smeserver-subversion/contribs7/smeserver-subversion-1.4-ImplementReadWriteAccess4.patch

--- smeserver-subversion-1.4/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28SubversionContent.ImplementReadWriteAccess4    2008-02-24 16:55:12.000000000 +0100
+++ smeserver-subversion-1.4/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28SubversionContent      2008-02-24 16:56:15.000000000 +0100
@@ -47,7 +47,7 @@
             my %properties = $repository->props;
 
             my $error = "";
-            my $forceSSL;
+            my $forceSSL = '';
 
             my $allow;
             my $pass;
@@ -82,9 +82,6 @@
                     $pass    = 0;
                     $satisfy = 'all';
 
-                    $error .= "    # - Illegal or no value set for AccessType:\n";
-                    $error .= "    #   Only allowing access from localhost\n";
-
                 }
 
             }
@@ -120,204 +117,221 @@
             my $SVNAutoVersioning = $properties{'SVNAutoVersioning'} || 'off';
             my $ModMimeUsePathInfo = $properties{'ModMimeUsePathInfo'} || 'off';
 
-            # Always have a section for a virtualhost at port 80 and only if neccesarry 
-            # (when authentification is required and therefore passwords are transmitted)
-            # for a virtualhost at port 443.
-            if  ( ( ($pass eq 0) && ($port eq 80) ) || ( ($pass) || ($forceSSL) ) ) {
-
-                $OUT .= "\n";
-                $OUT .= "    #------------------------------------------------------------\n";
-                $OUT .= "    # $key repository directory ($properties{'Description'})\n";
-                $OUT .= "    # Some error(s) occurred:\n$error" if ($error);
-                $OUT .= "    #------------------------------------------------------------\n";
-
-                my $allowOverride = $properties{'AllowOverride'} || "None";
+            my $allowOverride = $properties{'AllowOverride'} || "None";
 
-                my $usersRead;
-                my @listRead;
+            my $usersRead;
+            my $groupsRead = '';
+            my @listRead;
 
-                if ($properties{'GroupsRead'}) {
+            if ($properties{'GroupsRead'}) {
 
-                    my @groupsRead = split (/,/, $properties{'GroupsRead'});
+                my @groupsRead = split (/,/, $properties{'GroupsRead'});
 
-                    foreach my $groupRead (@groupsRead) {
+                foreach my $groupRead (@groupsRead) {
 
-                        my $membersRead = $db_accounts->get_prop($groupRead, 'Members') || "";
+                    my $membersRead = $db_accounts->get_prop($groupRead, 'Members') || "";
 
-                        if (length($membersRead) > 0) {
+                    if (length($membersRead) > 0) {
 
-                           push @listRead, split (/,/, $membersRead);
+                        push @listRead, split (/,/, $membersRead);
 
-                        }
-                     
                     }
-
+                     
                 }
 
-                if ($properties{'UsersRead'}) {
+            }
 
-                     push @listRead, split (/,/, $properties{'UsersRead'});
+            if ($properties{'UsersRead'}) {
 
-                } 
+                push @listRead, split (/,/, $properties{'UsersRead'});
 
-                if (@listRead > 1) {
+            } 
 
-                    @listRead = sort(@listRead);
+            if (@listRead > 1) {
 
-                }
+                @listRead = sort(@listRead);
 
-                my $prevRead = '';
-                @listRead = grep($_ ne $prevRead && (($prevRead) = $_), @listRead);
+            }
 
-                $usersRead = join(" ", @listRead) || '';
+            my $prevRead = '';
+            @listRead = grep($_ ne $prevRead && (($prevRead) = $_), @listRead);
 
-                undef @listRead;
+            $usersRead = join(" ", @listRead) || '';
 
-                my $usersWrite;
-                my @listWrite;
+            undef @listRead;
 
-                if ($properties{'GroupsWrite'}) {
+            my $usersWrite;
+            my $groupsWrite = '';
+            my @listWrite;
 
-                    my @groupsWrite = split (/,/, $properties{'GroupsWrite'});
+            if ($properties{'GroupsWrite'}) {
 
-                    foreach my $groupWrite (@groupsWrite) {
+                my @groupsWrite = split (/,/, $properties{'GroupsWrite'});
 
