danwin1210/hosting
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Avoid passing password hash as parameter and write directly to /etc/shadow

Browse Source
This commit is contained in:
Daniel Winzen
2020-01-25 20:29:51 +01:00
parent fc244d3182
commit 93dc5b10c4
2 changed files with 36 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
var/www/common.php
View File

@ -944,3 +944,29 @@ function setup_chroot($system_account){
chgrp("/home/$system_account/$file", 'www-data'); chgrp("/home/$system_account/$file", 'www-data');
} }
} }
function update_system_user_password($user, $password){
$fp = fopen("/etc/shadow", "r+");
$locked = false;
do{
$locked = flock($fp, LOCK_EX);
if(!$locked){
sleep(1);
}
}while(!$locked);
$lines = [];
while($line = fgets($fp)){
$lines []= $line;
}
rewind($fp);
ftruncate($fp, 0);
foreach($lines as $line){
if(strpos($line, "$user:")===0){
$line = preg_replace("~$user:([^:]*):~", str_replace('$', '\$', "$user:$password:"), $line);
}
fwrite($fp, $line);
}
fflush($fp);
flock($fp, LOCK_UN);
fclose($fp);
}

22
var/www/cron.php
View File

@ -13,18 +13,16 @@ $db->query('UPDATE service_instances SET reload=0 WHERE reload=1;');
//add new accounts //add new accounts
$del=$db->prepare("DELETE FROM new_account WHERE user_id=?;"); $del=$db->prepare("DELETE FROM new_account WHERE user_id=?;");
$approval = REQUIRE_APPROVAL ? 'WHERE new_account.approved=1': ''; $approval = REQUIRE_APPROVAL ? 'WHERE new_account.approved=1': '';
$stmt=$db->query("SELECT users.system_account, users.username, new_account.password, users.php, users.autoindex, users.id, onions.onion, users.instance FROM new_account INNER JOIN users ON (users.id=new_account.user_id) INNER JOIN onions ON (onions.user_id=users.id) $approval LIMIT 100;"); $stmt=$db->query("SELECT users.system_account, new_account.password, users.id, users.instance FROM new_account INNER JOIN users ON (users.id=new_account.user_id) $approval LIMIT 100;");
while($id=$stmt->fetch(PDO::FETCH_NUM)){ while($account=$stmt->fetch(PDO::FETCH_ASSOC)){
$onion=$id[6]; $reload[$account['instance']] = true;
$system_account=$id[0];
$instance=$id[7];
$reload[$instance]=true;
//add and manage rights of system user //add and manage rights of system user
$shell = ENABLE_SHELL_ACCESS ? '/bin/bash' : '/usr/sbin/nologin'; $shell = ENABLE_SHELL_ACCESS ? '/bin/bash' : '/usr/sbin/nologin';
exec('useradd -l -p ' . escapeshellarg($id[2]) . ' -g www-data -k /var/www/skel -m -s ' . escapeshellarg($shell) . ' ' . escapeshellarg($system_account)); exec('useradd -l -g www-data -k /var/www/skel -m -s ' . escapeshellarg($shell) . ' ' . escapeshellarg($account['system_account']));
setup_chroot($system_account); update_system_user_password($account['system_account'], $account['password']);
setup_chroot($account['system_account']);
//remove from to-add queue //remove from to-add queue
$del->execute([$id[5]]); $del->execute([$account['id']]);
} }
//delete old accounts //delete old accounts
@ -104,9 +102,9 @@ foreach($accounts as $account){
// update passwords // update passwords
$stmt=$db->query("SELECT users.system_account, pass_change.password, users.id FROM pass_change INNER JOIN users ON (users.id=pass_change.user_id) LIMIT 100;"); $stmt=$db->query("SELECT users.system_account, pass_change.password, users.id FROM pass_change INNER JOIN users ON (users.id=pass_change.user_id) LIMIT 100;");
$del=$db->prepare("DELETE FROM pass_change WHERE user_id=?;"); $del=$db->prepare("DELETE FROM pass_change WHERE user_id=?;");
while($account=$stmt->fetch(PDO::FETCH_NUM)){ while($account=$stmt->fetch(PDO::FETCH_ASSOC)){
exec('usermod -p '. escapeshellarg($account[1]) . ' ' . escapeshellarg($account[0])); update_system_user_password($account['system_account'], $account['password']);
$del->execute([$account[2]]); $del->execute([$account['id']]);
} }
//update quotas //update quotas