WIP: jail cleanup and updates

Author: jnorell

server/lib/classes/system.inc.php

@@ -2243,7 +2243,7 @@ public function create_jailkit_user($username, $home_dir, $user_home_dir, $shell
 
 	public function create_jailkit_chroot($home_dir, $app_sections = array(), $options = array()) {
 		if(!is_dir($home_dir)) {
-			$app->log("create_jailkit_chroot: jail directory does not exist: $homedir", LOGLEVEL_WARN);
+			$app->log("create_jailkit_chroot: jail directory does not exist: $home_dir", LOGLEVEL_WARN);
 			return false;
 		}
 		if(empty($app_sections)) {
@@ -2293,7 +2293,7 @@ public function create_jailkit_chroot($home_dir, $app_sections = array(), $optio
 
 	public function create_jailkit_programs($home_dir, $programs = array(), $options = array()) {
 		if(!is_dir($home_dir)) {
-			$app->log("create_jailkit_programs: jail directory does not exist: $homedir", LOGLEVEL_WARN);
+			$app->log("create_jailkit_programs: jail directory does not exist: $home_dir", LOGLEVEL_WARN);
 			return false;
 		}
 		if(empty($programs)) {
@@ -2337,7 +2337,7 @@ public function create_jailkit_programs($home_dir, $programs = array(), $options
 				}
 			}
 			if (count($bad_paths) > 0) {
-				$app->log("Prohibited path not added to jail $homedir: " . implode(", ", $bad_paths), LOGLEVEL_WARN);
+				$app->log("Prohibited path not added to jail $home_dir: " . implode(", ", $bad_paths), LOGLEVEL_WARN);
 			} else {
 				$program_args .= ' ' . escapeshellarg($prog);
 			}
@@ -2353,7 +2353,7 @@ public function create_jailkit_programs($home_dir, $programs = array(), $options
 
 	public function update_jailkit_chroot($home_dir, $sections = array(), $programs = array(), $options = array()) {
 		if(!is_dir($home_dir)) {
-			$app->log("update_jailkit_chroot: jail directory does not exist: $homedir", LOGLEVEL_WARN);
+			$app->log("update_jailkit_chroot: jail directory does not exist: $home_dir", LOGLEVEL_WARN);
 			return false;
 		}
 
@@ -2407,11 +2407,8 @@ public function update_jailkit_chroot($home_dir, $sections = array(), $programs
 			// remove dangling symlinks
 			$app->log("TODO: search for and remove dangling symlinks", LOGLEVEL_DEBUG);
 
-			// search for and remove hardlinked
+			// save list of hardlinked files
 			if (!in_array($opts, 'hardlink') && !in_array($options, 'allow_hardlink')) {
-				$app->log("TODO: search for and remove hardlinked files", LOGLEVEL_DEBUG);
-				// search for and save list of files
-
                                 $find_multiple_links = function ( $path ) use ( &$find_multiple_links ) {
 					$found = array();
 					if (is_dir($path)) {
@@ -2498,9 +2495,9 @@ public function update_jailkit_chroot($home_dir, $sections = array(), $programs
 		return true;
 	}
 
-	public function delete_jailkit_chroot($home_dir, $options = array()) {
+	public function delete_jailkit_chroot($home_dir) {
 		if(!is_dir($home_dir)) {
-			$app->log("delete_jailkit_chroot: jail directory does not exist: $homedir", LOGLEVEL_DEBUG);
+			$app->log("delete_jailkit_chroot: jail directory does not exist: $home_dir", LOGLEVEL_DEBUG);
 			return false;
 		}
 
@@ -2528,7 +2525,7 @@ public function delete_jailkit_chroot($home_dir, $options = array()) {
 
 		}
 
-		$app->log("delete_jailkit_chroot: removed from jail $homedir: $removed", LOGLEVEL_DEBUG);
+		$app->log("delete_jailkit_chroot: removed from jail $home_dir: $removed", LOGLEVEL_DEBUG);
 
 		// handle etc and home special
 		$home = rtrim($home_dir, '/') . '/home';

server/plugins-available/cron_jailkit_plugin.inc.php

@@ -76,7 +76,7 @@ function insert($event_name, $data) {
 		}
 
 		//* get data from web
-		$parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `domain` FROM `web_domain` WHERE `domain_id` = ?", $data["new"]["parent_domain_id"]);
+		$parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = ?", $data["new"]["parent_domain_id"]);
 		if(!$parent_domain["domain_id"]) {
 			$app->log("Parent domain not found", LOGLEVEL_WARN);
 			return 0;
@@ -107,6 +107,11 @@ function insert($event_name, $data) {
 				$this->data = $data;
 				$this->app = $app;
 				$this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit');
+				foreach (array('jailkit_chroot_app_sections', 'jailkit_chroot_app_programs', 'jailkit_do_not_remove_paths') as $section) {
+					if (isset($parent_domain[$section]) && $parent_domain[$section] != '' ) {
+						$this->jailkit_config[$section] = $parent_domain[$section];
+					}
+				}
 
 				$this->_update_website_security_level();
 
@@ -141,7 +146,7 @@ function update($event_name, $data) {
 			return 0;
 		}
 		//* get data from web
-		$parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `domain` FROM `web_domain` WHERE `domain_id` = ?", $data["new"]["parent_domain_id"]);
+		$parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = ?", $data["new"]["parent_domain_id"]);
 		if(!$parent_domain["domain_id"]) {
 			$app->log("Parent domain not found", LOGLEVEL_WARN);
 			return 0;
@@ -167,20 +172,15 @@ function update($event_name, $data) {
 			{
 				$app->log("Jailkit Plugin (Cron) -> setting up jail", LOGLEVEL_DEBUG);
 				// load the server configuration options
-				/*
-				$app->uses("getconf");
-				$this->data = $data;
-				$this->app = $app;
-				$this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit');
-                $this->parent_domain = $parent_domain;
-
-				$this->_setup_jailkit_chroot();
-				$this->_add_jailkit_user();
-				*/
 				$app->uses("getconf");
 				$this->data = $data;
 				$this->app = $app;
 				$this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit');
+				foreach (array('jailkit_chroot_app_sections', 'jailkit_chroot_app_programs', 'jailkit_do_not_remove_paths') as $section) {
+					if (isset($parent_domain[$section]) && $parent_domain[$section] != '' ) {
+						$this->jailkit_config[$section] = $parent_domain[$section];
+					}
+				}
 
 				$this->_update_website_security_level();
 
@@ -205,8 +205,25 @@ function update($event_name, $data) {
 	function delete($event_name, $data) {
 		global $app, $conf;
 
-		//* nothing to do here!
+		if($data["old"]["parent_domain_id"] == '') {
+			$app->log("Parent domain not set", LOGLEVEL_WARN);
+			return 0;
+		}
+
+		$app->uses('system');
+
+		if ($data['old']['type'] == "chrooted")
+		{
+			$parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = ?", $data['old']['parent_domain_id']);
+
+			// should copy some _delete_homedir() functionality from shelluser_jailkit_plugin ?
 
+			if (isset($parent_domain['delete_unused_jailkit']) && $parent_domain['delete_unused_jailkit']) {
+				$app->system->web_folder_protection($parent_domain['document_root'], false);
+				$this->_delete_jailkit_if_unused($parent_domain['domain_id']);
+				$app->system->web_folder_protection($parent_domain['document_root'], true);
+			}
+		}
 	}
 
 	function _setup_jailkit_chroot()
@@ -247,6 +264,8 @@ function _setup_jailkit_chroot()
 
 			$app->system->file_put_contents($motd, $tpl->grab());
 
+		} else {
+			$app->system->update_jailkit_chroot($this->data['new']['dir']);
 		}
 		$this->_add_jailkit_programs();
 	}
@@ -311,5 +330,29 @@ function _update_website_security_level() {
 		}
 	}
 
+	private function _delete_jailkit_if_unused($parent_domain_id) {
+		global $app, $conf;
+
+		// get jail directory
+		$parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = ? OR `parent_domain_id` = ? AND `document_root` IS NOT NULL", $parent_domain_id, $parent_domain_id);
+		if (!is_dir($parent_domain['document_root'])) {
+			return;
+		}
+
+		// check for any shell_user using this jail
+		$inuse = $app->db->queryOneRecord('SELECT shell_user_id FROM `shell_user` WHERE `parent_domain_id` = ? AND `chroot` = ?', $parent_domain_id, 'jailkit');
+		if($inuse) {
+			return;
+		}
+
+		// check for any cron job using this jail
+		$inuse = $app->db->queryOneRecord('SELECT id FROM `cron` WHERE `parent_domain_id` = ? AND `type` = ?', $parent_domain_id, 'chrooted');
+		if($inuse) {
+			return;
+		}
+
+		$app->system->delete_jailkit_chroot($parent_domain['document_root']);
+	}
+
 } // end class
 

server/plugins-available/shelluser_jailkit_plugin.inc.php

@@ -273,7 +273,7 @@ function delete($event_name, $data) {
 			}
 
 			if (isset($web['delete_unused_jailkit']) && $web['delete_unused_jailkit']) {
-				$app->system->delete_jailkit_if_unused($web['domain_id']);
+				$this->_delete_jailkit_if_unused($web['domain_id']);
 			}
 
 			$app->system->web_folder_protection($web['document_root'], true);
@@ -328,6 +328,8 @@ function _setup_jailkit_chroot()
 
 			$app->system->file_put_contents($motd, $tpl->grab());
 
+		} else {
+			$app->system->update_jailkit_chroot($this->data['new']['dir']);
 		}
 	}
 
@@ -562,6 +564,30 @@ private function _delete_homedir($homedir,$userid,$parent_domain_id) {
 
 	}
 
+	private function _delete_jailkit_if_unused($parent_domain_id) {
+		global $app, $conf;
+
+		// get jail directory
+		$parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = ? OR `parent_domain_id` = ? AND `document_root` IS NOT NULL", $parent_domain_id, $parent_domain_id);
+		if (!is_dir($parent_domain['document_root'])) {
+			return;
+		}
+
+		// check for any shell_user using this jail
+		$inuse = $app->db->queryOneRecord('SELECT shell_user_id FROM `shell_user` WHERE `parent_domain_id` = ? AND `chroot` = ?', $parent_domain_id, 'jailkit');
+		if($inuse) {
+			return;
+		}
+
+		// check for any cron job using this jail
+		$inuse = $app->db->queryOneRecord('SELECT id FROM `cron` WHERE `parent_domain_id` = ? AND `type` = ?', $parent_domain_id, 'chrooted');
+		if($inuse) {
+			return;
+		}
+
+		$app->system->delete_jailkit_chroot($parent_domain['document_root']);
+	}
+
 } // end class
 
 ?>