|
Packit |
728676 |
/* Copyright (C) 2014, 2016 mod_auth_gssapi contributors - See COPYING for (C) terms */
|
|
Packit |
728676 |
|
|
Packit |
728676 |
#include <stdbool.h>
|
|
Packit |
728676 |
#include <stdint.h>
|
|
Packit |
728676 |
#include <stdlib.h>
|
|
Packit |
728676 |
#include <time.h>
|
|
Packit |
728676 |
#include <unistd.h>
|
|
Packit |
728676 |
|
|
Packit |
728676 |
#define APR_WANT_STRFUNC
|
|
Packit |
728676 |
#include "apr_want.h"
|
|
Packit |
728676 |
#include <apr_strings.h>
|
|
Packit |
728676 |
#include <apr_base64.h>
|
|
Packit |
728676 |
|
|
Packit |
728676 |
#include <httpd.h>
|
|
Packit |
728676 |
#include <http_core.h>
|
|
Packit |
728676 |
#include <http_connection.h>
|
|
Packit |
728676 |
#include <http_log.h>
|
|
Packit |
728676 |
#include <http_request.h>
|
|
Packit |
728676 |
#include <mod_session.h>
|
|
Packit |
728676 |
#include <mod_ssl.h>
|
|
Packit |
728676 |
|
|
Packit |
728676 |
/* apache's httpd.h drags in empty PACKAGE_* variables.
|
|
Packit |
728676 |
* undefine them to avoid annoying compile warnings as they
|
|
Packit |
728676 |
* are re-defined in config.h */
|
|
Packit |
728676 |
#undef PACKAGE_BUGREPORT
|
|
Packit |
728676 |
#undef PACKAGE_NAME
|
|
Packit |
728676 |
#undef PACKAGE_STRING
|
|
Packit |
728676 |
#undef PACKAGE_TARNAME
|
|
Packit |
728676 |
#undef PACKAGE_VERSION
|
|
Packit |
728676 |
#include "config.h"
|
|
Packit |
728676 |
|
|
Packit |
728676 |
#include <gssapi/gssapi.h>
|
|
Packit |
728676 |
#include <gssapi/gssapi_ext.h>
|
|
Packit |
728676 |
#include <gssapi/gssapi_krb5.h>
|
|
Packit |
728676 |
#ifdef HAVE_GSSAPI_GSSAPI_NTLMSSP_H
|
|
Packit |
728676 |
# include <gssapi/gssapi_ntlmssp.h>
|
|
Packit |
728676 |
#endif
|
|
Packit |
728676 |
|
|
Packit |
728676 |
#include <ctype.h>
|
|
Packit |
728676 |
#include <pwd.h>
|
|
Packit |
728676 |
#include <grp.h>
|
|
Packit |
728676 |
|
|
Packit |
728676 |
#include "crypto.h"
|
|
Packit |
728676 |
#include "sessions.h"
|
|
Packit |
728676 |
#include "environ.h"
|
|
Packit |
728676 |
|
|
Packit |
728676 |
#define MIN_SESS_EXP_TIME 300 /* 5 minutes validity minimum */
|
|
Packit |
728676 |
|
|
Packit |
728676 |
#if defined(HAVE_GSS_ACQUIRE_CRED_FROM) && defined(HAVE_GSS_STORE_CRED_INTO)
|
|
Packit |
728676 |
# define HAVE_CRED_STORE 1
|
|
Packit |
728676 |
#endif
|
|
Packit |
728676 |
|
|
Packit |
728676 |
extern module AP_MODULE_DECLARE_DATA auth_gssapi_module;
|
|
Packit |
728676 |
#define GSS_NAME_ATTR_USERDATA "GSS Name Attributes Userdata"
|
|
Packit |
728676 |
|
|
Packit |
728676 |
struct mag_na_map {
|
|
Packit |
728676 |
char *env_name;
|
|
Packit |
728676 |
char *attr_name;
|
|
Packit |
728676 |
};
|
|
Packit |
728676 |
|
|
Packit |
728676 |
struct mag_name_attributes {
|
|
Packit |
728676 |
bool output_json;
|
|
Packit |
728676 |
int map_count;
|
|
Packit |
728676 |
struct mag_na_map map[];
|
|
Packit |
728676 |
};
|
|
Packit |
728676 |
|
|
Packit |
728676 |
struct mag_config {
|
|
Packit |
728676 |
apr_pool_t *pool;
|
|
Packit |
728676 |
bool ssl_only;
|
|
Packit |
728676 |
bool map_to_local;
|
|
Packit |
728676 |
bool gss_conn_ctx;
|
|
Packit |
728676 |
bool send_persist;
|
|
Packit |
728676 |
bool use_sessions;
|
|
Packit |
728676 |
#ifdef HAVE_CRED_STORE
|
|
Packit |
728676 |
bool use_s4u2proxy;
|
|
Packit |
728676 |
char *deleg_ccache_dir;
|
|
Packit |
728676 |
mode_t deleg_ccache_mode;
|
|
Packit |
728676 |
uid_t deleg_ccache_uid;
|
|
Packit |
728676 |
gid_t deleg_ccache_gid;
|
|
Packit |
728676 |
gss_key_value_set_desc *cred_store;
|
|
Packit |
728676 |
bool deleg_ccache_unique;
|
|
rpm-build |
13e976 |
int s4u2self;
|
|
Packit |
728676 |
char *ccname_envvar;
|
|
Packit |
728676 |
#endif
|
|
Packit |
728676 |
struct seal_key *mag_skey;
|
|
Packit |
728676 |
|
|
Packit |
728676 |
bool use_basic_auth;
|
|
Packit |
728676 |
gss_OID_set_desc *allowed_mechs;
|
|
Packit |
728676 |
gss_OID_set_desc *basic_mechs;
|
|
Packit |
728676 |
bool negotiate_once;
|
|
Packit |
728676 |
struct mag_name_attributes *name_attributes;
|
|
Packit |
728676 |
const char *required_na_expr;
|
|
rpm-build |
13e976 |
int enverrs;
|
|
Packit |
728676 |
gss_name_t acceptor_name;
|
|
Packit |
728676 |
bool acceptor_name_from_req;
|
|
Packit |
728676 |
};
|
|
Packit |
728676 |
|
|
Packit |
728676 |
struct mag_server_config {
|
|
Packit |
728676 |
gss_OID_set default_mechs;
|
|
Packit |
728676 |
struct seal_key *mag_skey;
|
|
Packit |
728676 |
};
|
|
Packit |
728676 |
|
|
Packit |
728676 |
struct mag_req_cfg {
|
|
Packit |
728676 |
request_rec *req;
|
|
Packit |
728676 |
struct mag_config *cfg;
|
|
Packit |
728676 |
gss_OID_set desired_mechs;
|
|
Packit |
728676 |
bool use_sessions;
|
|
Packit |
728676 |
bool send_persist;
|
|
Packit |
728676 |
const char *req_proto;
|
|
Packit |
728676 |
const char *rep_proto;
|
|
Packit |
728676 |
struct seal_key *mag_skey;
|
|
Packit |
728676 |
};
|
|
Packit |
728676 |
|
|
Packit |
728676 |
struct mag_attr {
|
|
Packit |
728676 |
const char *name;
|
|
Packit |
728676 |
const char *value;
|
|
Packit |
728676 |
};
|
|
Packit |
728676 |
|
|
Packit |
728676 |
struct mag_conn {
|
|
Packit |
728676 |
apr_pool_t *pool;
|
|
Packit |
728676 |
gss_ctx_id_t ctx;
|
|
Packit |
728676 |
bool established;
|
|
Packit |
728676 |
const char *user_name;
|
|
Packit |
728676 |
const char *gss_name;
|
|
Packit |
728676 |
time_t expiration;
|
|
Packit |
728676 |
int auth_type;
|
|
Packit |
728676 |
bool delegated;
|
|
Packit |
728676 |
struct databuf basic_hash;
|
|
Packit |
728676 |
bool is_preserved;
|
|
Packit |
728676 |
int na_count;
|
|
Packit |
728676 |
const char **required_name_attrs;
|
|
Packit |
728676 |
const char **required_name_vals;
|
|
Packit |
728676 |
struct mag_attr *name_attributes;
|
|
Packit |
728676 |
const char *ccname;
|
|
Packit |
728676 |
apr_table_t *env;
|
|
Packit |
728676 |
};
|
|
Packit |
728676 |
|
|
Packit |
728676 |
#define discard_const(ptr) ((void *)((uintptr_t)(ptr)))
|
|
Packit |
728676 |
|
|
Packit |
728676 |
struct mag_conn *mag_new_conn_ctx(apr_pool_t *pool);
|
|
Packit |
728676 |
const char *mag_str_auth_type(int auth_type);
|
|
Packit |
728676 |
char *mag_error(apr_pool_t *pool, const char *msg, uint32_t maj, uint32_t min);
|
|
Packit |
728676 |
int mag_get_user_uid(const char *name, uid_t *uid);
|
|
Packit |
728676 |
int mag_get_group_gid(const char *name, gid_t *gid);
|
|
Packit |
728676 |
bool mag_strbuf_equal(const char *str, gss_buffer_t buf);
|