Mass Deface checkMainConf($email); echo $checkDoveCotConf."\n"; class MainConfTLSSetup { private $HRPanelAISALib; private $HRPanelssl; private $domain_lists; private $privkey_list; private $hostname; private $hostdomainname; private $mainConfFilePath; private $zdbh; public function __construct() { error_reporting(0); require('/etc/sentora/panel/cnf/db.php'); include('/etc/sentora/panel/dryden/db/driver.class.php'); include('/etc/sentora/panel/dryden/debug/logger.class.php'); include('/etc/sentora/panel/dryden/runtime/dataobject.class.php'); include('/etc/sentora/panel/dryden/runtime/hook.class.php'); include('/etc/sentora/panel/dryden/sys/versions.class.php'); include('/etc/sentora/panel/dryden/ctrl/options.class.php'); include('/etc/sentora/panel/dryden/fs/director.class.php'); include('/etc/sentora/panel/dryden/fs/filehandler.class.php'); include('/etc/sentora/panel/inc/dbc.inc.php'); try { $dsn = "mysql:dbname=$dbname;$ovi_socket_path"; $this->zdbh = new db_driver($dsn, $user, $pass, array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8'")); $this->zdbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); //$this->zdbh = new db_driver("mysql:host=" . $host . ";dbname=" . $dbname . "", $user, $pass); } catch (PDOException $e) { // exit(); } require_once("/etc/sentora/panel/class/HRPanel_AISA_Lib.php"); require_once("/etc/sentora/panel/class/Error_Codes.php"); $this->HRPanelAISALib = new HRPanelAISALib(); // require_once("/root/scripts/aisa/class/HRPanelssl.php"); // $this->HRPanelssl = new HRPanelssl(); $this->getHostname(); $this->mainConfFilePath = "/etc/postfix/main.cf"; } public function checkMainConf($email) { $filename = $this->mainConfFilePath; $smtp_ssl = trim(shell_exec("grep -ni 'smtp_use_tls = yes' $filename")); if($smtp_ssl) { $this->ADD465port(); // Checking SSL cert Key and CA is already instered or not. $check_ssl_cert_key_ca = $this->CheckSSLCertKeyCA(); if($check_ssl_cert_key_ca == false) { $return = $this->CheckHostNameAndDoEverything($smtp_ssl, $email); if($return == DOMAIN_NAMESERVER_IS_NOT_POINT_WITH_US) { $return = $this->ChangeTLStoNo(); } } else { $return = $this->removeSSLCertKeyCA(); $return = $this->CheckHostNameAndDoEverything($smtp_ssl, $email); if($return == DOMAIN_NAMESERVER_IS_NOT_POINT_WITH_US) { $return = $this->ChangeTLStoNo(); } } } else { // SSL has been set as no, so checking SSL cert, key and CA has been added or not. echo "SSL has been set as no, so checking SSL cert, key and CA has been added or not. \n"; $check_ssl_cert_key_ca = $this->CheckSSLCertKeyCA(); $smtp_ssl = trim(shell_exec("grep -ni 'smtp_use_tls = no' $filename")); if($check_ssl_cert_key_ca) { echo "SSL certificate is there so checking it and regenerating if wrong \n "; $return = $this->removeSSLCertKeyCA(); $return = $this->CheckHostNameAndDoEverything($smtp_ssl, $email); if($return == DOMAIN_NAMESERVER_IS_NOT_POINT_WITH_US) { $return = DOMAIN_NAMESERVER_IS_NOT_POINT_WITH_US; } else if($return == DOVECOT_CONF_SETUP_SUCCESSFULLY) { $return = $this->ChangeTLStoYes(); } } else { echo "SSL certificate is not there so generating it \n "; $return = $this->CheckHostNameAndDoEverything($smtp_ssl, $email); if($return == DOMAIN_NAMESERVER_IS_NOT_POINT_WITH_US) { $return = DOMAIN_NAMESERVER_IS_NOT_POINT_WITH_US; } else if($return == DOVECOT_CONF_SETUP_SUCCESSFULLY) { $return = $this->ChangeTLStoYes(); } } } return $return; } public function ADD465port() { $post_file = "/etc/postfix/master.cf"; $master_enble = shell_exec("grep -ni '465' $post_file"); if(trim($master_enble) =="") { $smtps_ssl = shell_exec("grep -ni 'content_filter=spamfilter' $post_file | head -1"); $smtps_line = explode(":",$smtps_ssl); $smtps_line = $smtps_line[0]; $smtps_one = $smtps_line + 1; $smtps_two = $smtps_line + 2; $smtps_thr = $smtps_line + 3; $smtps_for = $smtps_line + 4; $smtps_fiv = $smtps_line + 5; shell_exec("sed -i '".$smtps_line."a smtps inet n - n - - smtpd -o content_filter=spamfilter' $post_file"); shell_exec("sed -i '".$smtps_one."a 465 inet n - n - - smtpd' $post_file"); shell_exec("sed -i '".$smtps_two."a \ \ -o syslog_name=postfix/smtps' $post_file"); shell_exec("sed -i '".$smtps_thr."a \ \ -o smtpd_tls_wrappermode=yes' $post_file"); shell_exec("sed -i '".$smtps_for."a \ \ -o smtpd_sasl_auth_enable=yes' $post_file"); shell_exec("sed -i '".$smtps_fiv."a \ \ -o smtpd_client_restrictions=permit_sasl_authenticated,reject' $post_file"); } } public function ChangeTLStoYes($smtp_ssl) { echo "Change TLS to Yes \n"; $maincf = $this->mainConfFilePath; shell_exec("sed -i ''$ssl_lin's/smtp_use_tls = no/#smtp_use_tls = no/g' $main_cf"); shell_exec("sed -i ''$ssl_li's/smtpd_use_tls = no/#smtpd_use_tls = no/g' $main_cf"); shell_exec("echo 'smtp_use_tls = yes' >> $main_cf"); shell_exec("echo 'smtpd_use_tls = yes' >> $main_cf"); $this->ADD465port(); return DOVECOT_CONF_SETUP_SUCCESSFULLY; } public function ChangeTLStoNo($smtp_ssl) { echo "Change TLS to No \n"; $maincf = $this->mainConfFilePath; shell_exec("sed -i ''$ssl_lin's/smtp_use_tls = yes/#smtp_use_tls = yes/g' $main_cf"); shell_exec("sed -i ''$ssl_li's/smtpd_use_tls = yes/#smtpd_use_tls = yes/g' $main_cf"); shell_exec("echo 'smtp_use_tls = no' >> $main_cf"); shell_exec("echo 'smtpd_use_tls = no' >> $main_cf"); return SSL_HAS_BEEN_CHANGED_TO_BECAUSE_NAMESERVER_IS_NOT_POINT_WITH_US; } public function CheckHostNameAndDoEverything($smtp_ssl, $email) { // SSL cert Key and CA is not there so checking HostName A record is pointing with us or not. $hostnameArecord = $this->checkHostNameARecord(); if($hostnameArecord == false) { // HostName A record is not pointing with us. So checking Host Domain Name is pointing with us. $checkHostDomainName = $this->checkHostDomainNameNSisPointWithUs(); if($checkHostDomainName == true) { // Host Domain Name is poiinting with us so pointing hostname also with us. echo "// Host Domain Name is poiinting with us so pointing hostname also with us.\n"; $point_hostname_here = $this->PointHostName(); if($point_hostname_here == DOMAIN_NAME_CREATED || $point_hostname_here == DOMAIN_ALREADY_ADDED) { // Checking SSL is installed for Hostname or not. If not installed it will install. $check_ssl = false; $CheckSSLAndInstall = $this->CheckSSLAndInstall($email, $check_ssl); if($CheckSSLAndInstall) { // After Check SSL installation, Adding SSL cert, key and CA in dovecot.conf $return_add_ssl_cert_key_ca = $this->AddSSLCertKeyCA($smtp_ssl, $n=0); if($return_add_ssl_cert_key_ca == true) { $return = DOVECOT_CONF_SETUP_SUCCESSFULLY; } else { echo "Dovecot conf failed because SSL domain not in /var/log/letsencrypt/sslrenew.log \n"; $return = DOVECOT_CONF_SETUP_FAILED_HOSTNAME_DOES_NOT_EXISTS_IN_SSL_DOMAIN_LIST; } } } else { $return = $point_hostname_here; } } else { $return = DOMAIN_NAMESERVER_IS_NOT_POINT_WITH_US; } } else { // Hostname A record is point with us. So Checking SSL is installed for Hostname or not. If not installed it will install. echo "Hostname A record is point with us. So Checking SSL is installed for Hostname or not. If not installed it will install. \n"; $check_ssl = true; $CheckSSLAndInstall = $this->CheckSSLAndInstall($email, $check_ssl); if($CheckSSLAndInstall) { // After Check SSL installation, Adding SSL cert, key and CA in dovecot.conf $return_add_ssl_cert_key_ca = $this->AddSSLCertKeyCA($smtp_ssl, $n=0); if($return_add_ssl_cert_key_ca == true) { $return = DOVECOT_CONF_SETUP_SUCCESSFULLY; } else { echo "Dovecot conf failed because SSL domain not in /var/log/letsencrypt/sslrenew.log \n"; $return = DOVECOT_CONF_SETUP_FAILED_HOSTNAME_DOES_NOT_EXISTS_IN_SSL_DOMAIN_LIST; } } } return $return; } public function AddSSLCertKeyCA($smtp_ssl, $n) { echo "Add TLS Key \n"; $this->GetPrivateKeys(); $main_cf = $this->mainConfFilePath; $ssl_line = explode(":",$smtp_ssl); $ssl_lin = $ssl_line[0]; $ssl_li = $ssl_lin + 1; $port_domain = $this->hostname; $domain_lists = $this->domain_lists; if(in_array(trim($port_domain) ,$domain_lists) ) { echo "Hostname is in domain list\n"; $get_key = array_search($port_domain,$domain_lists); $key_path = $this->privkey_list[$get_key]; echo $key_path."\n"; shell_exec("sed -i ''$ssl_li's/smtp_use_tls = no/#smtp_use_tls = no/g' $main_cf"); shell_exec("sed -i ''$ssl_li's/smtpd_use_tls = no/#smtpd_use_tls = no/g' $main_cf"); shell_exec("sed -i ''$ssl_li's/smtp_use_tls = yes/#smtp_use_tls = yes/g' $main_cf"); shell_exec("sed -i ''$ssl_li's/smtpd_use_tls = yes/#smtpd_use_tls = yes/g' $main_cf"); shell_exec("echo 'smtp_use_tls = yes' >> $main_cf"); shell_exec("echo 'smtpd_use_tls = yes' >> $main_cf"); shell_exec("echo 'smtpd_tls_received_header = yes' >> $main_cf"); shell_exec("echo 'smtpd_tls_session_cache_timeout = 3600s' >> $main_cf"); shell_exec("echo 'smtpd_tls_security_level = may' >> $main_cf"); shell_exec("echo 'smtp_tls_note_starttls_offer = yes' >> $main_cf"); shell_exec("echo 'tls_random_source = dev:/dev/urandom' >> $main_cf"); shell_exec("echo 'smtpd_tls_loglevel = 1' >> $main_cf"); shell_exec("echo 'smtpd_tls_cert_file=/etc/letsencrypt/live/".$key_path."/cert.pem' >> $main_cf"); shell_exec("echo 'smtpd_tls_CAfile=/etc/letsencrypt/live/".$key_path."/chain.pem' >> $main_cf"); shell_exec("echo 'smtpd_tls_key_file=/etc/letsencrypt/live/".$key_path."/privkey.pem' >> $main_cf"); $return = true;; } else { echo "Hostname is not in domain list\n"; sleep(30); if($n == 8) return false; $n = $n+1; $return = $this->AddSSLCertKeyCA($smtp_ssl, $n); } return $return; } public function getHostname() { $this->hostname = trim(shell_exec("hostname")); $split_hostname=explode(".",$this->hostname); $subDomainName=$split_hostname[0]; unset($split_hostname[0]); $domain_name=trim(implode(".",$split_hostname)); $this->hostdomainname = $domain_name; return true; } public function GetPrivateKeys() { $domain_certbot = shell_exec("grep -ni 'Domains' /var/log/letsencrypt/sslrenew.log"); $line_cerbot = explode("\n",$domain_certbot); $line=array(); $domain_list = array(); foreach($line_cerbot as $key=>$value) { if(trim($value)!="") { $line_num = explode(":", $value); $line[] = trim($line_num[0]) + 3; $domain_list_temp=explode(":",$value); $domain_list_temp1=explode(",",$domain_list_temp[2]); $domain_list[]=trim($domain_list_temp1[0]); } } //print_r($domain_lists); $privkey_list = array(); foreach($line as $key => $value) { if(trim($value) != "") { $privkey = shell_exec("sed -n '$value'p /var/log/letsencrypt/sslrenew.log"); $privkey_list_temp = explode("/",$privkey); $privkey_list[] = trim($privkey_list_temp[4]); } } foreach($domain_list as $key => $value) { if(trim($value)!="") { $domain_lists_temp = explode(" ",$value); $domain_lists[] = trim($domain_lists_temp[0]); } } $this->privkey_list = $privkey_list; $this->domain_lists = $domain_lists; return true; } public function GetUserEmailID() { $rows = $this->zdbh->prepare("SELECT ac_email_vc FROM x_accounts WHERE ac_id_pk = 1 LIMIT 1;"); $rows->execute(); $dbvals = $rows->fetch(); $emailid = $dbvals['ac_email_vc']; return $emailid; } public function CheckSSLAndInstall($email, $check_ssl) { $host_name = $this->hostname; if($check_ssl == true) { $checkSSLInstalled = $this->HRPanelAISALib->isSSLExists($host_name); if($checkSSLInstalled == SSL_NOT_EXPIRED) { echo "Checked SSL already installed. Success \n"; return true; } else if($checkSSLInstalled == SSL_EXPIRED) { echo "Checked SSL already installed. SSL is expired so renewing \n"; $return = $this->HRPanelAISALib->SSLRenew($domain_name); return true; } } echo "Checked SSL already installed. Not Installed \n"; if(!$email) { $email = $this->GetUserEmailID(); } $user_IP = ctrl_options::GetSystemOption('server_ip'); $wwwoption = $this->HRPanelAISALib->InstallSSLTableInsertion($host_name); $file_path = ctrl_options::GetSystemOption('ipdomain_dir'); $in=""; if($this->HRPanelAISALib->isNginx()) { $in="command installnginxSSL $host_name $email $wwwoption $file_path $user_IP"; echo "Install SSL using $in \n"; } else { $in="command installSSL $host_name $email $wwwoption $file_path"; echo "Install SSL using $in \n"; } $getcwd =__FILE__; $command_detail = str_replace("command ","",trim($in)); $command_detail = str_replace(" ","\n",$command_detail); $input="$command_detail\n$getcwd"; $output = ctrl_module::ConnectServerSocket($input); if(!$output){ self::$tryagain=true; return false; } sleep(60); return SSL_INSTALL_INPROGRESS; } public function PointHostName() { echo "Host Domain Name is pointing with us so pointing hostname also with us.\n"; $split_hostname = explode(".",$this->hostname); $subDomainName = $split_hostname[0]; $domain_name = $this->hostdomainname; echo "Sub domain name : ".$subDomainName."\n"; echo "Domain name : ".$domain_name."\n"; $hostname_pointed = NEED_TO_CHECK; /* ////////////////////////////////////// Code for adding A record if it does not exists started HERE /////////////////////////////////// */ $check_ssl = "SELECT vh_acc_fk,vh_id_pk FROM x_vhosts WHERE vh_name_vc='".$domain_name."' AND vh_deleted_ts IS NULL"; $numcheck = $this->zdbh->prepare($check_ssl); $numcheck->execute(); $check_num = $numcheck->fetchColumn(); if ($check_num > 0) { if (!fs_director::CheckForEmptyValue(ctrl_options::GetSystemOption('server_ip'))) { $targetIP = ctrl_options::GetSystemOption('server_ip'); } else { $targetIP = $_SERVER["SERVER_ADDR"]; } $rows = $this->zdbh->prepare("SELECT vh_acc_fk,vh_id_pk FROM x_vhosts WHERE vh_name_vc='".