diff --git a/.gitignore b/.gitignore index 1ee1796..f715a6a 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,4 @@ /mod_auth_gssapi-1.3.2.tar.gz /mod_auth_gssapi-1.4.0.tar.gz /mod_auth_gssapi-1.4.1.tar.gz +/mod_auth_gssapi-1.5.0.tar.gz diff --git a/0001-Fix-checks-on-allowed-mechs.patch b/0001-Fix-checks-on-allowed-mechs.patch deleted file mode 100644 index d3f1908..0000000 --- a/0001-Fix-checks-on-allowed-mechs.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 4e7967e797e5c8912a67c0de8f172bb95b5172ff Mon Sep 17 00:00:00 2001 -From: Simo Sorce -Date: Tue, 7 Jul 2015 13:23:57 -0400 -Subject: [PATCH] Fix checks on allowed mechs - -We need to check if a mech is allowed against the desired_mechs set. -Otherwise in case the admin does not explicitly specify an allowed set -then all mechs are allowed, including NTLM. This causes annoying issues -with browsers like Firefox and Chrome/ium which end up popping up an -authentication dialog if they see NTLM is supported and they have no -Kerberos tickets around. -Authentication will then simply fail because NTLM is not actually supported. -By using desired_mechs we use a list of mechanism the machine actually -has a chance to support in the default case. - -Signed-off-by: Simo Sorce ---- - src/mod_auth_gssapi.c | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c -index 6cb8d3a532370212f8fc2e708b066511575fbd7e..763b625cef106923afca753e4c3e192df24bb49e 100644 ---- a/src/mod_auth_gssapi.c -+++ b/src/mod_auth_gssapi.c -@@ -292,12 +292,12 @@ static bool parse_auth_header(apr_pool_t *pool, const char **auth_header, - return true; - } - --static bool is_mech_allowed(struct mag_config *cfg, gss_const_OID mech) -+static bool is_mech_allowed(gss_OID_set allowed_mechs, gss_const_OID mech) - { -- if (cfg->allowed_mechs == GSS_C_NO_OID_SET) return true; -+ if (allowed_mechs == GSS_C_NO_OID_SET) return true; - -- for (int i = 0; i < cfg->allowed_mechs->count; i++) { -- if (gss_oid_equal(&cfg->allowed_mechs->elements[i], mech)) { -+ for (int i = 0; i < allowed_mechs->count; i++) { -+ if (gss_oid_equal(&allowed_mechs->elements[i], mech)) { - return true; - } - } -@@ -785,7 +785,7 @@ static int mag_auth(request_rec *req) - break; - - case AUTH_TYPE_RAW_NTLM: -- if (!is_mech_allowed(cfg, &gss_mech_ntlmssp)) { -+ if (!is_mech_allowed(desired_mechs, &gss_mech_ntlmssp)) { - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, req, - "NTLM Authentication is not allowed!"); - goto done; -@@ -945,7 +945,7 @@ done: - } - } else if (ret == HTTP_UNAUTHORIZED) { - apr_table_add(req->err_headers_out, "WWW-Authenticate", "Negotiate"); -- if (is_mech_allowed(cfg, &gss_mech_ntlmssp)) { -+ if (is_mech_allowed(desired_mechs, &gss_mech_ntlmssp)) { - apr_table_add(req->err_headers_out, "WWW-Authenticate", "NTLM"); - } - if (cfg->use_basic_auth) { --- -2.4.2 - diff --git a/mod_auth_gssapi.spec b/mod_auth_gssapi.spec index 2e54065..3a1b346 100644 --- a/mod_auth_gssapi.spec +++ b/mod_auth_gssapi.spec @@ -1,6 +1,6 @@ Name: mod_auth_gssapi -Version: 1.4.1 -Release: 2%{?dist} +Version: 1.5.0 +Release: 1%{?dist} Summary: A GSSAPI Authentication module for Apache Group: System Environment/Daemons @@ -43,6 +43,9 @@ install -m 644 10-auth_gssapi.conf %{buildroot}%{_httpd_modconfdir} %{_httpd_moddir}/mod_auth_gssapi.so %changelog +* Mon Jan 16 2017 Simo Sorce - 1.5.0-1 +- Last listoff of Space Shuttle Columbia release (1.5.0) + * Mon Nov 14 2016 Joe Orton - 1.4.1-2 - rebuild for new OpenSSL diff --git a/sources b/sources index d606588..77855fe 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -37153d9ad19613bcdf105d55e2b303e0 mod_auth_gssapi-1.4.1.tar.gz +SHA512 (mod_auth_gssapi-1.5.0.tar.gz) = 1f9dfb210c5b1022837a0b4806aad6ed6721f916eaf40d25e9a18cd38015ac6dc90671736299aaef508b28f985256b242a1897e507dc53602762c99dd64fccc2