aboutsummaryrefslogtreecommitdiff
path: root/www/mod_auth_kerb2
diff options
context:
space:
mode:
authorHiroki Sato <hrs@FreeBSD.org>2015-02-01 18:40:57 +0000
committerHiroki Sato <hrs@FreeBSD.org>2015-02-01 18:40:57 +0000
commitd7e5cdff7e35b182bc528e14e336a8eded14bcaa (patch)
treed921b9a9123c216bc23c27ffd5ad24d91f234afd /www/mod_auth_kerb2
parent9ff3a43f10aaac53b5ea9daff3546b3e669c8f2d (diff)
downloadports-d7e5cdff7e35b182bc528e14e336a8eded14bcaa.tar.gz
ports-d7e5cdff7e35b182bc528e14e336a8eded14bcaa.zip
Notes
Diffstat (limited to 'www/mod_auth_kerb2')
-rw-r--r--www/mod_auth_kerb2/Makefile49
-rw-r--r--www/mod_auth_kerb2/files/patch-Makefile.in16
-rw-r--r--www/mod_auth_kerb2/files/patch-src__mod_auth_kerb.c97
3 files changed, 93 insertions, 69 deletions
diff --git a/www/mod_auth_kerb2/Makefile b/www/mod_auth_kerb2/Makefile
index b29206230a33..c6395e951841 100644
--- a/www/mod_auth_kerb2/Makefile
+++ b/www/mod_auth_kerb2/Makefile
@@ -3,7 +3,7 @@
PORTNAME= mod_auth_kerb
PORTVERSION= 5.4
-PORTREVISION= 6
+PORTREVISION= 7
CATEGORIES= www
MASTER_SITES= SF/modauthkerb/${PORTNAME}/${PORTNAME}-${PORTVERSION}
PKGNAMEPREFIX= ${APACHE_PKGNAMEPREFIX}
@@ -12,39 +12,24 @@ PKGNAMESUFFIX= 2
MAINTAINER= apache@FreeBSD.org
COMMENT= Apache module for authenticating users with Kerberos v5
-USE_APACHE= 22+
-USES= gmake
-GNU_CONFIGURE= yes
+LICENSE= MIT BSD3CLAUSE
+LICENSE_COMB= multi
+LICENSE_FILE_MIT= ${WRKSRC}/LICENSE
+LICENSE_FILE_BSD3CLAUSE= ${WRKSRC}/LICENSE
+LATEST_LINK= mod_auth_kerb2
PORTSCOUT= limit:^5.4
-.if defined(KRB5_HOME)
-BUILD_DEPENDS+= ${KRB5_HOME}/lib/libgssapi_krb5.so:${PORTSDIR}/security/krb5
-RUN_DEPENDS+= ${KRB5_HOME}/lib/libgssapi_krb5.so:${PORTSDIR}/security/krb5
-CONFIGURE_ARGS+= --with-krb5=${KRB5_HOME} --without-krb4
-
-.elif defined(HEIMDAL_HOME)
-BUILD_DEPENDS+= ${HEIMDAL_HOME}/lib/libgssapi.so:${PORTSDIR}/security/heimdal
-RUN_DEPENDS+= ${HEIMDAL_HOME}/lib/libgssapi.so:${PORTSDIR}/security/heimdal
-CONFIGURE_ARGS+= --with-krb5=${HEIMDAL_HOME} --without-krb4
-
-.elif exists(${DESTDIR}/usr/lib/libkrb5.a) && exists(${DESTDIR}/usr/bin/krb5-config)
-CONFIGURE_ARGS+= --with-krb5=${DESTDIR}/usr --without-krb4
-
-.else
-LIB_DEPENDS+= libgssapi_krb5.so:${PORTSDIR}/security/krb5
-CONFIGURE_ARGS+= --with-krb5=${LOCALBASE} --without-krb4
-.endif
-
-post-patch:
- ${REINPLACE_CMD} -e 's|@APXS_STAGE@|-S LIBEXECDIR=${STAGEDIR}${PREFIX}/${APACHEMODDIR}|' \
- ${WRKSRC}/Makefile.in
-.if !defined(HEIMDAL_HOME)
- ${REINPLACE_CMD} -e 's|@KRB5_LDFLAGS@|@KRB5_LDFLAGS@ -lgssapi_krb5|' \
- ${WRKSRC}/Makefile.in
-.endif
-
-pre-install:
- @${MKDIR} ${STAGEDIR}${PREFIX}/${APACHEMODDIR}
+USE_APACHE= 22+
+USE_GMAKE= yes
+GNU_CONFIGURE= yes
+CONFIGURE_ARGS= -with-krb5=${GSSAPIBASEDIR} --without-krb4
+
+OPTIONS_RADIO= GSSAPI
+OPTIONS_DEFAULT= GSSAPI_BASE
+OPTIONS_RADIO_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT
+GSSAPI_BASE_USES= gssapi
+GSSAPI_HEIMDAL_USES= gssapi:heimdal
+GSSAPI_MIT_USES= gssapi:mit
.include <bsd.port.mk>
diff --git a/www/mod_auth_kerb2/files/patch-Makefile.in b/www/mod_auth_kerb2/files/patch-Makefile.in
index 4f946f6e6a3a..0261485a0892 100644
--- a/www/mod_auth_kerb2/files/patch-Makefile.in
+++ b/www/mod_auth_kerb2/files/patch-Makefile.in
@@ -1,17 +1,13 @@
---- Makefile.in.orig 2008-12-02 09:07:10.000000000 -0500
-+++ Makefile.in 2014-06-17 14:09:26.000000000 -0400
-@@ -1,4 +1,5 @@
- APXS = @APXS@
-+APXS_STAGE = @APXS_STAGE@
- KRB5_CPPFLAGS = @KRB5_CPPFLAGS@
- KRB5_LDFLAGS = @KRB5_LDFLAGS@
- KRB4_CPPFLAGS = @KRB4_CPPFLAGS@
-@@ -16,7 +17,7 @@
+--- Makefile.in.orig 2008-12-02 23:07:10.000000000 +0900
++++ Makefile.in 2014-11-22 19:29:08.000000000 +0900
+@@ -16,7 +16,9 @@
./apxs.sh "${CPPFLAGS}" "${LDFLAGS}" "${SPNEGO_SRCS}" "${APXS}" "-c" "src/mod_auth_kerb.c"
install:
- ./apxs.sh "${CPPFLAGS}" "${LDFLAGS}" "${SPNEGO_SRCS}" "${APXS}" "-c -i" "src/mod_auth_kerb.c"
-+ ${APXS} $(APXS_STAGE) -i -n auth_kerb src/mod_auth_kerb.la
++ mkdir -p "$(DESTDIR)$$(${APXS} -q libexecdir)"
++ ${APXS} -S LIBEXECDIR="$(DESTDIR)$$(${APXS} -q libexecdir)" \
++ -i -n auth_kerb src/mod_auth_kerb.la
clean:
for i in . src spnegokrb5; do \
diff --git a/www/mod_auth_kerb2/files/patch-src__mod_auth_kerb.c b/www/mod_auth_kerb2/files/patch-src__mod_auth_kerb.c
index 9bbf2b40605d..54971802be39 100644
--- a/www/mod_auth_kerb2/files/patch-src__mod_auth_kerb.c
+++ b/www/mod_auth_kerb2/files/patch-src__mod_auth_kerb.c
@@ -2,8 +2,12 @@
# Rev in latest src archive is r150.
# http://modauthkerb.cvs.sourceforge.net/viewvc/modauthkerb/mod_auth_kerb/src/mod_auth_kerb.c?revision=1.157
# Further patched to work with Apache 2.4.
---- src/mod_auth_kerb.c.orig 2008-12-04 11:14:03.000000000 +0100
-+++ src/mod_auth_kerb.c 2014-06-01 14:51:14.681087749 +0200
+#
+# Patch to fix a bug in KrbSaveCredentials:
+# https://bugzilla.redhat.com/show_bug.cgi?id=688210
+#
+--- src/mod_auth_kerb.c.orig 2008-12-04 19:14:03.000000000 +0900
++++ src/mod_auth_kerb.c 2014-11-22 19:34:12.000000000 +0900
@@ -11,6 +11,12 @@
*/
@@ -60,7 +64,15 @@
module AP_MODULE_DECLARE_DATA auth_kerb_module;
#else
module auth_kerb_module;
-@@ -298,7 +313,7 @@
+@@ -176,6 +191,7 @@
+ char *authline;
+ char *user;
+ char *mech;
++ char *ccname;
+ int last_return;
+ } krb5_conn_data;
+
+@@ -298,7 +314,7 @@
}
/* And this is the operations vector for our replay cache */
@@ -69,7 +81,7 @@
0,
"dfl",
krb5_rc_dfl_init,
-@@ -329,7 +344,7 @@
+@@ -329,7 +345,7 @@
((kerb_auth_config *)rec)->krb_ssl_preauthentication = 0;
#endif
#ifdef KRB5
@@ -78,7 +90,7 @@
((kerb_auth_config *)rec)->krb_method_k5pass = 1;
((kerb_auth_config *)rec)->krb_method_gssapi = 1;
#endif
-@@ -347,9 +362,15 @@
+@@ -347,9 +363,15 @@
return NULL;
}
@@ -94,7 +106,7 @@
{
char errstr[1024];
va_list ap;
-@@ -359,7 +380,9 @@
+@@ -359,7 +381,9 @@
va_end(ap);
@@ -105,7 +117,7 @@
ap_log_rerror(file, line, level | APLOG_NOERRNO, status, r, "%s", errstr);
#else
ap_log_rerror(file, line, level | APLOG_NOERRNO, r, "%s", errstr);
-@@ -527,7 +550,7 @@
+@@ -527,7 +551,7 @@
user = apr_pstrcat(r->pool, user, "@", realm, NULL);
MK_USER = user;
@@ -114,7 +126,7 @@
apr_table_setn(r->subprocess_env, "KRBTKFILE", tkt_file_p);
if (!conf->krb_save_credentials)
-@@ -677,7 +700,8 @@
+@@ -677,7 +701,8 @@
static krb5_error_code
verify_krb5_user(request_rec *r, krb5_context context, krb5_principal principal,
const char *password, krb5_principal server,
@@ -124,7 +136,18 @@
{
krb5_creds creds;
krb5_get_init_creds_opt options;
-@@ -926,7 +950,6 @@
+@@ -869,8 +894,8 @@
+ }
+
+ apr_table_setn(r->subprocess_env, "KRB5CCNAME", ccname);
+- apr_pool_cleanup_register(r->pool, ccname, krb5_cache_cleanup,
+- apr_pool_cleanup_null);
++ apr_pool_cleanup_register(r->connection->pool, ccname, krb5_cache_cleanup,
++ apr_pool_cleanup_null);
+
+ *ccache = tmp_ccache;
+ tmp_ccache = NULL;
+@@ -926,7 +951,6 @@
return OK;
}
@@ -132,7 +155,7 @@
static int
authenticate_user_krb5pwd(request_rec *r,
kerb_auth_config *conf,
-@@ -1061,7 +1084,7 @@
+@@ -1061,7 +1085,7 @@
goto end;
}
MK_USER = apr_pstrdup (r->pool, name);
@@ -141,7 +164,7 @@
free(name);
if (conf->krb_save_credentials)
-@@ -1280,6 +1303,7 @@
+@@ -1280,6 +1304,7 @@
return 0;
}
@@ -149,7 +172,7 @@
static int
cmp_gss_type(gss_buffer_t token, gss_OID oid)
{
-@@ -1306,6 +1330,7 @@
+@@ -1306,6 +1331,7 @@
return memcmp(p, oid->elements, oid->length);
}
@@ -157,7 +180,7 @@
static int
authenticate_user_gss(request_rec *r, kerb_auth_config *conf,
-@@ -1438,15 +1463,15 @@
+@@ -1438,15 +1464,15 @@
goto end;
}
@@ -178,7 +201,7 @@
major_status = gss_display_name(&minor_status, client_name, &output_token, NULL);
gss_release_name(&minor_status, &client_name);
-@@ -1549,13 +1574,13 @@
+@@ -1549,28 +1575,52 @@
#endif /* KRB5 */
static krb5_conn_data *
@@ -195,7 +218,24 @@
r->connection->id);
if (apr_pool_userdata_get((void**)&conn_data, keyname, r->connection->pool) != 0)
-@@ -1571,6 +1596,24 @@
+ return NULL;
+
+- if(conn_data) {
+- if(strcmp(conn_data->authline, auth_line) == 0) {
+- log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "matched previous auth request");
+- return conn_data;
++ if(conn_data && conn_data->ccname != NULL) {
++ apr_finfo_t finfo;
++
++ if (apr_stat(&finfo, conn_data->ccname + strlen("FILE:"),
++ APR_FINFO_NORM, r->pool) == APR_SUCCESS
++ && (finfo.valid & APR_FINFO_TYPE)
++ && finfo.filetype == APR_REG) {
++ log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "matched previous auth request");
++ return conn_data;
+ }
+ }
+ return NULL;
}
static void
@@ -208,6 +248,7 @@
+ prevauth->user = apr_pstrdup(r->connection->pool, MK_USER);
+ prevauth->authline = apr_pstrdup(r->connection->pool, auth_line);
+ prevauth->mech = apr_pstrdup(r->connection->pool, auth_type);
++ prevauth->ccname = apr_pstrdup(r->connection->pool, apr_table_get(r->subprocess_env, "KRB5CCNAME"));
+ prevauth->last_return = ret;
+
+ snprintf(keyname, sizeof(keyname) - 1,
@@ -220,7 +261,7 @@
set_kerb_auth_headers(request_rec *r, const kerb_auth_config *conf,
int use_krb4, int use_krb5pwd, char *negotiate_ret_value)
{
-@@ -1607,51 +1650,16 @@
+@@ -1607,51 +1657,16 @@
}
static int
@@ -279,7 +320,7 @@
if (!auth_line) {
set_kerb_auth_headers(r, conf, use_krb4, use_krb5,
(use_krb5) ? "\0" : NULL);
-@@ -1669,60 +1677,108 @@
+@@ -1669,60 +1684,110 @@
#endif
(strcasecmp(auth_type, "Basic") == 0))
return DECLINED;
@@ -319,6 +360,8 @@
+ ret = prevauth->last_return;
+ MK_USER = prevauth->user;
+ MK_AUTH_TYPE = prevauth->mech;
++ if (prevauth->ccname)
++ apr_table_setn(r->subprocess_env, "KRB5CCNAME", prevauth->ccname);
}
/*
@@ -336,30 +379,30 @@
- apr_pool_userdata_set(prevauth, keyname, NULL, r->connection->pool);
+ if(!prevauth) {
+ save_authorized(r, auth_line, auth_type, ret);
-+ }
-+
-+ if (ret == OK && conf->krb5_do_auth_to_local) {
-+ ret = do_krb5_an_to_ln(r);
}
-+ return ret;
-+}
- if (ret == OK && conf->krb5_do_auth_to_local)
- ret = do_krb5_an_to_ln(r);
++ if (ret == OK && conf->krb5_do_auth_to_local) {
++ ret = do_krb5_an_to_ln(r);
++ }
++ return ret;
++}
++
+static authn_status authn_krb_password(request_rec *r, const char *user,
+ const char *password)
+{
+ char *auth_line = NULL;
+ int ret;
+ const char *type = NULL;
-+
+
+- /* XXX log_debug: if ret==OK, log(user XY authenticated) */
+ type = ap_auth_type(r);
+ auth_line = ap_pbase64encode (r->pool, apr_psprintf(r->pool, "%s:%s", user, password));
+ auth_line = apr_psprintf(r->pool, "Basic %s", auth_line);
+
+ ret = authenticate_user(r, auth_line, type, 1, 1);
-
-- /* XXX log_debug: if ret==OK, log(user XY authenticated) */
++
+ if (ret == OK) return AUTH_GRANTED;
+ else return AUTH_USER_NOT_FOUND;
+}
@@ -415,7 +458,7 @@
have_rcache_type(const char *type)
{
krb5_error_code ret;
-@@ -1805,6 +1861,12 @@
+@@ -1805,6 +1870,12 @@
static void
kerb_register_hooks(apr_pool_t *p)
{