X-Git-Url: https://git.hcoop.net/hcoop/domtool2.git/blobdiff_plain/ebf47697644deafd0bde2dfb207b0048a8f2753c..417edb970ec87cd1e45ea2923fdee4c6cb5d57f4:/src/plugins/apache.sml
diff --git a/src/plugins/apache.sml b/src/plugins/apache.sml
index 6de4f1b..6a9fa39 100644
--- a/src/plugins/apache.sml
+++ b/src/plugins/apache.sml
@@ -466,8 +466,7 @@ fun vhostPost () = (!post ();
write "\n";
app (TextIO.closeOut o #2) (!vhostFiles))
-val php_version = fn (EVar "php5", _) => SOME 5
- | (EVar "fast_php", _) => SOME 6
+val php_version = fn (EVar "fast_php", _) => SOME 6
| _ => NONE
fun vhostBody (env, makeFullHost) =
@@ -530,10 +529,6 @@ fun vhostBody (env, makeFullHost) =
TextIO.output (file, group))
else
(TextIO.output (file, "\n\tSuexecUserGroup ");
- TextIO.output (file, user);
- TextIO.output (file, " ");
- TextIO.output (file, group);
- TextIO.output (file, "\n\tsuPHP_UserGroup ");
TextIO.output (file, user);
TextIO.output (file, " ");
TextIO.output (file, group))
@@ -552,17 +547,17 @@ fun vhostBody (env, makeFullHost) =
TextIO.output (file, user);
TextIO.output (file, "/DAVLock");
- if php = Config.Apache.defaultPhpVersion
+ if php = 6
then
- ()
- else if php = 6
- then
- (* fastcgi php 5.6 since 6 doesn't exist *)
+ (* fastcgi php 5.6, using version 6 since php6 doesn't exist *)
(TextIO.output (file, "\n\tAddHandler fcgid-script .php .phtml");
- (* FIXME: only set kerberos wrapper of waklog is on *)
map (fn ext => (TextIO.output (file, "\n\tFcgidWrapper \"");
- TextIO.output (file, Config.Apache.fastCgiWrapperOf user);
- TextIO.output (file, " ");
+ (* kerberos wrapper, simulates waklog+mod_cgi *)
+ if isWaklog node then
+ (TextIO.output (file, Config.Apache.fastCgiWrapperOf user);
+ TextIO.output (file, " "))
+ else
+ ();
TextIO.output (file, Config.Apache.phpFastCgiWrapper);
TextIO.output (file, "\" ");
TextIO.output (file, ext)))
@@ -790,21 +785,38 @@ val () = Env.action_two "scriptAlias"
val () = Env.action_two "fastScriptAlias"
("from", Env.string, "to", Env.string)
(fn (from, to) =>
- (write "\tAlias\t";
- write from;
- write " ";
- write to;
- write "\n";
+ let
+ (* mod_fcgid + kerberos limit this to working with
+ individual fcgi programs. assume the target path is a
+ file and any trailing `/' is just aliasing
+ syntax. Directory+File on the script is used to
+ activate fcgid instead of Location on the alias to
+ limit effects (alias+location also match in inverse
+ order causing pernicious side-effects *)
+ val fcgi_path = if String.sub (to, size to - 1) = #"/"
+ then
+ String.substring (to, 0, size to - 1)
+ else
+ to
+ val fcgi_dir = OS.Path.dir fcgi_path
+ val fcgi_file = OS.Path.file fcgi_path
+ in
+ write "\tAlias\t"; write from; write " "; write to; write "\n";
- write "\t\n";
- write "\t\tSetHandler fcgid-script\n";
- (* FIXME: only set kerberos wrapper of waklog is on *)
- write "\t\tFcgidWrapper \"";
- write (Config.Apache.fastCgiWrapperOf (Domain.getUser ()));
- write "\"\n";
- write "\t\n"))
+ write "\t\n";
+ write "\t\n";
+ write "\tSetHandler fcgid-script\n";
+
+ (* FIXME: only set kerberos wrapper of waklog is on *)
+ (* won't be trivial, since we don't have access to node here *)
+ write "\tFcgidWrapper \"";
+ write (Config.Apache.fastCgiWrapperOf (Domain.getUser ()));
+ write " ";
+ write fcgi_path;
+ write "\"\n";
+
+ write "\t\n\t\n"
+ end)
val () = Env.action_two "errorDocument"
("code", Env.string, "handler", Env.string)
@@ -917,7 +929,7 @@ val () = Env.action_one "authType"
write "\n";
case ty of
"kerberos" =>
- write "\tKrbServiceName apache2\n\tKrb5Keytab /etc/keytabs/service/apache\n\tKrbMethodNegotiate on\n\tKrbMethodK5Passwd on\n\tKrbVerifyKDC on\n\tKrbAuthRealms HCOOP.NET\n\tKrbSaveCredentials on\n"
+ write "\tKrbServiceName HTTP\n\tKrb5Keytab /etc/keytabs/service/apache\n\tKrbMethodNegotiate on\n\tKrbMethodK5Passwd on\n\tKrbVerifyKDC on\n\tKrbAuthRealms HCOOP.NET\n\tKrbSaveCredentials on\n"
| _ => ())
else
print "WARNING: Skipped Kerberos authType because this isn't an SSL vhost.\n")
@@ -1140,6 +1152,7 @@ val () = Env.action_one "phpVersion"
(* fastcgi php 5.6 since 6 doesn't exist *)
(write "\tAddHandler fcgid-script .php .phtml\n";
(* FIXME: only set kerberos wrapper of waklog is on *)
+ (* won't be trivial, since we don't have access to node here *)
write "\n\tFcgidWrapper \"";
write (Config.Apache.fastCgiWrapperOf (Domain.getUser ()));
write " ";