move django.wsgi into apache/ subdir for improved security

new adduser script for creating portal-gui users (to be used with rpkidemo) add stub apache conf file for integration with mod_wsgi svn path=/portal-gui/Makefile.in; revision=3504
author: Michael Elkins <melkins@tislabs.com> 2010-10-28 18:58:08 +0000
committer: Michael Elkins <melkins@tislabs.com> 2010-10-28 18:58:08 +0000
commit: 0265a9e57f0a0ebc5918a89b3b400742924cbccb (patch)
tree: ad1fc601eece22cfea9185b8c764a997d93bf4ee /portal-gui
parent: b3563e3c223b98a8d1c8dff838dcd3018e32a3a0 (diff)
7 files changed, 128 insertions, 10 deletions
diff --git a/portal-gui/Makefile.in b/portal-gui/Makefile.in
index 22e817fb..f9b98b1c 100644
--- a/portal-gui/Makefile.in
+++ b/portal-gui/Makefile.in
@@ -13,7 +13,8 @@ DATABASE_PATH=@DATABASE_PATH@
 
 # automatically built sources
 BUILD=$(srcdir)/configure Makefile config.status rpkigui/settings.py \
-      rpkigui/urls.py scripts/helper scripts/runserver rpkigui/django.wsgi.in
+      rpkigui/urls.py scripts/helper scripts/runserver apache/django.wsgi \
+      apache/zmyrpki.conf
 
 all: $(BUILD)
 
@@ -38,14 +39,17 @@ scripts/helper: $(srcdir)/scripts/helper.in
 scripts/runserver: $(srcdir)/scripts/runserver.in
 	./config.status
 
-rpkigui/django.wsgi: $(srcdir)/rpki/django.wsgi
+apache/django.wsgi: $(srcdir)/apache/django.wsgi.in
+	./config.status
+
+apache/zmyrpki.conf: $(srcdir)/apache/zmyrpki.conf.in
 	./config.status
 
 INSTALL_FILES=\
+	apache/django.wsgi \
 	media/img/my.png \
 	media/img/rpki.png \
 	rpkigui/__init__.py \
-	rpkigui/django.wsgi \
 	rpkigui/manage.py \
 	rpkigui/settings.py \
 	rpkigui/urls.py \
@@ -69,6 +73,7 @@ INSTALL_FILES=\
 	rpkigui/templates/myrpki/prefix_view.html \
 	rpkigui/templates/myrpki/xml_import.html \
 	rpkigui/templates/registration/login.html \
+	scripts/adduser \
 	scripts/helper \
 	scripts/list_resources.py \
 	scripts/load_csv.py \
@@ -76,6 +81,7 @@ INSTALL_FILES=\
 
 install: $(BUILD)
 	mkdir -p `dirname $(DATABASE_PATH)`
+	mkdir -p $(INSTDIR)/apache
 	mkdir -p $(INSTDIR)/media/img
 	mkdir -p $(INSTDIR)/rpkigui/myrpki
 	mkdir -p $(INSTDIR)/rpkigui/templates/myrpki
@@ -86,5 +92,7 @@ install: $(BUILD)
 	done
 	ln -sf $(INSTDIR)/scripts/helper $(INSTDIR)/scripts/load_csv
 	ln -sf $(INSTDIR)/scripts/helper $(INSTDIR)/scripts/list_resources
-	chmod 755 $(INSTDIR)/scripts/load_csv $(INSTDIR)/scripts/list_resources $(INSTDIR)/scripts/runserver
+	ln -sf $(INSTDIR)/scripts/helper $(INSTDIR)/scripts/adduser
+	chmod 755 $(INSTDIR)/scripts/load_csv $(INSTDIR)/scripts/list_resources $(INSTDIR)/scripts/runserver $(INSTDIR)/scripts/adduser
 	cd $(INSTDIR)/rpkigui && $(PYTHON) manage.py syncdb --pythonpath=$(MYRPKIDIR)
+
diff --git a/portal-gui/rpkigui/django.wsgi.in b/portal-gui/apache/django.wsgi.in
index 8415f7bf..8415f7bf 100644
--- a/portal-gui/rpkigui/django.wsgi.in
+++ b/portal-gui/apache/django.wsgi.in
diff --git a/portal-gui/apache/zmyrpki.conf.in b/portal-gui/apache/zmyrpki.conf.in
new file mode 100644
index 00000000..e8ce9643
--- /dev/null
+++ b/portal-gui/apache/zmyrpki.conf.in
@@ -0,0 +1,37 @@
+# sample apache configuration file for using the portal-gui with mod_wsgi
+# @configure_input@
+
+# defines the url to the portal-gui
+WSGIScriptAlias / @INSTDIR@/apache/django.wsgi
+<Directory @INSTDIR@/rpkigui>
+Order deny,allow
+Allow from all
+</Directory>
+
+# enable http digest auth
+<Location /myrpki/>
+AuthType digest
+AuthName "myrpki"
+AuthDigestDomain /myrpki/ http://localhost/myrpki/
+AuthDigestProvider file
+AuthUserFile @INSTDIR@/htpasswd
+Require valid-user
+</Location>
+
+# enable http digest auth
+<Location /admin/>
+AuthType digest
+AuthName "myrpki"
+AuthDigestDomain /admin/ http://localhost/admin/
+AuthDigestProvider file
+AuthUserFile @INSTDIR@/htpasswd
+Require valid-user
+</Location>
+
+# media for the /admin/ site
+Alias /media/ /usr/lib/python2.6/site-packages/django/contrib/admin/media/
+<Directory /usr/lib/python2.6/site-packages/django/contrib/admin/media>
+Order allow,deny
+Allow from all
+</Directory>
+
diff --git a/portal-gui/configure b/portal-gui/configure
index 89f81e7d..d8b670dc 100755
--- a/portal-gui/configure
+++ b/portal-gui/configure
@@ -1771,9 +1771,9 @@ SECRET_KEY=`$PYTHON -c 'import random; print "".join(random.choice("abcdefghijkl
 
 ac_config_files="$ac_config_files Makefile"
 
-ac_config_files="$ac_config_files rpkigui/settings.py rpkigui/urls.py scripts/helper rpkigui/django.wsgi"
+ac_config_files="$ac_config_files rpkigui/settings.py rpkigui/urls.py scripts/helper"
 
-ac_config_files="$ac_config_files scripts/runserver"
+ac_config_files="$ac_config_files scripts/runserver apache/django.wsgi apache/zmyrpki.conf"
 
 
 cat >confcache <<\_ACEOF
@@ -2478,8 +2478,9 @@ do
     "rpkigui/settings.py") CONFIG_FILES="$CONFIG_FILES rpkigui/settings.py" ;;
     "rpkigui/urls.py") CONFIG_FILES="$CONFIG_FILES rpkigui/urls.py" ;;
     "scripts/helper") CONFIG_FILES="$CONFIG_FILES scripts/helper" ;;
-    "rpkigui/django.wsgi") CONFIG_FILES="$CONFIG_FILES rpkigui/django.wsgi" ;;
     "scripts/runserver") CONFIG_FILES="$CONFIG_FILES scripts/runserver" ;;
+    "apache/django.wsgi") CONFIG_FILES="$CONFIG_FILES apache/django.wsgi" ;;
+    "apache/zmyrpki.conf") CONFIG_FILES="$CONFIG_FILES apache/zmyrpki.conf" ;;
 
   *) as_fn_error "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
   esac
diff --git a/portal-gui/configure.ac b/portal-gui/configure.ac
index b09c5799..4d7beae1 100644
--- a/portal-gui/configure.ac
+++ b/portal-gui/configure.ac
@@ -56,7 +56,7 @@ AC_SUBST(CONFDIR)
 AC_SUBST(SECRET_KEY, `$PYTHON -c 'import random; print "".join([random.choice("abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)") for i in range(50)])'`)
 
 AC_CONFIG_FILES([Makefile])
-AC_CONFIG_FILES([rpkigui/settings.py rpkigui/urls.py scripts/helper rpkigui/django.wsgi])
-AC_CONFIG_FILES([scripts/runserver])
+AC_CONFIG_FILES([rpkigui/settings.py rpkigui/urls.py scripts/helper])
+AC_CONFIG_FILES([scripts/runserver apache/django.wsgi apache/zmyrpki.conf])
 
 AC_OUTPUT
diff --git a/portal-gui/rpkigui/myrpki/models.py b/portal-gui/rpkigui/myrpki/models.py
index e2f9cb81..dfa4db04 100644
--- a/portal-gui/rpkigui/myrpki/models.py
+++ b/portal-gui/rpkigui/myrpki/models.py
@@ -128,7 +128,10 @@ class Asn(models.Model):
         return u'/myrpki/asn/%d' % (self.pk,)
 
     def as_resource_range(self):
-        return rpki.resource_set.resource_range_as(self.lo, self.hi)
+        # we force conversion to long() here because resource_range_as() wants
+        # the type of both arguments to be identical, and models.IntegerField
+        # will be a long when the value is large
+        return rpki.resource_set.resource_range_as(long(self.lo), long(self.hi))
 
 class Child(models.Model):
     conf = models.ForeignKey(Conf, related_name='children')
diff --git a/portal-gui/scripts/adduser.py b/portal-gui/scripts/adduser.py
new file mode 100755
index 00000000..dbb167c9
--- /dev/null
+++ b/portal-gui/scripts/adduser.py
@@ -0,0 +1,69 @@
+#!/usr/bin/env python
+# $Id$
+#
+# Copyright (C) 2010  SPARTA, Inc. dba Cobham Analytic Solutions
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND SPARTA DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL SPARTA BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+#
+#
+# helper script to quickly set up a new portal-gui user/handle
+
+from django.contrib.auth.models import User
+from django.conf import settings
+from rpkigui.myrpki.models import Conf, Parent
+
+import os
+import sys
+
+if __name__ == '__main__':
+    if len(sys.argv) < 3:
+	print >>sys.stderr, 'usage: adduser <name> <email> <parent>'
+	sys.exit(1)
+
+    username = sys.argv[1]
+    email = sys.argv[2]
+    parent = sys.argv[3]
+    print 'username=', username, 'email=', email, 'parent=', parent
+
+    user_set = User.objects.filter(username=username)
+    if user_set:
+	print >>sys.stderr, 'user already exists'
+	user = user_set[0]
+    else:
+	print >>sys.stderr, 'creating user'
+	# FIXME: password is absent, assuming that apache auth is used.
+	user = User.objects.create_user(username, email)
+
+    conf_set = Conf.objects.filter(handle=username)
+    if conf_set:
+	conf = conf_set[0]
+    else:
+	print >>sys.stderr, 'creating conf'
+	conf = Conf.objects.create(handle=username)
+	conf.owner.add(user)
+	conf.save()
+
+    parent_set = conf.parents.filter(handle=parent)
+    if parent_set:
+	print 'parent %s is already present' % parent
+    else:
+	print "creating %s' parent %s" % (username, parent)
+	parent = Parent.objects.create(handle=parent, conf=conf)
+
+    myrpki_dir = '%s/%s' % (settings.MYRPKI_DATA_DIR, username)
+    print 'myrpki_dir=', myrpki_dir
+    if not os.path.exists(myrpki_dir):
+	print 'creating ', myrpki_dir
+	os.mkdir(myrpki_dir)
+
+# vim:sw=4 ts=8
author	Michael Elkins <melkins@tislabs.com>	2010-10-28 18:58:08 +0000
committer	Michael Elkins <melkins@tislabs.com>	2010-10-28 18:58:08 +0000
commit	0265a9e57f0a0ebc5918a89b3b400742924cbccb (patch)
tree	ad1fc601eece22cfea9185b8c764a997d93bf4ee /portal-gui
parent	b3563e3c223b98a8d1c8dff838dcd3018e32a3a0 (diff)