Set new ssl cert permissions
parent
5c8231c8f4
commit
a7389605da
|
@ -8,6 +8,7 @@
|
||||||
# 5: openssl or config not found
|
# 5: openssl or config not found
|
||||||
# 6: not root
|
# 6: not root
|
||||||
# 7: openssl failed
|
# 7: openssl failed
|
||||||
|
# 8: failed to set permissions
|
||||||
|
|
||||||
CONFIG_FILE='/etc/wgapi/config'
|
CONFIG_FILE='/etc/wgapi/config'
|
||||||
if ! [ ${#} -eq 3 ]; then
|
if ! [ ${#} -eq 3 ]; then
|
||||||
|
@ -81,15 +82,16 @@ if ! sudo /usr/bin/openssl x509 -req -sha256 -extensions SAN -CAcreateserial \
|
||||||
-passin "pass:${SSL_CA_PASS}" \
|
-passin "pass:${SSL_CA_PASS}" \
|
||||||
-out "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt" \
|
-out "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt" \
|
||||||
-days "${SSL_DAYS}" >/dev/null 2>&1; then
|
-days "${SSL_DAYS}" >/dev/null 2>&1; then
|
||||||
printf 'Failed to generate SSL cert %s/%s/server.crt\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
printf 'ERROR! Failed to generate SSL cert %s/%s/server.crt\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
||||||
exit 7
|
exit 7
|
||||||
fi; if ! sudo [ -f "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.crt" ]; then
|
fi; if ! sudo [ -f "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.crt" ]; then
|
||||||
printf 'SSL key %s/%s/server.crt was not generated!\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
printf 'ERROR! SSL key %s/%s/server.crt was not generated!\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
||||||
exit 7
|
exit 7
|
||||||
fi; if ! sudo chmod 644 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt"; then
|
fi; if ! sudo chmod 644 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt"; then
|
||||||
printf 'Failed to chmod SSL cert %s/%s/server.crt\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
printf 'ERROR! Failed to chmod SSL cert %s/%s/server.crt\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
||||||
exit 7
|
exit 8
|
||||||
fi
|
fi & if ! sudo chown -R "${username}:${username}" "${SSL_CONFIG_DIR}/${username}/"; then
|
||||||
|
printf 'ERROR! Failed to set %s owner to %s!\n' "${username}:${username}" "${SSL_CONFIG_DIR}/${username}/" >>"${LOGFILE}"
|
||||||
|
|
||||||
# Remove old files
|
# Remove old files
|
||||||
if ! sudo rm "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" 2>/dev/null; then
|
if ! sudo rm "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" 2>/dev/null; then
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
[X] user peer adding
|
[X] user peer adding
|
||||||
[X] user peer deleting
|
[X] user peer deleting
|
||||||
[X] admin peer adding
|
[X] admin peer adding
|
||||||
[ ] admin peer deleting
|
[X] admin peer deleting
|
||||||
[ ] set permissions of ssl certs
|
[ ] set permissions of ssl certs
|
||||||
[ ] admin user adding
|
[ ] admin user adding
|
||||||
[ ] admin user deleting
|
[ ] admin user deleting
|
||||||
|
|
Loading…
Reference in New Issue