rpms/mod_auth_kerb/devel mod_auth_kerb-5.0-cache.patch, 1.1, 1.2 mod_auth_kerb.spec, 1.5, 1.6 mod_auth_kerb-5.0-cleanup.patch, 1.1, NONE mod_auth_kerb-5.0-mutual.patch, 1.1, NONE mod_auth_kerb-5.0-replay.patch, 1.1, NONE
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue May 10 09:46:45 UTC 2005
Author: jorton
Update of /cvs/dist/rpms/mod_auth_kerb/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv2547
Modified Files:
mod_auth_kerb-5.0-cache.patch mod_auth_kerb.spec
Removed Files:
mod_auth_kerb-5.0-cleanup.patch mod_auth_kerb-5.0-mutual.patch
mod_auth_kerb-5.0-replay.patch
Log Message:
* Tue May 10 2005 Joe Orton <jorton at redhat.com> 5.0-6
- update to 5.0rc6
- don't force CC=gcc4
mod_auth_kerb-5.0-cache.patch:
mod_auth_kerb.c | 53 ++++++++++++++++++++++++++++++++++-------------------
1 files changed, 34 insertions(+), 19 deletions(-)
Index: mod_auth_kerb-5.0-cache.patch
===================================================================
RCS file: /cvs/dist/rpms/mod_auth_kerb/devel/mod_auth_kerb-5.0-cache.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- mod_auth_kerb-5.0-cache.patch 9 Sep 2004 08:36:08 -0000 1.1
+++ mod_auth_kerb-5.0-cache.patch 10 May 2005 09:46:42 -0000 1.2
@@ -1,39 +1,35 @@
---- mod_auth_kerb-5.0-rc4/src/mod_auth_kerb.c.cache
-+++ mod_auth_kerb-5.0-rc4/src/mod_auth_kerb.c
-@@ -77,6 +77,7 @@
- #ifndef APXS1
- #include "ap_compat.h"
- #include "apr_strings.h"
-+#include "apr_base64.h"
+--- mod_auth_kerb-5.0-rc6/src/mod_auth_kerb.c.cache
++++ mod_auth_kerb-5.0-rc6/src/mod_auth_kerb.c
+@@ -61,6 +61,8 @@
+ #include <apr_base64.h>
#endif
- #include "httpd.h"
- #include "http_config.h"
-@@ -85,6 +86,8 @@
- #include "http_protocol.h"
- #include "http_request.h"
+#include <unistd.h>
+
#ifdef KRB5
#include <krb5.h>
#ifdef HEIMDAL
-@@ -914,7 +917,6 @@
- gss_name_t server_name = GSS_C_NO_NAME;
- char buf[1024];
-
--#if 0
- /* Don't specify service name. This makes MIT 1.3 not to use replay caches,
- * which causes large problems with the Microsoft krb5 implementation. MS
- * obviously uses a format of the krb5 authenticator that is considered by
-@@ -936,7 +938,6 @@
- "gss_import_name() failed"));
- return HTTP_INTERNAL_SERVER_ERROR;
- }
--#endif
-
- major_status = gss_acquire_cred(&minor_status, server_name, GSS_C_INDEFINITE,
- GSS_C_NO_OID_SET, GSS_C_ACCEPT,
-@@ -979,6 +980,8 @@
+@@ -137,7 +139,7 @@
+ int use_krb4, int use_krb5pwd, char *negotiate_ret_value);
+
+ static const char*
+-krb5_save_realms(cmd_parms *cmd, kerb_auth_config *sec, char *arg);
++krb5_save_realms(cmd_parms *cmd, void *config, const char *arg);
+
+ #ifdef STANDARD20_MODULE_STUFF
+ #define command(name, func, var, type, usage) \
+@@ -247,8 +249,9 @@
+ }
+
+ static const char*
+-krb5_save_realms(cmd_parms *cmd, kerb_auth_config *sec, char *arg)
++krb5_save_realms(cmd_parms *cmd, void *config, const char *arg)
+ {
++ kerb_auth_config *sec = config;
+ sec->krb_auth_realms= ap_pstrdup(cmd->pool, arg);
+ return NULL;
+ }
+@@ -1086,6 +1089,8 @@
return memcmp(p, oid->elements, oid->length);
}
@@ -42,7 +38,7 @@
static int
authenticate_user_gss(request_rec *r, kerb_auth_config *conf,
const char *auth_line, char **negotiate_ret_value)
-@@ -1111,7 +1114,16 @@
+@@ -1224,7 +1229,16 @@
}
MK_AUTH_TYPE = "Negotiate";
@@ -60,16 +56,33 @@
if (conf->krb_save_credentials && delegated_cred != GSS_C_NO_CREDENTIAL)
store_gss_creds(r, conf, (char *)output_token.value, delegated_cred);
-@@ -1159,7 +1171,7 @@
- if (use_krb5 && conf->krb_method_gssapi && negotiate_ret_value != NULL &&
- *negotiate_ret_value != '\0') {
- negoauth_param = ap_pstrcat(r->pool, "Negotiate ", negotiate_ret_value, NULL);
-- ap_table_add(r->err_headers_out, header_name, negoauth_param);
-+ ap_table_set(r->err_headers_out, header_name, negoauth_param);
- }
- #endif
+@@ -1256,17 +1270,6 @@
}
-@@ -1224,6 +1236,23 @@
+ #endif /* KRB5 */
+
+-static int
+-already_succeeded(request_rec *r)
+-{
+- if (ap_is_initial_req(r) || MK_AUTH_TYPE == NULL)
+- return 0;
+- if (strcmp(MK_AUTH_TYPE, "Negotiate") ||
+- (strcmp(MK_AUTH_TYPE, "Basic") && strchr(MK_USER, '@')))
+- return 1;
+- return 0;
+-}
+-
+ static void
+ set_kerb_auth_headers(request_rec *r, const kerb_auth_config *conf,
+ int use_krb4, int use_krb5pwd, char *negotiate_ret_value)
+@@ -1313,7 +1316,6 @@
+ const char *type = NULL;
+ int use_krb5 = 0, use_krb4 = 0;
+ int ret;
+- static int last_return = HTTP_UNAUTHORIZED;
+ char *negotiate_ret_value = NULL;
+
+ /* get the type specified in .htaccess */
+@@ -1332,6 +1334,23 @@
else
return DECLINED;
@@ -91,5 +104,23 @@
+#endif
+
/* get what the user sent us in the HTTP header */
- auth_line = MK_TABLE_GET(r->headers_in, "Authorization");
- if (!auth_line) {
+ auth_line = MK_TABLE_GET(r->headers_in, (r->proxyreq == PROXYREQ_PROXY)
+ ? "Proxy-Authorization"
+@@ -1354,9 +1373,6 @@
+ (strcasecmp(auth_type, "Basic") == 0))
+ return DECLINED;
+
+- if (already_succeeded(r))
+- return last_return;
+-
+ ret = HTTP_UNAUTHORIZED;
+
+ #ifdef KRB5
+@@ -1380,7 +1396,6 @@
+
+ /* XXX log_debug: if ret==OK, log(user XY authenticated) */
+
+- last_return = ret;
+ return ret;
+ }
+
Index: mod_auth_kerb.spec
===================================================================
RCS file: /cvs/dist/rpms/mod_auth_kerb/devel/mod_auth_kerb.spec,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- mod_auth_kerb.spec 4 Mar 2005 11:00:57 -0000 1.5
+++ mod_auth_kerb.spec 10 May 2005 09:46:42 -0000 1.6
@@ -1,17 +1,16 @@
+%define subver rc6
+
Summary: Kerberos authentication module for HTTP
Name: mod_auth_kerb
Version: 5.0
-Release: 3
+Release: 6
License: Apache
Group: System Environment/Daemons
URL: http://modauthkerb.sourceforge.net/
-Source0: %{name}-%{version}-rc4.tar.gz
+Source0: %{name}-%{version}-%{subver}.tar.gz
Source1: auth_kerb.conf
-Patch0: mod_auth_kerb-5.0-replay.patch
-Patch1: mod_auth_kerb-5.0-mutual.patch
Patch2: mod_auth_kerb-5.0-cache.patch
-Patch3: mod_auth_kerb-5.0-cleanup.patch
Patch4: mod_auth_kerb-5.0-gcc4.patch
Patch5: mod_auth_kerb-5.0-exports.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
@@ -25,17 +24,14 @@
authentication based on ticket exchanges.
%prep
-%setup -q -n %{name}-%{version}-rc4
-%patch0 -p1 -b .replay
-%patch1 -p1 -b .mutual
+%setup -q -n %{name}-%{version}-%{subver}
%patch2 -p1 -b .cache
-%patch3 -p1 -b .cleanup
%patch4 -p1 -b .gcc4
%patch5 -p1 -b .exports
%build
%configure --without-krb4 --with-krb5=/usr/kerberos
-make %{?_smp_mflags} CC=gcc4
+make %{?_smp_mflags}
%install
rm -rf $RPM_BUILD_ROOT
@@ -56,6 +52,10 @@
%{_libdir}/httpd/modules/*.so
%changelog
+* Tue May 10 2005 Joe Orton <jorton at redhat.com> 5.0-6
+- update to 5.0rc6
+- don't force CC=gcc4
+
* Fri Mar 4 2005 Joe Orton <jorton at redhat.com> 5.0-3
- fix build with GCC 4
- only add "auth_kerb_module" symbol to dynamic symbol table
--- mod_auth_kerb-5.0-cleanup.patch DELETED ---
--- mod_auth_kerb-5.0-mutual.patch DELETED ---
--- mod_auth_kerb-5.0-replay.patch DELETED ---
More information about the fedora-cvs-commits
mailing list