Bug#666811: libapache-mod-auth-kerb: sourceful transition towards Apache 2.4

Wed, 10 Jul 2013 23:58:18 -0700 

Colin Watson <cjwat...@debian.org> writes:
> On Sun, Jun 02, 2013 at 07:02:55PM -0700, Russ Allbery wrote:

>> I only tested with SPNEGO authentication, but I see no reason to
>> believe that Basic authentication wouldn't also work.

>> There were two issues: first, the connection->request_ip struct member
>> had to be changed as mentioned in the bug report,

> I've been struggling with the choice between r->useragent_ip and
> r->connection->client_ip while porting a number of modules.  I've sort
> of been settling down to the approach that if it's used as an element of
> authentication, the replacement should be client_ip (because otherwise
> you can forge it with a stunt proxy), and otherwise it should be
> useragent_ip.  Does that make sense to you?  If so, does that imply that
> client_ip should be used here instead?

In this particular case, I suspect it won't make any difference since the
connection ID is also part of the internal key, but yes, I agree.  I've
made that change.

> I've been hearing rumours that the release team would like to push
> through the transition this weekend and remove anything that's broken
> from testing then, to unblock other work.  So I think it would be very
> helpful if you could NMU, given that there's been no (public) response.

Uploading now.  Attached is the final NMU patch that I used.

-- 
Russ Allbery (r...@debian.org)               <http://www.eyrie.org/~eagle/>


reverted:
--- libapache-mod-auth-kerb-5.4/debian/libapache2-mod-auth-kerb.postinst
+++ libapache-mod-auth-kerb-5.4.orig/debian/libapache2-mod-auth-kerb.postinst
@@ -1,11 +0,0 @@
-#!/bin/sh
-
-set -e
-
-#DEBHELPER#
-if [ "$1" = "configure" ]; then
-        a2enmod auth_kerb || true
-fi
-
-exit 0
-		
diff -u libapache-mod-auth-kerb-5.4/debian/control libapache-mod-auth-kerb-5.4/debian/control
--- libapache-mod-auth-kerb-5.4/debian/control
+++ libapache-mod-auth-kerb-5.4/debian/control
@@ -2,12 +2,12 @@
 Section: net
 Priority: optional
 Maintainer: Ghe Rivero <g...@debian.org>
-Build-Depends: debhelper (>= 4), autotools-dev, libkrb5-dev (>= 1.4.0), autoconf, apache2-threaded-dev (>= 2.2.3), quilt
+Build-Depends: debhelper (>= 4), autotools-dev, libkrb5-dev (>= 1.4.0), autoconf, apache2-dev (>= 2.4), dh-apache2, quilt
 Standards-Version: 3.9.3
 
 Package: libapache2-mod-auth-kerb
 Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, apache2.2-common, krb5-config
+Depends: ${shlibs:Depends}, ${misc:Depends}, krb5-config
 Description:  apache2 module for Kerberos authentication
  An apache2 module for authenticating users in a Kerberos realm.
  It supports basic user and password authentication or a
reverted:
--- libapache-mod-auth-kerb-5.4/debian/libapache2-mod-auth-kerb.debhelper.log
+++ libapache-mod-auth-kerb-5.4.orig/debian/libapache2-mod-auth-kerb.debhelper.log
@@ -1,73 +0,0 @@
-dh_installchangelogs
-dh_installdocs
-dh_installexamples
-dh_installman
-dh_link
-dh_strip
-dh_compress
-dh_fixperms
-dh_installdeb
-dh_shlibdeps
-dh_gencontrol
-dh_md5sums
-dh_builddeb
-dh_builddeb
-dh_builddeb
-dh_installchangelogs
-dh_installdocs
-dh_installexamples
-dh_installman
-dh_link
-dh_strip
-dh_compress
-dh_fixperms
-dh_installdeb
-dh_shlibdeps
-dh_gencontrol
-dh_md5sums
-dh_builddeb
-dh_builddeb
-dh_builddeb
-dh_installchangelogs
-dh_installdocs
-dh_installexamples
-dh_installman
-dh_link
-dh_strip
-dh_compress
-dh_fixperms
-dh_installdeb
-dh_shlibdeps
-dh_gencontrol
-dh_md5sums
-dh_builddeb
-dh_builddeb
-dh_builddeb
-dh_installchangelogs
-dh_installdocs
-dh_installexamples
-dh_installman
-dh_link
-dh_strip
-dh_compress
-dh_fixperms
-dh_installdeb
-dh_shlibdeps
-dh_gencontrol
-dh_md5sums
-dh_builddeb
-dh_builddeb
-dh_installchangelogs
-dh_installdocs
-dh_installexamples
-dh_installman
-dh_link
-dh_strip
-dh_compress
-dh_fixperms
-dh_installdeb
-dh_shlibdeps
-dh_gencontrol
-dh_md5sums
-dh_builddeb
-dh_builddeb
diff -u libapache-mod-auth-kerb-5.4/debian/changelog libapache-mod-auth-kerb-5.4/debian/changelog
--- libapache-mod-auth-kerb-5.4/debian/changelog
+++ libapache-mod-auth-kerb-5.4/debian/changelog
@@ -1,3 +1,10 @@
+libapache-mod-auth-kerb (5.4-2.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Port to Apache 2.4 and dh_apache2.  (Closes: #666811)
+
+ -- Russ Allbery <r...@debian.org>  Wed, 10 Jul 2013 23:41:23 -0700
+
 libapache-mod-auth-kerb (5.4-2) unstable; urgency=low
 
   * Reenabled patch gssapi_delegation (Closes: #613920)
reverted:
--- libapache-mod-auth-kerb-5.4/debian/libapache2-mod-auth-kerb.prerm
+++ libapache-mod-auth-kerb-5.4.orig/debian/libapache2-mod-auth-kerb.prerm
@@ -1,11 +0,0 @@
-#!/bin/sh
-
-set -e
-
-#DEBHELPER#
-
-if [ "$1" = "remove" ]; then
-        a2dismod auth_kerb || true
-		fi
-
-exit 0
diff -u libapache-mod-auth-kerb-5.4/debian/rules libapache-mod-auth-kerb-5.4/debian/rules
--- libapache-mod-auth-kerb-5.4/debian/rules
+++ libapache-mod-auth-kerb-5.4/debian/rules
@@ -38,12 +38,7 @@
 
 ## -------- INSTALL TARGETS
 apache20: build-apache20
-	mkdir -p $(CURDIR)/debian/libapache2-mod-auth-kerb/usr/lib/apache2/modules/ \
-		$(CURDIR)/debian/libapache2-mod-auth-kerb/usr/share/doc/libapache2-mod-auth-kerb \
-		$(CURDIR)/debian/libapache2-mod-auth-kerb/etc/apache2/mods-available
-	install -s -m 644 $(CURDIR)/src/.libs/mod_auth_kerb.so $(CURDIR)/debian/libapache2-mod-auth-kerb/usr/lib/apache2/modules/mod_auth_kerb.so
-	install $(CURDIR)/src/.libs/mod_auth_kerb.so $(CURDIR)/debian/libapache2-mod-auth-kerb/usr/lib/apache2/modules/mod_auth_kerb.so
-	install -m644 $(CURDIR)/debian/auth_kerb.load $(CURDIR)/debian/libapache2-mod-auth-kerb/etc/apache2/mods-available
+	mkdir -p $(CURDIR)/debian/libapache2-mod-auth-kerb/usr/share/doc/libapache2-mod-auth-kerb
 	install -m 644 $(CURDIR)/README \
 		$(CURDIR)/debian/libapache2-mod-auth-kerb/usr/share/doc/libapache2-mod-auth-kerb/
 
@@ -84,6 +79,7 @@
 binary-arch: build apache20
 	dh_testdir -a 
 	dh_testroot -a
+	dh_apache2
 	dh_installchangelogs
 	dh_installdocs
 	dh_installexamples
diff -u libapache-mod-auth-kerb-5.4/debian/patches/series libapache-mod-auth-kerb-5.4/debian/patches/series
--- libapache-mod-auth-kerb-5.4/debian/patches/series
+++ libapache-mod-auth-kerb-5.4/debian/patches/series
@@ -3,0 +4 @@
+apache24.patch
only in patch2:
unchanged:
--- libapache-mod-auth-kerb-5.4.orig/debian/libapache2-mod-auth-kerb.apache2
+++ libapache-mod-auth-kerb-5.4/debian/libapache2-mod-auth-kerb.apache2
@@ -0,0 +1,2 @@
+mod debian/auth_kerb.load
+mod src/.libs/mod_auth_kerb.so
only in patch2:
unchanged:
--- libapache-mod-auth-kerb-5.4.orig/debian/patches/apache24.patch
+++ libapache-mod-auth-kerb-5.4/debian/patches/apache24.patch
@@ -0,0 +1,62 @@
+--- libapache-mod-auth-kerb-5.4.orig/src/mod_auth_kerb.c
++++ libapache-mod-auth-kerb-5.4/src/mod_auth_kerb.c
+@@ -125,10 +125,14 @@
+ #  endif
+ #endif
+ 
+-#ifdef STANDARD20_MODULE_STUFF
++#if defined(APLOG_USE_MODULE)
++APLOG_USE_MODULE(auth_kerb);
++#elif defined(STANDARD20_MODULE_STUFF)
+ module AP_MODULE_DECLARE_DATA auth_kerb_module;
++# define client_ip remote_ip
+ #else
+ module auth_kerb_module;
++# define client_ip remote_ip
+ #endif
+ 
+ /*************************************************************************** 
+@@ -352,9 +356,14 @@
+    return NULL;
+ }
+ 
++#ifdef APLOG_USE_MODULE
+ static void
++log_rerror(const char *file, int line, int module_index, int level, int status,
++           const request_rec *r, const char *fmt, ...)
++#else
+ log_rerror(const char *file, int line, int level, int status,
+            const request_rec *r, const char *fmt, ...)
++#endif
+ {
+    char errstr[1024];
+    va_list ap;
+@@ -364,7 +373,9 @@
+    va_end(ap);
+ 
+    
+-#ifdef STANDARD20_MODULE_STUFF
++#if defined(APLOG_USE_MODULE)
++   ap_log_rerror(file, line, module_index, level, status, r, "%s", errstr);
++#elif defined(STANDARD20_MODULE_STUFF)
+    ap_log_rerror(file, line, level | APLOG_NOERRNO, status, r, "%s", errstr);
+ #else
+    ap_log_rerror(file, line, level | APLOG_NOERRNO, r, "%s", errstr);
+@@ -1568,7 +1579,7 @@
+    char keyname[1024];
+ 
+    snprintf(keyname, sizeof(keyname) - 1,
+-	"mod_auth_kerb::connection::%s::%ld", r->connection->remote_ip, 
++	"mod_auth_kerb::connection::%s::%ld", r->connection->client_ip,
+ 	r->connection->id);
+ 
+    if (apr_pool_userdata_get((void**)&conn_data, keyname, r->connection->pool) != 0)
+@@ -1722,7 +1733,7 @@
+        prevauth->last_return = ret;
+        snprintf(keyname, sizeof(keyname) - 1,
+            "mod_auth_kerb::connection::%s::%ld", 
+-	   r->connection->remote_ip, r->connection->id);
++	   r->connection->client_ip, r->connection->id);
+        apr_pool_userdata_set(prevauth, keyname, NULL, r->connection->pool);
+    }
+

Reply via email to