debian/0000755000000000000000000000000012151716212007164 5ustar debian/watch0000644000000000000000000000013412151715467010226 0ustar version=3 http://www.openfusion.com.au/labs/dist/mod_auth_tkt/mod_auth_tkt-([\d\.]+).tar.gz debian/source/0000755000000000000000000000000012151715467010477 5ustar debian/source/format0000644000000000000000000000001412151715467011705 0ustar 3.0 (quilt) debian/rules0000755000000000000000000000027412151715467010262 0ustar #!/usr/bin/make -f %: dh $@ --with apache2 override_dh_auto_configure: ./configure --apxs=/usr/bin/apxs2 --apachever=2.2 override_dh_auto_test: override_dh_auto_clean: make clean debian/patches/0000755000000000000000000000000012151715467010626 5ustar debian/patches/series0000644000000000000000000000007312151715467012043 0ustar apache24fix.diff authtypeTKT.diff dont_install_module.diff debian/patches/dont_install_module.diff0000644000000000000000000000115212151715467015516 0ustar Description: Don't install module The makefiles installs the module in /usr/lib/apache2 instead of $PREFIX/usr/lib/apache2. This patch disables the installation. The module will be installed by dh_apache2. Author: Ivo De Decker Forwarded: not-needed Last-Update: 2012-05-17 --- libapache2-mod-auth-tkt-2.1.0.orig/src/Makefile +++ libapache2-mod-auth-tkt-2.1.0/src/Makefile @@ -10,7 +10,7 @@ $(TARGET): mod_auth_tkt.c ap_compat.h sh install: $(TARGET) - $(APXS) -i $(TARGET) + #$(APXS) -i $(TARGET) clean: -rm -f $(MAT).o $(MAT).so $(MAT).la $(MAT).lo $(MAT).slo sha2.lo sha2.slo debian/patches/authtypeTKT.diff0000644000000000000000000000557312151715467013720 0ustar Description: Define authtype TKT This patch introduces a new authtype 'TKT', to allow usage of the module without redirect urls or guest access. In that case, it is only possible to get access if the user already has a cookie from a previous visit to the login page. Otherwise, access will be denied. Author: Ivo De Decker Forwarded: no Last-Update: 2012-05-17 --- libapache2-mod-auth-tkt-2.1.0.orig/src/mod_auth_tkt.c +++ libapache2-mod-auth-tkt-2.1.0/src/mod_auth_tkt.c @@ -1426,6 +1426,7 @@ auth_tkt_check(request_rec *r) auth_tkt_serv_conf *sconf = ap_get_module_config(r->server->module_config, &auth_tkt_module); const char *scheme = ap_http_method(r); + const char *current_auth; int guest = 0; int timeout; int force_cookie_refresh = 0; @@ -1441,9 +1442,13 @@ auth_tkt_check(request_rec *r) if (conf->debug >= 2) dump_config(r, sconf, conf); - /* Module not configured unless login_url or guest_login is set */ + /* Module not configured unless login_url or guest_login is set + * or AuthType is TKT*/ if (! conf->login_url && conf->guest_login <= 0) { - return DECLINED; + current_auth = ap_auth_type(r); + if (!current_auth || strcasecmp(current_auth, "TKT")) { + return DECLINED; + } } /* Module misconfigured unless secret set */ if (! sconf->secret) { @@ -1481,11 +1486,16 @@ auth_tkt_check(request_rec *r) "TKT: no valid ticket found - redirecting to login url"); return redirect(r, conf->login_url); } - else { + else if (conf->guest_login > 0) { /* Fatal error: guest setup failed, but we have no login url defined */ ap_log_rerror(APLOG_MARK, APLOG_ERR, APR_SUCCESS, r, "TKT: guest login failed and no login url to fall back to - aborting"); return HTTP_INTERNAL_SERVER_ERROR; + } else { + /* No access: no guest setup and we have no login url defined */ + ap_log_rerror(APLOG_MARK, APLOG_INFO, APR_SUCCESS, r, + "TKT: no guest login and no login url to fall back to - no access"); + return HTTP_FORBIDDEN; } } } @@ -1508,11 +1518,16 @@ auth_tkt_check(request_rec *r) if (url) { return redirect(r, url); } - else { + else if (conf->guest_login > 0) { /* Fatal error: guest setup failed, but we have no url to redirect to */ ap_log_rerror(APLOG_MARK, APLOG_ERR, APR_SUCCESS, r, "TKT: ticket timeout, guest login failed, and no url to fall back to - aborting"); return HTTP_INTERNAL_SERVER_ERROR; + } else { + /* No access: no guest setup and we have no url to redirect to */ + ap_log_rerror(APLOG_MARK, APLOG_INFO, APR_SUCCESS, r, + "TKT: ticket timeout, no guest login and no url to fall back to - no access"); + return HTTP_UNAUTHORIZED; } } } debian/patches/apache24fix.diff0000644000000000000000000000267212151715467013565 0ustar Description: Build fix for apache 2.4 Fix for API changes in apache 2.4. Author: Ivo De Decker Forwarded: http://sourceforge.net/mailarchive/forum.php?thread_name=20120518111425.GA9186%40ugent.be&forum_name=modauthtkt-users Last-Update: 2012-05-17 --- libapache2-mod-auth-tkt-2.1.0.orig/src/mod_auth_tkt.c +++ libapache2-mod-auth-tkt-2.1.0/src/mod_auth_tkt.c @@ -6,6 +6,7 @@ #include "http_config.h" #include "http_log.h" #include "http_core.h" +#include "http_request.h" #include "http_protocol.h" #include "util_md5.h" #include "sha2.h" @@ -798,7 +799,11 @@ ticket_digest(request_rec *r, auth_tkt * unsigned char *buf2 = apr_palloc(r->pool, sconf->digest_sz + strlen(secret)); int len = 0; char *digest = NULL; +#if AP_MODULE_MAGIC_AT_LEAST(20111130,0) + char *remote_ip = conf->ignore_ip > 0 ? "0.0.0.0" : r->connection->client_ip; +#else char *remote_ip = conf->ignore_ip > 0 ? "0.0.0.0" : r->connection->remote_ip; +#endif unsigned long ip; struct in_addr