-                        my $membersWrite = $db_accounts->get_prop($groupWrite, 'Members') || "";
+                foreach my $groupWrite (@groupsWrite) {
 
-                        if (length($membersWrite) > 0) {
+                    my $membersWrite = $db_accounts->get_prop($groupWrite, 'Members') || "";
 
-                           push @listWrite, split (/,/, $membersWrite);
+                    if (length($membersWrite) > 0) {
 
-                        }
+                        push @listWrite, split (/,/, $membersWrite);
 
                     }
 
                 }
 
-                if ($properties{'UsersWrite'}) {
+            }
 
-                     push @listWrite, split (/,/, $properties{'UsersWrite'});
+            if ($properties{'UsersWrite'}) {
 
-                }
+                push @listWrite, split (/,/, $properties{'UsersWrite'});
 
-                if (@listWrite > 1) {
+            }
 
-                    @listWrite = sort(@listWrite);
+            if (@listWrite > 1) {
 
-                }
+                @listWrite = sort(@listWrite);
 
-                my $prevWrite = '';
-                @listWrite = grep($_ ne $prevWrite && (($prevWrite) = $_), @listWrite);
+            }
 
-                $usersWrite = join(" ", @listWrite) || '';
+            my $prevWrite = '';
+            @listWrite = grep($_ ne $prevWrite && (($prevWrite) = $_), @listWrite);
 
-                undef @listWrite;
+            $usersWrite = join(" ", @listWrite) || '';
 
-                # Only when authentification is required or SSL is forced
-                if ( ($pass) || ($forceSSL) ) {
-
-                     # Enable RewriteRule only when neccesarry:
-                     # - when we are configureing the VirtualDomain for a non-secured port
-                     # - when module for SSL is loaded
-                     # - when plaintext passwords are not allowed
-                     # - when HTTP over SSL is forced
-                     if ( ($port ne "443") && ($haveSSL eq 'yes') && ( ($plainTextAccess ne 'yes') || ($forceSSL) ) ) {
-
-                        $OUT .= "\n";
-                        $OUT .= "    RewriteEngine on\n";
-                        $OUT .= "    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)\n";
-                        $OUT .= "    RewriteRule .* - [F]\n";
-                        $OUT .= "\n";
-                        $OUT .= "    RewriteRule ^/$key(/.*|\$)    https://%{HTTP_HOST}/$key\$1 [L,R]\n";
+            undef @listWrite;
 
-                    }
+            $OUT .= "\n";
+            $OUT .= "    #------------------------------------------------------------\n";
+            $OUT .= "    # $key repository directory ($properties{'Description'})\n";
+            $OUT .= "    #------------------------------------------------------------\n\n";
 
-                    # Enable authentification only when required and SSL is provided
-                    if ( ($pass) && ($port eq "443") ) {
+            # port = 80 &&
+            #  forceSSL = yes || pass = 1
+            #  groupsWrite ne "" &&
+            #   groupsRead || usersRead
+            #   groupsRead && usersRead
+            #  usersWrite ne "" &&
+            #   groupsRead || usersRead
+            #   groupsRead && usersRead
+
+            if ( ($port eq 80) && ( ($forceSSL eq 'yes') || ($pass eq 1) || ($groupsRead ne "") || ($usersRead ne "") || ( ($groupsRead ne "") && ($usersRead ne "") ) ) ){
+
+                $OUT .= "    # Redirecting: Only access over SSL allowed\n";
+                $OUT .= "    RewriteEngine on\n";
+                $OUT .= "    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)\n";
+                $OUT .= "    RewriteRule .* - [F]\n";
+                $OUT .= "    RewriteRule ^/$key(/.*|\$)    https://%{HTTP_HOST}/$key\$1 [L,R]\n\n";
+
+            } else {
+
+                if ( ( ($port eq 80) && ($forceSSL ne 'yes') && ($pass ne 1) ) || ($port eq 443) ) {
+
+                    if ($port eq 443) {
 
-                        $OUT .= "\n";
                         $OUT .= "    AddExternalAuth pwauth /usr/lib/httpd/modules/pwauth\n";
-                        $OUT .= "    SetExternalAuthMethod pwauth pipe\n";
+                        $OUT .= "    SetExternalAuthMethod pwauth pipe\n\n";
 
                     }
-            
-                }
 
-                $OUT .= "\n";
-                $OUT .= "    <Location /$key>\n";
+                    $OUT .= "    <Location /$key>\n\n";
 
-                $OUT .= "\n";
-                $OUT .= "        DAV svn\n";
-                $OUT .= "        SVNPath /home/e-smith/files/repositories/$key\n";
-
-                $OUT .= "\n";
-                $OUT .= "        SVNAutoVersioning $SVNAutoVersioning\n";
-                $OUT .= "        ModMimeUsePathInfo $ModMimeUsePathInfo\n";
-
-                $OUT .= "\n";
-                $OUT .= "        Options None\n";
-                $OUT .= "        AllowOverride $allowOverride\n";
-                $OUT .= "        order deny,allow\n";
-                $OUT .= "        deny from all\n";
-
-                # Only allow when really allowed:
-                # - a secure connection is available and authentification is required
-                # - authentification is not required and no SSL is forced
-                # - a secure connection is unavailable
-                if ( ($port eq "443") || ( ($pass eq 0) && ($forceSSL eq 0) ) || ($haveSSL ne 'yes') ) {
+                    $OUT .= "        DAV svn\n";
+                    $OUT .= "        SVNPath /home/e-smith/files/repositories/$key\n\n";
 
-                    $OUT .= "        allow from $allow\n";
+                    $OUT .= "        SVNAutoVersioning $SVNAutoVersioning\n\n";
+                    $OUT .= "        ModMimeUsePathInfo $ModMimeUsePathInfo\n\n";
 
-                    # Enable authentification against the SME Server users and groups when required
-                    if ($pass) {
+                    if ( ($port eq 443) && ( ($forceSSL eq 'yes') || ($pass eq 1) ) && ($groupsWrite ne "") || ($usersWrite ne "") || ($groupsRead ne "") || ($usersRead ne "") ) {
 
-                        $OUT .= "\n";
                         $OUT .= "        AuthName \"$properties{'Description'}\"\n";
                         $OUT .= "        AuthType Basic\n";
-                        $OUT .= "        AuthExternal pwauth\n";
+                        $OUT .= "        AuthExternal pwauth\n\n";
 
+                    }
 
-                        if ($usersRead) {
+                    $OUT .= "        # Read access:\n";
+                    $OUT .= "        #  Anonymous access\n" unless ( ($groupsRead ne "") || ($usersRead ne "") );
+                    $OUT .= "        #  Group(s): " . ($groupsRead || "none") . "\n" unless ($groupsRead eq "");
+                    $OUT .= "        #  User(s) : " . ($usersRead || "none") . "\n" unless ($usersRead eq "");
 
-                            $OUT .= "        <Limit GET PROPFIND OPTIONS REPORT>\n";
-                            $OUT .= "            Require user $usersRead\n";
-                            $OUT .= "        </Limit>\n";
+#                    $OUT .= "        <LimitExcept GET PROPFIND OPTIONS REPORT>\n";
+                    $OUT .= "        <Limit GET PROPFIND OPTIONS REPORT>\n";
 
-                        }
+                    $OUT .= "            order deny,allow\n";
+                    $OUT .= "            deny from all\n";
 
-                        if ($groupsRead) {
+                    if ( ( ($groupsRead eq "") && ($usersRead eq "") ) || ( ( ($groupsRead ne "") || ($usersRead ne "") ) && ($port eq 443) ) ) {
 
-                            $OUT .= "        <Limit GET PROPFIND OPTIONS REPORT>\n";
-                            $OUT .= "            Require group $groupsRead\n";
-                            $OUT .= "        </Limit>\n";
+                        $OUT .= "            allow from $allow\n";
+                        $OUT .= "            Require group $groupsRead\n" unless ($groupsRead eq "");
+                        $OUT .= "            Require user $usersRead\n" unless ($usersRead eq "");
 
-                        }
+                    } else {
 
-                        if ($usersWrite) {
+                        $OUT .= "            # Denying access:\n";
+                        $OUT .= "            # User authentication required this requires SSL\n";
 
-                            $OUT .= "        <LimitExcept GET PROPFIND OPTIONS REPORT>\n";
-                            $OUT .= "            Require user $usersWrite\n";
-                            $OUT .= "        </LimitExcept>\n";
+                    }
 
-                        }
+                    $OUT .= "            Satisfy $satisfy\n";
+#                    $OUT .= "        </LimitExcept>\n\n";
+                    $OUT .= "        </Limit>\n\n";
+
+                    $OUT .= "        # Full access:\n";
+                    $OUT .= "        #  Anonymous access\n" unless ( ($groupsWrite ne "") || ($usersWrite ne "") );
+                    $OUT .= "        #  Group(s): " . ($groupsWrite || "none") . "\n" unless ($groupsWrite eq "");
+                    $OUT .= "        #  User(s) : " . ($usersWrite || "none") . "\n" unless ($usersWrite eq "");
+
+#                    $OUT .= "        <Limit GET PROPFIND OPTIONS REPORT>\n";
+                    $OUT .= "        <LimitExcept GET PROPFIND OPTIONS REPORT>\n";
+
+                    $OUT .= "            order deny,allow\n";
+                    $OUT .= "            deny from all\n";
+
+                    if ( 
+                         ( ($port eq 443) && 
+                           (
+                             ( ($groupsRead eq "") && ($usersRead eq "") ) ||
+                             ( ($groupsWrite eq "") || ($usersWrite eq "") ) && ( ($groupsRead eq "") && ($usersRead eq "") ) ||
+                             ( ($usersRead ne "") && ( ($groupsWrite ne "") || ($usersWrite ne "") || ( ($groupsWrite ne "") && ($usersWrite ne "") ) ) ) ||
+                             ( ($groupsRead ne "") && ( ($groupsWrite ne "") || ($usersWrite ne "") || ( ($groupsWrite ne "") && ($usersWrite ne "") ) ) ) 
+                           )
+                         ) || ( 
+                           ($port eq 80) && 
+                           ( ($groupsWrite eq "") && ($usersWrite eq "") && ($groupsRead eq "") && ($usersRead eq "") ) 
+                         )
+                       ) {
+
+                        $OUT .= "            allow from $allow\n";
+                        $OUT .= "            Require group $groupsWrite\n" unless ($groupsWrite eq "");
+                        $OUT .= "            Require user $usersWrite\n" unless ($usersWrite eq "");
+
+                    } else {
+
+                        $OUT .= "            # Denying access:\n";
 
-                        if ($groupsWrite) {
+                        if ( ($groupsRead ne "") || ($usersRead ne "") || ( ($groupsRead ne "") && ($usersRead ne "") ) ) {
 
-                            $OUT .= "        <LimitExcept GET PROPFIND OPTIONS REPORT>\n";
-                            $OUT .= "            Require group $groupsWrite\n";
-                            $OUT .= "        </LimitExcept>\n";
+                            $OUT .= "            # Read authentication required, no anonymous write access allowed\n";
 
-                        }
+                        } else {
 
-                        $OUT .= "        require valid-user\n" if ( ($usersRead eq '') && ($groupsRead eq '') && ($usersWrite eq '') && ($groupsWrite eq '') );
-                        $OUT .= "        Satisfy $satisfy\n";
+                            $OUT .= "            # SSL required, no access allowed without.\n";
+                        }
 
                     }
 
-                }
+                    $OUT .= "            Satisfy $satisfy\n";
+#                    $OUT .= "        </Limit>\n\n";
+                    $OUT .= "        </LimitExcept>\n\n";
+
+#                    $OUT .= "        Satisfy $satisfy\n\n";
+#                    $OUT .= "        Satisfy any\n\n";
 
-                $OUT .= "\n";
-                $OUT .= "    </Location>\n";
+                    $OUT .= "    </Location>\n\n";
+
+                }
 
             }
 
1	snetram	1.1	--- smeserver-subversion-1.4/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28SubversionContent.ImplementReadWriteAccess4 2008-02-24 16:55:12.000000000 +0100
2			+++ smeserver-subversion-1.4/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28SubversionContent 2008-02-24 16:56:15.000000000 +0100
3			@@ -47,7 +47,7 @@
4			my %properties = $repository->props;
5
6			my $error = "";
7			- my $forceSSL;
8			+ my $forceSSL = '';
9
10			my $allow;
11			my $pass;
12			@@ -82,9 +82,6 @@
13			$pass = 0;
14			$satisfy = 'all';
15
16			- $error .= " # - Illegal or no value set for AccessType:\n";
17			- $error .= " # Only allowing access from localhost\n";
18			-
19			}
20
21			}
22			@@ -120,204 +117,221 @@
23			my $SVNAutoVersioning = $properties{'SVNAutoVersioning'} \|\| 'off';
24			my $ModMimeUsePathInfo = $properties{'ModMimeUsePathInfo'} \|\| 'off';
25
26			- # Always have a section for a virtualhost at port 80 and only if neccesarry
27			- # (when authentification is required and therefore passwords are transmitted)
28			- # for a virtualhost at port 443.
29			- if ( ( ($pass eq 0) && ($port eq 80) ) \|\| ( ($pass) \|\| ($forceSSL) ) ) {
30			-
31			- $OUT .= "\n";
32			- $OUT .= " #------------------------------------------------------------\n";
33			- $OUT .= " # $key repository directory ($properties{'Description'})\n";
34			- $OUT .= " # Some error(s) occurred:\n$error" if ($error);
35			- $OUT .= " #------------------------------------------------------------\n";
36			-
37			- my $allowOverride = $properties{'AllowOverride'} \|\| "None";
38			+ my $allowOverride = $properties{'AllowOverride'} \|\| "None";
39
40			- my $usersRead;
41			- my @listRead;
42			+ my $usersRead;
43			+ my $groupsRead = '';
44			+ my @listRead;
45
46			- if ($properties{'GroupsRead'}) {
47			+ if ($properties{'GroupsRead'}) {
48
49			- my @groupsRead = split (/,/, $properties{'GroupsRead'});
50			+ my @groupsRead = split (/,/, $properties{'GroupsRead'});
51
52			- foreach my $groupRead (@groupsRead) {
53			+ foreach my $groupRead (@groupsRead) {
54
55			- my $membersRead = $db_accounts->get_prop($groupRead, 'Members') \|\| "";
56			+ my $membersRead = $db_accounts->get_prop($groupRead, 'Members') \|\| "";
57
58			- if (length($membersRead) > 0) {
59			+ if (length($membersRead) > 0) {
60
61			- push @listRead, split (/,/, $membersRead);
62			+ push @listRead, split (/,/, $membersRead);
63
64			- }
65			-
66			}
67			-
68			+
69			}
70
71			- if ($properties{'UsersRead'}) {
72			+ }
73
74			- push @listRead, split (/,/, $properties{'UsersRead'});
75			+ if ($properties{'UsersRead'}) {
76
77			- }
78			+ push @listRead, split (/,/, $properties{'UsersRead'});
79
80			- if (@listRead > 1) {
81			+ }
82
83			- @listRead = sort(@listRead);
84			+ if (@listRead > 1) {
85
86			- }
87			+ @listRead = sort(@listRead);
88
89			- my $prevRead = '';
90			- @listRead = grep($_ ne $prevRead && (($prevRead) = $_), @listRead);
91			+ }
92
93			- $usersRead = join(" ", @listRead) \|\| '';
94			+ my $prevRead = '';
95			+ @listRead = grep($_ ne $prevRead && (($prevRead) = $_), @listRead);
96
97			- undef @listRead;
98			+ $usersRead = join(" ", @listRead) \|\| '';
99
100			- my $usersWrite;
101			- my @listWrite;
102			+ undef @listRead;
103
104			- if ($properties{'GroupsWrite'}) {
105			+ my $usersWrite;
106			+ my $groupsWrite = '';
107			+ my @listWrite;
108
109			- my @groupsWrite = split (/,/, $properties{'GroupsWrite'});
110			+ if ($properties{'GroupsWrite'}) {
111
112			- foreach my $groupWrite (@groupsWrite) {
113			+ my @groupsWrite = split (/,/, $properties{'GroupsWrite'});
114
115			- my $membersWrite = $db_accounts->get_prop($groupWrite, 'Members') \|\| "";
116			+ foreach my $groupWrite (@groupsWrite) {
117
118			- if (length($membersWrite) > 0) {
119			+ my $membersWrite = $db_accounts->get_prop($groupWrite, 'Members') \|\| "";
120
121			- push @listWrite, split (/,/, $membersWrite);
122			+ if (length($membersWrite) > 0) {
123
124			- }
125			+ push @listWrite, split (/,/, $membersWrite);
126
127			}
128
129			}
130
131			- if ($properties{'UsersWrite'}) {
132			+ }
133
134			- push @listWrite, split (/,/, $properties{'UsersWrite'});
135			+ if ($properties{'UsersWrite'}) {
136
137			- }
138			+ push @listWrite, split (/,/, $properties{'UsersWrite'});
139
140			- if (@listWrite > 1) {
141			+ }
142
143			- @listWrite = sort(@listWrite);
144			+ if (@listWrite > 1) {
145
146			- }
147			+ @listWrite = sort(@listWrite);
148
149			- my $prevWrite = '';
150			- @listWrite = grep($_ ne $prevWrite && (($prevWrite) = $_), @listWrite);
151			+ }
152
153			- $usersWrite = join(" ", @listWrite) \|\| '';
154			+ my $prevWrite = '';
155			+ @listWrite = grep($_ ne $prevWrite && (($prevWrite) = $_), @listWrite);
156
157			- undef @listWrite;
158			+ $usersWrite = join(" ", @listWrite) \|\| '';
159
160			- # Only when authentification is required or SSL is forced
161			- if ( ($pass) \|\| ($forceSSL) ) {
162			-
163			- # Enable RewriteRule only when neccesarry:
164			- # - when we are configureing the VirtualDomain for a non-secured port
165			- # - when module for SSL is loaded
166			- # - when plaintext passwords are not allowed
167			- # - when HTTP over SSL is forced
168			- if ( ($port ne "443") && ($haveSSL eq 'yes') && ( ($plainTextAccess ne 'yes') \|\| ($forceSSL) ) ) {
169			-
170			- $OUT .= "\n";
171			- $OUT .= " RewriteEngine on\n";
172			- $OUT .= " RewriteCond %{REQUEST_METHOD} ^(TRACE\|TRACK)\n";
173			- $OUT .= " RewriteRule .* - [F]\n";
174			- $OUT .= "\n";
175			- $OUT .= " RewriteRule ^/$key(/.*\|\$) https://%{HTTP_HOST}/$key\$1 [L,R]\n";
176			+ undef @listWrite;
177
178			- }
179			+ $OUT .= "\n";
180			+ $OUT .= " #------------------------------------------------------------\n";
181			+ $OUT .= " # $key repository directory ($properties{'Description'})\n";
182			+ $OUT .= " #------------------------------------------------------------\n\n";
183
184			- # Enable authentification only when required and SSL is provided
185			- if ( ($pass) && ($port eq "443") ) {
186			+ # port = 80 &&
187			+ # forceSSL = yes \|\| pass = 1
188			+ # groupsWrite ne "" &&
189			+ # groupsRead \|\| usersRead
190			+ # groupsRead && usersRead
191			+ # usersWrite ne "" &&
192			+ # groupsRead \|\| usersRead
193			+ # groupsRead && usersRead
194			+
195			+ if ( ($port eq 80) && ( ($forceSSL eq 'yes') \|\| ($pass eq 1) \|\| ($groupsRead ne "") \|\| ($usersRead ne "") \|\| ( ($groupsRead ne "") && ($usersRead ne "") ) ) ){
196			+
197			+ $OUT .= " # Redirecting: Only access over SSL allowed\n";
198			+ $OUT .= " RewriteEngine on\n";
199			+ $OUT .= " RewriteCond %{REQUEST_METHOD} ^(TRACE\|TRACK)\n";
200			+ $OUT .= " RewriteRule .* - [F]\n";
201			+ $OUT .= " RewriteRule ^/$key(/.*\|\$) https://%{HTTP_HOST}/$key\$1 [L,R]\n\n";
202			+
203			+ } else {
204			+
205			+ if ( ( ($port eq 80) && ($forceSSL ne 'yes') && ($pass ne 1) ) \|\| ($port eq 443) ) {
206			+
207			+ if ($port eq 443) {
208
209			- $OUT .= "\n";
210			$OUT .= " AddExternalAuth pwauth /usr/lib/httpd/modules/pwauth\n";
211			- $OUT .= " SetExternalAuthMethod pwauth pipe\n";
212			+ $OUT .= " SetExternalAuthMethod pwauth pipe\n\n";
213
214			}
215			-
216			- }
217
218			- $OUT .= "\n";
219			- $OUT .= " <Location /$key>\n";
220			+ $OUT .= " <Location /$key>\n\n";
221
222			- $OUT .= "\n";
223			- $OUT .= " DAV svn\n";
224			- $OUT .= " SVNPath /home/e-smith/files/repositories/$key\n";
225			-
226			- $OUT .= "\n";
227			- $OUT .= " SVNAutoVersioning $SVNAutoVersioning\n";
228			- $OUT .= " ModMimeUsePathInfo $ModMimeUsePathInfo\n";
229			-
230			- $OUT .= "\n";
231			- $OUT .= " Options None\n";
232			- $OUT .= " AllowOverride $allowOverride\n";
233			- $OUT .= " order deny,allow\n";
234			- $OUT .= " deny from all\n";
235			-
236			- # Only allow when really allowed:
237			- # - a secure connection is available and authentification is required
238			- # - authentification is not required and no SSL is forced
239			- # - a secure connection is unavailable
240			- if ( ($port eq "443") \|\| ( ($pass eq 0) && ($forceSSL eq 0) ) \|\| ($haveSSL ne 'yes') ) {
241			+ $OUT .= " DAV svn\n";
242			+ $OUT .= " SVNPath /home/e-smith/files/repositories/$key\n\n";
243
244			- $OUT .= " allow from $allow\n";
245			+ $OUT .= " SVNAutoVersioning $SVNAutoVersioning\n\n";
246			+ $OUT .= " ModMimeUsePathInfo $ModMimeUsePathInfo\n\n";
247
248			- # Enable authentification against the SME Server users and groups when required
249			- if ($pass) {
250			+ if ( ($port eq 443) && ( ($forceSSL eq 'yes') \|\| ($pass eq 1) ) && ($groupsWrite ne "") \|\| ($usersWrite ne "") \|\| ($groupsRead ne "") \|\| ($usersRead ne "") ) {
251
252			- $OUT .= "\n";
253			$OUT .= " AuthName \"$properties{'Description'}\"\n";
254			$OUT .= " AuthType Basic\n";
255			- $OUT .= " AuthExternal pwauth\n";
256			+ $OUT .= " AuthExternal pwauth\n\n";
257
258			+ }
259
260			- if ($usersRead) {
261			+ $OUT .= " # Read access:\n";
262			+ $OUT .= " # Anonymous access\n" unless ( ($groupsRead ne "") \|\| ($usersRead ne "") );
263			+ $OUT .= " # Group(s): " . ($groupsRead \|\| "none") . "\n" unless ($groupsRead eq "");
264			+ $OUT .= " # User(s) : " . ($usersRead \|\| "none") . "\n" unless ($usersRead eq "");
265
266			- $OUT .= " <Limit GET PROPFIND OPTIONS REPORT>\n";
267			- $OUT .= " Require user $usersRead\n";
268			- $OUT .= " </Limit>\n";
269			+# $OUT .= " <LimitExcept GET PROPFIND OPTIONS REPORT>\n";
270			+ $OUT .= " <Limit GET PROPFIND OPTIONS REPORT>\n";
271
272			- }
273			+ $OUT .= " order deny,allow\n";
274			+ $OUT .= " deny from all\n";
275
276			- if ($groupsRead) {
277			+ if ( ( ($groupsRead eq "") && ($usersRead eq "") ) \|\| ( ( ($groupsRead ne "") \|\| ($usersRead ne "") ) && ($port eq 443) ) ) {
278
279			- $OUT .= " <Limit GET PROPFIND OPTIONS REPORT>\n";
280			- $OUT .= " Require group $groupsRead\n";
281			- $OUT .= " </Limit>\n";
282			+ $OUT .= " allow from $allow\n";
283			+ $OUT .= " Require group $groupsRead\n" unless ($groupsRead eq "");
284			+ $OUT .= " Require user $usersRead\n" unless ($usersRead eq "");
285
286			- }
287			+ } else {
288
289			- if ($usersWrite) {
290			+ $OUT .= " # Denying access:\n";
291			+ $OUT .= " # User authentication required this requires SSL\n";
292
293			- $OUT .= " <LimitExcept GET PROPFIND OPTIONS REPORT>\n";
294			- $OUT .= " Require user $usersWrite\n";
295			- $OUT .= " </LimitExcept>\n";
296			+ }
297
298			- }
299			+ $OUT .= " Satisfy $satisfy\n";
300			+# $OUT .= " </LimitExcept>\n\n";
301			+ $OUT .= " </Limit>\n\n";
302			+
303			+ $OUT .= " # Full access:\n";
304			+ $OUT .= " # Anonymous access\n" unless ( ($groupsWrite ne "") \|\| ($usersWrite ne "") );
305			+ $OUT .= " # Group(s): " . ($groupsWrite \|\| "none") . "\n" unless ($groupsWrite eq "");
306			+ $OUT .= " # User(s) : " . ($usersWrite \|\| "none") . "\n" unless ($usersWrite eq "");
307			+
308			+# $OUT .= " <Limit GET PROPFIND OPTIONS REPORT>\n";
309			+ $OUT .= " <LimitExcept GET PROPFIND OPTIONS REPORT>\n";
310			+
311			+ $OUT .= " order deny,allow\n";
312			+ $OUT .= " deny from all\n";
313			+
314			+ if (
315			+ ( ($port eq 443) &&
316			+ (
317			+ ( ($groupsRead eq "") && ($usersRead eq "") ) \|\|
318			+ ( ($groupsWrite eq "") \|\| ($usersWrite eq "") ) && ( ($groupsRead eq "") && ($usersRead eq "") ) \|\|
319			+ ( ($usersRead ne "") && ( ($groupsWrite ne "") \|\| ($usersWrite ne "") \|\| ( ($groupsWrite ne "") && ($usersWrite ne "") ) ) ) \|\|
320			+ ( ($groupsRead ne "") && ( ($groupsWrite ne "") \|\| ($usersWrite ne "") \|\| ( ($groupsWrite ne "") && ($usersWrite ne "") ) ) )
321			+ )
322			+ ) \|\| (
323			+ ($port eq 80) &&
324			+ ( ($groupsWrite eq "") && ($usersWrite eq "") && ($groupsRead eq "") && ($usersRead eq "") )
325			+ )
326			+ ) {
327			+
328			+ $OUT .= " allow from $allow\n";
329			+ $OUT .= " Require group $groupsWrite\n" unless ($groupsWrite eq "");
330			+ $OUT .= " Require user $usersWrite\n" unless ($usersWrite eq "");
331			+
332			+ } else {
333			+
334			+ $OUT .= " # Denying access:\n";
335
336			- if ($groupsWrite) {
337			+ if ( ($groupsRead ne "") \|\| ($usersRead ne "") \|\| ( ($groupsRead ne "") && ($usersRead ne "") ) ) {
338
339			- $OUT .= " <LimitExcept GET PROPFIND OPTIONS REPORT>\n";
340			- $OUT .= " Require group $groupsWrite\n";
341			- $OUT .= " </LimitExcept>\n";
342			+ $OUT .= " # Read authentication required, no anonymous write access allowed\n";
343
344			- }
345			+ } else {
346
347			- $OUT .= " require valid-user\n" if ( ($usersRead eq '') && ($groupsRead eq '') && ($usersWrite eq '') && ($groupsWrite eq '') );
348			- $OUT .= " Satisfy $satisfy\n";
349			+ $OUT .= " # SSL required, no access allowed without.\n";
350			+ }
351
352			}
353
354			- }
355			+ $OUT .= " Satisfy $satisfy\n";
356			+# $OUT .= " </Limit>\n\n";
357			+ $OUT .= " </LimitExcept>\n\n";
358			+
359			+# $OUT .= " Satisfy $satisfy\n\n";
360			+# $OUT .= " Satisfy any\n\n";
361
362			- $OUT .= "\n";
363			- $OUT .= " </Location>\n";
364			+ $OUT .= " </Location>\n\n";
365			+
366			+ }
367
368			}
369