[CVS] OpenPKG: openpkg-src/apache-kerberos/ apache-kerberos.patch apac...

Fri, 19 Dec 2008 00:12:34 -0800 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /v/openpkg/cvs                   Email:  [email protected]
  Module: openpkg-src                      Date:   19-Dec-2008 09:13:46
  Branch: HEAD                             Handle: 2008121908134600

  Modified files:
    openpkg-src/apache-kerberos
                            apache-kerberos.patch apache-kerberos.spec

  Log:
    upgrading package: apache-kerberos 5.3 -> 5.4

  Summary:
    Revision    Changes     Path
    1.4         +1  -125    openpkg-src/apache-kerberos/apache-kerberos.patch
    1.6         +2  -2      openpkg-src/apache-kerberos/apache-kerberos.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/apache-kerberos/apache-kerberos.patch
  ============================================================================
  $ cvs diff -u -r1.3 -r1.4 apache-kerberos.patch
  --- openpkg-src/apache-kerberos/apache-kerberos.patch 17 Dec 2008 12:15:06 
-0000      1.3
  +++ openpkg-src/apache-kerberos/apache-kerberos.patch 19 Dec 2008 08:13:46 
-0000      1.4
  @@ -46,7 +46,7 @@
   --- spnegokrb5/der_put.c.orig        2003-09-05 10:54:08 +0200
   +++ spnegokrb5/der_put.c     2007-12-22 14:24:51 +0100
   @@ -37,6 +37,16 @@
  - RCSID("$Id: apache-kerberos.patch,v 1.3 2008/12/17 12:15:06 rse Exp $");
  + RCSID("$Id: apache-kerberos.patch,v 1.4 2008/12/19 08:13:46 rse Exp $");
    #endif
    
   +#include "config.h"
  @@ -62,127 +62,3 @@
    /*
     * All encoding functions take a pointer `p' to first position in
     * which to write, from the right, `len' which means the maximum
  ---- src/mod_auth_kerb.c.orig 2006-11-22 11:32:58.000000000 +0100
  -+++ src/mod_auth_kerb.c      2008-12-16 19:26:27.000000000 +0100
  -@@ -165,6 +165,7 @@
  -     char *krb_5_keytab;
  -     int krb_method_gssapi;
  -     int krb_method_k5pass;
  -+    int krb5_auth_to_local;
  - #endif
  - #ifdef KRB4
  -     char *krb_4_srvtab;
  -@@ -227,6 +228,9 @@
  - 
  -    command("KrbMethodK5Passwd", ap_set_flag_slot, krb_method_k5pass,
  -      FLAG, "Enable Kerberos V5 password authentication."),
  -+
  -+   command("Krb5AuthToLocal", ap_set_flag_slot, krb5_auth_to_local,
  -+     FLAG, "Enable Kerberos V5 auth_to_local mapping."),
  - #endif 
  - 
  - #ifdef KRB4
  -@@ -322,6 +326,7 @@
  - #ifdef KRB5
  -     ((kerb_auth_config *)rec)->krb_method_k5pass = 1;
  -     ((kerb_auth_config *)rec)->krb_method_gssapi = 1;
  -+    ((kerb_auth_config *)rec)->krb5_auth_to_local = 0;
  - #endif
  - #ifdef KRB4
  -     ((kerb_auth_config *)rec)->krb_method_k4pass = 1;
  -@@ -746,6 +751,79 @@
  - }
  - 
  - static int
  -+do_krb5_an_to_ln(request_rec *r, const kerb_auth_config *conf, MK_POOL *p)
  -+{
  -+    const int lname_size = 1024;
  -+
  -+    krb5_context kcontext;
  -+    krb5_principal princ;
  -+    krb5_error_code code;
  -+    char lname[lname_size];
  -+    int ret;
  -+
  -+    if (!conf->krb5_auth_to_local) {
  -+            return OK;
  -+    }
  -+
  -+    ret = HTTP_INTERNAL_SERVER_ERROR;
  -+
  -+    code = krb5_init_context(&kcontext);
  -+    if (code) {
  -+            log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
  -+                    "Cannot initialize Kerberos5 context (%d)", code);
  -+            return HTTP_INTERNAL_SERVER_ERROR;
  -+    }
  -+
  -+    code = krb5_parse_name(kcontext, MK_USER, &princ);
  -+    if (code) {
  -+            log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
  -+                    "krb5_parse_name() failed for name %s: %s",
  -+                    MK_USER,
  -+                    krb5_get_err_text(kcontext, code));
  -+            krb5_free_context(kcontext);
  -+            return HTTP_INTERNAL_SERVER_ERROR;
  -+    }
  -+
  -+    code = krb5_aname_to_localname(kcontext, princ, sizeof(lname), lname);
  -+    if (code) {
  -+            if (code != KRB5_LNAME_NOTRANS) {
  -+                            log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
  -+                               "krb5_aname_to_localname() failed: %s",
  -+                               krb5_get_err_text(kcontext, code));
  -+                    /* fall through */
  -+            }
  -+            else {
  -+                            log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r,
  -+                               "krb5_aname_to_localname() found no "
  -+                               "mapping for principal %s",
  -+                               MK_USER);
  -+                    /* fall through */
  -+            }
  -+    }
  -+    else {
  -+            /* Does this belong in an authz handler? */
  -+            if (!krb5_kuserok(kcontext, princ, lname)) {
  -+                            log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r,
  -+                               "krb5_kuserok(%s, %s) == false",
  -+                               MK_USER, lname);
  -+                    ret = HTTP_UNAUTHORIZED;
  -+            }
  -+            else {
  -+                    log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r,
  -+                       "doing auth_to_local: %s -> %s",
  -+                       MK_USER, lname);
  -+                    MK_USER = apr_pstrdup(p, lname);
  -+                    ret = OK;
  -+            }
  -+    }
  -+    krb5_free_principal(kcontext, princ);
  -+    krb5_free_context(kcontext);
  -+
  -+    return ret;
  -+}
  -+
  -+
  -+static int
  - krb5_cache_cleanup(void *data)
  - {
  -    krb5_context context;
  -@@ -1536,9 +1614,15 @@
  -    if (use_krb5 && conf->krb_method_gssapi &&
  -        strcasecmp(auth_type, MECH_NEGOTIATE) == 0) {
  -       ret = authenticate_user_gss(r, conf, auth_line, &negotiate_ret_value);
  -+    if (ret == OK) {
  -+                    ret = do_krb5_an_to_ln(r, conf, r->connection->pool);
  -+        }
  -    } else if (use_krb5 && conf->krb_method_k5pass &&
  -           strcasecmp(auth_type, "Basic") == 0) {
  -        ret = authenticate_user_krb5pwd(r, conf, auth_line);
  -+    if (ret == OK) {
  -+                    ret = do_krb5_an_to_ln(r, conf, r->pool);
  -+    }
  -    }
  - #endif
  - 
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/apache-kerberos/apache-kerberos.spec
  ============================================================================
  $ cvs diff -u -r1.5 -r1.6 apache-kerberos.spec
  --- openpkg-src/apache-kerberos/apache-kerberos.spec  17 Dec 2008 12:15:06 
-0000      1.5
  +++ openpkg-src/apache-kerberos/apache-kerberos.spec  19 Dec 2008 08:13:46 
-0000      1.6
  @@ -31,8 +31,8 @@
   Class:        EVAL
   Group:        Web
   License:      Open Source
  -Version:      5.3
  -Release:      20081217
  +Version:      5.4
  +Release:      20081219
   
   #   list of sources
   Source0:      
http://switch.dl.sourceforge.net/modauthkerb/mod_auth_kerb-%{version}.tar.gz
  @@ .
______________________________________________________________________
OpenPKG                                             http://openpkg.org
CVS Repository Commit List                     [email protected]

Reply via email to