92e47b6c21
- fix build with subversion 1.8.x PR: 193536 Submitted by: ohauer Approved by: Vick Khera (maintainer) Obtained from: https://bitbucket.org/atlassian/cwdapache/pull-request/18/added-apache-24-compatibility-and-fixed/diff [2] MFH: 2014Q3 [1] fix shaped and tested by Vick Khera [2] based on
193 lines
6.6 KiB
Text
193 lines
6.6 KiB
Text
diff --git a/src/crowd_client.c b/src/crowd_client.c
|
|
index c190d0b..9a42acf 100644
|
|
--- a/src/crowd_client.c
|
|
+++ src/crowd_client.c
|
|
@@ -631,9 +631,15 @@ static char *make_app_cache_key(const request_rec *r, const crowd_config *config
|
|
}
|
|
|
|
static char *make_session_cache_key(const char *token, const char *forwarded_for, const request_rec *r, const crowd_config *config) {
|
|
+#if AP_MODULE_MAGIC_AT_LEAST(20080403,1)
|
|
+ return log_ralloc(r, apr_psprintf(r->pool, "%s\037%s\037%s\037%s\037%s", token,
|
|
+ forwarded_for == NULL ? "" : forwarded_for, r->connection->client_ip, config->crowd_app_name,
|
|
+ config->crowd_url));
|
|
+#else
|
|
return log_ralloc(r, apr_psprintf(r->pool, "%s\037%s\037%s\037%s\037%s", token,
|
|
forwarded_for == NULL ? "" : forwarded_for, r->connection->remote_ip, config->crowd_app_name,
|
|
config->crowd_url));
|
|
+#endif
|
|
}
|
|
|
|
/*==========================
|
|
@@ -764,9 +770,15 @@ static bool handle_crowd_create_session_session_element(write_data_t *write_data
|
|
}
|
|
|
|
static const char *get_validation_factors(const request_rec *r, const char *forwarded_for) {
|
|
+#if AP_MODULE_MAGIC_AT_LEAST(20080403,1)
|
|
+ const char *payload_beginning = log_ralloc(r, apr_pstrcat(r->pool,
|
|
+ "<validation-factors><validation-factor><name>remote_address</name><value>", r->connection->client_ip,
|
|
+ "</value></validation-factor>", NULL));
|
|
+#else
|
|
const char *payload_beginning = log_ralloc(r, apr_pstrcat(r->pool,
|
|
"<validation-factors><validation-factor><name>remote_address</name><value>", r->connection->remote_ip,
|
|
"</value></validation-factor>", NULL));
|
|
+#endif
|
|
if (payload_beginning == NULL) {
|
|
return NULL;
|
|
}
|
|
@@ -863,7 +875,7 @@ static const char *make_validate_session_url(const request_rec *r, const crowd_c
|
|
|
|
char *url = log_ralloc(r, apr_pstrcat(r->pool, urlWithoutToken, escapedToken, NULL));
|
|
|
|
- curl_free(escapedToken);
|
|
+ curl_free((void *)escapedToken);
|
|
|
|
return url;
|
|
}
|
|
diff --git a/src/mod_authnz_crowd.c b/src/mod_authnz_crowd.c
|
|
index 44232a2..e9f849b 100644
|
|
--- a/src/mod_authnz_crowd.c
|
|
+++ src/mod_authnz_crowd.c
|
|
@@ -520,7 +520,6 @@ static authn_status authn_crowd_check_password(request_rec *r, const char *user,
|
|
static const authn_provider authn_crowd_provider =
|
|
{
|
|
&authn_crowd_check_password, /* Callback for HTTP Basic authentication */
|
|
- NULL /* Callback for HTTP Digest authentication */
|
|
};
|
|
|
|
static unsigned int parse_number(const char *string, const char *name, unsigned int min, unsigned int max,
|
|
@@ -611,6 +610,83 @@ apr_array_header_t *authnz_crowd_user_groups(const char *username, request_rec *
|
|
* @param r the current request
|
|
* @return OK, DECLINED, or HTTP_...
|
|
*/
|
|
+#if AP_MODULE_MAGIC_AT_LEAST(20080403,1)
|
|
+static authz_status auth_group_checker(request_rec *r,
|
|
+ const char *require_line,
|
|
+ const void *parsed_require_args) {
|
|
+ const char *t, *w;
|
|
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "mod_authnz_crowd:auth_group_checker");
|
|
+
|
|
+ authnz_crowd_dir_config *config = get_config(r);
|
|
+ if (config == NULL) {
|
|
+ return AUTHZ_GENERAL_ERROR;
|
|
+ }
|
|
+
|
|
+ if (r->user == NULL) {
|
|
+ ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, "Authorisation requested, but no user provided.");
|
|
+ return AUTHZ_DENIED_NO_USER;
|
|
+ }
|
|
+
|
|
+ apr_array_header_t *user_groups = NULL;
|
|
+
|
|
+ /* Fetch groups only if actually needed. */
|
|
+ if (user_groups == NULL) {
|
|
+ user_groups = crowd_user_groups(r->user, r, config->crowd_config);
|
|
+ if (user_groups == NULL) {
|
|
+ return AUTHZ_GENERAL_ERROR;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ /* Iterate over the groups mentioned in the requirement. */
|
|
+ t = require_line;
|
|
+ while ((w = ap_getword_conf(r->pool, &t)) && w[0]) {
|
|
+ int y;
|
|
+ for (y = 0; y < user_groups->nelts; y++) {
|
|
+ const char *user_group = APR_ARRAY_IDX(user_groups, y, const char *);
|
|
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
|
|
+ "auth_group_checker: user_group=%s, required_group=%s", user_group, w);
|
|
+ if (strcasecmp(user_group, w) == 0) {
|
|
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
|
|
+ "Granted authorisation to '%s' on the basis of membership of '%s'.", r->user, user_group);
|
|
+ return AUTHZ_GRANTED;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ }
|
|
+
|
|
+
|
|
+ ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, "Denied authorisation to '%s'.", r->user);
|
|
+ return AUTHZ_DENIED;
|
|
+}
|
|
+
|
|
+static const authz_provider authz_crowd_group_provider =
|
|
+{
|
|
+ &auth_group_checker,
|
|
+ NULL,
|
|
+};
|
|
+
|
|
+static void register_hooks(apr_pool_t *p)
|
|
+{
|
|
+ ap_hook_post_config(post_config, NULL, NULL, APR_HOOK_MIDDLE);
|
|
+ ap_hook_check_user_id(check_user_id, NULL, NULL, APR_HOOK_FIRST);
|
|
+ ap_register_auth_provider(
|
|
+ p,
|
|
+ AUTHN_PROVIDER_GROUP,
|
|
+ "crowd",
|
|
+ AUTHN_PROVIDER_VERSION,
|
|
+ &authn_crowd_provider, AP_AUTH_INTERNAL_PER_CONF
|
|
+ );
|
|
+
|
|
+ // Require crowd-group group1 group2 ...
|
|
+ ap_register_auth_provider(
|
|
+ p,
|
|
+ AUTHZ_PROVIDER_GROUP,
|
|
+ "crowd-group",
|
|
+ AUTHZ_PROVIDER_VERSION,
|
|
+ &authz_crowd_group_provider, AP_AUTH_INTERNAL_PER_CONF
|
|
+ );
|
|
+}
|
|
+#else
|
|
static int auth_checker(request_rec *r) {
|
|
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "mod_authnz_crowd:auth_checker");
|
|
|
|
@@ -690,6 +766,9 @@ static void register_hooks(apr_pool_t *p)
|
|
ap_hook_auth_checker(auth_checker, pre_auth_checker, NULL, APR_HOOK_MIDDLE);
|
|
}
|
|
|
|
+#endif
|
|
+
|
|
+
|
|
module AP_MODULE_DECLARE_DATA authnz_crowd_module =
|
|
{
|
|
STANDARD20_MODULE_STUFF,
|
|
diff --git a/src/svn/mod_authz_svn_crowd.c b/src/svn/mod_authz_svn_crowd.c
|
|
index 69b9aa0..3164a40 100644
|
|
--- a/src/svn/mod_authz_svn_crowd.c
|
|
+++ src/svn/mod_authz_svn_crowd.c
|
|
@@ -50,6 +50,7 @@
|
|
|
|
#include <svn_pools.h>
|
|
#include <svn_dirent_uri.h>
|
|
+#include <svn_version.h>
|
|
|
|
const char *
|
|
svn_fspath__canonicalize(const char *fspath,
|
|
@@ -73,6 +74,7 @@ typedef struct authz_svn_config_rec {
|
|
const char *base_path;
|
|
const char *access_file;
|
|
const char *repo_relative_access_file;
|
|
+ const char *groups_file; // rwb
|
|
const char *force_username_case;
|
|
} authz_svn_config_rec;
|
|
|
|
@@ -105,6 +107,12 @@ struct svn_config_t
|
|
/* Temporary value used for expanded default values in svn_config_get.
|
|
(Using a stringbuf so that frequent resetting is efficient.) */
|
|
svn_stringbuf_t *tmp_value;
|
|
+
|
|
+#if SVN_VER_MINOR >= 7
|
|
+ /* Specifies whether section names are populated case sensitively. */
|
|
+ svn_boolean_t section_names_case_sensitive;
|
|
+#endif
|
|
+
|
|
};
|
|
|
|
typedef struct
|
|
@@ -113,7 +121,7 @@ typedef struct
|
|
const char *name;
|
|
|
|
/* The section name, converted into a hash key. */
|
|
- const char *hash_key;
|
|
+ // const char *hash_key;
|
|
|
|
/* Table of cfg_option_t's. */
|
|
apr_hash_t *options;
|