PSARC/2013/304 Apache SMF Authorizations
16918175 apache-22 pkg needs preset authorization definitions in auth_attr.d
17597075 apache-22 pkg needs rights profile to group its authorizations
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/apache2/Solaris/RtApacheSrvcMngmnt.html Thu Nov 28 16:35:14 2013 -0800
@@ -0,0 +1,16 @@
+<HTML>
+<!--
+Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+-->
+<!--
+ <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
+-->
+<BODY>
+When Apache Service Management is in the Rights Included column, it grants the
+right to manage the Apache HTTP Server SMF service.
+<p>
+If Apache Service Management is grayed, then you are not entitled to Add
+or Remove this right.
+<BR>
+</BODY>
+</HTML>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/apache2/Solaris/SmfApacheStates.html Thu Nov 28 16:35:14 2013 -0800
@@ -0,0 +1,17 @@
+<HTML>
+<!--
+Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+-->
+<!--
+ <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
+-->
+<BODY>
+When <em>Manage Apache HTTP Server Service States</em> is in the Authorizations
+Included column, it grants the authorization to enable, disable, or restart
+Apache HTTP Server SMF service (both permanently and temporarily).
+<p>
+If <em>Manage Apache HTTP Server Service States</em> is grayed, then you are not
+entitled to Add or Remove this authorization.
+<BR>
+</BODY>
+</HTML>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/apache2/Solaris/SmfValueApache.html Thu Nov 28 16:35:14 2013 -0800
@@ -0,0 +1,17 @@
+<HTML>
+<!--
+Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+-->
+<!--
+ <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
+-->
+<BODY>
+When <em>Change Values of Apache HTTP Server Service Properties</em> is in the
+Authorizations Included column, it grants the authorization to change
+Apache HTTP Server service property values.
+<p>
+If <em>Change Values of Apache HTTP Server Service Properties</em> is grayed,
+then you are not entitled to Add or Remove this authorization.
+<BR>
+</BODY>
+</HTML>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/apache2/Solaris/auth_attr Thu Nov 28 16:35:14 2013 -0800
@@ -0,0 +1,30 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+#
+
+solaris.smf.manage.apache:RO::\
+Manage Apache HTTP Server Service States::\
+help=SmfApacheStates.html
+
+solaris.smf.value.apache:RO::\
+Change Values of Apache HTTP Server Service Properties::\
+help=SmfValueApache.html
--- a/components/apache2/Solaris/http-apache22.xml Mon Dec 23 11:55:30 2013 -0800
+++ b/components/apache2/Solaris/http-apache22.xml Thu Nov 28 16:35:14 2013 -0800
@@ -22,7 +22,7 @@
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<!--
- Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
-->
<service_bundle type='manifest' name='SUNWapch22r:apache'>
@@ -96,12 +96,27 @@
<propval name='startup_options' type='astring' value='' />
<propval name='server_type' type='astring' value='prefork' />
<propval name='enable_64bit' type='boolean' value='false' />
- <propval name='value_authorization' type='astring' value='solaris.smf.value.http/apache22' />
+ <property name='value_authorization' type='astring'>
+ <astring_list>
+ <value_node value='solaris.smf.value.apache' />
+ <value_node value='solaris.smf.value.http/apache22' />
+ </astring_list>
+ </property>
</property_group>
<property_group name='general' type='framework'>
- <propval name='action_authorization' type='astring' value='solaris.smf.manage.http/apache22' />
- <propval name='value_authorization' type='astring' value='solaris.smf.value.http/apache22' />
+ <property name='action_authorization' type='astring'>
+ <astring_list>
+ <value_node value='solaris.smf.manage.apache' />
+ <value_node value='solaris.smf.manage.http/apache22' />
+ </astring_list>
+ </property>
+ <property name='value_authorization' type='astring'>
+ <astring_list>
+ <value_node value='solaris.smf.manage.apache' />
+ <value_node value='solaris.smf.manage.http/apache22' />
+ </astring_list>
+ </property>
</property_group>
<property_group name='startd' type='framework'>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/apache2/Solaris/prof_attr Thu Nov 28 16:35:14 2013 -0800
@@ -0,0 +1,28 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+#
+
+Apache Service Management:RO::\
+Manage Apache HTTP Server SMF service:\
+auths=solaris.smf.manage.apache,\
+solaris.smf.value.apache;\
+help=RtApacheSrvcMngmnt.html
--- a/components/apache2/apache-22.p5m Mon Dec 23 11:55:30 2013 -0800
+++ b/components/apache2/apache-22.p5m Thu Nov 28 16:35:14 2013 -0800
@@ -108,6 +108,15 @@
file etc/apache2/2.2/extra/httpd-ssl.conf path=etc/apache2/2.2/samples-conf.d/ssl.conf
file etc/apache2/2.2/extra/httpd-userdir.conf path=etc/apache2/2.2/samples-conf.d/userdir.conf
file etc/apache2/2.2/extra/httpd-vhosts.conf path=etc/apache2/2.2/samples-conf.d/vhosts.conf
+dir path=etc/security/auth_attr.d owner=root group=sys mode=755
+file Solaris/auth_attr path=etc/security/auth_attr.d/web:server:apache-22 \
+ owner=root group=sys mode=644 preserve=true restart_fmri=svc:/system/svc-rbac:default
+dir path=etc/security/prof_attr.d owner=root group=sys mode=755
+file Solaris/prof_attr path=etc/security/prof_attr.d/web:server:apache-22 \
+ owner=root group=sys mode=644 preserve=true restart_fmri=svc:/system/svc-rbac:default
+file Solaris/RtApacheSrvcMngmnt.html path=usr/lib/help/profiles/locale/C/RtApacheSrvcMngmnt.html
+file Solaris/SmfApacheStates.html path=usr/lib/help/auths/locale/C/SmfApacheStates.html
+file Solaris/SmfValueApache.html path=usr/lib/help/auths/locale/C/SmfValueApache.html
file Solaris/http-apache22.xml path=lib/svc/manifest/network/http-apache22.xml
file path=lib/svc/method/http-apache22
file path=usr/apache2/2.2/bin/$(MACH64)/ab