rpms/mod_auth_mellon
5
0
Fork 0
Code Issues Pull Requests Releases Activity

remove unused patches

Browse Source
This commit is contained in:
Jakub Hrozek 2019-03-22 21:12:26 +01:00
parent 1a042645d0
commit d47343a603
3 changed files with 0 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
acs-warning.patch
View File

@ -1,33 +0,0 @@
commit 5ba9bb72707a90503cd4d042083ea074a0cb6b8a
Author: John Dennis <jdennis@redhat.com>
Date: Fri Oct 30 15:46:33 2015 -0400
Role maybe unknown when assertion consumer url is looked up
Replace the call to lasso_provider_get_metadata_one() with
lasso_provider_get_metadata_one_for_role() so that we can exlicitly
pass the LASSO_PROVIDER_ROLE_SP role. The former call obtains the
role from the provider object and then calls
lasso_provider_get_metadata_one_for_role() using that role. However
the role will not have been set in the provider until the first request is
processed. This means the first time we call this routine it won't
work correctly because the role will not have been set yet, by
explicitly passing the role we avoid this problem.
Signed-off-by: John Dennis <jdennis@redhat.com>
diff --git a/auth_mellon_util.c b/auth_mellon_util.c
index 155bb1a..6c694b7 100644
--- a/auth_mellon_util.c
+++ b/auth_mellon_util.c
@@ -1827,7 +1827,9 @@ char *am_get_assertion_consumer_service_by_binding(LassoProvider *provider, cons
}
if (selected_descriptor) {
- url = lasso_provider_get_metadata_one(provider, selected_descriptor);
+ url = lasso_provider_get_metadata_one_for_role(provider,
+ LASSO_PROVIDER_ROLE_SP,
+ selected_descriptor);
}
lasso_release_list_of_strings(descriptors);

36
content-type.patch
View File

@ -1,36 +0,0 @@
commit 040a1ae5cb2aab38b2bc716cc3d0d6fa7b998a7a
Author: John Dennis <jdennis@redhat.com>
Date: Mon Jan 16 09:02:06 2017 -0500
Use ap_set_content_type() to set "Content-Type" header
Formerly we were setting the response header "Content-Type" in
r->headers_out directly via the apr_table_setn() call. Although using
apr_table_setn() is appropriate for many HTTP headers Apache actively
manages a small set of headers in
http_filters.c:ap_http_header_filter(). These managed headers are
derived from values maintained in the request_rec. "Content-Type" is
one of the managed headers.
Because we didn't set r->content_type field via the
ap_set_content_type() call and instead directly updated the
r->headers_out table our value for "Content-Type" was overwriten when
the ap_http_header_filter() was run just prior to emitting the
response with the result the "Content-Type" header returned to the
client was incorrect.
Signed-off-by: John Dennis <jdennis@redhat.com>
diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c
index a55828a..25365de 100644
--- a/auth_mellon_handler.c
+++ b/auth_mellon_handler.c
@@ -2655,7 +2655,7 @@ static int am_set_authn_request_post_content(request_rec *r, LassoLogin *login)
*/
static int am_set_authn_request_paos_content(request_rec *r, LassoLogin *login)
{
- apr_table_setn(r->headers_out, "Content-Type", MEDIA_TYPE_PAOS);
+ ap_set_content_type(r, MEDIA_TYPE_PAOS);
ap_rputs(LASSO_PROFILE(login)->msg_body, r);
return OK;

34
enabled_in_check_uid.patch
View File

@ -1,34 +0,0 @@
commit 912aa852ebd78577f59cf7958c709acea98ace4c
Author: John Dennis <jdennis@redhat.com>
Date: Fri Apr 8 09:01:22 2016 -0400
am_check_uid() should be no-op if mellon not enabled
mod_auth_mellon was interferring with other Apache authentication
modules (e.g. mod_auth_kerb) because when the Apache check_user_id
hook ran the logic in am_check_uid would execute even if mellon was
not enabled for the location. This short circuited the hook execution
and never allowed the authentication enabled for the location to
execute. It resulted in HTTP_UNAUTHORIZED being returned with the
client then expecting a WWW-Authenticate header field causing the
client to attempt to authenticate again.
Signed-off-by: John Dennis <jdennis@redhat.com>
diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c
index a72e1ca..864396f 100644
--- a/auth_mellon_handler.c
+++ b/auth_mellon_handler.c
@@ -3625,6 +3625,12 @@ int am_check_uid(request_rec *r)
return OK;
}
+ /* Check that the user has enabled authentication for this directory. */
+ if(dir->enable_mellon == am_enable_off
+ || dir->enable_mellon == am_enable_default) {
+ return DECLINED;
+ }
+
#ifdef HAVE_ECP
am_req_cfg_rec *req_cfg = am_get_req_cfg(r);
if (req_cfg->ecp_authn_req) {