diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2012-03-24 02:27:47 -0500 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-03-26 11:43:54 -0500 |
commit | 621d9e5c413e561293d7484b93882d985b3fe15f (patch) | |
tree | 638f3d75761c121d9a8fb50b52a12a6686c5ac5c /base/tps/apache | |
parent | 40d3643b8d91886bf210aa27f711731c81a11e49 (diff) | |
download | pki-621d9e5c413e561293d7484b93882d985b3fe15f.tar.gz pki-621d9e5c413e561293d7484b93882d985b3fe15f.tar.xz pki-621d9e5c413e561293d7484b93882d985b3fe15f.zip |
Removed unnecessary pki folder.
Previously the source code was located inside a pki folder.
This folder was created during svn migration and is no longer
needed. This folder has now been removed and the contents have
been moved up one level.
Ticket #131
Diffstat (limited to 'base/tps/apache')
-rw-r--r-- | base/tps/apache/LICENSE-2.0 | 678 | ||||
-rw-r--r-- | base/tps/apache/conf/httpd.conf | 1085 | ||||
-rw-r--r-- | base/tps/apache/conf/magic | 382 | ||||
-rw-r--r-- | base/tps/apache/conf/mime.types | 592 | ||||
-rw-r--r-- | base/tps/apache/conf/nss.conf | 280 | ||||
-rw-r--r-- | base/tps/apache/conf/perl.conf | 70 | ||||
-rw-r--r-- | base/tps/apache/pki_instance_command_wrapper | 192 | ||||
-rw-r--r-- | base/tps/apache/pki_subsystem_command_wrapper | 182 | ||||
-rw-r--r-- | base/tps/apache/readme.html | 1222 |
9 files changed, 4683 insertions, 0 deletions
diff --git a/base/tps/apache/LICENSE-2.0 b/base/tps/apache/LICENSE-2.0 new file mode 100644 index 000000000..7b69c6227 --- /dev/null +++ b/base/tps/apache/LICENSE-2.0 @@ -0,0 +1,678 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + + +APACHE HTTP SERVER SUBCOMPONENTS: + +The Apache HTTP Server includes a number of subcomponents with +separate copyright notices and license terms. Your use of the source +code for the these subcomponents is subject to the terms and +conditions of the following licenses. + +For the mod_mime_magic component: + +/* + * mod_mime_magic: MIME type lookup via file magic numbers + * Copyright (c) 1996-1997 Cisco Systems, Inc. + * + * This software was submitted by Cisco Systems to the Apache Group in July + * 1997. Future revisions and derivatives of this source code must + * acknowledge Cisco Systems as the original contributor of this module. + * All other licensing and usage conditions are those of the Apache Group. + * + * Some of this code is derived from the free version of the file command + * originally posted to comp.sources.unix. Copyright info for that program + * is included below as required. + * --------------------------------------------------------------------------- + * - Copyright (c) Ian F. Darwin, 1987. Written by Ian F. Darwin. + * + * This software is not subject to any license of the American Telephone and + * Telegraph Company or of the Regents of the University of California. + * + * Permission is granted to anyone to use this software for any purpose on any + * computer system, and to alter it and redistribute it freely, subject to + * the following restrictions: + * + * 1. The author is not responsible for the consequences of use of this + * software, no matter how awful, even if they arise from flaws in it. + * + * 2. The origin of this software must not be misrepresented, either by + * explicit claim or by omission. Since few users ever read sources, credits + * must appear in the documentation. + * + * 3. Altered versions must be plainly marked as such, and must not be + * misrepresented as being the original software. Since few users ever read + * sources, credits must appear in the documentation. + * + * 4. This notice may not be removed or altered. + * ------------------------------------------------------------------------- + * + */ + + +For the modules\mappers\mod_imap.c component: + + "macmartinized" polygon code copyright 1992 by Eric Haines, erich@eye.com + +For the server\util_md5.c component: + +/************************************************************************ + * NCSA HTTPd Server + * Software Development Group + * National Center for Supercomputing Applications + * University of Illinois at Urbana-Champaign + * 605 E. Springfield, Champaign, IL 61820 + * httpd@ncsa.uiuc.edu + * + * Copyright (C) 1995, Board of Trustees of the University of Illinois + * + ************************************************************************ + * + * md5.c: NCSA HTTPd code which uses the md5c.c RSA Code + * + * Original Code Copyright (C) 1994, Jeff Hostetler, Spyglass, Inc. + * Portions of Content-MD5 code Copyright (C) 1993, 1994 by Carnegie Mellon + * University (see Copyright below). + * Portions of Content-MD5 code Copyright (C) 1991 Bell Communications + * Research, Inc. (Bellcore) (see Copyright below). + * Portions extracted from mpack, John G. Myers - jgm+@cmu.edu + * Content-MD5 Code contributed by Martin Hamilton (martin@net.lut.ac.uk) + * + */ + + +/* these portions extracted from mpack, John G. Myers - jgm+@cmu.edu */ +/* (C) Copyright 1993,1994 by Carnegie Mellon University + * All Rights Reserved. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without + * fee, provided that the above copyright notice appear in all copies + * and that both that copyright notice and this permission notice + * appear in supporting documentation, and that the name of Carnegie + * Mellon University not be used in advertising or publicity + * pertaining to distribution of the software without specific, + * written prior permission. Carnegie Mellon University makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied + * warranty. + * + * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE + * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* + * Copyright (c) 1991 Bell Communications Research, Inc. (Bellcore) + * + * Permission to use, copy, modify, and distribute this material + * for any purpose and without fee is hereby granted, provided + * that the above copyright notice and this permission notice + * appear in all copies, and that the name of Bellcore not be + * used in advertising or publicity pertaining to this + * material without the specific, prior written permission + * of an authorized representative of Bellcore. BELLCORE + * MAKES NO REPRESENTATIONS ABOUT THE ACCURACY OR SUITABILITY + * OF THIS MATERIAL FOR ANY PURPOSE. IT IS PROVIDED "AS IS", + * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. + */ + +For the srclib\apr\include\apr_md5.h component: +/* + * This is work is derived from material Copyright RSA Data Security, Inc. + * + * The RSA copyright statement and Licence for that original material is + * included below. This is followed by the Apache copyright statement and + * licence for the modifications made to that material. + */ + +/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All + rights reserved. + + License to copy and use this software is granted provided that it + is identified as the "RSA Data Security, Inc. MD5 Message-Digest + Algorithm" in all material mentioning or referencing this software + or this function. + + License is also granted to make and use derivative works provided + that such works are identified as "derived from the RSA Data + Security, Inc. MD5 Message-Digest Algorithm" in all material + mentioning or referencing the derived work. + + RSA Data Security, Inc. makes no representations concerning either + the merchantability of this software or the suitability of this + software for any particular purpose. It is provided "as is" + without express or implied warranty of any kind. + + These notices must be retained in any copies of any part of this + documentation and/or software. + */ + +For the srclib\apr\passwd\apr_md5.c component: + +/* + * This is work is derived from material Copyright RSA Data Security, Inc. + * + * The RSA copyright statement and Licence for that original material is + * included below. This is followed by the Apache copyright statement and + * licence for the modifications made to that material. + */ + +/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm + */ + +/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All + rights reserved. + + License to copy and use this software is granted provided that it + is identified as the "RSA Data Security, Inc. MD5 Message-Digest + Algorithm" in all material mentioning or referencing this software + or this function. + + License is also granted to make and use derivative works provided + that such works are identified as "derived from the RSA Data + Security, Inc. MD5 Message-Digest Algorithm" in all material + mentioning or referencing the derived work. + + RSA Data Security, Inc. makes no representations concerning either + the merchantability of this software or the suitability of this + software for any particular purpose. It is provided "as is" + without express or implied warranty of any kind. + + These notices must be retained in any copies of any part of this + documentation and/or software. + */ +/* + * The apr_md5_encode() routine uses much code obtained from the FreeBSD 3.0 + * MD5 crypt() function, which is licenced as follows: + * ---------------------------------------------------------------------------- + * "THE BEER-WARE LICENSE" (Revision 42): + * <phk@login.dknet.dk> wrote this file. As long as you retain this notice you + * can do whatever you want with this stuff. If we meet some day, and you think + * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp + * ---------------------------------------------------------------------------- + */ + +For the srclib\apr-util\crypto\apr_md4.c component: + + * This is derived from material copyright RSA Data Security, Inc. + * Their notice is reproduced below in its entirety. + * + * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All + * rights reserved. + * + * License to copy and use this software is granted provided that it + * is identified as the "RSA Data Security, Inc. MD4 Message-Digest + * Algorithm" in all material mentioning or referencing this software + * or this function. + * + * License is also granted to make and use derivative works provided + * that such works are identified as "derived from the RSA Data + * Security, Inc. MD4 Message-Digest Algorithm" in all material + * mentioning or referencing the derived work. + * + * RSA Data Security, Inc. makes no representations concerning either + * the merchantability of this software or the suitability of this + * software for any particular purpose. It is provided "as is" + * without express or implied warranty of any kind. + * + * These notices must be retained in any copies of any part of this + * documentation and/or software. + */ + +For the srclib\apr-util\include\apr_md4.h component: + + * + * This is derived from material copyright RSA Data Security, Inc. + * Their notice is reproduced below in its entirety. + * + * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All + * rights reserved. + * + * License to copy and use this software is granted provided that it + * is identified as the "RSA Data Security, Inc. MD4 Message-Digest + * Algorithm" in all material mentioning or referencing this software + * or this function. + * + * License is also granted to make and use derivative works provided + * that such works are identified as "derived from the RSA Data + * Security, Inc. MD4 Message-Digest Algorithm" in all material + * mentioning or referencing the derived work. + * + * RSA Data Security, Inc. makes no representations concerning either + * the merchantability of this software or the suitability of this + * software for any particular purpose. It is provided "as is" + * without express or implied warranty of any kind. + * + * These notices must be retained in any copies of any part of this + * documentation and/or software. + */ + + +For the srclib\apr-util\test\testdbm.c component: + +/* ==================================================================== + * The Apache Software License, Version 1.1 + * + * Copyright (c) 2000-2002 The Apache Software Foundation. All rights + * reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The end-user documentation included with the redistribution, + * if any, must include the following acknowledgment: + * "This product includes software developed by the + * Apache Software Foundation (http://www.apache.org/)." + * Alternately, this acknowledgment may appear in the software itself, + * if and wherever such third-party acknowledgments normally appear. + * + * 4. The names "Apache" and "Apache Software Foundation" must + * not be used to endorse or promote products derived from this + * software without prior written permission. For written + * permission, please contact apache@apache.org. + * + * 5. Products derived from this software may not be called "Apache", + * nor may "Apache" appear in their name, without prior written + * permission of the Apache Software Foundation. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF + * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * ==================================================================== + * + * This software consists of voluntary contributions made by many + * individuals on behalf of the Apache Software Foundation. For more + * information on the Apache Software Foundation, please see + * <http://www.apache.org/>. + * + * This file came from the SDBM package (written by oz@nexus.yorku.ca). + * That package was under public domain. This file has been ported to + * APR, updated to ANSI C and other, newer idioms, and added to the Apache + * codebase under the above copyright and license. + */ + + +For the srclib\apr-util\test\testmd4.c component: + + * + * This is derived from material copyright RSA Data Security, Inc. + * Their notice is reproduced below in its entirety. + * + * Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All + * rights reserved. + * + * RSA Data Security, Inc. makes no representations concerning either + * the merchantability of this software or the suitability of this + * software for any particular purpose. It is provided "as is" + * without express or implied warranty of any kind. + * + * These notices must be retained in any copies of any part of this + * documentation and/or software. + */ + +For the srclib\apr-util\xml\expat\conftools\install-sh component: + +# +# install - install a program, script, or datafile +# This comes from X11R5 (mit/util/scripts/install.sh). +# +# Copyright 1991 by the Massachusetts Institute of Technology +# +# Permission to use, copy, modify, distribute, and sell this software and its +# documentation for any purpose is hereby granted without fee, provided that +# the above copyright notice appear in all copies and that both that +# copyright notice and this permission notice appear in supporting +# documentation, and that the name of M.I.T. not be used in advertising or +# publicity pertaining to distribution of the software without specific, +# written prior permission. M.I.T. makes no representations about the +# suitability of this software for any purpose. It is provided "as is" +# without express or implied warranty. +# + +For the srclib\pcre\install-sh component: + +# +# Copyright 1991 by the Massachusetts Institute of Technology +# +# Permission to use, copy, modify, distribute, and sell this software and its +# documentation for any purpose is hereby granted without fee, provided that +# the above copyright notice appear in all copies and that both that +# copyright notice and this permission notice appear in supporting +# documentation, and that the name of M.I.T. not be used in advertising or +# publicity pertaining to distribution of the software without specific, +# written prior permission. M.I.T. makes no representations about the +# suitability of this software for any purpose. It is provided "as is" +# without express or implied warranty. + +For the pcre component: + +PCRE LICENCE +------------ + +PCRE is a library of functions to support regular expressions whose syntax +and semantics are as close as possible to those of the Perl 5 language. + +Written by: Philip Hazel <ph10@cam.ac.uk> + +University of Cambridge Computing Service, +Cambridge, England. Phone: +44 1223 334714. + +Copyright (c) 1997-2001 University of Cambridge + +Permission is granted to anyone to use this software for any purpose on any +computer system, and to redistribute it freely, subject to the following +restrictions: + +1. This software is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +2. The origin of this software must not be misrepresented, either by + explicit claim or by omission. In practice, this means that if you use + PCRE in software which you distribute to others, commercially or + otherwise, you must put a sentence like this + + Regular expression support is provided by the PCRE library package, + which is open source software, written by Philip Hazel, and copyright + by the University of Cambridge, England. + + somewhere reasonably visible in your documentation and in any relevant + files or online help data or similar. A reference to the ftp site for + the source, that is, to + + ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ + + should also be given in the documentation. + +3. Altered