git: da3985ecfc4e - main - www/mod_auth_kerb2: Refactor
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 27 Apr 2025 20:02:48 UTC
The branch main has been updated by bofh:
URL: https://cgit.FreeBSD.org/ports/commit/?id=da3985ecfc4e6fe022a6fe1890724755c76b3fe4
commit da3985ecfc4e6fe022a6fe1890724755c76b3fe4
Author: Muhammad Moinur Rahman <bofh@FreeBSD.org>
AuthorDate: 2025-04-27 20:01:14 +0000
Commit: Muhammad Moinur Rahman <bofh@FreeBSD.org>
CommitDate: 2025-04-27 20:02:35 +0000
www/mod_auth_kerb2: Refactor
- Replace @exec with @postexec/@postunexec
- Replace PORTVERSION with DISTVERSION
- Pet portclippy
- Refresh patches
---
www/mod_auth_kerb2/Makefile | 17 ++++---
www/mod_auth_kerb2/files/patch-Makefile.in | 6 +--
.../files/patch-spnegokrb5__spnegokrb5_locl.h | 4 +-
.../files/patch-src__mod_auth_kerb.c | 54 +++++++++++-----------
www/mod_auth_kerb2/pkg-plist | 4 +-
5 files changed, 44 insertions(+), 41 deletions(-)
diff --git a/www/mod_auth_kerb2/Makefile b/www/mod_auth_kerb2/Makefile
index e43a2e6bd601..0d4a0df8a6a3 100644
--- a/www/mod_auth_kerb2/Makefile
+++ b/www/mod_auth_kerb2/Makefile
@@ -1,6 +1,6 @@
PORTNAME= mod_auth_kerb
-PORTVERSION= 5.4
-PORTREVISION= 8
+DISTVERSION= 5.4
+PORTREVISION= 9
CATEGORIES= www
MASTER_SITES= SF/modauthkerb/${PORTNAME}/${PORTNAME}-${PORTVERSION}
PKGNAMEPREFIX= ${APACHE_PKGNAMEPREFIX}
@@ -12,22 +12,25 @@ WWW= https://modauthkerb.sourceforge.net/
LICENSE= MIT BSD3CLAUSE
LICENSE_COMB= multi
-LICENSE_FILE_MIT= ${WRKSRC}/LICENSE
LICENSE_FILE_BSD3CLAUSE= ${WRKSRC}/LICENSE
-
-PORTSCOUT= limit:^5.4
+LICENSE_FILE_MIT= ${WRKSRC}/LICENSE
USES= apache
+
GNU_CONFIGURE= yes
CONFIGURE_ARGS= -with-krb5=${GSSAPIBASEDIR} --without-krb4
-OPTIONS_SINGLE= GSSAPI
+PORTSCOUT= limit:^5.4
+
OPTIONS_DEFAULT= GSSAPI_BASE
+OPTIONS_SINGLE= GSSAPI
OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT
+
GSSAPI_BASE_DESC= Use Base version of GSS API
+GSSAPI_DESC= Use Base version of GSS API
GSSAPI_HEIMDAL_DESC= Use Heimdal implementation of GSS API
GSSAPI_MIT_DESC= Use MIT implementation of GSS API
-GSSAPI_DESC= Use Base version of GSS API
+
GSSAPI_BASE_USES= gssapi
GSSAPI_HEIMDAL_USES= gssapi:heimdal
GSSAPI_MIT_USES= gssapi:mit
diff --git a/www/mod_auth_kerb2/files/patch-Makefile.in b/www/mod_auth_kerb2/files/patch-Makefile.in
index 0261485a0892..8d91ba790423 100644
--- a/www/mod_auth_kerb2/files/patch-Makefile.in
+++ b/www/mod_auth_kerb2/files/patch-Makefile.in
@@ -1,6 +1,6 @@
---- Makefile.in.orig 2008-12-02 23:07:10.000000000 +0900
-+++ Makefile.in 2014-11-22 19:29:08.000000000 +0900
-@@ -16,7 +16,9 @@
+--- Makefile.in.orig 2008-12-02 14:07:10 UTC
++++ Makefile.in
+@@ -16,7 +16,9 @@ install:
./apxs.sh "${CPPFLAGS}" "${LDFLAGS}" "${SPNEGO_SRCS}" "${APXS}" "-c" "src/mod_auth_kerb.c"
install:
diff --git a/www/mod_auth_kerb2/files/patch-spnegokrb5__spnegokrb5_locl.h b/www/mod_auth_kerb2/files/patch-spnegokrb5__spnegokrb5_locl.h
index 4233afc2a435..524b747890b2 100644
--- a/www/mod_auth_kerb2/files/patch-spnegokrb5__spnegokrb5_locl.h
+++ b/www/mod_auth_kerb2/files/patch-spnegokrb5__spnegokrb5_locl.h
@@ -1,5 +1,5 @@
---- spnegokrb5/spnegokrb5_locl.h.orig 2008-01-27 20:59:03.000000000 +0000
