fedora.lib.php 63.3 KB
Newer Older
tbrehm's avatar
tbrehm committed
1
2
3
<?php

/*
redray's avatar
redray committed
4
Copyright (c) 2007, Till Brehm, projektfarm Gmbh
tbrehm's avatar
tbrehm committed
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
All rights reserved.

Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:

    * Redistributions of source code must retain the above copyright notice,
      this list of conditions and the following disclaimer.
    * Redistributions in binary form must reproduce the above copyright notice,
      this list of conditions and the following disclaimer in the documentation
      and/or other materials provided with the distribution.
    * Neither the name of ISPConfig nor the names of its contributors
      may be used to endorse or promote products derived from this software without
      specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/

tbrehm's avatar
tbrehm committed
31
class installer_dist extends installer_base {
32
33
34
35
36
37
38
39
40
41
42
43

	public function configure_mailman($status = 'insert') {
		global $conf;

		$config_dir = $conf['mailman']['config_dir'].'/';
		$full_file_name = $config_dir.'mm_cfg.py';
		//* Backup exiting file
		if(is_file($full_file_name)) {
			copy($full_file_name, $config_dir.'mm_cfg.py~');
		}

		// load files
44
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/mm_cfg.py.master', 'tpl/mm_cfg.py.master');
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
		$old_file = rf($full_file_name);

		$old_options = array();
		$lines = explode("\n", $old_file);
		foreach ($lines as $line)
		{
			if (trim($line) != '' && substr($line, 0, 1) != '#')
			{
				@list($key, $value) = @explode("=", $line);
				if (!empty($value))
				{
					$key = rtrim($key);
					$old_options[$key] = trim($value);
				}
			}
		}
61

62
63
64
65
66
67
68
69
70
71
		if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');
		exec('/usr/sbin/postmap /var/lib/mailman/data/transport-mailman');

		$virtual_domains = '';
		if($status == 'update')
		{
			// create virtual_domains list
			$domainAll = $this->db->queryAllRecords("SELECT domain FROM mail_mailinglist GROUP BY domain");

			if(is_array($domainAll)) {
72
73
74
75
76
77
78
				foreach($domainAll as $domain)
				{
					if ($domainAll[0]['domain'] == $domain['domain'])
						$virtual_domains .= "'".$domain['domain']."'";
					else
						$virtual_domains .= ", '".$domain['domain']."'";
				}
79
80
81
82
83
84
85
86
87
88
89
			}
		}
		else
			$virtual_domains = "' '";

		$content = str_replace('{hostname}', $conf['hostname'], $content);
		if(!isset($old_options['DEFAULT_SERVER_LANGUAGE'])) $old_options['DEFAULT_SERVER_LANGUAGE'] = '';
		$content = str_replace('{default_language}', $old_options['DEFAULT_SERVER_LANGUAGE'], $content);
		$content = str_replace('{virtual_domains}', $virtual_domains, $content);

		wf($full_file_name, $content);
90

91
92
93
		//* Write virtual_to_transport.sh script
		$config_dir = $conf['mailman']['config_dir'].'/';
		$full_file_name = $config_dir.'virtual_to_transport.sh';
94

95
96
97
98
		//* Backup exiting virtual_to_transport.sh script
		if(is_file($full_file_name)) {
			copy($full_file_name, $config_dir.'virtual_to_transport.sh~');
		}
99

100
		if(is_dir('/etc/mailman')) {
101
102
103
104
105
106
107
			if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/mailman-virtual_to_transport.sh')) {
				copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/mailman-virtual_to_transport.sh', $full_file_name);
			} else {
				copy('tpl/mailman-virtual_to_transport.sh', $full_file_name);
			}
			chgrp($full_file_name, 'mailman');
			chmod($full_file_name, 0750);
108
		}
109

110
111
		//* Create aliasaes
		exec('/usr/lib/mailman/bin/genaliases 2>/dev/null');
112

113
	}
114

tbrehm's avatar
tbrehm committed
115
	function configure_postfix($options = '')
116
	{
117
		global $conf,$autoinstall;
tbrehm's avatar
tbrehm committed
118
119
		$cf = $conf['postfix'];
		$config_dir = $cf['config_dir'];
120

tbrehm's avatar
tbrehm committed
121
		if(!is_dir($config_dir)){
122
123
124
			$this->error("The postfix configuration directory '$config_dir' does not exist.");
		}

tbrehm's avatar
tbrehm committed
125
		//* mysql-virtual_domains.cf
126
		$this->process_postfix_config('mysql-virtual_domains.cf');
tbrehm's avatar
tbrehm committed
127
128

		//* mysql-virtual_forwardings.cf
129
		$this->process_postfix_config('mysql-virtual_forwardings.cf');
tbrehm's avatar
tbrehm committed
130
131

		//* mysql-virtual_mailboxes.cf
132
		$this->process_postfix_config('mysql-virtual_mailboxes.cf');
tbrehm's avatar
tbrehm committed
133
134

		//* mysql-virtual_email2email.cf
135
		$this->process_postfix_config('mysql-virtual_email2email.cf');
tbrehm's avatar
tbrehm committed
136
137

		//* mysql-virtual_transports.cf
138
		$this->process_postfix_config('mysql-virtual_transports.cf');
tbrehm's avatar
tbrehm committed
139
140

		//* mysql-virtual_recipient.cf
141
		$this->process_postfix_config('mysql-virtual_recipient.cf');
tbrehm's avatar
tbrehm committed
142
143

		//* mysql-virtual_sender.cf
144
		$this->process_postfix_config('mysql-virtual_sender.cf');
tbrehm's avatar
tbrehm committed
145
146

		//* mysql-virtual_client.cf
147
148
		$this->process_postfix_config('mysql-virtual_client.cf');

tbrehm's avatar
tbrehm committed
149
		//* mysql-virtual_relaydomains.cf
150
151
		$this->process_postfix_config('mysql-virtual_relaydomains.cf');

152
		//* mysql-virtual_relayrecipientmaps.cf
153
		$this->process_postfix_config('mysql-virtual_relayrecipientmaps.cf');
tbrehm's avatar
tbrehm committed
154
155
156

