[BACK]Return to Shell.pm CVS log [TXT][DIR] Up to [local] / botnow

Diff for /botnow/Shell.pm between version 1.1 and 1.2

version 1.1, 2021/05/15 15:12:32 version 1.2, 2021/07/21 22:04:30
Line 27  my $mailname = $conf{mailname};
Line 27  my $mailname = $conf{mailname};
 my $passpath = "/etc/passwd";  my $passpath = "/etc/passwd";
 my $httpdconfpath = "/etc/httpd.conf";  my $httpdconfpath = "/etc/httpd.conf";
 my $acmeconfpath = "/etc/acme-client.conf";  my $acmeconfpath = "/etc/acme-client.conf";
   my $pfconfpath = "/etc/pf.conf";
   my $relaydconfpath = "/etc/relayd.conf";
   my $startPort;
   my $endPort;
 main::cbind("pub", "-", "shell", \&mshell);  main::cbind("pub", "-", "shell", \&mshell);
 main::cbind("msg", "-", "shell", \&mshell);  main::cbind("msg", "-", "shell", \&mshell);
   
Line 39  sub init {
Line 43  sub init {
         unveil($passpath, "r") or die "Unable to unveil $!";          unveil($passpath, "r") or die "Unable to unveil $!";
         unveil($httpdconfpath, "rwxc") or die "Unable to unveil $!";          unveil($httpdconfpath, "rwxc") or die "Unable to unveil $!";
         unveil($acmeconfpath, "rwxc") or die "Unable to unveil $!";          unveil($acmeconfpath, "rwxc") or die "Unable to unveil $!";
           unveil($pfconfpath, "rwxc") or die "Unable to unveil $!";
           unveil($relaydconfpath, "rwxc") or die "Unable to unveil $!";
         unveil("/usr/sbin/chown", "rx") or die "Unable to unveil $!";          unveil("/usr/sbin/chown", "rx") or die "Unable to unveil $!";
         unveil("/bin/chmod", "rx") or die "Unable to unveil $!";          unveil("/bin/chmod", "rx") or die "Unable to unveil $!";
         unveil("/usr/sbin/groupadd", "rx") or die "Unable to unveil $!";          unveil("/usr/sbin/groupadd", "rx") or die "Unable to unveil $!";
Line 75  sub mshell {
Line 81  sub mshell {
                 my $username = $1;                  my $username = $1;
                 if (SQLite::deleterows("shell", "username", $username)) {                  if (SQLite::deleterows("shell", "username", $username)) {
                         # TODO delete shell                          # TODO delete shell
                         deleteshell($bot, $username);                          deleteshell($username);
                         foreach my $chan (@teamchans) {                          foreach my $chan (@teamchans) {
                                 main::putserv($bot, "PRIVMSG $chan :$username deleted");                                  main::putserv($bot, "PRIVMSG $chan :$username deleted");
                         }                          }
Line 111  sub mshell {
Line 117  sub mshell {
                 SQLite::set("shell", "ircid", $ircid, "password", $encrypted);                  SQLite::set("shell", "ircid", $ircid, "password", $encrypted);
                 if (DNS::nextdns($username)) {                  if (DNS::nextdns($username)) {
                         sleep(2);                          sleep(2);
                         createshell($bot, $username, $pass, $bindhost);                          createshell($username, $pass, $bindhost);
                         mailshell($username, $email, $pass, "shell", $version);                          mailshell($username, $email, $pass, "shell", $version);
                         main::putserv($bot, "PRIVMSG $nick :Check your email!");                          main::putserv($bot, "PRIVMSG $nick :Check your email!");
   
Line 159  sub mailshell {
Line 165  sub mailshell {
         my( $username, $email, $password, $service, $version )=@_;          my( $username, $email, $password, $service, $version )=@_;
         my $passhash = sha256_hex("$username");          my $passhash = sha256_hex("$username");
         my $versionhash = encode_base64($version);          my $versionhash = encode_base64($version);
         my $ports;  
         my $body = <<"EOF";          my $body = <<"EOF";
 You created a shell account!  You created a shell account!
   
Line 167  Username: $username
Line 172  Username: $username
 Password: $password  Password: $password
 Server: $hostname  Server: $hostname
 SSH Port: 22  SSH Port: 22
 Your Ports: $ports for plaintext  Your Ports: $startPort to $endPort
   
   To customize your vhost, connect to ask in #ircnow
   
 *IMPORTANT*: Verify your email address:  *IMPORTANT*: Verify your email address:
   
 https://www.$hostname/register.php?id=$passhash&version=$versionhash  https://www.$hostname/register.php?id=$passhash&version=$versionhash
   
 You *MUST* click on the link or your account will be deleted.  You *MUST* click on the link within 24 hours or your account will be deleted.
   
 IRCNow  IRCNow
 EOF  EOF
Line 244  EOF
Line 251  EOF
 #}  #}
   
 sub createshell {  sub createshell {
         my ($bot, $username, $password, $bindhost) = @_;          my ($username, $password, $bindhost) = @_;
         my $netname = $bot->{name};  
         system "doas groupadd $username";          system "doas groupadd $username";
         system "doas adduser -batch $username $username $username `encrypt $password`";          system "doas adduser -batch $username $username $username `encrypt $password`";
         system "doas chmod 700 /home/$username /home/$username/.ssh";          system "doas chmod 700 /home/$username /home/$username/.ssh";
Line 259  sub createshell {
Line 265  sub createshell {
         my $block = <<"EOF";          my $block = <<"EOF";
 server "$lusername.$hostname" {  server "$lusername.$hostname" {
         listen on * port 80          listen on * port 80
         listen on * port 8001  
         location "/.well-known/acme-challenge/*" {          location "/.well-known/acme-challenge/*" {
                 root "/acme"                  root "/acme"
                 request strip 2                  request strip 2
Line 274  EOF
Line 279  EOF
         $block = <<"EOF";          $block = <<"EOF";
 domain "$lusername.$hostname" {  domain "$lusername.$hostname" {
         domain key "/etc/ssl/private/$lusername.$hostname.key"          domain key "/etc/ssl/private/$lusername.$hostname.key"
         domain full chain certificate "/etc/ssl/$lusername.$hostname.fullchain.pem"          domain full chain certificate "/etc/ssl/$lusername.$hostname.crt"
         sign with letsencrypt          sign with letsencrypt
 }  }
 EOF  EOF
         main::appendfile($acmeconfpath, $block);          main::appendfile($acmeconfpath, $block);
           configurepf($username);
         system "doas rcctl reload httpd";          system "doas rcctl reload httpd";
         system "doas mv /etc/ssl/private/$hostname.key /etc/ssl/private/l.k";  
         system "doas acme-client -F $lusername.$hostname";          system "doas acme-client -F $lusername.$hostname";
         system "doas ln -s /etc/ssl/crt/$lusername.$hostname.fullchain.pem /etc/ssl/$lusername.$hostname.crt";          system "doas ln -s /etc/ssl/$lusername.$hostname.crt /etc/ssl/$lusername.$hostname.fullchain.pem";
         system "doas mv /etc/ssl/private/l.k /etc/ssl/private/$hostname.key";          system "doas pfctl -f /etc/pf.conf";
           configurerelayd($username);
           $block = <<"EOF";
   ~       *       *       *       *       acme-client $lusername.$hostname && rcctl reload relayd
   EOF
           system "echo $block | doas crontab -";
 #edquota $username  #edquota $username
         return 1;          return 1;
 }  }
   
 sub deleteshell {  sub deleteshell {
         my ($bot, $username, $bindhost) = @_;          my ($username, $bindhost) = @_;
         my $netname = $bot->{name};  
         my $lusername = lc $username;          my $lusername = lc $username;
         system "doas groupdel $username";          system "doas groupdel $username";
         system "doas userdel $username";          system "doas userdel $username";
Line 348  sub col {
Line 356  sub col {
         }          }
         return @results;          return @results;
 }  }
   
   sub configurepf {
       my $username = shift;
       my @read = split('\n', main::readstr($pfconfpath) );
   
       my $previousline = "";
       my @pfcontent;
       foreach my $line(@read)
       {
           my $currline = $line;
           if( $currline ne "# end user ports") {
               $previousline = $currline;
           } else {
               #pass in proto {tcp udp} to port {31361:31370} user {JL}
               if( $previousline =~ /(\d*):(\d*)/ ) {
                   my $startport = ( $1 + 10 );
                   my $endport = ( $2 + 10 );
                   my $insert = "pass in proto {tcp udp} to port {$startport:$endport} user {$username}";
                   push(@pfcontent, $insert);
                   $startPort = $startport;
                   $endPort = $endport;
               }
           }
           push(@pfcontent, $currline)
       }
       main::writefile("$pfconfpath", join("\n",@pfcontent))
   }
   
   sub configurerelayd {
           my ($username) = @_;
           my $block = "tls { keypair $username.$hostname }";
           my $relaydconf = main::readstr($relaydconfpath);
           my $newconf;
           if ($relaydconf =~ /^.*tls\s+{\s+keypair\s+[.0-9a-zA-Z]+\s*}/m) {
                   $newconf = "$`$&\n\t$block$'";
           }
           main::writefile($relaydconfpath, $newconf);
   }
   
 #unveil("./newacct", "rx") or die "Unable to unveil $!";  #unveil("./newacct", "rx") or die "Unable to unveil $!";
 1; # MUST BE LAST STATEMENT IN FILE  1; # MUST BE LAST STATEMENT IN FILE
Legend:
Removed from v.1.1  
changed lines
  Added in v.1.2
CVSweb