1: | <?php |
2: | declare(strict_types=1); |
3: | |
4: | |
5: | |
6: | |
7: | |
8: | |
9: | |
10: | |
11: | |
12: | |
13: | |
14: | |
15: | use Module\Support\Auth; |
16: | use Opcenter\Filesystem\Quota; |
17: | use Opcenter\Map; |
18: | use Opcenter\Process; |
19: | use Opcenter\Service\Validators\Billing\ParentInvoice; |
20: | |
21: | |
22: | |
23: | |
24: | |
25: | |
26: | |
27: | class Site_Module extends Auth |
28: | implements Module\Skeleton\Contracts\Hookable |
29: | { |
30: | use ImpersonableTrait; |
31: | |
32: | |
33: | const AMNESTY_MULTIPLIER = Diskquota_Module::AMNESTY_MULTIPLIER; |
34: | |
35: | const DEPENDENCY_MAP = []; |
36: | |
37: | |
38: | protected $exportedFunctions = [ |
39: | '*' => PRIVILEGE_SITE, |
40: | 'get_admin_email' => PRIVILEGE_SITE | PRIVILEGE_USER, |
41: | 'ip_address' => PRIVILEGE_SITE | PRIVILEGE_USER, |
42: | 'split_hostname' => PRIVILEGE_SITE | PRIVILEGE_USER |
43: | ]; |
44: | |
45: | |
46: | |
47: | |
48: | |
49: | |
50: | |
51: | |
52: | public function user_service_enabled(string $user, string $service): bool |
53: | { |
54: | $svc_cache = $this->user_svc_cache; |
55: | $svc_file = $this->domain_fs_path() . '/etc/' . $service . '.pamlist'; |
56: | $site = $this->site_id; |
57: | |
58: | if (!file_exists($svc_file)) { |
59: | return error("Invalid service name `%s'", $service); |
60: | } |
61: | |
62: | |
63: | if (!isset($svc_cache[$site]) || |
64: | filemtime($svc_file) > $svc_cache[$site]['mtime'] |
65: | ) { |
66: | $fp = fopen($svc_file, 'r'); |
67: | $contents = fread($fp, filesize($svc_file)); |
68: | foreach (explode("\n", $contents) as $line) { |
69: | $svc_cache[$site]['users'][trim($line)][$service] = 1; |
70: | } |
71: | |
72: | fclose($fp); |
73: | $svc_cache[$site]['mtime'] = filemtime($svc_file); |
74: | } |
75: | |
76: | return isset($svc_cache[$site]['users'][$user][$service]); |
77: | |
78: | } |
79: | |
80: | |
81: | |
82: | |
83: | |
84: | |
85: | |
86: | |
87: | public function get_bandwidth_usage(int $type = null) |
88: | { |
89: | deprecated_func('Use bandwidth_usage()'); |
90: | |
91: | return $this->bandwidth_usage($type); |
92: | } |
93: | |
94: | |
95: | |
96: | |
97: | |
98: | |
99: | public function get_bandwidth_rollover(): int |
100: | { |
101: | deprecated_func('Use bandwidth_rollover'); |
102: | |
103: | return $this->bandwidth_rollover(); |
104: | } |
105: | |
106: | |
107: | |
108: | |
109: | |
110: | |
111: | |
112: | |
113: | |
114: | |
115: | |
116: | public function set_admin_email(string $email): bool |
117: | { |
118: | if ($this->auth_is_demo()) { |
119: | return error("Email may not be changed in demo mode"); |
120: | } |
121: | |
122: | if (!preg_match(Regex::EMAIL, $email)) { |
123: | return error('Invalid e-mail address, ' . $email); |
124: | } |
125: | $oldemail = $this->getConfig('siteinfo', 'email'); |
126: | $pgdb = \PostgreSQL::initialize(); |
127: | $pgdb->query("UPDATE siteinfo SET email = '" . $email . "' WHERE site_id = '" . $this->site_id . "';"); |
128: | |
129: | $this->setConfig('siteinfo', 'email', $email); |
130: | |
131: | $ret = $pgdb->affected_rows() > 0; |
132: | if (!$ret) { |
133: | return false; |
134: | } |
135: | parent::sendNotice('email', [ |
136: | 'email' => $oldemail, |
137: | 'ip' => \Auth::client_ip() |
138: | ]); |
139: | |
140: | return true; |
141: | } |
142: | |
143: | |
144: | |
145: | |
146: | |
147: | |
148: | |
149: | public function kill_user(string $user): bool |
150: | { |
151: | if (!IS_CLI) { |
152: | return $this->query('site_kill_user', $user); |
153: | } |
154: | |
155: | if (!($uid = $this->user_get_uid_from_username($user))) { |
156: | return error("Failed to lookup user `%s'", $user); |
157: | } |
158: | |
159: | if ($uid < \User_Module::MIN_UID) { |
160: | return error("User `%s' is system user", $user); |
161: | } |
162: | |
163: | foreach (Process::matchUser($uid) as $pid) { |
164: | Process::killAs($pid, SIGKILL, $uid); |
165: | } |
166: | |
167: | return true; |
168: | } |
169: | |
170: | |
171: | |
172: | |
173: | |
174: | |
175: | public function get_admin_email(): string |
176: | { |
177: | return $this->getConfig('siteinfo', 'email'); |
178: | } |
179: | |
180: | |
181: | |
182: | |
183: | |
184: | |
185: | |
186: | |
187: | |
188: | |
189: | |
190: | public function ip_address(): string |
191: | { |
192: | $addr = $this->common_get_ip_address() ?: $this->common_get_ip6_address(); |
193: | |
194: | return is_array($addr) ? array_pop($addr) : $addr; |
195: | } |
196: | |
197: | |
198: | |
199: | |
200: | |
201: | |
202: | |
203: | |
204: | |
205: | |
206: | |
207: | |
208: | |
209: | |
210: | |
211: | |
212: | public function get_account_quota(): array |
213: | { |
214: | if (!IS_CLI) { |
215: | return $this->query('site_get_account_quota'); |
216: | } |
217: | return Quota::getGroup($this->group_id); |
218: | } |
219: | |
220: | |
221: | |
222: | |
223: | |
224: | |
225: | |
226: | public function get_port_range(): array |
227: | { |
228: | deprecated_func('Use ssh_port_range()'); |
229: | return $this->ssh_port_range(); |
230: | } |
231: | |
232: | |
233: | |
234: | |
235: | |
236: | |
237: | |
238: | public function wipe($token = '') |
239: | { |
240: | $token = strtolower((string)$token); |
241: | $calctoken = $this->_calculateToken(); |
242: | if (!$token) { |
243: | |
244: | if (defined('AJAX') && AJAX) { |
245: | return $calctoken; |
246: | } |
247: | $msg = 'This is the most nuclear of options. ' . |
248: | "Respond with the following token `%s' to confirm"; |
249: | |
250: | return warn($msg, $calctoken); |
251: | } |
252: | |
253: | if ($token !== $calctoken) { |
254: | $msg = "provided token `%s' does not match confirmation token `%s'"; |
255: | |
256: | return error($msg, $token, $calctoken); |
257: | } |
258: | |
259: | if (!IS_CLI) { |
260: | return $this->query('site_wipe', $token); |
261: | } |
262: | if (!Crm_Module::COPY_ADMIN) { |
263: | return error('Admin reminder address not setup - disallowing account reset'); |
264: | } |
265: | $editor = new Util_Account_Editor($this->getAuthContext()->getAccount()); |
266: | |
267: | $editor->importConfig(); |
268: | $afi = $this->getApnscpFunctionInterceptor(); |
269: | $modules = $afi->list_all_modules(); |
270: | foreach ($modules as $m) { |
271: | $c = $afi->get_class_from_module($m); |
272: | $class = $c::instantiateContexted($this->getAuthContext()); |
273: | $class->_reset($editor); |
274: | } |
275: | $addcmd = $editor->setMode('add')->getCommand(); |
276: | |
277: | |
278: | Mail::send(Crm_Module::COPY_ADMIN, 'Account Wipe', $addcmd); |
279: | $delproc = new Util_Account_Editor($this->getAuthContext()->getAccount()); |
280: | if (!$delproc->delete()) { |
281: | return false; |
282: | } |
283: | $proc = new Util_Process_Schedule('now'); |
284: | $ret = $proc->run($addcmd); |
285: | |
286: | return $ret['success']; |
287: | } |
288: | |
289: | |
290: | |
291: | |
292: | |
293: | |
294: | private function _calculateToken(): string |
295: | { |
296: | |
297: | $inode = fileinode($this->domain_info_path()); |
298: | $hash = hash('crc32', (string)$inode); |
299: | |
300: | return $hash; |
301: | } |
302: | |
303: | |
304: | |
305: | |
306: | |
307: | |
308: | |
309: | public function storage_amnesty(): bool |
310: | { |
311: | return $this->diskquota_amnesty(); |
312: | } |
313: | |
314: | |
315: | |
316: | |
317: | |
318: | |
319: | public function amnesty_active(): bool |
320: | { |
321: | return $this->diskquota_amnesty_active(); |
322: | } |
323: | |
324: | |
325: | |
326: | |
327: | |
328: | |
329: | |
330: | public function hijack(string $user): string |
331: | { |
332: | if ($this->user_exists($user)) { |
333: | if ($user === $this->username) { |
334: | return $this->session_id; |
335: | } |
336: | |
337: | return $this->impersonateRole($this->site, $user); |
338: | } |
339: | |
340: | if (AUTH_SUBORDINATE_SITE_SSO && ($invoice = $this->getServiceValue('billing', 'invoice')) |
341: | && ($siteid = \Auth::get_site_id_from_anything($user))) |
342: | { |
343: | |
344: | |
345: | $site = "site${siteid}"; |
346: | $parent = Map::load(ParentInvoice::MAP_FILE, 'r-')->fetch($site); |
347: | if ($parent === $this->site) { |
348: | return $this->impersonateRole($site); |
349: | } |
350: | } |
351: | |
352: | error("unknown user `%s'", $user); |
353: | |
354: | return $this->session_id; |
355: | } |
356: | |
357: | public function _create() |
358: | { |
359: | return; |
360: | } |
361: | |
362: | public function _delete() |
363: | { |
364: | return; |
365: | } |
366: | |
367: | public function _edit() |
368: | { |
369: | return; |
370: | } |
371: | |
372: | |
373: | |
374: | |
375: | |
376: | |
377: | |
378: | public function _verify_conf(\Opcenter\Service\ConfigurationContext $ctx): bool |
379: | { |
380: | return true; |
381: | } |
382: | |
383: | public function _edit_user(string $userold, string $usernew, array $oldpwd) |
384: | { |
385: | if ($usernew === $userold) { |
386: | return; |
387: | } |
388: | } |
389: | |
390: | public function _create_user(string $user) |
391: | { |
392: | } |
393: | |
394: | public function _delete_user(string $user) |
395: | { |
396: | } |
397: | |
398: | |
399: | } |