1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-23 04:23:08 +00:00

These ports are the standalone FrontPage module for Apache 1.3 and Apache 2.x

servers. Ready-To-Run has designed these modules to work as DSO modules with no
need to patch the apache sources.

PR:		ports/77218
Submitted by:	Scot W. Hetzel <swhetzel@gmail.com>
This commit is contained in:
Pav Lucistnik 2005-02-09 20:13:27 +00:00
parent 0dc996a88f
commit 2cf7ddc522
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=128408
12 changed files with 924 additions and 0 deletions

View File

@ -273,6 +273,8 @@
SUBDIR += mod_fcgid
SUBDIR += mod_filter
SUBDIR += mod_frontpage
SUBDIR += mod_frontpage2-rtr
SUBDIR += mod_frontpage-rtr
SUBDIR += mod_geoip
SUBDIR += mod_gzip
SUBDIR += mod_hosts_access

View File

@ -0,0 +1,22 @@
# New ports collection makefile for: Microsoft FrontPage Extensions
# Date created: Tue Feb 4 13:59:20 CST 2003
# Whom: hetzels@westbend.net
#
# $FreeBSD$
#
CATEGORIES= www
MAINTAINER= hetzels@westbend.net
WANT_APACHE= 13
PKGMESSAGE= ${MASTERDIR}/pkg-message13
.if defined(WITH_SSL)
AP_PORT= www/apache13-modssl
.endif
MASTERDIR= ${.CURDIR}/../mod_frontpage2-rtr
.include "${MASTERDIR}/Makefile"

View File

@ -0,0 +1,96 @@
# New ports collection makefile for: Microsoft FrontPage Extensions
# Date created: Tue Feb 4 13:59:20 CST 2003
# Whom: hetzels@westbend.net
#
# $FreeBSD$
#
PORTNAME= mod_frontpage
PORTVERSION= 5.0.2.2635
PORTREVISION= 0
CATEGORIES= www
MASTER_SITES= # Requries manual fetch of files from http://www.rtr.com/
PKGNAMESUFFIX= ${AP_VER}
DISTFILES= ${FRONTPAGE}
MAINTAINER= hetzels@westbend.net
COMMENT= Microsoft mod_frontpage (by RTR) for Apache ${FP_AP_VER}
RUN_DEPENDS= ${LOCALBASE}/${FP_SETPERM}:${PORTSDIR}/www/frontpage
DIST_SUBDIR= fp${PORTVERSION:S/.//g}
ONLY_FOR_ARCHS= i386 ia64 amd64 alpha sparc64
USE_REINPLACE= yes
WANT_APACHE?= 2
.include <bsd.port.pre.mk>
.include "${.CURDIR}/../apache2/Makefile.modules.3rd"
.include "${.CURDIR}/../frontpage/Makefile.fp.common"
.ifdef WITH_APACHE2
FP_AP_VER= 2.0
APACHE= apache2
.else
FP_AP_VER= 1.3
APACHE= apache
.endif
FPDIR= frontpage/version${FP_VER}
FP_INSTALL= ${FPDIR}/fp_install.sh
FP_SETPERM= ${FPDIR}/set_default_perms.sh
.ifdef WITH_MODFP_COMPAT
FP_ARGS= -DIMPROVED_MODFP_COMPAT
.endif
.ifdef WITH_DISABLED
FP_ARGS+= -DDEFAULT_TO_OFF
.endif
NO_WRKSUBDIR= yes
EXTRACT_FILES= ${FPDIR}/apache-fp/mod_frontpage.c \
${FPDIR}/apache2/mod_fpcgid.c \
${FPDIR}/apache2/mod_fpcgid.h \
${FPDIR}/apache2/mod_frontpage.c \
${FPDIR}/apache2/mod_frontpage.h \
${FPDIR}/apache2/mod_suexec.h
PLIST_SUB+= FP_VER=${FP_VER} \
APACHE=${APACHE}
do-extract:
@${RM} -rf ${WRKDIR}
@${MKDIR} ${WRKDIR}
@if ! (cd ${WRKDIR} && ${EXTRACT_CMD} ${EXTRACT_BEFORE_ARGS} \
${_DISTDIR}/${FRONTPAGE} ${EXTRACT_AFTER_ARGS} ${EXTRACT_FILES}); \
then \
exit 1; \
fi
do-build:
.ifdef WITH_APACHE2
@${APXS} -c -Wc,-DFREEBSD ${FP_ARGS} ${WRKDIR}/${FPDIR}/apache2/mod_frontpage.c \
${WRKDIR}/${FPDIR}/apache2/mod_fpcgid.c
.else
@(cd ${WRKDIR}/${FPDIR}/apache-fp && \
${APXS} -c -Wc,-DFREEBSD ${FP_ARGS} ${WRKDIR}/${FPDIR}/apache-fp/mod_frontpage.c)
.endif
do-install:
.ifdef WITH_APACHE2
@${APXS} -i -a -n frontpage ${WRKDIR}/${FPDIR}/apache2/mod_frontpage.la
.else
@${APXS} -i -a -n frontpage ${WRKDIR}/${FPDIR}/apache-fp/mod_frontpage.so
.endif
post-install:
.if (${PREFIX} != "/usr/local")
@${CAT} ${PKGMESSAGE} | ${SED} -e 's|%%PREFIX%%|${PREFIX}|'
.else
@${CAT} ${PKGMESSAGE} | ${SED} -e 's|%%PREFIX%%|${PREFIX}|' \
| ${GREP} -v "ln"
.endif
.include <bsd.port.post.mk>

