fedora.lib.php 62.9 KB
Newer Older
tbrehm's avatar
tbrehm committed
1
2
3
<?php

/*
redray's avatar
redray committed
4
Copyright (c) 2007, Till Brehm, projektfarm Gmbh
tbrehm's avatar
tbrehm committed
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
All rights reserved.

Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:

    * Redistributions of source code must retain the above copyright notice,
      this list of conditions and the following disclaimer.
    * Redistributions in binary form must reproduce the above copyright notice,
      this list of conditions and the following disclaimer in the documentation
      and/or other materials provided with the distribution.
    * Neither the name of ISPConfig nor the names of its contributors
      may be used to endorse or promote products derived from this software without
      specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/

tbrehm's avatar
tbrehm committed
31
class installer_dist extends installer_base {
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
	protected $mailman_group = 'mailman';
	
	public function __construct() {
		//** check apache modules */
		$mods = getapachemodules();
		if(in_array('authz_compat', $mods, true)) {
			swriteln($inst->lng('    WARNING! You are using mod_authz_compat.'));
			swriteln($inst->lng('    Please make sure that your apache config uses the new auth syntax:'));
			swriteln($inst->lng('    <Directory />'));
			swriteln($inst->lng('    Options None'));
			swriteln($inst->lng('    AllowOverride None'));
			swriteln($inst->lng('    Require all denied'));
			swriteln($inst->lng('    </Directory>'."\n"));
			
			swriteln($inst->lng('    If it uses the old syntax (deny from all) ISPConfig would fail to work.'));
47
		}
48
	}
49

tbrehm's avatar
tbrehm committed
50
	function configure_postfix($options = '')
51
	{
52
		global $conf,$autoinstall;
tbrehm's avatar
tbrehm committed
53
54
		$cf = $conf['postfix'];
		$config_dir = $cf['config_dir'];
55

tbrehm's avatar
tbrehm committed
56
		if(!is_dir($config_dir)){
57
58
59
			$this->error("The postfix configuration directory '$config_dir' does not exist.");
		}

tbrehm's avatar
tbrehm committed
60
		//* mysql-virtual_domains.cf
61
		$this->process_postfix_config('mysql-virtual_domains.cf');
tbrehm's avatar
tbrehm committed
62
63

		//* mysql-virtual_forwardings.cf
64
		$this->process_postfix_config('mysql-virtual_forwardings.cf');
tbrehm's avatar
tbrehm committed
65
66

		//* mysql-virtual_mailboxes.cf
67
		$this->process_postfix_config('mysql-virtual_mailboxes.cf');
tbrehm's avatar
tbrehm committed
68
69

		//* mysql-virtual_email2email.cf
70
		$this->process_postfix_config('mysql-virtual_email2email.cf');
tbrehm's avatar
tbrehm committed
71
72

		//* mysql-virtual_transports.cf
73
		$this->process_postfix_config('mysql-virtual_transports.cf');
tbrehm's avatar
tbrehm committed
74
75

		//* mysql-virtual_recipient.cf
76
		$this->process_postfix_config('mysql-virtual_recipient.cf');
tbrehm's avatar
tbrehm committed
77
78

		//* mysql-virtual_sender.cf
79
		$this->process_postfix_config('mysql-virtual_sender.cf');
tbrehm's avatar
tbrehm committed
80

81
82
83
		//* mysql-virtual_sender_login_maps.cf
		$this->process_postfix_config('mysql-virtual_sender_login_maps.cf');
		
tbrehm's avatar
tbrehm committed
84
		//* mysql-virtual_client.cf
85
86
		$this->process_postfix_config('mysql-virtual_client.cf');

tbrehm's avatar
tbrehm committed
87
		//* mysql-virtual_relaydomains.cf
88
89
		$this->process_postfix_config('mysql-virtual_relaydomains.cf');

90
		//* mysql-virtual_relayrecipientmaps.cf
91
		$this->process_postfix_config('mysql-virtual_relayrecipientmaps.cf');
tbrehm's avatar
tbrehm committed
92

Dominik's avatar
Dominik committed
93
94
95
		//* mysql-virtual_policy_greylist.cf
		$this->process_postfix_config('mysql-virtual_policy_greylist.cf');

96
97
98
99
100
101
		//* postfix-dkim
		$full_file_name=$config_dir.'/tag_as_originating.re';
		if(is_file($full_file_name)) {
			copy($full_file_name, $config_dir.$configfile.'~');
		}
		wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10026');
102

103
104
105
106
107
		$full_file_name=$config_dir.'/tag_as_foreign.re';
		if(is_file($full_file_name)) {
			copy($full_file_name, $config_dir.$configfile.'~');
		}
		wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10024');
108

tbrehm's avatar
tbrehm committed
109
110
		//* Changing mode and group of the new created config files.
		caselog('chmod o= '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
111
112
113
114
			__FILE__, __LINE__, 'chmod on mysql-virtual_*.cf*', 'chmod on mysql-virtual_*.cf* failed');
		caselog('chgrp '.$cf['group'].' '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
			__FILE__, __LINE__, 'chgrp on mysql-virtual_*.cf*', 'chgrp on mysql-virtual_*.cf* failed');

tbrehm's avatar
tbrehm committed
115
116
		//* Creating virtual mail user and group
		$command = 'groupadd -g '.$cf['vmail_groupid'].' '.$cf['vmail_groupname'];
117
		if(!is_group($cf['vmail_groupname'])) caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
tbrehm's avatar
tbrehm committed
118
119

		$command = 'useradd -g '.$cf['vmail_groupname'].' -u '.$cf['vmail_userid'].' '.$cf['vmail_username'].' -d '.$cf['vmail_mailbox_base'].' -m';
120
121
122
		if(!is_user($cf['vmail_username'])) caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

		//* These postconf commands will be executed on installation and update
123
		$server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ?", $conf['server_id']);
124
125
126
127
128
129
		$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
		unset($server_ini_rec);

