Added rest of options I expect to be using.

diff --git a/ChangeLog b/ChangeLog
index 1fbcd7c..78727e3 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2002-09-06  Daniel Henninger  <daniel@ncsu.edu>
+
+       * apache1/auth_cmds.c:
+       * apache1/auth_config.h:
+       * apache2/auth_cmds.c:
+       * apache2/auth_config.h:
+       Added all of the options I currently forsee supporting.
+
 2002-09-05  Daniel Henninger  <daniel@ncsu.edu>
 
        * apache1/module.c:

diff --git a/TODO b/TODO
index 9333f4e..1e18189 100644 (file)
--- a/TODO
+++ b/TODO
@@ -1,39 +1,44 @@
-- Save Creds/Tickets
+* Save Creds/Tickets
        Retrieve and store krbtgt and set env variable of file path.
 
 - Cleanup Daemon
        Maybe write some little cleanup daemon to clean up ticket files.
 
-- Set Path for Storage of Temp Files
+* Set Path for Storage of Temp Files
        Storage of ticket files, and maybe others at some point.
 
 - Verify Krb5 Ticket
        Currently www/hostname.
        Can I do this with Krb4?
+       Yes apparently!  See bug report from Ken Raeburn.
 
-- Ability to Set Realm in Config
+* Ability to Set Realm in Config
        Not compiled in anymore.
        Maybe some form of multiple realms specifiable?
 
-- Settable Location of Keytab/Srvtab
+* Settable Location of Keytab/Srvtab
        Again, in config instead of compiled in.
 
-- Lifetime Settable
+* Lifetime Settable
        Set lifetime of tickets in config.
 
-- Default Instance
+* Default Instance
        You can make it so that 'by default', a user's daniel/root or 
        daniel/www instance is auth'd against instead of just daniel.
 
+- Require Instance
+       We'll allow for a 'require instance ......'.
+
 - Any Instance
        Allow for specification of daniel/root or daniel/admin.
        If off, only checks against defaultinstance instance.
+       require user daniel/root daniel daniel/admin
 
 - Expire Reauth
        Set a lifetime on tickets, and after expiration, tries to -force-
        a reauth (brings up login/password window)
 
-- Forwardable/Renewable Tickets
+* Forwardable/Renewable Tickets
        Setting in config.
 
 - Browser Mutual Auth Support

diff --git a/apache1/auth_cmds.c b/apache1/auth_cmds.c
index 3649cb2..d2c00ab 100644 (file)
--- a/apache1/auth_cmds.c
+++ b/apache1/auth_cmds.c
@@ -50,6 +50,46 @@ command_rec kerb_auth_cmds[] = {
                "Permit Kerberos auth without AuthType requirement."
        },
 
+#ifdef KRB4
+       {
+               "Krb4Srvtab",
+               ap_set_file_slot,
+               (void*)XtOffsetOf(kerb_auth_config, krb_4_srvtab),
+               RSRC_CONF & ACCESS_CONF,
+               TAKE1,
+               "Location of Kerberos V4 srvtab file."
+       },
+#endif /* KRB4 */
+
+#ifdef KRB5
+       {
+               "Krb5Keytab",
+               ap_set_file_slot,
+               (void*)XtOffsetOf(kerb_auth_config, krb_5_keytab),
+               RSRC_CONF & ACCESS_CONF,
+               TAKE1,
+               "Location of Kerberos V5 keytab file."
+       },
+#endif /* KRB5 */
+
+       {
+               "KrbAuthoritative",
+               ap_set_flag_slot,
+               (void*)XtOffsetOf(kerb_auth_config, krb_authoritative),
+               OR_AUTHCFG,
+               FLAG,
+               "Refuse to pass request down to lower modules."
+       },
+
+       {
+               "KrbDefaultRealm",
+               ap_set_string_slot,
+               (void*)XtOffsetOf(kerb_auth_config, krb_default_realm),
+               OR_AUTHCFG,
+               TAKE1,
+               "Default realm to authenticate users against."
+       },
+
        {
                "KrbFailStatus",
                kerb_set_fail_slot,
@@ -60,12 +100,70 @@ command_rec kerb_auth_cmds[] = {
        },
 
        {
-               "KrbAuthoritative",
+               "KrbForceInstance",
+               ap_set_string_slot,
+               (void*)XtOffsetOf(kerb_auth_config, krb_force_instance),
+               OR_AUTHCFG,
+               TAKE1,
+               "Force authentication against an instance specified here."
+       },
+
+#ifdef KRB5
+       {
+               "KrbForwardable",
                ap_set_flag_slot,
-               (void*)XtOffsetOf(kerb_auth_config, krb_authoritative),
+               (void*)XtOffsetOf(kerb_auth_config, krb_forwardable),
                OR_AUTHCFG,
                FLAG,
-               "Refuse to pass request down to lower modules."
+               "Credentials retrieved will be flagged as forwardable."
+       },
+#endif /* KRB5 */
+
+       {
+               "KrbLifetime",
+               ap_set_string_slot,
+               (void*)XtOffsetOf(kerb_auth_config, krb_lifetime),
+               OR_AUTHCFG,
+               TAKE1,
+               "Lifetime of tickets retrieved."
+       },
+
+#ifdef KRB5
+       {
+               "KrbRenewable",
+               ap_set_string_slot,
+               (void*)XtOffsetOf(kerb_auth_config, krb_renewable),
+               OR_AUTHCFG,
+               TAKE1,
+               "Credentials retrieved will be renewable for this length."
+       },
+#endif /* KRB5 */
+
+       {
+               "KrbSaveCredentials",
+               ap_set_flag_slot,
+               (void*)XtOffsetOf(kerb_auth_config, krb_save_credentials),
+               OR_AUTHCFG,
+               FLAG,
+               "Save and store credentials/tickets retrieved during auth."
+       },
+
+       {
+               "KrbSaveTickets",
+               ap_set_flag_slot,
+               (void*)XtOffsetOf(kerb_auth_config, krb_save_credentials),
+               OR_AUTHCFG,
+               FLAG,
+               "Alias for KrbSaveCredentials."
+       },
+
+       {
+               "KrbTmpdir",
+               ap_set_string_slot,
+               (void*)XtOffsetOf(kerb_auth_config, krb_tmp_dir),
+               OR_AUTHCFG,
+               TAKE1,
+               "Path to store ticket files and such in."
        },
 
        { NULL }

diff --git a/apache1/auth_config.h b/apache1/auth_config.h
index 6c17007..9e0da47 100644 (file)
--- a/apache1/auth_config.h
+++ b/apache1/auth_config.h
@@ -1,5 +1,22 @@
 typedef struct {
        char *krb_auth_type;
-       int krb_fail_status;
+#ifdef KRB4
+       char *krb_4_srvtab;
+#endif /* KRB4 */
+#ifdef KRB5
+       char *krb_5_keytab;
+#endif /* KRB5 */
        int krb_authoritative;
+       char *krb_default_realm;
+       int krb_fail_status;
+       char *krb_force_instance;
+#ifdef KRB5
+       int krb_forwardable;
+#endif /* KRB5 */
+       char *krb_lifetime;
+#ifdef KRB5
+       char *krb_renewable;
+#endif /* KRB5 */
+       int krb_save_credentials;
+       char *krb_tmp_dir;
 } kerb_auth_config;

diff --git a/apache2/auth_cmds.c b/apache2/auth_cmds.c
index 7ad4c43..5b1d191 100644 (file)
--- a/apache2/auth_cmds.c
+++ b/apache2/auth_cmds.c
@@ -49,6 +49,42 @@ static const command_rec kerb_auth_cmds[] = {
                "Permit Kerberos auth without AuthType requirement."
        ),
 
+#ifdef KRB4
+       AP_INIT_TAKE1(
+               "Krb4Srvtab",
+               ap_set_file_slot,
+               (void*)APR_XtOffsetOf(kerb_auth_config, krb_4_srvtab),
+               RSRC_CONF & ACCESS_CONF,
+               "Location of Kerberos V4 srvtab file."
+       ),
+#endif /* KRB4 */
+
+#ifdef KRB5
+       AP_INIT_TAKE1(
+               "Krb5Keytab",
+               ap_set_file_slot,
+               (void*)APR_XtOffsetOf(kerb_auth_config, krb_5_keytab),
+               RSRC_CONF & ACCESS_CONF,
+               "Location of Kerberos V5 keytab file."
+       ),
+#endif /* KRB5 */
+
+       AP_INIT_FLAG(
+               "KrbAuthoritative",
+               ap_set_flag_slot,
+               (void*)APR_XtOffsetOf(kerb_auth_config, krb_authoritative),
+               OR_AUTHCFG,
+               "Refuse to pass request down to lower modules."
+       ),
+
+       AP_INIT_TAKE1(
+               "KrbDefaultRealm",
+               ap_set_string_slot,
+               (void*)APR_XtOffsetOf(kerb_auth_config, krb_default_realm),
+               OR_AUTHCFG,
+               "Default realm to authenticate users against."
+       ),
+
        AP_INIT_TAKE1(
                "KrbFailStatus",
                kerb_set_fail_slot,
@@ -57,12 +93,64 @@ static const command_rec kerb_auth_cmds[] = {
                "If auth fails, return status set here."
        ),
 
+       AP_INIT_TAKE1(
+               "KrbForceInstance",
+               ap_set_string_slot,
+               (void*)APR_XtOffsetOf(kerb_auth_config, krb_force_instance),
+               OR_AUTHCFG,
+               "Force authentication against an instance specified here."
+       ),
+
+#ifdef KRB5
        AP_INIT_FLAG(
-               "KrbAuthoritative",
+               "KrbForwardable",
                ap_set_flag_slot,
-               (void*)APR_XtOffsetOf(kerb_auth_config, krb_authoritative),
+               (void*)APR_XtOffsetOf(kerb_auth_config, krb_forwardable),
                OR_AUTHCFG,
-               "Refuse to pass request down to lower modules."
+               "Credentials retrieved will be flagged as forwardable."
+       ),
+#endif /* KRB5 */
+
+       AP_INIT_TAKE1(
+               "KrbLifetime",
+               ap_set_string_slot,
+               (void*)APR_XtOffsetOf(kerb_auth_config, krb_lifetime),
+               OR_AUTHCFG,
+               "Lifetime of tickets retrieved."
+       ),
+
+#ifdef KRB5
+       AP_INIT_TAKE1(
+               "KrbRenewable",
+               ap_set_string_slot,
+               (void*)APR_XtOffsetOf(kerb_auth_config, krb_renewable),
+               OR_AUTHCFG,
+               "Credentials retrieved will be renewable for this length."
+       ),
+#endif /* KRB5 */
+
+       AP_INIT_FLAG(
+               "KrbSaveCredentials",
+               ap_set_flag_slot,
+               (void*)APR_XtOffsetOf(kerb_auth_config, krb_save_credentials),
+               OR_AUTHCFG,
+               "Save and store credentials/tickets retrieved during auth."
+       ),
+
+       AP_INIT_FLAG(
+               "KrbSaveTickets",
+               ap_set_flag_slot,
+               (void*)APR_XtOffsetOf(kerb_auth_config, krb_save_credentials),
+               OR_AUTHCFG,
+               "Alias for KrbSaveCredentials."
+       ),
+
+       AP_INIT_TAKE1(
+               "KrbTmpdir",
+               ap_set_string_slot,
+               (void*)APR_XtOffsetOf(kerb_auth_config, krb_tmp_dir),
+               OR_AUTHCFG,
+               "Path to store ticket files and such in."
        ),
 
        { NULL }

diff --git a/apache2/auth_config.h b/apache2/auth_config.h
index 6c17007..9e0da47 100644 (file)
--- a/apache2/auth_config.h
+++ b/apache2/auth_config.h
@@ -1,5 +1,22 @@
 typedef struct {
        char *krb_auth_type;
-       int krb_fail_status;
+#ifdef KRB4
+       char *krb_4_srvtab;
+#endif /* KRB4 */
+#ifdef KRB5
+       char *krb_5_keytab;
+#endif /* KRB5 */
        int krb_authoritative;
+       char *krb_default_realm;
+       int krb_fail_status;
+       char *krb_force_instance;
+#ifdef KRB5
+       int krb_forwardable;
+#endif /* KRB5 */
+       char *krb_lifetime;
+#ifdef KRB5
+       char *krb_renewable;
+#endif /* KRB5 */
+       int krb_save_credentials;
+       char *krb_tmp_dir;
 } kerb_auth_config;