diff options
Diffstat (limited to 'www-apache')
14 files changed, 54 insertions, 958 deletions
diff --git a/www-apache/mod_auth_kerb/Manifest b/www-apache/mod_auth_kerb/Manifest index 3ed95512a686..866e9f8c6ed7 100644 --- a/www-apache/mod_auth_kerb/Manifest +++ b/www-apache/mod_auth_kerb/Manifest @@ -1,16 +1,8 @@ AUX 11_mod_auth_kerb.conf 338 SHA256 6e07afc54b27fe6947bfdf32ac55d01f9df3deba1015078ac98a52381eabdb62 SHA512 82ea692ed8189bb3255347d5d7829f84c8b3edc66e9d99c974f9c8ed56227a60b8925eee11f027fbd694ef1be8d09ff3f4b92e96cd68a77cea84e6e237048c53 WHIRLPOOL d778c16f29ee4e9b0ffba179f2d8a171e0064469f96e605fa1097157695ea6ba957f58af87bf572ce087b38b2628a69f4f42741e2bd6d6f104538c19ca95459d -AUX mod_auth_kerb-5.4-cachedir.patch 608 SHA256 570c9144c442ee6ef5e7cb6f6f0e7aa645fceb0693e53aa91274ac6bf397f10c SHA512 8dbb61a84fa7fb76787f71de9c70f4d41b0dd1245eff594131f1569a64331ea3bcb055d0dba178eeee71e2a125fae649561009a43b9f81c1eac08eb912dd4400 WHIRLPOOL b45bdc2f9b347356d1299ab453c37bea01865c94b7a7aac7eb93ee495ee286d0777cbd8351b1c7c8b491f4746c8d1bf783fe832b9698f2394df83454bdb9c0d2 -AUX mod_auth_kerb-5.4-delegation.patch 2589 SHA256 1c4625e1de2904957ac156df220d8d6898d89cdc4712772bd02e564673bb87b9 SHA512 c0193da69cc5a77bf4099f45e981a97af1ce1f4ca2d989aa18421aff285e9ac5693422d3755f15157cb2161af49960a6c16d773a2a60f1dcca30a73703422b7f WHIRLPOOL 5182f41e05cce675bb2aeae85ba76c4128f620067a34291fed450112cc4cf77c2635359ef18a6d6f501aa92b40d265d480fd2ea4a25207049277af2354478d7d -AUX mod_auth_kerb-5.4-fixes.patch 1098 SHA256 1f9a21ff56473783c27cf69d78bb0618768447c71749522e39ba83c727c81335 SHA512 4881deb0accbd1ebff88a210036f2c66d443625727580ca25a8a403a96a8fa39edc2a01769584a474d1a1dbf028438a754319c3e318b2bef9114db754d542112 WHIRLPOOL 3685d3934e3a5032fafc5acae83f5574e6f493530f5d4a5c95cb8e982d6c5a1f7dc2bed0b5a6ec9004dc903c43fa80d7ee88bd60cbd5564481b80db7cd7902b1 -AUX mod_auth_kerb-5.4-handle-continue.patch 735 SHA256 24d1cc7f12be73a3f99f3943ac7171d9a87d1bb959a3d7f225e9f92109f7964d SHA512 583a10d7790987e50a9ac7c602466007f38469b38f7d3da8761c342c8ba900a18b4ff800cd2b4e82bfdb3927f14fbf09c0684b315f08e4b9604068d8a29442d8 WHIRLPOOL 86401b48be24fdd06c10ffe8bc28f74888219002b26b7919622864c0a53141e48d7db59dc7ed980dfee9290a28c2cafbe83ecfc8e05854ce967f93dcd0a54a98 -AUX mod_auth_kerb-5.4-heimdal.patch 346 SHA256 0753e55546ecd1f8843a9c350aac9e6f0012f1145bc7845947e07cb0f6a9194f SHA512 27d82783e677ec238189e5ff7844529e433502e435afcf8cfc59c3a6b2b49083c5cdb339d87316b18874057f59b43a9f08bcc1fc6863e27fe7f5ce6307db46e7 WHIRLPOOL 5bf0626a72b3639b1819fd531a216585e946d778325e1f2d0b17b29c41ef983db7793594d274c674ce035c070ff8b5be63450c6231983a7d7d5891da74cb6381 -AUX mod_auth_kerb-5.4-httpd24.patch 2622 SHA256 b98c3a8720fac455f1cf78d1bf4219aef0bc49ce269d79de783db6401bed2668 SHA512 739ffc704286630af557487f93f9cbb0786ab62401fcf20b0d22dcc991388a0691bb94422f80db9fa85bfe926b28bbf96dcb5149e48118f978a38aff52856bf7 WHIRLPOOL 6c8fafa301d041b7d7816122511df9243a6f5bb947c219d35618eafcbedffb576fdff7f4a368f6ecd27eae1222f3449731baee44caa9b46757f5e0b074a16ffa -AUX mod_auth_kerb-5.4-longuser.patch 1007 SHA256 3de2bdab5980381ba8a65f4f04931edddf1ff35f345a30ea65383a7368e01f8b SHA512 0ffd82fddb6bd9eff466c7a11f5221c5006814e8ca99aef1de48dae4537ce0d11c718506d84be572f116e74d10bb9031021ddc17a65bfc86e42edbaf77063617 WHIRLPOOL 307cef9246fe5ecdf62730898798e1af4beb2f55ff5d27017562d8f53398233cc66b9f035fa3281e47702ae2bd9ea967d28f2f71274a2a60565417c5721599c3 -AUX mod_auth_kerb-5.4-rcopshack.patch 2244 SHA256 813ad49f9c0aa8495e716a7ed902bfcef4282cb10793112ad0e92b667620e33c SHA512 4da4e51baec036fdf035ee6f215453129b4b93a7733887834c08c0c5a7610ebe8e0981ad34a5cd5ed86af58c926bd65417fe09f64ce42d56b41e5051b96f6ca5 WHIRLPOOL 18ee97dc4bab314b1943778c74c660878a8477520e5cad69e78d0e2b2c39076254cd81973987e42ee1ed8b113dcee4949b81de0976f7e4d025e29753cd952b3a -AUX mod_auth_kerb-5.4-s4u2proxy.patch 20821 SHA256 e23924f9c3424f535cd244e88a775dfcb6dae728a39d4fd86e775a057fed4463 SHA512 077230aa39efa52b31ed289edabc4fcfe5887fa249fcc6fdab82e1e7ac1f996bad6e04991ee7ce4c139b4cb1a411a365a710e47a6f1d6b7634914640227c7bc9 WHIRLPOOL 9eb0ad364e60335a0389390b5a258ee75da5089a9007db5e8bea5cfbce1e57fabb7145fb42582d25d90bae9453ded056aaf8d8a39d19b726b16a197532e7d301 AUX mod_auth_kerb.conf 40 SHA256 d807aa047581efc57df9737d6313a50e0e6d1f7c87f71066cc4db7560575dceb SHA512 fd21cb7d6da1ac4ce5becab4e3c72a56245878625990ebddbf1d612a3b9cc273a6b3e87509db59ed67e934b5834c3db10914118982cb77a6b8220b0f65cd6e1d WHIRLPOOL 8e53b796562e6e6045a04a5b1f78949927660d79ac9b13335e0e386054020d6c59df2ad02d589eb621498688a9e058835ad87fdedf24753313a0ca6359d1a8a5 +DIST mod_auth_kerb-5.4-gentoo-patchset.tar.bz2 8717 SHA256 bc0445e337c88906bd254c26726ad3a1e45e613cf2058b402c944209550d9160 SHA512 3909c2677b30790cc17c0d8843feaa00d9acd14a012672443a887c0e88473d6b1572ba045e1491bcab53cbacff193c11cfe15e63ef1046cfcdf1f4ab60e0ac57 WHIRLPOOL 27bcb65e03d5148861a806f0bbb29550e8ab06145281fdf09064328be12a6c2242d46d3e69042be2b2ee6f17198acbdc3ec6c3709ea4341c08e4cc12fe1f4492 DIST mod_auth_kerb-5.4.tar.gz 93033 SHA256 690ddd66c6d941e2fa2dada46588329a6f57d0a3b9b2fd9bf055ebc427558265 SHA512 93fdf0e43af1c24e8c8204d09240b708747068ef99dd8d21b45cb4d132d31e6d582d49ea5e23b905f55cb0d4a20b1ecb58de1bcbfdad1d016e536fc622b63214 WHIRLPOOL 1b92217b7cf66d731a72cf9d58f188002ccadd75fc3d9075290347e6b4f1511111d3cff147fab73616951cbdb9430e8038adf5c4e204d374886bec3be69ff51c -EBUILD mod_auth_kerb-5.4-r2.ebuild 1113 SHA256 3cb7a94ff968c77de9732f290d2129ed875c8bf06c710a7e6989d7d04e6b3e9f SHA512 4eb53033a6f8ed7a8352c191af9619b6e5c383981c4fad1b92f81f70780673e28ebf276a81268f62ffc564cf4806bee6b57a23281c0917bb6057b94cc94d80ed WHIRLPOOL 72b28187340ce8c1d3daa011d27c706b12cc45b35b03b8f1750023377b53d9eb7eb940df786de0a9bcac8dd1451f4d75d81ed5fb7b3137155b00124c73c667d7 +EBUILD mod_auth_kerb-5.4-r2.ebuild 1359 SHA256 e452ef0c2fb910d6403ae9214de8d9fb0cb04ee0fa9874b08eaabe9fcef56bf9 SHA512 46975625adab3e34d073687531ce2144d19da49ead2883bd4f6dccdd49f2b8bb2621d588837c0eded8d98322711674e8d3784ec92edfdb957868a486afc68285 WHIRLPOOL 4e011bf4331949b983545eff03cd2c136ebc370fe2489a8d0dc74303c277c65956281686e00fcbbf1a408c1ebd76facbbf3c7c8ae3436559a09246e6481eb5bf MISC ChangeLog 3948 SHA256 9760cbfaffb0b7511e2194e454fce9007faae8e4d2f6cc4a3c3b918ef3579df5 SHA512 0928e2e233e840a165f26431870eb7b4b0d71df7a616f18360f5362692b5f2cf607c2d60f3bfde3c67e81254156d864e8d6c910d1329c346f55ad08165ddab98 WHIRLPOOL 40908fe1bfd0ad4304d8e86eed4214344e8891ee65d6ca2c9663e1e77fe5fcd4ad9b132d34a22dbb864b9fba4f378ce57253b98460cdef582682a6a47195fb87 MISC ChangeLog-2015 7430 SHA256 2547eec2bd3ac5bf0819f600b44b0723bf40d66f88437a5bcb5f0fa617f674d6 SHA512 b7a9dab3427c39f647eb1e8eeb6187eaada17424cf4b9c67d5dbf21293f4b7eeb5aa27c6198a6e9063f0863112c882c90cfc80c691352a60eb278a34f153f1f3 WHIRLPOOL 3394a7727edf1ac8ee1d334999e3eb6af597a0c16994ef44f92d37f4c3ccb7ab0162c54e90d3d055e99cc54ca1ca142e4a10b6d0fdfa78a8a9d3a5ae51e9e3ec MISC metadata.xml 248 SHA256 9cdc0bd0462305a9cfe7da218b0fa9bc5c1c96da826c39a0840771422ce3b940 SHA512 f46a08a90200cc49b6389361c42fc1580504fcbb3ce3ce817916a6c6ae1c9b700f3dcbfa95e7b1284372c6cd5e51c7d93ea9076c5c26fa3b02f1ad7e1c053c36 WHIRLPOOL 399ed860a092dc9f6154c46ef396f816b507721446fc5713ed4d1cf33e9793ef05209ebd029f86295571f0ce89b5739cad9aac73d8d405b0610f9a57b7097f6d diff --git a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-cachedir.patch b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-cachedir.patch deleted file mode 100644 index ebc435824c4b..000000000000 --- a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-cachedir.patch +++ /dev/null @@ -1,15 +0,0 @@ - -Per https://bugzilla.redhat.com//show_bug.cgi?id=796430 -switch the cache dir to be relative to runtimedir. - ---- mod_auth_kerb-5.4/src/mod_auth_kerb.c.cachedir -+++ mod_auth_kerb-5.4/src/mod_auth_kerb.c -@@ -891,7 +891,7 @@ create_krb5_ccache(krb5_context kcontext - int ret; - krb5_ccache tmp_ccache = NULL; - -- ccname = apr_psprintf(r->connection->pool, "FILE:%s/krb5cc_apache_XXXXXX", P_tmpdir); -+ ccname = apr_pstrdup(r->connection->pool, "FILE:/run/httpd/krbcache/krb5cc_apache_XXXXXX"); - fd = mkstemp(ccname + strlen("FILE:")); - if (fd < 0) { - log_rerror(APLOG_MARK, APLOG_ERR, 0, r, diff --git a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-delegation.patch b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-delegation.patch deleted file mode 100644 index a01e9f21e435..000000000000 --- a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-delegation.patch +++ /dev/null @@ -1,68 +0,0 @@ - -https://bugzilla.redhat.com/show_bug.cgi?id=688210 - ---- mod_auth_kerb-5.4/src/mod_auth_kerb.c.delegation -+++ mod_auth_kerb-5.4/src/mod_auth_kerb.c -@@ -209,6 +209,7 @@ typedef struct krb5_conn_data { - char *authline; - char *user; - char *mech; -+ char *ccname; - int last_return; - } krb5_conn_data; - -@@ -875,7 +876,7 @@ create_krb5_ccache(krb5_context kcontext - int ret; - krb5_ccache tmp_ccache = NULL; - -- ccname = apr_psprintf(r->pool, "FILE:%s/krb5cc_apache_XXXXXX", P_tmpdir); -+ ccname = apr_psprintf(r->connection->pool, "FILE:%s/krb5cc_apache_XXXXXX", P_tmpdir); - fd = mkstemp(ccname + strlen("FILE:")); - if (fd < 0) { - log_rerror(APLOG_MARK, APLOG_ERR, 0, r, -@@ -905,7 +906,7 @@ create_krb5_ccache(krb5_context kcontext - } - - apr_table_setn(r->subprocess_env, "KRB5CCNAME", ccname); -- apr_pool_cleanup_register(r->pool, ccname, krb5_cache_cleanup, -+ apr_pool_cleanup_register(r->connection->pool, ccname, krb5_cache_cleanup, - apr_pool_cleanup_null); - - *ccache = tmp_ccache; -@@ -1866,10 +1868,15 @@ already_succeeded(request_rec *r, char * - if (apr_pool_userdata_get((void**)&conn_data, keyname, r->connection->pool) != 0) - return NULL; - -- if(conn_data) { -- if(strcmp(conn_data->authline, auth_line) == 0) { -- log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "matched previous auth request"); -- return conn_data; -+ if(conn_data && conn_data->ccname != NULL) { -+ apr_finfo_t finfo; -+ -+ if (apr_stat(&finfo, conn_data->ccname + strlen("FILE:"), -+ APR_FINFO_NORM, r->pool) == APR_SUCCESS -+ && (finfo.valid & APR_FINFO_TYPE) -+ && finfo.filetype == APR_REG) { -+ log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "matched previous auth request"); -+ return conn_data; - } - } - return NULL; -@@ -2001,6 +2008,8 @@ kerb_authenticate_user(request_rec *r) - ret = prevauth->last_return; - MK_USER = prevauth->user; - MK_AUTH_TYPE = prevauth->mech; -+ if (prevauth->ccname) -+ apr_table_setn(r->subprocess_env, "KRB5CCNAME", prevauth->ccname); - } - - /* -@@ -2011,6 +2020,7 @@ kerb_authenticate_user(request_rec *r) - prevauth->user = apr_pstrdup(r->connection->pool, MK_USER); - prevauth->authline = apr_pstrdup(r->connection->pool, auth_line); - prevauth->mech = apr_pstrdup(r->connection->pool, auth_type); -+ prevauth->ccname = apr_pstrdup(r->connection->pool, apr_table_get(r->subprocess_env, "KRB5CCNAME")); - prevauth->last_return = ret; - snprintf(keyname, sizeof(keyname) - 1, - "mod_auth_kerb::connection::%s::%ld", diff --git a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-fixes.patch b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-fixes.patch deleted file mode 100644 index b86be697ae06..000000000000 --- a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-fixes.patch +++ /dev/null @@ -1,40 +0,0 @@ - -Compiler warning fixes. - ---- mod_auth_kerb-5.4/src/mod_auth_kerb.c.fixes -+++ mod_auth_kerb-5.4/src/mod_auth_kerb.c -@@ -677,7 +677,8 @@ end: - static krb5_error_code - verify_krb5_user(request_rec *r, krb5_context context, krb5_principal principal, - const char *password, krb5_principal server, -- krb5_keytab keytab, int krb_verify_kdc, char *krb_service_name, krb5_ccache *ccache) -+ krb5_keytab keytab, int krb_verify_kdc, -+ const char *krb_service_name, krb5_ccache *ccache) - { - krb5_creds creds; - krb5_get_init_creds_opt options; -@@ -1280,6 +1281,7 @@ get_gss_creds(request_rec *r, - return 0; - } - -+#ifndef GSSAPI_SUPPORTS_SPNEGO - static int - cmp_gss_type(gss_buffer_t token, gss_OID oid) - { -@@ -1306,6 +1308,7 @@ cmp_gss_type(gss_buffer_t token, gss_OID - - return memcmp(p, oid->elements, oid->length); - } -+#endif - - static int - authenticate_user_gss(request_rec *r, kerb_auth_config *conf, -@@ -1722,7 +1725,7 @@ kerb_authenticate_user(request_rec *r) - return ret; - } - --int -+static int - have_rcache_type(const char *type) - { - krb5_error_code ret; diff --git a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-handle-continue.patch b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-handle-continue.patch deleted file mode 100644 index 4b77a497f4ce..000000000000 --- a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-handle-continue.patch +++ /dev/null @@ -1,20 +0,0 @@ -diff --git a/src/mod_auth_kerb.c b/src/mod_auth_kerb.c -index 2aab5ee..ca81878 100644 ---- a/src/mod_auth_kerb.c -+++ b/src/mod_auth_kerb.c -@@ -1744,7 +1744,6 @@ authenticate_user_gss(request_rec *r, kerb_auth_config *conf, - goto end; - } - --#if 0 - /* This is a _Kerberos_ module so multiple authentication rounds aren't - * supported. If we wanted a generic GSS authentication we would have to do - * some magic with exporting context etc. */ -@@ -1752,7 +1751,6 @@ authenticate_user_gss(request_rec *r, kerb_auth_config *conf, - ret = HTTP_UNAUTHORIZED; - goto end; - } --#endif - - major_status = gss_display_name(&minor_status, client_name, &output_token, NULL); - gss_release_name(&minor_status, &client_name); diff --git a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-heimdal.patch b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-heimdal.patch deleted file mode 100644 index a5d3d4ba62cd..000000000000 --- a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-heimdal.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- mod_auth_kerb-5.4/src/mod_auth_kerb.c 2010-10-04 16:21:22.169285716 +0200 -+++ mod_auth_kerb-5.4.new/src/mod_auth_kerb.c 2010-10-04 16:20:41.584250095 +0200 -@@ -89,6 +89,7 @@ - #include <krb5.h> - #ifdef HEIMDAL - # include <gssapi.h> -+# include <gssapi/gssapi_krb5.h> - #else - # include <gssapi/gssapi.h> - # include <gssapi/gssapi_generic.h> diff --git a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-httpd24.patch b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-httpd24.patch deleted file mode 100644 index 86c9b47d6bd3..000000000000 --- a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-httpd24.patch +++ /dev/null @@ -1,75 +0,0 @@ - -Fixes for 2.4 API. - ---- mod_auth_kerb-5.4/src/mod_auth_kerb.c.httpd24 -+++ mod_auth_kerb-5.4/src/mod_auth_kerb.c -@@ -179,6 +179,16 @@ static apr_global_mutex_t *s4u2proxy_loc - #define PROXYREQ_PROXY STD_PROXY - #endif - -+#if MODULE_MAGIC_NUMBER_MAJOR >= 20100606 -+/* 2.4.x or later */ -+#define WITH_HTTPD24 1 -+#define client_ip(r) ((r)->useragent_ip) -+APLOG_USE_MODULE(auth_kerb); -+#else -+#define client_ip(r) ((r)->connection->remote_ip) -+#define ap_unixd_set_global_mutex_perms unixd_set_global_mutex_perms -+#endif -+ - /*************************************************************************** - Auth Configuration Structure - ***************************************************************************/ -@@ -383,7 +393,11 @@ cmd_delegationlock(cmd_parms *cmd, void - } - - static void --log_rerror(const char *file, int line, int level, int status, -+log_rerror(const char *file, int line, -+#ifdef WITH_HTTPD24 -+ int module_index, -+#endif -+ int level, int status, - const request_rec *r, const char *fmt, ...) - { - char errstr[1024]; -@@ -394,7 +408,9 @@ log_rerror(const char *file, int line, i - va_end(ap); - - --#ifdef STANDARD20_MODULE_STUFF -+#if defined(WITH_HTTPD24) -+ ap_log_rerror(file, line, module_index, level, status, r, "%s", errstr); -+#elif defined(STANDARD20_MODULE_STUFF) - ap_log_rerror(file, line, level | APLOG_NOERRNO, status, r, "%s", errstr); - #else - ap_log_rerror(file, line, level | APLOG_NOERRNO, r, "%s", errstr); -@@ -1860,8 +1876,8 @@ already_succeeded(request_rec *r, char * - char keyname[1024]; - - snprintf(keyname, sizeof(keyname) - 1, -- "mod_auth_kerb::connection::%s::%ld", r->connection->remote_ip, -- r->connection->id); -+ "mod_auth_kerb::connection::%s::%ld", client_ip(r), -+ r->connection->id); - - if (apr_pool_userdata_get((void**)&conn_data, keyname, r->connection->pool) != 0) - return NULL; -@@ -2014,7 +2030,7 @@ kerb_authenticate_user(request_rec *r) - prevauth->last_return = ret; - snprintf(keyname, sizeof(keyname) - 1, - "mod_auth_kerb::connection::%s::%ld", -- r->connection->remote_ip, r->connection->id); -+ client_ip(r), r->connection->id); - apr_pool_userdata_set(prevauth, keyname, NULL, r->connection->pool); - } - -@@ -2073,7 +2089,7 @@ s4u2proxylock_create(server_rec *s, apr_ - } - - #ifdef AP_NEED_SET_MUTEX_PERMS -- rc = unixd_set_global_mutex_perms(s4u2proxy_lock); -+ rc = ap_unixd_set_global_mutex_perms(s4u2proxy_lock); - if (rc != APR_SUCCESS) { - ap_log_error(APLOG_MARK, APLOG_CRIT, rc, s, - "mod_auth_kerb: Parent could not set permissions " diff --git a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-longuser.patch b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-longuser.patch deleted file mode 100644 index 100fd364af85..000000000000 --- a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-longuser.patch +++ /dev/null @@ -1,31 +0,0 @@ - -https://bugzilla.redhat.com/show_bug.cgi?id=867153 - -Patch by: jkaluza - ---- mod_auth_kerb-5.4/src/mod_auth_kerb.c.longuser -+++ mod_auth_kerb-5.4/src/mod_auth_kerb.c -@@ -80,6 +80,7 @@ - - #define MECH_NEGOTIATE "Negotiate" - #define SERVICE_NAME "HTTP" -+#define MAX_LOCAL_USERNAME 255 - - #include <httpd.h> - #include <http_config.h> -@@ -1815,13 +1816,13 @@ do_krb5_an_to_ln(request_rec *r) { - krb5_get_err_text(kcontext, code)); - goto end; - } -- MK_USER_LNAME = apr_pcalloc(r->pool, strlen(MK_USER)+1); -+ MK_USER_LNAME = apr_pcalloc(r->pool, MAX_LOCAL_USERNAME+1); - if (MK_USER_LNAME == NULL) { - log_rerror(APLOG_MARK, APLOG_ERR, 0, r, - "ap_pcalloc() failed (not enough memory)"); - goto end; - } -- code = krb5_aname_to_localname(kcontext, client, strlen(MK_USER), MK_USER_LNAME); -+ code = krb5_aname_to_localname(kcontext, client, MAX_LOCAL_USERNAME, MK_USER_LNAME); - if (code) { - if (code != KRB5_LNAME_NOTRANS) { - log_rerror(APLOG_MARK, APLOG_ERR, 0, r, diff --git a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-rcopshack.patch b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-rcopshack.patch deleted file mode 100644 index abbf4dba47b2..000000000000 --- a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-rcopshack.patch +++ /dev/null @@ -1,73 +0,0 @@ - -Remove the Krb5 1.3.x-specific hack which mucks about with -libkrb5 internals, and shouldn't. - ---- mod_auth_kerb-5.4/src/mod_auth_kerb.c.rcopshack -+++ mod_auth_kerb-5.4/src/mod_auth_kerb.c -@@ -285,34 +285,6 @@ mkstemp(char *template) - } - #endif - --#if defined(KRB5) && !defined(HEIMDAL) --/* Needed to work around problems with replay caches */ --#include "mit-internals.h" -- --/* This