smeserver-phpki/contribs7/smeserver-phpki-0.1-userpanels.patch

diff -Nur -x '*.orig' -x '*.rej' smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions
--- smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions    1970-01-01 01:00:00.000000000 +0100
+++ mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions  2008-12-05 03:39:10.000000000 +0100
@@ -0,0 +1,28 @@
+{
+
+use esmith::AccountsDB;
+
+sub getUsersList ($){
+        my ($panelName) = @_;
+        my $a = esmith::AccountsDB->open_ro || die "Error opening accounts db";
+        my @users = $a->users();
+        my @groups = $a->groups();
+        my @Users = ();
+        foreach my $user (@users){
+                my $panels = $user->prop('AdminPanels') || '';
+                push(@Users,$user->key) if ($panels =~ /^(.*,)?$panelName(,.*)?$/);
+        }
+        foreach my $group (@groups){
+                $panels = $group->prop('AdminPanels') || '';
+                        if ($panels =~ /^(.*,)?$panelName(,.*)?$/){
+                        my @members = split(/,/,($group->prop('Members') || ''));
+                        push(@Users,@members);
+                }
+        }
+
+        my %seen = ();
+        my $u = join (' ', grep { ! $seen{ $_ }++ } @Users);
+        return $u;
+}
+}
+
diff -Nur -x '*.orig' -x '*.rej' smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki
--- smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki        2008-11-27 04:53:06.000000000 +0100
+++ mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki      2008-12-05 03:38:24.000000000 +0100
@@ -1,6 +1,7 @@
 
 Alias           /phpki        /opt/phpki/html/
 
+# Main access allowed for valid user
 <Directory /opt/phpki/html>
         AddType application/x-httpd-php .php
        Options FollowSymLinks
@@ -13,7 +14,28 @@
         order deny,allow
         deny from all
         allow from 127.0.0.1
+       AuthName "PHPKI"
+        AuthType Basic
+        TKTAuthLoginURL /server-common/cgi-bin/login
+        require valid-user
+        SetEnv IMGHDR_SRC "/server-common/server-manager.jpg"
+        Satisfy all
 </Directory>
 
+# /ca is only allowed for admin and explicitely authorized users
+<Directory /opt/phpki/html/ca>
+       AuthName "PHPKI Admin"
+        AuthType Basic
+        TKTAuthLoginURL /server-common/cgi-bin/login
+        require user admin {getUsersList("phpki");}
+        SetEnv IMGHDR_SRC "/server-common/server-manager.jpg"
+        Satisfy all
+</Directory>
 
+# Disable access to /admin, which is used to configure user/password 
+# via an htaccess file
+<Directory /opt/phpki/html/admin>
+       order deny,allow
+       deny from all
+</Directory>
 
diff -Nur -x '*.orig' -x '*.rej' smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki
--- smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki    2008-11-27 04:44:09.000000000 +0100
+++ mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki  2008-12-05 03:38:24.000000000 +0100
@@ -19,7 +19,7 @@
 
 
 my $q = new CGI;
-my $content="0; url=https://".$ENV {'HTTP_X_FORWARDED_HOST'}."/phpki";
+my $content="0; url=https://".$ENV {'HTTP_X_FORWARDED_HOST'}."/phpki/ca";
 $q->default_dtd('-//W3C//DTD XHTML 1.0 Transitional//EN');
 
 print $q->header ('text/html');
1	slords	1.1	diff -Nur -x '.orig' -x '.rej' smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions
2			--- smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions 1970-01-01 01:00:00.000000000 +0100
3			+++ mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions 2008-12-05 03:39:10.000000000 +0100
4			@@ -0,0 +1,28 @@
5			+{
6			+
7			+use esmith::AccountsDB;
8			+
9			+sub getUsersList ($){
10			+ my ($panelName) = @_;
11			+ my $a = esmith::AccountsDB->open_ro \|\| die "Error opening accounts db";
12			+ my @users = $a->users();
13			+ my @groups = $a->groups();
14			+ my @Users = ();
15			+ foreach my $user (@users){
16			+ my $panels = $user->prop('AdminPanels') \|\| '';
17			+ push(@Users,$user->key) if ($panels =~ /^(.,)?$panelName(,.)?$/);
18			+ }
19			+ foreach my $group (@groups){
20			+ $panels = $group->prop('AdminPanels') \|\| '';
21			+ if ($panels =~ /^(.,)?$panelName(,.)?$/){
22			+ my @members = split(/,/,($group->prop('Members') \|\| ''));
23			+ push(@Users,@members);
24			+ }
25			+ }
26			+
27			+ my %seen = ();
28			+ my $u = join (' ', grep { ! $seen{ $_ }++ } @Users);
29			+ return $u;
30			+}
31			+}
32			+
33			diff -Nur -x '.orig' -x '.rej' smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki
34			--- smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki 2008-11-27 04:53:06.000000000 +0100
35			+++ mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki 2008-12-05 03:38:24.000000000 +0100
36			@@ -1,6 +1,7 @@
37
38			Alias /phpki /opt/phpki/html/
39
40			+# Main access allowed for valid user
41			<Directory /opt/phpki/html>
42			AddType application/x-httpd-php .php
43			Options FollowSymLinks
44			@@ -13,7 +14,28 @@
45			order deny,allow
46			deny from all
47			allow from 127.0.0.1
48			+ AuthName "PHPKI"
49			+ AuthType Basic
50			+ TKTAuthLoginURL /server-common/cgi-bin/login
51			+ require valid-user
52			+ SetEnv IMGHDR_SRC "/server-common/server-manager.jpg"
53			+ Satisfy all
54			</Directory>
55
56			+# /ca is only allowed for admin and explicitely authorized users
57			+<Directory /opt/phpki/html/ca>
58			+ AuthName "PHPKI Admin"
59			+ AuthType Basic
60			+ TKTAuthLoginURL /server-common/cgi-bin/login
61			+ require user admin {getUsersList("phpki");}
62			+ SetEnv IMGHDR_SRC "/server-common/server-manager.jpg"
63			+ Satisfy all
64			+</Directory>
65
66			+# Disable access to /admin, which is used to configure user/password
67			+# via an htaccess file
68			+<Directory /opt/phpki/html/admin>
69			+ order deny,allow
70			+ deny from all
71			+</Directory>
72
73			diff -Nur -x '.orig' -x '.rej' smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki
74			--- smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki 2008-11-27 04:44:09.000000000 +0100
75			+++ mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki 2008-12-05 03:38:24.000000000 +0100
76			@@ -19,7 +19,7 @@
77
78
79			my $q = new CGI;
80			-my $content="0; url=https://".$ENV {'HTTP_X_FORWARDED_HOST'}."/phpki";
81			+my $content="0; url=https://".$ENV {'HTTP_X_FORWARDED_HOST'}."/phpki/ca";
82			$q->default_dtd('-//W3C//DTD XHTML 1.0 Transitional//EN');
83
84			print $q->header ('text/html');