freeipa.git/install/tools/ipa-httpd-pwdreader, branch fix_ber_scanf FreeIPA patches Try to resolve the name passed into the password reader to a file 2018-09-19T15:42:49+00:00 Rob Crittenden rcritten@redhat.com 2018-09-19T12:35:57+00:00 e3820682c797c8dca86767dc347290f54f872a7c Rather than comparing the value passed in by Apache to a hostname value just see if there is a file of that name in /var/lib/ipa/passwds. Use realpath to see if path information was passed in as one of the options so that someone can't try to return random files from the filesystem. https://pagure.io/freeipa/issue/7528 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 
Rather than comparing the value passed in by Apache to a
hostname value just see if there is a file of that name in
/var/lib/ipa/passwds.

Use realpath to see if path information was passed in as one of
the options so that someone can't try to return random files from
the filesystem.

https://pagure.io/freeipa/issue/7528

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Encrypt httpd key stored on disk 2018-03-23T11:48:46+00:00 Stanislav Laznicka slaznick@redhat.com 2018-02-26T09:15:05+00:00 7cbd9bd429c97d335471b1c739f6d6d63c83c35d This commit adds configuration for HTTPD to encrypt/decrypt its key which we currently store in clear on the disc. A password-reading script is added for mod_ssl. This script is extensible for the future use of directory server with the expectation that key encryption/decription will be handled similarly by its configuration. https://pagure.io/freeipa/issue/7421 Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com> 
This commit adds configuration for HTTPD to encrypt/decrypt its
key which we currently store in clear on the disc.

A password-reading script is added for mod_ssl. This script is
extensible for the future use of directory server with the
expectation that key encryption/decription will be handled
similarly by its configuration.

https://pagure.io/freeipa/issue/7421

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>