summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Simo Sorce [Wed, 16 Apr 2014 01:08:52 +0000 (21:08 -0400)]
Simplify configure.ac and makefile.am files
Remove unnecessary cruft, that was only making things harder to read.
Simo Sorce [Wed, 16 Apr 2014 00:54:47 +0000 (20:54 -0400)]
Use appropriate flags so make dist works
On my system I have high UIds, without tar-pax make dist fails.
Also add other useful parameters
Simo Sorce [Wed, 16 Apr 2014 00:50:36 +0000 (20:50 -0400)]
Set context data on the pool with a destructor
This way the context is available for the duration of the connection.
It is also properly freed if the connection is interrupted before the context
is fully established.
Simo Sorce [Thu, 10 Apr 2014 05:22:46 +0000 (01:22 -0400)]
Fix use after free
On errors mc->ctx would be left pointing at the freed context,
make sure it is cleared if we delete the context.
Simo Sorce [Thu, 10 Apr 2014 04:52:39 +0000 (00:52 -0400)]
Fix base64 encoding of tokens
The token was being trunkated as the total length should have been:
replen + 10
Just remove this line, apr_base64_encode() already properly terminate
the buffer.
Simo Sorce [Sat, 12 Apr 2014 22:14:37 +0000 (18:14 -0400)]
Register optional functions
Simo Sorce [Thu, 13 Mar 2014 20:02:03 +0000 (16:02 -0400)]
Implement checking for TLS connections
Obey the GSSSSLOnly setting.
Simo Sorce [Sun, 9 Mar 2014 20:24:34 +0000 (16:24 -0400)]
Allow context to be attached to the connection
This means the authentication is not repeated for every request but
is retained for the life of the connection.
This may be a security issue if a frontend proxy shares connections
between multiple users so must be used with care.
RFC 4559 warns that clients should not try SPNEGO if such a proxy
is present. Unfortuntely the RFC assumes a non-standard method to
determine if a proxy maintain separate connections.
Simo Sorce [Sun, 9 Mar 2014 21:16:12 +0000 (17:16 -0400)]
Fix module name
The module structure name used throughout the code didn't match the
name of the initialized structure, so the one used was always
uninitialized.
Simo Sorce [Sat, 8 Mar 2014 19:23:28 +0000 (14:23 -0500)]
Add option to map GSS Name to local Name
Always preserves the received name in GSS_NAME.
In the kereberos case this will result in the environment variable
called GSS_NAME the user's principal, while REMOTE_USER will contain
the user name as mapped by the kerberos library.
Simo Sorce [Sat, 15 Feb 2014 22:33:31 +0000 (17:33 -0500)]
Use the cred_store extension to save credentials
Simo Sorce [Sat, 15 Feb 2014 22:33:00 +0000 (17:33 -0500)]
Fix warnings
Simo Sorce [Sat, 15 Feb 2014 20:59:06 +0000 (15:59 -0500)]
Add initial configure scripts
Simo Sorce [Thu, 13 Feb 2014 22:52:39 +0000 (17:52 -0500)]
Example apache module conf
Simo Sorce [Tue, 28 Jan 2014 02:26:55 +0000 (21:26 -0500)]
Initial code
Signed-off-by: Simo Sorce <simo@redhat.com>