use correct syntax for postconf in Let's Encrypt renew-hook service-c…

…onfiguration replacement; add missing language strings Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
froxlor · Jan 19, 2024 · 616dcb1 · 616dcb1
1 parent bc1892d
commit 616dcb1
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 12 deletions.
diff --git a/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php b/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php
@@ -625,8 +625,8 @@ private static function runAcmeSh(array $certrow, array $domains, &$cronlog = nu
 
 					if (Settings::IsInList('system.le_renew_services', 'postfix')) {
 						// "postconf -e" for postfix
-						FileDir::safe_exec('postconf -e smtpd_tls_cert_file = ' . escapeshellarg($fullchain));
-						FileDir::safe_exec('postconf -e smtpd_tls_key_file = ' . escapeshellarg($keyfile));
+						FileDir::safe_exec('postconf -e smtpd_tls_cert_file=' . escapeshellarg($fullchain));
+						FileDir::safe_exec('postconf -e smtpd_tls_key_file=' . escapeshellarg($keyfile));
 					}
 					if (Settings::IsInList('system.le_renew_services', 'dovecot')) {
 						// custom config for dovecot
@@ -643,22 +643,24 @@ private static function runAcmeSh(array $certrow, array $domains, &$cronlog = nu
 					}
 					if (Settings::IsInList('system.le_renew_services', 'proftpd')) {
 						$proftpd_conf = '/etc/proftpd/tls.conf'; // @fixme setting?
+						$rval = false;
 						if (strpos($certificate_folder, '_ecc') === false) {
 							// comment out RSA related settings
-							FileDir::safe_exec("sed -i.bak 's|^TLSRSACertificateFile|# TLSRSACertificateFile|' " . escapeshellarg($proftpd_conf));
-							FileDir::safe_exec("sed -i.bak 's|^TLSRSACertificateKeyFile|# TLSRSACertificateKeyFile|' " . escapeshellarg($proftpd_conf));
+							FileDir::safe_exec("sed -i.bak 's|^TLSRSACertificateFile|# TLSRSACertificateFile|' " . escapeshellarg($proftpd_conf), $rval, ['|', '?']);
+
+							FileDir::safe_exec("sed -i.bak 's|^TLSRSACertificateKeyFile|# TLSRSACertificateKeyFile|' " . escapeshellarg($proftpd_conf), $rval, ['|', '?']);
 							// add ECC directives
-							FileDir::safe_exec("sed -i.bak 's|^#\?\s\?TLSECCertificateFile.*|TLSECCertificateFile " . $fullchain . "|' " . escapeshellarg($proftpd_conf));
-							FileDir::safe_exec("sed -i.bak 's|^#\?\s\?TLSECCertificateKeyFile.*|TLSECCertificateKeyFile " . $keyfile . "|' " . escapeshellarg($proftpd_conf));
+							FileDir::safe_exec("sed -i.bak 's|^#\?\s\?TLSECCertificateFile.*|TLSECCertificateFile " . $fullchain . "|' " . escapeshellarg($proftpd_conf), $rval, ['|', '?']);
+							FileDir::safe_exec("sed -i.bak 's|^#\?\s\?TLSECCertificateKeyFile.*|TLSECCertificateKeyFile " . $keyfile . "|' " . escapeshellarg($proftpd_conf), $rval, ['|', '?']);
 						} else {
 							// comment out ECC related settings
-							FileDir::safe_exec("sed -i.bak 's|^TLSECCertificateFile|# TLSECCertificateFile|' " . escapeshellarg($proftpd_conf));
-							FileDir::safe_exec("sed -i.bak 's|^TLSECCertificateKeyFile|# TLSECCertificateKeyFile|' " . escapeshellarg($proftpd_conf));
+							FileDir::safe_exec("sed -i.bak 's|^TLSECCertificateFile|# TLSECCertificateFile|' " . escapeshellarg($proftpd_conf), $rval, ['|', '?']);
+							FileDir::safe_exec("sed -i.bak 's|^TLSECCertificateKeyFile|# TLSECCertificateKeyFile|' " . escapeshellarg($proftpd_conf), $rval, ['|', '?']);
 							// add RSA directives
-							FileDir::safe_exec("sed -i.bak 's|^#\?\s\?TLSRSACertificateFile.*|TLSRSACertificateFile " . $fullchain . "|' " . escapeshellarg($proftpd_conf));
-							FileDir::safe_exec("sed -i.bak 's|^#\?\s\?TLSRSACertificateKeyFile.*|TLSRSACertificateKeyFile " . $keyfile . "|' " . escapeshellarg($proftpd_conf));
+							FileDir::safe_exec("sed -i.bak 's|^#\?\s\?TLSRSACertificateFile.*|TLSRSACertificateFile " . $fullchain . "|' " . escapeshellarg($proftpd_conf), $rval, ['|', '?']);
+							FileDir::safe_exec("sed -i.bak 's|^#\?\s\?TLSRSACertificateKeyFile.*|TLSRSACertificateKeyFile " . $keyfile . "|' " . escapeshellarg($proftpd_conf), $rval, ['|', '?']);
 						}
-						FileDir::safe_exec("sed -i.bak 's|^#\?\s\?TLSCACertificateFile.*|TLSCACertificateFile " . $ca_file . "|' " . escapeshellarg($proftpd_conf));
+						FileDir::safe_exec("sed -i.bak 's|^#\?\s\?TLSCACertificateFile.*|TLSCACertificateFile " . $ca_file . "|' " . escapeshellarg($proftpd_conf), $rval, ['|', '?']);
 					}
 					// reload the services
 					FileDir::safe_exec(Settings::Get('system.le_renew_hook'));

diff --git a/lib/Froxlor/Validate/Form/Data.php b/lib/Froxlor/Validate/Form/Data.php
@@ -241,7 +241,7 @@ public static function validateFormFieldSelect($fieldname, $fielddata, $newfield
 			$returnvalue = isset($fielddata['select_var'][$newfieldvalue]);
 		}
 
-		if ($returnvalue === true || $fielddata['visible'] == false) {
+		if ($returnvalue === true || (isset($fielddata['visible']) && $fielddata['visible'] == false)) {
 			return true;
 		} else {
 			if (isset($fielddata['option_emptyallowed']) && $fielddata['option_emptyallowed']) {

diff --git a/lng/de.lng.php b/lng/de.lng.php
@@ -2101,6 +2101,14 @@
 			'title' => 'Menüabschnitte einklappen',
 			'description' => 'Bei Deaktivierung werden die Menübereiche auf der linken Seite immer aufgeklappt angezeigt.',
 		],
+		'le_renew_services' => [
+			'title' => 'Verwende das froxlor Let\'s Encrypt Zertifikat für folgende Dienste',
+			'description' => 'Wenn auf "Keine" gesetzt (oder der Renew-Hook-Befehl unten leer ist), werden keine Konfigurationsanpassungen bezüglich SSL an den ausgewählten Diensten vorgenommen.<br><br>Der Reload-Befehl für die ausgewählten Dienste sollte im Renew-Hook-Befehl hinzugefügt werden, da sonst die Konfigurationsänderungen oder erneuerten Zertifikate möglicherweise nicht korrekt angewendet werden.',
+		],
+		'le_renew_hook' => [
+			'title' => 'Let\'s Encrypt Renew-Hook Befehl',
+			'description' => 'Lege den Befehl fest, der die oben ausgewählten Dienste neu startet, damit erneuerte Zertifikate vom Dienst ordnungsgemäß verwendet werden.',
+		],
 	],
 	'spf' => [
 		'use_spf' => [

diff --git a/lng/en.lng.php b/lng/en.lng.php
@@ -2229,6 +2229,14 @@
 			'title' => 'Collapse menu-sections',
 			'description' => 'If deactivated, the left-side menu sections will always be expanded.',
 		],
+		'le_renew_services' => [
+			'title' => 'Use froxlor Let\'s Encrypt certificate for these services',
+			'description' => 'If set to none (or the renew-hook command below is empty), no configuration adjustments regarding ssl will be made to the selected services.<br><br>The reload-command for the services selected should be added in the renew-hook command or the configuration changes or renewed certificates may not be applied correctly.',
+		],
+		'le_renew_hook' => [
+			'title' => 'Let\'s Encrypt renew-hook command',
+			'description' => 'Set this to a command that restarts the services selected above in order for renewed certificates to be used correctly by the service.',
+		],
 	],
 	'spf' => [
 		'use_spf' => [