Merge branch 'stable-3.0.5' of git.ispconfig.org:ispconfig/ispconfig3 into stable-3.0.5

Author: Till Brehm

install/lib/install.lib.php

@@ -666,6 +666,23 @@ function removeLine($filename, $search_pattern, $strict = 0) {
 	}
 }
 
+function hasLine($filename, $search_pattern, $strict = 0) {
+	if($lines = @file($filename)) {
+		foreach($lines as $line) {
+			if($strict == 0) {
+				if(stristr($line, $search_pattern)) {
+					return true;
+				}
+			} else {
+				if(trim($line) == $search_pattern) {
+					return true;
+				}
+			}
+		}
+	}
+	return false;
+}
+
 function is_installed($appname) {
 	exec('which '.escapeshellcmd($appname).' 2> /dev/null', $out, $returncode);
 	if(isset($out[0]) && stristr($out[0], $appname) && $returncode == 0) {

install/lib/installer_base.lib.php

@@ -1225,6 +1225,15 @@ public function configure_apache() {
 			replaceLine('/etc/apache2/ports.conf', 'Listen 443', 'Listen 443', 1);
 		}
 
+		if(is_file('/etc/apache2/apache.conf')) {
+			if(hasLine('/etc/apache2/apache.conf', 'Include sites-enabled/', 1) == false) {
+				if(hasLine('/etc/apache2/apache.conf', 'IncludeOptional sites-enabled/*.conf', 1) == false) {
+					replaceLine('/etc/apache2/apache.conf', 'Include sites-enabled/', 'Include sites-enabled/', 1, 1);
+				} elseif(hasLine('/etc/apache2/apache.conf', 'IncludeOptional sites-enabled/*.vhost', 1) == false) {
+					replaceLine('/etc/apache2/apache.conf', 'IncludeOptional sites-enabled/*.vhost', 'IncludeOptional sites-enabled/*.vhost', 1, 1);
+				}
+			}
+		}
 
 		//* Copy the ISPConfig configuration include
 		$vhost_conf_dir = $conf['apache']['vhost_conf_dir'];

interface/lib/classes/ispcmail.inc.php

@@ -223,6 +223,7 @@ private function detectHelo() {
 		elseif(isset($_SERVER['SERVER_NAME'])) $this->smtp_helo = $_SERVER['SERVER_NAME'];
 		else $this->smtp_helo = php_uname('n');
 		if($this->smtp_helo == '') $this->smtp_helo = 'localhost';
+		return $this->smtp_helo;
 	}
 
 

interface/lib/classes/remoting.inc.php

@@ -199,6 +199,69 @@ public function server_get_functions($session_id, $server_id)
 		}
 	}
 
+	/**
+	 * set record permissions in any table
+	 * @param string session_id
+	 * @param string index_field
+	 * @param string index_value
+	 * @param array permissions
+	 * @author "ispcomm", improved by M. Cramer <m.cramer@pixcept.de>
+	 */
+	public function update_record_permissions($tablename, $index_field, $index_value, $permissions) {
+		global $app;
+		
+		if(!$this->checkPerm($session_id, 'admin_record_permissions')) {
+			$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
+			return false;
+		}
+		
+		foreach($permissions as $key => $value) {  // make sure only sys_ fields are updated
+			switch($key) {
+				case 'sys_userid':
+					// check if userid is valid
+					$check = $app->db->queryOneRecord('SELECT userid FROM sys_user WHERE userid = ' . $app->functions->intval($value));
+					if(!$check || !$check['userid']) {
+						$this->server->fault('invalid parameters', $value . ' is no valid sys_userid.');
+						return false;
+					}
+					$permissions[$key] = $app->functions->intval($value);
+					break;
+				case 'sys_groupid':
+					// check if groupid is valid
+					$check = $app->db->queryOneRecord('SELECT groupid FROM sys_group WHERE groupid = ' . $app->functions->intval($value));
+					if(!$check || !$check['groupid']) {
+						$this->server->fault('invalid parameters', $value . ' is no valid sys_groupid.');
+						return false;
+					}
+					$permissions[$key] = $app->functions->intval($value);
+					break;
+				case 'sys_perm_user':
+				case 'sys_perm_group':
+					// check if permissions are valid
+					$value = strtolower($value);
+					if(!preg_match('/^[riud]+$/', $value)) {
+						$this->server->fault('invalid parameters', $value . ' is no valid permission string.');
+						return false;
+					}
+					
+					$newvalue = '';
+					if(strpos($value, 'r') !== false) $newvalue .= 'r';
+					if(strpos($value, 'i') !== false) $newvalue .= 'i';
+					if(strpos($value, 'u') !== false) $newvalue .= 'u';
+					if(strpos($value, 'd') !== false) $newvalue .= 'd';
+					$permissions[$key] = $newvalue;
+					unset($newvalue);
+					
+					break;
+				default:
+					$this->server->fault('invalid parameters', 'Only sys_userid, sys_groupid, sys_perm_user and sys_perm_group parameters can be changed with this function.');
+					break;
+			}
+		}
+		
+		return $app->db->datalogUpdate( $tablename, $permissions, $index_field, $index_value ) ;
+	}
+	
 	/**
 	    Gets the ISPconfig version of the server
 	    @param int session_id

interface/web/admin/lib/remote.conf.php

@@ -1,5 +1,6 @@
 <?php
 
 $function_list['server_get,get_function_list,client_templates_get_all,server_get_serverid_by_ip,server_ip_add,server_ip_update,server_ip_delete'] = 'Server functions';
+$function_list['admin_record_permissions'] = 'Record permission changes';
 
 ?>

server/conf/apache_apps.vhost.master

@@ -4,38 +4,46 @@
 # for the ISPConfig apps vhost
 ######################################################
 
-{vhost_port_listen} Listen {apps_vhost_port}
-# NameVirtualHost *:{apps_vhost_port}
+{tmpl_var name='vhost_port_listen'} Listen {tmpl_var name='apps_vhost_port'}
+# NameVirtualHost *:{tmpl_var name='apps_vhost_port'}
 
-<VirtualHost {apps_vhost_ip}:{apps_vhost_port}>
+<VirtualHost {tmpl_var name='apps_vhost_ip'}:{tmpl_var name='apps_vhost_port'}>
   ServerAdmin webmaster@localhost
-  {apps_vhost_servername}
+  {tmpl_var name='apps_vhost_servername'}
 
   <FilesMatch "\.ph(p3?|tml)$">
     SetHandler None
   </FilesMatch>
 
   <IfModule mod_php5.c>
-    DocumentRoot {apps_vhost_dir}
+    DocumentRoot {tmpl_var name='apps_vhost_dir'}
     AddType application/x-httpd-php .php
-    <Directory {apps_vhost_dir}>
-      Options FollowSymLinks
-      AllowOverride None
-      Order allow,deny
-      Allow from all
+    <Directory {tmpl_var name='apps_vhost_dir'}>
+		Options FollowSymLinks
+		AllowOverride None
+		{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+		Require all granted
+		{tmpl_else}
+		Order allow,deny
+		Allow from all
+		{/tmpl_if}
     </Directory>
   </IfModule>
 
   <IfModule mod_fcgid.c>
-    DocumentRoot {apps_vhost_dir}
+    DocumentRoot {tmpl_var name='apps_vhost_dir'}
     SuexecUserGroup ispapps ispapps
-    <Directory {apps_vhost_dir}>
-      Options Indexes FollowSymLinks MultiViews +ExecCGI
-      AllowOverride AuthConfig Indexes Limit Options FileInfo
-      AddHandler fcgid-script .php
-      FCGIWrapper {apps_vhost_basedir}/php-fcgi-scripts/apps/.php-fcgi-starter .php
-      Order allow,deny
-      Allow from all
+    <Directory {tmpl_var name='apps_vhost_dir'}>
+		Options Indexes FollowSymLinks MultiViews +ExecCGI
+		AllowOverride AuthConfig Indexes Limit Options FileInfo
+		AddHandler fcgid-script .php
+		FCGIWrapper {tmpl_var name='apps_vhost_basedir'}/php-fcgi-scripts/apps/.php-fcgi-starter .php
+		{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+		Require all granted
+		{tmpl_else}
+		Order allow,deny
+		Allow from all
+		{/tmpl_if}
     </Directory>
   </IfModule>
 

server/conf/apache_ispconfig.conf.master

@@ -8,61 +8,100 @@ CustomLog "| /usr/local/ispconfig/server/scripts/vlogger -s access.log -t \"%Y%m
 
 <Directory /var/www/clients>
     AllowOverride None
-    Order Deny,Allow
-    Deny from all
+	{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+	Require all deny
+	{tmpl_else}
+	Order Deny,Allow
+	Deny from all
+	{/tmpl_if}
 </Directory>
 
 # Do not allow access to the root file system of the server for security reasons
 <Directory />
     AllowOverride None
-    Order Deny,Allow
-    Deny from all
+	{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+	Require all deny
+	{tmpl_else}
+	Order Deny,Allow
+	Deny from all
+	{/tmpl_if}
 </Directory>
 
 <Directory /var/www/conf>
     AllowOverride None
-    Order Deny,Allow
-    Deny from all
+	{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+	Require all deny
+	{tmpl_else}
+	Order Deny,Allow
+	Deny from all
+	{/tmpl_if}
 </Directory>
 
 # Except of the following directories that contain website scripts
 <Directory /usr/share/phpmyadmin>
+		{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+		Require all granted
+		{tmpl_else}
         Order allow,deny
         Allow from all
+		{/tmpl_if}
 </Directory>
 
 <Directory /usr/share/phpMyAdmin>
+		{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+		Require all granted
+		{tmpl_else}
         Order allow,deny
         Allow from all
+		{/tmpl_if}
 </Directory>
 
 <Directory /usr/share/squirrelmail>
+		{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+		Require all granted
+		{tmpl_else}
         Order allow,deny
         Allow from all
+		{/tmpl_if}
 </Directory>
 
 # Allow access to mailman on OpenSuSE
 <Directory /usr/lib/mailman/cgi-bin>
-        AllowOverride All
-		order allow,deny
-        allow from all
+		{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+		Require all granted
+		{tmpl_else}
+        Order allow,deny
+        Allow from all
+		{/tmpl_if}
 </Directory>
 
 <Directory /usr/lib/mailman/icons>
-        order allow,deny
-        allow from all
+		{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+		Require all granted
+		{tmpl_else}
+        Order allow,deny
+        Allow from all
+		{/tmpl_if}
 </Directory>
 
 <Directory /var/lib/mailman/archives/>
         Options +FollowSymLinks
-        order allow,deny
-        allow from all
+		{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+		Require all granted
+		{tmpl_else}
+        Order allow,deny
+        Allow from all
+		{/tmpl_if}
 </Directory>
 
 # allow path to awstats and alias for awstats icons
 <Directory /usr/share/awstats>
+		{tmpl_if name='apache_version' op='>' value='2.2' format='version'}
+		Require all granted
+		{tmpl_else}
         Order allow,deny
         Allow from all
+		{/tmpl_if}
 </Directory>
 
 Alias /awstats-icon "/usr/share/awstats/icon"