From 4f6d730917ea7b3e1669fa72ca3fb36118a3f106 Mon Sep 17 00:00:00 2001
From: Michael DeHaan <mdehaan@redhat.com>
Date: Tue, 30 Oct 2007 17:43:50 -0400
Subject: Moving the auth parts to a .htaccess and out of Apache config. 
 Tested on my box with Digest auth and seems to work well.  Misc associated
 packaging details.

---
 MANIFEST.in               |  2 +-
 Makefile                  |  5 +++++
 cobbler.spec              |  6 ++++--
 cobbler/webui/master.py   |  4 ++--
 config/.htaccess          |  7 +++++++
 config/cobbler.conf       |  3 +++
 config/cobbler_webui.conf | 14 --------------
 docs/cobbler.pod          |  2 +-
 setup.py                  |  3 ++-
 9 files changed, 25 insertions(+), 21 deletions(-)
 create mode 100644 config/.htaccess
 delete mode 100644 config/cobbler_webui.conf

diff --git a/MANIFEST.in b/MANIFEST.in
index 5b035108..73753519 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -2,7 +2,6 @@ include loaders/COPYING_ELILO
 include loaders/elilo-3.6-ia64.efi
 include loaders/menu.c32
 include config/cobbler.conf
-include config/cobbler_webui.conf
 include config/rsync.exclude
 include config/cobblerd
 include config/cobblerd_rotate
@@ -11,6 +10,7 @@ include config/modules.conf
 include config/auth.conf
 include config/webui-cherrypy.cfg
 include config/settings
+include config/.htaccess
 include config/.htpasswd
 recursive-include templates *.template
 recursive-include kickstarts *.ks
diff --git a/Makefile b/Makefile
index 14e7e47d..084b9266 100644
--- a/Makefile
+++ b/Makefile
@@ -22,6 +22,7 @@ test:
 	-cp /var/lib/cobbler/profiles* /tmp/cobbler_test_bak
 	-cp /var/lib/cobbler/systems*  /tmp/cobbler_test_bak
 	-cp /var/lib/cobbler/repos*    /tmp/cobbler_test_bak
+	-cp /var/lib/cobbler/repos*    /tmp/cobbler_test_bak
 	python tests/tests.py
 	-cp /tmp/cobbler_test_bak/* /var/lib/cobbler
 
@@ -38,11 +39,15 @@ devinstall:
 	cp /var/lib/cobbler/settings /tmp/cobbler_settings
 	cp /etc/cobbler/auth.conf /tmp/cobbler_auth.conf
 	cp /etc/cobbler/modules.conf /tmp/cobbler_modules.conf
+	cp /var/www/cobbler/cgi-bin/.htpasswd /tmp/cobbler_htpasswd
 	make install
 	cp /tmp/cobbler_settings /var/lib/cobbler/settings
 	cp /tmp/cobbler_auth.conf /etc/cobbler/auth.conf
 	cp /tmp/cobbler_modules.conf /etc/cobbler/modules.conf
+	cp /tmp/cobbler_htpasswd /var/www/cobbler/cgi-bin/.htpasswd
 	find /var/lib/cobbler/triggers | xargs chmod +x
+	chown -R apache /var/www/cobbler 
+	chown -R apache /var/www/cgi-bin/cobbler	
 
 sdist: clean messages updatewui
 	python setup.py sdist
diff --git a/cobbler.spec b/cobbler.spec
index d353d938..4c250d8a 100644
--- a/cobbler.spec
+++ b/cobbler.spec
@@ -83,6 +83,9 @@ test "x$RPM_BUILD_ROOT" != "x" && rm -rf $RPM_BUILD_ROOT
 /var/www/cgi-bin/cobbler/findks.cgi
 /var/www/cgi-bin/cobbler/nopxe.cgi
 /var/www/cgi-bin/cobbler/webui.cgi
+%defattr(660,apache,apache)
+%config(noreplace) /var/www/cgi-bin/cobbler/.htaccess
+%config(noreplace) /var/www/cgi-bin/cobbler/.htpasswd
 
 %defattr(755,apache,apache)
 %dir /usr/share/cobbler/webui_templates
@@ -142,8 +145,6 @@ test "x$RPM_BUILD_ROOT" != "x" && rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man1/cobbler.1.gz
 /etc/init.d/cobblerd
 %config(noreplace) /etc/httpd/conf.d/cobbler.conf
-%config(noreplace) /etc/httpd/conf.d/cobbler_webui.conf
-%config(noreplace) /var/www/cgi-bin/cobbler/.htpasswd
 %dir /var/log/cobbler/syslog
 
 %defattr(755,root,root)
@@ -195,6 +196,7 @@ test "x$RPM_BUILD_ROOT" != "x" && rm -rf $RPM_BUILD_ROOT
 - now packaging javascript file(s) seperately for WUI
 - backup state files on upgrade 
 - cobbler sync now has pre/post triggers, so package those dirs/files
+- WebUI now has .htaccess file
 
 * Fri Sep 28 2007 Michael DeHaan <mdehaan@redhat.com> - 0.6.2-2
 - Upstream changes (see CHANGELOG)
diff --git a/cobbler/webui/master.py b/cobbler/webui/master.py
index d8b5f2b8..9dd79d57 100644
--- a/cobbler/webui/master.py
+++ b/cobbler/webui/master.py
@@ -33,8 +33,8 @@ VFN=valueForName
 currentTime=time.time
 __CHEETAH_version__ = '2.0rc8'
 __CHEETAH_versionTuple__ = (2, 0, 0, 'candidate', 8)
-__CHEETAH_genTime__ = 1193694568.5778069
-__CHEETAH_genTimestamp__ = 'Mon Oct 29 17:49:28 2007'
+__CHEETAH_genTime__ = 1193780329.9635999
+__CHEETAH_genTimestamp__ = 'Tue Oct 30 17:38:49 2007'
 __CHEETAH_src__ = 'webui_templates/master.tmpl'
 __CHEETAH_srcLastModified__ = 'Mon Oct 29 16:39:12 2007'
 __CHEETAH_docstring__ = 'Autogenerated by CHEETAH: The Python-Powered Template Engine'
diff --git a/config/.htaccess b/config/.htaccess
new file mode 100644
index 00000000..da71c461
--- /dev/null
+++ b/config/.htaccess
@@ -0,0 +1,7 @@
+AuthUserFile /var/www/cgi-bin/cobbler/.htpasswd
+AuthGroupFile /dev/null
+AuthName "Cobbler WebUI Authentication"
+AuthType Digest
+
+require valid-user
+
diff --git a/config/cobbler.conf b/config/cobbler.conf
index 187e63e1..51b68e24 100644
--- a/config/cobbler.conf
+++ b/config/cobbler.conf
@@ -22,4 +22,7 @@ ProxyPassReverse /cobbler_api http://localhost:25151/
 ProxyPass /cobbler_api_rw http://localhost:25152/
 ProxyPassReverse /cobbler_api_rw http://localhost:25152/
 
+BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
+
+# For Web UI, see also: /var/www/cgi-bin/cobbler/.htaccess
 
diff --git a/config/cobbler_webui.conf b/config/cobbler_webui.conf
deleted file mode 100644
index d573dd7d..00000000
--- a/config/cobbler_webui.conf
+++ /dev/null
@@ -1,14 +0,0 @@
-
-# See: http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#msie
-BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
-
-# set up digest authentication for the webui
-# to add users: htdigest /var/www/cgi-bin/cobbler/.htaccess "Cobbler WebUI Authentication" $username
-<Location "/var/www/cgi-bin/cobbler/webui.cgi">
-    AuthType Digest
-    AuthName "Cobbler WebUI Authentication"
-    AuthDigestProvider file
-    AuthUserFile /var/www/cgi-bin/cobbler/.htaccess
-    Require valid-user
-</Location>
-
diff --git a/docs/cobbler.pod b/docs/cobbler.pod
index c0682f19..501f034b 100644
--- a/docs/cobbler.pod
+++ b/docs/cobbler.pod
@@ -667,7 +667,7 @@ Most of the day-to-day actions in cobbler's command line can be performed in Cob
 
 3) The default Web UI password is "cobbler/ILoveCobbler", to change this, run:
 
-htdigest /var/www/cgi-bin/cobbler/.htaccess "Cobbler WebUI Authentication" cobbler
+htdigest /var/www/cgi-bin/cobbler/.htpasswd "Cobbler WebUI Authentication" cobbler
 
 4) SELinux users may also have to run:
 
diff --git a/setup.py b/setup.py
index 33f4f858..6a8ef22e 100644
--- a/setup.py
+++ b/setup.py
@@ -64,9 +64,10 @@ if __name__ == "__main__":
                                 (cgipath,  ['scripts/webui.cgi']),
  
                                 # miscellaneous config files
+                                (cgipath,  ['config/.htaccess']),
                                 (cgipath,  ['config/.htpasswd']),
                                 (rotpath,  ['config/cobblerd_rotate']),
-                                (wwwconf,  ['config/cobbler.conf','config/cobbler_webui.conf']),
+                                (wwwconf,  ['config/cobbler.conf']),
                                 (cobpath,  ['config/cobbler_hosts']),
                                 (etcpath,  ['config/modules.conf']),
                                 (etcpath,  ['config/auth.conf']),
-- 
cgit