From a204303e5099dcb88e5e4760a09e7de9a96c4ea3 Mon Sep 17 00:00:00 2001
From: Florian Schaal <florian@schaal-24.de>
Date: Fri, 17 Oct 2014 08:05:51 -0400
Subject: [PATCH] moved "function send_notification_email" from 300-quota_notify.inc.php to monitor_tools.inc.php

---
 server/plugins-available/shelluser_base_plugin.inc.php |   32 +++++++++++++++++++++++++++-----
 1 files changed, 27 insertions(+), 5 deletions(-)

diff --git a/server/plugins-available/shelluser_base_plugin.inc.php b/server/plugins-available/shelluser_base_plugin.inc.php
index 33d8875..0ceced9 100755
--- a/server/plugins-available/shelluser_base_plugin.inc.php
+++ b/server/plugins-available/shelluser_base_plugin.inc.php
@@ -74,8 +74,12 @@
 
 		//* Check if the resulting path is inside the docroot
 		$web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));
-		if(substr(realpath($data['new']['dir']), 0, strlen($web['document_root'])) != $web['document_root']) {
-			$app->log('Directory of the shell user is outside of website docroot.', LOGLEVEL_WARN);
+		if(substr($data['new']['dir'],0,strlen($web['document_root'])) != $web['document_root']) {
+			$app->log('Directory of the shell user is outside of website docroot.',LOGLEVEL_WARN);
+			return false;
+		}
+		if(strpos($data['new']['dir'], '/../') !== false || substr($data['new']['dir'],-3) == '/..') {
+			$app->log('Directory of the shell user is not valid.',LOGLEVEL_WARN);
 			return false;
 		}
 
@@ -137,8 +141,13 @@
 
 		//* Check if the resulting path is inside the docroot
 		$web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));
-		if(substr(realpath($data['new']['dir']), 0, strlen($web['document_root'])) != $web['document_root']) {
-			$app->log('Directory of the shell user is outside of website docroot.', LOGLEVEL_WARN);
+		if(substr($data['new']['dir'],0,strlen($web['document_root'])) != $web['document_root']) {
+			$app->log('Directory of the shell user is outside of website docroot.',LOGLEVEL_WARN);
+			return false;
+		}
+		
+		if(strpos($data['new']['dir'], '/../') !== false || substr($data['new']['dir'],-3) == '/..') {
+			$app->log('Directory of the shell user is not valid.',LOGLEVEL_WARN);
 			return false;
 		}
 
@@ -163,6 +172,11 @@
 					$app->log("Executed command: $command ",LOGLEVEL_DEBUG);
 					*/
 					//$groupinfo = $app->system->posix_getgrnam($data['new']['pgroup']);
+					if($data['new']['dir'] != $data['old']['dir'] && !is_dir($data['new']['dir'])){
+						$app->file->mkdirs(escapeshellcmd($data['new']['dir']), '0700');
+						$app->system->chown(escapeshellcmd($data['new']['dir']),escapeshellcmd($data['new']['username']));
+						$app->system->chgrp(escapeshellcmd($data['new']['dir']),escapeshellcmd($data['new']['pgroup']));
+					}
 					$app->system->usermod($data['old']['username'], 0, $app->system->getgid($data['new']['pgroup']), $data['new']['dir'], $data['new']['shell'], $data['new']['password'], $data['new']['username']);
 					$app->log("Updated shelluser: ".$data['old']['username'], LOGLEVEL_DEBUG);
 
@@ -232,7 +246,15 @@
 		unset($client_data);
 
 		// ssh-rsa authentication variables
-		$sshrsa = $this->data['new']['ssh_rsa'];
+		//$sshrsa = $this->data['new']['ssh_rsa'];
+		$sshrsa = '';
+		$ssh_users = $app->db->queryAllRecords("SELECT ssh_rsa FROM shell_user WHERE parent_domain_id = ".intval($this->data['new']['parent_domain_id']));
+		if(is_array($ssh_users)) {
+			foreach($ssh_users as $sshu) {
+				if($sshu['ssh_rsa'] != '') $sshrsa .= "\n".$sshu['ssh_rsa'];
+			}
+		}
+		$sshrsa = trim($sshrsa);
 		$usrdir = escapeshellcmd($this->data['new']['dir']);
 		$sshdir = $usrdir.'/.ssh';
 		$sshkeys= $usrdir.'/.ssh/authorized_keys';

--
Gitblit v1.9.1