#include "mod_auth_gssapi.h"
+#define MOD_AUTH_GSSAPI_VERSION PACKAGE_NAME "/" PACKAGE_VERSION
module AP_MODULE_DECLARE_DATA auth_gssapi_module;
+APLOG_USE_MODULE(auth_gssapi);
+
APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));
static char *mag_status(request_rec *req, int type, uint32_t err)
/* FIXME: create mutex to deal with connections and contexts ? */
mag_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https);
mag_post_config_session();
+ ap_add_version_component(cfgpool, MOD_AUTH_GSSAPI_VERSION);
return OK;
}
gss_name_t client = GSS_C_NO_NAME;
gss_cred_id_t acquired_cred = GSS_C_NO_CREDENTIAL;
gss_cred_id_t delegated_cred = GSS_C_NO_CREDENTIAL;
+ gss_cred_usage_t cred_usage = GSS_C_ACCEPT;
uint32_t flags;
uint32_t vtime;
uint32_t maj, min;
}
/* if available, session always supersedes connection bound data */
- mag_check_session(req, cfg, &mc);
+ if (cfg->use_sessions) {
+ mag_check_session(req, cfg, &mc);
+ }
if (mc) {
/* register the context in the memory pool, so it can be freed
#ifdef HAVE_GSS_ACQUIRE_CRED_FROM
if (cfg->use_s4u2proxy) {
+ cred_usage = GSS_C_BOTH;
+ }
+ if (cfg->cred_store) {
maj = gss_acquire_cred_from(&min, GSS_C_NO_NAME, 0,
- GSS_C_NO_OID_SET, GSS_C_BOTH,
+ GSS_C_NO_OID_SET, cred_usage,
cfg->cred_store, &acquired_cred,
NULL, NULL);
if (GSS_ERROR(maj)) {
vtime = MIN_SESS_EXP_TIME;
}
mc->expiration = time(NULL) + vtime;
- mag_attempt_session(req, cfg, mc);
+ if (cfg->use_sessions) {
+ mag_attempt_session(req, cfg, mc);
+ }
}
ret = OK;