#!/usr/local/cpanel/3rdparty/bin/perl
# cpanel - scripts/generate_account_suspension_include
# Copyright 2022 cPanel, L.L.C.
# All rights reserved.
# copyright@cpanel.net http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited
package generate_account_suspension_include;
use strict;
use Cpanel::ConfigFiles::Apache ();
use Cpanel::PwCache::Build ();
use Cpanel::LoadModule ();
use Cpanel::FileUtils::Write ();
use Cpanel::FileUtils::Dir ();
use Cpanel::HttpUtils::ApRestart::BgSafe ();
use Cpanel::LoadFile ();
use Cpanel::Usage ();
my $apacheconf = Cpanel::ConfigFiles::Apache->new();
sub _suspension_include_file {
return $apacheconf->dir_conf_includes() . '/account_suspensions.conf';
}
sub _suspension_dir {
return '/var/cpanel/suspended/';
}
sub _test_legacy_include_dir {
return $apacheconf->dir_conf_userdata() . '/std/2/';
}
sub main {
my @argv = @_;
my $update = 0;
my $restart = 0;
my $convert = 0;
my $verbose = 0;
Cpanel::Usage::wrap_options( \@argv, \&usage, { update => \$update, restart => \$restart, convert => \$convert, verbose => \$verbose } );
if ($update) {
output("Starting update\n") if $verbose;
if ( update_include($convert) ) {
output("Account suspension include updated\n") if $verbose;
if ($restart) {
output("Queueing Apache restart\n") if $verbose;
Cpanel::HttpUtils::ApRestart::BgSafe::restart();
}
else {
output("Skipping Apache restart\n") if $verbose;
}
}
else {
output("Account suspension include was already up to date.\n") if $verbose;
}
}
else {
usage();
}
return 0;
}
sub output {
my $message = shift;
return print $message;
}
# Not called internally; this is here for code that loads this script
# as a module.
sub update_include_and_restart_httpd () {
update_include(0);
Cpanel::HttpUtils::ApRestart::BgSafe::restart();
return;
}
sub update_include {
my ($convert) = @_;
my %original_suspended_docroots = ();
my %retained_suspended_docroots = ();
my %new_suspended_docroots = ();
my $suspension_contents = -e _suspension_include_file() ? Cpanel::LoadFile::loadfile( _suspension_include_file() ) : '';
while ( $suspension_contents =~ /<Directory "([^\n]+)">\n/g ) {
$original_suspended_docroots{$1} = undef;
}
my %suspended_users = map { $_ => 1 } @{ Cpanel::FileUtils::Dir::get_directory_nodes_if_exists( _suspension_dir() ) // [] };
my $pwcache_ref = Cpanel::PwCache::Build::fetch_pwcache();
foreach my $pw_ent (@$pwcache_ref) {
my ( $user, $uid, $gid, $homedir ) = @{$pw_ent}[ 0, 2, 3, 7 ];
if ($convert) {
remove_old_suspension_includes($user);
}
if ( $suspended_users{$user} ) {
if ( exists( $original_suspended_docroots{$homedir} ) ) {
delete $original_suspended_docroots{$homedir};
$retained_suspended_docroots{$homedir} = undef;
}
elsif ( exists( $retained_suspended_docroots{$homedir} ) ) {
# Homedir is listed twice in /etc/passwd?
}
else {
$new_suspended_docroots{$homedir} = undef;
}
}
}
if ( !$suspension_contents || scalar keys %original_suspended_docroots || scalar keys %new_suspended_docroots ) {
generate_include( keys %retained_suspended_docroots, keys %new_suspended_docroots );
return 1;
}
return 0;
}
sub remove_old_suspension_includes {
my $user = shift;
if ( -e _test_legacy_include_dir() . "$user/$user-suspend.conf" ) {
Cpanel::LoadModule::load_perl_module('Cpanel::EditHttpdconf');
Cpanel::EditHttpdconf::del_vhost_include(
{
'user' => $user,
'file' => "$user-suspend.conf",
'ensure_vhost_include_directives' => 0, # The include line is left in the conf file. It will disappear during the next full rebuild
}
);
}
return;
}
sub generate_include {
my @docroots = @_;
my $include_contents = <<EO_SUSPENSION_HEADER;
# This include file is automatically generated by
# /usr/local/cpanel/scripts/generate_account_suspension_include
# Any manual edits inside this file will be lost whenever account
# suspensions are updated.
RewriteEngine On
EO_SUSPENSION_HEADER
foreach my $docroot ( sort @docroots ) {
$include_contents .= <<EO_SUSPENSION;
<Directory "$docroot">
AllowOverride none
RedirectMatch ^/(?!cgi-sys/suspendedpage.cgi).* /cgi-sys/suspendedpage.cgi
</Directory>
EO_SUSPENSION
}
return Cpanel::FileUtils::Write::overwrite_no_exceptions( _suspension_include_file(), $include_contents, 0600 );
}
sub usage {
my $usage = <<EO_USAGE;
generate_account_suspension_include [--update|--help] [options]
Commands:
--help Brief help message
--update Update the account_suspensions . conf based on the system 's
current account suspensions
Options:
--convert Remove legacy individual account suspension include files.
--restart Restart Apache if the account_suspensions.conf has changed
--verbose Display verbose information messages
EO_USAGE
return output($usage);
}
exit main(@ARGV) unless caller();
1;