From 06b26aa21920f80371e03d61e3bccabafadd0e2d Mon Sep 17 00:00:00 2001 From: Marius Burkard Date: Fri, 14 Dec 2018 12:59:15 +0100 Subject: [PATCH] - patches for jailkit update feature, contributed by Timme Hosting --- .../sites/lib/lang/de_web_vhost_domain.lng | 3 +- .../sites/lib/lang/en_web_vhost_domain.lng | 3 +- .../templates/web_vhost_domain_advanced.htm | 4 +- .../lib/classes/cron.d/500-jkupdate.inc.php | 67 +++++++++++++++++-- 4 files changed, 66 insertions(+), 11 deletions(-) diff --git a/interface/web/sites/lib/lang/de_web_vhost_domain.lng b/interface/web/sites/lib/lang/de_web_vhost_domain.lng index 674f311574..f401e0f4c1 100644 --- a/interface/web/sites/lib/lang/de_web_vhost_domain.lng +++ b/interface/web/sites/lib/lang/de_web_vhost_domain.lng @@ -155,4 +155,5 @@ $wb['error_server_change_not_possible'] = 'Der Server kann nicht geändert werde $wb['enable_pagespeed_txt'] = 'Enable PageSpeed'; $wb['log_retention_txt'] = 'Log-Dateien Aufbewahrungszeit'; $wb['log_retention_error_regex'] = 'Aufbewahrungszeit in Tagen (Erlaubte Werte: min. 0 - max. 9999)'; -$wb['jailkit_jkupdate_cron_txt'] = 'Automatisches jkupdate'; \ No newline at end of file +$wb['jailkit_jkupdate_cron_txt'] = 'Automatisches Jailkit-Update'; +$wb['ttip_jailkit_jkupdate_cron_txt'] = 'Wenn diese Website mind. einen Jailkit-SSH-Benutzer hat, wird das Jailkit durch einen täglichen Cron Job aktuell gehalten.'; \ No newline at end of file diff --git a/interface/web/sites/lib/lang/en_web_vhost_domain.lng b/interface/web/sites/lib/lang/en_web_vhost_domain.lng index 85096f4dcd..7a99f632d8 100644 --- a/interface/web/sites/lib/lang/en_web_vhost_domain.lng +++ b/interface/web/sites/lib/lang/en_web_vhost_domain.lng @@ -161,4 +161,5 @@ $wb['error_domain_change_forbidden'] = 'The domain name cannot be changed. Pleas $wb['error_server_change_not_possible'] = 'The server cannot be changed.'; $wb['log_retention_txt'] = 'Logfiles retention time'; $wb['log_retention_error_regex'] = 'Retention time in days (allowed values: min. 0 - max. 9999)'; -$wb['jailkit_jkupdate_cron_txt'] = 'Automate jkupdate'; \ No newline at end of file +$wb['jailkit_jkupdate_cron_txt'] = 'Automatic Jailkit update'; +$wb['ttip_jailkit_jkupdate_cron_txt'] = 'If this site has at least one Jailkit SSH user, the jailkit will be kept up to date through a daily cron job.'; \ No newline at end of file diff --git a/interface/web/sites/templates/web_vhost_domain_advanced.htm b/interface/web/sites/templates/web_vhost_domain_advanced.htm index d7ed5a53c6..7ecfe9608d 100644 --- a/interface/web/sites/templates/web_vhost_domain_advanced.htm +++ b/interface/web/sites/templates/web_vhost_domain_advanced.htm @@ -101,8 +101,8 @@ {tmpl_var name="available_php_directive_snippets_txt"}

 {tmpl_var name="php_directive_snippets_txt"} -
- +
+
{tmpl_var name='jailkit_jkupdate_cron'}
diff --git a/server/lib/classes/cron.d/500-jkupdate.inc.php b/server/lib/classes/cron.d/500-jkupdate.inc.php index 2eaacdbcfc..1fb2923473 100644 --- a/server/lib/classes/cron.d/500-jkupdate.inc.php +++ b/server/lib/classes/cron.d/500-jkupdate.inc.php @@ -53,27 +53,72 @@ class cronjob_jkupdate extends cronjob { $app->uses('getconf'); $jailkit_conf = $app->getconf->get_server_config($conf['server_id'], 'jailkit'); - $jailkit_programs = explode(' ', $jailkit_conf['jailkit_chroot_app_programs']); + //$jailkit_programs = explode(' ', $jailkit_conf['jailkit_chroot_app_programs']); + $jailkit_programs = preg_split("/[\s,]+/", $jailkit_conf['jailkit_chroot_app_programs']); + $jailkit_sections = trim($jailkit_conf['jailkit_chroot_app_sections']); - $sites = $app->db->queryAllRecords('SELECT domain_id, document_root FROM web_domain WHERE jailkit_jkupdate_cron = \'y\''); + $sites = $app->db->queryAllRecords("SELECT domain_id, document_root, fastcgi_php_version FROM web_domain WHERE jailkit_jkupdate_cron = 'y' AND type = 'vhost' AND parent_domain_id = 0 AND document_root != '' ORDER BY domain_id"); foreach($sites as $site) { - $users = $app->db->queryOneRecord('SELECT COUNT(*) AS user_count FROM shell_user WHERE parent_domain_id = ? AND active=\'y\' AND chroot=\'jailkit\'', $site['domain_id']); - $crons = $app->db->queryOneRecord('SELECT COUNT(*) AS cron_count FROM cron WHERE parent_domain_id = ? AND active=\'y\' AND type=\'chrooted\'', $site['domain_id']); + $set_php_symlink = false; + + $users = $app->db->queryOneRecord("SELECT COUNT(*) AS user_count FROM shell_user WHERE parent_domain_id = ? AND active='y' AND chroot='jailkit'", intval($site['domain_id'])); + $crons = $app->db->queryOneRecord("SELECT COUNT(*) AS cron_count FROM cron WHERE parent_domain_id = ? AND active='y' AND type='chrooted'", $site['domain_id']); if ($users['user_count'] > 0 || $crons['cron_count'] > 0) { + if (!is_dir($site['document_root'])) { return; } + + //$app->log('Running jailkit init for '.$site['document_root']); + //if($jailkit_sections != '') $this->run_jk_init($site['document_root'], $jailkit_sections); $app->log('Running jailkit updates for '.$site['document_root']); $this->run_jk_update($site['document_root']); - $this->run_jk_cp($site['document_root'], $jailkit_programs); + if(preg_match('@(\d\d?\.\d\d?\.\d\d?)@', $site['fastcgi_php_version'], $matches)){ + if(!in_array('/opt/php-'.$matches[1].'/bin/php', $jailkit_programs)) $jailkit_programs[] = '/opt/php-'.$matches[1].'/bin/php'; + if(!in_array('/opt/php-'.$matches[1].'/include', $jailkit_programs)) $jailkit_programs[] = '/opt/php-'.$matches[1].'/include'; + if(!in_array('/opt/php-'.$matches[1].'/lib', $jailkit_programs)) $jailkit_programs[] = '/opt/php-'.$matches[1].'/lib'; + if(!in_array('/opt/th-php-libs', $jailkit_programs)) $jailkit_programs[] = '/opt/th-php-libs'; + + $set_php_symlink = true; + + } + if(is_array($jailkit_programs) && !empty($jailkit_programs)) $this->run_jk_cp($site['document_root'], $jailkit_programs); + + if($set_php_symlink){ + // create symlink from /usr/bin/php to current PHP version + if(preg_match('@(\d\d?\.\d\d?\.\d\d?)@', $site['fastcgi_php_version'], $matches) && (!file_exists($site['document_root'].'/usr/bin/php') || is_link($site['document_root'].'/usr/bin/php'))){ + @unlink($site['document_root'].'/usr/bin/php'); + @symlink('/opt/php-'.$matches[1].'/bin/php', $site['document_root'].'/usr/bin/php'); + } + } } } + + if(file_exists('/dev/tty')){ + chmod('/dev/tty', 0666); + } parent::onRunJob(); } + + private function run_jk_init($document_root, $sections){ + global $app; + + $return_var = $this->exec_log('/usr/sbin/jk_init -f -k -c /etc/jailkit/jk_init.ini -j '.escapeshellarg($document_root).' '.$sections); + + if ($return_var > 0) { + $app->log('jk_init failed with -j, trying again without -j', LOGLEVEL_DEBUG); + + $return_var = $this->exec_log('/usr/sbin/jk_init -f -k -c /etc/jailkit/jk_init.ini '.escapeshellarg($document_root).' '.$sections); + + if ($return_var > 0) { + $app->log('jk_init failed (with and without -j parameter)', LOGLEVEL_WARN); + } + } + } private function run_jk_update($document_root) { global $app; @@ -94,10 +139,14 @@ class cronjob_jkupdate extends cronjob { global $app; foreach($programs as $program) { + $program = trim($program); + if($program == ''){ + continue; + } if (!file_exists($program)) { continue; } - + $return_var = $this->exec_log('/usr/sbin/jk_cp '.escapeshellarg($document_root).' '.escapeshellarg($program)); if ($return_var > 0) { @@ -109,6 +158,10 @@ class cronjob_jkupdate extends cronjob { } } } + + if(file_exists($document_root.'/dev/tty')){ + chmod($document_root.'/dev/tty', 0666); + } } private function exec_log($cmd) { @@ -134,4 +187,4 @@ class cronjob_jkupdate extends cronjob { } -?> +?> \ No newline at end of file -- GitLab