Initial commit of spec and patches

jthiltges · Oct 19, 2015 · 67fcc8e · 67fcc8e
1 parent a7642b2
commit 67fcc8e
Show file tree

Hide file tree

Showing 4 changed files with 162 additions and 0 deletions.
diff --git a/allow-anon-bind.patch b/allow-anon-bind.patch
@@ -0,0 +1,22 @@
+Remove the check requiring a bind_dn
+
+The code assumes an Active Directory server. For a non-AD server, it works
+fine with an anonymous bind.
+
+diff -r -U3 duoauthproxy-2.4.12-src.orig/pkgs/duoauthproxy/duoauthproxy/modules/ad_client.py duoauthproxy-2.4.12-src/pkgs/duoauthproxy/duoauthproxy/modules/ad_client.py
+--- duoauthproxy-2.4.12-src.orig/pkgs/duoauthproxy/duoauthproxy/modules/ad_client.py	2015-08-04 08:39:11.000000000 -0500
++++ duoauthproxy-2.4.12-src/pkgs/duoauthproxy/duoauthproxy/modules/ad_client.py	2015-10-16 10:53:07.624913666 -0500
+@@ -293,13 +293,6 @@
+             ldap_filter = None
+
+         # validate configuration
+-        if (auth_type == ldap.client.AD_AUTH_TYPE_PLAIN and not bind_dn):
+-            raise base.ConfigError(
+-                'Missing required configuration item: if \'auth_type\' '
+-                'is \'plain\', then \'bind_dn\' is required')
+-        else:
+-            bind_dn = bind_dn or '<ROOT>'
+-
+         if (auth_type == ldap.client.AD_AUTH_TYPE_PLAIN
+             and transport_type == ldap.client.AD_TRANSPORT_CLEAR):
+             log.msg('WARNING: you have selected cleartext (plain) authentication for Active Directory')
diff --git a/authproxy.sample-openldap.cfg b/authproxy.sample-openldap.cfg
@@ -0,0 +1,19 @@
+[ad_client]
+host=ldap1.example.edu
+host_2=ldap2.example.edu
+host_3=ldap3.example.edu
+search_dn=ou=People,dc=example,dc=edu
+auth_type=plain
+username_attribute=uid
+service_account_username=
+service_account_password=
+bind_dn=
+
+[ldap_server_auto]
+ikey=IIIIIIIIIIIIIIIIIIII
+skey=ssssssssssssssssssssssssssssssssssssssss
+api_host=api-zzzzzzzz.duosecurity.com
+failmode=safe
+port=10389
+client=ad_client
+exempt_primary_bind=False
diff --git a/duoauthproxy.spec b/duoauthproxy.spec
@@ -0,0 +1,96 @@
+Name:           duoauthproxy
+Version:        2.4.12
+Release:        1%{?dist}
+Summary:        Duo Authentication Proxy
+
+Group:          System Environment/Daemons
+License:        Commercial
+URL:            https://www.duosecurity.com/docs/ldap
+Source0:        https://dl.duosecurity.com/duoauthproxy-%{version}-src.tgz
+Source1:        authproxy.sample-openldap.cfg
+Patch0:         non-interactive-install.patch
+Patch1:         allow-anon-bind.patch
+
+%define svc_user    nobody
+%define install_dir /opt/%{name}
+%global debug_package %{nil}
+
+BuildRequires: python-devel
+BuildRequires: openssl-devel
+BuildRequires: perl
+
+# Needed by the init script
+Requires: initscripts
+Requires: chkconfig
+
+%description
+Proxies RADIUS or LDAP authentication attempts and adds Duo authentication
+
+%prep
+%setup -q -n %{name}-%{version}-src
+%patch0 -p1
+%patch1 -p1
+
+# Sample config
+cp -p %{SOURCE1} conf
+
+# Set username in authproxyctl
+perl -p -i -e "s/^USER_DEFAULT = None$/USER_DEFAULT = '%{svc_user}'/g" pkgs/duoauthproxy/scripts/authproxyctl
+
+%build
+make
+
+%install
+rm -rf %{buildroot}
+
+# The included installer doesn't work with buildroots, so we install manually
+#duoauthproxy-build/install
+
+########################################################
+# Extract the RHEL init script from the python installer
+mv duoauthproxy-build/install install.py
+
+cat > get_init.py << EOF
+import install
+params = {'service_user': '%{svc_user}',
+          'install_dir':  '%{install_dir}' }
+
+print install.INITSCRIPT_REDHAT_TMPL % params
+EOF
+python get_init.py > init
+install -D init %{buildroot}/%{_initddir}/%{name}
+
+########################################################
+# Install the application
+mkdir -p %{buildroot}/%{install_dir}
+cp -a duoauthproxy-build/* %{buildroot}/%{install_dir}
+
+%clean
+rm -rf %{buildroot}
+
+%post
+/sbin/chkconfig --add %{name}
+
+%preun
+if [ $1 = 0 ]; then # Final removal
+    /sbin/service %{name} stop >/dev/null 2>&1 || :
+    /sbin/chkconfig --del %{name}
+fi
+
+%files
+%defattr(-,root,root,-)
+%{install_dir}/bin
+%config %{install_dir}/conf/ca-bundle.crt
+%config(noreplace) %attr(640,%{svc_user},%{svc_user}) %{install_dir}/conf/authproxy.cfg
+%{install_dir}/conf/authproxy.sample-openldap.cfg
+%{install_dir}/doc
+%{install_dir}/include
+%{install_dir}/lib
+%{install_dir}/lib64
+%attr(750,%{svc_user},%{svc_user}) %{install_dir}/log
+%attr(750,%{svc_user},%{svc_user}) %{install_dir}/run
+%{_initddir}/%{name}
+
+%changelog
+* Fri Oct 16 2015 John Thiltges <> 2.4.12-1
+- Initial package
diff --git a/non-interactive-install.patch b/non-interactive-install.patch
@@ -0,0 +1,25 @@
+diff --git a/scripts/install b/scripts/install
+index 9542fd9..079dc23 100755
+--- a/scripts/install
++++ b/scripts/install
+@@ -374,7 +374,7 @@ class AuthproxyInstaller(object):
+
+     def install(self):
+         # user interaction
+-        self.show_license()
++        #self.show_license()
+         self.get_install_dir()
+         self.get_user()
+
+@@ -620,7 +620,10 @@ class AuthproxyInstaller(object):
+             print 'Failed to create uninstall script: %s' % e
+
+ def main(argv):
+-    installer = AuthproxyInstaller()
++    installer = AuthproxyInstaller(
++            install_dir=AuthproxyInstaller.INSTALL_DIR_DEFAULT,
++            service_user=AuthproxyInstaller.USER_DEFAULT,
++            do_initscript=True)
+     try:
+         installer.install()
+         return 0