versions must be plainly marked as such, and must not be + misrepresented as being the original software. + +4. If PCRE is embedded in any software that is released under the GNU + General Purpose Licence (GPL), or Lesser General Purpose Licence (LGPL), + then the terms of that licence shall supersede any condition above with + which it is incompatible. + +The documentation for PCRE, supplied in the "doc" directory, is distributed +under the same terms as the software itself. + +End PCRE LICENCE + + +For the test\zb.c component: + +/* ZeusBench V1.01 + =============== + +This program is Copyright (C) Zeus Technology Limited 1996. + +This program may be used and copied freely providing this copyright notice +is not removed. + +This software is provided "as is" and any express or implied waranties, +including but not limited to, the implied warranties of merchantability and +fitness for a particular purpose are disclaimed. In no event shall +Zeus Technology Ltd. be liable for any direct, indirect, incidental, special, +exemplary, or consequential damaged (including, but not limited to, +procurement of substitute good or services; loss of use, data, or profits; +or business interruption) however caused and on theory of liability. Whether +in contract, strict liability or tort (including negligence or otherwise) +arising in any way out of the use of this software, even if advised of the +possibility of such damage. + + Written by Adam Twiss (adam@zeus.co.uk). March 1996 + +Thanks to the following people for their input: + Mike Belshe (mbelshe@netscape.com) + Michael Campanella (campanella@stevms.enet.dec.com) + +*/ + +For the expat xml parser component: + +Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd + and Clark Cooper + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +==================================================================== diff --git a/base/tps/apache/conf/httpd.conf b/base/tps/apache/conf/httpd.conf new file mode 100644 index 000000000..878a4e655 --- /dev/null +++ b/base/tps/apache/conf/httpd.conf @@ -0,0 +1,1085 @@ +# +# Based upon the NCSA server configuration files originally by Rob McCool. +# +# This is the main Apache server configuration file. It contains the +# configuration directives that give the server its instructions. +# See <URL:http://httpd.apache.org/docs-2.0/> for detailed information about +# the directives. +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# +# The configuration directives are grouped into three basic sections: +# 1. Directives that control the operation of the Apache server process as a +# whole (the 'global environment'). +# 2. Directives that define the parameters of the 'main' or 'default' server, +# which responds to requests that aren't handled by a virtual host. +# These directives also provide default values for the settings +# of all virtual hosts. +# 3. Settings for virtual hosts, which allow Web requests to be sent to +# different IP addresses or hostnames and have them handled by the +# same Apache server process. +# +# Configuration and logfile names: If the filenames you specify for many +# of the server's control files begin with "/" (or "drive:/" for Win32), the +# server will use that explicit path. If the filenames do *not* begin +# with "/", the value of ServerRoot is prepended -- so "logs/foo.log" +# with ServerRoot set to "/export/apache" will be interpreted by the +# server as "/export/apache/logs/foo.log". +# + +### Section 1: Global Environment +# +# The directives in this section affect the overall operation of Apache, +# such as the number of concurrent requests it can handle or where it +# can find its configuration files. +# + +# +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# NOTE! If you intend to place this on an NFS (or otherwise network) +# mounted filesystem then please read the LockFile documentation (available +# at <URL:http://httpd.apache.org/docs-2.0/mod/mpm_common.html#lockfile>); +# you will save yourself a lot of trouble. +# +# Do NOT add a slash at the end of the directory path. +# +ServerRoot "[SERVER_ROOT]" + +# +# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. +# +<IfModule !mpm_winnt.c> +<IfModule !mpm_netware.c> +#LockFile logs/accept.lock +</IfModule> +</IfModule> + +# +# ScoreBoardFile: File used to store internal server process information. +# If unspecified (the default), the scoreboard will be stored in an +# anonymous shared memory segment, and will be unavailable to third-party +# applications. +# If specified, ensure that no two invocations of Apache share the same +# scoreboard file. The scoreboard file MUST BE STORED ON A LOCAL DISK. +# +<IfModule !mpm_netware.c> +<IfModule !perchild.c> +#ScoreBoardFile logs/apache_runtime_status +</IfModule> +</IfModule> + + +# +# PidFile: The file in which the server should record its process +# identification number when it starts. +# +<IfModule !mpm_netware.c> +PidFile run/[PKI_INSTANCE_ID].pid +</IfModule> + +# +# Timeout: The number of seconds before receives and sends time out. +# +Timeout 300 + +# +# KeepAlive: Whether or not to allow persistent connections (more than +# one request per connection). Set to "Off" to deactivate. +# +KeepAlive On + +# +# MaxKeepAliveRequests: The maximum number of requests to allow +# during a persistent connection. Set to 0 to allow an unlimited amount. +# We recommend you leave this number high, for maximum performance. +# +MaxKeepAliveRequests 100 + +# +# KeepAliveTimeout: Number of seconds to wait for the next request from the +# same client on the same connection. +# +KeepAliveTimeout 15 + +## +## Server-Pool Size Regulation (MPM specific) +## + +# prefork MPM +# StartServers: number of server processes to start +# MinSpareServers: minimum number of server processes which are kept spare +# MaxSpareServers: maximum number of server processes which are kept spare +# MaxClients: maximum number of server processes allowed to start +# MaxRequestsPerChild: maximum number of requests a server process serves +<IfModule prefork.c> +StartServers 5 +MinSpareServers 5 +MaxSpareServers 10 +MaxClients 150 +MaxRequestsPerChild 0 +</IfModule> + +# worker MPM +# StartServers: initial number of server processes to start +# MaxClients: maximum number of simultaneous client connections +# MinSpareThreads: minimum number of worker threads which are kept spare +# MaxSpareThreads: maximum number of worker threads which are kept spare +# ThreadsPerChild: constant number of worker threads in each server process +# MaxRequestsPerChild: maximum number of requests a server process serves +<IfModule worker.c> +ServerLimit 1 +StartServers 1 +MaxClients 64 +MinSpareThreads 1 +MaxSpareThreads 75 +ThreadsPerChild 64 +MaxRequestsPerChild 0 +</IfModule> + +# perchild MPM +# NumServers: constant number of server processes +# StartThreads: initial number of worker threads in each server process +# MinSpareThreads: minimum number of worker threads which are kept spare +# MaxSpareThreads: maximum number of worker threads which are kept spare +# MaxThreadsPerChild: maximum number of worker threads in each server process +# MaxRequestsPerChild: maximum number of connections per server process +<IfModule perchild.c> +NumServers 5 +StartThreads 5 +MinSpareThreads 5 +MaxSpareThreads 10 +MaxThreadsPerChild 20 +MaxRequestsPerChild 0 +</IfModule> + +# WinNT MPM +# ThreadsPerChild: constant number of worker threads in the server process +# MaxRequestsPerChild: maximum number of requests a server process serves +<IfModule mpm_winnt.c> +ThreadsPerChild 250 +MaxRequestsPerChild 0 +</IfModule> + +# BeOS MPM +# StartThreads: how many threads do we initially spawn? +# MaxClients: max number of threads we can have (1 thread == 1 client) +# MaxRequestsPerThread: maximum number of requests each thread will process +<IfModule beos.c> +StartThreads 10 +MaxClients 50 +MaxRequestsPerThread 10000 +</IfModule> + +# NetWare MPM +# ThreadStackSize: Stack size allocated for each worker thread +# StartThreads: Number of worker threads launched at server startup +# MinSpareThreads: Minimum number of idle threads, to handle request spikes +# MaxSpareThreads: Maximum number of idle threads +# MaxThreads: Maximum number of worker threads alive at the same time +# MaxRequestsPerChild: Maximum number of requests a thread serves. It is +# recommended that the default value of 0 be set for this +# directive on NetWare. This will allow the thread to +# continue to service requests indefinitely. +<IfModule mpm_netware.c> +ThreadStackSize 65536 +StartThreads 250 +MinSpareThreads 25 +MaxSpareThreads 250 +MaxThreads 1000 +MaxRequestsPerChild 0 +MaxMemFree 100 +</IfModule> + +# OS/2 MPM +# StartServers: Number of server processes to maintain +# MinSpareThreads: Minimum number of idle threads per process, +# to handle request spikes +# MaxSpareThreads: Maximum number of idle threads per process +# MaxRequestsPerChild: Maximum number of connections per server process +<IfModule mpmt_os2.c> +StartServers 2 +MinSpareThreads 5 +MaxSpareThreads 10 +MaxRequestsPerChild 0 +</IfModule> + +# +# Listen: Allows you to bind Apache to specific IP addresses and/or +# ports, instead of the default. See also the <VirtualHost> +# directive. +# +# Change this to Listen on specific IP addresses as shown below to +# prevent Apache from glomming onto all bound IP addresses (0.0.0.0) +# +#Listen 12.34.56.78:80 + +Listen [PORT] + +# +# Dynamic Shared Object (DSO) Support +# +# To be able to use the functionality of a module which was built as a DSO you +# have to place corresponding `LoadModule' lines at this location so the +# directives contained in it are actually available _before_ they are used. +# Statically compiled modules (those listed by `httpd -l') do not need +# to be loaded here. +# +# Example: +# LoadModule foo_module modules/mod_foo.so +# + +# Required modules for command 'Order': +[FORTITUDE_AUTH_MODULES] +# Required module for command 'UserDir': +LoadModule userdir_module [FORTITUDE_LIB_DIR]/modules/mod_userdir.so +# Required module for command 'DirectoryIndex': +LoadModule dir_module [FORTITUDE_LIB_DIR]/modules/mod_dir.so +# Required module for command 'TypesConfig': +LoadModule mime_module [FORTITUDE_LIB_DIR]/modules/mod_mime.so +# Required module for command 'LogFormat': +LoadModule log_config_module [FORTITUDE_LIB_DIR]/modules/mod_log_config.so +# Required module for command 'Alias': +LoadModule alias_module [FORTITUDE_LIB_DIR]/modules/mod_alias.so +# Required module for command 'SetEnvIf': +LoadModule setenvif_module [FORTITUDE_LIB_DIR]/modules/mod_setenvif.so +# Required module for command 'IndexOptions': +LoadModule autoindex_module [FORTITUDE_LIB_DIR]/modules/mod_autoindex.so +# Required module for command 'LanguagePriority': +LoadModule negotiation_module [FORTITUDE_LIB_DIR]/modules/mod_negotiation.so +# Required module for command 'CGI Scripts': +LoadModule cgi_module [FORTITUDE_LIB_DIR]/modules/mod_cgi.so +# Required module for commands in nss.conf: +[FORTITUDE_NSS_MODULES] +# Required module for command 'TPSConfigPathFile': +LoadModule tps_module [FORTITUDE_MODULE]/mod_tps.so +# Required module for command 'TokendbConfigPathFile': +LoadModule tokendb_module [FORTITUDE_MODULE]/mod_tokendb.so + +<Location /nk_service> + SetHandler nk_service +</Location> + +<Location /tus> + SetHandler tus +</Location> + +# +# Load config files from the config directory "/etc/[PKI_INSTANCE_ID]/conf.d". +# +#Include conf.d/*.conf +Include [SERVER_ROOT]/conf/perl.conf + +# +# ExtendedStatus controls whether Apache will generate "full" status +# information (ExtendedStatus On) or just basic information (ExtendedStatus +# Off) when the "server-status" handler is called. The default is Off. +# +#ExtendedStatus On + +### Section 2: 'Main' server configuration +# +# The directives in this section set up the values used by the 'main' +# server, which responds to any requests that aren't handled by a +# <VirtualHost> definition. These values also provide defaults for +# any <VirtualHost> containers you may define later in the file. +# +# All of these directives may appear inside <VirtualHost> containers, +# in which case these default settings will be overridden for the +# virtual host being defined. +# + +<IfModule !mpm_winnt.c> +<IfModule !mpm_netware.c> +# +# If you wish [PKI_INSTANCE_ID] to run as a different user or group, you must run +# [PKI_INSTANCE_ID] as root initially and it will switch. +# +# User/Group: The name (or #number) of the user/group to run [PKI_INSTANCE_ID] as. +# . On SCO (ODT 3) use "User nouser" and "Group nogroup". +# . On HPUX you may not be able to use shared memory as nobody, and the +# suggested workaround is to create a user www and use that user. +# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) +# when the value of (unsigned)Group is above 60000; +# don't use Group #-1 on these systems! +# +User [PKI_USER] +Group [PKI_GROUP] +#Group #-1 +</IfModule> +</IfModule> + +# +# ServerAdmin: Your address, where problems with the server should be +# e-mailed. This address appears on some server-generated pages, such +# as error documents. e.g. admin@your-domain.com +# +ServerAdmin you@example.com + +# +# ServerName gives the name and port that the server uses to identify itself. +# This can often be determined automatically, but we recommend you specify +# it explicitly to prevent problems during startup. +# +# If this is not set to valid DNS name for your host, server-generated +# redirections will not work. See also the UseCanonicalName directive. +# +# If your host doesn't have a registered DNS name, enter its IP address here. +# You will have to access it by its address anyway, and this will make +# redirections work in a sensible way. +# +#ServerName www.example.com:80 + +# +# UseCanonicalName: Determines how Apache constructs self-referencing +# URLs and the SERVER_NAME and SERVER_PORT variables. +# When set "Off", Apache will use the Hostname and Port supplied +# by the client. When set "On", Apache will use the value of the +# ServerName directive. +# +UseCanonicalName Off + +# +# DocumentRoot: The directory out of which you will serve your +# documents. By default, all requests are taken from this directory, but +# symbolic links and aliases may be used to point to other locations. +# +DocumentRoot "[SERVER_ROOT]/docroot" + +# +# Each directory to which Apache has access can be configured with respect +# to which services and features are allowed and/or disabled in that +# directory (and its subdirectories). +# +# First, we configure the "default" to be a very restrictive set of +# features. +# +<Directory /> + Options FollowSymLinks + AllowOverride None +</Directory> + +# +# Note that from this point forward you must specifically allow +# particular features to be enabled - so if something's not working as +# you might expect, make sure that you have specifically enabled it +# below. +# + +# +# This should be changed to whatever you set DocumentRoot to. +# +<Directory "[SERVER_ROOT]/docroot"> + +# +# Possible values for the Options directive are "None", "All", +# or any combination of: +# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews +# +# Note that "MultiViews" must be named *explicitly* --- "Options All" +# doesn't give it to you. +# +# The Options directive is both complicated and important. Please see +# http://httpd.apache.org/docs-2.0/mod/core.html#options +# for more information. +# + Options Indexes ExecCGI FollowSymLinks + +# +# AllowOverride controls what directives may be placed in .htaccess files. +# It can be "All", "None", or any combination of the keywords: +# Options FileInfo AuthConfig Limit +# + AllowOverride None + +# +# Controls who can get stuff from this server. +# + Order allow,deny + Allow from all + +</Directory> + +# +# UserDir: The name of the directory that is appended onto a user's home +# directory if a ~user request is received. +# +UserDir public_html + +# +# Control access to UserDir directories. The following is an example +# for a site where these directories are restricted to read-only. +# +#<Directory /home/*/public_html> +# AllowOverride FileInfo AuthConfig Limit Indexes +# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec +# <Limit GET POST OPTIONS PROPFIND> +# Order allow,deny +# Allow from all +# </Limit> +# <LimitExcept GET POST OPTIONS PROPFIND> +# Order deny,allow +# Deny from all +# </LimitExcept> +#</Directory> + +# +# DirectoryIndex: sets the file that Apache will serve if a directory +# is requested. +# +# The index.html.var file (a type-map) is used to deliver content- +# negotiated documents. The MultiViews Option can be used for the +# same purpose, but it is much slower. +# +DirectoryIndex index.html index.html.var + +# +# AccessFileName: The name of the file to look for in each directory +# for additional configuration directives. See also the AllowOverride +# directive. +# +AccessFileName .htaccess + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# +<Files ~ "^\.ht"> + Order allow,deny + Deny from all +</Files> + +# +# TypesConfig describes where the mime.types file (or equivalent) is +# to be found. +# +TypesConfig