pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/ap2-auth-mellon Update to 0.2.1:
details: https://anonhg.NetBSD.org/pkgsrc/rev/0b8ca152076f
branches: trunk
changeset: 394150:0b8ca152076f
user: manu <manu%pkgsrc.org@localhost>
date: Sat Jun 06 10:27:30 2009 +0000
description:
Update to 0.2.1:
* Make SAML authentication assertion and Lasso session available in the
environement.
* Autogeneration of SP metadata. (Requires Lasso 2.2.2 or newer.)
* Multiple IdP support, with discovery service.
* Built in discovery service which tests the availability of each IdP,
and uses the first available IdP.
* Fix a mutex leak.
* MellonSecureCookie option, which enables Secure + HttpOnly flags on
session cookies.
* Better handling of logout request when the user is already logged out.
diffstat:
www/ap2-auth-mellon/Makefile | 6 +-
www/ap2-auth-mellon/distinfo | 10 +-
www/ap2-auth-mellon/patches/patch-aa | 114 -----------------------------------
www/ap2-auth-mellon/patches/patch-ab | 49 +++++++++++++++
4 files changed, 57 insertions(+), 122 deletions(-)
diffs (209 lines):
diff -r ee7f52485de0 -r 0b8ca152076f www/ap2-auth-mellon/Makefile
--- a/www/ap2-auth-mellon/Makefile Sat Jun 06 05:06:12 2009 +0000
+++ b/www/ap2-auth-mellon/Makefile Sat Jun 06 10:27:30 2009 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.2 2009/03/03 10:53:15 manu Exp $
+# $NetBSD: Makefile,v 1.3 2009/06/06 10:27:30 manu Exp $
#
PKGNAME= ${APACHE_PKG_PREFIX}-${DISTNAME:S/mod_//:S/_/-/}
-DISTNAME= mod_auth_mellon-0.1.0
+DISTNAME= mod_auth_mellon-0.2.1
CATEGORIES= www security
MASTER_SITES= http://modmellon.googlecode.com/files/
@@ -25,7 +25,7 @@
CONFIGURE_ENV+= PKG_CONFIG_PATH=${PREFIX}/lib/pkgconfig
CONFIGURE_ENV+= OPENSSL_CFLAGS="${CPPFLAGS}"
CONFIGURE_ENV+= OPENSSL_LIBS="-L${PREFIX}/lib -lssl -lcrypto"
-CONFIGURE_ARGS+= --with-apxs=${APXS:Q}
+CONFIGURE_ARGS+= --with-apxs2=${APXS:Q}
# url2pkg-marker (please do not remove this line.)
diff -r ee7f52485de0 -r 0b8ca152076f www/ap2-auth-mellon/distinfo
--- a/www/ap2-auth-mellon/distinfo Sat Jun 06 05:06:12 2009 +0000
+++ b/www/ap2-auth-mellon/distinfo Sat Jun 06 10:27:30 2009 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.1.1.1 2009/03/02 16:47:42 manu Exp $
+$NetBSD: distinfo,v 1.2 2009/06/06 10:27:30 manu Exp $
-SHA1 (mod_auth_mellon-0.1.0.tar.gz) = d8f20efa3165a55bdc05526bf2077c182cd3bb80
-RMD160 (mod_auth_mellon-0.1.0.tar.gz) = 2c347b2a28867a5d0e3d1c0716e25a6e7d7756c8
-Size (mod_auth_mellon-0.1.0.tar.gz) = 74563 bytes
-SHA1 (patch-aa) = 0a9d7ec8b672b21ad828fde64a75b709cdbf808a
+SHA1 (mod_auth_mellon-0.2.1.tar.gz) = 5d11289aa4c44d235f4fd599cf215b46a37efb09
+RMD160 (mod_auth_mellon-0.2.1.tar.gz) = 6f6e62abb3e5ff4b251e5bd5363aab22b817efe2
+Size (mod_auth_mellon-0.2.1.tar.gz) = 81619 bytes
+SHA1 (patch-ab) = 65c0706feb5e9875d1eaf55a15f3b47cc59d4842
diff -r ee7f52485de0 -r 0b8ca152076f www/ap2-auth-mellon/patches/patch-aa
--- a/www/ap2-auth-mellon/patches/patch-aa Sat Jun 06 05:06:12 2009 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,114 +0,0 @@
-$NetBSD: patch-aa,v 1.1.1.1 2009/03/02 16:47:42 manu Exp $
-Index: auth_mellon_cookie.c
-===================================================================
---- auth_mellon_cookie.c (revision 39)
-+++ auth_mellon_cookie.c (working copy)
-@@ -140,13 +140,18 @@
- {
- const char *name;
- char *cookie;
-+ int secure_cookie;
-
- if (id == NULL)
- return;
-
-+ secure_cookie = ((am_dir_cfg_rec *)am_get_dir_cfg(r))->secure;
- name = am_cookie_name(r);
-
-- cookie = apr_psprintf(r->pool, "%s=%s; Version=1; Path=/", name, id);
-+ cookie = apr_psprintf(r->pool,
-+ "%s=%s; Version=1; Path=/; Domain=%s%s;",
-+ name, id, r->server->server_hostname,
-+ secure_cookie ? "; HttpOnly; secure" : "");
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
- "cookie_set: %s", cookie);
-
-Index: auth_mellon.h
-===================================================================
---- auth_mellon.h (revision 39)
-+++ auth_mellon.h (working copy)
-@@ -127,6 +127,7 @@
- am_decoder_t decoder;
-
- const char *varname;
-+ int secure;
- apr_hash_t *require;
- apr_hash_t *envattr;
- const char *userattr;
-Index: README
-===================================================================
---- README (revision 39)
-+++ README (working copy)
-@@ -161,6 +161,13 @@
- # Default: "cookie"
- MellonVariable "cookie"
-
-+ # MellonSecureCookie enforces the HttpOnly and secure flags
-+ # for the mod_mellon cookie
-+ # Default: Off
-+ MellonSecureCookie On
-+
-+ # MellonSecureCookie enforces the HttpOnly and secure flags
-+ # for the mod_mellon cookie
- # MellonUser selects which attribute we should use for the username.
- # The username is passed on to other apache modules and to the web
- # page the user visits. NAME_ID is an attribute which we set to
-@@ -257,7 +264,6 @@
- # certificate for the IdP.
- # Default: None set.
- MellonIdPCAFile /etc/apache2/mellon/ca.pem
--
- </Location>
-
-
-Index: auth_mellon_config.c
-===================================================================
---- auth_mellon_config.c (revision 39)
-+++ auth_mellon_config.c (working copy)
-@@ -39,6 +39,10 @@
- */
- static const char *default_cookie_name = "cookie";
-
-+/* The default setting for cookie flags is to not enforce HttpOnly and secure
-+ */
-+static const int default_secure_cookie = 0;
-+
- /* This is the default IdP initiated login location
- * the MellonDefaultLoginPath configuration directive if you change this.
- */
-@@ -352,6 +356,14 @@
- " be 'mellon-cookie'."
- ),
- AP_INIT_TAKE1(
-+ "MellonSecureCookie",
-+ ap_set_flag_slot,
-+ (void *)APR_OFFSETOF(am_dir_cfg_rec, secure),
-+ OR_AUTHCFG,
-+ "Whether the cookie set by auth_mellon should have HttpOnly and"
-+ " secure flags set. Default is off."
-+ ),
-+ AP_INIT_TAKE1(
- "MellonUser",
- ap_set_string_slot,
- (void *)APR_OFFSETOF(am_dir_cfg_rec, userattr),
-@@ -480,6 +492,7 @@
- dir->decoder = am_decoder_default;
-
- dir->varname = default_cookie_name;
-+ dir->secure = default_secure_cookie;
- dir->require = apr_hash_make(p);
- dir->envattr = apr_hash_make(p);
- dir->userattr = default_user_attribute;
-@@ -541,6 +554,12 @@
- add_cfg->varname :
- base_cfg->varname);
-
-+
-+ new_cfg->secure = (add_cfg->secure != default_secure_cookie ?
-+ add_cfg->secure :
-+ base_cfg->secure);
-+
-+
- new_cfg->require = apr_hash_copy(p,
- (apr_hash_count(add_cfg->require) > 0) ?
- add_cfg->require :
diff -r ee7f52485de0 -r 0b8ca152076f www/ap2-auth-mellon/patches/patch-ab
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/ap2-auth-mellon/patches/patch-ab Sat Jun 06 10:27:30 2009 +0000
@@ -0,0 +1,49 @@
+$NetBSD: patch-ab,v 1.1 2009/06/06 10:27:31 manu Exp $
+diff -r -U4 auth_mellon_handler.c.orig auth_mellon_handler.c
+--- auth_mellon_handler.c.orig 2009-06-05 22:07:17.000000000 +0200
++++ auth_mellon_handler.c 2009-06-06 11:59:24.000000000 +0200
+@@ -82,9 +82,29 @@
+ am_dir_cfg_rec *cfg = am_get_dir_cfg(r);
+ char *url = am_get_endpoint_url(r);
+ char *cert = "";
+
+- if (cfg->sp_cert_file)
++ if (cfg->sp_cert_file) {
++ char *sp_cert_file;
++ char *cp;
++ const char *begin = "-----BEGIN CERTIFICATE-----";
++ const char *end = "-----END CERTIFICATE-----";
++
++ /*
++ * Try to remove leading and trailing garbage, as it can
++ * wreak havoc XML parser if it contains [<>&]
++ */
++ sp_cert_file = apr_pstrdup(p, cfg->sp_cert_file);
++
++ cp = strstr(sp_cert_file, begin);
++ if (cp != NULL)
++ sp_cert_file = cp;
++
++ cp = strstr(sp_cert_file, end);
++ if (cp != NULL)
++ *(cp + strlen(end)) = '\0';
++
++
+ cert = apr_psprintf(p,
+ "<KeyDescriptor use=\"signing\">"
+ "<ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">"
+ "<ds:X509Data>"
+@@ -98,10 +118,11 @@
+ "<ds:X509Certificate>%s</ds:X509Certificate>"
+ "</ds:X509Data>"
+ "</ds:KeyInfo>"
+ "</KeyDescriptor>",
+- cfg->sp_cert_file,
+- cfg->sp_cert_file);
++ sp_cert_file,
++ sp_cert_file);
++ }
+
+ return apr_psprintf(p,
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>"
+ "<EntityDescriptor "
Home |
Main Index |
Thread Index |
Old Index