kissbac
/
packages
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

nginx: add support for SPNEGO authentication 

This adds a module suitable for Kerberos SSO, e.g. for integrating
into Active Directory domains.

Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Paul Fertser 9 years ago
parent
7d12c8be58
commit
7eb58cb2bf
2 changed files with 31 additions and 2 deletions
Split View Show Diff Stats
  1. 10
    0
      net/nginx/Config.in
  2. 21
    2
      net/nginx/Makefile

+ 10
- 0
net/nginx/Config.in View File 

@@ -38,6 +38,16 @@ config NGINX_LUA
38 38 
 	help
39 39 
 		Enable support for LUA scripts.
40 40
41 
+config NGINX_SPNEGO
42 
+	bool
43 
+	prompt "Enable SPNEGO module"
44 
+	help
45 
+		Enable support for Kerberos authentication via GSSAPI.
46 
+
47 
+		See https://github.com/stnoonan/spnego-http-auth-nginx-module
48 
+		for specific instructions. Make sure the keytab file is
49 
+		readable by user "nobody".
50 
+
41 51 
 config NGINX_PCRE
42 52 
 	bool
43 53 
 	prompt "Enable PCRE library usage"

+ 21
- 2
net/nginx/Makefile View File 

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
9 9
10 10 
 PKG_NAME:=nginx
11 11 
 PKG_VERSION:=1.4.7
12 
-PKG_RELEASE:=3
12 
+PKG_RELEASE:=4
13 13
14 14 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
15 15 
 PKG_SOURCE_URL:=http://nginx.org/download/
 
@@ -26,6 +26,7 @@ PKG_CONFIG_DEPENDS := \
26 26 
 	CONFIG_NGINX_SSL \
27 27 
 	CONFIG_NGINX_DAV \
28 28 
 	CONFIG_NGINX_LUA \
29 
+	CONFIG_NGINX_SPNEGO \
29 30 
 	CONFIG_NGINX_PCRE \
30 31 
 	CONFIG_NGINX_HTTP_CACHE \
31 32 
 	CONFIG_NGINX_HTTP_CHARSET \
 
@@ -59,7 +60,7 @@ define Package/nginx
59 60 
   SUBMENU:=Web Servers/Proxies
60 61 
   TITLE:=Nginx web server
61 62 
   URL:=http://nginx.org/
62 
-  DEPENDS:=+NGINX_PCRE:libpcre +(NGINX_SSL||NGINX_HTTP_CACHE||NGINX_HTTP_AUTH_BASIC):libopenssl +NGINX_HTTP_GZIP:zlib +libpthread +NGINX_LUA:liblua
63 
+  DEPENDS:=+NGINX_PCRE:libpcre +(NGINX_SSL||NGINX_HTTP_CACHE||NGINX_HTTP_AUTH_BASIC):libopenssl +NGINX_HTTP_GZIP:zlib +libpthread +NGINX_LUA:liblua +NGINX_SPNEGO:krb5-libs
63 64 
   MENU:=1
64 65 
 endef
65 66 
 
@@ -100,6 +101,10 @@ endif
100 101 
 ifeq ($(CONFIG_NGINX_LUA),y)
101 102 
   ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/lua-nginx
102 103 
 endif
104 
+ifeq ($(CONFIG_NGINX_SPNEGO),y)
105 
+  ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/spnego-http-auth-nginx-module
106 
+  TARGET_CFLAGS += -I $(STAGING_DIR)/usr/include/krb5
107 
+endif
103 108 
 ifneq ($(CONFIG_NGINX_HTTP_CACHE),y)
104 109 
   ADDITIONAL_MODULES += --without-http-cache
105 110 
 endif
 
@@ -215,6 +220,7 @@ endef
215 220 
 define Build/Prepare
216 221 
 	$(call Build/Prepare/Default)
217 222 
 	$(if $(CONFIG_NGINX_LUA),$(call Prepare/lua-nginx))
223 
+	$(if $(CONFIG_NGINX_SPNEGO),$(call Prepare/spnego-http-auth-nginx-module))
218 224 
 	$(if $(CONFIG_NGINX_NAXSI),$(call Prepare/nginx-naxsi))
219 225 
 	$(if $(CONFIG_NGINX_SYSLOG),$(call Prepare/nginx-syslog))
220 226 
 	$(if $(CONFIG_NGINX_HTTP_UPSTREAM_CHECK),$(call Prepare/nginx-upstream-check))
 
@@ -327,6 +333,19 @@ define Package/nginx-syslog/install
327 333 
 endef
328 334
329 335
336 
+define Download/spnego-http-auth-nginx-module
337 
+	VERSION:=c85a38c595
338 
+	SUBDIR:=spnego-http-auth-nginx-module
339 
+	FILE:=spnego-http-auth-nginx-module-$(PKG_VERSION)-$$(VERSION).tar.gz
340 
+	URL:=https://github.com/stnoonan/spnego-http-auth-nginx-module
341 
+	PROTO:=git
342 
+endef
343 
+
344 
+define  Prepare/spnego-http-auth-nginx-module
345 
+	$(eval $(call Download,spnego-http-auth-nginx-module))
346 
+	gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
347 
+endef
348 
+
330 349 
 $(eval $(call BuildPackage,nginx))
331 350 
 $(eval $(call BuildPackage,nginx-naxsi))
332 351 
 $(eval $(call BuildPackage,nginx-proxyprotocol))