Update mod_authz_itkacl for Apache 2.4.
authorSteinar H. Gunderson <sgunderson@bigfoot.com>
Wed, 29 Jul 2015 08:57:32 +0000 (10:57 +0200)
committerSteinar H. Gunderson <sgunderson@bigfoot.com>
Wed, 29 Jul 2015 08:57:32 +0000 (10:57 +0200)
libapache2-mod-authz-itkacl-0.5/mod_authz_itkacl.c [deleted file]
libapache2-mod-authz-itkacl-0.6/Makefile [moved from libapache2-mod-authz-itkacl-0.5/Makefile with 100% similarity]
libapache2-mod-authz-itkacl-0.6/debian/authz_itkacl.load [moved from libapache2-mod-authz-itkacl-0.5/debian/authz_itkacl.load with 100% similarity]
libapache2-mod-authz-itkacl-0.6/debian/changelog [moved from libapache2-mod-authz-itkacl-0.5/debian/changelog with 90% similarity]
libapache2-mod-authz-itkacl-0.6/debian/compat [moved from libapache2-mod-authz-itkacl-0.5/debian/compat with 100% similarity]
libapache2-mod-authz-itkacl-0.6/debian/control [moved from libapache2-mod-authz-itkacl-0.5/debian/control with 86% similarity]
libapache2-mod-authz-itkacl-0.6/debian/dirs [moved from libapache2-mod-authz-itkacl-0.5/debian/dirs with 100% similarity]
libapache2-mod-authz-itkacl-0.6/debian/rules [moved from libapache2-mod-authz-itkacl-0.5/debian/rules with 98% similarity]
libapache2-mod-authz-itkacl-0.6/mod_authz_itkacl.c [new file with mode: 0644]

diff --git a/libapache2-mod-authz-itkacl-0.5/mod_authz_itkacl.c b/libapache2-mod-authz-itkacl-0.5/mod_authz_itkacl.c
deleted file mode 100644 (file)
index e554915..0000000
+++ /dev/null
@@ -1,188 +0,0 @@
-/*
- * ITKACL module, (C) 2004-2011 Steinar H. Gunderson
- */
-
-#define MODAUTHITKACL_VERSION "0.4"
-
-#include "apr_strings.h"
-
-#include "ap_config.h"
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "http_protocol.h"
-#include "http_request.h"
-
-module AP_MODULE_DECLARE_DATA authz_itkacl_module;
-
-extern int itkacl_check(const char * const realm, const char * const user,
-                       char *errmsg, size_t errmsg_size);
-
-typedef struct {
-       int authoritative;
-} authz_itkacl_config_rec;
-
-static void *authz_itkacl_dir_create_config(apr_pool_t *p, char *d)
-{
-       authz_itkacl_config_rec *conf = apr_palloc(p, sizeof(*conf));
-
-       conf->authoritative = 1; /* keep the fortress secure by default */
-       return conf;
-}
-
-static const command_rec authz_itkacl_cmds[] =
-{
-       AP_INIT_FLAG("AuthzITKACLAuthoritative", ap_set_flag_slot,
-               (void *)APR_OFFSETOF(authz_itkacl_config_rec, authoritative),
-               OR_AUTHCFG,
-               "Set to 'Off' to allow access control to be passed along to "
-               "lower modules if the 'require user' or 'require valid-user' "
-               "statement is not met. (default: On)."),
-       {NULL}
-};
-
-static int fail(request_rec *r, authz_itkacl_config_rec *conf)
-{
-       if (conf->authoritative) {
-               ap_note_auth_failure(r);
-               return HTTP_UNAUTHORIZED;
-       } else {
-               return DECLINED;
-       }
-}
-
-static int handle_require(request_rec *r, authz_itkacl_config_rec *conf, const char *username, const char *acl_path)
-{
-       char errmsg[1024];
-       int ret;
-
-       ret = itkacl_check(acl_path, username, errmsg, 1024);
-       if (ret == 0) {
-               return OK;
-       }
-
-       if (ret == -1) {
-               ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                       "error during itkacl check for %s on %s: %s",
-                       username, acl_path, errmsg);
-       }
-
-       return HTTP_UNAUTHORIZED;
-}
-
-static int authz_itkacl_authorize_user(request_rec *r)
-{
-       char *username, *ptr;
-       const apr_array_header_t *reqs_arr = ap_requires(r);
-       unsigned i;
-       require_line *reqs;
-       authz_itkacl_config_rec *conf = (authz_itkacl_config_rec *)
-               ap_get_module_config(r->per_dir_config, &authz_itkacl_module);
-
-       if (reqs_arr == NULL)
-               return DECLINED;
-       
-       /* strip the domain part (FIXME: use the alias module instead?) */
-       username = strdup(r->user);
-       ptr = strchr(username, '@');
-       if (ptr != NULL)
-               ptr[0] = 0;
-
-       reqs = (require_line *)reqs_arr->elts;
-       for (i = 0; i < reqs_arr->nelts; ++i) {
-               const char *t, *w;
-
-               if (!(reqs[i].method_mask & (AP_METHOD_BIT << (r->method_number))))
-                       continue;
-
-               t = reqs[i].requirement;
-               w = ap_getword_white(r->pool, &t);
-
-               if (strcasecmp(w, "valid-user") == 0) {
-                       free(username);
-                       return OK;
-               }
-
-               if (strcasecmp(w, "itkacl") == 0) {
-                       const char *acl_path;
-
-                       acl_path = ap_getword_conf(r->pool, &t);
-                       if (acl_path == NULL || strcmp(acl_path, "") == 0) {
-                               ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                                               "'Require itkacl' needs an argument");
-                               return fail(r, conf);
-                       }
-
-                       if (strcasecmp(acl_path, "anyof") == 0) {
-                               int num_seen = 0, ret;
-                               while ((acl_path = ap_getword_conf(r->pool, &t)) != NULL &&
-                                      strcmp(acl_path, "") != 0) {
-                                       ret = handle_require(r, conf, username, acl_path);
-                                       if (ret == OK) {
-                                               free(username);
-                                               return ret;
-                                       }
-                                       ++num_seen;
-                               }
-                               if (num_seen == 0) {
-                                       ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                                               "Missing arguments after 'Require itkacl anyof'");
-                               } else if (ret == HTTP_UNAUTHORIZED) {
-                                       ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-                                           "%s failed itkacl check for (multiple paths)",
-                                           username, acl_path);
-                                       ret = fail(r, conf);
-                               }
-                               free(username);
-                               return ret;
-                       } else {
-                               /* check that there are no more arguments */
-                               w = ap_getword_conf(r->pool, &t);
-                               if (w != NULL && strcmp(w, "") != 0) {
-                                       ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                                               "Excess arguments ('%s') after Require itkacl %s; "
-                                               "did you mean 'Require itkacl anyof ...'?",
-                                               w, acl_path);
-                                       return fail(r, conf);
-                               }
-
-                               int ret = handle_require(r, conf, username, acl_path);
-                               if (ret == HTTP_UNAUTHORIZED) {
-                                       ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-                                           "%s failed itkacl check for %s",
-                                           username, acl_path);
-                                       ret = fail(r, conf);
-                               }
-                               free(username);
-                               return ret;
-                       }
-               }
-       }
-
-       free(username);
-       return DECLINED;
-}
-
-static int authz_itkacl_init_handler(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
-{
-       ap_add_version_component(p, "mod_auth_itkacl/" MODAUTHITKACL_VERSION);
-       return OK;
-}
-
-void authz_itkacl_register_hooks(apr_pool_t *p)
-{
-       ap_hook_post_config(authz_itkacl_init_handler, NULL, NULL, APR_HOOK_MIDDLE);
-       ap_hook_auth_checker(authz_itkacl_authorize_user, NULL, NULL, APR_HOOK_MIDDLE); 
-}
-
-module AP_MODULE_DECLARE_DATA authz_itkacl_module =
-{
-       STANDARD20_MODULE_STUFF,
-       authz_itkacl_dir_create_config,
-       NULL,
-       NULL,
-       NULL,
-       authz_itkacl_cmds,
-       authz_itkacl_register_hooks
-};
similarity index 90%
rename from libapache2-mod-authz-itkacl-0.5/debian/changelog
rename to libapache2-mod-authz-itkacl-0.6/debian/changelog
index 04033f1dd0817f5df6c79bd9673c5161d77eaf15..1a7b937c0a81607a5f6085494cd42efeb908959f 100644 (file)
@@ -1,3 +1,9 @@
+libapache2-mod-authz-itkacl (0.6) unstable; urgency=medium
+
+  * Update to Apache 2.4.
+
+ -- Steinar H. Gunderson <sesse@debian.org>  Sat, 18 Jul 2015 13:10:07 +0200
+
 libapache2-mod-authz-itkacl (0.5) unstable; urgency=low
 
   * Link against shared libitkacl.
similarity index 86%
rename from libapache2-mod-authz-itkacl-0.5/debian/control
rename to libapache2-mod-authz-itkacl-0.6/debian/control
index e99127f090416386e038712e24443fcf653fa775..9a73611f990360737e65b0db653011f6f0d15920 100644 (file)
@@ -2,12 +2,12 @@ Source: libapache2-mod-authz-itkacl
 Section: web
 Priority: optional
 Maintainer: Steinar H. Gunderson <sesse@samfundet.no>
-Build-Depends: debhelper (>= 7.0.0), apache2-prefork-dev, libitkacl-dev
+Build-Depends: debhelper (>= 7.0.0), apache2-prefork-dev, libitkacl-dev, dh-apache2 | apache2-dev
 Standards-Version: 3.9.1
 
 Package: libapache2-mod-authz-itkacl
 Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, apache2.2-common
+Depends: ${shlibs:Depends}, ${misc:Depends}
 Description: Apache module for ITKACL authorization
  An Apache module for checking authorization against ITKACLs.
  It does not do any kind of authentication; for that, something
similarity index 98%
rename from libapache2-mod-authz-itkacl-0.5/debian/rules
rename to libapache2-mod-authz-itkacl-0.6/debian/rules
index 160d4a6140d311b0fc1cc7c4c894b3c210b6933c..f1b2560898d121dad1532615949d2cab47eb3b9c 100755 (executable)
@@ -22,6 +22,7 @@ binary-arch: build
        install .libs/mod_authz_itkacl.so debian/libapache2-mod-authz-itkacl/usr/lib/apache2/modules/
        
        dh_installchangelogs 
+       dh_apache2
        dh_strip
        dh_compress
        dh_fixperms
diff --git a/libapache2-mod-authz-itkacl-0.6/mod_authz_itkacl.c b/libapache2-mod-authz-itkacl-0.6/mod_authz_itkacl.c
new file mode 100644 (file)
index 0000000..51ec224
--- /dev/null
@@ -0,0 +1,134 @@
+/*
+ * ITKACL module, (C) 2004-2015 Steinar H. Gunderson
+ */
+
+#define MODAUTHITKACL_VERSION "0.6"
+
+#include "apr_strings.h"
+
+#include "ap_config.h"
+#include "httpd.h"
+#include "http_config.h"
+#include "http_core.h"
+#include "http_log.h"
+#include "http_protocol.h"
+#include "http_request.h"
+#include "mod_auth.h"
+
+module AP_MODULE_DECLARE_DATA authz_itkacl_module;
+
+extern int itkacl_check(const char * const realm, const char * const user,
+                       char *errmsg, size_t errmsg_size);
+
+static int handle_require(request_rec *r, const char *username, const char *acl_path)
+{
+       char errmsg[1024];
+       int ret;
+
+       ret = itkacl_check(acl_path, username, errmsg, 1024);
+       if (ret == 0) {
+               return AUTHZ_GRANTED;
+       }
+
+       if (ret == -1) {
+               ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                       "error during itkacl check for %s on %s: %s",
+                       username, acl_path, errmsg);
+       }
+
+       return AUTHZ_DENIED;
+}
+
+static authz_status authz_itkacl_authorize_user(request_rec *r, const char *require_line, const void *parsed_require_line)
+{
+       char *username, *ptr;
+       const char *t, *acl_path;
+
+       if (r->user == NULL) {
+               return AUTHZ_DENIED_NO_USER;
+       }
+
+       /* strip the domain part (FIXME: use the alias module instead?) */
+       username = apr_pstrdup(r->pool, r->user);
+       ptr = strchr(username, '@');
+       if (ptr != NULL)
+               ptr[0] = 0;
+
+       t = require_line;
+       acl_path = ap_getword_conf(r->pool, &t);
+       if (acl_path == NULL || strcmp(acl_path, "") == 0) {
+               ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "'require itkacl' requires an argument");
+               return AUTHZ_DENIED;
+       }
+
+       if (strcasecmp(acl_path, "anyof") == 0) {
+               int num_seen = 0, ret;
+               while ((acl_path = ap_getword_conf(r->pool, &t)) != NULL &&
+                      strcmp(acl_path, "") != 0) {
+                       ret = handle_require(r, username, acl_path);
+                       if (ret == AUTHZ_GRANTED) {
+                               return ret;
+                       }
+                       ++num_seen;
+               }
+               if (num_seen == 0) {
+                       ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                               "Missing arguments after 'Require itkacl anyof'");
+                       return AUTHZ_DENIED;
+               } else if (ret == HTTP_UNAUTHORIZED) {
+                       ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+                               "%s failed itkacl check for (multiple paths)",
+                               username);
+                       return AUTHZ_DENIED;
+               }
+               return ret;
+       } else {
+               /* check that there are no more arguments */
+               const char *w = ap_getword_conf(r->pool, &t);
+               if (w != NULL && strcmp(w, "") != 0) {
+                       ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                               "Excess arguments ('%s') after Require itkacl %s; "
+                               "did you mean 'Require itkacl anyof ...'?",
+                               w, acl_path);
+                       return AUTHZ_DENIED;
+               }
+
+               int ret = handle_require(r, username, acl_path);
+               if (ret == AUTHZ_DENIED) {
+                       ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+                           "%s failed itkacl check for %s",
+                           username, acl_path);
+                       return AUTHZ_DENIED;
+               }
+               return ret;
+       }
+}
+
+static int authz_itkacl_init_handler(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
+{
+       ap_add_version_component(p, "mod_auth_itkacl/" MODAUTHITKACL_VERSION);
+       return OK;
+}
+
+static const authz_provider authz_itkacl_provider =
+{
+       &authz_itkacl_authorize_user,
+       NULL,
+};
+
+void authz_itkacl_register_hooks(apr_pool_t *p)
+{
+       ap_hook_post_config(authz_itkacl_init_handler, NULL, NULL, APR_HOOK_MIDDLE);
+       ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "itkacl", AUTHZ_PROVIDER_VERSION, &authz_itkacl_provider, AP_AUTH_INTERNAL_PER_CONF);
+}
+
+module AP_MODULE_DECLARE_DATA authz_itkacl_module =
+{
+       STANDARD20_MODULE_STUFF,
+       NULL,
+       NULL,
+       NULL,
+       NULL,
+       NULL,
+       authz_itkacl_register_hooks
+};