diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..82535fc --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/mod_auth_gssapi-1.6.1.tar.gz diff --git a/.mod_auth_gssapi.metadata b/.mod_auth_gssapi.metadata new file mode 100644 index 0000000..5b8ef04 --- /dev/null +++ b/.mod_auth_gssapi.metadata @@ -0,0 +1 @@ +5dfc4eef25efad5313724bd6a1e55266a6667302 SOURCES/mod_auth_gssapi-1.6.1.tar.gz diff --git a/SOURCES/Fix-integer-sizes-used-with-ap_set_flag_slot.patch b/SOURCES/Fix-integer-sizes-used-with-ap_set_flag_slot.patch new file mode 100644 index 0000000..b75d272 --- /dev/null +++ b/SOURCES/Fix-integer-sizes-used-with-ap_set_flag_slot.patch @@ -0,0 +1,38 @@ +From d681fe586a4f4258c5d61237511dd19c1fa84904 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Tue, 19 Feb 2019 13:55:12 -0500 +Subject: [PATCH] Fix integer sizes used with ap_set_flag_slot() + +ap_set_flag_slot() requires a field of type `int`. Previously we +passed type `bool` in two places, causing test failures on s390x +because logging was not correctly configured. + +Signed-off-by: Robbie Harwood +(cherry picked from commit f89b876be5619d750e6ab4ea6e730a9a26b1cac4) +(cherry picked from commit 73c690ca9bd1d470c603f5e1ee48d2384941ae55) +--- + src/mod_auth_gssapi.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/mod_auth_gssapi.h b/src/mod_auth_gssapi.h +index 71404ff..8c0b972 100644 +--- a/src/mod_auth_gssapi.h ++++ b/src/mod_auth_gssapi.h +@@ -79,7 +79,7 @@ struct mag_config { + gid_t deleg_ccache_gid; + gss_key_value_set_desc *cred_store; + bool deleg_ccache_unique; +- bool s4u2self; ++ int s4u2self; + char *ccname_envvar; + #endif + struct seal_key *mag_skey; +@@ -90,7 +90,7 @@ struct mag_config { + bool negotiate_once; + struct mag_name_attributes *name_attributes; + const char *required_na_expr; +- bool enverrs; ++ int enverrs; + gss_name_t acceptor_name; + bool acceptor_name_from_req; + }; diff --git a/SOURCES/Fix-tests-to-work-with-python3.patch b/SOURCES/Fix-tests-to-work-with-python3.patch new file mode 100644 index 0000000..7549c09 --- /dev/null +++ b/SOURCES/Fix-tests-to-work-with-python3.patch @@ -0,0 +1,47 @@ +From 613933383aa352bb8f350f43ecb393a0604016cc Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Fri, 21 Dec 2018 11:50:16 -0500 +Subject: [PATCH] Fix tests to work with python3 + +Signed-off-by: Robbie Harwood +(cherry picked from commit 751eb09e7abf38f49fc525e1616d48a6f951673f) +(cherry picked from commit d2748e79d31f153505f944b09a4790c6231dcd79) +--- + tests/magtests.py | 3 ++- + tests/t_spnego_proxy.py | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/tests/magtests.py b/tests/magtests.py +index 6414503..f14f47a 100755 +--- a/tests/magtests.py ++++ b/tests/magtests.py +@@ -431,7 +431,7 @@ def kinit_user(testdir, kdcenv): + stdin=subprocess.PIPE, + stdout=logfile, stderr=logfile, + env=testenv, preexec_fn=os.setsid) +- kinit.communicate('%s\n' % USR_PWD) ++ kinit.communicate(('%s\n' % USR_PWD).encode("utf8")) + kinit.wait() + if kinit.returncode != 0: + raise ValueError('kinit failed') +@@ -495,6 +495,7 @@ def test_spnego_auth(testdir, testenv, logfile): + else: + sys.stderr.write('SPNEGO No Auth: SUCCESS\n') + ++ + return error_count + + +diff --git a/tests/t_spnego_proxy.py b/tests/t_spnego_proxy.py +index 6219721..c47558b 100755 +--- a/tests/t_spnego_proxy.py ++++ b/tests/t_spnego_proxy.py +@@ -17,7 +17,7 @@ def getAuthToken(target): + ctx = gssapi.SecurityContext(name=name, mech=spnego_mech) + token = ctx.step() + +- return 'Negotiate %s' % b64encode(token) ++ return 'Negotiate %s' % b64encode(token).decode() + + + if __name__ == '__main__': diff --git a/SOURCES/In-tests-show-the-exception-on-failure.patch b/SOURCES/In-tests-show-the-exception-on-failure.patch new file mode 100644 index 0000000..0f8c0dc --- /dev/null +++ b/SOURCES/In-tests-show-the-exception-on-failure.patch @@ -0,0 +1,43 @@ +From 3fc1f9f5d7f5a33900572b419ecdfd2d3672ceca Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Fri, 21 Dec 2018 10:50:49 -0500 +Subject: [PATCH] In tests, show the exception on failure + +Otherwise, the user might get nothing at all out, depending on what failed. + +Signed-off-by: Robbie Harwood +(cherry picked from commit 881f98ee08f6d8d7a2352ab2f3e8e38845cf8039) +(cherry picked from commit 1de81677f1878ea1667b56169fe714d685771b4e) +--- + tests/magtests.py | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/tests/magtests.py b/tests/magtests.py +index 576e88f..6414503 100755 +--- a/tests/magtests.py ++++ b/tests/magtests.py +@@ -8,6 +8,7 @@ import shutil + import signal + import subprocess + import sys ++import traceback + + # check that we can import requests (for use in test scripts) + import requests +@@ -207,7 +208,6 @@ def setup_test_certs(testdir, testenv, logfile): + with open(opensslcnf, 'w+') as f: + f.write(text) + +- print(pkinit_key) + cmd = subprocess.Popen(["openssl", "genrsa", "-out", pkinit_key, + "2048"], stdout=logfile, + stderr=logfile, env=testenv, +@@ -718,6 +718,8 @@ if __name__ == '__main__': + errs += test_basic_auth_krb5(testdir, testenv, logfile) + + errs += test_no_negotiate(testdir, testenv, logfile) ++ except Exception: ++ traceback.print_exc() + finally: + for name in processes: + logfile.write("Killing %s\n" % name) diff --git a/SOURCES/tests-Test-suite-fixes-for-virtualenv-and-clang.patch b/SOURCES/tests-Test-suite-fixes-for-virtualenv-and-clang.patch new file mode 100644 index 0000000..2b042e0 --- /dev/null +++ b/SOURCES/tests-Test-suite-fixes-for-virtualenv-and-clang.patch @@ -0,0 +1,40 @@ +From ce83aa116397fb71143e5b1363ce7563f7a4444d Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Mon, 11 Mar 2019 14:56:31 -0400 +Subject: [PATCH] [tests] Test suite fixes for virtualenv and clang + +- Typo fix - VIRTUAL_ENV in magtests.py +- testenv object manipulation fix in magtests.py +- Work around -fstack-clash-protection problems in clang + +Signed-off-by: Robbie Harwood +(cherry picked from commit 6aa0a5bfe9d60a50cf36c561268c5d7c1fdb2f0e) +[rharwood@redhat.com: drop Travis goo] +(cherry picked from commit 11c966cc630393e322ef6b88df91d16247bbfc37) +--- + tests/magtests.py | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/tests/magtests.py b/tests/magtests.py +index f14f47a..a4842a0 100755 +--- a/tests/magtests.py ++++ b/tests/magtests.py +@@ -687,7 +687,7 @@ if __name__ == '__main__': + + # support virtualenv + testenv['PATH'] = os.environ.get('PATH', '') +- testenv['ViRTUAL_ENV'] = os.environ.get('VIRTUAL_ENV', '') ++ testenv['VIRTUAL_ENV'] = os.environ.get('VIRTUAL_ENV', '') + + testenv['DELEGCCACHE'] = os.path.join(testdir, 'httpd', + USR_NAME + '@' + TESTREALM) +@@ -716,6 +716,9 @@ if __name__ == '__main__': + 'MAG_USER_NAME_2': USR_NAME_2, + 'MAG_USER_PASSWORD_2': USR_PWD_2} + testenv.update(kdcenv) ++ testenv['PATH'] = os.environ.get('PATH', '') ++ testenv['VIRTUAL_ENV'] = os.environ.get('VIRTUAL_ENV', '') ++ + errs += test_basic_auth_krb5(testdir, testenv, logfile) + + errs += test_no_negotiate(testdir, testenv, logfile) diff --git a/SPECS/mod_auth_gssapi.spec b/SPECS/mod_auth_gssapi.spec new file mode 100644 index 0000000..ee219f1 --- /dev/null +++ b/SPECS/mod_auth_gssapi.spec @@ -0,0 +1,169 @@ +Name: mod_auth_gssapi +Version: 1.6.1 +Release: 6%{?dist} +Summary: A GSSAPI Authentication module for Apache + +Group: System Environment/Daemons +License: MIT +URL: https://github.com/modauthgssapi/mod_auth_gssapi +Source0: https://github.com/modauthgssapi/%{name}/releases/download/v%{version}/%name-%{version}.tar.gz + +Patch0: In-tests-show-the-exception-on-failure.patch +Patch1: Fix-tests-to-work-with-python3.patch +Patch2: tests-Test-suite-fixes-for-virtualenv-and-clang.patch +Patch3: Fix-integer-sizes-used-with-ap_set_flag_slot.patch + +BuildRequires: httpd-devel, krb5-devel, openssl-devel, autoconf, automake, libtool +BuildRequires: gssntlmssp-devel +BuildRequires: git +Requires: httpd-mmn = %{_httpd_mmn} +Requires: krb5-libs >= 1.11.5 + +%description +The mod_auth_gssapi module is an authentication service that implements the +SPNEGO based HTTP Authentication protocol defined in RFC4559. + +%prep +%autosetup -S git + +%build +export APXS=%{_httpd_apxs} +autoreconf -fi +%configure +make %{?_smp_mflags} + +%install +mkdir -p %{buildroot}%{_httpd_moddir} +install -m 755 src/.libs/%{name}.so %{buildroot}%{_httpd_moddir} + +# Apache configuration for the module +echo "LoadModule auth_gssapi_module modules/mod_auth_gssapi.so" > 10-auth_gssapi.conf +mkdir -p %{buildroot}%{_httpd_modconfdir} +install -m 644 10-auth_gssapi.conf %{buildroot}%{_httpd_modconfdir} + +%files +%doc +%defattr(-,root,root) +%doc README COPYING +%config(noreplace) %{_httpd_modconfdir}/10-auth_gssapi.conf +%{_httpd_moddir}/mod_auth_gssapi.so + +%changelog +* Fri Mar 22 2019 Robbie Harwood - 1.6.1-6 +- Gating update +- Resolves: #1682259 + +* Mon Mar 18 2019 Robbie Harwood - 1.6.1-5 +- Fix integer sizes used with ap_set_flag_slot() +- Resolves: #1674501 + +* Mon Mar 18 2019 Robbie Harwood - 1.6.1-4 +- Fix virtualenv logic and add gating +- Resolves: #1682259 + +* Thu Mar 14 2019 Robbie Harwood - 1.6.1-3 +- Fix tests to work with python3 +- Resolves: #1661589 + +* Fri Jul 13 2018 Fedora Release Engineering - 1.6.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Mon Apr 23 2018 Robbie Harwood - 1.6.1-1 +- Release 1.6.1 +- Resolves: #1570271 + +* Thu Feb 08 2018 Fedora Release Engineering - 1.6.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Mon Nov 06 2017 Robbie Harwood - 1.6.0-1 +- Release 1.6.0 + +* Fri Oct 27 2017 Robbie Harwood - 1.5.1-6 +- Document gssapi-no-negotiate + +* Tue Oct 03 2017 Robbie Harwood - 1.5.1-5 +- Handle extra large NSS entries +- Resolves: #1498175 + +* Mon Oct 02 2017 Robbie Harwood - 1.5.1-4 +- Allow admins to selectively suppress negotiation +- Migrate to autosetup + +* Thu Aug 03 2017 Fedora Release Engineering - 1.5.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 1.5.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Thu Mar 9 2017 Simo Sorce - 1.5.1-1 +- Korabl-Sputnik 4 launch (1.5.1) + +* Fri Feb 10 2017 Fedora Release Engineering - 1.5.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Mon Jan 16 2017 Simo Sorce - 1.5.0-1 +- Last listoff of Space Shuttle Columbia release (1.5.0) + +* Mon Nov 14 2016 Joe Orton - 1.4.1-2 +- rebuild for new OpenSSL + +* Mon Aug 15 2016 Robbie Harwood 1.4.1-1 +- Mishka & Chizhik fly on a rocket release (1.4.1) +- Fix bogus changelog date + +* Fri Jun 17 2016 Simo Sorce 1.4.0-1 +- Lunar Reconnaissance Orbiter (2009) release (1.4.0) + +* Mon Feb 22 2016 Simo Sorce 1.3.2-1 +- NEAR Shoemaker launch (1996) release (1.3.2) + +* Thu Feb 04 2016 Fedora Release Engineering - 1.3.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Thu Sep 3 2015 Simo Sorce 1.3.1-1 +- Viking 2 landing (1976) release (1.3.1) + +* Tue Jul 7 2015 Simo Sorce 1.3.0-2 +- Fix annoying incorrect behavior with simple configuration where + GssapiAllowedMech is not used. + +* Sat Jul 4 2015 Simo Sorce 1.3.0-1 +- US Independence Day Release + +* Wed Jun 17 2015 Fedora Release Engineering - 1.2.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Tue Apr 21 2015 Simo Sorce 1.2.0-1 +- New minor release 1.2.0 +- Adds delegation support on Basic Auth +- Response fix, send last auth token on successful auth + +* Tue Mar 31 2015 Simo Sorce 1.1.0-3 +- Fix some authentication issues + +* Thu Mar 26 2015 Simo Sorce 1.1.0-2 +- Fix saving delegated credentials for SPNs + +* Thu Mar 12 2015 Simo Sorce 1.1.0-1 +- New minor release 1.1.0 +- New feature: Basic Auth support +- Improvements: Better crypto for sesison cookies + +* Sat Nov 8 2014 Simo Sorce 1.0.4-1 +- Patch release 1.0.4 +- logging initialization fixes +- additional build fixes + +* Sat Oct 11 2014 Simo Sorce 1.0.3-1 +- Patch release 1.0.3 +- fixes some build issues on various distros + +* Wed Aug 27 2014 Simo Sorce 1.0.2-1 +- Adds documntation to README +- fixes bad bug that crippled configuration + +* Thu Aug 14 2014 Simo Sorce 1.0.1-1 +- Patch release 1.0.1 + +* Mon Aug 4 2014 Simo Sorce 1.0.0-1 +- First release