From e28564dbde4f922a6a8263e3dea32d56b60b5b5b Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Wed, 16 Jun 2010 11:41:46 -0400
Subject: [PATCH] Implemented: FS#468 - Client name conversion in FTP user too restricted
---
server/plugins-available/apache2_plugin.inc.php | 50 +++++++++++++++++++++++++++++++++++---------------
1 files changed, 35 insertions(+), 15 deletions(-)
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 49b8109..0ee377f 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -582,9 +582,11 @@
$rewrite_rules = array();
if($data["new"]["redirect_type"] != '') {
if(substr($data["new"]["redirect_path"],-1) != '/') $data["new"]["redirect_path"] .= '/';
+ /* Disabled path extension
if($data["new"]["redirect_type"] == 'no' && substr($data["new"]["redirect_path"],0,4) != 'http') {
$data["new"]["redirect_path"] = $data["new"]["document_root"]."/web".realpath($data["new"]["redirect_path"]).'/';
}
+ */
$rewrite_rules[] = array( 'rewrite_domain' => $data["new"]["domain"],
'rewrite_type' => ($data["new"]["redirect_type"] == 'no')?'':'['.$data["new"]["redirect_type"].']',
@@ -633,9 +635,11 @@
// Rewriting
if($alias["redirect_type"] != '') {
if(substr($data["new"]["redirect_path"],-1) != '/') $data["new"]["redirect_path"] .= '/';
+ /* Disabled the path extension
if($data["new"]["redirect_type"] == 'no' && substr($data["new"]["redirect_path"],0,4) != 'http') {
$data["new"]["redirect_path"] = $data["new"]["document_root"]."/web".realpath($data["new"]["redirect_path"]).'/';
}
+ */
$rewrite_rules[] = array( 'rewrite_domain' => $alias["domain"],
'rewrite_type' => ($alias["redirect_type"] == 'no')?'':'['.$alias["redirect_type"].']',
'rewrite_target' => $alias["redirect_path"]);
@@ -987,9 +991,11 @@
/*
* Get additional informations
*/
- $sitedata = $app->db->queryOneRecord("SELECT document_root, domain FROM web_domain WHERE domain_id = " . $data['new']['parent_domain_id']);
+ $sitedata = $app->db->queryOneRecord("SELECT document_root, domain, system_user, system_group FROM web_domain WHERE domain_id = " . $data['new']['parent_domain_id']);
$documentRoot = $sitedata['document_root'];
$domain = $sitedata['domain'];
+ $user = $sitedata['system_user'];
+ $group = $sitedata['system_group'];
/* Check if this is a chrooted setup */
if($web_config['website_basedir'] != '' && @is_file($web_config['website_basedir'].'/etc/passwd')) {
@@ -1008,21 +1014,36 @@
}
/*
- * The webdav folder (not the root!) has to be owned by the apache-user
+ * The webdav - Root needs the group/user as owner and the apache as read and write
*/
- exec('chown ' . escapeshellcmd($web_config['user']) . ':' . escapeshellcmd($web_config['group']) . ' ' . $documentRoot . '/webdav/' . $data['new']['dir'] . ' -R');
+ $this->_exec("chown " . $user . ':' . $group . ' ' . escapeshellcmd($documentRoot . '/webdav/'));
+ $this->_exec("chmod 770 " . escapeshellcmd($documentRoot . '/webdav/'));
/*
- * Next step is to update the password - file
+ * The webdav folder (not the webdav-root!) needs the same (not in ONE step, because the
+ * pwd-files are owned by root)
*/
- $this->_writeHtDigestFile( $documentRoot . '/webdav/' . $data['new']['dir'] . '.htdigest', $data['new']['username'], $data['new']['dir'], $data['new']['password']);
+ $this->_exec("chown " . $user . ':' . $group . ' ' . escapeshellcmd($documentRoot . '/webdav/'. $data['new']['dir'] . ' -R'));
+ $this->_exec("chmod 770 " . escapeshellcmd($documentRoot . '/webdav/' . $data['new']['dir'] . ' -R'));
+
+ /*
+ * if the user is active, we have to write/update the password - file
+ * if the user is inactive, we have to inactivate the user by removing the user from the file
+ */
+ if ($data['new']['active'] == 'y') {
+ $this->_writeHtDigestFile( $documentRoot . '/webdav/' . $data['new']['dir'] . '.htdigest', $data['new']['username'], $data['new']['dir'], $data['new']['password']);
+ }
+ else {
+ /* empty pwd removes the user! */
+ $this->_writeHtDigestFile( $documentRoot . '/webdav/' . $data['new']['dir'] . '.htdigest', $data['new']['username'], $data['new']['dir'], '');
+ }
/*
* Next step, patch the vhost - file
*/
$vhost_file = escapeshellcmd($web_config["vhost_conf_dir"] . '/' . $domain . '.vhost');
$this->_patchVhostWebdav($vhost_file, $documentRoot . '/webdav');
-
+
/*
* Last, restart apache
*/
@@ -1045,7 +1066,7 @@
/*
* We dont't want to destroy any (transfer)-Data. So we do NOT delete any dir.
* So the only thing, we have to do, is to delete the user from the password-file
- */
+ */
$this->_writeHtDigestFile( $documentRoot . '/webdav/' . $data['old']['dir'] . '.htdigest', $data['old']['username'], $data['old']['dir'], '');
}
}
@@ -1053,17 +1074,17 @@
/**
* This function writes the htdigest - files used by webdav and digest
+ * more info: see http://riceball.com/d/node/424
* @author Oliver Vogel
* @param string $filename The name of the digest-file
* @param string $username The name of the webdav-user
* @param string $authname The name of the realm
- * @param string $pwd The password of the user
+ * @param string $pwd The password-hash of the user
*/
- private function _writeHtDigestFile($filename, $username, $authname, $pwd ) {
+ private function _writeHtDigestFile($filename, $username, $authname, $pwdhash ) {
$changed = false;
$in = fopen($filename, 'r');
$output = '';
-
/*
* read line by line and search for the username and authname
*/
@@ -1074,10 +1095,9 @@
/*
* found the user. delete or change it?
*/
- if ($pwd != '') {
- $tmp[2] = md5($username . ':' . $authname . ':' .$pwd);
- $output .= $tmp[0] . ':' . $tmp[1] . ':' . $tmp[2] . "\n";
- }
+ if ($pwdhash != '') {
+ $output .= $tmp[0] . ':' . $tmp[1] . ':' . $pwdhash . "\n";
+ }
$changed = true;
}
else {
@@ -1088,7 +1108,7 @@
* if we didn't change anything, we have to add the new user at the end of the file
*/
if (!$changed) {
- $output .= $username . ':' . $authname . ':' . md5($username . ':' . $authname . ':' . $pwd) . "\n";
+ $output .= $username . ':' . $authname . ':' . $pwdhash . "\n";
}
fclose($in);
--
Gitblit v1.9.1