View File

@ -0,0 +1,8 @@
MD5 (fp5022635/fp50.alpha.tar.gz) = 63c26a9ff0b97b44692fd5717b892dc0
SIZE (fp5022635/fp50.alpha.tar.gz) = 13245239
MD5 (fp5022635/fp50.bsdi.tar.gz) = e1640a3d5eb06fbfe77827c68c387f64
SIZE (fp5022635/fp50.bsdi.tar.gz) = 10484068
MD5 (fp5022635/fp50.freebsd.tar.gz) = 15bb2e119f1c2c91a5f4855a0b8ca836
SIZE (fp5022635/fp50.freebsd.tar.gz) = 10205076
MD5 (fp5022635/fp50.solaris.tar.gz) = 98ef852e1db27ced23e7f5971146a4dd
SIZE (fp5022635/fp50.solaris.tar.gz) = 11510762

View File

@ -0,0 +1,269 @@
--- frontpage/version5.0/apache-fp/mod_frontpage.c.orig Tue Dec 2 20:18:45 2003
+++ frontpage/version5.0/apache-fp/mod_frontpage.c Mon Jan 31 00:43:54 2005
@@ -52,10 +52,13 @@
#include "httpd.h"
#include "http_config.h"
#include "http_conf_globals.h"
+#include "http_log.h"
#include <stdio.h>
#include <sys/time.h>
+module MODULE_VAR_EXPORT frontpage_module;
+
#ifndef TRUE
#define TRUE 1
#endif
@@ -74,6 +77,11 @@
#define KEYLEN 128 /* Should be a multiple of sizeof(int) */
+typedef struct {
+ int fp_status;
+ int fp_admin_status;
+} FrontPage_conf;
+
static char gszKeyVal[KEYLEN+1]; /* SUID key value used by this module */
static int gfdKeyPipe[2]; /* Pipe to fpexe stub CGI */
static int gbKeyPipeActive; /* Pipe to fpexe stub CGI is active */
@@ -584,6 +592,31 @@
* Thanks to Scot Hetzel (hetzels@westbend.net)
*/
ap_add_version_component("FrontPage/5.0.2.2635");
+
+ while (s != NULL) {
+ FrontPage_conf* c = ap_get_module_config (s->module_config, &frontpage_module);
+ if (c->fp_status == -1)
+#ifdef DEFAULT_TO_OFF
+ c->fp_status = FALSE;
+#else
+ c->fp_status = TRUE;
+#endif
+ if (!c->fp_status)
+ ap_log_error (APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, s,
+ "FrontPage disabled for server %s:%d\n",
+ s->server_hostname, s->port);
+ if (c->fp_admin_status == -1)
+#ifdef DEFAULT_TO_OFF
+ c->fp_admin_status = FALSE;
+#else
+ c->fp_admin_status = TRUE;
+#endif
+ if (!c->fp_admin_status)
+ ap_log_error (APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, s,
+ "FrontPage Administration pages disabled for server %s:%d\n",
+ s->server_hostname, s->port);
+ s = s->next;
+ }
}
static int FrontPageCheckWebRoot(
@@ -793,6 +826,26 @@
return OK;
}
+/*
+ * We *MUST* have been authenticated somehow for AUTHOR or ADMIN requests.
+ * This prevents the single largest hole in FrontPage: if the user somehow
+ * deletes their .htaccess files anyone can gain FrontPage AUTHOR or ADMIN
+ * privileges. With this check we won't allow ADMIN or AUTHOR unless _some_
+ * authentication was performed.
+ */
+static int FrontPageNeedAuth(
+ request_rec* r,
+ char* szCgi,
+ const char* szFpexe)
+{
+ if ((r->connection->user == NULL) || (r->connection->ap_auth_type == NULL)) {
+ ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
+ "server configuration did not require authentication: %s", r->filename);
+ return FORBIDDEN;
+ } else {
+ return FrontPageAlias(r, szCgi, szFpexe);
+ }
+}
/*
* This routine looks for shtml.exe, fpcount.exe, author.exe and admin.exe
@@ -806,6 +859,7 @@
{
char *szVti;
char *szCgi;
+ FrontPage_conf *c;
char szBuf[MAXPATHLEN];
/*
@@ -815,6 +869,13 @@
return DECLINED;
/*
+ * Decline if we have disabled FrontPage on the server.
+ */
+ c = (FrontPage_conf *)ap_get_module_config (r->server->module_config, &frontpage_module);
+ if (!c->fp_status)
+ return FORBIDDEN;
+
+ /*
* Check once for anything with _vti_bin. This is much faster than
* checking all our paths, because anything without this is definitely
* not a FrontPage scenario.
@@ -835,7 +896,7 @@
return FrontPageAlias(r, szCgi, AUTHOR);
/*
* Convert inadvertent shtml.dll to shtml.exe
- * Thanks for the idea to Scot Hetzel (hetzels@westbend.net)
+ * Thanks for the idea from Scot Hetzel (hetzels@westbend.net)
*/
if (szCgi = strstr(szVti, SHTML2 ))
{
@@ -845,9 +906,17 @@
if (szCgi = strstr(szVti, SHTML ))
return FrontPageAlias(r, szCgi, SHTML);
if (szCgi = strstr(szVti, ADMIN ))
- return FrontPageAlias(r, szCgi, ADMIN);
+ if (c->fp_admin_status) {
+ return FrontPageAlias(r, szCgi, ADMIN);
+ } else {
+ return FORBIDDEN;
+ }
if (szCgi = strstr(szVti, ADMINCGI ))
- return FrontPageAlias(r, szCgi, ADMINCGI);
+ if (c->fp_admin_status) {
+ return FrontPageAlias(r, szCgi, ADMINCGI);
+ } else {
+ return FORBIDDEN;
+ }
if (szCgi = strstr(szVti, FPCOUNT))
return FrontPageAlias(r, szCgi, FPCOUNT);
@@ -916,6 +985,100 @@
return OK;
}
+static void*
+FrontPageCreate_config(pool* p, server_rec* s) {
+ FrontPage_conf* new = (FrontPage_conf *)ap_pcalloc (p, sizeof (FrontPage_conf));
+ new->fp_status = -1;
+ new->fp_admin_status = -1;
+ return new;
+}
+
+static void*
+FrontPageMerge_config(pool* p, void* basev, void* addv) {
+ FrontPage_conf *base = (FrontPage_conf *)basev;
+ FrontPage_conf *add = (FrontPage_conf *)addv;
+ FrontPage_conf *new = (FrontPage_conf *)ap_pcalloc (p, sizeof (FrontPage_conf));
+ new->fp_status = (add->fp_status == -1) ? base->fp_status : add->fp_status;
+ new->fp_admin_status = (add->fp_admin_status == -1) ? base->fp_admin_status : add->fp_admin_status;
+ return new;
+}
+
+static const char *
+cmd_FrontPage(cmd_parms *cmd, void *dummy, int flag)
+{
+ FrontPage_conf *sconf;
+
+ sconf = (FrontPage_conf *)ap_get_module_config(cmd->server->module_config, &frontpage_module);
+
+ if (cmd->path == NULL) { /* is server command */
+ sconf->fp_status = (flag ? TRUE : FALSE);
+ }
+ return NULL;
+}
+
+#ifdef IMPROVED_MODFP_COMPAT
+static const char*
+cmd_disable(cmd_parms* cmd, char* struct_ptr) {
+
+ return cmd_FrontPage(cmd, NULL, FALSE);
+}
+
+static const char*
+cmd_enable(cmd_parms* cmd, char* struct_ptr) {
+
+ return cmd_FrontPage(cmd, NULL, TRUE);
+}
+#endif /* IMPROVED_MODFP_COMPAT */
+
+static const char *
+cmd_FrontPageAdmin(cmd_parms *cmd, void *dummy, int flag)
+{
+ FrontPage_conf *sconf;
+
+ sconf = (FrontPage_conf *)ap_get_module_config(cmd->server->module_config, &frontpage_module);
+
+ if (cmd->path == NULL) { /* is server command */
+ sconf->fp_admin_status = (flag ? TRUE : FALSE);
+ }
+ return NULL;
+}
+
+#ifdef IMPROVED_MODFP_COMPAT
+static const char*
+cmd_admin_disable(cmd_parms* cmd, char* struct_ptr) {
+
+ return cmd_FrontPageAdmin(cmd, NULL, TRUE);
+}
+
+static const char*
+cmd_admin_enable(cmd_parms* cmd, char* struct_ptr) {
+
+ return cmd_FrontPageAdmin(cmd, NULL, FALSE);
+}
+#endif /* IMPROVED_MODFP_COMPAT */
+
+static const
+command_rec FrontPageCMDs[] = {
+ { "FrontPage", cmd_FrontPage, NULL, RSRC_CONF, FLAG,
+ "On or Off to enable (default) or disable the FrontPage User Access" },
+ { "FrontPageAdmin", cmd_FrontPageAdmin, NULL, RSRC_CONF, FLAG,
+ "On or Off to enable (default) or disable the FrontPage Administrator Access" },
+#ifdef IMPROVED_MODFP_COMPAT
+ { "FrontPageDisable", cmd_disable,
+ NULL, RSRC_CONF, NO_ARGS,
+ "Disable FrontPage" },
+ { "FrontPageEnable", cmd_enable,
+ NULL, RSRC_CONF, NO_ARGS,
+ "Enable FrontPage" },
+ { "FrontPageAdminDisable", cmd_admin_disable,
+ NULL, RSRC_CONF, NO_ARGS,
+ "Disable FrontPageAdmin" },
+ { "FrontPageAdminEnable", cmd_admin_enable,
+ NULL, RSRC_CONF, NO_ARGS,
+ "Enable FrontPageAdmin" },
+#endif
+ { NULL }
+};
/*
* Declare ourselves so the configuration routines can find us.
@@ -926,9 +1089,9 @@
FrontPageInit, /* initializer */
NULL, /* per-directory config creater */
NULL, /* dir config merger - default is to override */
- NULL, /* server config creator */
- NULL, /* server config merger */
- NULL, /* command table */
+ FrontPageCreate_config, /* server config creator */
+ FrontPageMerge_config, /* server config merger */
+ FrontPageCMDs, /* command table */
NULL, /* [6] list of handlers */
FrontPageXlate, /* [1] URI-to-filename translation */
NULL, /* [4] check/validate HTTP user_id */
@@ -937,5 +1100,16 @@
NULL, /* [6] MIME type checker/setter */
FrontPageFixup, /* [7] fixups */
NULL, /* [9] logger */
+#if MODULE_MAGIC_NUMBER >= 19970103
NULL, /* [2] header parser */
+#endif
+#if MODULE_MAGIC_NUMBER >= 19970719
+ NULL, /* child_init */
+#endif
+#if MODULE_MAGIC_NUMBER >= 19970728
+ NULL, /* child_exit */
+#endif
+#if MODULE_MAGIC_NUMBER >= 19970902
+ NULL /* post read-request */
+#endif
};