		//* Changing mode and group of the new created config files.
		caselog('chmod o= '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
157
158
159
160
			__FILE__, __LINE__, 'chmod on mysql-virtual_*.cf*', 'chmod on mysql-virtual_*.cf* failed');
		caselog('chgrp '.$cf['group'].' '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
			__FILE__, __LINE__, 'chgrp on mysql-virtual_*.cf*', 'chgrp on mysql-virtual_*.cf* failed');

tbrehm's avatar
tbrehm committed
161
162
		//* Creating virtual mail user and group
		$command = 'groupadd -g '.$cf['vmail_groupid'].' '.$cf['vmail_groupname'];
163
		if(!is_group($cf['vmail_groupname'])) caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
tbrehm's avatar
tbrehm committed
164
165

		$command = 'useradd -g '.$cf['vmail_groupname'].' -u '.$cf['vmail_userid'].' '.$cf['vmail_username'].' -d '.$cf['vmail_mailbox_base'].' -m';
166
167
168
169
170
171
172
173
174
175
		if(!is_user($cf['vmail_username'])) caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

		//* These postconf commands will be executed on installation and update
		$server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ".$conf['server_id']);
		$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
		unset($server_ini_rec);

		//* If there are RBL's defined, format the list and add them to smtp_recipient_restrictions to prevent removeal after an update
		$rbl_list = '';
		if (@isset($server_ini_array['mail']['realtime_blackhole_list']) && $server_ini_array['mail']['realtime_blackhole_list'] != '') {
176
			$rbl_hosts = explode(",", str_replace(" ", "", $server_ini_array['mail']['realtime_blackhole_list']));
177
178
179
180
181
182
			foreach ($rbl_hosts as $key => $value) {
				$rbl_list .= ", reject_rbl_client ". $value;
			}
		}
		unset($rbl_hosts);
		unset($server_ini_array);
tbrehm's avatar
tbrehm committed
183

184
		//* These postconf commands will be executed on installation and update
185
186
187
188
189
190
191
192
193
194
		$postconf_placeholders = array('{config_dir}' => $config_dir,
			'{vmail_mailbox_base}' => $cf['vmail_mailbox_base'],
			'{vmail_userid}' => $cf['vmail_userid'],
			'{vmail_groupid}' => $cf['vmail_groupid'],
			'{rbl_list}' => $rbl_list);

		$postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_postfix.conf.master', 'tpl/fedora_postfix.conf.master');
		$postconf_tpl = strtr($postconf_tpl, $postconf_placeholders);
		$postconf_commands = array_filter(explode("\n", $postconf_tpl)); // read and remove empty lines

195
196
		//* These postconf commands will be executed on installation only
		if($this->is_update == false) {
197
198
199
200
201
			$postconf_commands = array_merge($postconf_commands, array(
					'myhostname = '.$conf['hostname'],
					'mydestination = '.$conf['hostname'].', localhost, localhost.localdomain',
					'mynetworks = 127.0.0.0/8 [::1]/128'
				));
202
		}
203

tbrehm's avatar
tbrehm committed
204
205
206
207
208
		//* Create the header and body check files
		touch($config_dir.'/header_checks');
		touch($config_dir.'/mime_header_checks');
		touch($config_dir.'/nested_header_checks');
		touch($config_dir.'/body_checks');
209

210
211
212
213
		//* Create the mailman files
		if(!is_dir('/var/lib/mailman/data')) exec('mkdir -p /var/lib/mailman/data');
		//if(!is_file('/var/lib/mailman/data/aliases')) touch('/var/lib/mailman/data/aliases');
		if(is_file('/var/lib/mailman/data/aliases')) unlink('/var/lib/mailman/data/aliases');
214
		if(!is_link('/var/lib/mailman/data/aliases')) symlink('/etc/mailman/aliases', '/var/lib/mailman/data/aliases');
215
		exec('postalias /var/lib/mailman/data/aliases');
216
217
		if(!is_file('/etc/mailman/virtual-mailman')) touch('/etc/mailman/virtual-mailman');
		exec('postmap /etc/mailman/virtual-mailman');
218
219
		if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');
		exec('/usr/sbin/postmap /var/lib/mailman/data/transport-mailman');
220

tbrehm's avatar
tbrehm committed
221
222
		//* Make a backup copy of the main.cf file
		copy($config_dir.'/main.cf', $config_dir.'/main.cf~');
223

tbrehm's avatar
tbrehm committed
224
225
226
227
228
		//* Executing the postconf commands
		foreach($postconf_commands as $cmd) {
			$command = "postconf -e '$cmd'";
			caselog($command." &> /dev/null", __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
		}
229
230

		if(!stristr($options, 'dont-create-certs')) {
tbrehm's avatar
tbrehm committed
231
			//* Create the SSL certificate
Till Brehm's avatar
Till Brehm committed
232
233
			if(AUTOINSTALL){
				$command = 'cd '.$config_dir.'; '
234
					."openssl req -new -subj '/C=".escapeshellcmd($autoinstall['ssl_cert_country'])."/ST=".escapeshellcmd($autoinstall['ssl_cert_state'])."/L=".escapeshellcmd($autoinstall['ssl_cert_locality'])."/O=".escapeshellcmd($autoinstall['ssl_cert_organisation'])."/OU=".escapeshellcmd($autoinstall['ssl_cert_organisation_unit'])."/CN=".escapeshellcmd($autoinstall['ssl_cert_common_name'])."' -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509";
Till Brehm's avatar
Till Brehm committed
235
236
			} else {
				$command = 'cd '.$config_dir.'; '
237
238
					.'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';
			}
tbrehm's avatar
tbrehm committed
239
			exec($command);
240

redray's avatar
redray committed
241
			$command = 'chmod o= '.$config_dir.'/smtpd.key';
tbrehm's avatar
tbrehm committed
242
243
			caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
		}
244

tbrehm's avatar
tbrehm committed
245
246
247
		//** We have to change the permissions of the courier authdaemon directory to make it accessible for maildrop.
		$command = 'chmod 755 /var/spool/authdaemon';
		caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
248

tbrehm's avatar
tbrehm committed
249
250
		//* Changing maildrop lines in posfix master.cf
		if(is_file($config_dir.'/master.cf')){
251
252
			copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
		}
tbrehm's avatar
tbrehm committed
253
		if(is_file($config_dir.'/master.cf~')){
254
255
			exec('chmod 400 '.$config_dir.'/master.cf~');
		}
tbrehm's avatar
tbrehm committed
256
257
		$configfile = $config_dir.'/master.cf';
		$content = rf($configfile);
tbrehm's avatar
tbrehm committed
258
		// if postfix package is from fedora or centios main repo
259
260
261
262
		$content = str_replace('#  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}',
			'  flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
			$content);

tbrehm's avatar
tbrehm committed
263
		// If postfix package is from centos plus repo
264
265
266
267
268
269
270
271
272
273
274
275
276
		$content = str_replace('#  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}',
			'  flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
			$content);

		$content = str_replace('  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}',
			'  flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
			$content);


		$content = str_replace('#maildrop  unix  -       n       n       -       -       pipe',
			'maildrop  unix  -       n       n       -       -       pipe',
			$content);

tbrehm's avatar
tbrehm committed
277
		wf($configfile, $content);
278

tbrehm's avatar
tbrehm committed
279
280
281
		//* Writing the Maildrop mailfilter file
		$configfile = 'mailfilter';
		if(is_file($cf['vmail_mailbox_base'].'/.'.$configfile)){
282
283
			copy($cf['vmail_mailbox_base'].'/.'.$configfile, $cf['vmail_mailbox_base'].'/.'.$configfile.'~');
		}
284
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
tbrehm's avatar
tbrehm committed
285
286
		$content = str_replace('{dist_postfix_vmail_mailbox_base}', $cf['vmail_mailbox_base'], $content);
		wf($cf['vmail_mailbox_base'].'/.'.$configfile, $content);
287

tbrehm's avatar
tbrehm committed
288
289
290
		//* Create the directory for the custom mailfilters
		$command = 'mkdir '.$cf['vmail_mailbox_base'].'/mailfilters';
		caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
291

tbrehm's avatar
tbrehm committed
292
293
294
		//* Chmod and chown the .mailfilter file
		$command = 'chown -R '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base'].'/.mailfilter';
		caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
295

tbrehm's avatar
tbrehm committed
296
297
		$command = 'chmod -R 600 '.$cf['vmail_mailbox_base'].'/.mailfilter';
		caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
298

tbrehm's avatar
tbrehm committed
299
	}
300

tbrehm's avatar
tbrehm committed
301
302
	public function configure_saslauthd() {
		global $conf;
303

tbrehm's avatar
tbrehm committed
304
		$configfile = 'tpl/fedora_saslauthd_smtpd_conf.master';
305
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_saslauthd_smtpd_conf.master', $configfile);
306
307
308
309
		wf('/usr/lib/sasl2/smtpd.conf', $content);
		if(is_dir('/usr/lib64')) wf('/usr/lib64/sasl/smtpd.conf', $content);
		if(is_dir('/usr/lib64')) wf('/usr/lib64/sasl2/smtpd.conf', $content);

tbrehm's avatar
tbrehm committed
310
	}
311

tbrehm's avatar
tbrehm committed
312
	public function configure_pam()
313
	{
tbrehm's avatar
tbrehm committed
314
315
316
317
318
319
320
		global $conf;
		$pam = $conf['pam'];
		//* configure pam for SMTP authentication agains the ispconfig database
		$configfile = 'pamd_smtp';
		if(is_file("$pam/smtp"))    copy("$pam/smtp", "$pam/smtp~");
		if(is_file("$pam/smtp~"))   exec("chmod 400 $pam/smtp~");

321
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
tbrehm's avatar
tbrehm committed
322
323
324
325
326
		$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
		$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
		$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
		$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
		wf("$pam/smtp", $content);
327
328
		// On some OSes smtp is world readable which allows for reading database information.  Removing world readable rights should have no effect.
		if(is_file("$pam/smtp"))    exec("chmod o= $pam/smtp");
tbrehm's avatar
tbrehm committed
329
330
		//exec("chmod 660 $pam/smtp");
		//exec("chown root:root $pam/smtp");
331

tbrehm's avatar
tbrehm committed
332
	}
333

tbrehm's avatar
tbrehm committed
334
	public function configure_courier()
335
	{
tbrehm's avatar
tbrehm committed
336
337
338
339
340
		global $conf;
		$config_dir = $conf['courier']['config_dir'];
		//* authmysqlrc
		$configfile = 'authmysqlrc';
		if(is_file("$config_dir/$configfile")){
341
342
			copy("$config_dir/$configfile", "$config_dir/$configfile~");
		}
tbrehm's avatar
tbrehm committed
343
		exec("chmod 400 $config_dir/$configfile~");
344
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
345
346
347
348
		$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
		$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
		$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
		$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
tbrehm's avatar
tbrehm committed
349
		wf("$config_dir/$configfile", $content);
350

tbrehm's avatar
tbrehm committed
351
352
		exec("chmod 660 $config_dir/$configfile");
		exec("chown root:root $config_dir/$configfile");
353

tbrehm's avatar
tbrehm committed
354
355
356
		//* authdaemonrc
		$configfile = $conf['courier']['config_dir'].'/authdaemonrc';
		if(is_file($configfile)){
357
358
			copy($configfile, $configfile.'~');
		}
tbrehm's avatar
tbrehm committed
359
		if(is_file($configfile.'~')){
360
361
			exec('chmod 400 '.$configfile.'~');
		}
tbrehm's avatar
tbrehm committed
362
363
364
365
		$content = rf($configfile);
		$content = str_replace('authmodulelist=', 'authmodulelist="authmysql"', $content);
		wf($configfile, $content);
	}
366

tbrehm's avatar
tbrehm committed
367
	public function configure_dovecot()
368
	{
tbrehm's avatar
tbrehm committed
369
		global $conf;
370

tbrehm's avatar
tbrehm committed
371
		$config_dir = $conf['dovecot']['config_dir'];
372

