"Fossies" - the Fresh Open Source Software Archive

Member "ispconfig3_install/install/dist/lib/fedora.lib.php" (8 Jun 2021, 56384 Bytes) of package /linux/privat/ISPConfig-3.2.5.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) PHP source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "fedora.lib.php": 3.2.4_vs_3.2.5.

    1 <?php
    2 
    3 /*
    4 Copyright (c) 2007, Till Brehm, projektfarm Gmbh
    5 All rights reserved.
    6 
    7 Redistribution and use in source and binary forms, with or without modification,
    8 are permitted provided that the following conditions are met:
    9 
   10     * Redistributions of source code must retain the above copyright notice,
   11       this list of conditions and the following disclaimer.
   12     * Redistributions in binary form must reproduce the above copyright notice,
   13       this list of conditions and the following disclaimer in the documentation
   14       and/or other materials provided with the distribution.
   15     * Neither the name of ISPConfig nor the names of its contributors
   16       may be used to endorse or promote products derived from this software without
   17       specific prior written permission.
   18 
   19 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
   20 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
   21 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
   22 IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
   23 INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
   24 BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
   25 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
   26 OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
   27 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
   28 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
   29 */
   30 
   31 class installer_dist extends installer_base {
   32     protected $mailman_group = 'mailman';
   33 
   34     public function __construct() {
   35         //** check apache modules */
   36         $mods = getapachemodules();
   37         if(in_array('authz_compat', $mods, true)) {
   38             swriteln($inst->lng('    WARNING! You are using mod_authz_compat.'));
   39             swriteln($inst->lng('    Please make sure that your apache config uses the new auth syntax:'));
   40             swriteln($inst->lng('    <Directory />'));
   41             swriteln($inst->lng('    Options None'));
   42             swriteln($inst->lng('    AllowOverride None'));
   43             swriteln($inst->lng('    Require all denied'));
   44             swriteln($inst->lng('    </Directory>'."\n"));
   45 
   46             swriteln($inst->lng('    If it uses the old syntax (deny from all) ISPConfig would fail to work.'));
   47         }
   48     }
   49 
   50     public function configure_saslauthd() {
   51         global $conf;
   52 
   53         $configfile = 'tpl/fedora_saslauthd_smtpd_conf.master';
   54         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_saslauthd_smtpd_conf.master', $configfile);
   55         wf('/usr/lib/sasl2/smtpd.conf', $content);
   56         if(is_dir('/usr/lib64')) wf('/usr/lib64/sasl/smtpd.conf', $content);
   57         if(is_dir('/usr/lib64')) wf('/usr/lib64/sasl2/smtpd.conf', $content);
   58 
   59     }
   60 
   61     public function configure_pam()
   62     {
   63         global $conf;
   64         $pam = $conf['pam'];
   65         //* configure pam for SMTP authentication agains the ispconfig database
   66         $configfile = 'pamd_smtp';
   67         if(is_file("$pam/smtp"))    copy("$pam/smtp", "$pam/smtp~");
   68         if(is_file("$pam/smtp~"))   exec("chmod 400 $pam/smtp~");
   69 
   70         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
   71         $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
   72         $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
   73         $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
   74         $content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
   75         wf("$pam/smtp", $content);
   76         // On some OSes smtp is world readable which allows for reading database information.  Removing world readable rights should have no effect.
   77         if(is_file("$pam/smtp"))    exec("chmod o= $pam/smtp");
   78     }
   79 
   80     public function configure_courier()
   81     {
   82         global $conf;
   83         $config_dir = $conf['courier']['config_dir'];
   84         //* authmysqlrc
   85         $configfile = 'authmysqlrc';
   86         if(is_file("$config_dir/$configfile")){
   87             copy("$config_dir/$configfile", "$config_dir/$configfile~");
   88         }
   89         exec("chmod 400 $config_dir/$configfile~");
   90         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
   91         $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
   92         $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
   93         $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
   94         $content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
   95         $content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
   96         wf("$config_dir/$configfile", $content);
   97 
   98         exec("chmod 660 $config_dir/$configfile");
   99         exec("chown root:root $config_dir/$configfile");
  100 
  101         //* authdaemonrc
  102         $configfile = $conf['courier']['config_dir'].'/authdaemonrc';
  103         if(is_file($configfile)){
  104             copy($configfile, $configfile.'~');
  105         }
  106         if(is_file($configfile.'~')){
  107             exec('chmod 400 '.$configfile.'~');
  108         }
  109         $content = rf($configfile);
  110         $content = str_replace('authmodulelist=', 'authmodulelist="authmysql"', $content);
  111         wf($configfile, $content);
  112     }
  113 
  114     public function configure_dovecot()
  115     {
  116         global $conf;
  117 
  118         $virtual_transport = 'dovecot';
  119 
  120         $configure_lmtp = false;
  121 
  122         // use lmtp if installed
  123         if($configure_lmtp = (is_file('/usr/lib/dovecot/lmtp') || is_file('/usr/libexec/dovecot/lmtp'))) {
  124             $virtual_transport = 'lmtp:unix:private/dovecot-lmtp';
  125         }
  126 
  127         // check if virtual_transport must be changed
  128         if ($this->is_update) {
  129             $tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
  130             $ini_array = ini_to_array(stripslashes($tmp['config']));
  131             // ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
  132 
  133             if(isset($ini_array['mail']['mailbox_virtual_uidgid_maps']) && $ini_array['mail']['mailbox_virtual_uidgid_maps'] == 'y') {
  134                 $virtual_transport = 'lmtp:unix:private/dovecot-lmtp';
  135                 $configure_lmtp = true;
  136             }
  137         }
  138 
  139         $config_dir = $conf['postfix']['config_dir'];
  140 
  141         //* Configure master.cf and add a line for deliver
  142         if(!$this->get_postfix_service('dovecot', 'unix')) {
  143             //* backup
  144             if(is_file($config_dir.'/master.cf')){
  145                 copy($config_dir.'/master.cf', $config_dir.'/master.cf~2');
  146             }
  147             if(is_file($config_dir.'/master.cf~')){
  148                 chmod($config_dir.'/master.cf~2', 0400);
  149             }
  150             //* Configure master.cf and add a line for deliver
  151             $content = rf($conf["postfix"]["config_dir"].'/master.cf');
  152             $deliver_content = 'dovecot   unix  -       n       n       -       -       pipe'."\n".'  flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop}'."\n";
  153             af($conf["postfix"]["config_dir"].'/master.cf', $deliver_content);
  154             unset($content);
  155             unset($deliver_content);
  156         }
  157 
  158         //* Reconfigure postfix to use dovecot authentication
  159         $postconf_commands = array (
  160             'dovecot_destination_recipient_limit = 1',
  161             'virtual_transport = '.$virtual_transport,
  162             'smtpd_sasl_type = dovecot',
  163             'smtpd_sasl_path = private/auth',
  164         );
  165 
  166         // Make a backup copy of the main.cf file
  167         copy($conf["postfix"]["config_dir"].'/main.cf', $conf["postfix"]["config_dir"].'/main.cf~3');
  168 
  169         // Executing the postconf commands
  170         foreach($postconf_commands as $cmd) {
  171             $command = "postconf -e '$cmd'";
  172             caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  173         }
  174 
  175         //* Use /etc/dovecot as config dir if exists
  176 //      if(is_dir('/etc/dovecot')) $config_dir = '/etc/dovecot';
  177         $config_dir = $conf['dovecot']['config_dir'];
  178 
  179         //* backup dovecot.conf
  180         $configfile = 'dovecot.conf';
  181         if(is_file("$config_dir/$configfile")){
  182             copy("$config_dir/$configfile", "$config_dir/$configfile~");
  183         }
  184 
  185         //* Get the dovecot version
  186         exec('dovecot --version', $tmp);
  187         $dovecot_version = $tmp[0];
  188         unset($tmp);
  189 
  190         //* Copy dovecot configuration file
  191         if(version_compare($dovecot_version,2) >= 0) {
  192             if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot2.conf.master')) {
  193                 copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot2.conf.master', $config_dir.'/'.$configfile);
  194             } else {
  195                 copy('tpl/fedora_dovecot2.conf.master', $config_dir.'/'.$configfile);
  196             }
  197             if(version_compare($dovecot_version,2.1) < 0) {
  198                 removeLine($config_dir.'/'.$configfile, 'ssl_protocols =');
  199             }
  200             if(version_compare($dovecot_version,2.2) >= 0) {
  201                 // Dovecot > 2.2 does not recognize !SSLv2 anymore on Debian 9
  202                 $content = file_get_contents($config_dir.'/'.$configfile);
  203                 $content = str_replace('!SSLv2','',$content);
  204                 file_put_contents($config_dir.'/'.$configfile,$content);
  205                 unset($content);
  206             }
  207             if(version_compare($dovecot_version,2.3) >= 0) {
  208                 // Remove deprecated setting(s)
  209                 removeLine($config_dir.'/'.$configfile, 'ssl_protocols =');
  210 
  211                 // Check if we have a dhparams file and if not, create it
  212                 if(!file_exists('/etc/dovecot/dh.pem')) {
  213                     swriteln('Creating new DHParams file, this takes several minutes. Do not interrupt the script.');
  214                     if(file_exists('/var/lib/dovecot/ssl-parameters.dat')) {
  215                         // convert existing ssl parameters file
  216                         $command = 'dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pem';
  217                         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  218                     } else {
  219                         /*
  220                            Create a new dhparams file. We use 2048 bit only as it simply takes too long
  221                            on smaller systems to generate a 4096 bit dh file (> 30 minutes). If you need
  222                            a 4096 bit file, create it manually before you install ISPConfig
  223                         */
  224                         $command = 'openssl dhparam -out /etc/dovecot/dh.pem 2048';
  225                         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  226                     }
  227                 }
  228                 //remove #2.3+ comment
  229                 $content = file_get_contents($config_dir.'/'.$configfile);
  230                 $content = str_replace('#2.3+','',$content);
  231                 file_put_contents($config_dir.'/'.$configfile,$content);
  232                 unset($content);
  233 
  234             } else {
  235                 // remove settings which are not supported in Dovecot < 2.3
  236                 removeLine($config_dir.'/'.$configfile, 'ssl_min_protocol =');
  237                 removeLine($config_dir.'/'.$configfile, 'ssl_dh =');
  238             }
  239             replaceLine($config_dir.'/'.$configfile, 'postmaster_address = postmaster@example.com', 'postmaster_address = postmaster@'.$conf['hostname'], 1, 0);
  240             replaceLine($config_dir.'/'.$configfile, 'postmaster_address = webmaster@localhost', 'postmaster_address = postmaster@'.$conf['hostname'], 1, 0);
  241         } else {
  242             if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot.conf.master')) {
  243                 copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot.conf.master', $config_dir.'/'.$configfile);
  244             } else {
  245                 copy('tpl/fedora_dovecot.conf.master', $config_dir.'/'.$configfile);
  246             }
  247         }
  248 
  249         //* dovecot-lmtpd
  250         if($configure_lmtp) {
  251             replaceLine($config_dir.'/'.$configfile, 'protocols = imap pop3', 'protocols = imap pop3 lmtp', 1, 0);
  252         }
  253 
  254         //* dovecot-sql.conf
  255         $configfile = 'dovecot-sql.conf';
  256         if(is_file("$config_dir/$configfile")){
  257             copy("$config_dir/$configfile", "$config_dir/$configfile~");
  258             exec("chmod 400 $config_dir/$configfile~");
  259         }
  260 
  261         if(!@file_exists('/etc/dovecot-sql.conf')) exec('ln -s /etc/dovecot/dovecot-sql.conf /etc/dovecot-sql.conf');
  262 
  263         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot-sql.conf.master', "tpl/fedora_dovecot-sql.conf.master");
  264         $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
  265         $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
  266         $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
  267         $content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
  268         $content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
  269         $content = str_replace('{server_id}', $conf['server_id'], $content);
  270         # enable iterate_query for dovecot2
  271         if(version_compare($dovecot_version,2, '>=')) {
  272             $content = str_replace('# iterate_query', 'iterate_query', $content);
  273         }
  274         wf("$config_dir/$configfile", $content);
  275 
  276         exec("chmod 600 $config_dir/$configfile");
  277         exec("chown root:root $config_dir/$configfile");
  278 
  279         // Dovecot shall ignore mounts in website directory
  280         if(is_installed('doveadm')) exec("doveadm mount add '/var/www/*' ignore > /dev/null 2> /dev/null");
  281 
  282     }
  283 
  284     public function configure_amavis() {
  285         global $conf, $dist;
  286 
  287         // amavisd user config file
  288         $configfile = 'fedora_amavisd_conf';
  289         if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf')) copy($conf["amavis"]["config_dir"].'/amavisd.conf', $conf["amavis"]["config_dir"].'/amavisd.conf~');
  290         if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf~')) exec('chmod 400 '.$conf["amavis"]["config_dir"].'/amavisd.conf~');
  291         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/".$configfile.".master");
  292         $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
  293         $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
  294         $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
  295         $content = str_replace('{mysql_server_port}', $conf["mysql"]["port"], $content);
  296         $content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
  297         $content = str_replace('{hostname}', $conf['hostname'], $content);
