smeserver-phpki/contribs7/smeserver-phpki-0.1-userpanels.patch

diff -Nur -x '*.orig' -x '*.rej' smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions
--- smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions    1970-01-01 01:00:00.000000000 +0100
+++ mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions  2008-12-05 03:39:10.000000000 +0100
@@ -0,0 +1,28 @@
+{
+
+use esmith::AccountsDB;
+
+sub getUsersList ($){
+        my ($panelName) = @_;
+        my $a = esmith::AccountsDB->open_ro || die "Error opening accounts db";
+        my @users = $a->users();
+        my @groups = $a->groups();
+        my @Users = ();
+        foreach my $user (@users){
+                my $panels = $user->prop('AdminPanels') || '';
+                push(@Users,$user->key) if ($panels =~ /^(.*,)?$panelName(,.*)?$/);
+        }
+        foreach my $group (@groups){
+                $panels = $group->prop('AdminPanels') || '';
+                        if ($panels =~ /^(.*,)?$panelName(,.*)?$/){
+                        my @members = split(/,/,($group->prop('Members') || ''));
+                        push(@Users,@members);
+                }
+        }
+
+        my %seen = ();
+        my $u = join (' ', grep { ! $seen{ $_ }++ } @Users);
+        return $u;
+}
+}
+
diff -Nur -x '*.orig' -x '*.rej' smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki
--- smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki        2008-11-27 04:53:06.000000000 +0100
+++ mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki      2008-12-05 03:38:24.000000000 +0100
@@ -1,6 +1,7 @@
 
 Alias           /phpki        /opt/phpki/html/
 
+# Main access allowed for valid user
 <Directory /opt/phpki/html>
         AddType application/x-httpd-php .php
        Options FollowSymLinks
@@ -13,7 +14,28 @@
         order deny,allow
         deny from all
         allow from 127.0.0.1
+       AuthName "PHPKI"
+        AuthType Basic
+        TKTAuthLoginURL /server-common/cgi-bin/login
+        require valid-user
+        SetEnv IMGHDR_SRC "/server-common/server-manager.jpg"
+        Satisfy all
 </Directory>
 
+# /ca is only allowed for admin and explicitely authorized users
+<Directory /opt/phpki/html/ca>
+       AuthName "PHPKI Admin"
+        AuthType Basic
+        TKTAuthLoginURL /server-common/cgi-bin/login
+        require user admin {getUsersList("phpki");}
+        SetEnv IMGHDR_SRC "/server-common/server-manager.jpg"
+        Satisfy all
+</Directory>
 
+# Disable access to /admin, which is used to configure user/password 
+# via an htaccess file
+<Directory /opt/phpki/html/admin>
+       order deny,allow
+       deny from all
+</Directory>
 
diff -Nur -x '*.orig' -x '*.rej' smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki
--- smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki    2008-11-27 04:44:09.000000000 +0100
+++ mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki  2008-12-05 03:38:24.000000000 +0100
@@ -19,7 +19,7 @@
 
 
 my $q = new CGI;
-my $content="0; url=https://".$ENV {'HTTP_X_FORWARDED_HOST'}."/phpki";
+my $content="0; url=https://".$ENV {'HTTP_X_FORWARDED_HOST'}."/phpki/ca";
 $q->default_dtd('-//W3C//DTD XHTML 1.0 Transitional//EN');
 
 print $q->header ('text/html');
1	diff -Nur -x '.orig' -x '.rej' smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions
2	--- smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions 1970-01-01 01:00:00.000000000 +0100
3	+++ mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions 2008-12-05 03:39:10.000000000 +0100
4	@@ -0,0 +1,28 @@
5	+{
6	+
7	+use esmith::AccountsDB;
8	+
9	+sub getUsersList ($){
10	+ my ($panelName) = @_;
11	+ my $a = esmith::AccountsDB->open_ro \|\| die "Error opening accounts db";
12	+ my @users = $a->users();
13	+ my @groups = $a->groups();
14	+ my @Users = ();
15	+ foreach my $user (@users){
16	+ my $panels = $user->prop('AdminPanels') \|\| '';
17	+ push(@Users,$user->key) if ($panels =~ /^(.,)?$panelName(,.)?$/);
18	+ }
19	+ foreach my $group (@groups){
20	+ $panels = $group->prop('AdminPanels') \|\| '';
21	+ if ($panels =~ /^(.,)?$panelName(,.)?$/){
22	+ my @members = split(/,/,($group->prop('Members') \|\| ''));
23	+ push(@Users,@members);
24	+ }
25	+ }
26	+
27	+ my %seen = ();
28	+ my $u = join (' ', grep { ! $seen{ $_ }++ } @Users);
29	+ return $u;
30	+}
31	+}
32	+
33	diff -Nur -x '.orig' -x '.rej' smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki
34	--- smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki 2008-11-27 04:53:06.000000000 +0100
35	+++ mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki 2008-12-05 03:38:24.000000000 +0100
36	@@ -1,6 +1,7 @@
37
38	Alias /phpki /opt/phpki/html/
39
40	+# Main access allowed for valid user
41	<Directory /opt/phpki/html>
42	AddType application/x-httpd-php .php
43	Options FollowSymLinks
44	@@ -13,7 +14,28 @@
45	order deny,allow
46	deny from all
47	allow from 127.0.0.1
48	+ AuthName "PHPKI"
49	+ AuthType Basic
50	+ TKTAuthLoginURL /server-common/cgi-bin/login
51	+ require valid-user
52	+ SetEnv IMGHDR_SRC "/server-common/server-manager.jpg"
53	+ Satisfy all
54	</Directory>
55
56	+# /ca is only allowed for admin and explicitely authorized users
57	+<Directory /opt/phpki/html/ca>
58	+ AuthName "PHPKI Admin"
59	+ AuthType Basic
60	+ TKTAuthLoginURL /server-common/cgi-bin/login
61	+ require user admin {getUsersList("phpki");}
62	+ SetEnv IMGHDR_SRC "/server-common/server-manager.jpg"
63	+ Satisfy all
64	+</Directory>
65
66	+# Disable access to /admin, which is used to configure user/password
67	+# via an htaccess file
68	+<Directory /opt/phpki/html/admin>
69	+ order deny,allow
70	+ deny from all
71	+</Directory>
72
73	diff -Nur -x '.orig' -x '.rej' smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki
74	--- smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki 2008-11-27 04:44:09.000000000 +0100
75	+++ mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki 2008-12-05 03:38:24.000000000 +0100
76	@@ -19,7 +19,7 @@
77
78
79	my $q = new CGI;
80	-my $content="0; url=https://".$ENV {'HTTP_X_FORWARDED_HOST'}."/phpki";
81	+my $content="0; url=https://".$ENV {'HTTP_X_FORWARDED_HOST'}."/phpki/ca";
82	$q->default_dtd('-//W3C//DTD XHTML 1.0 Transitional//EN');
83
84	print $q->header ('text/html');