mod_auth_gssapi.git/src, branch master A GSSAPI based replacement for the aging mod_auth_kerb. Add cleanup function for mag_conn->name_attributes 2017-02-13T10:38:23+00:00 Alejandro Perez alex@um.es 2017-02-11T11:44:39+00:00 cfb4b771af19d46d89b2a0104c70ad29e9e38c8c Reviewed-by: Simo Sorce <simo@redhat.com> Closes #127 
Reviewed-by: Simo Sorce <simo@redhat.com>
Closes #127
JSON strings need to be escaped (i.e. replace " with \") 2017-02-09T09:38:44+00:00 Alejandro Perez alex@um.es 2017-02-06T15:31:22+00:00 9bd84625838b82a789fc291d85460ab2878093d6 Reviewed-by: Simo Sorce <simo@redhat.com> Closes #125 
Reviewed-by: Simo Sorce <simo@redhat.com>
Closes #125
Add option to set alternative ccname env var 2017-02-08T12:39:47+00:00 Fraser Tweedale ftweedal@redhat.com 2017-02-04T06:33:18+00:00 eb8ed98b9ba758a0c8db67151c18d1dd943e4289 In some cases (e.g. if you want to convey the ccname over AJP) the request environment variable name "KRB5CCNAME" is not appropriate. Add the GssapiDelegCcacheEnvVar option that allows the env var name to be changed. Fixes: https://github.com/modauthgssapi/mod_auth_gssapi/issues/123 Reviewed-by: Simo Sorce <simo@redhat.com> Closes #124 Closes #123 
In some cases (e.g. if you want to convey the ccname over AJP) the
request environment variable name "KRB5CCNAME" is not appropriate.
Add the GssapiDelegCcacheEnvVar option that allows the env var name
to be changed.

Fixes: https://github.com/modauthgssapi/mod_auth_gssapi/issues/123

Reviewed-by: Simo Sorce <simo@redhat.com>
Closes #124
Closes #123
rewrite: implicitly handle internal redirects 2017-01-11T19:43:08+00:00 Isaac Boukris iboukris@gmail.com 2016-12-17T21:17:00+00:00 a64a32f520884039be0a2240bfa2b5f4040c9c99 Internal redirects are a special case of subrequest - they have no req->main but req->prev instead, so we should check for that too in case the request is not initial. Also, make sure to export MAG environment variables to subrequests and internal redirects. Signed-off-by: Isaac Boukris <iboukris@gmail.com> Reviewed-by: Simo Sorce <simo@redhat.com> Reported-by: scopev24 Closes #119 
Internal redirects are a special case of subrequest - they
have no req->main but req->prev instead, so we should check
for that too in case the request is not initial.

Also, make sure to export MAG environment variables to
subrequests and internal redirects.

Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Reported-by: scopev24
Closes #119
Add option to store the session encryption key. 2017-01-03T16:42:52+00:00 Simo Sorce simo@redhat.com 2016-12-16T14:43:25+00:00 e2a50ad80f55bf2a933ef177914caa5c7ac6f4a9 With the new 'file:' sytnax a session key can be automatically generated the first time mod_auth_gssapi runs and stored on the filesystem. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com> Closes #117 
With the new 'file:' sytnax a session key can be automatically generated
the first time mod_auth_gssapi runs and stored on the filesystem.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>

Closes #117
Fix memory pool used to hold ccache name 2016-12-19T18:56:35+00:00 Marcel Ritter Marcel.Ritter@fau.de 2016-12-17T06:54:05+00:00 4e80ca609d9978dfc2589b6eced209e3f38187cf broken ccache name when "GssapiDelegCcacheUnique Off" (default) Signed-off-by: Marcel Ritter <ritter.marcel@googlemail.com> Reviewed-by: Simo Sorce <simo@redhat.com> Closes #116 Fixes #115 
broken ccache name when "GssapiDelegCcacheUnique Off" (default)

Signed-off-by: Marcel Ritter <ritter.marcel@googlemail.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Closes #116
Fixes #115
Add option to set custom permissions on ccache 2016-11-30T10:39:33+00:00 Simo Sorce simo@redhat.com 2016-11-02T10:34:11+00:00 f8f308f00b7f2695ae811d64038febc59dc688d5 This allows apache to set permission so that another user in the default group can access the ccache. Useful when apache passes the request to a process running under a different user or group id number. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com> 
This allows apache to set permission so that another user in the default
group can access the ccache. Useful when apache passes the request to a
process running under a different user or group id number.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Write 'Persistent-Auth' header to err_headers_out 2016-10-11T13:01:23+00:00 Michael Osipov 1983-01-06@gmx.net 2016-10-11T11:53:14+00:00 912738edbf248c9d9c2960cd4ff1daaa855e6c7e In some cases, like internal redirects, authentication is completed but our 'Persistent-Auth' header is dropped by the server because headers_out is ignored with errors (4xx, 5xx) and internal redirects. See: https://ci.apache.org/projects/httpd/trunk/doxygen/structrequest__rec.html#a9f49c2d5680987c0c28466ea37d41a62 This fixes #110 Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Isaac Boukris <iboukris@gmail.com> Closes #111 
In some cases, like internal redirects, authentication is completed but our
'Persistent-Auth' header is dropped by the server because headers_out is ignored
with errors (4xx, 5xx) and internal redirects.

See: https://ci.apache.org/projects/httpd/trunk/doxygen/structrequest__rec.html#a9f49c2d5680987c0c28466ea37d41a62

This fixes #110

Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Isaac Boukris <iboukris@gmail.com>
Closes #111
Declare mag_complete outside the ifdef block 2016-10-11T12:59:32+00:00 Simo Sorce simo@redhat.com 2016-10-07T14:01:26+00:00 1e3ebb21677943d7e79f77d31d21cfcdf51314f0 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Isaac Boukris <iboukris@gmail.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com> Fixes #106 Closes #107 
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Fixes #106
Closes #107
Fix behavior of NULL ccname for cookie creation 2016-08-15T18:32:45+00:00 Robbie Harwood rharwood@redhat.com 2016-07-22T18:23:31+00:00 3ef79e28b4996750a07874f80282acc0351ef675 This resolves an issue where the session cookie would not be populated when sesions were used but unique ccaches were not. Based on a report from Bhagavan Das. Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> Closes #98 
This resolves an issue where the session cookie would not be populated
when sesions were used but unique ccaches were not.

Based on a report from Bhagavan Das.

Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Closes #98