Port to HTTPD 2.3.10 + latest APR 1.4.x and enable mod_session_crypto.
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1052818 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
jsdelfino
parent
3941252017
commit
1d671d8dac
8 changed files with 77 additions and 30 deletions
|
|
@ -45,8 +45,8 @@ gcc-g++-4.4.5
|
|||
Then install the following development dependencies:
|
||||
|
||||
Apache HTTP server and APR:
|
||||
httpd-2.3.8 (http://httpd.apache.org/)
|
||||
with included libapr and libaprutil
|
||||
httpd-2.3.10 (http://httpd.apache.org/)
|
||||
apr-1.4.x (http://apr.apache.org/)
|
||||
built with OpenSSL libssl-0.9.8, libpcre3-8.02,
|
||||
and expat 2.0.1
|
||||
|
||||
|
|
@ -167,7 +167,7 @@ dependencies installed in the standard system directories and some of the
|
|||
dependencies installed under $HOME:
|
||||
|
||||
./configure --prefix=$HOME/tuscany-sca-cpp-bin \
|
||||
--with-apr=$HOME/httpd-2.3.8-bin --with-httpd=$HOME/httpd-2.3.8-bin \
|
||||
--with-apr=$HOME/apr-1.4.x-bin --with-httpd=$HOME/httpd-2.3.10-bin \
|
||||
--with-memcached=$HOME/memcached-1.4.5-bin \
|
||||
--with-tinycdb=$HOME/tinycdb-0.77-bin \
|
||||
--with-curl=$HOME/curl-7.19.5-bin --with-libxml2=/usr \
|
||||
|
|
|
|||
|
|
@ -259,18 +259,18 @@ AC_CHECK_LIB([mozjs], [JS_NewContext], [], [AC_MSG_ERROR([couldn't find a suitab
|
|||
# Configure path to Apache APR and HTTPD includes and libs.
|
||||
AC_MSG_CHECKING([for apr])
|
||||
AC_ARG_WITH([apr], [AC_HELP_STRING([--with-apr=PATH], [path to installed Apache APR [default=/usr]])], [
|
||||
APR_INCLUDE="${withval}/include"
|
||||
APR_INCLUDE="${withval}/include/apr-2"
|
||||
APR_LIB="${withval}/lib"
|
||||
AC_MSG_RESULT("${withval}")
|
||||
], [
|
||||
APR_INCLUDE="/usr/include/apr-1.0"
|
||||
APR_INCLUDE="/usr/include/apr-2"
|
||||
APR_LIB="/usr/lib"
|
||||
AC_MSG_RESULT(/usr)
|
||||
])
|
||||
AC_SUBST(APR_INCLUDE)
|
||||
AC_SUBST(APR_LIB)
|
||||
LIBS="-L${APR_LIB} ${defaultlibs}"
|
||||
AC_CHECK_LIB([apr-1], [apr_pool_initialize], [], [AC_MSG_ERROR([couldn't find a suitable libapr-1, use --with-apr=PATH])])
|
||||
AC_CHECK_LIB([apr-2], [apr_pool_initialize], [], [AC_MSG_ERROR([couldn't find a suitable libapr-2, use --with-apr=PATH])])
|
||||
|
||||
AC_MSG_CHECKING([for httpd])
|
||||
AC_ARG_WITH([httpd], [AC_HELP_STRING([--with-httpd=PATH], [path to installed Apache HTTPD [default=/usr]])], [
|
||||
|
|
@ -341,7 +341,7 @@ AC_CHECK_LIB([cdb], [cdb_make_start], [], [AC_MSG_ERROR([couldn't find a suitabl
|
|||
|
||||
# Configure default includes and ldflags
|
||||
cxxflags="${cxxflags} ${INCLUDES} -I. -I${TUSCANY_SCACPP}/kernel -I${APR_INCLUDE} -I${HTTPD_INCLUDE} -I${LIBXML2_INCLUDE} -I${JS_INCLUDE} -I${LIBCURL_INCLUDE}"
|
||||
ldflags="${ldflags} -ldl -L${APR_LIB} -R${APR_LIB} -lapr-1 -laprutil-1"
|
||||
ldflags="${ldflags} -ldl -L${APR_LIB} -R${APR_LIB} -lapr-2"
|
||||
ldflags="${ldflags} -L${LIBCURL_LIB} -R${LIBCURL_LIB} -L${JS_LIB} -R${JS_LIB} -L${LIBXML2_LIB} -R${LIBXML2_LIB}"
|
||||
|
||||
# Enable Python 2.6 support.
|
||||
|
|
|
|||
|
|
@ -25,6 +25,8 @@ root=`readlink -f $1`
|
|||
conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
|
||||
host=`echo $conf | awk '{ print $6 }'`
|
||||
|
||||
pw=`cat $root/cert/ca.key | head -2 | tail -1`
|
||||
|
||||
# Generate form authentication configuration
|
||||
cat >>$root/conf/auth.conf <<EOF
|
||||
# Generated by: form-auth-conf $*
|
||||
|
|
@ -38,7 +40,7 @@ AuthFormLoginRequiredLocation /login
|
|||
AuthFormLogoutLocation /
|
||||
Session On
|
||||
SessionCookieName TuscanyFormAuth path=/;secure=TRUE
|
||||
#SessionCryptoPassphrase secret
|
||||
SessionCryptoPassphrase $pw
|
||||
Require valid-user
|
||||
</Location>
|
||||
|
||||
|
|
|
|||
|
|
@ -191,7 +191,7 @@ LoadModule vhost_alias_module ${modules_prefix}/modules/mod_vhost_alias.so
|
|||
LoadModule cgi_module ${modules_prefix}/modules/mod_cgi.so
|
||||
LoadModule unixd_module ${modules_prefix}/modules/mod_unixd.so
|
||||
LoadModule session_module ${modules_prefix}/modules/mod_session.so
|
||||
#LoadModule session_crypto_module ${modules_prefix}/modules/mod_session_crypto.so
|
||||
LoadModule session_crypto_module ${modules_prefix}/modules/mod_session_crypto.so
|
||||
LoadModule session_cookie_module ${modules_prefix}/modules/mod_session_cookie.so
|
||||
LoadModule slotmem_shm_module ${modules_prefix}/modules/mod_slotmem_shm.so
|
||||
LoadModule ratelimit_module ${modules_prefix}/modules/mod_ratelimit.so
|
||||
|
|
|
|||
|
|
@ -57,6 +57,7 @@
|
|||
#include <mod_core.h>
|
||||
#include <ap_provider.h>
|
||||
#include <mod_auth.h>
|
||||
#include <mod_session.h>
|
||||
|
||||
#include "string.hpp"
|
||||
#include "stream.hpp"
|
||||
|
|
|
|||
|
|
@ -76,15 +76,52 @@ public:
|
|||
string login;
|
||||
};
|
||||
|
||||
/**
|
||||
* Log a session entry.
|
||||
*/
|
||||
int debugSession(unused void* r, const char* key, const char* value) {
|
||||
cdebug << " session key: " << key << ", value: " << value << endl;
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the user info from a form auth encrypted session cookie.
|
||||
*/
|
||||
static int (*ap_session_load_fn) (request_rec * r, session_rec ** z) = NULL;
|
||||
static void (*ap_session_get_fn) (request_rec * r, session_rec * z, const char *key, const char **value) = NULL;
|
||||
|
||||
const failable<value> userInfoFromSession(const string& realm, request_rec* r) {
|
||||
debug("modopenauth::userInfoFromSession");
|
||||
if (ap_session_load_fn == NULL)
|
||||
ap_session_load_fn = APR_RETRIEVE_OPTIONAL_FN(ap_session_load);
|
||||
session_rec *z = NULL;
|
||||
ap_session_load_fn(r, &z);
|
||||
if (z == NULL)
|
||||
return mkfailure<value>("Couldn't retrieve user session");
|
||||
apr_table_do(debugSession, r, z->entries, NULL);
|
||||
|
||||
if (ap_session_get_fn == NULL)
|
||||
ap_session_get_fn = APR_RETRIEVE_OPTIONAL_FN(ap_session_get);
|
||||
const char* user = NULL;
|
||||
ap_session_get_fn(r, z, c_str(realm + "-user"), &user);
|
||||
if (user == NULL)
|
||||
return mkfailure<value>("Couldn't retrieve user id");
|
||||
const char* pw = NULL;
|
||||
ap_session_get_fn(r, z, c_str(realm + "-pw"), &pw);
|
||||
if (pw == NULL)
|
||||
return mkfailure<value>("Couldn't retrieve password");
|
||||
return value(mklist<value>(mklist<value>("realm", realm), mklist<value>("id", string(user)), mklist<value>("password", string(pw))));
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the user info from a form auth session cookie.
|
||||
*/
|
||||
const failable<value> userInfo(const value& sid, const string& realm) {
|
||||
const failable<value> userInfoFromCookie(const value& sid, const string& realm, request_rec* r) {
|
||||
const list<list<value>> info = httpd::queryArgs(sid);
|
||||
debug(info, "modopenauth::userInfo::info");
|
||||
debug(info, "modopenauth::userInfoFromCookie::info");
|
||||
const list<value> user = assoc<value>(realm + "-user", info);
|
||||
if (isNil(user))
|
||||
return mkfailure<value>("Couldn't retrieve user id");
|
||||
return userInfoFromSession(realm, r);
|
||||
const list<value> pw = assoc<value>(realm + "-pw", info);
|
||||
if (isNil(pw))
|
||||
return mkfailure<value>("Couldn't retrieve password");
|
||||
|
|
@ -94,8 +131,8 @@ const failable<value> userInfo(const value& sid, const string& realm) {
|
|||
/**
|
||||
* Return the user info from a basic auth header.
|
||||
*/
|
||||
const failable<value> userInfo(const char* header, const string& realm, request_rec* r) {
|
||||
debug(header, "modopenauth::userInfo::header");
|
||||
const failable<value> userInfoFromHeader(const char* header, const string& realm, request_rec* r) {
|
||||
debug(header, "modopenauth::userInfoFromHeader::header");
|
||||
if (strcasecmp(ap_getword(r->pool, &header, ' '), "Basic"))
|
||||
return mkfailure<value>("Wrong authentication scheme");
|
||||
|
||||
|
|
@ -176,7 +213,7 @@ static int checkAuthn(request_rec *r) {
|
|||
return httpd::reportStatus(mkfailure<int>("Missing AuthName"));
|
||||
|
||||
// Extract user info from the session id
|
||||
const failable<value> info = userInfo(content(sid), aname);
|
||||
const failable<value> info = userInfoFromCookie(content(sid), aname, r);
|
||||
if (hasContent(info)) {
|
||||
|
||||
// Try to authenticate the request
|
||||
|
|
@ -205,7 +242,7 @@ static int checkAuthn(request_rec *r) {
|
|||
return httpd::reportStatus(mkfailure<int>("Missing AuthName"));
|
||||
|
||||
// Extract user info from the session id
|
||||
const failable<value> info = userInfo(header, aname, r);
|
||||
const failable<value> info = userInfoFromHeader(header, aname, r);
|
||||
if (hasContent(info)) {
|
||||
|
||||
// Try to authenticate the request
|
||||
|
|
|
|||
|
|
@ -25,6 +25,8 @@ root=`readlink -f $1`
|
|||
conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
|
||||
host=`echo $conf | awk '{ print $6 }'`
|
||||
|
||||
pw=`cat $root/cert/ca.key | head -2 | tail -1`
|
||||
|
||||
# Generate form authentication configuration
|
||||
cat >>$root/conf/auth.conf <<EOF
|
||||
# Generated by: open-auth-conf $*
|
||||
|
|
@ -32,6 +34,9 @@ cat >>$root/conf/auth.conf <<EOF
|
|||
<Location />
|
||||
AuthType Open
|
||||
AuthName "$host"
|
||||
Session On
|
||||
SessionCookieName TuscanyOpenAuth path=/;secure=TRUE
|
||||
SessionCryptoPassphrase $pw
|
||||
AuthOpenAuth On
|
||||
AuthOpenAuthLoginPage /login
|
||||
Require valid-user
|
||||
|
|
@ -44,9 +49,6 @@ AuthName "$host"
|
|||
AuthFormProvider file
|
||||
AuthFormLoginRequiredLocation /login
|
||||
AuthFormLogoutLocation /
|
||||
Session On
|
||||
SessionCookieName TuscanyOpenAuth path=/;secure=TRUE
|
||||
#SessionCryptoPassphrase secret
|
||||
Require valid-user
|
||||
SetHandler form-login-handler
|
||||
</Location>
|
||||
|
|
|
|||
|
|
@ -44,17 +44,22 @@ if [ "$?" != "0" ]; then
|
|||
fi
|
||||
cd $build
|
||||
|
||||
# Build Apache HTTP server
|
||||
# Build Apache APR and HTTP server
|
||||
sudo apt-get -y install libssl-dev libpcre3-dev
|
||||
if [ "$?" != "0" ]; then
|
||||
exit $?
