fedora.lib.php 64.6 KB
Newer Older
tbrehm's avatar
tbrehm committed
1
2
3
<?php

/*
redray's avatar
redray committed
4
Copyright (c) 2007, Till Brehm, projektfarm Gmbh
tbrehm's avatar
tbrehm committed
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
All rights reserved.

Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:

    * Redistributions of source code must retain the above copyright notice,
      this list of conditions and the following disclaimer.
    * Redistributions in binary form must reproduce the above copyright notice,
      this list of conditions and the following disclaimer in the documentation
      and/or other materials provided with the distribution.
    * Neither the name of ISPConfig nor the names of its contributors
      may be used to endorse or promote products derived from this software without
      specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/

tbrehm's avatar
tbrehm committed
31
class installer_dist extends installer_base {
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
	protected $mailman_group = 'mailman';
	
	public function __construct() {
		//** check apache modules */
		$mods = getapachemodules();
		if(in_array('authz_compat', $mods, true)) {
			swriteln($inst->lng('    WARNING! You are using mod_authz_compat.'));
			swriteln($inst->lng('    Please make sure that your apache config uses the new auth syntax:'));
			swriteln($inst->lng('    <Directory />'));
			swriteln($inst->lng('    Options None'));
			swriteln($inst->lng('    AllowOverride None'));
			swriteln($inst->lng('    Require all denied'));
			swriteln($inst->lng('    </Directory>'."\n"));
			
			swriteln($inst->lng('    If it uses the old syntax (deny from all) ISPConfig would fail to work.'));
47
		}
48
	}
49

tbrehm's avatar
tbrehm committed
50
	function configure_postfix($options = '')
51
	{
52
		global $conf,$autoinstall;
tbrehm's avatar
tbrehm committed
53
54
		$cf = $conf['postfix'];
		$config_dir = $cf['config_dir'];
55

tbrehm's avatar
tbrehm committed
56
		if(!is_dir($config_dir)){
57
58
59
			$this->error("The postfix configuration directory '$config_dir' does not exist.");
		}

tbrehm's avatar
tbrehm committed
60
		//* mysql-virtual_domains.cf
61
		$this->process_postfix_config('mysql-virtual_domains.cf');
tbrehm's avatar
tbrehm committed
62
63

		//* mysql-virtual_forwardings.cf
64
		$this->process_postfix_config('mysql-virtual_forwardings.cf');
tbrehm's avatar
tbrehm committed
65
66

		//* mysql-virtual_mailboxes.cf
67
		$this->process_postfix_config('mysql-virtual_mailboxes.cf');
tbrehm's avatar
tbrehm committed
68
69

		//* mysql-virtual_email2email.cf
70
		$this->process_postfix_config('mysql-virtual_email2email.cf');
tbrehm's avatar
tbrehm committed
71
72

		//* mysql-virtual_transports.cf
73
		$this->process_postfix_config('mysql-virtual_transports.cf');
tbrehm's avatar
tbrehm committed
74
75

		//* mysql-virtual_recipient.cf
76
		$this->process_postfix_config('mysql-virtual_recipient.cf');
tbrehm's avatar
tbrehm committed
77
78

		//* mysql-virtual_sender.cf
79
		$this->process_postfix_config('mysql-virtual_sender.cf');
tbrehm's avatar
tbrehm committed
80

81
82
83
		//* mysql-virtual_sender_login_maps.cf
		$this->process_postfix_config('mysql-virtual_sender_login_maps.cf');
		
tbrehm's avatar
tbrehm committed
84
		//* mysql-virtual_client.cf
85
86
		$this->process_postfix_config('mysql-virtual_client.cf');

tbrehm's avatar
tbrehm committed
87
		//* mysql-virtual_relaydomains.cf
88
89
		$this->process_postfix_config('mysql-virtual_relaydomains.cf');

90
		//* mysql-virtual_relayrecipientmaps.cf
91
		$this->process_postfix_config('mysql-virtual_relayrecipientmaps.cf');
92
93
94
		
		//* mysql-virtual_outgoing_bcc.cf
		$this->process_postfix_config('mysql-virtual_outgoing_bcc.cf');
tbrehm's avatar
tbrehm committed
95

Dominik's avatar
Dominik committed
96
97
98
		//* mysql-virtual_policy_greylist.cf
		$this->process_postfix_config('mysql-virtual_policy_greylist.cf');

99
		//* mysql-virtual_gids.cf.master
Florian Schaal's avatar
Florian Schaal committed
100
		$this->process_postfix_config('mysql-virtual_gids.cf');
101
102

		//* mysql-virtual_uids.cf
Florian Schaal's avatar
Florian Schaal committed
103
		$this->process_postfix_config('mysql-virtual_uids.cf');
104

105
106
107
108
109
110
		//* postfix-dkim
		$full_file_name=$config_dir.'/tag_as_originating.re';
		if(is_file($full_file_name)) {
			copy($full_file_name, $config_dir.$configfile.'~');
		}
		wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10026');
111

112
113
114
115
116
		$full_file_name=$config_dir.'/tag_as_foreign.re';
		if(is_file($full_file_name)) {
			copy($full_file_name, $config_dir.$configfile.'~');
		}
		wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10024');
117

tbrehm's avatar
tbrehm committed
118
119
		//* Changing mode and group of the new created config files.
		caselog('chmod o= '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
120
121
122
123
			__FILE__, __LINE__, 'chmod on mysql-virtual_*.cf*', 'chmod on mysql-virtual_*.cf* failed');
		caselog('chgrp '.$cf['group'].' '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
			__FILE__, __LINE__, 'chgrp on mysql-virtual_*.cf*', 'chgrp on mysql-virtual_*.cf* failed');

tbrehm's avatar
tbrehm committed
124
125
		//* Creating virtual mail user and group
		$command = 'groupadd -g '.$cf['vmail_groupid'].' '.$cf['vmail_groupname'];
126
		if(!is_group($cf['vmail_groupname'])) caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
tbrehm's avatar
tbrehm committed
127
128

		$command = 'useradd -g '.$cf['vmail_groupname'].' -u '.$cf['vmail_userid'].' '.$cf['vmail_username'].' -d '.$cf['vmail_mailbox_base'].' -m';
129
130
131
		if(!is_user($cf['vmail_username'])) caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

