smeserver-subversion/contribs7/smeserver-subversion-1.4-ImplementReadWriteAccess4.patch

--- smeserver-subversion-1.4/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28SubversionContent.ImplementReadWriteAccess4    2008-02-24 16:55:12.000000000 +0100
+++ smeserver-subversion-1.4/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28SubversionContent      2008-02-24 16:56:15.000000000 +0100
@@ -47,7 +47,7 @@
             my %properties = $repository->props;
 
             my $error = "";
-            my $forceSSL;
+            my $forceSSL = '';
 
             my $allow;
             my $pass;
@@ -82,9 +82,6 @@
                     $pass    = 0;
                     $satisfy = 'all';
 
-                    $error .= "    # - Illegal or no value set for AccessType:\n";
-                    $error .= "    #   Only allowing access from localhost\n";
-
                 }
 
             }
@@ -120,204 +117,221 @@
             my $SVNAutoVersioning = $properties{'SVNAutoVersioning'} || 'off';
             my $ModMimeUsePathInfo = $properties{'ModMimeUsePathInfo'} || 'off';
 
-            # Always have a section for a virtualhost at port 80 and only if neccesarry 
-            # (when authentification is required and therefore passwords are transmitted)
-            # for a virtualhost at port 443.
-            if  ( ( ($pass eq 0) && ($port eq 80) ) || ( ($pass) || ($forceSSL) ) ) {
-
-                $OUT .= "\n";
-                $OUT .= "    #------------------------------------------------------------\n";
-                $OUT .= "    # $key repository directory ($properties{'Description'})\n";
-                $OUT .= "    # Some error(s) occurred:\n$error" if ($error);
-                $OUT .= "    #------------------------------------------------------------\n";
-
-                my $allowOverride = $properties{'AllowOverride'} || "None";
+            my $allowOverride = $properties{'AllowOverride'} || "None";
 
-                my $usersRead;
-                my @listRead;
+            my $usersRead;
+            my $groupsRead = '';
+            my @listRead;
 
-                if ($properties{'GroupsRead'}) {
+            if ($properties{'GroupsRead'}) {
 
-                    my @groupsRead = split (/,/, $properties{'GroupsRead'});
+                my @groupsRead = split (/,/, $properties{'GroupsRead'});
 
-                    foreach my $groupRead (@groupsRead) {
+                foreach my $groupRead (@groupsRead) {
 
-                        my $membersRead = $db_accounts->get_prop($groupRead, 'Members') || "";
+                    my $membersRead = $db_accounts->get_prop($groupRead, 'Members') || "";
 
-                        if (length($membersRead) > 0) {
+                    if (length($membersRead) > 0) {
 
-                           push @listRead, split (/,/, $membersRead);
+                        push @listRead, split (/,/, $membersRead);
 
-                        }
-                     
                     }
-
+                     
                 }
 
-                if ($properties{'UsersRead'}) {
+            }
 
-                     push @listRead, split (/,/, $properties{'UsersRead'});
+            if ($properties{'UsersRead'}) {
 
-                } 
+                push @listRead, split (/,/, $properties{'UsersRead'});
 
-                if (@listRead > 1) {
+            } 
 
-                    @listRead = sort(@listRead);
+            if (@listRead > 1) {
 
-                }
+                @listRead = sort(@listRead);
 
-                my $prevRead = '';
-                @listRead = grep($_ ne $prevRead && (($prevRead) = $_), @listRead);
+            }
 
-                $usersRead = join(" ", @listRead) || '';
+            my $prevRead = '';
+            @listRead = grep($_ ne $prevRead && (($prevRead) = $_), @listRead);
 
-                undef @listRead;
+            $usersRead = join(" ", @listRead) || '';
 
-                my $usersWrite;
-                my @listWrite;
+            undef @listRead;
 
-                if ($properties{'GroupsWrite'}) {
+            my $usersWrite;
+            my $groupsWrite = '';
+            my @listWrite;
 
-                    my @groupsWrite = split (/,/, $properties{'GroupsWrite'});
+            if ($properties{'GroupsWrite'}) {
 
-                    foreach my $groupWrite (@groupsWrite) {
+                my @groupsWrite = split (/,/, $properties{'GroupsWrite'});
 
-                        my $membersWrite = $db_accounts->get_prop($groupWrite, 'Members') || "";
+                foreach my $groupWrite (@groupsWrite) {
 
-                        if (length($membersWrite) > 0) {
+                    my $membersWrite = $db_accounts->get_prop($groupWrite, 'Members') || "";
 
-                           push @listWrite, split (/,/, $membersWrite);
+                    if (length($membersWrite) > 0) {
 
-                        }
+                        push @listWrite, split (/,/, $membersWrite);
 
                     }
 
                 }
 
-                if ($properties{'UsersWrite'}) {
+            }
 
-                     push @listWrite, split (/,/, $properties{'UsersWrite'});
+            if ($properties{'UsersWrite'}) {
 
-                }
+                push @listWrite, split (/,/, $properties{'UsersWrite'});
 
-                if (@listWrite > 1) {
+            }
 
-                    @listWrite = sort(@listWrite);
+            if (@listWrite > 1) {
 
-                }
+                @listWrite = sort(@listWrite);
 
-                my $prevWrite = '';
-                @listWrite = grep($_ ne $prevWrite && (($prevWrite) = $_), @listWrite);
+            }
 
-                $usersWrite = join(" ", @listWrite) || '';
+            my $prevWrite = '';
+            @listWrite = grep($_ ne $prevWrite && (($prevWrite) = $_), @listWrite);
 
-                undef @listWrite;
+            $usersWrite = join(" ", @listWrite) || '';
 
-                # Only when authentification is required or SSL is forced
-                if ( ($pass) || ($forceSSL) ) {
-
-                     # Enable RewriteRule only when neccesarry:
-                     # - when we are configureing the VirtualDomain for a non-secured port
-                     # - when module for SSL is loaded
-                     # - when plaintext passwords are not allowed
-                     # - when HTTP over SSL is forced
-                     if ( ($port ne "443") && ($haveSSL eq 'yes') && ( ($plainTextAccess ne 'yes') || ($forceSSL) ) ) {
-
-                        $OUT .= "\n";
-                        $OUT .= "    RewriteEngine on\n";
-                        $OUT .= "    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)\n";
-                        $OUT .= "    RewriteRule .* - [F]\n";
-                        $OUT .= "\n";
-                        $OUT .= "    RewriteRule ^/$key(/.*|\$)    https://%{HTTP_HOST}/$key\$1 [L,R]\n";
+            undef @listWrite;
 
-                    }
+            $OUT .= "\n";
+            $OUT .= "    #------------------------------------------------------------\n";
+            $OUT .= "    # $key repository directory ($properties{'Description'})\n";
+            $OUT .= "    #------------------------------------------------------------\n\n";
 
-                    # Enable authentification only when required and SSL is provided
-                    if ( ($pass) && ($port eq "443") ) {
+            # port = 80 &&
+            #  forceSSL = yes || pass = 1
+            #  groupsWrite ne "" &&
+            #   groupsRead || usersRead
+            #   groupsRead && usersRead
+            #  usersWrite ne "" &&
+            #   groupsRead || usersRead
+            #   groupsRead && usersRead
+
+            if ( ($port eq 80) && ( ($forceSSL eq 'yes') || ($pass eq 1) || ($groupsRead ne "") || ($usersRead ne "") || ( ($groupsRead ne "") && ($usersRead ne "") ) ) ){
+
+                $OUT .= "    # Redirecting: Only access over SSL allowed\n";
+                $OUT .= "    RewriteEngine on\n";
+                $OUT .= "    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)\n";
+                $OUT .= "    RewriteRule .* - [F]\n";
+                $OUT .= "    RewriteRule ^/$key(/.*|\$)    https://%{HTTP_HOST}/$key\$1 [L,R]\n\n";
+
+            } else {
+
+                if ( ( ($port eq 80) && ($forceSSL ne 'yes') && ($pass ne 1) ) || ($port eq 443) ) {
+
+                    if ($port eq 443) {
 
-                        $OUT .= "\n";
                         $OUT .= "    AddExternalAuth pwauth /usr/lib/httpd/modules/pwauth\n";
-                        $OUT .= "    SetExternalAuthMethod pwauth pipe\n";
+                        $OUT .= "    SetExternalAuthMethod pwauth pipe\n\n";
 
