Pascal Dreissen
2016-07-08 f1193b43f4c9fd132741d30f03f0b35841011989
commit | author | age
396f0e 1 <?php
T 2
3 /*
4 Copyright (c) 2007, Till Brehm, projektfarm Gmbh
5 All rights reserved.
6
7 Redistribution and use in source and binary forms, with or without modification,
8 are permitted provided that the following conditions are met:
9
10     * Redistributions of source code must retain the above copyright notice,
11       this list of conditions and the following disclaimer.
12     * Redistributions in binary form must reproduce the above copyright notice,
13       this list of conditions and the following disclaimer in the documentation
14       and/or other materials provided with the distribution.
15     * Neither the name of ISPConfig nor the names of its contributors
16       may be used to endorse or promote products derived from this software without
17       specific prior written permission.
18
19 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
20 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
23 INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
24 BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
26 OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
28 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */
30
31 class shelluser_jailkit_plugin {
7fe908 32
396f0e 33     //* $plugin_name and $class_name have to be the same then the name of this class
T 34     var $plugin_name = 'shelluser_jailkit_plugin';
35     var $class_name = 'shelluser_jailkit_plugin';
b79d24 36     var $min_uid = 499;
7fe908 37
396f0e 38     //* This function is called during ispconfig installation to determine
T 39     //  if a symlink shall be created for this plugin.
40     function onInstall() {
41         global $conf;
7fe908 42
396f0e 43         if($conf['services']['web'] == true) {
T 44             return true;
45         } else {
46             return false;
47         }
7fe908 48
396f0e 49     }
7fe908 50
MC 51
396f0e 52     /*
T 53          This function is called when the plugin is loaded
54     */
7fe908 55
396f0e 56     function onLoad() {
T 57         global $app;
7fe908 58
396f0e 59         /*
T 60         Register for the events
61         */
9edea9 62         
7fe908 63         $app->plugins->registerEvent('shell_user_insert', $this->plugin_name, 'insert');
MC 64         $app->plugins->registerEvent('shell_user_update', $this->plugin_name, 'update');
65         $app->plugins->registerEvent('shell_user_delete', $this->plugin_name, 'delete');
9edea9 66         
7fe908 67
396f0e 68     }
7fe908 69
396f0e 70     //* This function is called, when a shell user is inserted in the database
7fe908 71     function insert($event_name, $data) {
396f0e 72         global $app, $conf;
7fe908 73
9edea9 74         $app->uses('system,getconf');
TB 75         
76         $security_config = $app->getconf->get_security_config('permissions');
77         if($security_config['allow_shell_user'] != 'yes') {
78             $app->log('Shell user plugin disabled by security settings.',LOGLEVEL_WARN);
79             return false;
80         }
81         
82         
cc7a82 83         $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $data['new']['parent_domain_id']);
7fe908 84
64ea56 85         if(!$app->system->is_allowed_user($data['new']['username'], false, false)
MC 86             || !$app->system->is_allowed_user($data['new']['puser'], true, true)
87             || !$app->system->is_allowed_group($data['new']['pgroup'], true, true)) {
88             $app->log('Shell user must not be root or in group root.',LOGLEVEL_WARN);
89             return false;
90         }
91
b79d24 92         if($app->system->is_user($data['new']['puser'])) {
FT 93             // Get the UID of the parent user
94             $uid = intval($app->system->getuid($data['new']['puser']));
95             if($uid > $this->min_uid) {
96             
97                 if($app->system->is_user($data['new']['username'])) {
7fe908 98
b79d24 99                     /**
FT 100                     * Setup Jailkit Chroot System If Enabled
101                     */
102
103                     if ($data['new']['chroot'] == "jailkit")
104                     {
7fe908 105
MC 106
b79d24 107                         // load the server configuration options
FT 108                         $app->uses("getconf");
109                         $this->data = $data;
110                         $this->app = $app;
111                         $this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit');
7fe908 112
b79d24 113                         $this->_update_website_security_level();
7fe908 114
b79d24 115                         $app->system->web_folder_protection($web['document_root'], false);
7fe908 116
b79d24 117                         $this->_setup_jailkit_chroot();
7fe908 118
b79d24 119                         $this->_add_jailkit_user();
7fe908 120
b79d24 121                         //* call the ssh-rsa update function
FT 122                         $this->_setup_ssh_rsa();
7fe908 123
b79d24 124                         //$command .= 'usermod -s /usr/sbin/jk_chrootsh -U '.escapeshellcmd($data['new']['username']);
FT 125                         //exec($command);
126                         $app->system->usermod($data['new']['username'], 0, 0, '', '/usr/sbin/jk_chrootsh', '', '');
7fe908 127
b79d24 128                         //* Unlock user
FT 129                         $command = 'usermod -U '.escapeshellcmd($data['new']['username']).' 2>/dev/null';
130                         exec($command);
7fe908 131
b79d24 132                         $this->_update_website_security_level();
FT 133                         $app->system->web_folder_protection($web['document_root'], true);
134                     }
7fe908 135
b79d24 136                     $app->log("Jailkit Plugin -> insert username:".$data['new']['username'], LOGLEVEL_DEBUG);
7fe908 137
b79d24 138                 } else {
FT 139                     $app->log("Jailkit Plugin -> insert username:".$data['new']['username']." skipped, the user does not exist.", LOGLEVEL_WARN);
140                 }
141             } else {
142                 $app->log("UID = $uid for shelluser:".$data['new']['username']." not allowed.", LOGLEVEL_ERROR);
396f0e 143             }
T 144         } else {
b79d24 145             $app->log("Skipping insertion of user:".$data['new']['username'].", parent user ".$data['new']['puser']." does not exist.", LOGLEVEL_WARN);
396f0e 146         }
7fe908 147
396f0e 148     }
7fe908 149
396f0e 150     //* This function is called, when a shell user is updated in the database
7fe908 151     function update($event_name, $data) {
396f0e 152         global $app, $conf;
7fe908 153
9edea9 154         $app->uses('system,getconf');
TB 155         
156         $security_config = $app->getconf->get_security_config('permissions');
157         if($security_config['allow_shell_user'] != 'yes') {
158             $app->log('Shell user plugin disabled by security settings.',LOGLEVEL_WARN);
159             return false;
160         }
161         
cc7a82 162         $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $data['new']['parent_domain_id']);
7fe908 163
64ea56 164         if(!$app->system->is_allowed_user($data['new']['username'], false, false)
MC 165             || !$app->system->is_allowed_user($data['new']['puser'], true, true)
166             || !$app->system->is_allowed_group($data['new']['pgroup'], true, true)) {
167             $app->log('Shell user must not be root or in group root.',LOGLEVEL_WARN);
168             return false;
169         }
170
b79d24 171         if($app->system->is_user($data['new']['puser'])) {
FT 172             // Get the UID of the parent user
173             $uid = intval($app->system->getuid($data['new']['puser']));
174             if($uid > $this->min_uid) {
175             
176             
177                 if($app->system->is_user($data['new']['username'])) {
7fe908 178
b79d24 179                     /**
FT 180                     * Setup Jailkit Chroot System If Enabled
181                     */
182                     if ($data['new']['chroot'] == "jailkit")
183                     {
7fe908 184
b79d24 185                         // load the server configuration options
FT 186                         $app->uses("getconf");
187                         $this->data = $data;
188                         $this->app = $app;
189                         $this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit');
7fe908 190
b79d24 191                         $this->_update_website_security_level();
7fe908 192
b79d24 193                         $app->system->web_folder_protection($web['document_root'], false);
7fe908 194
b79d24 195                         $this->_setup_jailkit_chroot();
FT 196                         $this->_add_jailkit_user();
7fe908 197
b79d24 198                         //* call the ssh-rsa update function
FT 199                         $this->_setup_ssh_rsa();
7fe908 200
b79d24 201                         $this->_update_website_security_level();
7fe908 202
b79d24 203                         $app->system->web_folder_protection($web['document_root'], true);
FT 204                     }
7fe908 205
b79d24 206                     $app->log("Jailkit Plugin -> update username:".$data['new']['username'], LOGLEVEL_DEBUG);
7fe908 207
b79d24 208                 } else {
FT 209                     $app->log("Jailkit Plugin -> update username:".$data['new']['username']." skipped, the user does not exist.", LOGLEVEL_WARN);
210                 }
211             } else {
212                 $app->log("UID = $uid for shelluser:".$data['new']['username']." not allowed.", LOGLEVEL_ERROR);
396f0e 213             }
T 214         } else {
b79d24 215             $app->log("Skipping update for user:".$data['new']['username'].", parent user ".$data['new']['puser']." does not exist.", LOGLEVEL_WARN);
396f0e 216         }
7fe908 217
396f0e 218     }
7fe908 219
396f0e 220     //* This function is called, when a shell user is deleted in the database
T 221     /**
222      * TODO: Remove chroot user home and from the chroot passwd file
7fe908 223      */
MC 224     function delete($event_name, $data) {
396f0e 225         global $app, $conf;
7fe908 226
9edea9 227         $app->uses('system,getconf');
TB 228         
229         $security_config = $app->getconf->get_security_config('permissions');
230         if($security_config['allow_shell_user'] != 'yes') {
231             $app->log('Shell user plugin disabled by security settings.',LOGLEVEL_WARN);
232             return false;
233         }
7fe908 234
cc7a82 235         $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $data['old']['parent_domain_id']);
7fe908 236
396f0e 237         if ($data['old']['chroot'] == "jailkit")
T 238         {
239             $app->uses("getconf");
240             $this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit');
7fe908 241
396f0e 242             $jailkit_chroot_userhome = $this->_get_home_dir($data['old']['username']);
7fe908 243
396f0e 244             //commented out proved to be dangerous on config errors
T 245             //exec('rm -rf '.$data['old']['dir'].$jailkit_chroot_userhome);
7fe908 246
MC 247             $app->system->web_folder_protection($web['document_root'], false);
be08cd 248             
TB 249             $userid = intval($app->system->getuid($data['old']['username']));
250             $command = 'killall -u '.escapeshellcmd($data['old']['username']).' ; ';
251             $command .= 'userdel -f '.escapeshellcmd($data['old']['username']).' &> /dev/null';
252             exec($command);
253             
437887 254             // Remove the jailed user from passwd and shadow file inside the jail
TB 255             $app->system->removeLine($data['old']['dir'].'/etc/passwd', $data['old']['username']);
256             $app->system->removeLine($data['old']['dir'].'/etc/shadow', $data['old']['username']);
7fe908 257
396f0e 258             if(@is_dir($data['old']['dir'].$jailkit_chroot_userhome)) {
a7e4ec 259                 $this->_delete_homedir($data['old']['dir'].$jailkit_chroot_userhome,$userid,$data['old']['parent_domain_id']);
TB 260                 
7fe908 261                 $app->log("Jailkit Plugin -> delete chroot home:".$data['old']['dir'].$jailkit_chroot_userhome, LOGLEVEL_DEBUG);
396f0e 262             }
7fe908 263
MC 264             $app->system->web_folder_protection($web['document_root'], true);
265
396f0e 266         }
7fe908 267
MC 268         $app->log("Jailkit Plugin -> delete username:".$data['old']['username'], LOGLEVEL_DEBUG);
269
270
396f0e 271     }
7fe908 272
396f0e 273     function _setup_jailkit_chroot()
T 274     {
7fe908 275         global $app;
MC 276
277         //check if the chroot environment is created yet if not create it with a list of program sections from the config
278         if (!is_dir($this->data['new']['dir'].'/etc/jailkit'))
279         {
280             $command = '/usr/local/ispconfig/server/scripts/create_jailkit_chroot.sh';
281             $command .= ' '.escapeshellcmd($this->data['new']['dir']);
282             $command .= ' \''.$this->jailkit_config['jailkit_chroot_app_sections'].'\'';
283             exec($command.' 2>/dev/null');
284
285             $this->app->log("Added jailkit chroot with command: ".$command, LOGLEVEL_DEBUG);
286
287             $this->_add_jailkit_programs();
288
289             //add bash.bashrc script
290             //we need to collect the domain name to be used as the HOSTNAME in the bashrc script
cc7a82 291             $web = $this->app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id = ?", $this->data['new']["parent_domain_id"]);
7fe908 292
MC 293             $this->app->load('tpl');
294
295             $tpl = new tpl();
296             $tpl->newTemplate("bash.bashrc.master");
297
298             $tpl->setVar('jailkit_chroot', true);
299             $tpl->setVar('domain', $web['domain']);
300             $tpl->setVar('home_dir', $this->_get_home_dir(""));
301
302             $bashrc = escapeshellcmd($this->data['new']['dir']).'/etc/bash.bashrc';
303             if(@is_file($bashrc) || @is_link($bashrc)) unlink($bashrc);
304
305             file_put_contents($bashrc, $tpl->grab());
306             unset($tpl);
307
d22277 308             $this->app->log("Added bashrc script: ".$bashrc, LOGLEVEL_DEBUG);
7fe908 309
MC 310             $tpl = new tpl();
311             $tpl->newTemplate("motd.master");
312
313             $tpl->setVar('domain', $web['domain']);
314
315             $motd = escapeshellcmd($this->data['new']['dir']).'/var/run/motd';
316             if(@is_file($motd) || @is_link($motd)) unlink($motd);
317
318             $app->system->file_put_contents($motd, $tpl->grab());
319
320         }
396f0e 321     }
7fe908 322
396f0e 323     function _add_jailkit_programs()
T 324     {
d22277 325         $jailkit_chroot_app_programs = preg_split("/[\s,]+/", $this->jailkit_config['jailkit_chroot_app_programs']);
MB 326         if(is_array($jailkit_chroot_app_programs) && !empty($jailkit_chroot_app_programs)){
327             foreach($jailkit_chroot_app_programs as $jailkit_chroot_app_program){
328                 $jailkit_chroot_app_program = trim($jailkit_chroot_app_program);
329                 if(is_file($jailkit_chroot_app_program) || is_dir($jailkit_chroot_app_program)){            
330                     //copy over further programs and its libraries
331                     $command = '/usr/local/ispconfig/server/scripts/create_jailkit_programs.sh';
332                     $command .= ' '.escapeshellcmd($this->data['new']['dir']);
333                     $command .= ' '.$jailkit_chroot_app_program;
334                     exec($command.' 2>/dev/null');
7fe908 335
d22277 336                     $this->app->log("Added programs to jailkit chroot with command: ".$command, LOGLEVEL_DEBUG);
MB 337                 }
338             }
339         }
396f0e 340     }
7fe908 341
396f0e 342     function _get_home_dir($username)
T 343     {
7fe908 344         return str_replace("[username]", escapeshellcmd($username), $this->jailkit_config['jailkit_chroot_home']);
396f0e 345     }
7fe908 346
396f0e 347     function _add_jailkit_user()
T 348     {
7fe908 349         global $app;
MC 350
351         //add the user to the chroot
352         $jailkit_chroot_userhome = $this->_get_home_dir($this->data['new']['username']);
353         $jailkit_chroot_puserhome = $this->_get_home_dir($this->data['new']['puser']);
354
355         if(!is_dir($this->data['new']['dir'].'/etc')) mkdir($this->data['new']['dir'].'/etc', 0755);
356         if(!is_file($this->data['new']['dir'].'/etc/passwd')) touch($this->data['new']['dir'].'/etc/passwd', 0755);
357
358         // IMPORTANT!
359         // ALWAYS create the user. Even if the user was created before
360         // if we check if the user exists, then a update (no shell -> jailkit) will not work
361         // and the user has FULL ACCESS to the root of the server!
362         $command = '/usr/local/ispconfig/server/scripts/create_jailkit_user.sh';
363         $command .= ' '.escapeshellcmd($this->data['new']['username']);
364         $command .= ' '.escapeshellcmd($this->data['new']['dir']);
365         $command .= ' '.$jailkit_chroot_userhome;
366         $command .= ' '.escapeshellcmd($this->data['new']['shell']);
367         $command .= ' '.$this->data['new']['puser'];
368         $command .= ' '.$jailkit_chroot_puserhome;
369         exec($command.' 2>/dev/null');
370
371         //* Change the homedir of the shell user and parent user
372         //* We have to do this manually as the usermod command fails
373         //* when the user is logged in or a command is running under that user
374         /*
8cf78b 375             $passwd_file_array = file('/etc/passwd');
T 376             $passwd_out = '';
377             if(is_array($passwd_file_array)) {
378                 foreach($passwd_file_array as $line) {
379                     $line = trim($line);
380                     $parts = explode(':',$line);
381                     if($parts[0] == $this->data['new']['username']) {
382                         $parts[5] = escapeshellcmd($this->data['new']['dir'].'/.'.$jailkit_chroot_userhome);
383                         $parts[6] = escapeshellcmd('/usr/sbin/jk_chrootsh');
384                         $new_line = implode(':',$parts);
385                         copy('/etc/passwd','/etc/passwd~');
386                         chmod('/etc/passwd~',0600);
387                         $app->uses('system');
388                         $app->system->replaceLine('/etc/passwd',$line,$new_line,1,0);
389                     }
390                 }
ff6a68 391             }*/
7fe908 392
a71305 393         $shell = '/usr/sbin/jk_chrootsh';
MB 394         if($this->data['new']['active'] != 'y') $shell = '/bin/false';
395         
396         $app->system->usermod($this->data['new']['username'], 0, 0, $this->data['new']['dir'].'/.'.$jailkit_chroot_userhome, $shell);
7fe908 397         $app->system->usermod($this->data['new']['puser'], 0, 0, $this->data['new']['dir'].'/.'.$jailkit_chroot_userhome, '/usr/sbin/jk_chrootsh');
MC 398
399         $this->app->log("Added jailkit user to chroot with command: ".$command, LOGLEVEL_DEBUG);
400
401         if(!is_dir($this->data['new']['dir'].$jailkit_chroot_userhome)) mkdir(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_userhome), 0755, true);
402         $app->system->chown(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_userhome), $this->data['new']['username']);
403         $app->system->chgrp(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_userhome), $this->data['new']['pgroup']);
404
405         $this->app->log("Added created jailkit user home in : ".$this->data['new']['dir'].$jailkit_chroot_userhome, LOGLEVEL_DEBUG);
406
407         if(!is_dir($this->data['new']['dir'].$jailkit_chroot_puserhome)) mkdir(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome), 0755, true);
408         $app->system->chown(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome), $this->data['new']['puser']);
409         $app->system->chgrp(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome), $this->data['new']['pgroup']);
410
411         $this->app->log("Added jailkit parent user home in : ".$this->data['new']['dir'].$jailkit_chroot_puserhome, LOGLEVEL_DEBUG);
412
8cf78b 413
396f0e 414     }
7fe908 415
8db8f3 416     //* Update the website root directory permissions depending on the security level
T 417     function _update_website_security_level() {
7fe908 418         global $app, $conf;
MC 419
8db8f3 420         // load the server configuration options
T 421         $app->uses("getconf");
422         $web_config = $app->getconf->get_server_config($conf["server_id"], 'web');
7fe908 423
8db8f3 424         // Get the parent website of this shell user
cc7a82 425         $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $this->data['new']['parent_domain_id']);
7fe908 426
8db8f3 427         //* If the security level is set to high
ff6a68 428         if($web_config['security_level'] == 20 && is_array($web)) {
7fe908 429             $app->system->web_folder_protection($web["document_root"], false);
MC 430             $app->system->chmod($web["document_root"], 0755);
431             $app->system->chown($web["document_root"], 'root');
432             $app->system->chgrp($web["document_root"], 'root');
433             $app->system->web_folder_protection($web["document_root"], true);
8db8f3 434         }
7fe908 435
8db8f3 436     }
7fe908 437
07bdbd 438     //* Wrapper for exec function for easier debugging
T 439     private function _exec($command) {
440         global $app;
7fe908 441         $app->log('exec: '.$command, LOGLEVEL_DEBUG);
07bdbd 442         exec($command);
T 443     }
396f0e 444
00a055 445     private function _setup_ssh_rsa() {
8ab3cd 446         global $app;
7fe908 447         $this->app->log("ssh-rsa setup shelluser_jailkit", LOGLEVEL_DEBUG);
00a055 448         // Get the client ID, username, and the key
cc7a82 449         $domain_data = $this->app->db->queryOneRecord('SELECT sys_groupid FROM web_domain WHERE web_domain.domain_id = ?', $this->data['new']['parent_domain_id']);
MC 450         $sys_group_data = $this->app->db->queryOneRecord('SELECT * FROM sys_group WHERE sys_group.groupid = ?', $domain_data['sys_groupid']);
00a055 451         $id = intval($sys_group_data['client_id']);
L 452         $username= $sys_group_data['name'];
cc7a82 453         $client_data = $this->app->db->queryOneRecord('SELECT * FROM client WHERE client.client_id = ?', $id);
00a055 454         $userkey = $client_data['ssh_rsa'];
L 455         unset($domain_data);
456         unset($client_data);
7fe908 457
00a055 458         // ssh-rsa authentication variables
8ab3cd 459         $sshrsa = $this->data['new']['ssh_rsa'];
00a055 460         $usrdir = escapeshellcmd($this->data['new']['dir']).'/'.$this->_get_home_dir($this->data['new']['username']);
8ab3cd 461         $sshdir = $usrdir.'/.ssh';
T 462         $sshkeys= $usrdir.'/.ssh/authorized_keys';
7fe908 463
8ab3cd 464         $app->uses('file');
T 465         $sshrsa = $app->file->unix_nl($sshrsa);
7fe908 466         $sshrsa = $app->file->remove_blank_lines($sshrsa, 0);
MC 467
00a055 468         // If this user has no key yet, generate a pair
8ab3cd 469         if ($userkey == '' && $id > 0){
00a055 470             //Generate ssh-rsa-keys
L 471             exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
7fe908 472
8ab3cd 473             // use the public key that has been generated
4bd960 474             $userkey = $app->system->file_get_contents('/tmp/id_rsa.pub');
7fe908 475
00a055 476             // save keypair in client table
cc7a82 477             $this->app->db->query("UPDATE client SET created_at = UNIX_TIMESTAMP(), id_rsa = ? ssh_rsa = ? WHERE client_id = ?", $app->system->file_get_contents('/tmp/id_rsa'), $userkey, $id);
8ab3cd 478
4bd960 479             $app->system->unlink('/tmp/id_rsa');
T 480             $app->system->unlink('/tmp/id_rsa.pub');
7fe908 481             $this->app->log("ssh-rsa keypair generated for ".$username, LOGLEVEL_DEBUG);
00a055 482         };
7fe908 483
8ab3cd 484         if (!file_exists($sshkeys)){
00a055 485             // add root's key
8ab3cd 486             $app->file->mkdirs($sshdir, '0755');
4bd960 487             if(is_file('/root/.ssh/authorized_keys')) $app->system->file_put_contents($sshkeys, $app->system->file_get_contents('/root/.ssh/authorized_keys'));
7fe908 488
8ab3cd 489             // Remove duplicate keys
26c0fc 490             $existing_keys = @file($sshkeys);
8ab3cd 491             $new_keys = explode("\n", $userkey);
26c0fc 492             $final_keys_arr = @array_merge($existing_keys, $new_keys);
8ab3cd 493             $new_final_keys_arr = array();
T 494             if(is_array($final_keys_arr) && !empty($final_keys_arr)){
495                 foreach($final_keys_arr as $key => $val){
496                     $new_final_keys_arr[$key] = trim($val);
497                 }
498             }
499             $final_keys = implode("\n", array_flip(array_flip($new_final_keys_arr)));
7fe908 500
00a055 501             // add the user's key
8ab3cd 502             file_put_contents($sshkeys, $final_keys);
T 503             $app->file->remove_blank_lines($sshkeys);
7fe908 504             $this->app->log("ssh-rsa authorisation keyfile created in ".$sshkeys, LOGLEVEL_DEBUG);
00a055 505         }
8cf78b 506         //* Get the keys
T 507         $existing_keys = file($sshkeys);
508         $new_keys = explode("\n", $sshrsa);
7fe908 509         $old_keys = explode("\n", $this->data['old']['ssh_rsa']);
MC 510
8cf78b 511         //* Remove all old keys
T 512         if(is_array($old_keys)) {
513             foreach($old_keys as $key => $val) {
7fe908 514                 $k = array_search(trim($val), $existing_keys);
8cf78b 515                 unset($existing_keys[$k]);
T 516             }
00a055 517         }
7fe908 518
8cf78b 519         //* merge the remaining keys and the ones fom the ispconfig database.
T 520         if(is_array($new_keys)) {
521             $final_keys_arr = array_merge($existing_keys, $new_keys);
522         } else {
523             $final_keys_arr = $existing_keys;
524         }
7fe908 525
8cf78b 526         $new_final_keys_arr = array();
T 527         if(is_array($final_keys_arr) && !empty($final_keys_arr)){
528             foreach($final_keys_arr as $key => $val){
529                 $new_final_keys_arr[$key] = trim($val);
530             }
531         }
532         $final_keys = implode("\n", array_flip(array_flip($new_final_keys_arr)));
7fe908 533
MC 534         // add the custom key
4bd960 535         $app->system->file_put_contents($sshkeys, $final_keys);
8cf78b 536         $app->file->remove_blank_lines($sshkeys);
7fe908 537         $this->app->log("ssh-rsa key updated in ".$sshkeys, LOGLEVEL_DEBUG);
MC 538
00a055 539         // set proper file permissions
8cf78b 540         exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$sshdir);
T 541         exec("chmod 700 ".$sshdir);
00a055 542         exec("chmod 600 '$sshkeys'");
7fe908 543
00a055 544     }
a7e4ec 545     
TB 546     private function _delete_homedir($homedir,$userid,$parent_domain_id) {
547         global $app, $conf;
548         
549         // check if we have to delete the dir
cc7a82 550                 $check = $app->db->queryOneRecord('SELECT shell_user_id FROM `shell_user` WHERE `dir` = ?', $homedir);
a7e4ec 551                 
TB 552                 if(!$check && is_dir($homedir)) {
cc7a82 553                     $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $parent_domain_id);
a7e4ec 554                     $app->system->web_folder_protection($web['document_root'], false);
TB 555                     
556                     // delete dir
557                     if(substr($homedir, -1) !== '/') $homedir .= '/';
558                     $files = array('.bash_logout', '.bash_history', '.bashrc', '.profile');
65a0b9 559                     $dirs = array('.ssh', '.cache');
a7e4ec 560                     foreach($files as $delfile) {
TB 561                         if(is_file($homedir . $delfile) && fileowner($homedir . $delfile) == $userid) unlink($homedir . $delfile);
562                     }
563                     foreach($dirs as $deldir) {
564                         if(is_dir($homedir . $deldir) && fileowner($homedir . $deldir) == $userid) exec('rm -rf ' . escapeshellarg($homedir . $deldir));
565                     }
566                     $empty = true;
567                     $dirres = opendir($homedir);
568                     if($dirres) {
569                         while(($entry = readdir($dirres)) !== false) {
570                             if($entry != '.' && $entry != '..') {
571                                 $empty = false;
572                                 break;
573                             }
574                         }
575                         closedir($dirres);
576                     }
577                     if($empty == true) {
578                         rmdir($homedir);
579                     }
580                     unset($files);
581                     unset($dirs);
582                     
583                     $app->system->web_folder_protection($web['document_root'], true);
584                 }
585     
586     }
7fe908 587
396f0e 588 } // end class
T 589
8e725d 590 ?>