From e56995b9f8ebbac6de8f858f8996b254f8b2d59d Mon Sep 17 00:00:00 2001
From: mcramer <m.cramer@pixcept.de>
Date: Fri, 19 Oct 2012 04:21:46 -0400
Subject: [PATCH] Fixed: redirect_paths can contain colons like http://www.mydomain.com/cms/article:::35.html
---
server/plugins-available/shelluser_jailkit_plugin.inc.php | 40 +++++++++++++++++++++++++++-------------
1 files changed, 27 insertions(+), 13 deletions(-)
diff --git a/server/plugins-available/shelluser_jailkit_plugin.inc.php b/server/plugins-available/shelluser_jailkit_plugin.inc.php
index 6ffe8e8..6a83b6f 100755
--- a/server/plugins-available/shelluser_jailkit_plugin.inc.php
+++ b/server/plugins-available/shelluser_jailkit_plugin.inc.php
@@ -71,7 +71,7 @@
global $app, $conf;
$app->uses('system');
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$this->data['new']['parent_domain_id']);
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$data['new']['parent_domain_id']);
if($app->system->is_user($data['new']['username'])) {
@@ -80,7 +80,7 @@
*/
if ($data['new']['chroot'] == "jailkit")
{
- $app->system->web_folder_protection($web['document_root'],false);
+
// load the server configuration options
$app->uses("getconf");
@@ -89,6 +89,8 @@
$this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit');
$this->_update_website_security_level();
+
+ $app->system->web_folder_protection($web['document_root'],false);
$this->_setup_jailkit_chroot();
@@ -97,7 +99,12 @@
//* call the ssh-rsa update function
$this->_setup_ssh_rsa();
- $command .= 'usermod -s /usr/sbin/jk_chrootsh -U '.escapeshellcmd($data['new']['username']);
+ //$command .= 'usermod -s /usr/sbin/jk_chrootsh -U '.escapeshellcmd($data['new']['username']);
+ //exec($command);
+ $app->system->usermod($data['new']['username'], 0, 0, '', '/usr/sbin/jk_chrootsh', '', '');
+
+ //* Unlock user
+ $command = 'usermod -U '.escapeshellcmd($data['new']['username']);
exec($command);
$this->_update_website_security_level();
@@ -117,7 +124,7 @@
global $app, $conf;
$app->uses('system');
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$this->data['new']['parent_domain_id']);
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$data['new']['parent_domain_id']);
if($app->system->is_user($data['new']['username'])) {
@@ -126,7 +133,6 @@
*/
if ($data['new']['chroot'] == "jailkit")
{
- $app->system->web_folder_protection($web['document_root'],false);
// load the server configuration options
$app->uses("getconf");
@@ -135,6 +141,8 @@
$this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit');
$this->_update_website_security_level();
+
+ $app->system->web_folder_protection($web['document_root'],false);
$this->_setup_jailkit_chroot();
$this->_add_jailkit_user();
@@ -164,7 +172,7 @@
$app->uses('system');
- $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$this->data['old']['parent_domain_id']);
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$data['old']['parent_domain_id']);
if ($data['old']['chroot'] == "jailkit")
{
@@ -222,12 +230,12 @@
$tpl->setVar('home_dir',$this->_get_home_dir(""));
$bashrc = escapeshellcmd($this->data['new']['dir']).'/etc/bash.bashrc';
- if(@is_file($bashrc)) unlink($bashrc);
+ if(@is_file($bashrc) || @is_link($bashrc)) unlink($bashrc);
file_put_contents($bashrc,$tpl->grab());
unset($tpl);
- $this->app->log("Added bashrc scrpt : ".$bashrc,LOGLEVEL_DEBUG);
+ $this->app->log("Added bashrc script : ".$bashrc,LOGLEVEL_DEBUG);
$tpl = new tpl();
$tpl->newTemplate("motd.master");
@@ -235,7 +243,7 @@
$tpl->setVar('domain',$web['domain']);
$motd = escapeshellcmd($this->data['new']['dir']).'/var/run/motd';
- if(@is_file($motd)) unlink($motd);
+ if(@is_file($motd) || @is_link($motd)) unlink($motd);
file_put_contents($motd,$tpl->grab());
@@ -285,6 +293,7 @@
//* Change the homedir of the shell user and parent user
//* We have to do this manually as the usermod command fails
//* when the user is logged in or a command is running under that user
+ /*
$passwd_file_array = file('/etc/passwd');
$passwd_out = '';
if(is_array($passwd_file_array)) {
@@ -301,8 +310,10 @@
$app->system->replaceLine('/etc/passwd',$line,$new_line,1,0);
}
}
- }
+ }*/
+ $app->system->usermod($this->data['new']['username'], 0, 0, $this->data['new']['dir'].'/.'.$jailkit_chroot_userhome, '/usr/sbin/jk_chrootsh');
+ $app->system->usermod($this->data['new']['puser'], 0, 0, $this->data['new']['dir'].'/.'.$jailkit_chroot_userhome, '/usr/sbin/jk_chrootsh');
$this->app->log("Added jailkit user to chroot with command: ".$command,LOGLEVEL_DEBUG);
@@ -333,9 +344,12 @@
$web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$this->data['new']['parent_domain_id']);
//* If the security level is set to high
- if($web_config['security_level'] == 20) {
- $this->_exec('chmod 755 '.escapeshellcmd($web["document_root"]));
- $this->_exec('chown root:root '.escapeshellcmd($web["document_root"]));
+ if($web_config['security_level'] == 20 && is_array($web)) {
+ $app->system->web_folder_protection($web["document_root"],false);
+ $app->system->chmod($web["document_root"],0755);
+ $app->system->chown($web["document_root"],'root');
+ $app->system->chgrp($web["document_root"],'root');
+ $app->system->web_folder_protection($web["document_root"],true);
}
}
--
Gitblit v1.9.1