1 |
diff -Nur -x '*.orig' -x '*.rej' smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions |
2 |
--- smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions 1970-01-01 01:00:00.000000000 +0100 |
3 |
+++ mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/00functions 2008-12-05 03:39:10.000000000 +0100 |
4 |
@@ -0,0 +1,28 @@ |
5 |
+{ |
6 |
+ |
7 |
+use esmith::AccountsDB; |
8 |
+ |
9 |
+sub getUsersList ($){ |
10 |
+ my ($panelName) = @_; |
11 |
+ my $a = esmith::AccountsDB->open_ro || die "Error opening accounts db"; |
12 |
+ my @users = $a->users(); |
13 |
+ my @groups = $a->groups(); |
14 |
+ my @Users = (); |
15 |
+ foreach my $user (@users){ |
16 |
+ my $panels = $user->prop('AdminPanels') || ''; |
17 |
+ push(@Users,$user->key) if ($panels =~ /^(.*,)?$panelName(,.*)?$/); |
18 |
+ } |
19 |
+ foreach my $group (@groups){ |
20 |
+ $panels = $group->prop('AdminPanels') || ''; |
21 |
+ if ($panels =~ /^(.*,)?$panelName(,.*)?$/){ |
22 |
+ my @members = split(/,/,($group->prop('Members') || '')); |
23 |
+ push(@Users,@members); |
24 |
+ } |
25 |
+ } |
26 |
+ |
27 |
+ my %seen = (); |
28 |
+ my $u = join (' ', grep { ! $seen{ $_ }++ } @Users); |
29 |
+ return $u; |
30 |
+} |
31 |
+} |
32 |
+ |
33 |
diff -Nur -x '*.orig' -x '*.rej' smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki |
34 |
--- smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki 2008-11-27 04:53:06.000000000 +0100 |
35 |
+++ mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/templates/etc/httpd/pki-conf/httpd.conf/90phpki 2008-12-05 03:38:24.000000000 +0100 |
36 |
@@ -1,6 +1,7 @@ |
37 |
|
38 |
Alias /phpki /opt/phpki/html/ |
39 |
|
40 |
+# Main access allowed for valid user |
41 |
<Directory /opt/phpki/html> |
42 |
AddType application/x-httpd-php .php |
43 |
Options FollowSymLinks |
44 |
@@ -13,7 +14,28 @@ |
45 |
order deny,allow |
46 |
deny from all |
47 |
allow from 127.0.0.1 |
48 |
+ AuthName "PHPKI" |
49 |
+ AuthType Basic |
50 |
+ TKTAuthLoginURL /server-common/cgi-bin/login |
51 |
+ require valid-user |
52 |
+ SetEnv IMGHDR_SRC "/server-common/server-manager.jpg" |
53 |
+ Satisfy all |
54 |
</Directory> |
55 |
|
56 |
+# /ca is only allowed for admin and explicitely authorized users |
57 |
+<Directory /opt/phpki/html/ca> |
58 |
+ AuthName "PHPKI Admin" |
59 |
+ AuthType Basic |
60 |
+ TKTAuthLoginURL /server-common/cgi-bin/login |
61 |
+ require user admin {getUsersList("phpki");} |
62 |
+ SetEnv IMGHDR_SRC "/server-common/server-manager.jpg" |
63 |
+ Satisfy all |
64 |
+</Directory> |
65 |
|
66 |
+# Disable access to /admin, which is used to configure user/password |
67 |
+# via an htaccess file |
68 |
+<Directory /opt/phpki/html/admin> |
69 |
+ order deny,allow |
70 |
+ deny from all |
71 |
+</Directory> |
72 |
|
73 |
diff -Nur -x '*.orig' -x '*.rej' smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki |
74 |
--- smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki 2008-11-27 04:44:09.000000000 +0100 |
75 |
+++ mezzanine_patched_smeserver-phpki-0.1/root/etc/e-smith/web/functions/phpki 2008-12-05 03:38:24.000000000 +0100 |
76 |
@@ -19,7 +19,7 @@ |
77 |
|
78 |
|
79 |
my $q = new CGI; |
80 |
-my $content="0; url=https://".$ENV {'HTTP_X_FORWARDED_HOST'}."/phpki"; |
81 |
+my $content="0; url=https://".$ENV {'HTTP_X_FORWARDED_HOST'}."/phpki/ca"; |
82 |
$q->default_dtd('-//W3C//DTD XHTML 1.0 Transitional//EN'); |
83 |
|
84 |
print $q->header ('text/html'); |