]>
Commit | Line | Data |
---|---|---|
ca02e0ec | 1 | /* |
4ac4a490 | 2 | * Copyright (C) 1996-2017 The Squid Software Foundation and contributors |
ca02e0ec AJ |
3 | * |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
4ebcf1ce MM |
9 | /* |
10 | * ----------------------------------------------------------------------------- | |
11 | * | |
12 | * Author: Markus Moeller (markus_moeller at compuserve.com) | |
13 | * | |
14 | * Copyright (C) 2013 Markus Moeller. All rights reserved. | |
15 | * | |
16 | * This program is free software; you can redistribute it and/or modify | |
17 | * it under the terms of the GNU General Public License as published by | |
18 | * the Free Software Foundation; either version 2 of the License, or | |
19 | * (at your option) any later version. | |
20 | * | |
21 | * This program is distributed in the hope that it will be useful, | |
22 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
23 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
24 | * GNU General Public License for more details. | |
25 | * | |
26 | * You should have received a copy of the GNU General Public License | |
27 | * along with this program; if not, write to the Free Software | |
28 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA. | |
29 | * | |
30 | * As a special exemption, M Moeller gives permission to link this program | |
31 | * with MIT, Heimdal or other GSS/Kerberos libraries, and distribute | |
32 | * the resulting executable, without including the source code for | |
33 | * the Libraries in the source distribution. | |
34 | * | |
35 | * ----------------------------------------------------------------------------- | |
36 | */ | |
37 | ||
074d6a40 AJ |
38 | #include <cstring> |
39 | #include <ctime> | |
4ebcf1ce MM |
40 | #if HAVE_NETDB_H |
41 | #include <netdb.h> | |
42 | #endif | |
43 | #if HAVE_UNISTD_H | |
44 | #include <unistd.h> | |
45 | #endif | |
4ebcf1ce | 46 | |
4ebcf1ce | 47 | #include "base64.h" |
602d9612 | 48 | #include "util.h" |
4ebcf1ce | 49 | |
75f3c557 MM |
50 | #if USE_APPLE_KRB5 |
51 | #define KERBEROS_APPLE_DEPRECATED(x) | |
52 | #define GSSKRB_APPLE_DEPRECATED(x) | |
53 | #endif | |
54 | ||
4ebcf1ce MM |
55 | #if HAVE_KRB5_H |
56 | #if HAVE_BROKEN_SOLARIS_KRB5_H | |
57 | #warn "Warning! You have a broken Solaris <krb5.h> system header" | |
58 | #warn "http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6837512" | |
59 | #if defined(__cplusplus) | |
60 | #define KRB5INT_BEGIN_DECLS extern "C" { | |
61 | #define KRB5INT_END_DECLS | |
62 | KRB5INT_BEGIN_DECLS | |
63 | #endif | |
64 | #endif /* HAVE_BROKEN_SOLARIS_KRB5_H */ | |
65 | #if HAVE_BROKEN_HEIMDAL_KRB5_H | |
66 | extern "C" { | |
67 | #include <krb5.h> | |
68 | } | |
69 | #else | |
70 | #include <krb5.h> | |
71 | #endif | |
72 | #endif /* HAVE_KRB5_H */ | |
73 | ||
1a22a39e MM |
74 | #if USE_HEIMDAL_KRB5 |
75 | #if HAVE_GSSAPI_GSSAPI_H | |
76 | #include <gssapi/gssapi.h> | |
77 | #elif HAVE_GSSAPI_H | |
78 | #include <gssapi.h> | |
79 | #endif | |
80 | #if HAVE_GSSAPI_GSSAPI_KRB5_H | |
81 | #include <gssapi/gssapi_krb5.h> | |
82 | #endif | |
83 | #elif USE_GNUGSS | |
84 | #if HAVE_GSS_H | |
85 | #include <gss.h> | |
86 | #endif | |
87 | #else | |
4ebcf1ce MM |
88 | #if HAVE_GSSAPI_GSSAPI_H |
89 | #include <gssapi/gssapi.h> | |
90 | #elif HAVE_GSSAPI_H | |
91 | #include <gssapi.h> | |
92 | #endif | |
4ebcf1ce MM |
93 | #if HAVE_GSSAPI_GSSAPI_KRB5_H |
94 | #include <gssapi/gssapi_krb5.h> | |
95 | #endif | |
96 | #if HAVE_GSSAPI_GSSAPI_GENERIC_H | |
97 | #include <gssapi/gssapi_generic.h> | |
98 | #endif | |
99 | #if HAVE_GSSAPI_GSSAPI_EXT_H | |
100 | #include <gssapi/gssapi_ext.h> | |
101 | #endif | |
4ebcf1ce MM |
102 | #endif |
103 | ||
104 | #ifndef gss_nt_service_name | |
105 | #define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE | |
106 | #endif | |
107 | ||
108 | #define PROGRAM "negotiate_kerberos_auth" | |
109 | ||
110 | #ifndef MAX_AUTHTOKEN_LEN | |
111 | #define MAX_AUTHTOKEN_LEN 65535 | |
112 | #endif | |
113 | #ifndef SQUID_KERB_AUTH_VERSION | |
2eb6054f | 114 | #define SQUID_KERB_AUTH_VERSION "3.1.0sq" |
4ebcf1ce MM |
115 | #endif |
116 | ||
117 | char *gethost_name(void); | |
118 | ||
4ebcf1ce MM |
119 | static const unsigned char ntlmProtocol[] = {'N', 'T', 'L', 'M', 'S', 'S', 'P', 0}; |
120 | ||
d779e711 | 121 | inline const char * |
4ebcf1ce MM |
122 | LogTime() |
123 | { | |
4ebcf1ce MM |
124 | struct timeval now; |
125 | static time_t last_t = 0; | |
126 | static char buf[128]; | |
127 | ||
128 | gettimeofday(&now, NULL); | |
129 | if (now.tv_sec != last_t) { | |
685277d8 | 130 | struct tm *tm; |
4ebcf1ce MM |
131 | tm = localtime((time_t *) & now.tv_sec); |
132 | strftime(buf, 127, "%Y/%m/%d %H:%M:%S", tm); | |
133 | last_t = now.tv_sec; | |
134 | } | |
135 | return buf; | |
136 | } | |
137 | ||
138 | int check_gss_err(OM_uint32 major_status, OM_uint32 minor_status, | |
139 | const char *function, int log, int sout); | |
140 | ||
141 | char *gethost_name(void); | |
142 | ||
1a22a39e | 143 | #if (HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT || HAVE_GSS_MAP_NAME_TO_ANY) && HAVE_KRB5_PAC |
4ebcf1ce MM |
144 | #define HAVE_PAC_SUPPORT 1 |
145 | #define MAX_PAC_GROUP_SIZE 200*60 | |
146 | typedef struct { | |
147 | uint16_t length; | |
148 | uint16_t maxlength; | |
149 | uint32_t pointer; | |
150 | } RPC_UNICODE_STRING; | |
151 | ||
4ebcf1ce MM |
152 | void align(int n); |
153 | void getustr(RPC_UNICODE_STRING *string); | |
154 | char **getgids(char **Rids, uint32_t GroupIds, uint32_t GroupCount); | |
155 | char *getdomaingids(char *ad_groups, uint32_t DomainLogonId, char **Rids, uint32_t GroupCount); | |
156 | char *getextrasids(char *ad_groups, uint32_t ExtraSids, uint32_t SidCount); | |
157 | uint64_t get6byt_be(void); | |
158 | uint32_t get4byt(void); | |
159 | uint16_t get2byt(void); | |
160 | uint8_t get1byt(void); | |
161 | char *xstrcpy( char *src, const char*dst); | |
162 | char *xstrcat( char *src, const char*dst); | |
163 | int checkustr(RPC_UNICODE_STRING *string); | |
164 | char *get_ad_groups(char *ad_groups, krb5_context context, krb5_pac pac); | |
165 | #else | |
166 | #define HAVE_PAC_SUPPORT 0 | |
167 | #endif | |
75f3c557 | 168 | int check_k5_err(krb5_context context, const char *msg, krb5_error_code code); |
5f4daa47 | 169 |