Added flag RSRC_CONF to the directives definitions so they can be set in the

[mod_auth_kerb.cvs/.git] / src / mod_auth_kerb.c

diff --git a/src/mod_auth_kerb.c b/src/mod_auth_kerb.c
index e204b69..35e5357 100644 (file)
--- a/src/mod_auth_kerb.c
+++ b/src/mod_auth_kerb.c
@@ -46,7 +46,7 @@
 
 #include "config.h"
 
-#define MODAUTHKERB_VERSION "5.0-rc5"
+#define MODAUTHKERB_VERSION "5.0-rc6"
 
 #include <httpd.h>
 #include <http_config.h>
@@ -143,12 +143,12 @@ krb5_save_realms(cmd_parms *cmd, kerb_auth_config *sec, char *arg);
 #define command(name, func, var, type, usage)           \
   AP_INIT_ ## type (name, func,                         \
         (void*)APR_XtOffsetOf(kerb_auth_config, var),   \
-        OR_AUTHCFG, usage)
+        OR_AUTHCFG | RSRC_CONF, usage)
 #else
 #define command(name, func, var, type, usage)          \
   { name, func,                                        \
     (void*)XtOffsetOf(kerb_auth_config, var),          \
-    OR_AUTHCFG, type, usage }
+    OR_AUTHCFG | RSRC_CONF, type, usage }
 #endif
 
 static const command_rec kerb_auth_cmds[] = {
@@ -988,20 +988,21 @@ get_gss_creds(request_rec *r,
               kerb_auth_config *conf,
              gss_cred_id_t *server_creds)
 {
-   gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
+   gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
    OM_uint32 major_status, minor_status, minor_status2;
    gss_name_t server_name = GSS_C_NO_NAME;
    char buf[1024];
 
    snprintf(buf, sizeof(buf), "%s@%s", conf->krb_service_name,
-        ap_get_server_name(r));
+           ap_get_server_name(r));
 
-   input_token.value = buf;
-   input_token.length = strlen(buf) + 1;
+   token.value = buf;
+   token.length = strlen(buf) + 1;
 
-   major_status = gss_import_name(&minor_status, &input_token,
+   major_status = gss_import_name(&minor_status, &token,
                                  GSS_C_NT_HOSTBASED_SERVICE,
                                  &server_name);
+   memset(&token, 0, sizeof(token));
    if (GSS_ERROR(major_status)) {
       log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                 "%s", get_gss_error(r->pool, major_status, minor_status,
@@ -1009,8 +1010,19 @@ get_gss_creds(request_rec *r,
       return HTTP_INTERNAL_SERVER_ERROR;
    }
 
-   /* XXX misto buf vypisovat jmeno vracene z display_name() */
-   log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "Acquiring creds for %s", buf);
+   major_status = gss_display_name(&minor_status, server_name, &token, NULL);
+   if (GSS_ERROR(major_status)) {
+      /* Perhaps we could just ignore this error but it's safer to give up now,
+         I think */
+      log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                "%s", get_gss_error(r->pool, major_status, minor_status,
+                                    "gss_display_name() failed"));
+      return HTTP_INTERNAL_SERVER_ERROR;
+   }
+
+   log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "Acquiring creds for %s",
+             token.value);
+   gss_release_buffer(&minor_status, &token);
    
    major_status = gss_acquire_cred(&minor_status, server_name, GSS_C_INDEFINITE,
                                   GSS_C_NO_OID_SET, GSS_C_ACCEPT,