is our replacement krb5_rc_store function */ --static krb5_error_code KRB5_LIB_FUNCTION --mod_auth_kerb_rc_store(krb5_context context, krb5_rcache rcache, -- krb5_donot_replay_internal *donot_replay) --{ -- return 0; --} -- --/* And this is the operations vector for our replay cache */ --const krb5_rc_ops_internal mod_auth_kerb_rc_ops = { -- 0, -- "dfl", -- krb5_rc_dfl_init, -- krb5_rc_dfl_recover, -- krb5_rc_dfl_destroy, -- krb5_rc_dfl_close, -- mod_auth_kerb_rc_store, -- krb5_rc_dfl_expunge, -- krb5_rc_dfl_get_span, -- krb5_rc_dfl_get_name, -- krb5_rc_dfl_resolve --}; --#endif -- - /*************************************************************************** - Auth Configuration Initialization - ***************************************************************************/ -@@ -1252,31 +1224,6 @@ get_gss_creds(request_rec *r, - return HTTP_INTERNAL_SERVER_ERROR; - } - --#ifndef HEIMDAL -- /* -- * With MIT Kerberos 5 1.3.x the gss_cred_id_t is the same as -- * krb5_gss_cred_id_t and krb5_gss_cred_id_rec contains a pointer to -- * the replay cache. -- * This allows us to override the replay cache function vector with -- * our own one. -- * Note that this is a dirty hack to get things working and there may -- * well be unknown side-effects. -- */ -- { -- krb5_gss_cred_id_t gss_creds = (krb5_gss_cred_id_t) *server_creds; -- -- /* First we try to verify we are linked with 1.3.x to prevent from -- crashing when linked with 1.4.x */ -- if (gss_creds && (gss_creds->usage == GSS_C_ACCEPT)) { -- if (gss_creds->rcache && gss_creds->rcache->ops && -- gss_creds->rcache->ops->type && -- memcmp(gss_creds->rcache->ops->type, "dfl", 3) == 0) -- /* Override the rcache operations */ -- gss_creds->rcache->ops = &mod_auth_kerb_rc_ops; -- } -- } --#endif -- - return 0; - } - diff --git a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-s4u2proxy.patch b/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-s4u2proxy.patch deleted file mode 100644 index 07a6e3b7c8ef..000000000000 --- a/www-apache/mod_auth_kerb/files/mod_auth_kerb-5.4-s4u2proxy.patch +++ /dev/null @@ -1,601 +0,0 @@ - -Add S4U2Proxy feature: - -http://sourceforge.net/mailarchive/forum.php?thread_name=4EE665D1.3000308%40redhat.com&forum_name=modauthkerb-help - -The attached patches add support for using s4u2proxy -(http://k5wiki.kerberos.org/wiki/Projects/Services4User) to allow the -web service to obtain credentials on behalf of the authenticated user. - -The first patch adds basic support for s4u2proxy. This requires the web -administrator to manually create and manage the credentails cache for -the apache user (via a cron job, for example). - -The second patch builds on this and makes mod_auth_kerb manage the -ccache instead. - -These are patches against the current CVS HEAD (mod_auth_krb 5.4). - -I've added a new module option to enable this support, -KrbConstrainedDelegation. The default is off. - -diff -up --recursive mod_auth_kerb-5.4.orig/README mod_auth_kerb-5.4/README ---- mod_auth_kerb-5.4.orig/README 2008-11-26 11:51:05.000000000 -0500 -+++ mod_auth_kerb-5.4/README 2014-01-21 13:46:21.482223432 -0500 -@@ -122,4 +122,16 @@ KrbSaveCredentials, the tickets will be - credential cache that will be available for the request handler. The ticket - file will be removed after request is handled. - -+Constrained Delegation -+---------------------- -+S4U2Proxy, or constrained delegation, enables a service to use a client's -+ticket to itself to request another ticket for delegation. The KDC -+checks krbAllowedToDelegateTo to decide if it will issue a new ticket. -+If KrbConstrainedDelegation is enabled the server will use its own credentials -+to retrieve a delegated ticket for the user. For this to work the user must -+have a forwardable ticket (though the delegation flag need not be set). -+The server needs a valid credentials cache for this to work. -+ -+The module itself will obtain and manage the necessary credentials. -+ - $Id: README,v 1.12 2008/09/17 14:01:55 baalberith Exp $ -diff -up --recursive mod_auth_kerb-5.4.orig/src/mod_auth_kerb.c mod_auth_kerb-5.4/src/mod_auth_kerb.c ---- mod_auth_kerb-5.4.orig/src/mod_auth_kerb.c 2014-01-21 13:45:21.605538007 -0500 -+++ mod_auth_kerb-5.4/src/mod_auth_kerb.c 2014-01-21 13:46:46.746668762 -0500 -@@ -42,6 +42,31 @@ - * POSSIBILITY OF SUCH DAMAGE. - */ - -+/* -+ * Locking mechanism inspired by mod_rewrite. -+ * -+ * Licensed to the Apache Software Foundation (ASF) under one or more -+ * contributor license agreements. See the NOTICE file distributed with -+ * this work for additional information regarding copyright ownership. -+ * The ASF licenses this file to You under the Apache License, Version 2.0 -+ * (the "License"); you may not use this file except in compliance with -+ * the License. You may obtain a copy of the License at -+ * -+ * http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * Unless required by applicable law or agreed to in writing, software -+ * distributed under the License is distributed on an "AS IS" BASIS, -+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+ * See the License for the specific language governing permissions and -+ * limitations under the License. -+ */ -+ -+/* -+ * S4U2Proxy code -+ * -+ * Copyright (C) 2012 Red Hat -+ */ -+ - #ident "$Id: mod_auth_kerb.c,v 1.150 2008/12/04 10:14:03 baalberith Exp $" - - #include "config.h" -@@ -49,6 +74,7 @@ - #include <stdlib.h> - #include <stdio.h> - #include <stdarg.h> -+#include <unixd.h> - - #define MODAUTHKERB_VERSION "5.4" - -@@ -131,6 +157,12 @@ module AP_MODULE_DECLARE_DATA auth_kerb_ - module auth_kerb_module; - #endif - -+#ifdef STANDARD20_MODULE_STUFF -+/* s4u2proxy only supported in 2.0+ */ -+static const char *lockname; -+static apr_global_mutex_t *s4u2proxy_lock = NULL; -+#endif -+ - /*************************************************************************** - Macros To Ease Compatibility - ***************************************************************************/ -@@ -165,6 +197,7 @@ typedef struct { - int krb_method_gssapi; - int krb_method_k5pass; - int krb5_do_auth_to_local; -+ int krb5_s4u2proxy; - #endif - #ifdef KRB4 - char *krb_4_srvtab; -@@ -185,6 +218,11 @@ set_kerb_auth_headers(request_rec *r, co - - static const char* - krb5_save_realms(cmd_parms *cmd, void *sec, const char *arg); -+static const char * -+cmd_delegationlock(cmd_parms *cmd, void *dconf, const char *a1); -+ -+static int -+obtain_server_credentials(request_rec *r, const char *service_name); - - #ifdef STANDARD20_MODULE_STUFF - #define command(name, func, var, type, usage) \ -@@ -237,6 +275,12 @@ static const command_rec kerb_auth_cmds[ - - command("KrbLocalUserMapping", ap_set_flag_slot, krb5_do_auth_to_local, - FLAG, "Set to 'on' to have Kerberos do auth_to_local mapping of principal names to system user names."), -+ -+ command("KrbConstrainedDelegation", ap_set_flag_slot, krb5_s4u2proxy, -+ FLAG, "Set to 'on' to have Kerberos use S4U2Proxy delegation."), -+ -+ AP_INIT_TAKE1("KrbConstrainedDelegationLock", cmd_delegationlock, NULL, -+ RSRC_CONF, "the filename of a lockfile used for inter-process synchronization"), - #endif - - #ifdef KRB4 -@@ -302,6 +346,7 @@ static void *kerb_dir_create_config(MK_P - #endif - #ifdef KRB5 - ((kerb_auth_config *)rec)->krb5_do_auth_to_local = 0; -+ ((kerb_auth_config *)rec)->krb5_s4u2proxy = 0; - ((kerb_auth_config *)rec)->krb_method_k5pass = 1; - ((kerb_auth_config *)rec)->krb_method_gssapi = 1; - #endif -@@ -319,6 +364,24 @@ krb5_save_realms(cmd_parms *cmd, void *v - return NULL; - } - -+static const char * -+cmd_delegationlock(cmd_parms *cmd, void *dconf, const char *a1) -+{ -+ const char *error; -+ -+ if ((error = ap_check_cmd_context(cmd, GLOBAL_ONLY)) != NULL) -+ return error; -+ -+ /* fixup the path, especially for s4u2proxylock_remove() */ -+ lockname = ap_server_root_relative(cmd->pool, a1); -+ -+ if (!lockname) { -+ return apr_pstrcat(cmd->pool, "Invalid KrbConstrainedDelegationLock path ", a1, NULL); -+ } -+ -+ return NULL; -+} -+ - static void - log_rerror(const char *file, int line, int level, int status, - const request_rec *r, const char *fmt, ...) -@@ -1170,6 +1233,7 @@ get_gss_creds(request_rec *r, - gss_buffer_desc token = GSS_C_EMPTY_BUFFER; - OM_uint32 major_status, minor_status, minor_status2; - gss_name_t server_name = GSS_C_NO_NAME; -+ gss_cred_usage_t usage = GSS_C_ACCEPT; - char buf[1024]; - int have_server_princ; - -@@ -1212,10 +1276,14 @@ get_gss_creds(request_rec *r, - - log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "Acquiring creds for %s", - token.value); -+ if (conf->krb5_s4u2proxy) { -+ usage = GSS_C_BOTH; -+ obtain_server_credentials(r, conf->krb_service_name); -+ } - gss_release_buffer(&minor_status, &token); - - major_status = gss_acquire_cred(&minor_status, server_name, GSS_C_INDEFINITE, -- GSS_C_NO_OID_SET, GSS_C_ACCEPT, -+ GSS_C_NO_OID_SET, usage, - server_creds, NULL, NULL); - gss_release_name(&minor_status2, &server_name); - if (GSS_ERROR(major_status)) { -@@ -1257,6 +1325,302 @@ cmp_gss_type(gss_buffer_t token, gss_OID - } - #endif - -+/* Renew the ticket if it will expire in under a minute */ -+#define RENEWAL_TIME 60 -+ -+/* -+ * Services4U2Proxy lets a server prinicipal request another service -+ * principal on behalf of a user. To do this the Apache service needs -+ * to have its own ccache. This will ensure that the ccache has a valid -+ * principal and will initialize or renew new credentials when needed. -+ */ -+ -+static int -+verify_server_credentials(request_rec *r, -+ krb5_context kcontext, -+ krb5_ccache ccache, -+ krb5_principal princ, -+ int *renew -+) -+{ -+ krb5_creds match_cred; -+ krb5_creds creds; -+ char * princ_name = NULL; -+ char *tgs_princ_name = NULL; -+ krb5_timestamp now; -+ krb5_error_code kerr = 0; -+ -+ *renew = 0; -+ -+ memset (&match_cred, 0, sizeof(match_cred)); -+ memset (&creds, 0, sizeof(creds)); -+ -+ if (NULL == ccache || NULL == princ) { -+ /* Nothing to verify */ -+ *renew = 1; -+ goto cleanup; -+ } -+ -+ if ((kerr = krb5_unparse_name(kcontext, princ, &princ_name))) { -+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r, -+ "Could not unparse principal %s (%d)", -+ error_message(kerr), kerr); -+ goto cleanup; -+ } -+ -+ log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, -+ "Using principal %s for s4u2proxy", princ_name); -+ -+ tgs_princ_name = apr_psprintf(r->pool, "%s/%.*s@%.*s", KRB5_TGS_NAME, -+ krb5_princ_realm(kcontext, princ)->length, -+ krb5_princ_realm(kcontext, princ)->data, -+ krb5_princ_realm(kcontext, princ)->length, -+ krb5_princ_realm(kcontext, princ)->data); -+ -+ if ((kerr = krb5_parse_name(kcontext, tgs_princ_name, &match_cred.server))) -+ { -+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r, -+ "Could not parse principal %s: %s (%d)", -+ tgs_princ_name, error_message(kerr), kerr); -+ goto cleanup; -+ } -+ -+ match_cred.client = princ; -+ -+ if ((kerr = krb5_cc_retrieve_cred(kcontext, ccache, 0, &match_cred, &creds))) -+ { -+ krb5_unparse_name(kcontext, princ, &princ_name); -+ log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, -+ "Could not unparse principal %s: %s (%d)", -+ princ_name, error_message(kerr), kerr); -+ goto cleanup; -+ } -+ -+ if ((kerr = krb5_timeofday(kcontext, &now))) { -+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r, -+ "Could not get current time: %d (%s)", -+ kerr, error_message(kerr)); -+ goto cleanup; -+ } -+ -+ if (now > (creds.times.endtime + RENEWAL_TIME)) { -+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r, -+ "Credentials for %s have expired or will soon " -+ "expire - now %d endtime %d", -+ princ_name, now, creds.times.endtime); -+ *renew = 1; -+ } else { -+ log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, -+ "Credentials for %s will expire at " -+ "%d, it is now %d", princ_name, creds.times.endtime, now); -+ } -+ -+cleanup: -+ /* Closing context, ccache, etc happens elsewhere */ -+ if (match_cred.server) { -+ krb5_free_principal(kcontext, match_cred.server); -+ } -+ if (creds.client) { -+ krb5_free_cred_contents(kcontext, &creds); -+ } -+ -+ return kerr; -+} -+ -+static int -+obtain_server_credentials(request_rec *r, -+ const char *service_name) -+{ -+ krb5_context kcontext = NULL; -+ krb5_keytab keytab = NULL; -+ krb5_ccache ccache = NULL; -+ char * princ_name = NULL; -+ char *tgs_princ_name = NULL; -+ krb5_error_code kerr = 0; -+ krb5_principal princ = NULL; -+ krb5_creds creds; -+ krb5_get_init_creds_opt gicopts; -+ int renew = 0; -+ apr_status_t rv = 0; -+ -+ memset(&creds, 0, sizeof(creds)); -+ -+ if ((kerr = krb5_init_context(&kcontext))) { -+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r, -+ "Kerberos context initialization failed: %s (%d)", error_message(kerr), kerr); -+ goto done; -+ } -+ -+ if ((kerr = krb5_cc_default(kcontext, &ccache))) { -+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r, -+ "Could not get default Kerberos ccache: %s (%d)", -+ error_message(kerr), kerr); -+ goto done; -+ } -+ -+ if ((kerr = krb5_cc_get_principal(kcontext, ccache, &princ))) { -+ char * name = NULL; -+ -+ if ((asprintf(&name, "%s:%s", krb5_cc_get_type(kcontext, ccache), -+ krb5_cc_get_name(kcontext, ccache))) == -1) { -+ kerr = KRB5_CC_NOMEM; -+ goto done; -+ } -+ -+ if (KRB5_FCC_NOFILE == kerr) { -+ log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, -+ "Credentials cache %s not found, create one", name); -+ krb5_cc_close(kcontext, ccache); -+ ccache = NULL; -+ free(name); -+ } else { -+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r, -+ "Failure to open credentials cache %s: %s (%d)", -+ name, error_message(kerr), kerr); -+ free(name); -+ goto done; -+ } -+ } -+ -+ kerr = verify_server_credentials(r, kcontext, ccache, princ, &renew); -+ -+ if (kerr || !renew) { -+ goto done; -+ } -+ -+#ifdef STANDARD20_MODULE_STUFF -+ if (s4u2proxy_lock) { -+ rv = apr_global_mutex_lock(s4u2proxy_lock); -+ if (rv != APR_SUCCESS) { -+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, -+ "apr_global_mutex_lock(s4u2proxy_lock) " -+ "failed"); -+ } -+ } -+#endif -+ -+ /* We have the lock, check again to be sure another process hasn't already -+ * renewed the ticket. -+ */ -+ kerr = verify_server_credentials(r, kcontext, ccache, princ, &renew); -+ if (kerr || !renew) { -+ goto unlock; -+ } -+ -+ if (NULL == princ) { -+ if (strchr(service_name, '/') != NULL) -+ kerr = krb5_parse_name(kcontext, service_name, &princ); -+ else -+ kerr = krb5_sname_to_principal(kcontext, ap_get_server_name(r), -+ (service_name) ? service_name : SERVICE_NAME, -+ KRB5_NT_SRV_HST, &princ); -+ -+ if (kerr) { -+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r, -+ "Could not parse principal: %s (%d) ", -+ error_message(kerr), kerr); -+ goto unlock; -+ } -+ -+ if ((kerr = krb5_unparse_name(kcontext, princ, &princ_name))) { -+ log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, -+ "Could not unparse principal %s: %s (%d)", -+ princ_name, error_message(kerr), kerr); -+ } -+ } else if (NULL == princ_name) { -+ if ((kerr = krb5_unparse_name(kcontext, princ, &princ_name))) { -+ log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, -+ "Could not unparse principal %s: %s (%d)", -+ princ_name, error_message(kerr), kerr); -+ goto unlock; -+ } -+ } -+ -+ if ((kerr = krb5_kt_default(kcontext, &keytab))) { -+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r, -+ "Unable to get default keytab: %s (%d)", -+ error_message(kerr), kerr); -+ goto unlock; -+ } -+ -+ log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, -+ "Obtaining new credentials for %s", princ_name); -+ krb5_get_init_creds_opt_init(&gicopts); -+ krb5_get_init_creds_opt_set_forwardable(&gicopts, 1); -+ -+ tgs_princ_name = apr_psprintf(r->pool, "%s/%.*s@%.*s", KRB5_TGS_NAME, -+ krb5_princ_realm(kcontext, princ)->length, -+ krb5_princ_realm(kcontext, princ)->data, -+ krb5_princ_realm(kcontext, princ)->length, -+ krb5_princ_realm(kcontext, princ)->data); -+ -+ if ((kerr = krb5_get_init_creds_keytab(kcontext, &creds, princ, keytab, -+ 0, tgs_princ_name, &gicopts))) { -+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r, -+ "Failed to obtain credentials for principal %s: " -+ "%s (%d)", princ_name, error_message(kerr), kerr); -+ goto unlock; -+ } -+ -+ krb5_kt_close(kcontext, keytab); -+ keytab = NULL; -+ -+ if (NULL == ccache) { -+ if ((kerr = krb5_cc_default(kcontext, &ccache))) { -+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r, -+ "Failed to open default ccache: %s (%d)", -+ error_message(kerr), kerr); -+ goto unlock; -+ } -+ } -+ -+ if ((kerr = krb5_cc_initialize(kcontext, ccache, princ))) { -+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r, -+ "Failed to initialize ccache for %s: %s (%d)", -+ princ_name, error_message(kerr), kerr); -+ goto unlock; -+ } -+ -+ if ((kerr = krb5_cc_store_cred(kcontext, ccache, &creds))) { -+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r, -+ "Failed to store %s in ccache: %s (%d)", -+ princ_name, error_message(kerr), kerr); -+ goto unlock; -+ } -+ -+unlock: -+#ifdef STANDARD20_MODULE_STUFF -+ if (s4u2proxy_lock) { -+ apr_global_mutex_unlock(s4u2proxy_lock); -+ if (rv != APR_SUCCESS) { -+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, -+ "apr_global_mutex_unlock(s4u2proxy_lock) " -+ "failed"); -+ } -+ } -+#endif -+ -+done: -+ if (0 == kerr) -+ log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, -+ "Done obtaining credentials for s4u2proxy"); -+ else -+ log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, -+ "Failed to obtain credentials for s4u2proxy"); -+ -+ if (creds.client) { -+ krb5_free_cred_contents(kcontext, &creds); -+ } -+ if (ccache) { -+ krb5_cc_close(kcontext, ccache); -+ } -+ if (kcontext) { -+ krb5_free_context(kcontext); -+ } -+ -+ return kerr; -+} -+ - static int - authenticate_user_gss(request_rec *r, kerb_auth_config *conf, - const char *auth_line, char **negotiate_ret_value) -@@ -1697,10 +2061,60 @@ have_rcache_type(const char *type) - /*************************************************************************** - Module Setup/Configuration - ***************************************************************************/ -+#ifdef STANDARD20_MODULE_STUFF -+static apr_status_t -+s4u2proxylock_create(server_rec *s, apr_pool_t *p) -+{ -+ apr_status_t rc; -+ -+ /* only operate if a lockfile is used */ -+ if (lockname == NULL || *(lockname) == '\0') { -+ return APR_SUCCESS; -+ } -+ -+ /* create the lockfile */ -+ rc = apr_global_mutex_create(&s4u2proxy_lock, lockname, -+ APR_LOCK_DEFAULT, p); -+ if (rc != APR_SUCCESS) { -+ ap_log_error(APLOG_MARK, APLOG_CRIT, rc, s, -+ "Parent could not create lock file %s", lockname); -+ return rc; -+ } -+ -+#ifdef AP_NEED_SET_MUTEX_PERMS -+ rc = unixd_set_global_mutex_perms(s4u2proxy_lock); -+ if (rc != APR_SUCCESS) { -+ ap_log_error(APLOG_MARK, APLOG_CRIT, rc, s, -+ "mod_auth_kerb: Parent could not set permissions " -+ "on lock; check User and Group directives"); -+ return rc; -+ } -+#endif -+ -+ return APR_SUCCESS; -+} -+ -+static apr_status_t -+s4u2proxylock_remove(void *unused) -+{ -+ /* only operate if a lockfile is used */ -+ if (lockname == NULL || *(lockname) == '\0') { -+ return APR_SUCCESS; -+ } -+ -+ /* destroy the rewritelock */ -+ apr_global_mutex_destroy(s4u2proxy_lock); -+ s4u2proxy_lock = NULL; -+ lockname = NULL; -+ return APR_SUCCESS; -+} -+#endif -+ - #ifndef STANDARD20_MODULE_STUFF - static void - kerb_module_init(server_rec *dummy, pool *p) - { -+ apr_status_t status; - #ifndef HEIMDAL - /* Suppress the MIT replay cache. Requires MIT Kerberos 1.4.0 or later. - 1.3.x are covered by the hack overiding the replay calls */ -@@ -1741,6 +2155,7 @@ static int - kerb_init_handler(apr_pool_t *p, apr_pool_t *plog, - apr_pool_t *ptemp, server_rec *s) - { -+ apr_status_t rv; - ap_add_version_component(p, "mod_auth_kerb/" MODAUTHKERB_VERSION); - #ifndef HEIMDAL - /* Suppress the MIT replay cache. Requires MIT Kerberos 1.4.0 or later. -@@ -1748,14 +2163,41 @@ kerb_init_handler(apr_pool_t *p, apr_poo - if (getenv("KRB5RCACHETYPE") == NULL && have_rcache_type("none")) - putenv(strdup("KRB5RCACHETYPE=none")); - #endif -+#ifdef STANDARD20_MODULE_STUFF -+ rv = s4u2proxylock_create(s, p); -+ if (rv != APR_SUCCESS) { -+ return HTTP_INTERNAL_SERVER_ERROR; -+ } -+ -+ apr_pool_cleanup_register(p, (void *)s, s4u2proxylock_remove, -+ apr_pool_cleanup_null); -+#endif - - return OK; - } - - static void -+initialize_child(apr_pool_t *p, server_rec *s) -+{ -+ apr_status_t rv = 0; -+ -+#ifdef STANDARD20_MODULE_STUFF -+ if (lockname != NULL && *(lockname) != '\0') { -+ rv = apr_global_mutex_child_init(&s4u2proxy_lock, lockname, p); -+ if (rv != APR_SUCCESS) { -+ ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s, -+ "mod_auth_kerb: could not init s4u2proxy_lock" -+ " in child"); -+ } -+ } -+#endif -+} -+ -+static void - kerb_register_hooks(apr_pool_t *p) - { - ap_hook_post_config(kerb_init_handler, NULL, NULL, APR_HOOK_MIDDLE); -+ ap_hook_child_init(initialize_child, NULL, NULL, APR_HOOK_MIDDLE); - ap_hook_check_user_id(kerb_authenticate_user, NULL, NULL, APR_HOOK_MIDDLE); - } - diff --git a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild index 1d1b560367c0..9094681f3d40 100644 --- a/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild +++ b/www-apache/mod_auth_kerb/mod_auth_kerb-5.4-r2.ebuild @@ -6,7 +6,8 @@ inherit apache-module eutils systemd DESCRIPTION="An Apache authentication module using Kerberos" HOMEPAGE="http://modauthkerb.sourceforge.net/" -SRC_URI="mirror://sourceforge/modauthkerb/${P}.tar.gz" +SRC_URI="mirror://sourceforge/modauthkerb/${P}.tar.gz + https://dev.gentoo.org/~mgorny/dist/${P}-gentoo-patchset.tar.bz2" LICENSE="BSD openafs-krb5-a HPND" SLOT="0" @@ -24,15 +25,15 @@ DOCFILES="INSTALL README" need_apache2 PATCHES=( - "${FILESDIR}"/${P}-rcopshack.patch - "${FILESDIR}"/${P}-fixes.patch - "${FILESDIR}"/${P}-s4u2proxy.patch - "${FILESDIR}"/${P}-httpd24.patch - "${FILESDIR}"/${P}-delegation.patch - "${FILESDIR}"/${P}-cachedir.patch - "${FILESDIR}"/${P}-longuser.patch - "${FILESDIR}"/${P}-handle-continue.patch - "${FILESDIR}"/${P}-heimdal.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-rcopshack.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-fixes.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-s4u2proxy.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-httpd24.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-delegation.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-cachedir.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-longuser.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-handle-continue.patch + "${WORKDIR}/${P}-gentoo-patchset"/${P}-heimdal.patch ) src_prepare() { diff --git a/www-apache/passenger/Manifest b/www-apache/passenger/Manifest index 3c849c81fa4f..e4d1b2317a8c 100644 --- a/www-apache/passenger/Manifest +++ b/www-apache/passenger/Manifest @@ -1,13 +1,14 @@ AUX 30_mod_passenger-5.0.0.conf 2737 SHA256 c5cd9c6b0a6616c9934a1c1fc9952036a6b4adcd9049e11f5614157f786c736d SHA512 847aa6d0ebb2e4ceaa744fdddf72f22613aeb76df38a36fb3c8b16803222cec116e6d5c23d2173beffd5889ebb8ba0247ffd3b9e900a70d78c2236f00c1a5d4d WHIRLPOOL b7ad6e2cfd1677469c67d8c47e2b53f3087a84477beb4a29d10f71196c7f73590964add0316c97e791ed4e9bf03020d586a118da5c0ba499bb9b5547bf30b6d9 AUX passenger-5.0.20-gentoo.patch 1057 SHA256 89b0070eeeb91ac79705694903a6145a97e87a60dbaaf35945c60da3645878db SHA512 c5022f3305b413954c75a280fea8b6a59c20a366746d17cdfa100dd7a0b3e4ea051af4c291eca0e71611dedd597903b25e893e7a382a9ee2415657bd55e91779 WHIRLPOOL 38b97ff42d558b9c43581f562dfe2d18b18cc55f5b6bd55912127569f2510462bf1b8f785d90f685f953e848a5b44838487b3f09e57fc24cad436ae331b2eb89 AUX passenger-5.1.1-isnan.patch 1155 SHA256 52e8c304c841d31b673b1993bfc5a56d6c75db34d84cba6f87a622fe7f0e41c5 SHA512 a80a9a229f1eeb34780236d0b2418fe5d2f57b9ae8c3c4ccdec729806f4afad8979de4ab3ea0834cdb76218192825ee4bfaf02b48f3bda240c2db441bcc870d9 WHIRLPOOL 31cf3615ee67ee60639dbc0e8c4f51faf4c621b816c0bcb2b85b6c61f896ae087640a8dfce175a7a6e6cefafbac9c9345610f737e31c23e7bf1b0f1b1d03c431 +AUX passenger-5.1.11-gentoo.patch 1064 SHA256 6c259660b7e8b8e738a6d5630cf35186d786695b981b26ec4edfd5a5dce9c66f SHA512 7aa098e4c2d4958deaf1369c0570e5f0c5661739047982d428555e5136dc9d5414ce575b3236b30223f14178dd2a4262f62f129d1d383f5c0c78312e80634670 WHIRLPOOL 9dc733547a57d8eec4bbb9d3d751d9f6185e12ca7d063cdd4ed7b9f1a0fcf66f68a11e54c7d0103f5ca6a926568070f6cd2c5fdde59b66dc0cf46f12a9333e71 +DIST passenger-5.1.11.tar.gz 4243340 SHA256 26fc56b2f6d27ed58b948d9601a17a4f61e98fd16349bcb46f3ecebcac3177dd SHA512 7dce496916533f2fcd5cb5931d79308da8adda300a8b8603ce90b92645e69a1283d147976b5aa3408f86ccb71f9e5849bfb68e58a806a8a58529cadda557bccb WHIRLPOOL 071e3a0d1c23f1ac58f0ff93e48357f51aa538e9a76ae4fb115a3cb9ddb0a3eeb5dd6b2a8430bb76acc7cd4158be1d0fe4d640a2402d42a06a632fa87d84fa85 DIST passenger-5.1.2.tar.gz 5646103 SHA256 7fb03a54650ef5e508895c9e45bc2d8151f6c4811ea6797e81f017fedddfdbab SHA512 88a77c749857a8538ea268f793d2708fa29b8891d2c3197577155f81cb66aa04919c25e713d4f00692051ad385eebaa94729cd30baa68edcf3d17c23bae0acdd WHIRLPOOL 8f115162e2a7c43af20cef1d689290c8a523cce10f617500eeb50ab6a226c203a404fc7ce53fd0e21e63276aa359c5d64b685318be36f79ce165ff598bac8766 DIST passenger-5.1.6.tar.gz 5215694 SHA256 e897cc5f0ec6446bfdc226404dca4bd29f7418ae92010c389661b9f024a3cf24 SHA512 71d301d2501863951157f55df30ac89f6f9d98e79b554a5ca05ca9a306041ecd8cdc92056220cf6dc9ad02972a102bfc990e3b06f887d27496a8ecbd58e109fa WHIRLPOOL fe6872d0c11803fd0d8875002f37425edc54327709daaa56518ace0ef9f5046836592298ca80ce4929a29e6c0a0adcb237b57a19cd0d73ac096992e742e2a8b5 -DIST passenger-5.1.7.tar.gz 5218093 SHA256 2b40a00a3fdc90a6acf784319f60fd53549f036ffc99fcbb23a0658cb7e2b215 SHA512 f1f67f7912dd3d58ee46c32d1d0584eeb90e95fd5a36bddff62c28674560f1495926a867b20d12a3867d1e81f13c480ed596ba81f78f6241c511b12fcac1de4c WHIRLPOOL 12c1acee83255b19964f505c6238432971d7a80d7937fcfac75cd0645b8626d993365472ca7e622b21fc8144f37f1286e1b58fdfa71836bcd791467416013349 DIST passenger-5.1.8.tar.gz 5234529 SHA256 fef10e4a34c3faa48306c21c0789ee4d4d56fc0e30205cc470a91b486b7a4a7d SHA512 5baf287e1f2a751409bba99671de2c41656033dc29132b2d964457405284105343fde4c2233c921d7e35794a47eedbf33e3840119a908741b1ed9e6fdc99ec2c WHIRLPOOL 6513b71aadddc9ec5ff4b4c617256a62f1c977b7d0f098982808851afc7703bd4ceed843cf309d07b239dbae97ed4beacaa2130a5dd325b17714df59f3b1f9ee +EBUILD passenger-5.1.11.ebuild 3981 SHA256 1abf5503c689a4547ce4c0a63252940e3f9d7930d188f4680a341bb00f82ec95 SHA512 bd345120db4a296673d10b9778de4c01b47c7204e0506899cffe5a348caa8eb1ac4d2ae1929c8f442ad0793f234de25915a158b2d72253c0b4ca1ef44aa0440f WHIRLPOOL 7a468471c59da013e39efb6f29a8009c55daf1e4e4634bc275a2f00249ab6a07c020ea536377607da8b73c0a7b2996b2a4666d8373cacb161a0791543b9a9780 EBUILD passenger-5.1.2.ebuild 3802 SHA256 4e68673b6e194126a37eb8acbb207a91e60219c4a2edfd635dd4508e652c9e9e SHA512 8f8ccf842182cff920f7956e3934e35154bd6235991e50e90bd1629b4f33caa4d480072eddbbc2ad335706bed0f5258ad4de0755beb0c2c89fbf11afcecebc47 WHIRLPOOL 5014b02757779a5cfdc5061ba8d8d5b588ed1e7048ea4b604c3c1a94bd572ab3b8f7c5c775c20dafd87400c305998a7c412bd8c6190e01ea003491058b9eaeb8 EBUILD passenger-5.1.6.ebuild 3833 SHA256 228c9dbb2b64272213095f96ae7e20b33d643b0a0cde8b6996915f1faf3da95f SHA512 8f384e47cc1efa7c4dabe6dcc42fddd66a2498df22933d4e65fbed124540edb2210f8c0113ae4c2acd3f4d1066fb5eb8bb710f4a23065ef1db6003b48a80ecb6 WHIRLPOOL 1a45c0119c33f5d42c65083adb771d8bfae44daf300269d0734fcfc073e0dd1e665d69708e7f8757e3edb5ad9d500ee6b0d41d6ecdea8114ada29ff7ab1744e4 -EBUILD passenger-5.1.7.ebuild 3834 SHA256 fedb34c679d0f9d9fa450d24c4e8e946b3bf4a9f587e972b4c804bf726f03753 SHA512 e851aae9ff80c75e303dffe7b3ad91a7eecc8a1f2fa706033e5dd919e18f717cf3176c8486aaa783c2b6f6d8fe1aeb94398f4c7ce21e2ce65fddaac0bed86400 WHIRLPOOL a0796aea70300ceb196033367e895e33ea3f60aee258b3d0ef7d710b7d8e1f8cbc1e8f2bb97261d4869dd436567ebb555b622adf0a5dfd3fdbf8cc56bf8c67d8 EBUILD passenger-5.1.8.ebuild 3827 SHA256 d178ed339b1f895be1457753801d0dd838345ea485f8ab2e1b2227d59b34f542 SHA512 9a6153f12d67e13280b6539dc7f9bc6614a8c793f9484e2df3ed3c4793c37fe6dc7e48f7aca5cad85e2e9abd74455cc2d58010e22ff8a44e3c277e7872d58206 WHIRLPOOL 3cef97673ba0a6d95375368aecc7d7a577d26e2dcadaf781bb421d617fabd8ac5c99a9facc1656afe919f9804401d43db0d253101486c9bfd5d9b15805c1db9d MISC ChangeLog 8584 SHA256 923aa06ccf1db42d903c7fd6922f2f1c42d10cd7c4080da6e207fa0af2c69f74 SHA512 efd75c05d7bc141a2ab9634c6b5008071aeb30c7a82dfe4d3ab88d0553852961339be038744c43cc853d5274551c5bb177372bd0b4cab0ed851553da9a04e8bd WHIRLPOOL 6223af82e55988e8b8e666abb1abb3027cb901f86010f5b2e47a6c215cf79d33b540660bb731638f6896ca00feb5c8e5438c9307621f22e06251bca34fa03504 MISC ChangeLog-2015 17351 SHA256 25abdadae21e308556904475d3a8f0c70274497eb69d917deb0aeb9c0aeed02f SHA512 185db00f89b00e3a6dcd01979266068e3632250b1cd68de5468c759a33bc0f10ddfca36cce4326e693354471b6a485445905abafedc89c8aca6aac18276acd5c WHIRLPOOL f7acd8802839c1d473820c1fde1025e86be2090db5da7ae0392545d298d97d33205b0a7d1ea1e71a7c2eea6026a908bb0fcd281f3c5a53985c03c3bdc325d8ef diff --git a/www-apache/passenger/files/passenger-5.1.11-gentoo.patch b/www-apache/passenger/files/passenger-5.1.11-gentoo.patch new file mode 100644 index 000000000000..5a2565c0315d --- /dev/null +++ b/www-apache/passenger/files/passenger-5.1.11-gentoo.patch @@ -0,0 +1,30 @@ +--- build/packaging.rb.~1~ 2013-10-27 00:00:00.000000000 +0200 ++++ build/packaging.rb 2015-09-28 07:44:04.584236386 +0200 +@@ -575,7 +575,7 @@ + psg_ruby = ENV['RUBY'] || "#{fs_bindir}/ruby" + psg_free_ruby = ENV['FREE_RUBY'] || "/usr/bin/env ruby" + +- fakeroot = "#{PKG_DIR}/fakeroot" ++ fakeroot = ENV['DISTDIR'] + fake_rubylibdir = "#{fakeroot}#{psg_rubylibdir}" + fake_nodelibdir = "#{fakeroot}#{psg_nodelibdir}" + fake_libdir = "#{fakeroot}#{psg_libdir}" +@@ -593,7 +593,6 @@ + + packaging_method = ENV['NATIVE_PACKAGING_METHOD'] || ENV['PACKAGING_METHOD'] || "deb" + +- sh "rm -rf #{fakeroot}" + sh "mkdir -p #{fakeroot}" + + # Ruby sources +@@ -690,10 +689,6 @@ + change_shebang("#{fake_sbindir}/#{exe}", shebang) + end + +- # Apache 2 module +- sh "mkdir -p #{File.dirname(fake_apache2_module_path)}" +- sh "cp #{APACHE2_TARGET} #{fake_apache2_module_path}" +- + # Ruby extension sources + sh "mkdir -p #{fake_ruby_extension_source_dir}" + sh "cp -R #{PhusionPassenger.ruby_extension_source_dir}/* #{fake_ruby_extension_source_dir}" diff --git a/www-apache/passenger/passenger-5.1.7.ebuild b/www-apache/passenger/passenger-5.1.11.ebuild index 3dc6b74b68bd..9a80d0c6a2a0 100644 --- a/www-apache/passenger/passenger-5.1.7.ebuild +++ b/www-apache/passenger/passenger-5.1.11.ebuild @@ -2,7 +2,7 @@ # Distributed under the terms of the GNU General Public License v2 EAPI=6 -USE_RUBY="ruby21 ruby22 ruby23 ruby24" +USE_RUBY="ruby22 ruby23 ruby24" inherit apache-module flag-o-matic multilib ruby-ng toolchain-funcs @@ -12,7 +12,7 @@ SRC_URI="https://s3.amazonaws.com/phusion-passenger/releases/${P}.tar.gz" LICENSE="GPL-2" SLOT="0" -KEYWORDS="~amd64 ~x86" +KEYWORDS="amd64 ~x86" IUSE="apache2 debug" ruby_add_bdepend "dev-ruby/rake" @@ -42,7 +42,7 @@ pkg_setup() { } all_ruby_prepare() { - epatch "${FILESDIR}"/${PN}-5.0.20-gentoo.patch + epatch "${FILESDIR}"/${PN}-5.1.11-gentoo.patch epatch "${FILESDIR}"/${PN}-5.1.1-isnan.patch # Change these with sed instead of a patch so that we can easily use @@ -73,6 +73,11 @@ all_ruby_prepare() { # Fix hard-coded use of AR sed -i -e "s/ar cru/"$(tc-getAR)" cru/" build/support/cplusplus.rb || die + + # Make sure apache support is not attempted with -apache2 + if ! use apache2 ; then + sed -i -e '/fakeroot/ s/:apache2, //' build/packaging.rb || die + fi } all_ruby_compile() { |