From c0ce5478da211b11a01da1d128848e9bbc6f080f Mon Sep 17 00:00:00 2001
From: Thierry Parmentelat <thierry.parmentelat@inria.fr>
Date: Wed, 6 Feb 2013 16:23:41 +0100
Subject: [PATCH] knows about apache 2.4 new access scheme
 http://httpd.apache.org/docs/2.4/upgrading.html#access

---
 plc.d/functions | 40 ++++++++++++++++++++++++++++++++++++++++
 plc.d/httpd     |  8 +++++++-
 2 files changed, 47 insertions(+), 1 deletion(-)

diff --git a/plc.d/functions b/plc.d/functions
index 3ca315b..58508a3 100644
--- a/plc.d/functions
+++ b/plc.d/functions
@@ -138,6 +138,46 @@ function plc_reload () {
     fi
 }
 
+#################### feb 2013 for f18
+# Authorization directives change in apache 2.4
+# http://httpd.apache.org/docs/2.4/upgrading.html#access
+#### up to 2.2, this would be e.g.
+# apachectl -V
+# Server version: Apache/2.2.22 (Unix)
+# <Directory "/usr/share/plc_api/apache">
+# Options	+ExecCGI
+# Order allow,deny
+# Allow from all
+# </Directory>
+#### starting with 2.4 it becomes
+# apachectl -V
+# Server version: Apache/2.4.3 (Fedora)
+# <Directory "/usr/share/plc_api/apache">
+# Options	+ExecCGI
+# Require	all granted
+# </Directory>
+
+function apache_newauth () {
+    apache_version=$(apachectl -V 2> /dev/null | grep 'Server version' | cut -d ' ' -f3 | sed -e 's,^.*/,,')
+    apache_major=$(echo $apache_version | cut -d. -f1)
+    apache_minor=$(echo $apache_version | cut -d. -f2)
+    test "$apache_minor" -ge 4
+}
+function apache_allow () {
+    if apache_newauth; then
+	echo -e "Require all granted"
+    else
+	echo -e "Order allow,deny\n   Allow from all"
+    fi
+}
+function apache_forbid () {
+    if apache_newauth; then
+	echo -e "Require all denied"
+    else
+	echo -e "Order deny,allow\n   Deny from all"
+    fi
+}
+
 # Make copies of stdout and stderr. The plc initscript redirects
 # stdout and stderr to a logfile if -v is not specified.
 [ ! -e /proc/self/fd/3 ] && exec 3>&1
diff --git a/plc.d/httpd b/plc.d/httpd
index 8ac141d..71d3c0e 100755
--- a/plc.d/httpd
+++ b/plc.d/httpd
@@ -158,9 +158,15 @@ WSGISocketPrefix run/wsgi
    SSLCertificateFile /etc/planetlab/${server_lower}_ssl.crt
    SSLCertificateKeyFile /etc/planetlab/${server_lower}_ssl.key
    SSLCertificateChainFile /etc/planetlab/${server_lower}_ca_ssl.crt
+
+   <Directory "/usr/share/plc_api/apache">
+   Options +ExecCGI
+   $(apache_allow)
+   </Directory>
 </VirtualHost>
 
 EOF
+
 	    fi
 	done >$plc_conf
 
@@ -176,7 +182,7 @@ EOF
 		cat <<EOF
 # mod_wsgi location
 <Location $PLC_API_PATH>
-    Deny from all
+    $(apache_forbid)
 </Location> 
 EOF
 	    fi
-- 
2.43.0