From: jan@unixpapa.com Date: Thu, 21 May 2009 02:35:28 +0000 (+0000) Subject: Tagging 3.2.4 release of mod_authnz_external X-Git-Tag: mod_authnz_external-3.2.4 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=80de3fc2916fe944d7c13a23a3cf8a07f78b549b;p=apache-authnz-external Tagging 3.2.4 release of mod_authnz_external --- diff --git a/mod_authnz_external/AUTHENTICATORS b/AUTHENTICATORS similarity index 100% rename from mod_authnz_external/AUTHENTICATORS rename to AUTHENTICATORS diff --git a/mod_authnz_external/CHANGES b/CHANGES similarity index 100% rename from mod_authnz_external/CHANGES rename to CHANGES diff --git a/mod_authnz_external/INSTALL b/INSTALL similarity index 100% rename from mod_authnz_external/INSTALL rename to INSTALL diff --git a/mod_authnz_external/INSTALL.HARDCODE b/INSTALL.HARDCODE similarity index 100% rename from mod_authnz_external/INSTALL.HARDCODE rename to INSTALL.HARDCODE diff --git a/mod_authnz_external/Makefile b/Makefile similarity index 100% rename from mod_authnz_external/Makefile rename to Makefile diff --git a/mod_authnz_external/README b/README similarity index 100% rename from mod_authnz_external/README rename to README diff --git a/mod_authnz_external/TODO b/TODO similarity index 100% rename from mod_authnz_external/TODO rename to TODO diff --git a/mod_authnz_external/UPGRADE b/UPGRADE similarity index 100% rename from mod_authnz_external/UPGRADE rename to UPGRADE diff --git a/mod_authnz_external/mod_authnz_external.c b/mod_authnz_external.c similarity index 100% rename from mod_authnz_external/mod_authnz_external.c rename to mod_authnz_external.c diff --git a/mod_authz_unixgroup/CHANGES b/mod_authz_unixgroup/CHANGES deleted file mode 100644 index 7bff981..0000000 --- a/mod_authz_unixgroup/CHANGES +++ /dev/null @@ -1,23 +0,0 @@ -v1.0.2 (Jan Wolter - not yet released) ------------------------------------- - * Adding copyright and Apache Version 2.0 license - -v1.0.1 (Jan Wolter - Aug 6, 2008) ------------------------------------- - * Delete various logging statements that were really just there for - debugging and should have been removed sooner. - - * If there is an '@' in the user's login name, strip off that and anything - after it. An '@' sign is never legal in an unix login name, and some - authentication modules, like mod_auth_kerb, append an "@domain" to the - user's login name. - - Both of the above modifications are inspired by patches made by Ken Lalonde - . - - * Included "http_request.h" header file to surpress a harmless compile-time - warning. - -v1.0.0 (Jan Wolter - Feb 19, 2006) ------------------------------------- - * Original release diff --git a/mod_authz_unixgroup/INSTALL b/mod_authz_unixgroup/INSTALL deleted file mode 100644 index 97fbd09..0000000 --- a/mod_authz_unixgroup/INSTALL +++ /dev/null @@ -1,145 +0,0 @@ -How to install mod_authz_unixgroup.c into Apache: - -NOTES: - - * There are two ways of installing mod_authz_unixgroup. - - (1) You can statically link it with Apache. This requires rebuilding - Apache in such a way that mod_authz_unixgroup will be compiled in. - - (2) You can make mod_authz_unixgroup a dynamically loaded module. If - your Apache has been built to support dynamically loaded modules - you can do this without rebuilding Apache, so it is pretty easy. - Performance may be slightly worse with this option. For information - on dynamically loaded modules see http://www.apache.org/docs/dso.html - - Instructions for both options are given here. - - * There is also documentation in the README file. If you find this document - unclear, reading that may help. - - -INSTALL METHOD A: Dynamically Linking Mod_authz_unixgroup using apxs: ---------------------------------------------------------------------- - -Step 1: - Ensure that your Apache server is configured to handle dynamically - loaded modules. To check this, run Apache server with the -l command - flag, like - - httpd -l - - If mod_so.c is one of the compiled-in modules, then you are ready - to go. - -Step 2: - Compile the module using the following command in the - mod_authz_unixgroup distribution directory: - - apxs -c mod_authz_unixgroup.c - - 'Apxs' is the Apache extension tool. It is part of the standard - Apache installation. If you don't have it, then your Apache server - is probably not set up for handling dynamically loaded modules. - This should create a file named 'mod_authz_unixgroup.so'. - -Step 3: - Install the module. Apxs can do this for you too. Do the following - command (as root so you can write to Apache's directories and config - files): - - apxs -i -a mod_authz_unixgroup.la - - This will create mod_authz_unixgroup.so and copy it into the proper - place, and add appropriate AddModule and LoadModule commands to the - configuration files. (Actually, it may get the LoadModule command - wrong. See below.) - -Step 4: - Go to the CONFIGURATION instructions below. - - -INSTALL METHOD B: Statically Linking ------------------------------------- - -Step 1: - Read the instructions on how to configure the Apache server in the - INSTALL file provided with the Apache source. - -Step 2: - When you run the ./configure script, include an --with-module flag, - giving the full pathname to the mod_authz_unixgroup.c file in this - distribution. For example, if you have unpacked this distribution - in /usr/local/src/mod_authz_unixgroup and are building Apache for - installation in /usr/local/apache, you might do: - - ./configure --prefix=/usr/local/apache \ - --with-module=aaa:/usr/local/src/mod_authz_unixgroup/mod_authz_unixgroup.c - - This will copy the mod_authz_unixgroup.c file into the correct place in - the Apache source tree and set things up to link it in. - -Step 3: - Type "make" to compile Apache and "make install" to install it. - -Step 4: - Go to the CONFIGURATION instructions below. - - -CONFIGURATION: --------------- - -Mod_authz_unixgroup is pretty simple to use. First, you need to enable it -for whatever directory you want to use it in, by inserting the following -directive either in a .htaccess file in the directory or a block -in the httpd.conf file: - - AuthzUnixgroup on - -Second, you will need a require directive like - - Require group admin -or - Require group students teachers staff - -Obviously this only makes sense in a directory where you are doing -authentication. This could be any kind of authentication, but it makes -most sense if you are using it in combination with authentication out of -the unix password file, perhaps using mod_auth_external together with -pwauth, or mod_auth_shadow. The "Require group" directive will then -cause mod_authz_unixgroup to check if the user is in one of the groups -listed, and reject the authentication if they are not. A user is considered -to be in a group if either (1) the group is the user's primary group -identified by it's gid number in /etc/passwd, or (2) the group is listed -in /etc/group and the user id is listed as a member of that group. - -If you are authenticating out of something other than the unix password -database, then this can be used, but the effect is a bit odd. To pass -the "Require group" test, there must (1) exist a unix account with the same -name as the account the user authenticated in, and (2) that unix account must -be in one of the unix groups listed on the Require line. - -It is also possible to list groups by gid number instead of name, like - - Require group 10 - -would be equivalent to "Require group admin" if the gid listed for the group -admin in /etc/group is 10. - -If mod_authz_owner is enabled in your httpd, then that will work with -mod_authz_unixgroup to check access based on file groups. For example if -we do: - - AuthzUnixgroup on - Require file-group - -Then a user will be able to access a file if and only if that file is owned -by a group of which the user is a member. - -By default, mod_authz_unixgroup is authoritative. If you want to use more -than one group checker, like mod_authz_unixgroup together with -mod_authz_groupfile or mod_authz_dbm, then you'll want to make them non- -authoritative, so that if one fails, the other will be tried. You can -make mod_authz_unixgroup non-authoritative by saying: - - AuthzUnixgroupAuthoritative off diff --git a/mod_authz_unixgroup/LICENSE b/mod_authz_unixgroup/LICENSE deleted file mode 100644 index d645695..0000000 --- a/mod_authz_unixgroup/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/mod_authz_unixgroup/NOTICE b/mod_authz_unixgroup/NOTICE deleted file mode 100644 index 08d0aa8..0000000 --- a/mod_authz_unixgroup/NOTICE +++ /dev/null @@ -1,8 +0,0 @@ -Mod_authz_unixgroup - - Copyright 2008 Jan Wolter - - This product includes software developed by Jan Wolter. - - This product includes software developed at - The Apache Software Foundation (http://www.apache.org/). diff --git a/mod_authz_unixgroup/README b/mod_authz_unixgroup/README deleted file mode 100644 index 5666e12..0000000 --- a/mod_authz_unixgroup/README +++ /dev/null @@ -1,61 +0,0 @@ - Mod_Authz_Unixgroup version 1.0.1 - - Author: Jan Wolter - Website: http://www.unixpapa.com/mod_authz_unixgroup/ - Requires: Apache 2.1 or later on a Unix server - -Mod_Authz_Unixgroup is a unix group access control modules for Apache 2.1 and -later. If you are having users authenticate with real Unix login ID over the -net, using something like my mod_authnz_external/pwauth combination, and you -want to do access control based on unix group membership, then -mod_authz_unixgroup is exactly what you need. - -Let's say that you were using this with mod_authnz_external and pwauth. Your -.htaccess file for a protected directory would probably start with the -following directives: - - AuthType Basic - AuthName mysite - AuthBasicProvider external - AuthExternal pwauth - -That would cause mod_auth_basic and mod_authnz_external to do authentication -based on the Unix passwd database. Mod_Authz_Unixgroup would come into play -if you wanted to further restrict access to specific Unix groups. You might -append the following directives: - - AuthzUnixgroup on - Require group staff admin - -This would allow only access to accounts in the 'staff' or 'admin' unix groups. -You can alternately specify groups by their gid numbers instead of their names. - -Or you could use mod_authz_unixgroup together with the standard apache module -mod_authz_owner to do something like: - - Require file-group - -This would allow access to the page, only the user was a member of the unix -group that owns the file. - -Though it makes the most sense to use this with unix passwd authentication, -it can be used with other databases. In that case it would grant access if, -(1) the name the user authenticated with exactly matched the name of a real -unix account on the server, and (2) that real unix account was in one of the -required groups. However, I think this would be a pretty senseless way to -use this module. I expect that it will really only be used by user of -mod_authnz_external/pwauth. - -Some authentication modules, like mod_auth_kerb, use usernames that have -domains appended to them, like "whomever@krb.ncsu.edu". In such cases, -mod_authz_unixgroup will take the part before the @-sign as the username -and ignore the rest. - -Mod_authnz_external is available from: - http://www.unixpapa.com/mod_auth_external/ - -Pwauth is available from: - http://www.unixpapa.com/pwauth/ - -It might also be possible to use this with mod_auth_shadow, expecially if a -authn/authz version of that is ever released. diff --git a/mod_authz_unixgroup/mod_authz_unixgroup.c b/mod_authz_unixgroup/mod_authz_unixgroup.c deleted file mode 100644 index 452d2d7..0000000 --- a/mod_authz_unixgroup/mod_authz_unixgroup.c +++ /dev/null @@ -1,253 +0,0 @@ -/* Copyright 2008 Jan Wolter - See LICENSE and NOTICE */ - -#include "apr_lib.h" - -#include "ap_config.h" -#include "ap_provider.h" -#include "mod_auth.h" - -#define APR_WANT_STRFUNC -#include "apr_want.h" -#include "apr_strings.h" - -#include "httpd.h" -#include "http_config.h" -#include "http_core.h" -#include "http_log.h" -#include "http_protocol.h" -#include "http_request.h" /* for ap_hook_(check_user_id | auth_checker)*/ -#if HAVE_PWD_H -#include -#endif -#if HAVE_GRP_H -#include -#endif -#if APR_HAVE_UNISTD_H -#include -#endif - -/* - * Structure for the module itself. The actual definition of this structure - * is at the end of the file. - */ -module AP_MODULE_DECLARE_DATA authz_unixgroup_module; - -/* - * Data type for per-directory configuration - */ - -typedef struct -{ - int enabled; - int authoritative; - -} authz_unixgroup_dir_config_rec; - - -/* - * Creator for per-dir configurations. This is called via the hook in the - * module declaration to allocate and initialize the per-directory - * configuration data structures declared above. - */ - -static void *create_authz_unixgroup_dir_config(apr_pool_t *p, char *d) -{ - authz_unixgroup_dir_config_rec *dir= (authz_unixgroup_dir_config_rec *) - apr_palloc(p, sizeof(authz_unixgroup_dir_config_rec)); - - dir->enabled= 0; - dir->authoritative= 1; /* strong by default */ - - return dir; -} - - -/* - * Config file commands that this module can handle - */ - -static const command_rec authz_unixgroup_cmds[] = -{ - AP_INIT_FLAG("AuthzUnixgroup", - ap_set_flag_slot, - (void *)APR_OFFSETOF(authz_unixgroup_dir_config_rec, enabled), - OR_AUTHCFG, - "Set to 'on' to enable unix group checking"), - - AP_INIT_FLAG("AuthzUnixgroupAuthoritative", - ap_set_flag_slot, - (void *)APR_OFFSETOF(authz_unixgroup_dir_config_rec, authoritative), - OR_AUTHCFG, - "Set to 'off' to allow access control to be passed along to lower " - "modules if this module can't confirm access rights" ), - - { NULL } -}; - - -/* Check if the named user is in the given list of groups. The list of - * groups is a string with groups separated by white space. Group ids - * can either be unix group names or numeric group id numbers. There must - * be a unix login corresponding to the named user. - */ - -static int check_unix_group(request_rec *r, const char *grouplist) -{ - char **p; - struct group *grp; - char *user= r->user; - char *w, *at; - - /* Strip @ sign and anything following it from the username. Some - * authentication modules, like mod_auth_kerb like appending such - * stuff to user names, but an @ sign is never legal in a unix login - * name, so it should be safe to always discard such stuff. - */ - if ((at= strchr(user, '@')) != NULL) *at= '\0'; - - /* Get info about login */ - struct passwd *pwd= getpwnam(user); - if (pwd == NULL) - { - /* No such user - forget it */ - if (at != NULL) *at= '@'; - return 0; - } - - /* Loop through list of groups passed in */ - while (*grouplist != '\0') - { - w= ap_getword_white(r->pool, &grouplist); - if (apr_isdigit(w[0])) - { - /* Numeric group id */ - int gid= atoi(w); - - /* Check if it matches the user's primary group */ - if (gid == pwd->pw_gid) - { - if (at != NULL) *at= '@'; - return 1; - } - - /* Get list of group members for numeric group id */ - grp= getgrgid(gid); - } - else - { - /* Get gid and list of group members for group name */ - grp= getgrnam(w); - /* Check if gid of this group matches user's primary gid */ - if (grp != NULL && grp->gr_gid == pwd->pw_gid) - { - if (at != NULL) *at= '@'; - return 1; - } - } - - /* Walk through list of members, seeing if any match user login */ - if (grp != NULL) - for (p= grp->gr_mem; *p != NULL; p++) - { - if (!strcmp(user, *p)) - { - if (at != NULL) *at= '@'; - return 1; - } - } - } - - /* Didn't find any matches, flunk him */ - if (at != NULL) *at= '@'; - return 0; -} - - -static int authz_unixgroup_check_user_access(request_rec *r) -{ - authz_unixgroup_dir_config_rec *dir= (authz_unixgroup_dir_config_rec *) - ap_get_module_config(r->per_dir_config, &authz_unixgroup_module); - - int m= r->method_number; - int required_group= 0; - register int x; - const char *t, *w; - const apr_array_header_t *reqs_arr= ap_requires(r); - const char *filegroup= NULL; - require_line *reqs; - - /* If not enabled, pass */ - if ( !dir->enabled ) return DECLINED; - - /* If there are no Require arguments, pass */ - if (!reqs_arr) return DECLINED; - reqs= (require_line *)reqs_arr->elts; - - /* Loop through the "Require" argument list */ - for(x= 0; x < reqs_arr->nelts; x++) - { - if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) continue; - - t= reqs[x].requirement; - w= ap_getword_white(r->pool, &t); - - /* The 'file-group' directive causes mod_authz_owner to store the - * group name of the file we are trying to access in a note attached - * to the request. It's our job to decide if the user actually is - * in that group. If the note is missing, we just ignore it. - * Probably mod_authz_owner is not installed. - */ - if ( !strcasecmp(w, "file-group")) - { - filegroup= apr_table_get(r->notes, AUTHZ_GROUP_NOTE); - if (filegroup == NULL) continue; - } - - if ( !strcmp(w,"group") || filegroup != NULL) - { - required_group= 1; - - if (filegroup) - { - /* Check if user is in the group that owns the file */ - if (check_unix_group(r,filegroup)) - return OK; - } - else if (t[0]) - { - /* Pass rest of require line to authenticator */ - if (check_unix_group(r,t)) - return OK; - } - } - } - - /* If we didn't see a 'require group' or aren't authoritive, decline */ - if (!required_group || !dir->authoritative) - return DECLINED; - - /* Authentication failed and we are authoritive, declare unauthorized */ - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, - "access to %s failed, reason: user %s not allowed access", - r->uri, r->user); - - ap_note_basic_auth_failure(r); - return HTTP_UNAUTHORIZED; -} - -static void authz_unixgroup_register_hooks(apr_pool_t *p) -{ - ap_hook_auth_checker(authz_unixgroup_check_user_access, NULL, NULL, - APR_HOOK_MIDDLE); -} - - -module AP_MODULE_DECLARE_DATA authz_unixgroup_module = { - STANDARD20_MODULE_STUFF, - create_authz_unixgroup_dir_config, /* create per-dir config */ - NULL, /* merge per-dir config */ - NULL, /* create per-server config */ - NULL, /* merge per-server config */ - authz_unixgroup_cmds, /* command apr_table_t */ - authz_unixgroup_register_hooks /* register hooks */ -}; diff --git a/mod_authnz_external/mysql/README b/mysql/README similarity index 100% rename from mod_authnz_external/mysql/README rename to mysql/README diff --git a/mod_authnz_external/mysql/mysql-auth.pl b/mysql/mysql-auth.pl similarity index 100% rename from mod_authnz_external/mysql/mysql-auth.pl rename to mysql/mysql-auth.pl diff --git a/mod_authnz_external/pwauth/README b/pwauth/README similarity index 100% rename from mod_authnz_external/pwauth/README rename to pwauth/README diff --git a/mod_authnz_external/radius/README b/radius/README similarity index 100% rename from mod_authnz_external/radius/README rename to radius/README diff --git a/mod_authnz_external/sybase/README b/sybase/README similarity index 100% rename from mod_authnz_external/sybase/README rename to sybase/README diff --git a/mod_authnz_external/sybase/mod_auth_external_sybase.c b/sybase/mod_auth_external_sybase.c similarity index 100% rename from mod_authnz_external/sybase/mod_auth_external_sybase.c rename to sybase/mod_auth_external_sybase.c diff --git a/mod_authnz_external/test/README b/test/README similarity index 100% rename from mod_authnz_external/test/README rename to test/README diff --git a/mod_authnz_external/test/test.env b/test/test.env similarity index 100% rename from mod_authnz_external/test/test.env rename to test/test.env diff --git a/mod_authnz_external/test/test.pipe b/test/test.pipe similarity index 100% rename from mod_authnz_external/test/test.pipe rename to test/test.pipe diff --git a/mod_authnz_external/test/testgroup.env b/test/testgroup.env similarity index 100% rename from mod_authnz_external/test/testgroup.env rename to test/testgroup.env diff --git a/mod_authnz_external/test/testgroup.pipe b/test/testgroup.pipe similarity index 100% rename from mod_authnz_external/test/testgroup.pipe rename to test/testgroup.pipe