From f8d8a4edb194d98ca2104480022a66cae86e9bfc Mon Sep 17 00:00:00 2001
From: jmontoya <jmontoya@ispconfig3>
Date: Mon, 09 Aug 2010 08:16:52 -0400
Subject: [PATCH] Adding <IfModule mod_suphp.c> condition see FS#1278
---
install/lib/installer_base.lib.php | 76 +++++++++++++++++++++++++++++++++-----
1 files changed, 66 insertions(+), 10 deletions(-)
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index 2725904..3d3b60e 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -196,7 +196,8 @@
$tpl_ini_array = ini_to_array(rf('tpl/server.ini.master'));
- // TODO: Update further distribution specific parameters for server config here
+ //* Update further distribution specific parameters for server config here
+ //* HINT: Every line added here has to be added in update.lib.php too!!
$tpl_ini_array['web']['vhost_conf_dir'] = $conf['apache']['vhost_conf_dir'];
$tpl_ini_array['web']['vhost_conf_enabled_dir'] = $conf['apache']['vhost_conf_enabled_dir'];
$tpl_ini_array['jailkit']['jailkit_chroot_app_programs'] = $conf['jailkit']['jailkit_chroot_app_programs'];
@@ -211,6 +212,8 @@
$tpl_ini_array['web']['security_level'] = 20;
$tpl_ini_array['web']['user'] = $conf['apache']['user'];
$tpl_ini_array['web']['group'] = $conf['apache']['group'];
+ $tpl_ini_array['web']['php_ini_path_apache'] = $conf['apache']['php_ini_path_apache'];
+ $tpl_ini_array['web']['php_ini_path_cgi'] = $conf['apache']['php_ini_path_cgi'];
$tpl_ini_array['mail']['pop3_imap_daemon'] = ($conf['dovecot']['installed'] == true)?'dovecot':'courier';
$tpl_ini_array['mail']['mail_filter_syntax'] = ($conf['dovecot']['installed'] == true)?'sieve':'maildrop';
$tpl_ini_array['dns']['bind_user'] = $conf['bind']['bind_user'];
@@ -544,7 +547,7 @@
//** We have to change the permissions of the courier authdaemon directory to make it accessible for maildrop.
$command = 'chmod 755 /var/run/courier/authdaemon/';
- caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
+ if(is_file('/var/run/courier/authdaemon/')) caselog($command.' &> /dev/null', __FILE__, __LINE__, 'EXECUTED: '.$command, 'Failed to execute the command '.$command);
//* Changing maildrop lines in posfix master.cf
if(is_file($config_dir.'/master.cf')) {
@@ -643,6 +646,8 @@
$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
wf("$pam/smtp", $content);
+ // On some OSes smtp is world readable which allows for reading database information. Removing world readable rights should have no effect.
+ if(is_file("$pam/smtp")) exec("chmod o= $pam/smtp");
exec("chmod 660 $pam/smtp");
exec("chown daemon:daemon $pam/smtp");
@@ -852,6 +857,7 @@
//exec('mkdir -p '.$config_dir.'/conf/ChrootEveryone');
exec('echo "yes" > '.$config_dir.'/conf/ChrootEveryone');
exec('echo "yes" > '.$config_dir.'/conf/BrokenClientsCompatibility');
+ exec('echo "yes" > '.$config_dir.'/conf/DisplayDotFiles');
if(is_file('/etc/default/pure-ftpd-common')) {
replaceLine('/etc/default/pure-ftpd-common','STANDALONE_OR_INETD=inetd','STANDALONE_OR_INETD=standalone',1,0);
@@ -930,7 +936,20 @@
public function configure_bind() {
global $conf;
- //* Nothing to do
+ //* Check if the zonefile directory has a slash at the end
+ $content=$conf['bind']['bind_zonefiles_dir'];
+ if(substr($content,-1,1) != '/') {
+ $content .= '/';
+ }
+
+ //* Create the slave subdirectory
+ $content .= 'slave';
+ $content_mkdir = 'mkdir -p '.$content;
+ exec($content_mkdir);
+
+ //* Chown the slave subdirectory to $conf['bind']['bind_user']
+ exec('chown '.$conf['bind']['bind_user'].':'.$conf['bind']['bind_group'].' '.$content);
+ exec('chmod 770 '.$content);
}
@@ -943,7 +962,7 @@
exec('mkdir -p /var/log/ispconfig/httpd');
if(is_file('/etc/suphp/suphp.conf')) {
- replaceLine('/etc/suphp/suphp.conf','php=php:/usr/bin','x-httpd-suphp=php:/usr/bin/php-cgi',0);
+ replaceLine('/etc/suphp/suphp.conf','php=php:/usr/bin','x-httpd-suphp="php:/usr/bin/php-cgi"',0);
//replaceLine('/etc/suphp/suphp.conf','docroot=','docroot=/var/clients',0);
replaceLine('/etc/suphp/suphp.conf','umask=0077','umask=0022',0);
}
@@ -1147,6 +1166,25 @@
}
}
+
+ public function make_ispconfig_ssl_cert() {
+ global $conf;
+
+ $ssl_crt_file = '/usr/local/ispconfig/interface/ssl/ispserver.crt';
+ $ssl_csr_file = '/usr/local/ispconfig/interface/ssl/ispserver.csr';
+ $ssl_key_file = '/usr/local/ispconfig/interface/ssl/ispserver.key';
+
+ if(!is_dir('/usr/local/ispconfig/interface/ssl')) exec("mkdir -p /usr/local/ispconfig/interface/ssl");
+
+ $ssl_pw = substr(md5(mt_rand()),0,6);
+ exec("openssl genrsa -des3 -passout pass:$ssl_pw -out $ssl_key_file 4096");
+ exec("openssl req -new -passin pass:$ssl_pw -passout pass:$ssl_pw -key $ssl_key_file -out $ssl_csr_file");
+ exec("openssl req -x509 -passin pass:$ssl_pw -passout pass:$ssl_pw -key $ssl_key_file -in $ssl_csr_file -out $ssl_crt_file -days 3650");
+ exec("openssl rsa -passin pass:$ssl_pw -in $ssl_key_file -out $ssl_key_file.insecure");
+ exec("mv $ssl_key_file $ssl_key_file.secure");
+ exec("mv $ssl_key_file.insecure $ssl_key_file");
+
+ }
public function install_ispconfig() {
global $conf;
@@ -1241,9 +1279,15 @@
$module_name = substr($file,0,-8);
$tmp = new $module_name;
if($tmp->onInstall()) {
- if(!@is_link($install_dir.'/server/mods-enabled/'.$file)) @symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-enabled/'.$file);
+ if(!@is_link($install_dir.'/server/mods-enabled/'.$file)) {
+ @symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-enabled/'.$file);
+ // @symlink($install_dir.'/server/mods-available/'.$file, '../mods-enabled/'.$file);
+ }
if (strpos($file, '_core_module') !== false) {
- if(!@is_link($install_dir.'/server/mods-core/'.$file)) @symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-core/'.$file);
+ if(!@is_link($install_dir.'/server/mods-core/'.$file)) {
+ @symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-core/'.$file);
+ // @symlink($install_dir.'/server/mods-available/'.$file, '../mods-core/'.$file);
+ }
}
}
unset($tmp);
@@ -1262,9 +1306,15 @@
$plugin_name = substr($file,0,-8);
$tmp = new $plugin_name;
if(method_exists($tmp,'onInstall') && $tmp->onInstall()) {
- if(!@is_link($install_dir.'/server/plugins-enabled/'.$file)) @symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-enabled/'.$file);
+ if(!@is_link($install_dir.'/server/plugins-enabled/'.$file)) {
+ @symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-enabled/'.$file);
+ //@symlink($install_dir.'/server/plugins-available/'.$file, '../plugins-enabled/'.$file);
+ }
if (strpos($file, '_core_plugin') !== false) {
- if(!@is_link($install_dir.'/server/plugins-core/'.$file)) @symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-core/'.$file);
+ if(!@is_link($install_dir.'/server/plugins-core/'.$file)) {
+ @symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-core/'.$file);
+ //@symlink($install_dir.'/server/plugins-available/'.$file, '../plugins-core/'.$file);
+ }
}
}
unset($tmp);
@@ -1364,6 +1414,12 @@
} else {
$content = str_replace('{vhost_port_listen}', '', $content);
}
+
+ if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {
+ $content = str_replace('{ssl_comment}', '', $content);
+ } else {
+ $content = str_replace('{ssl_comment}', '#', $content);
+ }
wf("$vhost_conf_dir/ispconfig.vhost", $content);
@@ -1413,7 +1469,7 @@
//* Add Log-Rotation
if (is_dir('/etc/logrotate.d')) {
- unlink('/etc/logrotate.d/logispc3');
+ @unlink('/etc/logrotate.d/logispc3'); // ignore, if the file is not there
$fh = fopen('/etc/logrotate.d/logispc3', 'w');
fwrite($fh,
"/var/log/ispconfig/ispconfig.log { \n" .
@@ -1623,4 +1679,4 @@
}
}
-?>
\ No newline at end of file
+?>
--
Gitblit v1.9.1