From 32cd3552bd2617d5f0272a37c515c0e84933bed9 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Thu, 05 Jan 2012 07:00:53 -0500
Subject: [PATCH] Fixed: FS#1903 - Email - domain set as domain alias cannot be offered for mailbox creation

---
 server/plugins-available/nginx_plugin.inc.php |  161 +++++++++++++++++++++++++++++++++++------------------
 1 files changed, 107 insertions(+), 54 deletions(-)

diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php
index b3c9c75..b04cfbb 100644
--- a/server/plugins-available/nginx_plugin.inc.php
+++ b/server/plugins-available/nginx_plugin.inc.php
@@ -502,18 +502,42 @@
 
 		// Create group and user, if not exist
 		$app->uses('system');
+		
+		if($web_config['connect_userid_to_webid'] == 'y') {
+			//* Calculate the uid and gid
+			$connect_userid_to_webid_start = ($web_config['connect_userid_to_webid_start'] < 1000)?1000:intval($web_config['connect_userid_to_webid_start']);
+			$fixed_uid_gid = intval($connect_userid_to_webid_start + $data['new']['domain_id']);
+			$fixed_uid_param = '--uid '.$fixed_uid_gid;
+			$fixed_gid_param = '--gid '.$fixed_uid_gid;
+			
+			//* Check if a ispconfigend user and group exists and create them
+			if(!$app->system->is_group('ispconfigend')) {
+				exec('groupadd --gid '.($connect_userid_to_webid_start + 10000).' ispconfigend');
+			}
+			if(!$app->system->is_user('ispconfigend')) {
+				exec('useradd -g ispconfigend -d /usr/local/ispconfig --uid '.($connect_userid_to_webid_start + 10000).' ispconfigend');
+			}
+		} else {
+			$fixed_uid_param = '';
+			$fixed_gid_param = '';
+		}
 
 		$groupname = escapeshellcmd($data['new']['system_group']);
 		if($data['new']['system_group'] != '' && !$app->system->is_group($data['new']['system_group'])) {
-			exec('groupadd '.$groupname);
+			exec('groupadd '.$fixed_gid_param.' '.$groupname);
 			if($apache_chrooted) $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' groupadd '.$groupname);
 			$app->log('Adding the group: '.$groupname,LOGLEVEL_DEBUG);
 		}
 
 		$username = escapeshellcmd($data['new']['system_user']);
 		if($data['new']['system_user'] != '' && !$app->system->is_user($data['new']['system_user'])) {
-			exec('useradd -d '.escapeshellcmd($data['new']['document_root'])." -g $groupname -G sshusers $username -s /bin/false");
-			if($apache_chrooted) $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' useradd -d '.escapeshellcmd($data['new']['document_root'])." -g $groupname -G sshusers $username -s /bin/false");
+			if($web_config['add_web_users_to_sshusers_group'] == 'y') {
+				exec('useradd -d '.escapeshellcmd($data['new']['document_root'])." -g $groupname $fixed_uid_param -G sshusers $username -s /bin/false");
+				if($nginx_chrooted) $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' useradd -d '.escapeshellcmd($data['new']['document_root'])." -g $groupname $fixed_uid_param -G sshusers $username -s /bin/false");
+			} else {
+				exec('useradd -d '.escapeshellcmd($data['new']['document_root'])." -g $groupname $fixed_uid_param $username -s /bin/false");
+				if($nginx_chrooted) $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' useradd -d '.escapeshellcmd($data['new']['document_root'])." -g $groupname $fixed_uid_param $username -s /bin/false");
+			}
 			$app->log('Adding the user: '.$username,LOGLEVEL_DEBUG);
 		}
 
@@ -531,74 +555,91 @@
 
 		if($this->action == 'insert' || $data["new"]["system_user"] != $data["old"]["system_user"]) {
 			// Chown and chmod the directories below the document root
-			$this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));
+			$this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/web');
 			// The document root itself has to be owned by root in normal level and by the web owner in security level 20
 			if($web_config['security_level'] == 20) {
-				$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));
+				$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/web');
 			} else {
-				$this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));
+				$this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']).'/web');
 			}
 		}
-
-
-
+		
 		//* If the security level is set to high
-		if($web_config['security_level'] == 20) {
+		if(($this->action == 'insert' && $data['new']['type'] == 'vhost') or ($web_config['set_folder_permissions_on_update'] == 'y' && $data['new']['type'] == 'vhost')) {
+			if($web_config['security_level'] == 20) {
 
-			$this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']));
-			$this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']).'/*');
-			$this->_exec('chmod 710 '.escapeshellcmd($data['new']['document_root'].'/web'));
+				$this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']));
+				$this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']).'/*');
+				$this->_exec('chmod 710 '.escapeshellcmd($data['new']['document_root'].'/web'));
 
-			// make tmp directory writable for nginx and the website users
-			$this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp'));
+				// make tmp directory writable for nginx and the website users
+				$this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp'));
 			
-			// Set Log symlink to 755 to make the logs accessible by the FTP user
-			$this->_exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"])."/log");
+				// Set Log symlink to 755 to make the logs accessible by the FTP user
+				$this->_exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"])."/log");
 
