| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
This function is supported only on some GSSAPI versions.
Keep it optional.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
| |
When S4U2Proxy is used in combination with Basic Auth, the gss_inquire_cred()
call will return the client name instead of the server name we need.
Detect this case and aquire a separate set of credentials in that case.
Fixes #28
|
| |
|
|
| |
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The only entry point into the module DSO is the module structure itself;
use libtool's export-symbols linker trick to hide all the other global
symbols, which otherwise are potentially visible outside the module
itself (SEAL_* etc).
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
| |
This directive is deprecated and has no effect in all httpd 2.x releases.
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
| |
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
In httpd/APR it is best practice to assume that memory allocation always
succeeds, which simplifies module code.
APR internally calls abort() if memory allocation ever actually fails,
so in pratice you cannot trigger these code paths anyway.
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
| |
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
| |
Controls whether to send the Persistent-Auth header, and sets it only
when necessary/appropriate
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
| |
Closes #16
|
| |
|
|
|
|
|
|
|
|
|
| |
This reverts commit e9c92795d87a316ea47f6bf37c9636e86eec57e7.
AESGCM is a neat idea but it is not really appropriate to be used in
mod_auth_gssapi because we cannot gurantee that the nonce will never be
reused. It is not very probable, and it is also not easy to force the
server to generate so many encyrpted sessions to have a good chance of
a collision that I know of, but better to avoid the whole issue, than
risk unforseen cases where it may happen.
|
| | |
|
| |
|
|
|
|
|
| |
On success do not forget to send the last negotiate packet (if any)
to the client within the 200 Reply.
Fixes #21
|
| |
|
|
|
|
|
|
| |
When doing fallback basic auth, we may also want to honor the
configured directive about storing delegated credentials.
Detect if we are configured to store them and set the appopriate
init_sec_context flag that will cause the accept_sec_context call
to get valid delegated credentials for later storage.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In some cases (like during directory listing) Apache will re-run the
authentication code. Many GSSAPI mechanism have replay detection so
we cannot simply rerun the accept_sec_context phase. Others require
multiple steps. When authntication has already been estalished just
implicitly consider the authentication successfully performed and
copy the user name. Otherwise fail.
If a subrequest hits a location with a different mod_auth_gssapi
configuration warn but do not error off right away.
Fixes #15
|
| |
|
|
|
|
|
|
| |
The principla name is used as a file name, any embedded path separators
are going to cause trouble if used in the file name, so we need to escape
them away. Usee ~ as the escape chracter (~~ to escape ~ itself)
Fixes #14
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Also, remove all the manual HMAC code since it is no longer needed.
The end result should be faster and stronger authenticated encryption.
Closes #12
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
It realy is const memory referenced internally by MIT's gssapi.
Freeing it will cause a segfault on the next invocation.
This memory is kept in thread local storage and freed by gssapi itself
as needed.
Fixes #11
|
| |
|
|
|
|
|
|
|
|
| |
Set a per-thread Credentials Cache Name that will be thrown away once
authentication is done. This handles both an issue with stomping on
ccaches if two authentications happen in concurrent threads, as well
as issues with gss_acquire_cred_with_password() reusing the ccache
without actually performing an AS request.
Fixes #11
|
| |
|
|
| |
Untested code is broken code :(
|
| |
|
|
|
| |
The apr function is thread safe while the OpenSSL one depdns on setting
up custom locking, which is hard in a library.
|
| |
|
|
|
|
|
| |
Fix GssapiDelegCcacheDir examples and add all the required options to
make GssapiUseS4U2Proxy really work.
Thanks to David Kupka for testing that highlighted these issues.
|
| |
|
|
| |
Fixes #8
|
| |
|
|
|
|
|
| |
Support either passing Basic Auth Through to another module,
or handling it directly through gss_acquire_cred_with_password()
Fixes #8
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
For some reason all the necessary CFALGS are not returned by simply
querying the CFLAGS from apxs. We also need to query EXTRA_CPPFLAGS
apparently.
|
| |
|
|
|
|
|
| |
We need to call APLOG_USE_MODULE() so that the module name is reported
properly in log lines, and per module logging level can be set.
Fixes #6
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
USe automake directives to directly invoke the apxs favored libtool,
and use APXS only to perform the final install.
Fixes #4
|
| |
|
|
|
|
| |
Drop cflags and libs options that make apxs unhappy
Closes #3
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
This allows to always define the keytab in terms of GssapiCredStore
options instead of having to set a KRB5_KTNAME variable.
Fixes Issue 2
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Fix wrong description
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
SU2Proxy support is enabled when GssapiUseS4U2Proxy is set to On
When S4U2Proxy is enabled GssapiDelegCcacheDir is used to determine
where delegated credentials are stored. The ccache type used is always
of type FILE and is located in the provided directory (defaults to /tmp).
The credentials are stored in a file named after the client credentials
so the directory SHOUL NOT be world writeable if a mutiuser system is
used as ccache file names are predictable.
|
