From b564a1a3a3b8c9363004b2f0f6bc4fe761d4a2d8 Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Sun, 25 May 2008 18:27:04 +0200 Subject: [PATCH] Use SSL/TLS when configured to do so. --- Util.pm | 14 ++++++++++++++ debian/changelog | 4 +++- debian/control | 2 +- login.cgi | 1 + machines.cgi | 1 + search.cgi | 1 + update.cgi | 1 + 7 files changed, 22 insertions(+), 2 deletions(-) diff --git a/Util.pm b/Util.pm index 1688dc4..2b5b266 100644 --- a/Util.pm +++ b/Util.pm @@ -3,6 +3,7 @@ package Util; use strict; use Date::Manip qw(ParseDate); +use Net::LDAP qw(:all); my $blocksize = 8; # A blowfish block is 8 bytes my $configfile = "/etc/userdir-ldap/userdir-ldap.conf"; @@ -339,4 +340,17 @@ sub ReadConfigFile { return %config; } +sub UpgradeConnection($) { + my ($ldap) = @_; + my $mesg = $ldap->start_tls( + verify => 'require', + capath => '/etc/ssl/certs/' + ); + $mesg->sync; + if ($mesg->code != LDAP_SUCCESS) { + print "Content-type: text/html; charset=utf-8\n\n"; + print "

STARTTLS failed: "..$mesg->error."

\n"; + exit(1); + }; +}; 1; diff --git a/debian/changelog b/debian/changelog index 6026a60..e3a1006 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,8 +3,10 @@ userdir-ldap-cgi (0.3.10) unstable; urgency=low * Make machines.cgi display the purpose attribute from LDAP [HE]. * Add VoIP field to CGI [zobel]. * make summaryattrs sortable [zobel]. + * Use SSL/TLS when configured to do so, and Depend on libio-socket-ssl-perl + for that. - -- Peter Palfrader Sun, 25 May 2008 18:05:06 +0200 + -- Peter Palfrader Sun, 25 May 2008 18:21:45 +0200 userdir-ldap-cgi (0.3.9) unstable; urgency=low diff --git a/debian/control b/debian/control index 89c07b7..146eb1c 100644 --- a/debian/control +++ b/debian/control @@ -8,7 +8,7 @@ Uploaders: Ryan Murray , Joey Schulze Package: userdir-ldap-cgi Architecture: all -Depends: userdir-ldap, perl5, libnet-ldap-perl, libcrypt-blowfish-perl, gnupg (>= 1.0.3), libdate-manip-perl, liburi-perl +Depends: userdir-ldap, perl5, libnet-ldap-perl, libcrypt-blowfish-perl, gnupg (>= 1.0.3), libdate-manip-perl, liburi-perl, libio-socket-ssl-perl Replaces: userdir-ldap Description: CGI programs for the db.debian.org These programs are run on http://db.debian.org/ to simplify the diff --git a/login.cgi b/login.cgi index 6a32547..cfe7380 100755 --- a/login.cgi +++ b/login.cgi @@ -28,6 +28,7 @@ my $hrkey = unpack("H".($config{blowfishkeylen}*2), $key); my $cipher = new Crypt::Blowfish $key; my $ldap = Net::LDAP->new($config{ldaphost}) || &Util::HTMLError($!); +&Util::UpgradeConnection($ldap) unless $config{usessl} eq 'False'; my $username = $query->param('username'); my $password = $query->param('password'); diff --git a/machines.cgi b/machines.cgi index 166c2ca..de5191e 100755 --- a/machines.cgi +++ b/machines.cgi @@ -92,6 +92,7 @@ my $sortorder = lc($query->param('sortorder')) || "asc"; &Util::HTMLSendHeader; $ldap = Net::LDAP->new($config{ldaphost}) || &Util::HTMLError($!); +&Util::UpgradeConnection($ldap) unless $config{usessl} eq 'False'; $mesg; $ldap->bind; diff --git a/search.cgi b/search.cgi index 96d8135..9cb62b3 100755 --- a/search.cgi +++ b/search.cgi @@ -84,6 +84,7 @@ if (!$dosearch) { # Now, we are ready to connect to the LDAP server. $ldap = Net::LDAP->new($config{ldaphost}) || &Util::HTMLError($!); + &Util::UpgradeConnection($ldap) unless $config{usessl} eq 'False'; my $auth = 0; my $mesg; diff --git a/update.cgi b/update.cgi index e1f7c96..676d2d7 100755 --- a/update.cgi +++ b/update.cgi @@ -36,6 +36,7 @@ sub DieHandler { $SIG{__DIE__} = \&DieHandler; $ldap = Net::LDAP->new($config{ldaphost}); +&Util::UpgradeConnection($ldap) unless $config{usessl} eq 'False'; my $auth = 0; my $mesg; $mesg = $ldap->bind($editdn, password => $password); -- 2.20.1