Compare commits
No commits in common. "c9-beta" and "c8" have entirely different histories.
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/mod_auth_gssapi-1.6.3.tar.gz
|
SOURCES/mod_auth_gssapi-1.6.1.tar.gz
|
||||||
|
@ -1 +1 @@
|
|||||||
7ee7ca772b2fbfedbb98a7dc59edeb7bede27bf0 SOURCES/mod_auth_gssapi-1.6.3.tar.gz
|
5dfc4eef25efad5313724bd6a1e55266a6667302 SOURCES/mod_auth_gssapi-1.6.1.tar.gz
|
||||||
|
262
SOURCES/Add-ability-to-expose-the-used-mechanism.patch
Normal file
262
SOURCES/Add-ability-to-expose-the-used-mechanism.patch
Normal file
@ -0,0 +1,262 @@
|
|||||||
|
From 46caec4def9fd8df21e560db065b755e1d87354d Mon Sep 17 00:00:00 2001
|
||||||
|
From: rpm-build <rpm-build>
|
||||||
|
Date: Fri, 6 May 2022 22:54:45 +0200
|
||||||
|
Subject: [PATCH 1/2] Add-ability-to-expose-the-used-mechanism.patch
|
||||||
|
|
||||||
|
---
|
||||||
|
README | 15 +++++++++++++++
|
||||||
|
src/environ.c | 39 +++++++++++++++++++++++++++++++++++++++
|
||||||
|
src/environ.h | 2 ++
|
||||||
|
src/mod_auth_gssapi.c | 7 +++++++
|
||||||
|
src/mod_auth_gssapi.h | 1 +
|
||||||
|
tests/Makefile.am | 4 +++-
|
||||||
|
tests/httpd.conf | 15 +++++++++++++++
|
||||||
|
tests/magtests.py | 18 ++++++++++++++++++
|
||||||
|
tests/mech.html | 1 +
|
||||||
|
tests/t_mech_name.py | 19 +++++++++++++++++++
|
||||||
|
10 files changed, 120 insertions(+), 1 deletion(-)
|
||||||
|
create mode 100644 tests/mech.html
|
||||||
|
create mode 100755 tests/t_mech_name.py
|
||||||
|
|
||||||
|
diff --git a/README b/README
|
||||||
|
index 654a8918cc1cd078d84b8e571596444e262e83af..bbf2657d47c9b111e20fdc2b76fde8799c76e3cd 100644
|
||||||
|
--- a/README
|
||||||
|
+++ b/README
|
||||||
|
@@ -109,6 +109,7 @@ Configuration Directives
|
||||||
|
[GssapiNameAttributes](#gssapinameattributes)<br>
|
||||||
|
[GssapiNegotiateOnce](#gssapinegotiateonce)<br>
|
||||||
|
[GssapiPublishErrors](#gssapipublisherrors)<br>
|
||||||
|
+[GssapiPublishMech](#gssapipublishmech)<br>
|
||||||
|
[GssapiRequiredNameAttributes](#gssapirequirednameattributes)<br>
|
||||||
|
[GssapiSessionKey](#gssapisessionkey)<br>
|
||||||
|
[GssapiSignalPersistentAuth](#gssapisignalpersistentauth)<br>
|
||||||
|
@@ -527,3 +528,17 @@ Note: the value is specified in seconds.
|
||||||
|
Sets ticket/session validity to 10 hours.
|
||||||
|
|
||||||
|
|
||||||
|
+### GssapiPublishMech
|
||||||
|
+
|
||||||
|
+This option is used to publish the mech used for authentication as an
|
||||||
|
+Environment variable named GSS_MECH.
|
||||||
|
+
|
||||||
|
+It will return a string of the form 'Authtype/Mechname'.
|
||||||
|
+Authtype represents the type of auth performed by the module. Possible values
|
||||||
|
+are 'Basic', 'Negotiate', 'NTLM', 'Impersonate'.
|
||||||
|
+Mechname is the name of the mechanism as reported by GSSAPI or the OID of the
|
||||||
|
+mechanism if a name is not available. In case of errors the 'Unavailable'
|
||||||
|
+string may also be returned for either Authtype or Mechname.
|
||||||
|
+
|
||||||
|
+- **Enable with:** GssapiPublishMech On
|
||||||
|
+- **Default:** GssapiPublishMech Off
|
||||||
|
\ No newline at end of file
|
||||||
|
diff --git a/src/environ.c b/src/environ.c
|
||||||
|
index 7ee56a1ba434d5c1041968fb3f64191340cb0ea7..71a8564284cafa62c4cbeaf7ab8484a48c064e66 100644
|
||||||
|
--- a/src/environ.c
|
||||||
|
+++ b/src/environ.c
|
||||||
|
@@ -498,3 +498,42 @@ void mag_publish_error(request_rec *req, uint32_t maj, uint32_t min,
|
||||||
|
if (mag_err)
|
||||||
|
apr_table_set(req->subprocess_env, "MAG_ERROR", mag_err);
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+void mag_publish_mech(request_rec *req, struct mag_conn *mc,
|
||||||
|
+ const char *auth_type, gss_OID mech_type)
|
||||||
|
+{
|
||||||
|
+ gss_buffer_desc sasl_mech_name = GSS_C_EMPTY_BUFFER;
|
||||||
|
+ gss_buffer_desc mech_name = GSS_C_EMPTY_BUFFER;
|
||||||
|
+ gss_buffer_desc mech_description = GSS_C_EMPTY_BUFFER;
|
||||||
|
+ char *mechdata;
|
||||||
|
+ uint32_t maj, min;
|
||||||
|
+
|
||||||
|
+ maj = gss_inquire_saslname_for_mech(&min, mech_type, &sasl_mech_name,
|
||||||
|
+ &mech_name, &mech_description);
|
||||||
|
+ if (maj != GSS_S_COMPLETE) {
|
||||||
|
+ /* something failed, let's try to get a string OID */
|
||||||
|
+ /* and if that fails there is nothing we can do */
|
||||||
|
+ maj = gss_oid_to_str(&min, mech_type, &mech_name);
|
||||||
|
+ if (maj != GSS_S_COMPLETE) {
|
||||||
|
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, req,
|
||||||
|
+ "Failed to source mechanism name or OID");
|
||||||
|
+ mech_name.value = strdup("Unavailable");
|
||||||
|
+ mech_name.length = strlen(mech_name.value);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ mechdata = apr_psprintf(req->pool, "%s/%.*s", auth_type,
|
||||||
|
+ (int)mech_name.length,
|
||||||
|
+ (char *)mech_name.value);
|
||||||
|
+
|
||||||
|
+ apr_table_set(mc->env, "GSS_MECH", mechdata);
|
||||||
|
+
|
||||||
|
+ /* also log at info level */
|
||||||
|
+ ap_log_rerror(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, req,
|
||||||
|
+ "User %s authenticated with %s", mc->gss_name, mechdata);
|
||||||
|
+
|
||||||
|
+ (void)gss_release_buffer(&min, &sasl_mech_name);
|
||||||
|
+ (void)gss_release_buffer(&min, &mech_name);
|
||||||
|
+ (void)gss_release_buffer(&min, &mech_description);
|
||||||
|
+}
|
||||||
|
diff --git a/src/environ.h b/src/environ.h
|
||||||
|
index 40bca9877f600246d19a3bf4be370310636ce6c7..b0813da6508df7c5594b51cada7712dc44393e44 100644
|
||||||
|
--- a/src/environ.h
|
||||||
|
+++ b/src/environ.h
|
||||||
|
@@ -18,3 +18,5 @@ void mag_publish_error(request_rec *req, uint32_t maj, uint32_t min,
|
||||||
|
const char *gss_err, const char *mag_err);
|
||||||
|
void mag_set_req_attr_fail(request_rec *req, struct mag_config *cfg,
|
||||||
|
struct mag_conn *mc);
|
||||||
|
+void mag_publish_mech(request_rec *req, struct mag_conn *mc,
|
||||||
|
+ const char *auth_type, gss_OID mech_type);
|
||||||
|
diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c
|
||||||
|
index c91aa60707ba9b237a84f95670d483f1a7eab86b..93c43308585cf140297de82e118a367f69d25a92 100644
|
||||||
|
--- a/src/mod_auth_gssapi.c
|
||||||
|
+++ b/src/mod_auth_gssapi.c
|
||||||
|
@@ -1289,6 +1289,10 @@ static int mag_complete(struct mag_req_cfg *req_cfg, struct mag_conn *mc,
|
||||||
|
mc->user_name = apr_pstrdup(mc->pool, mc->gss_name);
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (cfg->pubmech) {
|
||||||
|
+ mag_publish_mech(req, mc, mag_str_auth_type(mc->auth_type), mech_type);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
mc->established = true;
|
||||||
|
if (req_cfg->use_sessions) {
|
||||||
|
mag_attempt_session(req_cfg, mc);
|
||||||
|
@@ -1894,6 +1898,9 @@ static const command_rec mag_commands[] = {
|
||||||
|
AP_INIT_FLAG("GssapiPublishErrors", ap_set_flag_slot,
|
||||||
|
(void *)APR_OFFSETOF(struct mag_config, enverrs), OR_AUTHCFG,
|
||||||
|
"Publish GSSAPI Errors in Envionment Variables"),
|
||||||
|
+ AP_INIT_FLAG("GssapiPublishMech", ap_set_flag_slot,
|
||||||
|
+ (void *)APR_OFFSETOF(struct mag_config, pubmech), OR_AUTHCFG,
|
||||||
|
+ "Publish GSSAPI Mech Name in Envionment Variables"),
|
||||||
|
AP_INIT_RAW_ARGS("GssapiAcceptorName", mag_acceptor_name, NULL, OR_AUTHCFG,
|
||||||
|
"Name of the acceptor credentials."),
|
||||||
|
AP_INIT_TAKE1("GssapiBasicTicketTimeout", mag_basic_timeout, NULL,
|
||||||
|
diff --git a/src/mod_auth_gssapi.h b/src/mod_auth_gssapi.h
|
||||||
|
index 2312ab57f4b2e0bd50f191018b081a3ecb86f15a..8ab3bdc57be793cc493176c02910219e905900e9 100644
|
||||||
|
--- a/src/mod_auth_gssapi.h
|
||||||
|
+++ b/src/mod_auth_gssapi.h
|
||||||
|
@@ -91,6 +91,7 @@ struct mag_config {
|
||||||
|
struct mag_name_attributes *name_attributes;
|
||||||
|
const char *required_na_expr;
|
||||||
|
int enverrs;
|
||||||
|
+ int pubmech;
|
||||||
|
gss_name_t acceptor_name;
|
||||||
|
bool acceptor_name_from_req;
|
||||||
|
uint32_t basic_timeout;
|
||||||
|
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
||||||
|
index c830e951d04316e4cbc76fa3b5961baedb516ec6..2ddb46ea30e6ebf9ff0b30278c609178d02c1efc 100644
|
||||||
|
--- a/tests/Makefile.am
|
||||||
|
+++ b/tests/Makefile.am
|
||||||
|
@@ -6,14 +6,16 @@ EXTRA_DIST = \
|
||||||
|
index.html \
|
||||||
|
localname.html \
|
||||||
|
magtests.py \
|
||||||
|
+ mech.html \
|
||||||
|
t_bad_acceptor_name.py \
|
||||||
|
t_basic_k5_fail_second.py \
|
||||||
|
t_basic_k5.py \
|
||||||
|
t_basic_k5_two_users.py \
|
||||||
|
t_basic_proxy.py \
|
||||||
|
t_basic_timeout.py \
|
||||||
|
- t_localname.py \
|
||||||
|
t_hostname_acceptor.py \
|
||||||
|
+ t_localname.py \
|
||||||
|
+ t_mech_name.py \
|
||||||
|
t_nonego.py \
|
||||||
|
t_required_name_attr.py \
|
||||||
|
t_spnego_negotiate_once.py \
|
||||||
|
diff --git a/tests/httpd.conf b/tests/httpd.conf
|
||||||
|
index b3777574d9f0547560f24eff992fc1018569b5cc..775294b7d600e82c3955316a2d5b667c8b3c5581 100644
|
||||||
|
--- a/tests/httpd.conf
|
||||||
|
+++ b/tests/httpd.conf
|
||||||
|
@@ -331,3 +331,18 @@ CoreDumpDirectory "{HTTPROOT}"
|
||||||
|
GssapiSessionKey file:{HTTPROOT}/session.key
|
||||||
|
Require valid-user
|
||||||
|
</Location>
|
||||||
|
+
|
||||||
|
+<Location /mech_name>
|
||||||
|
+ Options +Includes
|
||||||
|
+ AddOutputFilter INCLUDES .html
|
||||||
|
+ AuthType GSSAPI
|
||||||
|
+ AuthName "Password Login"
|
||||||
|
+ GssapiSSLonly Off
|
||||||
|
+ GssapiCredStore ccache:{HTTPROOT}/tmp/httpd_krb5_ccache
|
||||||
|
+ GssapiCredStore client_keytab:{HTTPROOT}/http.keytab
|
||||||
|
+ GssapiCredStore keytab:{HTTPROOT}/http.keytab
|
||||||
|
+ GssapiBasicAuth On
|
||||||
|
+ GssapiBasicAuthMech krb5
|
||||||
|
+ GssapiPublishMech On
|
||||||
|
+ Require valid-user
|
||||||
|
+</Location>
|
||||||
|
\ No newline at end of file
|
||||||
|
diff --git a/tests/magtests.py b/tests/magtests.py
|
||||||
|
index d100413b371e7ecf4e09d944b7ff6e9bec7e316f..9aba68f826a37a890bfefb62665697eef7d07dfa 100755
|
||||||
|
--- a/tests/magtests.py
|
||||||
|
+++ b/tests/magtests.py
|
||||||
|
@@ -786,6 +786,22 @@ def test_gss_localname(testdir, testenv, logfile):
|
||||||
|
return error_count
|
||||||
|
|
||||||
|
|
||||||
|
+def test_mech_name(testdir, testenv, logfile):
|
||||||
|
+ basicdir = os.path.join(testdir, 'httpd', 'html', 'mech_name')
|
||||||
|
+ os.mkdir(basicdir)
|
||||||
|
+ shutil.copy('tests/mech.html', basicdir)
|
||||||
|
+
|
||||||
|
+ mname = subprocess.Popen(["tests/t_mech_name.py"],
|
||||||
|
+ stdout=logfile, stderr=logfile,
|
||||||
|
+ env=testenv, preexec_fn=os.setsid)
|
||||||
|
+ mname.wait()
|
||||||
|
+ if mname.returncode != 0:
|
||||||
|
+ sys.stderr.write('MECH-NAME: FAILED\n')
|
||||||
|
+ return 1
|
||||||
|
+ sys.stderr.write('MECH-NAME: SUCCESS\n')
|
||||||
|
+ return 0
|
||||||
|
+
|
||||||
|
+
|
||||||
|
if __name__ == '__main__':
|
||||||
|
args = parse_args()
|
||||||
|
|
||||||
|
@@ -847,6 +863,8 @@ if __name__ == '__main__':
|
||||||
|
|
||||||
|
errs += test_no_negotiate(testdir, testenv, logfile)
|
||||||
|
|
||||||
|
+ errs += test_mech_name(testdir, testenv, logfile)
|
||||||
|
+
|
||||||
|
# After this point we need to speed up httpd to test creds timeout
|
||||||
|
try:
|
||||||
|
fakeenv = faketime_setup(kdcenv)
|
||||||
|
diff --git a/tests/mech.html b/tests/mech.html
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000000000000000000000000000000000..bb7b3cd5278f055e278a7dfde73c15aa400a6a17
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/mech.html
|
||||||
|
@@ -0,0 +1 @@
|
||||||
|
+<!--#echo var="GSS_MECH" -->
|
||||||
|
diff --git a/tests/t_mech_name.py b/tests/t_mech_name.py
|
||||||
|
new file mode 100755
|
||||||
|
index 0000000000000000000000000000000000000000..69f451f2bbe58a16f61418f96eca26e7994bcb8a
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/t_mech_name.py
|
||||||
|
@@ -0,0 +1,19 @@
|
||||||
|
+#!/usr/bin/env python3
|
||||||
|
+# Copyright (C) 2015 - mod_auth_gssapi contributors, see COPYING for license.
|
||||||
|
+
|
||||||
|
+import os
|
||||||
|
+import requests
|
||||||
|
+from requests.auth import HTTPBasicAuth
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+if __name__ == '__main__':
|
||||||
|
+ url = 'http://%s/mech_name/mech.html' % os.environ['NSS_WRAPPER_HOSTNAME']
|
||||||
|
+ r = requests.get(url, auth=HTTPBasicAuth(os.environ['MAG_USER_NAME'],
|
||||||
|
+ os.environ['MAG_USER_PASSWORD']))
|
||||||
|
+ if r.status_code != 200:
|
||||||
|
+ raise ValueError('Basic Auth Failed')
|
||||||
|
+
|
||||||
|
+ if r.text.rstrip() != 'Basic/krb5':
|
||||||
|
+ raise ValueError(
|
||||||
|
+ 'GSS_MECH check failed, expected Basic/krb5, got "%s"' %
|
||||||
|
+ r.text.rstrip())
|
||||||
|
--
|
||||||
|
2.35.3
|
||||||
|
|
372
SOURCES/Add-option-to-control-timeout-for-Basic-Auth.patch
Normal file
372
SOURCES/Add-option-to-control-timeout-for-Basic-Auth.patch
Normal file
@ -0,0 +1,372 @@
|
|||||||
|
From b4ddd657ccc7793df9378209433f0142195a94d1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Simo Sorce <simo@redhat.com>
|
||||||
|
Date: Thu, 14 May 2020 09:19:37 -0400
|
||||||
|
Subject: [PATCH] Add option to control timeout for Basic Auth
|
||||||
|
|
||||||
|
Adds new option and tests.
|
||||||
|
Adds optional dependency on libfaketime to test this feature.
|
||||||
|
|
||||||
|
Fixes: #210
|
||||||
|
Signed-off-by: Simo Sorce <simo@redhat.com>
|
||||||
|
Merges: #217
|
||||||
|
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
|
||||||
|
(cherry picked from commit 09df7584b4abadbfea411adafdcc825da5b720d3)
|
||||||
|
[rharwood@redhat.com: git got confused by not having localname test]
|
||||||
|
---
|
||||||
|
README | 24 +++++++++++++
|
||||||
|
src/mod_auth_gssapi.c | 27 +++++++++++---
|
||||||
|
src/mod_auth_gssapi.h | 1 +
|
||||||
|
tests/Makefile.am | 1 +
|
||||||
|
tests/httpd.conf | 32 ++++++++++++++++-
|
||||||
|
tests/magtests.py | 76 ++++++++++++++++++++++++++++++++++++++++
|
||||||
|
tests/t_basic_timeout.py | 34 ++++++++++++++++++
|
||||||
|
7 files changed, 190 insertions(+), 5 deletions(-)
|
||||||
|
create mode 100755 tests/t_basic_timeout.py
|
||||||
|
|
||||||
|
diff --git a/README b/README
|
||||||
|
index 700b57e..5eac94f 100644
|
||||||
|
--- a/README
|
||||||
|
+++ b/README
|
||||||
|
@@ -97,6 +97,7 @@ Configuration Directives
|
||||||
|
[GssapiAllowedMech](#gssapiallowedmech)<br>
|
||||||
|
[GssapiBasicAuth](#gssapibasicauth)<br>
|
||||||
|
[GssapiBasicAuthMech](#gssapibasicauthmech)<br>
|
||||||
|
+[GssapiBasicTicketTimeout](#gssapibasicticketvalidity)<br>
|
||||||
|
[GssapiConnectionBound](#gssapiconnectionbound)<br>
|
||||||
|
[GssapiCredStore](#gssapicredstore)<br>
|
||||||
|
[GssapiDelegCcacheDir](#gssapidelegccachedir)<br>
|
||||||
|
@@ -503,3 +504,26 @@ Note: The GSS_C_NT_HOSTBASED_SERVICE format is used for names (see example).
|
||||||
|
GssapiAcceptorName HTTP@www.example.com
|
||||||
|
|
||||||
|
|
||||||
|
+### GssapiBasicTicketTimeout
|
||||||
|
+
|
||||||
|
+This option controls the ticket validity time requested for the user TGT by the
|
||||||
|
+Basic Auth method.
|
||||||
|
+
|
||||||
|
+Normally basic auth is repeated by the browser on each request so a short
|
||||||
|
+validity period is used to reduce the scope of the ticket as it will be
|
||||||
|
+replaced quickly.
|
||||||
|
+However in cases where the authentication page is separate and the session
|
||||||
|
+is used by other pages the validity can be changed to arbitrary duration.
|
||||||
|
+
|
||||||
|
+Note: the validity of a ticket is still capped by KDC configuration.
|
||||||
|
+
|
||||||
|
+Note: the value is specified in seconds.
|
||||||
|
+
|
||||||
|
+- **Default:** GssapiBasicTicketTimeout 300
|
||||||
|
+
|
||||||
|
+#### Example
|
||||||
|
+ GssapiBasicTicketTimeout 36000
|
||||||
|
+
|
||||||
|
+Sets ticket/session validity to 10 hours.
|
||||||
|
+
|
||||||
|
+
|
||||||
|
diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c
|
||||||
|
index 9e42ef4..b099973 100644
|
||||||
|
--- a/src/mod_auth_gssapi.c
|
||||||
|
+++ b/src/mod_auth_gssapi.c
|
||||||
|
@@ -1,4 +1,5 @@
|
||||||
|
-/* Copyright (C) 2014, 2016 mod_auth_gssapi contributors - See COPYING for (C) terms */
|
||||||
|
+/* Copyright (C) 2014, 2016, 2020 mod_auth_gssapi contributors
|
||||||
|
+ * See COPYING for (C) terms */
|
||||||
|
|
||||||
|
#include "mod_auth_gssapi.h"
|
||||||
|
#include "mag_parse.h"
|
||||||
|
@@ -600,7 +601,7 @@ static int mag_auth_basic(struct mag_req_cfg *req_cfg, struct mag_conn *mc,
|
||||||
|
}
|
||||||
|
|
||||||
|
maj = gss_acquire_cred_with_password(&min, user, &ba_pwd,
|
||||||
|
- GSS_C_INDEFINITE,
|
||||||
|
+ cfg->basic_timeout,
|
||||||
|
allowed_mechs,
|
||||||
|
GSS_C_INITIATE,
|
||||||
|
&user_cred, &actual_mechs, NULL);
|
||||||
|
@@ -619,8 +620,8 @@ static int mag_auth_basic(struct mag_req_cfg *req_cfg, struct mag_conn *mc,
|
||||||
|
|
||||||
|
for (int i = 0; i < actual_mechs->count; i++) {
|
||||||
|
maj = mag_context_loop(&min, req, cfg, user_cred, server_cred,
|
||||||
|
- &actual_mechs->elements[i], 300, &client,
|
||||||
|
- &vtime, &delegated_cred);
|
||||||
|
+ &actual_mechs->elements[i], cfg->basic_timeout,
|
||||||
|
+ &client, &vtime, &delegated_cred);
|
||||||
|
if (maj == GSS_S_COMPLETE) {
|
||||||
|
ret = mag_complete(req_cfg, mc, client, &actual_mechs->elements[i],
|
||||||
|
vtime, delegated_cred);
|
||||||
|
@@ -1299,6 +1300,7 @@ static void *mag_create_dir_config(apr_pool_t *p, char *dir)
|
||||||
|
#ifdef HAVE_CRED_STORE
|
||||||
|
cfg->ccname_envvar = "KRB5CCNAME";
|
||||||
|
#endif
|
||||||
|
+ cfg->basic_timeout = 300;
|
||||||
|
|
||||||
|
return cfg;
|
||||||
|
}
|
||||||
|
@@ -1789,6 +1791,21 @@ static const char *mag_acceptor_name(cmd_parms *parms, void *mconfig,
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static const char *mag_basic_timeout(cmd_parms *parms, void *mconfig,
|
||||||
|
+ const char *w)
|
||||||
|
+{
|
||||||
|
+ struct mag_config *cfg = (struct mag_config *)mconfig;
|
||||||
|
+ unsigned long int value;
|
||||||
|
+
|
||||||
|
+ value = strtoul(w, NULL, 10);
|
||||||
|
+ if (value >= UINT32_MAX) {
|
||||||
|
+ cfg->basic_timeout = GSS_C_INDEFINITE;
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+ cfg->basic_timeout = value;
|
||||||
|
+ return NULL;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static void *mag_create_server_config(apr_pool_t *p, server_rec *s)
|
||||||
|
{
|
||||||
|
struct mag_server_config *scfg;
|
||||||
|
@@ -1865,6 +1882,8 @@ static const command_rec mag_commands[] = {
|
||||||
|
"Publish GSSAPI Errors in Envionment Variables"),
|
||||||
|
AP_INIT_RAW_ARGS("GssapiAcceptorName", mag_acceptor_name, NULL, OR_AUTHCFG,
|
||||||
|
"Name of the acceptor credentials."),
|
||||||
|
+ AP_INIT_TAKE1("GssapiBasicTicketTimeout", mag_basic_timeout, NULL,
|
||||||
|
+ OR_AUTHCFG, "Ticket Validity Timeout with Basic Auth."),
|
||||||
|
{ NULL }
|
||||||
|
};
|
||||||
|
|
||||||
|
diff --git a/src/mod_auth_gssapi.h b/src/mod_auth_gssapi.h
|
||||||
|
index 8c0b972..2312ab5 100644
|
||||||
|
--- a/src/mod_auth_gssapi.h
|
||||||
|
+++ b/src/mod_auth_gssapi.h
|
||||||
|
@@ -93,6 +93,7 @@ struct mag_config {
|
||||||
|
int enverrs;
|
||||||
|
gss_name_t acceptor_name;
|
||||||
|
bool acceptor_name_from_req;
|
||||||
|
+ uint32_t basic_timeout;
|
||||||
|
};
|
||||||
|
|
||||||
|
struct mag_server_config {
|
||||||
|
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
||||||
|
index 16d87e9..c830e95 100644
|
||||||
|
--- a/tests/Makefile.am
|
||||||
|
+++ b/tests/Makefile.am
|
||||||
|
@@ -11,6 +11,7 @@ EXTRA_DIST = \
|
||||||
|
t_basic_k5.py \
|
||||||
|
t_basic_k5_two_users.py \
|
||||||
|
t_basic_proxy.py \
|
||||||
|
+ t_basic_timeout.py \
|
||||||
|
t_localname.py \
|
||||||
|
t_hostname_acceptor.py \
|
||||||
|
t_nonego.py \
|
||||||
|
diff --git a/tests/httpd.conf b/tests/httpd.conf
|
||||||
|
index 8c91e1c..f76f2b6 100644
|
||||||
|
--- a/tests/httpd.conf
|
||||||
|
+++ b/tests/httpd.conf
|
||||||
|
@@ -111,7 +111,7 @@ DocumentRoot "{HTTPROOT}/html"
|
||||||
|
PidFile "{HTTPROOT}/logs/httpd.pid"
|
||||||
|
|
||||||
|
<IfModule log_config_module>
|
||||||
|
-LogFormat "%h %l %u %t \"%r\" %>s %b \"%{{Referer}}i\" \"%{{User-Agent}}i\"" combined
|
||||||
|
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{{Referer}}i\" \"%{{User-Agent}}i\" \"%{{Cookie}}i\"" combined
|
||||||
|
CustomLog "logs/access_log" combined
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
|
@@ -288,3 +288,33 @@ CoreDumpDirectory "{HTTPROOT}"
|
||||||
|
Require valid-user
|
||||||
|
</Proxy>
|
||||||
|
</VirtualHost>
|
||||||
|
+
|
||||||
|
+<Location /basic_auth_timeout/auth>
|
||||||
|
+ Options +Includes
|
||||||
|
+ AddOutputFilter INCLUDES .html
|
||||||
|
+ AuthType GSSAPI
|
||||||
|
+ AuthName "Password Login"
|
||||||
|
+ GssapiSSLonly Off
|
||||||
|
+ GssapiUseSessions On
|
||||||
|
+ Session On
|
||||||
|
+ SessionCookieName gssapi_session path=/basic_auth_timeout;httponly
|
||||||
|
+ GssapiSessionKey file:{HTTPROOT}/session.key
|
||||||
|
+ GssapiCredStore keytab:{HTTPROOT}/http.keytab
|
||||||
|
+ GssapiBasicAuth On
|
||||||
|
+ GssapiBasicAuthMech krb5
|
||||||
|
+ GssapiBasicTicketTimeout 400
|
||||||
|
+ GssapiDelegCcacheDir {HTTPROOT}
|
||||||
|
+ Require valid-user
|
||||||
|
+</Location>
|
||||||
|
+<Location /basic_auth_timeout/session>
|
||||||
|
+ Options +Includes
|
||||||
|
+ AddOutputFilter INCLUDES .html
|
||||||
|
+ AuthType GSSAPI
|
||||||
|
+ AuthName "Session Login"
|
||||||
|
+ GssapiSSLonly Off
|
||||||
|
+ GssapiUseSessions On
|
||||||
|
+ Session On
|
||||||
|
+ SessionCookieName gssapi_session path=/basic_auth_timeout;httponly
|
||||||
|
+ GssapiSessionKey file:{HTTPROOT}/session.key
|
||||||
|
+ Require valid-user
|
||||||
|
+</Location>
|
||||||
|
diff --git a/tests/magtests.py b/tests/magtests.py
|
||||||
|
index a4842a0..da1cca7 100755
|
||||||
|
--- a/tests/magtests.py
|
||||||
|
+++ b/tests/magtests.py
|
||||||
|
@@ -3,11 +3,13 @@
|
||||||
|
|
||||||
|
import argparse
|
||||||
|
import os
|
||||||
|
+import os.path
|
||||||
|
import random
|
||||||
|
import shutil
|
||||||
|
import signal
|
||||||
|
import subprocess
|
||||||
|
import sys
|
||||||
|
+import time
|
||||||
|
import traceback
|
||||||
|
|
||||||
|
# check that we can import requests (for use in test scripts)
|
||||||
|
@@ -341,6 +343,7 @@ USR_PWD_2 = "magpwd2"
|
||||||
|
USR_NAME_3 = "maguser3"
|
||||||
|
SVC_KTNAME = "httpd/http.keytab"
|
||||||
|
KEY_TYPE = "aes256-cts-hmac-sha1-96:normal"
|
||||||
|
+USR_NAME_4 = "timeoutusr"
|
||||||
|
|
||||||
|
|
||||||
|
def setup_keys(tesdir, env):
|
||||||
|
@@ -361,6 +364,9 @@ def setup_keys(tesdir, env):
|
||||||
|
cmd = "addprinc -pw %s -e %s %s" % (USR_PWD_2, KEY_TYPE, USR_NAME_2)
|
||||||
|
kadmin_local(cmd, env, logfile)
|
||||||
|
|
||||||
|
+ cmd = "addprinc -pw %s -e %s %s" % (USR_PWD, KEY_TYPE, USR_NAME_4)
|
||||||
|
+ kadmin_local(cmd, env, logfile)
|
||||||
|
+
|
||||||
|
# alias for multinamed hosts testing
|
||||||
|
alias_name = "HTTP/%s" % WRAP_ALIASNAME
|
||||||
|
cmd = "addprinc -randkey -e %s %s" % (KEY_TYPE, alias_name)
|
||||||
|
@@ -600,6 +606,30 @@ def test_basic_auth_krb5(testdir, testenv, logfile):
|
||||||
|
return error_count
|
||||||
|
|
||||||
|
|
||||||
|
+def test_basic_auth_timeout(testdir, testenv, logfile):
|
||||||
|
+ httpdir = os.path.join(testdir, 'httpd')
|
||||||
|
+ timeoutdir = os.path.join(httpdir, 'html', 'basic_auth_timeout')
|
||||||
|
+ os.mkdir(timeoutdir)
|
||||||
|
+ authdir = os.path.join(timeoutdir, 'auth')
|
||||||
|
+ os.mkdir(authdir)
|
||||||
|
+ sessdir = os.path.join(timeoutdir, 'session')
|
||||||
|
+ os.mkdir(sessdir)
|
||||||
|
+ shutil.copy('tests/index.html', os.path.join(authdir))
|
||||||
|
+ shutil.copy('tests/index.html', os.path.join(sessdir))
|
||||||
|
+
|
||||||
|
+ basictout = subprocess.Popen(["tests/t_basic_timeout.py"],
|
||||||
|
+ stdout=logfile, stderr=logfile,
|
||||||
|
+ env=testenv, preexec_fn=os.setsid)
|
||||||
|
+ basictout.wait()
|
||||||
|
+ if basictout.returncode != 0:
|
||||||
|
+ sys.stderr.write('BASIC Timeout Behavior: FAILED\n')
|
||||||
|
+ return 1
|
||||||
|
+ else:
|
||||||
|
+ sys.stderr.write('BASIC Timeout Behavior: SUCCESS\n')
|
||||||
|
+
|
||||||
|
+ return 0
|
||||||
|
+
|
||||||
|
+
|
||||||
|
def test_bad_acceptor_name(testdir, testenv, logfile):
|
||||||
|
bandir = os.path.join(testdir, 'httpd', 'html', 'bad_acceptor_name')
|
||||||
|
os.mkdir(bandir)
|
||||||
|
@@ -661,6 +691,33 @@ def test_hostname_acceptor(testdir, testenv, logfile):
|
||||||
|
return 0
|
||||||
|
|
||||||
|
|
||||||
|
+def faketime_setup(testenv):
|
||||||
|
+ libfaketime = '/usr/lib64/faketime/libfaketime.so.1'
|
||||||
|
+ # optional faketime
|
||||||
|
+ if not os.path.isfile(libfaketime):
|
||||||
|
+ raise NotImplementedError
|
||||||
|
+
|
||||||
|
+ # spedup x100
|
||||||
|
+ fakeenv = {'FAKETIME': '+0 x100'}
|
||||||
|
+ fakeenv.update(testenv)
|
||||||
|
+ fakeenv['LD_PRELOAD'] = ' '.join((testenv['LD_PRELOAD'], libfaketime))
|
||||||
|
+ return fakeenv
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+def http_restart(testdir, so_dir, testenv):
|
||||||
|
+
|
||||||
|
+ httpenv = {'PATH': '/sbin:/bin:/usr/sbin:/usr/bin',
|
||||||
|
+ 'MALLOC_CHECK_': '3',
|
||||||
|
+ 'MALLOC_PERTURB_': str(random.randint(0, 32767) % 255 + 1)}
|
||||||
|
+ httpenv.update(testenv)
|
||||||
|
+
|
||||||
|
+ httpd = "httpd" if os.path.exists("/etc/httpd/modules") else "apache2"
|
||||||
|
+ config = os.path.join(testdir, 'httpd', 'httpd.conf')
|
||||||
|
+ httpproc = subprocess.Popen([httpd, '-DFOREGROUND', '-f', config],
|
||||||
|
+ env=httpenv, preexec_fn=os.setsid)
|
||||||
|
+ return httpproc
|
||||||
|
+
|
||||||
|
+
|
||||||
|
if __name__ == '__main__':
|
||||||
|
args = parse_args()
|
||||||
|
|
||||||
|
@@ -722,6 +779,25 @@ if __name__ == '__main__':
|
||||||
|
errs += test_basic_auth_krb5(testdir, testenv, logfile)
|
||||||
|
|
||||||
|
errs += test_no_negotiate(testdir, testenv, logfile)
|
||||||
|
+
|
||||||
|
+ # After this point we need to speed up httpd to test creds timeout
|
||||||
|
+ try:
|
||||||
|
+ fakeenv = faketime_setup(kdcenv)
|
||||||
|
+ timeenv = {'TIMEOUT_USER': USR_NAME_4,
|
||||||
|
+ 'MAG_USER_PASSWORD': USR_PWD}
|
||||||
|
+ timeenv.update(fakeenv)
|
||||||
|
+ curporc = httpproc
|
||||||
|
+ pid = processes['HTTPD(%d)' % httpproc.pid].pid
|
||||||
|
+ os.killpg(pid, signal.SIGTERM)
|
||||||
|
+ time.sleep(1)
|
||||||
|
+ del processes['HTTPD(%d)' % httpproc.pid]
|
||||||
|
+ httpproc = http_restart(testdir, so_dir, timeenv)
|
||||||
|
+ processes['HTTPD(%d)' % httpproc.pid] = httpproc
|
||||||
|
+
|
||||||
|
+ errs += test_basic_auth_timeout(testdir, timeenv, logfile)
|
||||||
|
+ except NotImplementedError:
|
||||||
|
+ sys.stderr.write('BASIC Timeout Behavior: SKIPPED\n')
|
||||||
|
+
|
||||||
|
except Exception:
|
||||||
|
traceback.print_exc()
|
||||||
|
finally:
|
||||||
|
diff --git a/tests/t_basic_timeout.py b/tests/t_basic_timeout.py
|
||||||
|
new file mode 100755
|
||||||
|
index 0000000..983dfd2
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/t_basic_timeout.py
|
||||||
|
@@ -0,0 +1,34 @@
|
||||||
|
+#!/usr/bin/env python
|
||||||
|
+# Copyright (C) 2020 - mod_auth_gssapi contributors, see COPYING for license.
|
||||||
|
+
|
||||||
|
+import os
|
||||||
|
+import time
|
||||||
|
+
|
||||||
|
+import requests
|
||||||
|
+from requests.auth import HTTPBasicAuth
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+if __name__ == '__main__':
|
||||||
|
+ s = requests.Session()
|
||||||
|
+ url = 'http://{}/basic_auth_timeout/auth/'.format(
|
||||||
|
+ os.environ['NSS_WRAPPER_HOSTNAME']
|
||||||
|
+ )
|
||||||
|
+ url2 = 'http://{}/basic_auth_timeout/session/'.format(
|
||||||
|
+ os.environ['NSS_WRAPPER_HOSTNAME']
|
||||||
|
+ )
|
||||||
|
+
|
||||||
|
+ r = s.get(url, auth=HTTPBasicAuth(os.environ['TIMEOUT_USER'],
|
||||||
|
+ os.environ['MAG_USER_PASSWORD']))
|
||||||
|
+ if r.status_code != 200:
|
||||||
|
+ raise ValueError('Basic Auth Failed')
|
||||||
|
+
|
||||||
|
+ time.sleep(301)
|
||||||
|
+ r = s.get(url2)
|
||||||
|
+ if r.status_code != 200:
|
||||||
|
+ raise ValueError('Session Auth Failed')
|
||||||
|
+
|
||||||
|
+ time.sleep(401)
|
||||||
|
+
|
||||||
|
+ r = s.get(url2)
|
||||||
|
+ if r.status_code == 200:
|
||||||
|
+ raise ValueError('Timeout check Failed')
|
28
SOURCES/Fix-PATH-handling-bug-in-test-suite.patch
Normal file
28
SOURCES/Fix-PATH-handling-bug-in-test-suite.patch
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
From c26b1aafbb9679b19b630a46eeb35a9dee61a95f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
|
Date: Tue, 13 Oct 2020 11:04:00 -0400
|
||||||
|
Subject: [PATCH] Fix PATH handling bug in test suite
|
||||||
|
|
||||||
|
virtualenv relies on its executable being ahead of the system ones. For
|
||||||
|
setting up the KDC, we don't have a preferencee - we just need the sbins
|
||||||
|
to be available.
|
||||||
|
|
||||||
|
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
||||||
|
(cherry picked from commit ae07252e356d8142ddd3987c9c3686ba7ee593de)
|
||||||
|
---
|
||||||
|
tests/magtests.py | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/tests/magtests.py b/tests/magtests.py
|
||||||
|
index e04fa65..082c6e4 100755
|
||||||
|
--- a/tests/magtests.py
|
||||||
|
+++ b/tests/magtests.py
|
||||||
|
@@ -312,7 +312,7 @@ def setup_kdc(testdir, wrapenv):
|
||||||
|
|
||||||
|
kdcenv = wrapenv.copy()
|
||||||
|
kdcenv.update({
|
||||||
|
- 'PATH': f'/sbin:/bin:/usr/sbin:/usr/bin:{wrapenv["PATH"]}',
|
||||||
|
+ 'PATH': f'{wrapenv["PATH"]}:/sbin:/bin:/usr/sbin:/usr/bin',
|
||||||
|
'KRB5_CONFIG': krb5conf,
|
||||||
|
'KRB5_KDC_PROFILE': kdcconf,
|
||||||
|
'KRB5_TRACE': os.path.join(testdir, 'krbtrace.log'),
|
31
SOURCES/Fix-distcheck.patch
Normal file
31
SOURCES/Fix-distcheck.patch
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
From 706494bde5c5124621006b857fc55529f9e8e0db Mon Sep 17 00:00:00 2001
|
||||||
|
From: Simo Sorce <simo@redhat.com>
|
||||||
|
Date: Thu, 14 May 2020 18:04:47 -0400
|
||||||
|
Subject: [PATCH] Fix distcheck
|
||||||
|
|
||||||
|
Signed-off-by: Simo Sorce <simo@redhat.com>
|
||||||
|
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
|
||||||
|
(cherry picked from commit eb6de7e946d7ecc9292bb454d43ac05f0801adf7)
|
||||||
|
---
|
||||||
|
tests/Makefile.am | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
||||||
|
index 70754fb..16d87e9 100644
|
||||||
|
--- a/tests/Makefile.am
|
||||||
|
+++ b/tests/Makefile.am
|
||||||
|
@@ -4,12 +4,14 @@ EXTRA_DIST = \
|
||||||
|
401.html \
|
||||||
|
httpd.conf \
|
||||||
|
index.html \
|
||||||
|
+ localname.html \
|
||||||
|
magtests.py \
|
||||||
|
t_bad_acceptor_name.py \
|
||||||
|
t_basic_k5_fail_second.py \
|
||||||
|
t_basic_k5.py \
|
||||||
|
t_basic_k5_two_users.py \
|
||||||
|
t_basic_proxy.py \
|
||||||
|
+ t_localname.py \
|
||||||
|
t_hostname_acceptor.py \
|
||||||
|
t_nonego.py \
|
||||||
|
t_required_name_attr.py \
|
@ -0,0 +1,42 @@
|
|||||||
|
From 2b96860d8cfcf48a54e59e2ca30fc8fdeb2b9d55 Mon Sep 17 00:00:00 2001
|
||||||
|
From: rpm-build <rpm-build>
|
||||||
|
Date: Fri, 6 May 2022 22:54:45 +0200
|
||||||
|
Subject: [PATCH 2/2]
|
||||||
|
Fix-gss-localname-test-to-work-with-older-gssapi-ver.patch
|
||||||
|
|
||||||
|
---
|
||||||
|
tests/t_localname.py | 13 +++++++++++--
|
||||||
|
1 file changed, 11 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/tests/t_localname.py b/tests/t_localname.py
|
||||||
|
index e990762c42aa9b370ac71292b5019fc63622c240..df94922b52673b5b7fd780ff3f319d22feb348ac 100755
|
||||||
|
--- a/tests/t_localname.py
|
||||||
|
+++ b/tests/t_localname.py
|
||||||
|
@@ -45,13 +45,22 @@ if __name__ == '__main__':
|
||||||
|
|
||||||
|
mech = None
|
||||||
|
if mech_name is not None:
|
||||||
|
- mech = gssapi.mechs.Mechanism.from_sasl_name(mech_name)
|
||||||
|
+ try:
|
||||||
|
+ mech = gssapi.mechs.Mechanism.from_sasl_name(mech_name)
|
||||||
|
+ except AttributeError:
|
||||||
|
+ # older version of gssapi that does not support mechs
|
||||||
|
+ if mech_name == 'SPNEGO':
|
||||||
|
+ mech = '<Mechanism spnego (1.3.6.1.5.5.2)>'
|
||||||
|
+ elif mech_name == 'GS2-KRB5':
|
||||||
|
+ mech = '<Mechanism krb5 (1.2.840.113554.1.2.2)>'
|
||||||
|
+ else:
|
||||||
|
+ sys.exit(42) # SKIP
|
||||||
|
|
||||||
|
try:
|
||||||
|
auth = HTTPSPNEGOAuth(mech=mech)
|
||||||
|
use_requests(auth)
|
||||||
|
except TypeError:
|
||||||
|
- # odler version of requests that does not support mechs
|
||||||
|
+ # older version of requests that does not support mechs
|
||||||
|
if mech_name == 'SPNEGO':
|
||||||
|
use_curl()
|
||||||
|
elif mech_name == 'GS2-KRB5':
|
||||||
|
--
|
||||||
|
2.35.3
|
||||||
|
|
39
SOURCES/Fix-gss_localname-with-SPNEGO-wrapping.patch
Normal file
39
SOURCES/Fix-gss_localname-with-SPNEGO-wrapping.patch
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
From 676ec5fe0b6c7c5126dbf84ef59ec4a5d5f87ede Mon Sep 17 00:00:00 2001
|
||||||
|
From: rpm-build <rpm-build>
|
||||||
|
Date: Tue, 26 Apr 2022 10:23:53 +0200
|
||||||
|
Subject: [PATCH] Fix gss_localname with SPNEGO wrapping
|
||||||
|
|
||||||
|
Fix implemented upstream by Simo
|
||||||
|
---
|
||||||
|
src/mod_auth_gssapi.c | 14 ++++++++++++++
|
||||||
|
1 file changed, 14 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c
|
||||||
|
index b0999737daedf88fa84a9d8b1543bbedc79194ab..c91aa60707ba9b237a84f95670d483f1a7eab86b 100644
|
||||||
|
--- a/src/mod_auth_gssapi.c
|
||||||
|
+++ b/src/mod_auth_gssapi.c
|
||||||
|
@@ -1264,7 +1264,21 @@ static int mag_complete(struct mag_req_cfg *req_cfg, struct mag_conn *mc,
|
||||||
|
#endif
|
||||||
|
|
||||||
|
if (cfg->map_to_local) {
|
||||||
|
+ /* We have to play heuristics here as gss_localname does not work
|
||||||
|
+ * as expected with SPNEGO-wrapped names.
|
||||||
|
+ * http://krbdev.mit.edu/rt/Ticket/Display.html?id=8782
|
||||||
|
+ */
|
||||||
|
maj = gss_localname(&min, client, mech_type, &lname);
|
||||||
|
+ if (maj != GSS_S_COMPLETE) {
|
||||||
|
+ uint32_t sub_maj, sub_min;
|
||||||
|
+ /* try fallback with no oid */
|
||||||
|
+ sub_maj = gss_localname(&sub_min, client, GSS_C_NO_OID, &lname);
|
||||||
|
+ if (sub_maj != GSS_S_UNAVAILABLE) {
|
||||||
|
+ /* use second call errors only if they are meaningful */
|
||||||
|
+ maj = sub_maj;
|
||||||
|
+ min = sub_min;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
if (maj != GSS_S_COMPLETE) {
|
||||||
|
mag_post_error(req, cfg, MAG_GSS_ERR, maj, min,
|
||||||
|
"gss_localname() failed");
|
||||||
|
--
|
||||||
|
2.35.1
|
||||||
|
|
38
SOURCES/Fix-integer-sizes-used-with-ap_set_flag_slot.patch
Normal file
38
SOURCES/Fix-integer-sizes-used-with-ap_set_flag_slot.patch
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
From d681fe586a4f4258c5d61237511dd19c1fa84904 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
|
Date: Tue, 19 Feb 2019 13:55:12 -0500
|
||||||
|
Subject: [PATCH] Fix integer sizes used with ap_set_flag_slot()
|
||||||
|
|
||||||
|
ap_set_flag_slot() requires a field of type `int`. Previously we
|
||||||
|
passed type `bool` in two places, causing test failures on s390x
|
||||||
|
because logging was not correctly configured.
|
||||||
|
|
||||||
|
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
||||||
|
(cherry picked from commit f89b876be5619d750e6ab4ea6e730a9a26b1cac4)
|
||||||
|
(cherry picked from commit 73c690ca9bd1d470c603f5e1ee48d2384941ae55)
|
||||||
|
---
|
||||||
|
src/mod_auth_gssapi.h | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/mod_auth_gssapi.h b/src/mod_auth_gssapi.h
|
||||||
|
index 71404ff..8c0b972 100644
|
||||||
|
--- a/src/mod_auth_gssapi.h
|
||||||
|
+++ b/src/mod_auth_gssapi.h
|
||||||
|
@@ -79,7 +79,7 @@ struct mag_config {
|
||||||
|
gid_t deleg_ccache_gid;
|
||||||
|
gss_key_value_set_desc *cred_store;
|
||||||
|
bool deleg_ccache_unique;
|
||||||
|
- bool s4u2self;
|
||||||
|
+ int s4u2self;
|
||||||
|
char *ccname_envvar;
|
||||||
|
#endif
|
||||||
|
struct seal_key *mag_skey;
|
||||||
|
@@ -90,7 +90,7 @@ struct mag_config {
|
||||||
|
bool negotiate_once;
|
||||||
|
struct mag_name_attributes *name_attributes;
|
||||||
|
const char *required_na_expr;
|
||||||
|
- bool enverrs;
|
||||||
|
+ int enverrs;
|
||||||
|
gss_name_t acceptor_name;
|
||||||
|
bool acceptor_name_from_req;
|
||||||
|
};
|
121
SOURCES/Fix-mag_auth_basic-function-call.patch
Normal file
121
SOURCES/Fix-mag_auth_basic-function-call.patch
Normal file
@ -0,0 +1,121 @@
|
|||||||
|
From 1941fd1545b4786fee9464881239d74a91c55723 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Simo Sorce <simo@redhat.com>
|
||||||
|
Date: Thu, 7 Feb 2019 14:48:56 -0500
|
||||||
|
Subject: [PATCH] Fix mag_auth_basic function call.
|
||||||
|
|
||||||
|
In order to respect the API we'd have to return nech_type as a copy of
|
||||||
|
the mech found to correctly complete authentication.
|
||||||
|
It would need to be a copy because the actual_mechs variable is an array
|
||||||
|
of statically copied OIDs not an array of pointers.
|
||||||
|
|
||||||
|
Instead change mag_auth_basic to directly call mag_complete() and
|
||||||
|
mag_cache_basic on success. This is easier than attempting to handle
|
||||||
|
copying out OIDs and then freeing them in the caller as GSSAPI does not
|
||||||
|
offer standard APIs for copying OIDs.
|
||||||
|
|
||||||
|
As a side-effect we reduce the number of arguments to mag_auth_gssapi,
|
||||||
|
which is good, to the slight detriment of legibility in the main
|
||||||
|
function as now you need to know mag_auth_basic() is already calling
|
||||||
|
mag_complete(). The trade off is worth it though.
|
||||||
|
|
||||||
|
Signed-off-by: Simo Sorce <simo@redhat.com>
|
||||||
|
(cherry picked from commit 318db0b0e3777d4cfdc09eeef98e28c478607271)
|
||||||
|
---
|
||||||
|
src/mod_auth_gssapi.c | 47 ++++++++++++++++++++-----------------------
|
||||||
|
1 file changed, 22 insertions(+), 25 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c
|
||||||
|
index 4048ee7..9e42ef4 100644
|
||||||
|
--- a/src/mod_auth_gssapi.c
|
||||||
|
+++ b/src/mod_auth_gssapi.c
|
||||||
|
@@ -493,15 +493,15 @@ done:
|
||||||
|
return maj;
|
||||||
|
}
|
||||||
|
|
||||||
|
-static bool mag_auth_basic(request_rec *req,
|
||||||
|
- struct mag_config *cfg,
|
||||||
|
- gss_buffer_desc ba_user,
|
||||||
|
- gss_buffer_desc ba_pwd,
|
||||||
|
- gss_name_t *client,
|
||||||
|
- gss_OID *mech_type,
|
||||||
|
- gss_cred_id_t *delegated_cred,
|
||||||
|
- uint32_t *vtime)
|
||||||
|
+static int mag_complete(struct mag_req_cfg *req_cfg, struct mag_conn *mc,
|
||||||
|
+ gss_name_t client, gss_OID mech_type,
|
||||||
|
+ uint32_t vtime, gss_cred_id_t delegated_cred);
|
||||||
|
+
|
||||||
|
+static int mag_auth_basic(struct mag_req_cfg *req_cfg, struct mag_conn *mc,
|
||||||
|
+ gss_buffer_desc ba_user, gss_buffer_desc ba_pwd)
|
||||||
|
{
|
||||||
|
+ struct mag_config *cfg = req_cfg->cfg;
|
||||||
|
+ request_rec *req = req_cfg->req;
|
||||||
|
const char *user_ccache = NULL;
|
||||||
|
const char *orig_ccache = NULL;
|
||||||
|
long long unsigned int rndname;
|
||||||
|
@@ -512,9 +512,12 @@ static bool mag_auth_basic(request_rec *req,
|
||||||
|
gss_OID_set allowed_mechs;
|
||||||
|
gss_OID_set filtered_mechs;
|
||||||
|
gss_OID_set actual_mechs = GSS_C_NO_OID_SET;
|
||||||
|
+ gss_cred_id_t delegated_cred = GSS_C_NO_CREDENTIAL;
|
||||||
|
+ gss_name_t client = GSS_C_NO_NAME;
|
||||||
|
+ uint32_t vtime;
|
||||||
|
uint32_t maj, min;
|
||||||
|
int present = 0;
|
||||||
|
- bool ret = false;
|
||||||
|
+ int ret = HTTP_UNAUTHORIZED;
|
||||||
|
|
||||||
|
maj = gss_import_name(&min, &ba_user, GSS_C_NT_USER_NAME, &user);
|
||||||
|
if (GSS_ERROR(maj)) {
|
||||||
|
@@ -616,15 +619,21 @@ static bool mag_auth_basic(request_rec *req,
|
||||||
|
|
||||||
|
for (int i = 0; i < actual_mechs->count; i++) {
|
||||||
|
maj = mag_context_loop(&min, req, cfg, user_cred, server_cred,
|
||||||
|
- &actual_mechs->elements[i], 300, client, vtime,
|
||||||
|
- delegated_cred);
|
||||||
|
+ &actual_mechs->elements[i], 300, &client,
|
||||||
|
+ &vtime, &delegated_cred);
|
||||||
|
if (maj == GSS_S_COMPLETE) {
|
||||||
|
- ret = true;
|
||||||
|
+ ret = mag_complete(req_cfg, mc, client, &actual_mechs->elements[i],
|
||||||
|
+ vtime, delegated_cred);
|
||||||
|
+ if (ret == OK) {
|
||||||
|
+ mag_basic_cache(req_cfg, mc, ba_user, ba_pwd);
|
||||||
|
+ }
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
done:
|
||||||
|
+ gss_release_cred(&min, &delegated_cred);
|
||||||
|
+ gss_release_name(&min, &client);
|
||||||
|
gss_release_cred(&min, &server_cred);
|
||||||
|
gss_release_name(&min, &user);
|
||||||
|
gss_release_cred(&min, &user_cred);
|
||||||
|
@@ -683,10 +692,6 @@ struct mag_req_cfg *mag_init_cfg(request_rec *req)
|
||||||
|
return req_cfg;
|
||||||
|
}
|
||||||
|
|
||||||
|
-static int mag_complete(struct mag_req_cfg *req_cfg, struct mag_conn *mc,
|
||||||
|
- gss_name_t client, gss_OID mech_type,
|
||||||
|
- uint32_t vtime, gss_cred_id_t delegated_cred);
|
||||||
|
-
|
||||||
|
#ifdef HAVE_CRED_STORE
|
||||||
|
static bool use_s4u2proxy(struct mag_req_cfg *req_cfg) {
|
||||||
|
if (req_cfg->cfg->use_s4u2proxy) {
|
||||||
|
@@ -1105,15 +1110,7 @@ static int mag_auth(request_rec *req)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
if (auth_type == AUTH_TYPE_BASIC) {
|
||||||
|
- if (mag_auth_basic(req, cfg, ba_user, ba_pwd,
|
||||||
|
- &client, &mech_type,
|
||||||
|
- &delegated_cred, &vtime)) {
|
||||||
|
-
|
||||||
|
- ret = mag_complete(req_cfg, mc, client, mech_type, vtime,
|
||||||
|
- delegated_cred);
|
||||||
|
- if (ret == OK)
|
||||||
|
- mag_basic_cache(req_cfg, mc, ba_user, ba_pwd);
|
||||||
|
- }
|
||||||
|
+ ret = mag_auth_basic(req_cfg, mc, ba_user, ba_pwd);
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
47
SOURCES/Fix-tests-to-work-with-python3.patch
Normal file
47
SOURCES/Fix-tests-to-work-with-python3.patch
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
From 613933383aa352bb8f350f43ecb393a0604016cc Mon Sep 17 00:00:00 2001
|
||||||
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
|
Date: Fri, 21 Dec 2018 11:50:16 -0500
|
||||||
|
Subject: [PATCH] Fix tests to work with python3
|
||||||
|
|
||||||
|
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
||||||
|
(cherry picked from commit 751eb09e7abf38f49fc525e1616d48a6f951673f)
|
||||||
|
(cherry picked from commit d2748e79d31f153505f944b09a4790c6231dcd79)
|
||||||
|
---
|
||||||
|
tests/magtests.py | 3 ++-
|
||||||
|
tests/t_spnego_proxy.py | 2 +-
|
||||||
|
2 files changed, 3 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/tests/magtests.py b/tests/magtests.py
|
||||||
|
index 6414503..f14f47a 100755
|
||||||
|
--- a/tests/magtests.py
|
||||||
|
+++ b/tests/magtests.py
|
||||||
|
@@ -431,7 +431,7 @@ def kinit_user(testdir, kdcenv):
|
||||||
|
stdin=subprocess.PIPE,
|
||||||
|
stdout=logfile, stderr=logfile,
|
||||||
|
env=testenv, preexec_fn=os.setsid)
|
||||||
|
- kinit.communicate('%s\n' % USR_PWD)
|
||||||
|
+ kinit.communicate(('%s\n' % USR_PWD).encode("utf8"))
|
||||||
|
kinit.wait()
|
||||||
|
if kinit.returncode != 0:
|
||||||
|
raise ValueError('kinit failed')
|
||||||
|
@@ -495,6 +495,7 @@ def test_spnego_auth(testdir, testenv, logfile):
|
||||||
|
else:
|
||||||
|
sys.stderr.write('SPNEGO No Auth: SUCCESS\n')
|
||||||
|
|
||||||
|
+
|
||||||
|
return error_count
|
||||||
|
|
||||||
|
|
||||||
|
diff --git a/tests/t_spnego_proxy.py b/tests/t_spnego_proxy.py
|
||||||
|
index 6219721..c47558b 100755
|
||||||
|
--- a/tests/t_spnego_proxy.py
|
||||||
|
+++ b/tests/t_spnego_proxy.py
|
||||||
|
@@ -17,7 +17,7 @@ def getAuthToken(target):
|
||||||
|
ctx = gssapi.SecurityContext(name=name, mech=spnego_mech)
|
||||||
|
token = ctx.step()
|
||||||
|
|
||||||
|
- return 'Negotiate %s' % b64encode(token)
|
||||||
|
+ return 'Negotiate %s' % b64encode(token).decode()
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
43
SOURCES/In-tests-show-the-exception-on-failure.patch
Normal file
43
SOURCES/In-tests-show-the-exception-on-failure.patch
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
From 3fc1f9f5d7f5a33900572b419ecdfd2d3672ceca Mon Sep 17 00:00:00 2001
|
||||||
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
|
Date: Fri, 21 Dec 2018 10:50:49 -0500
|
||||||
|
Subject: [PATCH] In tests, show the exception on failure
|
||||||
|
|
||||||
|
Otherwise, the user might get nothing at all out, depending on what failed.
|
||||||
|
|
||||||
|
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
||||||
|
(cherry picked from commit 881f98ee08f6d8d7a2352ab2f3e8e38845cf8039)
|
||||||
|
(cherry picked from commit 1de81677f1878ea1667b56169fe714d685771b4e)
|
||||||
|
---
|
||||||
|
tests/magtests.py | 4 +++-
|
||||||
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/tests/magtests.py b/tests/magtests.py
|
||||||
|
index 576e88f..6414503 100755
|
||||||
|
--- a/tests/magtests.py
|
||||||
|
+++ b/tests/magtests.py
|
||||||
|
@@ -8,6 +8,7 @@ import shutil
|
||||||
|
import signal
|
||||||
|
import subprocess
|
||||||
|
import sys
|
||||||
|
+import traceback
|
||||||
|
|
||||||
|
# check that we can import requests (for use in test scripts)
|
||||||
|
import requests
|
||||||
|
@@ -207,7 +208,6 @@ def setup_test_certs(testdir, testenv, logfile):
|
||||||
|
with open(opensslcnf, 'w+') as f:
|
||||||
|
f.write(text)
|
||||||
|
|
||||||
|
- print(pkinit_key)
|
||||||
|
cmd = subprocess.Popen(["openssl", "genrsa", "-out", pkinit_key,
|
||||||
|
"2048"], stdout=logfile,
|
||||||
|
stderr=logfile, env=testenv,
|
||||||
|
@@ -718,6 +718,8 @@ if __name__ == '__main__':
|
||||||
|
errs += test_basic_auth_krb5(testdir, testenv, logfile)
|
||||||
|
|
||||||
|
errs += test_no_negotiate(testdir, testenv, logfile)
|
||||||
|
+ except Exception:
|
||||||
|
+ traceback.print_exc()
|
||||||
|
finally:
|
||||||
|
for name in processes:
|
||||||
|
logfile.write("Killing %s\n" % name)
|
198
SOURCES/Move-to-python3-by-default.patch
Normal file
198
SOURCES/Move-to-python3-by-default.patch
Normal file
@ -0,0 +1,198 @@
|
|||||||
|
From eeca34dc64804a4b771800f54f0e0647ce88bdd4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
|
Date: Tue, 13 Oct 2020 10:33:39 -0400
|
||||||
|
Subject: [PATCH] Move to python3 by default
|
||||||
|
|
||||||
|
When moving 2 -> 3, python elected to keep "python" as the name of the
|
||||||
|
python2 interpreter. As a result, python3-only machines have no
|
||||||
|
/usr/bin/python. Since python2 is EOL, it should be safe to make our
|
||||||
|
scripting default to python3.
|
||||||
|
|
||||||
|
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
||||||
|
(cherry picked from commit 840863f89ed4809602f1ca7b8ad650c0b979d20e)
|
||||||
|
[rharwood@redhat.com: tests that don't exist yet, README prg/prk,
|
||||||
|
contrib isn't packaged in dist tarballs]
|
||||||
|
---
|
||||||
|
README | 4 ++--
|
||||||
|
tests/magtests.py | 2 +-
|
||||||
|
tests/t_bad_acceptor_name.py | 2 +-
|
||||||
|
tests/t_basic_k5.py | 2 +-
|
||||||
|
tests/t_basic_k5_fail_second.py | 2 +-
|
||||||
|
tests/t_basic_k5_two_users.py | 2 +-
|
||||||
|
tests/t_basic_proxy.py | 2 +-
|
||||||
|
tests/t_basic_timeout.py | 2 +-
|
||||||
|
tests/t_hostname_acceptor.py | 2 +-
|
||||||
|
tests/t_nonego.py | 2 +-
|
||||||
|
tests/t_required_name_attr.py | 2 +-
|
||||||
|
tests/t_spnego.py | 2 +-
|
||||||
|
tests/t_spnego_negotiate_once.py | 2 +-
|
||||||
|
tests/t_spnego_no_auth.py | 2 +-
|
||||||
|
tests/t_spnego_proxy.py | 2 +-
|
||||||
|
tests/t_spnego_rewrite.py | 2 +-
|
||||||
|
16 files changed, 17 insertions(+), 17 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/README b/README
|
||||||
|
index 5eac94f..654a891 100644
|
||||||
|
--- a/README
|
||||||
|
+++ b/README
|
||||||
|
@@ -26,8 +26,8 @@ To run tests, you also need:
|
||||||
|
|
||||||
|
* The Kerberos 5 Key-Distribution-Center (`krb5-kdc` package on Debian,
|
||||||
|
`krb5-server` on Fedora)
|
||||||
|
-* Packages `mod_session`, `krb5-workstation`, `python-requests-kerberos`,
|
||||||
|
- and `python-gssapi` on Fedora
|
||||||
|
+* Packages `mod_session`, `krb5-workstation`, `python3-requests-gssapi`,
|
||||||
|
+ and `python3-gssapi` on Fedora
|
||||||
|
* Some tests require `krb5-pkinit` package on fedora and krb5 >= 1.15.
|
||||||
|
* [nss_wrapper](https://cwrap.org/nss_wrapper.html), packaged in Fedora
|
||||||
|
* [socket_wrapper](https://cwrap.org/socket_wrapper.html), packaged in Fedora
|
||||||
|
diff --git a/tests/magtests.py b/tests/magtests.py
|
||||||
|
index 082c6e4..d0f0a67 100755
|
||||||
|
--- a/tests/magtests.py
|
||||||
|
+++ b/tests/magtests.py
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-#!/usr/bin/env python
|
||||||
|
+#!/usr/bin/env python3
|
||||||
|
# Copyright (C) 2015 - mod_auth_gssapi contributors, see COPYING for license.
|
||||||
|
|
||||||
|
import argparse
|
||||||
|
diff --git a/tests/t_bad_acceptor_name.py b/tests/t_bad_acceptor_name.py
|
||||||
|
index 41ee48b..6cee588 100755
|
||||||
|
--- a/tests/t_bad_acceptor_name.py
|
||||||
|
+++ b/tests/t_bad_acceptor_name.py
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-#!/usr/bin/env python
|
||||||
|
+#!/usr/bin/env python3
|
||||||
|
# Copyright (C) 2015 - mod_auth_gssapi contributors, see COPYING for license.
|
||||||
|
|
||||||
|
import os
|
||||||
|
diff --git a/tests/t_basic_k5.py b/tests/t_basic_k5.py
|
||||||
|
index e499eac..4b24801 100755
|
||||||
|
--- a/tests/t_basic_k5.py
|
||||||
|
+++ b/tests/t_basic_k5.py
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-#!/usr/bin/env python
|
||||||
|
+#!/usr/bin/env python3
|
||||||
|
# Copyright (C) 2015 - mod_auth_gssapi contributors, see COPYING for license.
|
||||||
|
|
||||||
|
import os
|
||||||
|
diff --git a/tests/t_basic_k5_fail_second.py b/tests/t_basic_k5_fail_second.py
|
||||||
|
index 273e9a5..7e53218 100755
|
||||||
|
--- a/tests/t_basic_k5_fail_second.py
|
||||||
|
+++ b/tests/t_basic_k5_fail_second.py
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-#!/usr/bin/env python
|
||||||
|
+#!/usr/bin/env python3
|
||||||
|
# Copyright (C) 2015 - mod_auth_gssapi contributors, see COPYING for license.
|
||||||
|
|
||||||
|
import os
|
||||||
|
diff --git a/tests/t_basic_k5_two_users.py b/tests/t_basic_k5_two_users.py
|
||||||
|
index 41ffe98..3d27e9e 100755
|
||||||
|
--- a/tests/t_basic_k5_two_users.py
|
||||||
|
+++ b/tests/t_basic_k5_two_users.py
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-#!/usr/bin/env python
|
||||||
|
+#!/usr/bin/env python3
|
||||||
|
# Copyright (C) 2015 - mod_auth_gssapi contributors, see COPYING for license.
|
||||||
|
|
||||||
|
import os
|
||||||
|
diff --git a/tests/t_basic_proxy.py b/tests/t_basic_proxy.py
|
||||||
|
index 5370314..347b802 100755
|
||||||
|
--- a/tests/t_basic_proxy.py
|
||||||
|
+++ b/tests/t_basic_proxy.py
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-#!/usr/bin/env python
|
||||||
|
+#!/usr/bin/env python3
|
||||||
|
# Copyright (C) 2015 - mod_auth_gssapi contributors, see COPYING for license.
|
||||||
|
|
||||||
|
import os
|
||||||
|
diff --git a/tests/t_basic_timeout.py b/tests/t_basic_timeout.py
|
||||||
|
index 983dfd2..007ff97 100755
|
||||||
|
--- a/tests/t_basic_timeout.py
|
||||||
|
+++ b/tests/t_basic_timeout.py
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-#!/usr/bin/env python
|
||||||
|
+#!/usr/bin/env python3
|
||||||
|
# Copyright (C) 2020 - mod_auth_gssapi contributors, see COPYING for license.
|
||||||
|
|
||||||
|
import os
|
||||||
|
diff --git a/tests/t_hostname_acceptor.py b/tests/t_hostname_acceptor.py
|
||||||
|
index 6d59e85..bb85700 100755
|
||||||
|
--- a/tests/t_hostname_acceptor.py
|
||||||
|
+++ b/tests/t_hostname_acceptor.py
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-#!/usr/bin/env python
|
||||||
|
+#!/usr/bin/env python3
|
||||||
|
# Copyright (C) 2017 - mod_auth_gssapi contributors, see COPYING for license.
|
||||||
|
|
||||||
|
import sys
|
||||||
|
diff --git a/tests/t_nonego.py b/tests/t_nonego.py
|
||||||
|
index 430001a..4e77f80 100755
|
||||||
|
--- a/tests/t_nonego.py
|
||||||
|
+++ b/tests/t_nonego.py
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-#!/usr/bin/env python
|
||||||
|
+#!/usr/bin/env python3
|
||||||
|
# Copyright (C) 2015 - mod_auth_gssapi contributors, see COPYING for license.
|
||||||
|
|
||||||
|
import os
|
||||||
|
diff --git a/tests/t_required_name_attr.py b/tests/t_required_name_attr.py
|
||||||
|
index bbfdc19..a67446b 100755
|
||||||
|
--- a/tests/t_required_name_attr.py
|
||||||
|
+++ b/tests/t_required_name_attr.py
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-#!/usr/bin/env python
|
||||||
|
+#!/usr/bin/env python3
|
||||||
|
# Copyright (C) 2015 - mod_auth_gssapi contributors, see COPYING for license.
|
||||||
|
|
||||||
|
import os
|
||||||
|
diff --git a/tests/t_spnego.py b/tests/t_spnego.py
|
||||||
|
index e7003a6..04190a9 100755
|
||||||
|
--- a/tests/t_spnego.py
|
||||||
|
+++ b/tests/t_spnego.py
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-#!/usr/bin/env python
|
||||||
|
+#!/usr/bin/env python3
|
||||||
|
# Copyright (C) 2015 - mod_auth_gssapi contributors, see COPYING for license.
|
||||||
|
|
||||||
|
import os
|
||||||
|
diff --git a/tests/t_spnego_negotiate_once.py b/tests/t_spnego_negotiate_once.py
|
||||||
|
index e8eb601..3d8e048 100755
|
||||||
|
--- a/tests/t_spnego_negotiate_once.py
|
||||||
|
+++ b/tests/t_spnego_negotiate_once.py
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-#!/usr/bin/env python
|
||||||
|
+#!/usr/bin/env python3
|
||||||
|
# Copyright (C) 2015 - mod_auth_gssapi contributors, see COPYING for license.
|
||||||
|
|
||||||
|
import os
|
||||||
|
diff --git a/tests/t_spnego_no_auth.py b/tests/t_spnego_no_auth.py
|
||||||
|
index abcccdf..c564388 100755
|
||||||
|
--- a/tests/t_spnego_no_auth.py
|
||||||
|
+++ b/tests/t_spnego_no_auth.py
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-#!/usr/bin/env python
|
||||||
|
+#!/usr/bin/env python3
|
||||||
|
# Copyright (C) 2015 - mod_auth_gssapi contributors, see COPYING for license.
|
||||||
|
|
||||||
|
import os
|
||||||
|
diff --git a/tests/t_spnego_proxy.py b/tests/t_spnego_proxy.py
|
||||||
|
index c47558b..b917191 100755
|
||||||
|
--- a/tests/t_spnego_proxy.py
|
||||||
|
+++ b/tests/t_spnego_proxy.py
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-#!/usr/bin/env python
|
||||||
|
+#!/usr/bin/env python3
|
||||||
|
# Copyright (C) 2015 - mod_auth_gssapi contributors, see COPYING for license.
|
||||||
|
|
||||||
|
import os
|
||||||
|
diff --git a/tests/t_spnego_rewrite.py b/tests/t_spnego_rewrite.py
|
||||||
|
index 2ed1d3e..202d76a 100755
|
||||||
|
--- a/tests/t_spnego_rewrite.py
|
||||||
|
+++ b/tests/t_spnego_rewrite.py
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-#!/usr/bin/env python
|
||||||
|
+#!/usr/bin/env python3
|
||||||
|
# Copyright (C) 2015 - mod_auth_gssapi contributors, see COPYING for license.
|
||||||
|
|
||||||
|
import os
|
@ -1,36 +0,0 @@
|
|||||||
From 74fd6dc6c3ba65e48c625d4724878721c46a5e6f Mon Sep 17 00:00:00 2001
|
|
||||||
From: Robbie Harwood <rharwood@redhat.com>
|
|
||||||
Date: Tue, 24 Aug 2021 15:04:13 -0400
|
|
||||||
Subject: [PATCH] crypto: Handle EVP changes in OpenSSL 3
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
OpenSSL 3 changes the padding behavior of EVP_DecryptFinal_ex(), which
|
|
||||||
causes our decryption to fail. It is the opnion of the OpenSSL
|
|
||||||
developers that mod_auth_gssapi's use of this function was incorrect.
|
|
||||||
|
|
||||||
Patch suggested by Tomáš Mráz.
|
|
||||||
|
|
||||||
Related: https://github.com/openssl/openssl/issues/16351
|
|
||||||
|
|
||||||
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
|
||||||
(cherry picked from commit 06d1f7d36d2455747e6e8231d28e6524ea1181f1)
|
|
||||||
(cherry picked from commit 915a3d7fca3beefadd751562abe2d481354a2a9c)
|
|
||||||
---
|
|
||||||
src/crypto.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/crypto.c b/src/crypto.c
|
|
||||||
index 3f372a0..b3f7fd9 100644
|
|
||||||
--- a/src/crypto.c
|
|
||||||
+++ b/src/crypto.c
|
|
||||||
@@ -262,7 +262,7 @@ apr_status_t UNSEAL_BUFFER(apr_pool_t *p, struct seal_key *skey,
|
|
||||||
|
|
||||||
totlen += outlen;
|
|
||||||
outlen = plain->length - totlen;
|
|
||||||
- ret = EVP_DecryptFinal_ex(ctx, plain->value, &outlen);
|
|
||||||
+ ret = EVP_DecryptFinal_ex(ctx, plain->value + totlen, &outlen);
|
|
||||||
if (ret == 0) goto done;
|
|
||||||
|
|
||||||
totlen += outlen;
|
|
@ -0,0 +1,166 @@
|
|||||||
|
From bd2f8d20c589feae7249ccca28199d826d007667 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Stanislav Levin <slev@altlinux.org>
|
||||||
|
Date: Thu, 6 Aug 2020 13:55:45 +0300
|
||||||
|
Subject: [PATCH] tests: Don't override the specific environment by the global
|
||||||
|
one
|
||||||
|
|
||||||
|
This changes the way in which a test environment is prepared.
|
||||||
|
|
||||||
|
Before:
|
||||||
|
specific -> global
|
||||||
|
|
||||||
|
After:
|
||||||
|
global -> specific
|
||||||
|
|
||||||
|
In particular, this allows setting PATH env variable differed from
|
||||||
|
the global configuration.
|
||||||
|
|
||||||
|
Fixes: https://github.com/gssapi/mod_auth_gssapi/issues/226
|
||||||
|
Signed-off-by: Stanislav Levin <slev@altlinux.org>
|
||||||
|
(cherry picked from commit 731761e63d72bf5656f40340daafce4e2d34bd92)
|
||||||
|
---
|
||||||
|
tests/magtests.py | 78 +++++++++++++++++++++++++++++------------------
|
||||||
|
1 file changed, 48 insertions(+), 30 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/tests/magtests.py b/tests/magtests.py
|
||||||
|
index 1c0b26a..e04fa65 100755
|
||||||
|
--- a/tests/magtests.py
|
||||||
|
+++ b/tests/magtests.py
|
||||||
|
@@ -310,11 +310,13 @@ def setup_kdc(testdir, wrapenv):
|
||||||
|
with open(kdcconf, 'w+') as f:
|
||||||
|
f.write(text)
|
||||||
|
|
||||||
|
- kdcenv = {'PATH': f'/sbin:/bin:/usr/sbin:/usr/bin:{wrapenv["PATH"]}',
|
||||||
|
- 'KRB5_CONFIG': krb5conf,
|
||||||
|
- 'KRB5_KDC_PROFILE': kdcconf,
|
||||||
|
- 'KRB5_TRACE': os.path.join(testdir, 'krbtrace.log')}
|
||||||
|
- kdcenv.update(wrapenv)
|
||||||
|
+ kdcenv = wrapenv.copy()
|
||||||
|
+ kdcenv.update({
|
||||||
|
+ 'PATH': f'/sbin:/bin:/usr/sbin:/usr/bin:{wrapenv["PATH"]}',
|
||||||
|
+ 'KRB5_CONFIG': krb5conf,
|
||||||
|
+ 'KRB5_KDC_PROFILE': kdcconf,
|
||||||
|
+ 'KRB5_TRACE': os.path.join(testdir, 'krbtrace.log'),
|
||||||
|
+ })
|
||||||
|
|
||||||
|
logfile = open(testlog, 'a')
|
||||||
|
ksetup = subprocess.Popen(["kdb5_util", "create", "-W", "-s",
|
||||||
|
@@ -383,8 +385,10 @@ def setup_keys(tesdir, env):
|
||||||
|
cmd = "addprinc -nokey -e %s %s" % (KEY_TYPE, USR_NAME_3)
|
||||||
|
kadmin_local(cmd, env, logfile)
|
||||||
|
|
||||||
|
- keys_env = {"KRB5_KTNAME": svc_keytab, }
|
||||||
|
- keys_env.update(env)
|
||||||
|
+ keys_env = env.copy()
|
||||||
|
+ keys_env.update({
|
||||||
|
+ "KRB5_KTNAME": svc_keytab,
|
||||||
|
+ })
|
||||||
|
return keys_env
|
||||||
|
|
||||||
|
|
||||||
|
@@ -421,10 +425,12 @@ def setup_http(testdir, so_dir, wrapenv):
|
||||||
|
|
||||||
|
shutil.copy('tests/401.html', os.path.join(httpdir, 'html'))
|
||||||
|
|
||||||
|
- httpenv = {'PATH': f'/sbin:/bin:/usr/sbin:/usr/bin:{wrapenv["PATH"]}',
|
||||||
|
- 'MALLOC_CHECK_': '3',
|
||||||
|
- 'MALLOC_PERTURB_': str(random.randint(0, 32767) % 255 + 1)}
|
||||||
|
- httpenv.update(wrapenv)
|
||||||
|
+ httpenv = wrapenv.copy()
|
||||||
|
+ httpenv.update({
|
||||||
|
+ 'PATH': f'/sbin:/bin:/usr/sbin:/usr/bin:{wrapenv["PATH"]}',
|
||||||
|
+ 'MALLOC_CHECK_': '3',
|
||||||
|
+ 'MALLOC_PERTURB_': str(random.randint(0, 32767) % 255 + 1),
|
||||||
|
+ })
|
||||||
|
|
||||||
|
httpd = "httpd" if distro == "Fedora" else "apache2"
|
||||||
|
httpproc = subprocess.Popen([httpd, '-DFOREGROUND', '-f', config],
|
||||||
|
@@ -435,8 +441,10 @@ def setup_http(testdir, so_dir, wrapenv):
|
||||||
|
def kinit_user(testdir, kdcenv):
|
||||||
|
testlog = os.path.join(testdir, 'kinit.log')
|
||||||
|
ccache = os.path.join(testdir, 'k5ccache')
|
||||||
|
- testenv = {'KRB5CCNAME': ccache}
|
||||||
|
- testenv.update(kdcenv)
|
||||||
|
+ testenv = kdcenv.copy()
|
||||||
|
+ testenv.update({
|
||||||
|
+ 'KRB5CCNAME': ccache,
|
||||||
|
+ })
|
||||||
|
|
||||||
|
with (open(testlog, 'a')) as logfile:
|
||||||
|
kinit = subprocess.Popen(["kinit", USR_NAME],
|
||||||
|
@@ -457,8 +465,10 @@ def kinit_certuser(testdir, kdcenv):
|
||||||
|
pkinit_user_cert = os.path.join(testdir, PKINIT_USER_CERT)
|
||||||
|
pkinit_key = os.path.join(testdir, PKINIT_KEY)
|
||||||
|
ident = "X509_user_identity=FILE:" + pkinit_user_cert + "," + pkinit_key
|
||||||
|
- testenv = {'KRB5CCNAME': ccache}
|
||||||
|
- testenv.update(kdcenv)
|
||||||
|
+ testenv = kdcenv.copy()
|
||||||
|
+ testenv.update({
|
||||||
|
+ 'KRB5CCNAME': ccache,
|
||||||
|
+ })
|
||||||
|
with (open(testlog, 'a')) as logfile:
|
||||||
|
logfile.write('PKINIT for maguser3\n')
|
||||||
|
kinit = subprocess.Popen(["kinit", USR_NAME_3, "-X", ident],
|
||||||
|
@@ -711,17 +721,21 @@ def faketime_setup(testenv):
|
||||||
|
raise NotImplementedError
|
||||||
|
|
||||||
|
# spedup x100
|
||||||
|
- fakeenv = {'FAKETIME': '+0 x100'}
|
||||||
|
- fakeenv.update(testenv)
|
||||||
|
- fakeenv['LD_PRELOAD'] = ' '.join((testenv['LD_PRELOAD'], libfaketime))
|
||||||
|
+ fakeenv = testenv.copy()
|
||||||
|
+ fakeenv.update({
|
||||||
|
+ 'FAKETIME': '+0 x100',
|
||||||
|
+ 'LD_PRELOAD': ' '.join((testenv['LD_PRELOAD'], libfaketime)),
|
||||||
|
+ })
|
||||||
|
return fakeenv
|
||||||
|
|
||||||
|
|
||||||
|
def http_restart(testdir, so_dir, testenv):
|
||||||
|
- httpenv = {'PATH': f'/sbin:/bin:/usr/sbin:/usr/bin:{testenv["PATH"]}',
|
||||||
|
- 'MALLOC_CHECK_': '3',
|
||||||
|
- 'MALLOC_PERTURB_': str(random.randint(0, 32767) % 255 + 1)}
|
||||||
|
- httpenv.update(testenv)
|
||||||
|
+ httpenv = testenv.copy()
|
||||||
|
+ httpenv.update({
|
||||||
|
+ 'PATH': f'/sbin:/bin:/usr/sbin:/usr/bin:{testenv["PATH"]}',
|
||||||
|
+ 'MALLOC_CHECK_': '3',
|
||||||
|
+ 'MALLOC_PERTURB_': str(random.randint(0, 32767) % 255 + 1),
|
||||||
|
+ })
|
||||||
|
|
||||||
|
httpd = "httpd" if os.path.exists("/etc/httpd/modules") else "apache2"
|
||||||
|
config = os.path.join(testdir, 'httpd', 'httpd.conf')
|
||||||
|
@@ -776,11 +790,13 @@ if __name__ == '__main__':
|
||||||
|
sys.stderr.write("krb5 PKINIT module not found, skipping name "
|
||||||
|
"attribute tests\n")
|
||||||
|
|
||||||
|
- testenv = {'MAG_USER_NAME': USR_NAME,
|
||||||
|
- 'MAG_USER_PASSWORD': USR_PWD,
|
||||||
|
- 'MAG_USER_NAME_2': USR_NAME_2,
|
||||||
|
- 'MAG_USER_PASSWORD_2': USR_PWD_2}
|
||||||
|
- testenv.update(kdcenv)
|
||||||
|
+ testenv = kdcenv.copy()
|
||||||
|
+ testenv.update({
|
||||||
|
+ 'MAG_USER_NAME': USR_NAME,
|
||||||
|
+ 'MAG_USER_PASSWORD': USR_PWD,
|
||||||
|
+ 'MAG_USER_NAME_2': USR_NAME_2,
|
||||||
|
+ 'MAG_USER_PASSWORD_2': USR_PWD_2,
|
||||||
|
+ })
|
||||||
|
|
||||||
|
errs += test_basic_auth_krb5(testdir, testenv, logfile)
|
||||||
|
|
||||||
|
@@ -789,9 +805,11 @@ if __name__ == '__main__':
|
||||||
|
# After this point we need to speed up httpd to test creds timeout
|
||||||
|
try:
|
||||||
|
fakeenv = faketime_setup(kdcenv)
|
||||||
|
- timeenv = {'TIMEOUT_USER': USR_NAME_4,
|
||||||
|
- 'MAG_USER_PASSWORD': USR_PWD}
|
||||||
|
- timeenv.update(fakeenv)
|
||||||
|
+ timeenv = fakeenv.copy()
|
||||||
|
+ timeenv.update({
|
||||||
|
+ 'TIMEOUT_USER': USR_NAME_4,
|
||||||
|
+ 'MAG_USER_PASSWORD': USR_PWD,
|
||||||
|
+ })
|
||||||
|
curporc = httpproc
|
||||||
|
pid = processes['HTTPD(%d)' % httpproc.pid].pid
|
||||||
|
os.killpg(pid, signal.SIGTERM)
|
87
SOURCES/tests-Fixup-virtualenv-handling.patch
Normal file
87
SOURCES/tests-Fixup-virtualenv-handling.patch
Normal file
@ -0,0 +1,87 @@
|
|||||||
|
From f106e3afa21cdbc098d3c82698585744e3325621 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
|
Date: Fri, 15 May 2020 15:56:50 -0400
|
||||||
|
Subject: [PATCH] [tests] Fixup virtualenv handling
|
||||||
|
|
||||||
|
Fixes an issue where virtualenv's PATH would get lost
|
||||||
|
|
||||||
|
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
||||||
|
(cherry picked from commit e60384c0d4d4b4c213ec728ec3d444f998625941)
|
||||||
|
---
|
||||||
|
tests/magtests.py | 21 ++++++++++-----------
|
||||||
|
1 file changed, 10 insertions(+), 11 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/tests/magtests.py b/tests/magtests.py
|
||||||
|
index 6c38a8f..1c0b26a 100755
|
||||||
|
--- a/tests/magtests.py
|
||||||
|
+++ b/tests/magtests.py
|
||||||
|
@@ -67,6 +67,12 @@ def setup_wrappers(base):
|
||||||
|
return wenv
|
||||||
|
|
||||||
|
|
||||||
|
+def apply_venv(env):
|
||||||
|
+ env['PATH'] = os.environ.get('PATH', '')
|
||||||
|
+ env['VIRTUAL_ENV'] = os.environ.get('VIRTUAL_ENV', '')
|
||||||
|
+ return env
|
||||||
|
+
|
||||||
|
+
|
||||||
|
TESTREALM = "MAG.DEV"
|
||||||
|
KDC_DBNAME = 'db.file'
|
||||||
|
KDC_STASH = 'stash.file'
|
||||||
|
@@ -304,7 +310,7 @@ def setup_kdc(testdir, wrapenv):
|
||||||
|
with open(kdcconf, 'w+') as f:
|
||||||
|
f.write(text)
|
||||||
|
|
||||||
|
- kdcenv = {'PATH': '/sbin:/bin:/usr/sbin:/usr/bin',
|
||||||
|
+ kdcenv = {'PATH': f'/sbin:/bin:/usr/sbin:/usr/bin:{wrapenv["PATH"]}',
|
||||||
|
'KRB5_CONFIG': krb5conf,
|
||||||
|
'KRB5_KDC_PROFILE': kdcconf,
|
||||||
|
'KRB5_TRACE': os.path.join(testdir, 'krbtrace.log')}
|
||||||
|
@@ -415,7 +421,7 @@ def setup_http(testdir, so_dir, wrapenv):
|
||||||
|
|
||||||
|
shutil.copy('tests/401.html', os.path.join(httpdir, 'html'))
|
||||||
|
|
||||||
|
- httpenv = {'PATH': '/sbin:/bin:/usr/sbin:/usr/bin',
|
||||||
|
+ httpenv = {'PATH': f'/sbin:/bin:/usr/sbin:/usr/bin:{wrapenv["PATH"]}',
|
||||||
|
'MALLOC_CHECK_': '3',
|
||||||
|
'MALLOC_PERTURB_': str(random.randint(0, 32767) % 255 + 1)}
|
||||||
|
httpenv.update(wrapenv)
|
||||||
|
@@ -712,8 +718,7 @@ def faketime_setup(testenv):
|
||||||
|
|
||||||
|
|
||||||
|
def http_restart(testdir, so_dir, testenv):
|
||||||
|
-
|
||||||
|
- httpenv = {'PATH': '/sbin:/bin:/usr/sbin:/usr/bin',
|
||||||
|
+ httpenv = {'PATH': f'/sbin:/bin:/usr/sbin:/usr/bin:{testenv["PATH"]}',
|
||||||
|
'MALLOC_CHECK_': '3',
|
||||||
|
'MALLOC_PERTURB_': str(random.randint(0, 32767) % 255 + 1)}
|
||||||
|
httpenv.update(testenv)
|
||||||
|
@@ -738,7 +743,7 @@ if __name__ == '__main__':
|
||||||
|
logfile = open(os.path.join(testdir, 'tests.log'), 'w')
|
||||||
|
errs = 0
|
||||||
|
try:
|
||||||
|
- wrapenv = setup_wrappers(testdir)
|
||||||
|
+ wrapenv = apply_venv(setup_wrappers(testdir))
|
||||||
|
|
||||||
|
kdcproc, kdcenv = setup_kdc(testdir, wrapenv)
|
||||||
|
processes['KDC(%d)' % kdcproc.pid] = kdcproc
|
||||||
|
@@ -749,10 +754,6 @@ if __name__ == '__main__':
|
||||||
|
keysenv = setup_keys(testdir, kdcenv)
|
||||||
|
testenv = kinit_user(testdir, kdcenv)
|
||||||
|
|
||||||
|
- # support virtualenv
|
||||||
|
- testenv['PATH'] = os.environ.get('PATH', '')
|
||||||
|
- testenv['VIRTUAL_ENV'] = os.environ.get('VIRTUAL_ENV', '')
|
||||||
|
-
|
||||||
|
testenv['DELEGCCACHE'] = os.path.join(testdir, 'httpd',
|
||||||
|
USR_NAME + '@' + TESTREALM)
|
||||||
|
errs += test_spnego_auth(testdir, testenv, logfile)
|
||||||
|
@@ -780,8 +781,6 @@ if __name__ == '__main__':
|
||||||
|
'MAG_USER_NAME_2': USR_NAME_2,
|
||||||
|
'MAG_USER_PASSWORD_2': USR_PWD_2}
|
||||||
|
testenv.update(kdcenv)
|
||||||
|
- testenv['PATH'] = os.environ.get('PATH', '')
|
||||||
|
- testenv['VIRTUAL_ENV'] = os.environ.get('VIRTUAL_ENV', '')
|
||||||
|
|
||||||
|
errs += test_basic_auth_krb5(testdir, testenv, logfile)
|
||||||
|
|
35
SOURCES/tests-Support-Debian-s-libfaketime.patch
Normal file
35
SOURCES/tests-Support-Debian-s-libfaketime.patch
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
From 27f7ca84a5a05f65e6d113a8a6698c7f40fd66c6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
|
Date: Fri, 15 May 2020 15:51:19 -0400
|
||||||
|
Subject: [PATCH] [tests] Support Debian's libfaketime
|
||||||
|
|
||||||
|
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
||||||
|
(cherry picked from commit 367120a1c02641680a8f51bd59cc96d56cc9804b)
|
||||||
|
---
|
||||||
|
tests/magtests.py | 13 ++++++++++---
|
||||||
|
1 file changed, 10 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/tests/magtests.py b/tests/magtests.py
|
||||||
|
index da1cca7..6c38a8f 100755
|
||||||
|
--- a/tests/magtests.py
|
||||||
|
+++ b/tests/magtests.py
|
||||||
|
@@ -692,9 +692,16 @@ def test_hostname_acceptor(testdir, testenv, logfile):
|
||||||
|
|
||||||
|
|
||||||
|
def faketime_setup(testenv):
|
||||||
|
- libfaketime = '/usr/lib64/faketime/libfaketime.so.1'
|
||||||
|
- # optional faketime
|
||||||
|
- if not os.path.isfile(libfaketime):
|
||||||
|
+ # Wanted: an architecture- and distro-agnostic way to do this.
|
||||||
|
+ # libfaketime is installed in a place where ld.so won't pick it up by
|
||||||
|
+ # default, so...
|
||||||
|
+ paths = ['/usr/lib64/faketime/libfaketime.so.1',
|
||||||
|
+ '/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1']
|
||||||
|
+ libfaketime = None
|
||||||
|
+ for p in paths:
|
||||||
|
+ if os.path.isfile(p):
|
||||||
|
+ libfaketime = p
|
||||||
|
+ if not libfaketime:
|
||||||
|
raise NotImplementedError
|
||||||
|
|
||||||
|
# spedup x100
|
@ -0,0 +1,40 @@
|
|||||||
|
From ce83aa116397fb71143e5b1363ce7563f7a4444d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
|
Date: Mon, 11 Mar 2019 14:56:31 -0400
|
||||||
|
Subject: [PATCH] [tests] Test suite fixes for virtualenv and clang
|
||||||
|
|
||||||
|
- Typo fix - VIRTUAL_ENV in magtests.py
|
||||||
|
- testenv object manipulation fix in magtests.py
|
||||||
|
- Work around -fstack-clash-protection problems in clang
|
||||||
|
|
||||||
|
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
||||||
|
(cherry picked from commit 6aa0a5bfe9d60a50cf36c561268c5d7c1fdb2f0e)
|
||||||
|
[rharwood@redhat.com: drop Travis goo]
|
||||||
|
(cherry picked from commit 11c966cc630393e322ef6b88df91d16247bbfc37)
|
||||||
|
---
|
||||||
|
tests/magtests.py | 5 ++++-
|
||||||
|
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/tests/magtests.py b/tests/magtests.py
|
||||||
|
index f14f47a..a4842a0 100755
|
||||||
|
--- a/tests/magtests.py
|
||||||
|
+++ b/tests/magtests.py
|
||||||
|
@@ -687,7 +687,7 @@ if __name__ == '__main__':
|
||||||
|
|
||||||
|
# support virtualenv
|
||||||
|
testenv['PATH'] = os.environ.get('PATH', '')
|
||||||
|
- testenv['ViRTUAL_ENV'] = os.environ.get('VIRTUAL_ENV', '')
|
||||||
|
+ testenv['VIRTUAL_ENV'] = os.environ.get('VIRTUAL_ENV', '')
|
||||||
|
|
||||||
|
testenv['DELEGCCACHE'] = os.path.join(testdir, 'httpd',
|
||||||
|
USR_NAME + '@' + TESTREALM)
|
||||||
|
@@ -716,6 +716,9 @@ if __name__ == '__main__':
|
||||||
|
'MAG_USER_NAME_2': USR_NAME_2,
|
||||||
|
'MAG_USER_PASSWORD_2': USR_PWD_2}
|
||||||
|
testenv.update(kdcenv)
|
||||||
|
+ testenv['PATH'] = os.environ.get('PATH', '')
|
||||||
|
+ testenv['VIRTUAL_ENV'] = os.environ.get('VIRTUAL_ENV', '')
|
||||||
|
+
|
||||||
|
errs += test_basic_auth_krb5(testdir, testenv, logfile)
|
||||||
|
|
||||||
|
errs += test_no_negotiate(testdir, testenv, logfile)
|
194
SOURCES/tests-add-test-for-gss_localname.patch
Normal file
194
SOURCES/tests-add-test-for-gss_localname.patch
Normal file
@ -0,0 +1,194 @@
|
|||||||
|
From 0dbf450a49784e2a750c667824e0e0249be575e4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: rpm-build <rpm-build>
|
||||||
|
Date: Wed, 27 Apr 2022 18:18:22 +0200
|
||||||
|
Subject: [PATCH] Add test for gss_localname
|
||||||
|
|
||||||
|
Backport test for gss_localname implemented upstream by Simo
|
||||||
|
---
|
||||||
|
tests/httpd.conf | 13 ++++++++++
|
||||||
|
tests/localname.html | 1 +
|
||||||
|
tests/magtests.py | 47 ++++++++++++++++++++++++++++++++-
|
||||||
|
tests/t_localname.py | 62 ++++++++++++++++++++++++++++++++++++++++++++
|
||||||
|
4 files changed, 122 insertions(+), 1 deletion(-)
|
||||||
|
create mode 100644 tests/localname.html
|
||||||
|
create mode 100755 tests/t_localname.py
|
||||||
|
|
||||||
|
diff --git a/tests/httpd.conf b/tests/httpd.conf
|
||||||
|
index f76f2b671e02515e6d4effe09ab123dace90c023..b3777574d9f0547560f24eff992fc1018569b5cc 100644
|
||||||
|
--- a/tests/httpd.conf
|
||||||
|
+++ b/tests/httpd.conf
|
||||||
|
@@ -274,6 +274,19 @@ CoreDumpDirectory "{HTTPROOT}"
|
||||||
|
Require valid-user
|
||||||
|
</Location>
|
||||||
|
|
||||||
|
+<Location /gss_localname>
|
||||||
|
+ AuthType GSSAPI
|
||||||
|
+ AuthName "Login"
|
||||||
|
+ GssapiSSLonly Off
|
||||||
|
+ GssapiCredStore ccache:{HTTPROOT}/tmp/httpd_krb5_ccache
|
||||||
|
+ GssapiCredStore client_keytab:{HTTPROOT}/http.keytab
|
||||||
|
+ GssapiCredStore keytab:{HTTPROOT}/http.keytab
|
||||||
|
+ GssapiBasicAuth Off
|
||||||
|
+ GssapiAllowedMech krb5
|
||||||
|
+ GssapiLocalName On
|
||||||
|
+ Require valid-user
|
||||||
|
+</Location>
|
||||||
|
+
|
||||||
|
<VirtualHost *:{PROXYPORT}>
|
||||||
|
ProxyRequests On
|
||||||
|
ProxyVia On
|
||||||
|
diff --git a/tests/localname.html b/tests/localname.html
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000000000000000000000000000000000..abf7c507de1eb32b31b882502eed5f2bbcc5fbf3
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/localname.html
|
||||||
|
@@ -0,0 +1 @@
|
||||||
|
+<!--#echo var="REMOTE_USER" -->
|
||||||
|
diff --git a/tests/magtests.py b/tests/magtests.py
|
||||||
|
index d0f0a67f075c6b631926e9abd91a665973d90f4a..d100413b371e7ecf4e09d944b7ff6e9bec7e316f 100755
|
||||||
|
--- a/tests/magtests.py
|
||||||
|
+++ b/tests/magtests.py
|
||||||
|
@@ -58,12 +58,20 @@ def setup_wrappers(base):
|
||||||
|
f.write('%s %s\n' % (WRAP_IPADDR, WRAP_ALIASNAME))
|
||||||
|
f.write('%s %s\n' % (WRAP_IPADDR, WRAP_FAILNAME))
|
||||||
|
|
||||||
|
+ passwd_file = os.path.join(testdir, 'passwd')
|
||||||
|
+ with open(passwd_file, 'w+') as f:
|
||||||
|
+ f.write('root:x:0:0:root:/root:/bin/sh')
|
||||||
|
+ f.write('maguser:x:1:1:maguser:/maguser:/bin/sh')
|
||||||
|
+ f.write('maguser2:x:2:2:maguser2:/maguser2:/bin/sh')
|
||||||
|
+ f.write('maguser3:x:3:3:maguser3:/maguser3:/bin/sh')
|
||||||
|
+
|
||||||
|
wenv = {'LD_PRELOAD': 'libsocket_wrapper.so libnss_wrapper.so',
|
||||||
|
'SOCKET_WRAPPER_DIR': wrapdir,
|
||||||
|
'SOCKET_WRAPPER_DEFAULT_IFACE': '9',
|
||||||
|
'WRAP_PROXY_PORT': WRAP_PROXY_PORT,
|
||||||
|
'NSS_WRAPPER_HOSTNAME': WRAP_HOSTNAME,
|
||||||
|
- 'NSS_WRAPPER_HOSTS': hosts_file}
|
||||||
|
+ 'NSS_WRAPPER_HOSTS': hosts_file,
|
||||||
|
+ 'NSS_WRAPPER_PASSWD': passwd_file}
|
||||||
|
return wenv
|
||||||
|
|
||||||
|
|
||||||
|
@@ -744,6 +752,40 @@ def http_restart(testdir, so_dir, testenv):
|
||||||
|
return httpproc
|
||||||
|
|
||||||
|
|
||||||
|
+def test_gss_localname(testdir, testenv, logfile):
|
||||||
|
+ hdir = os.path.join(testdir, 'httpd', 'html', 'gss_localname')
|
||||||
|
+ os.mkdir(hdir)
|
||||||
|
+ shutil.copy('tests/localname.html', os.path.join(hdir, 'index.html'))
|
||||||
|
+ error_count = 0
|
||||||
|
+
|
||||||
|
+ # Make sure spnego is explicitly tested
|
||||||
|
+ spnego = subprocess.Popen(["tests/t_localname.py", "SPNEGO"],
|
||||||
|
+ stdout=logfile, stderr=logfile,
|
||||||
|
+ env=testenv, preexec_fn=os.setsid)
|
||||||
|
+ spnego.wait()
|
||||||
|
+ if spnego.returncode != 0:
|
||||||
|
+ sys.stderr.write('LOCALNAME(SPNEGO): FAILED\n')
|
||||||
|
+ error_count += 1
|
||||||
|
+ else:
|
||||||
|
+ sys.stderr.write('LOCALNAME(SPNEGO): SUCCESS\n')
|
||||||
|
+
|
||||||
|
+ # and bare krb5 (GS2-KRB5 is the name used by SASL for it)
|
||||||
|
+ krb5 = subprocess.Popen(["tests/t_localname.py", "GS2-KRB5"],
|
||||||
|
+ stdout=logfile, stderr=logfile,
|
||||||
|
+ env=testenv, preexec_fn=os.setsid)
|
||||||
|
+ krb5.wait()
|
||||||
|
+ if krb5.returncode != 0:
|
||||||
|
+ if krb5.returncode == 42:
|
||||||
|
+ sys.stderr.write('LOCALNAME(KRB5): SKIPPED\n')
|
||||||
|
+ else:
|
||||||
|
+ sys.stderr.write('LOCALNAME(KRB5): FAILED\n')
|
||||||
|
+ error_count += 1
|
||||||
|
+ else:
|
||||||
|
+ sys.stderr.write('LOCALNAME(KRB5): SUCCESS\n')
|
||||||
|
+
|
||||||
|
+ return error_count
|
||||||
|
+
|
||||||
|
+
|
||||||
|
if __name__ == '__main__':
|
||||||
|
args = parse_args()
|
||||||
|
|
||||||
|
@@ -781,6 +823,9 @@ if __name__ == '__main__':
|
||||||
|
|
||||||
|
errs += test_bad_acceptor_name(testdir, testenv, logfile)
|
||||||
|
|
||||||
|
+ testenv['MAG_REMOTE_USER'] = USR_NAME
|
||||||
|
+ errs += test_gss_localname(testdir, testenv, logfile)
|
||||||
|
+
|
||||||
|
rpm_path = "/usr/lib64/krb5/plugins/preauth/pkinit.so"
|
||||||
|
deb_path = "/usr/lib/x86_64-linux-gnu/krb5/plugins/preauth/pkinit.so"
|
||||||
|
if os.path.exists(rpm_path) or os.path.exists(deb_path):
|
||||||
|
diff --git a/tests/t_localname.py b/tests/t_localname.py
|
||||||
|
new file mode 100755
|
||||||
|
index 0000000000000000000000000000000000000000..e990762c42aa9b370ac71292b5019fc63622c240
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/t_localname.py
|
||||||
|
@@ -0,0 +1,62 @@
|
||||||
|
+#!/usr/bin/env python3
|
||||||
|
+# Copyright (C) 2020 - mod_auth_gssapi contributors, see COPYING for license.
