Commit ff6a6838 authored by tbrehm's avatar tbrehm

Fixed: FS#2287 - Changing chroot shell option doesnt work

parent 816e7e43
...@@ -117,7 +117,6 @@ class monitor_tools { ...@@ -117,7 +117,6 @@ class monitor_tools {
$relname = "UNKNOWN"; $relname = "UNKNOWN";
} }
$distver = $ver.$lts." ".$relname; $distver = $ver.$lts." ".$relname;
swriteln("Operating System: ".$distver."\n");
} elseif(trim(file_get_contents('/etc/debian_version')) == '4.0') { } elseif(trim(file_get_contents('/etc/debian_version')) == '4.0') {
$distname = 'Debian'; $distname = 'Debian';
$distver = '4.0'; $distver = '4.0';
...@@ -1149,6 +1148,7 @@ class monitor_tools { ...@@ -1149,6 +1148,7 @@ class monitor_tools {
$data['output'] = shell_exec('tw_cli info c0'); $data['output'] = shell_exec('tw_cli info c0');
$state = 'ok'; $state = 'ok';
if(is_array($data['output'])) {
foreach ($data['output'] as $item) { foreach ($data['output'] as $item) {
if (strpos($item, 'RAID') !== false) { if (strpos($item, 'RAID') !== false) {
if (strpos($item, ' VERIFYING ') !== false) { if (strpos($item, ' VERIFYING ') !== false) {
...@@ -1192,6 +1192,7 @@ class monitor_tools { ...@@ -1192,6 +1192,7 @@ class monitor_tools {
} }
} }
} }
}
} }
......
...@@ -737,6 +737,7 @@ class system{ ...@@ -737,6 +737,7 @@ class system{
} }
} }
/*
function usermod($user, $groups){ function usermod($user, $groups){
global $app; global $app;
if($this->is_user($user)){ if($this->is_user($user)){
...@@ -776,6 +777,7 @@ class system{ ...@@ -776,6 +777,7 @@ class system{
return false; return false;
} }
} }
*/
/**boot autostart etc /**boot autostart etc
* *
...@@ -1396,6 +1398,102 @@ class system{ ...@@ -1396,6 +1398,102 @@ class system{
if($document_root != '' && $document_root != '/' && strlen($document_root) > 6 && !stristr($document_root,'..')) exec('chattr -i '.escapeshellcmd($document_root)); if($document_root != '' && $document_root != '/' && strlen($document_root) > 6 && !stristr($document_root,'..')) exec('chattr -i '.escapeshellcmd($document_root));
} }
} }
function usermod($username, $uid = 0, $gid = 0, $home = '', $shell = '', $password = '', $login = '') {
global $app;
if($login == '') $login = $username;
//* Change values in /etc/passwd
$passwd_file_array = file('/etc/passwd');
if(is_array($passwd_file_array)) {
foreach($passwd_file_array as $line) {
$line = trim($line);
$parts = explode(':',$line);
if($parts[0] == $username) {
if(trim($login) != '' && trim($login) != trim($username)) $parts[0] = trim($login);
if(!empty($uid)) $parts[2] = trim($uid);
if(!empty($gid)) $parts[3] = trim($gid);
if(trim($home) != '') $parts[5] = trim($home);
if(trim($shell) != '') $parts[6] = trim($shell);
$new_line = implode(':',$parts);
copy('/etc/passwd','/etc/passwd~');
chmod('/etc/passwd~',0600);
$app->uses('system');
$app->system->replaceLine('/etc/passwd',$line,$new_line,1,0);
}
}
unset($passwd_file_array);
}
//* If username != login, change username in group and gshadow file
if($username != $login) {
$group_file_array = file('/etc/group');
if(is_array($group_file_array)) {
foreach($group_file_array as $line) {
$line = trim($line);
$parts = explode(':',$line);
if(strstr($parts[3],$username)) {
$uparts = explode(',',$parts[3]);
if(is_array($uparts)) {
foreach($uparts as $key => $val) {
if($val == $username) $uparts[$key] = $login;
}
}
$parts[3] = implode(',',$uparts);
$new_line = implode(':',$parts);
copy('/etc/group','/etc/group~');
chmod('/etc/group~',0600);
$app->system->replaceLine('/etc/group',$line,$new_line,1,0);
}
}
}
unset($group_file_array);
$gshadow_file_array = file('/etc/gshadow');
if(is_array($gshadow_file_array)) {
foreach($gshadow_file_array as $line) {
$line = trim($line);
$parts = explode(':',$line);
if(strstr($parts[3],$username)) {
$uparts = explode(',',$parts[3]);
if(is_array($uparts)) {
foreach($uparts as $key => $val) {
if($val == $username) $uparts[$key] = $login;
}
}
$parts[3] = implode(',',$uparts);
$new_line = implode(':',$parts);
copy('/etc/gshadow','/etc/gshadow~');
chmod('/etc/gshadow~',0600);
$app->system->replaceLine('/etc/gshadow',$line,$new_line,1,0);
}
}
}
unset($group_file_array);
}
//* When password or login name has been changed
if($password != '' || $username != $login) {
$shadow_file_array = file('/etc/shadow');
if(is_array($shadow_file_array)) {
foreach($shadow_file_array as $line) {
$line = trim($line);
$parts = explode(':',$line);
if($parts[0] == $username) {
if(trim($login) != '' && trim($login) != trim($username)) $parts[0] = trim($login);
if(trim($password) != '') $parts[1] = trim($password);
$new_line = implode(':',$parts);
copy('/etc/shadow','/etc/shadow~');
chmod('/etc/shadow~',0600);
$app->system->replaceLine('/etc/shadow',$line,$new_line,1,0);
}
}
}
unset($shadow_file_array);
}
}
} }
?> ?>
...@@ -148,6 +148,7 @@ class shelluser_base_plugin { ...@@ -148,6 +148,7 @@ class shelluser_base_plugin {
if($uid > $this->min_uid) { if($uid > $this->min_uid) {
// Check if the user that we want to update exists, if not, we insert it // Check if the user that we want to update exists, if not, we insert it
if($app->system->is_user($data['old']['username'])) { if($app->system->is_user($data['old']['username'])) {
/*
$command = 'usermod'; $command = 'usermod';
$command .= ' --home '.escapeshellcmd($data['new']['dir']); $command .= ' --home '.escapeshellcmd($data['new']['dir']);
$command .= ' --gid '.escapeshellcmd($data['new']['pgroup']); $command .= ' --gid '.escapeshellcmd($data['new']['pgroup']);
...@@ -160,6 +161,9 @@ class shelluser_base_plugin { ...@@ -160,6 +161,9 @@ class shelluser_base_plugin {
exec($command); exec($command);
$app->log("Executed command: $command ",LOGLEVEL_DEBUG); $app->log("Executed command: $command ",LOGLEVEL_DEBUG);
*/
$groupinfo = posix_getgrnam($data['new']['pgroup']);
$app->system->usermod($data['old']['username'],0, $groupinfo[gid], $data['new']['dir'], $data['new']['shell'], $data['new']['password'], $data['new']['username']);
$app->log("Updated shelluser: ".$data['old']['username'],LOGLEVEL_DEBUG); $app->log("Updated shelluser: ".$data['old']['username'],LOGLEVEL_DEBUG);
// call the ssh-rsa update function // call the ssh-rsa update function
......
...@@ -71,7 +71,7 @@ class shelluser_jailkit_plugin { ...@@ -71,7 +71,7 @@ class shelluser_jailkit_plugin {
global $app, $conf; global $app, $conf;
$app->uses('system'); $app->uses('system');
$web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$this->data['new']['parent_domain_id']); $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$data['new']['parent_domain_id']);
if($app->system->is_user($data['new']['username'])) { if($app->system->is_user($data['new']['username'])) {
...@@ -97,7 +97,12 @@ class shelluser_jailkit_plugin { ...@@ -97,7 +97,12 @@ class shelluser_jailkit_plugin {
//* call the ssh-rsa update function //* call the ssh-rsa update function
$this->_setup_ssh_rsa(); $this->_setup_ssh_rsa();
$command .= 'usermod -s /usr/sbin/jk_chrootsh -U '.escapeshellcmd($data['new']['username']); //$command .= 'usermod -s /usr/sbin/jk_chrootsh -U '.escapeshellcmd($data['new']['username']);
//exec($command);
$app->system->usermod($data['new']['username'], 0, 0, '', '/usr/sbin/jk_chrootsh', '', '');
//* Unlock user
$command = 'usermod -U '.escapeshellcmd($data['new']['username']);
exec($command); exec($command);
$this->_update_website_security_level(); $this->_update_website_security_level();
...@@ -117,7 +122,7 @@ class shelluser_jailkit_plugin { ...@@ -117,7 +122,7 @@ class shelluser_jailkit_plugin {
global $app, $conf; global $app, $conf;
$app->uses('system'); $app->uses('system');
$web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$this->data['new']['parent_domain_id']); $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$data['new']['parent_domain_id']);
if($app->system->is_user($data['new']['username'])) { if($app->system->is_user($data['new']['username'])) {
...@@ -164,7 +169,7 @@ class shelluser_jailkit_plugin { ...@@ -164,7 +169,7 @@ class shelluser_jailkit_plugin {
$app->uses('system'); $app->uses('system');
$web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$this->data['old']['parent_domain_id']); $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$data['old']['parent_domain_id']);
if ($data['old']['chroot'] == "jailkit") if ($data['old']['chroot'] == "jailkit")
{ {
...@@ -285,6 +290,7 @@ class shelluser_jailkit_plugin { ...@@ -285,6 +290,7 @@ class shelluser_jailkit_plugin {
//* Change the homedir of the shell user and parent user //* Change the homedir of the shell user and parent user
//* We have to do this manually as the usermod command fails //* We have to do this manually as the usermod command fails
//* when the user is logged in or a command is running under that user //* when the user is logged in or a command is running under that user
/*
$passwd_file_array = file('/etc/passwd'); $passwd_file_array = file('/etc/passwd');
$passwd_out = ''; $passwd_out = '';
if(is_array($passwd_file_array)) { if(is_array($passwd_file_array)) {
...@@ -301,8 +307,10 @@ class shelluser_jailkit_plugin { ...@@ -301,8 +307,10 @@ class shelluser_jailkit_plugin {
$app->system->replaceLine('/etc/passwd',$line,$new_line,1,0); $app->system->replaceLine('/etc/passwd',$line,$new_line,1,0);
} }
} }
} }*/
$app->system->usermod($this->data['new']['username'], 0, 0, $this->data['new']['dir'].'/.'.$jailkit_chroot_userhome, '/usr/sbin/jk_chrootsh');
$app->system->usermod($this->data['new']['puser'], 0, 0, $this->data['new']['dir'].'/.'.$jailkit_chroot_userhome, '/usr/sbin/jk_chrootsh');
$this->app->log("Added jailkit user to chroot with command: ".$command,LOGLEVEL_DEBUG); $this->app->log("Added jailkit user to chroot with command: ".$command,LOGLEVEL_DEBUG);
...@@ -333,9 +341,12 @@ class shelluser_jailkit_plugin { ...@@ -333,9 +341,12 @@ class shelluser_jailkit_plugin {
$web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$this->data['new']['parent_domain_id']); $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$this->data['new']['parent_domain_id']);
//* If the security level is set to high //* If the security level is set to high
if($web_config['security_level'] == 20) { if($web_config['security_level'] == 20 && is_array($web)) {
$this->_exec('chmod 755 '.escapeshellcmd($web["document_root"])); $app->system->web_folder_protection($web["document_root"],false);
$this->_exec('chown root:root '.escapeshellcmd($web["document_root"])); $app->system->chmod($web["document_root"],0755);
$app->system->chown($web["document_root"],'root');
$app->system->chgrp($web["document_root"],'root');
$app->system->web_folder_protection($web["document_root"],true);
} }
} }
......
...@@ -148,7 +148,7 @@ if ($app->db->connect_error == NULL && $app->dbmaster->connect_error == NULL) { ...@@ -148,7 +148,7 @@ if ($app->db->connect_error == NULL && $app->dbmaster->connect_error == NULL) {
unset($tmp_rec); unset($tmp_rec);
//** Load required base-classes //** Load required base-classes
$app->uses('modules,plugins,file,services'); $app->uses('modules,plugins,file,services,system');
//** Load the modules that are in the mods-enabled folder //** Load the modules that are in the mods-enabled folder
$app->modules->loadModules('all'); $app->modules->loadModules('all');
//** Load the plugins that are in the plugins-enabled folder //** Load the plugins that are in the plugins-enabled folder
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment