gitlabFork/ISPConfig3.git - Solinfo Gitblit

			@@ -196,7 +196,8 @@

			$tpl_ini_array = ini_to_array(rf('tpl/server.ini.master'));

			// TODO: Update further distribution specific parameters for server config here
			//* Update further distribution specific parameters for server config here
			//* HINT: Every line added here has to be added in update.lib.php too!!
			$tpl_ini_array['web']['vhost_conf_dir'] = $conf['apache']['vhost_conf_dir'];
			$tpl_ini_array['web']['vhost_conf_enabled_dir'] = $conf['apache']['vhost_conf_enabled_dir'];
			$tpl_ini_array['jailkit']['jailkit_chroot_app_programs'] = $conf['jailkit']['jailkit_chroot_app_programs'];
			@@ -211,6 +212,8 @@
			$tpl_ini_array['web']['security_level'] = 20;
			$tpl_ini_array['web']['user'] = $conf['apache']['user'];
			$tpl_ini_array['web']['group'] = $conf['apache']['group'];
			$tpl_ini_array['web']['php_ini_path_apache'] = $conf['apache']['php_ini_path_apache'];
			$tpl_ini_array['web']['php_ini_path_cgi'] = $conf['apache']['php_ini_path_cgi'];
			$tpl_ini_array['mail']['pop3_imap_daemon'] = ($conf['dovecot']['installed'] == true)?'dovecot':'courier';
			$tpl_ini_array['mail']['mail_filter_syntax'] = ($conf['dovecot']['installed'] == true)?'sieve':'maildrop';
			$tpl_ini_array['dns']['bind_user'] = $conf['bind']['bind_user'];
			@@ -262,100 +265,127 @@
			public function grant_master_database_rights() {
			global $conf;

			if($conf['mysql']['master_slave_setup'] != 'y') return;
			/*
			* The following code is a little bit tricky:
			* * If we HAVE a master-slave - Setup then the client has to grant the rights for himself
			* at the master.
			* * If we DO NOT have a master-slave - Setup then we have two possibilities
			* 1) it is a single server
			* 2) it is the MASTER of n clients
			*/
			if($conf['mysql']['master_slave_setup'] == 'y') {
			/*
			* it is a master-slave - Setup so the slave has to grant its rights in the master
			* database
			*/

			//* insert the ispconfig user in the remote server
			$from_host = $conf['hostname'];
			$from_ip = gethostbyname($conf['hostname']);
			//* insert the ispconfig user in the remote server
			$from_host = $conf['hostname'];
			$from_ip = gethostbyname($conf['hostname']);

			$hosts[$from_host]['user'] = $conf['mysql']['master_ispconfig_user'];
			$hosts[$from_host]['db'] = $conf['mysql']['master_database'];
			$hosts[$from_host]['pwd'] = $conf['mysql']['master_ispconfig_password'];

			//* Delete ISPConfig user in the master database, in case that it exists
			$this->dbmaster->query("DELETE FROM mysql.user WHERE User = '".$conf['mysql']['master_ispconfig_user']."' AND Host = '".$from_host."';");
			$this->dbmaster->query("DELETE FROM mysql.db WHERE Db = '".$conf['mysql']['master_database']."' AND Host = '".$from_host."';");
			$this->dbmaster->query("DELETE FROM mysql.user WHERE User = '".$conf['mysql']['master_ispconfig_user']."' AND Host = '".$from_ip."';");
			$this->dbmaster->query("DELETE FROM mysql.db WHERE Db = '".$conf['mysql']['master_database']."' AND Host = '".$from_ip."';");
			$this->dbmaster->query('FLUSH PRIVILEGES;');
			$hosts[$from_ip]['user'] = $conf['mysql']['master_ispconfig_user'];
			$hosts[$from_ip]['db'] = $conf['mysql']['master_database'];
			$hosts[$from_ip]['pwd'] = $conf['mysql']['master_ispconfig_password'];
			} else{
			/*
			* it is NOT a master-slave - Setup so we have to find out all clients and their
			* host
			*/
			$query = "SELECT Host, User FROM mysql.user WHERE User like 'ispcsrv%' ORDER BY User, Host";
			$data = $this->dbmaster->queryAllRecords($query);
			if($data === false) {
			$this->error('Unable to get the user rights: '.$value['db'].' Error: '.$this->dbmaster->errorMessage);
			}
			foreach ($data as $item){
			$hosts[$item['Host']]['user'] = $item['User'];
			$hosts[$item['Host']]['db'] = $conf['mysql']['master_database'];
			$hosts[$item['Host']]['pwd'] = ''; // the user already exists, so we need no pwd!
			}
			}

