PSARC/2013/304 Apache SMF Authorizations
16918175 apache-22 pkg needs preset authorization definitions in auth_attr.d
17597075 apache-22 pkg needs rights profile to group its authorizations
17808829 apache-22 must not specify svc-rbac as it is gone for 12.0 and 11.2
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/apache2/Solaris/RtApacheSrvcMngmnt.html Tue Nov 19 02:56:55 2013 -0800
@@ -0,0 +1,16 @@
+<HTML>
+<!--
+Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+-->
+<!--
+ <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
+-->
+<BODY>
+When Apache Service Management is in the Rights Included column, it grants the
+right to manage the Apache HTTP Server SMF service.
+<p>
+If Apache Service Management is grayed, then you are not entitled to Add
+or Remove this right.
+<BR>
+</BODY>
+</HTML>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/apache2/Solaris/SmfApacheStates.html Tue Nov 19 02:56:55 2013 -0800
@@ -0,0 +1,17 @@
+<HTML>
+<!--
+Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+-->
+<!--
+ <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
+-->
+<BODY>
+When <em>Manage Apache HTTP Server Service States</em> is in the Authorizations
+Included column, it grants the authorization to enable, disable, or restart
+Apache HTTP Server SMF service (both permanently and temporarily).
+<p>
+If <em>Manage Apache HTTP Server Service States</em> is grayed, then you are not
+entitled to Add or Remove this authorization.
+<BR>
+</BODY>
+</HTML>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/apache2/Solaris/SmfValueApache.html Tue Nov 19 02:56:55 2013 -0800
@@ -0,0 +1,17 @@
+<HTML>
+<!--
+Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+-->
+<!--
+ <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
+-->
+<BODY>
+When <em>Change Values of Apache HTTP Server Service Properties</em> is in the
+Authorizations Included column, it grants the authorization to change
+Apache HTTP Server service property values.
+<p>
+If <em>Change Values of Apache HTTP Server Service Properties</em> is grayed,
+then you are not entitled to Add or Remove this authorization.
+<BR>
+</BODY>
+</HTML>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/apache2/Solaris/auth_attr Tue Nov 19 02:56:55 2013 -0800
@@ -0,0 +1,30 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+#
+
+solaris.smf.manage.apache:RO::\
+Manage Apache HTTP Server Service States::\
+help=SmfApacheStates.html
+
+solaris.smf.value.apache:RO::\
+Change Values of Apache HTTP Server Service Properties::\
+help=SmfValueApache.html
--- a/components/apache2/Solaris/http-apache22.xml Tue Dec 10 09:10:38 2013 -0800
+++ b/components/apache2/Solaris/http-apache22.xml Tue Nov 19 02:56:55 2013 -0800
@@ -22,7 +22,7 @@
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<!--
- Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
-->
<service_bundle type='manifest' name='SUNWapch22r:apache'>
@@ -96,12 +96,27 @@
<propval name='startup_options' type='astring' value='' />
<propval name='server_type' type='astring' value='prefork' />
<propval name='enable_64bit' type='boolean' value='false' />
- <propval name='value_authorization' type='astring' value='solaris.smf.value.http/apache22' />
+ <property name='value_authorization' type='astring'>
+ <astring_list>
+ <value_node value='solaris.smf.value.apache' />
+ <value_node value='solaris.smf.value.http/apache22' />
+ </astring_list>
+ </property>
</property_group>
<property_group name='general' type='framework'>
- <propval name='action_authorization' type='astring' value='solaris.smf.manage.http/apache22' />
- <propval name='value_authorization' type='astring' value='solaris.smf.value.http/apache22' />
+ <property name='action_authorization' type='astring'>
+ <astring_list>
+ <value_node value='solaris.smf.manage.apache' />
+ <value_node value='solaris.smf.manage.http/apache22' />
+ </astring_list>
+ </property>
+ <property name='value_authorization' type='astring'>
+ <astring_list>
+ <value_node value='solaris.smf.manage.apache' />
+ <value_node value='solaris.smf.manage.http/apache22' />
+ </astring_list>
+ </property>
</property_group>
<property_group name='startd' type='framework'>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/apache2/Solaris/prof_attr Tue Nov 19 02:56:55 2013 -0800
@@ -0,0 +1,29 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+#
+
+Apache Service Management:RO::\
+Manage Apache HTTP Server SMF service:\
+profiles=Service Configuration;\
+auths=solaris.smf.manage.apache,\
+solaris.smf.value.apache;\
+help=RtApacheSrvcMngmnt.html
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/apache2/apache-22-message-files.p5m Tue Nov 19 02:56:55 2013 -0800
@@ -0,0 +1,39 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+#
+
+set name=pkg.fmri \
+ value=pkg://$(PUBLISHER_LOCALIZABLE)/web/server/apache-22-message-files@$(IPS_COMPONENT_VERSION),$(BUILD_VERSION)
+set name=pkg.summary value="Translatable content for Apache Web Server V2.2"
+set name=com.oracle.info.description value="the translatable content for Apache Web Server V2.2"
+set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
+set name=org.opensolaris.arc-caseid value=LSARC/2009/565
+# since this package is internal, we do not need some metadata
+set name=pkg.linted.pkglint.manifest010.2 value=true
+set name=pkg.linted.opensolaris.manifest001.1 value=true
+set name=pkg.linted.userland.manifest001.0 value=true
+
+file Solaris/RtApacheSrvcMngmnt.html path=usr/lib/help/profiles/locale/__LOCALE__/RtApacheSrvcMngmnt.html
+file Solaris/SmfApacheStates.html path=usr/lib/help/auths/locale/__LOCALE__/SmfApacheStates.html
+file Solaris/SmfValueApache.html path=usr/lib/help/auths/locale/__LOCALE__/SmfValueApache.html
+
+license apache.license license="Apache v2.0"
--- a/components/apache2/apache-22.p5m Tue Dec 10 09:10:38 2013 -0800
+++ b/components/apache2/apache-22.p5m Tue Nov 19 02:56:55 2013 -0800
@@ -72,6 +72,15 @@
file etc/apache2/2.2/extra/httpd-ssl.conf path=etc/apache2/2.2/samples-conf.d/ssl.conf
file etc/apache2/2.2/extra/httpd-userdir.conf path=etc/apache2/2.2/samples-conf.d/userdir.conf
file etc/apache2/2.2/extra/httpd-vhosts.conf path=etc/apache2/2.2/samples-conf.d/vhosts.conf
+dir path=etc/security/auth_attr.d owner=root group=sys mode=755
+file Solaris/auth_attr path=etc/security/auth_attr.d/web:server:apache-22 \
+ owner=root group=sys mode=644 preserve=true
+dir path=etc/security/prof_attr.d owner=root group=sys mode=755
+file Solaris/prof_attr path=etc/security/prof_attr.d/web:server:apache-22 \
+ owner=root group=sys mode=644 preserve=true
+file Solaris/RtApacheSrvcMngmnt.html path=usr/lib/help/profiles/locale/C/RtApacheSrvcMngmnt.html
+file Solaris/SmfApacheStates.html path=usr/lib/help/auths/locale/C/SmfApacheStates.html
+file Solaris/SmfValueApache.html path=usr/lib/help/auths/locale/C/SmfValueApache.html
file Solaris/http-apache22.xml path=lib/svc/manifest/network/http-apache22.xml
file path=lib/svc/method/http-apache22
file path=usr/apache2/2.2/bin/$(MACH64)/ab