michael/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2026-02-03 14:13:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

CGI to save TLS keys

Browse Source
This commit is contained in:
Jamie Cameron
2025-04-26 21:50:44 -07:00
parent 3706f7862b
commit ebf1138788
3 changed files with 78 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
bind8/edit_tls.cgi
View File

@@ -1,5 +1,5 @@
#!/usr/local/bin/perl #!/usr/local/bin/perl
# Show a form to edit or create a TLS key # Show a form to edit or create a TLS key and cert
use strict; use strict;
use warnings; use warnings;
@@ -7,7 +7,7 @@ no warnings 'redefine';
no warnings 'uninitialized'; no warnings 'uninitialized';
our (%access, %text, %in); our (%access, %text, %in);
require './bind8-lib.pl'; require './bind8-lib.pl';
$access{'defaults'} || &error($text{'tls_ecannot'}); $access{'defaults'} || &error($text{'tls_ecannot'});
&supports_tls() || &error($text{'tls_esupport'}); &supports_tls() || &error($text{'tls_esupport'});
&ReadParse(); &ReadParse();
@@ -46,6 +46,13 @@ print &ui_table_row($text{'tls_key'},
print &ui_table_row($text{'tls_cert'}, print &ui_table_row($text{'tls_cert'},
&ui_filebox("cert", &find_value("cert-file", $mems), 60)); &ui_filebox("cert", &find_value("cert-file", $mems), 60));
# CA cert file
my $ca = &find_value("ca-file", $mems);
print &ui_table_row($text{'tls_ca'},
&ui_radio("ca_def", $ca ? 0 : 1,
[ [ 1, $text{'tls_ca_def'} ],
[ 0, &ui_filebox("ca", $ca, 60) ] ]));
print &ui_table_end(); print &ui_table_end();
print &ui_form_end( print &ui_form_end(
$in{'new'} ? [ [ undef, $text{'create'} ] ] $in{'new'} ? [ [ undef, $text{'create'} ] ]

9
bind8/lang/en
View File

@@ -1355,6 +1355,8 @@ tls_esupport=SSL keys and certificates are not supported on this system
tls_name=Key name tls_name=Key name
tls_key=Key file tls_key=Key file
tls_cert=Certificate file tls_cert=Certificate file
tls_ca=CA certificate file
tls_ca_def=None required
tls_ecannot=You are not allowed to edit SSL keys and certificates tls_ecannot=You are not allowed to edit SSL keys and certificates
tls_esupport=DNS over SSL is not supported on this system tls_esupport=DNS over SSL is not supported on this system
tls_none=No SSL keys have been added yet. tls_none=No SSL keys have been added yet.
@@ -1364,5 +1366,12 @@ tls_title1=Add SSL Key
tls_title2=Edit SSL Key tls_title2=Edit SSL Key
tls_egone=SSL key no longer exists! tls_egone=SSL key no longer exists!
tls_header=Key and certificate details tls_header=Key and certificate details
tls_cerr=Failed to create SSL key
tls_derr=Failed to delete SSL key
tls_err=Failed to save SSL key
tls_ename=SSL key name can only contain letters, numbers, underscore and dash
tls_ekey=Missing or non-existent SSL key file
tls_ecert=Missing or non-existent SSL certificate file
tls_eca=Missing or non-existent SSL CA certificate file
__norefs=1 __norefs=1

69
bind8/save_tls.cgi
View File

@@ -5,7 +5,7 @@ use strict;
use warnings; use warnings;
no warnings 'redefine'; no warnings 'redefine';
no warnings 'uninitialized'; no warnings 'uninitialized';
our (%access, %text, %in); our (%access, %text, %in, %config);
require './bind8-lib.pl'; require './bind8-lib.pl';
$access{'defaults'} || &error($text{'tls_ecannot'}); $access{'defaults'} || &error($text{'tls_ecannot'});
@@ -15,24 +15,75 @@ $access{'defaults'} || &error($text{'tls_ecannot'});
$in{'delete'} ? $text{'tls_derr'} : $text{'tls_err'}); $in{'delete'} ? $text{'tls_derr'} : $text{'tls_err'});
# Get the TLS config being edited # Get the TLS config being edited
my $parent = &get_config_parent();
my $conf = &get_config();
my @tls = &find("tls", $conf);
my $tls; my $tls;
if (!$in{'new'}) { if (!$in{'new'}) {
my $conf = &get_config(); ($tls) = grep { $_->{'values'}->[0] eq $in{'oldname'} } @tls;
my @tls = &find("tls", $conf);
($tls) = grep { $_->{'values'}->[0] eq $in{'name'} } @tls;
$tls || &error($text{'tls_egone'}); $tls || &error($text{'tls_egone'});
} }
else {
$tls = { 'values' => [],
'members' => [] };
}
&lock_file(&make_chroot($config{'named_conf'}));
if ($in{'delete'}) { if ($in{'delete'}) {
# Just remove this one TLS key, if unused # Just remove this one TLS key, if unused
# XXX
&save_directive($parent, [ $tls ], [ ]);
} }
else { else {
# Validate inputs # Validate inputs
$in{'name'} =~ /^[a-z0-9\-\_]+$/i || &error($text{'tls_ename'}); $in{'name'} =~ /^[a-z0-9\-\_]+$/i || &error($text{'tls_ename'});
-r $in{'key'} || &error($text{'tls_ekey'});
-r $in{'cert'} || &error($text{'tls_ecert'});
if (!$in{'ca_def'}) {
-r $in{'ca'} || &error($text{'tls_eca'});
}
&foreign_require("webmin");
&webmin::validate_key_cert($in{'key'}, $in{'cert'});
if (!$in{'ca_def'}) {
&webmin::validate_key_cert($in{'key'}, $in{'ca'});
}
if ($in{'new'}) {
# Create the TLS object
$tls = { 'name' => 'tls',
'values' => [ $in{'name'} ],
'type' => 1,
'members' => [
{ 'name' => 'key-file',
'values' => [ $in{'key'} ]
},
{ 'name' => 'cert-file',
'values' => [ $in{'cert'} ]
},
]
};
if (!$in{'ca_def'}) {
push(@{$tls->{'members'}},
{ 'name' => 'ca-file',
'values' => [ $in{'ca'} ]
});
}
&save_directive($parent, [ ], [ $tls ]);
}
else {
# Update the existing object
$tls->{'values'}->[0] = $in{'name'};
&save_directive($parent, [ $tls ], [ $tls ]);
&save_directive($tls, "key-file",
[ { 'name' => 'key-file',
'values' => [ $in{'key'} ] } ]);
&save_directive($tls, "cert-file",
[ { 'name' => 'cert-file',
'values' => [ $in{'cert'} ] } ]);
&save_directive($tls, "ca-file", $in{'ca_def'} ? [ ] :
[ { 'name' => 'ca-file',
'values' => [ $in{'ca'} ] } ]);
}
} }
&flush_file_lines();
&unlock_file(&make_chroot($config{'named_conf'}));
&webmin_log($in{'new'} ? 'create' : $in{'delete'} ? 'delete' : 'modify',
'tls', $tls->{'values'}->[0]);
&redirect("list_tls.cgi");