Merge branch '6024-jailkit_errors' into 'develop'

jailkit bugfixes

Closes #6041, #6036, #6040, and #6042

See merge request ispconfig/ispconfig3!1401

Author: Marius Burkard

server/lib/classes/cron.d/600-jailkit_maintenance.inc.php

@@ -114,7 +114,8 @@ public function onRunJob() {
 				if (is_file( $rec['document_root']."/bin/bash" )) {
 					# test that /bin/bash functions in the jail
 print "chroot --userspec ".$rec['system_user'].":".$rec['system_group']." ".$rec['document_root']." /bin/bash -c true 2>/dev/null\n";
-					if (! $app->system->exec_safe("chroot --userspec ?:? ? /bin/bash -c true 2>/dev/null", $rec['system_user'], $rec['system_group'], $rec['document_root'])) {
+					$app->system->exec_safe("chroot --userspec ?:? ? /bin/bash -c true 2>/dev/null", $rec['system_user'], $rec['system_group'], $rec['document_root']);
+					if ($app->system->last_exec_retcode()) {  # return 0 means success
 print "/bin/bash test failed, forcing update\n";
 						$options[] = 'force';
 						# bogus hash will not match, triggering an update

server/lib/classes/system.inc.php

@@ -2412,6 +2412,7 @@ public function create_jailkit_user($username, $home_dir, $user_home_dir, $shell
 
 	public function create_jailkit_chroot($home_dir, $app_sections = array(), $options = array()) {
 		global $app;
+$app->log("create_jailkit_chroot: called for home_dir $home_dir with options: " . print_r($options, true), LOGLEVEL_DEBUG);
 
 		// Disallow operating on root directory
 		if(realpath($home_dir) == '/') {
@@ -2428,6 +2429,9 @@ public function create_jailkit_chroot($home_dir, $app_sections = array(), $optio
 		} elseif(is_string($app_sections)) {
 			$app_sections = preg_split('/[\s,]+/', $app_sections);
 		}
+		if(! is_array($options)) {
+			$options = (is_string($options) ? preg_split('/[\s,]+/', $options) : array());
+		}
 
 		// Change ownership of the chroot directory to root
 		$this->chown($home_dir, 'root');
@@ -2485,6 +2489,7 @@ public function create_jailkit_chroot($home_dir, $app_sections = array(), $optio
 
 	public function create_jailkit_programs($home_dir, $programs = array(), $options = array()) {
 		global $app;
+$app->log("create_jailkit_programs: called for home_dir $home_dir with options: " . print_r($options, true), LOGLEVEL_DEBUG);
 
 		// Disallow operating on root directory
 		if(realpath($home_dir) == '/') {
@@ -2501,6 +2506,9 @@ public function create_jailkit_programs($home_dir, $programs = array(), $options
 		} elseif(is_string($programs)) {
 			$programs = preg_split('/[\s,]+/', $programs);
 		}
+		if(! is_array($options)) {
+			$options = (is_string($options) ? preg_split('/[\s,]+/', $options) : array());
+		}
 
 		# prohibit ill-advised copying paths known to be sensitive/problematic
 		# (easy to bypass if needed, eg. use /./etc)

server/plugins-available/apache2_plugin.inc.php

@@ -788,17 +788,18 @@ function update($event_name, $data) {
 		$last_updated = array_unique($last_updated, SORT_REGULAR);
 		sort($last_updated, SORT_STRING);
 		$update_hash = hash('md5', implode(' ', $last_updated));
+		$check_for_jailkit_updates=false;
 
 		// Create jailkit chroot when enabling php_fpm_chroot
-		if($data['new']['php_fpm_chroot'] == 'y' && $data['old']['php_fpm_chroot'] != 'y') {
+		if($data['new']['php_fpm_chroot'] == 'y' && $data['old']['php_fpm_chroot'] != 'y' && $data['new']['php'] != 'no') {
 			$website = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = ?', $data['new']['domain_id']);
 			$this->website = array_merge($website, $data['new'], array('new_jailkit_hash' => $update_hash));
 			$this->jailkit_config = $jailkit_config;
 			$this->_setup_jailkit_chroot();
 			$this->_add_jailkit_user();
-			$check_for_jailkit_updates=false;
 		// else delete if unused
-		} elseif ($data['new']['delete_unused_jailkit'] == 'y' && $data['new']['php_fpm_chroot'] != 'y') {
+		} elseif (($data['new']['delete_unused_jailkit'] == 'y' && $data['new']['php_fpm_chroot'] != 'y') ||
+			($data['new']['delete_unused_jailkit'] == 'y' && $data['new']['php'] == 'no')) {
 			$check_for_jailkit_updates=false;
 			$this->_delete_jailkit_if_unused($data['new']['domain_id']);
 			if(is_dir($data['new']['document_root'].'/etc/jailkit')) {
@@ -3820,7 +3821,7 @@ private function _delete_jailkit_if_unused($parent_domain_id) {
 		}
 
 		// chroot is used by php-fpm
-		if (isset($parent_domain['php_fpm_chroot']) && $parent_domain['php_fpm_chroot'] == 'y') {
+		if (isset($parent_domain['php_fpm_chroot']) && $parent_domain['php_fpm_chroot'] == 'y' && $parent_domain['php'] != 'no') {
 			return;
 		}
 

server/plugins-available/nginx_plugin.inc.php

@@ -626,17 +626,18 @@ function update($event_name, $data) {
 		$last_updated = array_unique($last_updated, SORT_REGULAR);
 		sort($last_updated, SORT_STRING);
 		$update_hash = hash('md5', implode(' ', $last_updated));
+		$check_for_jailkit_updates=false;
 
 		// Create jailkit chroot when enabling php_fpm_chroot
-		if($data['new']['php_fpm_chroot'] == 'y' && $data['old']['php_fpm_chroot'] != 'y') {
+		if($data['new']['php_fpm_chroot'] == 'y' && $data['old']['php_fpm_chroot'] != 'y' && $data['new']['php'] != 'no') {
 			$website = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = ?', $data['new']['domain_id']);
 			$this->website = array_merge($website, $data['new'], array('new_jailkit_hash' => $update_hash));
 			$this->jailkit_config = $jailkit_config;
 			$this->_setup_jailkit_chroot();
 			$this->_add_jailkit_user();
-			$check_for_jailkit_updates=false;
 		// else delete if unused
-		} elseif ($data['new']['delete_unused_jailkit'] == 'y' && $data['new']['php_fpm_chroot'] != 'y') {
+		} elseif (($data['new']['delete_unused_jailkit'] == 'y' && $data['new']['php_fpm_chroot'] != 'y') ||
+			($data['new']['delete_unused_jailkit'] == 'y' && $data['new']['php'] == 'no')) {
 			$check_for_jailkit_updates=false;
 			$this->_delete_jailkit_if_unused($data['new']['domain_id']);
 			if(is_dir($data['new']['document_root'].'/etc/jailkit')) {
@@ -3599,7 +3600,7 @@ private function _delete_jailkit_if_unused($parent_domain_id) {
 		}
 
 		// chroot is used by php-fpm
-		if (isset($parent_domain['php_fpm_chroot']) && $parent_domain['php_fpm_chroot'] == 'y') {
+		if (isset($parent_domain['php_fpm_chroot']) && $parent_domain['php_fpm_chroot'] == 'y' && $parent_domain['php'] != 'no') {
 			return;
 		}