Switch to Xrootd 4.9.0-style configuration files

CMakeLists.txt

@@ -36,6 +36,7 @@ target_link_libraries(XrdAccSciTokens -ldl ${Boost_PYTHON_LIBRARY} ${PYTHON_LIBR
 set_target_properties(XrdAccSciTokens PROPERTIES OUTPUT_NAME XrdAccSciTokens-4 SUFFIX ".so" LINK_FLAGS "-Wl,--version-script=${CMAKE_SOURCE_DIR}/configs/export-lib-symbols")
 
 SET(LIB_INSTALL_DIR "${CMAKE_INSTALL_PREFIX}/lib" CACHE PATH "Install path for libraries")
+SET(SYSCONF_INSTALL_DIR "${CMAKE_INSTALL_PREFIX}/etc" CACHE PATH "Install path for config files")
 
 install(
   TARGETS _scitokens_xrootd
@@ -48,3 +49,11 @@ install(
 install(
   FILES ${CMAKE_SOURCE_DIR}/src/scitokens_xrootd.py
   DESTINATION ${LIB_INSTALL_DIR}/python${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}/site-packages/ )
+
+install(
+  FILES ${CMAKE_SOURCE_DIR}/configs/30-scitokens-auth.cfg
+  DESTINATION ${SYSCONF_INSTALL_DIR}/xrootd/config.d)
+
+install(
+  FILES ${CMAKE_SOURCE_DIR}/configs/scitokens.cfg
+  DESTINATION ${SYSCONF_INSTALL_DIR}/xrootd)

configs/30-scitokens-auth.cfg

@@ -0,0 +1,26 @@
+#
+# Configure authorization based on SciTokens.
+#
+# **********************************************************************
+# * WARNING: DO NOT EDIT THIS FILE.  IT WILL BE OVERWRITTEN ON UPGRADE *
+# **********************************************************************
+#
+# To provide your own configuration file, set the ScitokensConfig variable
+# in a previous file such as `/etc/xrootd/config.d/10-local.cfg`.
+#
+# Otherwise, the default configuration file is `/etc/xrootd/scitokens.cfg`.
+#
+
+if defined ?ScitokensConfig
+
+  ofs.authlib libXrdAccSciTokens.so
+
+else
+
+  ofs.authlib libXrdAccSciTokens.so
+
+fi
+
+# Passes the Authorization header from the HTTP request to the authorization
+# library
+http.header2cgi Authorization authz

configs/scitokens.cfg

@@ -13,20 +13,21 @@
 #audience_json = [ "this,is,a,single,audience", "it can even have spaces" ]
 #audience_json = "single,audience,with,commas,and:"
 
-
-[Issuer OSG-Connect]
-
-issuer = https://scitokens.org/osg-connect
-base_path = /stash
-# For the OSG Connect xrootd host, the `sub` claim should
-# be identical to the local Unix username.
-map_subject = True
-
-[Issuer CMS]
-
-issuer = https://scitokens.org/cms
-base_path = /user/cms
-# For CMS, there is no relationship between local usernames
-# and the VO name.
-map_subject = False
+# Below are some sample issuers you might consider enabling
+
+# [Issuer OSG-Connect]
+#
+# issuer = https://scitokens.org/osg-connect
+# base_path = /stash
+# # For the OSG Connect xrootd host, the `sub` claim should
+# # be identical to the local Unix username.
+# map_subject = True
+
+# [Issuer CMS]
+
+# issuer = https://scitokens.org/cms
+# base_path = /user/cms
+# # For CMS, there is no relationship between local usernames
+# # and the VO name.
+# map_subject = False
 

rpm/xrootd-scitokens.spec

@@ -27,7 +27,7 @@ SciTokens authentication plugin for XRootD
 %build
 mkdir build
 cd build
-%cmake ..
+%cmake -DPython_ADDITIONAL_VERSIONS=2.7 ..
 make 
 
 %install
@@ -50,6 +50,8 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/libXrdAccSciTokens-4.so
 %{_libdir}/python2.7/site-packages/_scitokens_xrootd.so
 %{_libdir}/python2.7/site-packages/scitokens_xrootd.py*
+%config(noreplace) %{_sysconfdir}/xrootd/scitokens.cfg
+%config %{_sysconfdir}/xrootd/config.d/30-scitokens-auth.cfg
 
 %defattr(-,root,root,-)