Merge branch 'master_fixes' into 'master'

Marius Cramer

2014-10-29 4e52e111c859bc586d0379c7cda59111555c9ac0

 install/dist/lib/gentoo.lib.php

@@ -49,7 +49,7 @@

   public function configure_postfix($options = '')
   {
      global $conf;
      global $conf,$autoinstall;

      $cf = $conf['postfix'];
      $config_dir = $cf['config_dir'];
@@ -119,8 +119,13 @@
      //* Create the SSL certificate
      if (!stristr($options, 'dont-create-certs'))
      {
         $command = 'cd '.$config_dir.'; '
            .'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509';
         if(AUTOINSTALL){
            $command = 'cd '.$config_dir.'; '
               ."openssl req -new -subj '/C=".escapeshellcmd($autoinstall['ssl_cert_country'])."/ST=".escapeshellcmd($autoinstall['ssl_cert_state'])."/L=".escapeshellcmd($autoinstall['ssl_cert_locality'])."/O=".escapeshellcmd($autoinstall['ssl_cert_organisation'])."/OU=".escapeshellcmd($autoinstall['ssl_cert_organisation_unit'])."/CN=".escapeshellcmd($autoinstall['ssl_cert_common_name'])."' -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509";
         } else {
            $command = 'cd '.$config_dir.'; '
               .'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';
         }
         exec($command);

         $command = 'chmod o= '.$config_dir.'/smtpd.key';
@@ -220,6 +225,19 @@
   {
      global $conf;

      $virtual_transport = 'dovecot';
		
      // check if virtual_transport must be changed
      if ($this->is_update) {
         $tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
         $ini_array = ini_to_array(stripslashes($tmp['config']));
         // ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
			
         if(isset($ini_array['mail']['mailbox_virtual_uidgid_maps']) && $ini_array['mail']['mailbox_virtual_uidgid_maps'] == 'y') {
            $virtual_transport = 'lmtp:unix:private/dovecot-lmtp';
         }
      }

      $config_dir = $conf['dovecot']['config_dir'];

      $configfile = $conf['postfix']['config_dir'].'/master.cf';
@@ -245,7 +263,7 @@
      //* Reconfigure postfix to use dovecot authentication
      $postconf_commands = array (
         'dovecot_destination_recipient_limit = 1',
         'virtual_transport = lmtp:unix:private/dovecot-lmtp',
         'virtual_transport = '.$virtual_transport,
         'smtpd_sasl_type = dovecot',
         'smtpd_sasl_path = private/auth'
      );
@@ -519,6 +537,7 @@


      //* Copy the ISPConfig configuration include
      /*
      $content = $this->get_template_file('apache_ispconfig.conf', true);

      $records = $this->db->queryAllRecords("SELECT * FROM server_ip WHERE server_id = ".$conf["server_id"]." AND virtualhost = 'y'");
@@ -531,6 +550,37 @@
      }

      $this->write_config_file($conf['apache']['vhost_conf_dir'].'/000-ispconfig.conf', $content);
      */
		
      $tpl = new tpl('apache_ispconfig.conf.master');
      $tpl->setVar('apache_version',getapacheversion());
		
      $records = $this->db->queryAllRecords('SELECT * FROM '.$conf['mysql']['master_database'].'.server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'");
      $ip_addresses = array();
		
      if(is_array($records) && count($records) > 0) {
         foreach($records as $rec) {
            if($rec['ip_type'] == 'IPv6') {
               $ip_address = '['.$rec['ip_address'].']';
            } else {
               $ip_address = $rec['ip_address'];
            }
            $ports = explode(',', $rec['virtualhost_port']);
            if(is_array($ports)) {
               foreach($ports as $port) {
                  $port = intval($port);
                  if($port > 0 && $port < 65536 && $ip_address != '') {
                     $ip_addresses[] = array('ip_address' => $ip_address, 'port' => $port);
                  }
               }
            }
         }
      }
		
      if(count($ip_addresses) > 0) $tpl->setLoop('ip_adresses',$ip_addresses);

      wf($conf['apache']['vhost_conf_dir'].'/000-ispconfig.conf', $tpl->grab());
      unset($tpl);

      //* Gentoo by default does not include .vhost files. Add include line to config file.
      $content = rf($conf['apache']['config_file']);
@@ -735,6 +785,31 @@
      //* copy the ISPConfig server part
      $command = "cp -rf ../server $install_dir";
      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
		
      //* Make a backup of the security settings
      if(is_file('/usr/local/ispconfig/security/security_settings.ini')) copy('/usr/local/ispconfig/security/security_settings.ini','/usr/local/ispconfig/security/security_settings.ini~');
		
      //* copy the ISPConfig security part
      $command = 'cp -rf ../security '.$install_dir;
      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
		
      //* Apply changed security_settings.ini values to new security_settings.ini file
      if(is_file('/usr/local/ispconfig/security/security_settings.ini~')) {
         $security_settings_old = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini~'));
         $security_settings_new = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini'));
         if(is_array($security_settings_new) && is_array($security_settings_old)) {
            foreach($security_settings_new as $section => $sval) {
               if(is_array($sval)) {
                  foreach($sval as $key => $val) {
                     if(isset($security_settings_old[$section]) && isset($security_settings_old[$section][$key])) {
                        $security_settings_new[$section][$key] = $security_settings_old[$section][$key];
                     }
                  }
               }
            }
            file_put_contents('/usr/local/ispconfig/security/security_settings.ini',array_to_ini($security_settings_new));
         }
      }


      //* Create the config file for ISPConfig interface
@@ -838,12 +913,38 @@
         $this->db->query($sql);
      }

      //* Chmod the files
      $command = "chmod -R 750 $install_dir";
      // chown install dir to root and chmod 755
      $command = 'chown root:root '.$install_dir;
      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
      $command = 'chmod 755 '.$install_dir;
      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

      //* chown the files to the ispconfig user and group
      $command = "chown -R ispconfig:ispconfig $install_dir";
      //* Chmod the files and directories in the install dir
      $command = 'chmod -R 750 '.$install_dir.'/*';
      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

      //* chown the interface files to the ispconfig user and group
      $command = 'chown -R ispconfig:ispconfig '.$install_dir.'/interface';
      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
		
      //* chown the server files to the root user and group
      $command = 'chown -R root:root '.$install_dir.'/server';
      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
		
      //* chown the security files to the root user and group
      $command = 'chown -R root:root '.$install_dir.'/security';
      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
		
      //* chown the security directory and security_settings.ini to root:ispconfig
      $command = 'chown root:ispconfig '.$install_dir.'/security/security_settings.ini';
      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
      $command = 'chown root:ispconfig '.$install_dir.'/security';
      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
      $command = 'chown root:ispconfig '.$install_dir.'/security/ids.whitelist';
      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
      $command = 'chown root:ispconfig '.$install_dir.'/security/ids.htmlfield';
      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
      $command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
      caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

      //* Make the global language file directory group writable
@@ -898,6 +999,8 @@
         exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
         exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
      }
		
      exec('chown -R root:root /usr/local/ispconfig/interface/ssl');

      // TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing
      // and must be fixed as this will allow the apache user to read the ispconfig files.
@@ -1071,6 +1174,9 @@

      //* Remove Domain module as its functions are available in the client module now
      if(@is_dir('/usr/local/ispconfig/interface/web/domain')) exec('rm -rf /usr/local/ispconfig/interface/web/domain');
		
      // Add symlink for patch tool
      if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch');

   }