373
374
		//* Use /etc/dovecot as config dir if exists
		if(is_dir('/etc/dovecot')) $config_dir = '/etc/dovecot';
375

tbrehm's avatar
tbrehm committed
376
377
		//* Configure master.cf and add a line for deliver
		if(is_file($config_dir.'/master.cf')){
378
379
			copy($config_dir.'/master.cf', $config_dir.'/master.cf~2');
		}
tbrehm's avatar
tbrehm committed
380
		if(is_file($config_dir.'/master.cf~')){
381
382
			exec('chmod 400 '.$config_dir.'/master.cf~2');
		}
tbrehm's avatar
tbrehm committed
383
384
		$content = rf($conf["postfix"]["config_dir"].'/master.cf');
		// Only add the content if we had not addded it before
385
		if(!stristr($content, "dovecot/deliver")) {
386
			$deliver_content = 'dovecot   unix  -       n       n       -       -       pipe'."\n".'  flags=DROhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop}';
387
			af($conf["postfix"]["config_dir"].'/master.cf', $deliver_content);
tbrehm's avatar
tbrehm committed
388
389
390
		}
		unset($content);
		unset($deliver_content);
391
392


tbrehm's avatar
tbrehm committed
393
394
395
396
397
398
399
400
		//* Reconfigure postfix to use dovecot authentication
		// Adding the amavisd commands to the postfix configuration
		$postconf_commands = array (
			'dovecot_destination_recipient_limit = 1',
			'virtual_transport = dovecot',
			'smtpd_sasl_type = dovecot',
			'smtpd_sasl_path = private/auth',
		);
401

tbrehm's avatar
tbrehm committed
402
		// Make a backup copy of the main.cf file
403
404
		copy($conf["postfix"]["config_dir"].'/main.cf', $conf["postfix"]["config_dir"].'/main.cf~3');

tbrehm's avatar
tbrehm committed
405
406
407
408
409
		// Executing the postconf commands
		foreach($postconf_commands as $cmd) {
			$command = "postconf -e '$cmd'";
			caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
		}
410

411
		//* backup dovecot.conf
tbrehm's avatar
tbrehm committed
412
413
		$configfile = 'dovecot.conf';
		if(is_file("$config_dir/$configfile")){
414
415
416
			copy("$config_dir/$configfile", "$config_dir/$configfile~");
		}

417
		//* Get the dovecot version
418
		exec('dovecot --version', $tmp);
419
		$dovecot_version = $tmp[0];
420
		unset($tmp);
421

422
		//* Copy dovecot configuration file
423
		if(version_compare($dovecot_version,2) >= 0) {
424
425
426
427
428
			if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot2.conf.master')) {
				copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot2.conf.master', $config_dir.'/'.$configfile);
			} else {
				copy('tpl/fedora_dovecot2.conf.master', $config_dir.'/'.$configfile);
			}
429
430
431
			if(version_compare($dovecot_version,2.1) < 0) {
				removeLine($config_dir.'/'.$configfile, 'ssl_protocols =');
			}
432
		} else {
433
434
435
436
437
			if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot.conf.master')) {
				copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot.conf.master', $config_dir.'/'.$configfile);
			} else {
				copy('tpl/fedora_dovecot.conf.master', $config_dir.'/'.$configfile);
			}
438
		}
439

tbrehm's avatar
tbrehm committed
440
441
442
		//* dovecot-sql.conf
		$configfile = 'dovecot-sql.conf';
		if(is_file("$config_dir/$configfile")){
443
			copy("$config_dir/$configfile", "$config_dir/$configfile~");
tbrehm's avatar
tbrehm committed
444
			exec("chmod 400 $config_dir/$configfile~");
445
		}
446
447
		
		if(!@file_exists('/etc/dovecot-sql.conf')) exec('ln -s /etc/dovecot/dovecot-sql.conf /etc/dovecot-sql.conf');
448

449
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot-sql.conf.master', "tpl/fedora_dovecot-sql.conf.master");
450
451
452
453
		$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
		$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
		$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
		$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
454
		$content = str_replace('{server_id}', $conf['server_id'], $content);
tbrehm's avatar
tbrehm committed
455
		wf("$config_dir/$configfile", $content);
456

tbrehm's avatar
tbrehm committed
457
458
		exec("chmod 600 $config_dir/$configfile");
		exec("chown root:root $config_dir/$configfile");
459
460
		
		// Dovecot shall ignore mounts in website directory
461
		if(is_installed('doveadm')) exec("doveadm mount add '/var/www/*' ignore > /dev/null 2> /dev/null");
tbrehm's avatar
tbrehm committed
462
463

	}
464

tbrehm's avatar
tbrehm committed
465
466
	public function configure_amavis() {
		global $conf;
467

tbrehm's avatar
tbrehm committed
468
469
		// amavisd user config file
		$configfile = 'fedora_amavisd_conf';
470
		if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf')) copy($conf["amavis"]["config_dir"].'/amavisd.conf', $conf["amavis"]["config_dir"].'/amavisd.conf~');
tbrehm's avatar
tbrehm committed
471
		if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf~')) exec('chmod 400 '.$conf["amavis"]["config_dir"].'/amavisd.conf~');
472
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/".$configfile.".master");
473
474
475
476
477
478
479
480
481
		$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
		$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
		$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
		$content = str_replace('{mysql_server_port}', $conf["mysql"]["port"], $content);
		$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
		$content = str_replace('{hostname}', $conf['hostname'], $content);
		wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content);


tbrehm's avatar
tbrehm committed
482
483
484
485
486
		// Adding the amavisd commands to the postfix configuration
		$postconf_commands = array (
			'content_filter = amavis:[127.0.0.1]:10024',
			'receive_override_options = no_address_mappings'
		);
487

tbrehm's avatar
tbrehm committed
488
		// Make a backup copy of the main.cf file
489
490
		copy($conf["postfix"]["config_dir"].'/main.cf', $conf["postfix"]["config_dir"].'/main.cf~2');

tbrehm's avatar
tbrehm committed
491
492
493
494
495
		// Executing the postconf commands
		foreach($postconf_commands as $cmd) {
			$command = "postconf -e '$cmd'";
			caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
		}
496

tbrehm's avatar
tbrehm committed
497
		// Append the configuration for amavisd to the master.cf file
498
		if(is_file($conf["postfix"]["config_dir"].'/master.cf')) copy($conf["postfix"]["config_dir"].'/master.cf', $conf["postfix"]["config_dir"].'/master.cf~');
tbrehm's avatar
tbrehm committed
499
500
		$content = rf($conf["postfix"]["config_dir"].'/master.cf');
		// Only add the content if we had not addded it before
501
		if(!stristr($content, "127.0.0.1:10025")) {
tbrehm's avatar
tbrehm committed
502
			unset($content);
503
			$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis.master', "tpl/master_cf_amavis.master");
504
			af($conf["postfix"]["config_dir"].'/master.cf', $content);
tbrehm's avatar
tbrehm committed
505
506
		}
		unset($content);
507
508
509
510

