Exemple #1
0
func DnsDeleteDomain(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "dns")

	if !auth {
		return "not_authorized"
	}

	domain := util.Query(ctx, "domain")

	if domain == "" {
		return "domain_required"
	}

	db, _ := util.MySQL()
	defer db.Close()

	xstmt, _ := db.Prepare("DELETE FROM `hostcontrol`.`domains` where `name`=? and `account`=?")

	_, err := xstmt.Exec(domain, hcuser.System_username)
	xstmt.Close()

	if err != nil {
		return "failed_to_delete_domain"
	}

	return "success"
}
// This will return RHEL7 for the server API test. Note that all functions need to be prefixed with DISTRO TAG.
func SqlDatabasesList(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "databases")

	if !auth {
		return "not_authorized"
	}

	db, _ := util.MySQL()
	defer db.Close()

	rows, err := db.Query("show databases like '" + hcuser.System_username + "\\_%'")
	if err != nil {
		return "bad_characters_used "
	}

	var data []string

	for rows.Next() {
		var db_name string

		rows.Scan(&db_name)

		data = append(data, db_name)
	}

	output, err := json.Marshal(data)
	if err != nil {
		return "json_out_failed: " + string(err.Error())
	}

	return string(output)
}
Exemple #3
0
func logout(ctx *macaron.Context) string {
	var tpl vision.New
	tpl.TemplateFile("template/login.tpl")

	user, auth := util.Auth(ctx, "any")

	if user.Sudo {
		ctx.SetCookie("sudo", "", -1)
		set_error("No longer logged in as "+user.System_username+".", ctx)
		ctx.Redirect("/dashboard", 302)
		return "success"
	}

	if auth {
		new_token := util.MkToken()
		db, _ := util.MySQL()
		defer db.Close()

		ustmt, _ := db.Prepare("update hostcontrol_users set login_token=? where system_username=?")
		ustmt.Exec(new_token, user.System_username)
		ustmt.Close()
	}

	ctx.SetCookie("hostcontrol_id", "", -1)
	ctx.SetCookie("login_token", "", -1)

	tpl.Parse("login")
	tpl.Parse("login/logged_out")
	return tpl.Out()

}
func SqlDatabasesAdd(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "databases")

	if !auth {
		return "not_authorized"
	}

	db_name := util.Query(ctx, "db_name")

	if db_name == "" {
		return "db_name_required"
	}

	db, _ := util.MySQL()
	defer db.Close()

	//    stmt, _ := db.Prepare("CREATE USER ?@'%' IDENTIFIED BY ?;")
	//    _, err := stmt.Exec(hcuser.System_username + "_" + username, password)
	db_name = util.LastResortSanitize(db_name)
	db_name = string(hcuser.System_username + "_" + db_name)

	stmt, err := db.Prepare("create database " + db_name + "")
	if err != nil {
		return "bad_characters_used "
	}
	_, err = stmt.Exec()
	if err != nil {
		return "failed_to_create_database"
	}
	stmt.Close()

	return "success"
}
Exemple #5
0
func FtpEditUser(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "ftpusers")
	if !auth {
		return "not_authorized"
	}

	username := util.Query(ctx, "username")
	password := util.Query(ctx, "password")

	db, _ := util.MySQL()
	defer db.Close()

	// check if user owns domain
	dstmt, _ := db.Prepare("SELECT * FROM `hostcontrol_ftpusers` WHERE `ftpusername`=? and `system_username`=?")
	row1, _ := dstmt.Query(username, hcuser.System_username)
	defer dstmt.Close()
	if !row1.Next() {
		return "user_not_found"
	}

	// set the password
	util.Bash("echo " + util.SHSanitize(password) + " | passwd " + util.SHSanitize(username) + " --stdin")

	return "success"
}
Exemple #6
0
func MailAddDomain(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "mail")

	if !auth {
		return "not_authorized"
	}

	domain := util.Query(ctx, "domain")

	if domain == "" {
		return "domain_required"
	}

	db, _ := util.MySQL()
	defer db.Close()

	xstmt, _ := db.Prepare("INSERT INTO `hostcontrol`.`mail_domains` set `domain_id`=NULL, `domain`=?, `system_username`=?")

	_, err := xstmt.Exec(domain, hcuser.System_username)
	xstmt.Close()

	if err != nil {
		return "failed_to_create_domain"
	}

	return "success"
}
Exemple #7
0
func MailDeleteDomain(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "mail")

	if !auth {
		return "not_authorized"
	}

	domain := util.Query(ctx, "domain")

	if domain == "" {
		return "domain_required"
	}

	db, _ := util.MySQL()
	defer db.Close()

	xstmt, _ := db.Prepare("DELETE FROM `hostcontrol`.`mail_domains` WHERE `domain`=? AND `system_username`=?")

	_, err := xstmt.Exec(domain, hcuser.System_username)
	xstmt.Close()

	if err != nil {
		return "failed_to_delete_domain"
	}

	os.RemoveAll("/home/vmail/" + domain)

	return "success"
}
Exemple #8
0
func addtoken(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "any")
	if !auth {
		ctx.Redirect("/", 302)
		return ""
	}

	description := util.Query(ctx, "description")
	token := util.MkToken()

	db, _ := util.MySQL()
	defer db.Close()

	xstmt, _ := db.Prepare("INSERT INTO `hostcontrol`.`hostcontrol_user_tokens` set `token`=?, `hostcontrol_id`=?, `description`=?, token_id=null")
	_, err := xstmt.Exec(token, hcuser.Hostcontrol_id, description)
	xstmt.Close()

	if err != nil {
		set_error("Failed to create new token.", ctx)
		ctx.Redirect("/settings", 302)
		return "Failed to create new token."
	}

	set_error("Created new token.", ctx)
	ctx.Redirect("/settings", 302)

	return ""
}
Exemple #9
0
func SqlUsersList(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "databases")

	if !auth {
		return "not_authorized"
	}

	db, _ := util.MySQL()
	defer db.Close()

	stmt, _ := db.Prepare("select DISTINCT user from mysql.user where user like concat(?,'_%')")
	rows, err := stmt.Query(hcuser.System_username)
	if err != nil {
		return "failed_user_select_query" + string(err.Error())
	}
	stmt.Close()

	var data []string

	for rows.Next() {
		var db_user string

		rows.Scan(&db_user)

		data = append(data, db_user)
	}

	output, err := json.Marshal(data)
	if err != nil {
		return "json_out_failed: " + string(err.Error())
	}

	return string(output)
}
Exemple #10
0
func DeleteWebsite(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "websites")
	if !auth {
		return "not_authorized"
	}

	db, err := util.MySQL()
	if err != nil {
		return string(err.Error())
	}
	defer db.Close()

	vhost_id := util.Query(ctx, "vhost_id")

	stmt, _ := db.Prepare("SELECT * from website_vhosts WHERE vhost_id = ? and system_username=?")
	rows, _ := stmt.Query(vhost_id, hcuser.System_username)
	stmt.Close()

	if rows.Next() {
		var vhost_id string
		var system_username string
		var domain string
		var documentroot string
		var ipaddr string
		var ssl_enabled string
		var ssl_certificate string
		var ssl_key string
		var ssl_ca_certificate string

		rows.Scan(&vhost_id, &system_username, &domain, &documentroot, &ipaddr, &ssl_enabled, &ssl_certificate, &ssl_key, &ssl_ca_certificate)

		os.RemoveAll("/var/log/httpd/" + hcuser.System_username + "/" + domain + "-error_log")
		os.RemoveAll("/var/log/httpd/" + hcuser.System_username + "/" + domain + "-access_log")
		os.RemoveAll("/var/log/httpd/" + hcuser.System_username + "/" + domain + "-ssl-error_log")
		os.RemoveAll("/var/log/httpd/" + hcuser.System_username + "/" + domain + "-ssl-access_log")
		os.RemoveAll("/etc/pki/tls/certs/" + domain + ".crt")
		os.RemoveAll("/etc/pki/tls/certs/" + domain + ".ca.crt")
		os.RemoveAll("/etc/pki/tls/private/" + domain + ".key")
		os.RemoveAll("/etc/httpd/vhosts.d/" + domain + ".conf")
		os.RemoveAll("/etc/httpd/vhosts.d/" + domain + ".ssl.conf")
		stmt, _ = db.Prepare("delete from website_vhosts where vhost_id=?")
		stmt.Exec(vhost_id)
		stmt.Close()

	} else {
		return "domain_not_found"
	}

	util.Bash("systemctl reload httpd")
	return "success"
}
Exemple #11
0
func Deleteuser(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "sysusers")
	if !auth {
		return "not_authorized"
	}

	username := util.Query(ctx, "username")

	if username == "" || username == "root" {
		return "username_required"
	}

	db, _ := util.MySQL()
	defer db.Close()

	// check if user actually owns child
	if !util.ChkPaternity(hcuser.System_username, username) {
		return "failed_ownership_check"
	}

	users := make(map[string]map[string]string)
	users = util.Getusers(username, users, db)
	for _, subuser := range users {
		cleanupuserdata(subuser["system_username"], ctx)
		// delete the user and homedir
		util.Cmd("userdel", []string{subuser["system_username"], "-f", "-r"})
		// remove the user
		stmt, _ := db.Prepare("delete from hostcontrol_users where system_username=?")
		stmt.Exec(subuser["system_username"])
		stmt.Close()

	}

	cleanupuserdata(username, ctx)

	// delete the user and homedir
	util.Cmd("userdel", []string{username, "-f", "-r"})

	// make sure user was delete
	_, lookup_err2 := user.Lookup(username)
	if lookup_err2 == nil {
		return "failed_to_delete_user"
	}

	// remove the user
	stmt, _ := db.Prepare("delete from hostcontrol_users where system_username=?")
	stmt.Exec(username)
	stmt.Close()

	return "success"
}
Exemple #12
0
func MailAddUser(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "mail")

	if !auth {
		return "not_authorized"
	}

	domain := util.Query(ctx, "domain")
	if domain == "" {
		return "domain_required"
	}
	username := util.Query(ctx, "username")
	if username == "" {
		return "username_required"
	}
	password := util.Query(ctx, "password")
	if password == "" {
		return "password_required"
	}

	email_address := username + "@" + domain

	db, _ := util.MySQL()
	defer db.Close()

	// check if user owns domain
	dstmt, _ := db.Prepare("SELECT * FROM `hostcontrol`.`mail_domains` WHERE `domain`=? and `system_username`=?")
	row1, _ := dstmt.Query(domain, hcuser.System_username)
	defer dstmt.Close()
	if !row1.Next() {
		return "domain_not_found"
	}

	// make sure email address does not already exist
	estmt, _ := db.Prepare("SELECT * FROM `hostcontrol`.`mail_users` WHERE email=? and domain=?")
	row2, _ := estmt.Query(email_address, domain)
	defer estmt.Close()
	if row2.Next() {
		return "email_account_exists"
	}

	xstmt, _ := db.Prepare("INSERT INTO `hostcontrol`.`mail_users` set `email`=?, `password`=ENCRYPT(?), `domain`=?")
	_, err := xstmt.Exec(email_address, password, domain)
	xstmt.Close()

	if err != nil {
		return "failed_to_create_domain"
	}

	return "success"
}
Exemple #13
0
func ListWebsites(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "websites")

	if !auth {
		return "not_authorized"
	}

	db, err := util.MySQL()
	defer db.Close()

	stmt, _ := db.Prepare("SELECT * from website_vhosts WHERE system_username = ?")
	rows, _ := stmt.Query(hcuser.System_username)
	stmt.Close()

	data := make(map[string]map[string]string)

	for rows.Next() {
		var vhost_id string
		var system_username string
		var domain string
		var documentroot string
		var ipaddr string
		var ssl_enabled string
		var ssl_certificate string
		var ssl_key string
		var ssl_ca_certificate string

		rows.Scan(&vhost_id, &system_username, &domain, &documentroot, &ipaddr, &ssl_enabled, &ssl_certificate, &ssl_key, &ssl_ca_certificate)

		data[domain] = make(map[string]string)
		data[domain]["vhost_id"] = vhost_id
		data[domain]["system_username"] = system_username
		data[domain]["domain"] = domain
		data[domain]["documentroot"] = documentroot
		data[domain]["ipaddr"] = ipaddr
		data[domain]["ssl_enabled"] = ssl_enabled
		data[domain]["ssl_certificate"] = ssl_certificate
		data[domain]["ssl_key"] = ssl_key
		data[domain]["ssl_ca_certificate"] = ssl_ca_certificate
	}

	output, err := json.Marshal(data)
	if err != nil {
		return "json_out_failed: " + string(err.Error())
	}

	return string(output)
}
Exemple #14
0
// This will return RHEL7 for the server API test. Note that all functions need to be prefixed with DISTRO TAG.
func SqlGrantsList(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "databases")

	if !auth {
		return "not_authorized"
	}

	db_name := util.Query(ctx, "db_name")

	if db_name == "" {
		return "db_name_required"
	}

	owner := strings.Split(db_name, "_")[0]

	if owner != hcuser.System_username {
		return "failed_not_yours"
	}

	db, _ := util.MySQL()
	defer db.Close()

	stmt, _ := db.Prepare("select user from mysql.db where db=?")
	rows, err := stmt.Query(db_name)
	if err != nil {
		return "bad_characters_used "
	}
	stmt.Close()
	var data []string

	for rows.Next() {
		var db_user string

		rows.Scan(&db_user)

		data = append(data, db_user)
	}

	output, err := json.Marshal(data)
	if err != nil {
		return "json_out_failed: " + string(err.Error())
	}

	return string(output)
}
Exemple #15
0
func MailList(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "mail")

	if !auth {
		return "not_authorized"
	}

	db, _ := util.MySQL()
	defer db.Close()

	stmt, _ := db.Prepare("SELECT mail_domains.domain, email_id, email FROM mail_domains LEFT JOIN mail_users ON mail_users.domain=mail_domains.domain WHERE `system_username`=?")
	rows, _ := stmt.Query(hcuser.System_username)
	stmt.Close()

	// map[domain]map[email_id]map[key]value
	data := make(map[string]map[string]map[string]string)
	for rows.Next() {
		var email_id string
		var email string
		var domain string

		rows.Scan(&domain, &email_id, &email)
		if _, ok := data[domain]; !ok {
			data[domain] = make(map[string]map[string]string)
		}

		// some logic for if it's empty or not...
		if email_id != "" && email != "" {
			data[domain][email_id] = make(map[string]string)
			data[domain][email_id]["email_id"] = email_id
			data[domain][email_id]["email"] = email
		}

		data[domain]["placebo"] = make(map[string]string)
		data[domain]["placebo"]["placebo"] = "placebo"

	}

	output, err := json.Marshal(data)
	if err != nil {
		return "json_out_failed: " + string(err.Error())
	}
	return string(output)
}
Exemple #16
0
func MailEditUser(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "mail")

	if !auth {
		return "not_authorized"
	}

	email_address := util.Query(ctx, "email")
	if email_address == "" {
		return "email_required"
	}
	password := util.Query(ctx, "password")
	if email_address == "" {
		return "password_required"
	}

	strsplt := strings.Split(email_address, "@")
	if len(strsplt) != 2 {
		return "invalid_email"
	}

	//username := strsplt[0]
	domain := strsplt[1]

	db, _ := util.MySQL()
	defer db.Close()

	// check if user owns domain
	dstmt, _ := db.Prepare("SELECT * FROM `hostcontrol`.`mail_domains` WHERE `domain`=? and `system_username`=?")
	row1, _ := dstmt.Query(domain, hcuser.System_username)
	defer dstmt.Close()
	if !row1.Next() {
		return "domain_not_found"
	}

	// update serial for domain
	ustmt, _ := db.Prepare("UPDATE `hostcontrol`.`mail_users` SET `password`=ENCRYPT(?) WHERE `email`=?")
	ustmt.Exec(password, email_address)
	ustmt.Close()

	return "success"
}
Exemple #17
0
func Listusers(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "sysusers")

	if !auth {
		return "not_authorized"
	}

	db, _ := util.MySQL()
	defer db.Close()

	data := make(map[string]map[string]string)
	data = util.Getusers(hcuser.System_username, data, db)

	output, err := json.Marshal(data)
	if err != nil {
		return "json_out_failed: " + string(err.Error())
	}

	return string(output)
}
Exemple #18
0
func deletetoken(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "any")
	if !auth {
		ctx.Redirect("/", 302)
		return ""
	}

	token := util.Query(ctx, "token")

	db, _ := util.MySQL()
	defer db.Close()

	ustmt, _ := db.Prepare("DELETE FROM `hostcontrol`.`hostcontrol_user_tokens` WHERE `token`=? and hostcontrol_id=?")
	ustmt.Exec(token, hcuser.Hostcontrol_id)
	ustmt.Close()

	set_error("Token deleted.", ctx)
	ctx.Redirect("/settings", 302)

	return ""
}
Exemple #19
0
func MailUserDelete(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "mail")

	if !auth {
		return "not_authorized"
	}

	email_address := util.Query(ctx, "email")
	if email_address == "" {
		return "email_required"
	}

	strsplt := strings.Split(email_address, "@")
	if len(strsplt) != 2 {
		return "invalid_email"
	}

	username := strsplt[0]
	domain := strsplt[1]

	db, _ := util.MySQL()
	defer db.Close()

	// check if user owns domain
	dstmt, _ := db.Prepare("SELECT * FROM `hostcontrol`.`mail_domains` WHERE `domain`=? and `system_username`=?")
	row1, _ := dstmt.Query(domain, hcuser.System_username)
	defer dstmt.Close()
	if !row1.Next() {
		return "domain_not_found"
	}

	os.RemoveAll("/home/vmail/" + domain + "/" + username)

	// update serial for domain
	ustmt, _ := db.Prepare("DELETE FROM `hostcontrol`.`mail_users` WHERE `email`=?")
	ustmt.Exec(email_address)
	ustmt.Close()

	return "success"
}
Exemple #20
0
func DnsAddDomain(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "dns")

	if !auth {
		return "not_authorized"
	}
	timestamp := strconv.FormatInt(time.Now().Unix(), 10)

	domain := util.Query(ctx, "domain")

	if domain == "" {
		return "domain_required"
	}

	db, err := util.MySQL()
	defer db.Close()

	xstmt, _ := db.Prepare("INSERT INTO `hostcontrol`.`domains` set `id`=NULL, `name`=?, `master`=NULL, `last_check`=NULL, `type`='NATIVE', `notified_serial`=?, `account`=?")

	res, err := xstmt.Exec(domain, timestamp, hcuser.System_username)
	xstmt.Close()

	if err != nil {
		return "failed_to_create_domain"
	}

	inserted_id, err := res.LastInsertId()
	if err != nil {
		return "failed_to_create_domain"
	}

	ystmt, _ := db.Prepare("INSERT INTO `hostcontrol`.`records` set `id`=NULL, `domain_id`=?, `name`=?, `type`='SOA', `content`=?, `ttl`='86400', `prio`='0', `change_date`=?, `disabled`='0', `ordername`='0', `auth`='1'")
	_, yerr := ystmt.Exec(inserted_id, domain, "localhost webmaster@localhost 1", timestamp)
	ystmt.Close()
	if yerr != nil {
		return "failed_to_create_soa"
	}

	return "success"
}
Exemple #21
0
func FtpDeleteuser(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "ftpusers")
	if !auth {
		return "not_authorized"
	}

	username := util.Query(ctx, "ftpuser")

	if username == "" || username == "root" {
		return "ftpuser_required"
	}

	db, _ := util.MySQL()
	defer db.Close()

	// check if user owns domain
	dstmt, _ := db.Prepare("SELECT * FROM `hostcontrol_ftpusers` WHERE `ftpusername`=? and `system_username`=?")
	row1, _ := dstmt.Query(username, hcuser.System_username)
	defer dstmt.Close()
	if !row1.Next() {
		return "user_not_found"
	}

	// remove the user
	stmt, _ := db.Prepare("delete from hostcontrol_ftpusers where ftpusername=? and system_username=?")
	stmt.Exec(username, hcuser.System_username)
	stmt.Close()

	// delete the user and homedir
	util.Cmd("userdel", []string{username, "-f"})

	// make sure user was delete
	_, lookup_err2 := user.Lookup(username)
	if lookup_err2 == nil {
		return "failed_to_delete_user"
	}

	return "success"
}
Exemple #22
0
func SqlGrantsDelete(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "databases")

	if !auth {
		return "not_authorized"
	}

	db_name := util.Query(ctx, "db_name")

	if db_name == "" {
		return "db_name_required"
	}

	username := util.Query(ctx, "db_user")

	if username == "" {
		return "username_required"
	}

	dbowner := strings.Split(db_name, "_")[0]
	userowner := strings.Split(username, "_")[0]

	if dbowner != hcuser.System_username || userowner != hcuser.System_username {
		return "failed_not_yours"
	}

	db, _ := util.MySQL()
	defer db.Close()

	db_name = util.LastResortSanitize(db_name)
	username = util.LastResortSanitize(username)

	_, err := db.Exec("REVOKE ALL ON " + db_name + ".* FROM '" + username + "'@'%';")
	if err != nil {

		return "failed_to_delete_grant"
	}
	return "success"
}
Exemple #23
0
func FtpList(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "ftpusers")

	if !auth {
		return "not_authorized"
	}

	db, _ := util.MySQL()
	defer db.Close()

	data := make(map[string]map[string]string)

	stmt, _ := db.Prepare("SELECT * from hostcontrol_ftpusers WHERE system_username = ?")
	rows, _ := stmt.Query(hcuser.System_username)
	stmt.Close()

	for rows.Next() {
		var ftpuser_id string
		var ftpusername string
		var homedir string
		var system_username string

		rows.Scan(&ftpuser_id, &ftpusername, &homedir, &system_username)

		data[ftpuser_id] = make(map[string]string)
		data[ftpuser_id]["id"] = ftpuser_id
		data[ftpuser_id]["username"] = ftpusername
		data[ftpuser_id]["homedir"] = homedir
	}

	output, err := json.Marshal(data)
	if err != nil {
		return "json_out_failed: " + string(err.Error())
	}

	return string(output)

}
Exemple #24
0
func DnsDeleteRecord(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "dns")

	if !auth {
		return "not_authorized"
	}

	record_id := util.Query(ctx, "record_id")

	if record_id == "" {
		return "record_id_required"
	}

	db, _ := util.MySQL()
	defer db.Close()

	// confirm user owns record
	stmt, _ := db.Prepare("SELECT * FROM records LEFT JOIN domains ON records.domain_id=domains.id WHERE `records`.`id`=? and `account`=?")
	rows, _ := stmt.Query(record_id, hcuser.System_username)
	stmt.Close()

	if !rows.Next() {
		return "record_lookup_failed"
	}

	xstmt, err := db.Prepare("DELETE FROM `hostcontrol`.`records` where `id`=?")
	if err != nil {
		return "failed_to_delete_record" + string(err.Error())
	}
	_, xerr := xstmt.Exec(record_id)
	xstmt.Close()

	if xerr != nil {
		return "failed_to_delete_record"
	}

	return "success"
}
Exemple #25
0
func settings(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "any")
	if !auth {
		ctx.Redirect("/", 302)
		return ""
	}

	var tpl vision.New
	tpl.TemplateFile("template/settings.tpl")
	tpl.Assign("username", hcuser.System_username)
	tpl.Parse("settings")

	db, _ := util.MySQL()
	defer db.Close()

	// tokens
	stmt, _ := db.Prepare("select * from hostcontrol_user_tokens where hostcontrol_id=?")
	rows, _ := stmt.Query(hcuser.Hostcontrol_id)
	stmt.Close()

	for rows.Next() {
		var token string
		var hostcontrol_id string
		var description string
		var token_id string

		rows.Scan(&token, &hostcontrol_id, &description, &token_id)

		tpl.Assign("raw_token", token)
		tpl.Assign("token", hostcontrol_id+"/"+token)
		tpl.Assign("description", description)

		tpl.Parse("settings/token")
	}

	return header(ctx) + tpl.Out() + footer(ctx)
}
Exemple #26
0
func SqlUsersDelete(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "databases")

	if !auth {
		return "not_authorized"
	}

	username := util.Query(ctx, "db_user")

	if username == "" {
		return "username_required"
	}

	owner := strings.Split(username, "_")[0]

	if owner != hcuser.System_username {
		return "failed_not_yours"
	}

	db, _ := util.MySQL()
	defer db.Close()

	db_user := util.LastResortSanitize(username)
	//password = strings.Replace(password, "'", "\\'", -1)

	stmt, err := db.Prepare("DROP USER '" + db_user + "'")
	if err != nil {
		return "bad_characters_used"
	}
	_, err = stmt.Exec()
	if err != nil {
		return "failed_to_delete_user"
	}
	stmt.Close()

	return "success"
}
Exemple #27
0
func SqlUsersEdit(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "databases")

	if !auth {
		return "not_authorized"
	}

	username := util.Query(ctx, "db_user")
	password := util.Query(ctx, "password")
	owner := strings.Split(username, "_")[0]

	if username == "" {
		return "db_user_required"
	}

	if password == "" {
		return "password_required"
	}

	if owner != hcuser.System_username {
		return "failed_not_yours"
	}

	db, _ := util.MySQL()
	defer db.Close()

	db_user := util.LastResortSanitize(username)
	password = util.LastResortSanitize(password)

	_, err := db.Exec("SET PASSWORD FOR '" + db_user + "' = PASSWORD('" + password + "');")
	if err != nil {
		return "bad_characters_used "
	}

	return "success"
}
Exemple #28
0
func Adduser(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "sysusers")
	if !auth {
		return "not_authorized"
	}

	username := util.Query(ctx, "username")
	password := util.Query(ctx, "password")

	if username == "" || username == "root" {
		return "username_required"
	}

	if password == "" {
		return "password_required"
	}

	db, _ := util.MySQL()
	defer db.Close()

	// check if username is available
	_, lookup_err1 := user.Lookup(username)
	if lookup_err1 == nil {
		return "username_taken"
	}

	// add the user
	util.Cmd("useradd", []string{username, "-d", "/home/" + username})

	// make sure user was added
	_, lookup_err2 := user.Lookup(username)
	if lookup_err2 != nil {
		return "unable_to_create"
	}

	// set the password
	util.Bash("echo " + util.SHSanitize(password) + " | passwd " + util.SHSanitize(username) + " --stdin")

	new_token := util.MkToken()

	// add the user
	istmt, _ := db.Prepare("insert hostcontrol_users set hostcontrol_id=null, system_username=?, privileges=?, owned_by=?, login_token=?, email_address=?")

	privileges := ""

	perm_all := util.Query(ctx, "allperms")
	if strings.Contains(hcuser.Privileges, "all") && perm_all != "" {
		privileges += "all "
	}
	perm_websites := util.Query(ctx, "websites")
	if (strings.Contains(hcuser.Privileges, "websites") || strings.Contains(hcuser.Privileges, "all")) && perm_websites != "" {
		privileges += "websites "
	}
	perm_mail := util.Query(ctx, "mail")
	if (strings.Contains(hcuser.Privileges, "mail") || strings.Contains(hcuser.Privileges, "all")) && perm_mail != "" {
		privileges += "mail "
	}
	perm_databases := util.Query(ctx, "databases")
	if (strings.Contains(hcuser.Privileges, "databases") || strings.Contains(hcuser.Privileges, "all")) && perm_databases != "" {
		privileges += "databases "
	}
	perm_ftpusers := util.Query(ctx, "ftpusers")
	if (strings.Contains(hcuser.Privileges, "ftpusers") || strings.Contains(hcuser.Privileges, "all")) && perm_ftpusers != "" {
		privileges += "ftpusers "
	}
	perm_dns := util.Query(ctx, "dns")
	if (strings.Contains(hcuser.Privileges, "dns") || strings.Contains(hcuser.Privileges, "all")) && perm_dns != "" {
		privileges += "dns "
	}
	perm_sysusers := util.Query(ctx, "sysusers")
	if (strings.Contains(hcuser.Privileges, "sysusers") || strings.Contains(hcuser.Privileges, "all")) && perm_sysusers != "" {
		privileges += "sysusers "
	}

	istmt.Exec(username, privileges, hcuser.System_username, new_token, "")
	istmt.Close()

	return "success"
}
Exemple #29
0
func DnsAddRecord(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "dns")

	if !auth {
		return "not_authorized"
	}
	timestamp := strconv.FormatInt(time.Now().Unix(), 10)

	// http://panel.just.ninja/api/dns/record/add?domain=helloworld.com&name=helloworld.com&content=1.2.3.4&type=a&ttl=300&priority=0

	domain := util.Query(ctx, "domain")
	if domain == "" {
		return "domain_required"
	}
	name := util.Query(ctx, "name")
	if name == "" {
		return "name_required"
	}
	content := util.Query(ctx, "content")
	if content == "" {
		return "content_required"
	}
	rtype := util.Query(ctx, "type")
	if rtype == "" {
		return "type_required"
	}
	ttl := util.Query(ctx, "ttl")
	if ttl == "" {
		return "ttl_required"
	}
	priority := util.Query(ctx, "priority")
	if priority == "" {
		return "priority_required"
	}

	db, err := util.MySQL()
	defer db.Close()

	// lookup domain
	stmt, _ := db.Prepare("select * from `hostcontrol`.`domains` where `name`=? and `account`=?")
	row, err := stmt.Query(domain, hcuser.System_username)
	if err != nil {
		return "domain_not_found"
	}
	var domain_id string
	var domain_name string
	var domain_master string
	var domain_last_check string
	var domain_type string
	var domain_notified_serial string
	var domain_account string

	if row.Next() {
		row.Scan(&domain_id, &domain_name, &domain_master, &domain_last_check, &domain_type, &domain_notified_serial, &domain_account)
	} else {
		return "failed_to_find_domain"
	}

	ystmt, _ := db.Prepare("INSERT INTO `hostcontrol`.`records` set `id`=NULL, `domain_id`=?, `name`=?, `type`=?, `content`=?, `ttl`=?, `prio`=?, `change_date`=?, `disabled`='0', `ordername`='0', `auth`='1'")
	_, yerr := ystmt.Exec(domain_id, name, rtype, content, ttl, priority, timestamp)
	ystmt.Close()
	if yerr != nil {
		return "failed_to_create_record"
	}

	// update serial for domain
	ustmt, _ := db.Prepare("UPDATE `hostcontrol`.`domains` SET `notified_serial`=? WHERE `name`=? and `account`=?")
	ustmt.Exec(timestamp, name, hcuser)
	ustmt.Close()

	return "success"
}
Exemple #30
0
func DnsList(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "dns")

	if !auth {
		return "not_authorized"
	}

	db, _ := util.MySQL()
	defer db.Close()
	// alternative by domain: SELECT * FROM domains RIGHT JOIN records ON domains.id=records.domain_id WHERE domains.name=?
	stmt, _ := db.Prepare("SELECT domains.id,domains.name, domains.type, domains.notified_serial, domains.account, records.id, records.domain_id, records.name, records.type, records.content, records.ttl, records.prio, records.change_date, records.disabled, records.ordername, records.auth FROM domains LEFT JOIN records ON records.domain_id=domains.id WHERE `account`=?")
	rows, _ := stmt.Query(hcuser.System_username)
	stmt.Close()

	// map[domain]map[record_id]map[key]value
	data := make(map[string]map[string]map[string]string)
	for rows.Next() {
		var domain_id string
		var domain_name string
		var domain_type string
		var domain_notified_serial string
		var domain_account string
		var record_id string
		var record_domain_id string
		var record_name string
		var record_type string
		var record_content string
		var record_ttl string
		var record_prio string
		var record_change_date string
		var record_disabled string
		var record_ordername string
		var record_auth string

		// if any of these have a NULL returned... we are f****d. -_-
		rows.Scan(&domain_id, &domain_name, &domain_type, &domain_notified_serial, &domain_account, &record_id, &record_domain_id, &record_name, &record_type, &record_content, &record_ttl, &record_prio, &record_change_date, &record_disabled, &record_ordername, &record_auth)

		if _, ok := data[domain_name]; !ok {
			data[domain_name] = make(map[string]map[string]string)
		}

		if record_name != "" {
			data[domain_name][record_id] = make(map[string]string)
			data[domain_name][record_id]["record_id"] = record_id
			data[domain_name][record_id]["record_domain_id"] = record_domain_id
			data[domain_name][record_id]["record_name"] = record_name
			data[domain_name][record_id]["record_type"] = record_type
			data[domain_name][record_id]["record_content"] = record_content
			data[domain_name][record_id]["record_ttl"] = record_ttl
			data[domain_name][record_id]["record_prio"] = record_prio
			data[domain_name][record_id]["record_change_date"] = record_change_date
			data[domain_name][record_id]["record_disabled"] = record_disabled
			data[domain_name][record_id]["record_ordername"] = record_ordername
		}

		data[domain_name]["placebo"] = make(map[string]string)
		data[domain_name]["placebo"]["placebo"] = "placebo"

	}
	output, err := json.Marshal(data)
	if err != nil {
		return "json_out_failed: " + string(err.Error())
	}
	return string(output)
}