Index: /package_tags/libapache2-mod-auth-sslcert/1.1.1+svn829-2/Makefile.in
===================================================================
--- /package_tags/libapache2-mod-auth-sslcert/1.1.1+svn829-2/Makefile.in	(revision 1802)
+++ /package_tags/libapache2-mod-auth-sslcert/1.1.1+svn829-2/Makefile.in	(revision 1802)
@@ -0,0 +1,17 @@
+APXS = apxs
+
+MODS = mod_auth_sslcert mod_authz_afsgroup mod_auth_optional mod_vhost_ldap
+
+all-local: $(patsubst %,.libs/%.so,$(MODS))
+
+APXSFLAGS_mod_vhost_ldap = -Wc,-DMOD_VHOST_LDAP_VERSION=\\\"mod_vhost_ldap/1.2.0scripts\\\" -lldap_r
+
+.libs/%.so: %.c
+	$(APXS) $(APXSFLAGS_$*) -c $<
+
+clean:
+	rm -f $(MODS:=.o) $(MODS:=.la) $(MODS:=.lo) $(MODS:=.slo)
+	rm -rf .libs
+
+distclean: clean
+	rm -f config.log config.cache config.status Makefile
Index: /package_tags/libapache2-mod-auth-sslcert/1.1.1+svn829-2/configure.in
===================================================================
--- /package_tags/libapache2-mod-auth-sslcert/1.1.1+svn829-2/configure.in	(revision 1802)
+++ /package_tags/libapache2-mod-auth-sslcert/1.1.1+svn829-2/configure.in	(revision 1802)
@@ -0,0 +1,5 @@
+AC_INIT()
+
+AC_PROG_CC
+
+AC_OUTPUT(Makefile)
Index: /package_tags/libapache2-mod-auth-sslcert/1.1.1+svn829-2/debian/auth_sslcert.load
===================================================================
--- /package_tags/libapache2-mod-auth-sslcert/1.1.1+svn829-2/debian/auth_sslcert.load	(revision 1802)
+++ /package_tags/libapache2-mod-auth-sslcert/1.1.1+svn829-2/debian/auth_sslcert.load	(revision 1802)
@@ -0,0 +1,1 @@
+LoadModule auth_sslcert_module /usr/lib/apache2/modules/mod_auth_sslcert.so
Index: /package_tags/libapache2-mod-auth-sslcert/1.1.1+svn829-2/debian/changelog
===================================================================
--- /package_tags/libapache2-mod-auth-sslcert/1.1.1+svn829-2/debian/changelog	(revision 1802)
+++ /package_tags/libapache2-mod-auth-sslcert/1.1.1+svn829-2/debian/changelog	(revision 1802)
@@ -0,0 +1,19 @@
+libapache2-mod-auth-sslcert (1.1.1+svn829-2) unstable; urgency=low
+
+  * Remove confusing COPYRIGHT file
+
+ -- Evan Broder <broder@mit.edu>  Sun, 23 Nov 2008 07:22:45 -0500
+
+libapache2-mod-auth-sslcert (1.1.1+svn829-1) unstable; urgency=low
+
+  * Take upstream changes to the Makefile
+  * Do some more cleaning up of our own
+
+ -- Evan Broder <broder@mit.edu>  Sun, 09 Nov 2008 00:04:13 -0500
+
+libapache2-mod-auth-sslcert (1.1.1-1) unstable; urgency=low
+
+  * Initial release.
+
+ -- Evan Broder <broder@mit.edu>  Mon, 14 Jul 2008 21:32:33 -0400
+
Index: /package_tags/libapache2-mod-auth-sslcert/1.1.1+svn829-2/debian/compat
===================================================================
--- /package_tags/libapache2-mod-auth-sslcert/1.1.1+svn829-2/debian/compat	(revision 1802)
+++ /package_tags/libapache2-mod-auth-sslcert/1.1.1+svn829-2/debian/compat	(revision 1802)
@@ -0,0 +1,1 @@
+5
Index: /package_tags/libapache2-mod-auth-sslcert/1.1.1+svn829-2/debian/control
===================================================================
--- /package_tags/libapache2-mod-auth-sslcert/1.1.1+svn829-2/debian/control	(revision 1802)
+++ /package_tags/libapache2-mod-auth-sslcert/1.1.1+svn829-2/debian/control	(revision 1802)
@@ -0,0 +1,15 @@
+Source: libapache2-mod-auth-sslcert
+Section: web
+Priority: extra
+Maintainer: Evan Broder <broder@mit.edu>
+Build-Depends: cdbs, debhelper (>= 5), apache2-threaded-dev
+Standards-Version: 3.7.2
+
+Package: libapache2-mod-auth-sslcert
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, apache2.2-common
+Description: Apache2 module providing authentication with SSL certs
+ mod_auth_sslcert implements authentication routines using SSL
+ client-side certs.
+ .
+ This package provides the module for Apache 2.0 server.
Index: /package_tags/libapache2-mod-auth-sslcert/1.1.1+svn829-2/debian/copyright
===================================================================
--- /package_tags/libapache2-mod-auth-sslcert/1.1.1+svn829-2/debian/copyright	(revision 1802)
+++ /package_tags/libapache2-mod-auth-sslcert/1.1.1+svn829-2/debian/copyright	(revision 1802)
@@ -0,0 +1,35 @@
+This package was debianized by Evan Broder <broder@mit.edu> on
+Mon, 14 Jul 2008 21:32:33 -0400.
+
+It was downloaded from
+<https://scripts.mit.edu:1111/server/common/oursrc/httpdmods/>
+
+Upstream Author: 
+
+    Anders Kaseorg <andersk@mit.edu>
+
+Copyright: 
+
+    Copyright (C) 2007 Anders Kaseorg
+
+License:
+
+    This package is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+ 
+    This package is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+ 
+    You should have received a copy of the GNU General Public License
+    along with this package; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
+
+On Debian systems, the complete text of the GNU General
+Public License can be found in `/usr/share/common-licenses/GPL'.
+
+The Debian packaging is (C) 2008, Evan Broder <broder@mit.edu> and
+is licensed under the GPL, see above.
Index: /package_tags/libapache2-mod-auth-sslcert/1.1.1+svn829-2/debian/install
===================================================================
--- /package_tags/libapache2-mod-auth-sslcert/1.1.1+svn829-2/debian/install	(revision 1802)
+++ /package_tags/libapache2-mod-auth-sslcert/1.1.1+svn829-2/debian/install	(revision 1802)
@@ -0,0 +1,2 @@
+.libs/mod_auth_sslcert.so usr/lib/apache2/modules
+debian/auth_sslcert.load etc/apache2/mods-available
Index: /package_tags/libapache2-mod-auth-sslcert/1.1.1+svn829-2/debian/rules
===================================================================
--- /package_tags/libapache2-mod-auth-sslcert/1.1.1+svn829-2/debian/rules	(revision 1802)
+++ /package_tags/libapache2-mod-auth-sslcert/1.1.1+svn829-2/debian/rules	(revision 1802)
@@ -0,0 +1,12 @@
+#!/usr/bin/make -f
+
+DEB_AUTO_UPDATE_AUTOCONF = 1
+
+include /usr/share/cdbs/1/rules/debhelper.mk
+include /usr/share/cdbs/1/class/autotools.mk
+
+DEB_MAKE_BUILD_TARGET = .libs/mod_auth_sslcert.so APXS="apxs2"
+DEB_MAKE_INSTALL_TARGET = 
+
+clean::
+	rm -f configure
Index: /package_tags/libapache2-mod-auth-sslcert/1.1.1+svn829-2/mod_auth_sslcert.c
===================================================================
--- /package_tags/libapache2-mod-auth-sslcert/1.1.1+svn829-2/mod_auth_sslcert.c	(revision 1802)
+++ /package_tags/libapache2-mod-auth-sslcert/1.1.1+svn829-2/mod_auth_sslcert.c	(revision 1802)
@@ -0,0 +1,170 @@
+/* mod_auth_sslcert
+ * version 1.1.1, released 2007-10-01
+ * Anders Kaseorg <andersk@mit.edu>
+ *
+ * This module does authentication based on SSL client certificates:
+ *   AuthType SSLCert
+ *   AuthSSLCertVar SSL_CLIENT_S_DN_Email
+ *   AuthSSLCertStripSuffix "@MIT.EDU"
+ */
+
+#include "apr_strings.h"
+#define APR_WANT_STRFUNC        /* for strcasecmp */
+#include "apr_want.h"
+
+#include "ap_config.h"
+#include "httpd.h"
+#include "http_config.h"
+#include "http_core.h"
+#include "http_log.h"
+#include "http_request.h"
+
+#include "mod_auth.h"
+#include "mod_ssl.h"
+
+static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *ssl_var_lookup;
+
+typedef struct {
+    int authoritative;
+    char *var;
+    char *strip_suffix;
+    int strip_suffix_required;
+} auth_sslcert_config_rec;
+
+static void *create_auth_sslcert_dir_config(apr_pool_t *p, char *dirspec)
+{
+    auth_sslcert_config_rec *conf = apr_pcalloc(p, sizeof(*conf));
+
+    conf->authoritative = -1;
+    conf->var = NULL;
+    conf->strip_suffix = NULL;
+    conf->strip_suffix_required = -1;
+
+    return conf;
+}
+
+static void *merge_auth_sslcert_dir_config(apr_pool_t *p, void *parent_conf, void *newloc_conf)
+{
+    auth_sslcert_config_rec *pconf = parent_conf, *nconf = newloc_conf,
+	*conf = apr_pcalloc(p, sizeof(*conf));
+
+    conf->authoritative = (nconf->authoritative != -1) ?
+	nconf->authoritative : pconf->authoritative;
+    conf->var = (nconf->var != NULL) ?
