[source] uhttpd: Add Basic Auth config

LEDE Commits lede-commits at lists.infradead.org
Mon Oct 31 05:23:00 PDT 2016


jow pushed a commit to source.git, branch master:
https://git.lede-project.org/98c86e29705cb1e73e4f2e16044f1e73cff32e31

commit 98c86e29705cb1e73e4f2e16044f1e73cff32e31
Author: Daniel Dickinson <lede at cshore.thecshore.com>
AuthorDate: Sat Aug 13 19:24:59 2016 -0400

    uhttpd: Add Basic Auth config
    
    We add an 'httpauth' section type that contains the options:
    
    prefix: What virtual or real URL is being protected
    username: The username for the Basic Auth dialogue
    password: Hashed (crypt()) or plaintext password for the Basic Auth dialogue
    
    httpauth section names are given included as list
    items to the instances to which they are to be applied.
    
    Further any existing httpd.conf file (really whatever
    is configured in the instance, but default of
    /etc/httpd.conf) is appended to the per-instance httpd.conf
    
    Signed-off-by: Daniel Dickinson <lede at cshore.thecshore.com>
---
 .../network/services/uhttpd/files/uhttpd.config    | 10 ++++++++
 package/network/services/uhttpd/files/uhttpd.init  | 29 +++++++++++++++++++++-
 2 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/package/network/services/uhttpd/files/uhttpd.config b/package/network/services/uhttpd/files/uhttpd.config
index fab5160..89f99aa 100644
--- a/package/network/services/uhttpd/files/uhttpd.config
+++ b/package/network/services/uhttpd/files/uhttpd.config
@@ -103,6 +103,11 @@ config uhttpd main
 	# except for development and debug purposes!
 #	option no_ubusauth	0
 
+	# For this instance of uhttpd use the listed httpauth
+	# sections to require Basic auth to the specified
+	# resources.
+#	list httpauth prefix_user
+
 
 # Defaults for automatic certificate and key generation
 config cert defaults
@@ -120,3 +125,8 @@ config cert defaults
 
 	# Common name
 	option commonname	'%D'
+
+# config httpauth prefix_user
+#	option prefix /protected/url/path
+#	option username user
+#	option password 'plaintext_or_md5_or_$p$user_for_system_user'
diff --git a/package/network/services/uhttpd/files/uhttpd.init b/package/network/services/uhttpd/files/uhttpd.init
index a2dbcd2..53bf04c 100755
--- a/package/network/services/uhttpd/files/uhttpd.init
+++ b/package/network/services/uhttpd/files/uhttpd.init
@@ -59,6 +59,21 @@ generate_keys() {
 	}
 }
 
+create_httpauth() {
+	local cfg="$1"
+	local prefix username password
+
+	config_get prefix "$cfg" prefix
+	config_get username "$cfg" username
+	config_get password "$cfg" password
+
+	if [ -z "$prefix" ] || [ -z "$username" ] || [ -z "$password" ]; then
+		return
+	fi
+	echo "${prefix}:${username}:${password}" >>$httpdconf
+	haveauth=1
+}
+
 start_instance()
 {
 	UHTTPD_CERT=""
@@ -66,13 +81,25 @@ start_instance()
 
 	local cfg="$1"
 	local realm="$(uci_get system. at system[0].hostname)"
-	local listen http https interpreter indexes path handler
+	local listen http https interpreter indexes path handler httpdconf haveauth
 
 	procd_open_instance
 	procd_set_param respawn
 	procd_set_param stderr 1
 	procd_set_param command "$UHTTPD_BIN" -f
 
+	config_get config "$cfg" config
+	if [ -z "$config" ]; then
+		mkdir -p /var/etc/uhttpd
+		httpdconf="/var/etc/uhttpd/httpd.${cfg}.conf"
+		rm -f ${httpdconf}
+		config_list_foreach "$cfg" httpauth create_httpauth
+		if [ "$haveauth" = "1" ]; then
+			procd_append_param command -c ${httpdconf}
+			[ -r /etc/httpd.conf ] && cat /etc/httpd.conf >>/var/etc/uhttpd/httpd.${cfg}.conf
+		fi
+	fi
+
 	append_arg "$cfg" home "-h"
 	append_arg "$cfg" realm "-r" "${realm:-OpenWrt}"
 	append_arg "$cfg" config "-c"



More information about the lede-commits mailing list