diff options
| author | manu <manu@pkgsrc.org> | 2009-06-06 10:27:30 +0000 |
|---|---|---|
| committer | manu <manu@pkgsrc.org> | 2009-06-06 10:27:30 +0000 |
| commit | 74c6e36d880865ddaae706b33b72efe0e6e27b93 (patch) | |
| tree | 8b7601f3977931323175c4530c394381780271e7 /www | |
| parent | 395c1ade0c3244ad47afd433ef5600ed554b54f6 (diff) | |
| download | pkgsrc-74c6e36d880865ddaae706b33b72efe0e6e27b93.tar.gz | |
Update to 0.2.1:
* Make SAML authentication assertion and Lasso session available in the
environement.
* Autogeneration of SP metadata. (Requires Lasso 2.2.2 or newer.)
* Multiple IdP support, with discovery service.
* Built in discovery service which tests the availability of each IdP,
and uses the first available IdP.
* Fix a mutex leak.
* MellonSecureCookie option, which enables Secure + HttpOnly flags on
session cookies.
* Better handling of logout request when the user is already logged out.
Diffstat (limited to 'www')
| -rw-r--r-- | www/ap2-auth-mellon/Makefile | 6 | ||||
| -rw-r--r-- | www/ap2-auth-mellon/distinfo | 10 | ||||
| -rw-r--r-- | www/ap2-auth-mellon/patches/patch-aa | 114 | ||||
| -rw-r--r-- | www/ap2-auth-mellon/patches/patch-ab | 49 |
4 files changed, 57 insertions, 122 deletions
diff --git a/www/ap2-auth-mellon/Makefile b/www/ap2-auth-mellon/Makefile index 43652657480..1beea0009e4 100644 --- a/www/ap2-auth-mellon/Makefile +++ b/www/ap2-auth-mellon/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.2 2009/03/03 10:53:15 manu Exp $ +# $NetBSD: Makefile,v 1.3 2009/06/06 10:27:30 manu Exp $ # PKGNAME= ${APACHE_PKG_PREFIX}-${DISTNAME:S/mod_//:S/_/-/} -DISTNAME= mod_auth_mellon-0.1.0 +DISTNAME= mod_auth_mellon-0.2.1 CATEGORIES= www security MASTER_SITES= http://modmellon.googlecode.com/files/ @@ -25,7 +25,7 @@ BUILDLINK_API_DEPENDS.apache+= apache>=2.0.47 CONFIGURE_ENV+= PKG_CONFIG_PATH=${PREFIX}/lib/pkgconfig CONFIGURE_ENV+= OPENSSL_CFLAGS="${CPPFLAGS}" CONFIGURE_ENV+= OPENSSL_LIBS="-L${PREFIX}/lib -lssl -lcrypto" -CONFIGURE_ARGS+= --with-apxs=${APXS:Q} +CONFIGURE_ARGS+= --with-apxs2=${APXS:Q} # url2pkg-marker (please do not remove this line.) diff --git a/www/ap2-auth-mellon/distinfo b/www/ap2-auth-mellon/distinfo index 08f0746d08c..dce082de806 100644 --- a/www/ap2-auth-mellon/distinfo +++ b/www/ap2-auth-mellon/distinfo @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.1.1.1 2009/03/02 16:47:42 manu Exp $ +$NetBSD: distinfo,v 1.2 2009/06/06 10:27:30 manu Exp $ -SHA1 (mod_auth_mellon-0.1.0.tar.gz) = d8f20efa3165a55bdc05526bf2077c182cd3bb80 -RMD160 (mod_auth_mellon-0.1.0.tar.gz) = 2c347b2a28867a5d0e3d1c0716e25a6e7d7756c8 -Size (mod_auth_mellon-0.1.0.tar.gz) = 74563 bytes -SHA1 (patch-aa) = 0a9d7ec8b672b21ad828fde64a75b709cdbf808a +SHA1 (mod_auth_mellon-0.2.1.tar.gz) = 5d11289aa4c44d235f4fd599cf215b46a37efb09 +RMD160 (mod_auth_mellon-0.2.1.tar.gz) = 6f6e62abb3e5ff4b251e5bd5363aab22b817efe2 +Size (mod_auth_mellon-0.2.1.tar.gz) = 81619 bytes +SHA1 (patch-ab) = 65c0706feb5e9875d1eaf55a15f3b47cc59d4842 diff --git a/www/ap2-auth-mellon/patches/patch-aa b/www/ap2-auth-mellon/patches/patch-aa deleted file mode 100644 index bddb56d7e89..00000000000 --- a/www/ap2-auth-mellon/patches/patch-aa +++ /dev/null @@ -1,114 +0,0 @@ -$NetBSD: patch-aa,v 1.1.1.1 2009/03/02 16:47:42 manu Exp $ -Index: auth_mellon_cookie.c -=================================================================== ---- auth_mellon_cookie.c (revision 39) -+++ auth_mellon_cookie.c (working copy) -@@ -140,13 +140,18 @@ - { - const char *name; - char *cookie; -+ int secure_cookie; - - if (id == NULL) - return; - -+ secure_cookie = ((am_dir_cfg_rec *)am_get_dir_cfg(r))->secure; - name = am_cookie_name(r); - -- cookie = apr_psprintf(r->pool, "%s=%s; Version=1; Path=/", name, id); -+ cookie = apr_psprintf(r->pool, -+ "%s=%s; Version=1; Path=/; Domain=%s%s;", -+ name, id, r->server->server_hostname, -+ secure_cookie ? "; HttpOnly; secure" : ""); - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, - "cookie_set: %s", cookie); - -Index: auth_mellon.h -=================================================================== ---- auth_mellon.h (revision 39) -+++ auth_mellon.h (working copy) -@@ -127,6 +127,7 @@ - am_decoder_t decoder; - - const char *varname; -+ int secure; - apr_hash_t *require; - apr_hash_t *envattr; - const char *userattr; -Index: README -=================================================================== ---- README (revision 39) -+++ README (working copy) -@@ -161,6 +161,13 @@ - # Default: "cookie" - MellonVariable "cookie" - -+ # MellonSecureCookie enforces the HttpOnly and secure flags -+ # for the mod_mellon cookie -+ # Default: Off -+ MellonSecureCookie On -+ -+ # MellonSecureCookie enforces the HttpOnly and secure flags -+ # for the mod_mellon cookie - # MellonUser selects which attribute we should use for the username. - # The username is passed on to other apache modules and to the web - # page the user visits. NAME_ID is an attribute which we set to -@@ -257,7 +264,6 @@ - # certificate for the IdP. - # Default: None set. - MellonIdPCAFile /etc/apache2/mellon/ca.pem -- - </Location> - - -Index: auth_mellon_config.c -=================================================================== ---- auth_mellon_config.c (revision 39) -+++ auth_mellon_config.c (working copy) -@@ -39,6 +39,10 @@ - */ - static const char *default_cookie_name = "cookie"; - -+/* The default setting for cookie flags is to not enforce HttpOnly and secure -+ */ -+static const int default_secure_cookie = 0; -+ - /* This is the default IdP initiated login location - * the MellonDefaultLoginPath configuration directive if you change this. - */ -@@ -352,6 +356,14 @@ - " be 'mellon-cookie'." - ), - AP_INIT_TAKE1( -+ "MellonSecureCookie", -+ ap_set_flag_slot, -+ (void *)APR_OFFSETOF(am_dir_cfg_rec, secure), -+ OR_AUTHCFG, -+ "Whether the cookie set by auth_mellon should have HttpOnly and" -+ " secure flags set. Default is off." -+ ), -+ AP_INIT_TAKE1( - "MellonUser", - ap_set_string_slot, - (void *)APR_OFFSETOF(am_dir_cfg_rec, userattr), -@@ -480,6 +492,7 @@ - dir->decoder = am_decoder_default; - - dir->varname = default_cookie_name; -+ dir->secure = default_secure_cookie; - dir->require = apr_hash_make(p); - dir->envattr = apr_hash_make(p); - dir->userattr = default_user_attribute; -@@ -541,6 +554,12 @@ - add_cfg->varname : - base_cfg->varname); - -+ -+ new_cfg->secure = (add_cfg->secure != default_secure_cookie ? -+ add_cfg->secure : -+ base_cfg->secure); -+ -+ - new_cfg->require = apr_hash_copy(p, - (apr_hash_count(add_cfg->require) > 0) ? - add_cfg->require : diff --git a/www/ap2-auth-mellon/patches/patch-ab b/www/ap2-auth-mellon/patches/patch-ab new file mode 100644 index 00000000000..37cb40f736c --- /dev/null +++ b/www/ap2-auth-mellon/patches/patch-ab @@ -0,0 +1,49 @@ +$NetBSD: patch-ab,v 1.1 2009/06/06 10:27:31 manu Exp $ +diff -r -U4 auth_mellon_handler.c.orig auth_mellon_handler.c +--- auth_mellon_handler.c.orig 2009-06-05 22:07:17.000000000 +0200 ++++ auth_mellon_handler.c 2009-06-06 11:59:24.000000000 +0200 +@@ -82,9 +82,29 @@ + am_dir_cfg_rec *cfg = am_get_dir_cfg(r); + char *url = am_get_endpoint_url(r); + char *cert = ""; + +- if (cfg->sp_cert_file) ++ if (cfg->sp_cert_file) { ++ char *sp_cert_file; ++ char *cp; ++ const char *begin = "-----BEGIN CERTIFICATE-----"; ++ const char *end = "-----END CERTIFICATE-----"; ++ ++ /* ++ * Try to remove leading and trailing garbage, as it can ++ * wreak havoc XML parser if it contains [<>&] ++ */ ++ sp_cert_file = apr_pstrdup(p, cfg->sp_cert_file); ++ ++ cp = strstr(sp_cert_file, begin); ++ if (cp != NULL) ++ sp_cert_file = cp; ++ ++ cp = strstr(sp_cert_file, end); ++ if (cp != NULL) ++ *(cp + strlen(end)) = '\0'; ++ ++ + cert = apr_psprintf(p, + "<KeyDescriptor use=\"signing\">" + "<ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">" + "<ds:X509Data>" +@@ -98,10 +118,11 @@ + "<ds:X509Certificate>%s</ds:X509Certificate>" + "</ds:X509Data>" + "</ds:KeyInfo>" + "</KeyDescriptor>", +- cfg->sp_cert_file, +- cfg->sp_cert_file); ++ sp_cert_file, ++ sp_cert_file); ++ } + + return apr_psprintf(p, + "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>" + "<EntityDescriptor " |