pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/ap2-auth-mellon mod_auth_mellon is a authenticatio...
details: https://anonhg.NetBSD.org/pkgsrc/rev/1c1ffffd6e21
branches: trunk
changeset: 555456:1c1ffffd6e21
user: manu <manu%pkgsrc.org@localhost>
date: Mon Mar 02 16:47:42 2009 +0000
description:
mod_auth_mellon is a authentication module for apache. It authenticates
the user against a SAML 2.0 IdP, and and grants access to directories
depending on attributes received from the IdP.
diffstat:
www/ap2-auth-mellon/DESCR | 3 +
www/ap2-auth-mellon/MESSAGE | 9 ++
www/ap2-auth-mellon/Makefile | 35 ++++++++++
www/ap2-auth-mellon/PLIST | 2 +
www/ap2-auth-mellon/distinfo | 6 +
www/ap2-auth-mellon/patches/patch-aa | 114 +++++++++++++++++++++++++++++++++++
6 files changed, 169 insertions(+), 0 deletions(-)
diffs (193 lines):
diff -r 70ddd53b80f6 -r 1c1ffffd6e21 www/ap2-auth-mellon/DESCR
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/ap2-auth-mellon/DESCR Mon Mar 02 16:47:42 2009 +0000
@@ -0,0 +1,3 @@
+mod_auth_mellon is a authentication module for apache. It authenticates
+the user against a SAML 2.0 IdP, and and grants access to directories
+depending on attributes received from the IdP.
diff -r 70ddd53b80f6 -r 1c1ffffd6e21 www/ap2-auth-mellon/MESSAGE
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/ap2-auth-mellon/MESSAGE Mon Mar 02 16:47:42 2009 +0000
@@ -0,0 +1,9 @@
+===========================================================================
+$NetBSD: MESSAGE,v 1.1.1.1 2009/03/02 16:47:42 manu Exp $
+
+In order to use this module in your Apache installation, you need to
+add the following to your httpd.conf file:
+
+ LoadModule auth_mellon_module lib/httpd/mod_auth_mellon.so
+
+===========================================================================
diff -r 70ddd53b80f6 -r 1c1ffffd6e21 www/ap2-auth-mellon/Makefile
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/ap2-auth-mellon/Makefile Mon Mar 02 16:47:42 2009 +0000
@@ -0,0 +1,35 @@
+# $NetBSD: Makefile,v 1.1.1.1 2009/03/02 16:47:42 manu Exp $
+#
+
+PKGNAME= ${APACHE_PKG_PREFIX}-auth-mellon
+DISTNAME= mod_auth_mellon-0.1.0
+CATEGORIES= www security
+MASTER_SITES= http://modmellon.googlecode.com/files/
+
+MAINTAINER= manu%NetBSD.org@localhost
+HOMEPAGE= http://code.google.com/p/modmellon/
+COMMENT= SAML 2.0 authentication for Apache
+
+PKG_DESTDIR_SUPPORT= destdir
+
+GNU_CONFIGURE= YES
+USE_LIBTOOL= YES
+USE_TOOLS+= pkg-config
+
+APACHE_MODULE= YES
+APACHE_MODULE_NAME= auth_mellon_module
+PKG_APACHE_ACCEPTED= apache2 apache22
+.include "../../mk/apache.mk"
+BUILDLINK_API_DEPENDS.apache+= apache>=2.0.47
+
+CONFIGURE_ENV+= PKG_CONFIG_PATH=${PREFIX}/lib/pkgconfig
+CONFIGURE_ENV+= OPENSSL_CFLAGS="${CPPFLAGS}"
+CONFIGURE_ENV+= OPENSSL_LIBS="-L${PREFIX}/lib -lssl -lcrypto"
+CONFIGURE_ARGS+= --with-apxs=${APXS:Q}
+
+# url2pkg-marker (please do not remove this line.)
+
+.include "../../security/lasso/buildlink3.mk"
+.include "../../www/curl/buildlink3.mk"
+
+.include "../../mk/bsd.pkg.mk"
diff -r 70ddd53b80f6 -r 1c1ffffd6e21 www/ap2-auth-mellon/PLIST
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/ap2-auth-mellon/PLIST Mon Mar 02 16:47:42 2009 +0000
@@ -0,0 +1,2 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 2009/03/02 16:47:42 manu Exp $
+lib/httpd/mod_auth_mellon.so
diff -r 70ddd53b80f6 -r 1c1ffffd6e21 www/ap2-auth-mellon/distinfo
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/ap2-auth-mellon/distinfo Mon Mar 02 16:47:42 2009 +0000
@@ -0,0 +1,6 @@
+$NetBSD: distinfo,v 1.1.1.1 2009/03/02 16:47:42 manu Exp $
+
+SHA1 (mod_auth_mellon-0.1.0.tar.gz) = d8f20efa3165a55bdc05526bf2077c182cd3bb80
+RMD160 (mod_auth_mellon-0.1.0.tar.gz) = 2c347b2a28867a5d0e3d1c0716e25a6e7d7756c8
+Size (mod_auth_mellon-0.1.0.tar.gz) = 74563 bytes
+SHA1 (patch-aa) = 0a9d7ec8b672b21ad828fde64a75b709cdbf808a
diff -r 70ddd53b80f6 -r 1c1ffffd6e21 www/ap2-auth-mellon/patches/patch-aa
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/ap2-auth-mellon/patches/patch-aa Mon Mar 02 16:47:42 2009 +0000
@@ -0,0 +1,114 @@
+$NetBSD: patch-aa,v 1.1.1.1 2009/03/02 16:47:42 manu Exp $
+Index: auth_mellon_cookie.c
+===================================================================
+--- auth_mellon_cookie.c (revision 39)
++++ auth_mellon_cookie.c (working copy)
+@@ -140,13 +140,18 @@
+ {
+ const char *name;
+ char *cookie;
++ int secure_cookie;
+
+ if (id == NULL)
+ return;
+
++ secure_cookie = ((am_dir_cfg_rec *)am_get_dir_cfg(r))->secure;
+ name = am_cookie_name(r);
+
+- cookie = apr_psprintf(r->pool, "%s=%s; Version=1; Path=/", name, id);
++ cookie = apr_psprintf(r->pool,
++ "%s=%s; Version=1; Path=/; Domain=%s%s;",
++ name, id, r->server->server_hostname,
++ secure_cookie ? "; HttpOnly; secure" : "");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
+ "cookie_set: %s", cookie);
+
+Index: auth_mellon.h
+===================================================================
+--- auth_mellon.h (revision 39)
++++ auth_mellon.h (working copy)
+@@ -127,6 +127,7 @@
+ am_decoder_t decoder;
+
+ const char *varname;
++ int secure;
+ apr_hash_t *require;
+ apr_hash_t *envattr;
+ const char *userattr;
+Index: README
+===================================================================
+--- README (revision 39)
++++ README (working copy)
+@@ -161,6 +161,13 @@
+ # Default: "cookie"
+ MellonVariable "cookie"
+
++ # MellonSecureCookie enforces the HttpOnly and secure flags
++ # for the mod_mellon cookie
++ # Default: Off
++ MellonSecureCookie On
++
++ # MellonSecureCookie enforces the HttpOnly and secure flags
++ # for the mod_mellon cookie
+ # MellonUser selects which attribute we should use for the username.
+ # The username is passed on to other apache modules and to the web
+ # page the user visits. NAME_ID is an attribute which we set to
+@@ -257,7 +264,6 @@
+ # certificate for the IdP.
+ # Default: None set.
+ MellonIdPCAFile /etc/apache2/mellon/ca.pem
+-
+ </Location>
+
+
+Index: auth_mellon_config.c
+===================================================================
+--- auth_mellon_config.c (revision 39)
++++ auth_mellon_config.c (working copy)
+@@ -39,6 +39,10 @@
+ */
+ static const char *default_cookie_name = "cookie";
+
++/* The default setting for cookie flags is to not enforce HttpOnly and secure
++ */
++static const int default_secure_cookie = 0;
++
+ /* This is the default IdP initiated login location
+ * the MellonDefaultLoginPath configuration directive if you change this.
+ */
+@@ -352,6 +356,14 @@
+ " be 'mellon-cookie'."
+ ),
+ AP_INIT_TAKE1(
++ "MellonSecureCookie",
++ ap_set_flag_slot,
++ (void *)APR_OFFSETOF(am_dir_cfg_rec, secure),
++ OR_AUTHCFG,
++ "Whether the cookie set by auth_mellon should have HttpOnly and"
++ " secure flags set. Default is off."
++ ),
++ AP_INIT_TAKE1(
+ "MellonUser",
+ ap_set_string_slot,
+ (void *)APR_OFFSETOF(am_dir_cfg_rec, userattr),
+@@ -480,6 +492,7 @@
+ dir->decoder = am_decoder_default;
+
+ dir->varname = default_cookie_name;
++ dir->secure = default_secure_cookie;
+ dir->require = apr_hash_make(p);
+ dir->envattr = apr_hash_make(p);
+ dir->userattr = default_user_attribute;
+@@ -541,6 +554,12 @@
+ add_cfg->varname :
+ base_cfg->varname);
+
++
++ new_cfg->secure = (add_cfg->secure != default_secure_cookie ?
++ add_cfg->secure :
++ base_cfg->secure);
++
++
+ new_cfg->require = apr_hash_copy(p,
+ (apr_hash_count(add_cfg->require) > 0) ?
+ add_cfg->require :
Home |
Main Index |
Thread Index |
Old Index