rpms/mod_auth_ntlm_winbind/F-7 auth_ntlm_winbind.conf, NONE, 1.1 mod_auth_ntlm_winbind-20060510-connect_http10.patch, NONE, 1.1 mod_auth_ntlm_winbind.spec, NONE, 1.1 sources, 1.1, 1.2
Dmitry Butskoy (buc)
fedora-extras-commits at redhat.com
Fri Jun 22 12:16:22 UTC 2007
- Previous message (by thread): rpms/mod_auth_ntlm_winbind/devel auth_ntlm_winbind.conf, NONE, 1.1 mod_auth_ntlm_winbind-20060510-connect_http10.patch, NONE, 1.1 mod_auth_ntlm_winbind.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/frozen-bubble/devel frozen-bubble.desktop, 1.1, 1.2 frozen-bubble.spec, 1.5, 1.6
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: buc
Update of /cvs/extras/rpms/mod_auth_ntlm_winbind/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4458
Modified Files:
sources
Added Files:
auth_ntlm_winbind.conf
mod_auth_ntlm_winbind-20060510-connect_http10.patch
mod_auth_ntlm_winbind.spec
Log Message:
--- NEW FILE auth_ntlm_winbind.conf ---
#
# mod_auth_ntlm_winbind allows authentication and authorisation over the Web
# against a Windows NT/AD domain controllers, using Samba on the same
# machine Apache is running on.
# It uses "ntlm_auth" helper utility to operate with local winbindd(8) daemon,
# which are standard parts of the Samba distribution.
#
# The same way Squid does NTLM authentication now.
#
LoadModule auth_ntlm_winbind_module modules/mod_auth_ntlm_winbind.so
#
# example configuration for this module:
#
# <Directory "/var/www/auth">
# AuthName "NTLM Authentication thingy"
# NTLMAuth on
# NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
# NTLMBasicAuthoritative on
# AuthType NTLM
# require valid-user
# </Directory>
#
# to enable 'Negotiate' authentication too:
#
# <Directory "/var/www/auth">
# AuthName "NTLM Authentication thingy"
# NTLMAuth on
# NegotiateAuth on
# NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
# NegotiateAuthHelper "/usr/bin/ntlm_auth --helper-protocol=gss-spnego"
# NTLMBasicAuthoritative on
# AuthType NTLM
# AuthType Negotiate
# require valid-user
# </Directory>
#
# Note: most case you should:
# chgrp apache /var/cache/samba/winbindd_priveleged/
# as the /usr/bin/ntlm_auth helper need access to this directory
#
mod_auth_ntlm_winbind-20060510-connect_http10.patch:
--- NEW FILE mod_auth_ntlm_winbind-20060510-connect_http10.patch ---
diff -bu mod_auth_ntlm_winbind/mod_auth_ntlm_winbind.c mod_auth_ntlm_winbind-OK/mod_auth_ntlm_winbind.c
--- mod_auth_ntlm_winbind/mod_auth_ntlm_winbind.c 2006-05-11 17:52:54.000000000 +0400
+++ mod_auth_ntlm_winbind-OK/mod_auth_ntlm_winbind.c 2006-07-07 19:44:12.000000000 +0400
@@ -997,6 +997,29 @@
: "Authorization");
const char *auth_line2;
+#ifdef APACHE2
+ /* ap_set_keepalive() does not check for
+ "Proxy-Connection: keep-alive", and therefore breaks NTLM auth
+ for the CONNECT proxying ("https" etc.) when a browser uses HTTP/1.0
+ for CONNECT (like IE6+ does).
+
+ An ugly work-around to fix it here:
+ When "CONNECT .... HTTP/1.0" without any "Connection: ..."
+ but with "Proxy-Connection: keep-alive", set "Connection: keep-alive"
+ manually (which will be successfully eaten by ap_set_keepalive() later)
+ */
+
+ if (r->method_number == M_CONNECT &&
+ r->proto_num == HTTP_VERSION(1,0) &&
+ !apr_table_get(r->headers_in, "Connection") &&
+ ap_find_token(r->pool,
+ apr_table_get(r->headers_in, "Proxy-Connection"),
+ "keep-alive") != 0
+ ) {
+ apr_table_mergen(r->headers_in, "Connection", "keep-alive");
+ }
+#endif
+
/* Trust the authentication on an existing connection */
if (ctxt->connected_user_authenticated && ctxt->connected_user_authenticated->user) {
/* internal redirects cause this to get called more than once
--- NEW FILE mod_auth_ntlm_winbind.spec ---
%define moddir %(apxs -q LIBEXECDIR || echo be_happy_mock)
%define svn 20070129svn713
Summary: NTLM authentication for the Apache web server using winbind daemon
Name: mod_auth_ntlm_winbind
Version: 0.0.0
Release: 0.2.%{svn}%{?dist}
Group: System Environment/Daemons
License: Apache Software License
URL: http://viewcvs.samba.org/cgi-bin/viewcvs.cgi/trunk/mod_auth_ntlm_winbind/?root=lorikeet
#
# svn export svn://svnanon.samba.org/lorikeet/trunk/mod_auth_ntlm_winbind mod_auth_ntlm_winbind
# or:
# wget -r -nH --cur-dirs=3 ftp://ftp.samba.org/pub/unpacked/lorikeet/mod_auth_ntlm_winbind
# then:
# tar -cvf - mod_auth_ntlm_winbind/ | gzip -c -9 > mod_ntlm_winbind-VERSION-SVN.tar.gz
#
Source0: mod_auth_ntlm_winbind-%{version}-%{svn}.tar.gz
Source1: auth_ntlm_winbind.conf
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: httpd-devel >= 2.0.40, autoconf
Requires: httpd >= 2.0.40
Requires: httpd-mmn = %(cat %{_includedir}/httpd/.mmn || echo missing)
# requires samba-common for /usr/bin/ntlm_auth ...
Requires: samba-common
Requires(post): shadow-utils
Patch0: mod_auth_ntlm_winbind-20060510-connect_http10.patch
%description
The %{name} module allows authentication and authorisation over
the Web against a Windows NT/AD domain controllers, using Samba on the same
machine Apache is running on.
It uses "ntlm_auth" helper utility to operate with local winbindd(8) daemon,
which are standard parts of the Samba distribution.
The same way Squid does NTLM authentication now.
%prep
%setup -q -n mod_auth_ntlm_winbind
%patch0 -p1
autoconf
%build
%configure
# %{?_smp_mflags} is not needed -- only one file compiled
make
%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT%{moddir}
make install DESTDIR=$RPM_BUILD_ROOT
# Install the config file
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d
install -m644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d
%clean
rm -rf $RPM_BUILD_ROOT
%post
/usr/sbin/usermod -a -G wbpriv apache >/dev/null 2>&1 || :
%files
%defattr(-,root,root,-)
%{moddir}/*
%config(noreplace) %{_sysconfdir}/httpd/conf.d/*
%doc AUTHORS README
%changelog
* Wed Jun 20 2007 Dmitry Butskoy <Dmitry at Butskoy.name> 0.0.0-0.2.20070129svn713
- spec file cleanup
- accepted for Fedora (review by Jason Tibbitts <tibbs at math.uh.edu>)
* Wed Jun 13 2007 Dmitry Butskoy <Dmitry at Butskoy.name> 0.0.0-0.1.20070129svn713
- change release field properly
* Mon Mar 26 2007 Dmitry Butskoy <Dmitry at Butskoy.name> 0.0.0-0.svn713.1
- update to svn release 713
- special winbind's group is named "wbpriv" now
* Thu Dec 21 2006 Dmitry Butskoy <Dmitry at Butskoy.name> 0.0.0-0.svn692.1
- new initial release (svn version r692)
- add workaround patch for "CONNECT HTTP/1.0" proxy issue
- add post script for access to winbind's socket directory
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/mod_auth_ntlm_winbind/F-7/sources,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sources 22 Jun 2007 02:10:20 -0000 1.1
+++ sources 22 Jun 2007 12:15:47 -0000 1.2
@@ -0,0 +1 @@
+b74d7abe9b135e74d9568d6e4f2f4a8e mod_auth_ntlm_winbind-0.0.0-20070129svn713.tar.gz
- Previous message (by thread): rpms/mod_auth_ntlm_winbind/devel auth_ntlm_winbind.conf, NONE, 1.1 mod_auth_ntlm_winbind-20060510-connect_http10.patch, NONE, 1.1 mod_auth_ntlm_winbind.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/frozen-bubble/devel frozen-bubble.desktop, 1.1, 1.2 frozen-bubble.spec, 1.5, 1.6
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list