free
/
freedombone
Observar 1
Favorito 0
Fork 0
Código Issues 0 Pull Requests 0 Versões 0 Wiki Atividade
Ver código fonte

Beginning of imap client certs

Bob Mottram 9 anos atrás
pai
43c64a3fba
commit
d971f4f75f
2 arquivos alterados com 25 adições e 1 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 19
    0
      src/freedombone
  2. 6
    1
      src/freedombone-addcert

+ 19
- 0
src/freedombone Ver arquivo 

@@ -5653,6 +5653,25 @@ function configure_imap {
5653 5653 
   sed -i 's/#disable_plaintext_auth =.*/disable_plaintext_auth = no/g' /etc/dovecot/conf.d/10-auth.conf
5654 5654 
   sed -i 's/auth_mechanisms =.*/auth_mechanisms = plain login/g' /etc/dovecot/conf.d/10-auth.conf
5655 5655 
   sed -i 's|mail_location =.*|mail_location = maildir:~/Maildir:LAYOUT=fs|g' /etc/dovecot/conf.d/10-mail.conf
5656 
+
5657 
+  # enable login via client certs
5658 
+  # http://strange.systems/certificate-based-auth-with-dovecot-sendmail/
5659 
+  #sed -i 's|#auth_ssl_require_client_cert =.*|auth_ssl_require_client_cert = yes|g' /etc/dovecot/conf.d/10-auth.conf
5660 
+  #sed -i 's|#auth_ssl_username_from_cert =.*|auth_ssl_username_from_cert = yes|g' /etc/dovecot/conf.d/10-auth.conf
5661 
+  #sed -i 's|#ssl_ca =.*|ssl_ca = /etc/ssl/certs/dovecot-ca.pem|g' /etc/dovecot/conf.d/10-ssl.conf
5662 
+  #sed -i 's|#ssl_cert_username_field =.*|ssl_cert_username_field = commonName|g' /etc/dovecot/conf.d/10-ssl.conf
5663 
+  #if ! grep -q "passdb {" /etc/dovecot/conf.d/10-auth.conf; then
5664 
+	#echo '' >> /etc/dovecot/conf.d/10-auth.conf
5665 
+    #echo 'passdb {' >> /etc/dovecot/conf.d/10-auth.conf
5666 
+    #echo '  driver = passwd-file' >> /etc/dovecot/conf.d/10-auth.conf
5667 
+    #echo '  args = /etc/dovecot/passwd-file' >> /etc/dovecot/conf.d/10-auth.conf
5668 
+    #echo '  deny = no' >> /etc/dovecot/conf.d/10-auth.conf
5669 
+    #echo '  master = no' >> /etc/dovecot/conf.d/10-auth.conf
5670 
+    #echo '  pass = no' >> /etc/dovecot/conf.d/10-auth.conf
5671 
+    #echo '}' >> /etc/dovecot/conf.d/10-auth.conf
5672 
+  #fi
5673 
+  #echo "$MY_USERNAME:{plain}::::::nopassword" > /etc/dovecot/passwd-file
5674 
+  #freedombone-addcert -h dovecot-ca --ca
5656 5675 
   service dovecot restart
5657 5676 
   echo 'configure_imap' >> $COMPLETION_FILE
5658 5677 
 }

+ 6
- 1
src/freedombone-addcert Ver arquivo 

@@ -34,6 +34,7 @@ AREA="Free Speech Zone"
34 34 
 LOCATION="Freedomville"
35 35 
 ORGANISATION="Freedombone"
36 36 
 UNIT="Freedombone Unit"
37 
+EXTENSIONS=""
37 38
38 39 
 function show_help {
39 40 
     echo ''
 
@@ -49,6 +50,7 @@ function show_help {
49 50 
     echo '  -l --location [locn]       Optional location name'
50 51 
     echo '  -o --organisation [name]   Optional organisation name'
51 52 
     echo '  -u --unit [name]           Optional unit name'
53 
+    echo '     --ca                    Certificate authority cert'
52 54 
     echo ''
53 55 
     exit 0
54 56 
 }
 
@@ -85,6 +87,9 @@ case $key in
85 87 
     shift
86 88 
     UNIT="$1"
87 89 
     ;;
90 
+    --ca)
91 
+    EXTENSIONS="-extensions v3_ca"
92 
+    ;;
88 93 
     *)
89 94 
     # unknown option
90 95 
     ;;
 
@@ -102,7 +107,7 @@ if ! which openssl > /dev/null ;then
102 107 
     exit 5689
103 108 
 fi
104 109
105 
-openssl req -x509 -nodes -days 3650 -sha256 -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" -newkey rsa:4096 -keyout /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/certs/$HOSTNAME.crt
110 
+openssl req -x509 $EXTENSIONS -nodes -days 3650 -sha256 -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" -newkey rsa:4096 -keyout /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/certs/$HOSTNAME.crt
106 111 
 openssl dhparam -check -text -5 1024 -out /etc/ssl/certs/$HOSTNAME.dhparam
107 112 
 chmod 400 /etc/ssl/private/$HOSTNAME.key
108 113 
 chmod 640 /etc/ssl/certs/$HOSTNAME.crt