mirror of
https://git.freebsd.org/ports.git
synced 2025-04-28 09:36:41 -04:00
www/mod_auth_kerb2: Refactor
- Replace @exec with @postexec/@postunexec - Replace PORTVERSION with DISTVERSION - Pet portclippy - Refresh patches
This commit is contained in:
Muhammad Moinur Rahman
parent
713838842f
commit
da3985ecfc
5 changed files with 44 additions and 41 deletions
|
|
@ -1,6 +1,6 @@
|
|||
PORTNAME= mod_auth_kerb
|
||||
PORTVERSION= 5.4
|
||||
PORTREVISION= 8
|
||||
DISTVERSION= 5.4
|
||||
PORTREVISION= 9
|
||||
CATEGORIES= www
|
||||
MASTER_SITES= SF/modauthkerb/${PORTNAME}/${PORTNAME}-${PORTVERSION}
|
||||
PKGNAMEPREFIX= ${APACHE_PKGNAMEPREFIX}
|
||||
|
|
@ -12,22 +12,25 @@ WWW= https://modauthkerb.sourceforge.net/
|
|||
|
||||
LICENSE= MIT BSD3CLAUSE
|
||||
LICENSE_COMB= multi
|
||||
LICENSE_FILE_MIT= ${WRKSRC}/LICENSE
|
||||
LICENSE_FILE_BSD3CLAUSE= ${WRKSRC}/LICENSE
|
||||
|
||||
PORTSCOUT= limit:^5.4
|
||||
LICENSE_FILE_MIT= ${WRKSRC}/LICENSE
|
||||
|
||||
USES= apache
|
||||
|
||||
GNU_CONFIGURE= yes
|
||||
CONFIGURE_ARGS= -with-krb5=${GSSAPIBASEDIR} --without-krb4
|
||||
|
||||
OPTIONS_SINGLE= GSSAPI
|
||||
PORTSCOUT= limit:^5.4
|
||||
|
||||
OPTIONS_DEFAULT= GSSAPI_BASE
|
||||
OPTIONS_SINGLE= GSSAPI
|
||||
OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT
|
||||
|
||||
GSSAPI_BASE_DESC= Use Base version of GSS API
|
||||
GSSAPI_DESC= Use Base version of GSS API
|
||||
GSSAPI_HEIMDAL_DESC= Use Heimdal implementation of GSS API
|
||||
GSSAPI_MIT_DESC= Use MIT implementation of GSS API
|
||||
GSSAPI_DESC= Use Base version of GSS API
|
||||
|
||||
GSSAPI_BASE_USES= gssapi
|
||||
GSSAPI_HEIMDAL_USES= gssapi:heimdal
|
||||
GSSAPI_MIT_USES= gssapi:mit
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
--- Makefile.in.orig 2008-12-02 23:07:10.000000000 +0900
|
||||
+++ Makefile.in 2014-11-22 19:29:08.000000000 +0900
|
||||
@@ -16,7 +16,9 @@
|
||||
--- Makefile.in.orig 2008-12-02 14:07:10 UTC
|
||||
+++ Makefile.in
|
||||
@@ -16,7 +16,9 @@ install:
|
||||
./apxs.sh "${CPPFLAGS}" "${LDFLAGS}" "${SPNEGO_SRCS}" "${APXS}" "-c" "src/mod_auth_kerb.c"
|
||||
|
||||
install:
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
--- spnegokrb5/spnegokrb5_locl.h.orig 2008-01-27 20:59:03.000000000 +0000
|
||||
+++ spnegokrb5/spnegokrb5_locl.h 2008-01-27 20:59:19.000000000 +0000
|
||||
--- spnegokrb5/spnegokrb5_locl.h.orig 2008-11-26 16:51:05 UTC
|
||||
+++ spnegokrb5/spnegokrb5_locl.h
|
||||
@@ -1,6 +1,7 @@
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
|
|
|
|||
|
|
@ -6,8 +6,8 @@
|
|||
# Patch to fix a bug in KrbSaveCredentials:
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=688210
|
||||
#
|
||||
--- src/mod_auth_kerb.c.orig 2008-12-04 19:14:03.000000000 +0900
|
||||
+++ src/mod_auth_kerb.c 2014-11-22 19:34:12.000000000 +0900
|
||||
--- src/mod_auth_kerb.c.orig 2008-12-04 10:14:03 UTC
|
||||
+++ src/mod_auth_kerb.c
|
||||
@@ -11,6 +11,12 @@
|
||||
*/
|
||||
|
||||
|
|
@ -64,7 +64,7 @@
|
|||
module AP_MODULE_DECLARE_DATA auth_kerb_module;
|
||||
#else
|
||||
module auth_kerb_module;
|
||||
@@ -176,6 +191,7 @@
|
||||
@@ -176,6 +191,7 @@ typedef struct krb5_conn_data {
|
||||
char *authline;
|
||||
char *user;
|
||||
char *mech;
|
||||
|
|
@ -72,7 +72,7 @@
|
|||
int last_return;
|
||||
} krb5_conn_data;
|
||||
|
||||
@@ -298,7 +314,7 @@
|
||||
@@ -298,7 +314,7 @@ mod_auth_kerb_rc_store(krb5_context context, krb5_rcac
|
||||
}
|
||||
|
||||
/* And this is the operations vector for our replay cache */
|
||||
|
|
@ -81,7 +81,7 @@
|
|||
0,
|
||||
"dfl",
|
||||
krb5_rc_dfl_init,
|
||||
@@ -329,7 +345,7 @@
|
||||
@@ -329,7 +345,7 @@ static void *kerb_dir_create_config(MK_POOL *p, char *
|
||||
((kerb_auth_config *)rec)->krb_ssl_preauthentication = 0;
|
||||
#endif
|
||||
#ifdef KRB5
|
||||
|
|
@ -90,23 +90,23 @@
|
|||
((kerb_auth_config *)rec)->krb_method_k5pass = 1;
|
||||
((kerb_auth_config *)rec)->krb_method_gssapi = 1;
|
||||
#endif
|
||||
@@ -347,9 +363,15 @@
|
||||
@@ -347,9 +363,15 @@ krb5_save_realms(cmd_parms *cmd, void *vsec, const cha
|
||||
return NULL;
|
||||
}
|
||||
|
||||
+#ifdef APLOG_USE_MODULE
|
||||
+static void
|
||||
static void
|
||||
+log_rerror(const char *file, int line, int module_index, int level, int status,
|
||||
+ const request_rec *r, const char *fmt, ...)
|
||||
+#else
|
||||
static void
|
||||
+static void
|
||||
log_rerror(const char *file, int line, int level, int status,
|
||||
const request_rec *r, const char *fmt, ...)
|
||||
+#endif
|
||||
{
|
||||
char errstr[1024];
|
||||
va_list ap;
|
||||
@@ -359,7 +381,9 @@
|
||||
@@ -359,7 +381,9 @@ log_rerror(const char *file, int line, int level, int
|
||||
va_end(ap);
|
||||
|
||||
|
||||
|
|
@ -117,7 +117,7 @@
|
|||
ap_log_rerror(file, line, level | APLOG_NOERRNO, status, r, "%s", errstr);
|
||||
#else
|
||||
ap_log_rerror(file, line, level | APLOG_NOERRNO, r, "%s", errstr);
|
||||
@@ -527,7 +551,7 @@
|
||||
@@ -527,7 +551,7 @@ authenticate_user_krb4pwd(request_rec *r,
|
||||
user = apr_pstrcat(r->pool, user, "@", realm, NULL);
|
||||
|
||||
MK_USER = user;
|
||||
|
|
@ -126,7 +126,7 @@
|
|||
apr_table_setn(r->subprocess_env, "KRBTKFILE", tkt_file_p);
|
||||
|
||||
if (!conf->krb_save_credentials)
|
||||
@@ -677,7 +701,8 @@
|
||||
@@ -677,7 +701,8 @@ verify_krb5_user(request_rec *r, krb5_context context,
|
||||
static krb5_error_code
|
||||
verify_krb5_user(request_rec *r, krb5_context context, krb5_principal principal,
|
||||
const char *password, krb5_principal server,
|
||||
|
|
@ -136,7 +136,7 @@
|
|||
{
|
||||
krb5_creds creds;
|
||||
krb5_get_init_creds_opt options;
|
||||
@@ -869,8 +894,8 @@
|
||||
@@ -869,8 +894,8 @@ create_krb5_ccache(krb5_context kcontext,
|
||||
}
|
||||
|
||||
apr_table_setn(r->subprocess_env, "KRB5CCNAME", ccname);
|
||||
|
|
@ -147,7 +147,7 @@
|
|||
|
||||
*ccache = tmp_ccache;
|
||||
tmp_ccache = NULL;
|
||||
@@ -926,7 +951,6 @@
|
||||
@@ -926,7 +951,6 @@ store_krb5_creds(krb5_context kcontext,
|
||||
return OK;
|
||||
}
|
||||
|
||||
|
|
@ -155,7 +155,7 @@
|
|||
static int
|
||||
authenticate_user_krb5pwd(request_rec *r,
|
||||
kerb_auth_config *conf,
|
||||
@@ -1061,7 +1085,7 @@
|
||||
@@ -1061,7 +1085,7 @@ authenticate_user_krb5pwd(request_rec *r,
|
||||
goto end;
|
||||
}
|
||||
MK_USER = apr_pstrdup (r->pool, name);
|
||||
|
|
@ -164,7 +164,7 @@
|
|||
free(name);
|
||||
|
||||
if (conf->krb_save_credentials)
|
||||
@@ -1280,6 +1304,7 @@
|
||||
@@ -1280,6 +1304,7 @@ get_gss_creds(request_rec *r,
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
@ -172,7 +172,7 @@
|
|||
static int
|
||||
cmp_gss_type(gss_buffer_t token, gss_OID oid)
|
||||
{
|
||||
@@ -1306,6 +1331,7 @@
|
||||
@@ -1306,6 +1331,7 @@ cmp_gss_type(gss_buffer_t token, gss_OID oid)
|
||||
|
||||
return memcmp(p, oid->elements, oid->length);
|
||||
}
|
||||
|
|
@ -180,7 +180,7 @@
|
|||
|
||||
static int
|
||||
authenticate_user_gss(request_rec *r, kerb_auth_config *conf,
|
||||
@@ -1438,15 +1464,15 @@
|
||||
@@ -1438,15 +1464,15 @@ authenticate_user_gss(request_rec *r, kerb_auth_config
|
||||
goto end;
|
||||
}
|
||||
|
||||
|
|
@ -201,7 +201,7 @@
|
|||
|
||||
major_status = gss_display_name(&minor_status, client_name, &output_token, NULL);
|
||||
gss_release_name(&minor_status, &client_name);
|
||||
@@ -1549,28 +1575,52 @@
|
||||
@@ -1549,28 +1575,52 @@ static krb5_conn_data *
|
||||
#endif /* KRB5 */
|
||||
|
||||
static krb5_conn_data *
|
||||
|
|
@ -261,7 +261,7 @@
|
|||
set_kerb_auth_headers(request_rec *r, const kerb_auth_config *conf,
|
||||
int use_krb4, int use_krb5pwd, char *negotiate_ret_value)
|
||||
{
|
||||
@@ -1607,51 +1657,16 @@
|
||||
@@ -1607,51 +1657,16 @@ static int
|
||||
}
|
||||
|
||||
static int
|
||||
|
|
@ -320,16 +320,16 @@
|
|||
if (!auth_line) {
|
||||
set_kerb_auth_headers(r, conf, use_krb4, use_krb5,
|
||||
(use_krb5) ? "\0" : NULL);
|
||||
@@ -1669,60 +1684,110 @@
|
||||
@@ -1669,60 +1684,110 @@ kerb_authenticate_user(request_rec *r)
|
||||
#endif
|
||||
(strcasecmp(auth_type, "Basic") == 0))
|
||||
return DECLINED;
|
||||
-
|
||||
- if ( (prevauth = already_succeeded(r, auth_line)) == NULL) {
|
||||
- ret = HTTP_UNAUTHORIZED;
|
||||
+ if ((prevauth = already_authorized(r, auth_line)) == NULL) {
|
||||
+ ret = HTTP_UNAUTHORIZED;
|
||||
|
||||
- if ( (prevauth = already_succeeded(r, auth_line)) == NULL) {
|
||||
- ret = HTTP_UNAUTHORIZED;
|
||||
-
|
||||
#ifdef KRB5
|
||||
if (use_krb5 && conf->krb_method_gssapi &&
|
||||
strcasecmp(auth_type, MECH_NEGOTIATE) == 0) {
|
||||
|
|
@ -400,7 +400,8 @@
|
|||
+ type = ap_auth_type(r);
|
||||
+ auth_line = ap_pbase64encode (r->pool, apr_psprintf(r->pool, "%s:%s", user, password));
|
||||
+ auth_line = apr_psprintf(r->pool, "Basic %s", auth_line);
|
||||
+
|
||||
|
||||
- last_return = ret;
|
||||
+ ret = authenticate_user(r, auth_line, type, 1, 1);
|
||||
+
|
||||
+ if (ret == OK) return AUTH_GRANTED;
|
||||
|
|
@ -448,8 +449,7 @@
|
|||
+ ? "Proxy-Authorization"
|
||||
+ : "Authorization");
|
||||
+ ret = authenticate_user(r, auth_line, type, use_krb4, use_krb5);
|
||||
|
||||
- last_return = ret;
|
||||
+
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
|
@ -458,7 +458,7 @@
|
|||
have_rcache_type(const char *type)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
@@ -1805,6 +1870,12 @@
|
||||
@@ -1805,6 +1870,12 @@ kerb_register_hooks(apr_pool_t *p)
|
||||
static void
|
||||
kerb_register_hooks(apr_pool_t *p)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
%%APACHEMODDIR%%/%%AP_MODULE%%
|
||||
@exec %D/sbin/apxs -e -a -n %%AP_NAME%% %D/%F
|
||||
@unexec %D/sbin/apxs -e -A -n %%AP_NAME%% %D/%F
|
||||
@postexec %D/sbin/apxs -e -a -n %%AP_NAME%% %D/%F
|
||||
@postunexec %D/sbin/apxs -e -A -n %%AP_NAME%% %D/%F
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue