When doing fallback basic auth, we may also want to honor the
configured directive about storing delegated credentials.
Detect if we are configured to store them and set the appopriate
init_sec_context flag that will cause the accept_sec_context call
to get valid delegated credentials for later storage.
const char *user_ccache = NULL;
const char *orig_ccache = NULL;
#endif
const char *user_ccache = NULL;
const char *orig_ccache = NULL;
#endif
+ uint32_t init_flags = 0;
type = ap_auth_type(req);
if ((type == NULL) || (strcasecmp(type, "GSSAPI") != 0)) {
type = ap_auth_type(req);
if ((type == NULL) || (strcasecmp(type, "GSSAPI") != 0)) {
"failed", maj, min));
goto done;
}
"failed", maj, min));
goto done;
}
+
+ if (cfg->deleg_ccache_dir) {
+ /* delegate ourselves credentials so we store them as requested */
+ init_flags |= GSS_C_DELEG_FLAG;
+ }
+
/* output and input are inverted here, this is intentional */
maj = gss_init_sec_context(&min, user_cred, &user_ctx, server,
/* output and input are inverted here, this is intentional */
maj = gss_init_sec_context(&min, user_cred, &user_ctx, server,
+ GSS_C_NO_OID, init_flags, 300,
GSS_C_NO_CHANNEL_BINDINGS, &output,
NULL, &input, NULL, NULL);
if (GSS_ERROR(maj)) {
GSS_C_NO_CHANNEL_BINDINGS, &output,
NULL, &input, NULL, NULL);
if (GSS_ERROR(maj)) {
gss_release_buffer(&min, &input);
/* output and input are inverted here, this is intentional */
maj = gss_init_sec_context(&min, user_cred, &user_ctx, server,
gss_release_buffer(&min, &input);
/* output and input are inverted here, this is intentional */
maj = gss_init_sec_context(&min, user_cred, &user_ctx, server,
+ GSS_C_NO_OID, init_flags, 300,
GSS_C_NO_CHANNEL_BINDINGS, &output,
NULL, &input, NULL, NULL);
if (GSS_ERROR(maj)) {
GSS_C_NO_CHANNEL_BINDINGS, &output,
NULL, &input, NULL, NULL);
if (GSS_ERROR(maj)) {
projects / mod_auth_gssapi.git / commitdiff