packages/thruk/THRUK_COOKIE_AUTH.hook

   1 #!/bin/bash
   2
   3 # Alias: Use thruk cookie auth
   4 # Menu: Web GUI
   5 # Description:
   6 #  Thruk provides a cookie based authentication which can be
   7 #  used as alternative to the default basic authentication.
   8 #  The cookie authentication is done by Thruk but it
   9 #  covers all other addons as well.
  10
  11 case "$1" in
  12    default)
  13        echo "off"
  14    ;;
  15    choices)
  16        echo "on: use cookie authentication"
  17        echo "off: use basic authentication"
  18    ;;
  19    set)
  20        APACHE_CFG=${OMD_ROOT}/etc/apache/conf.d/thruk_cookie_auth.conf
  21        if [ "$2" == "on" ]; then
  22            cat > $APACHE_CFG <<EOF
  23 <IfModule !mod_authz_core.c>
  24   RewriteLock "\${OMD_ROOT}/var/thruk/apache_rewrite.lock"
  25 </IfModule>
  26 RewriteMap  users prg:\${OMD_ROOT}/share/thruk/script/thruk_auth
  27
  28 # make cookie accessible by the url
  29 RewriteCond %{REQUEST_URI}           !^/\${OMD_SITE}/thruk/cgi-bin/restricted.cgi
  30 RewriteCond %{HTTP_COOKIE}           (thruk_auth=[^;]+|$)  [NC]
  31 RewriteRule ^/(.*)$                  /%1/%{REMOTE_ADDR}/____/\$1/____/%{QUERY_STRING} [C,NS]
  32 RewriteRule ^(.*)$                   \${users:\$1|/loginbad/}  [C,NS]
  33 RewriteRule ^/pass/(.*)$             /\$1 [NS,PT,L,E=!REMOTE_USER]
  34 RewriteRule ^/redirect/(.*)$         /\$1 [NS,L,R=302]
  35 RewriteRule ^/loginok/([^/]+)/(.*)$  /\$2 [NS,PT,L,E=REMOTE_USER:\$1]
  36
  37 <LocationMatch ^/\${OMD_SITE}/(?!thruk/cgi-bin/restricted.cgi)>
  38     Order allow,deny
  39     Allow from all
  40     Satisfy any
  41 </LocationMatch>
  42 EOF
  43        else
  44           rm -f $APACHE_CFG
  45        fi
  46    ;;
  47 esac