[fix] incron.d now working, adding creation of /run/alternc/ssl at reboot fix of many small forced type bugs
This commit is contained in:
Benjamin Sonntag
parent
a3e2257b50
commit
9025bcd78c
|
|
@ -1,2 +1,4 @@
|
|||
# Every hour, do ssl actions
|
||||
33 * * * * root /usr/lib/alternc/update_ssl.php
|
||||
|
||||
@reboot root mkdir -p /var/run/alternc/ssl && chown alterncpanel:alterncpanel /var/run/alternc/ssl
|
||||
|
|
|
|||
|
|
@ -22,12 +22,13 @@ install:
|
|||
install -m 0755 -g root -o root update_ssl.php $(DESTDIR)/usr/lib/alternc/
|
||||
# incron
|
||||
install -m 0755 -g root -o root ssl_alias_manager.sh $(DESTDIR)/usr/lib/alternc/
|
||||
install -m 0644 -g root -o root alternc-ssl.incron.d $(DESTDIR)/etc/incron.d/
|
||||
install -m 0644 -g root -o root alternc-ssl.incron.d $(DESTDIR)/etc/incron.d/alternc-ssl
|
||||
|
||||
install -m 0644 -g 1999 -o root panel/class/m_ssl.php $(DESTDIR)/usr/share/alternc/panel/class/
|
||||
install -m 0644 -g 1999 -o root panel/admin/*.php $(DESTDIR)/usr/share/alternc/panel/admin/
|
||||
install -m 0644 -g 1999 -o root panel/admin/images/* $(DESTDIR)/usr/share/alternc/panel/admin/images/
|
||||
install -m 0644 -g 1999 -o root panel/admin/styles/* $(DESTDIR)/usr/share/alternc/panel/admin/styles/
|
||||
# FIXME: how can we do that properly ??
|
||||
# install -m 0644 -g 1999 -o root panel/admin/styles/* $(DESTDIR)/usr/share/alternc/panel/admin/styles/
|
||||
install -m 0644 -g 1999 -o root templates/* $(DESTDIR)/etc/alternc/templates/apache2/
|
||||
install -m 0644 -g 1999 -o root openssl.cnf $(DESTDIR)/etc/alternc/
|
||||
install -m 0755 -g 1999 -o root hosting_vhost-ssl.sh $(DESTDIR)/etc/alternc/functions_hosting/
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
/var/run/alternc/generate_certif_alias IN_CREATE,IN_ATTRIB,IN_NO_LOOP /usr/lib/alternc/ssl_alias_manager.sh
|
||||
/var/run/alternc/ssl IN_CREATE,IN_ATTRIB,IN_NO_LOOP /usr/lib/alternc/ssl_alias_manager.sh
|
||||
|
|
|
|||
|
|
@ -6,8 +6,9 @@
|
|||
class Alternc_Api_Object_Ssl {
|
||||
|
||||
const ERR_INVALID_ARGUMENT = 11151901;
|
||||
const ERR_ALTERNC_FUNCTION = 11151902;
|
||||
|
||||
function __constructor($service) {
|
||||
function __construct($service) {
|
||||
global $ssl,$cuid;
|
||||
if (!($service instanceof Alternc_Api_Service)) {
|
||||
throw new \Exception("Bad argument: service is not an Alternc_Api_Service", self::ERR_INVALID_ARGUMENT);
|
||||
|
|
@ -24,7 +25,7 @@ class Alternc_Api_Object_Ssl {
|
|||
* @return Alternc_Api_Response whose content is an array of hashes containing all corresponding certificates informations
|
||||
*/
|
||||
function getList($options) {
|
||||
if (isset($options["filter"]) && is_int($options["filter"])) {
|
||||
if (isset($options["filter"]) && intval($options["filter"])) {
|
||||
$filter=intval($options["filter"]);
|
||||
} else {
|
||||
$filter=null;
|
||||
|
|
@ -57,10 +58,10 @@ class Alternc_Api_Object_Ssl {
|
|||
* @return Alternc_Api_Response whose content is a hash with all informations for that certificate
|
||||
*/
|
||||
function getCertificate($options) {
|
||||
if (!isset($options["id"]) || !is_int($options["int"])) {
|
||||
if (!isset($options["id"]) || !intval($options["id"])) {
|
||||
return new Alternc_Api_Response( array("code" => self::ERR_INVALID_ARGUMENT, "message" => "Missing or invalid argument: ID") );
|
||||
}
|
||||
$certinfo=$this->ssl->get_certificate($options["id"]);
|
||||
$certinfo=$this->ssl->get_certificate(intval($options["id"]));
|
||||
if ($certinfo===false) {
|
||||
return $this->alterncLegacyErrorManager();
|
||||
}
|
||||
|
|
@ -75,13 +76,13 @@ class Alternc_Api_Object_Ssl {
|
|||
* @return Alternc_Api_Response true.
|
||||
*/
|
||||
function share($options) {
|
||||
if (!isset($options["id"]) || !is_int($options["id"])) {
|
||||
if (!isset($options["id"]) || !intval($options["id"])) {
|
||||
return new Alternc_Api_Response( array("code" => self::ERR_INVALID_ARGUMENT, "message" => "Missing or invalid argument: ID") );
|
||||
}
|
||||
if (!isset($options["action"]) || !is_bool($options["action"])) {
|
||||
if (!isset($options["action"]) ) {
|
||||
return new Alternc_Api_Response( array("code" => self::ERR_INVALID_ARGUMENT, "message" => "Missing or invalid argument: ACTION") );
|
||||
}
|
||||
$isok=$this->ssl->share($options["id"],$options["action"]);
|
||||
$isok=$this->ssl->share(intval($options["id"]), (intval($options["action"]))? true : false );
|
||||
if ($isok===false) {
|
||||
return $this->alterncLegacyErrorManager();
|
||||
}
|
||||
|
|
@ -109,7 +110,7 @@ class Alternc_Api_Object_Ssl {
|
|||
$options["chain"]="";
|
||||
}
|
||||
|
||||
$certid=$this->ssl->share($options["key"],$options["crt"],$options["chain"]);
|
||||
$certid=$this->ssl->import_cert($options["key"],$options["crt"],$options["chain"]);
|
||||
if ($certid===false) {
|
||||
return $this->alterncLegacyErrorManager();
|
||||
}
|
||||
|
|
@ -126,7 +127,7 @@ class Alternc_Api_Object_Ssl {
|
|||
* @return Alternc_Api_Response the ID of the updated certificate in the table.
|
||||
*/
|
||||
function finalize($options) {
|
||||
if (!isset($options["id"]) || !is_int($options["id"])) {
|
||||
if (!isset($options["id"]) || !intval($options["id"])) {
|
||||
return new Alternc_Api_Response( array("code" => self::ERR_INVALID_ARGUMENT, "message" => "Missing or invalid argument: ID") );
|
||||
}
|
||||
if (!isset($options["crt"]) || !is_string($options["crt"])) {
|
||||
|
|
@ -140,7 +141,7 @@ class Alternc_Api_Object_Ssl {
|
|||
$options["chain"]="";
|
||||
}
|
||||
|
||||
$certid=$this->ssl->finalize($options["id"],$options["crt"],$options["chain"]);
|
||||
$certid=$this->ssl->finalize(intval($options["id"]),$options["crt"],$options["chain"]);
|
||||
if ($certid===false) {
|
||||
return $this->alterncLegacyErrorManager();
|
||||
}
|
||||
|
|
@ -157,11 +158,11 @@ class Alternc_Api_Object_Ssl {
|
|||
if (!isset($options["name"]) || !is_string($options["name"])) {
|
||||
return new Alternc_Api_Response( array("code" => self::ERR_INVALID_ARGUMENT, "message" => "Missing or invalid argument: NAME") );
|
||||
}
|
||||
if (!isset($options["value"]) || !is_string($options["value"])) {
|
||||
return new Alternc_Api_Response( array("code" => self::ERR_INVALID_ARGUMENT, "message" => "Missing or invalid argument: VALUE") );
|
||||
if (!isset($options["content"]) || !is_string($options["content"])) {
|
||||
return new Alternc_Api_Response( array("code" => self::ERR_INVALID_ARGUMENT, "message" => "Missing or invalid argument: CONTENT") );
|
||||
}
|
||||
|
||||
$isok=$this->ssl->alias_add($options["name"],$options["value"]);
|
||||
$isok=$this->ssl->alias_add($options["name"],$options["content"]);
|
||||
if ($isok===false) {
|
||||
return $this->alterncLegacyErrorManager();
|
||||
}
|
||||
|
|
@ -171,7 +172,7 @@ class Alternc_Api_Object_Ssl {
|
|||
|
||||
/** API Method from legacy class alias_del()
|
||||
* @param $options a hash with parameters transmitted to legacy call
|
||||
* del the alias 'name' with the content value 'value' in the global apache configuration
|
||||
* del the alias 'name' in the global apache configuration
|
||||
* @return Alternc_Api_Response true
|
||||
*/
|
||||
function aliasDel($options) {
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ class m_ssl {
|
|||
const FILTER_EXPIRED = 4;
|
||||
const FILTER_SHARED = 8;
|
||||
|
||||
const SSL_INCRON_FILE = "/var/run/alternc/generate_certif_alias";
|
||||
const SSL_INCRON_FILE = "/var/run/alternc/ssl/generate_certif_alias";
|
||||
|
||||
/* ----------------------------------------------------------------- */
|
||||
/**
|
||||
|
|
@ -412,19 +412,19 @@ class m_ssl {
|
|||
* certif_alias table and add it to apache configuration
|
||||
* by launching a incron action.
|
||||
* name is the name of the alias, starting by /
|
||||
* value is the value of the filename stored at this location
|
||||
* content is the content of the filename stored at this location
|
||||
* If an alias with the same name already exists, return false.
|
||||
* if the alias has been properly defined, return true.
|
||||
* @return boolean
|
||||
*/
|
||||
function alias_add($name,$value) {
|
||||
function alias_add($name,$content) {
|
||||
global $err,$cuid,$db;
|
||||
$db->query("SELECT name FROM certif_alias WHERE name='".addslashes($name)."';");
|
||||
if ($db->next_record()) {
|
||||
$err->raise("ssl",_("Alias already exists"));
|
||||
return false;
|
||||
}
|
||||
$db->query("INSERT INTO certif_alias SET name='".addslashes($name)."', value='".addslashes($value)."', uid=".intval($cuid).";");
|
||||
$db->query("INSERT INTO certif_alias SET name='".addslashes($name)."', content='".addslashes($content)."', uid=".intval($cuid).";");
|
||||
touch(self::SSL_INCRON_FILE);
|
||||
return true;
|
||||
}
|
||||
|
|
@ -487,9 +487,12 @@ class m_ssl {
|
|||
substr($chain,-26,26)!="-----END CERTIFICATE-----\n")) {
|
||||
$this->error.=_("The chained certificate must begin by BEGIN CERTIFICATE and end by END CERTIFICATE lines. Please check you pasted it in PEM form.")."\n";
|
||||
}
|
||||
if (substr($key,0,32)!="-----BEGIN RSA PRIVATE KEY-----\n" ||
|
||||
substr($key,-30,30)!="-----END RSA PRIVATE KEY-----\n") {
|
||||
$this->error.=_("The private key must begin by BEGIN RSA PRIVATE KEY and end by END RSA PRIVATE KEY lines. Please check you pasted it in PEM form.")."\n";
|
||||
if ( (substr($key,0,32)!="-----BEGIN RSA PRIVATE KEY-----\n" ||
|
||||
substr($key,-30,30)!="-----END RSA PRIVATE KEY-----\n") &&
|
||||
(substr($key,0,28)!="-----BEGIN PRIVATE KEY-----\n" ||
|
||||
substr($key,-26,26)!="-----END PRIVATE KEY-----\n") )
|
||||
{
|
||||
$this->error.=_("The private key must begin by BEGIN (RSA )PRIVATE KEY and end by END (RSA )PRIVATE KEY lines. Please check you pasted it in PEM form.")."\n";
|
||||
}
|
||||
if ($this->error) {
|
||||
return false;
|
||||
|
|
|
|||
10
ssl/ssl.sql
10
ssl/ssl.sql
|
|
@ -18,3 +18,13 @@ CREATE TABLE `certificates` (
|
|||
KEY `uid` (`uid`),
|
||||
KEY `ssl_action` (`ssl_action`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||
|
||||
|
||||
CREATE TABLE IF NOT EXISTS `certif_alias` (
|
||||
`name` varchar(255) NOT NULL,
|
||||
`content` text NOT NULL,
|
||||
`uid` int(10) unsigned NOT NULL,
|
||||
`created` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
||||
PRIMARY KEY (`name`),
|
||||
KEY `uid` (`uid`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='Global aliases defined for SSL certificates FILE validation processes';
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/bash
|
||||
|
||||
rm -f /var/run/alternc/generate_certif_alias
|
||||
rm -f /var/run/alternc/ssl/generate_certif_alias
|
||||
|
||||
# Launched by incron when /tmp/generate_certif_alias exists
|
||||
# regenerate the list of global aliases used by Comodo for certificate ownership validation
|
||||
|
|
@ -13,10 +13,10 @@ FILEDIR=/var/lib/alternc/ssl-cert-alias
|
|||
rm -f "$TMP"
|
||||
mkdir -p "$FILEDIR"
|
||||
|
||||
mysql --defaults-file=/etc/alternc/.my.cnf --skip-column-names -B -e "SELECT name,value FROM certif_alias;" | while read name value
|
||||
mysql --defaults-file=/etc/alternc/my.cnf --skip-column-names -B -e "SELECT name,content FROM certif_alias;" | while read name content
|
||||
do
|
||||
echo "alias $name ${FILEDIR}${name}" >>$TMP
|
||||
echo "$value" >"${FILEDIR}${name}"
|
||||
echo "$content" >"${FILEDIR}${name}"
|
||||
done
|
||||
mv -f "$TMP" "$APACHECONF"
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue