Permalink
Browse files

initial commit, please read README!

  • Loading branch information...
mike503 committed Jun 10, 2010
0 parents commit 27ff31a356dad663dcc480f9b088520af9ba165a
Showing with 5,483 additions and 0 deletions.
  1. +155 −0 ChangeLog
  2. +25 −0 LICENSE
  3. +37 −0 Makefile
  4. +78 −0 README
  5. +4 −0 TODO
  6. +4 −0 config
  7. +784 −0 ngx_http_auth_spnego_module.c
  8. +51 −0 spnegohelp/Makefile
  9. +732 −0 spnegohelp/derparse.c
  10. +207 −0 spnegohelp/derparse.h
  11. +806 −0 spnegohelp/spnego.c
  12. +245 −0 spnegohelp/spnego.h
  13. +248 −0 spnegohelp/spnegohelp.c
  14. +58 −0 spnegohelp/spnegohelp.h
  15. +1,880 −0 spnegohelp/spnegoparse.c
  16. +169 −0 spnegohelp/spnegoparse.h
155 ChangeLog
@@ -0,0 +1,155 @@
+commit 432a3e858970da65b8733160845d3ae86e01a90b
+Author: Yoctopetaborg <superflouosATgmailDOTcom>
+Date: Sat Oct 31 05:09:44 2009 +0100
+
+ main and srv config: it can not be that easy
+
+commit a6575bb2c360321426c65aedd58c8a09941d97a4
+Author: Yoctopetaborg <superflouosATgmailDOTcom>
+Date: Wed Sep 16 03:49:57 2009 +0200
+
+ add auth_gss_format_full option flag handling (i.e. FQUN)
+
+commit a1bb7ae1e23216c04bcb6dc037e8d9c2f9832b51
+Author: Yoctopetaborg <superflouosATgmailDOTcom>
+Date: Sat Jun 6 01:41:07 2009 +0200
+
+ ngx_snprintf with %V takes pointer to ngx_str_t, doh
+
+commit a3a7c329fb966d35e9ef86f8d914490c852ef5dc
+Author: Yoctopetaborg <superflouosATgmailDOTcom>
+Date: Sat Jun 6 00:35:03 2009 +0200
+
+ ngx_encode_base64 is void, doh
+
+commit 893937a96ce7074bc8fd4dc10af70801df0cdf43
+Author: Yoctopetaborg <superflouosATgmailDOTcom>
+Date: Sat Jun 6 00:30:26 2009 +0200
+
+ Redundant header manipulation
+
+commit 6ebe58b720f61c9fc67e424e946290c7b9ef0aef
+Author: Yoctopetaborg <superflouosATgmailDOTcom>
+Date: Sun Mar 22 03:56:55 2009 +0100
+
+ version 0.0.3
+
+commit 936722b37c261e69224d3b865e9fd66a81028ea6
+Author: Yoctopetaborg <superflouosATgmailDOTcom>
+Date: Sun Mar 22 03:45:44 2009 +0100
+
+ final touches up
+
+commit 2b817cc4bd9ab246f46270736acb25eb6a05aee6
+Author: Yoctopetaborg <superflouosATgmailDOTcom>
+Date: Sun Mar 22 02:21:46 2009 +0100
+
+ including spnegohelp third party lib source files
+
+commit 03ff04524bc2d5560bd9b169b6bd5d562422c8b0
+Author: Yoctopetaborg <superflouosATgmailDOTcom>
+Date: Sun Mar 22 02:16:44 2009 +0100
+
+ gss_buffer_desc.length contains null
+
+commit 79c33aae1d7d430eeee8b9817be8524c29acadb1
+Author: Yoctopetaborg <superflouosATgmailDOTcom>
+Date: Sat Mar 21 20:24:14 2009 +0100
+
+ perhaps if user set
+
+commit d5c9297a7ce40040810a8a2d93775373be2f2022
+Author: Yoctopetaborg <superflouosATgmailDOTcom>
+Date: Sat Mar 21 20:09:40 2009 +0100
+
+ unbelievable
+
+commit d67fc0fd3c9e6c6363500a31bc9f96e542975a69
+Author: Yoctopetaborg <superflouosATgmailDOTcom>
+Date: Sat Mar 21 19:46:10 2009 +0100
+
+ now it should freaking work
+
+commit 3312ab4ac9ff7664a4a505a4f6d664acee5274eb
+Author: Yoctopetaborg <superflouosATgmailDOTcom>
+Date: Sat Mar 21 04:41:03 2009 +0100
+
+ version 0.0.2
+