			if(is_array($hosts)) {
			foreach($hosts as $host => $value) {
			/*
			* If a pwd exists, this means, we have to add the new user (and his pwd).
			* if not, the user already exists and we do not need the pwd
			*/
			if ($value['pwd'] != ''){
			$query = "CREATE USER '".$value['user']."'@'".$host."' IDENTIFIED BY '" . $value['pwd'] . "'";
			$this->dbmaster->query($query); // ignore the error
			}

			$hosts = array($from_host, $from_ip);
			/*
			* Try to delete all rights of the user in case that it exists.
			* In Case that it will not exist, do nothing (ignore the error!)
			*/
			$query = "REVOKE ALL PRIVILEGES, GRANT OPTION FROM '".$value['user']."'@'".$host."' ";
			$this->dbmaster->query($query); // ignore the error

			foreach($hosts as $src_host) {
			//* Create the ISPConfig database user in the remote database
			$query = "GRANT SELECT ON ".$conf['mysql']['master_database'].".`server` "
			."TO '".$conf['mysql']['master_ispconfig_user']."'@'".$src_host."' "
			."IDENTIFIED BY '".$conf['mysql']['master_ispconfig_password']."';";
			$query = "GRANT SELECT ON ".$value['db'].".`server` TO '".$value['user']."'@'".$host."' ";
			if(!$this->dbmaster->query($query)) {
			$this->error('Unable to create database user in master database: '.$conf['mysql']['master_ispconfig_user'].' Error: '.$this->dbmaster->errorMessage);
			$this->error('Unable to set rights of user in master database: '.$value['db'].' Error: '.$this->dbmaster->errorMessage);
			}

			$query = "GRANT SELECT, INSERT ON ".$conf['mysql']['master_database'].".`sys_log` "
			."TO '".$conf['mysql']['master_ispconfig_user']."'@'".$src_host."' "
			."IDENTIFIED BY '".$conf['mysql']['master_ispconfig_password']."';";
			$query = "GRANT SELECT, INSERT ON ".$value['db'].".`sys_log` TO '".$value['user']."'@'".$host."' ";
			if(!$this->dbmaster->query($query)) {
			$this->error('Unable to create database user in master database: '.$conf['mysql']['master_ispconfig_user'].' Error: '.$this->dbmaster->errorMessage);
			$this->error('Unable to set rights of user in master database: '.$value['db'].' Error: '.$this->dbmaster->errorMessage);
			}

			$query = "GRANT SELECT, UPDATE(`status`) ON ".$conf['mysql']['master_database'].".`sys_datalog` "
			."TO '".$conf['mysql']['master_ispconfig_user']."'@'".$src_host."' "
			."IDENTIFIED BY '".$conf['mysql']['master_ispconfig_password']."';";
			$query = "GRANT SELECT, UPDATE(`status`) ON ".$value['db'].".`sys_datalog` TO '".$value['user']."'@'".$host."' ";
			if(!$this->dbmaster->query($query)) {
			$this->error('Unable to create database user in master database: '.$conf['mysql']['master_ispconfig_user'].' Error: '.$this->dbmaster->errorMessage);
			$this->error('Unable to set rights of user in master database: '.$value['db'].' Error: '.$this->dbmaster->errorMessage);
			}

			$query = "GRANT SELECT, UPDATE(`status`) ON ".$conf['mysql']['master_database'].".`software_update_inst` "
			."TO '".$conf['mysql']['master_ispconfig_user']."'@'".$src_host."' "
			."IDENTIFIED BY '".$conf['mysql']['master_ispconfig_password']."';";
			$query = "GRANT SELECT, UPDATE(`status`) ON ".$value['db'].".`software_update_inst` TO '".$value['user']."'@'".$host."' ";
			if(!$this->dbmaster->query($query)) {
			$this->error('Unable to create database user in master database: '.$conf['mysql']['master_ispconfig_user'].' Error: '.$this->dbmaster->errorMessage);
			$this->error('Unable to set rights of user in master database: '.$value['db'].' Error: '.$this->dbmaster->errorMessage);
			}

			$query = "GRANT SELECT, UPDATE(`updated`) ON ".$conf['mysql']['master_database'].".`server` "
			."TO '".$conf['mysql']['master_ispconfig_user']."'@'".$src_host."' "
			."IDENTIFIED BY '".$conf['mysql']['master_ispconfig_password']."';";
			$query = "GRANT SELECT, UPDATE(`updated`) ON ".$value['db'].".`server` TO '".$value['user']."'@'".$host."' ";
			if(!$this->dbmaster->query($query)) {
			$this->error('Unable to create database user in master database: '.$conf['mysql']['master_ispconfig_user'].' Error: '.$this->dbmaster->errorMessage);
			$this->error('Unable to set rights of user in master database: '.$value['db'].' Error: '.$this->dbmaster->errorMessage);
			}

			$query = "GRANT SELECT, UPDATE (`ssl_request`, `ssl_cert`, `ssl_action`) ON ".$conf['mysql']['master_database'].".`web_domain` "
			."TO '".$conf['mysql']['master_ispconfig_user']."'@'".$src_host."' "
			."IDENTIFIED BY '".$conf['mysql']['master_ispconfig_password']."';";
			$query = "GRANT SELECT, UPDATE (`ssl_request`, `ssl_cert`, `ssl_action`) ON ".$value['db'].".`web_domain` TO '".$value['user']."'@'".$host."' ";
			if(!$this->dbmaster->query($query)) {
			$this->error('Unable to create database user in master database: '.$conf['mysql']['master_ispconfig_user'].' Error: '.$this->dbmaster->errorMessage);
			$this->error('Unable to set rights of user in master database: '.$value['db'].' Error: '.$this->dbmaster->errorMessage);
			}

			$query = "GRANT SELECT ON ".$conf['mysql']['master_database'].".`sys_group` "
			."TO '".$conf['mysql']['master_ispconfig_user']."'@'".$src_host."' "
			."IDENTIFIED BY '".$conf['mysql']['master_ispconfig_password']."';";
			$query = "GRANT SELECT ON ".$value['db'].".`sys_group` TO '".$value['user']."'@'".$host."' ";
			if(!$this->dbmaster->query($query)) {
			$this->error('Unable to create database user in master database: '.$conf['mysql']['master_ispconfig_user'].' Error: '.$this->dbmaster->errorMessage);
			$this->error('Unable to set rights of user in master database: '.$value['db'].' Error: '.$this->dbmaster->errorMessage);
			}

			$query = "GRANT SELECT, UPDATE (`action_status`, `response`) ON ".$conf['mysql']['master_database'].".`sys_remoteaction` "
			."TO '".$conf['mysql']['master_ispconfig_user']."'@'".$src_host."' "
			."IDENTIFIED BY '".$conf['mysql']['master_ispconfig_password']."';";
			$query = "GRANT SELECT, UPDATE (`action_state`, `response`) ON ".$value['db'].".`sys_remoteaction` TO '".$value['user']."'@'".$host."' ";
			if(!$this->dbmaster->query($query)) {
			$this->error('Unable to create database user in master database: '.$conf['mysql']['master_ispconfig_user'].' Error: '.$this->dbmaster->errorMessage);
			$this->error('Unable to set rights of user in master database: '.$value['db'].' Error: '.$this->dbmaster->errorMessage);
			}

			$query = "GRANT SELECT, INSERT , DELETE ON ".$conf['mysql']['master_database'].".`monitor_data` "
			."TO '".$conf['mysql']['master_ispconfig_user']."'@'".$src_host."' "
			."IDENTIFIED BY '".$conf['mysql']['master_ispconfig_password']."';";
			$query = "GRANT SELECT, INSERT , DELETE ON ".$value['db'].".`monitor_data` TO '".$value['user']."'@'".$host."' ";
			if(!$this->dbmaster->query($query)) {
			$this->error('Unable to create database user in master database: '.$conf['mysql']['master_ispconfig_user'].' Error: '.$this->dbmaster->errorMessage);
			$this->error('Unable to set rights of user in master database: '.$value['db'].' Error: '.$this->dbmaster->errorMessage);
			}

