We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
servnest
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Set umask to 0077 everywhere

Miraty 2 years ago
parent
a2ea572439
commit
d51f9dfac3
5 changed files with 24 additions and 17 deletions
Split View Show Diff Stats
  1. 5 6
      check.php
  2. 6 3
      fn/ht.php
  3. 5 2
      pg-act/ht/add-onion.php
  4. 4 1
      pg-view/ht/index.php
  5. 4 5
      router.php

+ 5 - 6
check.php
View File 

@@ -52,7 +52,7 @@ function curlTest($address, $post = [], $tor = false) {
 
 	$result = curl_exec($req);
 
 	$status_code = curl_getinfo($req, CURLINFO_RESPONSE_CODE);
 
 	if ($status_code >= 400 OR $result === false) {
 
-		var_dump(curl_exec($req));
 
+		var_dump($result);
 
 		var_dump(curl_error($req));
 
 		exit($address . ' test failed with status code ' . $status_code . LF);
 
 	}
 
@@ -129,7 +129,7 @@ function testNs($domain) {
 
 			'ns' => $ns,
 
 		]);
 
 
-	preg_match('#\<code\>(?<token>[0-9a-z-]{16,128}\._domain-verification\.' . preg_quote(CORE_DOMAIN) . '\.)\</code\>#', curlTest('/ns/zone-add', []), $matches);
 
+	preg_match('#\<code\>(?<token>[0-9a-z-]{16,128}\._domain-verification\.' . preg_quote(CORE_DOMAIN, '#') . '\.)\</code\>#', curlTest('/ns/zone-add', []), $matches);
 
 	curlTest('/reg/ns', [
 
 		'action' => 'add',
 
 		'domain' => $domain,
 
@@ -157,7 +157,7 @@ function testNs($domain) {
 
 		'value' => 'letsencrypt.org',
 
 	]);
 
 	exec(CONF['dns']['kdig_path'] . ' @' . CONF['reg']['address'] . ' ' . $domain . ' CAA', $output);
 
-	if (preg_match('/^' . preg_quote($domain) . '[ \t]+7200[ \t]+IN[ \t]+CAA[ \t]+0[ \t]+issue[ \t]+"letsencrypt\.org"$/Dm', implode(LF, $output)) !== 1)
 
+	if (preg_match('/^' . preg_quote($domain, '/') . '[ \t]+7200[ \t]+IN[ \t]+CAA[ \t]+0[ \t]+issue[ \t]+"letsencrypt\.org"$/Dm', implode(LF, $output)) !== 1)
 
 		exit('Error: /ns/caa: CAA record not set' . LF);
 
 
 	curlTest('/ns/edit', [
 
@@ -166,7 +166,7 @@ function testNs($domain) {
 
 			. '@ 86400 NS ' . CONF['ns']['servers'][0] . "\r\n",
 
 	]);
 
 	exec(CONF['dns']['kdig_path'] . ' @' . CONF['reg']['address'] . ' aaaa.' . $domain . ' AAAA', $output);
 
-	if (preg_match('/[ \t]+' . preg_quote(CONF['ht']['ipv6_address']) . '$/Dm', implode(LF, $output)) !== 1)
 
+	if (preg_match('/[ \t]+' . preg_quote(CONF['ht']['ipv6_address'], '/') . '$/Dm', implode(LF, $output)) !== 1)
 
 		exit('Error: /ns/edit: AAAA record not set' . LF);
 
 }
 
 
@@ -222,14 +222,13 @@ exit
 
 		]);
 
 		if (preg_match('#\<code\>http\://(?<onion>[0-9a-z]{56})\.onion/\</code\>#D', $html, $matches) !== 1)
 
 			exit('Can\'t find onion address.' . LF);
 
-		sleep(5);
 
+		sleep(5); // Onion services are not immediately reachable
 
 		if (curlTest('http://' . $matches['onion'] . '.onion/', tor: true) !== TEST_CONTENT)
 
 			exit('Unexpected onion service response (' . $matches['onion'] . '.onion)' . LF);
 
 		curlTest('/ht/del', [
 
 			'site' => 'onion:' . $matches['onion'] . '.onion',
 
 		]);
 
 	}
 
-
 
 }
 
 
 $domain = testReg();

+ 6 - 3
fn/ht.php
View File 

@@ -2,16 +2,19 @@
 
 
 function htSetupUserFs($id) {
 
 	// Setup SFTP directory
 
-	umask(0002);
 
-	if (mkdir(CONF['ht']['ht_path'] . '/fs/' . $id, 0775) !== true)
 
+	if (mkdir(CONF['ht']['ht_path'] . '/fs/' . $id, 0000) !== true)
 
 		output(500, 'Can\'t create user directory.');
 
+	if (chmod(CONF['ht']['ht_path'] . '/fs/' . $id, 0775) !== true)
 
+		output(500, 'Can\'t chmod user directory.');
 
 	exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['chgrp_path'] . ' ' . CONF['ht']['sftpgo_group'] . ' ' . CONF['ht']['ht_path'] . '/fs/' . $id . ' --no-dereference', result_code: $code);
 
 	if ($code !== 0)
 
 		output(500, 'Can\'t change user directory group.');
 
 
 	// Setup Tor config directory
 
-	if (mkdir(CONF['ht']['tor_config_path'] . '/' . $id, 0755) !== true)
 
+	if (mkdir(CONF['ht']['tor_config_path'] . '/' . $id, 0000) !== true)
 
 		output(500, 'Can\'t create Tor config directory.');
 
+	if (chmod(CONF['ht']['tor_config_path'] . '/' . $id, 0775) !== true)
 
+		output(500, 'Can\'t chmod Tor config directory.');
 
 
 	// Setup Tor keys directory
 
 	exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['tor_user'] . ' ' . CONF['ht']['mkdir_path'] . ' --mode=0700 ' . CONF['ht']['tor_keys_path'] . '/' . $id, result_code: $code);

+ 5 - 2
pg-act/ht/add-onion.php
View File 

@@ -6,10 +6,13 @@ if (dirsStatuses('onion')[$_POST['dir']] !== false)
 
 rateLimit();
 
 
 // Add Tor config
 
+$torConfFile = CONF['ht']['tor_config_path'] . '/' . $_SESSION['id'] . '/' . $_POST['dir'];
 
 $torConf = 'HiddenServiceDir ' . CONF['ht']['tor_keys_path'] . '/' . $_SESSION['id'] . '/' . $_POST['dir'] . '/
 
 HiddenServicePort 80 ' . CONF['ht']['onion_internal_host'] . LF;
 
-if (file_put_contents(CONF['ht']['tor_config_path'] . '/' . $_SESSION['id'] . '/' . $_POST['dir'], $torConf) === false)
 
-	output(500, 'Failed to write new Tor configuration.');
 
+if (file_put_contents($torConfFile, $torConf) === false)
 
+	output(500, 'Failed to write new Tor configuration file.');
 
+if (chmod($torConfFile, 0644) !== true)
 
+	output(500, 'Failed to give correct permissions to new Tor configuration file.');
 
 
 // Reload Tor
 
 exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['tor_reload_cmd'], $output, $code);

+ 4 - 1
pg-view/ht/index.php
View File 

@@ -76,7 +76,10 @@ $quota = (($_SESSION['type'] ?? '') === 'approved') ? CONF['ht']['user_quota_app
 
 	<section>
 
 		<h3><?= _('Connecting to the server') ?></h3>
 
 
-		<a href="sftp://<?= isset($_SESSION['display-username']) ? $_SESSION['display-username'] : '&lt;username&gt;'; ?>@<?= CONF['ht']['sftp_domain'] ?>:<?= CONF['ht']['public_sftp_port'] ?>/">sftp://<?= isset($_SESSION['display-username']) ? $_SESSION['display-username'] : '&lt;username&gt;'; ?>@<?= CONF['ht']['sftp_domain'] ?>:<?= CONF['ht']['public_sftp_port'] ?>/</a>
 
+<?php
 
+$sftp_url = 'sftp://' . (defined('DISPLAY_USERNAME') ? DISPLAY_USERNAME : '&lt;username&gt;') . '@' . CONF['ht']['sftp_domain'] . ':' . CONF['ht']['public_sftp_port'] . '/';
 
+?>
 
+		<a href="<?= $sftp_url ?>"><?= $sftp_url ?></a>
 
 
 		<dl>
 
 			<dt><?= _('Server') ?></dt>

+ 4 - 5
router.php
View File 

@@ -1,4 +1,5 @@
 
 <?php
 
+umask(0077);
 
 const ROOT_PATH = __DIR__;
 
 define('CONF', parse_ini_file(ROOT_PATH . '/config.ini', true, INI_SCANNER_TYPED));
 
 
@@ -8,16 +9,14 @@ DB->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 
 
 date_default_timezone_set('UTC');
 
 
-$locale = 'en';
 
-foreach (explode(',', preg_replace('/[A-Z0-9]|q=|;|-|\./', '', $_SERVER['HTTP_ACCEPT_LANGUAGE'] ?? '')) as $client_locale) {
 
+foreach (explode(',', preg_replace('/[A-Z0-9]|q=|;|-|\./', '', $_SERVER['HTTP_ACCEPT_LANGUAGE'] ?? '')) as $client_locale)
 
 	if (in_array($client_locale, array_diff(scandir(ROOT_PATH . '/locales'), ['..', '.']), true)) {
 
 		$locale = $client_locale;
 
 		break;
 
 	}
 
-}
 
-define('LOCALE', $locale);
 
+define('LOCALE', $locale ?? 'en');
 
 setlocale(LC_MESSAGES, 'C.UTF-8');
 
-bindtextdomain('messages', 'locales/' . LOCALE);
 
+bindtextdomain('messages', ROOT_PATH . '/locales/' . LOCALE);
 
 header('Content-Language: ' . LOCALE);
 
 
 const SERVICES_USER = ['reg', 'ns', 'ht'];

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5