Feature #2967 » 0001-mod_authn_gssapi-add-store-credentials-config-option.patch
| src/mod_authn_gssapi.c | ||
|---|---|---|
|
typedef struct {
|
||
|
buffer *auth_gssapi_keytab;
|
||
|
buffer *auth_gssapi_principal;
|
||
|
unsigned short auth_gssapi_store_credentials;
|
||
|
} plugin_config;
|
||
|
typedef struct {
|
||
| ... | ... | |
|
plugin_data *p = p_d;
|
||
|
size_t i;
|
||
|
config_values_t cv[] = {
|
||
|
{ "auth.backend.gssapi.keytab", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
|
||
|
{ "auth.backend.gssapi.principal", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
|
||
|
{ NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
|
||
|
{ "auth.backend.gssapi.keytab", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
|
||
|
{ "auth.backend.gssapi.principal", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
|
||
|
{ "auth.backend.gssapi.store-credentials", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION },
|
||
|
{ NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
|
||
|
};
|
||
|
p->config_storage = calloc(srv->config_context->used, sizeof(plugin_config *));
|
||
| ... | ... | |
|
cv[0].destination = s->auth_gssapi_keytab;
|
||
|
cv[1].destination = s->auth_gssapi_principal;
|
||
|
cv[2].destination = &(s->auth_gssapi_store_credentials);
|
||
|
p->config_storage[i] = s;
|
||
| ... | ... | |
|
PATCH(auth_gssapi_keytab);
|
||
|
PATCH(auth_gssapi_principal);
|
||
|
PATCH(auth_gssapi_store_credentials);
|
||
|
/* skip the first, the global context */
|
||
|
for (i = 1; i < srv->config_context->used; i++) {
|
||
| ... | ... | |
|
PATCH(auth_gssapi_keytab);
|
||
|
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.gssapi.principal"))) {
|
||
|
PATCH(auth_gssapi_principal);
|
||
|
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.gssapi.store-credentials"))) {
|
||
|
PATCH(auth_gssapi_store_credentials);
|
||
|
}
|
||
|
}
|
||
|
}
|
||
| ... | ... | |
|
return HANDLER_FINISHED;
|
||
|
}
|
||
|
static handler_t mod_authn_gssapi_send_500_server_error (connection *con)
|
||
|
{
|
||
|
con->http_status = 500;
|
||
|
con->mode = DIRECT;
|
||
|
return HANDLER_FINISHED;
|
||
|
}
|
||
|
static void mod_authn_gssapi_log_gss_error(server *srv, const char *file, unsigned int line, const char *func, const char *extra, OM_uint32 err_maj, OM_uint32 err_min)
|
||
|
{
|
||
|
buffer * const msg = buffer_init_string(func);
|
||
| ... | ... | |
|
goto end;
|
||
|
}
|
||
|
if (!(acc_flags & GSS_C_DELEG_FLAG)) {
|
||
|
log_error_write(srv, __FILE__, __LINE__, "ss", "Unable to delegate credentials for user:", token_out.value);
|
||
|
goto end;
|
||
|
}
|
||
|
/* check the allow-rules */
|
||
|
if (!http_auth_match_rules(require, token_out.value, NULL, NULL)) {
|
||
|
goto end;
|
||
|
}
|
||
|
ret = mod_authn_gssapi_store_gss_creds(srv, con, p, token_out.value, client_cred);
|
||
|
if (ret)
|
||
|
http_auth_setenv(con, token_out.value, token_out.length, CONST_STR_LEN("GSSAPI"));
|
||
|
http_auth_setenv(con, token_out.value, token_out.length, CONST_STR_LEN("GSSAPI"));
|
||
|
ret = 1; /* success */
|
||
|
if (p->conf.auth_gssapi_store_credentials && (acc_flags & GSS_C_DELEG_FLAG)) {
|
||
|
if (!mod_authn_gssapi_store_gss_creds(srv, con, p, token_out.value, client_cred)) {
|
||
|
ret = 2; /* server error */
|
||
|
goto end;
|
||
|
}
|
||
|
}
|
||
|
end:
|
||
|
buffer_free(t_in);
|
||
| ... | ... | |
|
if (token_out.length)
|
||
|
gss_release_buffer(&st_minor, &token_out);
|
||
|
if (ret == 2)
|
||
|
return mod_authn_gssapi_send_500_server_error(con);
|
||
|
return ret ? HANDLER_GO_ON : mod_authn_gssapi_send_401_unauthorized_negotiate(con);
|
||
|
}
|
||
- « Previous
- 1
- 2
- Next »