Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
S
sso
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
8
Issues
8
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
Operations
Operations
Incidents
Analytics
Analytics
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
ai
sso
Commits
0124ce80
Commit
0124ce80
authored
Oct 09, 2015
by
ale
Browse files
Options
Browse Files
Download
Plain Diff
rebase on master
parents
a7b05ac6
094f3d4f
Changes
13
Hide whitespace changes
Inline
Side-by-side
Showing
13 changed files
with
122 additions
and
35 deletions
+122
-35
debian/ai-sso-server.init
debian/ai-sso-server.init
+1
-0
debian/ai-sso-server_logging.conf
debian/ai-sso-server_logging.conf
+27
-0
debian/changelog
debian/changelog
+12
-0
debian/rules
debian/rules
+6
-3
src/mod_sso/mod_sso.c
src/mod_sso/mod_sso.c
+19
-16
src/mod_sso/test/Makefile.am
src/mod_sso/test/Makefile.am
+5
-1
src/python/Makefile.am
src/python/Makefile.am
+1
-1
src/sso/ssotool.c
src/sso/ssotool.c
+39
-6
src/sso_server/Makefile.am
src/sso_server/Makefile.am
+3
-1
src/sso_server/sso_server/application.py
src/sso_server/sso_server/application.py
+8
-5
src/sso_server/sso_server/login_service.py
src/sso_server/sso_server/login_service.py
+0
-1
src/sso_server/sso_server/test/main_test.py
src/sso_server/sso_server/test/main_test.py
+1
-0
src/sso_server/sso_server/wsgi.py
src/sso_server/sso_server/wsgi.py
+0
-1
No files found.
debian/ai-sso-server.init
View file @
0124ce80
...
...
@@ -34,6 +34,7 @@ test ${NO_START} -eq 1 && exit 0
.
/lib/lsb/init-functions
GUNICORN_OPTS
=
"
--log-config=/etc/sso/logging.conf
--bind 127.0.0.1:
${
SSO_PORT
}
--worker-class gevent
--daemon --pid
${
PIDFILE
}
...
...
debian/ai-sso-server_logging.conf
0 → 100644
View file @
0124ce80
[
loggers
]
keys
=
root
,
gunicorn
.
error
[
handlers
]
keys
=
syslog
[
formatters
]
keys
=
generic
[
logger_root
]
level
=
INFO
handlers
=
syslog
[
logger_gunicorn
.
error
]
level
=
INFO
handlers
=
syslog
qualname
=
gunicorn
.
error
[
handler_syslog
]
class
=
logging
.
handlers
.
SysLogHandler
formatter
=
generic
args
=(
'/dev/log'
,)
[
formatter_generic
]
format
=
sso_server
[%(
process
)
d
] %(
levelname
)
s
: %(
message
)
s
class
=
logging
.
Formatter
debian/changelog
View file @
0124ce80
ai-sso (2.1.0) unstable; urgency=low
* Reimplemented in C using tweetnacl.
-- Autistici/Inventati <debian@autistici.org> Mon, 07 Sep 2015 21:35:03 +0000
ai-sso (2.0.2) unstable; urgency=medium
* Logging fixes.
-- Autistici/Inventati <debian@autistici.org> Sun, 18 Jan 2015 19:05:08 +0000
ai-sso (2.0.1) unstable; urgency=low
* OTP support.
...
...
debian/rules
View file @
0124ce80
...
...
@@ -58,6 +58,8 @@ install: build
install
-d
$(CURDIR)/debian/ai-sso-server/etc/sso
install
-o
root
-g
root
-m
644
debian/ai-sso-server.config-dist
\
$(CURDIR)/debian/ai-sso-server/etc/sso/config.dist
install
-o
root
-g
root
-m
644
debian/ai-sso-server_logging.conf
\
$(CURDIR)/debian/ai-sso-server/etc/sso/logging.conf
#for v in $(PYVERS); do \
#install -d $(CURDIR)/debian/ai-sso-server/usr/lib/python$$v/site-packages/libsso ; \
...
...
@@ -85,9 +87,9 @@ install: build
# libpam-sso
install
-d
$(CURDIR)/debian/libpam-sso/lib/security
cp
-L
$(CURDIR)/debian/ai-sso/lib/security/pam_sso.so
\
cp
-L
$(CURDIR)/debian/ai-sso/lib/security/pam_sso.so
.0.0.0
\
$(CURDIR)/debian/libpam-sso/lib/security/pam_sso.so
-rm
-fr
$(CURDIR)/debian/
libpam
-sso/lib
-rm
-fr
$(CURDIR)/debian/
ai
-sso/lib
...
...
@@ -107,7 +109,8 @@ binary-arch: build install
# dh_installemacsen
# dh_installpam
# dh_installmime
dh_pysupport
# dh_pysupport
dh_python2
--no-guessing-versions
dh_installinit
# dh_installcron
# dh_installinfo
...
...
src/mod_sso/mod_sso.c
View file @
0124ce80
...
...
@@ -254,25 +254,29 @@ static int is_valid_redir(request_rec *r,
* @return the cookie value, or an empty string if no cookie was found.
*/
static
char
*
get_cookie
(
request_rec
*
r
,
const
char
*
cookie_name
)
{
char
*
cookie_value
=
NULL
,
*
strptr
=
NULL
,
*
token
;
char
*
rv
=
NULL
,
*
cookies
,
*
cookie
,
*
tokenizerCtx
=
NULL
;
int
cookie_name_len
=
strlen
(
cookie_name
);
const
char
*
cookies_c
=
apr_table_get
(
r
->
headers_in
,
"Cookie"
);
if
(
cookies_c
==
NULL
)
{
return
cookie_value
;
}
while
((
token
=
strtok_r
(
apr_pstrdup
(
r
->
pool
,
cookies_c
),
";"
,
&
strptr
))
!=
NULL
)
{
char
*
sep
=
strchr
(
token
,
'='
);
if
(
!
sep
)
{
continue
;
}
*
sep
++
=
'\0'
;
if
(
!
strcmp
(
token
,
cookie_name
))
{
cookie_value
=
sep
;
return
NULL
;
}
// Make a copy of the Cookie header so that we can modify it
// (tokenization is destructive).
cookies
=
apr_pstrdup
(
r
->
pool
,
cookies_c
);
cookie
=
apr_strtok
(
cookies
,
";"
,
&
tokenizerCtx
);
do
{
while
(
cookie
!=
NULL
&&
*
cookie
==
' '
)
cookie
++
;
if
(
strncmp
(
cookie
,
cookie_name
,
cookie_name_len
)
==
0
)
{
cookie
+=
(
cookie_name_len
+
1
);
rv
=
apr_pstrdup
(
r
->
pool
,
cookie
);
break
;
}
}
return
cookie_value
;
cookie
=
apr_strtok
(
NULL
,
";"
,
&
tokenizerCtx
);
}
while
(
cookie
!=
NULL
);
return
rv
;
}
char
*
get_cookie_name
(
request_rec
*
r
)
{
...
...
@@ -769,7 +773,6 @@ static void mod_sso_register_hooks (apr_pool_t *p)
ap_hook_check_user_id
(
mod_sso_check_user_id
,
NULL
,
NULL
,
APR_HOOK_MIDDLE
);
ap_hook_auth_checker
(
mod_sso_auth_checker
,
NULL
,
authzSucc
,
APR_HOOK_MIDDLE
);
#endif
}
/*
...
...
src/mod_sso/test/Makefile.am
View file @
0124ce80
...
...
@@ -13,5 +13,9 @@ LDADD = $(builddir)/../libmod_sso.la $(GTEST_LIBS) $(APR_LIBS) -laprutil-1
sso_utils_unittest_SOURCES
=
sso_utils_unittest.cc
check-local
:
$(PYTHON)
$(srcdir)
/httpd_integration_test.py
env
\
LD_LIBRARY_PATH
=
$(top_builddir)
/src/sso/.libs
\
DYLD_LIBRARY_PATH
=
$(top_builddir)
/src/sso/.libs
\
PYTHONPATH
=
$(top_builddir)
/src/python
\
$(PYTHON)
$(srcdir)
/httpd_integration_test.py
src/python/Makefile.am
View file @
0124ce80
...
...
@@ -21,4 +21,4 @@ clean-local:
$(PYTHON_SETUP_PY)
clean
--all
install-exec-local
:
$(PYTHON_SETUP_PY)
install
--root
=
${DESTDIR}
///
--prefix
=
$(prefix)
$(PYTHON_SETUP_PY)
install
--root
=
${DESTDIR}
///
--prefix
=
$(prefix)
--install-layout
=
deb
src/sso/ssotool.c
View file @
0124ce80
...
...
@@ -99,6 +99,25 @@ void ssotool_sign(const char *secret_key_file,
printf
(
"%s
\n
"
,
out
);
}
void
ssotool_verify
(
const
char
*
public_key_file
,
const
char
*
service
,
const
char
*
domain
,
const
char
*
ticket
)
{
unsigned
char
*
public_key
=
NULL
;
sso_ticket_t
t
=
NULL
;
size_t
sz
;
sz
=
read_from_file
(
public_key_file
,
&
public_key
);
if
(
sz
<
0
)
{
fprintf
(
stderr
,
"Error: could not read public key
\n
"
);
exit
(
2
);
}
CHECK_OK
(
sso_ticket_open
(
&
t
,
ticket
,
public_key
));
CHECK_OK
(
sso_validate
(
t
,
service
,
domain
,
NULL
));
printf
(
"ok
\n
"
);
}
void
show_help
()
{
fprintf
(
stderr
,
"Usage: ssotool {--sign|--gen-keys} [<options>...]
\n
"
...
...
@@ -106,6 +125,7 @@ void show_help() {
" --help show this help message
\n
"
" --gen-keys, -k generate a new public/secret keypair
\n
"
" --sign, -s create and sign a new ticket
\n
"
" --verify, -v verify a ticket
\n
"
"
\n
"
"Options for --gen-keys:
\n
"
"
\n
"
...
...
@@ -135,6 +155,7 @@ void die_and_help(const char *msg) {
int
main
(
int
argc
,
char
**
argv
)
{
int
do_sign
=
0
;
int
do_verify
=
0
;
int
do_gen_keys
=
0
;
const
char
*
public_key_file
=
"public.key"
;
const
char
*
secret_key_file
=
"secret.key"
;
...
...
@@ -147,6 +168,7 @@ int main(int argc, char **argv) {
static
struct
option
long_options
[]
=
{
{
"help"
,
0
,
0
,
'h'
},
{
"sign"
,
0
,
0
,
's'
},
{
"verify"
,
0
,
0
,
'v'
},
{
"gen-keys"
,
0
,
0
,
'k'
},
{
"public-key"
,
1
,
0
,
'P'
},
{
"secret-key"
,
1
,
0
,
'S'
},
...
...
@@ -168,6 +190,9 @@ int main(int argc, char **argv) {
case
's'
:
do_sign
=
1
;
break
;
case
'v'
:
do_verify
=
1
;
break
;
case
'k'
:
do_gen_keys
=
1
;
break
;
...
...
@@ -191,14 +216,22 @@ int main(int argc, char **argv) {
}
}
if
(
!
do_sign
&&
!
do_gen_keys
)
{
die
(
"Specify one of --sign or --gen-keys!"
);
}
if
(
do_sign
&&
do_gen_keys
)
{
die
(
"Can't specify both --sign and --gen-keys!"
);
if
(((
int
)
do_sign
+
(
int
)
do_gen_keys
+
(
int
)
do_verify
)
!=
1
)
{
die
(
"Specify one of --sign, --verify or --gen-keys!"
);
}
if
(
do_sign
)
{
if
(
do_verify
)
{
if
(
!
public_key_file
)
{
die
(
"Specify the location of the public key with --public-key"
);
}
if
(
!
service
||
!
domain
)
{
die
(
"Both --service and --domain must be specified"
);
}
if
(
argc
-
optind
!=
1
)
{
die
(
"One argument is required"
);
}
ssotool_verify
(
public_key_file
,
service
,
domain
,
argv
[
optind
]);
}
else
if
(
do_sign
)
{
if
(
argc
!=
optind
)
{
die
(
"Too many arguments."
);
}
...
...
src/sso_server/Makefile.am
View file @
0124ce80
...
...
@@ -5,6 +5,8 @@ all-local:
check-local
:
env
\
LD_LIBRARY_PATH
=
$(top_builddir)
/src/sso/.libs
\
DYLD_LIBRARY_PATH
=
$(top_builddir)
/src/sso/.libs
\
PYTHONPATH
=
$(top_builddir)
/src/python
\
nosetests
-v
...
...
@@ -12,4 +14,4 @@ clean-local:
$(PYTHON)
setup.py clean
--all
install-exec-local
:
$(PYTHON)
setup.py
install
--root
=
${DESTDIR}
///
--prefix
=
$(prefix)
$(PYTHON)
setup.py
install
--root
=
${DESTDIR}
///
--prefix
=
$(prefix)
--install-layout
=
deb
src/sso_server/sso_server/application.py
View file @
0124ce80
...
...
@@ -9,7 +9,6 @@ from flask import Flask, redirect, request, session, render_template, make_respo
from
sso_server
import
login_service
app
=
Flask
(
'sso_server'
)
log
=
logging
.
getLogger
(
__name__
)
SSO_COOKIE_NAME
=
'_sso_tkt'
...
...
@@ -99,8 +98,9 @@ def login():
# Form submission, validate CSRF, username and password.
csrf_token
=
session
.
pop
(
'_csrf'
,
None
)
if
not
csrf_token
or
csrf_token
!=
request
.
form
.
get
(
'_csrf'
):
log
.
error
(
'CSRF failure, session=%s, form=%s'
,
csrf_token
,
request
.
form
.
get
(
'_csrf'
))
app
.
logger
.
error
(
'CSRF failure, session=%s, form=%s'
,
csrf_token
,
request
.
form
.
get
(
'_csrf'
))
return
show_login_page
(
params
,
'Invalid session'
)
username
=
_tostr
(
request
.
form
.
get
(
'username'
))
password
=
_tostr
(
request
.
form
.
get
(
'password'
))
...
...
@@ -108,6 +108,8 @@ def login():
if
app
.
config
.
get
(
'SSO_ENABLE_OTP'
):
otp
=
_tostr
(
request
.
form
.
get
(
'otp'
))
if
not
app
.
login_service
.
authenticate
(
username
,
password
,
otp
):
app
.
logger
.
error
(
'authentication failure for user %s'
,
username
)
# Authentication failed, show login page again.
return
show_login_page
(
params
,
'Authentication failed'
)
...
...
@@ -122,8 +124,9 @@ def login():
params
.
destination
,
params
.
groups
)
except
login_service
.
Error
,
e
:
log
.
error
(
'unauthorized access: user=%s, service=%s, dest=%s, '
'err=%s'
,
username
,
params
.
service
,
params
.
destination
,
str
(
e
))
app
.
logger
.
error
(
'unauthorized access for user %s: service=%s, dest=%s, '
'err=%s'
,
username
,
params
.
service
,
params
.
destination
,
str
(
e
))
return
show_unauthorized_page
(
e
)
# Keep track of the active services.
...
...
src/sso_server/sso_server/login_service.py
View file @
0124ce80
...
...
@@ -131,7 +131,6 @@ class LoginService(object):
"""
self
.
_validate_service_access
(
service
,
destination
)
groups
=
self
.
_validate_group_access
(
username
,
required_groups
)
print
'authorize:'
,
type
(
username
),
type
(
service
),
type
(
destination
),
groups
,
self
.
service_ticket_ttl
ticket
=
sso
.
Ticket
(
username
,
service
,
self
.
domain
,
groups
,
self
.
service_ticket_ttl
)
return
self
.
signer
.
sign
(
ticket
)
...
...
src/sso_server/sso_server/test/main_test.py
View file @
0124ce80
...
...
@@ -34,6 +34,7 @@ class SSOServerCommandLineTest(mox.MoxTestBase):
old_stderr
,
sys
.
stderr
=
sys
.
stderr
,
out
try
:
try
:
args
.
insert
(
0
,
'--logtostderr'
)
status
=
main
.
main
(
args
)
except
SystemExit
,
e
:
status
=
e
.
code
...
...
src/sso_server/sso_server/wsgi.py
View file @
0124ce80
...
...
@@ -3,6 +3,5 @@
import
os
from
sso_server
import
application
application
.
setup_syslog
()
app
=
application
.
create_app
(
os
.
getenv
(
'APP_CONFIG'
,
'/etc/sso/config'
))
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment