Пример #1
0
func FtpEditUser(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "ftpusers")
	if !auth {
		return "not_authorized"
	}

	username := util.Query(ctx, "username")
	password := util.Query(ctx, "password")

	db, _ := util.MySQL()
	defer db.Close()

	// check if user owns domain
	dstmt, _ := db.Prepare("SELECT * FROM `hostcontrol_ftpusers` WHERE `ftpusername`=? and `system_username`=?")
	row1, _ := dstmt.Query(username, hcuser.System_username)
	defer dstmt.Close()
	if !row1.Next() {
		return "user_not_found"
	}

	// set the password
	util.Bash("echo " + util.SHSanitize(password) + " | passwd " + util.SHSanitize(username) + " --stdin")

	return "success"
}
Пример #2
0
func ChPassword(username string, password string) bool {
	if username == "" {
		return false
	}

	if password == "" {
		return false
	}
	// set the password
	util.Bash("echo " + util.SHSanitize(password) + " | passwd " + util.SHSanitize(username) + " --stdin")

	return true
}
Пример #3
0
func DeleteWebsite(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "websites")
	if !auth {
		return "not_authorized"
	}

	db, err := util.MySQL()
	if err != nil {
		return string(err.Error())
	}
	defer db.Close()

	vhost_id := util.Query(ctx, "vhost_id")

	stmt, _ := db.Prepare("SELECT * from website_vhosts WHERE vhost_id = ? and system_username=?")
	rows, _ := stmt.Query(vhost_id, hcuser.System_username)
	stmt.Close()

	if rows.Next() {
		var vhost_id string
		var system_username string
		var domain string
		var documentroot string
		var ipaddr string
		var ssl_enabled string
		var ssl_certificate string
		var ssl_key string
		var ssl_ca_certificate string

		rows.Scan(&vhost_id, &system_username, &domain, &documentroot, &ipaddr, &ssl_enabled, &ssl_certificate, &ssl_key, &ssl_ca_certificate)

		os.RemoveAll("/var/log/httpd/" + hcuser.System_username + "/" + domain + "-error_log")
		os.RemoveAll("/var/log/httpd/" + hcuser.System_username + "/" + domain + "-access_log")
		os.RemoveAll("/var/log/httpd/" + hcuser.System_username + "/" + domain + "-ssl-error_log")
		os.RemoveAll("/var/log/httpd/" + hcuser.System_username + "/" + domain + "-ssl-access_log")
		os.RemoveAll("/etc/pki/tls/certs/" + domain + ".crt")
		os.RemoveAll("/etc/pki/tls/certs/" + domain + ".ca.crt")
		os.RemoveAll("/etc/pki/tls/private/" + domain + ".key")
		os.RemoveAll("/etc/httpd/vhosts.d/" + domain + ".conf")
		os.RemoveAll("/etc/httpd/vhosts.d/" + domain + ".ssl.conf")
		stmt, _ = db.Prepare("delete from website_vhosts where vhost_id=?")
		stmt.Exec(vhost_id)
		stmt.Close()

	} else {
		return "domain_not_found"
	}

	util.Bash("systemctl reload httpd")
	return "success"
}
Пример #4
0
func Adduser(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "sysusers")
	if !auth {
		return "not_authorized"
	}

	username := util.Query(ctx, "username")
	password := util.Query(ctx, "password")

	if username == "" || username == "root" {
		return "username_required"
	}

	if password == "" {
		return "password_required"
	}

	db, _ := util.MySQL()
	defer db.Close()

	// check if username is available
	_, lookup_err1 := user.Lookup(username)
	if lookup_err1 == nil {
		return "username_taken"
	}

	// add the user
	util.Cmd("useradd", []string{username, "-d", "/home/" + username})

	// make sure user was added
	_, lookup_err2 := user.Lookup(username)
	if lookup_err2 != nil {
		return "unable_to_create"
	}

	// set the password
	util.Bash("echo " + util.SHSanitize(password) + " | passwd " + util.SHSanitize(username) + " --stdin")

	new_token := util.MkToken()

	// add the user
	istmt, _ := db.Prepare("insert hostcontrol_users set hostcontrol_id=null, system_username=?, privileges=?, owned_by=?, login_token=?, email_address=?")

	privileges := ""

	perm_all := util.Query(ctx, "allperms")
	if strings.Contains(hcuser.Privileges, "all") && perm_all != "" {
		privileges += "all "
	}
	perm_websites := util.Query(ctx, "websites")
	if (strings.Contains(hcuser.Privileges, "websites") || strings.Contains(hcuser.Privileges, "all")) && perm_websites != "" {
		privileges += "websites "
	}
	perm_mail := util.Query(ctx, "mail")
	if (strings.Contains(hcuser.Privileges, "mail") || strings.Contains(hcuser.Privileges, "all")) && perm_mail != "" {
		privileges += "mail "
	}
	perm_databases := util.Query(ctx, "databases")
	if (strings.Contains(hcuser.Privileges, "databases") || strings.Contains(hcuser.Privileges, "all")) && perm_databases != "" {
		privileges += "databases "
	}
	perm_ftpusers := util.Query(ctx, "ftpusers")
	if (strings.Contains(hcuser.Privileges, "ftpusers") || strings.Contains(hcuser.Privileges, "all")) && perm_ftpusers != "" {
		privileges += "ftpusers "
	}
	perm_dns := util.Query(ctx, "dns")
	if (strings.Contains(hcuser.Privileges, "dns") || strings.Contains(hcuser.Privileges, "all")) && perm_dns != "" {
		privileges += "dns "
	}
	perm_sysusers := util.Query(ctx, "sysusers")
	if (strings.Contains(hcuser.Privileges, "sysusers") || strings.Contains(hcuser.Privileges, "all")) && perm_sysusers != "" {
		privileges += "sysusers "
	}

	istmt.Exec(username, privileges, hcuser.System_username, new_token, "")
	istmt.Close()

	return "success"
}
Пример #5
0
func AddFtpUser(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "ftpusers")
	if !auth {
		return "not_authorized"
	}

	suser, err := user.Lookup(hcuser.System_username)

	if err != nil {
		return string(err.Error())
	}

	username := util.Query(ctx, "ftpuser")
	if username == "" {
		return "ftpuser_required"
	}
	password := util.Query(ctx, "password")
	if password == "" {
		return "password_required"
	}
	homedir := util.Query(ctx, "homedir")
	if homedir == "" {
		return "homedir_required"
	}

	username = hcuser.System_username + "_" + username

	// attempt to make homedir as the user
	util.Cmd("su", []string{"-", hcuser.System_username, "-c", "mkdir -p " + homedir})

	// check ownership...
	uid, _ := strconv.Atoi(suser.Uid)
	gid, _ := strconv.Atoi(suser.Gid)
	if !util.ChkPerms(homedir, uid, gid) {
		return "invalid_homedir"
	}

	db, _ := util.MySQL()
	defer db.Close()

	// add the user
	// useradd {username} -g {gid} -u {uid} -s /sbin/nologin -o
	util.Cmd("useradd", []string{username, "-d", homedir, "-g", suser.Gid, "-u", suser.Uid, "-s", "/sbin/nologin", "-o"})

	// make sure user was added
	_, lookup_err2 := user.Lookup(username)
	if lookup_err2 != nil {
		return "unable_to_create"
	}

	// set the password
	util.Bash("echo " + util.SHSanitize(password) + " | passwd " + util.SHSanitize(username) + " --stdin")

	// add the user
	istmt, _ := db.Prepare("insert hostcontrol_ftpusers set ftpuser_id=null, ftpusername=?, homedir=?, system_username=?")

	istmt.Exec(username, homedir, hcuser.System_username)
	istmt.Close()

	return "success"
}
Пример #6
0
func runscript(asset_path string) {
	data, _ := Asset(asset_path)
	bash_script := string(data)
	util.Bash(bash_script)
}
Пример #7
0
func AddWebsite(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "websites")
	if !auth {
		return "not_authorized"
	}

	db, err := util.MySQL()
	if err != nil {
		return string(err.Error())
	}

	defer db.Close()

	domainname := util.Query(ctx, "domainname")
	if domainname == "" {
		return "invalid_domainname"
	}

	// check if website is taken already
	stmt, _ := db.Prepare("SELECT * from website_vhosts WHERE domain = ?")
	rows, _ := stmt.Query(domainname)
	stmt.Close()

	if rows.Next() {
		return "not_authorized"
	}

	suser, err := user.Lookup(hcuser.System_username)

	documentroot := path.Clean("/www/" + domainname)
	documentroot = path.Clean(suser.HomeDir + "/" + documentroot)
	documentroot_base := path.Clean(suser.HomeDir + "/www")

	uid, err := strconv.Atoi(suser.Uid)
	if err != nil {
		return string(err.Error())
	}

	gid, err := strconv.Atoi(suser.Gid)
	if err != nil {
		return string(err.Error())
	}

	os.Mkdir("/var/log/httpd/"+hcuser.System_username, 0755)

	os.MkdirAll(documentroot, 0755)
	os.Chown(documentroot, uid, gid)
	os.Chown(documentroot_base, uid, gid)

	rawvhostconf, _ := ioutil.ReadFile("common/src/rhel7/httpd/vhost.conf")
	vhost_data := string(rawvhostconf)

	vhost_data = strings.Replace(vhost_data, "__HOSTNAME__", domainname, -1)
	vhost_data = strings.Replace(vhost_data, "__USERNAME__", hcuser.System_username, -1)
	vhost_data = strings.Replace(vhost_data, "__DOCUMENTROOT__", documentroot, -1)
	vdat := []byte(vhost_data)

	write_err := ioutil.WriteFile("/etc/httpd/vhosts.d/"+domainname+".conf", vdat, 0644)

	if write_err != nil {
		return string(write_err.Error())
	}

	istmt, _ := db.Prepare("INSERT INTO `hostcontrol`.`website_vhosts` set `vhost_id`=null, `system_username`=?, `domain`=?, `documentroot`=?, `ipaddr`=?, `ssl_enabled`='N', `ssl_certificate`='', `ssl_key`='', `ssl_ca_certificate`=''")
	istmt.Exec(hcuser.System_username, domainname, documentroot, "*")
	istmt.Close()

	util.Bash("systemctl reload httpd")

	return "success"
}
Пример #8
0
func ManageWebsiteSSL(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "websites")
	if !auth {
		return "not_authorized"
	}

	db, err := util.MySQL()
	if err != nil {
		return string(err.Error())
	}
	defer db.Close()

	vhost_id := util.Query(ctx, "vhost_id")

	enablessl := util.Query(ctx, "enablessl")

	crt_data := strings.Trim(util.Query(ctx, "crt_data"), " ")
	crtca_data := strings.Trim(util.Query(ctx, "crtca_data"), " ")
	key_data := strings.Trim(util.Query(ctx, "key_data"), " ")

	if enablessl != "Y" {
		enablessl = "N"
	}

	stmt, _ := db.Prepare("SELECT * from website_vhosts WHERE vhost_id = ? and system_username=?")
	rows, _ := stmt.Query(vhost_id, hcuser.System_username)
	stmt.Close()

	if rows.Next() {
		var vhost_id string
		var system_username string
		var domain string
		var documentroot string
		var ipaddr string
		var ssl_enabled string
		var ssl_certificate string
		var ssl_key string
		var ssl_ca_certificate string

		rows.Scan(&vhost_id, &system_username, &domain, &documentroot, &ipaddr, &ssl_enabled, &ssl_certificate, &ssl_key, &ssl_ca_certificate)

		crt_write := ioutil.WriteFile("/etc/pki/tls/certs/"+domain+".crt.tmp", []byte(crt_data), 0644)
		if crt_write != nil {
			return string(crt_write.Error())
		}
		crtca_write := ioutil.WriteFile("/etc/pki/tls/certs/"+domain+".ca.crt.tmp", []byte(crtca_data), 0644)
		if crtca_write != nil {
			return string(crtca_write.Error())
		}
		key_write := ioutil.WriteFile("/etc/pki/tls/private/"+domain+".key.tmp", []byte(key_data), 0644)
		if key_write != nil {
			return string(key_write.Error())
		}

		_, crt_err := tls.LoadX509KeyPair("/etc/pki/tls/certs/"+domain+".crt.tmp", "/etc/pki/tls/private/"+domain+".key.tmp")
		if crt_err != nil {
			os.RemoveAll("/etc/pki/tls/certs/" + domain + ".crt.tmp")
			os.RemoveAll("/etc/pki/tls/certs/" + domain + ".ca.crt.tmp")
			os.RemoveAll("/etc/pki/tls/private/" + domain + ".key.tmp")
			return "certificate_key_pair_failed " + string(crt_err.Error())
		}

		os.RemoveAll("/etc/pki/tls/certs/" + domain + ".crt")
		os.RemoveAll("/etc/pki/tls/certs/" + domain + ".ca.crt")
		os.RemoveAll("/etc/pki/tls/private/" + domain + ".key")

		os.Rename("/etc/pki/tls/certs/"+domain+".crt.tmp", "/etc/pki/tls/certs/"+domain+".crt")
		os.Rename("/etc/pki/tls/certs/"+domain+".ca.crt.tmp", "/etc/pki/tls/certs/"+domain+".ca.crt")
		os.Rename("/etc/pki/tls/private/"+domain+".key.tmp", "/etc/pki/tls/private/"+domain+".key")

		rawvhostconf, _ := ioutil.ReadFile("common/src/rhel7/httpd/vhost.ssl.conf")
		vhost_data := string(rawvhostconf)

		vhost_data = strings.Replace(vhost_data, "__IPADDR__", "*", -1)
		vhost_data = strings.Replace(vhost_data, "__HOSTNAME__", domain, -1)
		vhost_data = strings.Replace(vhost_data, "__USERNAME__", hcuser.System_username, -1)
		vhost_data = strings.Replace(vhost_data, "__DOCUMENTROOT__", documentroot, -1)
		vdat := []byte(vhost_data)

		write_err := ioutil.WriteFile("/etc/httpd/vhosts.d/"+domain+".ssl.conf", vdat, 0644)
		if write_err != nil {
			return string(write_err.Error())
		}

		xstmt, err := db.Prepare("update website_vhosts set ssl_enabled=?, ssl_certificate=?, ssl_key=?, ssl_ca_certificate=? where vhost_id=?")
		if err != nil {
			return "failed_to_update_record"
		}

		_, xerr := xstmt.Exec(enablessl, crt_data, key_data, crtca_data, vhost_id)
		xstmt.Close()

		if xerr != nil {
			return "failed_to_update_record"
		}
	} else {
		return "domain_not_found"
	}

	util.Bash("systemctl reload httpd")
	return "success"
}