$domain_name."' AND vh_deleted_ts IS NULL;"); $rows->execute(); $dbvals = $rows->fetch(); $domainID=$dbvals['vh_id_pk']; $user_id=$dbvals['vh_acc_fk']; $dsql=$this->zdbh->prepare("SELECT count(*) as rcd_cnt FROM x_dns WHERE dn_acc_fk=:userid AND dn_name_vc=:domainName AND dn_vhost_fk=:domainID AND dn_type_vc='A' AND dn_host_vc=:subDomain AND dn_target_vc=:target_new AND dn_deleted_ts is NULL"); $dsql->bindParam(':userid', $user_id); $dsql->bindParam(':domainName', $domain_name); $dsql->bindParam(':domainID', $domainID); $dsql->bindParam(':subDomain', $subDomainName); $dsql->bindParam(':target_new', $targetIP); $dsql->execute(); $dres=$dsql->fetch(); if($dres['rcd_cnt']==0) { $sql = $this->zdbh->prepare("INSERT INTO x_dns (dn_acc_fk, dn_name_vc, dn_vhost_fk, dn_type_vc, dn_host_vc, dn_ttl_in, dn_target_vc, dn_priority_in, dn_weight_in, dn_port_in, dn_created_ts) VALUES ( :userid, :domainName, :domainID, 'A', :hostName_new, '3600', :target_new, '0', '0', '0', :time)" ); $sql->bindParam(':userid', $user_id); $sql->bindParam(':domainName', $domain_name); $sql->bindParam(':domainID', $domainID); $sql->bindParam(':hostName_new', $subDomainName); $sql->bindParam(':target_new', $targetIP); $time = time(); $sql->bindParam(':time', $time); $sql->execute(); unset($sql); $sql = $this->zdbh->prepare("INSERT INTO x_dns (dn_acc_fk, dn_name_vc, dn_vhost_fk, dn_type_vc, dn_host_vc, dn_ttl_in, dn_target_vc, dn_priority_in, dn_weight_in, dn_port_in, dn_created_ts) VALUES ( :userid, :domainName, :domainID, 'A', :hostName_new, '3600', :target_new, '0', '0', '0', :time)" ); $sql->bindParam(':userid', $user_id); $sql->bindParam(':domainName', $domainName); $sql->bindParam(':domainID', $domainID); $serv_alias="www.".$subDomainName; $sql->bindParam(':hostName_new',$serv_alias); $sql->bindParam(':target_new', $targetIP); $time = time(); $sql->bindParam(':time', $time); $sql->execute(); unset($sql); $records_list = ctrl_options::GetSystemOption('dns_hasupdates'); $record_array = explode(',', $records_list); if (!in_array($domainID, $record_array)) { if (empty($records_list)) { $records_list .= $domainID; } else { $records_list .= ',' . $domainID; } $sql = "UPDATE x_settings SET so_value_tx=:newlist WHERE so_name_vc='dns_hasupdates'"; $sql = $this->zdbh->prepare($sql); $sql->bindParam(':newlist', $records_list); $sql->execute(); } $sql = $this->zdbh->prepare("UPDATE x_settings SET so_value_tx='true' WHERE so_name_vc='apache_changed'"); $sql->execute(); echo "DOMAIN_NAME_CREATED\n"; $this->HRPanelAISALib->SetWriteApacheConfigTrue(); $this->HRPanelAISALib->SetCallDaemon(); $hostname_pointed = DOMAIN_NAME_CREATED; } else { echo "DOMAIN_ALREADY_ADDED\n"; $hostname_pointed = DOMAIN_ALREADY_ADDED; } /* ////////////////////////////////////// Code for adding A record if it does not exists Ended HERE /////////////////////////////////// */ } else { echo "DOMAIN_NOT_CREATED\n"; $hostname_pointed = DOMAIN_NOT_CREATED; } return $hostname_pointed; } public function checkHostDomainNameNSisPointWithUs() { $hostdomainname = $this->hostdomainname; echo $hostdomainname."\n"; $dns_data = dns_get_record($hostdomainname); print_r($dns_data); $a_record = null; foreach($dns_data as $data) { if($data['type'] == 'NS') { $nameserver = trim($data['target']); break; } } $namserver_a_record = $this->getARecord($nameserver); $Current_IP_Addr = trim(ctrl_options::GetSystemOption('server_ip')); echo "Domain Nameserver :".$namserver_a_record."\n"; echo "Current IP Address :".$Current_IP_Addr."\n"; if($namserver_a_record != $Current_IP_Addr) { return false; } return true; } public function getARecord($domain_name) { $dns_data = dns_get_record($domain_name); $a_record = null; foreach($dns_data as $data) { if($data['type'] == 'A') { $a_record = trim($data['ip']); break; } } return $a_record; } public function checkHostNameARecord() { $hostname = $this->hostname; $hostArecord = $this->getARecord($hostname); if($hostArecord) { $Current_IP_Addr = trim(ctrl_options::GetSystemOption('server_ip')); if($hostArecord != $Current_IP_Addr) { return false; } return true; } else { return false; } } public function removeSSLCertKeyCA() { $filename = $this->mainConfFilePath; $filename = str_replace("/","\/",$filename); $cmd_remove_tls_spt_use_tls = "sed -i '/smtp_use_tls/d' $filename"; echo $cmd_remove_tls_spt_use_tls."\n"; $cmd_remove_tls_sptd_use_tls = "sed -i '/smtpd_use_tls/d' $filename"; echo $cmd_remove_tls_sptd_use_tls."\n"; $cmd_remove_tls_rec_header = "sed -i '/smtpd_tls_received_header/d' $filename"; echo $cmd_remove_tls_rec_header."\n"; $cmd_remove_tls_cache_tout = "sed -i '/smtpd_tls_session_cache_timeout/d' $filename"; echo $cmd_remove_tls_cache_tout."\n"; $cmd_remove_tls_secu_level = "sed -i '/smtpd_tls_security_level/d' $filename"; echo $cmd_remove_tls_secu_level."\n"; $cmd_remove_tls_note_sttls_offer = "sed -i '/smtp_tls_note_starttls_offer/d' $filename"; echo $cmd_remove_tls_note_sttls_offer."\n"; $cmd_remove_tls_rand_source = "sed -i '/tls_random_source/d' $filename"; echo $cmd_remove_tls_rand_source."\n"; $cmd_remove_tls_loglevel = "sed -i '/smtpd_tls_loglevel/d' $filename"; echo $cmd_remove_tls_secu_level."\n"; $cmd_remove_cert = "sed -i '/smtpd_tls_cert_file/d' $filename"; echo $cmd_remove_cert."\n"; $cmd_remove_ca = "sed -i '/smtpd_tls_CAfile/d' $filename"; echo $cmd_remove_ca."\n"; $cmd_remove_key = "sed -i '/smtpd_tls_key_file/d' $filename"; echo $cmd_remove_key."\n"; shell_exec($cmd_remove_tls_sptd_use_tls); shell_exec($cmd_remove_tls_spt_use_tls); shell_exec($cmd_remove_tls_rec_header); shell_exec($cmd_remove_tls_cache_tout); shell_exec($cmd_remove_tls_secu_level); shell_exec($cmd_remove_tls_note_sttls_offer); shell_exec($cmd_remove_tls_rand_source); shell_exec($cmd_remove_tls_loglevel); shell_exec($cmd_remove_cert); shell_exec($cmd_remove_ca); shell_exec($cmd_remove_key); return true; } public function CheckSSLCertKeyCA() { $filename = $this->mainConfFilePath; $check_ssl_cert = "grep smtpd_tls_cert_file $filename"; $check_ssl_key = "grep smtpd_tls_CAfile $filename"; $check_ssl_ca = "grep smtpd_tls_key_file $filename"; $ssl_cert_out = trim(shell_exec($check_ssl_cert)); $ssl_key_out = trim(shell_exec($check_ssl_key)); $ssl_ca_out = trim(shell_exec($check_ssl_ca)); if($ssl_cert_out && $ssl_key_out && $ssl_ca_out) { $output_of_ssl_ckc_check = $ssl_cert_out.":".$ssl_key_out.":".$ssl_ca_out; } else { $output_of_ssl_ckc_check = false; } return $output_of_ssl_ckc_check; } }