|
||||||
|
+
|
||||||
|
+import os
|
||||||
|
+import subprocess
|
||||||
|
+import sys
|
||||||
|
+
|
||||||
|
+import gssapi
|
||||||
|
+
|
||||||
|
+import requests
|
||||||
|
+
|
||||||
|
+from requests_gssapi import HTTPSPNEGOAuth
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+def use_requests(auth):
|
||||||
|
+ sess = requests.Session()
|
||||||
|
+ url = 'http://%s/gss_localname/' % os.environ['NSS_WRAPPER_HOSTNAME']
|
||||||
|
+
|
||||||
|
+ r = sess.get(url, auth=auth)
|
||||||
|
+ if r.status_code != 200:
|
||||||
|
+ raise ValueError('Localname failed')
|
||||||
|
+
|
||||||
|
+ if r.text.rstrip() != os.environ['MAG_REMOTE_USER']:
|
||||||
|
+ raise ValueError('Localname, REMOTE_USER check failed')
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+def use_curl():
|
||||||
|
+ url = 'http://%s/gss_localname/' % os.environ['NSS_WRAPPER_HOSTNAME']
|
||||||
|
+ curl = subprocess.Popen(["curl", "--negotiate", "-u:", url],
|
||||||
|
+ stdout=subprocess.PIPE)
|
||||||
|
+ curl.wait()
|
||||||
|
+ if curl.returncode != 0:
|
||||||
|
+ raise ValueError('Localname failed')
|
||||||
|
+
|
||||||
|
+ line = curl.stdout.read().strip(b' \t\n\r').decode('utf-8')
|
||||||
|
+ if line != os.environ['MAG_REMOTE_USER']:
|
||||||
|
+ raise ValueError('Localname, REMOTE_USER check failed (%s != %s)' % (
|
||||||
|
+ line, os.environ['MAG_REMOTE_USER']))
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+if __name__ == '__main__':
|
||||||
|
+ mech_name = None
|
||||||
|
+ if len(sys.argv) > 1:
|
||||||
|
+ mech_name = sys.argv[1]
|
||||||
|
+
|
||||||
|
+ mech = None
|
||||||
|
+ if mech_name is not None:
|
||||||
|
+ mech = gssapi.mechs.Mechanism.from_sasl_name(mech_name)
|
||||||
|
+
|
||||||
|
+ try:
|
||||||
|
+ auth = HTTPSPNEGOAuth(mech=mech)
|
||||||
|
+ use_requests(auth)
|
||||||
|
+ except TypeError:
|
||||||
|
+ # odler version of requests that does not support mechs
|
||||||
|
+ if mech_name == 'SPNEGO':
|
||||||
|
+ use_curl()
|
||||||
|
+ elif mech_name == 'GS2-KRB5':
|
||||||
|
+ # older request versions use krb5 as the mech by default
|
||||||
|
+ auth = HTTPSPNEGOAuth()
|
||||||
|
+ use_requests(auth)
|
||||||
|
+ else:
|
||||||
|
+ sys.exit(42) # SKIP
|
||||||
|
--
|
||||||
|
2.35.1
|
||||||
|
|
@ -1,32 +1,42 @@
|
|||||||
Name: mod_auth_gssapi
|
Name: mod_auth_gssapi
|
||||||
Version: 1.6.3
|
Version: 1.6.1
|
||||||
Release: 7%{?dist}
|
Release: 9%{?dist}
|
||||||
Summary: A GSSAPI Authentication module for Apache
|
Summary: A GSSAPI Authentication module for Apache
|
||||||
|
|
||||||
|
Group: System Environment/Daemons
|
||||||
License: MIT
|
License: MIT
|
||||||
URL: https://github.com/gssapi/mod_auth_gssapi
|
URL: https://github.com/modauthgssapi/mod_auth_gssapi
|
||||||
Source0: https://github.com/gssapi/%{name}/releases/download/v%{version}/%name-%{version}.tar.gz
|
Source0: https://github.com/modauthgssapi/%{name}/releases/download/v%{version}/%name-%{version}.tar.gz
|
||||||
|
|
||||||
BuildRequires: httpd-devel, krb5-devel, openssl-devel
|
Patch0: In-tests-show-the-exception-on-failure.patch
|
||||||
BuildRequires: autoconf, automake, libtool, bison, flex, make
|
Patch1: Fix-tests-to-work-with-python3.patch
|
||||||
|
Patch2: tests-Test-suite-fixes-for-virtualenv-and-clang.patch
|
||||||
|
Patch3: Fix-integer-sizes-used-with-ap_set_flag_slot.patch
|
||||||
|
Patch4: Fix-mag_auth_basic-function-call.patch
|
||||||
|
Patch6: Fix-distcheck.patch
|
||||||
|
Patch7: Add-option-to-control-timeout-for-Basic-Auth.patch
|
||||||
|
Patch8: tests-Support-Debian-s-libfaketime.patch
|
||||||
|
Patch9: tests-Fixup-virtualenv-handling.patch
|
||||||
|
Patch10: tests-Don-t-override-the-specific-environment-by-the.patch
|
||||||
|
Patch11: Fix-PATH-handling-bug-in-test-suite.patch
|
||||||
|
Patch12: Move-to-python3-by-default.patch
|
||||||
|
Patch13: Fix-gss_localname-with-SPNEGO-wrapping.patch
|
||||||
|
Patch14: tests-add-test-for-gss_localname.patch
|
||||||
|
Patch15: Add-ability-to-expose-the-used-mechanism.patch
|
||||||
|
Patch16: Fix-gss-localname-test-to-work-with-older-gssapi-ver.patch
|
||||||
|
|
||||||
|
BuildRequires: httpd-devel, krb5-devel, openssl-devel, autoconf, automake, libtool
|
||||||
|
BuildRequires: gssntlmssp-devel
|
||||||
BuildRequires: git
|
BuildRequires: git
|
||||||
Requires: httpd-mmn = %{_httpd_mmn}
|
Requires: httpd-mmn = %{_httpd_mmn}
|
||||||
Requires: krb5-libs >= 1.11.5
|
Requires: krb5-libs >= 1.11.5
|
||||||
|
|
||||||
Patch0: crypto-Handle-EVP-changes-in-OpenSSL-3.patch
|
|
||||||
|
|
||||||
# If you're reading this: NTLM is insecure. Migrate off it.
|
|
||||||
%if 0%{?rhel}
|
|
||||||
%else
|
|
||||||
BuildRequires: gssntlmssp-devel
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
The mod_auth_gssapi module is an authentication service that implements the
|
The mod_auth_gssapi module is an authentication service that implements the
|
||||||
SPNEGO based HTTP Authentication protocol defined in RFC4559.
|
SPNEGO based HTTP Authentication protocol defined in RFC4559.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%autosetup -S git_am
|
%autosetup -S git
|
||||||
|
|
||||||
%build
|
%build
|
||||||
export APXS=%{_httpd_apxs}
|
export APXS=%{_httpd_apxs}
|
||||||
@ -51,55 +61,41 @@ install -m 644 10-auth_gssapi.conf %{buildroot}%{_httpd_modconfdir}
|
|||||||
%{_httpd_moddir}/mod_auth_gssapi.so
|
%{_httpd_moddir}/mod_auth_gssapi.so
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Wed Aug 25 2021 Robbie Harwood <rharwood@redhat.com> - 1.6.3-7
|
* Thu Apr 28 2022 Francisco Trivino <ftrivino@redhat.com> 1.6.1-9
|
||||||
- crypto: Handle EVP changes in OpenSSL 3
|
- Add missing repos to the osci tests
|
||||||
- Resolves: #1992648
|
- Fix gss localname test to work with older gssapi version
|
||||||
|
- Resolves: #2083122
|
||||||
|
- Add ability to expose the used mechanism
|
||||||
|
- Resolves: #2046231
|
||||||
|
|
||||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.6.3-6
|
* Wed Apr 27 2022 Francisco Trivino <ftrivino@redhat.com> 1.6.1-8
|
||||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
- Add test for gss_localname
|
||||||
Related: rhbz#1991688
|
- Fix gss_localname with SPNEGO wrapping
|
||||||
|
- Resolves: #1787630
|
||||||
|
|
||||||
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.6.3-5
|
* Mon Oct 12 2020 Robbie Harwood <rharwood@redhat.com> 1.6.1-7.1
|
||||||
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
- Bang on gating until the environment gives up
|
||||||
Related: rhbz#1971065
|
- Resolves: #1866149
|
||||||
|
|
||||||
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.6.3-4
|
* Mon Oct 12 2020 Robbie Harwood <rharwood@redhat.com> - 1.6.1-7
|
||||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
- Backport basic auth timeout control
|
||||||
|
- Resolves: #1866149
|
||||||
|
|
||||||
* Tue Mar 16 2021 Robbie Harwood <rharwood@redhat.com> - 1.6.3-3
|
* Fri Mar 22 2019 Robbie Harwood <rharwood@redhat.com> - 1.6.1-6
|
||||||
- Build dep adjustments; no Fedora code changes
|
- Gating update
|
||||||
|
- Resolves: #1682259
|
||||||
|
|
||||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.3-2
|
* Mon Mar 18 2019 Robbie Harwood <rharwood@redhat.com> - 1.6.1-5
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
|
||||||
|
|
||||||
* Wed Aug 05 2020 Robbie Harwood <rharwood@redhat.com> - 1.6.3-1
|
|
||||||
- New upstream release (1.6.3)
|
|
||||||
|
|
||||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.2-2
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
|
||||||
|
|
||||||
* Mon Apr 27 2020 Robbie Harwood <rharwood@redhat.com> - 1.6.2-1
|
|
||||||
- New upstream release (1.6.2)
|
|
||||||
- Resolves: #1828142
|
|
||||||
|
|
||||||
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.1-8
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
|
||||||
|
|
||||||
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.1-7
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
|
||||||
|
|
||||||
* Mon Mar 18 2019 Robbie Harwood <rharwood@redhat.com> - 1.6.1-6
|
|
||||||
- Test suite fixes for virtualenv and clang
|
|
||||||
|
|
||||||
* Tue Feb 19 2019 Robbie Harwood <rharwood@redhat.com> - 1.6.1-5
|
|
||||||
- Fix integer sizes used with ap_set_flag_slot()
|
- Fix integer sizes used with ap_set_flag_slot()
|
||||||
- Resolves: #1678872
|
- Resolves: #1674501
|
||||||
|
|
||||||
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.1-4
|
* Mon Mar 18 2019 Robbie Harwood <rharwood@redhat.com> - 1.6.1-4
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
- Fix virtualenv logic and add gating
|
||||||
|
- Resolves: #1682259
|
||||||
|
|
||||||
* Thu Jan 03 2019 Robbie Harwood <rharwood@redhat.com> - 1.6.1-3
|
* Thu Mar 14 2019 Robbie Harwood <rharwood@redhat.com> - 1.6.1-3
|
||||||
- Fix tests to work with python3
|
- Fix tests to work with python3
|
||||||
|
- Resolves: #1661589
|
||||||
|
|
||||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.1-2
|
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.1-2
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
Loading…
Reference in New Issue
Block a user