gitlabFork/ISPConfig3.git - Solinfo Gitblit

			@@ -74,8 +74,19 @@

			//* Check if the resulting path is inside the docroot
			$web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));
			if(substr(realpath($data['new']['dir']), 0, strlen($web['document_root'])) != $web['document_root']) {
			$app->log('Directory of the shell user is outside of website docroot.', LOGLEVEL_WARN);
			if(substr($data['new']['dir'],0,strlen($web['document_root'])) != $web['document_root']) {
			$app->log('Directory of the shell user is outside of website docroot.',LOGLEVEL_WARN);
			return false;
			}
			if(strpos($data['new']['dir'], '/../') !== false \|\| substr($data['new']['dir'],-3) == '/..') {
			$app->log('Directory of the shell user is not valid.',LOGLEVEL_WARN);
			return false;
			}

			if(!$app->system->is_allowed_user($data['new']['username'], false, false)
			\|\| !$app->system->is_allowed_user($data['new']['puser'], true, true)
			\|\| !$app->system->is_allowed_group($data['new']['pgroup'], true, true)) {
			$app->log('Shell user must not be root or in group root.',LOGLEVEL_WARN);
			return false;
			}

			@@ -137,11 +148,23 @@

			//* Check if the resulting path is inside the docroot
			$web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));
			if(substr(realpath($data['new']['dir']), 0, strlen($web['document_root'])) != $web['document_root']) {
			$app->log('Directory of the shell user is outside of website docroot.', LOGLEVEL_WARN);
			if(substr($data['new']['dir'],0,strlen($web['document_root'])) != $web['document_root']) {
			$app->log('Directory of the shell user is outside of website docroot.',LOGLEVEL_WARN);
			return false;
			}

			if(strpos($data['new']['dir'], '/../') !== false \|\| substr($data['new']['dir'],-3) == '/..') {
			$app->log('Directory of the shell user is not valid.',LOGLEVEL_WARN);
			return false;
			}

			if(!$app->system->is_allowed_user($data['new']['username'], false, false)
			\|\| !$app->system->is_allowed_user($data['new']['puser'], true, true)
			\|\| !$app->system->is_allowed_group($data['new']['pgroup'], true, true)) {
			$app->log('Shell user must not be root or in group root.',LOGLEVEL_WARN);
			return false;
			}

			if($app->system->is_user($data['new']['puser'])) {
			// Get the UID of the parent user
			$uid = intval($app->system->getuid($data['new']['puser']));
			@@ -163,6 +186,11 @@
			$app->log("Executed command: $command ",LOGLEVEL_DEBUG);
			*/
			//$groupinfo = $app->system->posix_getgrnam($data['new']['pgroup']);
			if($data['new']['dir'] != $data['old']['dir'] && !is_dir($data['new']['dir'])){
			$app->file->mkdirs(escapeshellcmd($data['new']['dir']), '0700');
			$app->system->chown(escapeshellcmd($data['new']['dir']),escapeshellcmd($data['new']['username']));
			$app->system->chgrp(escapeshellcmd($data['new']['dir']),escapeshellcmd($data['new']['pgroup']));
			}
			$app->system->usermod($data['old']['username'], 0, $app->system->getgid($data['new']['pgroup']), $data['new']['dir'], $data['new']['shell'], $data['new']['password'], $data['new']['username']);
			$app->log("Updated shelluser: ".$data['old']['username'], LOGLEVEL_DEBUG);

			@@ -232,7 +260,15 @@
			unset($client_data);

			// ssh-rsa authentication variables
			$sshrsa = $this->data['new']['ssh_rsa'];
			//$sshrsa = $this->data['new']['ssh_rsa'];
			$sshrsa = '';
			$ssh_users = $app->db->queryAllRecords("SELECT ssh_rsa FROM shell_user WHERE parent_domain_id = ".intval($this->data['new']['parent_domain_id']));
			if(is_array($ssh_users)) {
			foreach($ssh_users as $sshu) {
			if($sshu['ssh_rsa'] != '') $sshrsa .= "\n".$sshu['ssh_rsa'];
			}
			}
			$sshrsa = trim($sshrsa);
			$usrdir = escapeshellcmd($this->data['new']['dir']);
			$sshdir = $usrdir.'/.ssh';
			$sshkeys= $usrdir.'/.ssh/authorized_keys';