Package: libapache2-mod-auth-kerb Followup-For: Bug #666811 Control: tag 666811 patch
Attached is a tested patch that ports this package and the upstream code to Apache 2.4. The patch is in a form that should be acceptable upstream and should continue to work with Apache 2.2, although I've not personally tested. I only tested with SPNEGO authentication, but I see no reason to believe that Basic authentication wouldn't also work. There were two issues: first, the connection->request_ip struct member had to be changed as mentioned in the bug report, and second, the internal logging function needed adapting to the new logging parameter in the current version of Apache. I also switched to the new module declaration syntax so that the messages from this module would be properly tagged, and switched the package build system to dh_apache2 (which simplifies a number of things). BTW, please let me know if you'd like a co-maintainer. It doesn't look like the package has had a lot of recent love, and we use it heavily at Stanford. I'd be happy to help look after it. There are various things that probably should be cleaned up (stray debhelper.log file, some Lintian tags, an old-style build system, etc.). I can also upload this as an NMU to help with the Apache transition if you don't have time to look at it for a bit. I will probably do that in the absence of a reply if we start getting towards the end of the Apache transition to avoid having the package kicked out of testing. -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 3.8-2-686-pae (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libapache2-mod-auth-kerb depends on: ii apache2-bin [apache2-api-20120211] 2.4.4-5 ii krb5-config 2.3 ii libc6 2.17-3 ii libcomerr2 1.42.5-1.1 ii libgssapi-krb5-2 1.10.1+dfsg-5 ii libk5crypto3 1.10.1+dfsg-5 ii libkrb5-3 1.10.1+dfsg-5 libapache2-mod-auth-kerb recommends no packages. libapache2-mod-auth-kerb suggests no packages. -- no debconf information
reverted: --- libapache-mod-auth-kerb-5.4/debian/libapache2-mod-auth-kerb.postinst +++ libapache-mod-auth-kerb-5.4.orig/debian/libapache2-mod-auth-kerb.postinst @@ -1,11 +0,0 @@ -#!/bin/sh - -set -e - -#DEBHELPER# -if [ "$1" = "configure" ]; then - a2enmod auth_kerb || true -fi - -exit 0 - diff -u libapache-mod-auth-kerb-5.4/debian/control libapache-mod-auth-kerb-5.4/debian/control --- libapache-mod-auth-kerb-5.4/debian/control +++ libapache-mod-auth-kerb-5.4/debian/control @@ -2,12 +2,12 @@ Section: net Priority: optional Maintainer: Ghe Rivero <g...@debian.org> -Build-Depends: debhelper (>= 4), autotools-dev, libkrb5-dev (>= 1.4.0), autoconf, apache2-threaded-dev (>= 2.2.3), quilt +Build-Depends: debhelper (>= 4), autotools-dev, libkrb5-dev (>= 1.4.0), autoconf, apache2-dev (>= 2.4), dh-apache2, quilt Standards-Version: 3.9.3 Package: libapache2-mod-auth-kerb Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, apache2.2-common, krb5-config +Depends: ${shlibs:Depends}, ${misc:Depends}, krb5-config Description: apache2 module for Kerberos authentication An apache2 module for authenticating users in a Kerberos realm. It supports basic user and password authentication or a reverted: --- libapache-mod-auth-kerb-5.4/debian/libapache2-mod-auth-kerb.prerm +++ libapache-mod-auth-kerb-5.4.orig/debian/libapache2-mod-auth-kerb.prerm @@ -1,11 +0,0 @@ -#!/bin/sh - -set -e - -#DEBHELPER# - -if [ "$1" = "remove" ]; then - a2dismod auth_kerb || true - fi - -exit 0 diff -u libapache-mod-auth-kerb-5.4/debian/rules libapache-mod-auth-kerb-5.4/debian/rules --- libapache-mod-auth-kerb-5.4/debian/rules +++ libapache-mod-auth-kerb-5.4/debian/rules @@ -38,12 +38,7 @@ ## -------- INSTALL TARGETS apache20: build-apache20 - mkdir -p $(CURDIR)/debian/libapache2-mod-auth-kerb/usr/lib/apache2/modules/ \ - $(CURDIR)/debian/libapache2-mod-auth-kerb/usr/share/doc/libapache2-mod-auth-kerb \ - $(CURDIR)/debian/libapache2-mod-auth-kerb/etc/apache2/mods-available - install -s -m 644 $(CURDIR)/src/.libs/mod_auth_kerb.so $(CURDIR)/debian/libapache2-mod-auth-kerb/usr/lib/apache2/modules/mod_auth_kerb.so - install $(CURDIR)/src/.libs/mod_auth_kerb.so $(CURDIR)/debian/libapache2-mod-auth-kerb/usr/lib/apache2/modules/mod_auth_kerb.so - install -m644 $(CURDIR)/debian/auth_kerb.load $(CURDIR)/debian/libapache2-mod-auth-kerb/etc/apache2/mods-available + mkdir -p $(CURDIR)/debian/libapache2-mod-auth-kerb/usr/share/doc/libapache2-mod-auth-kerb install -m 644 $(CURDIR)/README \ $(CURDIR)/debian/libapache2-mod-auth-kerb/usr/share/doc/libapache2-mod-auth-kerb/ @@ -84,6 +79,7 @@ binary-arch: build apache20 dh_testdir -a dh_testroot -a + dh_apache2 dh_installchangelogs dh_installdocs dh_installexamples diff -u libapache-mod-auth-kerb-5.4/debian/patches/series libapache-mod-auth-kerb-5.4/debian/patches/series --- libapache-mod-auth-kerb-5.4/debian/patches/series +++ libapache-mod-auth-kerb-5.4/debian/patches/series @@ -3,0 +4 @@ +apache24.patch only in patch2: unchanged: --- libapache-mod-auth-kerb-5.4.orig/debian/libapache2-mod-auth-kerb.apache2 +++ libapache-mod-auth-kerb-5.4/debian/libapache2-mod-auth-kerb.apache2 @@ -0,0 +1,2 @@ +mod debian/auth_kerb.load +mod src/.libs/mod_auth_kerb.so only in patch2: unchanged: --- libapache-mod-auth-kerb-5.4.orig/debian/patches/apache24.patch +++ libapache-mod-auth-kerb-5.4/debian/patches/apache24.patch @@ -0,0 +1,62 @@ +--- libapache-mod-auth-kerb-5.4.orig/src/mod_auth_kerb.c ++++ libapache-mod-auth-kerb-5.4/src/mod_auth_kerb.c +@@ -125,10 +125,14 @@ + # endif + #endif + +-#ifdef STANDARD20_MODULE_STUFF ++#if defined(APLOG_USE_MODULE) ++APLOG_USE_MODULE(auth_kerb); ++#elif defined(STANDARD20_MODULE_STUFF) + module AP_MODULE_DECLARE_DATA auth_kerb_module; ++# define useragent_ip connection->remote_ip + #else + module auth_kerb_module; ++# define useragent_ip connection->remote_ip + #endif + + /*************************************************************************** +@@ -352,9 +356,14 @@ + return NULL; + } + ++#ifdef APLOG_USE_MODULE + static void ++log_rerror(const char *file, int line, int module_index, int level, int status, ++ const request_rec *r, const char *fmt, ...) ++#else + log_rerror(const char *file, int line, int level, int status, + const request_rec *r, const char *fmt, ...) ++#endif + { + char errstr[1024]; + va_list ap; +@@ -364,7 +373,9 @@ + va_end(ap); + + +-#ifdef STANDARD20_MODULE_STUFF ++#if defined(APLOG_USE_MODULE) ++ ap_log_rerror(file, line, module_index, level, status, r, "%s", errstr); ++#elif defined(STANDARD20_MODULE_STUFF) + ap_log_rerror(file, line, level | APLOG_NOERRNO, status, r, "%s", errstr); + #else + ap_log_rerror(file, line, level | APLOG_NOERRNO, r, "%s", errstr); +@@ -1568,7 +1579,7 @@ + char keyname[1024]; + + snprintf(keyname, sizeof(keyname) - 1, +- "mod_auth_kerb::connection::%s::%ld", r->connection->remote_ip, ++ "mod_auth_kerb::connection::%s::%ld", r->useragent_ip, + r->connection->id); + + if (apr_pool_userdata_get((void**)&conn_data, keyname, r->connection->pool) != 0) +@@ -1722,7 +1733,7 @@ + prevauth->last_return = ret; + snprintf(keyname, sizeof(keyname) - 1, + "mod_auth_kerb::connection::%s::%ld", +- r->connection->remote_ip, r->connection->id); ++ r->useragent_ip, r->connection->id); + apr_pool_userdata_set(prevauth, keyname, NULL, r->connection->pool); + } +