func FtpEditUser(ctx *macaron.Context) string {
hcuser, auth := util.Auth(ctx, "ftpusers")
if !auth {
return "not_authorized"
}
username := util.Query(ctx, "username")
password := util.Query(ctx, "password")
db, _ := util.MySQL()
defer db.Close()
// check if user owns domain
dstmt, _ := db.Prepare("SELECT * FROM `hostcontrol_ftpusers` WHERE `ftpusername`=? and `system_username`=?")
row1, _ := dstmt.Query(username, hcuser.System_username)
defer dstmt.Close()
if !row1.Next() {
return "user_not_found"
}
// set the password
util.Bash("echo " + util.SHSanitize(password) + " | passwd " + util.SHSanitize(username) + " --stdin")
return "success"
}
func ChPassword(username string, password string) bool {
if username == "" {
return false
}
if password == "" {
return false
}
// set the password
util.Bash("echo " + util.SHSanitize(password) + " | passwd " + util.SHSanitize(username) + " --stdin")
return true
}
func DeleteWebsite(ctx *macaron.Context) string {
hcuser, auth := util.Auth(ctx, "websites")
if !auth {
return "not_authorized"
}
db, err := util.MySQL()
if err != nil {
return string(err.Error())
}
defer db.Close()
vhost_id := util.Query(ctx, "vhost_id")
stmt, _ := db.Prepare("SELECT * from website_vhosts WHERE vhost_id = ? and system_username=?")
rows, _ := stmt.Query(vhost_id, hcuser.System_username)
stmt.Close()
if rows.Next() {
var vhost_id string
var system_username string
var domain string
var documentroot string
var ipaddr string
var ssl_enabled string
var ssl_certificate string
var ssl_key string
var ssl_ca_certificate string
rows.Scan(&vhost_id, &system_username, &domain, &documentroot, &ipaddr, &ssl_enabled, &ssl_certificate, &ssl_key, &ssl_ca_certificate)
os.RemoveAll("/var/log/httpd/" + hcuser.System_username + "/" + domain + "-error_log")
os.RemoveAll("/var/log/httpd/" + hcuser.System_username + "/" + domain + "-access_log")
os.RemoveAll("/var/log/httpd/" + hcuser.System_username + "/" + domain + "-ssl-error_log")
os.RemoveAll("/var/log/httpd/" + hcuser.System_username + "/" + domain + "-ssl-access_log")
os.RemoveAll("/etc/pki/tls/certs/" + domain + ".crt")
os.RemoveAll("/etc/pki/tls/certs/" + domain + ".ca.crt")
os.RemoveAll("/etc/pki/tls/private/" + domain + ".key")
os.RemoveAll("/etc/httpd/vhosts.d/" + domain + ".conf")
os.RemoveAll("/etc/httpd/vhosts.d/" + domain + ".ssl.conf")
stmt, _ = db.Prepare("delete from website_vhosts where vhost_id=?")
stmt.Exec(vhost_id)
stmt.Close()
} else {
return "domain_not_found"
}
util.Bash("systemctl reload httpd")
return "success"
}
func Adduser(ctx *macaron.Context) string {
hcuser, auth := util.Auth(ctx, "sysusers")
if !auth {
return "not_authorized"
}
username := util.Query(ctx, "username")
password := util.Query(ctx, "password")
if username == "" || username == "root" {
return "username_required"
}
if password == "" {
return "password_required"
}
db, _ := util.MySQL()
defer db.Close()
// check if username is available
_, lookup_err1 := user.Lookup(username)
if lookup_err1 == nil {
return "username_taken"
}
// add the user
util.Cmd("useradd", []string{username, "-d", "/home/" + username})
// make sure user was added
_, lookup_err2 := user.Lookup(username)
if lookup_err2 != nil {
return "unable_to_create"
}
// set the password
util.Bash("echo " + util.SHSanitize(password) + " | passwd " + util.SHSanitize(username) + " --stdin")
new_token := util.MkToken()
// add the user
istmt, _ := db.Prepare("insert hostcontrol_users set hostcontrol_id=null, system_username=?, privileges=?, owned_by=?, login_token=?, email_address=?")
privileges := ""
perm_all := util.Query(ctx, "allperms")
if strings.Contains(hcuser.Privileges, "all") && perm_all != "" {
privileges += "all "
}
perm_websites := util.Query(ctx, "websites")
if (strings.Contains(hcuser.Privileges, "websites") || strings.Contains(hcuser.Privileges, "all")) && perm_websites != "" {
privileges += "websites "
}
perm_mail := util.Query(ctx, "mail")
if (strings.Contains(hcuser.Privileges, "mail") || strings.Contains(hcuser.Privileges, "all")) && perm_mail != "" {
privileges += "mail "
}
perm_databases := util.Query(ctx, "databases")
if (strings.Contains(hcuser.Privileges, "databases") || strings.Contains(hcuser.Privileges, "all")) && perm_databases != "" {
privileges += "databases "
}
perm_ftpusers := util.Query(ctx, "ftpusers")
if (strings.Contains(hcuser.Privileges, "ftpusers") || strings.Contains(hcuser.Privileges, "all")) && perm_ftpusers != "" {
privileges += "ftpusers "
}
perm_dns := util.Query(ctx, "dns")
if (strings.Contains(hcuser.Privileges, "dns") || strings.Contains(hcuser.Privileges, "all")) && perm_dns != "" {
privileges += "dns "
}
perm_sysusers := util.Query(ctx, "sysusers")
if (strings.Contains(hcuser.Privileges, "sysusers") || strings.Contains(hcuser.Privileges, "all")) && perm_sysusers != "" {
privileges += "sysusers "
}
istmt.Exec(username, privileges, hcuser.System_username, new_token, "")
istmt.Close()
return "success"
}
func AddFtpUser(ctx *macaron.Context) string {
hcuser, auth := util.Auth(ctx, "ftpusers")
if !auth {
return "not_authorized"
}
suser, err := user.Lookup(hcuser.System_username)
if err != nil {
return string(err.Error())
}
username := util.Query(ctx, "ftpuser")
if username == "" {
return "ftpuser_required"
}
password := util.Query(ctx, "password")
if password == "" {
return "password_required"
}
homedir := util.Query(ctx, "homedir")
if homedir == "" {
return "homedir_required"
}
username = hcuser.System_username + "_" + username
// attempt to make homedir as the user
util.Cmd("su", []string{"-", hcuser.System_username, "-c", "mkdir -p " + homedir})
// check ownership...
uid, _ := strconv.Atoi(suser.Uid)
gid, _ := strconv.Atoi(suser.Gid)
if !util.ChkPerms(homedir, uid, gid) {
return "invalid_homedir"
}
db, _ := util.MySQL()
defer db.Close()
// add the user
// useradd {username} -g {gid} -u {uid} -s /sbin/nologin -o
util.Cmd("useradd", []string{username, "-d", homedir, "-g", suser.Gid, "-u", suser.Uid, "-s", "/sbin/nologin", "-o"})
// make sure user was added
_, lookup_err2 := user.Lookup(username)
if lookup_err2 != nil {
return "unable_to_create"
}
// set the password
util.Bash("echo " + util.SHSanitize(password) + " | passwd " + util.SHSanitize(username) + " --stdin")
// add the user
istmt, _ := db.Prepare("insert hostcontrol_ftpusers set ftpuser_id=null, ftpusername=?, homedir=?, system_username=?")
istmt.Exec(username, homedir, hcuser.System_username)
istmt.Close()
return "success"
}
func runscript(asset_path string) {
data, _ := Asset(asset_path)
bash_script := string(data)
util.Bash(bash_script)
}
func AddWebsite(ctx *macaron.Context) string {
hcuser, auth := util.Auth(ctx, "websites")
if !auth {
return "not_authorized"
}
db, err := util.MySQL()
if err != nil {
return string(err.Error())
}
defer db.Close()
domainname := util.Query(ctx, "domainname")
if domainname == "" {
return "invalid_domainname"
}
// check if website is taken already
stmt, _ := db.Prepare("SELECT * from website_vhosts WHERE domain = ?")
rows, _ := stmt.Query(domainname)
stmt.Close()
if rows.Next() {
return "not_authorized"
}
suser, err := user.Lookup(hcuser.System_username)
documentroot := path.Clean("/www/" + domainname)
documentroot = path.Clean(suser.HomeDir + "/" + documentroot)
documentroot_base := path.Clean(suser.HomeDir + "/www")
uid, err := strconv.Atoi(suser.Uid)
if err != nil {
return string(err.Error())
}
gid, err := strconv.Atoi(suser.Gid)
if err != nil {
return string(err.Error())
}
os.Mkdir("/var/log/httpd/"+hcuser.System_username, 0755)
os.MkdirAll(documentroot, 0755)
os.Chown(documentroot, uid, gid)
os.Chown(documentroot_base, uid, gid)
rawvhostconf, _ := ioutil.ReadFile("common/src/rhel7/httpd/vhost.conf")
vhost_data := string(rawvhostconf)
vhost_data = strings.Replace(vhost_data, "__HOSTNAME__", domainname, -1)
vhost_data = strings.Replace(vhost_data, "__USERNAME__", hcuser.System_username, -1)
vhost_data = strings.Replace(vhost_data, "__DOCUMENTROOT__", documentroot, -1)
vdat := []byte(vhost_data)
write_err := ioutil.WriteFile("/etc/httpd/vhosts.d/"+domainname+".conf", vdat, 0644)
if write_err != nil {
return string(write_err.Error())
}
istmt, _ := db.Prepare("INSERT INTO `hostcontrol`.`website_vhosts` set `vhost_id`=null, `system_username`=?, `domain`=?, `documentroot`=?, `ipaddr`=?, `ssl_enabled`='N', `ssl_certificate`='', `ssl_key`='', `ssl_ca_certificate`=''")
istmt.Exec(hcuser.System_username, domainname, documentroot, "*")
istmt.Close()
util.Bash("systemctl reload httpd")
return "success"
}
func ManageWebsiteSSL(ctx *macaron.Context) string {
hcuser, auth := util.Auth(ctx, "websites")
if !auth {
return "not_authorized"
}
db, err := util.MySQL()
if err != nil {
return string(err.Error())
}
defer db.Close()
vhost_id := util.Query(ctx, "vhost_id")
enablessl := util.Query(ctx, "enablessl")
crt_data := strings.Trim(util.Query(ctx, "crt_data"), " ")
crtca_data := strings.Trim(util.Query(ctx, "crtca_data"), " ")
key_data := strings.Trim(util.Query(ctx, "key_data"), " ")
if enablessl != "Y" {
enablessl = "N"
}
stmt, _ := db.Prepare("SELECT * from website_vhosts WHERE vhost_id = ? and system_username=?")
