From 1d671d8dac57527d3e2af332128c5fd7198dd14f Mon Sep 17 00:00:00 2001 From: jsdelfino Date: Sat, 25 Dec 2010 23:48:25 +0000 Subject: Port to HTTPD 2.3.10 + latest APR 1.4.x and enable mod_session_crypto. git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1052818 13f79535-47bb-0310-9956-ffa450edef68 --- sandbox/sebastien/cpp/apr-2/INSTALL | 6 +-- sandbox/sebastien/cpp/apr-2/configure.ac | 8 ++-- .../cpp/apr-2/modules/http/form-auth-conf | 4 +- .../sebastien/cpp/apr-2/modules/http/httpd-conf | 2 +- sandbox/sebastien/cpp/apr-2/modules/http/httpd.hpp | 1 + .../cpp/apr-2/modules/http/mod-openauth.cpp | 51 +++++++++++++++++++--- .../cpp/apr-2/modules/http/open-auth-conf | 8 ++-- .../sebastien/cpp/apr-2/ubuntu/ubuntu-install-all | 27 +++++++----- 8 files changed, 77 insertions(+), 30 deletions(-) diff --git a/sandbox/sebastien/cpp/apr-2/INSTALL b/sandbox/sebastien/cpp/apr-2/INSTALL index c9e7597a08..36e33711fd 100644 --- a/sandbox/sebastien/cpp/apr-2/INSTALL +++ b/sandbox/sebastien/cpp/apr-2/INSTALL @@ -45,8 +45,8 @@ gcc-g++-4.4.5 Then install the following development dependencies: Apache HTTP server and APR: -httpd-2.3.8 (http://httpd.apache.org/) -with included libapr and libaprutil +httpd-2.3.10 (http://httpd.apache.org/) +apr-1.4.x (http://apr.apache.org/) built with OpenSSL libssl-0.9.8, libpcre3-8.02, and expat 2.0.1 @@ -167,7 +167,7 @@ dependencies installed in the standard system directories and some of the dependencies installed under $HOME: ./configure --prefix=$HOME/tuscany-sca-cpp-bin \ ---with-apr=$HOME/httpd-2.3.8-bin --with-httpd=$HOME/httpd-2.3.8-bin \ +--with-apr=$HOME/apr-1.4.x-bin --with-httpd=$HOME/httpd-2.3.10-bin \ --with-memcached=$HOME/memcached-1.4.5-bin \ --with-tinycdb=$HOME/tinycdb-0.77-bin \ --with-curl=$HOME/curl-7.19.5-bin --with-libxml2=/usr \ diff --git a/sandbox/sebastien/cpp/apr-2/configure.ac b/sandbox/sebastien/cpp/apr-2/configure.ac index 1d53d1dacd..11cc2769f1 100644 --- a/sandbox/sebastien/cpp/apr-2/configure.ac +++ b/sandbox/sebastien/cpp/apr-2/configure.ac @@ -259,18 +259,18 @@ AC_CHECK_LIB([mozjs], [JS_NewContext], [], [AC_MSG_ERROR([couldn't find a suitab # Configure path to Apache APR and HTTPD includes and libs. AC_MSG_CHECKING([for apr]) AC_ARG_WITH([apr], [AC_HELP_STRING([--with-apr=PATH], [path to installed Apache APR [default=/usr]])], [ - APR_INCLUDE="${withval}/include" + APR_INCLUDE="${withval}/include/apr-2" APR_LIB="${withval}/lib" AC_MSG_RESULT("${withval}") ], [ - APR_INCLUDE="/usr/include/apr-1.0" + APR_INCLUDE="/usr/include/apr-2" APR_LIB="/usr/lib" AC_MSG_RESULT(/usr) ]) AC_SUBST(APR_INCLUDE) AC_SUBST(APR_LIB) LIBS="-L${APR_LIB} ${defaultlibs}" -AC_CHECK_LIB([apr-1], [apr_pool_initialize], [], [AC_MSG_ERROR([couldn't find a suitable libapr-1, use --with-apr=PATH])]) +AC_CHECK_LIB([apr-2], [apr_pool_initialize], [], [AC_MSG_ERROR([couldn't find a suitable libapr-2, use --with-apr=PATH])]) AC_MSG_CHECKING([for httpd]) AC_ARG_WITH([httpd], [AC_HELP_STRING([--with-httpd=PATH], [path to installed Apache HTTPD [default=/usr]])], [ @@ -341,7 +341,7 @@ AC_CHECK_LIB([cdb], [cdb_make_start], [], [AC_MSG_ERROR([couldn't find a suitabl # Configure default includes and ldflags cxxflags="${cxxflags} ${INCLUDES} -I. -I${TUSCANY_SCACPP}/kernel -I${APR_INCLUDE} -I${HTTPD_INCLUDE} -I${LIBXML2_INCLUDE} -I${JS_INCLUDE} -I${LIBCURL_INCLUDE}" -ldflags="${ldflags} -ldl -L${APR_LIB} -R${APR_LIB} -lapr-1 -laprutil-1" +ldflags="${ldflags} -ldl -L${APR_LIB} -R${APR_LIB} -lapr-2" ldflags="${ldflags} -L${LIBCURL_LIB} -R${LIBCURL_LIB} -L${JS_LIB} -R${JS_LIB} -L${LIBXML2_LIB} -R${LIBXML2_LIB}" # Enable Python 2.6 support. diff --git a/sandbox/sebastien/cpp/apr-2/modules/http/form-auth-conf b/sandbox/sebastien/cpp/apr-2/modules/http/form-auth-conf index a9077116da..42b1a656f3 100755 --- a/sandbox/sebastien/cpp/apr-2/modules/http/form-auth-conf +++ b/sandbox/sebastien/cpp/apr-2/modules/http/form-auth-conf @@ -25,6 +25,8 @@ root=`readlink -f $1` conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"` host=`echo $conf | awk '{ print $6 }'` +pw=`cat $root/cert/ca.key | head -2 | tail -1` + # Generate form authentication configuration cat >>$root/conf/auth.conf < diff --git a/sandbox/sebastien/cpp/apr-2/modules/http/httpd-conf b/sandbox/sebastien/cpp/apr-2/modules/http/httpd-conf index 37fa2e4051..e32acf2268 100755 --- a/sandbox/sebastien/cpp/apr-2/modules/http/httpd-conf +++ b/sandbox/sebastien/cpp/apr-2/modules/http/httpd-conf @@ -191,7 +191,7 @@ LoadModule vhost_alias_module ${modules_prefix}/modules/mod_vhost_alias.so LoadModule cgi_module ${modules_prefix}/modules/mod_cgi.so LoadModule unixd_module ${modules_prefix}/modules/mod_unixd.so LoadModule session_module ${modules_prefix}/modules/mod_session.so -#LoadModule session_crypto_module ${modules_prefix}/modules/mod_session_crypto.so +LoadModule session_crypto_module ${modules_prefix}/modules/mod_session_crypto.so LoadModule session_cookie_module ${modules_prefix}/modules/mod_session_cookie.so LoadModule slotmem_shm_module ${modules_prefix}/modules/mod_slotmem_shm.so LoadModule ratelimit_module ${modules_prefix}/modules/mod_ratelimit.so diff --git a/sandbox/sebastien/cpp/apr-2/modules/http/httpd.hpp b/sandbox/sebastien/cpp/apr-2/modules/http/httpd.hpp index 78d292dc89..a222b38556 100644 --- a/sandbox/sebastien/cpp/apr-2/modules/http/httpd.hpp +++ b/sandbox/sebastien/cpp/apr-2/modules/http/httpd.hpp @@ -57,6 +57,7 @@ #include #include #include +#include #include "string.hpp" #include "stream.hpp" diff --git a/sandbox/sebastien/cpp/apr-2/modules/http/mod-openauth.cpp b/sandbox/sebastien/cpp/apr-2/modules/http/mod-openauth.cpp index b43624f08d..953d6891a6 100644 --- a/sandbox/sebastien/cpp/apr-2/modules/http/mod-openauth.cpp +++ b/sandbox/sebastien/cpp/apr-2/modules/http/mod-openauth.cpp @@ -76,15 +76,52 @@ public: string login; }; +/** + * Log a session entry. + */ +int debugSession(unused void* r, const char* key, const char* value) { + cdebug << " session key: " << key << ", value: " << value << endl; + return 1; +} + +/** + * Return the user info from a form auth encrypted session cookie. + */ +static int (*ap_session_load_fn) (request_rec * r, session_rec ** z) = NULL; +static void (*ap_session_get_fn) (request_rec * r, session_rec * z, const char *key, const char **value) = NULL; + +const failable userInfoFromSession(const string& realm, request_rec* r) { + debug("modopenauth::userInfoFromSession"); + if (ap_session_load_fn == NULL) + ap_session_load_fn = APR_RETRIEVE_OPTIONAL_FN(ap_session_load); + session_rec *z = NULL; + ap_session_load_fn(r, &z); + if (z == NULL) + return mkfailure("Couldn't retrieve user session"); + apr_table_do(debugSession, r, z->entries, NULL); + + if (ap_session_get_fn == NULL) + ap_session_get_fn = APR_RETRIEVE_OPTIONAL_FN(ap_session_get); + const char* user = NULL; + ap_session_get_fn(r, z, c_str(realm + "-user"), &user); + if (user == NULL) + return mkfailure("Couldn't retrieve user id"); + const char* pw = NULL; + ap_session_get_fn(r, z, c_str(realm + "-pw"), &pw); + if (pw == NULL) + return mkfailure("Couldn't retrieve password"); + return value(mklist(mklist("realm", realm), mklist("id", string(user)), mklist("password", string(pw)))); +} + /** * Return the user info from a form auth session cookie. */ -const failable userInfo(const value& sid, const string& realm) { +const failable userInfoFromCookie(const value& sid, const string& realm, request_rec* r) { const list> info = httpd::queryArgs(sid); - debug(info, "modopenauth::userInfo::info"); + debug(info, "modopenauth::userInfoFromCookie::info"); const list user = assoc(realm + "-user", info); if (isNil(user)) - return mkfailure("Couldn't retrieve user id"); + return userInfoFromSession(realm, r); const list pw = assoc(realm + "-pw", info); if (isNil(pw)) return mkfailure("Couldn't retrieve password"); @@ -94,8 +131,8 @@ const failable userInfo(const value& sid, const string& realm) { /** * Return the user info from a basic auth header. */ -const failable userInfo(const char* header, const string& realm, request_rec* r) { - debug(header, "modopenauth::userInfo::header"); +const failable userInfoFromHeader(const char* header, const string& realm, request_rec* r) { + debug(header, "modopenauth::userInfoFromHeader::header"); if (strcasecmp(ap_getword(r->pool, &header, ' '), "Basic")) return mkfailure("Wrong authentication scheme"); @@ -176,7 +213,7 @@ static int checkAuthn(request_rec *r) { return httpd::reportStatus(mkfailure("Missing AuthName")); // Extract user info from the session id - const failable info = userInfo(content(sid), aname); + const failable info = userInfoFromCookie(content(sid), aname, r); if (hasContent(info)) { // Try to authenticate the request @@ -205,7 +242,7 @@ static int checkAuthn(request_rec *r) { return httpd::reportStatus(mkfailure("Missing AuthName")); // Extract user info from the session id - const failable info = userInfo(header, aname, r); + const failable info = userInfoFromHeader(header, aname, r); if (hasContent(info)) { // Try to authenticate the request diff --git a/sandbox/sebastien/cpp/apr-2/modules/http/open-auth-conf b/sandbox/sebastien/cpp/apr-2/modules/http/open-auth-conf index 2bd5bc3504..46fc5f88df 100755 --- a/sandbox/sebastien/cpp/apr-2/modules/http/open-auth-conf +++ b/sandbox/sebastien/cpp/apr-2/modules/http/open-auth-conf @@ -25,6 +25,8 @@ root=`readlink -f $1` conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"` host=`echo $conf | awk '{ print $6 }'` +pw=`cat $root/cert/ca.key | head -2 | tail -1` + # Generate form authentication configuration cat >>$root/conf/auth.conf <>$root/conf/auth.conf < AuthType Open AuthName "$host" +Session On +SessionCookieName TuscanyOpenAuth path=/;secure=TRUE +SessionCryptoPassphrase $pw AuthOpenAuth On AuthOpenAuthLoginPage /login Require valid-user @@ -44,9 +49,6 @@ AuthName "$host" AuthFormProvider file AuthFormLoginRequiredLocation /login AuthFormLogoutLocation / -Session On -SessionCookieName TuscanyOpenAuth path=/;secure=TRUE -#SessionCryptoPassphrase secret Require valid-user SetHandler form-login-handler diff --git a/sandbox/sebastien/cpp/apr-2/ubuntu/ubuntu-install-all b/sandbox/sebastien/cpp/apr-2/ubuntu/ubuntu-install-all index c91b683ca1..ed74e753a9 100755 --- a/sandbox/sebastien/cpp/apr-2/ubuntu/ubuntu-install-all +++ b/sandbox/sebastien/cpp/apr-2/ubuntu/ubuntu-install-all @@ -44,17 +44,22 @@ if [ "$?" != "0" ]; then fi cd $build -# Build Apache HTTP server +# Build Apache APR and HTTP server sudo apt-get -y install libssl-dev libpcre3-dev if [ "$?" != "0" ]; then exit $? fi -wget http://archive.apache.org/dist/httpd/httpd-2.3.8.tar.gz -tar xzf httpd-2.3.8.tar.gz -wget http://archive.apache.org/dist/httpd/httpd-2.3.8-deps.tar.gz -tar xzf httpd-2.3.8-deps.tar.gz -cd httpd-2.3.8 -./configure --enable-ssl --enable-proxy --enable-usertrack --enable-mods-shared=most --enable-mpms-shared="prefork worker event" --with-included-apr --with-expat=$build/expat-2.0.1-bin --with-mpm=prefork --prefix=$build/httpd-2.3.8-bin +svn co -r 1051230 http://svn.apache.org/repos/asf/apr/apr/trunk apr-1.4.x +cd apr-1.4.x +./buildconf +./configure -with-openssl --with-crypto --with-expat=$build/expat-2.0.1-bin --prefix=$build/apr-1.4.x-bin +make +make install +cd $build +wget http://archive.apache.org/dist/httpd/httpd-2.3.10-alpha.tar.gz +tar xzf httpd-2.3.10-alpha.tar.gz +cd httpd-2.3.10 +./configure --enable-ssl --enable-proxy --enable-usertrack --enable-cgi --enable-session-crypto --enable-mods-shared=most --enable-mpms-shared="prefork worker event" --with-mpm=prefork --with-apr=$build/apr-1.4.x-bin --with-expat=$build/expat-2.0.1-bin --prefix=$build/httpd-2.3.10-bin make make install if [ "$?" != "0" ]; then @@ -142,7 +147,7 @@ fi wget http://www.apache.org/dist/ws/axis2-c/1_6_0/axis2c-src-1.6.0.tar.gz tar xzf axis2c-src-1.6.0.tar.gz cd axis2c-src-1.6.0 -./configure --enable-libxml2 LIBXML2_CFLAGS="-I$build/libxml2-2.7.7-bin/include/libxml2" LIBXML2_LIBS="-L$build/libxml2-2.7.7-bin/lib -lxml2" --enable-openssl --with-apache2=$build/httpd-2.3.8-bin/include --prefix=$build/axis2c-1.6.0-bin +./configure --enable-libxml2 LIBXML2_CFLAGS="-I$build/libxml2-2.7.7-bin/include/libxml2" LIBXML2_LIBS="-L$build/libxml2-2.7.7-bin/lib -lxml2" --enable-openssl --with-apache2=$build/httpd-2.3.10-bin/include --with-apr=$build/apr-1.4.x-bin/include/apr-2 --prefix=$build/axis2c-1.6.0-bin make make install if [ "$?" != "0" ]; then @@ -229,7 +234,7 @@ cd $build git clone git://github.com/jsdelfino/mod_auth_openid.git cd mod_auth_openid ./autogen.sh -./configure --prefix=$build/mod-auth-openid-bin --with-apr=$build/httpd-2.3.8-bin --with-httpd=$build/httpd-2.3.8-bin --with-curl=$build/curl-7.19.5-bin --with-libopkele=$build/libopkele-bin +./configure --prefix=$build/mod-auth-openid-bin --with-apr=$build/apr-1.4.x-bin --with-httpd=$build/httpd-2.3.10-bin --with-curl=$build/curl-7.19.5-bin --with-libopkele=$build/libopkele-bin make make install if [ "$?" != "0" ]; then @@ -327,7 +332,7 @@ git clone git://git.apache.org/tuscany-sca-cpp.git cd tuscany-sca-cpp cp etc/git-exclude .git/info/exclude ./bootstrap -./configure --prefix=$build/tuscany-sca-cpp-bin --with-curl=$build/curl-7.19.5-bin --with-apr=$build/httpd-2.3.8-bin --with-httpd=$build/httpd-2.3.8-bin --with-memcached=$build/memcached-1.4.5-bin --with-tinycdb=$build/tinycdb-0.77-bin --with-js-include=$build/tracemonkey-bin/include/js --with-js-lib=$build/tracemonkey-bin/lib --with-libcloud=$build/libcloud-0.3.1-bin --enable-threads --enable-python --enable-gae --with-gae=$build/google_appengine --enable-java --with-java=/usr/lib/jvm/java-6-openjdk --enable-webservice --with-libxml2=$build/libxml2-2.7.7-bin --with-axis2c=$build/axis2c-1.6.0-bin --enable-queue --with-qpidc=$build/qpidc-0.6-bin --enable-chat --with-libstrophe=$build/libstrophe-bin --with-vysper=$build/vysper-0.5 --enable-sqldb --with-pgsql=$build/postgresql-9.0.1-bin --enable-log --with-thrift=$build/thrift-0.2.0-bin --with-scribe=$build/scribe-2.2-bin --enable-openid --with-mod-auth-openid=$build/mod-auth-openid-bin --enable-oauth --with-liboauth=$build/liboauth-0.9.1-bin +./configure --prefix=$build/tuscany-sca-cpp-bin --with-curl=$build/curl-7.19.5-bin --with-apr=$build/apr-1.4.x-bin --with-httpd=$build/httpd-2.3.10-bin --with-memcached=$build/memcached-1.4.5-bin --with-tinycdb=$build/tinycdb-0.77-bin --with-js-include=$build/tracemonkey-bin/include/js --with-js-lib=$build/tracemonkey-bin/lib --with-libcloud=$build/libcloud-0.3.1-bin --enable-threads --enable-python --enable-gae --with-gae=$build/google_appengine --enable-java --with-java=/usr/lib/jvm/java-6-openjdk --enable-webservice --with-libxml2=$build/libxml2-2.7.7-bin --with-axis2c=$build/axis2c-1.6.0-bin --enable-queue --with-qpidc=$build/qpidc-0.6-bin --enable-chat --with-libstrophe=$build/libstrophe-bin --with-vysper=$build/vysper-0.5 --enable-sqldb --with-pgsql=$build/postgresql-9.0.1-bin --enable-log --with-thrift=$build/thrift-0.2.0-bin --with-scribe=$build/scribe-2.2-bin --enable-openid --with-mod-auth-openid=$build/mod-auth-openid-bin --enable-oauth --with-liboauth=$build/liboauth-0.9.1-bin make make install if [ "$?" != "0" ]; then @@ -336,5 +341,5 @@ fi cd $build # Create bin archive -tar czf tuscany-sca-cpp-all-1.0.tar.gz tuscany-sca-cpp tuscany-sca-cpp-bin axis2c-1.6.0-bin libxml2-2.7.7-bin curl-7.19.5-bin httpd-2.3.8-bin tracemonkey-bin google_appengine libstrophe-bin memcached-1.4.5-bin tinycdb-0.77-bin qpidc-0.6-bin vysper-0.5 postgresql-9.0.1-bin thrift-0.2.0-bin scribe-2.2-bin libcloud-0.3.1-bin htmltidy-bin libopkele-bin mod-auth-openid-bin liboauth-0.9.1-bin +tar czf tuscany-sca-cpp-all-1.0.tar.gz tuscany-sca-cpp tuscany-sca-cpp-bin axis2c-1.6.0-bin libxml2-2.7.7-bin curl-7.19.5-bin httpd-2.3.10-bin apr-1.4.x-bin tracemonkey-bin google_appengine libstrophe-bin memcached-1.4.5-bin tinycdb-0.77-bin qpidc-0.6-bin vysper-0.5 postgresql-9.0.1-bin thrift-0.2.0-bin scribe-2.2-bin libcloud-0.3.1-bin htmltidy-bin libopkele-bin mod-auth-openid-bin liboauth-0.9.1-bin -- cgit v1.2.3