View File

@ -0,0 +1,154 @@
--- frontpage/version5.0/apache2/mod_fpcgid.c.orig Thu Jan 9 12:19:29 2003
+++ frontpage/version5.0/apache2/mod_fpcgid.c Wed Feb 12 10:30:45 2003
@@ -121,8 +121,6 @@
#include <sys/un.h> /* for sockaddr_un */
-module AP_MODULE_DECLARE_DATA frontpage_module;
-
#if 0
This section is not used in the FrontPage daemon.
static int cgid_init(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *main_server);
@@ -187,13 +185,6 @@
#define DEFAULT_CONNECT_ATTEMPTS 15
#endif
-typedef struct {
- const char *sockname;
- const char *logname;
- long logbytes;
- int bufbytes;
-} cgid_server_conf;
-
/* If a request includes query info in the URL (stuff after "?"), and
* the query info does not contain "=" (indicative of a FORM submission),
* then this routine is called to create the argument list to be passed
@@ -755,21 +746,42 @@
void* fpcreate_cgid_config(apr_pool_t *p, server_rec *s)
{
- cgid_server_conf *c =
- (cgid_server_conf *) apr_pcalloc(p, sizeof(cgid_server_conf));
+ cgid_server_conf *c;
- c->logname = NULL;
- c->logbytes = DEFAULT_LOGBYTES;
- c->bufbytes = DEFAULT_BUFBYTES;
- c->sockname = ap_server_root_relative(p, DEFAULT_SOCKET);
- return c;
+ c = (cgid_server_conf *) apr_pcalloc(p, sizeof(cgid_server_conf));
+
+ c->fp_status = -1;
+ c->fp_admin_status = -1;
+ c->logname = NULL;
+ c->logbytes = DEFAULT_LOGBYTES;
+ c->bufbytes = DEFAULT_BUFBYTES;
+ c->sockname = ap_server_root_relative(p, DEFAULT_SOCKET);
+ return c;
}
void* fpmerge_cgid_config(apr_pool_t *p, void *basev, void *overridesv)
{
- cgid_server_conf *base = (cgid_server_conf *) basev, *overrides = (cgid_server_conf *) overridesv;
+ cgid_server_conf *c, *base, *overrides;
- return overrides->logname ? overrides : base;
+ c = (cgid_server_conf *)apr_pcalloc(p, sizeof(cgid_server_conf));
+ base = (cgid_server_conf *)basev;
+ overrides = (cgid_server_conf *)overridesv;
+
+ c->fp_status = (overrides->fp_status == -1) ? base->fp_status : overrides->fp_status;
+ c->fp_admin_status = (overrides->fp_admin_status == -1) ? base->fp_admin_status : overrides->fp_admin_status;
+
+ if (overrides->logname) {
+ c->logname = apr_pstrdup(p, overrides->logname);
+ c->logbytes = overrides->logbytes ? overrides->logbytes : base->logbytes;
+ c->bufbytes = overrides->bufbytes ? overrides->bufbytes : base->bufbytes;
+ c->sockname = apr_pstrdup(p, overrides->sockname ? overrides->sockname : base->sockname);
+ } else {
+ c->logname = apr_pstrdup(p, base->logname);
+ c->logbytes = base->logbytes;
+ c->bufbytes = base->bufbytes;
+ c->sockname = apr_pstrdup(p, base->sockname);
+ }
+ return c;
}
static const char *set_scriptlog(cmd_parms *cmd, void *dummy, const char *arg)
@@ -823,8 +835,76 @@
return NULL;
}
+static const char *
+cmd_FrontPage(cmd_parms *cmd, void *mconfig, int flag)
+{
+ cgid_server_conf *sconf;
+
+ sconf = (cgid_server_conf *)ap_get_module_config(cmd->server->module_config, &frontpage_module);
+
+ if (cmd->path == NULL) { /* is server command */
+ sconf->fp_status = (flag ? TRUE : FALSE);
+ }
+ return NULL;
+}
+
+#ifdef IMPROVED_MODFP_COMPAT
+static const char*
+cmd_disable(cmd_parms* cmd, void* mconfig) {
+
+ return cmd_FrontPage(cmd, NULL, FALSE);
+}
+
+static const char*
+cmd_enable(cmd_parms* cmd, void* mconfig) {
+
+ return cmd_FrontPage(cmd, NULL, TRUE);
+}
+#endif /* IMPROVED_MODFP_COMPAT */
+
+static const char *
+cmd_FrontPageAdmin(cmd_parms *cmd, void *mconfig, int flag)
+{
+ cgid_server_conf *sconf;
+
+ sconf = (cgid_server_conf *)ap_get_module_config(cmd->server->module_config, &frontpage_module);
+
+ if (cmd->path == NULL) { /* is server command */
+ sconf->fp_admin_status = (flag ? TRUE : FALSE);
+ }
+ return NULL;
+}
+
+#ifdef IMPROVED_MODFP_COMPAT
+static const char*
+cmd_admin_disable(cmd_parms* cmd, void* mconfig) {
+
+ return cmd_FrontPageAdmin(cmd, NULL, TRUE);
+}
+
+static const char*
+cmd_admin_enable(cmd_parms* cmd, void *mconfig) {
+
+ return cmd_FrontPageAdmin(cmd, NULL, FALSE);
+}
+#endif /* IMPROVED_MODFP_COMPAT */
+
const command_rec fpcgid_cmds[] =
{
+ AP_INIT_FLAG("FrontPage", cmd_FrontPage, NULL, RSRC_CONF,
+ "On or Off to enable (default) or disable the FrontPage Extentions"),
+ AP_INIT_FLAG("FrontPageAdmin", cmd_FrontPageAdmin, NULL, RSRC_CONF,
+ "On or Off to enable (default) or disable FrontPage Administration"),
+#ifdef IMPROVED_MODFP_COMPAT
+ AP_INIT_NO_ARGS("FrontPageDisable", cmd_disable, NULL, RSRC_CONF,
+ "Disable FrontPage Extentions"),
+ AP_INIT_NO_ARGS("FrontPageEnable", cmd_enable, NULL, RSRC_CONF,
+ "Enable FrontPage Extentions"),
+ AP_INIT_NO_ARGS("FrontPageAdminDisable", cmd_admin_disable, NULL, RSRC_CONF,
+ "Disable FrontPage Administration"),
+ AP_INIT_NO_ARGS("FrontPageAdminEnable", cmd_admin_enable, NULL, RSRC_CONF,
+ "Enable FrontPage Administration"),
+#endif
AP_INIT_TAKE1("FPScriptLog", set_scriptlog, NULL, RSRC_CONF,
"the name of a log for script debugging info"),
AP_INIT_TAKE1("FPScriptLogLength", set_scriptlog_length, NULL, RSRC_CONF,

View File

@ -0,0 +1,20 @@
--- frontpage/version5.0/apache2/mod_fpcgid.h.orig Thu Jan 9 12:19:29 2003
+++ frontpage/version5.0/apache2/mod_fpcgid.h Wed Feb 12 10:31:06 2003
@@ -24,6 +24,17 @@
#ifndef MOD_FPCGID_H
#define MOD_FPCGID_H
+typedef struct {
+ int fp_status;
+ int fp_admin_status;
+ const char *sockname;
+ const char *logname;
+ long logbytes;
+ int bufbytes;
+} cgid_server_conf;
+
+module AP_MODULE_DECLARE_DATA frontpage_module;
+
void fpcgid_init_pool(int* first_time, const char* userdata_key);
int fpcgid_init(apr_pool_t* p, apr_pool_t* plog, apr_pool_t* ptemp,
server_rec* main_server);

View File

@ -0,0 +1,114 @@
--- frontpage/version5.0/apache2/mod_frontpage.c.orig Thu Jan 9 12:19:30 2003
+++ frontpage/version5.0/apache2/mod_frontpage.c Wed Feb 12 11:29:29 2003
@@ -578,6 +578,32 @@
* Thanks to Scot Hetzel (hetzels@westbend.net)
*/
ap_add_version_component(p, "FrontPage/5.0.2.2635");
+
+ while (s != NULL) {
+ cgid_server_conf* c = ap_get_module_config(s->module_config, &frontpage_module);
+ if (c->fp_status == -1)
+#ifdef DEFAULT_TO_OFF
+ c->fp_status = FALSE;
+#else
+ c->fp_status = TRUE;
+#endif
+ if (!c->fp_status)
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "FrontPage disabled for server %s:%d\n",
+ s->server_hostname, s->port);
+ if (c->fp_admin_status == -1)
+#ifdef DEFAULT_TO_OFF
+ c->fp_admin_status = FALSE;
+#else
+ c->fp_admin_status = TRUE;
+#endif
+ if (!c->fp_admin_status)
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "FrontPage Administration pages disabled for server %s:%d\n",
+ s->server_hostname, s->port);
+ s = s->next;
+ }
+
return OK;
}
@@ -836,6 +862,27 @@
/*
+ * We *MUST* have been authenticated somehow for AUTHOR or ADMIN requests.
+ * This prevents the single largest hole in FrontPage: if the user somehow
+ * deletes their .htaccess files anyone can gain FrontPage AUTHOR or ADMIN
+ * privileges. With this check we won't allow ADMIN or AUTHOR unless _some_
+ * authentication was performed.
+ */
+static int FrontPageNeedAuth(
+ request_rec* r,
+ char* szCgi,
+ const char* szFpexe)
+{
+ if ((r->user == NULL) || (r->ap_auth_type == NULL)) {
+ ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
+ "server configuration did not require authentication: %s", r->filename);
+ return HTTP_UNAUTHORIZED;
+ } else {
+ return FrontPageAlias(r, szCgi, szFpexe);
+ }
+}
+
+/*
* This routine looks for shtml.exe, fpcount.exe, author.exe and admin.exe
* in a URI, and if found we call FrontPageAlias() to check for a valid
* FrontPage scenario.
@@ -847,6 +894,7 @@
{
char* szVti;
char* szCgi;
+ cgid_server_conf *c;
/*
* Decline if we're improperly initialized.
@@ -855,6 +903,13 @@
return DECLINED;
/*
+ * Decline if we have disabled FrontPage on the server.
+ */
+ c = (cgid_server_conf *)ap_get_module_config (r->server->module_config, &frontpage_module);
+ if (!c->fp_status)
+ return HTTP_FORBIDDEN;
+
+ /*
* Check once for anything with _vti_bin. This is much faster than
* checking all our paths, because anything without this is definitely
* not a FrontPage scenario.
@@ -875,7 +930,7 @@
return FrontPageAlias(r, szCgi, AUTHOR);
/*
* Convert inadvertent shtml.dll to shtml.exe
- * Thanks for the idea to Scot Hetzel (hetzels@westbend.net)
+ * Thanks for the idea from Scot Hetzel (hetzels@westbend.net)
*/
if ((szCgi = strstr(szVti, SHTML2 )))
{
@@ -885,9 +940,17 @@
if ((szCgi = strstr(szVti, SHTML )))
return FrontPageAlias(r, szCgi, SHTML);
if ((szCgi = strstr(szVti, ADMIN )))
- return FrontPageAlias(r, szCgi, ADMIN);
+ if (c->fp_admin_status) {
+ return FrontPageAlias(r, szCgi, ADMIN);
+ } else {
+ return HTTP_FORBIDDEN;
+ }
if ((szCgi = strstr(szVti, ADMINCGI )))
- return FrontPageAlias(r, szCgi, ADMINCGI);
+ if (c->fp_admin_status) {
+ return FrontPageAlias(r, szCgi, ADMINCGI);
+ } else {
+ return HTTP_FORBIDDEN;
+ }
if ((szCgi = strstr(szVti, FPCOUNT)))
return FrontPageAlias(r, szCgi, FPCOUNT);

View File

@ -0,0 +1,18 @@
What is it?
-----------
The Microsoft Frontpage module allows web administrators and authors to
remotely manage, create, modify, or delete web pages on the Apache server
using the Microsoft FrontPage Extentions.
Documentation
-------------
All the documentation is on-line at these URL's:
FrontPage - http://www.microsoft.com/frontpage
- http://www.microsoft.com/technet/prodtechnol/sharepnt/proddocs/admindoc/ows000.asp
- http://www.microsoft.com/technet/prodtechnol/sharepnt/proddocs/admindoc/owse01.asp
- http://www.microsoft.com/technet/prodtechnol/sharepnt/proddocs/admindoc/owse02.asp
WWW: http://www.rtr.com

View File

@ -0,0 +1,103 @@
************************************************************************
1.)
You'll need to change the AllowOverride directive in
%%PREFIX%%/etc/apache2/httpd.conf under the
default web from None to at least "AuthConfig Limit Indexes Options".
<Directory "%%PREFIX%%/www/data">
:
AllowOverride AuthConfig Limit Indexes Options
:
</Directory>
Don't use "AllowOverride All" if you have a server environment
with customers, since this can be a security risk, as they
could modify the .htaccess files themselves.
You'll also need to change the AllowOverride Directive on all
virtual hosts that you are going to enable with Frontpage Extentions.
2.)
You can turn the extensions and the frontpage administration on/off
per site in httpd.conf and per virtual server.
FrontPage On/Off # Allows/Disallows Client to publish with
FrontPage Extensions
FrontPageAdmin On/Off # Allows/Disallows Administration of web site
with FrontPage Extensions
By default FrontPage Extentions and Administration are enabled. If
the module has been compiled with WITH_DISABLED, then you need to
add one of the above directives.
If the module has been compiled with WITH_MODFP_COMPAT, then the
following directives from the Improved Mod_Frontpage are available:
FrontPageEnable # Same as 'FrontPage On'
FrontPageDisable # Same as 'FrontPage Off'
FrontPageAdminEnable # Same as 'FrontPageAdmin On'
FrontPageAdminDisable # Same as 'FrontPageAdmin Off'
3.)
If this is a fresh Apache install, you should remove the symbolic link
to the %%PREFIX%%/www/data directory, and create a real directory.
rm %%PREFIX%%/www/data
mkdir %%PREFIX%%/www/data
4.)
After you have made these changes, you'll need to execute:
%%PREFIX%%/frontpage/version5.0/fp_install.sh
to build the base apache/frontpage web site and to setup frontpage
users and admins. You can also run this to add virtual hosts to
the apache/frontpage system.
NOTE: If you get this error:
Error: An access setup description is required when creating the root web.
check the document root for .htaccess files. Rename them, and then combine
them with the .htaccess files created by the frontpage install.
5.)
If you have installed the port in another PREFIX than "/usr/local"
you have to create a symlink. Microsoft has hardcoded the local
path in their binarys. If you do not use fp_install.sh, you have
to create the link manually:
ln -s %%PREFIX%%/frontpage /usr/local/frontpage
NOTE:
1. When using owsadm.exe, you need to specify the server type in the
command.
owsadm.exe -t apache-2.0 ...
2. To create the Global Administration web site use:
owsadm.exe -o setadminport -p <PORT> -t apache-2.0 \
-s %%PREFIX%%/etc/apache2/httpd.conf -username <USERNAME> \
-pw <PASSWORD>
where PORT is not equal to any existing web servers port.
3. To remove the Global Administration web site use:
owsadm -o deleteadminport -t apache-2.0 \
-s %%PREFIX%%/etc/apache2/httpd.conf
************************************************************************

View File

@ -0,0 +1,115 @@
************************************************************************
1.)
Check your httpd.conf, if you have included a ResourceConfig and
AccessConfig. If you do not have these files, you'll have to add
these lines to make the frontpage extensions work properly. These
lines are commented out in the default config, so you'll have to
activate them again. If you have a real ResourceConfig and
AccessConfig, you can skip this part.
ResourceConfig /dev/null
AccessConfig /dev/null
2.)
You'll need to change the AllowOverride directive under the
default web from None to at least "AuthConfig Limit Indexes Options".
<Directory "%%PREFIX%%/www/data">
:
AllowOverride AuthConfig Limit Indexes Options
:
</Directory>
Don't use "AllowOverride All" if you have a server environment
with customers, since this can be a security risk, as they
could modify the .htaccess files themselves.
You'll also need to change the AllowOverride Directive on all
virtual hosts that you are going to enable with Frontpage Extentions.
3.)
You can turn the extensions and the frontpage administration on/off
per site in httpd.conf and per virtual server.
FrontPage On/Off # Allows/Disallows Client to publish with
FrontPage Extensions
FrontPageAdmin On/Off # Allows/Disallows Administration of web site
with FrontPage Extensions
By default FrontPage Extentions and Administration are enabled. If
the module has been compiled with WITH_DISABLED, then you need to
add one of the above directives.
If the module has been compiled with WITH_MODFP_COMPAT, then the
following directives from the Improved Mod_Frontpage are available:
FrontPageEnable # Same as 'FrontPage On'
FrontPageDisable # Same as 'FrontPage Off'
FrontPageAdminEnable # Same as 'FrontPageAdmin On'
FrontPageAdminDisable # Same as 'FrontPageAdmin Off'
4.)
If this is a fresh Apache install, you should remove the symbolic link
to the %%PREFIX%%/www/data directory, and create a real directory.
rm %%PREFIX%%/www/data
mkdir %%PREFIX%%/www/data
5.)
After you have made these changes, you'll need to execute:
%%PREFIX%%/frontpage/version5.0/fp_install.sh
to build the base apache/frontpage web site and to setup frontpage
users and admins. You can also run this to add virtual hosts to
the apache/frontpage system.
NOTE: If you get this error:
Error: An access setup description is required when creating the root web.
check the document root for .htaccess files. Rename them, and then combine
them with the .htaccess files created by the frontpage install.
6.)
If you have installed the port in another PREFIX than "/usr/local"
you have to create a symlink. Microsoft has hardcoded the local
path in their binarys. If you do not use fp_install.sh, you have
to create the link manually:
ln -s %%PREFIX%%/frontpage /usr/local/frontpage
NOTE:
1. When using owsadm.exe, you need to specify the server type in the
command.
owsadm.exe -t apache-fp ...
2. To create the Global Administration web site use:
owsadm.exe -o setadminport -p <PORT> -t apache-fp \
-s %%PREFIX%%/etc/apache/httpd.conf -username <USERNAME> \
-pw <PASSWORD>
where PORT is not equal to any existing web servers port.
3. To remove the Global Administration web site use:
owsadm -o deleteadminport -t apache-fp \
-s %%PREFIX%%/etc/apache/httpd.conf
************************************************************************

View File

@ -0,0 +1,3 @@
@unexec %D/sbin/apxs -e -A -n frontpage %D/libexec/%%APACHE%%/mod_frontpage.so
libexec/%%APACHE%%/mod_frontpage.so
@exec %D/sbin/apxs -e -a -n frontpage %D/libexec/%%APACHE%%/mod_frontpage.so