diff -Nur --no-dereference smeserver-phpki-ng-0.3.old/createlinks smeserver-phpki-ng-0.3/createlinks
--- smeserver-phpki-ng-0.3.old/createlinks 2022-12-13 23:47:43.623000000 -0500
+++ smeserver-phpki-ng-0.3/createlinks 2022-12-14 02:19:37.953000000 -0500
@@ -20,9 +20,9 @@
event_link("phpki-fixtakey", qw(bootstrap-console-save post-upgrade), "50");
event_link("phpki-fixownership", qw(bootstrap-console-save post-upgrade), "02");
templates2events("/etc/httpd/pki-conf/httpd.conf", qw(bootstrap-console-save conf-userpanel domain-modify));
-safe_symlink("sigusr1", "root/etc/e-smith/events/conf-userpanel/services2adjust/httpd-pki");
-safe_symlink("sigusr1", "root/etc/e-smith/events/domain-modify/services2adjust/httpd-pki");
-safe_symlink("sigusr1", "root/etc/e-smith/events/logrotate/services2adjust/httpd-pki");
+safe_symlink("restart", "root/etc/e-smith/events/conf-userpanel/services2adjust/httpd-pki");
+safe_symlink("restart", "root/etc/e-smith/events/domain-modify/services2adjust/httpd-pki");
+safe_symlink("restart", "root/etc/e-smith/events/logrotate/services2adjust/httpd-pki");
# our event specific for updating with yum without reboot
@@ -35,7 +35,7 @@
/etc/httpd/conf/httpd.conf
/etc/httpd/pki-conf/httpd.conf
/etc/opt/remi/php73/php-fpm.d/www.conf
-
+ /opt/phpki/html/config.php
))
{
templates2events( $file, $event );
diff -Nur --no-dereference smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28phpkiProxyPass smeserver-phpki-ng-0.3/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28phpkiProxyPass
--- smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28phpkiProxyPass 2022-12-13 23:47:43.612000000 -0500
+++ smeserver-phpki-ng-0.3/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28phpkiProxyPass 2022-12-14 11:56:57.739000000 -0500
@@ -29,7 +29,36 @@
SSLRequireSSL on
Require ip $localAccess $externalSSLAccess
+ # we want Public access to ns_revoke_query.php
+
+ Require all granted
+
+ # we want Public access to policy
+
+ Require all granted
+
+ # we want Public access to help
+
+ Require all granted
+
+
+ Require all granted
+
+ # we want Public access to crl list
+
+ Require all granted
+
+ # and we redirect old config to our new safer script
+ RewriteEngine On
+ RewriteCond %{QUERY_STRING} stage=dl_crl
+ RewriteRule ^ /phpki/dl_crl.php? [R=302,L]
HERE
+ # safely redirect crl request to php script striping all GET requests
+ # but would leave POST
+ #RewriteEngine On
+ #RewriteCond %{REQUEST_URI} ^/?phpki/dl_crl/?\$
+ #RewriteRule ^ /phpki/index.php?stage=dl_crl [P,NC]
+
}
}
diff -Nur --no-dereference smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki smeserver-phpki-ng-0.3/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki
--- smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki 2022-12-13 23:47:43.627000000 -0500
+++ smeserver-phpki-ng-0.3/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki 2022-12-14 02:24:57.440000000 -0500
@@ -14,6 +14,8 @@
SetHandler \"proxy:unix:/var/run/php-fpm/php${version}-${pool_name}.sock|fcgi://localhost\"
\n";
}
+ SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
+ SetEnvIfNoCase Cookie ".*auth_tkt=(.*);?" HTTP_AUTH_TKT=$1
AddType application/x-x509-ca-cert .crt .pem
AddType application/pkix-crl .crl
AddType application/pkix-cert .cer .der
@@ -30,10 +32,11 @@
Require user admin {getUsersList("phpki");}
Require ip 127.0.0.1
-
+ SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
+ SetEnvIfNoCase Cookie ".*auth_tkt=(.*);?" HTTP_AUTH_TKT=$1
{
my $ManagerTimeout = ${'httpd-admin'}{ManagerTimeout} || "30m";
- $OUT = " TKTAuthTimeout $ManagerTimeout\n";
+ $OUT = " TKTAuthTimeout $ManagerTimeout\n";
my $Cookie = ${'httpd-admin'}{Cookie} || "disabled";
$OUT .= " TKTAuthCookieExpires $ManagerTimeout\n" if "$Cookie" eq "enabled";
my $ManagerTimeoutReset = ${'httpd-admin'}{ManagerTimeoutReset} || "0.66";
diff -Nur --no-dereference smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/opt/phpki/html/config.php/01config smeserver-phpki-ng-0.3/root/etc/e-smith/templates/opt/phpki/html/config.php/01config
--- smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/opt/phpki/html/config.php/01config 1969-12-31 19:00:00.000000000 -0500
+++ smeserver-phpki-ng-0.3/root/etc/e-smith/templates/opt/phpki/html/config.php/01config 2022-12-14 02:15:51.130000000 -0500
@@ -0,0 +1,38 @@
+{
+# use Data::Validate::IP;
+ use Net::IP qw(ip_is_ipv4 ip_is_ipv6);
+ our $KeySize = $modSSL{KeySize} ||'4096';
+ our $FQDN = "$SystemName.$DomainName";
+ our $Country = $modSSL{Country} || "--";
+ our $State = $modSSL{State} || "----";
+ our $commonName = $modSSL{CommonName} || $FQDN;
+ our $crt = "/home/e-smith/ssl.crt/$FQDN.crt";
+ our $key = "/home/e-smith/ssl.key/$FQDN.key";
+ our $defaultCity = $ldap{defaultCity} || '-';
+ our $defaultCompany = $ldap{defaultCompany} || $commonName ;
+ our $defaultDepartment = $ldap{defaultDepartment} || '-';
+ our $email = "admin\@$DomainName";
+ our @subjectAlt = `/sbin/e-smith/generate-subjectaltnames`;
+ chomp @subjectAlt;
+ our $subjectAltName = "";
+ my $i=0;
+ for my $elem (@subjectAlt) {
+ $subjectAltName .= ", " if $i>0;
+ $i++;
+ if (ip_is_ipv4($elem) || ip_is_ipv6($elem) ){
+ $subjectAltName .= "IP:$elem";
+ next;
+ }
+ $subjectAltName .= "DNS:$elem";
+ }
+ $subjectAltName = ( $subjectAltName eq "DNS: ")? "": $subjectAltName;
+
+ # crop fields that are too long for X509:
+ $Country = substr($Country, 0, 2);
+ $defaultCity = substr($defaultCity, 0, 128);
+ $defaultCompany = substr($defaultCompany, 0, 64);
+ $defaultDepartment = substr($defaultDepartment, 0, 64);
+ $email = substr($email, 0, 64);
+ $commonName = substr($commonName, 0, 64);
+ $OUT="";
+}
diff -Nur --no-dereference smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/opt/phpki/html/config.php/50SetFields smeserver-phpki-ng-0.3/root/etc/e-smith/templates/opt/phpki/html/config.php/50SetFields
--- smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/opt/phpki/html/config.php/50SetFields 1969-12-31 19:00:00.000000000 -0500
+++ smeserver-phpki-ng-0.3/root/etc/e-smith/templates/opt/phpki/html/config.php/50SetFields 2022-12-14 02:15:51.133000000 -0500
@@ -0,0 +1,30 @@
+{
+ my $phone = ${ldap}{defaultPhoneNumber} || "none";
+ my $zip = ${ldap}{postalCode} || "H0H 0H0";
+ my $street = ${ldap}{defaultStreet} || "Address Line #1";
+ @lines = map {
+ m:\$config\['common_name'\]: && s/.*/\$config['common_name']='$commonName';/;
