From: jan@unixpapa.com Date: Wed, 12 Oct 2011 14:55:14 +0000 (+0000) Subject: OK, this is the 3.3.1 release. X-Git-Tag: mod_authnz_external-3.3.1 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=53225307031819bbdaba2a2eee19bd7432d0da67;p=apache-authnz-external OK, this is the 3.3.1 release. --- diff --git a/mod_authnz_external/AUTHENTICATORS b/AUTHENTICATORS similarity index 100% rename from mod_authnz_external/AUTHENTICATORS rename to AUTHENTICATORS diff --git a/mod_authnz_external/CHANGES b/CHANGES similarity index 100% rename from mod_authnz_external/CHANGES rename to CHANGES diff --git a/mod_authnz_external/INSTALL b/INSTALL similarity index 100% rename from mod_authnz_external/INSTALL rename to INSTALL diff --git a/mod_authnz_external/INSTALL.HARDCODE b/INSTALL.HARDCODE similarity index 100% rename from mod_authnz_external/INSTALL.HARDCODE rename to INSTALL.HARDCODE diff --git a/mod_authnz_external/Makefile b/Makefile similarity index 100% rename from mod_authnz_external/Makefile rename to Makefile diff --git a/mod_authnz_external/README b/README similarity index 100% rename from mod_authnz_external/README rename to README diff --git a/mod_authnz_external/TODO b/TODO similarity index 100% rename from mod_authnz_external/TODO rename to TODO diff --git a/mod_authnz_external/UPGRADE b/UPGRADE similarity index 100% rename from mod_authnz_external/UPGRADE rename to UPGRADE diff --git a/mod_authnz_external/mod_authnz_external.c b/mod_authnz_external.c similarity index 100% rename from mod_authnz_external/mod_authnz_external.c rename to mod_authnz_external.c diff --git a/mod_authz_unixgroup/CHANGES b/mod_authz_unixgroup/CHANGES deleted file mode 100644 index f8a524f..0000000 --- a/mod_authz_unixgroup/CHANGES +++ /dev/null @@ -1,42 +0,0 @@ -v1.1.0 (Jan Wolter - Oct 6, 2011) ------------------------------------ - * Revised to work as an access control provider in Apache 2.4. - * Eliminated "AuthzUnixgroup on" directive because it is no longer needed. - * Eliminated "AuthnzUnixgroupError 403" directive because it is supplanted - by "AuthzSendForbiddenOnFailure On". - * Eliminated "AuthzUnixgroupAuthoritative off" directive because the whole - concept of authoritativeness is dead for access control providers in - Apache 2.4. - -v1.0.3 (Jan Wolter - Oct 6, 2011) ------------------------------------- - * Allow group names to be quoted, so that you can have group names with - spaces in them. This change was suggested by David Homborg. - * Document updated with references to versions for Apache 2.4. - -v1.0.2 (Jan Wolter - May 21, 2009) ------------------------------------- - * Adding copyright and Apache Version 2.0 license in LICENSE and NOTICE - files. - * New directive: AuthzUnixgroupError, can be used to specify the HTTP - error number to be returned on failure. - -v1.0.1 (Jan Wolter - Aug 6, 2008) ------------------------------------- - * Delete various logging statements that were really just there for - debugging and should have been removed sooner. - - * If there is an '@' in the user's login name, strip off that and anything - after it. An '@' sign is never legal in an unix login name, and some - authentication modules, like mod_auth_kerb, append an "@domain" to the - user's login name. - - Both of the above modifications are inspired by patches made by Ken Lalonde - . - - * Included "http_request.h" header file to surpress a harmless compile-time - warning. - -v1.0.0 (Jan Wolter - Feb 19, 2006) ------------------------------------- - * Original release diff --git a/mod_authz_unixgroup/INSTALL b/mod_authz_unixgroup/INSTALL deleted file mode 100644 index 46f1056..0000000 --- a/mod_authz_unixgroup/INSTALL +++ /dev/null @@ -1,164 +0,0 @@ -How to install mod_authz_unixgroup.c into Apache: - -NOTES: - - * Different versions of Apache require different versions of - mod_authz_unixgroup: - - Apache 2.2.x requires mod_authz_unixgroup 1.0.x - Apache 2.4.x requires mod_authz_unixgroup 1.1.x - - * There are two ways of installing mod_authz_unixgroup. - - (1) You can statically link it with Apache. This requires rebuilding - Apache in such a way that mod_authz_unixgroup will be compiled in. - - (2) You can make mod_authz_unixgroup a dynamically loaded module. If - your Apache has been built to support dynamically loaded modules - you can do this without rebuilding Apache, so it is pretty easy. - Performance may be slightly worse with this option. For information - on dynamically loaded modules see http://www.apache.org/docs/dso.html - - Instructions for both options are given here. - - * There is also documentation in the README file. If you find this document - unclear, reading that may help. - - -INSTALL METHOD A: Dynamically Linking Mod_authz_unixgroup using apxs: ---------------------------------------------------------------------- - -Step 1: - Ensure that your Apache server is configured to handle dynamically - loaded modules. To check this, run Apache server with the -l command - flag, like - - httpd -l - - If mod_so.c is one of the compiled-in modules, then you are ready - to go. - -Step 2: - Compile the module using the following command in the - mod_authz_unixgroup distribution directory: - - apxs -c mod_authz_unixgroup.c - - 'Apxs' is the Apache extension tool. It is part of the standard - Apache installation. If you don't have it, then your Apache server - is probably not set up for handling dynamically loaded modules. - This should create a file named 'mod_authz_unixgroup.so'. - -Step 3: - Install the module. Apxs can do this for you too. Do the following - command (as root so you can write to Apache's directories and config - files): - - apxs -i -a mod_authz_unixgroup.la - - This will create mod_authz_unixgroup.so and copy it into the proper - place, and add appropriate AddModule and LoadModule commands to the - configuration files. (Actually, it may get the LoadModule command - wrong. See below.) - -Step 4: - Go to the CONFIGURATION instructions below. - - -INSTALL METHOD B: Statically Linking ------------------------------------- - -Step 1: - Read the instructions on how to configure the Apache server in the - INSTALL file provided with the Apache source. - -Step 2: - When you run the ./configure script, include an --with-module flag, - giving the full pathname to the mod_authz_unixgroup.c file in this - distribution. For example, if you have unpacked this distribution - in /usr/local/src/mod_authz_unixgroup and are building Apache for - installation in /usr/local/apache, you might do: - - ./configure --prefix=/usr/local/apache \ - --with-module=aaa:/usr/local/src/mod_authz_unixgroup/mod_authz_unixgroup.c - - This will copy the mod_authz_unixgroup.c file into the correct place in - the Apache source tree and set things up to link it in. - -Step 3: - Type "make" to compile Apache and "make install" to install it. - -Step 4: - Go to the CONFIGURATION instructions below. - - -CONFIGURATION: --------------- - -Mod_authz_unixgroup is extremely simple to use. Presumably you already are -setting up some kind of authentication in a .htaccess file or in a - block in the httpd.conf file. You'll just need to change the -"Require" directive there to something like: - - Require unix-group admin -or - Require unix-group students teachers staff - -Obviously this only makes sense in a directory where you are doing -authentication. This could be any kind of authentication, but it makes -most sense if you are using it in combination with authentication out of -the unix password file, perhaps using mod_auth_external together with -pwauth, or mod_auth_shadow. The "Require group" directive will then -cause mod_authz_unixgroup to check if the user is in one of the groups -listed, and reject the authentication if they are not. A user is considered -to be in a group if either (1) the group is the user's primary group -identified by it's gid number in /etc/passwd, or (2) the group is listed -in /etc/group and the user id is listed as a member of that group. - -If you are authenticating out of something other than the unix password -database, then this can be used, but the effect is a bit odd. To pass -the "Require group" test, there must (1) exist a unix account with the same -name as the account the user authenticated in, and (2) that unix account must -be in one of the unix groups listed on the Require line. - -It is also possible to list groups by gid number instead of name, like - - Require unix-group 10 - -would be equivalent to "Require group admin" if the gid listed for the group -admin in /etc/group is 10. - -If mod_authz_owner is enabled in your httpd, then that will work with -mod_authz_unixgroup to check access based on file groups. For example if -we do: - - Require unix-file-group - -Then a user will be able to access a file if and only if that file is owned -by a group of which the user is a member. - -Changes from Previous Versions: -------------------------------- - -Previous versions of mod_authz_unixgroup needed a 'AuthzUnixgroup on' to -tell Apache that the "Require file-group" directive was supposed to be -handled by mod_authz_unixgroup. Now we have a distinct directive, -"Require unix-file-group" instead, so the 'AuthzUnixgroup' is no longer -needed and no longer exists. - -Normally, when an access check fails, mod_authz_unixgroup will return a -HTTP 401 error. This will typically cause the browser to pop up a message -saying "Authentication Failed" and then the browser will ask for a new login -name. In some cases this is not the desired behavior. If you are using the -"Require file-group" directive, you may not want to log the user off every time -he hits a file he doesn't have access to. Maybe you'd rather just show a -"Permission denied message" and not log him off. You could do that by -returning 403 error instead of a 401 error. Older versions of -mod_authz_unixgroup had a directive called 'AuthnzUnixgroupError' that did -this, but in Apache 2.4 that is replaced with a new standard Apache directive: - - AuthzUnixgroupAuthoritative off - -There also used to be an 'AuthzUnixgroupAuthoritative' directive which is -also gone, since the whole concept of authoritativeness no longer applies -to access control providers in Apache 2.4. diff --git a/mod_authz_unixgroup/LICENSE b/mod_authz_unixgroup/LICENSE deleted file mode 100644 index d645695..0000000 --- a/mod_authz_unixgroup/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/mod_authz_unixgroup/NOTICE b/mod_authz_unixgroup/NOTICE deleted file mode 100644 index 08d0aa8..0000000 --- a/mod_authz_unixgroup/NOTICE +++ /dev/null @@ -1,8 +0,0 @@ -Mod_authz_unixgroup - - Copyright 2008 Jan Wolter - - This product includes software developed by Jan Wolter. - - This product includes software developed at - The Apache Software Foundation (http://www.apache.org/). diff --git a/mod_authz_unixgroup/README b/mod_authz_unixgroup/README deleted file mode 100644 index 215f99b..0000000 --- a/mod_authz_unixgroup/README +++ /dev/null @@ -1,61 +0,0 @@ - Mod_Authz_Unixgroup version 1.1.0 - - Author: Jan Wolter - Website: http://www.unixpapa.com/mod_authz_unixgroup/ - Requires: Apache 2.3 or later on a Unix server - (for Apache 2.2 use mod_authz_unixgroup 1.0.x) - -Mod_Authz_Unixgroup is a unix group access control modules for Apache. If -you are having users authenticate with real Unix login ID over the net, using -something like my mod_authnz_external/pwauth combination, and you want to do -access control based on unix group membership, then mod_authz_unixgroup is -exactly what you need. - -Let's say that you were using this with mod_authnz_external and pwauth. Your -.htaccess file for a protected directory would probably start with the -following directives: - - AuthType Basic - AuthName mysite - AuthBasicProvider external - AuthExternal pwauth - -That would cause mod_auth_basic and mod_authnz_external to do authentication -based on the Unix passwd database. Mod_Authz_Unixgroup would come into play -if you wanted to further restrict access to specific Unix groups. You might -append the following directive: - - Require unix-group staff admin - -This would allow only access to accounts in the 'staff' or 'admin' unix groups. -You can alternately specify groups by their gid numbers instead of their names. - -Or you could use mod_authz_unixgroup together with the standard apache module -mod_authz_owner to do something like: - - Require unix-file-group - -This would allow access to the page, only the user was a member of the unix -group that owns the file. - -Though it makes the most sense to use this with unix passwd authentication, -it can be used with other databases. In that case it would grant access if, -(1) the name the user authenticated with exactly matched the name of a real -unix account on the server, and (2) that real unix account was in one of the -required groups. However, I think this would be a pretty senseless way to -use this module. I expect that it will really only be used by user of -mod_authnz_external/pwauth. - -Some authentication modules, like mod_auth_kerb, use usernames that have -domains appended to them, like "whomever@krb.ncsu.edu". In such cases, -mod_authz_unixgroup will take the part before the @-sign as the username -and ignore the rest. - -Mod_authnz_external is available from: - http://code.google.com/p/mod-auth-external/ - -Pwauth is available from: - http://code.google.com/p/pwauth/ - -It might also be possible to use this with mod_auth_shadow, expecially if a -authn/authz version of that is ever released. diff --git a/mod_authz_unixgroup/mod_authz_unixgroup.c b/mod_authz_unixgroup/mod_authz_unixgroup.c deleted file mode 100644 index 43c9a0c..0000000 --- a/mod_authz_unixgroup/mod_authz_unixgroup.c +++ /dev/null @@ -1,196 +0,0 @@ -/* Copyright 2008 Jan Wolter - See LICENSE and NOTICE */ - -#include "apr_lib.h" - -#include "ap_config.h" -#include "ap_provider.h" -#include "mod_auth.h" - -#define APR_WANT_STRFUNC -#include "apr_want.h" -#include "apr_strings.h" - -#include "httpd.h" -#include "http_config.h" -#include "http_core.h" -#include "http_log.h" -#include "http_protocol.h" -#include "http_request.h" /* for ap_hook_(check_user_id | auth_checker)*/ -#if HAVE_PWD_H -#include -#endif -#if HAVE_GRP_H -#include -#endif -#if APR_HAVE_UNISTD_H -#include -#endif - -/* - * Structure for the module itself. The actual definition of this structure - * is at the end of the file. - */ -module AP_MODULE_DECLARE_DATA authz_unixgroup_module; - -/* A handle for retrieving the requested file's group from mod_authnz_owner */ -APR_DECLARE_OPTIONAL_FN(char*, authz_owner_get_file_group, (request_rec *r)); - - -/* Check if the named user is in the given list of groups. The list of - * groups is a string with groups separated by white space. Group ids - * can either be unix group names or numeric group id numbers. There must - * be a unix login corresponding to the named user. - */ - -static int check_unix_group(request_rec *r, const char *grouplist) -{ - char **p; - struct group *grp; - char *user= r->user; - char *w, *at; - - /* Strip @ sign and anything following it from the username. Some - * authentication modules, like mod_auth_kerb like appending such - * stuff to user names, but an @ sign is never legal in a unix login - * name, so it should be safe to always discard such stuff. - */ - if ((at= strchr(user, '@')) != NULL) *at= '\0'; - - /* Get info about login */ - struct passwd *pwd= getpwnam(user); - if (pwd == NULL) - { - /* No such user - forget it */ - if (at != NULL) *at= '@'; - return 0; - } - - /* Loop through list of groups passed in */ - while (*grouplist != '\0') - { - w= ap_getword_conf(r->pool, &grouplist); - if (apr_isdigit(w[0])) - { - /* Numeric group id */ - int gid= atoi(w); - - /* Check if it matches the user's primary group */ - if (gid == pwd->pw_gid) - { - if (at != NULL) *at= '@'; - return 1; - } - - /* Get list of group members for numeric group id */ - grp= getgrgid(gid); - } - else - { - /* Get gid and list of group members for group name */ - grp= getgrnam(w); - /* Check if gid of this group matches user's primary gid */ - if (grp != NULL && grp->gr_gid == pwd->pw_gid) - { - if (at != NULL) *at= '@'; - return 1; - } - } - - /* Walk through list of members, seeing if any match user login */ - if (grp != NULL) - for (p= grp->gr_mem; *p != NULL; p++) - { - if (!strcmp(user, *p)) - { - if (at != NULL) *at= '@'; - return 1; - } - } - } - - /* Didn't find any matches, flunk him */ - if (at != NULL) *at= '@'; - return 0; -} - -static authz_status unixgroup_check_authorization(request_rec *r, - const char *require_args, const void *parsed_require_args) -{ - /* If no authenticated user, pass */ - if ( !r->user ) return AUTHZ_DENIED_NO_USER; - - if (check_unix_group(r,require_args)) - return AUTHZ_GRANTED; - - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, - "Authorization of user %s to access %s failed. " - "User not in Required unix groups (%s).", - r->user, r->uri, require_args); - - return AUTHZ_DENIED; -} - -APR_OPTIONAL_FN_TYPE(authz_owner_get_file_group) *authz_owner_get_file_group; - -static authz_status unixfilegroup_check_authorization(request_rec *r, - const char *require_args, const void *parsed_require_args) -{ - const char *filegroup= NULL; - - /* If no authenticated user, pass */ - if ( !r->user ) return AUTHZ_DENIED_NO_USER; - - /* Get group name for requested file from mod_authz_owner */ - filegroup= authz_owner_get_file_group(r); - - if (!filegroup) - /* No errog log entry, because mod_authz_owner already made one */ - return AUTHZ_DENIED; - - if (check_unix_group(r,filegroup)) - return AUTHZ_GRANTED; - - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, - "Authorization of user %s to access %s failed. " - "User not in Required unix file group (%s).", - r->user, r->uri, filegroup); - - return AUTHZ_DENIED; -} - -static const authz_provider authz_unixgroup_provider = -{ - &unixgroup_check_authorization, - NULL, -}; - -static const authz_provider authz_unixfilegroup_provider = -{ - &unixfilegroup_check_authorization, - NULL, -}; - -static void authz_unixgroup_register_hooks(apr_pool_t *p) -{ - /* Get a handle on mod_authz_owner */ - authz_owner_get_file_group = APR_RETRIEVE_OPTIONAL_FN(authz_owner_get_file_group); - - /* Register authz providers */ - ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "unix-group", - AUTHZ_PROVIDER_VERSION, - &authz_unixgroup_provider, AP_AUTH_INTERNAL_PER_CONF); - - ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "unix-file-group", - AUTHZ_PROVIDER_VERSION, - &authz_unixfilegroup_provider, AP_AUTH_INTERNAL_PER_CONF); -} - -module AP_MODULE_DECLARE_DATA authz_unixgroup_module = { - STANDARD20_MODULE_STUFF, - NULL, /* create per-dir config */ - NULL, /* merge per-dir config */ - NULL, /* create per-server config */ - NULL, /* merge per-server config */ - NULL, /* command apr_table_t */ - authz_unixgroup_register_hooks /* register hooks */ -}; diff --git a/mod_authnz_external/test/README b/test/README similarity index 100% rename from mod_authnz_external/test/README rename to test/README diff --git a/mod_authnz_external/test/test.env b/test/test.env similarity index 100% rename from mod_authnz_external/test/test.env rename to test/test.env diff --git a/mod_authnz_external/test/test.pipe b/test/test.pipe similarity index 100% rename from mod_authnz_external/test/test.pipe rename to test/test.pipe diff --git a/mod_authnz_external/test/testgroup.env b/test/testgroup.env similarity index 100% rename from mod_authnz_external/test/testgroup.env rename to test/testgroup.env diff --git a/mod_authnz_external/test/testgroup.pipe b/test/testgroup.pipe similarity index 100% rename from mod_authnz_external/test/testgroup.pipe rename to test/testgroup.pipe