#!/usr/local/cpanel/3rdparty/bin/perl
# cpanel - scripts/ccs-check Copyright 2022 cPanel, L.L.C.
# All rights reserved.
# copyright@cpanel.net http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited
use strict;
use warnings;
# Make sure we get exactly the args we want, with a little flexibility for calling --help, -h, -HELP, etc.
exit script() unless caller;
sub script {
my $args_ok = 0;
my $update_ssl = 0;
my $no_restart = 0;
my $force_run = 0;
foreach my $arg (@ARGV) {
if ( $arg =~ m/^-{1,2}h/i ) {
show_usage();
return 0;
}
elsif ( $arg eq '--run' ) {
$args_ok = 1;
}
elsif ( $arg eq '--ssl' ) {
$update_ssl = 1;
}
elsif ( $arg eq '--force' ) {
$force_run = 1;
}
elsif ( $arg eq '--norestart' ) {
$no_restart = 1;
}
else {
print "Unknown arguments passed.\n";
show_usage(1);
return 1;
}
}
if ( $args_ok != 1 ) {
show_usage();
return 1;
}
# If it's not installed, just abort
if ( !$force_run && !-f '/opt/cpanel-ccs/bin/run' ) {
return 0;
}
# Handle updating of SSL pem for CCS
if ( $update_ssl == 1 ) {
require Cpanel::SSLService;
my %ssl_info = Cpanel::SSLService::getsslargs();
require Cpanel::SafetyBits::Chown;
require Cpanel::MD5;
my $target_pem = '/opt/cpanel-ccs/conf/cpanel.pem';
my $orig_md5;
if ( -f $target_pem ) {
$orig_md5 = Cpanel::MD5::getmd5sum($target_pem);
}
if ( defined( $ssl_info{'SSL_cert_file'} ) ) {
require Cpanel::FileUtils::Copy;
if ( !-d '/opt/cpanel-ccs/conf' ) {
require Cpanel::SafeDir::MK;
Cpanel::SafeDir::MK::safemkdir('/opt/cpanel-ccs/conf');
if ( $< == 0 ) {
Cpanel::SafetyBits::Chown::safe_chown( 'cpanel-ccs', 'cpanel-ccs', '/opt/cpanel-ccs/conf' );
}
}
# If we have a combined pem, use that, otherwise we need to build a PEM from what we have.
if ( $ssl_info{'SSL_cert_file'} eq $ssl_info{'SSL_key_file'} ) {
Cpanel::FileUtils::Copy::safecopy( $ssl_info{'SSL_cert_file'}, $target_pem );
if ( $< == 0 ) {
Cpanel::SafetyBits::Chown::safe_chown( 'cpanel-ccs', 'cpanel-ccs', $target_pem );
}
}
else {
my $pem_contents;
# pem order is key > cert > ca
foreach my $file ( $ssl_info{'SSL_key_file'}, $ssl_info{'SSL_cert_file'}, $ssl_info{'SSL_ca_file'} ) {
if ( open my $read_fh, '<', $file ) {
while ( my $line = <$read_fh> ) {
$pem_contents .= $line;
}
}
}
require Cpanel::FileUtils::Write;
Cpanel::FileUtils::Write::write( $target_pem, $pem_contents );
if ( $< == 0 ) {
Cpanel::SafetyBits::Chown::safe_chown( 'cpanel-ccs', 'cpanel-ccs', $target_pem );
}
}
}
else {
# If the system for some reason doesn't report cert info, fall back to the self signed pem that comes with CCS
Cpanel::FileUtils::Copy::safecopy( '/opt/cpanel-ccs/twistedcaldav/test/data/server.pem', $target_pem );
}
if ( -f $target_pem ) {
if ( $no_restart == 0 ) {
my $current_md5 = Cpanel::MD5::getmd5sum($target_pem);
if ( !defined($orig_md5) || ( defined($orig_md5) && ( $orig_md5 ne $current_md5 ) ) ) {
print "SSL information changed, restarting CCS..\n";
require Cpanel::SafeRun::Simple;
Cpanel::SafeRun::Simple::saferun(qw{systemctl restart cpanel-ccs});
}
}
}
print "SSL information updated.\n";
}
return 0;
}
###[ Functions ]########################################################################################################
sub show_usage {
my ($use_stderr) = @_;
my $out_fh = ( $use_stderr ? \*STDERR : \*STDOUT );
print $out_fh <<EOF;
This script handles some maintenance for the Calendar and Contacts Server plugin, if installed.
Usage:
scripts/ccs-check <--help|--run|--ssl>
--help : Show this output
--run : Actually run this script
--ssl : Copy the SSL certificate information in to place
--force : Copy the SSL certificate information in to place regardless if CCS is installed or not
--norestart : Don't restart CCS even if SSL information is updated
EOF
return;
}