Attachment #148301 for bug #193536





PORTNAME=	mod_authnz_crowd
PORTVERSION=	2.2.2
PORTREVISION=	4
CATEGORIES=	www
MASTER_SITES=	http://downloads.atlassian.com/software/crowd/downloads/cwdapache/
DIST_SUBDIR=	apache2

MAINTAINER=	vivek@khera.org
COMMENT=	Apache 2.2+ module to use Atlassian Crowd for authentication

LICENSE=	APACHE20


USES=		autoreconf libtool
USE_GNOME=	libxml2
USE_GCC=	any
USE_APACHE=	22+

SUB_FILES=	pkg-message zzz_authnz_crowd.conf
SUB_LIST+=	APACHEETCDIR=${APACHEETCDIR} \
		APACHEMODDIR=${APACHEMODDIR} \
		AP_MODULE=mod_authnz_crowd

PLIST_FILES=	${APACHEMODDIR}/mod_authnz_crowd.so \
		${APACHEMODDIR}/mod_authnz_crowd.so.0.0.0 \
		${APACHEMODDIR}/mod_authz_svn_crowd.so \
		${APACHEMODDIR}/mod_authz_svn_crowd.so.0.0.0 \
		${APACHEETCDIR}/Includes/zzz_authnz_crowd.conf

post-patch:




--- configure.ac.orig	2013-07-26 01:20:50.000000000 -0400
+++ configure.ac	2014-10-14 10:48:21.000000000 -0400
@@ -1,5 +1,6 @@
 AC_INIT([mod_authnz_crowd], m4_esyscmd([./version-gen]), [support@atlassian.com])
-AM_INIT_AUTOMAKE([-Wall -Werror foreign])
+AM_INIT_AUTOMAKE([-Wall foreign])
+AM_PROG_AR
 AC_PROG_CC
 AC_PROG_LIBTOOL
 AC_CONFIG_HEADERS([config.h])
@@ -16,7 +17,7 @@
 
 AC_CHECK_LIB([xml2], [xmlFree], [CFLAGS+=" `xml2-config --cflags`" LIBS+=" `xml2-config --libs`"], [AC_MSG_ERROR([libxml2 was not found])])
 
-AC_CHECK_FILE([/usr/local/apache2/include/httpd.h], [APACHE_INCLUDE_DIR="/usr/local/apache2/include"], [
+AC_CHECK_FILE([/usr/local/include/apache22/httpd.h], [APACHE_INCLUDE_DIR="/usr/local/include/apache22"], [
     AC_CHECK_FILE([/usr/include/httpd/httpd.h], [APACHE_INCLUDE_DIR="/usr/include/httpd"], [
         AC_CHECK_FILE([/usr/include/apache2/httpd.h], [APACHE_INCLUDE_DIR="/usr/include/apache2"], [
             AC_MSG_ERROR([Could not locate Apache include directory])
@@ -25,7 +26,7 @@
 ])
 AC_SUBST([APACHE_INCLUDE_DIR])
 

 APACHE_BIN_DIR=`AS_DIRNAME($HTTPD)`
 AC_SUBST([APACHE_BIN_DIR])
 
@@ -36,7 +37,7 @@
 ])
 AC_SUBST([SVN_DIR])
 

     AC_CHECK_FILE([/usr/lib64/httpd/modules/mod_dav.so], [APACHE_MODULES_DIR="/usr/lib64/httpd/modules"], [
         AC_CHECK_FILE([/usr/lib/httpd/modules/mod_dav.so], [APACHE_MODULES_DIR="/usr/lib/httpd/modules"], [
             AC_CHECK_FILE([/usr/lib/apache2/modules/mod_dav.so], [APACHE_MODULES_DIR="/usr/lib/apache2/modules"], [
@@ -47,7 +48,7 @@
 ])
 AC_SUBST([APACHE_MODULES_DIR])
 

+AC_CHECK_FILE([/usr/local/etc/apache22/httpd.conf], [HTTPD_CONF="/usr/local/etc/apache22/httpd.conf"], [
     AC_CHECK_FILE([/etc/httpd/conf/httpd.conf], [HTTPD_CONF="/etc/httpd/conf/httpd.conf"], [
         AC_CHECK_FILE([/etc/apache2/httpd.conf], [HTTPD_CONF="/etc/apache2/httpd.conf"], [
             AC_CHECK_FILE([/etc/apache2/apache2.conf], [HTTPD_CONF="/etc/apache2/apache2.conf"], [
@@ -58,7 +59,7 @@
 ])
 AC_SUBST([HTTPD_CONF])
 

     AC_CHECK_FILE([/usr/sbin/apxs], [APXS="/usr/sbin/apxs"], [
         AC_CHECK_FILE([/usr/bin/apxs2], [APXS="/usr/bin/apxs2"], [
             AC_MSG_ERROR([Could not locate Apache apxs binary])
@@ -67,7 +68,7 @@
 ])
 AC_SUBST([APXS])
 




diff --git a/src/crowd_client.c b/src/crowd_client.c
index c190d0b..9a42acf 100644
--- a/src/crowd_client.c
+++ src/crowd_client.c
@@ -631,9 +631,15 @@ static char *make_app_cache_key(const request_rec *r, const crowd_config *config
 }
 
 static char *make_session_cache_key(const char *token, const char *forwarded_for, const request_rec *r, const crowd_config *config) {
+#if AP_MODULE_MAGIC_AT_LEAST(20080403,1)
+    return log_ralloc(r, apr_psprintf(r->pool, "%s\037%s\037%s\037%s\037%s", token,
+        forwarded_for == NULL ? "" : forwarded_for, r->connection->client_ip, config->crowd_app_name,
+        config->crowd_url));
+#else
     return log_ralloc(r, apr_psprintf(r->pool, "%s\037%s\037%s\037%s\037%s", token,
         forwarded_for == NULL ? "" : forwarded_for, r->connection->remote_ip, config->crowd_app_name,
         config->crowd_url));
+#endif
 }
 
 /*==========================
@@ -764,9 +770,15 @@ static bool handle_crowd_create_session_session_element(write_data_t *write_data
 }
 
 static const char *get_validation_factors(const request_rec *r, const char *forwarded_for) {
+#if AP_MODULE_MAGIC_AT_LEAST(20080403,1)
+    const char *payload_beginning = log_ralloc(r, apr_pstrcat(r->pool,
+        "<validation-factors><validation-factor><name>remote_address</name><value>", r->connection->client_ip,
+        "</value></validation-factor>", NULL));
+#else
     const char *payload_beginning = log_ralloc(r, apr_pstrcat(r->pool,
         "<validation-factors><validation-factor><name>remote_address</name><value>", r->connection->remote_ip,
         "</value></validation-factor>", NULL));
+#endif
     if (payload_beginning == NULL) {
         return NULL;
     }
@@ -863,7 +875,7 @@ static const char *make_validate_session_url(const request_rec *r, const crowd_c
 
     char *url = log_ralloc(r, apr_pstrcat(r->pool, urlWithoutToken, escapedToken, NULL));
 
-    curl_free(escapedToken);
+    curl_free((void *)escapedToken);
 
     return url;
 }
diff --git a/src/mod_authnz_crowd.c b/src/mod_authnz_crowd.c
index 44232a2..e9f849b 100644
--- a/src/mod_authnz_crowd.c
+++ src/mod_authnz_crowd.c
@@ -520,7 +520,6 @@ static authn_status authn_crowd_check_password(request_rec *r, const char *user,
 static const authn_provider authn_crowd_provider =
 {
     &authn_crowd_check_password,    /* Callback for HTTP Basic authentication */
-    NULL                            /* Callback for HTTP Digest authentication */
 };
 
 static unsigned int parse_number(const char *string, const char *name, unsigned int min, unsigned int max,
@@ -611,6 +610,83 @@ apr_array_header_t *authnz_crowd_user_groups(const char *username, request_rec *
  * @param r the current request
  * @return OK, DECLINED, or HTTP_...
  */
+#if AP_MODULE_MAGIC_AT_LEAST(20080403,1)
+static authz_status auth_group_checker(request_rec *r,
+			      const char *require_line,
+			      const void *parsed_require_args) {
+    const char *t, *w;
+    ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "mod_authnz_crowd:auth_group_checker");
+
+    authnz_crowd_dir_config *config = get_config(r);
+    if (config == NULL) {
+        return AUTHZ_GENERAL_ERROR;
+    }
+    
+    if (r->user == NULL) {
+        ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, "Authorisation requested, but no user provided.");
+        return AUTHZ_DENIED_NO_USER;
+    }
+
+    apr_array_header_t *user_groups = NULL;
+
+    /* Fetch groups only if actually needed. */
+    if (user_groups == NULL) {
+      user_groups = crowd_user_groups(r->user, r, config->crowd_config);
+      if (user_groups == NULL) {
+	  return AUTHZ_GENERAL_ERROR;
+      }
+    }
+
+    /* Iterate over the groups mentioned in the requirement. */
+    t = require_line;
+    while ((w = ap_getword_conf(r->pool, &t)) && w[0]) {
+      int y;
+      for (y = 0; y < user_groups->nelts; y++) {
+	const char *user_group = APR_ARRAY_IDX(user_groups, y, const char *);
+	ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+		      "auth_group_checker: user_group=%s, required_group=%s", user_group, w);
+	if (strcasecmp(user_group, w) == 0) {
+	  ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
+			"Granted authorisation to '%s' on the basis of membership of '%s'.", r->user, user_group);
+	  return AUTHZ_GRANTED;
+	}
+      }
+
+    }
+
+
+    ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, "Denied authorisation to '%s'.", r->user);
+    return AUTHZ_DENIED;
+}
+
+static const authz_provider authz_crowd_group_provider = 
+{
+    &auth_group_checker,
+    NULL,
+};
+
+static void register_hooks(apr_pool_t *p)
+{
+    ap_hook_post_config(post_config, NULL, NULL, APR_HOOK_MIDDLE);
+    ap_hook_check_user_id(check_user_id, NULL, NULL, APR_HOOK_FIRST);
+    ap_register_auth_provider(
+        p,
+        AUTHN_PROVIDER_GROUP,
+        "crowd",
+        AUTHN_PROVIDER_VERSION,          
+        &authn_crowd_provider, AP_AUTH_INTERNAL_PER_CONF
+    );
+    
+    // Require crowd-group group1 group2 ...
+    ap_register_auth_provider(
+        p,
+        AUTHZ_PROVIDER_GROUP,
+        "crowd-group",
+        AUTHZ_PROVIDER_VERSION,
+        &authz_crowd_group_provider, AP_AUTH_INTERNAL_PER_CONF
+    );
+}
+#else
 static int auth_checker(request_rec *r) {
     ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "mod_authnz_crowd:auth_checker");
 
@@ -690,6 +766,9 @@ static void register_hooks(apr_pool_t *p)
     ap_hook_auth_checker(auth_checker, pre_auth_checker, NULL, APR_HOOK_MIDDLE);
 }
 
+#endif
+
+
 module AP_MODULE_DECLARE_DATA authnz_crowd_module =
 {
     STANDARD20_MODULE_STUFF,
diff --git a/src/svn/mod_authz_svn_crowd.c b/src/svn/mod_authz_svn_crowd.c
index 69b9aa0..3164a40 100644
--- a/src/svn/mod_authz_svn_crowd.c
+++ src/svn/mod_authz_svn_crowd.c
@@ -50,6 +50,7 @@
 
 #include <svn_pools.h>
 #include <svn_dirent_uri.h>
+#include <svn_version.h>
 
 const char *
 svn_fspath__canonicalize(const char *fspath,
@@ -73,6 +74,7 @@ typedef struct authz_svn_config_rec {
   const char *base_path;
   const char *access_file;
   const char *repo_relative_access_file;
+  const char *groups_file; // rwb
   const char *force_username_case;
 } authz_svn_config_rec;
 
@@ -105,6 +107,12 @@ struct svn_config_t
   /* Temporary value used for expanded default values in svn_config_get.
      (Using a stringbuf so that frequent resetting is efficient.) */
   svn_stringbuf_t *tmp_value;
+
+#if SVN_VER_MINOR >= 7
+  /* Specifies whether section names are populated case sensitively. */
+  svn_boolean_t section_names_case_sensitive;
+#endif
+
 };
 
 typedef struct
@@ -113,7 +121,7 @@ typedef struct
   const char *name;
 
   /* The section name, converted into a hash key. */
-  const char *hash_key;
+  // const char *hash_key;
 
   /* Table of cfg_option_t's. */
   apr_hash_t *options;

Lines 1-4 Link Here

(-)mod_authnz_crowd.new/pkg-descr (-1 / +1 lines)
1	Apache 2.2 connector for Atlassian Crowd to provide authentication and	1	Apache 2.2/2.4 connector for Atlassian Crowd to provide authentication and
2	authorization support using Basic Auth.	2	authorization support using Basic Auth.
3		3
4	WWW: https://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Apache	4	WWW: https://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Apache

Return to bug 193536

Lines 3-15 Link Here

(-)mod_authnz_crowd.new/Makefile (-4 / +7 lines)
3		3
4	PORTNAME= mod_authnz_crowd	4	PORTNAME= mod_authnz_crowd
5	PORTVERSION= 2.2.2	5	PORTVERSION= 2.2.2
6	PORTREVISION= 3	6	PORTREVISION= 4
7	CATEGORIES= www	7	CATEGORIES= www
8	MASTER_SITES= http://downloads.atlassian.com/software/crowd/downloads/cwdapache/	8	MASTER_SITES= http://downloads.atlassian.com/software/crowd/downloads/cwdapache/
9	DIST_SUBDIR= apache2	9	DIST_SUBDIR= apache2
10		10
11	MAINTAINER= vivek@khera.org	11	MAINTAINER= vivek@khera.org
12	COMMENT= Apache 2.2.x module to use Atlassian Crowd for authentication	12	COMMENT= Apache 2.2+ module to use Atlassian Crowd for authentication
13		13
14	LICENSE= APACHE20	14	LICENSE= APACHE20
15		15
Lines 22-35 Link Here
22	USES= autoreconf libtool	22	USES= autoreconf libtool
23	USE_GNOME= libxml2	23	USE_GNOME= libxml2
24	USE_GCC= any	24	USE_GCC= any
25	USE_APACHE= 22	25	USE_APACHE= 22+
26		26
27	SUB_FILES= pkg-message zzz_authnz_crowd.conf	27	SUB_FILES= pkg-message zzz_authnz_crowd.conf
28	SUB_LIST+= APACHEETCDIR=${APACHEETCDIR} \	28	SUB_LIST+= APACHEETCDIR=${APACHEETCDIR} \
29	APACHEMODDIR=${APACHEMODDIR}	29	APACHEMODDIR=${APACHEMODDIR} \
		30	AP_MODULE=mod_authnz_crowd
30		31
31	PLIST_FILES= ${APACHEMODDIR}/mod_authnz_crowd.so \	32	PLIST_FILES= ${APACHEMODDIR}/mod_authnz_crowd.so \
		33	${APACHEMODDIR}/mod_authnz_crowd.so.0.0.0 \
32	${APACHEMODDIR}/mod_authz_svn_crowd.so \	34	${APACHEMODDIR}/mod_authz_svn_crowd.so \
		35	${APACHEMODDIR}/mod_authz_svn_crowd.so.0.0.0 \
33	${APACHEETCDIR}/Includes/zzz_authnz_crowd.conf	36	${APACHEETCDIR}/Includes/zzz_authnz_crowd.conf
34		37
35	post-patch:	38	post-patch:

Lines 1-22 Link Here

(-)mod_authnz_crowd.new/files/patch-configure.ac (-12 / +13 lines)
1	--- ./configure.ac.orig 2011-03-29 07:51:33.000000000 +0200	1	--- configure.ac.orig 2013-07-26 01:20:50.000000000 -0400
2	+++ ./configure.ac 2013-06-22 22:54:04.000000000 +0200	2	+++ configure.ac 2014-10-14 10:48:21.000000000 -0400
3	@@ -1,5 +1,6 @@	3	@@ -1,5 +1,6 @@
4	AC_INIT([mod_authnz_crowd], [2.0.2], [support@atlassian.com])	4	AC_INIT([mod_authnz_crowd], m4_esyscmd([./version-gen]), [support@atlassian.com])
5	AM_INIT_AUTOMAKE([-Wall -Werror foreign])	5	-AM_INIT_AUTOMAKE([-Wall -Werror foreign])
		6	+AM_INIT_AUTOMAKE([-Wall foreign])
6	+AM_PROG_AR	7	+AM_PROG_AR
7	AC_PROG_CC	8	AC_PROG_CC
8	AC_PROG_LIBTOOL	9	AC_PROG_LIBTOOL
9	AC_CONFIG_HEADERS([config.h])	10	AC_CONFIG_HEADERS([config.h])
10	@@ -12,7 +13,7 @@	11	@@ -16,7 +17,7 @@
11		12
12	AC_CHECK_LIB([apr-1], [apr_pool_pre_cleanup_register], [], [AC_MSG_ERROR([apr_pool_pre_cleanup_register was not found in libapr-1])])	13	AC_CHECK_LIB([xml2], [xmlFree], [CFLAGS+=" `xml2-config --cflags`" LIBS+=" `xml2-config --libs`"], [AC_MSG_ERROR([libxml2 was not found])])
13		14
14	-AC_CHECK_FILE([/usr/local/apache2/include/httpd.h], [APACHE_INCLUDE_DIR="/usr/local/apache2/include"], [	15	-AC_CHECK_FILE([/usr/local/apache2/include/httpd.h], [APACHE_INCLUDE_DIR="/usr/local/apache2/include"], [
15	+AC_CHECK_FILE([/usr/local/include/apache22/httpd.h], [APACHE_INCLUDE_DIR="/usr/local/include/apache22"], [	16	+AC_CHECK_FILE([/usr/local/include/apache22/httpd.h], [APACHE_INCLUDE_DIR="/usr/local/include/apache22"], [
16	AC_CHECK_FILE([/usr/include/httpd/httpd.h], [APACHE_INCLUDE_DIR="/usr/include/httpd"], [	17	AC_CHECK_FILE([/usr/include/httpd/httpd.h], [APACHE_INCLUDE_DIR="/usr/include/httpd"], [
17	AC_CHECK_FILE([/usr/include/apache2/httpd.h], [APACHE_INCLUDE_DIR="/usr/include/apache2"], [	18	AC_CHECK_FILE([/usr/include/apache2/httpd.h], [APACHE_INCLUDE_DIR="/usr/include/apache2"], [
18	AC_MSG_ERROR([Could not locate Apache include directory])	19	AC_MSG_ERROR([Could not locate Apache include directory])
19	@@ -21,7 +22,7 @@	20	@@ -25,7 +26,7 @@
20	])	21	])
21	AC_SUBST([APACHE_INCLUDE_DIR])	22	AC_SUBST([APACHE_INCLUDE_DIR])
22		23
Lines 25-31 Link Here
25	APACHE_BIN_DIR=`AS_DIRNAME($HTTPD)`	26	APACHE_BIN_DIR=`AS_DIRNAME($HTTPD)`
26	AC_SUBST([APACHE_BIN_DIR])	27	AC_SUBST([APACHE_BIN_DIR])
27		28
28	@@ -32,7 +33,7 @@	29	@@ -36,7 +37,7 @@
29	])	30	])
30	AC_SUBST([SVN_DIR])	31	AC_SUBST([SVN_DIR])
31		32
Lines 34-40 Link Here
34	AC_CHECK_FILE([/usr/lib64/httpd/modules/mod_dav.so], [APACHE_MODULES_DIR="/usr/lib64/httpd/modules"], [	35	AC_CHECK_FILE([/usr/lib64/httpd/modules/mod_dav.so], [APACHE_MODULES_DIR="/usr/lib64/httpd/modules"], [
35	AC_CHECK_FILE([/usr/lib/httpd/modules/mod_dav.so], [APACHE_MODULES_DIR="/usr/lib/httpd/modules"], [	36	AC_CHECK_FILE([/usr/lib/httpd/modules/mod_dav.so], [APACHE_MODULES_DIR="/usr/lib/httpd/modules"], [
36	AC_CHECK_FILE([/usr/lib/apache2/modules/mod_dav.so], [APACHE_MODULES_DIR="/usr/lib/apache2/modules"], [	37	AC_CHECK_FILE([/usr/lib/apache2/modules/mod_dav.so], [APACHE_MODULES_DIR="/usr/lib/apache2/modules"], [
37	@@ -43,7 +44,7 @@	38	@@ -47,7 +48,7 @@
38	])	39	])
39	AC_SUBST([APACHE_MODULES_DIR])	40	AC_SUBST([APACHE_MODULES_DIR])
40		41
Lines 42-49 Link Here
42	+AC_CHECK_FILE([/usr/local/etc/apache22/httpd.conf], [HTTPD_CONF="/usr/local/etc/apache22/httpd.conf"], [	43	+AC_CHECK_FILE([/usr/local/etc/apache22/httpd.conf], [HTTPD_CONF="/usr/local/etc/apache22/httpd.conf"], [
43	AC_CHECK_FILE([/etc/httpd/conf/httpd.conf], [HTTPD_CONF="/etc/httpd/conf/httpd.conf"], [	44	AC_CHECK_FILE([/etc/httpd/conf/httpd.conf], [HTTPD_CONF="/etc/httpd/conf/httpd.conf"], [
44	AC_CHECK_FILE([/etc/apache2/httpd.conf], [HTTPD_CONF="/etc/apache2/httpd.conf"], [	45	AC_CHECK_FILE([/etc/apache2/httpd.conf], [HTTPD_CONF="/etc/apache2/httpd.conf"], [
45	AC_MSG_ERROR([Could not locate Apache configuration file])	46	AC_CHECK_FILE([/etc/apache2/apache2.conf], [HTTPD_CONF="/etc/apache2/apache2.conf"], [
46	@@ -52,7 +53,7 @@	47	@@ -58,7 +59,7 @@
47	])	48	])
48	AC_SUBST([HTTPD_CONF])	49	AC_SUBST([HTTPD_CONF])
49		50
Lines 52-58 Link Here
52	AC_CHECK_FILE([/usr/sbin/apxs], [APXS="/usr/sbin/apxs"], [	53	AC_CHECK_FILE([/usr/sbin/apxs], [APXS="/usr/sbin/apxs"], [
53	AC_CHECK_FILE([/usr/bin/apxs2], [APXS="/usr/bin/apxs2"], [	54	AC_CHECK_FILE([/usr/bin/apxs2], [APXS="/usr/bin/apxs2"], [
54	AC_MSG_ERROR([Could not locate Apache apxs binary])	55	AC_MSG_ERROR([Could not locate Apache apxs binary])
55	@@ -61,7 +62,7 @@	56	@@ -67,7 +68,7 @@
56	])	57	])
57	AC_SUBST([APXS])	58	AC_SUBST([APXS])
58		59

Line 0 Link Here

(-)mod_authnz_crowd.new/files/patch-src__apache24_svn18 (+193 lines)
		1	diff --git a/src/crowd_client.c b/src/crowd_client.c
		2	index c190d0b..9a42acf 100644
		3	--- a/src/crowd_client.c
		4	+++ src/crowd_client.c
		5	@@ -631,9 +631,15 @@ static char make_app_cache_key(const request_rec r, const crowd_config *config
		6	}
		7
		8	static char make_session_cache_key(const char token, const char forwarded_for, const request_rec r, const crowd_config *config) {
		9	+#if AP_MODULE_MAGIC_AT_LEAST(20080403,1)
		10	+ return log_ralloc(r, apr_psprintf(r->pool, "%s\037%s\037%s\037%s\037%s", token,
		11	+ forwarded_for == NULL ? "" : forwarded_for, r->connection->client_ip, config->crowd_app_name,
		12	+ config->crowd_url));
		13	+#else
		14	return log_ralloc(r, apr_psprintf(r->pool, "%s\037%s\037%s\037%s\037%s", token,
		15	forwarded_for == NULL ? "" : forwarded_for, r->connection->remote_ip, config->crowd_app_name,
		16	config->crowd_url));
		17	+#endif
		18	}
		19
		20	/*==========================
		21	@@ -764,9 +770,15 @@ static bool handle_crowd_create_session_session_element(write_data_t *write_data
		22	}
		23
		24	static const char get_validation_factors(const request_rec r, const char *forwarded_for) {
		25	+#if AP_MODULE_MAGIC_AT_LEAST(20080403,1)
		26	+ const char *payload_beginning = log_ralloc(r, apr_pstrcat(r->pool,
		27	+ "<validation-factors><validation-factor><name>remote_address</name><value>", r->connection->client_ip,
		28	+ "</value></validation-factor>", NULL));
		29	+#else
		30	const char *payload_beginning = log_ralloc(r, apr_pstrcat(r->pool,
		31	"<validation-factors><validation-factor><name>remote_address</name><value>", r->connection->remote_ip,
		32	"</value></validation-factor>", NULL));
		33	+#endif
		34	if (payload_beginning == NULL) {
		35	return NULL;
		36	}
		37	@@ -863,7 +875,7 @@ static const char make_validate_session_url(const request_rec r, const crowd_c
		38
		39	char *url = log_ralloc(r, apr_pstrcat(r->pool, urlWithoutToken, escapedToken, NULL));
		40
		41	- curl_free(escapedToken);
		42	+ curl_free((void *)escapedToken);
		43
		44	return url;
		45	}
		46	diff --git a/src/mod_authnz_crowd.c b/src/mod_authnz_crowd.c
		47	index 44232a2..e9f849b 100644
		48	--- a/src/mod_authnz_crowd.c
		49	+++ src/mod_authnz_crowd.c
		50	@@ -520,7 +520,6 @@ static authn_status authn_crowd_check_password(request_rec r, const char user,
		51	static const authn_provider authn_crowd_provider =
		52	{
		53	&authn_crowd_check_password, /* Callback for HTTP Basic authentication */
		54	- NULL /* Callback for HTTP Digest authentication */
		55	};
		56
		57	static unsigned int parse_number(const char string, const char name, unsigned int min, unsigned int max,
		58	@@ -611,6 +610,83 @@ apr_array_header_t authnz_crowd_user_groups(const char username, request_rec *
		59	* @param r the current request
		60	* @return OK, DECLINED, or HTTP_...
		61	*/
		62	+#if AP_MODULE_MAGIC_AT_LEAST(20080403,1)
		63	+static authz_status auth_group_checker(request_rec *r,
		64	+ const char *require_line,
65	+ const void *parsed_require_args) {
66	+ const char t, w;
67	+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "mod_authnz_crowd:auth_group_checker");
68	+
69	+ authnz_crowd_dir_config *config = get_config(r);
70	+ if (config == NULL) {
71	+ return AUTHZ_GENERAL_ERROR;
72	+ }
73	+
74	+ if (r->user == NULL) {
75	+ ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, "Authorisation requested, but no user provided.");
76	+ return AUTHZ_DENIED_NO_USER;
77	+ }
78	+
79	+ apr_array_header_t *user_groups = NULL;
80	+
81	+ /* Fetch groups only if actually needed. */
82	+ if (user_groups == NULL) {
83	+ user_groups = crowd_user_groups(r->user, r, config->crowd_config);
84	+ if (user_groups == NULL) {
85	+ return AUTHZ_GENERAL_ERROR;
86	+ }
87	+ }
88	+
89	+ /* Iterate over the groups mentioned in the requirement. */
90	+ t = require_line;
91	+ while ((w = ap_getword_conf(r->pool, &t)) && w[0]) {
92	+ int y;
93	+ for (y = 0; y < user_groups->nelts; y++) {
94	+ const char user_group = APR_ARRAY_IDX(user_groups, y, const char );
95	+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
96	+ "auth_group_checker: user_group=%s, required_group=%s", user_group, w);
97	+ if (strcasecmp(user_group, w) == 0) {
98	+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
99	+ "Granted authorisation to '%s' on the basis of membership of '%s'.", r->user, user_group);
100	+ return AUTHZ_GRANTED;
101	+ }
102	+ }
103	+
104	+ }
105	+
106	+
107	+ ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, "Denied authorisation to '%s'.", r->user);
108	+ return AUTHZ_DENIED;
109	+}
110	+
111	+static const authz_provider authz_crowd_group_provider =
112	+{
113	+ &auth_group_checker,
114	+ NULL,
115	+};
116	+
117	+static void register_hooks(apr_pool_t *p)
118	+{
119	+ ap_hook_post_config(post_config, NULL, NULL, APR_HOOK_MIDDLE);
120	+ ap_hook_check_user_id(check_user_id, NULL, NULL, APR_HOOK_FIRST);
121	+ ap_register_auth_provider(
122	+ p,
123	+ AUTHN_PROVIDER_GROUP,
124	+ "crowd",
125	+ AUTHN_PROVIDER_VERSION,
126	+ &authn_crowd_provider, AP_AUTH_INTERNAL_PER_CONF
127	+ );
128	+
129	+ // Require crowd-group group1 group2 ...
130	+ ap_register_auth_provider(
131	+ p,
132	+ AUTHZ_PROVIDER_GROUP,
133	+ "crowd-group",
134	+ AUTHZ_PROVIDER_VERSION,
135	+ &authz_crowd_group_provider, AP_AUTH_INTERNAL_PER_CONF
136	+ );
137	+}
138	+#else
139	static int auth_checker(request_rec *r) {
140	ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "mod_authnz_crowd:auth_checker");
141
142	@@ -690,6 +766,9 @@ static void register_hooks(apr_pool_t *p)
143	ap_hook_auth_checker(auth_checker, pre_auth_checker, NULL, APR_HOOK_MIDDLE);
144	}
145
146	+#endif
147	+
148	+
149	module AP_MODULE_DECLARE_DATA authnz_crowd_module =
150	{
151	STANDARD20_MODULE_STUFF,
152	diff --git a/src/svn/mod_authz_svn_crowd.c b/src/svn/mod_authz_svn_crowd.c
153	index 69b9aa0..3164a40 100644
154	--- a/src/svn/mod_authz_svn_crowd.c
155	+++ src/svn/mod_authz_svn_crowd.c
156	@@ -50,6 +50,7 @@
157
158	#include <svn_pools.h>
159	#include <svn_dirent_uri.h>
160	+#include <svn_version.h>
161
162	const char *
163	svn_fspath__canonicalize(const char *fspath,
164	@@ -73,6 +74,7 @@ typedef struct authz_svn_config_rec {
165	const char *base_path;
166	const char *access_file;
167	const char *repo_relative_access_file;
168	+ const char *groups_file; // rwb
169	const char *force_username_case;
170	} authz_svn_config_rec;
171
172	@@ -105,6 +107,12 @@ struct svn_config_t
173	/* Temporary value used for expanded default values in svn_config_get.
174	(Using a stringbuf so that frequent resetting is efficient.) */
175	svn_stringbuf_t *tmp_value;
176	+
177	+#if SVN_VER_MINOR >= 7
178	+ /* Specifies whether section names are populated case sensitively. */
179	+ svn_boolean_t section_names_case_sensitive;
180	+#endif
181	+
182	};
183
184	typedef struct
185	@@ -113,7 +121,7 @@ typedef struct
186	const char *name;
187
188	/* The section name, converted into a hash key. */
189	- const char *hash_key;
190	+ // const char *hash_key;
191
192	/* Table of cfg_option_t's. */
193	apr_hash_t *options;