mod_authz_unixgroup - textual updates to prepare for 1.2.0 release

phokz · Nov 23, 2024 · e093ff9 · e093ff9
1 parent e430131
commit e093ff9
Show file tree

Hide file tree

Showing 6 changed files with 38 additions and 24 deletions.
diff --git a/mod_authz_unixgroup/CHANGES b/mod_authz_unixgroup/CHANGES
@@ -1,3 +1,16 @@
+v1.2.0   (Josef Liska & Micah Andersen - Nov 22, 2024)
+------------------------------------------------------
+ * Fix compatibility issues with modern unix auth services, such as sssd,
+   due to optimizations for large directories (e.g. LDAP) removing the
+   complete group membership list (grmem). Thanks to Joakim Tjernlund.
+ * NOTE: builds across all platforms now *require* libbsd or the equivalent
+   bsd-standard group function support.
+ * macOS build support, with the latest homebrew-core libbsd update.
+ * Added cross-platform makefiles (macOS & linux only; Windows does not have
+   UNIX groups, so not supported). Thanks to Micah Andersen/BIMI.
+ * GitHub Actions build testing on linux & macOS. Thanks to Micah Andersen/BIMI.
+ * Copyright information was consolidated in CONTRIBUTORS for consistency.
+
 v1.1.0   (Jan Wolter - Oct 6, 2011)
 -----------------------------------
  * Revised to work as an access control provider in Apache 2.4.
@@ -7,6 +20,7 @@ v1.1.0   (Jan Wolter - Oct 6, 2011)
  * Eliminated "AuthzUnixgroupAuthoritative off" directive because the whole
    concept of authoritativeness is dead for access control providers in
    Apache 2.4.
+ * Spelling fixes (as seen on lintian.debian.org). Thanks to klemens/ka7.
 
 v1.0.3   (Jan Wolter - Oct 6, 2011)
 ------------------------------------

diff --git a/mod_authz_unixgroup/CONTRIBUTORS b/mod_authz_unixgroup/CONTRIBUTORS
@@ -3,7 +3,7 @@ mod_authz_unixgroup is based on code from the following sources:
 ------------------------------------------------------------------
 
  * Original author: Jan Wolter (unixpapa.com)
- * Based on code from The Apache Group
+ * Based on code from The Apache Software Foundation (http://www.apache.org/).
 
  * Past contributors (from CHANGES):
  --------------------------------------------------

diff --git a/mod_authz_unixgroup/INSTALL b/mod_authz_unixgroup/INSTALL
@@ -6,7 +6,7 @@ NOTES:
    mod_authz_unixgroup:
 
      Apache 2.2.x    requires    mod_authz_unixgroup 1.0.x
-     Apache 2.4.x    requires    mod_authz_unixgroup 1.1.x
+     Apache 2.4.x    requires    mod_authz_unixgroup 1.1.0 or later
 
  * There are two ways of installing mod_authz_unixgroup. 
 
@@ -145,6 +145,11 @@ by a group of which the user is a member.
 Changes from Previous Versions:
 -------------------------------
 
+NOTE: New in 1.2.x, builds across all platforms now *REQUIRE* libbsd or the
+equivalent bsd-standard group function support. This was necessary to fix
+compatibility issues with modern auth providers such as sssd. See CHANGES
+and PR #55 for details.
+
 Previous versions of mod_authz_unixgroup needed a 'AuthzUnixgroup on' to
 tell Apache that the "Require file-group" directive was supposed to be
 handled by mod_authz_unixgroup. Now we have a distinct directive,

diff --git a/mod_authz_unixgroup/NOTICE b/mod_authz_unixgroup/NOTICE
diff --git a/mod_authz_unixgroup/README b/mod_authz_unixgroup/README
@@ -1,16 +1,19 @@
-                       Mod_Authz_Unixgroup version 1.1.0
+                       Mod_Authz_Unixgroup version 1.2.0
 
-              Author:  Jan Wolter
-	     Website:  http://www.unixpapa.com/mod_authz_unixgroup/
-	    Requires:  Apache 2.3 or later on a Unix server
-                       (for Apache 2.2 use mod_authz_unixgroup 1.0.x)
+	Original Author:  Jan Wolter
+	        Website:  http://www.unixpapa.com/mod_authz_unixgroup/
+	       Requires:  Apache 2.3 or later on a Unix server
+	                   (for Apache 2.2 use mod_authz_unixgroup 1.0.x)
 
 Mod_Authz_Unixgroup is a unix group access control modules for Apache.  If
 you are having users authenticate with real Unix login ID over the net, using
 something like my mod_authnz_external/pwauth combination, and you want to do
 access control based on unix group membership, then mod_authz_unixgroup is
 exactly what you need.
 
+NOTE: Mod_Authz_Unixgroup 1.2.x and up require libbsd or the equivalent
+bsd-standard group function support. See CHANGES or PR#55 for details.
+
 Let's say that you were using this with mod_authnz_external and pwauth.  Your
 .htaccess file for a protected directory would probably start with the
 following directives:
@@ -52,7 +55,7 @@ mod_authz_unixgroup will take the part before the @-sign as the username
 and ignore the rest.
 
 Mod_authnz_external is available from:
-   http://code.google.com/p/mod-auth-external/
+   https://github.com/phokz/mod-auth-external
 
 Pwauth is available from:
    http://code.google.com/p/pwauth/

diff --git a/mod_authz_unixgroup/mod_authz_unixgroup.c b/mod_authz_unixgroup/mod_authz_unixgroup.c
@@ -1,4 +1,4 @@
-/* Copyright 2008 Jan Wolter - See LICENSE and NOTICE */
+/* Copyright 2008 Jan Wolter and other contributors. Please see LICENSE and CONTRIBUTORS */
 
 #include "apr_lib.h"
 
@@ -17,17 +17,17 @@
 #include "http_protocol.h"
 #include "http_request.h"	/* for ap_hook_(check_user_id | auth_checker)*/
 #if HAVE_PWD_H
-#include <pwd.h>
+	#include <pwd.h>
 #endif
 #if HAVE_GRP_H
-#ifdef USE_POSIX_GRP
-#include <grp.h>
-#else
-#include <bsd/grp.h>
-#endif
+	#ifdef USE_POSIX_GRP
+		#include <grp.h>
+	#else
+		#include <bsd/grp.h>
+	#endif
 #endif
 #if APR_HAVE_UNISTD_H
-#include <unistd.h>
+	#include <unistd.h>
 #endif
 
 /*