#!/bin/bash
# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2019 All Rights Reserved
#
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENSE.TXT
eval 'if [ -x /usr/local/cpanel/3rdparty/bin/perl ]; then exec /usr/local/cpanel/3rdparty/bin/perl -x -- $0 ${1+"$@"}; else exec /usr/bin/perl -x -- $0 ${1+"$@"};fi'
    if 0;
#!/usr/bin/perl

# Plugin: LVE Manager VERSION:2.0
#
# Location: whostmgr/docroot/cgi
# Copyright(c) 2017 CloudLinux, Inc.
# All rights Reserved.
# http://www.cloudlinux.com
#
#   This program is free software: you can redistribute it and/or modify
#   it under the terms of the GNU General Public License as published by
#   the Free Software Foundation, either version 3 of the License, or
#   (at your option) any later version.
#
#   This program is distributed in the hope that it will be useful,
#   but WITHOUT ANY WARRANTY; without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#   GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

#Title: cPanel LVE Manager plugin.
#Version: 2.0
#Site: http://cloudLinux.com
#
# CSRF/Referer note:
# The primary CSRF defense for this CGI is provided by cPanel's cpsrvd,
# which enforces a per-session URL security token
# (/cpsessNNNNNNNNNN/...) that gates every authenticated request before
# dispatch. Requests without a matching token are rejected with HTTP
# 401 and the Perl below never executes. The token is bound to the
# session record (cp_security_token in Cpanel::Session) and is not
# exposed to JavaScript via cookies, so a cross-site attacker cannot
# construct a valid URL. _checkVulnerabilities() (csrftoken cookie +
# X-CSRFToken header + Referer match) is retained as defense in depth
# but is not the load-bearing control. Authorization, however, IS
# load-bearing and must be enforced in the CGI itself: the WHM
# /var/cpanel/apps/lvemanager.conf "acls=software-lvemanager"
# declaration only gates the WHM home-screen icon, not the CGI URL —
# cpsrvd does NOT refuse requests from logged-in users without that
# ACL. Therefore every state-changing handler must call
# _checkPermission().

BEGIN {
    unshift @INC, '/usr/local/cpanel', '/usr/local/cpanel/whostmgr/docroot/3rdparty/cloudlinux',
        '/usr/share/l.v.e-manager/cpanel/cgi';
    #use CGI::Carp qw(fatalsToBrowser); # for detail comments
}

use strict;
use warnings;
use Whostmgr::ACLS          ();
use Whostmgr::HTMLInterface ();
use Cpanel::Template;
use Cpanel::SafeRun::Errors;
use Cpanel::Encoder::Tiny   ();
use Cpanel::Form            ();
use Cpanel::AcctUtils::Domain ();
use JSON;
use Data::Dumper qw(Dumper);
use CGI;
use Digest::MD5 qw(md5_hex);
use Crypt::Random qw( makerandom );
use Text::Trim qw(trim);

use CloudLinux;

use constant DOC_ROOT => "/usr/local/cpanel/whostmgr/docroot";
use constant ASSETS_PATH => "/cgi/cloudlinux/assets";

use constant APP_MODE => 'PRODUCTION_MODE';

Whostmgr::ACLS::init_acls();

my ($cpanelRequest, $requestBody) = Cpanel::Form::parseform(undef, undef, undef, 1);
my %REQUEST = CloudLinux::parseForm(%$cpanelRequest);

my $cgiaction = $REQUEST{'cgiaction'} || 'default';
my $handler = $REQUEST{'handler'} || 'lvemanager';
my $cgi = new CGI;

if (($cgiaction eq 'jsonhandler') and (length $requestBody > 0)) {
    # Reinitialize formdata without STDIN information
    %REQUEST = CloudLinux::parseForm(Cpanel::Form::parseform());
}


CloudLinux::detectOwner();
CloudLinux::detectLocale($cgi);

my %dispatchTable = (
    default => \&main,
    sendRequest => \&sendRequest,
    jsonhandler => \&jsonhandler,
    knockKnock => \&CloudLinux::knockKnock,
);

my %handlers = (
    lvemanager => \&CloudLinux::lvemanagerHandler,
);

processRequest($cgiaction);

sub processRequest {
    my ($action) = @_;
    $action = 'default' unless exists $dispatchTable{$action};
    $dispatchTable{$action}->();
}

# ==============================================================================
# Rendering of index page for plugin
# ==============================================================================
sub main {
    CloudLinux::checkMethod('GET', 'POST');
    sendWHMHeader();
    CloudLinux::getDataContent('templates', 'index.html', 1);
    if (getCpanelVersion() <= 56.0) {
        CloudLinux::loadAssets(ASSETS_PATH, 'main', 'config', './'.ASSETS_PATH);
    } else {
        CloudLinux::loadAssets(ASSETS_PATH, 'main', 'config', '../'.ASSETS_PATH);
    }
    sendWHMFooter();
}

sub defMainHeader {
    Whostmgr::HTMLInterface::defheader(
        'CloudLinux Manager', '/images/CloudLinux_logo.png', '/cgi/CloudLinux.cgi'
    );
}

sub defCustomHeader {
    Cpanel::Template::process_template(
        'whostmgr',
        {
            'print'                        => 1,
            'template_file'                => '_defheader.tmpl',
            'header'                       => $_[0] || undef,
            'icon'                         => $_[1] || undef,
            'theme'                        => "yui",
            'breadcrumbdata'               => {
                'name' => $_[0],
                'url' => $_[2],
                'previous' => [{
                    'name' => 'Home',
                }]
            }
        },
    );

    return;
}



sub sendWHMHeader {
    # Check privileges
    if (!_checkPermission()) {
        print "Content-type: text/html\n\n";
        defMainHeader();
        print qq{<div align="center">
            <h1>Permission denied</h1>
            </div>};
        sendWHMFooter();
        exit 0;
    }

    unless (defined $cgi->cookie('csrftoken'))
    {
        my $csrf_token = md5_hex(makerandom ( Size => 128, Strength => 0 ));
        print "Set-Cookie: csrftoken=$csrf_token\n";
    }

    print "Content-type: text/html\n\n";
    if(CloudLinux::_isAdmin()) {
        defMainHeader();
    } else {
        defCustomHeader(
            'CloudLinux Manager', '/images/CloudLinux_logo.png', '/cgi/addon_lvemanager.cgi'
        );
    }
    Whostmgr::HTMLInterface::load_css(ASSETS_PATH.'/css/bootstrap.min.css');
}

sub _getRandomString
{
    return join("", map { sprintf q|%X|, rand(16) } 1 .. 10);
}

sub getCpanelVersion
{
    my $version = CloudLinux::safeRun('/usr/local/cpanel/cpanel -V');
    (my $numOfVersion) = $version =~ /^(\d[\d\.]*)\s/;
    return $numOfVersion;
}

sub sendWHMFooter {
    if (getCpanelVersion() >= 64.0) {
        Whostmgr::HTMLInterface::deffooter();
    } else {
        print '</body></html>';
    }
}

# ==============================================================================
# Processes of incoming post request and prepare command for cloudlinux-cli
# ==============================================================================

sub sendRequest
{
    _checkVulnerabilities();

    # Check privileges
    if (!_checkPermission()) {
        CloudLinux::sendError('Permission denied');
    }

    if (exists $REQUEST{'cgiaction'}) {
        delete $REQUEST{'cgiaction'};
    }

    if (exists $REQUEST{'handler'}) {
        delete $REQUEST{'handler'};
    }

    if (!%REQUEST) {
        CloudLinux::sendError('Empty dataset');
    }

    $ENV{'LC_ALL'} = 'en_US.UTF-8';

    $handler = 'lvemanager' unless exists $handlers{$handler};
    $handlers{$handler}->(\%REQUEST, 'lvemanager');
}

sub _checkVulnerabilities
{
    CloudLinux::checkMethod('POST');
    _checkCSRFToken();
    _checkReferer();
}

sub _checkCSRFToken
{
    if (!defined $cgi->cookie('csrftoken')
        || $cgi->cookie('csrftoken') ne $ENV{ HTTP_X_CSRFTOKEN }
    ) {
        CloudLinux::sendError('BAD FORGERY PROTECTION TOKEN', 0, 1);
    }
}

sub _checkReferer
{
    my $protocol = (exists $ENV{ HTTPS } && $ENV { HTTPS } eq 'on')
        ? 'https' : 'http';
    my $ip = $ENV { HTTP_HOST };
    unless ($ENV{ HTTP_REFERER } =~ qr/^$protocol:\/\/\Q$ip\E/) {
        CloudLinux::sendError('BAD REFERER', 0, 1);
    }
}

sub _checkPermission
{
    if (CloudLinux::_isAdmin()
        || (CloudLinux::_isReseller()  && _isAvailablePluginForReseller())

    ) {
        return 1;
    }
    return 0;
}

sub _isAvailablePluginForReseller
{
    if (Whostmgr::ACLS::checkacl('software-lvemanager') ) {
        return 1;
    }
    return 0;
}

sub jsonhandler
{
    # CloudLinux::jsonHandler runs cloudlinux-cli (lvectl / cloudlinux-awp-admin
    # / cloudlinux-limits) as root under whostmgr. Previously this dispatch had
    # NO authorization check, so a WHM reseller WITHOUT the software-lvemanager
    # ACL (the in-CGI gate, since the WHM acls= entry only hides the icon)
    # could reach a root management endpoint. _checkPermission() is the
    # load-bearing control for that EoP.
    #
    # _checkVulnerabilities (POST + CSRF + Referer) is intentionally NOT
    # applied here: jsonhandler has two legitimate callers that the gate
    # would reject — (a) the WHM UI drives jsonhandler via browser GET with
    # query-string params (no body, not POST), and (b) external clients call
    # it with `Authorization: whm root:<token>`, which is session-less and
    # carries no csrftoken cookie or Referer. CSRF hardening of jsonhandler
    # should be a separate change that migrates the UI to POST + token and
    # decides explicitly how WHM-token clients fit in.
    if (!_checkPermission()) {
        CloudLinux::sendError('Permission denied');
    }

    \&CloudLinux::jsonHandler(\%REQUEST, $requestBody);
}