diff --git a/mod_authz_unixgroup/CHANGES b/mod_authz_unixgroup/CHANGES index e482a3a..4d9d853 100644 --- a/mod_authz_unixgroup/CHANGES +++ b/mod_authz_unixgroup/CHANGES @@ -1,3 +1,16 @@ +v1.2.0 (Josef Liska & Micah Andersen - Nov 22, 2024) +------------------------------------------------------ + * Fix compatibility issues with modern unix auth services, such as sssd, + due to optimizations for large directories (e.g. LDAP) removing the + complete group membership list (grmem). Thanks to Joakim Tjernlund. + * NOTE: builds across all platforms now *require* libbsd or the equivalent + bsd-standard group function support. + * macOS build support, with the latest homebrew-core libbsd update. + * Added cross-platform makefiles (macOS & linux only; Windows does not have + UNIX groups, so not supported). Thanks to Micah Andersen/BIMI. + * GitHub Actions build testing on linux & macOS. Thanks to Micah Andersen/BIMI. + * Copyright information was consolidated in CONTRIBUTORS for consistency. + v1.1.0 (Jan Wolter - Oct 6, 2011) ----------------------------------- * Revised to work as an access control provider in Apache 2.4. @@ -7,6 +20,7 @@ v1.1.0 (Jan Wolter - Oct 6, 2011) * Eliminated "AuthzUnixgroupAuthoritative off" directive because the whole concept of authoritativeness is dead for access control providers in Apache 2.4. + * Spelling fixes (as seen on lintian.debian.org). Thanks to klemens/ka7. v1.0.3 (Jan Wolter - Oct 6, 2011) ------------------------------------ diff --git a/mod_authz_unixgroup/CONTRIBUTORS b/mod_authz_unixgroup/CONTRIBUTORS index cf3f2c0..1566b4f 100644 --- a/mod_authz_unixgroup/CONTRIBUTORS +++ b/mod_authz_unixgroup/CONTRIBUTORS @@ -3,7 +3,7 @@ mod_authz_unixgroup is based on code from the following sources: ------------------------------------------------------------------ * Original author: Jan Wolter (unixpapa.com) - * Based on code from The Apache Group + * Based on code from The Apache Software Foundation (http://www.apache.org/). * Past contributors (from CHANGES): -------------------------------------------------- diff --git a/mod_authz_unixgroup/INSTALL b/mod_authz_unixgroup/INSTALL index 491e97f..02b2a69 100644 --- a/mod_authz_unixgroup/INSTALL +++ b/mod_authz_unixgroup/INSTALL @@ -6,7 +6,7 @@ NOTES: mod_authz_unixgroup: Apache 2.2.x requires mod_authz_unixgroup 1.0.x - Apache 2.4.x requires mod_authz_unixgroup 1.1.x + Apache 2.4.x requires mod_authz_unixgroup 1.1.0 or later * There are two ways of installing mod_authz_unixgroup. @@ -145,6 +145,11 @@ by a group of which the user is a member. Changes from Previous Versions: ------------------------------- +NOTE: New in 1.2.x, builds across all platforms now *REQUIRE* libbsd or the +equivalent bsd-standard group function support. This was necessary to fix +compatibility issues with modern auth providers such as sssd. See CHANGES +and PR #55 for details. + Previous versions of mod_authz_unixgroup needed a 'AuthzUnixgroup on' to tell Apache that the "Require file-group" directive was supposed to be handled by mod_authz_unixgroup. Now we have a distinct directive, diff --git a/mod_authz_unixgroup/NOTICE b/mod_authz_unixgroup/NOTICE deleted file mode 100644 index 08d0aa8..0000000 --- a/mod_authz_unixgroup/NOTICE +++ /dev/null @@ -1,8 +0,0 @@ -Mod_authz_unixgroup - - Copyright 2008 Jan Wolter - - This product includes software developed by Jan Wolter. - - This product includes software developed at - The Apache Software Foundation (http://www.apache.org/). diff --git a/mod_authz_unixgroup/README b/mod_authz_unixgroup/README index 381ca7e..c4b0f8b 100644 --- a/mod_authz_unixgroup/README +++ b/mod_authz_unixgroup/README @@ -1,9 +1,9 @@ - Mod_Authz_Unixgroup version 1.1.0 + Mod_Authz_Unixgroup version 1.2.0 - Author: Jan Wolter - Website: http://www.unixpapa.com/mod_authz_unixgroup/ - Requires: Apache 2.3 or later on a Unix server - (for Apache 2.2 use mod_authz_unixgroup 1.0.x) + Original Author: Jan Wolter + Website: http://www.unixpapa.com/mod_authz_unixgroup/ + Requires: Apache 2.3 or later on a Unix server + (for Apache 2.2 use mod_authz_unixgroup 1.0.x) Mod_Authz_Unixgroup is a unix group access control modules for Apache. If you are having users authenticate with real Unix login ID over the net, using @@ -11,6 +11,9 @@ something like my mod_authnz_external/pwauth combination, and you want to do access control based on unix group membership, then mod_authz_unixgroup is exactly what you need. +NOTE: Mod_Authz_Unixgroup 1.2.x and up require libbsd or the equivalent +bsd-standard group function support. See CHANGES or PR#55 for details. + Let's say that you were using this with mod_authnz_external and pwauth. Your .htaccess file for a protected directory would probably start with the following directives: @@ -52,7 +55,7 @@ mod_authz_unixgroup will take the part before the @-sign as the username and ignore the rest. Mod_authnz_external is available from: - http://code.google.com/p/mod-auth-external/ + https://github.com/phokz/mod-auth-external Pwauth is available from: http://code.google.com/p/pwauth/ diff --git a/mod_authz_unixgroup/mod_authz_unixgroup.c b/mod_authz_unixgroup/mod_authz_unixgroup.c index 12630ec..056e34a 100644 --- a/mod_authz_unixgroup/mod_authz_unixgroup.c +++ b/mod_authz_unixgroup/mod_authz_unixgroup.c @@ -1,4 +1,4 @@ -/* Copyright 2008 Jan Wolter - See LICENSE and NOTICE */ +/* Copyright 2008 Jan Wolter and other contributors. Please see LICENSE and CONTRIBUTORS */ #include "apr_lib.h" @@ -17,17 +17,17 @@ #include "http_protocol.h" #include "http_request.h" /* for ap_hook_(check_user_id | auth_checker)*/ #if HAVE_PWD_H -#include + #include #endif #if HAVE_GRP_H -#ifdef USE_POSIX_GRP -#include -#else -#include -#endif + #ifdef USE_POSIX_GRP + #include + #else + #include + #endif #endif #if APR_HAVE_UNISTD_H -#include + #include #endif /*