kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

[enh] ssl : reload-certs for sysadmin + misc ssl fixes (including set_variables)

This commit is contained in:
Benjamin Sonntag 2018-06-24 17:04:55 +02:00
parent 178823a9f0
commit bb3bd0b14c
4 changed files with 47 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
bureau/class/m_ssl.php
View File

@ -133,6 +133,7 @@ class m_ssl {
} }
$dom->unlock(); $dom->unlock();
$this->last_certificate_id=$maxid; $this->last_certificate_id=$maxid;
variable_set('last_certificate_id',$this->last_certificate_id);
} }
} }
@ -177,7 +178,7 @@ class m_ssl {
* set the correct permissions * set the correct permissions
* try to minimize zero-file-size risk or timing attack * try to minimize zero-file-size risk or timing attack
*/ */
function copycert($target,$id) { private function copycert($target,$id) {
global $db; global $db;
$db->query("SELECT * FROM certificate WHERE id=?",array($id)); $db->query("SELECT * FROM certificate WHERE id=?",array($id));
if (!$db->next_record()) return false; if (!$db->next_record()) return false;

3
install/upgrades/3.5.0.1.sql
View File

@ -60,6 +60,7 @@ UPDATE variable
DELETE FROM variable WHERE name IN ( DELETE FROM variable WHERE name IN (
'mail_human_imaps','mail_human_pop3','mail_human_pop3s', 'mail_human_imaps','mail_human_pop3','mail_human_pop3s',
'mail_human_smtps','mail_human_submission' 'mail_human_smtps','mail_human_submission', 'mail_human_imap', 'mail_human_smtp',
'ftp_human_name'
); );

37
src/reload-certs Normal file
View File

@ -0,0 +1,37 @@
#!/usr/bin/php
<?php
/*
function called by a sysadmin when (s)he want to reload all
certificate configured for all subdomains, including system services.
launch as root as :
/usr/lib/alternc/reload-certs <enter>
system services WILL BE RELOADED
*/
// Bootstrap
require_once("/usr/share/alternc/panel/class/config_nochk.php");
if (!isset($ssl)) {
echo "OUPS: reload-certs launched, but ssl module not installed, exiting\n";
exit();
}
if (posix_getuid()!=0) {
echo "This script MUST be launched as root, it should be able to overwrite files in /etc/ssl/private\n";
exit(-1);
}
// force reloading all valid certificates in the proper vhosts :
variable_set('last_certificate_id',0);
$ssl->cron_new_certs();
// forcibly reload all services (new certificates may apply)
$services=array("postfix","dovecot","proftpd","apache2");
foreach($services as $service) {
echo "Reloading $service\n";
passthru("service $service reload");
echo "Done...\n";
}

6
src/update_certs.sh
View File

@ -29,6 +29,12 @@ if (!isset($argv[1])) {
echo "FATAL: must be launched from functions_hosting.sh !\n"; echo "FATAL: must be launched from functions_hosting.sh !\n";
exit(); exit();
} }
if (posix_getuid()!=0) {
echo "This script MUST be launched as root, it should be able to overwrite files in /etc/ssl/private\n";
exit(-1);
}
if ( ($argv[1]=="create" || $argv[1]=="postinst" || $argv[1]=="delete") ) { if ( ($argv[1]=="create" || $argv[1]=="postinst" || $argv[1]=="delete") ) {
if (count($argv)<5) { if (count($argv)<5) {
echo "FATAL: create/postinst/delete need 4 parameters: type domain mail value\n"; echo "FATAL: create/postinst/delete need 4 parameters: type domain mail value\n";