- fixed problems from implementation of vulnerability fix

Author: Marius Burkard

server/lib/classes/system.inc.php

@@ -2312,12 +2312,12 @@ public function is_allowed_path($path) {
 			'@^/$@',
 			'@^/proc(/.*)?$@',
 			'@^/sys(/.*)?$@',
-			'@^/etc(/.*)$@',
-			'@^/dev(/.*)$@',
-			'@^/tmp(/.*)$@',
-			'@^/run(/.*)$@',
-			'@^/boot(/.*)$@',
-			'@^/root(/.*)$@',
+			'@^/etc(/.*)?$@',
+			'@^/dev(/.*)?$@',
+			'@^/tmp(/.*)?$@',
+			'@^/run(/.*)?$@',
+			'@^/boot(/.*)?$@',
+			'@^/root(/.*)?$@',
 			'@^/var(/?|/backups?(/.*)?)?$@',
 		);
 
@@ -2380,6 +2380,8 @@ public function system_safe($cmd) {
 	}
 
 	public function create_jailkit_user($username, $home_dir, $user_home_dir, $shell = '/bin/bash', $p_user = null, $p_user_home_dir = null) {
+		global $app;
+
 		// Disallow operating on root directory
 		if(realpath($home_dir) == '/') {
 			$app->log("create_jailkit_user: invalid home_dir: $home_dir", LOGLEVEL_WARN);
@@ -2409,6 +2411,8 @@ public function create_jailkit_user($username, $home_dir, $user_home_dir, $shell
 	}
 
 	public function create_jailkit_chroot($home_dir, $app_sections = array(), $options = array()) {
+		global $app;
+
 		// Disallow operating on root directory
 		if(realpath($home_dir) == '/') {
 			$app->log("create_jailkit_chroot: invalid home_dir: $home_dir", LOGLEVEL_WARN);
@@ -2480,6 +2484,8 @@ public function create_jailkit_chroot($home_dir, $app_sections = array(), $optio
 	}
 
 	public function create_jailkit_programs($home_dir, $programs = array(), $options = array()) {
+		global $app;
+
 		// Disallow operating on root directory
 		if(realpath($home_dir) == '/') {
 			$app->log("create_jailkit_programs: invalid home_dir: $home_dir", LOGLEVEL_WARN);

server/plugins-available/shelluser_base_plugin.inc.php

@@ -97,10 +97,10 @@ function insert($event_name, $data) {
 		}
 
 		if(is_file($data['new']['dir']) || is_link($data['new']['dir'])) {
-			$app->log('Shell user dir must not be existing file or symlink.', LOVLEVEL_WARN);
+			$app->log('Shell user dir must not be existing file or symlink.', LOGLEVEL_WARN);
 			return false;
 		} elseif(!$app->system->is_allowed_path($data['new']['dir'])) {
-			$app->log('Shell user dir is not an allowed path: ' . $data['new']['dir'], LOVLEVEL_WARN);
+			$app->log('Shell user dir is not an allowed path: ' . $data['new']['dir'], LOGLEVEL_WARN);
 			return false;
 		}
 
@@ -216,10 +216,10 @@ function update($event_name, $data) {
 		}
 
 		if(is_file($data['new']['dir']) || is_link($data['new']['dir'])) {
-			$app->log('Shell user dir must not be existing file or symlink.', LOVLEVEL_WARN);
+			$app->log('Shell user dir must not be existing file or symlink.', LOGLEVEL_WARN);
 			return false;
 		} elseif(!$app->system->is_allowed_path($data['new']['dir'])) {
-			$app->log('Shell user dir is not an allowed path: ' . $data['new']['dir'], LOVLEVEL_WARN);
+			$app->log('Shell user dir is not an allowed path: ' . $data['new']['dir'], LOGLEVEL_WARN);
 			return false;
 		}
 
@@ -320,6 +320,14 @@ function delete($event_name, $data) {
 			return false;
 		}
 
+		if(is_file($data['old']['dir']) || is_link($data['old']['dir'])) {
+			$app->log('Shell user dir must not be existing file or symlink.', LOGLEVEL_WARN);
+			return false;
+		} elseif(!$app->system->is_allowed_path($data['old']['dir'])) {
+			$app->log('Shell user dir is not an allowed path: ' . $data['old']['dir'], LOGLEVEL_WARN);
+			return false;
+		}
+
 		if($app->system->is_user($data['old']['username'])) {
 			// Get the UID of the user
 			$userid = intval($app->system->getuid($data['old']['username']));

server/plugins-available/shelluser_jailkit_plugin.inc.php

@@ -89,6 +89,15 @@ function insert($event_name, $data) {
 			return false;
 		}
 
+		if(is_file($data['new']['dir']) || is_link($data['new']['dir'])) {
+			$app->log('Shell user dir must not be existing file or symlink.', LOGLEVEL_WARN);
+			return false;
+		} elseif(!$app->system->is_allowed_path($data['new']['dir'])) {
+			$app->log('Shell user dir is not an allowed path: ' . $data['new']['dir'], LOGLEVEL_WARN);
+			return false;
+		}
+
+
 		if($app->system->is_user($data['new']['puser'])) {
 			// Get the UID of the parent user
 			$uid = intval($app->system->getuid($data['new']['puser']));
@@ -170,6 +179,14 @@ function update($event_name, $data) {
 			return false;
 		}
 
+		if(is_file($data['new']['dir']) || is_link($data['new']['dir'])) {
+			$app->log('Shell user dir must not be existing file or symlink.', LOGLEVEL_WARN);
+			return false;
+		} elseif(!$app->system->is_allowed_path($data['new']['dir'])) {
+			$app->log('Shell user dir is not an allowed path: ' . $data['new']['dir'], LOGLEVEL_WARN);
+			return false;
+		}
+
 		if($app->system->is_user($data['new']['puser'])) {
 			$web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $data['new']['parent_domain_id']);
 
@@ -241,6 +258,14 @@ function delete($event_name, $data) {
 			return false;
 		}
 
+		if(is_file($data['old']['dir']) || is_link($data['old']['dir'])) {
+			$app->log('Shell user dir must not be existing file or symlink.', LOGLEVEL_WARN);
+			return false;
+		} elseif(!$app->system->is_allowed_path($data['old']['dir'])) {
+			$app->log('Shell user dir is not an allowed path: ' . $data['old']['dir'], LOGLEVEL_WARN);
+			return false;
+		}
+
 		if ($data['old']['chroot'] == "jailkit")
 		{
 			$web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $data['old']['parent_domain_id']);
@@ -518,6 +543,9 @@ private function _setup_ssh_rsa() {
 		}
 		//* Get the keys
 		$existing_keys = file($sshkeys, FILE_IGNORE_NEW_LINES);
+		if(!$existing_keys) {
+			$existing_keys = array();
+		}
 		$new_keys = explode("\n", $sshrsa);
 		$old_keys = explode("\n", $this->data['old']['ssh_rsa']);