ports/55401: mod_auth_digest for ports/www/apache13

David Sze dsze at distrust.net
Fri Aug 8 22:20:17 UTC 2003 

>Number:         55401
>Category:       ports
>Synopsis:       mod_auth_digest for ports/www/apache13
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Aug 08 15:20:15 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     David Sze <dsze at distrust.net>
>Release:        FreeBSD 4.8-RELEASE i386
>Organization:
>Environment:
System: FreeBSD abc.example.com 4.8-RELEASE FreeBSD 4.8-RELEASE #0: Mon Apr 21 21:11:07 EDT 2003 root at abc.example.com:/usr/src/sys/compile/ABC i386

>Description:

	Patch for ports/www/apache13 to compile and install the experimental
	mod_auth_digest, since according to

		http://httpd.apache.org/docs/howto/auth.html#digest

	the mod_digest that is already included implements and older version
	of the digest authentication spec, and does not work with newer
	browsers.

>How-To-Repeat:
	
>Fix:

	The following patch should be applied to the ports/www/apache13
	directory.  In addition to modifying Makefile and pkg-plist, the
	following two patches are added to the files/ directory:

		1. patch-src:modules:experimental:mod_auth_digest.c
		2. auth-digest-ie-patch

	The first is mandatory and renames the module export name from
	'digest_auth_module' to 'auth_digest_module' since the latter is
	what Apache's automatic install script expects.

	The second patch is optional (conditional on WITH_IE_AUTH_DIGEST_HACK)
	and is only required if Internet Explorer is being used with digest
	authentication and a website that uses query strings.


--- apache13.mod_auth_digest.patch begins here ---
--- Makefile.orig	Fri Aug  8 16:10:04 2003
+++ Makefile	Fri Aug  8 17:37:40 2003
@@ -7,6 +7,7 @@
 
 PORTNAME=	apache
 PORTVERSION=    1.3.28
+PORTREVISION=	1
 CATEGORIES=	www
 MASTER_SITES=   ${MASTER_SITE_APACHE_HTTPD}
 DISTNAME=	apache_${PORTVERSION}
@@ -76,6 +77,7 @@
 		--enable-module=most \
 		--enable-module=auth_db \
 		--enable-module=mmap_static \
+		--enable-module=auth_digest \
 		--disable-module=auth_dbm \
 		--enable-shared=max \
 		${SUEXEC_CONF} \
@@ -114,9 +116,31 @@
 MAN8=           ab.8 apachectl.8 apxs.8 httpd.8 logresolve.8 rotatelogs.8 \
 		${SUEXEC_MAN}
 
+.if !defined(WITH_IE_AUTH_DIGEST_HACK)
+pre-fetch:
+	@${ECHO}
+	@${ECHO} If you plan to use HTTP digest authentication with content
+	@${ECHO} that uses query strings \(e.g. \"GET\" forms\), and you need
+	@${ECHO} to support Internet Explorer, then define the variable
+	@${ECHO} WITH_IE_AUTH_DIGEST_HACK
+	@${ECHO}
+	@/bin/sleep 2
+.endif
+
 post-extract:
 	@${SED} -e "s=%%PREFIX%%=${PREFIX}=g" ${FILESDIR}/apache.sh \
 		> ${WRKSRC}/apache.sh
+
+.if defined(WITH_IE_AUTH_DIGEST_HACK)
+post-patch:
+	@${ECHO_MSG} "===>  Applying IE mod_auth_digest hack to ignore query string"
+	@if ${PATCH} ${PATCH_ARGS} < ${PATCHDIR}/auth-digest-ie-patch; then \
+	  ${ECHO_MSG} "===>  Patch auth-digest-ie-patch applied successfully"; \
+	else \
+	  ${ECHO_MSG} ">>Patch auth-digest-ie-patch failed to apply cleanly"; \
+	  ${FALSE}; \
+	fi
+.endif
 
 pre-install:
 	PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
--- pkg-plist.orig	Fri Aug  8 16:47:11 2003
+++ pkg-plist	Fri Aug  8 12:06:46 2003
@@ -75,6 +75,7 @@
 libexec/apache/mod_auth.so
 libexec/apache/mod_auth_anon.so
 libexec/apache/mod_auth_db.so
+libexec/apache/mod_auth_digest.so
 libexec/apache/mod_autoindex.so
 libexec/apache/mod_cern_meta.so
 libexec/apache/mod_cgi.so
diff -N -u files.orig/auth-digest-ie-patch files/auth-digest-ie-patch
--- files.orig/auth-digest-ie-patch	Wed Dec 31 19:00:00 1969
+++ files/auth-digest-ie-patch	Fri Aug  8 16:45:00 2003
@@ -0,0 +1,15 @@
+--- src/modules/experimental/mod_auth_digest.c.orig	Fri Aug  8 16:35:39 2003
++++ src/modules/experimental/mod_auth_digest.c	Fri Aug  8 16:44:50 2003
+@@ -1632,10 +1632,12 @@
+ 		/* or '*' matches empty path in scheme://host */
+ 	        && !(d_uri.path && !r_uri.path && resp->psd_request_uri->hostname
+ 		    && d_uri.path[0] == '*' && d_uri.path[1] == '\0'))
++#if 0
+ 	    /* check that query matches */
+ 	    || (d_uri.query != r_uri.query
+ 		&& (!d_uri.query || !r_uri.query
+ 		    || strcmp(d_uri.query, r_uri.query)))
++#endif
+ 	    ) {
+ 	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
+ 			  "Digest: uri mismatch - <%s> does not match "
diff -N -u files.orig/patch-src:modules:experimental:mod_auth_digest.c files/patch-src:modules:experimental:mod_auth_digest.c
--- files.orig/patch-src:modules:experimental:mod_auth_digest.c	Wed Dec 31 19:00:00 1969
+++ files/patch-src:modules:experimental:mod_auth_digest.c	Fri Aug  8 16:44:03 2003
@@ -0,0 +1,86 @@
+--- src/modules/experimental/mod_auth_digest.c.orig	Sat Feb 15 23:42:24 2003
++++ src/modules/experimental/mod_auth_digest.c	Fri Aug  8 16:35:39 2003
+@@ -97,7 +97,7 @@
+ 
+ /* The section for the Configure script:
+  * MODULE-DEFINITION-START
+- * Name: digest_auth_module
++ * Name: auth_digest_module
+  * ConfigStart
+ 
+     RULE_DEV_RANDOM=`./helpers/CutRule DEV_RANDOM $file`
+@@ -262,7 +262,7 @@
+ static void          *client_mm = NULL;
+ #endif	/* HAVE_SHMEM_MM */
+ 
+-module MODULE_VAR_EXPORT digest_auth_module;
++module MODULE_VAR_EXPORT auth_digest_module;
+ 
+ /*
+  * initialization code
+@@ -980,7 +980,7 @@
+     resp->raw_request_uri = r->unparsed_uri;
+     resp->psd_request_uri = &r->parsed_uri;
+     resp->needed_auth = 0;
+-    ap_set_module_config(r->request_config, &digest_auth_module, resp);
++    ap_set_module_config(r->request_config, &auth_digest_module, resp);
+ 
+     res = get_digest_rec(r, resp);
+     resp->client = get_client(resp->opaque_num, r);
+@@ -1554,14 +1554,14 @@
+     while (mainreq->main != NULL)  mainreq = mainreq->main;
+     while (mainreq->prev != NULL)  mainreq = mainreq->prev;
+     resp = (digest_header_rec *) ap_get_module_config(mainreq->request_config,
+-						      &digest_auth_module);
++						      &auth_digest_module);
+     resp->needed_auth = 1;
+ 
+ 
+     /* get our conf */
+ 
+     conf = (digest_config_rec *) ap_get_module_config(r->per_dir_config,
+-						      &digest_auth_module);
++						      &auth_digest_module);
+ 
+ 
+     /* check for existence and syntax of Auth header */
+@@ -1787,7 +1787,7 @@
+ {
+     const digest_config_rec *conf =
+ 		(digest_config_rec *) ap_get_module_config(r->per_dir_config,
+-							   &digest_auth_module);
++							   &auth_digest_module);
+     const char *user = r->connection->user;
+     int m = r->method_number;
+     int method_restricted = 0;
+@@ -1857,7 +1857,7 @@
+ 
+     note_digest_auth_failure(r, conf,
+ 	(digest_header_rec *) ap_get_module_config(r->request_config,
+-						   &digest_auth_module),
++						   &auth_digest_module),
+ 	0);
+     return AUTH_REQUIRED;
+ }
+@@ -1882,10 +1882,10 @@
+ {
+     const digest_config_rec *conf =
+ 		(digest_config_rec *) ap_get_module_config(r->per_dir_config,
+-							   &digest_auth_module);
++							   &auth_digest_module);
+     digest_header_rec *resp =
+ 		(digest_header_rec *) ap_get_module_config(r->request_config,
+-							   &digest_auth_module);
++							   &auth_digest_module);
+     const char *ai = NULL, *digest = NULL, *nextnonce = "";
+ 
+     if (resp == NULL || !resp->needed_auth || conf == NULL)
+@@ -2024,7 +2024,7 @@
+ }
+ 
+ 
+-module MODULE_VAR_EXPORT digest_auth_module =
++module MODULE_VAR_EXPORT auth_digest_module =
+ {
+     STANDARD_MODULE_STUFF,
+     initialize_module,		/* initializer */
--- apache13.mod_auth_digest.patch ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list