smeserver-phpvirtualbox/contribs8/smeserver-phpvirtualbox-unix-group.patch

diff -Nur smeserver-phpvirtualbox-4.3.0-old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth smeserver-phpvirtualbox-4.3.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth
--- smeserver-phpvirtualbox-4.3.0-old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth        1970-01-01 01:00:00.000000000 +0100
+++ smeserver-phpvirtualbox-4.3.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth    2013-10-23 21:31:24.000000000 +0200
@@ -0,0 +1,5 @@
+{
+        $OUT .= "     AddExternalGroup ugroup /usr/lib/httpd/modules/unixgroup\n";
+        $OUT .= "     SetExternalGroupMethod ugroup environment\n";
+}
+
diff -Nur smeserver-phpvirtualbox-4.3.0-old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/92phpvirtualhost smeserver-phpvirtualbox-4.3.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/92phpvirtualhost
--- smeserver-phpvirtualbox-4.3.0-old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/92phpvirtualhost     2013-10-23 21:23:18.000000000 +0200
+++ smeserver-phpvirtualbox-4.3.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/92phpvirtualhost 2013-10-23 21:36:05.000000000 +0200
@@ -4,51 +4,9 @@
             unless $status eq 'enabled';
 
     $OUT = "";
-    my $allow = 'all';
-    my $pass = '0';
-    my $satisfy = 'all';
-    my $name = $phpvirtualbox{'Name'} || 'phpvirtualbox';
+      my $satisfy = 'all';
+      my $name = $phpvirtualbox{'Name'} || 'phpvirtualbox';
     
-    for ('exit-if-none')
-    {
-      if ($phpvirtualbox{'PublicAccess'})
-      {
-          if ($phpvirtualbox{'PublicAccess'} eq 'none')
-          {
-           next;
-          }
-          elsif ($phpvirtualbox{'PublicAccess'} eq 'local')
-          {
-            $allow   = $localAccess;
-            $pass    = 0;
-            $satisfy = 'all';
-          }
-          elsif ($phpvirtualbox{'PublicAccess'} eq 'local-pw')
-          {
-            $allow   = $localAccess;
-            $pass    = 1;
-            $satisfy = 'all';
-          }
-          elsif ($phpvirtualbox{'PublicAccess'} eq 'global')
-          {
-            $allow   = 'all';
-            $pass    = 0;
-            $satisfy = 'all';
-          }
-          elsif ($phpvirtualbox{'PublicAccess'} eq 'global-pw')
-          {
-            $allow   = 'all';
-            $pass    = 1;
-            $satisfy = 'all';
-          }
-          elsif ($phpvirtualbox{'PublicAccess'} eq 'global-pw-remote')
-          {
-            $allow   = $localAccess;
-            $pass    = 1;
-            $satisfy = 'any';
-          }
-      }
-      
       $OUT .= "#------------------------------------------------------------\n";
       $OUT .= "# phpvirtualbox - $name\n";
       $OUT .= "#------------------------------------------------------------\n";
@@ -57,27 +15,30 @@
         if ((exists $phpvirtualbox{'URL'}) && ($phpvirtualbox{'URL'} ne ''))
         { $OUT .= "Alias  /$phpvirtualbox{'URL'}  /opt/phpvirtualbox\n"; }
       }
-     
+    { 
       $OUT .= "Alias  /phpvirtualbox  /opt/phpvirtualbox\n";
       
       $OUT .= "\n";
       $OUT .= "<Directory /opt/phpvirtualbox>\n";
+      $OUT .= "    SSLRequireSSL\n";
       $OUT .= "    order deny,allow\n";
       $OUT .= "    deny from all\n";
-      $OUT .= "    allow from $allow\n";
+      $OUT .= "    allow from $localAccess\n";
       $OUT .= "    php_admin_value upload_tmp_dir /tmp\n";
 
-      if ($pass)
-      {
           $OUT .= "    AuthName \"$name\"\n";
           $OUT .= "    AuthType Basic\n";
           $OUT .= "    AuthExternal pwauth\n";
-          $OUT .= "    require valid-user\n";
+          $OUT .= "    GroupExternal ugroup\n";
+          $OUT .= "    AuthzUserAuthoritative off\n";
+          $OUT .= "    require user $phpvirtualbox{'User'}\n";
+          $OUT .= "    require group $phpvirtualbox{'Group'}\n";
           $OUT .= "    Satisfy $satisfy\n";
-      }
+
       $OUT .= "    AddType application/x-httpd-php .php\n";
       $OUT .= "    php_admin_value open_basedir /opt/phpvirtualbox\n";
       $OUT .= "    php_admin_value eaccelerator.enable 1\n";
       $OUT .= "</Directory>\n";
     }
 }
+
diff -Nur smeserver-phpvirtualbox-4.3.0-old/root/usr/lib/httpd/modules/unixgroup smeserver-phpvirtualbox-4.3.0/root/usr/lib/httpd/modules/unixgroup
--- smeserver-phpvirtualbox-4.3.0-old/root/usr/lib/httpd/modules/unixgroup      1970-01-01 01:00:00.000000000 +0100
+++ smeserver-phpvirtualbox-4.3.0/root/usr/lib/httpd/modules/unixgroup  2013-10-23 21:33:29.000000000 +0200
@@ -0,0 +1,69 @@
+#!/usr/bin/perl
+#
+# This is a group authenticator for use with mod_auth_external using the
+# "environment" argument passing method.  If you are using mod_authnz_external,
+# then a much better choice is to use mod_authz_unixgroup for group checking.
+# It checks if the Unix user ID passed in the USER environment variable is in
+# any of Unix groups (names or numbers) listed in the GROUP environment
+# variable.  It returns
+#     0 - if the user is in one of the groups
+#     1 - if the user is not in any of the groups
+#     2 - if the user does not exist.
+#
+# This isn't a very efficient way to do group checking.  I hope to find time
+# to do something better someday.
+#
+# Typical Usage:
+# In httpd.conf declare an pwauth authenticator and a unixgroup authenticator:
+#
+#   AddExternalAuth pwauth /path/to/pwauth
+#   SetExternalAuthMethod pwauth pipe
+#   AddExternalGroup unixgroup /path/to/unixgroup
+#   SetExternalGroupMethod unixgroup environment
+#
+# In .htaccess file do something like
+#
+#   AuthType Basic
+#   AuthName SystemName
+#   AuthExternal pwauth
+#   GroupExternal unixgroup
+#   require group customers admins staff
+#
+# Here "SystemName" is a string that will be included in the pop-up login
+# box, all Unix groupnames which are to be allowed to login are listed on the
+# "require group" command.  If you are using this with mod_authnz_external,
+# you'll need to add the directive "AuthBasicProvider external", but if you are
+# using mod_authnz_external, you should be using mod_authz_unixgroup instead
+# of this.
+
+# Get primary GID number for the user
+$user= $ENV{USER};
+$gid= (getpwnam($user))[3];
+exit 2 if !defined $gid;       # user does not exist - Reject
+
+# Loop through groups
+foreach $group (split ' ', $ENV{GROUP})
+{
+    if ($group =~ /^\d+$/)
+    {
+       # Group given as GID number
+       exit 0 if ($group == $gid);
+       # Get list of members
+       $members= (getgrgid($group))[3];
+    }
+    else
+    {
+       # Group given by name
+       ($gname, $x, $ggid, $members)= getgrnam($group);
+       next if !$gname;        # skip non-existant group
+       exit 0 if ($ggid == $gid);
+    }
+
+    # Check if user is in member list
+    foreach $mem (split ' ',$members)
+    {
+       exit 0 if ($user eq $mem);
+    }
+}
+
+exit 1;
1	unnilennium	1.1	diff -Nur smeserver-phpvirtualbox-4.3.0-old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth smeserver-phpvirtualbox-4.3.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth
2			--- smeserver-phpvirtualbox-4.3.0-old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth 1970-01-01 01:00:00.000000000 +0100
3			+++ smeserver-phpvirtualbox-4.3.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth 2013-10-23 21:31:24.000000000 +0200
4			@@ -0,0 +1,5 @@
5			+{
6			+ $OUT .= " AddExternalGroup ugroup /usr/lib/httpd/modules/unixgroup\n";
7			+ $OUT .= " SetExternalGroupMethod ugroup environment\n";
8			+}
9			+
10			diff -Nur smeserver-phpvirtualbox-4.3.0-old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/92phpvirtualhost smeserver-phpvirtualbox-4.3.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/92phpvirtualhost
11			--- smeserver-phpvirtualbox-4.3.0-old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/92phpvirtualhost 2013-10-23 21:23:18.000000000 +0200
12			+++ smeserver-phpvirtualbox-4.3.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/92phpvirtualhost 2013-10-23 21:36:05.000000000 +0200
13			@@ -4,51 +4,9 @@
14			unless $status eq 'enabled';
15
16			$OUT = "";
17			- my $allow = 'all';
18			- my $pass = '0';
19			- my $satisfy = 'all';
20			- my $name = $phpvirtualbox{'Name'} \|\| 'phpvirtualbox';
21			+ my $satisfy = 'all';
22			+ my $name = $phpvirtualbox{'Name'} \|\| 'phpvirtualbox';
23
24			- for ('exit-if-none')
25			- {
26			- if ($phpvirtualbox{'PublicAccess'})
27			- {
28			- if ($phpvirtualbox{'PublicAccess'} eq 'none')
29			- {
30			- next;
31			- }
32			- elsif ($phpvirtualbox{'PublicAccess'} eq 'local')
33			- {
34			- $allow = $localAccess;
35			- $pass = 0;
36			- $satisfy = 'all';
37			- }
38			- elsif ($phpvirtualbox{'PublicAccess'} eq 'local-pw')
39			- {
40			- $allow = $localAccess;
41			- $pass = 1;
42			- $satisfy = 'all';
43			- }
44			- elsif ($phpvirtualbox{'PublicAccess'} eq 'global')
45			- {
46			- $allow = 'all';
47			- $pass = 0;
48			- $satisfy = 'all';
49			- }
50			- elsif ($phpvirtualbox{'PublicAccess'} eq 'global-pw')
51			- {
52			- $allow = 'all';
53			- $pass = 1;
54			- $satisfy = 'all';
55			- }
56			- elsif ($phpvirtualbox{'PublicAccess'} eq 'global-pw-remote')
57			- {
58			- $allow = $localAccess;
59			- $pass = 1;
60			- $satisfy = 'any';
61			- }
62			- }
63			-
64			$OUT .= "#------------------------------------------------------------\n";
65			$OUT .= "# phpvirtualbox - $name\n";
66			$OUT .= "#------------------------------------------------------------\n";
67			@@ -57,27 +15,30 @@
68			if ((exists $phpvirtualbox{'URL'}) && ($phpvirtualbox{'URL'} ne ''))
69			{ $OUT .= "Alias /$phpvirtualbox{'URL'} /opt/phpvirtualbox\n"; }
70			}
71			-
72			+ {
73			$OUT .= "Alias /phpvirtualbox /opt/phpvirtualbox\n";
74
75			$OUT .= "\n";
76			$OUT .= "<Directory /opt/phpvirtualbox>\n";
77			+ $OUT .= " SSLRequireSSL\n";
78			$OUT .= " order deny,allow\n";
79			$OUT .= " deny from all\n";
80			- $OUT .= " allow from $allow\n";
81			+ $OUT .= " allow from $localAccess\n";
82			$OUT .= " php_admin_value upload_tmp_dir /tmp\n";
83
84			- if ($pass)
85			- {
86			$OUT .= " AuthName \"$name\"\n";
87			$OUT .= " AuthType Basic\n";
88			$OUT .= " AuthExternal pwauth\n";
89			- $OUT .= " require valid-user\n";
90			+ $OUT .= " GroupExternal ugroup\n";
91			+ $OUT .= " AuthzUserAuthoritative off\n";
92			+ $OUT .= " require user $phpvirtualbox{'User'}\n";
93			+ $OUT .= " require group $phpvirtualbox{'Group'}\n";
94			$OUT .= " Satisfy $satisfy\n";
95			- }
96			+
97			$OUT .= " AddType application/x-httpd-php .php\n";
98			$OUT .= " php_admin_value open_basedir /opt/phpvirtualbox\n";
99			$OUT .= " php_admin_value eaccelerator.enable 1\n";
100			$OUT .= "</Directory>\n";
101			}
102			}
103			+
104			diff -Nur smeserver-phpvirtualbox-4.3.0-old/root/usr/lib/httpd/modules/unixgroup smeserver-phpvirtualbox-4.3.0/root/usr/lib/httpd/modules/unixgroup
105			--- smeserver-phpvirtualbox-4.3.0-old/root/usr/lib/httpd/modules/unixgroup 1970-01-01 01:00:00.000000000 +0100
106			+++ smeserver-phpvirtualbox-4.3.0/root/usr/lib/httpd/modules/unixgroup 2013-10-23 21:33:29.000000000 +0200
107			@@ -0,0 +1,69 @@
108			+#!/usr/bin/perl
109			+#
110			+# This is a group authenticator for use with mod_auth_external using the
111			+# "environment" argument passing method. If you are using mod_authnz_external,
112			+# then a much better choice is to use mod_authz_unixgroup for group checking.
113			+# It checks if the Unix user ID passed in the USER environment variable is in
114			+# any of Unix groups (names or numbers) listed in the GROUP environment
115			+# variable. It returns
116			+# 0 - if the user is in one of the groups
117			+# 1 - if the user is not in any of the groups
118			+# 2 - if the user does not exist.
119			+#
120			+# This isn't a very efficient way to do group checking. I hope to find time
121			+# to do something better someday.
122			+#
123			+# Typical Usage:
124			+# In httpd.conf declare an pwauth authenticator and a unixgroup authenticator:
125			+#
126			+# AddExternalAuth pwauth /path/to/pwauth
127			+# SetExternalAuthMethod pwauth pipe
128			+# AddExternalGroup unixgroup /path/to/unixgroup
129			+# SetExternalGroupMethod unixgroup environment
130			+#
131			+# In .htaccess file do something like
132			+#
133			+# AuthType Basic
134			+# AuthName SystemName
135			+# AuthExternal pwauth
136			+# GroupExternal unixgroup
137			+# require group customers admins staff
138			+#
139			+# Here "SystemName" is a string that will be included in the pop-up login
140			+# box, all Unix groupnames which are to be allowed to login are listed on the
141			+# "require group" command. If you are using this with mod_authnz_external,
142			+# you'll need to add the directive "AuthBasicProvider external", but if you are
143			+# using mod_authnz_external, you should be using mod_authz_unixgroup instead
144			+# of this.
145			+
146			+# Get primary GID number for the user
147			+$user= $ENV{USER};
148			+$gid= (getpwnam($user))[3];
149			+exit 2 if !defined $gid; # user does not exist - Reject
150			+
151			+# Loop through groups
152			+foreach $group (split ' ', $ENV{GROUP})
153			+{
154			+ if ($group =~ /^\d+$/)
155			+ {
156			+ # Group given as GID number
157			+ exit 0 if ($group == $gid);
158			+ # Get list of members
159			+ $members= (getgrgid($group))[3];
160			+ }
161			+ else
162			+ {
163			+ # Group given by name
164			+ ($gname, $x, $ggid, $members)= getgrnam($group);
165			+ next if !$gname; # skip non-existant group
166			+ exit 0 if ($ggid == $gid);
167			+ }
168			+
169			+ # Check if user is in member list
170			+ foreach $mem (split ' ',$members)
171			+ {
172			+ exit 0 if ($user eq $mem);
173			+ }
174			+}
175			+
176			+exit 1;