Skip to content

Commit efe6335

Browse files
committed
Remove Apache 2.2 support
1 parent c642248 commit efe6335

File tree

2 files changed

+0
-211
lines changed

2 files changed

+0
-211
lines changed

src/mod_auth_cas.c

Lines changed: 0 additions & 205 deletions
Original file line numberDiff line numberDiff line change
@@ -124,9 +124,6 @@ void *cas_create_server_config(apr_pool_t *pool, server_rec *svr)
124124
c->CASValidateSAML = CAS_DEFAULT_VALIDATE_SAML;
125125
c->CASAttributeDelimiter = CAS_DEFAULT_ATTRIBUTE_DELIMITER;
126126
c->CASAttributePrefix = CAS_DEFAULT_ATTRIBUTE_PREFIX;
127-
#if MODULE_MAGIC_NUMBER_MAJOR < 20120211
128-
c->CASAuthoritative = CAS_DEFAULT_AUTHORITATIVE;
129-
#endif
130127
c->CASPreserveTicket = CAS_DEFAULT_PRESERVE_TICKET;
131128
cas_setURL(pool, &(c->CASLoginURL), CAS_DEFAULT_LOGIN_URL);
132129
cas_setURL(pool, &(c->CASValidateURL), CAS_DEFAULT_VALIDATE_URL);
@@ -161,9 +158,6 @@ void *cas_merge_server_config(apr_pool_t *pool, void *BASE, void *ADD)
161158
c->CASCookieSecure = (add->CASCookieSecure != CAS_DEFAULT_COOKIE_SECURE ? add->CASCookieSecure : base->CASCookieSecure);
162159
c->CASSSOEnabled = (add->CASSSOEnabled != CAS_DEFAULT_SSO_ENABLED ? add->CASSSOEnabled : base->CASSSOEnabled);
163160
c->CASValidateSAML = (add->CASValidateSAML != CAS_DEFAULT_VALIDATE_SAML ? add->CASValidateSAML : base->CASValidateSAML);
164-
#if MODULE_MAGIC_NUMBER_MAJOR < 20120211
165-
c->CASAuthoritative = (add->CASAuthoritative != CAS_DEFAULT_AUTHORITATIVE ? add->CASAuthoritative : base->CASAuthoritative);
166-
#endif
167161
c->CASPreserveTicket = (add->CASPreserveTicket != CAS_DEFAULT_PRESERVE_TICKET ? add->CASPreserveTicket : base->CASPreserveTicket);
168162
c->CASAttributeDelimiter = (apr_strnatcasecmp(add->CASAttributeDelimiter, CAS_DEFAULT_ATTRIBUTE_DELIMITER) != 0 ? add->CASAttributeDelimiter : base->CASAttributeDelimiter);
169163
c->CASAttributePrefix = (apr_strnatcasecmp(add->CASAttributePrefix, CAS_DEFAULT_ATTRIBUTE_PREFIX) != 0 ? add->CASAttributePrefix : base->CASAttributePrefix);
@@ -423,16 +417,6 @@ const char *cfg_readCASParameter(cmd_parms *cmd, void *cfg, const char *value)
423417
else
424418
return(apr_psprintf(cmd->pool, "MOD_AUTH_CAS: Invalid argument to CASSSOEnabled - must be 'On' or 'Off'"));
425419
break;
426-
#if MODULE_MAGIC_NUMBER_MAJOR < 20120211
427-
case cmd_authoritative:
428-
if(apr_strnatcasecmp(value, "On") == 0)
429-
c->CASAuthoritative = TRUE;
430-
else if(apr_strnatcasecmp(value, "Off") == 0)
431-
c->CASAuthoritative = FALSE;
432-
else
433-
return(apr_psprintf(cmd->pool, "MOD_AUTH_CAS: Invalid argument to CASAuthoritative - must be 'On' or 'Off'"));
434-
break;
435-
#endif
436420
case cmd_preserve_ticket:
437421
if(apr_strnatcasecmp(value, "On") == 0)
438422
c->CASPreserveTicket = TRUE;
@@ -473,11 +457,7 @@ apr_byte_t cas_setURL(apr_pool_t *pool, apr_uri_t *uri, const char *url)
473457
apr_byte_t isSSL(const request_rec *r)
474458
{
475459

476-
#ifdef APACHE2_0
477-
if(apr_strnatcasecmp("https", ap_http_method(r)) == 0)
478-
#else
479460
if(apr_strnatcasecmp("https", ap_http_scheme(r)) == 0)
480-
#endif
481461
return TRUE;
482462

483463
return FALSE;
@@ -602,11 +582,7 @@ char *getCASService(const request_rec *r, const cas_cfg *c)
602582
char *scheme, *port_str = "", *service;
603583
apr_byte_t print_port = TRUE;
604584

605-
#ifdef APACHE2_0
606-
scheme = (char *) ap_http_method(r);
607-
#else
608585
scheme = (char *) ap_http_scheme(r);
609-
#endif
610586

611587
if (root_proxy->is_initialized) {
612588
service = apr_psprintf(r->pool, "%s%s%s%s",
@@ -2238,17 +2214,10 @@ int cas_authenticate(request_rec *r)
22382214
if(c->CASRootProxiedAs.is_initialized) {
22392215
newLocation = apr_psprintf(r->pool, "%s%s%s%s", apr_uri_unparse(r->pool, &c->CASRootProxiedAs, 0), r->uri, ((r->args != NULL) ? "?" : ""), ((r->args != NULL) ? r->args : ""));
22402216
} else {
2241-
#ifdef APACHE2_0
2242-
if(printPort == TRUE)
2243-
newLocation = apr_psprintf(r->pool, "%s://%s:%u%s%s%s", ap_http_method(r), r->server->server_hostname, r->connection->local_addr->port, r->uri, ((r->args != NULL) ? "?" : ""), ((r->args != NULL) ? r->args : ""));
2244-
else
2245-
newLocation = apr_psprintf(r->pool, "%s://%s%s%s%s", ap_http_method(r), r->server->server_hostname, r->uri, ((r->args != NULL) ? "?" : ""), ((r->args != NULL) ? r->args : ""));
2246-
#else
22472217
if(printPort == TRUE)
22482218
newLocation = apr_psprintf(r->pool, "%s://%s:%u%s%s%s", ap_http_scheme(r), r->server->server_hostname, r->connection->local_addr->port, r->uri, ((r->args != NULL) ? "?" : ""), ((r->args != NULL) ? r->args : ""));
22492219
else
22502220
newLocation = apr_psprintf(r->pool, "%s://%s%s%s%s", ap_http_scheme(r), r->server->server_hostname, r->uri, ((r->args != NULL) ? "?" : ""), ((r->args != NULL) ? r->args : ""));
2251-
#endif
22522221
}
22532222
apr_table_add(r->headers_out, "Location", newLocation);
22542223
return HTTP_MOVED_TEMPORARILY;
@@ -2431,7 +2400,6 @@ int cas_match_attribute(const char *const attr_spec, const cas_saml_attr *const
24312400
}
24322401
return CAS_ATTR_NO_MATCH;
24332402
}
2434-
#if MODULE_MAGIC_NUMBER_MAJOR >= 20120211
24352403

24362404
authz_status cas_check_authorization(request_rec *r,
24372405
const char *require_line,
@@ -2478,157 +2446,6 @@ static const authz_provider authz_cas_provider =
24782446
NULL,
24792447
};
24802448

2481-
#else
2482-
2483-
/* CAS authorization module, code adopted from Nick Kew's Apache Modules Book, 2007, p. 190f */
2484-
int cas_authorize(request_rec *r)
2485-
{
2486-
const cas_saml_attr *const attrs = cas_get_attributes(r);
2487-
2488-
const apr_array_header_t *const reqs_arr = ap_requires(r);
2489-
const require_line *const reqs =
2490-
reqs_arr ? (require_line *) reqs_arr->elts : NULL;
2491-
const cas_cfg *const c =
2492-
ap_get_module_config(r->server->module_config,
2493-
&auth_cas_module);
2494-
2495-
if(c->CASDebug)
2496-
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
2497-
"Entering cas_authorize.");
2498-
2499-
if (!reqs_arr) {
2500-
if(c->CASDebug)
2501-
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
2502-
"No require statements found, "
2503-
"so declining to perform authorization.");
2504-
return DECLINED;
2505-
}
2506-
2507-
return (cas_authorize_worker(r, attrs, reqs, reqs_arr->nelts, c));
2508-
}
2509-
2510-
/* Pulled out from cas_authorize to enable unit-testing */
2511-
2512-
int cas_authorize_worker(request_rec *r, const cas_saml_attr *const attrs, const require_line *const reqs, int nelts, const cas_cfg *const c)
2513-
{
2514-
const int m = r->method_number;
2515-
const char *token;
2516-
const char *requirement;
2517-
int i;
2518-
int have_casattr = 0;
2519-
int count_casattr = 0;
2520-
2521-
// Q: why don't we use ap_some_auth_required here?? performance?
2522-
2523-
/* Go through applicable Require directives */
2524-
for (i = 0; i < nelts; ++i) {
2525-
/* Ignore this Require if it's in a <Limit> section
2526-
* that exclude this method
2527-
*/
2528-
2529-
if (!(reqs[i].method_mask & (AP_METHOD_BIT << m))) {
2530-
continue;
2531-
}
2532-
2533-
/* ignore if it's not a "Require cas-attribute ..." */
2534-
requirement = reqs[i].requirement;
2535-
2536-
token = ap_getword_white(r->pool, &requirement);
2537-
2538-
if (apr_strnatcasecmp(token, "cas-attribute") != 0) {
2539-
continue;
2540-
}
2541-
2542-
/* OK, we have a "Require cas-attribute" to satisfy */
2543-
have_casattr = 1;
2544-
2545-
/* If we have an applicable cas-attribute, but no
2546-
* attributes were sent in the request, then we can
2547-
* just stop looking here, because it's not
2548-
* satisfiable. The code after this loop will give the
2549-
* appropriate response. */
2550-
if (!attrs) {
2551-
break;
2552-
}
2553-
2554-
/* Iterate over the attribute specification strings in this
2555-
* require directive searching for a specification that
2556-
* matches one of the attributes. */
2557-
while (*requirement) {
2558-
token = ap_getword_conf(r->pool, &requirement);
2559-
count_casattr++;
2560-
2561-
if(c->CASDebug)
2562-
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
2563-
"Evaluating attribute specification: %s",
2564-
token);
2565-
2566-
if (cas_match_attribute(token, attrs, r) ==
2567-
CAS_ATTR_MATCH) {
2568-
2569-
/* If *any* attribute matches, then
2570-
* authorization has succeeded and all
2571-
* of the others are ignored. */
2572-
if(c->CASDebug)
2573-
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
2574-
"Require cas-attribute "
2575-
"'%s' matched", token);
2576-
return OK;
2577-
}
2578-
}
2579-
}
2580-
2581-
/* If there weren't any "Require cas-attribute" directives,
2582-
* we're irrelevant.
2583-
*/
2584-
if (!have_casattr) {
2585-
if(c->CASDebug)
2586-
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
2587-
"No cas-attribute statements found. "
2588-
"Not performing authZ.");
2589-
return DECLINED;
2590-
}
2591-
2592-
/* If we have no attributes to evaluate, it's worth reporting (may be attribute release upstream has yet to be approved)
2593-
*/
2594-
if (have_casattr && !attrs) {
2595-
ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
2596-
"'Require cas-attribute' cannot be satisfied; no attributes were available for authorization.");
2597-
return DECLINED;
2598-
}
2599-
2600-
/* If there was a "Require cas-attribute", but no actual attributes,
2601-
* that's cause to warn the admin of an iffy configuration.
2602-
*/
2603-
if (count_casattr == 0) {
2604-
if(c->CASDebug)
2605-
ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
2606-
"'Require cas-attribute' missing specification(s) in configuration. Declining.");
2607-
return DECLINED;
2608-
}
2609-
2610-
/* If we're not authoritative, hand over to other authz modules */
2611-
if (!c->CASAuthoritative) {
2612-
if(c->CASDebug)
2613-
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
2614-
"Authorization failed, but we are not "
2615-
"authoritative, thus handing over to other "
2616-
"module(s).");
2617-
return DECLINED;
2618-
}
2619-
2620-
/* OK, our decision is final and binding */
2621-
if(c->CASDebug)
2622-
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
2623-
"Authorization denied for client session");
2624-
2625-
ap_note_auth_failure(r);
2626-
2627-
return HTTP_UNAUTHORIZED;
2628-
}
2629-
2630-
#endif
2631-
26322449
#if OPENSSL_VERSION_NUMBER < 0x10100000L && defined(OPENSSL_THREADS) && APR_HAS_THREADS
26332450

26342451
/* shamelessly based on code from mod_ssl */
@@ -2849,34 +2666,15 @@ apr_status_t cas_in_filter(ap_filter_t *f, apr_bucket_brigade *bb, ap_input_mode
28492666

28502667
void cas_register_hooks(apr_pool_t *p)
28512668
{
2852-
#if MODULE_MAGIC_NUMBER_MAJOR >= 20120211
28532669
ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "cas-attribute",
28542670
AUTHZ_PROVIDER_VERSION,
28552671
&authz_cas_provider, AP_AUTH_INTERNAL_PER_CONF);
2856-
#else
2857-
/* make sure we run before mod_authz_user so that a "require valid-user"
2858-
* directive doesn't just automatically pass us. */
2859-
static const char *const authzSucc[] = { "mod_authz_user.c", NULL };
2860-
ap_hook_auth_checker(cas_authorize, NULL, authzSucc, APR_HOOK_MIDDLE);
2861-
#endif
2862-
2863-
#if MODULE_MAGIC_NUMBER_MAJOR >= 20120211
28642672
ap_hook_check_authn(
28652673
cas_authenticate,
28662674
NULL,
28672675
NULL,
28682676
APR_HOOK_MIDDLE,
28692677
AP_AUTH_INTERNAL_PER_URI);
2870-
#elif MODULE_MAGIC_NUMBER_MAJOR >= 20100714
2871-
ap_hook_check_access_ex(
2872-
cas_authenticate,
2873-
NULL,
2874-
NULL,
2875-
APR_HOOK_MIDDLE,
2876-
AP_AUTH_INTERNAL_PER_URI);
2877-
#else
2878-
ap_hook_check_user_id(cas_authenticate, NULL, NULL, APR_HOOK_MIDDLE);
2879-
#endif
28802678
ap_hook_post_config(cas_post_config, NULL, NULL, APR_HOOK_LAST);
28812679
ap_register_input_filter("CAS", cas_in_filter, NULL, AP_FTYPE_RESOURCE);
28822680
}
@@ -2921,9 +2719,6 @@ const command_rec cas_cmds [] = {
29212719
AP_INIT_TAKE1("CASRootProxiedAs", cfg_readCASParameter, (void *) cmd_root_proxied_as, RSRC_CONF, "URL used to access the root of the virtual server (only needed when the server is proxied)"),
29222720
AP_INIT_TAKE1("CASScrubRequestHeaders", ap_set_string_slot, (void *) APR_OFFSETOF(cas_dir_cfg, CASScrubRequestHeaders), ACCESS_CONF, "Scrub CAS user name and SAML attribute headers from the user's request."),
29232721
/* authorization options */
2924-
#if MODULE_MAGIC_NUMBER_MAJOR < 20120211
2925-
AP_INIT_TAKE1("CASAuthoritative", cfg_readCASParameter, (void *) cmd_authoritative, RSRC_CONF, "Set 'On' to reject if access isn't allowed based on our rules; 'Off' (default) to allow checking against other modules too."),
2926-
#endif
29272722
AP_INIT_TAKE1("CASPreserveTicket", cfg_readCASParameter, (void *) cmd_preserve_ticket, RSRC_CONF, "Leave CAS ticket parameters intact when a valid session cookie exists. This helps prevent infinite redirect loops when CAS protection is being used at multiple levels."),
29282723
AP_INIT_TAKE1(0, 0, 0, 0, 0)
29292724
};

src/mod_auth_cas.h

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -104,7 +104,6 @@
104104
#define CAS_DEFAULT_AUTHN_HEADER NULL
105105
#define CAS_DEFAULT_SCRUB_REQUEST_HEADERS NULL
106106
#define CAS_DEFAULT_SSO_ENABLED FALSE
107-
#define CAS_DEFAULT_AUTHORITATIVE FALSE
108107
#define CAS_DEFAULT_PRESERVE_TICKET FALSE
109108

110109
#define CAS_MAX_RESPONSE_SIZE 2147483648
@@ -252,12 +251,7 @@ const cas_saml_attr *cas_get_attributes(request_rec *r);
252251
int cas_match_attribute(const char *const attr_spec, const cas_saml_attr *const attributes, struct request_rec *r);
253252

254253
/* Authorization check */
255-
#if MODULE_MAGIC_NUMBER_MAJOR < 20120211
256-
int cas_authorize(request_rec *r);
257-
int cas_authorize_worker(request_rec *r, const cas_saml_attr *const attrs, const require_line *const reqs, int nelts, const cas_cfg *const c);
258-
#else
259254
authz_status cas_check_authorization(request_rec *r, const char *require_line, const void *parsed_require_line);
260-
#endif
261255

262256
/* Fancy wrapper around flock() */
263257
int cas_flock(apr_file_t *fileHandle, int lockOperation, request_rec *r);

0 commit comments

Comments
 (0)