The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Httpd edition plugin

Discussion in 'cPanel Developers' started by Silent Ninja, Aug 18, 2010.

  1. Silent Ninja

    Silent Ninja Well-Known Member

    Joined:
    Apr 18, 2006
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Buenos Aires, Argentina
    I'm creating a cPanel plugin that allows the user to select which php_value's they'd like to setup on their site (I'm only letting them choose between a few possible options) and once they do, It would be saved on the httpd.conf include file for that domain. It would allow me to disable the .htaccess "Options" functionality without having to disable the use of php_value.

    Although as cPanel runs as logged with the account's user instead as being root; I cannot touch anything inside the folders "/usr/local/apache/conf/userdata/std/2/..." because they're all created by root.

    I've searched the API functions but found none that allowed me to edit the httpd include files. Is there any way to achieve this ?

    This is a snippet of my code:

    PHP:
    foreach($php_value as $name => $value) {
        
    $file_dump .= "php_value $name $value\n";
    }

    @
    mkdir("/usr/local/apache/conf/userdata/std/2/$user/$domain/",0755,true); // permission denied
    file_put_contents("/usr/local/apache/conf/userdata/std/2/$user/$domain/php.conf",$file_dump); // permission denied
     
  2. Silent Ninja

    Silent Ninja Well-Known Member

    Joined:
    Apr 18, 2006
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Buenos Aires, Argentina
    I though that I could leave a file editable and afterwards check for inputs on that file to modify the php.conf include, but that would be insecure...

    Any ideas? Nobody have though about this?
     
  3. cPanelDavidN

    cPanelDavidN Integration Developer
    Staff Member

    Joined:
    Dec 17, 2009
    Messages:
    571
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Hi Silent Ninja,

    I think you're right that cPanel doesn't provide this functionality via API or otherwise and that something would need to be created.

    I've personally never considered giving users direct rights to write php_value directives via an httpd include. So, while IMHO it's too permissive, I'll have to defer to you as to what you find to be the best practices for your end users in their shared web hosting environment. If by chance you haven't considered the different types of php directives, I would suggest a quick look at PHP: Where a configuration setting may be set - Manual and PHP: How to change configuration settings - Manual and the directive listing to get an idea of the extra options that will be available (by not limiting the use of php_value to just .htaccess and ini_set() ).

    That said, the only clean way I can think to offer this read/write functionality is to write a custom API module. And even then, I'm not sure that the proper escalations methods would be available to your custom API code.

    Essentially you'd have an API2 Perl module with functions that you could use in a standard cPanel plugin or via the xml-api. There'd be a read function and a write function. Each call would enforce a simple ACL check to assert that no one could access a file that didn't belong to them. Then it would perform/defer a read/write operation on the users include as a privileged system user.

    Maybe someone else in the forum has some input. I'll have to consult my colleagues to see if I can obtain any more relevant information.

    Best Regards,
    -DavidN
     
  4. Silent Ninja

    Silent Ninja Well-Known Member

    Joined:
    Apr 18, 2006
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Buenos Aires, Argentina
    I wasn't clear maybe on why I want to do this, but I'd really need to let my plugin from cPanel to edit the httpd.conf as I please, but not any customer and not at any time.

    I only let them change some variables like register_globals, memory_limit (up to 128), upload_max_filesize... and such, by using a plugin in PHP coded by me that have a lot of security controls.

    By having this I can disable ini_set and the .htaccess php_value to avoid the use of another unsecure variables (like the unset of disable_functions) or putting excesive values, eg "php_value max_execution_time 100000".

    I can make this script on WHM and run it by root, but it would be a pain in the ass with so many customers.
     
  5. cPanelDavidN

    cPanelDavidN Integration Developer
    Staff Member

    Joined:
    Dec 17, 2009
    Messages:
    571
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Right, those sound like sane parameters and restrictions to enforce.

    I really think it would be best to implement all the logic within a cPanel module and have your plugin call actions on that module, as opposed to having your plugin directly modify the Apache resources. The plugin would be for rendering information and offering an interface to submit changes.

    cPanel modules are executable by the user/cPanel but can't be modified; within that module there'd be a mechanism that receives and performs the CRUD operations on the user's include file, but only if the request passes necessary criteria (similar to what you mention) and as the required privileged user (root). You could enforce any time/date or flag check within the function.

    This is a native paradigm for cPanel functionality: have a UI that calls API module/functions.

    What you're proposing is significate enough that the functionality should be an extension of cPanel/Apache, not just an integration. cPanel API modules extend cPanel functionality. I really don't see a way around it, but I'm all ears. Anyone who's successfully done this level of web service manipulation from with cPanel please speak up!

    -DavidN
     
  6. Silent Ninja

    Silent Ninja Well-Known Member

    Joined:
    Apr 18, 2006
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Buenos Aires, Argentina
    I didn't quite understand what you just said about the modules.

    The cPanel plugin that I'm using is merely a graphical interface to see what's the actual PHP setup, what options you can edit, and what values you can set to them. After that, the form action could be going anywhere.

    I can write a Perl Module to do the editting job, but I don't know how to integrate it with the cPanel system so that it runs by the administrator (root) as you just said.

    Is there some sort of Knowledge Base or Template to create and integrate cPanel Perl Modules?
     
  7. Silent Ninja

    Silent Ninja Well-Known Member

    Joined:
    Apr 18, 2006
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Buenos Aires, Argentina
    I'm kind of in a hurry in this case.

    Is there any chance to do this with the cPanel Plugin > Module interface, or I'll have to do it as a WHM Plugin for now ?
     
  8. MattDees

    MattDees cPanel Product Owner
    Staff Member

    Joined:
    Apr 29, 2005
    Messages:
    417
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Silent Ninja,
    As of this time the best way to do that would be by modifying wrap.c which is located at /usr/local/cpanel/src/cpwrap/wrap.c and hooking into our AdminBin system.

    wrap.c contains the logic used for doing privilege escalation in cpanel and WHM. Inside of the main function, you will see a nice long struct containing all our current setuid binaries. Add your setuid script to this, exit, run "make cpwrap" and you should be ready to go (to an extent).

    The way that these applications word is by passing (as the first line to STDIN):

    UID COMMAND ARG1 ARG2 ARG3

    to see an example of this, you can view /usr/local/cpanel/bin/mysqladmin

    If you want to call these from an API call, you can use the Cpanel::AdminBin perl module, which contains functions for working with this system and handling the execution of cpwrap securely
     
  9. Silent Ninja

    Silent Ninja Well-Known Member

    Joined:
    Apr 18, 2006
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Buenos Aires, Argentina
    I've done that, but how do I call that wrapper?

    What? I just "exec" that like `0 editphpconf var1 value1` ?

    I've found nothing useful there, do you have any line number I can check ?
     
  10. Silent Ninja

    Silent Ninja Well-Known Member

    Joined:
    Apr 18, 2006
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Buenos Aires, Argentina
    Could you help me with an example on how to run something (like `ls /`) as root?

    Knowing that, then I can go on my own, but I'm stucked here :(
     
  11. MattDees

    MattDees cPanel Product Owner
    Staff Member

    Joined:
    Apr 29, 2005
    Messages:
    417
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Just to let you know, I haven't forgotten about you.

    Working a blog post on this subject right now (may be a few days).
     
  12. Silent Ninja

    Silent Ninja Well-Known Member

    Joined:
    Apr 18, 2006
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Buenos Aires, Argentina
    ♥♥♥♥♥ !

    Kudos :3
     
  13. Silent Ninja

    Silent Ninja Well-Known Member

    Joined:
    Apr 18, 2006
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Buenos Aires, Argentina
    Have you got enough days already ? Any news ?
     
  14. Silent Ninja

    Silent Ninja Well-Known Member

    Joined:
    Apr 18, 2006
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Buenos Aires, Argentina
    I need him just to tell me how to wrap an "Hello, World!" echo as root, so I can keep up on my own after that. I don't know how hard that could that be, since it's my first cPanel plugin that does this wrapping thing.
     
  15. cPanelDavidN

    cPanelDavidN Integration Developer
    Staff Member

    Joined:
    Dec 17, 2009
    Messages:
    571
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Silent Ninja,

    Since Matt is a developer at cPanel, there are many important things that he must attend to, namely the cPanel code. He must prioritize all his obligations and organize his time appropriately; in accordance with the responsibility he has to his team and the entire cPanel community.

    Please be patience. He has promised a blog post as well has given you the basis to investigate how to engineer you own solution. I'm sure he will follow through and post to the integration blog just as soon as is possible.

    Regards,
    -DavidN
     
  16. Silent Ninja

    Silent Ninja Well-Known Member

    Joined:
    Apr 18, 2006
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Buenos Aires, Argentina
    And it's been another 2 weeks... one month since we began.

    Did you have enough time to make A <<Expletive Deleted>> HELLO WORLD WAPPER ?

    Come on!
    I'm paying for cPanel, do I need to write a ticket to be listened ?
     
    #16 Silent Ninja, Oct 7, 2010
    Last edited by a moderator: Oct 7, 2010
  17. activa

    activa Well-Known Member

    Joined:
    May 23, 2006
    Messages:
    204
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Morocco
    cPanel Access Level:
    Root Administrator
    the same case here ...

    Silent Ninja > Have got your plugin to work ? can you share it if is working .

    i need the same thing , i want to give my client option to enable/disable safe mode , register global , max post ect ..... all this via a plugin in cpanel .
     
  18. cPanelDavidN

    cPanelDavidN Integration Developer
    Staff Member

    Joined:
    Dec 17, 2009
    Messages:
    571
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
Loading...
Similar Threads - Httpd edition plugin
  1. Goran.Siriev
    Replies:
    1
    Views:
    459

Share This Page