Structure changes for future features
This commit is contained in:
Daniel Winzen
147
var/www/cron.php
147
var/www/cron.php
@ -9,12 +9,13 @@ $reload=[];
|
||||
|
||||
//add new accounts
|
||||
$del=$db->prepare("DELETE FROM new_account WHERE user_id=?;");
|
||||
$update_priv=$db->prepare("UPDATE users SET private_key=? WHERE onion=?;");
|
||||
$update_priv=$db->prepare("UPDATE onions SET private_key=? WHERE user_id=?;");
|
||||
$approval = REQUIRE_APPROVAL ? 'WHERE new_account.approved=1': '';
|
||||
$stmt=$db->query("SELECT users.onion, users.username, new_account.password, users.private_key, users.php, users.autoindex, users.id FROM new_account INNER JOIN users ON (users.id=new_account.user_id) $approval LIMIT 100;");
|
||||
$stmt=$db->query("SELECT users.system_account, users.username, new_account.password, onions.private_key, users.php, users.autoindex, users.id, onions.onion FROM new_account INNER JOIN users ON (users.id=new_account.user_id) INNER JOIN onions ON (onions.user_id=users.id) $approval LIMIT 100;");
|
||||
while($id=$stmt->fetch(PDO::FETCH_NUM)){
|
||||
$onion=$id[0];
|
||||
$firstchar=substr($onion, 0, 1);
|
||||
$onion=$id[7];
|
||||
$system_account=$id[0];
|
||||
$firstchar=substr($system_account, 0, 1);
|
||||
$reload[$firstchar]=true;
|
||||
//php openssl implementation has some issues, re-export using native openssl
|
||||
$pkey=openssl_pkey_get_private($id[3]);
|
||||
@ -22,21 +23,21 @@ while($id=$stmt->fetch(PDO::FETCH_NUM)){
|
||||
openssl_pkey_free($pkey);
|
||||
$priv_key=shell_exec('openssl rsa < key.tmp');
|
||||
unlink('key.tmp');
|
||||
$update_priv->execute([$priv_key, $onion]);
|
||||
$update_priv->execute([$priv_key, $id[6]]);
|
||||
//add and manage rights of system user
|
||||
exec('useradd -l -p '. escapeshellarg($id[2]) . " -g www-data -k /var/www/skel -m -s /usr/sbin/nologin $onion.onion");
|
||||
chown("/home/$onion.onion", 'root');
|
||||
chgrp("/home/$onion.onion", 'www-data');
|
||||
chmod("/home/$onion.onion", 0550);
|
||||
exec('useradd -l -p ' . escapeshellarg($id[2]) . ' -g www-data -k /var/www/skel -m -s /usr/sbin/nologin ' . escapeshellarg($system_account));
|
||||
chown("/home/$system_account", 'root');
|
||||
chgrp("/home/$system_account", 'www-data');
|
||||
chmod("/home/$system_account", 0550);
|
||||
foreach(['.ssh', 'data', 'Maildir', 'tmp'] as $dir){
|
||||
mkdir("/home/$onion.onion/$dir", 0700);
|
||||
chown("/home/$onion.onion/$dir", "$onion.onion");
|
||||
chgrp("/home/$onion.onion/$dir", 'www-data');
|
||||
mkdir("/home/$system_account/$dir", 0700);
|
||||
chown("/home/$system_account/$dir", $system_account);
|
||||
chgrp("/home/$system_account/$dir", 'www-data');
|
||||
}
|
||||
foreach(['logs'] as $dir){
|
||||
mkdir("/home/$onion.onion/$dir", 0550);
|
||||
chown("/home/$onion.onion/$dir", "$onion.onion");
|
||||
chgrp("/home/$onion.onion/$dir", 'www-data');
|
||||
foreach(['logs']){
|
||||
mkdir("/home/$system_account/$dir", 0550);
|
||||
chown("/home/$system_account/$dir", $system_account);
|
||||
chgrp("/home/$system_account/$dir", 'www-data');
|
||||
}
|
||||
|
||||
//configuration for services
|
||||
@ -45,13 +46,13 @@ if($id[4]>0){
|
||||
$php_location="
|
||||
location ~ [^/]\.php(/|\$) {
|
||||
include snippets/fastcgi-php.conf;
|
||||
fastcgi_pass unix:/run/php/$onion;
|
||||
fastcgi_pass unix:/run/php/$system_account;
|
||||
}
|
||||
";
|
||||
}else{
|
||||
$php_location='';
|
||||
}
|
||||
if($id[5]!=0){
|
||||
if($id[5]){
|
||||
$autoindex='on';
|
||||
}else{
|
||||
$autoindex='off';
|
||||
@ -59,14 +60,14 @@ if($id[5]!=0){
|
||||
|
||||
$nginx="server {
|
||||
listen [::]:80;
|
||||
listen unix:/var/run/nginx/$onion;
|
||||
root /home/$onion.onion/www;
|
||||
listen unix:/var/run/nginx/$system_account;
|
||||
root /home/$system_account/www;
|
||||
server_name $onion.onion *.$onion.onion;
|
||||
access_log /var/log/nginx/access_$onion.onion.log custom buffer=16k flush=1m;
|
||||
access_log /home/$onion.onion/logs/access.log custom buffer=16k flush=1m;
|
||||
error_log /var/log/nginx/error_$onion.onion.log notice;
|
||||
error_log /home/$onion.onion/logs/error.log notice;
|
||||
disable_symlinks on from=/home/$onion.onion/www;
|
||||
access_log /var/log/nginx/access_$system_account.log custom buffer=8k flush=1m;
|
||||
access_log /home/$system_account/logs/access.log custom buffer=8k flush=1m;
|
||||
error_log /var/log/nginx/error_$system_account.log notice;
|
||||
error_log /home/$system_account/logs/error.log notice;
|
||||
disable_symlinks on from=/home/$system_account;
|
||||
autoindex $autoindex;
|
||||
location / {
|
||||
try_files \$uri \$uri/ =404;$php_location
|
||||
@ -74,33 +75,33 @@ $nginx="server {
|
||||
}
|
||||
";
|
||||
|
||||
$php="[$onion]
|
||||
user = $onion.onion
|
||||
$php="[$system_account]
|
||||
user = $system_account
|
||||
group = www-data
|
||||
listen = /run/php/$onion
|
||||
listen = /run/php/$system_account
|
||||
listen.owner = www-data
|
||||
listen.group = www-data
|
||||
listen.mode = 0660
|
||||
pm = ondemand
|
||||
pm.max_children = 20
|
||||
pm.process_idle_timeout = 10s;
|
||||
php_admin_value[sendmail_path] = '/usr/bin/php /var/www/sendmail_wrapper.php \"$onion.onion <$onion.onion@" . ADDRESS . ">\" | /usr/sbin/sendmail -t -i'
|
||||
php_admin_value[sendmail_path] = '/usr/bin/php /var/www/sendmail_wrapper.php \"$system_account <$system_account@" . ADDRESS . ">\" | /usr/sbin/sendmail -t -i'
|
||||
php_admin_value[memory_limit] = 256M
|
||||
php_admin_value[disable_functions] = exec,link,passthru,pcntl_alarm,pcntl_async_signals,pcntl_exec,pcntl_fork,pcntl_get_last_error,pcntl_getpriority,pcntl_setpriority,pcntl_signal,pcntl_signal_dispatch,pcntl_signal_get_handler,pcntl_sigprocmask,pcntl_sigtimedwait,pcntl_sigwaitinfo,pcntl_strerror,pcntl_waitpid,pcntl_wait,pcntl_wexitstatus,pcntl_wifcontinued,pcntl_wifexited,pcntl_wifsignaled,pcntl_wifstopped,pcntl_wstopsig,pcntl_wtermsig,popen,posix_ctermid,posix_getgrgid,posix_getgrnam,posix_getpgid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_kill,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setrlimit,posix_setuid,posix_ttyname,posix_uname,proc_open,putenv,shell_exec,socket_listen,socket_create_listen,socket_bind,stream_socket_server,symlink,system
|
||||
php_admin_value[open_basedir] = /home/$onion.onion
|
||||
php_admin_value[upload_tmp_dir] = /home/$onion.onion/tmp
|
||||
php_admin_value[soap.wsdl_cache_dir] = /home/$onion.onion/tmp
|
||||
php_admin_value[session.save_path] = /home/$onion.onion/tmp
|
||||
php_admin_value[open_basedir] = /home/$system_account
|
||||
php_admin_value[upload_tmp_dir] = /home/$system_account/tmp
|
||||
php_admin_value[soap.wsdl_cache_dir] = /home/$system_account/tmp
|
||||
php_admin_value[session.save_path] = /home/$system_account/tmp
|
||||
";
|
||||
|
||||
//save configuration files
|
||||
file_put_contents("/etc/nginx/sites-enabled/$onion.onion", $nginx);
|
||||
file_put_contents("/etc/nginx/sites-enabled/$system_account", $nginx);
|
||||
if($id[4]==1){
|
||||
file_put_contents("/etc/php/7.0/fpm/pool.d/$firstchar/$onion.conf", $php);
|
||||
file_put_contents("/etc/php/7.0/fpm/pool.d/$firstchar/$system_account.conf", $php);
|
||||
}elseif($id[4]==2){
|
||||
file_put_contents("/etc/php/7.1/fpm/pool.d/$firstchar/$onion.conf", $php);
|
||||
file_put_contents("/etc/php/7.1/fpm/pool.d/$firstchar/$system_account.conf", $php);
|
||||
}elseif($id[4]==3){
|
||||
file_put_contents("/etc/php/7.2/fpm/pool.d/$firstchar/$onion.conf", $php);
|
||||
file_put_contents("/etc/php/7.2/fpm/pool.d/$firstchar/$system_account.conf", $php);
|
||||
}
|
||||
//save hidden service
|
||||
mkdir("/var/lib/tor-instances/$firstchar/hidden_service_$onion.onion", 0700);
|
||||
@ -114,42 +115,41 @@ php_admin_value[session.save_path] = /home/$onion.onion/tmp
|
||||
chgrp("/var/lib/tor-instances/$firstchar/hidden_service_$onion.onion/", "_tor-$firstchar");
|
||||
chgrp("/var/lib/tor-instances/$firstchar/hidden_service_$onion.onion/hostname", "_tor-$firstchar");
|
||||
chgrp("/var/lib/tor-instances/$firstchar/hidden_service_$onion.onion/private_key", "_tor-$firstchar");
|
||||
//add hidden service to torrc
|
||||
$torrc=file_get_contents("/etc/tor/instances/$firstchar/torrc");
|
||||
$torrc.="HiddenServiceDir /var/lib/tor-instances/$firstchar/hidden_service_$onion.onion/\nHiddenServicePort 80 unix:/var/run/nginx/$onion\nHiddenServicePort 25\n";
|
||||
file_put_contents("/etc/tor/instances/$firstchar/torrc", $torrc);
|
||||
//remove from to-add queue
|
||||
$del->execute([$id[6]]);
|
||||
}
|
||||
|
||||
//delete old accounts
|
||||
$del=$db->prepare("DELETE FROM users WHERE onion=?");
|
||||
$stmt=$db->query("SELECT onion, id, mysql_user FROM users WHERE todelete=1 LIMIT 100;");
|
||||
$del=$db->prepare("DELETE FROM users WHERE id=?;");
|
||||
$stmt=$db->query("SELECT system_account, id, mysql_user FROM users WHERE todelete=1 LIMIT 100;");
|
||||
$onions=$stmt->fetchAll(PDO::FETCH_NUM);
|
||||
$stmt=$db->prepare('SELECT onion FROM onions WHERE user_id=?;');
|
||||
$del_onions=$db->prepare('DELETE FROM onions WHERE user_id=?;');
|
||||
foreach($onions as $onion){
|
||||
$firstchar=substr($onion[0], 0, 1);
|
||||
$reload[$firstchar]=true;
|
||||
//delete config files
|
||||
if(file_exists("/etc/php/7.0/fpm/pool.d/$firstchar/$onion[0].conf")){
|
||||
unlink("/etc/php/7.0/fpm/pool.d/$firstchar/$onion[0].conf");
|
||||
foreach(['7.0', '7.1', '7.2'] as $v){
|
||||
// new naming schema
|
||||
if(file_exists("/etc/php/$v/fpm/pool.d/$firstchar/$onion[0].conf")){
|
||||
unlink("/etc/php/$v/fpm/pool.d/$firstchar/$onion[0].conf");
|
||||
}
|
||||
// old naming schema
|
||||
if(file_exists("/etc/php/$v/fpm/pool.d/$firstchar/".substr($onion[0], 0, 16).".conf")){
|
||||
unlink("/etc/php/$v/fpm/pool.d/$firstchar/".substr($onion[0], 0, 16).".conf");
|
||||
}
|
||||
}
|
||||
if(file_exists("/etc/php/7.1/fpm/pool.d/$firstchar/$onion[0].conf")){
|
||||
unlink("/etc/php/7.1/fpm/pool.d/$firstchar/$onion[0].conf");
|
||||
}
|
||||
if(file_exists("/etc/php/7.2/fpm/pool.d/$firstchar/$onion[0].conf")){
|
||||
unlink("/etc/php/7.2/fpm/pool.d/$firstchar/$onion[0].conf");
|
||||
}
|
||||
unlink("/etc/nginx/sites-enabled/$onion[0].onion");
|
||||
//clean torrc from user
|
||||
$torrc=file_get_contents("/etc/tor/instances/$firstchar/torrc");
|
||||
$torrc=str_replace("HiddenServiceDir /var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/\nHiddenServicePort 80 unix:/var/run/nginx/$onion[0]\nHiddenServicePort 25\n", '', $torrc);
|
||||
file_put_contents("/etc/tor/instances/$firstchar/torrc", $torrc);
|
||||
//delete hidden service from tor
|
||||
if(file_exists("/var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/")){
|
||||
unlink("/var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/hostname");
|
||||
unlink("/var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/private_key");
|
||||
rmdir("/var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/");
|
||||
unlink("/etc/nginx/sites-enabled/$onion[0]");
|
||||
$stmt->execute([$onion[1]]);
|
||||
while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
|
||||
//delete hidden service from tor
|
||||
if(file_exists("/var/lib/tor-instances/$firstchar/hidden_service_$tmp[0].onion/")){
|
||||
unlink("/var/lib/tor-instances/$firstchar/hidden_service_$tmp[0].onion/hostname");
|
||||
unlink("/var/lib/tor-instances/$firstchar/hidden_service_$tmp[0].onion/private_key");
|
||||
rmdir("/var/lib/tor-instances/$firstchar/hidden_service_$tmp[0].onion/");
|
||||
}
|
||||
}
|
||||
$del_onions->execute([$onion[1]]);
|
||||
}
|
||||
|
||||
//reload services
|
||||
@ -160,18 +160,29 @@ foreach($reload as $key => $val){
|
||||
exec("service php7.0-fpm@$key restart");
|
||||
exec("service php7.1-fpm@$key restart");
|
||||
exec("service php7.2-fpm@$key restart");
|
||||
exec("service tor@$key reload");
|
||||
rewrite_torrc($db, $key);
|
||||
}
|
||||
|
||||
//continue deleting old accounts
|
||||
$stmt=$db->prepare('SELECT mysql_database FROM mysql_databases WHERE user_id=?;');
|
||||
foreach($onions as $onion){
|
||||
//kill processes of the user to allow deleting system users
|
||||
exec("skill -u $onion[0].onion");
|
||||
exec('skill -u ' . escapeshellarg($onion[0]));
|
||||
//delete user and group
|
||||
exec("userdel -rf $onion[0].onion");
|
||||
exec('userdel -rf ' . escapeshellarg($onion[0]));
|
||||
//delete all log files
|
||||
exec("rm -f /var/log/nginx/*$onion[0].onion.log*");
|
||||
if(file_exists("/var/log/nginx/access_$onion[0].log")){
|
||||
unlink("/var/log/nginx/access_$onion[0].log");
|
||||
}
|
||||
if(file_exists("/var/log/nginx/access_$onion[0].log.1")){
|
||||
unlink("/var/log/nginx/access_$onion[0].log.1");
|
||||
}
|
||||
if(file_exists("/var/log/nginx/error_$onion[0].log")){
|
||||
unlink("/var/log/nginx/error_$onion[0].log");
|
||||
}
|
||||
if(file_exists("/var/log/nginx/error_$onion[0].log.1")){
|
||||
unlink("/var/log/nginx/error_$onion[0].log.1");
|
||||
}
|
||||
//delete user from database
|
||||
$db->exec("DROP USER '$onion[2]'@'%';");
|
||||
$stmt->execute([$onion[1]]);
|
||||
@ -180,13 +191,13 @@ foreach($onions as $onion){
|
||||
}
|
||||
$db->exec('FLUSH PRIVILEGES;');
|
||||
//delete user from user database
|
||||
$del->execute([$onion[0]]);
|
||||
$del->execute([$onion[1]]);
|
||||
}
|
||||
|
||||
// update passwords
|
||||
$stmt=$db->query("SELECT users.onion, pass_change.password, users.id FROM pass_change INNER JOIN users ON (users.id=pass_change.user_id) LIMIT 100;");
|
||||
$stmt=$db->query("SELECT users.system_account, pass_change.password, users.id FROM pass_change INNER JOIN users ON (users.id=pass_change.user_id) LIMIT 100;");
|
||||
$del=$db->prepare("DELETE FROM pass_change WHERE user_id=?;");
|
||||
while($onion=$stmt->fetch(PDO::FETCH_NUM)){
|
||||
exec('usermod -p '. escapeshellarg($onion[1]) . " $onion[0].onion");
|
||||
exec('usermod -p '. escapeshellarg($onion[1]) . ' ' . escapeshellarg($onion[0]));
|
||||
$del->execute([$onion[2]]);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user