/[smecontribs]/rpms/smeserver-phpki-ng/contribs10/smeserver-phpki-ng-0.3-bz12268-bz12266-bz11440-bz11439.patch
ViewVC logotype

Contents of /rpms/smeserver-phpki-ng/contribs10/smeserver-phpki-ng-0.3-bz12268-bz12266-bz11440-bz11439.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Wed Dec 14 21:53:40 2022 UTC (22 months, 2 weeks ago) by jpp
Branch: MAIN
CVS Tags: smeserver-phpki-ng-0_3-18_el7_sme
* Wed Dec 14 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.3-18.sme
- revert log/phpki [SME: 12266]
- phpki-ng autopopulate base info from ldap [SME: 11440]
- ensure user are seen by php-pool [SME: 12268]
- safe remote access for crl [SME: 11439]
- 17-18: applying patches

1 diff -Nur --no-dereference smeserver-phpki-ng-0.3.old/createlinks smeserver-phpki-ng-0.3/createlinks
2 --- smeserver-phpki-ng-0.3.old/createlinks 2022-12-13 23:47:43.623000000 -0500
3 +++ smeserver-phpki-ng-0.3/createlinks 2022-12-14 02:19:37.953000000 -0500
4 @@ -20,9 +20,9 @@
5 event_link("phpki-fixtakey", qw(bootstrap-console-save post-upgrade), "50");
6 event_link("phpki-fixownership", qw(bootstrap-console-save post-upgrade), "02");
7 templates2events("/etc/httpd/pki-conf/httpd.conf", qw(bootstrap-console-save conf-userpanel domain-modify));
8 -safe_symlink("sigusr1", "root/etc/e-smith/events/conf-userpanel/services2adjust/httpd-pki");
9 -safe_symlink("sigusr1", "root/etc/e-smith/events/domain-modify/services2adjust/httpd-pki");
10 -safe_symlink("sigusr1", "root/etc/e-smith/events/logrotate/services2adjust/httpd-pki");
11 +safe_symlink("restart", "root/etc/e-smith/events/conf-userpanel/services2adjust/httpd-pki");
12 +safe_symlink("restart", "root/etc/e-smith/events/domain-modify/services2adjust/httpd-pki");
13 +safe_symlink("restart", "root/etc/e-smith/events/logrotate/services2adjust/httpd-pki");
14
15
16 # our event specific for updating with yum without reboot
17 @@ -35,7 +35,7 @@
18 /etc/httpd/conf/httpd.conf
19 /etc/httpd/pki-conf/httpd.conf
20 /etc/opt/remi/php73/php-fpm.d/www.conf
21 -
22 + /opt/phpki/html/config.php
23 ))
24 {
25 templates2events( $file, $event );
26 diff -Nur --no-dereference smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28phpkiProxyPass smeserver-phpki-ng-0.3/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28phpkiProxyPass
27 --- smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28phpkiProxyPass 2022-12-13 23:47:43.612000000 -0500
28 +++ smeserver-phpki-ng-0.3/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28phpkiProxyPass 2022-12-14 11:56:57.739000000 -0500
29 @@ -29,7 +29,36 @@
30 SSLRequireSSL on
31 Require ip $localAccess $externalSSLAccess
32 </Location>
33 + # we want Public access to ns_revoke_query.php
34 + <Location /phpki/ns_revoke_query.php>
35 + Require all granted
36 + </Location>
37 + # we want Public access to policy
38 + <Location /phpki/policy.html>
39 + Require all granted
40 + </Location>
41 + # we want Public access to help
42 + <Location /phpki/help>
43 + Require all granted
44 + </Location>
45 + <Location /phpki/help.php>
46 + Require all granted
47 + </Location>
48 + # we want Public access to crl list
49 + <Location /phpki/dl_crl.php>
50 + Require all granted
51 + </Location>
52 + # and we redirect old config to our new safer script
53 + RewriteEngine On
54 + RewriteCond %{QUERY_STRING} stage=dl_crl
55 + RewriteRule ^ /phpki/dl_crl.php? [R=302,L]
56
57 HERE
58 + # safely redirect crl request to php script striping all GET requests
59 + # but would leave POST
60 + #RewriteEngine On
61 + #RewriteCond %{REQUEST_URI} ^/?phpki/dl_crl/?\$
62 + #RewriteRule ^ /phpki/index.php?stage=dl_crl [P,NC]
63 +
64 }
65 }
66 diff -Nur --no-dereference smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki smeserver-phpki-ng-0.3/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki
67 --- smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki 2022-12-13 23:47:43.627000000 -0500
68 +++ smeserver-phpki-ng-0.3/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki 2022-12-14 02:24:57.440000000 -0500
69 @@ -14,6 +14,8 @@
70 SetHandler \"proxy:unix:/var/run/php-fpm/php${version}-${pool_name}.sock|fcgi://localhost\"
71 </FilesMatch>\n";
72 }
73 + SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
74 + SetEnvIfNoCase Cookie ".*auth_tkt=(.*);?" HTTP_AUTH_TKT=$1
75 AddType application/x-x509-ca-cert .crt .pem
76 AddType application/pkix-crl .crl
77 AddType application/pkix-cert .cer .der
78 @@ -30,10 +32,11 @@
79 Require user admin {getUsersList("phpki");}
80 Require ip 127.0.0.1
81 </RequireAll>
82 -
83 + SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
84 + SetEnvIfNoCase Cookie ".*auth_tkt=(.*);?" HTTP_AUTH_TKT=$1
85 {
86 my $ManagerTimeout = ${'httpd-admin'}{ManagerTimeout} || "30m";
87 - $OUT = " TKTAuthTimeout $ManagerTimeout\n";
88 + $OUT = " TKTAuthTimeout $ManagerTimeout\n";
89 my $Cookie = ${'httpd-admin'}{Cookie} || "disabled";
90 $OUT .= " TKTAuthCookieExpires $ManagerTimeout\n" if "$Cookie" eq "enabled";
91 my $ManagerTimeoutReset = ${'httpd-admin'}{ManagerTimeoutReset} || "0.66";
92 diff -Nur --no-dereference smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/opt/phpki/html/config.php/01config smeserver-phpki-ng-0.3/root/etc/e-smith/templates/opt/phpki/html/config.php/01config
93 --- smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/opt/phpki/html/config.php/01config 1969-12-31 19:00:00.000000000 -0500
94 +++ smeserver-phpki-ng-0.3/root/etc/e-smith/templates/opt/phpki/html/config.php/01config 2022-12-14 02:15:51.130000000 -0500
95 @@ -0,0 +1,38 @@
96 +{
97 +# use Data::Validate::IP;
98 + use Net::IP qw(ip_is_ipv4 ip_is_ipv6);
99 + our $KeySize = $modSSL{KeySize} ||'4096';
100 + our $FQDN = "$SystemName.$DomainName";
101 + our $Country = $modSSL{Country} || "--";
102 + our $State = $modSSL{State} || "----";
103 + our $commonName = $modSSL{CommonName} || $FQDN;
104 + our $crt = "/home/e-smith/ssl.crt/$FQDN.crt";
105 + our $key = "/home/e-smith/ssl.key/$FQDN.key";
106 + our $defaultCity = $ldap{defaultCity} || '-';
107 + our $defaultCompany = $ldap{defaultCompany} || $commonName ;
108 + our $defaultDepartment = $ldap{defaultDepartment} || '-';
109 + our $email = "admin\@$DomainName";
110 + our @subjectAlt = `/sbin/e-smith/generate-subjectaltnames`;
111 + chomp @subjectAlt;
112 + our $subjectAltName = "";
113 + my $i=0;
114 + for my $elem (@subjectAlt) {
115 + $subjectAltName .= ", " if $i>0;
116 + $i++;
117 + if (ip_is_ipv4($elem) || ip_is_ipv6($elem) ){
118 + $subjectAltName .= "IP:$elem";
119 + next;
120 + }
121 + $subjectAltName .= "DNS:$elem";
122 + }
123 + $subjectAltName = ( $subjectAltName eq "DNS: ")? "": $subjectAltName;
124 +
125 + # crop fields that are too long for X509:
126 + $Country = substr($Country, 0, 2);
127 + $defaultCity = substr($defaultCity, 0, 128);
128 + $defaultCompany = substr($defaultCompany, 0, 64);
129 + $defaultDepartment = substr($defaultDepartment, 0, 64);
130 + $email = substr($email, 0, 64);
131 + $commonName = substr($commonName, 0, 64);
132 + $OUT="";
133 +}
134 diff -Nur --no-dereference smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/opt/phpki/html/config.php/50SetFields smeserver-phpki-ng-0.3/root/etc/e-smith/templates/opt/phpki/html/config.php/50SetFields
135 --- smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/opt/phpki/html/config.php/50SetFields 1969-12-31 19:00:00.000000000 -0500
136 +++ smeserver-phpki-ng-0.3/root/etc/e-smith/templates/opt/phpki/html/config.php/50SetFields 2022-12-14 02:15:51.133000000 -0500
137 @@ -0,0 +1,30 @@
138 +{
139 + my $phone = ${ldap}{defaultPhoneNumber} || "none";
140 + my $zip = ${ldap}{postalCode} || "H0H 0H0";
141 + my $street = ${ldap}{defaultStreet} || "Address Line #1";
142 + @lines = map {
143 + m:\$config\['common_name'\]: && s/.*/\$config['common_name']='$commonName';/;
144 + m:\$config\['unit'\]: && s/.*/\$config['unit']='$defaultDepartment';/;
145 + m:\$config\['keysize'\]: && s/.*/\$config['keysize']='4096';/;
146 + m:\$config\['country'\]: && s/.*/\$config['country']='$Country';/;
147 + m:\$config\['province'\]: && s/.*/\$config['province']='$State';/;
148 + m:\$config\['locality'\]: && s/.*/\$config['locality']='$defaultCity';/;
149 + m:\$config\['organization'\]: && s/.*/\$config['organization']='$defaultCompany';/;
150 + m:\$config\['contact'\]: && s/.*/\$config['contact']='$email';/;
151 + m:\$config\['base_url'\]: && s/.*/\$config['base_url']='https:\/\/$commonName\/phpki\/';/;
152 + s/(^|\n)[\n\s]*/$1/g;;
153 + $_
154 + } @lines;
155 + push @lines, "\$config['common_name']='$commonName';" unless grep( /\$config\['common_name'\]/ ,@lines);
156 + push @lines, "\$config['unit']='$defaultDepartment';" unless grep( /\$config\['unit'\]/ ,@lines);
157 + push @lines, "\$config['keysize']='4096';" unless grep( /\$config\['keysize'\]/ ,@lines);
158 + push @lines, "\$config['country']='$Country';" unless grep( /\$config\['country'\]/ ,@lines);
159 + push @lines, "\$config['province']='$State';" unless grep( /\$config\['province'\]/ ,@lines);
160 + push @lines, "\$config['locality']='$defaultCity';" unless grep( /\$config\['locality'\]/ ,@lines);
161 + push @lines, "\$config['organization']='$defaultCompany';" unless grep( /\$config\['organization'\]/ ,@lines);
162 + push @lines, "\$config['contact']='$email';" unless grep( /\$config\['contact'\]/ ,@lines);
163 + push @lines, "\$config['base_url']='https://$commonName/phpki/';" unless grep( /\$config\['base_url'\]/ ,@lines);
164 + # we do not update the following as it will mess up the file.
165 + push @lines, "\$config[\'getting_help\']=\'<b>Contact:</b><br>\nFirst-Name Last-Name<br>\n$defaultCompany/$defaultDepartment<br>\n$street<br>\n$defaultCity, $State, $zip<br>\n<br>\nPhone: $phone<br>\nE-mail: <a href=mailto:$email>$email</a>&nbsp;&nbsp;&nbsp;<i><b>E-mail is preferred.</b></i><br>\';" unless grep( /\$config\['getting_help'\]/ ,@lines);
166 + "";
167 +}
168 diff -Nur --no-dereference smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/opt/phpki/html/config.php/99writefile smeserver-phpki-ng-0.3/root/etc/e-smith/templates/opt/phpki/html/config.php/99writefile
169 --- smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/opt/phpki/html/config.php/99writefile 1969-12-31 19:00:00.000000000 -0500
170 +++ smeserver-phpki-ng-0.3/root/etc/e-smith/templates/opt/phpki/html/config.php/99writefile 2022-12-14 02:15:51.135000000 -0500
171 @@ -0,0 +1,8 @@
172 +{
173 + $OUT .= "";
174 + foreach my $line (@lines)
175 + {
176 + $OUT .= "$line\n";
177 + }
178 + $OUT .= "?>";
179 +}
180 diff -Nur --no-dereference smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/opt/phpki/html/config.php/template-begin smeserver-phpki-ng-0.3/root/etc/e-smith/templates/opt/phpki/html/config.php/template-begin
181 --- smeserver-phpki-ng-0.3.old/root/etc/e-smith/templates/opt/phpki/html/config.php/template-begin 1969-12-31 19:00:00.000000000 -0500
182 +++ smeserver-phpki-ng-0.3/root/etc/e-smith/templates/opt/phpki/html/config.php/template-begin 2022-12-14 02:15:51.137000000 -0500
183 @@ -0,0 +1,17 @@
184 +{
185 + # vim: ft=perl:
186 + %lines = ();
187 + @lines = ();
188 + open (RD, "</opt/phpki/html/config.php")
189 + || warn "Cannot open input file /opt/phpki/html/config.php: $!\n";
190 + while (<RD>)
191 + {
192 + chop;
193 + next if grep { /^$/ } $_ ;
194 + next if grep { /^\?>/ } $_;
195 + push @lines, $_;
196 + $lines{$_} = 1;
197 + }
198 + close(RD);
199 + "";
200 +}

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed