www/glewlwyd: Add new port: Single-Sign-On server

This SSO server supports multiple factor authentication and multiple
authentication processes.

7 files changed, 421 insertions, 0 deletions

diff --git a/www/Makefile b/www/Makefile
index c8570aa8374e..e6c2f787ab27 100644
--- a/www/Makefile
+++ b/www/Makefile
@@ -196,6 +196,7 @@
     SUBDIR += glassfish
     SUBDIR += glassfish4
     SUBDIR += glpi
+    SUBDIR += glewlwyd
     SUBDIR += gnome-user-share
     SUBDIR += go-www
     SUBDIR += gobuffalo
diff --git a/www/glewlwyd/Makefile b/www/glewlwyd/Makefile
new file mode 100644
index 000000000000..58efbc5c2ea9
--- /dev/null
+++ b/www/glewlwyd/Makefile
@@ -0,0 +1,115 @@
+PORTNAME=	glewlwyd
+DISTVERSIONPREFIX=	v
+DISTVERSION=	2.6.1
+CATEGORIES=	www
+MASTER_SITES=	GH
+
+MAINTAINER=	dvl@FreeBSD.org
+COMMENT=	Single Sign On server, multiple factor authentication
+
+LICENSE=	GPLv3
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+USES=		cmake pgsql
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	babelouest
+GH_TAGNAME=	e1ea98a
+
+BUILD_DEPENDS+=	yder>0:devel/yder
+BUILD_DEPENDS+=	orcania>0:devel/orcania
+BUILD_DEPENDS+=	ulfius>0:www/ulfius
+BUILD_DEPENDS+=	hoel>0:devel/hoel
+BUILD_DEPENDS+=	oath-toolkit>0:security/oath-toolkit
+
+LIB_DEPENDS+=	libjansson.so:devel/jansson
+LIB_DEPENDS+=	libnettle.so:security/nettle
+LIB_DEPENDS+=	libhoel.so:devel/hoel
+
+LIB_DEPENDS+=	liboath.so:security/oath-toolkit
+LIB_DEPENDS+=	libjwt.so:www/libjwt
+LIB_DEPENDS+=	libgnutls.so:security/gnutls
+LIB_DEPENDS+=	libconfig.so:devel/libconfig
+
+LIB_DEPENDS+=	liblber.so:net/openldap24-client
+
+RUN_DEPENDS+=	yder>0:devel/yder
+RUN_DEPENDS+=	ulfius>0:www/ulfius
+RUN_DEPENDS+=	libjwt>0:www/libjwt
+RUN_DEPENDS+=	libcbor>0:devel/libcbor
+RUN_DEPENDS+=	libmicrohttpd>0:www/libmicrohttpd
+RUN_DEPENDS+=	gnutls>0:security/gnutls
+RUN_DEPENDS+=	libconfig>0:devel/libconfig
+RUN_DEPENDS+=	orcania>0:devel/orcania
+RUN_DEPENDS+=	oath-toolkit>0:security/oath-toolkit
+
+CMAKE_ARGS+=	-DWITH_JOURNALD=off
+CMAKE_ARGS+=	-DWITH_USER_LDAP=off
+CMAKE_ARGS+=	-DWITH_CLIENT_LDAP=off
+CMAKE_ARGS+=	-DLIBOATH_INCLUDE_DIR=${PREFIX}/include/liboath
+CMAKE_ARGS+=	-DLIBCBOR_INCLUDE_DIR=${PREFIX}/include/cbor
+CMAKE_ARGS+=	-DLIBCBOR_LIBRARY=${PREFIX}/lib/libcbor.so
+CMAKE_ARGS+=	-DWITH_SCHEME_WEBAUTHN=off
+
+# -DWITH_PGSQL=off -DWITH_SCHEME_WEBAUTHN=off
+
+SUB_FILES=	glewlwyd glewlwyd.conf.sample
+
+USERS=		glewlwyd
+GROUPS=		glewlwyd
+
+USE_LDCONFIG+=	${PREFIX}/lib/glewlwyd/client
+USE_LDCONFIG+=	${PREFIX}/lib/glewlwyd/plugin
+USE_LDCONFIG+=	${PREFIX}/lib/glewlwyd/scheme
+USE_LDCONFIG+=	${PREFIX}/lib/glewlwyd/user
+
+do-install:
+	# make all our dirs first
+	${MKDIR} ${STAGEDIR}${DATADIR}
+	${MKDIR} ${STAGEDIR}${DOCSDIR}
+	${MKDIR} ${STAGEDIR}${ETCDIR}
+#	${MKDIR} ${STAGEDIR}${PREFIX}/bin
+	${MKDIR} ${STAGEDIR}${PREFIX}/lib/glewlwyd/client
+	${MKDIR} ${STAGEDIR}${PREFIX}/lib/glewlwyd/plugin
+	${MKDIR} ${STAGEDIR}${PREFIX}/lib/glewlwyd/scheme
+	${MKDIR} ${STAGEDIR}${PREFIX}/lib/glewlwyd/user
+	${MKDIR} ${STAGEDIR}${WWWDIR}
+
+	${INSTALL_SCRIPT}  ${WRKDIR}/glewlwyd        ${STAGEDIR}${PREFIX}/etc/rc.d/
+
+	${INSTALL_PROGRAM} ${WRKDIR}/.build/glewlwyd ${STAGEDIR}${PREFIX}/sbin/
+
+	# move these files so they don't get clobbered during upgrade
+	${INSTALL_SCRIPT}  ${WRKDIR}/glewlwyd.conf.sample ${STAGEDIR}${ETCDIR}
+
+	${MV} ${WRKSRC}/webapp/config.json.sample ${STAGEDIR}${ETCDIR}/config.json.sample
+
+	# remove this file because we're installing a symlink here
+	${RM} ${STAGEDIR}${DATADIR}/webapp/config.json
+
+	# create a symlink
+	${LN} -sf ${ETCDIR}/config.json ${STAGEDIR}${WWWDIR}/config.json
+
+	${INSTALL_LIB} ${WRKDIR}/.build/libclientmoddatabase.so    ${STAGEDIR}${PREFIX}/lib/glewlwyd/client
+
+	${INSTALL_LIB} ${WRKDIR}/.build/libprotocol_oauth2.so      ${STAGEDIR}${PREFIX}/lib/glewlwyd/plugin
+	${INSTALL_LIB} ${WRKDIR}/.build/libprotocol_oidc.so        ${STAGEDIR}${PREFIX}/lib/glewlwyd/plugin
+	${INSTALL_LIB} ${WRKDIR}/.build/libprotocol_register.so    ${STAGEDIR}${PREFIX}/lib/glewlwyd/plugin
+
+	${INSTALL_LIB} ${WRKDIR}/.build/libschememodcertificate.so ${STAGEDIR}${PREFIX}/lib/glewlwyd/scheme
+	${INSTALL_LIB} ${WRKDIR}/.build/libschememodemail.so       ${STAGEDIR}${PREFIX}/lib/glewlwyd/scheme
+	${INSTALL_LIB} ${WRKDIR}/.build/libschememodhttp.so        ${STAGEDIR}${PREFIX}/lib/glewlwyd/scheme
+	${INSTALL_LIB} ${WRKDIR}/.build/libschememodotp.so         ${STAGEDIR}${PREFIX}/lib/glewlwyd/scheme
+	${INSTALL_LIB} ${WRKDIR}/.build/libschememodpassword.so    ${STAGEDIR}${PREFIX}/lib/glewlwyd/scheme
+
+	${INSTALL_LIB} ${WRKDIR}/.build/libusermoddatabase.so      ${STAGEDIR}${PREFIX}/lib/glewlwyd/user
+	${INSTALL_LIB} ${WRKDIR}/.build/libusermodhttp.so          ${STAGEDIR}${PREFIX}/lib/glewlwyd/user
+
+	${INSTALL_MAN} ${WRKSRC}/CHANGELOG.md                      ${STAGEDIR}${DATADIR}
+	${INSTALL_MAN} ${WRKSRC}/README.md                         ${STAGEDIR}${DATADIR}
+
+	(cd ${WRKSRC}/docs   && ${COPYTREE_SHARE} . ${STAGEDIR}${DOCSDIR})
+
+	(cd ${WRKSRC}/webapp && ${COPYTREE_SHARE} . ${STAGEDIR}${WWWDIR})
+
+.include <bsd.port.mk>
diff --git a/www/glewlwyd/distinfo b/www/glewlwyd/distinfo
new file mode 100644
index 000000000000..35d69eff59de
--- /dev/null
+++ b/www/glewlwyd/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1640728369
+SHA256 (babelouest-glewlwyd-v2.6.1-e1ea98a_GH0.tar.gz) = b4ca26e7b33590711a9015f19e3f71e15a0d24eaca1bdccf9df5207aab57e730
+SIZE (babelouest-glewlwyd-v2.6.1-e1ea98a_GH0.tar.gz) = 5113982
diff --git a/www/glewlwyd/files/glewlwyd.conf.sample.in b/www/glewlwyd/files/glewlwyd.conf.sample.in
new file mode 100644
index 000000000000..19c2a7f94ca9
--- /dev/null
+++ b/www/glewlwyd/files/glewlwyd.conf.sample.in
@@ -0,0 +1,156 @@
+#
+#
+# Glewlwyd SSO Authorization Server
+#
+# Copyright 2016-2019 Nicolas Mora <mail@babelouest.org>
+# Gnu Public License V3 <http://fsf.org/>
+#
+#
+
+# port to open for remote commands
+port=4593
+
+# bind to IPV4 address
+#bind_address="127.0.0.1"
+
+# external url to access to this instance
+external_url="http://localhost:4593"
+
+# login url relative to external url
+login_url="login.html"
+
+# api prefix
+api_prefix="api"
+
+# path to static files for /webapp url
