From dba68fcdf2d3e25ad1f3301fcb128edfb3da745b Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Thu, 22 Sep 2011 08:14:04 -0400
Subject: [PATCH] Bugfixes in installer and apache plugin.
---
server/plugins-available/cron_jailkit_plugin.inc.php | 77 ++++++++++++++++++++++++++++++++++----
1 files changed, 68 insertions(+), 9 deletions(-)
diff --git a/server/plugins-available/cron_jailkit_plugin.inc.php b/server/plugins-available/cron_jailkit_plugin.inc.php
index fc19db6..2e5f06e 100644
--- a/server/plugins-available/cron_jailkit_plugin.inc.php
+++ b/server/plugins-available/cron_jailkit_plugin.inc.php
@@ -81,9 +81,11 @@
$app->log("Parent domain not found",LOGLEVEL_WARN);
return 0;
} elseif($parent_domain["system_user"] == 'root' or $parent_domain["system_group"] == 'root') {
- $app->log("Websites (and Crons) can not be owned by the root user or group.",LOGLEVEL_WARN);
+ $app->log("Websites (and Crons) cannot be owned by the root user or group.",LOGLEVEL_WARN);
return 0;
}
+
+ $this->parent_domain = $parent_domain;
$app->uses('system');
@@ -95,6 +97,7 @@
if ($data['new']['type'] == "chrooted")
{
// load the server configuration options
+ /*
$app->uses("getconf");
$this->data = $data;
$this->app = $app;
@@ -107,6 +110,22 @@
//exec($command);
$this->_add_jailkit_user();
+ */
+ $app->uses("getconf");
+ $this->data = $data;
+ $this->app = $app;
+ $this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit');
+
+ $this->_update_website_security_level();
+
+ $this->_setup_jailkit_chroot();
+
+ $this->_add_jailkit_user();
+
+ $command .= 'usermod -U '.escapeshellcmd($parent_domain["system_user"]);
+ exec($command);
+
+ $this->_update_website_security_level();
}
$app->log("Jailkit Plugin (Cron) -> insert username:".$parent_domain['system_user'],LOGLEVEL_DEBUG);
@@ -127,16 +146,17 @@
}
//* get data from web
$parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `domain` FROM `web_domain` WHERE `domain_id` = ".intval($data["new"]["parent_domain_id"]));
-
if(!$parent_domain["domain_id"]) {
$app->log("Parent domain not found",LOGLEVEL_WARN);
return 0;
} elseif($parent_domain["system_user"] == 'root' or $parent_domain["system_group"] == 'root') {
- $app->log("Websites (and Crons) can not be owned by the root user or group.",LOGLEVEL_WARN);
+ $app->log("Websites (and Crons) cannot be owned by the root user or group.",LOGLEVEL_WARN);
return 0;
}
$app->uses('system');
+
+ $this->parent_domain = $parent_domain;
if($app->system->is_user($parent_domain['system_user'])) {
@@ -147,6 +167,7 @@
{
$app->log("Jailkit Plugin (Cron) -> setting up jail", LOGLEVEL_DEBUG);
// load the server configuration options
+ /*
$app->uses("getconf");
$this->data = $data;
$this->app = $app;
@@ -155,6 +176,18 @@
$this->_setup_jailkit_chroot();
$this->_add_jailkit_user();
+ */
+ $app->uses("getconf");
+ $this->data = $data;
+ $this->app = $app;
+ $this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit');
+
+ $this->_update_website_security_level();
+
+ $this->_setup_jailkit_chroot();
+ $this->_add_jailkit_user();
+
+ $this->_update_website_security_level();
}
$app->log("Jailkit Plugin (Cron) -> update username:".$parent_domain['system_user'],LOGLEVEL_DEBUG);
@@ -197,20 +230,20 @@
$tpl->setVar('home_dir',$this->_get_home_dir(""));
$bashrc = escapeshellcmd($this->parent_domain['document_root']).'/etc/bash.bashrc';
- if(@is_file($bashrc)) exec('rm '.$bashrc);
+ if(@is_file($bashrc)) unlink($bashrc);
file_put_contents($bashrc,$tpl->grab());
unset($tpl);
- $this->app->log("Added bashrc scrpt : ".$bashrc,LOGLEVEL_DEBUG);
+ $this->app->log('Added bashrc script: '.$bashrc,LOGLEVEL_DEBUG);
$tpl = new tpl();
- $tpl->newTemplate("motd.master");
+ $tpl->newTemplate('motd.master');
$tpl->setVar('domain',$this->parent_domain['domain']);
$motd = escapeshellcmd($this->parent_domain['document_root']).'/var/run/motd';
- if(@is_file($motd)) exec('rm '.$motd);
+ if(@is_file($motd)) unlink($motd);
file_put_contents($motd,$tpl->grab());
@@ -257,16 +290,42 @@
$this->app->log("Added jailkit user to chroot with command: ".$command,LOGLEVEL_DEBUG);
- exec("mkdir -p ".escapeshellcmd($this->parent_domain['document_root'].$jailkit_chroot_userhome));
+ mkdir(escapeshellcmd($this->parent_domain['document_root'].$jailkit_chroot_userhome), 0755, true);
+ chown(escapeshellcmd($this->parent_domain['document_root'].$jailkit_chroot_userhome), escapeshellcmd($this->parent_domain['system_user']));
+ chgrp(escapeshellcmd($this->parent_domain['document_root'].$jailkit_chroot_userhome), escapeshellcmd($this->parent_domain['system_group']));
+
}
function _get_home_dir($username)
{
return str_replace("[username]",escapeshellcmd($username),$this->jailkit_config["jailkit_chroot_home"]);
}
+
+ //* Update the website root directory permissions depending on the security level
+ function _update_website_security_level() {
+ global $app,$conf;
+
+ // load the server configuration options
+ $app->uses("getconf");
+ $web_config = $app->getconf->get_server_config($conf["server_id"], 'web');
+
+ //* If the security level is set to high
+ if($web_config['security_level'] == 20) {
+ $this->_exec('chmod 755 '.escapeshellcmd($this->parent_domain['document_root']));
+ $this->_exec('chown root:root '.escapeshellcmd($this->parent_domain['document_root']));
+ }
+
+ }
+
+ //* Wrapper for exec function for easier debugging
+ private function _exec($command) {
+ global $app;
+ $app->log('exec: '.$command,LOGLEVEL_DEBUG);
+ exec($command);
+ }
} // end class
-?>
\ No newline at end of file
+?>
--
Gitblit v1.9.1