From 307bb0cd3b0f3f8324cc5e570783c06fa3a4ae92 Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Sat, 17 Nov 2012 07:41:38 +0100
Subject: mod_auth_kerb: backport

---
 mod_auth_kerb-5.4-fixes.patch     |  3 +++
 mod_auth_kerb-5.4-s4u2proxy.patch | 22 +++++++++++++++++++++-
 mod_auth_kerb.spec                | 26 +++++++++++++++++++++++---
 3 files changed, 47 insertions(+), 4 deletions(-)

diff --git a/mod_auth_kerb-5.4-fixes.patch b/mod_auth_kerb-5.4-fixes.patch
index d9a08f6..b86be69 100644
--- a/mod_auth_kerb-5.4-fixes.patch
+++ b/mod_auth_kerb-5.4-fixes.patch
@@ -1,3 +1,6 @@
+
+Compiler warning fixes.
+
 --- mod_auth_kerb-5.4/src/mod_auth_kerb.c.fixes
 +++ mod_auth_kerb-5.4/src/mod_auth_kerb.c
 @@ -677,7 +677,8 @@ end:
diff --git a/mod_auth_kerb-5.4-s4u2proxy.patch b/mod_auth_kerb-5.4-s4u2proxy.patch
index 23185f3..031f87e 100644
--- a/mod_auth_kerb-5.4-s4u2proxy.patch
+++ b/mod_auth_kerb-5.4-s4u2proxy.patch
@@ -1,4 +1,24 @@
-diff -up --recursive mod_auth_kerb-5.4.orig/README mod_auth_kerb-5.4/README
+
+Add S4U2Proxy feature:
+
+http://sourceforge.net/mailarchive/forum.php?thread_name=4EE665D1.3000308%40redhat.com&forum_name=modauthkerb-help
+
+The attached patches add support for using s4u2proxy 
+(http://k5wiki.kerberos.org/wiki/Projects/Services4User) to allow the 
+web service to obtain credentials on behalf of the authenticated user.
+
+The first patch adds basic support for s4u2proxy. This requires the web 
+administrator to manually create and manage the credentails cache for 
+the apache user (via a cron job, for example).
+
+The second patch builds on this and makes mod_auth_kerb manage the 
+ccache instead.
+
+These are patches against the current CVS HEAD (mod_auth_krb 5.4).
+
+I've added a new module option to enable this support, 
+KrbConstrainedDelegation. The default is off.
+
 --- mod_auth_kerb-5.4.orig/README	2008-11-26 11:51:05.000000000 -0500
 +++ mod_auth_kerb-5.4/README	2012-01-04 11:17:22.000000000 -0500
 @@ -122,4 +122,16 @@ KrbSaveCredentials, the tickets will be 
diff --git a/mod_auth_kerb.spec b/mod_auth_kerb.spec
index e789650..839711d 100644
--- a/mod_auth_kerb.spec
+++ b/mod_auth_kerb.spec
@@ -1,5 +1,5 @@
 %{!?_httpd_apxs:       %{expand: %%global _httpd_apxs       %%{_sbindir}/apxs}}
-%{!?_httpd_mmn:        %{expand: %%global _httpd_mmn        %%(cat %{_includedir}/httpd/.mmn || echo missing-httpd-devel)}}
+%{!?_httpd_mmn:        %{expand: %%global _httpd_mmn        %%(cat %{_includedir}/httpd/.mmn 2>/dev/null || echo missing-httpd-devel)}}
 %{!?_httpd_confdir:    %{expand: %%global _httpd_confdir    %%{_sysconfdir}/httpd/conf.d}}
 # /etc/httpd/conf.d with httpd < 2.4 and defined as /etc/httpd/conf.modules.d with httpd >= 2.4
 %{!?_httpd_modconfdir: %{expand: %%global _httpd_modconfdir %%{_sysconfdir}/httpd/conf.d}}
@@ -8,7 +8,9 @@
 Summary: Kerberos authentication module for HTTP
 Name: mod_auth_kerb
 Version: 5.4
-Release: 19%{?dist}
+Release: 22%{?dist}
+# src/mod_auth_kerb.c is under 3-clause BSD, ASL 2.0 code is patched in (-s4u2proxy.patch)
+# src/mit-internals.h contains MIT-licensed code.
 License: BSD and MIT and ASL 2.0
 Group: System Environment/Daemons
 URL: http://modauthkerb.sourceforge.net/
@@ -26,6 +28,10 @@ BuildRequires: httpd-devel, krb5-devel
 Requires: httpd-mmn = %{_httpd_mmn}
 Requires(pre): httpd
 
+# Suppres auto-provides for module DSO
+%{?filter_provides_in: %filter_provides_in %{_libdir}/httpd/modules/.*\.so$}
+%{?filter_setup}
+
 %description
 mod_auth_kerb is module for the Apache HTTP Server designed to
 provide Kerberos authentication over HTTP.  The module supports the
@@ -75,7 +81,7 @@ rm -rf $RPM_BUILD_ROOT
 
 %files
 %defattr(-,root,root,-)
-%doc README LICENSE.ASL
+%doc README LICENSE LICENSE.ASL
 %config(noreplace) %{_httpd_modconfdir}/*.conf
 %if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
 %doc example.conf
@@ -85,6 +91,20 @@ rm -rf $RPM_BUILD_ROOT
 %attr(0700,apache,apache) %dir /run/httpd/krbcache
 
 %changelog
+* Sat Nov 17 2012 Remi Collet <RPMS@FamilleCollet.com> - 5.4-22
+- sync with rawhide, rebuild for remi repo
+
+* Thu Nov 15 2012 Joe Orton <jorton@redhat.com> - 5.4-22
+- clarify licensing; clean up spec file
+
+* Tue Nov 13 2012 Joe Orton <jorton@redhat.com> - 5.4-21
+- fix httpd_mmn stderr filter (thanks rcollet)
+
+* Tue Nov 13 2012 Joe Orton <jorton@redhat.com> - 5.4-20
+- hide stderr if finding httpd_mmn 
+- package LICENSE
+- filter DSO auto provides
+
 * Thu Aug  9 2012 Remi Collet <RPMS@FamilleCollet.com> - 5.4-19
 - sync with rawhide, rebuild for remi repo
 
-- 
cgit