summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoe Rayhawk <jrayhawk@cobain.omgwallhack.org>2018-09-22 23:06:15 -0700
committerJoe Rayhawk <jrayhawk@cobain.omgwallhack.org>2018-09-22 23:06:15 -0700
commit77c04fb8f4eb0f061ac1d652f081f0a038e1803e (patch)
tree5194ab5e701db555bf4b7159f1cae4c0ac379f16
parent1e0fde1688055de6ddd42da658af43546ee90871 (diff)
downloadpiny-code-77c04fb8f4eb0f061ac1d652f081f0a038e1803e.tar.gz
piny-code-77c04fb8f4eb0f061ac1d652f081f0a038e1803e.zip
Repo.pm: Migrate to new PAM and unixgroup modules
Apache 2.2->2.4 upgrade changed module names and configuration directives for various PAM authentication features; with this patch we can successfully autogenerate those.
-rw-r--r--libpiny/lib/Piny/Repo.pm12
-rw-r--r--pinyconfigs/etc/apache2/sites-available/piny5
2 files changed, 8 insertions, 9 deletions
diff --git a/libpiny/lib/Piny/Repo.pm b/libpiny/lib/Piny/Repo.pm
index d59ad7e..8a7f54e 100644
--- a/libpiny/lib/Piny/Repo.pm
+++ b/libpiny/lib/Piny/Repo.pm
@@ -795,21 +795,21 @@ sub _build_apache_global_config {
if ( $s->config->core_sharedrepository eq "0666" ) {
return (
- "<Directory " . $s->secure_path . ">\n AuthPAM_Enabled on\n AuthGROUP_Enabled off\n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"Valid Piny user needed.\"\n" . " Require valid-user\n" . " </Directory>\n"
+ "<Directory " . $s->secure_path . ">\n AuthBasicProvider PAM\n AuthPAMService other\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"Valid Piny user needed.\"\n" . " Require valid-user\n" . " </Directory>\n"
);
} elsif ( $s->config->core_sharedrepository =~ /^(0664|all|everybody|world)$/ ) {
return (
- "<Directory " . $s->secure_path . ">\n AuthPAM_Enabled on\n AuthGROUP_Enabled on \n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require group " . $s->group->name . "\n</Directory>\n"
+ "<Directory " . $s->secure_path . ">\n AuthBasicProvider PAM\n AuthPAMService other\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require unix-group " . $s->group->name . "\n</Directory>\n"
);
} elsif ( $s->config->core_sharedrepository =~ /^(0660|true|1|group)$/ ) {
return (
- "<Directory " . $s->secure_path . ">\n AuthPAM_Enabled on\n AuthGROUP_Enabled on \n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require group " . $s->group->name . "\n</Directory>\n" .
- "<Directory " . $s->ikiwiki_destdir . ">\n AuthPAM_Enabled on\n AuthGROUP_Enabled on \n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require group " . $s->group->name . "\n</Directory>\n"
+ "<Directory " . $s->secure_path . ">\n AuthBasicProvider PAM\n AuthPAMService other\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require unix-group " . $s->group->name . "\n</Directory>\n" .
+ "<Directory " . $s->ikiwiki_destdir . ">\n AuthBasicProvider PAM\n AuthPAMService other\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require unix-group " . $s->group->name . "\n</Directory>\n"
);
} elsif ( $s->config->core_sharedrepository =~ /^(0640|false|0)$/ ) {
return (
- "<Directory " . $s->secure_path . ">\n AuthPAM_Enabled on\n AuthGROUP_Enabled off\n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"Owner of " . $s->name . " repository needed.\"\n Require user " . $s->owner->name . "\n</Directory>\n" .
- "<Directory " . $s->ikiwiki_destdir . ">\n AuthPAM_Enabled on\n AuthGROUP_Enabled on \n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require group " . $s->group->name . "\n</Directory>\n"
+ "<Directory " . $s->secure_path . ">\n AuthBasicProvider PAM\n AuthPAMService other\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"Owner of " . $s->name . " repository needed.\"\n Require user " . $s->owner->name . "\n</Directory>\n" .
+ "<Directory " . $s->ikiwiki_destdir . ">\n AuthBasicProvider PAM\n AuthPAMService other\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require unix-group " . $s->group->name . "\n</Directory>\n"
);
} else {
die ( $s->config->core_sharedrepository . " is an unhandled value!" );
diff --git a/pinyconfigs/etc/apache2/sites-available/piny b/pinyconfigs/etc/apache2/sites-available/piny
index f306011..a3c38c9 100644
--- a/pinyconfigs/etc/apache2/sites-available/piny
+++ b/pinyconfigs/etc/apache2/sites-available/piny
@@ -62,9 +62,8 @@
</Directory>
<Directory "/usr/lib/cgi-bin/piny/auth">
- AuthPAM_Enabled on
- AuthGROUP_Enabled off # doesn't work with valid-user for some reason
- AuthPAM_FallThrough off
+ AuthBasicProvider PAM
+ AuthPAMService other
AuthBasicAuthoritative off
AuthType Basic
AuthName "User account for piny.be needed."