From d9534cefb503be0254360e3072bceff35f7e7b3a Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Tue, 23 Feb 2016 17:38:33 -0800 Subject: [PATCH 1/6] Revert "Revert "Merge Augeas lens fix for continuations in section headings"" This reverts commit b7a53541c5911c3619b851a5d57db4fdc8ee4161. --- .../letsencrypt_apache/augeas_lens/httpd.aug | 7 +- .../passing/section-continuations-2525.conf | 284 ++++++++++++++++++ 2 files changed, 287 insertions(+), 4 deletions(-) create mode 100644 letsencrypt-apache/letsencrypt_apache/tests/apache-conf-files/passing/section-continuations-2525.conf diff --git a/letsencrypt-apache/letsencrypt_apache/augeas_lens/httpd.aug b/letsencrypt-apache/letsencrypt_apache/augeas_lens/httpd.aug index edaca3fef1b..f3e688e052c 100644 --- a/letsencrypt-apache/letsencrypt_apache/augeas_lens/httpd.aug +++ b/letsencrypt-apache/letsencrypt_apache/augeas_lens/httpd.aug @@ -45,9 +45,8 @@ autoload xfm let dels (s:string) = del s s (* deal with continuation lines *) -let sep_spc = del /([ \t]+|[ \t]*\\\\\r?\n[ \t]*)/ " " - -let sep_osp = Sep.opt_space +let sep_spc = del /([ \t]+|[ \t]*\\\\\r?\n[ \t]*)/ " " +let sep_osp = del /([ \t]*|[ \t]*\\\\\r?\n[ \t]*)/ "" let sep_eq = del /[ \t]*=[ \t]*/ "=" let nmtoken = /[a-zA-Z:_][a-zA-Z0-9:_.-]*/ @@ -60,7 +59,7 @@ let indent = Util.indent (* borrowed from shellvars.aug *) let char_arg_dir = /([^\\ '"{\t\r\n]|[^ '"{\t\r\n]+[^\\ \t\r\n])|\\\\"|\\\\'/ -let char_arg_sec = /[^ '"\t\r\n>]|\\\\"|\\\\'/ +let char_arg_sec = /[^\\ '"\t\r\n>]|\\\\"|\\\\'/ let char_arg_wl = /([^\\ '"},\t\r\n]|[^ '"},\t\r\n]+[^\\ '"},\t\r\n])/ let cdot = /\\\\./ diff --git a/letsencrypt-apache/letsencrypt_apache/tests/apache-conf-files/passing/section-continuations-2525.conf b/letsencrypt-apache/letsencrypt_apache/tests/apache-conf-files/passing/section-continuations-2525.conf new file mode 100644 index 00000000000..6840b71d622 --- /dev/null +++ b/letsencrypt-apache/letsencrypt_apache/tests/apache-conf-files/passing/section-continuations-2525.conf @@ -0,0 +1,284 @@ + +NameVirtualHost 0.0.0.0:7080 +NameVirtualHost [00000:000:000:000::0]:7080 +NameVirtualHost 0.0.0.0:7080 + +NameVirtualHost 127.0.0.1:7080 +NameVirtualHost 0.0.0.0:7081 +NameVirtualHost [0000:000:000:000::2]:7081 +NameVirtualHost 0.0.0.0:7081 + +NameVirtualHost 127.0.0.1:7081 + +ServerName "example.com" +ServerAdmin "srv@example.com" + +DocumentRoot "/var/www/vhosts/default/htdocs" + + + LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" plesklog + + + LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" plesklog + + +TraceEnable off + +ServerTokens ProductOnly + + + AllowOverride "All" + Options SymLinksIfOwnerMatch + Order allow,deny + Allow from all + + + php_admin_flag engine off + + + + php_admin_flag engine off + + + + + + AllowOverride "All" + Options SymLinksIfOwnerMatch + Order allow,deny + Allow from all + + php_admin_flag engine off + + + php_admin_flag engine off + + + + + Header add X-Powered-By PleskLin + + + + SecRuleEngine DetectionOnly + SecRequestBodyAccess On + SecRequestBodyLimit 134217728 + SecResponseBodyAccess Off + SecResponseBodyLimit 524288 + SecAuditEngine On + SecAuditLog "/var/log/modsec_audit.log" + SecAuditLogType serial + + +Include "/etc/httpd/conf/plesk.conf.d/ip_default/*.conf" + + + ServerName "default" + UseCanonicalName Off + DocumentRoot "/var/www/vhosts/default/htdocs" + ScriptAlias "/cgi-bin/" "/var/www/vhosts/default/cgi-bin" + + + SSLEngine off + + + + AllowOverride None + Options None + Order allow,deny + Allow from all + + + + + + php_admin_flag engine on + + + + php_admin_flag engine on + + + + + + + + + + ServerName "default-0_0_0_0" + UseCanonicalName Off + DocumentRoot "/var/www/vhosts/default/htdocs" + ScriptAlias "/cgi-bin/" "/var/www/vhosts/default/cgi-bin" + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile "/usr/local/psa/var/certificates/certGXCBZ4r" + + + AllowOverride None + Options None + Order allow,deny + Allow from all + + + + + + php_admin_flag engine on + + + + php_admin_flag engine on + + + + + + + ServerName "default-0000_000_000_00000__2" + UseCanonicalName Off + DocumentRoot "/var/www/vhosts/default/htdocs" + ScriptAlias "/cgi-bin/" "/var/www/vhosts/default/cgi-bin" + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile "/usr/local/psa/var/certificates/certGXCBZ4r" + + + AllowOverride None + Options None + Order allow,deny + Allow from all + + + + + + php_admin_flag engine on + + + + php_admin_flag engine on + + + + + + + ServerName "default-0_0_0_0" + UseCanonicalName Off + DocumentRoot "/var/www/vhosts/default/htdocs" + ScriptAlias "/cgi-bin/" "/var/www/vhosts/default/cgi-bin" + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile "/usr/local/psa/var/certificates/cert-Nv4Tz5" + + SSLCACertificateFile "/usr/local/psa/var/certificates/cert-nLy6Z1" + + + AllowOverride None + Options None + Order allow,deny + Allow from all + + + + + + php_admin_flag engine on + + + + php_admin_flag engine on + + + + + + + + + + DocumentRoot "/var/www/vhosts/default/htdocs" + ServerName lists + ServerAlias lists.* + UseCanonicalName Off + + ScriptAlias "/mailman/" "/usr/lib/mailman/cgi-bin/" + + Alias "/icons/" "/var/www/icons/" + Alias "/pipermail/" "/var/lib/mailman/archives/public/" + + + SSLEngine off + + + + Options FollowSymLinks + Order allow,deny + Allow from all + + + + + + + DocumentRoot "/var/www/vhosts/default/htdocs" + ServerName lists + ServerAlias lists.* + UseCanonicalName Off + + ScriptAlias "/mailman/" "/usr/lib/mailman/cgi-bin/" + + Alias "/icons/" "/var/www/icons/" + Alias "/pipermail/" "/var/lib/mailman/archives/public/" + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile "/usr/local/psa/var/certificates/cert-Nv4Tz5" + + + Options FollowSymLinks + Order allow,deny + Allow from all + + + + + + + RPAFproxy_ips 0.0.0.0 [00000:000:000:00000::2] 0.0.0.0 + + + RPAFproxy_ips 0.0.0.0 [0000:000:000:0000::2] 0.0.0.0 + + + RemoteIPInternalProxy 0.0.0.0 [0000:000:000:0000::2] 0.0.0.0 + RemoteIPHeader X-Forwarded-For + \ No newline at end of file From ac26a931472c621bde6ea4524c5963d66d7b6d54 Mon Sep 17 00:00:00 2001 From: Dominic Cleal Date: Thu, 25 Feb 2016 14:44:19 +0000 Subject: [PATCH 2/6] Merge Augeas lens fix for backslashes in section headings From https://github.com/hercules-team/augeas/commit/1cd33e52110e7c85befc00d93c867ec89cc12628 --- letsencrypt-apache/letsencrypt_apache/augeas_lens/httpd.aug | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/letsencrypt-apache/letsencrypt_apache/augeas_lens/httpd.aug b/letsencrypt-apache/letsencrypt_apache/augeas_lens/httpd.aug index f3e688e052c..697d5de89b1 100644 --- a/letsencrypt-apache/letsencrypt_apache/augeas_lens/httpd.aug +++ b/letsencrypt-apache/letsencrypt_apache/augeas_lens/httpd.aug @@ -59,7 +59,7 @@ let indent = Util.indent (* borrowed from shellvars.aug *) let