[Astlinux-commits] SF.net SVN: astlinux:[5729] branches/1.0

[<abe...@us...>]

Revision: 5729
          http://astlinux.svn.sourceforge.net/astlinux/?rev=5729&view=rev
Author:   abelbeck
Date:     2012-11-01 06:16:32 +0000 (Thu, 01 Nov 2012)
Log Message:
-----------
lighttpd, add new variable PHONEPROV_ALLOW to limit access to /phoneprov/ by IP address

Modified Paths:
--------------
    branches/1.0/package/lighttpd/lighttpd.conf
    branches/1.0/package/lighttpd/lighttpd.init
    branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf

Modified: branches/1.0/package/lighttpd/lighttpd.conf
===================================================================
--- branches/1.0/package/lighttpd/lighttpd.conf	2012-11-01 03:26:03 UTC (rev 5728)
+++ branches/1.0/package/lighttpd/lighttpd.conf	2012-11-01 06:16:32 UTC (rev 5729)
@@ -141,4 +141,10 @@
 @CLI_PROXY_SERVER@}
 
 @PHO...@al... = ( "/phoneprov/" => "/mnt/kd/phoneprov/" )
+@PHONEPROV@
+@PHONEPROV@$HTTP["url"] =~ "^/phoneprov/" {
+@PHONEPROV@  $HTTP["remoteip"] !~ "^(@PHONEPROV_ALLOW@)$" {
+@PHONEPROV@    url.access-deny = ( "" )
+@PHONEPROV@  }
+@PHONEPROV@}
 

Modified: branches/1.0/package/lighttpd/lighttpd.init
===================================================================
--- branches/1.0/package/lighttpd/lighttpd.init	2012-11-01 03:26:03 UTC (rev 5728)
+++ branches/1.0/package/lighttpd/lighttpd.init	2012-11-01 06:16:32 UTC (rev 5729)
@@ -76,6 +76,20 @@
   else
     phoneprov="#"
   fi
+  if [ -n "$PHONEPROV_ALLOW" ]; then
+    # Replace . with \. then replace * with .* for Regex match
+    # Match: "^($phoneprov_allow)$"
+    pp_allow="${PHONEPROV_ALLOW//./\.}"
+    pp_allow="${pp_allow//\*/.!}"  # Use ! for now, replace to * shortly
+    phoneprov_allow=""
+    unset IFS
+    for i in $pp_allow; do
+      phoneprov_allow="$phoneprov_allow${phoneprov_allow:+|}$i"
+    done
+    phoneprov_allow="${phoneprov_allow//!/*}"  # Replace ! with *
+  else
+    phoneprov_allow=".*"
+  fi
 
   sed -i -e "s|@HOSTNAME@|${HOSTNAME}|g" \
          -e "s|@HTTPDIR@|${httpdir}|g" \
@@ -89,6 +103,7 @@
          -e "s|@IPV6@|${ipv6}|g" \
          -e "s|@CLI_PROXY_SERVER@|${cli_proxy_server}|g" \
          -e "s|@PHONEPROV@|${phoneprov}|g" \
+         -e "s!@PHONEPROV_ALLOW@!${phoneprov_allow}!g" \
             /tmp/etc/lighttpd.conf
 }
 

Modified: branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf	2012-11-01 03:26:03 UTC (rev 5728)
+++ branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf	2012-11-01 06:16:32 UTC (rev 5729)
@@ -304,6 +304,15 @@
 HTTP_ACCESSLOG="no"        # Enable access logging in /var/log/lighttpd/access.log
 HTTPCGI="no"
 
+## HTTP and HTTPS /phoneprov/ directory server, useful for IP Phone provisioning
+## If the directory "/mnt/kd/phoneprov/" exists, this will be served as /phoneprov/
+## Limit access by IPv4 or IPv6 addresses using a space separated list of IP addresses.
+## Use the * character to match any number of any characters (expands to .* for regex match).
+## Note: Do not use CIDR notation, the IP is matched via a regular expression.
+## The default is to allow all IP's, PHONEPROV_ALLOW="*"
+## Example: PHONEPROV_ALLOW="10.10.10.* 2001:db8:1:* 192.168.101.20"
+#PHONEPROV_ALLOW="*"
+
 ## NTPd Server
 ## Note: also see NTPSERVS in the "General Configuration" section.
 ## Enable NTP broadcasts to local LAN(s). Use with something like

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.