From e9b67e8196204a5c1b0f5266bb0d0c9150b4a2be Mon Sep 17 00:00:00 2001
From: mcramer <m.cramer@pixcept.de>
Date: Thu, 11 Jul 2013 04:34:20 -0400
Subject: [PATCH] - Fixed: invalid regex in path checking
---
server/plugins-available/nginx_plugin.inc.php | 47 ++++++++++++++++++++++++++++-------------------
1 files changed, 28 insertions(+), 19 deletions(-)
diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php
index 73fc849..7d45168 100644
--- a/server/plugins-available/nginx_plugin.inc.php
+++ b/server/plugins-available/nginx_plugin.inc.php
@@ -99,7 +99,7 @@
$app->uses('getconf');
$web_config = $app->getconf->get_server_config($conf['server_id'], 'web');
if ($web_config['CA_path']!='' && !file_exists($web_config['CA_path'].'/openssl.cnf'))
- $app->log("CA path error, file does not exist:".$web_config['CA_path'].'/openssl.conf',LOGLEVEL_ERROR);
+ $app->log("CA path error, file does not exist:".$web_config['CA_path'].'/openssl.cnf',LOGLEVEL_ERROR);
//* Only vhosts can have a ssl cert
if($data["new"]["type"] != "vhost" && $data["new"]["type"] != "vhostsubdomain") return;
@@ -243,6 +243,7 @@
if(trim($data["new"]["ssl_cert"]) != '') $app->system->file_put_contents($crt_file,$data["new"]["ssl_cert"]);
//if(trim($data["new"]["ssl_bundle"]) != '') $app->system->file_put_contents($bundle_file,$data["new"]["ssl_bundle"]);
if(trim($data["new"]["ssl_key"]) != '') $app->system->file_put_contents($key_file2,$data["new"]["ssl_key"]);
+ $app->system->chmod($key_file2,0400);
// for nginx, bundle files have to be appended to the certificate file
if(trim($data["new"]["ssl_bundle"]) != ''){
@@ -466,10 +467,10 @@
exec('chown --recursive --from='.escapeshellcmd($data['old']['system_user']).':'.escapeshellcmd($data['old']['system_group']).' '.escapeshellcmd($data['new']['system_user']).':'.escapeshellcmd($data['new']['system_group']).' '.$new_dir);
//* Change the home directory and group of the website user
- $command = 'killall -u '.escapeshellcmd($data['new']['system_user']).' && usermod';
+ $command = 'killall -u '.escapeshellcmd($data['new']['system_user']).' ; usermod';
$command .= ' --home '.escapeshellcmd($data['new']['document_root']);
$command .= ' --gid '.escapeshellcmd($data['new']['system_group']);
- $command .= ' '.escapeshellcmd($data['new']['system_user']);
+ $command .= ' '.escapeshellcmd($data['new']['system_user']).' 2>/dev/null';
exec($command);
}
@@ -655,8 +656,8 @@
exec('chown -R '.$data['new']['system_user'].':'.$data['new']['system_group'].' '.$error_page_path);
} // end copy error docs
- // Set the quota for the user
- if($username != '' && $app->system->is_user($username)) {
+ // Set the quota for the user, but only for vhosts, not vhostsubdomains
+ if($username != '' && $app->system->is_user($username) && $data['new']['type'] == 'vhost') {
if($data['new']['hd_quota'] > 0) {
$blocks_soft = $data['new']['hd_quota'] * 1024;
$blocks_hard = $blocks_soft + 1024;
@@ -678,6 +679,9 @@
}
}
+ //* add the nginx user to the client group if this is a vhost and security level is set to high, no matter if this is an insert or update and regardless of set_folder_permissions_on_update
+ if($data['new']['type'] == 'vhost' && $web_config['security_level'] == 20) $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['nginx_user']));
+
//* If the security level is set to high
if(($this->action == 'insert' && $data['new']['type'] == 'vhost') or ($web_config['set_folder_permissions_on_update'] == 'y' && $data['new']['type'] == 'vhost')) {
@@ -705,7 +709,7 @@
if($web_config['add_web_users_to_sshusers_group'] == 'y') {
$command = 'usermod';
$command .= ' --groups sshusers';
- $command .= ' '.escapeshellcmd($data['new']['system_user']);
+ $command .= ' '.escapeshellcmd($data['new']['system_user']).' 2>/dev/null';
$this->_exec($command);
}
@@ -716,13 +720,10 @@
//* add the nginx user to the client group in the chroot environment
$tmp_groupfile = $app->system->server_conf['group_datei'];
$app->system->server_conf['group_datei'] = $web_config['website_basedir'].'/etc/group';
- $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));
+ $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['nginx_user']));
$app->system->server_conf['group_datei'] = $tmp_groupfile;
unset($tmp_groupfile);
}
-
- //* add the nginx user to the client group
- $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['nginx_user']));
//* Chown all default directories
$app->system->chown($data['new']['document_root'],'root');
@@ -831,7 +832,7 @@
if(!is_dir($web_config['website_basedir'].'/conf')) mkdir($web_config['website_basedir'].'/conf');
if(trim($data['new']['custom_php_ini']) != '') {
$has_custom_php_ini = true;
- if(!is_dir($custom_php_ini_dir)) $app->system->mkdir($custom_php_ini_dir);
+ if(!is_dir($custom_php_ini_dir)) $app->system->mkdirpath($custom_php_ini_dir);
$php_ini_content = '';
if($data['new']['php'] == 'mod') {
$master_php_ini_path = $web_config['php_ini_path_apache'];
@@ -1666,8 +1667,6 @@
}
}
}
-
-
}
if(is_array($subdomain_hosts) && !empty($subdomain_hosts)){
$log_folders = array();
@@ -1686,10 +1685,12 @@
if($data['old']['type'] == 'vhost' || $data['old']['type'] == 'vhostsubdomain'){
if(is_array($log_folders) && !empty($log_folders)){
foreach($log_folders as $log_folder){
- if($app->system->is_mounted($data['old']['document_root'].'/'.$log_folder)) exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder));
+ //if($app->system->is_mounted($data['old']['document_root'].'/'.$log_folder)) exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder));
+ exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder).' 2>/dev/null');
}
} else {
- if($app->system->is_mounted($data['old']['document_root'].'/'.$log_folder)) exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder));
+ //if($app->system->is_mounted($data['old']['document_root'].'/'.$log_folder)) exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder));
+ exec('umount '.escapeshellarg($data['old']['document_root'].'/'.$log_folder).' 2>/dev/null');
}
}
@@ -1869,10 +1870,10 @@
$vhost_logfile_dir = escapeshellcmd('/var/log/ispconfig/httpd/'.$data['old']['domain']);
if($data['old']['domain'] != '' && !stristr($vhost_logfile_dir,'..')) exec('rm -rf '.$vhost_logfile_dir);
$app->log('Removing website logfile directory: '.$vhost_logfile_dir,LOGLEVEL_DEBUG);
-
+
if($data['old']['type'] == 'vhost') {
//delete the web user
- $command = 'killall -u '.escapeshellcmd($data['old']['system_user']).' && userdel';
+ $command = 'killall -u '.escapeshellcmd($data['old']['system_user']).' ; userdel';
$command .= ' '.escapeshellcmd($data['old']['system_user']);
exec($command);
if($nginx_chrooted) $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' '.$command);
@@ -2400,6 +2401,12 @@
if(is_array($lines) && !empty($lines)){
$linecount = sizeof($lines);
for($h=0;$h<$linecount;$h++){
+ // remove comments
+ if(substr(trim($lines[$h]),0,1) == '#'){
+ unset($lines[$h]);
+ continue;
+ }
+
$lines[$h] = rtrim($lines[$h]);
/*
if(substr(ltrim($lines[$h]), 0, 8) == 'location' && strpos($lines[$h], '{') !== false && strpos($lines[$h], ';') !== false){
@@ -2526,8 +2533,10 @@
$app->log('Removed client directory: '.$client_dir,LOGLEVEL_DEBUG);
}
- $this->_exec('groupdel client'.$client_id);
- $app->log('Removed group client'.$client_id,LOGLEVEL_DEBUG);
+ if($app->system->is_group('client'.$client_id)){
+ $this->_exec('groupdel client'.$client_id);
+ $app->log('Removed group client'.$client_id,LOGLEVEL_DEBUG);
+ }
}
}
--
Gitblit v1.9.1