File: //scripts.20110531.215904.25158/unsuspendacct
#!/usr/bin/perl
# cpanel - unsuspendacct Copyright(c) 2010 cPanel, Inc.
# All rights Reserved.
# copyright@cpanel.net http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited
BEGIN { unshift @INC, '/usr/local/cpanel'; }
use strict;
use warnings;
use Cpanel::SafeFile ();
use AcctLock ();
use Cpanel::PwCache ();
use Cpanel::DomainTools ();
use Cpanel::FileUtils ();
use Cpanel::Hostname ();
use Cpanel::AccessIds ();
use Cpanel::AcctUtils ();
use Cpanel::AcctUtils::DomainOwner ();
use Cpanel::SafetyBits ();
use Cpanel::iContact ();
use Cpanel::ApacheConf ();
use Cpanel::Config ();
use Cpanel::Config::CpUserGuard ();
use Cpanel::Logger ();
use Cpanel::SafeDir::Read ();
my $logger = Cpanel::Logger->new();
if ( ( !$ENV{'USER'} || !$ENV{'REMOTE_USER'} ) && $> == 0 ) {
$ENV{'REMOTE_USER'} = 'root';
$ENV{'USER'} = 'root';
}
my $host;
my $user = $ARGV[0];
if ($user) {
$user =~ s/\///g;
}
if ( !$user || $user eq 'root' ) {
print "Usage: unsuspendacct <user>\n";
exit;
}
my $pass = (Cpanel::PwCache::getpwnam($user))[1];
if ( !$pass ) {
my $old_user = $user;
$user = Cpanel::AcctUtils::DomainOwner::getdomainowner($user);
unless ( $pass = (Cpanel::PwCache::getpwnam($user))[1] ) { # Assignment in test
die "Invalid user\n";
}
if ( $old_user ne $user ) {
print "Domain lookup of domain '$old_user' yielded user '$user'\n";
}
}
unless ( $pass =~ m/^\!/ || $pass =~ m/^\*/ ) {
print <<"EOM";
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
The user '$user' is not suspended (password is not locked).
If this account is partially suspended, suspend the account
to make the account fully suspended before unsuspending.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
EOM
if ( -e "/var/cpanel/bwlimited/$user" ) {
print "\nThe user is currently bandwidth limited. You may remove this limitation by increasing their bandwidth limit.\n";
}
exit;
}
my $owner = Cpanel::AcctUtils::getowner($user);
system '/scripts/preunsuspendacct', @ARGV if -x '/scripts/preunsuspendacct';
my $now = time();
if ( !$owner || $owner eq 'root' ) {
$host = Cpanel::Hostname::gethostname();
}
else {
$host = Cpanel::AcctUtils::getdomain($owner);
}
# Load account creation defaults
my $cref = Cpanel::Config::loadwwwacctconf();
# Determine default shell
my $shell = $cref->{'DEFSHELL'};
if ( !$shell || !-e $shell ) {
$shell = '/bin/bash';
}
my $homedir = Cpanel::AcctUtils::gethomedir($user);
my %CPCONF = Cpanel::Config::loadcpconf();
if ( exists $CPCONF{'acls'} && $CPCONF{'acls'} eq '1' ) {
if ( my $pid = fork() ) {
waitpid( $pid, 0 );
}
else {
Cpanel::SafetyBits::setuids($user);
system( 'setfacl', '-kb', '-m', 'group:nobody:x', '-m', 'group:mail:x', '-m', 'group:cpanel:x', '-m', 'group:mailnull:x', '-m', 'group:65535:x', '-m', 'group:ftp:x', '--', $homedir );
chmod 0750, $homedir;
exit;
}
}
else {
Cpanel::SafetyBits::safe_chmod( 0711, $user, $homedir );
}
if ( -e '/var/cpanel/fileprotect' ) {
my $httpgid = ( getgrnam('nobody') )[2];
my $useruid = ( getpwnam($user) )[2];
Cpanel::SafetyBits::safe_userchgid( $useruid, $httpgid, $homedir . '/public_html' );
Cpanel::SafetyBits::safe_chmod( 0750, $useruid, $homedir . '/public_html' );
Cpanel::SafetyBits::safe_userchgid( $useruid, $httpgid, $homedir . '/.htpasswds' );
Cpanel::SafetyBits::safe_chmod( 0750, $useruid, $homedir . '/.htpasswds' );
}
else {
Cpanel::SafetyBits::safe_chmod( 0755, $user, $homedir . '/public_html' );
Cpanel::SafetyBits::safe_chmod( 0755, $user, $homedir . '/.htpasswds' );
}
Cpanel::SafetyBits::safe_chmod( 0755, $user, $homedir . '/public_ftp' );
my %SUINFO;
if ( open my $suspended_info_fh, '<', '/var/cpanel/suspendinfo/' . $user ) {
while ( readline $suspended_info_fh ) {
chomp;
my ( $name, $value ) = split( /=/, $_ );
next if ( !$name || !$value );
$SUINFO{$name} = $value;
}
close $suspended_info_fh;
unlink '/var/cpanel/suspendinfo/' . $user;
}
my $cpuser_guard = Cpanel::Config::CpUserGuard->new($user);
my $cpuser_data = $cpuser_guard->{'data'};
delete $cpuser_data->{'SUSPENDED'};
$cpuser_guard->save();
AcctLock::acctlock();
# Reset shell
if ( !$SUINFO{'shell'} ) {
system 'chsh', '-s', '/usr/local/cpanel/bin/noshell', $user;
}
elsif ( -x $SUINFO{'shell'} ) {
system 'chsh', '-s', $SUINFO{'shell'}, $user;
}
else {
system 'chsh', '-s', $shell, $user;
}
if ( -x '/usr/sbin/pw' ) {
system '/usr/sbin/pw', 'unlock', $user;
}
else {
system 'passwd', '-u', $user;
}
AcctLock::acctunlock();
my @DNS = ( $cpuser_data->{'DOMAIN'} );
if ( exists $cpuser_data->{'DOMAINS'} ) { push @DNS, @{ $cpuser_data->{'DOMAINS'} } }
if ( -e "$homedir/etc/webdav/shadow" ) {
print "Unsuspending webdav users\n";
unsuspendshadowfile("$homedir/etc/webdav/shadow");
}
foreach my $dns (@DNS) {
$dns = Cpanel::DomainTools::normalize($dns);
next if !Cpanel::DomainTools::is_valid($dns);
system("mv /usr/local/cpanel/3rdparty/mailman/suspended.lists/*_$dns /usr/local/cpanel/3rdparty/mailman/lists 2>/dev/null");
if ( -f "${homedir}/etc/${dns}/shadow" && !-l "${homedir}/etc/${dns}/shadow" ) {
print "Unsuspending email account logins for $dns .... ";
unsuspendshadowfile("${homedir}/etc/${dns}/shadow");
print "Done\n";
}
}
if ( my $pid = fork() ) {
waitpid( $pid, 0 );
}
else {
my $docroot_ref = Cpanel::ApacheConf::getdocroots( \@DNS );
Cpanel::AccessIds::setuids($user);
foreach my $docroot ( keys %{$docroot_ref} ) {
if ( -e $docroot . '/.htaccess' && Cpanel::FileUtils::has_txt_in_file( $docroot . '/.htaccess', '^RedirectMatch\s.+suspended.?page' ) ) {
unlink $docroot . '/.htaccess';
}
my $htaccess_suspend_file = get_htaccess_suspend_file($docroot);
if ($htaccess_suspend_file) {
#needed for taint-mode
($htaccess_suspend_file) = ($htaccess_suspend_file) =~ /^(\.htaccess\.suspend(?:\.?[0-9]+)?)$/;
if ( -z $docroot . '/' . $htaccess_suspend_file ) {
unlink $docroot . '/' . $htaccess_suspend_file;
}
else {
unlink $docroot . '/.htaccess' if ( -e _ );
rename $docroot . '/' . $htaccess_suspend_file, $docroot . '/.htaccess';
}
}
}
exit;
}
unlink '/var/cpanel/suspended/' . $user;
unlink '/var/cpanel/suspended/' . $user . '.lock';
# Ensure filesystem buffers are flushed
system 'sync';
my $ftpfile = '/etc/proftpd/' . $user;
if ( -e $ftpfile . '.suspended' ) {
print "Unsuspending FTP accounts...\n";
if ( -e $ftpfile ) {
if ( -z $ftpfile ) {
unlink $ftpfile;
}
else {
warn "Found $ftpfile with contents. It will be archived as '$ftpfile.unsuspend_failed' and replaced with the previously suspended version.\n";
rename $ftpfile, $ftpfile . '.unsuspend_failed';
}
}
rename $ftpfile . '.suspended', $ftpfile or warn "Could not rename $ftpfile.suspended to $ftpfile";
}
system '/usr/local/cpanel/bin/ftpupdate', $user;
system '/usr/local/cpanel/bin/updateauthtab';
print "${user}'s account is now active\n";
my $domain = Cpanel::AcctUtils::getdomain($user);
if ( -f '/var/spool/cron.suspended/' . $user ) {
unlink '/var/spool/cron/' . $user;
rename '/var/spool/cron.suspended/' . $user, '/var/spool/cron/' . $user;
}
print "Unsuspending mysql users\n";
system( '/scripts/unsuspendmysqlusers', $user );
my $msg = <<"EOM";
+===================================+
| Account Info |
+===================================+
| Domain: $domain
| UserName: $user
+===================================+
Account Unsuspended by $ENV{'REMOTE_USER'} ($ENV{'USER'})
EOM
Cpanel::iContact::icontact(
'application' => 'unsuspendacct',
'level' => 3,
'subject' => qq{Account Unsuspended on $host ($domain)},
'message' => $msg,
'msgtype' => ''
);
system '/scripts/postunsuspendacct', @ARGV if -x '/scripts/postunsuspendacct';
sub unsuspendshadowfile {
my ($file) = @_;
return if !-e $file;
my $shadowlock = Cpanel::SafeFile::safeopen( \*SHF, '+<', $file );
if ( !$shadowlock ) {
$logger->die("Could not update $file: $!");
}
my @CT = <SHF>;
seek( SHF, 0, 0 );
foreach (@CT) {
my @DC = split( /:/, $_, 3 );
chomp( $DC[$#DC] );
while ( $DC[1] =~ m/^\*LOCKED\*/ ) {
$DC[1] =~ s/^\*LOCKED\*//;
}
print SHF join( ':', @DC ) . "\n";
}
truncate( SHF, tell(SHF) );
Cpanel::SafeFile::safeclose( \*SHF, $shadowlock );
}
sub get_htaccess_suspend_file {
my ($docroot) = @_;
my $checkref = sub {
my ($file) = @_;
if ( $file =~ /^\.htaccess\.suspend/ ) {
return 1;
}
return;
};
my $newest_htaccess_file;
my $time = 0;
foreach my $htaccess_file ( Cpanel::SafeDir::Read::read_dir( $docroot, $checkref ) ) {
if ( $htaccess_file =~ /^\.htaccess\.suspend\.([0-9]+)$/ ) {
if ( $1 > $time ) {
$newest_htaccess_file = $htaccess_file;
$time = $1;
}
}
elsif ( !defined $newest_htaccess_file && $htaccess_file eq '.htaccess.suspend' ) {
$time = 1;
$newest_htaccess_file = $htaccess_file;
}
}
# should return the full path
return $newest_htaccess_file;
}