1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54: 55: 56: 57: 58: 59: 60: 61: 62: 63: 64: 65: 66: 67: 68: 69: 70: 71: 72: 73: 74: 75: 76: 77: 78: 79: 80: 81: 82: 83: 84: 85: 86: 87: 88: 89: 90: 91: 92: 93: 94: 95: 96: 97: 98: 99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129: 130: 131: 132: 133: 134: 135: 136: 137: 138: 139: 140: 141: 142: 143: 144: 145: 146: 147: 148: 149: 150: 151: 152: 153: 154: 155: 156: 157: 158: 159: 160: 161: 162: 163: 164: 165: 166: 167: 168: 169: 170: 171: 172: 173: 174: 175: 176: 177: 178: 179: 180: 181: 182: 183: 184: 185: 186: 187: 188: 189: 190: 191: 192: 193: 194: 195: 196: 197: 198: 199: 200: 201: 202: 203: 204: 205: 206: 207: 208: 209: 210: 211: 212: 213: 214: 215: 216: 217: 218: 219: 220: 221: 222: 223: 224: 225: 226: 227: 228: 229: 230: 231: 232: 233: 234: 235: 236: 237: 238: 239: 240: 241: 242: 243: 244: 245: 246: 247: 248: 249: 250: 251: 252: 253: 254: 255: 256: 257: 258: 259: 260: 261: 262: 263: 264: 265: 266: 267: 268: 269: 270: 271: 272: 273: 274: 275: 276: 277: 278: 279: 280: 281: 282: 283: 284: 285: 286: 287: 288: 289: 290: 291: 292: 293: 294: 295: 296: 297: 298: 299: 300: 301: 302: 303: 304: 305: 306: 307: 308: 309: 310: 311: 312: 313: 314: 315: 316: 317: 318: 319: 320: 321: 322: 323: 324: 325: 326: 327: 328: 329: 330: 331: 332: 333: 334: 335: 336: 337: 338: 339: 340: 341: 342: 343: 344: 345: 346: 347: 348: 349: 350: 351: 352: 353: 354: 355: 356: 357: 358: 359: 360: 361: 362: 363: 364: 365: 366: 367: 368: 369: 370: 371: 372: 373: 374: 375: 376: 377: 378: 379: 380: 381: 382: 383: 384: 385: 386: 387: 388: 389: 390: 391: 392: 393: 394: 395: 396: 397: 398: 399: 400: 401: 402: 403: 404: 405: 406: 407: 408: 409: 410: 411: 412: 413: 414: 415: 416: 417: 418: 419: 420: 421: 422: 423: 424: 425: 426: 427: 428: 429: 430: 431: 432: 433: 434: 435: 436: 437: 438: 439: 440: 441: 442: 443: 444: 445: 446: 447: 448: 449: 450: 451: 452: 453: 454: 455: 456: 457: 458: 459: 460: 461: 462: 463: 464: 465: 466: 467: 468: 469: 470: 471: 472: 473: 474: 475: 476: 477: 478: 479: 480: 481: 482: 483: 484: 485: 486: 487: 488: 489: 490: 491: 492: 493: 494: 495: 496: 497: 498: 499: 500: 501: 502: 503: 504: 505: 506: 507: 508: 509: 510: 511: 512: 513: 514: 515: 516: 517: 518: 519: 520: 521: 522: 523: 524: 525: 526: 527: 528: 529: 530: 531: 532: 533: 534: 535: 536: 537: 538: 539: 540: 541: 542: 543: 544: 545: 546: 547: 548: 549: 550: 551: 552: 553: 554: 555: 556: 557: 558: 559: 560: 561: 562: 563: 564: 565: 566: 567: 568: 569: 570: 571: 572: 573: 574: 575: 576: 577: 578: 579: 580: 581: 582: 583: 584: 585: 586: 587: 588: 589: 590: 591: 592: 593: 594: 595: 596: 597: 598: 599: 600: 601: 602: 603: 604: 605: 606: 607: 608: 609: 610: 611: 612: 613: 614: 615: 616: 617: 618: 619: 620: 621: 622: 623: 624: 625: 626: 627: 628: 629: 630: 631: 632: 633: 634: 635: 636: 637: 638: 639: 640: 641: 642: 643: 644: 645: 646: 647: 648: 649: 650: 651: 652: 653: 654: 655: 656: 657: 658: 659: 660: 661: 662: 663: 664: 665: 666: 667: 668: 669: 670: 671: 672: 673: 674: 675: 676: 677: 678: 679: 680: 681: 682: 683: 684: 685: 686: 687: 688: 689: 690: 691: 692: 693: 694: 695: 696: 697: 698: 699: 700: 701: 702: 703: 704: 705: 706: 707: 708: 709: 710: 711: 712: 713: 714: 715: 716: 717: 718: 719: 720: 721: 722: 723: 724: 725: 726: 727: 728: 729: 730: 731: 732: 733: 734: 735: 736: 737: 738: 739: 740: 741: 742: 743: 744: 745: 746: 747: 748: 749: 750: 