Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 1739 → Rev 1740

/alcasar.sh
452,8 → 452,7
rm -rf conf/etc/alcasar.conf
fi
# Define LAN side global parameters
hostname $HOSTNAME.$DOMAIN
echo $HOSTNAME.$DOMAIN > /etc/hostname
hostnamectl set-hostname $HOSTNAME.$DOMAIN
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2` # private network address (ie.: 192.168.182.0)
private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f4` # last octet of LAN address
PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2` # private network mask (ie.: 255.255.255.0)
514,7 → 513,6
[ -e /etc/sysconfig/network.default ] || cp /etc/sysconfig/network /etc/sysconfig/network.default
cat <<EOF > /etc/sysconfig/network
NETWORKING=yes
HOSTNAME="$HOSTNAME.$DOMAIN"
FORWARD_IPV4=true
EOF
# /etc/hosts config
789,7 → 787,6
Deny from all
Allow from 127.0.0.1
Allow from $PRIVATE_NETWORK_MASK
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP
require valid-user
AuthType digest
AuthName $HOSTNAME.$DOMAIN
804,7 → 801,6
Deny from all
Allow from 127.0.0.1
Allow from $PRIVATE_NETWORK_MASK
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP
require valid-user
AuthType digest
AuthName $HOSTNAME.$DOMAIN
819,7 → 815,6
Deny from all
Allow from 127.0.0.1
Allow from $PRIVATE_NETWORK_MASK
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP
require valid-user
AuthType digest
AuthName $HOSTNAME.$DOMAIN
834,7 → 829,6
Deny from all
Allow from 127.0.0.1
Allow from $PRIVATE_NETWORK_MASK
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP
require valid-user
AuthType digest
AuthName $HOSTNAME.$DOMAIN
850,7 → 844,6
Deny from all
Allow from 127.0.0.1
Allow from $PRIVATE_NETWORK_MASK
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP
require valid-user
AuthType digest
AuthName $HOSTNAME.$DOMAIN
/conf/sudoers
25,8 → 25,7
Cmnd_Alias UAM=/usr/local/sbin/alcasar-uamallowed.sh # to manage the trusted websites (uamallowed)
Cmnd_Alias SERVICE=/usr/bin/systemctl,/usr/sbin/shutdown # to manage the linux services
Cmnd_Alias GAMMU=/usr/local/bin/alcasar-sms.sh # to manage the SMS subsystem
Cmnd_Alias SSL=/usr/bin/openssl # to manage the certificates
Cmnd_Alias IMPCERT=/usr/local/sbin/alcasar-importcert.sh # to import an official certificate
Cmnd_Alias SSL=/usr/bin/openssl,/usr/local/bin/alcasar-importcert.sh # to manage the certificates
 
# Defaults specification
# Defaults syslog=auth
46,6 → 45,6
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
 
ADMWEB LAN_ORG=(root) NOPASSWD: NET,SYSTEM_BACKUP,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,GAMMU,SSL,IMPCERT
ADMWEB LAN_ORG=(root) NOPASSWD: NET,SYSTEM_BACKUP,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,GAMMU,SSL
ADMIN LAN_ORG=(root) NOPASSWD: NET,URPMI,BYPASS,SYSTEM_BACKUP,SQL,EXPORT,SERVICE
 
/scripts/alcasar-importcert.sh
32,19 → 32,20
$SED 's/^domain.*/domain\t\tlocaldomain/g' /etc/chilli.conf
$SED 's/^ServerName.*/ServerName alcasar.localdomain/g' /etc/httpd/conf/httpd.conf
$SED "s/^domain=.*/domain=localdomain/g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf
hostnamectl set-hostname alcasar.localdomain
$SED "s/^\tAuthName.*/\tAuthName alcasar.localdomain/g" /etc/httpd/conf/webapps.d/alcasar.conf
$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/alcasar.localdomain\//g" /etc/httpd/conf/webapps.d/alcasar.conf
}
 
function defaultCert()
{
cd $DIR_CERT
rm private/alcasar.key
rm certs/alcasar.crt
mv certs/alcasar.crt.old certs/alcasar.crt
mv private/alcasar.key.old private/alcasar.key
if [ -f certs/server-chain.crt.old ]
mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt
mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key
if [ -f $DIR_CERT/certs/server-chain.crt.old ]
then
rm certs/server-chain.crt
mv certs/server-chain.crt.old certs/server-chain.crt
mv $DIR_CERT/certs/server-chain.crt.old $DIR_CERT/certs/server-chain.crt
else
rm -f $DIR_CERT/certs/server-chain.crt
fi
}
 
69,44 → 70,43
$SED "s/^uamallowed.*/uamallowed\t$hostname,$fqdn/g" /etc/chilli.conf
$SED "s/^ServerName.*/ServerName $fqdn/g" /etc/httpd/conf/httpd.conf
$SED "s/^domain=.*/domain=$domain/g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf
hostnamectl set-hostname $fqdn
$SED "s/^\tAuthName.*/\tAuthName $fqdn/g" /etc/httpd/conf/webapps.d/alcasar.conf
$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/$fqdn\//g" /etc/httpd/conf/webapps.d/alcasar.conf
fi
}
 
