From 86bf6c766603a16fec15dd143dd1e05488711288 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@robotics.uk.to>
Date: Thu, 18 Jun 2015 08:25:05 +0100
Subject: [PATCH] Password

---
 src/freedombone            | 4 ++++
 src/freedombone-clientcert | 8 +++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/freedombone b/src/freedombone
index 488384519..9e73477d4 100755
--- a/src/freedombone
+++ b/src/freedombone
@@ -5647,6 +5647,7 @@ function configure_imap {
 
   sed -i 's/#process_limit =.*/process_limit = 5/g' /etc/dovecot/conf.d/10-master.conf
   sed -i 's/#default_client_limit.*/default_client_limit = 5/g' /etc/dovecot/conf.d/10-master.conf
+  sed -i 's|#default_process_limit =.*|default_process_limit = 100|g' /etc/dovecot/conf.d/10-master.conf
 
   sed -i 's/#auth_verbose.*/auth_verbose = yes/g' /etc/dovecot/conf.d/10-logging.conf
 
@@ -5664,10 +5665,13 @@ function configure_imap_client_certs {
       return
   fi
   # http://strange.systems/certificate-based-auth-with-dovecot-sendmail/
+  sed -i 's|#default_process_limit =.*|default_process_limit = 100|g' /etc/dovecot/conf.d/10-master.conf
+  sed -i 's/disable_plaintext_auth =.*/disable_plaintext_auth = yes/g' /etc/dovecot/conf.d/10-auth.conf
   sed -i 's|#auth_ssl_require_client_cert =.*|auth_ssl_require_client_cert = yes|g' /etc/dovecot/conf.d/10-auth.conf
   sed -i 's|#auth_ssl_username_from_cert =.*|auth_ssl_username_from_cert = yes|g' /etc/dovecot/conf.d/10-auth.conf
   sed -i 's|#ssl_ca =.*|ssl_ca = /etc/ssl/certs/dovecot-ca.crt|g' /etc/dovecot/conf.d/10-ssl.conf
   sed -i 's|#ssl_cert_username_field =.*|ssl_cert_username_field = commonName|g' /etc/dovecot/conf.d/10-ssl.conf
+  sed -i 's|#ssl_verify_client_cert =.*|ssl_verify_client_cert = yes|g' /etc/dovecot/conf.d/10-ssl.conf
   if ! grep -q "passdb {" /etc/dovecot/conf.d/10-auth.conf; then
     echo '' >> /etc/dovecot/conf.d/10-auth.conf
     echo 'passdb {' >> /etc/dovecot/conf.d/10-auth.conf
diff --git a/src/freedombone-clientcert b/src/freedombone-clientcert
index 65a14f45e..eedf81d3f 100755
--- a/src/freedombone-clientcert
+++ b/src/freedombone-clientcert
@@ -33,6 +33,7 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 
 USERNAME=
+CLIENT_CERT_PASSWORD=
 COUNTRY_CODE="US"
 AREA="Free Speech Zone"
 LOCATION="Freedomville"
@@ -48,6 +49,7 @@ function show_help {
     echo ''
     echo '     --help                  Show help'
     echo '  -u --username [name]       Username'
+    echo '  -p --password [text]       Client certificate install password'
     echo ''
     exit 0
 }
@@ -64,6 +66,10 @@ case $key in
     shift
     USERNAME="$1"
     ;;
+    -p|--password)
+    shift
+    CLIENT_CERT_PASSWORD="$1"
+    ;;
     *)
     # unknown option
     ;;
@@ -131,7 +137,7 @@ mv /etc/ssl/certs/$USERNAME.cer /home/$USERNAME/emailcert
 cp /etc/ssl/certs/dovecot-ca.crt /home/$USERNAME/emailcert
 mv /etc/ssl/private/$USERNAME.key /home/$USERNAME/emailcert
 mv /etc/ssl/certs/$USERNAME.crt /home/$USERNAME/emailcert
-openssl pkcs12 -export -in /home/$USERNAME/emailcert/$USERNAME.cer -out /home/$USERNAME/emailcert/$USERNAME.p12 -inkey /home/$USERNAME/emailcert/$USERNAME.key -certfile /home/$USERNAME/emailcert/dovecot-ca.crt
+openssl pkcs12 -export -in /home/$USERNAME/emailcert/$USERNAME.cer -out /home/$USERNAME/emailcert/$USERNAME.p12 -inkey /home/$USERNAME/emailcert/$USERNAME.key -certfile /home/$USERNAME/emailcert/dovecot-ca.crt -password "$CLIENT_CERT_PASSWORD"
 
 # make an install script
 echo '#!/bin/bash' > /home/$USERNAME/emailcert/install.sh
-- 
GitLab