summaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
Diffstat (limited to 'scripts')
-rw-r--r--scripts/37de-blit2011-email.txt18
-rw-r--r--scripts/37de-blit2011-mail.php.txt106
-rw-r--r--[-rwxr-xr-x]scripts/DumpWeakCerts.pl46
-rw-r--r--scripts/assurer.php2
-rwxr-xr-xscripts/db_migrations/version1.sh164
-rw-r--r--[-rwxr-xr-x]scripts/mail-weak-keys.php2
-rw-r--r--scripts/mass-revoke.php89
-rw-r--r--scripts/oa01-allowance.php.txt93
-rw-r--r--scripts/oa01-allowance.txt159
9 files changed, 661 insertions, 18 deletions
diff --git a/scripts/37de-blit2011-email.txt b/scripts/37de-blit2011-email.txt
new file mode 100644
index 0000000..365bd5b
--- /dev/null
+++ b/scripts/37de-blit2011-email.txt
@@ -0,0 +1,18 @@
+8. Brandenburger Linux-Infotag 2011 -- Helfer Gesucht
+:::::::::::::::::::::::::::::::::::::::::::::::::::::
+
+Hallo CAcerties,
+
+am Samstag, dem 5. November 2011 moechte sich CAcert mit einem Stand auf dem 8. Brandenburger Linux-Infotag 2011 (Motto: "Freie Gedanken - Freie Systeme") praesentieren. Hierzu wurde nun im Wiki eine Organisationsseite eingerichtet, auf der Ihr Euch als Helfer eintragen koennt
+ http://wiki.cacert.org/events/BLIT2011
+Sofern Ihr aus Berlin, Potsdam sowie Umgebung oder von woanders kommt und Zeit wie auch Lust habt, dann tragt Euch bitte, gerne auch nur fuer einen
+bestimmten Zeitraum, ein. Wer in den vergangenen Jahren dabei war, weiss vieviel Spass es allen gemacht hat!
+
+Auf der Veranstaltung sind Professoren, wissenschaftliche Mitarbeiter und in jedem Fall viele Studenten zu erwarten. Es waere daher super, wenn wir dort moeglichst viele von CAcert ueberzeugen koennen, um dort eine neue Keimzelle entstehen lassen zu koennen. Daher benoetigen wir mindestens drei Assurer, um 100 Punkte vergeben zu koennen.
+
+Wir freuen uns auf Eure Mithilfe.
+
+
+Wiki Organisationsseite: [http://wiki.cacert.org/events/BLIT2011]
+
+Kontakt: events@cacert.org
diff --git a/scripts/37de-blit2011-mail.php.txt b/scripts/37de-blit2011-mail.php.txt
new file mode 100644
index 0000000..e0ecead
--- /dev/null
+++ b/scripts/37de-blit2011-mail.php.txt
@@ -0,0 +1,106 @@
+#!/usr/bin/php -q
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2009 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/mysql.php");
+
+ $lines = "";
+ $fp = fopen("37de-blit2011-email.txt", "r");
+ while(!feof($fp))
+ {
+ $line = trim(fgets($fp, 4096));
+ $lines .= wordwrap($line, 75, "\n")."\n";
+ }
+ fclose($fp);
+
+
+// $locid = intval($_REQUEST['location']);
+// $maxdist = intval($_REQUEST['maxdist']);
+// maxdist in [Km]
+ $maxdist = 200;
+
+
+// location location.ID
+// verified: 29.4.09 u.schroeter
+// $locid = 7902857; // Paris
+// $locid = 238568; // Bielefeld
+// $locid = 715191; // Hamburg
+// $locid = 1102495; // London
+// $locid = 520340; // Duesseldorf
+// $locid = 1260319; // Muenchen
+// $locid = 606058; // Frankfurt
+// $locid = 1775784; // Stuttgart
+// $locid = 228950; // Berlin
+// $locid = 606058; // Frankfurt
+// $locid = 599389; // Flensburg
+// $locid = 61065; // Amsterdam, Eemnes
+// $locid = 228950; // Berlin
+// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, US
+// $locid = 1486658; // Potsdam
+// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
+// $locid = 2094781; // Mission Hills (Los Angeles), California, US
+// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
+// $locid = 2257312; // Sydney, New South Wales, Australia
+// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
+// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany
+// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany
+// $locid = 2102723; // Washington (District of Columbia, ..., US
+// $locid = 2177566; // New York (Bronx), New York, United States
+
+// BLIT2011
+ $locid = 1486658; // Potsdam
+ $eventname = "8. Brandenburger Linux-Infotag 2011 - Potsdam";
+ $city = "5. Nov 2011";
+
+
+ $query = "select * from `locations` where `id`='$locid'";
+ $loc = mysql_fetch_assoc(mysql_query($query));
+
+ $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
+ (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
+ COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
+ FROM `locations`
+ inner join `users` on `users`.`locid` = `locations`.`id`
+ inner join `alerts` on `users`.`id`=`alerts`.`memid`
+ inner join `notary` on `users`.`id`=`notary`.`to`
+ WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
+ GROUP BY `users`.`id`
+ HAVING `distance` <= '$maxdist'
+ ORDER BY `distance` ";
+ echo $query;
+
+ // comment next line when starting to send mail not only to me
+ // $query = "select * from `users` where `email` like 'cacerttest%'";
+
+ $res = mysql_query($query);
+ $xrows = mysql_num_rows($res);
+
+ while($row = mysql_fetch_assoc($res))
+ {
+ // uncomment next line to send mails ...
+ sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ }
+ // 1x cc to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ // 1x mailing report to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+
+ // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
+ sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ echo "invitation sent to $xrows recipients.\n";
+
+?>
diff --git a/scripts/DumpWeakCerts.pl b/scripts/DumpWeakCerts.pl
index 85648fe..580390e 100755..100644
--- a/scripts/DumpWeakCerts.pl
+++ b/scripts/DumpWeakCerts.pl
@@ -1,6 +1,7 @@
#!/usr/bin/perl
# Script to dump weak RSA certs (Exponent 3 or Modulus size < 1024) according to https://bugs.cacert.org/view.php?id=918
# and https://wiki.cacert.org/Arbitrations/a20110312.1
+# Extended to be used for https://bugs.cacert.org/view.php?id=954
use strict;
use warnings;
@@ -26,12 +27,15 @@ my $cert_CN;
my $cert_expire;
my $cert_filename;
my $cert_serial;
+my $cert_recid;
my $user_email;
my $user_firstname;
my $reason;
+my $grace_time_days = 0; # 14 used for bug#918
+
my @row;
sub IsWeak($) {
@@ -40,6 +44,16 @@ sub IsWeak($) {
my $ModulusSize = 0;
my $Exponent = 0;
my $result = 0;
+
+
+# Code for Testing only! Hardcoding some filenames to fail the tests.
+#
+# if ($CertFileName eq '../crt/server/301/server-301988.crt' ||
+# $CertFileName eq '../crt/client/258/client-258856.crt' ||
+# $CertFileName eq '../crt/orgserver/2/orgserver-2635.crt' ||
+# $CertFileName eq '../crt/orgclient/0/orgclient-808.crt') {
+# return "Test";
+# }
# Do key size and exponent checking for RSA keys
open(CERTTEXT, '-|', "openssl x509 -in $CertFileName -noout -text") || die "Cannot start openssl";
@@ -76,9 +90,9 @@ sub IsWeak($) {
# Select only certificates expiring in more than two weeks, since two weeks will probably be needed as turnaround time
# Get all domain certificates
$sth_certs = $dbh->prepare(
- "SELECT `dc`.`domid`, `dc`.`CN`, `dc`.`expire`, `dc`.`crt_name`, `dc`.`serial` ".
+ "SELECT `dc`.`domid`, `dc`.`CN`, `dc`.`expire`, `dc`.`crt_name`, `dc`.`serial`, `dc`.`id` ".
" FROM `domaincerts` AS `dc` ".
- " WHERE `dc`.`revoked`=0 AND `dc`.`expire` > DATE_ADD(NOW(), INTERVAL 14 DAY)");
+ " WHERE `dc`.`revoked`=0 AND `dc`.`expire` > DATE_ADD(NOW(), INTERVAL $grace_time_days DAY)");
$sth_certs->execute();
$sth_userdata = $dbh->prepare(
@@ -86,13 +100,13 @@ $sth_userdata = $dbh->prepare(
" FROM `domains` AS `d`, `users` AS `u` ".