                     }
-            
-                }
 
-                $OUT .= "\n";
-                $OUT .= "    <Location /$key>\n";
+                    $OUT .= "    <Location /$key>\n\n";
 
-                $OUT .= "\n";
-                $OUT .= "        DAV svn\n";
-                $OUT .= "        SVNPath /home/e-smith/files/repositories/$key\n";
-
-                $OUT .= "\n";
-                $OUT .= "        SVNAutoVersioning $SVNAutoVersioning\n";
-                $OUT .= "        ModMimeUsePathInfo $ModMimeUsePathInfo\n";
-
-                $OUT .= "\n";
-                $OUT .= "        Options None\n";
-                $OUT .= "        AllowOverride $allowOverride\n";
-                $OUT .= "        order deny,allow\n";
-                $OUT .= "        deny from all\n";
-
-                # Only allow when really allowed:
-                # - a secure connection is available and authentification is required
-                # - authentification is not required and no SSL is forced
-                # - a secure connection is unavailable
-                if ( ($port eq "443") || ( ($pass eq 0) && ($forceSSL eq 0) ) || ($haveSSL ne 'yes') ) {
+                    $OUT .= "        DAV svn\n";
+                    $OUT .= "        SVNPath /home/e-smith/files/repositories/$key\n\n";
 
-                    $OUT .= "        allow from $allow\n";
+                    $OUT .= "        SVNAutoVersioning $SVNAutoVersioning\n\n";
+                    $OUT .= "        ModMimeUsePathInfo $ModMimeUsePathInfo\n\n";
 
-                    # Enable authentification against the SME Server users and groups when required
-                    if ($pass) {
+                    if ( ($port eq 443) && ( ($forceSSL eq 'yes') || ($pass eq 1) ) && ($groupsWrite ne "") || ($usersWrite ne "") || ($groupsRead ne "") || ($usersRead ne "") ) {
 
-                        $OUT .= "\n";
                         $OUT .= "        AuthName \"$properties{'Description'}\"\n";
                         $OUT .= "        AuthType Basic\n";
-                        $OUT .= "        AuthExternal pwauth\n";
+                        $OUT .= "        AuthExternal pwauth\n\n";
 
+                    }
 
-                        if ($usersRead) {
+                    $OUT .= "        # Read access:\n";
+                    $OUT .= "        #  Anonymous access\n" unless ( ($groupsRead ne "") || ($usersRead ne "") );
+                    $OUT .= "        #  Group(s): " . ($groupsRead || "none") . "\n" unless ($groupsRead eq "");
+                    $OUT .= "        #  User(s) : " . ($usersRead || "none") . "\n" unless ($usersRead eq "");
 
-                            $OUT .= "        <Limit GET PROPFIND OPTIONS REPORT>\n";
-                            $OUT .= "            Require user $usersRead\n";
-                            $OUT .= "        </Limit>\n";
+#                    $OUT .= "        <LimitExcept GET PROPFIND OPTIONS REPORT>\n";
+                    $OUT .= "        <Limit GET PROPFIND OPTIONS REPORT>\n";
 
-                        }
+                    $OUT .= "            order deny,allow\n";
+                    $OUT .= "            deny from all\n";
 
-                        if ($groupsRead) {
+                    if ( ( ($groupsRead eq "") && ($usersRead eq "") ) || ( ( ($groupsRead ne "") || ($usersRead ne "") ) && ($port eq 443) ) ) {
 
-                            $OUT .= "        <Limit GET PROPFIND OPTIONS REPORT>\n";
-                            $OUT .= "            Require group $groupsRead\n";
-                            $OUT .= "        </Limit>\n";
+                        $OUT .= "            allow from $allow\n";
+                        $OUT .= "            Require group $groupsRead\n" unless ($groupsRead eq "");
+                        $OUT .= "            Require user $usersRead\n" unless ($usersRead eq "");
 
-                        }
+                    } else {
 
-                        if ($usersWrite) {
+                        $OUT .= "            # Denying access:\n";
+                        $OUT .= "            # User authentication required this requires SSL\n";
 
-                            $OUT .= "        <LimitExcept GET PROPFIND OPTIONS REPORT>\n";
-                            $OUT .= "            Require user $usersWrite\n";
-                            $OUT .= "        </LimitExcept>\n";
+                    }
 
-                        }
+                    $OUT .= "            Satisfy $satisfy\n";
+#                    $OUT .= "        </LimitExcept>\n\n";
+                    $OUT .= "        </Limit>\n\n";
+
+                    $OUT .= "        # Full access:\n";
+                    $OUT .= "        #  Anonymous access\n" unless ( ($groupsWrite ne "") || ($usersWrite ne "") );
+                    $OUT .= "        #  Group(s): " . ($groupsWrite || "none") . "\n" unless ($groupsWrite eq "");
+                    $OUT .= "        #  User(s) : " . ($usersWrite || "none") . "\n" unless ($usersWrite eq "");
+
+#                    $OUT .= "        <Limit GET PROPFIND OPTIONS REPORT>\n";
+                    $OUT .= "        <LimitExcept GET PROPFIND OPTIONS REPORT>\n";
+
+                    $OUT .= "            order deny,allow\n";
+                    $OUT .= "            deny from all\n";
+
+                    if ( 
+                         ( ($port eq 443) && 
+                           (
+                             ( ($groupsRead eq "") && ($usersRead eq "") ) ||
+                             ( ($groupsWrite eq "") || ($usersWrite eq "") ) && ( ($groupsRead eq "") && ($usersRead eq "") ) ||
+                             ( ($usersRead ne "") && ( ($groupsWrite ne "") || ($usersWrite ne "") || ( ($groupsWrite ne "") && ($usersWrite ne "") ) ) ) ||
+                             ( ($groupsRead ne "") && ( ($groupsWrite ne "") || ($usersWrite ne "") || ( ($groupsWrite ne "") && ($usersWrite ne "") ) ) ) 
+                           )
+                         ) || ( 
+                           ($port eq 80) && 
+                           ( ($groupsWrite eq "") && ($usersWrite eq "") && ($groupsRead eq "") && ($usersRead eq "") ) 
+                         )
+                       ) {
+
+                        $OUT .= "            allow from $allow\n";
+                        $OUT .= "            Require group $groupsWrite\n" unless ($groupsWrite eq "");
+                        $OUT .= "            Require user $usersWrite\n" unless ($usersWrite eq "");
+
+                    } else {
+
+                        $OUT .= "            # Denying access:\n";
 
-                        if ($groupsWrite) {
+                        if ( ($groupsRead ne "") || ($usersRead ne "") || ( ($groupsRead ne "") && ($usersRead ne "") ) ) {
 
-                            $OUT .= "        <LimitExcept GET PROPFIND OPTIONS REPORT>\n";
-                            $OUT .= "            Require group $groupsWrite\n";
-                            $OUT .= "        </LimitExcept>\n";
+                            $OUT .= "            # Read authentication required, no anonymous write access allowed\n";
 
-                        }
+                        } else {
 
-                        $OUT .= "        require valid-user\n" if ( ($usersRead eq '') && ($groupsRead eq '') && ($usersWrite eq '') && ($groupsWrite eq '') );
-                        $OUT .= "        Satisfy $satisfy\n";
+                            $OUT .= "            # SSL required, no access allowed without.\n";
+                        }
 
                     }
 
-                }
+                    $OUT .= "            Satisfy $satisfy\n";
+#                    $OUT .= "        </Limit>\n\n";
+                    $OUT .= "        </LimitExcept>\n\n";
+
+#                    $OUT .= "        Satisfy $satisfy\n\n";
+#                    $OUT .= "        Satisfy any\n\n";
 
-                $OUT .= "\n";
-                $OUT .= "    </Location>\n";
+                    $OUT .= "    </Location>\n\n";
+
+                }
 
             }
 
1	--- smeserver-subversion-1.4/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28SubversionContent.ImplementReadWriteAccess4 2008-02-24 16:55:12.000000000 +0100
2	+++ smeserver-subversion-1.4/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28SubversionContent 2008-02-24 16:56:15.000000000 +0100
3	@@ -47,7 +47,7 @@
4	my %properties = $repository->props;
5
6	my $error = "";
7	- my $forceSSL;
8	+ my $forceSSL = '';
9
10	my $allow;
11	my $pass;
12	@@ -82,9 +82,6 @@
13	$pass = 0;
14	$satisfy = 'all';
15
16	- $error .= " # - Illegal or no value set for AccessType:\n";
17	- $error .= " # Only allowing access from localhost\n";
18	-
19	}
20
21	}
22	@@ -120,204 +117,221 @@
23	my $SVNAutoVersioning = $properties{'SVNAutoVersioning'} \|\| 'off';
24	my $ModMimeUsePathInfo = $properties{'ModMimeUsePathInfo'} \|\| 'off';
25
26	- # Always have a section for a virtualhost at port 80 and only if neccesarry
27	- # (when authentification is required and therefore passwords are transmitted)
28	- # for a virtualhost at port 443.
29	- if ( ( ($pass eq 0) && ($port eq 80) ) \|\| ( ($pass) \|\| ($forceSSL) ) ) {
30	-
31	- $OUT .= "\n";
32	- $OUT .= " #------------------------------------------------------------\n";
33	- $OUT .= " # $key repository directory ($properties{'Description'})\n";
34	- $OUT .= " # Some error(s) occurred:\n$error" if ($error);
35	- $OUT .= " #------------------------------------------------------------\n";
36	-
37	- my $allowOverride = $properties{'AllowOverride'} \|\| "None";
38	+ my $allowOverride = $properties{'AllowOverride'} \|\| "None";
39
40	- my $usersRead;
41	- my @listRead;
42	+ my $usersRead;
43	+ my $groupsRead = '';
44	+ my @listRead;
45
46	- if ($properties{'GroupsRead'}) {
47	+ if ($properties{'GroupsRead'}) {
48
49	- my @groupsRead = split (/,/, $properties{'GroupsRead'});
50	+ my @groupsRead = split (/,/, $properties{'GroupsRead'});
51
52	- foreach my $groupRead (@groupsRead) {
53	+ foreach my $groupRead (@groupsRead) {
54
55	- my $membersRead = $db_accounts->get_prop($groupRead, 'Members') \|\| "";
56	+ my $membersRead = $db_accounts->get_prop($groupRead, 'Members') \|\| "";
57
58	- if (length($membersRead) > 0) {
59	+ if (length($membersRead) > 0) {
60
61	- push @listRead, split (/,/, $membersRead);
62	+ push @listRead, split (/,/, $membersRead);
63
64	- }
65	-
66	}
67	-
68	+
69	}
70
71	- if ($properties{'UsersRead'}) {
72	+ }
73
74	- push @listRead, split (/,/, $properties{'UsersRead'});
75	+ if ($properties{'UsersRead'}) {
76
77	- }
78	+ push @listRead, split (/,/, $properties{'UsersRead'});
79
80	- if (@listRead > 1) {
81	+ }
82
83	- @listRead = sort(@listRead);
84	+ if (@listRead > 1) {
85
86	- }
87	+ @listRead = sort(@listRead);
88
89	- my $prevRead = '';
90	- @listRead = grep($_ ne $prevRead && (($prevRead) = $_), @listRead);
91	+ }
92
93	- $usersRead = join(" ", @listRead) \|\| '';
94	+ my $prevRead = '';
95	+ @listRead = grep($_ ne $prevRead && (($prevRead) = $_), @listRead);
96
97	- undef @listRead;
98	+ $usersRead = join(" ", @listRead) \|\| '';
99
100	- my $usersWrite;
101	- my @listWrite;
102	+ undef @listRead;
103
104	- if ($properties{'GroupsWrite'}) {
105	+ my $usersWrite;
106	+ my $groupsWrite = '';
107	+ my @listWrite;
108
109	- my @groupsWrite = split (/,/, $properties{'GroupsWrite'});
110	+ if ($properties{'GroupsWrite'}) {
111
112	- foreach my $groupWrite (@groupsWrite) {
113	+ my @groupsWrite = split (/,/, $properties{'GroupsWrite'});
114
115	- my $membersWrite = $db_accounts->get_prop($groupWrite, 'Members') \|\| "";
116	+ foreach my $groupWrite (@groupsWrite) {
117
118	- if (length($membersWrite) > 0) {
119	+ my $membersWrite = $db_accounts->get_prop($groupWrite, 'Members') \|\| "";
120
121	- push @listWrite, split (/,/, $membersWrite);
122	+ if (length($membersWrite) > 0) {
123
124	- }
125	+ push @listWrite, split (/,/, $membersWrite);
126
127	}
128
129	}
130
131	- if ($properties{'UsersWrite'}) {
132	+ }
133
134	- push @listWrite, split (/,/, $properties{'UsersWrite'});
135	+ if ($properties{'UsersWrite'}) {
136
137	- }
138	+ push @listWrite, split (/,/, $properties{'UsersWrite'});
139
140	- if (@listWrite > 1) {
141	+ }
142
143	- @listWrite = sort(@listWrite);
144	+ if (@listWrite > 1) {
145
146	- }
147	+ @listWrite = sort(@listWrite);
148
149	- my $prevWrite = '';
150	- @listWrite = grep($_ ne $prevWrite && (($prevWrite) = $_), @listWrite);
151	+ }
152
153	- $usersWrite = join(" ", @listWrite) \|\| '';
154	+ my $prevWrite = '';
155	+ @listWrite = grep($_ ne $prevWrite && (($prevWrite) = $_), @listWrite);
156
157	- undef @listWrite;
158	+ $usersWrite = join(" ", @listWrite) \|\| '';
159
160	- # Only when authentification is required or SSL is forced
161	- if ( ($pass) \|\| ($forceSSL) ) {
162	-
163	- # Enable RewriteRule only when neccesarry:
164	- # - when we are configureing the VirtualDomain for a non-secured port
165	- # - when module for SSL is loaded
166	- # - when plaintext passwords are not allowed
167	- # - when HTTP over SSL is forced
168	- if ( ($port ne "443") && ($haveSSL eq 'yes') && ( ($plainTextAccess ne 'yes') \|\| ($forceSSL) ) ) {
169	-
170	- $OUT .= "\n";
171	- $OUT .= " RewriteEngine on\n";
172	- $OUT .= " RewriteCond %{REQUEST_METHOD} ^(TRACE\|TRACK)\n";
173	- $OUT .= " RewriteRule .* - [F]\n";
174	- $OUT .= "\n";
175	- $OUT .= " RewriteRule ^/$key(/.*\|\$) https://%{HTTP_HOST}/$key\$1 [L,R]\n";
176	+ undef @listWrite;
177
178	- }
179	+ $OUT .= "\n";
180	+ $OUT .= " #------------------------------------------------------------\n";
181	+ $OUT .= " # $key repository directory ($properties{'Description'})\n";
182	+ $OUT .= " #------------------------------------------------------------\n\n";
183
184	- # Enable authentification only when required and SSL is provided
185	- if ( ($pass) && ($port eq "443") ) {
186	+ # port = 80 &&
187	+ # forceSSL = yes \|\| pass = 1
188	+ # groupsWrite ne "" &&
189	+ # groupsRead \|\| usersRead
190	+ # groupsRead && usersRead
191	+ # usersWrite ne "" &&
192	+ # groupsRead \|\| usersRead
193	+ # groupsRead && usersRead
194	+
195	+ if ( ($port eq 80) && ( ($forceSSL eq 'yes') \|\| ($pass eq 1) \|\| ($groupsRead ne "") \|\| ($usersRead ne "") \|\| ( ($groupsRead ne "") && ($usersRead ne "") ) ) ){
196	+
197	+ $OUT .= " # Redirecting: Only access over SSL allowed\n";
198	+ $OUT .= " RewriteEngine on\n";
199	+ $OUT .= " RewriteCond %{REQUEST_METHOD} ^(TRACE\|TRACK)\n";
200	+ $OUT .= " RewriteRule .* - [F]\n";
201	+ $OUT .= " RewriteRule ^/$key(/.*\|\$) https://%{HTTP_HOST}/$key\$1 [L,R]\n\n";
202	+
203	+ } else {
204	+
205	+ if ( ( ($port eq 80) && ($forceSSL ne 'yes') && ($pass ne 1) ) \|\| ($port eq 443) ) {
206	+
207	+ if ($port eq 443) {
208
209	- $OUT .= "\n";
210	$OUT .= " AddExternalAuth pwauth /usr/lib/httpd/modules/pwauth\n";
211	- $OUT .= " SetExternalAuthMethod pwauth pipe\n";
212	+ $OUT .= " SetExternalAuthMethod pwauth pipe\n\n";
213
214	}
215	-
216	- }
217
218	- $OUT .= "\n";
219	- $OUT .= " <Location /$key>\n";
220	+ $OUT .= " <Location /$key>\n\n";
221
222	- $OUT .= "\n";
223	- $OUT .= " DAV svn\n";
224	- $OUT .= " SVNPath /home/e-smith/files/repositories/$key\n";
225	-
226	- $OUT .= "\n";
227	- $OUT .= " SVNAutoVersioning $SVNAutoVersioning\n";
228	- $OUT .= " ModMimeUsePathInfo $ModMimeUsePathInfo\n";
229	-
230	- $OUT .= "\n";
231	- $OUT .= " Options None\n";
232	- $OUT .= " AllowOverride $allowOverride\n";
233	- $OUT .= " order deny,allow\n";
234	- $OUT .= " deny from all\n";
235	-
236	- # Only allow when really allowed:
237	- # - a secure connection is available and authentification is required
238	- # - authentification is not required and no SSL is forced
239	- # - a secure connection is unavailable
240	- if ( ($port eq "443") \|\| ( ($pass eq 0) && ($forceSSL eq 0) ) \|\| ($haveSSL ne 'yes') ) {
241	+ $OUT .= " DAV svn\n";
242	+ $OUT .= " SVNPath /home/e-smith/files/repositories/$key\n\n";
243
244	- $OUT .= " allow from $allow\n";
245	+ $OUT .= " SVNAutoVersioning $SVNAutoVersioning\n\n";
246	+ $OUT .= " ModMimeUsePathInfo $ModMimeUsePathInfo\n\n";
247
248	- # Enable authentification against the SME Server users and groups when required
249	- if ($pass) {
250	+ if ( ($port eq 443) && ( ($forceSSL eq 'yes') \|\| ($pass eq 1) ) && ($groupsWrite ne "") \|\| ($usersWrite ne "") \|\| ($groupsRead ne "") \|\| ($usersRead ne "") ) {
251
252	- $OUT .= "\n";
253	$OUT .= " AuthName \"$properties{'Description'}\"\n";
254	$OUT .= " AuthType Basic\n";
255	- $OUT .= " AuthExternal pwauth\n";
256	+ $OUT .= " AuthExternal pwauth\n\n";
257
258	+ }
259
260	- if ($usersRead) {
261	+ $OUT .= " # Read access:\n";
262	+ $OUT .= " # Anonymous access\n" unless ( ($groupsRead ne "") \|\| ($usersRead ne "") );
263	+ $OUT .= " # Group(s): " . ($groupsRead \|\| "none") . "\n" unless ($groupsRead eq "");
264	+ $OUT .= " # User(s) : " . ($usersRead \|\| "none") . "\n" unless ($usersRead eq "");
265
266	- $OUT .= " <Limit GET PROPFIND OPTIONS REPORT>\n";
267	- $OUT .= " Require user $usersRead\n";
268	- $OUT .= " </Limit>\n";
269	+# $OUT .= " <LimitExcept GET PROPFIND OPTIONS REPORT>\n";
270	+ $OUT .= " <Limit GET PROPFIND OPTIONS REPORT>\n";
271
272	- }
273	+ $OUT .= " order deny,allow\n";
274	+ $OUT .= " deny from all\n";
275
276	- if ($groupsRead) {
277	+ if ( ( ($groupsRead eq "") && ($usersRead eq "") ) \|\| ( ( ($groupsRead ne "") \|\| ($usersRead ne "") ) && ($port eq 443) ) ) {
278
279	- $OUT .= " <Limit GET PROPFIND OPTIONS REPORT>\n";
280	- $OUT .= " Require group $groupsRead\n";
281	- $OUT .= " </Limit>\n";
282	+ $OUT .= " allow from $allow\n";
283	+ $OUT .= " Require group $groupsRead\n" unless ($groupsRead eq "");
284	+ $OUT .= " Require user $usersRead\n" unless ($usersRead eq "");
285
286	- }
287	+ } else {
288
289	- if ($usersWrite) {
290	+ $OUT .= " # Denying access:\n";
291	+ $OUT .= " # User authentication required this requires SSL\n";
292
293	- $OUT .= " <LimitExcept GET PROPFIND OPTIONS REPORT>\n";
294	- $OUT .= " Require user $usersWrite\n";
295	- $OUT .= " </LimitExcept>\n";
296	+ }
297
298	- }
299	+ $OUT .= " Satisfy $satisfy\n";
300	+# $OUT .= " </LimitExcept>\n\n";
301	+ $OUT .= " </Limit>\n\n";
302	+
303	+ $OUT .= " # Full access:\n";
304	+ $OUT .= " # Anonymous access\n" unless ( ($groupsWrite ne "") \|\| ($usersWrite ne "") );
305	+ $OUT .= " # Group(s): " . ($groupsWrite \|\| "none") . "\n" unless ($groupsWrite eq "");
306	+ $OUT .= " # User(s) : " . ($usersWrite \|\| "none") . "\n" unless ($usersWrite eq "");
307	+
308	+# $OUT .= " <Limit GET PROPFIND OPTIONS REPORT>\n";
309	+ $OUT .= " <LimitExcept GET PROPFIND OPTIONS REPORT>\n";
310	+
311	+ $OUT .= " order deny,allow\n";
312	+ $OUT .= " deny from all\n";
313	+
314	+ if (
315	+ ( ($port eq 443) &&
316	+ (
317	+ ( ($groupsRead eq "") && ($usersRead eq "") ) \|\|
318	+ ( ($groupsWrite eq "") \|\| ($usersWrite eq "") ) && ( ($groupsRead eq "") && ($usersRead eq "") ) \|\|
319	+ ( ($usersRead ne "") && ( ($groupsWrite ne "") \|\| ($usersWrite ne "") \|\| ( ($groupsWrite ne "") && ($usersWrite ne "") ) ) ) \|\|
320	+ ( ($groupsRead ne "") && ( ($groupsWrite ne "") \|\| ($usersWrite ne "") \|\| ( ($groupsWrite ne "") && ($usersWrite ne "") ) ) )
321	+ )
322	+ ) \|\| (
323	+ ($port eq 80) &&
324	+ ( ($groupsWrite eq "") && ($usersWrite eq "") && ($groupsRead eq "") && ($usersRead eq "") )
325	+ )
326	+ ) {
327	+
328	+ $OUT .= " allow from $allow\n";
329	+ $OUT .= " Require group $groupsWrite\n" unless ($groupsWrite eq "");
330	+ $OUT .= " Require user $usersWrite\n" unless ($usersWrite eq "");
331	+
332	+ } else {
333	+
334	+ $OUT .= " # Denying access:\n";
335
336	- if ($groupsWrite) {
337	+ if ( ($groupsRead ne "") \|\| ($usersRead ne "") \|\| ( ($groupsRead ne "") && ($usersRead ne "") ) ) {
338
339	- $OUT .= " <LimitExcept GET PROPFIND OPTIONS REPORT>\n";
340	- $OUT .= " Require group $groupsWrite\n";
341	- $OUT .= " </LimitExcept>\n";
342	+ $OUT .= " # Read authentication required, no anonymous write access allowed\n";
343
344	- }
345	+ } else {
346
347	- $OUT .= " require valid-user\n" if ( ($usersRead eq '') && ($groupsRead eq '') && ($usersWrite eq '') && ($groupsWrite eq '') );
348	- $OUT .= " Satisfy $satisfy\n";
349	+ $OUT .= " # SSL required, no access allowed without.\n";
350	+ }
351
352	}
353
354	- }
355	+ $OUT .= " Satisfy $satisfy\n";
356	+# $OUT .= " </Limit>\n\n";
357	+ $OUT .= " </LimitExcept>\n\n";
358	+
359	+# $OUT .= " Satisfy $satisfy\n\n";
360	+# $OUT .= " Satisfy any\n\n";
361
362	- $OUT .= "\n";
363	- $OUT .= " </Location>\n";
364	+ $OUT .= " </Location>\n\n";
365	+
366	+ }
367
368	}
369