github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-19 13:01:52 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

password transmission via tmp files

Browse source
This commit is contained in:
Serghey Rodin 2015-03-29 12:39:42 +03:00
commit 1bcdef615c
15 changed files with 152 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

6
bin/v-add-database
View file

@ -19,7 +19,7 @@
user=$1 user=$1
database="$user"_"$2" database="$user"_"$2"
dbuser="$user"_"$3" dbuser="$user"_"$3"
dbpass=$4 password=$4
type=${5-mysql} type=${5-mysql}
host=$6 host=$6
charset=${7-UTF8} charset=${7-UTF8}
@ -40,7 +40,7 @@ EVENT="$DATE $TIME $SCRIPT $A1 $A2 $A3 $A4 $A5 $A6 $A7 $A8 $A9"
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '4' "$#" 'USER DATABASE DBUSER DBPASS [TYPE] [HOST] [CHARSET]' check_args '4' "$#" 'USER DATABASE DBUSER DBPASS [TYPE] [HOST] [CHARSET]'
validate_format 'user' 'database' 'dbuser' 'dbpass' 'charset' validate_format 'user' 'database' 'dbuser' 'charset'
is_system_enabled "$DB_SYSTEM" 'DB_SYSTEM' is_system_enabled "$DB_SYSTEM" 'DB_SYSTEM'
is_type_valid "$DB_SYSTEM" "$type" is_type_valid "$DB_SYSTEM" "$type"
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
@ -51,6 +51,8 @@ is_object_valid "../../../conf/$type" 'DBHOST' "$host"
is_object_unsuspended "../../../conf/$type" 'DBHOST' "$host" is_object_unsuspended "../../../conf/$type" 'DBHOST' "$host"
#is_charset_valid #is_charset_valid
is_package_full 'DATABASES' is_package_full 'DATABASES'
is_password_valid
dbpass="$password"
#----------------------------------------------------------# #----------------------------------------------------------#

7
bin/v-add-database-host
View file

@ -17,7 +17,7 @@
type=$1 type=$1
host=$2 host=$2
dbuser=$3 dbuser=$3
dbpass=$4 password=$4
max_db=${6-500} max_db=${6-500}
charsets=${7-UTF8,LATIN1,WIN1250,WIN1251,WIN1252,WIN1256,WIN1258,KOI8} charsets=${7-UTF8,LATIN1,WIN1250,WIN1251,WIN1252,WIN1256,WIN1258,KOI8}
template=${8-template1} template=${8-template1}
@ -29,6 +29,7 @@ source $VESTA/conf/vesta.conf
# Hiding password # Hiding password
A4='******' A4='******'
EVENT="$DATE $TIME $SCRIPT $A1 $A2 $A3 $A4 $A5 $A6 $A7 $A8 $A9"
#----------------------------------------------------------# #----------------------------------------------------------#
@ -37,10 +38,12 @@ A4='******'
args_usage='TYPE HOST DBUSER DBPASS [MAX_DB] [CHARSETS] [TPL]' args_usage='TYPE HOST DBUSER DBPASS [MAX_DB] [CHARSETS] [TPL]'
check_args '4' "$#" "$args_usage" check_args '4' "$#" "$args_usage"
validate_format 'host' 'dbuser' 'dbpass' 'max_db' 'charsets' 'template' validate_format 'host' 'dbuser' 'max_db' 'charsets' 'template'
is_system_enabled "$DB_SYSTEM" 'DB_SYSTEM' is_system_enabled "$DB_SYSTEM" 'DB_SYSTEM'
is_type_valid "$DB_SYSTEM" "$type" is_type_valid "$DB_SYSTEM" "$type"
is_dbhost_new is_dbhost_new
is_password_valid
dbpass="$password"
case $type in case $type in
mysql) is_mysql_host_alive ;; mysql) is_mysql_host_alive ;;
pgsql) is_pgsql_host_alive ;; pgsql) is_pgsql_host_alive ;;

