Add scripts to support 'Require valid-user' and 'Require group' authz configurations separately.

git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1041681 13f79535-47bb-0310-9956-ffa450edef68
author: jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68> 2010-12-03 03:59:19 +0000
committer: jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68> 2010-12-03 03:59:19 +0000
commit: 8d13a8e4dbc51852b02c647b8c76b59a1922049b (patch)
tree: 4708ff546febb6a9457daf967f7b8893610d8d06 /sca-cpp/trunk/modules/http
parent: 6f3e045ffeef4645a182ccc80ecd37e1803dd44d (diff)
10 files changed, 87 insertions, 41 deletions
diff --git a/sca-cpp/trunk/modules/http/Makefile.am b/sca-cpp/trunk/modules/http/Makefile.am
index af8ab4d1c3..a47b83fbf0 100644
--- a/sca-cpp/trunk/modules/http/Makefile.am
+++ b/sca-cpp/trunk/modules/http/Makefile.am
@@ -20,7 +20,7 @@ INCLUDES = -I${HTTPD_INCLUDE}
 incl_HEADERS = *.hpp
 incldir = $(prefix)/include/modules/http
 
-dist_mod_SCRIPTS = httpd-conf httpd-addr httpd-start httpd-stop httpd-restart ssl-ca-conf ssl-cert-conf ssl-cert-find httpd-ssl-conf basic-auth-conf cert-auth-conf form-auth-conf open-auth-conf proxy-conf proxy-ssl-conf proxy-member-conf proxy-ssl-member-conf vhost-conf vhost-ssl-conf tunnel-ssl-conf httpd-worker-conf httpd-event-conf
+dist_mod_SCRIPTS = httpd-conf httpd-addr httpd-start httpd-stop httpd-restart ssl-ca-conf ssl-cert-conf ssl-cert-find httpd-ssl-conf basic-auth-conf cert-auth-conf form-auth-conf open-auth-conf passwd-auth-conf group-auth-conf proxy-conf proxy-ssl-conf proxy-member-conf proxy-ssl-member-conf vhost-conf vhost-ssl-conf tunnel-ssl-conf httpd-worker-conf httpd-event-conf
 moddir=$(prefix)/modules/http
 
 curl_test_SOURCES = curl-test.cpp
diff --git a/sca-cpp/trunk/modules/http/basic-auth-conf b/sca-cpp/trunk/modules/http/basic-auth-conf
index 74f4a61959..c3018e1174 100755
--- a/sca-cpp/trunk/modules/http/basic-auth-conf
+++ b/sca-cpp/trunk/modules/http/basic-auth-conf
@@ -25,8 +25,6 @@ root=`readlink -f $1`
 conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
 host=`echo $conf | awk '{ print $6 }'`
 
-httpd_prefix=`cat $here/httpd.prefix`
-
 # Generate basic authentication configuration
 cat >>$root/conf/auth.conf <<EOF
 # Generated by: basic-auth-conf $*
@@ -36,16 +34,8 @@ cat >>$root/conf/auth.conf <<EOF
 AuthType Basic
 AuthName "$host"
 AuthBasicProvider file
-AuthUserFile "$root/conf/httpd.passwd"
 Require valid-user
 </Location>
 
 EOF
 
-# Create test users
-touch $root/conf/httpd.passwd
-$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd test test 2>/dev/null
-$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd admin admin 2>/dev/null
-$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd foo foo 2>/dev/null
-$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd bar bar 2>/dev/null
-
diff --git a/sca-cpp/trunk/modules/http/cert-auth-conf b/sca-cpp/trunk/modules/http/cert-auth-conf
index 00494d99f2..c6720c7ae4 100755
--- a/sca-cpp/trunk/modules/http/cert-auth-conf
+++ b/sca-cpp/trunk/modules/http/cert-auth-conf
@@ -25,8 +25,6 @@ root=`readlink -f $1`
 conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
 host=`echo $conf | awk '{ print $6 }'`
 
-httpd_prefix=`cat $here/httpd.prefix`
-
 # Generate authentication configuration
 cat >>$root/conf/auth.conf <<EOF
 # Generated by: cert-auth-conf $*
@@ -38,14 +36,12 @@ SSLVerifyDepth 1
 AuthType Basic
 AuthName "$host"
 AuthBasicProvider file
-AuthUserFile "$root/conf/httpd.passwd"
 Require valid-user
 </Location>
 
 EOF
 
-# Create certificate-based users
-touch $root/conf/httpd.passwd
+# Create password file and certificate-based users
 cat >>$root/conf/httpd.passwd <<EOF
 /C=US/ST=CA/L=San Francisco/O=$host/OU=server/CN=$host:\$1\$OXLyS...\$Owx8s2/m9/gfkcRVXzgoE/
 /C=US/ST=CA/L=San Francisco/O=$host/OU=proxy/CN=$host:\$1\$OXLyS...\$Owx8s2/m9/gfkcRVXzgoE/
diff --git a/sca-cpp/trunk/modules/http/form-auth-conf b/sca-cpp/trunk/modules/http/form-auth-conf
index a58a800058..a9077116da 100755
--- a/sca-cpp/trunk/modules/http/form-auth-conf
+++ b/sca-cpp/trunk/modules/http/form-auth-conf
@@ -25,8 +25,6 @@ root=`readlink -f $1`
 conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
 host=`echo $conf | awk '{ print $6 }'`
 
-httpd_prefix=`cat $here/httpd.prefix`
-
 # Generate form authentication configuration
 cat >>$root/conf/auth.conf <<EOF
 # Generated by: form-auth-conf $*
@@ -36,7 +34,6 @@ cat >>$root/conf/auth.conf <<EOF
 AuthType Form
 AuthName "$host"
 AuthFormProvider file
-AuthUserFile "$root/conf/httpd.passwd"
 AuthFormLoginRequiredLocation /login
 AuthFormLogoutLocation /
 Session On
@@ -55,10 +52,3 @@ SetHandler form-logout-handler
 
 EOF
 
-# Create test users
-touch $root/conf/httpd.passwd
-$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd test test 2>/dev/null
-$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd admin admin 2>/dev/null
-$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd foo foo 2>/dev/null
-$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd bar bar 2>/dev/null
-
diff --git a/sca-cpp/trunk/modules/http/group-auth-conf b/sca-cpp/trunk/modules/http/group-auth-conf
new file mode 100755
index 0000000000..dc8dad8641
--- /dev/null
+++ b/sca-cpp/trunk/modules/http/group-auth-conf
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#  
+#    http://www.apache.org/licenses/LICENSE-2.0
+#    
+#  Unless required by applicable law or agreed to in writing,
+#  software distributed under the License is distributed on an
+#  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#  KIND, either express or implied.  See the License for the
+#  specific language governing permissions and limitations
+#  under the License.
+
+here=`readlink -f $0`; here=`dirname $here`
+mkdir -p $1
+root=`readlink -f $1`
+user=$2
+group="members"
+
+# Add user to group
+cat $root/conf/httpd.groups | awk " BEGIN { found = 0 } /$group: / { printf \"%s %s\n\", \$0, \"$user\"; found = 1 } !/$group: / { printf \"%s\n\", \$0 } END { if (found == 0) printf \"%s: %s\n\", \"$group\", \"$user\" } " >$root/conf/.httpd.groups.tmp 2>/dev/null
+cp $root/conf/.httpd.groups.tmp $root/conf/httpd.groups
+rm $root/conf/.httpd.groups.tmp
+
+# Generate HTTPD group authorization configuration
+conf=`cat $root/conf/auth.conf | grep "Generated by: group-auth-conf"`
+if [ "$conf" = "" ]; then
+    cat >>$root/conf/auth.conf <<EOF
+# Generated by: group-auth-conf $1
+# Allow group member access to root location
+<Location />
+AuthGroupFile "$root/conf/httpd.groups"
+Require group members
+</Location>
+
+EOF
+fi
+
diff --git a/sca-cpp/trunk/modules/http/httpd-conf b/sca-cpp/trunk/modules/http/httpd-conf
index a77141af5f..ed2b7bb06d 100755
--- a/sca-cpp/trunk/modules/http/httpd-conf
+++ b/sca-cpp/trunk/modules/http/httpd-conf
@@ -230,11 +230,21 @@ Require all granted
 # Allow authorized access to root location
 <Location />
 Options FollowSymLinks
+AuthUserFile "$root/conf/httpd.passwd"
 Require all granted
 </Location>
 
 EOF
 
+# Create password and group files
+cat >$root/conf/httpd.passwd <<EOF
+# Generated by: httpd-conf $*
+EOF
+
+cat >$root/conf/httpd.groups <<EOF
+# Generated by: httpd-conf $*
+EOF
+
 # Generate vhost configuration
 cat >$root/conf/vhost.conf <<EOF
 # Generated by: httpd-conf $*
diff --git a/sca-cpp/trunk/modules/http/httpd-ssl-conf b/sca-cpp/trunk/modules/http/httpd-ssl-conf
index 0a73809fa5..5882a18cb4 100755
--- a/sca-cpp/trunk/modules/http/httpd-ssl-conf
+++ b/sca-cpp/trunk/modules/http/httpd-ssl-conf
@@ -36,8 +36,6 @@ htdocs=`echo $conf | awk '{ print $8 }'`
 mkdir -p $htdocs
 htdocs=`readlink -f $htdocs`
 
-httpd_prefix=`cat $here/httpd.prefix`
-
 # Extract organization name from our CA certificate
 org=`openssl x509 -noout -subject -nameopt multiline -in $root/cert/ca.crt | grep organizationName | awk -F "= " '{ print $2 }'`
 
diff --git a/sca-cpp/trunk/modules/http/open-auth-conf b/sca-cpp/trunk/modules/http/open-auth-conf
index f2304a0b86..2bd5bc3504 100755
--- a/sca-cpp/trunk/modules/http/open-auth-conf
+++ b/sca-cpp/trunk/modules/http/open-auth-conf
@@ -25,8 +25,6 @@ root=`readlink -f $1`
 conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
 host=`echo $conf | awk '{ print $6 }'`
 
-httpd_prefix=`cat $here/httpd.prefix`
-
 # Generate form authentication configuration
 cat >>$root/conf/auth.conf <<EOF
 # Generated by: open-auth-conf $*
@@ -36,7 +34,6 @@ AuthType Open
 AuthName "$host"
 AuthOpenAuth On
 AuthOpenAuthLoginPage /login
-AuthUserFile "$root/conf/httpd.passwd"
 Require valid-user
 </Location>
 
@@ -45,7 +42,6 @@ Require valid-user
 AuthType Form
 AuthName "$host"
 AuthFormProvider file
-AuthUserFile "$root/conf/httpd.passwd"
 AuthFormLoginRequiredLocation /login
 AuthFormLogoutLocation /
 Session On
@@ -57,10 +53,3 @@ SetHandler form-login-handler
 
 EOF
 
-# Create test users
-touch $root/conf/httpd.passwd
-$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd test test 2>/dev/null
-$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd admin admin 2>/dev/null
-$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd foo foo 2>/dev/null
-$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd bar bar 2>/dev/null
-
diff --git a/sca-cpp/trunk/modules/http/passwd-auth-conf b/sca-cpp/trunk/modules/http/passwd-auth-conf
new file mode 100755
index 0000000000..89a3f19e4b
--- /dev/null
+++ b/sca-cpp/trunk/modules/http/passwd-auth-conf
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#  
+#    http://www.apache.org/licenses/LICENSE-2.0
+#    
+#  Unless required by applicable law or agreed to in writing,
+#  software distributed under the License is distributed on an
+#  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#  KIND, either express or implied.  See the License for the
+#  specific language governing permissions and limitations
+#  under the License.
+
+here=`readlink -f $0`; here=`dirname $here`
+mkdir -p $1
+root=`readlink -f $1`
+user=$2
+pass=$3
+
+httpd_prefix=`cat $here/httpd.prefix`
+
+# Create password file
+touch $root/conf/httpd.passwd
+$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd $user $pass 2>/dev/null
+
diff --git a/sca-cpp/trunk/modules/http/tunnel-ssl-conf b/sca-cpp/trunk/modules/http/tunnel-ssl-conf
index c401a73253..8cf4ada20a 100755
--- a/sca-cpp/trunk/modules/http/tunnel-ssl-conf
+++ b/sca-cpp/trunk/modules/http/tunnel-ssl-conf
@@ -30,8 +30,6 @@ sslhost=$3
 sslport=$4
 tport=$5
 
-httpd_prefix=`cat $here/httpd.prefix`
-
 # Generate HTTPD configuration
 cat >>$root/conf/httpd.conf <<EOF
 # Generated by: tunnel-ssl-conf $*
author	jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68>	2010-12-03 03:59:19 +0000
committer	jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68>	2010-12-03 03:59:19 +0000
commit	8d13a8e4dbc51852b02c647b8c76b59a1922049b (patch)
tree	4708ff546febb6a9457daf967f7b8893610d8d06 /sca-cpp/trunk/modules/http
parent	6f3e045ffeef4645a182ccc80ecd37e1803dd44d (diff)