[gentoo-commits] repo/gentoo:master commit in: www-apache/mod_auth_kerb/, www-apache/mod_auth_kerb/files/
commit: b4c542201cff236f67aac6eaa0ca86863d34df80 Author: Sam James gentoo org> AuthorDate: Wed Dec 29 08:38:06 2021 + Commit: Sam James gentoo org> CommitDate: Wed Dec 29 08:38:06 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4c54220 www-apache/mod_auth_kerb: add Debian patch for krb5 ABI break Was using an internal API. Closes: https://bugs.gentoo.org/830208 Signed-off-by: Sam James gentoo.org> .../files/mod_auth_kerb-5.4-api-change-krb5.patch | 51 ++ .../mod_auth_kerb/mod_auth_kerb-5.4-r4.ebuild | 63 ++ 2 files changed, 114 insertions(+) diff --git a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-api-change-krb5.patch b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-api-change-krb5.patch new file mode 100644 index ..d0421a0eb6ea --- /dev/null +++ b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-api-change-krb5.patch @@ -0,0 +1,51 @@ +https://sources.debian.org/data/main/liba/libapache-mod-auth-kerb/5.4-2.5/debian/patches/0011-Always-use-NONE-replay-cache-type.patch +https://bugs.gentoo.org/830208 +--- a/src/mod_auth_kerb.c b/src/mod_auth_kerb.c +@@ -2061,28 +2061,6 @@ +return ret; + } + +-static int +-have_rcache_type(const char *type) +-{ +- krb5_error_code ret; +- krb5_context context; +- krb5_rcache id = NULL; +- int found; +- +- ret = krb5_init_context(); +- if (ret) +- return 0; +- +- ret = krb5_rc_resolve_full(context, , "none:"); +- found = (ret == 0); +- +- if (ret == 0) +- krb5_rc_destroy(context, id); +- krb5_free_context(context); +- +- return found; +-} +- + /*** + Module Setup/Configuration + ***/ +@@ -2143,7 +2121,7 @@ + #ifndef HEIMDAL +/* Suppress the MIT replay cache. Requires MIT Kerberos 1.4.0 or later. + 1.3.x are covered by the hack overiding the replay calls */ +- if (getenv("KRB5RCACHETYPE") == NULL && have_rcache_type("none")) ++ if (getenv("KRB5RCACHETYPE") == NULL) + putenv(strdup("KRB5RCACHETYPE=none")); + #endif + } +@@ -2185,7 +2163,7 @@ + #ifndef HEIMDAL +/* Suppress the MIT replay cache. Requires MIT Kerberos 1.4.0 or later. + 1.3.x are covered by the hack overiding the replay calls */ +- if (getenv("KRB5RCACHETYPE") == NULL && have_rcache_type("none")) ++ if (getenv("KRB5RCACHETYPE") == NULL) + putenv(strdup("KRB5RCACHETYPE=none")); + #endif + #ifdef STANDARD20_MODULE_STUFF diff --git a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r4.ebuild b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r4.ebuild new file mode 100644 index ..c8e1b13352e1 --- /dev/null +++ b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r4.ebuild @@ -0,0 +1,63 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit apache-module depend.apache tmpfiles + +DESCRIPTION="An Apache authentication module using Kerberos" +HOMEPAGE="http://modauthkerb.sourceforge.net/; +SRC_URI="mirror://sourceforge/project/modauthkerb/${PN}/${P}/${P}.tar.gz + https://dev.gentoo.org/~mgorny/dist/${P}-gentoo-patchset.tar.bz2; + +LICENSE="BSD openafs-krb5-a HPND" +SLOT="0" +KEYWORDS="~amd64 ~x86" + +DEPEND="virtual/krb5" +RDEPEND="${DEPEND}" + +APACHE2_MOD_CONF="11_${PN}" +APACHE2_MOD_DEFINE="AUTH_KERB" + +DOCFILES="INSTALL README" + +need_apache2 + +PATCHES=( + "${WORKDIR}/${P}-gentoo-patchset"/${P}-rcopshack.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-fixes.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-s4u2proxy.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-httpd24.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-delegation.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-cachedir.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-longuser.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-handle-continue.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-heimdal.patch + + # bug #830208 + "${FILESDIR}"/${P}-api-change-krb5.patch +) + +# Work around Bug #616612 +pkg_setup() { + _init_apache2 + _init_apache2_late +} + +src_configure() { + CFLAGS="" APXS="${APXS}" econf --with-krb5=/usr --without-krb4 +} + +src_compile() { + emake +} + +src_install() { + apache-module_src_install + dotmpfiles "${FILESDIR}/${PN}.conf" +} + +pkg_postinst() { + tmpfiles_process ${PN}.conf +}
[gentoo-commits] repo/gentoo:master commit in: www-apache/mod_auth_kerb/, www-apache/mod_auth_kerb/files/
commit: bbc26ed7549d91670a993e6208d98eebdc6c2ade Author: Michał Górny gentoo org> AuthorDate: Sun Oct 15 11:40:11 2017 + Commit: Michał Górny gentoo org> CommitDate: Sun Oct 15 12:35:55 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bbc26ed7 www-apache/mod_auth_kerb: Move patches to a dist tarball Closes: https://bugs.gentoo.org/620644 www-apache/mod_auth_kerb/Manifest | 1 + .../files/mod_auth_kerb-5.4-cachedir.patch | 15 - .../files/mod_auth_kerb-5.4-delegation.patch | 68 --- .../files/mod_auth_kerb-5.4-fixes.patch| 40 -- .../files/mod_auth_kerb-5.4-handle-continue.patch | 20 - .../files/mod_auth_kerb-5.4-heimdal.patch | 10 - .../files/mod_auth_kerb-5.4-httpd24.patch | 75 --- .../files/mod_auth_kerb-5.4-longuser.patch | 31 -- .../files/mod_auth_kerb-5.4-rcopshack.patch| 73 --- .../files/mod_auth_kerb-5.4-s4u2proxy.patch| 601 - .../mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild | 21 +- 11 files changed, 12 insertions(+), 943 deletions(-) diff --git a/www-apache/mod_auth_kerb/Manifest b/www-apache/mod_auth_kerb/Manifest index 2d942c7502e..772f8adc7b7 100644 --- a/www-apache/mod_auth_kerb/Manifest +++ b/www-apache/mod_auth_kerb/Manifest @@ -1 +1,2 @@ +DIST mod_auth_kerb-5.4-gentoo-patchset.tar.bz2 8717 SHA256 bc0445e337c88906bd254c26726ad3a1e45e613cf2058b402c944209550d9160 SHA512 3909c2677b30790cc17c0d8843feaa00d9acd14a012672443a887c0e88473d6b1572ba045e1491bcab53cbacff193c11cfe15e63ef1046cfcdf1f4ab60e0ac57 WHIRLPOOL 27bcb65e03d5148861a806f0bbb29550e8ab06145281fdf09064328be12a6c2242d46d3e69042be2b2ee6f17198acbdc3ec6c3709ea4341c08e4cc12fe1f4492 DIST mod_auth_kerb-5.4.tar.gz 93033 SHA256 690ddd66c6d941e2fa2dada46588329a6f57d0a3b9b2fd9bf055ebc427558265 SHA512 93fdf0e43af1c24e8c8204d09240b708747068ef99dd8d21b45cb4d132d31e6d582d49ea5e23b905f55cb0d4a20b1ecb58de1bcbfdad1d016e536fc622b63214 WHIRLPOOL 1b92217b7cf66d731a72cf9d58f188002ccadd75fc3d9075290347e6b4f151d3cff147fab73616951cbdb9430e8038adf5c4e204d374886bec3be69ff51c diff --git a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-cachedir.patch b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-cachedir.patch deleted file mode 100644 index ebc435824c4..000 --- a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-cachedir.patch +++ /dev/null @@ -1,15 +0,0 @@ - -Per https://bugzilla.redhat.com//show_bug.cgi?id=796430 -switch the cache dir to be relative to runtimedir. - mod_auth_kerb-5.4/src/mod_auth_kerb.c.cachedir -+++ mod_auth_kerb-5.4/src/mod_auth_kerb.c -@@ -891,7 +891,7 @@ create_krb5_ccache(krb5_context kcontext -int ret; -krb5_ccache tmp_ccache = NULL; - -- ccname = apr_psprintf(r->connection->pool, "FILE:%s/krb5cc_apache_XX", P_tmpdir); -+ ccname = apr_pstrdup(r->connection->pool, "FILE:/run/httpd/krbcache/krb5cc_apache_XX"); -fd = mkstemp(ccname + strlen("FILE:")); -if (fd < 0) { - log_rerror(APLOG_MARK, APLOG_ERR, 0, r, diff --git a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-delegation.patch b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-delegation.patch deleted file mode 100644 index a01e9f21e43..000 --- a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-delegation.patch +++ /dev/null @@ -1,68 +0,0 @@ - -https://bugzilla.redhat.com/show_bug.cgi?id=688210 - mod_auth_kerb-5.4/src/mod_auth_kerb.c.delegation -+++ mod_auth_kerb-5.4/src/mod_auth_kerb.c -@@ -209,6 +209,7 @@ typedef struct krb5_conn_data { - char *authline; - char *user; - char *mech; -+ char *ccname; - int last_return; - } krb5_conn_data; - -@@ -875,7 +876,7 @@ create_krb5_ccache(krb5_context kcontext -int ret; -krb5_ccache tmp_ccache = NULL; - -- ccname = apr_psprintf(r->pool, "FILE:%s/krb5cc_apache_XX", P_tmpdir); -+ ccname = apr_psprintf(r->connection->pool, "FILE:%s/krb5cc_apache_XX", P_tmpdir); -fd = mkstemp(ccname + strlen("FILE:")); -if (fd < 0) { - log_rerror(APLOG_MARK, APLOG_ERR, 0, r, -@@ -905,7 +906,7 @@ create_krb5_ccache(krb5_context kcontext -} - -apr_table_setn(r->subprocess_env, "KRB5CCNAME", ccname); -- apr_pool_cleanup_register(r->pool, ccname, krb5_cache_cleanup, -+ apr_pool_cleanup_register(r->connection->pool, ccname, krb5_cache_cleanup, -apr_pool_cleanup_null); - -*ccache = tmp_ccache; -@@ -1866,10 +1868,15 @@ already_succeeded(request_rec *r, char * -if (apr_pool_userdata_get((void**)_data, keyname, r->connection->pool) != 0) - return NULL; - -- if(conn_data) { -- if(strcmp(conn_data->authline, auth_line) == 0) { -- log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "matched previous auth request"); -- return conn_data; -+ if(conn_data && conn_data->ccname != NULL) { -+ apr_finfo_t finfo; -+ -+ if (apr_stat(, conn_data->ccname +
[gentoo-commits] repo/gentoo:master commit in: www-apache/mod_auth_kerb/, www-apache/mod_auth_kerb/files/
commit: 021b4128fab449a793151ee229d692b10ec248bf Author: Pacho Ramos gentoo org> AuthorDate: Sun Jun 4 18:30:07 2017 + Commit: Pacho Ramos gentoo org> CommitDate: Sun Jun 4 18:31:59 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=021b4128 www-apache/mod_auth_kerb: Fix building with heimdal (#327445) Package-Manager: Portage-2.3.6, Repoman-2.3.2 www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-heimdal.patch | 10 ++ www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild | 3 ++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-heimdal.patch b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-heimdal.patch new file mode 100644 index 000..a5d3d4ba62c --- /dev/null +++ b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-heimdal.patch @@ -0,0 +1,10 @@ +--- mod_auth_kerb-5.4/src/mod_auth_kerb.c 2010-10-04 16:21:22.169285716 +0200 mod_auth_kerb-5.4.new/src/mod_auth_kerb.c 2010-10-04 16:20:41.584250095 +0200 +@@ -89,6 +89,7 @@ + #include + #ifdef HEIMDAL + # include ++# include + #else + # include + # include diff --git a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild index 1b067a4769a..1d1b560367c 100644 --- a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild +++ b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2016 Gentoo Foundation +# Copyright 1999-2017 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 EAPI=5 @@ -32,6 +32,7 @@ PATCHES=( "${FILESDIR}"/${P}-cachedir.patch "${FILESDIR}"/${P}-longuser.patch "${FILESDIR}"/${P}-handle-continue.patch + "${FILESDIR}"/${P}-heimdal.patch ) src_prepare() {
[gentoo-commits] repo/gentoo:master commit in: www-apache/mod_auth_kerb/, www-apache/mod_auth_kerb/files/
commit: d429134c9c62729169a429f95704bb3882a96ffc Author: Pacho Ramos gentoo org> AuthorDate: Thu Aug 18 16:55:53 2016 + Commit: Pacho Ramos gentoo org> CommitDate: Thu Aug 18 16:56:42 2016 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d429134c www-apache/mod_auth_kerb: Properly provide and apply Fedora patches (#327445) Package-Manager: portage-2.3.0 .../files/mod_auth_kerb-5.4-s4u2proxy-r3.patch | 603 - .../files/mod_auth_kerb-5.4-s4u2proxy.patch| 46 +- .../mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild | 22 +- 3 files changed, 41 insertions(+), 630 deletions(-) diff --git a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-s4u2proxy-r3.patch b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-s4u2proxy-r3.patch deleted file mode 100644 index efc183a..000 --- a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-s4u2proxy-r3.patch +++ /dev/null @@ -1,603 +0,0 @@ - -Add S4U2Proxy feature: - -https://sourceforge.net/mailarchive/forum.php?thread_name=4EE665D1.3000308%40redhat.com_name=modauthkerb-help - -The attached patches add support for using s4u2proxy -(http://k5wiki.kerberos.org/wiki/Projects/Services4User) to allow the -web service to obtain credentials on behalf of the authenticated user. - -The first patch adds basic support for s4u2proxy. This requires the web -administrator to manually create and manage the credentails cache for -the apache user (via a cron job, for example). - -The second patch builds on this and makes mod_auth_kerb manage the -ccache instead. - -These are patches against the current CVS HEAD (mod_auth_krb 5.4). - -I've added a new module option to enable this support, -KrbConstrainedDelegation. The default is off. - mod_auth_kerb-5.4.orig/README 2008-11-26 11:51:05.0 -0500 -+++ mod_auth_kerb-5.4/README 2012-01-04 11:17:22.0 -0500 -@@ -122,4 +122,16 @@ KrbSaveCredentials, the tickets will be - credential cache that will be available for the request handler. The ticket - file will be removed after request is handled. - -+Constrained Delegation -+-- -+S4U2Proxy, or constrained delegation, enables a service to use a client's -+ticket to itself to request another ticket for delegation. The KDC -+checks krbAllowedToDelegateTo to decide if it will issue a new ticket. -+If KrbConstrainedDelegation is enabled the server will use its own credentials -+to retrieve a delegated ticket for the user. For this to work the user must -+have a forwardable ticket (though the delegation flag need not be set). -+The server needs a valid credentials cache for this to work. -+ -+The module itself will obtain and manage the necessary credentials. -+ - $Id: README,v 1.12 2008/09/17 14:01:55 baalberith Exp $ -diff -up --recursive mod_auth_kerb-5.4.orig/src/mod_auth_kerb.c mod_auth_kerb-5.4/src/mod_auth_kerb.c mod_auth_kerb-5.4.orig/src/mod_auth_kerb.c 2011-12-09 17:55:05.0 -0500 -+++ mod_auth_kerb-5.4/src/mod_auth_kerb.c 2012-03-01 14:19:40.0 -0500 -@@ -42,6 +42,31 @@ - * POSSIBILITY OF SUCH DAMAGE. - */ - -+/* -+ * Locking mechanism inspired by mod_rewrite. -+ * -+ * Licensed to the Apache Software Foundation (ASF) under one or more -+ * contributor license agreements. See the NOTICE file distributed with -+ * this work for additional information regarding copyright ownership. -+ * The ASF licenses this file to You under the Apache License, Version 2.0 -+ * (the "License"); you may not use this file except in compliance with -+ * the License. You may obtain a copy of the License at -+ * -+ * http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * Unless required by applicable law or agreed to in writing, software -+ * distributed under the License is distributed on an "AS IS" BASIS, -+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+ * See the License for the specific language governing permissions and -+ * limitations under the License. -+ */ -+ -+/* -+ * S4U2Proxy code -+ * -+ * Copyright (C) 2012 Red Hat -+ */ -+ - #ident "$Id: mod_auth_kerb.c,v 1.150 2008/12/04 10:14:03 baalberith Exp $" - - #include "config.h" -@@ -49,6 +74,7 @@ - #include - #include - #include -+#include - - #define MODAUTHKERB_VERSION "5.4" - -@@ -122,6 +148,12 @@ - module auth_kerb_module; - #endif - -+#ifdef STANDARD20_MODULE_STUFF -+/* s4u2proxy only supported in 2.0+ */ -+static const char *lockname; -+static apr_global_mutex_t *s4u2proxy_lock = NULL; -+#endif -+ - /*** - Macros To Ease Compatibility - ***/ -@@ -156,6 +188,7 @@ - int krb_method_gssapi; - int krb_method_k5pass; - int krb5_do_auth_to_local; -+ int krb5_s4u2proxy; - #endif - #ifdef KRB4 - char *krb_4_srvtab; -@@ -176,6 +209,11 @@ - - static const char* -