From: Joe Presbrey <presbrey@mit.edu>
Date: Mon, 13 Jul 2009 22:25:40 +0000 (+0000)
Subject: gssapi:/api, cleanup old php.ini files
X-Git-Url: http://andersk.mit.edu/gitweb/sql.git/commitdiff_plain/d00306fe1eed2359bcae082490ef555affff1921

gssapi:/api, cleanup old php.ini files

git-svn-id: svn://presbrey.mit.edu/sql@178 a142d4bd-2cfb-0310-9673-cb33a7e74f58
---

diff --git a/etc/lighttpd/lighttpd.conf b/etc/lighttpd/lighttpd.conf
index 58606c1..e17178e 100644
--- a/etc/lighttpd/lighttpd.conf
+++ b/etc/lighttpd/lighttpd.conf
@@ -1,4 +1,4 @@
-server.modules              = ( "mod_rewrite", "mod_alias", "mod_access", "mod_proxy_core", "mod_proxy_backend_fastcgi", "mod_redirect", "mod_accesslog" )
+server.modules              = ( "mod_rewrite", "mod_alias", "mod_access", "mod_auth", "mod_proxy_core", "mod_proxy_backend_fastcgi", "mod_redirect", "mod_magnet", "mod_accesslog" )
 server.errorlog             = "/var/log/lighttpd/error_log"
 $HTTP["useragent"] !~ "^check_http" {
     accesslog.filename          = "/var/log/lighttpd/access_log"
@@ -32,6 +32,7 @@ url.rewrite-once += ( "^/~sql/dev/do/([^\?]+)(\??.*)" => "/~sql/dev/$1.php$2" )
 url.rewrite-once += ( "^/main/do/([^\?]+)(\??.*)" => "/main/$1.php$2" )
 url.rewrite-once += ( "^/dev/do/([^\?]+)(\??.*)" => "/dev/$1.php$2" )
 url.redirect = ( "^/phpMyAdmin(.*)" => "http://scripts.mit.edu/~sql/phpMyAdmin$1" )
+
 ssl.verifyclient.username  = "SSL_CLIENT_S_DN_emailAddress"
 $SERVER["socket"] == "0.0.0.0:443" {
     ssl.engine = "enable"
@@ -40,7 +41,19 @@ $SERVER["socket"] == "0.0.0.0:443" {
     ssl.verifyclient.activate   = "enable"
     ssl.verifyclient.enforce    = "disable"
     ssl.verifyclient.depth      = 2
+
+    $HTTP["url"] =~ "^/api(/|$)" {
+        $HTTP["useragent"] =~ "AppleWebKit" {
+            url.access-deny = ("")
+        }
+        auth.backend = "gssapi"
+        auth.backend.gssapi.principal = "HTTP/sql.mit.edu"
+        auth.backend.gssapi.keytab = "/etc/lighttpd/krb5.keytab"
+        auth.require = ( "/" => ( "method" => "gssapi", "realm" => "ATHENA.MIT.EDU", "require" => "valid-user"))
+        magnet.attract-raw-url-to = ( "/srv/www/api.lua" )
+    }
 }
+
 mimetype.assign = (
     ".gz"           =>      "application/x-gzip",
     ".tar.gz"       =>      "application/x-tgz",
diff --git a/www/api.lua b/www/api.lua
new file mode 100644
index 0000000..4d20909
--- /dev/null
+++ b/www/api.lua
@@ -0,0 +1,2 @@
+lighty.content = { lighty.req_env['REMOTE_USER'] }
+return 200