rpms/mod_auth_kerb/devel mod_auth_kerb-5.1-fixes.patch, NONE, 1.1 mod_auth_kerb-5.1-krb15.patch, NONE, 1.1 mod_auth_kerb-5.0-cache.patch, 1.2, 1.3 mod_auth_kerb-5.0-exports.patch, 1.1, 1.2 mod_auth_kerb.spec, 1.14, 1.15 mod_auth_kerb-5.0-apr1x.patch, 1.1, NONE mod_auth_kerb-5.0-rc6-krb15.patch, 1.2, NONE mod_auth_kerb-5.0-rc6-krb5-1.5.patch, 1.1, NONE
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Sep 19 14:00:19 UTC 2006
Author: jorton
Update of /cvs/dist/rpms/mod_auth_kerb/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv16271
Modified Files:
mod_auth_kerb-5.0-cache.patch mod_auth_kerb-5.0-exports.patch
mod_auth_kerb.spec
Added Files:
mod_auth_kerb-5.1-fixes.patch mod_auth_kerb-5.1-krb15.patch
Removed Files:
mod_auth_kerb-5.0-apr1x.patch
mod_auth_kerb-5.0-rc6-krb15.patch
mod_auth_kerb-5.0-rc6-krb5-1.5.patch
Log Message:
* Tue Sep 19 2006 Joe Orton <jorton at redhat.com> 5.1-2
- update to 5.1
mod_auth_kerb-5.1-fixes.patch:
mod_auth_kerb.c | 38 +++++++-------------------------------
1 files changed, 7 insertions(+), 31 deletions(-)
--- NEW FILE mod_auth_kerb-5.1-fixes.patch ---
--- mod_auth_kerb-5.1/src/mod_auth_kerb.c.fixes
+++ mod_auth_kerb-5.1/src/mod_auth_kerb.c
@@ -440,7 +440,7 @@
return HTTP_INTERNAL_SERVER_ERROR;
}
- tkt_file_p = ap_pstrdup(r->pool, tkt_file);
+ tkt_file_p = apr_pstrdup(r->pool, tkt_file);
ap_register_cleanup(r->pool, tkt_file_p,
krb4_cache_cleanup, ap_null_cleanup);
@@ -486,7 +486,7 @@
goto end;
}
- user = ap_pstrdup(r->pool, sent_name);
+ user = apr_pstrdup(r->pool, sent_name);
if (sent_instance)
user = ap_pstrcat(r->pool, user, ".", sent_instance, NULL);
user = ap_pstrcat(r->pool, user, "@", realm, NULL);
@@ -1191,6 +1191,8 @@
#define NAMEKEY "mod_auth_kerb:client_name"
+typedef typeof(gss_accept_sec_context) gss_asc_t;
+
static int
authenticate_user_gss(request_rec *r, kerb_auth_config *conf,
const char *auth_line, char **negotiate_ret_value)
@@ -1202,11 +1204,7 @@
int ret;
gss_name_t client_name = GSS_C_NO_NAME;
gss_cred_id_t delegated_cred = GSS_C_NO_CREDENTIAL;
- OM_uint32 (KRB5_LIB_FUNCTION *accept_sec_token)
- (OM_uint32 *, gss_ctx_id_t *, const gss_cred_id_t,
- const gss_buffer_t, const gss_channel_bindings_t,
- gss_name_t *, gss_OID *, gss_buffer_t, OM_uint32 *,
- OM_uint32 *, gss_cred_id_t *);
+ gss_asc_t *accept_sec_token;
gss_OID_desc spnego_oid;
gss_ctx_id_t context = GSS_C_NO_CONTEXT;
gss_cred_id_t server_creds = GSS_C_NO_CREDENTIAL;
@@ -1519,28 +1517,6 @@
return ret;
}
-int
-have_rcache_type(const char *type)
-{
- krb5_error_code ret;
- krb5_context context;
- krb5_rcache id;
- int found;
-
- memset(&id, 0, sizeof(id));
-
- ret = krb5_init_context(&context);
- if (ret)
- return 0;
-
- ret = krb5_rc_resolve_type(context, &id, type);
- found = (ret == 0);
-
- krb5_free_context(context);
-
- return found;
-}
-
/***************************************************************************
Module Setup/Configuration
***************************************************************************/
@@ -1551,7 +1527,7 @@
#ifndef HEIMDAL
/* Suppress the MIT replay cache. Requires MIT Kerberos 1.4.0 or later.
