michael/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2026-02-03 06:03:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add UI option to control if SSL client cert is trusted

Browse Source
This commit is contained in:
Jamie Cameron
2024-12-17 21:45:00 -08:00
parent 6980e08f87
commit efae1cf754
4 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
miniserv.pl
View File

@@ -1704,8 +1704,9 @@ if ($header{'user-agent'} =~ /webmin/i ||
}
# Check for SSL authentication
my $trust_ssl = $config{'trust_real_ip'} && !$config{'no_trust_ssl'};
if ($use_ssl && $verified_client ||
$config{'trust_real_ip'} && $header{'x-ssl-client-dn'}) {
$trust_ssl && $header{'x-ssl-client-dn'}) {
if ($use_ssl && $verified_client) {
$peername = Net::SSLeay::X509_NAME_oneline(
Net::SSLeay::X509_get_subject_name(
@@ -1713,7 +1714,7 @@ if ($use_ssl && $verified_client ||
$ssl_con)));
$u = &find_user_by_cert($peername);
}
if ($config{'trust_real_ip'} && !$u && $header{'x-ssl-client-dn'}) {
if ($trust_ssl && !$u && $header{'x-ssl-client-dn'}) {
# Use proxied client cert
$u = &find_user_by_cert($header{'x-ssl-client-dn'});
}

1
webmin/change_access.cgi
View File

@@ -39,6 +39,7 @@ elsif ($in{"access"} == 2) { $miniserv{"deny"} = join(' ', @hosts); }
$miniserv{'libwrap'} = $in{'libwrap'};
$miniserv{'alwaysresolve'} = $in{'alwaysresolve'};
$miniserv{'trust_real_ip'} = $in{'trust'};
$miniserv{'no_trust_ssl'} = !$in{'trust_ssl'};
&put_miniserv_config(\%miniserv);
&unlock_file($ENV{'MINISERV_CONFIG'});
&show_restart_page();

3
webmin/edit_access.cgi
View File

@@ -30,6 +30,9 @@ print &ui_table_row($text{'access_always'},
print &ui_table_row($text{'access_trust'},
&ui_yesno_radio("trust", int($miniserv{'trust_real_ip'})));
print &ui_table_row($text{'access_trust_ssl'},
&ui_yesno_radio("trust_ssl", !$miniserv{'no_trust_ssl'}));
eval "use Authen::Libwrap qw(hosts_ctl STRING_UNKNOWN)";
if (!$@) {
print &ui_table_row($text{'access_libwrap'},

1
webmin/lang/en
View File

@@ -32,6 +32,7 @@ access_ehost=Failed to find IP address for '$1'
access_eself=Your current IP address ($1) would be denied
access_always=Resolve hostnames on every request?
access_trust=Trust remote IP address provided by proxies?
access_trust_ssl=Trust SSL client cert provided by proxies?
bind_title=Ports and Addresses
bind_desc2=This form can be used to change the port number that Webmin listens on, or have it listen on only a single IP address on your system. You can also configure it to accept connections on multiple ports, or to listen on several IP addresses. Note - your web browser may prompt you to log in again after changing the port or binding address.