mirror of
https://github.com/webmin/webmin.git
synced 2026-02-03 06:03:28 +00:00
CGI to save TLS keys
This commit is contained in:
Jamie Cameron
@@ -1,5 +1,5 @@
|
||||
#!/usr/local/bin/perl
|
||||
# Show a form to edit or create a TLS key
|
||||
# Show a form to edit or create a TLS key and cert
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
@@ -7,7 +7,7 @@ no warnings 'redefine';
|
||||
no warnings 'uninitialized';
|
||||
our (%access, %text, %in);
|
||||
|
||||
require './bind8-lib.pl';
|
||||
require './bind8-lib.pl';
|
||||
$access{'defaults'} || &error($text{'tls_ecannot'});
|
||||
&supports_tls() || &error($text{'tls_esupport'});
|
||||
&ReadParse();
|
||||
@@ -46,6 +46,13 @@ print &ui_table_row($text{'tls_key'},
|
||||
print &ui_table_row($text{'tls_cert'},
|
||||
&ui_filebox("cert", &find_value("cert-file", $mems), 60));
|
||||
|
||||
# CA cert file
|
||||
my $ca = &find_value("ca-file", $mems);
|
||||
print &ui_table_row($text{'tls_ca'},
|
||||
&ui_radio("ca_def", $ca ? 0 : 1,
|
||||
[ [ 1, $text{'tls_ca_def'} ],
|
||||
[ 0, &ui_filebox("ca", $ca, 60) ] ]));
|
||||
|
||||
print &ui_table_end();
|
||||
print &ui_form_end(
|
||||
$in{'new'} ? [ [ undef, $text{'create'} ] ]
|
||||
|
||||
@@ -1355,6 +1355,8 @@ tls_esupport=SSL keys and certificates are not supported on this system
|
||||
tls_name=Key name
|
||||
tls_key=Key file
|
||||
tls_cert=Certificate file
|
||||
tls_ca=CA certificate file
|
||||
tls_ca_def=None required
|
||||
tls_ecannot=You are not allowed to edit SSL keys and certificates
|
||||
tls_esupport=DNS over SSL is not supported on this system
|
||||
tls_none=No SSL keys have been added yet.
|
||||
@@ -1364,5 +1366,12 @@ tls_title1=Add SSL Key
|
||||
tls_title2=Edit SSL Key
|
||||
tls_egone=SSL key no longer exists!
|
||||
tls_header=Key and certificate details
|
||||
tls_cerr=Failed to create SSL key
|
||||
tls_derr=Failed to delete SSL key
|
||||
tls_err=Failed to save SSL key
|
||||
tls_ename=SSL key name can only contain letters, numbers, underscore and dash
|
||||
tls_ekey=Missing or non-existent SSL key file
|
||||
tls_ecert=Missing or non-existent SSL certificate file
|
||||
tls_eca=Missing or non-existent SSL CA certificate file
|
||||
|
||||
__norefs=1
|
||||
|
||||
@@ -5,7 +5,7 @@ use strict;
|
||||
use warnings;
|
||||
no warnings 'redefine';
|
||||
no warnings 'uninitialized';
|
||||
our (%access, %text, %in);
|
||||
our (%access, %text, %in, %config);
|
||||
|
||||
require './bind8-lib.pl';
|
||||
$access{'defaults'} || &error($text{'tls_ecannot'});
|
||||
@@ -15,24 +15,75 @@ $access{'defaults'} || &error($text{'tls_ecannot'});
|
||||
$in{'delete'} ? $text{'tls_derr'} : $text{'tls_err'});
|
||||
|
||||
# Get the TLS config being edited
|
||||
my $parent = &get_config_parent();
|
||||
my $conf = &get_config();
|
||||
my @tls = &find("tls", $conf);
|
||||
my $tls;
|
||||
if (!$in{'new'}) {
|
||||
my $conf = &get_config();
|
||||
my @tls = &find("tls", $conf);
|
||||
($tls) = grep { $_->{'values'}->[0] eq $in{'name'} } @tls;
|
||||
($tls) = grep { $_->{'values'}->[0] eq $in{'oldname'} } @tls;
|
||||
$tls || &error($text{'tls_egone'});
|
||||
}
|
||||
else {
|
||||
$tls = { 'values' => [],
|
||||
'members' => [] };
|
||||
}
|
||||
|
||||
&lock_file(&make_chroot($config{'named_conf'}));
|
||||
if ($in{'delete'}) {
|
||||
# Just remove this one TLS key, if unused
|
||||
# XXX
|
||||
&save_directive($parent, [ $tls ], [ ]);
|
||||
}
|
||||
else {
|
||||
# Validate inputs
|
||||
$in{'name'} =~ /^[a-z0-9\-\_]+$/i || &error($text{'tls_ename'});
|
||||
-r $in{'key'} || &error($text{'tls_ekey'});
|
||||
-r $in{'cert'} || &error($text{'tls_ecert'});
|
||||
if (!$in{'ca_def'}) {
|
||||
-r $in{'ca'} || &error($text{'tls_eca'});
|
||||
}
|
||||
&foreign_require("webmin");
|
||||
&webmin::validate_key_cert($in{'key'}, $in{'cert'});
|
||||
if (!$in{'ca_def'}) {
|
||||
&webmin::validate_key_cert($in{'key'}, $in{'ca'});
|
||||
}
|
||||
|
||||
if ($in{'new'}) {
|
||||
# Create the TLS object
|
||||
$tls = { 'name' => 'tls',
|
||||
'values' => [ $in{'name'} ],
|
||||
'type' => 1,
|
||||
'members' => [
|
||||
{ 'name' => 'key-file',
|
||||
'values' => [ $in{'key'} ]
|
||||
},
|
||||
{ 'name' => 'cert-file',
|
||||
'values' => [ $in{'cert'} ]
|
||||
},
|
||||
]
|
||||
};
|
||||
if (!$in{'ca_def'}) {
|
||||
push(@{$tls->{'members'}},
|
||||
{ 'name' => 'ca-file',
|
||||
'values' => [ $in{'ca'} ]
|
||||
});
|
||||
}
|
||||
&save_directive($parent, [ ], [ $tls ]);
|
||||
}
|
||||
else {
|
||||
# Update the existing object
|
||||
$tls->{'values'}->[0] = $in{'name'};
|
||||
&save_directive($parent, [ $tls ], [ $tls ]);
|
||||
&save_directive($tls, "key-file",
|
||||
[ { 'name' => 'key-file',
|
||||
'values' => [ $in{'key'} ] } ]);
|
||||
&save_directive($tls, "cert-file",
|
||||
[ { 'name' => 'cert-file',
|
||||
'values' => [ $in{'cert'} ] } ]);
|
||||
&save_directive($tls, "ca-file", $in{'ca_def'} ? [ ] :
|
||||
[ { 'name' => 'ca-file',
|
||||
'values' => [ $in{'ca'} ] } ]);
|
||||
}
|
||||
}
|
||||
|
||||
&flush_file_lines();
|
||||
&unlock_file(&make_chroot($config{'named_conf'}));
|
||||
&webmin_log($in{'new'} ? 'create' : $in{'delete'} ? 'delete' : 'modify',
|
||||
'tls', $tls->{'values'}->[0]);
|
||||
&redirect("list_tls.cgi");
|
||||
|
||||
|
||||
Reference in New Issue
Block a user