cleanup jk_socketd.ini. fixes #2946

jnorell · jnorell · commit c5a58c0eddb3 · 2020-09-17T09:15:53.000-06:00
diff --git a/server/lib/classes/ini_parser.inc.php b/server/lib/classes/ini_parser.inc.php
@@ -52,6 +52,75 @@ function parse_ini_string($ini) {
 
 
 
+	function parse_ini_file($file) {
+		if(!is_file($file)) {
+			return false;
+		}
+		return $this->parse_ini_string(file_get_contents($file));
+	}
+
+
+
+	function array_to_ini($array,$out="") {
+		if(!is_array($array)) {
+			return $array;
+		}
+		$t="";
+		$q=false;
+		foreach($array as $c=>$d) {
+			if(is_array($d)) {
+				$t .= $this->array_to_ini($d,$c);
+			} else {
+				if($c===intval($c)) {
+					if(!empty($out)) {
+						$t.="\r\n".$out." = \"".$d."\"";
+						if($q!=2) {
+							$q=true;
+						}
+					} else {
+						$t.="\r\n".$d;
+					}
+				} else {
+					$t.="\r\n".$c." = \"".$d."\"";
+					$q=2;
+				}
+			}
+		}
+		if($q!=true && !empty($out))
+			return "[".$out."]\r\n".$t;
+		if(!empty($out))
+			return  $t;
+		return trim($t);
+	}
+
+
+
+	function write_ini_file($array, $file) {
+		$ret = false;
+		$ini = $this->array_to_ini($array);
+
+		if ($fp = fopen($file, 'w')) {
+			$startTime = microtime();
+			do
+			{
+				$canWrite = flock($fp, LOCK_EX);
+				// If lock not obtained sleep for 0 - 100 milliseconds, to avoid collision and CPU load
+				if(!$canWrite) usleep(round(rand(0, 100)*1000));
+			} while ((!$canWrite) and ((microtime()-$startTime) < 1000));
+
+			// file was locked so now we can store information
+			if ($canWrite) {
+				$ret = fwrite($fp, $ini);
+				flock($fp, LOCK_UN);
+			}
+			fclose($fp);
+		}
+		return $ret;
+	}
+
+
+
+	// unused function, and misleading arg ($file is unused)
 	function get_ini_string($file) {
 		$content = '';
 		foreach($this->config as $section => $data) {
diff --git a/server/lib/classes/system.inc.php b/server/lib/classes/system.inc.php
@@ -2376,6 +2376,10 @@ public function create_jailkit_programs($home_dir, $programs = array(), $options
 	}
 
 	public function update_jailkit_chroot($home_dir, $sections = array(), $programs = array(), $options = array()) {
+		global $app;
+
+		$app->uses('ini_parser');
+
 		// Disallow operating on root directory
 		if(realpath($home_dir) == '/') {
 			$app->log("update_jailkit_chroot: invalid home_dir: $home_dir", LOGLEVEL_WARN);
@@ -2434,9 +2438,6 @@ public function update_jailkit_chroot($home_dir, $sections = array(), $programs
 				continue;
 			}
 
-			// remove dangling symlinks
-			$app->log("TODO: search for and remove dangling symlinks", LOGLEVEL_DEBUG);
-
 			// save list of hardlinked files
 			if (!in_array($opts, 'hardlink') && !in_array($options, 'allow_hardlink')) {
                                 $find_multiple_links = function ( $path ) use ( &$find_multiple_links ) {
@@ -2463,13 +2464,16 @@ public function update_jailkit_chroot($home_dir, $sections = array(), $programs
 					$multiple_links = array_merge($multiple_links, $ret);
 				}
 			}
+
+			// remove dangling symlinks
+			$app->log("TODO: search for and remove dangling symlinks", LOGLEVEL_DEBUG);
 		}
 
 		
 		$cmd = 'jk_update --jail='.escapeshellarg($home_dir) . $skips;
 		exec($cmd, $out, $ret);
 		foreach ($out as $line) {
-			if (substr( $line, 0, 4 ) === "skip")) {
+			if (substr( $line, 0, 4 ) === "skip") {
 				continue;
 			}
 			if (preg_match('|^(? [^ ]+){6}(.+)$'.preg_quote($home_dir, '|').'|', $line, $matches)) {
@@ -2522,10 +2526,31 @@ public function update_jailkit_chroot($home_dir, $sections = array(), $programs
 		// Fix permissions of the root firectory
 		$this->chmod($home_dir . '/bin', 0755, true);  // was chmod g-w $CHROOT_HOMEDIR/bin
 
+		// remove non-existent jails from /etc/jailkit/jk_socketd.ini
+		if (is_file('/etc/jailkit/jk_socketd.ini')) {
+			$rewrite = false;
+			$jk_socketd_ini = $app->ini_parser->parse_ini_file('/etc/jailkit/jk_socketd.ini');
+			foreach ($jk_socketd_ini as $log => $settings) {
+				$jail = preg_replace('|/dev/log$|', '', $log);
+				if ($jail != $log && !is_dir($jail)) {
+					unset($jk_socketd_ini[$log]);
+					$rewrite=true;
+				}
+			}
+			if ($rewrite) {
+				$app->log('update_jailkit_chroot: writing /etc/jailkit/jk_socketd.ini', LOGLEVEL_DEBUG);
+				$app->ini_parse->write_ini_file($jk_socketd_ini, '/etc/jailkit/jk_socketd.ini');
+			}
+		}
+
 		return true;
 	}
 
 	public function delete_jailkit_chroot($home_dir) {
+		global $app;
+
+		$app->uses('ini_parser');
+
 		// Disallow operating on root directory
 		if(realpath($home_dir) == '/') {
 			$app->log("delete_jailkit_chroot: invalid home_dir: $home_dir", LOGLEVEL_WARN);
@@ -2573,6 +2598,17 @@ public function delete_jailkit_chroot($home_dir) {
 			rename($home, $archive);
 		}
 
+		// remove $home_dir from /etc/jailkit/jk_socketd.ini
+		if (is_file('/etc/jailkit/jk_socketd.ini')) {
+			$jk_socketd_ini = $app->ini_parser->parse_ini_file('/etc/jailkit/jk_socketd.ini');
+			$log = $home . '/dev/log';
+			if (isset($jk_socketd_ini[$log]) {
+				unset($jk_socketd_ini[$log]);
+				$app->log('delete_jailkit_chroot: writing /etc/jailkit/jk_socketd.ini', LOGLEVEL_DEBUG);
+				$app->ini_parse->write_ini_file($jk_socketd_ini, '/etc/jailkit/jk_socketd.ini');
+			}
+		}
+
 		return true;
 	}
 
