kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

[fix] new message system for alternc-ssl

This commit is contained in:
Benjamin Sonntag 2017-10-07 19:24:32 +02:00
parent 5ea5a8074b
commit 8ce71b17fc
1 changed files with 48 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
ssl/panel/class/m_ssl.php
View File

@ -107,8 +107,8 @@ class m_ssl {
* (each array is the content of the certificates table) * (each array is the content of the certificates table)
*/ */
function get_list(&$filter = null) { function get_list(&$filter = null) {
global $db, $err, $cuid; global $db, $msg, $cuid;
$err->log("ssl", "get_list"); $msg->log("ssl", "get_list");
// Expire expired certificates: // Expire expired certificates:
$db->query("UPDATE certificates SET status=".self::STATUS_EXPIRED." WHERE status=".self::STATUS_OK." AND validend<NOW();"); $db->query("UPDATE certificates SET status=".self::STATUS_EXPIRED." WHERE status=".self::STATUS_OK." AND validend<NOW();");
$r = array(); $r = array();
@ -149,7 +149,7 @@ class m_ssl {
} }
return $r; return $r;
} else { } else {
$err->raise("ssl", _("No SSL certificates available")); $msg->raise("ssl", _("No SSL certificates available"));
return array(); return array();
} }
} }
@ -159,8 +159,8 @@ class m_ssl {
* @return array all the ssl certificate and hosts of this user * @return array all the ssl certificate and hosts of this user
*/ */
function get_vhosts() { function get_vhosts() {
global $db, $err, $cuid; global $db, $msg, $cuid;
$err->log("ssl", "get_vhosts"); $msg->log("ssl", "get_vhosts");
$r=array(); $r=array();
$db->query("SELECT ch.*, UNIX_TIMESTAMP(c.validstart) AS validstartts, UNIX_TIMESTAMP(c.validend) AS validendts, sd.domaine, sd.sub " $db->query("SELECT ch.*, UNIX_TIMESTAMP(c.validstart) AS validstartts, UNIX_TIMESTAMP(c.validend) AS validendts, sd.domaine, sd.sub "
. "FROM certif_hosts ch LEFT JOIN certificates c ON ch.certif=c.id " . "FROM certif_hosts ch LEFT JOIN certificates c ON ch.certif=c.id "
@ -172,7 +172,7 @@ class m_ssl {
} }
return $r; return $r;
} else { } else {
$err->raise("ssl", _("You currently have no hosting using SSL certificate")); $msg->raise("ssl", _("You currently have no hosting using SSL certificate"));
return array(); return array();
} }
} }
@ -185,26 +185,26 @@ class m_ssl {
* or false if an error occurred * or false if an error occurred
*/ */
function new_csr($fqdn) { function new_csr($fqdn) {
global $db, $err, $cuid; global $db, $msg, $cuid;
$err->log("ssl", "new_csr"); $msg->log("ssl", "new_csr");
if (substr($fqdn, 0, 2) == "*.") { if (substr($fqdn, 0, 2) == "*.") {
$f = substr($fqdn, 2); $f = substr($fqdn, 2);
} else { } else {
$f = $fqdn; $f = $fqdn;
} }
if (checkfqdn($f)) { if (checkfqdn($f)) {
$err->raise("ssl", _("Bad FQDN domain name")); $msg->raise("ssl", _("Bad FQDN domain name"));
return false; return false;
} }
putenv("OPENSSL_CONF=/etc/alternc/openssl.cnf"); putenv("OPENSSL_CONF=/etc/alternc/openssl.cnf");
$pkey = openssl_pkey_new(); $pkey = openssl_pkey_new();
if (!$pkey) { if (!$pkey) {
$err->raise("ssl", _("Can't generate a private key (1)")); $msg->raise("ssl", _("Can't generate a private key (1)"));
return false; return false;
} }
$privKey = ""; $privKey = "";
if (!openssl_pkey_export($pkey, $privKey)) { if (!openssl_pkey_export($pkey, $privKey)) {
$err->raise("ssl", _("Can't generate a private key (2)")); $msg->raise("ssl", _("Can't generate a private key (2)"));
return false; return false;
} }
$dn = array("commonName" => $fqdn); $dn = array("commonName" => $fqdn);
@ -215,7 +215,7 @@ class m_ssl {
openssl_csr_export($csr, $csrout); openssl_csr_export($csr, $csrout);
$db->query("INSERT INTO certificates SET uid='$cuid', status=" . self::STATUS_PENDING . ", shared=0, fqdn='" . addslashes($fqdn) . "', altnames='', validstart=NOW(), sslcsr='" . addslashes($csrout) . "', sslkey='" . addslashes($privKey) . "';"); $db->query("INSERT INTO certificates SET uid='$cuid', status=" . self::STATUS_PENDING . ", shared=0, fqdn='" . addslashes($fqdn) . "', altnames='', validstart=NOW(), sslcsr='" . addslashes($csrout) . "', sslkey='" . addslashes($privKey) . "';");
if (!($id = $db->lastid())) { if (!($id = $db->lastid())) {
$err->raise("ssl", _("Can't generate a CSR")); $msg->raise("ssl", _("Can't generate a CSR"));
return false; return false;
} }
return $id; return $id;
@ -226,12 +226,12 @@ class m_ssl {
* @return array all the informations of the current certificate as a hash. * @return array all the informations of the current certificate as a hash.
*/ */
function get_certificate($id) { function get_certificate($id) {
global $db, $err, $cuid; global $db, $msg, $cuid;
$err->log("ssl", "get_certificate"); $msg->log("ssl", "get_certificate");
$id = intval($id); $id = intval($id);
$db->query("SELECT *, UNIX_TIMESTAMP(validstart) AS validstartts, UNIX_TIMESTAMP(validend) AS validendts FROM certificates WHERE (uid='$cuid' OR (shared=1 AND status=" . self::STATUS_OK . ") ) AND id='$id';"); $db->query("SELECT *, UNIX_TIMESTAMP(validstart) AS validstartts, UNIX_TIMESTAMP(validend) AS validendts FROM certificates WHERE (uid='$cuid' OR (shared=1 AND status=" . self::STATUS_OK . ") ) AND id='$id';");
if (!$db->next_record()) { if (!$db->next_record()) {
$err->raise("ssl", _("Can't find this Certificate")); $msg->raise("ssl", _("Can't find this Certificate"));
return false; return false;
} }
return $db->Record; return $db->Record;
@ -242,12 +242,12 @@ class m_ssl {
* @return boolean TRUE if the certificate has been deleted successfully. * @return boolean TRUE if the certificate has been deleted successfully.
*/ */
function del_certificate($id) { function del_certificate($id) {
global $db, $err, $cuid; global $db, $msg, $cuid;
$err->log("ssl", "del_certificate"); $msg->log("ssl", "del_certificate");
$id = intval($id); $id = intval($id);
$db->query("SELECT * FROM certificates WHERE uid='$cuid' AND id='$id';"); $db->query("SELECT * FROM certificates WHERE uid='$cuid' AND id='$id';");
if (!$db->next_record()) { if (!$db->next_record()) {
$err->raise("ssl", _("Can't find this Certificate")); $msg->raise("ssl", _("Can't find this Certificate"));
return false; return false;
} }
$fqdn = $db->Record["fqdn"]; $fqdn = $db->Record["fqdn"];
@ -265,12 +265,12 @@ class m_ssl {
* @return boolean * @return boolean
*/ */
function share($id, $action = 1) { function share($id, $action = 1) {
global $db, $err, $cuid; global $db, $msg, $cuid;
$err->log("ssl", "share"); $msg->log("ssl", "share");
$id = intval($id); $id = intval($id);
$db->query("SELECT * FROM certificates WHERE uid='$cuid' AND status=" . self::STATUS_OK . " AND id='$id';"); $db->query("SELECT * FROM certificates WHERE uid='$cuid' AND status=" . self::STATUS_OK . " AND id='$id';");
if (!$db->next_record()) { if (!$db->next_record()) {
$err->raise("ssl", _("Can't find this Certificate")); $msg->raise("ssl", _("Can't find this Certificate"));
return false; return false;
} }
if ($action) { if ($action) {
@ -289,8 +289,8 @@ class m_ssl {
* Excludes the one for which a cert is already available * Excludes the one for which a cert is already available
*/ */
function get_new_advice() { function get_new_advice() {
global $db, $err, $cuid; global $db, $msg, $cuid;
$err->log("ssl", "get_new_advice"); $msg->log("ssl", "get_new_advice");
$r = array(); $r = array();
// my certificates, either OK or PENDING (not expired) or the SHARED one (only OK then) // my certificates, either OK or PENDING (not expired) or the SHARED one (only OK then)
$db->query("SELECT fqdn FROM certificates WHERE $db->query("SELECT fqdn FROM certificates WHERE
@ -331,12 +331,12 @@ class m_ssl {
* or false if an error occurred * or false if an error occurred
*/ */
function import_cert($key, $crt, $chain = "") { function import_cert($key, $crt, $chain = "") {
global $cuid, $err, $db; global $cuid, $msg, $db;
$err->log("ssl", "import_cert"); $msg->log("ssl", "import_cert");
$result = $this->check_cert($crt, $chain, $key); $result = $this->check_cert($crt, $chain, $key);
if ($result === false) { if ($result === false) {
$err->raise("ssl", $this->error); $msg->raise("ssl", $this->error);
return false; return false;
} }
list($crt, $chain, $key, $crtdata) = $result; list($crt, $chain, $key, $crtdata) = $result;
@ -350,7 +350,7 @@ class m_ssl {
$sql = "INSERT INTO certificates SET uid='$cuid', status=" . self::STATUS_OK . ", shared=0, fqdn='" . addslashes($fqdn) . "', altnames='" . addslashes($altnames) . "', validstart=FROM_UNIXTIME(" . intval($validstart) . "), validend=FROM_UNIXTIME(" . intval($validend) . "), sslkey='" . addslashes($key) . "', sslcrt='" . addslashes($crt) . "', sslchain='" . addslashes($chain) . "';"; $sql = "INSERT INTO certificates SET uid='$cuid', status=" . self::STATUS_OK . ", shared=0, fqdn='" . addslashes($fqdn) . "', altnames='" . addslashes($altnames) . "', validstart=FROM_UNIXTIME(" . intval($validstart) . "), validend=FROM_UNIXTIME(" . intval($validend) . "), sslkey='" . addslashes($key) . "', sslcrt='" . addslashes($crt) . "', sslchain='" . addslashes($chain) . "';";
$db->query($sql); $db->query($sql);
if (!($id = $db->lastid())) { if (!($id = $db->lastid())) {
$err->raise("ssl", _("Can't save the Key/Crt/Chain now. Please try later.")); $msg->raise("ssl", _("Can't save the Key/Crt/Chain now. Please try later."));
return false; return false;
} }
$this->updateTrigger($fqdn, $altnames); $this->updateTrigger($fqdn, $altnames);
@ -368,13 +368,13 @@ class m_ssl {
* or false if an error occurred * or false if an error occurred
*/ */
function finalize($certid, $crt, $chain) { function finalize($certid, $crt, $chain) {
global $cuid, $err, $db; global $cuid, $msg, $db;
$err->log("ssl", "finalize"); $msg->log("ssl", "finalize");
$certid = intval($certid); $certid = intval($certid);
$result = $this->check_cert($crt, $chain, "", $certid); $result = $this->check_cert($crt, $chain, "", $certid);
if ($result === false) { if ($result === false) {
$err->raise("ssl", $this->error); $msg->raise("ssl", $this->error);
return false; return false;
} }
list($crt, $chain, $key, $crtdata) = $result; list($crt, $chain, $key, $crtdata) = $result;
@ -387,7 +387,7 @@ class m_ssl {
// Everything is PERFECT and has been thoroughly checked, let's insert those in the DB ! // Everything is PERFECT and has been thoroughly checked, let's insert those in the DB !
$sql = "UPDATE certificates SET status=" . self::STATUS_OK . ", shared=0, fqdn='" . addslashes($fqdn) . "', altnames='" . addslashes($altnames) . "', validstart=FROM_UNIXTIME(" . intval($validstart) . "), validend=FROM_UNIXTIME(" . intval($validend) . "), sslcrt='" . addslashes($crt) . "', sslchain='" . addslashes($chain) . "' WHERE id='$certid' ;"; $sql = "UPDATE certificates SET status=" . self::STATUS_OK . ", shared=0, fqdn='" . addslashes($fqdn) . "', altnames='" . addslashes($altnames) . "', validstart=FROM_UNIXTIME(" . intval($validstart) . "), validend=FROM_UNIXTIME(" . intval($validend) . "), sslcrt='" . addslashes($crt) . "', sslchain='" . addslashes($chain) . "' WHERE id='$certid' ;";
if (!$db->query($sql)) { if (!$db->query($sql)) {
$err->raise("ssl", _("Can't save the Crt/Chain now. Please try later.")); $msg->raise("ssl", _("Can't save the Crt/Chain now. Please try later."));
return false; return false;
} }
$this->updateTrigger($fqdn, $altnames); $this->updateTrigger($fqdn, $altnames);
@ -400,8 +400,8 @@ class m_ssl {
* TODO: delete unused ssl certificates ?? > do this in the crontab. * TODO: delete unused ssl certificates ?? > do this in the crontab.
*/ */
function alternc_del_member() { function alternc_del_member() {
global $db, $err, $cuid; global $db, $msg, $cuid;
$err->log("ssl", "alternc_del_member"); $msg->log("ssl", "alternc_del_member");
$db->query("UPDATE certificates SET ssl_action='DELETE' WHERE uid='$cuid'"); $db->query("UPDATE certificates SET ssl_action='DELETE' WHERE uid='$cuid'");
return true; return true;
} }
@ -413,8 +413,8 @@ class m_ssl {
* @access private * @access private
*/ */
function hook_quota_get() { function hook_quota_get() {
global $db, $err, $cuid; global $db, $msg, $cuid;
$err->log("ssl", "getquota"); $msg->log("ssl", "getquota");
$q = Array("name" => "ssl", "description" => _("SSL Certificates"), "used" => 0); $q = Array("name" => "ssl", "description" => _("SSL Certificates"), "used" => 0);
$db->query("SELECT COUNT(*) AS cnt FROM certificates WHERE uid='$cuid' AND status!=" . self::STATUS_EXPIRED); $db->query("SELECT COUNT(*) AS cnt FROM certificates WHERE uid='$cuid' AND status!=" . self::STATUS_EXPIRED);
if ($db->next_record()) { if ($db->next_record()) {
@ -451,13 +451,13 @@ class m_ssl {
* (like a generic admin-shared or self-signed for localhost as a last chance) * (like a generic admin-shared or self-signed for localhost as a last chance)
*/ */
public function updateDomain($action, $type, $fqdn, $mail = 0, $value = "") { public function updateDomain($action, $type, $fqdn, $mail = 0, $value = "") {
global $db, $err; global $db, $msg;
$err->log("ssl", "update_domain($action,$type,$fqdn)"); $msg->log("ssl", "update_domain($action,$type,$fqdn)");
if (!in_array($type, $this->myDomainesTypes)) { if (!in_array($type, $this->myDomainesTypes)) {
return; // nothing to do : the type is not our to start with ;) return; // nothing to do : the type is not our to start with ;)
} }
if ($action == "postinst") { if ($action == "postinst") {
$err->log("ssl", "update_domain:CREATE($action,$type,$fqdn)"); $msg->log("ssl", "update_domain:CREATE($action,$type,$fqdn)");
$offset = 0; $offset = 0;
$found = false; $found = false;
do { // try each subdomain (strtok-style) and search them in sub_domaines table: do { // try each subdomain (strtok-style) and search them in sub_domaines table:
@ -512,7 +512,7 @@ class m_ssl {
. "uid=" . intval($subdom["compte"]) . ";"); . "uid=" . intval($subdom["compte"]) . ";");
} // action==create } // action==create
if ($action == "delete") { if ($action == "delete") {
$err->log("ssl", "update_domain:DELETE($action,$type,$fqdn)"); $msg->log("ssl", "update_domain:DELETE($action,$type,$fqdn)");
$offset = 0; $offset = 0;
$found = false; $found = false;
do { // try each subdomain (strtok-style) and search them in sub_domaines table: do { // try each subdomain (strtok-style) and search them in sub_domaines table:
@ -579,8 +579,8 @@ class m_ssl {
* EXPERIMENTAL 'sid' function ;) * EXPERIMENTAL 'sid' function ;)
*/ */
function alternc_export_conf() { function alternc_export_conf() {
global $db, $err, $cuid; global $db, $msg, $cuid;
$err->log("ssl", "export"); $msg->log("ssl", "export");
$str = " <ssl>"; $str = " <ssl>";
$db->query("SELECT COUNT(*) AS cnt FROM certificates WHERE uid='$cuid' AND status!=" . self::STATUS_EXPIRED); $db->query("SELECT COUNT(*) AS cnt FROM certificates WHERE uid='$cuid' AND status!=" . self::STATUS_EXPIRED);
while ($db->next_record()) { while ($db->next_record()) {
@ -620,10 +620,10 @@ class m_ssl {
* @return boolean * @return boolean
*/ */
function alias_add($name, $content) { function alias_add($name, $content) {
global $err, $cuid, $db; global $msg, $cuid, $db;
$db->query("SELECT name FROM certif_alias WHERE name='" . addslashes($name) . "';"); $db->query("SELECT name FROM certif_alias WHERE name='" . addslashes($name) . "';");
if ($db->next_record()) { if ($db->next_record()) {
$err->raise("ssl", _("Alias already exists")); $msg->raise("ssl", _("Alias already exists"));
return false; return false;
} }
$db->query("INSERT INTO certif_alias SET name='" . addslashes($name) . "', content='" . addslashes($content) . "', uid=" . intval($cuid) . ";"); $db->query("INSERT INTO certif_alias SET name='" . addslashes($name) . "', content='" . addslashes($content) . "', uid=" . intval($cuid) . ";");
@ -639,10 +639,10 @@ class m_ssl {
* @return boolean * @return boolean
*/ */
function alias_del($name) { function alias_del($name) {
global $err, $cuid, $db; global $msg, $cuid, $db;
$db->query("SELECT name FROM certif_alias WHERE name='" . addslashes($name) . "' AND uid=" . intval($cuid) . ";"); $db->query("SELECT name FROM certif_alias WHERE name='" . addslashes($name) . "' AND uid=" . intval($cuid) . ";");
if (!$db->next_record()) { if (!$db->next_record()) {
$err->raise("ssl", _("Alias not found")); $msg->raise("ssl", _("Alias not found"));
return false; return false;
} }
$db->query("DELETE FROM certif_alias WHERE name='" . addslashes($name) . "' AND uid=" . intval($cuid) . ";"); $db->query("DELETE FROM certif_alias WHERE name='" . addslashes($name) . "' AND uid=" . intval($cuid) . ";");
@ -775,16 +775,16 @@ class m_ssl {
* @return hash an array similar to a certificate DB row containing everything (sslcrt, sslcsr, sslkey, sslchain) * @return hash an array similar to a certificate DB row containing everything (sslcrt, sslcsr, sslkey, sslchain)
*/ */
private function selfSigned($fqdn) { private function selfSigned($fqdn) {
global $err; global $msg;
putenv("OPENSSL_CONF=/etc/alternc/openssl.cnf"); putenv("OPENSSL_CONF=/etc/alternc/openssl.cnf");
$pkey = openssl_pkey_new(); $pkey = openssl_pkey_new();
if (!$pkey) { if (!$pkey) {
$err->raise("ssl", _("Can't generate a private key (1)")); $msg->raise("ssl", _("Can't generate a private key (1)"));
return false; return false;
} }
$privKey = ""; $privKey = "";
if (!openssl_pkey_export($pkey, $privKey)) { if (!openssl_pkey_export($pkey, $privKey)) {
$err->raise("ssl", _("Can't generate a private key (2)")); $msg->raise("ssl", _("Can't generate a private key (2)"));
return false; return false;
} }
$dn = array("commonName" => $fqdn); $dn = array("commonName" => $fqdn);