#include <stdbool.h>
#include <stdint.h>
#include <time.h>
-#include <gssapi/gssapi.h>
-#include <gssapi/gssapi_ext.h>
#define APR_WANT_STRFUNC
#include "apr_want.h"
#include <http_log.h>
#include <http_request.h>
#include <mod_session.h>
+#include <mod_ssl.h>
/* apache's httpd.h drags in empty PACKAGE_* variables.
* undefine them to avoid annoying compile warnings as they
#undef PACKAGE_VERSION
#include "config.h"
+#include <gssapi/gssapi.h>
+#include <gssapi/gssapi_ext.h>
+#include <gssapi/gssapi_krb5.h>
+#ifdef HAVE_GSSAPI_GSSAPI_NTLMSSP_H
+# include <gssapi/gssapi_ntlmssp.h>
+#endif
+
#include "crypto.h"
#include "sessions.h"
#define MIN_SESS_EXP_TIME 300 /* 5 minutes validity minimum */
+#ifdef HAVE_GSS_ACQUIRE_CRED_FROM
+# ifdef HAVE_GSS_STORE_CRED_INTO
+#define HAVE_CRED_STORE 1
+# endif
+#endif
+
struct mag_config {
apr_pool_t *pool;
bool ssl_only;
bool map_to_local;
bool gss_conn_ctx;
+ bool send_persist;
bool use_sessions;
+#ifdef HAVE_CRED_STORE
bool use_s4u2proxy;
char *deleg_ccache_dir;
gss_key_value_set_desc *cred_store;
+#endif
+ struct seal_key *mag_skey;
+
+ bool use_basic_auth;
+ gss_OID_set_desc *allowed_mechs;
+ gss_OID_set_desc *basic_mechs;
+};
+
+struct mag_server_config {
+ gss_OID_set default_mechs;
+ struct seal_key *mag_skey;
+};
+
+struct mag_req_cfg {
+ request_rec *req;
+ struct mag_config *cfg;
+ gss_OID_set desired_mechs;
+ bool use_sessions;
+ bool send_persist;
+ const char *req_proto;
+ const char *rep_proto;
struct seal_key *mag_skey;
- enum {
- BA_OFF = 0,
- BA_FORWARD = 1,
- BA_ON = 2
- } basic_auth;
};
struct mag_conn {
- apr_pool_t *parent;
+ apr_pool_t *pool;
gss_ctx_id_t ctx;
bool established;
const char *user_name;
const char *gss_name;
time_t expiration;
- const char *auth_type;
+ int auth_type;
+ bool delegated;
+ struct databuf basic_hash;
};
+
+#define discard_const(ptr) ((void *)((uintptr_t)(ptr)))
+
+struct mag_conn *mag_new_conn_ctx(apr_pool_t *pool);
projects / mod_auth_gssapi.git / blobdiff