Ejemplo n.º 1
0
func SqlDatabasesAdd(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "databases")

	if !auth {
		return "not_authorized"
	}

	db_name := util.Query(ctx, "db_name")

	if db_name == "" {
		return "db_name_required"
	}

	db, _ := util.MySQL()
	defer db.Close()

	//    stmt, _ := db.Prepare("CREATE USER ?@'%' IDENTIFIED BY ?;")
	//    _, err := stmt.Exec(hcuser.System_username + "_" + username, password)
	db_name = util.LastResortSanitize(db_name)
	db_name = string(hcuser.System_username + "_" + db_name)

	stmt, err := db.Prepare("create database " + db_name + "")
	if err != nil {
		return "bad_characters_used "
	}
	_, err = stmt.Exec()
	if err != nil {
		return "failed_to_create_database"
	}
	stmt.Close()

	return "success"
}
Ejemplo n.º 2
0
func DnsDeleteDomain(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "dns")

	if !auth {
		return "not_authorized"
	}

	domain := util.Query(ctx, "domain")

	if domain == "" {
		return "domain_required"
	}

	db, _ := util.MySQL()
	defer db.Close()

	xstmt, _ := db.Prepare("DELETE FROM `hostcontrol`.`domains` where `name`=? and `account`=?")

	_, err := xstmt.Exec(domain, hcuser.System_username)
	xstmt.Close()

	if err != nil {
		return "failed_to_delete_domain"
	}

	return "success"
}
Ejemplo n.º 3
0
func addtoken(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "any")
	if !auth {
		ctx.Redirect("/", 302)
		return ""
	}

	description := util.Query(ctx, "description")
	token := util.MkToken()

	db, _ := util.MySQL()
	defer db.Close()

	xstmt, _ := db.Prepare("INSERT INTO `hostcontrol`.`hostcontrol_user_tokens` set `token`=?, `hostcontrol_id`=?, `description`=?, token_id=null")
	_, err := xstmt.Exec(token, hcuser.Hostcontrol_id, description)
	xstmt.Close()

	if err != nil {
		set_error("Failed to create new token.", ctx)
		ctx.Redirect("/settings", 302)
		return "Failed to create new token."
	}

	set_error("Created new token.", ctx)
	ctx.Redirect("/settings", 302)

	return ""
}
Ejemplo n.º 4
0
func websites(ctx *macaron.Context) string {
	_, auth := util.Auth(ctx, "websites")
	if !auth {
		ctx.Redirect("/", 302)
		return ""
	}

	var tpl vision.New
	tpl.TemplateFile("template/websites.tpl")
	tpl.Parse("websites")

	websites := API("/api/web/domain/list", ctx)

	domains := make(map[string]map[string]string)
	json.Unmarshal([]byte(websites), &domains)

	for _, domain := range domains {
		tpl.Assign("vhost_id", domain["vhost_id"])
		tpl.Assign("system_username", domain["system_username"])
		tpl.Assign("domain", domain["domain"])
		tpl.Assign("documentroot", domain["documentroot"])
		tpl.Assign("ipaddr", domain["ipaddr"])
		tpl.Assign("ssl_enabled", domain["ssl_enabled"])

		determin_fm_page := strings.Split(domain["documentroot"], "www")
		filemanager_path := "www" + determin_fm_page[1]

		tpl.Assign("filemanager_path", filemanager_path)
		tpl.Parse("websites/domain")
	}

	return header(ctx) + tpl.Out() + footer(ctx)
}
Ejemplo n.º 5
0
func logout(ctx *macaron.Context) string {
	var tpl vision.New
	tpl.TemplateFile("template/login.tpl")

	user, auth := util.Auth(ctx, "any")

	if user.Sudo {
		ctx.SetCookie("sudo", "", -1)
		set_error("No longer logged in as "+user.System_username+".", ctx)
		ctx.Redirect("/dashboard", 302)
		return "success"
	}

	if auth {
		new_token := util.MkToken()
		db, _ := util.MySQL()
		defer db.Close()

		ustmt, _ := db.Prepare("update hostcontrol_users set login_token=? where system_username=?")
		ustmt.Exec(new_token, user.System_username)
		ustmt.Close()
	}

	ctx.SetCookie("hostcontrol_id", "", -1)
	ctx.SetCookie("login_token", "", -1)

	tpl.Parse("login")
	tpl.Parse("login/logged_out")
	return tpl.Out()

}
Ejemplo n.º 6
0
func MailDeleteDomain(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "mail")

	if !auth {
		return "not_authorized"
	}

	domain := util.Query(ctx, "domain")

	if domain == "" {
		return "domain_required"
	}

	db, _ := util.MySQL()
	defer db.Close()

	xstmt, _ := db.Prepare("DELETE FROM `hostcontrol`.`mail_domains` WHERE `domain`=? AND `system_username`=?")

	_, err := xstmt.Exec(domain, hcuser.System_username)
	xstmt.Close()

	if err != nil {
		return "failed_to_delete_domain"
	}

	os.RemoveAll("/home/vmail/" + domain)

	return "success"
}
Ejemplo n.º 7
0
func FtpEditUser(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "ftpusers")
	if !auth {
		return "not_authorized"
	}

	username := util.Query(ctx, "username")
	password := util.Query(ctx, "password")

	db, _ := util.MySQL()
	defer db.Close()

	// check if user owns domain
	dstmt, _ := db.Prepare("SELECT * FROM `hostcontrol_ftpusers` WHERE `ftpusername`=? and `system_username`=?")
	row1, _ := dstmt.Query(username, hcuser.System_username)
	defer dstmt.Close()
	if !row1.Next() {
		return "user_not_found"
	}

	// set the password
	util.Bash("echo " + util.SHSanitize(password) + " | passwd " + util.SHSanitize(username) + " --stdin")

	return "success"
}
Ejemplo n.º 8
0
func header(ctx *macaron.Context) string {
	var tpl vision.New
	tpl.TemplateFile("template/overall.tpl")

	user, auth := util.Auth(ctx, "any")
	if auth {
		tpl.Assign("username", user.System_username)
	}

	tpl.Parse("header")

	err_str := ctx.GetCookie("err_str")
	if err_str != "" {
		tpl.Assign("message", err_str)
		tpl.Parse("header/error")
		ctx.SetCookie("err_str", "")
	}

	info_str := ctx.GetCookie("info_str")
	if info_str != "" {
		tpl.Assign("message", info_str)
		tpl.Parse("header/info")
		ctx.SetCookie("info_str", "")
	}

	return tpl.Out()
}
Ejemplo n.º 9
0
// This will return RHEL7 for the server API test. Note that all functions need to be prefixed with DISTRO TAG.
func SqlDatabasesList(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "databases")

	if !auth {
		return "not_authorized"
	}

	db, _ := util.MySQL()
	defer db.Close()

	rows, err := db.Query("show databases like '" + hcuser.System_username + "\\_%'")
	if err != nil {
		return "bad_characters_used "
	}

	var data []string

	for rows.Next() {
		var db_name string

		rows.Scan(&db_name)

		data = append(data, db_name)
	}

	output, err := json.Marshal(data)
	if err != nil {
		return "json_out_failed: " + string(err.Error())
	}

	return string(output)
}
Ejemplo n.º 10
0
func MailAddDomain(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "mail")

	if !auth {
		return "not_authorized"
	}

	domain := util.Query(ctx, "domain")

	if domain == "" {
		return "domain_required"
	}

	db, _ := util.MySQL()
	defer db.Close()

	xstmt, _ := db.Prepare("INSERT INTO `hostcontrol`.`mail_domains` set `domain_id`=NULL, `domain`=?, `system_username`=?")

	_, err := xstmt.Exec(domain, hcuser.System_username)
	xstmt.Close()

	if err != nil {
		return "failed_to_create_domain"
	}

	return "success"
}
Ejemplo n.º 11
0
func ftpusers(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "ftpusers")
	if !auth {
		ctx.Redirect("/", 302)
		return ""
	}

	var tpl vision.New
	tpl.TemplateFile("template/ftpusers.tpl")

	tpl.Assign("homedir", hcuser.HomeDir)
	tpl.Parse("ftpusers")

	userdata := API("/api/ftpusers/list", ctx)

	users := make(map[string]map[string]string)
	json.Unmarshal([]byte(userdata), &users)

	for _, user := range users {
		tpl.Assign("username", user["username"])
		tpl.Assign("homedir", user["homedir"])

		tpl.Parse("ftpusers/user")
	}

	return header(ctx) + tpl.Out() + footer(ctx)
}
Ejemplo n.º 12
0
func SqlUsersList(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "databases")

	if !auth {
		return "not_authorized"
	}

	db, _ := util.MySQL()
	defer db.Close()

	stmt, _ := db.Prepare("select DISTINCT user from mysql.user where user like concat(?,'_%')")
	rows, err := stmt.Query(hcuser.System_username)
	if err != nil {
		return "failed_user_select_query" + string(err.Error())
	}
	stmt.Close()

	var data []string

	for rows.Next() {
		var db_user string

		rows.Scan(&db_user)

		data = append(data, db_user)
	}

	output, err := json.Marshal(data)
	if err != nil {
		return "json_out_failed: " + string(err.Error())
	}

	return string(output)
}
Ejemplo n.º 13
0
func MailAddUser(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "mail")

	if !auth {
		return "not_authorized"
	}

	domain := util.Query(ctx, "domain")
	if domain == "" {
		return "domain_required"
	}
	username := util.Query(ctx, "username")
	if username == "" {
		return "username_required"
	}
	password := util.Query(ctx, "password")
	if password == "" {
		return "password_required"
	}

	email_address := username + "@" + domain

	db, _ := util.MySQL()
	defer db.Close()

	// check if user owns domain
	dstmt, _ := db.Prepare("SELECT * FROM `hostcontrol`.`mail_domains` WHERE `domain`=? and `system_username`=?")
	row1, _ := dstmt.Query(domain, hcuser.System_username)
	defer dstmt.Close()
	if !row1.Next() {
		return "domain_not_found"
	}

	// make sure email address does not already exist
	estmt, _ := db.Prepare("SELECT * FROM `hostcontrol`.`mail_users` WHERE email=? and domain=?")
	row2, _ := estmt.Query(email_address, domain)
	defer estmt.Close()
	if row2.Next() {
		return "email_account_exists"
	}

	xstmt, _ := db.Prepare("INSERT INTO `hostcontrol`.`mail_users` set `email`=?, `password`=ENCRYPT(?), `domain`=?")
	_, err := xstmt.Exec(email_address, password, domain)
	xstmt.Close()

	if err != nil {
		return "failed_to_create_domain"
	}

	return "success"
}
Ejemplo n.º 14
0
func DeleteWebsite(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "websites")
	if !auth {
		return "not_authorized"
	}

	db, err := util.MySQL()
	if err != nil {
		return string(err.Error())
	}
	defer db.Close()

	vhost_id := util.Query(ctx, "vhost_id")

	stmt, _ := db.Prepare("SELECT * from website_vhosts WHERE vhost_id = ? and system_username=?")
	rows, _ := stmt.Query(vhost_id, hcuser.System_username)
	stmt.Close()

	if rows.Next() {
		var vhost_id string
		var system_username string
		var domain string
		var documentroot string
		var ipaddr string
		var ssl_enabled string
		var ssl_certificate string
		var ssl_key string
		var ssl_ca_certificate string

		rows.Scan(&vhost_id, &system_username, &domain, &documentroot, &ipaddr, &ssl_enabled, &ssl_certificate, &ssl_key, &ssl_ca_certificate)

		os.RemoveAll("/var/log/httpd/" + hcuser.System_username + "/" + domain + "-error_log")
		os.RemoveAll("/var/log/httpd/" + hcuser.System_username + "/" + domain + "-access_log")
		os.RemoveAll("/var/log/httpd/" + hcuser.System_username + "/" + domain + "-ssl-error_log")
		os.RemoveAll("/var/log/httpd/" + hcuser.System_username + "/" + domain + "-ssl-access_log")
		os.RemoveAll("/etc/pki/tls/certs/" + domain + ".crt")
		os.RemoveAll("/etc/pki/tls/certs/" + domain + ".ca.crt")
		os.RemoveAll("/etc/pki/tls/private/" + domain + ".key")
		os.RemoveAll("/etc/httpd/vhosts.d/" + domain + ".conf")
		os.RemoveAll("/etc/httpd/vhosts.d/" + domain + ".ssl.conf")
		stmt, _ = db.Prepare("delete from website_vhosts where vhost_id=?")
		stmt.Exec(vhost_id)
		stmt.Close()

