From 77c04fb8f4eb0f061ac1d652f081f0a038e1803e Mon Sep 17 00:00:00 2001 From: Joe Rayhawk Date: Sat, 22 Sep 2018 23:06:15 -0700 Subject: Repo.pm: Migrate to new PAM and unixgroup modules Apache 2.2->2.4 upgrade changed module names and configuration directives for various PAM authentication features; with this patch we can successfully autogenerate those. --- libpiny/lib/Piny/Repo.pm | 12 ++++++------ pinyconfigs/etc/apache2/sites-available/piny | 5 ++--- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/libpiny/lib/Piny/Repo.pm b/libpiny/lib/Piny/Repo.pm index d59ad7e..8a7f54e 100644 --- a/libpiny/lib/Piny/Repo.pm +++ b/libpiny/lib/Piny/Repo.pm @@ -795,21 +795,21 @@ sub _build_apache_global_config { if ( $s->config->core_sharedrepository eq "0666" ) { return ( - "secure_path . ">\n AuthPAM_Enabled on\n AuthGROUP_Enabled off\n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"Valid Piny user needed.\"\n" . " Require valid-user\n" . " \n" + "secure_path . ">\n AuthBasicProvider PAM\n AuthPAMService other\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"Valid Piny user needed.\"\n" . " Require valid-user\n" . " \n" ); } elsif ( $s->config->core_sharedrepository =~ /^(0664|all|everybody|world)$/ ) { return ( - "secure_path . ">\n AuthPAM_Enabled on\n AuthGROUP_Enabled on \n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require group " . $s->group->name . "\n\n" + "secure_path . ">\n AuthBasicProvider PAM\n AuthPAMService other\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require unix-group " . $s->group->name . "\n\n" ); } elsif ( $s->config->core_sharedrepository =~ /^(0660|true|1|group)$/ ) { return ( - "secure_path . ">\n AuthPAM_Enabled on\n AuthGROUP_Enabled on \n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require group " . $s->group->name . "\n\n" . - "ikiwiki_destdir . ">\n AuthPAM_Enabled on\n AuthGROUP_Enabled on \n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require group " . $s->group->name . "\n\n" + "secure_path . ">\n AuthBasicProvider PAM\n AuthPAMService other\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require unix-group " . $s->group->name . "\n\n" . + "ikiwiki_destdir . ">\n AuthBasicProvider PAM\n AuthPAMService other\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require unix-group " . $s->group->name . "\n\n" ); } elsif ( $s->config->core_sharedrepository =~ /^(0640|false|0)$/ ) { return ( - "secure_path . ">\n AuthPAM_Enabled on\n AuthGROUP_Enabled off\n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"Owner of " . $s->name . " repository needed.\"\n Require user " . $s->owner->name . "\n\n" . - "ikiwiki_destdir . ">\n AuthPAM_Enabled on\n AuthGROUP_Enabled on \n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require group " . $s->group->name . "\n\n" + "secure_path . ">\n AuthBasicProvider PAM\n AuthPAMService other\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"Owner of " . $s->name . " repository needed.\"\n Require user " . $s->owner->name . "\n\n" . + "ikiwiki_destdir . ">\n AuthBasicProvider PAM\n AuthPAMService other\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require unix-group " . $s->group->name . "\n\n" ); } else { die ( $s->config->core_sharedrepository . " is an unhandled value!" ); diff --git a/pinyconfigs/etc/apache2/sites-available/piny b/pinyconfigs/etc/apache2/sites-available/piny index f306011..a3c38c9 100644 --- a/pinyconfigs/etc/apache2/sites-available/piny +++ b/pinyconfigs/etc/apache2/sites-available/piny @@ -62,9 +62,8 @@ - AuthPAM_Enabled on - AuthGROUP_Enabled off # doesn't work with valid-user for some reason - AuthPAM_FallThrough off + AuthBasicProvider PAM + AuthPAMService other AuthBasicAuthoritative off AuthType Basic AuthName "User account for piny.be needed." -- cgit v1.2.3