generated from smedev/Template-for-SMEServer-Core-Package
	* Wed Sep 10 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0-9.sme
- fix unexpected behaviour when item set as disabled [SME: 13136] rewrite of 10Domains fragment
This commit is contained in:
		| @@ -2,132 +2,91 @@ | ||||
|     use strict; | ||||
|     use warnings; | ||||
|     use esmith::ConfigDB; | ||||
|      | ||||
|     # $domain : current domain name | ||||
|     # $DomainName : primary domain name | ||||
|     # $domainname :  domain name related to current host | ||||
|  | ||||
|     my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB"); | ||||
|     my $domainsDB = esmith::ConfigDB->open_ro('domains') | ||||
|         or die("can't connect to domains database"); | ||||
|     my $hostsDB = esmith::ConfigDB->open_ro('hosts') | ||||
|         or die("can't connect to hosts database"); | ||||
|  | ||||
|     # my $dbKey     = 'domain'; | ||||
|  | ||||
|     #    my $systemMode = $configDB->get("SystemMode")->value; | ||||
|  | ||||
|     #    if ( $systemMode ne 'servergateway' ) { | ||||
|     #        $OUT .= "# System not in Server Gateway mode\n"; | ||||
|     #    } | ||||
|  | ||||
|      | ||||
|     my $letsencryptStatus = $configDB->get_prop( 'letsencrypt', 'status' ) | ||||
|         || 'disabled'; | ||||
|  | ||||
|     if ( $letsencryptStatus ne 'disabled' ) { | ||||
|  | ||||
|         # This should get all the connections in an array | ||||
|  | ||||
|         my @domains = $domainsDB->keys; | ||||
|         my @hosts   = $hostsDB->keys; | ||||
|  | ||||
|         # print "@domains\n"; | ||||
|  | ||||
|         # Need to check here if we want ALL set | ||||
|         # all, domains, hosts, both, none | ||||
|         my $letsencryptConfig = $configDB->get_prop( 'letsencrypt', 'configure' ) || 'none'; | ||||
|  | ||||
|         # First get all the domains | ||||
|         # We could do this BUT only once as the array drops $vars | ||||
|  | ||||
|         # my $dom = shift @domains; | ||||
|  | ||||
|         # Patch from JPP | ||||
|         # Put Primary domain at top | ||||
|         my $DomainName = $configDB->get('DomainName')->value; | ||||
|         my $mainDomainStatus = $domainsDB->get_prop( "$DomainName", 'letsencryptSSLcert' ) | ||||
|             || 'disabled'; | ||||
|         $OUT .= "$DomainName " unless $mainDomainStatus eq 'disabled'; | ||||
|  | ||||
|         foreach my $domain (@domains) { | ||||
|  | ||||
|             # If we are all or domains then lets do all regardless | ||||
|             if ( $letsencryptConfig eq 'all' || $letsencryptConfig eq 'domains' ) { | ||||
|  | ||||
|                 # Check for self | ||||
|                 #my $domainStatus = | ||||
|                 #  $domainsDB->get_prop( "Nameservers", 'HostType' ) || ''; | ||||
|                 # | ||||
|                 #if ( $domainStatus eq 'Localhost' ) { | ||||
|                 $OUT .= "$domain "; | ||||
|  | ||||
|                 #} | ||||
|             } | ||||
|  | ||||
|             else { | ||||
|                 my $domainEnabled = $domainsDB->get_prop( "$domain", 'letsencryptSSLcert' ) | ||||
|                     || 'disabled'; | ||||
|  | ||||
|                 if ( $domainEnabled eq 'enabled' ) { | ||||
|                     $OUT .= "$domain " unless $DomainName eq $domain; | ||||
|                 } | ||||
|             } | ||||
|  | ||||
|             # Now check for hosts | ||||
|  | ||||
|             # Buggered if I remember why we check that | ||||
|             # the host has a domain name in domains ! | ||||