		//* These postconf commands will be executed on installation and update
132
		$server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ?", $conf['server_id']);
133
134
135
136
137
138
		$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
		unset($server_ini_rec);

		//* If there are RBL's defined, format the list and add them to smtp_recipient_restrictions to prevent removeal after an update
		$rbl_list = '';
		if (@isset($server_ini_array['mail']['realtime_blackhole_list']) && $server_ini_array['mail']['realtime_blackhole_list'] != '') {
139
			$rbl_hosts = explode(",", str_replace(" ", "", $server_ini_array['mail']['realtime_blackhole_list']));
140
141
142
143
144
			foreach ($rbl_hosts as $key => $value) {
				$rbl_list .= ", reject_rbl_client ". $value;
			}
		}
		unset($rbl_hosts);
Dominik's avatar
Dominik committed
145
146
147
148
		
		//* If Postgrey is installed, configure it
		$greylisting = '';
		if($conf['postgrey']['installed'] == true) {
149
			$greylisting = ', check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf';
Dominik's avatar
Dominik committed
150
151
		}
		
152
153
154
155
156
157
		$reject_sender_login_mismatch = '';
		if(isset($server_ini_array['mail']['reject_sender_login_mismatch']) && ($server_ini_array['mail']['reject_sender_login_mismatch'] == 'y')) {
			$reject_sender_login_mismatch = ', reject_authenticated_sender_login_mismatch';
		}
		unset($server_ini_array);
		
158
159
160
161
		$postconf_placeholders = array('{config_dir}' => $config_dir,
			'{vmail_mailbox_base}' => $cf['vmail_mailbox_base'],
			'{vmail_userid}' => $cf['vmail_userid'],
			'{vmail_groupid}' => $cf['vmail_groupid'],
Dominik's avatar
Dominik committed
162
163
			'{rbl_list}' => $rbl_list,
			'{greylisting}' => $greylisting,
164
			'{reject_slm}' => $reject_sender_login_mismatch,
Dominik's avatar
Dominik committed
165
		);
166
		
167
168
169
170
		$postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_postfix.conf.master', 'tpl/fedora_postfix.conf.master');
		$postconf_tpl = strtr($postconf_tpl, $postconf_placeholders);
		$postconf_commands = array_filter(explode("\n", $postconf_tpl)); // read and remove empty lines

171
172
		//* These postconf commands will be executed on installation only
		if($this->is_update == false) {
173
174
175
176
177
			$postconf_commands = array_merge($postconf_commands, array(
					'myhostname = '.$conf['hostname'],
					'mydestination = '.$conf['hostname'].', localhost, localhost.localdomain',
					'mynetworks = 127.0.0.0/8 [::1]/128'
				));
178
		}
179

tbrehm's avatar
tbrehm committed
180
181
182
183
184
		//* Create the header and body check files
		touch($config_dir.'/header_checks');
		touch($config_dir.'/mime_header_checks');
		touch($config_dir.'/nested_header_checks');
		touch($config_dir.'/body_checks');
185

186
187
188
189
		//* Create the mailman files
		if(!is_dir('/var/lib/mailman/data')) exec('mkdir -p /var/lib/mailman/data');
		//if(!is_file('/var/lib/mailman/data/aliases')) touch('/var/lib/mailman/data/aliases');
		if(is_file('/var/lib/mailman/data/aliases')) unlink('/var/lib/mailman/data/aliases');
190
		if(!is_link('/var/lib/mailman/data/aliases')) symlink('/etc/mailman/aliases', '/var/lib/mailman/data/aliases');
191
		if(!is_dir('/etc/mailman')) mkdir('/etc/mailman');
192
		if(!is_file('/etc/mailman/aliases')) touch('/etc/mailman/aliases');
193
		exec('postalias /var/lib/mailman/data/aliases');
194
195
		if(!is_file('/etc/mailman/virtual-mailman')) touch('/etc/mailman/virtual-mailman');
		exec('postmap /etc/mailman/virtual-mailman');
196
197
		if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');
		exec('/usr/sbin/postmap /var/lib/mailman/data/transport-mailman');
198

199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
		//* Create auxillary postfix conf files
		$configfile = 'helo_access';
		if(is_file($config_dir.'/'.$configfile)) {
			copy($config_dir.'/'.$configfile, $config_dir.'/'.$configfile.'~');
			chmod($config_dir.'/'.$configfile.'~', 0400);
		}
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
		$content = strtr($content, $postconf_placeholders);
		# todo: look up this server's ip addrs and loop through each
		# todo: look up domains hosted on this server and loop through each
		wf($config_dir.'/'.$configfile, $content);

		$configfile = 'blacklist_helo';
		if(is_file($config_dir.'/'.$configfile)) {
			copy($config_dir.'/'.$configfile, $config_dir.'/'.$configfile.'~');
			chmod($config_dir.'/'.$configfile.'~', 0400);
		}
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
		$content = strtr($content, $postconf_placeholders);
		wf($config_dir.'/'.$configfile, $content);

tbrehm's avatar
tbrehm committed
220
221
		//* Make a backup copy of the main.cf file
		copy($config_dir.'/main.cf', $config_dir.'/main.cf~');
222

tbrehm's avatar
tbrehm committed
223
224
225
226
227
		//* Executing the postconf commands
		foreach($postconf_commands as $cmd) {
			$command = "postconf -e '$cmd'";
			caselog($command." &> /dev/null", __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
		}
228
229

		if(!stristr($options, 'dont-create-certs')) {
tbrehm's avatar
tbrehm committed
230
			//* Create the SSL certificate
Till Brehm's avatar
Till Brehm committed
231
232
			if(AUTOINSTALL){
				$command = 'cd '.$config_dir.'; '
233
					."openssl req -new -subj '/C=".escapeshellcmd($autoinstall['ssl_cert_country'])."/ST=".escapeshellcmd($autoinstall['ssl_cert_state'])."/L=".escapeshellcmd($autoinstall['ssl_cert_locality'])."/O=".escapeshellcmd($autoinstall['ssl_cert_organisation'])."/OU=".escapeshellcmd($autoinstall['ssl_cert_organisation_unit'])."/CN=".escapeshellcmd($autoinstall['ssl_cert_common_name'])."' -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509";
Till Brehm's avatar
Till Brehm committed
234
235
			} else {
				$command = 'cd '.$config_dir.'; '
236
237
					.'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';
			}
tbrehm's avatar
tbrehm committed
238
			exec($command);
239

redray's avatar
redray committed
240
			$command = 'chmod o= '.$config_dir.'/smtpd.key';
tbrehm's avatar
tbrehm committed
241
242
			caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
		}
243

tbrehm's avatar
tbrehm committed
244
245
246
		//** We have to change the permissions of the courier authdaemon directory to make it accessible for maildrop.
		$command = 'chmod 755 /var/spool/authdaemon';
		caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
247

tbrehm's avatar
tbrehm committed
248
249
		//* Changing maildrop lines in posfix master.cf
		if(is_file($config_dir.'/master.cf')){
250
251
			copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
		}
tbrehm's avatar
tbrehm committed
252
		if(is_file($config_dir.'/master.cf~')){
253
254
			exec('chmod 400 '.$config_dir.'/master.cf~');
		}
tbrehm's avatar
tbrehm committed
255
256
		$configfile = $config_dir.'/master.cf';
		$content = rf($configfile);
tbrehm's avatar
tbrehm committed
257
		// if postfix package is from fedora or centios main repo
258
259
260
261
		$content = str_replace('#  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}',
			'  flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
			$content);

tbrehm's avatar
tbrehm committed
262
		// If postfix package is from centos plus repo
263
264
265
266
267
268
269
270
271
272
273
274
275
		$content = str_replace('#  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}',
			'  flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
			$content);

		$content = str_replace('  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}',
			'  flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
			$content);


		$content = str_replace('#maildrop  unix  -       n       n       -       -       pipe',
			'maildrop  unix  -       n       n       -       -       pipe',
			$content);

tbrehm's avatar
tbrehm committed
276
		wf($configfile, $content);
277

tbrehm's avatar
tbrehm committed
278
279
280
		//* Writing the Maildrop mailfilter file
		$configfile = 'mailfilter';
		if(is_file($cf['vmail_mailbox_base'].'/.'.$configfile)){
281
282
			copy($cf['vmail_mailbox_base'].'/.'.$configfile, $cf['vmail_mailbox_base'].'/.'.$configfile.'~');
		}
283
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
tbrehm's avatar
tbrehm committed
284
285
		$content = str_replace('{dist_postfix_vmail_mailbox_base}', $cf['vmail_mailbox_base'], $content);
		wf($cf['vmail_mailbox_base'].'/.'.$configfile, $content);
286

tbrehm's avatar
tbrehm committed
287
288
289
		//* Create the directory for the custom mailfilters
		$command = 'mkdir '.$cf['vmail_mailbox_base'].'/mailfilters';
		caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
290

tbrehm's avatar
tbrehm committed
291
292
293
		//* Chmod and chown the .mailfilter file
		$command = 'chown -R '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base'].'/.mailfilter';
		caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
294

tbrehm's avatar
tbrehm committed
295
296
		$command = 'chmod -R 600 '.$cf['vmail_mailbox_base'].'/.mailfilter';
		caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
297

tbrehm's avatar
tbrehm committed
298
	}
299

tbrehm's avatar
tbrehm committed
300
301
	public function configure_saslauthd() {
		global $conf;
302

tbrehm's avatar
tbrehm committed
303
		$configfile = 'tpl/fedora_saslauthd_smtpd_conf.master';
304
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_saslauthd_smtpd_conf.master', $configfile);
305
306
307
308
		wf('/usr/lib/sasl2/smtpd.conf', $content);
		if(is_dir('/usr/lib64')) wf('/usr/lib64/sasl/smtpd.conf', $content);
		if(is_dir('/usr/lib64')) wf('/usr/lib64/sasl2/smtpd.conf', $content);

tbrehm's avatar
tbrehm committed
309
	}
310

tbrehm's avatar
tbrehm committed
311
	public function configure_pam()
312
	{
tbrehm's avatar
tbrehm committed
313
314
315
316
317
318
319
		global $conf;
		$pam = $conf['pam'];
		//* configure pam for SMTP authentication agains the ispconfig database
		$configfile = 'pamd_smtp';
		if(is_file("$pam/smtp"))    copy("$pam/smtp", "$pam/smtp~");
		if(is_file("$pam/smtp~"))   exec("chmod 400 $pam/smtp~");

320
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
tbrehm's avatar
tbrehm committed
321
322
323
324
325
		$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
		$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
		$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
		$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
		wf("$pam/smtp", $content);
326
327
		// On some OSes smtp is world readable which allows for reading database information.  Removing world readable rights should have no effect.
		if(is_file("$pam/smtp"))    exec("chmod o= $pam/smtp");
tbrehm's avatar
tbrehm committed
328
	}
329

tbrehm's avatar
tbrehm committed
330
	public function configure_courier()
331
	{
tbrehm's avatar
tbrehm committed
332
333
334
335
336
		global $conf;
		$config_dir = $conf['courier']['config_dir'];
		//* authmysqlrc
		$configfile = 'authmysqlrc';
		if(is_file("$config_dir/$configfile")){
337
338
			copy("$config_dir/$configfile", "$config_dir/$configfile~");
		}
tbrehm's avatar
tbrehm committed
339
		exec("chmod 400 $config_dir/$configfile~");
340
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
341
342
343
344
		$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
		$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
		$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
		$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
345
		$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
tbrehm's avatar
tbrehm committed
346
		wf("$config_dir/$configfile", $content);
347

tbrehm's avatar
tbrehm committed
348
349
		exec("chmod 660 $config_dir/$configfile");
		exec("chown root:root $config_dir/$configfile");
350

tbrehm's avatar
tbrehm committed
351
352
353
		//* authdaemonrc
		$configfile = $conf['courier']['config_dir'].'/authdaemonrc';
		if(is_file($configfile)){
354
355
			copy($configfile, $configfile.'~');
		}
tbrehm's avatar
tbrehm committed
356
		if(is_file($configfile.'~')){
357
358
			exec('chmod 400 '.$configfile.'~');
		}
tbrehm's avatar
tbrehm committed
359
360
361
362
		$content = rf($configfile);
		$content = str_replace('authmodulelist=', 'authmodulelist="authmysql"', $content);
		wf($configfile, $content);
	}
363

tbrehm's avatar
tbrehm committed
364
	public function configure_dovecot()
365
	{
tbrehm's avatar
tbrehm committed
366
		global $conf;
367

Dominik Müller's avatar
Dominik Müller committed
368
		$virtual_transport = 'dovecot';
369
370

		$configure_lmtp = false;
Dominik Müller's avatar
Dominik Müller committed
371
372
373
		
		// check if virtual_transport must be changed
		if ($this->is_update) {
374
			$tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
Dominik Müller's avatar
Dominik Müller committed
375
376
377
378
379
			$ini_array = ini_to_array(stripslashes($tmp['config']));
			// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
			
			if(isset($ini_array['mail']['mailbox_virtual_uidgid_maps']) && $ini_array['mail']['mailbox_virtual_uidgid_maps'] == 'y') {
				$virtual_transport = 'lmtp:unix:private/dovecot-lmtp';
380
				$configure_lmtp = true;
Dominik Müller's avatar
Dominik Müller committed
381
382
383
			}
		}

384
		$config_dir = $conf['postfix']['config_dir'];
385

tbrehm's avatar
tbrehm committed
386
		//* Configure master.cf and add a line for deliver
387
		if(!$this->get_postfix_service('dovecot', 'unix')) {
388
389
390
391
392
393
394
395
396
			//* backup
			if(is_file($config_dir.'/master.cf')){
				copy($config_dir.'/master.cf', $config_dir.'/master.cf~2');
			}
			if(is_file($config_dir.'/master.cf~')){
				chmod($config_dir.'/master.cf~2', 0400);
			}
			//* Configure master.cf and add a line for deliver
			$content = rf($conf["postfix"]["config_dir"].'/master.cf');
397
			$deliver_content = 'dovecot   unix  -       n       n       -       -       pipe'."\n".'  flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop}'."\n";
398
			af($conf["postfix"]["config_dir"].'/master.cf', $deliver_content);
399
400
			unset($content);
			unset($deliver_content);
tbrehm's avatar
tbrehm committed
401
		}
402

tbrehm's avatar
tbrehm committed
403
404
405
406
		//* Reconfigure postfix to use dovecot authentication
		// Adding the amavisd commands to the postfix configuration
		$postconf_commands = array (
			'dovecot_destination_recipient_limit = 1',
Dominik Müller's avatar
Dominik Müller committed
407
			'virtual_transport = '.$virtual_transport,
tbrehm's avatar
tbrehm committed
408
409
410
			'smtpd_sasl_type = dovecot',
			'smtpd_sasl_path = private/auth',
		);
411

tbrehm's avatar
tbrehm committed
412
		// Make a backup copy of the main.cf file
413
414
		copy($conf["postfix"]["config_dir"].'/main.cf', $conf["postfix"]["config_dir"].'/main.cf~3');

tbrehm's avatar
tbrehm committed
415
416
417
418
419
		// Executing the postconf commands
		foreach($postconf_commands as $cmd) {
			$command = "postconf -e '$cmd'";
			caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
		}
420

421
422
423
424
		//* Use /etc/dovecot as config dir if exists
//		if(is_dir('/etc/dovecot')) $config_dir = '/etc/dovecot';
		$config_dir = $conf['dovecot']['config_dir'];

425
		//* backup dovecot.conf
tbrehm's avatar
tbrehm committed
426
427
		$configfile = 'dovecot.conf';
		if(is_file("$config_dir/$configfile")){
428
429
430
			copy("$config_dir/$configfile", "$config_dir/$configfile~");
		}

431
		//* Get the dovecot version
432
		exec('dovecot --version', $tmp);
433
		$dovecot_version = $tmp[0];
434
		unset($tmp);
435

436
		//* Copy dovecot configuration file
437
		if(version_compare($dovecot_version,2) >= 0) {
438
439
440
441
442
			if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot2.conf.master')) {
				copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot2.conf.master', $config_dir.'/'.$configfile);
			} else {
				copy('tpl/fedora_dovecot2.conf.master', $config_dir.'/'.$configfile);
			}
443
444
445
			if(version_compare($dovecot_version,2.1) < 0) {
				removeLine($config_dir.'/'.$configfile, 'ssl_protocols =');
			}
446
447
			replaceLine($config_dir.'/'.$configfile, 'postmaster_address = postmaster@example.com', 'postmaster_address = postmaster@'.$conf['hostname'], 1, 0);
			replaceLine($config_dir.'/'.$configfile, 'postmaster_address = webmaster@localhost', 'postmaster_address = postmaster@'.$conf['hostname'], 1, 0);
448
		} else {
449
450
451
452
453
			if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot.conf.master')) {
				copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot.conf.master', $config_dir.'/'.$configfile);
			} else {
				copy('tpl/fedora_dovecot.conf.master', $config_dir.'/'.$configfile);
			}
454
		}
455

456
457
458
459
460
		//* dovecot-lmtpd
		if($configure_lmtp) {
			replaceLine($config_dir.'/'.$configfile, 'protocols = imap pop3', 'protocols = imap pop3 lmtp', 1, 0);
		}

tbrehm's avatar
tbrehm committed
461
462
463
		//* dovecot-sql.conf
		$configfile = 'dovecot-sql.conf';
		if(is_file("$config_dir/$configfile")){
464
			copy("$config_dir/$configfile", "$config_dir/$configfile~");
tbrehm's avatar
tbrehm committed
465
			exec("chmod 400 $config_dir/$configfile~");
466
		}
467
468
		
		if(!@file_exists('/etc/dovecot-sql.conf')) exec('ln -s /etc/dovecot/dovecot-sql.conf /etc/dovecot-sql.conf');
469

470
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot-sql.conf.master', "tpl/fedora_dovecot-sql.conf.master");
471
472
473
474
		$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
		$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
		$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
		$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
475
		$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
476
		$content = str_replace('{server_id}', $conf['server_id'], $content);
Till Brehm's avatar
Till Brehm committed
477
		# enable iterate_query for dovecot2
478
479
480
		if(version_compare($dovecot_version,2, '>=')) {
			$content = str_replace('# iterate_query', 'iterate_query', $content);
		}
tbrehm's avatar
tbrehm committed
481
		wf("$config_dir/$configfile", $content);
482

tbrehm's avatar
tbrehm committed
483
484
		exec("chmod 600 $config_dir/$configfile");
		exec("chown root:root $config_dir/$configfile");
485
486
		
		// Dovecot shall ignore mounts in website directory
487
		if(is_installed('doveadm')) exec("doveadm mount add '/var/www/*' ignore > /dev/null 2> /dev/null");
tbrehm's avatar
tbrehm committed
488
489

	}
490

tbrehm's avatar
tbrehm committed
491
	public function configure_amavis() {
492
		global $conf, $dist;
493

tbrehm's avatar
tbrehm committed
494
495
		// amavisd user config file
		$configfile = 'fedora_amavisd_conf';
496
		if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf')) copy($conf["amavis"]["config_dir"].'/amavisd.conf', $conf["amavis"]["config_dir"].'/amavisd.conf~');
tbrehm's avatar
tbrehm committed
497
		if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf~')) exec('chmod 400 '.$conf["amavis"]["config_dir"].'/amavisd.conf~');
498
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/".$configfile.".master");
499
500
501
502
503
504
		$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
		$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
		$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
		$content = str_replace('{mysql_server_port}', $conf["mysql"]["port"], $content);
		$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
		$content = str_replace('{hostname}', $conf['hostname'], $content);
Till Brehm's avatar
Till Brehm committed
505
		$content = str_replace('{amavis_config_dir}', $conf['amavis']['config_dir'], $content);
506
		wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content);
507
		chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
508
		
509
510
511
512
513
		if(!is_file($conf['amavis']['config_dir'].'/60-dkim')) {
			touch($conf['amavis']['config_dir'].'/60-dkim');
			chmod($conf['amavis']['config_dir'].'/60-dkim', 0640);
		}
		
514
		// for CentOS 7.2 only
515
		if($dist['confid'] == 'centos72') {
516
517
			chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0750);
			chgrp($conf['amavis']['config_dir'].'/amavisd.conf', 'amavis');
518
519
			chmod($conf['amavis']['config_dir'].'/60-dkim', 0750);
			chgrp($conf['amavis']['config_dir'].'/60-dkim', 'amavis');
520
		}
521
522


tbrehm's avatar
tbrehm committed
523
524
525
526
527
		// Adding the amavisd commands to the postfix configuration
		$postconf_commands = array (
			'content_filter = amavis:[127.0.0.1]:10024',
			'receive_override_options = no_address_mappings'
		);
528

tbrehm's avatar
tbrehm committed
529
		// Make a backup copy of the main.cf file
530
531
		copy($conf["postfix"]["config_dir"].'/main.cf', $conf["postfix"]["config_dir"].'/main.cf~2');

tbrehm's avatar
tbrehm committed
532
533
534
535
536
		// Executing the postconf commands
		foreach($postconf_commands as $cmd) {
			$command = "postconf -e '$cmd'";
			caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
		}
537

538
539
540
		$config_dir = $conf['postfix']['config_dir'];

		// Adding amavis-services to the master.cf file if the service does not already exists
541
542
543
		$add_amavis = !$this->get_postfix_service('amavis','unix');
		$add_amavis_10025 = !$this->get_postfix_service('127.0.0.1:10025','inet');
		$add_amavis_10027 = !$this->get_postfix_service('127.0.0.1:10027','inet');
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563

		if ($add_amavis || $add_amavis_10025 || $add_amavis_10027) {
			//* backup master.cf
			if(is_file($config_dir.'/master.cf')) copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
			// adjust amavis-config
			if($add_amavis) {
				$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis.master', 'tpl/master_cf_amavis.master');
				af($config_dir.'/master.cf', $content);
				unset($content);
			}
			if ($add_amavis_10025) {
				$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10025.master', 'tpl/master_cf_amavis10025.master');
				af($config_dir.'/master.cf', $content);
				unset($content);
			}
			if ($add_amavis_10027) {
				$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10027.master', 'tpl/master_cf_amavis10027.master');
				af($config_dir.'/master.cf', $content);
				unset($content);
			}
tbrehm's avatar
tbrehm committed
564
		}
565
566
567
568

		removeLine('/etc/sysconfig/freshclam', 'FRESHCLAM_DELAY=disabled-warn   # REMOVE ME', 1);
		replaceLine('/etc/freshclam.conf', 'Example', '# Example', 1);

tbrehm's avatar
tbrehm committed
569
570
		// Add the clamav user to the vscan group
		//exec('groupmod --add-user clamav vscan');
571
572


tbrehm's avatar
tbrehm committed
573
	}
574

tbrehm's avatar
tbrehm committed
575
	public function configure_spamassassin()
576
	{
tbrehm's avatar
tbrehm committed
577
		global $conf;
578

tbrehm's avatar
tbrehm committed
579
580
581
582
583
584
585
586
587
588
589
		//* Enable spamasasssin on debian and ubuntu
		/*
		$configfile = '/etc/default/spamassassin';
		if(is_file($configfile)){
            copy($configfile, $configfile.'~');
        }
		$content = rf($configfile);
		$content = str_replace('ENABLED=0', 'ENABLED=1', $content);
		wf($configfile, $content);
		*/
	}
590

tbrehm's avatar
tbrehm committed
591
	public function configure_getmail()
592
	{
tbrehm's avatar
tbrehm committed
593
		global $conf;
594

tbrehm's avatar
tbrehm committed
595
		$config_dir = $conf['getmail']['config_dir'];
596

tbrehm's avatar
tbrehm committed
597
598
599
		if(!is_dir($config_dir)) exec("mkdir -p ".escapeshellcmd($config_dir));

		$command = "useradd -d $config_dir getmail";
600
		if(!is_user('getmail')) caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
601

tbrehm's avatar
tbrehm committed
602
603
		$command = "chown -R getmail $config_dir";
		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
604

tbrehm's avatar
tbrehm committed
605
606
607
		$command = "chmod -R 700 $config_dir";
		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	}
608
609


tbrehm's avatar
tbrehm committed
610
	public function configure_pureftpd()
611
	{
tbrehm's avatar
tbrehm committed
612
		global $conf;
613

tbrehm's avatar
tbrehm committed
614
615
616
617
618
		$config_dir = $conf['pureftpd']['config_dir'];

		//* configure pam for SMTP authentication agains the ispconfig database
		$configfile = 'pureftpd-mysql.conf';
		if(is_file("$config_dir/$configfile")){
619
620
			copy("$config_dir/$configfile", "$config_dir/$configfile~");
		}
tbrehm's avatar
tbrehm committed
621
		if(is_file("$config_dir/$configfile~")){
622
623
			exec("chmod 400 $config_dir/$configfile~");
		}
624
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/pureftpd_mysql.conf.master', 'tpl/pureftpd_mysql.conf.master');
tbrehm's avatar
tbrehm committed
625
626
627
628
629
630
631
632
		$content = str_replace('{mysql_server_ispconfig_user}', $conf["mysql"]["ispconfig_user"], $content);
		$content = str_replace('{mysql_server_ispconfig_password}', $conf["mysql"]["ispconfig_password"], $content);
		$content = str_replace('{mysql_server_database}', $conf["mysql"]["database"], $content);
		$content = str_replace('{mysql_server_ip}', $conf["mysql"]["ip"], $content);
		$content = str_replace('{server_id}', $conf["server_id"], $content);
		wf("$config_dir/$configfile", $content);
		exec("chmod 600 $config_dir/$configfile");
		exec("chown root:root $config_dir/$configfile");
633

tbrehm's avatar
tbrehm committed
634
		// copy our customized copy of pureftpd.conf to the pure-ftpd config directory
635
		if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_pureftpd_conf.master')) {
636
637
638
639
640
			exec("cp " . $conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_pureftpd_conf.master ' . "$config_dir/pure-ftpd.conf");
		}else {
			exec("cp tpl/fedora_pureftpd_conf.master $config_dir/pure-ftpd.conf");
		}

tbrehm's avatar
tbrehm committed
641
	}
642

tbrehm's avatar
tbrehm committed
643
	public function configure_mydns()
644
	{
tbrehm's avatar
tbrehm committed
645
		global $conf;
646

tbrehm's avatar
tbrehm committed
647
648
		// configure mydns
		$configfile = 'mydns.conf';
649
		if(is_file($conf["mydns"]["config_dir"].'/'.$configfile)) copy($conf["mydns"]["config_dir"].'/'.$configfile, $conf["mydns"]["config_dir"].'/'.$configfile.'~');
tbrehm's avatar
tbrehm committed
650
		if(is_file($conf["mydns"]["config_dir"].'/'.$configfile.'~')) exec('chmod 400 '.$conf["mydns"]["config_dir"].'/'.$configfile.'~');
651
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/".$configfile.".master");
652
653
654
655
		$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
		$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
		$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
		$content = str_replace('{mysql_server_host}', $conf["mysql"]["host"], $content);
656
		$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
657
658
		$content = str_replace('{server_id}', $conf["server_id"], $content);
		wf($conf["mydns"]["config_dir"].'/'.$configfile, $content);
tbrehm's avatar
tbrehm committed
659
660
		exec('chmod 600 '.$conf["mydns"]["config_dir"].'/'.$configfile);
		exec('chown root:root '.$conf["mydns"]["config_dir"].'/'.$configfile);
661

tbrehm's avatar
tbrehm committed
662
	}
663

tbrehm's avatar
tbrehm committed
664
665
	public function configure_bind() {
		global $conf;
666

tbrehm's avatar
tbrehm committed
667
		// add the include line at the end of named.conf.
668
		replaceLine('/etc/named.conf', 'include "/etc/named.conf.local";', 'include "/etc/named.conf.local";', 0, 1);
669
670
671

		//* Check if the zonefile directory has a slash at the end
		$content=$conf['bind']['bind_zonefiles_dir'];
672
		if(substr($content, -1, 1) != '/') {
673
674
675
676
677
678
679
680
681
682
			$content .= '/';
		}

		//* Create the slave subdirectory
		$content .= 'slave';
		$content_mkdir = 'mkdir -p '.$content;
		exec($content_mkdir);

		//* Chown the slave subdirectory to $conf['bind']['bind_user']
		exec('chown '.$conf['bind']['bind_user'].':'.$conf['bind']['bind_group'].' '.$content);
683
		exec('chmod 2770 '.$content);
684

tbrehm's avatar
tbrehm committed
685
	}
686

tbrehm's avatar
tbrehm committed
687
	public function configure_apache()
688
	{
tbrehm's avatar
tbrehm committed
689
		global $conf;
690

691
		if($conf['apache']['installed'] == false) return;
692
		if(is_file('/etc/suphp.conf')) {
tbrehm's avatar
tbrehm committed
693
			//replaceLine('/etc/suphp.conf','php=php:/usr/bin','x-httpd-suphp=php:/usr/bin/php-cgi',0);
694
695
			replaceLine('/etc/suphp.conf', 'docroot=', 'docroot=/var/www', 0);
			replaceLine('/etc/suphp.conf', 'umask=0077', 'umask=0022', 0);
696
		}
697

tbrehm's avatar
tbrehm committed
698
699
		//* Create the logging directory for the vhost logfiles
		exec('mkdir -p /var/log/ispconfig/httpd');
700

tbrehm's avatar
tbrehm committed
701
702
703
		// Sites enabled and avaulable dirs
		exec('mkdir -p '.$conf['apache']['vhost_conf_enabled_dir']);
		exec('mkdir -p '.$conf['apache']['vhost_conf_dir']);
704

tbrehm's avatar
tbrehm committed
705
		$content = rf('/etc/httpd/conf/httpd.conf');
706
707
		if(!stristr($content, 'Include /etc/httpd/conf/sites-enabled/')) {
			af('/etc/httpd/conf/httpd.conf', "\nNameVirtualHost *:80\nNameVirtualHost *:443\nInclude /etc/httpd/conf/sites-enabled/\n\n");
tbrehm's avatar
tbrehm committed
708
709
		}
		unset($content);
710

711
		//* Copy the ISPConfig configuration include
712
713
714
		$vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
		$vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];

715
716
717
		$tpl = new tpl('apache_ispconfig.conf.master');
		$tpl->setVar('apache_version',getapacheversion());
		
718
		$records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);
719
720
		$ip_addresses = array();
		
721
		if(is_array($records) && count($records) > 0) {
722
			foreach($records as $rec) {
723
724
725
726
727
				if($rec['ip_type'] == 'IPv6') {
					$ip_address = '['.$rec['ip_address'].']';
				} else {
					$ip_address = $rec['ip_address'];
				}
728
				$ports = explode(',', $rec['virtualhost_port']);
729
730
731
732
				if(is_array($ports)) {
					foreach($ports as $port) {
						$port = intval($port);
						if($port > 0 && $port < 65536 && $ip_address != '') {
733
							$ip_addresses[] = array('ip_address' => $ip_address, 'port' => $port);
734
735
736
						}
					}
				}
737
738
			}
		}
739
		
Till Brehm's avatar
Till Brehm committed
740
		if(count($ip_addresses) > 0) $tpl->setLoop('ip_adresses',$ip_addresses);
741

742
743
		wf($vhost_conf_dir.'/ispconfig.conf', $tpl->grab());
		unset($tpl);
744

745
746
747
		if(!@is_link($vhost_conf_enabled_dir."/000-ispconfig.conf")) {
			exec("ln -s ".$vhost_conf_dir."/ispconfig.conf ".$vhost_conf_enabled_dir."/000-ispconfig.conf");
		}
748

tbrehm's avatar
tbrehm committed
749
750
751
752
753
		//* make sure that webalizer finds its config file when it is directly in /etc
		if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
			exec('mkdir /etc/webalizer');
			exec('ln -s /etc/webalizer.conf /etc/webalizer/webalizer.conf');
		}
754

tbrehm's avatar
tbrehm committed
755
756
		if(is_file('/etc/webalizer/webalizer.conf')) {
			// Change webalizer mode to incremental
757
758
759
			replaceLine('/etc/webalizer/webalizer.conf', '#IncrementalName', 'IncrementalName webalizer.current', 0, 0);
			replaceLine('/etc/webalizer/webalizer.conf', '#Incremental', 'Incremental     yes', 0, 0);
			replaceLine('/etc/webalizer/webalizer.conf', '#HistoryName', 'HistoryName     webalizer.hist', 0, 0);
tbrehm's avatar
tbrehm committed
760
		}
761

tbrehm's avatar
tbrehm committed
762
763
764
		//* add a sshusers group
		$command = 'groupadd sshusers';
		if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
765

tbrehm's avatar
tbrehm committed
766
	}
767

768
769
	public function configure_nginx(){
		global $conf;
770

771
772
773
		if($conf['nginx']['installed'] == false) return;
		//* Create the logging directory for the vhost logfiles
		if(!@is_dir($conf['ispconfig_log_dir'].'/httpd')) mkdir($conf['ispconfig_log_dir'].'/httpd', 0755, true);
774

775
776
777
778
		// Sites enabled and avaulable dirs
		exec('mkdir -p '.$conf['nginx']['vhost_conf_enabled_dir']);
		exec('mkdir -p '.$conf['nginx']['vhost_conf_dir']);

779
		wf('/etc/nginx/conf.d/ispconfig_vhosts.conf', "include /etc/nginx/sites-enabled/*.vhost;");
780
781
782
783

		//* make sure that webalizer finds its config file when it is directly in /etc
		if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
			mkdir('/etc/webalizer');
784
			symlink('/etc/webalizer.conf', '/etc/webalizer/webalizer.conf');
785
786
787
788
		}

		if(is_file('/etc/webalizer/webalizer.conf')) {
			// Change webalizer mode to incremental
789
790
791
			replaceLine('/etc/webalizer/webalizer.conf', '#IncrementalName', 'IncrementalName webalizer.current', 0, 0);
			replaceLine('/etc/webalizer/webalizer.conf', '#Incremental', 'Incremental     yes', 0, 0);
			replaceLine('/etc/webalizer/webalizer.conf', '#HistoryName', 'HistoryName     webalizer.hist', 0, 0);
792
		}
793

794
795
		// Check the awsatst script
		if(!is_dir('/usr/share/awstats/tools')) exec('mkdir -p /usr/share/awstats/tools');
796
797
798
		if(!file_exists('/usr/share/awstats/tools/awstats_buildstaticpages.pl') && file_exists('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl')) symlink('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl', '/usr/share/awstats/tools/awstats_buildstaticpages.pl');
		if(file_exists('/etc/awstats/awstats.conf.local')) replaceLine('/etc/awstats/awstats.conf.local', 'LogFormat=4', 'LogFormat=1', 0, 1);

799
800
801
802
		//* add a sshusers group
		$command = 'groupadd sshusers';
		if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	}
803

804
	public function configure_bastille_firewall()
tbrehm's avatar
tbrehm committed
805
806
	{
		global $conf;
807

tbrehm's avatar
tbrehm committed
808
		$dist_init_scripts = $conf['init_scripts'];
809

tbrehm's avatar
tbrehm committed
810
811
		if(is_dir("/etc/Bastille.backup")) caselog("rm -rf /etc/Bastille.backup", __FILE__, __LINE__);
		if(is_dir("/etc/Bastille")) caselog("mv -f /etc/Bastille /etc/Bastille.backup", __FILE__, __LINE__);
812
813
814
815
816
817
818
819
820
821
822
823
824
		@mkdir("/etc/Bastille", octdec($directory_mode));
		if(is_dir("/etc/Bastille.backup/firewall.d")) caselog("cp -pfr /etc/Bastille.backup/firewall.d /etc/Bastille/", __FILE__, __LINE__);
		if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/bastille-firewall.cfg.master')) {
			caselog("cp -f " . $conf['ispconfig_install_dir']."/server/conf-custom/install/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
		} else {
			caselog("cp -f tpl/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
		}
		caselog("chmod 644 /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
		$content = rf("/etc/Bastille/bastille-firewall.cfg");
		$content = str_replace("{DNS_SERVERS}", "", $content);

		$tcp_public_services = '';
		$udp_public_services = '';
tbrehm's avatar
tbrehm committed
825

826
		$row = $this->db->queryOneRecord('SELECT * FROM ?? WHERE server_id = ?', $conf["mysql"]["database"] . '.firewall', $conf['server_id']);
827
828
829
830
831
832
833
834

		if(trim($row["tcp_port"]) != '' || trim($row["udp_port"]) != ''){
			$tcp_public_services = trim(str_replace(',', ' ', $row["tcp_port"]));
			$udp_public_services = trim(str_replace(',', ' ', $row["udp_port"]));
		} else {
			$tcp_public_services = '21 22 25 53 80 110 443 3306 8080 10000';
			$udp_public_services = '53';
		}
tbrehm's avatar
tbrehm committed
835
		if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) {
fantu's avatar
fantu committed
836
			$tcp_public_services .= ' '.intval($conf['apache']['vhost_port']);
837
			if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ? WHERE server_id = ?", ',' . intval($conf['apache']['vhost_port']), $conf['server_id']);
tbrehm's avatar
tbrehm committed
838
		}
tbrehm's avatar
tbrehm committed
839

840
841
		$content = str_replace("{TCP_PUBLIC_SERVICES}", $tcp_public_services, $content);
		$content = str_replace("{UDP_PUBLIC_SERVICES}", $udp_public_services, $content);
tbrehm's avatar
tbrehm committed
842

843
		wf("/etc/Bastille/bastille-firewall.cfg", $content);
tbrehm's avatar
tbrehm committed
844

845
846
847
848
849
850
851
852
853
854
855
		if(is_file($dist_init_scripts."/bastille-firewall")) caselog("mv -f $dist_init_scripts/bastille-firewall $dist_init_scripts/bastille-firewall.backup", __FILE__, __LINE__);
		caselog("cp -f apps/bastille-firewall $dist_init_scripts", __FILE__, __LINE__);
		caselog("chmod 700 $dist_init_scripts/bastille-firewall", __FILE__, __LINE__);

		if(is_file("/sbin/bastille-ipchains")) caselog("mv -f /sbin/bastille-ipchains /sbin/bastille-ipchains.backup", __FILE__, __LINE__);
		caselog("cp -f apps/bastille-ipchains /sbin", __FILE__, __LINE__);
		caselog("chmod 700 /sbin/bastille-ipchains", __FILE__, __LINE__);

		if(is_file("/sbin/bastille-netfilter")) caselog("mv -f /sbin/bastille-netfilter /sbin/bastille-netfilter.backup", __FILE__, __LINE__);
		caselog("cp -f apps/bastille-netfilter /sbin", __FILE__, __LINE__);
		caselog("chmod 700 /sbin/bastille-netfilter", __FILE__, __LINE__);
tbrehm's avatar
tbrehm committed
856
857
858

		if(!@is_dir('/var/lock/subsys')) caselog("mkdir /var/lock/subsys", __FILE__, __LINE__);

859
860
861
862
863
864
		exec("which ipchains &> /dev/null", $ipchains_location, $ret_val);
		if(!is_file("/sbin/ipchains") && !is_link("/sbin/ipchains") && $ret_val == 0) phpcaselog(@symlink(shell_exec("which ipchains"), "/sbin/ipchains"), 'create symlink', __FILE__, __LINE__);
		unset($ipchains_location);
		exec("which iptables &> /dev/null", $iptables_location, $ret_val);
		if(!is_file("/sbin/iptables") && !is_link("/sbin/iptables") && $ret_val == 0) phpcaselog(@symlink(trim(shell_exec("which iptables")), "/sbin/iptables"), 'create symlink', __FILE__, __LINE__);
		unset($iptables_location);
tbrehm's avatar
tbrehm committed
865
866

	}
867

tbrehm's avatar
tbrehm committed
868
	public function install_ispconfig()
869
	{
tbrehm's avatar
tbrehm committed
870
		global $conf;
871

tbrehm's avatar
tbrehm committed
872
873
874
875
876
877
878
		$install_dir = $conf['ispconfig_install_dir'];

		//* Create the ISPConfig installation directory
		if(!@is_dir("$install_dir")) {
			$command = "mkdir $install_dir";
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
		}
879

tbrehm's avatar
tbrehm committed
880
881
		//* Create a ISPConfig user and group
		$command = 'groupadd ispconfig';
882
		if(!is_group('ispconfig')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
883

tbrehm's avatar
tbrehm committed
884
		$command = "useradd -g ispconfig -d $install_dir ispconfig";
885
		if(!is_user('ispconfig')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
886

tbrehm's avatar
tbrehm committed
887
888
889
		//* copy the ISPConfig interface part
		$command = "cp -rf ../interface $install_dir";
		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
890

tbrehm's avatar
tbrehm committed
891
892
893
		//* copy the ISPConfig server part
		$command = "cp -rf ../server $install_dir";
		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
894
		
895
896
897
		//* Make a backup of the security settings
		if(is_file('/usr/local/ispconfig/security/security_settings.ini')) copy('/usr/local/ispconfig/security/security_settings.ini','/usr/local/ispconfig/security/security_settings.ini~');
		
898
899
900
		//* copy the ISPConfig security part
		$command = 'cp -rf ../security '.$install_dir;
		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
		
		//* Apply changed security_settings.ini values to new security_settings.ini file
		if(is_file('/usr/local/ispconfig/security/security_settings.ini~')) {
			$security_settings_old = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini~'));
			$security_settings_new = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini'));
			if(is_array($security_settings_new) && is_array($security_settings_old)) {
				foreach($security_settings_new as $section => $sval) {
					if(is_array($sval)) {
						foreach($sval as $key => $val) {
							if(isset($security_settings_old[$section]) && isset($security_settings_old[$section][$key])) {
								$security_settings_new[$section][$key] = $security_settings_old[$section][$key];
							}
						}
					}
				}
				file_put_contents('/usr/local/ispconfig/security/security_settings.ini',array_to_ini($security_settings_new));
			}
		}
919

tbrehm's avatar
tbrehm committed
920
921
922
923
		//* Create a symlink, so ISPConfig is accessible via web
		// Replaced by a separate vhost definition for port 8080
		// $command = "ln -s $install_dir/interface/web/ /var/www/ispconfig";
		// caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
924

tbrehm's avatar
tbrehm committed
925
926
927
		//* Create the config file for ISPConfig interface
		$configfile = 'config.inc.php';
		if(is_file($install_dir.'/interface/lib/'.$configfile)){
928
929
			copy("$install_dir/interface/lib/$configfile", "$install_dir/interface/lib/$configfile~");
		}
930
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");