conf/mime.types + +# +# DefaultType is the default MIME type the server will use for a document +# if it cannot otherwise determine one, such as from filename extensions. +# If your server contains mostly text or HTML documents, "text/plain" is +# a good value. If most of your content is binary, such as applications +# or images, you may want to use "application/octet-stream" instead to +# keep browsers from trying to display binary files as though they are +# text. +# +DefaultType text/plain + +# +# The mod_mime_magic module allows the server to use various hints from the +# contents of the file itself to determine its type. The MIMEMagicFile +# directive tells the module where the hint definitions are located. +# +<IfModule mod_mime_magic.c> + MIMEMagicFile conf/magic +</IfModule> + +# +# HostnameLookups: Log the names of clients or just their IP addresses +# e.g., www.apache.org (on) or 204.62.129.132 (off). +# The default is off because it'd be overall better for the net if people +# had to knowingly turn this feature on, since enabling it means that +# each client request will result in AT LEAST one lookup request to the +# nameserver. +# +HostnameLookups Off + +# +# EnableMMAP: Control whether memory-mapping is used to deliver +# files (assuming that the underlying OS supports it). +# The default is on; turn this off if you serve from NFS-mounted +# filesystems. On some systems, turning it off (regardless of +# filesystem) can improve performance; for details, please see +# http://httpd.apache.org/docs-2.0/mod/core.html#enablemmap +# +#EnableMMAP off + +# +# EnableSendfile: Control whether the sendfile kernel support is +# used to deliver files (assuming that the OS supports it). +# The default is on; turn this off if you serve from NFS-mounted +# filesystems. Please see +# http://httpd.apache.org/docs-2.0/mod/core.html#enablesendfile +# +#EnableSendfile off + +# +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a <VirtualHost> +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a <VirtualHost> +# container, that host's errors will be logged there and not here. +# +ErrorLog logs/error_log + +# +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. +# +#LogLevel warn +LogLevel debug + +# +# The following directives define some format nicknames for use with +# a CustomLog directive (see below). +# +LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %b" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent + +# You need to enable mod_logio.c to use %I and %O +#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio + +# +# The location and format of the access logfile (Common Logfile Format). +# If you do not define any access logfiles within a <VirtualHost> +# container, they will be logged here. Contrariwise, if you *do* +# define per-<VirtualHost> access logfiles, transactions will be +# logged therein and *not* in this file. +# +CustomLog logs/access_log common + +# +# If you would like to have agent and referer logfiles, uncomment the +# following directives. +# +#CustomLog logs/referer_log referer +#CustomLog logs/agent_log agent + +# +# If you prefer a single logfile with access, agent, and referer information +# (Combined Logfile Format) you can use the following directive. +# +#CustomLog logs/access_log combined + +# +# ServerTokens +# This directive configures what you return as the Server HTTP response +# Header. The default is 'Full' which sends information about the OS-Type +# and compiled in modules. +# Set to one of: Full | OS | Minor | Minimal | Major | Prod +# where Full conveys the most information, and Prod the least. +# +ServerTokens Prod + +# +# Optionally add a line containing the server version and virtual host +# name to server-generated pages (internal error documents, FTP directory +# listings, mod_status and mod_info output etc., but not CGI generated +# documents or custom error documents). +# Set to "EMail" to also include a mailto: link to the ServerAdmin. +# Set to one of: On | Off | EMail +# +ServerSignature Off + +# +# Aliases: Add here as many aliases as you need (with no limit). The format is +# Alias fakename realname +# +# Note that if you include a trailing / on fakename then the server will +# require it to be present in the URL. So "/icons" isn't aliased in this +# example, only "/icons/". If the fakename is slash-terminated, then the +# realname must also be slash terminated, and if the fakename omits the +# trailing slash, the realname must also omit it. +# +# We include the /icons/ alias for FancyIndexed directory listings. If you +# do not use FancyIndexing, you may comment this out. +# +Alias /icons/ "[SERVER_ROOT]/icons/" + +<Directory "[SERVER_ROOT]/icons"> + Options Indexes MultiViews + AllowOverride None + Order allow,deny + Allow from all +</Directory> + +# +# This should be changed to the ServerRoot/manual/. The alias provides +# the manual, even if you choose to move your DocumentRoot. You may comment +# this out if you do not care for the documentation. +# +AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "[SERVER_ROOT]/manual$1" + +<Directory "[SERVER_ROOT]/manual"> + Options Indexes + AllowOverride None + Order allow,deny + Allow from all + + <Files *.html> + SetHandler type-map + </Files> + + SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|ru)/ prefer-language=$1 + RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|ru)){2,}(/.*)?$ /manual/$1$2 +</Directory> + +# +# ScriptAlias: This controls which directories contain server scripts. +# ScriptAliases are essentially the same as Aliases, except that +# documents in the realname directory are treated as applications and +# run by the server when requested rather than as documents sent to the client. +# The same rules about trailing "/" apply to ScriptAlias directives as to +# Alias. +# +ScriptAlias /cgi-bin/ "[SERVER_ROOT]/cgi-bin/" + +<IfModule mod_cgid.c> +# +# Additional to mod_cgid.c settings, mod_cgid has Scriptsock <path> +# for setting UNIX socket for communicating with cgid. +# +#Scriptsock logs/cgisock +</IfModule> + +# +# "[SERVER_ROOT]/cgi-bin" should be changed to whatever your ScriptAliased +# CGI directory exists, if you have that configured. +# +<Directory "[SERVER_ROOT]/cgi-bin"> + AllowOverride None + Options ExecCGI + Order allow,deny + Allow from all +</Directory> + +# +# Redirect allows you to tell clients about documents which used to exist in +# your server's namespace, but do not anymore. This allows you to tell the +# clients where to look for the relocated document. +# Example: +# Redirect permanent /foo http://www.example.com/bar + +# +# Directives controlling the display of server-generated directory listings. +# + +# +# IndexOptions: Controls the appearance of server-generated directory +# listings. +# +IndexOptions FancyIndexing VersionSort + +# +# AddIcon* directives tell the server which icon to show for different +# files or filename extensions. These are only displayed for +# FancyIndexed directories. +# +AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip + +AddIconByType (TXT,/icons/text.gif) text/* +AddIconByType (IMG,/icons/image2.gif) image/* +AddIconByType (SND,/icons/sound2.gif) audio/* +AddIconByType (VID,/icons/movie.gif) video/* + +AddIcon /icons/binary.gif .bin .exe +AddIcon /icons/binhex.gif .hqx +AddIcon /icons/tar.gif .tar +AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv +AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip +AddIcon /icons/a.gif .ps .ai .eps +AddIcon /icons/layout.gif .html .shtml .htm .pdf +AddIcon /icons/text.gif .txt +AddIcon /icons/c.gif .c +AddIcon /icons/p.gif .pl .py +AddIcon /icons/f.gif .for +AddIcon /icons/dvi.gif .dvi +AddIcon /icons/uuencoded.gif .uu +AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl +AddIcon /icons/tex.gif .tex +AddIcon /icons/bomb.gif core + +AddIcon /icons/back.gif .. +AddIcon /icons/hand.right.gif README +AddIcon /icons/folder.gif ^^DIRECTORY^^ +AddIcon /icons/blank.gif ^^BLANKICON^^ + +# +# DefaultIcon is which icon to show for files which do not have an icon +# explicitly set. +# +DefaultIcon /icons/unknown.gif + +# +# AddDescription allows you to place a short description after a file in +# server-generated indexes. These are only displayed for FancyIndexed +# directories. +# Format: AddDescription "description" filename +# +#AddDescription "GZIP compressed document" .gz +#AddDescription "tar archive" .tar +#AddDescription "GZIP compressed tar archive" .tgz + +# +# ReadmeName is the name of the README file the server will look for by +# default, and append to directory listings. +# +# HeaderName is the name of a file which should be prepended to +# directory indexes. +ReadmeName README.html +HeaderName HEADER.html + +# +# IndexIgnore is a set of filenames which directory indexing should ignore +# and not include in the listing. Shell-style wildcarding is permitted. +# +IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t + +# +# DefaultLanguage and AddLanguage allows you to specify the language of +# a document. You can then use content negotiation to give a browser a +# file in a language the user can understand. +# +# Specify a default language. This means that all data +# going out without a specific language tag (see below) will +# be marked with this one. You probably do NOT want to set +# this unless you are sure it is correct for all cases. +# +# * It is generally better to not mark a page as +# * being a certain language than marking it with the wrong +# * language! +# +# DefaultLanguage nl +# +# Note 1: The suffix does not have to be the same as the language +# keyword --- those with documents in Polish (whose net-standard +# language code is pl) may wish to use "AddLanguage pl .po" to +# avoid the ambiguity with the common suffix for perl scripts. +# +# Note 2: The example entries below illustrate that in some cases +# the two character 'Language' abbreviation is not identical to +# the two character 'Country' code for its country, +# E.g. 'Danmark/dk' versus 'Danish/da'. +# +# Note 3: In the case of 'ltz' we violate the RFC by using a three char +# specifier. There is 'work in progress' to fix this and get +# the reference data for rfc1766 cleaned up. +# +# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) +# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) +# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) +# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) +# Norwegian (no) - Polish (pl) - Portugese (pt) +# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) +# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) +# +AddLanguage ca .ca +AddLanguage cs .cz .cs +AddLanguage da .dk +AddLanguage de .de +AddLanguage el .el +AddLanguage en .en +AddLanguage eo .eo +AddLanguage es .es +AddLanguage et .et +AddLanguage fr .fr +AddLanguage he .he +AddLanguage hr .hr +AddLanguage it .it +AddLanguage ja .ja +AddLanguage ko .ko +AddLanguage ltz .ltz +AddLanguage nl .nl +AddLanguage nn .nn +AddLanguage no .no +AddLanguage pl .po +AddLanguage pt .pt +AddLanguage pt-BR .pt-br +AddLanguage ru .ru +AddLanguage sv .sv +AddLanguage zh-CN .zh-cn +AddLanguage zh-TW .zh-tw + +# +# LanguagePriority allows you to give precedence to some languages +# in case of a tie during content negotiation. +# +# Just list the languages in decreasing order of preference. We have +# more or less alphabetized them here. You probably want to change this. +# +LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW + +# +# ForceLanguagePriority allows you to serve a result page rather than +# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) +# [in case no accepted languages matched the available variants] +# +ForceLanguagePriority Prefer Fallback + +# +# Commonly used filename extensions to character sets. You probably +# want to avoid clashes with the language extensions, unless you +# are good at carefully testing your setup after each change. +# See http://www.iana.org/assignments/character-sets for the +# official list of charset names and their respective RFCs. +# +AddCharset ISO-8859-1 .iso8859-1 .latin1 +AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen +AddCharset ISO-8859-3 .iso8859-3 .latin3 +AddCharset ISO-8859-4 .iso8859-4 .latin4 +AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru +AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb +AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk +AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb +AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk +AddCharset ISO-2022-JP .iso2022-jp .jis +AddCharset ISO-2022-KR .iso2022-kr .kis +AddCharset ISO-2022-CN .iso2022-cn .cis +AddCharset Big5 .Big5 .big5 +# For russian, more than one charset is used (depends on client, mostly): +AddCharset WINDOWS-1251 .cp-1251 .win-1251 +AddCharset CP866 .cp866 +AddCharset KOI8-r .koi8-r .koi8-ru +AddCharset KOI8-ru .koi8-uk .ua +AddCharset ISO-10646-UCS-2 .ucs2 +AddCharset ISO-10646-UCS-4 .ucs4 +AddCharset UTF-8 .utf8 + +# The set below does not map to a specific (iso) standard +# but works on a fairly wide range of browsers. Note that +# capitalization actually matters (it should not, but it +# does for some browsers). +# +# See http://www.iana.org/assignments/character-sets +# for a list of sorts. But browsers support few. +# +AddCharset GB2312 .gb2312 .gb +AddCharset utf-7 .utf7 +AddCharset utf-8 .utf8 +AddCharset big5 .big5 .b5 +AddCharset EUC-TW .euc-tw +AddCharset EUC-JP .euc-jp +AddCharset EUC-KR .euc-kr +AddCharset shift_jis .sjis + +# +# AddType allows you to add to or override the MIME configuration +# file mime.types for specific file types. +# +#AddType application/x-tar .tgz +# +# AddEncoding allows you to have certain browsers uncompress +# information on the fly. Note: Not all browsers support this. +# Despite the name similarity, the following Add* directives have nothing +# to do with the FancyIndexing customization directives above. +# +#AddEncoding x-compress .Z +#AddEncoding x-gzip .gz .tgz +# +# If the AddEncoding directives above are commented-out, then you +# probably should define those extensions to indicate media types: +# +AddType application/x-compress .Z +AddType application/x-gzip .gz .tgz + +# +# AddHandler allows you to map certain file extensions to "handlers": +# actions unrelated to filetype. These can be either built into the server +# or added with the Action directive (see below) +# +# To use CGI scripts outside of ScriptAliased directories: +# (You will also need to add "ExecCGI" to the "Options" directive.) +# +AddHandler cgi-script .cgi + +# +# For files that include their own HTTP headers: +# +#AddHandler send-as-is asis + +# +# For server-parsed imagemap files: +# +#AddHandler imap-file map + +# +# For type maps (negotiated resources): +# (This is enabled by default to allow the Apache "It Worked" page +# to be distributed in multiple languages.) +# +AddHandler type-map var + +# +# Filters allow you to process content before it is sent to the client. +# +# To parse .shtml files for server-side includes (SSI): +# (You will also need to add "Includes" to the "Options" directive.) +# +#AddType text/html .shtml +#AddOutputFilter INCLUDES .shtml + +# +# Action lets you define media types that will execute a script whenever +# a matching file is called. This eliminates the need for repeated URL +# pathnames for oft-used CGI file processors. +# Format: Action media/type /cgi-script/location +# Format: Action handler-name /cgi-script/location +# + +# +# Customizable error responses come in three flavors: +# 1) plain text 2) local redirects 3) external redirects +# +# Some examples: +#ErrorDocument 500 "The server made a boo boo." +#ErrorDocument 404 /missing.html +#ErrorDocument 404 "/cgi-bin/missing_handler.pl" +#ErrorDocument 402 http://www.example.com/subscription_info.html +# + +# +# Putting this all together, we can internationalize error responses. +# +# We use Alias to redirect any /error/HTTP_<error>.html.var response to +# our collection of by-error message multi-language collections. We use +# includes to substitute the appropriate text. +# +# You can modify the messages' appearance without changing any of the +# default HTTP_<error>.html.var files by adding the line: +# +# Alias /error/include/ "/your/include/path/" +# +# which allows you to create your own set of files by starting with the +# /export/apache/error/include/ files and copying them to /your/include/path/, +# even on a per-VirtualHost basis. The default include files will display +# your Apache version number and your ServerAdmin email address regardless +# of the setting of ServerSignature. +# +# The internationalized error documents require mod_alias, mod_include +# and mod_negotiation. To activate them, uncomment the following 30 lines. + +# Alias /error/ "/export/apache/error/" +# +# <Directory "/export/apache/error"> +# AllowOverride None +# Options IncludesNoExec +# AddOutputFilter Includes html +# AddHandler type-map var +# Order allow,deny +# Allow from all +# LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr +# ForceLanguagePriority Prefer Fallback +# </Directory> +# +# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var +# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var +# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var +# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var +# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var +# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var +# ErrorDocument 410 /error/HTTP_GONE.html.var +# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var +# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var +# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var +# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var +# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var +# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var +# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var +# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var +# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var +# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var +#[ErrorDocument_404] +#[ErrorDocument_500] + + +# +# The following directives modify normal HTTP response behavior to +# handle known problems with browser implementations. +# +BrowserMatch "Mozilla/2" nokeepalive +BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 +BrowserMatch "RealPlayer 4\.0" force-response-1.0 +BrowserMatch "Java/1\.0" force-response-1.0 +BrowserMatch "JDK/1\.0" force-response-1.0 + +# +# The following directive disables redirects on non-GET requests for +# a directory that does not include the trailing slash. This fixes a +# problem with Microsoft WebFolders which does not appropriately handle +# redirects for folders with DAV methods. +# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. +# +BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully +BrowserMatch "^WebDrive" redirect-carefully +BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully +BrowserMatch "^gnome-vfs" redirect-carefully + +# +# Allow server status reports generated by mod_status, +# with the URL of http://servername/server-status +# Change the ".example.com" to match your domain to enable. +# +#<Location /server-status> +# SetHandler server-status +# Order deny,allow +# Deny from all +# Allow from .example.com +#</Location> + +# +# Allow remote server configuration reports, with the URL of +# http://servername/server-info (requires that mod_info.c be loaded). +# Change the ".example.com" to match your domain to enable. +# +#<Location /server-info> +# SetHandler server-info +# Order deny,allow +# Deny from all +# Allow from .example.com +#</Location> + + +# +# Bring in additional module-specific configurations +# +#<IfModule mod_ssl.c> +# Include conf/ssl.conf +#</IfModule> +Include [SERVER_ROOT]/conf/nss.conf + +TPSConfigPathFile [SERVER_ROOT]/conf/CS.cfg + +TokendbConfigPathFile [SERVER_ROOT]/conf/CS.cfg + +### Section 3: Virtual Hosts +# +# VirtualHost: If you want to maintain multiple domains/hostnames on your +# machine you can setup VirtualHost containers for them. Most configurations +# use only name-based virtual hosts so the server doesn't need to worry about +# IP addresses. This is indicated by the asterisks in the directives below. +# +# Please see the documentation at +# <URL:http://httpd.apache.org/docs-2.0/vhosts/> +# for further details before you try to setup virtual hosts. +# +# You may use the command line option '-S' to verify your virtual host +# configuration. + +# +# Use name-based virtual hosting. +# +#NameVirtualHost *:80 + +# +# VirtualHost example: +# Almost any Apache directive may go into a VirtualHost container. +# The first VirtualHost section is used for requests without a known +# server name. +# +#<VirtualHost *:80> +# ServerAdmin webmaster@dummy-host.example.com +# DocumentRoot /www/docs/dummy-host.example.com +# ServerName dummy-host.example.com +# ErrorLog logs/dummy-host.example.com-error_log +# CustomLog logs/dummy-host.example.com-access_log common +#</VirtualHost> + +#turn off TRACE by default +TraceEnable Off diff --git a/base/tps/apache/conf/magic b/base/tps/apache/conf/magic new file mode 100644 index 000000000..0de73361f --- /dev/null +++ b/base/tps/apache/conf/magic @@ -0,0 +1,382 @@ +# Magic data for mod_mime_magic Apache module (originally for file(1) command) +# The module is described in /manual/mod/mod_mime_magic.html +# +# The format is 4-5 columns: +# Column #1: byte number to begin checking from, ">" indicates continuation +# Column #2: type of data to match +# Column #3: contents of data to match +# Column #4: MIME type of result +# Column #5: MIME encoding of result (optional) + +#------------------------------------------------------------------------------ +# Localstuff: file(1) magic for locally observed files +# Add any locally observed files here. + +#------------------------------------------------------------------------------ +# end local stuff +#------------------------------------------------------------------------------ + +#------------------------------------------------------------------------------ +# Java + +0 short 0xcafe +>2 short 0xbabe application/java + +#------------------------------------------------------------------------------ +# audio: file(1) magic for sound formats +# +# from Jan Nicolai Langfeldt <janl@ifi.uio.no>, +# + +# Sun/NeXT audio data +0 string .snd +>12 belong 1 audio/basic +>12 belong 2 audio/basic +>12 belong 3 audio/basic +>12 belong 4 audio/basic +>12 belong 5 audio/basic +>12 belong 6 audio/basic +>12 belong 7 audio/basic + +>12 belong 23 audio/x-adpcm + +# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format +# that uses little-endian encoding and has a different magic number +# (0x0064732E in little-endian encoding). +0 lelong 0x0064732E +>12 lelong 1 audio/x-dec-basic +>12 lelong 2 audio/x-dec-basic +>12 lelong 3 audio/x-dec-basic +>12 lelong 4 audio/x-dec-basic +>12 lelong 5 audio/x-dec-basic +>12 lelong 6 audio/x-dec-basic +>12 lelong 7 audio/x-dec-basic +# compressed (G.721 ADPCM) +>12 lelong 23 audio/x-dec-adpcm + +# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM" +# AIFF audio data +8 string AIFF audio/x-aiff +# AIFF-C audio data +8 string AIFC audio/x-aiff +# IFF/8SVX audio data +8 string 8SVX audio/x-aiff + +# Creative Labs AUDIO stuff +# Standard MIDI data +0 string MThd audio/unknown +#>9 byte >0 (format %d) +#>11 byte >1 using %d channels +# Creative Music (CMF) data +0 string CTMF audio/unknown +# SoundBlaster instrument data +0 string SBI audio/unknown +# Creative Labs voice data +0 string Creative\ Voice\ File audio/unknown +## is this next line right? it came this way... +#>19 byte 0x1A +#>23 byte >0 - version %d +#>22 byte >0 \b.%d + +# [GRR 950115: is this also Creative Labs? Guessing that first line +# should be string instead of unknown-endian long...] +#0 long 0x4e54524b MultiTrack sound data +#0 string NTRK MultiTrack sound data +#>4 long x - version %ld + +# Microsoft WAVE format (*.wav) +# [GRR 950115: probably all of the shorts and longs should be leshort/lelong] +# Microsoft RIFF +0 string RIFF audio/unknown +# - WAVE format +>8 string WAVE audio/x-wav +# MPEG audio. +0 beshort&0xfff0 0xfff0 audio/mpeg +# C64 SID Music files, from Linus Walleij <triad@df.lth.se> +0 string PSID audio/prs.sid + +#------------------------------------------------------------------------------ +# c-lang: file(1) magic for C programs or various scripts +# + +# XPM icons (Greg Roelofs, newt@uchicago.edu) +# ideally should go into "images", but entries below would tag XPM as C source +0 string /*\ XPM image/x-xbm 7bit + +# this first will upset you if you're a PL/1 shop... (are there any left?) +# in which case rm it; ascmagic will catch real C programs +# C or REXX program text +0 string /* text/plain +# C++ program text +0 string // text/plain + +#------------------------------------------------------------------------------ +# compress: file(1) magic for pure-compression formats (no archives) +# +# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc. +# +# Formats for various forms of compressed data +# Formats for "compress" proper have been moved into "compress.c", +# because it tries to uncompress it to figure out what's inside. + +# standard unix compress +0 string \037\235 application/octet-stream x-compress + +# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver) +0 string \037\213 application/octet-stream x-gzip + +# According to gzip.h, this is the correct byte order for packed data. +0 string \037\036 application/octet-stream +# +# This magic number is byte-order-independent. +# +0 short 017437 application/octet-stream + +# XXX - why *two* entries for "compacted data", one of which is +# byte-order independent, and one of which is byte-order dependent? +# +# compacted data +0 short 0x1fff application/octet-stream +0 string \377\037 application/octet-stream +# huf output +0 short 0145405 application/octet-stream + +# Squeeze and Crunch... +# These numbers were gleaned from the Unix versions of the programs to +# handle these formats. Note that I can only uncrunch, not crunch, and +# I didn't have a crunched file handy, so the crunch number is untested. +# Keith Waclena <keith@cerberus.uchicago.edu> +#0 leshort 0x76FF squeezed data (CP/M, DOS) +#0 leshort 0x76FE crunched data (CP/M, DOS) + +# Freeze +#0 string \037\237 Frozen file 2.1 +#0 string \037\236 Frozen file 1.0 (or gzip 0.5) + +# lzh? +#0 string \037\240 LZH compressed data + +#------------------------------------------------------------------------------ +# frame: file(1) magic for FrameMaker files +# +# This stuff came on a FrameMaker demo tape, most of which is +# copyright, but this file is "published" as witness the following: +# +0 string \<MakerFile application/x-frame +0 string \<MIFFile application/x-frame +0 string \<MakerDictionary application/x-frame +0 string \<MakerScreenFon application/x-frame +0 string \<MML application/x-frame +0 string \<Book application/x-frame +0 string \<Maker application/x-frame + +#------------------------------------------------------------------------------ +# html: file(1) magic for HTML (HyperText Markup Language) docs +# +# from Daniel Quinlan <quinlan@yggdrasil.com> +# and Anna Shergold <anna@inext.co.uk> +# +0 string \<!DOCTYPE\ HTML text/html +0 string \<!doctype\ html text/html +0 string \<HEAD text/html +0 string \<head text/html +0 string \<TITLE text/html +0 string \<title text/html +0 string \<html text/html +0 string \<HTML text/html +0 string \<!-- text/html +0 string \<h1 text/html +0 string \<H1 text/html + +# XML eXtensible Markup Language, from Linus Walleij <triad@df.lth.se> +0 string \<?xml text/xml + +#------------------------------------------------------------------------------ +# images: file(1) magic for image formats (see also "c-lang" for XPM bitmaps) +# +# originally from jef@helios.ee.lbl.gov (Jef Poskanzer), +# additions by janl@ifi.uio.no as well as others. Jan also suggested +# merging several one- and two-line files into here. +# +# XXX - byte order for GIF and TIFF fields? +# [GRR: TIFF allows both byte orders; GIF is probably little-endian] +# + +# [GRR: what the hell is this doing in here?] +#0 string xbtoa btoa'd file + +# PBMPLUS +# PBM file +0 string P1 image/x-portable-bitmap 7bit +# PGM file +0 string P2 image/x-portable-greymap 7bit +# PPM file +0 string P3 image/x-portable-pixmap 7bit +# PBM "rawbits" file +0 string P4 image/x-portable-bitmap +# PGM "rawbits" file +0 string P5 image/x-portable-greymap +# PPM "rawbits" file +0 string P6 image/x-portable-pixmap + +# NIFF (Navy Interchange File Format, a modification of TIFF) +# [GRR: this *must* go before TIFF] +0 string IIN1 image/x-niff + +# TIFF and friends +# TIFF file, big-endian +0 string MM image/tiff +# TIFF file, little-endian +0 string II image/tiff + +# possible GIF replacements; none yet released! +# (Greg Roelofs, newt@uchicago.edu) +# +# GRR 950115: this was mine ("Zip GIF"): +# ZIF image (GIF+deflate alpha) +0 string GIF94z image/unknown +# +# GRR 950115: this is Jeremy Wohl's Free Graphics Format (better): +# FGF image (GIF+deflate beta) +0 string FGF95a image/unknown +# +# GRR 950115: this is Thomas Boutell's Portable Bitmap Format proposal +# (best; not yet implemented): +# PBF image (deflate compression) +0 string PBF image/unknown + +# GIF +0 string GIF image/gif + +# JPEG images +0 beshort 0xffd8 image/jpeg + +# PC bitmaps (OS/2, Windoze BMP files) (Greg Roelofs, newt@uchicago.edu) +0 string BM image/bmp +#>14 byte 12 (OS/2 1.x format) +#>14 byte 64 (OS/2 2.x format) +#>14 byte 40 (Windows 3.x format) +#0 string IC icon +#0 string PI pointer +#0 string CI color icon +#0 string CP color pointer +#0 string BA bitmap array + + +#------------------------------------------------------------------------------ +# lisp: file(1) magic for lisp programs +# +# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com) +0 string ;; text/plain 8bit +# Emacs 18 - this is always correct, but not very magical. +0 string \012( application/x-elc +# Emacs 19 +0 string ;ELC\023\000\000\000 application/x-elc + +#------------------------------------------------------------------------------ +# mail.news: file(1) magic for mail and news +# +# There are tests to ascmagic.c to cope with mail and news. +0 string Relay-Version: message/rfc822 7bit +0 string #!\ rnews message/rfc822 7bit +0 string N#!\ rnews message/rfc822 7bit +0 string Forward\ to message/rfc822 7bit +0 string Pipe\ to message/rfc822 7bit +0 string Return-Path: message/rfc822 7bit +0 string Path: message/news 8bit +0 string Xref: message/news 8bit +0 string From: message/rfc822 7bit +0 string Article message/news 8bit +#------------------------------------------------------------------------------ +# msword: file(1) magic for MS Word files +# +# Contributor claims: +# Reversed-engineered MS Word magic numbers +# + +0 string \376\067\0\043 application/msword +0 string \333\245-\0\0\0 application/msword + +# disable this one because it applies also to other +# Office/OLE documents for which msword is not correct. See PR#2608. +#0 string \320\317\021\340\241\261 application/msword + + + +#------------------------------------------------------------------------------ +# printer: file(1) magic for printer-formatted files +# + +# PostScript +0 string %! application/postscript +0 string \004%! application/postscript + +# Acrobat +# (due to clamen@cs.cmu.edu) +0 string %PDF- application/pdf + +#------------------------------------------------------------------------------ +# sc: file(1) magic for "sc" spreadsheet +# +38 string Spreadsheet application/x-sc + +#------------------------------------------------------------------------------ +# tex: file(1) magic for TeX files +# +# XXX - needs byte-endian stuff (big-endian and little-endian DVI?) +# +# From <conklin@talisman.kaleida.com> + +# Although we may know the offset of certain text fields in TeX DVI +# and font files, we can't use them reliably because they are not +# zero terminated. [but we do anyway, christos] +0 string \367\002 application/x-dvi +#0 string \367\203 TeX generic font data +#0 string \367\131 TeX packed font data +#0 string \367\312 TeX virtual font data +#0 string This\ is\ TeX, TeX transcript text +#0 string This\ is\ METAFONT, METAFONT transcript text + +# There is no way to detect TeX Font Metric (*.tfm) files without +# breaking them apart and reading the data. The following patterns +# match most *.tfm files generated by METAFONT or afm2tfm. +#2 string \000\021 TeX font metric data +#2 string \000\022 TeX font metric data +#>34 string >\0 (%s) + +# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com) +#0 string \\input\ texinfo Texinfo source text +#0 string This\ is\ Info\ file GNU Info text + +# correct TeX magic for Linux (and maybe more) +# from Peter Tobias (tobias@server.et-inf.fho-emden.de) +# +0 leshort 0x02f7 application/x-dvi + +# RTF - Rich Text Format +0 string {\\rtf application/rtf + +#------------------------------------------------------------------------------ +# animation: file(1) magic for animation/movie formats +# +# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8) +# MPEG file +0 string \000\000\001\263 video/mpeg +# +# The contributor claims: +# I couldn't find a real magic number for these, however, this +# -appears- to work. Note that it might catch other files, too, +# so BE CAREFUL! +# +# Note that title and author appear in the two 20-byte chunks +# at decimal offsets 2 and 22, respectively, but they are XOR'ed with +# 255 (hex FF)! DL format SUCKS BIG ROCKS. +# +# DL file version 1 , medium format (160x100, 4 images/screen) +0 byte 1 video/unknown +0 byte 2 video/unknown +# Quicktime video, from Linus Walleij <triad@df.lth.se> +# from Apple quicktime file format documentation. +4 string moov video/quicktime +4 string mdat video/quicktime + diff --git a/base/tps/apache/conf/mime.types b/base/tps/apache/conf/mime.types new file mode 100644 index 000000000..3485692d1 --- /dev/null +++ b/base/tps/apache/conf/mime.types @@ -0,0 +1,592 @@ +# This is a comment. I love comments. + +# This file controls what Internet media types are sent to the client for +# given file extension(s). Sending the correct media type to the client +# is important so