From 43b345cabb3e8743a91c39e8d6367c1aa594ebd2 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Thu, 17 Jan 2013 10:33:59 -0500
Subject: [PATCH] Merged revisions from 3.0.5 stable branch: 3758-3768, 3769 shall not be merged to trunk.
---
server/plugins-available/apache2_plugin.inc.php | 201 +++++++++++++++++++++++++++++++++++++++++++-------
1 files changed, 172 insertions(+), 29 deletions(-)
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index ca8a88c..7c0e7f9 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -88,8 +88,97 @@
$app->plugins->registerEvent('ftp_user_delete',$this->plugin_name,'ftp_user_delete');
+ $app->plugins->registerAction('php_ini_changed', $this->plugin_name, 'php_ini_changed');
}
+
+ // check for php.ini changes
+
+
+ // Handle php.ini changes
+ function php_ini_changed($event_name, $data) {
+ global $app, $conf;
+
+ $app->uses('getconf');
+ $web_config = $app->getconf->get_server_config($conf['server_id'], 'web');
+ $fastcgi_config = $app->getconf->get_server_config($conf['server_id'], 'fastcgi');
+
+ /* $data contains an array with these keys:
+ * file -> full path of changed php_ini
+ * mode -> web_domain php modes to change (mod, fast-cgi, php-fpm or '' for all except 'mod')
+ * php_version -> php ini path that changed (additional php versions)
+ */
+
+ $qrystr = "SELECT * FROM web_domain WHERE custom_php_ini != ''";
+ if($data['mode'] == 'mod') {
+ $qrystr .= " AND php = 'mod'";
+ } elseif($data['mode'] == 'fast-cgi') {
+ $qrystr .= " AND php = 'fast-cgi'";
+ if($data['php_version']) {
+ $qrystr .= " AND fastcgi_php_version LIKE '%:" . $app->db->quote($data['php_version']) . "'";
+ }
+ } elseif($data['mode'] == 'php-fpm') {
+ $qrystr .= " AND php = 'php-fpm'";
+ if($data['php_version']) {
+ $qrystr .= " AND fastcgi_php_version LIKE '%:" . $app->db->quote($data['php_version']) . ":%'";
+ }
+ } else {
+ $qrystr .= " AND php != 'mod' AND php != 'fast-cgi'";
+ }
+
+
+ //** Get all the webs
+ $web_domains = $app->db->queryAllRecords($qrystr);
+ foreach($web_domains as $web_data) {
+ $custom_php_ini_dir = $web_config['website_basedir'].'/conf/'.$web_data['system_user'];
+ $web_folder = 'web';
+ if($web_data['type'] == 'vhostsubdomain') {
+ $web_folder = $web_data['web_folder'];
+ $custom_php_ini_dir .= '_' . $web_folder;
+ }
+ if(!is_dir($web_config['website_basedir'].'/conf')) $app->system->mkdir($web_config['website_basedir'].'/conf');
+
+ if(!is_dir($custom_php_ini_dir)) $app->system->mkdir($custom_php_ini_dir);
+ $php_ini_content = '';
+ if($web_data['php'] == 'mod') {
+ $master_php_ini_path = $web_config['php_ini_path_apache'];
+ } else {
+ if($web_data['php'] == 'fast-cgi' && file_exists($fastcgi_config["fastcgi_phpini_path"])) {
+ $master_php_ini_path = $fastcgi_config["fastcgi_phpini_path"];
+ } else {
+ $master_php_ini_path = $web_config['php_ini_path_cgi'];
+ }
+ }
+ if($master_php_ini_path != '' && substr($master_php_ini_path,-7) == 'php.ini' && is_file($master_php_ini_path)) {
+ $php_ini_content .= $app->system->file_get_contents($master_php_ini_path)."\n";
+ }
+ $php_ini_content .= str_replace("\r",'',trim($web_data['custom_php_ini']));
+ $app->system->file_put_contents($custom_php_ini_dir.'/php.ini',$php_ini_content);
+ $app->log('Info: rewrote custom php.ini for web ' . $web_data['domain_id'] . ' (' . $web_data['domain'] . ').',LOGLEVEL_DEBUG);
+ }
+
+ if(count($web_domains) > 0) {
+ //* We do not check the apache config here - we only changed the php.ini
+ //* Check if this is a chrooted setup
+ if($web_config['website_basedir'] != '' && @is_file($web_config['website_basedir'].'/etc/passwd')) {
+ $apache_chrooted = true;
+ $app->log('Info: Apache is chrooted.',LOGLEVEL_DEBUG);
+ } else {
+ $apache_chrooted = false;
+ }
+
+ $app->log('Info: rewrote all php.ini and reloading apache now.',LOGLEVEL_DEBUG);
+ if($apache_chrooted) {
+ $app->services->restartServiceDelayed('httpd','restart');
+ } else {
+ // request a httpd reload when all records have been processed
+ $app->services->restartServiceDelayed('httpd','reload');
+ }
+ } else {
+ $app->log('Info: No webs affected by php.ini change.',LOGLEVEL_DEBUG);
+ }
+ }
+
// Handle the creation of SSL certificates
function ssl($event_name,$data) {
global $app, $conf;
@@ -121,8 +210,14 @@
$this->ssl_certificate_changed = true;
//* Rename files if they exist
- if(file_exists($key_file)) $app->system->rename($key_file,$key_file.'.bak');
- if(file_exists($key_file2)) $app->system->rename($key_file2,$key_file2.'.bak');
+ if(file_exists($key_file)){
+ $app->system->rename($key_file,$key_file.'.bak');
+ $app->system->chmod($key_file.'.bak',0400);
+ }
+ if(file_exists($key_file2)){
+ $app->system->rename($key_file2,$key_file2.'.bak');
+ $app->system->chmod($key_file2.'.bak',0400);
+ }
if(file_exists($csr_file)) $app->system->rename($csr_file,$csr_file.'.bak');
if(file_exists($crt_file)) $app->system->rename($crt_file,$crt_file.'.bak');
@@ -165,11 +260,15 @@
$rand_file = escapeshellcmd($rand_file);
$key_file = escapeshellcmd($key_file);
+ if(substr($domain, 0, 2) == '*.' && strpos($key_file, '/ssl/\*.') != false) $key_file = str_replace('/ssl/\*.', '/ssl/*.', $key_file); // wildcard certificate
$key_file2 = escapeshellcmd($key_file2);
+ if(substr($domain, 0, 2) == '*.' && strpos($key_file2, '/ssl/\*.') != false) $key_file2 = str_replace('/ssl/\*.', '/ssl/*.', $key_file2); // wildcard certificate
$ssl_days = 3650;
$csr_file = escapeshellcmd($csr_file);
+ if(substr($domain, 0, 2) == '*.' && strpos($csr_file, '/ssl/\*.') != false) $csr_file = str_replace('/ssl/\*.', '/ssl/*.', $csr_file); // wildcard certificate
$config_file = escapeshellcmd($ssl_cnf_file);
$crt_file = escapeshellcmd($crt_file);
+ if(substr($domain, 0, 2) == '*.' && strpos($crt_file, '/ssl/\*.') != false) $crt_file = str_replace('/ssl/\*.', '/ssl/*.', $crt_file); // wildcard certificate
if(is_file($ssl_cnf_file) && !is_link($ssl_cnf_file)) {
@@ -190,6 +289,7 @@
}
+ $app->system->chmod($key_file,0400);
$app->system->chmod($key_file2,0400);
@$app->system->unlink($config_file);
@$app->system->unlink($rand_file);
@@ -216,8 +316,14 @@
$bundle_file = $ssl_dir.'/'.$domain.".bundle";
//* Backup files
- if(file_exists($key_file)) $app->system->copy($key_file,$key_file.'~');
- if(file_exists($key_file2)) $app->system->copy($key_file2,$key_file2.'~');
+ if(file_exists($key_file)){
+ $app->system->copy($key_file,$key_file.'~');
+ $app->system->chmod($key_file.'~',0400);
+ }
+ if(file_exists($key_file2)){
+ $app->system->copy($key_file2,$key_file2.'~');