  298         $content = str_replace('{amavis_config_dir}', $conf['amavis']['config_dir'], $content);
  299         wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content);
  300         chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
  301 
  302         if(!is_file($conf['amavis']['config_dir'].'/60-dkim')) {
  303             touch($conf['amavis']['config_dir'].'/60-dkim');
  304             chmod($conf['amavis']['config_dir'].'/60-dkim', 0640);
  305         }
  306 
  307         // for CentOS 7.2 only
  308         if($dist['confid'] == 'centos72') {
  309             chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0750);
  310             chgrp($conf['amavis']['config_dir'].'/amavisd.conf', 'amavis');
  311             chmod($conf['amavis']['config_dir'].'/60-dkim', 0750);
  312             chgrp($conf['amavis']['config_dir'].'/60-dkim', 'amavis');
  313         }
  314 
  315 
  316         // Adding the amavisd commands to the postfix configuration
  317         $postconf_commands = array (
  318             'content_filter = amavis:[127.0.0.1]:10024',
  319             'receive_override_options = no_address_mappings'
  320         );
  321 
  322         // Make a backup copy of the main.cf file
  323         copy($conf["postfix"]["config_dir"].'/main.cf', $conf["postfix"]["config_dir"].'/main.cf~2');
  324 
  325         // Executing the postconf commands
  326         foreach($postconf_commands as $cmd) {
  327             $command = "postconf -e '$cmd'";
  328             caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  329         }
  330 
  331         $config_dir = $conf['postfix']['config_dir'];
  332 
  333         // Adding amavis-services to the master.cf file if the service does not already exists
  334         $add_amavis = !$this->get_postfix_service('amavis','unix');
  335         $add_amavis_10025 = !$this->get_postfix_service('127.0.0.1:10025','inet');
  336         $add_amavis_10027 = !$this->get_postfix_service('127.0.0.1:10027','inet');
  337 
  338         if ($add_amavis || $add_amavis_10025 || $add_amavis_10027) {
  339             //* backup master.cf
  340             if(is_file($config_dir.'/master.cf')) copy($config_dir.'/master.cf', $config_dir.'/master.cf~');
  341             // adjust amavis-config
  342             if($add_amavis) {
  343                 $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis.master', 'tpl/master_cf_amavis.master');
  344                 af($config_dir.'/master.cf', $content);
  345                 unset($content);
  346             }
  347             if ($add_amavis_10025) {
  348                 $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10025.master', 'tpl/master_cf_amavis10025.master');
  349                 af($config_dir.'/master.cf', $content);
  350                 unset($content);
  351             }
  352             if ($add_amavis_10027) {
  353                 $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10027.master', 'tpl/master_cf_amavis10027.master');
  354                 af($config_dir.'/master.cf', $content);
  355                 unset($content);
  356             }
  357         }
  358 
  359         removeLine('/etc/sysconfig/freshclam', 'FRESHCLAM_DELAY=disabled-warn   # REMOVE ME', 1);
  360         replaceLine('/etc/freshclam.conf', 'Example', '# Example', 1);
  361 
  362         // Add the clamav user to the vscan group
  363         //exec('groupmod --add-user clamav vscan');
  364 
  365 
  366     }
  367 
  368     public function configure_spamassassin()
  369     {
  370         global $conf;
  371 
  372         //* Enable spamasasssin on debian and ubuntu
  373         /*
  374         $configfile = '/etc/default/spamassassin';
  375         if(is_file($configfile)){
  376             copy($configfile, $configfile.'~');
  377         }
  378         $content = rf($configfile);
  379         $content = str_replace('ENABLED=0', 'ENABLED=1', $content);
  380         wf($configfile, $content);
  381         */
  382     }
  383 
  384     public function configure_getmail()
  385     {
  386         global $conf;
  387 
  388         $config_dir = $conf['getmail']['config_dir'];
  389 
  390         if(!is_dir($config_dir)) exec("mkdir -p ".escapeshellcmd($config_dir));
  391 
  392         $command = "useradd -d $config_dir getmail";
  393         if(!is_user('getmail')) caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  394 
  395         $command = "chown -R getmail $config_dir";
  396         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  397 
  398         $command = "chmod -R 700 $config_dir";
  399         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  400     }
  401 
  402 
  403     public function configure_pureftpd()
  404     {
  405         global $conf;
  406 
  407         $config_dir = $conf['pureftpd']['config_dir'];
  408 
  409         //* configure pam for SMTP authentication agains the ispconfig database
  410         $configfile = 'pureftpd-mysql.conf';
  411         if(is_file("$config_dir/$configfile")){
  412             copy("$config_dir/$configfile", "$config_dir/$configfile~");
  413         }
  414         if(is_file("$config_dir/$configfile~")){
  415             exec("chmod 400 $config_dir/$configfile~");
  416         }
  417         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/pureftpd_mysql.conf.master', 'tpl/pureftpd_mysql.conf.master');
  418         $content = str_replace('{mysql_server_ispconfig_user}', $conf["mysql"]["ispconfig_user"], $content);
  419         $content = str_replace('{mysql_server_ispconfig_password}', $conf["mysql"]["ispconfig_password"], $content);
  420         $content = str_replace('{mysql_server_database}', $conf["mysql"]["database"], $content);
  421         $content = str_replace('{mysql_server_ip}', $conf["mysql"]["ip"], $content);
  422         $content = str_replace('{server_id}', $conf["server_id"], $content);
  423         wf("$config_dir/$configfile", $content);
  424         exec("chmod 600 $config_dir/$configfile");
  425         exec("chown root:root $config_dir/$configfile");
  426 
  427         // copy our customized copy of pureftpd.conf to the pure-ftpd config directory
  428         if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_pureftpd_conf.master')) {
  429             exec("cp " . $conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_pureftpd_conf.master ' . "$config_dir/pure-ftpd.conf");
  430         }else {
  431             exec("cp tpl/fedora_pureftpd_conf.master $config_dir/pure-ftpd.conf");
  432         }
  433 
  434     }
  435 
  436     public function configure_mydns()
  437     {
  438         global $conf;
  439 
  440         // configure mydns
  441         $configfile = 'mydns.conf';
  442         if(is_file($conf["mydns"]["config_dir"].'/'.$configfile)) copy($conf["mydns"]["config_dir"].'/'.$configfile, $conf["mydns"]["config_dir"].'/'.$configfile.'~');
  443         if(is_file($conf["mydns"]["config_dir"].'/'.$configfile.'~')) exec('chmod 400 '.$conf["mydns"]["config_dir"].'/'.$configfile.'~');
  444         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/".$configfile.".master");
  445         $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
  446         $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
  447         $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
  448         $content = str_replace('{mysql_server_host}', $conf["mysql"]["host"], $content);
  449         $content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
  450         $content = str_replace('{server_id}', $conf["server_id"], $content);
  451         wf($conf["mydns"]["config_dir"].'/'.$configfile, $content);
  452         exec('chmod 600 '.$conf["mydns"]["config_dir"].'/'.$configfile);
  453         exec('chown root:root '.$conf["mydns"]["config_dir"].'/'.$configfile);
  454 
  455     }
  456 
  457     public function configure_bind() {
  458         global $conf;
  459 
  460         // add the include line at the end of named.conf.
  461         replaceLine('/etc/named.conf', 'include "/etc/named.conf.local";', 'include "/etc/named.conf.local";', 0, 1);
  462 
  463         //* Check if the zonefile directory has a slash at the end
  464         $content=$conf['bind']['bind_zonefiles_dir'];
  465         if(substr($content, -1, 1) != '/') {
  466             $content .= '/';
  467         }
  468 
  469         //* Create the slave subdirectory
  470         $content .= 'slave';
  471         $content_mkdir = 'mkdir -p '.$content;
  472         exec($content_mkdir);
  473 
  474         //* Chown the slave subdirectory to $conf['bind']['bind_user']
  475         exec('chown '.$conf['bind']['bind_user'].':'.$conf['bind']['bind_group'].' '.$content);
  476         exec('chmod 2770 '.$content);
  477 
  478     }
  479 
  480     public function configure_apache()
  481     {
  482         global $conf;
  483 
  484         if($conf['apache']['installed'] == false) return;
  485         if(is_file('/etc/suphp.conf')) {
  486             //replaceLine('/etc/suphp.conf','php=php:/usr/bin','x-httpd-suphp=php:/usr/bin/php-cgi',0);
  487             replaceLine('/etc/suphp.conf', 'docroot=', 'docroot=/var/www', 0);
  488             replaceLine('/etc/suphp.conf', 'umask=0077', 'umask=0022', 0);
  489         }
  490 
  491         //* Create the logging directory for the vhost logfiles
  492         exec('mkdir -p /var/log/ispconfig/httpd');
  493 
  494         // Sites enabled and avaulable dirs
  495         exec('mkdir -p '.$conf['apache']['vhost_conf_enabled_dir']);
  496         exec('mkdir -p '.$conf['apache']['vhost_conf_dir']);
  497 
  498         $content = rf('/etc/httpd/conf/httpd.conf');
  499         if(!stristr($content, 'Include /etc/httpd/conf/sites-enabled/')) {
  500             af('/etc/httpd/conf/httpd.conf', "\nNameVirtualHost *:80\nNameVirtualHost *:443\nInclude /etc/httpd/conf/sites-enabled/\n\n");
  501         }
  502         unset($content);
  503 
  504         //* Copy the ISPConfig configuration include
  505         $vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
  506         $vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
  507 
  508         $tpl = new tpl('apache_ispconfig.conf.master');
  509         $tpl->setVar('apache_version',getapacheversion());
  510 
  511         if($this->is_update == true) {
  512             $tpl->setVar('logging',get_logging_state());
  513         } else {
  514             $tpl->setVar('logging','yes');
  515         }
  516 
  517         $records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);
  518         $ip_addresses = array();
  519 
  520         if(is_array($records) && count($records) > 0) {
  521             foreach($records as $rec) {
  522                 if($rec['ip_type'] == 'IPv6') {
  523                     $ip_address = '['.$rec['ip_address'].']';
  524                 } else {
  525                     $ip_address = $rec['ip_address'];
  526                 }
  527                 $ports = explode(',', $rec['virtualhost_port']);
  528                 if(is_array($ports)) {
  529                     foreach($ports as $port) {
  530                         $port = intval($port);
  531                         if($port > 0 && $port < 65536 && $ip_address != '') {
  532                             $ip_addresses[] = array('ip_address' => $ip_address, 'port' => $port);
  533                         }
  534                     }
  535                 }
  536             }
  537         }
  538 
  539         if(count($ip_addresses) > 0) $tpl->setLoop('ip_adresses',$ip_addresses);
  540 
  541         wf($vhost_conf_dir.'/ispconfig.conf', $tpl->grab());
  542         unset($tpl);
  543 
  544         if(!@is_link($vhost_conf_enabled_dir."/000-ispconfig.conf")) {
  545             exec("ln -s ".$vhost_conf_dir."/ispconfig.conf ".$vhost_conf_enabled_dir."/000-ispconfig.conf");
  546         }
  547 
  548         //* make sure that webalizer finds its config file when it is directly in /etc
  549         if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
  550             exec('mkdir /etc/webalizer');
  551             exec('ln -s /etc/webalizer.conf /etc/webalizer/webalizer.conf');
  552         }
  553 
  554         if(is_file('/etc/webalizer/webalizer.conf')) {
  555             // Change webalizer mode to incremental
  556             replaceLine('/etc/webalizer/webalizer.conf', '#IncrementalName', 'IncrementalName webalizer.current', 0, 0);
  557             replaceLine('/etc/webalizer/webalizer.conf', '#Incremental', 'Incremental     yes', 0, 0);
  558             replaceLine('/etc/webalizer/webalizer.conf', '#HistoryName', 'HistoryName     webalizer.hist', 0, 0);
  559         }
  560 
  561         //* add a sshusers group
  562         $command = 'groupadd sshusers';
  563         if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  564 
  565     }
  566 
  567     public function configure_nginx(){
  568         global $conf;
  569 
  570         if($conf['nginx']['installed'] == false) return;
  571         //* Create the logging directory for the vhost logfiles
  572         if(!@is_dir($conf['ispconfig_log_dir'].'/httpd')) mkdir($conf['ispconfig_log_dir'].'/httpd', 0755, true);
  573 
  574         // Sites enabled and avaulable dirs
  575         exec('mkdir -p '.$conf['nginx']['vhost_conf_enabled_dir']);
  576         exec('mkdir -p '.$conf['nginx']['vhost_conf_dir']);
  577 
  578         wf('/etc/nginx/conf.d/ispconfig_vhosts.conf', "include /etc/nginx/sites-enabled/*.vhost;");
  579 
  580         //* make sure that webalizer finds its config file when it is directly in /etc
  581         if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
  582             mkdir('/etc/webalizer');
  583             symlink('/etc/webalizer.conf', '/etc/webalizer/webalizer.conf');
  584         }
  585 
  586         if(is_file('/etc/webalizer/webalizer.conf')) {
  587             // Change webalizer mode to incremental
  588             replaceLine('/etc/webalizer/webalizer.conf', '#IncrementalName', 'IncrementalName webalizer.current', 0, 0);
  589             replaceLine('/etc/webalizer/webalizer.conf', '#Incremental', 'Incremental     yes', 0, 0);
  590             replaceLine('/etc/webalizer/webalizer.conf', '#HistoryName', 'HistoryName     webalizer.hist', 0, 0);
  591         }
  592 
  593         // Check the awsatst script
  594         if(!is_dir('/usr/share/awstats/tools')) exec('mkdir -p /usr/share/awstats/tools');
  595         if(!file_exists('/usr/share/awstats/tools/awstats_buildstaticpages.pl') && file_exists('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl')) symlink('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl', '/usr/share/awstats/tools/awstats_buildstaticpages.pl');
  596         if(file_exists('/etc/awstats/awstats.conf.local')) replaceLine('/etc/awstats/awstats.conf.local', 'LogFormat=4', 'LogFormat=1', 0, 1);
  597 
  598         //* add a sshusers group
  599         $command = 'groupadd sshusers';
  600         if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  601 
  602         // add anonymized log option to nginxx.conf file
  603         $nginx_conf_file = $conf['nginx']['config_dir'].'/nginx.conf';
  604         if(is_file($nginx_conf_file)) {
  605             $tmp = file_get_contents($nginx_conf_file);
  606             if(!stristr($tmp, 'log_format anonymized')) {
  607                 copy($nginx_conf_file,$nginx_conf_file.'~');
  608                 replaceLine($nginx_conf_file, 'http {', "http {\n\n".file_get_contents('tpl/nginx_anonlog.master'), 0, 0);
  609             }
  610         }
  611 
  612     }
  613 
  614     public function configure_bastille_firewall()
  615     {
  616         global $conf;
  617 
  618         $dist_init_scripts = $conf['init_scripts'];
  619 
  620         if(is_dir("/etc/Bastille.backup")) caselog("rm -rf /etc/Bastille.backup", __FILE__, __LINE__);
  621         if(is_dir("/etc/Bastille")) caselog("mv -f /etc/Bastille /etc/Bastille.backup", __FILE__, __LINE__);
  622         @mkdir("/etc/Bastille", octdec($directory_mode));
  623         if(is_dir("/etc/Bastille.backup/firewall.d")) caselog("cp -pfr /etc/Bastille.backup/firewall.d /etc/Bastille/", __FILE__, __LINE__);
  624         if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/bastille-firewall.cfg.master')) {
  625             caselog("cp -f " . $conf['ispconfig_install_dir']."/server/conf-custom/install/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
  626         } else {
  627             caselog("cp -f tpl/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
  628         }
  629         caselog("chmod 644 /etc/Bastille/bastille-firewall.cfg", __FILE__, __LINE__);
  630         $content = rf("/etc/Bastille/bastille-firewall.cfg");
  631         $content = str_replace("{DNS_SERVERS}", "", $content);
  632 
  633         $tcp_public_services = '';
  634         $udp_public_services = '';
  635 
  636         $row = $this->db->queryOneRecord('SELECT * FROM ?? WHERE server_id = ?', $conf["mysql"]["database"] . '.firewall', $conf['server_id']);
  637 
  638         if(trim($row["tcp_port"]) != '' || trim($row["udp_port"]) != ''){
  639             $tcp_public_services = trim(str_replace(',', ' ', $row["tcp_port"]));
  640             $udp_public_services = trim(str_replace(',', ' ', $row["udp_port"]));
  641         } else {
  642             $tcp_public_services = '21 22 25 53 80 110 443 3306 8080 10000';
  643             $udp_public_services = '53';
  644         }
  645         if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) {
  646             $tcp_public_services .= ' '.intval($conf['apache']['vhost_port']);
  647             if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ? WHERE server_id = ?", ',' . intval($conf['apache']['vhost_port']), $conf['server_id']);
  648         }
  649 
  650         $content = str_replace("{TCP_PUBLIC_SERVICES}", $tcp_public_services, $content);
  651         $content = str_replace("{UDP_PUBLIC_SERVICES}", $udp_public_services, $content);
  652 
  653         wf("/etc/Bastille/bastille-firewall.cfg", $content);
  654 
  655         if(is_file($dist_init_scripts."/bastille-firewall")) caselog("mv -f $dist_init_scripts/bastille-firewall $dist_init_scripts/bastille-firewall.backup", __FILE__, __LINE__);
  656         caselog("cp -f apps/bastille-firewall $dist_init_scripts", __FILE__, __LINE__);
  657         caselog("chmod 700 $dist_init_scripts/bastille-firewall", __FILE__, __LINE__);
  658 
  659         if(is_file("/sbin/bastille-ipchains")) caselog("mv -f /sbin/bastille-ipchains /sbin/bastille-ipchains.backup", __FILE__, __LINE__);
  660         caselog("cp -f apps/bastille-ipchains /sbin", __FILE__, __LINE__);
  661         caselog("chmod 700 /sbin/bastille-ipchains", __FILE__, __LINE__);
  662 
  663         if(is_file("/sbin/bastille-netfilter")) caselog("mv -f /sbin/bastille-netfilter /sbin/bastille-netfilter.backup", __FILE__, __LINE__);
  664         caselog("cp -f apps/bastille-netfilter /sbin", __FILE__, __LINE__);
  665         caselog("chmod 700 /sbin/bastille-netfilter", __FILE__, __LINE__);
  666 
  667         if(!@is_dir('/var/lock/subsys')) caselog("mkdir /var/lock/subsys", __FILE__, __LINE__);
  668 
  669         exec("which ipchains &> /dev/null", $ipchains_location, $ret_val);
  670         if(!is_file("/sbin/ipchains") && !is_link("/sbin/ipchains") && $ret_val == 0) phpcaselog(@symlink(shell_exec("which ipchains"), "/sbin/ipchains"), 'create symlink', __FILE__, __LINE__);
  671         unset($ipchains_location);
  672         exec("which iptables &> /dev/null", $iptables_location, $ret_val);
  673         if(!is_file("/sbin/iptables") && !is_link("/sbin/iptables") && $ret_val == 0) phpcaselog(@symlink(trim(shell_exec("which iptables")), "/sbin/iptables"), 'create symlink', __FILE__, __LINE__);
  674         unset($iptables_location);
  675 
  676     }
  677 
  678     public function install_ispconfig()
  679     {
  680         global $conf;
  681 
  682         $install_dir = $conf['ispconfig_install_dir'];
  683 
  684         //* Create the ISPConfig installation directory
  685         if(!@is_dir("$install_dir")) {
  686             $command = "mkdir $install_dir";
  687             caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  688         }
  689 
  690         //* Create a ISPConfig user and group
  691         $command = 'groupadd ispconfig';
  692         if(!is_group('ispconfig')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  693 
  694         $command = "useradd -g ispconfig -d $install_dir ispconfig";
  695         if(!is_user('ispconfig')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  696 
  697         //* copy the ISPConfig interface part
  698         $command = "cp -rf ../interface $install_dir";
  699         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  700 
  701         //* copy the ISPConfig server part
  702         $command = "cp -rf ../server $install_dir";
  703         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  704 
  705         //* Make a backup of the security settings
  706         if(is_file('/usr/local/ispconfig/security/security_settings.ini')) copy('/usr/local/ispconfig/security/security_settings.ini','/usr/local/ispconfig/security/security_settings.ini~');
  707 
  708         //* copy the ISPConfig security part
  709         $command = 'cp -rf ../security '.$install_dir;
  710         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  711 
  712         $configfile = 'security_settings.ini';
  713         if(is_file($install_dir.'/security/'.$configfile)) {
  714             copy($install_dir.'/security/'.$configfile, $install_dir.'/security/'.$configfile.'~');
  715         }
  716         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
  717         wf($install_dir.'/security/'.$configfile, $content);
  718 
  719         //* Create a symlink, so ISPConfig is accessible via web
  720         // Replaced by a separate vhost definition for port 8080
  721         // $command = "ln -s $install_dir/interface/web/ /var/www/ispconfig";
  722         // caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  723 
  724         //* Create the config file for ISPConfig interface
  725         $configfile = 'config.inc.php';
  726         if(is_file($install_dir.'/interface/lib/'.$configfile)){
  727             copy("$install_dir/interface/lib/$configfile", "$install_dir/interface/lib/$configfile~");
  728         }
  729         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
  730         $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
  731         $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
  732         $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
  733         $content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
  734         $content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
  735 
  736         $content = str_replace('{mysql_master_server_ispconfig_user}', $conf['mysql']['master_ispconfig_user'], $content);
  737         $content = str_replace('{mysql_master_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content);
  738         $content = str_replace('{mysql_master_server_database}', $conf['mysql']['master_database'], $content);
  739         $content = str_replace('{mysql_master_server_host}', $conf['mysql']['master_host'], $content);
  740         $content = str_replace('{mysql_master_server_port}', $conf['mysql']['master_port'], $content);
  741 
  742         $content = str_replace('{server_id}', $conf['server_id'], $content);
  743         $content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
  744         $content = str_replace('{language}', $conf['language'], $content);
  745         $content = str_replace('{timezone}', $conf['timezone'], $content);
  746         $content = str_replace('{theme}', $conf['theme'], $content);
  747         $content = str_replace('{language_file_import_enabled}', ($conf['language_file_import_enabled'] == true)?'true':'false', $content);
  748 
  749         wf("$install_dir/interface/lib/$configfile", $content);
  750 
  751         //* Create the config file for ISPConfig server
  752         $configfile = 'config.inc.php';
  753         if(is_file($install_dir.'/server/lib/'.$configfile)){
  754             copy("$install_dir/server/lib/$configfile", "$install_dir/interface/lib/$configfile~");
  755         }
  756         $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', "tpl/$configfile.master");
  757         $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
  758         $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
  759         $content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
  760         $content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
  761         $content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
  762 
  763         $content = str_replace('{mysql_master_server_ispconfig_user}', $conf['mysql']['master_ispconfig_user'], $content);
  764         $content = str_replace('{mysql_master_server_ispconfig_password}', $conf['mysql']['master_ispconfig_password'], $content);
  765         $content = str_replace('{mysql_master_server_database}', $conf['mysql']['master_database'], $content);
  766         $content = str_replace('{mysql_master_server_host}', $conf['mysql']['master_host'], $content);
  767         $content = str_replace('{mysql_master_server_port}', $conf['mysql']['master_port'], $content);
  768 
  769         $content = str_replace('{server_id}', $conf['server_id'], $content);
  770         $content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
  771         $content = str_replace('{language}', $conf['language'], $content);
  772         $content = str_replace('{timezone}', $conf['timezone'], $content);
  773         $content = str_replace('{theme}', $conf['theme'], $content);
  774         $content = str_replace('{language_file_import_enabled}', ($conf['language_file_import_enabled'] == true)?'true':'false', $content);
  775 
  776         wf("$install_dir/server/lib/$configfile", $content);
  777 
  778         //* Create the config file for remote-actions (but only, if it does not exist, because
  779         //  the value is a autoinc-value and so changed by the remoteaction_core_module
  780         if (!file_exists($install_dir.'/server/lib/remote_action.inc.php')) {
  781             $content = '<?php' . "\n" . '$maxid_remote_action = 0;' . "\n" . '?>';
  782             wf($install_dir.'/server/lib/remote_action.inc.php', $content);
  783         }
  784 
  785         //* Enable the server modules and plugins.
  786         // TODO: Implement a selector which modules and plugins shall be enabled.
  787         $dir = $install_dir.'/server/mods-available/';
  788         if (is_dir($dir)) {
  789             if ($dh = opendir($dir)) {
  790                 while (($file = readdir($dh)) !== false) {
  791                     if($file != '.' && $file != '..' && substr($file, -8, 8) == '.inc.php') {
  792                         include_once $install_dir.'/server/mods-available/'.$file;
  793                         $module_name = substr($file, 0, -8);
  794                         $tmp = new $module_name;
  795                         if($tmp->onInstall()) {
  796                             if(!@is_link($install_dir.'/server/mods-enabled/'.$file)) @symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-enabled/'.$file);
  797                             if (strpos($file, '_core_module') !== false) {
  798                                 if(!@is_link($install_dir.'/server/mods-core/'.$file)) @symlink($install_dir.'/server/mods-available/'.$file, $install_dir.'/server/mods-core/'.$file);
  799                             }
  800                         }
  801                         unset($tmp);
  802                     }
  803                 }
  804                 closedir($dh);
  805             }
  806         }
  807 
  808         $dir = $install_dir.'/server/plugins-available/';
  809         if (is_dir($dir)) {
  810             if ($dh = opendir($dir)) {
  811                 while (($file = readdir($dh)) !== false) {
  812                     if($conf['apache']['installed'] == true && $file == 'nginx_plugin.inc.php') continue;
  813                     if($conf['nginx']['installed'] == true && $file == 'apache2_plugin.inc.php') continue;
  814                     if($file != '.' && $file != '..' && substr($file, -8, 8) == '.inc.php') {
  815                         include_once $install_dir.'/server/plugins-available/'.$file;
  816                         $plugin_name = substr($file, 0, -8);
  817                         $tmp = new $plugin_name;
  818                         if($tmp->onInstall()) {
  819                             if(!@is_link($install_dir.'/server/plugins-enabled/'.$file)) @symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-enabled/'.$file);
  820                             if (strpos($file, '_core_plugin') !== false) {
  821                                 if(!@is_link($install_dir.'/server/plugins-core/'.$file)) @symlink($install_dir.'/server/plugins-available/'.$file, $install_dir.'/server/plugins-core/'.$file);
  822                             }
  823                         }
  824                         unset($tmp);
  825                     }
  826                 }
  827                 closedir($dh);
  828             }
  829         }
  830 
  831         // Update the server config
  832         $mail_server_enabled = ($conf['services']['mail'])?1:0;
  833         $web_server_enabled = ($conf['services']['web'])?1:0;
  834         $dns_server_enabled = ($conf['services']['dns'])?1:0;
  835         $file_server_enabled = ($conf['services']['file'])?1:0;
  836         $db_server_enabled = ($conf['services']['db'])?1:0;
  837         $vserver_server_enabled = ($conf['services']['vserver'])?1:0;
  838         $sql = "UPDATE `server` SET mail_server = ?, web_server = ?, dns_server = ?, file_server = ?, db_server = ?, vserver_server = ? WHERE server_id = ?";
  839 
  840         $this->db->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
  841         if($conf['mysql']['master_slave_setup'] == 'y') {
  842             $this->dbmaster->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
  843         }
  844 
  845         // chown install dir to root and chmod 755
  846         $command = 'chown root:root '.$install_dir;
  847         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  848         $command = 'chmod 755 '.$install_dir;
  849         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  850 
  851         //* Chmod the files and directories in the install dir
  852         $command = 'chmod -R 750 '.$install_dir.'/*';
  853         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  854 
  855         //* chown the interface files to the ispconfig user and group
  856         $command = 'chown -R ispconfig:ispconfig '.$install_dir.'/interface';
  857         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  858 
  859         //* chown the server files to the root user and group
  860         $command = 'chown -R root:root '.$install_dir.'/server';
  861         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  862 
  863         //* chown the security files to the root user and group
  864         $command = 'chown -R root:root '.$install_dir.'/security';
  865         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  866 
  867         //* chown the security directory and security_settings.ini to root:ispconfig
  868         $command = 'chown root:ispconfig '.$install_dir.'/security/security_settings.ini';
  869         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  870         $command = 'chown root:ispconfig '.$install_dir.'/security';
  871         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  872         $command = 'chown root:ispconfig '.$install_dir.'/security/ids.whitelist';
  873         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  874         $command = 'chown root:ispconfig '.$install_dir.'/security/ids.htmlfield';
  875         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  876         $command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
  877         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  878         $command = 'chown root:ispconfig '.$install_dir.'/security/nginx_directives.blacklist';
  879         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  880 
  881         //* Make the global language file directory group writable
  882         exec("chmod -R 770 $install_dir/interface/lib/lang");
  883 
  884         //* Make the temp directory for language file exports writable
  885         exec("chmod -R 770 $install_dir/interface/web/temp");
  886 
  887         //* Make all interface language file directories group writable
  888         $handle = @opendir($install_dir.'/interface/web');
  889         while ($file = @readdir($handle)) {
  890             if ($file != '.' && $file != '..') {
  891                 if(@is_dir($install_dir.'/interface/web'.'/'.$file.'/lib/lang')) {
  892                     $handle2 = opendir($install_dir.'/interface/web'.'/'.$file.'/lib/lang');
  893                     chmod($install_dir.'/interface/web'.'/'.$file.'/lib/lang', 0770);
  894                     while ($lang_file = @readdir($handle2)) {
  895                         if ($lang_file != '.' && $lang_file != '..') {
  896                             chmod($install_dir.'/interface/web'.'/'.$file.'/lib/lang/'.$lang_file, 0770);
  897                         }
  898                     }
  899                 }
  900             }
  901         }
  902 
  903         //* Make the APS directories group writable
  904         exec("chmod -R 770 $install_dir/interface/web/sites/aps_meta_packages");
  905         exec("chmod -R 770 $install_dir/server/aps_packages");
  906 
  907         //* make sure that the server config file (not the interface one) is only readable by the root user
  908         chmod($install_dir.'/server/lib/config.inc.php', 0600);
  909         chown($install_dir.'/server/lib/config.inc.php', 'root');
  910         chgrp($install_dir.'/server/lib/config.inc.php', 'root');
  911 
  912         //* Make sure thet the interface config file is readable by user ispconfig only
  913         chmod($install_dir.'/interface/lib/config.inc.php', 0600);
  914         chown($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
  915         chgrp($install_dir.'/interface/lib/config.inc.php', 'ispconfig');
  916 
  917         if(@is_file("$install_dir/server/lib/mysql_clientdb.conf")) {
  918             exec("chmod 600 $install_dir/server/lib/mysql_clientdb.conf");
  919             exec("chown root:root $install_dir/server/lib/mysql_clientdb.conf");
  920         }
  921 
  922         if(is_dir($install_dir.'/interface/invoices')) {
  923             exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
  924             exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
  925         }
  926 
  927         exec('chown -R root:root /usr/local/ispconfig/interface/ssl');
  928 
  929         // TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing
  930         // and must be fixed as this will allow the apache user to read the ispconfig files.
  931         // Later this must run as own apache server or via suexec!
  932         if($conf['apache']['installed'] == true){
  933             $command = 'usermod -a -G ispconfig '.$conf['apache']['user'];
  934             caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  935             if(is_group('ispapps')){
  936                 $command = 'usermod -a -G ispapps '.$conf['apache']['user'];
  937                 caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  938             }
  939         }
  940         if($conf['nginx']['installed'] == true){
  941             $command = 'usermod -a -G ispconfig '.$conf['nginx']['user'];
  942             caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  943             if(is_group('ispapps')){
  944                 $command = 'usermod -a -G ispapps '.$conf['nginx']['user'];
  945                 caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  946             }
  947         }
  948 
  949         //* Make the shell scripts executable
  950         $command = "chmod +x $install_dir/server/scripts/*.sh";
  951         caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
  952 
  953         if ($this->install_ispconfig_interface == true && isset($conf['interface_password']) && $conf['interface_password']!='admin') {
  954             $sql = "UPDATE sys_user SET passwort = ? WHERE username = 'admin';";
  955             $this->db->query($sql, $this->crypt_password($conf['interface_password']));
  956         }
  957 
  958         if($conf['apache']['installed'] == true && $this->install_ispconfig_interface == true){
  959             //* Copy the ISPConfig vhost for the controlpanel
  960             // TODO: These are missing! should they be "vhost_dist_*_dir" ?
  961             $vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
  962             $vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
  963 
  964 
  965             // Dont just copy over the virtualhost template but add some custom settings
  966             $tpl = new tpl('apache_ispconfig.vhost.master');
  967             $tpl->setVar('vhost_port',$conf['apache']['vhost_port']);
  968 
  969             // comment out the listen directive if port is 80 or 443
  970             if($conf['apache']['vhost_port'] == 80 or $conf['apache']['vhost_port'] == 443) {
  971                 $tpl->setVar('vhost_port_listen','#');
  972             } else {
  973                 $tpl->setVar('vhost_port_listen','');
  974             }
  975 
  976             if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
  977                 $tpl->setVar('ssl_comment','');
  978             } else {
  979                 $tpl->setVar('ssl_comment','#');
  980             }
  981             if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key') && is_file($install_dir.'/interface/ssl/ispserver.bundle')) {
  982                 $tpl->setVar('ssl_bundle_comment','');
  983             } else {
  984                 $tpl->setVar('ssl_bundle_comment','#');
  985             }
  986 
  987             $tpl->setVar('apache_version',getapacheversion());
  988 
  989             wf($vhost_conf_dir.'/ispconfig.vhost', $tpl->grab());
  990 
  991             //copy('tpl/apache_ispconfig.vhost.master', "$vhost_conf_dir/ispconfig.vhost");
  992             //* and create the symlink
  993             //if($this->is_update == false) {
  994             if(@is_link("$vhost_conf_enabled_dir/ispconfig.vhost")) unlink("$vhost_conf_enabled_dir/ispconfig.vhost");
  995             if(!@is_link("$vhost_conf_enabled_dir/000-ispconfig.vhost")) {
  996                 exec("ln -s $vhost_conf_dir/ispconfig.vhost $vhost_conf_enabled_dir/000-ispconfig.vhost");
  997             }
  998 
  999             $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/apache_ispconfig_fcgi_starter.master', 'tpl/apache_ispconfig_fcgi_starter.master');
 1000             $content = str_replace('{fastcgi_bin}', $conf['fastcgi']['fastcgi_bin'], $content);
 1001             $content = str_replace('{fastcgi_phpini_path}', $conf['fastcgi']['fastcgi_phpini_path'], $content);
 1002             if(!is_dir('/var/www/php-fcgi-scripts/ispconfig')) exec('mkdir -p /var/www/php-fcgi-scripts/ispconfig');
 1003             $this->set_immutable('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter', false);
 1004             wf('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter', $content);
 1005             exec('chmod +x /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');
 1006             if(!is_link('/var/www/ispconfig')) exec('ln -s /usr/local/ispconfig/interface/web /var/www/ispconfig');
 1007             exec('chown -R ispconfig:ispconfig /var/www/php-fcgi-scripts/ispconfig');
 1008             $this->set_immutable('/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter', true);
 1009             //}
 1010             //}
 1011         }
 1012 
 1013         if($conf['nginx']['installed'] == true && $this->install_ispconfig_interface == true){
 1014             //* Copy the ISPConfig vhost for the controlpanel
 1015             $vhost_conf_dir = $conf['nginx']['vhost_conf_dir'];
 1016             $vhost_conf_enabled_dir = $conf['nginx']['vhost_conf_enabled_dir'];
 1017 
 1018             // Dont just copy over the virtualhost template but add some custom settings
 1019             $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/nginx_ispconfig.vhost.master', 'tpl/nginx_ispconfig.vhost.master');
 1020             $content = str_replace('{vhost_port}', $conf['nginx']['vhost_port'], $content);
 1021 
 1022             if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
 1023                 $content = str_replace('{ssl_on}', 'ssl', $content);
 1024                 $content = str_replace('{ssl_comment}', '', $content);
 1025                 $content = str_replace('{fastcgi_ssl}', 'on', $content);
 1026             } else {
 1027                 $content = str_replace('{ssl_on}', '', $content);
 1028                 $content = str_replace('{ssl_comment}', '#', $content);
 1029                 $content = str_replace('{fastcgi_ssl}', 'off', $content);
 1030             }
 1031 
 1032             $socket_dir = escapeshellcmd($conf['nginx']['php_fpm_socket_dir']);
 1033             if(substr($socket_dir, -1) != '/') $socket_dir .= '/';
 1034             if(!is_dir($socket_dir)) exec('mkdir -p '.$socket_dir);
 1035             $fpm_socket = $socket_dir.'ispconfig.sock';
 1036 
 1037             //$content = str_replace('{fpm_port}', $conf['nginx']['php_fpm_start_port'], $content);
 1038             $content = str_replace('{fpm_socket}', $fpm_socket, $content);
 1039 
 1040             wf($vhost_conf_dir.'/ispconfig.vhost', $content);
 1041 
 1042             unset($content);
 1043 
 1044             // PHP-FPM
 1045             // Dont just copy over the php-fpm pool template but add some custom settings
 1046             $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/php_fpm_pool.conf.master', 'tpl/php_fpm_pool.conf.master');
 1047             $content = str_replace('{fpm_pool}', 'ispconfig', $content);
 1048             //$content = str_replace('{fpm_port}', $conf['nginx']['php_fpm_start_port'], $content);
 1049             $content = str_replace('{fpm_socket}', $fpm_socket, $content);
 1050             $content = str_replace('{fpm_user}', 'ispconfig', $content);
 1051             $content = str_replace('{fpm_group}', 'ispconfig', $content);
 1052             wf($conf['nginx']['php_fpm_pool_dir'].'/ispconfig.conf', $content);
 1053 
 1054             //copy('tpl/nginx_ispconfig.vhost.master', $vhost_conf_dir.'/ispconfig.vhost');
 1055             //* and create the symlink
 1056             if($this->is_update == false) {
 1057                 if(@is_link($vhost_conf_enabled_dir.'/ispconfig.vhost')) unlink($vhost_conf_enabled_dir.'/ispconfig.vhost');
 1058                 if(!@is_link($vhost_conf_enabled_dir.'/000-ispconfig.vhost')) {
 1059                     symlink($vhost_conf_dir.'/ispconfig.vhost', $vhost_conf_enabled_dir.'/000-ispconfig.vhost');
 1060                 }
 1061             }
 1062 
 1063             // create symlink from /usr/share/phpmyadmin to /usr/share/phpMyAdmin, if it is installed
 1064             if(!@file_exists('/usr/share/phpmyadmin') && @is_dir('/usr/share/phpMyAdmin')) symlink('/usr/share/phpMyAdmin/', '/usr/share/phpmyadmin');
 1065         }
 1066 
 1067         // Make the Clamav log files readable by ISPConfig
 1068         //exec('chmod +r /var/log/clamav/clamav.log');
 1069         //exec('chmod +r /var/log/clamav/freshclam.log');
 1070 
 1071         //* Install the update script
 1072         if(is_file('/usr/local/bin/ispconfig_update_from_dev.sh')) unlink('/usr/local/bin/ispconfig_update_from_dev.sh');
 1073         exec('chown root /usr/local/ispconfig/server/scripts/update_from_dev.sh');
 1074         exec('chmod 700 /usr/local/ispconfig/server/scripts/update_from_dev.sh');
 1075         exec('chown root /usr/local/ispconfig/server/scripts/update_stable.sh');
 1076         exec('chmod 700 /usr/local/ispconfig/server/scripts/update_stable.sh');
 1077         exec('chown root /usr/local/ispconfig/server/scripts/ispconfig_update.sh');
 1078         exec('chmod 700 /usr/local/ispconfig/server/scripts/ispconfig_update.sh');
 1079         if(!is_link('/usr/local/bin/ispconfig_update_from_dev.sh')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_update.sh /usr/local/bin/ispconfig_update_from_dev.sh');
 1080         if(!is_link('/usr/local/bin/ispconfig_update.sh')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_update.sh /usr/local/bin/ispconfig_update.sh');
 1081 
 1082         // set the fast cgi starter script to executable
 1083         // exec('chmod 755 '.$install_dir.'/interface/bin/php-fcgi');
 1084 
 1085         //* Make the logs readable for the ispconfig user
 1086         if(@is_file('/var/log/maillog')) exec('chmod +r /var/log/maillog');
 1087         //if(@is_file('/var/log/mail.warn')) exec('chmod +r /var/log/mail.warn');
 1088         //if(@is_file('/var/log/mail.err')) exec('chmod +r /var/log/mail.err');
 1089         if(@is_file('/var/log/messages')) exec('chmod +r /var/log/messages');
 1090 
 1091         //To enable apache to read the directories
 1092         // exec('chmod a+rx /usr/local/ispconfig');
 1093         // exec('chmod -R 751 /usr/local/ispconfig/interface');
 1094         // exec('chmod a+rx /usr/local/ispconfig/interface/web');
 1095 
 1096         //* Create the ispconfig log directory
 1097         if(!is_dir($conf['ispconfig_log_dir'])) mkdir($conf['ispconfig_log_dir']);
 1098         if(!is_file($conf['ispconfig_log_dir'].'/ispconfig.log')) exec('touch '.$conf['ispconfig_log_dir'].'/ispconfig.log');
 1099         chmod($conf['ispconfig_log_dir'].'/ispconfig.log', 0600);
 1100 
 1101         if(is_user('getmail')) {
 1102             exec('mv /usr/local/ispconfig/server/scripts/run-getmail.sh /usr/local/bin/run-getmail.sh');
 1103             exec('chown getmail /usr/local/bin/run-getmail.sh');
 1104             exec('chmod 744 /usr/local/bin/run-getmail.sh');
 1105         }
 1106 
 1107         // Edit the file Edit the file /etc/sudoers and comment out the requiregetty line, otherwise the backup function will fail
 1108         replaceLine('/etc/sudoers', 'Defaults    requiretty', '#Defaults    requiretty', 0, 0);
 1109 
 1110         if(is_dir($install_dir.'/interface/invoices')) {
 1111             exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
 1112             exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
 1113         }
 1114 
 1115         //* Create the ispconfig auth log file and set uid/gid
 1116         if(!is_file($conf['ispconfig_log_dir'].'/auth.log')) {
 1117             touch($conf['ispconfig_log_dir'].'/auth.log');
 1118         }
 1119         exec('chown ispconfig:ispconfig '. $conf['ispconfig_log_dir'].'/auth.log');
 1120         exec('chmod 660 '. $conf['ispconfig_log_dir'].'/auth.log');
 1121 
 1122         //* Remove Domain module as its functions are available in the client module now
 1123         if(@is_dir('/usr/local/ispconfig/interface/web/domain')) exec('rm -rf /usr/local/ispconfig/interface/web/domain');
 1124 
 1125         // Add symlink for patch tool
 1126         if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch');
 1127 
 1128         // Change mode of a few files from amavisd
 1129         if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640);
 1130         if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);
 1131         if(is_file($conf['amavis']['config_dir'].'/amavisd.conf')) chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
 1132         if(is_file($conf['amavis']['config_dir'].'/amavisd.conf~')) chmod($conf['amavis']['config_dir'].'/amavisd.conf~', 0400);
 1133     }
 1134 }
 1135 
 1136 ?>