[enh] ssl start of implementation

This commit is contained in:
Benjamin Sonntag 2018-06-22 11:24:03 +02:00
parent 6e9c3c3c63
commit 7ec1d068c8
5 changed files with 27 additions and 58 deletions

View File

@ -1 +0,0 @@
/var/run/alternc-ssl IN_CREATE,IN_ATTRIB,IN_NO_LOOP /usr/lib/alternc/ssl_alias_manager.sh

View File

@ -222,6 +222,9 @@ CREATE TABLE IF NOT EXISTS sub_domaines (
web_action enum ('OK','UPDATE','DELETE') NOT NULL default 'UPDATE',
web_result varchar(255) not null default '',
enable enum ('ENABLED', 'ENABLE', 'DISABLED', 'DISABLE') NOT NULL DEFAULT 'ENABLED',
`certificate_id` INT UNSIGNED NOT NULL DEFAULT '0',
`provider` VARCHAR(16) NOT NULL DEFAULT '',
`https` VARCHAR(4) NOT NULL, -- SET(http,https,both) (also the suffix of the template name in /etc/alternc/templates/apache2/)
PRIMARY KEY (id)
-- ,FOREIGN KEY (type) REFERENCES (domaines_type)
) ENGINE=InnoDB;
@ -471,7 +474,8 @@ CREATE TABLE IF NOT EXISTS `domaines_type` (
`advanced` BOOLEAN DEFAULT TRUE, -- It's an advanced option
`create_tmpdir` BOOLEAN NOT NULL DEFAULT FALSE, -- do we create tmp dir ?
`create_targetdir` BOOLEAN NOT NULL DEFAULT FALSE, -- do we create target dir ?
PRIMARY KEY ( `name` )
`has_https_option` BOOLEAN NOT NULL DEFAULT FALSE, -- shall we show the http/https/both dropdown ?
PRIMARY KEY ( `name` )
) ENGINE=InnoDB COMMENT = 'Type of domains allowed';
INSERT IGNORE INTO `domaines_type` (name, description, target, entry, compatibility, only_dns, need_dns, advanced, enable) values
@ -767,16 +771,11 @@ CREATE TABLE IF NOT EXISTS `csrf` (
) ENGINE=InnoDB DEFAULT CHARSET=latin1 COMMENT='csrf tokens for AlternC forms';
-- make it re-exec-proof
DELETE FROM alternc_status WHERE name='alternc_version';
INSERT INTO alternc_status SET name='alternc_version',value='3.4.8.sql';
-- SSL managment
CREATE TABLE `certificates` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`uid` int(10) unsigned NOT NULL,
`status` tinyint(3) unsigned NOT NULL,
`shared` tinyint(3) unsigned NOT NULL,
`fqdn` varchar(255) NOT NULL,
`altnames` text NOT NULL,
`validstart` datetime NOT NULL,
@ -785,28 +784,13 @@ CREATE TABLE `certificates` (
`sslkey` text NOT NULL,
`sslcrt` text NOT NULL,
`sslchain` text NOT NULL,
`ssl_action` varchar(32) NOT NULL,
`ssl_result` varchar(32) NOT NULL,
PRIMARY KEY (`id`),
KEY `uid` (`uid`),
KEY `ssl_action` (`ssl_action`)
KEY `uid` (`uid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `certif_alias` (
`name` varchar(255) NOT NULL,
`content` text NOT NULL,
`uid` int(10) unsigned NOT NULL,
`created` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`name`),
KEY `uid` (`uid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='Global aliases defined for SSL certificates FILE validation processes';
CREATE TABLE IF NOT EXISTS `certif_hosts` (
`certif` int(10) unsigned NOT NULL,
`sub` int(10) unsigned NOT NULL,
`uid` int(10) unsigned NOT NULL,
PRIMARY KEY (`certif`,`sub`),
KEY `uid` (`uid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='VHosts of a user using defined or self-signed certificates';
INSERT IGNORE INTO defquotas VALUES ('ssl', 0, 'default');
-- make it re-exec-proof
DELETE FROM alternc_status WHERE name='alternc_version';
INSERT INTO alternc_status SET name='alternc_version',value='3.5.0.2.php';

View File

@ -0,0 +1,15 @@
DROP TABLE `certif_alias`;
ALTER TABLE `certificates` DROP `shared`, DROP `ssl_action`, DROP `ssl_result`;
ALTER TABLE `sub_domaines`
ADD `certificate_id` INT UNSIGNED NOT NULL DEFAULT '0' AFTER `enable`,
ADD `provider` VARCHAR(16) NOT NULL DEFAULT '' AFTER `certificate_id`,
ADD `https` VARCHAR(4) NOT NULL AFTER `provider`; -- SET(http,https,both) (also the suffix of the template name in /etc/alternc/templates/apache2/)
ALTER TABLE `domaines_type`
ADD `has_https_option` BOOLEAN NOT NULL DEFAULT FALSE AFTER `create_targetdir`;
UPDATE `domaines_type` SET `has_https_option`=1 WHERE name='vhost';

View File

@ -0,0 +1,2 @@
<?php

View File

@ -1,31 +0,0 @@
#!/bin/bash
rm -f /var/run/alternc-ssl/generate_certif_alias
# Launched by incron when /tmp/generate_certif_alias exists
# regenerate the list of global aliases used by Comodo for certificate ownership validation
# FIXME: how do we lock that, ensuring we don't launch this more than once ?
APACHECONF=/etc/apache2/conf.d/alternc-ssl_cert-alias.conf
TMP=/tmp/alternc-ssl_cert-alias_${$}.tmp
FILEDIR=/var/lib/alternc/ssl-cert-alias
rm -f "$TMP"
mkdir -p "$FILEDIR"
echo "# this file is autogenerated from /usr/lib/alternc/ssl_alias_manager.sh" >$TMP
echo "# Please do not edit, your changes will be overwritten" >>$TMP
mysql --defaults-file=/etc/alternc/my.cnf --skip-column-names -B -e "SELECT name,content FROM certif_alias;" | while read name content
do
echo "alias /$name ${FILEDIR}/${name}" >>$TMP
echo "$content" >"${FILEDIR}/${name}"
done
if ! diff -q "$TMP" "$APACHECONF"
then
mv -f "$TMP" "$APACHECONF"
service apache2 reload
else
rm -f "$TMP"
fi