#include "mod_auth_gssapi.h"
+const gss_OID_desc gss_mech_spnego = {
+ 6, "\x2b\x06\x01\x05\x05\x02"
+};
+
const gss_OID_desc gss_mech_ntlmssp = {
GSS_NTLMSSP_OID_LENGTH, GSS_NTLMSSP_OID_STRING
};
char *clientname;
gss_OID mech_type = GSS_C_NO_OID;
gss_OID_set desired_mechs = GSS_C_NO_OID_SET;
+ gss_OID_set indicated_mechs = GSS_C_NO_OID_SET;
gss_buffer_desc lname = GSS_C_EMPTY_BUFFER;
struct mag_conn *mc = NULL;
time_t expiration;
cfg = ap_get_module_config(req->per_dir_config, &auth_gssapi_module);
- if (!cfg->allowed_mechs) {
+ if (cfg->allowed_mechs) {
+ desired_mechs = cfg->allowed_mechs;
+ } else {
/* Try to fetch the default set if not explicitly configured */
- gss_cred_id_t server_cred = GSS_C_NO_CREDENTIAL;
- (void)mag_acquire_creds(req, cfg, GSS_C_NO_OID_SET, GSS_C_ACCEPT,
- &server_cred, &cfg->allowed_mechs);
- (void)gss_release_cred(&min, &server_cred);
+ maj = gss_indicate_mechs(&min, &indicated_mechs);
+ if (maj != GSS_S_COMPLETE) {
+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, req, "%s",
+ mag_error(req, "gss_indicate_mechs() failed",
+ maj, min));
+ }
+ desired_mechs = indicated_mechs;
}
/* implicit auth for subrequests if main auth already happened */
ap_auth_name(req)));
}
}
+ gss_release_oid_set(&min, &indicated_mechs);
if (ctx != GSS_C_NO_CONTEXT)
gss_delete_sec_context(&min, &ctx, GSS_C_NO_BUFFER);
gss_release_cred(&min, &acquired_cred);
sizeof(gss_OID_set_desc));
size = sizeof(gss_OID) * MAX_ALLOWED_MECHS;
cfg->allowed_mechs->elements = apr_palloc(parms->pool, size);
+
+ cfg->allowed_mechs->elements[0] = gss_mech_spnego;
+ cfg->allowed_mechs->count++;
}
if (strcmp(w, "krb5") == 0) {
projects / mod_auth_gssapi.git / blobdiff