diff options
| author | Fraser Tweedale <ftweedal@redhat.com> | 2017-02-04 16:33:18 +1000 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2017-02-08 07:39:47 -0500 |
| commit | eb8ed98b9ba758a0c8db67151c18d1dd943e4289 (patch) | |
| tree | 295bf50a0a86d6146c8e7095791ab0c9063e9223 /src | |
| parent | 3ae63e3a31b3fd0241fcdad0a1dbd0414e225615 (diff) | |
| download | mod_auth_gssapi-eb8ed98b9ba758a0c8db67151c18d1dd943e4289.tar.gz mod_auth_gssapi-eb8ed98b9ba758a0c8db67151c18d1dd943e4289.tar.xz mod_auth_gssapi-eb8ed98b9ba758a0c8db67151c18d1dd943e4289.zip | |
Add option to set alternative ccname env var
In some cases (e.g. if you want to convey the ccname over AJP) the
request environment variable name "KRB5CCNAME" is not appropriate.
Add the GssapiDelegCcacheEnvVar option that allows the env var name
to be changed.
Fixes: https://github.com/modauthgssapi/mod_auth_gssapi/issues/123
Reviewed-by: Simo Sorce <simo@redhat.com>
Closes #124
Closes #123
Diffstat (limited to 'src')
| -rw-r--r-- | src/environ.c | 8 | ||||
| -rw-r--r-- | src/mod_auth_gssapi.c | 4 | ||||
| -rw-r--r-- | src/mod_auth_gssapi.h | 1 |
3 files changed, 9 insertions, 4 deletions
diff --git a/src/environ.c b/src/environ.c index bc59bae..7cd3b8a 100644 --- a/src/environ.c +++ b/src/environ.c @@ -243,8 +243,8 @@ static void mag_set_name_attributes(request_rec *req, struct mag_conn *mc) } } -static void mag_set_KRB5CCNAME(request_rec *req, struct mag_config *cfg, - struct mag_conn *mc) +static void mag_set_ccname_envvar(request_rec *req, struct mag_config *cfg, + struct mag_conn *mc) { apr_status_t status; apr_int32_t wanted = APR_FINFO_MIN | APR_FINFO_OWNER | APR_FINFO_PROT; @@ -287,7 +287,7 @@ static void mag_set_KRB5CCNAME(request_rec *req, struct mag_config *cfg, } value = apr_psprintf(req->pool, "FILE:%s", path); - apr_table_set(mc->env, "KRB5CCNAME", value); + apr_table_set(mc->env, cfg->ccname_envvar, value); } void mag_export_req_env(request_rec *req, apr_table_t *env) @@ -316,7 +316,7 @@ void mag_set_req_data(request_rec *req, #ifdef HAVE_CRED_STORE if (cfg->deleg_ccache_dir && mc->delegated && mc->ccname) { - mag_set_KRB5CCNAME(req, cfg, mc); + mag_set_ccname_envvar(req, cfg, mc); } #endif diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c index ed4342b..91c8f68 100644 --- a/src/mod_auth_gssapi.c +++ b/src/mod_auth_gssapi.c @@ -1209,6 +1209,7 @@ static void *mag_create_dir_config(apr_pool_t *p, char *dir) cfg = (struct mag_config *)apr_pcalloc(p, sizeof(struct mag_config)); cfg->pool = p; + cfg->ccname_envvar = "KRB5CCNAME"; return cfg; } @@ -1724,6 +1725,9 @@ static const command_rec mag_commands[] = { OR_AUTHCFG, "Directory to store delegated credentials"), AP_INIT_ITERATE("GssapiDelegCcachePerms", mag_deleg_ccache_perms, NULL, OR_AUTHCFG, "Permissions to assign to Ccache files"), + AP_INIT_TAKE1("GssapiDelegCcacheEnvVar", ap_set_string_slot, + (void *)APR_OFFSETOF(struct mag_config, ccname_envvar), + OR_AUTHCFG, "Environment variable to receive ccache name"), AP_INIT_FLAG("GssapiDelegCcacheUnique", mag_deleg_ccache_unique, NULL, OR_AUTHCFG, "Use unique ccaches for delgation"), AP_INIT_FLAG("GssapiImpersonate", ap_set_flag_slot, diff --git a/src/mod_auth_gssapi.h b/src/mod_auth_gssapi.h index 2aa81f1..fb47b12 100644 --- a/src/mod_auth_gssapi.h +++ b/src/mod_auth_gssapi.h @@ -81,6 +81,7 @@ struct mag_config { gss_key_value_set_desc *cred_store; bool deleg_ccache_unique; bool s4u2self; + char *ccname_envvar; #endif struct seal_key *mag_skey; |