From 8d13a8e4dbc51852b02c647b8c76b59a1922049b Mon Sep 17 00:00:00 2001 From: jsdelfino Date: Fri, 3 Dec 2010 03:59:19 +0000 Subject: Add scripts to support 'Require valid-user' and 'Require group' authz configurations separately. git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1041681 13f79535-47bb-0310-9956-ffa450edef68 --- sca-cpp/trunk/modules/http/Makefile.am | 2 +- sca-cpp/trunk/modules/http/basic-auth-conf | 10 ------- sca-cpp/trunk/modules/http/cert-auth-conf | 6 +--- sca-cpp/trunk/modules/http/form-auth-conf | 10 ------- sca-cpp/trunk/modules/http/group-auth-conf | 44 +++++++++++++++++++++++++++++ sca-cpp/trunk/modules/http/httpd-conf | 10 +++++++ sca-cpp/trunk/modules/http/httpd-ssl-conf | 2 -- sca-cpp/trunk/modules/http/open-auth-conf | 11 -------- sca-cpp/trunk/modules/http/passwd-auth-conf | 31 ++++++++++++++++++++ sca-cpp/trunk/modules/http/tunnel-ssl-conf | 2 -- 10 files changed, 87 insertions(+), 41 deletions(-) create mode 100755 sca-cpp/trunk/modules/http/group-auth-conf create mode 100755 sca-cpp/trunk/modules/http/passwd-auth-conf (limited to 'sca-cpp/trunk/modules/http') diff --git a/sca-cpp/trunk/modules/http/Makefile.am b/sca-cpp/trunk/modules/http/Makefile.am index af8ab4d1c3..a47b83fbf0 100644 --- a/sca-cpp/trunk/modules/http/Makefile.am +++ b/sca-cpp/trunk/modules/http/Makefile.am @@ -20,7 +20,7 @@ INCLUDES = -I${HTTPD_INCLUDE} incl_HEADERS = *.hpp incldir = $(prefix)/include/modules/http -dist_mod_SCRIPTS = httpd-conf httpd-addr httpd-start httpd-stop httpd-restart ssl-ca-conf ssl-cert-conf ssl-cert-find httpd-ssl-conf basic-auth-conf cert-auth-conf form-auth-conf open-auth-conf proxy-conf proxy-ssl-conf proxy-member-conf proxy-ssl-member-conf vhost-conf vhost-ssl-conf tunnel-ssl-conf httpd-worker-conf httpd-event-conf +dist_mod_SCRIPTS = httpd-conf httpd-addr httpd-start httpd-stop httpd-restart ssl-ca-conf ssl-cert-conf ssl-cert-find httpd-ssl-conf basic-auth-conf cert-auth-conf form-auth-conf open-auth-conf passwd-auth-conf group-auth-conf proxy-conf proxy-ssl-conf proxy-member-conf proxy-ssl-member-conf vhost-conf vhost-ssl-conf tunnel-ssl-conf httpd-worker-conf httpd-event-conf moddir=$(prefix)/modules/http curl_test_SOURCES = curl-test.cpp diff --git a/sca-cpp/trunk/modules/http/basic-auth-conf b/sca-cpp/trunk/modules/http/basic-auth-conf index 74f4a61959..c3018e1174 100755 --- a/sca-cpp/trunk/modules/http/basic-auth-conf +++ b/sca-cpp/trunk/modules/http/basic-auth-conf @@ -25,8 +25,6 @@ root=`readlink -f $1` conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"` host=`echo $conf | awk '{ print $6 }'` -httpd_prefix=`cat $here/httpd.prefix` - # Generate basic authentication configuration cat >>$root/conf/auth.conf <>$root/conf/auth.conf < EOF -# Create test users -touch $root/conf/httpd.passwd -$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd test test 2>/dev/null -$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd admin admin 2>/dev/null -$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd foo foo 2>/dev/null -$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd bar bar 2>/dev/null - diff --git a/sca-cpp/trunk/modules/http/cert-auth-conf b/sca-cpp/trunk/modules/http/cert-auth-conf index 00494d99f2..c6720c7ae4 100755 --- a/sca-cpp/trunk/modules/http/cert-auth-conf +++ b/sca-cpp/trunk/modules/http/cert-auth-conf @@ -25,8 +25,6 @@ root=`readlink -f $1` conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"` host=`echo $conf | awk '{ print $6 }'` -httpd_prefix=`cat $here/httpd.prefix` - # Generate authentication configuration cat >>$root/conf/auth.conf < EOF -# Create certificate-based users -touch $root/conf/httpd.passwd +# Create password file and certificate-based users cat >>$root/conf/httpd.passwd <>$root/conf/auth.conf <>$root/conf/auth.conf </dev/null -$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd admin admin 2>/dev/null -$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd foo foo 2>/dev/null -$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd bar bar 2>/dev/null - diff --git a/sca-cpp/trunk/modules/http/group-auth-conf b/sca-cpp/trunk/modules/http/group-auth-conf new file mode 100755 index 0000000000..dc8dad8641 --- /dev/null +++ b/sca-cpp/trunk/modules/http/group-auth-conf @@ -0,0 +1,44 @@ +#!/bin/sh + +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +here=`readlink -f $0`; here=`dirname $here` +mkdir -p $1 +root=`readlink -f $1` +user=$2 +group="members" + +# Add user to group +cat $root/conf/httpd.groups | awk " BEGIN { found = 0 } /$group: / { printf \"%s %s\n\", \$0, \"$user\"; found = 1 } !/$group: / { printf \"%s\n\", \$0 } END { if (found == 0) printf \"%s: %s\n\", \"$group\", \"$user\" } " >$root/conf/.httpd.groups.tmp 2>/dev/null +cp $root/conf/.httpd.groups.tmp $root/conf/httpd.groups +rm $root/conf/.httpd.groups.tmp + +# Generate HTTPD group authorization configuration +conf=`cat $root/conf/auth.conf | grep "Generated by: group-auth-conf"` +if [ "$conf" = "" ]; then + cat >>$root/conf/auth.conf < +AuthGroupFile "$root/conf/httpd.groups" +Require group members + + +EOF +fi + diff --git a/sca-cpp/trunk/modules/http/httpd-conf b/sca-cpp/trunk/modules/http/httpd-conf index a77141af5f..ed2b7bb06d 100755 --- a/sca-cpp/trunk/modules/http/httpd-conf +++ b/sca-cpp/trunk/modules/http/httpd-conf @@ -230,11 +230,21 @@ Require all granted # Allow authorized access to root location Options FollowSymLinks +AuthUserFile "$root/conf/httpd.passwd" Require all granted EOF +# Create password and group files +cat >$root/conf/httpd.passwd <$root/conf/httpd.groups <$root/conf/vhost.conf <>$root/conf/auth.conf < @@ -45,7 +42,6 @@ Require valid-user AuthType Form AuthName "$host" AuthFormProvider file -AuthUserFile "$root/conf/httpd.passwd" AuthFormLoginRequiredLocation /login AuthFormLogoutLocation / Session On @@ -57,10 +53,3 @@ SetHandler form-login-handler EOF -# Create test users -touch $root/conf/httpd.passwd -$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd test test 2>/dev/null -$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd admin admin 2>/dev/null -$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd foo foo 2>/dev/null -$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd bar bar 2>/dev/null - diff --git a/sca-cpp/trunk/modules/http/passwd-auth-conf b/sca-cpp/trunk/modules/http/passwd-auth-conf new file mode 100755 index 0000000000..89a3f19e4b --- /dev/null +++ b/sca-cpp/trunk/modules/http/passwd-auth-conf @@ -0,0 +1,31 @@ +#!/bin/sh + +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +here=`readlink -f $0`; here=`dirname $here` +mkdir -p $1 +root=`readlink -f $1` +user=$2 +pass=$3 + +httpd_prefix=`cat $here/httpd.prefix` + +# Create password file +touch $root/conf/httpd.passwd +$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd $user $pass 2>/dev/null + diff --git a/sca-cpp/trunk/modules/http/tunnel-ssl-conf b/sca-cpp/trunk/modules/http/tunnel-ssl-conf index c401a73253..8cf4ada20a 100755 --- a/sca-cpp/trunk/modules/http/tunnel-ssl-conf +++ b/sca-cpp/trunk/modules/http/tunnel-ssl-conf @@ -30,8 +30,6 @@ sslhost=$3 sslport=$4 tport=$5 -httpd_prefix=`cat $here/httpd.prefix` - # Generate HTTPD configuration cat >>$root/conf/httpd.conf <