Merge pull request #103 from fraenki/acme_issue_100

security/acme-client: remove support for custom restart actions
2026-05-22 18:44:07 -07:00 · 2017-03-27 15:22:46 +02:00
parent a3520c7c24 258525a41b
commit dd23de4a32
4 changed files with 1 additions and 85 deletions
@@ -1,5 +1,5 @@
 PLUGIN_NAME=		acme-client
-PLUGIN_VERSION=		1.3
+PLUGIN_VERSION=		1.4
 PLUGIN_COMMENT=		Let's Encrypt client
 PLUGIN_MAINTAINER=	opnsense@moov.de

@@ -35,16 +35,4 @@
        <help>Select a pre-defined system command which should be run for this action.</help>
        <style>table_optional table_optional_configd</style>
    </field>
-    <field>
-        <label>Required Parameters</label>
-        <type>header</type>
-        <style>method_table method_table_custom</style>
-    </field>
-    <field>
-        <id>action.custom</id>
-        <label>Custom Command</label>
-        <type>textbox</type>
-        <help>Specify a custom commands which should be run for this action.</help>
-        <style>table_optional table_optional_custom</style>
-    </field>
 </form>
@@ -504,7 +504,6 @@
                        <restart_gui>Restart OPNsense Web UI</restart_gui>
                        <restart_haproxy>Restart HAProxy (OPNsense plugin)</restart_haproxy>
                        <configd>System or Plugin Command (select below)</configd>
-                        <custom>Custom Command (specify below)</custom>
                    </OptionValues>
                </type>
                <configd type="ConfigdActionsField">
@@ -514,9 +513,6 @@
                    <ValidationMessage>Select a command from the list.</ValidationMessage>
                    <Required>N</Required>
                </configd>
-                <custom type="TextField">
-                    <Required>N</Required>
-                </custom>
            </action>
        </actions>
    </items>
@@ -1021,74 +1021,6 @@ function run_restart_actions($certlist, $modelObj)
                    }
                    $response = $backend->configdRun((string)$action->configd);
                    break;
-                case 'custom':
-                    // Make sure a custom command was specified.
-                    if (empty((string)$action->custom)) {
-                        log_error("AcmeClient: no custom command specified for restart action: " . $action->name);
-                        $result = '1';
-                        continue; // Continue with next action.
-                    }
-
-                    // Prepare to run the command.
-                    $proc_env = array(); // env variables for proc_open()
-                    $proc_env['PATH'] = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin';
-                    $proc_desc = array(  // descriptor array for proc_open()
-                        0 => array("pipe", "r"), // stdin
-                        1 => array("pipe", "w"), // stdout
-                        2 => array("pipe", "w")  // stderr
-                    );
-                    $proc_pipes = array();
-                    $proc_stdout = '';
-                    $proc_stderr = '';
-                    $result = ''; // exit code (or '99' in case of timeout)
-
-                    // Timeout for custom restart actions.
-                    if (!empty((string)$configObj->OPNsense->AcmeClient->settings->restartTimeout)) {
-                        $timeout = (string)$configObj->OPNsense->AcmeClient->settings->restartTimeout;
-                    } else {
-                        $timeout = '600';
-                    }
-                    $starttime = time();
-
-                    $proc_cmd = (string)$action->custom;
-                    $proc = proc_open($proc_cmd, $proc_desc, $proc_pipes, null, $proc_env);
-
-                    // Make sure the resource could be setup properly
-                    if (is_resource($proc)) {
-                        fclose($proc_pipes[0]);
-
-                        // Wait until process terminates normally
-                        while (is_resource($proc)) {
-                            $proc_stdout .= stream_get_contents($proc_pipes[1]);
-                            $proc_stderr .= stream_get_contents($proc_pipes[2]);
-
-                            // Check if timeout is reached
-                            if (($timeout !== false) and ((time() - $starttime) > $timeout)) {
-                                // Terminate process if timeout is reached
-                                log_error("AcmeClient: timeout running restart action: " . $action->name);
-                                proc_terminate($proc, 9);
-                                $result = '99';
-                                break;
-                            }
-
-                            // Check if process terminated normally
-                            $status = proc_get_status($proc);
-                            if (!$status['running']) {
-                                fclose($proc_pipes[1]);
-                                fclose($proc_pipes[2]);
-                                proc_close($proc);
-                                $result = $status['exitcode'];
-                                break;
-                            }
-
-                            usleep(100000);
-                        }
-                    } else {
-                        log_error("AcmeClient: unable to initiate restart action: " . $action->name);
-                        continue; // Continue with next action.
-                    }
-                    $return = $result;
-                    break;
                default:
                    log_error("AcmeClient: an invalid restart action was specified: " . (string)$action->type);
                    $return = 1;