Added shelluser creation plugin.

tbrehm · tbrehm · commit 026b48f8119d · 2007-10-23T18:11:43.000Z
Updated apache ssl cert creation.
diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql
@@ -533,12 +533,12 @@ CREATE TABLE `shell_user` (
   `password` varchar(255) default NULL,
   `quota_size` int(11) NOT NULL default '-1',
   `active` varchar(255) NOT NULL default 'y',
-  `uid` varchar(255) NOT NULL default '0',
-  `gid` varchar(255) NOT NULL default '0',
+  `puser` varchar(255) default NULL,
+  `pgroup` varchar(255) default NULL,
   `shell` varchar(255) NOT NULL default '/bin/bash',
   `dir` varchar(255) default NULL,
   PRIMARY KEY  (`shell_user_id`)
-) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;
+) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
 
 -- 
 -- Daten f�r Tabelle `shell_user`
diff --git a/interface/web/sites/form/shell_user.tform.php b/interface/web/sites/form/shell_user.tform.php
@@ -138,7 +138,7 @@
 	##################################
 	# Begin Datatable fields
 	##################################
-		'uid' => array (
+		'puser' => array (
 			'datatype'	=> 'VARCHAR',
 			'formtype'	=> 'TEXT',
 			'validators'	=> array ( 	0 => array (	'type'	=> 'NOTEMPTY',
@@ -149,7 +149,7 @@
 			'width'		=> '30',
 			'maxlength'	=> '255'
 		),
-		'gid' => array (
+		'pgroup' => array (
 			'datatype'	=> 'VARCHAR',
 			'formtype'	=> 'TEXT',
 			'validators'	=> array ( 	0 => array (	'type'	=> 'NOTEMPTY',
diff --git a/interface/web/sites/form/web_domain.tform.php b/interface/web/sites/form/web_domain.tform.php
@@ -288,7 +288,7 @@
 			'datatype'	=> 'VARCHAR',
 			'formtype'	=> 'SELECT',
 			'default'	=> '',
-			'value'		=> array('' => 'None', 'save' => 'Save Certificate', 'create' => 'Create Certificate')
+			'value'		=> array('' => 'None', 'save' => 'Save Certificate', 'create' => 'Create Certificate','del' => 'Delete Certificate')
 		),
 	##################################
 	# ENDE Datatable fields
diff --git a/interface/web/sites/shell_user_edit.php b/interface/web/sites/shell_user_edit.php
@@ -81,10 +81,10 @@ function onAfterInsert() {
 		$web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($this->dataRecord["parent_domain_id"]));
 		$server_id = $web["server_id"];
 		$dir = $web["document_root"];
-		$uid = $web["system_user"];
-		$gid = $web["system_group"];
+		$puser = $web["system_user"];
+		$pgroup = $web["system_group"];
 		
-		$sql = "UPDATE shell_user SET server_id = $server_id, dir = '$dir', uid = '$uid', gid = '$gid' WHERE shell_user_id = ".$this->id;
+		$sql = "UPDATE shell_user SET server_id = $server_id, dir = '$dir', puser = '$puser', pgroup = '$pgroup' WHERE shell_user_id = ".$this->id;
 		$app->db->query($sql);
 		
 	}
diff --git a/server/conf/vhost.conf.master b/server/conf/vhost.conf.master
@@ -59,7 +59,9 @@
 
 
 
-<tmpl_if name='ssl' op='==' value='y'>
+<tmpl_if name='ssl_enabled'>
+
+<IfModule mod_ssl.c>
 ###########################################################
 # SSL Vhost
 ###########################################################
@@ -77,6 +79,13 @@
 	ErrorDocument 405 /error/methodNotAllowed.html
 	ErrorDocument 500 /error/internalServerError.html
 	ErrorDocument 503 /error/overloaded.html
+	
+	SSLEngine on
+	SSLCertificateFile <tmpl_var name='document_root'>/<tmpl_var name='domain'>.crt
+	SSLCertificateKeyFile <tmpl_var name='document_root'>/<tmpl_var name='domain'>.key
+<tmpl_if name='has_bundle_cert'>
+	SSLCACertificateFile <tmpl_var name='document_root'>/<tmpl_var name='domain'>.bundle
+</tmpl_if>
 
 <tmpl_if name='alias'>
     ServerAlias <tmpl_var name='alias'>
@@ -121,5 +130,6 @@
 </tmpl_if>
 
 </VirtualHost>
+</IfModule>
 
 </tmpl_if>
diff --git a/server/plugins-enabled/apache2_plugin.inc.php b/server/plugins-enabled/apache2_plugin.inc.php
@@ -117,7 +117,7 @@ function ssl($event_name,$data) {
 			$key_file2 = escapeshellcmd($key_file2);
 			$ssl_days = 3650;
 			$csr_file = escapeshellcmd($csr_file);
-			$config_file = escapeshellcmd($config_file);
+			$config_file = escapeshellcmd($ssl_cnf_file);
 			$crt_file escapeshellcmd($crt_file);
 
         	if(is_file($ssl_cnf_file)){
@@ -136,19 +136,42 @@ function ssl($event_name,$data) {
 				&& openssl rsa -passin pass:$ssl_password \
 				-in $key_file \
 				-out $key_file2");
+				
+				$app->log("Creating SSL Cert for: $domain",LOGLEVEL_DEBUG);
         	}
 
     		exec("chmod 400 $key_file2");
-    		exec("rm -f $config_file");
-    		exec("rm -f $rand_file");
+    		unlink($config_file);
+    		unlink($rand_file);
     		$ssl_request = file_get_contents($csr_file);
     		$ssl_cert = file_get_contents($crt_file);
     		$mod->db->query("UPDATE web_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert' WHERE domain = '".$data["new"]["domain"]."'");
 		}
 		
 		//* Save a SSL certificate to disk
 		if($data["new"]["ssl_action"] == 'save') {
-			
+			$ssl_dir = $data["new"]["document_root"]."/ssl";
+			$domain = $data["new"]["domain"];
+  			$csr_file = $ssl_dir.'/'.$domain.".csr";
+  			$crt_file = $ssl_dir.'/'.$domain.".crt";
+			$bundle_file = $ssl_dir.'/'.$domain.".bundle";
+			file_put_contents($csr_file,$data["new"]["ssl_request"]);
+			file_put_contents($crt_file,$data["new"]["ssl_cert"]);
+			if(trim($data["new"]["ssl_bundle"]) != '') file_put_contents($bundle_file,$data["new"]["ssl_bundle"]);
+			$app->log("Saving SSL Cert for: $domain",LOGLEVEL_DEBUG);
+		}
+		
+		//* Delete a SSL certificate
+		if($data["new"]["ssl_action"] == 'del') {
+			$ssl_dir = $data["new"]["document_root"]."/ssl";
+			$domain = $data["new"]["domain"];
+  			$csr_file = $ssl_dir.'/'.$domain.".csr";
+  			$crt_file = $ssl_dir.'/'.$domain.".crt";
+			$bundle_file = $ssl_dir.'/'.$domain.".bundle";
+			unlink($csr_file);
+			unlink($crt_file);
+			unlink($bundle_file);
+			$app->log("Deleting SSL Cert for: $domain",LOGLEVEL_DEBUG);
 		}
 		
 		
@@ -267,6 +290,24 @@ function update($event_name,$data) {
 		
 		$vhost_data = $data["new"];
 		$vhost_data["web_document_root"] = $data["new"]["document_root"]."/web";
+		
+		// Check if a SSL cert exists
+		$ssl_dir = $data["new"]["document_root"]."/ssl";
+		$domain = $data["new"]["domain"];
+  		$key_file = $ssl_dir.'/'.$domain.".key";
+  		$crt_file = $ssl_dir.'/'.$domain.".crt";
+		$bundle_file = $ssl_dir.'/'.$domain.".bundle";
+		
+		if($data["new"]["ssl"] == 'y' && @is_file($crt_file) && @is_file($key_file) {
+			$vhost_data["ssl_enabled"] = 1;
+			$app->log("Enable SSL for: $domain",LOGLEVEL_DEBUG);
+		} else {
+			$vhost_data["ssl_enabled"] = 0;
+			$app->log("Disable SSL for: $domain",LOGLEVEL_DEBUG);
+		}
+		
+		if(@is_file($bundle_file)) $vhost_data['has_bundle_cert'] = 1;
+		
 		//$vhost_data["document_root"] = $data["new"]["document_root"]."/web";
 		$tpl->setVar($vhost_data);
 		
diff --git a/server/plugins-enabled/shelluser_plugin.inc.php b/server/plugins-enabled/shelluser_plugin.inc.php
@@ -0,0 +1,133 @@
+<?php
+
+/*
+Copyright (c) 2007, Till Brehm, projektfarm Gmbh
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+class apache2_plugin {
+	
+	var $plugin_name = 'apache2_plugin';
+	var $class_name = 'apache2_plugin';
+	
+		
+	/*
+	 	This function is called when the plugin is loaded
+	*/
+	
+	function onLoad() {
+		global $app;
+		
+		/*
+		Register for the events
+		*/
+		
+		$app->plugins->registerEvent('web_domain_insert',$this->plugin_name,'insert');
+		$app->plugins->registerEvent('web_domain_update',$this->plugin_name,'update');
+		$app->plugins->registerEvent('web_domain_delete',$this->plugin_name,'delete');
+
+		
+	}
+	
+	
+	function insert($event_name,$data) {
+		global $app, $conf;
+		
+		$app->uses('system');
+		
+		// Get the UID of the parent user
+		$uid = intval($app->system->getuid($data['new']['puser']));
+		if($uid > 999) {
+			$command = 'useradd';
+			$command .= ' --home '.escapeshellcmd($data['new']['dir']);
+			$command .= ' --gid '.escapeshellcmd($data['new']['pgroup']);
+			$command .= ' --non-unique ';
+			$command .= ' --password '.escapeshellcmd($data['new']['password']);
+			$command .= ' --shell '.escapeshellcmd($data['new']['shell']);
+			$command .= ' --uid '.escapeshellcmd($uid);
+			$command .= ' '.escapeshellcmd($data['new']['username']);
+			
+			exec($command);
+			$app->log("Added shelluser: ".$data['new']['username'],LOGLEVEL_DEBUG);
+			
+		} else {
+			$app->log("UID = $uid for shelluser:".$data['new']['username']." not allowed.",LOGLEVEL_ERROR);
+		}
+	}
+	
+	function update($event_name,$data) {
+		global $app, $conf;
+		
+		$app->uses('system');
+		
+		// Get the UID of the parent user
+		$uid = intval($app->system->getuid($data['new']['puser']));
+		if($uid > 999) {
+			$command = 'usermod';
+			$command .= ' --home '.escapeshellcmd($data['new']['dir']);
+			$command .= ' --gid '.escapeshellcmd($data['new']['pgroup']);
+			$command .= ' --non-unique ';
+			$command .= ' --password '.escapeshellcmd($data['new']['password']);
+			$command .= ' --shell '.escapeshellcmd($data['new']['shell']);
+			$command .= ' --uid '.escapeshellcmd($uid);
+			$command .= ' --login '.escapeshellcmd($data['new']['username']);
+			$command .= ' '.escapeshellcmd($data['old']['username']);
+			
+			exec($command);
+			$app->log("Updated shelluser: ".$data['new']['username'],LOGLEVEL_DEBUG);
+			
+		} else {
+			$app->log("UID = $uid for shelluser:".$data['new']['username']." not allowed.",LOGLEVEL_ERROR);
+		}
+		
+	}
+	
+	function delete($event_name,$data) {
+		global $app, $conf;
+		
+		$app->uses('system');
+		
+		// Get the UID of the user
+		$userid = intval($app->system->getuid($data['old']['username']));
+		if($userid > 999) {
+			$command = 'userdel';
+			$command .= ' '.escapeshellcmd($data['old']['username']);
+			
+			exec($command);
+			$app->log("Deleted shelluser: ".$data['old']['username'],LOGLEVEL_DEBUG);
+			
+		} else {
+			$app->log("UID = $userid for shelluser:".$data['new']['username']." not allowed.",LOGLEVEL_ERROR);
+		}
+		
+	}
+	
+	
+	
+
+} // end class
+
+?>
