initial commit of file from CVS for smeserver-BackupPC on Sat Sep 7 20:10:07 AEST 2024

root/etc/e-smith/templates/etc/httpd/bkpc-conf/httpd.conf/01localAccessString

@@ -0,0 +1,23 @@
+{
+    #---------------------------------------------------------------------
+    # Grab ValidFrom access list property of httpd-admin
+    # SSL enabled virtual hosts should only allow access from IP's in
+    # this list, as well as local networks.
+    #---------------------------------------------------------------------
+    use esmith::NetworksDB;
+
+    my $ndb = esmith::NetworksDB->open_ro();
+
+    my @localAccess = $ndb->local_access_spec();
+    my $validFrom = ${'httpd-admin'}{'ValidFrom'};
+    if ($validFrom)
+    {   
+        push @localAccess, split /,/, $validFrom;
+    }
+    $localAccess .= join ' ',
+        map { s:/255.255.255.255::; $_ }
+            @localAccess;
+
+    "";
+}
+

root/etc/e-smith/templates/etc/httpd/bkpc-conf/httpd.conf/19AuthTKT

@@ -0,0 +1,8 @@
+{
+    $OUT .= "LoadModule auth_tkt_module modules/mod_auth_tkt.so\n";
+
+    my $secret = ${'httpd-admin'}{TKTAuthSecret} || "34322500-7330-4400-423A-3A00434F5245";
+    $OUT .= "TKTAuthSecret \"$secret\"\n";
+    $OUT .= "TKTAuthDigestType SHA256\n";
+}
+

root/etc/e-smith/templates/etc/httpd/bkpc-conf/httpd.conf/20Modules

@@ -0,0 +1,153 @@
+{
+    my $port = ${'httpd-bkpc'}{TCPPort} || '950'; 
+    $OUT .= "Listen 127.0.0.1:$port\n";
+    
+    $OUT .= <<HERE;
+    
+HostnameLookups off
+    
+ServerAdmin admin@$DomainName
+ServerRoot /etc/httpd
+ServerTokens ProductOnly
+    
+User backuppc
+Group backuppc
+    
+ErrorLog /var/log/httpd/bkpc_error_log
+LogLevel warn
+HERE
+
+foreach (qw(
+    env
+    log_config
+    mime
+    negotiation
+    status
+    info
+    include
+    autoindex
+    dir
+    asis
+    imap
+    imagemap
+    actions
+    userdir
+    proxy
+    proxy_http
+    alias
+    rewrite
+    access
+    authz_host
+    authz_user
+    auth
+    auth_anon
+    auth_digest
+    expires
+    headers
+    usertrack
+    setenvif
+    ssl
+    cgi
+    mpm_prefork
+    unixd
+    access_compat
+    authn_core
+    authz_core
+    ))
+{
+    next unless -f "/usr/lib/httpd/modules/mod_${_}.so" ||
+                -f "/usr/lib64/httpd/modules/mod_${_}.so";
+    $OUT .= "LoadModule ${_}_module modules/mod_${_}.so\n";
+}
+
+$OUT .=<<"HERE";
+
+PidFile /var/run/httpd-bkpc.pid
+ScoreBoardFile /var/run/httpd-bkpc.scoreboard
+UseCanonicalName off
+LogFormat "%h %l %u %t \\"%r\\" %>s %b" common
+LogFormat "%{User-agent}i" agent
+
+CustomLog /var/log/httpd/bkpc_access_log common
+
+KeepAlive On
+MaxKeepAliveRequests 100
+KeepAliveTimeout 15
+
+MaxClients 150
+MaxRequestsPerChild 100
+
+ServerName www.$DomainName
+
+MinSpareServers 1
+MaxSpareServers 5
+StartServers 1
+Timeout 300
+
+DefaultIcon /icons/unknown.gif
+DirectoryIndex index.htm index.html index.php index.cgi
+IndexOptions FancyIndexing VersionSort NameWidth=*
+IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
+AccessFileName .htaccess
+
+AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
+AddIconByType (TXT,/icons/text.gif) text/*
+AddIconByType (IMG,/icons/image2.gif) image/*
+AddIconByType (SND,/icons/sound2.gif) audio/*
+AddIconByType (VID,/icons/movie.gif) video/*
+TypesConfig /etc/mime.types
+
+AddEncoding x-compress Z
+AddEncoding x-gzip gz
+
+AddIcon /icons/binary.gif .bin .exe
+AddIcon /icons/binhex.gif .hqx
+AddIcon /icons/tar.gif .tar
+AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
+AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
+AddIcon /icons/a.gif .ps .ai .eps
+AddIcon /icons/layout.gif .html .shtml .htm .pdf
+AddIcon /icons/text.gif .txt
+AddIcon /icons/c.gif .c
+AddIcon /icons/p.gif .pl .py
+AddIcon /icons/f.gif .for
+AddIcon /icons/dvi.gif .dvi
+AddIcon /icons/uuencoded.gif .uu
+AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
+AddIcon /icons/tex.gif .tex
+AddIcon /icons/bomb.gif core
+
+AddIcon /icons/back.gif ..
+AddIcon /icons/hand.right.gif README
+AddIcon /icons/folder.gif ^^DIRECTORY^^
+AddIcon /icons/blank.gif ^^BLANKICON^^
+
+AddLanguage en .en
+AddLanguage fr .fr
+AddLanguage de .de
+AddLanguage da .da
+AddLanguage el .el
+AddLanguage it .it
+
+LanguagePriority en fr de
+
+AddType text/html .shtml
+AddType application/x-pkcs7-crl    .crl
+
+AddType application/x-x509-ca-cert .crt
+
+BrowserMatch "Mozilla/2" nokeepalive
+BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
+BrowserMatch "RealPlayer 4\.0" force-response-1.0
+BrowserMatch "Java/1\.0" force-response-1.0
+BrowserMatch "JDK/1\.0" force-response-1.0
+
+AddHandler cgi-script .cgi
+AddHandler server-parsed .shtml
+AddHandler imap-file map
+
+DocumentRoot         /usr/share/BackupPC/html
+
+HERE
+}
+

root/etc/e-smith/templates/etc/httpd/bkpc-conf/httpd.conf/85DefaultAccess

@@ -0,0 +1,11 @@
+
+# First, we configure the "default" to be a very restrictive set of 
+# permissions.  
+
+<Directory />
+    Options None
+    AllowOverride None
+    Require all denied
+</Directory>
+
+

root/etc/e-smith/templates/etc/httpd/bkpc-conf/httpd.conf/90BackupPC

@@ -0,0 +1,31 @@
+
+Alias           /BackupPC/images        /usr/share/BackupPC/html/
+ScriptAlias     /BackupPC               /usr/share/BackupPC/sbin/BackupPC_Admin
+
+<Directory /usr/share/BackupPC/html/>
+    Options None
+    AllowOverride None
+    Require ip 127.0.0.1
+</Directory>
+
+<Directory /usr/share/BackupPC/sbin/>
+        Options ExecCGI
+        AllowOverride None
+        AuthName "BackupPC"
+		AuthType Basic
+        TKTAuthLoginURL /server-common/cgi-bin/login
+{
+        my $ManagerTimeout = ${'httpd-admin'}{ManagerTimeout} || "30m";
+        $OUT = "    TKTAuthTimeout $ManagerTimeout\n";
+        my $Cookie = ${'httpd-admin'}{Cookie} || "disabled";
+        $OUT .= "    TKTAuthCookieExpires $ManagerTimeout\n" if "$Cookie" eq "enabled";
+        my $ManagerTimeoutReset = ${'httpd-admin'}{ManagerTimeoutReset} || "0.66";
+        $OUT .= "    TKTAuthTimeoutRefresh $ManagerTimeoutReset\n";
+}
+	<RequireAll>
+	    Require valid-user
+	    Require ip 127.0.0.1
+        </RequireAll>
+</Directory>
+
+

root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28BackupPCProxyPass

@@ -0,0 +1,29 @@
+{
+    # vim: ft=perl:
+
+    $haveSSL = (exists ${modSSL}{status} and ${modSSL}{status} eq "enabled") ?  'yes' : 'no';
+
+    $OUT = '';
+    if ((${'backuppc'}{'status'} || 'disabled') eq 'enabled' &&
+        (${'httpd-bkpc'}{'status'} || 'disabled') eq 'enabled'){
+
+		$OUT .= "    RewriteRule ^/backuppc(/.*|\$)    https://%{HTTP_HOST}/BackupPC\$1 [L,R]\n";
+
+        if (($port eq "80") && ($haveSSL eq 'yes')){
+            $OUT .= "    RewriteRule ^/BackupPC(/.*|\$)    https://%{HTTP_HOST}/BackupPC\$1 [L,R]\n";
+        }
+        else{
+            $OUT .= "    ProxyPass /BackupPC http://127.0.0.1:${'httpd-bkpc'}{TCPPort}/BackupPC\n";
+            $OUT .= "    ProxyPassReverse /BackupPC http://127.0.0.1:${'httpd-bkpc'}{TCPPort}/BackupPC\n";
+        }
+
+        $OUT .=<<"HERE";
+
+    <Location /BackupPC>
+        SSLRequireSSL on
+        Require ip $localAccess $externalSSLAccess
+    </Location>
+
+HERE
+    }
+}

root/etc/e-smith/templates/etc/sudoers/00BackupPCAlias

@@ -0,0 +1,7 @@
+{
+$OUT .= "Cmnd_Alias      BACKUPPC_CMD = /usr/share/BackupPC/bin/BackupPC_SME_pre-backup, /etc/rc.d/init.d/backuppc *";
+foreach( split( /[;,]/,( $backuppc{'sudo'} || '' ) ) ){
+    $OUT .= ", $_";
+}
+}
+

root/etc/e-smith/templates/etc/sudoers/20BackupPC

@@ -0,0 +1 @@
+backuppc ALL=(root) NOPASSWD: BACKUPPC_CMD

root/etc/e-smith/templates/etc/updatedb.conf/05BackupPC

@@ -0,0 +1,4 @@
+{
+  $PRUNEPATHS .= " /var/lib/BackupPC ";
+  $OUT ="";
+}