Changeset 2435 for branches

Timestamp:

Jun 14, 2013, 4:10:05 PM (11 years ago)

Author:

achernya

Message:

Port httpdmods to httpd 2.4

mod_original_dst has very few changes; the mpm.h header is now
missing, so hardcode the accept function in the now-nonexistant
#define.  If a better way to do this is found, this hard-coding should
be replaced, but from inspecing the 2.4.4 source, this appears to be
the best way.

mod_authz_afsgroup has more extensive changes, due to the differences
in how Apache 2.4 handles authorization. In theory, this should work
the same way as before, and reduces the amount of code, as Apache will
no longer force us to parse lines that are not relevant to us.

Location:

branches/fc19-dev/server/common/oursrc/httpdmods

Files:

• mod_authz_afsgroup.c (modified) (4 diffs)
• mod_original_dst.c (modified) (1 diff)

branches/fc19-dev/server/common/oursrc/httpdmods/mod_authz_afsgroup.c

@@ -13 +13 @@
 
 #include "ap_config.h"
+#include "ap_provider.h"
 #include "httpd.h"
 #include "http_config.h"
@@ -19 +20 @@
 #include "http_protocol.h"
 #include "http_request.h"
+
+#include "mod_auth.h"
 
 #include <unistd.h>
@@ -48 +51 @@
 module AP_MODULE_DECLARE_DATA authz_afsgroup_module;
 
-static int check_afsgroup_access(request_rec *r)
+static authz_status is_user_in_afsgroup(request_rec *r, char* user, char* afsgroup)
+{
+    int pfd[2];
+    pid_t cpid;
+    int status;
+    FILE *fp;
+    char *line = NULL;
+    char buf[256];
+    size_t len = 0;
+    ssize_t read;
+    int found = 0;
+    if (pipe(pfd) == -1) {
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                      "pipe() failed!");
+        return AUTHZ_GENERAL_ERROR;
+    }
+    cpid = fork();
+    if (cpid == -1) {
+        close(pfd[0]);
+        close(pfd[1]);
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                      "fork() failed!");
+        return AUTHZ_GENERAL_ERROR;
+    }
+    if (cpid == 0) {
+        close(pfd[0]);
+        dup2(pfd[1], STDOUT_FILENO);
+        execve("/usr/bin/pts",
+               (char *const[])
+               { "pts", "membership", "-nameorid", afsgroup, NULL },
+               NULL);
+        _exit(1);
+    }
+    close(pfd[1]);
+    fp = fdopen(pfd[0], "r");
+    if (fp == NULL) {
+        close(pfd[0]);
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                      "fdopen() failed!");
+        return AUTHZ_GENERAL_ERROR;
+    }
+    if (snprintf(buf, sizeof(buf), "  %s\n", user) >= sizeof(buf)) {
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                      "access to %s failed, reason: username '%s' "
+                      "is too long!",
+                      r->uri, user);
+        return AUTHZ_DENIED;
+    }
+    while ((read = getline(&line, &len, fp)) != -1) {
+        if (strcmp(line, buf) == 0)
+            found = 1;
+    }
+    if (line)
+        free(line);
+    fclose(fp);
+    if (waitpid(cpid, &status, 0) == -1) {
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                      "waitpid() failed!");
+        return AUTHZ_GENERAL_ERROR;
+    }
+    if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                      "`pts membership -nameorid %s` failed!",
+                      afsgroup);
+        return AUTHZ_GENERAL_ERROR;
+    }
+    if (found)
+        return AUTHZ_GRANTED;
+
+    return AUTHZ_DENIED;
+}
+
+static authz_status check_afsgroup_access(request_rec *r,
+                                 const char *require_line,
+                                 const void *parsed_require_line)
 {
     authz_afsgroup_config_rec *conf = ap_get_module_config(r->per_dir_config,
                                                            &authz_afsgroup_module);
-    char *user = r->user;
-    int m = r->method_number;
-    int required_afsgroup = 0;
-    register int x;
     const char *t;
     char *w;
-    const apr_array_header_t *reqs_arr = ap_requires(r);
-    require_line *reqs;
+    authz_status pergroup;
 
-    if (!reqs_arr) {
-        return DECLINED;
-    }
-    reqs = (require_line *)reqs_arr->elts;
-
-    for (x = 0; x < reqs_arr->nelts; x++) {
-
-        if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) {
-            continue;
-        }
-
-        t = reqs[x].requirement;
-        w = ap_getword_white(r->pool, &t);
-        if (!strcasecmp(w, "afsgroup")) {
-            required_afsgroup = 1;
-            while (t[0]) {
-                int pfd[2];
-                pid_t cpid;
-                int status;
-                FILE *fp;
-                char *line = NULL;
-                char buf[256];
-                size_t len = 0;
-                ssize_t read;
-                int found = 0;
-                w = ap_getword_conf(r->pool, &t);
-                if (pipe(pfd) == -1) {
-                    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                                  "pipe() failed!");
-                    return HTTP_INTERNAL_SERVER_ERROR;
-                }
-                cpid = fork();
-                if (cpid == -1) {
-                    close(pfd[0]);
-                    close(pfd[1]);
-                    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                                  "fork() failed!");
-                    return HTTP_INTERNAL_SERVER_ERROR;
-                }
-                if (cpid == 0) {
-                    close(pfd[0]);
-                    dup2(pfd[1], STDOUT_FILENO);
-                    execve("/usr/bin/pts",
-                           (char *const[]) {
-                               "pts", "membership", "-nameorid", w, NULL
-                           },
-                           NULL);
-                    _exit(1);
-                }
-                close(pfd[1]);
-                fp = fdopen(pfd[0], "r");
-                if (fp == NULL) {
-                    close(pfd[0]);
-                    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                                  "fdopen() failed!");
-                    return HTTP_INTERNAL_SERVER_ERROR;
-                }
-                if (snprintf(buf, sizeof(buf), "  %s\n", user) >= sizeof(buf)) {
-                    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                                  "access to %s failed, reason: username '%s' "
-                                  "is too long!",
-                                  r->uri, user);
-                    continue;
-                }
-                while ((read = getline(&line, &len, fp)) != -1) {
-                    if (strcmp(line, buf) == 0)
-                        found = 1;
-                }
-                if (line)
-                    free(line);
-                fclose(fp);
-                if (waitpid(cpid, &status, 0) == -1) {
-                    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                                  "waitpid() failed!");
-                    return HTTP_INTERNAL_SERVER_ERROR;
-                }
-                if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
-                    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                                  "`pts membership -nameorid %s` failed!",
-                                  w);
-                    return HTTP_INTERNAL_SERVER_ERROR;
-                }
-                if (found)
-                    return OK;
-            }
-        }
+    if (!r->user) {
+        return AUTHZ_DENIED_NO_USER;
     }
 
-    if (!required_afsgroup) {
-        return DECLINED;
+    t = require_line;
+    while ((w = ap_getword_conf(r->pool, &t)) && w[0]) {
+        if ((pergroup = is_user_in_afsgroup(r, r->user, w)) != AUTHZ_DENIED) {
+            // If we got some return value other than AUTHZ_DENIED, it
+            // means we either got GRANTED, or some sort of error, and
+            // we need to bubble that up.
+            return pergroup;
+        }
     }
 
     if (!conf->authoritative) {
-        return DECLINED;
+        return AUTHZ_NEUTRAL;
     }
 
@@ -160 +154 @@
                   "access to %s failed, reason: user '%s' does not meet "
                   "'require'ments for afsgroup to be allowed access",
-                  r->uri, user);
+                  r->uri, r->user);
 
-    ap_note_auth_failure(r);
-    return HTTP_FORBIDDEN;
+    return AUTHZ_DENIED;
 }
+
+static const authz_provider authz_afsgroup_provider =
+{
+    &check_afsgroup_access,
+    NULL,
+};
 
 static void register_hooks(apr_pool_t *p)
 {
-    ap_hook_auth_checker(check_afsgroup_access, NULL, NULL, APR_HOOK_MIDDLE);
+    ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "afsgroup",
+                              AUTHZ_PROVIDER_VERSION,
+                              &authz_afsgroup_provider, AP_AUTH_INTERNAL_PER_CONF);
+
 }
 

branches/fc19-dev/server/common/oursrc/httpdmods/mod_original_dst.c

@@ -16 +16 @@
 #include "ap_config.h"
 #include "ap_listen.h"
+#include "apr_portable.h"
 #include "http_config.h"
 #include "http_log.h"
 #include "httpd.h"
-#include "mpm.h"
+#include "unixd.h"
+
+#define MPM_ACCEPT_FUNC ap_unixd_accept
 
 extern void apr_sockaddr_vars_set(apr_sockaddr_t *, int, apr_port_t);