char_arg_dir = /([^\\ '"{\t\r\n]|[^ '"{\t\r\n]+[^\\ \t\r\n])|\\\\"|\\\\'/ -let char_arg_sec = /[^\\ '"\t\r\n>]|\\\\"|\\\\'/ +let char_arg_sec = /([^\\ '"\t\r\n>]|[^ '"\t\r\n>]+[^\\ \t\r\n>])|\\\\"|\\\\'/ let char_arg_wl = /([^\\ '"},\t\r\n]|[^ '"},\t\r\n]+[^\\ '"},\t\r\n])/ let cdot = /\\\\./ From 66e09fbf2fd1647565b2271f58a5a72c077f1637 Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Thu, 25 Feb 2016 12:11:38 -0800 Subject: [PATCH 3/6] Fix path problems in section-continuations-2525.conf --- .../passing/section-continuations-2525.conf | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/letsencrypt-apache/letsencrypt_apache/tests/apache-conf-files/passing/section-continuations-2525.conf b/letsencrypt-apache/letsencrypt_apache/tests/apache-conf-files/passing/section-continuations-2525.conf index 6840b71d622..e1bfeee27e9 100644 --- a/letsencrypt-apache/letsencrypt_apache/tests/apache-conf-files/passing/section-continuations-2525.conf +++ b/letsencrypt-apache/letsencrypt_apache/tests/apache-conf-files/passing/section-continuations-2525.conf @@ -13,7 +13,7 @@ NameVirtualHost 127.0.0.1:7081 ServerName "example.com" ServerAdmin "srv@example.com" -DocumentRoot "/var/www/vhosts/default/htdocs" +DocumentRoot "/var/www/html" LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" plesklog @@ -70,7 +70,7 @@ ServerTokens ProductOnly SecAuditLogType serial -Include "/etc/httpd/conf/plesk.conf.d/ip_default/*.conf" +#Include "/etc/httpd/conf/plesk.conf.d/ip_default/*.conf" ServerName "default" UseCanonicalName Off - DocumentRoot "/var/www/vhosts/default/htdocs" + DocumentRoot "/var/www/html" ScriptAlias "/cgi-bin/" "/var/www/vhosts/default/cgi-bin" @@ -116,12 +116,12 @@ Include "/etc/httpd/conf/plesk.conf.d/ip_default/*.conf" > ServerName "default-0_0_0_0" UseCanonicalName Off - DocumentRoot "/var/www/vhosts/default/htdocs" + DocumentRoot "/var/www/html" ScriptAlias "/cgi-bin/" "/var/www/vhosts/default/cgi-bin" SSLEngine on SSLVerifyClient none - SSLCertificateFile "/usr/local/psa/var/certificates/certGXCBZ4r" + SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem AllowOverride None @@ -149,12 +149,12 @@ Include "/etc/httpd/conf/plesk.conf.d/ip_default/*.conf" > ServerName "default-0000_000_000_00000__2" UseCanonicalName Off - DocumentRoot "/var/www/vhosts/default/htdocs" + DocumentRoot "/var/www/html" ScriptAlias "/cgi-bin/" "/var/www/vhosts/default/cgi-bin" SSLEngine on SSLVerifyClient none - SSLCertificateFile "/usr/local/psa/var/certificates/certGXCBZ4r" + SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem AllowOverride None @@ -182,14 +182,14 @@ Include "/etc/httpd/conf/plesk.conf.d/ip_default/*.conf" > ServerName "default-0_0_0_0" UseCanonicalName Off - DocumentRoot "/var/www/vhosts/default/htdocs" + DocumentRoot "/var/www/html" ScriptAlias "/cgi-bin/" "/var/www/vhosts/default/cgi-bin" SSLEngine on SSLVerifyClient none - SSLCertificateFile "/usr/local/psa/var/certificates/cert-Nv4Tz5" + SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem - SSLCACertificateFile "/usr/local/psa/var/certificates/cert-nLy6Z1" + #SSLCACertificateFile "/usr/local/psa/var/certificates/cert-nLy6Z1" AllowOverride None @@ -220,7 +220,7 @@ Include "/etc/httpd/conf/plesk.conf.d/ip_default/*.conf" 0.0.0.0:7080 \ 127.0.0.1:7080 \ > - DocumentRoot "/var/www/vhosts/default/htdocs" + DocumentRoot "/var/www/html" ServerName lists ServerAlias lists.