Skip to content

Commit

Permalink
Remove MellonIdPPublicKeyFile option
Browse files Browse the repository at this point in the history
It was only used when you compiled Mellon with Lasso < 2.4, last
released in 2014, so was in practice not usable. However this was
not clear from the documentation.

Generalise the handling of obsolete options: keep them a no-op
but log a startup notice when encountered. This now also applies
to the earlier removed MellonDecoder option.

Closes: #125
  • Loading branch information
thijskh committed Sep 26, 2023
1 parent 241e475 commit 1465590
Show file tree
Hide file tree
Showing 6 changed files with 12 additions and 36 deletions.
7 changes: 0 additions & 7 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -477,13 +477,6 @@ MellonDiagnosticsEnable Off
# Default: None set.
#MellonIdPMetadataGlob /etc/apache2/mellon/*-metadata.xml
# MellonIdpPublicKeyFile is the full path of the public key of the
# IdP. This parameter is optional if the public key is embedded
# in the IdP's metadata file, or if a certificate authority is
# used. This parameter cannot be used if multiple IdP are configured.
# Default: None set.
MellonIdPPublicKeyFile /etc/apache2/mellon/idp-public-key.pem
# MellonIdPCAFile is the full path to the certificate of the
# certificate authority. This can be used instead of an
# certificate for the IdP.
Expand Down
1 change: 0 additions & 1 deletion auth_mellon.h
Original file line number Diff line number Diff line change
Expand Up @@ -266,7 +266,6 @@ typedef struct am_dir_cfg_rec {
am_file_data_t *sp_private_key_file;
am_file_data_t *sp_cert_file;
apr_array_header_t *idp_metadata;
am_file_data_t *idp_public_key_file;
am_file_data_t *idp_ca_file;
GList *idp_ignore;

Expand Down
23 changes: 10 additions & 13 deletions auth_mellon_config.c
Original file line number Diff line number Diff line change
Expand Up @@ -647,8 +647,8 @@ static const char *am_set_secure_slots(cmd_parms *cmd,
return NULL;
}

/* This function handles the obsolete MellonDecoder configuration directive.
* It is a no-op.
/* This function handles the obsolete configuration directives.
* It is a no-op but logs a warning on startup.
*
* Parameters:
* cmd_parms *cmd The command structure for this configuration
Expand All @@ -660,10 +660,13 @@ static const char *am_set_secure_slots(cmd_parms *cmd,
* Returns:
* NULL
*/
static const char *am_set_decoder_slot(cmd_parms *cmd,
static const char *am_set_obsolete_option(cmd_parms *cmd,
void *struct_ptr,
const char *arg)
{
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, cmd->server,
"Obsolete option %s set which has no effect",
cmd->cmd->name);
return NULL;
}

Expand Down Expand Up @@ -1394,7 +1397,7 @@ const command_rec auth_mellon_commands[] = {
),
AP_INIT_TAKE1(
"MellonDecoder",
am_set_decoder_slot,
am_set_obsolete_option,
NULL,
OR_AUTHCFG,
"Obsolete option, now a no-op for backwards compatibility."
Expand Down Expand Up @@ -1591,10 +1594,10 @@ const command_rec auth_mellon_commands[] = {
),
AP_INIT_TAKE1(
"MellonIdPPublicKeyFile",
am_set_file_pathname_slot,
(void *)APR_OFFSETOF(am_dir_cfg_rec, idp_public_key_file),
am_set_obsolete_option,
NULL,
OR_AUTHCFG,
"Full path to pem file with the public key for the IdP."
"Obsolete option, now a no-op for backwards compatibility."
),
AP_INIT_TAKE1(
"MellonIdPCAFile",
Expand Down Expand Up @@ -1863,7 +1866,6 @@ void *auth_mellon_dir_config(apr_pool_t *p, char *d)
dir->sp_private_key_file = NULL;
dir->sp_cert_file = NULL;
dir->idp_metadata = apr_array_make(p, 0, sizeof(am_metadata_t));
dir->idp_public_key_file = NULL;
dir->idp_ca_file = NULL;
dir->idp_ignore = NULL;
dir->login_path = default_login_path;
Expand Down Expand Up @@ -1916,7 +1918,6 @@ static bool cfg_can_inherit_lasso_server(const am_dir_cfg_rec *add_cfg)
|| add_cfg->sp_cert_file != NULL)
return false;
if (add_cfg->idp_metadata->nelts > 0
|| add_cfg->idp_public_key_file != NULL
|| add_cfg->idp_ca_file != NULL
|| add_cfg->idp_ignore != NULL)
return false;
Expand Down Expand Up @@ -2066,10 +2067,6 @@ void *auth_mellon_dir_merge(apr_pool_t *p, void *base, void *add)
add_cfg->idp_metadata :
base_cfg->idp_metadata);

new_cfg->idp_public_key_file = (add_cfg->idp_public_key_file ?
add_cfg->idp_public_key_file :
base_cfg->idp_public_key_file);

new_cfg->idp_ca_file = (add_cfg->idp_ca_file ?
add_cfg->idp_ca_file :
base_cfg->idp_ca_file);
Expand Down
2 changes: 0 additions & 2 deletions auth_mellon_diagnostics.c
Original file line number Diff line number Diff line change
Expand Up @@ -501,8 +501,6 @@ am_diag_log_dir_cfg(request_rec *r, int level, am_dir_cfg_rec *cfg,
"MellonSPPrivateKeyFile (sp_private_key_file):");
am_diag_log_file_data(r, level+1, cfg->sp_cert_file,
"MellonSPCertFile (sp_cert_file):");
am_diag_log_file_data(r, level+1, cfg->idp_public_key_file,
"MellonIdPPublicKeyFile (idp_public_key_file):");
am_diag_log_file_data(r, level+1, cfg->idp_ca_file,
"MellonIdPCAFile (idp_ca_file):");

Expand Down
5 changes: 2 additions & 3 deletions auth_mellon_handler.c
Original file line number Diff line number Diff line change
Expand Up @@ -322,9 +322,8 @@ static LassoServer *am_get_lasso_server(request_rec *r)
if (am_server_add_providers(cfg, r) == 0) {
AM_LOG_RERROR(APLOG_MARK, APLOG_ERR, 0, r,
"Error adding IdP to lasso server object. Please"
" verify the following configuration directives:"
" MellonIdPMetadataFile and"
" MellonIdPPublicKeyFile.");
" verify the following configuration directive:"
" MellonIdPMetadataFile.");

lasso_server_destroy(cfg->server);
cfg->server = NULL;
Expand Down
10 changes: 0 additions & 10 deletions doc/user_guide/mellon_user_guide.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -3523,8 +3523,6 @@ Mellon Directory Configuration for URL: /saml-test/protected.html
XotXjsiL1KtqNW1k/oVtLwNP0trqqh9npWV+R3pDTckxIHQhOvs5VqQZANViH6mp
YK53b9Bhr0TpIOKetFY68kQ=
-----END CERTIFICATE-----
MellonIdPPublicKeyFile (idp_public_key_file):
file_data: NULL
MellonIdPCAFile (idp_ca_file):
file_data: NULL
MellonIdPMetadataFile (idp_metadata): 1 items
Expand Down Expand Up @@ -3922,8 +3920,6 @@ Mellon Directory Configuration for URL: /mellon/login
XotXjsiL1KtqNW1k/oVtLwNP0trqqh9npWV+R3pDTckxIHQhOvs5VqQZANViH6mp
YK53b9Bhr0TpIOKetFY68kQ=
-----END CERTIFICATE-----
MellonIdPPublicKeyFile (idp_public_key_file):
file_data: NULL
MellonIdPCAFile (idp_ca_file):
file_data: NULL
MellonIdPMetadataFile (idp_metadata): 1 items
Expand Down Expand Up @@ -4330,8 +4326,6 @@ Mellon Directory Configuration for URL: /mellon/postResponse
XotXjsiL1KtqNW1k/oVtLwNP0trqqh9npWV+R3pDTckxIHQhOvs5VqQZANViH6mp
YK53b9Bhr0TpIOKetFY68kQ=
-----END CERTIFICATE-----
MellonIdPPublicKeyFile (idp_public_key_file):
file_data: NULL
MellonIdPCAFile (idp_ca_file):
file_data: NULL
MellonIdPMetadataFile (idp_metadata): 1 items
Expand Down Expand Up @@ -4822,8 +4816,6 @@ Mellon Directory Configuration for URL: /saml-test/protected.html
XotXjsiL1KtqNW1k/oVtLwNP0trqqh9npWV+R3pDTckxIHQhOvs5VqQZANViH6mp
YK53b9Bhr0TpIOKetFY68kQ=
-----END CERTIFICATE-----
MellonIdPPublicKeyFile (idp_public_key_file):
file_data: NULL
MellonIdPCAFile (idp_ca_file):
file_data: NULL
MellonIdPMetadataFile (idp_metadata): 1 items
Expand Down Expand Up @@ -5107,8 +5099,6 @@ Mellon Directory Configuration for URL: /favicon.ico
XotXjsiL1KtqNW1k/oVtLwNP0trqqh9npWV+R3pDTckxIHQhOvs5VqQZANViH6mp
YK53b9Bhr0TpIOKetFY68kQ=
-----END CERTIFICATE-----
MellonIdPPublicKeyFile (idp_public_key_file):
file_data: NULL
MellonIdPCAFile (idp_ca_file):
file_data: NULL
MellonIdPMetadataFile (idp_metadata): 1 items
Expand Down

0 comments on commit 1465590

Please sign in to comment.