rpms/mod_auth_kerb/devel mod_auth_kerb-5.0-cache.patch, 1.1, 1.2 mod_auth_kerb.spec, 1.5, 1.6 mod_auth_kerb-5.0-cleanup.patch, 1.1, NONE mod_auth_kerb-5.0-mutual.patch, 1.1, NONE mod_auth_kerb-5.0-replay.patch, 1.1, NONE

[fedora-cvs-commits at redhat.com]

Author: jorton

Update of /cvs/dist/rpms/mod_auth_kerb/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv2547

Modified Files:
	mod_auth_kerb-5.0-cache.patch mod_auth_kerb.spec 
Removed Files:
	mod_auth_kerb-5.0-cleanup.patch mod_auth_kerb-5.0-mutual.patch 
	mod_auth_kerb-5.0-replay.patch 
Log Message:
* Tue May 10 2005 Joe Orton <jorton at redhat.com> 5.0-6
- update to 5.0rc6
- don't force CC=gcc4


mod_auth_kerb-5.0-cache.patch:
 mod_auth_kerb.c |   53 ++++++++++++++++++++++++++++++++++-------------------
 1 files changed, 34 insertions(+), 19 deletions(-)

Index: mod_auth_kerb-5.0-cache.patch
===================================================================
RCS file: /cvs/dist/rpms/mod_auth_kerb/devel/mod_auth_kerb-5.0-cache.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- mod_auth_kerb-5.0-cache.patch	9 Sep 2004 08:36:08 -0000	1.1
+++ mod_auth_kerb-5.0-cache.patch	10 May 2005 09:46:42 -0000	1.2
@@ -1,39 +1,35 @@
---- mod_auth_kerb-5.0-rc4/src/mod_auth_kerb.c.cache
-+++ mod_auth_kerb-5.0-rc4/src/mod_auth_kerb.c
-@@ -77,6 +77,7 @@
- #ifndef APXS1
- #include "ap_compat.h"
- #include "apr_strings.h"
-+#include "apr_base64.h"
+--- mod_auth_kerb-5.0-rc6/src/mod_auth_kerb.c.cache
++++ mod_auth_kerb-5.0-rc6/src/mod_auth_kerb.c
+@@ -61,6 +61,8 @@
+ #include <apr_base64.h>
  #endif
- #include "httpd.h"
- #include "http_config.h"
-@@ -85,6 +86,8 @@
- #include "http_protocol.h"
- #include "http_request.h"
  
 +#include <unistd.h>
 +
  #ifdef KRB5
  #include <krb5.h>
  #ifdef HEIMDAL
-@@ -914,7 +917,6 @@
-    gss_name_t server_name = GSS_C_NO_NAME;
-    char buf[1024];
- 
--#if 0
-    /* Don't specify service name. This makes MIT 1.3 not to use replay caches,
-     * which causes large problems with the Microsoft krb5 implementation. MS
-     * obviously uses a format of the krb5 authenticator that is considered by
-@@ -936,7 +938,6 @@
- 		 "gss_import_name() failed"));
-       return HTTP_INTERNAL_SERVER_ERROR;
-    }
--#endif
-    
-    major_status = gss_acquire_cred(&minor_status, server_name, GSS_C_INDEFINITE,
- 			           GSS_C_NO_OID_SET, GSS_C_ACCEPT,
-@@ -979,6 +980,8 @@
+@@ -137,7 +139,7 @@
+                       int use_krb4, int use_krb5pwd, char *negotiate_ret_value);
+ 
+ static const char*
+-krb5_save_realms(cmd_parms *cmd, kerb_auth_config *sec, char *arg);
++krb5_save_realms(cmd_parms *cmd, void *config, const char *arg);
+ 
+ #ifdef STANDARD20_MODULE_STUFF
+ #define command(name, func, var, type, usage)           \
+@@ -247,8 +249,9 @@
+ }
+ 
+ static const char*
+-krb5_save_realms(cmd_parms *cmd, kerb_auth_config *sec, char *arg)
++krb5_save_realms(cmd_parms *cmd, void *config, const char *arg)
+ {
++   kerb_auth_config *sec = config;
+    sec->krb_auth_realms= ap_pstrdup(cmd->pool, arg);
+    return NULL;
+ }
+@@ -1086,6 +1089,8 @@
     return memcmp(p, oid->elements, oid->length);
  }
  
@@ -42,7 +38,7 @@
  static int
  authenticate_user_gss(request_rec *r, kerb_auth_config *conf,
  		      const char *auth_line, char **negotiate_ret_value)
-@@ -1111,7 +1114,16 @@
+@@ -1224,7 +1229,16 @@
    }
  
