From patchwork Tue Feb 16 07:28:46 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Daniel Dickinson <openwrt@daniel.thecshore.com>
X-Patchwork-Id: 583205
X-Patchwork-Delegate: nbd@openwrt.org
Return-Path: <openwrt-devel-bounces@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from arrakis.dune.hu (arrakis.dune.hu [78.24.191.176])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 8947F14031E
	for <incoming@patchwork.ozlabs.org>;
	Tue, 16 Feb 2016 18:29:13 +1100 (AEDT)
Received: from arrakis.dune.hu (localhost [127.0.0.1])
	by arrakis.dune.hu (Postfix) with ESMTP id 8769828BC0F;
	Tue, 16 Feb 2016 08:28:57 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on arrakis.dune.hu
X-Spam-Level: 
X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,RDNS_NONE
	autolearn=no version=3.3.2
Received: from arrakis.dune.hu (localhost [127.0.0.1])
	by arrakis.dune.hu (Postfix) with ESMTP id A651328B414
	for <openwrt-devel@lists.openwrt.org>;
	Tue, 16 Feb 2016 08:28:52 +0100 (CET)
X-policyd-weight: using cached result; rate: -8.5
Received: from s2.neomailbox.net (unknown [5.148.176.60])
	by arrakis.dune.hu (Postfix) with ESMTPS
	for <openwrt-devel@lists.openwrt.org>;
	Tue, 16 Feb 2016 08:28:52 +0100 (CET)
From: openwrt@daniel.thecshore.com
To: openwrt-devel@lists.openwrt.org
Date: Tue, 16 Feb 2016 02:28:46 -0500
Message-Id: <1455607726-84165-1-git-send-email-openwrt@daniel.thecshore.com>
Subject: [OpenWrt-Devel] [PATCH] [RESEND] network/services/uhttpd: Add Basic
	Auth config
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: 
 <https://lists.openwrt.org/cgi-bin/mailman/options/openwrt-devel>,
	<mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: 
 <https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel>,
	<mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: openwrt-devel-bounces@lists.openwrt.org
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>

From: Daniel Dickinson <openwrt@daniel.thecshore.com>

No comment on previous send of this patch, hence resent.

We add an 'httpauth' section type that contains the options:

instance: Which uhttpd config section the auth is associated with
prefix: What virtual or real URL is being protected
username: The username for the Basic Auth dialogue
password: Hashed (crypt()) or plaintext password for the Basic Auth dialogue

If instance is not specified auth section applies to
all instances of uhttpd; if instance is specified
the auth section only applies to the uhttpd config
section with the same name as specified with the
instance option.

Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
---
 package/network/services/uhttpd/files/uhttpd.init | 36 ++++++++++++++++++++++-
 1 file changed, 35 insertions(+), 1 deletion(-)

diff --git a/package/network/services/uhttpd/files/uhttpd.init b/package/network/services/uhttpd/files/uhttpd.init
index 4ca6c8d..910828e 100755
--- a/package/network/services/uhttpd/files/uhttpd.init
+++ b/package/network/services/uhttpd/files/uhttpd.init
@@ -53,6 +53,28 @@ generate_keys() {
 	}
 }
 
+create_httpauth() {
+	local cfg="$1"
+	local basecfg="$2"
+	local prefix username password
+
+	local instance
+	config_get instance "$cfg" instance
+	if [ -n "$instance" ] && [ "$instance" != "$basecfg" ]; then
+		return
+	fi
+
+	config_get prefix "$cfg" prefix
+	config_get username "$cfg" username
+	config_get password "$cfg" password
+
+	if [ -z "$prefix" ] || [ -z "$username" ] || [ -z "$password" ]; then
+		return
+	fi
+	echo "${prefix}:${username}:${password}" >>$httpdconf
+	haveauth=1
+}
+
 start_instance()
 {
 	UHTTPD_CERT=""
@@ -60,17 +82,29 @@ start_instance()
 
 	local cfg="$1"
 	local realm="$(uci_get system.@system[0].hostname)"
-	local listen http https interpreter indexes path handler
+	local listen http https interpreter indexes path handler httpdconf haveauth
 
 	procd_open_instance
 	procd_set_param respawn
 	procd_set_param stderr 1
 	procd_set_param command "$UHTTPD_BIN" -f
 
+	config_get config "$cfg" config
+	if [ -z "$config" ]; then
+		mkdir -p /var/etc/uhttpd
+		httpdconf="/var/etc/uhttpd/httpd.${cfg}.conf"
+		rm -f ${httpdconf}
+		config_foreach create_httpauth httpauth "$cfg"
+		if [ "$haveauth" = "1" ]; then
+			procd_append_param command -c ${httpdconf}
+		fi
+	fi
+
 	append_arg "$cfg" home "-h"
 	append_arg "$cfg" realm "-r" "${realm:-OpenWrt}"
 	append_arg "$cfg" config "-c"
 	append_arg "$cfg" cgi_prefix "-x"
+
 	[ -f /usr/lib/uhttpd_lua.so ] && {
 		config_get handler "$cfg" lua_handler
 		[ -f "$handler" ] && append_arg "$cfg" lua_prefix "-l" && {