Skip to content

Commit 74ba4e9

Browse files
tbrehmtbrehm
committed
Updated shell user scripts to be more fault tolerant.
1 parent 12ae7f4 commit 74ba4e9

File tree

2 files changed

+102
-67
lines changed

2 files changed

+102
-67
lines changed

server/plugins-available/shelluser_base_plugin.inc.php

Lines changed: 56 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -72,23 +72,27 @@ function insert($event_name,$data) {
7272

7373
$app->uses('system');
7474

75-
// Get the UID of the parent user
76-
$uid = intval($app->system->getuid($data['new']['puser']));
77-
if($uid > $this->min_uid) {
78-
$command = 'useradd';
79-
$command .= ' --home '.escapeshellcmd($data['new']['dir']);
80-
$command .= ' --gid '.escapeshellcmd($data['new']['pgroup']);
81-
$command .= ' --non-unique ';
82-
$command .= ' --password '.escapeshellcmd($data['new']['password']);
83-
$command .= ' --shell '.escapeshellcmd($data['new']['shell']);
84-
$command .= ' --uid '.escapeshellcmd($uid);
85-
$command .= ' '.escapeshellcmd($data['new']['username']);
75+
if($app->system->is_user($data['new']['puser'])) {
76+
// Get the UID of the parent user
77+
$uid = intval($app->system->getuid($data['new']['puser']));
78+
if($uid > $this->min_uid) {
79+
$command = 'useradd';
80+
$command .= ' --home '.escapeshellcmd($data['new']['dir']);
81+
$command .= ' --gid '.escapeshellcmd($data['new']['pgroup']);
82+
$command .= ' --non-unique ';
83+
$command .= ' --password '.escapeshellcmd($data['new']['password']);
84+
$command .= ' --shell '.escapeshellcmd($data['new']['shell']);
85+
$command .= ' --uid '.escapeshellcmd($uid);
86+
$command .= ' '.escapeshellcmd($data['new']['username']);
8687

87-
exec($command);
88-
$app->log("Added shelluser: ".$data['new']['username'],LOGLEVEL_DEBUG);
88+
exec($command);
89+
$app->log("Added shelluser: ".$data['new']['username'],LOGLEVEL_DEBUG);
8990

91+
} else {
92+
$app->log("UID = $uid for shelluser:".$data['new']['username']." not allowed.",LOGLEVEL_ERROR);
93+
}
9094
} else {
91-
$app->log("UID = $uid for shelluser:".$data['new']['username']." not allowed.",LOGLEVEL_ERROR);
95+
$app->log("Skippung insert of user:".$data['new']['username'].", parent user ".$data['new']['puser']." does not exist.",LOGLEVEL_WARN);
9296
}
9397
}
9498

@@ -97,25 +101,34 @@ function update($event_name,$data) {
97101

98102
$app->uses('system');
99103

100-
// Get the UID of the parent user
101-
$uid = intval($app->system->getuid($data['new']['puser']));
102-
if($uid > $this->min_uid) {
103-
$command = 'usermod';
104-
$command .= ' --home '.escapeshellcmd($data['new']['dir']);
105-
$command .= ' --gid '.escapeshellcmd($data['new']['pgroup']);
106-
// $command .= ' --non-unique ';
107-
$command .= ' --password '.escapeshellcmd($data['new']['password']);
108-
if($data['new']['chroot'] != 'jailkit') $command .= ' --shell '.escapeshellcmd($data['new']['shell']);
109-
// $command .= ' --uid '.escapeshellcmd($uid);
110-
$command .= ' --login '.escapeshellcmd($data['new']['username']);
111-
$command .= ' '.escapeshellcmd($data['old']['username']);
112-
113-
exec($command);
114-
// $app->log("Updated shelluser: $command ",LOGLEVEL_DEBUG);
115-
$app->log("Updated shelluser: ".$data['old']['username'],LOGLEVEL_DEBUG);
104+
if($app->system->is_user($data['new']['puser'])) {
105+
// Get the UID of the parent user
106+
$uid = intval($app->system->getuid($data['new']['puser']));
107+
if($uid > $this->min_uid) {
108+
// Check if the user that we want to update exists, if not, we insert it
109+
if($app->system->is_user($data['old']['username'])) {
110+
$command = 'usermod';
111+
$command .= ' --home '.escapeshellcmd($data['new']['dir']);
112+
$command .= ' --gid '.escapeshellcmd($data['new']['pgroup']);
113+
// $command .= ' --non-unique ';
114+
$command .= ' --password '.escapeshellcmd($data['new']['password']);
115+
if($data['new']['chroot'] != 'jailkit') $command .= ' --shell '.escapeshellcmd($data['new']['shell']);
116+
// $command .= ' --uid '.escapeshellcmd($uid);
117+
$command .= ' --login '.escapeshellcmd($data['new']['username']);
118+
$command .= ' '.escapeshellcmd($data['old']['username']);
116119

120+
exec($command);
121+
// $app->log("Updated shelluser: $command ",LOGLEVEL_DEBUG);
122+
$app->log("Updated shelluser: ".$data['old']['username'],LOGLEVEL_DEBUG);
123+
} else {
124+
// The user does not exist, so we insert it now
125+
$this->insert($event_name,$data);
126+
}
127+
} else {
128+
$app->log("UID = $uid for shelluser:".$data['new']['username']." not allowed.",LOGLEVEL_ERROR);
129+
}
117130
} else {
118-
$app->log("UID = $uid for shelluser:".$data['new']['username']." not allowed.",LOGLEVEL_ERROR);
131+
$app->log("Skippung update for user:".$data['new']['username'].", parent user ".$data['new']['puser']." does not exist.",LOGLEVEL_WARN);
119132
}
120133
}
121134

@@ -124,17 +137,21 @@ function delete($event_name,$data) {
124137

125138
$app->uses('system');
126139

127-
// Get the UID of the user
128-
$userid = intval($app->system->getuid($data['old']['username']));
129-
if($userid > $this->min_uid) {
130-
$command = 'userdel';
131-
$command .= ' '.escapeshellcmd($data['old']['username']);
140+
if($app->system->is_user($data['old']['username'])) {
141+
// Get the UID of the user
142+
$userid = intval($app->system->getuid($data['old']['username']));
143+
if($userid > $this->min_uid) {
144+
$command = 'userdel';
145+
$command .= ' '.escapeshellcmd($data['old']['username']);
132146

133-
exec($command);
134-
$app->log("Deleted shelluser: ".$data['old']['username'],LOGLEVEL_DEBUG);
147+
exec($command);
148+
$app->log("Deleted shelluser: ".$data['old']['username'],LOGLEVEL_DEBUG);
135149

150+
} else {
151+
$app->log("UID = $userid for shelluser:".$data['old']['username']." not allowed.",LOGLEVEL_ERROR);
152+
}
136153
} else {
137-
$app->log("UID = $userid for shelluser:".$data['new']['username']." not allowed.",LOGLEVEL_ERROR);
154+
$app->log("User:".$data['new']['username']." does not exist in in /etc/passwd, skipping delete.",LOGLEVEL_WARN);
138155
}
139156

140157
}

server/plugins-available/shelluser_jailkit_plugin.inc.php

Lines changed: 46 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -70,45 +70,61 @@ function onLoad() {
7070
function insert($event_name,$data) {
7171
global $app, $conf;
7272

73-
/**
74-
* Setup Jailkit Chroot System If Enabled
75-
*/
76-
if ($data['new']['chroot'] == "jailkit")
77-
{
78-
// load the server configuration options
79-
$app->uses("getconf");
80-
$this->data = $data;
81-
$this->app = $app;
82-
$this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit');
73+
$app->uses('system');
74+
75+
if($app->system->is_user($data['new']['username'])) {
76+
77+
/**
78+
* Setup Jailkit Chroot System If Enabled
79+
*/
80+
if ($data['new']['chroot'] == "jailkit")
81+
{
82+
// load the server configuration options
83+
$app->uses("getconf");
84+
$this->data = $data;
85+
$this->app = $app;
86+
$this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit');
8387

84-
$this->_setup_jailkit_chroot();
85-
$this->_add_jailkit_user();
86-
}
88+
$this->_setup_jailkit_chroot();
89+
$this->_add_jailkit_user();
90+
}
8791

88-
$app->log("Jalikit Plugin -> insert username:".$data['new']['username'],LOGLEVEL_DEBUG);
92+
$app->log("Jalikit Plugin -> insert username:".$data['new']['username'],LOGLEVEL_DEBUG);
93+
94+
} else {
95+
$app->log("Jalikit Plugin -> insert username:".$data['new']['username']." skipped, the user does not exist.",LOGLEVEL_WARN);
96+
}
8997

9098
}
9199

92100
//* This function is called, when a shell user is updated in the database
93101
function update($event_name,$data) {
94102
global $app, $conf;
95103

96-
/**
97-
* Setup Jailkit Chroot System If Enabled
98-
*/
99-
if ($data['new']['chroot'] == "jailkit")
100-
{
101-
// load the server configuration options
102-
$app->uses("getconf");
103-
$this->data = $data;
104-
$this->app = $app;
105-
$this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit');
104+
$app->uses('system');
105+
106+
if($app->system->is_user($data['new']['username'])) {
107+
108+
/**
109+
* Setup Jailkit Chroot System If Enabled
110+
*/
111+
if ($data['new']['chroot'] == "jailkit")
112+
{
113+
// load the server configuration options
114+
$app->uses("getconf");
115+
$this->data = $data;
116+
$this->app = $app;
117+
$this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit');
106118

107-
$this->_setup_jailkit_chroot();
108-
$this->_add_jailkit_user();
109-
}
119+
$this->_setup_jailkit_chroot();
120+
$this->_add_jailkit_user();
121+
}
110122

111-
$app->log("Jalikit Plugin -> update username:".$data['new']['username'],LOGLEVEL_DEBUG);
123+
$app->log("Jalikit Plugin -> update username:".$data['new']['username'],LOGLEVEL_DEBUG);
124+
125+
} else {
126+
$app->log("Jalikit Plugin -> update username:".$data['new']['username']." skipped, the user does not exist.",LOGLEVEL_WARN);
127+
}
112128

113129
}
114130

@@ -119,6 +135,8 @@ function update($event_name,$data) {
119135
function delete($event_name,$data) {
120136
global $app, $conf;
121137

138+
$app->uses('system');
139+
122140
if ($data['old']['chroot'] == "jailkit")
123141
{
124142
$app->uses("getconf");

0 commit comments

Comments
 (0)