-			$command = 'usermod';
-			$command .= ' --groups sshusers';
-			$command .= ' '.escapeshellcmd($data['new']['system_user']);
-			$this->_exec($command);
+				if($web_config['add_web_users_to_sshusers_group'] == 'y') {
+					$command = 'usermod';
+					$command .= ' --groups sshusers';
+					$command .= ' '.escapeshellcmd($data['new']['system_user']);
+					$this->_exec($command);
+				}
 
-			//* if we have a chrooted nginx environment
-			if($nginx_chrooted) {
-				$this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' '.$command);
+				//* if we have a chrooted nginx environment
+				if($nginx_chrooted) {
+					$this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' '.$command);
 
-				//* add the nginx user to the client group in the chroot environment
-				$tmp_groupfile = $app->system->server_conf['group_datei'];
-				$app->system->server_conf['group_datei'] = $web_config['website_basedir'].'/etc/group';
-				$app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));
-				$app->system->server_conf['group_datei'] = $tmp_groupfile;
-				unset($tmp_groupfile);
-			}
+					//* add the nginx user to the client group in the chroot environment
+					$tmp_groupfile = $app->system->server_conf['group_datei'];
+					$app->system->server_conf['group_datei'] = $web_config['website_basedir'].'/etc/group';
+					$app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));
+					$app->system->server_conf['group_datei'] = $tmp_groupfile;
+					unset($tmp_groupfile);
+				}
 
-			//* add the nginx user to the client group
-			$app->system->add_user_to_group($groupname, escapeshellcmd($web_config['nginx_user']));
+				//* add the nginx user to the client group
+				$app->system->add_user_to_group($groupname, escapeshellcmd($web_config['nginx_user']));
+				
+				//* Chown all default directories
+				$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));
+				$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/cgi-bin'));
+				$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/log'));
+				$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/ssl'));
+				$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/tmp'));
+				$this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/web'));
 
-			$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));
+				/*
+				* Workaround for jailkit: If jailkit is enabled for the site, the 
+				* website root has to be owned by the root user and we have to chmod it to 755 then
+				*/
 
-			/*
-			* Workaround for jailkit: If jailkit is enabled for the site, the 
-			* website root has to be owned by the root user and we have to chmod it to 755 then
-			*/
+				//* Check if there is a jailkit user for this site
+				$tmp = $app->db->queryOneRecord('SELECT count(shell_user_id) as number FROM shell_user WHERE parent_domain_id = '.$data['new']['domain_id']." AND chroot = 'jailkit'");
+				if($tmp['number'] > 0) {
+					$this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root']));
+					$this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));
+				}
+				unset($tmp);
 
-			//* Check if there is a jailkit user for this site
-			$tmp = $app->db->queryOneRecord('SELECT count(shell_user_id) as number FROM shell_user WHERE parent_domain_id = '.$data['new']['domain_id']." AND chroot = 'jailkit'");
-			if($tmp['number'] > 0) {
+				// If the security Level is set to medium
+			} else {
+
 				$this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root']));
+				$this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/cgi-bin'));
+				$this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/log'));
+				$this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/ssl'));
+				$this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/web'));
+				
+				// make temp directory writable for nginx and the website users
+				$this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp'));
+				
 				$this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));
+				$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/cgi-bin'));
+				$this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root'].'/log'));
+				$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/tmp'));
+				$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/ssl'));
+				$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/web'));
 			}
-			unset($tmp);
-
-			// If the security Level is set to medium
-		} else {
-
-			$this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root']));
-			$this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/*'));
-			$this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));
-
-			// make temp directory writable for nginx and the website users
-			$this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp'));
 		}
 
 		// Change the ownership of the error log to the owner of the website
@@ -924,7 +965,13 @@
 			if($nginx_online_status_before_restart && !$nginx_online_status_after_restart) {
 				$app->log('nginx did not restart after the configuration change for website '.$data['new']['domain'].' Reverting the configuration. Saved non-working config as '.$vhost_file.'.err',LOGLEVEL_WARN);
 				copy($vhost_file,$vhost_file.'.err');
-				copy($vhost_file.'~',$vhost_file);
+				if(is_file($vhost_file.'~')) {
+					//* Copy back the last backup file
+					copy($vhost_file.'~',$vhost_file);
+				} else {
+					//* There is no backup file, so we create a empty vhost file with a warning message inside
+					file_put_contents($vhost_file,"# nginx did not start after modifying this vhost file.\n# Please check file $vhost_file.err for syntax errors.");
+				}
 				$app->services->restartService('httpd','restart');
 			}
 		} else {
@@ -1118,12 +1165,18 @@
 		}
 		
 		//* Create the folder path, if it does not exist
-		if(!is_dir($folder_path)) exec('mkdir -p '.$folder_path);
+		if(!is_dir($folder_path)) {
+			exec('mkdir -p '.$folder_path);
+			chown($folder_path,$website['system_user']);
+			chgrp($folder_path,$website['system_group']);
+		}
 		
 		//* Create empty .htpasswd file, if it does not exist
 		if(!is_file($folder_path.'.htpasswd')) {
 			touch($folder_path.'.htpasswd');
 			chmod($folder_path.'.htpasswd',0755);
+			chown($folder_path.'.htpasswd',$website['system_user']);
+			chgrp($folder_path.'.htpasswd',$website['system_group']);
 			$app->log('Created file'.$folder_path.'.htpasswd',LOGLEVEL_DEBUG);
 		}
 		

--
Gitblit v1.9.1