+static_files_path="/usr/local/www/glewlwyd"
+
+# access-control-allow-origin value
+allow_origin="*"
+
+# log mode (console, syslog, journald, file)
+log_mode="file"
+
+# log level: NONE, ERROR, WARNING, INFO, DEBUG
+log_level="DEBUG"
+
+# output to log file (required if log_mode is file)
+log_file="/var/log/glewlwyd.log"
+
+# cookie domain
+cookie_domain=""
+
+# cookie_secure, this options SHOULD be set to 1, set this to 0 to test glewlwyd on insecure connection http instead of https
+cookie_secure=0
+
+# session expiration, default is 4 weeks
+session_expiration=2419200
+
+# session key
+session_key="GLEWLWYD2_SESSION_ID"
+
+# admin scope name
+admin_scope="g_admin"
+
+# profile scope name
+profile_scope="g_profile"
+
+# user_module path
+user_module_path="/usr/local/lib/glewlwyd/user"
+
+# client_module path
+client_module_path="/usr/local/lib/glewlwyd/client"
+
+# user_auth_scheme_module path
+user_auth_scheme_module_path="/usr/local/lib/glewlwyd/scheme"
+
+# plugin_module path
+plugin_module_path="/usr/local/lib/glewlwyd/plugin"
+
+# TLS/SSL configuration values
+use_secure_connection=false
+secure_connection_key_file="/etc/ssl/certs/cert.key"
+secure_connection_pem_file="/etc/ssl/certs/cert.pem"
+secure_connection_ca_file="/etc/ssl/certs/ca.crt"
+
+# Algorithms available are SHA1, SHA256, SHA512, MD5, default is SHA256
+hash_algorithm = "SHA512"
+
+# MariaDB/Mysql database connection
+#database =
+#{
+#  type     = "mariadb"
+#  host     = "localhost"
+#  user     = "glewlwyd"
+#  password = "glewlwyd"
+#  dbname   = "glewlwyd"
+#  port     = 0
+#}
+
+# SQLite database connection
+database =
+{
+  type = "sqlite3"
+  path = "/var/cache/glewlwyd/glewlwyd.db"
+};
+
+# PostgreSQL database connection
+#database =
+#{
+#  type = "postgre"
+#  conninfo = "dbname = glewlwyd"
+#}
+
+# mime types for webapp files
+static_files_mime_types =
+(
+  {
+    extension = ".html"
+    mime_type = "text/html"
+  },
+  {
+    extension = ".css"
+    mime_type = "text/css"
+  },
+  {
+    extension = ".js"
+    mime_type = "application/javascript"
+  },
+  {
+    extension = ".json"
+    mime_type = "application/json"
+  },
+  {
+    extension = ".png"
+    mime_type = "image/png"
+  },
+  {
+    extension = ".jpg"
+    mime_type = "image/jpeg"
+  },
+  {
+    extension = ".jpeg"
+    mime_type = "image/jpeg"
+  },
+  {
+    extension = ".ttf"
+    mime_type = "font/ttf"
+  },
+  {
+    extension = ".woff"
+    mime_type = "font/woff"
+  },
+  {
+    extension = ".woff2"
+    mime_type = "font/woff2"
+  },
+  {
+    extension = ".map"
+    mime_type = "application/octet-stream"
+  },
+  {
+    extension = ".ico"
+    mime_type = "image/x-icon"
+  }
+)
+
diff --git a/www/glewlwyd/files/glewlwyd.in b/www/glewlwyd/files/glewlwyd.in
new file mode 100755
index 000000000000..5aecd941f9f5
--- /dev/null
+++ b/www/glewlwyd/files/glewlwyd.in
@@ -0,0 +1,38 @@
+#!/bin/sh
+# $FreeBSD$
+
+# PROVIDE: glewlwyd
+# REQUIRE: LOGIN cleanvar
+# KEYWORD: shutdown
+
+#
+# Add the following lines to /etc/rc.conf to enable glewlwyd:
+# glewlwyd_enable (bool):	Set to "NO" by default.
+#				Set it to "YES" to enable glewlwyd
+# glewlwyd_configfile (str):    Defaults to %%PREFIX%%/etc/glewlwyd/glewlwyd.conf
+#
+
+
+. /etc/rc.subr
+
+name="glewlwyd"
+rcvar=glewlwyd_enable
+
+load_rc_config $name
+
+: ${glewlwyd_enable:=NO}
+: ${glewlwyd_configfile:=%%PREFIX%%/etc/glewlwyd/glewlwyd.conf}
+
+required_files="${glewlwyd_configfile}"
+
+glewlwyd_user="glewlwyd"
+glewlwyd_command="%%PREFIX%%/sbin/glewlwyd"
+glewlwyd_options="--config=${glewlwyd_configfile}"
+pidfile="/var/run/${name}/${name}.pid"
+
+command="/usr/sbin/daemon"
+command_args="-P ${pidfile} -r -f ${glewlwyd_command} ${glewlwyd_options}"
+
+echo $command $command_args
+
+run_rc_command "$1"
diff --git a/www/glewlwyd/pkg-descr b/www/glewlwyd/pkg-descr
new file mode 100644
index 000000000000..babf5073afe9
--- /dev/null
+++ b/www/glewlwyd/pkg-descr
@@ -0,0 +1,20 @@
+Single-Sign-On (SSO) server with multiple factor authentication.
+
+Authentication processes supported:
+
+* OAuth2
+* OpenID Connect
+* Allows users to authenticate via multiple factors:
+
+Password
+* One-time password (TOTP/HOTP)
+* Webauthn (Yubikey, Android devices)
+* One-time password sent via e-mail
+* TLS Certificate
+* Users and clients can be stored and managed from various backends:
+
+Database
+* LDAP service
+* HTTP Backend service providing Basic Authentication
+
+WWW: https://github.com/babelouest/glewlwyd
diff --git a/www/glewlwyd/pkg-plist b/www/glewlwyd/pkg-plist
new file mode 100644
index 000000000000..e98adc5f4f01
--- /dev/null
+++ b/www/glewlwyd/pkg-plist
@@ -0,0 +1,88 @@
+sbin/glewlwyd
+etc/rc.d/glewlwyd
+@sample %%ETCDIR%%/glewlwyd.conf.sample
+@sample %%ETCDIR%%/config.json.sample
+lib/glewlwyd/client/libclientmoddatabase.so
+lib/glewlwyd/plugin/libprotocol_oauth2.so
+lib/glewlwyd/plugin/libprotocol_oidc.so
+lib/glewlwyd/plugin/libprotocol_register.so
+lib/glewlwyd/scheme/libschememodcertificate.so
+lib/glewlwyd/scheme/libschememodemail.so
+lib/glewlwyd/scheme/libschememodhttp.so
+lib/glewlwyd/scheme/libschememodotp.so
+lib/glewlwyd/scheme/libschememodpassword.so
+lib/glewlwyd/user/libusermoddatabase.so
+lib/glewlwyd/user/libusermodhttp.so
+%%DATADIR%%/CHANGELOG.md
+%%DATADIR%%/README.md
+%%DOCSDIR%%/API.md
+%%DOCSDIR%%/CERTIFICATE.md
+%%DOCSDIR%%/CLIENT_DATABASE.md
+%%DOCSDIR%%/CLIENT_LDAP.md
+%%DOCSDIR%%/GETTING_STARTED.md
+%%DOCSDIR%%/INSTALL.md
+%%DOCSDIR%%/OAUTH2.md
+%%DOCSDIR%%/OIDC.md
+%%DOCSDIR%%/OTP.md
+%%DOCSDIR%%/README.md
+%%DOCSDIR%%/SCOPE.md
+%%DOCSDIR%%/USER.md
+%%DOCSDIR%%/USER_DATABASE.md
+%%DOCSDIR%%/USER_HTTP.md
+%%DOCSDIR%%/USER_LDAP.md
+%%DOCSDIR%%/WEBAUTHN.md
+%%DOCSDIR%%/database/README.md
+%%DOCSDIR%%/database/init-core.mariadb.sql
+%%DOCSDIR%%/database/init-core.postgre.sql
+%%DOCSDIR%%/database/init-core.sqlite3.sql
+%%DOCSDIR%%/database/init.mariadb.sql
+%%DOCSDIR%%/database/init.postgre.sql
+%%DOCSDIR%%/database/init.sqlite3.sql
+%%DOCSDIR%%/glewlwyd-init
+%%DOCSDIR%%/glewlwyd.service
+%%WWWDIR%%/admin.js
+%%WWWDIR%%/config.json
+%%WWWDIR%%/css/admin-custom.css
+%%WWWDIR%%/css/bootstrap.css
+%%WWWDIR%%/css/bootstrap.min.css
+%%WWWDIR%%/css/font-awesome.css
+%%WWWDIR%%/css/font-awesome.min.css
+%%WWWDIR%%/css/glewlwyd-custom.css
+%%WWWDIR%%/css/glewlwyd.css
+%%WWWDIR%%/css/login-custom.css
+%%WWWDIR%%/css/profile-custom.css
+%%WWWDIR%%/favicon.ico
+%%WWWDIR%%/img/logo-admin.png
+%%WWWDIR%%/img/logo-login.png
+%%WWWDIR%%/img/logo-profile.png
+%%WWWDIR%%/index.html
+%%WWWDIR%%/js/bootstrap.js
+%%WWWDIR%%/js/bootstrap.min.js
+%%WWWDIR%%/js/jquery.js
+%%WWWDIR%%/js/jquery.min.js
+%%WWWDIR%%/js/popper.js
+%%WWWDIR%%/js/popper.min.js
+%%WWWDIR%%/locales/en/translations.json
+%%WWWDIR%%/locales/fr/translations.json
+%%WWWDIR%%/locales/nl/translations.json
+%%WWWDIR%%/login.html
+%%WWWDIR%%/login.js
+%%WWWDIR%%/profile.html
+%%WWWDIR%%/profile.js
+%%WWWDIR%%/vendors~admin~login~profile.js
+%%WWWDIR%%/vendors~profile.js
+%%WWWDIR%%/webfonts/fa-brands-400.eot
+%%WWWDIR%%/webfonts/fa-brands-400.svg
+%%WWWDIR%%/webfonts/fa-brands-400.ttf
+%%WWWDIR%%/webfonts/fa-brands-400.woff
+%%WWWDIR%%/webfonts/fa-brands-400.woff2
+%%WWWDIR%%/webfonts/fa-regular-400.eot
+%%WWWDIR%%/webfonts/fa-regular-400.svg
+%%WWWDIR%%/webfonts/fa-regular-400.ttf
+%%WWWDIR%%/webfonts/fa-regular-400.woff
+%%WWWDIR%%/webfonts/fa-regular-400.woff2
+%%WWWDIR%%/webfonts/fa-solid-900.eot
+%%WWWDIR%%/webfonts/fa-solid-900.svg
+%%WWWDIR%%/webfonts/fa-solid-900.ttf
+%%WWWDIR%%/webfonts/fa-solid-900.woff
+%%WWWDIR%%/webfonts/fa-solid-900.woff2