		removeLine('/etc/sysconfig/freshclam', 'FRESHCLAM_DELAY=disabled-warn   # REMOVE ME', 1);
		replaceLine('/etc/freshclam.conf', 'Example', '# Example', 1);

tbrehm's avatar
tbrehm committed
511
512
		// Add the clamav user to the vscan group
		//exec('groupmod --add-user clamav vscan');
513
514


tbrehm's avatar
tbrehm committed
515
	}
516

tbrehm's avatar
tbrehm committed
517
	public function configure_spamassassin()
518
	{
tbrehm's avatar
tbrehm committed
519
		global $conf;
520

tbrehm's avatar
tbrehm committed
521
522
523
524
525
526
527
528
529
530
531
		//* Enable spamasasssin on debian and ubuntu
		/*
		$configfile = '/etc/default/spamassassin';
		if(is_file($configfile)){
            copy($configfile, $configfile.'~');
        }
		$content = rf($configfile);
		$content = str_replace('ENABLED=0', 'ENABLED=1', $content);
		wf($configfile, $content);
		*/
	}
532

tbrehm's avatar
tbrehm committed
533
	public function configure_getmail()
534
	{
tbrehm's avatar
tbrehm committed
535
		global $conf;
536

tbrehm's avatar
tbrehm committed
537
		$config_dir = $conf['getmail']['config_dir'];
538

tbrehm's avatar
tbrehm committed
539
540
541
		if(!is_dir($config_dir)) exec("mkdir -p ".escapeshellcmd($config_dir));

		$command = "useradd -d $config_dir getmail";
542
		if(!is_user('getmail')) caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
543

tbrehm's avatar
tbrehm committed
544
545
		$command = "chown -R getmail $config_dir";
		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
546

tbrehm's avatar
tbrehm committed
547
548
549
		$command = "chmod -R 700 $config_dir";
		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	}
550
551


tbrehm's avatar
tbrehm committed
552
	public function configure_pureftpd()
553
	{
tbrehm's avatar
tbrehm committed
554
		global $conf;
555

tbrehm's avatar
tbrehm committed
556
557
558
559
560
		$config_dir = $conf['pureftpd']['config_dir'];

		//* configure pam for SMTP authentication agains the ispconfig database
		$configfile = 'pureftpd-mysql.conf';
		if(is_file("$config_dir/$configfile")){
561
562
			copy("$config_dir/$configfile", "$config_dir/$configfile~");
		}
tbrehm's avatar
tbrehm committed
563
		if(is_file("$config_dir/$configfile~")){
564
565
			exec("chmod 400 $config_dir/$configfile~");
		}
566
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/pureftpd_mysql.conf.master', 'tpl/pureftpd_mysql.conf.master');
tbrehm's avatar
tbrehm committed
567
568
569
570
571
572
573
574
		$content = str_replace('{mysql_server_ispconfig_user}', $conf["mysql"]["ispconfig_user"], $content);
		$content = str_replace('{mysql_server_ispconfig_password}', $conf["mysql"]["ispconfig_password"], $content);
		$content = str_replace('{mysql_server_database}', $conf["mysql"]["database"], $content);
		$content = str_replace('{mysql_server_ip}', $conf["mysql"]["ip"], $content);
		$content = str_replace('{server_id}', $conf["server_id"], $content);
		wf("$config_dir/$configfile", $content);
		exec("chmod 600 $config_dir/$configfile");
		exec("chown root:root $config_dir/$configfile");
575

tbrehm's avatar
tbrehm committed
576
		// copy our customized copy of pureftpd.conf to the pure-ftpd config directory
577
		if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_pureftpd_conf.master')) {
578
579
580
581
582
			exec("cp " . $conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_pureftpd_conf.master ' . "$config_dir/pure-ftpd.conf");
		}else {
			exec("cp tpl/fedora_pureftpd_conf.master $config_dir/pure-ftpd.conf");
		}

tbrehm's avatar
tbrehm committed
583
	}
584

tbrehm's avatar
tbrehm committed
585
	public function configure_mydns()
586
	{
tbrehm's avatar
tbrehm committed
587
		global $conf;
588

tbrehm's avatar
tbrehm committed
589
590
		// configure mydns
		$configfile = 'mydns.conf';
591
		if(is_file($conf["mydns"]["config_dir"].'/'.$configfile)) copy($conf["mydns"]["config_dir"].'/'.$configfile, $conf["mydns"]["config_dir"].'/'.$configfile.'~');
tbrehm's avatar
tbrehm committed
592
		if(is_file($conf["mydns"]["config_dir"].'/'.$configfile.'~')) exec('chmod 400 '.$conf["mydns"]["config_dir"].'/'.$configfile.'~');
593
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/".$configfile.".master");
594
595
596
597
598
599
		$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
		$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
		$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
		$content = str_replace('{mysql_server_host}', $conf["mysql"]["host"], $content);
		$content = str_replace('{server_id}', $conf["server_id"], $content);
		wf($conf["mydns"]["config_dir"].'/'.$configfile, $content);
tbrehm's avatar
tbrehm committed
600
601
		exec('chmod 600 '.$conf["mydns"]["config_dir"].'/'.$configfile);
		exec('chown root:root '.$conf["mydns"]["config_dir"].'/'.$configfile);
602

tbrehm's avatar
tbrehm committed
603
	}
604

tbrehm's avatar
tbrehm committed
605
606
	public function configure_bind() {
		global $conf;
607

tbrehm's avatar
tbrehm committed
608
		// add the include line at the end of named.conf.
609
		replaceLine('/etc/named.conf', 'include "/etc/named.conf.local";', 'include "/etc/named.conf.local";', 0, 1);
610
611
612

		//* Check if the zonefile directory has a slash at the end
		$content=$conf['bind']['bind_zonefiles_dir'];
613
		if(substr($content, -1, 1) != '/') {
614
615
616
617
618
619
620
621
622
623
624
			$content .= '/';
		}