function certImport()
{
cd $DIR_CERT
 
if [ ! -f "/etc/pki/tls/certs/alcasar.crt.old" ]
if [ ! -f "$DIR_CERT/certs/alcasar.crt.old" ]
then
echo "Backup of old cert (alcasar.crt)"
mv certs/alcasar.crt certs/alcasar.crt.old
mv $DIR_CERT/certs/alcasar.crt $DIR_CERT/certs/alcasar.crt.old
fi
if [ ! -f "/etc/pki/tls/private/alcasar.key.old" ]
if [ ! -f "$DIR_CERT/private/alcasar.key.old" ]
then
echo "Backup of old private key (alcasar.key)"
mv private/alcasar.key private/alcasar.key.old
mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old
fi
cp $cert $DIR_CERT/certs/alcasar.crt
cp $key $DIR_CERT/private/alcasar.key
 
cp $cert certs/alcasar.crt
cp $key private/alcasar.key
chown root:apache $DIR_CERT/certs/alcasar.crt
chown root:apache $DIR_CERT/private/alcasar.key
 
chown root:apache certs/alcasar.crt
chown root:apache private/alcasar.key
 
chmod 750 certs/alcasar.crt
chmod 750 private/alcasar.key
 
chmod 750 $DIR_CERT/certs/alcasar.crt
chmod 750 $DIR_CERT/private/alcasar.key
if [ "$sc" != "" ]
then
echo "cert-chain exists"
if [ ! -f "/etc/pki/tls/certs/server-chain.crt.old" ]
if [ ! -f "$DIR_CERT/certs/server-chain.crt.old" ]
then
echo "Backup of old cert-chain (server-chain.crt)"
mv certs/server-chain.crt certs/server-chain.crt.old
mv $DIR_CERT/certs/server-chain.crt $DIR_CERT/certs/server-chain.crt.old
fi
cp $sc certs/server-chain.crt
chown root:apache certs/server-chain.crt
chmod 750 certs/server-chain.crt
cp $sc $DIR_CERT/certs/server-chain.crt
chown root:apache $DIR_CERT/certs/server-chain.crt
chmod 750 $DIR_CERT/certs/server-chain.crt
fi
}
 
161,13 → 161,12
else
echo "Importing certificate $cert with private key $key and server-chain $sc"
fi
 
domainName $cert
certImport $cert $key $sc
for services in chilli httpd dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist
do
systemctl restart $services
done
do
echo "restarting $services"; systemctl restart $services; sleep 1
done
;;
-d)
if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]
175,8 → 174,10
echo "Restoring default certificate"
defaultCert
defaultNdd
systemctl restart chilli.service
systemctl restart httpd.service
for services in chilli httpd dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist
do
echo "restarting $services"; systemctl restart $services; sleep 1
done
fi
;;
*)
/web/acc/admin/network.php
44,8 → 44,9
$l_import_cert = "Import de certificat";
$l_private_key = "Clé privée (.key) :";
$l_certificate = "Certificat (.crt) :";
$l_server_chain = "Server-chain (Si nécéssaire : .crt) :";
$l_default_cert = "Retourner aux certificat par défaut";
$l_server_chain = "Chaîne de certification (si nécéssaire : .crt) :";
$l_default_cert = "Revenir au certificat d'origine";
$l_import = "Importer";
 
} else {
$l_network_title = "Network configuration";
72,8 → 73,9
$l_import_cert = "Certificate import";
$l_private_key = "Private key (.key) :";
$l_certificate = "Certificate (.crt) :";
$l_server_chain = "Server-chain (If necessary : .crt) :";
$l_server_chain = "Server-chain (if necessary : .crt) :";
$l_default_cert = "Back to default certificate";
$l_import = "Import";
}
if (isset($_POST['choix'])){$choix=$_POST['choix'];} else {$choix="";}
switch ($choix)
181,7 → 183,8
*************************/
//modification de la conf réseau --> V3.0
 
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><!-- written by steweb57 & rexy -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
270,16 → 273,16
<table width="100%" border="1" cellspacing="0" cellpadding="0">
<tr><td>
<form method="post" action="network.php" enctype="multipart/form-data">
<?php echo $l_private_key;?><input type="file" name="key"/><br/>
<?php echo $l_certificate;?><input type="file" name="crt"/><br/>
<?php echo $l_server_chain;?><input type="file" name="sc"/>
<input type="hidden" name="MAX_FILE_SIZE" value=<?php echo $maxsize;?> /><br/>
<input type="submit" value="Valider"/>
<?php echo $l_private_key;?><input type="file" name="key"><br>
<?php echo $l_certificate;?><input type="file" name="crt"><br>
<?php echo $l_server_chain;?><input type="file" name="sc">
<input type="hidden" name="MAX_FILE_SIZE" value=<?php echo $maxsize;?>><br>
<input type="submit" <?php echo "value=\"".$l_import."\""?>>
</form>
</td><td>
<form method="post" action="network.php">
<input type="hidden" name="default"/>
<input type="submit" <?php echo "value=\"".$l_default_cert."\""?>/>
<input type="hidden" name="default">
<input type="submit" <?php echo "value=\"".$l_default_cert."\""?>>
</form>
</td>
</tr>
290,7 → 293,7
 
<?php
if(isset($_POST['default'])){
echo "Retour au certificats par défaut";
echo "$l_default_cert";
exec("sudo alcasar-importcert.sh -d");
}
if(isset($_POST['MAX_FILE_SIZE'])){
306,7 → 309,7
if(isset($_FILES['sc']) && pathinfo($_FILES['sc']['name'])['extension'] == 'crt')
{
$scpath = $dest."server-chain.crt";
move_uploaded_file($_FILES['key']['tmp_name'], $scpath);
move_uploaded_file($_FILES['sc']['tmp_name'], $scpath);
}
$keypath = $dest."alcasar.key";
$crtpath = $dest."alcasar.crt";