1.3.x are covered by the hack overiding the replay calls */
- if (getenv("KRB5RCACHETYPE") == NULL && have_rcache_type("none"))
+ if (getenv("KRB5RCACHETYPE") == NULL)
putenv(strdup("KRB5RCACHETYPE=none"));
#endif
}
@@ -1592,7 +1568,7 @@
#ifndef HEIMDAL
/* Suppress the MIT replay cache. Requires MIT Kerberos 1.4.0 or later.
1.3.x are covered by the hack overiding the replay calls */
- if (getenv("KRB5RCACHETYPE") == NULL && have_rcache_type("none"))
+ if (getenv("KRB5RCACHETYPE") == NULL)
putenv(strdup("KRB5RCACHETYPE=none"));
#endif
mod_auth_kerb-5.1-krb15.patch:
mod_auth_kerb.c | 53 +----------------------------------------------------
1 files changed, 1 insertion(+), 52 deletions(-)
--- NEW FILE mod_auth_kerb-5.1-krb15.patch ---
--- mod_auth_kerb-5.1/src/mod_auth_kerb.c.krb15
+++ mod_auth_kerb-5.1/src/mod_auth_kerb.c
@@ -86,6 +86,7 @@
#endif
#include <unistd.h>
+#include <stdlib.h>
#ifdef KRB5
#include <krb5.h>
@@ -269,33 +270,6 @@
}
#endif
-#if defined(KRB5) && !defined(HEIMDAL)
-/* Needed to work around problems with replay caches */
-#include "mit-internals.h"
-
-/* This is our replacement krb5_rc_store function */
-static krb5_error_code KRB5_LIB_FUNCTION
-mod_auth_kerb_rc_store(krb5_context context, krb5_rcache rcache,
- krb5_donot_replay_internal *donot_replay)
-{
- return 0;
-}
-
-/* And this is the operations vector for our replay cache */
-const krb5_rc_ops_internal mod_auth_kerb_rc_ops = {
- 0,
- "dfl",
- krb5_rc_dfl_init,
- krb5_rc_dfl_recover,
- krb5_rc_dfl_destroy,
- krb5_rc_dfl_close,
- mod_auth_kerb_rc_store,
- krb5_rc_dfl_expunge,
- krb5_rc_dfl_get_span,
- krb5_rc_dfl_get_name,
- krb5_rc_dfl_resolve
-};
-#endif
/***************************************************************************
@@ -1193,31 +1167,6 @@
"gss_acquire_cred() failed"));
return HTTP_INTERNAL_SERVER_ERROR;
}
-
-#ifndef HEIMDAL
- /*
- * With MIT Kerberos 5 1.3.x the gss_cred_id_t is the same as
- * krb5_gss_cred_id_t and krb5_gss_cred_id_rec contains a pointer to
- * the replay cache.
- * This allows us to override the replay cache function vector with
- * our own one.
- * Note that this is a dirty hack to get things working and there may
- * well be unknown side-effects.
- */
- {
- krb5_gss_cred_id_t gss_creds = (krb5_gss_cred_id_t) *server_creds;
-
- /* First we try to verify we are linked with 1.3.x to prevent from
- crashing when linked with 1.4.x */
- if (gss_creds && (gss_creds->usage == GSS_C_ACCEPT)) {
- if (gss_creds->rcache && gss_creds->rcache->ops &&
- gss_creds->rcache->ops->type &&
- memcmp(gss_creds->rcache->ops->type, "dfl", 3) == 0)
- /* Override the rcache operations */
- gss_creds->rcache->ops = &mod_auth_kerb_rc_ops;
- }
- }
-#endif
return 0;
}
mod_auth_kerb-5.0-cache.patch:
mod_auth_kerb.c | 46 ++++++++++++++++++++++++++++++----------------
1 files changed, 30 insertions(+), 16 deletions(-)
Index: mod_auth_kerb-5.0-cache.patch
===================================================================
RCS file: /cvs/dist/rpms/mod_auth_kerb/devel/mod_auth_kerb-5.0-cache.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- mod_auth_kerb-5.0-cache.patch 10 May 2005 09:46:42 -0000 1.2
+++ mod_auth_kerb-5.0-cache.patch 19 Sep 2006 14:00:17 -0000 1.3
