- merging branch d00p/perl-suexec-workaround to trunk, fixes #319

actions/admin/settings/130.webserver.php

@@ -186,14 +186,6 @@ return array(
 					'option_options_method' => 'getRedirectCodes',
 					'save_method' => 'storeSettingField',
 					),
-				'perl_path' => array(
-					'label' => $lng['serversettings']['perl_path'],
-					'settinggroup' => 'system',
-					'varname' => 'perl_path',
-					'type' => 'string',
-					'default' => '/usr/bin/perl',
-					'save_method' => 'storeSettingField',
-					),
 				),
 			),
 		'ssl' => array(

actions/admin/settings/137.perl.php

@@ -0,0 +1,52 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Settings
+ * @version    $Id$
+ */
+
+return array(
+	'groups' => array(
+		'perl' => array(
+			'title' => $lng['admin']['perl_settings'],
+			'fields' => array(
+				'perl_path' => array(
+					'label' => $lng['serversettings']['perl_path'],
+					'settinggroup' => 'system',
+					'varname' => 'perl_path',
+					'type' => 'string',
+					'default' => '/usr/bin/perl',
+					'save_method' => 'storeSettingField',
+					),	
+				'system_perl_suexecworkaround' => array(
+					'label' => $lng['serversettings']['perl']['suexecworkaround'],
+					'settinggroup' => 'perl',
+					'varname' => 'suexecworkaround',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					),
+				'system_perl_suexeccgipath' => array(
+					'label' => $lng['serversettings']['perl']['suexeccgipath'],
+					'settinggroup' => 'perl',
+					'varname' => 'suexecpath',
+					'type' => 'string',
+					'default' => '/var/www/cgi-bin/',
+					'save_method' => 'storeSettingField',
+					),
+				),
+			),
+		),
+	);
+
+?>

admin_settings.php

@@ -215,5 +215,3 @@ elseif($page == 'enforcequotas'
 		ask_yesno('admin_quotas_reallyenforce', $filename, array('page' => $page));
 	}
 }
-
-?>

install/froxlor.sql

@@ -454,7 +454,7 @@ INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) V
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (18, 'system', 'vmail_homedir', '/var/customers/mail/');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (19, 'system', 'bindconf_directory', '/etc/bind/');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (20, 'system', 'bindreload_command', '/etc/init.d/bind9 reload');
-INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (22, 'panel', 'version', '0.9.12-svn1');
+INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (22, 'panel', 'version', '0.9.12-svn2');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (23, 'system', 'hostname', 'SERVERNAME');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (24, 'login', 'maxloginattempts', '3');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (25, 'login', 'deactivatetime', '900');
@@ -580,6 +580,8 @@ INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) V
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (146, 'system', 'mod_fcgid_ownvhost', '0');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (147, 'system', 'mod_fcgid_httpuser', 'froxlorlocal');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (148, 'system', 'mod_fcgid_httpgroup', 'froxlorlocal');
+INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (149, 'perl', 'suexecworkaround', '0');
+INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (150, 'perl', 'suexecpath', '/var/www/cgi-bin/');
 
 # --------------------------------------------------------
 

install/updates/froxlor/0.9/update_0.9.inc.php

@@ -954,3 +954,22 @@ if(isFroxlorVersion('0.9.11'))
 
 	updateToVersion('0.9.12-svn1');
 }
+
+if(isFroxlorVersion('0.9.12-svn1'))
+{
+	showUpdateStep("Updating from 0.9.12-svn1 to 0.9.12-svn2", false);
+
+	$update_perl_suexecworkaround = isset($_POST['update_perl_suexecworkaround']) ? (int)$_POST['update_perl_suexecworkaround'] : '0';
+	$update_perl_suexecpath = isset($_POST['update_perl_suexecpath']) ? $_POST['update_perl_suexecpath'] : '/var/www/cgi-bin/';
+
+	if($update_perl_suexecpath == '') {
+		$update_perl_suexecpath = '/var/www/cgi-bin/';
+	}
+	
+	showUpdateStep("Adding new settings for perl/CGI");
+	$db->query("INSERT INTO `" . TABLE_PANEL_SETTINGS . "` (`settinggroup`, `varname`, `value`) VALUES ('perl', 'suexecworkaround', '".$db->escape($update_perl_suexecworkaround)."');");
+	$db->query("INSERT INTO `" . TABLE_PANEL_SETTINGS . "` (`settinggroup`, `varname`, `value`) VALUES ('perl', 'suexecpath', '".$db->escape($update_perl_suexecpath)."');");
+	lastStepStatus(0);
+
+	updateToVersion('0.9.12-svn2');
+}

install/updates/preconfig/0.9/preconfig_0.9.inc.php

@@ -255,4 +255,16 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version)
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		}
 	}
+
+	if(versionInUpdate($current_version, '0.9.12-svn2'))
+	{
+		$has_preconfig = true;
+		$description = 'Many apache user will have problems using perl/CGI as the customer docroots are not within the suexec path. Froxlor provides a simple workaround for that.';
+		$question = '<strong>Enable Apache/SuExec/Perl workaround?:</strong>&nbsp;';
+		$question.= makeyesno('update_perl_suexecworkaround', '1', '0', '0').'<br /><br />';
+		$question.= '<strong>If \'yes\', please specify a path within the suexec path where Froxlor will create symlinks to customer perl-enabled paths:</strong><br /><br />';
+		$question.= 'Path for symlinks (must be within suexec path):&nbsp;';
+		$question.= '<input type="text" class="text" name="update_perl_suexecpath" value="/var/www/cgi-bin/" /><br />';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
 }

lib/tables.inc.php

@@ -72,7 +72,7 @@ define('PACKAGE_ENABLED', 2);
 
 // VERSION INFO
 
-$version = '0.9.12-svn1';
+$version = '0.9.12-svn2';
 $dbversion = '2';
 $branding = '';
 

lng/english.lng.php

@@ -1458,4 +1458,11 @@ $lng['serversettings']['mod_fcgid_ownvhost']['description'] = 'If enabled, Froxl
 $lng['admin']['mod_fcgid_user'] = 'Local user to use for FCGID (Froxlor vhost)';
 $lng['admin']['mod_fcgid_group'] = 'Local group to use for FCGID (Froxlor vhost)';
 
+// ADDED IN FROXLOR 0.9.12-svn2
+$lng['admin']['perl_settings'] = 'Perl/CGI';
+$lng['serversettings']['perl']['suexecworkaround']['title'] = 'Enable SuExec workaround (Apache only)';
+$lng['serversettings']['perl']['suexecworkaround']['description'] = 'Enable only if customer docroots are not within the apache suexec path.<br />If enabled, Froxlor will generate a symlink from the customers perl-enabled directory + /cgi-bin/ to the given path.<br />Note that perl will then only work in the folders subdirectory /cgi-bin/ and not in the folder itself (as it does without this fix!)';
+$lng['serversettings']['perl']['suexeccgipath']['title'] = 'Path for customer perl-enabled directory symlinks';
+$lng['serversettings']['perl']['suexeccgipath']['description'] = 'You only need to set this if the SuExec-workaround is enabled.<br />ATTENTION: Be sure this path is within the suexec path or else this workaround is uselsess';
+
 ?>

lng/german.lng.php

@@ -1441,4 +1441,11 @@ $lng['serversettings']['mod_fcgid_ownvhost']['description'] = 'Wenn verwendet, w
 $lng['admin']['mod_fcgid_user'] = 'Lokaler Benutzer für FCGID (Froxlor Vhost)';
 $lng['admin']['mod_fcgid_group'] = 'Lokale Gruppe für FCGID (Froxlor Vhost)';
 
+// ADDED IN FROXLOR 0.9.12-svn2
+$lng['admin']['perl_settings'] = 'Perl/CGI';
+$lng['serversettings']['perl']['suexecworkaround']['title'] = 'Aktiviere SuExec Workaround (nur f&uumL,r Apache)';
+$lng['serversettings']['perl']['suexecworkaround']['description'] = 'Aktivieren Sie den Workaround nur, wenn die Kunden-Heimatverzeichnise sich nicht unterhalb des suexec-Pfades liegen.<br />Wenn aktiviert erstellt Froxlor eine Verkn&uuml;pfung des vom Kunden f&uuml;r Perl aktiviertem Pfad + /cgi-bin/ im angegebenen suexec-Pfad.<br />Bitte beachten Sie, dass Perl dann nur im Unterordner /cgi-bin/ des Kunden-Ordners funktioniert und nicht direkt in diesem Ordner (wie es ohne den Workaround w&auml;re!)';
+$lng['serversettings']['perl']['suexeccgipath']['title'] = 'Pfad f&uuml;r Verkn&uuml;pfungen zu Kunden-Perl-Verzeichnis';
+$lng['serversettings']['perl']['suexeccgipath']['description'] = 'Diese Einstellung wird nur ben&ouml;tigt, wenn der SuExec-Workaround aktiviert ist.<br />ACHTUNG: Stellen Sie sicher, dass sich der angegebene Pfad innerhalb des Suexec-Pfades befindet ansonsten ist der Workaround nutzlos';
+
 ?>

scripts/jobs/cron_tasks.inc.http.10.apache.php

@@ -896,6 +896,51 @@ class apache
 					$this->diroptions_data[$diroptions_filename].= '  Order allow,deny' . "\n";
 					$this->diroptions_data[$diroptions_filename].= '  Allow from all' . "\n";
 					fwrite($this->debugHandler, '  cron_tasks: Task3 - Enabling perl execution' . "\n");
+
+					// check for suexec-workaround, #319
+					if((int)$this->settings['perl']['suexecworkaround'] == 1)
+					{
+						// symlink this directory to suexec-safe-path
+						$loginname = getCustomerDetail($row_diroptions['customerid'], 'loginname');
+						$suexecpath = makeCorrectDir($this->settings['perl']['suexecpath'].'/'.$loginname.'/'.md5($row_diroptions['path']).'/');
+
+						if(!file_exists($suexecpath))
+						{
+							safe_exec('mkdir -p '.escapeshellarg($suexecpath));
+							safe_exec('chown -R '.escapeshellarg($row_diroptions['guid']).':'.escapeshellarg($row_diroptions['guid']).' '.escapeshellarg($suexecpath));
+						}
+
+						// symlink to {$givenpath}/cgi-bin
+						// NOTE: symlinks are FILES, so do not append a / here
+						$perlsymlink = makeCorrectFile($row_diroptions['path'].'/cgi-bin');
+						if(!file_exists($perlsymlink))
+						{
+							safe_exec('ln -s '.escapeshellarg($suexecpath).' '.escapeshellarg($perlsymlink));
+						}
+						safe_exec('chown '.escapeshellarg($row_diroptions['guid']).':'.escapeshellarg($row_diroptions['guid']).' '.escapeshellarg($perlsymlink));
+					}
+				}
+				else
+				{
+					// if no perl-execution is enabled but the workaround is,
+					// we have to remove the symlink and folder in suexecpath
+					if((int)$this->settings['perl']['suexecworkaround'] == 1)
+					{
+						$loginname = getCustomerDetail($row_diroptions['customerid'], 'loginname');
+						$suexecpath = makeCorrectDir($this->settings['perl']['suexecpath'].'/'.$loginname.'/'.md5($row_diroptions['path']).'/');
+						$perlsymlink = makeCorrectFile($row_diroptions['path'].'/cgi-bin');
+
+						// remove symlink
+						if(file_exists($perlsymlink))
+						{
+							safe_exec('rm -f '.escapeshellarg($perlsymlink));
+						}
+						// remove folder in suexec-path
+						if(file_exists($suexecpath))
+						{
+							safe_exec('rm -rf '.escapeshellarg($suexecpath));
+						}
+					}
 				}
 
 				if(count($row_diroptions['htpasswds']) > 0)