|
||||
fi
|
||||
wget http://archive.apache.org/dist/httpd/httpd-2.3.8.tar.gz
|
||||
tar xzf httpd-2.3.8.tar.gz
|
||||
wget http://archive.apache.org/dist/httpd/httpd-2.3.8-deps.tar.gz
|
||||
tar xzf httpd-2.3.8-deps.tar.gz
|
||||
cd httpd-2.3.8
|
||||
./configure --enable-ssl --enable-proxy --enable-usertrack --enable-mods-shared=most --enable-mpms-shared="prefork worker event" --with-included-apr --with-expat=$build/expat-2.0.1-bin --with-mpm=prefork --prefix=$build/httpd-2.3.8-bin
|
||||
svn co -r 1051230 http://svn.apache.org/repos/asf/apr/apr/trunk apr-1.4.x
|
||||
cd apr-1.4.x
|
||||
./buildconf
|
||||
./configure -with-openssl --with-crypto --with-expat=$build/expat-2.0.1-bin --prefix=$build/apr-1.4.x-bin
|
||||
make
|
||||
make install
|
||||
cd $build
|
||||
wget http://archive.apache.org/dist/httpd/httpd-2.3.10-alpha.tar.gz
|
||||
tar xzf httpd-2.3.10-alpha.tar.gz
|
||||
cd httpd-2.3.10
|
||||
./configure --enable-ssl --enable-proxy --enable-usertrack --enable-cgi --enable-session-crypto --enable-mods-shared=most --enable-mpms-shared="prefork worker event" --with-mpm=prefork --with-apr=$build/apr-1.4.x-bin --with-expat=$build/expat-2.0.1-bin --prefix=$build/httpd-2.3.10-bin
|
||||
make
|
||||
make install
|
||||
if [ "$?" != "0" ]; then
|
||||
|
|
@ -142,7 +147,7 @@ fi
|
|||
wget http://www.apache.org/dist/ws/axis2-c/1_6_0/axis2c-src-1.6.0.tar.gz
|
||||
tar xzf axis2c-src-1.6.0.tar.gz
|
||||
cd axis2c-src-1.6.0
|
||||
./configure --enable-libxml2 LIBXML2_CFLAGS="-I$build/libxml2-2.7.7-bin/include/libxml2" LIBXML2_LIBS="-L$build/libxml2-2.7.7-bin/lib -lxml2" --enable-openssl --with-apache2=$build/httpd-2.3.8-bin/include --prefix=$build/axis2c-1.6.0-bin
|
||||
./configure --enable-libxml2 LIBXML2_CFLAGS="-I$build/libxml2-2.7.7-bin/include/libxml2" LIBXML2_LIBS="-L$build/libxml2-2.7.7-bin/lib -lxml2" --enable-openssl --with-apache2=$build/httpd-2.3.10-bin/include --with-apr=$build/apr-1.4.x-bin/include/apr-2 --prefix=$build/axis2c-1.6.0-bin
|
||||
make
|
||||
make install
|
||||
if [ "$?" != "0" ]; then
|
||||
|
|
@ -229,7 +234,7 @@ cd $build
|
|||
git clone git://github.com/jsdelfino/mod_auth_openid.git
|
||||
cd mod_auth_openid
|
||||
./autogen.sh
|
||||
./configure --prefix=$build/mod-auth-openid-bin --with-apr=$build/httpd-2.3.8-bin --with-httpd=$build/httpd-2.3.8-bin --with-curl=$build/curl-7.19.5-bin --with-libopkele=$build/libopkele-bin
|
||||
./configure --prefix=$build/mod-auth-openid-bin --with-apr=$build/apr-1.4.x-bin --with-httpd=$build/httpd-2.3.10-bin --with-curl=$build/curl-7.19.5-bin --with-libopkele=$build/libopkele-bin
|
||||
make
|
||||
make install
|
||||
if [ "$?" != "0" ]; then
|
||||
|
|
@ -327,7 +332,7 @@ git clone git://git.apache.org/tuscany-sca-cpp.git
|
|||
cd tuscany-sca-cpp
|
||||
cp etc/git-exclude .git/info/exclude
|
||||
./bootstrap
|
||||
./configure --prefix=$build/tuscany-sca-cpp-bin --with-curl=$build/curl-7.19.5-bin --with-apr=$build/httpd-2.3.8-bin --with-httpd=$build/httpd-2.3.8-bin --with-memcached=$build/memcached-1.4.5-bin --with-tinycdb=$build/tinycdb-0.77-bin --with-js-include=$build/tracemonkey-bin/include/js --with-js-lib=$build/tracemonkey-bin/lib --with-libcloud=$build/libcloud-0.3.1-bin --enable-threads --enable-python --enable-gae --with-gae=$build/google_appengine --enable-java --with-java=/usr/lib/jvm/java-6-openjdk --enable-webservice --with-libxml2=$build/libxml2-2.7.7-bin --with-axis2c=$build/axis2c-1.6.0-bin --enable-queue --with-qpidc=$build/qpidc-0.6-bin --enable-chat --with-libstrophe=$build/libstrophe-bin --with-vysper=$build/vysper-0.5 --enable-sqldb --with-pgsql=$build/postgresql-9.0.1-bin --enable-log --with-thrift=$build/thrift-0.2.0-bin --with-scribe=$build/scribe-2.2-bin --enable-openid --with-mod-auth-openid=$build/mod-auth-openid-bin --enable-oauth --with-liboauth=$build/liboauth-0.9.1-bin
|
||||
./configure --prefix=$build/tuscany-sca-cpp-bin --with-curl=$build/curl-7.19.5-bin --with-apr=$build/apr-1.4.x-bin --with-httpd=$build/httpd-2.3.10-bin --with-memcached=$build/memcached-1.4.5-bin --with-tinycdb=$build/tinycdb-0.77-bin --with-js-include=$build/tracemonkey-bin/include/js --with-js-lib=$build/tracemonkey-bin/lib --with-libcloud=$build/libcloud-0.3.1-bin --enable-threads --enable-python --enable-gae --with-gae=$build/google_appengine --enable-java --with-java=/usr/lib/jvm/java-6-openjdk --enable-webservice --with-libxml2=$build/libxml2-2.7.7-bin --with-axis2c=$build/axis2c-1.6.0-bin --enable-queue --with-qpidc=$build/qpidc-0.6-bin --enable-chat --with-libstrophe=$build/libstrophe-bin --with-vysper=$build/vysper-0.5 --enable-sqldb --with-pgsql=$build/postgresql-9.0.1-bin --enable-log --with-thrift=$build/thrift-0.2.0-bin --with-scribe=$build/scribe-2.2-bin --enable-openid --with-mod-auth-openid=$build/mod-auth-openid-bin --enable-oauth --with-liboauth=$build/liboauth-0.9.1-bin
|
||||
make
|
||||
make install
|
||||
if [ "$?" != "0" ]; then
|
||||
|
|
@ -336,5 +341,5 @@ fi
|
|||
cd $build
|
||||
|
||||
# Create bin archive
|
||||
tar czf tuscany-sca-cpp-all-1.0.tar.gz tuscany-sca-cpp tuscany-sca-cpp-bin axis2c-1.6.0-bin libxml2-2.7.7-bin curl-7.19.5-bin httpd-2.3.8-bin tracemonkey-bin google_appengine libstrophe-bin memcached-1.4.5-bin tinycdb-0.77-bin qpidc-0.6-bin vysper-0.5 postgresql-9.0.1-bin thrift-0.2.0-bin scribe-2.2-bin libcloud-0.3.1-bin htmltidy-bin libopkele-bin mod-auth-openid-bin liboauth-0.9.1-bin
|
||||
tar czf tuscany-sca-cpp-all-1.0.tar.gz tuscany-sca-cpp tuscany-sca-cpp-bin axis2c-1.6.0-bin libxml2-2.7.7-bin curl-7.19.5-bin httpd-2.3.10-bin apr-1.4.x-bin tracemonkey-bin google_appengine libstrophe-bin memcached-1.4.5-bin tinycdb-0.77-bin qpidc-0.6-bin vysper-0.5 postgresql-9.0.1-bin thrift-0.2.0-bin scribe-2.2-bin libcloud-0.3.1-bin htmltidy-bin libopkele-bin mod-auth-openid-bin liboauth-0.9.1-bin
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue