ZXID SAML and TAS3 library
C Pure Data C# Perl Java Shell Other
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
.well-known
Net
c
csharp
default-cot
drupal/authn_sso
intra
mini_httpd-1.19-zxid
other
pers
php
postoffice
precheck
protected
py
rsrc
ruby
scope
servlet
sg
std-drafts
strong
t
tas3tests
test-cot
your-webapp/WEB-INF
zxidjava
.gitignore
1x1.gif
Axis2ZXIDModule.zip
BSDmakefile
BreakingSAML.pdf
COPYING
Changes
DeployingZxidServlets.txt
INSTALL.zxid
LICENSE-2.0.txt
LICENSE.curl
LICENSE.openssl
LICENSE.ssleay
Makefile
Manifest
Manifest.T3-IDP-ZXID
Manifest.T3-SSO-ZXID-JAVA
Manifest.T3-SSO-ZXID-MODAUTHSAML
Manifest.T3-SSO-ZXID-PHP
Manifest.T3-ZXID-LINUX-X86
Manifest.T3-ZXID-SRC
Manifest.T3-ZXID-WIN32
Net_SAML.html
Quick
README.mini_httpd
README.smime
README.zxid
README.zxid-oauth-uma
README.zxid-tas3
README.zxid-win32
ZxidSSOFilter.java
ZxidServlet.java
ak-lock.pl
akbox.c
akbox.h
akbox_fn.c
akgviz.c
aklog.c
aktab.h
an-main.html
an.css
apache.pd
app_demo.java
arch-zxid-apache.dia
arch-zxid-attr-brkr.dia
atsel-main.html
atsel.css
aux-templ.c
banner-zxid-468x60.png
benedemo.java
bio-sampo-2012
button-zxid-120x50.png
button-zxid-150x60.png
ca.crt
call-anal.pl
certauth.c
ci
cot-main.html
covrep.sh
csharpzxid.i
dash-main.html
dash.css
dec-templ.c
demotas3call.pl
demotas3sso.pl
diffy.pl
doc-end.pd
doc-inc.pd
ds-curlicon.png
ds-templ.c
ePortfolioDemo-risaris-01.xml
enc-templ.c
env.cgi
err.html
errmac.h
explo-main.html
explo.css
favicon.ico
filex.pm
gen-conf-ref.pl
gen-consts-from-gperf-output.pl
gen-cot-links.pl
getput-templ.c
global_150x60.png
hash-certs.pl
hiinit.c
hiios.c
hiios.h
hiiosdump.c
hinet.c
hiproto.h
hiread.c
hitodo.c
hiwrite.c
htpasswd.1
htpasswd.c
http.c
idp-select.png
idpsel.cgi
idpsel.css
idpsel.html
index-idp.html
index.pd
ios-logo-thumb.jpg
javazxid.i
kantara_logo.gif
keygen.c
kyfranke-ssh-key.pub
localmake.sh
log-pretty.pl
login.png
logo-zxid-128x128.png
logo-zxid-256x256.png
logo-zxid-32x32.png
logoLabSE_Big.gif
logo_grande.gif
logprint.h
macglue.h
match.c
mediawiki-zxid.pd
meta-fetch.dot
mini_httpd_filter.c
mkdist.pl
mockpdp.pl
mod_auth_saml.c
mod_auth_saml.html
mod_auth_saml.load
mod_auth_saml.pd
newuser-main.html
newuser-status.html
old-releases.html
openliberty_logo.gif
openssl.jpg
pass-password.pl
pde-wiki-2011
phpzxid.i
pkcs12.c
platform.h
port.h
post.html
protected.png
pulverize.pl
pxy-an-main.html
pyzxid.i
recoverpw-main.html
recoverpw-reset.html
ref-inc.pd
risaris-policy.xml
rubyzxid.i
saml2.h
schemata.pd
sed-zxid.pl
send.pl
simple-xml-pretty.pl
smime-enc.c
smime-qry.c
smime-vfy.c
smime.c
smime.html
smimemime.c
smimeutil.c
smimeutil.h
smimeutil.i
smtp.c
sp-flow.dia
sp-intake.png
stackable-filter-master-pdp.dia
stomp.c
swig17.png
tas3-deleg-demo.dia
tas3-demo-an-main.html
tas3-demo-idpsel.html
tas3-demo-post.html
tas3-index.html
tas3-integration.dia
tas3-logo.jpg
tas3-recurs-demo.png
tas3.h
tcpcat.pm
tdate_parse.c
test-smime.pl
test.c
test2-smime.pl
testGulyx.txt
testmain.java
testping.c
testplan.pd
tpn-client.sh
uma.cgi
umainfo.html
up
wikipedia-tas3-zxid-2011
wsc.i
wsf.h
wsfraw.i
xacml2ldif.pl
xml-pretty.pl
ykaes.c
ykcrc.c
ykzxuser.pl
yubikey.h
yubiright_16x16.gif
zlib3d-b1.png
zx.css
zx.h
zx_ext_pt.h
zxbench.c
zxbusd.c
zxbusdist.c
zxbusent.c
zxbuslist.c
zxbusprod.c
zxbussubs.c
zxbustailf.c
zxcall.c
zxcleanlogs.sh
zxcot.c
zxcovimp.sh
zxcrypto.c
zxdecode.c
zxdirent.c
zxencdectest.c
zxid-book.pd
zxid-compile.pd
zxid-conf.pd
zxid-cot.pd
zxid-faq.pd
zxid-idp.pd
zxid-install.pd
zxid-java.pd
zxid-java.sh
zxid-license.pd
zxid-log.pd
zxid-logo-guide.pd
zxid-perl.pd
zxid-php.pd
zxid-raw.pd
zxid-ref.pd
zxid-simple.pd
zxid-tas3-ios-index.html
zxid-tas3-logo.png
zxid-tas3.pd
zxid-wsf.pd
zxid.c
zxid.h
zxid.i
zxid.java
zxid.pem
zxid.php
zxid.pl
zxid_httpd.8
zxid_httpd.c
zxida7n.c
zxidacceptgrant.pl
zxidappdemo.java
zxidatsel.pl
zxidcdc.c
zxidcgi.c
zxidconf.c
zxidconf.h
zxidcot.pl
zxidcurl.c
zxiddash.pl
zxiddec.c
zxiddi.c
zxidecp.c
zxidepr.c
zxidexplo.pl
zxidgrant.pl
zxidhlo-java.sh
zxidhlo.c
zxidhlo.java
zxidhlo.php
zxidhlo.pl
zxidhlo.sh
zxidhlocgi.php
zxidhlowsf.c
zxidhrxmlwsc.c
zxidhrxmlwsp.c
zxididp-saml2_icon_150x60.png
zxididp.c
zxididpx.c
zxidim.c
zxidjavatest.java
zxidjavatest.sh
zxidlib.c
zxidloc.c
zxidmd.i
zxidmda.c
zxidmeta.c
zxidmk.c
zxidmkwsf.c
zxidmni.c
zxidnewuser.pl
zxidnoswig.h
zxidoauth.c
zxidoidc.c
zxidp-sp-terms.pd
zxidp-user-risk.pd
zxidp-user-terms.pd
zxidpdp.c
zxidpds.php
zxidpdscli.php
zxidpep.c
zxidpool.c
zxidpriv.h
zxidps.c
zxidpsso.c
zxidraw.i
zxidrecoverpw.pl
zxidses.c
zxidsimp.c
zxidsimple.c
zxidslo.c
zxidsp-saml2_icon_150x60.png
zxidsp.c
zxidspx.c
zxidsrvlet.java
zxidsso.c
zxidssofinalizetest.c
zxiduser.c
zxidutil.h
zxidwsc.c
zxidwscprepdemo.java
zxidwsctool.c
zxidwsf.c
zxidwsp.c
zxidwspaxisdemo.java
zxidwspaxisin.java
zxidwspaxismod.java
zxidwspaxisout.java
zxidwspcgi.c
zxidwspdemo.java
zxidwspdemo.php
zxidwspleaf.java
zxidxmltool.c
zximport-htpasswd.pl
zximport-ldif.pl
zxlib.c
zxlibdec.c
zxlibenc.c
zxlog.c
zxlogclean.sh
zxlogview.c
zxmkdirs.sh
zxmqtest.c
zxmqtest.pl
zxns.c
zxpasswd.c
zxpw.c
zxrev
zxsig.c
zxsizeof.c
zxtest.pl
zxumacall.c
zxutil.c
zxwsc.h

README.mini_httpd

README.mini_httpd
#################

20131121 Sampo kellomäki <sampo@zxid.org>

I used to recommend mini_httpd as a web server to use with ZXID
if you do not have a reason to use something heavier like Apache httpd.

Now, since I like mini_httpd so much, I have directly integrated
it to zxid: it is now called zxid_httpd and is built by default.
No need to do separate download or patching. You can invoke it thus

  zxid_httpd -zx 'PATH=/var/zxid/&WSP_PAT=*.wsp&SSO_PAT=*&DEBUG=1' -p 8443 -c 'zxid*' -S -E /var/zxid/pem/enc-nopw-cert.pem

Some of the "enhancements" in zxid_httpd over mini_httpd

* Always starts in "debugging" mode (-D)
* Dropped config file support
* Simplified mime type handling
* Compiles on mingw (spawn support to replace fork)
* Log files always in GMT (aka zulu or utc)
* Simplified IPv4 vs. IPv6 handling, removed select. Basically
  zxid_httpd can only be either IPv4 or IPv6, but not both, except
  on OS that somehow magically make IPv6 socket server also IPv4.
  If you need both, we recommend you start two daemons.
* Compiled with SSL and ZXID by default
* Supports compilation using dietlibc

--Sampo

README.mini_httpd_zxid
----------------------

21.6.2013 Sampo Kellomaki <sampo@zxid.org>

This directory contains mini_httpd-1.19 distribution, originally
by Jeff Poskanzer and downloaded from acme.com. Thanks Jeff for
great code.

This copy, distributed with ZXID, has been patched to play well together
with ZXID. The ZXID enhanced version is meant to be built with the
ZXID main Makefile (one directory up) and the binary is called
mini_httpd_zxid to avoid confusion with the original unaltered mini_httpd.
You can still build the original by using Jeff's Makefile in this
directory.

To build enhanced version

  cd zxid  # The parent directory of this directory
  make mini_httpd_zxid

Among enhancements are

* Handle PAOS HTTP header
* Pass through useful environment variables such as ZXID_PRE_CONF and ZXID_CONF
* ZXID SSO and WSP filter mode, similar to using mod_auth_saml with Apache httpd
* Support for dietlibc-0.33 (from Felix Leiner at fede.de) build
* Support for mingw build (tested as cross compilation)
* Support static linking

Cheers,
--Sampo

README from mini_httpd-1.19
---------------------------

                    mini_httpd - small HTTP server
                      version 1.19 of 19dec2003

mini_httpd is a small HTTP server.  Its performance is not great, but for
low or medium traffic sites it's quite adequate. It implements all the
basic features of an HTTP server, including:

  * GET, HEAD, and POST methods.
  * CGI.
  * Basic authentication.
  * Security against ".." filename snooping.
  * The common MIME types.
  * Trailing-slash redirection.
  * index.html, index.htm, index.cgi
  * Directory listings.
  * Multihoming / virtual hosting.
  * Standard logging.
  * Custom error pages.

It can also be configured to do SSL/HTTPS.

mini_httpd was written for a couple reasons.  One, as an experiment
to see just how slow an old-fashioned forking web server would be
with today's operating systems.  The answer is, surprisingly, not
that slow - on FreeBSD 3.2, mini_httpd benchmarks at about 90% the
speed of Apache.  The other main reason for writing mini_httpd was
to get a simple platform for experimenting with new web server
technology, for instance SSL.

See the manual entry for more details.

Files in this distribution:

    README              this
    Makefile            guess
    mini_httpd.c        source file for server
    mini_httpd.8        manual entry for server
    version.h           version defines
    port.h              portability defines
    mime_types.txt      list of MIME types
    htpasswd.c          source file for password changer
    htpasswd.1          manual entry for password changer
    index.html          sample index file

To build: If you're on a SysV-like machine (which includes old Linux systems
but not new Linux systems), edit the Makefile and uncomment the SYSVLIBS line.
If you're doing SSL, uncomment those lines too.  Otherwise, just do a make.

On Red Hat Linux systems you can use RPM to install mini_httpd, like so:
    cd /usr/src/redhat/SOURCES
    wget http://www.acme.com/software/mini_httpd/mini_httpd-1.19.tar.gz
    rpm -ta mini_httpd-1.19.tar.gz
    rpm -i /usr/src/redhat/RPMS/i386/mini_httpd-1.19-1.i386.rpm

Feedback is welcome - send bug reports, enhancements, checks, money
orders, etc. to the addresses below.

    Jef Poskanzer  jef@acme.com  http://www.acme.com/jef/

copyright statement from mini_httpd-1.19
----------------------------------------

mini_httpd - small HTTP server

Copyright © 1999,2000 by Jef Poskanzer <jef@acme.com>.
All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
   notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
   notice, this list of conditions and the following disclaimer in the
   documentation and/or other materials provided with the distribution.

THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.

Old README.mini_httpd
---------------------

I recommend using mini_httpd for SSL use. I usually compile
it with dietlibc and link it statically. The following patch
changes the Makefile to accomplish that and also to
support PAOS http header needed for SAML 2.0 ECP operation.

N.B. As of relese 1.16 (20131110) the zxid distribution includes
an already patched (and further modified) version fo mini_httpd.

  mini_httpd_zxid -zx 'PATH=/var/zxid/&WSP_PAT=*.wsp&SSO_PAT=*&DEBUG=1' -p 8443 -c 'zxid*' -S -E /var/zxid/pem/enc-nopw-cert.pem

--Sampo

5 mini_httpd-1.19 receipe
=========================
http://www.acme.com/software/mini_httpd/

diff -u Makefile.orig Makefile
--- Makefile.orig       2005-01-10 01:18:11.000000000 -0500
+++ Makefile    2005-01-10 02:17:32.927714400 -0500
@@ -14,16 +14,16 @@
 # http://www.openssl.org/  Make sure the SSL_TREE definition points to the
 # tree with your OpenSSL installation - depending on how you installed it,
 # it may be in /usr/local instead of /usr/local/ssl.
-#SSL_TREE =    /usr/local/ssl
-#SSL_DEFS =    -DUSE_SSL
-#SSL_INC =     -I${SSL_TREE}/include
-#SSL_LIBS =    -L${SSL_TREE}/lib -lssl -lcrypto
+SSL_TREE =     /opt/diet
+SSL_DEFS =     -DUSE_SSL
+SSL_INC =      -I${SSL_TREE}/include
+SSL_LIBS =     -L${SSL_TREE}/lib -lssl -lcrypto -lz
 
 
-BINDIR =       /usr/local/sbin
-MANDIR =       /usr/local/man
-CC =           gcc
-CDEFS =                ${SSL_DEFS} ${SSL_INC}
+BINDIR =       /usr/sbin
+MANDIR =       /usr/man
+CC =           diet gcc
+CDEFS =                ${SSL_DEFS} ${SSL_INC} -DDIET
 CFLAGS =       -O ${CDEFS}
 #CFLAGS =      -g ${CDEFS}
 LDFLAGS =      -s

diff -u mini_httpd.c.orig mini_httpd.c
--- mini_httpd.c.orig   2007-02-07 20:37:26.000000000 -0800
+++ mini_httpd.c        2007-02-07 20:45:10.000000000 -0800
@@ -226,6 +226,7 @@
 static time_t if_modified_since;
 static char* referer;
 static char* useragent;
+static char* paos;
 
 static char* remoteuser;
 
@@ -562,6 +563,7 @@
        }
 #endif /* USE_SSL */
 
+#ifndef DIET
     if ( ! debug )
        {
        /* Make ourselves a daemon. */
@@ -590,6 +592,7 @@
 #endif
        }
     else
+#endif
        {
        /* Even if we don't daemonize, we still want to disown our parent
        ** process.
@@ -612,10 +615,10 @@
         (void) fprintf( pidfp, "%d\n", (int) getpid() );
         (void) fclose( pidfp );
         }
-
+#ifndef DIET
     /* Read zone info now, in case we chroot(). */
     tzset();
-
+#endif
     /* If we're root, start becoming someone else. */
     if ( getuid() == 0 )
        {
@@ -1159,6 +1162,7 @@
     if_modified_since = (time_t) -1;
     referer = "";
     useragent = "";
+    paos = "";
 
 #ifdef TCP_NOPUSH
     /* Set the TCP_NOPUSH socket option, to try and avoid the 0.2 second
@@ -1276,6 +1280,12 @@
            cp += strspn( cp, " \t" );
            useragent = cp;
            }
+       else if ( strncasecmp( line, "PAOS:", 5 ) == 0 )
+           {
+           cp = &line[11];
+           cp += strspn( cp, " \t" );
+           paos = cp;
+           }
        }
 
     if ( strcasecmp( method_str, get_method_str( METHOD_GET ) ) == 0 )
@@ -2148,6 +2158,12 @@
        envp[envn++] = build_env( "HTTP_REFERER=%s", referer );
     if ( useragent[0] != '\0' )
        envp[envn++] = build_env( "HTTP_USER_AGENT=%s", useragent );
+    if ( paos[0] != '\0' )
+       envp[envn++] = build_env( "HTTP_PAOS=%s", paos );
+    if ( getenv( "ZXID_PRE_CONF" ) != (char*) 0 )
+       envp[envn++] = build_env( "ZXID_PRE_CONF=%s", getenv( "ZXID_PRE_CONF" ) );
+    if ( getenv( "ZXID_CONF" ) != (char*) 0 )
+       envp[envn++] = build_env( "ZXID_CONF=%s", getenv( "ZXID_CONF" ) );
     if ( cookie != (char*) 0 )
        envp[envn++] = build_env( "HTTP_COOKIE=%s", cookie );
     if ( host != (char*) 0 )

make
make cert

# N.B. It is very important that the mini_httpd is made against openssl built against diet. Else
# endless linking problems will arise and solving them with ../provide_ctype.o is wrong!
# no-dso option to openssl/Configure seems promising, too.

./mini_httpd -p 443 -d /d/mn/ssl -c '**.x' -l /var/log/mini_https.log -S -E /etc/mini_httpd.pem -D

#!/bin/sh
exec 2>&1
exec envuidgid Gtinydns envdir ./env softlimit -d300000 /usr/bin/tinydns