#!/bin/bash #version 0.4 #gedas@mc2.dev ### VARS ### DEFAULTPACKAGE=NO_LIMIT DNSMASTER="192.168.8.13" # IP address of this server that should be used on the client host for multiserver DNSSLAVE="192.168.8.14" # the second DNS server. This server should be able to login to DNSSLAVE via ssh DNSSLAVEPORT="22" # port for dnsslave ADMINUSER="admin" # server main admin user TRUSTED_IPS="127.0.0.1,192.168.0.1" #comma separated list of IP addresses ### END VARS ### ######### FUNCTIONS createUser() { #mandatory options: USERNAME="$1" PASSWORD="$2" DOMAIN="$3" if [[ -z "${USERNAME}" ]] || [[ -z "${PASSWORD}" ]] || [[ -z "${DOMAIN}" ]]; then echo "+---------------------------------------+" echo "Create a user:" echo "$0 createuser USERNAME PASSWORD DOMAIN " echo " are optional" echo "+---------------------------------------+" exit 1 fi #optional PACKAGE="$4" EMAIL="$5" #default values if not set [[ -z "${PACKAGE}" ]] && PACKAGE="${DEFAULTPACKAGE}" [[ -z "${EMAIL}" ]] && EMAIL="admin@`hostname -f`" #json template: CREATE_USER_JSON=$(cat << EOF { "username": "${USERNAME}", "email": "${EMAIL}", "passwd": "${PASSWORD}", "passwd2": "${PASSWORD}", "domain": "${DOMAIN}", "package": "${PACKAGE}", "ip": "server", "notify": "no", "json": "yes", "add": "yes", "action": "create" } EOF ) #create user curl -k -X -u "$(/usr/local/directadmin/directadmin --root-auth-url-for=${ADMINUSER})/CMD_ACCOUNT_USER?json=yes" --request "POST" --data "${CREATE_USER_JSON}" } deleteUser() { USERNAME="$1" if [[ -z "${USERNAME}" ]]; then echo "+---------------------------------------+" echo "Delete a user:" echo "$0 deleteuser USERNAME" echo "+---------------------------------------+" exit 1 fi DELETE_USER_JSON=$(cat << EOF { "leave_dns": "no", "json": "yes", "location": "CMD_ALL_USER_SHOW", "delete": "yes", "confirmed": "yes", "select0": "${USERNAME}" } EOF ) curl -k -X -u "$(/usr/local/directadmin/directadmin --root-auth-url-for=${ADMINUSER})/CMD_SELECT_USERS?json=yes" --request "POST" --data "${DELETE_USER_JSON}" } createDB() { DBNAME="$1" DBUSERNAME="$2" DBPASSWORD="$3" if [[ -z "${DBNAME}" ]] || [[ -z "${DBUSERNAME}" ]] || [[ -z "${DBPASSWORD}" ]]; then echo "+---------------------------------------+" echo "Create a database:" echo "$0 createdb DBNAME DBUSERNAME DBPASSWORD" echo "+---------------------------------------+" exit 1 fi USERNAME=$(echo ${DBNAME} | cut -f1 -d_) DBNAME=$(echo ${DBNAME} | cut -f2 -d_) DBUSERNAME=$(echo ${DBUSERNAME} | cut -f2 -d_) CREATE_DB_JSON=$(cat << EOF { "name": "${DBNAME}", "user": "${DBUSERNAME}", "passwd": "${DBPASSWORD}", "passwd2": "${DBPASSWORD}", "userlist": "...", "json": "yes", "action": "create" } EOF ) #create db curl -k -X -u "$(/usr/local/directadmin/directadmin --root-auth-url-for=${USERNAME})/CMD_DB?json=yes" --request "POST" --data "${CREATE_DB_JSON}" } deleteDB() { DBNAME="$1" if [[ -z "${DBNAME}" ]]; then echo "+---------------------------------------+" echo "Delete a database:" echo "$0 deletedb DBNAME" echo "+---------------------------------------+" exit 1 fi USERNAME=$(echo ${DBNAME} | cut -f1 -d_) DELETE_DB_JSON=$(cat << EOF { "json": "yes", "action": "select", "delete_db": "yes", "select0": "${DBNAME}" } EOF ) curl -k -X -u "$(/usr/local/directadmin/directadmin --root-auth-url-for=${USERNAME})/CMD_DB?json=yes" --request "POST" --data "${DELETE_DB_JSON}" } createForwarder() { FORWARDER="$1" DESTINATION="$2" if [[ -z "${FORWARDER}" ]] || [[ -z "${DESTINATION}" ]]; then echo "+---------------------------------------+" echo "Create a forwarder:" echo "$0 createforwarder FORWARDER DESTINATION" echo "+---------------------------------------+" exit 1 fi DOMAIN=$(echo ${FORWARDER} | cut -f2 -d@) USERNAME=$(grep -E "^${DOMAIN}:" -m1 /etc/virtual/domainowners | cut -f2 -d: | xargs) CREATE_FORWARDER_JSON=$(cat << EOF { "json": "yes", "action": "create", "raw_forwarders": "${FORWARDER} --> ${DESTINATION}" } EOF ) curl -k -X -u "$(/usr/local/directadmin/directadmin --root-auth-url-for=${USERNAME})/CMD_EMAIL_FORWARDER?json=yes" --request "POST" --data "${CREATE_FORWARDER_JSON}" } deleteForwarder() { FORWARDER="$1" if [[ -z "${FORWARDER}" ]]; then echo "+---------------------------------------+" echo "Delete a forwarder:" echo "$0 deleteforwarder FORWARDER" echo "+---------------------------------------+" exit 1 fi DOMAIN=$(echo ${FORWARDER} | cut -f2 -d@) BOX=$(echo ${FORWARDER} | cut -f1 -d@) USERNAME=$(grep -E "^${DOMAIN}:" -m1 /etc/virtual/domainowners | cut -f2 -d: | xargs) DELETE_FORWARDER_JSON=$(cat << EOF { "domain": "${DOMAIN}", "json": "yes", "action": "delete", "delete": "yes", "select0": "${BOX}" } EOF ) curl -k -X -u "$(/usr/local/directadmin/directadmin --root-auth-url-for=${USERNAME})/CMD_EMAIL_FORWARDER?json=yes" --request "POST" --data "${DELETE_FORWARDER_JSON}" } createDomain() { USERNAME="$1" DOMAIN="$2" if [[ -z "${USERNAME}" ]] || [[ -z "${DOMAIN}" ]]; then echo "+---------------------------------------+" echo "Create a domain for a user:" echo "$0 createdomain USERNAME DOMAIN" echo "or" echo "$0 createdomain USERNAME list=file" echo "+---------------------------------------+" exit 1 fi if [[ $(echo ${DOMAIN} | grep -c -E "^list=") -gt 0 ]]; then DOMFILE=$(echo ${DOMAIN} | cut -f2 -d=) for DOMAIN in `cat ${DOMFILE}`; do CREATE_DOMAIN_JSON=$(cat << EOF { "domain": "${DOMAIN}", "uquota": "unlimited", "ssl": "ON", "php": "ON", "json": "yes", "action": "create", "ubandwidth": "unlimited" } EOF ) curl -k -X -u "$(/usr/local/directadmin/directadmin --root-auth-url-for=${USERNAME})/CMD_DOMAIN?json=yes" --request "POST" --data "${CREATE_DOMAIN_JSON}" done else CREATE_DOMAIN_JSON=$(cat << EOF { "domain": "${DOMAIN}", "uquota": "unlimited", "ssl": "ON", "php": "ON", "json": "yes", "action": "create", "ubandwidth": "unlimited" } EOF ) curl -k -X -u "$(/usr/local/directadmin/directadmin --root-auth-url-for=${USERNAME})/CMD_DOMAIN?json=yes" --request "POST" --data "${CREATE_DOMAIN_JSON}" fi } deleteDomain() { USERNAME="$1" DOMAIN="$2" if [[ -z "${USERNAME}" ]] || [[ -z "${DOMAIN}" ]]; then echo "+---------------------------------------+" echo "Delete a domain from a user:" echo "$0 deletedomain USERNAME DOMAIN" echo "or" echo "$0 deletedomain USERNAME list=file" echo "+---------------------------------------+" exit 1 fi if [[ $(echo ${DOMAIN} | grep -c -E "^list=") -gt 0 ]]; then DOMFILE=$(echo ${DOMAIN} | cut -f2 -d=) for DOMAIN in `cat ${DOMFILE}`; do DELETE_DOMAIN_JSON=$(cat << EOF { "delete_data": "yes", "json": "yes", "action": "select", "delete": "yes", "confirmed": "yes", "delete_data_aware": "yes", "select0": "${DOMAIN}" } EOF ) curl -k -X -u "$(/usr/local/directadmin/directadmin --root-auth-url-for=${USERNAME})/CMD_DOMAIN?json=yes" --request "POST" --data "${DELETE_DOMAIN_JSON}" done else DELETE_DOMAIN_JSON=$(cat << EOF { "delete_data": "yes", "json": "yes", "action": "select", "delete": "yes", "confirmed": "yes", "delete_data_aware": "yes", "select0": "${DOMAIN}" } EOF ) curl -k -X -u "$(/usr/local/directadmin/directadmin --root-auth-url-for=${USERNAME})/CMD_DOMAIN?json=yes" --request "POST" --data "${DELETE_DOMAIN_JSON}" fi } enableSSH() { USERNAME="$1" if [[ -z "${USERNAME}" ]]; then echo "+---------------------------------------+" echo "Enable SSH for a user:" echo "$0 enablessh USERNAME" echo "+---------------------------------------+" exit 1 fi chsh -s /bin/bash ${USERNAME} sed -i -e 's/ssh=OFF/ssh=ON/g' /usr/local/directadmin/data/users/${USERNAME}/user.conf } disableSSH() { USERNAME="$1" if [[ -z "${USERNAME}" ]]; then echo "+---------------------------------------+" echo "Disable SSH for a user:" echo "$0 disablessh USERNAME" echo "+---------------------------------------+" exit 1 fi chsh -s /bin/false ${USERNAME} sed -i -e 's/ssh=ON/ssh=OFF/g' /usr/local/directadmin/data/users/${USERNAME}/user.conf } docroot() { USERNAME="$1" DOMAIN="$2" DOCROOT="$3" if [[ -z "${USERNAME}" ]] || [[ -z "${DOMAIN}" ]] || [[ -z "${DOCROOT}" ]]; then echo "+---------------------------------------+" echo "Change DOCROOT for a domain:" echo "$0 docroot USERNAME DOMAIN DOCROOT" echo "Example $0 docroot john domain.tld domains/domain.tld/public_html" echo "+---------------------------------------+" exit 1 fi if [[ $(grep DOCROOT /usr/local/directadmin/data/users/${USERNAME}/domains/${DOMAIN}.cust_httpd -q -c) -gt 0 ]]; then echo "Custom docroot already exist. Please remove the customisation." else echo "|?DOCROOT=/home/${USERNAME}/${DOCROOT}|" >> /usr/local/directadmin/data/users/${USERNAME}/domains/${DOMAIN}.cust_httpd echo "action=rewrite&value=httpd&domain=${DOMAIN}" >> /usr/local/directadmin/data/task.queue.cb /usr/local/directadmin/dataskq d --custombuild fi } createmail() { DOMAIN="$1" MBOX="$2" PASSWORD="$3" SIZE="$4" [[ -z "${SIZE}" ]] && SIZE="0" if [[ -z "${DOMAIN}" ]] || [[ -z "${MBOX}" ]] || [[ -z "${PASSWORD}" ]]; then echo "+---------------------------------------+" echo "Create a mailbox:" echo "$0 createmail DOMAIN MBOX PASSWORD " echo "+---------------------------------------+" exit 1 fi CREATE_EMAIL_JSON=$(cat << EOF { "user": "${MBOX}", "passwd2": "${PASSWORD}", "passwd": "${PASSWORD}", "quota": "${SIZE}", "limit": "200", "domain": "${DOMAIN}", "json": "yes", "action": "create" } EOF ) USERNAME=$(grep -E "^${DOMAIN}:" -m1 /etc/virtual/domainowners | cut -f2 -d: | xargs) curl -k -X -u "$(/usr/local/directadmin/directadmin --root-auth-url-for=${USERNAME})/CMD_EMAIL_POP?json=yes" --request "POST" --data "${CREATE_EMAIL_JSON}" } deletemail() { DOMAIN="$1" MBOX="$2" if [[ -z "${DOMAIN}" ]] || [[ -z "${MBOX}" ]]; then echo "+---------------------------------------+" echo "Delete a mailbox:" echo "$0 deletemail DOMAIN MBOX" echo "+---------------------------------------+" exit 1 fi DELETE_EMAIL_JSON=$(cat << EOF { "clean_forwarders": "yes", "domain": "${DOMAIN}", "json": "yes", "action": "delete", "delete": "yes", "select0": "${MBOX}" } EOF ) USERNAME=$(grep -E "^${DOMAIN}:" -m1 /etc/virtual/domainowners | cut -f2 -d: | xargs) curl -k -X -u "$(/usr/local/directadmin/directadmin --root-auth-url-for=${USERNAME})/CMD_EMAIL_POP?json=yes" --request "POST" --data "${DELETE_EMAIL_JSON}" } enabledkim() { DOMAIN="$1" if [[ -z "${DOMAIN}" ]]; then echo "+---------------------------------------+" echo "Enable DKIM for a domain:" echo "$0 enabledkim DOMAIN" echo "+---------------------------------------+" exit 1 fi ENABLE_DKIM_JSON=$(cat << EOF { "action": "set_dkim", "domain": "${DOMAIN}", "json": "yes", "enable": "yes" } EOF ) USERNAME=$(grep -E "^${DOMAIN}:" -m1 /etc/virtual/domainowners | cut -f2 -d: | xargs) curl -k -X -u "$(/usr/local/directadmin/directadmin --root-auth-url-for=${USERNAME})/CMD_EMAIL_POP?json=yes" --request "POST" --data "${ENABLE_DKIM_JSON}" } disabledkim() { DOMAIN="$1" if [[ -z "${DOMAIN}" ]]; then echo "+---------------------------------------+" echo "Enable DKIM for a domain:" echo "$0 enabledkim DOMAIN" echo "+---------------------------------------+" exit 1 fi DISABLE_DKIM_JSON=$(cat << EOF { "action": "set_dkim", "domain": "${DOMAIN}", "json": "yes", "disable": "yes" } EOF ) USERNAME=$(grep -E "^${DOMAIN}:" -m1 /etc/virtual/domainowners | cut -f2 -d: | xargs) curl -k -X -u "$(/usr/local/directadmin/directadmin --root-auth-url-for=${USERNAME})/CMD_EMAIL_POP?json=yes" --request "POST" --data "${DISABLE_DKIM_JSON}" } changemailpass() { DOMAIN="$1" MBOX="$2" PASSWORD="$3" if [[ -z "${DOMAIN}" ]] || [[ -z "${MBOX}" ]] || [[ -z "${PASSWORD}" ]]; then echo "+---------------------------------------+" echo "Change mailbox password:" echo "$0 changemailpass DOMAIN MBOX PASSWORD" echo "+---------------------------------------+" exit 1 fi CHANGE_EMAIL_PASS_JSON=$(cat << EOF { "user": "${MBOX}", "newuser": "${MBOX}", "passwd2": "${PASSWORD}", "passwd": "${PASSWORD}", "quota": "50", "limit": "200", "domain": "${DOMAIN}", "json": "yes", "action": "modify" } EOF ) USERNAME=$(grep -E "^${DOMAIN}:" -m1 /etc/virtual/domainowners | cut -f2 -d: | xargs) curl -k -X -u "$(/usr/local/directadmin/directadmin --root-auth-url-for=${USERNAME})/CMD_EMAIL_POP?json=yes" --request "POST" --data "${CHANGE_EMAIL_PASS_JSON}" } changeuserpass() { USER="$1" PASSWORD="$2" if [[ -z "${USER}" ]] || [[ -z "${PASSWORD}" ]]; then echo "+---------------------------------------+" echo "Change mailbox password:" echo "$0 changeuserpass LOGIN PASSWORD" echo "+---------------------------------------+" exit 1 fi CHANGE_USER_PASS_JSON=$(cat << EOF { "username": "${USER}", "passwd": "${PASSWORD}", "json": "yes", "action": "create", "referer": "CMD_API_USER_PASSWD", "passwd2": "${PASSWORD}" } EOF ) curl -k -X -u "$(/usr/local/directadmin/directadmin --root-auth-url-for=${ADMINUSER})/CMD_USER_PASSWD?json=yes" --request "POST" --data "${CHANGE_USER_PASS_JSON}" } disablenamed() { sed -i -e 's/named=ON/named=OFF/g' /usr/local/directadmin/data/admin/services.status systemctl stop named systemctl disable named NAMED_PLACEBO=$(cat << EOF [Unit] Description=Named Placebo After=syslog.target network.target Requires=network.target Documentation=http://help.directadmin.com/item.php?id=25 [Service] Type=oneshot ExecStart=/usr/bin/echo -n '' EOF ) [[ -f '/etc/systemd/system/named.service' ]] && echo "${NAMED_PLACEBO}" > /etc/systemd/system/named.service [[ -f '/usr/lib/systemd/system/named.service' ]] && echo "${NAMED_PLACEBO}" > /usr/lib/systemd/system/named.service systemctl daemon-reload } enablenamed() { [[ `grep 'Placebo' -q /etc/systemd/system/named.service` ]] && rm -fv /etc/systemd/system/named.service [[ `grep 'Placebo' -q /usr/lib/systemd/system/named.service` ]] && rm -fv /usr/lib/systemd/system/named.service cd /usr/local/directadmin/custombuild ./build update ./build bind } sethostname() { /usr/local/directadmin/scripts/hostname.sh "$1" } multiserver() { #Is used to create admin account locally + create the same account on the DNSSLAVE server using SSH. #Then client to the CLIENTHOSTNAME and use that for multiserver setup. CLIENTHOSTNAME="$1" CLIENTNAME="$2" if [[ -z "${CLIENTHOSTNAME}" ]] || [[ -z "${CLIENTNAME}" ]]; then echo "+---------------------------------------+" echo "Push multiserver settings to CLIENTHOSTNAME:" echo "$0 multiserver CLIENTHOSTNAME CLIENTNAME" echo "+---------------------------------------+" exit 1 fi GLOBALKEYDIR="/usr/local/directadmin/data/users/admin/login_keys" KEYDIR="${GLOBALKEYDIR}/dns${CLIENTNAME}" PASSWD=`openssl rand -base64 20` HASH=`echo -n "${PASSWD}" | openssl passwd -6 -stdin` ## precheck connectivity if [[ `whoami` == root ]]; then if [[ `ssh -lroot ${CLIENTHOSTNAME} 'whoami'` == "root" ]]; then if [[ `ssh -lroot ${DNSSLAVE} 'whoami'` == "root" ]]; then echo "Access looks good" else echo "Error: We need root access to the ${DNSSLAVE}" exit 1 fi else echo "Error: We need root access to the ${CLIENTHOSTNAME}" exit 1 fi else echo "Error: Script must be executed as root" exit 1 fi ## local DNS key creation echo "Creating local keys 'dns${CLIENTNAME}'" mkdir -p ${KEYDIR} cat << EOF > ${KEYDIR}/key.conf allow_htm=no clear_key=no created_by=127.0.0.1 date_created=$(date +%s) expiry=0 key=${HASH} max_uses=0 uses=0 EOF cat << EOF > ${KEYDIR}/commands.allow CMD_API_DNS_ADMIN CMD_API_LOGIN_TEST EOF chown -R diradmin:diradmin ${KEYDIR} chmod 700 ${KEYDIR} chmod 600 ${KEYDIR}/key.conf ${KEYDIR}/commands.allow ## Remote DNS rsync keys to DNSSLAVE. echo "Syncing keys to ${DNSSLAVE}" rsync ${KEYDIR}/ root@${DNSSLAVE}:${KEYDIR}/ -e "ssh -p ${DNSSLAVEPORT}" -a --delete ### Push settings to the client server. echo "Enabling multiserver on the ${CLIENTHOSTNAME}" BASE64PW=`echo -n ${PASSWD} | base64` SSHREMOTE="ssh -lroot ${CLIENTHOSTNAME} --" CLUSTERCONF="/usr/local/directadmin/data/admin/cluster.conf" ${SSHREMOTE} "/usr/local/directadmin/directadmin set cluster 1" ${SSHREMOTE} "systemctl restart directadmin" ${SSHREMOTE} "sed -i -e '/^${DNSMASTER}=/d' ${CLUSTERCONF}" ${SSHREMOTE} "sed -i -e '/^${DNSSLAVE}=/d' ${CLUSTERCONF}" ${SSHREMOTE} "echo '${DNSMASTER}=dns=yes&domain_check=yes&email=no&passwd=${BASE64PW}&port=2222&show_all_users=no&ssl=yes&user=admin&user_check=no&user_sync=no' >> ${CLUSTERCONF}" ${SSHREMOTE} "echo '${DNSSLAVE}=dns=yes&domain_check=yes&email=no&passwd=${BASE64PW}&port=2222&show_all_users=no&ssl=yes&user=admin&user_check=no&user_sync=no' >> ${CLUSTERCONF}" ${SSHREMOTE} "echo 'action=rewrite&value=named' >> /usr/local/directadmin/data/task.queue; /usr/local/directadmin/dataskq d" } enablemultiserver() { ENABLE_MULTISERVER_JSON=$(cat << EOF { "json": "yes", "action": "onoff", "on": "yes" } EOF ) curl -k -X -u "$(/usr/local/directadmin/directadmin --root-auth-url-for=${ADMINUSER})/CMD_MULTI_SERVER?json=yes" --request "POST" --data "${ENABLE_MULTISERVER_JSON}" } disablemultiserver() { DISABLE_MULTISERVER_JSON=$(cat << EOF { "json": "yes", "action": "onoff", "off": "yes" } EOF ) curl -k -X -u "$(/usr/local/directadmin/directadmin --root-auth-url-for=${ADMINUSER})/CMD_MULTI_SERVER?json=yes" --request "POST" --data "${DISABLE_MULTISERVER_JSON}" } enablemultiserverpage() { ALL_PRE="/usr/local/directadmin/scripts/custom/all_pre.sh" if [[ -f "${ALL_PRE}" ]] && [[ `grep -m1 '###########DISABLEMULTISERVER#########' "${ALL_PRE}"` ]]; then perl -i -0pe 's/###########DISABLEMULTISERVER.*DISABLEMULTISERVEREND#########//gs' "${ALL_PRE}" echo "Multiserver page has been enabled" else echo "Multiserver page is not disabled. Not doing anything" fi } disablemultiserverpage() { ALL_PRE="/usr/local/directadmin/scripts/custom/all_pre.sh" ALLOW_LIST="/usr/local/directadmin/scripts/custom/admin_allow.list" if [[ -f "${ALL_PRE}" ]] && [[ `grep -m1 '###########DISABLEMULTISERVER#########' "${ALL_PRE}"` ]]; then echo "Seems like multiserver page is already disabled" exit 0 fi echo "Creating admin whitelist IP file." echo "${TRUSTED_IPS}" | sed -e "s/,/\n/g" > "${ALLOW_LIST}" DISABLE_ADMIN=$(cat << EOF #!/bin/sh ###########DISABLEMULTISERVER######### if [ "\$command" = "/CMD_API_MULTI_SERVER" ]; then if grep -m1 -q "^\$caller_ip$" "${ALLOW_LIST}"; then exit 0; fi echo "You cannot use multiserver"; exit 1; fi if [ "\$command" = "/CMD_MULTI_SERVER" ]; then if grep -m1 -q "^\$caller_ip$" "${ALLOW_LIST}"; then exit 0; fi echo "You cannot use multiserver"; exit 1; fi ###########DISABLEMULTISERVEREND######### EOF ) echo "Adding disable script" echo "${DISABLE_ADMIN}" > "${ALL_PRE}.tmp" chown diradmin:diradmin "${ALL_PRE}.tmp" "${ALLOW_LIST}" chmod 700 "${ALL_PRE}.tmp" "${ALLOW_LIST}" if [[ -f "${ALL_PRE}" ]]; then tail -n+2 "${ALL_PRE}" >> "${ALL_PRE}.tmp" fi mv -f "${ALL_PRE}.tmp" "${ALL_PRE}" echo "Done" } enablecreateadmin() { ALL_PRE="/usr/local/directadmin/scripts/custom/all_pre.sh" if [[ -f "${ALL_PRE}" ]] && [[ `grep -m1 '###########DISABLEADMIN#########' "${ALL_PRE}"` ]]; then perl -i -0pe 's/###########DISABLEADMIN.*DISABLEADMINEND#########//gs' "${ALL_PRE}" echo "Admin creation has been enabled" else echo "Admin creation is not disabled. Not doing anything" fi } disablecreateadmin() { ALL_PRE="/usr/local/directadmin/scripts/custom/all_pre.sh" ALLOW_LIST="/usr/local/directadmin/scripts/custom/admin_allow.list" if [[ -f "${ALL_PRE}" ]] && [[ `grep -m1 '###########DISABLEADMIN#########' "${ALL_PRE}"` ]]; then echo "Seems like admin creation is already disabled" exit 0 fi echo "Creating admin whitelist IP file." echo "${TRUSTED_IPS}" | sed -e "s/,/\n/g" > "${ALLOW_LIST}" DISABLE_ADMIN=$(cat << EOF #!/bin/sh ###########DISABLEADMIN######### if [ "\$command" = "/CMD_API_ACCOUNT_ADMIN" ]; then if grep -m1 -q "^\$caller_ip$" "${ALLOW_LIST}"; then exit 0; fi echo "You cannot create admin"; exit 1; fi if [ "\$command" = "/CMD_ACCOUNT_ADMIN" ]; then if grep -m1 -q "^\$caller_ip$" "${ALLOW_LIST}"; then exit 0; fi echo "You cannot create admin"; exit 1; fi ###########DISABLEADMINEND######### EOF ) echo "Adding disable script" echo "${DISABLE_ADMIN}" > "${ALL_PRE}.tmp" chown diradmin:diradmin "${ALL_PRE}.tmp" "${ALLOW_LIST}" chmod 700 "${ALL_PRE}.tmp" "${ALLOW_LIST}" if [[ -f "${ALL_PRE}" ]]; then tail -n+2 "${ALL_PRE}" >> "${ALL_PRE}.tmp" fi mv -f "${ALL_PRE}.tmp" "${ALL_PRE}" echo "Done" } listFunctions () { echo "+---------------------------------------+" echo "| TASKS:" echo "| $0 createuser USERNAME PASSWORD DOMAIN " echo "| $0 deleteuser USERNAME" echo "| $0 createdb DBNAME DBUSERNAME DBPASSWORD" echo "| $0 deletedb DBNAME" echo "| $0 createforwarder FORWARDER DESTINATION" echo "| $0 deleteforwarder FORWARDER" echo "| $0 createdomain USERNAME DOMAIN" echo "| $0 createdomain USERNAME list=file" echo "| $0 deletedomain USERNAME DOMAIN" echo "| $0 deletedomain USERNAME list=file" echo "| $0 enablessh USERNAME" echo "| $0 disablessh USERNAME" echo "| $0 docroot USERNAME DOMAIN DOCROOT" echo "| $0 createmail DOMAIN MBOX PASSWORD " echo "| $0 deletemail DOMAIN MBOX" echo "| $0 enabledkim domain" echo "| $0 disabledkim domain" echo "| $0 changemailpass DOMAIN MBOX PASSWORD" echo "| $0 changeuserpass LOGIN PASSWORD" echo "| $0 disablenamed" echo "| $0 enablenamed" echo "| $0 sethostname HOSTNAME" echo "| $0 multiserver CLIENTHOSTNAME CLIENTNAME" echo "| $0 enablemultiserver" echo "| $0 disablemultiserver" echo "| $0 enablemultiserverpage" echo "| $0 disablemultiserverpage" echo "| $0 enablecreateadmin" echo "| $0 disablecreateadmin" echo "+--------------------------------------+" } case "$1" in createuser) createUser $2 $3 $4 $5 $6 ;; deleteuser) deleteUser $2 ;; createdb) createDB $2 $3 $4 ;; deletedb) deleteDB $2 ;; createforwarder) createForwarder $2 $3 ;; deleteforwarder) deleteForwarder $2 ;; createdomain) createDomain $2 $3 ;; deletedomain) deleteDomain $2 $3 ;; enablessh) enableSSH $2 ;; disablessh) disableSSH $2 ;; docroot) docroot $2 $3 $4 ;; createmail) createmail $2 $3 $4 $5 ;; deletemail) deletemail $2 $3 ;; enabledkim) enabledkim $2 ;; disabledkim) disabledkim $2 ;; changemailpass) changemailpass $2 $3 $4 ;; changeuserpass) changeuserpass $2 $3 ;; disablenamed) disablenamed ;; enablenamed) enablenamed ;; sethostname) sethostname $2 ;; multiserver) multiserver $2 $3 ;; enablemultiserver) enablemultiserver ;; disablemultiserver) disablemultiserver ;; enablemultiserverpage) enablemultiserverpage ;; disablemultiserverpage) disablemultiserverpage ;; enablecreateadmin) enablecreateadmin ;; disablecreateadmin) disablecreateadmin ;; *) listFunctions ;; esac