From aa370627b211a51dc46891cfa4b6e3d2ef3e52db Mon Sep 17 00:00:00 2001
From: mcramer <m.cramer@pixcept.de>
Date: Tue, 16 Jul 2013 10:45:17 -0400
Subject: [PATCH] - Fixed FS#2924 - the month will not set automatically in the autoresponder by click now   Along with this fixed some display problems with the combo boxes introduced in 3.0.5.   Some fields were not correctly displayed with the predefined values if value and text of the underlying option element differ.

---
 server/plugins-available/shelluser_base_plugin.inc.php |  113 ++++++++++++++++++++++++++++++++++++++------------------
 1 files changed, 77 insertions(+), 36 deletions(-)

diff --git a/server/plugins-available/shelluser_base_plugin.inc.php b/server/plugins-available/shelluser_base_plugin.inc.php
index 946aaaa..2924d49 100755
--- a/server/plugins-available/shelluser_base_plugin.inc.php
+++ b/server/plugins-available/shelluser_base_plugin.inc.php
@@ -72,7 +72,18 @@
 		
 		$app->uses('system');
 		
+		//* Check if the resulting path is inside the docroot
+		$web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));
+		if(substr(realpath($data['new']['dir']),0,strlen($web['document_root'])) != $web['document_root']) {
+			$app->log('Directory of the shell user is outside of website docroot.',LOGLEVEL_WARN);
+			return false;
+		}
+		
 		if($app->system->is_user($data['new']['puser'])) {
+			
+			//* Remove webfolder protection
+			$app->system->web_folder_protection($web['document_root'],false);
+			
 			// Get the UID of the parent user
 			$uid = intval($app->system->getuid($data['new']['puser']));
 			if($uid > $this->min_uid) {
@@ -96,17 +107,20 @@
 				$this->_setup_ssh_rsa();
 				
 				//* Create .bash_history file
-				touch(escapeshellcmd($data['new']['dir']).'/.bash_history');
-				chmod(escapeshellcmd($data['new']['dir']).'/.bash_history', 0755);
-				chown(escapeshellcmd($data['new']['dir']).'/.bash_history', escapeshellcmd($data['new']['username']));
-				chgrp(escapeshellcmd($data['new']['dir']).'/.bash_history', escapeshellcmd($data['new']['pgroup']));
+				$app->system->touch(escapeshellcmd($data['new']['dir']).'/.bash_history');
+				$app->system->chmod(escapeshellcmd($data['new']['dir']).'/.bash_history', 0755);
+				$app->system->chown(escapeshellcmd($data['new']['dir']).'/.bash_history', $data['new']['username']);
+				$app->system->chgrp(escapeshellcmd($data['new']['dir']).'/.bash_history', $data['new']['pgroup']);
 				
 				//* Disable shell user temporarily if we use jailkit
 				if($data['new']['chroot'] == 'jailkit') {
-					$command = 'usermod -s /bin/false -L '.escapeshellcmd($data['new']['username']);
+					$command = 'usermod -s /bin/false -L '.escapeshellcmd($data['new']['username']).' 2>/dev/null';
 					exec($command);
 					$app->log("Disabling shelluser temporarily: ".$command,LOGLEVEL_DEBUG);
 				}
+				
+				//* Add webfolder protection again
+				$app->system->web_folder_protection($web['document_root'],true);
 			
 			} else {
 				$app->log("UID = $uid for shelluser:".$data['new']['username']." not allowed.",LOGLEVEL_ERROR);
@@ -121,12 +135,20 @@
 		
 		$app->uses('system');
 		
+		//* Check if the resulting path is inside the docroot
+		$web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));
+		if(substr(realpath($data['new']['dir']),0,strlen($web['document_root'])) != $web['document_root']) {
+			$app->log('Directory of the shell user is outside of website docroot.',LOGLEVEL_WARN);
+			return false;
+		}
+		
 		if($app->system->is_user($data['new']['puser'])) {
 			// Get the UID of the parent user
 			$uid = intval($app->system->getuid($data['new']['puser']));
 			if($uid > $this->min_uid) {
 				// Check if the user that we want to update exists, if not, we insert it
 				if($app->system->is_user($data['old']['username'])) {
+					/*
 					$command = 'usermod';
 					$command .= ' --home '.escapeshellcmd($data['new']['dir']);
 					$command .= ' --gid '.escapeshellcmd($data['new']['pgroup']);
@@ -139,6 +161,9 @@
 			
 					exec($command);
 					$app->log("Executed command: $command ",LOGLEVEL_DEBUG);
+					*/
+					//$groupinfo = $app->system->posix_getgrnam($data['new']['pgroup']);
+					$app->system->usermod($data['old']['username'],0, $app->system->getgid($data['new']['pgroup']), $data['new']['dir'], $data['new']['shell'], $data['new']['password'], $data['new']['username']);
 					$app->log("Updated shelluser: ".$data['old']['username'],LOGLEVEL_DEBUG);
 									
 					// call the ssh-rsa update function
@@ -149,10 +174,10 @@
 					
 					//* Create .bash_history file
 					if(!is_file($data['new']['dir']).'/.bash_history') {
-						touch(escapeshellcmd($data['new']['dir']).'/.bash_history');
-						chmod(escapeshellcmd($data['new']['dir']).'/.bash_history', 0755);
-						chown(escapeshellcmd($data['new']['dir']).'/.bash_history',escapeshellcmd($data['new']['username']));
-						chgrp(escapeshellcmd($data['new']['dir']).'/.bash_history',escapeshellcmd($data['new']['pgroup']));
+						$app->system->touch(escapeshellcmd($data['new']['dir']).'/.bash_history');
+						$app->system->chmod(escapeshellcmd($data['new']['dir']).'/.bash_history', 0755);
+						$app->system->chown(escapeshellcmd($data['new']['dir']).'/.bash_history',escapeshellcmd($data['new']['username']));
+						$app->system->chgrp(escapeshellcmd($data['new']['dir']).'/.bash_history',escapeshellcmd($data['new']['pgroup']));
 					}
 					
 				} else {
@@ -179,8 +204,7 @@
 				// We delete only non jailkit users, jailkit users will be deleted by the jailkit plugin.
 				if ($data['old']['chroot'] != "jailkit") {
 					$command = 'userdel -f';
-					$command .= ' '.escapeshellcmd($data['old']['username']);
-			
+					$command .= ' '.escapeshellcmd($data['old']['username']).' &> /dev/null';
 					exec($command);
 					$app->log("Deleted shelluser: ".$data['old']['username'],LOGLEVEL_DEBUG);
 				}
@@ -223,24 +247,25 @@
 			exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
 			
 			// use the public key that has been generated
-			$userkey = file_get_contents('/tmp/id_rsa.pub');
+			$userkey = $app->system->file_get_contents('/tmp/id_rsa.pub');
 			
 			// save keypair in client table
-			$this->app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".file_get_contents('/tmp/id_rsa')."', ssh_rsa = '".$userkey."' WHERE client_id = ".$id);
+			$this->app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".$app->db->quote($app->system->file_get_contents('/tmp/id_rsa'))."', ssh_rsa = '".$app->db->quote($userkey)."' WHERE client_id = ".$id);
 			
-			exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
+			$app->system->unlink('/tmp/id_rsa');
+			$app->system->unlink('/tmp/id_rsa.pub');
 			$this->app->log("ssh-rsa keypair generated for ".$username,LOGLEVEL_DEBUG);
 		};
 
 		if (!file_exists($sshkeys)){
 			// add root's key
-			$app->file->mkdirs($sshdir, '0755');
-			file_put_contents($sshkeys, file_get_contents('/root/.ssh/authorized_keys'));
+			$app->file->mkdirs($sshdir, '0700');
+			if(is_file('/root/.ssh/authorized_keys')) $app->system->file_put_contents($sshkeys, $app->system->file_get_contents('/root/.ssh/authorized_keys'));
 		
 			// Remove duplicate keys
-			$existing_keys = file($sshkeys);
+			$existing_keys = @file($sshkeys);
 			$new_keys = explode("\n", $userkey);
-			$final_keys_arr = array_merge($existing_keys, $new_keys);
+			$final_keys_arr = @array_merge($existing_keys, $new_keys);
 			$new_final_keys_arr = array();
 			if(is_array($final_keys_arr) && !empty($final_keys_arr)){
 				foreach($final_keys_arr as $key => $val){
@@ -250,30 +275,46 @@
 			$final_keys = implode("\n", array_flip(array_flip($new_final_keys_arr)));
 			
 			// add the user's key
-			file_put_contents($sshkeys, $final_keys);
+			$app->system->file_put_contents($sshkeys, $final_keys);
 			$app->file->remove_blank_lines($sshkeys);
 			$this->app->log("ssh-rsa authorisation keyfile created in ".$sshkeys,LOGLEVEL_DEBUG);
 		}
-		if ($sshrsa != ''){
-			// Remove duplicate keys
-			$existing_keys = file($sshkeys);
-			$new_keys = explode("\n", $sshrsa);
-			$final_keys_arr = array_merge($existing_keys, $new_keys);
-			$new_final_keys_arr = array();
-			if(is_array($final_keys_arr) && !empty($final_keys_arr)){
-				foreach($final_keys_arr as $key => $val){
-					$new_final_keys_arr[$key] = trim($val);
-				}
-			}
-			$final_keys = implode("\n", array_flip(array_flip($new_final_keys_arr)));
 			
-			// add the custom key 
-			file_put_contents($sshkeys, $final_keys);
-			$app->file->remove_blank_lines($sshkeys);
-			$this->app->log("ssh-rsa key updated in ".$sshkeys,LOGLEVEL_DEBUG);
+		//* Get the keys
+		$existing_keys = file($sshkeys);
+		$new_keys = explode("\n", $sshrsa);
+		$old_keys = explode("\n",$this->data['old']['ssh_rsa']);
+			
+		//* Remove all old keys
+		if(is_array($old_keys)) {
+			foreach($old_keys as $key => $val) {
+				$k = array_search(trim($val),$existing_keys);
+				unset($existing_keys[$k]);
+			}
 		}
+			
+		//* merge the remaining keys and the ones fom the ispconfig database.
+		if(is_array($new_keys)) {
+			$final_keys_arr = array_merge($existing_keys, $new_keys);
+		} else {
+			$final_keys_arr = $existing_keys;
+		}
+			
+		$new_final_keys_arr = array();
+		if(is_array($final_keys_arr) && !empty($final_keys_arr)){
+			foreach($final_keys_arr as $key => $val){
+				$new_final_keys_arr[$key] = trim($val);
+			}
+		}
+		$final_keys = implode("\n", array_flip(array_flip($new_final_keys_arr)));
+			
+		// add the custom key 
+		$app->system->file_put_contents($sshkeys, $final_keys);
+		$app->file->remove_blank_lines($sshkeys);
+		$this->app->log("ssh-rsa key updated in ".$sshkeys,LOGLEVEL_DEBUG);
+		
 		// set proper file permissions
-		exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$usrdir);
+		exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$sshdir);
 		exec("chmod 600 '$sshkeys'");
 		
 	}

--
Gitblit v1.9.1