|             # Must have been a reason | ||||
|  | ||||
|             foreach my $fqdn (@hosts) { | ||||
|  | ||||
|                 # If we are set to all or hosts just do it | ||||
|                 if ( $letsencryptConfig eq 'all' || $letsencryptConfig eq 'hosts' ) { | ||||
|                     $OUT .= "$fqdn " unless $DomainName eq $fqdn; | ||||
|                 } | ||||
|  | ||||
|                 # Just do selected entries | ||||
|                 else { | ||||
|                     # Lets get the hostname | ||||
|                     my $hostname = $fqdn; | ||||
|                     $hostname =~ s/\..*//; | ||||
|  | ||||
|                     # print "$hostname\n"; | ||||
|  | ||||
|                     # Lets get the domain name | ||||
|                     my $domainname = $fqdn; | ||||
|                     $domainname =~ s/.*?\.//; | ||||
|  | ||||
|                     # print "$domainname\n"; | ||||
|  | ||||
|                     # is the domain name from the hosts file | ||||
|                     # the same as that in the domains file ? | ||||
|                     my $hostEnabled = $hostsDB->get_prop( "$fqdn", 'letsencryptSSLcert' ) | ||||
|      | ||||
|     return "# letsencrypt is disabled\n" if ( $letsencryptStatus if 'disabled' ) ; | ||||
|     | ||||
|     # if disabled will only ask certs for host pointing to self.  | ||||
|     # if set otherwise, will try to get one even if host set as remote or local. | ||||
|     my $hostOverride = $configDB->get_prop( 'letsencrypt', 'hostOverride' ) | ||||
|                         || 'disabled'; | ||||
|  | ||||
|                     if ( $domainname eq $domain && $hostEnabled eq 'enabled' ) { | ||||
|  | ||||
|                         # Are we self ? | ||||
|                         my $type = $hostsDB->get_prop( "$fqdn", 'HostType' ); | ||||
|                         my $hostOverride = $configDB->get_prop( 'letsencrypt', 'hostOverride' ) | ||||
|                             || 'disabled'; | ||||
|  | ||||
|                         # print "Override $hostOverride"; | ||||
|  | ||||
|                         if ( $hostOverride eq 'yes' ) { | ||||
|                             $OUT .= "$fqdn " unless $DomainName eq $fqdn; | ||||
|                         } | ||||
|  | ||||
|                         elsif ( $type eq 'Self' ) { | ||||
|  | ||||
|                             # print "Here: $fqdn  $type\n"; | ||||
|                             $OUT .= "$fqdn " unless $DomainName eq $fqdn; | ||||
|                         } | ||||
|  | ||||
|                     } | ||||
|                 } | ||||
|   | ||||
|     my @domains = $domainsDB->keys; | ||||
|     my @hosts   = $hostsDB->keys; | ||||
|      | ||||
|     # Need to check here if we want ALL set if not explicitly disabled | ||||
|     # all, domains, hosts, both, none | ||||
|     my $letsencryptConfig = $configDB->get_prop( 'letsencrypt', 'configure' ) || 'none'; | ||||
|      | ||||
|     # Put Primary domain at top : needs to be the main cert domain. | ||||
|     my $DomainName = $configDB->get('DomainName')->value; | ||||
|     my $mainDomainStatus = $domainsDB->get_prop( "$DomainName", 'letsencryptSSLcert' ) | ||||
|         || 'disabled'; | ||||
|     $OUT = "$DomainName " unless $mainDomainStatus eq 'disabled'; | ||||
|      | ||||
|     foreach my $domain (@domains) { | ||||
|          | ||||
|         # If default set to all or domains then do all except if explicitly disabled | ||||
|         if ( $letsencryptConfig eq 'all' || $letsencryptConfig eq 'domains' ) { | ||||
|             my $domainEnabled = $domainsDB->get_prop( "$domain", 'letsencryptSSLcert' ) | ||||
|                 || 'enabled'; | ||||
|             $OUT .= "$domain " unless ( $domainEnabled eq 'disabled' || $DomainName eq $domain) ; | ||||
|         } | ||||
|         # otherwise only do if explicitly enabled | ||||
|         else { | ||||
|             my $domainEnabled = $domainsDB->get_prop( "$domain", 'letsencryptSSLcert' ) | ||||
|                 || 'disabled'; | ||||
|             if ( $domainEnabled eq 'enabled' ) { | ||||
|                 $OUT .= "$domain " unless $DomainName eq $domain; | ||||
|             } | ||||
|         } | ||||
|          | ||||
|         # Now check for this domain hosts | ||||
|         foreach my $fqdn (@hosts) { | ||||
|              | ||||
|             # exclude host identical to primary domain, already done | ||||
|             next if $DomainName eq $fqdn; | ||||
|             # exclude host identical to current domain, already done | ||||
|             next if $domain eq $fqdn; | ||||
|  | ||||
|     } | ||||
|             # overide hostOverride : default disabled do not ask if host is not self | ||||
|             my $type = $hostsDB->get_prop( "$fqdn", 'HostType' ) || "Self"; | ||||
|             next unless ( $type eq "Self" || $hostOverride eq "disabled"); | ||||
|  | ||||
|     else { | ||||
|         $OUT .= "# letsencrypt is disabled\n"; | ||||
|             # check if host related to current domain | ||||
|             # Lets get the hostname | ||||
|             my $hostname = $fqdn; | ||||
|             $hostname =~ s/\..*//; | ||||
|             # Lets get the domain name | ||||
|             my $domainname = $fqdn; | ||||
|             $domainname =~ s/.*?\.//; | ||||
|             next unless ($domainname eq $domain); | ||||
|              | ||||
|             # If we are set to all or hosts just do it | ||||
|             if ( $letsencryptConfig eq 'all' || $letsencryptConfig eq 'hosts' ) { | ||||
|                 my $hostEnabled = $hostsDB->get_prop( "$fqdn", 'letsencryptSSLcert' ) | ||||
|                     || 'enabled'; | ||||
|                 $OUT .= "$fqdn " unless $hostEnabled eq 'disabled'; | ||||
|             } | ||||
|             else { | ||||
|                 # the same as that in the domains file ? | ||||
|                 my $hostEnabled = $hostsDB->get_prop( "$fqdn", 'letsencryptSSLcert' ) | ||||
|                     || 'disabled'; | ||||
|                 $OUT .= "$fqdn " unless $hostEnabled eq 'disabled'; | ||||
|                      | ||||
|             } | ||||
|         } | ||||
|     } | ||||
| } | ||||
|   | ||||
| @@ -1,6 +1,6 @@ | ||||
| %define name smeserver-certificates | ||||
| %define version 11.0 | ||||
| %define release 8 | ||||
| %define release 9 | ||||
| Summary: This is what smeserver-certificates does. | ||||
| Name: %{name} | ||||
| Version: %{version} | ||||
| @@ -25,8 +25,12 @@ AutoReqProv: no | ||||
|  | ||||
|  | ||||
| %changelog | ||||
| * Wed Sep 10 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0-9.sme | ||||
| - fix unexpected behaviour when item set as disabled [SME: 13136] | ||||
|   rewrite of 10Domains fragment | ||||
|  | ||||
| * Mon Aug 25 2025 John Crisp <jcrisp@safeandsoundit.co.uk> 11.0-8.sme | ||||
| - Set KEY_ALFO default to rsa - thanks Knuddi [SME: 13109] | ||||
| - Set KEY_ALGO default to rsa - thanks Knuddi [SME: 13109] | ||||
| - bump server-manager version | ||||
|  | ||||
| * Fri Jun 27 2025 Brian Read <brianr@koozali.org> 11.0-7.sme | ||||
|   | ||||
		Reference in New Issue
	
	Block a user