tbrehm
2012-08-14 ff6a68388bcf9524f5dc7380c44f826aa9e1bf19
Fixed: FS#2287 - Changing chroot shell option doesnt work
5 files modified
134 ■■■■■ changed files
server/lib/classes/monitor_tools.inc.php 3 ●●●● patch | view | raw | blame | history
server/lib/classes/system.inc.php 98 ●●●●● patch | view | raw | blame | history
server/plugins-available/shelluser_base_plugin.inc.php 4 ●●●● patch | view | raw | blame | history
server/plugins-available/shelluser_jailkit_plugin.inc.php 27 ●●●● patch | view | raw | blame | history
server/server.php 2 ●●● patch | view | raw | blame | history
server/lib/classes/monitor_tools.inc.php
@@ -117,7 +117,6 @@
                    $relname = "UNKNOWN";
                }
                $distver = $ver.$lts." ".$relname;
                swriteln("Operating System: ".$distver."\n");
            } elseif(trim(file_get_contents('/etc/debian_version')) == '4.0') {
                $distname = 'Debian';
                $distver = '4.0';
@@ -1149,6 +1148,7 @@
            $data['output'] = shell_exec('tw_cli info c0');
            $state = 'ok';
            if(is_array($data['output'])) {
            foreach ($data['output'] as $item) {
                if (strpos($item, 'RAID') !== false) {
                    if (strpos($item, ' VERIFYING ') !== false) {
@@ -1192,6 +1192,7 @@
                    }
                }
            }
            }
        }
server/lib/classes/system.inc.php
@@ -737,6 +737,7 @@
          }
    }
    
    /*
    function usermod($user, $groups){
        global $app;
          if($this->is_user($user)){
@@ -776,6 +777,7 @@
            return false;
          }
    }
    */
    
    /**boot autostart etc
     *
@@ -1396,6 +1398,102 @@
            if($document_root != '' && $document_root != '/' && strlen($document_root) > 6 && !stristr($document_root,'..')) exec('chattr -i '.escapeshellcmd($document_root));
        }
    }
    function usermod($username, $uid = 0, $gid = 0, $home = '', $shell = '', $password = '', $login = '') {
        global $app;
        if($login == '') $login = $username;
        //* Change values in /etc/passwd
        $passwd_file_array = file('/etc/passwd');
        if(is_array($passwd_file_array)) {
            foreach($passwd_file_array as $line) {
                $line = trim($line);
                $parts = explode(':',$line);
                if($parts[0] == $username) {
                    if(trim($login) != '' && trim($login) != trim($username)) $parts[0] = trim($login);
                    if(!empty($uid)) $parts[2] = trim($uid);
                    if(!empty($gid)) $parts[3] = trim($gid);
                    if(trim($home) != '') $parts[5] = trim($home);
                    if(trim($shell) != '') $parts[6] = trim($shell);
                    $new_line = implode(':',$parts);
                    copy('/etc/passwd','/etc/passwd~');
                    chmod('/etc/passwd~',0600);
                    $app->uses('system');
                    $app->system->replaceLine('/etc/passwd',$line,$new_line,1,0);
                }
            }
            unset($passwd_file_array);
        }
        //* If username != login, change username in group and gshadow file
        if($username  != $login) {
            $group_file_array = file('/etc/group');
            if(is_array($group_file_array)) {
                foreach($group_file_array as $line) {
                    $line = trim($line);
                    $parts = explode(':',$line);
                    if(strstr($parts[3],$username)) {
                        $uparts = explode(',',$parts[3]);
                        if(is_array($uparts)) {
                            foreach($uparts as $key => $val) {
                                if($val == $username) $uparts[$key] = $login;
                            }
                        }
                        $parts[3] = implode(',',$uparts);
                        $new_line = implode(':',$parts);
                        copy('/etc/group','/etc/group~');
                        chmod('/etc/group~',0600);
                        $app->system->replaceLine('/etc/group',$line,$new_line,1,0);
                    }
                }
            }
            unset($group_file_array);
            $gshadow_file_array = file('/etc/gshadow');
            if(is_array($gshadow_file_array)) {
                foreach($gshadow_file_array as $line) {
                    $line = trim($line);
                    $parts = explode(':',$line);
                    if(strstr($parts[3],$username)) {
                        $uparts = explode(',',$parts[3]);
                        if(is_array($uparts)) {
                            foreach($uparts as $key => $val) {
                                if($val == $username) $uparts[$key] = $login;
                            }
                        }
                        $parts[3] = implode(',',$uparts);
                        $new_line = implode(':',$parts);
                        copy('/etc/gshadow','/etc/gshadow~');
                        chmod('/etc/gshadow~',0600);
                        $app->system->replaceLine('/etc/gshadow',$line,$new_line,1,0);
                    }
                }
            }
            unset($group_file_array);
        }
        //* When password or login name has been changed
        if($password != '' || $username  != $login) {
            $shadow_file_array = file('/etc/shadow');
            if(is_array($shadow_file_array)) {
                foreach($shadow_file_array as $line) {
                    $line = trim($line);
                    $parts = explode(':',$line);
                    if($parts[0] == $username) {
                        if(trim($login) != '' && trim($login) != trim($username)) $parts[0] = trim($login);
                        if(trim($password) != '') $parts[1] = trim($password);
                        $new_line = implode(':',$parts);
                        copy('/etc/shadow','/etc/shadow~');
                        chmod('/etc/shadow~',0600);
                        $app->system->replaceLine('/etc/shadow',$line,$new_line,1,0);
                    }
                }
            }
            unset($shadow_file_array);
        }
    }
}
?>
server/plugins-available/shelluser_base_plugin.inc.php
@@ -148,6 +148,7 @@
            if($uid > $this->min_uid) {
                // Check if the user that we want to update exists, if not, we insert it
                if($app->system->is_user($data['old']['username'])) {
                    /*
                    $command = 'usermod';
                    $command .= ' --home '.escapeshellcmd($data['new']['dir']);
                    $command .= ' --gid '.escapeshellcmd($data['new']['pgroup']);
@@ -160,6 +161,9 @@
            
                    exec($command);
                    $app->log("Executed command: $command ",LOGLEVEL_DEBUG);
                    */
                    $groupinfo = posix_getgrnam($data['new']['pgroup']);
                    $app->system->usermod($data['old']['username'],0, $groupinfo[gid], $data['new']['dir'], $data['new']['shell'], $data['new']['password'], $data['new']['username']);
                    $app->log("Updated shelluser: ".$data['old']['username'],LOGLEVEL_DEBUG);
                                    
                    // call the ssh-rsa update function
server/plugins-available/shelluser_jailkit_plugin.inc.php
@@ -71,7 +71,7 @@
        global $app, $conf;
        
        $app->uses('system');
        $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$this->data['new']['parent_domain_id']);
        $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$data['new']['parent_domain_id']);
        
        if($app->system->is_user($data['new']['username'])) {
        
@@ -97,7 +97,12 @@
                //* call the ssh-rsa update function
                $this->_setup_ssh_rsa();
                
                $command .= 'usermod -s /usr/sbin/jk_chrootsh -U '.escapeshellcmd($data['new']['username']);
                //$command .= 'usermod -s /usr/sbin/jk_chrootsh -U '.escapeshellcmd($data['new']['username']);
                //exec($command);
                $app->system->usermod($data['new']['username'], 0, 0, '', '/usr/sbin/jk_chrootsh', '', '');
                //* Unlock user
                $command = 'usermod -U '.escapeshellcmd($data['new']['username']);
                exec($command);
                
                $this->_update_website_security_level();
@@ -117,7 +122,7 @@
        global $app, $conf;
        
        $app->uses('system');
        $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$this->data['new']['parent_domain_id']);
        $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$data['new']['parent_domain_id']);
        
        if($app->system->is_user($data['new']['username'])) {
        
@@ -164,7 +169,7 @@
        
        $app->uses('system');
        
        $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$this->data['old']['parent_domain_id']);
        $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$data['old']['parent_domain_id']);
        
        if ($data['old']['chroot'] == "jailkit")
        {
@@ -285,6 +290,7 @@
            //* Change the homedir of the shell user and parent user
            //* We have to do this manually as the usermod command fails 
            //* when the user is logged in or a command is running under that user
            /*
            $passwd_file_array = file('/etc/passwd');
            $passwd_out = '';
            if(is_array($passwd_file_array)) {
@@ -301,8 +307,10 @@
                        $app->system->replaceLine('/etc/passwd',$line,$new_line,1,0);
                    }
                }
            }
            }*/
            
            $app->system->usermod($this->data['new']['username'], 0, 0, $this->data['new']['dir'].'/.'.$jailkit_chroot_userhome, '/usr/sbin/jk_chrootsh');
            $app->system->usermod($this->data['new']['puser'], 0, 0, $this->data['new']['dir'].'/.'.$jailkit_chroot_userhome, '/usr/sbin/jk_chrootsh');
                
            $this->app->log("Added jailkit user to chroot with command: ".$command,LOGLEVEL_DEBUG);
                        
@@ -333,9 +341,12 @@
        $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$this->data['new']['parent_domain_id']);
        
        //* If the security level is set to high
        if($web_config['security_level'] == 20) {
            $this->_exec('chmod 755 '.escapeshellcmd($web["document_root"]));
            $this->_exec('chown root:root '.escapeshellcmd($web["document_root"]));
        if($web_config['security_level'] == 20 && is_array($web)) {
            $app->system->web_folder_protection($web["document_root"],false);
            $app->system->chmod($web["document_root"],0755);
            $app->system->chown($web["document_root"],'root');
            $app->system->chgrp($web["document_root"],'root');
            $app->system->web_folder_protection($web["document_root"],true);
        }
        
    }
server/server.php
@@ -148,7 +148,7 @@
    unset($tmp_rec);
    
    //** Load required base-classes
    $app->uses('modules,plugins,file,services');
    $app->uses('modules,plugins,file,services,system');
    //** Load the modules that are in the mods-enabled folder
    $app->modules->loadModules('all');
    //** Load the plugins that are in the plugins-enabled folder