version 1.1, 2021/05/15 15:12:32 |
version 1.2, 2021/07/21 22:04:30 |
Line 27 my $mailname = $conf{mailname}; |
|
Line 27 my $mailname = $conf{mailname}; |
|
my $passpath = "/etc/passwd"; |
my $passpath = "/etc/passwd"; |
my $httpdconfpath = "/etc/httpd.conf"; |
my $httpdconfpath = "/etc/httpd.conf"; |
my $acmeconfpath = "/etc/acme-client.conf"; |
my $acmeconfpath = "/etc/acme-client.conf"; |
|
my $pfconfpath = "/etc/pf.conf"; |
|
my $relaydconfpath = "/etc/relayd.conf"; |
|
my $startPort; |
|
my $endPort; |
main::cbind("pub", "-", "shell", \&mshell); |
main::cbind("pub", "-", "shell", \&mshell); |
main::cbind("msg", "-", "shell", \&mshell); |
main::cbind("msg", "-", "shell", \&mshell); |
|
|
|
|
unveil($passpath, "r") or die "Unable to unveil $!"; |
unveil($passpath, "r") or die "Unable to unveil $!"; |
unveil($httpdconfpath, "rwxc") or die "Unable to unveil $!"; |
unveil($httpdconfpath, "rwxc") or die "Unable to unveil $!"; |
unveil($acmeconfpath, "rwxc") or die "Unable to unveil $!"; |
unveil($acmeconfpath, "rwxc") or die "Unable to unveil $!"; |
|
unveil($pfconfpath, "rwxc") or die "Unable to unveil $!"; |
|
unveil($relaydconfpath, "rwxc") or die "Unable to unveil $!"; |
unveil("/usr/sbin/chown", "rx") or die "Unable to unveil $!"; |
unveil("/usr/sbin/chown", "rx") or die "Unable to unveil $!"; |
unveil("/bin/chmod", "rx") or die "Unable to unveil $!"; |
unveil("/bin/chmod", "rx") or die "Unable to unveil $!"; |
unveil("/usr/sbin/groupadd", "rx") or die "Unable to unveil $!"; |
unveil("/usr/sbin/groupadd", "rx") or die "Unable to unveil $!"; |
|
|
my $username = $1; |
my $username = $1; |
if (SQLite::deleterows("shell", "username", $username)) { |
if (SQLite::deleterows("shell", "username", $username)) { |
# TODO delete shell |
# TODO delete shell |
deleteshell($bot, $username); |
deleteshell($username); |
foreach my $chan (@teamchans) { |
foreach my $chan (@teamchans) { |
main::putserv($bot, "PRIVMSG $chan :$username deleted"); |
main::putserv($bot, "PRIVMSG $chan :$username deleted"); |
} |
} |
|
|
SQLite::set("shell", "ircid", $ircid, "password", $encrypted); |
SQLite::set("shell", "ircid", $ircid, "password", $encrypted); |
if (DNS::nextdns($username)) { |
if (DNS::nextdns($username)) { |
sleep(2); |
sleep(2); |
createshell($bot, $username, $pass, $bindhost); |
createshell($username, $pass, $bindhost); |
mailshell($username, $email, $pass, "shell", $version); |
mailshell($username, $email, $pass, "shell", $version); |
main::putserv($bot, "PRIVMSG $nick :Check your email!"); |
main::putserv($bot, "PRIVMSG $nick :Check your email!"); |
|
|
|
|
my( $username, $email, $password, $service, $version )=@_; |
my( $username, $email, $password, $service, $version )=@_; |
my $passhash = sha256_hex("$username"); |
my $passhash = sha256_hex("$username"); |
my $versionhash = encode_base64($version); |
my $versionhash = encode_base64($version); |
my $ports; |
|
my $body = <<"EOF"; |
my $body = <<"EOF"; |
You created a shell account! |
You created a shell account! |
|
|
Line 167 Username: $username |
|
Line 172 Username: $username |
|
Password: $password |
Password: $password |
Server: $hostname |
Server: $hostname |
SSH Port: 22 |
SSH Port: 22 |
Your Ports: $ports for plaintext |
Your Ports: $startPort to $endPort |
|
|
|
To customize your vhost, connect to ask in #ircnow |
|
|
*IMPORTANT*: Verify your email address: |
*IMPORTANT*: Verify your email address: |
|
|
https://www.$hostname/register.php?id=$passhash&version=$versionhash |
https://www.$hostname/register.php?id=$passhash&version=$versionhash |
|
|
You *MUST* click on the link or your account will be deleted. |
You *MUST* click on the link within 24 hours or your account will be deleted. |
|
|
IRCNow |
IRCNow |
EOF |
EOF |
|
|
#} |
#} |
|
|
sub createshell { |
sub createshell { |
my ($bot, $username, $password, $bindhost) = @_; |
my ($username, $password, $bindhost) = @_; |
my $netname = $bot->{name}; |
|
system "doas groupadd $username"; |
system "doas groupadd $username"; |
system "doas adduser -batch $username $username $username `encrypt $password`"; |
system "doas adduser -batch $username $username $username `encrypt $password`"; |
system "doas chmod 700 /home/$username /home/$username/.ssh"; |
system "doas chmod 700 /home/$username /home/$username/.ssh"; |
Line 259 sub createshell { |
|
Line 265 sub createshell { |
|
my $block = <<"EOF"; |
my $block = <<"EOF"; |
server "$lusername.$hostname" { |
server "$lusername.$hostname" { |
listen on * port 80 |
listen on * port 80 |
listen on * port 8001 |
|
location "/.well-known/acme-challenge/*" { |
location "/.well-known/acme-challenge/*" { |
root "/acme" |
root "/acme" |
request strip 2 |
request strip 2 |
|
|
$block = <<"EOF"; |
$block = <<"EOF"; |
domain "$lusername.$hostname" { |
domain "$lusername.$hostname" { |
domain key "/etc/ssl/private/$lusername.$hostname.key" |
domain key "/etc/ssl/private/$lusername.$hostname.key" |
domain full chain certificate "/etc/ssl/$lusername.$hostname.fullchain.pem" |
domain full chain certificate "/etc/ssl/$lusername.$hostname.crt" |
sign with letsencrypt |
sign with letsencrypt |
} |
} |
EOF |
EOF |
main::appendfile($acmeconfpath, $block); |
main::appendfile($acmeconfpath, $block); |
|
configurepf($username); |
system "doas rcctl reload httpd"; |
system "doas rcctl reload httpd"; |
system "doas mv /etc/ssl/private/$hostname.key /etc/ssl/private/l.k"; |
|
system "doas acme-client -F $lusername.$hostname"; |
system "doas acme-client -F $lusername.$hostname"; |
system "doas ln -s /etc/ssl/crt/$lusername.$hostname.fullchain.pem /etc/ssl/$lusername.$hostname.crt"; |
system "doas ln -s /etc/ssl/$lusername.$hostname.crt /etc/ssl/$lusername.$hostname.fullchain.pem"; |
system "doas mv /etc/ssl/private/l.k /etc/ssl/private/$hostname.key"; |
system "doas pfctl -f /etc/pf.conf"; |
|
configurerelayd($username); |
|
$block = <<"EOF"; |
|
~ * * * * acme-client $lusername.$hostname && rcctl reload relayd |
|
EOF |
|
system "echo $block | doas crontab -"; |
#edquota $username |
#edquota $username |
return 1; |
return 1; |
} |
} |
|
|
sub deleteshell { |
sub deleteshell { |
my ($bot, $username, $bindhost) = @_; |
my ($username, $bindhost) = @_; |
my $netname = $bot->{name}; |
|
my $lusername = lc $username; |
my $lusername = lc $username; |
system "doas groupdel $username"; |
system "doas groupdel $username"; |
system "doas userdel $username"; |
system "doas userdel $username"; |
|
|
} |
} |
return @results; |
return @results; |
} |
} |
|
|
|
sub configurepf { |
|
my $username = shift; |
|
my @read = split('\n', main::readstr($pfconfpath) ); |
|
|
|
my $previousline = ""; |
|
my @pfcontent; |
|
foreach my $line(@read) |
|
{ |
|
my $currline = $line; |
|
if( $currline ne "# end user ports") { |
|
$previousline = $currline; |
|
} else { |
|
#pass in proto {tcp udp} to port {31361:31370} user {JL} |
|
if( $previousline =~ /(\d*):(\d*)/ ) { |
|
my $startport = ( $1 + 10 ); |
|
my $endport = ( $2 + 10 ); |
|
my $insert = "pass in proto {tcp udp} to port {$startport:$endport} user {$username}"; |
|
push(@pfcontent, $insert); |
|
$startPort = $startport; |
|
$endPort = $endport; |
|
} |
|
} |
|
push(@pfcontent, $currline) |
|
} |
|
main::writefile("$pfconfpath", join("\n",@pfcontent)) |
|
} |
|
|
|
sub configurerelayd { |
|
my ($username) = @_; |
|
my $block = "tls { keypair $username.$hostname }"; |
|
my $relaydconf = main::readstr($relaydconfpath); |
|
my $newconf; |
|
if ($relaydconf =~ /^.*tls\s+{\s+keypair\s+[.0-9a-zA-Z]+\s*}/m) { |
|
$newconf = "$`$&\n\t$block$'"; |
|
} |
|
main::writefile($relaydconfpath, $newconf); |
|
} |
|
|
#unveil("./newacct", "rx") or die "Unable to unveil $!"; |
#unveil("./newacct", "rx") or die "Unable to unveil $!"; |
1; # MUST BE LAST STATEMENT IN FILE |
1; # MUST BE LAST STATEMENT IN FILE |