_server = '$proxy_server_enabled', firewall_server = '$firewall_server_enabled', xmpp_server = '$xmpp_server_enabled' WHERE server_id = ?";
A. Täffner
committed
$this->db->query($sql, $conf['server_id']);
if($conf['mysql']['master_slave_setup'] == 'y') {
A. Täffner
committed
$this->dbmaster->query($sql, $conf['server_id']);
// chown install dir to root and chmod 755
$command = 'chown root:root '.$install_dir;
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
$command = 'chmod 755 '.$install_dir;
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
//* Chmod the files and directories in the install dir
$command = 'chmod -R 750 '.$install_dir.'/*';
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
//* chown the interface files to the ispconfig user and group
$command = 'chown -R ispconfig:ispconfig '.$install_dir.'/interface';
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
//* Chmod the files and directories in the acme dir
$command = 'chmod -R 755 '.$install_dir.'/interface/acme';
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
//* chown the server files to the root user and group
$command = 'chown -R root:root '.$install_dir.'/server';
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
//* chown the security files to the root user and group
$command = 'chown -R root:root '.$install_dir.'/security';
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
//* chown the security directory and security_settings.ini to root:ispconfig
$command = 'chown root:ispconfig '.$install_dir.'/security/security_settings.ini';
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
$command = 'chown root:ispconfig '.$install_dir.'/security';
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
$command = 'chown root:ispconfig '.$install_dir.'/security/ids.whitelist';
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
$command = 'chown root:ispconfig '.$install_dir.'/security/ids.htmlfield';
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
$command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
Till Brehm
committed
$command = 'chown root:ispconfig '.$install_dir.'/security/nginx_directives.blacklist';
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
//* Make the global language file directory group writable
exec("chmod -R 770 $install_dir/interface/lib/lang");
//* Make the temp directory for language file exports writable
if(is_dir($install_dir.'/interface/web/temp')) exec("chmod -R 770 $install_dir/interface/web/temp");
//* Make all interface language file directories group writable
$handle = @opendir($install_dir.'/interface/web');
while ($file = @readdir($handle)) {
if ($file != '.' && $file != '..') {
if(@is_dir($install_dir.'/interface/web'.'/'.$file.'/lib/lang')) {
$handle2 = opendir($install_dir.'/interface/web'.'/'.$file.'/lib/lang');
chmod($install_dir.'/interface/web'.'/'.$file.'/lib/lang', 0770);
while ($lang_file = @readdir($handle2)) {
if ($lang_file != '.' && $lang_file != '..') {
chmod($install_dir.'/interface/web'.'/'.$file.'/lib/lang/'.$lang_file, 0770);
//* Make the APS directories group writable
exec("chmod -R 770 $install_dir/interface/web/sites/aps_meta_packages");
exec("chmod -R 770 $install_dir/server/aps_packages");
//* make sure that the server config file (not the interface one) is only readable by the root user
chmod($install_dir.'/server/lib/config.inc.php', 0600);
chown($install_dir.'/server/lib/config.inc.php', 'root');
chgrp($install_dir.'/server/lib/config.inc.php', 'root');
//* Make sure thet the interface config file is readable by user ispconfig only
chmod($install_dir.'/interface/lib/config.inc.php', 0600);
chown($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
chgrp($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
chmod($install_dir.'/server/lib/remote_action.inc.php', 0600);
chown($install_dir.'/server/lib/remote_action.inc.php', 'root');
chgrp($install_dir.'/server/lib/remote_action.inc.php', 'root');
if(@is_file($install_dir.'/server/lib/mysql_clientdb.conf')) {
chmod($install_dir.'/server/lib/mysql_clientdb.conf', 0600);
chown($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
chgrp($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
}
if(is_dir($install_dir.'/interface/invoices')) {
exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
exec('chown -R root:root /usr/local/ispconfig/interface/ssl');
// TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing
// and must be fixed as this will allow the apache user to read the ispconfig files.
// Later this must run as own apache server or via suexec!
Falko Timme
committed
if($conf['apache']['installed'] == true){
$command = 'adduser '.$conf['apache']['user'].' ispconfig';
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
if(is_group('ispapps')){
$command = 'adduser '.$conf['apache']['user'].' ispapps';
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
}
Falko Timme
committed
}
if($conf['nginx']['installed'] == true){
$command = 'adduser '.$conf['nginx']['user'].' ispconfig';
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
if(is_group('ispapps')){
$command = 'adduser '.$conf['nginx']['user'].' ispapps';
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
}
Falko Timme
committed
}
//* Make the shell scripts executable
$command = "chmod +x $install_dir/server/scripts/*.sh";
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
if ($this->install_ispconfig_interface == true && isset($conf['interface_password']) && $conf['interface_password']!='admin') {
$sql = "UPDATE sys_user SET passwort = ? WHERE username = 'admin';";
$this->db->query($sql, $this->crypt_password($conf['interface_password']));
if($conf['apache']['installed'] == true && $this->install_ispconfig_interface == true){
//* Copy the ISPConfig vhost for the controlpanel
$vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
$vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
// Dont just copy over the virtualhost template but add some custom settings
$tpl = new tpl('apache_ispconfig.vhost.master');
$tpl->setVar('vhost_port',$conf['apache']['vhost_port']);
// comment out the listen directive if port is 80 or 443
if($conf['apache']['vhost_port'] == 80 or $conf['apache']['vhost_port'] == 443) {
$tpl->setVar('vhost_port_listen','#');
$tpl->setVar('vhost_port_listen','');
if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key') && is_file($install_dir.'/interface/ssl/ispserver.bundle')) {
$tpl->setVar('ssl_bundle_comment','');
$tpl->setVar('ssl_bundle_comment','#');
$tpl->setVar('apache_version',getapacheversion());
wf($vhost_conf_dir.'/ispconfig.vhost', $tpl->grab());
if(@is_link($vhost_conf_enabled_dir.'/ispconfig.vhost')) unlink($vhost_conf_enabled_dir.'/ispconfig.vhost');
if(!@is_link($vhost_conf_enabled_dir.'/000-ispconfig.vhost')) {
symlink($vhost_conf_dir.'/ispconfig.vhost', $vhost_conf_enabled_dir.'/000-ispconfig.vhost');
//if(!is_file('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter')) {
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/apache_ispconfig_fcgi_starter.master', 'tpl/apache_ispconfig_fcgi_starter.master');
$content = str_replace('{fastcgi_bin}', $conf['fastcgi']['fastcgi_bin'], $content);
$content = str_replace('{fastcgi_phpini_path}', $conf['fastcgi']['fastcgi_phpini_path'], $content);
@mkdir('/var/www/php-fcgi-scripts/ispconfig', 0755, true);
$this->set_immutable('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter', false);
wf('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter', $content);
exec('chmod +x /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');
@symlink($install_dir.'/interface/web', '/var/www/ispconfig');
exec('chown -R ispconfig:ispconfig /var/www/php-fcgi-scripts/ispconfig');
$this->set_immutable('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter', true);
if($conf['nginx']['installed'] == true && $this->install_ispconfig_interface == true){
//* Copy the ISPConfig vhost for the controlpanel
$vhost_conf_dir = $conf['nginx']['vhost_conf_dir'];
$vhost_conf_enabled_dir = $conf['nginx']['vhost_conf_enabled_dir'];
// Dont just copy over the virtualhost template but add some custom settings
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/nginx_ispconfig.vhost.master', 'tpl/nginx_ispconfig.vhost.master');
$content = str_replace('{vhost_port}', $conf['nginx']['vhost_port'], $content);
if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
$content = str_replace('{ssl_on}', 'ssl http2', $content);
$content = str_replace('{ssl_comment}', '', $content);
$content = str_replace('{fastcgi_ssl}', 'on', $content);
} else {
$content = str_replace('{ssl_on}', '', $content);
$content = str_replace('{ssl_comment}', '#', $content);
$content = str_replace('{fastcgi_ssl}', 'off', $content);
}
Falko Timme
committed
$socket_dir = escapeshellcmd($conf['nginx']['php_fpm_socket_dir']);
if(substr($socket_dir, -1) != '/') $socket_dir .= '/';
Falko Timme
committed
if(!is_dir($socket_dir)) exec('mkdir -p '.$socket_dir);
$fpm_socket = $socket_dir.'ispconfig.sock';
Falko Timme
committed
//$content = str_replace('{fpm_port}', $conf['nginx']['php_fpm_start_port'], $content);
$content = str_replace('{fpm_socket}', $fpm_socket, $content);
wf($vhost_conf_dir.'/ispconfig.vhost', $content);
// PHP-FPM
// Dont just copy over the php-fpm pool template but add some custom settings
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/php_fpm_pool.conf.master', 'tpl/php_fpm_pool.conf.master');
$content = str_replace('{fpm_pool}', 'ispconfig', $content);
Falko Timme
committed
//$content = str_replace('{fpm_port}', $conf['nginx']['php_fpm_start_port'], $content);
$content = str_replace('{fpm_socket}', $fpm_socket, $content);
$content = str_replace('{fpm_user}', 'ispconfig', $content);
$content = str_replace('{fpm_group}', 'ispconfig', $content);
wf($conf['nginx']['php_fpm_pool_dir'].'/ispconfig.conf', $content);
//copy('tpl/nginx_ispconfig.vhost.master', $vhost_conf_dir.'/ispconfig.vhost');
//* and create the symlink
if(@is_link($vhost_conf_enabled_dir.'/ispconfig.vhost')) unlink($vhost_conf_enabled_dir.'/ispconfig.vhost');
if(!@is_link($vhost_conf_enabled_dir.'/000-ispconfig.vhost')) {
symlink($vhost_conf_dir.'/ispconfig.vhost', $vhost_conf_enabled_dir.'/000-ispconfig.vhost');
Marius Cramer
committed
if(is_file('/usr/local/bin/ispconfig_update_from_dev.sh')) unlink('/usr/local/bin/ispconfig_update_from_dev.sh');
chown($install_dir.'/server/scripts/update_from_dev.sh', 'root');
chmod($install_dir.'/server/scripts/update_from_dev.sh', 0700);
// chown($install_dir.'/server/scripts/update_from_tgz.sh', 'root');
// chmod($install_dir.'/server/scripts/update_from_tgz.sh', 0700);
chown($install_dir.'/server/scripts/ispconfig_update.sh', 'root');
chmod($install_dir.'/server/scripts/ispconfig_update.sh', 0700);
Marius Cramer
committed
if(!is_link('/usr/local/bin/ispconfig_update_from_dev.sh')) symlink($install_dir.'/server/scripts/ispconfig_update.sh', '/usr/local/bin/ispconfig_update_from_dev.sh');
if(!is_link('/usr/local/bin/ispconfig_update.sh')) symlink($install_dir.'/server/scripts/ispconfig_update.sh', '/usr/local/bin/ispconfig_update.sh');
Hj Ahmad Rasyid Hj Ismail
committed
// Make executable then unlink and symlink letsencrypt pre, post and renew hook scripts
chown($install_dir.'/server/scripts/letsencrypt_pre_hook.sh', 'root');
chown($install_dir.'/server/scripts/letsencrypt_post_hook.sh', 'root');
chown($install_dir.'/server/scripts/letsencrypt_renew_hook.sh', 'root');
chmod($install_dir.'/server/scripts/letsencrypt_pre_hook.sh', 0700);
chmod($install_dir.'/server/scripts/letsencrypt_post_hook.sh', 0700);
chmod($install_dir.'/server/scripts/letsencrypt_renew_hook.sh', 0700);
if(is_link('/usr/local/bin/letsencrypt_pre_hook.sh')) unlink('/usr/local/bin/letsencrypt_pre_hook.sh');
if(is_link('/usr/local/bin/letsencrypt_post_hook.sh')) unlink('/usr/local/bin/letsencrypt_post_hook.sh');
if(is_link('/usr/local/bin/letsencrypt_renew_hook.sh')) unlink('/usr/local/bin/letsencrypt_renew_hook.sh');
symlink($install_dir.'/server/scripts/letsencrypt_pre_hook.sh', '/usr/local/bin/letsencrypt_pre_hook.sh');
symlink($install_dir.'/server/scripts/letsencrypt_post_hook.sh', '/usr/local/bin/letsencrypt_post_hook.sh');
symlink($install_dir.'/server/scripts/letsencrypt_renew_hook.sh', '/usr/local/bin/letsencrypt_renew_hook.sh');
//* Make the logs readable for the ispconfig user
if(@is_file('/var/log/mail.log')) exec('chmod +r /var/log/mail.log');
if(@is_file('/var/log/mail.warn')) exec('chmod +r /var/log/mail.warn');
if(@is_file('/var/log/mail.err')) exec('chmod +r /var/log/mail.err');
if(@is_file('/var/log/messages')) exec('chmod +r /var/log/messages');
if(@is_file('/var/log/clamav/clamav.log')) exec('chmod +r /var/log/clamav/clamav.log');
if(@is_file('/var/log/clamav/freshclam.log')) exec('chmod +r /var/log/clamav/freshclam.log');
//* Create the ispconfig log file and directory
if(!is_file($conf['ispconfig_log_dir'].'/ispconfig.log')) {
if(!is_dir($conf['ispconfig_log_dir'])) mkdir($conf['ispconfig_log_dir'], 0755);
touch($conf['ispconfig_log_dir'].'/ispconfig.log');
}
chmod($conf['ispconfig_log_dir'].'/ispconfig.log', 0600);
//* Create the ispconfig auth log file and set uid/gid
if(!is_file($conf['ispconfig_log_dir'].'/auth.log')) {
touch($conf['ispconfig_log_dir'].'/auth.log');
exec('chown ispconfig:ispconfig '. $conf['ispconfig_log_dir'].'/auth.log');
exec('chmod 660 '. $conf['ispconfig_log_dir'].'/auth.log');
tbrehm
committed
if(is_user('getmail')) {
rename($install_dir.'/server/scripts/run-getmail.sh', '/usr/local/bin/run-getmail.sh');
tbrehm
committed
if(is_user('getmail')) chown('/usr/local/bin/run-getmail.sh', 'getmail');
chmod('/usr/local/bin/run-getmail.sh', 0744);
}
3668
3669
3670
3671
3672
3673
3674
3675
3676
3677
3678
3679
3680
3681
3682
3683
3684
3685
3686
3687
3688
3689
3690
3691
//* Add Log-Rotation
if (is_dir('/etc/logrotate.d')) {
@unlink('/etc/logrotate.d/logispc3'); // ignore, if the file is not there
/* We rotate these logs in cron_daily.php
$fh = fopen('/etc/logrotate.d/logispc3', 'w');
fwrite($fh,
"$conf['ispconfig_log_dir']/ispconfig.log { \n" .
" weekly \n" .
" missingok \n" .
" rotate 4 \n" .
" compress \n" .
" delaycompress \n" .
"} \n" .
"$conf['ispconfig_log_dir']/cron.log { \n" .
" weekly \n" .
" missingok \n" .
" rotate 4 \n" .
" compress \n" .
" delaycompress \n" .
"}");
fclose($fh);
*/
}
//* Remove Domain module as its functions are available in the client module now
if(@is_dir('/usr/local/ispconfig/interface/web/domain')) exec('rm -rf /usr/local/ispconfig/interface/web/domain');
//* Disable rkhunter run and update in debian cronjob as ispconfig is running and updating rkhunter
if(is_file('/etc/default/rkhunter')) {
replaceLine('/etc/default/rkhunter', 'CRON_DAILY_RUN="yes"', 'CRON_DAILY_RUN="no"', 1, 0);
replaceLine('/etc/default/rkhunter', 'CRON_DB_UPDATE="yes"', 'CRON_DB_UPDATE="no"', 1, 0);
}
// Add symlink for patch tool
if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch');
// Change mode of a few files from amavisd
if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640);
if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);
if(is_file($conf['amavis']['config_dir'].'/amavisd.conf')) chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
if(is_file($conf['amavis']['config_dir'].'/amavisd.conf~')) chmod($conf['amavis']['config_dir'].'/amavisd.conf~', 0400);
}
public function configure_dbserver() {
global $conf;
//* If this server shall act as database server for client DB's, we configure this here
$install_dir = $conf['ispconfig_install_dir'];
// Create a file with the database login details which
// are used to create the client databases.
if(!is_dir($install_dir.'/server/lib')) {
$command = "mkdir $install_dir/server/lib";
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
}
$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/mysql_clientdb.conf.master', 'tpl/mysql_clientdb.conf.master');
$content = str_replace('{hostname}', $conf['mysql']['host'], $content);
$content = str_replace('{username}', $conf['mysql']['admin_user'], $content);
$content = str_replace('{password}', addslashes($conf['mysql']['admin_password']), $content);
wf($install_dir.'/server/lib/mysql_clientdb.conf', $content);
chmod($install_dir.'/server/lib/mysql_clientdb.conf', 0600);
chown($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
chgrp($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
}
public function install_crontab() {
global $conf;
$install_dir = $conf['ispconfig_install_dir'];
//* Root Crontab
exec('crontab -u root -l > crontab.txt');
$existing_root_cron_jobs = file('crontab.txt');
// remove existing ispconfig cronjobs, in case the syntax has changed
foreach($existing_root_cron_jobs as $key => $val) {
if(stristr($val, $install_dir)) unset($existing_root_cron_jobs[$key]);
Marius Cramer
committed
"* * * * * ".$install_dir."/server/server.sh 2>&1 | while read line; do echo `/bin/date` \"\$line\" >> ".$conf['ispconfig_log_dir']."/cron.log; done",
"* * * * * ".$install_dir."/server/cron.sh 2>&1 | while read line; do echo `/bin/date` \"\$line\" >> ".$conf['ispconfig_log_dir']."/cron.log; done"
if ($conf['nginx']['installed'] == true) {
$root_cron_jobs[] = "0 0 * * * ".$install_dir."/server/scripts/create_daily_nginx_access_logs.sh &> /dev/null";
}
foreach($root_cron_jobs as $cron_job) {
if(!in_array($cron_job."\n", $existing_root_cron_jobs)) {
$existing_root_cron_jobs[] = $cron_job."\n";
}
}
file_put_contents('crontab.txt', $existing_root_cron_jobs);
exec('crontab -u root crontab.txt &> /dev/null');
unlink('crontab.txt');
//* Getmail crontab
if(is_user('getmail')) {
$cf = $conf['getmail'];
exec('crontab -u getmail -l > crontab.txt');
$existing_cron_jobs = file('crontab.txt');
$cron_jobs = array(
'*/5 * * * * /usr/local/bin/run-getmail.sh > /dev/null 2>> /dev/null'
);
// remove existing ispconfig cronjobs, in case the syntax has changed
foreach($existing_cron_jobs as $key => $val) {
if(stristr($val, 'getmail')) unset($existing_cron_jobs[$key]);
}
foreach($cron_jobs as $cron_job) {
if(!in_array($cron_job."\n", $existing_cron_jobs)) {
$existing_cron_jobs[] = $cron_job."\n";
}
}
file_put_contents('crontab.txt', $existing_cron_jobs);
exec('crontab -u getmail crontab.txt &> /dev/null');
unlink('crontab.txt');
}
touch($conf['ispconfig_log_dir'].'/cron.log');
chmod($conf['ispconfig_log_dir'].'/cron.log', 0660);
public function create_mount_script(){
global $app, $conf;
$mount_script = '/usr/local/ispconfig/server/scripts/backup_dir_mount.sh';
$mount_command = '';
if(is_file($mount_script)) return;
if(is_file('/etc/rc.local')){
$rc_local = file('/etc/rc.local');
if(is_array($rc_local) && !empty($rc_local)){
foreach($rc_local as $line){
$line = trim($line);
if(substr($line, 0, 1) == '#') continue;
if(strpos($line, 'sshfs') !== false && strpos($line, '/var/backup') !== false){
$mount_command = "#!/bin/sh\n\n";
$mount_command .= $line."\n\n";
file_put_contents($mount_script, $mount_command);
chmod($mount_script, 0755);
chown($mount_script, 'root');
chgrp($mount_script, 'root');
break;
}
}
}
}
}
// This function is called at the end of the update process and contains code to clean up parts of old ISPCONfig releases
public function cleanup_ispconfig() {
global $app,$conf;
// Remove directories recursively
if(is_dir('/usr/local/ispconfig/interface/web/designer')) exec('rm -rf /usr/local/ispconfig/interface/web/designer');
Till Brehm
committed
if(is_dir('/usr/local/ispconfig/interface/web/themes/default-304')) exec('rm -rf /usr/local/ispconfig/interface/web/themes/default-304');
// Remove files
if(is_file('/usr/local/ispconfig/interface/lib/classes/db_firebird.inc.php')) unlink('/usr/local/ispconfig/interface/lib/classes/db_firebird.inc.php');
if(is_file('/usr/local/ispconfig/interface/lib/classes/form.inc.php')) unlink('/usr/local/ispconfig/interface/lib/classes/form.inc.php');
// Change mode of a few files from amavisd
if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640);
if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);
if(is_file($conf['amavis']['config_dir'].'/amavisd.conf')) chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
if(is_file($conf['amavis']['config_dir'].'/amavisd.conf~')) chmod($conf['amavis']['config_dir'].'/amavisd.conf~', 0400);
public function getinitcommand($servicename, $action, $init_script_directory = ''){
global $conf;
// upstart
if(is_executable('/sbin/initctl')){
exec('/sbin/initctl version 2>/dev/null | /bin/grep -q upstart', $retval['output'], $retval['retval']);
if(intval($retval['retval']) == 0) return 'service '.$servicename.' '.$action;
}
// systemd
if(is_executable('/bin/systemd') || is_executable('/usr/bin/systemctl')){
return 'systemctl '.$action.' '.$servicename.'.service';
}
// sysvinit
if($init_script_directory == '') $init_script_directory = $conf['init_scripts'];
if(substr($init_script_directory, -1) === '/') $init_script_directory = substr($init_script_directory, 0, -1);
return $init_script_directory.'/'.$servicename.' '.$action;
}
/**
* Helper function - get the path to a template file based on
* the local part of the filename. Checks first for the existence
* of a distribution specific file and if not found looks in the
* base template folder. Optionally the behaviour can be changed
* by setting the 2nd parameter which will fetch the contents
* of the template file and return it instead of the path. The 3rd
* parameter further extends this behaviour by filtering the contents
* by inserting the ispconfig database credentials using the {} placeholders.
*
* @param string $tLocal local part of filename
* @param bool $tRf
* @param bool $tDBCred
* @return string Relative path to the chosen template file
*/
protected function get_template_file($tLocal, $tRf=false, $tDBCred=false) {
global $conf, $dist;
$final_path = '';
$dist_template = $conf['ispconfig_install_dir'] . '/server/conf-custom/install/' . $tLocal . '.master';
if (file_exists($dist_template)) {
$dist_template = 'dist/tpl/'.strtolower($dist['name'])."/$tLocal.master";
if (file_exists($dist_template)) {
$final_path = $dist_template;
} else {
$final_path = "tpl/$tLocal.master";
}
}
3892
3893
3894
3895
3896
3897
3898
3899
3900
3901
3902
3903
3904
3905
3906
3907
3908
3909
3910
3911
3912
3913
if (!$tRf) {
return $final_path;
} else {
return (!$tDBCred) ? rf($final_path) : $this->insert_db_credentials(rf($final_path));
}
}
/**
* Helper function - writes the contents to a config file
* and performs a backup if the file exist. Additionally
* if the file exists the new file will be given the
* same rights and ownership as the original. Optionally the
* rights and/or ownership can be overriden by appending umask,
* user and group to the parameters. Providing only uid and gid
* values will result in only a chown.
*
* @param $tConf
* @param $tContents
* @return bool
*/
protected function write_config_file($tConf, $tContents) {
$args = func_get_args();
// Backup config file before writing new contents and stat file
if ( is_file($tConf) ) {
$stat = exec('stat -c \'%a %U %G\' '.escapeshellarg($tConf), $output, $res);
if ($res == 0) { // stat successfull
list($access, $user, $group) = explode(" ", $stat);
}
if ( copy($tConf, $tConf.'~') ) {
chmod($tConf.'~', 0400);
}
}
wf($tConf, $tContents); // write file
if (func_num_args() >= 4) // override rights and/or ownership
$output = array_slice($args, 2);
switch (sizeof($output)) {
case 3:
$umask = array_shift($output);
if (is_numeric($umask) && preg_match('/^0?[0-7]{3}$/', $umask)) {
$access = $umask;
}
case 2:
if (is_user($output[0]) && is_group($output[1])) {
list($user, $group) = $output;
}
break;
3946
3947
3948
3949
3950
3951
3952
3953
3954
3955
3956
3957
3958
3959
3960
3961
3962
3963
3964
3965
3966
3967
3968
3969
3970
3971
3972
3973
}
}
if (!empty($user) && !empty($group)) {
chown($tConf, $user);
chgrp($tConf, $group);
}
if (!empty($access)) {
exec("chmod $access $tConf");
}
}
/**
* Helper function - filter the contents of a config
* file by inserting the common ispconfig database
* credentials.
*
* @param $tContents
* @return string
*/
protected function insert_db_credentials($tContents) {
global $conf;
$tContents = str_replace('{mysql_server_ispconfig_user}', $conf["mysql"]["ispconfig_user"], $tContents);
$tContents = str_replace('{mysql_server_ispconfig_password}', $conf["mysql"]["ispconfig_password"], $tContents);
$tContents = str_replace('{mysql_server_database}', $conf["mysql"]["database"], $tContents);
$tContents = str_replace('{mysql_server_ip}', $conf["mysql"]["ip"], $tContents);
$tContents = str_replace('{mysql_server_host}', $conf['mysql']['host'], $tContents);
Michel Käser
committed
$tContents = str_replace('{mysql_server_port}', $conf['mysql']['port'], $tContents);
$tContents = str_replace('{mysql_server_port}', $conf["mysql"]["port"], $tContents);