smeserver-shared-folders/contribs10/smeserver-shared-folders-0.3-bz12060-httpd24.patch

diff -Nur --no-dereference smeserver-shared-folders-0.3.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess50shares smeserver-shared-folders-0.3/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess50shares
--- smeserver-shared-folders-0.3.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess50shares       2022-07-25 02:05:42.911000000 -0400
+++ smeserver-shared-folders-0.3/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess50shares   2022-07-25 02:50:54.087000000 -0400
@@ -11,10 +11,14 @@
         my $key = $share->key;
 
        my $allow;
+       my $allow24;
         my $pass;
         my $satisfy;
+       my $satisfy24begin;
+       my $satisfy24end;
         my $davreaders;
         my $davwallow = '';
+       my $davwallow24 = '';
         my $webdav = (($properties{'WebDav'} || 'disabled') =~ m/^(enabled|on|yes)$/i) ? 1 : 0;
 
         # Find which users have read or write access
@@ -65,33 +69,49 @@
         if ($properties{'httpAccess'}) {
             if ($properties{'httpAccess'} eq 'local') {
                 $allow   = "$localAccess $externalSSLAccess";
+                $allow24 = "ip $localAccess $externalSSLAccess";
                 $pass    = 0;
                 $satisfy = 'all';
+               $satisfy24begin = "<RequireAll>";
+               $satisfy24end = "</RequireAll>";
                 $davreaders = '';
             }
             elsif ($properties{'httpAccess'} eq 'local-pw') {
                 $allow   = "$localAccess $externalSSLAccess";
+                $allow24 = "ip $localAccess $externalSSLAccess";
                 $pass    = 1;
                 $satisfy = 'all';
+                $satisfy24begin = "<RequireAll>";
+                $satisfy24end = "</RequireAll>";
                 $davreaders = "Require user $readers";
             }
             elsif ($properties{'httpAccess'} eq 'global') {
                 $allow   = 'all';
+                $allow24 = "all granted";
                 $pass    = 0;
                 $satisfy = 'all';
+                $satisfy24begin = "<RequireAll>";
+                $satisfy24end = "</RequireAll>";
                 $davreaders = '';
             }
             elsif ($properties{'httpAccess'} eq 'global-pw') {
                 $allow   = 'all';
+                $allow24 = "all granted";
                 $pass    = 1;
                 $satisfy = 'all';
+                $satisfy24begin = "<RequireAll>";
+                $satisfy24end = "</RequireAll>";
                 $davreaders = "Require user $readers";
             }
             elsif ($properties{'httpAccess'} eq 'global-pw-remote') {
                 $allow   = "$localAccess $externalSSLAccess";
+                $allow24 = "ip $localAccess $externalSSLAccess";
                 $davwallow = 'all';
+               $davwallow24 = "all granted"; 
                 $pass    = 1;
                 $satisfy = 'any';
+                $satisfy24begin = "<RequireAny>";
+                $satisfy24end = "</RequireAny>";
                 $davreaders = "Require user $readers";
             }
             else {
@@ -99,6 +119,7 @@
             }
         }
         $davwallow = $allow if ($davwallow eq '');
+       $davwallow24 = $allow24 if ($davwallow24 eq '');
         my $allowOverride = $properties{'AllowOverride'} || "None";
         my $followSymLinks = $properties{'FollowSymLinks'} || "disabled";
         my $indexes = $properties{'Indexes'} || "enabled";
@@ -152,26 +173,41 @@
             $OUT .= "    DirectoryIndex index.shtml index.htm index.html\n";
             $OUT .= "    Options +IncludesNOEXEC\n";
             $OUT .= "    <FilesMatch \"\\.(php|php3|phtml|cgi|pl)\$\">\n";
+            $OUT .= "      <IfModule mod_access_compat.c>\n";
             $OUT .= "        order deny,allow\n";
             $OUT .= "        Deny from all\n"; 
+            $OUT .= "      </IfModule>\n";
+            $OUT .= "      <IfModule !mod_access_compat.c>\n";
+            $OUT .= "        Require all denied\n";
+            $OUT .= "      </IfModule>\n";
             $OUT .= "    </FilesMatch>\n";
         }
 
         $OUT .= "    AllowOverride $allowOverride\n";
         unless ($webdav){
-            $OUT .=<<"HERE";
-    order deny,allow
-    deny from all
-    allow from $allow
-HERE
+            $OUT .= "    <IfModule mod_access_compat.c>\n";
+            $OUT .= "      order deny,allow\n";
+            $OUT .= "      deny from all\n";
+            $OUT .= "      allow from $allow\n";
+            $OUT .= "    </IfModule>\n";
+            $OUT .= "    <IfModule !mod_access_compat.c>\n";
+            $OUT .= "      $satisfy24begin\n"; 
+            $OUT .= "        require user $readers\n" if ($pass);
+            $OUT .= "        Require $allow24\n";
+            $OUT .= "      $satisfy24end\n";
+            $OUT .= "    </IfModule>\n";
         }
         if ($pass || $webdav) {
             $OUT .= "    AuthName \"$properties{'Name'}\"\n";
             $OUT .= "    AuthType Basic\n";
             $OUT .= "    AuthExternal pwauth\n";
             $OUT .= "    AuthBasicProvider external\n";
-            $OUT .= "    require user $readers\n" unless ($webdav);
-            $OUT .= "    Satisfy $satisfy\n" unless ($webdav);
+            $OUT .= "    <IfModule mod_access_compat.c>\n" unless ($webdav);
+            $OUT .= "      require user $readers\n" unless ($webdav);
+            $OUT .= "      Satisfy $satisfy\n" unless ($webdav);
+            $OUT .= "    </IfModule>\n" unless ($webdav);
+
+
         }
         # WebDav is enabled only when auth is required
         if ($webdav) {
@@ -180,19 +216,35 @@
     Dav on
     # Read only access
     <Limit GET PROPFIND OPTIONS LOCK UNLOCK REPORT>
+      <IfModule mod_access_compat.c>
         order deny,allow
         deny from all
         allow from $allow
         $davreaders
         Satisfy $satisfy
+      </IfModule>
+      <IfModule !mod_access_compat.c>
+        $satisfy24begin
+          Require $allow24
+          $davreaders
+        $satisfy24end
+      </IfModule>
     </Limit>
     # Write access through webdav always requires authentication
     <LimitExcept GET PROPFIND OPTIONS LOCK UNLOCK REPORT>
+      <IfModule mod_access_compat.c>
         order deny,allow
         deny from all
         allow from $davwallow
         Require user $writers
         Satisfy all
+      </IfModule>
+      <IfModule !mod_access_compat.c>
+        <RequireAll>
+          Require $davwallow
+          Require user $writers
+        </RequireAll>
+      </IfModule>
     </LimitExcept>
 
 HERE
@@ -206,8 +258,13 @@
         }
         else {
             $OUT .= "<DirectoryMatch /home/e-smith/files/shares/$key/files/cgi-bin>\n";
