From aa78fde6a92f66b84d626e114d8b54a5fb6ece0c Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 14 Nov 2012 07:19:43 -0500
Subject: [PATCH] - Added function for IPv6 prefixes in multiserver mirror setups to nginx plugin.

---
 server/plugins-available/cron_jailkit_plugin.inc.php |   95 ++++++++++++++++++++++++++++++++++++++++++-----
 1 files changed, 84 insertions(+), 11 deletions(-)

diff --git a/server/plugins-available/cron_jailkit_plugin.inc.php b/server/plugins-available/cron_jailkit_plugin.inc.php
index fc19db6..41669b5 100644
--- a/server/plugins-available/cron_jailkit_plugin.inc.php
+++ b/server/plugins-available/cron_jailkit_plugin.inc.php
@@ -81,9 +81,11 @@
             $app->log("Parent domain not found",LOGLEVEL_WARN);
             return 0;
         } elseif($parent_domain["system_user"] == 'root' or $parent_domain["system_group"] == 'root') {
-            $app->log("Websites (and Crons) can not be owned by the root user or group.",LOGLEVEL_WARN);
+            $app->log("Websites (and Crons) cannot be owned by the root user or group.",LOGLEVEL_WARN);
             return 0;
         }
+		
+		$this->parent_domain = $parent_domain;
 		
         $app->uses('system');
 		
@@ -95,6 +97,7 @@
 			if ($data['new']['type'] == "chrooted")
 			{
 				// load the server configuration options
+				/*
 				$app->uses("getconf");
 				$this->data = $data;
 				$this->app = $app;
@@ -107,6 +110,26 @@
 				//exec($command);
 				
 				$this->_add_jailkit_user();
+				*/
+				$app->uses("getconf");
+				$this->data = $data;
+				$this->app = $app;
+				$this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit');
+				
+				$this->_update_website_security_level();
+				
+				$app->system->web_folder_protection($parent_domain['document_root'],false);
+			
+				$this->_setup_jailkit_chroot();
+				
+				$this->_add_jailkit_user();
+				
+				$command .= 'usermod -U '.escapeshellcmd($parent_domain["system_user"]);
+				exec($command);
+				
+				$this->_update_website_security_level();
+				
+				$app->system->web_folder_protection($parent_domain['document_root'],true);
 			}
 		
 			$app->log("Jailkit Plugin (Cron) -> insert username:".$parent_domain['system_user'],LOGLEVEL_DEBUG);
@@ -127,16 +150,17 @@
         }
         //* get data from web
         $parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `domain` FROM `web_domain` WHERE `domain_id` = ".intval($data["new"]["parent_domain_id"]));
-
         if(!$parent_domain["domain_id"]) {
             $app->log("Parent domain not found",LOGLEVEL_WARN);
             return 0;
         } elseif($parent_domain["system_user"] == 'root' or $parent_domain["system_group"] == 'root') {
-            $app->log("Websites (and Crons) can not be owned by the root user or group.",LOGLEVEL_WARN);
+            $app->log("Websites (and Crons) cannot be owned by the root user or group.",LOGLEVEL_WARN);
             return 0;
         }
 		
         $app->uses('system');
+		
+		$this->parent_domain = $parent_domain;
 		
 		if($app->system->is_user($parent_domain['system_user'])) {
         
@@ -147,6 +171,7 @@
 			{
                 $app->log("Jailkit Plugin (Cron) -> setting up jail", LOGLEVEL_DEBUG);
 				// load the server configuration options
+				/*
 				$app->uses("getconf");
 				$this->data = $data;
 				$this->app = $app;
@@ -155,6 +180,21 @@
 			
 				$this->_setup_jailkit_chroot();
 				$this->_add_jailkit_user();
+				*/
+				$app->uses("getconf");
+				$this->data = $data;
+				$this->app = $app;
+				$this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit');
+
+				$this->_update_website_security_level();
+				
+				$app->system->web_folder_protection($parent_domain['document_root'],false);
+			
+				$this->_setup_jailkit_chroot();
+				$this->_add_jailkit_user();
+				
+				$this->_update_website_security_level();
+				$app->system->web_folder_protection($parent_domain['document_root'],true);
 			}
 		
 			$app->log("Jailkit Plugin (Cron) -> update username:".$parent_domain['system_user'],LOGLEVEL_DEBUG);
@@ -175,6 +215,8 @@
 	
 	function _setup_jailkit_chroot()
 	{
+		global $app;	
+			
 			//check if the chroot environment is created yet if not create it with a list of program sections from the config
 			if (!is_dir($this->parent_domain['document_root'].'/etc/jailkit'))
 			{
@@ -197,22 +239,22 @@
                 $tpl->setVar('home_dir',$this->_get_home_dir(""));
 				
 				$bashrc = escapeshellcmd($this->parent_domain['document_root']).'/etc/bash.bashrc';
-				if(@is_file($bashrc)) exec('rm '.$bashrc);
+				if(@is_file($bashrc) || @is_link($bashrc)) unlink($bashrc);
 				
-				file_put_contents($bashrc,$tpl->grab());
+				$app->system->file_put_contents($bashrc,$tpl->grab());
 				unset($tpl);
 				
-				$this->app->log("Added bashrc scrpt : ".$bashrc,LOGLEVEL_DEBUG);
+				$this->app->log('Added bashrc script: '.$bashrc,LOGLEVEL_DEBUG);
 				
 				$tpl = new tpl();
-				$tpl->newTemplate("motd.master");
+				$tpl->newTemplate('motd.master');
 				
 				$tpl->setVar('domain',$this->parent_domain['domain']);
 				
 				$motd = escapeshellcmd($this->parent_domain['document_root']).'/var/run/motd';
-				if(@is_file($motd)) exec('rm '.$motd);
+				if(@is_file($motd) || @is_link($motd)) unlink($motd);
 				
-				file_put_contents($motd,$tpl->grab());
+				$app->system->file_put_contents($motd,$tpl->grab());
 				
 			}
             $this->_add_jailkit_programs();
@@ -257,16 +299,47 @@
 				
 			$this->app->log("Added jailkit user to chroot with command: ".$command,LOGLEVEL_DEBUG);
 				
-			exec("mkdir -p ".escapeshellcmd($this->parent_domain['document_root'].$jailkit_chroot_userhome));
+			$app->system->mkdir(escapeshellcmd($this->parent_domain['document_root'].$jailkit_chroot_userhome), 0755, true);
+			$app->system->chown(escapeshellcmd($this->parent_domain['document_root'].$jailkit_chroot_userhome), escapeshellcmd($this->parent_domain['system_user']));
+			$app->system->chgrp(escapeshellcmd($this->parent_domain['document_root'].$jailkit_chroot_userhome), escapeshellcmd($this->parent_domain['system_group']));
+			
 	}
 	
     function _get_home_dir($username)
     {
         return str_replace("[username]",escapeshellcmd($username),$this->jailkit_config["jailkit_chroot_home"]);
     }
+	
+	//* Update the website root directory permissions depending on the security level
+	function _update_website_security_level() {
+		global $app,$conf;
+		
+		// load the server configuration options
+		$app->uses("getconf");
+		$web_config = $app->getconf->get_server_config($conf["server_id"], 'web');
+		
+		// Get the parent website of this shell user
+		$web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$this->data['new']['parent_domain_id']);
+		
+		//* If the security level is set to high
+		if($web_config['security_level'] == 20 && is_array($web)) {
+			$app->system->web_folder_protection($web["document_root"],false);
+			$app->system->chmod($web["document_root"],0755);
+			$app->system->chown($web["document_root"],'root');
+			$app->system->chgrp($web["document_root"],'root');
+			$app->system->web_folder_protection($web["document_root"],true);
+		}
+	}
+	
+	//* Wrapper for exec function for easier debugging
+	private function _exec($command) {
+		global $app;
+		$app->log('exec: '.$command,LOGLEVEL_DEBUG);
+		exec($command);
+	}
     
 	
 
 } // end class
 
-?>
\ No newline at end of file
+?>

--
Gitblit v1.9.1