diff -Nur -x '*.orig' -x '*.rej' smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions --- smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions 1970-01-01 01:00:00.000000000 +0100 +++ mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions 2008-12-05 03:39:10.000000000 +0100 @@ -0,0 +1,28 @@ +{ + +use esmith::AccountsDB; + +sub getUsersList ($){ + my ($panelName) = @_; + my $a = esmith::AccountsDB->open_ro || die "Error opening accounts db"; + my @users = $a->users(); + my @groups = $a->groups(); + my @Users = (); + foreach my $user (@users){ + my $panels = $user->prop('AdminPanels') || ''; + push(@Users,$user->key) if ($panels =~ /^(.*,)?$panelName(,.*)?$/); + } + foreach my $group (@groups){ + $panels = $group->prop('AdminPanels') || ''; + if ($panels =~ /^(.*,)?$panelName(,.*)?$/){ + my @members = split(/,/,($group->prop('Members') || '')); + push(@Users,@members); + } + } + + my %seen = (); + my $u = join (' ', grep { ! $seen{ $_ }++ } @Users); + return $u; +} +} + diff -Nur -x '*.orig' -x '*.rej' smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki --- smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki 2008-11-27 04:53:06.000000000 +0100 +++ mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki 2008-12-05 03:38:24.000000000 +0100 @@ -1,6 +1,7 @@ Alias /phpki /opt/phpki/html/ +# Main access allowed for valid user AddType application/x-httpd-php .php Options FollowSymLinks @@ -13,7 +14,28 @@ order deny,allow deny from all allow from 127.0.0.1 + AuthName "PHPKI" + AuthType Basic + TKTAuthLoginURL /server-common/cgi-bin/login + require valid-user + SetEnv IMGHDR_SRC "/server-common/server-manager.jpg" + Satisfy all +# /ca is only allowed for admin and explicitely authorized users + + AuthName "PHPKI Admin" + AuthType Basic + TKTAuthLoginURL /server-common/cgi-bin/login + require user admin {getUsersList("phpki");} + SetEnv IMGHDR_SRC "/server-common/server-manager.jpg" + Satisfy all + +# Disable access to /admin, which is used to configure user/password +# via an htaccess file + + order deny,allow + deny from all + diff -Nur -x '*.orig' -x '*.rej' smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki --- smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki 2008-11-27 04:44:09.000000000 +0100 +++ mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki 2008-12-05 03:38:24.000000000 +0100 @@ -19,7 +19,7 @@ my $q = new CGI; -my $content="0; url=https://".$ENV {'HTTP_X_FORWARDED_HOST'}."/phpki"; +my $content="0; url=https://".$ENV {'HTTP_X_FORWARDED_HOST'}."/phpki/ca"; $q->default_dtd('-//W3C//DTD XHTML 1.0 Transitional//EN'); print $q->header ('text/html');