ia; char *d; @@ -1575,7 +1580,11 @@ static void auth_tkt_register_hooks (apr_pool_t *p) { ap_hook_post_config(auth_tkt_version, NULL, NULL, APR_HOOK_MIDDLE); +#if AP_MODULE_MAGIC_AT_LEAST(20080403,1) + ap_hook_check_authn(auth_tkt_check, NULL, NULL, APR_HOOK_FIRST, AP_AUTH_INTERNAL_PER_CONF); +#else ap_hook_check_user_id(auth_tkt_check, NULL, NULL, APR_HOOK_FIRST); +#endif } /* Declare and populate the main module data structure */ debian/libapache2-mod-auth-tkt.apache20000644000000000000000000000012012151715467014723 0ustar mod src/.libs/mod_auth_tkt.so mod debian/auth_tkt.load mod debian/auth_tkt.conf debian/examples0000644000000000000000000000003412151715467010735 0ustar contrib/auth_ticket.inc.php debian/docs0000644000000000000000000000007112151715467010050 0ustar README README.upgrading_to_2.0.x ChangeLog.1 ChangeLog.2 debian/copyright0000644000000000000000000000775212151715467011145 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: mod_auth_tkt Upstream-Contact: Gavin Carr Source: http://www.openfusion.com.au/labs/mod_auth_tkt/ Files: * Copyright: 2000 Liquid Digital Information Systems, Inc. 2000 Raimondas Kiveris 2000 Nelio Alves Pereira Filho 2001-2012 Open Fusion Pty Ltd (Australia) 2001-2012 Gavin Carr License: Apache-1.0 Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: . 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. . 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. . 3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the Apache Group for use in the Apache HTTP server project (http://www.apache.org/)." . 4. The names "Apache Server" and "Apache Group" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact apache@apache.org. . 5. Products derived from this software may not be called "Apache" nor may "Apache" appear in their names without prior written permission of the Apache Group. . 6. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes software developed by the Apache Group for use in the Apache HTTP server project (http://www.apache.org/)." . THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. . This software consists of voluntary contributions made by many individuals on behalf of the Apache Group and was originally based on public domain software written at the National Center for Supercomputing Applications, University of Illinois, Urbana-Champaign. For more information on the Apache Group and the Apache HTTP server project, please see . Files: src/sha2.* Copyright: 2003-2005 The Apache Software Foundation 2003-2005 Aaron D. Gifford License: Apache-2.0 Licensed under the Apache License, Version 2.0 (the "License"); you may not use this work except in compliance with the License. You may obtain a copy of the License at . http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. . On Debian GNU systems, the complete text of the Apache License, Version 2.0 can be found in `/usr/share/common-licenses/Apache-2.0'. Files: debian/* Copyright: 2010-2012, Ivo De Decker License: GPL-2+ On Debian GNU/Linux systems, the complete text of the GNU General Public License (GPL) version 2 can be found at /usr/share/common-licenses/GPL-2. debian/control0000644000000000000000000000177712151715467010616 0ustar Source: libapache2-mod-auth-tkt Section: httpd Priority: extra Maintainer: Ivo De Decker Build-Depends: debhelper (>= 9), dh-apache2, apache2-dev Standards-Version: 3.9.4 Homepage: http://www.openfusion.com.au/labs/mod_auth_tkt/ Package: libapache2-mod-auth-tkt Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: lightweight single-sign-on authentication module for Apache mod_auth_tkt is a lightweight single-sign-on authentication module for Apache. It uses secure cookie-based tickets to implement a single-signon framework that works across multiple Apache instances and servers. . mod_auth_tkt itself is completely repository-agnostic, as the actual authentication is done by a user-supplied CGI or script in your language of choice (examples are provided in Perl, with contrib libraries for use with Python and PHP). This allows authentication against virtually any kind of user repository you can imagine (password files, ldap directories, databases, etc.) debian/compat0000644000000000000000000000000212151715467010375 0ustar 9 debian/changelog0000644000000000000000000000141412151716163011043 0ustar libapache2-mod-auth-tkt (2.1.0-8) unstable; urgency=low * Upload to unstable for apache 2.4 transition. -- Ivo De Decker Thu, 30 May 2013 20:32:13 +0200 libapache2-mod-auth-tkt (2.1.0-7) experimental; urgency=low * Update packaging for apache 2.4. Closes: #707061 * Update standards version to 3.9.4 (no changes). -- Ivo De Decker Mon, 13 May 2013 22:54:50 +0200 libapache2-mod-auth-tkt (2.1.0-6) unstable; urgency=low * Build-depends on debhelper 9. * Add watch file. -- Ivo De Decker Sat, 09 Jun 2012 16:09:19 +0200 libapache2-mod-auth-tkt (2.1.0-5) unstable; urgency=low * Initial public release -- Ivo De Decker Mon, 21 May 2012 23:33:22 +0200 debian/auth_tkt.load0000644000000000000000000000010412151715467011656 0ustar LoadModule auth_tkt_module /usr/lib/apache2/modules/mod_auth_tkt.so debian/auth_tkt.conf0000644000000000000000000000003012151715467011662 0ustar #TKTAuthSecret "secret"