From df7a9ca51ef09e19a2195e869be1a299faf25d23 Mon Sep 17 00:00:00 2001
From: Pav Lucistnik <pav@FreeBSD.org>
Date: Fri, 3 Aug 2007 23:21:25 +0000
Subject: [PATCH] Shibboleth is standards-based, open source middleware
 software which provides Web Single SignOn (SSO) across or within
 organizational boundaries. It allows sites to make informed authorization
 decisions for individual access of protected online resources in a
 privacy-preserving manner.

This software is a C++ implementation of the Service Provider
component of the Shibboleth can be used in Apache Web servers.  The
service provider manages secured resources. User access to resources
is based on assertions received by the service provider (SP) from
an identity provider.

WWW:	http://shibboleth.internet2.edu/

PR:		ports/114663
Submitted by:	Janos Mohacsi <janos.mohacsi@bsd.hu>
---
 security/Makefile                             |   1 +
 security/shibboleth-sp/Makefile               |  41 +++++++
 security/shibboleth-sp/distinfo               |   3 +
 .../files/patch-shib-target_shib-handlers.cpp |  16 +++
 security/shibboleth-sp/files/shibboleth-sp.in |  20 ++++
 security/shibboleth-sp/pkg-descr              |  13 +++
 security/shibboleth-sp/pkg-plist              | 103 ++++++++++++++++++
 security/shibboleth2-sp/Makefile              |  41 +++++++
 security/shibboleth2-sp/distinfo              |   3 +
 .../files/patch-shib-target_shib-handlers.cpp |  16 +++
 .../shibboleth2-sp/files/shibboleth-sp.in     |  20 ++++
 security/shibboleth2-sp/pkg-descr             |  13 +++
 security/shibboleth2-sp/pkg-plist             | 103 ++++++++++++++++++
 13 files changed, 393 insertions(+)
 create mode 100644 security/shibboleth-sp/Makefile
 create mode 100644 security/shibboleth-sp/distinfo
 create mode 100644 security/shibboleth-sp/files/patch-shib-target_shib-handlers.cpp
 create mode 100644 security/shibboleth-sp/files/shibboleth-sp.in
 create mode 100644 security/shibboleth-sp/pkg-descr
 create mode 100644 security/shibboleth-sp/pkg-plist
 create mode 100644 security/shibboleth2-sp/Makefile
 create mode 100644 security/shibboleth2-sp/distinfo
 create mode 100644 security/shibboleth2-sp/files/patch-shib-target_shib-handlers.cpp
 create mode 100644 security/shibboleth2-sp/files/shibboleth-sp.in
 create mode 100644 security/shibboleth2-sp/pkg-descr
 create mode 100644 security/shibboleth2-sp/pkg-plist

diff --git a/security/Makefile b/security/Makefile
index 30134f81fb3d..726fe02c5fac 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -669,6 +669,7 @@
     SUBDIR += sguil-sensor
     SUBDIR += sguil-server
     SUBDIR += sha
+    SUBDIR += shibboleth-sp
     SUBDIR += shishi
     SUBDIR += shttpscanner
     SUBDIR += sig2dot
diff --git a/security/shibboleth-sp/Makefile b/security/shibboleth-sp/Makefile
new file mode 100644
index 000000000000..710cdd5fe0f1
--- /dev/null
+++ b/security/shibboleth-sp/Makefile
@@ -0,0 +1,41 @@
+# New ports collection makefile for:	security/shibboleth-sp
+# Date created:		2007-07-17
+# Whom:			Janos Mohacsi <janos.mohacsi@bsd.hu>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	shibboleth-sp
+PORTVERSION=	1.3f
+CATEGORIES=	security www
+MASTER_SITES=	http://shibboleth.internet2.edu/downloads/
+
+MAINTAINER=	janos.mohacsi@bsd.hu
+COMMENT=	C++ Shibboleth Service Provider (Internet2) for Apache
+
+LIB_DEPENDS=	saml.5:${PORTSDIR}/security/opensaml
+
+OPTIONS=	APACHE22 "Use Apache version 2.2 instead of version 2.0"  on
+
+USE_GMAKE=	yes
+GNU_CONFIGURE=	yes
+USE_LDCONFIG=	yes
+USE_RC_SUBR=	shibboleth-sp
+WRKSRC=		${WRKDIR}/shibboleth-1.3
+
+.include <bsd.port.pre.mk>
+
+.if defined(WITH_APACHE22)
+USE_APACHE=	22
+CONFIGURE_ARGS=	--enable-apache-22 --with-apxs22=${APXS}
+.else
+USE_APACHE=	20
+CONFIGURE_ARGS=	--enable-apache-20 --with-apxs2=${APXS}
+.endif
+CONFIGURE_ARGS+=	--localstatedir=/var
+
+post-patch:
+	@${REINPLACE_CMD} -e 's|/run|/run/shibboleth|' ${WRKSRC}/configs/Makefile.in
+	@${REINPLACE_CMD} -e 's|/doc/|/share/doc/|' ${WRKSRC}/doc/Makefile.in
+
+.include <bsd.port.post.mk>
diff --git a/security/shibboleth-sp/distinfo b/security/shibboleth-sp/distinfo
new file mode 100644
index 000000000000..ee5be32b33ab
--- /dev/null
+++ b/security/shibboleth-sp/distinfo
@@ -0,0 +1,3 @@
+MD5 (shibboleth-sp-1.3f.tar.gz) = cd28dedcbb9fe56e32e287506bf4fed6
+SHA256 (shibboleth-sp-1.3f.tar.gz) = e72a8935c0df038233cabb24a1aada2790b5bc76b5cf4f8108b3a9d9e4fa7e7a
+SIZE (shibboleth-sp-1.3f.tar.gz) = 846077
diff --git a/security/shibboleth-sp/files/patch-shib-target_shib-handlers.cpp b/security/shibboleth-sp/files/patch-shib-target_shib-handlers.cpp
new file mode 100644
index 000000000000..70aeb1660820
--- /dev/null
+++ b/security/shibboleth-sp/files/patch-shib-target_shib-handlers.cpp
@@ -0,0 +1,16 @@
+
+$FreeBSD$
+
+--- shib-target/shib-handlers.cpp.orig
++++ shib-target/shib-handlers.cpp
+@@ -544,8 +544,8 @@
+     for (; *s; s++) {
+         if (strchr(badchars,*s) || *s<=0x20 || *s>=0x7F) {
+             ret+='%';
+-        ret+=hexchar(*s >> 4);
+-        ret+=hexchar(*s & 0x0F);
++        ret+=hexchar((unsigned char)*s >> 4);
++        ret+=hexchar((unsigned char)*s & 0x0F);
+         }
+         else
+             ret+=*s;
diff --git a/security/shibboleth-sp/files/shibboleth-sp.in b/security/shibboleth-sp/files/shibboleth-sp.in
new file mode 100644
index 000000000000..245ae80004d4
--- /dev/null
+++ b/security/shibboleth-sp/files/shibboleth-sp.in
@@ -0,0 +1,20 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# PROVIDE: shibboleth_sp
+# REQUIRE: DAEMON
+#
+
+. %%RC_SUBR%%
+
+name="shibboleth_sp"
+rcvar=${name}_enable
+
+[ -z "$shibboleth_sp_enable" ] && shibboleth_sp_enable="NO"
+pidfile="/var/run/${name}.pid"
+command="%%PREFIX%%/sbin/shibd"
+start_cmd="${command} -f -p ${pidfile} &"
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/security/shibboleth-sp/pkg-descr b/security/shibboleth-sp/pkg-descr
new file mode 100644
index 000000000000..5790a0232bf3
--- /dev/null
+++ b/security/shibboleth-sp/pkg-descr
@@ -0,0 +1,13 @@
+Shibboleth is standards-based, open source middleware software which
+provides Web Single SignOn (SSO) across or within organizational
+boundaries. It allows sites to make informed authorization decisions
+for individual access of protected online resources in a
+privacy-preserving manner.
+
+This software is a C++ implementation of the Service Provider
+component of the Shibboleth can be used in Apache Web servers.  The
+service provider manages secured resources. User access to resources
+is based on assertions received by the service provider (SP) from
+an identity provider.
+
+WWW:	http://shibboleth.internet2.edu/
diff --git a/security/shibboleth-sp/pkg-plist b/security/shibboleth-sp/pkg-plist
new file mode 100644
index 000000000000..8d26fe7b482e
--- /dev/null
+++ b/security/shibboleth-sp/pkg-plist
@@ -0,0 +1,103 @@
+@comment $FreeBSD$
+bin/test-client
+bin/shibtest
+bin/posttest
+etc/shibboleth/shibboleth.xml
+etc/shibboleth/shibboleth.xml.dist
+etc/shibboleth/native.logger
+etc/shibboleth/native.logger.dist
+etc/shibboleth/shibd.logger
+etc/shibboleth/shibd.logger.dist
+etc/shibboleth/AAP.xml
+etc/shibboleth/AAP.xml.dist
+etc/shibboleth/IQ-metadata.xml
+etc/shibboleth/IQ-metadata.xml.dist
+etc/shibboleth/example-metadata.xml
+etc/shibboleth/example-metadata.xml.dist
+etc/shibboleth/shibboleth.logger
+etc/shibboleth/shibboleth.logger.dist
+etc/shibboleth/accessError.html
+etc/shibboleth/accessError.html.dist
+etc/shibboleth/rmError.html
+etc/shibboleth/sslError.html
+etc/shibboleth/rmError.html.dist
+etc/shibboleth/sessionError.html
+etc/shibboleth/sessionError.html.dist
+etc/shibboleth/metadataError.html
+etc/shibboleth/metadataError.html.dist
+etc/shibboleth/sslError.html.dist
+etc/shibboleth/sp-example.key
+etc/shibboleth/sp-example.key.dist
+etc/shibboleth/sp-example.crt
+etc/shibboleth/sp-example.crt.dist
+etc/shibboleth/shibd
+etc/shibboleth/apache.config
+etc/shibboleth/apache2.config
+etc/shibboleth/apache22.config
+etc/shibboleth/inqueue.pem
+include/shib/shib.h
+include/shib/shib-threads.h
+include/shib/hresult.h
+include/shib-target/shib-target.h
+include/shib-target/shibrpc.h
+include/shib-target/shib-paths.h
+include/shib-target/hresult.h
+lib/liboncrpc.so.2
+lib/liboncrpc.so
+lib/libshib.so.6
+lib/libshib.so
+lib/libshib-target.so.5
+lib/libshib-target.so
+libexec/xmlproviders.so
+libexec/xmlproviders.la
+libexec/adfs.so
+libexec/adfs.la
+libexec/mod_shib_22.so
+libexec/mod_shib_22.la
+sbin/shibd
+sbin/siterefresh
+share/xml/shibboleth/credentials.xsd
+share/xml/shibboleth/cs-sstc-schema-assertion-01.xsd
+share/xml/shibboleth/cs-sstc-schema-protocol-01.xsd
+share/xml/shibboleth/cs-sstc-schema-assertion-1.1.xsd
+share/xml/shibboleth/cs-sstc-schema-protocol-1.1.xsd
+share/xml/shibboleth/soap-envelope.xsd
+share/xml/shibboleth/xmldsig-core-schema.xsd
+share/xml/shibboleth/xenc-schema.xsd
+share/xml/shibboleth/xml.xsd
+share/xml/shibboleth/shibboleth.xsd
+share/xml/shibboleth/shibboleth-trust-1.0.xsd
+share/xml/shibboleth/shibboleth-metadata-1.0.xsd
+share/xml/shibboleth/shibboleth-targetconfig-1.0.xsd
+share/xml/shibboleth/saml-schema-assertion-2.0.xsd
+share/xml/shibboleth/WS-Trust.xsd
+share/xml/shibboleth/saml-schema-metadata-2.0.xsd
+share/xml/shibboleth/metadata_v12_to_v11.xsl
+share/xml/shibboleth/metadata_v12_to_v13.xsl
+share/xml/shibboleth/metadata_v13_to_v12.xsl
+share/xml/shibboleth/trust_v12_to_v11.xsl
+share/xml/shibboleth/trust_v13_to_v12.xsl
+share/doc/shibboleth/CREDITS.txt
+share/doc/shibboleth/INSTALL.txt
+share/doc/shibboleth/INSTALL-WIN32.txt
+share/doc/shibboleth/LICENSE.txt
+share/doc/shibboleth/NEWS.txt
+share/doc/shibboleth/NOTICE.txt
+share/doc/shibboleth/README.txt
+share/doc/shibboleth/OPENSSL.LICENSE
+share/doc/shibboleth/LOG4CPP.LICENSE
+share/doc/shibboleth/CURL.LICENSE
+share/doc/shibboleth/mysql-4.0.12.diff
+share/doc/shibboleth/main.css
+share/doc/shibboleth/logo.jpg
+@exec mkdir -p %D/data
+@exec mkdir -p /var/log/shibboleth
+@exec mkdir -p /var/run/shibboleth
+@exec chmod -R ug=rwx,o= /var/run/shibboleth
+@unexec rm -rf /var/run/shibboleth 2>&1 >/dev/null || true
+@dirrmtry share/xml/shibboleth
+@dirrmtry include/shib-target
+@dirrmtry include/shib
+@dirrmtry etc/shibboleth
+@dirrm share/doc/shibboleth
+@dirrmtry data
diff --git a/security/shibboleth2-sp/Makefile b/security/shibboleth2-sp/Makefile
new file mode 100644
index 000000000000..710cdd5fe0f1
--- /dev/null
+++ b/security/shibboleth2-sp/Makefile
@@ -0,0 +1,41 @@
+# New ports collection makefile for:	security/shibboleth-sp
+# Date created:		2007-07-17
+# Whom:			Janos Mohacsi <janos.mohacsi@bsd.hu>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	shibboleth-sp
+PORTVERSION=	1.3f
+CATEGORIES=	security www
+MASTER_SITES=	http://shibboleth.internet2.edu/downloads/
+
+MAINTAINER=	janos.mohacsi@bsd.hu
+COMMENT=	C++ Shibboleth Service Provider (Internet2) for Apache
+
+LIB_DEPENDS=	saml.5:${PORTSDIR}/security/opensaml
+
+OPTIONS=	APACHE22 "Use Apache version 2.2 instead of version 2.0"  on
+
+USE_GMAKE=	yes
+GNU_CONFIGURE=	yes
+USE_LDCONFIG=	yes
+USE_RC_SUBR=	shibboleth-sp
+WRKSRC=		${WRKDIR}/shibboleth-1.3
+
+.include <bsd.port.pre.mk>
+
+.if defined(WITH_APACHE22)
+USE_APACHE=	22
+CONFIGURE_ARGS=	--enable-apache-22 --with-apxs22=${APXS}
+.else
+USE_APACHE=	20
+CONFIGURE_ARGS=	--enable-apache-20 --with-apxs2=${APXS}
+.endif
+CONFIGURE_ARGS+=	--localstatedir=/var
+
+post-patch:
+	@${REINPLACE_CMD} -e 's|/run|/run/shibboleth|' ${WRKSRC}/configs/Makefile.in
+	@${REINPLACE_CMD} -e 's|/doc/|/share/doc/|' ${WRKSRC}/doc/Makefile.in
+
+.include <bsd.port.post.mk>
diff --git a/security/shibboleth2-sp/distinfo b/security/shibboleth2-sp/distinfo
new file mode 100644
index 000000000000..ee5be32b33ab
--- /dev/null
+++ b/security/shibboleth2-sp/distinfo
@@ -0,0 +1,3 @@
+MD5 (shibboleth-sp-1.3f.tar.gz) = cd28dedcbb9fe56e32e287506bf4fed6
+SHA256 (shibboleth-sp-1.3f.tar.gz) = e72a8935c0df038233cabb24a1aada2790b5bc76b5cf4f8108b3a9d9e4fa7e7a
+SIZE (shibboleth-sp-1.3f.tar.gz) = 846077
diff --git a/security/shibboleth2-sp/files/patch-shib-target_shib-handlers.cpp b/security/shibboleth2-sp/files/patch-shib-target_shib-handlers.cpp
new file mode 100644
index 000000000000..70aeb1660820
--- /dev/null
+++ b/security/shibboleth2-sp/files/patch-shib-target_shib-handlers.cpp
@@ -0,0 +1,16 @@
+
+$FreeBSD$
+
+--- shib-target/shib-handlers.cpp.orig
++++ shib-target/shib-handlers.cpp
+@@ -544,8 +544,8 @@
+     for (; *s; s++) {
+         if (strchr(badchars,*s) || *s<=0x20 || *s>=0x7F) {
+             ret+='%';
+-        ret+=hexchar(*s >> 4);
+-        ret+=hexchar(*s & 0x0F);
++        ret+=hexchar((unsigned char)*s >> 4);
++        ret+=hexchar((unsigned char)*s & 0x0F);
+         }
+         else
+             ret+=*s;
diff --git a/security/shibboleth2-sp/files/shibboleth-sp.in b/security/shibboleth2-sp/files/shibboleth-sp.in
new file mode 100644
index 000000000000..245ae80004d4
--- /dev/null
+++ b/security/shibboleth2-sp/files/shibboleth-sp.in
@@ -0,0 +1,20 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# PROVIDE: shibboleth_sp
+# REQUIRE: DAEMON
+#
+
+. %%RC_SUBR%%
+
+name="shibboleth_sp"
+rcvar=${name}_enable
+
+[ -z "$shibboleth_sp_enable" ] && shibboleth_sp_enable="NO"
+pidfile="/var/run/${name}.pid"
+command="%%PREFIX%%/sbin/shibd"
+start_cmd="${command} -f -p ${pidfile} &"
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/security/shibboleth2-sp/pkg-descr b/security/shibboleth2-sp/pkg-descr
new file mode 100644
index 000000000000..5790a0232bf3
--- /dev/null
+++ b/security/shibboleth2-sp/pkg-descr
@@ -0,0 +1,13 @@
+Shibboleth is standards-based, open source middleware software which
+provides Web Single SignOn (SSO) across or within organizational
+boundaries. It allows sites to make informed authorization decisions
+for individual access of protected online resources in a
+privacy-preserving manner.
+
+This software is a C++ implementation of the Service Provider
+component of the Shibboleth can be used in Apache Web servers.  The
+service provider manages secured resources. User access to resources
+is based on assertions received by the service provider (SP) from
+an identity provider.
+
+WWW:	http://shibboleth.internet2.edu/
diff --git a/security/shibboleth2-sp/pkg-plist b/security/shibboleth2-sp/pkg-plist
new file mode 100644
index 000000000000..8d26fe7b482e
--- /dev/null
+++ b/security/shibboleth2-sp/pkg-plist
@@ -0,0 +1,103 @@
+@comment $FreeBSD$
+bin/test-client
+bin/shibtest
+bin/posttest
+etc/shibboleth/shibboleth.xml
+etc/shibboleth/shibboleth.xml.dist
+etc/shibboleth/native.logger
+etc/shibboleth/native.logger.dist
+etc/shibboleth/shibd.logger
+etc/shibboleth/shibd.logger.dist
+etc/shibboleth/AAP.xml
+etc/shibboleth/AAP.xml.dist
+etc/shibboleth/IQ-metadata.xml
+etc/shibboleth/IQ-metadata.xml.dist
+etc/shibboleth/example-metadata.xml
+etc/shibboleth/example-metadata.xml.dist
+etc/shibboleth/shibboleth.logger
+etc/shibboleth/shibboleth.logger.dist
+etc/shibboleth/accessError.html
+etc/shibboleth/accessError.html.dist
+etc/shibboleth/rmError.html
+etc/shibboleth/sslError.html
+etc/shibboleth/rmError.html.dist
+etc/shibboleth/sessionError.html
+etc/shibboleth/sessionError.html.dist
+etc/shibboleth/metadataError.html
+etc/shibboleth/metadataError.html.dist
+etc/shibboleth/sslError.html.dist
+etc/shibboleth/sp-example.key
+etc/shibboleth/sp-example.key.dist
+etc/shibboleth/sp-example.crt
+etc/shibboleth/sp-example.crt.dist
+etc/shibboleth/shibd
+etc/shibboleth/apache.config
+etc/shibboleth/apache2.config
+etc/shibboleth/apache22.config
+etc/shibboleth/inqueue.pem
+include/shib/shib.h
+include/shib/shib-threads.h
+include/shib/hresult.h
+include/shib-target/shib-target.h
+include/shib-target/shibrpc.h
+include/shib-target/shib-paths.h
+include/shib-target/hresult.h
+lib/liboncrpc.so.2
+lib/liboncrpc.so
+lib/libshib.so.6
+lib/libshib.so
+lib/libshib-target.so.5
+lib/libshib-target.so
+libexec/xmlproviders.so
+libexec/xmlproviders.la
+libexec/adfs.so
+libexec/adfs.la
+libexec/mod_shib_22.so
+libexec/mod_shib_22.la
+sbin/shibd
+sbin/siterefresh
+share/xml/shibboleth/credentials.xsd
+share/xml/shibboleth/cs-sstc-schema-assertion-01.xsd
+share/xml/shibboleth/cs-sstc-schema-protocol-01.xsd
+share/xml/shibboleth/cs-sstc-schema-assertion-1.1.xsd
+share/xml/shibboleth/cs-sstc-schema-protocol-1.1.xsd
+share/xml/shibboleth/soap-envelope.xsd
+share/xml/shibboleth/xmldsig-core-schema.xsd
+share/xml/shibboleth/xenc-schema.xsd
+share/xml/shibboleth/xml.xsd
+share/xml/shibboleth/shibboleth.xsd
+share/xml/shibboleth/shibboleth-trust-1.0.xsd
+share/xml/shibboleth/shibboleth-metadata-1.0.xsd
+share/xml/shibboleth/shibboleth-targetconfig-1.0.xsd
+share/xml/shibboleth/saml-schema-assertion-2.0.xsd
+share/xml/shibboleth/WS-Trust.xsd
+share/xml/shibboleth/saml-schema-metadata-2.0.xsd
+share/xml/shibboleth/metadata_v12_to_v11.xsl
+share/xml/shibboleth/metadata_v12_to_v13.xsl
+share/xml/shibboleth/metadata_v13_to_v12.xsl
+share/xml/shibboleth/trust_v12_to_v11.xsl
+share/xml/shibboleth/trust_v13_to_v12.xsl
+share/doc/shibboleth/CREDITS.txt
+share/doc/shibboleth/INSTALL.txt
+share/doc/shibboleth/INSTALL-WIN32.txt
+share/doc/shibboleth/LICENSE.txt
+share/doc/shibboleth/NEWS.txt
+share/doc/shibboleth/NOTICE.txt
+share/doc/shibboleth/README.txt
+share/doc/shibboleth/OPENSSL.LICENSE
+share/doc/shibboleth/LOG4CPP.LICENSE
+share/doc/shibboleth/CURL.LICENSE
+share/doc/shibboleth/mysql-4.0.12.diff
+share/doc/shibboleth/main.css
+share/doc/shibboleth/logo.jpg
+@exec mkdir -p %D/data
+@exec mkdir -p /var/log/shibboleth
+@exec mkdir -p /var/run/shibboleth
+@exec chmod -R ug=rwx,o= /var/run/shibboleth
+@unexec rm -rf /var/run/shibboleth 2>&1 >/dev/null || true
+@dirrmtry share/xml/shibboleth
+@dirrmtry include/shib-target
+@dirrmtry include/shib
+@dirrmtry etc/shibboleth
+@dirrm share/doc/shibboleth
+@dirrmtry data