initial commit of file from CVS for smeserver-mod_dav on Sat Sep 7 20:41:25 AEST 2024
This commit is contained in:
Trevor Batley
1
root/etc/e-smith/db/configuration/defaults/modDAV/status
Normal file
1
root/etc/e-smith/db/configuration/defaults/modDAV/status
Normal file
@@ -0,0 +1 @@
|
||||
enabled
|
||||
1
root/etc/e-smith/db/configuration/defaults/modDAV/type
Normal file
1
root/etc/e-smith/db/configuration/defaults/modDAV/type
Normal file
@@ -0,0 +1 @@
|
||||
service
|
||||
@@ -0,0 +1,9 @@
|
||||
{
|
||||
# vim: ft=perl:
|
||||
my $status = $modDAV{status} || 'disabled';
|
||||
if ( $status eq "enabled" )
|
||||
{
|
||||
$OUT .= "LoadModule dav_module\tmodules/mod_dav.so\n";
|
||||
$OUT .= "LoadModule dav_fs_module modules/mod_dav_fs.so\n";
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
my $status = $modDAV{status} || 'disabled';
|
||||
if ( $status eq "enabled" )
|
||||
{
|
||||
$OUT .= "\nDAVLockDB /var/run/davLocks/DAVLock\n";
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,11 @@
|
||||
#
|
||||
# The following directive disables redirects on non-GET requests for
|
||||
# a directory that does not include the trailing slash. This fixes a
|
||||
# problem with Microsoft WebFolders which does not appropriately handle
|
||||
# redirects for folders with DAV methods.
|
||||
# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
|
||||
#
|
||||
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
|
||||
BrowserMatch "^WebDrive" redirect-carefully
|
||||
BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
|
||||
BrowserMatch "^gnome-vfs" redirect-carefully
|
||||
@@ -0,0 +1,92 @@
|
||||
{
|
||||
use esmith::AccountsDB;
|
||||
use esmith::DAV;
|
||||
my $adb = esmith::AccountsDB->open_ro();
|
||||
$OUT = "";
|
||||
foreach my $ibay ($adb->ibays)
|
||||
{
|
||||
my %properties = $ibay->props;
|
||||
my $key = $ibay->key;
|
||||
my $dynamicContent = $properties{'CgiBin'} || "disabled";
|
||||
my $secureEXEC = $properties{'ModDavSecureEXEC'} || 'enabled';
|
||||
my $access = $properties{'PublicAccess'} || 'none';
|
||||
$OUT .= "\n # ibay $key disabled for httpd so no DAV access\n" if $access eq 'none';
|
||||
next if $access eq 'none';
|
||||
# true if have to be password accessible from somewhere.
|
||||
my $satisfy = ($access eq 'global-pw-remote')? 'RequireAny': 'RequireAll';
|
||||
if ($properties{'ModDav'})
|
||||
{
|
||||
if ($properties{'ModDav'} eq 'enabled')
|
||||
{
|
||||
my $ReadRequire = esmith::DAV::getRequireUser("read", $key );
|
||||
my $WriteRequire = esmith::DAV::getRequireUser("write", $key);
|
||||
my $ReadAllow = esmith::DAV::getAllow("read", $key, $localAccess );
|
||||
my $WriteAllow = esmith::DAV::getAllow("write", $key, $localAccess );
|
||||
|
||||
$OUT .= "\n<Directory /home/e-smith/files/ibays/$key/html>\n\n";
|
||||
$OUT .= " # Enable DAV access for this directory tree\n";
|
||||
$OUT .= " DAV On\n\n";
|
||||
#we will not seriously let you type your password over the network without encryption
|
||||
$OUT .= " SSLRequireSSL\n\n";
|
||||
|
||||
if ($dynamicContent eq 'enabled' && $secureEXEC eq 'enabled')
|
||||
{
|
||||
# we do not want PHP or CGI to be runt there for security reason
|
||||
$OUT .= " <FilesMatch \\.(phar|php)\$>\n";
|
||||
$OUT .= " #disabling php\n";
|
||||
$OUT .= " SetHandler !\n"; # could use also SetHandler none
|
||||
$OUT .= " Require all denied\n" if ( $properties{'ModDavHidePHP'} || 'enabled' ) eq 'enabled';
|
||||
$OUT .= " </FilesMatch>\n";
|
||||
$OUT .= " Options -ExecCGI\n";
|
||||
$OUT .= " RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo\n";
|
||||
$OUT .= " php_flag engine off\n" if ((exists $php{status} and $php{status} eq "enabled") and $phpModule eq "enabled") ;# can not use this one when php module not in use
|
||||
}
|
||||
|
||||
$OUT .= " FileETag ".$properties{'ModDav-FileETag'}."\n\n" if ($properties{'ModDav-FileETag'});
|
||||
|
||||
$OUT .= " AllowOverride None\n";
|
||||
$OUT .= " Options +Indexes \n\n";
|
||||
$OUT .= " # Allow fancy indexing by columns and download by clicking icon\n";
|
||||
$OUT .= " IndexOptions FancyIndexing IconsAreLinks\n\n";
|
||||
|
||||
# bug with httpd-2.4 fixed in httpd-2.5 only see https://bz.apache.org/bugzilla/show_bug.cgi?id=54914 PROPFIND will fail
|
||||
$OUT .= " #because of bug https://bz.apache.org/bugzilla/show_bug.cgi?id=54914 in httpd 2.4 DirectoryIndex disabled is needed for webdav to work\n";
|
||||
$OUT .= " DirectoryIndex disabled\n\n" unless ( ($properties{'ModDavNoDirectoryIndex'}||"enabled" ) eq "disabled");
|
||||
$OUT .= " #DirectoryIndex disabled : DavNoDirectoryIndex has been defined to force DirectoryIndex \n\n" if ( ($properties{'ModDavNoDirectoryIndex'}||"enabled" ) eq "disabled");
|
||||
|
||||
$OUT .= " AuthName \"$properties{'Name'}\"\n";
|
||||
$OUT .= " AuthBasicProvider external\n";
|
||||
$OUT .= " AuthType Basic\n";
|
||||
$OUT .= " AuthExternal pwauth\n";
|
||||
$OUT .= " <$satisfy>\n";
|
||||
$OUT .= " " . $ReadRequire . "\n";
|
||||
$OUT .= " " . $ReadAllow . "\n";
|
||||
$OUT .= " </$satisfy>\n\n";
|
||||
|
||||
# Ensure only valid users get to do stuff... update 2021/02:
|
||||
# GET, POST, PUT, DELETE, CONNECT, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK
|
||||
# some suggest : AllowMethods HEAD GET POST CONNECT PUT DELETE OPTIONS PROPFIND PROPPATCH MKCOL MKCALENDAR COPY MOVE LOCK UNLOCK TRACE
|
||||
# TRACE is not supposed to be limited by this directive, should use TraceEnable
|
||||
# LimitExcept is suggested over Limit in order to catch all non standard methods
|
||||
# however we put our limit to the whole folder with the Require user .... above, so the whole block under seems useless
|
||||
# unless we reduce it to one user, or are fool to enlarge to Require valid-user
|
||||
# $OUT .= " <Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>\n\n";
|
||||
# $OUT .= " #Require all granted\n";
|
||||
# $OUT .= " Require user $userlist\n\n";
|
||||
# $OUT .= " </Limit>\n\n";
|
||||
|
||||
$OUT .= " <LimitExcept GET POST PROPFIND OPTIONS CONNECT>\n";
|
||||
$OUT .= " <RequireAll>\n";
|
||||
$OUT .= " " . $WriteRequire . "\n";
|
||||
$OUT .= " ". $WriteAllow ."\n";
|
||||
$OUT .= " </RequireAll>\n";
|
||||
$OUT .= " </LimitExcept>\n\n";
|
||||
$OUT .= "</Directory>\n";
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$OUT .= "\n # DAV disabled for ibay $key\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,32 @@
|
||||
{
|
||||
# this fragment is to force SSL redirection for webdav activated account in case it is not already enabled
|
||||
# could be removed if core fragment 20IbaysContent introduce forced ssl for DAV
|
||||
use esmith::AccountsDB;
|
||||
my $adb = esmith::AccountsDB->open_ro();
|
||||
$OUT = "";
|
||||
foreach my $ibay ($adb->ibays)
|
||||
{
|
||||
my %properties = $ibay->props;
|
||||
my $key = $ibay->key;
|
||||
my $dynamicContent = $properties{'CgiBin'} || "disabled";
|
||||
my $secureEXEC = $properties{'ModDAVsecureEXEC'} || 'enabled';
|
||||
my $access = $properties{'PublicAccess'} || 'none';
|
||||
$OUT .= "\n # ibay $key disabled for httpd so no DAV access\n" if $access eq 'none';
|
||||
next if $access eq 'none';
|
||||
# true if have to be password accessible from somewhere.
|
||||
if ($properties{'ModDav'})
|
||||
{
|
||||
if ($properties{'ModDav'} eq 'enabled')
|
||||
{
|
||||
# we force SSL redirection in case DAV is enabled
|
||||
if (( $port ne $httpsPort ) && (($ibay->prop('SSL') || 'disabled') ne 'enabled'))
|
||||
{
|
||||
my $portspec = ($httpsPort eq 443) ? "" : ":$httpsPort";
|
||||
$OUT .= " RewriteEngine on\n";
|
||||
$OUT .= " RewriteRule ^/$key(/.*|\$) https://%{HTTP_HOST}${portspec}/$key\$1 \[L,R\]\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user