diff options
-rw-r--r-- | network/mod_auth_kerb/README | 11 | ||||
-rw-r--r-- | network/mod_auth_kerb/doinst.sh | 13 | ||||
-rw-r--r-- | network/mod_auth_kerb/mod_auth_kerb.SlackBuild | 85 | ||||
-rw-r--r-- | network/mod_auth_kerb/mod_auth_kerb.c.patch | 10 | ||||
-rw-r--r-- | network/mod_auth_kerb/mod_auth_kerb.conf | 27 | ||||
-rw-r--r-- | network/mod_auth_kerb/mod_auth_kerb.info | 10 | ||||
-rw-r--r-- | network/mod_auth_kerb/slack-desc | 19 | ||||
-rw-r--r-- | network/mod_evasive/fixup-for-httpd24.diff | 84 |
8 files changed, 84 insertions, 175 deletions
diff --git a/network/mod_auth_kerb/README b/network/mod_auth_kerb/README deleted file mode 100644 index 9c2df762ad..0000000000 --- a/network/mod_auth_kerb/README +++ /dev/null @@ -1,11 +0,0 @@ -Mod_auth_kerb is an Apache module designed to provide Kerberos -authentication to the Apache web server. The module also supports -the Negotiate authentication method, which performs full Kerberos -authentication based on ticket exchanges, and does not require -users to insert their passwords to the browser. - -You will need to add the following line to /etc/httpd/httpd.conf: - Include /etc/httpd/extra/mod_auth_kerb.conf - -Mod_auth_kerb can be further configured through the Apache configuration file; -see the README in the package's documentation directory for details. diff --git a/network/mod_auth_kerb/doinst.sh b/network/mod_auth_kerb/doinst.sh deleted file mode 100644 index accf625eb0..0000000000 --- a/network/mod_auth_kerb/doinst.sh +++ /dev/null @@ -1,13 +0,0 @@ -config() { - NEW="$1" - OLD="$(dirname $NEW)/$(basename $NEW .new)" - # If there's no config file by that name, mv it over: - if [ ! -r $OLD ]; then - mv $NEW $OLD - elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then - # toss the redundant copy - rm $NEW - fi - # Otherwise, we leave the .new copy for the admin to consider... -} -config etc/httpd/extra/mod_auth_kerb.conf.new diff --git a/network/mod_auth_kerb/mod_auth_kerb.SlackBuild b/network/mod_auth_kerb/mod_auth_kerb.SlackBuild deleted file mode 100644 index 60adb3f377..0000000000 --- a/network/mod_auth_kerb/mod_auth_kerb.SlackBuild +++ /dev/null @@ -1,85 +0,0 @@ -#!/bin/sh - -# Slackware build script for mod_auth_kerb -# Written by Thibaut Notteboom (tib at tibux dot org) - -PRGNAM=mod_auth_kerb -VERSION=${VERSION:-5.4} -BUILD=${BUILD:-1} -TAG=${TAG:-_SBo} - -if [ -z "$ARCH" ]; then - case "$( uname -m )" in - i?86) ARCH=i486 ;; - arm*) ARCH=arm ;; - *) ARCH=$( uname -m ) ;; - esac -fi - -CWD=$(pwd) -TMP=${TMP:-/tmp/SBo} -PKG=$TMP/package-$PRGNAM -OUTPUT=${OUTPUT:-/tmp} - -if [ "$ARCH" = "i486" ]; then - SLKCFLAGS="-O2 -march=i486 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "i686" ]; then - SLKCFLAGS="-O2 -march=i686 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" - LIBDIRSUFFIX="64" -else - SLKCFLAGS="-O2" - LIBDIRSUFFIX="" -fi - -set -e - -rm -rf $PKG -mkdir -p $TMP $PKG $OUTPUT -cd $TMP -rm -rf $PRGNAM-$VERSION -tar xvf $CWD/$PRGNAM-$VERSION.tar.gz -cd $PRGNAM-$VERSION -chown -R root:root . -find . \ - \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ - -exec chmod 755 {} \; -o \ - \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ - -exec chmod 644 {} \; - -patch -p0 < $CWD/mod_auth_kerb.c.patch - -CFLAGS="$SLKCFLAGS" \ -CXXFLAGS="$SLKCFLAGS" \ -./configure \ - --prefix=/usr \ - --without-krb4 \ - --with-krb5=/usr/heimdal \ - --build=$ARCH-slackware-linux - -make - -mkdir -p $PKG/usr/lib${LIBDIRSUFFIX}/httpd/modules -install -m 0755 src/.libs/mod_auth_kerb.so \ - $PKG/usr/lib${LIBDIRSUFFIX}/httpd/modules/mod_auth_kerb.so - -mkdir -p $PKG/etc/httpd/extra -sed "s%@baselibdir@%lib${LIBDIRSUFFIX}%" $CWD/mod_auth_kerb.conf > \ - $PKG/etc/httpd/extra/mod_auth_kerb.conf.new - -find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ - | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true - -mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION -cp -a ChangeLog INSTALL LICENSE README $PKG/usr/doc/$PRGNAM-$VERSION -cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild - -mkdir -p $PKG/install -cat $CWD/slack-desc > $PKG/install/slack-desc -cat $CWD/doinst.sh > $PKG/install/doinst.sh - -cd $PKG -/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/network/mod_auth_kerb/mod_auth_kerb.c.patch b/network/mod_auth_kerb/mod_auth_kerb.c.patch deleted file mode 100644 index bbdf64f0a3..0000000000 --- a/network/mod_auth_kerb/mod_auth_kerb.c.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- src/mod_auth_kerb.c.orig 2011-11-14 22:54:54.457955883 +0100 -+++ src/mod_auth_kerb.c 2011-11-14 22:55:42.060334084 +0100 -@@ -89,6 +89,7 @@ - #include <krb5.h> - #ifdef HEIMDAL - # include <gssapi.h> -+# include <gssapi/gssapi_krb5.h> - #else - # include <gssapi/gssapi.h> - # include <gssapi/gssapi_generic.h> diff --git a/network/mod_auth_kerb/mod_auth_kerb.conf b/network/mod_auth_kerb/mod_auth_kerb.conf deleted file mode 100644 index a75e692bb6..0000000000 --- a/network/mod_auth_kerb/mod_auth_kerb.conf +++ /dev/null @@ -1,27 +0,0 @@ - -# The mod_auth_kerb module implements Kerberos authentication over -# HTTP, following the "Negotiate" protocol. -# - -LoadModule auth_kerb_module @baselibdir@/httpd/modules/mod_auth_kerb.so - -# -# Sample configuration: Kerberos authentication must only be -# used over SSL to prevent replay attacks. The keytab file -# configured must be readable only by the "apache" user, and -# must contain service keys for "HTTP/www.example.com", where -# "www.example.com" is the FQDN of this server. -# - -#<Location /private> -# SSLRequireSSL -# AuthType Kerberos -# AuthName "Kerberos Login" -# KrbMethodNegotiate On -# KrbMethodK5Passwd Off -# KrbAuthRealms EXAMPLE.COM -# Krb5KeyTab /etc/httpd/krb5.keytab -# require valid-user -#</Location> - - diff --git a/network/mod_auth_kerb/mod_auth_kerb.info b/network/mod_auth_kerb/mod_auth_kerb.info deleted file mode 100644 index 6856e6c854..0000000000 --- a/network/mod_auth_kerb/mod_auth_kerb.info +++ /dev/null @@ -1,10 +0,0 @@ -PRGNAM="mod_auth_kerb" -VERSION="5.4" -HOMEPAGE="http://modauthkerb.sourceforge.net/" -DOWNLOAD="http://fossies.org/unix/www/apache_httpd_modules/mod_auth_kerb-5.4.tar.gz" -MD5SUM="642b81763ad3ca81dba359cb952da5e3" -DOWNLOAD_x86_64="" -MD5SUM_x86_64="" -REQUIRES="heimdal" -MAINTAINER="Thibaut Notteboom" -EMAIL="tib@tibux.org" diff --git a/network/mod_auth_kerb/slack-desc b/network/mod_auth_kerb/slack-desc deleted file mode 100644 index f67744cb92..0000000000 --- a/network/mod_auth_kerb/slack-desc +++ /dev/null @@ -1,19 +0,0 @@ -# HOW TO EDIT THIS FILE: -# The "handy ruler" below makes it easier to edit a package description. Line -# up the first '|' above the ':' following the base package name, and the '|' -# on the right side marks the last column you can put a character in. You must -# make exactly 11 lines for the formatting to be correct. It's also -# customary to leave one space after the ':' except on otherwise blank lines. - - |-----handy-ruler------------------------------------------------------| -mod_auth_kerb: mod_auth_kerb (Kerberos Module for Apache) -mod_auth_kerb: -mod_auth_kerb: Mod_auth_kerb is an Apache module designed to provide Kerberos -mod_auth_kerb: authentication to the Apache web server. The module also supports -mod_auth_kerb: the Negotiate authentication method, which performs full Kerberos -mod_auth_kerb: authentication based on ticket exchanges, and does not require -mod_auth_kerb: users to insert their passwords to the browser. -mod_auth_kerb: -mod_auth_kerb: Homepage: http://modauthkerb.sourceforge.net/ -mod_auth_kerb: -mod_auth_kerb: diff --git a/network/mod_evasive/fixup-for-httpd24.diff b/network/mod_evasive/fixup-for-httpd24.diff new file mode 100644 index 0000000000..d6ae5a6ffc --- /dev/null +++ b/network/mod_evasive/fixup-for-httpd24.diff @@ -0,0 +1,84 @@ +diff -Nur mod_evasive.orig/mod_evasive20.c mod_evasive/mod_evasive20.c +--- mod_evasive.orig/mod_evasive20.c 2005-10-08 14:01:18.000000000 -0500 ++++ mod_evasive/mod_evasive20.c 2012-09-21 21:22:19.732985740 -0500 +@@ -139,11 +139,11 @@ + time_t t = time(NULL); + + /* Check whitelist */ +- if (is_whitelisted(r->connection->remote_ip)) ++ if (is_whitelisted(r->useragent_ip)) + return OK; + + /* First see if the IP itself is on "hold" */ +- n = ntt_find(hit_list, r->connection->remote_ip); ++ n = ntt_find(hit_list, r->useragent_ip); + + if (n != NULL && t-n->timestamp<blocking_period) { + +@@ -155,14 +155,14 @@ + } else { + + /* Has URI been hit too much? */ +- snprintf(hash_key, 2048, "%s_%s", r->connection->remote_ip, r->uri); ++ snprintf(hash_key, 2048, "%s_%s", r->useragent_ip, r->uri); + n = ntt_find(hit_list, hash_key); + if (n != NULL) { + + /* If URI is being hit too much, add to "hold" list and 403 */ + if (t-n->timestamp<page_interval && n->count>=page_count) { + ret = HTTP_FORBIDDEN; +- ntt_insert(hit_list, r->connection->remote_ip, time(NULL)); ++ ntt_insert(hit_list, r->useragent_ip, time(NULL)); + } else { + + /* Reset our hit count list as necessary */ +@@ -177,14 +177,14 @@ + } + + /* Has site been hit too much? */ +- snprintf(hash_key, 2048, "%s_SITE", r->connection->remote_ip); ++ snprintf(hash_key, 2048, "%s_SITE", r->useragent_ip); + n = ntt_find(hit_list, hash_key); + if (n != NULL) { + + /* If site is being hit too much, add to "hold" list and 403 */ + if (t-n->timestamp<site_interval && n->count>=site_count) { + ret = HTTP_FORBIDDEN; +- ntt_insert(hit_list, r->connection->remote_ip, time(NULL)); ++ ntt_insert(hit_list, r->useragent_ip, time(NULL)); + } else { + + /* Reset our hit count list as necessary */ +@@ -205,27 +205,27 @@ + struct stat s; + FILE *file; + +- snprintf(filename, sizeof(filename), "%s/dos-%s", log_dir != NULL ? log_dir : DEFAULT_LOG_DIR, r->connection->remote_ip); ++ snprintf(filename, sizeof(filename), "%s/dos-%s", log_dir != NULL ? log_dir : DEFAULT_LOG_DIR, r->useragent_ip); + if (stat(filename, &s)) { + file = fopen(filename, "w"); + if (file != NULL) { + fprintf(file, "%ld\n", getpid()); + fclose(file); + +- LOG(LOG_ALERT, "Blacklisting address %s: possible DoS attack.", r->connection->remote_ip); ++ LOG(LOG_ALERT, "Blacklisting address %s: possible DoS attack.", r->useragent_ip); + if (email_notify != NULL) { + snprintf(filename, sizeof(filename), MAILER, email_notify); + file = popen(filename, "w"); + if (file != NULL) { + fprintf(file, "To: %s\n", email_notify); +- fprintf(file, "Subject: HTTP BLACKLIST %s\n\n", r->connection->remote_ip); +- fprintf(file, "mod_evasive HTTP Blacklisted %s\n", r->connection->remote_ip); ++ fprintf(file, "Subject: HTTP BLACKLIST %s\n\n", r->useragent_ip); ++ fprintf(file, "mod_evasive HTTP Blacklisted %s\n", r->useragent_ip); + pclose(file); + } + } + + if (system_command != NULL) { +- snprintf(filename, sizeof(filename), system_command, r->connection->remote_ip); ++ snprintf(filename, sizeof(filename), system_command, r->useragent_ip); + system(filename); + } + |