blob: fb47b12ebc4679f56d4658eb8bffcadc30afb1cf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
/* Copyright (C) 2014, 2016 mod_auth_gssapi contributors - See COPYING for (C) terms */
#include <stdbool.h>
#include <stdint.h>
#include <stdlib.h>
#include <time.h>
#include <unistd.h>
#define APR_WANT_STRFUNC
#include "apr_want.h"
#include <apr_strings.h>
#include <apr_base64.h>
#include <httpd.h>
#include <http_core.h>
#include <http_connection.h>
#include <http_log.h>
#include <http_request.h>
#include <mod_session.h>
#include <mod_ssl.h>
/* apache's httpd.h drags in empty PACKAGE_* variables.
* undefine them to avoid annoying compile warnings as they
* are re-defined in config.h */
#undef PACKAGE_BUGREPORT
#undef PACKAGE_NAME
#undef PACKAGE_STRING
#undef PACKAGE_TARNAME
#undef PACKAGE_VERSION
#include "config.h"
#include <gssapi/gssapi.h>
#include <gssapi/gssapi_ext.h>
#include <gssapi/gssapi_krb5.h>
#ifdef HAVE_GSSAPI_GSSAPI_NTLMSSP_H
# include <gssapi/gssapi_ntlmssp.h>
#endif
#include <ctype.h>
#include <pwd.h>
#include <grp.h>
#include "crypto.h"
#include "sessions.h"
#include "environ.h"
#define MIN_SESS_EXP_TIME 300 /* 5 minutes validity minimum */
#ifdef HAVE_GSS_ACQUIRE_CRED_FROM
# ifdef HAVE_GSS_STORE_CRED_INTO
#define HAVE_CRED_STORE 1
# endif
#endif
extern module AP_MODULE_DECLARE_DATA auth_gssapi_module;
struct mag_na_map {
char *env_name;
char *attr_name;
};
struct mag_name_attributes {
bool output_json;
int map_count;
struct mag_na_map map[];
};
struct mag_config {
apr_pool_t *pool;
bool ssl_only;
bool map_to_local;
bool gss_conn_ctx;
bool send_persist;
bool use_sessions;
#ifdef HAVE_CRED_STORE
bool use_s4u2proxy;
char *deleg_ccache_dir;
mode_t deleg_ccache_mode;
uid_t deleg_ccache_uid;
gid_t deleg_ccache_gid;
gss_key_value_set_desc *cred_store;
bool deleg_ccache_unique;
bool s4u2self;
char *ccname_envvar;
#endif
struct seal_key *mag_skey;
bool use_basic_auth;
gss_OID_set_desc *allowed_mechs;
gss_OID_set_desc *basic_mechs;
bool negotiate_once;
struct mag_name_attributes *name_attributes;
};
struct mag_server_config {
gss_OID_set default_mechs;
struct seal_key *mag_skey;
};
struct mag_req_cfg {
request_rec *req;
struct mag_config *cfg;
gss_OID_set desired_mechs;
bool use_sessions;
bool send_persist;
const char *req_proto;
const char *rep_proto;
struct seal_key *mag_skey;
};
struct mag_attr {
const char *name;
const char *value;
};
struct mag_conn {
apr_pool_t *pool;
gss_ctx_id_t ctx;
bool established;
const char *user_name;
const char *gss_name;
time_t expiration;
int auth_type;
bool delegated;
struct databuf basic_hash;
bool is_preserved;
int na_count;
struct mag_attr *name_attributes;
const char *ccname;
apr_table_t *env;
};
#define discard_const(ptr) ((void *)((uintptr_t)(ptr)))
struct mag_conn *mag_new_conn_ctx(apr_pool_t *pool);
const char *mag_str_auth_type(int auth_type);
char *mag_error(request_rec *req, const char *msg, uint32_t maj, uint32_t min);
|
