- Added security check script. - Create md5 sums of all files at install an...

Till Brehm

2014-08-14 1ed92e187ae2dfb51f5f2d62c290a85f93b6dc21

 server/plugins-available/shelluser_jailkit_plugin.inc.php

@@ -59,11 +59,11 @@
      /*
      Register for the events
      */

		
      $app->plugins->registerEvent('shell_user_insert', $this->plugin_name, 'insert');
      $app->plugins->registerEvent('shell_user_update', $this->plugin_name, 'update');
      $app->plugins->registerEvent('shell_user_delete', $this->plugin_name, 'delete');

		

   }

@@ -71,8 +71,23 @@
   function insert($event_name, $data) {
      global $app, $conf;

      $app->uses('system');
      $app->uses('system,getconf');
		
      $security_config = $app->getconf->get_security_config('permissions');
      if($security_config['allow_shell_user'] != 'yes') {
         $app->log('Shell user plugin disabled by security settings.',LOGLEVEL_WARN);
         return false;
      }
		
		
      $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$data['new']['parent_domain_id']);

      if(!$app->system->is_allowed_user($data['new']['username'], false, false)
         || !$app->system->is_allowed_user($data['new']['puser'], true, true)
         || !$app->system->is_allowed_group($data['new']['pgroup'], true, true)) {
         $app->log('Shell user must not be root or in group root.',LOGLEVEL_WARN);
         return false;
      }

      if($app->system->is_user($data['new']['puser'])) {
         // Get the UID of the parent user
@@ -136,8 +151,22 @@
   function update($event_name, $data) {
      global $app, $conf;

      $app->uses('system');
      $app->uses('system,getconf');
		
      $security_config = $app->getconf->get_security_config('permissions');
      if($security_config['allow_shell_user'] != 'yes') {
         $app->log('Shell user plugin disabled by security settings.',LOGLEVEL_WARN);
         return false;
      }
		
      $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$data['new']['parent_domain_id']);

      if(!$app->system->is_allowed_user($data['new']['username'], false, false)
         || !$app->system->is_allowed_user($data['new']['puser'], true, true)
         || !$app->system->is_allowed_group($data['new']['pgroup'], true, true)) {
         $app->log('Shell user must not be root or in group root.',LOGLEVEL_WARN);
         return false;
      }

      if($app->system->is_user($data['new']['puser'])) {
         // Get the UID of the parent user
@@ -195,7 +224,13 @@
   function delete($event_name, $data) {
      global $app, $conf;

      $app->uses('system');
      $app->uses('system,getconf');
		
      $security_config = $app->getconf->get_security_config('permissions');
      if($security_config['allow_shell_user'] != 'yes') {
         $app->log('Shell user plugin disabled by security settings.',LOGLEVEL_WARN);
         return false;
      }

      $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$data['old']['parent_domain_id']);

@@ -212,7 +247,7 @@
         $app->system->web_folder_protection($web['document_root'], false);

         if(@is_dir($data['old']['dir'].$jailkit_chroot_userhome)) {
            $command = 'userdel -f';
            $command = 'killall -u '.escapeshellcmd($data['old']['username']).' ; userdel -f';
            $command .= ' '.escapeshellcmd($data['old']['username']).' &> /dev/null';
            exec($command);
            $app->log("Jailkit Plugin -> delete chroot home:".$data['old']['dir'].$jailkit_chroot_userhome, LOGLEVEL_DEBUG);