diff options
| author | Simo Sorce <simo@redhat.com> | 2015-06-14 18:23:16 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2015-06-16 13:29:26 -0400 |
| commit | 2970c017e9afbcde29be86e02a58bf142daf1cdf (patch) | |
| tree | d2d7f01af2107fc0070e3d24c6e7801997b5f1a5 /src/mod_auth_gssapi.c | |
| parent | d499fea35e0c88e75dbaf5e0e072fdbc8f88febe (diff) | |
| download | mod_auth_gssapi-2970c017e9afbcde29be86e02a58bf142daf1cdf.tar.gz mod_auth_gssapi-2970c017e9afbcde29be86e02a58bf142daf1cdf.tar.xz mod_auth_gssapi-2970c017e9afbcde29be86e02a58bf142daf1cdf.zip | |
Separate basic auth loop from the main accept.
Consolidate and simplify AUTH BASIC Handling - Part 2.
By moving all the special operation one for auth basic into its own
segment we make the code simpler (less exceptions) and more readable.
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'src/mod_auth_gssapi.c')
| -rw-r--r-- | src/mod_auth_gssapi.c | 64 |
1 files changed, 27 insertions, 37 deletions
diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c index 3976eb2..254b741 100644 --- a/src/mod_auth_gssapi.c +++ b/src/mod_auth_gssapi.c @@ -618,43 +618,7 @@ static int mag_auth(request_rec *req) } #endif - /* output and input are inverted here, this is intentional */ - maj = gss_init_sec_context(&min, user_cred, &user_ctx, server, - GSS_C_NO_OID, init_flags, 300, - GSS_C_NO_CHANNEL_BINDINGS, &output, - NULL, &input, NULL, NULL); - if (GSS_ERROR(maj)) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, req, - "%s", mag_error(req, "gss_init_sec_context() " - "failed", maj, min)); - goto done; - } - } - - if (auth_type == AUTH_TYPE_NEGOTIATE && - cfg->allowed_mechs != GSS_C_NO_OID_SET) { - maj = gss_set_neg_mechs(&min, acquired_cred, cfg->allowed_mechs); - if (GSS_ERROR(maj)) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, req, "%s", - mag_error(req, "gss_set_neg_mechs() failed", - maj, min)); - goto done; - } - } - - maj = gss_accept_sec_context(&min, pctx, acquired_cred, - &input, GSS_C_NO_CHANNEL_BINDINGS, - &client, &mech_type, &output, &flags, &vtime, - &delegated_cred); - if (GSS_ERROR(maj)) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, req, "%s", - mag_error(req, "gss_accept_sec_context() failed", - maj, min)); - goto done; - } - if (auth_type == AUTH_TYPE_BASIC) { - while (maj == GSS_S_CONTINUE_NEEDED) { - gss_release_buffer(&min, &input); + do { /* output and input are inverted here, this is intentional */ maj = gss_init_sec_context(&min, user_cred, &user_ctx, server, GSS_C_NO_OID, init_flags, 300, @@ -677,7 +641,32 @@ static int mag_auth(request_rec *req) " failed", maj, min)); goto done; } + gss_release_buffer(&min, &input); + } while (maj == GSS_S_CONTINUE_NEEDED); + gss_release_buffer(&min, &output); + goto complete; + } + + if (auth_type == AUTH_TYPE_NEGOTIATE && + cfg->allowed_mechs != GSS_C_NO_OID_SET) { + maj = gss_set_neg_mechs(&min, acquired_cred, cfg->allowed_mechs); + if (GSS_ERROR(maj)) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, req, "%s", + mag_error(req, "gss_set_neg_mechs() failed", + maj, min)); + goto done; } + } + + maj = gss_accept_sec_context(&min, pctx, acquired_cred, + &input, GSS_C_NO_CHANNEL_BINDINGS, + &client, &mech_type, &output, &flags, &vtime, + &delegated_cred); + if (GSS_ERROR(maj)) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, req, "%s", + mag_error(req, "gss_accept_sec_context() failed", + maj, min)); + goto done; } else if (maj == GSS_S_CONTINUE_NEEDED) { if (!mc) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, req, @@ -691,6 +680,7 @@ static int mag_auth(request_rec *req) goto done; } +complete: /* Always set the GSS name in an env var */ maj = gss_display_name(&min, client, &name, NULL); if (GSS_ERROR(maj)) { |