/[smecontribs]/rpms/smeserver-phpvirtualbox/contribs8/smeserver-phpvirtualbox-unix-group.patch
ViewVC logotype

Annotation of /rpms/smeserver-phpvirtualbox/contribs8/smeserver-phpvirtualbox-unix-group.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Mon Dec 30 07:39:44 2013 UTC (10 years, 11 months ago) by unnilennium
Branch: MAIN
CVS Tags: smeserver-phpvirtualbox-4_3_0-10_el5_sme, smeserver-phpvirtualbox-4_3_0-9_el5_sme, smeserver-phpvirtualbox-4_3_0-9, HEAD
Initial import

1 unnilennium 1.1 diff -Nur smeserver-phpvirtualbox-4.3.0-old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth smeserver-phpvirtualbox-4.3.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth
2     --- smeserver-phpvirtualbox-4.3.0-old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth 1970-01-01 01:00:00.000000000 +0100
3     +++ smeserver-phpvirtualbox-4.3.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth 2013-10-23 21:31:24.000000000 +0200
4     @@ -0,0 +1,5 @@
5     +{
6     + $OUT .= " AddExternalGroup ugroup /usr/lib/httpd/modules/unixgroup\n";
7     + $OUT .= " SetExternalGroupMethod ugroup environment\n";
8     +}
9     +
10     diff -Nur smeserver-phpvirtualbox-4.3.0-old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/92phpvirtualhost smeserver-phpvirtualbox-4.3.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/92phpvirtualhost
11     --- smeserver-phpvirtualbox-4.3.0-old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/92phpvirtualhost 2013-10-23 21:23:18.000000000 +0200
12     +++ smeserver-phpvirtualbox-4.3.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/92phpvirtualhost 2013-10-23 21:36:05.000000000 +0200
13     @@ -4,51 +4,9 @@
14     unless $status eq 'enabled';
15    
16     $OUT = "";
17     - my $allow = 'all';
18     - my $pass = '0';
19     - my $satisfy = 'all';
20     - my $name = $phpvirtualbox{'Name'} || 'phpvirtualbox';
21     + my $satisfy = 'all';
22     + my $name = $phpvirtualbox{'Name'} || 'phpvirtualbox';
23    
24     - for ('exit-if-none')
25     - {
26     - if ($phpvirtualbox{'PublicAccess'})
27     - {
28     - if ($phpvirtualbox{'PublicAccess'} eq 'none')
29     - {
30     - next;
31     - }
32     - elsif ($phpvirtualbox{'PublicAccess'} eq 'local')
33     - {
34     - $allow = $localAccess;
35     - $pass = 0;
36     - $satisfy = 'all';
37     - }
38     - elsif ($phpvirtualbox{'PublicAccess'} eq 'local-pw')
39     - {
40     - $allow = $localAccess;
41     - $pass = 1;
42     - $satisfy = 'all';
43     - }
44     - elsif ($phpvirtualbox{'PublicAccess'} eq 'global')
45     - {
46     - $allow = 'all';
47     - $pass = 0;
48     - $satisfy = 'all';
49     - }
50     - elsif ($phpvirtualbox{'PublicAccess'} eq 'global-pw')
51     - {
52     - $allow = 'all';
53     - $pass = 1;
54     - $satisfy = 'all';
55     - }
56     - elsif ($phpvirtualbox{'PublicAccess'} eq 'global-pw-remote')
57     - {
58     - $allow = $localAccess;
59     - $pass = 1;
60     - $satisfy = 'any';
61     - }
62     - }
63     -
64     $OUT .= "#------------------------------------------------------------\n";
65     $OUT .= "# phpvirtualbox - $name\n";
66     $OUT .= "#------------------------------------------------------------\n";
67     @@ -57,27 +15,30 @@
68     if ((exists $phpvirtualbox{'URL'}) && ($phpvirtualbox{'URL'} ne ''))
69     { $OUT .= "Alias /$phpvirtualbox{'URL'} /opt/phpvirtualbox\n"; }
70     }
71     -
72     + {
73     $OUT .= "Alias /phpvirtualbox /opt/phpvirtualbox\n";
74    
75     $OUT .= "\n";
76     $OUT .= "<Directory /opt/phpvirtualbox>\n";
77     + $OUT .= " SSLRequireSSL\n";
78     $OUT .= " order deny,allow\n";
79     $OUT .= " deny from all\n";
80     - $OUT .= " allow from $allow\n";
81     + $OUT .= " allow from $localAccess\n";
82     $OUT .= " php_admin_value upload_tmp_dir /tmp\n";
83    
84     - if ($pass)
85     - {
86     $OUT .= " AuthName \"$name\"\n";
87     $OUT .= " AuthType Basic\n";
88     $OUT .= " AuthExternal pwauth\n";
89     - $OUT .= " require valid-user\n";
90     + $OUT .= " GroupExternal ugroup\n";
91     + $OUT .= " AuthzUserAuthoritative off\n";
92     + $OUT .= " require user $phpvirtualbox{'User'}\n";
93     + $OUT .= " require group $phpvirtualbox{'Group'}\n";
94     $OUT .= " Satisfy $satisfy\n";
95     - }
96     +
97     $OUT .= " AddType application/x-httpd-php .php\n";
98     $OUT .= " php_admin_value open_basedir /opt/phpvirtualbox\n";
99     $OUT .= " php_admin_value eaccelerator.enable 1\n";
100     $OUT .= "</Directory>\n";
101     }
102     }
103     +
104     diff -Nur smeserver-phpvirtualbox-4.3.0-old/root/usr/lib/httpd/modules/unixgroup smeserver-phpvirtualbox-4.3.0/root/usr/lib/httpd/modules/unixgroup
105     --- smeserver-phpvirtualbox-4.3.0-old/root/usr/lib/httpd/modules/unixgroup 1970-01-01 01:00:00.000000000 +0100
106     +++ smeserver-phpvirtualbox-4.3.0/root/usr/lib/httpd/modules/unixgroup 2013-10-23 21:33:29.000000000 +0200
107     @@ -0,0 +1,69 @@
108     +#!/usr/bin/perl
109     +#
110     +# This is a group authenticator for use with mod_auth_external using the
111     +# "environment" argument passing method. If you are using mod_authnz_external,
112     +# then a much better choice is to use mod_authz_unixgroup for group checking.
113     +# It checks if the Unix user ID passed in the USER environment variable is in
114     +# any of Unix groups (names or numbers) listed in the GROUP environment
115     +# variable. It returns
116     +# 0 - if the user is in one of the groups
117     +# 1 - if the user is not in any of the groups
118     +# 2 - if the user does not exist.
119     +#
120     +# This isn't a very efficient way to do group checking. I hope to find time
121     +# to do something better someday.
122     +#
123     +# Typical Usage:
124     +# In httpd.conf declare an pwauth authenticator and a unixgroup authenticator:
125     +#
126     +# AddExternalAuth pwauth /path/to/pwauth
127     +# SetExternalAuthMethod pwauth pipe
128     +# AddExternalGroup unixgroup /path/to/unixgroup
129     +# SetExternalGroupMethod unixgroup environment
130     +#
131     +# In .htaccess file do something like
132     +#
133     +# AuthType Basic
134     +# AuthName SystemName
135     +# AuthExternal pwauth
136     +# GroupExternal unixgroup
137     +# require group customers admins staff
138     +#
139     +# Here "SystemName" is a string that will be included in the pop-up login
140     +# box, all Unix groupnames which are to be allowed to login are listed on the
141     +# "require group" command. If you are using this with mod_authnz_external,
142     +# you'll need to add the directive "AuthBasicProvider external", but if you are
143     +# using mod_authnz_external, you should be using mod_authz_unixgroup instead
144     +# of this.
145     +
146     +# Get primary GID number for the user
147     +$user= $ENV{USER};
148     +$gid= (getpwnam($user))[3];
149     +exit 2 if !defined $gid; # user does not exist - Reject
150     +
151     +# Loop through groups
152     +foreach $group (split ' ', $ENV{GROUP})
153     +{
154     + if ($group =~ /^\d+$/)
155     + {
156     + # Group given as GID number
157     + exit 0 if ($group == $gid);
158     + # Get list of members
159     + $members= (getgrgid($group))[3];
160     + }
161     + else
162     + {
163     + # Group given by name
164     + ($gname, $x, $ggid, $members)= getgrnam($group);
165     + next if !$gname; # skip non-existant group
166     + exit 0 if ($ggid == $gid);
167     + }
168     +
169     + # Check if user is in member list
170     + foreach $mem (split ' ',$members)
171     + {
172     + exit 0 if ($user eq $mem);
173     + }
174     +}
175     +
176     +exit 1;

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed