gitlabFork/ISPConfig3.git - Solinfo Gitblit

			@@ -167,7 +167,7 @@
			$app->log("Creating CA-signed SSL Cert for: $domain",LOGLEVEL_DEBUG);
			if (filesize($crt_file)==0 \|\| !file_exists($crt_file)) $app->log("CA-Certificate signing failed. openssl ca -out $crt_file -config ".$web_config['CA_path']."/openssl.cnf -passin pass:".$web_config['CA_pass']." -in $csr_file",LOGLEVEL_ERROR);
			};
			if (filesize($crt_file)==0 \|\| !file_exists($crt_file)){
			if (@filesize($crt_file)==0 \|\| !file_exists($crt_file)){
			exec("openssl req -x509 -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -in $csr_file -out $crt_file -days $ssl_days -config $config_file ");
			$app->log("Creating self-signed SSL Cert for: $domain",LOGLEVEL_DEBUG);
			};
			@@ -541,74 +541,76 @@

			if($this->action == 'insert' \|\| $data["new"]["system_user"] != $data["old"]["system_user"]) {
			// Chown and chmod the directories below the document root
			$this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));
			$this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/web');
			// The document root itself has to be owned by root in normal level and by the web owner in security level 20
			if($web_config['security_level'] == 20) {
			$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));
			$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/web');
			} else {
			$this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));
			$this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']).'/web');
			}
			}



			//* If the security level is set to high
			if($web_config['security_level'] == 20) {
			if($this->action == 'insert' && $data['new']['type'] == 'vhost') {
			if($web_config['security_level'] == 20) {

			$this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']));
			$this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']).'/*');
			$this->_exec('chmod 710 '.escapeshellcmd($data['new']['document_root'].'/web'));
			$this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']));
			$this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']).'/*');
			$this->_exec('chmod 710 '.escapeshellcmd($data['new']['document_root'].'/web'));

			// make tmp directory writable for Apache and the website users
			$this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp'));
			// make tmp directory writable for Apache and the website users
			$this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp'));

			// Set Log symlink to 755 to make the logs accessible by the FTP user
			$this->_exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"])."/log");
			// Set Log symlink to 755 to make the logs accessible by the FTP user
			$this->_exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"])."/log");

			$command = 'usermod';
			$command .= ' --groups sshusers';
			$command .= ' '.escapeshellcmd($data['new']['system_user']);
			$this->_exec($command);
			$command = 'usermod';
			$command .= ' --groups sshusers';
			$command .= ' '.escapeshellcmd($data['new']['system_user']);
			$this->_exec($command);

			//* if we have a chrooted Apache environment
			if($apache_chrooted) {
			$this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' '.$command);
			//* if we have a chrooted Apache environment
			if($apache_chrooted) {
			$this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' '.$command);

			//* add the apache user to the client group in the chroot environment
			$tmp_groupfile = $app->system->server_conf['group_datei'];
			$app->system->server_conf['group_datei'] = $web_config['website_basedir'].'/etc/group';
			//* add the apache user to the client group in the chroot environment
			$tmp_groupfile = $app->system->server_conf['group_datei'];
			$app->system->server_conf['group_datei'] = $web_config['website_basedir'].'/etc/group';
			$app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));
			$app->system->server_conf['group_datei'] = $tmp_groupfile;
			unset($tmp_groupfile);
			}

			//* add the Apache user to the client group
			$app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));
			$app->system->server_conf['group_datei'] = $tmp_groupfile;
			unset($tmp_groupfile);
			}

			//* add the Apache user to the client group
			$app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));
			$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));

			$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));
			/*
			* Workaround for jailkit: If jailkit is enabled for the site, the
			* website root has to be owned by the root user and we have to chmod it to 755 then
			*/

			/*
			* Workaround for jailkit: If jailkit is enabled for the site, the
			* website root has to be owned by the root user and we have to chmod it to 755 then
			*/
			//* Check if there is a jailkit user for this site
			$tmp = $app->db->queryOneRecord('SELECT count(shell_user_id) as number FROM shell_user WHERE parent_domain_id = '.$data['new']['domain_id']." AND chroot = 'jailkit'");
			if($tmp['number'] > 0) {
			$this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root']));
			$this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));
			}
			unset($tmp);

			//* Check if there is a jailkit user for this site
			$tmp = $app->db->queryOneRecord('SELECT count(shell_user_id) as number FROM shell_user WHERE parent_domain_id = '.$data['new']['domain_id']." AND chroot = 'jailkit'");
			if($tmp['number'] > 0) {
			// If the security Level is set to medium
			} else {

			$this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root']));
			$this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/*'));
			$this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));

			// make temp directory writable for Apache and the website users
			$this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp'));
			}
			unset($tmp);

			// If the security Level is set to medium
			} else {

			$this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root']));
			$this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/*'));
			$this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));

			// make temp directory writable for Apache and the website users
			$this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp'));
			}

			// Change the ownership of the error log to the owner of the website
			@@ -635,7 +637,7 @@
			if($master_php_ini_path != '' && substr($master_php_ini_path,-7) == 'php.ini' && is_file($master_php_ini_path)) {
			$php_ini_content .= file_get_contents($master_php_ini_path)."\n";
			}
			$php_ini_content .= trim($data['new']['custom_php_ini']);
			$php_ini_content .= str_replace("\r",'',trim($data['new']['custom_php_ini']));
			file_put_contents($custom_php_ini_dir.'/php.ini',$php_ini_content);
			} else {
			$has_custom_php_ini = false;
			@@ -1049,6 +1051,11 @@
			unlink($vhost_symlink);
			$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file,LOGLEVEL_DEBUG);
			}
			$vhost_symlink = escapeshellcmd($web_config['vhost_conf_enabled_dir'].'/'.$data['old']['domain'].'.vhost');
			if(is_link($vhost_symlink)) {
			unlink($vhost_symlink);
			$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file,LOGLEVEL_DEBUG);
			}
			$vhost_file = escapeshellcmd($web_config['vhost_conf_dir'].'/'.$data['old']['domain'].'.vhost');
			unlink($vhost_file);
			$app->log('Removing file: '.$vhost_file,LOGLEVEL_DEBUG);