Limit the selectable options for php and chroot per client.

Author: tbrehm

install/sql/ispconfig3.sql

@@ -77,10 +77,12 @@ CREATE TABLE `client` (
   `default_webserver` int(11) NOT NULL default '1',
   `limit_web_ip` text,
   `limit_web_domain` int(11) NOT NULL default '-1',
+  `web_php_options` varchar(255) NOT NULL default 'no,fast-cgi,cgi,mod,suphp',
   `limit_web_subdomain` int(11) NOT NULL default '-1',
   `limit_web_aliasdomain` int(11) NOT NULL default '-1',
   `limit_ftp_user` int(11) NOT NULL default '-1',
   `limit_shell_user` int(11) NOT NULL default '0',
+  `ssh_chroot` varchar(255) NOT NULL DEFAULT 'no,jailkit,ssh-chroot',
   `default_dnsserver` int(10) unsigned NOT NULL default '1',
   `limit_dns_zone` int(11) NOT NULL default '-1',
   `limit_dns_record` int(11) NOT NULL default '-1',
@@ -92,49 +94,49 @@ CREATE TABLE `client` (
   `password` varchar(255) default NULL,
   `language` varchar(255) NOT NULL default 'en',
   `usertheme` varchar(255) NOT NULL default 'default',
-  `template_master` bigint(20) NOT NULL default '0',
+  `template_master` bigint(20) NOT NULL default '0',
   `template_additional` varchar(255) NOT NULL default '',
   PRIMARY KEY  (`client_id`)
 ) ENGINE=MyISAM AUTO_INCREMENT=1 ;
 
 -- --------------------------------------------------------
 
--- 
--- Table structure for table  `client_template`
--- 
-
-CREATE TABLE `client_template` (
-  `template_id` bigint(20) NOT NULL auto_increment,
-  `template_name` varchar(50) NOT NULL,
-  `template_type` varchar(1) NOT NULL default 'm',
-  `limit_maildomain` int(11) NOT NULL default '-1',
-  `limit_mailbox` int(11) NOT NULL default '-1',
-  `limit_mailalias` int(11) NOT NULL default '-1',
-  `limit_mailforward` int(11) NOT NULL default '-1',
-  `limit_mailcatchall` int(11) NOT NULL default '-1',
-  `limit_mailrouting` int(11) NOT NULL default '0',
-  `limit_mailfilter` int(11) NOT NULL default '-1',
-  `limit_fetchmail` int(11) NOT NULL default '-1',
-  `limit_mailquota` int(11) NOT NULL default '-1',
-  `limit_spamfilter_wblist` int(11) NOT NULL default '0',
-  `limit_spamfilter_user` int(11) NOT NULL default '0',
-  `limit_spamfilter_policy` int(11) NOT NULL default '0',
-  `limit_web_ip` text,
-  `limit_web_domain` int(11) NOT NULL default '-1',
-  `limit_web_subdomain` int(11) NOT NULL default '-1',
-  `limit_web_aliasdomain` int(11) NOT NULL default '-1',
-  `limit_ftp_user` int(11) NOT NULL default '-1',
-  `limit_shell_user` int(11) NOT NULL default '0',
-  `limit_dns_zone` int(11) NOT NULL default '-1',
-  `limit_dns_record` int(11) NOT NULL default '-1',
-  `limit_database` int(11) NOT NULL default '-1',
+-- 
+-- Table structure for table  `client_template`
+-- 
+
+CREATE TABLE `client_template` (
+  `template_id` bigint(20) NOT NULL auto_increment,
+  `template_name` varchar(50) NOT NULL,
+  `template_type` varchar(1) NOT NULL default 'm',
+  `limit_maildomain` int(11) NOT NULL default '-1',
+  `limit_mailbox` int(11) NOT NULL default '-1',
+  `limit_mailalias` int(11) NOT NULL default '-1',
+  `limit_mailforward` int(11) NOT NULL default '-1',
+  `limit_mailcatchall` int(11) NOT NULL default '-1',
+  `limit_mailrouting` int(11) NOT NULL default '0',
+  `limit_mailfilter` int(11) NOT NULL default '-1',
+  `limit_fetchmail` int(11) NOT NULL default '-1',
+  `limit_mailquota` int(11) NOT NULL default '-1',
+  `limit_spamfilter_wblist` int(11) NOT NULL default '0',
+  `limit_spamfilter_user` int(11) NOT NULL default '0',
+  `limit_spamfilter_policy` int(11) NOT NULL default '0',
+  `limit_web_ip` text,
+  `limit_web_domain` int(11) NOT NULL default '-1',
+  `limit_web_subdomain` int(11) NOT NULL default '-1',
+  `limit_web_aliasdomain` int(11) NOT NULL default '-1',
+  `limit_ftp_user` int(11) NOT NULL default '-1',
+  `limit_shell_user` int(11) NOT NULL default '0',
+  `limit_dns_zone` int(11) NOT NULL default '-1',
+  `limit_dns_record` int(11) NOT NULL default '-1',
+  `limit_database` int(11) NOT NULL default '-1',
   `limit_client` int(11) NOT NULL default '0',
-  `sys_userid` int(11) NOT NULL default '0',
-  `sys_groupid` int(11) NOT NULL default '0',
-  `sys_perm_user` varchar(5) default NULL,
-  `sys_perm_group` varchar(5) default NULL,
-  `sys_perm_other` varchar(5) default NULL,  
-  PRIMARY KEY  (`template_id`)
+  `sys_userid` int(11) NOT NULL default '0',
+  `sys_groupid` int(11) NOT NULL default '0',
+  `sys_perm_user` varchar(5) default NULL,
+  `sys_perm_group` varchar(5) default NULL,
+  `sys_perm_other` varchar(5) default NULL,  
+  PRIMARY KEY  (`template_id`)
 ) ENGINE=MyISAM  AUTO_INCREMENT=1 ;
 
 -- --------------------------------------------------------

interface/lib/classes/tform.inc.php

@@ -252,6 +252,45 @@ function getDatasourceData($field, $record) {
                 return $values;
 
         }
+		
+		//* If the parameter 'valuelimit' is set
+		function applyValueLimit($limit,$values) {
+			
+			global $app;
+			
+			$limit_parts = explode(':',$limit);
+			
+			//* values are limited to a comma separated list
+			if($limit_parts[0] == 'list') {
+				$allowed = explode(',',$limit_parts[1]);
+			}
+			
+			//* values are limited to a field in the client settings
+			if($limit_parts[0] == 'client') {
+				if($_SESSION["s"]["user"]["typ"] == 'admin') {
+					return $values;
+				} else {
+					$client_group_id = $_SESSION["s"]["user"]["default_group"];
+					$client = $app->db->queryOneRecord("SELECT ".$limit_parts[1]." as lm FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+					$allowed = explode(',',$client['lm']);
+				}
+			}
+			
+			//* values are limited to a field in the system settings
+			if($limit_parts[0] == 'system') {
+				$app->uses('getconf');
+				$tmp_conf = $app->getconf->get_global_config($limit_parts[1]);
+				$tmp_key = $limit_parts[2];
+				$allowed = $tmp_conf[$tmp_key];
+			}
+			
+			$values_new = array();
+			foreach($values as $key => $val) {
+				if(in_array($key,$allowed)) $values_new[$key] = $val;
+			}
+			
+			return $values_new;
+		}
 
 
         /**
@@ -281,6 +320,11 @@ function getHTML($record, $tab, $action = 'NEW') {
                                         if(isset($field['datasource']) && is_array($field['datasource'])) {
                                                 $field["value"] = $this->getDatasourceData($field, $record);
                                         }
+										
+										// If a limitation for the values is set
+										if(isset($field['valuelimit']) && is_array($field["value"])) {
+											$field["value"] = $this->applyValueLimit($field['valuelimit'],$field["value"]);
+										}
 
                                         switch ($field['formtype']) {
                                         case 'SELECT':
@@ -340,7 +384,7 @@ function getHTML($record, $tab, $action = 'NEW') {
                                                                 $out .= "<span class=\"wf_oneChoice\">\r\n
                                                                 <input type=\"checkbox\" value=\"$k\" id=\"".$key."[]\" name=\"".$key."[]\" $checked>\r\n
                                                                 <label for=\"".$key."[]\" id=\"".$key."[]-L\" class=\"wf_postField\">$v</label>\r\n
-                                                                </span><br />\r\n";
+                                                                </span>\r\n";
                                                         }
                                                 }
                                                 $new_record[$key] = $out;
@@ -373,8 +417,13 @@ function getHTML($record, $tab, $action = 'NEW') {
 
                                 // If Datasource is set, get the data from there
                                 if(@is_array($field['datasource'])) {
-                                        $field["value"] = $this->getDatasourceData($field, $record);
+                                	$field["value"] = $this->getDatasourceData($field, $record);
                                 }
+								
+								// If a limitation for the values is set
+								if(isset($field['valuelimit']) && is_array($field["value"])) {
+									$field["value"] = $this->applyValueLimit($field['valuelimit'],$field["value"]);
+								}
 
                                 switch ($field['formtype']) {
                                 case 'SELECT':
@@ -431,7 +480,7 @@ function getHTML($record, $tab, $action = 'NEW') {
                                                         $out .= "<span class=\"wf_oneChoice\">\r\n
                                                         <input type=\"checkbox\" value=\"$k\" id=\"".$key."[]\" name=\"".$key."[]\" $checked>\r\n
                                                         <label for=\"".$key."[]\" id=\"".$key."[]-L\" class=\"wf_postField\">$v</label>\r\n
-                                                        </span><br />\r\n";
+                                                        </span>\r\n";
                                                 }
                                         }
                                         $new_record[$key] = $out;
@@ -486,7 +535,7 @@ function encode($record,$tab) {
                                 switch ($field['datatype']) {
                                 case 'VARCHAR':
                                         if(!@is_array($record[$key])) {
-                                                $new_record[$key] = (isset($record[$key]))?$app->db->quote($record[$key]):'';
+												$new_record[$key] = (isset($record[$key]))?$app->db->quote($record[$key]):'';
                                         } else {
                                                 $new_record[$key] = implode($field['separator'],$record[$key]);
                                         }

interface/web/client/form/client.tform.php

@@ -515,6 +515,13 @@
 			'rows'		=> '',
 			'cols'		=> ''
 		),
+		'web_php_options' => array (
+			'datatype'	=> 'VARCHAR',
+			'formtype'	=> 'CHECKBOXARRAY',
+			'default'	=> '',
+			'separator' => ',',
+			'value'		=> array('no' => 'Disabled', 'fast-cgi' => 'Fast-CGI', 'cgi' => 'CGI', 'mod' => 'Mod-PHP', 'suphp' => 'SuPHP')
+		),
 		'limit_web_aliasdomain' => array (
 			'datatype'	=> 'INTEGER',
 			'formtype'	=> 'TEXT',
@@ -571,6 +578,13 @@
 			'rows'		=> '',
 			'cols'		=> ''
 		),
+		'ssh_chroot' => array (
+			'datatype'	=> 'VARCHAR',
+			'formtype'	=> 'CHECKBOXARRAY',
+			'default'	=> '',
+			'separator' => ',',
+			'value'		=> array('no' => 'None', 'jailkit' => 'Jailkit', 'ssh-chroot' => 'SSH Chroot')
+		),
 		'default_dnsserver' => array (
 			'datatype'	=> 'INTEGER',
 			'formtype'	=> 'SELECT',

interface/web/client/lib/lang/en_client.lng

@@ -81,4 +81,6 @@ $wb["limit_database_error_notint"] = 'The database limit must be a number.';
 $wb["username_error_regex"] = 'The Username contains invalid chracaters.';
 $wb["template_master_txt"] = 'Master';
 $wb["template_additional_txt"] = 'Addon';
+$wb["ssh_chroot_txt"] = 'SSH-Chroot Options';
+$wb["web_php_options_txt"] = 'PHP Options';
 ?>

interface/web/client/templates/client_edit_limits.htm

@@ -77,6 +77,10 @@ <h2><tmpl_var name="list_head_txt"></h2>
       <span class="wf_oneField">
         <label for="limit_web_domain" class="wf_preField">{tmpl_var name='limit_web_domain_txt'}</label>
         <input type="text" id="limit_web_domain" name="limit_web_domain" value="{tmpl_var name='limit_web_domain'}" size="10" maxlength="10">
+      </span>
+	  <span class="wf_oneField">
+        <label for="web_php_options" class="wf_preField">{tmpl_var name='web_php_options_txt'}</label>
+        {tmpl_var name='web_php_options'}
       </span>
       <span class="wf_oneField">
         <label for="limit_web_aliasdomain" class="wf_preField">{tmpl_var name='limit_web_aliasdomain_txt'}</label>
@@ -93,6 +97,10 @@ <h2><tmpl_var name="list_head_txt"></h2>
       <span class="wf_oneField">
         <label for="limit_shell_user" class="wf_preField">{tmpl_var name='limit_shell_user_txt'}</label>
         <input type="text" id="limit_shell_user" name="limit_shell_user" value="{tmpl_var name='limit_shell_user'}" size="10" maxlength="10">
+      </span>
+	  <span class="wf_oneField">
+        <label for="ssh_chroot" class="wf_preField">{tmpl_var name='ssh_chroot_txt'}</label>
+        {tmpl_var name='ssh_chroot'}
       </span>
       <span class="wf_oneField">
         <label for="default_dnsserver" class="wf_preField">{tmpl_var name='default_dnsserver_txt'}</label>

interface/web/client/tools.inc.php

@@ -77,7 +77,7 @@ function applyClientTemplates($clientId){
 	 */
 	$update = '';
 	foreach($limits as $k => $v){
-		if (strpos($k, 'limit') !== false){
+		if (strpos($k, 'limit') !== false && !is_array($v)){
 			if ($update != '') $update .= ', ';
 			$update .= '`' . $k . "`='" . $v . "'";
 		}

interface/web/sites/form/shell_user.tform.php

@@ -109,7 +109,8 @@
 			'datatype'	=> 'VARCHAR',
 			'formtype'	=> 'SELECT',
 			'default'	=> '',
-			'value'		=> array('' => 'None', 'jailkit' => 'Jailkit', 'ssh-chroot' => 'SSH Chroot')
+			'valuelimit' => 'client:ssh_chroot',
+			'value'		=> array('no' => 'None', 'jailkit' => 'Jailkit', 'ssh-chroot' => 'SSH Chroot')
 		),
 		'quota_size' => array (
 			'datatype'	=> 'INTEGER',