X-Git-Url: https://git.hcoop.net/hcoop/domtool2.git/blobdiff_plain/ebf47697644deafd0bde2dfb207b0048a8f2753c..417edb970ec87cd1e45ea2923fdee4c6cb5d57f4:/src/plugins/apache.sml

diff --git a/src/plugins/apache.sml b/src/plugins/apache.sml
index 6de4f1b..6a9fa39 100644
--- a/src/plugins/apache.sml
+++ b/src/plugins/apache.sml
@@ -466,8 +466,7 @@ fun vhostPost () = (!post ();
 		    write "</VirtualHost>\n";
 		    app (TextIO.closeOut o #2) (!vhostFiles))
 
-val php_version = fn (EVar "php5", _) => SOME 5
-                   | (EVar "fast_php", _) => SOME 6
+val php_version = fn (EVar "fast_php", _) => SOME 6
                    | _ => NONE
 
 fun vhostBody (env, makeFullHost) =
@@ -530,10 +529,6 @@ fun vhostBody (env, makeFullHost) =
 					   TextIO.output (file, group))
 				      else
 					  (TextIO.output (file, "\n\tSuexecUserGroup ");
-					   TextIO.output (file, user);
-					   TextIO.output (file, " ");
-					   TextIO.output (file, group);
-					   TextIO.output (file, "\n\tsuPHP_UserGroup ");
 					   TextIO.output (file, user);
 					   TextIO.output (file, " ");
 					   TextIO.output (file, group))
@@ -552,17 +547,17 @@ fun vhostBody (env, makeFullHost) =
 				  TextIO.output (file, user);
 				  TextIO.output (file, "/DAVLock");
 
-				  if php = Config.Apache.defaultPhpVersion
+				  if php = 6
 				  then
-				      ()
-				  else if php = 6
-				  then
-				      (* fastcgi php 5.6 since 6 doesn't exist *)
+				      (* fastcgi php 5.6, using version 6 since php6 doesn't exist *)
 				      (TextIO.output (file, "\n\tAddHandler fcgid-script .php .phtml");
-				       (* FIXME: only set kerberos wrapper of waklog is on *)
 				       map (fn ext => (TextIO.output (file, "\n\tFcgidWrapper \"");
-						       TextIO.output (file, Config.Apache.fastCgiWrapperOf user);
-						       TextIO.output (file, " ");
+						       (* kerberos wrapper, simulates waklog+mod_cgi *)
+						       if isWaklog node then
+							   (TextIO.output (file, Config.Apache.fastCgiWrapperOf user);
+							    TextIO.output (file, " "))
+						       else
+							   ();
 						       TextIO.output (file, Config.Apache.phpFastCgiWrapper);
 						       TextIO.output (file, "\" ");
 						       TextIO.output (file, ext)))
@@ -790,21 +785,38 @@ val () = Env.action_two "scriptAlias"
 val () = Env.action_two "fastScriptAlias"
 	 ("from", Env.string, "to", Env.string)
 	 (fn (from, to) =>
-	     (write "\tAlias\t";
-	      write from;
-	      write " ";
-	      write to;
-	      write "\n";
+	     let
+		 (* mod_fcgid + kerberos limit this to working with
+		 individual fcgi programs. assume the target path is a
+		 file and any trailing `/' is just aliasing
+		 syntax. Directory+File on the script is used to
+		 activate fcgid instead of Location on the alias to
+		 limit effects (alias+location also match in inverse
+		 order causing pernicious side-effects *)
+		 val fcgi_path = if String.sub (to, size to - 1) = #"/"
+				 then
+				     String.substring (to, 0, size to - 1)
+				 else
+				     to
+		 val fcgi_dir = OS.Path.dir fcgi_path
+		 val fcgi_file = OS.Path.file fcgi_path
+	     in
+		 write "\tAlias\t"; write from; write " "; write to;  write "\n";
 
-	      write "\t<Location ";
-	      write from;
-	      write ">\n";
-	      write "\t\tSetHandler fcgid-script\n";
-	      (* FIXME: only set kerberos wrapper of waklog is on *)
-	      write "\t\tFcgidWrapper \"";
-	      write (Config.Apache.fastCgiWrapperOf (Domain.getUser ()));
-	      write "\"\n";
-	      write "\t</Location>\n"))
+		 write "\t<Directory "; write fcgi_dir;  write ">\n";
+		 write "\t<Files "; write fcgi_file;  write ">\n";
+		 write "\tSetHandler fcgid-script\n";
+
+		 (* FIXME: only set kerberos wrapper of waklog is on *)
+		 (* won't be trivial, since we don't have access to node here *)
+		 write "\tFcgidWrapper \"";
+		 write (Config.Apache.fastCgiWrapperOf (Domain.getUser ()));
+		 write " ";
+		 write fcgi_path;
+		 write "\"\n";
+
+		 write "\t</Files>\n\t</Directory>\n"
+	     end)
 
 val () = Env.action_two "errorDocument"
 	 ("code", Env.string, "handler", Env.string)
@@ -917,7 +929,7 @@ val () = Env.action_one "authType"
 		  write "\n";
 		  case ty of
 		      "kerberos" => 
-		      write "\tKrbServiceName apache2\n\tKrb5Keytab /etc/keytabs/service/apache\n\tKrbMethodNegotiate on\n\tKrbMethodK5Passwd on\n\tKrbVerifyKDC on\n\tKrbAuthRealms HCOOP.NET\n\tKrbSaveCredentials on\n"
+		      write "\tKrbServiceName HTTP\n\tKrb5Keytab /etc/keytabs/service/apache\n\tKrbMethodNegotiate on\n\tKrbMethodK5Passwd on\n\tKrbVerifyKDC on\n\tKrbAuthRealms HCOOP.NET\n\tKrbSaveCredentials on\n"
 		    | _ => ())
 	     else
 		 print "WARNING: Skipped Kerberos authType because this isn't an SSL vhost.\n")
@@ -1140,6 +1152,7 @@ val () = Env.action_one "phpVersion"
 			     (* fastcgi php 5.6 since 6 doesn't exist *)
 			     (write "\tAddHandler fcgid-script .php .phtml\n";
 			      (* FIXME: only set kerberos wrapper of waklog is on *)
+			      (* won't be trivial, since we don't have access to node here *)
 			      write "\n\tFcgidWrapper \"";
 			      write (Config.Apache.fastCgiWrapperOf (Domain.getUser ()));
 			      write " ";