ISPConfig3 devel
blame | history | patch | commit | commitdiff | ignore whitespace
tbrehm
2011-12-15 e589cc1dbb43111f7b7ecf21c99820baa8b7f45c 
 server/plugins-available/apache2_plugin.inc.php


@@ -167,7 +167,7 @@


               $app->log("Creating CA-signed SSL Cert for: $domain",LOGLEVEL_DEBUG);


               if (filesize($crt_file)==0 || !file_exists($crt_file)) $app->log("CA-Certificate signing failed.  openssl ca -out $crt_file -config ".$web_config['CA_path']."/openssl.cnf -passin pass:".$web_config['CA_pass']." -in $csr_file",LOGLEVEL_ERROR);


            };


            if (filesize($crt_file)==0 || !file_exists($crt_file)){


            if (@filesize($crt_file)==0 || !file_exists($crt_file)){


               exec("openssl req -x509 -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -in $csr_file -out $crt_file -days $ssl_days -config $config_file ");


               $app->log("Creating self-signed SSL Cert for: $domain",LOGLEVEL_DEBUG);


            };


@@ -190,7 +190,7 @@


      //* Save a SSL certificate to disk


      if($data["new"]["ssl_action"] == 'save') {


         $ssl_dir = $data["new"]["document_root"]."/ssl";


         $domain = $data["new"]["ssl_domain"];


         $domain = ($data["new"]["ssl_domain"] != '')?$data["new"]["ssl_domain"]:$data["new"]["domain"];


         $csr_file = $ssl_dir.'/'.$domain.".csr";


         $crt_file = $ssl_dir.'/'.$domain.".crt";


         $bundle_file = $ssl_dir.'/'.$domain.".bundle";


@@ -207,7 +207,7 @@


      //* Delete a SSL certificate


      if($data['new']['ssl_action'] == 'del') {


         $ssl_dir = $data['new']['document_root'].'/ssl';


         $domain = $data['new']['ssl_domain'];


         $domain = ($data["new"]["ssl_domain"] != '')?$data["new"]["ssl_domain"]:$data["new"]["domain"];


         $csr_file = $ssl_dir.'/'.$domain.'.csr';


         $crt_file = $ssl_dir.'/'.$domain.'.crt';


         $bundle_file = $ssl_dir.'/'.$domain.'.bundle';


@@ -227,7 +227,6 @@


         $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");


         $app->log('Deleting SSL Cert for: '.$domain,LOGLEVEL_DEBUG);


      }






   }




@@ -542,74 +541,76 @@




      if($this->action == 'insert' || $data["new"]["system_user"] != $data["old"]["system_user"]) {


         // Chown and chmod the directories below the document root


         $this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));


         $this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/web');


         // The document root itself has to be owned by root in normal level and by the web owner in security level 20


         if($web_config['security_level'] == 20) {


            $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));


            $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/web');


         } else {


            $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));


            $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']).'/web');


         }


      }








      //* If the security level is set to high


      if($web_config['security_level'] == 20) {


      if($this->action == 'insert' && $data['new']['type'] == 'vhost') {


         if($web_config['security_level'] == 20) {




         $this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']));


         $this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']).'/*');


         $this->_exec('chmod 710 '.escapeshellcmd($data['new']['document_root'].'/web'));


            $this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']));


            $this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']).'/*');


            $this->_exec('chmod 710 '.escapeshellcmd($data['new']['document_root'].'/web'));




         // make tmp directory writable for Apache and the website users


         $this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp'));


            // make tmp directory writable for Apache and the website users


            $this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp'));


         


         // Set Log symlink to 755 to make the logs accessible by the FTP user


         $this->_exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"])."/log");


            // Set Log symlink to 755 to make the logs accessible by the FTP user


            $this->_exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"])."/log");




         $command = 'usermod';


         $command .= ' --groups sshusers';


         $command .= ' '.escapeshellcmd($data['new']['system_user']);


         $this->_exec($command);


            $command = 'usermod';


            $command .= ' --groups sshusers';


            $command .= ' '.escapeshellcmd($data['new']['system_user']);


            $this->_exec($command);




         //* if we have a chrooted Apache environment


         if($apache_chrooted) {


            $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' '.$command);


            //* if we have a chrooted Apache environment


            if($apache_chrooted) {


               $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' '.$command);




            //* add the apache user to the client group in the chroot environment


            $tmp_groupfile = $app->system->server_conf['group_datei'];


            $app->system->server_conf['group_datei'] = $web_config['website_basedir'].'/etc/group';


               //* add the apache user to the client group in the chroot environment


               $tmp_groupfile = $app->system->server_conf['group_datei'];


               $app->system->server_conf['group_datei'] = $web_config['website_basedir'].'/etc/group';


               $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));


               $app->system->server_conf['group_datei'] = $tmp_groupfile;


               unset($tmp_groupfile);


            }




            //* add the Apache user to the client group


            $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));


            $app->system->server_conf['group_datei'] = $tmp_groupfile;


            unset($tmp_groupfile);


         }




         //* add the Apache user to the client group


         $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));


            $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));




         $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));


            /*


            * Workaround for jailkit: If jailkit is enabled for the site, the 


            * website root has to be owned by the root user and we have to chmod it to 755 then


            */




         /*


         * Workaround for jailkit: If jailkit is enabled for the site, the 


         * website root has to be owned by the root user and we have to chmod it to 755 then


         */


            //* Check if there is a jailkit user for this site


            $tmp = $app->db->queryOneRecord('SELECT count(shell_user_id) as number FROM shell_user WHERE parent_domain_id = '.$data['new']['domain_id']." AND chroot = 'jailkit'");


            if($tmp['number'] > 0) {


               $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root']));