+commit 5f3a5d22c9b4e4b6069be9eeddea564efe9e2d47
+Author: Yoctopetaborg <superflouosATgmailDOTcom>
+Date: Sat Mar 21 04:21:55 2009 +0100
+
+ ngx_fubarprintf: jeezus H krist
+
+commit 8b9a26b9c0135aaff3a98730f2b7ec9592d8885c
+Author: Yoctopetaborg <superflouosATgmailDOTcom>
+Date: Sat Mar 21 02:35:01 2009 +0100
+
+ defixes: u_(c)har H'AR H'AR! (matee)
+
+commit 2e1c1e2d4db307015d5afa430d286d2a2bca5454
+Author: Yoctopetaborg <superflouosATgmailDOTcom>
+Date: Fri Mar 20 04:52:16 2009 +0100
+
+ debug: GSSAPI authorizing
+
+commit 6c5dc957c8addcc13781efe6bc21aa2447044772
+Author: Yoctopetaborg <superflouosATgmailDOTcom>
+Date: Fri Mar 20 04:42:46 2009 +0100
+
+ debug: Token decoded
+
+commit 4ef147337cf52d66211d1ea073f8080146844f54
+Author: Yoctopetaborg <superflouosATgmailDOTcom>
+Date: Fri Mar 20 04:11:20 2009 +0100
+
+ compiles, but SIGSEGVs
+
+commit 6ca762d32489399bec1a95f62377d26c75c0588d
+Author: Yoctopetaborg <superflouosATgmailDOTcom>
+Date: Fri Mar 20 00:49:00 2009 +0100
+
+ compile, may be, auth
+
+commit 8da2c1a5538a6f4136f6d498c8ce4a0f8a225e77
+Author: Yoctopetaborg <superflouosATgmailDOTcom>
+Date: Mon Mar 16 02:46:56 2009 +0100
+
+ negotiate, negotiate, negotiate
+
+commit 9c4838f5b15bc2222a0c071761c78324f5852514
+Author: Yoctopetaborg <superflouosATgmailDOTcom>
+Date: Tue Feb 24 01:42:30 2009 +0100
+
+ %X -> %p, wtf
+
+commit 987043b517f664f31b537eb182a74e49c9b8c4e4
+Author: Yoctopetaborg <superflouosATgmailDOTcom>
+Date: Sun Feb 22 23:54:27 2009 +0100
+
+ flag it baby
+
+commit db2ed27c9bd2c3a2e96d825dbc4f104be82a4091
+Author: Yoctopetaborg <superflouosATgmailDOTcom>
+Date: Sun Feb 22 04:05:14 2009 +0100
+
+ OK, perhaps now no err... warnings
+
+commit 4a9d3a012379a787d8b921776757eb9b9832111e
+Author: Yoctopetaborg <superflouosATgmailDOTcom>
+Date: Sat Feb 21 09:25:26 2009 +0100
+
+ not track ChangeLog, sort-of 0.0.0 version
+
+commit f310300f91e34f1d4131d1509b7d686bc300a733
+Author: Yoctopetaborg <superflouosATgmailDOTcom>
+Date: Sat Feb 21 04:56:30 2009 +0100
+
+ To track or not to track ChangeLog, silly archive
+
+commit 8a1c076a05eed0d47a24d9c7a64ce3ff2854fdaf
+Author: Yoctopetaborg <superflouosATgmailDOTcom>
+Date: Sat Feb 21 04:46:59 2009 +0100
+
+ Initial commit
25 LICENSE
@@ -0,0 +1,25 @@
+/*
+ * Copyright (C) 2009 Michal Kowalski <superflouos{at}gmail[dot]com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
@@ -0,0 +1,37 @@
+
+NAME=ngx_http_auth_spnego_module
+VERSION=0.0.4
+
+NPKG=$(NAME)-$(VERSION)
+NHEAD=$(NAME)-HEAD
+NCURRENT=$(NAME)-current
+
+GIT-FILES:=$(shell git ls-files)
+FILES=ChangeLog $(GIT-FILES)
+
+ChangeLog: $(GIT-FILES)
+ git log > "$@"
+
+arch-release:
+ rm -f ../$(NPKG).tar.gz ../$(NPKG).zip
+ scripts/link-files-to .tmp/$(NPKG) $(FILES)
+ git log > .tmp/$(NPKG)/ChangeLog
+ tar cvzf ../$(NPKG).tar.gz -C .tmp $(NPKG)
+ cd .tmp && zip -r ../../$(NPKG).zip $(NPKG)
+ rm -rf .tmp
+
+arch-current:
+ rm -f ../$(NCURRENT).tar.gz ../$(NCURRENT).zip
+ scripts/link-files-to .tmp/$(NCURRENT) $(FILES)
+ git log > .tmp/$(NCURRENT)/ChangeLog
+ tar cvzf ../$(NCURRENT).tar.gz -C .tmp $(NCURRENT)
+ cd .tmp && zip -r ../../$(NCURRENT).zip $(NCURRENT)
+ rm -rf .tmp
+
+arch-head:
+ rm -f ../$(NNHEAD).tar.gz ../$(NHEAD).zip
+ git archive --format=zip --prefix=$(NHEAD)/ HEAD > ../$(NHEAD).zip
+ git archive --format=tar --prefix=$(NHEAD)/ HEAD | gzip > ../$(NHEAD).tar.gz
+
+clean:
+ rm -f *~
78 README
@@ -0,0 +1,78 @@
+Nginx module to use SPNEGO+GSSAPI+Kerberos for HTTP authentication
+==================================================================
+
+Foreword
+--------
+Michael Shadle paid YoctoPectaBorg from RentACoder to develop this extension.
+
+YPB's notes are what make up the rest of this document.
+
+I (Michael Shadle) have tried to string replace and rename this to be called
+"ngx_http_auth_spnego_module" instead of the previous "ngx_http_auth_sso_module" name.
+
+There may be some oddities due to this. Hopefully not.
+
+mike503@gmail.com
+
+EOM
+
+
+Whatsizit
+---------
+
+Code 97% stolen from mod_auth_gss_krb5 (http://modgssapache.sf.net);
+version 0.0.5.
+
+Compilation
+-----------
+
+First you need to compile the spnegohelp dynamic library. 'make' in that
+subdirectory should do it, then place it by hand somewhere where linker
+and loader can find it by default (probably /usr/lib or perhaps even
+/usr/local/lib depending on your setup).
+
+When compiling from source build as usual adding the --add-module option:
+
+ ./configure --add-module=$PATH_TO_MODULE
+
+inside top Nginx source directory.
+
+Configuration
+-------------
+
+The module has following directives:
+
+- auth_gss: "on"/"off", for ease of unsecuring while leaving other
+ options in the config file,
+
+- auth_gss_realm: what Kerberos realm name to use, for now only used to
+ remove it from full user@realm.name,
+
+- auth_gss_keytab: absolute path-name to keytab file containing service
+ credentials,
+
+- auth_gss_service_name: what service name to use when acquiring
+ credentials. (TOFIX: HTTP but should be a list in case of some other
+ browsers wanting perhaps khttp or http)
+
+TOFIX: for now they are all merely location specific. i.e. no way to
+specify main or per server defaults, except for ...
+
+Examples
+--------
+
+... current "hardcodeds" ;-}
+
+location /topsecret {
+ auth_gss on;
+ auth_gss_realm LOCALDOMAIN;
+ auth_gss_keytab /etc/krb5.keytab;
+ auth_gss_service_name HTTP;
+}
+
+Additional steps...
+-------------------
+
+pray for no segfaults...
+
+TOFIX: perhaps add instructions on how to create the service keytab...
4 TODO
@@ -0,0 +1,4 @@
+TODO
+----
+Change "auth_gss" to "auth_spnego" - this is probably more appropriate - mike503
+Test in various setups (currently cannot confirm this even works for me) - mike503
4 config
@@ -0,0 +1,4 @@
+ngx_addon_name=ngx_http_auth_spnego_module
+HTTP_MODULES="$HTTP_MODULES ngx_http_auth_spnego_module"
+NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_auth_spnego_module.c"
+CORE_LIBS="$CORE_LIBS -lspnegohelp -lgssapi_krb5"
Oops, something went wrong.

0 comments on commit 27ff31a

Please sign in to comment.