Re: WebDAV and ACL (RFC3744), status?

2014-12-31 Thread Graham Leggett 
On 01 Feb 2012, at 5:53 PM, Brian J. France  wrote:

> I had started breaking up the patches from mod_dav_acl into smaller chunks 
> and getting them imported into the trunk.
> 
> My goal was to get a mod_dav_acl like module added.  I say like because 
> mod_dav_acl currently requires xfs and stores the auth information in the xfs 
> attributes and I wanted to create a more authn type module.  Something that 
> could have a flat file, dbm, dbd, etc type plugins.
> 
> After mod_dav_acl was done I wanted to get mod_caldav and mod_cardav imported 
> as well, but free time dried up and I never finished.

Keen to revive this again.

I just tried to build mod_dav_acl against trunk, and after patching the 
function signatures for dav_error_new, I get the errors below.

There seem to be two key outstanding issues:

- dav_error needs to be extended to support childtags, not sure if a patch was 
submitted for this.

- 'dav_resource' has no member named ‘acl_hooks’ - I am not sure what change 
needs to be made to the mod_dav_acl code (if any) to support this?

[minfrin@Host-001 mod_dav_acl]$ make -k
make  all-recursive
make[1]: Entering directory `/home/minfrin/mod_dav_acl'
Making all in lib
make[2]: Entering directory `/home/minfrin/mod_dav_acl/lib'
/bin/sh ../libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I. -I..
-I/usr/include/httpd -DLINUX -D_REENTRANT -D_GNU_SOURCE -pthread 
-I/usr/include/libxml2 -I/usr/include/apr-1-g -O2 -MT 
libdavacl_la-dav_acl.lo -MD -MP -MF .deps/libdavacl_la-dav_acl.Tpo -c -o 
libdavacl_la-dav_acl.lo `test -f 'dav_acl.c' || echo './'`dav_acl.c
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/include/httpd -DLINUX 
-D_REENTRANT -D_GNU_SOURCE -pthread -I/usr/include/libxml2 -I/usr/include/apr-1 
-g -O2 -MT libdavacl_la-dav_acl.lo -MD -MP -MF .deps/libdavacl_la-dav_acl.Tpo 
-c dav_acl.c  -fPIC -DPIC -o .libs/libdavacl_la-dav_acl.o
dav_acl.c: In function 'dav_acl_privilege_error':
dav_acl.c:80: error: 'dav_error' has no member named 'childtags'
dav_acl.c: In function 'dav_acl_exec_error':
dav_acl.c:106: error: 'dav_error' has no member named 'childtags'
dav_acl.c:106: error: 'dav_error' has no member named 'childtags'
dav_acl.c:106: error: 'dav_error' has no member named 'childtags'
dav_acl.c:106: error: 'dav_error' has no member named 'childtags'
dav_acl.c: In function 'dav_acl_store_owner':
dav_acl.c:1509: error: 'dav_resource' has no member named 'acl_hooks'
dav_acl.c:1510: error: expected '=', ',', ';', 'asm' or '__attribute__' before 
'*' token
dav_acl.c:1510: error: 'acl' undeclared (first use in this function)
dav_acl.c:1510: error: (Each undeclared identifier is reported only once
dav_acl.c:1510: error: for each function it appears in.)
dav_acl.c:1516: error: 'dav_resource' has no member named 'acl_hooks'
make[2]: *** [libdavacl_la-dav_acl.lo] Error 1
make[2]: Target `all' not remade because of errors.
make[2]: Leaving directory `/home/minfrin/mod_dav_acl/lib'
Making all in tools
make[2]: Entering directory `/home/minfrin/mod_dav_acl/tools'
make[2]: Nothing to be done for `all'.
make[2]: Leaving directory `/home/minfrin/mod_dav_acl/tools'
Making all in man
make[2]: Entering directory `/home/minfrin/mod_dav_acl/man'
make[2]: Nothing to be done for `all'.
make[2]: Leaving directory `/home/minfrin/mod_dav_acl/man'
make[2]: Entering directory `/home/minfrin/mod_dav_acl'
/bin/sh ./libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I.
-I/usr/include/httpd -DLINUX -D_REENTRANT -D_GNU_SOURCE -pthread 
-I/usr/include/libxml2 -I/usr/include/apr-1-g -O2 -MT 
mod_dav_acl_la-mod_dav_acl.lo -MD -MP -MF .deps/mod_dav_acl_la-mod_dav_acl.Tpo 
-c -o mod_dav_acl_la-mod_dav_acl.lo `test -f 'mod_dav_acl.c' || echo 
'./'`mod_dav_acl.c
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I/usr/include/httpd -DLINUX 
-D_REENTRANT -D_GNU_SOURCE -pthread -I/usr/include/libxml2 -I/usr/include/apr-1 
-g -O2 -MT mod_dav_acl_la-mod_dav_acl.lo -MD -MP -MF 
.deps/mod_dav_acl_la-mod_dav_acl.Tpo -c mod_dav_acl.c  -fPIC -DPIC -o 
.libs/mod_dav_acl_la-mod_dav_acl.o
mod_dav_acl.c:884: error: expected '=', ',', ';', 'asm' or '__attribute__' 
before 'acl'
mod_dav_acl.c:893: error: expected '=', ',', ';', 'asm' or '__attribute__' 
before '*' token
mod_dav_acl.c: In function 'send_principal_props':
mod_dav_acl.c:1000: error: 'dav_resource' has no member named 'acl_hooks'
mod_dav_acl.c: In function 'davacl_handler':
mod_dav_acl.c:1438: warning: assignment makes pointer from integer without a 
cast
mod_dav_acl.c: In function 'initialize_module':
mod_dav_acl.c:1529: error: 'acl' undeclared (first use in this function)
mod_dav_acl.c:1529: error: (Each undeclared identifier is reported only once
mod_dav_acl.c:1529: error: for each function it appears in.)
mod_dav_acl.c: At top level:
mod_dav_acl.c:1594: warning: excess elements in struct initializer
mod_dav_acl.c:1594: warning: (near initialization for 'res_hooks')
make[2]: *** [mod_dav_acl_la-mod_dav_acl.lo] Error 1
/bin/sh ./libtool  --tag=CC   --mod

Re: WebDAV and ACL (RFC3744), status?

