reorg repoHEADmaster

5 files changed, 254 insertions, 0 deletions

diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..1e65467
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,4 @@
+SRCDIR := $(shell pwd)
+NAME := $(shell basename $(SRCDIR))
+include ../common/Makefile
+
diff --git a/auth_ntlm_winbind.conf b/auth_ntlm_winbind.conf
new file mode 100644
index 0000000..0dcf182
--- /dev/null
+++ b/auth_ntlm_winbind.conf
@@ -0,0 +1,44 @@
+#
+# mod_auth_ntlm_winbind allows authentication and authorisation over the Web
+# against a Windows NT/AD domain controllers, using Samba on the same
+# machine Apache is running on.
+# It uses "ntlm_auth" helper utility to operate with local winbindd(8) daemon,
+# which are standard parts of the Samba distribution.
+#
+# The same way Squid does NTLM authentication now.
+#
+
+LoadModule auth_ntlm_winbind_module modules/mod_auth_ntlm_winbind.so
+
+#
+#  Make sure you have "KeepAlive On" in your Apache configuration,
+#  else this module will not work!
+#
+
+#
+# example configuration for this module:
+#
+#   <Directory "/var/www/auth">
+#     AuthName "NTLM Authentication thingy"
+#     NTLMAuth on
+#     NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
+#     NTLMBasicAuthoritative on
+#     AuthType NTLM
+#     require valid-user
+#   </Directory>
+#
+# to enable 'Negotiate' authentication too:
+#
+#   <Directory "/var/www/auth">
+#     AuthName "NTLM Authentication thingy"
+#     NTLMAuth on
+#     NegotiateAuth on
+#     NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
+#     NegotiateAuthHelper "/usr/bin/ntlm_auth --helper-protocol=gss-spnego"
+#     NTLMBasicAuthoritative on
+#     AuthType NTLM
+#     AuthType Negotiate
+#     require valid-user
+#   </Directory>
+#
+
diff --git a/mod_auth_ntlm_winbind-20060510-connect_http10.patch b/mod_auth_ntlm_winbind-20060510-connect_http10.patch
new file mode 100644
index 0000000..8921f64
--- /dev/null
+++ b/mod_auth_ntlm_winbind-20060510-connect_http10.patch
@@ -0,0 +1,33 @@
+diff -bu mod_auth_ntlm_winbind/mod_auth_ntlm_winbind.c mod_auth_ntlm_winbind-OK/mod_auth_ntlm_winbind.c
+--- mod_auth_ntlm_winbind/mod_auth_ntlm_winbind.c	2006-05-11 17:52:54.000000000 +0400
++++ mod_auth_ntlm_winbind-OK/mod_auth_ntlm_winbind.c	2006-07-07 19:44:12.000000000 +0400
+@@ -997,6 +997,29 @@
+                                           : "Authorization");
+     const char *auth_line2;
+ 
++#ifdef APACHE2
++    /*  ap_set_keepalive() does not check for
++	"Proxy-Connection: keep-alive", and therefore breaks NTLM auth
++	for the CONNECT proxying ("https" etc.) when a browser uses HTTP/1.0
++	for CONNECT (like IE6+ does).
++
++	An ugly work-around to fix it here:
++	When "CONNECT .... HTTP/1.0" without any "Connection: ..."
++	but with "Proxy-Connection: keep-alive", set "Connection: keep-alive"
++	manually (which will be successfully eaten by ap_set_keepalive() later)
++    */
++
++    if (r->method_number == M_CONNECT &&
++	r->proto_num == HTTP_VERSION(1,0) &&
++	!apr_table_get(r->headers_in, "Connection") &&
++	ap_find_token(r->pool,
++		    apr_table_get(r->headers_in, "Proxy-Connection"),
++		    "keep-alive") != 0
++    ) {
++	apr_table_mergen(r->headers_in, "Connection", "keep-alive");
++    }
++#endif
++
+     /* Trust the authentication on an existing connection */
+     if (ctxt->connected_user_authenticated && ctxt->connected_user_authenticated->user) {
+         /* internal redirects cause this to get called more than once
diff --git a/mod_auth_ntlm_winbind-20070129-64bit.patch b/mod_auth_ntlm_winbind-20070129-64bit.patch
new file mode 100644
index 0000000..55fd507
--- /dev/null
+++ b/mod_auth_ntlm_winbind-20070129-64bit.patch
@@ -0,0 +1,39 @@
+diff -Nrbu mod_auth_ntlm_winbind/mod_auth_ntlm_winbind.c mod_auth_ntlm_winbind-OK/mod_auth_ntlm_winbind.c
+--- mod_auth_ntlm_winbind/mod_auth_ntlm_winbind.c	2007-06-22 17:47:51.000000000 +0400
++++ mod_auth_ntlm_winbind-OK/mod_auth_ntlm_winbind.c	2007-06-22 17:47:20.000000000 +0400
+@@ -495,7 +495,7 @@
+     char *newline;
+     char args_to_helper[HUGE_STRING_LEN];
+     char args_from_helper[HUGE_STRING_LEN];
+-    unsigned int bytes_written;
++    size_t bytes_written;
+     int bytes_read;
+ 
+     if (( global_ntlm_context.ntlm_plaintext_helper = get_auth_helper( r, global_ntlm_context.ntlm_plaintext_helper, crec->ntlm_plaintext_helper, CLEANUP(cleanup_ntlm_plaintext_helper))) == NULL ) {
+@@ -539,7 +539,7 @@
+ #endif
+ 
+     if ( bytes_written < strlen( args_to_helper )) {
+-        RDEBUG( "failed to write user/pass to helper - wrote %d bytes", bytes_written );
++        RDEBUG( "failed to write user/pass to helper - wrote %d bytes", (int) bytes_written );
+         apr_pool_destroy( global_ntlm_context.ntlm_plaintext_helper->pool );
+         apr_pool_destroy( ctxt->connected_user_authenticated->pool );
+         return HTTP_INTERNAL_SERVER_ERROR;
+@@ -624,7 +624,7 @@
+     char args_to_helper[HUGE_STRING_LEN];
+     char args_from_helper[HUGE_STRING_LEN];
+     ntlm_connection_context_t *ctxt = get_connection_context( r->connection );
+-    unsigned int bytes_written;
++    size_t bytes_written;
+     int bytes_read;
+     struct _ntlm_auth_helper *auth_helper;
+ 
+@@ -690,7 +690,7 @@
+     bytes_written = ap_bwrite(auth_helper->out_to_helper, args_to_helper, strlen(args_to_helper));
+ #endif
+     if (bytes_written < strlen(args_to_helper)) {
+-        RDEBUG("failed to write NTLMSSP string to helper - wrote %d bytes", bytes_written);
++        RDEBUG("failed to write NTLMSSP string to helper - wrote %d bytes", (int) bytes_written);
+         apr_pool_destroy(auth_helper->pool);
+         apr_pool_destroy(ctxt->connected_user_authenticated->pool);
+ 
diff --git a/mod_auth_ntlm_winbind.spec b/mod_auth_ntlm_winbind.spec
new file mode 100644
index 0000000..fb16595
--- /dev/null
+++ b/mod_auth_ntlm_winbind.spec
@@ -0,0 +1,134 @@
+%define moddir	%(apxs -q LIBEXECDIR || echo be_happy_mock)
+%define svn	20070129svn713
+
+Summary: NTLM authentication for the Apache web server using winbind daemon
+Name: mod_auth_ntlm_winbind
+Version: 0.0.0
+Release: 0.13.%{svn}%{?dist}
+Group: System Environment/Daemons
+License: ASL 2.0
+URL: http://viewcvs.samba.org/cgi-bin/viewcvs.cgi/trunk/mod_auth_ntlm_winbind/?root=lorikeet
+
+#
+#   svn export svn://svnanon.samba.org/lorikeet/trunk/mod_auth_ntlm_winbind mod_auth_ntlm_winbind
+# or:
+#   wget -r -nH --cur-dirs=3 ftp://ftp.samba.org/pub/unpacked/lorikeet/mod_auth_ntlm_winbind
+# then:
+#   tar -cvf - mod_auth_ntlm_winbind/ | gzip -c -9 > mod_ntlm_winbind-VERSION-SVN.tar.gz
+#
+Source0: mod_auth_ntlm_winbind-%{version}-%{svn}.tar.gz
+
+Source1: auth_ntlm_winbind.conf
+
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+BuildRequires: httpd-devel >= 2.0.40, autoconf
+Requires: httpd >= 2.0.40
+Requires: httpd-mmn = %(cat %{_includedir}/httpd/.mmn || echo missing)
+# requires samba-common for /usr/bin/ntlm_auth ...
+Requires: samba-common
+Requires(post): shadow-utils
+
+Patch0: mod_auth_ntlm_winbind-20060510-connect_http10.patch
+Patch1: mod_auth_ntlm_winbind-20070129-64bit.patch
+
+
+%description
+The %{name} module allows authentication and authorisation over
+the Web against a Windows NT/AD domain controllers, using Samba on the same
+machine Apache is running on.
+It uses "ntlm_auth" helper utility to operate with local winbindd(8) daemon,
+which are standard parts of the Samba distribution.
+
+The same way Squid does NTLM authentication now.
+
+
+%prep
+%setup -q -n mod_auth_ntlm_winbind
+%patch0 -p1
+%patch1 -p1
+autoconf
+
+
+%build
+%configure
+
+# %{?_smp_mflags} is not needed -- only one file compiled
+make
+
+
+%install
+rm -rf $RPM_BUILD_ROOT
+
+mkdir -p $RPM_BUILD_ROOT%{moddir}
+make install DESTDIR=$RPM_BUILD_ROOT
+
+# Install the config file
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d
+install -m644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d
+
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+
+%post
+/usr/sbin/usermod -a -G wbpriv apache >/dev/null 2>&1 || :
+ 
+
+%files
+%defattr(-,root,root,-)
+%{moddir}/*
+%config(noreplace) %{_sysconfdir}/httpd/conf.d/*
+%doc AUTHORS README
+
+
+%changelog
+* Wed Mar 28 2012 Remi Collet <RPMS@FamilleCollet.com> 0.0.0-0.13.20070129svn713
+- rebuild for remi repo and httpd 2.4
+
+* Tue Mar 27 2012 Dmitry Butskoy <Dmitry@Butskoy.name> 0.0.0-0.13.20070129svn713
+- Rebuilt for new httpd
+
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.0.0-0.12.20070129svn713
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.0.0-0.11.20070129svn713
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.0.0-0.10.20070129svn713
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.0.0-0.9.20070129svn713
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Fri Apr  4 2008 Dmitry Butskoy <Dmitry@Butskoy.name> 0.0.0-0.8.20070129svn713
+- note in config that Apache's "KeepAlive" must be "On" (#440446)
+
+* Mon Feb 18 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 0.0.0-0.7.20070129svn713
+- Autorebuild for GCC 4.3
+
+* Wed Aug 29 2007 Fedora Release Engineering <rel-eng at fedoraproject dot org> - 0.0.0-0.6.20070129svn713
+- Rebuild for selinux ppc32 issue.
+
+* Fri Aug 17 2007 Dmitry Butskoy <Dmitry@Butskoy.name>
+- Change License tag to "ASL 2.0"
+
+* Fri Jun 22 2007 Dmitry Butskoy <Dmitry@Butskoy.name> 0.0.0-0.5.20070129svn713
+- avoid gcc warnings on 64 bit systems
+
+* Wed Jun 20 2007 Dmitry Butskoy <Dmitry@Butskoy.name> 0.0.0-0.2.20070129svn713
+- spec file cleanup
+- accepted for Fedora (review by Jason Tibbitts <tibbs@math.uh.edu>)
+
+* Wed Jun 13 2007 Dmitry Butskoy <Dmitry@Butskoy.name> 0.0.0-0.1.20070129svn713
+- change release field properly
+
+* Mon Mar 26 2007 Dmitry Butskoy <Dmitry@Butskoy.name> 0.0.0-0.svn713.1
+- update to svn release 713
+- special winbind's group is named "wbpriv" now
+
+* Thu Dec 21 2006 Dmitry Butskoy <Dmitry@Butskoy.name> 0.0.0-0.svn692.1
+- new initial release (svn version r692)
+- add workaround patch for "CONNECT HTTP/1.0" proxy issue
+- add post script for access to winbind's socket directory
+