-
Notifications
You must be signed in to change notification settings - Fork 40
/
Copy pathmod_auth_gssapi.h
126 lines (108 loc) · 2.75 KB
/
mod_auth_gssapi.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
/* Copyright (C) 2014, 2016 mod_auth_gssapi contributors - See COPYING for (C) terms */
#include <stdbool.h>
#include <stdint.h>
#include <stdlib.h>
#include <time.h>
#include <unistd.h>
#define APR_WANT_STRFUNC
#include "apr_want.h"
#include <apr_strings.h>
#include <apr_base64.h>
#include <httpd.h>
#include <http_core.h>
#include <http_connection.h>
#include <http_log.h>
#include <http_request.h>
#include <mod_session.h>
#include <mod_ssl.h>
/* apache's httpd.h drags in empty PACKAGE_* variables.
* undefine them to avoid annoying compile warnings as they
* are re-defined in config.h */
#undef PACKAGE_BUGREPORT
#undef PACKAGE_NAME
#undef PACKAGE_STRING
#undef PACKAGE_TARNAME
#undef PACKAGE_VERSION
#include "config.h"
#include <gssapi/gssapi.h>
#include <gssapi/gssapi_ext.h>
#include <gssapi/gssapi_krb5.h>
#ifdef HAVE_GSSAPI_GSSAPI_NTLMSSP_H
# include <gssapi/gssapi_ntlmssp.h>
#endif
#include "crypto.h"
#include "sessions.h"
#include "environ.h"
#define MIN_SESS_EXP_TIME 300 /* 5 minutes validity minimum */
#ifdef HAVE_GSS_ACQUIRE_CRED_FROM
# ifdef HAVE_GSS_STORE_CRED_INTO
#define HAVE_CRED_STORE 1
# endif
#endif
struct mag_na_map {
char *env_name;
char *attr_name;
};
struct mag_name_attributes {
bool output_json;
int map_count;
struct mag_na_map map[];
};
struct mag_config {
apr_pool_t *pool;
bool ssl_only;
bool map_to_local;
bool gss_conn_ctx;
bool send_persist;
bool use_sessions;
#ifdef HAVE_CRED_STORE
bool use_s4u2proxy;
char *deleg_ccache_dir;
gss_key_value_set_desc *cred_store;
bool deleg_ccache_unique;;
bool s4u2self;
#endif
struct seal_key *mag_skey;
bool use_basic_auth;
gss_OID_set_desc *allowed_mechs;
gss_OID_set_desc *basic_mechs;
bool negotiate_once;
struct mag_name_attributes *name_attributes;
};
struct mag_server_config {
gss_OID_set default_mechs;
struct seal_key *mag_skey;
};
struct mag_req_cfg {
request_rec *req;
struct mag_config *cfg;
gss_OID_set desired_mechs;
bool use_sessions;
bool send_persist;
const char *req_proto;
const char *rep_proto;
struct seal_key *mag_skey;
};
struct mag_attr {
const char *name;
const char *value;
};
struct mag_conn {
apr_pool_t *pool;
gss_ctx_id_t ctx;
bool established;
const char *user_name;
const char *gss_name;
time_t expiration;
int auth_type;
bool delegated;
struct databuf basic_hash;
bool is_preserved;
int na_count;
struct mag_attr *name_attributes;
const char *ccname;
};
#define discard_const(ptr) ((void *)((uintptr_t)(ptr)))
struct mag_conn *mag_new_conn_ctx(apr_pool_t *pool);
const char *mag_str_auth_type(int auth_type);
char *mag_error(request_rec *req, const char *msg, uint32_t maj, uint32_t min);