From ce9867c8b69abeaade113b7355baba6662c5a2cb Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Tue, 12 Apr 2011 08:34:41 -0400
Subject: [PATCH] Merged revisions 2292,2296,2299 from satble branch.

---
 server/plugins-available/apache2_plugin.inc.php |   69 +++++++++++++++++++++++++++++++---
 1 files changed, 63 insertions(+), 6 deletions(-)

diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 7fb2ab5..de6a043 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -75,11 +75,22 @@
 		$app->plugins->registerEvent('webdav_user_insert',$this->plugin_name,'webdav');
 		$app->plugins->registerEvent('webdav_user_update',$this->plugin_name,'webdav');
 		$app->plugins->registerEvent('webdav_user_delete',$this->plugin_name,'webdav');
+		
+		$app->plugins->registerEvent('client_delete',$this->plugin_name,'client_delete');
 	}
 
 	// Handle the creation of SSL certificates
 	function ssl($event_name,$data) {
 		global $app, $conf;
+
+		// load the server configuration options
+		$app->uses('getconf');
+		$web_config = $app->getconf->get_server_config($conf['server_id'], 'web');
+		if ($web_config['CA_path']!='' && !file_exists($web_config['CA_path'].'/openssl.cnf'))
+			$app->log("CA path error, file does not exist:".$web_config['CA_path'].'/openssl.conf',LOGLEVEL_ERROR);	
+		
+		//* Only vhosts can have a ssl cert
+		if($data["new"]["type"] != "vhost") return;
 
 		if(!is_dir($data['new']['document_root'].'/ssl')) exec('mkdir -p '.$data['new']['document_root'].'/ssl');
 		$ssl_dir = $data['new']['document_root'].'/ssl';
@@ -137,8 +148,22 @@
 			$crt_file = escapeshellcmd($crt_file);
 
 			if(is_file($ssl_cnf_file)) {
-				exec("openssl genrsa -des3 -rand $rand_file -passout pass:$ssl_password -out $key_file 2048 && openssl req -new -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -out $csr_file -days $ssl_days -config $config_file && openssl req -x509 -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -in $csr_file -out $crt_file -days $ssl_days -config $config_file && openssl rsa -passin pass:$ssl_password -in $key_file -out $key_file2");
-				$app->log('Creating SSL Cert for: '.$domain,LOGLEVEL_DEBUG);
+				
+				exec("openssl genrsa -des3 -rand $rand_file -passout pass:$ssl_password -out $key_file 2048");
+				exec("openssl req -new -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -out $csr_file -days $ssl_days -config $config_file");
+				exec("openssl rsa -passin pass:$ssl_password -in $key_file -out $key_file2");
+
+				if(file_exists($web_config['CA_path'].'/openssl.cnf'))
+				{
+					exec("openssl ca -batch -out $crt_file -config ".$web_config['CA_path']."/openssl.cnf -passin pass:".$web_config['CA_pass']." -in $csr_file");
+					$app->log("Creating CA-signed SSL Cert for: $domain",LOGLEVEL_DEBUG);
+					if (filesize($crt_file)==0 || !file_exists($crt_file)) $app->log("CA-Certificate signing failed.  openssl ca -out $crt_file -config ".$web_config['CA_path']."/openssl.cnf -passin pass:".$web_config['CA_pass']." -in $csr_file",LOGLEVEL_ERROR);
+				};
+				if (filesize($crt_file)==0 || !file_exists($crt_file)){
+					exec("openssl req -x509 -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -in $csr_file -out $crt_file -days $ssl_days -config $config_file ");
+					$app->log("Creating self-signed SSL Cert for: $domain",LOGLEVEL_DEBUG);
+				};
+			
 			}
 
 			exec('chmod 400 '.$key_file2);
@@ -178,6 +203,11 @@
 			$csr_file = $ssl_dir.'/'.$domain.'.csr';
 			$crt_file = $ssl_dir.'/'.$domain.'.crt';
 			$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
+			if(file_exists($web_config['CA_path'].'/openssl.cnf'))
+				{
+					exec("openssl ca -batch -config ".$web_config['CA_path']."/openssl.cnf -passin pass:".$web_config['CA_pass']." -revoke $crt_file");
+					$app->log("Revoking CA-signed SSL Cert for: $domain",LOGLEVEL_DEBUG);
+				};
 			unlink($csr_file);
 			unlink($crt_file);
 			unlink($bundle_file);
@@ -215,7 +245,7 @@
 			$old_parent_domain_id = intval($data['old']['parent_domain_id']);
 			$new_parent_domain_id = intval($data['new']['parent_domain_id']);
 
-			// If the parent_domain_id has been chenged, we will have to update the old site as well.
+			// If the parent_domain_id has been changed, we will have to update the old site as well.
 			if($this->action == 'update' && $data['new']['parent_domain_id'] != $data['old']['parent_domain_id']) {
 				$tmp = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$old_parent_domain_id." AND active = 'y'");
 				$data['new'] = $tmp;
@@ -289,6 +319,9 @@
 			if(!is_dir($new_dir)) exec('mkdir -p '.$new_dir);
 			exec('mv '.$data['old']['document_root'].' '.$new_dir);
 			$app->log('Moving site to new document root: mv '.$data['old']['document_root'].' '.$new_dir,LOGLEVEL_DEBUG);
+
+			// Handle the change in php_open_basedir
+			$data['new']['php_open_basedir'] = str_replace($data['old']['document_root'],$data['new']['document_root'],$data['old']['php_open_basedir']);
 
 			//* Change the owner of the website files to the new website owner
 			exec('chown --recursive --from='.escapeshellcmd($data['old']['system_user']).':'.escapeshellcmd($data['old']['system_group']).' '.escapeshellcmd($data['new']['system_user']).':'.escapeshellcmd($data['new']['system_group']).' '.$new_dir);
@@ -469,7 +502,7 @@
 			exec('setquota -T -u '.$username.' 604800 604800 -a &> /dev/null');
 		}
 
-		if($this->action == 'insert') {
+		if($this->action == 'insert' || $data["new"]["system_user"] != $data["old"]["system_user"]) {
 			// Chown and chmod the directories below the document root
 			$this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));
 			// The document root itself has to be owned by root in normal level and by the web owner in security level 20
@@ -491,6 +524,9 @@
 
 			// make tmp directory writable for Apache and the website users
 			$this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp'));
+			
+			// Set Log symlink to 755 to make the logs accessible by the FTP user
+			$this->_exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"])."/log");
 
 			$command = 'usermod';
 			$command .= ' --groups sshusers';
@@ -594,12 +630,12 @@
 		$crt_file = $ssl_dir.'/'.$domain.'.crt';
 		$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
 
-		if($data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file)) {
+		if($domain!='' && $data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file) && (@filesize($crt_file)>0)  && (@filesize($key_file)>0)) {
 			$vhost_data['ssl_enabled'] = 1;
 			$app->log('Enable SSL for: '.$domain,LOGLEVEL_DEBUG);
 		} else {
 			$vhost_data['ssl_enabled'] = 0;
-			$app->log('Disable SSL for: '.$domain,LOGLEVEL_DEBUG);
+			$app->log('SSL Disabled. '.$domain,LOGLEVEL_DEBUG);
 		}
 
 		if(@is_file($bundle_file)) $vhost_data['has_bundle_cert'] = 1;
@@ -1338,6 +1374,27 @@
 			$app->log('Removed AWStats config file: '.$awstats_conf_dir.'/awstats.'.$data['old']['domain'].'.conf',LOGLEVEL_DEBUG);
 		}
 	}
+	
+	function client_delete($event_name,$data) {
+		global $app, $conf;
+		
+		$app->uses("getconf");
+		$web_config = $app->getconf->get_server_config($conf["server_id"], 'web');
+		
+		$client_id = intval($data['old']['client_id']);
+		if($client_id > 0) {
+			
+			$client_dir = $web_config['website_basedir'].'/clients/client'.$client_id;
+			if(is_dir($client_dir) && !stristr($client_dir,'..')) {
+				@rmdir($client_dir);
+				$app->log('Removed client directory: '.$client_dir,LOGLEVEL_DEBUG);
+			}
+			
+			$this->_exec('groupdel client'.$client_id);
+			$app->log('Removed group client'.$client_id,LOGLEVEL_DEBUG);
+		}
+		
+	}
 
 	//* Wrapper for exec function for easier debugging
 	private function _exec($command) {

--
Gitblit v1.9.1