From f038c0a4cecc7a7a56b6d175c3ec42c1f80a4ac7 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Mon, 13 Feb 2012 09:00:09 -0500
Subject: [PATCH] Implemented: FS#2024 - Sanity check zones with named-checkzone
---
interface/lib/classes/remoting.inc.php | 269 ++++++++++++++++++++++++++++++++++++++++++++++++++---
1 files changed, 253 insertions(+), 16 deletions(-)
diff --git a/interface/lib/classes/remoting.inc.php b/interface/lib/classes/remoting.inc.php
index 1c97176..9f88cfc 100644
--- a/interface/lib/classes/remoting.inc.php
+++ b/interface/lib/classes/remoting.inc.php
@@ -348,8 +348,8 @@
$this->server->fault('permission_denied','You do not have the permissions to access this function.');
return false;
}
- $affected_rows = $this->deleteQuery('../mail/form/mail_user_filter.tform.php', $primary_id);
- $app->plugin->raiseEvent('mail:mail_user_filter:on_after_delete',$this);
+ $affected_rows = $this->deleteQuery('../mail/form/mail_user_filter.tform.php', $primary_id,'mail:mail_user_filter:on_after_delete');
+ // $app->plugin->raiseEvent('mail:mail_user_filter:on_after_delete',$this);
return $affected_rows;
}
@@ -1342,6 +1342,23 @@
$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
return false;
}
+
+ if(!isset($params['client_group_id']) or (isset($params['client_group_id']) && empty($params['client_group_id']))) {
+ $rec = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".intval($client_id));
+ $params['client_group_id'] = $rec['groupid'];
+ }
+
+ //* Set a few params to "not empty" values which get overwritten by the sites_web_domain_plugin
+ if($params['document_root'] == '') $params['document_root'] = '-';
+ if($params['system_user'] == '') $params['system_user'] = '-';
+ if($params['system_group'] == '') $params['system_group'] = '-';
+
+ //* Set a few defaults for nginx servers
+ if($params['pm_max_children'] == '') $params['pm_max_children'] = 1;
+ if($params['pm_start_servers'] == '') $params['pm_start_servers'] = 1;
+ if($params['pm_min_spare_servers'] == '') $params['pm_min_spare_servers'] = 1;
+ if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 1;
+
$domain_id = $this->insertQuery('../sites/form/web_domain.tform.php',$client_id,$params, 'sites:web_domain:on_after_insert');
if ($readonly === true)
$app->db->query("UPDATE web_domain SET `sys_userid` = '1' WHERE domain_id = ".$domain_id);
@@ -1355,6 +1372,13 @@
$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
return false;
}
+
+ //* Set a few defaults for nginx servers
+ if($params['pm_max_children'] == '') $params['pm_max_children'] = 1;
+ if($params['pm_start_servers'] == '') $params['pm_start_servers'] = 1;
+ if($params['pm_min_spare_servers'] == '') $params['pm_min_spare_servers'] = 1;
+ if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 1;
+
$affected_rows = $this->updateQuery('../sites/form/web_domain.tform.php',$client_id,$primary_id,$params);
return $affected_rows;
}
@@ -1534,6 +1558,30 @@
$app->remoting_lib->loadFormDef('../dns/form/dns_soa.tform.php');
return $app->remoting_lib->getDataRecord($primary_id);
}
+
+ //* Get record id by origin
+ public function dns_zone_get_id($session_id, $origin)
+ {
+ global $app;
+
+ if(!$this->checkPerm($session_id, 'dns_zone_get_id')) {
+ $this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+
+ if (preg_match('/^[a-z0-9][a-z0-9\-]+[a-z0-9](\.[a-z]{2,4})+$/i', $origin)) {
+ $this->server->fault('no_domain_found', 'Invalid domain name.');
+ return false;
+ }
+
+ $rec = $app->db->queryOneRecord("SELECT id FROM dns_soa WHERE origin like '".$origin.'%');
+ if(isset($rec['id'])) {
+ return intval($rec['id']);
+ } else {
+ $this->server->fault('no_domain_found', 'There is no domain ID with informed domain name.');
+ return false;
+ }
+ }
//* Add a record
public function dns_zone_add($session_id, $client_id, $params)
@@ -2132,23 +2180,42 @@
//* Get the SQL query
$sql = $app->remoting_lib->getSQL($params,'INSERT',0);
+
+ //* Check if no system user with that username exists
+ $username = $app->db->quote($params["username"]);
+ $tmp = $app->db->queryOneRecord("SELECT count(userid) as number FROM sys_user WHERE username = '$username'");
+ if($tmp['number'] > 0) $app->remoting_lib->errorMessage .= "Duplicate username<br />";
+
+ //* Stop on error while preparing the sql query
if($app->remoting_lib->errorMessage != '') {
