apache-config-generator/lib/apache/permissions.rb

93 lines
2.2 KiB
Ruby
Raw Normal View History

2010-04-27 21:00:43 +00:00
module Apache
2010-05-10 19:57:34 +00:00
# Configure server access permissions
2010-04-27 21:00:43 +00:00
module Permissions
2010-05-10 19:57:34 +00:00
# Shortcut for denying all access to a block
2010-04-27 21:00:43 +00:00
def deny_from_all
2010-04-28 20:19:03 +00:00
order :deny, :allow
deny :from_all
2010-04-27 21:00:43 +00:00
end
2010-05-07 20:04:06 +00:00
alias :deny_from_all! :deny_from_all
2010-05-10 19:57:34 +00:00
# Shortcut for allowing all access to a block
2010-04-27 21:00:43 +00:00
def allow_from_all
2010-04-28 20:19:03 +00:00
order :allow, :deny
allow :from_all
2010-04-27 21:00:43 +00:00
end
2010-05-05 14:44:20 +00:00
2010-05-07 20:04:06 +00:00
alias :allow_from_all! :allow_from_all
2010-05-10 19:57:34 +00:00
# Define IP block restrictions
#
# allow_from '127.0.0.1' #=> Allow from "127.0.0.1"
def allow_from(*where)
2010-05-18 17:08:17 +00:00
self << "Allow from #{where.quoteize * " "}"
2010-05-05 16:25:07 +00:00
end
2010-05-10 19:57:34 +00:00
# Specify default access order
#
# order :allow, :deny #=> Order allow,deny
2010-05-05 14:44:20 +00:00
def order(*args)
self << "Order #{args * ','}"
end
2010-05-10 19:57:34 +00:00
alias :order! :order
# Set up default restrictive permissions
2010-05-05 14:44:20 +00:00
def default_restrictive!
directory '/' do
options :follow_sym_links
allow_override :none
deny_from_all
end
end
2010-05-10 19:57:34 +00:00
# Block all .ht* files
2010-05-05 14:44:20 +00:00
def no_htfiles!
2010-05-10 20:21:43 +00:00
files_match %r{^\.ht} do
2010-05-05 14:44:20 +00:00
deny_from_all
satisfy :all
end
end
2010-05-10 19:57:34 +00:00
# Set up basic authentication
#
# Check to make sure the defined users_file exists
#
# basic_authentication "My secret", '/my.users', 'valid-user' => true
# basic_authentication "My other secret", '/my.users', :user => [ :john ]
def basic_authentication(zone, users_file, requires = {})
2010-05-07 20:04:06 +00:00
exist? users_file
2010-05-18 17:08:17 +00:00
authentication_basics(zone, requires)
2010-05-06 14:40:45 +00:00
auth_user_file users_file
end
2010-05-07 20:04:06 +00:00
alias :basic_authentication! :basic_authentication
2010-05-10 19:57:34 +00:00
# Set up LDAP authentication
def ldap_authentication(zone, url, requires = {})
2010-05-18 17:08:17 +00:00
authentication_basics(zone, requires)
2010-05-06 14:40:45 +00:00
auth_basic_provider :ldap
authz_ldap_authoritative :on
auth_ldap_url url
end
2010-05-07 20:04:06 +00:00
alias :ldap_authentication! :ldap_authentication
2010-05-10 19:57:34 +00:00
# Create an Apache require directive.
# Used to get around Ruby reserved word.
2010-05-06 14:40:45 +00:00
def apache_require(*opts)
2010-05-11 19:19:16 +00:00
self << "Require #{opts.compact * " "}"
2010-05-06 14:40:45 +00:00
end
2010-05-18 17:08:17 +00:00
private
def authentication_basics(zone, requires)
auth_type :basic
auth_name zone
requires.each do |type, values|
apache_require type, *values
end
end
2010-04-27 21:00:43 +00:00
end
end