Colin Watson <cjwat...@debian.org> writes: > On Sun, Jun 02, 2013 at 07:02:55PM -0700, Russ Allbery wrote:
>> I only tested with SPNEGO authentication, but I see no reason to >> believe that Basic authentication wouldn't also work. >> There were two issues: first, the connection->request_ip struct member >> had to be changed as mentioned in the bug report, > I've been struggling with the choice between r->useragent_ip and > r->connection->client_ip while porting a number of modules. I've sort > of been settling down to the approach that if it's used as an element of > authentication, the replacement should be client_ip (because otherwise > you can forge it with a stunt proxy), and otherwise it should be > useragent_ip. Does that make sense to you? If so, does that imply that > client_ip should be used here instead? In this particular case, I suspect it won't make any difference since the connection ID is also part of the internal key, but yes, I agree. I've made that change. > I've been hearing rumours that the release team would like to push > through the transition this weekend and remove anything that's broken > from testing then, to unblock other work. So I think it would be very > helpful if you could NMU, given that there's been no (public) response. Uploading now. Attached is the final NMU patch that I used. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/>
reverted: --- libapache-mod-auth-kerb-5.4/debian/libapache2-mod-auth-kerb.postinst +++ libapache-mod-auth-kerb-5.4.orig/debian/libapache2-mod-auth-kerb.postinst @@ -1,11 +0,0 @@ -#!/bin/sh - -set -e - -#DEBHELPER# -if [ "$1" = "configure" ]; then - a2enmod auth_kerb || true -fi - -exit 0 - diff -u libapache-mod-auth-kerb-5.4/debian/control libapache-mod-auth-kerb-5.4/debian/control --- libapache-mod-auth-kerb-5.4/debian/control +++ libapache-mod-auth-kerb-5.4/debian/control @@ -2,12 +2,12 @@ Section: net Priority: optional Maintainer: Ghe Rivero <g...@debian.org> -Build-Depends: debhelper (>= 4), autotools-dev, libkrb5-dev (>= 1.4.0), autoconf, apache2-threaded-dev (>= 2.2.3), quilt +Build-Depends: debhelper (>= 4), autotools-dev, libkrb5-dev (>= 1.4.0), autoconf, apache2-dev (>= 2.4), dh-apache2, quilt Standards-Version: 3.9.3 Package: libapache2-mod-auth-kerb Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, apache2.2-common, krb5-config +Depends: ${shlibs:Depends}, ${misc:Depends}, krb5-config Description: apache2 module for Kerberos authentication An apache2 module for authenticating users in a Kerberos realm. It supports basic user and password authentication or a reverted: --- libapache-mod-auth-kerb-5.4/debian/libapache2-mod-auth-kerb.debhelper.log +++ libapache-mod-auth-kerb-5.4.orig/debian/libapache2-mod-auth-kerb.debhelper.log @@ -1,73 +0,0 @@ -dh_installchangelogs -dh_installdocs -dh_installexamples -dh_installman -dh_link -dh_strip -dh_compress -dh_fixperms -dh_installdeb -dh_shlibdeps -dh_gencontrol -dh_md5sums -dh_builddeb -dh_builddeb -dh_builddeb -dh_installchangelogs -dh_installdocs -dh_installexamples -dh_installman -dh_link -dh_strip -dh_compress -dh_fixperms -dh_installdeb -dh_shlibdeps -dh_gencontrol -dh_md5sums -dh_builddeb -dh_builddeb -dh_builddeb -dh_installchangelogs -dh_installdocs -dh_installexamples -dh_installman -dh_link -dh_strip -dh_compress -dh_fixperms -dh_installdeb -dh_shlibdeps -dh_gencontrol -dh_md5sums -dh_builddeb -dh_builddeb -dh_builddeb -dh_installchangelogs -dh_installdocs -dh_installexamples -dh_installman -dh_link -dh_strip -dh_compress -dh_fixperms -dh_installdeb -dh_shlibdeps -dh_gencontrol -dh_md5sums -dh_builddeb -dh_builddeb -dh_installchangelogs -dh_installdocs -dh_installexamples -dh_installman -dh_link -dh_strip -dh_compress -dh_fixperms -dh_installdeb -dh_shlibdeps -dh_gencontrol -dh_md5sums -dh_builddeb -dh_builddeb diff -u libapache-mod-auth-kerb-5.4/debian/changelog libapache-mod-auth-kerb-5.4/debian/changelog --- libapache-mod-auth-kerb-5.4/debian/changelog +++ libapache-mod-auth-kerb-5.4/debian/changelog @@ -1,3 +1,10 @@ +libapache-mod-auth-kerb (5.4-2.1) unstable; urgency=low + + * Non-maintainer upload. + * Port to Apache 2.4 and dh_apache2. (Closes: #666811) + + -- Russ Allbery <r...@debian.org> Wed, 10 Jul 2013 23:41:23 -0700 + libapache-mod-auth-kerb (5.4-2) unstable; urgency=low * Reenabled patch gssapi_delegation (Closes: #613920) reverted: --- libapache-mod-auth-kerb-5.4/debian/libapache2-mod-auth-kerb.prerm +++ libapache-mod-auth-kerb-5.4.orig/debian/libapache2-mod-auth-kerb.prerm @@ -1,11 +0,0 @@ -#!/bin/sh - -set -e - -#DEBHELPER# - -if [ "$1" = "remove" ]; then - a2dismod auth_kerb || true - fi - -exit 0 diff -u libapache-mod-auth-kerb-5.4/debian/rules libapache-mod-auth-kerb-5.4/debian/rules --- libapache-mod-auth-kerb-5.4/debian/rules +++ libapache-mod-auth-kerb-5.4/debian/rules @@ -38,12 +38,7 @@ ## -------- INSTALL TARGETS apache20: build-apache20 - mkdir -p $(CURDIR)/debian/libapache2-mod-auth-kerb/usr/lib/apache2/modules/ \ - $(CURDIR)/debian/libapache2-mod-auth-kerb/usr/share/doc/libapache2-mod-auth-kerb \ - $(CURDIR)/debian/libapache2-mod-auth-kerb/etc/apache2/mods-available - install -s -m 644 $(CURDIR)/src/.libs/mod_auth_kerb.so $(CURDIR)/debian/libapache2-mod-auth-kerb/usr/lib/apache2/modules/mod_auth_kerb.so - install $(CURDIR)/src/.libs/mod_auth_kerb.so $(CURDIR)/debian/libapache2-mod-auth-kerb/usr/lib/apache2/modules/mod_auth_kerb.so - install -m644 $(CURDIR)/debian/auth_kerb.load $(CURDIR)/debian/libapache2-mod-auth-kerb/etc/apache2/mods-available + mkdir -p $(CURDIR)/debian/libapache2-mod-auth-kerb/usr/share/doc/libapache2-mod-auth-kerb install -m 644 $(CURDIR)/README \ $(CURDIR)/debian/libapache2-mod-auth-kerb/usr/share/doc/libapache2-mod-auth-kerb/ @@ -84,6 +79,7 @@ binary-arch: build apache20 dh_testdir -a dh_testroot -a + dh_apache2 dh_installchangelogs dh_installdocs dh_installexamples diff -u libapache-mod-auth-kerb-5.4/debian/patches/series libapache-mod-auth-kerb-5.4/debian/patches/series --- libapache-mod-auth-kerb-5.4/debian/patches/series +++ libapache-mod-auth-kerb-5.4/debian/patches/series @@ -3,0 +4 @@ +apache24.patch only in patch2: unchanged: --- libapache-mod-auth-kerb-5.4.orig/debian/libapache2-mod-auth-kerb.apache2 +++ libapache-mod-auth-kerb-5.4/debian/libapache2-mod-auth-kerb.apache2 @@ -0,0 +1,2 @@ +mod debian/auth_kerb.load +mod src/.libs/mod_auth_kerb.so only in patch2: unchanged: --- libapache-mod-auth-kerb-5.4.orig/debian/patches/apache24.patch +++ libapache-mod-auth-kerb-5.4/debian/patches/apache24.patch @@ -0,0 +1,62 @@ +--- libapache-mod-auth-kerb-5.4.orig/src/mod_auth_kerb.c ++++ libapache-mod-auth-kerb-5.4/src/mod_auth_kerb.c +@@ -125,10 +125,14 @@ + # endif + #endif + +-#ifdef STANDARD20_MODULE_STUFF ++#if defined(APLOG_USE_MODULE) ++APLOG_USE_MODULE(auth_kerb); ++#elif defined(STANDARD20_MODULE_STUFF) + module AP_MODULE_DECLARE_DATA auth_kerb_module; ++# define client_ip remote_ip + #else + module auth_kerb_module; ++# define client_ip remote_ip + #endif + + /*************************************************************************** +@@ -352,9 +356,14 @@ + return NULL; + } + ++#ifdef APLOG_USE_MODULE + static void ++log_rerror(const char *file, int line, int module_index, int level, int status, ++ const request_rec *r, const char *fmt, ...) ++#else + log_rerror(const char *file, int line, int level, int status, + const request_rec *r, const char *fmt, ...) ++#endif + { + char errstr[1024]; + va_list ap; +@@ -364,7 +373,9 @@ + va_end(ap); + + +-#ifdef STANDARD20_MODULE_STUFF ++#if defined(APLOG_USE_MODULE) ++ ap_log_rerror(file, line, module_index, level, status, r, "%s", errstr); ++#elif defined(STANDARD20_MODULE_STUFF) + ap_log_rerror(file, line, level | APLOG_NOERRNO, status, r, "%s", errstr); + #else + ap_log_rerror(file, line, level | APLOG_NOERRNO, r, "%s", errstr); +@@ -1568,7 +1579,7 @@ + char keyname[1024]; + + snprintf(keyname, sizeof(keyname) - 1, +- "mod_auth_kerb::connection::%s::%ld", r->connection->remote_ip, ++ "mod_auth_kerb::connection::%s::%ld", r->connection->client_ip, + r->connection->id); + + if (apr_pool_userdata_get((void**)&conn_data, keyname, r->connection->pool) != 0) +@@ -1722,7 +1733,7 @@ + prevauth->last_return = ret; + snprintf(keyname, sizeof(keyname) - 1, + "mod_auth_kerb::connection::%s::%ld", +- r->connection->remote_ip, r->connection->id); ++ r->connection->client_ip, r->connection->id); + apr_pool_userdata_set(prevauth, keyname, NULL, r->connection->pool); + } +