+ $app->system->chmod($key_file2.'~',0400);
+ }
if(file_exists($csr_file)) $app->system->copy($csr_file,$csr_file.'~');
if(file_exists($crt_file)) $app->system->copy($crt_file,$crt_file.'~');
if(file_exists($bundle_file)) $app->system->copy($bundle_file,$bundle_file.'~');
@@ -421,8 +527,8 @@
//* Create new base directory, if it does not exist yet
if(!is_dir($new_dir)) $app->system->mkdirpath($new_dir);
- //exec('mv '.$data['old']['document_root'].' '.$new_dir);
- $app->system->rename($data['old']['document_root'],$new_dir);
+ exec('mv '.escapeshellarg($data['old']['document_root']).' '.escapeshellarg($new_dir));
+ //$app->system->rename($data['old']['document_root'],$new_dir);
$app->log('Moving site to new document root: mv '.$data['old']['document_root'].' '.$new_dir,LOGLEVEL_DEBUG);
// Handle the change in php_open_basedir
@@ -439,7 +545,12 @@
exec($command);
if($apache_chrooted) $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' '.$command);
-
+
+ //* Change the log mount
+ $fstab_line = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$log_folder.' none bind';
+ $app->system->removeLine('/etc/fstab',$fstab_line);
+ $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nobootwait 0 0';
+ $app->system->replaceLine('/etc/fstab',$fstab_line,$fstab_line,1,1);
}
@@ -469,19 +580,26 @@
if($this->action == 'update' && $data['old']['domain'] != '' && $data['new']['domain'] != $data['old']['domain']) {
if(is_dir('/var/log/ispconfig/httpd/'.$data['old']['domain'])) exec('rm -rf /var/log/ispconfig/httpd/'.$data['old']['domain']);
if(is_link($data['old']['document_root'].'/'.$log_folder)) $app->system->unlink($data['old']['document_root'].'/'.$log_folder);
+
+ //* remove old log mount
+ $fstab_line = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$log_folder.' none bind';
+ $app->system->removeLine('/etc/fstab',$fstab_line);
+
+ //* Unmount log directory
+ exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder));
}
//* Create the log dir if nescessary and mount it
- if(!is_dir('/var/log/ispconfig/httpd/'.$data['new']['domain'])) exec('mkdir -p /var/log/ispconfig/httpd/'.$data['new']['domain']);
- if(!is_dir($data['new']['document_root'].'/'.$log_folder) || is_link($data['new']['document_root'].'/'.$log_folder)) {
+ if(!is_dir($data['new']['document_root'].'/'.$log_folder) || !is_dir('/var/log/ispconfig/httpd/'.$data['new']['domain']) || is_link($data['new']['document_root'].'/'.$log_folder)) {
if(is_link($data['new']['document_root'].'/'.$log_folder)) unlink($data['new']['document_root'].'/'.$log_folder);
+ if(!is_dir('/var/log/ispconfig/httpd/'.$data['new']['domain'])) exec('mkdir -p /var/log/ispconfig/httpd/'.$data['new']['domain']);
$app->system->mkdirpath($data['new']['document_root'].'/'.$log_folder);
$app->system->chown($data['new']['document_root'].'/'.$log_folder,'root');
$app->system->chgrp($data['new']['document_root'].'/'.$log_folder,'root');
$app->system->chmod($data['new']['document_root'].'/'.$log_folder,0755);
exec('mount --bind '.escapeshellarg('/var/log/ispconfig/httpd/'.$data['new']['domain']).' '.escapeshellarg($data['new']['document_root'].'/'.$log_folder));
//* add mountpoint to fstab
- $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind 0 0';
+ $fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/'.$log_folder.' none bind,nobootwait 0 0';
$app->system->replaceLine('/etc/fstab',$fstab_line,$fstab_line,1,1);
}
@@ -888,26 +1006,30 @@
'rewrite_type' => ($data['new']['redirect_type'] == 'no')?'':'['.$data['new']['redirect_type'].']',
'rewrite_target' => $rewrite_target,
'rewrite_target_ssl' => $rewrite_target_ssl,
- 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'));
+ 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'),
+ 'rewrite_add_path' => (substr($rewrite_target, -1) == '/' ? 'y' : 'n'));
$rewrite_rules[] = array( 'rewrite_domain' => '^' . $this->_rewrite_quote('www.'.$data['new']['domain']),
'rewrite_type' => ($data['new']['redirect_type'] == 'no')?'':'['.$data['new']['redirect_type'].']',
'rewrite_target' => $rewrite_target,
'rewrite_target_ssl' => $rewrite_target_ssl,
- 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'));
+ 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'),
+ 'rewrite_add_path' => (substr($rewrite_target, -1) == '/' ? 'y' : 'n'));
break;
case '*':
$rewrite_rules[] = array( 'rewrite_domain' => '(^|\.)'.$this->_rewrite_quote($data['new']['domain']),
'rewrite_type' => ($data['new']['redirect_type'] == 'no')?'':'['.$data['new']['redirect_type'].']',
'rewrite_target' => $rewrite_target,
'rewrite_target_ssl' => $rewrite_target_ssl,
- 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'));
+ 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'),
+ 'rewrite_add_path' => (substr($rewrite_target, -1) == '/' ? 'y' : 'n'));
break;
default:
$rewrite_rules[] = array( 'rewrite_domain' => '^'.$this->_rewrite_quote($data['new']['domain']),
'rewrite_type' => ($data['new']['redirect_type'] == 'no')?'':'['.$data['new']['redirect_type'].']',
'rewrite_target' => $rewrite_target,
'rewrite_target_ssl' => $rewrite_target_ssl,
- 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'));
+ 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'),
+ 'rewrite_add_path' => (substr($rewrite_target, -1) == '/' ? 'y' : 'n'));
}
}
@@ -983,19 +1105,22 @@
'rewrite_type' => ($alias['redirect_type'] == 'no')?'':'['.$alias['redirect_type'].']',
'rewrite_target' => $rewrite_target,
'rewrite_target_ssl' => $rewrite_target_ssl,
- 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'));
+ 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'),
+ 'rewrite_add_path' => (substr($rewrite_target, -1) == '/' ? 'y' : 'n'));
$rewrite_rules[] = array( 'rewrite_domain' => '^' . $this->_rewrite_quote('www.'.$alias['domain']),
'rewrite_type' => ($alias['redirect_type'] == 'no')?'':'['.$alias['redirect_type'].']',
'rewrite_target' => $rewrite_target,
'rewrite_target_ssl' => $rewrite_target_ssl,
- 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'));
+ 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'),
+ 'rewrite_add_path' => (substr($rewrite_target, -1) == '/' ? 'y' : 'n'));
break;
case '*':
$rewrite_rules[] = array( 'rewrite_domain' => '(^|\.)'.$this->_rewrite_quote($alias['domain']),
'rewrite_type' => ($alias['redirect_type'] == 'no')?'':'['.$alias['redirect_type'].']',
'rewrite_target' => $rewrite_target,
'rewrite_target_ssl' => $rewrite_target_ssl,
- 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'));
+ 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'),
+ 'rewrite_add_path' => (substr($rewrite_target, -1) == '/' ? 'y' : 'n'));
break;
default:
if(substr($alias['domain'], 0, 2) === '*.') $domain_rule = '(^|\.)'.$this->_rewrite_quote(substr($alias['domain'], 2));
@@ -1004,7 +1129,8 @@
'rewrite_type' => ($alias['redirect_type'] == 'no')?'':'['.$alias['redirect_type'].']',
'rewrite_target' => $rewrite_target,
'rewrite_target_ssl' => $rewrite_target_ssl,
- 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'));
+ 'rewrite_is_url' => ($this->_is_url($rewrite_target) ? 'y' : 'n'),
+ 'rewrite_add_path' => (substr($rewrite_target, -1) == '/' ? 'y' : 'n'));
}
}
}
@@ -1266,14 +1392,25 @@
} else {
$vhosts[] = array('ip_address' => $data['new']['ip_address'], 'ssl_enabled' => 1, 'port' => '443');
}
- $app->log('Enable SSL for: '.$domain,LOGLEVEL_DEBUG);
- }
-
- //* Add vhost for IPv6 IP
- if($data['new']['ipv6_address'] != '') {
- if(count($rewrite_rules) > 0){
- $vhosts[] = array('ip_address' => '['.$data['new']['ipv6_address'].']', 'ssl_enabled' => 0, 'port' => 80, 'redirects' => $rewrite_rules);
- } else {
+ $app->log('Enable SSL for: '.$domain,LOGLEVEL_DEBUG);
+ }
+
+ //* Add vhost for IPv6 IP
+ if($data['new']['ipv6_address'] != '') {
+ if ($conf['serverconfig']['web']['vhost_rewrite_v6'] == 'y') {
+ if (isset($conf['serverconfig']['server']['v6_prefix']) && $conf['serverconfig']['server']['v6_prefix'] <> '') {
+ $explode_v6prefix=explode(':',$conf['serverconfig']['server']['v6_prefix']);
+ $explode_v6=explode(':',$data['new']['ipv6_address']);
+
+ for ( $i = 0; $i <= count($explode_v6prefix)-3; $i++ ) {
+ $explode_v6[$i] = $explode_v6prefix[$i];
+ }
+ $data['new']['ipv6_address'] = implode(':',$explode_v6);
+ }
+ }
+ if(count($rewrite_rules) > 0){
+ $vhosts[] = array('ip_address' => '['.$data['new']['ipv6_address'].']', 'ssl_enabled' => 0, 'port' => 80, 'redirects' => $rewrite_rules);
+ } else {
$vhosts[] = array('ip_address' => '['.$data['new']['ipv6_address'].']', 'ssl_enabled' => 0, 'port' => 80);
}
@@ -1419,8 +1556,14 @@
$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
//* Backup the files that might have caused the error
- if(is_file($key_file)) $app->system->copy($key_file,$key_file.'.err');
- if(is_file($key_file2)) $app->system->copy($key_file2,$key_file2.'.err');
+ if(is_file($key_file)){
+ $app->system->copy($key_file,$key_file.'.err');
+ $app->system->chmod($key_file.'.err',0400);
+ }
+ if(is_file($key_file2)){
+ $app->system->copy($key_file2,$key_file2.'.err');
+ $app->system->chmod($key_file2.'.err',0400);
+ }
if(is_file($csr_file)) $app->system->copy($csr_file,$csr_file.'.err');
if(is_file($crt_file)) $app->system->copy($crt_file,$crt_file.'.err');
if(is_file($bundle_file)) $app->system->copy($bundle_file,$bundle_file.'.err');
@@ -1505,7 +1648,7 @@
exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder));
//* remove mountpoint from fstab
- $fstab_line = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$log_folder.' none bind 0 0';
+ $fstab_line = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$log_folder.' none bind';
$app->system->removeLine('/etc/fstab',$fstab_line);
if($data['old']['type'] != 'vhost' && $data['old']['type'] != 'vhostsubdomain' && $data['old']['parent_domain_id'] > 0) {
--
Gitblit v1.9.1