	} else {
		return "domain_not_found"
	}

	util.Bash("systemctl reload httpd")
	return "success"
}
Ejemplo n.º 15
0
func Deleteuser(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "sysusers")
	if !auth {
		return "not_authorized"
	}

	username := util.Query(ctx, "username")

	if username == "" || username == "root" {
		return "username_required"
	}

	db, _ := util.MySQL()
	defer db.Close()

	// check if user actually owns child
	if !util.ChkPaternity(hcuser.System_username, username) {
		return "failed_ownership_check"
	}

	users := make(map[string]map[string]string)
	users = util.Getusers(username, users, db)
	for _, subuser := range users {
		cleanupuserdata(subuser["system_username"], ctx)
		// delete the user and homedir
		util.Cmd("userdel", []string{subuser["system_username"], "-f", "-r"})
		// remove the user
		stmt, _ := db.Prepare("delete from hostcontrol_users where system_username=?")
		stmt.Exec(subuser["system_username"])
		stmt.Close()

	}

	cleanupuserdata(username, ctx)

	// delete the user and homedir
	util.Cmd("userdel", []string{username, "-f", "-r"})

	// make sure user was delete
	_, lookup_err2 := user.Lookup(username)
	if lookup_err2 == nil {
		return "failed_to_delete_user"
	}

	// remove the user
	stmt, _ := db.Prepare("delete from hostcontrol_users where system_username=?")
	stmt.Exec(username)
	stmt.Close()

	return "success"
}
Ejemplo n.º 16
0
func users(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "sysusers")
	if !auth {
		ctx.Redirect("/", 302)
		return ""
	}

	var tpl vision.New
	tpl.TemplateFile("template/users.tpl")
	tpl.Parse("users")

	if strings.Contains(hcuser.Privileges, "all") {
		tpl.Parse("users/perms_all")
	}
	if strings.Contains(hcuser.Privileges, "websites") || strings.Contains(hcuser.Privileges, "all") {
		tpl.Parse("users/perms_websites")
	}
	if strings.Contains(hcuser.Privileges, "mail") || strings.Contains(hcuser.Privileges, "all") {
		tpl.Parse("users/perms_mail")
	}
	if strings.Contains(hcuser.Privileges, "databases") || strings.Contains(hcuser.Privileges, "all") {
		tpl.Parse("users/perms_databases")
	}
	if strings.Contains(hcuser.Privileges, "ftpusers") || strings.Contains(hcuser.Privileges, "all") {
		tpl.Parse("users/perms_ftpusers")
	}
	if strings.Contains(hcuser.Privileges, "dns") || strings.Contains(hcuser.Privileges, "all") {
		tpl.Parse("users/perms_dns")
	}
	if strings.Contains(hcuser.Privileges, "sysusers") || strings.Contains(hcuser.Privileges, "all") {
		tpl.Parse("users/perms_sysusers")
	}

	userdata := API("/api/users/list", ctx)

	users := make(map[string]map[string]string)
	json.Unmarshal([]byte(userdata), &users)

	for _, user := range users {
		tpl.Assign("hostcontrol_id", user["hostcontrol_id"])
		tpl.Assign("system_username", user["system_username"])
		tpl.Assign("privileges", user["privileges"])
		tpl.Assign("owned_by", user["owned_by"])
		tpl.Assign("login_token", user["login_token"])
		tpl.Assign("email_address", user["email_address"])

		tpl.Parse("users/user")
	}

	return header(ctx) + tpl.Out() + footer(ctx)
}
Ejemplo n.º 17
0
func dashboard(ctx *macaron.Context) string {
	//hcuser, auth := util.Auth(ctx, "any")
	_, auth := util.Auth(ctx, "any")
	if !auth {
		ctx.Redirect("/", 302)
		return ""
	}

	var tpl vision.New
	tpl.TemplateFile("template/dashboard.tpl")

	tpl.Parse("dashboard")

	return header(ctx) + tpl.Out() + footer(ctx)
}
Ejemplo n.º 18
0
func file_editor(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "any")
	if !auth {
		ctx.Redirect("/", 302)
		return ""
	}

	suser, err := user.Lookup(hcuser.System_username)

	if err != nil {
		return die(ctx, string(err.Error()))
	}

	selected_object := path.Clean(util.Query(ctx, "path"))
	full_object := path.Clean(suser.HomeDir + "/" + selected_object)

	// check ownership...
	uid, _ := strconv.Atoi(suser.Uid)
	gid, _ := strconv.Atoi(suser.Gid)
	if !util.ChkPerms(full_object, uid, gid) {
		return die(ctx, "You do not have access to object "+full_object)
	}

	filecontents := util.Query(ctx, "filecontents")
	if filecontents != "" {
		filecontents = strings.Replace(filecontents, "\r\n", "\n", -1)
		ioutil.WriteFile(full_object, []byte(filecontents), 0644)
	}

	rawcontents, err := ioutil.ReadFile(full_object)
	if err != nil {
		return die(ctx, string(err.Error()))
	}

	content := html.EscapeString(string(rawcontents))

	var tpl vision.New
	tpl.TemplateFile("template/file-editor.tpl")

	tpl.Assign("path_up", path.Dir(selected_object))
	tpl.Assign("selected_path", selected_object)
	tpl.Assign("current_path", full_object)
	tpl.Assign("filedata", content)

	tpl.Parse("file-editor")

	return header(ctx) + tpl.Out() + footer(ctx)
}
Ejemplo n.º 19
0
func ListWebsites(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "websites")

	if !auth {
		return "not_authorized"
	}

	db, err := util.MySQL()
	defer db.Close()

	stmt, _ := db.Prepare("SELECT * from website_vhosts WHERE system_username = ?")
	rows, _ := stmt.Query(hcuser.System_username)
	stmt.Close()

	data := make(map[string]map[string]string)

	for rows.Next() {
		var vhost_id string
		var system_username string
		var domain string
		var documentroot string
		var ipaddr string
		var ssl_enabled string
		var ssl_certificate string
		var ssl_key string
		var ssl_ca_certificate string

		rows.Scan(&vhost_id, &system_username, &domain, &documentroot, &ipaddr, &ssl_enabled, &ssl_certificate, &ssl_key, &ssl_ca_certificate)

		data[domain] = make(map[string]string)
		data[domain]["vhost_id"] = vhost_id
		data[domain]["system_username"] = system_username
		data[domain]["domain"] = domain
		data[domain]["documentroot"] = documentroot
		data[domain]["ipaddr"] = ipaddr
		data[domain]["ssl_enabled"] = ssl_enabled
		data[domain]["ssl_certificate"] = ssl_certificate
		data[domain]["ssl_key"] = ssl_key
		data[domain]["ssl_ca_certificate"] = ssl_ca_certificate
	}

	output, err := json.Marshal(data)
	if err != nil {
		return "json_out_failed: " + string(err.Error())
	}

	return string(output)
}
Ejemplo n.º 20
0
func sslmanager(ctx *macaron.Context) string {
	_, auth := util.Auth(ctx, "websites")
	if !auth {
		ctx.Redirect("/", 302)
		return ""
	}

	vhost_id := util.Query(ctx, "vhost_id")

	var tpl vision.New
	tpl.TemplateFile("template/websites.sslmanager.tpl")

	websites := API("/api/web/domain/list", ctx)

	domains := make(map[string]map[string]string)
	json.Unmarshal([]byte(websites), &domains)

	found := false
	for _, domain := range domains {
		if domain["vhost_id"] == vhost_id {
			tpl.Assign("vhost_id", domain["vhost_id"])
			tpl.Assign("system_username", domain["system_username"])
			tpl.Assign("domain", domain["domain"])
			tpl.Assign("documentroot", domain["documentroot"])
			tpl.Assign("ipaddr", domain["ipaddr"])
			tpl.Assign("ssl_certificate", domain["ssl_certificate"])
			tpl.Assign("ssl_key", domain["ssl_key"])
			tpl.Assign("ssl_ca_certificate", domain["ssl_ca_certificate"])

			if domain["ssl_enabled"] == "Y" {
				tpl.Assign("ssl_enabled", "checked")
			} else {
				tpl.Assign("ssl_enabled", "")
			}
			found = true
		}
	}

	if !found {
		set_error("Failed to find requested domain.", ctx)
		ctx.Redirect("/websites", 302)
		return ""
	}
	tpl.Parse("sslmanager")

	return header(ctx) + tpl.Out() + footer(ctx)
}
Ejemplo n.º 21
0
func dashboard(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "any")
	if !auth {
		ctx.Redirect("/", 302)
		return ""
	}

	var tpl vision.New
	tpl.TemplateFile("template/dashboard.tpl")

	hostname := string(ctx.Req.Header.Get("X-FORWARDED-HOST"))
	if hostname == "" {
		hostname = string(ctx.Req.Host)
	}
	hostname = strings.Split(hostname, ":")[0]
	tpl.Assign("console_url", "https://"+hostname+"/shellinabox")

	tpl.Parse("dashboard")

	if (strings.Contains(hcuser.Privileges, "websites") || strings.Contains(hcuser.Privileges, "all")) && hcuser.System_username != "root" {
		tpl.Parse("dashboard/websitesbtn")
	}
	if strings.Contains(hcuser.Privileges, "databases") || strings.Contains(hcuser.Privileges, "all") {
		tpl.Parse("dashboard/databasesbtn")
	}
	if strings.Contains(hcuser.Privileges, "dns") || strings.Contains(hcuser.Privileges, "all") {
		tpl.Parse("dashboard/dnsbtn")
	}
	if (strings.Contains(hcuser.Privileges, "mail") || strings.Contains(hcuser.Privileges, "all")) && hcuser.System_username != "root" {
		tpl.Parse("dashboard/mailbtn")
	}
	if (strings.Contains(hcuser.Privileges, "ftpusers") || strings.Contains(hcuser.Privileges, "all")) && hcuser.System_username != "root" {
		tpl.Parse("dashboard/ftpusersbtn")
	}
	if strings.Contains(hcuser.Privileges, "all") {
		tpl.Parse("dashboard/firewallbtn")
	}
	if strings.Contains(hcuser.Privileges, "all") {
		tpl.Parse("dashboard/servicesbtn")
	}
	if strings.Contains(hcuser.Privileges, "sysusers") || strings.Contains(hcuser.Privileges, "all") {
		tpl.Parse("dashboard/usersbtn")
	}
	return header(ctx) + tpl.Out() + footer(ctx)
}
Ejemplo n.º 22
0
// This will return RHEL7 for the server API test. Note that all functions need to be prefixed with DISTRO TAG.
func SqlGrantsList(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "databases")

	if !auth {
		return "not_authorized"
	}

	db_name := util.Query(ctx, "db_name")

	if db_name == "" {
		return "db_name_required"
	}

	owner := strings.Split(db_name, "_")[0]

	if owner != hcuser.System_username {
		return "failed_not_yours"
	}

	db, _ := util.MySQL()
	defer db.Close()

	stmt, _ := db.Prepare("select user from mysql.db where db=?")
	rows, err := stmt.Query(db_name)
	if err != nil {
		return "bad_characters_used "
	}
	stmt.Close()
	var data []string

	for rows.Next() {
		var db_user string

		rows.Scan(&db_user)

		data = append(data, db_user)
	}

	output, err := json.Marshal(data)
	if err != nil {
		return "json_out_failed: " + string(err.Error())
	}

	return string(output)
}
Ejemplo n.º 23
0
func MailList(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "mail")

	if !auth {
		return "not_authorized"
	}

	db, _ := util.MySQL()
	defer db.Close()

	stmt, _ := db.Prepare("SELECT mail_domains.domain, email_id, email FROM mail_domains LEFT JOIN mail_users ON mail_users.domain=mail_domains.domain WHERE `system_username`=?")
	rows, _ := stmt.Query(hcuser.System_username)
	stmt.Close()

	// map[domain]map[email_id]map[key]value
	data := make(map[string]map[string]map[string]string)
	for rows.Next() {
		var email_id string
		var email string
		var domain string

		rows.Scan(&domain, &email_id, &email)
		if _, ok := data[domain]; !ok {
			data[domain] = make(map[string]map[string]string)
		}

		// some logic for if it's empty or not...
		if email_id != "" && email != "" {
			data[domain][email_id] = make(map[string]string)
			data[domain][email_id]["email_id"] = email_id
			data[domain][email_id]["email"] = email
		}

		data[domain]["placebo"] = make(map[string]string)
		data[domain]["placebo"]["placebo"] = "placebo"

	}

	output, err := json.Marshal(data)
	if err != nil {
		return "json_out_failed: " + string(err.Error())
	}
	return string(output)
}
Ejemplo n.º 24
0
func mail(ctx *macaron.Context) string {
	_, auth := util.Auth(ctx, "mail")
	if !auth {
		ctx.Redirect("/", 302)
		return ""
	}

	var tpl vision.New
	tpl.TemplateFile("template/mail.tpl")

	hostname := string(ctx.Req.Header.Get("X-FORWARDED-HOST"))
	if hostname == "" {
		hostname = string(ctx.Req.Host)
	}
	hostname = strings.Split(hostname, ":")[0]

	tpl.Assign("webmail_url", "https://"+hostname+"/roundcubemail")

	tpl.Parse("mail")

	// list domains and records
	dns_data := API("/api/mail/list", ctx)

	// map[domain]map[record_id]map[key]value
	data := make(map[string]map[string]map[string]string)
	json.Unmarshal([]byte(dns_data), &data)

	for domain, email_accounts := range data {
		tpl.Assign("domain_name", domain)
		tpl.Parse("mail/domain")

		for key, email := range email_accounts {
			if key == "placebo" {
				continue
			}
			tpl.Assign("email", email["email"])
			tpl.Assign("email_id", email["email_id"])
			tpl.Parse("mail/domain/email")
		}
	}

	return header(ctx) + tpl.Out() + footer(ctx)
}
Ejemplo n.º 25
0
func dns(ctx *macaron.Context) string {
	_, auth := util.Auth(ctx, "dns")
	if !auth {
		ctx.Redirect("/", 302)
		return ""
	}

	var tpl vision.New
	tpl.TemplateFile("template/dns.tpl")
	tpl.Parse("dns")

	// list domains and records
	dns_data := API("/api/dns/list", ctx)

	// map[domain]map[record_id]map[key]value
	data := make(map[string]map[string]map[string]string)
	json.Unmarshal([]byte(dns_data), &data)

	for domain, records := range data {
		tpl.Assign("domain_name", domain)
		tpl.Parse("dns/domain")

		for key, record := range records {
			if key == "placebo" {
				continue
			}
			tpl.Assign("record_change_date", record["record_change_date"])
			tpl.Assign("record_content", record["record_content"])
			tpl.Assign("record_disabled", record["record_disabled"])
			tpl.Assign("record_domain_id", record["record_domain_id"])
			tpl.Assign("record_id", record["record_id"])
			tpl.Assign("record_name", record["record_name"])
			tpl.Assign("record_ordername", record["record_ordername"])
			tpl.Assign("record_prio", record["record_prio"])
			tpl.Assign("record_ttl", record["record_ttl"])
			tpl.Assign("record_type", record["record_type"])
			tpl.Parse("dns/domain/record")
		}
	}

	return header(ctx) + tpl.Out() + footer(ctx)
}
Ejemplo n.º 26
0
func MailEditUser(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "mail")

	if !auth {
		return "not_authorized"
	}

	email_address := util.Query(ctx, "email")
	if email_address == "" {
		return "email_required"
	}
	password := util.Query(ctx, "password")
	if email_address == "" {
		return "password_required"
	}

	strsplt := strings.Split(email_address, "@")
	if len(strsplt) != 2 {
		return "invalid_email"
	}

	//username := strsplt[0]
	domain := strsplt[1]

	db, _ := util.MySQL()
	defer db.Close()

	// check if user owns domain
	dstmt, _ := db.Prepare("SELECT * FROM `hostcontrol`.`mail_domains` WHERE `domain`=? and `system_username`=?")
	row1, _ := dstmt.Query(domain, hcuser.System_username)
	defer dstmt.Close()
	if !row1.Next() {
		return "domain_not_found"
	}

	// update serial for domain
	ustmt, _ := db.Prepare("UPDATE `hostcontrol`.`mail_users` SET `password`=ENCRYPT(?) WHERE `email`=?")
	ustmt.Exec(password, email_address)
	ustmt.Close()

	return "success"
}
Ejemplo n.º 27
0
func Listusers(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "sysusers")

	if !auth {
		return "not_authorized"
	}

	db, _ := util.MySQL()
	defer db.Close()

	data := make(map[string]map[string]string)
	data = util.Getusers(hcuser.System_username, data, db)

	output, err := json.Marshal(data)
	if err != nil {
		return "json_out_failed: " + string(err.Error())
	}

	return string(output)
}
Ejemplo n.º 28
0
func deletetoken(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "any")
	if !auth {
		ctx.Redirect("/", 302)
		return ""
	}

	token := util.Query(ctx, "token")

	db, _ := util.MySQL()
	defer db.Close()

	ustmt, _ := db.Prepare("DELETE FROM `hostcontrol`.`hostcontrol_user_tokens` WHERE `token`=? and hostcontrol_id=?")
	ustmt.Exec(token, hcuser.Hostcontrol_id)
	ustmt.Close()

	set_error("Token deleted.", ctx)
	ctx.Redirect("/settings", 302)

	return ""
}
Ejemplo n.º 29
0
func sudo(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "sysusers")
	if !auth {
		ctx.Redirect("/", 302)
		return ""
	}

	username := util.Query(ctx, "username")

	if !util.ChkPaternity(hcuser.System_username, username) {
		set_error("Failed to sudo to "+username+"!", ctx)
		ctx.Redirect("/users", 302)
		return "failed!"

	}

	ctx.SetCookie("sudo", username, 864000)
	set_error("You are now logged in as "+username+"! Clicking logout will switch back to "+hcuser.System_username+".", ctx)
	ctx.Redirect("/dashboard", 302)
	return "success"
}
Ejemplo n.º 30
0
func DnsAddDomain(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "dns")

	if !auth {
		return "not_authorized"
	}
	timestamp := strconv.FormatInt(time.Now().Unix(), 10)

	domain := util.Query(ctx, "domain")

	if domain == "" {
		return "domain_required"
	}

	db, err := util.MySQL()
	defer db.Close()

	xstmt, _ := db.Prepare("INSERT INTO `hostcontrol`.`domains` set `id`=NULL, `name`=?, `master`=NULL, `last_check`=NULL, `type`='NATIVE', `notified_serial`=?, `account`=?")

	res, err := xstmt.Exec(domain, timestamp, hcuser.System_username)
	xstmt.Close()

	if err != nil {
		return "failed_to_create_domain"
	}

	inserted_id, err := res.LastInsertId()
	if err != nil {
		return "failed_to_create_domain"
	}

	ystmt, _ := db.Prepare("INSERT INTO `hostcontrol`.`records` set `id`=NULL, `domain_id`=?, `name`=?, `type`='SOA', `content`=?, `ttl`='86400', `prio`='0', `change_date`=?, `disabled`='0', `ordername`='0', `auth`='1'")
	_, yerr := ystmt.Exec(inserted_id, domain, "localhost webmaster@localhost 1", timestamp)
	ystmt.Close()
	if yerr != nil {
		return "failed_to_create_soa"
	}

	return "success"
}