mirror of
https://github.com/lucaspalomodevelop/core.git
synced 2026-03-14 08:34:39 +00:00
src: fix permission-after-write
This commit is contained in:
Franco Fichtner
parent
448762d440
commit
bc2cdd7c18
@ -1832,8 +1832,9 @@ function interface_wireless_configure($if, &$wancfg)
|
||||
}
|
||||
}
|
||||
foreach ($all_certs as $filename => $content) {
|
||||
@touch($filename);
|
||||
@chmod($filename, 0600);
|
||||
@file_put_contents($filename, $content);
|
||||
@chmod($filename, "0600");
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
@ -1130,18 +1130,22 @@ function ipsec_write_certs()
|
||||
global $config;
|
||||
$a_phase1 = isset($config['ipsec']['phase1']) ? $config['ipsec']['phase1'] : [];
|
||||
|
||||
$filenames = [];
|
||||
foreach ((new \OPNsense\IPsec\Swanctl())->getUsedCertrefs() as $certref) {
|
||||
$cert = lookup_cert($certref);
|
||||
if (empty($cert)) {
|
||||
log_msg(sprintf('Error: Invalid certificate reference for %s', $ph1ent['name']), LOG_ERR);
|
||||
continue;
|
||||
}
|
||||
|
||||
$ph1keyfile = "/usr/local/etc/swanctl/private/{$certref}.key";
|
||||
@touch($ph1keyfile);
|
||||
@chmod($ph1keyfile, 0600);
|
||||
file_put_contents($ph1keyfile, base64_decode($cert['prv']));
|
||||
|
||||
$ph1certfile = "/usr/local/etc/swanctl/x509/{$certref}.crt";
|
||||
@touch($ph1certfile);
|
||||
@chmod($ph1certfile, 0600);
|
||||
file_put_contents($ph1certfile, base64_decode($cert['crt']));
|
||||
$filenames = array_merge($filenames, [$ph1keyfile, $ph1certfile]);
|
||||
}
|
||||
foreach ($a_phase1 as $ph1ent) {
|
||||
if (isset($ph1ent['disabled'])) {
|
||||
@ -1156,15 +1160,16 @@ function ipsec_write_certs()
|
||||
}
|
||||
|
||||
$ph1keyfile = "/usr/local/etc/swanctl/private/cert-{$ph1ent['ikeid']}.key";
|
||||
@touch($ph1keyfile);
|
||||
@chmod($ph1keyfile, 0600);
|
||||
file_put_contents($ph1keyfile, base64_decode($cert['prv']));
|
||||
|
||||
$ph1certfile = "/usr/local/etc/swanctl/x509/cert-{$ph1ent['ikeid']}.crt";
|
||||
@touch($ph1certfile);
|
||||
@chmod($ph1certfile, 0600);
|
||||
file_put_contents($ph1certfile, base64_decode($cert['crt']));
|
||||
$filenames = array_merge($filenames, [$ph1keyfile, $ph1certfile]);
|
||||
}
|
||||
}
|
||||
foreach ($filenames as $filename) {
|
||||
@chmod($filename, 0600);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@ -1181,8 +1186,9 @@ function ipsec_write_keypairs()
|
||||
foreach ($paths as $key => $path) {
|
||||
if (!empty((string)$keyPair->$key)) {
|
||||
$filename = "${path}/{$uuid}.pem";
|
||||
file_put_contents($filename, (string)$keyPair->$key);
|
||||
@touch($filename);
|
||||
@chmod($filename, 0600);
|
||||
file_put_contents($filename, (string)$keyPair->$key);
|
||||
$filenames[] = $filename;
|
||||
}
|
||||
}
|
||||
|
||||
@ -441,8 +441,9 @@ function openvpn_add_keyfile($data, &$conf, $mode_id, $directive, $opt = '')
|
||||
$fpath = "/var/etc/openvpn/{$mode_id}.{$directive}";
|
||||
openvpn_create_dirs();
|
||||
$data = !empty($data) ? str_replace("\r", "", base64_decode($data)) : '';
|
||||
file_put_contents($fpath, str_replace("\n\n", "\n", $data));
|
||||
@touch($fpath);
|
||||
@chmod($fpath, 0600);
|
||||
file_put_contents($fpath, str_replace("\n\n", "\n", $data));
|
||||
|
||||
$conf .= "{$directive} {$fpath} {$opt}\n";
|
||||
}
|
||||
@ -884,12 +885,9 @@ function openvpn_reconfigure($mode, $settings, $device_only = false)
|
||||
|
||||
openvpn_add_custom($settings, $conf);
|
||||
|
||||
@touch("/var/etc/openvpn/{$mode_id}.conf");
|
||||
@chmod("/var/etc/openvpn/{$mode_id}.conf", 0600);
|
||||
file_put_contents("/var/etc/openvpn/{$mode_id}.conf", $conf);
|
||||
|
||||
@chmod("/var/etc/openvpn/{$mode_id}.conf", 0600);
|
||||
@chmod("/var/etc/openvpn/{$mode_id}.key", 0600);
|
||||
@chmod("/var/etc/openvpn/{$mode_id}.tls-auth", 0600);
|
||||
@chmod("/var/etc/openvpn/{$mode_id}.conf", 0600);
|
||||
}
|
||||
|
||||
function openvpn_restart($mode, $settings, $carp_event = false)
|
||||
|
||||
@ -345,8 +345,9 @@ class OpenVPN extends BaseModel
|
||||
if ($key == 'auth-user-pass') {
|
||||
// user/passwords need to be feed using a file
|
||||
$output .= $key . " " . $value['filename'] . "\n";
|
||||
file_put_contents($value['filename'], $value['content']);
|
||||
@touch($value['filename']);
|
||||
@chmod($value['filename'], 0600);
|
||||
file_put_contents($value['filename'], $value['content']);
|
||||
} else {
|
||||
foreach ($value as $item) {
|
||||
$output .= $key . " " . $item . "\n";
|
||||
@ -356,8 +357,9 @@ class OpenVPN extends BaseModel
|
||||
$output .= $key . " " . $value . "\n";
|
||||
}
|
||||
}
|
||||
file_put_contents($filename, $output);
|
||||
@touch($filename);
|
||||
@chmod($filename, 0600);
|
||||
file_put_contents($filename, $output);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -44,13 +44,15 @@ if (isset($configObj->OPNsense->captiveportal->zones)) {
|
||||
// if the zone has a certificate attached, search for its contents
|
||||
if ($cert && !empty($cert['prv'])) {
|
||||
$output_pem_filename = "/var/etc/cert-cp-zone{$zone->zoneid}.pem";
|
||||
file_put_contents($output_pem_filename, $cert['crt'] . $cert['prv']);
|
||||
touch($output_pem_filename);
|
||||
chmod($output_pem_filename, 0600);
|
||||
file_put_contents($output_pem_filename, $cert['crt'] . $cert['prv']);
|
||||
echo "certificate generated " . $output_pem_filename . "\n";
|
||||
if (!empty($cert['ca'])) {
|
||||
$output_pem_filename = "/var/etc/ca-cp-zone{$zone->zoneid}.pem";
|
||||
file_put_contents($output_pem_filename, $cert['ca']['crt']);
|
||||
touch($output_pem_filename);
|
||||
chmod($output_pem_filename, 0600);
|
||||
file_put_contents($output_pem_filename, $cert['ca']['crt']);
|
||||
echo "certificate generated " . $output_pem_filename . "\n";
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user