From ab7597c7ec2d62aadf82c4c647d3dc63dae8de90 Mon Sep 17 00:00:00 2001
From: mcramer <m.cramer@pixcept.de>
Date: Thu, 16 Aug 2012 14:53:05 -0400
Subject: [PATCH] Implemented  FS#2379 - Add perl option to web sites (apache2 mod_perl2) Fixed (partly) FS#2310 - Template switch not working in mailuser module, for dashlets and the login page

---
 server/plugins-available/apache2_plugin.inc.php |  111 +++++++++++++++++++++----------------------------------
 1 files changed, 43 insertions(+), 68 deletions(-)

diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 9e00a0f..f72f93a 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -1,7 +1,7 @@
 <?php
 
 /*
-Copyright (c) 2007 - 2009, Till Brehm, projektfarm Gmbh
+Copyright (c) 2007 - 2012, Till Brehm, projektfarm Gmbh
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification,
@@ -195,11 +195,12 @@
 			@$app->system->unlink($rand_file);
 			$ssl_request = $app->db->quote($app->system->file_get_contents($csr_file));
 			$ssl_cert = $app->db->quote($app->system->file_get_contents($crt_file));
+			$ssl_key2 = $app->db->quote($app->system->file_get_contents($key_file2));
 			/* Update the DB of the (local) Server */
-			$app->db->query("UPDATE web_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert' WHERE domain = '".$data['new']['domain']."'");
+			$app->db->query("UPDATE web_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key2' WHERE domain = '".$data['new']['domain']."'");
 			$app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
 			/* Update also the master-DB of the Server-Farm */
-			$app->dbmaster->query("UPDATE web_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert' WHERE domain = '".$data['new']['domain']."'");
+			$app->dbmaster->query("UPDATE web_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key2' WHERE domain = '".$data['new']['domain']."'");
 			$app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
 		}
 
@@ -209,7 +210,7 @@
 			$ssl_dir = $data["new"]["document_root"]."/ssl";
 			$domain = ($data["new"]["ssl_domain"] != '')?$data["new"]["ssl_domain"]:$data["new"]["domain"];
 			$key_file = $ssl_dir.'/'.$domain.'.key.org';
-		$key_file2 = $ssl_dir.'/'.$domain.'.key';
+			$key_file2 = $ssl_dir.'/'.$domain.'.key';
 			$csr_file = $ssl_dir.'/'.$domain.".csr";
 			$crt_file = $ssl_dir.'/'.$domain.".crt";
 			$bundle_file = $ssl_dir.'/'.$domain.".bundle";
@@ -225,6 +226,7 @@
 			if(trim($data["new"]["ssl_request"]) != '') $app->system->file_put_contents($csr_file,$data["new"]["ssl_request"]);
 			if(trim($data["new"]["ssl_cert"]) != '') $app->system->file_put_contents($crt_file,$data["new"]["ssl_cert"]);
 			if(trim($data["new"]["ssl_bundle"]) != '') $app->system->file_put_contents($bundle_file,$data["new"]["ssl_bundle"]);
+			if(trim($data["new"]["ssl_key"]) != '') $app->system->file_put_contents($key_file2,$data["new"]["ssl_key"]);
 			
 			/* Update the DB of the (local) Server */
 			$app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
@@ -433,6 +435,8 @@
 		//print_r($data);
 
 		// Check if the directories are there and create them if necessary.
+		$app->system->web_folder_protection($data['new']['document_root'],false);
+		
 		if(!is_dir($data['new']['document_root'].'/web')) $app->system->mkdirpath($data['new']['document_root'].'/web');
 		if(!is_dir($data['new']['document_root'].'/web/error') and $data['new']['errordocs']) $app->system->mkdirpath($data['new']['document_root'].'/web/error');
 		//if(!is_dir($data['new']['document_root'].'/log')) exec('mkdir -p '.$data['new']['document_root'].'/log');
@@ -441,39 +445,35 @@
 		if(!is_dir($data['new']['document_root'].'/tmp')) $app->system->mkdirpath($data['new']['document_root'].'/tmp');
 		if(!is_dir($data['new']['document_root'].'/webdav')) $app->system->mkdirpath($data['new']['document_root'].'/webdav');
 		
+		//* Create the new private directory
+		if(!is_dir($data['new']['document_root'].'/private')) {
+			$app->system->mkdirpath($data['new']['document_root'].'/private');
+			$app->system->chmod($data['new']['document_root'].'/private',0710);
+			$app->system->chown($data['new']['document_root'].'/private',$username);
+			$app->system->chgrp($data['new']['document_root'].'/private',$groupname);
+		}
+		
+		
 		// Remove the symlink for the site, if site is renamed
 		if($this->action == 'update' && $data['old']['domain'] != '' && $data['new']['domain'] != $data['old']['domain']) {
 			if(is_dir('/var/log/ispconfig/httpd/'.$data['old']['domain'])) exec('rm -rf /var/log/ispconfig/httpd/'.$data['old']['domain']);
 			if(is_link($data['old']['document_root'].'/log')) $app->system->unlink($data['old']['document_root'].'/log');
 		}
-
-		// Create the symlink for the logfiles
-		if(!is_dir('/var/log/ispconfig/httpd/'.$data['new']['domain'])) $app->system->mkdirpath('/var/log/ispconfig/httpd/'.$data['new']['domain']);
-		if(!is_link($data['new']['document_root'].'/log')) {
-//			exec("ln -s /var/log/ispconfig/httpd/".$data["new"]["domain"]." ".$data["new"]["document_root"]."/log");
-			if ($web_config["website_symlinks_rel"] == 'y') {
-				$this->create_relative_link("/var/log/ispconfig/httpd/".$data["new"]["domain"], $data["new"]["document_root"]."/log");
-			} else {
-				exec("ln -s /var/log/ispconfig/httpd/".$data["new"]["domain"]." ".$data["new"]["document_root"]."/log");
-			}
-
-			$app->log('Creating symlink: ln -s /var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/log',LOGLEVEL_DEBUG);
-		}
-		/*
-		// Create the symlink for the logfiles
-		// This does not work as vlogger cannot log trough symlinks.
-		if($this->action == 'update' && $data['old']['domain'] != '' && $data['new']['domain'] != $data['old']['domain']) {
-			if(is_dir($data['old']['document_root'].'/log')) exec('rm -rf '.$data['old']['document_root'].'/log');
-			if(is_link('/var/log/ispconfig/httpd/'.$data['old']['domain'])) $app->system->unlink('/var/log/ispconfig/httpd/'.$data['old']['domain']);
+		
+		//* Create the log dir if nescessary and mount it
+		if(!is_dir($data['new']['document_root'].'/log') || is_link($data['new']['document_root'].'/log')) {
+			if(is_link($data['new']['document_root'].'/log')) unlink($data['new']['document_root'].'/log');
+			$app->system->mkdir($data['new']['document_root'].'/log');
+			$app->system->chown($data['new']['document_root'].'/log','root');
+			$app->system->chgrp($data['new']['document_root'].'/log','root');
+			$app->system->chmod($data['new']['document_root'].'/log',0755);
+			exec('mount --bind '.escapeshellarg('/var/log/ispconfig/httpd/'.$data['new']['domain']).' '.escapeshellarg($data['new']['document_root'].'/log'));
+			//* add mountpoint to fstab
+			$fstab_line = '/var/log/ispconfig/httpd/'.$data['new']['domain'].' '.$data['new']['document_root'].'/log    none    bind    0 0';
+			$app->system->replaceLine('/etc/fstab',$fstab_line,$fstab_line,1,1);
 		}
 		
-		// Create the symlink for the logfiles
-		if(!is_dir($data['new']['document_root'].'/log')) exec('mkdir -p '.$data['new']['document_root'].'/log');
-		if(!is_link('/var/log/ispconfig/httpd/'.$data['new']['domain'])) {
-			exec('ln -s '.$data['new']['document_root'].'/log /var/log/ispconfig/httpd/'.$data['new']['domain']);
-			$app->log('Creating symlink: ln -s '.$data['new']['document_root'].'/log /var/log/ispconfig/httpd/'.$data['new']['domain'],LOGLEVEL_DEBUG);
-		}
-		*/
+		$app->system->web_folder_protection($data['new']['document_root'],true);
 
 		// Get the client ID
 		$client = $app->dbmaster->queryOneRecord('SELECT client_id FROM sys_group WHERE sys_group.groupid = '.intval($data['new']['sys_groupid']));
@@ -624,24 +624,21 @@
 			
 			$app->system->web_folder_protection($data['new']['document_root'],false);
 			
+			//* Check if we have the new private folder and create it if nescessary
+			if(!is_dir($data['new']['document_root'].'/private')) $app->system->mkdir($data['new']['document_root'].'/private');
+			
 			if($web_config['security_level'] == 20) {
 				
-				$app->system->chmod($data['new']['document_root'],0751);
+				$app->system->chmod($data['new']['document_root'],0755);
 				$app->system->chmod($data['new']['document_root'].'/web',0710);
 				$app->system->chmod($data['new']['document_root'].'/webdav',0710);
+				$app->system->chmod($data['new']['document_root'].'/private',0710);
 				$app->system->chmod($data['new']['document_root'].'/ssl',0755);
-				
-				/*
-				$this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']));
-				$this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']).'/*');
-				$this->_exec('chmod 710 '.escapeshellcmd($data['new']['document_root'].'/web'));
-				$this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/ssl'));
-				*/
 
 				// make tmp directory writable for Apache and the website users
 				$app->system->chmod($data['new']['document_root'].'/tmp',0777);
 			
-				// Set Log symlink to 755 to make the logs accessible by the FTP user
+				// Set Log directory to 755 to make the logs accessible by the FTP user
 				if(realpath($data['new']['document_root'].'/log') == '/var/log/ispconfig/httpd/'.$data['new']['domain'].'/error.log') {
 					$app->system->chmod($data['new']['document_root'].'/log',0755);
 				}
@@ -669,16 +666,8 @@
 				$app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));
 				
 				//* Chown all default directories
-				/*
-				$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));
-				$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/cgi-bin'));
-				$this->_exec('chown root:'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/log'));
-				$this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root'].'/ssl'));
-				$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/tmp'));
-				$this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/web'));
-				*/
-				$app->system->chown($data['new']['document_root'],$username);
-				$app->system->chgrp($data['new']['document_root'],$groupname);
+				$app->system->chown($data['new']['document_root'],'root');
+				$app->system->chgrp($data['new']['document_root'],'root');
 				$app->system->chown($data['new']['document_root'].'/cgi-bin',$username);
 				$app->system->chgrp($data['new']['document_root'].'/cgi-bin',$groupname);
 				if(realpath($data['new']['document_root'].'/log') == '/var/log/ispconfig/httpd/'.$data['new']['domain'].'/error.log') {
@@ -697,22 +686,8 @@
 				$app->system->chgrp($data['new']['document_root'].'/web/stats',$groupname);
 				$app->system->chown($data['new']['document_root'].'/webdav',$username);
 				$app->system->chgrp($data['new']['document_root'].'/webdav',$groupname);
-				
-				
-				/*
-				* Workaround for jailkit: If jailkit is enabled for the site, the 
-				* website root has to be owned by the root user and we have to chmod it to 755 then
-				*/
-
-				//* Check if there is a jailkit user or cronjob for this site
-				$tmp = $app->db->queryOneRecord('SELECT count(shell_user_id) as number FROM shell_user WHERE parent_domain_id = '.$data['new']['domain_id']." AND chroot = 'jailkit'");
-				$tmp2 = $app->db->queryOneRecord('SELECT count(id) as number FROM cron WHERE parent_domain_id = '.$data['new']['domain_id']." AND `type` = 'chrooted'");
-				if($tmp['number'] > 0 || $tmp2['number'] > 0) {
-					$app->system->chmod($data['new']['document_root'],0755);
-					$app->system->chown($data['new']['document_root'],'root');
-					$app->system->chgrp($data['new']['document_root'],'root');
-				}
-				unset($tmp);
+				$app->system->chown($data['new']['document_root'].'/private',$username);
+				$app->system->chgrp($data['new']['document_root'].'/private',$groupname);
 
 				// If the security Level is set to medium
 			} else {
@@ -755,10 +730,10 @@
 		//* Protect web folders
 		$app->system->web_folder_protection($data['new']['document_root'],true);
 
-		// Change the ownership of the error log to the owner of the website
+		// Change the ownership of the error log to the root user
 		if(!@is_file('/var/log/ispconfig/httpd/'.$data['new']['domain'].'/error.log')) exec('touch '.escapeshellcmd('/var/log/ispconfig/httpd/'.$data['new']['domain'].'/error.log'));
-		$app->system->chown('/var/log/ispconfig/httpd/'.$data['new']['domain'].'/error.log',$username);
-		$app->system->chgrp('/var/log/ispconfig/httpd/'.$data['new']['domain'].'/error.log',$groupname);
+		$app->system->chown('/var/log/ispconfig/httpd/'.$data['new']['domain'].'/error.log','root');
+		$app->system->chgrp('/var/log/ispconfig/httpd/'.$data['new']['domain'].'/error.log','root');
 
 
 		//* Write the custom php.ini file, if custom_php_ini fieled is not empty

--
Gitblit v1.9.1