               $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));


            }


            unset($tmp);




         //* Check if there is a jailkit user for this site


         $tmp = $app->db->queryOneRecord('SELECT count(shell_user_id) as number FROM shell_user WHERE parent_domain_id = '.$data['new']['domain_id']." AND chroot = 'jailkit'");


         if($tmp['number'] > 0) {


            // If the security Level is set to medium


         } else {




            $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root']));


            $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/*'));


            $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));




            // make temp directory writable for Apache and the website users


            $this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp'));


         }


         unset($tmp);




         // If the security Level is set to medium


      } else {




         $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root']));


         $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/*'));


         $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));




         // make temp directory writable for Apache and the website users


         $this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp'));


      }




      // Change the ownership of the error log to the owner of the website


@@ -636,7 +637,7 @@


         if($master_php_ini_path != '' && substr($master_php_ini_path,-7) == 'php.ini' && is_file($master_php_ini_path)) {


            $php_ini_content .= file_get_contents($master_php_ini_path)."\n";


         }


         $php_ini_content .= trim($data['new']['custom_php_ini']);


         $php_ini_content .= str_replace("\r",'',trim($data['new']['custom_php_ini']));


         file_put_contents($custom_php_ini_dir.'/php.ini',$php_ini_content);


      } else {


         $has_custom_php_ini = false;


@@ -1050,6 +1051,11 @@


            unlink($vhost_symlink);


            $app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file,LOGLEVEL_DEBUG);


         }


         $vhost_symlink = escapeshellcmd($web_config['vhost_conf_enabled_dir'].'/'.$data['old']['domain'].'.vhost');


         if(is_link($vhost_symlink)) {


            unlink($vhost_symlink);


            $app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file,LOGLEVEL_DEBUG);


         }


         $vhost_file = escapeshellcmd($web_config['vhost_conf_dir'].'/'.$data['old']['domain'].'.vhost');


         unlink($vhost_file);


         $app->log('Removing file: '.$vhost_file,LOGLEVEL_DEBUG);


@@ -1305,7 +1311,7 @@


      if(substr($folder['path'],0,1) == '/') $folder['path'] = substr($folder['path'],1);


      if(substr($folder['path'],-1) == '/') $folder['path'] = substr($folder['path'],0,-1);


      $folder_path = escapeshellcmd($website['document_root'].'/web/'.$folder['path']);


      if(substr($folder_path,-1) != '/' && $folder['path'] != '') $folder_path .= '/';


      if(substr($folder_path,-1) != '/') $folder_path .= '/';


      


      //* Check if the resulting path is inside the docroot


      if(stristr($folder_path,'..') || stristr($folder_path,'./') || stristr($folder_path,'\\')) {


@@ -1369,7 +1375,7 @@


      


      $folder_id = $data['old']['web_folder_id'];


      


      $folder = $app->db->queryOneRecord("SELECT * FROM web_folder WHERE web_folder_id = ".intval($folder_id));


      $folder = $data['old'];


      $website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($folder['parent_domain_id']));


      


      if(!is_array($folder) or !is_array($website)) {


@@ -1381,7 +1387,7 @@


      if(substr($folder['path'],0,1) == '/') $folder['path'] = substr($folder['path'],1);


      if(substr($folder['path'],-1) == '/') $folder['path'] = substr($folder['path'],0,-1);


      $folder_path = realpath($website['document_root'].'/web/'.$folder['path']);


      if(substr($folder_path,-1) != '/' && $folder['path'] != '') $folder_path .= '/';


      if(substr($folder_path,-1) != '/') $folder_path .= '/';


      


      //* Check if the resulting path is inside the docroot


      if(substr($folder_path,0,strlen($website['document_root'])) != $website['document_root']) {


@@ -1417,12 +1423,12 @@


      if(substr($data['old']['path'],0,1) == '/') $data['old']['path'] = substr($data['old']['path'],1);


      if(substr($data['old']['path'],-1) == '/') $data['old']['path'] = substr($data['old']['path'],0,-1);


      $old_folder_path = realpath($website['document_root'].'/web/'.$data['old']['path']);


      if(substr($old_folder_path,-1) != '/' && $data['old']['path'] != '') $old_folder_path .= '/';


      if(substr($old_folder_path,-1) != '/') $old_folder_path .= '/';


         


      if(substr($data['new']['path'],0,1) == '/') $data['new']['path'] = substr($data['new']['path'],1);


      if(substr($data['new']['path'],-1) == '/') $data['new']['path'] = substr($data['new']['path'],0,-1);


      $new_folder_path = escapeshellcmd($website['document_root'].'/web/'.$data['new']['path']);


      if(substr($new_folder_path,-1) != '/' && $data['new']['path'] != '') $new_folder_path .= '/';


      if(substr($new_folder_path,-1) != '/') $new_folder_path .= '/';


      


      //* Check if the resulting path is inside the docroot


      if(stristr($new_folder_path,'..') || stristr($new_folder_path,'./') || stristr($new_folder_path,'\\')) {


@@ -1757,7 +1763,7 @@


         $app->log('Created AWStats config file: '.$awstats_conf_dir.'/awstats.'.$data['new']['domain'].'.conf',LOGLEVEL_DEBUG);


      }


      


      unlink($data['new']['document_root']."/web/stats/index.html");


      if(is_file($data['new']['document_root']."/web/stats/index.html")) unlink($data['new']['document_root']."/web/stats/index.html");


      copy("/usr/local/ispconfig/server/conf/awstats_index.php.master",$data['new']['document_root']."/web/stats/index.php");


   }