summaryrefslogtreecommitdiffstats
path: root/sca-cpp
diff options
context:
space:
mode:
Diffstat (limited to 'sca-cpp')
-rwxr-xr-xsca-cpp/trunk/modules/http/httpd-conf21
-rwxr-xr-xsca-cpp/trunk/modules/http/httpd-ssl-conf8
-rwxr-xr-xsca-cpp/trunk/modules/http/proxy-base-conf4
-rwxr-xr-xsca-cpp/trunk/modules/http/proxy-conf4
-rwxr-xr-xsca-cpp/trunk/modules/http/proxy-ssl-conf1
-rwxr-xr-xsca-cpp/trunk/modules/http/vhost-conf1
-rwxr-xr-xsca-cpp/trunk/modules/http/vhost-ssl-conf1
-rw-r--r--sca-cpp/trunk/modules/oauth/mod-oauth1.cpp5
-rw-r--r--sca-cpp/trunk/modules/oauth/mod-oauth2.cpp5
9 files changed, 37 insertions, 13 deletions
diff --git a/sca-cpp/trunk/modules/http/httpd-conf b/sca-cpp/trunk/modules/http/httpd-conf
index f940073a91..74b3944cc1 100755
--- a/sca-cpp/trunk/modules/http/httpd-conf
+++ b/sca-cpp/trunk/modules/http/httpd-conf
@@ -121,6 +121,7 @@ SetOutputFilter RATE_LIMIT;DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
+BrowserMatch ^check_http/ check_http
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
Header append Vary User-Agent env=!dont-vary
@@ -141,12 +142,24 @@ RewriteCond %{HTTP:X-Forwarded-Server} ^$ [NC]
RewriteRule .* http://$host$pportsuffix%{REQUEST_URI} [R]
</Location>
+# Enable server status
+<Location /server-status>
+SetHandler server-status
+HostnameLookups on
+</Location>
+
+<Location /server-info>
+SetHandler server-info
+HostnameLookups on
+</Location>
+
Include conf/svhost.conf
# Configure authentication
Include conf/noauth.conf
Include conf/locauth.conf
Include conf/pubauth.conf
+Include conf/adminauth.conf
</VirtualHost>
@@ -299,16 +312,16 @@ AuthType None
Require all granted
</Location>
+EOF
+
+cat >$root/conf/adminauth.conf <<EOF
+
# Allow the server admin to view the server status and info
<Location /server-status>
-SetHandler server-status
-HostnameLookups on
Require user admin
</Location>
<Location /server-info>
-SetHandler server-info
-HostnameLookups on
Require user admin
</Location>
diff --git a/sca-cpp/trunk/modules/http/httpd-ssl-conf b/sca-cpp/trunk/modules/http/httpd-ssl-conf
index cb5ccfb8db..420d08ff87 100755
--- a/sca-cpp/trunk/modules/http/httpd-ssl-conf
+++ b/sca-cpp/trunk/modules/http/httpd-ssl-conf
@@ -78,6 +78,7 @@ Include conf/svhost-ssl.conf
Include conf/noauth-ssl.conf
Include conf/locauth-ssl.conf
Include conf/pubauth-ssl.conf
+Include conf/adminauth-ssl.conf
</VirtualHost>
@@ -98,6 +99,13 @@ Include conf/pubauth.conf
EOF
+cat >$root/conf/adminauth-ssl.conf <<EOF
+# Generated by: httpd-ssl-conf $*
+# Allow admin access
+Include conf/adminauth.conf
+
+EOF
+
# Allow public access to server resources
cat >$root/conf/noauth-ssl.conf <<EOF
# Generated by: httpd-conf $*
diff --git a/sca-cpp/trunk/modules/http/proxy-base-conf b/sca-cpp/trunk/modules/http/proxy-base-conf
index e13ee0ef5d..c61c0e20d8 100755
--- a/sca-cpp/trunk/modules/http/proxy-base-conf
+++ b/sca-cpp/trunk/modules/http/proxy-base-conf
@@ -33,16 +33,14 @@ ProxyPass /server-info !
