Feature #2967 » 0001-mod_authn_gssapi-add-store-credentials-config-option.patch
src/mod_authn_gssapi.c | ||
---|---|---|
typedef struct {
|
||
buffer *auth_gssapi_keytab;
|
||
buffer *auth_gssapi_principal;
|
||
unsigned short auth_gssapi_store_credentials;
|
||
} plugin_config;
|
||
typedef struct {
|
||
... | ... | |
plugin_data *p = p_d;
|
||
size_t i;
|
||
config_values_t cv[] = {
|
||
{ "auth.backend.gssapi.keytab", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
|
||
{ "auth.backend.gssapi.principal", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
|
||
{ NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
|
||
{ "auth.backend.gssapi.keytab", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
|
||
{ "auth.backend.gssapi.principal", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
|
||
{ "auth.backend.gssapi.store-credentials", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION },
|
||
{ NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
|
||
};
|
||
p->config_storage = calloc(srv->config_context->used, sizeof(plugin_config *));
|
||
... | ... | |
cv[0].destination = s->auth_gssapi_keytab;
|
||
cv[1].destination = s->auth_gssapi_principal;
|
||
cv[2].destination = &(s->auth_gssapi_store_credentials);
|
||
p->config_storage[i] = s;
|
||
... | ... | |
PATCH(auth_gssapi_keytab);
|
||
PATCH(auth_gssapi_principal);
|
||
PATCH(auth_gssapi_store_credentials);
|
||
/* skip the first, the global context */
|
||
for (i = 1; i < srv->config_context->used; i++) {
|
||
... | ... | |
PATCH(auth_gssapi_keytab);
|
||
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.gssapi.principal"))) {
|
||
PATCH(auth_gssapi_principal);
|
||
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.gssapi.store-credentials"))) {
|
||
PATCH(auth_gssapi_store_credentials);
|
||
}
|
||
}
|
||
}
|
||
... | ... | |
return HANDLER_FINISHED;
|
||
}
|
||
static handler_t mod_authn_gssapi_send_500_server_error (connection *con)
|
||
{
|
||
con->http_status = 500;
|
||
con->mode = DIRECT;
|
||
return HANDLER_FINISHED;
|
||
}
|
||
static void mod_authn_gssapi_log_gss_error(server *srv, const char *file, unsigned int line, const char *func, const char *extra, OM_uint32 err_maj, OM_uint32 err_min)
|
||
{
|
||
buffer * const msg = buffer_init_string(func);
|
||
... | ... | |
goto end;
|
||
}
|
||
if (!(acc_flags & GSS_C_DELEG_FLAG)) {
|
||
log_error_write(srv, __FILE__, __LINE__, "ss", "Unable to delegate credentials for user:", token_out.value);
|
||
goto end;
|
||
}
|
||
/* check the allow-rules */
|
||
if (!http_auth_match_rules(require, token_out.value, NULL, NULL)) {
|
||
goto end;
|
||
}
|
||
ret = mod_authn_gssapi_store_gss_creds(srv, con, p, token_out.value, client_cred);
|
||
if (ret)
|
||
http_auth_setenv(con, token_out.value, token_out.length, CONST_STR_LEN("GSSAPI"));
|
||
http_auth_setenv(con, token_out.value, token_out.length, CONST_STR_LEN("GSSAPI"));
|
||
ret = 1; /* success */
|
||
if (p->conf.auth_gssapi_store_credentials && (acc_flags & GSS_C_DELEG_FLAG)) {
|
||
if (!mod_authn_gssapi_store_gss_creds(srv, con, p, token_out.value, client_cred)) {
|
||
ret = 2; /* server error */
|
||
goto end;
|
||
}
|
||
}
|
||
end:
|
||
buffer_free(t_in);
|
||
... | ... | |
if (token_out.length)
|
||
gss_release_buffer(&st_minor, &token_out);
|
||
if (ret == 2)
|
||
return mod_authn_gssapi_send_500_server_error(con);
|
||
return ret ? HANDLER_GO_ON : mod_authn_gssapi_send_401_unauthorized_negotiate(con);
|
||
}
|
||
- « Previous
- 1
- 2
- Next »