$this->server->fault('data_processing_error', $app->remoting_lib->errorMessage);
return false;
}
+ //* Execute the SQL query
$app->db->query($sql);
+ $insert_id = $app->db->insertID();
+
+
+ //* Stop on error while executing the sql query
+ if($app->remoting_lib->errorMessage != '') {
+ $this->server->fault('data_processing_error', $app->remoting_lib->errorMessage);
+ return false;
+ }
+
+ $this->id = $insert_id;
+ $this->dataRecord = $params;
$app->plugin->raiseEvent('client:client:on_after_insert',$this);
+ /*
if($app->db->errorMessage != '') {
$this->server->fault('database_error', $app->db->errorMessage . ' '.$sql);
return false;
}
+ */
-
-
- $insert_id = $app->db->insertID();
+
//$app->uses('tform');
//* Save changes to Datalog
if($app->remoting_lib->formDef["db_history"] == 'yes') {
@@ -2274,22 +2341,23 @@
// set a few values for compatibility with tform actions, mostly used by plugins
$this->oldDataRecord = $old_rec;
$this->id = $primary_id;
- $this->dataRecord = $params;
+ $this->dataRecord = $old_rec;
+ //$this->dataRecord = $params;
//* Get the SQL query
$sql = $app->remoting_lib->getDeleteSQL($primary_id);
-
+ $app->db->errorMessage = '';
$app->db->query($sql);
+ $affected_rows = $app->db->affectedRows();
if($app->db->errorMessage != '') {
-
- if($event_identifier != '') $app->plugin->raiseEvent($event_identifier,$this);
-
$this->server->fault('database_error', $app->db->errorMessage . ' '.$sql);
return false;
}
- $affected_rows = $app->db->affectedRows();
+ if($event_identifier != '') {
+ $app->plugin->raiseEvent($event_identifier,$this);
+ }
//* Save changes to Datalog
if($app->remoting_lib->formDef["db_history"] == 'yes') {
@@ -2303,6 +2371,7 @@
protected function checkPerm($session_id, $function_name)
{
+ global $app;
$dobre=array();
$session = $this->getSession($session_id);
if(!$session){
@@ -2310,7 +2379,11 @@
}
$dobre= str_replace(';',',',$session['remote_functions']);
- return in_array($function_name, explode(',', $dobre) );
+ $check = in_array($function_name, explode(',', $dobre) );
+ if(!$check) {
+ $app->log("REMOTE-LIB DENY: ".$session_id ." /". $function_name, LOGLEVEL_WARN);
+ }
+ return $check;
}
@@ -2423,6 +2496,26 @@
return false;
}
}
+ /**
+ * Get All client_id's from database
+ * @param int session_id
+ * @return Array of all client_id's
+ */
+ public function client_get_all($session_id) {
+ global $app;
+ if(!$this->checkPerm($session_id, 'client_get_all')) {
+ $this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+ $result = $app->db->queryAllRecords("SELECT client_id FROM client WHERE 1");
+ if(!$result) {
+ return false;
+ }
+ foreach( $result as $record) {
+ $rarrary[] = $record['client_id'];
+ }
+ return $rarrary;
+ }
/**
* Changes client password
@@ -2500,13 +2593,13 @@
public function sites_database_get_all_by_user($session_id, $client_id)
{
global $app;
- if(!$this->checkPerm($session_id, 'sites_database_get_all_by_user')) {
+ if(!$this->checkPerm($session_id, 'sites_database_get')) {
$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
return false;
}
$client_id = intval($client_id);
- $sql = "SELECT database_id, database_name, database_user, database_password FROM web_database WHERE sys_userid = $client_id ";
- $all = $app->db->queryAllRecords($sql);
+ $sql = "SELECT d.database_id, d.database_name, d.database_user, d.database_password FROM web_database d INNER JOIN sys_user s on(d.sys_groupid = s.default_group) WHERE client_id = $client_id";
+ $all = $app->db->queryAllRecords($sql);
return $all;
}
@@ -2925,11 +3018,155 @@
return $affected_rows;
}
+ //* Start VM
+ public function openvz_vm_start($session_id, $vm_id)
+ {
+ global $app;
+
+ if(!$this->checkPerm($session_id, 'vm_openvz')) {
+ $this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+
+ $app->uses('remoting_lib');
+ $app->remoting_lib->loadFormDef('../vm/form/openvz_vm.tform.php');
+ $vm = $app->remoting_lib->getDataRecord($vm_id);
+
+ if(!is_array($vm)) {
+ $this->server->fault('action_pending', 'No VM with this ID available.');
+ return false;
+ }
+
+ if($vm['active'] == 'n') {
+ $this->server->fault('action_pending', 'VM is not in active state.');
+ return false;
+ }
+
+ $action = 'openvz_start_vm';
+
+ $tmp = $app->db->queryOneRecord("SELECT count(action_id) as actions FROM sys_remoteaction
+ WHERE server_id = '".$vm['server_id']."'
+ AND action_type = '$action'
+ AND action_param = '".$vm['veid']."'
+ AND action_state = 'pending'");
+
+ if($tmp['actions'] > 0) {
+ $this->server->fault('action_pending', 'There is already a action pending for this VM.');
+ return false;
+ } else {
+ $sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
+ "VALUES (".
+ (int)$vm['server_id'] . ", ".
+ time() . ", ".
+ "'".$action."', ".
+ $vm['veid'].", ".
+ "'pending', ".
+ "''".
+ ")";
+ $app->db->query($sql);
+ }
+ }
+ //* Stop VM
+ public function openvz_vm_stop($session_id, $vm_id)
+ {
+ global $app;
+
+ if(!$this->checkPerm($session_id, 'vm_openvz')) {
+ $this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+
+ $app->uses('remoting_lib');
+ $app->remoting_lib->loadFormDef('../vm/form/openvz_vm.tform.php');
+ $vm = $app->remoting_lib->getDataRecord($vm_id);
+
+ if(!is_array($vm)) {
+ $this->server->fault('action_pending', 'No VM with this ID available.');
+ return false;
+ }
+
+ if($vm['active'] == 'n') {
+ $this->server->fault('action_pending', 'VM is not in active state.');
+ return false;
+ }
+
+ $action = 'openvz_stop_vm';
+
+ $tmp = $app->db->queryOneRecord("SELECT count(action_id) as actions FROM sys_remoteaction
+ WHERE server_id = '".$vm['server_id']."'
+ AND action_type = '$action'
+ AND action_param = '".$vm['veid']."'
+ AND action_state = 'pending'");
+
+ if($tmp['actions'] > 0) {
+ $this->server->fault('action_pending', 'There is already a action pending for this VM.');
+ return false;
+ } else {
+ $sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
+ "VALUES (".
+ (int)$vm['server_id'] . ", ".
+ time() . ", ".
+ "'".$action."', ".
+ $vm['veid'].", ".
+ "'pending', ".
+ "''".
+ ")";
+ $app->db->query($sql);
+ }
+ }
+ //* Restart VM
+ public function openvz_vm_restart($session_id, $vm_id)
+ {
+ global $app;
+
+ if(!$this->checkPerm($session_id, 'vm_openvz')) {
+ $this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+
+ $app->uses('remoting_lib');
+ $app->remoting_lib->loadFormDef('../vm/form/openvz_vm.tform.php');
+ $vm = $app->remoting_lib->getDataRecord($vm_id);
+
+ if(!is_array($vm)) {
+ $this->server->fault('action_pending', 'No VM with this ID available.');
+ return false;
+ }
+
+ if($vm['active'] == 'n') {
+ $this->server->fault('action_pending', 'VM is not in active state.');
+ return false;
+ }
+
+ $action = 'openvz_restart_vm';
+
+ $tmp = $app->db->queryOneRecord("SELECT count(action_id) as actions FROM sys_remoteaction
+ WHERE server_id = '".$vm['server_id']."'
+ AND action_type = '$action'
+ AND action_param = '".$vm['veid']."'
+ AND action_state = 'pending'");
+
+ if($tmp['actions'] > 0) {
+ $this->server->fault('action_pending', 'There is already a action pending for this VM.');
+ return false;
+ } else {
+ $sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
+ "VALUES (".
+ (int)$vm['server_id'] . ", ".
+ time() . ", ".
+ "'".$action."', ".
+ $vm['veid'].", ".
+ "'pending', ".
+ "''".
+ ")";
+ $app->db->query($sql);
+ }
+ }
}
-?>
\ No newline at end of file
+?>
--
Gitblit v1.9.1