			$query = "GRANT SELECT, INSERT, UPDATE ON ".$conf['mysql']['master_database'].".`mail_traffic` "
			."TO '".$conf['mysql']['master_ispconfig_user']."'@'".$src_host."' "
			."IDENTIFIED BY '".$conf['mysql']['master_ispconfig_password']."';";
			$query = "GRANT SELECT, INSERT, UPDATE ON ".$value['db'].".`mail_traffic` TO '".$value['user']."'@'".$host."' ";
			if(!$this->dbmaster->query($query)) {
			$this->error('Unable to create database user in master database: '.$conf['mysql']['master_ispconfig_user'].' Error: '.$this->dbmaster->errorMessage);
			$this->error('Unable to set rights of user in master database: '.$value['db'].' Error: '.$this->dbmaster->errorMessage);
			}

			$query = "GRANT SELECT, INSERT, UPDATE ON ".$conf['mysql']['master_database'].".`web_traffic` "
			."TO '".$conf['mysql']['master_ispconfig_user']."'@'".$src_host."' "
			."IDENTIFIED BY '".$conf['mysql']['master_ispconfig_password']."';";
			$query = "GRANT SELECT, INSERT, UPDATE ON ".$value['db'].".`web_traffic` TO '".$value['user']."'@'".$host."' ";
			if(!$this->dbmaster->query($query)) {
			$this->error('Unable to create database user in master database: '.$conf['mysql']['master_ispconfig_user'].' Error: '.$this->dbmaster->errorMessage);
			$this->error('Unable to set rights of user in master database: '.$value['db'].' Error: '.$this->dbmaster->errorMessage);
			}
			}

			/*
			* It is all done. Relod the rights...
			*/
			$this->dbmaster->query('FLUSH PRIVILEGES;');
			}

			}
			@@ -517,7 +547,7 @@

			//** We have to change the permissions of the courier authdaemon directory to make it accessible for maildrop.
			$command = 'chmod 755 /var/run/courier/authdaemon/';
			caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
			if(is_file('/var/run/courier/authdaemon/')) caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);

			//* Changing maildrop lines in posfix master.cf
			if(is_file($config_dir.'/master.cf')) {
			@@ -616,6 +646,8 @@
			$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
			$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
			wf("$pam/smtp", $content);
			// On some OSes smtp is world readable which allows for reading database information. Removing world readable rights should have no effect.
			if(is_file("$pam/smtp")) exec("chmod o= $pam/smtp");
			exec("chmod 660 $pam/smtp");
			exec("chown daemon:daemon $pam/smtp");

			@@ -825,6 +857,7 @@
			//exec('mkdir -p '.$config_dir.'/conf/ChrootEveryone');
			exec('echo "yes" > '.$config_dir.'/conf/ChrootEveryone');
			exec('echo "yes" > '.$config_dir.'/conf/BrokenClientsCompatibility');
			exec('echo "yes" > '.$config_dir.'/conf/DisplayDotFiles');

			if(is_file('/etc/default/pure-ftpd-common')) {
			replaceLine('/etc/default/pure-ftpd-common','STANDALONE_OR_INETD=inetd','STANDALONE_OR_INETD=standalone',1,0);
			@@ -903,7 +936,20 @@
			public function configure_bind() {
			global $conf;

			//* Nothing to do
			//* Check if the zonefile directory has a slash at the end
			$content=$conf['bind']['bind_zonefiles_dir'];
			if(substr($content,-1,1) != '/') {
			$content .= '/';
			}

			//* Create the slave subdirectory
			$content .= 'slave';
			$content_mkdir = 'mkdir -p '.$content;
			exec($content_mkdir);

			//* Chown the slave subdirectory to $conf['bind']['bind_user']
			exec('chown '.$conf['bind']['bind_user'].':'.$conf['bind']['bind_group'].' '.$content);
			exec('chmod 770 '.$content);

			}

			@@ -916,7 +962,7 @@
			exec('mkdir -p /var/log/ispconfig/httpd');

			if(is_file('/etc/suphp/suphp.conf')) {
			replaceLine('/etc/suphp/suphp.conf','php=php:/usr/bin','x-httpd-suphp=php:/usr/bin/php-cgi',0);
			replaceLine('/etc/suphp/suphp.conf','php=php:/usr/bin','x-httpd-suphp="php:/usr/bin/php-cgi"',0);
			//replaceLine('/etc/suphp/suphp.conf','docroot=','docroot=/var/clients',0);
			replaceLine('/etc/suphp/suphp.conf','umask=0077','umask=0022',0);
			}
			@@ -1120,6 +1166,25 @@
			}

			}

			public function make_ispconfig_ssl_cert() {
			global $conf;

			$ssl_crt_file = '/usr/local/ispconfig/interface/ssl/ispserver.crt';
			$ssl_csr_file = '/usr/local/ispconfig/interface/ssl/ispserver.csr';
			$ssl_key_file = '/usr/local/ispconfig/interface/ssl/ispserver.key';

			if(!is_dir('/usr/local/ispconfig/interface/ssl')) exec("mkdir -p /usr/local/ispconfig/interface/ssl");

			$ssl_pw = substr(md5(mt_rand()),0,6);
			exec("openssl genrsa -des3 -passout pass:$ssl_pw -out $ssl_key_file 4096");
			exec("openssl req -new -passin pass:$ssl_pw -passout pass:$ssl_pw -key $ssl_key_file -out $ssl_csr_file");
			exec("openssl req -x509 -passin pass:$ssl_pw -passout pass:$ssl_pw -key $ssl_key_file -in $ssl_csr_file -out $ssl_crt_file -days 3650");
			exec("openssl rsa -passin pass:$ssl_pw -in $ssl_key_file -out $ssl_key_file.insecure");
			exec("mv $ssl_key_file $ssl_key_file.secure");
			exec("mv $ssl_key_file.insecure $ssl_key_file");

			}

			public function install_ispconfig() {
			global $conf;
			@@ -1214,9 +1279,15 @@
			$module_name = substr($file,0,-8);
			$tmp = new $module_name;
			if($tmp->onInstall()) {
			if(!@is_link($install_dir.'/server/mods-enabled/'.$file)) @symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-enabled/'.$file);
			if(!@is_link($install_dir.'/server/mods-enabled/'.$file)) {
			@symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-enabled/'.$file);
			// @symlink($install_dir.'/server/mods-available/'.$file, '../mods-enabled/'.$file);
			}
			if (strpos($file, '_core_module') !== false) {
			if(!@is_link($install_dir.'/server/mods-core/'.$file)) @symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-core/'.$file);
			if(!@is_link($install_dir.'/server/mods-core/'.$file)) {
			@symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-core/'.$file);
			// @symlink($install_dir.'/server/mods-available/'.$file, '../mods-core/'.$file);
			}
			}
			}
			unset($tmp);
			@@ -1235,9 +1306,15 @@
			$plugin_name = substr($file,0,-8);
			$tmp = new $plugin_name;
			if(method_exists($tmp,'onInstall') && $tmp->onInstall()) {
			if(!@is_link($install_dir.'/server/plugins-enabled/'.$file)) @symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-enabled/'.$file);
			if(!@is_link($install_dir.'/server/plugins-enabled/'.$file)) {
			@symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-enabled/'.$file);
			//@symlink($install_dir.'/server/plugins-available/'.$file, '../plugins-enabled/'.$file);
			}
			if (strpos($file, '_core_plugin') !== false) {
			if(!@is_link($install_dir.'/server/plugins-core/'.$file)) @symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-core/'.$file);
			if(!@is_link($install_dir.'/server/plugins-core/'.$file)) {
			@symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-core/'.$file);
			//@symlink($install_dir.'/server/plugins-available/'.$file, '../plugins-core/'.$file);
			}
			}
			}
			unset($tmp);
			@@ -1337,6 +1414,12 @@
			} else {
			$content = str_replace('{vhost_port_listen}', '', $content);
			}

			if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {
			$content = str_replace('{ssl_comment}', '', $content);
			} else {
			$content = str_replace('{ssl_comment}', '#', $content);
			}

			wf("$vhost_conf_dir/ispconfig.vhost", $content);

			@@ -1386,7 +1469,7 @@

			//* Add Log-Rotation
			if (is_dir('/etc/logrotate.d')) {
			unlink('/etc/logrotate.d/logispc3');
			@unlink('/etc/logrotate.d/logispc3'); // ignore, if the file is not there
			$fh = fopen('/etc/logrotate.d/logispc3', 'w');
			fwrite($fh,
			"/var/log/ispconfig/ispconfig.log { \n" .
			@@ -1596,4 +1679,4 @@
			}
			}

			?>
			?>