Do not use /tmp as default for s4u2proxy

The /tmp directory can lead to bugs and DoS of the apache process
because any user on the system can block the creation of predictable
file names.

Simply error out if GssapiDelegCcacheDir is not explicitly set.

Signed-off-by: Simo Sorce <simo@redhat.com>

1 files changed, 14 insertions, 4 deletions

diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c
index 6f185f9..b1b16e5 100644
--- a/src/mod_auth_gssapi.c
+++ b/src/mod_auth_gssapi.c
@@ -658,6 +658,19 @@ struct mag_req_cfg *mag_init_cfg(request_rec *req)
     return req_cfg;
 }
 
+static bool use_s4u2proxy(struct mag_req_cfg *req_cfg) {
+    if (req_cfg->cfg->use_s4u2proxy) {
+        if (req_cfg->cfg->deleg_ccache_dir != NULL) {
+            return true;
+        } else {
+            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, req_cfg->req,
+                          "S4U2 Proxy requested but GssapiDelegCcacheDir "
+                          "is not set. Constrained delegation disabled!");
+        }
+    }
+    return false;
+}
+
 static int mag_auth(request_rec *req)
 {
     const char *type;
@@ -850,7 +863,7 @@ static int mag_auth(request_rec *req)
     req->ap_auth_type = apr_pstrdup(req->pool, auth_types[auth_type]);
 
 #ifdef HAVE_CRED_STORE
-    if (cfg->use_s4u2proxy) {
+    if (use_s4u2proxy(req_cfg)) {
         cred_usage = GSS_C_BOTH;
     }
 #endif
@@ -1058,9 +1071,6 @@ static const char *mag_use_s4u2p(cmd_parms *parms, void *mconfig, int on)
     struct mag_config *cfg = (struct mag_config *)mconfig;
     cfg->use_s4u2proxy = on ? true : false;
 
-    if (cfg->deleg_ccache_dir == NULL) {
-        cfg->deleg_ccache_dir = apr_pstrdup(parms->pool, "/tmp");
-    }
     return NULL;
 }
 #endif