From da3985ecfc4e6fe022a6fe1890724755c76b3fe4 Mon Sep 17 00:00:00 2001
From: Muhammad Moinur Rahman <bofh@FreeBSD.org>
Date: Sun, 27 Apr 2025 22:01:14 +0200
Subject: [PATCH] www/mod_auth_kerb2: Refactor

- Replace @exec with @postexec/@postunexec
- Replace PORTVERSION with DISTVERSION
- Pet portclippy
- Refresh patches
---
 www/mod_auth_kerb2/Makefile                   | 17 +++---
 www/mod_auth_kerb2/files/patch-Makefile.in    |  6 +--
 .../files/patch-spnegokrb5__spnegokrb5_locl.h |  4 +-
 .../files/patch-src__mod_auth_kerb.c          | 54 +++++++++----------
 www/mod_auth_kerb2/pkg-plist                  |  4 +-
 5 files changed, 44 insertions(+), 41 deletions(-)

diff --git a/www/mod_auth_kerb2/Makefile b/www/mod_auth_kerb2/Makefile
index e43a2e6bd601..0d4a0df8a6a3 100644
--- a/www/mod_auth_kerb2/Makefile
+++ b/www/mod_auth_kerb2/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	mod_auth_kerb
-PORTVERSION=	5.4
-PORTREVISION=	8
+DISTVERSION=	5.4
+PORTREVISION=	9
 CATEGORIES=	www
 MASTER_SITES=	SF/modauthkerb/${PORTNAME}/${PORTNAME}-${PORTVERSION}
 PKGNAMEPREFIX=	${APACHE_PKGNAMEPREFIX}
@@ -12,22 +12,25 @@ WWW=		https://modauthkerb.sourceforge.net/
 
 LICENSE=	MIT BSD3CLAUSE
 LICENSE_COMB=	multi
-LICENSE_FILE_MIT=	${WRKSRC}/LICENSE
 LICENSE_FILE_BSD3CLAUSE=	${WRKSRC}/LICENSE
-
-PORTSCOUT=	limit:^5.4
+LICENSE_FILE_MIT=	${WRKSRC}/LICENSE
 
 USES=		apache
+
 GNU_CONFIGURE=	yes
 CONFIGURE_ARGS=	-with-krb5=${GSSAPIBASEDIR} --without-krb4
 
-OPTIONS_SINGLE=		GSSAPI
+PORTSCOUT=	limit:^5.4
+
 OPTIONS_DEFAULT=	GSSAPI_BASE
+OPTIONS_SINGLE=		GSSAPI
 OPTIONS_SINGLE_GSSAPI=	GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT
+
 GSSAPI_BASE_DESC=	Use Base version of GSS API
+GSSAPI_DESC=		Use Base version of GSS API
 GSSAPI_HEIMDAL_DESC=	Use Heimdal implementation of GSS API
 GSSAPI_MIT_DESC=	Use MIT implementation of GSS API
-GSSAPI_DESC=		Use Base version of GSS API
+
 GSSAPI_BASE_USES=	gssapi
 GSSAPI_HEIMDAL_USES=	gssapi:heimdal
 GSSAPI_MIT_USES=	gssapi:mit
diff --git a/www/mod_auth_kerb2/files/patch-Makefile.in b/www/mod_auth_kerb2/files/patch-Makefile.in
index 0261485a0892..8d91ba790423 100644
--- a/www/mod_auth_kerb2/files/patch-Makefile.in
+++ b/www/mod_auth_kerb2/files/patch-Makefile.in
@@ -1,6 +1,6 @@
---- Makefile.in.orig	2008-12-02 23:07:10.000000000 +0900
-+++ Makefile.in	2014-11-22 19:29:08.000000000 +0900
-@@ -16,7 +16,9 @@
+--- Makefile.in.orig	2008-12-02 14:07:10 UTC
++++ Makefile.in
+@@ -16,7 +16,9 @@ install:
  	./apxs.sh "${CPPFLAGS}" "${LDFLAGS}" "${SPNEGO_SRCS}" "${APXS}" "-c" "src/mod_auth_kerb.c"
  
  install:
diff --git a/www/mod_auth_kerb2/files/patch-spnegokrb5__spnegokrb5_locl.h b/www/mod_auth_kerb2/files/patch-spnegokrb5__spnegokrb5_locl.h
index 4233afc2a435..524b747890b2 100644
--- a/www/mod_auth_kerb2/files/patch-spnegokrb5__spnegokrb5_locl.h
+++ b/www/mod_auth_kerb2/files/patch-spnegokrb5__spnegokrb5_locl.h
@@ -1,5 +1,5 @@
---- spnegokrb5/spnegokrb5_locl.h.orig	2008-01-27 20:59:03.000000000 +0000
-+++ spnegokrb5/spnegokrb5_locl.h	2008-01-27 20:59:19.000000000 +0000
+--- spnegokrb5/spnegokrb5_locl.h.orig	2008-11-26 16:51:05 UTC
++++ spnegokrb5/spnegokrb5_locl.h
 @@ -1,6 +1,7 @@
  #include <stdlib.h>
  #include <errno.h>
diff --git a/www/mod_auth_kerb2/files/patch-src__mod_auth_kerb.c b/www/mod_auth_kerb2/files/patch-src__mod_auth_kerb.c
index 54971802be39..163be6df75a5 100644
--- a/www/mod_auth_kerb2/files/patch-src__mod_auth_kerb.c
+++ b/www/mod_auth_kerb2/files/patch-src__mod_auth_kerb.c
@@ -6,8 +6,8 @@
 # Patch to fix a bug in KrbSaveCredentials: 
 #     https://bugzilla.redhat.com/show_bug.cgi?id=688210
 #
---- src/mod_auth_kerb.c.orig	2008-12-04 19:14:03.000000000 +0900
-+++ src/mod_auth_kerb.c	2014-11-22 19:34:12.000000000 +0900
+--- src/mod_auth_kerb.c.orig	2008-12-04 10:14:03 UTC
++++ src/mod_auth_kerb.c
 @@ -11,6 +11,12 @@
   */
  
@@ -64,7 +64,7 @@
  module AP_MODULE_DECLARE_DATA auth_kerb_module;
  #else
  module auth_kerb_module;
-@@ -176,6 +191,7 @@
+@@ -176,6 +191,7 @@ typedef struct krb5_conn_data {
  	char *authline;
  	char *user;
  	char *mech;
@@ -72,7 +72,7 @@
  	int  last_return;
  } krb5_conn_data;
  
-@@ -298,7 +314,7 @@
+@@ -298,7 +314,7 @@ mod_auth_kerb_rc_store(krb5_context context, krb5_rcac
  }
  
  /* And this is the operations vector for our replay cache */
@@ -81,7 +81,7 @@
    0,
    "dfl",
    krb5_rc_dfl_init,
-@@ -329,7 +345,7 @@
+@@ -329,7 +345,7 @@ static void *kerb_dir_create_config(MK_POOL *p, char *
  	((kerb_auth_config *)rec)->krb_ssl_preauthentication = 0;
  #endif
  #ifdef KRB5
@@ -90,23 +90,23 @@
  	((kerb_auth_config *)rec)->krb_method_k5pass = 1;
  	((kerb_auth_config *)rec)->krb_method_gssapi = 1;
  #endif
-@@ -347,9 +363,15 @@
+@@ -347,9 +363,15 @@ krb5_save_realms(cmd_parms *cmd, void *vsec, const cha
     return NULL;
  }
  
 +#ifdef APLOG_USE_MODULE
-+static void
+ static void
 +log_rerror(const char *file, int line, int module_index, int level, int status,
 +           const request_rec *r, const char *fmt, ...)
 +#else
- static void
++static void
  log_rerror(const char *file, int line, int level, int status,
             const request_rec *r, const char *fmt, ...)
 +#endif
  {
     char errstr[1024];
     va_list ap;
-@@ -359,7 +381,9 @@
+@@ -359,7 +381,9 @@ log_rerror(const char *file, int line, int level, int 
     va_end(ap);
  
     
@@ -117,7 +117,7 @@
     ap_log_rerror(file, line, level | APLOG_NOERRNO, status, r, "%s", errstr);
  #else
     ap_log_rerror(file, line, level | APLOG_NOERRNO, r, "%s", errstr);
-@@ -527,7 +551,7 @@
+@@ -527,7 +551,7 @@ authenticate_user_krb4pwd(request_rec *r,
     user = apr_pstrcat(r->pool, user, "@", realm, NULL);
  
     MK_USER = user;
@@ -126,7 +126,7 @@
     apr_table_setn(r->subprocess_env, "KRBTKFILE", tkt_file_p);
  
     if (!conf->krb_save_credentials)
-@@ -677,7 +701,8 @@
+@@ -677,7 +701,8 @@ verify_krb5_user(request_rec *r, krb5_context context,
  static krb5_error_code
  verify_krb5_user(request_rec *r, krb5_context context, krb5_principal principal,
        		 const char *password, krb5_principal server,
@@ -136,7 +136,7 @@
  {
     krb5_creds creds;
     krb5_get_init_creds_opt options;
-@@ -869,8 +894,8 @@
+@@ -869,8 +894,8 @@ create_krb5_ccache(krb5_context kcontext,
     }
  
     apr_table_setn(r->subprocess_env, "KRB5CCNAME", ccname);
@@ -147,7 +147,7 @@
  
     *ccache = tmp_ccache;
     tmp_ccache = NULL;
-@@ -926,7 +951,6 @@
+@@ -926,7 +951,6 @@ store_krb5_creds(krb5_context kcontext,
     return OK;
  }
  
@@ -155,7 +155,7 @@
  static int
  authenticate_user_krb5pwd(request_rec *r,
                            kerb_auth_config *conf,
-@@ -1061,7 +1085,7 @@
+@@ -1061,7 +1085,7 @@ authenticate_user_krb5pwd(request_rec *r,
        goto end;
     }
     MK_USER = apr_pstrdup (r->pool, name);
@@ -164,7 +164,7 @@
     free(name);
  
     if (conf->krb_save_credentials)
-@@ -1280,6 +1304,7 @@
+@@ -1280,6 +1304,7 @@ get_gss_creds(request_rec *r,
     return 0;
  }
  
@@ -172,7 +172,7 @@
  static int
  cmp_gss_type(gss_buffer_t token, gss_OID oid)
  {
-@@ -1306,6 +1331,7 @@
+@@ -1306,6 +1331,7 @@ cmp_gss_type(gss_buffer_t token, gss_OID oid)
  
     return memcmp(p, oid->elements, oid->length);
  }
@@ -180,7 +180,7 @@
  
  static int
  authenticate_user_gss(request_rec *r, kerb_auth_config *conf,
-@@ -1438,15 +1464,15 @@
+@@ -1438,15 +1464,15 @@ authenticate_user_gss(request_rec *r, kerb_auth_config
       goto end;
    }
  
@@ -201,7 +201,7 @@
  
    major_status = gss_display_name(&minor_status, client_name, &output_token, NULL);
    gss_release_name(&minor_status, &client_name); 
-@@ -1549,28 +1575,52 @@
+@@ -1549,28 +1575,52 @@ static krb5_conn_data *
  #endif /* KRB5 */
  
  static krb5_conn_data *
@@ -261,7 +261,7 @@
  set_kerb_auth_headers(request_rec *r, const kerb_auth_config *conf,
        		      int use_krb4, int use_krb5pwd, char *negotiate_ret_value)
  {
-@@ -1607,51 +1657,16 @@
+@@ -1607,51 +1657,16 @@ static int
  }
  
  static int
@@ -320,16 +320,16 @@
     if (!auth_line) {
        set_kerb_auth_headers(r, conf, use_krb4, use_krb5, 
  	                    (use_krb5) ? "\0" : NULL);
-@@ -1669,60 +1684,110 @@
+@@ -1669,60 +1684,110 @@ kerb_authenticate_user(request_rec *r)
  #endif
         (strcasecmp(auth_type, "Basic") == 0))
         return DECLINED;
--
--   if ( (prevauth = already_succeeded(r, auth_line)) == NULL) {
--     ret = HTTP_UNAUTHORIZED;
 +   if ((prevauth = already_authorized(r, auth_line)) == NULL) {
 +      ret = HTTP_UNAUTHORIZED;
  
+-   if ( (prevauth = already_succeeded(r, auth_line)) == NULL) {
+-     ret = HTTP_UNAUTHORIZED;
+-
  #ifdef KRB5
     if (use_krb5 && conf->krb_method_gssapi &&
         strcasecmp(auth_type, MECH_NEGOTIATE) == 0) {
@@ -400,7 +400,8 @@
 +   type = ap_auth_type(r);
 +   auth_line = ap_pbase64encode (r->pool, apr_psprintf(r->pool, "%s:%s", user, password));
 +   auth_line = apr_psprintf(r->pool, "Basic %s", auth_line);
-+
+ 
+-   last_return = ret;
 +   ret = authenticate_user(r, auth_line, type, 1, 1);
 +   
 +   if (ret == OK) return AUTH_GRANTED;
@@ -448,8 +449,7 @@
 +	                                    ? "Proxy-Authorization"
 +					    : "Authorization");
 +   ret = authenticate_user(r, auth_line, type, use_krb4, use_krb5);
- 
--   last_return = ret;
++
     return ret;
  }
  
@@ -458,7 +458,7 @@
  have_rcache_type(const char *type)
  {
     krb5_error_code ret;
-@@ -1805,6 +1870,12 @@
+@@ -1805,6 +1870,12 @@ kerb_register_hooks(apr_pool_t *p)
  static void
  kerb_register_hooks(apr_pool_t *p)
  {
diff --git a/www/mod_auth_kerb2/pkg-plist b/www/mod_auth_kerb2/pkg-plist
index fb691e0a0509..49c9c63f0208 100644
--- a/www/mod_auth_kerb2/pkg-plist
+++ b/www/mod_auth_kerb2/pkg-plist
@@ -1,3 +1,3 @@
 %%APACHEMODDIR%%/%%AP_MODULE%%
-@exec %D/sbin/apxs -e -a -n %%AP_NAME%% %D/%F
-@unexec %D/sbin/apxs -e -A -n %%AP_NAME%% %D/%F
+@postexec %D/sbin/apxs -e -a -n %%AP_NAME%% %D/%F
+@postunexec %D/sbin/apxs -e -A -n %%AP_NAME%% %D/%F