rack-ntlm 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +19 -0
- data/README.rdoc +67 -0
- data/Rakefile +49 -0
- data/VERSION +1 -0
- data/lib/rack-ntlm.rb +1 -0
- data/lib/rack/ntlm.rb +57 -0
- data/rack-ntlm.gemspec +57 -0
- data/test/rack_ntlm_test.rb +8 -0
- data/test/test_helper.rb +3 -0
- metadata +88 -0
data/.gitignore
ADDED
data/README.rdoc
ADDED
@@ -0,0 +1,67 @@
|
|
1
|
+
= Rack-ntlm
|
2
|
+
|
3
|
+
== Description
|
4
|
+
|
5
|
+
Rack middleware for transparent authentication with NTLM.
|
6
|
+
|
7
|
+
This is a fork from lukefx/rack-ntlm on Github. This makes the Rack middleware a gem and uses net/ldap to search the user against an ActiveDirectory server.
|
8
|
+
|
9
|
+
This is work in progress, so contributions are welcome.
|
10
|
+
|
11
|
+
== Known Limitations (TO-DOs):
|
12
|
+
|
13
|
+
* Due to the user-provided password not being available on the NTLM Type3 message, this middleware is only verifying the existence of the user on AD, and not binding as that user (which would require password)
|
14
|
+
* Failure on the NTLM authentication or LDAP search will simply return 401 with a response body saying "You are not authorized to see this page"
|
15
|
+
|
16
|
+
== Dependencies
|
17
|
+
|
18
|
+
* rubyntlm (gem install rubyntlm)
|
19
|
+
* net/ldap (gem install net-ldap)
|
20
|
+
== Usage (with Rails):
|
21
|
+
|
22
|
+
On your config/environment.rb:
|
23
|
+
|
24
|
+
config.gem 'rubyntlm', :lib => 'net/ntlm'
|
25
|
+
config.gem 'net-ldap', :lib => 'net/ldap'
|
26
|
+
config.gem 'rack-ntlm'
|
27
|
+
|
28
|
+
config.middleware.use "Rack::Ntlm", {
|
29
|
+
:uri_pattern => /\/login/ # (default = /\//) (any URL)
|
30
|
+
:host => '<Active Directory hostname>',
|
31
|
+
:port => 389, # default = 389
|
32
|
+
:base => 'Base namespace for LDAP search',
|
33
|
+
:search_filter => '(dn=%1)' # default = (sAMAccountName=%1)
|
34
|
+
:auth => {
|
35
|
+
:username => '<username to bind to LDAP>',
|
36
|
+
:password => '<password to bind to LDAP>'
|
37
|
+
}
|
38
|
+
}
|
39
|
+
|
40
|
+
Then run:
|
41
|
+
|
42
|
+
rake gems:install
|
43
|
+
rake gems:unpack (optional, if you want to vendor the gem)
|
44
|
+
|
45
|
+
== Example
|
46
|
+
|
47
|
+
When a client needs to authenticate itself to a proxy or server using the NTLM scheme then the following 4-way handshake takes place (only parts of the request and status line and the relevant headers are shown here; "C" is the client, "S" the server):
|
48
|
+
|
49
|
+
1: C --> S GET ...
|
50
|
+
|
51
|
+
2: C <-- S 401 Unauthorized
|
52
|
+
WWW-Authenticate: NTLM
|
53
|
+
|
54
|
+
3: C --> S GET ...
|
55
|
+
Authorization: NTLM <base64-encoded type-1-message>
|
56
|
+
|
57
|
+
4: C <-- S 401 Unauthorized
|
58
|
+
WWW-Authenticate: NTLM <base64-encoded type-2-message>
|
59
|
+
|
60
|
+
5: C --> S GET ...
|
61
|
+
Authorization: NTLM <base64-encoded type-3-message>
|
62
|
+
|
63
|
+
6: C <-- S 200 Ok
|
64
|
+
|
65
|
+
== Copyright
|
66
|
+
|
67
|
+
Copyright (c) 2009-2010 [Rack-Ntlm], released under the MIT license
|
data/Rakefile
ADDED
@@ -0,0 +1,49 @@
|
|
1
|
+
require 'rake'
|
2
|
+
require 'rake/testtask'
|
3
|
+
require 'rake/rdoctask'
|
4
|
+
|
5
|
+
begin
|
6
|
+
require 'jeweler'
|
7
|
+
Jeweler::Tasks.new do |gem|
|
8
|
+
gem.name = "rack-ntlm"
|
9
|
+
gem.summary = %Q{Rack middleware for transparent authentication with NTLM}
|
10
|
+
gem.description = %Q{Rack middleware for transparent authentication with NTLM. This is a fork from lukefx/rack-ntlm on Github. This makes the Rack middleware a gem and uses net/ldap to search the user against an ActiveDirectory server. This is work in progress, so contributions are welcome.}
|
11
|
+
gem.email = "dtsato@gmail.com"
|
12
|
+
gem.homepage = "http://github.com/dtsato/rack-ntlm"
|
13
|
+
gem.authors = ["Danilo Sato"]
|
14
|
+
|
15
|
+
gem.has_rdoc = true
|
16
|
+
gem.rdoc_options = ["--main", "README.rdoc", "--inline-source", "--line-numbers"]
|
17
|
+
gem.extra_rdoc_files = ["README.rdoc"]
|
18
|
+
|
19
|
+
gem.test_files = Dir['test/**/*'] + Dir['test/*']
|
20
|
+
|
21
|
+
gem.add_dependency('rubyntlm', '>= 0.1.1')
|
22
|
+
gem.add_dependency('net-ldap', '>= 0.0.5')
|
23
|
+
end
|
24
|
+
|
25
|
+
Jeweler::GemcutterTasks.new
|
26
|
+
|
27
|
+
rescue LoadError
|
28
|
+
puts "Jeweler (or a dependency) not available. Install it with: sudo gem install jeweler"
|
29
|
+
end
|
30
|
+
|
31
|
+
desc 'Default: run unit tests.'
|
32
|
+
task :default => :test
|
33
|
+
|
34
|
+
desc 'Test the rack_ntlm plugin.'
|
35
|
+
Rake::TestTask.new(:test) do |t|
|
36
|
+
t.libs << 'lib'
|
37
|
+
t.libs << 'test'
|
38
|
+
t.pattern = 'test/**/*_test.rb'
|
39
|
+
t.verbose = true
|
40
|
+
end
|
41
|
+
|
42
|
+
desc 'Generate documentation for the rack_ntlm plugin.'
|
43
|
+
Rake::RDocTask.new(:rdoc) do |rdoc|
|
44
|
+
rdoc.rdoc_dir = 'rdoc'
|
45
|
+
rdoc.title = 'Rack-ntlm'
|
46
|
+
rdoc.options << '--line-numbers' << '--inline-source'
|
47
|
+
rdoc.rdoc_files.include('README.rdoc')
|
48
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
49
|
+
end
|
data/VERSION
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
0.0.1
|
data/lib/rack-ntlm.rb
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
require 'rack/ntlm'
|
data/lib/rack/ntlm.rb
ADDED
@@ -0,0 +1,57 @@
|
|
1
|
+
require 'net/ntlm'
|
2
|
+
require 'net/ldap'
|
3
|
+
|
4
|
+
module Rack
|
5
|
+
|
6
|
+
class Ntlm
|
7
|
+
|
8
|
+
def initialize(app, config = {})
|
9
|
+
@app = app
|
10
|
+
@config = {
|
11
|
+
:uri_pattern => /\//,
|
12
|
+
:port => 389,
|
13
|
+
:search_filter => "(sAMAccountName=%1)"
|
14
|
+
}.merge(config)
|
15
|
+
end
|
16
|
+
|
17
|
+
def auth(user)
|
18
|
+
ldap = Net::LDAP.new
|
19
|
+
ldap.host = @config[:host]
|
20
|
+
ldap.port = @config[:port]
|
21
|
+
ldap.base = @config[:base]
|
22
|
+
ldap.auth @config[:auth][:username], @config[:auth][:password] if @config[:auth]
|
23
|
+
!ldap.search(:filter => @config[:search_filter].gsub("%1", user)).empty?
