diff --git a/src/crowd_client.c b/src/crowd_client.c index c190d0b..9a42acf 100644 --- a/src/crowd_client.c +++ src/crowd_client.c @@ -631,9 +631,15 @@ static char *make_app_cache_key(const request_rec *r, const crowd_config *config } static char *make_session_cache_key(const char *token, const char *forwarded_for, const request_rec *r, const crowd_config *config) { +#if AP_MODULE_MAGIC_AT_LEAST(20080403,1) + return log_ralloc(r, apr_psprintf(r->pool, "%s\037%s\037%s\037%s\037%s", token, + forwarded_for == NULL ? "" : forwarded_for, r->connection->client_ip, config->crowd_app_name, + config->crowd_url)); +#else return log_ralloc(r, apr_psprintf(r->pool, "%s\037%s\037%s\037%s\037%s", token, forwarded_for == NULL ? "" : forwarded_for, r->connection->remote_ip, config->crowd_app_name, config->crowd_url)); +#endif } /*========================== @@ -764,9 +770,15 @@ static bool handle_crowd_create_session_session_element(write_data_t *write_data } static const char *get_validation_factors(const request_rec *r, const char *forwarded_for) { +#if AP_MODULE_MAGIC_AT_LEAST(20080403,1) + const char *payload_beginning = log_ralloc(r, apr_pstrcat(r->pool, + "remote_address", r->connection->client_ip, + "", NULL)); +#else const char *payload_beginning = log_ralloc(r, apr_pstrcat(r->pool, "remote_address", r->connection->remote_ip, "", NULL)); +#endif if (payload_beginning == NULL) { return NULL; } @@ -863,7 +875,7 @@ static const char *make_validate_session_url(const request_rec *r, const crowd_c char *url = log_ralloc(r, apr_pstrcat(r->pool, urlWithoutToken, escapedToken, NULL)); - curl_free(escapedToken); + curl_free((void *)escapedToken); return url; } diff --git a/src/mod_authnz_crowd.c b/src/mod_authnz_crowd.c index 44232a2..e9f849b 100644 --- a/src/mod_authnz_crowd.c +++ src/mod_authnz_crowd.c @@ -520,7 +520,6 @@ static authn_status authn_crowd_check_password(request_rec *r, const char *user, static const authn_provider authn_crowd_provider = { &authn_crowd_check_password, /* Callback for HTTP Basic authentication */ - NULL /* Callback for HTTP Digest authentication */ }; static unsigned int parse_number(const char *string, const char *name, unsigned int min, unsigned int max, @@ -611,6 +610,83 @@ apr_array_header_t *authnz_crowd_user_groups(const char *username, request_rec * * @param r the current request * @return OK, DECLINED, or HTTP_... */ +#if AP_MODULE_MAGIC_AT_LEAST(20080403,1) +static authz_status auth_group_checker(request_rec *r, + const char *require_line, + const void *parsed_require_args) { + const char *t, *w; + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "mod_authnz_crowd:auth_group_checker"); + + authnz_crowd_dir_config *config = get_config(r); + if (config == NULL) { + return AUTHZ_GENERAL_ERROR; + } + + if (r->user == NULL) { + ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, "Authorisation requested, but no user provided."); + return AUTHZ_DENIED_NO_USER; + } + + apr_array_header_t *user_groups = NULL; + + /* Fetch groups only if actually needed. */ + if (user_groups == NULL) { + user_groups = crowd_user_groups(r->user, r, config->crowd_config); + if (user_groups == NULL) { + return AUTHZ_GENERAL_ERROR; + } + } + + /* Iterate over the groups mentioned in the requirement. */ + t = require_line; + while ((w = ap_getword_conf(r->pool, &t)) && w[0]) { + int y; + for (y = 0; y < user_groups->nelts; y++) { + const char *user_group = APR_ARRAY_IDX(user_groups, y, const char *); + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + "auth_group_checker: user_group=%s, required_group=%s", user_group, w); + if (strcasecmp(user_group, w) == 0) { + ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, + "Granted authorisation to '%s' on the basis of membership of '%s'.", r->user, user_group); + return AUTHZ_GRANTED; + } + } + + } + + + ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, "Denied authorisation to '%s'.", r->user); + return AUTHZ_DENIED; +} + +static const authz_provider authz_crowd_group_provider = +{ + &auth_group_checker, + NULL, +}; + +static void register_hooks(apr_pool_t *p) +{ + ap_hook_post_config(post_config, NULL, NULL, APR_HOOK_MIDDLE); + ap_hook_check_user_id(check_user_id, NULL, NULL, APR_HOOK_FIRST); + ap_register_auth_provider( + p, + AUTHN_PROVIDER_GROUP, + "crowd", + AUTHN_PROVIDER_VERSION, + &authn_crowd_provider, AP_AUTH_INTERNAL_PER_CONF + ); + + // Require crowd-group group1 group2 ... + ap_register_auth_provider( + p, + AUTHZ_PROVIDER_GROUP, + "crowd-group", + AUTHZ_PROVIDER_VERSION, + &authz_crowd_group_provider, AP_AUTH_INTERNAL_PER_CONF + ); +} +#else static int auth_checker(request_rec *r) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "mod_authnz_crowd:auth_checker"); @@ -690,6 +766,9 @@ static void register_hooks(apr_pool_t *p) ap_hook_auth_checker(auth_checker, pre_auth_checker, NULL, APR_HOOK_MIDDLE); } +#endif + + module AP_MODULE_DECLARE_DATA authnz_crowd_module = { STANDARD20_MODULE_STUFF, diff --git a/src/svn/mod_authz_svn_crowd.c b/src/svn/mod_authz_svn_crowd.c index 69b9aa0..3164a40 100644 --- a/src/svn/mod_authz_svn_crowd.c +++ src/svn/mod_authz_svn_crowd.c @@ -50,6 +50,7 @@ #include #include +#include const char * svn_fspath__canonicalize(const char *fspath, @@ -73,6 +74,7 @@ typedef struct authz_svn_config_rec { const char *base_path; const char *access_file; const char *repo_relative_access_file; + const char *groups_file; // rwb const char *force_username_case; } authz_svn_config_rec; @@ -105,6 +107,12 @@ struct svn_config_t /* Temporary value used for expanded default values in svn_config_get. (Using a stringbuf so that frequent resetting is efficient.) */ svn_stringbuf_t *tmp_value; + +#if SVN_VER_MINOR >= 7 + /* Specifies whether section names are populated case sensitively. */ + svn_boolean_t section_names_case_sensitive; +#endif + }; typedef struct @@ -113,7 +121,7 @@ typedef struct const char *name; /* The section name, converted into a hash key. */ - const char *hash_key; + // const char *hash_key; /* Table of cfg_option_t's. */ apr_hash_t *options;