		//* If there are RBL's defined, format the list and add them to smtp_recipient_restrictions to prevent removeal after an update
		$rbl_list = '';
		if (@isset($server_ini_array['mail']['realtime_blackhole_list']) && $server_ini_array['mail']['realtime_blackhole_list'] != '') {
130
			$rbl_hosts = explode(",", str_replace(" ", "", $server_ini_array['mail']['realtime_blackhole_list']));
131
132
133
134
135
			foreach ($rbl_hosts as $key => $value) {
				$rbl_list .= ", reject_rbl_client ". $value;
			}
		}
		unset($rbl_hosts);
Dominik's avatar
Dominik committed
136
137
138
139
		
		//* If Postgrey is installed, configure it
		$greylisting = '';
		if($conf['postgrey']['installed'] == true) {
140
			$greylisting = ', check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf';
Dominik's avatar
Dominik committed
141
142
		}
		
143
144
145
146
147
148
		$reject_sender_login_mismatch = '';
		if(isset($server_ini_array['mail']['reject_sender_login_mismatch']) && ($server_ini_array['mail']['reject_sender_login_mismatch'] == 'y')) {
			$reject_sender_login_mismatch = ', reject_authenticated_sender_login_mismatch';
		}
		unset($server_ini_array);
		
149
150
151
152
		$postconf_placeholders = array('{config_dir}' => $config_dir,
			'{vmail_mailbox_base}' => $cf['vmail_mailbox_base'],
			'{vmail_userid}' => $cf['vmail_userid'],
			'{vmail_groupid}' => $cf['vmail_groupid'],
Dominik's avatar
Dominik committed
153
154
			'{rbl_list}' => $rbl_list,
			'{greylisting}' => $greylisting,
155
			'{reject_slm}' => $reject_sender_login_mismatch,
Dominik's avatar
Dominik committed
156
		);
157
		
158
159
160
161
		$postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_postfix.conf.master', 'tpl/fedora_postfix.conf.master');
		$postconf_tpl = strtr($postconf_tpl, $postconf_placeholders);
		$postconf_commands = array_filter(explode("\n", $postconf_tpl)); // read and remove empty lines

162
163
		//* These postconf commands will be executed on installation only
		if($this->is_update == false) {
164
165
166
167
168
			$postconf_commands = array_merge($postconf_commands, array(
					'myhostname = '.$conf['hostname'],
					'mydestination = '.$conf['hostname'].', localhost, localhost.localdomain',
					'mynetworks = 127.0.0.0/8 [::1]/128'
				));
169
		}
170

tbrehm's avatar
tbrehm committed
171
172
173
174
175
		//* Create the header and body check files
		touch($config_dir.'/header_checks');
		touch($config_dir.'/mime_header_checks');
		touch($config_dir.'/nested_header_checks');
		touch($config_dir.'/body_checks');
176

177
178
179
180
		//* Create the mailman files
		if(!is_dir('/var/lib/mailman/data')) exec('mkdir -p /var/lib/mailman/data');
		//if(!is_file('/var/lib/mailman/data/aliases')) touch('/var/lib/mailman/data/aliases');
		if(is_file('/var/lib/mailman/data/aliases')) unlink('/var/lib/mailman/data/aliases');
181
		if(!is_link('/var/lib/mailman/data/aliases')) symlink('/etc/mailman/aliases', '/var/lib/mailman/data/aliases');
182
		exec('postalias /var/lib/mailman/data/aliases');
183
184
		if(!is_file('/etc/mailman/virtual-mailman')) touch('/etc/mailman/virtual-mailman');
		exec('postmap /etc/mailman/virtual-mailman');
185
186
		if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');
		exec('/usr/sbin/postmap /var/lib/mailman/data/transport-mailman');
187

tbrehm's avatar
tbrehm committed
188
189
		//* Make a backup copy of the main.cf file
		copy($config_dir.'/main.cf', $config_dir.'/main.cf~');
190

tbrehm's avatar
tbrehm committed
191
192
193
194
195
		//* Executing the postconf commands
		foreach($postconf_commands as $cmd) {
			$command = "postconf -e '$cmd'";
			caselog($command." &> /dev/null", __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
		}
196
197

		if(!stristr($options, 'dont-create-certs')) {
tbrehm's avatar
tbrehm committed
198
			//* Create the SSL certificate
Till Brehm's avatar
Till Brehm committed
199
200
			if(AUTOINSTALL){
				$command = 'cd '.$config_dir.'; '
201
					."openssl req -new -subj '/C=".escapeshellcmd($autoinstall['ssl_cert_country'])."/ST=".escapeshellcmd($autoinstall['ssl_cert_state'])."/L=".escapeshellcmd($autoinstall['ssl_cert_locality'])."/O=".escapeshellcmd($autoinstall['ssl_cert_organisation'])."/OU=".escapeshellcmd($autoinstall['ssl_cert_organisation_unit'])."/CN=".escapeshellcmd($autoinstall['ssl_cert_common_name'])."' -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509";
Till Brehm's avatar
Till Brehm committed
202
203
			} else {
				$command = 'cd '.$config_dir.'; '
204
205
					.'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';
			}
tbrehm's avatar
tbrehm committed
206
			exec($command);
207

redray's avatar
redray committed
208
			$command = 'chmod o= '.$config_dir.'/smtpd.key';
tbrehm's avatar
tbrehm committed
209
210
			caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
		}
211

tbrehm's avatar
tbrehm committed
212
213
214
		//** We have to change the permissions of the courier authdaemon directory to make it accessible for maildrop.
		$command = 'chmod 755 /var/spool/authdaemon';
		caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
215

tbrehm's avatar
tbrehm committed
216
217
		//* Changing maildrop lines in posfix master.cf
		if(is_file($config_dir.'/master.cf')){
218
219
			copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
		}
tbrehm's avatar
tbrehm committed
220
		if(is_file($config_dir.'/master.cf~')){
221
222
			exec('chmod 400 '.$config_dir.'/master.cf~');
		}
tbrehm's avatar
tbrehm committed
223
224
		$configfile = $config_dir.'/master.cf';
		$content = rf($configfile);
tbrehm's avatar
tbrehm committed
225
		// if postfix package is from fedora or centios main repo
226
227
228
229
		$content = str_replace('#  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}',
			'  flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
			$content);

tbrehm's avatar
tbrehm committed
230
		// If postfix package is from centos plus repo
231
232
233
234
235
236
237
238
239
240
241
242
243
		$content = str_replace('#  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}',
			'  flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
			$content);

