Server : Apache System : Linux server1.cgrithy.com 3.10.0-1160.95.1.el7.x86_64 #1 SMP Mon Jul 24 13:59:37 UTC 2023 x86_64 User : nobody ( 99) PHP Version : 8.1.23 Disable Function : NONE Directory : /scripts/ |
#!/usr/local/cpanel/3rdparty/bin/perl # cpanel - scripts/expunge_expired_certificates_from_sslstorage # Copyright 2022 cPanel, L.L.C. # All rights reserved. # copyright@cpanel.net http://cpanel.net # This code is subject to the cPanel license. Unauthorized copying is prohibited package scripts::expunge_expired_certificates_from_sslstorage; use strict; use warnings; use parent qw( Cpanel::HelpfulScript ); use Cpanel::Config::Users (); use Cpanel::PIDFile (); use Cpanel::SSLStorage::User (); use Cpanel::PwCache::Build (); use Cpanel::PwCache (); use Cpanel::AccessIds::ReducedPrivileges (); use Try::Tiny; =encoding utf-8 =head1 NAME scripts::expunge_expired_certificates_from_sslstorage =head1 SYNOPSIS expunge_expired_certificates_from_sslstorage [ --user <username> | --help ] =head1 DESCRIPTION This command will look at the SSLStorage databases for all the users (or optionally a specific user) and checks for certificates that have been expired for over a set time (C<$Cpanel::SSLStorage::EXPUNGE_CERTIFICATES_AFTER_SECONDS> seconds) and removes them. NOTE: This only operates on the user's SSL Storage database. This does not uninstall certificates from websites, mail, cpsrvd, or other services. =cut our $PID_FILE = '/var/run/expunge_expired_certificates_from_sslstorage.pid'; sub _OPTIONS { return qw( user=s ); } __PACKAGE__->new(@ARGV)->script() unless caller(); sub script { my ($self) = @_; if ( $self->getopt('user') ) { my $user = $self->getopt('user'); print "Checking for expired certificates for the user '$user'.\n"; try { my $expired_certs = $self->call_for_one_user($user); print "Found and expunged " . scalar @$expired_certs . " expired certificates for '$user'.\n"; } catch { warn "There was an error expunging certificates for '$user': $_\n"; }; return; } Cpanel::PwCache::Build::init_passwdless_pwcache(); Cpanel::PIDFile->do( $PID_FILE, sub { print "Checking for expired certificates for all users.\n"; my @users = ( Cpanel::Config::Users::getcpusers(), 'root' ); for my $user (@users) { try { my $expired_certs = $self->call_for_one_user($user); print "Found and expunged " . scalar @$expired_certs . " expired certificates for '$user'.\n"; } catch { warn "There was an error expunging certificates for '$user': $_\n"; }; } } ); return; } sub call_for_one_user { my ( $self, $user ) = @_; my $expired_certs; my $privs; if ( $user ne 'root' ) { my $homedir = Cpanel::PwCache::gethomedir($user); die "No ssl storage exists for '$user'" if !-d "$homedir/ssl" || -z "$homedir/ssl/ssl.db"; $privs = Cpanel::AccessIds::ReducedPrivileges->new($user); } my ( $ok, $storage ) = Cpanel::SSLStorage::User->new( user => $user, 'disable_required_fields_check' => 1 ); die "There was an error getting the SSLStorage database for '$user': $storage" if !$ok; ( $ok, $expired_certs ) = $storage->_expunge_expired_certificates(); # we already reduced privs die "There was an error expunging expired certificates for '$user': $expired_certs" if !$ok; return $expired_certs; } 1;