# HG changeset patch # User Matthias Förste # Date 1311154720 -7200 # Node ID 9ccda224d44536c2b5998a2348f3646a59c8b405 # Parent a459cc790ed0e20e3465b23e6d99ffdd3c34bdd4# Parent 14bfe434565482417cdc46f055826a807e7658a1 merged back diff -r a459cc790ed0 -r 9ccda224d445 .hgignore --- a/.hgignore Mon Jul 18 17:03:15 2011 +0200 +++ b/.hgignore Wed Jul 20 11:38:40 2011 +0200 @@ -2,5 +2,5 @@ ^TODO$ ^ius-dav-htpasswd.conf$ -^_build +^_build|blib ^Build$ diff -r a459cc790ed0 -r 9ccda224d445 .hgtags --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/.hgtags Wed Jul 20 11:38:40 2011 +0200 @@ -0,0 +1,1 @@ +460f4d75e40385570f12cc950dc4ed013c4b0793 0.2 diff -r a459cc790ed0 -r 9ccda224d445 README --- a/README Mon Jul 18 17:03:15 2011 +0200 +++ b/README Wed Jul 20 11:38:40 2011 +0200 @@ -15,6 +15,8 @@ # perl ./Build.PL && ./Build test && ./Build install + * configuration + # visudo [...] @@ -23,9 +25,12 @@ [...] - # $EDITOR /etc/apache2/sites-available/ius-dav-htpasswd # see ssl-vhost-apache-example.conf + # a2enmod dav_fs + # $EDITOR /etc/apache2/sites-available/ius-dav # see ssl-dav-vhost-apache-example.conf + # $EDITOR /etc/apache2/sites-available/ius-dav-htpasswd # see ssl-admin-vhost-apache-example.conf # htpasswd [-c] $PREFIX/etc/ius-dav-htpasswd/htpasswd.admin ius-dav-htpasswd-admin # htpasswd -c $PREFIX/etc/ius-dav-htpasswd/htpasswd.dav ius-dav-htpasswd-master # when using a master user - # ln -s /usr/local/bin/ius-dav-htuserexpiry /etc/cron.daily/ + # ln -s $PREFIX/bin/ius-dav-htuserexpiry /etc/cron.daily/ + # $EDITOR /path/to/ius-dav-htpasswd.conf diff -r a459cc790ed0 -r 9ccda224d445 TODO --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/TODO Wed Jul 20 11:38:40 2011 +0200 @@ -0,0 +1,7 @@ +* write documentation for installation on non vhost/without itk +* check for presence of at least one configuration file? +* find a better name (passwd something?) +* dont hardcode configuration snippets +* move config snippets to /var or /srv? +* move dav base directory to /var? +* do actually return the $rc in userexpiry? diff -r a459cc790ed0 -r 9ccda224d445 lib/Ius/Dav/Htpasswd.pm --- a/lib/Ius/Dav/Htpasswd.pm Mon Jul 18 17:03:15 2011 +0200 +++ b/lib/Ius/Dav/Htpasswd.pm Wed Jul 20 11:38:40 2011 +0200 @@ -36,7 +36,7 @@ use Exporter; # set the version for version checking - $VERSION = 0.1; + $VERSION = 0.2; @ISA = qw(Exporter); @EXPORT_OK = qw(readconfig mkpasswd useradd userdel userexpiry usage); @@ -68,7 +68,7 @@ ) or die 'Failed to read config!'; $conf->file($_) for grep -e, map "$_/ius-dav-htpasswd.conf", - qw(/etc/ius-dav-htpasswd /usr/local/etc/ius-dav-htpasswd ~/.ius-dav-htpasswd ./ius-dav-htpasswd); + qw(/etc/ius-dav-htpasswd /usr/local/etc/ius-dav-htpasswd ~/.ius-dav-htpasswd .); return { $conf->varlist('.') }; } @@ -139,7 +139,9 @@ AuthName "$user" AuthUserFile "$htpasswd_file" Require user $master_user $user + Options +Indexes +# vi:ft=apache EOC close C; @@ -288,13 +290,13 @@ =head1 FILES -F +F -F +F -F<~/dav-htpasswd.conf> +F<~/.ius-dav-htpasswd/ius-dav-htpasswd.conf> -F<./dav-htpasswd.conf> +F<./ius-dav-htpasswd.conf> F diff -r a459cc790ed0 -r 9ccda224d445 ssl-admin-vhost-apache-example.conf --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/ssl-admin-vhost-apache-example.conf Wed Jul 20 11:38:40 2011 +0200 @@ -0,0 +1,63 @@ +# replace $PREFIX (usually with /usr or /usr/local) + +# note that you will need a wildcard certificate if you want namebased virtual +# hosts + ssl + + + DocumentRoot "$PREFIX/lib/ius-dav-htpasswd/cgi-bin" + AssignUserId "ius-dav-htpasswd" "ius-dav-htpasswd" + + ServerAdmin webmaster@localhost + ServerName ius-dav-htpasswd.domain.tld + + ErrorLog /var/log/apache2/error.log + LogLevel warn + CustomLog /var/log/apache2/ius-dav-htpasswd.domain.tld/ssl_access.log combined + + SSLEngine on + SSLCertificateFile /etc/ssl/certs/wildcard-certificate.pem + SSLCertificateKeyFile /etc/ssl/private/key-for-wildcard-certificate.pem + + # SSL Protocol Adjustments: + # The safe and default but still SSL/TLS standard compliant shutdown + # approach is that mod_ssl sends the close notify alert but doesn't wait for + # the close notify alert from client. When you need a different shutdown + # approach you can use one of the following variables: + # o ssl-unclean-shutdown: + # This forces an unclean shutdown when the connection is closed, i.e. no + # SSL close notify alert is send or allowed to received. This violates + # the SSL/TLS standard but is needed for some brain-dead browsers. Use + # this when you receive I/O errors because of the standard approach where + # mod_ssl sends the close notify alert. + # o ssl-accurate-shutdown: + # This forces an accurate shutdown when the connection is closed, i.e. a + # SSL close notify alert is send and mod_ssl waits for the close notify + # alert of the client. This is 100% SSL/TLS standard compliant, but in + # practice often causes hanging connections with brain-dead browsers. Use + # this only for browsers where you know that their SSL implementation + # works correctly. + # Notice: Most problems of broken clients are also related to the HTTP + # keep-alive facility, so you usually additionally want to disable + # keep-alive for those clients, too. Use variable "nokeepalive" for this. + # Similarly, one has to force some clients to use HTTP/1.0 to workaround + # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and + # "force-response-1.0" for this. + BrowserMatch ".*MSIE.*" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + + # local cgi scripts + + Order Deny,Allow + Deny from all + Allow from 127.0.0.0/8 + AuthType "Basic" + AuthName "ius-dav-htpasswd" + AuthUserFile "/path/to/ius-dav-admin-htpasswd" + Require valid-user + Options +ExecCGI + SetHandler cgi-script + + + + diff -r a459cc790ed0 -r 9ccda224d445 ssl-dav-vhost-apache-example.conf --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/ssl-dav-vhost-apache-example.conf Wed Jul 20 11:38:40 2011 +0200 @@ -0,0 +1,58 @@ +# replace $PREFIX (usually with /usr or /usr/local) + +# note that you will need a wildcard certificate if you want namebased virtual +# hosts + ssl + + + DocumentRoot "/path/to/dav-base-directory" + AssignUserId "ius-dav" "ius-dav" + + ServerAdmin webmaster@localhost + ServerName ius-dav.domain.tld + + ErrorLog /var/log/apache2/error.log + LogLevel warn + CustomLog /var/log/apache2/ius-dav.domain.tld/ssl_access.log combined + + SSLEngine on + SSLCertificateFile /etc/ssl/certs/wildcard-certificate.pem + SSLCertificateKeyFile /etc/ssl/private/key-for-wildcard-certificate.pem + + # SSL Protocol Adjustments: + # The safe and default but still SSL/TLS standard compliant shutdown + # approach is that mod_ssl sends the close notify alert but doesn't wait for + # the close notify alert from client. When you need a different shutdown + # approach you can use one of the following variables: + # o ssl-unclean-shutdown: + # This forces an unclean shutdown when the connection is closed, i.e. no + # SSL close notify alert is send or allowed to received. This violates + # the SSL/TLS standard but is needed for some brain-dead browsers. Use + # this when you receive I/O errors because of the standard approach where + # mod_ssl sends the close notify alert. + # o ssl-accurate-shutdown: + # This forces an accurate shutdown when the connection is closed, i.e. a + # SSL close notify alert is send and mod_ssl waits for the close notify + # alert of the client. This is 100% SSL/TLS standard compliant, but in + # practice often causes hanging connections with brain-dead browsers. Use + # this only for browsers where you know that their SSL implementation + # works correctly. + # Notice: Most problems of broken clients are also related to the HTTP + # keep-alive facility, so you usually additionally want to disable + # keep-alive for those clients, too. Use variable "nokeepalive" for this. + # Similarly, one has to force some clients to use HTTP/1.0 to workaround + # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and + # "force-response-1.0" for this. + BrowserMatch ".*MSIE.*" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + + # no access to the webdav base directory is required + + Order Deny,Allow + Deny from all + + # /usr/local/etc/ius-dav-htpasswd or /etc/ius-dav-htpasswd for example + Include "/path/to/ius-dav-htpasswd-conf-dir/apache.d/*.conf" + + + diff -r a459cc790ed0 -r 9ccda224d445 ssl-vhost-apache-example.conf --- a/ssl-vhost-apache-example.conf Mon Jul 18 17:03:15 2011 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,62 +0,0 @@ -# replace $PREFIX (usually with /usr or /usr/local) - -# note that you will need a wildcard certificate if you want namebased virtual -# hosts + ssl - - - DocumentRoot "$PREFIX/lib/ius-dav-htpasswd/cgi-bin" - AssignUserId "ius-dav-htpasswd" "ius-dav-htpasswd" - - ServerAdmin webmaster@localhost - ServerName ius-dav-htpasswd.domain.tld - - ErrorLog /var/log/apache2/error.log - LogLevel warn - CustomLog /var/log/apache2/ius-dav-htpasswd.domain.tld/ssl_access.log combined - - SSLEngine on - SSLCertificateFile /etc/ssl/certs/wildcard-certificate.pem - SSLCertificateKeyFile /etc/ssl/private/key-for-wildcard-certificate.pem - - # SSL Protocol Adjustments: - # The safe and default but still SSL/TLS standard compliant shutdown - # approach is that mod_ssl sends the close notify alert but doesn't wait for - # the close notify alert from client. When you need a different shutdown - # approach you can use one of the following variables: - # o ssl-unclean-shutdown: - # This forces an unclean shutdown when the connection is closed, i.e. no - # SSL close notify alert is send or allowed to received. This violates - # the SSL/TLS standard but is needed for some brain-dead browsers. Use - # this when you receive I/O errors because of the standard approach where - # mod_ssl sends the close notify alert. - # o ssl-accurate-shutdown: - # This forces an accurate shutdown when the connection is closed, i.e. a - # SSL close notify alert is send and mod_ssl waits for the close notify - # alert of the client. This is 100% SSL/TLS standard compliant, but in - # practice often causes hanging connections with brain-dead browsers. Use - # this only for browsers where you know that their SSL implementation - # works correctly. - # Notice: Most problems of broken clients are also related to the HTTP - # keep-alive facility, so you usually additionally want to disable - # keep-alive for those clients, too. Use variable "nokeepalive" for this. - # Similarly, one has to force some clients to use HTTP/1.0 to workaround - # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and - # "force-response-1.0" for this. - BrowserMatch ".*MSIE.*" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - - # local cgi scripts - - Order Deny,Allow - Deny from all - Allow from 127.0.0.0/8 - AuthType "Basic" - AuthName "ius-dav-htpasswd" - AuthUserFile "/path/to/ius-dav-admin-htpasswd" - Require valid-user - SetHandler cgi-script - - - -