diff -Nur -x '*.orig' -x '*.rej' smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions
--- smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions 1970-01-01 01:00:00.000000000 +0100
+++ mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions 2008-12-05 03:39:10.000000000 +0100
@@ -0,0 +1,28 @@
+{
+
+use esmith::AccountsDB;
+
+sub getUsersList ($){
+ my ($panelName) = @_;
+ my $a = esmith::AccountsDB->open_ro || die "Error opening accounts db";
+ my @users = $a->users();
+ my @groups = $a->groups();
+ my @Users = ();
+ foreach my $user (@users){
+ my $panels = $user->prop('AdminPanels') || '';
+ push(@Users,$user->key) if ($panels =~ /^(.*,)?$panelName(,.*)?$/);
+ }
+ foreach my $group (@groups){
+ $panels = $group->prop('AdminPanels') || '';
+ if ($panels =~ /^(.*,)?$panelName(,.*)?$/){
+ my @members = split(/,/,($group->prop('Members') || ''));
+ push(@Users,@members);
+ }
+ }
+
+ my %seen = ();
+ my $u = join (' ', grep { ! $seen{ $_ }++ } @Users);
+ return $u;
+}
+}
+
diff -Nur -x '*.orig' -x '*.rej' smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki
--- smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki 2008-11-27 04:53:06.000000000 +0100
+++ mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki 2008-12-05 03:38:24.000000000 +0100
@@ -1,6 +1,7 @@
Alias /phpki /opt/phpki/html/
+# Main access allowed for valid user
AddType application/x-httpd-php .php
Options FollowSymLinks
@@ -13,7 +14,28 @@
order deny,allow
deny from all
allow from 127.0.0.1
+ AuthName "PHPKI"
+ AuthType Basic
+ TKTAuthLoginURL /server-common/cgi-bin/login
+ require valid-user
+ SetEnv IMGHDR_SRC "/server-common/server-manager.jpg"
+ Satisfy all
+# /ca is only allowed for admin and explicitely authorized users
+
+ AuthName "PHPKI Admin"
+ AuthType Basic
+ TKTAuthLoginURL /server-common/cgi-bin/login
+ require user admin {getUsersList("phpki");}
+ SetEnv IMGHDR_SRC "/server-common/server-manager.jpg"
+ Satisfy all
+
+# Disable access to /admin, which is used to configure user/password
+# via an htaccess file
+
+ order deny,allow
+ deny from all
+
diff -Nur -x '*.orig' -x '*.rej' smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki
--- smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki 2008-11-27 04:44:09.000000000 +0100
+++ mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki 2008-12-05 03:38:24.000000000 +0100
@@ -19,7 +19,7 @@
my $q = new CGI;
-my $content="0; url=https://".$ENV {'HTTP_X_FORWARDED_HOST'}."/phpki";
+my $content="0; url=https://".$ENV {'HTTP_X_FORWARDED_HOST'}."/phpki/ca";
$q->default_dtd('-//W3C//DTD XHTML 1.0 Transitional//EN');
print $q->header ('text/html');