From 7fe908c50c8dbc5cc05f571dbe11d66141caacd4 Mon Sep 17 00:00:00 2001 From: Marius Cramer <m.cramer@pixcept.de> Date: Thu, 14 Nov 2013 09:01:22 -0500 Subject: [PATCH] Cleaning up code to match coding guidelines --- server/plugins-available/cron_jailkit_plugin.inc.php | 390 ++++++++++++++++++++++++++++--------------------------- 1 files changed, 197 insertions(+), 193 deletions(-) diff --git a/server/plugins-available/cron_jailkit_plugin.inc.php b/server/plugins-available/cron_jailkit_plugin.inc.php index 963d71e..c3bd5b7 100644 --- a/server/plugins-available/cron_jailkit_plugin.inc.php +++ b/server/plugins-available/cron_jailkit_plugin.inc.php @@ -30,70 +30,72 @@ */ class cron_jailkit_plugin { - + //* $plugin_name and $class_name have to be the same then the name of this class var $plugin_name = 'cron_jailkit_plugin'; var $class_name = 'cron_jailkit_plugin'; - + //* This function is called during ispconfig installation to determine // if a symlink shall be created for this plugin. function onInstall() { global $conf; - + if($conf['services']['web'] == true) { return true; } else { return false; } - + } - - + + /* This function is called when the plugin is loaded */ - + function onLoad() { global $app; - + /* Register for the events */ - - $app->plugins->registerEvent('cron_insert', $this->plugin_name, 'insert'); - $app->plugins->registerEvent('cron_update', $this->plugin_name, 'update'); - $app->plugins->registerEvent('cron_delete', $this->plugin_name, 'delete'); - + + $app->plugins->registerEvent('cron_insert', $this->plugin_name, 'insert'); + $app->plugins->registerEvent('cron_update', $this->plugin_name, 'update'); + $app->plugins->registerEvent('cron_delete', $this->plugin_name, 'delete'); + } - + //* This function is called, when a cron job is inserted in the database - function insert($event_name,$data) { + function insert($event_name, $data) { global $app, $conf; - - if($data["new"]["parent_domain_id"] == '') { - $app->log("Parent domain not set",LOGLEVEL_WARN); - return 0; - } - - //* get data from web - $parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `domain` FROM `web_domain` WHERE `domain_id` = ".intval($data["new"]["parent_domain_id"])); - if(!$parent_domain["domain_id"]) { - $app->log("Parent domain not found",LOGLEVEL_WARN); - return 0; - } elseif($parent_domain["system_user"] == 'root' or $parent_domain["system_group"] == 'root') { - $app->log("Websites (and Crons) cannot be owned by the root user or group.",LOGLEVEL_WARN); - return 0; - } - + + if($data["new"]["parent_domain_id"] == '') { + $app->log("Parent domain not set", LOGLEVEL_WARN); + return 0; + } + + //* get data from web + $parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `domain` FROM `web_domain` WHERE `domain_id` = ".intval($data["new"]["parent_domain_id"])); + if(!$parent_domain["domain_id"]) { + $app->log("Parent domain not found", LOGLEVEL_WARN); + return 0; + } elseif($parent_domain["system_user"] == 'root' or $parent_domain["system_group"] == 'root') { + $app->log("Websites (and Crons) cannot be owned by the root user or group.", LOGLEVEL_WARN); + return 0; + } + $this->parent_domain = $parent_domain; - - $app->uses('system'); - + + $app->uses('system'); + if($app->system->is_user($parent_domain['system_user'])) { - + /** - * Setup Jailkit Chroot System If Enabled - */ + * Setup Jailkit Chroot System If Enabled + */ + + if ($data['new']['type'] == "chrooted") { // load the server configuration options @@ -103,73 +105,75 @@ $this->app = $app; $this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit'); $this->parent_domain = $parent_domain; - + $this->_setup_jailkit_chroot(); - + //$command .= 'usermod -U '.escapeshellcmd($parent_domain['system_user']); //exec($command); - + $this->_add_jailkit_user(); */ $app->uses("getconf"); $this->data = $data; $this->app = $app; $this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit'); - + $this->_update_website_security_level(); - - $app->system->web_folder_protection($parent_domain['document_root'],false); - + + $app->system->web_folder_protection($parent_domain['document_root'], false); + $this->_setup_jailkit_chroot(); - + $this->_add_jailkit_user(); - + $command .= 'usermod -U '.escapeshellcmd($parent_domain["system_user"]).' 2>/dev/null'; exec($command); - + $this->_update_website_security_level(); - - $app->system->web_folder_protection($parent_domain['document_root'],true); + + $app->system->web_folder_protection($parent_domain['document_root'], true); } - - $app->log("Jailkit Plugin (Cron) -> insert username:".$parent_domain['system_user'],LOGLEVEL_DEBUG); - + + $app->log("Jailkit Plugin (Cron) -> insert username:".$parent_domain['system_user'], LOGLEVEL_DEBUG); + } else { - $app->log("Jailkit Plugin (Cron) -> insert username:".$parent_domain['system_user']." skipped, the user does not exist.",LOGLEVEL_WARN); + $app->log("Jailkit Plugin (Cron) -> insert username:".$parent_domain['system_user']." skipped, the user does not exist.", LOGLEVEL_WARN); } - + } - + //* This function is called, when a cron job is updated in the database - function update($event_name,$data) { + function update($event_name, $data) { global $app, $conf; - - if($data["new"]["parent_domain_id"] == '') { - $app->log("Parent domain not set",LOGLEVEL_WARN); - return 0; - } - //* get data from web - $parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `domain` FROM `web_domain` WHERE `domain_id` = ".intval($data["new"]["parent_domain_id"])); - if(!$parent_domain["domain_id"]) { - $app->log("Parent domain not found",LOGLEVEL_WARN); - return 0; - } elseif($parent_domain["system_user"] == 'root' or $parent_domain["system_group"] == 'root') { - $app->log("Websites (and Crons) cannot be owned by the root user or group.",LOGLEVEL_WARN); - return 0; - } - - $app->uses('system'); - + + if($data["new"]["parent_domain_id"] == '') { + $app->log("Parent domain not set", LOGLEVEL_WARN); + return 0; + } + //* get data from web + $parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `domain` FROM `web_domain` WHERE `domain_id` = ".intval($data["new"]["parent_domain_id"])); + if(!$parent_domain["domain_id"]) { + $app->log("Parent domain not found", LOGLEVEL_WARN); + return 0; + } elseif($parent_domain["system_user"] == 'root' or $parent_domain["system_group"] == 'root') { + $app->log("Websites (and Crons) cannot be owned by the root user or group.", LOGLEVEL_WARN); + return 0; + } + + $app->uses('system'); + $this->parent_domain = $parent_domain; - + if($app->system->is_user($parent_domain['system_user'])) { - + + + /** - * Setup Jailkit Chroot System If Enabled - */ + * Setup Jailkit Chroot System If Enabled + */ if ($data['new']['type'] == "chrooted") { - $app->log("Jailkit Plugin (Cron) -> setting up jail", LOGLEVEL_DEBUG); + $app->log("Jailkit Plugin (Cron) -> setting up jail", LOGLEVEL_DEBUG); // load the server configuration options /* $app->uses("getconf"); @@ -177,7 +181,7 @@ $this->app = $app; $this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit'); $this->parent_domain = $parent_domain; - + $this->_setup_jailkit_chroot(); $this->_add_jailkit_user(); */ @@ -187,162 +191,162 @@ $this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit'); $this->_update_website_security_level(); - - $app->system->web_folder_protection($parent_domain['document_root'],false); - + + $app->system->web_folder_protection($parent_domain['document_root'], false); + $this->_setup_jailkit_chroot(); $this->_add_jailkit_user(); - + $this->_update_website_security_level(); - $app->system->web_folder_protection($parent_domain['document_root'],true); + $app->system->web_folder_protection($parent_domain['document_root'], true); } - - $app->log("Jailkit Plugin (Cron) -> update username:".$parent_domain['system_user'],LOGLEVEL_DEBUG); - + + $app->log("Jailkit Plugin (Cron) -> update username:".$parent_domain['system_user'], LOGLEVEL_DEBUG); + } else { - $app->log("Jailkit Plugin (Cron) -> update username:".$parent_domain['system_user']." skipped, the user does not exist.",LOGLEVEL_WARN); + $app->log("Jailkit Plugin (Cron) -> update username:".$parent_domain['system_user']." skipped, the user does not exist.", LOGLEVEL_WARN); } - + } - + //* This function is called, when a cron job is deleted in the database - function delete($event_name,$data) { + function delete($event_name, $data) { global $app, $conf; - + //* nothing to do here! - + } - + function _setup_jailkit_chroot() { - global $app; - - //check if the chroot environment is created yet if not create it with a list of program sections from the config - if (!is_dir($this->parent_domain['document_root'].'/etc/jailkit')) - { - $command = '/usr/local/ispconfig/server/scripts/create_jailkit_chroot.sh'; - $command .= ' '.escapeshellcmd($this->parent_domain['document_root']); - $command .= ' \''.$this->jailkit_config['jailkit_chroot_app_sections'].'\''; - exec($command.' 2>/dev/null'); - - $this->app->log("Added jailkit chroot with command: ".$command,LOGLEVEL_DEBUG); - - //$this->_add_jailkit_programs(); // done later on - - $this->app->load('tpl'); - - $tpl = new tpl(); - $tpl->newTemplate("bash.bashrc.master"); - - $tpl->setVar('jailkit_chroot',true); - $tpl->setVar('domain',$this->parent_domain['domain']); - $tpl->setVar('home_dir',$this->_get_home_dir("")); - - $bashrc = escapeshellcmd($this->parent_domain['document_root']).'/etc/bash.bashrc'; - if(@is_file($bashrc) || @is_link($bashrc)) unlink($bashrc); - - $app->system->file_put_contents($bashrc,$tpl->grab()); - unset($tpl); - - $this->app->log('Added bashrc script: '.$bashrc,LOGLEVEL_DEBUG); - - $tpl = new tpl(); - $tpl->newTemplate('motd.master'); - - $tpl->setVar('domain',$this->parent_domain['domain']); - - $motd = escapeshellcmd($this->parent_domain['document_root']).'/var/run/motd'; - if(@is_file($motd) || @is_link($motd)) unlink($motd); - - $app->system->file_put_contents($motd,$tpl->grab()); - - } - $this->_add_jailkit_programs(); + global $app; + + //check if the chroot environment is created yet if not create it with a list of program sections from the config + if (!is_dir($this->parent_domain['document_root'].'/etc/jailkit')) + { + $command = '/usr/local/ispconfig/server/scripts/create_jailkit_chroot.sh'; + $command .= ' '.escapeshellcmd($this->parent_domain['document_root']); + $command .= ' \''.$this->jailkit_config['jailkit_chroot_app_sections'].'\''; + exec($command.' 2>/dev/null'); + + $this->app->log("Added jailkit chroot with command: ".$command, LOGLEVEL_DEBUG); + + //$this->_add_jailkit_programs(); // done later on + + $this->app->load('tpl'); + + $tpl = new tpl(); + $tpl->newTemplate("bash.bashrc.master"); + + $tpl->setVar('jailkit_chroot', true); + $tpl->setVar('domain', $this->parent_domain['domain']); + $tpl->setVar('home_dir', $this->_get_home_dir("")); + + $bashrc = escapeshellcmd($this->parent_domain['document_root']).'/etc/bash.bashrc'; + if(@is_file($bashrc) || @is_link($bashrc)) unlink($bashrc); + + $app->system->file_put_contents($bashrc, $tpl->grab()); + unset($tpl); + + $this->app->log('Added bashrc script: '.$bashrc, LOGLEVEL_DEBUG); + + $tpl = new tpl(); + $tpl->newTemplate('motd.master'); + + $tpl->setVar('domain', $this->parent_domain['domain']); + + $motd = escapeshellcmd($this->parent_domain['document_root']).'/var/run/motd'; + if(@is_file($motd) || @is_link($motd)) unlink($motd); + + $app->system->file_put_contents($motd, $tpl->grab()); + + } + $this->_add_jailkit_programs(); } - + function _add_jailkit_programs() { global $app; - + //copy over further programs and its libraries $command = '/usr/local/ispconfig/server/scripts/create_jailkit_programs.sh'; $command .= ' '.escapeshellcmd($this->parent_domain['document_root']); $command .= ' \''.$this->jailkit_config['jailkit_chroot_app_programs'].'\''; exec($command.' 2>/dev/null'); - - $this->app->log("Added programs to jailkit chroot with command: ".$command,LOGLEVEL_DEBUG); - - $command = '/usr/local/ispconfig/server/scripts/create_jailkit_programs.sh'; - $command .= ' '.escapeshellcmd($this->parent_domain['document_root']); - $command .= ' \''.$this->jailkit_config['jailkit_chroot_cron_programs'].'\''; - exec($command.' 2>/dev/null'); - - $this->app->log("Added cron programs to jailkit chroot with command: ".$command,LOGLEVEL_DEBUG); + + $this->app->log("Added programs to jailkit chroot with command: ".$command, LOGLEVEL_DEBUG); + + $command = '/usr/local/ispconfig/server/scripts/create_jailkit_programs.sh'; + $command .= ' '.escapeshellcmd($this->parent_domain['document_root']); + $command .= ' \''.$this->jailkit_config['jailkit_chroot_cron_programs'].'\''; + exec($command.' 2>/dev/null'); + + $this->app->log("Added cron programs to jailkit chroot with command: ".$command, LOGLEVEL_DEBUG); } - + function _add_jailkit_user() { - global $app; - - //add the user to the chroot - $jailkit_chroot_userhome = $this->_get_home_dir($this->parent_domain['system_user']); - - if(!is_dir($this->parent_domain['document_root'].'/etc')) mkdir($this->parent_domain['document_root'].'/etc'); - if(!is_file($this->parent_domain['document_root'].'/etc/passwd')) exec('touch '.$this->parent_domain['document_root'].'/etc/passwd'); - - // IMPORTANT! - // ALWAYS create the user. Even if the user was created before - // if we check if the user exists, then a update (no shell -> jailkit) will not work - // and the user has FULL ACCESS to the root of the server! - $command = '/usr/local/ispconfig/server/scripts/create_jailkit_user.sh'; - $command .= ' '.escapeshellcmd($this->parent_domain['system_user']); - $command .= ' '.escapeshellcmd($this->parent_domain['document_root']); - $command .= ' '.$jailkit_chroot_userhome; - $command .= ' '.escapeshellcmd("/bin/bash"); - exec($command.' 2>/dev/null'); - - $this->app->log("Added jailkit user to chroot with command: ".$command,LOGLEVEL_DEBUG); - - $app->system->mkdir(escapeshellcmd($this->parent_domain['document_root'].$jailkit_chroot_userhome), 0755, true); - $app->system->chown(escapeshellcmd($this->parent_domain['document_root'].$jailkit_chroot_userhome), escapeshellcmd($this->parent_domain['system_user'])); - $app->system->chgrp(escapeshellcmd($this->parent_domain['document_root'].$jailkit_chroot_userhome), escapeshellcmd($this->parent_domain['system_group'])); - + global $app; + + //add the user to the chroot + $jailkit_chroot_userhome = $this->_get_home_dir($this->parent_domain['system_user']); + + if(!is_dir($this->parent_domain['document_root'].'/etc')) mkdir($this->parent_domain['document_root'].'/etc'); + if(!is_file($this->parent_domain['document_root'].'/etc/passwd')) exec('touch '.$this->parent_domain['document_root'].'/etc/passwd'); + + // IMPORTANT! + // ALWAYS create the user. Even if the user was created before + // if we check if the user exists, then a update (no shell -> jailkit) will not work + // and the user has FULL ACCESS to the root of the server! + $command = '/usr/local/ispconfig/server/scripts/create_jailkit_user.sh'; + $command .= ' '.escapeshellcmd($this->parent_domain['system_user']); + $command .= ' '.escapeshellcmd($this->parent_domain['document_root']); + $command .= ' '.$jailkit_chroot_userhome; + $command .= ' '.escapeshellcmd("/bin/bash"); + exec($command.' 2>/dev/null'); + + $this->app->log("Added jailkit user to chroot with command: ".$command, LOGLEVEL_DEBUG); + + $app->system->mkdir(escapeshellcmd($this->parent_domain['document_root'].$jailkit_chroot_userhome), 0755, true); + $app->system->chown(escapeshellcmd($this->parent_domain['document_root'].$jailkit_chroot_userhome), escapeshellcmd($this->parent_domain['system_user'])); + $app->system->chgrp(escapeshellcmd($this->parent_domain['document_root'].$jailkit_chroot_userhome), escapeshellcmd($this->parent_domain['system_group'])); + } - - function _get_home_dir($username) - { - return str_replace("[username]",escapeshellcmd($username),$this->jailkit_config["jailkit_chroot_home"]); - } - + + function _get_home_dir($username) + { + return str_replace("[username]", escapeshellcmd($username), $this->jailkit_config["jailkit_chroot_home"]); + } + //* Update the website root directory permissions depending on the security level function _update_website_security_level() { - global $app,$conf; - + global $app, $conf; + // load the server configuration options $app->uses("getconf"); $web_config = $app->getconf->get_server_config($conf["server_id"], 'web'); - + // Get the parent website of this shell user $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$this->data['new']['parent_domain_id']); - + //* If the security level is set to high if($web_config['security_level'] == 20 && is_array($web)) { - $app->system->web_folder_protection($web["document_root"],false); - $app->system->chmod($web["document_root"],0755); - $app->system->chown($web["document_root"],'root'); - $app->system->chgrp($web["document_root"],'root'); - $app->system->web_folder_protection($web["document_root"],true); + $app->system->web_folder_protection($web["document_root"], false); + $app->system->chmod($web["document_root"], 0755); + $app->system->chown($web["document_root"], 'root'); + $app->system->chgrp($web["document_root"], 'root'); + $app->system->web_folder_protection($web["document_root"], true); } } - + //* Wrapper for exec function for easier debugging private function _exec($command) { global $app; - $app->log('exec: '.$command,LOGLEVEL_DEBUG); + $app->log('exec: '.$command, LOGLEVEL_DEBUG); exec($command); } - - + + } // end class -- Gitblit v1.9.1