Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Register
Sign in
Toggle navigation
Menu
Open sidebar
ISPConfig
ISPConfig 3
Commits
b79d240e
Commit
b79d240e
authored
May 08, 2014
by
Falko Timme
Browse files
- Make sure puser is bigger than min_uid of 499 for jailkit users.
parent
d195e396
Changes
1
Hide whitespace changes
Inline
Side-by-side
server/plugins-available/shelluser_jailkit_plugin.inc.php
View file @
b79d240e
...
...
@@ -33,6 +33,7 @@ class shelluser_jailkit_plugin {
//* $plugin_name and $class_name have to be the same then the name of this class
var
$plugin_name
=
'shelluser_jailkit_plugin'
;
var
$class_name
=
'shelluser_jailkit_plugin'
;
var
$min_uid
=
499
;
//* This function is called during ispconfig installation to determine
// if a symlink shall be created for this plugin.
...
...
@@ -73,50 +74,60 @@ class shelluser_jailkit_plugin {
$app
->
uses
(
'system'
);
$web
=
$app
->
db
->
queryOneRecord
(
"SELECT * FROM web_domain WHERE domain_id = "
.
$data
[
'new'
][
'parent_domain_id'
]);
if
(
$app
->
system
->
is_user
(
$data
[
'new'
][
'username'
]))
{
if
(
$app
->
system
->
is_user
(
$data
[
'new'
][
'puser'
]))
{
// Get the UID of the parent user
$uid
=
intval
(
$app
->
system
->
getuid
(
$data
[
'new'
][
'puser'
]));
if
(
$uid
>
$this
->
min_uid
)
{
if
(
$app
->
system
->
is_user
(
$data
[
'new'
][
'username'
]))
{
/**
* Setup Jailkit Chroot System If Enabled
*/
/**
* Setup Jailkit Chroot System If Enabled
*/
if
(
$data
[
'new'
][
'chroot'
]
==
"jailkit"
)
{
if
(
$data
[
'new'
][
'chroot'
]
==
"jailkit"
)
{
// load the server configuration options
$app
->
uses
(
"getconf"
);
$this
->
data
=
$data
;
$this
->
app
=
$app
;
$this
->
jailkit_config
=
$app
->
getconf
->
get_server_config
(
$conf
[
"server_id"
],
'jailkit'
);
// load the server configuration options
$app
->
uses
(
"getconf"
);
$this
->
data
=
$data
;
$this
->
app
=
$app
;
$this
->
jailkit_config
=
$app
->
getconf
->
get_server_config
(
$conf
[
"server_id"
],
'jailkit'
);
$this
->
_update_website_security_level
();
$this
->
_update_website_security_level
(
);
$app
->
system
->
web_folder_protection
(
$web
[
'document_root'
],
false
);
$app
->
system
->
web_folder_protection
(
$web
[
'document_root'
],
false
);
$this
->
_setup_jailkit_chroot
(
);
$this
->
_
setup
_jailkit_
chroot
();
$this
->
_
add
_jailkit_
user
();
$this
->
_add_jailkit_user
();
//* call the ssh-rsa update function
$this
->
_setup_ssh_rsa
();
//* call the ssh-rsa update function
$this
->
_setup_ssh_rsa
();
//$command .= 'usermod -s /usr/sbin/jk_chrootsh -U '.escapeshellcmd($data['new']['username']);
//exec($command);
$app
->
system
->
usermod
(
$data
[
'new'
][
'username'
],
0
,
0
,
''
,
'/usr/sbin/jk_chrootsh'
,
''
,
''
);
//$command .= 'usermod -s /usr/sbin/jk_chrootsh -U '.escapeshellcmd($data['new']['username']);
//exec(
$command
)
;
$app
->
system
->
usermod
(
$data
[
'new'
][
'username'
],
0
,
0
,
''
,
'/usr/sbin/jk_chrootsh'
,
''
,
''
);
//* Unlock user
$command
=
'usermod -U '
.
escapeshellcmd
(
$data
[
'new'
][
'username'
])
.
' 2>/dev/null'
;
exec
(
$command
);
//* Unlock user
$command
=
'usermod -U '
.
escapeshellcmd
(
$data
[
'new'
][
'username'
])
.
' 2>/dev/null'
;
exec
(
$command
);
$this
->
_update_website_security_level
();
$app
->
system
->
web_folder_protection
(
$web
[
'document_root'
],
true
);
}
$this
->
_update_website_security_level
();
$app
->
system
->
web_folder_protection
(
$web
[
'document_root'
],
true
);
}
$app
->
log
(
"Jailkit Plugin -> insert username:"
.
$data
[
'new'
][
'username'
],
LOGLEVEL_DEBUG
);
$app
->
log
(
"Jailkit Plugin -> insert username:"
.
$data
[
'new'
][
'username'
],
LOGLEVEL_DEBUG
);
}
else
{
$app
->
log
(
"Jailkit Plugin -> insert username:"
.
$data
[
'new'
][
'username'
]
.
" skipped, the user does not exist."
,
LOGLEVEL_WARN
);
}
}
else
{
$app
->
log
(
"UID =
$uid
for shelluser:"
.
$data
[
'new'
][
'username'
]
.
" not allowed."
,
LOGLEVEL_ERROR
);
}
}
else
{
$app
->
log
(
"
Jailkit Plugin ->
insert user
name
:"
.
$data
[
'new'
][
'username'
]
.
"
skipped, the user
does not exist."
,
LOGLEVEL_WARN
);
$app
->
log
(
"
Skipping
insert
ion of
user:"
.
$data
[
'new'
][
'username'
]
.
"
, parent user "
.
$data
[
'new'
][
'puser'
]
.
"
does not exist."
,
LOGLEVEL_WARN
);
}
}
...
...
@@ -128,41 +139,51 @@ class shelluser_jailkit_plugin {
$app
->
uses
(
'system'
);
$web
=
$app
->
db
->
queryOneRecord
(
"SELECT * FROM web_domain WHERE domain_id = "
.
$data
[
'new'
][
'parent_domain_id'
]);
if
(
$app
->
system
->
is_user
(
$data
[
'new'
][
'username'
]))
{
if
(
$app
->
system
->
is_user
(
$data
[
'new'
][
'puser'
]))
{
// Get the UID of the parent user
$uid
=
intval
(
$app
->
system
->
getuid
(
$data
[
'new'
][
'puser'
]));
if
(
$uid
>
$this
->
min_uid
)
{
if
(
$app
->
system
->
is_user
(
$data
[
'new'
][
'username'
]))
{
/**
* Setup Jailkit Chroot System If Enabled
*/
if
(
$data
[
'new'
][
'chroot'
]
==
"jailkit"
)
{
// load the server configuration options
$app
->
uses
(
"getconf"
);
$this
->
data
=
$data
;
$this
->
app
=
$app
;
$this
->
jailkit_config
=
$app
->
getconf
->
get_server_config
(
$conf
[
"server_id"
],
'jailkit'
);
/**
* Setup Jailkit Chroot System If Enabled
*/
if
(
$data
[
'new'
][
'chroot'
]
==
"jailkit"
)
{
$this
->
_update_website_security_level
();
// load the server configuration options
$app
->
uses
(
"getconf"
);
$this
->
data
=
$data
;
$this
->
app
=
$app
;
$this
->
jailkit_config
=
$app
->
getconf
->
get_server_config
(
$conf
[
"server_id"
],
'jailkit'
);
$app
->
system
->
web_folder_protection
(
$web
[
'document_root'
],
false
);
$this
->
_update_website_security_level
();
$this
->
_setup_jailkit_chroot
();
$this
->
_add_jailkit_user
();
$app
->
system
->
web_folder_protection
(
$web
[
'document_root'
],
false
);
//* call the ssh-rsa update function
$this
->
_setup_ssh_rsa
();
$this
->
_setup_jailkit_chroot
();
$this
->
_add_jailkit_user
();
$this
->
_update_website_security_level
();
//* call the ssh-rsa update function
$this
->
_setup_ssh_rsa
();
$app
->
system
->
web_folder_protection
(
$web
[
'document_root'
],
true
);
}
$this
->
_
update
_website_security_level
(
);
$app
->
log
(
"Jailkit Plugin
->
update
username:"
.
$data
[
'new'
][
'username'
],
LOGLEVEL_DEBUG
);
$app
->
system
->
web_folder_protection
(
$web
[
'document_root'
],
true
);
}
else
{
$app
->
log
(
"Jailkit Plugin -> update username:"
.
$data
[
'new'
][
'username'
]
.
" skipped, the user does not exist."
,
LOGLEVEL_WARN
);
}
}
else
{
$app
->
log
(
"UID =
$uid
for shelluser:"
.
$data
[
'new'
][
'username'
]
.
" not allowed."
,
LOGLEVEL_ERROR
);
}
$app
->
log
(
"Jailkit Plugin -> update username:"
.
$data
[
'new'
][
'username'
],
LOGLEVEL_DEBUG
);
}
else
{
$app
->
log
(
"
Jailkit Plugin ->
update user
name
:"
.
$data
[
'new'
][
'username'
]
.
"
skipped, the user
does not exist."
,
LOGLEVEL_WARN
);
$app
->
log
(
"
Skipping
update
for
user:"
.
$data
[
'new'
][
'username'
]
.
"
, parent user "
.
$data
[
'new'
][
'puser'
]
.
"
does not exist."
,
LOGLEVEL_WARN
);
}
}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
