From d86fa4493f65f267b5adbd17f489149ae1b747fb Mon Sep 17 00:00:00 2001 From: Margaret Wasserman Date: Wed, 18 Jun 2014 15:30:26 -0400 Subject: [PATCH] Refactor existing mod_auth_gssapi code to support addition of gssweb module. --- gss.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ mod_auth_gssapi.c | 56 ------------------------------------------------------ mod_auth_gssapi.h | 18 ++++++++++++++++++ 3 files changed, 75 insertions(+), 56 deletions(-) diff --git a/gss.c b/gss.c index 07d485d..bc84033 100644 --- a/gss.c +++ b/gss.c @@ -31,6 +31,63 @@ #include "mod_auth_gssapi.h" +void +gss_log(const char *file, int line, int level, int status, + const request_rec *r, const char *fmt, ...) +{ + char errstr[1024]; + va_list ap; + + va_start(ap, fmt); + vsnprintf(errstr, sizeof(errstr), fmt, ap); + va_end(ap); + + ap_log_rerror(file, line, level | APLOG_NOERRNO, status, r, "%s", errstr); +} + +apr_status_t +cleanup_conn_ctx(void *data) +{ + gss_conn_ctx ctx = (gss_conn_ctx) data; + OM_uint32 minor_status; + + if (ctx && ctx->context != GSS_C_NO_CONTEXT) + gss_delete_sec_context(&minor_status, &ctx->context, GSS_C_NO_BUFFER); + + return APR_SUCCESS; +} + +gss_conn_ctx +gss_get_conn_ctx(request_rec *r) +{ + char key[1024]; + gss_conn_ctx ctx = NULL; + + snprintf(key, sizeof(key), "mod_auth_gssapi:conn_ctx"); + apr_pool_userdata_get((void **)&ctx, key, r->connection->pool); + /* XXX LOG */ + if (ctx == NULL) { + ctx = (gss_conn_ctx) apr_palloc(r->connection->pool, sizeof(*ctx)); + if (ctx == NULL) + return NULL; + ctx->context = GSS_C_NO_CONTEXT; + ctx->state = GSS_CTX_EMPTY; + ctx->user = NULL; + apr_pool_userdata_set(ctx, key, cleanup_conn_ctx, r->connection->pool); + } + return ctx; +} + +void * +gss_config_dir_create(apr_pool_t *p, char *d) +{ + gss_auth_config *conf; + + conf = (gss_auth_config *) apr_pcalloc(p, sizeof(*conf)); + return conf; +} + + static const char * get_gss_error(request_rec *r, OM_uint32 err_maj, OM_uint32 err_min, char *prefix) { diff --git a/mod_auth_gssapi.c b/mod_auth_gssapi.c index 32c0f01..26a709b 100644 --- a/mod_auth_gssapi.c +++ b/mod_auth_gssapi.c @@ -48,29 +48,6 @@ static const command_rec gss_config_cmds[] = { { NULL } }; -static void * -gss_config_dir_create(apr_pool_t *p, char *d) -{ - gss_auth_config *conf; - - conf = (gss_auth_config *) apr_pcalloc(p, sizeof(*conf)); - return conf; -} - -void -gss_log(const char *file, int line, int level, int status, - const request_rec *r, const char *fmt, ...) -{ - char errstr[1024]; - va_list ap; - - va_start(ap, fmt); - vsnprintf(errstr, sizeof(errstr), fmt, ap); - va_end(ap); - - ap_log_rerror(file, line, level | APLOG_NOERRNO, status, r, "%s", errstr); -} - static void set_http_headers(request_rec *r, const gss_auth_config *conf, char *negotiate_ret_value) @@ -87,39 +64,6 @@ set_http_headers(request_rec *r, const gss_auth_config *conf, apr_table_add(r->err_headers_out, header_name, negoauth_param); } -static apr_status_t -cleanup_conn_ctx(void *data) -{ - gss_conn_ctx ctx = (gss_conn_ctx) data; - OM_uint32 minor_status; - - if (ctx && ctx->context != GSS_C_NO_CONTEXT) - gss_delete_sec_context(&minor_status, &ctx->context, GSS_C_NO_BUFFER); - - return APR_SUCCESS; -} - -static gss_conn_ctx -gss_get_conn_ctx(request_rec *r) -{ - char key[1024]; - gss_conn_ctx ctx = NULL; - - snprintf(key, sizeof(key), "mod_auth_gssapi:conn_ctx"); - apr_pool_userdata_get((void **)&ctx, key, r->connection->pool); - /* XXX LOG */ - if (ctx == NULL) { - ctx = (gss_conn_ctx) apr_palloc(r->connection->pool, sizeof(*ctx)); - if (ctx == NULL) - return NULL; - ctx->context = GSS_C_NO_CONTEXT; - ctx->state = GSS_CTX_EMPTY; - ctx->user = NULL; - apr_pool_userdata_set(ctx, key, cleanup_conn_ctx, r->connection->pool); - } - return ctx; -} - static int gss_authenticate_user(request_rec *r) { diff --git a/mod_auth_gssapi.h b/mod_auth_gssapi.h index 462afba..c3284eb 100644 --- a/mod_auth_gssapi.h +++ b/mod_auth_gssapi.h @@ -71,6 +71,24 @@ void gss_log(const char *file, int line, int level, int status, const request_rec *r, const char *fmt, ...); +apr_status_t +cleanup_conn_ctx(void *data); + +gss_conn_ctx +gss_get_conn_ctx(request_rec *r); + +void * +gss_config_dir_create(apr_pool_t *p, char *d); + +static const char * +get_gss_error(request_rec *r, OM_uint32 err_maj, OM_uint32 err_min, char *prefix); + +static int +get_gss_creds(request_rec *r, gss_auth_config *conf, gss_cred_id_t *server_creds); + +static int +cmp_gss_type(gss_buffer_t token, gss_OID oid); + int gss_authenticate(request_rec *r, gss_auth_config *conf, gss_conn_ctx ctx, const char *auth_line, char **negotiate_ret_value); -- 2.1.4