commit | author | age
|
6a95c8
|
1 |
<?php |
D |
2 |
|
|
3 |
/* |
436ed8
|
4 |
Copyright (c) 2007, Till Brehm, projektfarm Gmbh |
6a95c8
|
5 |
All rights reserved. |
D |
6 |
|
|
7 |
Redistribution and use in source and binary forms, with or without modification, |
|
8 |
are permitted provided that the following conditions are met: |
|
9 |
|
|
10 |
* Redistributions of source code must retain the above copyright notice, |
|
11 |
this list of conditions and the following disclaimer. |
|
12 |
* Redistributions in binary form must reproduce the above copyright notice, |
|
13 |
this list of conditions and the following disclaimer in the documentation |
|
14 |
and/or other materials provided with the distribution. |
|
15 |
* Neither the name of ISPConfig nor the names of its contributors |
|
16 |
may be used to endorse or promote products derived from this software without |
|
17 |
specific prior written permission. |
|
18 |
|
|
19 |
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND |
|
20 |
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
|
21 |
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
|
22 |
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, |
|
23 |
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, |
|
24 |
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
|
25 |
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY |
|
26 |
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING |
|
27 |
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, |
|
28 |
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
29 |
*/ |
|
30 |
|
|
31 |
class shelluser_jailkit_plugin { |
|
32 |
|
|
33 |
//* $plugin_name and $class_name have to be the same then the name of this class |
|
34 |
var $plugin_name = 'shelluser_jailkit_plugin'; |
|
35 |
var $class_name = 'shelluser_jailkit_plugin'; |
|
36 |
|
392450
|
37 |
//* This function is called during ispconfig installation to determine |
T |
38 |
// if a symlink shall be created for this plugin. |
|
39 |
function onInstall() { |
|
40 |
global $conf; |
|
41 |
|
|
42 |
if($conf['services']['web'] == true) { |
|
43 |
return true; |
|
44 |
} else { |
|
45 |
return false; |
|
46 |
} |
|
47 |
|
|
48 |
} |
|
49 |
|
6a95c8
|
50 |
|
D |
51 |
/* |
|
52 |
This function is called when the plugin is loaded |
|
53 |
*/ |
|
54 |
|
|
55 |
function onLoad() { |
|
56 |
global $app; |
|
57 |
|
|
58 |
/* |
|
59 |
Register for the events |
|
60 |
*/ |
|
61 |
|
|
62 |
$app->plugins->registerEvent('shell_user_insert',$this->plugin_name,'insert'); |
|
63 |
$app->plugins->registerEvent('shell_user_update',$this->plugin_name,'update'); |
|
64 |
$app->plugins->registerEvent('shell_user_delete',$this->plugin_name,'delete'); |
|
65 |
|
|
66 |
|
|
67 |
} |
|
68 |
|
|
69 |
//* This function is called, when a shell user is inserted in the database |
|
70 |
function insert($event_name,$data) { |
|
71 |
global $app, $conf; |
|
72 |
|
74ba4e
|
73 |
$app->uses('system'); |
6a95c8
|
74 |
|
74ba4e
|
75 |
if($app->system->is_user($data['new']['username'])) { |
T |
76 |
|
|
77 |
/** |
|
78 |
* Setup Jailkit Chroot System If Enabled |
|
79 |
*/ |
|
80 |
if ($data['new']['chroot'] == "jailkit") |
|
81 |
{ |
|
82 |
// load the server configuration options |
|
83 |
$app->uses("getconf"); |
|
84 |
$this->data = $data; |
|
85 |
$this->app = $app; |
|
86 |
$this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit'); |
|
87 |
|
|
88 |
$this->_setup_jailkit_chroot(); |
8eafce
|
89 |
|
T |
90 |
$command .= 'usermod --unlock '.escapeshellcmd($data['new']['username']); |
|
91 |
exec($command); |
|
92 |
|
74ba4e
|
93 |
$this->_add_jailkit_user(); |
T |
94 |
} |
|
95 |
|
467024
|
96 |
$app->log("Jailkit Plugin -> insert username:".$data['new']['username'],LOGLEVEL_DEBUG); |
74ba4e
|
97 |
|
T |
98 |
} else { |
467024
|
99 |
$app->log("Jailkit Plugin -> insert username:".$data['new']['username']." skipped, the user does not exist.",LOGLEVEL_WARN); |
74ba4e
|
100 |
} |
6a95c8
|
101 |
|
D |
102 |
} |
|
103 |
|
|
104 |
//* This function is called, when a shell user is updated in the database |
|
105 |
function update($event_name,$data) { |
|
106 |
global $app, $conf; |
|
107 |
|
74ba4e
|
108 |
$app->uses('system'); |
6a95c8
|
109 |
|
74ba4e
|
110 |
if($app->system->is_user($data['new']['username'])) { |
T |
111 |
|
|
112 |
/** |
|
113 |
* Setup Jailkit Chroot System If Enabled |
|
114 |
*/ |
|
115 |
if ($data['new']['chroot'] == "jailkit") |
|
116 |
{ |
|
117 |
// load the server configuration options |
|
118 |
$app->uses("getconf"); |
|
119 |
$this->data = $data; |
|
120 |
$this->app = $app; |
|
121 |
$this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit'); |
|
122 |
|
|
123 |
$this->_setup_jailkit_chroot(); |
|
124 |
$this->_add_jailkit_user(); |
|
125 |
} |
|
126 |
|
467024
|
127 |
$app->log("Jailkit Plugin -> update username:".$data['new']['username'],LOGLEVEL_DEBUG); |
74ba4e
|
128 |
|
T |
129 |
} else { |
467024
|
130 |
$app->log("Jailkit Plugin -> update username:".$data['new']['username']." skipped, the user does not exist.",LOGLEVEL_WARN); |
74ba4e
|
131 |
} |
6a95c8
|
132 |
|
D |
133 |
} |
|
134 |
|
|
135 |
//* This function is called, when a shell user is deleted in the database |
61d290
|
136 |
/** |
D |
137 |
* TODO: Remove chroot user home and from the chroot passwd file |
|
138 |
*/ |
6a95c8
|
139 |
function delete($event_name,$data) { |
D |
140 |
global $app, $conf; |
|
141 |
|
74ba4e
|
142 |
$app->uses('system'); |
T |
143 |
|
6a95c8
|
144 |
if ($data['old']['chroot'] == "jailkit") |
D |
145 |
{ |
|
146 |
$app->uses("getconf"); |
|
147 |
$this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit'); |
|
148 |
|
|
149 |
$jailkit_chroot_userhome = $this->_get_home_dir($data['old']['username']); |
|
150 |
|
61d290
|
151 |
//commented out proved to be dangerous on config errors |
D |
152 |
//exec('rm -rf '.$data['old']['dir'].$jailkit_chroot_userhome); |
6a95c8
|
153 |
|
D |
154 |
|
467024
|
155 |
$app->log("Jailkit Plugin -> delete chroot home:".$data['old']['dir'].$jailkit_chroot_userhome,LOGLEVEL_DEBUG); |
6a95c8
|
156 |
} |
D |
157 |
|
467024
|
158 |
$app->log("Jailkit Plugin -> delete username:".$data['old']['username'],LOGLEVEL_DEBUG); |
6a95c8
|
159 |
|
D |
160 |
|
|
161 |
} |
|
162 |
|
|
163 |
function _setup_jailkit_chroot() |
|
164 |
{ |
|
165 |
//check if the chroot environment is created yet if not create it with a list of program sections from the config |
|
166 |
if (!is_dir($this->data['new']['dir'].'/etc/jailkit')) |
|
167 |
{ |
|
168 |
$command = '/usr/local/ispconfig/server/scripts/create_jailkit_chroot.sh'; |
|
169 |
$command .= ' '.escapeshellcmd($this->data['new']['dir']); |
|
170 |
$command .= ' \''.$this->jailkit_config['jailkit_chroot_app_sections'].'\''; |
|
171 |
exec($command); |
|
172 |
|
|
173 |
$this->app->log("Added jailkit chroot with command: ".$command,LOGLEVEL_DEBUG); |
|
174 |
|
|
175 |
$this->_add_jailkit_programs(); |
|
176 |
|
61d290
|
177 |
//add bash.bashrc script |
D |
178 |
//we need to collect the domain name to be used as the HOSTNAME in the bashrc script |
|
179 |
$web = $this->app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id = ".intval($this->data['new']["parent_domain_id"])); |
|
180 |
|
|
181 |
$this->app->load('tpl'); |
|
182 |
|
|
183 |
$tpl = new tpl(); |
|
184 |
$tpl->newTemplate("bash.bashrc.master"); |
|
185 |
|
|
186 |
$tpl->setVar('jailkit_chroot',true); |
|
187 |
$tpl->setVar('domain',$web['domain']); |
|
188 |
$tpl->setVar('home_dir',$this->_get_home_dir("")); |
|
189 |
|
|
190 |
$bashrc = escapeshellcmd($this->data['new']['dir']).'/etc/bash.bashrc'; |
42b385
|
191 |
if(@is_file($bashrc)) exec('rm '.$bashrc); |
61d290
|
192 |
|
D |
193 |
file_put_contents($bashrc,$tpl->grab()); |
|
194 |
unset($tpl); |
|
195 |
|
|
196 |
$this->app->log("Added bashrc scrpt : ".$bashrc,LOGLEVEL_DEBUG); |
|
197 |
|
|
198 |
$tpl = new tpl(); |
|
199 |
$tpl->newTemplate("motd.master"); |
|
200 |
|
|
201 |
$tpl->setVar('domain',$web['domain']); |
|
202 |
|
|
203 |
$motd = escapeshellcmd($this->data['new']['dir']).'/var/run/motd'; |
42b385
|
204 |
if(@is_file($motd)) exec('rm '.$motd); |
61d290
|
205 |
|
D |
206 |
file_put_contents($motd,$tpl->grab()); |
6a95c8
|
207 |
|
D |
208 |
} |
|
209 |
} |
|
210 |
|
|
211 |
function _add_jailkit_programs() |
|
212 |
{ |
|
213 |
//copy over further programs and its libraries |
|
214 |
$command = '/usr/local/ispconfig/server/scripts/create_jailkit_programs.sh'; |
|
215 |
$command .= ' '.escapeshellcmd($this->data['new']['dir']); |
|
216 |
$command .= ' \''.$this->jailkit_config['jailkit_chroot_app_programs'].'\''; |
|
217 |
exec($command); |
|
218 |
|
|
219 |
$this->app->log("Added programs to jailkit chroot with command: ".$command,LOGLEVEL_DEBUG); |
|
220 |
} |
|
221 |
|
|
222 |
function _get_home_dir($username) |
|
223 |
{ |
|
224 |
return str_replace("[username]",escapeshellcmd($username),$this->jailkit_config["jailkit_chroot_home"]); |
|
225 |
} |
|
226 |
|
|
227 |
function _add_jailkit_user() |
|
228 |
{ |
|
229 |
//add the user to the chroot |
|
230 |
$jailkit_chroot_userhome = $this->_get_home_dir($this->data['new']['username']); |
|
231 |
$jailkit_chroot_puserhome = $this->_get_home_dir($this->data['new']['puser']); |
|
232 |
|
99dca3
|
233 |
// IMPORTANT! |
V |
234 |
// ALWAYS create the user. Even if the user was created before |
|
235 |
// if we check if the user exists, then a update (no shell -> jailkit) will not work |
|
236 |
// and the user has FULL ACCESS to the root of the server! |
|
237 |
$command = '/usr/local/ispconfig/server/scripts/create_jailkit_user.sh'; |
|
238 |
$command .= ' '.escapeshellcmd($this->data['new']['username']); |
|
239 |
$command .= ' '.escapeshellcmd($this->data['new']['dir']); |
|
240 |
$command .= ' '.$jailkit_chroot_userhome; |
|
241 |
$command .= ' '.escapeshellcmd($this->data['new']['shell']); |
|
242 |
$command .= ' '.$this->data['new']['puser']; |
|
243 |
$command .= ' '.$jailkit_chroot_puserhome; |
|
244 |
exec($command); |
6a95c8
|
245 |
|
99dca3
|
246 |
$this->app->log("Added jailkit user to chroot with command: ".$command,LOGLEVEL_DEBUG); |
6a95c8
|
247 |
|
99dca3
|
248 |
exec("mkdir -p ".escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_userhome)); |
V |
249 |
exec("chown ".$this->data['new']['username'].":".$this->data['new']['pgroup']." ".escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_userhome)); |
6a95c8
|
250 |
|
99dca3
|
251 |
$this->app->log("Added created jailkit user home in : ".$this->data['new']['dir'].$jailkit_chroot_userhome,LOGLEVEL_DEBUG); |
V |
252 |
|
|
253 |
exec("mkdir -p ".escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome)); |
|
254 |
exec("chown ".$this->data['new']['puser'].":".$this->data['new']['pgroup']." ".escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome)); |
6a95c8
|
255 |
|
99dca3
|
256 |
$this->app->log("Added created jailkit parent user home in : ".$this->data['new']['dir'].$jailkit_chroot_puserhome,LOGLEVEL_DEBUG); |
6a95c8
|
257 |
} |
D |
258 |
|
|
259 |
|
|
260 |
|
|
261 |
} // end class |
|
262 |
|
|
263 |
?> |