diff options
Diffstat (limited to 'base')
| -rw-r--r-- | base/ra/apache/conf/httpd.conf | 2 | ||||
| -rw-r--r-- | base/ra/shared/conf/CS.cfg.in | 4 | ||||
| -rw-r--r-- | base/server/scripts/operations | 22 | ||||
| -rwxr-xr-x | base/setup/pkicreate | 9 | ||||
| -rw-r--r-- | base/setup/scripts/functions | 22 | ||||
| -rwxr-xr-x | base/tps/apache/cgi-bin/demo/index.cgi | 4 | ||||
| -rwxr-xr-x | base/tps/apache/cgi-bin/home/index.cgi | 6 | ||||
| -rwxr-xr-x | base/tps/apache/cgi-bin/so/index.cgi | 6 | ||||
| -rw-r--r-- | base/tps/apache/conf/httpd.conf | 2 | ||||
| -rw-r--r-- | base/tps/shared/conf/CS.cfg.in | 16 |
10 files changed, 46 insertions, 47 deletions
diff --git a/base/ra/apache/conf/httpd.conf b/base/ra/apache/conf/httpd.conf index 754dcebee..656134637 100644 --- a/base/ra/apache/conf/httpd.conf +++ b/base/ra/apache/conf/httpd.conf @@ -222,7 +222,7 @@ MaxRequestsPerChild 0 # #Listen 12.34.56.78:80 -Listen [PORT] +Listen [PKI_UNSECURE_PORT] # # Dynamic Shared Object (DSO) Support diff --git a/base/ra/shared/conf/CS.cfg.in b/base/ra/shared/conf/CS.cfg.in index 12c471b7d..17c339eed 100644 --- a/base/ra/shared/conf/CS.cfg.in +++ b/base/ra/shared/conf/CS.cfg.in @@ -7,7 +7,7 @@ pkicreate.pki_instance_name=[PKI_INSTANCE_ID] pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE] pkicreate.secure_port=[PKI_SECURE_PORT] pkicreate.non_clientauth_secure_port=[NON_CLIENTAUTH_SECURE_PORT] -pkicreate.unsecure_port=[PORT] +pkicreate.unsecure_port=[PKI_UNSECURE_PORT] pkicreate.user=[PKI_USER] pkicreate.group=[PKI_GROUP] pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] @@ -100,7 +100,7 @@ service.machineName=[SERVER_NAME] service.instanceDir=[SERVER_ROOT] service.securePort=[PKI_SECURE_PORT] service.non_clientauth_securePort=[NON_CLIENTAUTH_SECURE_PORT] -service.unsecurePort=[PORT] +service.unsecurePort=[PKI_UNSECURE_PORT] service.instanceID=[PKI_INSTANCE_ID] logging._000=######################################### logging._001=# RA configuration File diff --git a/base/server/scripts/operations b/base/server/scripts/operations index 616c28dd6..c7bbc0a5f 100644 --- a/base/server/scripts/operations +++ b/base/server/scripts/operations @@ -432,7 +432,7 @@ get_pki_status_definitions_ra() { # establish well-known strings total_ports=0 - UNSECURE_PORT="" + PKI_UNSECURE_PORT="" CLIENTAUTH_PORT="" NON_CLIENTAUTH_PORT="" @@ -450,11 +450,11 @@ get_pki_status_definitions_ra() # Iterate over Listen statements for port in `sed -n 's/^[ \t]*Listen[ \t][ \t]*\([^ \t][^ \t]*\)/\1/p' ${PKI_HTTPD_CONF}`; do - UNSECURE_PORT=$port + PKI_UNSECURE_PORT=$port if [ $total_ports -eq 0 ]; then - echo " Unsecure Port = http://${PKI_SERVER_NAME}:${UNSECURE_PORT}" + echo " Unsecure Port = http://${PKI_SERVER_NAME}:${PKI_UNSECURE_PORT}" else - echo "ERROR: extra Unsecure Port = http://${PKI_SERVER_NAME}:${UNSECURE_PORT}" + echo "ERROR: extra Unsecure Port = http://${PKI_SERVER_NAME}:${PKI_UNSECURE_PORT}" fi total_ports=`expr ${total_ports} + 1` @@ -462,7 +462,7 @@ get_pki_status_definitions_ra() # Iterate over Listen statements for port in `sed -n 's/^[ \t]*Listen[ \t][ \t]*\([^ \t][^ \t]*\)/\1/p' ${PKI_NSS_CONF}`; do - UNSECURE_PORT=$port + PKI_UNSECURE_PORT=$port if [ $total_ports -eq 1 ]; then CLIENTAUTH_PORT=$port echo " Secure Clientauth Port = https://${PKI_SERVER_NAME}:${CLIENTAUTH_PORT}" @@ -482,7 +482,7 @@ get_pki_status_definitions_tps() { # establish well-known strings total_ports=0 - UNSECURE_PORT="" + PKI_UNSECURE_PORT="" CLIENTAUTH_PORT="" NON_CLIENTAUTH_PORT="" @@ -500,14 +500,14 @@ get_pki_status_definitions_tps() # Iterate over Listen statements for port in `sed -n 's/^[ \t]*Listen[ \t][ \t]*\([^ \t][^ \t]*\)/\1/p' ${PKI_HTTPD_CONF}`; do - UNSECURE_PORT=$port + PKI_UNSECURE_PORT=$port if [ $total_ports -eq 0 ]; then - echo " Unsecure Port = http://${PKI_SERVER_NAME}:${UNSECURE_PORT}/cgi-bin/so/enroll.cgi" + echo " Unsecure Port = http://${PKI_SERVER_NAME}:${PKI_UNSECURE_PORT}/cgi-bin/so/enroll.cgi" echo " (ESC Security Officer Enrollment)" - echo " Unsecure Port = http://${PKI_SERVER_NAME}:${UNSECURE_PORT}/cgi-bin/home/index.cgi" + echo " Unsecure Port = http://${PKI_SERVER_NAME}:${PKI_UNSECURE_PORT}/cgi-bin/home/index.cgi" echo " (ESC Phone Home)" else - echo "ERROR: extra Unsecure Port = http://${PKI_SERVER_NAME}:${UNSECURE_PORT}" + echo "ERROR: extra Unsecure Port = http://${PKI_SERVER_NAME}:${PKI_UNSECURE_PORT}" fi total_ports=`expr ${total_ports} + 1` @@ -515,7 +515,7 @@ get_pki_status_definitions_tps() # Iterate over Listen statements for port in `sed -n 's/^[ \t]*Listen[ \t][ \t]*\([^ \t][^ \t]*\)/\1/p' ${PKI_NSS_CONF}`; do - UNSECURE_PORT=$port + PKI_UNSECURE_PORT=$port if [ $total_ports -eq 1 ]; then CLIENTAUTH_PORT=$port echo " Secure Clientauth Port = https://${PKI_SERVER_NAME}:${CLIENTAUTH_PORT}/cgi-bin/sow/welcome.cgi" diff --git a/base/setup/pkicreate b/base/setup/pkicreate index 590db12db..9dffb8d98 100755 --- a/base/setup/pkicreate +++ b/base/setup/pkicreate @@ -265,7 +265,6 @@ my $HTTPD_CONF = "HTTPD_CONF"; my $LIB_PREFIX = "LIB_PREFIX"; my $NSS_CONF = "NSS_CONF"; my $OBJ_EXT = "OBJ_EXT"; -my $PORT = "PORT"; my $PROCESS_ID = "PROCESS_ID"; my $NON_CLIENTAUTH_SECURE_PORT = "NON_CLIENTAUTH_SECURE_PORT"; my $SECURITY_LIBRARIES = "SECURITY_LIBRARIES"; @@ -289,6 +288,7 @@ my $PKI_LOCKDIR = "PKI_LOCKDIR"; my $PKI_INSTANCE_ID_SLOT = "PKI_INSTANCE_ID"; my $PKI_REGISTRY_FILE_SLOT = "PKI_REGISTRY_FILE"; my $PKI_SECURE_PORT_SLOT = "PKI_SECURE_PORT"; +my $PKI_UNSECURE_PORT_SLOT = "PKI_UNSECURE_PORT"; # Template slot constants (CA, KRA, OCSP, TKS) my $INSTALL_TIME = "INSTALL_TIME"; @@ -308,7 +308,6 @@ my $PKI_ADMIN_SECURE_PORT_SLOT = "PKI_ADMIN_SECURE_PORT"; my $PKI_SERVER_XML_CONF = "PKI_SERVER_XML_CONF"; my $PKI_SUBSYSTEM_DIR_SLOT = "PKI_SUBSYSTEM_DIR"; my $PKI_SUBSYSTEM_TYPE_SLOT = "PKI_SUBSYSTEM_TYPE"; -my $PKI_UNSECURE_PORT_SLOT = "PKI_UNSECURE_PORT"; my $PKI_USER_SLOT = "PKI_USER"; my $TOMCAT_SERVER_PORT_SLOT = "TOMCAT_SERVER_PORT"; my $TOMCAT_PIDFILE = "TOMCAT_PIDFILE"; @@ -2152,9 +2151,9 @@ sub process_pki_directories # # Example, if the src template contained this line: # -# Open port [PORT] on your firewall. +# Open port [PKI_UNSECURE_PORT] on your firewall. # -# And the substitutions hash was this {'PORT' => '1234'} +# And the substitutions hash was this {'PKI_UNSECURE_PORT' => '1234'} # # Then the dst file contents will look like this: # @@ -2271,7 +2270,7 @@ sub process_pki_templates $slot_hash{$LIB_PREFIX} = $lib_prefix; $slot_hash{$NSS_CONF} = $nss_conf_instance_file_path; $slot_hash{$OBJ_EXT} = $obj_ext; - $slot_hash{$PORT} = $unsecure_port; + $slot_hash{$PKI_UNSECURE_PORT_SLOT} = $unsecure_port; $slot_hash{$PROCESS_ID} = $$; $slot_hash{$PKI_SECURE_PORT_SLOT} = $secure_port; $slot_hash{$NON_CLIENTAUTH_SECURE_PORT} = $non_clientauth_secure_port; diff --git a/base/setup/scripts/functions b/base/setup/scripts/functions index 3f7f9553d..82988fc10 100644 --- a/base/setup/scripts/functions +++ b/base/setup/scripts/functions @@ -329,7 +329,7 @@ get_pki_status_definitions_ra() { # establish well-known strings total_ports=0 - UNSECURE_PORT="" + PKI_UNSECURE_PORT="" CLIENTAUTH_PORT="" NON_CLIENTAUTH_PORT="" @@ -347,11 +347,11 @@ get_pki_status_definitions_ra() # Iterate over Listen statements for port in `sed -n 's/^[ \t]*Listen[ \t][ \t]*\([^ \t][^ \t]*\)/\1/p' ${PKI_HTTPD_CONF}`; do - UNSECURE_PORT=$port + PKI_UNSECURE_PORT=$port if [ $total_ports -eq 0 ]; then - echo " Unsecure Port = http://${PKI_SERVER_NAME}:${UNSECURE_PORT}" + echo " Unsecure Port = http://${PKI_SERVER_NAME}:${PKI_UNSECURE_PORT}" else - echo "ERROR: extra Unsecure Port = http://${PKI_SERVER_NAME}:${UNSECURE_PORT}" + echo "ERROR: extra Unsecure Port = http://${PKI_SERVER_NAME}:${PKI_UNSECURE_PORT}" fi total_ports=`expr ${total_ports} + 1` @@ -359,7 +359,7 @@ get_pki_status_definitions_ra() # Iterate over Listen statements for port in `sed -n 's/^[ \t]*Listen[ \t][ \t]*\([^ \t][^ \t]*\)/\1/p' ${PKI_NSS_CONF}`; do - UNSECURE_PORT=$port + PKI_UNSECURE_PORT=$port if [ $total_ports -eq 1 ]; then CLIENTAUTH_PORT=$port echo " Secure Clientauth Port = https://${PKI_SERVER_NAME}:${CLIENTAUTH_PORT}" @@ -379,7 +379,7 @@ get_pki_status_definitions_tps() { # establish well-known strings total_ports=0 - UNSECURE_PORT="" + PKI_UNSECURE_PORT="" CLIENTAUTH_PORT="" NON_CLIENTAUTH_PORT="" @@ -397,14 +397,14 @@ get_pki_status_definitions_tps() # Iterate over Listen statements for port in `sed -n 's/^[ \t]*Listen[ \t][ \t]*\([^ \t][^ \t]*\)/\1/p' ${PKI_HTTPD_CONF}`; do - UNSECURE_PORT=$port + PKI_UNSECURE_PORT=$port if [ $total_ports -eq 0 ]; then - echo " Unsecure Port = http://${PKI_SERVER_NAME}:${UNSECURE_PORT}/cgi-bin/so/enroll.cgi" + echo " Unsecure Port = http://${PKI_SERVER_NAME}:${PKI_UNSECURE_PORT}/cgi-bin/so/enroll.cgi" echo " (ESC Security Officer Enrollment)" - echo " Unsecure Port = http://${PKI_SERVER_NAME}:${UNSECURE_PORT}/cgi-bin/home/index.cgi" + echo " Unsecure Port = http://${PKI_SERVER_NAME}:${PKI_UNSECURE_PORT}/cgi-bin/home/index.cgi" echo " (ESC Phone Home)" else - echo "ERROR: extra Unsecure Port = http://${PKI_SERVER_NAME}:${UNSECURE_PORT}" + echo "ERROR: extra Unsecure Port = http://${PKI_SERVER_NAME}:${PKI_UNSECURE_PORT}" fi total_ports=`expr ${total_ports} + 1` @@ -412,7 +412,7 @@ get_pki_status_definitions_tps() # Iterate over Listen statements for port in `sed -n 's/^[ \t]*Listen[ \t][ \t]*\([^ \t][^ \t]*\)/\1/p' ${PKI_NSS_CONF}`; do - UNSECURE_PORT=$port + PKI_UNSECURE_PORT=$port if [ $total_ports -eq 1 ]; then CLIENTAUTH_PORT=$port echo " Secure Clientauth Port = https://${PKI_SERVER_NAME}:${CLIENTAUTH_PORT}/cgi-bin/sow/welcome.cgi" diff --git a/base/tps/apache/cgi-bin/demo/index.cgi b/base/tps/apache/cgi-bin/demo/index.cgi index c9a1d21dd..17a0c24d6 100755 --- a/base/tps/apache/cgi-bin/demo/index.cgi +++ b/base/tps/apache/cgi-bin/demo/index.cgi @@ -31,10 +31,10 @@ print "Fedora Project"; # Vendor print "</IssuerName>\n"; print "<Services>"; print "<Operation>"; -print "http://[SERVER_NAME]:[PORT]/nk_service"; +print "http://[SERVER_NAME]:[PKI_UNSECURE_PORT]/nk_service"; print "</Operation>"; print "<UI>"; -print "http://[SERVER_NAME]:[PORT]/cgi-bin/demo/enroll.cgi"; +print "http://[SERVER_NAME]:[PKI_UNSECURE_PORT]/cgi-bin/demo/enroll.cgi"; print "</UI>"; print "<EnrolledTokenBrowserURL>"; print "</EnrolledTokenBrowserURL>"; diff --git a/base/tps/apache/cgi-bin/home/index.cgi b/base/tps/apache/cgi-bin/home/index.cgi index 1e54a8354..983a34095 100755 --- a/base/tps/apache/cgi-bin/home/index.cgi +++ b/base/tps/apache/cgi-bin/home/index.cgi @@ -31,10 +31,10 @@ print "Fedora Project"; # Vendor print "</IssuerName>\n"; print "<Services>"; print "<Operation>"; -print "http://[SERVER_NAME]:[PORT]/nk_service"; +print "http://[SERVER_NAME]:[PKI_UNSECURE_PORT]/nk_service"; print "</Operation>"; print "<UI>"; -print "http://[SERVER_NAME]:[PORT]/cgi-bin/home/enroll.cgi"; +print "http://[SERVER_NAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/enroll.cgi"; print "</UI>"; print "<EnrolledTokenBrowserURL>"; print "http://www.fedora.redhat.com"; # Company URL @@ -45,7 +45,7 @@ print "<TokenType>"; print "userKey"; print "</TokenType>"; #print "<CAChainUI>"; -#print "http://[SERVER_NAME]:[PORT]/cgi-bin/home/cachain.cgi"; +#print "http://[SERVER_NAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/cachain.cgi"; #print "</CAChainUI>"; print "</Services>"; print "</ServiceInfo>"; diff --git a/base/tps/apache/cgi-bin/so/index.cgi b/base/tps/apache/cgi-bin/so/index.cgi index 7b3f2c68d..5b8d8cb6c 100755 --- a/base/tps/apache/cgi-bin/so/index.cgi +++ b/base/tps/apache/cgi-bin/so/index.cgi @@ -31,15 +31,15 @@ print "Fedora Project"; # Vendor print "</IssuerName>\n"; print "<Services>"; print "<Operation>"; -print "http://[SERVER_NAME]:[PORT]/nk_service"; +print "http://[SERVER_NAME]:[PKI_UNSECURE_PORT]/nk_service"; print "</Operation>"; print "<UI>"; -print "http://[SERVER_NAME]:[PORT]/cgi-bin/so/enroll.cgi"; +print "http://[SERVER_NAME]:[PKI_UNSECURE_PORT]/cgi-bin/so/enroll.cgi"; print "</UI>"; print "<EnrolledTokenBrowserURL>"; print "</EnrolledTokenBrowserURL>"; print "<EnrolledTokenURL>"; -print "http://[SERVER_NAME]:[PORT]/cgi-bin/sow/welcome.cgi"; +print "http://[SERVER_NAME]:[PKI_UNSECURE_PORT]/cgi-bin/sow/welcome.cgi"; print "</EnrolledTokenURL>"; print "<TokenType>"; print "soKey"; diff --git a/base/tps/apache/conf/httpd.conf b/base/tps/apache/conf/httpd.conf index bf5864174..22778b0e1 100644 --- a/base/tps/apache/conf/httpd.conf +++ b/base/tps/apache/conf/httpd.conf @@ -222,7 +222,7 @@ MaxRequestsPerChild 0 # #Listen 12.34.56.78:80 -Listen [PORT] +Listen [PKI_UNSECURE_PORT] # # Dynamic Shared Object (DSO) Support diff --git a/base/tps/shared/conf/CS.cfg.in b/base/tps/shared/conf/CS.cfg.in index 3ed389138..40e4eb8cf 100644 --- a/base/tps/shared/conf/CS.cfg.in +++ b/base/tps/shared/conf/CS.cfg.in @@ -7,7 +7,7 @@ pkicreate.pki_instance_name=[PKI_INSTANCE_ID] pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE] pkicreate.secure_port=[PKI_SECURE_PORT] pkicreate.non_clientauth_secure_port=[NON_CLIENTAUTH_SECURE_PORT] -pkicreate.unsecure_port=[PORT] +pkicreate.unsecure_port=[PKI_UNSECURE_PORT] pkicreate.user=[PKI_USER] pkicreate.group=[PKI_GROUP] pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] @@ -36,7 +36,7 @@ service.machineName=[SERVER_NAME] service.instanceDir=[SERVER_ROOT] service.securePort=[PKI_SECURE_PORT] service.non_clientauth_securePort=[NON_CLIENTAUTH_SECURE_PORT] -service.unsecurePort=[PORT] +service.unsecurePort=[PKI_UNSECURE_PORT] service.instanceID=[PKI_INSTANCE_ID] logging._000=######################################### logging._001=# RA configuration File @@ -792,7 +792,7 @@ op.enroll.userKey.tks.conn=tks1 op.enroll.userKey.auth.id=ldap1 op.enroll.userKey.auth.enable=true op.enroll.userKey.issuerinfo.enable=true -op.enroll.userKey.issuerinfo.value=http://[SERVER_NAME]:[PORT]/cgi-bin/home/index.cgi +op.enroll.userKey.issuerinfo.value=http://[SERVER_NAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.num=2 op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.value.0=signing op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.value.1=encryption @@ -1111,7 +1111,7 @@ op.enroll.soKey.tks.conn=tks1 op.enroll.soKey.auth.id=ldap2 op.enroll.soKey.auth.enable=true op.enroll.soKey.issuerinfo.enable=true -op.enroll.soKey.issuerinfo.value=http://[SERVER_NAME]:[PORT]/cgi-bin/so/index.cgi +op.enroll.soKey.issuerinfo.value=http://[SERVER_NAME]:[PKI_UNSECURE_PORT]/cgi-bin/so/index.cgi op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.num=2 op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.value.0=signing op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.value.1=encryption @@ -1368,7 +1368,7 @@ op.format.soUserKey.tks.conn=tks1 op.format.soUserKey.auth.id=ldap1 op.format.soUserKey.auth.enable=false op.format.soUserKey.issuerinfo.enable=true -op.format.soUserKey.issuerinfo.value=http://[SERVER_NAME]:[PORT]/cgi-bin/home/index.cgi +op.format.soUserKey.issuerinfo.value=http://[SERVER_NAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi op.format.soKey.update.applet.emptyToken.enable=true op.format.soKey.update.applet.requiredVersion=1.4.4d40a449 op.format.soKey.update.applet.directory=[TPS_DIR]/applets @@ -1383,7 +1383,7 @@ op.format.soKey.tks.conn=tks1 op.format.soKey.auth.id=ldap2 op.format.soKey.auth.enable=true op.format.soKey.issuerinfo.enable=true -op.format.soKey.issuerinfo.value=http://[SERVER_NAME]:[PORT]/cgi-bin/so/index.cgi +op.format.soKey.issuerinfo.value=http://[SERVER_NAME]:[PKI_UNSECURE_PORT]/cgi-bin/so/index.cgi op.format.userKey.update.applet.emptyToken.enable=true op.format.userKey.update.applet.requiredVersion=1.4.4d40a449 op.format.userKey.update.applet.directory=[TPS_DIR]/applets @@ -1398,7 +1398,7 @@ op.format.userKey.tks.conn=tks1 op.format.userKey.auth.id=ldap1 op.format.userKey.auth.enable=true op.format.userKey.issuerinfo.enable=true -op.format.userKey.issuerinfo.value=http://[SERVER_NAME]:[PORT]/cgi-bin/home/index.cgi +op.format.userKey.issuerinfo.value=http://[SERVER_NAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi op.format.tokenKey.update.applet.emptyToken.enable=true op.format.tokenKey.update.applet.requiredVersion=1.4.4d40a449 op.format.tokenKey.update.applet.directory=[TPS_DIR]/applets @@ -1413,7 +1413,7 @@ op.format.tokenKey.tks.conn=tks1 op.format.tokenKey.auth.id=ldap1 op.format.tokenKey.auth.enable=true op.format.tokenKey.issuerinfo.enable=true -op.format.tokenKey.issuerinfo.value=http://[SERVER_NAME]:[PORT]/cgi-bin/home/index.cgi +op.format.tokenKey.issuerinfo.value=http://[SERVER_NAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi tokendb._000=######################################### tokendb._001=# tokendb.auditLog: tokendb._002=# - audit log path |