#!/usr/local/cpanel/3rdparty/bin/perl
# cpanel - scripts/expunge_expired_certificates_from_sslstorage
# Copyright 2022 cPanel, L.L.C.
# All rights reserved.
# copyright@cpanel.net http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited
package scripts::expunge_expired_certificates_from_sslstorage;
use strict;
use warnings;
use parent qw( Cpanel::HelpfulScript );
use Cpanel::Config::Users ();
use Cpanel::PIDFile ();
use Cpanel::SSLStorage::User ();
use Cpanel::PwCache::Build ();
use Cpanel::PwCache ();
use Cpanel::AccessIds::ReducedPrivileges ();
use Try::Tiny;
=encoding utf-8
=head1 NAME
scripts::expunge_expired_certificates_from_sslstorage
=head1 SYNOPSIS
expunge_expired_certificates_from_sslstorage [ --user <username> | --help ]
=head1 DESCRIPTION
This command will look at the SSLStorage databases for all the users (or optionally a specific user) and checks for
certificates that have been expired for over a set time (C<$Cpanel::SSLStorage::EXPUNGE_CERTIFICATES_AFTER_SECONDS> seconds)
and removes them.
NOTE: This only operates on the user's SSL Storage database. This does not uninstall
certificates from websites, mail, cpsrvd, or other services.
=cut
our $PID_FILE = '/var/run/expunge_expired_certificates_from_sslstorage.pid';
sub _OPTIONS {
return qw( user=s );
}
__PACKAGE__->new(@ARGV)->script() unless caller();
sub script {
my ($self) = @_;
if ( $self->getopt('user') ) {
my $user = $self->getopt('user');
print "Checking for expired certificates for the user '$user'.\n";
try {
my $expired_certs = $self->call_for_one_user($user);
print "Found and expunged " . scalar @$expired_certs . " expired certificates for '$user'.\n";
}
catch {
warn "There was an error expunging certificates for '$user': $_\n";
};
return;
}
Cpanel::PwCache::Build::init_passwdless_pwcache();
Cpanel::PIDFile->do(
$PID_FILE,
sub {
print "Checking for expired certificates for all users.\n";
my @users = ( Cpanel::Config::Users::getcpusers(), 'root' );
for my $user (@users) {
try {
my $expired_certs = $self->call_for_one_user($user);
print "Found and expunged " . scalar @$expired_certs . " expired certificates for '$user'.\n";
}
catch {
warn "There was an error expunging certificates for '$user': $_\n";
};
}
}
);
return;
}
sub call_for_one_user {
my ( $self, $user ) = @_;
my $expired_certs;
my $privs;
if ( $user ne 'root' ) {
my $homedir = Cpanel::PwCache::gethomedir($user);
die "No ssl storage exists for '$user'" if !-d "$homedir/ssl" || -z "$homedir/ssl/ssl.db";
$privs = Cpanel::AccessIds::ReducedPrivileges->new($user);
}
my ( $ok, $storage ) = Cpanel::SSLStorage::User->new( user => $user, 'disable_required_fields_check' => 1 );
die "There was an error getting the SSLStorage database for '$user': $storage" if !$ok;
( $ok, $expired_certs ) = $storage->_expunge_expired_certificates(); # we already reduced privs
die "There was an error expunging expired certificates for '$user': $expired_certs" if !$ok;
return $expired_certs;
}
1;
|