HOME


Mini Shell 1.0
DIR:/scripts/
Upload File :
Current File : //scripts/ftpquotacheck
#!/usr/local/cpanel/3rdparty/bin/perl

# cpanel - scripts/ftpquotacheck                   Copyright 2022 cPanel, L.L.C.
#                                                           All rights reserved.
# copyright@cpanel.net                                         http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited

package scripts::ftpquotacheck;

use strict;
use warnings;
use Cpanel::PwCache::Helpers   ();
use Cpanel::PwCache::Build     ();
use Cpanel::Config::LoadCpConf ();
use Cpanel::JSON               ();    # PPI NO PARSE - speed up LoadCpConf
use Cpanel::ConfigFiles        ();
use Try::Tiny;

use constant ANON_FTP_UID => 65535;
use constant FTP_GID      => 65535;

exit( __PACKAGE__->new( 'force' => ( @ARGV && grep( /force/, @ARGV ) ), 'verbose' => 1 )->run() ) unless caller();

sub new {
    my ( $class, %args ) = @_;

    require Cpanel::IONice;
    require Cpanel::OSSys;

    my $cpconf_ref = Cpanel::Config::LoadCpConf::loadcpconf_not_copy();
    my $self       = {%args};
    $self->{'purequotacheck'}            = _find_purequotacheck();
    $self->{'ftp_gid'}                   = scalar( getgrnam 'ftp' ) || FTP_GID;
    $self->{'start_time'}                = time();
    $self->{'ftpquotacheck_expire_time'} = $cpconf_ref->{'ftpquotacheck_expire_time'};
    $self->{'ionice_ftpquotacheck'}      = $cpconf_ref->{'ionice_ftpquotacheck'};

    return bless $self, $class;

}

sub run {
    my ($self) = @_;
    print "Ftp Quota Check v2.0\n" if $self->{'verbose'};
    return 0                       if !$self->{'purequotacheck'};

    if ( Cpanel::IONice::ionice( 'best-effort', exists $self->{'ionice_ftpquotacheck'} ? $self->{'ionice_ftpquotacheck'} : 6 ) ) {
        print "[ftpquotacheck] Setting I/O priority to reduce system load: " . Cpanel::IONice::get_ionice() . "\n" if $self->{'verbose'};
    }
    Cpanel::OSSys::nice(10);

    local $| = 1;

    $self->process_users();
    return 0;
}

sub process_users {
    my ($self) = @_;
    Cpanel::PwCache::Helpers::no_uid_cache();    #uid cache only needed if we are going to make lots of getpwuid calls
    Cpanel::PwCache::Build::init_passwdless_pwcache();
    my $pwcache_ref = Cpanel::PwCache::Build::fetch_pwcache();

    my $processed_users = 0;
    foreach my $pwref (@$pwcache_ref) {
        my ( $username, $uid, $gid, $homedir ) = (@$pwref)[ 0, 2, 3, 7 ];
        if ( $self->_ftp_is_suspended_for_user($username) ) {
            print "Skipping suspended FTP users for cPanel Account \"$username\"\n" if $self->{'verbose'};
            next;
        }
        if ( -e $homedir . '/etc/ftpquota' ) {
            my $ftp_users_to_process_ar = $self->_get_ftp_users_to_process($username);

            if ( $ftp_users_to_process_ar && @$ftp_users_to_process_ar ) {
                $processed_users++;
                print "Processing cPanel Account \"$username\": \n" if $self->{'verbose'};
                $self->_rebuild_ftp_quota_for_virtual_ftp_users(
                    'system_user'     => $username,
                    'uid'             => $uid,
                    'gid'             => $gid,
                    'user_ftphome_ar' => $ftp_users_to_process_ar,
                );
                print "Done\n" if $self->{'verbose'};
            }
        }
    }
    return $processed_users;
}

sub _get_ftp_users_to_process {
    my ( $self, $username ) = @_;

    open my $ftp_fh, '<', $self->_get_ftp_user_pw_file($username) or return undef;
    my @ftp_users_to_process;

    while ( my $line = readline $ftp_fh ) {

        # Do not process comments.
        # The official file format does not support comments, but we add one anyway when users are suspended.
        next if $line =~ m{ \A \s* [#] }xms;

        chomp $line;
        my ( $ftpuser, $ftphome ) = ( split( /:/, $line ) )[ 0, 5 ];

        # Do not process the main username or the _logs
        # user as this will result in building an .ftpquota
        # for the entire home directory
        next if $ftpuser eq $username . '_logs' || $ftpuser eq $username || $ftpuser eq 'anonymous';

        push @ftp_users_to_process, [ $ftpuser, $ftphome ];
    }
    close($ftp_fh);

    return \@ftp_users_to_process;
}

sub _update_anon_ftpquota {
    my ( $self, %args ) = @_;

    my ( $mode, $uid, $gid, $ftphome ) = @args{ 'ftphome_mode', 'uid', 'gid', 'ftphome' };

    require Cpanel::SafeFind;
    require Cpanel::AccessIds::ReducedPrivileges;
    require Cpanel::FileUtils::Write;
    require Cpanel::Finally;

    my $files = 0;
    my $bytes = 0;

    $mode //= 0750;
    $mode &= 07777;                  # Mask off any non-perm bits so it can be restored later. This will be 0 if the account is suspended!
    my $temp_mode = $mode | 0770;    # Ensure user and group can write, but retain "other" perms which is the anonymous access switch.

    my $restore_perms = Cpanel::Finally->new(
        sub {
            if ( $mode != $temp_mode ) {

                # Restore previous perms.
                my $privs = Cpanel::AccessIds::ReducedPrivileges->new( $uid, $gid );
                chmod $mode, $ftphome;
            }
        }
    );

    {
        my $privs = Cpanel::AccessIds::ReducedPrivileges->new( $uid, $gid );
        chmod $temp_mode, $ftphome if ( $mode != $temp_mode );
        Cpanel::SafeFind::find(
            {
                'wanted' => sub {
                    return if $File::Find::name =~ m/\/\.+$/;
                    my ( $tuid, $tgid, $tbytes ) = ( lstat($File::Find::name) )[ 4, 5, 7 ];
                    return if ( $tuid != ANON_FTP_UID || $tgid != $self->{'ftp_gid'} );
                    $files += 1;
                    $bytes += $tbytes;
                },
                'no_chdir' => 1
            },
            $ftphome
        );
    }
    {
        my $privs = Cpanel::AccessIds::ReducedPrivileges->new( ANON_FTP_UID, $self->{'ftp_gid'}, $gid );
        try {
            Cpanel::FileUtils::Write::overwrite( $ftphome . '/.ftpquota', "$files $bytes\n", 0644 );
        }
        catch {
            warn "Unable to write $ftphome/.ftpquota: $@";
        }
    }
    return 1;
}

sub _run_pure_quota_check_for_user {
    my ( $self, %args ) = @_;

    require Cpanel::SafeRun::Object;
    my ( $system_user, $ftphome ) = @args{ 'system_user', 'ftphome' };

    my $run = Cpanel::SafeRun::Object->new(
        'program' => $self->{'purequotacheck'},
        'args'    => [ '-u', $system_user, '-d', $ftphome ],
        'user'    => $system_user,
        'homedir' => $ftphome,
        'stdout'  => \*STDOUT,
        'stderr'  => \*STDERR,
    );

    return $run->CHILD_ERROR() ? 0 : 1;
}

sub _rebuild_ftp_quota_for_virtual_ftp_users {
    my ( $self, %args ) = @_;

    my ( $system_user, $users_to_process_ar, $uid, $gid ) = @args{ 'system_user', 'user_ftphome_ar', 'uid', 'gid' };

    foreach my $user_ref (@$users_to_process_ar) {
        my ( $user, $ftphome ) = @{$user_ref};
        if ( -d $ftphome ) {
            my $mode = ( stat(_) )[2];
            if ( !$self->{'force'} && -e $ftphome . '/.ftpquota' && ( stat(_) )[9] + ( 86400 * ( $self->{'ftpquotacheck_expire_time'} || 30 ) ) > $self->{'start_time'} ) {
                print "  $system_user : $user ... skipped (not expired)\n" if $self->{'verbose'};
                next;
            }
            print "  $system_user : $user ($ftphome)..." if $self->{'verbose'};

            my %args = (
                'system_user'  => $system_user,
                'ftp_user'     => $user,
                'ftphome_mode' => $mode,
                'uid'          => $uid,
                'gid'          => $gid,
                'ftphome'      => $ftphome
            );

            if ( $user eq 'ftp' ) {
                $self->_update_anon_ftpquota(%args);
            }
            else {
                $self->_run_pure_quota_check_for_user(%args);

            }
            print "rebuilt\n" if $self->{'verbose'};
        }
    }

    return 1;
}

sub _get_ftp_user_pw_file {
    my ( $self, $user ) = @_;
    return "/$Cpanel::ConfigFiles::FTP_PASSWD_DIR/$user";
}

sub _ftp_is_suspended_for_user {
    my ( $self, $user ) = @_;
    return -e $self->_get_ftp_user_pw_file($user) . '.suspended';
}

sub _find_purequotacheck {    # Mocked in tests.
    return
        -x '/usr/sbin/pure-quotacheck'       ? '/usr/sbin/pure-quotacheck'
      : -x '/usr/local/sbin/pure-quotacheck' ? '/usr/local/sbin/pure-quotacheck'
      :                                        '';
}