		$content = str_replace('  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}',
			'  flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
			$content);


		$content = str_replace('#maildrop  unix  -       n       n       -       -       pipe',
			'maildrop  unix  -       n       n       -       -       pipe',
			$content);

tbrehm's avatar
tbrehm committed
244
		wf($configfile, $content);
245

tbrehm's avatar
tbrehm committed
246
247
248
		//* Writing the Maildrop mailfilter file
		$configfile = 'mailfilter';
		if(is_file($cf['vmail_mailbox_base'].'/.'.$configfile)){
249
250
			copy($cf['vmail_mailbox_base'].'/.'.$configfile, $cf['vmail_mailbox_base'].'/.'.$configfile.'~');
		}
251
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
tbrehm's avatar
tbrehm committed
252
253
		$content = str_replace('{dist_postfix_vmail_mailbox_base}', $cf['vmail_mailbox_base'], $content);
		wf($cf['vmail_mailbox_base'].'/.'.$configfile, $content);
254

tbrehm's avatar
tbrehm committed
255
256
257
		//* Create the directory for the custom mailfilters
		$command = 'mkdir '.$cf['vmail_mailbox_base'].'/mailfilters';
		caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
258

tbrehm's avatar
tbrehm committed
259
260
261
		//* Chmod and chown the .mailfilter file
		$command = 'chown -R '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base'].'/.mailfilter';
		caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
262

tbrehm's avatar
tbrehm committed
263
264
		$command = 'chmod -R 600 '.$cf['vmail_mailbox_base'].'/.mailfilter';
		caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
265

tbrehm's avatar
tbrehm committed
266
	}
267

tbrehm's avatar
tbrehm committed
268
269
	public function configure_saslauthd() {
		global $conf;
270

tbrehm's avatar
tbrehm committed
271
		$configfile = 'tpl/fedora_saslauthd_smtpd_conf.master';
272
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_saslauthd_smtpd_conf.master', $configfile);
273
274
275
276
		wf('/usr/lib/sasl2/smtpd.conf', $content);
		if(is_dir('/usr/lib64')) wf('/usr/lib64/sasl/smtpd.conf', $content);
		if(is_dir('/usr/lib64')) wf('/usr/lib64/sasl2/smtpd.conf', $content);

tbrehm's avatar
tbrehm committed
277
	}
278

tbrehm's avatar
tbrehm committed
279
	public function configure_pam()
280
	{
tbrehm's avatar
tbrehm committed
281
282
283
284
285
286
287
		global $conf;
		$pam = $conf['pam'];
		//* configure pam for SMTP authentication agains the ispconfig database
		$configfile = 'pamd_smtp';
		if(is_file("$pam/smtp"))    copy("$pam/smtp", "$pam/smtp~");
		if(is_file("$pam/smtp~"))   exec("chmod 400 $pam/smtp~");

288
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
tbrehm's avatar
tbrehm committed
289
290
291
292
293
		$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
		$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
		$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
		$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
		wf("$pam/smtp", $content);
294
295
		// On some OSes smtp is world readable which allows for reading database information.  Removing world readable rights should have no effect.
		if(is_file("$pam/smtp"))    exec("chmod o= $pam/smtp");
tbrehm's avatar
tbrehm committed
296
	}
297

tbrehm's avatar
tbrehm committed
298
	public function configure_courier()
299
	{
tbrehm's avatar
tbrehm committed
300
301
302
303
304
		global $conf;
		$config_dir = $conf['courier']['config_dir'];
		//* authmysqlrc
		$configfile = 'authmysqlrc';
		if(is_file("$config_dir/$configfile")){
305
306
			copy("$config_dir/$configfile", "$config_dir/$configfile~");
		}
tbrehm's avatar
tbrehm committed
307
		exec("chmod 400 $config_dir/$configfile~");
308
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
309
310
311
312
		$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
		$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
		$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
		$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
313
		$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
tbrehm's avatar
tbrehm committed
314
		wf("$config_dir/$configfile", $content);
315

tbrehm's avatar
tbrehm committed
316
317
		exec("chmod 660 $config_dir/$configfile");
		exec("chown root:root $config_dir/$configfile");
318

tbrehm's avatar
tbrehm committed
319
320
321
		//* authdaemonrc
		$configfile = $conf['courier']['config_dir'].'/authdaemonrc';
		if(is_file($configfile)){
322
323
			copy($configfile, $configfile.'~');
		}
tbrehm's avatar
tbrehm committed
324
		if(is_file($configfile.'~')){
325
326
			exec('chmod 400 '.$configfile.'~');
		}
tbrehm's avatar
tbrehm committed
327
328
329
330
		$content = rf($configfile);
		$content = str_replace('authmodulelist=', 'authmodulelist="authmysql"', $content);
		wf($configfile, $content);
	}
331

tbrehm's avatar
tbrehm committed
332
	public function configure_dovecot()
333
	{
tbrehm's avatar
tbrehm committed
334
		global $conf;
335

Dominik Müller's avatar
Dominik Müller committed
336
		$virtual_transport = 'dovecot';
337
338

		$configure_lmtp = false;
Dominik Müller's avatar
Dominik Müller committed
339
340
341
		
		// check if virtual_transport must be changed
		if ($this->is_update) {
342
			$tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
Dominik Müller's avatar
Dominik Müller committed
343
344
345
346
347
			$ini_array = ini_to_array(stripslashes($tmp['config']));
			// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
			
			if(isset($ini_array['mail']['mailbox_virtual_uidgid_maps']) && $ini_array['mail']['mailbox_virtual_uidgid_maps'] == 'y') {
				$virtual_transport = 'lmtp:unix:private/dovecot-lmtp';
348
				$configure_lmtp = true;
Dominik Müller's avatar
Dominik Müller committed
349
350
351
			}
		}

352
		$config_dir = $conf['postfix']['config_dir'];
tbrehm's avatar
tbrehm committed
353
		//* Configure master.cf and add a line for deliver
354
355
356
357
		if ($this->postfix_master()) {
			exec ("postconf -M dovecot.unix", $out, $ret);
			$add_dovecot_service = @($out[0]=='')?true:false;
		} else { //* fallback - postfix < 2.9
Florian Schaal's avatar
Florian Schaal committed
358
			$content = rf($config_dir.'/master.cf');
359
			$add_dovecot_service = @(!stristr($content, "dovecot/deliver"))?true:false;
360
		}
361
362
363
364
365
366
367
368
369
370
		if($add_dovecot_service) {
			//* backup
			if(is_file($config_dir.'/master.cf')){
				copy($config_dir.'/master.cf', $config_dir.'/master.cf~2');
			}
			if(is_file($config_dir.'/master.cf~')){
				chmod($config_dir.'/master.cf~2', 0400);
			}
			//* Configure master.cf and add a line for deliver
			$content = rf($conf["postfix"]["config_dir"].'/master.cf');
Florian Schaal's avatar
Florian Schaal committed
371
			$deliver_content = 'dovecot   unix  -       n       n       -       -       pipe'."\n".'  flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop}';
372
			af($conf["postfix"]["config_dir"].'/master.cf', $deliver_content);
373
374
			unset($content);
			unset($deliver_content);
tbrehm's avatar
tbrehm committed
375
		}
376

tbrehm's avatar
tbrehm committed
377
378
379
380
		//* Reconfigure postfix to use dovecot authentication
		// Adding the amavisd commands to the postfix configuration
		$postconf_commands = array (
			'dovecot_destination_recipient_limit = 1',
Dominik Müller's avatar
Dominik Müller committed
381
			'virtual_transport = '.$virtual_transport,
tbrehm's avatar
tbrehm committed
382
383
384
			'smtpd_sasl_type = dovecot',
			'smtpd_sasl_path = private/auth',
		);
385

tbrehm's avatar
tbrehm committed
386
		// Make a backup copy of the main.cf file
387
388
		copy($conf["postfix"]["config_dir"].'/main.cf', $conf["postfix"]["config_dir"].'/main.cf~3');

tbrehm's avatar
tbrehm committed
389
390
391
392
393
		// Executing the postconf commands
		foreach($postconf_commands as $cmd) {
			$command = "postconf -e '$cmd'";
			caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
		}
394

395
396
397
398
		//* Use /etc/dovecot as config dir if exists
//		if(is_dir('/etc/dovecot')) $config_dir = '/etc/dovecot';
		$config_dir = $conf['dovecot']['config_dir'];

399
		//* backup dovecot.conf
tbrehm's avatar
tbrehm committed
400
401
		$configfile = 'dovecot.conf';
		if(is_file("$config_dir/$configfile")){
402
403
404
			copy("$config_dir/$configfile", "$config_dir/$configfile~");
		}

405
		//* Get the dovecot version
406
		exec('dovecot --version', $tmp);
407
		$dovecot_version = $tmp[0];
408
		unset($tmp);
409

410
		//* Copy dovecot configuration file
411
		if(version_compare($dovecot_version,2) >= 0) {
412
413
414
415
416
			if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot2.conf.master')) {
				copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot2.conf.master', $config_dir.'/'.$configfile);
			} else {
				copy('tpl/fedora_dovecot2.conf.master', $config_dir.'/'.$configfile);
			}
417
418
419
			if(version_compare($dovecot_version,2.1) < 0) {
				removeLine($config_dir.'/'.$configfile, 'ssl_protocols =');
			}
420
		} else {
421
422
423
424
425
			if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot.conf.master')) {
				copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot.conf.master', $config_dir.'/'.$configfile);
			} else {
				copy('tpl/fedora_dovecot.conf.master', $config_dir.'/'.$configfile);
			}
426
		}
427

428
429
430
431
432
		//* dovecot-lmtpd
		if($configure_lmtp) {
			replaceLine($config_dir.'/'.$configfile, 'protocols = imap pop3', 'protocols = imap pop3 lmtp', 1, 0);
		}

tbrehm's avatar
tbrehm committed
433
434
435
		//* dovecot-sql.conf
		$configfile = 'dovecot-sql.conf';
		if(is_file("$config_dir/$configfile")){
436
			copy("$config_dir/$configfile", "$config_dir/$configfile~");
tbrehm's avatar
tbrehm committed
437
			exec("chmod 400 $config_dir/$configfile~");
438
		}
439
440
		
		if(!@file_exists('/etc/dovecot-sql.conf')) exec('ln -s /etc/dovecot/dovecot-sql.conf /etc/dovecot-sql.conf');
441

442
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot-sql.conf.master', "tpl/fedora_dovecot-sql.conf.master");
443
444
445
446
		$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
		$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
		$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
		$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
447
		$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
448
		$content = str_replace('{server_id}', $conf['server_id'], $content);
tbrehm's avatar
tbrehm committed
449
		wf("$config_dir/$configfile", $content);
450

tbrehm's avatar
tbrehm committed
451
452
		exec("chmod 600 $config_dir/$configfile");
		exec("chown root:root $config_dir/$configfile");
453
454
		
		// Dovecot shall ignore mounts in website directory
455
		if(is_installed('doveadm')) exec("doveadm mount add '/var/www/*' ignore > /dev/null 2> /dev/null");
tbrehm's avatar
tbrehm committed
456
457

	}
458

tbrehm's avatar
tbrehm committed
459
460
	public function configure_amavis() {
		global $conf;
461

tbrehm's avatar
tbrehm committed
462
463
		// amavisd user config file
		$configfile = 'fedora_amavisd_conf';
464
		if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf')) copy($conf["amavis"]["config_dir"].'/amavisd.conf', $conf["amavis"]["config_dir"].'/amavisd.conf~');
tbrehm's avatar
tbrehm committed
465
		if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf~')) exec('chmod 400 '.$conf["amavis"]["config_dir"].'/amavisd.conf~');
466
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/".$configfile.".master");
467
468
469
470
471
472
473
		$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
		$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
		$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
		$content = str_replace('{mysql_server_port}', $conf["mysql"]["port"], $content);
		$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
		$content = str_replace('{hostname}', $conf['hostname'], $content);
		wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content);
474
		chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
475
476


tbrehm's avatar
tbrehm committed
477
478
479
480
481
		// Adding the amavisd commands to the postfix configuration
		$postconf_commands = array (
			'content_filter = amavis:[127.0.0.1]:10024',
			'receive_override_options = no_address_mappings'
		);
482

tbrehm's avatar
tbrehm committed
483
		// Make a backup copy of the main.cf file
484
485
		copy($conf["postfix"]["config_dir"].'/main.cf', $conf["postfix"]["config_dir"].'/main.cf~2');

tbrehm's avatar
tbrehm committed
486
487
488
489
490
		// Executing the postconf commands
		foreach($postconf_commands as $cmd) {
			$command = "postconf -e '$cmd'";
			caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
		}
491

492
493
494
495
496
497
498
499
500
501
502
503
504
505
		$config_dir = $conf['postfix']['config_dir'];

		// Adding amavis-services to the master.cf file if the service does not already exists
		if ($this->postfix_master()) {
			exec ("postconf -M amavis.unix", $out, $ret);
			$add_amavis = @($out[0]=='')?true:false;
			unset($out);
			exec ("postconf -M 127.0.0.1:10025.inet", $out, $ret);
			$add_amavis_10025 = @($out[0]=='')?true:false;
			unset($out);
			exec ("postconf -M 127.0.0.1:10027.inet", $out, $ret);
			$add_amavis_10027 = @($out[0]=='')?true:false;
			unset($out);
		} else { //* fallback - postfix < 2.9
506
			$content = rf($conf['postfix']['config_dir'].'/master.cf');
507
508
509
			$add_amavis = @(!preg_match('/^amavis\s+unix\s+/m', $content))?true:false;
			$add_amavis_10025 = @(!preg_match('/^127.0.0.1:10025\s+/m', $content))?true:false;
			$add_amavis_10027 = @(!preg_match('/^127.0.0.1:10027\s+/m', $content))?true:false;
510
		}
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530

		if ($add_amavis || $add_amavis_10025 || $add_amavis_10027) {
			//* backup master.cf
			if(is_file($config_dir.'/master.cf')) copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
			// adjust amavis-config
			if($add_amavis) {
				$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis.master', 'tpl/master_cf_amavis.master');
				af($config_dir.'/master.cf', $content);
				unset($content);
			}
			if ($add_amavis_10025) {
				$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10025.master', 'tpl/master_cf_amavis10025.master');
				af($config_dir.'/master.cf', $content);
				unset($content);
			}
			if ($add_amavis_10027) {
				$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10027.master', 'tpl/master_cf_amavis10027.master');
				af($config_dir.'/master.cf', $content);
				unset($content);
			}
tbrehm's avatar
tbrehm committed
531
		}
532
533
534
535

		removeLine('/etc/sysconfig/freshclam', 'FRESHCLAM_DELAY=disabled-warn   # REMOVE ME', 1);
		replaceLine('/etc/freshclam.conf', 'Example', '# Example', 1);

tbrehm's avatar
tbrehm committed
536
537
		// Add the clamav user to the vscan group
		//exec('groupmod --add-user clamav vscan');
538
539


tbrehm's avatar
tbrehm committed
540
	}
541

tbrehm's avatar
tbrehm committed
542
	public function configure_spamassassin()
543
	{
tbrehm's avatar
tbrehm committed
544
		global $conf;
545

tbrehm's avatar
tbrehm committed
546
547
548
549
550
551
552
553
554
555
556
		//* Enable spamasasssin on debian and ubuntu
		/*
		$configfile = '/etc/default/spamassassin';
		if(is_file($configfile)){
            copy($configfile, $configfile.'~');
        }
		$content = rf($configfile);
		$content = str_replace('ENABLED=0', 'ENABLED=1', $content);
		wf($configfile, $content);
		*/
	}
557

tbrehm's avatar
tbrehm committed
558
	public function configure_getmail()
559
	{
tbrehm's avatar
tbrehm committed
560
		global $conf;
561

tbrehm's avatar
tbrehm committed
562
		$config_dir = $conf['getmail']['config_dir'];
563

tbrehm's avatar
tbrehm committed
564
565
566
		if(!is_dir($config_dir)) exec("mkdir -p ".escapeshellcmd($config_dir));

		$command = "useradd -d $config_dir getmail";
567
		if(!is_user('getmail')) caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
568

tbrehm's avatar
tbrehm committed
569
570
		$command = "chown -R getmail $config_dir";
		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
571

tbrehm's avatar
tbrehm committed
572
573
574
		$command = "chmod -R 700 $config_dir";
		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	}
575
576


tbrehm's avatar
tbrehm committed
577
	public function configure_pureftpd()
578
	{
tbrehm's avatar
tbrehm committed
579
		global $conf;
580

tbrehm's avatar
tbrehm committed
581
582
583
584
585
		$config_dir = $conf['pureftpd']['config_dir'];

		//* configure pam for SMTP authentication agains the ispconfig database
		$configfile = 'pureftpd-mysql.conf';
		if(is_file("$config_dir/$configfile")){
586
587
			copy("$config_dir/$configfile", "$config_dir/$configfile~");
		}
tbrehm's avatar
tbrehm committed
588
		if(is_file("$config_dir/$configfile~")){
589
590
			exec("chmod 400 $config_dir/$configfile~");
		}
591
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/pureftpd_mysql.conf.master', 'tpl/pureftpd_mysql.conf.master');
tbrehm's avatar
tbrehm committed
592
593
594
595
596
597
598
599
		$content = str_replace('{mysql_server_ispconfig_user}', $conf["mysql"]["ispconfig_user"], $content);
		$content = str_replace('{mysql_server_ispconfig_password}', $conf["mysql"]["ispconfig_password"], $content);
		$content = str_replace('{mysql_server_database}', $conf["mysql"]["database"], $content);
		$content = str_replace('{mysql_server_ip}', $conf["mysql"]["ip"], $content);
		$content = str_replace('{server_id}', $conf["server_id"], $content);
		wf("$config_dir/$configfile", $content);
		exec("chmod 600 $config_dir/$configfile");
		exec("chown root:root $config_dir/$configfile");
600

tbrehm's avatar
tbrehm committed
601
		// copy our customized copy of pureftpd.conf to the pure-ftpd config directory
602
		if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_pureftpd_conf.master')) {
603
604
605
606
607
			exec("cp " . $conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_pureftpd_conf.master ' . "$config_dir/pure-ftpd.conf");
		}else {
			exec("cp tpl/fedora_pureftpd_conf.master $config_dir/pure-ftpd.conf");
		}

tbrehm's avatar
tbrehm committed
608
	}
609

tbrehm's avatar
tbrehm committed
610
	public function configure_mydns()
611
	{
tbrehm's avatar
tbrehm committed
612
		global $conf;
613

tbrehm's avatar
tbrehm committed
614
615
		// configure mydns
		$configfile = 'mydns.conf';
616
		if(is_file($conf["mydns"]["config_dir"].'/'.$configfile)) copy($conf["mydns"]["config_dir"].'/'.$configfile, $conf["mydns"]["config_dir"].'/'.$configfile.'~');
tbrehm's avatar
tbrehm committed
617
		if(is_file($conf["mydns"]["config_dir"].'/'.$configfile.'~')) exec('chmod 400 '.$conf["mydns"]["config_dir"].'/'.$configfile.'~');
618
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/".$configfile.".master");
619
620
621
622
		$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
		$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
		$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
		$content = str_replace('{mysql_server_host}', $conf["mysql"]["host"], $content);
623
		$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
624
625
		$content = str_replace('{server_id}', $conf["server_id"], $content);
		wf($conf["mydns"]["config_dir"].'/'.$configfile, $content);
tbrehm's avatar
tbrehm committed
626
627
		exec('chmod 600 '.$conf["mydns"]["config_dir"].'/'.$configfile);
		exec('chown root:root '.$conf["mydns"]["config_dir"].'/'.$configfile);
628

tbrehm's avatar
tbrehm committed
629
	}
630

tbrehm's avatar
tbrehm committed
631
632
	public function configure_bind() {
		global $conf;
633

tbrehm's avatar
tbrehm committed
634
		// add the include line at the end of named.conf.
635
		replaceLine('/etc/named.conf', 'include "/etc/named.conf.local";', 'include "/etc/named.conf.local";', 0, 1);
636
637
638

		//* Check if the zonefile directory has a slash at the end
		$content=$conf['bind']['bind_zonefiles_dir'];
639
		if(substr($content, -1, 1) != '/') {
640
641
642
643
644
645
646
647
648
649
			$content .= '/';
		}

		//* Create the slave subdirectory
		$content .= 'slave';
		$content_mkdir = 'mkdir -p '.$content;
		exec($content_mkdir);

		//* Chown the slave subdirectory to $conf['bind']['bind_user']
		exec('chown '.$conf['bind']['bind_user'].':'.$conf['bind']['bind_group'].' '.$content);
650
		exec('chmod 2770 '.$content);
651

tbrehm's avatar
tbrehm committed
652
	}
653

tbrehm's avatar
tbrehm committed
654
	public function configure_apache()
655
	{
tbrehm's avatar
tbrehm committed
656
		global $conf;
657

658
		if($conf['apache']['installed'] == false) return;
659
		if(is_file('/etc/suphp.conf')) {
tbrehm's avatar
tbrehm committed
660
			//replaceLine('/etc/suphp.conf','php=php:/usr/bin','x-httpd-suphp=php:/usr/bin/php-cgi',0);
661
662
			replaceLine('/etc/suphp.conf', 'docroot=', 'docroot=/var/www', 0);
			replaceLine('/etc/suphp.conf', 'umask=0077', 'umask=0022', 0);
663
		}
664

tbrehm's avatar
tbrehm committed
665
666
		//* Create the logging directory for the vhost logfiles
		exec('mkdir -p /var/log/ispconfig/httpd');
667

tbrehm's avatar
tbrehm committed
668
669
670
		// Sites enabled and avaulable dirs
		exec('mkdir -p '.$conf['apache']['vhost_conf_enabled_dir']);
		exec('mkdir -p '.$conf['apache']['vhost_conf_dir']);
671

tbrehm's avatar
tbrehm committed
672
		$content = rf('/etc/httpd/conf/httpd.conf');
673
674
		if(!stristr($content, 'Include /etc/httpd/conf/sites-enabled/')) {
			af('/etc/httpd/conf/httpd.conf', "\nNameVirtualHost *:80\nNameVirtualHost *:443\nInclude /etc/httpd/conf/sites-enabled/\n\n");
tbrehm's avatar
tbrehm committed
675
676
		}
		unset($content);
677

678
		//* Copy the ISPConfig configuration include
679
680
681
		$vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
		$vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];

682
683
684
		$tpl = new tpl('apache_ispconfig.conf.master');
		$tpl->setVar('apache_version',getapacheversion());
		
685
		$records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);
686
687
		$ip_addresses = array();
		
688
		if(is_array($records) && count($records) > 0) {
689
			foreach($records as $rec) {
690
691
692
693
694
				if($rec['ip_type'] == 'IPv6') {
					$ip_address = '['.$rec['ip_address'].']';
				} else {
					$ip_address = $rec['ip_address'];
				}
695
				$ports = explode(',', $rec['virtualhost_port']);
696
697
698
699
				if(is_array($ports)) {
					foreach($ports as $port) {
						$port = intval($port);
						if($port > 0 && $port < 65536 && $ip_address != '') {
700
							$ip_addresses[] = array('ip_address' => $ip_address, 'port' => $port);
701
702
703
						}
					}
				}
704
705
			}
		}
706
		
Till Brehm's avatar
Till Brehm committed
707
		if(count($ip_addresses) > 0) $tpl->setLoop('ip_adresses',$ip_addresses);
708

709
710
		wf($vhost_conf_dir.'/ispconfig.conf', $tpl->grab());
		unset($tpl);
711

712
713
714
		if(!@is_link($vhost_conf_enabled_dir."/000-ispconfig.conf")) {
			exec("ln -s ".$vhost_conf_dir."/ispconfig.conf ".$vhost_conf_enabled_dir."/000-ispconfig.conf");
		}
715

tbrehm's avatar
tbrehm committed
716
717
718
719
720
		//* make sure that webalizer finds its config file when it is directly in /etc
		if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
			exec('mkdir /etc/webalizer');
			exec('ln -s /etc/webalizer.conf /etc/webalizer/webalizer.conf');
		}
721

tbrehm's avatar
tbrehm committed
722
723
		if(is_file('/etc/webalizer/webalizer.conf')) {
			// Change webalizer mode to incremental
724
725
726
			replaceLine('/etc/webalizer/webalizer.conf', '#IncrementalName', 'IncrementalName webalizer.current', 0, 0);
			replaceLine('/etc/webalizer/webalizer.conf', '#Incremental', 'Incremental     yes', 0, 0);
			replaceLine('/etc/webalizer/webalizer.conf', '#HistoryName', 'HistoryName     webalizer.hist', 0, 0);
tbrehm's avatar
tbrehm committed
727
		}
728

tbrehm's avatar
tbrehm committed
729
730
731
		//* add a sshusers group
		$command = 'groupadd sshusers';
		if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
732

tbrehm's avatar
tbrehm committed
733
	}
734

735
736
	public function configure_nginx(){
		global $conf;
737

738
739
740
		if($conf['nginx']['installed'] == false) return;
		//* Create the logging directory for the vhost logfiles
		if(!@is_dir($conf['ispconfig_log_dir'].'/httpd')) mkdir($conf['ispconfig_log_dir'].'/httpd', 0755, true);
741

742
743
744
745
		// Sites enabled and avaulable dirs
		exec('mkdir -p '.$conf['nginx']['vhost_conf_enabled_dir']);
		exec('mkdir -p '.$conf['nginx']['vhost_conf_dir']);

746
		wf('/etc/nginx/conf.d/ispconfig_vhosts.conf', "include /etc/nginx/sites-enabled/*.vhost;");
747
748
749
750

		//* make sure that webalizer finds its config file when it is directly in /etc
		if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
			mkdir('/etc/webalizer');
751
			symlink('/etc/webalizer.conf', '/etc/webalizer/webalizer.conf');
752
753
754
755
		}

		if(is_file('/etc/webalizer/webalizer.conf')) {
			// Change webalizer mode to incremental
756
757
758
			replaceLine('/etc/webalizer/webalizer.conf', '#IncrementalName', 'IncrementalName webalizer.current', 0, 0);
			replaceLine('/etc/webalizer/webalizer.conf', '#Incremental', 'Incremental     yes', 0, 0);
			replaceLine('/etc/webalizer/webalizer.conf', '#HistoryName', 'HistoryName     webalizer.hist', 0, 0);
759
		}
760

761
762
		// Check the awsatst script
		if(!is_dir('/usr/share/awstats/tools')) exec('mkdir -p /usr/share/awstats/tools');
763
764
765
		if(!file_exists('/usr/share/awstats/tools/awstats_buildstaticpages.pl') && file_exists('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl')) symlink('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl', '/usr/share/awstats/tools/awstats_buildstaticpages.pl');
		if(file_exists('/etc/awstats/awstats.conf.local')) replaceLine('/etc/awstats/awstats.conf.local', 'LogFormat=4', 'LogFormat=1', 0, 1);

766
767
768
769
		//* add a sshusers group
		$command = 'groupadd sshusers';
		if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	}
770

771
	public function configure_bastille_firewall()
tbrehm's avatar
tbrehm committed
772
773
	{
		global $conf;
774

tbrehm's avatar
tbrehm committed
775
		$dist_init_scripts = $conf['init_scripts'];
776

tbrehm's avatar
tbrehm committed
777
778
		if(is_dir("/etc/Bastille.backup")) caselog("rm -rf /etc/Bastille.backup", __FILE__, __LINE__);
		if(is_dir("/etc/Bastille")) caselog("mv -f /etc/Bastille /etc/Bastille.backup", __FILE__, __LINE__);
779
780
781
782
783
784
785
786
787
788
789
790
791
		@mkdir("/etc/Bastille", octdec($directory_mode));
		if(is_dir("/etc/Bastille.backup/firewall.d")) caselog("cp -pfr /etc/Bastille.backup/firewall.d /etc/Bastille/", __FILE__, __LINE__);
		if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/bastille-firewall.cfg.master')) {
			caselog("cp -f " . $conf['ispconfig_install_dir']."/server/conf-custom/install/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
		} else {
			caselog("cp -f tpl/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
		}
		caselog("chmod 644 /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
		$content = rf("/etc/Bastille/bastille-firewall.cfg");
		$content = str_replace("{DNS_SERVERS}", "", $content);

		$tcp_public_services = '';
		$udp_public_services = '';
tbrehm's avatar
tbrehm committed
792

793
		$row = $this->db->queryOneRecord('SELECT * FROM ?? WHERE server_id = ?', $conf["mysql"]["database"] . '.firewall', $conf['server_id']);
794
795
796
797
798
799
800
801

		if(trim($row["tcp_port"]) != '' || trim($row["udp_port"]) != ''){
			$tcp_public_services = trim(str_replace(',', ' ', $row["tcp_port"]));
			$udp_public_services = trim(str_replace(',', ' ', $row["udp_port"]));
		} else {
			$tcp_public_services = '21 22 25 53 80 110 443 3306 8080 10000';
			$udp_public_services = '53';
		}
tbrehm's avatar
tbrehm committed
802
		if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) {
fantu's avatar
fantu committed
803
			$tcp_public_services .= ' '.intval($conf['apache']['vhost_port']);
804
			if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ? WHERE server_id = ?", ',' . intval($conf['apache']['vhost_port']), $conf['server_id']);
tbrehm's avatar
tbrehm committed
805
		}
tbrehm's avatar
tbrehm committed
806

807
808
		$content = str_replace("{TCP_PUBLIC_SERVICES}", $tcp_public_services, $content);
		$content = str_replace("{UDP_PUBLIC_SERVICES}", $udp_public_services, $content);
tbrehm's avatar
tbrehm committed
809

810
		wf("/etc/Bastille/bastille-firewall.cfg", $content);
tbrehm's avatar
tbrehm committed
811

812
813
814
815
816
817
818
819
820
821
822
		if(is_file($dist_init_scripts."/bastille-firewall")) caselog("mv -f $dist_init_scripts/bastille-firewall $dist_init_scripts/bastille-firewall.backup", __FILE__, __LINE__);
		caselog("cp -f apps/bastille-firewall $dist_init_scripts", __FILE__, __LINE__);
		caselog("chmod 700 $dist_init_scripts/bastille-firewall", __FILE__, __LINE__);

		if(is_file("/sbin/bastille-ipchains")) caselog("mv -f /sbin/bastille-ipchains /sbin/bastille-ipchains.backup", __FILE__, __LINE__);
		caselog("cp -f apps/bastille-ipchains /sbin", __FILE__, __LINE__);
		caselog("chmod 700 /sbin/bastille-ipchains", __FILE__, __LINE__);

		if(is_file("/sbin/bastille-netfilter")) caselog("mv -f /sbin/bastille-netfilter /sbin/bastille-netfilter.backup", __FILE__, __LINE__);
		caselog("cp -f apps/bastille-netfilter /sbin", __FILE__, __LINE__);
		caselog("chmod 700 /sbin/bastille-netfilter", __FILE__, __LINE__);
tbrehm's avatar
tbrehm committed
823
824
825

		if(!@is_dir('/var/lock/subsys')) caselog("mkdir /var/lock/subsys", __FILE__, __LINE__);

826
827
828
829
830
831
		exec("which ipchains &> /dev/null", $ipchains_location, $ret_val);
		if(!is_file("/sbin/ipchains") && !is_link("/sbin/ipchains") && $ret_val == 0) phpcaselog(@symlink(shell_exec("which ipchains"), "/sbin/ipchains"), 'create symlink', __FILE__, __LINE__);
		unset($ipchains_location);
		exec("which iptables &> /dev/null", $iptables_location, $ret_val);
		if(!is_file("/sbin/iptables") && !is_link("/sbin/iptables") && $ret_val == 0) phpcaselog(@symlink(trim(shell_exec("which iptables")), "/sbin/iptables"), 'create symlink', __FILE__, __LINE__);
		unset($iptables_location);
tbrehm's avatar
tbrehm committed
832
833

	}
834

tbrehm's avatar
tbrehm committed
835
	public function install_ispconfig()
836
	{
tbrehm's avatar
tbrehm committed
837
		global $conf;
838

tbrehm's avatar
tbrehm committed
839
840
841
842
843
844
845
		$install_dir = $conf['ispconfig_install_dir'];

		//* Create the ISPConfig installation directory
		if(!@is_dir("$install_dir")) {
			$command = "mkdir $install_dir";
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
		}
846

tbrehm's avatar
tbrehm committed
847
848
		//* Create a ISPConfig user and group
		$command = 'groupadd ispconfig';
849
		if(!is_group('ispconfig')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
850

tbrehm's avatar
tbrehm committed
851
		$command = "useradd -g ispconfig -d $install_dir ispconfig";
852
		if(!is_user('ispconfig')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
853

tbrehm's avatar
tbrehm committed
854
855
856
		//* copy the ISPConfig interface part
		$command = "cp -rf ../interface $install_dir";
		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
857

tbrehm's avatar
tbrehm committed
858
859
860
		//* copy the ISPConfig server part
		$command = "cp -rf ../server $install_dir";
		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
861
		
862
863
864
		//* Make a backup of the security settings
		if(is_file('/usr/local/ispconfig/security/security_settings.ini')) copy('/usr/local/ispconfig/security/security_settings.ini','/usr/local/ispconfig/security/security_settings.ini~');
		
865
866
867
		//* copy the ISPConfig security part
		$command = 'cp -rf ../security '.$install_dir;
		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
		
		//* Apply changed security_settings.ini values to new security_settings.ini file
		if(is_file('/usr/local/ispconfig/security/security_settings.ini~')) {
			$security_settings_old = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini~'));
			$security_settings_new = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini'));
			if(is_array($security_settings_new) && is_array($security_settings_old)) {
				foreach($security_settings_new as $section => $sval) {
					if(is_array($sval)) {
						foreach($sval as $key => $val) {
							if(isset($security_settings_old[$section]) && isset($security_settings_old[$section][$key])) {
								$security_settings_new[$section][$key] = $security_settings_old[$section][$key];
							}
						}
					}
				}
				file_put_contents('/usr/local/ispconfig/security/security_settings.ini',array_to_ini($security_settings_new));
			}
		}
886

tbrehm's avatar
tbrehm committed
887
888
889
890
		//* Create a symlink, so ISPConfig is accessible via web
		// Replaced by a separate vhost definition for port 8080
		// $command = "ln -s $install_dir/interface/web/ /var/www/ispconfig";
		// caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
891

tbrehm's avatar
tbrehm committed
892
893
894
		//* Create the config file for ISPConfig interface
		$configfile = 'config.inc.php';
		if(is_file($install_dir.'/interface/lib/'.$configfile)){
895
896
			copy("$install_dir/interface/lib/$configfile", "$install_dir/interface/lib/$configfile~");
		}
897
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
tbrehm's avatar
tbrehm committed
898
		$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
899
		$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
tbrehm's avatar
tbrehm committed
900
901
		$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
		$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
902
		$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
903

904
905
906
907
		$content = str_replace('{mysql_master_server_ispconfig_user}', $conf['mysql']['master_ispconfig_user'], $content);
		$content = str_replace('{mysql_master_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content);
		$content = str_replace('{mysql_master_server_database}', $conf['mysql']['master_database'], $content);
		$content = str_replace('{mysql_master_server_host}', $conf['mysql']['master_host'], $content);
908
		$content = str_replace('{mysql_master_server_port}', $conf['mysql']['master_port'], $content);
909

910
		$content = str_replace('{server_id}', $conf['server_id'], $content);
tbrehm's avatar
tbrehm committed
911
		$content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
912
		$content = str_replace('{language}', $conf['language'], $content);
913
		$content = str_replace('{timezone}', $conf['timezone'], $content);
cfoe's avatar
cfoe committed
914
		$content = str_replace('{theme}', $conf['theme'], $content);
915
		$content = str_replace('{language_file_import_enabled}', ($conf['language_file_import_enabled'] == true)?'true':'false', $content);
916

tbrehm's avatar
tbrehm committed
917
		wf("$install_dir/interface/lib/$configfile", $content);
918

tbrehm's avatar
tbrehm committed
919
920
921
		//* Create the config file for ISPConfig server
		$configfile = 'config.inc.php';
		if(is_file($install_dir.'/server/lib/'.$configfile)){
922
923
			copy("$install_dir/server/lib/$configfile", "$install_dir/interface/lib/$configfile~");
		}
924
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
tbrehm's avatar
tbrehm committed
925
926
927
928