Просмотр исходного кода

backend: user domain vesta ssl certificate support

Serghey Rodin 7 лет назад
Родитель
Сommit
8edf965375

+ 20 - 3
bin/v-copy-sys-mail-ssl → bin/v-add-sys-mail-ssl

@@ -26,7 +26,7 @@ source $VESTA/conf/vesta.conf
 
 check_args '2' "$#" 'USER DOMAIN [RESTART]'
 is_format_valid 'user' 'domain'
-is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
+is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"
 is_object_value_exist 'web' 'DOMAIN' "$domain" '$SSL'
@@ -51,8 +51,8 @@ fi
 diff $dom_crt $vst_crt >/dev/null 2>&1
 if [ $? -ne 0 ]; then
     rm -f $vst_crt.old $vst_key.old
-    mv $vst_crt $vst_crt.old
-    mv $vst_key $vst_key.old
+    mv $vst_crt $vst_crt.old >/dev/null 2>&1
+    mv $vst_key $vst_key.old >/dev/null 2>&1
     cp $dom_crt $vst_crt 2>/dev/null
     cp $dom_key $vst_key 2>/dev/null
     chown root:mail $vst_crt $vst_key
@@ -60,6 +60,23 @@ else
     restart=no
 fi
 
+# Updating mail certificate
+case $MAIL_SYSTEM in
+    exim)           conf='/etc/exim/exim.conf';;
+    exim4)          conf='/etc/exim4/exim4.conf.template';;
+esac
+if [ -e "$conf" ]; then
+    sed -e "s|^tls_certificate.*|tls_certificate = $vst_crt|" \
+        -e "s|^tls_privatekey.*|tls_privatekey = $vst_key|" -i $conf
+fi
+
+# Updating imap certificate
+conf="/etc/dovecot/conf.d/10-ssl.conf"
+if [ ! -z "$IMAP_SYSTEM" ] && [ -e "$conf" ]; then
+    sed -e "s|ssl_cert.*|ssl_cert = <$vst_crt|" \
+        -e "s|ssl_key.*|ssl_key = <$vst_key|" -i $conf
+fi
+
 
 #----------------------------------------------------------#
 #                       Vesta                              #

+ 3 - 3
bin/v-copy-sys-vesta-ssl → bin/v-add-sys-vesta-ssl

@@ -1,5 +1,5 @@
 #!/bin/bash
-# info: copy vesta ssl certificate
+# info: add vesta ssl certificate
 # options: USER DOMAIN [RESTART]
 #
 # The function copies user domain SSL to vesta SSL directory
@@ -67,10 +67,10 @@ fi
 
 # Restarting services
 if [ "$restart" != 'no' ]; then
-    if [ ! -z "$MAIL_SYSTEM" ]; then
+    if [ ! -z "$MAIL_SYSTEM" ] && [ -z "$MAIL_CERTIFICATE" ]; then
         $BIN/v-restart-service $MAIL_SYSTEM
     fi
-    if [ ! -z "$IMAP_SYSTEM" ]; then
+    if [ ! -z "$IMAP_SYSTEM" ] && [ -z "$MAIL_CERTIFICATE" ]; then
         $BIN/v-restart-service $IMAP_SYSTEM
     fi
     if [ ! -z "$FTP_SYSTEM" ]; then

+ 16 - 0
bin/v-add-web-domain-ssl

@@ -120,6 +120,22 @@ check_result $? "Web restart failed" >/dev/null
 $BIN/v-restart-proxy $restart
 check_result $? "Proxy restart failed" >/dev/null
 
+# Updating system ssl dependencies
+if [ -z "$VESTA_CERTIFICATE" ]; then
+    crt_user=$(echo "$VESTA_CERTIFICATE" |cut -f 1 -d :)
+    crt_domain=$(echo "$VESTA_CERTIFICATE" |cut -f 2 -d :)
+    if [ "$user" = "$crt_user" ] && [ "$domain" = "$crt_domain" ]; then
+        $BIN/v-add-sys-vesta-ssl $user $domain >/dev/null 2>&1
+    fi
+fi
+if [ -z "$MAIL_CERTIFICATE" ]; then
+    crt_user=$(echo "$MAIL_CERTIFICATE" |cut -f 1 -d :)
+    crt_domain=$(echo "$MAIL_CERTIFICATE" |cut -f 2 -d :)
+    if [ "$user" = "$crt_user" ] && [ "$domain" = "$crt_domain" ]; then
+        $BIN/v-add-sys-mail-ssl $user $domain >/dev/null 2>&1
+    fi
+fi
+
 if [ ! -z "$UPDATE_HOSTNAME_SSL" ] && [ "$UPDATE_HOSTNAME_SSL" = "yes" ]; then
     hostname=$(hostname)
     if [ "$hostname" = "$domain" ]; then

+ 75 - 0
bin/v-delete-sys-mail-ssl

@@ -0,0 +1,75 @@
+#!/bin/bash
+# info: delete sys vesta user ssl certificate
+# options: NONE
+#
+# The script disables user domain ssl synchronization
+
+
+#----------------------------------------------------------#
+#                  Variable & Function                     #
+#----------------------------------------------------------#
+
+# Includes
+source $VESTA/func/main.sh
+source $VESTA/conf/vesta.conf
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+vst_crt="$VESTA/ssl/certificate.crt"
+vst_key="$VESTA/ssl/certificate.key"
+
+# Updating mail certificate
+case $MAIL_SYSTEM in
+    exim)           conf='/etc/exim/exim.conf';;
+    exim4)          conf='/etc/exim4/exim4.conf.template';;
+esac
+if [ -e "$conf" ]; then
+    sed -e "s|^tls_certificate.*|tls_certificate = $vst_crt|" \
+        -e "s|^tls_privatekey.*|tls_privatekey = $vst_key|" -i $conf
+fi
+
+# Updating imap certificate
+conf="/etc/dovecot/conf.d/10-ssl.conf"
+if [ ! -z "$IMAP_SYSTEM" ] && [ -e "$conf" ]; then
+    sed -e "s|ssl_cert.*|ssl_cert = <$vst_crt|" \
+        -e "s|ssl_key.*|ssl_key = <$vst_key|" -i $conf
+fi
+
+# Moving old certificates
+if [ -e "$VESTA/ssl/mail.crt" ]; then
+    mv -f $VESTA/ssl/mail.crt $VESTA/ssl/mail.crt.old
+fi
+if [ -e "VESTA/ssl/mail.key" ]; then
+    mv $VESTA/ssl/mail.key VESTA/ssl/mail.key.old
+fi
+
+# Updating vesta.conf value
+sed -i "/MAIL_CERTIFICATE=/ d" $VESTA/conf/vesta.conf
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Restarting services
+if [ "$restart" != 'no' ]; then
+    if [ ! -z "$MAIL_SYSTEM" ]; then
+        $BIN/v-restart-service $MAIL_SYSTEM
+    fi
+    if [ ! -z "$IMAP_SYSTEM" ]; then
+        $BIN/v-restart-service $IMAP_SYSTEM
+    fi
+fi
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit

+ 37 - 0
bin/v-delete-sys-vesta-ssl

@@ -0,0 +1,37 @@
+#!/bin/bash
+# info: delete sys vesta user ssl certificate
+# options: NONE
+#
+# The script disables user domain ssl synchronization
+
+
+#----------------------------------------------------------#
+#                  Variable & Function                     #
+#----------------------------------------------------------#
+
+# Includes
+source $VESTA/func/main.sh
+source $VESTA/conf/vesta.conf
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Updating vesta.conf value
+sed -i "/VESTA_CERTIFICATE=/ d" $VESTA/conf/vesta.conf
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit

+ 15 - 4
bin/v-list-sys-config

@@ -51,7 +51,9 @@ json_list() {
         "MAIL_URL": "'$MAIL_URL'",
         "DB_PMA_URL": "'$DB_PMA_URL'",
         "DB_PGA_URL": "'$DB_PGA_URL'",
-        "SOFTACULOUS": "'$SOFTACULOUS'"
+        "SOFTACULOUS": "'$SOFTACULOUS'",
+        "MAIL_CERTIFICATE": "'$MAIL_CERTIFICATE'",
+        "VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'"
     }
 }'
 }
@@ -138,6 +140,12 @@ shell_list() {
     if [ ! -z "$LANGUAGE" ] && [ "$LANGUAGE" != 'en' ]; then
         echo "Language:       $LANGUAGE"
     fi
+    if [ ! -z "$MAIL_CERTIFICATE" ]; then
+        echo "Mail SSL:       $MAIL_CERTIFICATE"
+    fi
+    if [ ! -z "$VESTA_CERTIFICATE" ]; then
+        echo "Vesta SSL:      $VESTA_CERTIFICATE"
+    fi
     echo "Version:        $VERSION"
 }
 