2012-02-01 Thread Greg Stein 
Yeah: mod_dav itself has no direct support for ACLs.

Way back when, when I wrote mod_dav and was working on DAV stuff in
general, the ACL stuff created an interesting problem: how to
propagate access control changes to all the httpd processes. If the
processes do not contain the ACLs, then the implication is a query on
each(!) request. That made me a bit uncomfortable, and I never pursued
it much further.

It may be fair to say that servers today (compared to a decade ago,
when I worked on this stuff) are highly overpowered relative to the
network bandwidth, and this kind of dynamic ACL query is not a problem
any more.

Cheers,
-g

On Wed, Feb 1, 2012 at 10:53, Brian J. France  wrote:
> I had started breaking up the patches from mod_dav_acl into smaller chunks 
> and getting them imported into the trunk.
>
> My goal was to get a mod_dav_acl like module added.  I say like because 
> mod_dav_acl currently requires xfs and stores the auth information in the xfs 
> attributes and I wanted to create a more authn type module.  Something that 
> could have a flat file, dbm, dbd, etc type plugins.
>
> After mod_dav_acl was done I wanted to get mod_caldav and mod_cardav imported 
> as well, but free time dried up and I never finished.
>
> Brian
>
>
> On Feb 1, 2012, at 10:38 AM, Andreas wrote:
>
>> Good evening.
>>
>> Where can I find out if httpd/mod_dav has support for ACL's?
>>
>> After digging in the mailinglist, there seem to have been some activity
>> about the topic in 2007 and 2009 but no patches seem to be applied.
>>
>> I checked today on 2.3beta, there is no "--enable-dav-acl" option yet
>> (unless enabled by default?).
>>
>> I could not find any bugzilla issue tracking the patches either, so now
>> I ask here as a last resort if anyone knows status on it. :)
>>
>>
>> Regards
>> --
>> Andreas
>>
>>  ... Mental backup in progress - Do Not Disturb!
>>
>

Re: WebDAV and ACL (RFC3744), status?

2012-02-01 Thread Graham Leggett 
On 01 Feb 2012, at 5:38 PM, Andreas wrote:

> Where can I find out if httpd/mod_dav has support for ACL's?
> 
> After digging in the mailinglist, there seem to have been some activity
> about the topic in 2007 and 2009 but no patches seem to be applied.
> 
> I checked today on 2.3beta, there is no "--enable-dav-acl" option yet
> (unless enabled by default?).
> 
> I could not find any bugzilla issue tracking the patches either, so now
> I ask here as a last resort if anyone knows status on it. :)

There is an externally maintained module at 
http://sourceforge.net/projects/moddavacl/ that does this, which in the past 
required some patches to httpd in order to work.

The effort you saw was an attempt to get these patches into httpd proper, so 
the module could be used as is unmodified without patching httpd. Not sure at 
this point whether moddavacl has yet been ported to httpd v2.4, you would have 
to ask that project to confirm.

Regards,
Graham
--



smime.p7s
Description: S/MIME cryptographic signature

Re: WebDAV and ACL (RFC3744), status?

2012-02-01 Thread Brian J. France 
I had started breaking up the patches from mod_dav_acl into smaller chunks and 
getting them imported into the trunk.

My goal was to get a mod_dav_acl like module added.  I say like because 
mod_dav_acl currently requires xfs and stores the auth information in the xfs 
attributes and I wanted to create a more authn type module.  Something that 
could have a flat file, dbm, dbd, etc type plugins.

After mod_dav_acl was done I wanted to get mod_caldav and mod_cardav imported 
as well, but free time dried up and I never finished.

Brian


On Feb 1, 2012, at 10:38 AM, Andreas wrote:

> Good evening.
> 
> Where can I find out if httpd/mod_dav has support for ACL's?
> 
> After digging in the mailinglist, there seem to have been some activity
> about the topic in 2007 and 2009 but no patches seem to be applied.
> 
> I checked today on 2.3beta, there is no "--enable-dav-acl" option yet
> (unless enabled by default?).
> 
> I could not find any bugzilla issue tracking the patches either, so now
> I ask here as a last resort if anyone knows status on it. :)
> 
> 
> Regards
> -- 
> Andreas
> 
>  ... Mental backup in progress - Do Not Disturb!
>

WebDAV and ACL (RFC3744), status?

2012-02-01 Thread Andreas 
Good evening.

Where can I find out if httpd/mod_dav has support for ACL's?

After digging in the mailinglist, there seem to have been some activity
about the topic in 2007 and 2009 but no patches seem to be applied.

I checked today on 2.3beta, there is no "--enable-dav-acl" option yet
(unless enabled by default?).

I could not find any bugzilla issue tracking the patches either, so now
I ask here as a last resort if anyone knows status on it. :)


Regards
-- 
Andreas

  ... Mental backup in progress - Do Not Disturb!