Set new ssl cert permissions

back/lib/ssl_peer_add

@@ -8,6 +8,7 @@
 # 	5: openssl or config not found
 # 	6: not root
 # 	7: openssl failed
+# 	8: failed to set permissions
 
 CONFIG_FILE='/etc/wgapi/config'
 if ! [ ${#} -eq 3 ]; then
@@ -81,15 +82,16 @@ if ! sudo /usr/bin/openssl x509 -req -sha256 -extensions SAN -CAcreateserial \
 	-passin "pass:${SSL_CA_PASS}" \
 	-out "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt" \
 	-days "${SSL_DAYS}"  >/dev/null 2>&1; then
-		printf 'Failed to generate SSL cert %s/%s/server.crt\n' "${username}" "${hostname}" >>"${LOGFILE}"
+		printf 'ERROR! Failed to generate SSL cert %s/%s/server.crt\n' "${username}" "${hostname}" >>"${LOGFILE}"
 		exit 7
 fi; if ! sudo [ -f "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.crt" ]; then
-	printf 'SSL key %s/%s/server.crt was not generated!\n' "${username}" "${hostname}" >>"${LOGFILE}"
+	printf 'ERROR! SSL key %s/%s/server.crt was not generated!\n' "${username}" "${hostname}" >>"${LOGFILE}"
 	exit 7
 fi; if ! sudo chmod 644 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt"; then
-	printf 'Failed to chmod SSL cert %s/%s/server.crt\n' "${username}" "${hostname}" >>"${LOGFILE}"
-	exit 7
-fi
+	printf 'ERROR! Failed to chmod SSL cert %s/%s/server.crt\n' "${username}" "${hostname}" >>"${LOGFILE}"
+	exit 8
+fi & if ! sudo chown -R "${username}:${username}" "${SSL_CONFIG_DIR}/${username}/"; then
+	printf 'ERROR! Failed to set %s owner to %s!\n' "${username}:${username}" "${SSL_CONFIG_DIR}/${username}/" >>"${LOGFILE}"
 
 # Remove old files
 if ! sudo rm "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" 2>/dev/null; then

checklist.md

@@ -5,7 +5,7 @@
 [X] user peer adding
 [X] user peer deleting
 [X] admin peer adding
-[ ] admin peer deleting
+[X] admin peer deleting
 [ ] set permissions of ssl certs
 [ ] admin user adding
 [ ] admin user deleting