3
bin/v-add-mail-account
View file

@ -33,7 +33,7 @@ EVENT="$DATE $TIME $SCRIPT $A1 $A2 $A3 $A4 $A5 $A6 $A7 $A8 $A9"
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '4' "$#" 'USER DOMAIN ACCOUNT PASSWORD [QUOTA]' check_args '4' "$#" 'USER DOMAIN ACCOUNT PASSWORD [QUOTA]'
validate_format 'user' 'domain' 'account' 'password' 'quota' validate_format 'user' 'domain' 'account' 'quota'
is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM' is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user"
@ -41,6 +41,7 @@ is_object_valid 'mail' 'DOMAIN' "$domain"
is_object_unsuspended 'mail' 'DOMAIN' "$domain" is_object_unsuspended 'mail' 'DOMAIN' "$domain"
is_package_full 'MAIL_ACCOUNTS' is_package_full 'MAIL_ACCOUNTS'
is_mail_new "$account" is_mail_new "$account"
is_password_valid
#----------------------------------------------------------# #----------------------------------------------------------#

4
bin/v-add-remote-dns-host
View file

@ -25,6 +25,7 @@ source $VESTA/conf/vesta.conf
# Hiding passwords # Hiding passwords
A4='******' A4='******'
EVENT="$DATE $TIME $SCRIPT $A1 $A2 $A3 $A4 $A5 $A6 $A7 $A8 $A9"
#----------------------------------------------------------# #----------------------------------------------------------#
@ -33,8 +34,9 @@ A4='******'
args_usage='HOST PORT USER PASSWORD [TYPE] [DNS_USER]' args_usage='HOST PORT USER PASSWORD [TYPE] [DNS_USER]'
check_args '4' "$#" "$args_usage" check_args '4' "$#" "$args_usage"
validate_format 'host' 'port' 'user' 'password' 'type' 'dns_user' validate_format 'host' 'port' 'user' 'type' 'dns_user'
is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM' is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM'
is_password_valid
is_dnshost_new is_dnshost_new
is_dnshost_alive is_dnshost_alive

4
bin/v-add-user
View file

@ -40,12 +40,12 @@ is_user_free() {
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '3' "$#" 'USER PASSWORD EMAIL [PACKAGE] [FNAME] [LNAME]' check_args '3' "$#" 'USER PASSWORD EMAIL [PACKAGE] [FNAME] [LNAME]'
validate_format 'user' 'password' 'email' 'package' validate_format 'user' 'email' 'package'
if [ ! -z "$fname" ]; then if [ ! -z "$fname" ]; then
validate_format 'fname' 'lname' validate_format 'fname' 'lname'
fi fi
is_user_free "$user" is_user_free "$user"
is_password_valid
is_package_valid is_package_valid

7
bin/v-add-web-domain-ftp
View file

@ -14,7 +14,7 @@ user=$1
domain=$(idn -t --quiet -u "$2" ) domain=$(idn -t --quiet -u "$2" )
domain_idn=$(idn -t --quiet -a "$domain") domain_idn=$(idn -t --quiet -a "$domain")
ftp_user=${1}_${3} ftp_user=${1}_${3}
ftp_password=$4 password=$4
ftp_path=$5 ftp_path=$5
# Includes # Includes
@ -32,7 +32,7 @@ EVENT="$DATE $TIME $SCRIPT $A1 $A2 $A3 $A4 $A5 $A6 $A7 $A8 $A9"
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '4' "$#" 'USER DOMAIN FTP_USER FTP_PASSWORD [FTP_PATH]' check_args '4' "$#" 'USER DOMAIN FTP_USER FTP_PASSWORD [FTP_PATH]'
validate_format 'user' 'domain' 'ftp_user' 'ftp_password' validate_format 'user' 'domain' 'ftp_user'
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user"
@ -44,6 +44,7 @@ if [ ! -z "$check_ftp_user" ] && [ "$FTP_USER" != "$ftp_user" ]; then
log_event "$E_EXISTS" "$EVENT" log_event "$E_EXISTS" "$EVENT"
exit $E_EXISTS exit $E_EXISTS
fi fi
is_password_valid
#----------------------------------------------------------# #----------------------------------------------------------#
@ -90,7 +91,7 @@ fi
-M -d "$ftp_path_a" > /dev/null 2>&1 -M -d "$ftp_path_a" > /dev/null 2>&1
# Set ftp user password # Set ftp user password
echo "$ftp_user:$ftp_password" | /usr/sbin/chpasswd echo "$ftp_user:$password" | /usr/sbin/chpasswd
ftp_md5=$(awk -v user=$ftp_user -F : 'user == $1 {print $2}' /etc/shadow) ftp_md5=$(awk -v user=$ftp_user -F : 'user == $1 {print $2}' /etc/shadow)