* UseCanonicalName Off @@ -249,7 +249,7 @@ Include "/etc/httpd/conf/plesk.conf.d/ip_default/*.conf" 0.0.0.0:7081 \ 127.0.0.1:7081 \ > - DocumentRoot "/var/www/vhosts/default/htdocs" + DocumentRoot "/var/www/html" ServerName lists ServerAlias lists.* UseCanonicalName Off @@ -261,7 +261,7 @@ Include "/etc/httpd/conf/plesk.conf.d/ip_default/*.conf" SSLEngine on SSLVerifyClient none - SSLCertificateFile "/usr/local/psa/var/certificates/cert-Nv4Tz5" + SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem Options FollowSymLinks @@ -281,4 +281,4 @@ Include "/etc/httpd/conf/plesk.conf.d/ip_default/*.conf" RemoteIPInternalProxy 0.0.0.0 [0000:000:000:0000::2] 0.0.0.0 RemoteIPHeader X-Forwarded-For - \ No newline at end of file + From 73870ac9b63b5759486c6c6ebdfa24683d18b7bb Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Thu, 25 Feb 2016 12:20:54 -0800 Subject: [PATCH 4/6] tabs + spaces = headaches --- .../passing/section-continuations-2525.conf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/letsencrypt-apache/letsencrypt_apache/tests/apache-conf-files/passing/section-continuations-2525.conf b/letsencrypt-apache/letsencrypt_apache/tests/apache-conf-files/passing/section-continuations-2525.conf index e1bfeee27e9..035a05c7e39 100644 --- a/letsencrypt-apache/letsencrypt_apache/tests/apache-conf-files/passing/section-continuations-2525.conf +++ b/letsencrypt-apache/letsencrypt_apache/tests/apache-conf-files/passing/section-continuations-2525.conf @@ -121,7 +121,7 @@ ServerTokens ProductOnly SSLEngine on SSLVerifyClient none - SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem + SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem AllowOverride None @@ -154,7 +154,7 @@ ServerTokens ProductOnly SSLEngine on SSLVerifyClient none - SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem + SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem AllowOverride None @@ -187,7 +187,7 @@ ServerTokens ProductOnly SSLEngine on SSLVerifyClient none - SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem + SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem #SSLCACertificateFile "/usr/local/psa/var/certificates/cert-nLy6Z1" @@ -261,7 +261,7 @@ ServerTokens ProductOnly SSLEngine on SSLVerifyClient none - SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem + SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem Options FollowSymLinks From 03ee5a01b7bb3cb83c75d1a86fc9339439a33276 Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Thu, 25 Feb 2016 12:49:35 -0800 Subject: [PATCH 5/6] Does someone not like quotes? --- .../passing/section-continuations-2525.conf | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/letsencrypt-apache/letsencrypt_apache/tests/apache-conf-files/passing/section-continuations-2525.conf b/letsencrypt-apache/letsencrypt_apache/tests/apache-conf-files/passing/section-continuations-2525.conf index 035a05c7e39..bc403e4cf10 100644 --- a/letsencrypt-apache/letsencrypt_apache/tests/apache-conf-files/passing/section-continuations-2525.conf +++ b/letsencrypt-apache/letsencrypt_apache/tests/apache-conf-files/passing/section-continuations-2525.conf @@ -13,7 +13,7 @@ NameVirtualHost 127.0.0.1:7081 ServerName "example.com" ServerAdmin "srv@example.com" -DocumentRoot "/var/www/html" +DocumentRoot /var/www/html LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" plesklog @@ -80,7 +80,7 @@ ServerTokens ProductOnly > ServerName "default" UseCanonicalName Off - DocumentRoot "/var/www/html" + DocumentRoot /var/www/html ScriptAlias "/cgi-bin/" "/var/www/vhosts/default/cgi-bin" @@ -116,7 +116,7 @@ ServerTokens ProductOnly > ServerName "default-0_0_0_0" UseCanonicalName Off - DocumentRoot "/var/www/html" + DocumentRoot /var/www/html ScriptAlias "/cgi-bin/" "/var/www/vhosts/default/cgi-bin" SSLEngine on @@ -149,7 +149,7 @@ ServerTokens ProductOnly > ServerName "default-0000_000_000_00000__2" UseCanonicalName Off - DocumentRoot "/var/www/html" + DocumentRoot /var/www/html ScriptAlias "/cgi-bin/" "/var/www/vhosts/default/cgi-bin" SSLEngine on @@ -182,7 +182,7 @@ ServerTokens ProductOnly > ServerName "default-0_0_0_0" UseCanonicalName Off - DocumentRoot "/var/www/html" + DocumentRoot /var/www/html ScriptAlias "/cgi-bin/" "/var/www/vhosts/default/cgi-bin" SSLEngine on @@ -220,7 +220,7 @@ ServerTokens ProductOnly 0.0.0.0:7080 \ 127.0.0.1:7080 \ > - DocumentRoot "/var/www/html" + DocumentRoot /var/www/html ServerName lists ServerAlias lists.* UseCanonicalName Off @@ -249,7 +249,7 @@ ServerTokens ProductOnly 0.0.0.0:7081 \ 127.0.0.1:7081 \ > - DocumentRoot "/var/www/html" + DocumentRoot /var/www/html ServerName lists ServerAlias lists.* UseCanonicalName Off From 13a4089ee65e608f49669e282cbfe23af38e0366 Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Thu, 25 Feb 2016 13:10:43 -0800 Subject: [PATCH 6/6] I promise /tmp is a directory --- .../passing/section-continuations-2525.conf | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/letsencrypt-apache/letsencrypt_apache/tests/apache-conf-files/passing/section-continuations-2525.conf b/letsencrypt-apache/letsencrypt_apache/tests/apache-conf-files/passing/section-continuations-2525.conf index bc403e4cf10..8f65e4773d3 100644 --- a/letsencrypt-apache/letsencrypt_apache/tests/apache-conf-files/passing/section-continuations-2525.conf +++ b/letsencrypt-apache/letsencrypt_apache/tests/apache-conf-files/passing/section-continuations-2525.conf @@ -13,7 +13,7 @@ NameVirtualHost 127.0.0.1:7081 ServerName "example.com" ServerAdmin "srv@example.com" -DocumentRoot /var/www/html +DocumentRoot /tmp LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" plesklog @@ -80,7 +80,7 @@ ServerTokens ProductOnly > ServerName "default" UseCanonicalName Off - DocumentRoot /var/www/html + DocumentRoot /tmp ScriptAlias "/cgi-bin/" "/var/www/vhosts/default/cgi-bin" @@ -116,7 +116,7 @@ ServerTokens ProductOnly > ServerName "default-0_0_0_0" UseCanonicalName Off - DocumentRoot /var/www/html + DocumentRoot /tmp ScriptAlias "/cgi-bin/" "/var/www/vhosts/default/cgi-bin" SSLEngine on @@ -149,7 +149,7 @@ ServerTokens ProductOnly > ServerName "default-0000_000_000_00000__2" UseCanonicalName Off - DocumentRoot /var/www/html + DocumentRoot /tmp ScriptAlias "/cgi-bin/" "/var/www/vhosts/default/cgi-bin" SSLEngine on @@ -182,7 +182,7 @@ ServerTokens ProductOnly > ServerName "default-0_0_0_0" UseCanonicalName Off - DocumentRoot /var/www/html + DocumentRoot /tmp ScriptAlias "/cgi-bin/" "/var/www/vhosts/default/cgi-bin" SSLEngine on @@ -220,7 +220,7 @@ ServerTokens ProductOnly 0.0.0.0:7080 \ 127.0.0.1:7080 \ > - DocumentRoot /var/www/html + DocumentRoot /tmp ServerName lists ServerAlias lists.* UseCanonicalName Off @@ -249,7 +249,7 @@ ServerTokens ProductOnly 0.0.0.0:7081 \ 127.0.0.1:7081 \ > - DocumentRoot /var/www/html + DocumentRoot /tmp ServerName lists ServerAlias lists.* UseCanonicalName Off