File mod_auth_kerb-api_changes_apache24.patch of Package apache2-mod_auth_kerb
diff -rNU 25 ../mod_auth_kerb-5.4-o/src/mod_auth_kerb.c ./src/mod_auth_kerb.c
--- ../mod_auth_kerb-5.4-o/src/mod_auth_kerb.c 2014-03-28 13:56:21.000000000 +0100
+++ ./src/mod_auth_kerb.c 2014-03-28 16:28:32.000000000 +0100
@@ -22,70 +22,81 @@
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the University nor the names of its contributors may
* be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#ident "$Id: mod_auth_kerb.c,v 1.150 2008/12/04 10:14:03 baalberith Exp $"
+
#include "config.h"
+
#include <stdlib.h>
#include <stdio.h>
#include <stdarg.h>
#define MODAUTHKERB_VERSION "5.4"
#define MECH_NEGOTIATE "Negotiate"
#define SERVICE_NAME "HTTP"
#include <httpd.h>
+#include <http_log.h>
+#ifdef APLOG_USE_MODULE
+/* this is an apache 2.4 compilation. API changes need to be accounted for. */
+#define APACHE24
+APLOG_USE_MODULE(auth_kerb);
+#undef APLOG_MARK
+#define APLOG_MARK __FILE__, __LINE__
+#endif
#include <http_config.h>
#include <http_core.h>
-#include <http_log.h>
#include <http_protocol.h>
#include <http_request.h>
#include "mod_auth.h"
+#include "config.h"
+
#ifdef STANDARD20_MODULE_STUFF
#include <apr_strings.h>
#include <apr_base64.h>
#else
#define apr_pstrdup ap_pstrdup
#define apr_psprintf ap_psprintf
#define apr_pstrcat ap_pstrcat
#define apr_pcalloc ap_pcalloc
#define apr_table_setn ap_table_setn
#define apr_table_add ap_table_add
#define apr_base64_decode_len ap_base64decode_len
#define apr_base64_decode ap_base64decode
#define apr_base64_encode_len ap_base64encode_len
#define apr_base64_encode ap_base64encode
#define apr_pool_cleanup_null ap_null_cleanup
#define apr_pool_cleanup_register ap_register_cleanup
#endif /* STANDARD20_MODULE_STUFF */
#ifdef _WIN32
#define vsnprintf _vsnprintf
#define snprintf _snprintf
#endif
#ifdef KRB5
#include <krb5.h>
@@ -349,55 +360,55 @@
#ifdef KRB4
((kerb_auth_config *)rec)->krb_method_k4pass = 1;
#endif
return rec;
}
static const char*
krb5_save_realms(cmd_parms *cmd, void *vsec, const char *arg)
{
kerb_auth_config *sec = (kerb_auth_config *) vsec;
sec->krb_auth_realms= apr_pstrdup(cmd->pool, arg);
return NULL;
}
static void
log_rerror(const char *file, int line, int level, int status,
const request_rec *r, const char *fmt, ...)
{
char errstr[1024];
va_list ap;
va_start(ap, fmt);
vsnprintf(errstr, sizeof(errstr), fmt, ap);
va_end(ap);
-
-#ifdef STANDARD20_MODULE_STUFF
- ap_log_rerror(file, line, level | APLOG_NOERRNO, status, r, "%s", errstr);
+
+#ifdef APACHE24
+ ap_log_rerror(file, line, APLOG_MODULE_INDEX, level | APLOG_NOERRNO, status, r, "%s", errstr);
#else
- ap_log_rerror(file, line, level | APLOG_NOERRNO, r, "%s", errstr);
+ ap_log_rerror(file, line, level | APLOG_NOERRNO, status, r, "%s", errstr);
#endif
}
#ifdef KRB4
/***************************************************************************
Username/Password Validation for Krb4
***************************************************************************/
static int
verify_krb4_user(request_rec *r, const char *name, const char *instance,
const char *realm, const char *password, const char *linstance, const char *srvtab, int krb_verify_kdc)
{
int ret;
char *phost;
unsigned long addr;
struct hostent *hp;
const char *hostname;
KTEXT_ST ticket;
AUTH_DAT authdata;
char lrealm[REALM_SZ];
ret = krb_get_pw_in_tkt(name, instance, realm, "krbtgt", realm,
DEFAULT_TKT_LIFE, password);
if (ret) {
log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Cannot get krb4 ticket: krb_get_pw_in_tkt() failed: %s",
@@ -1569,51 +1580,55 @@
else {
log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
"kerb_authenticate_a_name_to_local_name %s -> %s",
(MK_USER)?MK_USER:"(NULL)", (MK_USER_LNAME)?MK_USER_LNAME:"(NULL)");
MK_USER = apr_pstrdup(r->pool, MK_USER_LNAME);
ret = OK;
}
end:
if (client)
krb5_free_principal(kcontext, client);
if (kcontext)
krb5_free_context(kcontext);
return ret;
}
#endif /* KRB5 */
static krb5_conn_data *
already_succeeded(request_rec *r, char *auth_line)
{
krb5_conn_data *conn_data;
char keyname[1024];
snprintf(keyname, sizeof(keyname) - 1,
+#ifdef APACHE24
+ "mod_auth_kerb::connection::%s::%ld", r->useragent_ip,
+#else
"mod_auth_kerb::connection::%s::%ld", r->connection->remote_ip,
+#endif
r->connection->id);
if (apr_pool_userdata_get((void**)&conn_data, keyname, r->connection->pool) != 0)
return NULL;
if(conn_data) {
if(strcmp(conn_data->authline, auth_line) == 0) {
log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "matched previous auth request");
return conn_data;
}
}
return NULL;
}
static void
set_kerb_auth_headers(request_rec *r, const kerb_auth_config *conf,
int use_krb4, int use_krb5pwd, char *negotiate_ret_value)
{
const char *auth_name = NULL;
int set_basic = 0;
char *negoauth_param;
const char *header_name =
(r->proxyreq == PROXYREQ_PROXY) ? "Proxy-Authenticate" : "WWW-Authenticate";
/* get the user realm specified in .htaccess */
@@ -1723,51 +1738,55 @@
if (ret == HTTP_UNAUTHORIZED && use_krb4 && conf->krb_method_k4pass &&
strcasecmp(auth_type, "Basic") == 0)
ret = authenticate_user_krb4pwd(r, conf, auth_line);
#endif
if (ret == HTTP_UNAUTHORIZED)
set_kerb_auth_headers(r, conf, use_krb4, use_krb5, negotiate_ret_value);
} else {
ret = prevauth->last_return;
MK_USER = prevauth->user;
MK_AUTH_TYPE = prevauth->mech;
}
/*
* save who was auth'd, if it's not already stashed.
*/
if(!prevauth) {
prevauth = (krb5_conn_data *) apr_pcalloc(r->connection->pool, sizeof(krb5_conn_data));
prevauth->user = apr_pstrdup(r->connection->pool, MK_USER);
prevauth->authline = apr_pstrdup(r->connection->pool, auth_line);
prevauth->mech = apr_pstrdup(r->connection->pool, auth_type);
prevauth->last_return = ret;
snprintf(keyname, sizeof(keyname) - 1,
"mod_auth_kerb::connection::%s::%ld",
+#ifdef APACHE24
+ r->useragent_ip, r->connection->id);
+#else
r->connection->remote_ip, r->connection->id);
+#endif
apr_pool_userdata_set(prevauth, keyname, NULL, r->connection->pool);
}
if (ret == OK && conf->krb5_do_auth_to_local)
ret = do_krb5_an_to_ln(r);
/* XXX log_debug: if ret==OK, log(user XY authenticated) */
last_return = ret;
return ret;
}
int
have_rcache_type(const char *type)
{
krb5_error_code ret;
krb5_context context;
krb5_rcache id = NULL;
int found;
ret = krb5_init_context(&context);
if (ret)
return 0;
ret = krb5_rc_resolve_full(context, &id, "none:");
