Delphi Apache-Module with SSO - apache

we successfully created an apache module with Embarcadero Delphi (10.3). Next step is the idea to extend this module with SSO-functionality (NTML/Kerberos).
I understand there are several modules for apache to enable the sso-features for php/html-content and directories by extending the httpd.conf-file (or even locations like those the module uses).
But i have no idea how to access the apache-server-variables or the information about the sso-credentials (windows logon-name) from inside my apache-module.
Perhaps someone can give me a hint here.
Possible alternatives:
Recode the negotiate-handshakes (ntml/krb) inside the module (already did this for indy)
Use a little php-script file to access the variables (with
redirect/ajax for example)
Somehow (would not know how) add those information to the request-headers inside apache before going into the module (sounds insecure)
But i would like to use an easier way ;)
Thanks

For the xxm project (which also has an Apache httpd module!) I've implemented NTLM authentication using the AcquireCredentialsHandle and AcceptSecurityContext calls.
It works using the WWW-Authenticate request and response values. First there's NTLM, followed by one or more round-trips with NTLM followed by a space and base64 encoded data you need to pass until you get a SEC_E_OK value back.

Related

Setting up an agent authentification with Pingaccess

I have a CentOS VM with an ready installed Pingaccess Server Testenvironment with access to the Pingaccess Admin UI.
Now I would need to set up an Agent-Authentification on the system but sadly have no experience configuring Pingaccess sofar. I also find it dificult to find documentation to complete my task.
I would appreciate any hints and pointers in right direction or information on how this kind of setup can be configured and what else I might need? Is it even possible to set it up in a local VM?
Here a slightly more detailed description of the scenario:
An application that itself is not able to use a corresponding protocol (Oauth, SAML2, ...) (e.g. a small PHP script or something similar) that cannot do anything other than output a user name that it reads from the HTTP headers.
Set up an Agent that extends the header attributes and e.g. something like Header-UserName. The application can then access the web server variables and use these values without having to worry about how the authentication works. The agent, on the other hand, can do the protocols and handle authentication via the server (here PingAccess).
Thanks a lot in advance.

List of served files in apache

I am doing some reverse engineering on a website.
We are using LAMP stack under CENTOS 5, without any commercial/open source framework (symfony, laravel, etc). Just plain PHP with an in-house framework.
I wonder if there is any way to know which files in the server have been used to produce a request.
For example, let's say I am requesting http://myserver.com/index.php.
Let's assume that 'index.php' calls other PHP scripts (e.g. to connect to the database and retrieve some info), it also includes a couple of other html files, etc
How can I get the list of those accessed files?
I already tried to enable the server-status directive in apache, and although it is working I can't get what I want (I also passed the 'refresh' parameter)
I also used lsof -c httpd, as suggested in other forums, but it is producing a very big output and I can't find what I'm looking for.
I also read the apache logs, but I am only getting the requests that the server handled.
Some other users suggested to add the PHP directives like 'self', but that means I need to know which files I need to modify to include that directive beforehand (which I don't) and which is precisely what I am trying to find out.
Is that actually possible to trace the internal activity of the server and get those file names and locations?
Regards.
Not that I tried this, but it looks like mod_log_config is the answer to my own question

$r Apache request in CGI?

In trying to find a solution for another question (passing variables in cgi) I ran into the concept of apache_notes which then led me to a series of modules on CPAN that use the mysterious $rvariable (both of which I have run into before while looking other stuff up, but did not delve too deeply into). None of the modules really explain where $r comes from, they just all assume you have it readily available. From what I can understand the variable has something to do with mod_perl (which I also know little to nothing about) and/or apache handlers.
So my question is, is there a way to get that $r apache request variable in CGI script calls, without the use of mod_perl or apache handler definitions?
Also, if there is a way to access apache_notes in CGI, I think that would answer the aforementioned question, and an answer there for how to achieve this would be greatly appreciated!)
No. It's the Apache (libapr) request object. If you're not embedded in Apache, there's no Apache request object.
But there's no use for notes in a CGI anyway; there isn't any other piece of code that the script could be sharing information with by hanging it off of the request object, so you can just use a variable instead.

AD/LDAP authentication for FitNesse

We are going to put FitNesse on a server and wants to have a AD/LDAP authentication solution for this.
Does anyone have experience with good and easy to set up solutions for this?
Thanks in advance. Magnus
One straightforward method would be to download the standard edition of the UnboundID LDAP SDK and get a copy of the jsse.jar file and install both jar files in the fitness lib directory. Create a class in the fitness.authentication package that extends the fitness.authentication.Authenticator class and overrides the isAuthenticated() method. Specify the required properties such as hostname, port, simple or SASL bind, whether to use SSL or StartTLS, base object, search scope, and so forth.
The jsse.jar will provide the necessary SSL classes so that SSL and StartTLS can be implemented as required.
see also
LDAP: Programming practices
It is possible, but it would require either finding or creating a plugin to do it.
I found the following, but I have never tried it:
https://github.com/timander/fitnesse-ldap-authenticator.
Also out there, but older is: https://github.com/dleonard0/fitnesse
You can start there, but you might have to get your hands dirty. Unfortunately, I'm just not that familiar with that part of the code.
See here: http://fitnesse.org/FitNesse.UserGuide.AdministeringFitNesse.SecurityDescription.SpnegoAuthentication
I need to give many more characters to make stakeoverflow happy.

How to begin writing an Application Server over Apache?

For my college project, I want to create a simple application server in C that runs over Apache. Like .php, .asp, .jsp, the extension of my files would be .sas.
I have already written a parser which reads the .sas files and generates the output. For example, consider a file index.sas with the below code:
<%
echo "Hello";
%>
Now, if I execute:
sas index.sas
The result would be:
Hello
Now I want to use this program as an
application server over Apache just as
PHP, Tomcat, etc. work over Apache. I
have heard of cgi-bin but I think PHP
uses a different approach. I want to
learn the approach which PHP uses.
Please advice.
Little correction: Apache HTTP Server is not required to be able to run Apache Tomcat as webserver. Apache Tomcat is at its own already a full fledged webserver. Your confusion is probably caused by the Tomcat Connector which could be used to connect Apache HTTP Server and Apache Tomcat together to be able to serve PHP/JSP behind one same HTTP port.
As to your actual question, PHP can be installed as CGI module or ASAPI (Apache Server API) module. If you want to program a CGI module for Apache HTTP Server, then you may find this document useful. If you want to write an ASAPI module, then you may find those documentations useful.
You need to write a module utilizing the Apache API.
Some basic documentation with examples can be found here.
http://www.auburn.edu/docs/apache/mod/mod_example.html
No, no, no!!! Did I say "no" enough? :)
You don't need to create a new module or look at PHP source code. Talking about re-inventing the wheel using a square boulder.
The easiest thing to do is to use mod_cgi. That is, you use CGI to have Apache forward the request to your SAS interpreter.
[Apache 1.3x] - http://httpd.apache.org/docs/1.3/mod/mod_cgi.html
[Apache 2.0x] - http://httpd.apache.org/docs/2.0/mod/mod_cgi.html
[CGI] - http://en.wikipedia.org/wiki/Common_Gateway_Interface
Now, if you do not want to use CGI (don't know why unless it is expressively forbidden by your homework instructions), then yeah, you will have to create a module. For that take a look at this as an starting point (courtesy of google):
http://threebit.net/tutorials/apache2_modules/tut1/tutorial1.html
Good luck with that, though. It could become labor-intensive.
Hope it helps.