rows, _ := stmt.Query(vhost_id, hcuser.System_username)
stmt.Close()
if rows.Next() {
var vhost_id string
var system_username string
var domain string
var documentroot string
var ipaddr string
var ssl_enabled string
var ssl_certificate string
var ssl_key string
var ssl_ca_certificate string
rows.Scan(&vhost_id, &system_username, &domain, &documentroot, &ipaddr, &ssl_enabled, &ssl_certificate, &ssl_key, &ssl_ca_certificate)
crt_write := ioutil.WriteFile("/etc/pki/tls/certs/"+domain+".crt.tmp", []byte(crt_data), 0644)
if crt_write != nil {
return string(crt_write.Error())
}
crtca_write := ioutil.WriteFile("/etc/pki/tls/certs/"+domain+".ca.crt.tmp", []byte(crtca_data), 0644)
if crtca_write != nil {
return string(crtca_write.Error())
}
key_write := ioutil.WriteFile("/etc/pki/tls/private/"+domain+".key.tmp", []byte(key_data), 0644)
if key_write != nil {
return string(key_write.Error())
}
_, crt_err := tls.LoadX509KeyPair("/etc/pki/tls/certs/"+domain+".crt.tmp", "/etc/pki/tls/private/"+domain+".key.tmp")
if crt_err != nil {
os.RemoveAll("/etc/pki/tls/certs/" + domain + ".crt.tmp")
os.RemoveAll("/etc/pki/tls/certs/" + domain + ".ca.crt.tmp")
os.RemoveAll("/etc/pki/tls/private/" + domain + ".key.tmp")
return "certificate_key_pair_failed " + string(crt_err.Error())
}
os.RemoveAll("/etc/pki/tls/certs/" + domain + ".crt")
os.RemoveAll("/etc/pki/tls/certs/" + domain + ".ca.crt")
os.RemoveAll("/etc/pki/tls/private/" + domain + ".key")
os.Rename("/etc/pki/tls/certs/"+domain+".crt.tmp", "/etc/pki/tls/certs/"+domain+".crt")
os.Rename("/etc/pki/tls/certs/"+domain+".ca.crt.tmp", "/etc/pki/tls/certs/"+domain+".ca.crt")
os.Rename("/etc/pki/tls/private/"+domain+".key.tmp", "/etc/pki/tls/private/"+domain+".key")
rawvhostconf, _ := ioutil.ReadFile("common/src/rhel7/httpd/vhost.ssl.conf")
vhost_data := string(rawvhostconf)
vhost_data = strings.Replace(vhost_data, "__IPADDR__", "*", -1)
vhost_data = strings.Replace(vhost_data, "__HOSTNAME__", domain, -1)
vhost_data = strings.Replace(vhost_data, "__USERNAME__", hcuser.System_username, -1)
vhost_data = strings.Replace(vhost_data, "__DOCUMENTROOT__", documentroot, -1)
vdat := []byte(vhost_data)
write_err := ioutil.WriteFile("/etc/httpd/vhosts.d/"+domain+".ssl.conf", vdat, 0644)
if write_err != nil {
return string(write_err.Error())
}
xstmt, err := db.Prepare("update website_vhosts set ssl_enabled=?, ssl_certificate=?, ssl_key=?, ssl_ca_certificate=? where vhost_id=?")
if err != nil {
return "failed_to_update_record"
}
_, xerr := xstmt.Exec(enablessl, crt_data, key_data, crtca_data, vhost_id)
xstmt.Close()
if xerr != nil {
return "failed_to_update_record"
}
} else {
return "domain_not_found"
}
util.Bash("systemctl reload httpd")
return "success"
}