7
bin/v-add-web-domain-stats-user
View file

@ -13,7 +13,7 @@
user=$1 user=$1
domain=$(idn -t --quiet -u "$2" ) domain=$(idn -t --quiet -u "$2" )
stats_user=$3 stats_user=$3
stats_pass=$4 password=$4
# Includes # Includes
source $VESTA/func/main.sh source $VESTA/func/main.sh
@ -30,12 +30,13 @@ EVENT="$DATE $TIME $SCRIPT $A1 $A2 $A3 $A4 $A5 $A6 $A7 $A8 $A9"
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '4' "$#" 'USER DOMAIN STATS_USER STATS_PASS' check_args '4' "$#" 'USER DOMAIN STATS_USER STATS_PASS'
validate_format 'user' 'domain' 'stats_user' 'stats_pass' validate_format 'user' 'domain' 'stats_user'
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user"
is_object_valid 'web' 'DOMAIN' "$domain" is_object_valid 'web' 'DOMAIN' "$domain"
is_object_unsuspended 'web' 'DOMAIN' "$domain" is_object_unsuspended 'web' 'DOMAIN' "$domain"
is_password_valid
#----------------------------------------------------------# #----------------------------------------------------------#
@ -53,7 +54,7 @@ Require valid-user" > $stats_dir/.htaccess
# Generating htaccess user and password # Generating htaccess user and password
rm -f $stats_dir/.htpasswd rm -f $stats_dir/.htpasswd
htpasswd -bc $stats_dir/.htpasswd "$stats_user" "$stats_pass" &>/dev/null htpasswd -bc $stats_dir/.htpasswd "$stats_user" "$password" &>/dev/null
stats_crypt=$(grep $stats_user: $stats_dir/.htpasswd |cut -f 2 -d :) stats_crypt=$(grep $stats_user: $stats_dir/.htpasswd |cut -f 2 -d :)
#----------------------------------------------------------# #----------------------------------------------------------#

2
bin/v-change-database-owner
View file

@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
# info: change database password # info: change database owner
# options: DATABASE USER # options: DATABASE USER
# #
# The function for changing database owner. # The function for changing database owner.

7
bin/v-change-database-password
View file

@ -13,7 +13,7 @@
# Argument defenition # Argument defenition
user=$1 user=$1
database=$2 database=$2
dbpass=$3 password=$3
# Includes # Includes
source $VESTA/func/main.sh source $VESTA/func/main.sh
@ -30,13 +30,14 @@ EVENT="$DATE $TIME $SCRIPT $A1 $A2 $A3 $A4 $A5 $A6 $A7 $A8 $A9"
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '3' "$#" 'USER DATABASE DBPASS' check_args '3' "$#" 'USER DATABASE DBPASS'
validate_format 'user' 'database' 'dbpass' validate_format 'user' 'database'
is_system_enabled "$DB_SYSTEM" 'DB_SYSTEM' is_system_enabled "$DB_SYSTEM" 'DB_SYSTEM'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user"
is_object_valid 'db' 'DB' "$database" is_object_valid 'db' 'DB' "$database"
is_object_unsuspended 'db' 'DB' "$database" is_object_unsuspended 'db' 'DB' "$database"
is_password_valid
dbpass="$password"
#----------------------------------------------------------# #----------------------------------------------------------#
# Action # # Action #

17
bin/v-change-database-user
View file

@ -13,7 +13,7 @@
user=$1 user=$1
database=$2 database=$2
dbuser="$user"_"$3" dbuser="$user"_"$3"
dbpass=$4 password=$4
# Includes # Includes
source $VESTA/func/main.sh source $VESTA/func/main.sh
@ -32,14 +32,18 @@ EVENT="$DATE $TIME $SCRIPT $A1 $A2 $A3 $A4 $A5 $A6 $A7 $A8 $A9"
check_args '3' "$#" 'USER DATABASE DBUSER [DBPASS]' check_args '3' "$#" 'USER DATABASE DBUSER [DBPASS]'
validate_format 'user' 'database' 'dbuser' validate_format 'user' 'database' 'dbuser'
if [ ! -z "$dbpass" ]; then
validate_format 'dbpass'
fi
is_system_enabled "$DB_SYSTEM" 'DB_SYSTEM' is_system_enabled "$DB_SYSTEM" 'DB_SYSTEM'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user"
is_object_valid 'db' 'DB' "$database" is_object_valid 'db' 'DB' "$database"
is_object_unsuspended 'db' 'DB' "$database" is_object_unsuspended 'db' 'DB' "$database"
is_password_valid
dbpass="$password"
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Compare old and new user # Compare old and new user
old_dbuser=$(get_object_value 'db' 'DB' "$database" '$DBUSER') old_dbuser=$(get_object_value 'db' 'DB' "$database" '$DBUSER')
@ -47,11 +51,6 @@ if [ "$old_dbuser" = "$dbuser" ]; then
exit exit
fi fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Set new dbuser # Set new dbuser
update_object_value 'db' 'DB' "$database" '$DBUSER' "$dbuser" update_object_value 'db' 'DB' "$database" '$DBUSER' "$dbuser"

3
bin/v-change-mail-account-password
View file

@ -32,7 +32,7 @@ EVENT="$DATE $TIME $SCRIPT $A1 $A2 $A3 $A4 $A5 $A6 $A7 $A8 $A9"
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '4' "$#" 'USER DOMAIN ACCOUNT PASSWORD' check_args '4' "$#" 'USER DOMAIN ACCOUNT PASSWORD'
validate_format 'user' 'domain' 'account' 'password' validate_format 'user' 'domain' 'account'
is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM' is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user"
@ -40,6 +40,7 @@ is_object_valid 'mail' 'DOMAIN' "$domain"
is_object_unsuspended 'mail' 'DOMAIN' "$domain" is_object_unsuspended 'mail' 'DOMAIN' "$domain"
is_object_valid "mail/$domain" 'ACCOUNT' "$account" is_object_valid "mail/$domain" 'ACCOUNT' "$account"
is_object_unsuspended "mail/$domain" 'ACCOUNT' "$account" is_object_unsuspended "mail/$domain" 'ACCOUNT' "$account"
is_password_valid
#----------------------------------------------------------# #----------------------------------------------------------#

3
bin/v-change-user-password
View file

@ -27,9 +27,10 @@ EVENT="$DATE $TIME $SCRIPT $A1 $A2 $A3 $A4 $A5 $A6 $A7 $A8 $A9"
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '2' "$#" 'USER PASSWORD' check_args '2' "$#" 'USER PASSWORD'
validate_format 'user' 'password' validate_format 'user'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user"
is_password_valid
#----------------------------------------------------------# #----------------------------------------------------------#

11
bin/v-change-web-domain-ftp-password
View file

@ -14,25 +14,30 @@ user=$1
domain=$(idn -t --quiet -u "$2" ) domain=$(idn -t --quiet -u "$2" )
domain_idn=$(idn -t --quiet -a "$domain") domain_idn=$(idn -t --quiet -a "$domain")
ftp_user=$3 ftp_user=$3
ftp_password=$4 password=$4
# Includes # Includes
source $VESTA/func/main.sh source $VESTA/func/main.sh
source $VESTA/func/domain.sh source $VESTA/func/domain.sh
source $VESTA/conf/vesta.conf source $VESTA/conf/vesta.conf
# Hiding password
A4="******"
EVENT="$DATE $TIME $SCRIPT $A1 $A2 $A3 $A4 $A5 $A6 $A7 $A8 $A9"
#----------------------------------------------------------# #----------------------------------------------------------#
# Verifications # # Verifications #
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '4' "$#" 'USER DOMAIN FTP_USER FTP_PASSWORD' check_args '4' "$#" 'USER DOMAIN FTP_USER FTP_PASSWORD'
validate_format 'user' 'domain' 'ftp_user' 'ftp_password' validate_format 'user' 'domain' 'ftp_user'
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user"
is_object_valid 'web' 'DOMAIN' "$domain" is_object_valid 'web' 'DOMAIN' "$domain"
is_object_unsuspended 'web' 'DOMAIN' "$domain" is_object_unsuspended 'web' 'DOMAIN' "$domain"
is_password_valid
get_domain_values 'web' get_domain_values 'web'
if [ -z "$(echo $FTP_USER | tr ':' '\n' | grep ^$ftp_user$)" ]; then if [ -z "$(echo $FTP_USER | tr ':' '\n' | grep ^$ftp_user$)" ]; then
echo "Error: account $ftp_user doesn't exist" echo "Error: account $ftp_user doesn't exist"
@ -46,7 +51,7 @@ fi
#----------------------------------------------------------# #----------------------------------------------------------#
# Changing ftp user password # Changing ftp user password
echo "$ftp_user:$ftp_password" | /usr/sbin/chpasswd echo "$ftp_user:$password" | /usr/sbin/chpasswd
ftp_md5=$(awk -v user=$ftp_user -F : 'user == $1 {print $2}' /etc/shadow) ftp_md5=$(awk -v user=$ftp_user -F : 'user == $1 {print $2}' /etc/shadow)

94
bin/v-check-user-password Executable file
View file

@ -0,0 +1,94 @@
#!/bin/bash
# info: check user password
# options: USER PASSWORD [IP]
#
# The function verifies user password from file
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument defenition
user=$1
password=$2
ip=${3-127.0.0.1}
# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '2' "$#" 'USER PASSWORD'
validate_format 'user'
# Checking user
if [ ! -d "$VESTA/data/users/$user" ] && [ "$user" != 'root' ]; then
echo "Error: password missmatch"
echo "$DATE $user $ip failed to login" >> $VESTA/log/auth.log
exit 9
fi
# Checking user password
is_password_valid
# Checking empty password
if [[ -z "$password" ]]; then
echo "Error: password missmatch"
echo "$DATE $user $ip failed to login" >> $VESTA/log/auth.log
exit 9
fi
# Checking mkpasswd command
which mkpasswd >/dev/null 2>&1
if [ $? -ne 0 ]; then
# Activating fallback procedure
if [ -e "/usr/bin/yum" ]; then
yum install -y expect >/dev/null 2>&1
else
apt-get install -y expect >/dev/null 2>&1
fi
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Parsing user's salt
salt=$(grep "^$user:" /etc/shadow |cut -f 3 -d \$)
if [[ -z "$salt" ]] || [[ "${#salt}" -gt 8 ]]; then
echo "Error: password missmatch"
echo "$DATE $user $ip failed to login" >> $VESTA/log/auth.log
exit 9
fi
# Generating SHA-512
hash=$(mkpasswd -m sha-512 -S $salt -s <<< $password)
if [[ -z "$hash" ]]; then
echo "Error: password missmatch"
echo "$DATE $user $ip failed to login" >> $VESTA/log/auth.log
exit 9
fi
# Checking hash
result=$(grep "^$user:$hash:" /etc/shadow 2>/dev/null)
if [[ -z "$result" ]]; then
echo "Error: password missmatch"
echo "$DATE $user $ip failed to login" >> $VESTA/log/auth.log
exit 9
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
echo "$DATE $user $ip successfully logged in" >> $VESTA/log/auth.log
exit

9
func/main.sh
View file

@ -273,6 +273,15 @@ is_object_value_exist() {
fi fi
} }
# Check if password is transmitted via file
is_password_valid() {
if [[ "$password" =~ ^/tmp/ ]]; then
if [ -f "$password" ]; then
password=$(head -n1 $password)
fi
fi
}
# Get object value # Get object value
get_object_value() { get_object_value() {
object=$(grep "$2='$3'" $USER_DATA/$1.conf) object=$(grep "$2='$3'" $USER_DATA/$1.conf)