]>
Commit | Line | Data |
---|---|---|
8b1bf3fc | 1 | %define mod_name auth_shadow |
45c29b9b | 2 | %define apxs /usr/sbin/apxs |
3 | Summary: Apache module: authenticating against a /etc/shadow file | |
af37dc39 | 4 | Summary(pl.UTF-8): Moduł do apache: autoryzacja przez plik /etc/shadow |
45c29b9b | 5 | Name: apache-mod_%{mod_name} |
8b1bf3fc | 6 | Version: 2.1 |
45c29b9b | 7 | Release: 0.1 |
8 | License: GPL | |
9 | Group: Networking/Daemons | |
8b1bf3fc ER |
10 | Source0: http://dl.sourceforge.net/mod-auth-shadow/mod_auth_shadow-%{version}.tar.gz |
11 | # Source0-md5: 564f11a9d19ea546673644fdacb928e7 | |
12 | Patch0: %{name}-make.patch | |
13 | URL: http://mod-auth-shadow.sourceforge.net/ | |
11084a24 | 14 | BuildRequires: %{apxs} |
2de290eb | 15 | BuildRequires: apache-devel >= 2.0 |
d7a4c6d4 | 16 | BuildRequires: rpmbuild(macros) >= 1.268 |
2de290eb | 17 | Requires: apache(modules-api) = %apache_modules_api |
8b1bf3fc | 18 | Obsoletes: apache-mod_auth-shadow |
45c29b9b | 19 | BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) |
20 | ||
2de290eb ER |
21 | %define _pkglibdir %(%{apxs} -q LIBEXECDIR 2>/dev/null) |
22 | %define _sysconfdir %(%{apxs} -q SYSCONFDIR 2>/dev/null) | |
45c29b9b | 23 | |
24 | %description | |
8b1bf3fc ER |
25 | mod_auth_shadow is an Apache module for authenticating users via an |
26 | /etc/shadow file. | |
27 | ||
28 | When performing this task one encounters one fundamental difficulty: | |
ad2edfc8 | 29 | the /etc/shadow file is supposed to be read/writeable only by root. |
8b1bf3fc | 30 | However, the webserver is supposed to run under a non-root user, such |
ad2edfc8 | 31 | as "http". |
8b1bf3fc ER |
32 | |
33 | mod_auth_shadow addresses this difficulty by opening a pipe to an suid | |
34 | root program, validate, which does the actual validation. When there | |
35 | is a failure, validate writes an error message to the system log, and | |
36 | waits three seconds before exiting. | |
45c29b9b | 37 | |
abb98b47 JR |
38 | %description -l pl.UTF-8 |
39 | mod_auth_shadow to moduł Apache'a do uwierzytelniania użytkowników | |
ad2edfc8 JB |
40 | poprzez plik /etc/shadow. |
41 | ||
abb98b47 JR |
42 | Przy wykonywaniu tego zadania jest jedna zasadnicza trudność: plik |
43 | /etc/shadow może być odczytywany/zapisywany tylko przez roota. Jednak | |
44 | serwer WWW ma działać z prawami użytkownika innego niż root, takiego | |
ad2edfc8 JB |
45 | jak "http". |
46 | ||
47 | mod_auth_shadow obchodzi ten problem poprzez otwieranie potoku do | |
abb98b47 JR |
48 | programu z ustawionym atrybutem suid root - validate - wykonującego |
49 | właściwe sprawdzanie hasła. W przypadku błędu validate zapisuje | |
50 | komunikat do loga systemowego i czeka trzy sekundy przed zakończeniem. | |
45c29b9b | 51 | |
52 | %prep | |
8b1bf3fc | 53 | %setup -q -n mod_%{mod_name}-%{version} |
45c29b9b | 54 | %patch0 -p1 |
55 | ||
56 | %build | |
8b1bf3fc ER |
57 | %{__make} \ |
58 | CC="%{__cc}" \ | |
59 | INSTBINDIR=%{_sbindir} \ | |
60 | APXS=%{apxs} | |
45c29b9b | 61 | |
45c29b9b | 62 | %install |
63 | rm -rf $RPM_BUILD_ROOT | |
2de290eb | 64 | install -d $RPM_BUILD_ROOT{%{_pkglibdir},%{_sbindir},%{_sysconfdir}/httpd.conf} |
45c29b9b | 65 | |
8b1bf3fc | 66 | install .libs/mod_%{mod_name}.so $RPM_BUILD_ROOT%{_pkglibdir} |
45c29b9b | 67 | install validate $RPM_BUILD_ROOT%{_sbindir} |
3f0f6c1e | 68 | echo 'LoadModule %{mod_name}_module modules/mod_%{mod_name}.so' > \ |
2de290eb | 69 | $RPM_BUILD_ROOT%{_sysconfdir}/httpd.conf/90_mod_%{mod_name}.conf |
45c29b9b | 70 | |
71 | %clean | |
72 | rm -rf $RPM_BUILD_ROOT | |
73 | ||
74 | %post | |
d7a4c6d4 | 75 | %service -q httpd restart |
45c29b9b | 76 | |
a5542484 | 77 | %postun |
45c29b9b | 78 | if [ "$1" = "0" ]; then |
d7a4c6d4 | 79 | %service -q httpd restart |
45c29b9b | 80 | fi |
81 | ||
82 | %files | |
83 | %defattr(644,root,root,755) | |
8b1bf3fc | 84 | %doc CHANGES INSTALL README |
2de290eb | 85 | %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/httpd.conf/*_mod_%{mod_name}.conf |
3f0f6c1e | 86 | %attr(755,root,root) %{_pkglibdir}/*.so |
ad2edfc8 | 87 | %attr(4755,root,root) %{_sbindir}/validate |