751: 752: 753: 754: 755: 756: 757: 758: 759: 760: 761: 762: 763: 764: 765: 766: 767: 768: 769: 770: 771: 772: 773: 774: 775: 776: 777: 778: 779: 780: 781: 782: 783: 784: 785: 786: 787: 788: 789: 790: 791: 792: 793: 794: 795: 796: 797: 798: 799: 800: 801: 802: 803: 804: 805: 806: 807: 808: 809: 810: 811: 812: 813: 814: 815: 816: 817: 818: 819: 820: 821: 822: 823: 824: 825: 826: 827: 828: 829: 830: 831: 832: 833: 834: 835: 836: 837: 838: 839: 840: 841: 842: 843: 844: 845: 846: 847: 848: 849: 850: 851: 852: 853: 854: 855: 856: 857: 858: 859: 860: 861: 862: 863: 864: 865: 866: 867: 868: 869: 870: 871: 872: 873: 874: 875: 876: 877: 878: 879: 880: 881: 882: 883: 884: 885: 886: 887: 888: 889: 890: 891: 892: 893: 894: 895: 896: 897: 898: 899: 900: 901: 902: 903: 904: 905: 906: 907: 908: 909: 910: 911: 912: 913: 914: 915: 916: 917: 918: 919: 920: 921: 922: 923: 924: 925: 926: 927: 928: 929: 930: 931: 932: 933: 934: 935: 936: 937: 938: 939: 940: 941: 942: 943: 944: 945: 946: 947: 948: 949: 950: 951: 952: 953: 954: 955: 956: 957: 958: 959: 960: 961: 962: 963: 964: 965: 966: 967: 968: 969: 970: 971: 972: 973: 974: 975: 976: 977: 978: 979: 980: 981: 982: 983: 984: 985: 986: 987: 988: 989: 990: 991: 992: 993: 994: 995: 996: 997: 998: 999: 1000: 1001: 1002: 1003: 1004: 1005: 1006: 1007: 1008: 1009: 1010: 1011: 1012: 1013: 1014: 1015: 1016: 1017: 1018: 1019: 1020: 1021: 1022: 1023: 1024: 1025: 1026: 1027: 1028: 1029: 1030: 1031: 1032: 1033: 1034: 1035: 1036: 1037: 1038: 1039: 1040: 1041: 1042: 1043: 1044: 1045: 1046: 1047: 1048: 1049: 1050: 1051: 1052: 1053: 1054: 1055: 1056: 1057: 1058: 1059: 1060: 1061: 1062: 1063: 1064: 1065: 1066: 1067: 1068: 1069: 1070: 1071: 1072: 1073: 1074: 1075: 1076: 1077: 1078: 1079: 1080: 1081: 1082: 1083: 1084: 1085: 1086: 1087: 1088: 1089: 1090: 1091: 1092: 1093: 1094: 1095: 1096: 1097: 1098: 1099: 1100: 1101: 1102: 1103: 1104: 1105: 1106: 1107: 1108: 1109: 1110: 1111: 1112: 1113: 1114: 1115: 1116: 1117: 1118: 1119: 1120: 1121: 1122: 1123: 1124: 1125: 1126: 1127: 1128: 1129: 1130: 1131: 1132: 1133:
<?php
declare(strict_types=1);
use Opcenter\Filesystem\Quota;
use Opcenter\Role\User;
class User_Module extends Module_Skeleton implements \Opcenter\Contracts\Hookable
{
const DEPENDENCY_MAP = [
'siteinfo',
'apache'
];
const MIN_UID = USER_MIN_UID;
const VIRT_MIN_UID = 20000;
public const USER_MAXLEN = 32;
protected $uid_mappings = array();
protected $exportedFunctions = [
'*' => PRIVILEGE_SITE,
'flush' => PRIVILEGE_SITE | PRIVILEGE_USER,
'get_user_home' => PRIVILEGE_ALL,
'get_home' => PRIVILEGE_ALL,
'get_users' => PRIVILEGE_SITE | PRIVILEGE_USER,
'change_gecos' => PRIVILEGE_SITE | PRIVILEGE_USER,
'get_uid_from_username' => PRIVILEGE_SITE | PRIVILEGE_USER,
'get_username_from_uid' => PRIVILEGE_ALL,
'exists' => PRIVILEGE_SITE | PRIVILEGE_USER,
'get_quota' => PRIVILEGE_SITE | PRIVILEGE_USER,
'getpwnam' => PRIVILEGE_SITE | PRIVILEGE_USER
];
public function change_quota($user, $diskquota, $filequota = 0)
{
if (!IS_CLI) {
return $this->query('user_change_quota', $user, $diskquota, $filequota);
}
if ($user == $this->getServiceValue('siteinfo', 'admin_user')) {
return error('cannot set quota for administrator');
}
if (!$this->exists($user)) {
return false;
}
if (floatval($diskquota) != $diskquota || $diskquota < 0) {
return error($diskquota . ': invalid disk quota');
}
$limit = $this->site_get_account_quota()['qhard'] ?? PHP_INT_MAX;
if ($diskquota > $limit) {
warn('%d: quota exceeds site limit (%d), defaulting to unlimited', $diskquota, $limit);
$diskquota = 0;
}
if ((int)$filequota != $filequota || $filequota < 0) {
return error($filequota . ': invalid file quota');
}
return Quota::setUser(
$this->get_uid_from_username($user),
(int)round($diskquota * 1024),
$filequota,
max(0, (int)round($diskquota * 1024) - 16),
$filequota
);
}
public function exists($user)
{
return $this->get_uid_from_username($user) !== false;
}
public function get_uid_from_username($username)
{
$user = $this->getpwnam($username);
if (!$user) {
return false;
}
return $user['uid'];
}
public function getpwnam($user = null)
{
if (!$user) {
$user = $this->username;
}
$virtpwnam = $this->domain_fs_path() . '/etc/passwd';
$cache = Cache_Account::spawn($this->getAuthContext());
if (!IS_CLI) {
$gen = $cache->hGet('users', 'gen');
if ($gen === filemtime($virtpwnam)) {
$users = $cache->hGet('users', 'pwd');
if ($users && isset($users[$user])) {
return $users[$user];
}
}
return $this->query('user_getpwnam', $user);
}
$pwd = User::bindTo($this->domain_fs_path())->getpwnam(null);
$cache = Cache_Account::spawn($this->getAuthContext());
$cache->hMSet('users',
array(
'gen' => filemtime($virtpwnam),
'pwd' => $pwd,
)
);
$cache->expire('users', 7200);
return array_get($pwd, $user, []);
}
public function add_user($user, $password, $gecos = '', $quota = 0, array $options = [])
{
deprecated_func('use user_add');
return $this->add($user, $password, $gecos, $quota, $options);
}
public function add($user, $password, $gecos = '', $quota = 0, array $options = array())
{
if (!IS_CLI) {
if (!IS_SOAP && $user == 'test') {
return error('insecure, commonly-exploited username');
}
return $this->query('user_add', $user, $password, $gecos, $quota, $options);
}
if (null !== ($max = $this->getServiceValue('users', 'max'))) {
if (\count($this->get_users()) > $max) {
return error('User limit %d reached', $max);
}
}
$userorig = $user;
$user = strtolower($user);
if ($user !== $userorig) {
warn("user `$user' converted to lowercase");
}
if (!$user) {
return error('no username specified)');
}
if (!preg_match(Regex::USERNAME, $user)) {
return error("invalid user `%s'", $user);
}
if (strlen($user) > self::USER_MAXLEN) {
return error('user max length %d', self::USER_MAXLEN);
}
if (!$this->auth_password_permitted($password, $user)) {
return error('weak password disallowed');
}
$units = $this->getServiceValue('diskquota', 'units');
$quotamax = Formatter::changeBytes($this->getServiceValue('diskquota', 'quota'), 'MB', $units);
if (!isset($options['password']) || $options['password'] != 'crypted') {
$password = $this->auth_crypt($password);
}
if ($quota != (float)$quota || $quota < 0) {
return error(
"disk quota `%(quota)s' outside of range (min: 0, max: %(max)d %(unit)s)",
['quota' => $quota, 'max' => $quotamax, 'unit' => $units]
);
} else if ($quota > $quotamax) {
warn('quota %.1f exceeds limit %.1f: defaulting to %.1f',
$quota, $quotamax, $quotamax);
$quota = $quotamax;
}
$users = $this->get_users();
if (isset($users[$user])) {
return error('username %s exists', $user);
}
$smtp_enable = $this->email_enabled('smtp') && isset($options['smtp']) && $options['smtp'] != 0;
$imap_enable = $this->email_enabled('imap') && isset($options['imap']) && $options['imap'] != 0;
$ftp_enable = isset($options['ftp']) && $options['ftp'] != 0;
$cp_enable = isset($options['cp']) && $options['cp'] != 0;
$dav_enable = isset($options['dav']) && $options['dav'] != 0;
$ssh_enable = $this->getServiceValue('ssh',
'enabled') && isset($options['smtp'], $options['ssh']) && $options['ssh'] != 0;
if ($this->auth_is_demo()) {
$blacklist = ['imap', 'smtp', 'dav', 'ssh', 'ftp'];
foreach ($blacklist as $svc) {
$var = $svc . '_enable';
if ($$var) {
warn('%s access disabled in demo mode', strtoupper($svc));
$$var = false;
}
}
}
if (!$ftp_enable) {
info('FTP service not enabled. User will not be permitted FTP access');
}
if (!$smtp_enable && $imap_enable) {
info('SMTP service not enabled. User will be able to receive mail, but not send');
} else if ($smtp_enable && !$imap_enable) {
info('IMAP service not enabled. User will be able to send mail, but not receive');
} else if ($this->email_configured() && !$smtp_enable && !$imap_enable) {
info('Email not enabled for user');
}
$shell = $options['shell'] ?? '/bin/bash';
if (!in_array($shell, $this->get_shells(), true)) {
return error("Unknown shell `%s'", $shell);
}
$instance = User::bindTo($this->domain_fs_path());
$uid = $instance->captureUid($this->site_id);
$ret = $instance->create($user, [
'cpasswd' => $password,
'gid' => $this->group_id,
'gecos' => $gecos,
'uid' => $uid,
'shell' => $shell
]);
if (!$ret) {
$instance->releaseUid($uid, $this->site_id);
return false;
}
$this->flush();
if ($quota) {
$this->user_change_quota($user, $quota);
}
if ($this->ssh_enabled() && $this->ssh_user_enabled($user)) {
$this->ssh_permit_user($user);
}
if ($ftp_enable) {
$this->ftp_permit_user($user);
}
if ($imap_enable) {
$this->email_permit_user($user, 'imap');
}
if ($smtp_enable) {
$this->email_permit_user($user, 'smtp');
}
if ($cp_enable) {
$this->auth_permit_user($user, 'cp');
}
if ($dav_enable) {
$this->auth_permit_user($user, 'dav');
}
if (!$this->exists($user)) {
return false;
}
Util_Account_Hooks::instantiateContexted($this->getAuthContext())->run('create_user', [$user]);
return true;
}
public function get_users()
{
if (!IS_CLI) {
$cache = Cache_Account::spawn($this->getAuthContext());
$gen = $cache->hGet('users', 'gen');
$mtime = filemtime($this->domain_fs_path() . '/etc/passwd');
if ($gen == $mtime) {
$users = $cache->hGet('users', 'list');
if (!empty($users)) {
return $users;
}
}
return $this->query('user_get_users');
}
$fp = fopen($this->domain_fs_path('/etc/shadow'), 'r');
flock($fp, LOCK_SH);
$mtime = filemtime($this->domain_fs_path('/etc/passwd'));
if (!$fp) {
return error($this->domain . ': unable to open /etc/shadow');
}
$users = array();
while (($line = fgets($fp)) !== false) {
if (!preg_match(Regex::SHADOW_PHY_ENTRY, $line)) {
continue;
}
$line = explode(':', $line);
if ($line[1] !== '!!' && $line[1] !== '') {
$users[$line[0]] = $this->getpwnam($line[0]);
}
}
flock($fp, LOCK_UN);
fclose($fp);
ksort($users);
$cache = Cache_Account::spawn($this->getAuthContext());
$cache->hMSet('users', [
'gen' => $mtime,
'list' => $users
]);
$cache->expire('users', 7200);
return $users;
}
public function get_shells(): array
{
return file($this->domain_fs_path('/etc/shells'),
FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES) + ['/bin/false'];
}
public function flush()
{
$cache = Cache_Account::spawn($this->getAuthContext());
$cache->del('users');
return true;
}
public function get_user_home($user = null)
{
return $this->get_home($user);
}
public function get_home($user = null)
{
if (!$user) {
$user = $this->username;
}
$pwnam = $this->getpwnam($user);
return !$pwnam ? false : $pwnam['home'];
}
public function get_user_count(): array
{
$users = $this->get_users();
return array(
'users' => \count($users),
'max' => $this->getServiceValue('users', 'max', $this->getServiceValue('users', 'maxusers'))
);
}
public function rename_user($user, $newuser)
{
if (!IS_CLI) {
return $this->query('user_rename_user', $user, $newuser);
}
$user = strtolower($user);
$newuser = strtolower($newuser);
$this->flush();
$admin = $this->getServiceValue('siteinfo', 'admin_user');
if (!$this->exists($user)) {
return error("invalid user specified `%s'", $user);
} else if ($this->exists($newuser)) {
return error("target user `%s' already exists", $newuser);
} else if (!preg_match(Regex::USERNAME, $newuser)) {
return error('invalid target user `%s', $newuser);
} else if ($user === $admin) {
return error('use auth_change_username to change primary user');
} else if (strlen($newuser) > static::USER_MAXLEN) {
return error('user max length %d', static::USER_MAXLEN);
}
$pwd = $this->getpwnam($user);
$newhome = preg_replace('!' . DIRECTORY_SEPARATOR . $user . '!',
DIRECTORY_SEPARATOR . $newuser,
$pwd['home'],
1
);
$prefix = $this->domain_fs_path();
if (file_exists($prefix . $newhome)) {
return error("proposed home directory `%s' already exists", $newhome);
}
\Opcenter\Process::killUser($pwd['uid']);
return $this->usermod_driver($user,
array(
'username' => $newuser,
'home' => $newhome,
'move_home' => true
)
);
}
public function usermod_driver($user, $attributes)
{
if (!IS_CLI) {
return $this->query('user_usermod_driver', $user, $attributes);
}
if (!$this->exists($user)) {
return error($user . ': user does not exist');
}
if (isset($attributes['shell']) && !in_array($attributes['shell'], $this->get_shells(), true)) {
return error("Unknown/invalid shell `%s'", $attributes['shell']);
}
$newuser = array_get($attributes, 'username');
$oldpwd = $this->getpwnam($user);
if (!User::bindTo($this->domain_fs_path())->change($user, $attributes)) {
return false;
}
if ($newuser && $newuser !== $user) {
if (!Util_Account_Hooks::instantiateContexted($this->getAuthContext())->run('edit_user', [$user, $newuser, $oldpwd])) {
return error('unable to fully rename user, hook failed');
}
$userpath = $this->domain_info_path() . '/users/';
if (file_exists($userpath . '/' . $user)) {
rename($userpath . '/' . $user, $userpath . '/' . $newuser);
}
$this->flush();
}
}
public function get_quota_history(string $mUser, int $mBegin = 0, int $mEnd = null)
{
$key = 'q.' . base64_encode(pack('LLa*', $mBegin, $mEnd, $mUser));
$cache = Cache_Account::spawn($this->getAuthContext());
$data = $cache->get($key);
if ($data) {
return \Util_PHP::unserialize(gzinflate($data));
}
$quotas = array();
if (is_null($mEnd)) {
$mEnd = time();
}
if (!is_int($mBegin) || !is_int($mEnd)) {
return error('Invalid start, end range');
}
if ($mBegin < 1) {
$mBegin = 0;
}
$uids = $this->user_get_users();
if (!isset($uids[$mUser])) {
return error('Invalid user');
}
$uid = $this->get_uid_from_username($mUser);
$db = PostgreSQL::initialize();
$db->query('SELECT
EXTRACT(epoch FROM ts::TIMESTAMPTZ(0)) as ts,
quota
FROM
storage_log
WHERE
uid = ' . $uid . '
AND
ts >= TO_TIMESTAMP(' . $mBegin . ')
AND
ts < TO_TIMESTAMP(' . $mEnd . ') ORDER BY ts');
while ($row = $db->fetch_object()) {
$quotas[] = array('ts' => (int)$row->ts, 'quota' => (int)$row->quota);
}
$cache->set($key, gzdeflate(serialize($quotas)), 43200);
return $quotas;
}
public function get_quota($users = null)
{
if (!IS_CLI) {
return $this->query('user_get_quota', $users);
}
$formatArray = \is_array($users);
if (!$users || ($this->permission_level & PRIVILEGE_USER)) {
$users = array($this->username);
} else if (!is_array($users)) {
$users = array($users);
}
$webuser = $this->web_get_sys_user();
$do_apache = $this->permission_level & PRIVILEGE_SITE &&
in_array($webuser, $users, true);
$quota_sum = array('qused' => 0, 'fused' => 0);
$uids = array();
foreach ($users as $key => $user) {
if ($do_apache && $user === $webuser) {
continue;
}
if (!($uid = $this->get_uid_from_username($user))) {
warn($user . ': user does not exist');
unset($users[$key]);
}
$uids[$uid] = $user;
}
$quotas = Quota::getUser(array_keys($uids));
$quota_stat = [];
$max = $this->getServiceValue('diskquota', 'enabled') ?
Quota::getGroup($this->group_id)['qhard'] : 0;
$hasFileLimit = null;
if (platform_is('7.5')) {
$hasFileLimit = $this->getServiceValue('diskquota', 'fquota', null);
}
foreach ($quotas as $uid => $quota) {
if (!isset($uids[$uid])) {
warn("Unrecognized UID detected `%d' - continuing", $uid);
continue;
}
if ($quota['qhard'] === 0) {
$quota['qhard'] = $max;
}
if ($hasFileLimit && $quota['fhard'] === 0) {
$quota['fhard'] = $hasFileLimit;
}
$user = $uids[$uid];
$quota_stat[$user] = $quota;
if ($do_apache) {
$quota_sum['qused'] += $quota['qused'];
$quota_sum['fused'] += $quota['fused'];
}
}
if ($do_apache) {
$grp = $this->site_get_account_quota();
$mysql_qquota = 0;
$tmpq = Util_Process::exec('du -s %s%s',
$this->domain_fs_path(),
\Mysql_Module::MYSQL_DATADIR
);
if ($tmpq['success']) {
$tmp = explode(' ', $tmpq['output']);
$mysql_qquota = (int)array_shift($tmp);
}
$ap_qquota = max(-1, $grp['qused'] - $quota_sum['qused'] - $mysql_qquota);
$ap_fquota = max(-1, $grp['qused'] - $quota_sum['qused']);
$quota_stat[$webuser] = array(
'qused' => $ap_qquota,
'qsoft' => $grp['qsoft'],
'qhard' => $grp['qhard'],
'fused' => $ap_fquota,
'fsoft' => $grp['fsoft'],
'fhard' => $grp['fsoft']
);
}
return $formatArray ? $quota_stat : array_pop($quota_stat);
}
public function change_gecos($user, $gecos = null)
{
if (!IS_CLI) {
return $this->query('user_change_gecos', $user, $gecos);
}
if ($this->permission_level & PRIVILEGE_USER || !$gecos) {
$gecos = $user;
$user = $this->username;
}
return $this->usermod_driver($user, array('gecos' => $gecos));
}
public function get_username_from_uid($uid)
{
if ($this->permission_level & PRIVILEGE_ADMIN) {
return posix_getpwuid($uid)['name'] ?? $uid;
}
$site = $this->site_id;
if (!isset($this->uid_mappings[$site])) {
$this->uid_mappings[$site] = array();
} else {
if (isset($this->uid_mappings[$site][$uid])) {
return $this->uid_mappings[$site][$uid];
}
}
if (!($fp = fopen($this->domain_fs_path() . '/etc/passwd', 'r'))) {
return error('/etc/passwd: cannot access file');
}
while (false !== ($line = fgets($fp))) {
$line = explode(':', $line);
if (!isset($line[2]) || !is_numeric($line[2]) || isset($this->uid_mappings[$site][$line[2]])) {
continue;
}
$this->uid_mappings[$site][$line[2]] = $line[0];
}
fclose($fp);
if (!isset($this->uid_mappings[$site][$uid])) {
return false;
}
return $this->uid_mappings[$site][$uid];
}
public function generate_quota_list(
string $user = '',
string $base = '/{home,usr/local,var/www,var/lib,var/log}',
bool $sort = true
) {
if (!IS_CLI) {
return $this->query('user_generate_quota_list', $user, $base, $sort);
}
$file = 'filelist-' . PANEL_BRAND . '.txt';
if (!$user) {
$user_args = '';
} else if (!$this->exists($user)) {
return error('%s: does not exist', $user);
} else {
$user_args = '-user ' . $user;
}
if (false !== ($pos = strpos($base, '{')) && false !== ($end = strpos($base, '}'))) {
$tmp = substr($base, 0, ++$pos);
$tmp .= escapeshellarg(substr($base, $pos, $end - $pos));
$tmp .= substr($base, $end);
$base = $tmp;
} else {
$base = escapeshellarg($base);
}
$chroot_cmd = sprintf('find %s -type f -group %s %s -printf "%s"',
$base,
$this->group_id,
$user_args,
'%10k\t%16s\t%-16u\t%p\r\n'
);
if ($sort) {
$chroot_cmd .= ' | sort -nr';
}
$list = '/home/' . $this->username . '/' . $file;
if (file_exists($tmp = $this->domain_fs_path($list))) {
unlink($tmp) && touch($tmp);
}
$ret = Util_Process::exec("chroot %s /bin/sh -c '(printf %s ; %s) > %s'",
$this->domain_fs_path(),
'"%10s\t%16s\t%-16s\t%s\r\n" "szquota (KB)" "szdisk (B)" username path',
$chroot_cmd,
$list
);
\Opcenter\Filesystem::chogp(
$this->domain_fs_path($list),
$this->user_id,
$this->group_id
);
if (!$ret['success']) {
return false;
}
return $file;
}
public function sgroupdel($group)
{
if (!preg_match(Regex::GROUPNAME, $group)) {
return error("invalid group `%s'", $group);
}
if ($group === $this->username) {
return error("cannot remove base group name `%s'", $this->username);
}
$groups = $this->sgroups();
if (!in_array($group, $groups)) {
return error("cannot remove non-existent group `%s'", $group);
}
$file = $this->domain_fs_path() . '/etc/group';
$fp = fopen($file, 'r+');
flock($fp, LOCK_EX);
$lines = array();
while (false !== ($line = fgets($fp))) {
list($group_name, $password, $gid, $user_list) =
explode(':', $line);
if ($group_name === $group) {
continue;
}
$lines[] = $line;
}
ftruncate($fp, 0);
rewind($fp);
$lines = implode('', $lines);
fwrite($fp, $lines);
flock($fp, LOCK_UN);
fclose($fp);
return true;
}
public function sgroups()
{
$groups = array();
$file = $this->domain_fs_path() . '/etc/group';
$fp = fopen($file, 'r');
while (false !== ($line = fgets($fp))) {
list($group_name, $password, $gid, $user_list) =
explode(':', $line);
if ($gid != $this->group_id) {
continue;
}
$groups[] = $group_name;
}
return $groups;
}
public function sgroupadd(string $group): bool
{
if (!preg_match(Regex::GROUPNAME, $group)) {
return error("invalid group `%s'", $group);
}
$groups = $this->sgroups();
if (in_array($group, $groups)) {
return error("duplicate group `%s'", $group);
}
return (new \Opcenter\Role\Group($this->domain_fs_path()))->create($group, [
'force' => true,
'duplicate' => true,
'gid' => $this->group_id
]);
}
public function _verify_conf(\Opcenter\Service\ConfigurationContext $ctx): bool
{
return true;
}
public function _create()
{
}
public function _delete()
{
$this->deleteUserPreferences($this->getAuthContext());
}
public function _delete_user(string $user)
{
$pam = new Util_Pam($this->getAuthContext());
foreach ($this->enrollment($user) as $svc) {
$pam->remove($user, $svc);
}
$this->erase_quota_history($user);
}
public function enrollment(string $user)
{
if (!$this->exists($user) || $this->get_uid_from_username($user) < self::MIN_UID) {
return error("unknown or system user `%s'", $user);
}
$pam = new Util_Pam($this->getAuthContext());
return $pam->enrolled($user);
}
public function erase_quota_history($user, $until = -1)
{
if (!$this->exists($user)) {
return error("user `$user' does not exist");
}
$uid = $this->get_uid_from_username($user);
$until = intval($until);
if ($until < 0) {
$until = time() + 86400 * 30;
}
$db = MySQL::initialize();
$q = $db->query('DELETE FROM quota_tracker WHERE uid = ' . $uid . ' AND ts < FROM_UNIXTIME(' . $until . ');');
return (bool)$q;
}
public function delete_user($user)
{
deprecated_func('use user_delete');
return $this->delete($user);
}
public function delete($user)
{
if (!IS_CLI) {
return $this->query('user_delete', $user);
}
$users = $this->get_users();
if (!isset($users[$user])) {
return error("user `%s' not found", $user);
} else if ($user == $this->getServiceValue('siteinfo', 'admin_user')) {
return error('cannot delete primary user');
}
$uid = $users[$user]['uid'];
$domains = $this->aliases_list_shared_domains();
$home = $this->get_home($user);
$subdomains = array_keys(
$this->web_list_subdomains('path', '!^' . $home . '/!')
);
$blocking = array();
foreach ($domains as $domain => $path) {
if (!$this->file_exists($path)) {
continue;
}
$stat = $this->file_stat($path);
if (!$stat) {
continue;
}
if (0 === strpos($home, $path) || $stat['uid'] == $uid) {
$blocking[] = $domain;
}
}
$subcount = count($subdomains);
$domaincount = count($blocking);
if ($domaincount > 0 || $subcount > 0) {
Util_Conf::sort_domains($blocking);
if ($domaincount > 0) {
error("one or more domains rely on user `%s', remove or relocate these domains first (DNS > Addon Domains): `%s'",
$user, implode(', ', $blocking));
}
if (count($subdomains) === 1 && ($subdomains[0] === $user || 0 === strpos($subdomains[0] . '.',
$user . '.'))) {
$subcount--;
info("removed user-specific subdomain, `%s'", $subdomains[0]);
$this->web_remove_subdomain($subdomains[0]);
} else {
if (count($subdomains) > 0) {
error("one or more subdomains rely on user `%s', remove or relocate these subdomains first (Web > Subdomains): `%s'",
$user, implode(', ', $subdomains));
}
}
if ($domaincount || $subcount) {
return false;
}
}
$userCtx = \Auth::context($user, $this->site);
Util_Account_Hooks::instantiateContexted($this->getAuthContext())->run('delete_user', [$user]);
$instance = User::bindTo($this->domain_fs_path());
$ret = $instance->delete($user, true);
if (!$ret) {
return false;
}
$instance->releaseUid($uid, $this->site_id);
\apnscpSession::invalidate_by_user($this->site_id, $user);
$this->deleteUserPreferences($userCtx);
$this->flush();
$key = $this->site . '.' . $user;
if (array_has($this->uid_mappings, $key)) {
array_forget($this->uid_mappings, $key);
}
if ($uid >= self::VIRT_MIN_UID && false !== ($pwd = posix_getpwuid($uid))) {
User::bindTo('/')->delete($pwd['name'], false);
}
return $ret;
}
public function _edit()
{
$new = $this->getAuthContext()->conf('siteinfo', 'new');
$old = $this->getAuthContext()->conf('siteinfo', 'old');
if ($new['admin_user'] === $old['admin_user']) {
return true;
}
return $this->_edit_user($old['admin_user'], $new['admin_user'], []);
}
public function _edit_user(string $user, string $usernew, array $oldpwd)
{
$pam = new Util_Pam($this->getAuthContext());
$pam->renameUser($user, $usernew);
$this->flush();
}
public function _create_user(string $user)
{
}
private function deleteUserPreferences(\Auth_Info_User $ctx): void
{
User::bindTo($ctx->domain_fs_path())->flushCache($ctx);
}
}