From 6bf60708cbb85903657b9c0e04857538e35b448a Mon Sep 17 00:00:00 2001
From: Retro_Guy <retro.guy@rocksolidbbs.com>
Date: Sun, 11 Dec 2022 21:51:56 +0000
Subject: [PATCH] Move ssl dir out of spool and write public key to file.

---
 Rocksolid_Light/rocksolid/config.inc.php      |  1 +
 Rocksolid_Light/rslight/scripts/cron.php      | 13 ++++---
 Rocksolid_Light/rslight/scripts/nntp-ssl.php  | 37 +++----------------
 .../rslight/scripts/rslight-lib.php           | 31 ++++++++++++++++
 4 files changed, 45 insertions(+), 37 deletions(-)

diff --git a/Rocksolid_Light/rocksolid/config.inc.php b/Rocksolid_Light/rocksolid/config.inc.php
index de4ef02..a0d3d1f 100644
--- a/Rocksolid_Light/rocksolid/config.inc.php
+++ b/Rocksolid_Light/rocksolid/config.inc.php
@@ -29,6 +29,7 @@ $CONFIG = include($config_file);
 
 $logdir=$spooldir.'/log';
 $lockdir=$spooldir.'/lock';
+$ssldir=$config_dir.'/ssl';
 
 if(!file_exists($config_dir.'/debug')) {
   ini_set('error_reporting', E_ERROR );
diff --git a/Rocksolid_Light/rslight/scripts/cron.php b/Rocksolid_Light/rslight/scripts/cron.php
index 0cb36e4..8de526a 100755
--- a/Rocksolid_Light/rslight/scripts/cron.php
+++ b/Rocksolid_Light/rslight/scripts/cron.php
@@ -34,20 +34,23 @@
   exec($CONFIG['php_exec']." ".$config_dir."/scripts/count_users.php");
   echo "Updated user count\n";
 
+  $uinfo=posix_getpwnam($CONFIG['webserver_user']);
   $cwd = getcwd();
   $webtmp = preg_replace('/spoolnews/','tmp',$cwd);
   @mkdir($webtmp,0755,'recursive');
-  @chown($webtmp, $CONFIG['webserver_user']);
-  @chgrp($webtmp, $CONFIG['webserver_user']);
+  @chown($webtmp, $uinfo["uid"]);
+  @chgrp($webtmp, $uinfo["gid"]);
+  @mkdir($ssldir,0755);
+  @chown($ssldir, $uinfo["uid"]);
+  @chgrp($ssldir, $uinfo["gid"]);
 
 # Fix this. It shouldn't be necessary
   $overview = $spooldir.'/articles-overview.db3';
   touch($overview);
-  @chown($overview, $CONFIG['webserver_user']);
-  @chgrp($overview, $CONFIG['webserver_user']);
+  @chown($overview, $uinfo["uid"]);
+  @chgrp($overview, $uinfo["gid"]);
 
 /* Change to non root user */
-  $uinfo=posix_getpwnam($CONFIG['webserver_user']);
   change_identity($uinfo["uid"],$uinfo["gid"]);
 /* Everything below runs as $CONFIG['webserver_user'] */
 
diff --git a/Rocksolid_Light/rslight/scripts/nntp-ssl.php b/Rocksolid_Light/rslight/scripts/nntp-ssl.php
index e30b2e0..4cda3f7 100755
--- a/Rocksolid_Light/rslight/scripts/nntp-ssl.php
+++ b/Rocksolid_Light/rslight/scripts/nntp-ssl.php
@@ -57,7 +57,7 @@
     {
         GLOBAL $__server_listening;
         GLOBAL 
-$CONFIG,$logdir,$lockdir,$webserver_uid,$webserver_gid,$installed_path,
+$CONFIG,$logdir,$lockdir,$ssldir,$webserver_uid,$webserver_gid,$installed_path,
 $config_path,$groupconfig,$workpath,$path,$spooldir,$nntp_group,$auth_ok;
 	$logfile=$logdir.'/nntp.log';
 	$lockfile = $lockdir . '/rslight-nntp-ssl.lock';
@@ -73,9 +73,10 @@ $config_path,$groupconfig,$workpath,$path,$spooldir,$nntp_group,$auth_ok;
 	$auth_ok = 0;
 	$user = "";
 	$pass = "";
-	$pemfile = $spooldir.'/server.pem';
-	if(!is_file($pemfile)) {
-	  create_certificate($pemfile);
+	$pemfile = $ssldir.'/server.pem';
+	$pubkeyfile = $ssldir.'/pubkey.pem';
+	if((!is_file($pemfile)) || (!is_file($pubkeyfile))) {
+	    create_certificate($pemfile, $pubkeyfile);
 	}	
 	$context = stream_context_create();
 	stream_context_set_option($context, 'ssl', 'local_cert', $pemfile);
@@ -159,32 +160,4 @@ $config_path,$groupconfig,$workpath,$path,$spooldir,$nntp_group,$auth_ok;
             fclose($csock);
         }
     }
-
-function create_certificate($pemfile) {
-global $CONFIG;
-$certificateData = array(
-    "countryName" => "US",
-    "stateOrProvinceName" => "New York",
-    "localityName" => "New York City",
-    "organizationName" => "Rocksolid",
-    "organizationalUnitName" => "Rocksolid Light",
-    "commonName" => $CONFIG['organization'],
-    "emailAddress" => "rocksolid@example.com"
-);
- 
-// Generate certificate
-$privateKey = openssl_pkey_new();
-$certificate = openssl_csr_new($certificateData, $privateKey);
-$certificate = openssl_csr_sign($certificate, null, $privateKey, 365);
-
-// Generate PEM file
-$pem_passphrase = null; // empty for no passphrase
-$pem = array();
-openssl_x509_export($certificate, $pem[0]);
-openssl_pkey_export($privateKey, $pem[1], $pem_passphrase);
-$pem = implode($pem);
-
-// Save PEM file
-file_put_contents($pemfile, $pem);
-}
 ?>
diff --git a/Rocksolid_Light/rslight/scripts/rslight-lib.php b/Rocksolid_Light/rslight/scripts/rslight-lib.php
index 8addf47..06ebf3d 100755
--- a/Rocksolid_Light/rslight/scripts/rslight-lib.php
+++ b/Rocksolid_Light/rslight/scripts/rslight-lib.php
@@ -1211,4 +1211,35 @@ function get_article_list($thisgroup) {
   $dbh = null;
   return(array_unique($ok_article));
 }
+
+function create_certificate($pemfile, $pubkeyfile) {
+    global $CONFIG;
+    $certificateData = array(
+        "countryName" => "US",
+        "stateOrProvinceName" => "New York",
+        "localityName" => "New York City",
+        "organizationName" => "Rocksolid",
+        "organizationalUnitName" => "Rocksolid Light",
+        "commonName" => $CONFIG['organization'],
+        "emailAddress" => "rocksolid@example.com"
+    );
+    
+    // Generate certificate
+    $privateKey = openssl_pkey_new();
+    $certificate = openssl_csr_new($certificateData, $privateKey);
+    $certificate = openssl_csr_sign($certificate, null, $privateKey, 365);
+    
+    // Generate PEM file
+    $pem_passphrase = null; // empty for no passphrase
+    $pem = array();
+    openssl_x509_export($certificate, $pem[0]);
+    openssl_pkey_export($privateKey, $pem[1], $pem_passphrase);
+    $pem = implode($pem);
+    
+    $pubkey=openssl_pkey_get_details($privateKey);
+    
+    // Save PEM file
+    file_put_contents($pemfile, $pem);
+    file_put_contents($pubkeyfile, $pubkey['key']);
+}
 ?>