- Fixed FS#2318 - Starting nginx nginx: [emerg] duplicate listen options fo...

ftimme

2012-09-05 f2ded16c1b28b471a5864aa7cfb96f68c44118f8

 server/plugins-available/shelluser_jailkit_plugin.inc.php

@@ -71,6 +71,7 @@
      global $app, $conf;
      
      $app->uses('system');
      $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$data['new']['parent_domain_id']);
      
      if($app->system->is_user($data['new']['username'])) {
      
@@ -79,6 +80,8 @@
          */
         if ($data['new']['chroot'] == "jailkit")
         {
            $app->system->web_folder_protection($web['document_root'],false);
				
            // load the server configuration options
            $app->uses("getconf");
            $this->data = $data;
@@ -91,13 +94,19 @@
            
            $this->_add_jailkit_user();
            
            // call the ssh-rsa update function
            //* call the ssh-rsa update function
            $this->_setup_ssh_rsa();
            
            $command .= 'usermod -s /usr/sbin/jk_chrootsh -U '.escapeshellcmd($data['new']['username']);
            //$command .= 'usermod -s /usr/sbin/jk_chrootsh -U '.escapeshellcmd($data['new']['username']);
            //exec($command);
            $app->system->usermod($data['new']['username'], 0, 0, '', '/usr/sbin/jk_chrootsh', '', '');
				
            //* Unlock user
            $command = 'usermod -U '.escapeshellcmd($data['new']['username']);
            exec($command);
            
            $this->_update_website_security_level();
            $app->system->web_folder_protection($web['document_root'],true);
         }
      
         $app->log("Jailkit Plugin -> insert username:".$data['new']['username'],LOGLEVEL_DEBUG);
@@ -113,6 +122,7 @@
      global $app, $conf;
      
      $app->uses('system');
      $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$data['new']['parent_domain_id']);
      
      if($app->system->is_user($data['new']['username'])) {
      
@@ -121,6 +131,8 @@
          */
         if ($data['new']['chroot'] == "jailkit")
         {
            $app->system->web_folder_protection($web['document_root'],false);
				
            // load the server configuration options
            $app->uses("getconf");
            $this->data = $data;
@@ -132,10 +144,12 @@
            $this->_setup_jailkit_chroot();
            $this->_add_jailkit_user();
            
            // call the ssh-rsa update function
            //* call the ssh-rsa update function
            $this->_setup_ssh_rsa();
            
            $this->_update_website_security_level();
				
            $app->system->web_folder_protection($web['document_root'],true);
         }
      
         $app->log("Jailkit Plugin -> update username:".$data['new']['username'],LOGLEVEL_DEBUG);
@@ -155,6 +169,8 @@
      
      $app->uses('system');
      
      $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$data['old']['parent_domain_id']);
		
      if ($data['old']['chroot'] == "jailkit")
      {
         $app->uses("getconf");
@@ -165,12 +181,16 @@
         //commented out proved to be dangerous on config errors
         //exec('rm -rf '.$data['old']['dir'].$jailkit_chroot_userhome);
         
         $app->system->web_folder_protection($web['document_root'],false);
			
         if(@is_dir($data['old']['dir'].$jailkit_chroot_userhome)) {
            $command = 'userdel';
            $command = 'userdel -f';
            $command .= ' '.escapeshellcmd($data['old']['username']);
            exec($command);
            $app->log("Jailkit Plugin -> delete chroot home:".$data['old']['dir'].$jailkit_chroot_userhome,LOGLEVEL_DEBUG);
         }
			
         $app->system->web_folder_protection($web['document_root'],true);
         
      }
      
@@ -245,6 +265,8 @@
   
   function _add_jailkit_user()
   {
         global $app;
			
         //add the user to the chroot
         $jailkit_chroot_userhome = $this->_get_home_dir($this->data['new']['username']);
         $jailkit_chroot_puserhome = $this->_get_home_dir($this->data['new']['puser']);
@@ -264,6 +286,31 @@
         $command .= ' '.$this->data['new']['puser'];
         $command .= ' '.$jailkit_chroot_puserhome;
         exec($command);
			
         //* Change the homedir of the shell user and parent user
         //* We have to do this manually as the usermod command fails 
         //* when the user is logged in or a command is running under that user
         /*
         $passwd_file_array = file('/etc/passwd');
         $passwd_out = '';
         if(is_array($passwd_file_array)) {
            foreach($passwd_file_array as $line) {
               $line = trim($line);
               $parts = explode(':',$line);
               if($parts[0] == $this->data['new']['username']) {
                  $parts[5] = escapeshellcmd($this->data['new']['dir'].'/.'.$jailkit_chroot_userhome);
                  $parts[6] = escapeshellcmd('/usr/sbin/jk_chrootsh');
                  $new_line = implode(':',$parts);
                  copy('/etc/passwd','/etc/passwd~');
                  chmod('/etc/passwd~',0600);
                  $app->uses('system');
                  $app->system->replaceLine('/etc/passwd',$line,$new_line,1,0);
               }
            }
         }*/
			
         $app->system->usermod($this->data['new']['username'], 0, 0, $this->data['new']['dir'].'/.'.$jailkit_chroot_userhome, '/usr/sbin/jk_chrootsh');
         $app->system->usermod($this->data['new']['puser'], 0, 0, $this->data['new']['dir'].'/.'.$jailkit_chroot_userhome, '/usr/sbin/jk_chrootsh');
            
         $this->app->log("Added jailkit user to chroot with command: ".$command,LOGLEVEL_DEBUG);
                  
@@ -277,64 +324,9 @@
         chown(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome), $this->data['new']['puser']);
         chgrp(escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome), $this->data['new']['pgroup']);
            
         $this->app->log("Added created jailkit parent user home in : ".$this->data['new']['dir'].$jailkit_chroot_puserhome,LOGLEVEL_DEBUG);
         $this->app->log("Added jailkit parent user home in : ".$this->data['new']['dir'].$jailkit_chroot_puserhome,LOGLEVEL_DEBUG);
         
         /*
         // ssh-rsa authentication variables
         $sshrsa = escapeshellcmd($this->data['new']['ssh_rsa']);
         $usrdir = escapeshellcmd($this->data['new']['dir']).'/'.$jailkit_chroot_userhome;
         $sshdir = escapeshellcmd($this->data['new']['dir']).'/'.$jailkit_chroot_userhome.'/.ssh';
         $sshkeys= escapeshellcmd($this->data['new']['dir']).'/'.$jailkit_chroot_userhome.'/.ssh/authorized_keys';
         global $app;
			
         // determine the client id
         $id = $this->data['new']['sys_groupid'];
         if ($id>0) $id = $id -1;
			
         $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id  = ".$id);
         $userkey = $user['ssh_rsa'];
         $username= $user['username'];
			
         // If this user has no key yet, generate a pair
         if ($userkey == '') 
         {
            //Generate ssh-rsa-keys
            exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
				
            $privatekey = file_get_contents('/tmp/id_rsa');
            $publickey  = file_get_contents('/tmp/id_rsa.pub');
				
            exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
				
            // Set the missing keypair
            $app->db->query("UPDATE sys_user SET id_rsa='$privatekey' ,ssh_rsa='$publickey' WHERE client_id = ".$id);
            $userkey = $publickey;
				
            $this->app->log("ssh-rsa keypair generated for ".$username,LOGLEVEL_DEBUG);
			
         };
			
         if (!file_exists($sshkeys))
         {
            // add root's key
            exec("mkdir '$sshdir'");
            exec("cat /root/.ssh/authorized_keys > '$sshkeys'");
            exec("echo '' >> '$sshkeys'");
			
            // add the user's key
            exec("echo '$userkey' >> '$sshkeys'");
            exec("echo '' >> '$sshkeys'");
         }
         // add the custom key 
         exec("echo '$sshrsa' >> '$sshkeys'");
         exec("echo '' >> '$sshkeys'");
			
         // set proper file permissions
         exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$usrdir);
         exec("chmod 600 '$sshkeys'");
			
         $this->app->log("ssh-rsa key added to ".$sshkeys,LOGLEVEL_DEBUG);
         */

   }
   
   //* Update the website root directory permissions depending on the security level
@@ -349,9 +341,12 @@
      $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$this->data['new']['parent_domain_id']);
      
      //* If the security level is set to high
      if($web_config['security_level'] == 20) {
         $this->_exec('chmod 755 '.escapeshellcmd($web["document_root"]));
         $this->_exec('chown root:root '.escapeshellcmd($web["document_root"]));
      if($web_config['security_level'] == 20 && is_array($web)) {
         $app->system->web_folder_protection($web["document_root"],false);
         $app->system->chmod($web["document_root"],0755);
         $app->system->chown($web["document_root"],'root');
         $app->system->chgrp($web["document_root"],'root');
         $app->system->web_folder_protection($web["document_root"],true);
      }
      
   }
@@ -407,9 +402,9 @@
         if(is_file('/root/.ssh/authorized_keys')) file_put_contents($sshkeys, file_get_contents('/root/.ssh/authorized_keys'));
      
         // Remove duplicate keys
         $existing_keys = file($sshkeys);
         $existing_keys = @file($sshkeys);
         $new_keys = explode("\n", $userkey);
         $final_keys_arr = array_merge($existing_keys, $new_keys);
         $final_keys_arr = @array_merge($existing_keys, $new_keys);
         $new_final_keys_arr = array();
         if(is_array($final_keys_arr) && !empty($final_keys_arr)){
            foreach($final_keys_arr as $key => $val){
@@ -423,26 +418,42 @@
         $app->file->remove_blank_lines($sshkeys);
         $this->app->log("ssh-rsa authorisation keyfile created in ".$sshkeys,LOGLEVEL_DEBUG);
      }
      if ($sshrsa != ''){
         // Remove duplicate keys
         $existing_keys = file($sshkeys);
         $new_keys = explode("\n", $sshrsa);
         $final_keys_arr = array_merge($existing_keys, $new_keys);
         $new_final_keys_arr = array();
         if(is_array($final_keys_arr) && !empty($final_keys_arr)){
            foreach($final_keys_arr as $key => $val){
               $new_final_keys_arr[$key] = trim($val);
            }
         }
         $final_keys = implode("\n", array_flip(array_flip($new_final_keys_arr)));
      //* Get the keys
      $existing_keys = file($sshkeys);
      $new_keys = explode("\n", $sshrsa);
      $old_keys = explode("\n",$this->data['old']['ssh_rsa']);
         
         // add the custom key 
         file_put_contents($sshkeys, $final_keys);
         $app->file->remove_blank_lines($sshkeys);
         $this->app->log("ssh-rsa key updated in ".$sshkeys,LOGLEVEL_DEBUG);
      //* Remove all old keys
      if(is_array($old_keys)) {
         foreach($old_keys as $key => $val) {
            $k = array_search(trim($val),$existing_keys);
            unset($existing_keys[$k]);
         }
      }
			
      //* merge the remaining keys and the ones fom the ispconfig database.
      if(is_array($new_keys)) {
         $final_keys_arr = array_merge($existing_keys, $new_keys);
      } else {
         $final_keys_arr = $existing_keys;
      }
			
      $new_final_keys_arr = array();
      if(is_array($final_keys_arr) && !empty($final_keys_arr)){
         foreach($final_keys_arr as $key => $val){
            $new_final_keys_arr[$key] = trim($val);
         }
      }
      $final_keys = implode("\n", array_flip(array_flip($new_final_keys_arr)));
			
      // add the custom key 
      file_put_contents($sshkeys, $final_keys);
      $app->file->remove_blank_lines($sshkeys);
      $this->app->log("ssh-rsa key updated in ".$sshkeys,LOGLEVEL_DEBUG);
		
      // set proper file permissions
      // exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$usrdir);
      exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$sshdir);
      exec("chmod 700 ".$sshdir);
      exec("chmod 600 '$sshkeys'");
      
   }