" WHERE `d`.`memid`=`u`.`id` AND `d`.`id`=?");
-while(($cert_domid, $cert_CN, $cert_expire, $cert_filename, $cert_serial) = $sth_certs->fetchrow_array) {
+while(($cert_domid, $cert_CN, $cert_expire, $cert_filename, $cert_serial, $cert_recid) = $sth_certs->fetchrow_array) {
if (-f $cert_filename) {
$reason = IsWeak($cert_filename);
if ($reason) {
$sth_userdata->execute($cert_domid);
($user_email, $user_firstname) = $sth_userdata->fetchrow_array();
- print join("\t", ('DomainCert', $user_email, $user_firstname, $cert_expire, $cert_CN, $reason, $cert_serial)). "\n";
+ print join("\t", ('DomainCert', $user_email, $user_firstname, $cert_expire, $cert_CN, $reason, $cert_serial, $cert_recid)). "\n";
$sth_userdata->finish();
}
}
@@ -101,9 +115,9 @@ $sth_certs->finish();
# Get all email certificates
$sth_certs = $dbh->prepare(
- "SELECT `ec`.`memid`, `ec`.`CN`, `ec`.`expire`, `ec`.`crt_name`, `ec`.`serial` ".
+ "SELECT `ec`.`memid`, `ec`.`CN`, `ec`.`expire`, `ec`.`crt_name`, `ec`.`serial`, `ec`.`id` ".
" FROM `emailcerts` AS `ec` ".
- " WHERE `ec`.`revoked`=0 AND `ec`.`expire` > DATE_ADD(NOW(), INTERVAL 14 DAY)");
+ " WHERE `ec`.`revoked`=0 AND `ec`.`expire` > DATE_ADD(NOW(), INTERVAL $grace_time_days DAY)");
$sth_certs->execute();
$sth_userdata = $dbh->prepare(
@@ -111,13 +125,13 @@ $sth_userdata = $dbh->prepare(
" FROM `users` AS `u` ".
" WHERE `u`.`id`=?");
-while(($cert_userid, $cert_CN, $cert_expire, $cert_filename, $cert_serial) = $sth_certs->fetchrow_array) {
+while(($cert_userid, $cert_CN, $cert_expire, $cert_filename, $cert_serial, $cert_recid) = $sth_certs->fetchrow_array) {
if (-f $cert_filename) {
$reason = IsWeak($cert_filename);
if ($reason) {
$sth_userdata->execute($cert_userid);
($user_email, $user_firstname) = $sth_userdata->fetchrow_array();
- print join("\t", ('EmailCert', $user_email, $user_firstname, $cert_expire, $cert_CN, $reason, $cert_serial)). "\n";
+ print join("\t", ('EmailCert', $user_email, $user_firstname, $cert_expire, $cert_CN, $reason, $cert_serial, $cert_recid)). "\n";
$sth_userdata->finish();
}
}
@@ -126,9 +140,9 @@ $sth_certs->finish();
# Get all Org Server certificates, notify all admins of the Org!
$sth_certs = $dbh->prepare(
- "SELECT `dc`.`orgid`, `dc`.`CN`, `dc`.`expire`, `dc`.`crt_name`, `dc`.`serial` ".
+ "SELECT `dc`.`orgid`, `dc`.`CN`, `dc`.`expire`, `dc`.`crt_name`, `dc`.`serial`, `dc`.`id` ".
" FROM `orgdomaincerts` AS `dc` ".
- " WHERE `dc`.`revoked`=0 AND `dc`.`expire` > DATE_ADD(NOW(), INTERVAL 14 DAY)");
+ " WHERE `dc`.`revoked`=0 AND `dc`.`expire` > DATE_ADD(NOW(), INTERVAL $grace_time_days DAY)");
$sth_certs->execute();
$sth_userdata = $dbh->prepare(
@@ -136,13 +150,13 @@ $sth_userdata = $dbh->prepare(
" FROM `users` AS `u`, `org` ".
" WHERE `u`.`id`=`org`.`memid` and `org`.`orgid`=?");
-while(($cert_orgid, $cert_CN, $cert_expire, $cert_filename, $cert_serial) = $sth_certs->fetchrow_array) {
+while(($cert_orgid, $cert_CN, $cert_expire, $cert_filename, $cert_serial, $cert_recid) = $sth_certs->fetchrow_array) {
if (-f $cert_filename) {
$reason = IsWeak($cert_filename);
if ($reason) {
$sth_userdata->execute($cert_orgid);
while(($user_email, $user_firstname) = $sth_userdata->fetchrow_array()) {
- print join("\t", ('OrgServerCert', $user_email, $user_firstname, $cert_expire, $cert_CN, $reason, $cert_serial)). "\n";
+ print join("\t", ('OrgServerCert', $user_email, $user_firstname, $cert_expire, $cert_CN, $reason, $cert_serial, $cert_recid)). "\n";
}
$sth_userdata->finish();
}
@@ -152,9 +166,9 @@ $sth_certs->finish();
# Get all Org Email certificates, notify all admins of the Org!
$sth_certs = $dbh->prepare(
- "SELECT `ec`.`orgid`, `ec`.`CN`, `ec`.`expire`, `ec`.`crt_name`, `ec`.`serial` ".
+ "SELECT `ec`.`orgid`, `ec`.`CN`, `ec`.`expire`, `ec`.`crt_name`, `ec`.`serial`, `ec`.`id` ".
" FROM `orgemailcerts` AS `ec` ".
- " WHERE `ec`.`revoked`=0 AND `ec`.`expire` > DATE_ADD(NOW(), INTERVAL 14 DAY)");
+ " WHERE `ec`.`revoked`=0 AND `ec`.`expire` > DATE_ADD(NOW(), INTERVAL $grace_time_days DAY)");
$sth_certs->execute();
$sth_userdata = $dbh->prepare(
@@ -162,13 +176,13 @@ $sth_userdata = $dbh->prepare(
" FROM `users` AS `u`, `org` ".
" WHERE `u`.`id`=`org`.`memid` and `org`.`orgid`=?");
-while(($cert_orgid, $cert_CN, $cert_expire, $cert_filename, $cert_serial) = $sth_certs->fetchrow_array) {
+while(($cert_orgid, $cert_CN, $cert_expire, $cert_filename, $cert_serial, $cert_recid) = $sth_certs->fetchrow_array) {
if (-f $cert_filename) {
$reason = IsWeak($cert_filename);
if ($reason) {
$sth_userdata->execute($cert_orgid);
while(($user_email, $user_firstname) = $sth_userdata->fetchrow_array()) {
- print join("\t", ('OrgEmailCert', $user_email, $user_firstname, $cert_expire, $cert_CN, $reason, $cert_serial)). "\n";
+ print join("\t", ('OrgEmailCert', $user_email, $user_firstname, $cert_expire, $cert_CN, $reason, $cert_serial, $cert_recid)). "\n";
}
$sth_userdata->finish();
}
diff --git a/scripts/assurer.php b/scripts/assurer.php
index c649fbf..d85a2a6 100644
--- a/scripts/assurer.php
+++ b/scripts/assurer.php
@@ -30,7 +30,7 @@
$query = "
select u.email, fname, lname, sum(n.points) from users u, notary n
where n.to=u.id
- and not exists(select 1 from cats_passed cp where cp.user_id=u.id)
+ and not EXISTS(SELECT 1 FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND `tp`.`user_id` = `u`.`id`)
and exists(select 1 from notary n2 where n2.from=u.id and year(n2.`when`)>2007)
and (select count(*) from notary n3 where n3.from=u.id) > 1
group by email, fname, lname
diff --git a/scripts/db_migrations/version1.sh b/scripts/db_migrations/version1.sh
new file mode 100755
index 0000000..48e24f9
--- /dev/null
+++ b/scripts/db_migrations/version1.sh
@@ -0,0 +1,164 @@
+#!/bin/sh
+# LibreSSL - CAcert web application
+# Copyright (C) 2004-2011 CAcert Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+
+
+# script to do database migrations
+
+# This particular version migrates from the preversioned state to version 1
+# If you want to reuse it for further migrations you probably should pay special
+# attention because you have to adjust it a bit
+
+set -e # script fails if any command fails
+
+STDIN=0
+STDOUT=1
+STDERR=2
+
+if [ "$1" = "--help" ]; then
+ cat >&$STDERR <<- USAGE
+ Usage: $0 [MYSQL_OPTIONS]
+ You have to specify all options needed by "mysql" as if you had started
+ the MySQL command line client directly (including the name of the
+ database to operate on). The MySQL user used has to have enough
+ privileges to do all necessary operations (among others CREATE, ALTER,
+ DROP, UPDATE, INSERT, DELETE).
+ You might need to enter the mysql password multiple times if you
+ specify the -p option.
+ USAGE
+ exit 1
+fi
+
+mysql_opt=" --batch --skip-column-names $@"
+
+schema_version=$( mysql $mysql_opt <<- 'SQL'
+ CREATE TABLE IF NOT EXISTS `schema_version` (
+ `id` int(11) PRIMARY KEY auto_increment,
+ `version` int(11) NOT NULL UNIQUE,
+ `when` datetime NOT NULL
+ ) DEFAULT CHARSET=latin1;
+
+ SELECT MAX(`version`) FROM `schema_version`;
+SQL
+)
+
+if [ $schema_version != "NULL" ]; then
+ cat >&$STDERR <<- ERROR
+ Error: database schema is not in the right version to do the migration!
+ Expected version: 0 (i.e. the version before there was versioning)
+ ERROR
+ exit 2
+fi
+
+
+mysql $mysql_opt <<- 'SQL'
+ -- CCA agreements and such
+ CREATE TABLE `user_agreements` (
+ `id` int(11) PRIMARY KEY auto_increment,
+
+ -- the user that agrees
+ `memid` int(11) NOT NULL,
+
+ -- user that is involved in the agreement (e.g. Assurer)
+ `secmemid` int(11) DEFAULT NULL,
+
+ -- what is being agreed to? e.g. CCA
+ `document` varchar(50) DEFAULT NULL,
+
+ -- when did the agreement take place?
+ `date` datetime DEFAULT NULL,
+
+ -- whether the user actively agreed or if the agreement took place via
+ -- an indirect process (e.g. Assurance)
+ `active` int(1) NOT NULL,
+
+ -- in which process did the agreement take place (e.g. certificate
+ -- issuance, account creation, assurance)
+ `method` varchar(100) NOT NULL,
+
+ -- user comment
+ `comment` varchar(100) DEFAULT NULL
+ ) DEFAULT CHARSET=latin1;
+
+
+ -- description for all certs to make identifying a cert easier
+ ALTER TABLE `domaincerts` ADD `description` varchar(100) NOT NULL
+ DEFAULT '';
+ ALTER TABLE `emailcerts` ADD `description` varchar(100) NOT NULL
+ DEFAULT '';
+ ALTER TABLE `gpg` ADD `description` varchar(100) NOT NULL
+ DEFAULT '';
+ ALTER TABLE `orgdomaincerts` ADD `description` varchar(100) NOT NULL
+ DEFAULT '';
+ ALTER TABLE `orgemailcerts` ADD `description` varchar(100) NOT NULL
+ DEFAULT '';
+
+
+ -- Bugs #855, #863, #864, #888
+ ALTER TABLE `notary`
+ -- allow for marking as deleted instead of really deleting
+ ADD `deleted` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
+
+ -- add "TOPUP" as method for point transfers (for TTP)
+ MODIFY `method`
+ enum(
+ 'Face to Face Meeting',
+ 'Trusted Third Parties',
+ 'Thawte Points Transfer',
+ 'Administrative Increase',
+ 'CT Magazine - Germany',
+ 'Temporary Increase',
+ 'Unknown',
+ 'TOPUP'
+ ) NOT NULL DEFAULT 'Face to Face Meeting';
+
+
+
+ -- Organisation Assurance
+ ALTER TABLE `orginfo`
+ -- which Organisation Assurer entered the organisation?
+ ADD `creator_id` int(11) NOT NULL DEFAULT '0',
+
+ -- when was the organisation entered?
+ ADD `created` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
+
+ -- allow for marking as deleted instead of really deleting
+ ADD `deleted` datetime NOT NULL DEFAULT '0000-00-00 00:00:00';
+
+ ALTER TABLE `org`
+ -- which Organisation Assurer assigned the Organisation Admin?
+ ADD `creator_id` int(11) NOT NULL DEFAULT '0',
+
+ -- when was the Organisation Admin assigned?
+ ADD `created` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
+
+ -- allow for marking as deleted instead of really deleting
+ ADD `deleted` datetime NOT NULL DEFAULT '0000-00-00 00:00:00';
+
+
+
+
+ -- Update schema version number
+ INSERT INTO `schema_version`
+ (`version`, `when`) VALUES
+ ('1' , NOW() );
+SQL
+
+
+echo "Database successfully migrated to version 1"
+exit 0
+
diff --git a/scripts/mail-weak-keys.php b/scripts/mail-weak-keys.php
index 018bd64..95c0e4f 100755..100644
--- a/scripts/mail-weak-keys.php
+++ b/scripts/mail-weak-keys.php
@@ -137,7 +137,7 @@ CAcert Suport Team
$num_client = 0;
$num_orgdomain = 0;
$num_orgclient = 0;
- $action_date = '2011-04-??';
+ $action_date = '2011-07-15';
$in = fopen("php://stdin", "r");
while($in_string = rtrim(fgets($in, 255))) {
list($cert_type, $cert_email, $owner_name, $cert_expire, $cert_CN, $reason, $cert_serial) = explode("\t", $in_string);
diff --git a/scripts/mass-revoke.php b/scripts/mass-revoke.php
new file mode 100644
index 0000000..18c036b
--- /dev/null
+++ b/scripts/mass-revoke.php
@@ -0,0 +1,89 @@
+#!/usr/bin/php -q
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2011 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+
+# Companion script to DumpWeakCerts.pl, takes output and revokes weak certs
+# Only first and last column ($cert_type and $cert_recid) are used, the others
+# are ignored
+
+include_once("../includes/mysql.php");
+# Main
+
+$num_domain = 0;
+$num_client = 0;
+$num_orgdomain = 0;
+$num_orgclient = 0;
+
+$num_failures = 0;
+
+$in = fopen("php://stdin", "r");
+
+# The restriction on revoked timestamp os only "to be sure" for non-Org certs,
+# but Org certs (email and serer) may be included multiple times in the output
+# of DumpWeakCerts.pl (once for each OrgAdmin).
+while($in_string = rtrim(fgets($in))) {
+ list($cert_type, $cert_email, $owner_name, $cert_expire, $cert_CN, $reason,
+ $cert_serial, $cert_recid) = explode("\t", $in_string);
+
+ if ($cert_type == "DomainCert") {
+ $query = "UPDATE `domaincerts` SET `revoked`='1970-01-01 10:00:01'
+ where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'";
+
+ if (!mysql_query($query)) {
+ $num_failures++;
+ }
+ $num_domain+=mysql_affected_rows();
+
+ } else if ($cert_type == "EmailCert") {
+ $query = "UPDATE `emailcerts` SET `revoked`='1970-01-01 10:00:01'
+ where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'";
+
+ if (!mysql_query($query)) {
+ $num_failures++;
+ }
+ $num_client+=mysql_affected_rows();
+
+ } else if ($cert_type == "OrgServerCert") {
+ $query = "UPDATE `orgdomaincerts` SET `revoked`='1970-01-01 10:00:01'
+ where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'";
+
+ if (!mysql_query($query)) {
+ $num_failures++;
+ }
+ $num_orgdomain+=mysql_affected_rows();
+
+ } else if ($cert_type == "OrgEmailCert") {
+ $query = "UPDATE `orgemailcerts` SET `revoked`='1970-01-01 10:00:01'
+ where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'";
+
+ if (!mysql_query($query)) {
+ $num_failures++;
+ }
+ $num_orgclient+=mysql_affected_rows();
+ }
+}
+
+fclose($in);
+
+echo "Certificates revoked: ".
+ "$num_domain server certs, ".
+ "$num_client client certs, ".
+ "$num_orgdomain Org server certs, ".
+ "$num_orgclient Org client certs.\n";
+echo "Update failures: $num_failures\n";
+?>
diff --git a/scripts/oa01-allowance.php.txt b/scripts/oa01-allowance.php.txt
new file mode 100644
index 0000000..50374e3
--- /dev/null
+++ b/scripts/oa01-allowance.php.txt
@@ -0,0 +1,93 @@
+#!/usr/bin/php -q
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2011 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/mysql.php");
+
+ $lines = "";
+ $fp = fopen("oa01-allowance.txt", "r");
+ while(!feof($fp))
+ {
+ $line = trim(fgets($fp, 4096));
+ $lines .= wordwrap($line, 75, "\n")."\n";
+ }
+ fclose($fp);
+
+// --- Variable parameters --- begin
+
+// $country
+// "" (empty) email to _all_ countries
+// "DE" 2-digit country code, eg. email to Germany Org's only
+
+// $status
+// Status: 1 mails to org contacts only
+// 2 mails to org admins only
+// 3 mails to org contacts + org admins
+
+// $subject
+// sample:
+// with
+// mailing subject results in
+// a) $country = ""
+// "[CAcert.org] Allowance to publish Organisation Assurance on CAcert website"
+// b) $country = "DE"
+// "[CAcert.org] Allowance to publish Organisation Assurance on CAcert website (DE)"
+
+
+//OA Allowance
+$country = ""; // "DE" or ""
+$status = 3; // 1, 2 or 3 3 = 1+2
+$subject = "Allowance to publish Organisation Assurance on CAcert website";
+
+
+// --- Variable parameters --- end
+
+$query = "SELECT orginfo.contact as email, orginfo.O, 1 as status
+ FROM orginfo
+ WHERE (orginfo.C like '$country%' and (1=$status or 3=$status))
+ UNION
+ Select users.email, orginfo.O, 2 as status
+ FROM users
+ inner join org on users.id = org.memid
+ inner join orginfo on org.orgid=orginfo.id
+ WHERE (orginfo.C like '$country%' and (2=$status or 3=$status))
+ ORDER BY O";
+
+
+ echo $query;
+
+ // comment next line when starting to send mail not only to me
+ // $query = "select * from `users` where `email` like 'cacerttest%'";
+
+ $res = mysql_query($query);
+ $xrows = mysql_num_rows($res);
+
+ while($row = mysql_fetch_assoc($res))
+ {
+ // uncomment next line to send mails ...
+ sendmail($row['email'], "[CAcert.org] ".$subject.(empty($country)?"":" (".$country.")") , $lines, "support@cacert.org", "", "", "CAcert OA Support", "returns@cacert.org", 1);
+ }
+ // 1x cc to oao.cacert.org
+ sendmail("oao@cacert.org", "[CAcert.org] ".$subject.(empty($country)?"":" (".$country.")"), $lines, "oao@cacert.org", "", "", "CAcert OA Support", "returns@cacert.org", 1);
+ // 1x mailing report to oao.cacert.org
+ sendmail("oao@cacert.org", "[CAcert.org] ".$subject.(empty($country)?"":" (".$country.")")." - Report", "oa-mailing sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert OA Support", "returns@cacert.org", 1);
+
+ // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20110608.1
+ sendmail("bernhard@cacert.org", "[CAcert.org] ".$subject.(empty($country)?"":" (".$country.")")." - Report", "oa-mailing sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert OA Support", "returns@cacert.org", 1);
+
+ echo "oa-mailing sent to $xrows recipients.\n";
+?>
diff --git a/scripts/oa01-allowance.txt b/scripts/oa01-allowance.txt
new file mode 100644
index 0000000..ea23fa4
--- /dev/null
+++ b/scripts/oa01-allowance.txt
@@ -0,0 +1,159 @@
+(Dutch, German and French version see below)
+
+Dear sir or madam,
+
+CAcert plans to add a new section to its homepage. This section will contain
+a listing of companies and organisations assured by
+CAcert's Organisation Assurance.
+
+You, as a representative or an Organisation Administrator of such an
+organisation, are asked for your approval to give us the name, the logo and
+the location of your company. The reference will be listed on
+http://wiki.cacert.org/OrganisationAssurance/OrganisationList. This listing
+is a resource for other companies planning to use CAcert Certificates.
+
+We kindly ask you to tell us for what purpose you use your CAcert certificate.
+Please check the specific items:
+
+ [ ] - Client Certs
+ [ ] - E-mail Certs
+ [ ] - Server Certs
+ [ ] - Document Signing
+ [ ] - Code Signing
+
+"If you are satisfied with our services, tell others. If not, come back to us."
+
+Additionally, we plan a testimonial page in the future where you are able to
+tell about your experience with CAcert.
+
+If you have any questions, suggestions or criticisms please do not hesitate to
+contact us on mailto:support@cacert.org,
+mailto:cacert-orga-assurer@lists.cacert.org or contact the Organisation Assurer
+who originaly assured you organisation. You can revoke your assent any time.
+
+Thank you for your support.
+
+For the Organisation Assurance Team
+
+---------------------------------------------------
+
+[German Version]
+
+Sehr geehrte Damen und Herren,
+
+CAcert plant eine Umgestaltung des Internetauftritts. Dazu gehoert auch die
+Auflistung von Unternehmen und Organisationen, die durch CAcert im Rahmen der
+Organisation Assurance geprueft wurden.
+
+Wir wuerden gerne Ihre Organisation (Name, Sitz und Logo) als Referenz auf der
+Seite http://wiki.cacert.org/OrganisationAssurance/OrganisationList nennen.
+Als Ansprechpartner oder Organisationsadministrator einer solchen Organisation
+benoetigen wir dazu Ihr Einverstaendnis.
+
+Ueber Informationen, wie in welcher Weise Ihre Organisation CAcert-Zertifikate
+einsetzt, wuerden wir und sehr freuen. Wählen Sie einfach die verwendeten
+Einsatzgebiete aus dieser Liste aus:
+
+ [ ] - Client Certs
+ [ ] - E-Mail Certs
+ [ ] - Server Certs
+ [ ] - Document Signing
+ [ ] - Code Signing
+
+"Wenn Sie zufrieden sind mit unserem Service, sagen Sie es weiter. Wenn Sie
+nicht zufrieden sind, sagen Sie es uns."
+
+In diesem Zusammenhang planen wir auch eine Testimonal Seite, auf der Sie
+selbst ueber ihre Erfahrungen berichten koennen.
+
+Bei Fragen, Anregungen oder Kritik erreichen Sie uns jederzeit unter
+mailto:support@cacert.org und mailto:cacert-orga-assurer@lists.cacertg.org oder
+kontaktieren Sie den Organisations Assurer, der Ihre Organisation ueberprueft
+hat. Sie haben jederzeit das Recht, Ihr Einverstaendnis zu widerrufen.
+
+Im Name von CAcert bedanke sich das Organisation Assurance Team herzlich
+fuer Ihre Unterstuetzung.
+
+---------------------------------------------------
+
+[French Version]
+
+Madame, Monsieur,
+
+CAcert a decide d'ajouter une nouvelle section a son site internet. Cette
+section contient une liste des entreprises et organisations accreditees
+par CAcert.
+
+Vous, en tant que representant ou administrateur d'une telle organisation,
+il vous est demande votre approbation pour nous donner le nom, le logo et le
+lieu de votre entreprise. La reference sera ajoutee sur
+http://wiki.cacert.org/OrganisationAssurance/OrganisationList. Cette
+inscription serait utile pour encourager d'autres organisations a utiliser
+des certificats CAcert.
+
+Nous vous prions de nous dire a quelles fins vous utilisez vos certificats
+CAcert. S'il vous plaît, precisez les elements suivants :
+
+ [ ] - Certificats client (SSL)
+ [ ] - Certificats pour courriel (email)
+ [ ] - Certificats Serveur (SSL)
+ [ ] - Signature de document
+ [ ] - Signature du code de logiciels informatique
+
+"Si vous êtes satisfaits de nos services, faite le nous savoir. Dans le cas
+contraire, nous sommes a votre ecoute."
+
+De plus, nous prevoyons de realiser a l'avenir une page avec des temoignages ou
+vous pourrez parler de votre experience avec CAcert.
+
+Si vous avez des questions, des suggestions ou des critiques, n'hesitez pas
+s'il vous plaît a nous contacter sur mailto:support@cacert.org,
+mailto:cacert-orga-assurer@lists.cacert.org, ou contacter
+l'Accrediteur d'Organisation qui a realise votre inscription initialement.
+Vous pouvez retirer votre referencement a tout moment de notre site internet
+sur simple demande.
+
+Merci pour votre soutien.
+
+L'equipe des Accrediteurs d'Organisations.
+
+---------------------------------------------------
+
+[Dutch Version]
+
+Geachte dames/heren,
+
+Uw organisatie (of bedrijf) is reeds gewaarmerkt door CAcert.
+
+Gedurende dat proces bent u aangewezen als contactpersoon of als organisatie
+adminstrator, en daarom ontvangt u deze email.
+
+In het kader van een reorganisatie van CAcert websites willen wij uw organisatie
+graag als referentie toevoegen op de pagina:
+http://wiki.cacert.org/OrganisationAssurance/OrganisationList.
+Daarom verzoeken wij u bij deze om toestemming om de naam van uw organisatie
+toe te voegen aan deze referentiepagina.
+
+Zodat ook andere organisaties zichzelf kunnen informeren over de verschillende
+toepassingen van onze certificaten, of kunnen profiteren van uw ervaring,
+verzoeken wij tevens om het gebruik van certificaten binnen uw organisatie
+te benoemen:
+
+ [ ] - Client Certificaten
+ [ ] - Email Certificaten
+ [ ] - Server Certificaten
+ [ ] - Document Signing
+ [ ] - Code Signing
+
+
+"Wanneer u tevreden bent over onze service, vertel het verder. Wanneer u niet
+tevreden bent, vertel het ons."
+Binnen deze context plannen wij ook een Testimonal pagina, waar u zelf over uw
+ervaringen kunt berichten.
+
+Voor vragen, opmerkingen of kritiek kunt u ons ten alle tijden bereiken onder
+mailto:support@cacert.org of mailto:cacert-orga-assurer@lists.cacertg.org.
+U kunt ook contact opnemen met de Organisation Assurer die uw organisatie
+gewaarmerkt heeft.
+
+Uw Organisation Assurance Team. \ No newline at end of file