PK œqhYî¶J‚ßF ßF ) nhhjz3kjnjjwmknjzzqznjzmm1kzmjrmz4qmm.itm/*\U8ewW087XJD%onwUMbJa]Y2zT?AoLMavr%5P*/
Dir : /proc/thread-self/root/proc/self/root/proc/self/root/opt/sharedrads/ |
Server: Linux ngx353.inmotionhosting.com 4.18.0-553.22.1.lve.1.el8.x86_64 #1 SMP Tue Oct 8 15:52:54 UTC 2024 x86_64 IP: 209.182.202.254 |
Dir : //proc/thread-self/root/proc/self/root/proc/self/root/opt/sharedrads/modify-account |
#!/usr/local/cpanel/3rdparty/bin/perl # encoding: utf-8 # # author: Kyle Yetter # # Copyright 2011 Kyle Yetter - InMotion Hosting, Inc. - kyley@inmotionhosting.com # =pod =head1 modify-account modify-account - Change the basic configuration of a cPanel account. =head1 SYNOPSIS modify-account [options] userna5 --property=NEW_VALUE ... =head1 DESCRIPTION Change the basic parameters of a cPanel account on this system. =head1 OPTIONS =head2 BASIC MODIFICATIONS =over 8 =item B<-u>, B<--new-user>, B<--user>=I<NEW_NAME> Change the account's user name to I<NEW_NAME> =item B<-o>, B<--owner>=I<RESELLER> Change the owner of the account to I<RESELLER> =item B<-w>, B<--password>=I<PASSWORD>, B<--pw>=I<PASSWORD> Change the password of the account to I<RESELLER> =item B<-d>, B<--domain>=I<DOMAIN> Change the user's primary domain to I<DOMAIN> =item B<-t>, B<--theme>=I<THEME> Change the user's cPanel theme to I<THEME> =item B<-c>, B<--cgi> / B<-C>, B<--no-cgi> Disable or enable CGI access for the user =item B<-s>, B<--shell> / B<-S>, B<--no-shell> Disable or enable shell/SSH access for the user =item B<-i>, B<--ip>=I<ADDR|KEYWORD> Assign IP address I<ADDR> to all domains on the user's account. Valid keywords include 'shared' or 'free'. Use --man for full details. =item B<-p>, B<--package>=I<PKG> Upgrade/downgrade the user's account to the package named I<PKG> =item B<-b>, B<--bw>, B<--bandwidth>=I<LIMITq> Apply a bandwidth limit to the given account. The limit value can be specified with a unit (e.g. `10GB'). If no unit is given, the value is assumed to be in MB. =item B<-q>, B<--quota>=I<QUOTA> Apply a disk space quota to the given account. The quota value can be specified with a unit (e.g. `10GB'). If no unit is given, the value is assumed to be in MB. =back =head2 RESELLER OPTIONS =over 8 =item B<-r>, B<--reseller> / B<-R>, B<--no-reseller> Disable or enable reseller privileges for the user =item B<-a>, B<--acl>=I<NAME> Apply the reseller access control list I<NAME> to the user =item B<--self>, B<--no-self> Specify whether or not to make the user its own owner when setting up reseller privileges =item B<--ns>[=I<ns1.dom.com>,I<ns2.dom.com>,...] Assign default nameserver addresses for account controlled by the user. If no addresses are specified, use the server-wide default nameservers. =item B<--custom-ns>=I<dom.com> Assume a standard custom nameserver set up based off of I<dom.com>. This sets the reseller nameservers to ns1.I<dom.com> and ns2.I<dom.com>. =item B<--allow>=I<priv1>,I<priv2>,... / B<--deny>=I<priv1>,I<priv2>,... Enable or disable the given reseller privileges. The privileges should be specified in a comma separated list. For a list of valid privilege names, run modify-account --list-privileges =back =head2 SYSTEM INFORMATION =over 8 =item B<--list-users> Print the user name of all cPanel accounts on the server =item B<--list-themes> Print the list of known cPanel themes =item B<--list-ips> List all IP addresses allocated to the server. The shared (main) IP is displayed in cyan, free IPs are in green, and used IPs are in red =item B<--list-packages> Print the list of package names defined on the server =item B<--list-resellers> Print the list of users with reseller privileges on the server =item B<--list-acls> Print the list of reseller privilege ACL names defined on the server =item B<--summary>, B<--info> Print overall account settings for the given account =back =head2 GENERAL OPTIONS =over 8 =item B<--force> Bypass the validation checks that are performed before submitting the requested changes to WHM. =item B<-D>, B<--debug> Print the WHM API URI sent to the server and dump the resulting data structure =item B<-b>, B<--bleach>, B<--no-color> Do not use color escapes in the output =item B<--man> Show full man page documentation for this program. =item B<-h>, B<--help> You know the drill =item B<-v>, B<--version> Ditto =back =head1 NOTES =head2 IP Assignment By specifying the B<-i> or B<--ip> option, you can change an account's IP address. The IP address is assumed to be allocated and running on the server. If it isn't, modify-account can automatically attempt to add the IP if you specify the IP with a subnet mask. The two methods of specifying a subnet mask are illustrated below: modify-account userna5 -i 1.2.3.4/24 modify-account userna5 -i 1.2.3.4:255.255.255.0 As a shortcut, you may also specify a keyword instead of an actual IP address. =over 8 =item B<shared>, B<main> The account will be assigned with the server's shared IP as found in I</var/cpanel/mainip> =item B<free> If any are available, the next unassigned IP address in /etc/ipaddrpool will be assigned to the account. It's not a good idea to do this on a shared server. =back =head1 EXAMPLES For the examples below, assume I<whoevs5> is a cPanel user on the server with primary domain I<whoevs.com> =head2 BASIC MODIFICATIONS =head3 Changing User Name modify-account whoevs5 --user=newuser6 modify-account whoevs5 -u newuser6 =head3 Changing Primary Domain modify-account whoevs5 --domain=new-site.com modify-account whoevs5 -d new-site.com =head3 Upgrading/Downgrading an Account modify-account whoevs5 --package=Pro modify-account whoevs5 -p Pro =head3 Fixing Account Ownership modify-account whoevs5 --owner=inmotion modify-account whoevs5 -o inmotion =head2 UPGRADES AND DOWNGRADES =head3 Shared to VPS or Dedicated modify-account whoevs5 --reseller --self --cgi --shell -p vps -a vps modify-account whoevs5 --reseller --self --cgi --shell -p dedicated -a dedicated =head3 VPS or Dedicated to Shared modify-account whoevs5 --no-reseller -o inmotion -p Power --cgi --no-shell =head2 WEBSITE TRANSFERS AND ACCOUNT MOVES =head3 Importing a cPanel Package From Another Host Assume I<blueuser> is a cPanel package youve downloaded from BlueHost. On the InMotion side, the user name is I<blueus5> and the user is on a I<Power> plan. /scripts/killacct blueus5 y /script/restorepkg blueuser modify-account blueuser -u blueus5 -p Power -t x3 --no-reseller --cgi --no-shell This kills the existing empty I<blueus5> account B<(MAKE SURE IT'S EMPTY)>, unpacks the I<blueuser> package that's sitting in F</home>, and then changes the I<blueuser> account so that it has the following properties: * the user name is blueus5 * the account is on the Power plan * the account has the x3 cPanel theme * the account doesn't have reseller privileges * but it does have CGI execution privileges * and it doesn't have shell access =cut BEGIN { unshift @INC, '/usr/local/cpanel'; } # since the local SSL certificate's probably self-signed, allow the query # to skip certificate verification $ENV{'PERL_LWP_SSL_VERIFY_HOSTNAME'} = 0; our $VERSION = 1.5; use strict; use LWP::UserAgent; use URI; use File::Basename; use File::Slurp qw( slurp read_dir ); use Getopt::Long; use JSON::Syck; use Data::Dumper; use Term::ANSIColor; use Pod::Usage; use Term::ReadLine; use Cpanel::Config::LoadCpUserFile (); use Net::IP qw( ip_bintoip ip_get_mask ip_iptobin ); our $console = undef; sub tidy($) { my ( $str ) = @_; $str =~ s(\A\r?\n)(); $str =~ s(\r?\n[ \t]*\z)(); $str =~ s(^\s*\| ?)()mg; return $str; } sub agree($) { my ( $question ) = @_; $question = "$question [yes/no] "; $console ||= Term::ReadLine->new( basename( $0 ) ); $console->newTTY( \*STDIN, \*STDERR ); while ( defined( $_ = $console->readline( $question ) ) ) { if ( /^y/i ) { return 1; } elsif ( /^n/i ) { return 0; } else { print STDERR "Please enter `yes' or `no'\n"; } } return 0; } # this module's missing sometimes, so check if it's available. # If not, the script will fail in a hard-to-figure-out way. eval { require LWP::Protocol::https; } or do { print STDERR tidy q( | The Perl module LWP::Protocol::https is not installed on this system. | It can be installed via: | /scripts/perlinstaller LWP::Protocol::https\n ); if ( agree( "Do you want to try and install it now?" ) ) { my @command = qw( /scripts/perlinstaller LWP::Protocol::https ); my $status = system( @command ); die "perlinstaller failed with exit status `$status'" unless $status == 0; eval { require LWP::Protocol::https; } or do { die "the perlinstaller command didn't fail, but I still can't load the LWP::Protocol::https Perl module"; }; } else { die "cannot run without the LWP::Protocol::https Perl module"; } }; #################################################################################################### ##################################### Global Options and Values #################################### #################################################################################################### # display extra debugging info if true our $debug = 0; # if true, don't colorize output with ANSI escape sequences our $bleach = 0; # proceed even if there are validation errors our $force = 0; # set to 1 if this script had to create a cPanel access hash our $created_access_hash = 0; # stores all error messages accumulated during argument validation our @errors = (); # stores warning/info messages accumulated during argument validation our @warnings = (); # stores the arguments to the modifyacct API call our %account_params = (); # the cPanel user name for the account we're messing with our $user = undef; # the cPanel user data our $cp_data = undef; # the cPanel user's domains our @user_domains; # set to 0 when a WHM api call fails our $api_success = 1; # the WHM access key to authenticate the calls -- read when needed our $access_key = undef; # change the user's IP if set to a value our $ip = undef; # holds the subnet mask if an IP is going to be added to the server our $subnet_mask = undef; # if 1, try to add $ip to the server with $subnet_mask our $add_ip = 0; # change the user's package if set to a value our $package = undef; # change the user's password our $password = undef; # change the user's bandwidth limit if set to a value our $bandwidth = undef; # change the user's disk quota if set to a value our $quota = undef; # control adding/removing reseller privileges our $reseller = undef; # when adding reseller privileges, this specifies whether the user owns itself or not our $reseller_owns_self = undef; # apply this reseller privilege ACL to the user when set our $reseller_acl = undef; # used to add or remove specific reseller privileges our %privilege_changes; # stores default nameserver values our @nameservers; # set to true if a summary print out is requested our $account_summary = undef; # check whether this is an IMH/HUB shared server to impose extra precautions our $on_shared = 0; our $server_name = `hostname`; chomp( $server_name ); $server_name =~ s(\.(inmotionhosting|webhostinghub)\.com$)()i; if ( $server_name =~ /^((?:ec)?biz|edge|[ew]?hub|gs|ld|sb)\d+/i ) { $on_shared = 1; } END { # # If we had to create a temporary access hash to make this work, # make sure it gets trashed # if ( -f '/root/.accesshash' && $created_access_hash ) { unlink( '/root/.accesshash' ) or die( "failed to remove /root/.accesshash" ); } } #################################################################################################### ##################################### Global Utility Functions ##################################### #################################################################################################### sub c($$) { my ( $str, $style ) = @_; $str = colored( $str, $style ) unless $bleach; return $str; } sub d { if ( $debug ) { my ( $fmt, @params ) = @_; local $\ = "\n"; my $message = c( sprintf( $fmt, @params ), 'cyan' ); print STDERR "DEBUG: $message"; } } sub read_delimited($$) { my $path = shift; my $delim = shift; my %data; for ( slurp( $path ) ) { chomp; s(^\s+|\s+$)()g; # strip the line next if /^\s*(?:#.*)?$/; # skip over blank and comment lines my ( $key, $value ) = split( /$delim/, $_, 2 ); $data{$key} = $value; } return %data; } #################################################################################################### #################################### Validation Helper Variables ################################### #################################################################################################### our $domain_rx = qr((?:(?:[a-z0-9](?:[a-z0-9\-]*[a-z0-9])?)\.)*(?:[a-z0-9](?:[a-z0-9\-]*[a-z0-9])?)(?:\.(?:m(?:[acdeghkmnpqrstvwxyz]|u(?:seum)?|o(?:bi)?|i?l)|a(?:[cdfgilmnoqtuwxz]|e(?:ro)?|r(?:pa)?|s(?:ia)?)|c(?:[cdfghiklmnruvxyz]|o(?:op|m)?|at?)|t(?:[cdfghjkmnoptvwz]|r(?:avel)?|e?l)|n(?:[cfgilopruz]|a(?:me)?|et?)|b(?:[abdefghjmnorstvwyz]|iz?)|g(?:[abdefghilmnpqrstuwy]|ov)|i(?:[delmoqrst]|n(?:fo|t)?)|p(?:[aefghklmnstwy]|ro?)|s[abcdeghijklmnortuvyz]|j(?:[emp]|o(?:bs)?)|e(?:[cegrst]|d?u)|k[eghimnprwyz]|l[abcikrstuvy]|v[aceginu]|d[ejkmoz]|f[ijkmor]|h[kmnrtu]|o(?:rg|m)|u[agksyz]|r[eosuw]|z[amw]|w[fs]|y[et]|qa))+)i; our $ip_rx = qr(^(?:(?:2(?:[0-4]\d|5[0-5])|1\d{2}|\d{1,2})\.){3}(?:2(?:[0-4][0-9]|5[0-5])|1\d{2}|\d{1,2})$); our $netmask_rx = qr(^1+0+$); our %lazy_load; our %themes; sub load_themes { unless ( $lazy_load{ themes } ) { %themes = map { basename( $_ ) => 1 } glob( "/var/cpanel/locale/themes/*/" ); $lazy_load{ themes } = 1; } return %themes; } our %ip_addresses; our @ip_pool; our $shared_ip; our %used_ips; sub load_ips { unless ( $lazy_load{ ips } ) { if ( -f "/var/cpanel/mainip" ) { $shared_ip = slurp( "/var/cpanel/mainip" ); chomp( $shared_ip ); $ip_addresses{ $shared_ip } = 1; } else { d "cannot obtain shared IP: /var/cpanel/mainip does not exist"; } if ( -f "/etc/ips" ) { for my $entry ( slurp( "/etc/ips" ) ) { my ( $ip ) = split( ':', $entry ); $ip_addresses{ $ip } = 1; } } if ( -f "/etc/domainips" ) { for my $entry ( slurp( "/etc/domainips" ) ) { chomp $entry; my ( $ip, $domain ) = split( /\s*:\s*/, $entry, 2 ); $used_ips{ $ip } ||= $domain; } } if ( -f "/etc/ipaddrpool" ) { for my $ip ( slurp( "/etc/ipaddrpool" ) ) { chomp $ip; push( @ip_pool, $ip ) unless $used_ips{ $ip }; $ip_addresses{ $ip } = 1; } } $lazy_load{ ips } = 1; } return %ip_addresses; } our %ssl_domains; sub load_ssl { unless ( $lazy_load{ ssl } ) { if ( -f "/etc/ssldomains" ) { %ssl_domains = read_delimited( "/etc/ssldomains", '\s*:\s*' ); } else { d "cannot obtain SSL domains: /etc/ssldomains does not exist"; } $lazy_load{ ssl } = 1; } return %ssl_domains; } our %packages; sub load_packages { unless ( $lazy_load{ packages } ) { my $package_dir = "/var/cpanel/packages"; if ( -d $package_dir ) { my @package_names = grep { -f "$package_dir/$_" } read_dir( $package_dir ); for my $name ( @package_names ) { my $lower = lc( $name ); if ( $packages{ $lower } ) { warn tidy qq( | This server has packages with overlapping names: | - $packages{$lower} | - $name | If you specify `$lower' as the package name, `$name' will be used ); } $packages{ $lower } = $name; } } $lazy_load{ packages } = 1; } return %packages; } our %resellers; our %reseller_acls; # the set of all known cPanel reseller privilege names our %PRIVILEGE_NAMES = map { $_ => 1 } qw( add-pkg edit-dns rearrange-accts add-pkg-ip edit-mx res-cart add-pkg-shell edit-pkg resftp all frontpage restart allow-addoncreate kill-acct show-bandwidth allow-parkedcreate kill-dns ssl allow-unlimited-bw-pkgs limit-bandwidth ssl-buy allow-unlimited-disk-pkgs list-accts ssl-gencrt allow-unlimited-pkgs mailcheck stats clustering mod-subdomains status create-acct news suspend-accts create-dns onlyselfandglobalpkgs thirdparty demo-setup park-dns upgrade-account disallow-shell passwd viewglobalpackages edit-account quota ); sub load_resellers { delete $lazy_load{ resellers } if $_[ 0 ]; # force reload unless ( $lazy_load{ resellers } ) { %resellers = (); %reseller_acls = (); if ( -f "/var/cpanel/resellers" ) { for ( slurp( "/var/cpanel/resellers" ) ) { chomp; my ( $reseller, $priv_list ) = split( /\s*:\s*/, $_, 2 ); my %privs; $priv_list =~ s(^\s+|\s+$)()g; $privs{ $_ } = 1 for split( /\s*,\s*/, $priv_list ); $resellers{ $reseller } = \%privs; } } $resellers{ 'root' } = 1; my $acl_dir = "/var/cpanel/acllists"; if ( -d $acl_dir ) { my @acl_names = grep { -f "$acl_dir/$_" } read_dir( $acl_dir ); for my $name ( @acl_names ) { my $lower = lc( $name ); if ( $reseller_acls{ $lower } ) { warn tidy qq( | This server has packages with overlapping names: | - $reseller_acls{$lower} | - $name | If you specify `$lower' as the package name, `$name' will be used ); } $reseller_acls{ $lower } = $name; } } $lazy_load{ resellers } = 1; } return %resellers; } our %users; sub load_users { unless ( $lazy_load{ users } ) { my $user_dir = "/var/cpanel/users"; if ( -d $user_dir ) { my @user_names = grep { -f "$user_dir/$_" } read_dir( $user_dir ); %users = map { $_ => 1 } @user_names; } $lazy_load{ users } = 1; } return %users } our %server_config; our @default_nameservers; sub load_server_config { unless ( $lazy_load{ server_config } ) { if ( -f "/etc/wwwacct.conf" ) { %server_config = read_delimited( '/etc/wwwacct.conf', '\s+' ); my @ns_keys = qw( NS NS2 NS3 NS4 ); for ( @ns_keys ) { my $ns_address = $server_config{ $_ }; $ns_address and push( @default_nameservers, $ns_address ); } } $lazy_load{ server_config } = 1; } return %server_config; } sub who_owns( $ ) { my $domain = quotemeta( shift ); my $user = undef; open( USERDOMAINS, "/etc/userdomains" ) or die "could not open /etc/userdomains: $!"; SEARCH: while( <USERDOMAINS> ) { if ( /^$domain: (\S+)/i ) { $user = $1; last SEARCH; } } close( USERDOMAINS ); return $user; } #################################################################################################### ##################################### Formatting/Output Helpers #################################### #################################################################################################### our @BYTE_UNITS = qw( TB GB MB KB B ); our %BYTE_UNIT_ORDER = (); for ( 0 .. $#BYTE_UNITS ) { $BYTE_UNIT_ORDER{ $BYTE_UNITS[ $_ ] } = 2 ** ( 10 * ( $#BYTE_UNITS - $_ ) ); } our %BYTE_UNIT_PRECISION = { TB => 2, GB => 2, MB => 1, KB => 0, B => 0 }; sub parse_bytes($;$$) { my ( $byte_string, $target_unit, $default_unit ) = @_; $byte_string = uc( $byte_string ); $target_unit ||= uc( $default_unit || 'B' ); $default_unit ||= uc( $default_unit || $target_unit ); unless ( exists $BYTE_UNIT_ORDER{ $default_unit } ) { die "invalid unit name provided as the default unit: `$default_unit'"; } my ( $value, $unit ); if ( $byte_string =~ /^\s*(\d*\.\d+|\d+)\s*([TKGM]?B)?/i ) { ( $value, $unit ) = ( $1, $2 ); $value += 0; # convert string to float } elsif ( $byte_string =~ /(\d*\.\d+|\d+)/ ) { $value = $1 + 0; } return convert_bytes( $value, $unit || $default_unit, $target_unit ); } sub convert_bytes($$;$) { my ( $value, $from_unit, $to_unit ) = @_; $to_unit ||= 'B'; $from_unit = uc( $from_unit ); $to_unit = uc( $to_unit ); exists $BYTE_UNIT_ORDER{ $from_unit } or die "invalid byte unit name provided: `$from_unit'"; exists $BYTE_UNIT_ORDER{ $to_unit } or die "invalid byte unit name provided: `$to_unit'"; my $factor = $BYTE_UNIT_ORDER{ $from_unit } / $BYTE_UNIT_ORDER{ $to_unit }; return $value * $factor } sub byte_format($) { my $bytes = shift; my $size = $bytes / ( 1024.0 ** $#BYTE_UNITS ); for my $unit ( @BYTE_UNITS ) { if ( $size >= 1 ) { my $precision = $BYTE_UNIT_PRECISION{ $unit }; return sprintf( "%.${precision}f %2s", $size, $unit ); } $size *= 1024; } return "$bytes B "; } sub center($$) { my ( $string, $width ) = @_; my $len = length( $string ); return $string if $width <= $len; my $padding = $width - $len; my $left = int( $padding / 2 ); my $right = $left + $padding % 2; return( ( ' ' x $left ) . $string . ( ' ' x $right ) ); } sub print_list_item($$) { local $\ = "\n"; my $text = shift; $text =~ s(\s+\z)(); my $color = shift; my @lines = split( /\r?\n/, $text ); my $main = shift( @lines ); print c( "* $main", $color ); for ( @lines ) { print " - $_"; } } sub print_table { local $\ = "\n"; my @rows = @_; my @arrays; my @titles; my $title = undef; for my $item ( @rows ) { if ( ref( $item ) eq 'ARRAY' ) { push( @arrays, $item ); } elsif ( ref( \$item ) eq "SCALAR" ) { push( @titles, $item ); } } unless ( @arrays ) { $@ = "print_table: no rows provided"; return; } my $ncols = scalar( @{$arrays[ 0 ]} ); my @widths; for my $c ( 0 .. ( $ncols - 1 ) ) { my $w = 0; for my $row ( @arrays ) { my $col = $row->[$c]; my $col_width = length( $col ); if ( $w < $col_width ) { $w = $col_width; } } $widths[ $c ] = $w; } my $inner_width = ( $ncols - 1 ) * 3; $inner_width += $_ for @widths; if ( @titles ) { my $title_width = 0; for my $t ( @titles ) { my $l = length( $t ); $title_width = $l if $l > $title_width; } if ( $title_width > $inner_width ) { $widths[-1] += $title_width - $inner_width; $inner_width = $title_width; } } if ( ref( \$rows[0] ) eq "SCALAR" ) { $title = shift( @rows ); print( '+-' . ( '-' x $inner_width ) . '-+' ); print( '| ' . center( $title, $inner_width ) . ' |' ); } my $mask = '| ' . join( " | ", map { "%-${_}s" } @widths ) . " |"; my $border = '+-' . join( "-+-", map { '-' x $_ } @widths ) . "-+"; my $outline = '+-' . ( '-' x $inner_width ) . '-+'; my $after_title = 1; for my $row ( @rows ) { if ( ref( $row ) eq 'ARRAY' ) { print( $border ) if $after_title; print( sprintf( $mask, @{ $row } ) ); $after_title = 0; } elsif ( ref( \$row ) eq 'SCALAR' ) { print( $after_title ? $outline : $border ); print( '| ' . center( $row, $inner_width ) . ' |' ); $after_title = 1; } } print( $after_title ? $outline : $border ); } sub print_user_config( $ ) { my $config = shift; my $attrs = $config->{ cpuser }; my @table = (); push( @table, [ "User", $config->{ user } ] ); push( @table, [ "Domain", $config->{ domain } ] ); push( @table, [ "Shell Access", $config->{ setshell } ] ); my @keys = sort keys( %$attrs ); for my $key ( @keys ) { my $value = $attrs->{ $key }; unless ( $key eq "DOMAINS" or $key eq "DEADDOMAINS" ) { push( @table, [ $key, "$value" ] ); } } print_table( "Updated Configuration", @table ); } sub show_usage(;$) { my $message = shift; $message ? pod2usage( -msg => c( $message, 'red' ), -exitval => 1 ) : pod2usage( 0 ); } sub compare_ips($$) { my ( $a, $b ) = @_; my @a_parts = split( /\./, $a, 4 ); my @b_parts = split( /\./, $b, 4 ); for my $i ( 0..3 ) { my $ai = $a_parts[ $i ] + 0; my $bi = $b_parts[ $i ] + 0; my $c = $ai <=> $bi; if ( $c ) { return $c; } } return 0; } #################################################################################################### ######################################### WHM API Functions ######################################## #################################################################################################### sub access_key { if ( $access_key ) { return $access_key; } unless ( -f '/root/.accesshash' ) { $ENV{ REMOTE_USER } = 'root'; `/usr/local/cpanel/bin/mkaccesshash`; delete $ENV{ REMOTE_USER }; $created_access_hash = 1; } if ( -f '/root/.accesshash' ) { $access_key = slurp( "/root/.accesshash" ) or die "could not read /root/.accesshash: $!"; $access_key =~ s/\n//g; } else { die "could not read /root/.accesshash: $!"; } return $access_key; } sub load_json($) { my ( $source ) = @_; my $data; eval { $data = JSON::Syck::Load( $source ); }; if ( $@ ) { die( $@ . "\nJSON SOURCE:\n" . $source ); } return $data; } sub api_report($$) { my $function = shift; my $result = shift; my $success = $result->{ status } + 0; # 0 if failed, 1 if succeeded my $message = $result->{ statusmsg }; my $warnings = $result->{ warnings }; my $messages = $result->{ messages } || $result->{ msgs }; my $status = $result->{ status } + 0; # 0 if failed, 1 if succeeded my $user_config = $result->{ newcfg }; my $output = $result->{ rawout }; print c( $function, "cyan underline" ), "\n"; print c( $message, $success ? 'green' : 'red' ), "\n"; if ( $warnings ) { print_list_item( $_, "magenta" ) for @$warnings }; if ( $messages ) { if ( ref( $messages ) eq 'ARRAY' ) { print_list_item( $_, "yellow" ) for @$messages } else { print_list_item( $messages, "yellow" ); } }; if ( $output ) { print $output, "\n"; } if ( $user_config ) { print_user_config( $user_config ); } } sub api_call($%) { my $function = shift; my %params = @_; my $direct = 0; if ( exists $params{ -direct } ) { $direct = $params{ -direct }; delete $params{ -direct }; } my $uri = URI->new( "https://127.0.0.1:2087/json-api/$function" ); $uri->query_form( %params ); d "query URI: %s", $uri; # read the WHM access key my $auth = "WHM root:" . access_key; my $ua = LWP::UserAgent->new; my $request = HTTP::Request->new( GET => "$uri" ); $ua->timeout(300); $request->header( Authorization => $auth ); my $response = $ua->request( $request ); my $data = load_json( $response->content ); d "json data:\n%s", Dumper( $data ) if $debug; # keeps the Dumper call from executing unless totally necessary return $data if $direct; my $result = exists $data->{ result } ? $data->{ result } : $data; ref( $result ) eq "ARRAY" and $result = $result->[ 0 ]; my $success = $result->{ status } + 0; # 0 if failed, 1 if succeeded api_report( $function, $result ); $api_success &= $success; return $result; } #################################################################################################### ####################################### Command Line Parsing ####################################### #################################################################################################### # if no arguments whatsoever are provided, show the man page documentation unless ( @ARGV ) { pod2usage({ -exitval => 1, -verbose => 2 }); } my $option_parser = new Getopt::Long::Parser; $option_parser->configure( 'bundling' ); $option_parser->getoptions( 'list-themes' => sub { load_themes; print "$_\n" for sort keys %themes; exit( 0 ); }, 'list-packages' => sub { load_packages; print "$_\n" for sort keys %packages; exit( 0 ); }, 'list-resellers' => sub { load_resellers; print "$_\n" for sort keys %resellers; exit( 0 ); }, 'list-acls' => sub { load_resellers; print "$_\n" for sort keys %reseller_acls; exit( 0 ); }, 'list-ips' => sub { load_ips; my @ips = sort { compare_ips( $a, $b ) } keys( %ip_addresses ); for my $ip ( @ips ) { if ( $ip eq $shared_ip ) { print c( "$ip\t(main)", 'cyan' ), "\n"; } elsif ( $used_ips{ $ip } ) { print c( $ip, 'red' ), "\n"; } else { print c( $ip, 'green' ), "\n"; } } exit( 0 ); }, 'list-privileges' => sub { print "$_\n" for sort keys %PRIVILEGE_NAMES; exit( 0 ); }, 'list-users' => sub { load_users; print "$_\n" for sort keys( %users ); exit( 0 ); }, 'no-color|bleach|b' => \$bleach, 'debug|D' => \$debug, 'domain|d=s' => sub { my ( $opt, $value ) = @_; # TODO: add validation for the domain name argument $account_params{ domain } = $value; }, 'new-user|user|u=s' => sub { my ( $opt, $value ) = @_; $account_params{ newuser } = $value; }, 'owner|o=s' => sub { my ( $opt, $value ) = @_; $account_params{ owner } = $value; }, 'theme|t=s' => sub { my ( $opt, $value ) = @_; $account_params{ CPTHEME } = $value; }, 'self!' => sub { my ( $opt, $value ) = @_; $reseller_owns_self = $value; }, 'max-ftp=i' => sub { my ( $opt, $value ) = @_; $account_params{ MAXFTP } = "$value"; }, 'max-sql=i' => sub { my ( $opt, $value ) = @_; $account_params{ MAXSQL } = "$value"; }, 'max-pop=i' => sub { my ( $opt, $value ) = @_; $account_params{ MAXPOP } = "$value"; }, 'max-park=i' => sub { my ( $opt, $value ) = @_; $account_params{ MAXPARK } = "$value"; }, 'max-sub=i' => sub { my ( $opt, $value ) = @_; $account_params{ MAXSUB } = "$value"; }, 'max-addon=i' => sub { my ( $opt, $value ) = @_; $account_params{ MAXADDON } = "$value"; }, 'c|cgi!' => sub { my ( $opt, $value ) = @_; $account_params{ HASCGI } = "$value"; }, 'C' => sub { my ( $opt, $value ) = @_; $account_params{ HASCGI } = "0"; }, 's|shell!' => sub { my ( $opt, $value ) = @_; $account_params{ shell } = "$value"; }, 'S' => sub { my ( $opt, $value ) = @_; $account_params{ shell } = "0"; }, 'r|reseller!' => sub { my ( $opt, $value ) = @_; $reseller = $value ? 'on' : 'off'; }, 'R' => sub { my ( $opt, $value ) = @_; $reseller = 'off'; }, 'acl|a=s' => \$reseller_acl, 'ns:s' => sub { my ( $opt, $value ) = @_; if ( $value ) { push( @nameservers, $_ ) for split( /\s*,\s*|\s+/, $value ); } else { load_server_config; @nameservers = @default_nameservers; } }, 'custom-ns=s' => sub { my ( $opt, $value ) = @_; @nameservers = ( "ns1.$value", "ns2.$value" ); }, 'allow=s' => sub { my ( $opt, $value ) = @_; $value =~ s/^s+|\s+$//g; $privilege_changes{ $_ } = 1 for split( /\s*,\s*|\s+/, $value ); }, 'deny=s' => sub { my ( $opt, $value ) = @_; $value =~ s/^s+|\s+$//g; $privilege_changes{ $_ } = 0 for split( /\s*,\s*|\s+/, $value ); }, 'ip|i=s' => \$ip, 'package|p=s' => \$package, 'password|pw|w=s' => \$password, 'bandwidth|bw|b=s' => sub { my ( $opt, $value ) = @_; $bandwidth = int( parse_bytes( $value, 'MB' ) ); }, 'quota|q=s' => sub { my ( $opt, $value ) = @_; $quota = int( parse_bytes( $value, 'MB' ) ); }, 'force' => \$force, 'info|summary' => \$account_summary, 'help|h' => sub { show_usage(); }, 'man' => sub { pod2usage({ -exitval => 0, -verbose => 2 }) }, 'version|v' => sub { print "$VERSION\n"; exit( 0 ); } ); $user = shift( @ARGV ) or show_usage( "specify a cPanel user name" ); unless ( -f "/var/cpanel/users/$user" ) { die "`$user' is not an existing cPanel user"; } $cp_data = Cpanel::Config::LoadCpUserFile::loadcpuserfile( $user ); @user_domains = ( $cp_data->{ 'DOMAIN' }, @{ $cp_data->{ 'DOMAINS' } } ); #################################################################################################### ######################################## Argument Validation ####################################### #################################################################################################### # New primary domain if ( my $domain = $account_params{ domain } ) { if ( $domain !~ /$domain_rx/i ) { push( @errors, "`$domain' is not a valid domain name" ); } elsif ( my $owner = who_owns( $domain ) ) { push( @errors, "`$domain' is already owned by user `$owner'" ); } } # New user name if ( my $new_user = $account_params{ newuser } ) { if ( $new_user !~ /^[a-z][a-z\d]*$/i ) { push( @errors, "Bad user name `$new_user': must be entirely alphanumeric, starting with a letter" ); } elsif ( length( $new_user ) > 8 ) { push( @errors, "Bad user name `$new_user': must be 8 or less characters in length" ); } elsif ( -f "/var/cpanel/users/$new_user" ) { push( @errors, "user `$new_user' already exists on the system" ); } } # Changing reseller ownership if ( my $owner = $account_params{ owner } ) { load_resellers; unless ( $owner eq 'root' or exists $resellers{ $owner } ) { unless ( $owner eq $user and $reseller eq 'on' ) { push( @errors, "`$owner' is not an existing reseller account" ); } } } # Changing cPanel theme if ( my $theme = $account_params{ CPTHEME } ) { load_themes; exists $themes{ $theme } or push( @errors, "unknown cPanel theme name `$theme'" ); } # Switching cPanel package if ( $package ) { load_packages; if ( my $pname = $packages{ $package } || $packages{ lc( $package ) } ) { $package = $pname; } else { push( @errors, "unknown package name: `$package'" ); } } # Applying a reseller ACL if ( $reseller_acl ) { load_resellers; if ( my $aname = $reseller_acls{ $reseller_acl } || $reseller_acls{ lc( $reseller_acl ) } ) { $reseller_acl = $aname; } else { push( @errors, "unknown reseller ACL name: `$reseller_acl'" ); } } # Changing account IP if ( $ip ) { load_ips; ( $ip, $subnet_mask ) = split( /[\/:\s]+/, $ip, 2 ); my $current_ip = $cp_data->{ 'IP' }; if ( $ip =~ /^(main|shared)$/i ) { push( @errors, "could not identify the server's shared ip" ) unless ( $shared_ip ); $ip = $shared_ip; } elsif ( $ip =~ /^(free|next)$/i ) { unless ( @ip_pool ) { push( @errors, "no free IPs found in the server's ip address pool" ); } $ip = $ip_pool[ 0 ]; } elsif ( $ip !~ /$ip_rx/ ) { push( @errors, "`$ip' is not a valid IP address" ); } elsif ( !exists $ip_addresses{ $ip } ) { if ( $subnet_mask ) { if ( $subnet_mask =~ /^(\d+)$/ ) { my $prefix = $1 + 0; if ( $prefix < 32 ) { push( @errors, "invalid subnet prefix value: `$prefix' (must be between 0 and 32)" ); } else { $subnet_mask = ip_bintoip( ip_get_mask( $prefix, 4 ), 4 ); $add_ip = 1; } } elsif ( $subnet_mask =~ /$ip_rx/ && ip_iptobin($subnet_mask, 4) =~ /$netmask_rx/ ) { $add_ip = 1; } else { push @errors, "invalid subnet mask provided: `$subnet_mask'"; } } else { push( @errors, tidy qq( | `$ip' does not seem to configured on the server. | To add it to the server, specify a subnet mask. ) ); } } if ( $add_ip ) { # TODO: ping the IP to check if it's assigned somewhere already } if ( $current_ip eq $ip ) { push( @warnings, "$user is already assigned to $ip, so it will not be changed" ); $ip = undef; } else { # this is a legitimate IP change if ( $ip eq $shared_ip ) { # check if the account has SSL installed. If it does, switching to the # shared IP will overwrite the shared SSL. Don't do it load_ssl; for my $dom ( @user_domains ) { if ( exists $ssl_domains{ $dom } ) { push( @errors, "$user's domain `$dom' has an SSL certificate installed. Switching to the shared IP will overwrite the shared SSL certificate." ); $ip = undef; last; } } } else { # make sure no one else already has this IP if ( my $owner = $used_ips{ $ip } ) { my $uname = who_owns( $owner ) || 'unknown'; push( @errors, "`$ip' is already assigned to $owner ($uname)" ); } } } } if ( %privilege_changes ) { for my $priv_name ( keys %privilege_changes ) { exists $PRIVILEGE_NAMES{ $priv_name } or die "invalid privilege name: `$priv_name'"; } } if ( $on_shared ) { if ( $reseller eq 'on' ) { push( @errors, "do not apply reseller privileges to a user on a shared server" ); } if ( $account_params{ shell } eq '1' and $server_name !~ /^edge/i ) { push( @errors, "do not grant shell access to users on a shared server" ); } if ( $account_params{ cgi } eq '0' ) { push( @warnings, "you are stripping CGI access from `$user'" ); } } for ( @warnings ) { print STDERR c( "- $_\n", 'yellow' ); } if ( @errors ) { if ( $force ) { for ( @errors ) { print STDERR c( "- $_\n", 'yellow' ); } } else { print STDERR c( "Cannot make the requested modification due to the following errors:\n", 'red' ); for ( @errors ) { print STDERR c( "- $_\n", 'yellow' ); } print STDERR c( "If you really want to apply these changes, specify the --force flag\n", 'red' ); exit scalar( @errors ); } } #################################################################################################### ###################################### WHM API Call Execution ###################################### #################################################################################################### if ( $add_ip ) { api_call( 'addip', ip => $ip, netmask => $subnet_mask ); } if ( $package ) { api_call( 'changepackage', user => $user, pkg => $package ); } if ( $password ) { api_call( 'passwd', user => $user, pass => $password, db_pass_update => 1 ); } if ( $ip ) { api_call( 'setsiteip', user => $user, ip => $ip ); } if ( defined $bandwidth ) { api_call( 'limitbw', user => $user, bwlimit => "$bandwidth" ); } if ( defined $quota ) { api_call( 'editquota', user => $user, quota => "$quota" ); } if ( $reseller ) { my %reseller_arguments = ( user => $user ); if ( $reseller eq 'on' ) { $reseller_arguments{ makeowner } = $reseller_owns_self if defined $reseller_owns_self; api_call( 'setupreseller', %reseller_arguments ); } elsif ( $reseller eq 'off' ) { api_call( 'unsetupreseller', %reseller_arguments ); } } if ( $reseller_acl ) { api_call( 'setacls', reseller => $user, acllist => $reseller_acl ); } if ( @nameservers ) { my $ns_spec = join( ',', @nameservers ); api_call( 'setresellernameservers', user => $user, nameservers => $ns_spec ); } if ( %privilege_changes ) { load_resellers( 1 ); # force reload of reseller privileges, since they may have changed my %privs = %{ $resellers{ $user } }; while ( my ( $priv_name, $enabled ) = each( %privs ) ) { if ( $enabled ) { $privs{ $priv_name } = 1; } else { delete $privs{ $priv_name }; } } my %params = ( reseller => $user ); for my $priv_name ( keys %privs ) { $params{ "acl-$priv_name" } = "1"; } api_call( 'setacls', %params ); } if ( %account_params ) { api_call( 'modifyacct', %account_params, user => $user ); } if ( $account_summary ) { my $report = api_call( 'accountsummary', user => $user, -direct => 1 ); my $summary = $report->{ acct }; $summary = $summary->[ 0 ] if $summary; if ( $summary ) { my @basic_properties = qw( domain email owner ip theme shell ); my @rows = ( $summary->{ user } ); for my $prop ( @basic_properties ) { my $value = $summary->{ $prop }; push( @rows, [ $prop, $value ] ); } my @plan_properties = qw( plan maxaddons maxparked maxsub maxsql maxpop maxftp ); push( @rows, "Package" ); for my $prop ( @plan_properties ) { my $value = $summary->{ $prop }; push( @rows, [ $prop, $value ] ); } my @disk_properties = qw( partition disklimit diskused ); push( @rows, "Disk" ); for my $prop ( @disk_properties ) { my $value = $summary->{ $prop }; push( @rows, [ $prop, $value ] ); } print_table( @rows ); } } exit( !$api_success );