From: Andrea Zagli Date: Sun, 7 Jan 2018 09:37:19 +0000 (+0100) Subject: Debian pkg: added files. X-Git-Url: https://saetta.ns0.it/gitweb?a=commitdiff_plain;h=b18949a80d4365ad35629373d62f03733d1c3e2e;p=zakautho%2Fmod_authz Debian pkg: added files. --- diff --git a/.gitignore b/.gitignore index 9396cd5..7c67234 100644 --- a/.gitignore +++ b/.gitignore @@ -51,4 +51,5 @@ intltool-* Rules-quot *.exe *.csv -*.~*~ \ No newline at end of file +*.~*~ +build/ \ No newline at end of file diff --git a/debian/authz_zakautho.load b/debian/authz_zakautho.load new file mode 100644 index 0000000..e9b6da5 --- /dev/null +++ b/debian/authz_zakautho.load @@ -0,0 +1 @@ +LoadModule authz_zakautho_module /usr/lib/apache2/modules/mod_authz_zakautho.so \ No newline at end of file diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..a0a3fd1 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,11 @@ +libapache2-mod-authz-zakautho (0.0.1-1~6.gbp6ad437) UNRELEASED; urgency=medium + + ** SNAPSHOT build @6ad437d13fa4616358e7605bea6535d19042e557 ** + + [ Andrea Zagli ] + ** SNAPSHOT build @99cea452a9bc102436b3195e6241e49ee956cc8d ** + + * Mandatory configuration parameters. + * Debian pkg: added files. + + -- tux Thu, 11 Jan 2018 11:51:33 +0100 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..ec63514 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +9 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..62c9162 --- /dev/null +++ b/debian/control @@ -0,0 +1,15 @@ +Source: libapache2-mod-authz-zakautho +Priority: optional +Maintainer: Andrea Zagli +Build-Depends: debhelper (>= 9), intltool, pkg-config, libzakautho-dev, apache2-prefork-dev +Standards-Version: 3.9.8 +Section: web +Homepage: http://saetta.ns0.it +#Vcs-Git: https://anonscm.debian.org/collab-maint/libapache2_mod_authz_zakautho.git +#Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/libapache2_mod_authz_zakautho.git + +Package: libapache2-mod-authz-zakautho +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, libzakautho +Description: Provider for apache2 basic authorization to interface with libzakautho + Provider for apache2 basic authorization to interface with libzakautho. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..2a7c903 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,34 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: libapache2-mod-authz-zakautho +Source: + +Files: * +Copyright: + +License: GPL-2.0+ + +Files: debian/* +Copyright: 2017 Andrea Zagli +License: GPL-2.0+ + +License: GPL-2.0+ + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + . + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see + . + On Debian systems, the complete text of the GNU General + Public License version 2 can be found in "/usr/share/common-licenses/GPL-2". + +# Please also look if there are files or directories which have a +# different copyright/license attached and list them here. +# Please avoid picking licenses with terms that are more restrictive than the +# packaged work, as it may make Debian's contributions unacceptable upstream. diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..f36585b --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,10 @@ +[buildpackage] +export-dir=./build/wheezy +debian-branch=debian/wheezy +ignore-new=True +upstream-tree=BRANCH +upstream-branch=master +force-create=True +export=WC +dist=wheezy +pbuilder=True diff --git a/debian/libapache2-mod-authz-zakautho.install b/debian/libapache2-mod-authz-zakautho.install new file mode 100644 index 0000000..9b86b97 --- /dev/null +++ b/debian/libapache2-mod-authz-zakautho.install @@ -0,0 +1,2 @@ +usr/lib/apache2/modules/mod_authz_zakautho.so +etc/apache2/mods-available diff --git a/debian/patches/0001-autogen.sh-aclocal-missing-I.patch b/debian/patches/0001-autogen.sh-aclocal-missing-I.patch new file mode 100644 index 0000000..10d887f --- /dev/null +++ b/debian/patches/0001-autogen.sh-aclocal-missing-I.patch @@ -0,0 +1,21 @@ +From: Andrea Zagli +Date: Sun, 3 Dec 2017 23:50:46 +0100 +Subject: autogen.sh: aclocal missing -I. + +--- + autogen.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/autogen.sh b/autogen.sh +index 07457a5..b350a2c 100755 +--- a/autogen.sh ++++ b/autogen.sh +@@ -22,7 +22,7 @@ if [ "$#" = 0 -a "x$NOCONFIGURE" = "x" ]; then + fi + + set -x +-aclocal --install || exit 1 ++aclocal -I m4 --install || exit 1 + #glib-gettextize --force --copy || exit 1 + #gtkdocize --copy || exit 1 + #intltoolize --force --copy --automake || exit 1 diff --git a/debian/patches/0002-Forced-glib-type-init.patch b/debian/patches/0002-Forced-glib-type-init.patch new file mode 100644 index 0000000..ee960cd --- /dev/null +++ b/debian/patches/0002-Forced-glib-type-init.patch @@ -0,0 +1,21 @@ +From: Andrea Zagli +Date: Sun, 7 Jan 2018 10:39:53 +0100 +Subject: Forced glib type init. + +--- + src/mod_authz_zakautho.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/mod_authz_zakautho.c b/src/mod_authz_zakautho.c +index 3a439bf..3599d84 100644 +--- a/src/mod_authz_zakautho.c ++++ b/src/mod_authz_zakautho.c +@@ -268,6 +268,8 @@ static const authz_provider authz_zakautho_provider = + static void + register_hooks (apr_pool_t *pool) + { ++ g_type_init (); ++ + ap_register_auth_provider (pool, AUTHZ_PROVIDER_GROUP, "zakautho", + AUTHZ_PROVIDER_VERSION, + &authz_zakautho_provider, AP_AUTH_INTERNAL_PER_CONF); diff --git a/debian/patches/0003-Apache-old-api.patch b/debian/patches/0003-Apache-old-api.patch new file mode 100644 index 0000000..c8907a3 --- /dev/null +++ b/debian/patches/0003-Apache-old-api.patch @@ -0,0 +1,251 @@ +From: Andrea Zagli +Date: Sun, 7 Jan 2018 11:24:43 +0100 +Subject: Apache old api. + +--- + src/mod_authz_zakautho.c | 126 ++++++++++++++++++++--------------------------- + 1 file changed, 54 insertions(+), 72 deletions(-) + +diff --git a/src/mod_authz_zakautho.c b/src/mod_authz_zakautho.c +index 3599d84..57f6bea 100644 +--- a/src/mod_authz_zakautho.c ++++ b/src/mod_authz_zakautho.c +@@ -19,7 +19,6 @@ + #include "apr_strings.h" + + #include "ap_config.h" +-#include "ap_provider.h" + #include "httpd.h" + #include "http_config.h" + #include "http_core.h" +@@ -27,8 +26,6 @@ + #include "http_protocol.h" + #include "http_request.h" + +-#include "mod_auth.h" +- + #ifdef HAVE_CONFIG_H + #include + #endif +@@ -94,14 +91,15 @@ module AP_DECLARE_DATA authz_zakautho_module = + register_hooks /* register hooks */ + }; + +-static authz_status +-check_authorization (request_rec *r, +- const char *require_args, +- const void *parsed_require_args) ++static int ++check_authorization (request_rec *r) + { + const char *err = NULL; +- const ap_expr_info_t *expr = parsed_require_args; +- const char *require; ++ ++ const apr_array_header_t *reqs_arr = ap_requires (r); ++ require_line *reqs; ++ int m = r->method_number; ++ register int x; + + const char *t; + const char *w; +@@ -121,26 +119,23 @@ check_authorization (request_rec *r, + + if (!r->user) + { +- return AUTHZ_DENIED_NO_USER; ++ return DECLINED; + } + +- require = ap_expr_str_exec (r, expr, &err); +- if (err) ++ if (!reqs_arr) + { +- ap_log_rerror (APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02594) +- "authz_zakautho authorize: require user: Can't " +- "evaluate require expression: %s", err); +- return AUTHZ_DENIED; ++ return DECLINED; + } ++ reqs = (require_line *)reqs_arr->elts; + + config = (zakautho_config *)ap_get_module_config (r->per_dir_config, &authz_zakautho_module); + + autho = zak_autho_new (); + if (autho == NULL) + { +- ap_log_rerror (APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02594) ++ ap_log_rerror (APLOG_MARK, APLOG_ERR, 0, r, + "Unable to create the libzakautho object."); +- return AUTHZ_DENIED; ++ return DECLINED; + } + + if (config->xml_filename != NULL) +@@ -148,19 +143,19 @@ check_authorization (request_rec *r, + xdoc = xmlParseFile (config->xml_filename); + if (xdoc != NULL) + { +- ap_log_rerror (APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02594) ++ ap_log_rerror (APLOG_MARK, APLOG_ERR, 0, r, + "Unable to parse the libzakautho configuration from xml file «%s».", + config->xml_filename); +- return AUTHZ_DENIED; ++ return DECLINED; + } + + xnode = xmlDocGetRootElement (xdoc); + if (!zak_autho_load_from_xml (autho, xnode, TRUE)) + { +- ap_log_rerror (APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02594) ++ ap_log_rerror (APLOG_MARK, APLOG_ERR, 0, r, + "Unable to load the libzakautho configuration from xml file «%s».", + config->xml_filename); +- return AUTHZ_DENIED; ++ return DECLINED; + } + } + else if (config->db_cnc_string != NULL) +@@ -169,36 +164,36 @@ check_authorization (request_rec *r, + gdacon = gda_connection_open_from_string (NULL, config->db_cnc_string, NULL, 0, &error); + if (gdacon == NULL || error != NULL) + { +- ap_log_rerror (APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02594) ++ ap_log_rerror (APLOG_MARK, APLOG_ERR, 0, r, + "Unable to create connection to db: %s.", + error != NULL && error->message != NULL ? error->message : "no details"); +- return AUTHZ_DENIED; ++ return DECLINED; + } + + if (!zak_autho_load_from_db_with_monitor (autho, gdacon, + config->db_table_name_prefix != NULL ? config->db_table_name_prefix : NULL, + TRUE)) + { +- ap_log_rerror (APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02594) ++ ap_log_rerror (APLOG_MARK, APLOG_ERR, 0, r, + "Unable to load the libzakautho configuration from db."); +- return AUTHZ_DENIED; ++ return DECLINED; + } + } + else + { +- ap_log_rerror (APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02594) ++ ap_log_rerror (APLOG_MARK, APLOG_ERR, 0, r, + "libzakautho configuration must be loaded from xml file or from database. " + "Please use AuthZakAuthoXmlFilename or AuthZakAuthoDbCncString in apache configuration."); +- return AUTHZ_DENIED; ++ return DECLINED; + } + + _user = g_strdup_printf (config->user_decoration != NULL ? config->user_decoration : "%s", r->user); + role_user = zak_autho_get_role_from_id (autho, _user); + if (role_user == NULL) + { +- ap_log_rerror (APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02594) ++ ap_log_rerror (APLOG_MARK, APLOG_ERR, 0, r, + "User «%s» not found on libzakautho configuration.", _user); +- return AUTHZ_DENIED; ++ return DECLINED; + } + g_free (_user); + +@@ -211,68 +206,55 @@ check_authorization (request_rec *r, + zak_autho_set_resource_name_prefix (autho, config->resource_name_prefix); + } + +- t = require; +- while ((w = ap_getword_conf (r->pool, &t)) && w[0]) ++ for (x = 0; x < reqs_arr->nelts; x++) + { +- ZakAuthoIResource *resource; +- +- resource = zak_autho_get_resource_from_id (autho, w); +- if (resource == NULL) ++ if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) + { +- ap_log_rerror (APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02594) +- "Resource «%s» not found on libzakautho configuration.", w); ++ continue; + } +- else ++ ++ t = reqs[x].requirement; ++ w = ap_getword_white (r->pool, &t); ++ ++ if (!strcasecmp (w, "zakautho")) + { +- if (zak_autho_is_allowed (autho, role_user, resource, FALSE)) ++ while (t[0]) + { +- return AUTHZ_GRANTED; ++ ZakAuthoIResource *resource; ++ ++ w = ap_getword_conf (r->pool, &t); ++ ++ resource = zak_autho_get_resource_from_id (autho, w); ++ if (resource == NULL) ++ { ++ ap_log_rerror (APLOG_MARK, APLOG_WARNING, 0, r, ++ "Resource «%s» not found on libzakautho configuration.", w); ++ } ++ else ++ { ++ if (zak_autho_is_allowed (autho, role_user, resource, FALSE)) ++ { ++ return OK; ++ } ++ } + } + } + } + +- ap_log_rerror (APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01663) ++ ap_log_rerror (APLOG_MARK, APLOG_DEBUG, 0, r, + "access to %s failed, reason: user '%s' does not meet " + "'require'ments for user to be allowed access", + r->uri, r->user); + +- return AUTHZ_DENIED; ++ return HTTP_UNAUTHORIZED; + } + +-static const char +-*parse_config (cmd_parms *cmd, const char *require_line, +- const void **parsed_require_line) +-{ +- const char *expr_err = NULL; +- ap_expr_info_t *expr; +- +- expr = ap_expr_parse_cmd(cmd, require_line, AP_EXPR_FLAG_STRING_RESULT, +- &expr_err, NULL); +- +- if (expr_err) +- return apr_pstrcat(cmd->temp_pool, +- "Cannot parse expression in require line: ", +- expr_err, NULL); +- +- *parsed_require_line = expr; +- +- return NULL; +-} +- +-static const authz_provider authz_zakautho_provider = +- { +- &check_authorization, +- &parse_config, +- }; +- + static void + register_hooks (apr_pool_t *pool) + { + g_type_init (); + +- ap_register_auth_provider (pool, AUTHZ_PROVIDER_GROUP, "zakautho", +- AUTHZ_PROVIDER_VERSION, +- &authz_zakautho_provider, AP_AUTH_INTERNAL_PER_CONF); ++ ap_hook_auth_checker (check_authorization, NULL, NULL, APR_HOOK_MIDDLE); + } + + /* diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..d53cbec --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,3 @@ +0001-autogen.sh-aclocal-missing-I.patch +0002-Forced-glib-type-init.patch +0003-Apache-old-api.patch diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..a6f76d0 --- /dev/null +++ b/debian/rules @@ -0,0 +1,39 @@ +#!/usr/bin/make -f +# See debhelper(7) (uncomment to enable) +# output every command that modifies files on the build system. +#export DH_VERBOSE = 1 + + +# see FEATURE AREAS in dpkg-buildflags(1) +#export DEB_BUILD_MAINT_OPTIONS = hardening=+all + +# see ENVIRONMENT in dpkg-buildflags(1) +# package maintainers to append CFLAGS +#export DEB_CFLAGS_MAINT_APPEND = -Wall -pedantic +# package maintainers to append LDFLAGS +#export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed + + +export DEB_CFLAGS_MAINT_STRIP = -Werror=format-security +export DEB_CPPFLAGS_MAINT_STRIP = -Werror=format-security +export DEB_CXXFLAGS_MAINT_STRIP = -Werror=format-security + + +%: + dh $@ + + +override_dh_auto_configure: + NOCONFIGURE="X" ./autogen.sh + dh_auto_configure + +override_dh_auto_install: + $(MAKE) DESTDIR=$$(pwd)/debian/tmp prefix=/usr install + install -d $$(pwd)/debian/tmp/etc/apache2/mods-available + install $(CURDIR)/debian/authz_zakautho.load $$(pwd)/debian/tmp/etc/apache2/mods-available + + +# dh_make generated override targets +# This is example for Cmake (See https://bugs.debian.org/641051 ) +#override_dh_auto_configure: +# dh_auto_configure -- # -DCMAKE_LIBRARY_PATH=$(DEB_HOST_MULTIARCH) diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt)