From e51368f580164e7324c706501758aaf56a4fa312 Mon Sep 17 00:00:00 2001 From: "Steinar H. Gunderson" Date: Fri, 9 Aug 2019 00:03:23 +0200 Subject: [PATCH 1/4] Update for PHP 7. --- php5-itkacl-2.0/debian/changelog | 5 ----- php5-itkacl-2.0/debian/php5-itkacl.dirs | 1 - {php5-itkacl-2.0 => php7-itkacl-2.0}/Makefile | 4 ++-- php7-itkacl-2.0/debian/changelog | 11 +++++++++++ {php5-itkacl-2.0 => php7-itkacl-2.0}/debian/compat | 0 {php5-itkacl-2.0 => php7-itkacl-2.0}/debian/control | 6 +++--- .../debian/itkacl.ini | 0 php7-itkacl-2.0/debian/php7-itkacl.dirs | 1 + {php5-itkacl-2.0 => php7-itkacl-2.0}/debian/rules | 6 +++--- {php5-itkacl-2.0 => php7-itkacl-2.0}/itkacl.i | 11 ++++++++--- 10 files changed, 28 insertions(+), 17 deletions(-) delete mode 100644 php5-itkacl-2.0/debian/changelog delete mode 100644 php5-itkacl-2.0/debian/php5-itkacl.dirs rename {php5-itkacl-2.0 => php7-itkacl-2.0}/Makefile (86%) create mode 100644 php7-itkacl-2.0/debian/changelog rename {php5-itkacl-2.0 => php7-itkacl-2.0}/debian/compat (100%) rename {php5-itkacl-2.0 => php7-itkacl-2.0}/debian/control (72%) rename {php5-itkacl-2.0 => php7-itkacl-2.0}/debian/itkacl.ini (100%) create mode 100644 php7-itkacl-2.0/debian/php7-itkacl.dirs rename {php5-itkacl-2.0 => php7-itkacl-2.0}/debian/rules (73%) rename {php5-itkacl-2.0 => php7-itkacl-2.0}/itkacl.i (81%) diff --git a/php5-itkacl-2.0/debian/changelog b/php5-itkacl-2.0/debian/changelog deleted file mode 100644 index 9f4f4b3..0000000 --- a/php5-itkacl-2.0/debian/changelog +++ /dev/null @@ -1,5 +0,0 @@ -php5-itkacl (2.0) unstable; urgency=low - - * Initial release. - - -- Steinar H. Gunderson Tue, 14 May 2013 19:02:22 +0200 diff --git a/php5-itkacl-2.0/debian/php5-itkacl.dirs b/php5-itkacl-2.0/debian/php5-itkacl.dirs deleted file mode 100644 index 8ca3a0f..0000000 --- a/php5-itkacl-2.0/debian/php5-itkacl.dirs +++ /dev/null @@ -1 +0,0 @@ -etc/php5/conf.d diff --git a/php5-itkacl-2.0/Makefile b/php7-itkacl-2.0/Makefile similarity index 86% rename from php5-itkacl-2.0/Makefile rename to php7-itkacl-2.0/Makefile index 74968dc..e282a1e 100644 --- a/php5-itkacl-2.0/Makefile +++ b/php7-itkacl-2.0/Makefile @@ -8,8 +8,8 @@ php_itkacl.so: itkacl_wrap.o itkacl_wrap.o: itkacl_wrap.cpp $(CXX) $(shell php-config --includes) $(CXXFLAGS) -c itkacl_wrap.cpp -o itkacl_wrap.o -itkacl_wrap.cpp: - swig -php5 -c++ itkacl.i +itkacl_wrap.cpp: itkacl.i + swig -php7 -noproxy -c++ -cppext cpp itkacl.i clean: $(RM) itkacl.php itkacl_wrap.cpp itkacl_wrap.o php_itkacl.h php_itkacl.so diff --git a/php7-itkacl-2.0/debian/changelog b/php7-itkacl-2.0/debian/changelog new file mode 100644 index 0000000..4dbb7c2 --- /dev/null +++ b/php7-itkacl-2.0/debian/changelog @@ -0,0 +1,11 @@ +php7-itkacl (2.1) unstable; urgency=medium + + * Port to PHP 7. + + -- Steinar H. Gunderson Fri, 09 Aug 2019 00:05:36 +0200 + +php5-itkacl (2.0) unstable; urgency=low + + * Initial release. + + -- Steinar H. Gunderson Tue, 14 May 2013 19:02:22 +0200 diff --git a/php5-itkacl-2.0/debian/compat b/php7-itkacl-2.0/debian/compat similarity index 100% rename from php5-itkacl-2.0/debian/compat rename to php7-itkacl-2.0/debian/compat diff --git a/php5-itkacl-2.0/debian/control b/php7-itkacl-2.0/debian/control similarity index 72% rename from php5-itkacl-2.0/debian/control rename to php7-itkacl-2.0/debian/control index 288ecb1..b7ce5e8 100644 --- a/php5-itkacl-2.0/debian/control +++ b/php7-itkacl-2.0/debian/control @@ -1,11 +1,11 @@ -Source: php5-itkacl +Source: php7-itkacl Priority: extra Maintainer: Steinar H. Gunderson -Build-Depends: debhelper (>= 7.0.50~), libitkacl-dev, php5-dev +Build-Depends: debhelper (>= 7.0.50~), libitkacl-dev, php7.3-dev Standards-Version: 3.9.1 Section: php -Package: php5-itkacl +Package: php7-itkacl Section: php Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends} diff --git a/php5-itkacl-2.0/debian/itkacl.ini b/php7-itkacl-2.0/debian/itkacl.ini similarity index 100% rename from php5-itkacl-2.0/debian/itkacl.ini rename to php7-itkacl-2.0/debian/itkacl.ini diff --git a/php7-itkacl-2.0/debian/php7-itkacl.dirs b/php7-itkacl-2.0/debian/php7-itkacl.dirs new file mode 100644 index 0000000..db7d8a6 --- /dev/null +++ b/php7-itkacl-2.0/debian/php7-itkacl.dirs @@ -0,0 +1 @@ +etc/php7/conf.d diff --git a/php5-itkacl-2.0/debian/rules b/php7-itkacl-2.0/debian/rules similarity index 73% rename from php5-itkacl-2.0/debian/rules rename to php7-itkacl-2.0/debian/rules index f177e9e..8404452 100755 --- a/php5-itkacl-2.0/debian/rules +++ b/php7-itkacl-2.0/debian/rules @@ -16,8 +16,8 @@ binary-arch: dh_testroot dh_prep dh_installdirs - $(MAKE) install DESTDIR=debian/php5-itkacl - install -m 0644 -o root -g root debian/itkacl.ini debian/php5-itkacl/etc/php5/conf.d/ + $(MAKE) install DESTDIR=debian/php7-itkacl + install -m 0644 -o root -g root debian/itkacl.ini debian/php7-itkacl/etc/php7/conf.d/ dh_installdocs dh_installchangelogs dh_compress @@ -25,7 +25,7 @@ binary-arch: dh_strip dh_makeshlibs dh_shlibdeps - echo "php:Depends=phpapi-$(shell php-config --phpapi)" >> debian/php5-itkacl.substvars + echo "php:Depends=phpapi-$(shell php-config --phpapi)" >> debian/php7-itkacl.substvars dh_installdeb dh_gencontrol dh_md5sums diff --git a/php5-itkacl-2.0/itkacl.i b/php7-itkacl-2.0/itkacl.i similarity index 81% rename from php5-itkacl-2.0/itkacl.i rename to php7-itkacl-2.0/itkacl.i index 18ae21c..06eef1e 100644 --- a/php5-itkacl-2.0/itkacl.i +++ b/php7-itkacl-2.0/itkacl.i @@ -10,9 +10,6 @@ * restrictions. */ %inline %{ - /* This is due to Swig forgetting one file */ - #include - extern "C" int itkacl_check(char *realm, char *user, char *errmsg, size_t errmsgsize); class itkaclwrap { @@ -26,9 +23,17 @@ int ret = itkacl_check(realm, user, itkacl_errmsg, 1024); if (ret == -1) { SWIG_exception(SWIG_RuntimeError,itkacl_errmsg); +thrown: return -1; } else { return ret == 0; } } %} +%pragma(php) code=" +class itkacl { + static function check($realm,$user) { + return itkaclwrap_check($realm,$user); + } +} " + -- 2.39.2 From 55f933b88c9d9992b1ec0ed7c13a621032f7637d Mon Sep 17 00:00:00 2001 From: "Steinar H. Gunderson" Date: Tue, 15 Mar 2022 22:01:39 +0100 Subject: [PATCH 2/4] Add an API for keeping a permanent library context, for performance reasons (unbound in buster and newer needs a lot of CU time for creating a new DNS context). --- itkacl-2.1/itkacl-test.c | 19 -- itkacl-2.1/itkacl.h | 14 -- {itkacl-2.1 => itkacl-2.2}/Makefile | 2 +- {itkacl-2.1 => itkacl-2.2}/config.pm | 0 {itkacl-2.1 => itkacl-2.2}/debian/changelog | 8 + {itkacl-2.1 => itkacl-2.2}/debian/compat | 0 {itkacl-2.1 => itkacl-2.2}/debian/control | 0 {itkacl-2.1 => itkacl-2.2}/debian/copyright | 0 .../debian/itkacl-sync.dirs | 0 .../debian/itkacl-sync.install | 0 .../debian/libitkacl-dev.install | 0 .../debian/libitkacl2.install | 0 {itkacl-2.1 => itkacl-2.2}/debian/rules | 0 itkacl-2.2/itkacl-test.c | 28 +++ {itkacl-2.1 => itkacl-2.2}/itkacl.c | 162 +++++++++++------- {itkacl-2.1 => itkacl-2.2}/itkacl.conf | 0 itkacl-2.2/itkacl.h | 32 ++++ {itkacl-2.1 => itkacl-2.2}/itkacl.sql | 0 {itkacl-2.1 => itkacl-2.2}/sync-itkacl.pl | 0 19 files changed, 173 insertions(+), 92 deletions(-) delete mode 100644 itkacl-2.1/itkacl-test.c delete mode 100644 itkacl-2.1/itkacl.h rename {itkacl-2.1 => itkacl-2.2}/Makefile (97%) rename {itkacl-2.1 => itkacl-2.2}/config.pm (100%) rename {itkacl-2.1 => itkacl-2.2}/debian/changelog (63%) rename {itkacl-2.1 => itkacl-2.2}/debian/compat (100%) rename {itkacl-2.1 => itkacl-2.2}/debian/control (100%) rename {itkacl-2.1 => itkacl-2.2}/debian/copyright (100%) rename {itkacl-2.1 => itkacl-2.2}/debian/itkacl-sync.dirs (100%) rename {itkacl-2.1 => itkacl-2.2}/debian/itkacl-sync.install (100%) rename {itkacl-2.1 => itkacl-2.2}/debian/libitkacl-dev.install (100%) rename {itkacl-2.1 => itkacl-2.2}/debian/libitkacl2.install (100%) rename {itkacl-2.1 => itkacl-2.2}/debian/rules (100%) create mode 100644 itkacl-2.2/itkacl-test.c rename {itkacl-2.1 => itkacl-2.2}/itkacl.c (76%) rename {itkacl-2.1 => itkacl-2.2}/itkacl.conf (100%) create mode 100644 itkacl-2.2/itkacl.h rename {itkacl-2.1 => itkacl-2.2}/itkacl.sql (100%) rename {itkacl-2.1 => itkacl-2.2}/sync-itkacl.pl (100%) diff --git a/itkacl-2.1/itkacl-test.c b/itkacl-2.1/itkacl-test.c deleted file mode 100644 index 49388d4..0000000 --- a/itkacl-2.1/itkacl-test.c +++ /dev/null @@ -1,19 +0,0 @@ -#include - -int itkacl_check(const char * const realm, const char * const user, - char *errmsg, size_t errmsg_size); - -int main() -{ - char errmsg[1024]; - int ret = itkacl_check("/login/unix-servers/cirkus", "sesse", errmsg, sizeof(errmsg)); - - if (ret == 0) { - printf("OK\n"); - } else if (ret == -1) { - printf("Error: %s\n", errmsg); - } else { - printf("Not OK\n"); - } - return 0; -} diff --git a/itkacl-2.1/itkacl.h b/itkacl-2.1/itkacl.h deleted file mode 100644 index 32d94a7..0000000 --- a/itkacl-2.1/itkacl.h +++ /dev/null @@ -1,14 +0,0 @@ -#ifndef _ITKACL_H -#define _ITKACL_H - -/* - * itkacl control library, version 0.1 - * - * (C) 2004-2009 Steinar H. Gunderson - * GPL, v2. - */ - -int itkacl_check(const char * const realm, const char * const user, - char *errmsg, size_t errmsg_size); - -#endif /* !defined(_ITKACL_H) */ diff --git a/itkacl-2.1/Makefile b/itkacl-2.2/Makefile similarity index 97% rename from itkacl-2.1/Makefile rename to itkacl-2.2/Makefile index 99ef295..029de70 100644 --- a/itkacl-2.1/Makefile +++ b/itkacl-2.2/Makefile @@ -6,7 +6,7 @@ RANLIB=ranlib PREFIX=/usr/local SONAME=libitkacl.so.2 -LIBNAME=libitkacl.so.2.0.0 +LIBNAME=libitkacl.so.2.0.1 all: libitkacl.a $(LIBNAME) itkacl-test clean: diff --git a/itkacl-2.1/config.pm b/itkacl-2.2/config.pm similarity index 100% rename from itkacl-2.1/config.pm rename to itkacl-2.2/config.pm diff --git a/itkacl-2.1/debian/changelog b/itkacl-2.2/debian/changelog similarity index 63% rename from itkacl-2.1/debian/changelog rename to itkacl-2.2/debian/changelog index cf405bf..601f816 100644 --- a/itkacl-2.1/debian/changelog +++ b/itkacl-2.2/debian/changelog @@ -1,3 +1,11 @@ +itkacl (2.2) unstable; urgency=medium + + * Add an API for keeping a permanent library context, for performance reasons + (unbound in buster and newer needs a lot of CU time for creating a new DNS + context). + + -- Steinar H. Gunderson Tue, 15 Mar 2022 21:59:20 +0100 + itkacl (2.1) unstable; urgency=low * Make the core library support a configuration file (/etc/itkacl.conf), diff --git a/itkacl-2.1/debian/compat b/itkacl-2.2/debian/compat similarity index 100% rename from itkacl-2.1/debian/compat rename to itkacl-2.2/debian/compat diff --git a/itkacl-2.1/debian/control b/itkacl-2.2/debian/control similarity index 100% rename from itkacl-2.1/debian/control rename to itkacl-2.2/debian/control diff --git a/itkacl-2.1/debian/copyright b/itkacl-2.2/debian/copyright similarity index 100% rename from itkacl-2.1/debian/copyright rename to itkacl-2.2/debian/copyright diff --git a/itkacl-2.1/debian/itkacl-sync.dirs b/itkacl-2.2/debian/itkacl-sync.dirs similarity index 100% rename from itkacl-2.1/debian/itkacl-sync.dirs rename to itkacl-2.2/debian/itkacl-sync.dirs diff --git a/itkacl-2.1/debian/itkacl-sync.install b/itkacl-2.2/debian/itkacl-sync.install similarity index 100% rename from itkacl-2.1/debian/itkacl-sync.install rename to itkacl-2.2/debian/itkacl-sync.install diff --git a/itkacl-2.1/debian/libitkacl-dev.install b/itkacl-2.2/debian/libitkacl-dev.install similarity index 100% rename from itkacl-2.1/debian/libitkacl-dev.install rename to itkacl-2.2/debian/libitkacl-dev.install diff --git a/itkacl-2.1/debian/libitkacl2.install b/itkacl-2.2/debian/libitkacl2.install similarity index 100% rename from itkacl-2.1/debian/libitkacl2.install rename to itkacl-2.2/debian/libitkacl2.install diff --git a/itkacl-2.1/debian/rules b/itkacl-2.2/debian/rules similarity index 100% rename from itkacl-2.1/debian/rules rename to itkacl-2.2/debian/rules diff --git a/itkacl-2.2/itkacl-test.c b/itkacl-2.2/itkacl-test.c new file mode 100644 index 0000000..88d2777 --- /dev/null +++ b/itkacl-2.2/itkacl-test.c @@ -0,0 +1,28 @@ +#include +#include "itkacl.h" + +int main() +{ + char errmsg[1024]; + int ret; + struct itkacl_ctx *ctx; + + ctx = itkacl_create_ctx(errmsg, sizeof(errmsg)); + if (ctx == NULL) { + printf("Error while creating context: %s\n", errmsg); + return 1; + } + + ret = itkacl_check_with_ctx(ctx, "/login/unix-servers/cirkus", "sesse", errmsg, sizeof(errmsg)); + + itkacl_free_ctx(ctx); + + if (ret == 0) { + printf("OK\n"); + } else if (ret == -1) { + printf("Error: %s\n", errmsg); + } else { + printf("Not OK\n"); + } + return 0; +} diff --git a/itkacl-2.1/itkacl.c b/itkacl-2.2/itkacl.c similarity index 76% rename from itkacl-2.1/itkacl.c rename to itkacl-2.2/itkacl.c index eda3ebb..d7bdfa0 100644 --- a/itkacl-2.1/itkacl.c +++ b/itkacl-2.2/itkacl.c @@ -1,7 +1,7 @@ /* * ITKACL control library. * - * (C) 2004-2013 Steinar H. Gunderson + * (C) 2004-2022 Steinar H. Gunderson * GPL, v2. */ #include @@ -13,12 +13,19 @@ #include #include +#include "itkacl.h" + struct itkacl_config { char nszone[256]; int require_dnssec; char dnssec_public_key[256]; }; +struct itkacl_ctx { + struct itkacl_config config; + struct ub_ctx *ubctx; +}; + #define CONFIG_FILENAME "/etc/itkacl.conf" static int itkacl_read_config(const char * const filename, @@ -106,18 +113,105 @@ static int itkacl_read_config(const char * const filename, int itkacl_check(const char * const realm, const char * const user, char *errmsg, size_t errmsg_size) { - struct itkacl_config config; + struct itkacl_ctx *ctx; + int err; + + ctx = itkacl_create_ctx(errmsg, errmsg_size); + if (ctx == NULL) { + return -1; + } + + err = itkacl_check_with_ctx(ctx, realm, user, errmsg, errmsg_size); + + itkacl_free_ctx(ctx); + + return err; +} + +struct itkacl_ctx *itkacl_create_ctx(char *errmsg, size_t errmsg_size) +{ + struct itkacl_ctx *ctx; + int ret; + + ctx = (struct itkacl_ctx *)malloc(sizeof(struct itkacl_ctx)); + if (ctx == NULL) { + if (errmsg) + snprintf(errmsg, errmsg_size, "Memory allocation failed"); + return NULL; + } + + if (itkacl_read_config(CONFIG_FILENAME, &ctx->config, errmsg, errmsg_size) != 0) { + free(ctx); + return NULL; + } + + /* Create the DNS resolver context. */ + ctx->ubctx = ub_ctx_create(); + if (ctx->ubctx == NULL) { + if (errmsg) + snprintf(errmsg, errmsg_size, "Host name lookup failure: Could not create DNS context"); + free(ctx); + return NULL; + } + + ret = ub_ctx_resolvconf(ctx->ubctx, NULL); + if (ret != 0) { + if (errmsg) + snprintf(errmsg, errmsg_size, + "Host name lookup failure: Could not read resolv.conf " + "(resolver error: %s) (system error: %s)", + ub_strerror(ret), strerror(errno)); + ub_ctx_delete(ctx->ubctx); + free(ctx); + return NULL; + } + + ret = ub_ctx_hosts(ctx->ubctx, NULL); + if (ret != 0) { + if (errmsg) + snprintf(errmsg, errmsg_size, + "Host name lookup failure: Could not read hosts file " + "(resolver error: %s) (system error: %s)", + ub_strerror(ret), strerror(errno)); + ub_ctx_delete(ctx->ubctx); + free(ctx); + return NULL; + } + + if (strlen(ctx->config.dnssec_public_key) != 0) { + ret = ub_ctx_add_ta_file(ctx->ubctx, ctx->config.dnssec_public_key); + if (ret != 0) { + if (errmsg) + snprintf(errmsg, errmsg_size, + "Host name lookup failure: Error adding keys from %s " + "(resolver error: %s) (system error: %s)", + ctx->config.dnssec_public_key, + ub_strerror(ret), strerror(errno)); + ub_ctx_delete(ctx->ubctx); + free(ctx); + return NULL; + } + } + + return ctx; +} + +void itkacl_free_ctx(struct itkacl_ctx *ctx) +{ + ub_ctx_delete(ctx->ubctx); + free(ctx); +} + +int itkacl_check_with_ctx(struct itkacl_ctx *ctx, + const char * const realm, const char * const user, + char *errmsg, size_t errmsg_size) +{ int ret, nxdomain; const char *ptr; char nszone[256]; char temp[256]; - struct ub_ctx* ctx; struct ub_result* result; - if (itkacl_read_config(CONFIG_FILENAME, &config, errmsg, errmsg_size) != 0) { - return -1; - } - if (realm[0] != '/') { if (errmsg) snprintf(errmsg, errmsg_size, "Invalid realm '%s' (missing leading /)", @@ -155,7 +249,7 @@ int itkacl_check(const char * const realm, const char * const user, /* traverse the realm entry by entry from the root, * creating a DNS zone name as we go */ - strcpy(nszone, config.nszone); + strcpy(nszone, ctx->config.nszone); ptr = realm; while (*ptr) { /* copy all characters to next / or end of string */ @@ -187,57 +281,12 @@ int itkacl_check(const char * const realm, const char * const user, strcpy(temp, nszone); sprintf(nszone, "%s.%s", user, temp); - /* Create the DNS resolver context. */ - ctx = ub_ctx_create(); - if (ctx == NULL) { - if (errmsg) - snprintf(errmsg, errmsg_size, "Host name lookup failure: Could not create DNS context"); - return -1; - } - - ret = ub_ctx_resolvconf(ctx, NULL); - if (ret != 0) { - if (errmsg) - snprintf(errmsg, errmsg_size, - "Host name lookup failure: Could not read resolv.conf " - "(resolver error: %s) (system error: %s)", - ub_strerror(ret), strerror(errno)); - ub_ctx_delete(ctx); - return -1; - } - - ret = ub_ctx_hosts(ctx, NULL); - if (ret != 0) { - if (errmsg) - snprintf(errmsg, errmsg_size, - "Host name lookup failure: Could not read hosts file " - "(resolver error: %s) (system error: %s)", - ub_strerror(ret), strerror(errno)); - ub_ctx_delete(ctx); - return -1; - } - - if (strlen(config.dnssec_public_key) != 0) { - ret = ub_ctx_add_ta_file(ctx, config.dnssec_public_key); - if (ret != 0) { - if (errmsg) - snprintf(errmsg, errmsg_size, - "Host name lookup failure: Error adding keys from %s " - "(resolver error: %s) (system error: %s)", - config.dnssec_public_key, - ub_strerror(ret), strerror(errno)); - ub_ctx_delete(ctx); - return -1; - } - } - /* Do the actual DNS lookup (TYPE A, CLASS IN). */ - ret = ub_resolve(ctx, nszone, 1, 1, &result); + ret = ub_resolve(ctx->ubctx, nszone, 1, 1, &result); if (ret != 0) { if (errmsg) snprintf(errmsg, errmsg_size, "Host name lookup failure: %s", ub_strerror(ret)); - ub_ctx_delete(ctx); return -1; } @@ -247,22 +296,19 @@ int itkacl_check(const char * const realm, const char * const user, snprintf(errmsg, errmsg_size, "Host name lookup failure: Bogus DNSSEC result (security failure)"); ub_resolve_free(result); - ub_ctx_delete(ctx); return -1; } - if (config.require_dnssec && !result->secure) { + if (ctx->config.require_dnssec && !result->secure) { if (errmsg) snprintf(errmsg, errmsg_size, "Host name lookup failure: Result was not secured with DNSSEC"); ub_resolve_free(result); - ub_ctx_delete(ctx); return -1; } nxdomain = result->nxdomain; ub_resolve_free(result); - ub_ctx_delete(ctx); if (nxdomain) return 1; diff --git a/itkacl-2.1/itkacl.conf b/itkacl-2.2/itkacl.conf similarity index 100% rename from itkacl-2.1/itkacl.conf rename to itkacl-2.2/itkacl.conf diff --git a/itkacl-2.2/itkacl.h b/itkacl-2.2/itkacl.h new file mode 100644 index 0000000..77be702 --- /dev/null +++ b/itkacl-2.2/itkacl.h @@ -0,0 +1,32 @@ +#ifndef _ITKACL_H +#define _ITKACL_H + +/* + * itkacl control library, version 2.2 + * + * (C) 2004-2022 Steinar H. Gunderson + * GPL, v2. + */ + +int itkacl_check(const char * const realm, const char * const user, + char *errmsg, size_t errmsg_size); + +/* + * Opaque context. A context is created with itkacl_create_ctx() + * and freed with itkacl_free_ctx(), and is thread-safe. + * If you are making multiple calls to itkacl_check(), it is faster + * to reuse the same context over and over (since libunbound can + * have rather high setup times depending on configuration). + * + * Configuration is only reread when the context is created. + */ +struct itkacl_ctx; + +struct itkacl_ctx *itkacl_create_ctx(char *errmsg, size_t errmsg_size); // Returns NULL on failure. +void itkacl_free_ctx(struct itkacl_ctx *ctx); + +int itkacl_check_with_ctx(struct itkacl_ctx *ctx, + const char * const realm, const char * const user, + char *errmsg, size_t errmsg_size); + +#endif /* !defined(_ITKACL_H) */ diff --git a/itkacl-2.1/itkacl.sql b/itkacl-2.2/itkacl.sql similarity index 100% rename from itkacl-2.1/itkacl.sql rename to itkacl-2.2/itkacl.sql diff --git a/itkacl-2.1/sync-itkacl.pl b/itkacl-2.2/sync-itkacl.pl similarity index 100% rename from itkacl-2.1/sync-itkacl.pl rename to itkacl-2.2/sync-itkacl.pl -- 2.39.2 From 5ea73ea3a1ffa23ca598fac117830664b66a2ebf Mon Sep 17 00:00:00 2001 From: "Steinar H. Gunderson" Date: Tue, 15 Mar 2022 22:35:45 +0100 Subject: [PATCH 3/4] Use the new library context system in the Perl module. --- perl-itkacl-2.0/debian/changelog | 5 --- perl-itkacl-2.0/itkacl.i | 20 --------- .../Makefile.PL | 0 perl-itkacl-2.2/debian/changelog | 11 +++++ .../debian/compat | 0 .../debian/control | 0 .../debian/copyright | 0 .../debian/rules | 0 perl-itkacl-2.2/itkacl.i | 44 +++++++++++++++++++ 9 files changed, 55 insertions(+), 25 deletions(-) delete mode 100644 perl-itkacl-2.0/debian/changelog delete mode 100644 perl-itkacl-2.0/itkacl.i rename {perl-itkacl-2.0 => perl-itkacl-2.2}/Makefile.PL (100%) create mode 100644 perl-itkacl-2.2/debian/changelog rename {perl-itkacl-2.0 => perl-itkacl-2.2}/debian/compat (100%) rename {perl-itkacl-2.0 => perl-itkacl-2.2}/debian/control (100%) rename {perl-itkacl-2.0 => perl-itkacl-2.2}/debian/copyright (100%) rename {perl-itkacl-2.0 => perl-itkacl-2.2}/debian/rules (100%) create mode 100644 perl-itkacl-2.2/itkacl.i diff --git a/perl-itkacl-2.0/debian/changelog b/perl-itkacl-2.0/debian/changelog deleted file mode 100644 index 0b335fd..0000000 --- a/perl-itkacl-2.0/debian/changelog +++ /dev/null @@ -1,5 +0,0 @@ -libitkacl-perl (2.0) unstable; urgency=low - - * Initial release. - - -- Steinar H. Gunderson Tue, 14 May 2013 01:26:44 +0200 diff --git a/perl-itkacl-2.0/itkacl.i b/perl-itkacl-2.0/itkacl.i deleted file mode 100644 index f58703c..0000000 --- a/perl-itkacl-2.0/itkacl.i +++ /dev/null @@ -1,20 +0,0 @@ -/* SWIG interface for libitkacl */ -%module itkacl - -/* Convert errors to Perl exceptions and keep the interface clean. */ -%inline %{ - extern int itkacl_check(char *realm, char *user, char *errmsg, size_t errmsgsize); - int check(char *realm, char *user) - { - char errmsg[1024]; - int ret = itkacl_check(realm, user, errmsg, 1024); - - /* printf("check '%s' vs. '%s' gave %d\n", user, realm, ret); */ - if (ret == -1) - die(errmsg); - else - return (ret == 0); - } - -%} - diff --git a/perl-itkacl-2.0/Makefile.PL b/perl-itkacl-2.2/Makefile.PL similarity index 100% rename from perl-itkacl-2.0/Makefile.PL rename to perl-itkacl-2.2/Makefile.PL diff --git a/perl-itkacl-2.2/debian/changelog b/perl-itkacl-2.2/debian/changelog new file mode 100644 index 0000000..9040e7a --- /dev/null +++ b/perl-itkacl-2.2/debian/changelog @@ -0,0 +1,11 @@ +libitkacl-perl (2.2) unstable; urgency=medium + + * Use the new library contexts for higher performance with repeated calls. + + -- Steinar H. Gunderson Tue, 15 Mar 2022 22:24:46 +0100 + +libitkacl-perl (2.0) unstable; urgency=low + + * Initial release. + + -- Steinar H. Gunderson Tue, 14 May 2013 01:26:44 +0200 diff --git a/perl-itkacl-2.0/debian/compat b/perl-itkacl-2.2/debian/compat similarity index 100% rename from perl-itkacl-2.0/debian/compat rename to perl-itkacl-2.2/debian/compat diff --git a/perl-itkacl-2.0/debian/control b/perl-itkacl-2.2/debian/control similarity index 100% rename from perl-itkacl-2.0/debian/control rename to perl-itkacl-2.2/debian/control diff --git a/perl-itkacl-2.0/debian/copyright b/perl-itkacl-2.2/debian/copyright similarity index 100% rename from perl-itkacl-2.0/debian/copyright rename to perl-itkacl-2.2/debian/copyright diff --git a/perl-itkacl-2.0/debian/rules b/perl-itkacl-2.2/debian/rules similarity index 100% rename from perl-itkacl-2.0/debian/rules rename to perl-itkacl-2.2/debian/rules diff --git a/perl-itkacl-2.2/itkacl.i b/perl-itkacl-2.2/itkacl.i new file mode 100644 index 0000000..4523e81 --- /dev/null +++ b/perl-itkacl-2.2/itkacl.i @@ -0,0 +1,44 @@ +/* SWIG interface for libitkacl */ +%module itkacl + +%perlcode %{ +_itkacl_init(); +END { + _itkacl_deinit(); +} + +%} + +/* Convert errors to Perl exceptions and keep the interface clean. */ +%inline %{ + #include "itkacl.h" + + struct itkacl_ctx *_ctx = NULL; + + void _itkacl_init() + { + char errmsg[1024]; + _ctx = itkacl_create_ctx(errmsg, sizeof(errmsg)); + if (_ctx == NULL) + die(errmsg); + } + + void _itkacl_deinit() + { + itkacl_free_ctx(_ctx); + } + + int check(char *realm, char *user) + { + char errmsg[1024]; + int ret = itkacl_check_with_ctx(_ctx, realm, user, errmsg, 1024); + + /* printf("check '%s' vs. '%s' gave %d\n", user, realm, ret); */ + if (ret == -1) + die(errmsg); + else + return (ret == 0); + } + +%} + -- 2.39.2 From cb2ce66fff232abab891ee6cc887e2bcab074269 Mon Sep 17 00:00:00 2001 From: "Steinar H. Gunderson" Date: Tue, 15 Mar 2022 22:55:14 +0100 Subject: [PATCH 4/4] Release a new version of the Apache module, with the context support. --- .../Makefile | 0 .../debian/authz_itkacl.load | 0 .../debian/changelog | 7 ++++++ .../debian/compat | 0 .../debian/control | 2 +- .../debian/dirs | 0 .../debian/rules | 0 .../mod_authz_itkacl.c | 22 ++++++++++++++----- 8 files changed, 24 insertions(+), 7 deletions(-) rename {libapache2-mod-authz-itkacl-0.6 => libapache2-mod-authz-itkacl-0.7}/Makefile (100%) rename {libapache2-mod-authz-itkacl-0.6 => libapache2-mod-authz-itkacl-0.7}/debian/authz_itkacl.load (100%) rename {libapache2-mod-authz-itkacl-0.6 => libapache2-mod-authz-itkacl-0.7}/debian/changelog (86%) rename {libapache2-mod-authz-itkacl-0.6 => libapache2-mod-authz-itkacl-0.7}/debian/compat (100%) rename {libapache2-mod-authz-itkacl-0.6 => libapache2-mod-authz-itkacl-0.7}/debian/control (82%) rename {libapache2-mod-authz-itkacl-0.6 => libapache2-mod-authz-itkacl-0.7}/debian/dirs (100%) rename {libapache2-mod-authz-itkacl-0.6 => libapache2-mod-authz-itkacl-0.7}/debian/rules (100%) rename {libapache2-mod-authz-itkacl-0.6 => libapache2-mod-authz-itkacl-0.7}/mod_authz_itkacl.c (86%) diff --git a/libapache2-mod-authz-itkacl-0.6/Makefile b/libapache2-mod-authz-itkacl-0.7/Makefile similarity index 100% rename from libapache2-mod-authz-itkacl-0.6/Makefile rename to libapache2-mod-authz-itkacl-0.7/Makefile diff --git a/libapache2-mod-authz-itkacl-0.6/debian/authz_itkacl.load b/libapache2-mod-authz-itkacl-0.7/debian/authz_itkacl.load similarity index 100% rename from libapache2-mod-authz-itkacl-0.6/debian/authz_itkacl.load rename to libapache2-mod-authz-itkacl-0.7/debian/authz_itkacl.load diff --git a/libapache2-mod-authz-itkacl-0.6/debian/changelog b/libapache2-mod-authz-itkacl-0.7/debian/changelog similarity index 86% rename from libapache2-mod-authz-itkacl-0.6/debian/changelog rename to libapache2-mod-authz-itkacl-0.7/debian/changelog index 1a7b937..30c4095 100644 --- a/libapache2-mod-authz-itkacl-0.6/debian/changelog +++ b/libapache2-mod-authz-itkacl-0.7/debian/changelog @@ -1,3 +1,10 @@ +libapache2-mod-authz-itkacl (0.7) unstable; urgency=medium + + * Use the new context system, for increased performance. + * No longer depend on obsolete apache2-prefork-dev. + + -- Steinar H. Gunderson Tue, 15 Mar 2022 22:46:53 +0100 + libapache2-mod-authz-itkacl (0.6) unstable; urgency=medium * Update to Apache 2.4. diff --git a/libapache2-mod-authz-itkacl-0.6/debian/compat b/libapache2-mod-authz-itkacl-0.7/debian/compat similarity index 100% rename from libapache2-mod-authz-itkacl-0.6/debian/compat rename to libapache2-mod-authz-itkacl-0.7/debian/compat diff --git a/libapache2-mod-authz-itkacl-0.6/debian/control b/libapache2-mod-authz-itkacl-0.7/debian/control similarity index 82% rename from libapache2-mod-authz-itkacl-0.6/debian/control rename to libapache2-mod-authz-itkacl-0.7/debian/control index 9a73611..832bc66 100644 --- a/libapache2-mod-authz-itkacl-0.6/debian/control +++ b/libapache2-mod-authz-itkacl-0.7/debian/control @@ -2,7 +2,7 @@ Source: libapache2-mod-authz-itkacl Section: web Priority: optional Maintainer: Steinar H. Gunderson -Build-Depends: debhelper (>= 7.0.0), apache2-prefork-dev, libitkacl-dev, dh-apache2 | apache2-dev +Build-Depends: debhelper (>= 7.0.0), libitkacl-dev, dh-apache2 | apache2-dev Standards-Version: 3.9.1 Package: libapache2-mod-authz-itkacl diff --git a/libapache2-mod-authz-itkacl-0.6/debian/dirs b/libapache2-mod-authz-itkacl-0.7/debian/dirs similarity index 100% rename from libapache2-mod-authz-itkacl-0.6/debian/dirs rename to libapache2-mod-authz-itkacl-0.7/debian/dirs diff --git a/libapache2-mod-authz-itkacl-0.6/debian/rules b/libapache2-mod-authz-itkacl-0.7/debian/rules similarity index 100% rename from libapache2-mod-authz-itkacl-0.6/debian/rules rename to libapache2-mod-authz-itkacl-0.7/debian/rules diff --git a/libapache2-mod-authz-itkacl-0.6/mod_authz_itkacl.c b/libapache2-mod-authz-itkacl-0.7/mod_authz_itkacl.c similarity index 86% rename from libapache2-mod-authz-itkacl-0.6/mod_authz_itkacl.c rename to libapache2-mod-authz-itkacl-0.7/mod_authz_itkacl.c index 51ec224..97017ef 100644 --- a/libapache2-mod-authz-itkacl-0.6/mod_authz_itkacl.c +++ b/libapache2-mod-authz-itkacl-0.7/mod_authz_itkacl.c @@ -1,8 +1,8 @@ /* - * ITKACL module, (C) 2004-2015 Steinar H. Gunderson + * ITKACL module, (C) 2004-2022 Steinar H. Gunderson */ -#define MODAUTHITKACL_VERSION "0.6" +#define MODAUTHITKACL_VERSION "0.7" #include "apr_strings.h" @@ -14,18 +14,17 @@ #include "http_protocol.h" #include "http_request.h" #include "mod_auth.h" +#include "itkacl.h" module AP_MODULE_DECLARE_DATA authz_itkacl_module; - -extern int itkacl_check(const char * const realm, const char * const user, - char *errmsg, size_t errmsg_size); +static struct itkacl_ctx *ctx = NULL; static int handle_require(request_rec *r, const char *username, const char *acl_path) { char errmsg[1024]; int ret; - ret = itkacl_check(acl_path, username, errmsg, 1024); + ret = itkacl_check_with_ctx(ctx, acl_path, username, errmsg, 1024); if (ret == 0) { return AUTHZ_GRANTED; } @@ -107,6 +106,17 @@ static authz_status authz_itkacl_authorize_user(request_rec *r, const char *requ static int authz_itkacl_init_handler(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) { ap_add_version_component(p, "mod_auth_itkacl/" MODAUTHITKACL_VERSION); + if (ctx != NULL) { + itkacl_free_ctx(ctx); + } + { + char errmsg[1024]; + ctx = itkacl_create_ctx(errmsg, sizeof(errmsg)); + if (ctx == NULL) { + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "Error while initializing libitkacl: %s", errmsg); + return HTTP_INTERNAL_SERVER_ERROR; + } + } return OK; } -- 2.39.2