they know how to handle the content of the file. +# Extra types can either be added here or by using an AddType directive +# in your config files. For more information about Internet media types, +# please read RFC 2045, 2046, 2047, 2048, and 2077. The Internet media type +# registry is at <http://www.iana.org/assignments/media-types/>. + +# MIME type Extensions +application/activemessage +application/andrew-inset ez +application/applefile +application/atom+xml atom +application/atomicmail +application/batch-smtp +application/beep+xml +application/cals-1840 +application/cnrp+xml +application/commonground +application/cpl+xml +application/cybercash +application/dca-rft +application/dec-dx +application/dvcs +application/edi-consent +application/edifact +application/edi-x12 +application/eshop +application/font-tdpfr +application/http +application/hyperstudio +application/iges +application/index +application/index.cmd +application/index.obj +application/index.response +application/index.vnd +application/iotp +application/ipp +application/isup +application/mac-binhex40 hqx +application/mac-compactpro cpt +application/macwriteii +application/marc +application/mathematica +application/mathml+xml mathml +application/msword doc +application/news-message-id +application/news-transmission +application/ocsp-request +application/ocsp-response +application/octet-stream bin dms lha lzh exe class so dll dmg +application/oda oda +application/ogg ogg +application/parityfec +application/pdf pdf +application/pgp-encrypted +application/pgp-keys +application/pgp-signature +application/pkcs10 +application/pkcs7-mime +application/pkcs7-signature +application/pkix-cert +application/pkix-crl +application/pkixcmp +application/postscript ai eps ps +application/prs.alvestrand.titrax-sheet +application/prs.cww +application/prs.nprend +application/prs.plucker +application/qsig +application/rdf+xml rdf +application/reginfo+xml +application/remote-printing +application/riscos +application/rtf +application/sdp +application/set-payment +application/set-payment-initiation +application/set-registration +application/set-registration-initiation +application/sgml +application/sgml-open-catalog +application/sieve +application/slate +application/smil smi smil +application/srgs gram +application/srgs+xml grxml +application/timestamp-query +application/timestamp-reply +application/tve-trigger +application/vemmi +application/vnd.3gpp.pic-bw-large +application/vnd.3gpp.pic-bw-small +application/vnd.3gpp.pic-bw-var +application/vnd.3gpp.sms +application/vnd.3m.post-it-notes +application/vnd.accpac.simply.aso +application/vnd.accpac.simply.imp +application/vnd.acucobol +application/vnd.acucorp +application/vnd.adobe.xfdf +application/vnd.aether.imp +application/vnd.amiga.ami +application/vnd.anser-web-certificate-issue-initiation +application/vnd.anser-web-funds-transfer-initiation +application/vnd.audiograph +application/vnd.blueice.multipass +application/vnd.bmi +application/vnd.businessobjects +application/vnd.canon-cpdl +application/vnd.canon-lips +application/vnd.cinderella +application/vnd.claymore +application/vnd.commerce-battelle +application/vnd.commonspace +application/vnd.contact.cmsg +application/vnd.cosmocaller +application/vnd.criticaltools.wbs+xml +application/vnd.ctc-posml +application/vnd.cups-postscript +application/vnd.cups-raster +application/vnd.cups-raw +application/vnd.curl +application/vnd.cybank +application/vnd.data-vision.rdz +application/vnd.dna +application/vnd.dpgraph +application/vnd.dreamfactory +application/vnd.dxr +application/vnd.ecdis-update +application/vnd.ecowin.chart +application/vnd.ecowin.filerequest +application/vnd.ecowin.fileupdate +application/vnd.ecowin.series +application/vnd.ecowin.seriesrequest +application/vnd.ecowin.seriesupdate +application/vnd.enliven +application/vnd.epson.esf +application/vnd.epson.msf +application/vnd.epson.quickanime +application/vnd.epson.salt +application/vnd.epson.ssf +application/vnd.ericsson.quickcall +application/vnd.eudora.data +application/vnd.fdf +application/vnd.ffsns +application/vnd.fints +application/vnd.flographit +application/vnd.framemaker +application/vnd.fsc.weblaunch +application/vnd.fujitsu.oasys +application/vnd.fujitsu.oasys2 +application/vnd.fujitsu.oasys3 +application/vnd.fujitsu.oasysgp +application/vnd.fujitsu.oasysprs +application/vnd.fujixerox.ddd +application/vnd.fujixerox.docuworks +application/vnd.fujixerox.docuworks.binder +application/vnd.fut-misnet +application/vnd.grafeq +application/vnd.groove-account +application/vnd.groove-help +application/vnd.groove-identity-message +application/vnd.groove-injector +application/vnd.groove-tool-message +application/vnd.groove-tool-template +application/vnd.groove-vcard +application/vnd.hbci +application/vnd.hhe.lesson-player +application/vnd.hp-hpgl +application/vnd.hp-hpid +application/vnd.hp-hps +application/vnd.hp-pcl +application/vnd.hp-pclxl +application/vnd.httphone +application/vnd.hzn-3d-crossword +application/vnd.ibm.afplinedata +application/vnd.ibm.electronic-media +application/vnd.ibm.minipay +application/vnd.ibm.modcap +application/vnd.ibm.rights-management +application/vnd.ibm.secure-container +application/vnd.informix-visionary +application/vnd.intercon.formnet +application/vnd.intertrust.digibox +application/vnd.intertrust.nncp +application/vnd.intu.qbo +application/vnd.intu.qfx +application/vnd.irepository.package+xml +application/vnd.is-xpr +application/vnd.japannet-directory-service +application/vnd.japannet-jpnstore-wakeup +application/vnd.japannet-payment-wakeup +application/vnd.japannet-registration +application/vnd.japannet-registration-wakeup +application/vnd.japannet-setstore-wakeup +application/vnd.japannet-verification +application/vnd.japannet-verification-wakeup +application/vnd.jisp +application/vnd.kde.karbon +application/vnd.kde.kchart +application/vnd.kde.kformula +application/vnd.kde.kivio +application/vnd.kde.kontour +application/vnd.kde.kpresenter +application/vnd.kde.kspread +application/vnd.kde.kword +application/vnd.kenameaapp +application/vnd.koan +application/vnd.liberty-request+xml +application/vnd.llamagraphics.life-balance.desktop +application/vnd.llamagraphics.life-balance.exchange+xml +application/vnd.lotus-1-2-3 +application/vnd.lotus-approach +application/vnd.lotus-freelance +application/vnd.lotus-notes +application/vnd.lotus-organizer +application/vnd.lotus-screencam +application/vnd.lotus-wordpro +application/vnd.mcd +application/vnd.mediastation.cdkey +application/vnd.meridian-slingshot +application/vnd.micrografx.flo +application/vnd.micrografx.igx +application/vnd.mif mif +application/vnd.minisoft-hp3000-save +application/vnd.mitsubishi.misty-guard.trustweb +application/vnd.mobius.daf +application/vnd.mobius.dis +application/vnd.mobius.mbk +application/vnd.mobius.mqy +application/vnd.mobius.msl +application/vnd.mobius.plc +application/vnd.mobius.txf +application/vnd.mophun.application +application/vnd.mophun.certificate +application/vnd.motorola.flexsuite +application/vnd.motorola.flexsuite.adsi +application/vnd.motorola.flexsuite.fis +application/vnd.motorola.flexsuite.gotap +application/vnd.motorola.flexsuite.kmr +application/vnd.motorola.flexsuite.ttc +application/vnd.motorola.flexsuite.wem +application/vnd.mozilla.xul+xml xul +application/vnd.ms-artgalry +application/vnd.ms-asf +application/vnd.ms-excel xls +application/vnd.ms-lrm +application/vnd.ms-powerpoint ppt +application/vnd.ms-project +application/vnd.ms-tnef +application/vnd.ms-works +application/vnd.ms-wpl +application/vnd.mseq +application/vnd.msign +application/vnd.music-niff +application/vnd.musician +application/vnd.netfpx +application/vnd.noblenet-directory +application/vnd.noblenet-sealer +application/vnd.noblenet-web +application/vnd.novadigm.edm +application/vnd.novadigm.edx +application/vnd.novadigm.ext +application/vnd.obn +application/vnd.osa.netdeploy +application/vnd.palm +application/vnd.pg.format +application/vnd.pg.osasli +application/vnd.powerbuilder6 +application/vnd.powerbuilder6-s +application/vnd.powerbuilder7 +application/vnd.powerbuilder7-s +application/vnd.powerbuilder75 +application/vnd.powerbuilder75-s +application/vnd.previewsystems.box +application/vnd.publishare-delta-tree +application/vnd.pvi.ptid1 +application/vnd.pwg-multiplexed +application/vnd.pwg-xhtml-print+xml +application/vnd.quark.quarkxpress +application/vnd.rapid +application/vnd.s3sms +application/vnd.sealed.net +application/vnd.seemail +application/vnd.shana.informed.formdata +application/vnd.shana.informed.formtemplate +application/vnd.shana.informed.interchange +application/vnd.shana.informed.package +application/vnd.smaf +application/vnd.sss-cod +application/vnd.sss-dtf +application/vnd.sss-ntf +application/vnd.street-stream +application/vnd.svd +application/vnd.swiftview-ics +application/vnd.triscape.mxs +application/vnd.trueapp +application/vnd.truedoc +application/vnd.ufdl +application/vnd.uplanet.alert +application/vnd.uplanet.alert-wbxml +application/vnd.uplanet.bearer-choice +application/vnd.uplanet.bearer-choice-wbxml +application/vnd.uplanet.cacheop +application/vnd.uplanet.cacheop-wbxml +application/vnd.uplanet.channel +application/vnd.uplanet.channel-wbxml +application/vnd.uplanet.list +application/vnd.uplanet.list-wbxml +application/vnd.uplanet.listcmd +application/vnd.uplanet.listcmd-wbxml +application/vnd.uplanet.signal +application/vnd.vcx +application/vnd.vectorworks +application/vnd.vidsoft.vidconference +application/vnd.visio +application/vnd.visionary +application/vnd.vividence.scriptfile +application/vnd.vsf +application/vnd.wap.sic +application/vnd.wap.slc +application/vnd.wap.wbxml wbxml +application/vnd.wap.wmlc wmlc +application/vnd.wap.wmlscriptc wmlsc +application/vnd.webturbo +application/vnd.wrq-hp3000-labelled +application/vnd.wt.stf +application/vnd.wv.csp+wbxml +application/vnd.xara +application/vnd.xfdl +application/vnd.yamaha.hv-dic +application/vnd.yamaha.hv-script +application/vnd.yamaha.hv-voice +application/vnd.yellowriver-custom-menu +application/voicexml+xml vxml +application/watcherinfo+xml +application/whoispp-query +application/whoispp-response +application/wita +application/wordperfect5.1 +application/x-bcpio bcpio +application/x-cdlink vcd +application/x-chess-pgn pgn +application/x-compress +application/x-cpio cpio +application/x-csh csh +application/x-director dcr dir dxr +application/x-dvi dvi +application/x-futuresplash spl +application/x-gtar gtar +application/x-gzip +application/x-hdf hdf +application/x-javascript js +application/x-koan skp skd skt skm +application/x-latex latex +application/x-netcdf nc cdf +application/x-sh sh +application/x-shar shar +application/x-shockwave-flash swf +application/x-stuffit sit +application/x-sv4cpio sv4cpio +application/x-sv4crc sv4crc +application/x-tar tar +application/x-tcl tcl +application/x-tex tex +application/x-texinfo texinfo texi +application/x-troff t tr roff +application/x-troff-man man +application/x-troff-me me +application/x-troff-ms ms +application/x-ustar ustar +application/x-wais-source src +application/x400-bp +application/xhtml+xml xhtml xht +application/xslt+xml xslt +application/xml xml xsl +application/xml-dtd dtd +application/xml-external-parsed-entity +application/zip zip +audio/32kadpcm +audio/amr +audio/amr-wb +audio/basic au snd +audio/cn +audio/dat12 +audio/dsr-es201108 +audio/dvi4 +audio/evrc +audio/evrc0 +audio/g722 +audio/g.722.1 +audio/g723 +audio/g726-16 +audio/g726-24 +audio/g726-32 +audio/g726-40 +audio/g728 +audio/g729 +audio/g729D +audio/g729E +audio/gsm +audio/gsm-efr +audio/l8 +audio/l16 +audio/l20 +audio/l24 +audio/lpc +audio/midi mid midi kar +audio/mpa +audio/mpa-robust +audio/mp4a-latm +audio/mpeg mpga mp2 mp3 +audio/parityfec +audio/pcma +audio/pcmu +audio/prs.sid +audio/qcelp +audio/red +audio/smv +audio/smv0 +audio/telephone-event +audio/tone +audio/vdvi +audio/vnd.3gpp.iufp +audio/vnd.cisco.nse +audio/vnd.cns.anp1 +audio/vnd.cns.inf1 +audio/vnd.digital-winds +audio/vnd.everad.plj +audio/vnd.lucent.voice +audio/vnd.nortel.vbk +audio/vnd.nuera.ecelp4800 +audio/vnd.nuera.ecelp7470 +audio/vnd.nuera.ecelp9600 +audio/vnd.octel.sbc +audio/vnd.qcelp +audio/vnd.rhetorex.32kadpcm +audio/vnd.vmx.cvsd +audio/x-aiff aif aiff aifc +audio/x-alaw-basic +audio/x-mpegurl m3u +audio/x-pn-realaudio ram ra +audio/x-pn-realaudio-plugin +application/vnd.rn-realmedia rm +audio/x-wav wav +chemical/x-pdb pdb +chemical/x-xyz xyz +image/bmp bmp +image/cgm cgm +image/g3fax +image/gif gif +image/ief ief +image/jpeg jpeg jpg jpe +image/naplps +image/png png +image/prs.btif +image/prs.pti +image/svg+xml svg +image/t38 +image/tiff tiff tif +image/tiff-fx +image/vnd.cns.inf2 +image/vnd.djvu djvu djv +image/vnd.dwg +image/vnd.dxf +image/vnd.fastbidsheet +image/vnd.fpx +image/vnd.fst +image/vnd.fujixerox.edmics-mmr +image/vnd.fujixerox.edmics-rlc +image/vnd.globalgraphics.pgb +image/vnd.mix +image/vnd.ms-modi +image/vnd.net-fpx +image/vnd.svf +image/vnd.wap.wbmp wbmp +image/vnd.xiff +image/x-cmu-raster ras +image/x-icon ico +image/x-portable-anymap pnm +image/x-portable-bitmap pbm +image/x-portable-graymap pgm +image/x-portable-pixmap ppm +image/x-rgb rgb +image/x-xbitmap xbm +image/x-xpixmap xpm +image/x-xwindowdump xwd +message/delivery-status +message/disposition-notification +message/external-body +message/http +message/news +message/partial +message/rfc822 +message/s-http +message/sip +message/sipfrag +model/iges igs iges +model/mesh msh mesh silo +model/vnd.dwf +model/vnd.flatland.3dml +model/vnd.gdl +model/vnd.gs-gdl +model/vnd.gtw +model/vnd.mts +model/vnd.parasolid.transmit.binary +model/vnd.parasolid.transmit.text +model/vnd.vtu +model/vrml wrl vrml +multipart/alternative +multipart/appledouble +multipart/byteranges +multipart/digest +multipart/encrypted +multipart/form-data +multipart/header-set +multipart/mixed +multipart/parallel +multipart/related +multipart/report +multipart/signed +multipart/voice-message +text/calendar ics ifb +text/css css +text/directory +text/enriched +text/html html htm +text/parityfec +text/plain asc txt +text/prs.lines.tag +text/rfc822-headers +text/richtext rtx +text/rtf rtf +text/sgml sgml sgm +text/t140 +text/tab-separated-values tsv +text/uri-list +text/vnd.abc +text/vnd.curl +text/vnd.dmclientscript +text/vnd.fly +text/vnd.fmi.flexstor +text/vnd.in3d.3dml +text/vnd.in3d.spot +text/vnd.iptc.nitf +text/vnd.iptc.newsml +text/vnd.latex-z +text/vnd.motorola.reflex +text/vnd.ms-mediapackage +text/vnd.net2phone.commcenter.command +text/vnd.sun.j2me.app-descriptor +text/vnd.wap.si +text/vnd.wap.sl +text/vnd.wap.wml wml +text/vnd.wap.wmlscript wmls +text/x-setext etx +text/xml +text/xml-external-parsed-entity +video/bmpeg +video/bt656 +video/celb +video/dv +video/h261 +video/h263 +video/h263-1998 +video/h263-2000 +video/jpeg +video/mp1s +video/mp2p +video/mp2t +video/mp4v-es +video/mpv +video/mpeg mpeg mpg mpe +video/nv +video/parityfec +video/pointer +video/quicktime qt mov +video/smpte292m +video/vnd.fvt +video/vnd.motorola.video +video/vnd.motorola.videop +video/vnd.mpegurl mxu m4u +video/vnd.nokia.interleaved-multimedia +video/vnd.objectvideo +video/vnd.vivo +video/x-msvideo avi +video/x-sgi-movie movie +x-conference/x-cooltalk ice diff --git a/base/tps/apache/conf/nss.conf b/base/tps/apache/conf/nss.conf new file mode 100644 index 000000000..314df040d --- /dev/null +++ b/base/tps/apache/conf/nss.conf @@ -0,0 +1,280 @@ +# +# This is the Apache server configuration file providing SSL support using. +# the mod_nss plugin. It contains the configuration directives to instruct +# the server how to serve pages over an https connection. +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# + +# +# When we also provide SSL we have to listen to the +# standard HTTP port (see above) and to the HTTPS port +# +# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two +# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443" +# +Listen [SECURE_PORT] + +Listen [NON_CLIENTAUTH_SECURE_PORT] + +## +## SSL Global Context +## +## All SSL configuration in this context applies both to +## the main server and all SSL-enabled virtual hosts. +## + +# +# Some MIME-types for downloading Certificates and CRLs +# +AddType application/x-x509-ca-cert .crt +AddType application/x-pkcs7-crl .crl + +# Pass Phrase Dialog: +# Configure the pass phrase gathering process. +# The filtering dialog program (`builtin' is a internal +# terminal dialog) has to provide the pass phrase on stdout. +#NSSPassPhraseDialog builtin +NSSPassPhraseDialog defer:[SERVER_ROOT]/conf/password.conf + + +# Pass Phrase Helper: +# This helper program stores the token password pins between +# restarts of Apache. +NSSPassPhraseHelper /usr/share/pki/tps/scripts/nss_pcache + +# Configure the SSL Session Cache. +# SSLSessionCacheSize is the number of entries in the cache. +# SSLSessionCacheTimeout is the SSL2 session timeout (in seconds). +# SSL3SessionCacheTimeout is the SSL3/TLS session timeout (in seconds). +NSSSessionCacheSize 10000 +NSSSessionCacheTimeout 100 +NSSSession3CacheTimeout 86400 + +## +## SSL Virtual Host Context +## + +<VirtualHost _default_:[SECURE_PORT]> + +# General setup for the virtual host +#DocumentRoot "/htdocs" +#ServerName [Server_Name]:[Secure_Port] +#ServerAdmin you@example.com + +# Configure OCSP checking of client certs + +#NSSOCSP on +#NSSOCSPDefaultResponder on + +# URL of the ocsp service +# +# Example of the built in ocsp service of the CS CA + +#NSSOCSPDefaultURL http://localhost:9180/ca/ocsp + +# Nickname of ocsp signing cert +# +# Below is sufficient if using built in CS CA ocsp service +# If using outboard ocsp, make sure the cert listed below +# is imported into the local cert database. + +#NSSOCSPDefaultName caCert + + +# mod_ssl logs to separate log files, you can choose to do that if you'd like +ErrorLog [SERVER_ROOT]/logs/error_log +TransferLog [SERVER_ROOT]/logs/access_log + +# SSL Engine Switch: +# Enable/Disable SSL for this virtual host. +NSSEngine on + +# FIPS Switch: +# Enable/Disable FIPS mode +# NSSFIPS on + +# SSL Cipher Suite: +# List the ciphers that the client is permitted to negotiate. +# See the mod_nss documentation for a complete list. +NSSCipherSuite -des,-desede3,-rc2,-rc2export,-rc4,-rc4export,+rsa_3des_sha,-rsa_des_56_sha,+rsa_des_sha,-rsa_null_md5,-rsa_null_sha,-rsa_rc2_40_md5,+rsa_rc4_128_md5,-rsa_rc4_128_sha,-rsa_rc4_40_md5,-rsa_rc4_56_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-fips_des_sha,+fips_3des_sha,-rsa_aes_128_sha,-rsa_aes_256_sha,+ecdhe_ecdsa_aes_256_sha +# SSL cipher suite in FIPS mode: +# NSSCipherSuite +rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha + +NSSProtocol SSLv3,TLSv1 + +# SSL Certificate Nickname: +# The nickname of the server certificate you are going to use. +NSSNickname "Server-Cert cert-[PKI_INSTANCE_ID]" + +# Server Certificate Database: +# The NSS security database directory that holds the certificates and +# keys. The database consists of 3 files: cert8.db, key3.db and secmod.db. +# Provide the directory that these files exist. +NSSCertificateDatabase [SERVER_ROOT]/alias + +# Client Authentication (Type): +# Client certificate verification type. Types are none, optional and +# require. +NSSVerifyClient require + +# Access Control: +# With SSLRequire you can do per-directory access control based +# on arbitrary complex boolean expressions containing server +# variable checks and other lookup directives. The syntax is a +# mixture between C and Perl. See the mod_nss documentation +# for more details. +#<Location /> +#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ +# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ +# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ +# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ +# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ +# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ +#</Location> + +# SSL Engine Options: +# Set various options for the SSL engine. +# o FakeBasicAuth: +# Translate the client X.509 into a Basic Authorisation. This means that +# the standard Auth/DBMAuth methods can be used for access control. The +# user name is the `one line' version of the client's X.509 certificate. +# Note that no password is obtained from the user. Every entry in the user +# file needs this password: `xxj31ZMTZzkVA'. +# o ExportCertData: +# This exports two additional environment variables: SSL_CLIENT_CERT and +# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the +# server (always existing) and the client (only existing when client +# authentication is used). This can be used to import the certificates +# into CGI scripts. +# o StdEnvVars: +# This exports the standard SSL/TLS related `SSL_*' environment variables. +# Per default this exportation is switched off for performance reasons, +# because the extraction step is an expensive operation and is usually +# useless for serving static content. So one usually enables the +# exportation for CGI and SSI requests only. +# o StrictRequire: +# This denies access when "SSLRequireSSL" or "SSLRequire" applied even +# under a "Satisfy any" situation, i.e. when it applies access is denied +# and no other module can change it. +# o OptRenegotiate: +# This enables optimized SSL connection renegotiation handling when SSL +# directives are used in per-directory context. +#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire +<Files ~ "\.(cgi|shtml|phtml|php3?)$"> + NSSOptions +StdEnvVars +</Files> +<Directory "/cgi-bin"> + NSSOptions +StdEnvVars +</Directory> + +# Per-Server Logging: +# The home of a custom SSL log file. Use this when you want a +# compact non-error SSL logfile on a virtual host basis. +#CustomLog [SERVER_ROOT]/logs/ssl_request_log \ +# "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + +</VirtualHost> + +<VirtualHost _default_:[NON_CLIENTAUTH_SECURE_PORT]> + +# General setup for the virtual host +#DocumentRoot "/htdocs" +#ServerName [Server_Name]:[Non_Clientauth_Secure_Port] +#ServerAdmin you@example.com + +# mod_ssl logs to separate log files, you can choose to do that if you'd like +ErrorLog [SERVER_ROOT]/logs/error_log +TransferLog [SERVER_ROOT]/logs/access_log + +# SSL Engine Switch: +# Enable/Disable SSL for this virtual host. +NSSEngine on + +# FIPS Switch: +# Enable/Disable FIPS mode +# NSSFIPS on + +# SSL Cipher Suite: +# List the ciphers that the client is permitted to negotiate. +# See the mod_nss documentation for a complete list. +NSSCipherSuite -des,-desede3,-rc2,-rc2export,-rc4,-rc4export,+rsa_3des_sha,-rsa_des_56_sha,+rsa_des_sha,-rsa_null_md5,-rsa_null_sha,-rsa_rc2_40_md5,+rsa_rc4_128_md5,-rsa_rc4_128_sha,-rsa_rc4_40_md5,-rsa_rc4_56_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-fips_des_sha,+fips_3des_sha,-rsa_aes_128_sha,-rsa_aes_256_sha,+ecdhe_ecdsa_aes_256_sha +# SSL cipher suite in FIPS mode: +# NSSCipherSuite +rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha + +NSSProtocol SSLv3,TLSv1 + +# SSL Certificate Nickname: +# The nickname of the server certificate you are going to use. +NSSNickname "Server-Cert cert-[PKI_INSTANCE_ID]" + +# Server Certificate Database: +# The NSS security database directory that holds the certificates and +# keys. The database consists of 3 files: cert8.db, key3.db and secmod.db. +# Provide the directory that these files exist. +NSSCertificateDatabase [SERVER_ROOT]/alias + +# Client Authentication (Type): +# Client certificate verification type. Types are none, optional and +# require. +NSSVerifyClient none + +# Access Control: +# With SSLRequire you can do per-directory access control based +# on arbitrary complex boolean expressions containing server +# variable checks and other lookup directives. The syntax is a +# mixture between C and Perl. See the mod_nss documentation +# for more details. +#<Location /> +#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ +# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ +# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ +# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ +# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ +# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ +#</Location> + +# SSL Engine Options: +# Set various options for the SSL engine. +# o FakeBasicAuth: +# Translate the client X.509 into a Basic Authorisation. This means that +# the standard Auth/DBMAuth methods can be used for access control. The +# user name is the `one line' version of the client's X.509 certificate. +# Note that no password is obtained from the user. Every entry in the user +# file needs this password: `xxj31ZMTZzkVA'. +# o ExportCertData: +# This exports two additional environment variables: SSL_CLIENT_CERT and +# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the +# server (always existing) and the client (only existing when client +# authentication is used). This can be used to import the certificates +# into CGI scripts. +# o StdEnvVars: +# This exports the standard SSL/TLS related `SSL_*' environment variables. +# Per default this exportation is switched off for performance reasons, +# because the extraction step is an expensive operation and is usually +# useless for serving static content. So one usually enables the +# exportation for CGI and SSI requests only. +# o StrictRequire: +# This denies access when "SSLRequireSSL" or "SSLRequire" applied even +# under a "Satisfy any" situation, i.e. when it applies access is denied +# and no other module can change it. +# o OptRenegotiate: +# This enables optimized SSL connection renegotiation handling when SSL +# directives are used in per-directory context. +#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire +<Files ~ "\.(cgi|shtml|phtml|php3?)$"> + NSSOptions +StdEnvVars +</Files> +<Directory "/cgi-bin"> + NSSOptions +StdEnvVars +</Directory> + +# Per-Server Logging: +# The home of a custom SSL log file. Use this when you want a +# compact non-error SSL logfile on a virtual host basis. +#CustomLog [SERVER_ROOT]/logs/ssl_request_log \ +# "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + +</VirtualHost> diff --git a/base/tps/apache/conf/perl.conf b/base/tps/apache/conf/perl.conf new file mode 100644 index 000000000..feb51e860 --- /dev/null +++ b/base/tps/apache/conf/perl.conf @@ -0,0 +1,70 @@ +# +# Mod_perl incorporates a Perl interpreter into the Apache web server, +# so that the Apache web server can directly execute Perl code. +# Mod_perl links the Perl runtime library into the Apache web server +# and provides an object-oriented Perl interface for Apache's C +# language API. The end result is a quicker CGI script turnaround +# process, since no external Perl interpreter has to be started. +# + +LoadModule perl_module [FORTITUDE_LIB_DIR]/modules/mod_perl.so + +# Uncomment this line to globally enable warnings, which will be +# written to the server's error log. Warnings should be enabled +# during the development process, but should be disabled on a +# production server as they affect performance. +# +#PerlWarn On + +# Uncomment this line to enable taint checking globally. When Perl is +# running in taint mode various checks are performed to reduce the +# risk of insecure data being passed to a subshell or being used to +# modify the filesystem. Unfortunatly many Perl modules are not +# taint-safe, so you should exercise care before enabling it on a +# production server. +# +#PerlTaintCheck On + +# This will allow execution of mod_perl to compile your scripts to +# subroutines which it will execute directly, avoiding the costly +# compile process for most requests. +# +#Alias /perl /var/www/perl +#<Directory /var/www/perl> +# SetHandler perl-script +# PerlResponseHandler ModPerl::Registry +# PerlOptions +ParseHeaders +# Options +ExecCGI +#</Directory> + +# This will allow remote server configuration reports, with the URL of +# http://servername/perl-status +# Change the ".your-domain.com" to match your domain to enable. +# +#PerlModule Apache::compat +#<Location /perl-status> +# SetHandler perl-script +# PerlResponseHandler Apache::Status +# Order deny,allow +# Deny from all +# Allow from .your-domain.com +#</Location> + +PerlModule ModPerl::Registry +PerlModule [FORTITUDE_APACHE]::compat +PerlModule PKI::TPS::wizard +PerlSetEnv PKI_DOCROOT [SERVER_ROOT]/docroot +PerlSetEnv PKI_ROOT [SERVER_ROOT] +<Location /tps/admin/console/config/wizard> + SetHandler perl-script + PerlHandler PKI::TPS::Wizard + Order deny,allow + Allow from all +</Location> + +<Location /tps/admin/console/config/login> + SetHandler perl-script + PerlHandler PKI::TPS::Login + Order deny,allow + Allow from all +</Location> diff --git a/base/tps/apache/pki_instance_command_wrapper b/base/tps/apache/pki_instance_command_wrapper new file mode 100644 index 000000000..913b37e4a --- /dev/null +++ b/base/tps/apache/pki_instance_command_wrapper @@ -0,0 +1,192 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- + +# Check to insure that this script's original invocation directory +# has not been deleted! +CWD=`/bin/pwd > /dev/null 2>&1` +if [ $? -ne 0 ] ; then + echo "Cannot invoke '$0' from non-existent directory!" + exit 255 +fi + + +############################################################################### +## (1) Specify variables used by this script. ## +############################################################################### + +PRODUCT=[PKI_PRODUCT] +SUBSYSTEM=[PKI_SUBSYSTEM] +INSTANCE=[PKI_INSTANCE] +COMMAND=[PKI_COMMAND] + + +############################################################################### +## (2) Define helper functions. ## +############################################################################### + +invalid_operating_system() { + echo + echo "ERROR: '$0' does not execute on the '$1' operating system!" + echo +} + +invalid_architecture() { + echo + echo "ERROR: '$0' does not execute on the '$1' architecture!" + echo +} + + +############################################################################### +## (3) Set environment variables. ## +## ## +## Set the LD_LIBRARY_PATH environment variable to determine the ## +## search order this command wrapper uses to find shared libraries. ## +## ## +## Set the PATH environment variable to determine the search ## +## order this command wrapper uses to find binary executables. ## +## ## +## NOTE: Since the wrappers themselves are ALWAYS located in ## +## "/usr/bin" on 32-bit and 64-bit Linux as well as both ## +## 32-bit Solaris and 64-bit Solaris, this directory ## +## will always be excluded from the search path. ## +## ## +## Additionally, since "/bin" is nothing more than a symbolic ## +## link to "/usr/bin" on Solaris, this directory will also ## +## always be excluded from the search path on this platform. ## +## ## +############################################################################### + +OS=`uname -s` +ARCHITECTURE="" + +if [ "${OS}" = "Linux" ] ; then + ARCHITECTURE=`uname -i` + if [ "${ARCHITECTURE}" = "i386" ] ; then + LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib + LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/var/lib/${INSTANCE}:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH} + export LD_LIBRARY_PATH + + PATH=/usr/lib/${PRODUCT}:/bin + PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH} + PATH=/var/lib/${INSTANCE}:${PATH} + export PATH + elif [ "${ARCHITECTURE}" = "x86_64" ] ; then + LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib + LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/var/lib/${INSTANCE}:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib64/java:/usr/lib64:/lib64:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib64/${PRODUCT}:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib64/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib64/dirsec:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib64/java/dirsec:${LD_LIBRARY_PATH} + export LD_LIBRARY_PATH + + PATH=/usr/lib/${PRODUCT} + PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH} + PATH=/var/lib/${INSTANCE}:${PATH} + PATH=/usr/lib64/${PRODUCT}:/bin:${PATH} + PATH=/usr/lib64/${PRODUCT}/${SUBSYSTEM}:${PATH} + export PATH + else + invalid_architecture "${ARCHITECTURE}" + exit 255 + fi +elif [ "${OS}" = "SunOS" ] ; then + ARCHITECTURE=`uname -p` + if [ "${ARCHITECTURE}" = "sparc" ] && + [ -d "/usr/lib/sparcv9/" ] ; then + ARCHITECTURE="sparcv9" + fi + if [ "${ARCHITECTURE}" = "sparc" ] ; then + LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib + LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/var/lib/${INSTANCE}:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH} + export LD_LIBRARY_PATH + + PATH=/usr/lib/${PRODUCT} + PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH} + PATH=/var/lib/${INSTANCE}:${PATH} + export PATH + elif [ "${ARCHITECTURE}" = "sparcv9" ] ; then + LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib + LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/var/lib/${INSTANCE}:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/sparcv9:/lib/sparcv9:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/sparcv9/java:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/sparcv9/${PRODUCT}:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/sparcv9/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/sparcv9/dirsec:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/sparcv9/java/dirsec:${LD_LIBRARY_PATH} + export LD_LIBRARY_PATH + + PATH=/usr/bin/sparcv9 + PATH=/usr/lib/${PRODUCT}:${PATH} + PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH} + PATH=/var/lib/${INSTANCE}:${PATH} + PATH=/usr/lib/sparcv9/${PRODUCT}:${PATH} + PATH=/usr/lib/sparcv9/${PRODUCT}/${SUBSYSTEM}:${PATH} + export PATH + else + invalid_architecture "${ARCHITECTURE}" + exit 255 + fi +else + invalid_operating_system "${OS}" + exit 255 +fi + + +############################################################################### +## (4) Execute the binary executable specified by this command wrapper ## +## based upon the preset LD_LIBRARY_PATH and PATH environment variables.## +############################################################################### + +ORIGINAL_IFS=${IFS} +IFS=: + +for dir in ${PATH} +do + if [ -x ${dir}/${COMMAND} ] + then + IFS=${ORIGINAL_IFS} + ${dir}/${COMMAND} "$@" + exit $? + fi +done + +echo "Unable to find \"${COMMAND}\" in \"${PATH}\"!" + +exit 255 + diff --git a/base/tps/apache/pki_subsystem_command_wrapper b/base/tps/apache/pki_subsystem_command_wrapper new file mode 100644 index 000000000..19cbf9dd9 --- /dev/null +++ b/base/tps/apache/pki_subsystem_command_wrapper @@ -0,0 +1,182 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- + +# Check to insure that this script's original invocation directory +# has not been deleted! +CWD=`/bin/pwd > /dev/null 2>&1` +if [ $? -ne 0 ] ; then + echo "Cannot invoke '$0' from non-existent directory!" + exit 255 +fi + + +############################################################################### +## (1) Specify variables used by this script. ## +############################################################################### + +PRODUCT=[PKI_PRODUCT] +SUBSYSTEM=[PKI_SUBSYSTEM] +COMMAND=[PKI_COMMAND] + + +############################################################################### +## (2) Define helper functions. ## +############################################################################### + +invalid_operating_system() { + echo + echo "ERROR: '$0' does not execute on the '$1' operating system!" + echo +} + +invalid_architecture() { + echo + echo "ERROR: '$0' does not execute on the '$1' architecture!" + echo +} + + +############################################################################### +## (3) Set environment variables. ## +## ## +## Set the LD_LIBRARY_PATH environment variable to determine the ## +## search order this command wrapper uses to find shared libraries. ## +## ## +## Set the PATH environment variable to determine the search ## +## order this command wrapper uses to find binary executables. ## +## ## +## NOTE: Since the wrappers themselves are ALWAYS located in ## +## "/usr/bin" on 32-bit and 64-bit Linux as well as both ## +## 32-bit Solaris and 64-bit Solaris, this directory ## +## will always be excluded from the search path. ## +## ## +## Additionally, since "/bin" is nothing more than a symbolic ## +## link to "/usr/bin" on Solaris, this directory will also ## +## always be excluded from the search path on this platform. ## +## ## +############################################################################### + +OS=`uname -s` +ARCHITECTURE="" + +if [ "${OS}" = "Linux" ] ; then + ARCHITECTURE=`uname -i` + if [ "${ARCHITECTURE}" = "i386" ] ; then + LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib + LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH} + export LD_LIBRARY_PATH + + PATH=/usr/lib/${PRODUCT}:/bin + PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH} + export PATH + elif [ "${ARCHITECTURE}" = "x86_64" ] ; then + LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib + LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib64/java:/usr/lib64:/lib64:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib64/${PRODUCT}:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib64/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib64/dirsec:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib64/java/dirsec:${LD_LIBRARY_PATH} + export LD_LIBRARY_PATH + + PATH=/usr/lib/${PRODUCT} + PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH} + PATH=/usr/lib64/${PRODUCT}:/bin:${PATH} + PATH=/usr/lib64/${PRODUCT}/${SUBSYSTEM}:${PATH} + export PATH + else + invalid_architecture "${ARCHITECTURE}" + exit 255 + fi +elif [ "${OS}" = "SunOS" ] ; then + ARCHITECTURE=`uname -p` + if [ "${ARCHITECTURE}" = "sparc" ] && + [ -d "/usr/lib/sparcv9/" ] ; then + ARCHITECTURE="sparcv9" + fi + if [ "${ARCHITECTURE}" = "sparc" ] ; then + LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib + LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH} + export LD_LIBRARY_PATH + + PATH=/usr/lib/${PRODUCT} + PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH} + export PATH + elif [ "${ARCHITECTURE}" = "sparcv9" ] ; then + LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib + LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/sparcv9:/lib/sparcv9:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/sparcv9/java:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/sparcv9/${PRODUCT}:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/sparcv9/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/sparcv9/dirsec:${LD_LIBRARY_PATH} + LD_LIBRARY_PATH=/usr/lib/sparcv9/java/dirsec:${LD_LIBRARY_PATH} + export LD_LIBRARY_PATH + + PATH=/usr/lib/${PRODUCT} + PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH} + PATH=/usr/lib/sparcv9/${PRODUCT}:${PATH} + PATH=/usr/lib/sparcv9/${PRODUCT}/${SUBSYSTEM}:${PATH} + export PATH + else + invalid_architecture "${ARCHITECTURE}" + exit 255 + fi +else + invalid_operating_system "${OS}" + exit 255 +fi + + +############################################################################### +## (4) Execute the binary executable specified by this command wrapper ## +## based upon the preset LD_LIBRARY_PATH and PATH environment variables.## +############################################################################### + +ORIGINAL_IFS=${IFS} +IFS=: + +for dir in ${PATH} +do + if [ -x ${dir}/${COMMAND} ] + then + IFS=${ORIGINAL_IFS} + ${dir}/${COMMAND} "$@" + exit $? + fi +done + +echo "Unable to find \"${COMMAND}\" in \"${PATH}\"!" + +exit 255 + diff --git a/base/tps/apache/readme.html b/base/tps/apache/readme.html new file mode 100644 index 000000000..3b741e6ae --- /dev/null +++ b/base/tps/apache/readme.html @@ -0,0 +1,1222 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; + version 2.1 of the License. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301 USA + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> +<body> +<h1> +<center><b> +How to Setup and Configure "mod_tps" and "mod_tokendb" on Apache +</b></center> +<hr> +<h2>Overview</h2> +<ul> +<p>This document describes how to install and configure the "mod_tps" and +"mod_tokendb" modules required by CoolKey. +</ul> +<h2>Dependencies</h2> +<ul> +<p>"mod_tps" is dependent upon the following components: +<ul> +<li>Fedora Certificate System (FCS) 1.0.0 Certificate Authority (CA) +<li>FCS 1.0.0 Token Key Service (TKS) +<li>FCS 1.0.0 Data Recovery Manager (DRM) [optional] +<li>FCS 1.0.0 Token Processing System (TPS) +<li>Fedora Directory Server (FDS) 1.0 (TPS internaldb instance) +<li>Apache 2.0.52 +<li>"mod_nss" module installed and available from this Apache 2.0.52 (Fortitude) +</ul> +<p>"mod_tokendb" is dependent upon the following components: +<ul> +<li>FCS 1.0.0 TPS +<li>FDS 1.0 TPS internaldb instance +<li>Apache 2.0.52 +<li>"mod_nss" module installed and available from this Apache 2.0.52 (Fortitude) +<li>"mod_tps" module installed and available from this Apache 2.0.52 (Fortitude) +</ul> +</ul> +<h2>Supported Platforms</h2> +<ul> +<li>Fedora Core 6 (32-bit), +<li>Fedora Core 6 (64-bit), and +<li>Solaris 9 (64-bit) +</ul> +<h2>Installing and Configuring "mod_tps" and "mod_tokendb"</h2> +<ol> +<li>Insure that a pre-installed version 1.0.0 of the FCS common subsystems area +exists on the desired machine running on the desired platform<br> +(e. g. - <pki_server_root>/<common_subsystems_area>) +<li>Insure that a pre-installed version 1.0.0 of the FCS CA exists on the +desired machine running on the desired platform<br> +(e. g. - <pki_server_root>/<common_subsystems_area>/<common_ca_subsystems> and <pki_server_root>/<ca_instance>) +<li>Insure that a pre-installed version 1.0.0 of the FCS TKS exists on the +desired machine running on the desired platform<br> +(e. g. - <pki_server_root>/<common_subsystems_area>/<common_tks_subsystems> and <pki_server_root>/<tks_instance>) +<li>Optionally, insure that a pre-installed version 1.0.0 of the FCS DRM exists +on the desired machine running on the desired platform<br> +(e. g. - <pki_server_root>/<common_subsystems_area>/<common_drm_subsystems> and <pki_server_root>/<drm_instance>) +<li>Insure that a pre-installed version 1.0 of the FDS exists on the desired +machine running on the desired platform.<br> +This is needed to create a TPS internaldb instance<br> +(e. g. - <rhds_server_root>/<tps_internaldb>) +<li>Insure that a pre-installed threaded version 2.0.52 of the Apache server +exists on the desired machine running on the desired platform<br> +(e. g. - <apache_server_root>) +<li>Insure that this Apache server has "mod_nss" (Fortitude) installed and +available from its <apache_server_root> +<li>Download and unpack the entire contents of the TPS package into the +<pki_server_root>/<common_subsystems_area>, the +<pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>, and the +<pki_server_root>/<tps_instance> +<li>Change directory to <pki_server_root>/<common_subsystems_area>/bin +<li>Execute <pki_server_root>/<common_subsystems_area>/bin/setup_tps: +<ol type="a"> +<li>Creates a wrapper script called +<pki_server_root>/<common_subsystems_area>/bin/tpsclient for +<pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>/bin/tpsclient +<li>Creates an empty +<pki_server_root>/<tps_instance>/bin directory +(instance-specific binaries) +<li>Creates an empty +<pki_server_root>/<tps_instance>/cgi-bin directory +(user customization) +<li>Creates an empty +<pki_server_root>/<tps_instance>/docroot directory +(user customization) +<li>Creates an empty +<pki_server_root>/<tps_instance>/lib directory +(instance-specific libraries) +<li>Creates an empty +<pki_server_root>/<tps_instance>/logs directory +(instance-specific logs) +<li>Sets up the CA connector in +<pki_server_root>/<tps_instance>/config/CS.cfg +<li>Optionally, sets up the DRM connector in +<pki_server_root>/<tps_instance>/config/CS.cfg +<li>Creates a cert8.db in +<pki_server_root>/<tps_instance>/config/cert8.db +<li>Creates a key3.db in +<pki_server_root>/<tps_instance>/config/key3.db +<li>Populates the cert8.db and key3.db security databases located in the +<pki_server_root>/<tps_instance>/config directory with the +ServerCert +<li>Populates the TPS internaldb located in the +<rhds_server_root>/<tps_internaldb> directory by executing the +LDIF scripts located in the +<pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>/setup directory +<li>Generates the +<pki_server_root>/<common_subsystems_area>/config/httpd.conf +Apache Configuration file: +<pre> +# +# Dynamic Shared Object (DSO) Support +# +# To be able to use the functionality of a module which was built as a DSO you +# have to place corresponding `LoadModule' lines at this location so the +# directives contained in it are actually available _before_ they are used. +# Statically compiled modules (those listed by `httpd -l') do not need +# to be loaded here. +# +# Example: +# LoadModule foo_module modules/mod_foo.so +# +LoadModule nss_module <apache_server_root>/modules/libmodnss.so + +# +# Bring in additional module-specific configurations +# +Include <apache_server_root>/conf/nss.conf +Include <pki_server_root>/<tps_instance>/config/tps.conf +</pre> +<li>Generates the +<pki_server_root>/<tps_instance>/config/tps.conf +Apache TPS Module Configuration file: +<pre> +# +# Dynamic Shared Object (DSO) Support +# +# To be able to use the functionality of a module which was built as a DSO you +# have to place corresponding `LoadModule' lines at this location so the +# directives contained in it are actually available _before_ they are used. +# Statically compiled modules (those listed by `httpd -l') do not need +# to be loaded here. +# +# Example: +# LoadModule foo_module modules/mod_foo.so +# +LoadModule tps_module <pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>/lib/mod_tps.so +LoadModule tokendb_module <pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>/lib/mod_tokendb.so + +<Location /nk_service> + SetHandler nk_service +</Location> + +<Location /tus> + SetHandler tus +</Location> + +# +# DocumentRoot: The directory out of which you will serve your +# documents. By default, all requests are taken from this directory, but +# symbolic links and aliases may be used to point to other locations. +# +DocumentRoot "<pki_server_root>/<common_subsystems_area>/docroot" + +# +# ScriptAlias: This controls which directories contain server scripts. +# ScriptAliases are essentially the same as Aliases, except that +# documents in the realname directory are treated as applications and +# run by the server when requested rather than as documents sent to the client. +# The same rules about trailing "/" apply to ScriptAlias directives as to +# Alias. +# +ScriptAlias /cgi-bin/ "<pki_server_root>/<common_subsystems_area>/cgi-bin/" + +# +# Bring in additional module-specific configurations +# +TPSConfigPathFile <pki_server_root>/<tps_instance>/config/CS.cfg +</ol> +<li>Assume "root" privilege +<li>Execute <apache_server_root>/bin/apachectl -f +<pki_server_root>/<common_subsystems_area>/config/httpd.conf +start +</ol> + +<h2>Inventory of cs-tps-{version} Package</h2> +<ul> +<table border=1> +<tr> +<th>Packaged File</th> +<th>Unpackaged File</th> +</tr> +<tr> +<td>applets/</td> +<td><pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>/applets/</td> +</tr> +<tr> +<td>applets/1.3.427BDDB8.ijc</td> +<td><pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>/applets/1.3.427BDDB8.ijc</td> +</tr> +<tr> +<td>bin/</td> +<td><pki_server_root>/<common_subsystems_area>/bin/</td> +</tr> +<tr> +<td>bin/setup_tps</td> +<td><pki_server_root>/<common_subsystems_area>/bin/setup_tps</td> +</tr> +<tr> +<td>bin/setup_tps</td> +<td><pki_server_root>/<common_subsystems_area>/bin/uninstall_tps</td> +</tr> +<tr> +<td>bin/</td> +<td><pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>/bin/</td> +</tr> +<tr> +<td>bin/tpsclient</td> +<td><pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>/bin/tpsclient</td> +</tr> +<tr> +<td>cgi-bin/</td> +<td><pki_server_root>/<common_subsystems_area>/cgi-bin/</td> +</tr> +<tr> +<td>cgi-bin/AdminEsc.html</td> +<td><pki_server_root>/<common_subsystems_area>/cgi-bin/AdminEsc.html</td> +</tr> +<tr> +<td>cgi-bin/AdvancePopup.html</td> +<td><pki_server_root>/<common_subsystems_area>/cgi-bin/AdvancePopup.html</td> +</tr> +<tr> +<td>cgi-bin/EnrollPopup.html</td> +<td><pki_server_root>/<common_subsystems_area>/cgi-bin/EnrollPopup.html</td> +</tr> +<tr> +<td>cgi-bin/SettingsEsc.html</td> +<td><pki_server_root>/<common_subsystems_area>/cgi-bin/SettingsEsc.html</td> +</tr> +<tr> +<td>cgi-bin/TokenManager.html</td> +<td><pki_server_root>/<common_subsystems_area>/cgi-bin/TokenManager.html</td> +</tr> +<tr> +<td>cgi-bin/TokenPin.html</td> +<td><pki_server_root>/<common_subsystems_area>/cgi-bin/TokenPin.html</td> +</tr> +<tr> +<td>cgi-bin/esc.cgi</td> +<td><pki_server_root>/<common_subsystems_area>/cgi-bin/esc.cgi</td> +</tr> +<tr> +<td>cgi-bin/style.css</td> +<td><pki_server_root>/<common_subsystems_area>/cgi-bin/style.css</td> +</tr> +<tr> +<td>config/</td> +<td><pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>/config/</td> +</tr> +<tr> +<td>config/CS.cfg</td> +<td><pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>/config/CS.cfg</td> +</tr> +<tr> +<td>config/enroll.test</td> +<td><pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>/config/enroll.test</td> +</tr> +<tr> +<td>config/format.test</td> +<td><pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>/config/format.test</td> +</tr> +<tr> +<td>config/reset_pin.test</td> +<td><pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>/config/reset_pin.test</td> +</tr> +<tr> +<td>docroot/</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/</td> +</tr> +<tr> +<td>docroot/GenericAuth.html</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/GenericAuth.html</td> +</tr> +<tr> +<td>docroot/images/</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/images/</td> +</tr> +<tr> +<td>docroot/images/BannerBackground.gif</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/images/BannerBackground.gif</td> +</tr> +<tr> +<td>docroot/images/BindSettingsPrototype.jpg</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/images/BindSettingsPrototype.jpg</td> +</tr> +<tr> +<td>docroot/images/CancelButton.gif</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/images/CancelButton.gif</td> +</tr> +<tr> +<td>docroot/images/CloseButton.gif</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/images/CloseButton.gif</td> +</tr> +<tr> +<td>docroot/images/ContinueButton.gif</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/images/ContinueButton.gif</td> +</tr> +<tr> +<td>docroot/images/HelpButton.gif</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/images/HelpButton.gif</td> +</tr> +<tr> +<td>docroot/images/NetKey-Small.gif</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/images/NetKey-Small.gif</td> +</tr> +<tr> +<td>docroot/images/NetKeyInsert.gif</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/images/NetKeyInsert.gif</td> +</tr> +<tr> +<td>docroot/images/NetKeyLogo.gif</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/images/NetKeyLogo.gif</td> +</tr> +<tr> +<td>docroot/images/NetKeyPair.gif</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/images/NetKeyPair.gif</td> +</tr> +<tr> +<td>docroot/images/NetKeyProgress.gif</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/images/NetKeyProgress.gif</td> +</tr> +<tr> +<td>docroot/images/NetKeyQuestionMark.gif</