/[smecontribs]/rpms/smeserver-phpki-ng/contribs10/smeserver-phpki-ng-0.3-bz12268-bz12266-bz11440-bz11439.patch
ViewVC logotype

Annotation of /rpms/smeserver-phpki-ng/contribs10/smeserver-phpki-ng-0.3-bz12268-bz12266-bz11440-bz11439.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Wed Dec 14 21:53:40 2022 UTC (23 months, 1 week ago) by jpp
Branch: MAIN
CVS Tags: smeserver-phpki-ng-0_3-18_el7_sme
* Wed Dec 14 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.3-18.sme
- revert log/phpki [SME: 12266]
- phpki-ng autopopulate base info from ldap [SME: 11440]
- ensure user are seen by php-pool [SME: 12268]
- safe remote access for crl [SME: 11439]
- 17-18: applying patches

1 jpp 1.1 diff -Nur --no-dereference smeserver-phpki-ng-0.3.old/createlinks smeserver-phpki-ng-0.3/createlinks
2     --- smeserver-phpki-ng-0.3.old/createlinks 2022-12-13 23:47:43.623000000 -0500
3     +++ smeserver-phpki-ng-0.3/createlinks 2022-12-14 02:19:37.953000000 -0500
4     @@ -20,9 +20,9 @@
5     event_link("phpki-fixtakey", qw(bootstrap-console-save post-upgrade), "50");
6     event_link("phpki-fixownership", qw(bootstrap-console-save post-upgrade), "02");
7     templates2events("/etc/httpd/pki-conf/httpd.conf", qw(bootstrap-console-save conf-userpanel domain-modify));
8     -safe_symlink("sigusr1", "root/etc/e-smith/events/conf-userpanel/services2adjust/httpd-pki");
9     -safe_symlink("sigusr1", "root/etc/e-smith/events/domain-modify/services2adjust/httpd-pki");
10     -safe_symlink("sigusr1", "root/etc/e-smith/events/logrotate/services2adjust/httpd-pki");
11     +safe_symlink("restart", "root/etc/e-smith/events/conf-userpanel/services2adjust/httpd-pki");
12     +safe_symlink("restart", "root/etc/e-smith/events/domain-modify/services2adjust/httpd-pki");
13     +safe_symlink("restart", "root/etc/e-smith/events/logrotate/services2adjust/httpd-pki");
14    
15    
16     # our event specific for updating with yum without reboot
17     @@ -35,7 +35,7 @@
18     /etc/httpd/conf/httpd.conf
19     /etc/httpd/pki-conf/httpd.conf
20     /etc/opt/remi/php73/php-fpm.d/www.conf
21     -
22     + /opt/phpki/html/config.php
23     ))
24     {
25     templates2events( $file, $event );
26     diff -Nur --no-dereference smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28phpkiProxyPass smeserver-phpki-ng-0.3/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28phpkiProxyPass
27     --- smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28phpkiProxyPass 2022-12-13 23:47:43.612000000 -0500
28     +++ smeserver-phpki-ng-0.3/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28phpkiProxyPass 2022-12-14 11:56:57.739000000 -0500
29     @@ -29,7 +29,36 @@
30     SSLRequireSSL on
31     Require ip $localAccess $externalSSLAccess
32     </Location>
33     + # we want Public access to ns_revoke_query.php
34     + <Location /phpki/ns_revoke_query.php>
35     + Require all granted
36     + </Location>
37     + # we want Public access to policy
38     + <Location /phpki/policy.html>
39     + Require all granted
40     + </Location>
41     + # we want Public access to help
42     + <Location /phpki/help>
43     + Require all granted
44     + </Location>
45     + <Location /phpki/help.php>
46     + Require all granted
47     + </Location>
48     + # we want Public access to crl list
49     + <Location /phpki/dl_crl.php>
50     + Require all granted
51     + </Location>
52     + # and we redirect old config to our new safer script
53     + RewriteEngine On
54     + RewriteCond %{QUERY_STRING} stage=dl_crl
55     + RewriteRule ^ /phpki/dl_crl.php? [R=302,L]
56    
57     HERE
58     + # safely redirect crl request to php script striping all GET requests
59     + # but would leave POST
60     + #RewriteEngine On
61     + #RewriteCond %{REQUEST_URI} ^/?phpki/dl_crl/?\$
62     + #RewriteRule ^ /phpki/index.php?stage=dl_crl [P,NC]
63     +
64     }
65     }
66     diff -Nur --no-dereference smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki smeserver-phpki-ng-0.3/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki
67     --- smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki 2022-12-13 23:47:43.627000000 -0500
68     +++ smeserver-phpki-ng-0.3/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki 2022-12-14 02:24:57.440000000 -0500
69     @@ -14,6 +14,8 @@
70     SetHandler \"proxy:unix:/var/run/php-fpm/php${version}-${pool_name}.sock|fcgi://localhost\"
71     </FilesMatch>\n";
72     }
73     + SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
74     + SetEnvIfNoCase Cookie ".*auth_tkt=(.*);?" HTTP_AUTH_TKT=$1
75     AddType application/x-x509-ca-cert .crt .pem
76     AddType application/pkix-crl .crl
77     AddType application/pkix-cert .cer .der
78     @@ -30,10 +32,11 @@
79     Require user admin {getUsersList("phpki");}
80     Require ip 127.0.0.1
81     </RequireAll>
82     -
83     + SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
84     + SetEnvIfNoCase Cookie ".*auth_tkt=(.*);?" HTTP_AUTH_TKT=$1
85     {
86     my $ManagerTimeout = ${'httpd-admin'}{ManagerTimeout} || "30m";
87     - $OUT = " TKTAuthTimeout $ManagerTimeout\n";
88     + $OUT = " TKTAuthTimeout $ManagerTimeout\n";
89     my $Cookie = ${'httpd-admin'}{Cookie} || "disabled";
90     $OUT .= " TKTAuthCookieExpires $ManagerTimeout\n" if "$Cookie" eq "enabled";
91     my $ManagerTimeoutReset = ${'httpd-admin'}{ManagerTimeoutReset} || "0.66";
92     diff -Nur --no-dereference smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/opt/phpki/html/config.php/01config smeserver-phpki-ng-0.3/root/etc/e-smith/templates/opt/phpki/html/config.php/01config
93     --- smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/opt/phpki/html/config.php/01config 1969-12-31 19:00:00.000000000 -0500
94     +++ smeserver-phpki-ng-0.3/root/etc/e-smith/templates/opt/phpki/html/config.php/01config 2022-12-14 02:15:51.130000000 -0500
95     @@ -0,0 +1,38 @@
96     +{
97     +# use Data::Validate::IP;
98     + use Net::IP qw(ip_is_ipv4 ip_is_ipv6);
99     + our $KeySize = $modSSL{KeySize} ||'4096';
100     + our $FQDN = "$SystemName.$DomainName";
101     + our $Country = $modSSL{Country} || "--";
102     + our $State = $modSSL{State} || "----";
103     + our $commonName = $modSSL{CommonName} || $FQDN;
104     + our $crt = "/home/e-smith/ssl.crt/$FQDN.crt";
105     + our $key = "/home/e-smith/ssl.key/$FQDN.key";
106     + our $defaultCity = $ldap{defaultCity} || '-';
107     + our $defaultCompany = $ldap{defaultCompany} || $commonName ;
108     + our $defaultDepartment = $ldap{defaultDepartment} || '-';
109     + our $email = "admin\@$DomainName";
110     + our @subjectAlt = `/sbin/e-smith/generate-subjectaltnames`;
111     + chomp @subjectAlt;
112     + our $subjectAltName = "";
113     + my $i=0;
114     + for my $elem (@subjectAlt) {
115     + $subjectAltName .= ", " if $i>0;
116     + $i++;
117     + if (ip_is_ipv4($elem) || ip_is_ipv6($elem) ){
118     + $subjectAltName .= "IP:$elem";
119     + next;
120     + }
121     + $subjectAltName .= "DNS:$elem";
122     + }
123     + $subjectAltName = ( $subjectAltName eq "DNS: ")? "": $subjectAltName;
124     +
125     + # crop fields that are too long for X509:
126     + $Country = substr($Country, 0, 2);
127     + $defaultCity = substr($defaultCity, 0, 128);
128     + $defaultCompany = substr($defaultCompany, 0, 64);
129     + $defaultDepartment = substr($defaultDepartment, 0, 64);
130     + $email = substr($email, 0, 64);
131     + $commonName = substr($commonName, 0, 64);
132     + $OUT="";
133     +}
134     diff -Nur --no-dereference smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/opt/phpki/html/config.php/50SetFields smeserver-phpki-ng-0.3/root/etc/e-smith/templates/opt/phpki/html/config.php/50SetFields
135     --- smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/opt/phpki/html/config.php/50SetFields 1969-12-31 19:00:00.000000000 -0500
136     +++ smeserver-phpki-ng-0.3/root/etc/e-smith/templates/opt/phpki/html/config.php/50SetFields 2022-12-14 02:15:51.133000000 -0500
137     @@ -0,0 +1,30 @@
138     +{
139     + my $phone = ${ldap}{defaultPhoneNumber} || "none";
140     + my $zip = ${ldap}{postalCode} || "H0H 0H0";
141     + my $street = ${ldap}{defaultStreet} || "Address Line #1";
142     + @lines = map {
143     + m:\$config\['common_name'\]: && s/.*/\$config['common_name']='$commonName';/;
144     + m:\$config\['unit'\]: && s/.*/\$config['unit']='$defaultDepartment';/;
145     + m:\$config\['keysize'\]: && s/.*/\$config['keysize']='4096';/;
146     + m:\$config\['country'\]: && s/.*/\$config['country']='$Country';/;
147     + m:\$config\['province'\]: && s/.*/\$config['province']='$State';/;
148     + m:\$config\['locality'\]: && s/.*/\$config['locality']='$defaultCity';/;
149     + m:\$config\['organization'\]: && s/.*/\$config['organization']='$defaultCompany';/;
150     + m:\$config\['contact'\]: && s/.*/\$config['contact']='$email';/;
151     + m:\$config\['base_url'\]: && s/.*/\$config['base_url']='https:\/\/$commonName\/phpki\/';/;
152     + s/(^|\n)[\n\s]*/$1/g;;
153     + $_
154     + } @lines;
155     + push @lines, "\$config['common_name']='$commonName';" unless grep( /\$config\['common_name'\]/ ,@lines);
156     + push @lines, "\$config['unit']='$defaultDepartment';" unless grep( /\$config\['unit'\]/ ,@lines);
157     + push @lines, "\$config['keysize']='4096';" unless grep( /\$config\['keysize'\]/ ,@lines);
158     + push @lines, "\$config['country']='$Country';" unless grep( /\$config\['country'\]/ ,@lines);
159     + push @lines, "\$config['province']='$State';" unless grep( /\$config\['province'\]/ ,@lines);
160     + push @lines, "\$config['locality']='$defaultCity';" unless grep( /\$config\['locality'\]/ ,@lines);
161     + push @lines, "\$config['organization']='$defaultCompany';" unless grep( /\$config\['organization'\]/ ,@lines);
162     + push @lines, "\$config['contact']='$email';" unless grep( /\$config\['contact'\]/ ,@lines);
163     + push @lines, "\$config['base_url']='https://$commonName/phpki/';" unless grep( /\$config\['base_url'\]/ ,@lines);
164     + # we do not update the following as it will mess up the file.
165     + push @lines, "\$config[\'getting_help\']=\'<b>Contact:</b><br>\nFirst-Name Last-Name<br>\n$defaultCompany/$defaultDepartment<br>\n$street<br>\n$defaultCity, $State, $zip<br>\n<br>\nPhone: $phone<br>\nE-mail: <a href=mailto:$email>$email</a>&nbsp;&nbsp;&nbsp;<i><b>E-mail is preferred.</b></i><br>\';" unless grep( /\$config\['getting_help'\]/ ,@lines);
166     + "";
167     +}
168     diff -Nur --no-dereference smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/opt/phpki/html/config.php/99writefile smeserver-phpki-ng-0.3/root/etc/e-smith/templates/opt/phpki/html/config.php/99writefile
169     --- smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/opt/phpki/html/config.php/99writefile 1969-12-31 19:00:00.000000000 -0500
170     +++ smeserver-phpki-ng-0.3/root/etc/e-smith/templates/opt/phpki/html/config.php/99writefile 2022-12-14 02:15:51.135000000 -0500
171     @@ -0,0 +1,8 @@
172     +{
173     + $OUT .= "";
174     + foreach my $line (@lines)
175     + {
176     + $OUT .= "$line\n";
177     + }
178     + $OUT .= "?>";
179     +}
180     diff -Nur --no-dereference smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/opt/phpki/html/config.php/template-begin smeserver-phpki-ng-0.3/root/etc/e-smith/templates/opt/phpki/html/config.php/template-begin
181     --- smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/opt/phpki/html/config.php/template-begin 1969-12-31 19:00:00.000000000 -0500
182     +++ smeserver-phpki-ng-0.3/root/etc/e-smith/templates/opt/phpki/html/config.php/template-begin 2022-12-14 02:15:51.137000000 -0500
183     @@ -0,0 +1,17 @@
184     +{
185     + # vim: ft=perl:
186     + %lines = ();
187     + @lines = ();
188     + open (RD, "</opt/phpki/html/config.php")
189     + || warn "Cannot open input file /opt/phpki/html/config.php: $!\n";
190     + while (<RD>)
191     + {
192     + chop;
193     + next if grep { /^$/ } $_ ;
194     + next if grep { /^\?>/ } $_;
195     + push @lines, $_;
196     + $lines{$_} = 1;
197     + }
198     + close(RD);
199     + "";
200     +}

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed