From 72695f0356210b5ca68d33d09e91c00ed9d6c2b6 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Tue, 12 Feb 2013 04:55:44 -0500
Subject: [PATCH] Merged Revisions 3771-3801 from stable branch.

---
 install/lib/installer_base.lib.php |   80 +++++++++++++++++++++++++++++++++-------
 1 files changed, 66 insertions(+), 14 deletions(-)

diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index 1933db8..97853a0 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -132,7 +132,7 @@
 		if(is_installed('named') || is_installed('bind') || is_installed('bind9')) $conf['bind']['installed'] = true;
 		if(is_installed('squid')) $conf['squid']['installed'] = true;
 		if(is_installed('nginx')) $conf['nginx']['installed'] = true;
-		// if(is_installed('iptables') && is_installed('ufw')) $conf['ufw']['installed'] = true;
+		if(is_installed('iptables') && is_installed('ufw')) $conf['ufw']['installed'] = true;
 		if(is_installed('fail2ban-server')) $conf['fail2ban']['installed'] = true;
 		if(is_installed('vzctl')) $conf['openvz']['installed'] = true;
 		if(is_dir("/etc/Bastille")) $conf['bastille']['installed'] = true;
@@ -423,7 +423,7 @@
 				$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
 			}
 
-			$query = "GRANT SELECT, UPDATE (`ssl_request`, `ssl_cert`, `ssl_action`) ON ".$value['db'].".`web_domain` TO '".$value['user']."'@'".$host."' ";
+			$query = "GRANT SELECT, UPDATE (`ssl_request`, `ssl_cert`, `ssl_action`, `ssl_key`) ON ".$value['db'].".`web_domain` TO '".$value['user']."'@'".$host."' ";
 			if ($verbose){
 				echo $query ."\n";
 			}
@@ -472,6 +472,14 @@
 			}
 
 			$query = "GRANT SELECT, UPDATE ON ".$value['db'].".`aps_instances` TO '".$value['user']."'@'".$host."' ";
+			if ($verbose){
+				echo $query ."\n";
+			}
+			if(!$this->dbmaster->query($query)) {
+				$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
+			}
+			
+			$query = "GRANT SELECT, INSERT, DELETE ON ".$value['db'].".`web_backup` TO '".$value['user']."'@'".$host."' ";
 			if ($verbose){
 				echo $query ."\n";
 			}
@@ -558,6 +566,23 @@
 				}
 			}
 		}
+		
+		$config_dir = $conf['mailman']['config_dir'].'/';
+		$full_file_name = $config_dir.'virtual_to_transport.sh';
+		
+		//* Backup exiting virtual_to_transport.sh script
+		if(is_file($full_file_name)) {
+			copy($full_file_name, $config_dir.'virtual_to_transport.sh~');
+		}
+		
+		copy('tpl/mailman-virtual_to_transport.sh',$full_file_name);
+		chgrp($full_file_name,'list');
+		chmod($full_file_name,0750);
+		
+		if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');
+		exec('/usr/sbin/postmap /var/lib/mailman/data/transport-mailman');
+		
+		exec('/usr/lib/mailman/bin/genaliases');
 
 		$virtual_domains = '';
 		if($status == 'update')
@@ -673,7 +698,7 @@
 				'smtpd_tls_security_level = may',
 				'smtpd_tls_cert_file = '.$config_dir.'/smtpd.cert',
 				'smtpd_tls_key_file = '.$config_dir.'/smtpd.key',
-				'transport_maps = proxy:mysql:'.$config_dir.'/mysql-virtual_transports.cf',
+				'transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:'.$config_dir.'/mysql-virtual_transports.cf',
 				'relay_domains = mysql:'.$config_dir.'/mysql-virtual_relaydomains.cf',
 				'relay_recipient_maps = mysql:'.$config_dir.'/mysql-virtual_relayrecipientmaps.cf',
 				'proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps',
@@ -724,7 +749,7 @@
 		if(!stristr($options,'dont-create-certs')) {
 			//* Create the SSL certificate
 			$command = 'cd '.$config_dir.'; '
-					.'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';
+					.'openssl req -new -outform PEM -out smtpd.cert -newkey rsa:4096 -nodes -keyout smtpd.key -keyform PEM -days 3650 -x509';
 			exec($command);
 
 			$command = 'chmod o= '.$config_dir.'/smtpd.key';
@@ -900,7 +925,7 @@
 		$content = rf($conf['postfix']['config_dir'].'/master.cf');
 		// Only add the content if we had not addded it before
 		if(!stristr($content,'dovecot/deliver')) {
-			$deliver_content = 'dovecot   unix  -       n       n       -       -       pipe'."\n".'  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}';
+			$deliver_content = 'dovecot   unix  -       n       n       -       -       pipe'."\n".'  flags=DROhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}';
 			af($conf['postfix']['config_dir'].'/master.cf',$deliver_content);
 		}
 		unset($content);
@@ -1341,7 +1366,6 @@
 		exec('chown root:root '.$conf["squid"]["config_dir"].'/'.$configfile);
 	}
 
-	/*
 	public function configure_ufw_firewall()
 	{
 		$configfile = 'ufw.conf';
@@ -1351,9 +1375,8 @@
 		exec('chmod 600 /etc/ufw/ufw.conf');
 		exec('chown root:root /etc/ufw/ufw.conf');
 	}
-	*/
 
-	public function configure_firewall() {
+	public function configure_bastille_firewall() {
 		global $conf;
 
 		$dist_init_scripts = $conf['init_scripts'];
@@ -1555,6 +1578,16 @@
 			//$content = str_replace('{fpm_port}', ($conf['nginx']['php_fpm_start_port']+1), $content);
 			$content = str_replace('{fpm_socket}', $fpm_socket, $content);
 			$content = str_replace('{cgi_socket}', $cgi_socket, $content);
+			
+			if(file_exists('/var/run/php5-fpm.sock')){
+				$use_tcp = '#';
+				$use_socket = '';
+			} else {
+				$use_tcp = '';
+				$use_socket = '#';
+			}
+			$content = str_replace('{use_tcp}', $use_tcp, $content);
+			$content = str_replace('{use_socket}', $use_socket, $content);
 
 			wf($vhost_conf_dir.'/apps.vhost', $content);
 
@@ -1650,6 +1683,7 @@
 		$content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
 		$content = str_replace('{language}', $conf['language'], $content);
 		$content = str_replace('{timezone}', $conf['timezone'], $content);
+		$content = str_replace('{theme}', $conf['theme'], $content);
 
 		wf($install_dir.'/interface/lib/'.$configfile, $content);
 
@@ -1673,6 +1707,7 @@
 		$content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
 		$content = str_replace('{language}', $conf['language'], $content);
 		$content = str_replace('{timezone}', $conf['timezone'], $content);
+		$content = str_replace('{theme}', $conf['theme'], $content);
 
 		wf($install_dir.'/server/lib/'.$configfile, $content);
 
@@ -1796,9 +1831,14 @@
 		exec("chmod -R 770 $install_dir/server/aps_packages");
 
 		//* make sure that the server config file (not the interface one) is only readable by the root user
-		chmod($install_dir.'/server/lib/'.$configfile, 0600);
-		chown($install_dir.'/server/lib/'.$configfile, 'root');
-		chgrp($install_dir.'/server/lib/'.$configfile, 'root');
+		chmod($install_dir.'/server/lib/config.inc.php', 0600);
+		chown($install_dir.'/server/lib/config.inc.php', 'root');
+		chgrp($install_dir.'/server/lib/config.inc.php', 'root');
+		
+		//* Make sure thet the interface config file is readable by user ispconfig only
+		chmod($install_dir.'/interface/lib/config.inc.php', 0600);
+		chown($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
+		chgrp($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
 
 		chmod($install_dir.'/server/lib/remote_action.inc.php', 0600);
 		chown($install_dir.'/server/lib/remote_action.inc.php', 'root');
@@ -1859,6 +1899,11 @@
 				$content = str_replace('{ssl_comment}', '', $content);
 			} else {
 				$content = str_replace('{ssl_comment}', '#', $content);
+			}
+			if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key') && is_file($install_dir.'/interface/ssl/ispserver.bundle')) {
+				$content = str_replace('{ssl_bundle_comment}', '', $content);
+			} else {
+				$content = str_replace('{ssl_bundle_comment}', '#', $content);
 			}
 
 			wf($vhost_conf_dir.'/ispconfig.vhost', $content);
@@ -1957,10 +2002,12 @@
 			touch($conf['ispconfig_log_dir'].'/ispconfig.log');
 		}
 
-		//* Create the ispconfig auth log file
+		//* Create the ispconfig auth log file and set uid/gid
 		if(!is_file($conf['ispconfig_log_dir'].'/auth.log')) {
-			touch($conf['ispconfig_log_dir'].'/auth.log', 0666);
+			touch($conf['ispconfig_log_dir'].'/auth.log');
 		}
+		exec('chown ispconfig:ispconfig '. $conf['ispconfig_log_dir'].'/auth.log');
+		exec('chmod 660 '. $conf['ispconfig_log_dir'].'/auth.log');
 
 		if(is_user('getmail')) {
 			rename($install_dir.'/server/scripts/run-getmail.sh','/usr/local/bin/run-getmail.sh');
@@ -1991,6 +2038,11 @@
 			fclose($fh);
 			*/
 		}
+		
+		//* Remove Domain module as its functions are available in the client module now
+		if(@is_dir('/usr/local/ispconfig/interface/web/domain')) exec('rm -rf /usr/local/ispconfig/interface/web/domain');
+	
+	
 	}
 
 	public function configure_dbserver() {
@@ -2192,4 +2244,4 @@
 	}
 }
 
-?>
\ No newline at end of file
+?>

--
Gitblit v1.9.1