+	nconf->var : pconf->var;
+    conf->strip_suffix = (nconf->var != NULL || nconf->strip_suffix != NULL) ?
+	nconf->strip_suffix : pconf->strip_suffix;
+    conf->strip_suffix_required = (nconf->var != NULL || nconf->strip_suffix_required != -1) ?
+	nconf->authoritative : pconf->authoritative;
+
+    return conf;
+}
+
+static const command_rec auth_sslcert_cmds[] =
+{
+    AP_INIT_FLAG("AuthSSLCertAuthoritative", ap_set_flag_slot,
+                 (void *)APR_OFFSETOF(auth_sslcert_config_rec, authoritative),
+                 OR_AUTHCFG,
+                 "Set to 'Off' to allow access control to be passed along to "
+                 "lower modules if the UserID is not known to this module"),
+    AP_INIT_TAKE1("AuthSSLCertVar", ap_set_string_slot,
+		  (void*)APR_OFFSETOF(auth_sslcert_config_rec, var),
+		  OR_AUTHCFG,
+		  "SSL variable to use as the username"),
+    AP_INIT_TAKE1("AuthSSLCertStripSuffix", ap_set_string_slot,
+		  (void*)APR_OFFSETOF(auth_sslcert_config_rec, strip_suffix),
+		  OR_AUTHCFG,
+		  "An optional suffix to strip from the username"),
+    AP_INIT_FLAG("AuthSSLCertStripSuffixRequired", ap_set_flag_slot,
+		 (void *)APR_OFFSETOF(auth_sslcert_config_rec, strip_suffix_required),
+		 OR_AUTHCFG,
+		 "Set to 'Off' to allow certs that don't end with a recognized "
+		 "suffix to still authenticate"),
+    {NULL}
+};
+
+module AP_MODULE_DECLARE_DATA auth_sslcert_module;
+
+static int authenticate_sslcert_user(request_rec *r)
+{
+    auth_sslcert_config_rec *conf = ap_get_module_config(r->per_dir_config,
+							 &auth_sslcert_module);
+    const char *current_auth;
+
+    /* Are we configured to be SSLCert auth? */
+    current_auth = ap_auth_type(r);
+    if (!current_auth || strcasecmp(current_auth, "SSLCert") != 0) {
+        return DECLINED;
+    }
+
+    r->ap_auth_type = "SSLCert";
+
+    if (strcasecmp((char *)ssl_var_lookup(r->pool, r->server, r->connection, r,
+					  "SSL_CLIENT_VERIFY"),
+		   "SUCCESS") == 0) {
+	if (conf->var == NULL) {
+	    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+			  "AuthSSLCertVar is not set: \"%s\"", r->uri);
+	    return HTTP_INTERNAL_SERVER_ERROR;
+	}
+	char *user = (char *)ssl_var_lookup(r->pool, r->server, r->connection, r,
+					    conf->var);
+	if (user != NULL && user[0] != '\0') {
+	    if (conf->strip_suffix != NULL) {
+		int i = strlen(user) - strlen(conf->strip_suffix);
+		if (i >= 0 && strcasecmp(user + i, conf->strip_suffix) == 0) {
+		    r->user = apr_pstrmemdup(r->pool, user, i);
+		    return OK;
+		} else if (!conf->strip_suffix_required) {
+		    r->user = user;
+		    return OK;
+		} else {
+		    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+				  "SSL username for \"%s\" has wrong suffix: \"%s\"",
+				  r->uri, user);
+		}
+	    } else {
+		r->user = user;
+		return OK;
+	    }
+	} else {
+	    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+			  "no SSL username for \"%s\"", r->uri);
+	}
+    } else if (conf->authoritative) {
+	ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+		      "SSL client not verified for \"%s\"", r->uri);
+    }
+
+    /* If we're not authoritative, then any error is ignored. */
+    if (!conf->authoritative) {
+	return DECLINED;
+    }
+
+    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+		  "SSLCert authentication failure for \"%s\"",
+		  r->uri);
+    return HTTP_UNAUTHORIZED;
+}
+
+static void import_ssl_var_lookup()
+{
+    ssl_var_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup);
+}
+
+static void register_hooks(apr_pool_t *p)
+{
+    ap_hook_check_user_id(authenticate_sslcert_user, NULL, NULL, APR_HOOK_MIDDLE);
+    ap_hook_optional_fn_retrieve(import_ssl_var_lookup, NULL, NULL, APR_HOOK_MIDDLE);
+}
+
+module AP_MODULE_DECLARE_DATA auth_sslcert_module =
+{
+    STANDARD20_MODULE_STUFF,
+    create_auth_sslcert_dir_config,  /* dir config creater */
+    merge_auth_sslcert_dir_config,   /* dir merger */
+    NULL,                            /* server config */
+    NULL,                            /* merge server config */
+    auth_sslcert_cmds,               /* command apr_table_t */
+    register_hooks                   /* register hooks */
+};