Permalink
Browse files

added support for GSSAPI through a patch by Mikale Magnusson

git-svn-id: https://erlyaws.svn.sourceforge.net/svnroot/erlyaws/trunk/yaws@1170 9fbdc01b-0d2c-0410-bfb7-fb27d70d8b52
  • Loading branch information...
1 parent 40cb5e1 commit 5b596d7353bdf40607d51bc3ce216490efae9655 @klacke committed Sep 23, 2007
Showing with 62 additions and 12 deletions.
  1. +26 −0 man/yaws.conf.5
  2. +3 −2 src/Makefile
  3. +2 −0 src/yaws.erl
  4. +30 −9 src/yaws_server.erl
  5. +1 −1 src/yaws_sup.erl
View
@@ -578,6 +578,32 @@ at startup, as well as some user specific configuration.
.fi
+An example specifying the GSSAPI/SPNEGO module (authmod_gssapi) to be
+used for authentication. This module requires egssapi version 0.1~pre2
+or later available at http://www.hem.za.org/egssapi/.
+
+The Kerberos5 keytab is specified as 'keytab = File' directive in
+opaque. This keytab should contain the keys of the HTTP service
+principal, 'HTTP/www.funky.org' in this example.
+
+.nf
+
+<server www.funky.org>
+ port = 80
+ listen = 192.168.128.31
+ docroot = /var/yaws/www_funky_org
+ start_mod = authmod_gssapi
+ <auth>
+ authmod = authmod_gssapi
+ dir = secret/dir1
+ </auth>
+ <opaque>
+ keytab = /etc/yaws/http.keytab
+ </opaque>
+</server>
+
+.fi
+
And finally a sligthly more complex example
View
@@ -35,11 +35,12 @@ MODULES=yaws \
yaws_pam \
json jsonrpc yaws_jsonrpc yaws_xmlrpc\
haxe yaws_rpc \
- yaws_soap_srv yaws_soap_lib
+ yaws_soap_srv yaws_soap_lib \
+ authmod_gssapi
EBIN_FILES=$(MODULES:%=../ebin/%.$(EMULATOR)) ../ebin/yaws.app
-ERLC_FLAGS+=-W $(DEBUG_FLAGS) -pa ../../yaws
+ERLC_FLAGS+=-W $(DEBUG_FLAGS) -pa ../../yaws -I ../include
#
# Targets
View
@@ -2003,6 +2003,8 @@ parse_auth(Orig = "Basic " ++ Auth64) ->
undefined
end
end;
+parse_auth(Orig = "Negotiate " ++ _Auth64) ->
+ {undefined, undefined, Orig};
parse_auth(_) ->
undefined.
View
@@ -1347,8 +1347,16 @@ handle_request(CliSock, ARG, N) ->
?Debug("Test revproxy: ~p and ~p~n",
[DecPath, SC#sconf.revproxy]),
- IsAuth = is_auth(ARG, DecPath,ARG#arg.headers,
- SC#sconf.authdirs),
+ {IsAuth, ARG1} =
+ case is_auth(ARG, DecPath,ARG#arg.headers,
+ SC#sconf.authdirs) of
+ {true, User} ->
+ {true, set_auth_user(ARG, User)};
+ E ->
+ {E, ARG}
+ end,
+
+
IsRev = is_revproxy(DecPath, SC#sconf.revproxy),
IsRedirect = is_redirect_map(DecPath,
SC#sconf.redirect_map),
@@ -1367,7 +1375,7 @@ handle_request(CliSock, ARG, N) ->
%%arg.prepath ?
- ARG2 = ARG#arg{
+ ARG2 = ARG1#arg{
server_path = DecPath,
querydata= QueryString,
prepath=undefined,
@@ -1377,15 +1385,15 @@ handle_request(CliSock, ARG, N) ->
},
handle_ut(CliSock, ARG2, UT, N);
{_, _, {true, MethodHostPort}} ->
- deliver_302_map(CliSock, Req, ARG,
+ deliver_302_map(CliSock, Req, ARG1,
MethodHostPort);
{true, false, _} ->
%%'main' branch so to speak. Most
%% requests pass through here.
- UT = url_type(DecPath, ARG#arg.docroot,
- ARG#arg.docroot_mount),
- ARG2 = ARG#arg{
+ UT = url_type(DecPath, ARG1#arg.docroot,
+ ARG1#arg.docroot_mount),
+ ARG2 = ARG1#arg{
server_path = DecPath,
querydata = QueryString,
fullpath = UT#urltype.fullpath,
@@ -1422,7 +1430,7 @@ handle_request(CliSock, ARG, N) ->
handle_ut(CliSock, ARG3, UT, N);
{true, {true, PP}, _} ->
- yaws_revproxy:init(CliSock, ARG, DecPath,
+ yaws_revproxy:init(CliSock, ARG1, DecPath,
QueryString, PP, N);
{false, _, _} ->
deliver_403(CliSock, Req);
@@ -1439,6 +1447,17 @@ handle_request(CliSock, ARG, N) ->
deliver_400(CliSock, Req)
end.
+set_auth_user(ARG, User) ->
+ H = ARG#arg.headers,
+ Auth =
+ case H#headers.authorization of
+ {_User, Pass, Orig} ->
+ {User, Pass, Orig};
+ E ->
+ E
+ end,
+ H2 = H#headers{authorization = Auth},
+ ARG#arg{headers = H2}.
is_auth(_ARG, _Req_dir, _H, [] ) ->
true;
@@ -1453,7 +1472,9 @@ is_auth(ARG, Req_dir,H,[{Auth_dir,
{false, ""};
{appmod, AppMod} ->
{appmod, AppMod};
- true ->
+ {true, User} ->
+ {true, User};
+ true ->
true;
{false, Realm} ->
maybe_auth_log({401, Realm}, ARG),
View
@@ -51,7 +51,7 @@ init([]) ->
{gen_event, start_link,[{local,yaws_event_manager}]},
permanent, 5000, worker, [gen_event]},
- {ok,{{one_for_all,0,300}, [YawsLog, YawsRSS, YawsServ, Sess, YawsEventManager]}}.
+ {ok,{{one_for_all,10,30}, [YawsLog, YawsRSS, YawsServ, Sess, YawsEventManager]}}.
%%----------------------------------------------------------------------
%%----------------------------------------------------------------------

0 comments on commit 5b596d7

Please sign in to comment.