diff --git a/debian/alternc-ssl.cron.d b/debian/alternc-ssl.cron.d index 47d3a9b2..715b9e3f 100644 --- a/debian/alternc-ssl.cron.d +++ b/debian/alternc-ssl.cron.d @@ -1,2 +1,4 @@ # Every hour, do ssl actions 33 * * * * root /usr/lib/alternc/update_ssl.php + +@reboot root mkdir -p /var/run/alternc/ssl && chown alterncpanel:alterncpanel /var/run/alternc/ssl diff --git a/ssl/Makefile b/ssl/Makefile index c6f0668c..4930d505 100755 --- a/ssl/Makefile +++ b/ssl/Makefile @@ -22,12 +22,13 @@ install: install -m 0755 -g root -o root update_ssl.php $(DESTDIR)/usr/lib/alternc/ # incron install -m 0755 -g root -o root ssl_alias_manager.sh $(DESTDIR)/usr/lib/alternc/ - install -m 0644 -g root -o root alternc-ssl.incron.d $(DESTDIR)/etc/incron.d/ + install -m 0644 -g root -o root alternc-ssl.incron.d $(DESTDIR)/etc/incron.d/alternc-ssl install -m 0644 -g 1999 -o root panel/class/m_ssl.php $(DESTDIR)/usr/share/alternc/panel/class/ install -m 0644 -g 1999 -o root panel/admin/*.php $(DESTDIR)/usr/share/alternc/panel/admin/ install -m 0644 -g 1999 -o root panel/admin/images/* $(DESTDIR)/usr/share/alternc/panel/admin/images/ - install -m 0644 -g 1999 -o root panel/admin/styles/* $(DESTDIR)/usr/share/alternc/panel/admin/styles/ +# FIXME: how can we do that properly ?? +# install -m 0644 -g 1999 -o root panel/admin/styles/* $(DESTDIR)/usr/share/alternc/panel/admin/styles/ install -m 0644 -g 1999 -o root templates/* $(DESTDIR)/etc/alternc/templates/apache2/ install -m 0644 -g 1999 -o root openssl.cnf $(DESTDIR)/etc/alternc/ install -m 0755 -g 1999 -o root hosting_vhost-ssl.sh $(DESTDIR)/etc/alternc/functions_hosting/ diff --git a/ssl/alternc-ssl.incron.d b/ssl/alternc-ssl.incron.d index a58c9478..d15f3961 100644 --- a/ssl/alternc-ssl.incron.d +++ b/ssl/alternc-ssl.incron.d @@ -1 +1 @@ -/var/run/alternc/generate_certif_alias IN_CREATE,IN_ATTRIB,IN_NO_LOOP /usr/lib/alternc/ssl_alias_manager.sh +/var/run/alternc/ssl IN_CREATE,IN_ATTRIB,IN_NO_LOOP /usr/lib/alternc/ssl_alias_manager.sh diff --git a/ssl/api/Ssl.php b/ssl/api/Ssl.php index 55ca4696..d75ac02e 100644 --- a/ssl/api/Ssl.php +++ b/ssl/api/Ssl.php @@ -6,8 +6,9 @@ class Alternc_Api_Object_Ssl { const ERR_INVALID_ARGUMENT = 11151901; + const ERR_ALTERNC_FUNCTION = 11151902; - function __constructor($service) { + function __construct($service) { global $ssl,$cuid; if (!($service instanceof Alternc_Api_Service)) { throw new \Exception("Bad argument: service is not an Alternc_Api_Service", self::ERR_INVALID_ARGUMENT); @@ -24,7 +25,7 @@ class Alternc_Api_Object_Ssl { * @return Alternc_Api_Response whose content is an array of hashes containing all corresponding certificates informations */ function getList($options) { - if (isset($options["filter"]) && is_int($options["filter"])) { + if (isset($options["filter"]) && intval($options["filter"])) { $filter=intval($options["filter"]); } else { $filter=null; @@ -57,10 +58,10 @@ class Alternc_Api_Object_Ssl { * @return Alternc_Api_Response whose content is a hash with all informations for that certificate */ function getCertificate($options) { - if (!isset($options["id"]) || !is_int($options["int"])) { + if (!isset($options["id"]) || !intval($options["id"])) { return new Alternc_Api_Response( array("code" => self::ERR_INVALID_ARGUMENT, "message" => "Missing or invalid argument: ID") ); } - $certinfo=$this->ssl->get_certificate($options["id"]); + $certinfo=$this->ssl->get_certificate(intval($options["id"])); if ($certinfo===false) { return $this->alterncLegacyErrorManager(); } @@ -75,13 +76,13 @@ class Alternc_Api_Object_Ssl { * @return Alternc_Api_Response true. */ function share($options) { - if (!isset($options["id"]) || !is_int($options["id"])) { + if (!isset($options["id"]) || !intval($options["id"])) { return new Alternc_Api_Response( array("code" => self::ERR_INVALID_ARGUMENT, "message" => "Missing or invalid argument: ID") ); } - if (!isset($options["action"]) || !is_bool($options["action"])) { + if (!isset($options["action"]) ) { return new Alternc_Api_Response( array("code" => self::ERR_INVALID_ARGUMENT, "message" => "Missing or invalid argument: ACTION") ); } - $isok=$this->ssl->share($options["id"],$options["action"]); + $isok=$this->ssl->share(intval($options["id"]), (intval($options["action"]))? true : false ); if ($isok===false) { return $this->alterncLegacyErrorManager(); } @@ -109,7 +110,7 @@ class Alternc_Api_Object_Ssl { $options["chain"]=""; } - $certid=$this->ssl->share($options["key"],$options["crt"],$options["chain"]); + $certid=$this->ssl->import_cert($options["key"],$options["crt"],$options["chain"]); if ($certid===false) { return $this->alterncLegacyErrorManager(); } @@ -126,7 +127,7 @@ class Alternc_Api_Object_Ssl { * @return Alternc_Api_Response the ID of the updated certificate in the table. */ function finalize($options) { - if (!isset($options["id"]) || !is_int($options["id"])) { + if (!isset($options["id"]) || !intval($options["id"])) { return new Alternc_Api_Response( array("code" => self::ERR_INVALID_ARGUMENT, "message" => "Missing or invalid argument: ID") ); } if (!isset($options["crt"]) || !is_string($options["crt"])) { @@ -140,7 +141,7 @@ class Alternc_Api_Object_Ssl { $options["chain"]=""; } - $certid=$this->ssl->finalize($options["id"],$options["crt"],$options["chain"]); + $certid=$this->ssl->finalize(intval($options["id"]),$options["crt"],$options["chain"]); if ($certid===false) { return $this->alterncLegacyErrorManager(); } @@ -157,11 +158,11 @@ class Alternc_Api_Object_Ssl { if (!isset($options["name"]) || !is_string($options["name"])) { return new Alternc_Api_Response( array("code" => self::ERR_INVALID_ARGUMENT, "message" => "Missing or invalid argument: NAME") ); } - if (!isset($options["value"]) || !is_string($options["value"])) { - return new Alternc_Api_Response( array("code" => self::ERR_INVALID_ARGUMENT, "message" => "Missing or invalid argument: VALUE") ); + if (!isset($options["content"]) || !is_string($options["content"])) { + return new Alternc_Api_Response( array("code" => self::ERR_INVALID_ARGUMENT, "message" => "Missing or invalid argument: CONTENT") ); } - $isok=$this->ssl->alias_add($options["name"],$options["value"]); + $isok=$this->ssl->alias_add($options["name"],$options["content"]); if ($isok===false) { return $this->alterncLegacyErrorManager(); } @@ -171,7 +172,7 @@ class Alternc_Api_Object_Ssl { /** API Method from legacy class alias_del() * @param $options a hash with parameters transmitted to legacy call - * del the alias 'name' with the content value 'value' in the global apache configuration + * del the alias 'name' in the global apache configuration * @return Alternc_Api_Response true */ function aliasDel($options) { diff --git a/ssl/panel/class/m_ssl.php b/ssl/panel/class/m_ssl.php index d49b23dc..0ceab919 100644 --- a/ssl/panel/class/m_ssl.php +++ b/ssl/panel/class/m_ssl.php @@ -42,7 +42,7 @@ class m_ssl { const FILTER_EXPIRED = 4; const FILTER_SHARED = 8; - const SSL_INCRON_FILE = "/var/run/alternc/generate_certif_alias"; + const SSL_INCRON_FILE = "/var/run/alternc/ssl/generate_certif_alias"; /* ----------------------------------------------------------------- */ /** @@ -412,19 +412,19 @@ class m_ssl { * certif_alias table and add it to apache configuration * by launching a incron action. * name is the name of the alias, starting by / - * value is the value of the filename stored at this location + * content is the content of the filename stored at this location * If an alias with the same name already exists, return false. * if the alias has been properly defined, return true. * @return boolean */ - function alias_add($name,$value) { + function alias_add($name,$content) { global $err,$cuid,$db; $db->query("SELECT name FROM certif_alias WHERE name='".addslashes($name)."';"); if ($db->next_record()) { $err->raise("ssl",_("Alias already exists")); return false; } - $db->query("INSERT INTO certif_alias SET name='".addslashes($name)."', value='".addslashes($value)."', uid=".intval($cuid).";"); + $db->query("INSERT INTO certif_alias SET name='".addslashes($name)."', content='".addslashes($content)."', uid=".intval($cuid).";"); touch(self::SSL_INCRON_FILE); return true; } @@ -487,9 +487,12 @@ class m_ssl { substr($chain,-26,26)!="-----END CERTIFICATE-----\n")) { $this->error.=_("The chained certificate must begin by BEGIN CERTIFICATE and end by END CERTIFICATE lines. Please check you pasted it in PEM form.")."\n"; } - if (substr($key,0,32)!="-----BEGIN RSA PRIVATE KEY-----\n" || - substr($key,-30,30)!="-----END RSA PRIVATE KEY-----\n") { - $this->error.=_("The private key must begin by BEGIN RSA PRIVATE KEY and end by END RSA PRIVATE KEY lines. Please check you pasted it in PEM form.")."\n"; + if ( (substr($key,0,32)!="-----BEGIN RSA PRIVATE KEY-----\n" || + substr($key,-30,30)!="-----END RSA PRIVATE KEY-----\n") && + (substr($key,0,28)!="-----BEGIN PRIVATE KEY-----\n" || + substr($key,-26,26)!="-----END PRIVATE KEY-----\n") ) + { + $this->error.=_("The private key must begin by BEGIN (RSA )PRIVATE KEY and end by END (RSA )PRIVATE KEY lines. Please check you pasted it in PEM form.")."\n"; } if ($this->error) { return false; diff --git a/ssl/ssl.sql b/ssl/ssl.sql index b6e32e22..7bdca3d7 100644 --- a/ssl/ssl.sql +++ b/ssl/ssl.sql @@ -18,3 +18,13 @@ CREATE TABLE `certificates` ( KEY `uid` (`uid`), KEY `ssl_action` (`ssl_action`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; + + +CREATE TABLE IF NOT EXISTS `certif_alias` ( + `name` varchar(255) NOT NULL, + `content` text NOT NULL, + `uid` int(10) unsigned NOT NULL, + `created` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, + PRIMARY KEY (`name`), + KEY `uid` (`uid`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='Global aliases defined for SSL certificates FILE validation processes'; diff --git a/ssl/ssl_alias_manager.sh b/ssl/ssl_alias_manager.sh index 9f2d9921..f55f571e 100644 --- a/ssl/ssl_alias_manager.sh +++ b/ssl/ssl_alias_manager.sh @@ -1,6 +1,6 @@ #!/bin/bash -rm -f /var/run/alternc/generate_certif_alias +rm -f /var/run/alternc/ssl/generate_certif_alias # Launched by incron when /tmp/generate_certif_alias exists # regenerate the list of global aliases used by Comodo for certificate ownership validation @@ -13,10 +13,10 @@ FILEDIR=/var/lib/alternc/ssl-cert-alias rm -f "$TMP" mkdir -p "$FILEDIR" -mysql --defaults-file=/etc/alternc/.my.cnf --skip-column-names -B -e "SELECT name,value FROM certif_alias;" | while read name value +mysql --defaults-file=/etc/alternc/my.cnf --skip-column-names -B -e "SELECT name,content FROM certif_alias;" | while read name content do echo "alias $name ${FILEDIR}${name}" >>$TMP - echo "$value" >"${FILEDIR}${name}" + echo "$content" >"${FILEDIR}${name}" done mv -f "$TMP" "$APACHECONF"