free
/
freedombone
Obserwuj 1
Gwiazdka 0
Forkuj 0
Kod Problemy 0 Pull Requests 0 Wydania 0 Wiki Aktywność
Przeglądaj źródła

Password

Bob Mottram 9 lat temu
rodzic
07c0d5fb99
commit
86bf6c7666
2 zmienionych plików z 11 dodań i 1 usunięć
Zunifikowany widok Pokaż statystyki zmian
  1. 4
    0
      src/freedombone
  2. 7
    1
      src/freedombone-clientcert

+ 4
- 0
src/freedombone Wyświetl plik

5647
5647
5648 
   sed -i 's/#process_limit =.*/process_limit = 5/g' /etc/dovecot/conf.d/10-master.conf
 5648 
   sed -i 's/#process_limit =.*/process_limit = 5/g' /etc/dovecot/conf.d/10-master.conf
5649 
   sed -i 's/#default_client_limit.*/default_client_limit = 5/g' /etc/dovecot/conf.d/10-master.conf
 5649 
   sed -i 's/#default_client_limit.*/default_client_limit = 5/g' /etc/dovecot/conf.d/10-master.conf
5650 
+  sed -i 's|#default_process_limit =.*|default_process_limit = 100|g' /etc/dovecot/conf.d/10-master.conf
5650
5651
5651 
   sed -i 's/#auth_verbose.*/auth_verbose = yes/g' /etc/dovecot/conf.d/10-logging.conf
 5652 
   sed -i 's/#auth_verbose.*/auth_verbose = yes/g' /etc/dovecot/conf.d/10-logging.conf
5652
5653
5664 
       return
 5665 
       return
5665 
   fi
 5666 
   fi
5666 
   # http://strange.systems/certificate-based-auth-with-dovecot-sendmail/
 5667 
   # http://strange.systems/certificate-based-auth-with-dovecot-sendmail/
5668 
+  sed -i 's|#default_process_limit =.*|default_process_limit = 100|g' /etc/dovecot/conf.d/10-master.conf
5669 
+  sed -i 's/disable_plaintext_auth =.*/disable_plaintext_auth = yes/g' /etc/dovecot/conf.d/10-auth.conf
5667 
   sed -i 's|#auth_ssl_require_client_cert =.*|auth_ssl_require_client_cert = yes|g' /etc/dovecot/conf.d/10-auth.conf
 5670 
   sed -i 's|#auth_ssl_require_client_cert =.*|auth_ssl_require_client_cert = yes|g' /etc/dovecot/conf.d/10-auth.conf
5668 
   sed -i 's|#auth_ssl_username_from_cert =.*|auth_ssl_username_from_cert = yes|g' /etc/dovecot/conf.d/10-auth.conf
 5671 
   sed -i 's|#auth_ssl_username_from_cert =.*|auth_ssl_username_from_cert = yes|g' /etc/dovecot/conf.d/10-auth.conf
5669 
   sed -i 's|#ssl_ca =.*|ssl_ca = /etc/ssl/certs/dovecot-ca.crt|g' /etc/dovecot/conf.d/10-ssl.conf
 5672 
   sed -i 's|#ssl_ca =.*|ssl_ca = /etc/ssl/certs/dovecot-ca.crt|g' /etc/dovecot/conf.d/10-ssl.conf
5670 
   sed -i 's|#ssl_cert_username_field =.*|ssl_cert_username_field = commonName|g' /etc/dovecot/conf.d/10-ssl.conf
 5673 
   sed -i 's|#ssl_cert_username_field =.*|ssl_cert_username_field = commonName|g' /etc/dovecot/conf.d/10-ssl.conf
5674 
+  sed -i 's|#ssl_verify_client_cert =.*|ssl_verify_client_cert = yes|g' /etc/dovecot/conf.d/10-ssl.conf
5671 
   if ! grep -q "passdb {" /etc/dovecot/conf.d/10-auth.conf; then
 5675 
   if ! grep -q "passdb {" /etc/dovecot/conf.d/10-auth.conf; then
5672 
     echo '' >> /etc/dovecot/conf.d/10-auth.conf
 5676 
     echo '' >> /etc/dovecot/conf.d/10-auth.conf
5673 
     echo 'passdb {' >> /etc/dovecot/conf.d/10-auth.conf
 5677 
     echo 'passdb {' >> /etc/dovecot/conf.d/10-auth.conf

+ 7
- 1
src/freedombone-clientcert Wyświetl plik

33 
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 33 
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
34
34
35 
 USERNAME=
 35 
 USERNAME=
36 
+CLIENT_CERT_PASSWORD=
36 
 COUNTRY_CODE="US"
 37 
 COUNTRY_CODE="US"
37 
 AREA="Free Speech Zone"
 38 
 AREA="Free Speech Zone"
38 
 LOCATION="Freedomville"
 39 
 LOCATION="Freedomville"
48 
     echo ''
 49 
     echo ''
49 
     echo '     --help                  Show help'
 50 
     echo '     --help                  Show help'
50 
     echo '  -u --username [name]       Username'
 51 
     echo '  -u --username [name]       Username'
52 
+    echo '  -p --password [text]       Client certificate install password'
51 
     echo ''
 53 
     echo ''
52 
     exit 0
 54 
     exit 0
53 
 }
 55 
 }
64 
     shift
 66 
     shift
65 
     USERNAME="$1"
 67 
     USERNAME="$1"
66 
     ;;
 68 
     ;;
69 
+    -p|--password)
70 
+    shift
71 
+    CLIENT_CERT_PASSWORD="$1"
72 
+    ;;
67 
     *)
 73 
     *)
68 
     # unknown option
 74 
     # unknown option
69 
     ;;
 75 
     ;;
131 
 cp /etc/ssl/certs/dovecot-ca.crt /home/$USERNAME/emailcert
 137 
 cp /etc/ssl/certs/dovecot-ca.crt /home/$USERNAME/emailcert
132 
 mv /etc/ssl/private/$USERNAME.key /home/$USERNAME/emailcert
 138 
 mv /etc/ssl/private/$USERNAME.key /home/$USERNAME/emailcert
133 
 mv /etc/ssl/certs/$USERNAME.crt /home/$USERNAME/emailcert
 139 
 mv /etc/ssl/certs/$USERNAME.crt /home/$USERNAME/emailcert
134 
-openssl pkcs12 -export -in /home/$USERNAME/emailcert/$USERNAME.cer -out /home/$USERNAME/emailcert/$USERNAME.p12 -inkey /home/$USERNAME/emailcert/$USERNAME.key -certfile /home/$USERNAME/emailcert/dovecot-ca.crt
140 
+openssl pkcs12 -export -in /home/$USERNAME/emailcert/$USERNAME.cer -out /home/$USERNAME/emailcert/$USERNAME.p12 -inkey /home/$USERNAME/emailcert/$USERNAME.key -certfile /home/$USERNAME/emailcert/dovecot-ca.crt -password "$CLIENT_CERT_PASSWORD"
135
141
136 
 # make an install script
 142 
 # make an install script
137 
 echo '#!/bin/bash' > /home/$USERNAME/emailcert/install.sh
 143 
 echo '#!/bin/bash' > /home/$USERNAME/emailcert/install.sh