<Location /balancer-manager>
SetHandler balancer-manager
HostnameLookups on
-Require user admin
</Location>
EOF
-cat >>$root/conf/pubauth.conf <<EOF
+cat >>$root/conf/adminauth.conf <<EOF
# Generated by: proxy-conf $*
# Allow the server admin to manage the load balancer
<Location /balancer-manager>
-HostnameLookups on
Require user admin
</Location>
diff --git a/sca-cpp/trunk/modules/http/proxy-conf b/sca-cpp/trunk/modules/http/proxy-conf
index 4c445db9fa..b2156e6f74 100755
--- a/sca-cpp/trunk/modules/http/proxy-conf
+++ b/sca-cpp/trunk/modules/http/proxy-conf
@@ -44,16 +44,14 @@ RequestHeader set X-Forwarded-Port %{SERVER_PORT}s
<Location /balancer-manager>
SetHandler balancer-manager
HostnameLookups on
-Require user admin
</Location>
EOF
-cat >>$root/conf/pubauth.conf <<EOF
+cat >>$root/conf/adminauth.conf <<EOF
# Generated by: proxy-conf $*
# Allow the server admin to manage the load balancer
<Location /balancer-manager>
-HostnameLookups on
Require user admin
</Location>
diff --git a/sca-cpp/trunk/modules/http/proxy-ssl-conf b/sca-cpp/trunk/modules/http/proxy-ssl-conf
index d87aea6670..94318d7db5 100755
--- a/sca-cpp/trunk/modules/http/proxy-ssl-conf
+++ b/sca-cpp/trunk/modules/http/proxy-ssl-conf
@@ -44,7 +44,6 @@ RequestHeader set X-Forwarded-Port %{SERVER_PORT}s
<Location /balancer-manager>
SetHandler balancer-manager
HostnameLookups on
-Require user admin
</Location>
EOF
diff --git a/sca-cpp/trunk/modules/http/vhost-conf b/sca-cpp/trunk/modules/http/vhost-conf
index 554a1638cd..6d977eb1d5 100755
--- a/sca-cpp/trunk/modules/http/vhost-conf
+++ b/sca-cpp/trunk/modules/http/vhost-conf
@@ -54,6 +54,7 @@ Include conf/dvhost.conf
Include conf/noauth.conf
Include conf/auth.conf
Include conf/pubauth.conf
+Include conf/adminauth.conf
</VirtualHost>
diff --git a/sca-cpp/trunk/modules/http/vhost-ssl-conf b/sca-cpp/trunk/modules/http/vhost-ssl-conf
index 8445a20325..915137b51f 100755
--- a/sca-cpp/trunk/modules/http/vhost-ssl-conf
+++ b/sca-cpp/trunk/modules/http/vhost-ssl-conf
@@ -59,6 +59,7 @@ Include conf/dvhost-ssl.conf
Include conf/noauth-ssl.conf
Include conf/auth-ssl.conf
Include conf/pubauth-ssl.conf
+Include conf/adminauth-ssl.conf
</VirtualHost>
diff --git a/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp b/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp
index 29fe756178..b927315393 100644
--- a/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp
+++ b/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp
@@ -435,7 +435,10 @@ static int checkAuthn(request_rec *r) {
return httpd::reportStatus(accessToken(httpd::queryArgs(r), r, sc.appkeys, sc.mc));
}
- // Redirect to the login page, unless we have a session id from another module
+ // Redirect to the login page, unless we have a session id or an authorization
+ // header from another module
+ if (apr_table_get(r->headers_in, (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authorization" : "Authorization") != NULL)
+ return DECLINED;
if (hasContent(openauth::sessionID(r, "TuscanyOpenIDAuth")) ||
hasContent(openauth::sessionID(r, "TuscanyOpenAuth")) ||
hasContent(openauth::sessionID(r, "TuscanyOAuth2")))
diff --git a/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp b/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp
index dbede7ed8b..05ad77d646 100644
--- a/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp
+++ b/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp
@@ -308,7 +308,10 @@ static int checkAuthn(request_rec *r) {
return httpd::reportStatus(accessToken(httpd::queryArgs(r), r, sc.appkeys, sc.cs, sc.mc));
}
- // Redirect to the login page, unless we have a session id from another module
+ // Redirect to the login page, unless we have a session id or an authorization
+ // header from another module
+ if (apr_table_get(r->headers_in, (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authorization" : "Authorization") != NULL)
+ return DECLINED;
if (hasContent(openauth::sessionID(r, "TuscanyOpenIDAuth")) ||
hasContent(openauth::sessionID(r, "TuscanyOpenAuth")) ||
hasContent(openauth::sessionID(r, "TuscanyOAuth1")))