-            $OUT .= "    order deny,allow\n";
-            $OUT .= "    Deny from all\n";
+            $OUT .= "    <IfModule mod_access_compat.c>\n";
+            $OUT .= "      order deny,allow\n";
+            $OUT .= "      Deny from all\n";
+            $OUT .= "    </IfModule>\n";
+            $OUT .= "    <IfModule !mod_access_compat.c>\n";
+            $OUT .= "      Require all denied\n";
+            $OUT .= "    </IfModule>\n";
             $OUT .= "</DirectoryMatch>\n";
         }
     }
1	jpp	1.1	diff -Nur --no-dereference smeserver-shared-folders-0.3.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess50shares smeserver-shared-folders-0.3/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess50shares
2			--- smeserver-shared-folders-0.3.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess50shares 2022-07-25 02:05:42.911000000 -0400
3			+++ smeserver-shared-folders-0.3/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess50shares 2022-07-25 02:50:54.087000000 -0400
4			@@ -11,10 +11,14 @@
5			my $key = $share->key;
6
7			my $allow;
8			+ my $allow24;
9			my $pass;
10			my $satisfy;
11			+ my $satisfy24begin;
12			+ my $satisfy24end;
13			my $davreaders;
14			my $davwallow = '';
15			+ my $davwallow24 = '';
16			my $webdav = (($properties{'WebDav'} \|\| 'disabled') =~ m/^(enabled\|on\|yes)$/i) ? 1 : 0;
17
18			# Find which users have read or write access
19			@@ -65,33 +69,49 @@
20			if ($properties{'httpAccess'}) {
21			if ($properties{'httpAccess'} eq 'local') {
22			$allow = "$localAccess $externalSSLAccess";
23			+ $allow24 = "ip $localAccess $externalSSLAccess";
24			$pass = 0;
25			$satisfy = 'all';
26			+ $satisfy24begin = "<RequireAll>";
27			+ $satisfy24end = "</RequireAll>";
28			$davreaders = '';
29			}
30			elsif ($properties{'httpAccess'} eq 'local-pw') {
31			$allow = "$localAccess $externalSSLAccess";
32			+ $allow24 = "ip $localAccess $externalSSLAccess";
33			$pass = 1;
34			$satisfy = 'all';
35			+ $satisfy24begin = "<RequireAll>";
36			+ $satisfy24end = "</RequireAll>";
37			$davreaders = "Require user $readers";
38			}
39			elsif ($properties{'httpAccess'} eq 'global') {
40			$allow = 'all';
41			+ $allow24 = "all granted";
42			$pass = 0;
43			$satisfy = 'all';
44			+ $satisfy24begin = "<RequireAll>";
45			+ $satisfy24end = "</RequireAll>";
46			$davreaders = '';
47			}
48			elsif ($properties{'httpAccess'} eq 'global-pw') {
49			$allow = 'all';
50			+ $allow24 = "all granted";
51			$pass = 1;
52			$satisfy = 'all';
53			+ $satisfy24begin = "<RequireAll>";
54			+ $satisfy24end = "</RequireAll>";
55			$davreaders = "Require user $readers";
56			}
57			elsif ($properties{'httpAccess'} eq 'global-pw-remote') {
58			$allow = "$localAccess $externalSSLAccess";
59			+ $allow24 = "ip $localAccess $externalSSLAccess";
60			$davwallow = 'all';
61			+ $davwallow24 = "all granted";
62			$pass = 1;
63			$satisfy = 'any';
64			+ $satisfy24begin = "<RequireAny>";
65			+ $satisfy24end = "</RequireAny>";
66			$davreaders = "Require user $readers";
67			}
68			else {
69			@@ -99,6 +119,7 @@
70			}
71			}
72			$davwallow = $allow if ($davwallow eq '');
73			+ $davwallow24 = $allow24 if ($davwallow24 eq '');
74			my $allowOverride = $properties{'AllowOverride'} \|\| "None";
75			my $followSymLinks = $properties{'FollowSymLinks'} \|\| "disabled";
76			my $indexes = $properties{'Indexes'} \|\| "enabled";
77			@@ -152,26 +173,41 @@
78			$OUT .= " DirectoryIndex index.shtml index.htm index.html\n";
79			$OUT .= " Options +IncludesNOEXEC\n";
80			$OUT .= " <FilesMatch \"\\.(php\|php3\|phtml\|cgi\|pl)\$\">\n";
81			+ $OUT .= " <IfModule mod_access_compat.c>\n";
82			$OUT .= " order deny,allow\n";
83			$OUT .= " Deny from all\n";
84			+ $OUT .= " </IfModule>\n";
85			+ $OUT .= " <IfModule !mod_access_compat.c>\n";
86			+ $OUT .= " Require all denied\n";
87			+ $OUT .= " </IfModule>\n";
88			$OUT .= " </FilesMatch>\n";
89			}
90
91			$OUT .= " AllowOverride $allowOverride\n";
92			unless ($webdav){
93			- $OUT .=<<"HERE";
94			- order deny,allow
95			- deny from all
96			- allow from $allow
97			-HERE
98			+ $OUT .= " <IfModule mod_access_compat.c>\n";
99			+ $OUT .= " order deny,allow\n";
100			+ $OUT .= " deny from all\n";
101			+ $OUT .= " allow from $allow\n";
102			+ $OUT .= " </IfModule>\n";
103			+ $OUT .= " <IfModule !mod_access_compat.c>\n";
104			+ $OUT .= " $satisfy24begin\n";
105			+ $OUT .= " require user $readers\n" if ($pass);
106			+ $OUT .= " Require $allow24\n";
107			+ $OUT .= " $satisfy24end\n";
108			+ $OUT .= " </IfModule>\n";
109			}
110			if ($pass \|\| $webdav) {
111			$OUT .= " AuthName \"$properties{'Name'}\"\n";
112			$OUT .= " AuthType Basic\n";
113			$OUT .= " AuthExternal pwauth\n";
114			$OUT .= " AuthBasicProvider external\n";
115			- $OUT .= " require user $readers\n" unless ($webdav);
116			- $OUT .= " Satisfy $satisfy\n" unless ($webdav);
117			+ $OUT .= " <IfModule mod_access_compat.c>\n" unless ($webdav);
118			+ $OUT .= " require user $readers\n" unless ($webdav);
119			+ $OUT .= " Satisfy $satisfy\n" unless ($webdav);
120			+ $OUT .= " </IfModule>\n" unless ($webdav);
121			+
122			+
123			}
124			# WebDav is enabled only when auth is required
125			if ($webdav) {
126			@@ -180,19 +216,35 @@
127			Dav on
128			# Read only access
129			<Limit GET PROPFIND OPTIONS LOCK UNLOCK REPORT>
130			+ <IfModule mod_access_compat.c>
131			order deny,allow
132			deny from all
133			allow from $allow
134			$davreaders
135			Satisfy $satisfy
136			+ </IfModule>
137			+ <IfModule !mod_access_compat.c>
138			+ $satisfy24begin
139			+ Require $allow24
140			+ $davreaders
141			+ $satisfy24end
142			+ </IfModule>
143			</Limit>
144			# Write access through webdav always requires authentication
145			<LimitExcept GET PROPFIND OPTIONS LOCK UNLOCK REPORT>
146			+ <IfModule mod_access_compat.c>
147			order deny,allow
148			deny from all
149			allow from $davwallow
150			Require user $writers
151			Satisfy all
152			+ </IfModule>
153			+ <IfModule !mod_access_compat.c>
154			+ <RequireAll>
155			+ Require $davwallow
156			+ Require user $writers
157			+ </RequireAll>
158			+ </IfModule>
159			</LimitExcept>
160
161			HERE
162			@@ -206,8 +258,13 @@
163			}
164			else {
165			$OUT .= "<DirectoryMatch /home/e-smith/files/shares/$key/files/cgi-bin>\n";
166			- $OUT .= " order deny,allow\n";
167			- $OUT .= " Deny from all\n";
168			+ $OUT .= " <IfModule mod_access_compat.c>\n";
169			+ $OUT .= " order deny,allow\n";
170			+ $OUT .= " Deny from all\n";
171			+ $OUT .= " </IfModule>\n";
172			+ $OUT .= " <IfModule !mod_access_compat.c>\n";
173			+ $OUT .= " Require all denied\n";
174			+ $OUT .= " </IfModule>\n";
175			$OUT .= "</DirectoryMatch>\n";
176			}
177			}