freeipa/install/tools/ipa-httpd-pwdreader

#!/bin/bash
# This program is a handler written for Apache mod_ssl's SSLPassPhraseDialog.
#
# If you'd like to write your custom binary providing passwords to mod_ssl,
# see the documentation of the aforementioned directive of the mod_ssl module.

USAGE="./ipa-pwdreader host:port RSA|DSA|ECC|number"
ERR_UNKNOWN_KEY="\
ERROR: You seem to be running a non-standard IPA installation.
Please extend the /var/libexec/ipa/ipa-pwdreader script to cover your case."

if [ ! "$#" -eq 2 ]; then
    echo "Wrong number of arguments!" 1>&2
    echo "$USAGE" 1>&2
    exit 1
fi


case "$1" in
    "${HOSTNAME}:443" )
        # Read IPA password
        # IPA expects the password filename format to be
        # <hostname>-<port>-<ecryption_algorithm>
        IPA_PASSWD_PATH="/var/lib/ipa/passwds/${1/:/-}-$2"
        cat $IPA_PASSWD_PATH
        ;;
# ================
# Extend for more virtual hosts with
#    <vhostname>:<vhost_port> )
#        your_code
#        ;;
# ================
    *)
        echo "$ERR_UNKNOWN_KEY" 1>&2
        exit 1
esac
Encrypt httpd key stored on disk This commit adds configuration for HTTPD to encrypt/decrypt its key which we currently store in clear on the disc. A password-reading script is added for mod_ssl. This script is extensible for the future use of directory server with the expectation that key encryption/decription will be handled similarly by its configuration. https://pagure.io/freeipa/issue/7421 Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com> 2018-02-26 03:15:05 -06:00			`#!/bin/bash`
			`# This program is a handler written for Apache mod_ssl's SSLPassPhraseDialog.`
			`#`
			`# If you'd like to write your custom binary providing passwords to mod_ssl,`
			`# see the documentation of the aforementioned directive of the mod_ssl module.`

			`USAGE="./ipa-pwdreader host:port RSA\|DSA\|ECC\|number"`
			`ERR_UNKNOWN_KEY="\`
			`ERROR: You seem to be running a non-standard IPA installation.`
			`Please extend the /var/libexec/ipa/ipa-pwdreader script to cover your case."`

			`if [ ! "$#" -eq 2 ]; then`
			`echo "Wrong number of arguments!" 1>&2`
			`echo "$USAGE" 1>&2`
			`exit 1`
			`fi`


			`case "$1" in`
			`"${HOSTNAME}:443" )`
			`# Read IPA password`
			`# IPA expects the password filename format to be`
			`# <hostname>-<port>-<ecryption_algorithm>`
			`IPA_PASSWD_PATH="/var/lib/ipa/passwds/${1/:/-}-$2"`
			`cat $IPA_PASSWD_PATH`
			`;;`
			`# ================`
			`# Extend for more virtual hosts with`
			`# <vhostname>:<vhost_port> )`
			`# your_code`
			`# ;;`
			`# ================`
			`*)`
			`echo "$ERR_UNKNOWN_KEY" 1>&2`
			`exit 1`
			`esac`