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/images/NetKeyQuestionMark.gif</td> +</tr> +<tr> +<td>docroot/images/OKButton.gif</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/images/OKButton.gif</td> +</tr> +<tr> +<td>docroot/images/PadLock.gif</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/images/PadLock.gif</td> +</tr> +<tr> +<td>docroot/images/PurchaseButton.gif</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/images/PurchaseButton.gif</td> +</tr> +<tr> +<td>docroot/images/ReactivateButton.gif</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/images/ReactivateButton.gif</td> +</tr> +<tr> +<td>docroot/images/ReleaseButton.gif</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/images/ReleaseButton.gif</td> +</tr> +<tr> +<td>docroot/images/SecureButton.gif</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/images/SecureButton.gif</td> +</tr> +<tr> +<td>docroot/images/SuspendButton.gif</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/images/SuspendButton.gif</td> +</tr> +<tr> +<td>docroot/images/TryAgainButton.gif</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/images/TryAgainButton.gif</td> +</tr> +<tr> +<td>docroot/images/bg.jpg</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/images/bg.jpg</td> +</tr> +<tr> +<td>docroot/images/logo.gif</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/images/logo.gif</td> +</tr> +<tr> +<td>docroot/style.css</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/style.css</td> +</tr> +<tr> +<td>docroot/tus/</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/tus/</td> +</tr> +<tr> +<td>docroot/tus/addResults.template</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/tus/addResults.template</td> +</tr> +<tr> +<td>docroot/tus/delete.template</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/tus/delete.template</td> +</tr> +<tr> +<td>docroot/tus/deleteResults.template</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/tus/deleteResults.template</td> +</tr> +<tr> +<td>docroot/tus/doToken.template</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/tus/doToken.template</td> +</tr> +<tr> +<td>docroot/tus/doTokenConfirm.template</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/tus/doTokenConfirm.template</td> +</tr> +<tr> +<td>docroot/tus/edit.template</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/tus/edit.template</td> +</tr> +<tr> +<td>docroot/tus/editAdmin.template</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/tus/editAdmin.template</td> +</tr> +<tr> +<td>docroot/tus/editAdminResults.template</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/tus/editAdminResults.template</td> +</tr> +<tr> +<td>docroot/tus/editResults.template</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/tus/editResults.template</td> +</tr> +<tr> +<td>docroot/tus/error.template</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/tus/error.template</td> +</tr> +<tr> +<td>docroot/tus/index.template</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/tus/index.template</td> +</tr> +<tr> +<td>docroot/tus/indexAdmin.template</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/tus/indexAdmin.template</td> +</tr> +<tr> +<td>docroot/tus/new.template</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/tus/new.template</td> +</tr> +<tr> +<td>docroot/tus/revoke.template</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/tus/revoke.template</td> +</tr> +<tr> +<td>docroot/tus/search.template</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/tus/search.template</td> +</tr> +<tr> +<td>docroot/tus/searchActivity.template</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/tus/searchActivity.template</td> +</tr> +<tr> +<td>docroot/tus/searchActivityResults.template</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/tus/searchActivityResults.template</td> +</tr> +<tr> +<td>docroot/tus/searchAdmin.template</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/tus/searchAdmin.template</td> +</tr> +<tr> +<td>docroot/tus/searchAdminResults.template</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/tus/searchAdminResults.template</td> +</tr> +<tr> +<td>docroot/tus/searchCertificateResults.template</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/tus/searchCertificateResults.template</td> +</tr> +<tr> +<td>docroot/tus/searchResults.template</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/tus/searchResults.template</td> +</tr> +<tr> +<td>docroot/tus/show.template</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/tus/show.template</td> +</tr> +<tr> +<td>docroot/tus/showAdmin.template</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/tus/showAdmin.template</td> +</tr> +<tr> +<td>docroot/tus/showCert.template</td> +<td><pki_server_root>/<common_subsystems_area>/docroot/tus/showCert.template</td> +</tr> +<tr> +<td>lib/</td> +<td><pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>/lib/</td> +</tr> +<tr> +<td>lib/libldapauth.so</td> +<td><pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>/lib/libldapauth.so</td> +</tr> +<tr> +<td>lib/libtokendb.so</td> +<td><pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>/lib/libtokendb.so</td> +</tr> +<tr> +<td>lib/libtps.so</td> +<td><pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>/lib/libtps.so</td> +</tr> +<tr> +<td>lib/mod_tokendb.so</td> +<td><pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>/lib/mod_tokendb.so</td> +</tr> +<tr> +<td>lib/mod_tps.so</td> +<td><pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>/lib/mod_tps.so</td> +</tr> +<tr> +<td>setup/</td> +<td><pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>/setup/</td> +</tr> +<tr> +<td>setup/addAgents.ldif</td> +<td><pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>/setup/addAgents.ldif</td> +</tr> +<tr> +<td>setup/addIndexes.ldif</td> +<td><pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>/setup/addIndexes.ldif</td> +</tr> +<tr> +<td>setup/addTokens.ldif</td> +<td><pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>/setup/addTokens.ldif</td> +</tr> +<tr> +<td>setup/addVLVIndexes.ldif</td> +<td><pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>/setup/addVLVIndexes.ldif</td> +</tr> +<tr> +<td>setup/schemaMods.ldif</td> +<td><pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>/setup/schemaMods.ldif</td> +</tr> +</table> +</ul> + +<h2>Inventory of cs-tps-devel-{version} Package</h2> +<ul> +<table border=1> +<tr> +<th>Packaged File</th> +<th>Unpackaged File</th> +</tr> +<tr> +<td>include/</td> +<td> </td> +</tr> +<tr> +<td>include/apdu/</td> +<td> </td> +</tr> +<tr> +<td>include/apdu/APDU.h</td> +<td> </td> +</tr> +<tr> +<td>include/apdu/APDU_Response.h</td> +<td> </td> +</tr> +<tr> +<td>include/apdu/Create_Object_APDU.h</td> +<td> </td> +</tr> +<tr> +<td>include/apdu/Create_Pin_APDU.h</td> +<td> </td> +</tr> +<tr> +<td>include/apdu/Delete_File_APDU.h</td> +<td> </td> +</tr> +<tr> +<td>include/apdu/External_Authenticate_APDU.h</td> +<td> </td> +</tr> +<tr> +<td>include/apdu/Format_Muscle_Applet_APDU.h</td> +<td> </td> +</tr> +<tr> +<td>include/apdu/Generate_Key_APDU.h</td> +<td> </td> +</tr> +<tr> +<td>include/apdu/Get_Data_APDU.h</td> +<td> </td> +</tr> +<tr> +<td>include/apdu/Get_Status_APDU.h</td> +<td> </td> +</tr> +<tr> +<td>include/apdu/Get_Version_APDU.h</td> +<td> </td> +</tr> +<tr> +<td>include/apdu/Import_Key_APDU.h</td> +<td> </td> +</tr> +<tr> +<td>include/apdu/Import_Key_Enc_APDU.h</td> +<td> </td> +</tr> +<tr> +<td>include/apdu/Initialize_Update_APDU.h</td> +<td> </td> +</tr> +<tr> +<td>include/apdu/Install_Applet_APDU.h</td> +<td> </td> +</tr> +<tr> +<td>include/apdu/Install_Load_APDU.h</td> +<td> </td> +</tr> +<tr> +<td>include/apdu/Lifecycle_APDU.h</td> +<td> </td> +</tr> +<tr> +<td>include/apdu/List_Objects_APDU.h</td> +<td> </td> +</tr> +<tr> +<td>include/apdu/List_Pins_APDU.h</td> +<td> </td> +</tr> +<tr> +<td>include/apdu/Load_File_APDU.h</td> +<td> </td> +</tr> +<tr> +<td>include/apdu/Put_Key_APDU.h</td> +<td> </td> +</tr> +<tr> +<td>include/apdu/Read_Buffer_APDU.h</td> +<td> </td> +</tr> +<tr> +<td>include/apdu/Read_Object_APDU.h</td> +<td> </td> +</tr> +<tr> +<td>include/apdu/Select_APDU.h</td> +<td> </td> +</tr> +<tr> +<td>include/apdu/Set_Pin_APDU.h</td> +<td> </td> +</tr> +<tr> +<td>include/apdu/Unblock_Pin_APDU.h</td> +<td> </td> +</tr> +<tr> +<td>include/apdu/Write_Object_APDU.h</td> +<td> </td> +</tr> +<tr> +<td>include/authentication/</td> +<td> </td> +</tr> +<tr> +<td>include/authentication/AuthParams.h</td> +<td> </td> +</tr> +<tr> +<td>include/authentication/Authentication.h</td> +<td> </td> +</tr> +<tr> +<td>include/authentication/LDAP_Authentication.h</td> +<td> </td> +</tr> +<tr> +<td>include/channel/</td> +<td> </td> +</tr> +<tr> +<td>include/channel/Channel.h</td> +<td> </td> +</tr> +<tr> +<td>include/channel/Secure_Channel.h</td> +<td> </td> +</tr> +<tr> +<td>include/cms/</td> +<td> </td> +</tr> +<tr> +<td>include/cms/CertEnroll.h</td> +<td> </td> +</tr> +<tr> +<td>include/cms/ConnectionInfo.h</td> +<td> </td> +</tr> +<tr> +<td>include/cms/HttpConnection.h</td> +<td> </td> +</tr> +<tr> +<td>include/engine/</td> +<td> </td> +</tr> +<tr> +<td>include/engine/RA.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/AccessLogger.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/Auth.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/ByteBuffer.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/CERTUtil.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/Cache.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/Connection.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/ConnectionListener.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/DebugLogger.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/Defines.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/ErrorLogger.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/Iterator.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/LogRotationTask.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/Logger.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/NSPRerrs.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PSBuddy.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PSBuddyCache.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PSBuddyList.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PSBuddyListener.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PSBuddyService.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PSCertExtension.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PSCommonLib.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PSConfig.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PSConfigManager.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PSConfigReader.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PSCrypt.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PSDataSourceListener.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PSDataSourceManager.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PSGroup.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PSGroupCache.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PSHelper.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PSListener.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PSPRUtil.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PSPlugin.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PSPluginManager.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PSServer.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PSServerLib.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PSServerListener.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PSServerManager.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PSServiceListener.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PSServiceManager.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PSUser.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PSWaspLib.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/Pool.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PresenceManager.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PresenceServer.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/PresenceServerImpl.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/SECerrs.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/SSLServerSocket.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/SSLSocket.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/SSLerrs.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/ScheduledTask.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/Scheduler.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/SecurityHeaders.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/ServerConnection.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/ServerHeaderProcessor.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/ServerSocket.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/Socket.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/SocketINC.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/SocketLib.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/StringList.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/StringUtil.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/TaskList.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/ThreadPool.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/URLUtil.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/engine.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/http.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/request.h</td> +<td> </td> +</tr> +<tr> +<td>include/httpClient/httpc/response.h</td> +<td> </td> +</tr> +<tr> +<td>include/main/</td> +<td> </td> +</tr> +<tr> +<td>include/main/RA_pblock.h</td> +<td> </td> +</tr> +<tr> +<td>include/main/AttributeSpec.h</td> +<td> </td> +</tr> +<tr> +<td>include/main/AuthenticationEntry.h</td> +<td> </td> +</tr> +<tr> +<td>include/main/Base.h</td> +<td> </td> +</tr> +<tr> +<td>include/main/Buffer.h</td> +<td> </td> +</tr> +<tr> +<td>include/main/ConfigStore.h</td> +<td> </td> +</tr> +<tr> +<td>include/main/Login.h</td> +<td> </td> +</tr> +<tr> +<td>include/main/Memory.h</td> +<td> </td> +</tr> +<tr> +<td>include/main/MemoryMgr.h</td> +<td> </td> +</tr> +<tr> +<td>include/main/NameValueSet.h</td> +<td> </td> +</tr> +<tr> +<td>include/main/ObjectSpec.h</td> +<td> </td> +</tr> +<tr> +<td>include/main/PKCS11Obj.h</td> +<td> </td> +</tr> +<tr> +<td>include/main/PublishEntry.h</td> +<td> </td> +</tr> +<tr> +<td>include/main/RA_Context.h</td> +<td> </td> +</tr> +<tr> +<td>include/main/RA_Msg.h</td> +<td> </td> +</tr> +<tr> +<td>include/main/RA_Session.h</td> +<td> </td> +</tr> +<tr> +<td>include/main/SecureId.h</td> +<td> </td> +</tr> +<tr> +<td>include/main/Util.h</td> +<td> </td> +</tr> +<tr> +<td>include/modules/</td> +<td> </td> +</tr> +<tr> +<td>include/modules/tps/</td> +<td> </td> +</tr> +<tr> +<td>include/modules/tps/AP_Context.h</td> +<td> </td> +</tr> +<tr> +<td>include/modules/tps/AP_Session.h</td> +<td> </td> +</tr> +<tr> +<td>include/msg/</td> +<td> </td> +</tr> +<tr> +<td>include/msg/RA_ASQ_Request_Msg.h</td> +<td> </td> +</tr> +<tr> +<td>include/msg/RA_ASQ_Response_Msg.h</td> +<td> </td> +</tr> +<tr> +<td>include/msg/RA_Begin_Op_Msg.h</td> +<td> </td> +</tr> +<tr> +<td>include/msg/RA_End_Op_Msg.h</td> +<td> </td> +</tr> +<tr> +<td>include/msg/RA_Extended_Login_Request_Msg.h</td> +<td> </td> +</tr> +<tr> +<td>include/msg/RA_Extended_Login_Response_Msg.h</td> +<td> </td> +</tr> +<tr> +<td>include/msg/RA_Login_Request_Msg.h</td> +<td> </td> +</tr> +<tr> +<td>include/msg/RA_Login_Response_Msg.h</td> +<td> </td> +</tr> +<tr> +<td>include/msg/RA_New_Pin_Request_Msg.h</td> +<td> </td> +</tr> +<tr> +<td>include/msg/RA_New_Pin_Response_Msg.h</td> +<td> </td> +</tr> +<tr> +<td>include/msg/RA_SecureId_Request_Msg.h</td> +<td> </td> +</tr> +<tr> +<td>include/msg/RA_SecureId_Response_Msg.h</td> +<td> </td> +</tr> +<tr> +<td>include/msg/RA_Status_Update_Request_Msg.h</td> +<td> </td> +</tr> +<tr> +<td>include/msg/RA_Status_Update_Response_Msg.h</td> +<td> </td> +</tr> +<tr> +<td>include/msg/RA_Token_PDU_Request_Msg.h</td> +<td> </td> +</tr> +<tr> +<td>include/msg/RA_Token_PDU_Response_Msg.h</td> +<td> </td> +</tr> +<tr> +<td>include/processor/</td> +<td> </td> +</tr> +<tr> +<td>include/processor/RA_Enroll_Processor.h</td> +<td> </td> +</tr> +<tr> +<td>include/processor/RA_Format_Processor.h</td> +<td> </td> +</tr> +<tr> +<td>include/processor/RA_Pin_Reset_Processor.h</td> +<td> </td> +</tr> +<tr> +<td>include/processor/RA_Processor.h</td> +<td> </td> +</tr> +<tr> +<td>include/processor/RA_Renew_Processor.h</td> +<td> </td> +</tr> +<tr> +<td>include/processor/RA_Unblock_Processor.h</td> +<td> </td> +</tr> +<tr> +<td>include/publisher/</td> +<td> </td> +</tr> +<tr> +<td>include/publisher/IConnector.h</td> +<td> </td> +</tr> +<tr> +<td>include/publisher/IPublish_Data.h</td> +<td> </td> +</tr> +<tr> +<td>include/publisher/IPublisher.h</td> +<td> </td> +</tr> +<tr> +<td>include/publisher/NetkeyPublisher.h</td> +<td> </td> +</tr> +<tr> +<td>include/tus/</td> +<td> </td> +</tr> +<tr> +<td>include/tus/tus_db.h</td> +<td> </td> +</tr> +</table> +</ul> +</body> +</html> + |