]>
Commit | Line | Data |
---|---|---|
8b1bf3fc | 1 | %define mod_name auth_shadow |
45c29b9b | 2 | %define apxs /usr/sbin/apxs |
3 | Summary: Apache module: authenticating against a /etc/shadow file | |
af37dc39 | 4 | Summary(pl.UTF-8): Moduł do apache: autoryzacja przez plik /etc/shadow |
45c29b9b | 5 | Name: apache-mod_%{mod_name} |
b24f7094 | 6 | Version: 2.3 |
45c29b9b | 7 | Release: 0.1 |
8 | License: GPL | |
3a48732a | 9 | Group: Networking/Daemons/HTTP |
8b1bf3fc | 10 | Source0: http://dl.sourceforge.net/mod-auth-shadow/mod_auth_shadow-%{version}.tar.gz |
b24f7094 | 11 | # Source0-md5: 3a7c4e053edd148a18d1eeee54cb73f7 |
8b1bf3fc ER |
12 | Patch0: %{name}-make.patch |
13 | URL: http://mod-auth-shadow.sourceforge.net/ | |
11084a24 | 14 | BuildRequires: %{apxs} |
2de290eb | 15 | BuildRequires: apache-devel >= 2.0 |
d7a4c6d4 | 16 | BuildRequires: rpmbuild(macros) >= 1.268 |
2de290eb | 17 | Requires: apache(modules-api) = %apache_modules_api |
8b1bf3fc | 18 | Obsoletes: apache-mod_auth-shadow |
45c29b9b | 19 | BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) |
20 | ||
2de290eb | 21 | %define _pkglibdir %(%{apxs} -q LIBEXECDIR 2>/dev/null) |
93304dea | 22 | %define _sysconfdir %(%{apxs} -q SYSCONFDIR 2>/dev/null)/conf.d |
45c29b9b | 23 | |
24 | %description | |
8b1bf3fc ER |
25 | mod_auth_shadow is an Apache module for authenticating users via an |
26 | /etc/shadow file. | |
27 | ||
28 | When performing this task one encounters one fundamental difficulty: | |
ad2edfc8 | 29 | the /etc/shadow file is supposed to be read/writeable only by root. |
8b1bf3fc | 30 | However, the webserver is supposed to run under a non-root user, such |
ad2edfc8 | 31 | as "http". |
8b1bf3fc ER |
32 | |
33 | mod_auth_shadow addresses this difficulty by opening a pipe to an suid | |
34 | root program, validate, which does the actual validation. When there | |
35 | is a failure, validate writes an error message to the system log, and | |
36 | waits three seconds before exiting. | |
45c29b9b | 37 | |
abb98b47 JR |
38 | %description -l pl.UTF-8 |
39 | mod_auth_shadow to moduł Apache'a do uwierzytelniania użytkowników | |
ad2edfc8 JB |
40 | poprzez plik /etc/shadow. |
41 | ||
abb98b47 JR |
42 | Przy wykonywaniu tego zadania jest jedna zasadnicza trudność: plik |
43 | /etc/shadow może być odczytywany/zapisywany tylko przez roota. Jednak | |
44 | serwer WWW ma działać z prawami użytkownika innego niż root, takiego | |
ad2edfc8 JB |
45 | jak "http". |
46 | ||
47 | mod_auth_shadow obchodzi ten problem poprzez otwieranie potoku do | |
abb98b47 JR |
48 | programu z ustawionym atrybutem suid root - validate - wykonującego |
49 | właściwe sprawdzanie hasła. W przypadku błędu validate zapisuje | |
50 | komunikat do loga systemowego i czeka trzy sekundy przed zakończeniem. | |
45c29b9b | 51 | |
52 | %prep | |
78f0c3ca | 53 | %setup -q -n mod_%{mod_name}_%{version} |
45c29b9b | 54 | %patch0 -p1 |
55 | ||
56 | %build | |
8b1bf3fc ER |
57 | %{__make} \ |
58 | CC="%{__cc}" \ | |
59 | INSTBINDIR=%{_sbindir} \ | |
60 | APXS=%{apxs} | |
45c29b9b | 61 | |
45c29b9b | 62 | %install |
63 | rm -rf $RPM_BUILD_ROOT | |
93304dea | 64 | install -d $RPM_BUILD_ROOT{%{_pkglibdir},%{_sbindir},%{_sysconfdir}} |
45c29b9b | 65 | |
93304dea ER |
66 | install -p .libs/mod_%{mod_name}.so $RPM_BUILD_ROOT%{_pkglibdir} |
67 | # XXX: too generic name | |
68 | install -p validate $RPM_BUILD_ROOT%{_sbindir} | |
3f0f6c1e | 69 | echo 'LoadModule %{mod_name}_module modules/mod_%{mod_name}.so' > \ |
93304dea | 70 | $RPM_BUILD_ROOT%{_sysconfdir}/90_mod_%{mod_name}.conf |
45c29b9b | 71 | |
72 | %clean | |
73 | rm -rf $RPM_BUILD_ROOT | |
74 | ||
75 | %post | |
d7a4c6d4 | 76 | %service -q httpd restart |
45c29b9b | 77 | |
a5542484 | 78 | %postun |
45c29b9b | 79 | if [ "$1" = "0" ]; then |
d7a4c6d4 | 80 | %service -q httpd restart |
45c29b9b | 81 | fi |
82 | ||
83 | %files | |
84 | %defattr(644,root,root,755) | |
8b1bf3fc | 85 | %doc CHANGES INSTALL README |
93304dea | 86 | %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/*_mod_%{mod_name}.conf |
3f0f6c1e | 87 | %attr(755,root,root) %{_pkglibdir}/*.so |
ad2edfc8 | 88 | %attr(4755,root,root) %{_sbindir}/validate |