-+++ spnegokrb5/spnegokrb5_locl.h 2008-01-27 20:59:19.000000000 +0000
+--- spnegokrb5/spnegokrb5_locl.h.orig 2008-11-26 16:51:05 UTC
++++ spnegokrb5/spnegokrb5_locl.h
@@ -1,6 +1,7 @@
#include <stdlib.h>
#include <errno.h>
diff --git a/www/mod_auth_kerb2/files/patch-src__mod_auth_kerb.c b/www/mod_auth_kerb2/files/patch-src__mod_auth_kerb.c
index 54971802be39..163be6df75a5 100644
--- a/www/mod_auth_kerb2/files/patch-src__mod_auth_kerb.c
+++ b/www/mod_auth_kerb2/files/patch-src__mod_auth_kerb.c
@@ -6,8 +6,8 @@
# Patch to fix a bug in KrbSaveCredentials:
# https://bugzilla.redhat.com/show_bug.cgi?id=688210
#
---- src/mod_auth_kerb.c.orig 2008-12-04 19:14:03.000000000 +0900
-+++ src/mod_auth_kerb.c 2014-11-22 19:34:12.000000000 +0900
+--- src/mod_auth_kerb.c.orig 2008-12-04 10:14:03 UTC
++++ src/mod_auth_kerb.c
@@ -11,6 +11,12 @@
*/
@@ -64,7 +64,7 @@
module AP_MODULE_DECLARE_DATA auth_kerb_module;
#else
module auth_kerb_module;
-@@ -176,6 +191,7 @@
+@@ -176,6 +191,7 @@ typedef struct krb5_conn_data {
char *authline;
char *user;
char *mech;
@@ -72,7 +72,7 @@
int last_return;
} krb5_conn_data;
-@@ -298,7 +314,7 @@
+@@ -298,7 +314,7 @@ mod_auth_kerb_rc_store(krb5_context context, krb5_rcac
}
/* And this is the operations vector for our replay cache */
@@ -81,7 +81,7 @@
0,
"dfl",
krb5_rc_dfl_init,
-@@ -329,7 +345,7 @@
+@@ -329,7 +345,7 @@ static void *kerb_dir_create_config(MK_POOL *p, char *
((kerb_auth_config *)rec)->krb_ssl_preauthentication = 0;
#endif
#ifdef KRB5
@@ -90,23 +90,23 @@
((kerb_auth_config *)rec)->krb_method_k5pass = 1;
((kerb_auth_config *)rec)->krb_method_gssapi = 1;
#endif
-@@ -347,9 +363,15 @@
+@@ -347,9 +363,15 @@ krb5_save_realms(cmd_parms *cmd, void *vsec, const cha
return NULL;
}
+#ifdef APLOG_USE_MODULE
-+static void
+ static void
+log_rerror(const char *file, int line, int module_index, int level, int status,
+ const request_rec *r, const char *fmt, ...)
+#else
- static void
++static void
log_rerror(const char *file, int line, int level, int status,
const request_rec *r, const char *fmt, ...)
+#endif
{
char errstr[1024];
va_list ap;
-@@ -359,7 +381,9 @@
+@@ -359,7 +381,9 @@ log_rerror(const char *file, int line, int level, int
va_end(ap);
@@ -117,7 +117,7 @@
ap_log_rerror(file, line, level | APLOG_NOERRNO, status, r, "%s", errstr);
#else
ap_log_rerror(file, line, level | APLOG_NOERRNO, r, "%s", errstr);
-@@ -527,7 +551,7 @@
+@@ -527,7 +551,7 @@ authenticate_user_krb4pwd(request_rec *r,
user = apr_pstrcat(r->pool, user, "@", realm, NULL);
MK_USER = user;
@@ -126,7 +126,7 @@
apr_table_setn(r->subprocess_env, "KRBTKFILE", tkt_file_p);
if (!conf->krb_save_credentials)
-@@ -677,7 +701,8 @@
+@@ -677,7 +701,8 @@ verify_krb5_user(request_rec *r, krb5_context context,
static krb5_error_code
verify_krb5_user(request_rec *r, krb5_context context, krb5_principal principal,
const char *password, krb5_principal server,
@@ -136,7 +136,7 @@
{
krb5_creds creds;
krb5_get_init_creds_opt options;
-@@ -869,8 +894,8 @@
+@@ -869,8 +894,8 @@ create_krb5_ccache(krb5_context kcontext,
}
apr_table_setn(r->subprocess_env, "KRB5CCNAME", ccname);
@@ -147,7 +147,7 @@
*ccache = tmp_ccache;
tmp_ccache = NULL;
-@@ -926,7 +951,6 @@
+@@ -926,7 +951,6 @@ store_krb5_creds(krb5_context kcontext,
return OK;
}
@@ -155,7 +155,7 @@
static int
authenticate_user_krb5pwd(request_rec *r,
kerb_auth_config *conf,
-@@ -1061,7 +1085,7 @@
+@@ -1061,7 +1085,7 @@ authenticate_user_krb5pwd(request_rec *r,
goto end;
}
MK_USER = apr_pstrdup (r->pool, name);
@@ -164,7 +164,7 @@
free(name);
if (conf->krb_save_credentials)
-@@ -1280,6 +1304,7 @@
+@@ -1280,6 +1304,7 @@ get_gss_creds(request_rec *r,
return 0;
}
@@ -172,7 +172,7 @@
static int
cmp_gss_type(gss_buffer_t token, gss_OID oid)
{
-@@ -1306,6 +1331,7 @@
+@@ -1306,6 +1331,7 @@ cmp_gss_type(gss_buffer_t token, gss_OID oid)
return memcmp(p, oid->elements, oid->length);
}
@@ -180,7 +180,7 @@
static int
authenticate_user_gss(request_rec *r, kerb_auth_config *conf,
-@@ -1438,15 +1464,15 @@
+@@ -1438,15 +1464,15 @@ authenticate_user_gss(request_rec *r, kerb_auth_config
goto end;
}
@@ -201,7 +201,7 @@
major_status = gss_display_name(&minor_status, client_name, &output_token, NULL);
gss_release_name(&minor_status, &client_name);
-@@ -1549,28 +1575,52 @@
+@@ -1549,28 +1575,52 @@ static krb5_conn_data *
#endif /* KRB5 */
static krb5_conn_data *
@@ -261,7 +261,7 @@
set_kerb_auth_headers(request_rec *r, const kerb_auth_config *conf,
int use_krb4, int use_krb5pwd, char *negotiate_ret_value)
{
-@@ -1607,51 +1657,16 @@
+@@ -1607,51 +1657,16 @@ static int
}
static int
@@ -320,16 +320,16 @@
if (!auth_line) {
set_kerb_auth_headers(r, conf, use_krb4, use_krb5,
(use_krb5) ? "\0" : NULL);
-@@ -1669,60 +1684,110 @@
+@@ -1669,60 +1684,110 @@ kerb_authenticate_user(request_rec *r)
#endif
(strcasecmp(auth_type, "Basic") == 0))
return DECLINED;
--
-- if ( (prevauth = already_succeeded(r, auth_line)) == NULL) {
-- ret = HTTP_UNAUTHORIZED;
+ if ((prevauth = already_authorized(r, auth_line)) == NULL) {
+ ret = HTTP_UNAUTHORIZED;
+- if ( (prevauth = already_succeeded(r, auth_line)) == NULL) {
+- ret = HTTP_UNAUTHORIZED;
+-
#ifdef KRB5
if (use_krb5 && conf->krb_method_gssapi &&
strcasecmp(auth_type, MECH_NEGOTIATE) == 0) {
@@ -400,7 +400,8 @@
+ type = ap_auth_type(r);
+ auth_line = ap_pbase64encode (r->pool, apr_psprintf(r->pool, "%s:%s", user, password));
+ auth_line = apr_psprintf(r->pool, "Basic %s", auth_line);
-+
+
+- last_return = ret;
+ ret = authenticate_user(r, auth_line, type, 1, 1);
+
+ if (ret == OK) return AUTH_GRANTED;
@@ -448,8 +449,7 @@
+ ? "Proxy-Authorization"
+ : "Authorization");
+ ret = authenticate_user(r, auth_line, type, use_krb4, use_krb5);
-
-- last_return = ret;
++
return ret;
}
@@ -458,7 +458,7 @@
have_rcache_type(const char *type)
{
krb5_error_code ret;
-@@ -1805,6 +1870,12 @@
+@@ -1805,6 +1870,12 @@ kerb_register_hooks(apr_pool_t *p)
static void
kerb_register_hooks(apr_pool_t *p)
{
diff --git a/www/mod_auth_kerb2/pkg-plist b/www/mod_auth_kerb2/pkg-plist
index fb691e0a0509..49c9c63f0208 100644
--- a/www/mod_auth_kerb2/pkg-plist
+++ b/www/mod_auth_kerb2/pkg-plist
@@ -1,3 +1,3 @@
%%APACHEMODDIR%%/%%AP_MODULE%%
-@exec %D/sbin/apxs -e -a -n %%AP_NAME%% %D/%F
-@unexec %D/sbin/apxs -e -A -n %%AP_NAME%% %D/%F
+@postexec %D/sbin/apxs -e -a -n %%AP_NAME%% %D/%F
+@postunexec %D/sbin/apxs -e -A -n %%AP_NAME%% %D/%F