Blame
Date:
Sun Oct 8 22:28:02 2023 UTC
Message:
Now prevents creating accounts that exist in database with a password
001
2021-12-17
jrmu
#!/usr/bin/perl
002
2021-12-17
jrmu
003
2021-12-17
jrmu
package Shell;
004
2021-12-17
jrmu
005
2021-12-17
jrmu
use strict;
006
2021-12-17
jrmu
use warnings;
007
2021-12-17
jrmu
use OpenBSD::Pledge;
008
2021-12-17
jrmu
use OpenBSD::Unveil;
009
2021-12-17
jrmu
use MIME::Base64;
010
2021-12-17
jrmu
use Data::Dumper;
011
2021-12-17
jrmu
use Digest::SHA qw(sha256_hex);
012
2021-12-17
jrmu
use lib './';
013
2021-12-17
jrmu
require "SQLite.pm";
014
2021-12-17
jrmu
require "Hash.pm";
015
2021-12-17
jrmu
016
2021-12-17
jrmu
my %conf = %main::conf;
017
2021-12-17
jrmu
my $chans = $conf{chans};
018
2021-12-17
jrmu
my $teamchans = $conf{teamchans};
019
2021-12-17
jrmu
my @teamchans = split /[,\s]+/m, $teamchans;
020
2021-12-17
jrmu
my $staff = $conf{staff};
021
2021-12-17
jrmu
my $captchaURL = "https://example.com/captcha.php?vhost=";
022
2021-12-17
jrmu
my $hostname = $conf{hostname};
023
2021-12-17
jrmu
my $terms = $conf{terms};
024
2021-12-17
jrmu
my $expires = $conf{expires};
025
2021-12-17
jrmu
my $mailfrom = $conf{mailfrom};
026
2021-12-17
jrmu
my $mailname = $conf{mailname};
027
2023-03-05
jrmu
my $approval = $conf{approval};
028
2023-06-30
jrmu
my $loginclass = $conf{loginclass} || "freeshell";
029
2021-12-17
jrmu
my $passpath = "/etc/passwd";
030
2021-12-17
jrmu
my $httpdconfpath = "/etc/httpd.conf";
031
2021-12-17
jrmu
my $acmeconfpath = "/etc/acme-client.conf";
032
2021-12-17
jrmu
my $pfconfpath = "/etc/pf.conf";
033
2021-12-17
jrmu
my $relaydconfpath = "/etc/relayd.conf";
034
2021-12-17
jrmu
my $startPort;
035
2021-12-17
jrmu
my $endPort;
036
2023-03-12
jrmu
037
2023-03-12
jrmu
use constant {
038
2023-03-12
jrmu
NONE => 0,
039
2023-03-12
jrmu
ERRORS => 1,
040
2023-03-12
jrmu
WARNINGS => 2,
041
2023-03-12
jrmu
ALL => 3,
042
2023-03-12
jrmu
};
043
2023-03-12
jrmu
044
2021-12-17
jrmu
main::cbind("pub", "-", "shell", \&mshell);
045
2021-12-17
jrmu
main::cbind("msg", "-", "shell", \&mshell);
046
2021-12-17
jrmu
047
2021-12-17
jrmu
sub init {
048
2021-12-17
jrmu
#dependencies for figlet
049
2021-12-17
jrmu
unveil("/usr/local/bin/figlet", "rx") or die "Unable to unveil $!";
050
2021-12-17
jrmu
unveil("/usr/lib/libc.so.95.1", "r") or die "Unable to unveil $!";
051
2021-12-17
jrmu
unveil("/usr/libexec/ld.so", "r") or die "Unable to unveil $!";
052
2021-12-17
jrmu
#dependencies for shell account
053
2021-12-17
jrmu
unveil($passpath, "r") or die "Unable to unveil $!";
054
2021-12-17
jrmu
unveil($httpdconfpath, "rwxc") or die "Unable to unveil $!";
055
2021-12-17
jrmu
unveil($acmeconfpath, "rwxc") or die "Unable to unveil $!";
056
2021-12-17
jrmu
unveil($pfconfpath, "rwxc") or die "Unable to unveil $!";
057
2021-12-17
jrmu
unveil($relaydconfpath, "rwxc") or die "Unable to unveil $!";
058
2021-12-17
jrmu
unveil("/usr/sbin/chown", "rx") or die "Unable to unveil $!";
059
2021-12-17
jrmu
unveil("/bin/chmod", "rx") or die "Unable to unveil $!";
060
2021-12-17
jrmu
unveil("/usr/sbin/groupadd", "rx") or die "Unable to unveil $!";
061
2021-12-17
jrmu
unveil("/usr/sbin/useradd", "rx") or die "Unable to unveil $!";
062
2023-03-05
jrmu
unveil("/usr/sbin/usermod", "rx") or die "Unable to unveil $!";
063
2021-12-17
jrmu
unveil("/usr/sbin/groupdel", "rx") or die "Unable to unveil $!";
064
2021-12-17
jrmu
unveil("/usr/sbin/userdel", "rx") or die "Unable to unveil $!";
065
2021-12-17
jrmu
unveil("/bin/mkdir", "rx") or die "Unable to unveil $!";
066
2021-12-17
jrmu
unveil("/bin/ln", "rx") or die "Unable to unveil $!";
067
2021-12-17
jrmu
unveil("/usr/sbin/acme-client", "rx") or die "Unable to unveil $!";
068
2021-12-17
jrmu
unveil("/bin/rm", "rx") or die "Unable to unveil $!";
069
2021-12-17
jrmu
unveil("/bin/mv", "rx") or die "Unable to unveil $!";
070
2021-12-17
jrmu
unveil("/home/", "rwxc") or die "Unable to unveil $!";
071
2021-12-17
jrmu
}
072
2021-12-17
jrmu
073
2021-12-17
jrmu
# !shell <username> <email>
074
2021-12-17
jrmu
# !shell captcha <captcha>
075
2021-12-17
jrmu
sub mshell {
076
2021-12-17
jrmu
my ($bot, $nick, $host, $hand, @args) = @_;
077
2021-12-17
jrmu
my ($chan, $text);
078
2021-12-17
jrmu
if (@args == 2) {
079
2021-12-17
jrmu
($chan, $text) = ($args[0], $args[1]);
080
2021-12-17
jrmu
} else { $text = $args[0]; }
081
2021-12-17
jrmu
my $hostmask = "$nick!$host";
082
2021-12-17
jrmu
if (defined($chan) && $chans =~ /$chan/) {
083
2021-12-17
jrmu
main::putserv($bot, "PRIVMSG $chan :$nick: Please check private message");
084
2021-12-17
jrmu
}
085
2021-12-17
jrmu
if ($text =~ /^$/) {
086
2021-12-17
jrmu
main::putserv($bot, "PRIVMSG $nick :Type !help for new instructions");
087
2021-12-17
jrmu
foreach my $chan (@teamchans) {
088
2023-03-06
jrmu
main::putservlocalnet($bot, "PRIVMSG $chan :$staff: Help *$nick* on network ".$bot->{name}." with shell registration");
089
2021-12-17
jrmu
}
090
2021-12-17
jrmu
return;
091
2021-12-17
jrmu
} elsif (main::isstaff($bot, $nick) && $text =~ /^delete\s+([[:ascii:]]+)/) {
092
2021-12-17
jrmu
my $username = $1;
093
2021-12-17
jrmu
if (SQLite::deleterows("shell", "username", $username)) {
094
2021-12-17
jrmu
# TODO delete shell
095
2021-12-17
jrmu
deleteshell($username);
096
2021-12-17
jrmu
foreach my $chan (@teamchans) {
097
2021-12-17
jrmu
main::putserv($bot, "PRIVMSG $chan :$username deleted");
098
2021-12-17
jrmu
}
099
2021-12-17
jrmu
}
100
2021-12-17
jrmu
return;
101
2023-03-05
jrmu
} elsif (main::isstaff($bot, $nick) && $text =~ /^approve\s+([[:ascii:]]+)/) {
102
2023-03-05
jrmu
my $username = $1;
103
2023-05-06
jrmu
system "doas usermod -U $username";
104
2023-03-05
jrmu
foreach my $chan (@teamchans) {
105
2023-03-05
jrmu
main::putserv($bot, "PRIVMSG $chan :$username approved");
106
2023-03-05
jrmu
}
107
2023-03-07
jrmu
return;
108
2021-12-17
jrmu
}
109
2021-12-17
jrmu
### TODO: Check duplicate emails ###
110
2021-12-17
jrmu
my @rows = SQLite::selectrows("irc", "nick", $nick);
111
2021-12-17
jrmu
foreach my $row (@rows) {
112
2021-12-17
jrmu
my $password = SQLite::get("shell", "ircid", $row->{id}, "password");
113
2021-12-17
jrmu
if (defined($password)) {
114
2021-12-17
jrmu
main::putserv($bot, "PRIVMSG $nick :Sorry, only one account per person. Please contact staff if you need help.");
115
2021-12-17
jrmu
return;
116
2021-12-17
jrmu
}
117
2021-12-17
jrmu
}
118
2021-12-17
jrmu
if ($text =~ /^lastseen\s+([[:alnum:]]+)/) {
119
2021-12-17
jrmu
}
120
2021-12-17
jrmu
if ($text =~ /^captcha\s+([[:alnum:]]+)/) {
121
2021-12-17
jrmu
my $text = $1;
122
2021-12-17
jrmu
my $ircid = SQLite::id("irc", "nick", $nick, $expires);
123
2021-12-17
jrmu
if (!defined($ircid)) { die "undefined ircid"; }
124
2021-12-17
jrmu
my $captcha = SQLite::get("shell", "ircid", $ircid, "captcha");
125
2021-12-17
jrmu
if ($text ne $captcha) {
126
2021-12-17
jrmu
main::putserv($bot, "PRIVMSG $nick :Wrong captcha. To get a new captcha, type !shell <username> <email>");
127
2021-12-17
jrmu
return;
128
2021-12-17
jrmu
}
129
2021-12-17
jrmu
my $pass = Hash::newpass();
130
2021-12-17
jrmu
chomp(my $encrypted = `encrypt $pass`);
131
2021-12-17
jrmu
my $username = SQLite::get("shell", "ircid", $ircid, "username");
132
2021-12-17
jrmu
my $email = SQLite::get("shell", "ircid", $ircid, "email");
133
2021-12-17
jrmu
my $version = SQLite::get("shell", "ircid", $ircid, "version");
134
2021-12-17
jrmu
my $bindhost = "$username.$hostname";
135
2021-12-17
jrmu
SQLite::set("shell", "ircid", $ircid, "password", $encrypted);
136
2021-12-17
jrmu
if (DNS::nextdns($username)) {
137
2021-12-17
jrmu
sleep(2);
138
2021-12-17
jrmu
createshell($username, $pass, $bindhost);
139
2021-12-17
jrmu
mailshell($username, $email, $pass, "shell", $version);
140
2021-12-17
jrmu
main::putserv($bot, "PRIVMSG $nick :Check your email!");
141
2023-03-05
jrmu
if ($approval eq "true") {
142
2023-05-06
jrmu
system "doas usermod -Z $username";
143
2023-03-05
jrmu
main::putserv($bot, "PRIVMSG $nick :Your account has been created but must be manually approved by your admins ($staff) before it can be used.");
144
2023-03-05
jrmu
foreach my $chan (@teamchans) {
145
2023-03-05
jrmu
main::putservlocalnet($bot, "PRIVMSG $chan :$staff: $nick\'s account $username must be manually unblocked before it can be used.");
146
2023-03-05
jrmu
}
147
2023-03-05
jrmu
}
148
2023-03-05
jrmu
foreach my $chan (@teamchans) {
149
2023-03-06
jrmu
main::putservlocalnet($bot, "PRIVMSG $chan :$staff: $nick\'s shell registration of $username on $bot->{name} was successful, *but* you *must* help him connect. Most users are unable to connect. Show him https://wiki.ircnow.org/?n=Shell.Shell");
150
2023-03-05
jrmu
}
151
2021-12-17
jrmu
152
2023-03-05
jrmu
153
2021-12-17
jrmu
#www($newnick, $reply, $password, "bouncer");
154
2021-12-17
jrmu
} else {
155
2021-12-17
jrmu
foreach my $chan (@teamchans) {
156
2021-12-17
jrmu
main::putserv($bot, "PRIVMSG $chan :Assigning bindhost $bindhost failed");
157
2021-12-17
jrmu
}
158
2021-12-17
jrmu
}
159
2021-12-17
jrmu
return;
160
2021-12-17
jrmu
} elsif ($text =~ /^([[:alnum:]]+)\s+([[:ascii:]]+)/) {
161
2021-12-17
jrmu
my ($username, $email) = ($1, $2);
162
2021-12-17
jrmu
my @users = col($passpath, 1, ":");
163
2021-12-17
jrmu
my @matches = grep(/^$username$/i, @users);
164
2021-12-17
jrmu
if (scalar(@matches) > 0) {
165
2021-12-17
jrmu
main::putserv($bot, "PRIVMSG $nick :Sorry, username taken. Please choose another username, or contact staff for help.");
166
2021-12-17
jrmu
return;
167
2021-12-17
jrmu
}
168
2021-12-17
jrmu
# my $captcha = join'', map +(0..9,'a'..'z','A'..'Z')[rand(10+26*2)], 1..4;
169
2021-12-17
jrmu
my $captcha = int(rand(999));
170
2021-12-17
jrmu
my $ircid = int(rand(2147483647));
171
2021-12-17
jrmu
SQLite::set("irc", "id", $ircid, "localtime", time());
172
2021-12-17
jrmu
SQLite::set("irc", "id", $ircid, "date", main::date());
173
2021-12-17
jrmu
SQLite::set("irc", "id", $ircid, "hostmask", $hostmask);
174
2021-12-17
jrmu
SQLite::set("irc", "id", $ircid, "nick", $nick);
175
2021-12-17
jrmu
SQLite::set("shell", "ircid", $ircid, "username", $username);
176
2021-12-17
jrmu
SQLite::set("shell", "ircid", $ircid, "email", $email);
177
2021-12-17
jrmu
SQLite::set("shell", "ircid", $ircid, "captcha", $captcha);
178
2023-08-01
jrmu
main::whois($bot, $nick);
179
2023-08-01
jrmu
main::ctcp($bot, $nick);
180
2021-12-17
jrmu
main::putserv($bot, "PRIVMSG $nick :".`figlet $captcha`);
181
2023-03-06
jrmu
# main::putserv($bot, "PRIVMSG $nick :$captchaURL".encode_base64($captcha));
182
2021-12-17
jrmu
main::putserv($bot, "PRIVMSG $nick :Type !shell captcha <text>");
183
2021-12-17
jrmu
foreach my $chan (@teamchans) {
184
2021-12-17
jrmu
main::putservlocalnet($bot, "PRIVMSG $chan :$nick\'s captcha on $bot->{name} is $captcha");
185
2021-12-17
jrmu
}
186
2021-12-17
jrmu
} else {
187
2021-12-17
jrmu
main::putserv($bot, "PRIVMSG $nick :Invalid username or email. Type !shell <username> <email> to try again.");
188
2021-12-17
jrmu
foreach my $chan (@teamchans) {
189
2023-03-06
jrmu
main::putserv($bot, "PRIVMSG $chan :$staff: Help *$nick* on network ".$bot->{name}." with shell registration");
190
2021-12-17
jrmu
}
191
2021-12-17
jrmu
}
192
2021-12-17
jrmu
}
193
2021-12-17
jrmu
sub mailshell {
194
2021-12-17
jrmu
my( $username, $email, $password, $service, $version )=@_;
195
2021-12-17
jrmu
my $passhash = sha256_hex("$username");
196
2021-12-17
jrmu
my $versionhash = encode_base64($version);
197
2023-03-05
jrmu
my $approvemsg;
198
2023-03-05
jrmu
if ($approval eq "true") {
199
2023-03-05
jrmu
$approvemsg = <<"EOF";
200
2023-03-05
jrmu
201
2023-03-05
jrmu
*IMPORTANT*: Your account has been created but it has not yet been
202
2023-03-06
jrmu
approved. To get your account approved, please contact your admins
203
2023-03-05
jrmu
$staff on IRC and by email.
204
2023-03-05
jrmu
205
2023-03-05
jrmu
EOF
206
2023-03-05
jrmu
}
207
2023-03-05
jrmu
208
2021-12-17
jrmu
my $body = <<"EOF";
209
2021-12-17
jrmu
You created a shell account!
210
2021-12-17
jrmu
211
2021-12-17
jrmu
Username: $username
212
2021-12-17
jrmu
Password: $password
213
2021-12-17
jrmu
Server: $hostname
214
2021-12-17
jrmu
SSH Port: 22
215
2021-12-17
jrmu
Your Ports: $startPort to $endPort
216
2021-12-17
jrmu
217
2023-03-05
jrmu
To customize your vhost, connect to ask in $chans
218
2023-03-05
jrmu
$approvemsg
219
2021-12-17
jrmu
*IMPORTANT*: Verify your email address:
220
2021-12-17
jrmu
221
2023-03-01
jrmu
Please reply to this email to indicate you have received the email. You must
222
2023-03-01
jrmu
reply in order to keep your account.
223
2021-12-17
jrmu
224
2021-12-17
jrmu
IRCNow
225
2021-12-17
jrmu
EOF
226
2023-03-07
jrmu
main::mail($mailfrom, $email, $mailname, "Verify IRCNow Account", $body);
227
2021-12-17
jrmu
}
228
2021-12-17
jrmu
229
2021-12-17
jrmu
230
2021-12-17
jrmu
#sub mregex {
231
2021-12-17
jrmu
# my ($bot, $nick, $host, $hand, $text) = @_;
232
2021-12-17
jrmu
# if ($staff !~ /$nick/) { return; }
233
2021-12-17
jrmu
# if ($text =~ /^ips?\s+([-_()|0-9A-Za-z:\.?*\s]{3,})$/) {
234
2021-12-17
jrmu
# my $ips = $1; # space-separated list of IPs
235
2021-12-17
jrmu
# main::putserv($bot, "PRIVMSG $nick :".regexlist($ips));
236
2021-12-17
jrmu
# } elsif ($text =~ /^users?\s+([-_()|0-9A-Za-z:\.?*\s]{3,})$/) {
237
2021-12-17
jrmu
# my $users = $1; # space-separated list of usernames
238
2021-12-17
jrmu
# main::putserv($bot, "PRIVMSG $nick :".regexlist($users));
239
2021-12-17
jrmu
# } elsif ($text =~ /^[-_()|0-9A-Za-z:,\.?*\s]{3,}$/) {
240
2021-12-17
jrmu
# my @lines = regex($text);
241
2021-12-17
jrmu
# foreach my $l (@lines) { print "$l\n"; }
242
2021-12-17
jrmu
# }
243
2021-12-17
jrmu
#}
244
2021-12-17
jrmu
#sub mforeach {
245
2021-12-17
jrmu
# my ($bot, $nick, $host, $hand, $text) = @_;
246
2021-12-17
jrmu
# if ($staff !~ /$nick/) { return; }
247
2021-12-17
jrmu
# if ($text =~ /^network\s+del\s+([[:graph:]]+)\s+(#[[:graph:]]+)$/) {
248
2021-12-17
jrmu
# my ($user, $chan) = ($1, $2);
249
2021-12-17
jrmu
# foreach my $n (@main::networks) {
250
2021-12-17
jrmu
# main::putserv($bot, "PRIVMSG *controlpanel :delchan $user $n->{name} $chan");
251
2021-12-17
jrmu
# }
252
2021-12-17
jrmu
# }
253
2021-12-17
jrmu
#}
254
2021-12-17
jrmu
255
2021-12-17
jrmu
#sub loadlog {
256
2021-12-17
jrmu
# open(my $fh, '<', "$authlog") or die "Could not read file 'authlog' $!";
257
2021-12-17
jrmu
# chomp(@logs = <$fh>);
258
2021-12-17
jrmu
# close $fh;
259
2021-12-17
jrmu
#}
260
2021-12-17
jrmu
261
2021-12-17
jrmu
# return all lines matching a pattern
262
2021-12-17
jrmu
#sub regex {
263
2021-12-17
jrmu
# my ($pattern) = @_;
264
2021-12-17
jrmu
# if (!@logs) { loadlog(); }
265
2021-12-17
jrmu
# return grep(/$pattern/, @logs);
266
2021-12-17
jrmu
#}
267
2021-12-17
jrmu
268
2021-12-17
jrmu
# given a list of IPs, return matching users
269
2021-12-17
jrmu
# or given a list of users, return matching IPs
270
2021-12-17
jrmu
#sub regexlist {
271
2021-12-17
jrmu
# my ($items) = @_;
272
2021-12-17
jrmu
# my @items = split /[,\s]+/m, $items;
273
2021-12-17
jrmu
# my $pattern = "(".join('|', @items).")";
274
2021-12-17
jrmu
# if (!@logs) { loadlog(); }
275
2021-12-17
jrmu
# my @matches = grep(/$pattern/, @logs);
276
2021-12-17
jrmu
# my @results;
277
2021-12-17
jrmu
# foreach my $match (@matches) {
278
2021-12-17
jrmu
# if ($match =~ /^\[\d{4}-\d\d-\d\d \d\d:\d\d:\d\d\] \[([^]\/]+)(\/[^]]+)?\] connected to ZNC from (.*)/) {
279
2021-12-17
jrmu
# my ($user, $ip) = ($1, $3);
280
2021-12-17
jrmu
# if ($items =~ /[.:]/) { # items are IP addresses
281
2021-12-17
jrmu
# push(@results, $user);
282
2021-12-17
jrmu
# } else { # items are users
283
2021-12-17
jrmu
# push(@results, $ip);
284
2021-12-17
jrmu
# }
285
2021-12-17
jrmu
# }
286
2021-12-17
jrmu
# }
287
2021-12-17
jrmu
# my @sorted = sort @results;
288
2021-12-17
jrmu
# @results = do { my %seen; grep { !$seen{$_}++ } @sorted }; # uniq
289
2021-12-17
jrmu
# return join(' ', @results);
290
2021-12-17
jrmu
#}
291
2021-12-17
jrmu
292
2021-12-17
jrmu
sub createshell {
293
2021-12-17
jrmu
my ($username, $password, $bindhost) = @_;
294
2021-12-17
jrmu
system "doas groupadd $username";
295
2021-12-17
jrmu
system "doas adduser -batch $username $username $username `encrypt $password`";
296
2021-12-17
jrmu
system "doas chmod 700 /home/$username /home/$username/.ssh";
297
2021-12-17
jrmu
system "doas chmod 600 /home/$username/{.Xdefaults,.cshrc,.cvsrc,.login,.mailrc,.profile}";
298
2021-12-17
jrmu
system "doas mkdir /var/www/htdocs/$username";
299
2021-12-17
jrmu
system "doas ln -s /var/www/htdocs/$username /home/$username/htdocs";
300
2021-12-17
jrmu
system "doas chown -R $username:www /var/www/htdocs/$username /home/$username/htdocs";
301
2021-12-17
jrmu
system "doas chmod -R o-rx /var/www/htdocs/$username /home/$username/htdocs";
302
2021-12-17
jrmu
system "doas chmod -R g+rwx /var/www/htdocs/$username /home/$username/htdocs";
303
2023-03-05
jrmu
system "doas chown root:wheel $httpdconfpath $pfconfpath $acmeconfpath $relaydconfpath";
304
2023-03-05
jrmu
system "doas chmod g+rw $httpdconfpath $pfconfpath $acmeconfpath $relaydconfpath";
305
2021-12-17
jrmu
my $lusername = lc $username;
306
2021-12-17
jrmu
my $block = <<"EOF";
307
2021-12-17
jrmu
server "$lusername.$hostname" {
308
2021-12-17
jrmu
listen on * port 80
309
2021-12-17
jrmu
location "/.well-known/acme-challenge/*" {
310
2021-12-17
jrmu
root "/acme"
311
2021-12-17
jrmu
request strip 2
312
2021-12-17
jrmu
}
313
2021-12-17
jrmu
location "*.php" {
314
2021-12-17
jrmu
fastcgi socket "/run/php-fpm.sock"
315
2021-12-17
jrmu
}
316
2021-12-17
jrmu
root "/htdocs/$username"
317
2021-12-17
jrmu
}
318
2021-12-17
jrmu
EOF
319
2021-12-17
jrmu
main::appendfile($httpdconfpath, $block);
320
2021-12-17
jrmu
$block = <<"EOF";
321
2021-12-17
jrmu
domain "$lusername.$hostname" {
322
2021-12-17
jrmu
domain key "/etc/ssl/private/$lusername.$hostname.key"
323
2021-12-17
jrmu
domain full chain certificate "/etc/ssl/$lusername.$hostname.crt"
324
2021-12-17
jrmu
sign with letsencrypt
325
2021-12-17
jrmu
}
326
2021-12-17
jrmu
EOF
327
2021-12-17
jrmu
main::appendfile($acmeconfpath, $block);
328
2021-12-17
jrmu
configurepf($username);
329
2021-12-17
jrmu
system "doas rcctl reload httpd";
330
2021-12-17
jrmu
system "doas acme-client -F $lusername.$hostname";
331
2021-12-17
jrmu
system "doas ln -s /etc/ssl/$lusername.$hostname.crt /etc/ssl/$lusername.$hostname.fullchain.pem";
332
2021-12-17
jrmu
system "doas pfctl -f /etc/pf.conf";
333
2021-12-17
jrmu
configurerelayd($username);
334
2021-12-17
jrmu
$block = <<"EOF";
335
2021-12-17
jrmu
~ * * * * acme-client $lusername.$hostname && rcctl reload relayd
336
2021-12-17
jrmu
EOF
337
2021-12-17
jrmu
system "echo $block | doas crontab -";
338
2023-06-30
jrmu
system "doas usermod -L $loginclass $username";
339
2021-12-17
jrmu
#edquota $username
340
2021-12-17
jrmu
return 1;
341
2021-12-17
jrmu
}
342
2021-12-17
jrmu
343
2021-12-17
jrmu
sub deleteshell {
344
2021-12-17
jrmu
my ($username, $bindhost) = @_;
345
2021-12-17
jrmu
my $lusername = lc $username;
346
2023-03-05
jrmu
system "doas chown root:wheel $httpdconfpath $pfconfpath $acmeconfpath $relaydconfpath";
347
2023-03-05
jrmu
system "doas chmod g+rw $httpdconfpath $pfconfpath $acmeconfpath $relaydconfpath";
348
2021-12-17
jrmu
system "doas groupdel $username";
349
2021-12-17
jrmu
system "doas userdel $username";
350
2021-12-17
jrmu
system "doas rm -f /etc/ssl/$lusername.$hostname.crt /etc/ssl/$lusername.$hostname.fullchain.pem /etc/ssl/private/$lusername.$hostname.key";
351
2021-12-17
jrmu
my $httpdconf = main::readstr($httpdconfpath);
352
2021-12-17
jrmu
my $block = <<"EOF";
353
2021-12-17
jrmu
server "$lusername.$hostname" {
354
2021-12-17
jrmu
listen on * port 80
355
2021-12-17
jrmu
location "/.well-known/acme-challenge/*" {
356
2021-12-17
jrmu
root "/acme"
357
2021-12-17
jrmu
request strip 2
358
2021-12-17
jrmu
}
359
2021-12-17
jrmu
location "*.php" {
360
2021-12-17
jrmu
fastcgi socket "/run/php-fpm.sock"
361
2021-12-17
jrmu
}
362
2021-12-17
jrmu
root "/htdocs/$username"
363
2021-12-17
jrmu
}
364
2021-12-17
jrmu
EOF
365
2021-12-17
jrmu
$block =~ s/{/\\{/gm;
366
2021-12-17
jrmu
$block =~ s/}/\\}/gm;
367
2021-12-17
jrmu
$block =~ s/\./\\./gm;
368
2021-12-17
jrmu
$block =~ s/\*/\\*/gm;
369
2021-12-17
jrmu
$httpdconf =~ s{$block}{}gm;
370
2021-12-17
jrmu
print $httpdconf;
371
2021-12-17
jrmu
main::writefile($httpdconfpath, $httpdconf);
372
2021-12-17
jrmu
373
2021-12-17
jrmu
my $acmeconf = main::readstr($acmeconfpath);
374
2021-12-17
jrmu
$block = <<"EOF";
375
2021-12-17
jrmu
domain "$lusername.$hostname" {
376
2021-12-17
jrmu
domain key "/etc/ssl/private/$lusername.$hostname.key"
377
2021-12-17
jrmu
domain full chain certificate "/etc/ssl/$lusername.$hostname.fullchain.pem"
378
2021-12-17
jrmu
sign with letsencrypt
379
2021-12-17
jrmu
}
380
2021-12-17
jrmu
EOF
381
2021-12-17
jrmu
$block =~ s/{/\\{/gm;
382
2021-12-17
jrmu
$block =~ s/}/\\}/gm;
383
2021-12-17
jrmu
$block =~ s/\./\\./gm;
384
2021-12-17
jrmu
$block =~ s/\*/\\*/gm;
385
2021-12-17
jrmu
$acmeconf =~ s{$block}{}gm;
386
2021-12-17
jrmu
main::writefile($acmeconfpath, $acmeconf);
387
2021-12-17
jrmu
return 1;
388
2021-12-17
jrmu
}
389
2021-12-17
jrmu
390
2021-12-17
jrmu
#TODO Fix for $i
391
2021-12-17
jrmu
# Return column $i from $filename as an array with file separator $FS
392
2021-12-17
jrmu
sub col {
393
2021-12-17
jrmu
my ($filename, $i, $FS) = @_;
394
2021-12-17
jrmu
my @rows = main::readarray($filename);
395
2021-12-17
jrmu
my @results;
396
2021-12-17
jrmu
foreach my $row (@rows) {
397
2021-12-17
jrmu
if ($row =~ /^(.*?)$FS/) {
398
2021-12-17
jrmu
push(@results, $1);
399
2021-12-17
jrmu
}
400
2021-12-17
jrmu
}
401
2021-12-17
jrmu
return @results;
402
2021-12-17
jrmu
}
403
2021-12-17
jrmu
404
2021-12-17
jrmu
sub configurepf {
405
2021-12-17
jrmu
my $username = shift;
406
2021-12-17
jrmu
my @read = split('\n', main::readstr($pfconfpath) );
407
2021-12-17
jrmu
408
2021-12-17
jrmu
my $previousline = "";
409
2021-12-17
jrmu
my @pfcontent;
410
2021-12-17
jrmu
foreach my $line(@read)
411
2021-12-17
jrmu
{
412
2021-12-17
jrmu
my $currline = $line;
413
2021-12-17
jrmu
if( $currline ne "# end user ports") {
414
2021-12-17
jrmu
$previousline = $currline;
415
2021-12-17
jrmu
} else {
416
2021-12-17
jrmu
#pass in proto {tcp udp} to port {31361:31370} user {JL}
417
2021-12-17
jrmu
if( $previousline =~ /(\d*):(\d*)/ ) {
418
2021-12-17
jrmu
my $startport = ( $1 + 10 );
419
2021-12-17
jrmu
my $endport = ( $2 + 10 );
420
2021-12-17
jrmu
my $insert = "pass in proto {tcp udp} to port {$startport:$endport} user {$username}";
421
2021-12-17
jrmu
push(@pfcontent, $insert);
422
2021-12-17
jrmu
$startPort = $startport;
423
2021-12-17
jrmu
$endPort = $endport;
424
2021-12-17
jrmu
}
425
2021-12-17
jrmu
}
426
2021-12-17
jrmu
push(@pfcontent, $currline)
427
2021-12-17
jrmu
}
428
2021-12-17
jrmu
main::writefile("$pfconfpath", join("\n",@pfcontent))
429
2021-12-17
jrmu
}
430
2021-12-17
jrmu
431
2021-12-17
jrmu
sub configurerelayd {
432
2021-12-17
jrmu
my ($username) = @_;
433
2021-12-17
jrmu
my $block = "tls { keypair $username.$hostname }";
434
2021-12-17
jrmu
my $relaydconf = main::readstr($relaydconfpath);
435
2021-12-17
jrmu
my $newconf;
436
2021-12-17
jrmu
if ($relaydconf =~ /^.*tls\s+{\s+keypair\s+[.0-9a-zA-Z]+\s*}/m) {
437
2021-12-17
jrmu
$newconf = "$`$&\n\t$block$'";
438
2023-03-12
jrmu
} else {
439
2023-03-12
jrmu
$newconf = $relaydconf;
440
2023-03-12
jrmu
main::debug(ERRORS, "ERROR: regex can't match tls { keypair \$username.$hostname }");
441
2021-12-17
jrmu
}
442
2021-12-17
jrmu
main::writefile($relaydconfpath, $newconf);
443
2021-12-17
jrmu
}
444
2021-12-17
jrmu
445
2021-12-17
jrmu
#unveil("./newacct", "rx") or die "Unable to unveil $!";
446
2021-12-17
jrmu
1; # MUST BE LAST STATEMENT IN FILE
IRCNow