From 2cb1563f63386b35a69e460051aa9b4a2851d104 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 30 May 2012 07:30:44 -0400
Subject: [PATCH] - Added (clickable) placeholders to client messaging function. - Added check so that the client password isn't inserted into the message (for security reasons).
---
install/lib/installer_base.lib.php | 104 ++++++++++++++++++++++++++++++++++++++-------------
1 files changed, 77 insertions(+), 27 deletions(-)
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index a4ec514..b472844 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -158,10 +158,10 @@
$this->error('Stopped: Database already contains some tables.');
} else {
if($conf['mysql']['admin_password'] == '') {
- caselog("mysql --default-character-set=".$conf['mysql']['charset']." -h '".$conf['mysql']['host']."' -u '".$conf['mysql']['admin_user']."' '".$conf['mysql']['database']."' < '".ISPC_INSTALL_ROOT."/install/sql/ispconfig3.sql' &> /dev/null",
+ caselog("mysql --default-character-set=".escapeshellarg($conf['mysql']['charset'])." -h ".escapeshellarg($conf['mysql']['host'])." -u ".escapeshellarg($conf['mysql']['admin_user'])." ".escapeshellarg($conf['mysql']['database'])." < '".ISPC_INSTALL_ROOT."/install/sql/ispconfig3.sql' &> /dev/null",
__FILE__, __LINE__, 'read in ispconfig3.sql', 'could not read in ispconfig3.sql');
} else {
- caselog("mysql --default-character-set=".$conf['mysql']['charset']." -h '".$conf['mysql']['host']."' -u '".$conf['mysql']['admin_user']."' -p'".$conf['mysql']['admin_password']."' '".$conf['mysql']['database']."' < '".ISPC_INSTALL_ROOT."/install/sql/ispconfig3.sql' &> /dev/null",
+ caselog("mysql --default-character-set=".escapeshellarg($conf['mysql']['charset'])." -h ".escapeshellarg($conf['mysql']['host'])." -u ".escapeshellarg($conf['mysql']['admin_user'])." -p".escapeshellarg($conf['mysql']['admin_password'])." ".escapeshellarg($conf['mysql']['database'])." < '".ISPC_INSTALL_ROOT."/install/sql/ispconfig3.sql' &> /dev/null",
__FILE__, __LINE__, 'read in ispconfig3.sql', 'could not read in ispconfig3.sql');
}
$db_tables = $this->db->getTables();
@@ -514,6 +514,10 @@
copy('tpl/'.$jk_init.'.master', $config_dir.'/'.$jk_init);
copy('tpl/'.$jk_chrootsh.'.master', $config_dir.'/'.$jk_chrootsh);
}
+
+ //* help jailkit fo find its ini files
+ if(!is_link('/usr/jk_socketd.ini')) exec('ln -s /etc/jailkit/jk_socketd.ini /usr/jk_socketd.ini');
+ if(!is_link('/usr/jk_init.ini')) exec('ln -s /etc/jailkit/jk_init.ini /usr/jk_init.ini');
}
@@ -624,11 +628,24 @@
$command = 'useradd -g '.$cf['vmail_groupname'].' -u '.$cf['vmail_userid'].' '.$cf['vmail_username'].' -d '.$cf['vmail_mailbox_base'].' -m';
if(!is_user($cf['vmail_username'])) caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+
+ //* These postconf commands will be executed on installation and update
+ $server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ".$conf['server_id']);
+ $server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
+ unset($server_ini_rec);
+
+ //* If there are RBL's defined, format the list and add them to smtp_recipient_restrictions to prevent removeal after an update
+ $rbl_list = '';
+ if (@isset($server_ini_array['mail']['realtime_blackhole_list']) && $server_ini_array['mail']['realtime_blackhole_list'] != '') {
