From f77e676cfc7f6919fa6a4145180899afd4ad1fd6 Mon Sep 17 00:00:00 2001 From: James Meyer <james.meyer@operamail.com> Date: Tue, 9 Dec 2008 19:41:05 -0600 Subject: Connect various pieces to dd password protection to /mythweb. Disabled by default. --- abs/core-testing/LinHES-config/PKGBUILD | 2 +- abs/core-testing/LinHES-config/myth_user_call | 14 +++++++++++--- abs/core-testing/LinHES-config/systemconfig.sh | 18 ++++++++++++++++-- abs/core-testing/lighttpd/PKGBUILD | 7 ++++--- abs/core-testing/lighttpd/_changelog | 1 + abs/core-testing/lighttpd/auth-inc.conf | 12 ++++++++++++ abs/core-testing/lighttpd/lighttpd.conf | 12 ++++++------ abs/core-testing/lighttpd/lighttpd.install | 18 ++++-------------- abs/mv-core/MythVantage-config/myth_user_call | 14 +++++++++++--- abs/mv-core/MythVantage-config/systemconfig.sh | 14 ++++++++++++++ 10 files changed, 80 insertions(+), 32 deletions(-) create mode 100644 abs/core-testing/lighttpd/auth-inc.conf diff --git a/abs/core-testing/LinHES-config/PKGBUILD b/abs/core-testing/LinHES-config/PKGBUILD index f9d2aae..d35dfbb 100755 --- a/abs/core-testing/LinHES-config/PKGBUILD +++ b/abs/core-testing/LinHES-config/PKGBUILD @@ -1,6 +1,6 @@ pkgname=LinHES-config pkgver=1.0 -pkgrel=85 +pkgrel=89 conflicts=(MythVantage-config MythVantage-config-dev LinHES-config-dev ) pkgdesc="Install and configure your system" depends=(bc libstatgrab mysql-python expect curl dnsutils parted sg3_utils nmbscan ) diff --git a/abs/core-testing/LinHES-config/myth_user_call b/abs/core-testing/LinHES-config/myth_user_call index d95e468..0f899df 100644 --- a/abs/core-testing/LinHES-config/myth_user_call +++ b/abs/core-testing/LinHES-config/myth_user_call @@ -1,4 +1,4 @@ -#!/bin/bash +GGGGGGGGG#!/bin/bash #Wrapper script to manage USERNAME accounts + web security # myth_USERNAME_all -c add -u USERNAME # myth_USERNAME_all -c delete -u USERNAME @@ -63,7 +63,14 @@ function pass_change() { function web_security { - echo "this is just a stub" + + grep -q ${USERNAME}: /etc/lighttpd/lighttpd.user + if [ $? = 0 ] + then + #delete user + sed -i "/${USERNAME}\:/d" /etc/lighttpd/lighttpd.user + fi + echo "${USERNAME}:${PASSWORD}" >> /etc/lighttpd/lighttpd.user } @@ -155,7 +162,8 @@ case $OPERATION in then print_help fi - echo "adding webUSERNAME $USERNAME with $PASS" + echo "adding webUSERNAME $USERNAME with pass $PASSWORD" + web_security ;; *) print_help ;; diff --git a/abs/core-testing/LinHES-config/systemconfig.sh b/abs/core-testing/LinHES-config/systemconfig.sh index 05dfd89..f2f20a0 100755 --- a/abs/core-testing/LinHES-config/systemconfig.sh +++ b/abs/core-testing/LinHES-config/systemconfig.sh @@ -217,7 +217,7 @@ function setupremote { if [ ! -d /home/mythtv/.mythtv ] then mkdir /home/mythtv/.mythtv - chown mythtv:mythtv /home/mythtv/.mythtv + chown mythtv:mythtv /home/mythtv/.mythtv fi ln -s /etc/lircrc /home/mythtv/.mythtv/lircrc 2> /dev/null @@ -227,7 +227,7 @@ function setupremote { ln -s /etc/lircrc /home/mythtv/.lircrc 2> /dev/null fi - + ;; esac @@ -988,6 +988,18 @@ do done } +function setup_web_auth { + if [ x$UseMythWEB_auth = x1 ] + then + #enable auth + sed -ie "s/^.*include.*auth-inc.conf.*$/include \"\/etc\/lighttpd\/auth-inc.conf\"/g" /etc/lighttpd/lighttpd.conf + else + #disable auth + sed -ie "s/^.*include.*auth-inc.conf.*$/#include \"\/etc\/lighttpd\/auth-inc.conf\"/g" /etc/lighttpd/lighttpd.conf + fi + sudo sv restart lighttpd + +} #----------------------------------------------------MAIN PROGRAM------------------------------------------- #misc,sleep,hostype,advanced,audio @@ -1019,6 +1031,8 @@ for i in $LIST ;; advancedX) showX="true" ;; + webuser) setup_web_auth + ;; restartfe) killall -9 mythfrontend killall -9 mythwelcome exit 0 diff --git a/abs/core-testing/lighttpd/PKGBUILD b/abs/core-testing/lighttpd/PKGBUILD index 0b42db7..db98bc4 100644 --- a/abs/core-testing/lighttpd/PKGBUILD +++ b/abs/core-testing/lighttpd/PKGBUILD @@ -1,6 +1,6 @@ pkgname=lighttpd pkgver=1.4.20 -pkgrel=6 +pkgrel=12 pkgdesc='a secure, fast, compliant and very flexible web-server' license=('custom') arch=('i686' 'x86_64') @@ -15,11 +15,11 @@ optdepends=('libxml2: mod_webdav' \ 'sqlite3: mod_webdav' \ 'gdbm: mod_trigger_b4_dl' \ ) -backup=('etc/lighttpd/lighttpd.conf' 'etc/logrotate.d/lighttpd') +backup=('etc/lighttpd/lighttpd.conf' 'etc/logrotate.d/lighttpd' 'etc/lighttpd/auth-inc.conf') options=('!libtool' 'emptydirs') install='lighttpd.install' source=("http://www.lighttpd.net/download/lighttpd-${pkgver}.tar.bz2" \ - 'lighttpd.rc.d' 'lighttpd.logrotate.d' lighttpd.conf) + 'lighttpd.rc.d' 'lighttpd.logrotate.d' lighttpd.conf auth-inc.conf) md5sums=('ed6ee0bb714f393219a32768d86984d8' 'bd690eee0d9e51857448770a151023b0' @@ -64,6 +64,7 @@ build() { # -e 's|/usr/local/bin/php-cgi|/usr/bin/php-cgi|' \ # -i ${pkgdir}/etc/lighttpd/lighttpd.conf || return 1 install -D -m644 $startdir/src/lighttpd.conf $pkgdir/etc/lighttpd/lighttpd.conf + install -D -m644 $startdir/src/auth-inc.conf $pkgdir/etc/lighttpd/auth-inc.conf install -D -m644 COPYING $pkgdir/usr/share/licenses/$pkgname/COPYING } diff --git a/abs/core-testing/lighttpd/_changelog b/abs/core-testing/lighttpd/_changelog index 202ea2f..439f42d 100644 --- a/abs/core-testing/lighttpd/_changelog +++ b/abs/core-testing/lighttpd/_changelog @@ -1 +1,2 @@ changed docroot to /data/srv/ +modified auth to require valid user (include auth-inc.conf) diff --git a/abs/core-testing/lighttpd/auth-inc.conf b/abs/core-testing/lighttpd/auth-inc.conf new file mode 100644 index 0000000..21c4c55 --- /dev/null +++ b/abs/core-testing/lighttpd/auth-inc.conf @@ -0,0 +1,12 @@ +auth.backend = "plain" +auth.backend.plain.userfile = "/etc/lighttpd/lighttpd.user" + + +auth.require = ( "/mythweb" => + ( + "method" => "basic", + "realm" => "MythWeb", + "require" => "valid-user" + ) + ) + diff --git a/abs/core-testing/lighttpd/lighttpd.conf b/abs/core-testing/lighttpd/lighttpd.conf index efcd219..e2c60da 100644 --- a/abs/core-testing/lighttpd/lighttpd.conf +++ b/abs/core-testing/lighttpd/lighttpd.conf @@ -18,7 +18,7 @@ server.modules = ( "mod_access", # "mod_cml", # "mod_trigger_b4_dl", -# "mod_auth", + "mod_auth", # "mod_status", "mod_setenv", "mod_fastcgi", @@ -263,12 +263,12 @@ cgi.assign = ( ".pl" => "/usr/bin/perl", #auth.backend.ldap.base-dn = "dc=my-domain,dc=com" #auth.backend.ldap.filter = "(uid=$)" -#auth.require = ( "/server-status" => +#auth.require = ( "/mythweb => # ( -# "method" => "digest", +# "method" => "plain", # "realm" => "download archiv", -# "require" => "user=jan" -# ), +# "require" => "valid-user" +# ) # "/server-config" => # ( # "method" => "digest", @@ -337,7 +337,7 @@ cgi.assign = ( ".pl" => "/usr/bin/perl", #index-file.names += (foo + ".php") #### include -#include /etc/lighttpd/lighttpd-inc.conf +#include "/etc/lighttpd/auth-inc.conf" ## same as above if you run: "lighttpd -f /etc/lighttpd/lighttpd.conf" #include "lighttpd-inc.conf" diff --git a/abs/core-testing/lighttpd/lighttpd.install b/abs/core-testing/lighttpd/lighttpd.install index 9d98d41..bf4c132 100644 --- a/abs/core-testing/lighttpd/lighttpd.install +++ b/abs/core-testing/lighttpd/lighttpd.install @@ -1,16 +1,6 @@ +pre_upgrade() { + mv /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.old +} post_upgrade() { - if [ $(vercmp '1.4.19-1' $2) -ge 0 ]; then - echo ' - ==> New default DocumentRoot - - lighttpd uses /srv/http as default DocumentRoot. - You can still use your current DocumentRoot - - ==> New default user and group - - Instead of "nobody" lighttpd runs as user/group "http" by default now. You might - want to adjust your lighttpd.conf according to this change. But you can still - run lighttpd as nobody. - ' - fi + touch /etc/lighttpd/lighttpd.user } diff --git a/abs/mv-core/MythVantage-config/myth_user_call b/abs/mv-core/MythVantage-config/myth_user_call index d95e468..0f899df 100644 --- a/abs/mv-core/MythVantage-config/myth_user_call +++ b/abs/mv-core/MythVantage-config/myth_user_call @@ -1,4 +1,4 @@ -#!/bin/bash +GGGGGGGGG#!/bin/bash #Wrapper script to manage USERNAME accounts + web security # myth_USERNAME_all -c add -u USERNAME # myth_USERNAME_all -c delete -u USERNAME @@ -63,7 +63,14 @@ function pass_change() { function web_security { - echo "this is just a stub" + + grep -q ${USERNAME}: /etc/lighttpd/lighttpd.user + if [ $? = 0 ] + then + #delete user + sed -i "/${USERNAME}\:/d" /etc/lighttpd/lighttpd.user + fi + echo "${USERNAME}:${PASSWORD}" >> /etc/lighttpd/lighttpd.user } @@ -155,7 +162,8 @@ case $OPERATION in then print_help fi - echo "adding webUSERNAME $USERNAME with $PASS" + echo "adding webUSERNAME $USERNAME with pass $PASSWORD" + web_security ;; *) print_help ;; diff --git a/abs/mv-core/MythVantage-config/systemconfig.sh b/abs/mv-core/MythVantage-config/systemconfig.sh index 4885f5a..6971e8f 100755 --- a/abs/mv-core/MythVantage-config/systemconfig.sh +++ b/abs/mv-core/MythVantage-config/systemconfig.sh @@ -968,6 +968,18 @@ do done } +function setup_web_auth { + if [ x$UseMythWEB_auth = x1 ] + then + #enable auth + sed -ie "s/^.*include.*auth-inc.conf.*$/include \"\/etc\/lighttpd\/auth-inc.conf\"/g" /etc/lighttpd/lighttpd.conf + else + #disable auth + sed -ie "s/^.*include.*auth-inc.conf.*$/#include \"\/etc\/lighttpd\/auth-inc.conf\"/g" /etc/lighttpd/lighttpd.conf + fi + sudo sv restart lighttpd + +} #----------------------------------------------------MAIN PROGRAM------------------------------------------- #misc,sleep,hostype,advanced,audio @@ -999,6 +1011,8 @@ do ;; advancedX) showX="true" ;; + webuser) setup_web_auth + ;; restartfe) killall -9 mythfrontend killall -9 mythwelcome exit 0 -- cgit v0.12