#ifndef APXS1
#include "ap_compat.h"
+#include "apr_strings.h"
#endif
#include "httpd.h"
#include "http_config.h"
#endif /* KRB4 */
#ifdef APXS1
-module kerb_auth_module;
+module auth_kerb_module;
#else
-module AP_MODULE_DECLARE_DATA kerb_auth_module;
+module AP_MODULE_DECLARE_DATA auth_kerb_module;
#endif
/***************************************************************************
#define MK_USER r->connection->user
#define MK_AUTH_TYPE r->connection->ap_auth_type
#define MK_ARRAY_HEADER array_header
-#define apr_status_t int
#else
#define MK_POOL apr_pool_t
#define MK_TABLE_GET apr_table_get
return rec;
}
+void log_rerror(const char *file, int line, int level, int status,
+ const request_rec *r, const char *fmt, ...)
+{
+ char errstr[1024];
+ va_list ap;
+
+ va_start(ap, fmt);
+ vsnprintf(errstr, sizeof(errstr), fmt, ap);
+ va_end(ap);
+
+#ifdef APXS1
+ ap_log_rerror(file, line, level, r, "%s", errstr);
+#else
+ ap_log_rerror(file, line, level, status, r, "%s", errstr);
+#endif
+}
+
#if 0
static const char *kerb_set_fail_slot(cmd_parms *cmd, void *struct_ptr,
const char *arg)
{
kerb_auth_config *conf =
(kerb_auth_config *)ap_get_module_config(r->per_dir_config,
- &kerb_auth_module);
+ &auth_kerb_module);
int ret;
int lifetime = DEFAULT_TKT_LIFE;
char *c, *tfname;
#endif
-static apr_status_t
+static int
krb5_cache_cleanup(void *data)
{
krb5_context context;
problem = krb5_init_context(&context);
if (problem) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, "krb5_init_context() failed");
+ /* ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, "krb5_init_context() failed"); */
return HTTP_INTERNAL_SERVER_ERROR;
}
problem = krb5_cc_resolve(context, cache_name, &cache);
if (problem) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
- "krb5_cc_resolve() failed (%s: %s)",
- cache_name, krb5_get_err_text(context, problem));
+ /* log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
+ "krb5_cc_resolve() failed (%s: %s)",
+ cache_name, krb5_get_err_text(context, problem)); */
return HTTP_INTERNAL_SERVER_ERROR;
}
problem = krb5_cc_resolve(kcontext, ccname, &tmp_ccache);
if (problem) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "Cannot create krb5 ccache: krb5_cc_resolve() failed: %s",
- krb5_get_err_text(kcontext, problem));
+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Cannot create krb5 ccache: krb5_cc_resolve() failed: %s",
+ krb5_get_err_text(kcontext, problem));
ret = HTTP_INTERNAL_SERVER_ERROR;
goto end;
}
problem = krb5_cc_initialize(kcontext, tmp_ccache, princ);
if (problem) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Cannot create krb5 ccache: krb5_cc_initialize() failed: %s",
krb5_get_err_text(kcontext, problem));
ret = HTTP_INTERNAL_SERVER_ERROR;
code = krb5_init_context(&kcontext);
if (code) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "Cannot initialize Kerberos5 context (%d)", code);
+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Cannot initialize Kerberos5 context (%d)", code);
return HTTP_INTERNAL_SERVER_ERROR;
}
/* do not allow user to override realm setting of server */
if (strchr(MK_USER, '@')) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "specifying realm in user name is prohibited");
+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "specifying realm in user name is prohibited");
ret = HTTP_UNAUTHORIZED;
goto end;
}
code = krb5_mcc_generate_new(kcontext, &ccache);
#endif
if (code) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "Cannot generate new ccache: %s",
- krb5_get_err_text(kcontext, code));
+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Cannot generate new ccache: %s",
+ krb5_get_err_text(kcontext, code));
ret = HTTP_INTERNAL_SERVER_ERROR;
goto end;
}
memset((char *)sent_pw, 0, strlen(sent_pw));
if (code) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "Verifying krb5 password failed: %s",
- krb5_get_err_text(kcontext, code));
+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Verifying krb5 password failed: %s",
+ krb5_get_err_text(kcontext, code));
ret = HTTP_UNAUTHORIZED;
goto end;
}
return (ap_pstrdup(p, buf));
}
-static apr_status_t
+static int
cleanup_gss_connection(void *data)
{
OM_uint32 minor_status;
problem = krb5_init_context(&context);
if (problem) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "Cannot initialize krb5 context");
+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Cannot initialize krb5 context");
return HTTP_INTERNAL_SERVER_ERROR;
}
problem = krb5_parse_name(context, princ_name, &princ);
if (problem) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Cannot parse delegated username (%s)", krb5_get_err_text(context, problem));
goto end;
}
problem = create_krb5_ccache(context, r, conf, princ, &ccache);
if (problem) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Cannot create krb5 ccache (%s)", krb5_get_err_text(context, problem));
goto end;
}
maj_stat = gss_krb5_copy_ccache(&min_stat, delegated_cred, ccache);
if (GSS_ERROR(maj_stat)) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Cannot store delegated credential (%s)",
get_gss_error(r->pool, min_stat, "gss_krb5_copy_ccache"));
goto end;
GSS_C_NT_USER_NAME : GSS_C_NT_HOSTBASED_SERVICE,
&server_name);
if (GSS_ERROR(major_status)) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "%s", get_gss_error(r->pool, minor_status,
- "gss_import_name() failed"));
+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "%s", get_gss_error(r->pool, minor_status,
+ "gss_import_name() failed"));
return HTTP_INTERNAL_SERVER_ERROR;
}
server_creds, NULL, NULL);
gss_release_name(&minor_status2, &server_name);
if (GSS_ERROR(major_status)) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "%s", get_gss_error(r->pool, minor_status,
- "gss_acquire_cred() failed"));
+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "%s", get_gss_error(r->pool, minor_status,
+ "gss_acquire_cred() failed"));
return HTTP_INTERNAL_SERVER_ERROR;
}
if (gss_connection == NULL) {
gss_connection = ap_pcalloc(r->connection->pool, sizeof(*gss_connection));
if (gss_connection == NULL) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "ap_pcalloc() failed (not enough memory)");
+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "ap_pcalloc() failed (not enough memory)");
ret = HTTP_INTERNAL_SERVER_ERROR;
goto end;
}
/* ap_getword() shifts parameter */
auth_param = ap_getword_white(r->pool, &auth_line);
if (auth_param == NULL) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "No Authorization parameter in request from client");
+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "No Authorization parameter in request from client");
ret = HTTP_UNAUTHORIZED;
goto end;
}
input_token.length = ap_base64decode_len(auth_param) + 1;
input_token.value = ap_pcalloc(r->connection->pool, input_token.length);
if (input_token.value == NULL) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "ap_pcalloc() failed (not enough memory)");
+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "ap_pcalloc() failed (not enough memory)");
ret = HTTP_INTERNAL_SERVER_ERROR;
goto end;
}
len = ap_base64encode_len(output_token.length) + 1;
token = ap_pcalloc(r->connection->pool, len + 1);
if (token == NULL) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "ap_pcalloc() failed (not enough memory)");
+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "ap_pcalloc() failed (not enough memory)");
ret = HTTP_INTERNAL_SERVER_ERROR;
gss_release_buffer(&minor_status2, &output_token);
goto end;
}
if (GSS_ERROR(major_status)) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "%s", get_gss_error(r->pool, minor_status,
- "gss_accept_sec_context() failed"));
+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "%s", get_gss_error(r->pool, minor_status,
+ "gss_accept_sec_context() failed"));
ret = HTTP_UNAUTHORIZED;
goto end;
}
major_status = gss_export_name(&minor_status, client_name, &output_token);
gss_release_name(&minor_status, &client_name);
if (GSS_ERROR(major_status)) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "%s", get_gss_error(r->pool, minor_status,
- "gss_export_name() failed"));
+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "%s", get_gss_error(r->pool, minor_status,
+ "gss_export_name() failed"));
ret = HTTP_INTERNAL_SERVER_ERROR;
goto end;
}
{
kerb_auth_config *conf =
(kerb_auth_config *) ap_get_module_config(r->per_dir_config,
- &kerb_auth_module);
+ &auth_kerb_module);
const char *auth_type = NULL;
const char *auth_line = NULL;
const char *type = NULL;
#ifdef KRB5
if (type != NULL && strcasecmp(type, "KerberosV5") == 0) {
- ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
+ log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
"The use of KerberosV5 in AuthType is obsolete, please consider using the AuthKerberos option");
conf->krb_auth_enable = 1;
}
#ifdef KRB4
if (type != NULL && strcasecmp(type, "KerberosV4") == 0) {
- ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
+ log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
"The use of KerberosV4 in AuthType is obsolete, please consider using the AuthKerberos option");
conf->krb_auth_enable = 1;
}
Module Setup/Configuration
***************************************************************************/
#ifdef APXS1
-module MODULE_VAR_EXPORT kerb_auth_module = {
+module MODULE_VAR_EXPORT auth_kerb_module = {
STANDARD_MODULE_STUFF,
NULL, /* module initializer */
kerb_dir_create_config, /* per-directory config creator */
ap_hook_check_user_id(kerb_authenticate_user, NULL, NULL, APR_HOOK_MIDDLE);
}
-module AP_MODULE_DECLARE_DATA kerb_auth_module =
+module AP_MODULE_DECLARE_DATA auth_kerb_module =
{
STANDARD20_MODULE_STUFF,
kerb_dir_create_config, /* create per-dir conf structures */