    MK_AUTH_TYPE = "Negotiate";
@@ -60,16 +56,33 @@
  
    if (conf->krb_save_credentials && delegated_cred != GSS_C_NO_CREDENTIAL)
       store_gss_creds(r, conf, (char *)output_token.value, delegated_cred);
-@@ -1159,7 +1171,7 @@
-    if (use_krb5 && conf->krb_method_gssapi && negotiate_ret_value != NULL &&
-        *negotiate_ret_value != '\0') {
-       negoauth_param = ap_pstrcat(r->pool, "Negotiate ", negotiate_ret_value, NULL);
--      ap_table_add(r->err_headers_out, header_name, negoauth_param);
-+      ap_table_set(r->err_headers_out, header_name, negoauth_param); 
-    }
- #endif
+@@ -1256,17 +1270,6 @@
  }
-@@ -1224,6 +1236,23 @@
+ #endif /* KRB5 */
+ 
+-static int
+-already_succeeded(request_rec *r)
+-{
+-   if (ap_is_initial_req(r) || MK_AUTH_TYPE == NULL)
+-      return 0;
+-   if (strcmp(MK_AUTH_TYPE, "Negotiate") ||
+-       (strcmp(MK_AUTH_TYPE, "Basic") && strchr(MK_USER, '@')))
+-      return 1;
+-   return 0;
+-}
+-
+ static void
+ set_kerb_auth_headers(request_rec *r, const kerb_auth_config *conf,
+       		      int use_krb4, int use_krb5pwd, char *negotiate_ret_value)
+@@ -1313,7 +1316,6 @@
+    const char *type = NULL;
+    int use_krb5 = 0, use_krb4 = 0;
+    int ret;
+-   static int last_return = HTTP_UNAUTHORIZED;
+    char *negotiate_ret_value = NULL;
+ 
+    /* get the type specified in .htaccess */
+@@ -1332,6 +1334,23 @@
     else
        return DECLINED;
  
@@ -91,5 +104,23 @@
 +#endif      
 +
     /* get what the user sent us in the HTTP header */
-    auth_line = MK_TABLE_GET(r->headers_in, "Authorization");
-    if (!auth_line) {
+    auth_line = MK_TABLE_GET(r->headers_in, (r->proxyreq == PROXYREQ_PROXY)
+ 	                                    ? "Proxy-Authorization"
+@@ -1354,9 +1373,6 @@
+        (strcasecmp(auth_type, "Basic") == 0))
+        return DECLINED;
+ 
+-   if (already_succeeded(r))
+-      return last_return;
+-
+    ret = HTTP_UNAUTHORIZED;
+ 
+ #ifdef KRB5
+@@ -1380,7 +1396,6 @@
+ 
+    /* XXX log_debug: if ret==OK, log(user XY authenticated) */
+ 
+-   last_return = ret;
+    return ret;
+ }
+ 


Index: mod_auth_kerb.spec
===================================================================
RCS file: /cvs/dist/rpms/mod_auth_kerb/devel/mod_auth_kerb.spec,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- mod_auth_kerb.spec	4 Mar 2005 11:00:57 -0000	1.5
+++ mod_auth_kerb.spec	10 May 2005 09:46:42 -0000	1.6
@@ -1,17 +1,16 @@
 
+%define subver rc6
+
 Summary: Kerberos authentication module for HTTP
 Name: mod_auth_kerb
 Version: 5.0
-Release: 3
+Release: 6
 License: Apache
 Group: System Environment/Daemons
 URL: http://modauthkerb.sourceforge.net/
-Source0: %{name}-%{version}-rc4.tar.gz
+Source0: %{name}-%{version}-%{subver}.tar.gz
 Source1: auth_kerb.conf
-Patch0: mod_auth_kerb-5.0-replay.patch
-Patch1: mod_auth_kerb-5.0-mutual.patch
 Patch2: mod_auth_kerb-5.0-cache.patch
-Patch3: mod_auth_kerb-5.0-cleanup.patch
 Patch4: mod_auth_kerb-5.0-gcc4.patch
 Patch5: mod_auth_kerb-5.0-exports.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
@@ -25,17 +24,14 @@
 authentication based on ticket exchanges.
 
 %prep
-%setup -q -n %{name}-%{version}-rc4
-%patch0 -p1 -b .replay
-%patch1 -p1 -b .mutual
+%setup -q -n %{name}-%{version}-%{subver}
 %patch2 -p1 -b .cache
-%patch3 -p1 -b .cleanup
 %patch4 -p1 -b .gcc4
 %patch5 -p1 -b .exports
 
 %build
 %configure --without-krb4 --with-krb5=/usr/kerberos
-make %{?_smp_mflags} CC=gcc4
+make %{?_smp_mflags} 
 
 %install
 rm -rf $RPM_BUILD_ROOT
@@ -56,6 +52,10 @@
 %{_libdir}/httpd/modules/*.so
 
 %changelog
+* Tue May 10 2005 Joe Orton <jorton at redhat.com> 5.0-6
+- update to 5.0rc6
+- don't force CC=gcc4
+
 * Fri Mar  4 2005 Joe Orton <jorton at redhat.com> 5.0-3
 - fix build with GCC 4
 - only add "auth_kerb_module" symbol to dynamic symbol table


--- mod_auth_kerb-5.0-cleanup.patch DELETED ---


--- mod_auth_kerb-5.0-mutual.patch DELETED ---


--- mod_auth_kerb-5.0-replay.patch DELETED ---