From b445c6cbde3935bc0260e2ffe964025151db5f3f Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Thu, 01 Jul 2010 11:15:06 -0400
Subject: [PATCH] Implemented: FS#624 - disable default remote MySQL access

---
 server/plugins-available/apache2_plugin.inc.php |   90 +++++++++++++++++++++++++++++++++++++-------
 1 files changed, 75 insertions(+), 15 deletions(-)

diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index d7619eb..c0fd822 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -838,6 +838,11 @@
 				unset($htp_file);
 			}
 		}
+		
+		//* Create awstats configuration
+		if($data["new"]["stats_type"] == 'awstats' && $data["new"]["type"] == "vhost") {
+			$this->awstats_update($data,$web_config);
+		}
 
 
 		if($apache_chrooted) {
@@ -942,6 +947,11 @@
 			$command .= ' '.$data["old"]["system_user"];
 			exec($command);
 			if($apache_chrooted) $this->_exec("chroot ".escapeshellcmd($web_config['website_basedir'])." ".$command);
+			
+			//* Remove the awstats configuration file
+			if($data["old"]["stats_type"] == 'awstats') {
+				$this->awstats_delete($data,$web_config);
+			}
 
 		}
 	}
@@ -991,9 +1001,11 @@
 			/*
 			 * Get additional informations
 			*/
-			$sitedata = $app->db->queryOneRecord("SELECT document_root, domain FROM web_domain WHERE domain_id = " . $data['new']['parent_domain_id']);
+			$sitedata = $app->db->queryOneRecord("SELECT document_root, domain, system_user, system_group FROM web_domain WHERE domain_id = " . $data['new']['parent_domain_id']);
 			$documentRoot = $sitedata['document_root'];
 			$domain = $sitedata['domain'];
+			$user = $sitedata['system_user'];
+			$group = $sitedata['system_group'];
 
 			/* Check if this is a chrooted setup */
 			if($web_config['website_basedir'] != '' && @is_file($web_config['website_basedir'].'/etc/passwd')) {
@@ -1012,21 +1024,36 @@
 			}
 
 			/*
-			 *  The webdav folder (not the root!) has to be owned by the apache-user
+			 * The webdav - Root needs the group/user as owner and the apache as read and write
 			*/
-			exec('chown ' . escapeshellcmd($web_config['user']) . ':' . escapeshellcmd($web_config['group']) . ' ' . $documentRoot . '/webdav/' . $data['new']['dir'] . ' -R');
+			$this->_exec("chown " . $user . ':' . $group . ' ' . escapeshellcmd($documentRoot . '/webdav/'));
+			$this->_exec("chmod 770 " . escapeshellcmd($documentRoot . '/webdav/'));
 
 			/*
-			 * Next step is to update the password - file
+			 * The webdav folder (not the webdav-root!) needs the same (not in ONE step, because the
+			 * pwd-files are owned by root)
 			*/
-			$this->_writeHtDigestFile( $documentRoot . '/webdav/' . $data['new']['dir'] . '.htdigest', $data['new']['username'], $data['new']['dir'], $data['new']['password']);
+			$this->_exec("chown " . $user . ':' . $group . ' ' . escapeshellcmd($documentRoot . '/webdav/'. $data['new']['dir'] . ' -R'));
+			$this->_exec("chmod 770 " . escapeshellcmd($documentRoot . '/webdav/' . $data['new']['dir'] . ' -R'));
+
+			/*
+			 * if the user is active, we have to write/update the password - file
+			 * if the user is inactive, we have to inactivate the user by removing the user from the file
+			*/
+			if ($data['new']['active'] == 'y') {
+				$this->_writeHtDigestFile( $documentRoot . '/webdav/' . $data['new']['dir'] . '.htdigest', $data['new']['username'], $data['new']['dir'], $data['new']['password']);
+			}
+			else {
+				/* empty pwd removes the user! */
+				$this->_writeHtDigestFile( $documentRoot . '/webdav/' . $data['new']['dir'] . '.htdigest', $data['new']['username'], $data['new']['dir'], '');
+			}
 
 			/*
 			 * Next step, patch the vhost - file
 			*/
 			$vhost_file = escapeshellcmd($web_config["vhost_conf_dir"] . '/' . $domain . '.vhost');
 			$this->_patchVhostWebdav($vhost_file, $documentRoot . '/webdav');
-			
+
 			/*
 			 * Last, restart apache
 			*/
@@ -1049,7 +1076,7 @@
 			/*
 			 * We dont't want to destroy any (transfer)-Data. So we do NOT delete any dir.
 			 * So the only thing, we have to do, is to delete the user from the password-file
-			 */
+			*/
 			$this->_writeHtDigestFile( $documentRoot . '/webdav/' . $data['old']['dir'] . '.htdigest', $data['old']['username'], $data['old']['dir'], '');
 		}
 	}
@@ -1057,17 +1084,17 @@
 
 	/**
 	 * This function writes the htdigest - files used by webdav and digest
+	 * more info: see http://riceball.com/d/node/424
 	 * @author Oliver Vogel
 	 * @param string $filename The name of the digest-file
 	 * @param string $username The name of the webdav-user
 	 * @param string $authname The name of the realm
-	 * @param string $pwd      The password of the user
+	 * @param string $pwd      The password-hash of the user
 	 */
-	private function _writeHtDigestFile($filename, $username, $authname, $pwd ) {
+	private function _writeHtDigestFile($filename, $username, $authname, $pwdhash ) {
 		$changed = false;
 		$in = fopen($filename, 'r');
 		$output = '';
-
 		/*
 		 * read line by line and search for the username and authname
 		*/
@@ -1078,10 +1105,9 @@
 				/*
 				 * found the user. delete or change it?
 				*/
-				if ($pwd != '') {
-					$tmp[2] = md5($username . ':' . $authname . ':' .$pwd);
-					$output .= $tmp[0] . ':' . $tmp[1] . ':' . $tmp[2] . "\n";
-				}
+				if ($pwdhash != '') {
+					$output .= $tmp[0] . ':' . $tmp[1] . ':' . $pwdhash . "\n";
+					}
 				$changed = true;
 			}
 			else {
@@ -1092,7 +1118,7 @@
 		 * if we didn't change anything, we have to add the new user at the end of the file
 		*/
 		if (!$changed) {
-			$output .= $username . ':' . $authname . ':' . md5($username . ':' . $authname . ':' . $pwd) . "\n";
+			$output .= $username . ':' . $authname . ':' . $pwdhash . "\n";
 		}
 		fclose($in);
 
@@ -1180,6 +1206,40 @@
 		file_put_contents($fileName, $output);
 
 	}
+	
+	//* Update the awstats configuration file
+	private function awstats_update ($data,$web_config) {
+		global $app;
+		
+		$awstats_conf_dir = $web_config['awstats_conf_dir'];
+		
+		if(!@is_file($awstats_conf_dir."/awstats.".$data["new"]["domain"].".conf") || ($data["old"]["domain"] != '' && $data["new"]["domain"] != $data["old"]["domain"])) {
+			if ( @is_file($awstats_conf_dir."/awstats.".$data["old"]["domain"].".conf") ) {
+				unlink($awstats_conf_dir."/awstats.".$data["old"]["domain"].".conf");
+			}
+			
+			$content = '';
+			$content .= "Include \"".$awstats_conf_dir."/awstats.conf\"\n";
+			$content .= "LogFile=\"/var/log/ispconfig/httpd/".$data["new"]["domain"]."/access.log\"\n";
+			$content .= "SiteDomain=\"".$data["new"]["domain"]."\"\n";
+			$content .= "HostAliases=\"www.".$data["new"]["domain"]."  localhost 127.0.0.1\"\n";
+			
+			file_put_contents($awstats_conf_dir.'/awstats.'.$data["new"]["domain"].'.conf',$content);
+			$app->log("Created awstats config file: ".$awstats_conf_dir.'/awstats.'.$data["new"]["domain"].'.conf',LOGLEVEL_DEBUG);
+		}
+	}
+	
+	//* Delete the awstats configuration file
+	private function awstats_delete ($data,$web_config) {
+		global $app;
+		
+		$awstats_conf_dir = $web_config['awstats_conf_dir'];
+		
+		if ( @is_file($awstats_conf_dir."/awstats.".$data["old"]["domain"].".conf") ) {
+			unlink($awstats_conf_dir."/awstats.".$data["old"]["domain"].".conf");
+			$app->log("Removed awstats config file: ".$awstats_conf_dir.'/awstats.'.$data["old"]["domain"].'.conf',LOGLEVEL_DEBUG);
+		}
+	}
 
 	//* Wrapper for exec function for easier debugging
 	private function _exec($command) {

--
Gitblit v1.9.1