mod_auth_gssapi.git/src, branch name_attrs A GSSAPI based replacement for the aging mod_auth_kerb. Add code to set attribute names in the environment 2015-12-03T18:30:09+00:00 Simo Sorce simo@redhat.com 2015-11-30T22:53:42+00:00 7f11db955b8440668fc806b4203f584bb44f58c1 This code allows to specify which attributes in a name are interesting to the application and set them as named environemnt variables. Optionally the whole set of attributes can be exported in a json formatted structure. Signed-off-by: Simo Sorce <simo@redhat.com> Close #62 Close #63 
This code allows to specify which attributes in a name are interesting
to the application and set them as named environemnt variables.
Optionally the whole set of attributes can be exported in a json
formatted structure.

Signed-off-by: Simo Sorce <simo@redhat.com>

Close #62
Close #63
Move setting request data to a separate file 2015-12-02T23:34:39+00:00 Simo Sorce simo@redhat.com 2015-11-27T22:28:23+00:00 472d605d916f7ad63cd8bbffa100997eca700da4 In preparation for the next commit. Signed-off-by: Simo Sorce <simo@redhat.com> 
In preparation for the next commit.

Signed-off-by: Simo Sorce <simo@redhat.com>
Negate established flag if session is expired. 2015-10-05T14:23:27+00:00 davisd123 davisd123@users.noreply.github.com 2015-10-01T04:50:06+00:00 855341bf3b39fe5e5b9abf299563e0d09c4861a3 If the session is expired, then set established to false to force re-authentication. Reviewed-by: Simo Sorce <simo@redhat.com> Close #57 
If the session is expired, then set established to false to
force re-authentication.

Reviewed-by: Simo Sorce <simo@redhat.com>
Close #57
Fix include path to asn1c for out-of-source builds 2015-09-03T17:02:20+00:00 Dennis Schridde dennis.schridde@uni-heidelberg.de 2015-09-03T15:38:24+00:00 17ffe54d5d75270c7447867d0efcd32633d173f4 Reviewed-by: Simo Sorce <simo@redhat.com> Closes #55 
Reviewed-by: Simo Sorce <simo@redhat.com>
Closes #55
Fix bug in handling Session Keys 2015-09-03T16:59:46+00:00 Simo Sorce simo@redhat.com 2015-09-03T16:58:51+00:00 93fe956a5e4e2899242d18183b3e2035c46ca3b9 A check inversion in 86661d07812b010b8cf664c2dab596be15ff1e31 caused the specified session key to be ignored and a crash when none was specified. Signed-off-by: Simo Sorce <simo@redhat.com> 
A check inversion in 86661d07812b010b8cf664c2dab596be15ff1e31 caused
the specified session key to be ignored and a crash when none was
specified.

Signed-off-by: Simo Sorce <simo@redhat.com>
Allow building without NTLMSSP support 2015-09-03T14:34:56+00:00 Simo Sorce simo@redhat.com 2015-09-03T14:19:07+00:00 4d75af14e3f703ec0cfeeb4ffb998619449c859a If gssapi/gssapi_ntlmssp.h is not available simply disable NTLMSSP. Coauthored Signed-off-by: Dennis Schridde <dennis.schridde@uni-heidelberg.de> Signed-off-by: Simo Sorce <simo@redhat.com> Closes #52 Closes #53 Closes #54 
If gssapi/gssapi_ntlmssp.h is not available simply disable NTLMSSP.

Coauthored

Signed-off-by: Dennis Schridde <dennis.schridde@uni-heidelberg.de>
Signed-off-by: Simo Sorce <simo@redhat.com>

Closes #52
Closes #53
Closes #54
Do not use /tmp as default for s4u2proxy 2015-08-31T12:44:40+00:00 Simo Sorce simo@redhat.com 2015-08-31T12:41:24+00:00 7aed3f2080561c603bc2dc6e44dcce3f6f09a09e The /tmp directory can lead to bugs and DoS of the apache process because any user on the system can block the creation of predictable file names. Simply error out if GssapiDelegCcacheDir is not explicitly set. Signed-off-by: Simo Sorce <simo@redhat.com> 
The /tmp directory can lead to bugs and DoS of the apache process
because any user on the system can block the creation of predictable
file names.

Simply error out if GssapiDelegCcacheDir is not explicitly set.

Signed-off-by: Simo Sorce <simo@redhat.com>
Allocate new keys at server startup. 2015-08-30T18:31:44+00:00 Simo Sorce simo@redhat.com 2015-08-30T18:31:44+00:00 86661d07812b010b8cf664c2dab596be15ff1e31 This avoids a potential race condition if the first 2 request come in at the same time. It also avoids issues with forked apapche processes which may end up with different keys per fork. Signed-off-by: Simo Sorce <simo@redhat.com> 
This avoids a potential race condition if the first 2 request come in at the
same time. It also avoids issues with forked apapche processes which may end
up with different keys per fork.

Signed-off-by: Simo Sorce <simo@redhat.com>
Fix incorrect free() usage 2015-08-30T18:28:32+00:00 Simo Sorce simo@redhat.com 2015-08-30T18:28:32+00:00 3e4f466d5224af50c6789894cca459aa4504ef47 This code has been changed to use apr pools for memory allocation, so the error path is wrong as free() is not called on malloc()ed memory anymore. Remove the calls to free(), the mempool is clean up by callers. Signed-off-by: Simo Sorce <simo@redhat.com> 
This code has been changed to use apr pools for memory allocation, so the
error path is wrong as free() is not called on malloc()ed memory anymore.
Remove the calls to free(), the mempool is clean up by callers.

Signed-off-by: Simo Sorce <simo@redhat.com>
Support forward proxy authentication 2015-08-06T23:06:54+00:00 Isaac Boukris iboukris@gmail.com 2015-07-27T01:32:49+00:00 f476cb32f8103bdf1435d33ea6e81cba9805f576 Proxy auth headers are a little different. Sessions cannot be used as we cannot set a cookie. Reviewed-by: Simo Sorce <simo@redhat.com> 
Proxy auth headers are a little different.

Sessions cannot be used as we cannot set a cookie.

Reviewed-by: Simo Sorce <simo@redhat.com>