[patch] metamail and apache-mod_auth_pam

[Jérôme Augé]

Hi,

Here are two small issues (with proposed fix) I found using theses packages.

1) metamail

The metasend command uses the tempfile command which is not available on
PLD and seems to be debian specific (can be found in the debianutils
package on Debian).

So, I modified my metasend to use mktemp instead of tempfile
(metasend-mktemp.patch).

2) apache-mod_auth_pam

apache-mod_auth_pam is not compatible with Apache >= 2.1, as they have
changed the authn/authz mechanism.

I gave a look at Fedora Core package and found that they patched their
Apache 2.2 to provide a kind of fallback that allows the original
apache-mod_auth_pam to work (httpd-2.2.0-authnoprov.patch).

I also noticed that there is a new apache-mod_authn_pam modules that
uses the new 2.2 authn/authz mechanism.

So, we can mark apache-mod_auth_pam with a "Requires: Apache < 2.1" and
integrate apache-mod_authn_pam for Apache >= 2.1, or patch Apache like
Fedora did and keep the original apache-mod_auth_pam.

I made a package for apache-mod_authn_pam (based on apache-mod_auth_pam)
and I also included a custom patch that introduce an optionnal directive
AuthnPAMService that allows you to select a different pam file than the
standard /etc/pam.d/httpd (that way you can protect different part of
your website with different pam file : "AuthnPAMService foo" will use
/etc/pam.d/foo)

I did not include the apache-mod_authn_pam.src.rpm as it makes the 
message too big for the list.

Regards,
Jérôme Augé
-------------- next part --------------
--- metasend.orig	2006-09-08 16:05:11.000000000 +0200
+++ metasend	2006-09-08 16:08:52.000000000 +0200
@@ -454,7 +454,7 @@
 eval isentity${multipart}=$isentity
 eval encodingprog${multipart}=\"\$encodingprog\"
 
-fname=`tempfile -p metamail -m 600`
+fname=`mktemp /tmp/metasend.XXXXXXX` || exit 1
 echo "MIME-Version: 1.0" > $fname
 
 if test ! -z "${to:-}"

-------------- next part --------------
--- httpd-2.2.0/modules/aaa/mod_authn_file.c.authnoprov
+++ httpd-2.2.0/modules/aaa/mod_authn_file.c
@@ -70,6 +70,10 @@
     apr_status_t status;
     char *file_password = NULL;

+    if (!conf->pwfile) {
+        return AUTH_GENERAL_ERROR;
+    }
+
     status = ap_pcfg_openfile(&f, r->pool, conf->pwfile);

     if (status != APR_SUCCESS) {
--- httpd-2.2.0/modules/aaa/mod_auth_basic.c.authnoprov
+++ httpd-2.2.0/modules/aaa/mod_auth_basic.c
@@ -252,6 +252,14 @@
             return DECLINED;
         }

+        /* If no providers were configured, and the default file
+         * provider gave a general error (which will happen only if
+         * has not been configured), presume that a non-provider-based
+         * authn module is configured, and get out of the way. */
+        if (!conf->providers && auth_result == AUTH_GENERAL_ERROR) {
+            return DECLINED;
+        }
+
         switch (auth_result) {
         case AUTH_DENIED:
             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,