nginx: add support for SPNEGO authentication

This adds a module suitable for Kerberos SSO, e.g. for integrating
into Active Directory domains.

Signed-off-by: Paul Fertser <fercerpav@gmail.com>

diff --git a/net/nginx/Config.in b/net/nginx/Config.in
index b135e42d4f9b223594d98f3ae7517d951558d1e9..0ad36065f6dc06864b95358da57e79bebb33cdc3 100644 (file)
--- a/net/nginx/Config.in
+++ b/net/nginx/Config.in
@@ -38,6 +38,16 @@ config NGINX_LUA
        help
                Enable support for LUA scripts.
 
+config NGINX_SPNEGO
+       bool
+       prompt "Enable SPNEGO module"
+       help
+               Enable support for Kerberos authentication via GSSAPI.
+
+               See https://github.com/stnoonan/spnego-http-auth-nginx-module
+               for specific instructions. Make sure the keytab file is
+               readable by user "nobody".
+
 config NGINX_PCRE
        bool
        prompt "Enable PCRE library usage"

diff --git a/net/nginx/Makefile b/net/nginx/Makefile
index 667bacb5de38652885e86fb7882bdb574525c386..bea9a5e1affdce94cf5dbea481856f174d62f0ae 100644 (file)
--- a/net/nginx/Makefile
+++ b/net/nginx/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=nginx
 PKG_VERSION:=1.4.7
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://nginx.org/download/
@@ -26,6 +26,7 @@ PKG_CONFIG_DEPENDS := \
        CONFIG_NGINX_SSL \
        CONFIG_NGINX_DAV \
        CONFIG_NGINX_LUA \
+       CONFIG_NGINX_SPNEGO \
        CONFIG_NGINX_PCRE \
        CONFIG_NGINX_HTTP_CACHE \
        CONFIG_NGINX_HTTP_CHARSET \
@@ -59,7 +60,7 @@ define Package/nginx
   SUBMENU:=Web Servers/Proxies
   TITLE:=Nginx web server
   URL:=http://nginx.org/
-  DEPENDS:=+NGINX_PCRE:libpcre +(NGINX_SSL||NGINX_HTTP_CACHE||NGINX_HTTP_AUTH_BASIC):libopenssl +NGINX_HTTP_GZIP:zlib +libpthread +NGINX_LUA:liblua
+  DEPENDS:=+NGINX_PCRE:libpcre +(NGINX_SSL||NGINX_HTTP_CACHE||NGINX_HTTP_AUTH_BASIC):libopenssl +NGINX_HTTP_GZIP:zlib +libpthread +NGINX_LUA:liblua +NGINX_SPNEGO:krb5-libs
   MENU:=1
 endef
 
@@ -100,6 +101,10 @@ endif
 ifeq ($(CONFIG_NGINX_LUA),y)
   ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/lua-nginx
 endif
+ifeq ($(CONFIG_NGINX_SPNEGO),y)
+  ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/spnego-http-auth-nginx-module
+  TARGET_CFLAGS += -I $(STAGING_DIR)/usr/include/krb5
+endif
 ifneq ($(CONFIG_NGINX_HTTP_CACHE),y)
   ADDITIONAL_MODULES += --without-http-cache
 endif
@@ -215,6 +220,7 @@ endef
 define Build/Prepare
        $(call Build/Prepare/Default)
        $(if $(CONFIG_NGINX_LUA),$(call Prepare/lua-nginx))
+       $(if $(CONFIG_NGINX_SPNEGO),$(call Prepare/spnego-http-auth-nginx-module))
        $(if $(CONFIG_NGINX_NAXSI),$(call Prepare/nginx-naxsi))
        $(if $(CONFIG_NGINX_SYSLOG),$(call Prepare/nginx-syslog))
        $(if $(CONFIG_NGINX_HTTP_UPSTREAM_CHECK),$(call Prepare/nginx-upstream-check))
@@ -327,6 +333,19 @@ define Package/nginx-syslog/install
 endef
 
 
+define Download/spnego-http-auth-nginx-module
+       VERSION:=c85a38c595
+       SUBDIR:=spnego-http-auth-nginx-module
+       FILE:=spnego-http-auth-nginx-module-$(PKG_VERSION)-$$(VERSION).tar.gz
+       URL:=https://github.com/stnoonan/spnego-http-auth-nginx-module
+       PROTO:=git
+endef
+
+define  Prepare/spnego-http-auth-nginx-module
+       $(eval $(call Download,spnego-http-auth-nginx-module))
+       gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
+endef
+
 $(eval $(call BuildPackage,nginx))
 $(eval $(call BuildPackage,nginx-naxsi))
 $(eval $(call BuildPackage,nginx-proxyprotocol))