2010-04-27 21:00:43 +00:00
|
|
|
module Apache
|
2010-05-10 19:57:34 +00:00
|
|
|
# Configure server access permissions
|
2010-04-27 21:00:43 +00:00
|
|
|
module Permissions
|
2010-05-10 19:57:34 +00:00
|
|
|
# Shortcut for denying all access to a block
|
2010-04-27 21:00:43 +00:00
|
|
|
def deny_from_all
|
2010-04-28 20:19:03 +00:00
|
|
|
order :deny, :allow
|
|
|
|
|
deny :from_all
|
2010-04-27 21:00:43 +00:00
|
|
|
end
|
|
|
|
|
|
2010-05-07 20:04:06 +00:00
|
|
|
alias :deny_from_all! :deny_from_all
|
|
|
|
|
|
2010-05-10 19:57:34 +00:00
|
|
|
# Shortcut for allowing all access to a block
|
2010-04-27 21:00:43 +00:00
|
|
|
def allow_from_all
|
2010-04-28 20:19:03 +00:00
|
|
|
order :allow, :deny
|
|
|
|
|
allow :from_all
|
2010-04-27 21:00:43 +00:00
|
|
|
end
|
2010-05-05 14:44:20 +00:00
|
|
|
|
2010-05-07 20:04:06 +00:00
|
|
|
alias :allow_from_all! :allow_from_all
|
|
|
|
|
|
2010-05-10 19:57:34 +00:00
|
|
|
# Define IP block restrictions
|
|
|
|
|
#
|
|
|
|
|
# allow_from '127.0.0.1' #=> Allow from "127.0.0.1"
|
2010-05-10 15:22:02 +00:00
|
|
|
def allow_from(*where)
|
|
|
|
|
self << "Allow from #{quoteize(*where) * " "}"
|
2010-05-05 16:25:07 +00:00
|
|
|
end
|
|
|
|
|
|
2010-05-10 19:57:34 +00:00
|
|
|
# Specify default access order
|
|
|
|
|
#
|
|
|
|
|
# order :allow, :deny #=> Order allow,deny
|
2010-05-05 14:44:20 +00:00
|
|
|
def order(*args)
|
|
|
|
|
self << "Order #{args * ','}"
|
|
|
|
|
end
|
|
|
|
|
|
2010-05-10 19:57:34 +00:00
|
|
|
alias :order! :order
|
|
|
|
|
|
|
|
|
|
# Set up default restrictive permissions
|
2010-05-05 14:44:20 +00:00
|
|
|
def default_restrictive!
|
|
|
|
|
directory '/' do
|
|
|
|
|
options :follow_sym_links
|
|
|
|
|
allow_override :none
|
|
|
|
|
deny_from_all
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2010-05-10 19:57:34 +00:00
|
|
|
# Block all .ht* files
|
2010-05-05 14:44:20 +00:00
|
|
|
def no_htfiles!
|
2010-05-10 20:21:43 +00:00
|
|
|
files_match %r{^\.ht} do
|
2010-05-05 14:44:20 +00:00
|
|
|
deny_from_all
|
|
|
|
|
satisfy :all
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2010-05-10 19:57:34 +00:00
|
|
|
# Set up basic authentication
|
|
|
|
|
#
|
|
|
|
|
# Check to make sure the defined users_file exists
|
|
|
|
|
#
|
|
|
|
|
# basic_authentication "My secret", '/my.users', 'valid-user' => true
|
|
|
|
|
# basic_authentication "My other secret", '/my.users', :user => [ :john ]
|
2010-05-10 15:22:02 +00:00
|
|
|
def basic_authentication(zone, users_file, requires = {})
|
2010-05-07 20:04:06 +00:00
|
|
|
exist? users_file
|
2010-05-06 14:40:45 +00:00
|
|
|
auth_type :basic
|
|
|
|
|
auth_name zone
|
|
|
|
|
auth_user_file users_file
|
|
|
|
|
requires.each do |type, values|
|
|
|
|
|
apache_require type, *values
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2010-05-07 20:04:06 +00:00
|
|
|
alias :basic_authentication! :basic_authentication
|
|
|
|
|
|
2010-05-10 19:57:34 +00:00
|
|
|
# Set up LDAP authentication
|
2010-05-10 15:22:02 +00:00
|
|
|
def ldap_authentication(zone, url, requires = {})
|
2010-05-06 14:40:45 +00:00
|
|
|
auth_type :basic
|
|
|
|
|
auth_name zone
|
|
|
|
|
auth_basic_provider :ldap
|
|
|
|
|
authz_ldap_authoritative :on
|
|
|
|
|
auth_ldap_url url
|
|
|
|
|
requires.each do |type, values|
|
|
|
|
|
apache_require type, *values
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2010-05-07 20:04:06 +00:00
|
|
|
alias :ldap_authentication! :ldap_authentication
|
|
|
|
|
|
2010-05-10 19:57:34 +00:00
|
|
|
# Create an Apache require directive.
|
|
|
|
|
# Used to get around Ruby reserved word.
|
2010-05-06 14:40:45 +00:00
|
|
|
def apache_require(*opts)
|
|
|
|
|
self << "Require #{opts * " "}"
|
|
|
|
|
end
|
2010-04-27 21:00:43 +00:00
|
|
|
end
|
|
|
|
|
end
|
