Commit 8ab148b3 authored by Marius Burkard's avatar Marius Burkard
Browse files

- added debug log to exec_safe including returncode

- moved jailkit functions from bash files to system library
parent 8f35cdb0
......@@ -2070,6 +2070,8 @@ class system{
}
public function exec_safe($cmd) {
global $app;
$arg_count = func_num_args();
if($arg_count != substr_count($cmd, '?') + 1) {
trigger_error('Placeholder count not matching argument list.', E_USER_WARNING);
......@@ -2096,7 +2098,11 @@ class system{
$this->_last_exec_out = null;
$this->_last_exec_retcode = null;
return exec($cmd, $this->_last_exec_out, $this->_last_exec_retcode);
$ret = exec($cmd, $this->_last_exec_out, $this->_last_exec_retcode);
$this->app->log("safe_exec cmd: " . $cmd . " - return code: " . $this->_last_exec_retcode, LOGLEVEL_DEBUG);
return $ret;
}
public function system_safe($cmd) {
......@@ -2104,4 +2110,81 @@ class system{
return implode("\n", $this->_last_exec_out);
}
public function create_jailkit_user($username, $home_dir, $user_home_dir, $shell = '/bin/bash', $p_user = null, $p_user_home_dir = null) {
// Check if USERHOMEDIR already exists
if(!is_dir($home_dir . '/.' . $user_home_dir)) {
$this->mkdirpath($home_dir . '/.' . $user_home_dir, 0755, $username);
}
// Reconfigure the chroot home directory for the user
$cmd = 'usermod --home=? ? 2>/dev/null';
$this->exec_safe($cmd, $home_dir . '/.' . $user_home_dir, $username);
// Add the chroot user
$cmd = 'jk_jailuser -n -s ? -j ? ?';
$this->exec_safe($cmd, $shell, $home_dir, $username);
// We have to reconfigure the chroot home directory for the parent user
if($p_user !== null) {
$cmd = 'usermod --home=? ? 2>/dev/null';
$this->exec_safe($cmd, $home_dir . '/.' . $p_user_home_dir, $p_user);
}
return true;
}
public function create_jailkit_programs($home_dir, $programs = array()) {
if(empty($programs)) {
return true;
}
$program_args = '';
foreach($programs as $prog) {
$program_args .= ' ' . escapeshellarg($prog);
}
$cmd = 'jk_cp -k ?' . $program_args;
$this->exec_safe($cmd, $home_dir);
return true;
}
public function create_jailkit_chroot($home_dir, $app_sections = array()) {
if(empty($app_sections)) {
return true;
}
// Change ownership of the chroot directory to root
$app->system->chown($home_dir, 'root');
$app->system->chgrp($home_dir, 'root');
$app_args = '';
foreach($app_sections as $app_section) {
$app_args .= ' ' . escapeshellarg($app_section);
}
// Initialize the chroot into the specified directory with the specified applications
$cmd = 'jk_init -f -k -c /etc/jailkit/jk_init.ini -j ?' . $app_args;
$this->exec_safe($cmd, $home_dir);
// Create the temp directory
if(!is_dir($home_dir . '/tmp')) {
$this->mkdirpath($home_dir . '/tmp', 0777);
} else {
$this->chmod($home_dir . '/tmp', 0777);
}
// Fix permissions of the root firectory
$this->chmod($home_dir . '/bin', 0755); // was chmod g-w $CHROOT_HOMEDIR/bin
// mysql needs the socket in the chrooted environment
$this->mkdirpath($home_dir . '/var/run/mysqld');
// ln /var/run/mysqld/mysqld.sock $CHROOT_HOMEDIR/var/run/mysqld/mysqld.sock
if(!file_exists("/var/run/mysqld/mysqld.sock")) {
$this->exec_safe('ln ? ?', '/var/run/mysqld/mysqld.sock', $home_dir . '/var/run/mysqld/mysqld.sock');
}
return true;
}
}
......@@ -216,12 +216,9 @@ class cron_jailkit_plugin {
//check if the chroot environment is created yet if not create it with a list of program sections from the config
if (!is_dir($this->parent_domain['document_root'].'/etc/jailkit'))
{
$command = '/usr/local/ispconfig/server/scripts/create_jailkit_chroot.sh';
$command .= ' ?';
$command .= ' ?';
$app->system->exec_safe($command.' 2>/dev/null', $this->parent_domain['document_root'], $this->jailkit_config['jailkit_chroot_app_sections']);
$app->system->create_jailkit_chroot($this->parent_domain['document_root'], preg_split('/[\s,]+/', $this->jailkit_config['jailkit_chroot_app_sections']));
$this->app->log("Added jailkit chroot with command: ".$command, LOGLEVEL_DEBUG);
$this->app->log("Added jailkit chroot", LOGLEVEL_DEBUG);
$this->app->load('tpl');
......@@ -259,19 +256,11 @@ class cron_jailkit_plugin {
global $app;
//copy over further programs and its libraries
$command = '/usr/local/ispconfig/server/scripts/create_jailkit_programs.sh';
$command .= ' ?';
$command .= ' ?';
$app->system->exec_safe($command.' 2>/dev/null', $this->parent_domain['document_root'], $this->jailkit_config['jailkit_chroot_app_programs']);
$this->app->log("Added programs to jailkit chroot with command: ".$command, LOGLEVEL_DEBUG);
$command = '/usr/local/ispconfig/server/scripts/create_jailkit_programs.sh';
$command .= ' ?';
$command .= ' ?';
$app->system->exec_safe($command.' 2>/dev/null', $this->parent_domain['document_root'], $this->jailkit_config['jailkit_chroot_cron_programs']);
$this->app->log("Added cron programs to jailkit chroot with command: ".$command, LOGLEVEL_DEBUG);
$app->system->create_jailkit_programs($this->parent_domain['document_root'], preg_split('/[\s,]+/', $this->jailkit_config['jailkit_chroot_app_programs']));
$this->app->log("Added app programs to jailkit chroot", LOGLEVEL_DEBUG);
$app->system->create_jailkit_programs($this->parent_domain['document_root'], preg_split('/[\s,]+/', $this->jailkit_config['jailkit_chroot_cron_programs']));
$this->app->log("Added cron programs to jailkit chroot", LOGLEVEL_DEBUG);
}
function _add_jailkit_user()
......@@ -288,14 +277,7 @@ class cron_jailkit_plugin {
// ALWAYS create the user. Even if the user was created before
// if we check if the user exists, then a update (no shell -> jailkit) will not work
// and the user has FULL ACCESS to the root of the server!
$command = '/usr/local/ispconfig/server/scripts/create_jailkit_user.sh';
$command .= ' ?';
$command .= ' ?';
$command .= ' ?';
$command .= ' /bin/bash';
$app->system->exec_safe($command.' 2>/dev/null', $this->parent_domain['system_user'], $this->parent_domain['document_root'], $jailkit_chroot_userhome);
$this->app->log("Added jailkit user to chroot with command: ".$command, LOGLEVEL_DEBUG);
$app->system->create_jailkit_user($this->parent_domain['system_user'], $this->parent_domain['document_root'], $jailkit_chroot_userhome);
$app->system->mkdir($this->parent_domain['document_root'].$jailkit_chroot_userhome, 0755, true);
$app->system->chown($this->parent_domain['document_root'].$jailkit_chroot_userhome, $this->parent_domain['system_user']);
......
......@@ -273,10 +273,8 @@ class shelluser_jailkit_plugin {
//check if the chroot environment is created yet if not create it with a list of program sections from the config
if (!is_dir($this->data['new']['dir'].'/etc/jailkit'))
{
$command = '/usr/local/ispconfig/server/scripts/create_jailkit_chroot.sh ? ?';
$app->system->exec_safe($command.' 2>/dev/null', $this->data['new']['dir'], $this->jailkit_config['jailkit_chroot_app_sections']);
$this->app->log("Added jailkit chroot with command: ".$command, LOGLEVEL_DEBUG);
$app->system->create_jailkit_chroot($this->data['new']['dir'], preg_split('/[\s,]+/', $this->jailkit_config['jailkit_chroot_app_sections']));
$this->app->log("Added jailkit chroot", LOGLEVEL_DEBUG);
$this->_add_jailkit_programs();
......@@ -323,10 +321,8 @@ class shelluser_jailkit_plugin {
$jailkit_chroot_app_program = trim($jailkit_chroot_app_program);
if(is_file($jailkit_chroot_app_program) || is_dir($jailkit_chroot_app_program)){
//copy over further programs and its libraries
$command = '/usr/local/ispconfig/server/scripts/create_jailkit_programs.sh ? ?';
$app->system->exec_safe($command.' 2>/dev/null', $this->data['new']['dir'], $jailkit_chroot_app_program);
$this->app->log("Added programs to jailkit chroot with command: ".$command, LOGLEVEL_DEBUG);
$app->system->create_jailkit_programs($this->data['new']['dir'], $jailkit_chroot_app_program);
$this->app->log("Added programs to jailkit chroot", LOGLEVEL_DEBUG);
}
}
}
......@@ -357,8 +353,7 @@ class shelluser_jailkit_plugin {
// ALWAYS create the user. Even if the user was created before
// if we check if the user exists, then a update (no shell -> jailkit) will not work
// and the user has FULL ACCESS to the root of the server!
$command = '/usr/local/ispconfig/server/scripts/create_jailkit_user.sh ? ? ? ? ? ?';
$app->system->exec_safe($command.' 2>/dev/null', $this->data['new']['username'], $this->data['new']['dir'], $jailkit_chroot_userhome, $this->data['new']['shell'], $this->data['new']['puser'], $jailkit_chroot_puserhome);
$app->system->create_jailkit_user($this->data['new']['username'], $this->data['new']['dir'], $jailkit_chroot_userhome, $this->data['new']['shell'], $this->data['new']['puser'], $jailkit_chroot_puserhome);
$shell = '/usr/sbin/jk_chrootsh';
if($this->data['new']['active'] != 'y') $shell = '/bin/false';
......@@ -366,8 +361,6 @@ class shelluser_jailkit_plugin {
$app->system->usermod($this->data['new']['username'], 0, 0, $this->data['new']['dir'].'/.'.$jailkit_chroot_userhome, $shell);
$app->system->usermod($this->data['new']['puser'], 0, 0, $this->data['new']['dir'].'/.'.$jailkit_chroot_puserhome, '/usr/sbin/jk_chrootsh');
$this->app->log("Added jailkit user to chroot with command: ".$command, LOGLEVEL_DEBUG);
if(!is_dir($this->data['new']['dir'].$jailkit_chroot_userhome)) {
if(is_dir($this->data['old']['dir'].$jailkit_chroot_userhome_old)) {
$app->system->rename($this->data['old']['dir'].$jailkit_chroot_userhome_old,$this->data['new']['dir'].$jailkit_chroot_userhome);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment