X-Git-Url: https://git.hcoop.net/hcoop/domtool2.git/blobdiff_plain/4cbaa5a74c199730a4601e3eff8a7512dda20165..94b7b11acaf25eadda183ff48cf2cf497e8aef58:/src/plugins/apache.sml

diff --git a/src/plugins/apache.sml b/src/plugins/apache.sml
index 7183bcb..4a399e8 100644
--- a/src/plugins/apache.sml
+++ b/src/plugins/apache.sml
@@ -25,9 +25,9 @@ open Ast
 val _ = Env.type_one "web_node"
 	Env.string
 	(fn node =>
-	    List.exists (fn x => x = node) Config.Apache.webNodes_all
+	    List.exists (fn (x, _) => x = node) Config.Apache.webNodes_all
 	    orelse (Domain.hasPriv "www"
-		    andalso List.exists (fn x => x = node) Config.Apache.webNodes_admin))
+		    andalso List.exists (fn (x, _) => x = node) Config.Apache.webNodes_admin))
 
 val _ = Env.registerFunction ("web_node_to_node",
 			      fn [e] => SOME e
@@ -103,7 +103,7 @@ val _ = Defaults.registerDefault ("User",
 
 val _ = Defaults.registerDefault ("Group",
 				  (TBase "your_group", dl),
-				  (fn () => (EString (Domain.getUser ()), dl)))
+				  (fn () => (EString "nogroup", dl)))
 
 val _ = Defaults.registerDefault ("DocumentRoot",
 				  (TBase "your_path", dl),
@@ -225,6 +225,29 @@ fun findVhostUser fname =
 	before TextIO.closeIn inf
     end handle _ => NONE
 
+val webNodes_full = Config.Apache.webNodes_all @ Config.Apache.webNodes_admin
+
+fun isVersion1 node =
+    List.exists (fn (n, {version = ConfigTypes.APACHE_1_3, ...}) => n = node
+		  | _ => false) webNodes_full
+
+fun imVersion1 () = isVersion1 (Slave.hostname ())
+
+fun isWaklog node =
+    List.exists (fn (n, {auth = ConfigTypes.MOD_WAKLOG, ...}) => n = node
+		  | _ => false) webNodes_full
+
+fun down () = if imVersion1 () then Config.Apache.down1 else Config.Apache.down
+fun undown () = if imVersion1 () then Config.Apache.undown1 else Config.Apache.undown
+fun reload () = if imVersion1 () then Config.Apache.reload1 else Config.Apache.reload
+
+fun logDir {user, node, vhostId} =
+    String.concat [Config.Apache.logDirOf (isVersion1 node) user,
+		   "/",
+		   node,
+		   "/",
+		   vhostId]
+
 val () = Slave.registerFileHandler (fn fs =>
 				       let
 					   val spl = OS.Path.splitDirFile (#file fs)
@@ -243,27 +266,15 @@ val () = Slave.registerFileHandler (fn fs =>
 						       print ("Can't find user in " ^ #file fs ^ " or " ^ realVhostFile ^ "!  Taking no action.\n")
 						   else
 						       let
+							   val vhostId = if OS.Path.ext (#file spl) = SOME "vhost_ssl" then
+									     OS.Path.base (#file spl) ^ ".ssl"
+									 else
+									     OS.Path.base (#file spl)
+
 							   fun realLogDir user =
-							       let
-								   val realLogDir = Domain.homedirOf (valOf user)
-								   val realLogDir = OS.Path.joinDirFile
-											{dir = realLogDir,
-											 file = "apache"}
-								   val realLogDir = OS.Path.joinDirFile
-											{dir = realLogDir,
-											 file = "log"}
-								   val realLogDir = OS.Path.joinDirFile
-											{dir = realLogDir,
-											 file = Slave.hostname ()}
-								   val {base, ...} = OS.Path.splitBaseExt (#file spl)
-
-								   val realLogDir = OS.Path.concat (realLogDir, base)
-							       in
-								   if String.isSuffix ".vhost_ssl" (#file spl) then
-								       realLogDir ^ ".ssl"
-								   else
-								       realLogDir
-							       end
+							       logDir {user = valOf user,
+								       node = Slave.hostname (),
+								       vhostId = vhostId}
 						       in
 							   vhostsChanged := true;
 							   case #action fs of
@@ -271,7 +282,7 @@ val () = Slave.registerFileHandler (fn fs =>
 							       (if !logDeleted then
 								    ()
 								else
-								    (ignore (OS.Process.system Config.Apache.down);
+								    (ignore (OS.Process.system (down ()));
 								     logDeleted := true);
    							        ignore (OS.Process.system (Config.rm
 											   ^ " -rf "
@@ -291,7 +302,7 @@ val () = Slave.registerFileHandler (fn fs =>
 								   if Posix.FileSys.access (rld, []) then
 								       ()
 								   else
-								       OS.FileSys.mkDir rld
+								       Slave.mkDirAll rld
 							       end
 							       
 							     | _ =>
@@ -308,7 +319,7 @@ val () = Slave.registerFileHandler (fn fs =>
 									if !logDeleted then
 									    ()
 									else
-									    (ignore (OS.Process.system Config.Apache.down);
+									    (ignore (OS.Process.system (down ()));
 									     logDeleted := true);
 									ignore (OS.Process.system (Config.rm
 												   ^ " -rf "
@@ -316,7 +327,7 @@ val () = Slave.registerFileHandler (fn fs =>
 									if Posix.FileSys.access (rld, []) then
 									    ()
 									else
-									    OS.FileSys.mkDir rld
+									    Slave.mkDirAll rld
 								    end
 								else
 								    ())
@@ -329,7 +340,7 @@ val () = Slave.registerFileHandler (fn fs =>
 val () = Slave.registerPostHandler
 	 (fn () =>
 	     (if !vhostsChanged then
-		  Slave.shellF ([if !logDeleted then Config.Apache.undown else Config.Apache.reload],
+		  Slave.shellF ([if !logDeleted then undown () else reload ()],
 				fn cl => "Error reloading Apache with " ^ cl)
 	      else
 		  ()))
@@ -393,6 +404,8 @@ val () = Env.containerV_one "vhost"
 				       let
 					   val file = Domain.domainFile {node = node,
 									 name = confFile}
+
+					   val ld = logDir {user = user, node = node, vhostId = vhostId}
 				       in
 					   TextIO.output (file, "# Owner: ");
 					   TextIO.output (file, user);
@@ -404,31 +417,41 @@ val () = Env.containerV_one "vhost"
 								  | NONE => "80");
 					   TextIO.output (file, ">\n");
 					   TextIO.output (file, "\tErrorLog ");
-					   TextIO.output (file, Domain.homedirOf user);
-					   TextIO.output (file, "/apache/log/");
-					   TextIO.output (file, node);
-					   TextIO.output (file, "/");
-					   TextIO.output (file, vhostId);
+					   TextIO.output (file, ld);
 					   TextIO.output (file, "/error.log\n\tCustomLog ");
-					   TextIO.output (file, Domain.homedirOf user);
-					   TextIO.output (file, "/apache/log/");
-					   TextIO.output (file, node);
-					   TextIO.output (file, "/");
-					   TextIO.output (file, vhostId);
+					   TextIO.output (file, ld);
 					   TextIO.output (file, "/access.log combined\n");
-					   (Domain.homedirOf user ^ "/apache/log/"
-					    ^ node ^ "/" ^ vhostId, file)
+					   TextIO.output (file, "\tServerName ");
+					   TextIO.output (file, fullHost);
+					   app
+					       (fn dom => (TextIO.output (file, "\n\tServerAlias ");
+							   TextIO.output (file, host);
+							   TextIO.output (file, ".");
+							   TextIO.output (file, dom)))
+					       (Domain.currentAliasDomains ());
+					   if suexec then
+					       if isVersion1 node then
+						   (TextIO.output (file, "\n\tUser ");
+						    TextIO.output (file, user);
+						    TextIO.output (file, "\n\tGroup ");
+						    TextIO.output (file, group))
+					       else
+						   (TextIO.output (file, "\n\tSuexecUserGroup ");
+						    TextIO.output (file, user);
+						    TextIO.output (file, " ");
+						    TextIO.output (file, group))
+					   else
+					       ();
+					   if isWaklog node then
+					       (TextIO.output (file, "\n\tWaklogProtected on\n\tWaklogPrincipal ");
+						TextIO.output (file, user);
+						TextIO.output (file, "/cgi@HCOOP.NET /etc/keytabs/cgi/");
+						TextIO.output (file, user))
+					   else
+					       ();
+					   (ld, file)
 				       end)
 				   nodes;
-		 write "\tServerName ";
-		 write fullHost;
-		 if suexec then
-		     (write "\n\tSuexecUserGroup ";
-		      write user;
-		      write " ";
-		      write group)
-		 else
-		     ();
 		 write "\n\tDocumentRoot ";
 		 write docroot;
 		 write "\n\tServerAdmin ";
@@ -439,7 +462,8 @@ val () = Env.containerV_one "vhost"
 		      write cert)
 		   | NONE => ();
 		 write "\n";
-		 !pre {user = user, nodes = nodes, id = vhostId, hostname = fullHost}
+		 !pre {user = user, nodes = nodes, id = vhostId, hostname = fullHost};
+		 app (fn dom => !aliaser (host ^ "." ^ dom)) (Domain.currentAliasDomains ())
 	     end,
 	  fn () => (!post ();
 		    write "</VirtualHost>\n";
@@ -546,6 +570,14 @@ val () = Env.action_three "rewriteCond"
 				 write "]");
 	      write "\n"))
 
+val () = Env.action_one "rewriteBase"
+	 ("prefix", Env.string)
+	 (fn prefix =>
+	     (checkRewrite ();
+	      write "\tRewriteBase\t";
+	      write prefix;
+	      write "\n"))
+
 val () = Env.action_one "rewriteLogLevel"
 	 ("level", Env.int)
 	 (fn level =>
@@ -617,7 +649,7 @@ val () = Env.action_one "directoryIndex"
 	      app (fn opt => (write " "; write opt)) opts;
 	      write "\n"))
 
-val () = Env.action_one "serverAlias"
+val () = Env.action_one "serverAliasHost"
 	 ("host", Env.string)
 	 (fn host =>
 	     (write "\tServerAlias ";
@@ -625,8 +657,34 @@ val () = Env.action_one "serverAlias"
 	      write "\n";
 	      !aliaser host))
 
+val () = Env.action_one "serverAlias"
+	 ("host", Env.string)
+	 (fn host =>
+	     (app
+		  (fn dom =>
+		      let
+			  val full = host ^ "." ^ dom
+		      in
+			  write "\tServerAlias ";
+			  write full;
+			  write "\n";
+			  !aliaser full
+		      end)
+		  (Domain.currentDomains ())))
+
+val () = Env.action_none "serverAliasDefault"
+	 (fn () =>
+	     (app
+		  (fn dom =>
+			  (write "\tServerAlias ";
+			   write dom;
+			   write "\n";
+			   !aliaser dom))
+		  (Domain.currentDomains ())))
+
 val authType = fn (EVar "basic", _) => SOME "basic"
 		| (EVar "digest", _) => SOME "digest"
+		| (EVar "kerberos", _) => SOME "kerberos"
 		| _ => NONE
 
 val () = Env.action_one "authType"
@@ -634,7 +692,11 @@ val () = Env.action_one "authType"
 	 (fn ty =>
 	     (write "\tAuthType ";
 	      write ty;
-	      write "\n"))
+	      write "\n";
+	      case ty of
+		  "kerberos" => 
+		  write "\tKrbMethodNegotiate off\n\tKrbMethodK5Passwd on\n\tKrbVerifyKDC off\n\tKrbAuthRealms HCOOP.NET\n\tKrbSaveCredentials on\n"
+		| _ => ()))
 
 val () = Env.action_one "authName"
 	 ("name", Env.string)