|
24
|
+
rescue => e
|
25
|
+
false
|
26
|
+
end
|
27
|
+
|
28
|
+
def call(env)
|
29
|
+
if env['PATH_INFO'] =~ @config[:uri_pattern] && env['HTTP_AUTHORIZATION'].blank?
|
30
|
+
return [401, {'WWW-Authenticate' => "NTLM"}, []]
|
31
|
+
end
|
32
|
+
|
33
|
+
if /^(NTLM|Negotiate) (.+)/ =~ env["HTTP_AUTHORIZATION"]
|
34
|
+
|
35
|
+
message = Net::NTLM::Message.decode64($2)
|
36
|
+
|
37
|
+
if message.type == 1
|
38
|
+
type2 = Net::NTLM::Message::Type2.new
|
39
|
+
return [401, {"WWW-Authenticate" => "NTLM " + type2.encode64}, []]
|
40
|
+
end
|
41
|
+
|
42
|
+
if message.type == 3 && env['PATH_INFO'] =~ @config[:uri_pattern]
|
43
|
+
user = Net::NTLM::decode_utf16le(message.user)
|
44
|
+
if auth(user)
|
45
|
+
env['REMOTE_USER'] = user
|
46
|
+
else
|
47
|
+
return [401, {}, ["You are not authorized to see this page"]]
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
@app.call(env)
|
53
|
+
end
|
54
|
+
|
55
|
+
end
|
56
|
+
|
57
|
+
end
|
data/rack-ntlm.gemspec
ADDED
@@ -0,0 +1,57 @@
|
|
1
|
+
# Generated by jeweler
|
2
|
+
# DO NOT EDIT THIS FILE DIRECTLY
|
3
|
+
# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
|
4
|
+
# -*- encoding: utf-8 -*-
|
5
|
+
|
6
|
+
Gem::Specification.new do |s|
|
7
|
+
s.name = %q{rack-ntlm}
|
8
|
+
s.version = "0.0.1"
|
9
|
+
|
10
|
+
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
|
+
s.authors = ["Danilo Sato"]
|
12
|
+
s.date = %q{2010-03-02}
|
13
|
+
s.description = %q{Rack middleware for transparent authentication with NTLM. This is a fork from lukefx/rack-ntlm on Github. This makes the Rack middleware a gem and uses net/ldap to search the user against an ActiveDirectory server. This is work in progress, so contributions are welcome.}
|
14
|
+
s.email = %q{dtsato@gmail.com}
|
15
|
+
s.extra_rdoc_files = [
|
16
|
+
"README.rdoc"
|
17
|
+
]
|
18
|
+
s.files = [
|
19
|
+
".gitignore",
|
20
|
+
"README.rdoc",
|
21
|
+
"Rakefile",
|
22
|
+
"VERSION",
|
23
|
+
"lib/rack-ntlm.rb",
|
24
|
+
"lib/rack/ntlm.rb",
|
25
|
+
"rack-ntlm.gemspec",
|
26
|
+
"test/rack_ntlm_test.rb",
|
27
|
+
"test/test_helper.rb"
|
28
|
+
]
|
29
|
+
s.homepage = %q{http://github.com/dtsato/rack-ntlm}
|
30
|
+
s.rdoc_options = ["--main", "README.rdoc", "--inline-source", "--line-numbers"]
|
31
|
+
s.require_paths = ["lib"]
|
32
|
+
s.rubygems_version = %q{1.3.5}
|
33
|
+
s.summary = %q{Rack middleware for transparent authentication with NTLM}
|
34
|
+
s.test_files = [
|
35
|
+
"test/rack_ntlm_test.rb",
|
36
|
+
"test/test_helper.rb",
|
37
|
+
"test/rack_ntlm_test.rb",
|
38
|
+
"test/test_helper.rb"
|
39
|
+
]
|
40
|
+
|
41
|
+
if s.respond_to? :specification_version then
|
42
|
+
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
43
|
+
s.specification_version = 3
|
44
|
+
|
45
|
+
if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
|
46
|
+
s.add_runtime_dependency(%q<rubyntlm>, [">= 0.1.1"])
|
47
|
+
s.add_runtime_dependency(%q<net-ldap>, [">= 0.0.5"])
|
48
|
+
else
|
49
|
+
s.add_dependency(%q<rubyntlm>, [">= 0.1.1"])
|
50
|
+
s.add_dependency(%q<net-ldap>, [">= 0.0.5"])
|
51
|
+
end
|
52
|
+
else
|
53
|
+
s.add_dependency(%q<rubyntlm>, [">= 0.1.1"])
|
54
|
+
s.add_dependency(%q<net-ldap>, [">= 0.0.5"])
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
data/test/test_helper.rb
ADDED
metadata
ADDED
@@ -0,0 +1,88 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: rack-ntlm
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Danilo Sato
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
|
12
|
+
date: 2010-03-02 00:00:00 +00:00
|
13
|
+
default_executable:
|
14
|
+
dependencies:
|
15
|
+
- !ruby/object:Gem::Dependency
|
16
|
+
name: rubyntlm
|
17
|
+
type: :runtime
|
18
|
+
version_requirement:
|
19
|
+
version_requirements: !ruby/object:Gem::Requirement
|
20
|
+
requirements:
|
21
|
+
- - ">="
|
22
|
+
- !ruby/object:Gem::Version
|
23
|
+
version: 0.1.1
|
24
|
+
version:
|
25
|
+
- !ruby/object:Gem::Dependency
|
26
|
+
name: net-ldap
|
27
|
+
type: :runtime
|
28
|
+
version_requirement:
|
29
|
+
version_requirements: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - ">="
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: 0.0.5
|
34
|
+
version:
|
35
|
+
description: Rack middleware for transparent authentication with NTLM. This is a fork from lukefx/rack-ntlm on Github. This makes the Rack middleware a gem and uses net/ldap to search the user against an ActiveDirectory server. This is work in progress, so contributions are welcome.
|
36
|
+
email: dtsato@gmail.com
|
37
|
+
executables: []
|
38
|
+
|
39
|
+
extensions: []
|
40
|
+
|
41
|
+
extra_rdoc_files:
|
42
|
+
- README.rdoc
|
43
|
+
files:
|
44
|
+
- .gitignore
|
45
|
+
- README.rdoc
|
46
|
+
- Rakefile
|
47
|
+
- VERSION
|
48
|
+
- lib/rack-ntlm.rb
|
49
|
+
- lib/rack/ntlm.rb
|
50
|
+
- rack-ntlm.gemspec
|
51
|
+
- test/rack_ntlm_test.rb
|
52
|
+
- test/test_helper.rb
|
53
|
+
has_rdoc: true
|
54
|
+
homepage: http://github.com/dtsato/rack-ntlm
|
55
|
+
licenses: []
|
56
|
+
|
57
|
+
post_install_message:
|
58
|
+
rdoc_options:
|
59
|
+
- --main
|
60
|
+
- README.rdoc
|
61
|
+
- --inline-source
|
62
|
+
- --line-numbers
|
63
|
+
require_paths:
|
64
|
+
- lib
|
65
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
66
|
+
requirements:
|
67
|
+
- - ">="
|
68
|
+
- !ruby/object:Gem::Version
|
69
|
+
version: "0"
|
70
|
+
version:
|
71
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - ">="
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: "0"
|
76
|
+
version:
|
77
|
+
requirements: []
|
78
|
+
|
79
|
+
rubyforge_project:
|
80
|
+
rubygems_version: 1.3.5
|
81
|
+
signing_key:
|
82
|
+
specification_version: 3
|
83
|
+
summary: Rack middleware for transparent authentication with NTLM
|
84
|
+
test_files:
|
85
|
+
- test/rack_ntlm_test.rb
|
86
|
+
- test/test_helper.rb
|
87
|
+
- test/rack_ntlm_test.rb
|
88
|
+
- test/test_helper.rb
|