diff --git a/bin/v-copy-sys-mail-ssl b/bin/v-add-sys-mail-ssl similarity index 77% rename from bin/v-copy-sys-mail-ssl rename to bin/v-add-sys-mail-ssl index 5b52a688..1ebffdc3 100755 --- a/bin/v-copy-sys-mail-ssl +++ b/bin/v-add-sys-mail-ssl @@ -26,7 +26,7 @@ source $VESTA/conf/vesta.conf check_args '2' "$#" 'USER DOMAIN [RESTART]' is_format_valid 'user' 'domain' -is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' +is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM' is_object_valid 'user' 'USER' "$user" is_object_valid 'web' 'DOMAIN' "$domain" is_object_value_exist 'web' 'DOMAIN' "$domain" '$SSL' @@ -51,8 +51,8 @@ fi diff $dom_crt $vst_crt >/dev/null 2>&1 if [ $? -ne 0 ]; then rm -f $vst_crt.old $vst_key.old - mv $vst_crt $vst_crt.old - mv $vst_key $vst_key.old + mv $vst_crt $vst_crt.old >/dev/null 2>&1 + mv $vst_key $vst_key.old >/dev/null 2>&1 cp $dom_crt $vst_crt 2>/dev/null cp $dom_key $vst_key 2>/dev/null chown root:mail $vst_crt $vst_key @@ -60,6 +60,23 @@ else restart=no fi +# Updating mail certificate +case $MAIL_SYSTEM in + exim) conf='/etc/exim/exim.conf';; + exim4) conf='/etc/exim4/exim4.conf.template';; +esac +if [ -e "$conf" ]; then + sed -e "s|^tls_certificate.*|tls_certificate = $vst_crt|" \ + -e "s|^tls_privatekey.*|tls_privatekey = $vst_key|" -i $conf +fi + +# Updating imap certificate +conf="/etc/dovecot/conf.d/10-ssl.conf" +if [ ! -z "$IMAP_SYSTEM" ] && [ -e "$conf" ]; then + sed -e "s|ssl_cert.*|ssl_cert = <$vst_crt|" \ + -e "s|ssl_key.*|ssl_key = <$vst_key|" -i $conf +fi + #----------------------------------------------------------# # Vesta # diff --git a/bin/v-copy-sys-vesta-ssl b/bin/v-add-sys-vesta-ssl similarity index 93% rename from bin/v-copy-sys-vesta-ssl rename to bin/v-add-sys-vesta-ssl index 94a0cdfc..32cd6c14 100755 --- a/bin/v-copy-sys-vesta-ssl +++ b/bin/v-add-sys-vesta-ssl @@ -1,5 +1,5 @@ #!/bin/bash -# info: copy vesta ssl certificate +# info: add vesta ssl certificate # options: USER DOMAIN [RESTART] # # The function copies user domain SSL to vesta SSL directory @@ -67,10 +67,10 @@ fi # Restarting services if [ "$restart" != 'no' ]; then - if [ ! -z "$MAIL_SYSTEM" ]; then + if [ ! -z "$MAIL_SYSTEM" ] && [ -z "$MAIL_CERTIFICATE" ]; then $BIN/v-restart-service $MAIL_SYSTEM fi - if [ ! -z "$IMAP_SYSTEM" ]; then + if [ ! -z "$IMAP_SYSTEM" ] && [ -z "$MAIL_CERTIFICATE" ]; then $BIN/v-restart-service $IMAP_SYSTEM fi if [ ! -z "$FTP_SYSTEM" ]; then diff --git a/bin/v-add-web-domain-ssl b/bin/v-add-web-domain-ssl index a006d072..d7a209f1 100755 --- a/bin/v-add-web-domain-ssl +++ b/bin/v-add-web-domain-ssl @@ -120,6 +120,22 @@ check_result $? "Web restart failed" >/dev/null $BIN/v-restart-proxy $restart check_result $? "Proxy restart failed" >/dev/null +# Updating system ssl dependencies +if [ -z "$VESTA_CERTIFICATE" ]; then + crt_user=$(echo "$VESTA_CERTIFICATE" |cut -f 1 -d :) + crt_domain=$(echo "$VESTA_CERTIFICATE" |cut -f 2 -d :) + if [ "$user" = "$crt_user" ] && [ "$domain" = "$crt_domain" ]; then + $BIN/v-add-sys-vesta-ssl $user $domain >/dev/null 2>&1 + fi +fi +if [ -z "$MAIL_CERTIFICATE" ]; then + crt_user=$(echo "$MAIL_CERTIFICATE" |cut -f 1 -d :) + crt_domain=$(echo "$MAIL_CERTIFICATE" |cut -f 2 -d :) + if [ "$user" = "$crt_user" ] && [ "$domain" = "$crt_domain" ]; then + $BIN/v-add-sys-mail-ssl $user $domain >/dev/null 2>&1 + fi +fi + if [ ! -z "$UPDATE_HOSTNAME_SSL" ] && [ "$UPDATE_HOSTNAME_SSL" = "yes" ]; then hostname=$(hostname) if [ "$hostname" = "$domain" ]; then diff --git a/bin/v-delete-sys-mail-ssl b/bin/v-delete-sys-mail-ssl new file mode 100755 index 00000000..06dab82b --- /dev/null +++ b/bin/v-delete-sys-mail-ssl @@ -0,0 +1,75 @@ +#!/bin/bash +# info: delete sys vesta user ssl certificate +# options: NONE +# +# The script disables user domain ssl synchronization + + +#----------------------------------------------------------# +# Variable & Function # +#----------------------------------------------------------# + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +vst_crt="$VESTA/ssl/certificate.crt" +vst_key="$VESTA/ssl/certificate.key" + +# Updating mail certificate +case $MAIL_SYSTEM in + exim) conf='/etc/exim/exim.conf';; + exim4) conf='/etc/exim4/exim4.conf.template';; +esac +if [ -e "$conf" ]; then + sed -e "s|^tls_certificate.*|tls_certificate = $vst_crt|" \ + -e "s|^tls_privatekey.*|tls_privatekey = $vst_key|" -i $conf +fi + +# Updating imap certificate +conf="/etc/dovecot/conf.d/10-ssl.conf" +if [ ! -z "$IMAP_SYSTEM" ] && [ -e "$conf" ]; then + sed -e "s|ssl_cert.*|ssl_cert = <$vst_crt|" \ + -e "s|ssl_key.*|ssl_key = <$vst_key|" -i $conf +fi + +# Moving old certificates +if [ -e "$VESTA/ssl/mail.crt" ]; then + mv -f $VESTA/ssl/mail.crt $VESTA/ssl/mail.crt.old +fi +if [ -e "VESTA/ssl/mail.key" ]; then + mv $VESTA/ssl/mail.key VESTA/ssl/mail.key.old +fi + +# Updating vesta.conf value +sed -i "/MAIL_CERTIFICATE=/ d" $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Restarting services +if [ "$restart" != 'no' ]; then + if [ ! -z "$MAIL_SYSTEM" ]; then + $BIN/v-restart-service $MAIL_SYSTEM + fi + if [ ! -z "$IMAP_SYSTEM" ]; then + $BIN/v-restart-service $IMAP_SYSTEM + fi +fi + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-delete-sys-vesta-ssl b/bin/v-delete-sys-vesta-ssl new file mode 100755 index 00000000..e90f32b9 --- /dev/null +++ b/bin/v-delete-sys-vesta-ssl @@ -0,0 +1,37 @@ +#!/bin/bash +# info: delete sys vesta user ssl certificate +# options: NONE +# +# The script disables user domain ssl synchronization + + +#----------------------------------------------------------# +# Variable & Function # +#----------------------------------------------------------# + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Updating vesta.conf value +sed -i "/VESTA_CERTIFICATE=/ d" $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-list-sys-config b/bin/v-list-sys-config index 879c3ab3..7764af29 100755 --- a/bin/v-list-sys-config +++ b/bin/v-list-sys-config @@ -51,7 +51,9 @@ json_list() { "MAIL_URL": "'$MAIL_URL'", "DB_PMA_URL": "'$DB_PMA_URL'", "DB_PGA_URL": "'$DB_PGA_URL'", - "SOFTACULOUS": "'$SOFTACULOUS'" + "SOFTACULOUS": "'$SOFTACULOUS'", + "MAIL_CERTIFICATE": "'$MAIL_CERTIFICATE'", + "VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'" } }' } @@ -138,6 +140,12 @@ shell_list() { if [ ! -z "$LANGUAGE" ] && [ "$LANGUAGE" != 'en' ]; then echo "Language: $LANGUAGE" fi + if [ ! -z "$MAIL_CERTIFICATE" ]; then + echo "Mail SSL: $MAIL_CERTIFICATE" + fi + if [ ! -z "$VESTA_CERTIFICATE" ]; then + echo "Vesta SSL: $VESTA_CERTIFICATE" + fi echo "Version: $VERSION" } @@ -151,7 +159,8 @@ plain_list() { echo -ne "$CRON_SYSTEM\t$DISK_QUOTA\t$FIREWALL_SYSTEM\t" echo -ne "$FIREWALL_EXTENSION\t$FILEMANAGER_KEY\t$SFTPJAIL_KEY\t" echo -ne "$REPOSITORY\t$VERSION\t$LANGUAGE\t$BACKUP_GZIP\t$BACKUP\t" - echo -e "$MAIL_URL\t$DB_PMA_URL\t$DB_PGA_URL" + echo -ne "$MAIL_URL\t$DB_PMA_URL\t$DB_PGA_URL\t$MAIL_CERTIFICATE\t" + echo -e "$VESTA_CERTIFICATE" } @@ -165,7 +174,8 @@ csv_list() { echo -n "'CRON_SYSTEM','DISK_QUOTA','FIREWALL_SYSTEM'," echo -n "'FIREWALL_EXTENSION','FILEMANAGER_KEY','SFTPJAIL_KEY'," echo -n "'REPOSITORY','VERSION','LANGUAGE','BACKUP_GZIP','BACKUP'," - echo -n "'MAIL_URL','DB_PMA_URL','DB_PGA_URL'" + echo -n "'MAIL_URL','DB_PMA_URL','DB_PGA_URL', 'SOFTACULOUS'," + echo -n "'MAIL_CERTIFICATE','VESTA_CERTIFICATE'" echo echo -n "'$WEB_SYSTEM','$WEB_RGROUPS','$WEB_PORT','$WEB_SSL'," echo -n "'$WEB_SSL_PORT','$WEB_BACKEND','$PROXY_SYSTEM','$PROXY_PORT'," @@ -176,6 +186,7 @@ csv_list() { echo -n "'$FIREWALL_EXTENSION','$FILEMANAGER_KEY','$SFTPJAIL_KEY'," echo -n "'$REPOSITORY','$VERSION','$LANGUAGE','$BACKUP_GZIP','$BACKUP'," echo -n "'$MAIL_URL','$DB_PMA_URL','$DB_PGA_URL', '$SOFTACULOUS'" + echo -n "'$MAIL_CERTIFICATE','$VESTA_CERTIFICATE'" echo } @@ -187,7 +198,7 @@ csv_list() { # Listing data case $format in json) json_list ;; - plain) shell_list ;; + plain) plain_list ;; csv) csv_list ;; shell) shell_list ;; esac diff --git a/bin/v-list-sys-mail-ssl b/bin/v-list-sys-mail-ssl new file mode 100755 index 00000000..5da74e08 --- /dev/null +++ b/bin/v-list-sys-mail-ssl @@ -0,0 +1,135 @@ +#!/bin/bash +# info: list mail ssl certificate +# options: [FORMAT] +# +# The function of obtaining mail ssl files. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +format=${1-shell} + +# Includes +source $VESTA/func/main.sh + +# JSON list function +json_list() { + echo '{' + echo -e "\t\"MAIL\": {" + echo " \"CRT\": \"$crt\"," + echo " \"KEY\": \"$key\"," + echo " \"CA\": \"$ca\"," + echo " \"SUBJECT\": \"$subj\"," + echo " \"ALIASES\": \"$alt_dns\"," + echo " \"NOT_BEFORE\": \"$before\"," + echo " \"NOT_AFTER\": \"$after\"," + echo " \"SIGNATURE\": \"$signature\"," + echo " \"PUB_KEY\": \"$pub_key\"," + echo " \"ISSUER\": \"$issuer\"" + echo -e "\t}\n}" +} + +# SHELL list function +shell_list() { + if [ ! -z "$crt" ]; then + echo -e "$crt" + fi + if [ ! -z "$key" ]; then + echo -e "\n$key" + fi + if [ ! -z "$crt" ]; then + echo + echo + echo "SUBJECT: $subj" + if [ ! -z "$alt_dns" ]; then + echo "ALIASES: ${alt_dns//,/ }" + fi + echo "VALID FROM: $before" + echo "VALID TIL: $after" + echo "SIGNATURE: $signature" + echo "PUB_KEY: $pub_key" + echo "ISSUER: $issuer" + fi +} + +# PLAIN list function +plain_list() { + if [ ! -z "$crt" ]; then + echo -e "$crt" + fi + if [ ! -z "$key" ]; then + echo -e "\n$key" + fi + if [ ! -z "$ca" ]; then + echo -e "\n$ca" + fi + if [ ! -z "$crt" ]; then + echo "$subj" + echo "${alt_dns//,/ }" + echo "$before" + echo "$after" + echo "$signature" + echo "$pub_key" + echo "$issuer" + fi + +} + +# CSV list function +csv_list() { + echo -n "CRT,KEY,CA,SUBJECT,ALIASES,NOT_BEFORE,NOT_AFTER,SIGNATURE," + echo "PUB_KEY,ISSUER" + echo -n "\"$crt\",\"$key\",\"$ca\",\"$subj\",\"${alt_dns//,/ }\"," + echo "\"$before\",\"$after\",\"$signature\",\"$pub_key\",\"$issuer\"" +} + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Parsing SSL certificate +if [ ! -e "$VESTA/ssl/mail.crt" ] || [ ! -e "$VESTA/ssl/mail.key" ]; then + exit +fi + +crt=$(cat $VESTA/ssl/mail.crt |sed ':a;N;$!ba;s/\n/\\n/g') +key=$(cat $VESTA/ssl/mail.key |sed ':a;N;$!ba;s/\n/\\n/g') + + +# Parsing SSL certificate details without CA +info=$(openssl x509 -text -in $VESTA/ssl/mail.crt) +subj=$(echo "$info" |grep Subject: |cut -f 2 -d =) +before=$(echo "$info" |grep Before: |sed -e "s/.*Before: //") +after=$(echo "$info" |grep "After :" |sed -e "s/.*After : //") +signature=$(echo "$info" |grep "Algorithm:" |head -n1 ) +signature=$(echo "$signature"| sed -e "s/.*Algorithm: //") +pub_key=$(echo "$info" |grep Public-Key: |cut -f2 -d \( | tr -d \)) +issuer=$(echo "$info" |grep Issuer: |sed -e "s/.*Issuer: //") +alt_dns=$(echo "$info" |grep DNS |sed -e 's/DNS:/\n/g' |tr -d ',') +alt_dns=$(echo "$alt_dns" |tr -d ' ' |sed -e "/^$/d") +alt_dns=$(echo "$alt_dns" |sed -e ':a;N;$!ba;s/\n/,/g') + +# Listing data +case $format in + json) json_list ;; + plain) plain_list ;; + csv) csv_list ;; + shell) shell_list ;; +esac + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit diff --git a/bin/v-search-ssl-certificates b/bin/v-search-ssl-certificates index 5a5c74bf..b392e810 100755 --- a/bin/v-search-ssl-certificates +++ b/bin/v-search-ssl-certificates @@ -18,23 +18,19 @@ source $VESTA/func/main.sh # JSON list function json_list() { IFS=$'\n' - i=1 objects=$(echo "$search_cmd" |wc -l) - echo "{" + i=1 + echo '[' for str in $search_cmd; do eval $str - echo -n ' "'$i'": { - "USER": "'$USER'", - "DOMAIN": "'$DOMAIN'" - }' if [ "$i" -lt "$objects" ]; then - echo ',' + echo -e "\t\"$USER:$DOMAIN\"," else - echo + echo -e "\t\"$USER:$DOMAIN\"" fi - ((i++)) + (( ++i)) done - echo '}' + echo "]" } # SHELL list function