@@ -151,7 +159,8 @@ plain_list() {
     echo -ne "$CRON_SYSTEM\t$DISK_QUOTA\t$FIREWALL_SYSTEM\t"
     echo -ne "$FIREWALL_EXTENSION\t$FILEMANAGER_KEY\t$SFTPJAIL_KEY\t"
     echo -ne "$REPOSITORY\t$VERSION\t$LANGUAGE\t$BACKUP_GZIP\t$BACKUP\t"
-    echo -e "$MAIL_URL\t$DB_PMA_URL\t$DB_PGA_URL"
+    echo -ne "$MAIL_URL\t$DB_PMA_URL\t$DB_PGA_URL\t$MAIL_CERTIFICATE\t"
+    echo -e  "$VESTA_CERTIFICATE"
 }
 
 
@@ -165,7 +174,8 @@ csv_list() {
     echo -n "'CRON_SYSTEM','DISK_QUOTA','FIREWALL_SYSTEM',"
     echo -n "'FIREWALL_EXTENSION','FILEMANAGER_KEY','SFTPJAIL_KEY',"
     echo -n "'REPOSITORY','VERSION','LANGUAGE','BACKUP_GZIP','BACKUP',"
-    echo -n "'MAIL_URL','DB_PMA_URL','DB_PGA_URL'"
+    echo -n "'MAIL_URL','DB_PMA_URL','DB_PGA_URL', 'SOFTACULOUS',"
+    echo -n "'MAIL_CERTIFICATE','VESTA_CERTIFICATE'"
     echo
     echo -n "'$WEB_SYSTEM','$WEB_RGROUPS','$WEB_PORT','$WEB_SSL',"
     echo -n "'$WEB_SSL_PORT','$WEB_BACKEND','$PROXY_SYSTEM','$PROXY_PORT',"
@@ -176,6 +186,7 @@ csv_list() {
     echo -n "'$FIREWALL_EXTENSION','$FILEMANAGER_KEY','$SFTPJAIL_KEY',"
     echo -n "'$REPOSITORY','$VERSION','$LANGUAGE','$BACKUP_GZIP','$BACKUP',"
     echo -n "'$MAIL_URL','$DB_PMA_URL','$DB_PGA_URL', '$SOFTACULOUS'"
+    echo -n "'$MAIL_CERTIFICATE','$VESTA_CERTIFICATE'"
     echo
 }
 
@@ -187,7 +198,7 @@ csv_list() {
 # Listing data
 case $format in
     json)   json_list ;;
-    plain)  shell_list ;;
+    plain)  plain_list ;;
     csv)    csv_list ;;
     shell)  shell_list ;;
 esac

+ 135 - 0
bin/v-list-sys-mail-ssl

@@ -0,0 +1,135 @@
+#!/bin/bash
+# info: list mail ssl certificate
+# options: [FORMAT]
+#
+# The function of obtaining mail ssl files.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+format=${1-shell}
+
+# Includes
+source $VESTA/func/main.sh
+
+# JSON list function
+json_list() {
+    echo '{'
+    echo -e "\t\"MAIL\": {"
+    echo "        \"CRT\": \"$crt\","
+    echo "        \"KEY\": \"$key\","
+    echo "        \"CA\": \"$ca\","
+    echo "        \"SUBJECT\": \"$subj\","
+    echo "        \"ALIASES\": \"$alt_dns\","
+    echo "        \"NOT_BEFORE\": \"$before\","
+    echo "        \"NOT_AFTER\": \"$after\","
+    echo "        \"SIGNATURE\": \"$signature\","
+    echo "        \"PUB_KEY\": \"$pub_key\","
+    echo "        \"ISSUER\": \"$issuer\""
+    echo -e "\t}\n}"
+}
+
+# SHELL list function
+shell_list() {
+    if [ ! -z "$crt" ]; then
+        echo -e "$crt"
+    fi
+    if [ ! -z "$key" ]; then
+        echo -e "\n$key"
+    fi
+    if [ ! -z "$crt" ]; then
+        echo
+        echo
+        echo "SUBJECT:        $subj"
+        if [ ! -z "$alt_dns" ]; then
+            echo "ALIASES:        ${alt_dns//,/ }"
+        fi
+        echo "VALID FROM:     $before"
+        echo "VALID TIL:      $after"
+        echo "SIGNATURE:      $signature"
+        echo "PUB_KEY:        $pub_key"
+        echo "ISSUER:         $issuer"
+    fi
+}
+
+# PLAIN list function
+plain_list() {
+    if [ ! -z "$crt" ]; then
+        echo -e "$crt"
+    fi
+    if [ ! -z "$key" ]; then
+        echo -e "\n$key"
+    fi
+    if [ ! -z "$ca" ]; then
+        echo -e "\n$ca"
+    fi
+    if [ ! -z "$crt" ]; then
+        echo "$subj"
+        echo "${alt_dns//,/ }"
+        echo "$before"
+        echo "$after"
+        echo "$signature"
+        echo "$pub_key"
+        echo "$issuer"
+    fi
+
+}
+
+# CSV list function
+csv_list() {
+    echo -n "CRT,KEY,CA,SUBJECT,ALIASES,NOT_BEFORE,NOT_AFTER,SIGNATURE,"
+    echo "PUB_KEY,ISSUER"
+    echo -n "\"$crt\",\"$key\",\"$ca\",\"$subj\",\"${alt_dns//,/ }\","
+    echo "\"$before\",\"$after\",\"$signature\",\"$pub_key\",\"$issuer\""
+}
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Parsing SSL certificate
+if [ ! -e "$VESTA/ssl/mail.crt" ] || [ ! -e "$VESTA/ssl/mail.key" ]; then
+    exit
+fi
+
+crt=$(cat $VESTA/ssl/mail.crt |sed ':a;N;$!ba;s/\n/\\n/g')
+key=$(cat $VESTA/ssl/mail.key |sed ':a;N;$!ba;s/\n/\\n/g')
+
+
+# Parsing SSL certificate details without CA
+info=$(openssl x509 -text -in $VESTA/ssl/mail.crt)
+subj=$(echo "$info" |grep Subject: |cut -f 2 -d =)
+before=$(echo "$info" |grep Before: |sed -e "s/.*Before: //")
+after=$(echo "$info" |grep "After :" |sed -e "s/.*After : //")
+signature=$(echo "$info" |grep "Algorithm:" |head -n1 )
+signature=$(echo "$signature"| sed -e "s/.*Algorithm: //")
+pub_key=$(echo "$info" |grep Public-Key: |cut -f2 -d \( | tr -d \))
+issuer=$(echo "$info" |grep Issuer: |sed -e "s/.*Issuer: //")
+alt_dns=$(echo "$info" |grep DNS |sed -e 's/DNS:/\n/g' |tr -d ',')
+alt_dns=$(echo "$alt_dns" |tr -d ' ' |sed -e "/^$/d")
+alt_dns=$(echo "$alt_dns" |sed -e ':a;N;$!ba;s/\n/,/g')
+
+# Listing data
+case $format in
+    json)   json_list ;;
+    plain)  plain_list ;;
+    csv)    csv_list ;;
+    shell)  shell_list ;;
+esac
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit

+ 6 - 10
bin/v-search-ssl-certificates

@@ -18,23 +18,19 @@ source $VESTA/func/main.sh
 # JSON list function
 json_list() {
     IFS=$'\n'
-    i=1
     objects=$(echo "$search_cmd" |wc -l)
-    echo "{"
+    i=1
+    echo '['
     for str in $search_cmd; do
         eval $str
-        echo -n '    "'$i'": {
-        "USER": "'$USER'",
-        "DOMAIN": "'$DOMAIN'"
-    }'
         if [ "$i" -lt "$objects" ]; then
-            echo ','
+            echo -e  "\t\"$USER:$DOMAIN\","
         else
-            echo
+            echo -e  "\t\"$USER:$DOMAIN\""
         fi
-        ((i++))
+        (( ++i))
     done
-    echo '}'
+    echo "]"
 }
 
 # SHELL list function