[enh] ssl : reload-certs for sysadmin + misc ssl fixes (including set_variables)
This commit is contained in:
Benjamin Sonntag
parent
178823a9f0
commit
bb3bd0b14c
|
|
@ -133,6 +133,7 @@ class m_ssl {
|
|||
}
|
||||
$dom->unlock();
|
||||
$this->last_certificate_id=$maxid;
|
||||
variable_set('last_certificate_id',$this->last_certificate_id);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -177,7 +178,7 @@ class m_ssl {
|
|||
* set the correct permissions
|
||||
* try to minimize zero-file-size risk or timing attack
|
||||
*/
|
||||
function copycert($target,$id) {
|
||||
private function copycert($target,$id) {
|
||||
global $db;
|
||||
$db->query("SELECT * FROM certificate WHERE id=?",array($id));
|
||||
if (!$db->next_record()) return false;
|
||||
|
|
|
|||
|
|
@ -60,6 +60,7 @@ UPDATE variable
|
|||
|
||||
DELETE FROM variable WHERE name IN (
|
||||
'mail_human_imaps','mail_human_pop3','mail_human_pop3s',
|
||||
'mail_human_smtps','mail_human_submission'
|
||||
'mail_human_smtps','mail_human_submission', 'mail_human_imap', 'mail_human_smtp',
|
||||
'ftp_human_name'
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,37 @@
|
|||
#!/usr/bin/php
|
||||
<?php
|
||||
/*
|
||||
function called by a sysadmin when (s)he want to reload all
|
||||
certificate configured for all subdomains, including system services.
|
||||
launch as root as :
|
||||
/usr/lib/alternc/reload-certs <enter>
|
||||
system services WILL BE RELOADED
|
||||
*/
|
||||
|
||||
// Bootstrap
|
||||
require_once("/usr/share/alternc/panel/class/config_nochk.php");
|
||||
|
||||
if (!isset($ssl)) {
|
||||
echo "OUPS: reload-certs launched, but ssl module not installed, exiting\n";
|
||||
exit();
|
||||
}
|
||||
|
||||
if (posix_getuid()!=0) {
|
||||
echo "This script MUST be launched as root, it should be able to overwrite files in /etc/ssl/private\n";
|
||||
exit(-1);
|
||||
}
|
||||
|
||||
// force reloading all valid certificates in the proper vhosts :
|
||||
variable_set('last_certificate_id',0);
|
||||
|
||||
$ssl->cron_new_certs();
|
||||
|
||||
// forcibly reload all services (new certificates may apply)
|
||||
$services=array("postfix","dovecot","proftpd","apache2");
|
||||
|
||||
foreach($services as $service) {
|
||||
echo "Reloading $service\n";
|
||||
passthru("service $service reload");
|
||||
echo "Done...\n";
|
||||
}
|
||||
|
||||
|
|
@ -29,6 +29,12 @@ if (!isset($argv[1])) {
|
|||
echo "FATAL: must be launched from functions_hosting.sh !\n";
|
||||
exit();
|
||||
}
|
||||
|
||||
if (posix_getuid()!=0) {
|
||||
echo "This script MUST be launched as root, it should be able to overwrite files in /etc/ssl/private\n";
|
||||
exit(-1);
|
||||
}
|
||||
|
||||
if ( ($argv[1]=="create" || $argv[1]=="postinst" || $argv[1]=="delete") ) {
|
||||
if (count($argv)<5) {
|
||||
echo "FATAL: create/postinst/delete need 4 parameters: type domain mail value\n";
|
||||
|
|
|
|||
Loading…
Reference in New Issue