[fix] incron.d now working, adding creation of /run/alternc/ssl at reboot fix of many small forced type bugs
This commit is contained in:
Benjamin Sonntag
parent
a3e2257b50
commit
9025bcd78c
|
|
@ -1,2 +1,4 @@
|
||||||
# Every hour, do ssl actions
|
# Every hour, do ssl actions
|
||||||
33 * * * * root /usr/lib/alternc/update_ssl.php
|
33 * * * * root /usr/lib/alternc/update_ssl.php
|
||||||
|
|
||||||
|
@reboot root mkdir -p /var/run/alternc/ssl && chown alterncpanel:alterncpanel /var/run/alternc/ssl
|
||||||
|
|
|
||||||
|
|
@ -22,12 +22,13 @@ install:
|
||||||
install -m 0755 -g root -o root update_ssl.php $(DESTDIR)/usr/lib/alternc/
|
install -m 0755 -g root -o root update_ssl.php $(DESTDIR)/usr/lib/alternc/
|
||||||
# incron
|
# incron
|
||||||
install -m 0755 -g root -o root ssl_alias_manager.sh $(DESTDIR)/usr/lib/alternc/
|
install -m 0755 -g root -o root ssl_alias_manager.sh $(DESTDIR)/usr/lib/alternc/
|
||||||
install -m 0644 -g root -o root alternc-ssl.incron.d $(DESTDIR)/etc/incron.d/
|
install -m 0644 -g root -o root alternc-ssl.incron.d $(DESTDIR)/etc/incron.d/alternc-ssl
|
||||||
|
|
||||||
install -m 0644 -g 1999 -o root panel/class/m_ssl.php $(DESTDIR)/usr/share/alternc/panel/class/
|
install -m 0644 -g 1999 -o root panel/class/m_ssl.php $(DESTDIR)/usr/share/alternc/panel/class/
|
||||||
install -m 0644 -g 1999 -o root panel/admin/*.php $(DESTDIR)/usr/share/alternc/panel/admin/
|
install -m 0644 -g 1999 -o root panel/admin/*.php $(DESTDIR)/usr/share/alternc/panel/admin/
|
||||||
install -m 0644 -g 1999 -o root panel/admin/images/* $(DESTDIR)/usr/share/alternc/panel/admin/images/
|
install -m 0644 -g 1999 -o root panel/admin/images/* $(DESTDIR)/usr/share/alternc/panel/admin/images/
|
||||||
install -m 0644 -g 1999 -o root panel/admin/styles/* $(DESTDIR)/usr/share/alternc/panel/admin/styles/
|
# FIXME: how can we do that properly ??
|
||||||
|
# install -m 0644 -g 1999 -o root panel/admin/styles/* $(DESTDIR)/usr/share/alternc/panel/admin/styles/
|
||||||
install -m 0644 -g 1999 -o root templates/* $(DESTDIR)/etc/alternc/templates/apache2/
|
install -m 0644 -g 1999 -o root templates/* $(DESTDIR)/etc/alternc/templates/apache2/
|
||||||
install -m 0644 -g 1999 -o root openssl.cnf $(DESTDIR)/etc/alternc/
|
install -m 0644 -g 1999 -o root openssl.cnf $(DESTDIR)/etc/alternc/
|
||||||
install -m 0755 -g 1999 -o root hosting_vhost-ssl.sh $(DESTDIR)/etc/alternc/functions_hosting/
|
install -m 0755 -g 1999 -o root hosting_vhost-ssl.sh $(DESTDIR)/etc/alternc/functions_hosting/
|
||||||
|
|
|
||||||
|
|
@ -1 +1 @@
|
||||||
/var/run/alternc/generate_certif_alias IN_CREATE,IN_ATTRIB,IN_NO_LOOP /usr/lib/alternc/ssl_alias_manager.sh
|
/var/run/alternc/ssl IN_CREATE,IN_ATTRIB,IN_NO_LOOP /usr/lib/alternc/ssl_alias_manager.sh
|
||||||
|
|
|
||||||
|
|
@ -6,8 +6,9 @@
|
||||||
class Alternc_Api_Object_Ssl {
|
class Alternc_Api_Object_Ssl {
|
||||||
|
|
||||||
const ERR_INVALID_ARGUMENT = 11151901;
|
const ERR_INVALID_ARGUMENT = 11151901;
|
||||||
|
const ERR_ALTERNC_FUNCTION = 11151902;
|
||||||
|
|
||||||
function __constructor($service) {
|
function __construct($service) {
|
||||||
global $ssl,$cuid;
|
global $ssl,$cuid;
|
||||||
if (!($service instanceof Alternc_Api_Service)) {
|
if (!($service instanceof Alternc_Api_Service)) {
|
||||||
throw new \Exception("Bad argument: service is not an Alternc_Api_Service", self::ERR_INVALID_ARGUMENT);
|
throw new \Exception("Bad argument: service is not an Alternc_Api_Service", self::ERR_INVALID_ARGUMENT);
|
||||||
|
|
@ -24,7 +25,7 @@ class Alternc_Api_Object_Ssl {
|
||||||
* @return Alternc_Api_Response whose content is an array of hashes containing all corresponding certificates informations
|
* @return Alternc_Api_Response whose content is an array of hashes containing all corresponding certificates informations
|
||||||
*/
|
*/
|
||||||
function getList($options) {
|
function getList($options) {
|
||||||
if (isset($options["filter"]) && is_int($options["filter"])) {
|
if (isset($options["filter"]) && intval($options["filter"])) {
|
||||||
$filter=intval($options["filter"]);
|
$filter=intval($options["filter"]);
|
||||||
} else {
|
} else {
|
||||||
$filter=null;
|
$filter=null;
|
||||||
|
|
@ -57,10 +58,10 @@ class Alternc_Api_Object_Ssl {
|
||||||
* @return Alternc_Api_Response whose content is a hash with all informations for that certificate
|
* @return Alternc_Api_Response whose content is a hash with all informations for that certificate
|
||||||
*/
|
*/
|
||||||
function getCertificate($options) {
|
function getCertificate($options) {
|
||||||
if (!isset($options["id"]) || !is_int($options["int"])) {
|
if (!isset($options["id"]) || !intval($options["id"])) {
|
||||||
return new Alternc_Api_Response( array("code" => self::ERR_INVALID_ARGUMENT, "message" => "Missing or invalid argument: ID") );
|
return new Alternc_Api_Response( array("code" => self::ERR_INVALID_ARGUMENT, "message" => "Missing or invalid argument: ID") );
|
||||||
}
|
}
|
||||||
$certinfo=$this->ssl->get_certificate($options["id"]);
|
$certinfo=$this->ssl->get_certificate(intval($options["id"]));
|
||||||
if ($certinfo===false) {
|
if ($certinfo===false) {
|
||||||
return $this->alterncLegacyErrorManager();
|
return $this->alterncLegacyErrorManager();
|
||||||
}
|
}
|
||||||
|
|
@ -75,13 +76,13 @@ class Alternc_Api_Object_Ssl {
|
||||||
* @return Alternc_Api_Response true.
|
* @return Alternc_Api_Response true.
|
||||||
*/
|
*/
|
||||||
function share($options) {
|
function share($options) {
|
||||||
if (!isset($options["id"]) || !is_int($options["id"])) {
|
if (!isset($options["id"]) || !intval($options["id"])) {
|
||||||
return new Alternc_Api_Response( array("code" => self::ERR_INVALID_ARGUMENT, "message" => "Missing or invalid argument: ID") );
|
return new Alternc_Api_Response( array("code" => self::ERR_INVALID_ARGUMENT, "message" => "Missing or invalid argument: ID") );
|
||||||
}
|
}
|
||||||
if (!isset($options["action"]) || !is_bool($options["action"])) {
|
if (!isset($options["action"]) ) {
|
||||||
return new Alternc_Api_Response( array("code" => self::ERR_INVALID_ARGUMENT, "message" => "Missing or invalid argument: ACTION") );
|
return new Alternc_Api_Response( array("code" => self::ERR_INVALID_ARGUMENT, "message" => "Missing or invalid argument: ACTION") );
|
||||||
}
|
}
|
||||||
$isok=$this->ssl->share($options["id"],$options["action"]);
|
$isok=$this->ssl->share(intval($options["id"]), (intval($options["action"]))? true : false );
|
||||||
if ($isok===false) {
|
if ($isok===false) {
|
||||||
return $this->alterncLegacyErrorManager();
|
return $this->alterncLegacyErrorManager();
|
||||||
}
|
}
|
||||||
|
|
@ -109,7 +110,7 @@ class Alternc_Api_Object_Ssl {
|
||||||
$options["chain"]="";
|
$options["chain"]="";
|
||||||
}
|
}
|
||||||
|
|
||||||
$certid=$this->ssl->share($options["key"],$options["crt"],$options["chain"]);
|
$certid=$this->ssl->import_cert($options["key"],$options["crt"],$options["chain"]);
|
||||||
if ($certid===false) {
|
if ($certid===false) {
|
||||||
return $this->alterncLegacyErrorManager();
|
return $this->alterncLegacyErrorManager();
|
||||||
}
|
}
|
||||||
|
|
@ -126,7 +127,7 @@ class Alternc_Api_Object_Ssl {
|
||||||
* @return Alternc_Api_Response the ID of the updated certificate in the table.
|
* @return Alternc_Api_Response the ID of the updated certificate in the table.
|
||||||
*/
|
*/
|
||||||
function finalize($options) {
|
function finalize($options) {
|
||||||
if (!isset($options["id"]) || !is_int($options["id"])) {
|
if (!isset($options["id"]) || !intval($options["id"])) {
|
||||||
return new Alternc_Api_Response( array("code" => self::ERR_INVALID_ARGUMENT, "message" => "Missing or invalid argument: ID") );
|
return new Alternc_Api_Response( array("code" => self::ERR_INVALID_ARGUMENT, "message" => "Missing or invalid argument: ID") );
|
||||||
}
|
}
|
||||||
if (!isset($options["crt"]) || !is_string($options["crt"])) {
|
if (!isset($options["crt"]) || !is_string($options["crt"])) {
|
||||||
|
|
@ -140,7 +141,7 @@ class Alternc_Api_Object_Ssl {
|
||||||
$options["chain"]="";
|
$options["chain"]="";
|
||||||
}
|
}
|
||||||
|
|
||||||
$certid=$this->ssl->finalize($options["id"],$options["crt"],$options["chain"]);
|
$certid=$this->ssl->finalize(intval($options["id"]),$options["crt"],$options["chain"]);
|
||||||
if ($certid===false) {
|
if ($certid===false) {
|
||||||
return $this->alterncLegacyErrorManager();
|
return $this->alterncLegacyErrorManager();
|
||||||
}
|
}
|
||||||
|
|
@ -157,11 +158,11 @@ class Alternc_Api_Object_Ssl {
|
||||||
if (!isset($options["name"]) || !is_string($options["name"])) {
|
if (!isset($options["name"]) || !is_string($options["name"])) {
|
||||||
return new Alternc_Api_Response( array("code" => self::ERR_INVALID_ARGUMENT, "message" => "Missing or invalid argument: NAME") );
|
return new Alternc_Api_Response( array("code" => self::ERR_INVALID_ARGUMENT, "message" => "Missing or invalid argument: NAME") );
|
||||||
}
|
}
|
||||||
if (!isset($options["value"]) || !is_string($options["value"])) {
|
if (!isset($options["content"]) || !is_string($options["content"])) {
|
||||||
return new Alternc_Api_Response( array("code" => self::ERR_INVALID_ARGUMENT, "message" => "Missing or invalid argument: VALUE") );
|
return new Alternc_Api_Response( array("code" => self::ERR_INVALID_ARGUMENT, "message" => "Missing or invalid argument: CONTENT") );
|
||||||
}
|
}
|
||||||
|
|
||||||
$isok=$this->ssl->alias_add($options["name"],$options["value"]);
|
$isok=$this->ssl->alias_add($options["name"],$options["content"]);
|
||||||
if ($isok===false) {
|
if ($isok===false) {
|
||||||
return $this->alterncLegacyErrorManager();
|
return $this->alterncLegacyErrorManager();
|
||||||
}
|
}
|
||||||
|
|
@ -171,7 +172,7 @@ class Alternc_Api_Object_Ssl {
|
||||||
|
|
||||||
/** API Method from legacy class alias_del()
|
/** API Method from legacy class alias_del()
|
||||||
* @param $options a hash with parameters transmitted to legacy call
|
* @param $options a hash with parameters transmitted to legacy call
|
||||||
* del the alias 'name' with the content value 'value' in the global apache configuration
|
* del the alias 'name' in the global apache configuration
|
||||||
* @return Alternc_Api_Response true
|
* @return Alternc_Api_Response true
|
||||||
*/
|
*/
|
||||||
function aliasDel($options) {
|
function aliasDel($options) {
|
||||||
|
|
|
||||||
|
|
@ -42,7 +42,7 @@ class m_ssl {
|
||||||
const FILTER_EXPIRED = 4;
|
const FILTER_EXPIRED = 4;
|
||||||
const FILTER_SHARED = 8;
|
const FILTER_SHARED = 8;
|
||||||
|
|
||||||
const SSL_INCRON_FILE = "/var/run/alternc/generate_certif_alias";
|
const SSL_INCRON_FILE = "/var/run/alternc/ssl/generate_certif_alias";
|
||||||
|
|
||||||
/* ----------------------------------------------------------------- */
|
/* ----------------------------------------------------------------- */
|
||||||
/**
|
/**
|
||||||
|
|
@ -412,19 +412,19 @@ class m_ssl {
|
||||||
* certif_alias table and add it to apache configuration
|
* certif_alias table and add it to apache configuration
|
||||||
* by launching a incron action.
|
* by launching a incron action.
|
||||||
* name is the name of the alias, starting by /
|
* name is the name of the alias, starting by /
|
||||||
* value is the value of the filename stored at this location
|
* content is the content of the filename stored at this location
|
||||||
* If an alias with the same name already exists, return false.
|
* If an alias with the same name already exists, return false.
|
||||||
* if the alias has been properly defined, return true.
|
* if the alias has been properly defined, return true.
|
||||||
* @return boolean
|
* @return boolean
|
||||||
*/
|
*/
|
||||||
function alias_add($name,$value) {
|
function alias_add($name,$content) {
|
||||||
global $err,$cuid,$db;
|
global $err,$cuid,$db;
|
||||||
$db->query("SELECT name FROM certif_alias WHERE name='".addslashes($name)."';");
|
$db->query("SELECT name FROM certif_alias WHERE name='".addslashes($name)."';");
|
||||||
if ($db->next_record()) {
|
if ($db->next_record()) {
|
||||||
$err->raise("ssl",_("Alias already exists"));
|
$err->raise("ssl",_("Alias already exists"));
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
$db->query("INSERT INTO certif_alias SET name='".addslashes($name)."', value='".addslashes($value)."', uid=".intval($cuid).";");
|
$db->query("INSERT INTO certif_alias SET name='".addslashes($name)."', content='".addslashes($content)."', uid=".intval($cuid).";");
|
||||||
touch(self::SSL_INCRON_FILE);
|
touch(self::SSL_INCRON_FILE);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
@ -487,9 +487,12 @@ class m_ssl {
|
||||||
substr($chain,-26,26)!="-----END CERTIFICATE-----\n")) {
|
substr($chain,-26,26)!="-----END CERTIFICATE-----\n")) {
|
||||||
$this->error.=_("The chained certificate must begin by BEGIN CERTIFICATE and end by END CERTIFICATE lines. Please check you pasted it in PEM form.")."\n";
|
$this->error.=_("The chained certificate must begin by BEGIN CERTIFICATE and end by END CERTIFICATE lines. Please check you pasted it in PEM form.")."\n";
|
||||||
}
|
}
|
||||||
if (substr($key,0,32)!="-----BEGIN RSA PRIVATE KEY-----\n" ||
|
if ( (substr($key,0,32)!="-----BEGIN RSA PRIVATE KEY-----\n" ||
|
||||||
substr($key,-30,30)!="-----END RSA PRIVATE KEY-----\n") {
|
substr($key,-30,30)!="-----END RSA PRIVATE KEY-----\n") &&
|
||||||
$this->error.=_("The private key must begin by BEGIN RSA PRIVATE KEY and end by END RSA PRIVATE KEY lines. Please check you pasted it in PEM form.")."\n";
|
(substr($key,0,28)!="-----BEGIN PRIVATE KEY-----\n" ||
|
||||||
|
substr($key,-26,26)!="-----END PRIVATE KEY-----\n") )
|
||||||
|
{
|
||||||
|
$this->error.=_("The private key must begin by BEGIN (RSA )PRIVATE KEY and end by END (RSA )PRIVATE KEY lines. Please check you pasted it in PEM form.")."\n";
|
||||||
}
|
}
|
||||||
if ($this->error) {
|
if ($this->error) {
|
||||||
return false;
|
return false;
|
||||||
|
|
|
||||||
10
ssl/ssl.sql
10
ssl/ssl.sql
|
|
@ -18,3 +18,13 @@ CREATE TABLE `certificates` (
|
||||||
KEY `uid` (`uid`),
|
KEY `uid` (`uid`),
|
||||||
KEY `ssl_action` (`ssl_action`)
|
KEY `ssl_action` (`ssl_action`)
|
||||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||||
|
|
||||||
|
|
||||||
|
CREATE TABLE IF NOT EXISTS `certif_alias` (
|
||||||
|
`name` varchar(255) NOT NULL,
|
||||||
|
`content` text NOT NULL,
|
||||||
|
`uid` int(10) unsigned NOT NULL,
|
||||||
|
`created` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
||||||
|
PRIMARY KEY (`name`),
|
||||||
|
KEY `uid` (`uid`)
|
||||||
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='Global aliases defined for SSL certificates FILE validation processes';
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
rm -f /var/run/alternc/generate_certif_alias
|
rm -f /var/run/alternc/ssl/generate_certif_alias
|
||||||
|
|
||||||
# Launched by incron when /tmp/generate_certif_alias exists
|
# Launched by incron when /tmp/generate_certif_alias exists
|
||||||
# regenerate the list of global aliases used by Comodo for certificate ownership validation
|
# regenerate the list of global aliases used by Comodo for certificate ownership validation
|
||||||
|
|
@ -13,10 +13,10 @@ FILEDIR=/var/lib/alternc/ssl-cert-alias
|
||||||
rm -f "$TMP"
|
rm -f "$TMP"
|
||||||
mkdir -p "$FILEDIR"
|
mkdir -p "$FILEDIR"
|
||||||
|
|
||||||
mysql --defaults-file=/etc/alternc/.my.cnf --skip-column-names -B -e "SELECT name,value FROM certif_alias;" | while read name value
|
mysql --defaults-file=/etc/alternc/my.cnf --skip-column-names -B -e "SELECT name,content FROM certif_alias;" | while read name content
|
||||||
do
|
do
|
||||||
echo "alias $name ${FILEDIR}${name}" >>$TMP
|
echo "alias $name ${FILEDIR}${name}" >>$TMP
|
||||||
echo "$value" >"${FILEDIR}${name}"
|
echo "$content" >"${FILEDIR}${name}"
|
||||||
done
|
done
|
||||||
mv -f "$TMP" "$APACHECONF"
|
mv -f "$TMP" "$APACHECONF"
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue