diff --git a/bin/v-add-database b/bin/v-add-database index 6c6a539f..d4d79178 100755 --- a/bin/v-add-database +++ b/bin/v-add-database @@ -19,7 +19,7 @@ user=$1 database="$user"_"$2" dbuser="$user"_"$3" -dbpass=$4 +password=$4 type=${5-mysql} host=$6 charset=${7-UTF8} @@ -40,7 +40,7 @@ EVENT="$DATE $TIME $SCRIPT $A1 $A2 $A3 $A4 $A5 $A6 $A7 $A8 $A9" #----------------------------------------------------------# check_args '4' "$#" 'USER DATABASE DBUSER DBPASS [TYPE] [HOST] [CHARSET]' -validate_format 'user' 'database' 'dbuser' 'dbpass' 'charset' +validate_format 'user' 'database' 'dbuser' 'charset' is_system_enabled "$DB_SYSTEM" 'DB_SYSTEM' is_type_valid "$DB_SYSTEM" "$type" is_object_valid 'user' 'USER' "$user" @@ -51,6 +51,8 @@ is_object_valid "../../../conf/$type" 'DBHOST' "$host" is_object_unsuspended "../../../conf/$type" 'DBHOST' "$host" #is_charset_valid is_package_full 'DATABASES' +is_password_valid +dbpass="$password" #----------------------------------------------------------# diff --git a/bin/v-add-database-host b/bin/v-add-database-host index 12cd0f9a..c41d672d 100755 --- a/bin/v-add-database-host +++ b/bin/v-add-database-host @@ -17,7 +17,7 @@ type=$1 host=$2 dbuser=$3 -dbpass=$4 +password=$4 max_db=${6-500} charsets=${7-UTF8,LATIN1,WIN1250,WIN1251,WIN1252,WIN1256,WIN1258,KOI8} template=${8-template1} @@ -29,6 +29,7 @@ source $VESTA/conf/vesta.conf # Hiding password A4='******' +EVENT="$DATE $TIME $SCRIPT $A1 $A2 $A3 $A4 $A5 $A6 $A7 $A8 $A9" #----------------------------------------------------------# @@ -37,10 +38,12 @@ A4='******' args_usage='TYPE HOST DBUSER DBPASS [MAX_DB] [CHARSETS] [TPL]' check_args '4' "$#" "$args_usage" -validate_format 'host' 'dbuser' 'dbpass' 'max_db' 'charsets' 'template' +validate_format 'host' 'dbuser' 'max_db' 'charsets' 'template' is_system_enabled "$DB_SYSTEM" 'DB_SYSTEM' is_type_valid "$DB_SYSTEM" "$type" is_dbhost_new +is_password_valid +dbpass="$password" case $type in mysql) is_mysql_host_alive ;; pgsql) is_pgsql_host_alive ;; diff --git a/bin/v-add-mail-account b/bin/v-add-mail-account index aebc1edd..0897bb16 100755 --- a/bin/v-add-mail-account +++ b/bin/v-add-mail-account @@ -33,7 +33,7 @@ EVENT="$DATE $TIME $SCRIPT $A1 $A2 $A3 $A4 $A5 $A6 $A7 $A8 $A9" #----------------------------------------------------------# check_args '4' "$#" 'USER DOMAIN ACCOUNT PASSWORD [QUOTA]' -validate_format 'user' 'domain' 'account' 'password' 'quota' +validate_format 'user' 'domain' 'account' 'quota' is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" @@ -41,6 +41,7 @@ is_object_valid 'mail' 'DOMAIN' "$domain" is_object_unsuspended 'mail' 'DOMAIN' "$domain" is_package_full 'MAIL_ACCOUNTS' is_mail_new "$account" +is_password_valid #----------------------------------------------------------# diff --git a/bin/v-add-remote-dns-host b/bin/v-add-remote-dns-host index 835f97f3..1ca8b003 100755 --- a/bin/v-add-remote-dns-host +++ b/bin/v-add-remote-dns-host @@ -25,6 +25,7 @@ source $VESTA/conf/vesta.conf # Hiding passwords A4='******' +EVENT="$DATE $TIME $SCRIPT $A1 $A2 $A3 $A4 $A5 $A6 $A7 $A8 $A9" #----------------------------------------------------------# @@ -33,8 +34,9 @@ A4='******' args_usage='HOST PORT USER PASSWORD [TYPE] [DNS_USER]' check_args '4' "$#" "$args_usage" -validate_format 'host' 'port' 'user' 'password' 'type' 'dns_user' +validate_format 'host' 'port' 'user' 'type' 'dns_user' is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM' +is_password_valid is_dnshost_new is_dnshost_alive diff --git a/bin/v-add-user b/bin/v-add-user index 99de6ea7..ec1596f7 100755 --- a/bin/v-add-user +++ b/bin/v-add-user @@ -40,12 +40,12 @@ is_user_free() { #----------------------------------------------------------# check_args '3' "$#" 'USER PASSWORD EMAIL [PACKAGE] [FNAME] [LNAME]' -validate_format 'user' 'password' 'email' 'package' +validate_format 'user' 'email' 'package' if [ ! -z "$fname" ]; then validate_format 'fname' 'lname' fi - is_user_free "$user" +is_password_valid is_package_valid diff --git a/bin/v-add-web-domain-ftp b/bin/v-add-web-domain-ftp index be10e90b..5626e7ac 100755 --- a/bin/v-add-web-domain-ftp +++ b/bin/v-add-web-domain-ftp @@ -14,7 +14,7 @@ user=$1 domain=$(idn -t --quiet -u "$2" ) domain_idn=$(idn -t --quiet -a "$domain") ftp_user=${1}_${3} -ftp_password=$4 +password=$4 ftp_path=$5 # Includes @@ -32,7 +32,7 @@ EVENT="$DATE $TIME $SCRIPT $A1 $A2 $A3 $A4 $A5 $A6 $A7 $A8 $A9" #----------------------------------------------------------# check_args '4' "$#" 'USER DOMAIN FTP_USER FTP_PASSWORD [FTP_PATH]' -validate_format 'user' 'domain' 'ftp_user' 'ftp_password' +validate_format 'user' 'domain' 'ftp_user' is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" @@ -44,6 +44,7 @@ if [ ! -z "$check_ftp_user" ] && [ "$FTP_USER" != "$ftp_user" ]; then log_event "$E_EXISTS" "$EVENT" exit $E_EXISTS fi +is_password_valid #----------------------------------------------------------# @@ -90,7 +91,7 @@ fi -M -d "$ftp_path_a" > /dev/null 2>&1 # Set ftp user password -echo "$ftp_user:$ftp_password" | /usr/sbin/chpasswd +echo "$ftp_user:$password" | /usr/sbin/chpasswd ftp_md5=$(awk -v user=$ftp_user -F : 'user == $1 {print $2}' /etc/shadow) diff --git a/bin/v-add-web-domain-stats-user b/bin/v-add-web-domain-stats-user index 423ff713..9d4b766b 100755 --- a/bin/v-add-web-domain-stats-user +++ b/bin/v-add-web-domain-stats-user @@ -13,7 +13,7 @@ user=$1 domain=$(idn -t --quiet -u "$2" ) stats_user=$3 -stats_pass=$4 +password=$4 # Includes source $VESTA/func/main.sh @@ -30,12 +30,13 @@ EVENT="$DATE $TIME $SCRIPT $A1 $A2 $A3 $A4 $A5 $A6 $A7 $A8 $A9" #----------------------------------------------------------# check_args '4' "$#" 'USER DOMAIN STATS_USER STATS_PASS' -validate_format 'user' 'domain' 'stats_user' 'stats_pass' +validate_format 'user' 'domain' 'stats_user' is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" is_object_valid 'web' 'DOMAIN' "$domain" is_object_unsuspended 'web' 'DOMAIN' "$domain" +is_password_valid #----------------------------------------------------------# @@ -53,7 +54,7 @@ Require valid-user" > $stats_dir/.htaccess # Generating htaccess user and password rm -f $stats_dir/.htpasswd -htpasswd -bc $stats_dir/.htpasswd "$stats_user" "$stats_pass" &>/dev/null +htpasswd -bc $stats_dir/.htpasswd "$stats_user" "$password" &>/dev/null stats_crypt=$(grep $stats_user: $stats_dir/.htpasswd |cut -f 2 -d :) #----------------------------------------------------------# diff --git a/bin/v-change-database-owner b/bin/v-change-database-owner index 660edf3d..3eb207c0 100755 --- a/bin/v-change-database-owner +++ b/bin/v-change-database-owner @@ -1,5 +1,5 @@ #!/bin/bash -# info: change database password +# info: change database owner # options: DATABASE USER # # The function for changing database owner. diff --git a/bin/v-change-database-password b/bin/v-change-database-password index 2272d8f6..15279190 100755 --- a/bin/v-change-database-password +++ b/bin/v-change-database-password @@ -13,7 +13,7 @@ # Argument defenition user=$1 database=$2 -dbpass=$3 +password=$3 # Includes source $VESTA/func/main.sh @@ -30,13 +30,14 @@ EVENT="$DATE $TIME $SCRIPT $A1 $A2 $A3 $A4 $A5 $A6 $A7 $A8 $A9" #----------------------------------------------------------# check_args '3' "$#" 'USER DATABASE DBPASS' -validate_format 'user' 'database' 'dbpass' +validate_format 'user' 'database' is_system_enabled "$DB_SYSTEM" 'DB_SYSTEM' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" is_object_valid 'db' 'DB' "$database" is_object_unsuspended 'db' 'DB' "$database" - +is_password_valid +dbpass="$password" #----------------------------------------------------------# # Action # diff --git a/bin/v-change-database-user b/bin/v-change-database-user index 8b859d23..90262d45 100755 --- a/bin/v-change-database-user +++ b/bin/v-change-database-user @@ -13,7 +13,7 @@ user=$1 database=$2 dbuser="$user"_"$3" -dbpass=$4 +password=$4 # Includes source $VESTA/func/main.sh @@ -32,14 +32,18 @@ EVENT="$DATE $TIME $SCRIPT $A1 $A2 $A3 $A4 $A5 $A6 $A7 $A8 $A9" check_args '3' "$#" 'USER DATABASE DBUSER [DBPASS]' validate_format 'user' 'database' 'dbuser' -if [ ! -z "$dbpass" ]; then - validate_format 'dbpass' -fi is_system_enabled "$DB_SYSTEM" 'DB_SYSTEM' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" is_object_valid 'db' 'DB' "$database" is_object_unsuspended 'db' 'DB' "$database" +is_password_valid +dbpass="$password" + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# # Compare old and new user old_dbuser=$(get_object_value 'db' 'DB' "$database" '$DBUSER') @@ -47,11 +51,6 @@ if [ "$old_dbuser" = "$dbuser" ]; then exit fi - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - # Set new dbuser update_object_value 'db' 'DB' "$database" '$DBUSER' "$dbuser" diff --git a/bin/v-change-mail-account-password b/bin/v-change-mail-account-password index 896e5539..e7a76987 100755 --- a/bin/v-change-mail-account-password +++ b/bin/v-change-mail-account-password @@ -32,7 +32,7 @@ EVENT="$DATE $TIME $SCRIPT $A1 $A2 $A3 $A4 $A5 $A6 $A7 $A8 $A9" #----------------------------------------------------------# check_args '4' "$#" 'USER DOMAIN ACCOUNT PASSWORD' -validate_format 'user' 'domain' 'account' 'password' +validate_format 'user' 'domain' 'account' is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" @@ -40,6 +40,7 @@ is_object_valid 'mail' 'DOMAIN' "$domain" is_object_unsuspended 'mail' 'DOMAIN' "$domain" is_object_valid "mail/$domain" 'ACCOUNT' "$account" is_object_unsuspended "mail/$domain" 'ACCOUNT' "$account" +is_password_valid #----------------------------------------------------------# diff --git a/bin/v-change-user-password b/bin/v-change-user-password index 71332f57..903224d7 100755 --- a/bin/v-change-user-password +++ b/bin/v-change-user-password @@ -27,9 +27,10 @@ EVENT="$DATE $TIME $SCRIPT $A1 $A2 $A3 $A4 $A5 $A6 $A7 $A8 $A9" #----------------------------------------------------------# check_args '2' "$#" 'USER PASSWORD' -validate_format 'user' 'password' +validate_format 'user' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" +is_password_valid #----------------------------------------------------------# diff --git a/bin/v-change-web-domain-ftp-password b/bin/v-change-web-domain-ftp-password index c4cd90f9..e01b250f 100755 --- a/bin/v-change-web-domain-ftp-password +++ b/bin/v-change-web-domain-ftp-password @@ -14,25 +14,30 @@ user=$1 domain=$(idn -t --quiet -u "$2" ) domain_idn=$(idn -t --quiet -a "$domain") ftp_user=$3 -ftp_password=$4 +password=$4 # Includes source $VESTA/func/main.sh source $VESTA/func/domain.sh source $VESTA/conf/vesta.conf +# Hiding password +A4="******" +EVENT="$DATE $TIME $SCRIPT $A1 $A2 $A3 $A4 $A5 $A6 $A7 $A8 $A9" + #----------------------------------------------------------# # Verifications # #----------------------------------------------------------# check_args '4' "$#" 'USER DOMAIN FTP_USER FTP_PASSWORD' -validate_format 'user' 'domain' 'ftp_user' 'ftp_password' +validate_format 'user' 'domain' 'ftp_user' is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" is_object_valid 'web' 'DOMAIN' "$domain" is_object_unsuspended 'web' 'DOMAIN' "$domain" +is_password_valid get_domain_values 'web' if [ -z "$(echo $FTP_USER | tr ':' '\n' | grep ^$ftp_user$)" ]; then echo "Error: account $ftp_user doesn't exist" @@ -46,7 +51,7 @@ fi #----------------------------------------------------------# # Changing ftp user password -echo "$ftp_user:$ftp_password" | /usr/sbin/chpasswd +echo "$ftp_user:$password" | /usr/sbin/chpasswd ftp_md5=$(awk -v user=$ftp_user -F : 'user == $1 {print $2}' /etc/shadow) diff --git a/bin/v-check-user-password b/bin/v-check-user-password new file mode 100755 index 00000000..2f3b48d2 --- /dev/null +++ b/bin/v-check-user-password @@ -0,0 +1,94 @@ +#!/bin/bash +# info: check user password +# options: USER PASSWORD [IP] +# +# The function verifies user password from file + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument defenition +user=$1 +password=$2 +ip=${3-127.0.0.1} + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '2' "$#" 'USER PASSWORD' +validate_format 'user' + +# Checking user +if [ ! -d "$VESTA/data/users/$user" ] && [ "$user" != 'root' ]; then + echo "Error: password missmatch" + echo "$DATE $user $ip failed to login" >> $VESTA/log/auth.log + exit 9 +fi + +# Checking user password +is_password_valid + +# Checking empty password +if [[ -z "$password" ]]; then + echo "Error: password missmatch" + echo "$DATE $user $ip failed to login" >> $VESTA/log/auth.log + exit 9 +fi + +# Checking mkpasswd command +which mkpasswd >/dev/null 2>&1 +if [ $? -ne 0 ]; then + # Activating fallback procedure + if [ -e "/usr/bin/yum" ]; then + yum install -y expect >/dev/null 2>&1 + else + apt-get install -y expect >/dev/null 2>&1 + fi +fi + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Parsing user's salt +salt=$(grep "^$user:" /etc/shadow |cut -f 3 -d \$) +if [[ -z "$salt" ]] || [[ "${#salt}" -gt 8 ]]; then + echo "Error: password missmatch" + echo "$DATE $user $ip failed to login" >> $VESTA/log/auth.log + exit 9 +fi + +# Generating SHA-512 +hash=$(mkpasswd -m sha-512 -S $salt -s <<< $password) +if [[ -z "$hash" ]]; then + echo "Error: password missmatch" + echo "$DATE $user $ip failed to login" >> $VESTA/log/auth.log + exit 9 +fi + +# Checking hash +result=$(grep "^$user:$hash:" /etc/shadow 2>/dev/null) +if [[ -z "$result" ]]; then + echo "Error: password missmatch" + echo "$DATE $user $ip failed to login" >> $VESTA/log/auth.log + exit 9 +fi + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +echo "$DATE $user $ip successfully logged in" >> $VESTA/log/auth.log + +exit diff --git a/func/main.sh b/func/main.sh index 9cfdc608..e8506e81 100644 --- a/func/main.sh +++ b/func/main.sh @@ -273,6 +273,15 @@ is_object_value_exist() { fi } +# Check if password is transmitted via file +is_password_valid() { + if [[ "$password" =~ ^/tmp/ ]]; then + if [ -f "$password" ]; then + password=$(head -n1 $password) + fi + fi +} + # Get object value get_object_value() { object=$(grep "$2='$3'" $USER_DATA/$1.conf)