From d72ffcd9929f1434fba00e09ce141a98f5ba2d9b Mon Sep 17 00:00:00 2001 From: James Kasten Date: Thu, 23 Aug 2012 17:10:35 -0400 Subject: [PATCH] Added a few functions useful for renewal, added some error support for apache restart --- trustify/client/client.py | 2 +- trustify/client/configurator.py | 56 +++++++++++++++++++++++++------- trustify/client/sni_challenge.py | 17 ++-------- 3 files changed, 48 insertions(+), 27 deletions(-) diff --git a/trustify/client/client.py b/trustify/client/client.py index 09fb07675..8b8c46ba8 100644 --- a/trustify/client/client.py +++ b/trustify/client/client.py @@ -387,7 +387,7 @@ def authenticate(): config.enable_site(host.file) # sites may have been enabled / final cleanup - sni_challenge.apache_restart(quiet=curses) + config.restart(quiet=curses) if curses: dialog.Dialog().msgbox("\nCongratulations! You have successfully enabled " + gen_https_names(dn) + "!", width=70) diff --git a/trustify/client/configurator.py b/trustify/client/configurator.py index 52b464411..8cac370c9 100644 --- a/trustify/client/configurator.py +++ b/trustify/client/configurator.py @@ -11,9 +11,9 @@ from trustify.client.CONFIG import SERVER_ROOT, BACKUP_DIR, MODIFIED_FILES from trustify.client.CONFIG import REWRITE_HTTPS_ARGS #TODO - Stop Augeas from loading up backup emacs files in sites-available -#TODO - Need an initialization routine... make sure modified_files exist, -# directories exist..ect -#TODO - Add check to see if server is configured properly +#TODO - Need an initialization routine... make sure directories exist..ect +#TODO - Only check for conflicting enabled sites during redirection +#TODO - Update vhosts in config when new vhosts are created class VH(object): def __init__(self, filename_path, vh_path, vh_addrs, is_ssl): @@ -21,6 +21,7 @@ class VH(object): self.path = vh_path self.addrs = vh_addrs self.names = [] + self.ssl = is_ssl def set_names(self, listOfNames): self.names = listOfNames @@ -105,10 +106,10 @@ class Configurator(object): return vh # Check for servernames/aliases for v in self.vhosts: - for n in v.names: - # TODO: Or a converted FQDN address - if n == name: - return v + if v.ssl == True: + for n in v.names: + if n == name: + return v for v in self.vhosts: for a in v.addrs: tup = a.partition(":") @@ -197,9 +198,8 @@ class Configurator(object): for p in paths: name_vh.append(self.aug.get(p)) - # TODO: Check ramifications for FQDN/IP_ADDR mismatch overlap - # ie. NameVirtualHost FQDN ... - # Does adding additional NameVirtualHost directives cause problems + # TODO: Reread NameBasedVirtual host matching... I think it must be an + # exact match # Check for exact match for vh in name_vh: if vh == addr: @@ -393,7 +393,6 @@ class Configurator(object): """ Duplicates vhost and adds default ssl options New vhost will reside as (avail_fp)-ssl - If original vhost is currently enabled, ssl-vhost will be enabled """ # Copy file ssl_fp = avail_fp + "-trustify-ssl" @@ -585,6 +584,19 @@ LogLevel warn \n\ return vh return None + def get_all_certs(self): + """ + Retrieve all certs on the Apache server + returns: set of file paths + """ + cert_path = self.find_directive("SSLCertificateFile") + file_paths = set() + for p in cert_path: + file_paths.add(self.aug.get(p)) + + return file_paths + + def get_file_path(self, vhost_path): # Strip off /files avail_fp = vhost_path[6:] @@ -750,6 +762,26 @@ LogLevel warn \n\ print "Error reverting configuration" print e sys.exit(36) + + def restart(quiet=False): + """ + Restarts apache server + """ + try: + p = '' + if quiet: + p = subprocess.Popen(['/etc/init.d/apache2', 'reload'], stdout=subprocess.PIPE, stderr=open("/dev/null", 'w')).communicate()[0] + else: + p = subprocess.Popen(['/etc/init.d/apache2', 'reload'], stderr=subprocess.PIPE).communicate()[0] + + if "fail" in p: + print "Apache configuration is incorrect" + print p + return False + return True + except: + print "Apache Restart Failed - Please Check the Configuration" + sys.exit(1) def main(): @@ -771,6 +803,8 @@ def main(): config.parse_file("/etc/apache2/ports_test.conf") + config.restart() + """ #config.make_vhost_ssl("/etc/apache2/sites-available/default") # Testing redirection diff --git a/trustify/client/sni_challenge.py b/trustify/client/sni_challenge.py index ace1c1fa2..435584c5c 100644 --- a/trustify/client/sni_challenge.py +++ b/trustify/client/sni_challenge.py @@ -177,19 +177,6 @@ def updateCertConf(oid, value): remove(CHOC_CERT_CONF) move(CHOC_CERT_CONF + ".tmp", CHOC_CERT_CONF) -def apache_restart(quiet=False): - """ - Restarts apache server - """ - try: - if quiet: - subprocess.check_call(["sudo", "/etc/init.d/apache2", "reload"], stdout=open("/dev/null","w"), stderr=open("/dev/null", "w")) - else: - subprocess.check_call(["sudo", "/etc/init.d/apache2", "reload"]) - except: - print "Apache Restart Failed - Please Check the Configuration" - sys.exit(1) - def cleanup(listSNITuple, configurator): """ Remove all temporary changes necessary to perform the challenge @@ -200,7 +187,7 @@ def cleanup(listSNITuple, configurator): result: Apache server is restored to the pre-challenge state """ configurator.revert_config() - apache_restart(True) + configurator.restart(True) remove_files(listSNITuple) @@ -255,7 +242,7 @@ def perform_sni_cert_challenge(listSNITuple, csr, key, configurator, quiet=False modifyApacheConfig(findApacheConfigFile(), listSNITuple, addresses, key, configurator) # Save reversible changes and restart the server configurator.save("SNI Challenge", True) - apache_restart(quiet) + configurator.restart(quiet) return True # This main function is just used for testing