[mod_auth_mellon] Initial import

Simo Sorce simo at fedoraproject.org
Wed Dec 11 14:22:14 UTC 2013 

commit 5f23c37313733e6fa2245d2017ae23de0e3c8d2a
Author: Simo Sorce <simo at redhat.com>
Date:   Wed Dec 11 09:22:05 2013 -0500

    Initial import

 .gitignore                |    1 +
 10-auth_mellon.conf       |    1 +
 auth_mellon.conf          |    2 +
 mellon_create_metadata.sh |   92 +++++++++++++++++++++++++++++++++++++++++++++
 mod_auth_mellon.conf      |    2 +
 mod_auth_mellon.spec      |   65 +++++++++++++++++++++++++++++++
 sources                   |    1 +
 7 files changed, 164 insertions(+), 0 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index e69de29..c4e5604 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/mod_auth_mellon-0.7.0.tar.gz
diff --git a/10-auth_mellon.conf b/10-auth_mellon.conf
new file mode 100644
index 0000000..b605132
--- /dev/null
+++ b/10-auth_mellon.conf
@@ -0,0 +1 @@
+LoadModule auth_mellon_module modules/mod_auth_mellon.so
diff --git a/auth_mellon.conf b/auth_mellon.conf
new file mode 100644
index 0000000..ad86d39
--- /dev/null
+++ b/auth_mellon.conf
@@ -0,0 +1,2 @@
+MellonCacheSize 100
+MellonLockFile "/run/mod_auth_mellon/lock"
diff --git a/mellon_create_metadata.sh b/mellon_create_metadata.sh
new file mode 100644
index 0000000..4eb0baf
--- /dev/null
+++ b/mellon_create_metadata.sh
@@ -0,0 +1,92 @@
+#!/usr/bin/env bash
+set -e
+
+PROG="$(basename "$0")"
+
+printUsage() {
+    echo "Usage: $PROG ENTITY-ID ENDPOINT-URL"
+    echo ""
+    echo "Example:"
+    echo "  $PROG urn:someservice https://sp.example.org/mellon"
+    echo ""
+}
+
+if [ "$#" -lt 2 ]; then
+    printUsage
+    exit 1
+fi
+
+ENTITYID="$1"
+if [ -z "$ENTITYID" ]; then
+    echo "$PROG: An entity ID is required." >&2
+    exit 1
+fi
+
+BASEURL="$2"
+if [ -z "$BASEURL" ]; then
+    echo "$PROG: The URL to the MellonEndpointPath is required." >&2
+    exit 1
+fi
+
+if ! echo "$BASEURL" | grep -q '^https\?://'; then
+    echo "$PROG: The URL must start with \"http://\" or \"https://\"." >&2
+    exit 1
+fi
+
+HOST="$(echo "$BASEURL" | sed 's#^[a-z]*://\([^/]*\).*#\1#')"
+BASEURL="$(echo "$BASEURL" | sed 's#/$##')"
+
+OUTFILE="$(echo "$ENTITYID" | sed 's/[^A-Za-z.]/_/g' | sed 's/__*/_/g')"
+echo "Output files:"
+echo "Private key:               $OUTFILE.key"
+echo "Certificate:               $OUTFILE.cert"
+echo "Metadata:                  $OUTFILE.xml"
+echo "Host:                      $HOST"
+echo
+echo "Endpoints:"
+echo "SingleLogoutService:       $BASEURL/logout"
+echo "AssertionConsumerService:  $BASEURL/postResponse"
+echo
+
+# No files should not be readable by the rest of the world.
+umask 0077
+
+TEMPLATEFILE="$(mktemp -t mellon_create_sp.XXXXXXXXXX)"
+
+cat >"$TEMPLATEFILE" <<EOF
+RANDFILE           = /dev/urandom
+[req]
+default_bits       = 2048
+default_keyfile    = privkey.pem
+distinguished_name = req_distinguished_name
+prompt             = no
+policy             = policy_anything
+[req_distinguished_name]
+commonName         = $HOST
+EOF
+
+openssl req -utf8 -batch -config "$TEMPLATEFILE" -new -x509 -days 3652 -nodes -out "$OUTFILE.cert" -keyout "$OUTFILE.key" 2>/dev/null
+
+rm -f "$TEMPLATEFILE"
+
+CERT="$(grep -v '^-----' "$OUTFILE.cert")"
+
+cat >"$OUTFILE.xml" <<EOF
+<EntityDescriptor entityID="$ENTITYID" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+    <KeyDescriptor use="signing">
+      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+        <ds:X509Data>
+          <ds:X509Certificate>$CERT</ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </KeyDescriptor>
+    <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="$BASEURL/logout"/>
+    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="$BASEURL/postResponse" index="0"/>
+  </SPSSODescriptor>
+</EntityDescriptor>
+EOF
+
+umask 0777
+chmod go+r "$OUTFILE.xml"
+chmod go+r "$OUTFILE.cert"
diff --git a/mod_auth_mellon.conf b/mod_auth_mellon.conf
new file mode 100644
index 0000000..5e653bc
--- /dev/null
+++ b/mod_auth_mellon.conf
@@ -0,0 +1,2 @@
+# mod_auth_mellon lock file is created in this directory
+d /run/mod_auth_mellon 0755 apache apache
diff --git a/mod_auth_mellon.spec b/mod_auth_mellon.spec
new file mode 100644
index 0000000..00ad1ff
--- /dev/null
+++ b/mod_auth_mellon.spec
@@ -0,0 +1,65 @@
+Summary: A SAML 2.0 authentication module for the Apache Httpd Server
+Name: mod_auth_mellon
+Version: 0.7.0
+Release: 1%{?dist}
+Group: System Environment/Daemons
+Source0: https://modmellon.googlecode.com/files/%{name}-%{version}.tar.gz
+Source1: auth_mellon.conf
+Source2: 10-auth_mellon.conf
+Source3: mod_auth_mellon.conf
+Source4: mellon_create_metadata.sh
+License: GPLv2+
+BuildRequires: curl-devel, glib2-devel, httpd-devel, lasso-devel, openssl-devel, xmlsec1-devel
+Requires: httpd-mmn = %{_httpd_mmn}
+Requires: lasso >= 2.3.6
+Url: https://code.google.com/p/modmellon/
+
+%description
+The mod_auth_mellon module is an authentication service that implements the
+SAML 2.0 federation protocol. It grants access based on the attributes
+received in assertions generated by a IdP server.
+
+%prep
+%setup -q -n %{name}-%{version}
+
+%build
+export APXS=%{_httpd_apxs}
+%configure
+make %{?_smp_mflags}
+
+%install
+# install module
+mkdir -p %{buildroot}%{_httpd_moddir}
+install -m 755 .libs/%{name}.so %{buildroot}%{_httpd_moddir}
+
+# install module configuration
+mkdir -p %{buildroot}%{_httpd_confdir}
+install -m 644 %{SOURCE1} %{buildroot}%{_httpd_confdir}
+mkdir -p %{buildroot}%{_httpd_modconfdir}
+install -m 644 %{SOURCE2} %{buildroot}%{_httpd_modconfdir}
+
+mkdir -p %{buildroot}%{_tmpfilesdir}
+install -m 644 %{SOURCE3} %{buildroot}%{_tmpfilesdir}
+mkdir -p %{buildroot}/run/%{name}
+
+# install script to generate metadata
+mkdir -p %{buildroot}/%{_libexecdir}/%{name}
+install -m 755 %{SOURCE4} %{buildroot}/%{_libexecdir}/%{name}
+
+%files
+%defattr(-,root,root)
+%doc README COPYING
+%config(noreplace) %{_httpd_modconfdir}/10-auth_mellon.conf
+%config(noreplace) %{_httpd_confdir}/auth_mellon.conf
+%{_httpd_moddir}/mod_auth_mellon.so
+%{_tmpfilesdir}/mod_auth_mellon.conf
+%{_libexecdir}/%{name}
+%dir /run/%{name}/
+
+%changelog
+* Tue Dec 10 2013 Simo Sorce <simo at redhat.com> 0.7.0-1
+- Fix ownership of /run files
+
+* Wed Nov 27 2013 Simo Sorce <simo at redhat.com> 0.7.0-0
+- Initial Fedora release based on version 0.7.0
+- Based on an old spec file by Jean-Marc Liger <jmliger at siris.sorbonne.fr>
diff --git a/sources b/sources
index e69de29..5493a95 100644
--- a/sources
+++ b/sources
@@ -0,0 +1 @@
+b1d58363c6feb00a39402b347bc2e17b  mod_auth_mellon-0.7.0.tar.gz

More information about the scm-commits mailing list