From 5f23c37313733e6fa2245d2017ae23de0e3c8d2a Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Dec 11 2013 14:22:05 +0000 Subject: Initial import --- diff --git a/.gitignore b/.gitignore index e69de29..c4e5604 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1 @@ +/mod_auth_mellon-0.7.0.tar.gz diff --git a/10-auth_mellon.conf b/10-auth_mellon.conf new file mode 100644 index 0000000..b605132 --- /dev/null +++ b/10-auth_mellon.conf @@ -0,0 +1 @@ +LoadModule auth_mellon_module modules/mod_auth_mellon.so diff --git a/auth_mellon.conf b/auth_mellon.conf new file mode 100644 index 0000000..ad86d39 --- /dev/null +++ b/auth_mellon.conf @@ -0,0 +1,2 @@ +MellonCacheSize 100 +MellonLockFile "/run/mod_auth_mellon/lock" diff --git a/mellon_create_metadata.sh b/mellon_create_metadata.sh new file mode 100644 index 0000000..4eb0baf --- /dev/null +++ b/mellon_create_metadata.sh @@ -0,0 +1,92 @@ +#!/usr/bin/env bash +set -e + +PROG="$(basename "$0")" + +printUsage() { + echo "Usage: $PROG ENTITY-ID ENDPOINT-URL" + echo "" + echo "Example:" + echo " $PROG urn:someservice https://sp.example.org/mellon" + echo "" +} + +if [ "$#" -lt 2 ]; then + printUsage + exit 1 +fi + +ENTITYID="$1" +if [ -z "$ENTITYID" ]; then + echo "$PROG: An entity ID is required." >&2 + exit 1 +fi + +BASEURL="$2" +if [ -z "$BASEURL" ]; then + echo "$PROG: The URL to the MellonEndpointPath is required." >&2 + exit 1 +fi + +if ! echo "$BASEURL" | grep -q '^https\?://'; then + echo "$PROG: The URL must start with \"http://\" or \"https://\"." >&2 + exit 1 +fi + +HOST="$(echo "$BASEURL" | sed 's#^[a-z]*://\([^/]*\).*#\1#')" +BASEURL="$(echo "$BASEURL" | sed 's#/$##')" + +OUTFILE="$(echo "$ENTITYID" | sed 's/[^A-Za-z.]/_/g' | sed 's/__*/_/g')" +echo "Output files:" +echo "Private key: $OUTFILE.key" +echo "Certificate: $OUTFILE.cert" +echo "Metadata: $OUTFILE.xml" +echo "Host: $HOST" +echo +echo "Endpoints:" +echo "SingleLogoutService: $BASEURL/logout" +echo "AssertionConsumerService: $BASEURL/postResponse" +echo + +# No files should not be readable by the rest of the world. +umask 0077 + +TEMPLATEFILE="$(mktemp -t mellon_create_sp.XXXXXXXXXX)" + +cat >"$TEMPLATEFILE" </dev/null + +rm -f "$TEMPLATEFILE" + +CERT="$(grep -v '^-----' "$OUTFILE.cert")" + +cat >"$OUTFILE.xml" < + + + + + $CERT + + + + + + + +EOF + +umask 0777 +chmod go+r "$OUTFILE.xml" +chmod go+r "$OUTFILE.cert" diff --git a/mod_auth_mellon.conf b/mod_auth_mellon.conf new file mode 100644 index 0000000..5e653bc --- /dev/null +++ b/mod_auth_mellon.conf @@ -0,0 +1,2 @@ +# mod_auth_mellon lock file is created in this directory +d /run/mod_auth_mellon 0755 apache apache diff --git a/mod_auth_mellon.spec b/mod_auth_mellon.spec new file mode 100644 index 0000000..00ad1ff --- /dev/null +++ b/mod_auth_mellon.spec @@ -0,0 +1,65 @@ +Summary: A SAML 2.0 authentication module for the Apache Httpd Server +Name: mod_auth_mellon +Version: 0.7.0 +Release: 1%{?dist} +Group: System Environment/Daemons +Source0: https://modmellon.googlecode.com/files/%{name}-%{version}.tar.gz +Source1: auth_mellon.conf +Source2: 10-auth_mellon.conf +Source3: mod_auth_mellon.conf +Source4: mellon_create_metadata.sh +License: GPLv2+ +BuildRequires: curl-devel, glib2-devel, httpd-devel, lasso-devel, openssl-devel, xmlsec1-devel +Requires: httpd-mmn = %{_httpd_mmn} +Requires: lasso >= 2.3.6 +Url: https://code.google.com/p/modmellon/ + +%description +The mod_auth_mellon module is an authentication service that implements the +SAML 2.0 federation protocol. It grants access based on the attributes +received in assertions generated by a IdP server. + +%prep +%setup -q -n %{name}-%{version} + +%build +export APXS=%{_httpd_apxs} +%configure +make %{?_smp_mflags} + +%install +# install module +mkdir -p %{buildroot}%{_httpd_moddir} +install -m 755 .libs/%{name}.so %{buildroot}%{_httpd_moddir} + +# install module configuration +mkdir -p %{buildroot}%{_httpd_confdir} +install -m 644 %{SOURCE1} %{buildroot}%{_httpd_confdir} +mkdir -p %{buildroot}%{_httpd_modconfdir} +install -m 644 %{SOURCE2} %{buildroot}%{_httpd_modconfdir} + +mkdir -p %{buildroot}%{_tmpfilesdir} +install -m 644 %{SOURCE3} %{buildroot}%{_tmpfilesdir} +mkdir -p %{buildroot}/run/%{name} + +# install script to generate metadata +mkdir -p %{buildroot}/%{_libexecdir}/%{name} +install -m 755 %{SOURCE4} %{buildroot}/%{_libexecdir}/%{name} + +%files +%defattr(-,root,root) +%doc README COPYING +%config(noreplace) %{_httpd_modconfdir}/10-auth_mellon.conf +%config(noreplace) %{_httpd_confdir}/auth_mellon.conf +%{_httpd_moddir}/mod_auth_mellon.so +%{_tmpfilesdir}/mod_auth_mellon.conf +%{_libexecdir}/%{name} +%dir /run/%{name}/ + +%changelog +* Tue Dec 10 2013 Simo Sorce 0.7.0-1 +- Fix ownership of /run files + +* Wed Nov 27 2013 Simo Sorce 0.7.0-0 +- Initial Fedora release based on version 0.7.0 +- Based on an old spec file by Jean-Marc Liger diff --git a/sources b/sources index e69de29..5493a95 100644 --- a/sources +++ b/sources @@ -0,0 +1 @@ +b1d58363c6feb00a39402b347bc2e17b mod_auth_mellon-0.7.0.tar.gz