diff --git a/bin/v-add-web-domain-httpauth b/bin/v-add-web-domain-httpauth new file mode 100755 index 00000000..631bc3a3 --- /dev/null +++ b/bin/v-add-web-domain-httpauth @@ -0,0 +1,108 @@ +#!/bin/bash +# info: add password protection for web domain +# options: USER DOMAIN AUTH_USER AUTH_PASSWORD [RESTART] +# +# The call is used for securing web domain with http auth + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument defenition +user=$1 +domain=$2 +auth_user=$3 +password=$4 +restart=${5-yes} + +# Includes +source $VESTA/func/main.sh +source $VESTA/func/domain.sh +source $VESTA/conf/vesta.conf + +# Hiding password +A4='******' +EVENT="$DATE $TIME $SCRIPT $A1 $A2 $A3 $A4 $A5 $A6 $A7 $A8 $A9" + +# Definining htpasswd file +htaccess="$HOMEDIR/$user/conf/web/$WEB_SYSTEM.$domain.conf_htaccess" +htpasswd="$HOMEDIR/$user/conf/web/$WEB_SYSTEM.$domain.htpasswd" +docroot="$HOMEDIR/$user/web/$domain/public_html" + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '4' "$#" 'USER DOMAIN AUTH_USER AUTH_PASSWORD [RESTART]' +validate_format 'user' 'domain' +is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" +is_object_valid 'web' 'DOMAIN' "$domain" +is_object_unsuspended 'web' 'DOMAIN' "$domain" +is_password_valid +get_domain_values 'web' +if [ ! -z "$(echo "$AUTH_USER" |tr : '\n' |grep ^$auth_user$)" ]; then + echo "Error: auth user $auth_user already exists" + log_event "$E_EXISTS" "$EVENT" + exit $E_EXISTS +fi + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Adding htaccess password protection +if [ ! -e "$htaccess" ]; then + if [ "$WEB_SYSTEM" != 'nginx' ]; then + echo "" > $htaccess + echo " AuthUserFile $htpasswd" >> $htaccess + echo " AuthName \"$domain access\"" >> $htaccess + echo " AuthType Basic" >> $htaccess + echo " Require valid-user" >> $htaccess + echo "" >> $htaccess + else + echo "auth_basic \"$domain password access\";" > $htaccess + echo "auth_basic_user_file $htpasswd;" >> $htaccess + fi + restart_required='yes' +fi + +# Adding httpasswd user +auth_hash=$($BIN/v-generate-password-hash htpasswd htpasswd $password) +touch $htpasswd +sed -i "/^$auth_user:/d" $htpasswd +echo "$auth_user:$auth_hash" >> $htpasswd + +# Restarting web server +if [ "$restart" != 'no' ] && [ "$restart_required" = 'yes' ]; then + $BIN/v-restart-web +fi + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Preparing web.conf keys +if [ ! -z "$AUTH_USER" ]; then + auth_user="$AUTH_USER:$auth_user" + auth_hash="$AUTH_HASH:$auth_hash" +else + # Adding new key into web.conf + add_object_key "web" 'DOMAIN' "$domain" 'AUTH_USER' 'U_DISK' + add_object_key "web" 'DOMAIN' "$domain" 'AUTH_HASH' 'U_DISK' +fi + +# Updating config +update_object_value 'web' 'DOMAIN' "$domain" '$AUTH_USER' "$auth_user" +update_object_value 'web' 'DOMAIN' "$domain" '$AUTH_HASH' "$auth_hash" + +# Logging +log_history "added http auth user $httpauth_user on $domain" +log_event "$OK" "$EVENT" + +exit diff --git a/bin/v-change-web-domain-httpauth b/bin/v-change-web-domain-httpauth new file mode 100755 index 00000000..00deee1e --- /dev/null +++ b/bin/v-change-web-domain-httpauth @@ -0,0 +1,80 @@ +#!/bin/bash +# info: change password for http auth user +# options: USER DOMAIN AUTH_USER AUTH_PASSWORD +# +# The call is used for chaning http auth user password + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument defenition +user=$1 +domain=$2 +auth_user=$3 +password=$4 + +# Includes +source $VESTA/func/main.sh +source $VESTA/func/domain.sh +source $VESTA/conf/vesta.conf + +# Hiding password +A4='******' +EVENT="$DATE $TIME $SCRIPT $A1 $A2 $A3 $A4 $A5 $A6 $A7 $A8 $A9" + +# Definining htpasswd file +htpasswd="$HOMEDIR/$user/conf/web/$WEB_SYSTEM.$domain.htpasswd" + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '4' "$#" 'USER DOMAIN AUTH_USER AUTH_PASSWORD [RESTART]' +validate_format 'user' 'domain' +is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" +is_object_valid 'web' 'DOMAIN' "$domain" +is_object_unsuspended 'web' 'DOMAIN' "$domain" +is_password_valid +get_domain_values 'web' +if [ -z "$(echo "$AUTH_USER" |tr : '\n' |grep ^$auth_user$)" ]; then + echo "Error: auth user $auth_user doesn't exist" + log_event "$E_NOTEXIST" "$EVENT" + exit $E_NOTEXIST +fi + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Adding httpasswd user +auth_hash=$($BIN/v-generate-password-hash htpasswd htpasswd $password) +touch $htpasswd +sed -i "/^$auth_user:/d" $htpasswd +echo "$auth_user:$auth_hash" >> $htpasswd + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Rebuilding AUTH_HASH variable +position=$(echo $AUTH_USER |tr ':' '\n' |grep -n '' |grep ":$auth_user$" |\ + cut -f 1 -d:) +auth_hash=$(echo $AUTH_HASH |tr ':' '\n' |grep -n '' |\ + sed -e "s%^$position:.*%$position:$auth_hash%" |\ + cut -f 2 -d :| sed -e "/^$/d"| sed -e ':a;N;$!ba;s/\n/:/g') + +# Updating config +update_object_value 'web' 'DOMAIN' "$domain" '$AUTH_HASH' "$auth_hash" + +# Logging +log_history "changed auth user $httpauth_user password on $domain" +log_event "$OK" "$EVENT" + +exit diff --git a/bin/v-delete-web-domain-httpauth b/bin/v-delete-web-domain-httpauth new file mode 100755 index 00000000..9678a371 --- /dev/null +++ b/bin/v-delete-web-domain-httpauth @@ -0,0 +1,87 @@ +#!/bin/bash +# info: delete http auth user +# options: USER DOMAIN AUTH_USER [RESTART] +# +# The call is used for deleting http auth user + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument defenition +user=$1 +domain=$2 +auth_user=$3 +restart=${4-yes} + +# Includes +source $VESTA/func/main.sh +source $VESTA/func/domain.sh +source $VESTA/conf/vesta.conf + +# Definining htpasswd file +htaccess="$HOMEDIR/$user/conf/web/$WEB_SYSTEM.$domain.conf_htaccess" +htpasswd="$HOMEDIR/$user/conf/web/$WEB_SYSTEM.$domain.htpasswd" + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '3' "$#" 'USER DOMAIN AUTH_USER [RESTART]' +validate_format 'user' 'domain' +is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" +is_object_valid 'web' 'DOMAIN' "$domain" +is_object_unsuspended 'web' 'DOMAIN' "$domain" +is_password_valid +get_domain_values 'web' +if [ -z "$(echo "$AUTH_USER" |tr : '\n' |grep ^$auth_user$)" ]; then + echo "Error: auth user $auth_user doesn't exist" + log_event "$E_NOTEXIST" "$EVENT" + exit $E_NOTEXIST +fi + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Deleting auth user +sed -i "/^$auth_user:/d" $htpasswd + +# Deleting password protection +if [ "$(echo "$AUTH_USER" |tr : '\n' |wc -l)" -le 1 ]; then + rm -f $htaccess + restart_required='yes' +fi + +# Restarting web server +if [ "$restart" != 'no' ] && [ "$restart_required" = 'yes' ]; then + $BIN/v-restart-web +fi + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Rebuilding FTP variables +position=$(echo $AUTH_USER |tr ':' '\n' |grep -n '' |grep ":$auth_user$" |\ + cut -f 1 -d:) +auth_user=$(echo $AUTH_USER |tr ':' '\n' |grep -n '' |grep -v "^$position:" |\ + cut -f 2 -d :| sed -e "/^$/d"| sed -e ':a;N;$!ba;s/\n/:/g') +auth_hash=$(echo $AUTH_HASH |tr ':' '\n' |grep -n '' |grep -v "^$position:" |\ + cut -f 2 -d :| sed -e ':a;N;$!ba;s/\n/:/g') + +# Update config +update_object_value 'web' 'DOMAIN' "$domain" '$AUTH_USER' "$auth_user" +update_object_value 'web' 'DOMAIN' "$domain" '$AUTH_HASH' "$auth_hash" + +# Logging +log_history "changed auth user $httpauth_user password on $domain" +log_event "$OK" "$EVENT" + +exit diff --git a/bin/v-generate-password-hash b/bin/v-generate-password-hash index 1c454cd5..fd917ad3 100755 --- a/bin/v-generate-password-hash +++ b/bin/v-generate-password-hash @@ -32,5 +32,10 @@ if ($crypt == 'sha-512' ) { $hash = str_replace('$rounds=5000','',$hash); } +// Generating base64 hash +if ($crypt == 'htpasswd' ) { + $hash = crypt($password, base64_encode($password)); +} + // Printing result echo $hash . "\n"; diff --git a/bin/v-list-web-domain b/bin/v-list-web-domain index 1a6cc156..fa3b1dea 100755 --- a/bin/v-list-web-domain +++ b/bin/v-list-web-domain @@ -76,7 +76,7 @@ conf=$USER_DATA/web.conf # Defining fileds to select fields='$DOMAIN $IP $IP6 $U_DISK $U_BANDWIDTH $TPL $ALIAS $STATS $STATS_USER - $SSL $SSL_HOME $FTP_USER $FTP_PATH $BACKEND $PROXY $PROXY_EXT + $SSL $SSL_HOME $FTP_USER $FTP_PATH $BACKEND $PROXY $PROXY_EXT $AUTH_USER $DOCUMENT_ROOT $SUSPENDED $TIME $DATE' # Defining document root diff --git a/bin/v-list-web-domains b/bin/v-list-web-domains index 8bc05df4..059f0e39 100755 --- a/bin/v-list-web-domains +++ b/bin/v-list-web-domains @@ -35,7 +35,7 @@ conf=$USER_DATA/web.conf # Defining fileds to select fields="\$DOMAIN \$IP \$IP6 \$U_DISK \$U_BANDWIDTH \$TPL \$ALIAS \$STATS" -fields="$fields \$STATS_USER \$SSL \$SSL_HOME \$FTP_USER \$FTP_PATH" +fields="$fields \$STATS_USER \$SSL \$SSL_HOME \$FTP_USER \$FTP_PATH \$AUTH_USER" fields="$fields \$BACKEND \$PROXY \$PROXY_EXT \$SUSPENDED \$TIME \$DATE" # Listing domains