pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/www/ap2-auth-mellon Update to 0.2.1:



details:   https://anonhg.NetBSD.org/pkgsrc/rev/8c7310cf42a4
branches:  trunk
changeset: 560002:8c7310cf42a4
user:      manu <manu%pkgsrc.org@localhost>
date:      Sat Jun 06 10:27:30 2009 +0000

description:
Update to 0.2.1:
* Make SAML authentication assertion and Lasso session available in the
  environement.
* Autogeneration of SP metadata. (Requires Lasso 2.2.2 or newer.)
* Multiple IdP support, with discovery service.
* Built in discovery service which tests the availability of each IdP,
  and uses the first available IdP.
* Fix a mutex leak.
* MellonSecureCookie option, which enables Secure + HttpOnly flags on
  session cookies.
* Better handling of logout request when the user is already logged out.

diffstat:

 www/ap2-auth-mellon/Makefile         |    6 +-
 www/ap2-auth-mellon/distinfo         |   10 +-
 www/ap2-auth-mellon/patches/patch-aa |  114 -----------------------------------
 www/ap2-auth-mellon/patches/patch-ab |   49 +++++++++++++++
 4 files changed, 57 insertions(+), 122 deletions(-)

diffs (209 lines):

diff -r 9e374df5d97f -r 8c7310cf42a4 www/ap2-auth-mellon/Makefile
--- a/www/ap2-auth-mellon/Makefile      Sat Jun 06 05:06:12 2009 +0000
+++ b/www/ap2-auth-mellon/Makefile      Sat Jun 06 10:27:30 2009 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.2 2009/03/03 10:53:15 manu Exp $
+# $NetBSD: Makefile,v 1.3 2009/06/06 10:27:30 manu Exp $
 #
 
 PKGNAME=       ${APACHE_PKG_PREFIX}-${DISTNAME:S/mod_//:S/_/-/}
-DISTNAME=      mod_auth_mellon-0.1.0
+DISTNAME=      mod_auth_mellon-0.2.1
 CATEGORIES=    www security
 MASTER_SITES=  http://modmellon.googlecode.com/files/
 
@@ -25,7 +25,7 @@
 CONFIGURE_ENV+=                PKG_CONFIG_PATH=${PREFIX}/lib/pkgconfig
 CONFIGURE_ENV+=                OPENSSL_CFLAGS="${CPPFLAGS}"
 CONFIGURE_ENV+=                OPENSSL_LIBS="-L${PREFIX}/lib -lssl -lcrypto"
-CONFIGURE_ARGS+=        --with-apxs=${APXS:Q}
+CONFIGURE_ARGS+=        --with-apxs2=${APXS:Q}
 
 # url2pkg-marker (please do not remove this line.)
 
diff -r 9e374df5d97f -r 8c7310cf42a4 www/ap2-auth-mellon/distinfo
--- a/www/ap2-auth-mellon/distinfo      Sat Jun 06 05:06:12 2009 +0000
+++ b/www/ap2-auth-mellon/distinfo      Sat Jun 06 10:27:30 2009 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.1.1.1 2009/03/02 16:47:42 manu Exp $
+$NetBSD: distinfo,v 1.2 2009/06/06 10:27:30 manu Exp $
 
-SHA1 (mod_auth_mellon-0.1.0.tar.gz) = d8f20efa3165a55bdc05526bf2077c182cd3bb80
-RMD160 (mod_auth_mellon-0.1.0.tar.gz) = 2c347b2a28867a5d0e3d1c0716e25a6e7d7756c8
-Size (mod_auth_mellon-0.1.0.tar.gz) = 74563 bytes
-SHA1 (patch-aa) = 0a9d7ec8b672b21ad828fde64a75b709cdbf808a
+SHA1 (mod_auth_mellon-0.2.1.tar.gz) = 5d11289aa4c44d235f4fd599cf215b46a37efb09
+RMD160 (mod_auth_mellon-0.2.1.tar.gz) = 6f6e62abb3e5ff4b251e5bd5363aab22b817efe2
+Size (mod_auth_mellon-0.2.1.tar.gz) = 81619 bytes
+SHA1 (patch-ab) = 65c0706feb5e9875d1eaf55a15f3b47cc59d4842
diff -r 9e374df5d97f -r 8c7310cf42a4 www/ap2-auth-mellon/patches/patch-aa
--- a/www/ap2-auth-mellon/patches/patch-aa      Sat Jun 06 05:06:12 2009 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,114 +0,0 @@
-$NetBSD: patch-aa,v 1.1.1.1 2009/03/02 16:47:42 manu Exp $
-Index: auth_mellon_cookie.c
-===================================================================
---- auth_mellon_cookie.c       (revision 39)
-+++ auth_mellon_cookie.c       (working copy)
-@@ -140,13 +140,18 @@
- {
-     const char *name;
-     char *cookie;
-+    int secure_cookie;
- 
-     if (id == NULL)
-         return;
- 
-+    secure_cookie = ((am_dir_cfg_rec *)am_get_dir_cfg(r))->secure;
-     name = am_cookie_name(r);
- 
--    cookie = apr_psprintf(r->pool, "%s=%s; Version=1; Path=/", name, id);
-+    cookie = apr_psprintf(r->pool, 
-+                         "%s=%s; Version=1; Path=/; Domain=%s%s;", 
-+                         name, id, r->server->server_hostname,
-+                         secure_cookie ? "; HttpOnly; secure" : "");
-     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
-                  "cookie_set: %s", cookie);
- 
-Index: auth_mellon.h
-===================================================================
---- auth_mellon.h      (revision 39)
-+++ auth_mellon.h      (working copy)
-@@ -127,6 +127,7 @@
-     am_decoder_t decoder;
- 
-     const char *varname;
-+    int secure;
-     apr_hash_t *require;
-     apr_hash_t *envattr;
-     const char *userattr;
-Index: README
-===================================================================
---- README     (revision 39)
-+++ README     (working copy)
-@@ -161,6 +161,13 @@
-         # Default: "cookie"
-       MellonVariable "cookie"
- 
-+        # MellonSecureCookie enforces the HttpOnly and secure flags
-+        # for the mod_mellon cookie
-+        # Default: Off
-+        MellonSecureCookie On
-+
-+        # MellonSecureCookie enforces the HttpOnly and secure flags
-+        # for the mod_mellon cookie
-         # MellonUser selects which attribute we should use for the username.
-         # The username is passed on to other apache modules and to the web
-         # page the user visits. NAME_ID is an attribute which we set to
-@@ -257,7 +264,6 @@
-         # certificate for the IdP.
-         # Default: None set.
-         MellonIdPCAFile /etc/apache2/mellon/ca.pem
--
- </Location>
- 
- 
-Index: auth_mellon_config.c
-===================================================================
---- auth_mellon_config.c       (revision 39)
-+++ auth_mellon_config.c       (working copy)
-@@ -39,6 +39,10 @@
-  */
- static const char *default_cookie_name = "cookie";
- 
-+/* The default setting for cookie flags is to not enforce HttpOnly and secure
-+ */
-+static const int default_secure_cookie = 0;
-+
- /* This is the default IdP initiated login location
-  * the MellonDefaultLoginPath configuration directive if you change this.
-  */
-@@ -352,6 +356,14 @@
-         " be 'mellon-cookie'."
-         ),
-     AP_INIT_TAKE1(
-+        "MellonSecureCookie",
-+        ap_set_flag_slot,
-+        (void *)APR_OFFSETOF(am_dir_cfg_rec, secure),
-+        OR_AUTHCFG,
-+        "Whether the cookie set by auth_mellon should have HttpOnly and"
-+        " secure flags set. Default is off."
-+        ),
-+    AP_INIT_TAKE1(
-         "MellonUser",
-         ap_set_string_slot,
-         (void *)APR_OFFSETOF(am_dir_cfg_rec, userattr),
-@@ -480,6 +492,7 @@
-     dir->decoder = am_decoder_default;
- 
-     dir->varname = default_cookie_name;
-+    dir->secure = default_secure_cookie;
-     dir->require   = apr_hash_make(p);
-     dir->envattr   = apr_hash_make(p);
-     dir->userattr  = default_user_attribute;
-@@ -541,6 +554,12 @@
-                         add_cfg->varname :
-                         base_cfg->varname);
- 
-+
-+    new_cfg->secure = (add_cfg->secure != default_secure_cookie ?
-+                        add_cfg->secure :
-+                        base_cfg->secure);
-+
-+
-     new_cfg->require = apr_hash_copy(p,
-                                      (apr_hash_count(add_cfg->require) > 0) ?
-                                      add_cfg->require :
diff -r 9e374df5d97f -r 8c7310cf42a4 www/ap2-auth-mellon/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/ap2-auth-mellon/patches/patch-ab      Sat Jun 06 10:27:30 2009 +0000
@@ -0,0 +1,49 @@
+$NetBSD: patch-ab,v 1.1 2009/06/06 10:27:31 manu Exp $
+diff -r -U4 auth_mellon_handler.c.orig auth_mellon_handler.c
+--- auth_mellon_handler.c.orig 2009-06-05 22:07:17.000000000 +0200
++++ auth_mellon_handler.c      2009-06-06 11:59:24.000000000 +0200
+@@ -82,9 +82,29 @@
+     am_dir_cfg_rec *cfg = am_get_dir_cfg(r);
+     char *url = am_get_endpoint_url(r);
+     char *cert = "";
+ 
+-    if (cfg->sp_cert_file)
++    if (cfg->sp_cert_file) {
++      char *sp_cert_file;
++        char *cp;
++        const char *begin = "-----BEGIN CERTIFICATE-----";
++        const char *end = "-----END CERTIFICATE-----";
++
++        /* 
++         * Try to remove leading and trailing garbage, as it can
++         * wreak havoc XML parser if it contains [<>&]
++         */
++      sp_cert_file = apr_pstrdup(p, cfg->sp_cert_file);
++
++        cp = strstr(sp_cert_file, begin);
++        if (cp != NULL) 
++            sp_cert_file = cp;
++
++        cp = strstr(sp_cert_file, end);
++        if (cp != NULL)
++            *(cp + strlen(end)) = '\0';
++        
++
+         cert = apr_psprintf(p,
+           "<KeyDescriptor use=\"signing\">"
+             "<ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\";>"
+               "<ds:X509Data>"
+@@ -98,10 +118,11 @@
+                 "<ds:X509Certificate>%s</ds:X509Certificate>"
+               "</ds:X509Data>"
+             "</ds:KeyInfo>"
+           "</KeyDescriptor>",
+-          cfg->sp_cert_file,
+-          cfg->sp_cert_file);
++          sp_cert_file,
++          sp_cert_file);
++    }
+ 
+     return apr_psprintf(p,
+       "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>"
+       "<EntityDescriptor "



Home | Main Index | Thread Index | Old Index