#!/usr/local/cpanel/3rdparty/bin/perl
# cpanel - scripts/userdata_wildcard_cleanup Copyright 2022 cPanel, L.L.C.
# All rights reserved.
# copyright@cpanel.net http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited
package scripts::userdata_wildcard_cleanup;
use strict;
use Cpanel ();
use Cpanel::Config::userdata::Constants ();
use Cpanel::Config::userdata::Guard ();
use Cpanel::FileUtils::TouchFile ();
use Cpanel::SafeRun::Errors ();
use Cpanel::ServerTasks ();
use Cpanel::WildcardDomain ();
use Cpanel::WildcardDomain::Tiny ();
use File::Basename ();
BEGIN { unshift @INC, '/usr/local/cpanel'; }
my @ssl_userdata_parts = qw(
sslcertificatefile
sslcertificatekeyfile
sslcacertificatefile
);
our $TOUCH_FILE = '/var/cpanel/ssl/wildcard_cleanup_complete';
__PACKAGE__->script(@ARGV) unless caller();
########################################################################
# This script was created to fix an issue documented in case 67341
########################################################################
sub script {
my ( $class, @argv ) = @_;
my ( $rebuild_apache, $forced );
for my $arg (@argv) {
if ( $arg eq '--rebuildapache' ) {
$rebuild_apache = 1;
}
if ( $arg eq '--force' ) {
$forced = 1;
}
}
return if -e $TOUCH_FILE && !$forced;
my ( $httpd_conf_rebuild_needed, @migrated_servernames, @migrated_nobody_domains );
@migrated_servernames = _migrate_wildcard_encoded_userdata_files();
@migrated_nobody_domains = _migrate_nobody_userdata_files();
$httpd_conf_rebuild_needed = 1 if @migrated_servernames || @migrated_nobody_domains;
#Rebuild apache because previous rebuilds might have accidentally
#deleted the wildcard SSL vhosts from being unable to find their
#userdata files.
if ($httpd_conf_rebuild_needed) {
if ($rebuild_apache) {
print "Rebuilding Apache\n";
my $output = Cpanel::SafeRun::Errors::saferunallerrors("$Cpanel::root/bin/build_apache_conf");
if ( $output !~ /OK$/ ) {
warn "Error rebuilding the apache configuration: $output\n";
}
Cpanel::ServerTasks::queue_task( ['ApacheTasks'], 'apache_restart' );
}
else {
print "Skipping Apache Rebuild\n";
}
}
Cpanel::FileUtils::TouchFile::touchfile($TOUCH_FILE);
return;
}
sub _migrate_nobody_userdata_files {
my $userDir = $Cpanel::Config::userdata::Constants::USERDATA_DIR . "/nobody";
if ( !-e $userDir ) {
return;
}
my @domains_processed = ();
{
my $main_guard = Cpanel::Config::userdata::Guard->new( 'nobody', 'main' );
my $maindata = $main_guard->data();
for my $domain ( $maindata->{'main_domain'}, @{ $maindata->{'sub_domains'} } ) {
if ( !$domain || !Cpanel::WildcardDomain::Tiny::is_wildcard_domain($domain) || !-e $userDir . "/${domain}_SSL" ) {
next;
}
my $guard = Cpanel::Config::userdata::Guard->new( 'nobody', $domain . '_SSL' );
my $userdata = $guard->data();
_fix_userdata($userdata);
push @domains_processed, $userdata->{'servername'};
$guard->save();
}
$main_guard->abort();
}
return;
}
sub _migrate_wildcard_encoded_userdata_files {
my @migrated_servernames = ();
my @wildcard_encoded_userdata_files = glob("$Cpanel::Config::userdata::Constants::USERDATA_DIR/*/_wildcard_*");
for my $old_file (@wildcard_encoded_userdata_files) {
next if !-f $old_file;
if ( $old_file =~ m{\.cache\z} ) {
unlink $old_file;
next;
}
my ( $ok, %ret ) = _migrate_userdata_file($old_file);
next if $ret{'deleted'};
my $new_file = $old_file;
#We *shouldn't* need the fussiness of anchoring this substitution
#with / and \z, but just in case.
$new_file =~ s{/_wildcard_([^/]+)\z}{/*$1};
if ( !-f $new_file ) {
if ( !rename( $old_file, $new_file ) ) {
warn "The system failed to rename $old_file to $new_file because of an error: $!";
next;
}
push @migrated_servernames, $ret{'servername'};
}
}
return @migrated_servernames;
}
sub _migrate_userdata_file {
my ($file) = @_;
my ( $filename, $path, undef ) = File::Basename::fileparse($file);
my $user = File::Basename::basename($path);
my %return_data = ();
{
my $guard = Cpanel::Config::userdata::Guard->new( $user, $filename );
my $userdata = $guard->data();
if ( exists $userdata->{'servername'} ) {
for my $ssl_part (@ssl_userdata_parts) {
next if !$userdata->{$ssl_part};
if ( !-e $userdata->{$ssl_part} ) {
$guard->abort();
unlink $file;
return ( 1, 'deleted' => 1 );
}
}
_fix_userdata($userdata);
$return_data{'servername'} = $userdata->{'servername'};
$guard->save();
}
else {
$guard->abort();
}
}
return ( 1, %return_data );
}
sub _fix_userdata {
my ($userdata) = @_;
# Decodes wildcard encoded domains
$userdata->{'servername'} = Cpanel::WildcardDomain::decode_wildcard_domain( $userdata->{'servername'} );
$userdata->{'serveradmin'} =~ s{(\@)_wildcard_\.}{$1};
$userdata->{'serveralias'} = $userdata->{'servername'};
return;
}
1;