#!/usr/local/cpanel/3rdparty/bin/perl
# cpanel - scripts/userdirctl Copyright 2022 cPanel, L.L.C.
# All rights reserved.
# copyright@cpanel.net http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited
use strict;
use warnings;
use Cpanel::Config::LoadUserDomains ();
use Cpanel::Config::CpConfGuard ();
use Cpanel::Config::LoadConfig ();
use Cpanel::ConfigFiles::Apache 'apache_paths_facade'; # see POD for import specifics
use Cpanel::ConfigFiles::Apache::Config ();
use Cpanel::SafeFile ();
use Cpanel::Logger ();
use Cpanel::WildcardDomain ();
use Cpanel::HttpUtils::ApRestart::BgSafe ();
my $logger = Cpanel::Logger->new();
my $ctl = lc shift @ARGV;
if ( $ctl !~ /^o(n|ff)$/ ) {
die "$0: usage: $0 <on|off>";
}
exit if ( !-e apache_paths_facade->bin_httpd() );
my $apache_conf = Cpanel::ConfigFiles::Apache::Config::get_config();
my $bad_mod;
if ( $apache_conf->{'supported'}{'mpm_itk'} || $apache_conf->{'supported'}{'itk'} ) {
$bad_mod = 'Apache MPM-ITK';
}
elsif ( $apache_conf->{'supported'}{'mod_ruid2'} ) {
$bad_mod = 'mod_ruid2';
}
elsif ( $apache_conf->{'supported'}{'mod_passenger'} ) {
$bad_mod = 'mod_passenger';
}
#Do not allow use of mod_userdir if running apache mpm-itk or ruid2 or mod_passenger due to security implications
if ( $ctl eq 'on' && $bad_mod ) {
print "Detected $bad_mod in use.\n";
print "Using both mod_userdir and $bad_mod is not a supported configuration.\n";
print "Changes were not saved.\n";
exit;
}
my $cpconf_guard = Cpanel::Config::CpConfGuard->new();
$cpconf_guard->{'data'}->{'userdirprotect'} = $ctl eq 'on' ? 1 : 0;
$cpconf_guard->save();
my $UDS = Cpanel::Config::LoadConfig::loadConfig( '/var/cpanel/moddirdomains', {}, '\s*[:]\s*', '^\s*[#]' );
my $userdomains = Cpanel::Config::LoadUserDomains::loaduserdomains( {}, 1 );
my $httplock = Cpanel::SafeFile::safeopen( \*HC, "+<", apache_paths_facade->file_conf() );
if ( !$httplock ) {
$logger->die( 'Could not edit ' . apache_paths_facade->file_conf() );
}
my @CFILE;
while (<HC>) {
push( @CFILE, $_ );
}
seek( HC, 0, 0 );
my ( $bh, $ivh, $iuserdir, $userdirl, $killuserdir );
foreach (@CFILE) {
my $line = $_;
if ( !( $line =~ /^#/ ) ) {
if ( $line =~ /<virtualhost/i ) {
$bh = 1;
$ivh = 1;
}
if ( $line =~ /<ifmodule\s*mod_userdir/i && $ivh ) {
$iuserdir = 1;
$userdirl = '';
$killuserdir = 0;
}
if ( $line =~ /^\s*userdir\s+/i && !$ivh ) {
print HC $line;
next;
}
if ( $iuserdir && $line =~ /<\/ifmodule/i && $ivh ) {
$iuserdir = 0;
if ($killuserdir) {
$userdirl = '';
next;
}
else {
print HC $userdirl;
$userdirl = '';
}
}
if ( $line =~ /<\/virtualhost/i ) {
$ivh = 0;
}
if ( $ivh && $ctl eq "on" ) {
if ( $line =~ /^\s*Userdir\s*disabled/i ) {
$bh = 0;
}
if ( $line =~ /ServerName\s*(\S+)/i ) {
my $sn = $1;
$sn =~ s/^www\.//g;
# decode servername to match against userdomains
$sn = Cpanel::WildcardDomain::decode_wildcard_domain($sn);
if ($bh) {
my $owner = $userdomains->{$sn} || '';
if ( $owner ne "" && $owner ne "root" && $owner ne "*" && getpwnam($owner) ) {
if ( $UDS->{$sn} ne "-1" ) {
print HC " <IfModule mod_userdir.c>\n";
print HC " UserDir disabled\n";
print HC " UserDir enabled ${owner} $UDS->{$sn}\n";
print HC " </IfModule>\n";
}
}
else {
if ( $UDS->{"DefaultHost"} ne "-1" ) {
print HC " <IfModule mod_userdir.c>\n";
print HC " UserDir disabled\n";
print HC " UserDir enabled " . $UDS->{"DefaultHost"} . "\n" if ( $UDS->{'DefaultHost'} );
print HC " </IfModule>\n";
}
}
}
}
}
if ( $ivh && $ctl eq "off" ) {
$killuserdir = 1;
if ( $line =~ /^\s*Userdir\s*disable/i ) {
next;
}
}
}
if ($iuserdir) {
$userdirl .= $line;
}
elsif ( $line =~ /^\s*userdir/i ) {
next;
}
else {
print HC $line;
}
}
truncate( HC, tell(HC) );
Cpanel::SafeFile::safeclose( \*HC, $httplock );
Cpanel::HttpUtils::ApRestart::BgSafe::restart();
print "Your changes have been saved.\n";