+ m:\$config\['unit'\]: && s/.*/\$config['unit']='$defaultDepartment';/;
+ m:\$config\['keysize'\]: && s/.*/\$config['keysize']='4096';/;
+ m:\$config\['country'\]: && s/.*/\$config['country']='$Country';/;
+ m:\$config\['province'\]: && s/.*/\$config['province']='$State';/;
+ m:\$config\['locality'\]: && s/.*/\$config['locality']='$defaultCity';/;
+ m:\$config\['organization'\]: && s/.*/\$config['organization']='$defaultCompany';/;
+ m:\$config\['contact'\]: && s/.*/\$config['contact']='$email';/;
+ m:\$config\['base_url'\]: && s/.*/\$config['base_url']='https:\/\/$commonName\/phpki\/';/;
+ s/(^|\n)[\n\s]*/$1/g;;
+ $_
+ } @lines;
+ push @lines, "\$config['common_name']='$commonName';" unless grep( /\$config\['common_name'\]/ ,@lines);
+ push @lines, "\$config['unit']='$defaultDepartment';" unless grep( /\$config\['unit'\]/ ,@lines);
+ push @lines, "\$config['keysize']='4096';" unless grep( /\$config\['keysize'\]/ ,@lines);
+ push @lines, "\$config['country']='$Country';" unless grep( /\$config\['country'\]/ ,@lines);
+ push @lines, "\$config['province']='$State';" unless grep( /\$config\['province'\]/ ,@lines);
+ push @lines, "\$config['locality']='$defaultCity';" unless grep( /\$config\['locality'\]/ ,@lines);
+ push @lines, "\$config['organization']='$defaultCompany';" unless grep( /\$config\['organization'\]/ ,@lines);
+ push @lines, "\$config['contact']='$email';" unless grep( /\$config\['contact'\]/ ,@lines);
+ push @lines, "\$config['base_url']='https://$commonName/phpki/';" unless grep( /\$config\['base_url'\]/ ,@lines);
+ # we do not update the following as it will mess up the file.
+ push @lines, "\$config[\'getting_help\']=\'Contact:
\nFirst-Name Last-Name
\n$defaultCompany/$defaultDepartment
\n$street
\n$defaultCity, $State, $zip
\n
\nPhone: $phone
\nE-mail: $email E-mail is preferred.
\';" unless grep( /\$config\['getting_help'\]/ ,@lines);
+ "";
+}
diff -Nur --no-dereference smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/opt/phpki/html/config.php/99writefile smeserver-phpki-ng-0.3/root/etc/e-smith/templates/opt/phpki/html/config.php/99writefile
--- smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/opt/phpki/html/config.php/99writefile 1969-12-31 19:00:00.000000000 -0500
+++ smeserver-phpki-ng-0.3/root/etc/e-smith/templates/opt/phpki/html/config.php/99writefile 2022-12-14 02:15:51.135000000 -0500
@@ -0,0 +1,8 @@
+{
+ $OUT .= "";
+ foreach my $line (@lines)
+ {
+ $OUT .= "$line\n";
+ }
+ $OUT .= "?>";
+}
diff -Nur --no-dereference smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/opt/phpki/html/config.php/template-begin smeserver-phpki-ng-0.3/root/etc/e-smith/templates/opt/phpki/html/config.php/template-begin
--- smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/opt/phpki/html/config.php/template-begin 1969-12-31 19:00:00.000000000 -0500
+++ smeserver-phpki-ng-0.3/root/etc/e-smith/templates/opt/phpki/html/config.php/template-begin 2022-12-14 02:15:51.137000000 -0500
@@ -0,0 +1,17 @@
+{
+ # vim: ft=perl:
+ %lines = ();
+ @lines = ();
+ open (RD, ")
+ {
+ chop;
+ next if grep { /^$/ } $_ ;
+ next if grep { /^\?>/ } $_;
+ push @lines, $_;
+ $lines{$_} = 1;
+ }
+ close(RD);
+ "";
+}