summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
1fcfd83)
Some more definitions that depend on cred_store functions were
not properly ifdef-ed
Signed-off-by: Simo Sorce <simo@redhat.com>
static char *escape(apr_pool_t *pool, const char *name,
char find, const char *replace)
{
static char *escape(apr_pool_t *pool, const char *name,
char find, const char *replace)
{
static int mag_auth(request_rec *req)
{
static int mag_auth(request_rec *req)
{
req->ap_auth_type = apr_pstrdup(req->pool, auth_type);
req->ap_auth_type = apr_pstrdup(req->pool, auth_type);
-#ifdef HAVE_GSS_ACQUIRE_CRED_FROM
if (cfg->use_s4u2proxy) {
cred_usage = GSS_C_BOTH;
}
if (cfg->use_s4u2proxy) {
cred_usage = GSS_C_BOTH;
}
* name instead of the SPN of the server credentials. Therefore we
* need to acquire a different set of credential setting
* GSS_C_ACCEPT explicitly */
* name instead of the SPN of the server credentials. Therefore we
* need to acquire a different set of credential setting
* GSS_C_ACCEPT explicitly */
-#ifdef HAVE_GSS_ACQUIRE_CRED_FROM
if (cfg->cred_store) {
maj = gss_acquire_cred_from(&min, GSS_C_NO_NAME,
GSS_C_INDEFINITE, GSS_C_NO_OID_SET,
if (cfg->cred_store) {
maj = gss_acquire_cred_from(&min, GSS_C_NO_NAME,
GSS_C_INDEFINITE, GSS_C_NO_OID_SET,
gss_release_cred(&min, &server_cred);
}
gss_release_cred(&min, &server_cred);
}
if (cfg->deleg_ccache_dir) {
/* delegate ourselves credentials so we store them as requested */
init_flags |= GSS_C_DELEG_FLAG;
}
if (cfg->deleg_ccache_dir) {
/* delegate ourselves credentials so we store them as requested */
init_flags |= GSS_C_DELEG_FLAG;
}
/* output and input are inverted here, this is intentional */
maj = gss_init_sec_context(&min, user_cred, &user_ctx, server,
/* output and input are inverted here, this is intentional */
maj = gss_init_sec_context(&min, user_cred, &user_ctx, server,
apr_table_set(req->subprocess_env, "GSS_SESSION_EXPIRATION",
apr_psprintf(req->pool, "%ld", (long)expiration));
apr_table_set(req->subprocess_env, "GSS_SESSION_EXPIRATION",
apr_psprintf(req->pool, "%ld", (long)expiration));
-#ifdef HAVE_GSS_STORE_CRED_INTO
if (cfg->deleg_ccache_dir && delegated_cred != GSS_C_NO_CREDENTIAL) {
char *ccachefile = NULL;
if (cfg->deleg_ccache_dir && delegated_cred != GSS_C_NO_CREDENTIAL) {
char *ccachefile = NULL;
static const char *mag_use_s4u2p(cmd_parms *parms, void *mconfig, int on)
{
struct mag_config *cfg = (struct mag_config *)mconfig;
static const char *mag_use_s4u2p(cmd_parms *parms, void *mconfig, int on)
{
struct mag_config *cfg = (struct mag_config *)mconfig;
static const char *mag_sess_key(cmd_parms *parms, void *mconfig, const char *w)
{
static const char *mag_sess_key(cmd_parms *parms, void *mconfig, const char *w)
{
+#ifdef HAVE_CRED_STORE
+
#define MAX_CRED_OPTIONS 10
static const char *mag_cred_store(cmd_parms *parms, void *mconfig,
#define MAX_CRED_OPTIONS 10
static const char *mag_cred_store(cmd_parms *parms, void *mconfig,
static const char *mag_use_basic_auth(cmd_parms *parms, void *mconfig, int on)
{
static const char *mag_use_basic_auth(cmd_parms *parms, void *mconfig, int on)
{
"Authentication uses mod_sessions to hold status"),
AP_INIT_RAW_ARGS("GssapiSessionKey", mag_sess_key, NULL, OR_AUTHCFG,
"Key Used to seal session data."),
"Authentication uses mod_sessions to hold status"),
AP_INIT_RAW_ARGS("GssapiSessionKey", mag_sess_key, NULL, OR_AUTHCFG,
"Key Used to seal session data."),
-#ifdef HAVE_GSS_ACQUIRE_CRED_FROM
AP_INIT_FLAG("GssapiUseS4U2Proxy", mag_use_s4u2p, NULL, OR_AUTHCFG,
"Initializes credentials for s4u2proxy usage"),
AP_INIT_FLAG("GssapiUseS4U2Proxy", mag_use_s4u2p, NULL, OR_AUTHCFG,
"Initializes credentials for s4u2proxy usage"),
-#endif
-#ifdef HAVE_GSS_STORE_CRED_INTO
AP_INIT_ITERATE("GssapiCredStore", mag_cred_store, NULL, OR_AUTHCFG,
"Credential Store"),
AP_INIT_RAW_ARGS("GssapiDelegCcacheDir", mag_deleg_ccache_dir, NULL,
AP_INIT_ITERATE("GssapiCredStore", mag_cred_store, NULL, OR_AUTHCFG,
"Credential Store"),
AP_INIT_RAW_ARGS("GssapiDelegCcacheDir", mag_deleg_ccache_dir, NULL,
#define MIN_SESS_EXP_TIME 300 /* 5 minutes validity minimum */
#define MIN_SESS_EXP_TIME 300 /* 5 minutes validity minimum */
+#ifdef HAVE_GSS_ACQUIRE_CRED_FROM
+# ifdef HAVE_GSS_STORE_CRED_INTO
+#define HAVE_CRED_STORE 1
+# endif
+#endif
+
struct mag_config {
apr_pool_t *pool;
bool ssl_only;
struct mag_config {
apr_pool_t *pool;
bool ssl_only;
bool gss_conn_ctx;
bool send_persist;
bool use_sessions;
bool gss_conn_ctx;
bool send_persist;
bool use_sessions;
bool use_s4u2proxy;
char *deleg_ccache_dir;
gss_key_value_set_desc *cred_store;
bool use_s4u2proxy;
char *deleg_ccache_dir;
gss_key_value_set_desc *cred_store;
struct seal_key *mag_skey;
bool use_basic_auth;
};
struct seal_key *mag_skey;
bool use_basic_auth;
};