debian/0000755000000000000000000000000012167346651007201 5ustar debian/watch0000644000000000000000000000152712167034253010227 0ustar # watch control file for uscan # you can run the "uscan" command # to check for upstream updates and more. # See uscan(1) for format # Compulsory line, this is a version 3 file version=3 # Uncomment to examine a Webpage # #http://www.example.com/downloads.php #PACKAGE#-(.*)\.tar\.gz http://code.google.com/p/mod-auth-external/downloads/list?can=1 .*/mod_authnz_external-(\d[\d.]*)\.tar\.gz # Uncomment to examine a Webserver directory #http://www.example.com/pub/#PACKAGE#-(.*)\.tar\.gz # Uncommment to examine a FTP server #ftp://ftp.example.com/pub/#PACKAGE#-(.*)\.tar\.gz debian uupdate # Uncomment to find new files on sourceforge, for devscripts >= 2.9 # http://sf.net/#PACKAGE#/#PACKAGE#-(.*)\.tar\.gz # Uncomment to find new files on GooglePages # http://example.googlepages.com/foo.html #PACKAGE#-(.*)\.tar\.gz debian/libapache2-mod-authnz-external.docs0000644000000000000000000000002612167033055015736 0ustar AUTHENTICATORS README debian/README.debian0000644000000000000000000000110012167033055011261 0ustar This package can be used with pwauth to provide secure auth against PAM without exposing /etc/shadow file. To use it on Debian, make sure to also pwauth package then add these lines to relevant Location or Directory section: AuthBasicProvider external AuthExternal pwauth And to the related virtual host section: AddExternalAuth pwauth /usr/sbin/pwauth SetExternalAuthMethod pwauth pipe See these links for more info: README file http://blog.innerewut.de/2007/6/26/apache-2-2-authentication-with-mod_authnz_external http://www.unixpapa.com/mod_auth_external debian/rules0000755000000000000000000000311112167033350010242 0ustar #!/usr/bin/make -f # Sample debian/rules that uses debhelper. # This file is public domain software, originally written by Joey Hess. # # This version is for packages that are architecture dependent. # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 build: build-stamp build-stamp: dh_testdir # Add here commands to compile the package. #$(MAKE) touch build-stamp clean: dh_testdir dh_testroot rm -f build-stamp # Add here commands to clean up after the build process. rm -f *.o *.so *.la *.lo *.o *.slo rm -rf .libs dh_clean install: build dh_testdir dh_testroot dh_prep dh_installdirs # Add here commands to install the package into debian/ #$(MAKE) prefix=`pwd`/debian/`dh_listpackages`/usr install apxs2 -c -Wc,-fno-strict-aliasing mod_authnz_external.c # Build architecture-independent files here. binary-indep: build install # We have nothing to do by default. # Build architecture-dependent files here. binary-arch: build install dh_testdir dh_testroot dh_installchangelogs dh_installdocs dh_installexamples dh_install dh_apache2 # dh_installmenu # dh_installdebconf # dh_installlogrotate # dh_installemacsen # dh_installcatalogs # dh_installpam # dh_installmime # dh_installinit # dh_installcron # dh_installinfo # dh_installwm # dh_installudev # dh_lintian # dh_undocumented dh_installman dh_link dh_strip dh_compress dh_fixperms # dh_perl # dh_python # dh_makeshlibs dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install debian/libapache2-mod-authnz-external.apache20000644000000000000000000000010112167033320016276 0ustar mod .libs/mod_authnz_external.so mod debian/authnz_external.load debian/copyright0000644000000000000000000000466012167033055011131 0ustar This package was debianized for Ubuntu by Chuck Short on Tue, 08 Jan 2008 10:20:36 -0500. This package was debianized for Debian by Hai Zaar on Tue, 31 Mar 2009 18:32:20 +0300 based on the work mentioned above. It was downloaded from http://code.google.com/p/mod-auth-external Upstream Authors: Nathan Neulinger Tyler Allison Dave Woolaway Sven Koch Jan Wolter Copyright: Copyright (c) 1995 The Apache Group. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the Apache Group for use in the Apache HTTP server project (http://www.apache.org/)." 4. The names "Apache Server" and "Apache Group" must not be used to endorse or promote products derived from this software without prior written permission. 5. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes software developed by the Apache Group for use in the Apache HTTP server project (http://www.apache.org/)." THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR IT'S CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. debian/authnz_external.load0000644000000000000000000000012212167033055013237 0ustar LoadModule authnz_external_module /usr/lib/apache2/modules/mod_authnz_external.so debian/source/0000755000000000000000000000000012167035112010464 5ustar debian/source/format0000644000000000000000000000001412167035112011672 0ustar 3.0 (quilt) debian/patches/0000755000000000000000000000000012167036627010627 5ustar debian/patches/series0000644000000000000000000000003112167035150012024 0ustar conn-rec-remote-ip.patch debian/patches/conn-rec-remote-ip.patch0000644000000000000000000000134212167035745015253 0ustar Description: Handle conn_rec->remote_ip split in Apache 2.4 Author: Colin Watson Forwarded: http://code.google.com/p/mod-auth-external/issues/detail?id=8 Last-Update: 2013-07-09 Index: b/mod_authnz_external.c =================================================================== --- a/mod_authnz_external.c +++ b/mod_authnz_external.c @@ -443,8 +443,8 @@ if (remote_host != NULL) child_env[i++]= apr_pstrcat(p, ENV_HOST"=", remote_host,NULL); - if (c->remote_ip) - child_env[i++]= apr_pstrcat(p, ENV_IP"=", c->remote_ip, NULL); + if (r->useragent_ip) + child_env[i++]= apr_pstrcat(p, ENV_IP"=", r->useragent_ip, NULL); if (r->uri) child_env[i++]= apr_pstrcat(p, ENV_URI"=", r->uri, NULL); debian/compat0000644000000000000000000000000212167033055010366 0ustar 7 debian/control0000644000000000000000000000162212167037645010605 0ustar Source: libapache2-mod-authnz-external Section: web Priority: optional Maintainer: Hai Zaar Build-Depends: debhelper (>= 7), dh-apache2, apache2-dev (>= 2.4.0) Standards-Version: 3.8.2 Homepage: http://code.google.com/p/mod-auth-external Package: libapache2-mod-authnz-external Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Recommends: pwauth Description: authenticate Apache against external authentication services Mod_Auth_External can be used to quickly construct secure, reliable authentication systems. It can also be mis-used to quickly open gaping holes in your security. Read the documentation, and use with extreme caution. . Notably, this module can be used to securely authenticate against PAM (without exposing /etc/shadow file), using, for example, pwauth authenticator. . This Package includes the mod-athnz-external Module for Apache Version 2.x debian/changelog0000644000000000000000000000172712167346651011062 0ustar libapache2-mod-authnz-external (3.3.1-0.1) unstable; urgency=low * Non-maintainer upload. * New upstream release, suitable for Apache 2.4 (closes: #633638). * Port packaging to Apache 2.4 (closes: #666815). * Update debian/watch. -- Colin Watson Wed, 10 Jul 2013 22:04:38 +0100 libapache2-mod-authnz-external (3.2.4-2.1) unstable; urgency=high * Non-maintainer upload by the security team * Fix SQL injection via the $user paramter (Closes: #633637) Fixes: CVE-2011-2688 -- Steffen Joeris Mon, 18 Jul 2011 10:26:11 +1000 libapache2-mod-authnz-external (3.2.4-2) unstable; urgency=low * libapache2-mod-authnz-external does not install the .load file (Closes: #534492) -- Hai Zaar Fri, 26 Jun 2009 11:08:21 +0300 libapache2-mod-authnz-external (3.2.4-1) unstable; urgency=low * Initial release (Closes: #526786) -- Hai Zaar Sun, 21 May 2009 17:02:00 +0300