1 |
--- smeserver-subversion-1.4/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28SubversionContent.ImplementReadWriteAccess4 2008-02-24 16:55:12.000000000 +0100 |
2 |
+++ smeserver-subversion-1.4/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28SubversionContent 2008-02-24 16:56:15.000000000 +0100 |
3 |
@@ -47,7 +47,7 @@ |
4 |
my %properties = $repository->props; |
5 |
|
6 |
my $error = ""; |
7 |
- my $forceSSL; |
8 |
+ my $forceSSL = ''; |
9 |
|
10 |
my $allow; |
11 |
my $pass; |
12 |
@@ -82,9 +82,6 @@ |
13 |
$pass = 0; |
14 |
$satisfy = 'all'; |
15 |
|
16 |
- $error .= " # - Illegal or no value set for AccessType:\n"; |
17 |
- $error .= " # Only allowing access from localhost\n"; |
18 |
- |
19 |
} |
20 |
|
21 |
} |
22 |
@@ -120,204 +117,221 @@ |
23 |
my $SVNAutoVersioning = $properties{'SVNAutoVersioning'} || 'off'; |
24 |
my $ModMimeUsePathInfo = $properties{'ModMimeUsePathInfo'} || 'off'; |
25 |
|
26 |
- # Always have a section for a virtualhost at port 80 and only if neccesarry |
27 |
- # (when authentification is required and therefore passwords are transmitted) |
28 |
- # for a virtualhost at port 443. |
29 |
- if ( ( ($pass eq 0) && ($port eq 80) ) || ( ($pass) || ($forceSSL) ) ) { |
30 |
- |
31 |
- $OUT .= "\n"; |
32 |
- $OUT .= " #------------------------------------------------------------\n"; |
33 |
- $OUT .= " # $key repository directory ($properties{'Description'})\n"; |
34 |
- $OUT .= " # Some error(s) occurred:\n$error" if ($error); |
35 |
- $OUT .= " #------------------------------------------------------------\n"; |
36 |
- |
37 |
- my $allowOverride = $properties{'AllowOverride'} || "None"; |
38 |
+ my $allowOverride = $properties{'AllowOverride'} || "None"; |
39 |
|
40 |
- my $usersRead; |
41 |
- my @listRead; |
42 |
+ my $usersRead; |
43 |
+ my $groupsRead = ''; |
44 |
+ my @listRead; |
45 |
|
46 |
- if ($properties{'GroupsRead'}) { |
47 |
+ if ($properties{'GroupsRead'}) { |
48 |
|
49 |
- my @groupsRead = split (/,/, $properties{'GroupsRead'}); |
50 |
+ my @groupsRead = split (/,/, $properties{'GroupsRead'}); |
51 |
|
52 |
- foreach my $groupRead (@groupsRead) { |
53 |
+ foreach my $groupRead (@groupsRead) { |
54 |
|
55 |
- my $membersRead = $db_accounts->get_prop($groupRead, 'Members') || ""; |
56 |
+ my $membersRead = $db_accounts->get_prop($groupRead, 'Members') || ""; |
57 |
|
58 |
- if (length($membersRead) > 0) { |
59 |
+ if (length($membersRead) > 0) { |
60 |
|
61 |
- push @listRead, split (/,/, $membersRead); |
62 |
+ push @listRead, split (/,/, $membersRead); |
63 |
|
64 |
- } |
65 |
- |
66 |
} |
67 |
- |
68 |
+ |
69 |
} |
70 |
|
71 |
- if ($properties{'UsersRead'}) { |
72 |
+ } |
73 |
|
74 |
- push @listRead, split (/,/, $properties{'UsersRead'}); |
75 |
+ if ($properties{'UsersRead'}) { |
76 |
|
77 |
- } |
78 |
+ push @listRead, split (/,/, $properties{'UsersRead'}); |
79 |
|
80 |
- if (@listRead > 1) { |
81 |
+ } |
82 |
|
83 |
- @listRead = sort(@listRead); |
84 |
+ if (@listRead > 1) { |
85 |
|
86 |
- } |
87 |
+ @listRead = sort(@listRead); |
88 |
|
89 |
- my $prevRead = ''; |
90 |
- @listRead = grep($_ ne $prevRead && (($prevRead) = $_), @listRead); |
91 |
+ } |
92 |
|
93 |
- $usersRead = join(" ", @listRead) || ''; |
94 |
+ my $prevRead = ''; |
95 |
+ @listRead = grep($_ ne $prevRead && (($prevRead) = $_), @listRead); |
96 |
|
97 |
- undef @listRead; |
98 |
+ $usersRead = join(" ", @listRead) || ''; |
99 |
|
100 |
- my $usersWrite; |
101 |
- my @listWrite; |
102 |
+ undef @listRead; |
103 |
|
104 |
- if ($properties{'GroupsWrite'}) { |
105 |
+ my $usersWrite; |
106 |
+ my $groupsWrite = ''; |
107 |
+ my @listWrite; |
108 |
|
109 |
- my @groupsWrite = split (/,/, $properties{'GroupsWrite'}); |
110 |
+ if ($properties{'GroupsWrite'}) { |
111 |
|
112 |
- foreach my $groupWrite (@groupsWrite) { |
113 |
+ my @groupsWrite = split (/,/, $properties{'GroupsWrite'}); |
114 |
|
115 |
- my $membersWrite = $db_accounts->get_prop($groupWrite, 'Members') || ""; |
116 |
+ foreach my $groupWrite (@groupsWrite) { |
117 |
|
118 |
- if (length($membersWrite) > 0) { |
119 |
+ my $membersWrite = $db_accounts->get_prop($groupWrite, 'Members') || ""; |
120 |
|
121 |
- push @listWrite, split (/,/, $membersWrite); |
122 |
+ if (length($membersWrite) > 0) { |
123 |
|
124 |
- } |
125 |
+ push @listWrite, split (/,/, $membersWrite); |
126 |
|
127 |
} |
128 |
|
129 |
} |
130 |
|
131 |
- if ($properties{'UsersWrite'}) { |
132 |
+ } |
133 |
|
134 |
- push @listWrite, split (/,/, $properties{'UsersWrite'}); |
135 |
+ if ($properties{'UsersWrite'}) { |
136 |
|
137 |
- } |
138 |
+ push @listWrite, split (/,/, $properties{'UsersWrite'}); |
139 |
|
140 |
- if (@listWrite > 1) { |
141 |
+ } |
142 |
|
143 |
- @listWrite = sort(@listWrite); |
144 |
+ if (@listWrite > 1) { |
145 |
|
146 |
- } |
147 |
+ @listWrite = sort(@listWrite); |
148 |
|
149 |
- my $prevWrite = ''; |
150 |
- @listWrite = grep($_ ne $prevWrite && (($prevWrite) = $_), @listWrite); |
151 |
+ } |
152 |
|
153 |
- $usersWrite = join(" ", @listWrite) || ''; |
154 |
+ my $prevWrite = ''; |
155 |
+ @listWrite = grep($_ ne $prevWrite && (($prevWrite) = $_), @listWrite); |
156 |
|
157 |
- undef @listWrite; |
158 |
+ $usersWrite = join(" ", @listWrite) || ''; |
159 |
|
160 |
- # Only when authentification is required or SSL is forced |
161 |
- if ( ($pass) || ($forceSSL) ) { |
162 |
- |
163 |
- # Enable RewriteRule only when neccesarry: |
164 |
- # - when we are configureing the VirtualDomain for a non-secured port |
165 |
- # - when module for SSL is loaded |
166 |
- # - when plaintext passwords are not allowed |
167 |
- # - when HTTP over SSL is forced |
168 |
- if ( ($port ne "443") && ($haveSSL eq 'yes') && ( ($plainTextAccess ne 'yes') || ($forceSSL) ) ) { |
169 |
- |
170 |
- $OUT .= "\n"; |
171 |
- $OUT .= " RewriteEngine on\n"; |
172 |
- $OUT .= " RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)\n"; |
173 |
- $OUT .= " RewriteRule .* - [F]\n"; |
174 |
- $OUT .= "\n"; |
175 |
- $OUT .= " RewriteRule ^/$key(/.*|\$) https://%{HTTP_HOST}/$key\$1 [L,R]\n"; |
176 |
+ undef @listWrite; |
177 |
|
178 |
- } |
179 |
+ $OUT .= "\n"; |
180 |
+ $OUT .= " #------------------------------------------------------------\n"; |
181 |
+ $OUT .= " # $key repository directory ($properties{'Description'})\n"; |
182 |
+ $OUT .= " #------------------------------------------------------------\n\n"; |
183 |
|
184 |
- # Enable authentification only when required and SSL is provided |
185 |
- if ( ($pass) && ($port eq "443") ) { |
186 |
+ # port = 80 && |
187 |
+ # forceSSL = yes || pass = 1 |
188 |
+ # groupsWrite ne "" && |
189 |
+ # groupsRead || usersRead |
190 |
+ # groupsRead && usersRead |
191 |
+ # usersWrite ne "" && |
192 |
+ # groupsRead || usersRead |
193 |
+ # groupsRead && usersRead |
194 |
+ |
195 |
+ if ( ($port eq 80) && ( ($forceSSL eq 'yes') || ($pass eq 1) || ($groupsRead ne "") || ($usersRead ne "") || ( ($groupsRead ne "") && ($usersRead ne "") ) ) ){ |
196 |
+ |
197 |
+ $OUT .= " # Redirecting: Only access over SSL allowed\n"; |
198 |
+ $OUT .= " RewriteEngine on\n"; |
199 |
+ $OUT .= " RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)\n"; |
200 |
+ $OUT .= " RewriteRule .* - [F]\n"; |
201 |
+ $OUT .= " RewriteRule ^/$key(/.*|\$) https://%{HTTP_HOST}/$key\$1 [L,R]\n\n"; |
202 |
+ |
203 |
+ } else { |
204 |
+ |
205 |
+ if ( ( ($port eq 80) && ($forceSSL ne 'yes') && ($pass ne 1) ) || ($port eq 443) ) { |
206 |
+ |
207 |
+ if ($port eq 443) { |
208 |
|
209 |
- $OUT .= "\n"; |
210 |
$OUT .= " AddExternalAuth pwauth /usr/lib/httpd/modules/pwauth\n"; |
211 |
- $OUT .= " SetExternalAuthMethod pwauth pipe\n"; |
212 |
+ $OUT .= " SetExternalAuthMethod pwauth pipe\n\n"; |
213 |
|
214 |
} |
215 |
- |
216 |
- } |
217 |
|
218 |
- $OUT .= "\n"; |
219 |
- $OUT .= " <Location /$key>\n"; |
220 |
+ $OUT .= " <Location /$key>\n\n"; |
221 |
|
222 |
- $OUT .= "\n"; |
223 |
- $OUT .= " DAV svn\n"; |
224 |
- $OUT .= " SVNPath /home/e-smith/files/repositories/$key\n"; |
225 |
- |
226 |
- $OUT .= "\n"; |
227 |
- $OUT .= " SVNAutoVersioning $SVNAutoVersioning\n"; |
228 |
- $OUT .= " ModMimeUsePathInfo $ModMimeUsePathInfo\n"; |
229 |
- |
230 |
- $OUT .= "\n"; |
231 |
- $OUT .= " Options None\n"; |
232 |
- $OUT .= " AllowOverride $allowOverride\n"; |
233 |
- $OUT .= " order deny,allow\n"; |
234 |
- $OUT .= " deny from all\n"; |
235 |
- |
236 |
- # Only allow when really allowed: |
237 |
- # - a secure connection is available and authentification is required |
238 |
- # - authentification is not required and no SSL is forced |
239 |
- # - a secure connection is unavailable |
240 |
- if ( ($port eq "443") || ( ($pass eq 0) && ($forceSSL eq 0) ) || ($haveSSL ne 'yes') ) { |
241 |
+ $OUT .= " DAV svn\n"; |
242 |
+ $OUT .= " SVNPath /home/e-smith/files/repositories/$key\n\n"; |
243 |
|
244 |
- $OUT .= " allow from $allow\n"; |
245 |
+ $OUT .= " SVNAutoVersioning $SVNAutoVersioning\n\n"; |
246 |
+ $OUT .= " ModMimeUsePathInfo $ModMimeUsePathInfo\n\n"; |
247 |
|
248 |
- # Enable authentification against the SME Server users and groups when required |
249 |
- if ($pass) { |
250 |
+ if ( ($port eq 443) && ( ($forceSSL eq 'yes') || ($pass eq 1) ) && ($groupsWrite ne "") || ($usersWrite ne "") || ($groupsRead ne "") || ($usersRead ne "") ) { |
251 |
|
252 |
- $OUT .= "\n"; |
253 |
$OUT .= " AuthName \"$properties{'Description'}\"\n"; |
254 |
$OUT .= " AuthType Basic\n"; |
255 |
- $OUT .= " AuthExternal pwauth\n"; |
256 |
+ $OUT .= " AuthExternal pwauth\n\n"; |
257 |
|
258 |
+ } |
259 |
|
260 |
- if ($usersRead) { |
261 |
+ $OUT .= " # Read access:\n"; |
262 |
+ $OUT .= " # Anonymous access\n" unless ( ($groupsRead ne "") || ($usersRead ne "") ); |
263 |
+ $OUT .= " # Group(s): " . ($groupsRead || "none") . "\n" unless ($groupsRead eq ""); |
264 |
+ $OUT .= " # User(s) : " . ($usersRead || "none") . "\n" unless ($usersRead eq ""); |
265 |
|
266 |
- $OUT .= " <Limit GET PROPFIND OPTIONS REPORT>\n"; |
267 |
- $OUT .= " Require user $usersRead\n"; |
268 |
- $OUT .= " </Limit>\n"; |
269 |
+# $OUT .= " <LimitExcept GET PROPFIND OPTIONS REPORT>\n"; |
270 |
+ $OUT .= " <Limit GET PROPFIND OPTIONS REPORT>\n"; |
271 |
|
272 |
- } |
273 |
+ $OUT .= " order deny,allow\n"; |
274 |
+ $OUT .= " deny from all\n"; |
275 |
|
276 |
- if ($groupsRead) { |
277 |
+ if ( ( ($groupsRead eq "") && ($usersRead eq "") ) || ( ( ($groupsRead ne "") || ($usersRead ne "") ) && ($port eq 443) ) ) { |
278 |
|
279 |
- $OUT .= " <Limit GET PROPFIND OPTIONS REPORT>\n"; |
280 |
- $OUT .= " Require group $groupsRead\n"; |
281 |
- $OUT .= " </Limit>\n"; |
282 |
+ $OUT .= " allow from $allow\n"; |
283 |
+ $OUT .= " Require group $groupsRead\n" unless ($groupsRead eq ""); |
284 |
+ $OUT .= " Require user $usersRead\n" unless ($usersRead eq ""); |
285 |
|
286 |
- } |
287 |
+ } else { |
288 |
|
289 |
- if ($usersWrite) { |
290 |
+ $OUT .= " # Denying access:\n"; |
291 |
+ $OUT .= " # User authentication required this requires SSL\n"; |
292 |
|
293 |
- $OUT .= " <LimitExcept GET PROPFIND OPTIONS REPORT>\n"; |
294 |
- $OUT .= " Require user $usersWrite\n"; |
295 |
- $OUT .= " </LimitExcept>\n"; |
296 |
+ } |
297 |
|
298 |