@@ -1,7 +1,7 @@
---- mod_auth_kerb-5.0-rc6/src/mod_auth_kerb.c.cache
-+++ mod_auth_kerb-5.0-rc6/src/mod_auth_kerb.c
-@@ -61,6 +61,8 @@
- #include <apr_base64.h>
+--- mod_auth_kerb-5.1/src/mod_auth_kerb.c.cache
++++ mod_auth_kerb-5.1/src/mod_auth_kerb.c
+@@ -85,6 +85,8 @@
+ #define snprintf _snprintf
#endif
+#include <unistd.h>
@@ -9,27 +9,7 @@
#ifdef KRB5
#include <krb5.h>
#ifdef HEIMDAL
-@@ -137,7 +139,7 @@
- int use_krb4, int use_krb5pwd, char *negotiate_ret_value);
-
- static const char*
--krb5_save_realms(cmd_parms *cmd, kerb_auth_config *sec, char *arg);
-+krb5_save_realms(cmd_parms *cmd, void *config, const char *arg);
-
- #ifdef STANDARD20_MODULE_STUFF
- #define command(name, func, var, type, usage) \
-@@ -247,8 +249,9 @@
- }
-
- static const char*
--krb5_save_realms(cmd_parms *cmd, kerb_auth_config *sec, char *arg)
-+krb5_save_realms(cmd_parms *cmd, void *config, const char *arg)
- {
-+ kerb_auth_config *sec = config;
- sec->krb_auth_realms= ap_pstrdup(cmd->pool, arg);
- return NULL;
- }
-@@ -1086,6 +1089,8 @@
+@@ -1238,6 +1240,8 @@
return memcmp(p, oid->elements, oid->length);
}
@@ -38,13 +18,10 @@
static int
authenticate_user_gss(request_rec *r, kerb_auth_config *conf,
const char *auth_line, char **negotiate_ret_value)
-@@ -1224,7 +1229,16 @@
- }
+@@ -1390,6 +1394,15 @@
+ MK_AUTH_TYPE = MECH_NEGOTIATE;
+ MK_USER = apr_pstrdup(r->pool, output_token.value);
- MK_AUTH_TYPE = "Negotiate";
-- MK_USER = ap_pstrdup(r->pool, output_token.value);
-+ MK_USER = ap_pstrdup(r->connection->pool, output_token.value);
-+
+#ifndef APXS1
+ {
+ apr_status_t rv;
@@ -53,10 +30,11 @@
+ "set cached name %s for connection", r->user);
+ }
+#endif
-
++
if (conf->krb_save_credentials && delegated_cred != GSS_C_NO_CREDENTIAL)
store_gss_creds(r, conf, (char *)output_token.value, delegated_cred);
-@@ -1256,17 +1270,6 @@
+
+@@ -1417,17 +1430,6 @@
}
#endif /* KRB5 */
@@ -65,7 +43,7 @@
-{
- if (ap_is_initial_req(r) || MK_AUTH_TYPE == NULL)
- return 0;
-- if (strcmp(MK_AUTH_TYPE, "Negotiate") ||
+- if (strcmp(MK_AUTH_TYPE, MECH_NEGOTIATE) ||
- (strcmp(MK_AUTH_TYPE, "Basic") && strchr(MK_USER, '@')))
- return 1;
- return 0;
@@ -74,7 +52,7 @@
static void
set_kerb_auth_headers(request_rec *r, const kerb_auth_config *conf,
int use_krb4, int use_krb5pwd, char *negotiate_ret_value)
-@@ -1313,7 +1316,6 @@
+@@ -1475,7 +1477,6 @@
const char *type = NULL;
int use_krb5 = 0, use_krb4 = 0;
int ret;
@@ -82,9 +60,9 @@
char *negotiate_ret_value = NULL;
/* get the type specified in .htaccess */
-@@ -1332,6 +1334,23 @@
- else
- return DECLINED;
+@@ -1504,6 +1505,23 @@
+ }
+ #endif
+#ifndef APXS1
+ if (use_krb5 && conf->krb_method_gssapi) {
@@ -96,7 +74,7 @@
+ name = data;
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ "using cached name %s", name);
-+ r->user = ap_pstrdup(r->pool, name);
++ r->user = apr_pstrdup(r->pool, name);
+ r->ap_auth_type = "Negotiate";
+ return OK;
+ }
@@ -106,7 +84,7 @@
/* get what the user sent us in the HTTP header */
auth_line = MK_TABLE_GET(r->headers_in, (r->proxyreq == PROXYREQ_PROXY)
? "Proxy-Authorization"
-@@ -1354,9 +1373,6 @@
+@@ -1526,9 +1544,6 @@
(strcasecmp(auth_type, "Basic") == 0))
return DECLINED;
@@ -116,7 +94,7 @@
ret = HTTP_UNAUTHORIZED;
#ifdef KRB5
-@@ -1380,7 +1396,6 @@
+@@ -1552,7 +1567,6 @@
/* XXX log_debug: if ret==OK, log(user XY authenticated) */
mod_auth_kerb-5.0-exports.patch:
Makefile.in | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
Index: mod_auth_kerb-5.0-exports.patch
===================================================================
RCS file: /cvs/dist/rpms/mod_auth_kerb/devel/mod_auth_kerb-5.0-exports.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- mod_auth_kerb-5.0-exports.patch 4 Mar 2005 11:00:57 -0000 1.1
+++ mod_auth_kerb-5.0-exports.patch 19 Sep 2006 14:00:17 -0000 1.2
@@ -1,6 +1,6 @@
---- mod_auth_kerb-5.0-rc4/Makefile.in.exports
-+++ mod_auth_kerb-5.0-rc4/Makefile.in
-@@ -7,7 +7,7 @@
+--- mod_auth_kerb-5.1/Makefile.in.exports
++++ mod_auth_kerb-5.1/Makefile.in
+@@ -7,11 +7,11 @@
SPNEGO_SRCS = @SPNEGO_SRCS@
CPPFLAGS = -I. -Ispnegokrb5 $(KRB5_CPPFLAGS) $(KRB4_CPPFLAGS) $(DEFS)
@@ -8,4 +8,10 @@
+LDFLAGS = $(KRB5_LDFLAGS) $(KRB4_LDFLAGS) $(LIB_resolv) -Wl,-export-symbols-regex -Wl,auth_kerb_module
CFLAGS =
+-APXS_CPPFLAGS = ${shell [ -n "${CPPFLAGS}" ] && echo ${CPPFLAGS} | sed -e 's/\([^ ]*\)/-Wc,\1/g'}
+-APXS_LDFLAGS = ${shell [ -n "${LDFLAGS}" ] && echo ${LDFLAGS} | sed -e 's/\([^ ]*\)/-Wl,\1/g'}
++APXS_CPPFLAGS = $(CPPFLAGS)
++APXS_LDFLAGS = $(LDFLAGS)
+
all: src/mod_auth_kerb.so
+
Index: mod_auth_kerb.spec
===================================================================
RCS file: /cvs/dist/rpms/mod_auth_kerb/devel/mod_auth_kerb.spec,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- mod_auth_kerb.spec 3 Aug 2006 09:40:04 -0000 1.14
+++ mod_auth_kerb.spec 19 Sep 2006 14:00:17 -0000 1.15
@@ -1,20 +1,18 @@
-%define subver rc6
-
Summary: Kerberos authentication module for HTTP
Name: mod_auth_kerb
-Version: 5.0
-Release: 10
+Version: 5.1
+Release: 2
License: Apache
Group: System Environment/Daemons
URL: http://modauthkerb.sourceforge.net/
-Source0: %{name}-%{version}-%{subver}.tar.gz
+Source0: %{name}-%{version}.tar.gz
Source1: auth_kerb.conf
Patch2: mod_auth_kerb-5.0-cache.patch
Patch4: mod_auth_kerb-5.0-gcc4.patch
Patch5: mod_auth_kerb-5.0-exports.patch
-Patch6: mod_auth_kerb-5.0-apr1x.patch
-Patch7: mod_auth_kerb-5.0-rc6-krb15.patch
+Patch7: mod_auth_kerb-5.1-krb15.patch
+Patch8: mod_auth_kerb-5.1-fixes.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
BuildRequires: httpd-devel, krb5-devel
Requires: httpd-mmn = %(cat %{_includedir}/httpd/.mmn || echo missing)
@@ -26,12 +24,12 @@
authentication based on ticket exchanges.
%prep
-%setup -q -n %{name}-%{version}-%{subver}
+%setup -q -n %{name}-%{version}
%patch2 -p1 -b .cache
%patch4 -p1 -b .gcc4
%patch5 -p1 -b .exports
-%patch6 -p1 -b .apr1x
%patch7 -p1 -b .krb15
+%patch8 -p1 -b .fixes
%build
%configure --without-krb4 --with-krb5=/usr/kerberos --with-apxs=/usr
@@ -56,6 +54,9 @@
%{_libdir}/httpd/modules/*.so
%changelog
+* Tue Sep 19 2006 Joe Orton <jorton at redhat.com> 5.1-2
+- update to 5.1
+
* Thu Aug 3 2006 Joe Orton <jorton at redhat.com> 5.0-10
- fix segfault at startup (#201145)
--- mod_auth_kerb-5.0-apr1x.patch DELETED ---
--- mod_auth_kerb-5.0-rc6-krb15.patch DELETED ---
--- mod_auth_kerb-5.0-rc6-krb5-1.5.patch DELETED ---
More information about the fedora-cvs-commits
mailing list