ncp-web: authentication fixesv0.29.3

4 files changed, 52 insertions, 8 deletions

diff --git a/changelog.md b/changelog.md
index 07d651f9..547f3eaa 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,13 +1,13 @@
 
-[v0.29.3](https://github.com/nextcloud/nextcloudpi/commit/93c19f2) (2017-09-21) docker: updated to stretch and added NextCloudPi layer
+[v0.29.3](https://github.com/nextcloud/nextcloudpi/commit/0a5eabe) (2017-09-24) ncp-web: authentication fixes
 
-[v0.29.2 ](https://github.com/nextcloud/nextcloudpi/commit/94a6513) (2017-09-20) changed hostname
+[v0.29.2 ](https://github.com/nextcloud/nextcloudpi/commit/353be22) (2017-09-20) changed hostname
 
-[v0.29.1 ](https://github.com/nextcloud/nextcloudpi/commit/03b0263) (2017-09-20) lamp: add fileinfo mcrypt packages
+[v0.29.1 ](https://github.com/nextcloud/nextcloudpi/commit/0733636) (2017-09-20) lamp: add fileinfo mcrypt packages
 
-[v0.29.0 ](https://github.com/nextcloud/nextcloudpi/commit/74a97c3) (2017-09-20) updated to NC12.0.3
+[v0.29.0 ](https://github.com/nextcloud/nextcloudpi/commit/0c1f1af) (2017-09-20) updated to NC12.0.3
 
-[v0.28.2](https://github.com/nextcloud/nextcloudpi/commit/ac3fcab) (2017-09-18) ncp-web: point changelog to master
+[v0.28.2 ](https://github.com/nextcloud/nextcloudpi/commit/ac3fcab) (2017-09-18) ncp-web: point changelog to master
 
 [v0.28.1 ](https://github.com/nextcloud/nextcloudpi/commit/3b71b3d) (2017-09-15) nc-static-IP: add new IP to trusted domain
 
diff --git a/lamp.sh b/lamp.sh
index 18eed1af..befe147c 100644
--- a/lamp.sh
+++ b/lamp.sh
@@ -33,7 +33,6 @@ install()
     $APTINSTALL cron
     $APTINSTALL util-linux # TODO only need getopt (busybox?)
     $APTINSTALL apache2
-    $APTINSTALL libapache2-mod-authnz-external
     $APTINSTALL php7.0 php7.0-curl php7.0-gd php7.0-fpm php7.0-cli php7.0-opcache php7.0-mbstring php7.0-xml php7.0-zip php7.0-APC php7.0-fileinfo php7.0-mcrypt
     mkdir -p /run/php
 
@@ -109,7 +108,6 @@ EOF
     a2enmod dir
     a2enmod mime
     a2enmod ssl
-    a2enmod authnz_external
     
     a2dismod -f status reqtimeout env autoindex access_compat auth_basic authn_file authn_core alias access_compat
     echo "ServerName localhost" >> /etc/apache2/apache2.conf
diff --git a/nextcloudpi.sh b/nextcloudpi.sh
index fad2d2de..ace828ae 100644
--- a/nextcloudpi.sh
+++ b/nextcloudpi.sh
@@ -50,7 +50,7 @@ Listen 4443
 <Directory /var/www/ncp-web/>
 
   AuthType Basic
-  AuthName "Login"
+  AuthName "ncp-web login"
   AuthBasicProvider external
   AuthExternal pwauth
 
@@ -70,6 +70,8 @@ Listen 4443
 </Directory>
 
 EOF
+  $APTINSTALL libapache2-mod-authnz-external pwauth
+  a2enmod authnz_external authn_core auth_basic
   a2ensite ncp
 
   mkdir /home/www -p
diff --git a/update.sh b/update.sh
index 19b91d2f..9d4ffd27 100755
--- a/update.sh
+++ b/update.sh
@@ -202,6 +202,50 @@ test -f /usr/local/etc/ncp-baseimage || echo "untagged" > /usr/local/etc/ncp-bas
 # remove artifacts
 rm -f /usr/local/etc/nextcloudpi-config.d/config_.txt
 
+# ncp-web password auth
+  grep -q DefineExternalAuth /etc/apache2/sites-available/ncp.conf || {
+    CERTFILE=$( grep SSLCertificateFile    /etc/apache2/sites-available/ncp.conf| awk '{ print $2 }' )
+    KEYFILE=$(  grep SSLCertificateKeyFile /etc/apache2/sites-available/ncp.conf| awk '{ print $2 }' )
+    cat > /etc/apache2/sites-available/ncp.conf <<EOF
+Listen 4443
+<VirtualHost _default_:4443>
+  DocumentRoot /var/www/ncp-web
+  SSLEngine on
+  SSLCertificateFile    $CERTFILE
+  SSLCertificateKeyFile $KEYFILE
+
+  <IfModule mod_authnz_external.c>
+    DefineExternalAuth pwauth pipe /usr/sbin/pwauth
+  </IfModule>
+
+</VirtualHost>
+<Directory /var/www/ncp-web/>
+
+  AuthType Basic
+  AuthName "ncp-web login"
+  AuthBasicProvider external
+  AuthExternal pwauth
+
+  <RequireAll>
+
+   <RequireAny>
+      Require host localhost
+      Require local
+      Require ip 192.168
+      Require ip 10
+   </RequireAny>
+
+   Require user pi
+
+  </RequireAll>
+
+</Directory>
+EOF
+    apt-get update
+    apt-get install -y --no-install-recommends libapache2-mod-authnz-external pwauth
+    a2enmod authnz_external authn_core auth_basic
+    bash -c "sleep 2 && systemctl restart apache2" &>/dev/null &
+  }
 }
 
 # License