function rootJail($service_id, $username) { global $config; //get the identifier $id = stripAlphaNumeric(getServiceParam($service_id, "id")); if ($id === false) { die("Error: identifier for this service has not been set!\n"); } //make sure it hasn't been jailed yet if (getServiceParam($service_id, "jail") !== false || getServiceParam($service_id, "jail_user") !== false || getServiceParam($service_id, "jail_path") !== false) { die("Error: target service already has jail settings!\n"); } //get service type $type = getServiceType($service_id); if ($type !== "ghost" && $type !== "minecraft" && $type !== "garena" && $type !== "channel") { //not a process-based service, seems like it can't be jailed? die("Error: service doesn't seem to be process-based (type={$type})!\n"); } //add the system user if not exists if (!file_exists("/home/{$username}/")) { rexec('adduser --disabled-password --gecos "" ' . escapeshellarg($username)); } //copy to own directory, and set permissions of result so that username is owner //we use cp to ensure proper handling of symlinks (PHP documentation doesn't guarantee this) $source_path = $config[$type . "_path"] . $id . "/"; $target_path = "/home/{$username}/{$id}/"; rexec("cp -r " . escapeshellarg($source_path) . " " . escapeshellarg($target_path)); rexec("chown -R " . escapeshellarg($username . ":" . $username) . " " . escapeshellarg($target_path)); //also, depending on the service, user might need to access files in the service_path directory //so set permissions on that as well rexec("chown -R " . escapeshellarg(":" . $username) . " " . escapeshellarg($source_path)); rexec("chmod -R 770 " . escapeshellarg($source_path)); //depending on the service type, we may wish to rewrite some configuration files if ($type == "ghost") { //the "maps" and "replays" directory should be changed over to use absolute path to the subdirectory of source // (since this is how include/ghost.php handles it) $escaped_source_path = str_replace(array('$', '/', '['), array('\\$', '\\/', '\\['), $source_path); rexec("sed -i " . escapeshellarg("s/bot_mappath = maps/bot_mappath = {$escaped_source_path}maps/") . " " . escapeshellarg($target_path . "default.cfg")); rexec("sed -i " . escapeshellarg("s/bot_replaypath = replays/bot_replaypath = {$escaped_source_path}replays/") . " " . escapeshellarg($target_path . "default.cfg")); } //update the jail settings setServiceParam($service_id, "jail", "1"); setServiceParam($service_id, "jail_user", $username); setServiceParam($service_id, "jail_path", $target_path); }
function installGarena() { global $config; if (isInstalled("garena")) { return; } chdir($config['root_path']); rexec("svn co http://gcb.googlecode.com/svn/trunk/bin gcb-bin"); mkdir($config['garena_path']); chmod($config['garena_path'], 0755); mkdir($config['garena_path'] . "lib"); chmod($config['garena_path'] . "lib", 0755); copy($config['root_path'] . "gcb-bin/gcb.jar", $config['garena_path'] . "gcb.jar"); copy($config['root_path'] . "gcb-bin/gcbrooms.txt", $config['garena_path'] . "gcbrooms.txt"); copy($config['root_path'] . "gcb-bin/gkey.pem", $config['garena_path'] . "gkey.pem"); copy($config['root_path'] . "gcb-bin/gcb.cfg", $config['garena_path'] . "gcb.cfg"); recursiveCopy($config['root_path'] . "gcb-bin/lib", $config['garena_path'] . "lib"); installFinish("garena"); }