Daniel Dickinson 98c86e2970 uhttpd: Add Basic Auth config
We add an 'httpauth' section type that contains the options:

prefix: What virtual or real URL is being protected
username: The username for the Basic Auth dialogue
password: Hashed (crypt()) or plaintext password for the Basic Auth dialogue

httpauth section names are given included as list
items to the instances to which they are to be applied.

Further any existing httpd.conf file (really whatever
is configured in the instance, but default of
/etc/httpd.conf) is appended to the per-instance httpd.conf

Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
2016-10-31 13:22:51 +01:00

188 lines
4.7 KiB
Bash
Executable File

#!/bin/sh /etc/rc.common
# Copyright (C) 2010 Jo-Philipp Wich
START=50
USE_PROCD=1
UHTTPD_BIN="/usr/sbin/uhttpd"
PX5G_BIN="/usr/sbin/px5g"
OPENSSL_BIN="/usr/bin/openssl"
append_arg() {
local cfg="$1"
local var="$2"
local opt="$3"
local def="$4"
local val
config_get val "$cfg" "$var"
[ -n "$val" -o -n "$def" ] && procd_append_param command "$opt" "${val:-$def}"
}
append_bool() {
local cfg="$1"
local var="$2"
local opt="$3"
local def="$4"
local val
config_get_bool val "$cfg" "$var" "$def"
[ "$val" = 1 ] && procd_append_param command "$opt"
}
generate_keys() {
local cfg="$1"
local key="$2"
local crt="$3"
local days bits country state location commonname
config_get days "$cfg" days
config_get bits "$cfg" bits
config_get country "$cfg" country
config_get state "$cfg" state
config_get location "$cfg" location
config_get commonname "$cfg" commonname
# Prefer px5g for certificate generation (existence evaluated last)
local GENKEY_CMD=""
local UNIQUEID=$(dd if=/dev/urandom bs=1 count=4 | hexdump -e '1/1 "%02x"')
[ -x "$OPENSSL_BIN" ] && GENKEY_CMD="$OPENSSL_BIN req -x509 -outform der -nodes"
[ -x "$PX5G_BIN" ] && GENKEY_CMD="$PX5G_BIN selfsigned -der"
[ -n "$GENKEY_CMD" ] && {
$GENKEY_CMD \
-days ${days:-730} -newkey rsa:${bits:-2048} -keyout "${UHTTPD_KEY}.new" -out "${UHTTPD_CERT}.new" \
-subj /C="${country:-DE}"/ST="${state:-Saxony}"/L="${location:-Leipzig}"/O="${commonname:-Lede}$UNIQUEID"/CN="${commonname:-Lede}"
sync
mv "${UHTTPD_KEY}.new" "${UHTTPD_KEY}"
mv "${UHTTPD_CERT}.new" "${UHTTPD_CERT}"
}
}
create_httpauth() {
local cfg="$1"
local prefix username password
config_get prefix "$cfg" prefix
config_get username "$cfg" username
config_get password "$cfg" password
if [ -z "$prefix" ] || [ -z "$username" ] || [ -z "$password" ]; then
return
fi
echo "${prefix}:${username}:${password}" >>$httpdconf
haveauth=1
}
start_instance()
{
UHTTPD_CERT=""
UHTTPD_KEY=""
local cfg="$1"
local realm="$(uci_get system.@system[0].hostname)"
local listen http https interpreter indexes path handler httpdconf haveauth
procd_open_instance
procd_set_param respawn
procd_set_param stderr 1
procd_set_param command "$UHTTPD_BIN" -f
config_get config "$cfg" config
if [ -z "$config" ]; then
mkdir -p /var/etc/uhttpd
httpdconf="/var/etc/uhttpd/httpd.${cfg}.conf"
rm -f ${httpdconf}
config_list_foreach "$cfg" httpauth create_httpauth
if [ "$haveauth" = "1" ]; then
procd_append_param command -c ${httpdconf}
[ -r /etc/httpd.conf ] && cat /etc/httpd.conf >>/var/etc/uhttpd/httpd.${cfg}.conf
fi
fi
append_arg "$cfg" home "-h"
append_arg "$cfg" realm "-r" "${realm:-OpenWrt}"
append_arg "$cfg" config "-c"
append_arg "$cfg" cgi_prefix "-x"
[ -f /usr/lib/uhttpd_lua.so ] && {
config_get handler "$cfg" lua_handler
[ -f "$handler" ] && append_arg "$cfg" lua_prefix "-l" && {
procd_append_param command "-L" "$handler"
}
}
[ -f /usr/lib/uhttpd_ubus.so ] && {
append_arg "$cfg" ubus_prefix "-u"
append_arg "$cfg" ubus_socket "-U"
append_bool "$cfg" ubus_cors "-X" 0
}
append_arg "$cfg" script_timeout "-t"
append_arg "$cfg" network_timeout "-T"
append_arg "$cfg" http_keepalive "-k"
append_arg "$cfg" tcp_keepalive "-A"
append_arg "$cfg" error_page "-E"
append_arg "$cfg" max_requests "-n" 3
append_arg "$cfg" max_connections "-N"
append_bool "$cfg" no_ubusauth "-a" 0
append_bool "$cfg" no_symlinks "-S" 0
append_bool "$cfg" no_dirlists "-D" 0
append_bool "$cfg" rfc1918_filter "-R" 0
config_get alias_list "$cfg" alias
for alias in $alias_list; do
procd_append_param command -y "$alias"
done
config_get http "$cfg" listen_http
for listen in $http; do
procd_append_param command -p "$listen"
done
config_get interpreter "$cfg" interpreter
for path in $interpreter; do
procd_append_param command -i "$path"
done
config_get indexes "$cfg" index_page
for path in $indexes; do
procd_append_param command -I "$path"
done
config_get https "$cfg" listen_https
config_get UHTTPD_KEY "$cfg" key /etc/uhttpd.key
config_get UHTTPD_CERT "$cfg" cert /etc/uhttpd.crt
[ -f /lib/libustream-ssl.so ] && [ -n "$https" ] && {
[ -s "$UHTTPD_CERT" -a -s "$UHTTPD_KEY" ] || {
config_foreach generate_keys cert
}
[ -f "$UHTTPD_CERT" -a -f "$UHTTPD_KEY" ] && {
append_arg "$cfg" cert "-C"
append_arg "$cfg" key "-K"
for listen in $https; do
procd_append_param command -s "$listen"
done
}
append_bool "$cfg" redirect_https "-q" 0
}
for file in /etc/uhttpd/*.json; do
[ -s "$file" ] && procd_append_param command -H "$file"
done
procd_close_instance
}
service_triggers()
{
procd_add_reload_trigger "uhttpd"
}
start_service() {
config_load uhttpd
config_foreach start_instance uhttpd
}