ba634f14c1
Crowd is an application security framework that handles authentication and authorisation for your web-based applications. With Crowd you can quickly integrate multiple web applications into a single security architecture that supports single sign-on (SSO) and centralised identity management. Patches for Apache 2.4 and Subversion 1.8 suport from FreeBSD Ports.
108 lines
3.4 KiB
C
108 lines
3.4 KiB
C
$NetBSD: patch-src_mod__authnz__crowd.c,v 1.1 2016/02/15 16:34:32 jperkin Exp $
|
|
|
|
Support Apache 2.4.
|
|
|
|
--- src/mod_authnz_crowd.c.orig 2013-09-25 06:41:53.000000000 +0000
|
|
+++ src/mod_authnz_crowd.c
|
|
@@ -503,7 +503,6 @@ static authn_status authn_crowd_check_pa
|
|
static const authn_provider authn_crowd_provider =
|
|
{
|
|
&authn_crowd_check_password, /* Callback for HTTP Basic authentication */
|
|
- NULL /* Callback for HTTP Digest authentication */
|
|
};
|
|
|
|
static unsigned int parse_number(const char *string, const char *name, unsigned int min, unsigned int max,
|
|
@@ -599,6 +598,83 @@ apr_array_header_t *authnz_crowd_user_gr
|
|
* @param r the current request
|
|
* @return OK, DECLINED, or HTTP_...
|
|
*/
|
|
+#if AP_MODULE_MAGIC_AT_LEAST(20080403,1)
|
|
+static authz_status auth_group_checker(request_rec *r,
|
|
+ const char *require_line,
|
|
+ const void *parsed_require_args) {
|
|
+ const char *t, *w;
|
|
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "mod_authnz_crowd:auth_group_checker");
|
|
+
|
|
+ authnz_crowd_dir_config *config = get_config(r);
|
|
+ if (config == NULL) {
|
|
+ return AUTHZ_GENERAL_ERROR;
|
|
+ }
|
|
+
|
|
+ if (r->user == NULL) {
|
|
+ ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, "Authorisation requested, but no user provided.");
|
|
+ return AUTHZ_DENIED_NO_USER;
|
|
+ }
|
|
+
|
|
+ apr_array_header_t *user_groups = NULL;
|
|
+
|
|
+ /* Fetch groups only if actually needed. */
|
|
+ if (user_groups == NULL) {
|
|
+ user_groups = crowd_user_groups(r->user, r, config->crowd_config);
|
|
+ if (user_groups == NULL) {
|
|
+ return AUTHZ_GENERAL_ERROR;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ /* Iterate over the groups mentioned in the requirement. */
|
|
+ t = require_line;
|
|
+ while ((w = ap_getword_conf(r->pool, &t)) && w[0]) {
|
|
+ int y;
|
|
+ for (y = 0; y < user_groups->nelts; y++) {
|
|
+ const char *user_group = APR_ARRAY_IDX(user_groups, y, const char *);
|
|
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
|
|
+ "auth_group_checker: user_group=%s, required_group=%s", user_group, w);
|
|
+ if (strcasecmp(user_group, w) == 0) {
|
|
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
|
|
+ "Granted authorisation to '%s' on the basis of membership of '%s'.", r->user, user_group);
|
|
+ return AUTHZ_GRANTED;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ }
|
|
+
|
|
+
|
|
+ ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, "Denied authorisation to '%s'.", r->user);
|
|
+ return AUTHZ_DENIED;
|
|
+}
|
|
+
|
|
+static const authz_provider authz_crowd_group_provider =
|
|
+{
|
|
+ &auth_group_checker,
|
|
+ NULL,
|
|
+};
|
|
+
|
|
+static void register_hooks(apr_pool_t *p)
|
|
+{
|
|
+ ap_hook_post_config(post_config, NULL, NULL, APR_HOOK_MIDDLE);
|
|
+ ap_hook_check_user_id(check_user_id, NULL, NULL, APR_HOOK_FIRST);
|
|
+ ap_register_auth_provider(
|
|
+ p,
|
|
+ AUTHN_PROVIDER_GROUP,
|
|
+ "crowd",
|
|
+ AUTHN_PROVIDER_VERSION,
|
|
+ &authn_crowd_provider, AP_AUTH_INTERNAL_PER_CONF
|
|
+ );
|
|
+
|
|
+ // Require crowd-group group1 group2 ...
|
|
+ ap_register_auth_provider(
|
|
+ p,
|
|
+ AUTHZ_PROVIDER_GROUP,
|
|
+ "crowd-group",
|
|
+ AUTHZ_PROVIDER_VERSION,
|
|
+ &authz_crowd_group_provider, AP_AUTH_INTERNAL_PER_CONF
|
|
+ );
|
|
+}
|
|
+#else
|
|
static int auth_checker(request_rec *r) {
|
|
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "mod_authnz_crowd:auth_checker");
|
|
|
|
@@ -678,6 +754,9 @@ static void register_hooks(apr_pool_t *p
|
|
ap_hook_auth_checker(auth_checker, pre_auth_checker, NULL, APR_HOOK_MIDDLE);
|
|
}
|
|
|
|
+#endif
|
|
+
|
|
+
|
|
module AP_MODULE_DECLARE_DATA authnz_crowd_module =
|
|
{
|
|
STANDARD20_MODULE_STUFF,
|