generated from smedev/Template-for-SMEServer-Contribs-Package
patches applied from our bz and from sourceforge tickets
phpki-0.82.bz10622.fixphpwarnings.patch phpki-0.82-empty_pass_php_5.2.patch phpki-0.82-remove_email_from_upload_file_name.patch phpki-0.82-ca_admin_users.patch phpki-0.82-expirey.patch phpki-0.82-remove_security_warning.patch phpki-0.82-ca_help.patch phpki-0.82-fix-dates-2.patch phpki-0.82-sme_admin_user.patch phpki-0.82-disable_download_after_create.patch phpki-0.82-fix-dates-3.patch phpki-0.82-sme_openvpn_bridge_compat.patch phpki-0.82-display_root_pem.patch phpki-0.82-fix-dates.patch phpki-0.82-update_crl_via_cron.patch phpki-0.82-dl_crl_in_pem.patch phpki-0.82-fix-preg_match.patch phpki-0.82-use_sha1.patch phpki-0.82-dl_display_ta_dh.patch phpki-0.82-openvpn_static_key.patch phpki-0.82-email_signing.patch phpki-0.82-potential_xss_php_self.patch
This commit is contained in:
@@ -10,6 +10,14 @@ $stage = gpvar('stage');
|
||||
|
||||
switch($stage) {
|
||||
|
||||
case 'dl_takey':
|
||||
upload("$config[private_dir]/takey.pem", "$config[ca_prefix]takey.pem", 'application/octet-stream');
|
||||
break;
|
||||
|
||||
case 'dl_dhparam':
|
||||
upload("$config[private_dir]/dhparam1024.pem", "$config[ca_prefix]dhparam1024.pem", 'application/octet-stream');
|
||||
break;
|
||||
|
||||
case 'dl_root':
|
||||
upload("$config[cacert_pem]", "$config[ca_prefix]cacert.crt", 'application/x-x509-ca-cert');
|
||||
break;
|
||||
@@ -18,6 +26,10 @@ case 'dl_crl':
|
||||
upload("$config[cacrl_der]", "$config[ca_prefix]cacrl.crl", 'application/pkix-crl');
|
||||
break;
|
||||
|
||||
case 'dl_crl_pem':
|
||||
upload("$config[cacrl_pem]", "$config[ca_prefix]cacrl.crl", 'application/octet-stream');
|
||||
break;
|
||||
|
||||
case 'gen_crl':
|
||||
list($ret,$errtxt) = CA_generate_crl();
|
||||
|
||||
@@ -50,6 +62,46 @@ case 'gen_crl':
|
||||
}
|
||||
break;
|
||||
|
||||
case 'display_takey':
|
||||
printHeader(false);
|
||||
|
||||
?>
|
||||
<center><h2>OpenVPN pre-shared Key</h2></center>
|
||||
<p>
|
||||
<form action=<?=$PHP_SELF?> method=post>
|
||||
<input type=submit name=submit value="Back to Menu">
|
||||
</form>
|
||||
<?
|
||||
print '<pre>'.ta_key_text().'</pre>';
|
||||
break;
|
||||
|
||||
case 'display_dhparam':
|
||||
printHeader(false);
|
||||
|
||||
?>
|
||||
<center><h2>OpenVPN Diffie-Helman parameters</h2></center>
|
||||
<p>
|
||||
<form action=<?=$PHP_SELF?> method=post>
|
||||
<input type=submit name=submit value="Back to Menu">
|
||||
</form>
|
||||
<?
|
||||
print '<pre>'.dhparam_text().'</pre>';
|
||||
break;
|
||||
|
||||
case 'display_root_pem':
|
||||
printHeader(false);
|
||||
|
||||
?>
|
||||
<center><h2>Root certificate file (PEM Encoded)</h2></center>
|
||||
<p>
|
||||
<form action=<?=$PHP_SELF?> method=post>
|
||||
<input type=submit name=submit value="Back to Menu">
|
||||
</form>
|
||||
<?
|
||||
print '<pre>'.root_pem_text().'</pre>';
|
||||
break;
|
||||
|
||||
|
||||
default:
|
||||
printHeader('ca');
|
||||
?>
|
||||
@@ -74,18 +126,31 @@ default:
|
||||
<td>Some applications automagically reference the Certificate Revocation List to determine
|
||||
certificate validity. It is not necessary to perform this update function, as the CRL is
|
||||
updated when certificates are revoked. However, doing so is harmless.
|
||||
<a href=../help.php target=_help>Read the online help</a> to learn more about this.</td></tr>
|
||||
<a href=../ca/help.php target=_help>Read the online help</a> to learn more about this.</td></tr>
|
||||
|
||||
<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
|
||||
<a href=<?=$PHP_SELF?>?stage=dl_root>Download the Root Certificate</a></td>
|
||||
<a href=<?=$PHP_SELF?>?stage=dl_root>Download the Root Certificate</a><br><br>
|
||||
<a href=<?=$PHP_SELF?>?stage=display_root_pem>Display the Root Certificate (PEM Encoded)</a></td>
|
||||
<td>The "Root" certificate must be installed before using any of the
|
||||
certificates issued here. <a href=../help.php target=_help>Read the online help</a>
|
||||
certificates issued here. <a href=../ca/help.php target=_help>Read the online help</a>
|
||||
to learn more about this.</td></tr>
|
||||
|
||||
<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
|
||||
<a href=<?=$PHP_SELF?>?stage=dl_crl>Download the Certificate Revocation List</a></td>
|
||||
<td>This is the official list of revoked certificates. Using this list with your e-mail or
|
||||
browser application is optional. Some applications will automagically reference this list. </td></tr>
|
||||
browser application is optional. Some applications will automagically reference this list.
|
||||
(<a href="<?=$PHP_SELF?>?stage=dl_crl_pem">Some will need it in PEM format.</a>)</td></tr>
|
||||
|
||||
<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
|
||||
<a href=<?=$PHP_SELF?>?stage=dl_takey>Download the static pre-shared key</a><br><br>
|
||||
<a href=<?=$PHP_SELF?>?stage=display_takey>Display the static pre-shared key</a></td>
|
||||
<td>This key can be used with OpenVPN as a standalone auth mecanism, or as an additionnal TLS authentication.</td></tr>
|
||||
|
||||
<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
|
||||
<a href=<?=$PHP_SELF?>?stage=dl_dhparam>Download the Diffie-Hellman parameters</a><br><br>
|
||||
<a href=<?=$PHP_SELF?>?stage=display_dhparam>Display the Diffie-Hellman parameters</a></td>
|
||||
<td>This file is used by OpenVPN for the hand-shake. The Diffie-Hellman key agreement
|
||||
protocol enables two communication partners to exchange a secret key safely.</td></tr>
|
||||
|
||||
</table>
|
||||
</center>
|
||||
|
||||
@@ -20,12 +20,6 @@ $show_valid = gpvar('show_valid');
|
||||
$show_revoked = gpvar('show_revoked');
|
||||
$show_expired = gpvar('show_expired');
|
||||
|
||||
|
||||
# Prevent handling certs that don't belong to user
|
||||
if ($serial && CAdb_issuer($serial) != $PHPki_user && ! in_array($PHPki_user, $PHPki_admins)) {
|
||||
$stage = 'goaway';
|
||||
}
|
||||
|
||||
if ( !($show_valid.$show_revoked.$show_expired) ) {
|
||||
$show_valid = 'V';
|
||||
$show_revoked = 'R';
|
||||
@@ -92,19 +86,19 @@ case 'download':
|
||||
|
||||
switch ($dl_type) {
|
||||
case 'PKCS#12':
|
||||
upload("$config[pfx_dir]/$serial.pfx", "$rec[common_name] ($rec[email]).p12", 'application/x-pkcs12');
|
||||
upload("$config[pfx_dir]/$serial.pfx", "$rec[common_name].p12", 'application/x-pkcs12');
|
||||
break;
|
||||
case 'PEMCERT':
|
||||
upload("$config[new_certs_dir]/$serial.pem", "$rec[common_name] ($rec[email]).pem",'application/pkix-cert');
|
||||
upload("$config[new_certs_dir]/$serial.pem", "$rec[common_name]-cert.pem",'application/pkix-cert');
|
||||
break;
|
||||
case 'PEMKEY':
|
||||
upload("$config[private_dir]/$serial-key.pem", "$rec[common_name] ($rec[email])-key.pem",'application/octet-stream');
|
||||
upload("$config[private_dir]/$serial-key.pem", "$rec[common_name]-key.pem",'application/octet-stream');
|
||||
break;
|
||||
case 'PEMBUNDLE':
|
||||
upload(array("$config[private_dir]/$serial-key.pem","$config[new_certs_dir]/$serial.pem"), "$rec[common_name] ($rec[email]).pem",'application/octet-stream');
|
||||
upload(array("$config[private_dir]/$serial-key.pem","$config[new_certs_dir]/$serial.pem"), "$rec[common_name]-bundle.pem",'application/octet-stream');
|
||||
break;
|
||||
case 'PEMCABUNDLE':
|
||||
upload(array("$config[private_dir]/$serial-key.pem","$config[new_certs_dir]/$serial.pem",$config['cacert_pem']), "$rec[common_name] ($rec[email]).pem",'application/octet-stream');
|
||||
upload(array("$config[private_dir]/$serial-key.pem","$config[new_certs_dir]/$serial.pem",$config['cacert_pem']), "$rec[common_name]-bundle-root.pem",'application/octet-stream');
|
||||
break;
|
||||
default:
|
||||
header("Location: ${PHP_SELF}?$qstr_sort&$qstr_filter");
|
||||
@@ -129,6 +123,7 @@ case 'revoke-form':
|
||||
Locality<br>
|
||||
State/Province<br>
|
||||
Country<br>
|
||||
</p>
|
||||
</td>
|
||||
<?
|
||||
|
||||
@@ -145,7 +140,7 @@ case 'revoke-form':
|
||||
</td>
|
||||
</tr></table>
|
||||
<h4>Are you sure?</h4>
|
||||
<p><form action="'.$PHP_SELF.'?'.$qstr_sort.'&'.$qstr_filter.'" method=post>
|
||||
<form action="'.$PHP_SELF.'?'.$qstr_sort.'&'.$qstr_filter.'" method=post>
|
||||
<input type=hidden name=stage value=revoke >
|
||||
<input type=hidden name=serial value='.$serial.' >
|
||||
<input type=submit name=submit value=Yes > 
|
||||
@@ -204,7 +199,7 @@ case 'renew-form':
|
||||
|
||||
printHeader('ca');
|
||||
?>
|
||||
<body onLoad="self.focus();document.form.passwd.focus()">
|
||||
<body onLoad="self.focus();document.form.passwd.focus();">
|
||||
|
||||
<form action="<?=$PHP_SELF.'?'.$qstr_sort.'&'.$qstr_filter?>" method=post name=form>
|
||||
<table width=99%>
|
||||
@@ -252,8 +247,10 @@ case 'renew-form':
|
||||
<td><select name=expiry>
|
||||
<?
|
||||
|
||||
print "<option value=0.25 ". ($expiry == 0.25 ? "selected='selected'" : "") . " >3 Months</option>\n" ;
|
||||
print "<option value=0.5 ". ($expiry == 0.5 ? "selected='selected'" : "") . " >6 Months</option>\n" ;
|
||||
print "<option value=1 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Year</option>\n" ;
|
||||
for ( $i = 2 ; $i < 6 ; $i++ ) {
|
||||
for ( $i = 2 ; $i <= 5 ; $i++ ) {
|
||||
print "<option value=$i " . ($expiry == $i ? "selected='selected'" : "") . " >$i Years</option>\n" ;
|
||||
}
|
||||
|
||||
@@ -289,8 +286,7 @@ case 'renew':
|
||||
print "<form action=\"$PHP_SELF?stage=renew-form&serial=$serial&$qstr_sort&$qstr_filter\" method=post>";
|
||||
?>
|
||||
<font color=#ff0000>
|
||||
<h2>There was an error creating your certificate
|
||||
.</h2></font><br>
|
||||
<h2>There was an error creating your certificate.</h2></font><br>
|
||||
<blockquote>
|
||||
<h3>Debug Info:</h3>
|
||||
<pre><?=$errtxt?></pre>
|
||||
@@ -312,14 +308,13 @@ default:
|
||||
printHeader('ca');
|
||||
|
||||
?>
|
||||
<body onLoad="self.focus();document.filter.search.focus()">
|
||||
<body onLoad="self.focus();document.filter.search.focus();">
|
||||
<table>
|
||||
<tr><th colspan=8><big>CERTIFICATE MANAGEMENT CONTROL PANEL</big></th></tr>
|
||||
<tr><td colspan=8><center>
|
||||
<form action="<?="$PHP_SELF?$qstr_sort"?>" method=get name=filter>
|
||||
Search: <input type=text name=search value="<?=htvar($search)?>" style="font-size: 11px;" maxlength=60 size=30>
|
||||
      <input type=checkbox name=show_valid value="V" <?=($show_valid?'checked'
|
||||
:'')?>>Valid
|
||||
      <input type=checkbox name=show_valid value="V" <?=($show_valid?'checked':'')?>>Valid
|
||||
  <input type=checkbox name=show_revoked value="R" <?=($show_revoked?'checked':'')?>>Revoked
|
||||
  <input type=checkbox name=show_expired value="E" <?=($show_expired?'checked':'')?>>Expired
|
||||
     <input type=submit name=submit value="Apply Filter" style="font-size: 11px;">
|
||||
@@ -364,12 +359,7 @@ default:
|
||||
|
||||
$x = "^[$show_valid$show_revoked$show_expired]";
|
||||
|
||||
if (in_array($PHPki_user, $PHPki_admins)) {
|
||||
$x = "$x.*$search";
|
||||
}
|
||||
else {
|
||||
$x = "$x.*$search.*$PHPki_user|$x.*$PHPki_user.*$search";
|
||||
}
|
||||
$x = "$x.*$search";
|
||||
|
||||
$db = csort(CAdb_to_array($x), $sortfield, ($ascdec=='A'?SORT_ASC:SORT_DESC));
|
||||
|
||||
|
||||
@@ -141,7 +141,7 @@ case 'confirm':
|
||||
<p><form action='<?=$PHP_SELF?>' method=post>
|
||||
<?= $hidden_fields ?>
|
||||
<input type=hidden name=form_stage value=final>
|
||||
<input type=submit name=submit value='Yes! Create and Download' >
|
||||
<input type=submit name=submit value='Yes' >
|
||||
<input type=submit name=submit value='Go Back'>
|
||||
</form>
|
||||
|
||||
@@ -165,7 +165,7 @@ case 'confirm':
|
||||
break;
|
||||
|
||||
case 'final':
|
||||
if ($submit == "Yes! Create and Download") {
|
||||
if ($submit == "Yes") {
|
||||
if (! $serial = CAdb_in($email,$common_name)) {
|
||||
list($ret,$errtxt) = CA_create_cert($cert_type,$country, $province, $locality, $organization, $unit, $common_name, $email, $expiry, $passwd, $keysize);
|
||||
|
||||
@@ -194,22 +194,9 @@ case 'final':
|
||||
$serial = $errtxt;
|
||||
}
|
||||
}
|
||||
# CLear common_name fiels
|
||||
$common_name = '';
|
||||
|
||||
switch($cert_type) {
|
||||
case 'server':
|
||||
upload(array("$config[private_dir]/$serial-key.pem","$config[new_certs_dir]/$serial.pem",$config['cacert_pem']), "$common_name ($email).pem",'application/pkix-cert');
|
||||
break;
|
||||
case 'email':
|
||||
case 'email_signing':
|
||||
case 'time_stamping':
|
||||
case 'vpn_client_server':
|
||||
case 'vpn_client':
|
||||
case 'vpn_server':
|
||||
upload("$config[pfx_dir]/$serial.pfx", "$common_name ($email).p12", 'application/x-pkcs12');
|
||||
break;
|
||||
}
|
||||
|
||||
break;
|
||||
}
|
||||
default:
|
||||
#
|
||||
@@ -229,7 +216,7 @@ default:
|
||||
|
||||
printHeader();
|
||||
?>
|
||||
<body onLoad="self.focus();document.request.common_name.focus()">
|
||||
<body onLoad="self.focus();document.request.common_name.focus();">
|
||||
<form action="<?=$PHP_SELF?>" method=post name=request>
|
||||
<table width=99%>
|
||||
<th colspan=2><h3>Certificate Request Form</h3></th>
|
||||
@@ -276,8 +263,10 @@ default:
|
||||
<td><select name=expiry>
|
||||
<?
|
||||
|
||||
print "<option value=0.25 ". ($expiry == 0.25 ? "selected='selected'" : "") . " >3 Months</option>\n" ;
|
||||
print "<option value=0.5 ". ($expiry == 0.5 ? "selected='selected'" : "") . " >6 Months</option>\n" ;
|
||||
print "<option value=1 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Year</option>\n" ;
|
||||
for ( $i = 2 ; $i < 6 ; $i++ ) {
|
||||
for ( $i = 2 ; $i <= 5 ; $i++ ) {
|
||||
print "<option value=$i " . ($expiry == $i ? "selected='selected'" : "") . " >$i Years</option>\n" ;
|
||||
}
|
||||
|
||||
@@ -290,7 +279,7 @@ default:
|
||||
<td>Key Size </td>
|
||||
<td><select name=keysize>
|
||||
<?
|
||||
for ( $i = 512 ; $i < 4096 ; $i+= 512 ) {
|
||||
for ( $i = 512 ; $i <= 4096 ; $i+= 512 ) {
|
||||
print "<option value=$i " . ($keysize == $i ? "selected='selected'" : "") . " >$i bits</option>\n" ;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user