Mod openssl to restrict users to only see and delete their own requests.

Moved apk to apk-tools.

git-svn-id: svn://svn.alpinelinux.org/acf/openssl/trunk@1179 ab2d0c66-481e-0410-8bed-d214d4d58bed

1 files changed, 20 insertions, 7 deletions

diff --git a/openssl-model.lua b/openssl-model.lua
index ef2218e..29a9b5f 100644
--- a/openssl-model.lua
+++ b/openssl-model.lua
@@ -164,22 +164,31 @@ getstatus = function()
 	local version = cfe({ value=value, errtxt=errtxt, label="Program version" })
 	local conffile = cfe({ value=configfile, label="Configuration file" })
 	local cacert = cfe({ label="CA Certificate" })
+	local cacertcontents = cfe({ type="longtext", label="CA Certificate contents" })
 	if not fs.is_file(configfile) then
 		conffile.errtxt="File not found"
 		cacert.errtxt="File not defined"
+		cacertcontents.errtxt=""
 	else
 		config = config or getopts.getoptsfromfile(configfile)
 		if (not config) or (not config.ca) or (not config.ca.default_ca) then
 			conffile.errtxt="Invalid config file"
 			cacert.errtxt="File not defined"
+			cacertcontents.errtxt=""
 		else
-			cacert.value = getconfigpath(config.ca.default_ca, "private_key")
+			--cacert.value = getconfigpath(config.ca.default_ca, "private_key")
+			cacert.value = getconfigpath(config.ca.default_ca, "certificate")
 			if not fs.is_file(cacert.value) then
 				cacert.errtxt="File not found"
+			else
+				local cmd = "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin openssl x509 -in "..cacert.value.." -noout -text"
+				local f = io.popen(cmd)
+				cacertcontents.value = f:read("*a")
+				f:close()
 			end
 		end
 	end
-	return cfe({ type="group", value={version=version, conffile=conffile, cacert=cacert}, label="openssl status" })
+	return cfe({ type="group", value={version=version, conffile=conffile, cacert=cacert, cacertcontents=cacertcontents}, label="openssl status" })
 end
 
 getreqdefaults = function()
@@ -280,9 +289,9 @@ submitrequest = function(clientdata, user)
 end
 
 listrequests = function(user)
-	user = user or ""
+	user = user or "*"
 	local list={}
-	local fh = io.popen('find ' .. requestdir .. ' -name "'..user..'*.csr" -maxdepth 1')
+	local fh = io.popen('find ' .. requestdir .. ' -name "'..user..'.*.csr" -maxdepth 1')
 	for x in fh:lines() do
 		local name = basename(x,".csr")
 		local a,b,c = string.match(name, "([^%.]*)%.([^%.]*)%.([^%.]*)")
@@ -340,7 +349,11 @@ approverequest = function(request)
 	return cmdresult
 end
 
-deleterequest = function(request)
+deleterequest = function(request, user)
+	user = user or ".*"
+	if (not fs.is_file(requestdir..request..".csr")) or (not string.find(request, "^"..user.."%.")) then
+		return cfe({ value="Request not found", label="Delete result" })
+	end
 	cmd = "rm "..requestdir..request..".*"
 	f = io.popen(cmd)
 	f:close()
@@ -348,9 +361,9 @@ deleterequest = function(request)
 end
 
 listcerts = function(user)
-	user = user or ""
+	user = user or "*"
 	local list={}
-	local fh = io.popen('find ' .. certdir .. ' -name "'..user..'*.pfx" -maxdepth 1')
+	local fh = io.popen('find ' .. certdir .. ' -name "'..user..'.*.pfx" -maxdepth 1')
 	for x in fh:lines() do
 		local name = basename(x,".pfx")
 		local a,b,c,d = string.match(name, "([^%.]*)%.([^%.]*)%.([^%.]*).([^%.]*)")