1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54: 55: 56: 57: 58: 59: 60: 61: 62: 63: 64: 65: 66: 67: 68: 69: 70: 71: 72: 73: 74: 75: 76: 77: 78: 79: 80: 81: 82: 83: 84: 85: 86: 87: 88: 89: 90: 91: 92: 93: 94: 95: 96: 97: 98: 99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129: 130: 131: 132: 133: 134: 135: 136: 137: 138: 139: 140: 141: 142: 143: 144: 145: 146: 147: 148: 149: 150: 151: 152: 153: 154: 155: 156: 157: 158: 159: 160: 161: 162: 163: 164: 165: 166: 167: 168: 169: 170: 171: 172: 173: 174: 175: 176: 177: 178: 179: 180: 181: 182: 183: 184: 185: 186: 187: 188: 189: 190: 191: 192: 193: 194: 195: 196: 197: 198: 199: 200: 201: 202: 203: 204: 205: 206: 207: 208: 209: 210: 211: 212: 213: 214: 215: 216: 217: 218: 219: 220: 221: 222: 223: 224: 225: 226: 227: 228: 229: 230: 231: 232: 233: 234: 235: 236: 237: 238: 239: 240: 241: 242: 243: 244: 245: 246: 247: 248: 249: 250: 251: 252: 253: 254: 255: 256: 257: 258: 259: 260: 261: 262: 263: 264: 265: 266: 267: 268: 269: 270: 271: 272: 273: 274: 275: 276: 277: 278: 279: 280: 281: 282: 283: 284: 285: 286: 287: 288: 289: 290: 291: 292: 293: 294: 295: 296: 297: 298: 299: 300: 301: 302: 303: 304: 305: 306: 307: 308: 309: 310: 311: 312: 313: 314: 315: 316: 317: 318: 319: 320: 321: 322: 323: 324: 325: 326: 327: 328: 329: 330: 331: 332: 333: 334: 335: 336: 337: 338: 339: 340: 341: 342: 343: 344: 345: 346: 347: 348: 349: 350: 351: 352: 353: 354: 355: 356: 357: 358: 359: 360: 361: 362: 363: 364: 365: 366: 367: 368: 369: 370: 371: 372: 373: 374: 375: 376: 377: 378: 379: 380: 381: 382: 383: 384: 385: 386: 387: 388: 389: 390: 391: 392: 393: 394: 395: 396: 397: 398: 399: 400: 401: 402: 403: 404: 405: 406: 407: 408: 409: 410: 411: 412: 413: 414: 415: 416: 417: 418: 419: 420: 421: 422: 423:
<?php
declare(strict_types=1);
use Module\Support\Auth;
use Opcenter\Filesystem\Quota;
class Site_Module extends Auth
implements Opcenter\Contracts\Hookable
{
use ImpersonableTrait;
const MIN_STORAGE_AMNESTY = QUOTA_STORAGE_WAIT;
const AMNESTY_DURATION = QUOTA_STORAGE_DURATION;
const AMNESTY_MULTIPLIER = QUOTA_STORAGE_BOOST;
const DEPENDENCY_MAP = [];
protected $exportedFunctions = [
'*' => PRIVILEGE_SITE,
'get_admin_email' => PRIVILEGE_SITE | PRIVILEGE_USER,
'ip_address' => PRIVILEGE_SITE | PRIVILEGE_USER,
'split_hostname' => PRIVILEGE_SITE | PRIVILEGE_USER
];
public function user_service_enabled(string $user, string $service): bool
{
$svc_cache = $this->user_svc_cache;
$svc_file = $this->domain_fs_path() . '/etc/' . $service . '.pamlist';
$site = $this->site_id;
if (!file_exists($svc_file)) {
return error("Invalid service name `%s'", $service);
}
if (!isset($svc_cache[$site]) ||
filemtime($svc_file) > $svc_cache[$site]['mtime']
) {
$fp = fopen($svc_file, 'r');
$contents = fread($fp, filesize($svc_file));
foreach (explode("\n", $contents) as $line) {
$svc_cache[$site]['users'][trim($line)][$service] = 1;
}
fclose($fp);
$svc_cache[$site]['mtime'] = filemtime($svc_file);
}
return isset($svc_cache[$site]['users'][$user][$service]);
}
public function get_bandwidth_usage(int $type = null)
{
deprecated_func('Use bandwidth_usage()');
return $this->bandwidth_usage($type);
}
public function get_bandwidth_rollover(): int
{
deprecated_func('Use bandwidth_rollover');
return $this->bandwidth_rollover();
}
public function set_admin_email(string $email): bool
{
if (!preg_match(Regex::EMAIL, $email)) {
return error('Invalid e-mail address, ' . $email);
}
$oldemail = $this->getConfig('siteinfo', 'email');
$pgdb = \PostgreSQL::initialize();
$pgdb->query("UPDATE siteinfo SET email = '" . $email . "' WHERE site_id = '" . $this->site_id . "';");
$this->setConfig('siteinfo', 'email', $email);
$ret = $pgdb->affected_rows() > 0;
if (!$ret) {
return false;
}
parent::sendNotice('email', [
'email' => $oldemail,
'ip' => \Auth::client_ip()
]);
return true;
}
public function get_admin_email(): string
{
return $this->getConfig('siteinfo', 'email');
}
public function ip_address(): string
{
$addr = $this->common_get_ip_address();
return is_array($addr) ? array_pop($addr) : $addr;
}
public function get_account_quota(): array
{
if (!IS_CLI) {
return $this->query('site_get_account_quota');
}
return Quota::getGroup($this->group_id);
}
public function get_port_range(): array
{
deprecated_func('Use ssh_port_range()');
return $this->ssh_port_range();
}
public function wipe($token = '')
{
$token = strtolower((string)$token);
$calctoken = $this->_calculateToken();
if (!$token) {
if (defined('AJAX') && AJAX) {
return $calctoken;
}
$msg = 'This is the most nuclear of options. ' .
"Respond with the following token `%s' to confirm";
return warn($msg, $calctoken);
}
if ($token !== $calctoken) {
$msg = "provided token `%s' does not match confirmation token `%s'";
return error($msg, $token, $calctoken);
}
if (!IS_CLI) {
return $this->query('site_wipe', $token);
}
if (!Crm_Module::COPY_ADMIN) {
return error('Admin reminder address not setup - disallowing account reset');
}
$editor = new Util_Account_Editor($this->getAuthContext()->getAccount());
$editor->importConfig();
$afi = $this->getApnscpFunctionInterceptor();
$modules = $afi->list_all_modules();
foreach ($modules as $m) {
$c = $afi->get_class_from_module($m);
$class = $c::instantiateContexted($this->getAuthContext());
$class->_reset($editor);
}
$addcmd = $editor->setMode('add')->getCommand();
Mail::send(Crm_Module::COPY_ADMIN, 'Account Wipe', $addcmd);
$delproc = new Util_Account_Editor($this->getAuthContext()->getAccount());
if (!$delproc->delete()) {
return false;
}
$proc = new Util_Process_Schedule('now');
$ret = $proc->run($addcmd);
return $ret['success'];
}
private function _calculateToken(): string
{
$inode = fileinode($this->domain_info_path());
$hash = hash('crc32', (string)$inode);
return $hash;
}
public function storage_amnesty(): bool
{
if (!IS_CLI) {
return $this->query('site_storage_amnesty');
}
$last = $this->getServiceValue('diskquota', 'amnesty');
$now = coalesce($_SERVER['REQUEST_TIME'], time());
if (self::MIN_STORAGE_AMNESTY > ($now - $last)) {
$aday = self::MIN_STORAGE_AMNESTY / 86400;
return error('storage amnesty may be requested once every %d days, %d days remaining',
$aday,
$aday - ceil(($now - $last) / 86400)
);
}
$storage = $this->getServiceValue('diskquota', 'quota');
$newstorage = $storage * self::AMNESTY_MULTIPLIER;
$acct = new Util_Account_Editor($this->getAuthContext()->getAccount(), $this->getAuthContext());
$acct->setConfig('diskquota', 'quota', $newstorage)->
setConfig('diskquota', 'amnesty', $now);
$ret = $acct->edit();
if ($ret !== true) {
Error_Reporter::report(var_export($ret, true));
return error('failed to set amnesty on account');
}
$acct->setConfig('diskquota', 'quota', $storage);
$cmd = $acct->getCommand();
$proc = new Util_Process_Schedule('+' . self::AMNESTY_DURATION . ' seconds');
$ret = $proc->run($cmd);
$msg = sprintf("Domain: %s\r\nSite: %d\r\nServer: %s", $this->domain, $this->site_id, SERVER_NAME_SHORT);
Mail::send(Crm_Module::COPY_ADMIN, 'Amnesty Request', $msg);
return $ret['success'];
}
public function amnesty_active(): bool
{
$time = isset($_SERVER['REQUEST_TIME']) ? $_SERVER['REQUEST_TIME'] : time();
$amnesty = $this->getServiceValue('diskquota', 'amnesty');
if (!$amnesty) {
return false;
}
return ($time - $amnesty) <= self::AMNESTY_DURATION;
}
public function hijack(string $user): string
{
if ($this->user_exists($user)) {
if ($user === $this->username) {
return $this->session_id;
}
return $this->impersonateRole($this->site, $user);
}
if (AUTH_SUBORDINATE_SITE_SSO && ($invoice = $this->getServiceValue('billing', 'invoice'))
&& ($siteid = \Auth::get_site_id_from_anything($user)))
{
$site = "site${siteid}";
$map = \Opcenter\Map::load(Opcenter\Service\Validators\Billing\Invoice::MAP_FILE, 'rd');
$parentage = preg_split('/\s*,\s*/', (string)$map->fetch($invoice), -1, PREG_SPLIT_NO_EMPTY);
if (\in_array($site, $parentage, true)) {
return $this->impersonateRole($site);
}
}
error("unknown user `%s'", $user);
return $this->session_id;
}
public function _create()
{
$conf = $this->getServiceValue('siteinfo');
$db = \Opcenter\Map::load(\Opcenter\Map::DOMAIN_MAP, 'wd');
if (!$db->exists($conf['domain'])) {
$db->set($conf['domain'], $this->site);
}
$db->close();
}
public function _delete()
{
$db = \Opcenter\Map::load(\Opcenter\Map::DOMAIN_MAP, 'wd');
$domain = array_get($this->getAuthContext()->conf('siteinfo'), 'domain', []);
$db->delete($domain);
$db->close();
}
public function _edit()
{
$new = $this->getAuthContext()->conf('siteinfo', 'new');
$old = $this->getAuthContext()->conf('siteinfo', 'old');
if ($new['domain'] === $old['domain']) {
return;
}
$db = \Opcenter\Map::load(\Opcenter\Map::DOMAIN_MAP, 'wd');
$db->delete($old['domain']);
$db->insert($new['domain'], $this->site);
$db->close();
}
public function _verify_conf(\Opcenter\Service\ConfigurationContext $ctx): bool
{
return true;
}
public function _edit_user(string $userold, string $usernew, array $oldpwd)
{
if ($usernew === $userold) {
return;
}
}
public function _create_user(string $user)
{
}
public function _delete_user(string $user)
{
}
}