		//* Create the slave subdirectory
		$content .= 'slave';
		$content_mkdir = 'mkdir -p '.$content;
		exec($content_mkdir);

		//* Chown the slave subdirectory to $conf['bind']['bind_user']
		exec('chown '.$conf['bind']['bind_user'].':'.$conf['bind']['bind_group'].' '.$content);
		exec('chmod 770 '.$content);
625

tbrehm's avatar
tbrehm committed
626
	}
627

tbrehm's avatar
tbrehm committed
628
	public function configure_apache()
629
	{
tbrehm's avatar
tbrehm committed
630
		global $conf;
631

632
		if($conf['apache']['installed'] == false) return;
633
		if(is_file('/etc/suphp.conf')) {
tbrehm's avatar
tbrehm committed
634
			//replaceLine('/etc/suphp.conf','php=php:/usr/bin','x-httpd-suphp=php:/usr/bin/php-cgi',0);
635
636
			replaceLine('/etc/suphp.conf', 'docroot=', 'docroot=/var/www', 0);
			replaceLine('/etc/suphp.conf', 'umask=0077', 'umask=0022', 0);
637
		}
638

tbrehm's avatar
tbrehm committed
639
640
		//* Create the logging directory for the vhost logfiles
		exec('mkdir -p /var/log/ispconfig/httpd');
641

tbrehm's avatar
tbrehm committed
642
643
644
		// Sites enabled and avaulable dirs
		exec('mkdir -p '.$conf['apache']['vhost_conf_enabled_dir']);
		exec('mkdir -p '.$conf['apache']['vhost_conf_dir']);
645

tbrehm's avatar
tbrehm committed
646
		$content = rf('/etc/httpd/conf/httpd.conf');
647
648
		if(!stristr($content, 'Include /etc/httpd/conf/sites-enabled/')) {
			af('/etc/httpd/conf/httpd.conf', "\nNameVirtualHost *:80\nNameVirtualHost *:443\nInclude /etc/httpd/conf/sites-enabled/\n\n");
tbrehm's avatar
tbrehm committed
649
650
		}
		unset($content);
651

652
		//* Copy the ISPConfig configuration include
653
654
655
		$vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
		$vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];

656
657
658
		$tpl = new tpl('apache_ispconfig.conf.master');
		$tpl->setVar('apache_version',getapacheversion());
		
659
		$records = $this->db->queryAllRecords('SELECT * FROM '.$conf['mysql']['master_database'].'.server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'");
660
661
		$ip_addresses = array();
		
662
		if(is_array($records) && count($records) > 0) {
663
			foreach($records as $rec) {
664
665
666
667
668
				if($rec['ip_type'] == 'IPv6') {
					$ip_address = '['.$rec['ip_address'].']';
				} else {
					$ip_address = $rec['ip_address'];
				}
669
				$ports = explode(',', $rec['virtualhost_port']);
670
671
672
673
				if(is_array($ports)) {
					foreach($ports as $port) {
						$port = intval($port);
						if($port > 0 && $port < 65536 && $ip_address != '') {
674
							$ip_addresses[] = array('ip_address' => $ip_address, 'port' => $port);
675
676
677
						}
					}
				}
678
679
			}
		}
680
		
Till Brehm's avatar
Till Brehm committed
681
		if(count($ip_addresses) > 0) $tpl->setLoop('ip_adresses',$ip_addresses);
682

683
684
		wf($vhost_conf_dir.'/ispconfig.conf', $tpl->grab());
		unset($tpl);
685

686
687
688
		if(!@is_link($vhost_conf_enabled_dir."/000-ispconfig.conf")) {
			exec("ln -s ".$vhost_conf_dir."/ispconfig.conf ".$vhost_conf_enabled_dir."/000-ispconfig.conf");
		}
689

tbrehm's avatar
tbrehm committed
690
691
692
693
694
		//* make sure that webalizer finds its config file when it is directly in /etc
		if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
			exec('mkdir /etc/webalizer');
			exec('ln -s /etc/webalizer.conf /etc/webalizer/webalizer.conf');
		}
695

tbrehm's avatar
tbrehm committed
696
697
		if(is_file('/etc/webalizer/webalizer.conf')) {
			// Change webalizer mode to incremental
698
699
700
			replaceLine('/etc/webalizer/webalizer.conf', '#IncrementalName', 'IncrementalName webalizer.current', 0, 0);
			replaceLine('/etc/webalizer/webalizer.conf', '#Incremental', 'Incremental     yes', 0, 0);
			replaceLine('/etc/webalizer/webalizer.conf', '#HistoryName', 'HistoryName     webalizer.hist', 0, 0);
tbrehm's avatar
tbrehm committed
701
		}
702

tbrehm's avatar
tbrehm committed
703
704
705
		//* add a sshusers group
		$command = 'groupadd sshusers';
		if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
706

tbrehm's avatar
tbrehm committed
707
	}
708

709
710
	public function configure_nginx(){
		global $conf;
711

712
713
714
		if($conf['nginx']['installed'] == false) return;
		//* Create the logging directory for the vhost logfiles
		if(!@is_dir($conf['ispconfig_log_dir'].'/httpd')) mkdir($conf['ispconfig_log_dir'].'/httpd', 0755, true);
715

716
717
718
719
		// Sites enabled and avaulable dirs
		exec('mkdir -p '.$conf['nginx']['vhost_conf_enabled_dir']);
		exec('mkdir -p '.$conf['nginx']['vhost_conf_dir']);

720
		wf('/etc/nginx/conf.d/ispconfig_vhosts.conf', "include /etc/nginx/sites-enabled/*.vhost;");
721
722
723
724

		//* make sure that webalizer finds its config file when it is directly in /etc
		if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
			mkdir('/etc/webalizer');
725
			symlink('/etc/webalizer.conf', '/etc/webalizer/webalizer.conf');
726
727
728
729
		}

		if(is_file('/etc/webalizer/webalizer.conf')) {
			// Change webalizer mode to incremental
730
731
732
			replaceLine('/etc/webalizer/webalizer.conf', '#IncrementalName', 'IncrementalName webalizer.current', 0, 0);
			replaceLine('/etc/webalizer/webalizer.conf', '#Incremental', 'Incremental     yes', 0, 0);
			replaceLine('/etc/webalizer/webalizer.conf', '#HistoryName', 'HistoryName     webalizer.hist', 0, 0);
733
		}
734

735
736
		// Check the awsatst script
		if(!is_dir('/usr/share/awstats/tools')) exec('mkdir -p /usr/share/awstats/tools');
737
738
739
		if(!file_exists('/usr/share/awstats/tools/awstats_buildstaticpages.pl') && file_exists('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl')) symlink('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl', '/usr/share/awstats/tools/awstats_buildstaticpages.pl');
		if(file_exists('/etc/awstats/awstats.conf.local')) replaceLine('/etc/awstats/awstats.conf.local', 'LogFormat=4', 'LogFormat=1', 0, 1);

740
741
742
743
		//* add a sshusers group
		$command = 'groupadd sshusers';
		if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
	}
744

tbrehm's avatar
tbrehm committed
745
746
747
	public function configure_firewall()
	{
		global $conf;
748

tbrehm's avatar
tbrehm committed
749
		$dist_init_scripts = $conf['init_scripts'];
750

tbrehm's avatar
tbrehm committed
751
752
		if(is_dir("/etc/Bastille.backup")) caselog("rm -rf /etc/Bastille.backup", __FILE__, __LINE__);
		if(is_dir("/etc/Bastille")) caselog("mv -f /etc/Bastille /etc/Bastille.backup", __FILE__, __LINE__);
753
754
755
756
757
758
759
760
761
762
763
764
765
		@mkdir("/etc/Bastille", octdec($directory_mode));
		if(is_dir("/etc/Bastille.backup/firewall.d")) caselog("cp -pfr /etc/Bastille.backup/firewall.d /etc/Bastille/", __FILE__, __LINE__);
		if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/bastille-firewall.cfg.master')) {
			caselog("cp -f " . $conf['ispconfig_install_dir']."/server/conf-custom/install/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
		} else {
			caselog("cp -f tpl/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
		}
		caselog("chmod 644 /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
		$content = rf("/etc/Bastille/bastille-firewall.cfg");
		$content = str_replace("{DNS_SERVERS}", "", $content);

		$tcp_public_services = '';
		$udp_public_services = '';
tbrehm's avatar
tbrehm committed
766

767
		$row = $this->db->queryOneRecord('SELECT * FROM '.$conf["mysql"]["database"].'.firewall WHERE server_id = '.intval($conf['server_id']));
768
769
770
771
772
773
774
775

		if(trim($row["tcp_port"]) != '' || trim($row["udp_port"]) != ''){
			$tcp_public_services = trim(str_replace(',', ' ', $row["tcp_port"]));
			$udp_public_services = trim(str_replace(',', ' ', $row["udp_port"]));
		} else {
			$tcp_public_services = '21 22 25 53 80 110 443 3306 8080 10000';
			$udp_public_services = '53';
		}
tbrehm's avatar
tbrehm committed
776
		if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) {
fantu's avatar
fantu committed
777
			$tcp_public_services .= ' '.intval($conf['apache']['vhost_port']);
fantu's avatar
fantu committed
778
			if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ',".intval($conf['apache']['vhost_port'])."' WHERE server_id = ".intval($conf['server_id']));
tbrehm's avatar
tbrehm committed
779
		}
tbrehm's avatar
tbrehm committed
780

781
782
783
784
785
786
787
788
		$content = str_replace("{TCP_PUBLIC_SERVICES}", $tcp_public_services, $content);
		$content = str_replace("{UDP_PUBLIC_SERVICES}", $udp_public_services, $content);

		wf("/etc/Bastille/bastille-firewall.cfg", $content);

		if(is_file($dist_init_scripts."/bastille-firewall")) caselog("mv -f $dist_init_scripts/bastille-firewall $dist_init_scripts/bastille-firewall.backup", __FILE__, __LINE__);
		caselog("cp -f apps/bastille-firewall $dist_init_scripts", __FILE__, __LINE__);
		caselog("chmod 700 $dist_init_scripts/bastille-firewall", __FILE__, __LINE__);
tbrehm's avatar
tbrehm committed
789

790
791
792
		if(is_file("/sbin/bastille-ipchains")) caselog("mv -f /sbin/bastille-ipchains /sbin/bastille-ipchains.backup", __FILE__, __LINE__);
		caselog("cp -f apps/bastille-ipchains /sbin", __FILE__, __LINE__);
		caselog("chmod 700 /sbin/bastille-ipchains", __FILE__, __LINE__);
tbrehm's avatar
tbrehm committed
793

794
795
796
		if(is_file("/sbin/bastille-netfilter")) caselog("mv -f /sbin/bastille-netfilter /sbin/bastille-netfilter.backup", __FILE__, __LINE__);
		caselog("cp -f apps/bastille-netfilter /sbin", __FILE__, __LINE__);
		caselog("chmod 700 /sbin/bastille-netfilter", __FILE__, __LINE__);
tbrehm's avatar
tbrehm committed
797
798
799

		if(!@is_dir('/var/lock/subsys')) caselog("mkdir /var/lock/subsys", __FILE__, __LINE__);

800
801
802
803
804
805
		exec("which ipchains &> /dev/null", $ipchains_location, $ret_val);
		if(!is_file("/sbin/ipchains") && !is_link("/sbin/ipchains") && $ret_val == 0) phpcaselog(@symlink(shell_exec("which ipchains"), "/sbin/ipchains"), 'create symlink', __FILE__, __LINE__);
		unset($ipchains_location);
		exec("which iptables &> /dev/null", $iptables_location, $ret_val);
		if(!is_file("/sbin/iptables") && !is_link("/sbin/iptables") && $ret_val == 0) phpcaselog(@symlink(trim(shell_exec("which iptables")), "/sbin/iptables"), 'create symlink', __FILE__, __LINE__);
		unset($iptables_location);
tbrehm's avatar
tbrehm committed
806
807

	}
808
809


tbrehm's avatar
tbrehm committed
810
	public function install_ispconfig()
811
	{
tbrehm's avatar
tbrehm committed
812
		global $conf;
813

tbrehm's avatar
tbrehm committed
814
815
816
817
818
819
820
		$install_dir = $conf['ispconfig_install_dir'];

		//* Create the ISPConfig installation directory
		if(!@is_dir("$install_dir")) {
			$command = "mkdir $install_dir";
			caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
		}
821

tbrehm's avatar
tbrehm committed
822
823
		//* Create a ISPConfig user and group
		$command = 'groupadd ispconfig';
824
		if(!is_group('ispconfig')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
825

tbrehm's avatar
tbrehm committed
826
		$command = "useradd -g ispconfig -d $install_dir ispconfig";
827
		if(!is_user('ispconfig')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
828

tbrehm's avatar
tbrehm committed
829
830
831
		//* copy the ISPConfig interface part
		$command = "cp -rf ../interface $install_dir";
		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
832

tbrehm's avatar
tbrehm committed
833
834
835
		//* copy the ISPConfig server part
		$command = "cp -rf ../server $install_dir";
		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
836
		
837
838
839
		//* Make a backup of the security settings
		if(is_file('/usr/local/ispconfig/security/security_settings.ini')) copy('/usr/local/ispconfig/security/security_settings.ini','/usr/local/ispconfig/security/security_settings.ini~');
		
840
841
842
		//* copy the ISPConfig security part
		$command = 'cp -rf ../security '.$install_dir;
		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
		
		//* Apply changed security_settings.ini values to new security_settings.ini file
		if(is_file('/usr/local/ispconfig/security/security_settings.ini~')) {
			$security_settings_old = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini~'));
			$security_settings_new = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini'));
			if(is_array($security_settings_new) && is_array($security_settings_old)) {
				foreach($security_settings_new as $section => $sval) {
					if(is_array($sval)) {
						foreach($sval as $key => $val) {
							if(isset($security_settings_old[$section]) && isset($security_settings_old[$section][$key])) {
								$security_settings_new[$section][$key] = $security_settings_old[$section][$key];
							}
						}
					}
				}
				file_put_contents('/usr/local/ispconfig/security/security_settings.ini',array_to_ini($security_settings_new));
			}
		}
861

tbrehm's avatar
tbrehm committed
862
863
864
865
		//* Create a symlink, so ISPConfig is accessible via web
		// Replaced by a separate vhost definition for port 8080
		// $command = "ln -s $install_dir/interface/web/ /var/www/ispconfig";
		// caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
866

tbrehm's avatar
tbrehm committed
867
868
869
		//* Create the config file for ISPConfig interface
		$configfile = 'config.inc.php';
		if(is_file($install_dir.'/interface/lib/'.$configfile)){
870
871
			copy("$install_dir/interface/lib/$configfile", "$install_dir/interface/lib/$configfile~");
		}
872
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
tbrehm's avatar
tbrehm committed
873
		$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
874
		$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
tbrehm's avatar
tbrehm committed
875
876
		$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
		$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
877

878
879
880
881
		$content = str_replace('{mysql_master_server_ispconfig_user}', $conf['mysql']['master_ispconfig_user'], $content);
		$content = str_replace('{mysql_master_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content);
		$content = str_replace('{mysql_master_server_database}', $conf['mysql']['master_database'], $content);
		$content = str_replace('{mysql_master_server_host}', $conf['mysql']['master_host'], $content);
882

883
		$content = str_replace('{server_id}', $conf['server_id'], $content);
tbrehm's avatar
tbrehm committed
884
		$content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
885
		$content = str_replace('{language}', $conf['language'], $content);
886
		$content = str_replace('{timezone}', $conf['timezone'], $content);
cfoe's avatar
cfoe committed
887
		$content = str_replace('{theme}', $conf['theme'], $content);
888
		$content = str_replace('{language_file_import_enabled}', ($conf['language_file_import_enabled'] == true)?'true':'false', $content);
889

tbrehm's avatar
tbrehm committed
890
		wf("$install_dir/interface/lib/$configfile", $content);
891

tbrehm's avatar
tbrehm committed
892
893
894
		//* Create the config file for ISPConfig server
		$configfile = 'config.inc.php';
		if(is_file($install_dir.'/server/lib/'.$configfile)){
895
896
			copy("$install_dir/server/lib/$configfile", "$install_dir/interface/lib/$configfile~");
		}
897
		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
tbrehm's avatar
tbrehm committed
898
899
900
901
		$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
		$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
		$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
		$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
902

903
904
905
906
		$content = str_replace('{mysql_master_server_ispconfig_user}', $conf['mysql']['master_ispconfig_user'], $content);
		$content = str_replace('{mysql_master_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content);
		$content = str_replace('{mysql_master_server_database}', $conf['mysql']['master_database'], $content);
		$content = str_replace('{mysql_master_server_host}', $conf['mysql']['master_host'], $content);
907

tbrehm's avatar
tbrehm committed
908
909
		$content = str_replace('{server_id}', $conf['server_id'], $content);
		$content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
910
		$content = str_replace('{language}', $conf['language'], $content);
911
		$content = str_replace('{timezone}', $conf['timezone'], $content);
cfoe's avatar
cfoe committed
912
		$content = str_replace('{theme}', $conf['theme'], $content);
913
		$content = str_replace('{language_file_import_enabled}', ($conf['language_file_import_enabled'] == true)?'true':'false', $content);
914

tbrehm's avatar
tbrehm committed
915
		wf("$install_dir/server/lib/$configfile", $content);
916

917
918
919
920
921
922
		//* Create the config file for remote-actions (but only, if it does not exist, because
		//  the value is a autoinc-value and so changed by the remoteaction_core_module
		if (!file_exists($install_dir.'/server/lib/remote_action.inc.php')) {
			$content = '<?php' . "\n" . '$maxid_remote_action = 0;' . "\n" . '?>';
			wf($install_dir.'/server/lib/remote_action.inc.php', $content);
		}
923
924


tbrehm's avatar
tbrehm committed
925
926
927
928
929
930
		//* Enable the server modules and plugins.
		// TODO: Implement a selector which modules and plugins shall be enabled.
		$dir = $install_dir.'/server/mods-available/';
		if (is_dir($dir)) {
			if ($dh = opendir($dir)) {
				while (($file = readdir($dh)) !== false) {
931
932
933
					if($file != '.' && $file != '..' && substr($file, -8, 8) == '.inc.php') {
						include_once $install_dir.'/server/mods-available/'.$file;
						$module_name = substr($file, 0, -8);