[CVS] OpenPKG: openpkg-src/apache-kerberos/ apache-kerberos.patch apac...

Wed, 17 Dec 2008 04:13:55 -0800 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /v/openpkg/cvs                   Email:  [email protected]
  Module: openpkg-src                      Date:   17-Dec-2008 13:15:06
  Branch: HEAD                             Handle: 2008121712150600

  Modified files:
    openpkg-src/apache-kerberos
                            apache-kerberos.patch apache-kerberos.spec

  Log:
    incorporate a patch for optional realm removal

  Summary:
    Revision    Changes     Path
    1.3         +125 -1     openpkg-src/apache-kerberos/apache-kerberos.patch
    1.5         +1  -1      openpkg-src/apache-kerberos/apache-kerberos.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/apache-kerberos/apache-kerberos.patch
  ============================================================================
  $ cvs diff -u -r1.2 -r1.3 apache-kerberos.patch
  --- openpkg-src/apache-kerberos/apache-kerberos.patch 22 Dec 2007 13:27:43 
-0000      1.2
  +++ openpkg-src/apache-kerberos/apache-kerberos.patch 17 Dec 2008 12:15:06 
-0000      1.3
  @@ -46,7 +46,7 @@
   --- spnegokrb5/der_put.c.orig        2003-09-05 10:54:08 +0200
   +++ spnegokrb5/der_put.c     2007-12-22 14:24:51 +0100
   @@ -37,6 +37,16 @@
  - RCSID("$Id: apache-kerberos.patch,v 1.2 2007/12/22 13:27:43 rse Exp $");
  + RCSID("$Id: apache-kerberos.patch,v 1.3 2008/12/17 12:15:06 rse Exp $");
    #endif
    
   +#include "config.h"
  @@ -62,3 +62,127 @@
    /*
     * All encoding functions take a pointer `p' to first position in
     * which to write, from the right, `len' which means the maximum
  +--- src/mod_auth_kerb.c.orig 2006-11-22 11:32:58.000000000 +0100
  ++++ src/mod_auth_kerb.c      2008-12-16 19:26:27.000000000 +0100
  +@@ -165,6 +165,7 @@
  +     char *krb_5_keytab;
  +     int krb_method_gssapi;
  +     int krb_method_k5pass;
  ++    int krb5_auth_to_local;
  + #endif
  + #ifdef KRB4
  +     char *krb_4_srvtab;
  +@@ -227,6 +228,9 @@
  + 
  +    command("KrbMethodK5Passwd", ap_set_flag_slot, krb_method_k5pass,
  +      FLAG, "Enable Kerberos V5 password authentication."),
  ++
  ++   command("Krb5AuthToLocal", ap_set_flag_slot, krb5_auth_to_local,
  ++     FLAG, "Enable Kerberos V5 auth_to_local mapping."),
  + #endif 
  + 
  + #ifdef KRB4
  +@@ -322,6 +326,7 @@
  + #ifdef KRB5
  +     ((kerb_auth_config *)rec)->krb_method_k5pass = 1;
  +     ((kerb_auth_config *)rec)->krb_method_gssapi = 1;
  ++    ((kerb_auth_config *)rec)->krb5_auth_to_local = 0;
  + #endif
  + #ifdef KRB4
  +     ((kerb_auth_config *)rec)->krb_method_k4pass = 1;
  +@@ -746,6 +751,79 @@
  + }
  + 
  + static int
  ++do_krb5_an_to_ln(request_rec *r, const kerb_auth_config *conf, MK_POOL *p)
  ++{
  ++    const int lname_size = 1024;
  ++
  ++    krb5_context kcontext;
  ++    krb5_principal princ;
  ++    krb5_error_code code;
  ++    char lname[lname_size];
  ++    int ret;
  ++
  ++    if (!conf->krb5_auth_to_local) {
  ++            return OK;
  ++    }
  ++
  ++    ret = HTTP_INTERNAL_SERVER_ERROR;
  ++
  ++    code = krb5_init_context(&kcontext);
  ++    if (code) {
  ++            log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
  ++                    "Cannot initialize Kerberos5 context (%d)", code);
  ++            return HTTP_INTERNAL_SERVER_ERROR;
  ++    }
  ++
  ++    code = krb5_parse_name(kcontext, MK_USER, &princ);
  ++    if (code) {
  ++            log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
  ++                    "krb5_parse_name() failed for name %s: %s",
  ++                    MK_USER,
  ++                    krb5_get_err_text(kcontext, code));
  ++            krb5_free_context(kcontext);
  ++            return HTTP_INTERNAL_SERVER_ERROR;
  ++    }
  ++
  ++    code = krb5_aname_to_localname(kcontext, princ, sizeof(lname), lname);
  ++    if (code) {
  ++            if (code != KRB5_LNAME_NOTRANS) {
  ++                            log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
  ++                               "krb5_aname_to_localname() failed: %s",
  ++                               krb5_get_err_text(kcontext, code));
  ++                    /* fall through */
  ++            }
  ++            else {
  ++                            log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r,
  ++                               "krb5_aname_to_localname() found no "
  ++                               "mapping for principal %s",
  ++                               MK_USER);
  ++                    /* fall through */
  ++            }
  ++    }
  ++    else {
  ++            /* Does this belong in an authz handler? */
  ++            if (!krb5_kuserok(kcontext, princ, lname)) {
  ++                            log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r,
  ++                               "krb5_kuserok(%s, %s) == false",
  ++                               MK_USER, lname);
  ++                    ret = HTTP_UNAUTHORIZED;
  ++            }
  ++            else {
  ++                    log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r,
  ++                       "doing auth_to_local: %s -> %s",
  ++                       MK_USER, lname);
  ++                    MK_USER = apr_pstrdup(p, lname);
  ++                    ret = OK;
  ++            }
  ++    }
  ++    krb5_free_principal(kcontext, princ);
  ++    krb5_free_context(kcontext);
  ++
  ++    return ret;
  ++}
  ++
  ++
  ++static int
  + krb5_cache_cleanup(void *data)
  + {
  +    krb5_context context;
  +@@ -1536,9 +1614,15 @@
  +    if (use_krb5 && conf->krb_method_gssapi &&
  +        strcasecmp(auth_type, MECH_NEGOTIATE) == 0) {
  +       ret = authenticate_user_gss(r, conf, auth_line, &negotiate_ret_value);
  ++    if (ret == OK) {
  ++                    ret = do_krb5_an_to_ln(r, conf, r->connection->pool);
  ++        }
  +    } else if (use_krb5 && conf->krb_method_k5pass &&
  +           strcasecmp(auth_type, "Basic") == 0) {
  +        ret = authenticate_user_krb5pwd(r, conf, auth_line);
  ++    if (ret == OK) {
  ++                    ret = do_krb5_an_to_ln(r, conf, r->pool);
  ++    }
  +    }
  + #endif
  + 
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/apache-kerberos/apache-kerberos.spec
  ============================================================================
  $ cvs diff -u -r1.4 -r1.5 apache-kerberos.spec
  --- openpkg-src/apache-kerberos/apache-kerberos.spec  1 Jan 2008 14:50:35 
-0000       1.4
  +++ openpkg-src/apache-kerberos/apache-kerberos.spec  17 Dec 2008 12:15:06 
-0000      1.5
  @@ -32,7 +32,7 @@
   Group:        Web
   License:      Open Source
   Version:      5.3
  -Release:      20080101
  +Release:      20081217
   
   #   list of sources
   Source0:      
http://switch.dl.sourceforge.net/modauthkerb/mod_auth_kerb-%{version}.tar.gz
  @@ .
______________________________________________________________________
OpenPKG                                             http://openpkg.org
CVS Repository Commit List                     [email protected]

Reply via email to