Initial import

2012-03-13 12:50:08 +01:00 · 2012-03-13 12:50:08 +01:00 · a6994e7b40
commit a6994e7b40
15 changed files with 327 additions and 0 deletions
--- a/15
+++ b/15
@ -0,0 +1,15 @@
+#!/usr/bin/perl -w
+
+use esmith::Build::CreateLinks  qw(:all);
+
+my $event = 'webapps-update';
+templates2events("/etc/httpd/conf/httpd.conf", $event);
+templates2events("/etc/php.ini", $event);
+templates2events("/etc/my.cnf", $event);
+templates2events("/etc/crontab", $event);
+
+safe_symlink("start", "root/etc/e-smith/events/$event/services2adjust/mysql.init");
+safe_symlink("sigusr1", "root/etc/e-smith/events/$event/services2adjust/httpd-e-smith");
+
+event_link("webapps-update-crl", $event, "02");
+event_link("webapps-update-certs", $event, "03");
--- a/root/etc/e-smith/events/actions/webapps-update-certs
+++ b/root/etc/e-smith/events/actions/webapps-update-certs
@ -0,0 +1,35 @@
+#!/bin/bash
+
+#----------------------------------------------------------------------
+# copyright (C) 2010 Firewall-Services
+# daniel@firewall-services.com
+# 
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+# 
+#----------------------------------------------------------------------
+
+
+# This script provides basic integration with PHPki
+
+SRCCRT='/opt/phpki/phpki-store/CA/certs/cacert.pem'
+DSTCRT='/etc/pki/tls/certs/cacert.pem'
+
+if [ -e $SRCCRT -a \! -e $DSTCRT ]; then
+  cp $SRCCRT $DSTCRT
+  chown root:root $DSTCRT
+  chmod 644 $DSTCRT
+  c_rehash /etc/pki/tls/certs/
+fi
+
--- a/root/etc/e-smith/events/actions/webapps-update-crl
+++ b/root/etc/e-smith/events/actions/webapps-update-crl
@ -0,0 +1,33 @@
+#!/bin/bash
+
+URL=$(/sbin/e-smith/db configuration getprop httpd-e-smith CrlUrl)
+DOMAIN=$(/sbin/e-smith/db configuration get DomainName)
+
+if [ "$URL" == "" ]; then
+  exit 0
+fi
+
+/usr/bin/wget $URL -O /tmp/httpcacrl.pem > /dev/null 2>&1
+
+/usr/bin/openssl crl -inform PEM -in /tmp/httpcacrl.pem -text > /dev/null 2>&1
+
+if [ "$?" -eq "0" ]; then
+        /bin/mv -f /tmp/httpcacrl.pem /etc/pki/tls/crl/cacrl.pem > /dev/null 2>&1
+else
+        cat > /tmp/httpcrlmail <<END
+
+An error occured while updating the CRL for httpd-e-smith
+because openssl didn't recognize the file as a valid CRL.
+Below is the copy of the latest CRL downloaded from
+$URL
+
+
+END
+
+        cat /tmp/httpcacrl.pem >> /tmp/crlmail
+        mail -s 'CRL update failed' admin@$DOMAIN < /tmp/httpcrlmail
+fi
+
+rm -f /tmp/httpcacrl.pem
+rm -f /tmp/httpcrlmail
+
--- a/root/etc/e-smith/templates/etc/crontab/httpd-update-crl
+++ b/root/etc/e-smith/templates/etc/crontab/httpd-update-crl
@ -0,0 +1,8 @@
+{
+my $url = ${'httpd-e-smith'}{'CrlUrl'} || '';
+if ($url =~ /^http(s)?:\/\/.*$/){
+        $OUT .= "# Update httpd-e-smith's CRL\n";
+        $OUT .= "5 * * * * root /etc/e-smith/events/actions/webapps-update-crl 2>&1 /dev/null\n";
+}
+}
+
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/20LoadModule98ExtraMod
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/20LoadModule98ExtraMod
@ -0,0 +1,27 @@
+{
+
+# Load mod_authn_file if found
+if ( -e '/usr/lib64/httpd/modules/mod_authn_file.so' ||
+     -e '/usr/lib/httpd/modules/mod_authn_file.so'){
+    $OUT .= "LoadModule authn_file_module modules/mod_authn_file.so\n";
+}
+
+# Load mod_auth_basic if found
+if ( -e '/usr/lib64/httpd/modules/mod_auth_basic.so' ||
+     -e '/usr/lib/httpd/modules/mod_auth_basic.so'){
+    $OUT .= "LoadModule auth_basic_module modules/mod_auth_basic.so\n";
+}
+
+# Load module mod_ldap if found
+if ( -e '/usr/lib64/httpd/modules/mod_ldap.so' ||
+     -e '/usr/lib/httpd/modules/mod_ldap.so'){
+    $OUT .= "LoadModule ldap_module modules/mod_ldap.so\n";
+}
+
+# Load module mod_authnz_ldap if found
+if ( -e '/usr/lib64/httpd/modules/mod_authnz_ldap.so' ||
+     -e '/usr/lib/httpd/modules/mod_authnz_ldap.so'){
+    $OUT .= "LoadModule authnz_ldap_module modules/mod_authnz_ldap.so\n";
+}
+
+}
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL10SSLCertificateCAFile
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL10SSLCertificateCAFile
@ -0,0 +1,16 @@
+{
+if (-e '/etc/pki/tls/certs/cacert.pem'){
+  $OUT .= "# CA Certificate used for client authentication\n";
+  $OUT .= "SSLCACertificateFile /etc/pki/tls/certs/cacert.pem\n";
+}
+else{
+  $OUT .= '';
+}
+if (-e '/etc/pki/tls/crl/cacrl.pem'){
+  $OUT .= "# CA CRL to check revoked client certificates\n";
+  $OUT .= "SSLCARevocationFile /etc/pki/tls/crl/cacrl.pem\n";
+}
+else{
+  $OUT .= '';
+}
+}
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/00Setup
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/00Setup
@ -0,0 +1,9 @@
+{
+    use esmith::DomainsDB;
+    # Convert the passed hash for the domain object back into an object.
+    $domain = bless \%domain, 'esmith::DB::db::Record';
+
+    # Make scalars from some of the properties of the domain
+    $virtualHost = $domain->key;
+    $OUT = "";
+}
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/02ServerName
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/02ServerName
@ -0,0 +1 @@
+    ServerName {$virtualHost}
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/25SSLDirectives
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/25SSLDirectives
@ -0,0 +1,27 @@
+{
+    my $ssl = $domain->prop('RequireSSL') || 'disabled';
+    my $lemon = $domain->prop('LemonLDAP') || 'disabled';
+
+    if (($modSSL{TCPPort} || "443") eq $port){
+        $OUT .= "    SSLEngine on\n";
+    }
+    elsif (($ssl =~ m/^enabled|yes|on|1$/i) || ($lemon eq 'enabled')){
+        $OUT .=<<'EOF';
+    RewriteEngine on
+    RewriteRule ^/(.*|$) https://%{HTTP_HOST}/$1 [L,R]
+
+EOF
+    }
+    elsif ($ssl =~ m#/#){
+        $OUT .= "    RewriteEngine on\n";
+        foreach my $loc (split(/[;,]/, $ssl)){
+            $OUT .= "    # Rewriting $loc to use SSL\n";
+            $loc =~ s#^/##;
+            $OUT .= "    RewriteRule ^/$loc(/.*|\$)  https://%\{HTTP_HOST\}/$loc\$1 \[L,R\]\n";
+        }
+    }
+    else{
+        $OUT .= '';
+    }
+}
+
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/26RewriteTraceAndTrack
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/26RewriteTraceAndTrack
@ -0,0 +1,8 @@
+{
+    $OUT =<<'HERE';
+    RewriteEngine on
+    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
+    RewriteRule .* - [F]
+HERE
+}
+
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/40ApacheIconAlias
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/40ApacheIconAlias
@ -0,0 +1,13 @@
+{
+my $alias = $domain->prop('IconAlias') || 'enabled';
+$OUT .= '';
+
+unless ($alias =~ m/disabled|off|no|0/i){
+    $OUT .=<<'EOF';
+
+    # alias for Apache icons
+    Alias /icons/ /var/www/icons/
+
+EOF
+}
+}
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/50Content
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/50Content
@ -0,0 +1,40 @@
+{
+
+my $target = $domain->prop('ProxyPassTarget') || '';
+my $allow = $domain->prop('AllowHosts') || '';
+my $preserve = $domain->prop('ProxyPreserveHost') || 'no';
+my $keepalive = $domain->prop('ProxyNoKeepAlive') || 'no';
+
+if ($target =~ m|https?://[\d\w\.\-/]*|){
+    $OUT .= "    SetEnv proxy-nokeepalive 1\n" if ($keepalive eq 'yes');
+    $OUT .= "    ProxyPass / $target\n";
+    $OUT .= "    ProxyPassReverse / $target\n";
+    $OUT .= "    ProxyPreserveHost on\n" if ($preserve eq 'yes');
+}
+else{
+    my $root = $domain->prop('DocumentRoot') ||
+        '/home/e-smith/files/ibays/Primary/html';
+
+    $OUT .= "    DocumentRoot $root\n";
+}
+
+if ($allow ne ''){
+    if ($allow eq 'local'){
+        $allow = "$localAccess $externalSSLAccess";
+    }
+    else{
+        $allow =~ s/[,;]/ /;
+    }
+    $OUT .=<<"EOF"
+
+    <Location />
+        Order deny,allow
+        Deny from all
+        Allow from $allow
+    </Location>
+
+EOF
+}
+
+}
+
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/template-begin
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/template-begin
@ -0,0 +1,2 @@
+
+<VirtualHost {$ipAddress}:{$port}>
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/template-end
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/template-end
@ -0,0 +1,2 @@
+</VirtualHost>
+
--- a/smeserver-webapps-common.spec
+++ b/smeserver-webapps-common.spec
@ -0,0 +1,91 @@
+# $Id: smeserver-webapps-common.spec,v 1.0 2009/09/30 16:20:28 slords Exp $
+# Authority: VIP-ire
+# Name: Daniel B.
+
+Summary: Common WebApps Framework for SME Server
+%define name smeserver-webapps-common
+Name: %{name}
+%define version 0.2.0
+%define release 1.beta0
+Version: %{version}
+Release: %{release}%{?dist}
+License: GPL
+Group: SMEServer/addon
+
+Source: %{name}-%{version}.tar.gz
+
+URL: http://www.firewall-services.com/
+BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
+BuildArchitectures: noarch
+Requires: e-smith-base
+Requires: httpd
+Requires: mysql
+Requires: php
+Requires: openssl-perl
+BuildRequires: e-smith-devtools
+
+%description
+This package provide common files and events for Web Applications integration
+on SME Server
+
+%changelog
+* Tue Mar 13 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.0-1.sme
+- Migrate to git
+
+* Fri Jul 22 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-11.sme
+- Add an prop to disable the default /icons alias
+
+* Wed Jun 29 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-10.sme
+- Allow values enabled, yes on or 1 for RequireSSL
+- Implement access restriction with AllowHosts
+
+* Tue Mar 8 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-9.sme
+- Integration with PHPki
+- Stop restarting mysqld service
+
+* Mon Mar 7 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-8.sme
+- Add SSLCACertificateFile directive
+
+* Tue Jan 25 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-7.sme
+- Fix httpd template syntax
+
+* Tue Jan 25 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-6.sme
+- Load some additional modules for apache if they are found
+
+* Thu Dec 30 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-5.sme
+- RequireSSL can take a list of location to rewrite
+
+* Thu Dec 30 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-4.sme
+- Only load authn_file if the module exists
+
+* Sun Dec 25 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-3.sme
+- Load mod_authn_file
+
+* Thu Dec 16 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-2.sme
+- Provide alternative WebAppVirtualHost templates
+
+* Fri Dec 10 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-1.sme
+- Add DocumentRoot prop for domains
+
+* Wed Sep 30 2009 Daniel B. <daniel@firewall-services.com> 0.1-0
+- Initial rpm
+
+%prep
+%setup
+
+%build
+perl createlinks
+%{__mkdir_p} root/etc/pki/tls/crl
+
+%install
+/bin/rm -rf $RPM_BUILD_ROOT
+(cd root   ; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT)
+/bin/rm -f %{name}-%{version}-filelist
+/sbin/e-smith/genfilelist $RPM_BUILD_ROOT > %{name}-%{version}-filelist
+
+%files -f %{name}-%{version}-filelist
+%defattr(-,root,root)
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+