1- <?php
2-
3- /*
4- Copyright (c) 2007, Till Brehm, projektfarm Gmbh
5- All rights reserved.
6-
7- Redistribution and use in source and binary forms, with or without modification,
8- are permitted provided that the following conditions are met:
9-
10- * Redistributions of source code must retain the above copyright notice,
11- this list of conditions and the following disclaimer.
12- * Redistributions in binary form must reproduce the above copyright notice,
13- this list of conditions and the following disclaimer in the documentation
14- and/or other materials provided with the distribution.
15- * Neither the name of ISPConfig nor the names of its contributors
16- may be used to endorse or promote products derived from this software without
17- specific prior written permission.
18-
19- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
20- ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21- WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22- IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
23- INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
24- BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
26- OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27- NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
28- EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29- */
30-
31- class shelluser_base_plugin {
32-
33- var $ plugin_name'shelluser_base_plugin ' ;
34- var $ class_name'shelluser_base_plugin ' ;
35- var $ min_uid499 ;
36-
37- //* This function is called during ispconfig installation to determine
38- // if a symlink shall be created for this plugin.
39- function onInstall () {
40- global $ conf
41-
42- if ($ conf'services ' ]['web ' ] == true ) {
43- return true ;
44- } else {
45- return false ;
46- }
47-
48- }
49-
50-
51- /*
52- This function is called when the plugin is loaded
53- */
54-
55- function onLoad () {
56- global $ app
57-
58- /*
59- Register for the events
60- */
61-
62- $ appplugins ->registerEvent ('shell_user_insert ' ,$ this plugin_name ,'insert ' );
63- $ appplugins ->registerEvent ('shell_user_update ' ,$ this plugin_name ,'update ' );
64- $ appplugins ->registerEvent ('shell_user_delete ' ,$ this plugin_name ,'delete ' );
65-
66-
67- }
68-
69-
70- function insert ($ event_name$ data
71- global $ app$ conf
72-
73- $ appuses ('system ' );
74-
75- if ($ appsystem ->is_user ($ data'new ' ]['puser ' ])) {
76- // Get the UID of the parent user
77- $ uidintval ($ appsystem ->getuid ($ data'new ' ]['puser ' ]));
78- if ($ uid$ this min_uid ) {
79- $ command'useradd ' ;
80- $ command' --home ' .escapeshellcmd ($ data'new ' ]['dir ' ]);
81- $ command' --gid ' .escapeshellcmd ($ data'new ' ]['pgroup ' ]);
82- $ command' --non-unique ' ;
83- $ command' --password ' .escapeshellcmd ($ data'new ' ]['password ' ]);
84- $ command' --shell ' .escapeshellcmd ($ data'new ' ]['shell ' ]);
85- $ command' --uid ' .escapeshellcmd ($ uid
86- $ command' ' .escapeshellcmd ($ data'new ' ]['username ' ]);
87-
88- exec ($ command
89- $ applog ("Added shelluser: " .$ data'new ' ]['username ' ],LOGLEVEL_DEBUG );
90-
91- //* Disable shell user temporarily if we use jailkit
92- if ($ data'new ' ]['chroot ' ] == 'jailkit ' ) {
93- $ command'usermod -L ' .escapeshellcmd ($ data'new ' ]['username ' ]);
94- exec ($ command
95- $ applog ("Disabling shelluser temporarily: " .$ commandLOGLEVEL_DEBUG );
96- }
97-
98- } else {
99- $ applog ("UID = $ uid for shelluser: " .$ data'new ' ]['username ' ]." not allowed. " ,LOGLEVEL_ERROR );
100- }
101- } else {
102- $ applog ("Skippung insert of user: " .$ data'new ' ]['username ' ].", parent user " .$ data'new ' ]['puser ' ]." does not exist. " ,LOGLEVEL_WARN );
103- }
104- }
105-
106- function update ($ event_name$ data
107- global $ app$ conf
108-
109- $ appuses ('system ' );
110-
111- if ($ appsystem ->is_user ($ data'new ' ]['puser ' ])) {
112- // Get the UID of the parent user
113- $ uidintval ($ appsystem ->getuid ($ data'new ' ]['puser ' ]));
114- if ($ uid$ this min_uid ) {
115- // Check if the user that we want to update exists, if not, we insert it
116- if ($ appsystem ->is_user ($ data'old ' ]['username ' ])) {
117- $ command'usermod ' ;
118- $ command' --home ' .escapeshellcmd ($ data'new ' ]['dir ' ]);
119- $ command' --gid ' .escapeshellcmd ($ data'new ' ]['pgroup ' ]);
120- // $command .= ' --non-unique ';
121- $ command' --password ' .escapeshellcmd ($ data'new ' ]['password ' ]);
122- if ($ data'new ' ]['chroot ' ] != 'jailkit ' ) $ command' --shell ' .escapeshellcmd ($ data'new ' ]['shell ' ]);
123- // $command .= ' --uid '.escapeshellcmd($uid);
124- $ command' --login ' .escapeshellcmd ($ data'new ' ]['username ' ]);
125- $ command' ' .escapeshellcmd ($ data'old ' ]['username ' ]);
126-
127- exec ($ command
128- // $app->log("Updated shelluser: $command ",LOGLEVEL_DEBUG);
129- $ applog ("Updated shelluser: " .$ data'old ' ]['username ' ],LOGLEVEL_DEBUG );
130- } else {
131- // The user does not exist, so we insert it now
132- $ this insert ($ event_name$ data
133- }
134- } else {
135- $ applog ("UID = $ uid for shelluser: " .$ data'new ' ]['username ' ]." not allowed. " ,LOGLEVEL_ERROR );
136- }
137- } else {
138- $ applog ("Skippung update for user: " .$ data'new ' ]['username ' ].", parent user " .$ data'new ' ]['puser ' ]." does not exist. " ,LOGLEVEL_WARN );
139- }
140- }
141-
142- function delete ($ event_name$ data
143- global $ app$ conf
144-
145- $ appuses ('system ' );
146-
147- if ($ appsystem ->is_user ($ data'old ' ]['username ' ])) {
148- // Get the UID of the user
149- $ useridintval ($ appsystem ->getuid ($ data'old ' ]['username ' ]));
150- if ($ userid$ this min_uid ) {
151- $ command'userdel -f ' ;
152- $ command' ' .escapeshellcmd ($ data'old ' ]['username ' ]);
153-
154- exec ($ command
155- $ applog ("Deleted shelluser: " .$ data'old ' ]['username ' ],LOGLEVEL_DEBUG );
156-
157- } else {
158- $ applog ("UID = $ userid for shelluser: " .$ data'old ' ]['username ' ]." not allowed. " ,LOGLEVEL_ERROR );
159- }
160- } else {
161- $ applog ("User: " .$ data'new ' ]['username ' ]." does not exist in in /etc/passwd, skipping delete. " ,LOGLEVEL_WARN );
162- }
163-
164- }
165-
166-
167-
168-
169- } // end class
170-
1+ <?php
2+
3+ /*
4+ Copyright (c) 2007, Till Brehm, projektfarm Gmbh
5+ All rights reserved.
6+
7+ Redistribution and use in source and binary forms, with or without modification,
8+ are permitted provided that the following conditions are met:
9+
10+ * Redistributions of source code must retain the above copyright notice,
11+ this list of conditions and the following disclaimer.
12+ * Redistributions in binary form must reproduce the above copyright notice,
13+ this list of conditions and the following disclaimer in the documentation
14+ and/or other materials provided with the distribution.
15+ * Neither the name of ISPConfig nor the names of its contributors
16+ may be used to endorse or promote products derived from this software without
17+ specific prior written permission.
18+
19+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
20+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22+ IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
23+ INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
24+ BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
26+ OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27+ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
28+ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29+ */
30+
31+ class shelluser_base_plugin {
32+
33+ var $ plugin_name'shelluser_base_plugin ' ;
34+ var $ class_name'shelluser_base_plugin ' ;
35+ var $ min_uid499 ;
36+
37+ //* This function is called during ispconfig installation to determine
38+ // if a symlink shall be created for this plugin.
39+ function onInstall () {
40+ global $ conf
41+
42+ if ($ conf'services ' ]['web ' ] == true ) {
43+ return true ;
44+ } else {
45+ return false ;
46+ }
47+
48+ }
49+
50+
51+ /*
52+ This function is called when the plugin is loaded
53+ */
54+
55+ function onLoad () {
56+ global $ app
57+
58+ /*
59+ Register for the events
60+ */
61+
62+ $ appplugins ->registerEvent ('shell_user_insert ' ,$ this plugin_name ,'insert ' );
63+ $ appplugins ->registerEvent ('shell_user_update ' ,$ this plugin_name ,'update ' );
64+ $ appplugins ->registerEvent ('shell_user_delete ' ,$ this plugin_name ,'delete ' );
65+
66+
67+ }
68+
69+
70+ function insert ($ event_name$ data
71+ global $ app$ conf
72+
73+ $ appuses ('system ' );
74+
75+ if ($ appsystem ->is_user ($ data'new ' ]['puser ' ])) {
76+ // Get the UID of the parent user
77+ $ uidintval ($ appsystem ->getuid ($ data'new ' ]['puser ' ]));
78+ if ($ uid$ this min_uid ) {
79+ $ command'useradd ' ;
80+ $ command' --home ' .escapeshellcmd ($ data'new ' ]['dir ' ]);
81+ $ command' --gid ' .escapeshellcmd ($ data'new ' ]['pgroup ' ]);
82+ $ command' --non-unique ' ;
83+ $ command' --password ' .escapeshellcmd ($ data'new ' ]['password ' ]);
84+ $ command' --shell ' .escapeshellcmd ($ data'new ' ]['shell ' ]);
85+ $ command' --uid ' .escapeshellcmd ($ uid
86+ $ command' ' .escapeshellcmd ($ data'new ' ]['username ' ]);
87+
88+ exec ($ command
89+ $ applog ("Added shelluser: " .$ data'new ' ]['username ' ],LOGLEVEL_DEBUG );
90+
91+ //* Disable shell user temporarily if we use jailkit
92+ if ($ data'new ' ]['chroot ' ] == 'jailkit ' ) {
93+ $ command'usermod -L ' .escapeshellcmd ($ data'new ' ]['username ' ]);
94+ exec ($ command
95+ $ applog ("Disabling shelluser temporarily: " .$ commandLOGLEVEL_DEBUG );
96+ }
97+
98+ } else {
99+ $ applog ("UID = $ uid for shelluser: " .$ data'new ' ]['username ' ]." not allowed. " ,LOGLEVEL_ERROR );
100+ }
101+ } else {
102+ $ applog ("Skippung insert of user: " .$ data'new ' ]['username ' ].", parent user " .$ data'new ' ]['puser ' ]." does not exist. " ,LOGLEVEL_WARN );
103+ }
104+ }
105+
106+ function update ($ event_name$ data
107+ global $ app$ conf
108+
109+ $ appuses ('system ' );
110+
111+ if ($ appsystem ->is_user ($ data'new ' ]['puser ' ])) {
112+ // Get the UID of the parent user
113+ $ uidintval ($ appsystem ->getuid ($ data'new ' ]['puser ' ]));
114+ if ($ uid$ this min_uid ) {
115+ // Check if the user that we want to update exists, if not, we insert it
116+ if ($ appsystem ->is_user ($ data'old ' ]['username ' ])) {
117+ $ command'usermod ' ;
118+ $ command' --home ' .escapeshellcmd ($ data'new ' ]['dir ' ]);
119+ $ command' --gid ' .escapeshellcmd ($ data'new ' ]['pgroup ' ]);
120+ // $command .= ' --non-unique ';
121+ $ command' --password ' .escapeshellcmd ($ data'new ' ]['password ' ]);
122+ if ($ data'new ' ]['chroot ' ] != 'jailkit ' ) $ command' --shell ' .escapeshellcmd ($ data'new ' ]['shell ' ]);
123+ // $command .= ' --uid '.escapeshellcmd($uid);
124+ $ command' --login ' .escapeshellcmd ($ data'new ' ]['username ' ]);
125+ $ command' ' .escapeshellcmd ($ data'old ' ]['username ' ]);
126+
127+ exec ($ command
128+ // $app->log("Updated shelluser: $command ",LOGLEVEL_DEBUG);
129+ $ applog ("Updated shelluser: " .$ data'old ' ]['username ' ],LOGLEVEL_DEBUG );
130+ } else {
131+ // The user does not exist, so we insert it now
132+ $ this insert ($ event_name$ data
133+ }
134+ } else {
135+ $ applog ("UID = $ uid for shelluser: " .$ data'new ' ]['username ' ]." not allowed. " ,LOGLEVEL_ERROR );
136+ }
137+ } else {
138+ $ applog ("Skippung update for user: " .$ data'new ' ]['username ' ].", parent user " .$ data'new ' ]['puser ' ]." does not exist. " ,LOGLEVEL_WARN );
139+ }
140+ }
141+
142+ function delete ($ event_name$ data
143+ global $ app$ conf
144+
145+ $ appuses ('system ' );
146+
147+ if ($ appsystem ->is_user ($ data'old ' ]['username ' ])) {
148+ // Get the UID of the user
149+ $ useridintval ($ appsystem ->getuid ($ data'old ' ]['username ' ]));
150+ if ($ userid$ this min_uid ) {
151+ $ command'userdel -f ' ;
152+ $ command' ' .escapeshellcmd ($ data'old ' ]['username ' ]);
153+
154+ exec ($ command
155+ $ applog ("Deleted shelluser: " .$ data'old ' ]['username ' ],LOGLEVEL_DEBUG );
156+
157+ } else {
158+ $ applog ("UID = $ userid for shelluser: " .$ data'old ' ]['username ' ]." not allowed. " ,LOGLEVEL_ERROR );
159+ }
160+ } else {
161+ $ applog ("User: " .$ data'new ' ]['username ' ]." does not exist in in /etc/passwd, skipping delete. " ,LOGLEVEL_WARN );
162+ }
163+
164+ }
165+
166+
167+
168+
169+ } // end class
170+
171171?>
0 commit comments