- } |
299 |
+ $OUT .= " Satisfy $satisfy\n"; |
300 |
+# $OUT .= " </LimitExcept>\n\n"; |
301 |
+ $OUT .= " </Limit>\n\n"; |
302 |
+ |
303 |
+ $OUT .= " # Full access:\n"; |
304 |
+ $OUT .= " # Anonymous access\n" unless ( ($groupsWrite ne "") || ($usersWrite ne "") ); |
305 |
+ $OUT .= " # Group(s): " . ($groupsWrite || "none") . "\n" unless ($groupsWrite eq ""); |
306 |
+ $OUT .= " # User(s) : " . ($usersWrite || "none") . "\n" unless ($usersWrite eq ""); |
307 |
+ |
308 |
+# $OUT .= " <Limit GET PROPFIND OPTIONS REPORT>\n"; |
309 |
+ $OUT .= " <LimitExcept GET PROPFIND OPTIONS REPORT>\n"; |
310 |
+ |
311 |
+ $OUT .= " order deny,allow\n"; |
312 |
+ $OUT .= " deny from all\n"; |
313 |
+ |
314 |
+ if ( |
315 |
+ ( ($port eq 443) && |
316 |
+ ( |
317 |
+ ( ($groupsRead eq "") && ($usersRead eq "") ) || |
318 |
+ ( ($groupsWrite eq "") || ($usersWrite eq "") ) && ( ($groupsRead eq "") && ($usersRead eq "") ) || |
319 |
+ ( ($usersRead ne "") && ( ($groupsWrite ne "") || ($usersWrite ne "") || ( ($groupsWrite ne "") && ($usersWrite ne "") ) ) ) || |
320 |
+ ( ($groupsRead ne "") && ( ($groupsWrite ne "") || ($usersWrite ne "") || ( ($groupsWrite ne "") && ($usersWrite ne "") ) ) ) |
321 |
+ ) |
322 |
+ ) || ( |
323 |
+ ($port eq 80) && |
324 |
+ ( ($groupsWrite eq "") && ($usersWrite eq "") && ($groupsRead eq "") && ($usersRead eq "") ) |
325 |
+ ) |
326 |
+ ) { |
327 |
+ |
328 |
+ $OUT .= " allow from $allow\n"; |
329 |
+ $OUT .= " Require group $groupsWrite\n" unless ($groupsWrite eq ""); |
330 |
+ $OUT .= " Require user $usersWrite\n" unless ($usersWrite eq ""); |
331 |
+ |
332 |
+ } else { |
333 |
+ |
334 |
+ $OUT .= " # Denying access:\n"; |
335 |
|
336 |
- if ($groupsWrite) { |
337 |
+ if ( ($groupsRead ne "") || ($usersRead ne "") || ( ($groupsRead ne "") && ($usersRead ne "") ) ) { |
338 |
|
339 |
- $OUT .= " <LimitExcept GET PROPFIND OPTIONS REPORT>\n"; |
340 |
- $OUT .= " Require group $groupsWrite\n"; |
341 |
- $OUT .= " </LimitExcept>\n"; |
342 |
+ $OUT .= " # Read authentication required, no anonymous write access allowed\n"; |
343 |
|
344 |
- } |
345 |
+ } else { |
346 |
|
347 |
- $OUT .= " require valid-user\n" if ( ($usersRead eq '') && ($groupsRead eq '') && ($usersWrite eq '') && ($groupsWrite eq '') ); |
348 |
- $OUT .= " Satisfy $satisfy\n"; |
349 |
+ $OUT .= " # SSL required, no access allowed without.\n"; |
350 |
+ } |
351 |
|
352 |
} |
353 |
|
354 |
- } |
355 |
+ $OUT .= " Satisfy $satisfy\n"; |
356 |
+# $OUT .= " </Limit>\n\n"; |
357 |
+ $OUT .= " </LimitExcept>\n\n"; |
358 |
+ |
359 |
+# $OUT .= " Satisfy $satisfy\n\n"; |
360 |
+# $OUT .= " Satisfy any\n\n"; |
361 |
|
362 |
- $OUT .= "\n"; |
363 |
- $OUT .= " </Location>\n"; |
364 |
+ $OUT .= " </Location>\n\n"; |
365 |
+ |
366 |
+ } |
367 |
|
368 |
} |
369 |
|