+ $rbl_hosts = explode(",",str_replace(" ", "", $server_ini_array['mail']['realtime_blackhole_list']));
+ foreach ($rbl_hosts as $key => $value) {
+ $rbl_list .= ", reject_rbl_client ". $value;
+ }
+ }
+ unset($rbl_hosts);
+ unset($server_ini_array);
$postconf_commands = array (
- 'myhostname = '.$conf['hostname'],
- 'mydestination = '.$conf['hostname'].', localhost, localhost.localdomain',
- 'mynetworks = 127.0.0.0/8 [::1]/128',
'alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases',
'alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases',
'virtual_alias_domains =',
@@ -641,7 +658,7 @@
'smtpd_sasl_auth_enable = yes',
'broken_sasl_auth_clients = yes',
'smtpd_sasl_authenticated_header = yes',
- 'smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:'.$config_dir.'/mysql-virtual_recipient.cf, reject_unauth_destination',
+ 'smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:'.$config_dir.'/mysql-virtual_recipient.cf, reject_unauth_destination'. $rbl_list,
'smtpd_use_tls = yes',
'smtpd_tls_security_level = may',
'smtpd_tls_cert_file = '.$config_dir.'/smtpd.cert',
@@ -662,6 +679,15 @@
'body_checks = regexp:'.$config_dir.'/body_checks',
'owner_request_special = no'
);
+
+ //* These postconf commands will be executed on installation only
+ if($this->is_update == false) {
+ $postconf_commands = array_merge($postconf_commands,array(
+ 'myhostname = '.$conf['hostname'],
+ 'mydestination = '.$conf['hostname'].', localhost, localhost.localdomain',
+ 'mynetworks = 127.0.0.0/8 [::1]/128'
+ ));
+ }
//* Create the header and body check files
touch($config_dir.'/header_checks');
@@ -876,19 +902,32 @@
caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
}
- //* copy dovecot.conf
+ //* backup dovecot.conf
$configfile = 'dovecot.conf';
if(is_file($config_dir.'/'.$configfile)) {
copy($config_dir.'/'.$configfile, $config_dir.'/'.$configfile.'~');
}
- copy('tpl/debian_dovecot.conf.master',$config_dir.'/'.$configfile);
+
+ //* Get the dovecot version
+ exec('dovecot --version',$tmp);
+ $parts = explode('.',trim($tmp[0]));
+ $dovecot_version = $parts[0];
+ unset($tmp);
+ unset($parts);
+
+ //* Copy dovecot configuration file
+ if($dovecot_version == 2) {
+ copy('tpl/debian_dovecot2.conf.master',$config_dir.'/'.$configfile);
+ } else {
+ copy('tpl/debian_dovecot.conf.master',$config_dir.'/'.$configfile);
+ }
//* dovecot-sql.conf
$configfile = 'dovecot-sql.conf';
if(is_file($config_dir.'/'.$configfile)) {
copy($config_dir.'/'.$configfile, $config_dir.'/'.$configfile.'~');
}
- chmod($config_dir.'/'.$configfile.'~', 0400);
+ if(is_file($config_dir.'/'.$configfile.'~')) chmod($config_dir.'/'.$configfile.'~', 0400);
$content = rf('tpl/debian_dovecot-sql.conf.master');
$content = str_replace('{mysql_server_ispconfig_user}',$conf['mysql']['ispconfig_user'],$content);
$content = str_replace('{mysql_server_ispconfig_password}',$conf['mysql']['ispconfig_password'], $content);
@@ -1430,12 +1469,11 @@
//copy('tpl/apache_ispconfig.vhost.master', "$vhost_conf_dir/ispconfig.vhost");
//* and create the symlink
- if($this->install_ispconfig_interface == true) {
- if(@is_link($vhost_conf_enabled_dir.'/apps.vhost')) unlink($vhost_conf_enabled_dir.'/apps.vhost');
- if(!@is_link($vhost_conf_enabled_dir.'/000-apps.vhost')) {
- symlink($vhost_conf_dir.'/apps.vhost',$vhost_conf_enabled_dir.'/000-apps.vhost');
- }
+ if(@is_link($vhost_conf_enabled_dir.'/apps.vhost')) unlink($vhost_conf_enabled_dir.'/apps.vhost');
+ if(!@is_link($vhost_conf_enabled_dir.'/000-apps.vhost')) {
+ symlink($vhost_conf_dir.'/apps.vhost',$vhost_conf_enabled_dir.'/000-apps.vhost');
}
+
if(!is_file($conf['web']['website_basedir'].'/php-fcgi-scripts/apps/.php-fcgi-starter')) {
mkdir($conf['web']['website_basedir'].'/php-fcgi-scripts/apps', 0755, true);
copy('tpl/apache_apps_fcgi_starter.master',$conf['web']['website_basedir'].'/php-fcgi-scripts/apps/.php-fcgi-starter');
@@ -1485,6 +1523,7 @@
if(substr($socket_dir,-1) != '/') $socket_dir .= '/';
if(!is_dir($socket_dir)) exec('mkdir -p '.$socket_dir);
$fpm_socket = $socket_dir.'apps.sock';
+ $cgi_socket = escapeshellcmd($conf['nginx']['cgi_socket']);
$content = str_replace('{apps_vhost_ip}', $apps_vhost_ip, $content);
$content = str_replace('{apps_vhost_port}', $conf['web']['apps_vhost_port'], $content);
@@ -1492,6 +1531,7 @@
$content = str_replace('{apps_vhost_servername}', $apps_vhost_servername, $content);
//$content = str_replace('{fpm_port}', ($conf['nginx']['php_fpm_start_port']+1), $content);
$content = str_replace('{fpm_socket}', $fpm_socket, $content);
+ $content = str_replace('{cgi_socket}', $cgi_socket, $content);
wf($vhost_conf_dir.'/apps.vhost', $content);
@@ -1507,12 +1547,11 @@
//copy('tpl/nginx_ispconfig.vhost.master', "$vhost_conf_dir/ispconfig.vhost");
//* and create the symlink
- if($this->install_ispconfig_interface == true) {
- if(@is_link($vhost_conf_enabled_dir.'/apps.vhost')) unlink($vhost_conf_enabled_dir.'/apps.vhost');
- if(!@is_link($vhost_conf_enabled_dir.'/000-apps.vhost')) {
- symlink($vhost_conf_dir.'/apps.vhost',$vhost_conf_enabled_dir.'/000-apps.vhost');
- }
+ if(@is_link($vhost_conf_enabled_dir.'/apps.vhost')) unlink($vhost_conf_enabled_dir.'/apps.vhost');
+ if(!@is_link($vhost_conf_enabled_dir.'/000-apps.vhost')) {
+ symlink($vhost_conf_dir.'/apps.vhost',$vhost_conf_enabled_dir.'/000-apps.vhost');
}
+
}
}
@@ -1587,6 +1626,7 @@
$content = str_replace('{server_id}', $conf['server_id'], $content);
$content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
$content = str_replace('{language}', $conf['language'], $content);
+ $content = str_replace('{timezone}', $conf['timezone'], $content);
wf($install_dir.'/interface/lib/'.$configfile, $content);
@@ -1609,6 +1649,7 @@
$content = str_replace('{server_id}', $conf['server_id'], $content);
$content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
$content = str_replace('{language}', $conf['language'], $content);
+ $content = str_replace('{timezone}', $conf['timezone'], $content);
wf($install_dir.'/server/lib/'.$configfile, $content);
@@ -1726,6 +1767,10 @@
}
}
}
+
+ //* Make the APS directories group writable
+ exec("chmod -R 770 $install_dir/interface/web/sites/aps_meta_packages");
+ exec("chmod -R 770 $install_dir/server/aps_packages");
//* make sure that the server config file (not the interface one) is only readable by the root user
chmod($install_dir.'/server/lib/'.$configfile, 0600);
@@ -1740,6 +1785,11 @@
chmod($install_dir.'/server/lib/mysql_clientdb.conf', 0600);
chown($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
chgrp($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
+ }
+
+ if(is_dir($install_dir.'/interface/invoices')) {
+ exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
+ exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
}
// TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing
@@ -1766,7 +1816,7 @@
$command = "chmod +x $install_dir/server/scripts/*.sh";
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
- if($conf['apache']['installed'] == true){
+ if($conf['apache']['installed'] == true && $this->install_ispconfig_interface == true){
//* Copy the ISPConfig vhost for the controlpanel
$vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
$vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
@@ -1792,7 +1842,7 @@
//copy('tpl/apache_ispconfig.vhost.master', $vhost_conf_dir.'/ispconfig.vhost');
//* and create the symlink
- if($this->install_ispconfig_interface == true && $this->is_update == false) {
+ if($this->is_update == false) {
if(@is_link($vhost_conf_enabled_dir.'/ispconfig.vhost')) unlink($vhost_conf_enabled_dir.'/ispconfig.vhost');
if(!@is_link($vhost_conf_enabled_dir.'/000-ispconfig.vhost')) {
symlink($vhost_conf_dir.'/ispconfig.vhost',$vhost_conf_enabled_dir.'/000-ispconfig.vhost');
@@ -1808,7 +1858,7 @@
}
}
- if($conf['nginx']['installed'] == true){
+ if($conf['nginx']['installed'] == true && $this->install_ispconfig_interface == true){
//* Copy the ISPConfig vhost for the controlpanel
$vhost_conf_dir = $conf['nginx']['vhost_conf_dir'];
$vhost_conf_enabled_dir = $conf['nginx']['vhost_conf_enabled_dir'];
@@ -1818,11 +1868,11 @@
$content = str_replace('{vhost_port}', $conf['nginx']['vhost_port'], $content);
if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
- $content = str_replace('{ssl_on}', ' ssl', $content);
+ $content = str_replace('{ssl_on}', 'on', $content);
$content = str_replace('{ssl_comment}', '', $content);
$content = str_replace('{fastcgi_ssl}', 'on', $content);
} else {
- $content = str_replace('{ssl_on}', '', $content);
+ $content = str_replace('{ssl_on}', 'off', $content);
$content = str_replace('{ssl_comment}', '#', $content);
$content = str_replace('{fastcgi_ssl}', 'off', $content);
}
@@ -1851,7 +1901,7 @@
//copy('tpl/nginx_ispconfig.vhost.master', $vhost_conf_dir.'/ispconfig.vhost');
//* and create the symlink
- if($this->install_ispconfig_interface == true && $this->is_update == false) {
+ if($this->is_update == false) {
if(@is_link($vhost_conf_enabled_dir.'/ispconfig.vhost')) unlink($vhost_conf_enabled_dir.'/ispconfig.vhost');
if(!@is_link($vhost_conf_enabled_dir.'/000-ispconfig.vhost')) {
symlink($vhost_conf_dir.'/ispconfig.vhost',$vhost_conf_enabled_dir.'/000-ispconfig.vhost');
@@ -1935,7 +1985,7 @@
wf($install_dir.'/server/lib/mysql_clientdb.conf',$content);
chmod($install_dir.'/server/lib/mysql_clientdb.conf', 0600);
chown($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
- chgrp($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
+ chgrp($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
}
@@ -2052,7 +2102,7 @@
if ( is_file($tConf) ) {
$stat = exec('stat -c \'%a %U %G\' '.escapeshellarg($tConf), $output, $res);
if ($res == 0) { // stat successfull
- list($access, $user, $group) = split(" ", $stat);
+ list($access, $user, $group) = explode(" ", $stat);
}
if ( copy($tConf, $tConf.'~') ) {
--
Gitblit v1.9.1